Monthly Archives: September 2012

How to block hotspot shield in network?

Hotspot Shield is a free vpn service for you to access blocked websites. With hotspot shield, you can bypass internet filter on your network.

So, to implement internet access policies in business networks, it is required to block hotspot shield traffic.

This tutorial will guide you to block hotspot shield with WFilter.

Add hotspot shield protocol

Because “hotspot shield” is not a default protocol of WFilter, you need to define it manually in “Customize Protocols”.

As in the above figure, add a new protocol named “HotSpot” in “Customize Protocols”. Three patterns are required:

UDP send pattern 1: “^\x88[\x00-\xff]{8}(\x00){5}$”

UDP send pattern 2: “^\x28[\x00-\xff]{9}(\x00){4}”

TCP send pattern: “\x00\x0e\x88[\x00-\xff]{8}(\x00){5}$”

Enable blocking of “hotspot shield”

Now, by enabling “Block hotspot” in blocking level settings, hotspot will be blocked.

Please notice:

Hotspot can be completely blocked when your WFilter is deployed in “pass-through” mode. However, in “pass-by” mode, for complete blocking of hotspot, you also need to block udp ports 900-65534 in your router or firewall. check: How to block certain UDP ports in router/firewall?

How to manage several WFilter servers from a central location?

When you need to manage several offices internet access, it will be helpful if you can do the management in a central location.

This tutorial will guide you to manage several WFilter servers within a same user interface.

1. Edit WFilter servers

Step1: In WFilter’s dashboard, click “Edit” to define remote servers.

Step2: add servers.

Please notice:

  1. Remote server’s admin password is required.
  2. The remote WFilter server shall be configured as “Allow Remote Access” in “System Settings”->”Remote Access Control”.
  3. If you’re connecting the remote server from internet, you need to forward tcp port 9090 to the WFilter server in the remote network router.
  4. If the remote network don’t have a fixed internet ip address, you also can access the remote server by dynamic domain name.

2. Switch WFilter servers in the dashboard.

Now you can switch WFilter servers in the dashboard. All the data will be retrieved from remote servers. So you can manage different WFilter servers in a central location.