why high traffic sites use serial subdomains for fetching data? - subdomain

I've seen so many sites like pinterest,G+, etc that use different subdomains to fetch desired data. why would they do that? Is there any difference between one static subdomain an subdomain as below for pinterest:
media-cahce-ec0.pinterest.com
media-cahce-ec1.pinterest.com
media-cahce-ec2.pinterest.com
.
.
.
media-cahce-ec9.pinterest.com
I appreciate in advance for any suggestion?

The reason is simple: Each sub domain refers to a different server. Ping them and you'll see the IPs are different. This is a load balancer so that the the web server doesn't have to handle the traffic of the images and downloads.

Related

get around cross-origin resource sharing on Amazon Aws

I am creating a Virtual reality 360-degree video website using the krpano html5 player.
This was going great until testing on safari and I realised it didn't work. The reason for this is because safari does not support CORS (cross-origin resource sharing) for videos going through WebGL.
To clarify, if my videos where on the same server with my application files it would work, but because I have my files hosted on Amazon s3 , they are CORS. Now I'm unsure what to do because I have built my application on digital ocean which connects to my amazon s3 bucket, but I cannot afford to up my droplet just to get the storage I need(which is around 100GB to start and will increase in the future to Terrabytes and my video collection gets bigger).
So does anyone know a way I can get around this to make it seem like the video is not coming from a different origin or alternatively anything I can do to get past this obstacle?
Is there any way that I could set up amazon s3 and amazon EC2 so that they dont see each other as cross-origin resource sharing?
EDIT:
I load my videos like this:
<script>
function showVideo(){
embedpano({
swf:"/krpano/krpano.swf",
xml:"/krpano/videopano.xml",
target:"pano",
html5:"only",
});
}
</script>
This then calls my xml file which calls the video file:
<krpano>
<!-- add the video sources and play the video -->
<action name="add_video_sources">
videointerface_addsource(‘medium', 'https://s3-eu-west-1.amazonaws.com/myamazonbucket/Shoots/2016/06/the-first-video/videos/high.mp4|https://s3-eu-west-1.amazonaws.com/myama…ideos/high.webm');
videointerface_play(‘medium');
</action>
</krpano>
I don't know exactly how krpano core works, I assume it the javascript gets the URLs from the XML file and then makes a request to pull them in.
#datasage mentions in comments that CloudFront is a common solution. I don't know if this is what he was thinking of but it certainly will work.
I described using this solution to solve a different problem, in detail, on Server Fault. In that case, the question was about integrating the main site and "/blog/*" from a different server under a single domain name, making a unified web site.
This is exactly the same thing you need, for a different reason.
Create a CloudFront distribution, setting the alternate domain name to your site's name.
Create two (or more) origin servers pointing to your dynamic and static content origin servers.
Use one of them as default, initially handling all possible path patterns (*, the default cache behavior) and then carve out appropriate paths to point to the other origin (e.g. /asset/* might point to the bucket, while the default behavior points to the application itself).
In this case, CloudFront is being used other than for its primary purpose as a CDN and instead, we're leveraging a secondary purpose, using it as a reverse proxy that can selectively route requests to multiple back-ends, based on the path of the request, without the browser being aware that there are in fact multiple origins, because everything sits behind the single hostname that points to CloudFront (which, obviously, you'll need to point to CloudFront in DNS.)
The caching features can be disabled if you don't yet want/need/fully-understand them, particularly on requests to the application itself, where disabling caching is easily done by selecting the option to forward all request headers to the origin, in any cache behavior that sends requests to the application itself. For your objects in S3, be sure you've set appropriate Cache-Control headers on the objects when you uploaded them, or you can add them after uploading, using the S3 console.
Side bonus, using CloudFront allows you to easily enable SSL for the entire site, with a free SSL certificate from Amazon Certificate Manager (ACM). The certificate needs to be created in the us-east-1 region of ACM, regardless of where your bucket is, because that is the region CloudFront uses when fetching the cert from ACM. This is a provisioning role only, and has no performance implications if your bucket is in another region.
You need to allow your host in CORS Configuration of your AWS-S3 bucket .
Refer to Add CORS Configuration in Editing Bucket Permissions.
Hence after that, every request you make to the S3 bucket files, will have CORS headers set.
In case you need to serve the content via AWS-CDN CloudFront then follow these steps, ignore if you server content directly via S3 :
Go to AWS CloudFront Console.
Select your CloudFront Distribution.
Go to Behaviors Tab.
Create a Behavior(for the files which needs to be served with CORS Header).
Enter Path Pattern, Select Protocol & Methods.
Select All in Forward Headers option.
Save the behavior.
If needed, Invalidate the CloudFront Edge Caches by running an Invalidation request for the Files you just allowed for CORS.

it is posible to get anotehr address from using pre-name on url?

