All 76 filters inspected only TCP traffic: sending the identical HTTP request over UDP bypassed censorship 100% of the time. Additionally, 17 of the 49 filters that censored requests to EC2 servers only inspected traffic on port 80 and passed through the same requests sent to port 9900 without modification. No filter triggered on URI query strings, so appending query parameters to any censored URL bypassed every tested filter.

Of the 55 filters that inspected the HTTP Host header, 26 keyed only on the first Host header in a multi-Host request, 27 keyed only on the last, and only 2 examined both. Placing a benign Host header in the position the filter reads and the blocked URL in the other position bypassed the filter, and this divergence in behavior tracks RFC 7230's requirement to reject multi-Host requests with a 400 error — which none of the tested filters implemented.

§4.1 Mechanism detection

HTTP GET fuzzing via subtle token modifications bypassed large fractions of filters: removing the `\r\n` before the Host header bypassed 36–38 of 44 Host-header filters; embedding the censored URL in the middle of a long hostname string bypassed 33–35 filters; placing the URL in an after-Host field with a non-empty Host bypassed 29–36 filters. Blacklist coverage was also weak: no filter blocked all 100 of the Alexa top adult sites, and some blocked as few as 31.

§4.1 / Appendix A evaluation

Among the 44 non-DNS filters, 11 did not reassemble TCP segments and 7 did not reassemble IP fragments before inspection, meaning a censored URL split across segment or fragment boundaries evaded detection. Five filters applied fragment/segment reassembly timeouts of under 2 seconds despite maintaining HTTP request state for more than 8.5 seconds, creating a window where a deliberately fragmented flow with artificial delay avoids inspection entirely.

§4.1 Mechanism detection

Autosonda classified 76 commercial web filters in the NYC metropolitan area into three categories: 21 (27.63%) performed DNS blacklist filtering, 44 (57.89%) matched on the HTTP Host header of GET requests, and 11 (14.47%) performed a DNS lookup of the Host header value and blocked based on the resulting IP. Autosonda found circumvention paths for 100% of filters tested.

§4.1 Results evaluation

During the June 2025 shutdown, Iranian authorities blocked international One-Time Password (OTP) SMS delivery, preventing new sign-ins to foreign secure-messaging platforms and VPN services. This forced users toward government-approved domestic platforms that lack security and privacy protections. The blockade of OTPs effectively weaponized account-recovery flows as a secondary shutdown layer, disproportionately affecting users who needed to activate new circumvention tools during the crisis.

2025-iran-shutdown-measurement §Human Rights Implications port-blockingdpikeyword-filtering

Table 1 of the survey documents that by 2013–2014 censors were deploying simultaneous blocking across BGP, DNS, IP/port filtering, TCP disruption, TLS, and application-layer keyword filtering. No single detection tool in the survey covers all six layers; the most comprehensive, OONI (2012), covers DNS, IP/port, TCP, TLS, keyword, and HTTP but notes only partial BGP coverage.

2015-aceto-internet Table 1 bgp-hijackdns-poisoningport-blockingip-blockingrst-injectiontls-fingerprintkeyword-filteringdpi

The paper presents a systematic taxonomy of blocking criteria across ISO/OSI layers: circumstance-based (addresses including sender/receiver/kind/physical location; timing including send time, receive time, duration, frequency; data-transfer properties; services including protocols, names, addresses) and content-based (file type/MIME, statistical detection of encrypted or compressed data, pattern matching for keywords or phrases, and website fingerprinting via request-count/byte-volume signatures).

2004-k-psell-achieve §4, Appendix A dpiip-blockingport-blockingtraffic-shapekeyword-filtering

The June 2025 Iran shutdown—carried out during the Iran-Israel war beginning ~June 19—did not use BGP route withdrawals as in 2019. Instead, authorities applied service-level restrictions at the national border: DNS poisoning of foreign destinations, protocol whitelisting permitting only pre-approved domestic services, and DPI to block circumvention-tool traffic. Iran's international traffic fell roughly 90% while the country's BGP routes remained advertised, making the shutdown invisible to BGP-based monitoring systems. OONI measurement volume, which totalled 121,333 in June 2025, collapsed to under 200 submissions on June 19-20.

2025-iran-shutdown-measurement Executive Summary / §2 dpidns-poisoningport-blockingip-blocking

Input blocking in Chinese LLM services (DeepSeek, Qwen, Kimi, Doubao) is overwhelmingly consistent: all four services persistently block the exact same queries across all 5 measurement samples in both Simplified and Traditional Chinese. Output blocking is far less consistent, with only 29 out of 349 output-blocked queries blocked across all 5 samples. Baidu-Chat is exceptional: it performs almost no input blocking but instead relies heavily on post-search and output blocking (78.6% of blocks are output-phase).

2026-ablove-characterizing §VI-B keyword-filteringdpi

VPN search demand in Iran spiked approximately 707% during the June 2025 stealth blackout, as measured by Top10VPN analytics, making it one of the highest-documented circumvention-demand spikes associated with a single shutdown event. Despite this demand, many VPN connections failed because the protocol whitelist eliminated non-HTTPS tunneling methods and HTTP-level filters could detect known VPN signatures on port 443.

2025-aryapour-stealth-blackout §1, §5 dpiport-blockingtraffic-shape