Blocking Google Earth

Joris Dobbelsteen joris.dobbelsteen at
Sat Aug 13 21:44:26 CEST 2005

Other solutions might include:

* Request the user not to use the application.
* Install a HTTP proxy server that catches all port 80 traffic. Squid might be a good candidate. Here you can easily make a policy to deny access to the servers (it was I believe).

An advantage of a proxy is increased response times for your users (and also a little decrease in bandwidth requirements). My experience with 3 users behind it was that response times decreased and bandwidth requirements did not change (noticably). With 600+ users that situation will change significantly.
Some proxies can also limit the priority of some traffic, e.g. for Unfortunally doesn't allow caching of google earth traffic (sigh), I forced it on my proxy. Yeah, I know, it increases the administrative workload...

Of course, I guess you use a decent machine for routing for 600+ users.

- Joris Dobbelsteen

>-----Original Message-----
>From: netfilter-bounces at 
>[mailto:netfilter-bounces at] On Behalf Of 
>Thilo Schulz
>Sent: zaterdag, 13 augustus 2005 17:11
>To: netfilter at
>Subject: Re: Blocking Google Earth
>On Saturday 13 August 2005 16:14, Leonardo Rodrigues Magalhães wrote:
>>     I really dont think it's easy to limit bandwidth usage ONLY for 
>> Earth Google without making bad experiencies on doing 
>searchs on Google.
>> No matter if searches are low-bandwidth. If you get some QoS 
>and band 
>> limitation on google IPs, be sure that your google earth users will 
>> use ALL the available bandwidth, thus making google earth as well as 
>> google serching probably extremely slow.
>He only had that problem with one single user. Likewise, he 
>can restrict bandwidth to google only for that one single user 
>too. Like I already said, your proxy method can be easily 
>circumvented using something like an SSL proxy after your 
>proxy, whereas QoS can selectively keep a user from unfairly 
>exceeding certain bandwidth. This will not only solve problems 
>with the http protocol, but also problems with the user using 
>too much bandwidth in general.
>Thilo Schulz

More information about the netfilter mailing list