News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

Re: SMF 2.0.15 proxy.php

Started by epikurieu, February 23, 2018, 10:10:21 AM

Previous topic - Next topic

epikurieu

No, adding the code didn't work (lowcase or uppercase). I added it line 129 of the file posted by tinoest, before header('Content-type: ' . $cached['content_type']);

I have an .htaccess at the root, here's its content :
# PRETTYURLS MOD BEGINS
# Pretty URLs mod
# http://code.google.com/p/prettyurls/
# .htaccess file generated automatically on: January 17, 2015, 15:24

RewriteEngine on
RewriteBase /

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# Rules for: actions
RewriteRule ^(activate|admin|announce|attachapprove|buddy|calendar|clock|collapse)/?$ ./index.php?pretty;action=$1 [L,QSA]
RewriteRule ^(coppa|credits|deletemsg|display|dlattach|editpoll|editpoll2|emailuser)/?$ ./index.php?pretty;action=$1 [L,QSA]
RewriteRule ^(findmember|groups|help|helpadmin|im|jseditor|jsmodify|jsoption)/?$ ./index.php?pretty;action=$1 [L,QSA]
RewriteRule ^(lock|lockvoting|login|login2|logout|markasread|mergetopics|mlist)/?$ ./index.php?pretty;action=$1 [L,QSA]
RewriteRule ^(moderate|modifycat|modifykarma|movetopic|movetopic2|notify|notifyboard|openidreturn)/?$ ./index.php?pretty;action=$1 [L,QSA]
RewriteRule ^(pm|post|post2|printpage|profile|quotefast|quickmod|quickmod2)/?$ ./index.php?pretty;action=$1 [L,QSA]
RewriteRule ^(recent|register|register2|reminder|removepoll|removetopic2|reporttm|requestmembers)/?$ ./index.php?pretty;action=$1 [L,QSA]
RewriteRule ^(restoretopic|search|search2|sendtopic|smstats|suggest|spellcheck|splittopics)/?$ ./index.php?pretty;action=$1 [L,QSA]
RewriteRule ^(stats|sticky|theme|trackip|about:mozilla|about:unknown|unread|unreadreplies)/?$ ./index.php?pretty;action=$1 [L,QSA]
RewriteRule ^(verificationcode|viewprofile|vote|viewquery|viewsmfile|who|\.xml|xmlhttp)/?$ ./index.php?pretty;action=$1 [L,QSA]

# Rules for: boards
RewriteRule ^([-_!~*'()$a-zA-Z0-9]+)/?$ ./index.php?pretty;board=$1.0 [L,QSA]
RewriteRule ^([-_!~*'()$a-zA-Z0-9]+)/([0-9]*)/?$ ./index.php?pretty;board=$1.$2 [L,QSA]

# Rules for: topics
RewriteRule ^([-_!~*'()$a-zA-Z0-9]+)/([-_!~*'()$a-zA-Z0-9]+)/?$ ./index.php?pretty;board=$1;topic=$2.0 [L,QSA]
RewriteRule ^([-_!~*'()$a-zA-Z0-9]+)/([-_!~*'()$a-zA-Z0-9]+)/([0-9]*|msg[0-9]*|new)/?$ ./index.php?pretty;board=$1;topic=$2.$3 [L,QSA]

# PRETTYURLS MOD ENDS

tinoest

You want to change the content type not add a additional one.

So in that header it would become content-type, I'd also try Content-Type as well.

epikurieu

I'm not quite sure I understand; you mean I should try uppercase for the "type" as well? Like this?

// Make sure we're serving an image
$contentParts = explode('/', !empty($cached['content_type']) ? $cached['content_type'] : '');
if ($contentParts[0] != 'image')
exit;

header_remove('Content-Type');
header('Content-type: ' . $cached['content_type']);
header('Content-length: ' . $cached['size']);
echo base64_decode($cached['body']);
}


I tried, it still doesn't work... :(

butch2k

could you try adding:

header('Cache-Control:no-cache, no-store, must-revalidate');
after the previous headers(...)

It would prevent any proxy from caching the image, it might solve the issue if there is a wrongly configured proxy in front of your webserver.


epikurieu

You mean like that? (Sorry, I don't code, so I don't want to mess up!)

header_remove('Content-type');
header('Content-type: ' . $cached['content_type']);
header('Content-length: ' . $cached['size']);
header('Cache-Control:no-cache, no-store, must-revalidate');
echo base64_decode($cached['body']);


It didn't work either.

albertlast

I would like to point out that header_remove('content-type'); is case sensitiv,
so when the server sends content-type, than should be try to removed in the same format.

epikurieu

Yes, I tried 3 combinations: content-type, Content-type and Content-Type. I didn't try content-Type, which doesn't seem to make sense for me! ;)

epikurieu

So there's no solution for me? Anything I can add to the .htaccess or .phpini?

tinoest

Quote from: epikurieu on February 27, 2018, 07:49:12 AM
You mean like that?

