An image proxy is a must so vbulletin users can use SPDY as it requires HTTPS. I think this would be a very popular mod and something worth paying for.

OK, I had to look up what was meant by "image proxy" and SPDY, so I don't undersand much about it. But I think vbulletin already works that way for attached images, so I'm not quite sure what you're asking for.

It would help with linked images. The image would not be stored. Here is the xenforo version
https://xenforo.com/community/resources/digital-point-image-proxy.2747/

You can disable the feature to save [IMG] images in tags.

Well I don't want to save every image to my server. I have a limit for upload images but a lot of users like to link gif's which can be 8MB in size. My site has over 2 million post so it makes a big difference.

It would help with linked images. The image would not be stored. Here is the xenforo version
https://xenforo.com/community/resources/digital-point-image-proxy.2747/

I see. That seems like it shouldn't be too difficult, except maybe the caching part (not that I'm promising to do it myself).

Edit: Actually, I might take a shot at this. If someone else intends to do it, please let me know so I don't waste effort.

I know it has become someone popular in the xenforo community since digitalpoint and theadminzone both use it. The images are the only thing I can think of that keeps vbulletin users from using SPDY. MaxCDN and CloudFlare both support it as well.

I am not sure how many people still ready this forum but I would install this in a heart beat.

Here is a good read as well where thethemefoundry switched to SPDY.
https://thethemefoundry.com/blog/why-we-dont-use-a-cdn-spdy-ssl/

Here is a good read as well where thethemefoundry switched to SPDY.
https://thethemefoundry.com/blog/why-we-dont-use-a-cdn-spdy-ssl/


That's interesting. I'm mostly a programmer so I don't understand it all, but it seems like those guys are saying they got better performance because SPDY eliminates the extra connection time by only requiring one SSL connection for everything. But it seems to me that if you use a proxy to get external content, then you've just moved that extra connection time from the browser to your server, so you may not see the gains. But I guess part of the idea is to have everything delivered via https?

I'd just move static content over to a CDN on spdy.

I believe there was little support for SPDY on CDN when thethemefoundry wrote that article. You would really want to do both.

Browsers only use 1 SPDY connection per host. The image proxy would basically eliminate mix content messages. This video is what I have found the best at explaining it. SPDY is basically HTTP 2.0.

SSL is basically needed to keep networks from blocking its traffic.

http://www.youtube.com/watch?v=WkLBrHW4NhQ

Sorry AndrewSimm, I never did get to this. Are you still looking for something like this?

It would be fairly trivial to setup your own server like nginx with spdy to serve content instead of trying to go though a proxy.

My understanding is that the OP wants to proxy other external content, so that it is all available via https. He said in a previous post that he doesn't want to save everything on his server. It seems to me that you'd at least need to rewrite the urls in IMG tags to make that work.

Ideally, you'd still want that proxy caching as much as it could, so it cuts down on its bandwidth.

Yeah, I'm far from an expert on that stuff, but I know there are caching proxy servers that exist, and it would probably be better to have a mod to rewrite the urls and point them to one of those than to hack together a proxy myself. But then, not everyone has the ability or desire to set that stuff up, and a script might be good enough for some sites (but it's certainly worth mentioning that using an existing server might be a better way to go - I'll wait to see what AndrewSimm has to say).

caching would be a plus. I am not sure how external images in bb code are cached now. Here is what I have created so far

proxy.php
<?php

$image = filter_var($_GET['url'], FILTER_SANITIZE_URL);

header('Content-Type: image/png');

if(isset($image)) {
echo file_get_contents($image);}

?>

bbcode_image_match hook

$retval = ($fullsize ? '<div class="size_fullsize">' : '') . '<img src="proxy.php?url=' . rawurlencode($link) . '" border="0" alt="" />' . ($fullsize ? '</div>' : '');


The above accomplishes having the image go through https as I have moved my DNS to cloudflare and have no mixed content warnings. I am not sure how the above would be cached and I am not sure how to prevent someone from using my proxy.php file as their own image proxy. Basically I only want vbulletin to be able to use this php file. I have tested it and I think it is safe from file inclusion but I could be wrong.

--------------- Added 1418889666 at 1418889666 ---------------

Here is an example
https://www.canesinsight.com/proxy.php?url=http://i.imgur.com/UxY5hpY.png

One thing I would like to fix is when someone goes back to edit the image in the img tags it shows the full link with the proxy.php. This could confuse some users so not sure how I can just have it use that in front of the image when the page is rendered but hidden when someone clicks to view the code to edit the img tag.

