Blocking Google Earth
joris.dobbelsteen at mail.com
Sat Aug 13 21:44:26 CEST 2005
Other solutions might include:
* Request the user not to use the application.
* Install a HTTP proxy server that catches all port 80 traffic. Squid might be a good candidate. Here you can easily make a policy to deny access to the kh.google.com servers (it was I believe).
An advantage of a proxy is increased response times for your users (and also a little decrease in bandwidth requirements). My experience with 3 users behind it was that response times decreased and bandwidth requirements did not change (noticably). With 600+ users that situation will change significantly.
Some proxies can also limit the priority of some traffic, e.g. for kh.google.com. Unfortunally google.com doesn't allow caching of google earth traffic (sigh), I forced it on my proxy. Yeah, I know, it increases the administrative workload...
Of course, I guess you use a decent machine for routing for 600+ users.
- Joris Dobbelsteen
>From: netfilter-bounces at lists.netfilter.org
>[mailto:netfilter-bounces at lists.netfilter.org] On Behalf Of
>Sent: zaterdag, 13 augustus 2005 17:11
>To: netfilter at lists.netfilter.org
>Subject: Re: Blocking Google Earth
>On Saturday 13 August 2005 16:14, Leonardo Rodrigues Magalhães wrote:
>> I really dont think it's easy to limit bandwidth usage ONLY for
>> Earth Google without making bad experiencies on doing
>searchs on Google.
>> No matter if searches are low-bandwidth. If you get some QoS
>> limitation on google IPs, be sure that your google earth users will
>> use ALL the available bandwidth, thus making google earth as well as
>> google serching probably extremely slow.
>He only had that problem with one single user. Likewise, he
>can restrict bandwidth to google only for that one single user
>too. Like I already said, your proxy method can be easily
>circumvented using something like an SSL proxy after your
>proxy, whereas QoS can selectively keep a user from unfairly
>exceeding certain bandwidth. This will not only solve problems
>with the http protocol, but also problems with the user using
>too much bandwidth in general.
More information about the netfilter