IMG Cacher - SSL Keeper - Mixed Content Block Solution
Mod Version: 2.2, by MegaManSec
| vB Version: 4.1.x | Rating:  (10 votes - 5.00 average) |
Installs: 96 |
| Released: 20 Sep 2012 | Last Update: 31 Oct 2013 | Downloads: 506 |
 Not Supported
 Uses Plugins
Template Edits
Additional Files
Re-usable Code
Translations
External Content
|
||
Pretty much you use this when you want to keep the SSL certificete working on pages that people may use [IMG] tag's without https://.
When you use SSL on your forum, and somebody embeds an image from a non-ssl host, lots of browsers will give you a warning and say the website is unsafe ---this is a solution to that problem.
Specifically, Mozilla has a 'Mixed Content Blocker', which makes it so if you are on an https:// website, it won't load any content on the same domain, using http://.
NOTE: MAKE SURE THE .HTACCESS FILE IN cache-img/ IS WORKING!
Upload the files into your root directory, and that's it.
Then you need to create a plugin (admincp -> plugins & products -> add new plugin)
Hook location: bbcode_img_match
Title: SSL IMG Cacher
Execution order: 5
Plugin PHP Code:
Plugin is active: Yes
edit "[LINK_TO_YOUR_WEBSITE]" - Without http, example: http://www.dragonbyte-tech.com or http://www.internot.info etc. etc.
Then you are done.
It should be secure as the actual directory for the images is not available.(deny from all in htaccess)
I would also suggest adding this to robots.txt
Also I suggest you add something like this to .htaccess:
======
I only give support to people who have pressed 'installed' this.
======
Source&stuff can be found here: https://github.com/MegaManSec/IMG
For vB3.8 solution, go here:
(Thanks to Kh99)
When you use SSL on your forum, and somebody embeds an image from a non-ssl host, lots of browsers will give you a warning and say the website is unsafe ---this is a solution to that problem.
Specifically, Mozilla has a 'Mixed Content Blocker', which makes it so if you are on an https:// website, it won't load any content on the same domain, using http://.
NOTE: MAKE SURE THE .HTACCESS FILE IN cache-img/ IS WORKING!
Upload the files into your root directory, and that's it.
Then you need to create a plugin (admincp -> plugins & products -> add new plugin)
Hook location: bbcode_img_match
Title: SSL IMG Cacher
Execution order: 5
Plugin PHP Code:
Code:
$link_parsed = parse_url($link);
if ($link_parsed['host'] != '[LINK_TO_YOUR_WEBSITE]')
{
$link = $this->registry->options['bburl'] . '/cache.php?img=' . urlencode($link);
$retval = ($fullsize ? '<div class="size_fullsize">' : '') . '<img src="' . $link . '" border="0" alt="" />' . ($fullsize ? '</div>' : '');
}
edit "[LINK_TO_YOUR_WEBSITE]" - Without http, example: http://www.dragonbyte-tech.com or http://www.internot.info etc. etc.
Then you are done.
It should be secure as the actual directory for the images is not available.(deny from all in htaccess)
I would also suggest adding this to robots.txt
Code:
User-agent: * Disallow: /cache.php
Code:
<FilesMatch "cache\.php$"> Header set Cache-Control "max-age=86400, public" </FilesMatch>
I only give support to people who have pressed 'installed' this.
======
Source&stuff can be found here: https://github.com/MegaManSec/IMG
For vB3.8 solution, go here:
Spoiler (click to open)
I want add this to vb3.8 but...
IMG Cacher - SSL Keeper - Mixed Content Block Solution
this is for vb4 and vb3.8 have no Hook Location "bbcode_img_match"
Is there any other Hook Location i can use ?
IMG Cacher - SSL Keeper - Mixed Content Block Solution
this is for vb4 and vb3.8 have no Hook Location "bbcode_img_match"
Is there any other Hook Location i can use ?
Close
Download
IMG.zip (8.6 KB, 538 downloads)