Go Back   Rage3D » Rage3D Discussion Area » Community and Site Discussions » Feedback Central
Rage3D Subscribe Register FAQ Members List Calendar Mark Forums Read

Feedback Central This is a place to post problems, suggestions, comments, or help regarding the forums or site. This is not a place to air your mod-related grievances as first-resort.

Reply
 
Thread Tools Display Modes
Old Feb 10, 2017, 10:28 PM   #1
Advertisement (Guests Only)

Login or Register to remove this ad
Ichneumon
Lord of the Flies
 
Join Date: Sep 2000
Location: United States Michigan
Posts: 3,735
Ichneumon is still being judged by the masses


Default 100% SSL Redirect

For the last 6 months or so Rage3D has been behind the Cloudflare CDN after the DDoS that was directed at the site for several days.

Since even then we've offered full SSL for the site and forums for all connections, but now it runs more smoothly. I've been looking at rewriting all HTTP requests to HTTPS and I think we're at a point we can move to having all connections forced to SSL.

I've been sorting out how to do the SSL URL rewrite without breaking anything and am putting this out there for user feedback before I pull the trigger.
__________________
Ichneumon
http://www.rage3d.com

"A lie gets halfway around the world before the truth has a chance to get its pants on. "
- Sir Winston Churchill (1874-1965)
Ichneumon is offline   Reply With Quote
Old Feb 11, 2017, 01:06 PM   #2
Kombatant
K to the max!™
 
Join Date: Nov 2002
Location: Canada North York
Posts: 17,184
Kombatant can recite pi backwardsKombatant can recite pi backwardsKombatant can recite pi backwardsKombatant can recite pi backwardsKombatant can recite pi backwardsKombatant can recite pi backwardsKombatant can recite pi backwards


Subscriber
Default

I'd say go for it
__________________
There is no spoon...
Kombatant is offline   Reply With Quote
Old Feb 28, 2017, 01:17 PM   #3
t3hl33td4rg0n
env x='() { :;};
 
Join Date: Jul 2012
Location: United States Kent, OH
Posts: 1,731
t3hl33td4rg0n is not someone to be trifled witht3hl33td4rg0n is not someone to be trifled witht3hl33td4rg0n is not someone to be trifled witht3hl33td4rg0n is not someone to be trifled witht3hl33td4rg0n is not someone to be trifled witht3hl33td4rg0n is not someone to be trifled witht3hl33td4rg0n is not someone to be trifled with


Default

Use LetsEncrypt, CertBot, and Apache to achieve this.

https://www.ethode.com/blog/using-le...pt-with-dotcms

Don't mind the dotCMS bit, but the rest should give you the instruction for setting up Apache to redirect any HTTP requests to HTTPS.
__________________
Gaming Computer: Core i7 3770k | MSI Z77 MPOWER | MSI 1080 Twin Frozr | Acer Predator X34 | 16GB G.SKILL DDR3 PC2100 | Antec DF-85 | Cooler Master Silent Gold Pro 800W | 512GB Samsung 860 EVO | 4TB WDC Black | 4TB HGST
Server: Core i5 4670 | MSI Z87 MPOWER MAX AC | eVGA GTX980 | 8GB G.SKILL DDR3 1866 | Lian-Li V2120X | Corsair RM750 750W | 500GB SSD | 4x 4TB WDC Red
t3hl33td4rg0n is offline   Reply With Quote
Advertisement (Guests Only)
Login or Register to remove this ad
Old Feb 28, 2017, 07:46 PM   #4
Treeckcold57
Good ol' ATI
 
Join Date: Sep 2004
Posts: 17,023
Treeckcold57 knows why the caged bird singsTreeckcold57 knows why the caged bird singsTreeckcold57 knows why the caged bird singsTreeckcold57 knows why the caged bird singsTreeckcold57 knows why the caged bird sings


Default

Yes, do it!
__________________

AMD Phenom II X2 555 @ stock clock
Xigamtek Knight cooler
ASUS M4A79XTD EVO
G.Skill 8GB DDR3 1333 (4x4GB)
Intel 530 240GB SSD
XFX ATI Radeon 4870 1GB
Antec Truepower 750W
NZXT Source 210
Windows 7 x64



