Using Akamai to bypass Internet censorship

Bennett Haselton, bennett@peacefire.org
8/21/2000

How to do it
Warning -- when not to use it
FAQ -- What to do if it doesn't work, and other questions

How to do it

  1. Start by writing down an akamaitech.net URL like
         http://a1.g.akamaitech.net/6/6/6/6/
  2. Take the URL of the site you want to access, e.g. http://www.yahoo.com/, drop the "http://" at the beginning, and add the rest to the end of the akamaitech.net URL:
         http://a1.g.akamaitech.net/6/6/6/6/www.yahoo.com/
    (Don't forget the "/" on the end, or the trick won't work.)
  3. Load the URL into your browser. You should be able to view the contents of the page -- in this case, the contents of http://www.yahoo.com/.

If the trick doesn't work for accessing http://www.yahoo.com/, try starting with a different akamaitech.net URL in Step 1. By going to Alta Vista and searching for "akamaitech.net", you can find tens of thousands of matches; on most of those pages you'll find an akamaitech.net URL like
     http://a1140.g.akamaitech.net/7/1140/950/d4879251d193d2/www.netaid.org/images/diamondrev.gif
That URL means "load the image http://www.netaid.org/images/diamondrev.gif by going through akamaitech.net". From that URL, it's easy to construct a URL that can be used to access a site like "http://www.yahoo.com" by going through akamaitech.net:
     http://a1140.g.akamaitech.net/7/1140/950/d4879251d193d2/www.yahoo.com/
If the technique works for accessing http://www.yahoo.com/ but it doesn't work for accessing the URL that you're trying to get to, see the FAQ below for other possible explanations.

Warning -- when not to use it

You should not use this technique if any attempt to access a blocked site triggers a "warning" that is reported to the administrator of your blocking software. For example, even if you access      
http://a1140.g.akamaitech.net/7/1140/950/d4879251d193d2/www.yahoo.com/
to avoid connecting to http://www.yahoo.com/ directly, your browser might still try to contact http://www.yahoo.com/ as a result of any of the following: You can turn off automatic loading of images and JavaScript files (and, in Netscape, style sheets), but you can't turn off automatic loading of frames or automatic redirects. Since these features are fairly common on the Web, you should never assume that using the Akamai method won't possibly leave a trail of "Access Denied" messages. Of course, this is still safe if nobody ever actually reviews a log of where you've been.

FAQ -- What to do if it doesn't work, and other questions

Q: I got a Web page with the error message: "An error has occurred. Please help us to solve the problem by clicking the button below." What happened?

A: There are several reasons that this could happen:

  1. If you are trying to access a page like "http://www.yahoo.com/", did you remember to include the "/" on the end when typing in the URL on akamaitech.net? The following URL will give that error message:
         
    http://a1.g.akamaitech.net/6/6/6/6/www.yahoo.com
    but if you add the "/" on the end, it will work:
         http://a1.g.akamaitech.net/6/6/6/6/www.yahoo.com/

  2. If you're using Netscape, did you get redirected to a URL with a ".js" or a ".css" on the end? This happens at, for example,
         
    http://a1.g.akamaitech.net/6/6/6/6/www.cnn.com/
    -- you get redirected to http://a1.g.akamaitech.net/virtual/2000/code/main.js, which gives the akamaitech.net error page. What happens is that the http://www.cnn.com/ page contains a JavaScript <SCRIPT> tag that points to /virtual/2000/code/main.js; when you go to http://a1.g.akamaitech.net/6/6/6/6/www.cnn.com/, your browser thinks the .js file is located at http://a1.g.akamaitech.net/virtual/2000/code/main.js, which doesn't exist. A similar problem occurs if a Web page uses a <LINK> tag to load a .css file -- the browser might get confused and try to load the file from the wrong location on akamaitech.net. When Netscape tries to load a .js or a .css file that doesn't exist, it takes you to the URL for the non-existent .js or .css file.
    To avoid this problem, if you have Internet Explorer, you could try accessing the page using IE instead. (When Internet Explorer tries to load a .js or .css file that doesn't exist, it just fails silently and displays the rest of the page, instead of showing you the error about the missing .js or .css file.) Otherwise, if a .js file is giving the error, turn off JavaScript in Netscape by going to Edit->Preferences->Advanced and un-checking "Enable JavaScript". If a .css file is giving the error, turn off cascading style sheets by going to Edit->Preferences->Advanced and un-checking "Enable style sheets".
  3. Are you seeing several frames on the page with the error message displayed in each frame? The page you are trying to load might contain frames which load pages that are located on the banned site. For example, http://www.wired.com/ uses frames. If this happens, (1) pick "Save As" to save the page as a local HTML file, (2) edit the page using Notepad and change each frame so that instead of pointing to, for example, "/news/nc_index.html", the frame points to http://a1.g.akamaitech.net/6/6/6/6/www.wired.com/news/nc_index.html, (3) open the HTML file in Netscape.

  4. The Web server you are trying to access might be not responding or giving "Connection refused" errors -- this will cause the error message on the akamaitech.net page. Or, if the site is giving "host not found" errors, you will also see the akamaitech.net error page. For example, http://a1.g.akamaitech.net/6/6/6/6/www.346236345233.com/ gives the error page since http://www.346236345233.com/ does not exist.

