There is a considerable amount of censorship in Iran, covering both the internet and other means of communication.In the past, many Iranians were using proxy servers like (HTTP, HTTPS, SOCKS5) to bypass online censorship. However, in recent years, the authoritarian government upgrading their methods and techniques and add Deep Packet Inspection (DPI) as new technology to block more effectively.

In this blog post, we'd summarize how a page might be blocked by a government or even by corporations and what techniques are used to filter / censor websites and internet protocols.

Blocking IP addresses: The government blocks access to certain IP addresses (a number that identifies a computer) by adding them to its blacklist. When someone tries to access a website with a blocked IP address, the request will be denied and the user will be redirected to a warning page saying that the page is banned and access to the website is not possible.

For instance, most of the time internet service providers, or more specifically government firewalls tend to limit the IP address of webpages, which it could belong to Twitter or Facebook. In this case, firewalls prohibit the IPs associated with those pages, and It's not obvious how long IPs would be banned. It seems that firewalls always resolving those IPs and block them before User can get reach them. circumventing option for this type of blocking would be using VPNs like OpenVPN or Anyconnect, or IPSec sometimes shadowsocks works but not always.

The target of this type of censorship: Social media, VPN server, MTProto transports Proxy, Tor Pluggable Transports, and shadowsocks servers.

DNS spoofing:

DNS queries for some sites respond with a fake local IP address, for example, a DNS server based on the local network which in Iran is (, acts as a black hole and all webpages that are banned will be redirected to this page. for example, When you type in a URL, such as, the computer needs to know where to go. The computer goes to a server called a DNS server and asks it for the IP address associated with The DNS server responds by giving the IP address of Facebook's server, which is then used to connect to Facebook. The Government can block access to certain prohibited sites by manipulating connections based on the HTTP Host header and redirect it to their DNS server. This means that they can prevent you from going to a certain site by telling your computer that the site is something else, The authoritarian government block access to certain prohibited sites by manipulating connections based on the HTTP Host header.

HTTP host and keyword filtering:

The Firewall block the access to certain prohibited sites by manipulating connections based on the HTTP Host header.Access to URLs containing specific keywords is also blocked. The list of prohibited keywords originally contained tems which is been using in search on restricted pages.This method won't work in https webpages.

Connection throttling: The purposeful slowing down of the internet connection to control access to a certain protocol or webpage is bandwidth throttling. In addition to these techniques, Iran has been observed to deploy connection throttling, particularly during times of political and economic unrest. This has sometimes taken the form of connection speeds to specific users and sometimes complete throttling of all traffic or certain protocols, including HTTPS, SSH and VPN tunnels.Bandwidth throttling is very common in Iran.

Deep Packet Inspection

Deep Packet Inspection is a firewall that can read the contents of packets. It can tell what the packets are and where they are from. It can then decide what to do with them. For example, if it sees a packet from a social network, it can send it to a filter that will keep it censored from getting to the user.

DPI can examine the contents of the data packets and not just the header. This means that DPI can be used to detect and block certain websites, applications, or protocols. The authoritarian governments have used DPI to block certain websites, applications, or protocols. It does this by reassembling the data packets as they go through the firewall. It then examines each packet and blocks any that it thinks contains forbidden content.