Wait! We Have a Special Deal!

Get CactusVPN for $2.7/mo!

Save 72% Now
30-Day Money-Back Guarantee

ISP Blocking Websites? Here’s What to Do

Got a feeling you’re dealing with an ISP blocking websites?

Don’t doubt your gut instinct. It happens pretty often – both in places with oppressive regimes and in democratic countries.

We’ll tell you everything you need to know about ISPs blocking websites in this guide – how they do it, how to tell if they’re doing it, and how to remove ISP blocking.

Can ISPs Block Websites?

Yes, they actually can. If anyone tells you they can’t, they don’t know how Internet connections work.

Here’s the thing – when you visit a website, your connection goes through your ISP. It has to, otherwise you wouldn’t have web access.

So instead of this:

Your Device → Website

Your connection looks like this:

Your Device → ISP Network → Website

Because of that, they can easily decide which websites you’re allowed to communicate with and which ones you can’t visit.

ISP Blocking Websites vs. Geo-Blocks

Don’t get the two confused. If you visit a website, and you get a message telling you the content isn’t available in your area, that’s geo-blocking, not ISP blocking websites.

Here’s an example of how such a message looks like:

To learn how to bypass geo-blocks, go to our complete guide detailing what they are, how they work, and how to get around them.

How ISPs Block Websites

As far as we can tell, ISPs can use three methods:

1. Firewalls

Firewalls allow ISPs (and other network admins) to control how traffic flows over their network. Basically, your ISP establishes inbound and outbound traffic rules, and the firewall enforces them.

If such a rule says nobody on their network can connect to Facebook, all outbound/inbound connections to/from that site are automatically blocked by the firewall.

And like we showed you at the start, all your connections go through your ISP’s network. So you have to play by their rules.

Plus, firewalls work on an IP basis too. And your ISP is the one who assigns you your IP address. So when you use it to visit the web, the firewall traffic rules automatically apply to you.

2. DNS Filtering

When you type a website’s name in your browser’s URL bar and hit enter, this is what happens in the background:

  • The browser asks your ISP for the site’s IP address.
  • The ISP uses their DNS server (which acts like an Internet “phonebook) to find the IP address corresponding to the website’s name.
  • The ISP returns the site’s IP address, and your browser connects to it.

If there were no ISP DNS server, you’d have to type in the website’s IP address in the URL bar. Which is just extremely inconvenient, let’s be honest.

But, unfortunately, that also gives your ISP control over your DNS queries. If they want to block a site, they just configure their DNS server to return an invalid IP address.

For example, let’s say they want to block Facebook. Instead of returning Facebook’s IP address (185.60.218.35), your ISP’s DNS server would return an IP address that doesn’t work or leads to a blank page or landing page that tells you why you can’t access the site.

Alternatively, they could just tell the DNS server to ignore all requests that ask for Facebook’s IP address.

3. DPI (Deep Packet Inspection)

DPI is a network analysis method that allows ISPs to analyze your data packets. They could use software like Wireshark which means they’d see something like this when looking at your traffic:

Wireshark Network Traffic

We’re not saying they’re 100% using Wireshark. We’re just using it as an example to show you how DPI might work and how your network traffic might look like on your ISP’s end.

With DPI, your ISP would be able to see:

  • Your unencrypted DNS queries (what websites you want to connect to).
  • The HTTPS SNI (Server Name Indication), which shows them the name of the site you want to access. So even if you’re using HTTPS sites which encrypt your traffic, your ISP can still see what sites and web pages you visit.

With that information, they can then use DNS filtering and firewalls to block the sites you’re trying to access.

How to Check If ISP Is Blocking Websites

For starters, if you see messages like these ones when connecting to a site:

  • No Sources
  • Failed Playback
  • Check Your Internet Connection
  • Directory Unavailable

There’s a chance you’re dealing with ISP censorship. It’s not a guarantee, though, so here’s what else you can do to check if your ISP is blocking sites:

  • Use mobile data instead of your network. If your mobile plan is from a different provider, and you’re able to access the sites you want, your ISP is blocking sites.
  • Try using this online tool – Down for Everyone or Just Me. Alternatively, try googling “[site name] + status.”
  • If you have friends or family who are abroad or use a different ISP, ask them to verify if the site you’re trying to connect to works.
  • If none of those tips are valid options for you, you’ll have to leave your home, go to the nearest place that offers public WiFi (which doesn’t belong to your ISP), connect to their network, and see if the site works or not. If it does, your ISP is definitely blocking websites.

Why Is My ISP Blocking a Website?

It’s hard to say. There could be any number of reasons. In our opinion, this is why ISPs might block websites:

  • They use security systems that consider the websites malicious. Or they themselves think certain domains are bad news.
  • The government forces them to do that. This is usually the case in countries with oppressive regimes like China and Turkmenistan.
  • The country’s laws contribute to ISPs blocking sites. For example, pornographic, gambling, or torrenting sites might be illegal.
  • They have a problem with the site you and other users are browsing. We haven’t found any instances of this actually happening, though. In those situations, they’d throttle your bandwidth instead.

If none of that applies to your situations, you could always call and ask them.

How to Remove ISP Blocking

Okay, so now you know that your ISP blocking websites is a possibility. And you know how they might do it.

But what can you do to bypass their blocking methods?

Here’s what our research and tests show:

Basic Fixes

We’ll start with these tips because they’re pretty simple, and you don’t need to do much to try them out. And unlike the other things we’ll discuss, these tips don’t include third-party services you need to buy and/or install.

