This re-routing process effectively masks the user’s traffic and makes it appear like all Internet traffic is coming from a legitimate website or application hosted on the CDN. Using an application like Psiphon, the traffic can be routed to a CDN server: when traffic reaches the CDN, it’s re-routed through a domain fronting server (in this case the psiphon’s server) to its end destination. Usually, domain fronting relies on content delivery networks ( CDN) that host multiple domains.Ī single CDN may host thousands of different domains, even if the CDN itself is operated by a single company like Akamai, Amazon, Microsoft Azure, or CloudFlare.īecause of the nature of CDNs, mobile providers and censorship proxies cannot simply block them, as that would unintentionally block many major websites and services.įor example, typically serves content from IP addresses owned by Facebook, but some contents are also served from domains like. Recently both Google and Amazon announced a change to its own infrastructure in order to avoid the use of domain fronting, the exploitation of a content delivery network’s architecture to conceal the actual destination of encrypted Internet traffic.Ī lot of privacy related application uses this techniques to evade censorship, like Signal, Tor-to-Web proxies, the GreatFire service to bypass China's Great Firewall.įurthermore lots of VPN providers uses Domain Fronting to hide their servers' real locations.īut, what is Domain Fronting, how it works and why providers starting block this kind of traffic?ĭomain Fronting is a masquerading technique that is typically used to circumvent Internet censorship by making traffic look like it’s associated with a web domain that isn’t restricted. What is Domain Fronting? How it works? How can be used to evade internet censorship?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |