The sorts of implementations I’m aware of use the looked up IP at a network level to redirect traffic through a transparent proxy and then use standard techniques like looking at the SNI and certificate common name/SAN to check the domain without MITM and allow through any unaffected traffic while attempting to block the listed URL. If you remember there was a high profile case a few years back where Wikipedia was accidently blocked by some ISPs due to their implementations.
Obviously one casualty with things moving to encrypted SNI, DoH and TLS1.3 etc, is the premise of such basic non-MITM filtering in any environment (educational or byod for example, where you might have a need to provide basic filtering on a network where you don’t own the devices/can’t install certs). Cheers, Robin From: uknof <[email protected]> On Behalf Of Aled Morris Sent: 03 June 2020 16:06 To: uknof <[email protected]> Subject: [uknof] IWF URL blocking Hi all, Are we (the ISP community) still using the IWF URL blacklist? I would have thought with all the web being HTTPS now, very few of the blacklist would be served from port 80 unencrypted so there's little opportunity to inspect the HTTP headers. Or are we faking certificates and doing MITM "attacks" on the hosts of know bad URLs? Be interested to know what the consensus is as the CEO seems to have just found out that there are bad things on the net, read about the IWF blacklist and is keen that "something must be done". Aled ________________________________ The Networking People (TNP) Limited. Registered office: Network House, Caton Rd, Lancaster, LA1 3PE. Registered in England & Wales with company number: 07667393 This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