AMD FX-8350 @ stock clock
Gigabyte GA-990FX-UD5 R5
G.Skill Sniper 16GB (8x2) DDR3 1866
Arctic Freezer 7 Pro 7 rev. 2
Gigabyte Windforce 7950 3GB Ghz Edition
Samsung 840 Pro 128GB SSD
EVGA SuperNova 650W
NZXT Source 210 w/ two Noctua F-12 fans
Ubuntu MATE 64-bit
Intel i5 3570K @ stock clock | G.Skill 16GB (8GBx2) DDR3 1866 | Silicon Power 60GB SSD | Win 10 Pro x64 | NZXT Source 210
Treeckcold57 is offline   Reply With Quote
Old Feb 28, 2017, 11:36 PM   #5
daPhoenix
Snow White Nurse
 
Join Date: Feb 2003
Location: Finland European Union
Posts: 12,992
daPhoenix doesn't need no stinkin' badgesdaPhoenix doesn't need no stinkin' badgesdaPhoenix doesn't need no stinkin' badgesdaPhoenix doesn't need no stinkin' badgesdaPhoenix doesn't need no stinkin' badgesdaPhoenix doesn't need no stinkin' badgesdaPhoenix doesn't need no stinkin' badgesdaPhoenix doesn't need no stinkin' badgesdaPhoenix doesn't need no stinkin' badges


Default

Quote:
Originally Posted by t3hl33td4rg0n View Post
Use LetsEncrypt, CertBot, and Apache to achieve this.
R3D runs on Windows and IIS so that's not going to work and the Windows version of Apache is crap

Looks like Ichi got a Comodo SSL cert for the site so that's valid for.. 6 months at a time? Can't remember how the free version went.
__________________
:: We are all the sum of our tears.
:: Too little and the ground is not fertile and nothing can grow there.
:: Too much and best of us is washed away.
daPhoenix is offline   Reply With Quote
Old Mar 1, 2017, 01:17 AM   #6
DigitalDemon
Flaccid Flexor
 
Join Date: Apr 2003
Location: Niger Please
Posts: 5,741
DigitalDemon can recite pi backwardsDigitalDemon can recite pi backwardsDigitalDemon can recite pi backwardsDigitalDemon can recite pi backwardsDigitalDemon can recite pi backwardsDigitalDemon can recite pi backwardsDigitalDemon can recite pi backwards


Default

Quote:
Originally Posted by daPhoenix View Post
Looks like Ichi got a Comodo SSL cert for the site so that's valid for.. 6 months at a time? Can't remember how the free version went.
Rage3D appears to be running Cloudflare's free shared SSL cert by Comodo. It is a multi domain positive SSL cert, so 99 other sites share this cert.

Though, this also means we are running in flexible SSL mode, so client to Cloudflare is encrypted, but Cloudflare to origin server is not.

Last edited by DigitalDemon : Mar 1, 2017 at 01:22 AM.
DigitalDemon is offline   Reply With Quote
Old Mar 1, 2017, 02:11 AM   #7
daPhoenix
Snow White Nurse
 
Join Date: Feb 2003
Location: Finland European Union
Posts: 12,992
daPhoenix doesn't need no stinkin' badgesdaPhoenix doesn't need no stinkin' badgesdaPhoenix doesn't need no stinkin' badgesdaPhoenix doesn't need no stinkin' badgesdaPhoenix doesn't need no stinkin' badgesdaPhoenix doesn't need no stinkin' badgesdaPhoenix doesn't need no stinkin' badgesdaPhoenix doesn't need no stinkin' badgesdaPhoenix doesn't need no stinkin' badges


Default

Quote:
Originally Posted by DigitalDemon View Post
Though, this also means we are running in flexible SSL mode, so client to Cloudflare is encrypted, but Cloudflare to origin server is not.
That being said, there's very little to gain here by encryption apart from user / pass.

I think the whole "EVERYTHING MUST BE ENCRYPTED" is pretty absurd for public forums, media and other content that simply has no value in being encrypted as it's free to view anyway.

I guess that's what you get when you have -isms running the show.
__________________
:: We are all the sum of our tears.
:: Too little and the ground is not fertile and nothing can grow there.
:: Too much and best of us is washed away.
daPhoenix is offline   Reply With Quote
Old Mar 1, 2017, 03:01 AM   #8
DigitalDemon
Flaccid Flexor
 
Join Date: Apr 2003
Location: Niger Please
Posts: 5,741
DigitalDemon can recite pi backwardsDigitalDemon can recite pi backwardsDigitalDemon can recite pi backwardsDigitalDemon can recite pi backwardsDigitalDemon can recite pi backwardsDigitalDemon can recite pi backwardsDigitalDemon can recite pi backwards


Default

Encryption/SSL is much more important than you may realize, even for sites that are thought to contain little value in terms of actual content. It makes sure the content you are retrieving is the correct, un-tampered data. Without it, anyone with access to the data path between you and the server, say.. your ISP, is free to read and modify the data being transferred if they so desire.