  5. The page that you originally accessed, may have contained code that redirected you to a new location, and your Web browser could get confused thinking that the new page is located on the akamaitech.net Web server. For example, suppose you want to access the site http://love.aol.com/. The URL you would access would be
         http://a1.g.akamaitech.net/6/6/6/6/love.aol.com/
    Normally, when you load http://love.aol.com/ in your browser, the server sends back a message redirecting you to the location /cgi-bin/redirect.pl? . The browser connects this with the URL http://love.aol.com/ to form the URL
          http://love.aol.com/cgi-bin/redirect.pl?
    However, when you load the URL
         http://a1.g.akamaitech.net/6/6/6/6/love.aol.com/
    your browser thinks you are at the http://a1.g.akamaitech.net/ site. So when the server sends back the message redirecting you to /cgi-bin/redirect.pl?, the browser connects this with
    http://a1.g.akamaitech.net/ and sends you to the location
         http://a1.g.akamaitech.net/cgi-bin/redirect.pl?
    which gives you the akamaitech.net error message.

    To avoid this problem, if you try to access a site like http://love.aol.com/ and you see the browser redirect you to a page like http://a1.g.akamaitech.net/cgi-bin/redirect.pl?, then you can figure out that the love.aol.com server was trying to direct you to the location http://love.aol.com/cgi-bin/redirect.pl? Take that URL instead, and add it to the end of the "magic" akamaitech.net URL, to form: http://a1.g.akamaitech.net/6/6/6/6/love.aol.com/cgi-bin/redirect.pl?

Q: I used the akamaitech.net URL and the page is still blocked by the blocking software. What happened?

A: There are several reasons this could happen:

  1. Some site names like www.playboy.com are considered so "dangerous" that blocking software programs will block them if they appear anywhere in a URL. For example, Bess blocks the URL http://www.cnn.com/www.playboy.com/ even though the page doesn't even exist -- so http://a1.g.akamaitech.net/6/6/6/6/www.playboy.com/ is blocked as well. You can sometimes cheat by finding out that the IP address of www.playboy.com is 206.251.29.10 (by opening a DOS prompt and typing "ping www.playboy.com"), and accessing http://a1.g.akamaitech.net/6/6/6/6/206.251.29.10/, which Bess doesn't block.
    However, Bess's block on the string "playboy.com" appears to be a special case that they've made for just that one site. Other sites like http://a1.g.akamaitech.net/6/6/6/6/www.hustler.com/ are not currently blocked, even though the content on Hustler.com is much racier than Playboy! Blocking the string "playboy.com" appears to be an attempt by Bess to fool people into thinking that certain techniques for getting around their software don't work (since they assume that the first URL everybody will always try is www.playboy.com), rather than an effort to actually make their product more secure.

  2. If you're using Netscape, did you get redirected to a URL with a .css or .js at the end, before you got the blocked-page message? In this case, the explanation is almost exactly the same as the corresponding explanation above, and the solution is the same (use IE, or turn off JavaScript and/or style sheets).

  3. If you're at a frames page, the explanation is the same as the corresponding explanation above, and the solution is the same (save the page as a local HTML file and edit it).

  4. You might have gotten redirected to a new page; for example, if your blocking software blocks both http://www.infoseek.com/ and http://www.go.com/, then accessing http://a1.g.akamaitech.net/6/6/6/6/www.infoseek.com/ will take you to the InfoSeek page, but from there you get redirected to http://www.go.com/, which will be blocked. Just re-enter the new URL at the end of the "magic" akamaitech.net URL:
    http://a1.g.akamaitech.net/6/6/6/6/www.go.com/

  5. If the page is blocked automatically because of it's content, then it will still be blocked even if you access it through akamai. This includes pages that are blocked because of (1) banned keywords in the title of the page, (2) banned keywords in the main body of the page, or (3) a PICS rating on the page. Also, if the page is automatically blocked because of a word like "sex" in the URL, then that word still still be in the URL even after you've re-written it to be accessed through akamaitech.net, so the blocking software will still block it.

Q: I can see the page, but some images on the page are broken. What happened?

A: This is similar to the explanation above of why the browser gets confused about the location of .css files, .js files, or frames. If the IMG tags on the page are written in such a way that the browser gets confused and thinks the images are located on the akamaitech.net server, then the images can't be loaded. If being able to load images is essential, then the explanation above of how to load frames will also work for images (the steps require you to save the page to a local HTML file and edit it).

Q: The page is displaying strangely. I've seen the same page before and I know it's not supposed to look like this. What happened?

A: This can happen for any of the following reasons:

  1. If you disabled JavaScript or style sheets in Netscape (to stop getting the error message described above for .js and .css pages), then the page may display differently without these features. In Internet Explorer, you may see pages display differently if IE can't find a .js or .css file that is referenced on the page.

Q: Won't the blocking software companies just start blocking akamaitech.net?

A: Probably, but this will still cause headaches for the companies, for two reasons:

  1. Most Web sites that use akamaitech.net use it to serve advertisements, and a large number of advertisers will probably be unhappy if a major blocking software program is blocking their banner ads.
  2. Users might get annoyed at the constant error messages whenever an image from akamaitech.net is blocked. Some programs will block images "silently" -- so that if you're viewing a page that loads an image located on akamaitech.net, for example, then the image simply don't display and the user won't see any error message. But other programs like SurfWatch will flash a dialog box at the user every time an attempt is made to load a blocked image. So if SurfWatch adds akamaitech.net to their list, a user will see a series of "Blocked by SurfWatch" dialogs flash on the screen every time they visit a page that uses akamaitech.net to serve ads.

- Bennett Haselton