Free Hosting on Content Delivery Network & A look at it's headers

So, CDN's are becoming more and more popular these days with easy access to amazon web services (I have to do a quick shout out to my employer! Even though I am at the Lex1 fulfillment facility) as well as the HP Public Cloud, CloudFlare, Rackspace, Akamai, etc etc. BUT did you know there are easy work arounds (we can call them life hacks, pun definitely intended) where you can host the images on your website on a CDN for free to speed up your own site.

Simply put, because so many of these sites are using CDN's when you host an image on a site like facebook, twitter, etc, as long as you have very easily accessible security settings you can often find the CDN the image is hosted on and use that link to host it on your own website, therefore making your images, and your website as a whole load faster. For an example, I posted a public photo that I have shared on facebook below with an example showing the fbcdn.net domain so you can see what I'm talking about:

And boom! Now image hosting all the banners, backgrounds, button icons, etc that you use in your html for your website with "public" settings, copying and pasting the cdn domain, and building your website like that! Free content delivery! So try it out, and let me know if it works. Also, this may be able to go to all sorts of media, because there are free services for anything now days!

Now for those of you more curious about fbcdn (the facebook content delivery network), I just checked the server headers of the site (using the image above) and this is what was returned:


Last-Modified: Tue, 01 Jan 2008 00:00:00 GMT
Content-Type: image/jpeg
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
Expires: Wed, 01 Apr 2015 20:19:56 GMT
Cache-Control: max-age=1209600, no-transform
Date: Wed, 18 Mar 2015 20:19:56 GMT
Connection: keep-alive
Content-Length: 50669

Nothing really unexpected, but an excellent look under the hood of a CDN! Hope you enjoyed the post, and I hope you all have a fun time with this!

In need of web security or front end development?

Hi! I'm Drew Edwards!
I do freelance web security (owasp standards) and front end web development in Lexington, Ky.
You may be wondering why, if I am a web developer, am I using blogger instead of making an awesome site to promote myself? The answer is simple: Google often puts blogspot in the top of the rankings on a google search (I do seo as well... but it seems EVERYONE does seo).

So lets get down to what I can do for you.
First and foremost, I do web security. You want your website to to be secure from hackers or other predatory beings. The first thing I do is a full evaluation of your website by owasp standards (xss, sql-injections, privilege escalation, etc) then check it for more simple but overlooked vulnerabilities such as exposed internal directories, vulnerability to well crafted social engineering attacks, heartbleed, and other bad "stuff". Then I help fix anything I do find, plus help you with solutions for common problems such as protecting from ddos, setting up ssl, and more.

Protecting your company's security often means the following:

• A firewall on your systems
• SSL on all websites
• Buffer overflow protection
• pgp or other secure email system for internal email
• Vulnerability assessment
• Potection from DDOS attacks

I have proven results through security bug bounties at:
Cisco Meraki
Mozilla Corp.
Barracuda Networks
The Gallery Project

As well as having my own research into the use of punycode/Unicode/special characters in defense against Denial-of-Service software and and Vulnerability Scanners:
http://xn--d1alf.tk/

And for those interested in web design and development services I code html, css, php, javascript (including jquery and json). As well as use and knowledge of linux (ubuntu and apache) and windows systems. See more on this at:
www.xn--5dbdcf0e.tk
(this has an htpasswd file, so use username "login" and password "password" to see my resume)

If you are interested, feel free to contact me at drew[at]xn--5dbdcf0e[dot]tk