Ad injection or censoring is unbelievably simple on unencrypted connections such as http where the packets and expected data is consistent and easy to manipulate. Home router software can even do it for your own connections such as squid, don't think that someone else higher up in the chain doesn't have the ability, they are already scraping as it is.
DigitalDemon is offline   Reply With Quote
Old Mar 1, 2017, 03:38 AM   #9
daPhoenix
Snow White Nurse
 
Join Date: Feb 2003
Location: Finland European Union
Posts: 12,992
daPhoenix doesn't need no stinkin' badgesdaPhoenix doesn't need no stinkin' badgesdaPhoenix doesn't need no stinkin' badgesdaPhoenix doesn't need no stinkin' badgesdaPhoenix doesn't need no stinkin' badgesdaPhoenix doesn't need no stinkin' badgesdaPhoenix doesn't need no stinkin' badgesdaPhoenix doesn't need no stinkin' badgesdaPhoenix doesn't need no stinkin' badges


Default

Quote:
Originally Posted by DigitalDemon View Post
Encryption/SSL is much more important than you may realize, even for sites that are thought to contain little value in terms of actual content. It makes sure the content you are retrieving is the correct, un-tampered data.
Your ISP can still use an interception proxy and you'll never know unless you examine certificates by hand.

Anyway that's pretty off topic here - personally I don't give a hoot if public forums like this are encrypted or not.
__________________
:: We are all the sum of our tears.
:: Too little and the ground is not fertile and nothing can grow there.
:: Too much and best of us is washed away.
daPhoenix is offline   Reply With Quote
Old Mar 1, 2017, 04:05 AM   #10
DigitalDemon
Flaccid Flexor
 
Join Date: Apr 2003
Location: Niger Please
Posts: 5,741
DigitalDemon can recite pi backwardsDigitalDemon can recite pi backwardsDigitalDemon can recite pi backwardsDigitalDemon can recite pi backwardsDigitalDemon can recite pi backwardsDigitalDemon can recite pi backwardsDigitalDemon can recite pi backwards


Default

Quote:
Originally Posted by daPhoenix View Post
Your ISP can still use an interception proxy and you'll never know unless you examine certificates by hand.

Anyway that's pretty off topic here - personally I don't give a hoot if public forums like this are encrypted or not.
True, technically cloudflare's flexible SSL mode is an interception proxy itself. You could go with an overly expensive EV cert, but even then the majority of web users have no idea what that is.
DigitalDemon is offline   Reply With Quote
Old Mar 26, 2017, 03:13 PM   #11
Ichneumon
Lord of the Flies
 
Join Date: Sep 2000
Location: United States Michigan
Posts: 3,735
Ichneumon is still being judged by the masses


Default

For what its worth, you can browse any of R3D as HTTPS today. I just don't force everyone to use SSL.
__________________
Ichneumon
http://www.rage3d.com

"A lie gets halfway around the world before the truth has a chance to get its pants on. "
- Sir Winston Churchill (1874-1965)
Ichneumon is offline   Reply With Quote
Old Mar 26, 2017, 03:27 PM   #12
Seyiji
Team 🌙 Moon
 
Join Date: Jun 2004
Location: Manches Manchesville
Posts: 13,500
Seyiji has achieved the Highest Pinnacle of ReputationSeyiji has achieved the Highest Pinnacle of ReputationSeyiji has achieved the Highest Pinnacle of ReputationSeyiji has achieved the Highest Pinnacle of ReputationSeyiji has achieved the Highest Pinnacle of ReputationSeyiji has achieved the Highest Pinnacle of ReputationSeyiji has achieved the Highest Pinnacle of ReputationSeyiji has achieved the Highest Pinnacle of ReputationSeyiji has achieved the Highest Pinnacle of ReputationSeyiji has achieved the Highest Pinnacle of ReputationSeyiji has achieved the Highest Pinnacle of Reputation


Default

Quote:
Originally Posted by Ichneumon View Post
For what its worth, you can browse any of R3D as HTTPS today. I just don't force everyone to use SSL.


