What is Domain Fronting?

Cyber SecuritySafe & SecurityAnti Virus

What is a Content Delivery Network (CDN)?

Static web pages were the most common type of material on the early Internet. The site now consists of millions of dynamic web pages, user-generated content (UGC), stylesheets, images, JavaScript files, movies, and, of course, streaming multimedia.

Every website resides on a server, and the distance between the server and the user determines how quickly a website loads. The webpage loads faster when the server and the user are closer together and vice versa. Take, for example, Yelp's (crowdsourced company reviews) or Whole Foods' websites (multinational supermarket chain).

Although both are accessible from anywhere in the entire world, their web servers are located in the United States. As a result, a user from Singapore will see slower loading times than a user from the United States. This issue is solved by using a Content Delivery Network (CDN).

A content delivery network (CDN) is a collection of interconnected hosting servers. To optimize loading times and the user's website experience, it sends traffic to the server with the least load. With their own caching servers, the CDN caches cached copies of webpages in several countries. It delivers a copy of the web page from a server closest to the user to reduce latency and provide quick and secure content delivery.

CDNs now serve the majority of web traffic, including that from large sites like Amazon, Netflix, and Facebook, as well as millions of retail, banking, and healthcare websites.

Let's have a look at domain fronting now.

What is Domain Fronting?

By disguising a certain website as a different domain, domain fronting hides your traffic to that site. You submit three types of requests when you try to enter a website −

  • A DNS request − The DNS (Domain Name System) is the Internet's address book. It is a program that converts domain names into IP addresses.

  • HTTP − Users are connected to hypertexts and the Internet using the HTTP (Hypertext Transfer Protocol) protocol.

  • A TLS (Transport Layer Security) connection that encrypts HTTP messages and secures connections between servers and web browsers by converting them to HTTPS (Hypertext Transfer Protocol Secure).

  • A DNS server converts the domain name to an IP address, and the browser makes a connection via HTTP or HTTPS. In all of these tiers, the domain remains the same, and you are connected to the website.

In the case of domain fronting, however, DNS and TLS will refer to the same domain. However, the HTTPS level will point to a distinct domain. Because the HTTPS domain is encrypted, it can get around censorship by making your DNS, and TLS requests appear to be from an unrestricted domain.

How Does Domain Fronting Work?

Domain fronting is a method of circumventing online restrictions. It operates by utilizing Platform as a Service (PaaS) setups on networks that support this level of flexibility, which are typically large cloud service providers.

It provides for the concealment of an internet connection by manipulating the HyperText Transfer Protocol (HTTP) and rerouting traffic. These make it appear as if a person is visiting a harmless website when, in fact, he is visiting a different, most likely banned one.

Instead of using an HTTP header, the transformation is made possible by using the HTTPS protocol. Because HTTPS protocols are encrypted, this is the case. The setup is most commonly used with content delivery networks (CDNs).

Consider two domains that are hosted on the same CDN. The authorities have banned one, but not the other. The permitted HTTPS domain is included in the SNI header in domain fronting. The one that is blocked, on the other hand, is stored in the HTTP header.

Due to the lack of a visible intermediate network change, regimes and institutions attempting to resist this evasive strategy often have a difficult time doing so. Most websites could be blocked, but the collateral damage would be massive. As a result, domain fronting is one of the most powerful tools for anyone who wants to get around web restrictions.

However, there is one major disadvantage that you should be aware of. Due to flagrant exploitation of the feature for harmful purposes, most firms who first offered this service, such as Google, Amazon, and Microsoft, pulled it off.

What is the Purpose of Domain Fronting?

You can use domain fronting to access prohibited content if you live in a restrictive nation. Due to censorship, Reporters Without Borders has designated 19 countries as Internet Enemies. Russia and the United States are among the countries on the list.

Domain fronting is used by private messaging apps like Signal and Telegram to ensure anonymity and circumvent restrictions. As a result, people in countries with stringent web restrictions, such as China and Russia, can access these apps.

You can also use it in conjunction with Tor's Meek plugin to disguise your internet activity. This can be beneficial if you wish to surf freely in restricted places, but it can also be used for criminal purposes.

Updated on 29-Aug-2022 12:18:43