Go Back   vb.org Archive > vBulletin Modifications > vBulletin 4.x Modifications > vBulletin 4.x Add-ons

Reply
 
Thread Tools
IMG Cacher - SSL Keeper - Mixed Content Block Solution Details »»
IMG Cacher - SSL Keeper - Mixed Content Block Solution
Version: 2.2, by MegaManSec MegaManSec is offline
Developer Last Online: Dec 2016 Show Printable Version Email this Page

Category: Mini Mods - Version: 4.1.x Rating:
Released: 09-19-2012 Last Update: 10-29-2013 Installs: 96
Uses Plugins Template Edits
Re-useable Code Additional Files Translations  
No support by the author.

Pretty much you use this when you want to keep the SSL certificete working on pages that people may use [IMG] tag's without https://.

When you use SSL on your forum, and somebody embeds an image from a non-ssl host, lots of browsers will give you a warning and say the website is unsafe ---this is a solution to that problem.

Specifically, Mozilla has a 'Mixed Content Blocker', which makes it so if you are on an https:// website, it won't load any content on the same domain, using http://.



NOTE: MAKE SURE THE .HTACCESS FILE IN cache-img/ IS WORKING!



Upload the files into your root directory, and that's it.

Then you need to create a plugin (admincp -> plugins & products -> add new plugin)
Hook location: bbcode_img_match
Title: SSL IMG Cacher
Execution order: 5
Plugin PHP Code:
Code:
$link_parsed = parse_url($link);
if ($link_parsed['host'] != '[LINK_TO_YOUR_WEBSITE]')
{
 $link = $this->registry->options['bburl'] . '/cache.php?img=' . urlencode($link);
 $retval = ($fullsize ? '<div class="size_fullsize">' : '')  . '<img src="' .  $link . '" border="0" alt="" />' . ($fullsize ? '</div>' : '');
}
Plugin is active: Yes


edit "[LINK_TO_YOUR_WEBSITE]" - Without http, example: www.dragonbyte-tech.com or www.internot.info etc. etc.

Then you are done.

It should be secure as the actual directory for the images is not available.(deny from all in htaccess)


I would also suggest adding this to robots.txt
Code:
User-agent: *
Disallow: /cache.php
Also I suggest you add something like this to .htaccess:
Code:
<FilesMatch "cache\.php$">
Header set Cache-Control "max-age=86400, public"
</FilesMatch>
======
I only give support to people who have pressed 'installed' this.
======


Source&stuff can be found here: https://github.com/MegaManSec/IMG

For vB3.8 solution, go here: https://vborg.vbsupport.ru/showthrea...75#post2411575 (Thanks to Kh99)

Download Now

File Type: zip IMG.zip (8.6 KB, 536 views)

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.
4 благодарности(ей) от:
Andreasmax, Duke49th, seb5594, VBFguy

Comments
  #62  
Old 10-23-2017, 04:52 PM
djbaxter djbaxter is offline
 
Join Date: Aug 2006
Location: Ottawa, Canada
Posts: 2,601
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Start by trying to determine what is causing the mixed content flags: It may be scripts or advertising (including AdSense) as well as images. Test your site here:

Why No Padlock? - Why is my SSL web page insecure? Find the culprit!

SSL-check: crawl your HTTPS website and find unsecure content

Website Scanner

Address any errors you see there. Sometimes, just replacing http:// with simply // will do the trick in scripts and plugins.

Also, even if it's only images, you won't see an immediate result. You'll need to allow some time to scan all your images - and that may take a while if you have a lot of them.

Are you seeing any entries in the cache-img folder?
Reply With Quote
Благодарность от:
BGObsession
  #63  
Old 10-23-2017, 04:56 PM
BGObsession's Avatar
BGObsession BGObsession is offline
 
Join Date: Apr 2009
Posts: 199
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I'll take a look at those resources.

No - I'm not seeing anything in the cache-img folder except for the .htaccess file so far...
Reply With Quote
  #64  
Old 10-23-2017, 04:56 PM
Dave Dave is offline
 
Join Date: May 2010
Posts: 2,583
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

That's because you still have a lot of resources that are served over HTTP, things that this plugin doesn't take care of.

