TT-Forums now only available over SSL
- orudge
- Administrator
- Posts: 25148
- Joined: 26 Jan 2001 20:18
- Skype: orudge
- Location: Banchory, UK
- Contact:
TT-Forums now only available over SSL
TT-Forums has been quietly available over SSL for a number of years now, but I've now installed a phpBB extension that'll transparently proxy any non-SSL [img] tags (and avatars and signatures) over HTTPS (via imageproxy.tt-forums.net). However, the majority of you will have accessed the non-secure site by default. Now, while TT-Forums isn't exactly your online banking, there is a general push at the moment to get every site using encryption, so TT-Forums (and related sites, such as TT Wiki and TT-Forums Projects) will now only be available via a secure connection.
Existing links to http://www.tt-forums.net/ will of course still work - you should be redirected automatically.
One problem with trying to run a forum via SSL is that you can use the [img] tag to embed images which may not be secure. You can also link to externally hosted avatars. We do however have a solution for that - all HTTP [img] links will now be transparently proxied via imageproxy.tt-forums.net, a secure site.
Please let me know how you find everything. If anybody notices any problems, please let me know. If you find the site seems significantly slower too, that would also be of interest (it seems pretty much the same to me).
Also, as a minor aside, I've updated the [youtube] BBCode so it's a bit more modern and no longer tries to embed Flash (it instead embeds YouTube itself via an iframe, the recommended method these days).
Existing links to http://www.tt-forums.net/ will of course still work - you should be redirected automatically.
One problem with trying to run a forum via SSL is that you can use the [img] tag to embed images which may not be secure. You can also link to externally hosted avatars. We do however have a solution for that - all HTTP [img] links will now be transparently proxied via imageproxy.tt-forums.net, a secure site.
Please let me know how you find everything. If anybody notices any problems, please let me know. If you find the site seems significantly slower too, that would also be of interest (it seems pretty much the same to me).
Also, as a minor aside, I've updated the [youtube] BBCode so it's a bit more modern and no longer tries to embed Flash (it instead embeds YouTube itself via an iframe, the recommended method these days).
Re: TT-Forums now only available over SSL
Very nice, though I have no clue as to what it all means I'm guessing it now means we've got the same security as my bank?!
With regards to loading speed, I get 1-2 seconds per page which isn't bad when considering I have 2 live Spreadsheets being updated in the background at the same time
With regards to loading speed, I get 1-2 seconds per page which isn't bad when considering I have 2 live Spreadsheets being updated in the background at the same time
- orudge
- Administrator
- Posts: 25148
- Joined: 26 Jan 2001 20:18
- Skype: orudge
- Location: Banchory, UK
- Contact:
Re: TT-Forums now only available over SSL
It basically means that third parties shouldn't be able to intercept your communications with the server (e.g., your password when logging in). Obviously anything you post will still be public.Pilot wrote:Very nice, though I have no clue as to what it all means I'm guessing it now means we've got the same security as my bank?!
Re: TT-Forums now only available over SSL
It seems this broke my signature! I edited the image link to https:// and it is all fine now
My Scenarios:
Archipiélago Hermoso (Latest Release: Version 3.2)
Turnpike Falls (Latest Release: Version 0.91)
- orudge
- Administrator
- Posts: 25148
- Joined: 26 Jan 2001 20:18
- Skype: orudge
- Location: Banchory, UK
- Contact:
Re: TT-Forums now only available over SSL
Hm, did it? Any old http:// TT-Forums links should be redirected automatically to https://. You got it fixed at least though.
EDIT: Ah, the proxy had failed (or I'd forgotten to restart it), which may have been related...
EDIT: Ah, the proxy had failed (or I'd forgotten to restart it), which may have been related...
- Redirect Left
- Tycoon
- Posts: 7279
- Joined: 22 Jan 2005 19:31
- Location: Wakefield, West Yorkshire
Re: TT-Forums now only available over SSL
Not sure if intended behaviour or not, but I do occasionally receive this warning on some threads (this one is Chrills screenshot thread)
edit: also seems to entirely break my signature image
edit: also seems to entirely break my signature image
- orudge
- Administrator
- Posts: 25148
- Joined: 26 Jan 2001 20:18
- Skype: orudge
- Location: Banchory, UK
- Contact:
Re: TT-Forums now only available over SSL
Hm, that's TinyMusic's avatar - looks like my plug-in isn't filtering avatars as I thought. Will need to look into that.Redirect Left wrote:Not sure if intended behaviour or not, but I do occasionally receive this warning on some threads (this one is Chrills screenshot thread)
Curious, I wonder if it's because it's ending in .php instead of .png. Will look into it too.Redirect Left wrote:edit: also seems to entirely break my signature image
- Redirect Left
- Tycoon
- Posts: 7279
- Joined: 22 Jan 2005 19:31
- Location: Wakefield, West Yorkshire
Re: TT-Forums now only available over SSL
I suspect that. I've had issues on other sites where dynamically generated PHP images aren't taken kindly by software.orudge wrote: Curious, I wonder if it's because it's ending in .php instead of .png. Will look into it too.
- orudge
- Administrator
- Posts: 25148
- Joined: 26 Jan 2001 20:18
- Skype: orudge
- Location: Banchory, UK
- Contact:
Re: TT-Forums now only available over SSL
Oddly, it seems to be some sort of weird problem with lighttpd I think (imageproxy.tt-forums.net forwards to an internal Camo server which performs the actual image retrieval, etc). If I access the Camo server directly over HTTP it's fine; if I download the image to the server and access it over HTTPS it's fine too - it just seems to be the proxied version that's misbehaving. It's adding an extra 20 bytes of data, including some newlines and so on. I wonder if it's interpreting it as HTML or something and messing it up. I've no idea why, and can't see anything in the configuration that might be causing that.
