How The Great Firewall Works

  • DNS blocking &emdash; The Great firewall prevents DNS lookup of certain domain names which causes a "site not found" error message in the user's web browser.
  • IP address blocking &emdash; Certain IP addresses like that of and are on this blacklist. If someone within China tries to access one of these sites, the Great Firewall continuously sends the browser a reset command until "The connection has been reset" is displayed by the browser instead of the prohibited website.
  • URL Keyword blocking &emdash; If the URL contains a prohibited keyword, like 'FalunGong', the Great Firewall will restrict access to the site, even if the site was not originally on a blacklist.
  • Keyword scanning of the actual web pages &emdash; This is a recent addition to the Firewall. When someone views a web page, the Great Firewall will also download the web page and scan it for blacklisted keywords. If the the page contains prohibited keywords then the Great Firewall will ban the user from further access to that website for some limited time period. Further attempts to access the website will increase the length of the ban.

Additionally, the Chinese government has now begun to also censor web traffic coming from the outside world into China. For instance, the sessions of foreigners browsing websites in China are monitored, according to UCB Professor Xiao Qiang, and are censored if the foreigner is looking for inappropriate material.

The Great Firewall is a very big undertaking, not just in terms of computer infrastructure, but also with regards to man power. The Chinese government employs on the order of 10,000 people to police the internet who primarily modify the various website and keyword blacklists.