naughtygamers
NTHW Gaming Banner
GotW™ : Call of Duty 4

Author Topic: SSL HTTPS and being insecure  (Read 190 times)

0 Members and 1 Guest are viewing this topic.

Offline MovedGoalPosts

  • Kannon Fodda
  • [NTHW] Clan
  • *
  • Posts: 3,505
    • Ember Big Band
SSL HTTPS and being insecure
« on: 10 August 2018, 03:51: PM »
In a moment of boredom, and given that my browsers keep nagging me that the site is insecure (it isn't) I've decided to do a full Ramrod and break the server:

Anything could and probably will happen whilst I try and work out how this SSL certification works and what linkages it breaks in the website .....
uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı

Offline bopdude

  • [NTHW] Clan
  • *
  • Posts: 2,883
  • Too old for this shit
Re: SSL HTTPS and being insecure
« Reply #1 on: 10 August 2018, 04:34: PM »
Well we're still here, try harder ;D

Offline Stormpr00ter

  • Space Cadet
  • [NTHW] Clan
  • *
  • Posts: 3,596
  • Mostly Harmless
Re: SSL HTTPS and being insecure
« Reply #2 on: 10 August 2018, 04:36: PM »
LOL!

OK, tracking down the insecure bits is going to be fun, but there's a site to help - www.whynopadlock.com

Results:
Mixed Content - Errors
Soft Failure
An image with an insecure url of "http://www.nthwgaming.co.uk/images/GamingDeluxe150.jpg" was loaded on line: 334 of https://www.nthwgaming.co.uk/.
This URL will need to be updated to use a secure URL for your padlock to return.
Soft Failure
An image with an insecure url of "http://www.nthwgaming.co.uk/images/tsohostlogo.png" was loaded on line: 334 of https://www.nthwgaming.co.uk/.
This URL will need to be updated to use a secure URL for your padlock to return.

I'm thinking you can fix it MGP - if not give me a shout.

HTH

Offline Stormpr00ter

  • Space Cadet
  • [NTHW] Clan
  • *
  • Posts: 3,596
  • Mostly Harmless
Re: SSL HTTPS and being insecure
« Reply #3 on: 10 August 2018, 04:37: PM »
Ha! - Looks like you've done it!

Nice one.

Offline MovedGoalPosts

  • Kannon Fodda
  • [NTHW] Clan
  • *
  • Posts: 3,505
    • Ember Big Band
Re: SSL HTTPS and being insecure
« Reply #4 on: 10 August 2018, 04:37: PM »
Try clicking some of the nav links and you'll see how broke it is - but I think I've sussed that one .....

Already got the Gaming deluxe and tso host image ones - but generally anything that was hardcoded as HTTP link is pain in the rear
uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı

Offline Stormpr00ter

  • Space Cadet
  • [NTHW] Clan
  • *
  • Posts: 3,596
  • Mostly Harmless
Re: SSL HTTPS and being insecure
« Reply #5 on: 13 August 2018, 11:20: AM »
Try clicking some of the nav links and you'll see how broke it is - but I think I've sussed that one .....

Already got the Gaming deluxe and tso host image ones - but generally anything that was hardcoded as HTTP link is pain in the rear

Still issues with the login?
Probably something to do with cookies?

Offline MovedGoalPosts

  • Kannon Fodda
  • [NTHW] Clan
  • *
  • Posts: 3,505
    • Ember Big Band
Re: SSL HTTPS and being insecure
« Reply #6 on: 13 August 2018, 03:02: PM »
I'm not seeing that.  Perhaps you have a dodgy cookie that isn't getting overwritten correctly?
uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı

Offline Stormpr00ter

  • Space Cadet
  • [NTHW] Clan
  • *
  • Posts: 3,596
  • Mostly Harmless
Re: SSL HTTPS and being insecure
« Reply #7 on: 13 August 2018, 04:34: PM »
Might be a Firefox thing. The "Home" button goes to nthwgaming.co.uk, rather than www.nthwgaming.co.uk - strictly speaking these are different hostnames and may be why I see the login nag at the top of the page when I click "Home". Not a big problem, if I click "Forum" I am logged in properly.

Offline MovedGoalPosts

  • Kannon Fodda
  • [NTHW] Clan
  • *
  • Posts: 3,505
    • Ember Big Band
Re: SSL HTTPS and being insecure
« Reply #8 on: 13 August 2018, 05:49: PM »
hmm

It's all a bit weird, and may partly relate to how Simple Machines Forum codes stuff.

Firstly I have a .htaccess file that is supposed to force a redirect to https:
Code: [Select]
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

But there seem to be a number of variants of that code on the net so not sure this one is entirely correct.

Most of the hardcoded links in the navigation menus use https://www.nthwgaming/....
But those seem to convert to http://www.nthwgaming.co.uk/...  which is why the forum link works.  However the home page menu link isn't converting ???
But not all links are hardcoded, some work off the server root like "/###/###/#/nthwgaming.co.uk/###/forum"

But then most confusing of all is the TSO account DNS that suggests the A records for nthwgaming and www.nthwgaming use different IPs ???
uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı

Offline Dutchie

  • [NTHW] Clan
  • *
  • Posts: 1,219
Re: SSL HTTPS and being insecure
« Reply #9 on: 13 August 2018, 07:21: PM »
I have the same as storm so when I click on my bookmark I'm signed in but when I click on the home button I'm showing as a guest so not seeing new posts and things like that this is on both phone and pc

Offline MovedGoalPosts

  • Kannon Fodda
  • [NTHW] Clan
  • *
  • Posts: 3,505
    • Ember Big Band
Re: SSL HTTPS and being insecure
« Reply #10 on: 14 August 2018, 11:39: AM »
I've checked and changed a few links.  Difficult to track down every last one though as links are embedded in so many places.  Tried to ensure consistency so everything uses nthwgaming.co.uk rather than www.nthwgaming.co.uk.  Lets see if that makes a difference to the cookie login process ...
uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı

Offline bopdude

  • [NTHW] Clan
  • *
  • Posts: 2,883
  • Too old for this shit
Re: SSL HTTPS and being insecure
« Reply #11 on: 14 August 2018, 03:29: PM »
Well something is broken, keeps showing your last post as a new post MGP ?

EDIT: but now I've posted it's all better  :doh:

Offline Stormpr00ter

  • Space Cadet
  • [NTHW] Clan
  • *
  • Posts: 3,596
  • Mostly Harmless
Re: SSL HTTPS and being insecure
« Reply #12 on: 16 August 2018, 01:34: PM »
I've checked and changed a few links.  Difficult to track down every last one though as links are embedded in so many places.  Tried to ensure consistency so everything uses nthwgaming.co.uk rather than www.nthwgaming.co.uk.  Lets see if that makes a difference to the cookie login process ...

It's fixed the issue I was having with the login  :tu: