IT notes

Domain Fronting

If your domain becomes blocked you “could use” another one to bypass the block: curl -s -H "Host: your-blocked-domain" -H "Connection: close" "https://new-tld/your/path" Both domains must be hosted within the same CDN, example: curl -s -H "Host: images-na.ssl-images-amazon.com" -H "Connection: close" "https://cdn.atlassian.com/images/I/01rgQ3jqo7L.css" More info: https://www.optiv.com/blog/escape-and-evasion-egressing-restricted-networks https://www.peew.pw/blog/2018/2/22/how-i-identified-93k-domain-frontable-cloudfront-domains

cdn token

Restrict access only to the CDN (cloudfront) To only allow, handle request from the CDN you could add a custom header/token and check on your backend (nginx/haproxy) if is matching otherwise return a 401 If using AWS cloudfront you edit your origins like this: The token can be any UUID / has or common secret between the CDN and the backend. If your backends are using nginx you could verify the token like this: