There are many blocked resource

[rakhirhif8963]

Roskomnadzor does not recommend using this method of blocking, but does not require using any specific method. The Internet provider chooses, and the agency only gives recommendations on possible methods. Therefore, from a legal point of view, providers can continue to block resources by IP address.
, and they can be freely purchased and used for selfish purposes, compromising the system of legal restrictions on prohibited sites.

How to avoid the problem
There are two ways to solve this problem:

A telecom operator or Internet provider morocco mobile database block not by IP address, but by URL for http traffic or by domain name of the node for https traffic, extracted from the SNI (Server Name Indication) extension during the initiation of an SSL session. This is possible by using deep packet inspection (DPI) equipment on the telecom operator's network, which can extract this information. Not all DPI manufacturers support this feature, in particular, the popular Cisco SCE platform cannot do this, and for many others it does not work reliably enough.
Use the method of blocking recommended by Roskomnadzor on the side of the provider's DNS server, when for prohibited resources the DNS server should issue the address of the provider's host with a stub page, rather than the prohibited host. This method does not require purchasing DPI equipment, but it also needs to be combined with blocking by IP of those addresses specified in the registry. This scheme is easier to implement, but it does not provide sufficient reliability and is easy to bypass. Nevertheless, its use at the current stage is sufficient to meet the requirements of Roskomnadzor.