The Chinese authorities have long established the Great Firewall (GFW) at the national level for internet censorship and filtering. A recent research report has uncovered the emergence of a regional version of internet censorship system in Henan Province, which is even more strict than the GFW and is referred to as the “wall within the wall.” Experts have revealed that similar local internet censorship has been in place for years, and the existence of this “wall within the wall” confirms the increasingly oppressive measures taken by the Chinese Communist Party for stability maintenance.
On May 11th, the latest research report released by the internet censorship research platform GFW Report unveiled that Henan Province has deployed its own censorship mechanism based on TLS SNI and HTTP Host to detect and block outbound traffic.
The report found that Henan’s network censorship is unidirectional, triggering blocks on TLS connections initiated from Zhengzhou, the capital of Henan Province, but connections initiated from external sources to Henan remain unrestricted. This feature indicates that the firewall in Henan primarily monitors outbound traffic. This is in contrast to the bidirectional nature of the GFW.
During the period from November 2023 to March 2025 (excluding measurements between March and October 2024), tests revealed that the firewall in Henan adopts more aggressive and unstable blocking strategies than the GFW. The Henan firewall has blocked a total of 4.2 million domains, more than five times the cumulative size of the GFW’s blocked list. One key reason for this situation is the blocking of many generic second-level domains (e.g., *.com.au). Tests also revealed that at times, the number of domains blocked was ten times more than that of the GFW.
Moreover, due to frequent additions and removals of rules for blocking generic second-level domains (such as *.com.au, *.net.br, *.gov.co), the number of blocked domains in Henan has seen drastic fluctuations.
The report further indicates that the blocking list used by the Henan firewall also targets state or municipal government websites from other countries. For example, most U.S. state government websites like texas.gov, seattle.gov, alabama.gov, nc.gov are blocked in Henan but not by the GFW. In contrast to the 83 *.gov* domains in the GFW block list, the Henan firewall has blocked 1,002 *.gov* domains, indicating a tendency to block any governance data or news content from around the world.
Despite the focus of Henan’s firewall censorship differing from the national GFW, it functions as an additional layer of scrutiny based on the GFW, hindering a larger volume of information and effectively creating a “wall within the wall.”
The main purpose of this research is to reveal that internet censorship in China under the CCP may transition from centralized to regional, leading to further fragmentation of regional network environments and potentially creating “network islands.” The Henan firewall is the first known case of deploying a regional firewall in China, and similar deployments are expected in other regions of China in the future.
Researchers conducted measurement studies in seven provinces and cities in China, including Beijing, Shanghai, Guangdong, Zhejiang, Jiangsu, Sichuan, and Henan, to identify potential regional censorship. Evidence of regional censorship was not found in the other six provinces besides Henan, possibly due to the limited measurement points accessible in China.
Furthermore, researchers outside of China typically rely on reports from Chinese users to understand new changes and upgrades in Chinese censorship strategies. Accessing diverse measurement servers and continuously monitoring the accessibility of various internet services and protocols in China poses challenges. The researchers facilitate prompt reporting of encounters with new censorship events for users through online forums such as Net4People BBS, NTC Party forum, and popular anti-censorship tools’ GitHub issue reporting pages. This allows researchers to swiftly investigate such reports.
Gan Wenwei, a mainland Chinese software supplier currently residing in the Netherlands, mentioned that regional firewalls like the one in Henan have existed for at least five to six years, not just in Henan but also in Fujian, Hubei, Jiangsu, among others. While the technical principles may vary, the goals are to block users from accessing websites deemed inappropriate by the authorities.
“When I was developing firewall bypass software, including internet game accelerators, I found that firstly, Fujian had a complete firewall, and then there was Xinjiang, which even restricted internet game accelerators.”
He noted that some local authorities and telecommunications operators autonomously purchase monitoring equipment to track user traffic, and it is not a unified national deployment. Sometimes they create whitelists or directly block certain domain names. If users complain, the operator may temporarily lift the block.
Gan Wenwei gave an example where local authorities prohibited the use of Apple’s FaceTime under the guise of anti-fraud measures, claiming it was to prevent users from being deceived. However, the main reason was to control dissenters who could not be easily monitored, so they choose to block access directly.
He also mentioned that mechanisms like the one in Henan resemble a reverse firewall, where Chinese traffic cannot leave but anomalies may occur at times.
“According to normal firewall mechanisms, both sides isolate you, prevent you from accessing outside and inside, but sometimes it’s strange – foreign traffic can access in, but domestic traffic cannot go out.”
He pointed out that Chinese-developed social tools like Douyin (TikTok) have had similar blocking capabilities for a long time. During the pandemic in Wuhan, he experienced firsthand how being in one district and having an IP address from another district resulted in being unable to view videos related to that specific district.
Regarding Henan’s firewall only blocking outbound traffic, Gan Wenwei explained that due to the presence of large data centers for various operators in Henan, they also need to provide cloud services to external companies, hence incoming traffic remains unblocked.
The report highlights that the Henan firewall tends to target domains related to commercial, economic, computer, and internet information fields. Over 35% of the total domains on the Henan firewall’s block list fall into these categories. The report suggests this might be due to numerous financial disputes in Henan, as in 2022, a banking scandal in the village banks of Henan resulted in widespread protest activities.
John Shan, a senior network engineer from Silicon Valley, mentioned that intensifying network blockades are primarily for stability maintenance by the Chinese Communist Party. Economic challenges, accumulating problems like banking failures and stalled construction projects in Henan, along with a significant number of unemployed individuals and university students, are all contributing factors. Educated individuals with limited opportunities vent their frustrations, making governance challenging. Last year, when Henan university students rode bicycles for a night tour in Kaifeng to protest against the lockdown, authorities were fearful of potential political incidents.
Shan believes that such regional network blockades are first instituted by local authorities to prevent citizens from disseminating information or whistleblowing to so-called external forces.
“Why control *.com.au? Because the largest domain registrar GoDaddy had a massive sale recently, selling domains for as low as one cent annually. People with grievances or the need to spread information can quickly publish content online.”
Additionally, the blockades aim to prevent inter-provincial connections. For instance, if there are individuals in Henan with grievances, it becomes challenging for them to expose issues in another province.
He further noted that the “wall within the wall” in Henan resembles characteristics of Xinjiang’s concentration camps, as the internet in Xinjiang itself is like an intranet within an intranet. Shan commented, “It’s becoming very terrifying, akin to what’s happening in Xinjiang.”
Gan Wenwei added that regions like Henan, not reliant on foreign trade as the primary source of income, abruptly cut off all external traffic to ease the pressure on stability maintenance.
“Henan has a large population, doesn’t care much about democracy and freedom, and doesn’t need to earn money from foreign trade. They simply cut off external traffic to reduce pressure on stability maintenance.”
In conclusion, the research findings shed light on the increasing regionalization of internet censorship in China, exemplified by the “wall within the wall” implemented in Henan Province. The methods used not only reveal the depth of control exercised by local authorities but also provide insights into the evolving landscape of online freedom and information accessibility in the country.