Literally the Fastest GFW Workaround Theoretically Possible
This workaround has been floating around for a while but I didn’t take too much notice until Ryan, The Humanaught, mentioned that there seemed to be no lag when visiting a website using it. The reason there seems to be no lag is because there is no lag – it is a direct connection to the server. For the WordPress.com workaround, for example, the script directs one’s web browser to the IP address 72.232.101.41. That’s not the IP address of a proxy server as I had previously thought, that is one of WordPress.com’s IP addresses. Fermi Zhang notes on his blog that this workaround works because the GFW actually only blocks one IP address for domains that it blocks. By choosing a different IP address from the one that is blocked virtually any site can be connected to directly from within China as long as the domain name for the site has at least one IP address resolving to it that isn’t blocked, ie., more than one IP address.
I can confirm that this workaround works for Mac users too. Just follow the same directions as for Windows users, but make sure to change file:///C:/proxy.pac to the path that the pac file is saved to on your system. For instance, if you have the pac file saved to your desktop the path would be file:///Users/kevin/Desktop/proxy.pac, changing “kevin” to whatever your username is.
The reason this workaround works on Macs (and Linux) as well as Windows is because a pac file is a special kind of file that web browsers such as Firefox know how to read regardless of the operating system the browser is running on.
Tags GFW, GFW Workaround, Censorship, Internet Censorship, China
March 31, 2007 at 6:21 pm
Because communications using this method are not encrypted it is still possible to trip the GFW’s keyword filter. For example, the article Internet censorship in the People’s Republic of China loaded partially for me via this method, but then died. When I tried reloading the page it died completely. A reminder that this method should only be used for non-sensitve material. Anything sensitive passing through China’s main gateway servers should still be done over an encrypted connection, like the type of connection provided by the Tor network, or even more ideally through a connection that is encrypted end-to-end, as is the case when the protocol is https.
March 31, 2007 at 9:09 pm
did you find the unblocked ip address of Wikipedia?
March 31, 2007 at 9:17 pm
Yes, I found it on Ryan’s Lost Laowai blog. Tomorrow I may compile a larger list of unblocked IPs for other sites that have been blocked too, like Xanga.
April 1, 2007 at 10:50 am
By using the pac file in your system-wide preferences you can also gain system-wide benefits from it. For example, every browser you use will go through it by default. Also, and even more useful, the Blogspot and other blocked feeds in your news reader should also now be able to update. I can confirm this for Blogspot, though the one LiveJournal feed I subscribe to is still not updating. Anyone else able to confirm these results?
To set this as a system-wide preference in Mac OS X go to System Preferences > Network > Network Status > double click on your preferred connection – the one with a green dot next to it > Proxies > Select a proxy server to configure: Automatic Proxy Configuration > Proxy Configuration File: file://localhost/Users/kevin/Desktop/proxy.pac, or whatever the path to the file is as mentioned above, but with “file://localhost” at the beginning this time.
In Windows … well, it’s the same idea. I’d tell you exactly, but my wife is using her Dell right now in a limited user account and I am unable to access the exact connection properties (no on-the-fly authentication in XP) to let you know without switching to an admin account. See what I have to say here about permissions in Windows if you are at all interested.
April 1, 2007 at 11:28 am
Well, I finally got it working, but it took Ryan (the Humanaught) prodding me in comments to get it done. It’s a sweet fix indeed, though I’m glad I have tor as a backup.
Have you noticed that PK Blogs doesn’t seem to be working these days?
April 1, 2007 at 11:36 am
Hey Chris,
Because I’ve always ran Tor I never even bothered with the PK Blogs workaround. I will really have to give it a look too now though, because it never hurts to have a few more tools in the chest. Thanks also for letting me know that it’s not working these days.
June 23, 2007 at 12:16 pm
I was very excited about this fix when I heard about it, but I’m haven’t had any success getting it to work. Are these IP addresses all being blocked now by the firewall too? Tried to go straight to the source, but I can’t access Fermi’s blog either.
Mac user here, I used the following the fix as it appears on Ryan’s Lost Laowai blog, saved it, went back and edited the extension, left the file on my desktop and followed the rest of the directions you listed above. Am I missing something?
I’ve attempted to access wordpress, blogspot, livejournal (although that IP address isn’t correct?). Not wikipedia since it’s been unblocked recently.
June 23, 2007 at 1:00 pm
Hi Thalia,
You can find the PAC file, gfw-hack.pac, I am currently successfully
using on my Mac in the Documents folder in the Box.net widget on the
front page of this blog.
I have this PAC file set up to work system-wide, and it works for me
for both WordPress.com and Blogspot, though not LiveJournal. To get
this working go to System Preferences > Network > Double-click on your
current network connection (ie., ethernet, airport, etc.) > Proxies.
You’ll see a “Configure Proxies:” menu and to the right it will either
read “Using a PAC file” or “Manually.” Choose “Using a PAC file” if it
is not already selected. Next click on “Choose File…” and then
navigate to wherever you saved gfw-hack.pac. Once you’ve done this you
should be able to directly browse to WordPress.com and Blogspot blogs.
Note that this will work around the GFW’s IP address blocking, but
will not work around any keyword filtering, so if you are trying to
access blogs written in Chinese with a lot of sensitive words you will
probably still see a timeout trying to access them. Blogs like mine
though seem to be working just fine.
June 23, 2007 at 2:37 pm
Thanks for the quick response. Any chance of getting the download url for that box.net document? Since I haven’t managed to get this fix to work yet I’m still using an internet proxy (iphide & anonymouse) to view your site. As a result the box.net widget isn’t appearing on your front page. Sorry to trouble you so much!
June 23, 2007 at 2:44 pm
http://www.box.net/shared/sfiptfl35s
June 23, 2007 at 4:35 pm
Thank you thank you thank you!
I asked another one of my techie Mac friends to give me some help. Using your gfw-hack.pac file in the network preferences he was able to access the sites through Safari. But it wasn’t working with Firefox. (I had not thought to try safari)
I went back and adjusted my Preferences in Firefox in addition to changing my System settings and now everything works! Thanks again!
June 24, 2007 at 1:52 pm
You’re welcome. I’m glad to hear it’s working.
July 22, 2007 at 5:29 pm
[...] anyway? It is, however, possible to make this work for other browsers like Safari, refer to The Weifang Radish blog+comment for [...]
October 17, 2007 at 3:10 pm
is there any chance of getting this to work with youtube now that it’s been blocked?
February 25, 2008 at 2:38 am
[...] is as mentioned above, but with “file://localhost” at the beginning this time.” –The Weifang Radish blog+comment addthis_url = ‘http%3A%2F%2Fwww.thechonx.com%2F2007%2F07%2F22%2Ffirewall%2F’; addthis_title = [...]
May 29, 2008 at 8:52 am
I’ve found this method to work wonderfully but I’m wondering if the GFW, which is essentially one big intranet, will be configured to blog IP addresses instead of *.wordpress.com. Obviously this method would block access completely to the sites intended but still would be accessible via VPNs… until those too were blocked.
May 29, 2008 at 7:53 pm
The GFW is blocking wordpress.com via IP, not domain name. This hack works because they are (or were, anyway, when this post was written) only blocking one of two IP addresses resolving to *.wordpress.com