Amazon closes anti-censorship loophole on its servers

Internet

Amazon Web Services (AWS) is cracking down on domain fronting, a practice that some folks use to get round state-level internet censorship of the likes seen in China and Russia (among other countries).

Domain fronting essentially enables access to a blocked (censored) domain by making the request to connect to that site appear to relate to a completely innocuous unrelated (and unblocked) website.

It can be pulled off as long as the blocked domain and ‘dummy’ domain are hosted by the same provider, like Amazon, except AWS is now moving to stop the practice.

As the Verge spotted, the new measures have been introduced in the form of ‘enhanced domain protections’ for Amazon CloudFront.

The AWS security blog explains: “Using CloudFront to receive traffic for a domain you aren’t authorized to use is already a violation of our AWS Terms of Service. When we become aware of this type of activity, we deal with it behind the scenes by disabling abusive accounts. Now we’re integrating checks directly into the CloudFront API and Content Distribution service, as well.”

Beating malware

Amazon says this is part of an effort to stamp out malware, and essentially dodgy practices in general, noting that while “this technique can’t be used to impersonate domains”, it’s clearly the case that “no customer ever wants to find that someone else is masquerading as their innocent, ordinary domain”.

Of course, domain fronting is perfectly legitimate if it’s used by a customer who owns both the domains in question – obviously in this case it’s up to them what they do with their web properties.

Note that another web giant, Google, already implemented countermeasures to prevent domain fronting last month, so folks who engage in this practice are rapidly finding the online world a much tougher place in which to pull the subterfuge off. Google made it clear that it never officially supported domain fronting in the first place.

This comes at a time when state censorship is becoming increasingly tight in many nations, with the likes of Russia and China clamping down not just on web content deemed inappropriate, but on VPN services that can be a potential evasive measure, too.

TOPICS

Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).

Latest in Pro
An image of network security icons for a network encircling a digital blue earth.
Why multi-CDNs are going to shake up 2025
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Millwall FC The Den
The UK's first football club mobile network is here - but you probably won't guess which team has launched it
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
Latest in News
A young woman is working on a laptop in a relaxed office space.
I’ll admit, Microsoft’s new Windows 11 update surprised me with its usefulness, providing accessibility fixes, a gamepad keyboard layout, and PC spec cards
inZOI promotional material.
inZOI has become the most wishlisted game on Steam, but I wouldn't get too caught up in the hype
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Nespresso Vertuo Pop machine in Candy Pink with coffee drinks and capsules
My favorite Nespresso coffee maker just got a fresh new makeover, and now I love it even more
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC