Image proxy

GOD

Your average end user (member) is virtually clueless concerning SSL. As a result he or she will hotlink photos from anywhere. Without an image proxy your site will be filled with mix content browser warnings.

Kulga

firefox is saying something like this on my https site. It's blocking unencrypted elements. Doesn't really seem to affect anything. images still link, videos still work..
GOD Is there something you can do to mitigate this or were you just making a general statement?

ameo

Good GOD!

Henry

ameo LOL

But on a serious note, is this a common practice? I mean Chrome only warns saying "hey the site is encrypted but there's 3rd party content that's not". I've never really bothered with that very much I suppose, but I could see how that's not ideal.

Dominion

Henry I mean Chrome only warns saying "hey the site is encrypted but there's 3rd party content that's not".

Some browsers are not as kind; they just remove the https indicator, making it seem as if the site is not secure.

... But I generally prefer to enforce a "no hotlinking" policy, and explain to my users why I don't want them doing it. Because it's the site, not the users, that will end up with a bad rep for bandwidth theft.

Kulga Is there something you can do to mitigate this or were you just making a general statement?

Inserting a proxy would allow the images to be served over https, so the site's https indicator is unaffected.

GOD

Kulga GOD Is there something you can do to mitigate this or were you just making a general statement?

I was speaking regarding personal experience, but unfortunately embedding an image proxy into this development is outside my skill. I know both xenforo and woltlab burning board have this. I think ip board has this too.

Kulga

Dominion So... the image is never stored on the server? I tried searching for image proxy but came up with stuff stored on the server. What is this called and how is it done on apache / nginx?

Dominion

I've never done this and am a bit sketchy on the details, but I've read about such things being done.

Have a gander at the first answer to this thread, for example:

http://stackoverflow.com/questions/3011222/dealing-with-http-content-in-https-pages

Basically, instead of allowing your site to request the images/whatever directly from the unsecured remote server, you set up your own proxy that will store and serve them over https. Or something like that. 🙂

rdn

XenForo has built in Image Proxy: https://xenforo.com/community/threads/exif-rotation-acp-searching-proxying-and-change-logging.66592/

vk

its a good feature.

luceos

It's a great idea and somewhat easy to do if you know how to set up nginx for instance. But the problem is concerned with security, how are you going to prevent images to be loaded by any and all sites all over the world (and thus leeching bandwidth and performance)?

Lucas

Definitely a good idea.

Toby

Great idea for an extension.

GOD

Toby For critical functions that could fall under security, I don't usually hold out hope for 3rd party development. But I'm sure if could be made as an extension. I just wouldn't depend on it for long term support.