GitHub is blocked in India

GitHub is blocked in India along with pastebin and imgur.

Since 17th December Indian ISPs have started blocking the free Git hosting repository GitHub. No prior information, no explanations, no notice, simple block. The ISPs in India are setting a bad precedent of freedom of speech. Only one ISP, Reliance returned a message that GitHub has been blocked as per the instructions of competent authority.

The Indian government also asked telecom operators and ISPs to block the image sharing site imgur and popular paste hosting website, Pastebin.

It is really a bad news for the fast growing Indian economy. Hope, it will be resolved soon. If you are in India, you can use the following solution.

Add Google DNS Server

This can be solved by adding Google DNS server. If you are a Mac OSX user, following steps will help you

  1. Choose Apple menu > System Preferences, and then click Network.

  2. Select the Network connection service you want to use (such as Wi-Fi or AirPort or Ethernet, unless you named it something else) from the list, and then click Advanced.

  3. Select DNS tab

  4. Click + to replace any listed addresses with, or add, the Google IP addresses at the top of the list:

    • For IPv4: and/or
    • For IPv6: 2001:4860:4860::8888 and/or 2001:4860:4860::8844

When you’re finished, click OK and then Apply. Now you can access the blocked sites.

For Windows user, How to change DNS Servers in Windows 7

View comments

Security HTTP headers

Security becomes an inevitable feature for every web and mobile application. There are many things to consider when securing web applications.

Now let's have a look at the headers and how they can improve the security of your website.


This header Provides Clickjacking protection.




The Strict-Transport-Security header will instruct the browser to do two important things:

  1. Load all content from your domain over HTTPS
  2. Refuse to connect in case of certificate errors and warnings
Strict-Transport-Security:max-age=15552000; includeSubDomains

includeSubdomains indicates whether the policy should also be applied to subdomains.


To disable the MIME-sniffing, add the header:


The only defined value, "nosniff", prevents Internet Explorer and Google Chrome from MIME-sniffing a response away from the declared content-type. This also applies to Google Chrome, when downloading extensions.


This disables the option to open a file directly on download.



The XSS protection was introduced in IE 8 as a security measure designed to thwart XSS (Cross Site Scripting) attacks. In short, IE tries to detect whether there has occurred an XSS attack, if so it will modify the page to block the attack and display a warning to the user.

You can set the XSS filter on or off (1 or 0), and there's an optional parameter called mode. If you set mode to block, the page will not be displayed at all. Here are examples of how you can set the header:

X-XSS-Protection: 0
X-XSS-Protection: 1; mode=block


Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks.

If enabled, CSP has significant impact on the way browser renders pages (e.g., inline JavaScript disabled by default and must be explicitly allowed in policy).

Content-Security-Policy:default-src https:; connect-src https:; font-src https: data:; frame-src https: twitter:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; report-uri;

These HTTP headers protect your users from various kinds of attacks.

View comments

Sending SMS using Plivo in Google App Engine

Now-a-days, sending a SMS is part of the notification in all web and mobile products. We uses Plivo to send SMS notification.

Let me share the code that we used for sending SMS in Java Google App Engine project.

  public static final String PLIVO_VERSION = "v1";
  public static final String PLIVO_AUTH_ID = "YOUR_PLIVO_AUTH_ID";
  public static final String PLIVO_AUTH_TOKEN = "YOUR_PLIVO_AUTH_TOKEN";
  public static final String PLIVO_NUMBER = "YOUR_PLIVO_NUMBER";

  public static void sendSMS(String dst, String text) {

    Client client = Client.create();
    // client.addFilter(new LoggingFilter(System.out));
    WebResource webResource = client
        .resource("" + PLIVO_AUTH_ID
            + "/Message/");
    client.addFilter(new HTTPBasicAuthFilter(PLIVO_AUTH_ID,

    JSONObject object = new JSONObject();
    object.put("src", PLIVO_NUMBER);
    object.put("dst", dst);
    object.put("text", text);
    object.put("type", "sms");
    ClientResponse clientResponse = webResource
        .post(ClientResponse.class, object.toString());

    int status = clientResponse.getStatus();
    if (status >= 400) {

Here we uses Java Rest client jersey to send a request to plivo.

Hope it helps and Have a nice day.

View comments