Re: SMF 2.0.15 proxy.php

[epikurieu]

Hi, I have the same problem of images not showing on my forum after installing an SSL certificate.
I read quite extensively all threads on the subject and tried all solutions and patches that were submitted, but none of them worked.
So I switched back to the file included in 2.0.15 upgrade pack, and disabled image proxy until I find a solution.

The forum is here : https://www.neuronesconnection.fr/

Here is an example of an url that is called when the image proxy is enabled : https://www.neuronesconnection.fr/proxy.php?request=http%3A%2F%2Fwww.neuronesconnection.fr%2Fimages%2Fjeux%2Fcine%2F060.jpg&hash=30312a1598c442c739750f80b1d43464
It seems to be an encoding issue, am I wrong ?

[tinoest]

Encoding is fine, I think its more likely it's requesting it against your own site.

You need to change your own site to be https, not just the forum.

The url you posted was; https://www.neuronesconnection.fr/images/jeux/cine/060.jpg I believe.

[epikurieu]

What do you mean by "requesting it against my own site" ? (Sorry, I'm French.)

There's nothing else on my (shared) hosting, the forum is at the root.

What I see now is that there's no "S" after the "http" in the request : is that part of the problem ?

[epikurieu]

By the way, the problem occurs with images posted before the transition (with an uploading tool, directly on the server), or images that are/will be hosted elsewhere by the users, on non-https sites.

So with the url you give it's fine, but it's not that one that was used on the original post. (I hope what I'm saying makes sense to you.)

[tinoest]

By the way, the problem occurs with images posted before the transition (with an uploading tool, directly on the server), or images that are/will be hosted elsewhere by the users, on non-https sites.

So with the url you give it's fine, but it's not that one that was used on the original post. (I hope what I'm saying makes sense to you.)

I mean that the link you tried to proxy was to the same url as your website. Which then redirected you to the https version.

I would try and update all those links to https. I'm not sure if SMF has a way to up date existing posts to https from http mind.

The ones on other sites should be fixed by the changing the code as mentioned here https://www.simplemachines.org/community/index.php?topic=553914.msg3926081#msg3926081

[epikurieu]

OK then, the proxy is only meant for images hosted on other websites? I could have tried for a long time without success, I didn't understand correctly its purpose!

Thanks, I'll try the fix you mention.

[epikurieu]

Nope... it doesn't work.

I tried posting this image : http://www.lapassiondubois.com/images/stories/enfance/p1030429.jpg
and the proxied url is : https://www.neuronesconnection.fr/proxy.php?request=http%3A%2F%2Fwww.lapassiondubois.com%2Fimages%2Fstories%2Fenfance%2Fp1030429.jpg&hash=eb46916ea6990c63586ce204f68dda3a

Proxy is enabled (of course), max cache size is 5190 Ko. Should the secret code be changed?

[tinoest]

Just to confirm the url is this; http://www.lapassiondubois.com/images/stories/enfance/p1030429.jpg

Does the image show on the second load of the page?

Just checked this and making the change to

Code Select Expand

                return file_put_contents($dest, json_encode(array(
                        'content_type' => $headers['content-type'],
                        'size' => $response['size'],
                        'time' => time(),
                        'body' => base64_encode($response['body']),
                ))) === false ? false : true;

fixes the issue for me with that image you linked to.

[epikurieu]

Yes the url is right.

The image never shows (as long as the proxy is enabled), even after CTRL + F5.

Just to be sure: those lines of code are supposed to be on the file proxy.php, at the root of the forum, right? Nearly at the end of the file, ~line 192?

The file in the 2.0.15 upgrade pack has this, it didn't work; so I tried to put back the file I had until I changed to https, and modified the lines like said => still not working...

[tinoest]

Mine looks like the attached.

I checked it with the image you put on here and it worked ok. Settings were the same as you mentioned.

[butch2k]

Did you u use my proxy code or the default one ? Try mine, not sure it'll corect your issues but its error handling is better than the one on the original file.

