Bloqueo de pagina web por ISP o Gobierno y como evitar ese bloqueo

cdn
firewall
nameserver

#1

Hola a todos. Estoy haciendo una investigación y esto es un tema que salió a relucir en una reunión con varias personas del area de cyberseguridad

Contextualizo para exponer el caso

El punto esta en que nos gustaria saber si existe una solución para una pagina web (www.mipaginaweb.com) que fue bloqueada por un ISP o Gobierno a sus habitantes (Venezuela), y que deseamos que independientemente de ese bloqueo los usuarios de ese pais puedan acceder a ella (sin que estos usuarios hagan nada en su maquinas, es decir, que no cambien DNS, que no instalen un proxy o VPN etc), como si el bloqueo no existiese para ellos…

Cloudflare en algunos de sus productos posee una solución que se ajuste un poco a esto?

Gracias a todos por la respuesta que me puedan dar y la orientación necesaria (en que caso de que sea viable)
Un saludo


#2

Hola Jose Daniel,

I’m afraid the only Cloudflare product that could perhaps help in your situation is 1.1.1.1, which does require users to configure their computer (or tablet or smartphone) once. Please see: https://1.1.1.1/es-ES/.

Since censorship by ISP or government is normally done at the ISP level, it blocks websites before the browser has a chance to reach Cloudflare servers. With 1.1.1.1, the ISP won’t know which website the user is trying to reach.

Saludos desde Brasil!


#3

Hola Floripare

Thank you for replying the topic. So basically it means that by changing (users in their machines) DNS values and setting up 1.1.1.1 then ISP or Government should not be able to know what the users are doing while they are surfing the internet. If so, It sounds great as the speedload of the page increases as per report of 1.1.1.1

Saludos de Venezuela


#4

Note that it depends on how they are blocking the websites.

If you could run in a command prompt or terminal:

nslookup mipaginaweb.com
nslookup mipaginaweb.com 1.1.1.1

and copy and paste the output to a forum post here.


They might filter based on “TLS SNI” instead of poisoning DNS, doing the above will help identity which one they perform.


#5

Hi Judge, I understand. My idea with cloudflare is to know if its possible to find a solution that help us keep running up a website without “worries” about of a censorship that a government can implement (blocking the website) with their policies.

The best scenario would be if the clients dont touch anything to modify anything
The second best one looks like to be the 1.1.1.1 as its a little change

Regarding to the output. An example of that is the following output

C:\Users>nslookup dolartoday.com 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1

Non-authoritative answer:
DNS request timed out.
    timeout was 2 seconds.
Name:    dolartoday.com
Addresses:  104.25.9.13
          104.25.8.13


C:\Users>nslookup dolartoday.com
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  172.16.119.9

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out

Regards =)