Oh, OK, so you mostly solved the problem yourself already?

Oh, OK, so you mostly solved the problem yourself already?

I have the proxy working so I guess so. I just have a few things to work out that I can't figure out.

I have the proxy working so I guess so. I just have a few things to work out that I can't figure out.

OK, then I may still try it if I get motivated. Implementing a proxy with caching seems interesting.

ETA: Also, that's pretty clever that you got it basically working with only a few lines of code. I was thinking about how to do it and obviously I was making things too complicated.

OK, then I may still try it if I get motivated. Implementing a proxy with caching seems interesting.

ETA: Also, that's pretty clever that you got it basically working with only a few lines of code. I was thinking about how to do it and obviously I was making things too complicated.

Might be clever, but I could cause a huge load on the server if I include big images. Easy to do a DoS attack like that.

Might be clever, but I could cause a huge load on the server if I include big images. Easy to do a DoS attack like that.

Yeah, I think we all agree that it has issues, that's why I said "basically working". I think it needs a few basic checks, like not rewriting the url if it's already using https.

My thoughts (and some of this comes from reading about the xenforo version that was linked earlier) was to try to keep the proxy script from having to read the database, or at least from loading the vbulletin stuff to check permissions. My thought was to generate a random "secret" and save it somewhere (a file, I guess, if not using the database). Then when rewriting the links, hash the secret with the url and add that as a parameter. That will at least allow the proxy script to check that the requested image is actually something someone posted. But with that scheme there's no way to 'delete' a link once it's out there.

As for someone hot linking, I guess that's the same issue as any other image you might be hosting.

Do you really think that this script represents a significantly greater opportunity for DoS attack over just requesting vbulletin pages? I guess a server normally doesn't use a lot of incoming bandwidth, so maybe that's a problem. maybe caching could solve that.

Let me know what problems you see and if you have any ideas for solving them.


Edit: I was thinking about this: If you have a proxy script like this on your server, I can post any url I want as an image src, and now I have a url that looks like it's coming from your server that delivers anything I want. I don't know how that could be used maliciously, but it sounds bad. Does anyone know more about that kind of stuff?

Here is what I changed the plugin too on bbcode_image_match. This detects https and does not use the proxy if the image is https. If the image is http then it does.


$url = parse_url($link);

if($url['scheme'] == 'https') {
$retval = ($fullsize ? '<div class="size_fullsize">' : '') . '<img src="' . $link .'" border="0" alt="" />' . ($fullsize ? '</div>' : '');
} else {
$retval = ($fullsize ? '<div class="size_fullsize">' : '') . '<img src="proxy.php?url=' . rawurlencode($link) .'" border="0" alt="" />' . ($fullsize ? '</div>' : '');
}


The 3 issues I have yet to figure out are:
- Detect filesize of a link so I could limit it.
- Prevent others from hotlinking the proxy image proxy and making it look as if I am hosting an image.
- cache

--------------- Added 1418979451 at 1418979451 ---------------

Well, as usual I never got around to working on this, but I just noticed this: https://vborg.vbsupport.ru/showthread.php?t=288060

oh wow I am not sure how I missed that. The only thing is I don't want to download the image to my server. I want the images to be externally linked to conserve space. It looks like this post in that mod shows how to do it.

https://vborg.vbsupport.ru/showpost.php?p=2397833&postcount=12

If the image is downloaded to the server why would it need to go through a proxy?

I wonder if it could be cached without being downloaded?

thank you for finding this.

Would there be an advantage to using curl?

Well, I think it downloads it to cache it, but it doesn't look like there's any security or any limiting of cache size, so I guess there's no difference bewteen that and downloading them all to your server. And if you use the code in the post that eliminated the cache, thne I guess you're pretty much back to what you have.

I don't know that curl is any better. I guess it's a little easier to set headers and manage any errors that might happen, but if what you have is working for you, then it doesn't matter.

I don't see why you wouldn't just cache images for some period of time, it'd save you a ton of bandwidth.

I don't see why you wouldn't just cache images for some period of time, it'd save you a ton of bandwidth.

That would be ideal. I am not sure if the mod linked does that. Also if they are cached on the server there would be no need to run them through an image proxy.

Can anyone make an ImageProxy Product which works as fine as on forums like bitcointalk.org? I would even pay for it.