At some point I may switch to nginx, lighttpd has always worked pretty well though.
A bit of a faff for you, but you could consider getting a free SSL certificate and encrypting your site too.
At some point I may switch to nginx, lighttpd has always worked pretty well though.
A bit of a faff for you, but you could consider getting a free SSL certificate and encrypting your site too.
Re: TT-Forums now only available over SSL
Try changing your image to https:// if it is hosted on the forums, Adam. That's what I had to do, my signature image is uploaded in my screenshot topic.
My Scenarios:
Archipiélago Hermoso (Latest Release: Version 3.2)
Turnpike Falls (Latest Release: Version 0.91)
- orudge
- Administrator
- Posts: 25148
- Joined: 26 Jan 2001 20:18
- Skype: orudge
- Location: Banchory, UK
- Contact:
Re: TT-Forums now only available over SSL
This one should be fixed now.orudge wrote:Hm, that's TinyMusic's avatar - looks like my plug-in isn't filtering avatars as I thought. Will need to look into that.
- Redirect Left
- Tycoon
- Posts: 7279
- Joined: 22 Jan 2005 19:31
- Location: Wakefield, West Yorkshire
Re: TT-Forums now only available over SSL
Nah, it's hosted on my dedicated server here - which has frankly never even seen SSLChrill wrote:Try changing your image to https:// if it is hosted on the forums, Adam. That's what I had to do, my signature image is uploaded in my screenshot topic.
I tend to keep these things on my own dedis, as it directly communicates with my phones. Then it's entirely my own fault if it gets compromised, can't blame anyone else
Re: TT-Forums now only available over SSL
Owen, do you have any control over pikka wiki on the users ttforums pages? Any idea why the error 500 problem is ongoing?
- orudge
- Administrator
- Posts: 25148
- Joined: 26 Jan 2001 20:18
- Skype: orudge
- Location: Banchory, UK
- Contact:
Re: TT-Forums now only available over SSL
Oops, that was my own fault it seems - Pikka's wiki was being hammered by bots recently and they were causing significant slowness on the server, so I attempted to block some, but apparently I made a syntax error when doing so and didn't check it properly. (Load went down so I thought it had been fixed, which was kind of true...) Now fixed!
- Redirect Left
- Tycoon
- Posts: 7279
- Joined: 22 Jan 2005 19:31
- Location: Wakefield, West Yorkshire
Re: TT-Forums now only available over SSL
This has made the site unavailable on some networks. Including wifi at some public locations,some public transport, and O2s 4G network frequently throws up errors.
In public transport, I have verified I am connected to the actual proper source and not someone's phone imitating it.
Edit: just occurred on the EDGE network too.
In public transport, I have verified I am connected to the actual proper source and not someone's phone imitating it.
Edit: just occurred on the EDGE network too.
- Attachments
-
- Screenshot_20160610-134647.png
- (142.93 KiB) Not downloaded yet
-
- Screenshot_20160610-134945.png
- (121.87 KiB) Not downloaded yet
Re: TT-Forums now only available over SSL
Those providers often have a "feature" of performing a massive man-in-the-middle "attack" to "reduce" the size of images. Actually they rewrite every HTML page they come across and change the URIs of images so they can provide their own smaller (in size) version of it.
This "feature" is incredibly annoying when you specifically said to your browser to not load certain (large) images of a website, because with the HTML rewriting your image block does not work anymore and voila... you have to download way more than you should have downloaded when they did not perform that size "reduction".
This "feature" is incredibly annoying when you specifically said to your browser to not load certain (large) images of a website, because with the HTML rewriting your image block does not work anymore and voila... you have to download way more than you should have downloaded when they did not perform that size "reduction".
- Redirect Left
- Tycoon
- Posts: 7279
- Joined: 22 Jan 2005 19:31
- Location: Wakefield, West Yorkshire
Re: TT-Forums now only available over SSL
If you are referring to Chromes feature where it downloads things to a remote server then resends a smaller version, i've tried without that and it still errors. It also works fine on other HTTPS sites (I tried google, as its the only HTTPS forced site I know off hand)Rubidium wrote:Those providers often have a "feature" of performing a massive man-in-the-middle "attack" to "reduce" the size of images. Actually they rewrite every HTML page they come across and change the URIs of images so they can provide their own smaller (in size) version of it.
This "feature" is incredibly annoying when you specifically said to your browser to not load certain (large) images of a website, because with the HTML rewriting your image block does not work anymore and voila... you have to download way more than you should have downloaded when they did not perform that size "reduction".
Re: TT-Forums now only available over SSL
No, I am not. I am refering to things like BoostEdge, and then especially the second paragraph of the second question on http://www.boostedge.com/faq/optimization.html:
However, BoostEdge could act as a "man in the middle" and spoofis the server. But the browser would pop an alert window telling the users that some device is decrypting your data.
- Redirect Left
- Tycoon
- Posts: 7279
- Joined: 22 Jan 2005 19:31
- Location: Wakefield, West Yorkshire
Re: TT-Forums now only available over SSL
Hmm. Seems like that'd be something global, not something that'd pick and choose what it wants to turn on with and affect it all.
- orudge
- Administrator
- Posts: 25148
- Joined: 26 Jan 2001 20:18
- Skype: orudge
- Location: Banchory, UK
- Contact:
Re: TT-Forums now only available over SSL
Are you able to view the certificate details in your browser? I'd be interested to know what certification authority it thinks it is using.
Who is online
Users browsing this forum: No registered users and 2 guests