17

I have searched about this topic on Google but mostly I got the result how to unblock website blocked by ISPs. So, I have a website that is being blocked from viewing by audiences and when I go to my domain www.mydomain.com, it will redirect all users to www.mydomain.com/blocked.aspx and there is a message appear that 'this site is blocked as it violates the national laws.' If I change my DNS to google DNS, the site can be viewed normally.

I'm using WordPress to host this website, and my question is, how can the ISPs redirect other people into another directory such as /blocked.aspx? I think this file is running on Microsoft IIS Server instead of Apache Server.

I hope I can get the technical understanding about this.

Canadian Luke
  • 885
  • 14
  • 41
MaXi32
  • 367
  • 2
  • 11
  • 6
    Really? Why the downvote without reason? This is not an assignment question and I'm not rush to get the answer. I thought it was about a DNS modification by ISP but I don't understand the technical part about it. And probably DNS thing is related to the Server and I'm in the correct forum I think. – MaXi32 Jan 27 '16 at 14:20
  • 10
    Because on a site for professional admins it is NEARLY as asking a in a pro cooking forum how to turn on an oven. Trivial. Still, given that this is a rarely "used" abuse of DNS, it is a valid question - so no down vote from me. – TomTom Jan 27 '16 at 14:28
  • 2
    Note that your ISP can also observe your internet activity. So if what you're doing is illegal, a simply changing the DNS might not be a good idea. – CodesInChaos Jan 27 '16 at 16:32
  • 10
    @TomTom, Fundamental questions are not a bad thing for a site for professionals. – user1717828 Jan 27 '16 at 16:55
  • Anyhow, if the goal of your ISP is to block web server for home subscription, they will only block it for their own customers. You should feel happy they didnt block it on their networking backbone. (but I guess the traffic will be throttled way down). Like other told, it's playing with fire for you. – yagmoth555 Jan 27 '16 at 19:17

6 Answers6

24

As you already said:

If I change my DNS to google DNS, the site can be viewed normally.

So it has something to do with DNS. Your ISP provides his own DNS-Servers and he has a list of blocked domains. When you now query the IP-address of a blocked domain your ISP will not respond with the correct ip-address but with a ip-address of his own servers (or FBI or whatever) which will then host only the "blocked"-site.

tkausl
  • 341
  • 1
  • 4
  • 3
    Yes. As trivial as it is. DNS is hierarchical and every DNS server can "override" the fallback to the "correct" dns servers. And redirect you do another host. Which is why HTTPS is important with a trusted root - because it makes sure someone vouched you are connected to the CORRECT server. – TomTom Jan 27 '16 at 14:29
  • Interesting. So, websites like Torrentz.eu are blocked in Portugal. That means that I can just change the DNS on my router and that solves it? No need for Tor? – Ismael Miguel Jan 27 '16 at 16:16
  • Thats correct, unless your ISP redirects traffic to specific IP-addresses like chinas firewall does (I guess). – tkausl Jan 27 '16 at 16:18
  • 5
    @IsmaelMiguel That depends on how the block works. If it is a simple DNS based block changing the DNS server circumvents the block. If it's IP address based or even deep-packet-inspection based, you'll need Tor or some kind of VPN. – CodesInChaos Jan 27 '16 at 16:29
  • 1
    And an ISP could redirect DNS traffic to its own servers instead of the ones you chose if they wanted. Tons of different filtering methods, tons of workarounds. – jcaron Jan 27 '16 at 22:46
  • @IsmaelMiguel It depends. your ISP may be inspecting the packets containing the DNS requests and reacting to that rather than relying on a pure DNS solution. – user9517 Jan 28 '16 at 08:09
  • @jcaron unless you use [dnssec](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) to authenticate the data – ratchet freak Jan 28 '16 at 09:10
  • @CodesInChaos and Iain, It seems that the ISP inspects the packets, since I can't access to `https://thepiratebay.se/`, redirecting me to `http://mobilegen.vodafone.pt/denied/dn`. I will try the network at home, since I'm at work with a 4G router. – Ismael Miguel Jan 28 '16 at 11:09
9

Lets' say that you have the website http://example.org. When you use your ISP's DNS servers it would resolve that domain to an IP address

Since the ISP doesn't want you to see the website, they will let their DNS servers give you a different IP. On that IP address, they can host the page that shows you the warning message.

