New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
is it me or did I just notice an unthank button in mobile view
Refresh the page
Brain fart
I don't mean to be a negative Nancy here, but my $4.99 SSL certificate from @miTgiB doesn't give me a 'Not Secure' notice.
Then again, it's probably not been configured properly on LowEndTalk.
Are sure it's not just because you're on a page with images being served unencrypted (like this one)?
Aye, it's that. We'll get there. One step closer
camo is easy to setup, but maybe [hard] to implement specially on random cms (vanilla). But it's possible
using external image proxy (images.weserv.nl) works wrap https-ing img scr let proxy wink
Pingdom http://tools.pingdom.com/fpt/#!/dMery0/https://www.lowendtalk.com always gives a nice report of what's loaded on a page.
Unfortunately, for 200 calls on the home page, I won't search for http calls.
You probably configured HSTS properly, baby steps, the login page is now properly secured, what else matters?
Session hijacking, is pretty much the same as having a user/pass.
This comment has made the browser of my Samsung Smart TV go nuts.
@sysadmin: the file 'sprites-14-000.png' is loaded twice, once from cdn.vanillaforums.com and once locally. If you can fix that the SSL warning will go away.
It's the Sprites plugin causing this, as it has the URL hard-coded: https://github.com/vanilla/addons/blob/7665df562e5d3c26fde36098852cc886a3090c0f/plugins/Sprites/design/sprites.css line 123. Replace that with a local URL (relative one to be sure) and we all get a nice green lock in our browser.
or, just don't
:P
Oh that's why there's a mixed content warning. Thanks Maarten!
Isn't it impossible to get a padlock if you allow random asses like me to paste in any random animated gif URL?
Speaking of random asses...I made sure this one is encrypted:
Not if we use an image proxy that serves it over HTTPS.
That, or just filter out any unprotected content.
Okay, that is just sick.
That's what I currently use for my site: https://github.com/willnorris/imageproxy
Pretty easy to configure and you don't have to implement something fancy because the url looks like this: https://imageproxy.com/originalurl
You would only have to edit the code for the bbcode parser in vanilla to make this work.
That would cause unnecessary confusion, especially to newcomers.
How do you avoid IP leaking with a reverse proxy? Seems like neither solution is ideal.
That are some magic tactics only a Industry Leader in DDoS Protection knows, sadly we didn't got one here....
The only proper way imageproxy is using camo, where you can filter reject blacklist etc tldr: total control.
easy to setup but complicated to implement ;p
What have newbies ever done for us? Fuck'em I say.
You don't host the imageproxy on the same server as LET, so if someone decides to attack he only attacks the imageproxy.
Of course, but I was aiming for no disruption, including the image proxy
If you only host static content, layer7 attacks will not harm you. Let's say you use CloudFlare and edge-cache, then even if the server behind it is down, the edge cache will still deliver all cached images to the users.
Get a provider with strong L4-protection and you should be fine. Or get a provider with any form of ddos-protection and don't care about the server being down because the edge-cache will still serve the files.
Dammit, now I'm actually annoyed at the LET change.
When I'm traveling, there's hotel and airport wifis and they require you to connect wifi and then accept their silly terms in your browser. Standard stuff, but all those systems I've ever used require you to browse to an http site and then they intercept with terms. If you browse to https it just says couldn't connect.
What was my go-to site that I knew never would have https? LET.
Now I had to find another site. I'm pissed. I want a refund.
i use cnn.com
There are simple ways to get around that.
[edit]
I should read all three pages before replying. Basically what @rokok said, yes.
Nginx proxy works?