Changed my bookmark :3
__________________
,____,
[^_^]
/)___)

-"---"-
Rage3D PC Gaming Hit-List
Official PC Gaming Deals Thread
Has the above thread been misplaced/renamed/merged/stickied/locked? Well then there's a doins transpirin! Find the tome and bring forth the sacrifice to restore peace and order.
"VIAGRA FALLS, slowly I turned, and step by step, inch by inch, I walked up to him, I smashed him, I hit him, I bonked him, I bopped him, I socked him and I mashed his face and I knocked him down."
Seyiji is offline   Reply With Quote
Old Mar 26, 2017, 03:28 PM   #13
Talon_262
Lurker Supreme
 
Join Date: Mar 2002
Location: United States Macho Grande
Posts: 1,782
Talon_262 once held a door open for a complete strangerTalon_262 once held a door open for a complete strangerTalon_262 once held a door open for a complete strangerTalon_262 once held a door open for a complete stranger


Subscriber
Default

Browsing the forums on the secure connection now...seems snappier than it's been here lately.

__________________
Ad aspera per astra | Post counts don't mean anything to me...I go for quality, not quantity ;)
------------------------------------------------
Steam: TNT_TedStriker | Origin: TedStriker75
Talon_262 is offline   Reply With Quote
Old Mar 27, 2017, 02:57 PM   #14
Treeckcold57
Good ol' ATI
 
Join Date: Sep 2004
Posts: 17,023
Treeckcold57 knows why the caged bird singsTreeckcold57 knows why the caged bird singsTreeckcold57 knows why the caged bird singsTreeckcold57 knows why the caged bird singsTreeckcold57 knows why the caged bird sings


Default

Thanks again. I just updated my bookmark on the bookmark bar.
__________________

AMD Phenom II X2 555 @ stock clock
Xigamtek Knight cooler
ASUS M4A79XTD EVO
G.Skill 8GB DDR3 1333 (4x4GB)
Intel 530 240GB SSD
XFX ATI Radeon 4870 1GB
Antec Truepower 750W
NZXT Source 210
Windows 7 x64



AMD FX-8350 @ stock clock
Gigabyte GA-990FX-UD5 R5
G.Skill Sniper 16GB (8x2) DDR3 1866
Arctic Freezer 7 Pro 7 rev. 2
Gigabyte Windforce 7950 3GB Ghz Edition
Samsung 840 Pro 128GB SSD
EVGA SuperNova 650W
NZXT Source 210 w/ two Noctua F-12 fans
Ubuntu MATE 64-bit
Intel i5 3570K @ stock clock | G.Skill 16GB (8GBx2) DDR3 1866 | Silicon Power 60GB SSD | Win 10 Pro x64 | NZXT Source 210
Treeckcold57 is offline   Reply With Quote
Old Mar 31, 2017, 04:46 AM   #15
Seyiji
Team 🌙 Moon
 
Join Date: Jun 2004
Location: Manches Manchesville
Posts: 13,500
Seyiji has achieved the Highest Pinnacle of ReputationSeyiji has achieved the Highest Pinnacle of ReputationSeyiji has achieved the Highest Pinnacle of ReputationSeyiji has achieved the Highest Pinnacle of ReputationSeyiji has achieved the Highest Pinnacle of ReputationSeyiji has achieved the Highest Pinnacle of ReputationSeyiji has achieved the Highest Pinnacle of ReputationSeyiji has achieved the Highest Pinnacle of ReputationSeyiji has achieved the Highest Pinnacle of ReputationSeyiji has achieved the Highest Pinnacle of ReputationSeyiji has achieved the Highest Pinnacle of Reputation


Default

Ichy-chan plz (づ ̄ ³ ̄)づ ♥

Using https all embedded youtube videos produce a white square. When I change back to http I can view video's normally.

This is with Firefox 52.0.2 and no extensions or other crap snorlaxing my path.

Save me from this pain Ichy-chan (づ ̄ ³ ̄)づ ♥
__________________
,____,
[^_^]
/)___)

-"---"-
Rage3D PC Gaming Hit-List
Official PC Gaming Deals Thread
Has the above thread been misplaced/renamed/merged/stickied/locked? Well then there's a doins transpirin! Find the tome and bring forth the sacrifice to restore peace and order.
"VIAGRA FALLS, slowly I turned, and step by step, inch by inch, I walked up to him, I smashed him, I hit him, I bonked him, I bopped him, I socked him and I mashed his face and I knocked him down."
Seyiji is offline   Reply With Quote
Old Mar 31, 2017, 01:47 PM   #16
0091/2
We Do It!
 