So, let’s get started:

  • First, try accessing the site with its IP address instead of its URL. If your ISP uses DNS filtering or only blocked the URL, you should be able to unblock the site. To find a site’s IP address, just use the ping command (“ping [site name]”) in the Command Prompt (Windows)  or Terminal (macOS).
  • If you have unlimited mobile data and you’re okay with browsing blocked sites on your phone, use that if it works. If your smartphone is good enough, you might even be able to create a hotspot and connect your devices to it. Don’t expect very fast speeds, though.
  • Change your DNS address to avoid DNS filtering. Try these ones:

If those tips don’t work, move on to our other recommendations.

Use a VPN

VPNs are online tools that hide your IP address and encrypt your traffic. The “hide your IP address” will be of interest to you in this case. That’s the feature that lets you circumvent ISPs blocking websites.

Here’s how:

  1. First, you subscribe to a VPN service, then download and install its app.
  2. Then, you connect to a VPN server. Any server would do in this case.
  3. Next, the server and app will negotiate and establish an encrypted connection between them.
  4. From then on, when you visit a site, all your requests will go to it through the VPN server. Similarly, all the site’s content will come to your device through the server. It’s basically a middleman between you and the web.
  5. Because of that, your ISP’s firewall will no longer be able to regulate your web access. All your web surfing is done through the server’s IP address. And that address doesn’t have any firewall restrictions linked to it.

What’s more, VPNs will normally have their own DNS servers too. So besides bypassing firewalls, you can also get around DNS filtering.

Oh, and DPI and bandwidth throttling won’t be a problem anymore since VPNs encrypt your traffic end-to-end. So your ISP can’t see what sites and web pages you browse.

Unblock Any Sites You Want with CactusVPN

If you need a really good VPN, check out our service. We have tons of experience with helping people get around ISP censorship and throttling. Plus, we also offer support for DoH (DNS Over HTTPS). With it, you can encrypt your DNS queries to avoid any form of DNS filtering.

Special Deal! Get CactusVPN for $2.7/mo!

And once you do become a CactusVPN customer, we’ll still have your back with a 30-day money-back guarantee.

Save 72% Now

Use a Proxy

A proxy server works just like a VPN – it intercepts and forwards your requests to websites, hiding your IP address in the process.

However, proxies don’t offer strong encryption like VPNs. So you’re susceptible to DPI. Also, they usually don’t include DNS servers, so DNS filtering will be a problem too.

On the plus side, weak encryption means you’ll get better speeds than with a VPN – as long as you don’t use a free online proxy, that is. Those services get overcrowded fast and use bandwidth caps, so slow speeds are the norm.

Instead of paying for a standalone proxy, consider just getting a CactusVPN subscription. For that price, you don’t just get a VPN, but also servers that double as proxies (at no extra cost).

Use Tor

Tor (The Onion Router) is an online tool that also hides your IP address and encrypts your traffic. But it does it a bit differently than a VPN or proxy.

Basically, with Tor, your traffic bounces around different servers (usually three) before reaching the site you want to visit. Tor hides your IP address that way, helping you circumvent ISP blocking websites.

What’s more, Tor also encrypts your traffic multiple times. So you get more layers of security.

However, Tor does have some drawbacks that don’t exactly make it the most secure privacy tool out there. 

Besides shady backing and some IP leaks, there’s also the speed issue: they’re too slow, to be exact. There are only around 6,000 servers, and a little over two million users. So yeah, not looking good.

Can ISPs Ban Unblocking Tools?

You might have seen articles and heard people saying they can’t.

Well, we hate to be the bearers of bad news, but they definitely can do that. They need to actively check for their usage, of course, but it’s a possibility.

Normally, they’d use DPI to detect VPN traffic (particularly OpenVPN), and just block the IP address you’re connecting to. We’re not 100% sure if DPI works for Tor traffic, but there are other services that can single it out (like Plixer or CapLoader).

They can also use DPI to see if you’re using third-party DNS servers, and then just drop your connections to them. 

As for proxies, most of them have weak or no encryption. So your ISP can easily analyze your data packets to see what sites you’re visiting.

And besides all that, ISPs could just work with companies that provide information about IP addresses (like MaxMind and IP2Location). They have databases full of VPN and proxy IP addresses (maybe Tor too, but those are public anyway), and can also offer access to scripts that automatically block them.

What Can You Do?

If your ISP blocks proxy, VPN, and Tor IP addresses, the easiest way around that is to connect to a different server. You’ll get a new IP address that way.

Of course, if they keep blocking all the IPs you connect to until there are no servers left, you’re unfortunately out of luck.

If they drop your DNS queries, try switching to a different third-party DNS provider. Though, it won’t be hard for them to realize what you did, and drop those queries too. The best thing you can do is enable DoH to encrypt your DNS queries. Here’s how to do it on most browsers. And if you’re a CactusVPN user, check out our DoH step-by-step tutorials.

Also, only use VPNs that offer obfuscation. That way, you can hide your OpenVPN traffic from DPI detection. With CactusVPN, you can use obfsproxy on multiple platforms to do that. You can also use other protocols, but they use dedicated ports which give them away. So your ISP will know you’re using a VPN.

Did You Ever Have to Deal with an ISP Blocking Websites?

If yes, what did you do to circumvent the block? Also, did you find out why they were blocking those sites to begin with?

Go ahead and tell us your story in the comments. And if you really liked this article, don’t forget to share it with your friends or on social media.

Cloud vector created by stories – www.freepik.com

Posted on in Privacy
By
Tim has been writing content and copy for a living for over 4 years, and has been covering VPN, Internet privacy, and cybersecurity topics for more than 2 years. He enjoys staying up-to-date with the latest in Internet privacy news, and helping people find new ways to secure their online rights.

Special Deal!

Get CactusVPN for $2.7/mo!

Save 72% Now