Marc Ruef <marc.ruef@computec.ch> writes: > I found a little weakness in SonicWall: I turn on the blocking > mechanism for websites (e.g. www.google.com). Now I can't reach the > website using the domainname. But if I choose the IP address of the > host (e.g. http://216.239.53.101/), I can contact the forbidden > website. This should probably be documented better. This feature relies only on the HTTP/1.0+ Host field, nothing else (like the connection's destination). It's mainly useful when you want to block one virtual hosts, not a whole machine potentially hosting thousands of them. If you want to block a whole machine, go with the firewall rules. You lose the stylish blocking page, though... > It would make sense if you can do an internal nslookup. Probably. But this interface isn't for people blocking more than a handful of domains, anyway. For a small number it's still viable to enter both names & numbers. -- Robbe