Join Date: Dec 2002
Location: China Brooklyn, NY
Posts: 7,340
0091/2 is not someone to be trifled with0091/2 is not someone to be trifled with0091/2 is not someone to be trifled with0091/2 is not someone to be trifled with0091/2 is not someone to be trifled with0091/2 is not someone to be trifled with0091/2 is not someone to be trifled with0091/2 is not someone to be trifled with


Default

Quote:
Originally Posted by Ichneumon View Post
For what its worth, you can browse any of R3D as HTTPS today. I just don't force everyone to use SSL.
Embedded youtube video won't load with HTTPS.
__________________
Lenovo x61t - Display : 12.1 (Multi-Touch) - CPU : Intel Lv7700 @1.8ghz - Graphics : Intel GMA X3100 graphics - Chipset : Intel 965 Express - Communication : Intel Wireless WiFi Link 4965AGN
10/100/1000 Ethernet - RAM : G.skill ddr2 800 4gb - Storage : G.Skill 64 SSD(SLC) - Battery : 8cell


Current Desktop [2016]
Monitor: NEC EA244wmi | CPU: Intel 3570k @4.2ghz | Heatsink: NH-D14 | GPU: Intel HD4000 | Mobo: ASUS P8Z77-v pro | WiFi: Asus PCEAC68 | SSD: Samsung 830pro 128GB | HDD: WD Black 8========D~13TB | PSU: Seasonic Plat. 660w
0091/2 is offline   Reply With Quote
Old Mar 31, 2017, 04:11 PM   #17
Seyiji
Team 🌙 Moon
 
Join Date: Jun 2004
Location: Manches Manchesville
Posts: 13,500
Seyiji has achieved the Highest Pinnacle of ReputationSeyiji has achieved the Highest Pinnacle of ReputationSeyiji has achieved the Highest Pinnacle of ReputationSeyiji has achieved the Highest Pinnacle of ReputationSeyiji has achieved the Highest Pinnacle of ReputationSeyiji has achieved the Highest Pinnacle of ReputationSeyiji has achieved the Highest Pinnacle of ReputationSeyiji has achieved the Highest Pinnacle of ReputationSeyiji has achieved the Highest Pinnacle of ReputationSeyiji has achieved the Highest Pinnacle of ReputationSeyiji has achieved the Highest Pinnacle of Reputation


Default

Quote:
Originally Posted by 0091/2 View Post
Embedded youtube video won't load with HTTPS.
That which was what I said in the above post is similar to this one
__________________
,____,
[^_^]
/)___)

-"---"-
Rage3D PC Gaming Hit-List
Official PC Gaming Deals Thread
Has the above thread been misplaced/renamed/merged/stickied/locked? Well then there's a doins transpirin! Find the tome and bring forth the sacrifice to restore peace and order.
"VIAGRA FALLS, slowly I turned, and step by step, inch by inch, I walked up to him, I smashed him, I hit him, I bonked him, I bopped him, I socked him and I mashed his face and I knocked him down."
Seyiji is offline   Reply With Quote
Old Apr 5, 2017, 12:21 PM   #18
Elysian
SCAATSJW
 
Join Date: Oct 2001
Location: United States Austin, TX
Posts: 48,638
Elysian kills 99.99% of germs and leaves hands feeling freshElysian kills 99.99% of germs and leaves hands feeling freshElysian kills 99.99% of germs and leaves hands feeling freshElysian kills 99.99% of germs and leaves hands feeling freshElysian kills 99.99% of germs and leaves hands feeling freshElysian kills 99.99% of germs and leaves hands feeling freshElysian kills 99.99% of germs and leaves hands feeling freshElysian kills 99.99% of germs and leaves hands feeling freshElysian kills 99.99% of germs and leaves hands feeling freshElysian kills 99.99% of germs and leaves hands feeling fresh


Default

Quote:
Originally Posted by 0091/2 View Post
Embedded youtube video won't load with HTTPS.
Yep, driving me nuts.
__________________
Quote:
Originally Posted by IamHere View Post
You guys are closet communists.
Elysian is online now   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Vista MyDocs redirect problem Destroy Operating Systems 3 Jul 17, 2008 03:31 PM
Broswer redirect prob Robbiesan Feedback Central 0 Oct 10, 2002 04:10 PM


All times are GMT -5. The time now is 04:50 PM.



Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
All trademarks used are properties of their respective owners. Copyright ©1998-2011 Rage3D.com
Links monetized by VigLink