Example:
Mixed Content: The page at 'https://www.bgobsession.com/content.php/1079-Blognostications-Week-7-Redskins-at-Eagles-Edition' was loaded over HTTPS, but requested an insecure image 'http://bgobsession.com/images/smilies/smile.png'. This content should also be served over HTTPS.

Mixed Content: The page at 'https://www.bgobsession.com/forum.php?home=1' was loaded over HTTPS, but requested an insecure image 'http://bgobsession.com/images/icons/icon1.png'.

In the AdminCP under Styles & Templates, create a replacement rule of:
http://www.bgobsession.com to https://www.bgobsession.com
Reply With Quote
  #65  
Old 10-23-2017, 05:01 PM
BGObsession's Avatar
BGObsession BGObsession is offline
 
Join Date: Apr 2009
Posts: 199
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

So - ran my site's homepage on the first tool. Here's what I get... So why would I still be getting the mixed content warning?
Attached Images
File Type: jpg scanresults.jpg (50.7 KB, 0 views)
Reply With Quote
  #66  
Old 10-23-2017, 05:14 PM
BGObsession's Avatar
BGObsession BGObsession is offline
 
Join Date: Apr 2009
Posts: 199
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The replacement variable addition fixed a lot of it - thanks so much dj (should've thought of that myself!).

Have a few image links that are still showing up insecure on my forums page.

Total number of items: 133
Number of insecure items: 2
Insecure URL: http://bgobsession.com/images/icons/icon1.png
Found in: https://www.bgobsession.com/forum.php?home=1

Insecure URL: http://bgobsession.com/images/icons/icon4.png
Found in: https://www.bgobsession.com/forum.php?home=1

Not to be dense, but where do I change the image urls for forum page icons?
Reply With Quote
  #67  
Old 10-23-2017, 05:16 PM
Dave Dave is offline
 
Join Date: May 2010
Posts: 2,583
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Try making another replacement rule of:
http://bgobsession.com to https://www.bgobsession.com
Reply With Quote
Благодарность от:
BGObsession
  #68  
Old 10-23-2017, 05:26 PM
BGObsession's Avatar
BGObsession BGObsession is offline
 
Join Date: Apr 2009
Posts: 199
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

That did it - thanks so much!
Reply With Quote
  #69  
Old 01-22-2018, 12:42 PM
Dave-ahfb Dave-ahfb is offline
 
Join Date: Mar 2002
Posts: 117
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I am having issues with the fulls size image going 404 while the thumbnail works fine.

An example may be viewed at https://www.websleuths.com/forums/sh...mage-not-found

-or-



Of course the thumbnail calls the image as an attachment, the 404'd full size image is called from
Code:
https://www.websleuths.com/forums/cache.php?img=https%3A%2F%2Fwww.websleuths.com%2Fforums%2Fattachment.php%3Fattachmentid%3D129050%26amp%3Bstc%3D1
My plugin is active using hook bbcode_img_match and is 5th in execution, the plugin code is
Code:
$link_parsed = parse_url($link); 
if ($link_parsed['host'] != '[www.websleuths.com]') 
{ 
 $link = $this->registry->options['bburl'] . '/cache.php?img=' . urlencode($link); 
 $retval = ($fullsize ? '<div class="size_fullsize">' : '')  . '<img src="' .  $link . '" border="0" alt="" />' . ($fullsize ? '</div>' : ''); 
}

Any ideas?
Reply With Quote
  #70  
Old 01-22-2018, 02:00 PM
Dave Dave is offline
 
Join Date: May 2010
Posts: 2,583
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

[www.websleuths.com] should be changed to www.websleuths.com in the hook PHP code.
Reply With Quote
  #71  
Old 01-22-2018, 02:08 PM
Dave-ahfb Dave-ahfb is offline
 
Join Date: Mar 2002
Posts: 117
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thank you.
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:58 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.09600 seconds
  • Memory Usage 2,335KB
  • Queries Executed 26 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (5)bbcode_code
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (11)post_thanks_box
  • (6)post_thanks_box_bit
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (3)post_thanks_postbit
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (2)postbit_attachment
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete