Blocking Google Earth

Joris Dobbelsteen joris.dobbelsteen at mail.com
Sat Aug 13 21:44:26 CEST 2005


Other solutions might include:

* Request the user not to use the application.
* Install a HTTP proxy server that catches all port 80 traffic. Squid might be a good candidate. Here you can easily make a policy to deny access to the kh.google.com servers (it was I believe).

An advantage of a proxy is increased response times for your users (and also a little decrease in bandwidth requirements). My experience with 3 users behind it was that response times decreased and bandwidth requirements did not change (noticably). With 600+ users that situation will change significantly.
Some proxies can also limit the priority of some traffic, e.g. for kh.google.com. Unfortunally google.com doesn't allow caching of google earth traffic (sigh), I forced it on my proxy. Yeah, I know, it increases the administrative workload...

Of course, I guess you use a decent machine for routing for 600+ users.

- Joris Dobbelsteen

>-----Original Message-----
>From: netfilter-bounces at lists.netfilter.org 
>[mailto:netfilter-bounces at lists.netfilter.org] On Behalf Of 
>Thilo Schulz
>Sent: zaterdag, 13 augustus 2005 17:11
>To: netfilter at lists.netfilter.org
>Subject: Re: Blocking Google Earth
>
>On Saturday 13 August 2005 16:14, Leonardo Rodrigues Magalhães wrote:
>>     I really dont think it's easy to limit bandwidth usage ONLY for 
>> Earth Google without making bad experiencies on doing 
>searchs on Google.
>> No matter if searches are low-bandwidth. If you get some QoS 
>and band 
>> limitation on google IPs, be sure that your google earth users will 
>> use ALL the available bandwidth, thus making google earth as well as 
>> google serching probably extremely slow.
>
>He only had that problem with one single user. Likewise, he 
>can restrict bandwidth to google only for that one single user 
>too. Like I already said, your proxy method can be easily 
>circumvented using something like an SSL proxy after your 
>proxy, whereas QoS can selectively keep a user from unfairly 
>exceeding certain bandwidth. This will not only solve problems 
>with the http protocol, but also problems with the user using 
>too much bandwidth in general.
>
>--
>Thilo Schulz
>



More information about the netfilter mailing list