-
Sign up or login, and you'll have full access to opportunities of forum.
Traffic optimization
- Thread starter fallenmystic
- Start date
poem21045
Tribunus Plebis
Barb, this is what works for me.
I don't know if it will help your images feel more secure. (They have my sympathy!)
curiouser and curiouser, we'll wait to see what happens.
It does alert us to the concern I hinted at above - we want our site to be secure in all senses (even though it's not one where financial details or other confidential information are ever asked for) - and we want sites linked in any ways to ours to be safe and secure ones too - we're alert to the dangers both of malware etc. getting into members' equipment, and of members stumbling into illegal content (kiddie porn etc.) unawares, which is why we're being cautious.
malins
Stumbling Seeker
For me that happens only on the start page, and not on any of the content pages, that is -- actual threads.
The reason is that a few images on the start page are hard coded as HTTP:// links on the start page - the Help the forum and the donation thermometer images, as fallenmystic has pointed out.
Those are only nitpicks and the rest of the forum is now fully SSL encrypted!
I also see that everything has been switched over new IP's responding for HTTP requests to 'cruxforums.com' (they are v6 now also) and an nslookup call also delivers very different results than it did before. So the CDN switchover really does seem to be working.
malins
Stumbling Seeker
In terms of SSL the security of the site has just increased by leaps and bounds.
The warning on the start page is a rather trivial matter -- with SSL being used it is now no longer possible to 'sniff' login names and passwords during a sign in which was previously technically possible.
windar
Teller of Tales
All this up-to-date technology makes me feel I ought to write better stories
FWIW, it still says "Not Secure" regardless of where I am on the site.
malins
Stumbling Seeker
If you still have http://www.cruxforums.com in the adress bar of your browser (you may have to click into it to se the protocol - that is the part before the :// ... and in some browsers that may not be shown at all, with the URL just starting with www.) -- then yes, that will be so.
Anything http:// is insecure.
As of now https:// is available but not enforced upon the user. Previously it was not available.
So right now you can if you want to switch to the https:// version by just either editing the http:// into https://, or adding the https:// in front, if it starts right with www. -- and then hitting Enter on your keyboard. The page will reload and you should get a different security evaluation.
malins
Stumbling Seeker
I've tried this very thread in Firefox, Opera and Chrome browsers and they all proclaim it safe with valid certificate.
windar
Teller of Tales
I did that and it still says Not secure
windar
Teller of Tales
Both Chrome and Firefox tell me I am insecure. This is making me feel very, how should I put this, insecure...
fallenmystic
Tribune
The insecure warning about images is caused by the problem I mentioned in my previous post. In short, if a site is to be strictly secure, all of its contents must be served via HTTPS.
But the problem is, we have 2 images (the thermometer and "HELP US..." banner) which are still referenced by the old HTTP address. It's most likely because their full URLs are manually entered somewhere so we can just find and change them, as I detailed in my previous post.
The important thing to note is "all of its contents" does not include images hosted on an external service. As such, using HTTP URL to images hosted on an external site does not cause such a problem.
As to the reason why some of you still get redirected to HTTP is also explained in my previous post along with a solution. It's really an easy fix, but there may be a little complication as I suspect there may be a XenForo setting where the old URL (beginning with "http://") is entered manually, which may cause an endless loop if the Cloudflare option is toggled on. That was why I warned about the possiblity in "EDIT".
In short, you need to type "https://www.cruxforums.com/xf/" (with the trailing "/") to enter the secure site at the moment, because otherwise, there's something (likely to be some hardcoded setting on the XenForo's admin console) redirects you back to the old site. It's just a matter of changing the address on the console, but finding where the setting is might be a bit tricky.
All these problems are relatively easy to fix and something we won't have to worry about once we get past them (unlike the problem with the traffic). So we can regard them as temporary inconveniences of transitioning to a more secure website.
Hope this helps to clear up some of the confusion.
But the problem is, we have 2 images (the thermometer and "HELP US..." banner) which are still referenced by the old HTTP address. It's most likely because their full URLs are manually entered somewhere so we can just find and change them, as I detailed in my previous post.
The important thing to note is "all of its contents" does not include images hosted on an external service. As such, using HTTP URL to images hosted on an external site does not cause such a problem.
As to the reason why some of you still get redirected to HTTP is also explained in my previous post along with a solution. It's really an easy fix, but there may be a little complication as I suspect there may be a XenForo setting where the old URL (beginning with "http://") is entered manually, which may cause an endless loop if the Cloudflare option is toggled on. That was why I warned about the possiblity in "EDIT".
In short, you need to type "https://www.cruxforums.com/xf/" (with the trailing "/") to enter the secure site at the moment, because otherwise, there's something (likely to be some hardcoded setting on the XenForo's admin console) redirects you back to the old site. It's just a matter of changing the address on the console, but finding where the setting is might be a bit tricky.
All these problems are relatively easy to fix and something we won't have to worry about once we get past them (unlike the problem with the traffic). So we can regard them as temporary inconveniences of transitioning to a more secure website.
Hope this helps to clear up some of the confusion.
Last edited:
poem21045
Tribunus Plebis
I tried that, and it didn't work at first. I found out that I needed to completely log out of cruxforums first and then exit the site. Then, when I entered https://www.cruxforums.com/xf/, I got directed to the secure site. I could then log in as usual.
I now feel so secure, I'm thinking of flushing all my Prozac!
I think FM and Poem have made this clear, but just to reinforce the message:
Log in as: https://www.cruxforums.com/xf/
and the insecure site issue goes away.
Note. one may have to log out first, though, if one has the setting “stay logged in” on one’s account in order to clear any account memory of the old insecure log in.
Log in as: https://www.cruxforums.com/xf/
and the insecure site issue goes away.
Note. one may have to log out first, though, if one has the setting “stay logged in” on one’s account in order to clear any account memory of the old insecure log in.
Last edited:
Don't you mean https://www.cruxforums.com/xf/ ?
fallenmystic
Tribune
You are right. If you use some browsers like Chrome, however, it will still report the site as insecure as long as the URLs of those two images mentioned above remaine as they are. It's trivial to change them so hopefully it won't take too long before it can be fixed.