The ISP does not alter your website in any way, they only direct users to their own webservers.

Thorchy
  • 1,421
  • 13
  • 15
  • 1
    What about the addition of /blocked.aspx, how did they preserve the domain name and add an extra /blocked.aspx at the end? I understand what you are saying here. But the extra directory /blocked.aspx with the domain name is still preserved makes me confusing. – MaXi32 Jan 27 '16 at 14:26
  • 8
    @MaXi32 Come on, this is trivial. The server they redirect to is issuing a HTTP redirect response when he gets a request for another folder/file. Then your browser refreshed and shows "/blocked.aspx". – TomTom Jan 27 '16 at 14:30
  • I want to add +1 about the HTTP redirect response. I have no permission. – MaXi32 Jan 27 '16 at 14:31
6

You asked:

how can the ISPs redirect other people into another directory

Strictly speaking, they're not. They're redirecting people to another server. This has to do with how DNS works. Other answers have covered this broadly, so I'll go into a little more detail:

When someone goes to http://www.example.com/, the browser first makes a DNS request to find the IP address for www.example.com. This usually goes to a DNS server run by their ISP. ServerFault has more details on DNS requests in another question.

The DNS server responds to the request with an IP address. In the case of a website block like you described, the server responds with some other server -- perhaps a government-run server -- which redirects all requests to /blocked.aspx.

Google's DNS isn't blocking your domain in this way, so you're getting your server's IP address instead of the government-block webserver.

Community
  • 1
Brian
  • 230
  • 1
  • 11
5

From what I've read on other answers, it feels like you're asking specifically how your ISP is managing to add "blocked.aspx" to the end of your domain. If that's the case, let's look at a case study:

You have a web server running on http://mysite.mine/, which a public, completely trustworthy DNS resolves to public IP 10.0.0.1. You can browse to http://mysite.mine/index.aspx or /about.aspx or whatever because you're hosting it on your server. In reality, it ACTUALLY resolves to http://10.0.0.1/about.aspx because that's what DNS does - It resolves domain names to IP addresses.

Your ISP has decided that your website needs to be blocked for whatever reason, so they redirect DNS requests asking for http://mysite.mine/ to public IP 192.168.0.1, a webserver hosted by your ISP. So any attempt to access http://mysite.mine/ would actually redirect to http://192.168.0.1/. Once they've got that in place, it's a simple matter to configure their web server to redirect any attempt at accessing that weberver with blocked.aspx. Your browser shows http://mysite.mine/blocked.aspx, but in actuality you're accessing http://192.168.0.1/block.aspx.

As far as your browser is concerned, it's displaying http://mysite.mine/, because that's what the DNS server is telling it, so your browser won't change the domain in the case of a redirect to the same IP address. This is why you see a blocked.aspx at the end of the domain - Because it isn't your webserver.

Connor Bell
  • 136
  • 1
  • 7
  • 2
    Thank you for explaining this technical part of 'how things are done'. Reading answers from others plus yours, I got the full view how they blocked my website. – MaXi32 Jan 28 '16 at 17:57
3

ISPs usually run their own DNS servers, which their customers use by default (usually because the customers neglect to change this). This allows the ISP to re-direct traffic to any domain name to a different server, simply by returning a false IP address for that domain name. Among other flaws, this allows the ISP to re-direct "blocked" websites to their own server, which will host only the "blocked.aspx" page (or whatever page the ISP uses).

Micheal Johnson
  • 151
  • 5
0

You need to talk to you ISP to determine why they are doing what they are doing. Open a ticket with a complaint about this. Most likely they employ an IPS device and the signatures detect you are trying to do something they intentionally do not allow for legal reasons or it could be a bug in the device. You won't know which unless you pursue the answer from them. Previous answers seem to merely speculate/conjecture on the reasons.

user334242
  • 1
  • 6
    The question was "how" not "why" –  Jan 27 '16 at 18:28
  • I don't have to contact them as I have given the reason in my question that my site was blocked as it violates the national laws (the government asked the ISP to block it). – MaXi32 Jan 28 '16 at 18:06