[epikurieu]

Did you u use my proxy code or the default one ? Try mine, not sure it'll corect your issues but its error handling is better than the one on the original file.

I think I used every single version that was posted! Are you talking about this one: https://www.simplemachines.org/community/index.php?topic=558395.msg3958115#msg3958115 ?
I also tried it, yes.

Mine looks like the attached.

I checked it with the image you put on here and it worked ok. Settings were the same as you mentioned.

Still not working with your file.

Could it be some setting in the php configuration of the hosting? Something in my .htaccess? A conflict with a mod? The configuration of the cache (in /area=serversettings;sa=cache - Mine is on "level 1")?

[epikurieu]

I noticed that when I edit a message in which I posted an image with a simple url (like http://www.lapassiondubois.com/images/stories/enfance/p1030429.jpg), the url is now the proxied one. Is that the expected behavior?

[tinoest]

Could it be some setting in the php configuration of the hosting? Something in my .htaccess? A conflict with a mod? The configuration of the cache (in /area=serversettings;sa=cache - Mine is on "level 1")?

Mine is also Level 1, can you provide a link to a thread with a image in it?

I think your proxy is not returning the data type for some reason so the browser can't render it.

Actually try the attached file, it might work...

[epikurieu]

On this thread there are images that show because they are https (located on another server), and some that don't: all http, some on my server, some on other ones.
https://www.neuronesconnection.fr/cinema/cine-en-images/

Unfortunately, your file didn't fix it either.

Anything to do with pretty urls ?

[butch2k]

proxy.php is doing its job correctly, sending back the file.
At one point it checks the content_type and exit if it's not an image, so we can be pretty sure the data as seen by the proxy script is an image and the proper content type is sent back yet...

Code Select Expand

$contentParts = explode('/', !empty($cached['content_type']) ? $cached['content_type'] : '');
if ($contentParts[0] != 'image')
exit;

header('Content-type: ' . $cached['content_type']);

... the response header content-type is "content-type:text/html; charset=UTF-8", so my 2 cents is that there is some kind of header override at one point which basically says "if file is .php then content type is text/html".

Could you check your apache configuration ?

[epikurieu]

I'm on a shared hosting so I don't know how to access that information (if I can at all).

Here is the phpinfo: https://www.neuronesconnection.fr/phpinfo.php and a screenshot of the php.ini is attached. I use php 5.6.

[albertlast]

Well you could try to remove the header from the webserver before you set the from proxy:

Code Select Expand


header_remove('content-type');

Should be placed in front of the line where the content-type is set by proxy.php

[butch2k]

Unfortunately the content-type is most likely added by the webserver at the time the request is sent back to the client, so it probably won't work. 

Check for existence of an .htaccess file a the root of your website.

[albertlast]

When this not help,
maybe he should try to match the same case like the webserver does.
proxy does Content-type
webserver does content-type
when he match the same case maybe the webserver doesn't try to add a different one.

[epikurieu]

No, adding the code didn't work (lowcase or uppercase). I added it line 129 of the file posted by tinoest, before

Code Select Expand

header('Content-type: ' . $cached['content_type']);

I have an .htaccess at the root, here's its content :

Code Select Expand

# PRETTYURLS MOD BEGINS
# Pretty URLs mod
# http://code.google.com/p/prettyurls/
# .htaccess file generated automatically on: January 17, 2015, 15:24

