[27664] in bugtraq
Re: Bypassing website filter in SonicWall
daemon@ATHENA.MIT.EDU (Robert Bihlmeyer)
Thu Oct 31 17:44:45 2002
From: Robert Bihlmeyer <robbe@orcus.priv.at>
To: Marc Ruef <marc.ruef@computec.ch>
Message-Id: <20021030131227.62142B811@baal>
Date: Wed, 30 Oct 2002 14:12:27 +0100 (CET)
Marc Ruef <marc.ruef@computec.ch> writes:
> I found a little weakness in SonicWall: I turn on the blocking
> mechanism for websites (e.g. www.google.com). Now I can't reach the
> website using the domainname. But if I choose the IP address of the
> host (e.g. http://216.239.53.101/), I can contact the forbidden
> website.
This should probably be documented better. This feature relies only on
the HTTP/1.0+ Host field, nothing else (like the connection's
destination). It's mainly useful when you want to block one virtual
hosts, not a whole machine potentially hosting thousands of them.
If you want to block a whole machine, go with the firewall rules. You
lose the stylish blocking page, though...
> It would make sense if you can do an internal nslookup.
Probably. But this interface isn't for people blocking more than a
handful of domains, anyway. For a small number it's still viable to
enter both names & numbers.
--
Robbe
