GitHub is blocked in India

2014 · 12 · 30

GitHub is blocked in India along with pastebin and imgur.

Since 17th December Indian ISPs have started blocking the free Git hosting repository GitHub. No prior information, no explanations, no notice, simple block. The ISPs in India are setting a bad precedent of freedom of speech. Only one ISP, Reliance returned a message that GitHub has been blocked as per the instructions of competent authority.

The Indian government also asked telecom operators and ISPs to block the image sharing site imgur and popular paste hosting website, Pastebin.

It is really a bad news for the fast growing Indian economy. Hope, it will be resolved soon. If you are in India, you can use the following solution.

Add Google DNS Server

This can be solved by adding Google DNS server. If you are a Mac OSX user, following steps will help you

Choose Apple menu > System Preferences, and then click Network.
Select the Network connection service you want to use (such as Wi-Fi or AirPort or Ethernet, unless you named it something else) from the list, and then click Advanced.
Select DNS tab
Click + to replace any listed addresses with, or add, the Google IP addresses at the top of the list:
- For IPv4: 8.8.8.8 and/or 8.8.4.4.
- For IPv6: 2001:4860:4860::8888 and/or 2001:4860:4860::8844

When you’re finished, click OK and then Apply. Now you can access the blocked sites.

For Windows user, How to change DNS Servers in Windows 7

View comments

Security HTTP headers

2014 · 12 · 29

Security becomes an inevitable feature for every web and mobile application. There are many things to consider when securing web applications.

Now let's have a look at the headers and how they can improve the security of your website.

X-FRAME-OPTIONS

This header Provides Clickjacking protection.

X-FRAME-OPTIONS: SAMEORIGIN

Values:

DENY - no rendering within a frame,
SAMEORIGIN - no rendering if origin mismatch,
ALLOW-FROM: DOMAIN - allow rendering if framed by frame loaded from DOMAIN

Strict-Transport-Security

The Strict-Transport-Security header will instruct the browser to do two important things:

Load all content from your domain over HTTPS
Refuse to connect in case of certificate errors and warnings

Strict-Transport-Security:max-age=15552000; includeSubDomains

includeSubdomains indicates whether the policy should also be applied to subdomains.

X-Content-Type-Options

To disable the MIME-sniffing, add the header:

X-Content-Type-Options:nosniff

The only defined value, "nosniff", prevents Internet Explorer and Google Chrome from MIME-sniffing a response away from the declared content-type. This also applies to Google Chrome, when downloading extensions.

X-Download-Options

This disables the option to open a file directly on download.

X-Download-Options:noopen

X-XSS-Protection

The XSS protection was introduced in IE 8 as a security measure designed to thwart XSS (Cross Site Scripting) attacks. In short, IE tries to detect whether there has occurred an XSS attack, if so it will modify the page to block the attack and display a warning to the user.

You can set the XSS filter on or off (1 or 0), and there's an optional parameter called mode. If you set mode to block, the page will not be displayed at all. Here are examples of how you can set the header:

X-XSS-Protection: 0
X-XSS-Protection: 1; mode=block

Content-Security-Policy

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks.

If enabled, CSP has significant impact on the way browser renders pages (e.g., inline JavaScript disabled by default and must be explicitly allowed in policy).

Content-Security-Policy:default-src https:; connect-src https:; font-src https: data:; frame-src https: twitter:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; report-uri https://twitter.com/i/csp_report?a=NVQWGYLXFVZXO2LGOQ%3D%3D%3D%3D%3D%3D&ro=false;

These HTTP headers protect your users from various kinds of attacks.

View comments

Sending SMS using Plivo in Google App Engine

2014 · 12 · 26

Now-a-days, sending a SMS is part of the notification in all web and mobile products. We uses Plivo to send SMS notification.

Let me share the code that we used for sending SMS in Java Google App Engine project.

  public static final String PLIVO_VERSION = "v1";
  public static final String PLIVO_AUTH_ID = "YOUR_PLIVO_AUTH_ID";
  public static final String PLIVO_AUTH_TOKEN = "YOUR_PLIVO_AUTH_TOKEN";
  public static final String PLIVO_NUMBER = "YOUR_PLIVO_NUMBER";

  public static void sendSMS(String dst, String text) {

    Client client = Client.create();
    // client.addFilter(new LoggingFilter(System.out));
    WebResource webResource = client
        .resource("https://api.plivo.com/v1/Account/" + PLIVO_AUTH_ID
            + "/Message/");
    client.addFilter(new HTTPBasicAuthFilter(PLIVO_AUTH_ID,
        PLIVO_AUTH_TOKEN));

    JSONObject object = new JSONObject();
    object.put("src", PLIVO_NUMBER);
    object.put("dst", dst);
    object.put("text", text);
    object.put("type", "sms");
    ClientResponse clientResponse = webResource
        .type(MediaType.APPLICATION_JSON)
        .header(HTTPChecker.USER_AGENT_NAME,
            HTTPChecker.USER_AGENT_VALUE)
        .post(ClientResponse.class, object.toString());

    int status = clientResponse.getStatus();
    if (status >= 400) {
      System.out.println(clientResponse.getEntity(String.class));
    }
  }

Here we uses Java Rest client jersey to send a request to plivo.

Hope it helps and Have a nice day.

View comments

Newer →← Older