RewriteEngine on
RewriteBase /

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# Rules for: actions
RewriteRule ^(activate|admin|announce|attachapprove|buddy|calendar|clock|collapse)/?$ ./index.php?pretty;action=$1 [L,QSA]
RewriteRule ^(coppa|credits|deletemsg|display|dlattach|editpoll|editpoll2|emailuser)/?$ ./index.php?pretty;action=$1 [L,QSA]
RewriteRule ^(findmember|groups|help|helpadmin|im|jseditor|jsmodify|jsoption)/?$ ./index.php?pretty;action=$1 [L,QSA]
RewriteRule ^(lock|lockvoting|login|login2|logout|markasread|mergetopics|mlist)/?$ ./index.php?pretty;action=$1 [L,QSA]
RewriteRule ^(moderate|modifycat|modifykarma|movetopic|movetopic2|notify|notifyboard|openidreturn)/?$ ./index.php?pretty;action=$1 [L,QSA]
RewriteRule ^(pm|post|post2|printpage|profile|quotefast|quickmod|quickmod2)/?$ ./index.php?pretty;action=$1 [L,QSA]
RewriteRule ^(recent|register|register2|reminder|removepoll|removetopic2|reporttm|requestmembers)/?$ ./index.php?pretty;action=$1 [L,QSA]
RewriteRule ^(restoretopic|search|search2|sendtopic|smstats|suggest|spellcheck|splittopics)/?$ ./index.php?pretty;action=$1 [L,QSA]
RewriteRule ^(stats|sticky|theme|trackip|about:mozilla|about:unknown|unread|unreadreplies)/?$ ./index.php?pretty;action=$1 [L,QSA]
RewriteRule ^(verificationcode|viewprofile|vote|viewquery|viewsmfile|who|\.xml|xmlhttp)/?$ ./index.php?pretty;action=$1 [L,QSA]

# Rules for: boards
RewriteRule ^([-_!~*'()$a-zA-Z0-9]+)/?$ ./index.php?pretty;board=$1.0 [L,QSA]
RewriteRule ^([-_!~*'()$a-zA-Z0-9]+)/([0-9]*)/?$ ./index.php?pretty;board=$1.$2 [L,QSA]

# Rules for: topics
RewriteRule ^([-_!~*'()$a-zA-Z0-9]+)/([-_!~*'()$a-zA-Z0-9]+)/?$ ./index.php?pretty;board=$1;topic=$2.0 [L,QSA]
RewriteRule ^([-_!~*'()$a-zA-Z0-9]+)/([-_!~*'()$a-zA-Z0-9]+)/([0-9]*|msg[0-9]*|new)/?$ ./index.php?pretty;board=$1;topic=$2.$3 [L,QSA]

# PRETTYURLS MOD ENDS

[tinoest]

You want to change the content type not add a additional one.

So in that header it would become content-type, I'd also try Content-Type as well.

[epikurieu]

I'm not quite sure I understand; you mean I should try uppercase for the "type" as well? Like this?

Code Select Expand

// Make sure we're serving an image
$contentParts = explode('/', !empty($cached['content_type']) ? $cached['content_type'] : '');
if ($contentParts[0] != 'image')
exit;

header_remove('Content-Type');
header('Content-type: ' . $cached['content_type']);
header('Content-length: ' . $cached['size']);
echo base64_decode($cached['body']);
}

I tried, it still doesn't work...

[butch2k]

could you try adding:

Code Select Expand

header('Cache-Control:no-cache, no-store, must-revalidate');
after the previous headers(...)

It would prevent any proxy from caching the image, it might solve the issue if there is a wrongly configured proxy in front of your webserver.

[epikurieu]

You mean like that? (Sorry, I don't code, so I don't want to mess up!)

Code Select Expand

header_remove('Content-type');
header('Content-type: ' . $cached['content_type']);
header('Content-length: ' . $cached['size']);
header('Cache-Control:no-cache, no-store, must-revalidate');
echo base64_decode($cached['body']);

It didn't work either.

[albertlast]

I would like to point out that header_remove('content-type'); is case sensitiv,
so when the server sends content-type, than should be try to removed in the same format.

[epikurieu]

Yes, I tried 3 combinations: content-type, Content-type and Content-Type. I didn't try content-Type, which doesn't seem to make sense for me!

[epikurieu]

So there's no solution for me? Anything I can add to the .htaccess or .phpini?

[tinoest]

You mean like that?

