Solved

Mirror site for blocked site using Amazon

Posted on 2014-03-16
9
436 Views
Last Modified: 2014-03-20
Hi

China's firewall have blocked some international websites, I wish to create a mirror site of these sites so that my friend in China can access.

Greatfire.org has managed to create a mirror site for Reuters China.

The website is at https://s3.amazonaws.com/cn.reuters/index.html

Anyone know what method did they used to create the website?

Full report at :
https://en.greatfire.org/blog/2013/nov/look-ma-i-can-see-through-great-firewall
0
Comment
Question by:Shirley80
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
9 Comments
 
LVL 27

Accepted Solution

by:
skullnobrains earned 450 total points
ID: 39932486
no idea how they did, but you can simply proxy the site

in apache this would require to setup a site with something like
ProxyPass /site1 http://name.of.site/

note that the GFC will probably have some kind of analysis that will detect keywords in the page and still block them. also note that when the GFC detects it is circumvented, you usually end up in trouble

---

you can also setup a regular tcp proxy/forwarder, and possibly allow connections over SSL
use stunnel if you want SSL, and a basic NAT redirection (with source nat as well if you don't need)

---

you can also setup various other ways to circumvent

if it is for a single or a few friends, setting up an SSH server and instructing them too use the -D option which enables a socks proxy will let them browse the web from a remote location

it'd recommend the latter, and the use of client certificates. the GFC performs man-in-the middle attacks and real-time decoding of some of the SSL traffic. mim attacks on ssh are also a possibility, so be careful.

you can then encapsulate your SSH connection using something like tcp over dns or tcp over http (install httptunnel, htc on the client hts on the server) for much better security and less risk that the GFC will just block the connection without bothering to decode it
0
 
LVL 43

Assisted Solution

by:Rob
Rob earned 50 total points
ID: 39933280
Skullnobrains,
You'd be able to comment on this more than I, but would VPN also work? I've heard that's how anyone in China (and Korea) get past the GFC...
And easier to use as a client
Rob
0
 
LVL 27

Expert Comment

by:skullnobrains
ID: 39933883
i probably don't know more than you do, but let's comment anyway ;)

i guess VPNs would work pretty much the same.

but then a VPN is more obviously used to circumvent the GFC so it probably will attract more attention (just my guessing, there)

i strongly disagree with the fact a VPN is easier to setup, and i'm unsure about setting up a VPN over something like httptunnel

there are also many tor-like networks that may or may not work. as far as i know tor does not or rather only for a few minutes

anyway, one specificity of the GFC is that it changes and is quickly adapted. another is that whatever may work in some locations will not in others (actually i'm pretty sure that you can't setup a VPN in some regions of china, and it is very likely the same would apply to ssh and most of the above mentioned)

maybe a distributed array of httptunnels would be a great bet as long as it is distributed on both sides ? but for now, i guess whatever works and is not too obvious is fine. there are implementations of tcp over about anything (smtp xmpp...). TCP over pigeon is probably the most efficient in order to bypass the GFC (by far) but it is not very suitable for everyday use
0
MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

 
LVL 43

Expert Comment

by:Rob
ID: 39933975
Thanks for the details skullnobrains.

i strongly disagree with the fact a VPN is easier to setup
Server yes definitely, client I've never had much issue running a PPTP just using the Wizard (under windows)

The other reason I've mentioned it is I've travelled in both China and Korea that are firewalled and have been able to use my VPN, albeit at a very slow rate.  Given it's encrypted it's an all or nothing appraoch when it comes to blocking it.  Given everyday international businesses that work out of China have no issue with it , you would think that it woudl work in this case.

As for over a secure http tunnel i couldn't comment
0
 
LVL 27

Expert Comment

by:skullnobrains
ID: 39936571
Given it's encrypted it's an all or nothing appraoch when it comes to blocking it.  

not quite. decoding SSL on the fly is clearly feasible with hardware acceleration cards and man-in-the middle approaches, IPSEC is not that much more secure and possibly intentionally breached. as a general rule, breaching encrypted connections is resource-consuming but seldom impossible. certs exchange beforehand obviously makes it much more difficult since they render man in the middle approaches inoperant or much more complicated.

block and don't bother decode is apparently the approach the GFC has towards TOR (but they do read the certs information to identify tor-related operations)

i was pretty sure that in some parts of china (places with none to little commercial activity with foreign countries), there is no way you would make a VPN connection outborders, even now. i'm interested into places you may have been and confirm it was doable

it is said that slowing things down in order to make them unusable is part of their strategy and meant so people won't complain stuff is blocked ; it is also fairly possible that things are slowed down so the corresponding flow (or part of the corresponding flows) can be analysed

... like always, difficult to know.


As for over a secure http tunnel i couldn't comment

i was not suggesting an encrypted http tunnel. rather an encrypted ssh session over a non-encrypted http tunnel (consisting of many http queries transferring a few bytes each), ideally distributed over a great number of hosts on both sides
0
 
LVL 43

Expert Comment

by:Rob
ID: 39936581
Great stuff skullnobrains :)  My travels have only been in the major cities when I've been on VPN; Beijing, Shanghai and Hong Kong.  I was surprised that even HK is affected by the GFC.

I'll leave this one in your capable hands.
0
 
LVL 27

Expert Comment

by:skullnobrains
ID: 39936686
@rob : thanks for the info.

don't leave it to me : i have no more info than you have, and it is likely that the vpn is the most generic simple working solution around

anyway, we're drifting far from the "mirror site" requirement

@shirley80 : anything usable so far ?
0
 
LVL 43

Expert Comment

by:Rob
ID: 39938195
:) I'll still jump in when need be.  Certainly time for a comment from @shirley80.
0
 

Author Closing Comment

by:Shirley80
ID: 39944560
Thanks for the great discussion.
I noob with these stuffs, I will pass this info to my friends and let them decide.
Appreciate all your time!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, the web development industry is booming, and many people consider it to be their vocation. The question you may be asking yourself is – how do I become a web developer?
Dramatic changes are revolutionizing how we build and use technology. Every company is automating, digitizing, and modernizing operations. We need a better, more connected way to work together as teams so we can harness the insights from our system…
This tutorial walks through the best practices in adding a local business to Google Maps including how to properly search for duplicates, marker placement, and inputing business details. Login to your Google Account, then search for "Google Mapmaker…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question