Not quite, like the below;


header('Content-Type: ' . $cached['content_type']);
header('Content-Length: ' . $cached['size']);
header('Cache-Control:no-cache, no-store, must-revalidate');
echo base64_decode($cached['body']);

epikurieu


shawnb61

Can you tell if you are getting a 404?

To do so in Chrome:
Right-click on a post with a broken link...
The select Inspect...
Then click on the tiny red circle with a # in it...(upper right)
You'll see the list of errors in red towards the bottom.  That should tell you the real issue.


Your sample failed image works fine for me on a vanilla 2.0.15 install.   No tweaks needed.
You may need to consider disabling the proxy until this is resolved.


Address the process rather than the outcome.  Then, the outcome becomes more likely.   - Fripp

epikurieu

I have no red circle but an exclamation mark in a yellow triangle, is that the right place? The Console tab? So there's no error here, only 3 warnings:

The SSL certificate used to load resources from https://www.neuronesconnection.fr will be distrusted in M70. Once distrusted, users will be prevented from loading these resources. See https://g.co/chrome/symantecpkicerts for more information.
2www.neuronesconnection.fr/:1912 A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/1.9.0/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
(anonymous) @ (index):1912
jquery-migrate-1.0.0.js:29 JQMIGRATE: jQuery.fn.live() is deprecated
migrateWarn @ jquery-migrate-1.0.0.js:29

vbgamer45

Seems ok for me when I view in chrome/firefox is it a specific page.?   The "The SSL certificate used to load resources" you will need to get a new cert to fix that. Symantec SSL's will be distrusted soon.
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

epikurieu

It was on an access-restricted page (admin section) of the forum; but I get the same on a public page with non-showing images (in the last post: https://www.neuronesconnection.fr/cinema/cine-en-images/

The certificate is a free one that comes with the hosting; I assume the hoster will change by then...

tinoest

Not sure if you're still here, can you install the attached and then disable the SMF image Proxy and let me know the results?

It uses a Externally Hosted Image Proxy but won't work if the SMF one is enabled. If it does work I'll tidy it up a bit.

shawnb61

#35
All -

An update here.  epikurieu & I have been trying a # of things offline over the last few weeks to see if we can address this. 

The bottom line is that at this point I don't think epikurieu's issue is tied to the SMF Image Proxy code, my theory is that this issue is tied to his host's Apache configuration. 

Note that for epikurieu, **ALL** http images are affected.  This isn't a problem with one or two images, it is a problem with all http:// images served up by the proxy.  https:// images are fine.  We've confirmed & looked at the detailed headers for these pictures, and they are being served up from their respective hosts appropriately, and properly assigned content-type & length, proper response codes, etc., etc. 

But if you look at the headers for these images as delivered by his forum via the proxy, you'll see that all of the content-types are wrong, they've all been overridden with "content-type:text/html; charset=UTF-8".  They are not being served up as images.

What would take the content-type & overwrite it for *ALL* of a certain class of images?  My theory is that either a modsecurity or mime_mod or similar directive is looking at the proxy URLs and translating the content-type.  E.g., maybe it requires the image URL to end in .jpg or .gif, etc. 

epikurieu has reached out to his host.  No luck thus far.  I asked him to escalate beyond tier 1 support...

If he can't get any further with his host, he may need to evaluate an external proxy such as the one provided by tinoest above. 

Shawn


FYI - Among other things we looked at, we used this tool to see exactly what the host server was providing to his forum for the image.  Others may find this helpful:
https://github.com/sbulen/sjrbTools/blob/master/SMF_Img_Proxy_Diag.php
Address the process rather than the outcome.  Then, the outcome becomes more likely.   - Fripp

epikurieu

Sorry, I was a little lazy about this issue lately.

I just saw tinoest's message, so I installed your tool and... it works! :) Thanks a lot for your time and energy!

Do you still want me to contact again my host? I must confess that I don't really believe I can get a better response, but if you want, I'll try. :)

epikurieu

I marked the topic as solved for now; let me know if you need me to do something more. And thanks again! :)

shawnb61

We believe these proxy issues (not due to host config) were all fixed in 2.0.16.
Address the process rather than the outcome.  Then, the outcome becomes more likely.   - Fripp

Advertisement: