Sites using subdomains to redirect to third party sites

Ask for help about NoScript, no registration needed to post
skkukuk
Junior Member
Posts: 30
Joined: Sun Dec 12, 2010 5:17 pm

Re: Sites using subdomains to redirect to third party sites

Post by skkukuk »

barbaz wrote:akamai(edge) is a CDN / hosting, that is probably a perfectly legitimate DNS aliasing as the content you get there is likely just the site's content. The site is just mapping it to their subdomains for convenience.
Personally I wouldn't worry about that one at all.
Thanks. I will still anonymize, but at least I will now worry about akamai less. Would you say that the same thing applies to cloudfront (haven't seen the subdomain alias to them... Yet) but since cloudfront references seem to always use a subdomain (xyz1234.cloudfront.net), is it relatively safe to assume that the content from clouldfront is really the requesting sites content being stored on cloudfront? (I also anonymize anything from cloudfront, which has never seemed to be a problem)

Edit: I will still only allow scripts from whatever.cloudfront.net on a temporary basis using full addresses!
Edit2: Changed references to cloudfront.net (not .com) in text above after reading reply that follows

Thank for your help/feedback!
Last edited by skkukuk on Fri May 08, 2015 7:18 pm, edited 1 time in total.
Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/31.0
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: Sites using subdomains to redirect to third party sites

Post by barbaz »

I don't quite say the same thing about cloudfront, some sites use it as a CDN but others use it as a tracker. So I would definitely recommend allowing cloudfront.net scripts on a temporary per-subdomain basis and only if site functionality is broken without them.

If you don't mind a lot of sites breaking you can block cloudfront.net entirely with ABE and whitelist it on a per-site basis as you need/want depending how a site breaks. see viewtopic.php?f=7&t=18206
*Always* check the changelogs BEFORE updating that important software!
-
Mad_Man_Moon
Senior Member
Posts: 75
Joined: Fri Oct 27, 2017 12:02 pm

Re: Sites using subdomains to redirect to third party sites

Post by Mad_Man_Moon »

Thought I'd resurrect this blast from the past to let folks know about another occurrence of it (I'm sure it's happening all the time) from a few months ago:

https://news.ycombinator.com/item?id=22535303

I'm not sure the validity of Sp-prod.net, but this paragraph (from the above link) from the docs on 'messagingWithoutDetection.js' makes one's tummy grumble a little!
The Dialogue Javascript communicates with the Sourcepoint messaging server on a subdomain of the site. The benefit of doing that is to allow messaging cookies to be “first party” and thus, circumventing Safari’s web browser Intelligent Tracking Prevention (ITP). This creates a discrete messaging channel between the publisher’s messaging subdomain and the Dialogue messaging server. Once you have created the subdomain, you should create a DNS CNAME record to direct traffic to the Sourcepoint messaging endpoint message<account id>.sp-prod.net where the account id refers to you account ID in the Sourcepoint user interface
Anyway, it sounds like uBlock Origin catches these ... but ... GEEZ. :roll:
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: Sites using subdomains to redirect to third party sites

Post by barbaz »

Skeezix, I split your posts to viewtopic.php?f=18&t=25975 so that you can continue discussing that if you want without going off-topic.
*Always* check the changelogs BEFORE updating that important software!
-
Post Reply