Mini Mods - IMG Cacher - SSL Keeper - Mixed Content Block Solution

Pretty much you use this when you want to keep the SSL certificete working on pages that people may use [IMG] tag's without https://.

When you use SSL on your forum, and somebody embeds an image from a non-ssl host, lots of browsers will give you a warning and say the website is unsafe ---this is a solution to that problem.

Specifically, Mozilla has a 'Mixed Content Blocker', which makes it so if you are on an https:// website, it won't load any content on the same domain, using http://.



NOTE: MAKE SURE THE .HTACCESS FILE IN cache-img/ IS WORKING!



Upload the files into your root directory, and that's it.

Then you need to create a plugin (admincp -> plugins & products -> add new plugin)
Hook location: bbcode_img_match
Title: SSL IMG Cacher
Execution order: 5
Plugin PHP Code:

Code:

$link_parsed = parse_url($link);
if ($link_parsed['host'] != '[LINK_TO_YOUR_WEBSITE]')
{
 $link = $this->registry->options['bburl'] . '/cache.php?img=' . urlencode($link);
 $retval = ($fullsize ? '<div class="size_fullsize">' : '')  . '<img src="' .  $link . '" border="0" alt="" />' . ($fullsize ? '</div>' : '');
}

Plugin is active: Yes


edit "[LINK_TO_YOUR_WEBSITE]" - Without http, example: www.dragonbyte-tech.com or www.internot.info etc. etc.

Then you are done.

It should be secure as the actual directory for the images is not available.(deny from all in htaccess)


I would also suggest adding this to robots.txt

Code:

User-agent: *
Disallow: /cache.php

Also I suggest you add something like this to .htaccess:

Code:

<FilesMatch "cache\.php$">
Header set Cache-Control "max-age=86400, public"
</FilesMatch>

======
I only give support to people who have pressed 'installed' this.
======


Source&stuff can be found here: https://github.com/MegaManSec/IMG

For vB3.8 solution, go here: https://vborg.vbsupport.ru/showthrea...75#post2411575 (Thanks to Kh99)

[djbaxter]

Start by trying to determine what is causing the mixed content flags: It may be scripts or advertising (including AdSense) as well as images. Test your site here:

Why No Padlock? - Why is my SSL web page insecure? Find the culprit!

SSL-check: crawl your HTTPS website and find unsecure content

Website Scanner

Address any errors you see there. Sometimes, just replacing http:// with simply // will do the trick in scripts and plugins.

Also, even if it's only images, you won't see an immediate result. You'll need to allow some time to scan all your images - and that may take a while if you have a lot of them.

Are you seeing any entries in the cache-img folder?

[BGObsession]

I'll take a look at those resources.

No - I'm not seeing anything in the cache-img folder except for the .htaccess file so far...

[Dave]

That's because you still have a lot of resources that are served over HTTP, things that this plugin doesn't take care of.

Example:
Mixed Content: The page at 'https://www.bgobsession.com/content.php/1079-Blognostications-Week-7-Redskins-at-Eagles-Edition' was loaded over HTTPS, but requested an insecure image 'http://bgobsession.com/images/smilies/smile.png'. This content should also be served over HTTPS.

Mixed Content: The page at 'https://www.bgobsession.com/forum.php?home=1' was loaded over HTTPS, but requested an insecure image 'http://bgobsession.com/images/icons/icon1.png'.

In the AdminCP under Styles & Templates, create a replacement rule of:
http://www.bgobsession.com to https://www.bgobsession.com

[BGObsession]

So - ran my site's homepage on the first tool. Here's what I get... So why would I still be getting the mixed content warning?

[BGObsession]

The replacement variable addition fixed a lot of it - thanks so much dj (should've thought of that myself!).

Have a few image links that are still showing up insecure on my forums page.

Total number of items: 133
Number of insecure items: 2
Insecure URL: http://bgobsession.com/images/icons/icon1.png
Found in: https://www.bgobsession.com/forum.php?home=1

Insecure URL: http://bgobsession.com/images/icons/icon4.png
Found in: https://www.bgobsession.com/forum.php?home=1

Not to be dense, but where do I change the image urls for forum page icons?

[Dave]

Try making another replacement rule of:
http://bgobsession.com to https://www.bgobsession.com

[BGObsession]

That did it - thanks so much!

[Dave-ahfb]

I am having issues with the fulls size image going 404 while the thumbnail works fine.

An example may be viewed at https://www.websleuths.com/forums/sh...mage-not-found

-or-



Of course the thumbnail calls the image as an attachment, the 404'd full size image is called from

Code:

https://www.websleuths.com/forums/cache.php?img=https%3A%2F%2Fwww.websleuths.com%2Fforums%2Fattachment.php%3Fattachmentid%3D129050%26amp%3Bstc%3D1

My plugin is active using hook bbcode_img_match and is 5th in execution, the plugin code is

Code:

$link_parsed = parse_url($link); 
if ($link_parsed['host'] != '[www.websleuths.com]') 
{ 
 $link = $this->registry->options['bburl'] . '/cache.php?img=' . urlencode($link); 
 $retval = ($fullsize ? '<div class="size_fullsize">' : '')  . '<img src="' .  $link . '" border="0" alt="" />' . ($fullsize ? '</div>' : ''); 
}

Any ideas?

[Dave]

[www.websleuths.com] should be changed to www.websleuths.com in the hook PHP code.

[Dave-ahfb]

Thank you.