If for example I have site call
xyz.com
how can I force my server(Asp.net/iis)
to go to another page if i ask for
a.xyz.com
it is posible?
for example: m.xyz.com leads to xyz.com/mobile.aspx
thanks!
The solution involves multiple steps:
You need to configure the subdomain in your DNS.
You need to create a website in IIS to handle the subdomain. There's a guide here on how to do this. Pay attention to the "Host Header" part - That's where you set you m.xyz.com address.
You need to setup an HTTP redirect (301 / 302). You can do this from the config file with the httpRedirect element (More details here).

background-image full-path url to my isp ftp?

I'm hosting my own server for my website, and I would like to store all the resources on my isps ftp instead (like images, scripts and stuff like that) to prevent unnecessary strain on my server, and because my isps network speed ought to be quicker than the service they provide me. Now the fonts and the javascripts work fine, but when I try the following in my css:
background-image:url("-url-");
It does not want to display on my website, and in chrome I get this:
XMLHttpRequest cannot load -url-. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://my-domain-name/' is therefore not allowed access.
What does this mean?
-edit-
Actually it does seem to display, but I don't think it is supposed to. But they load up in a weird manner so I think I might just host the files on my own server after all.
I don't know the format of your URL (I assume you are using http, not ftp to link the image) or the nature of your "IPS's server" but the error suggests it does not allow hotlinking of images (I.e. cross-domain access to the files is not allowed by the server).
What is the service you are using to host the images? If it isn't indended for this purpose and you want to reduce strain on your own server it would make more sense to use a proper CDN service like AWS (they have a free tier I think).

Obvious security flaws in redirect?

I have a web app that stores videos. I am using a java servlet (over https) which verifies a username and password. Once the details are verified, i redirect the user to a video stored in AWS S3. For those who don't know how S3 works, its just a web service that stores objects (basically think of it as storing files). It also uses https. Now obviously to make this work, the s3 object (file) is public. I've given it a random name full of numbers and letters.
So the servlet basically looks like this:
void doGet(request, response){
if (authenticateUser(request.getParameter("Username"), request.getParameter("Password")){
response.sendRedirect("https://s3.amazonaws.com/myBucket/xyz1234567.mp4");
}
}
This is obviously simplified but it gets the point across. Are there any very obvious security flaws here? The video tag will obviously have a source of something like https://www.mysite.com/getVideo?Username="Me"&Password="randomletters". At first blush it seems like it should be as secure as anything else assuming i give the file names sitting at AWS s3 sufficiently random names?
The obvious security flaw is that anybody could detect which URL the authentication servlet redirects to, and share this URL with all his friends, thus allowing anyone to access the resource directly, without going through the euthentication servlet.
Unfortunately, I don't know S3 at all, so I can't recommend any fix to the security problem.
All this mechanism does is provide a very limited obfuscation - using developer tools in most modern browsers (or a proxy such as Fiddler) a user will be able to watch the URL of the video that's being loaded and, if it's in a Public S3 bucket, then simply share the link.
With S3 your only real solution would be to secure the bucket and then either require that the user is logging in or use the temporary tokens for access [http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html] ... though this does complicate your solution
I would also mention that including the password and username in plaintext on the link to the video asset (from the question above) is very insecure

Redirected Domain Problem

We have 2 different websites. One is xy.com another is xyz.com. The domain xyz.com is redirected to a folder on xy.com\one
This works fine. Now we want a particular link to be opened (for example, www.xyz.com\abc.html). I am placing this file in xy.com\one\abc.html. But when I enter this url, it takes me to home page, instead of abc.html. Though I can open abc.html, by entering www.xy.com\one\abc.html.
I need to open this file, from link, www.xyz.com\abc.html. How to accomplish this??
Regards,
Rahul Jain
I think the problem is your slashes are reversed. Did you keep your url's near a strong magnet?
If you are using apache you might want to have a look at mod_rewrite. There are similar methods available for other servers.
Would be good to know which environment you are using (web server and server side language) and if you are applying the re-direct rules in a programmatic way or via server configuration.
To give a serious reply, there could be several things wrong in the redirect.
You have to setup a redirect from the old domain to the new, by using a .htaccess on the old domain, changing the DNS records for the domain, or probably some other alternatives. Which of these have you used?
In case of the second option the receiving server (xy.com) has to accept the incoming domain (xyz.com). When I set my DNS records for a domain to go to a certain server, I have to actually setup the server to accept that domain, usually by "parking" it in Cpanel. Some hosts charge per parked domain, which is why they don't accept the incoming traffic automatically.
Depending on the method used, the receiving server has to be told what to do with the request.
So most importantly: HOW did you set up the redirect? Was it a DNS record? Was it a htaccess on the side of xy.com? Any other methods? (sorry, this isn't really an answer either but it was too long for the comments)