Not quite, like the below;

Code Select Expand


header('Content-Type: ' . $cached['content_type']);
header('Content-Length: ' . $cached['size']);
header('Cache-Control:no-cache, no-store, must-revalidate');
echo base64_decode($cached['body']);

[epikurieu]

Still not working...

[shawnb61]

Can you tell if you are getting a 404?

To do so in Chrome:
Right-click on a post with a broken link...
The select Inspect...
Then click on the tiny red circle with a # in it...(upper right)
You'll see the list of errors in red towards the bottom.  That should tell you the real issue.


Your sample failed image works fine for me on a vanilla 2.0.15 install.   No tweaks needed.
You may need to consider disabling the proxy until this is resolved.

[epikurieu]

I have no red circle but an exclamation mark in a yellow triangle, is that the right place? The Console tab? So there's no error here, only 3 warnings:

The SSL certificate used to load resources from https://www.neuronesconnection.fr will be distrusted in M70. Once distrusted, users will be prevented from loading these resources. See https://g.co/chrome/symantecpkicerts for more information.
2www.neuronesconnection.fr/:1912 A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/1.9.0/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
(anonymous) @ (index):1912
jquery-migrate-1.0.0.js:29 JQMIGRATE: jQuery.fn.live() is deprecated
migrateWarn @ jquery-migrate-1.0.0.js:29

[vbgamer45]

Seems ok for me when I view in chrome/firefox is it a specific page.?   The "The SSL certificate used to load resources" you will need to get a new cert to fix that. Symantec SSL's will be distrusted soon.

[epikurieu]

It was on an access-restricted page (admin section) of the forum; but I get the same on a public page with non-showing images (in the last post: https://www.neuronesconnection.fr/cinema/cine-en-images/

The certificate is a free one that comes with the hosting; I assume the hoster will change by then...

[tinoest]

Not sure if you're still here, can you install the attached and then disable the SMF image Proxy and let me know the results?

It uses a Externally Hosted Image Proxy but won't work if the SMF one is enabled. If it does work I'll tidy it up a bit.

[shawnb61]

All -

An update here.  epikurieu & I have been trying a # of things offline over the last few weeks to see if we can address this. 

The bottom line is that at this point I don't think epikurieu's issue is tied to the SMF Image Proxy code, my theory is that this issue is tied to his host's Apache configuration. 

Note that for epikurieu, **ALL** http images are affected.  This isn't a problem with one or two images, it is a problem with all http:// images served up by the proxy.  https:// images are fine.  We've confirmed & looked at the detailed headers for these pictures, and they are being served up from their respective hosts appropriately, and properly assigned content-type & length, proper response codes, etc., etc. 

But if you look at the headers for these images as delivered by his forum via the proxy, you'll see that all of the content-types are wrong, they've all been overridden with "content-type:text/html; charset=UTF-8".  They are not being served up as images.

What would take the content-type & overwrite it for *ALL* of a certain class of images?  My theory is that either a modsecurity or mime_mod or similar directive is looking at the proxy URLs and translating the content-type.  E.g., maybe it requires the image URL to end in .jpg or .gif, etc. 

epikurieu has reached out to his host.  No luck thus far.  I asked him to escalate beyond tier 1 support...

If he can't get any further with his host, he may need to evaluate an external proxy such as the one provided by tinoest above. 

Shawn


FYI - Among other things we looked at, we used this tool to see exactly what the host server was providing to his forum for the image.  Others may find this helpful:
https://github.com/sbulen/sjrbTools/blob/master/SMF_Img_Proxy_Diag.php

[epikurieu]

Sorry, I was a little lazy about this issue lately.

I just saw tinoest's message, so I installed your tool and... it works! Thanks a lot for your time and energy!

Do you still want me to contact again my host? I must confess that I don't really believe I can get a better response, but if you want, I'll try.

[epikurieu]

I marked the topic as solved for now; let me know if you need me to do something more. And thanks again!

[shawnb61]

We believe these proxy issues (not due to host config) were all fixed in 2.0.16.