By Samuel Gush and Azure Security News
Microsoft has discontinued support for domain fronting via Azure. The cloud computing platform is primarily designed for developing, testing, and running applications. It supports setups ranging from virtual computing to networking and is underpinned by Microsoft’s data centers.
The company has cited a fast-changing security landscape for the latest move. Before this, Azure was considered to be the premier domain fronting product. The service became indispensable among enthusiasts after Google and Amazon blocked this capability on their products in 2018.
Domain fronting relies on HTTPS encryption to obfuscate internet traffic. It spoofs online traffic so that to a third party, a user’s end destination appears to be different from the site actually visited. The technique is common among web engineers and is typically used in countries with stringent internet censorship laws.
Presently, there is heavy reliance on the Microsoft Azure product for domain fronting in countries such as China, where VPN use is illegal and involves jail-time. On a technical level, domain fronting is usually more effective than using VPNs when trying to overcome state ISPs, but it is not holistically effectual. Additional measures such as HTTP header value modification, data fragmentation, and encryption ameliorate the strategy.
Tor, a popular anonymization tool, relies on some elements of domain fronting to hide browsing behavior. Its developers have been depending on the Microsoft Azure service since 2018 after Google and Amazon stopped supporting this.
In preventing domain fronting using its products, Microsoft hopes to curb malicious use of the feature. According to the company, some bad actors have been using the Azure infrastructure to carry out illegal activities. Regarding the latest changes, the company has said that it will be reaching out to users to provide more detailed updated guidelines on how to carry out penetration tests on the platform.