Page 1 of 2
SSL support and CloudFlare for Lanik.us forums
Posted: Sun Jan 18, 2015 10:23 pm
by LanikSJ
All,
I've enabled SSL support for this forum as well as put it up on CloudFlare (
http://www.cloudflare.com). If you have any questions please post them in this thread.
Thank you.
Re: SSL support and CloudFlare for Lanik.us forums
Posted: Mon Jan 19, 2015 1:30 am
by fanboy
Could use HSTS instead?
Re: SSL support and CloudFlare for Lanik.us forums
Posted: Mon Jan 19, 2015 2:26 am
by LanikSJ
If you mean
this then I would have to see if my host and/or CloudFlare support it.
Re: SSL support and CloudFlare for Lanik.us forums
Posted: Mon Jan 19, 2015 2:29 am
by fanboy
Cloudflare would support it, it'd query it with your host
https://raymii.org/s/tutorials/HTTP_Str ... httpd.html
Re: SSL support and CloudFlare for Lanik.us forums
Posted: Mon Jan 19, 2015 9:08 am
by harol
fanboy wrote:Could use HSTS instead?
Here is what I put in .htaccess myself:
Code: Select all
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Later down the track you should also do this
https://hstspreload.appspot.com/
Thanks again for enabling HTTPS!
Re: SSL support and CloudFlare for Lanik.us forums
Posted: Mon Jan 19, 2015 11:31 am
by LanikSJ
harol wrote:Code: Select all
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Thanks I've added that to my .htaccess (I wish I had access to Apache but its a hosted account
).
I've also added this to my .htaccess:
Code: Select all
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
harol wrote:Thanks again for enabling HTTPS!
You're welcome. We're passing usernames and passwords once people sign up and login and its about time we're doing it through HTTPS, especially this day and age.
Re: SSL support and CloudFlare for Lanik.us forums
Posted: Tue Jan 20, 2015 8:37 am
by intense
now ...this forum is not available anymore from chrome on windows XP
A secure connection cannot be established because this site uses an unsupported protocol.
Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Re: SSL support and CloudFlare for Lanik.us forums
Posted: Tue Jan 20, 2015 8:49 am
by fanboy
Does it apply to Firefox in xp?
Re: SSL support and CloudFlare for Lanik.us forums
Posted: Tue Jan 20, 2015 10:55 am
by fanboy
https://www.cloudflare.com/ssl
Universal SSL uses SNI certificates with ECDSA. SNI & ECDSA certs work with the following modern browsers:
Desktop Browsers
Internet Explorer 7 and later
Firefox 2
Opera 8 with TLS 1.1 enabled
Google Chrome:
Supported on Vista and later by default
OS X 10.5.7 in Chrome Version 5.0.342.0 and later
Safari 2.1 and later (requires OS X 10.5.6 and later or Windows Vista and later)
I can see why given security around older operating systems, as well as limitations by
Chrome on XP.
Re: SSL support and CloudFlare for Lanik.us forums
Posted: Tue Jan 20, 2015 10:58 am
by intense
those still with windows XP (still 20% in windows world...) can use only firefox to visit the forum
Re: SSL support and CloudFlare for Lanik.us forums
Posted: Tue Jan 20, 2015 11:02 am
by fanboy
Re: SSL support and CloudFlare for Lanik.us forums
Posted: Tue Jan 20, 2015 11:34 am
by fanboy
Going by stats, XP
Web Clients is around 16-5% depending on your measurement
http://en.wikipedia.org/wiki/Usage_shar ... ng_systems (and decreasing).
- The options could be to disable hsts so it'll allow non-https for older browsers
- Ditch the CDN, and just use a cert
- Keep the status quo, given the small percentages of XP users. Firefox still an option here
While I'm surprised XP is still running, 14 years of the same OS doesn't seem a good idea given Microsoft isn't supporting it. And come this April Google Chrome won't support XP either.
Re: SSL support and CloudFlare for Lanik.us forums
Posted: Tue Jan 20, 2015 6:07 pm
by LanikSJ
intense wrote:now ...this forum is not available anymore from chrome on windows XP
A secure connection cannot be established because this site uses an unsupported protocol.
Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Sorry I have no love lost for a 14 year old operating system. If this becomes more of an issue besides one person I may change my mind, but not at this time as a workaround is still available.
Re: SSL support and CloudFlare for Lanik.us forums
Posted: Sat Jan 24, 2015 2:11 am
by smed79
intense wrote:now ...this forum is not available anymore from chrome on windows XP
on Windows XP, IE & Chrome can not manage ECDSA certificates > try using
firefox or
firefox portable edition.
source:
https://code.google.com/p/chromium/issu ... ?id=431176
Re: SSL support and CloudFlare for Lanik.us forums
Posted: Thu Feb 12, 2015 1:39 am
by midas
I ended up here trying to find out why I couldn't access the forum anymore. At first I thought the site was down, until I figured out Chrome was the issue. And now I'm learning that you don't care about users on XP. Thank you, nice to know.
Re: SSL support and CloudFlare for Lanik.us forums
Posted: Thu Feb 12, 2015 9:24 am
by fanboy
midas wrote:And now I'm learning that you don't care about users on XP. Thank you, nice to know.
Its not we don't care, XP is an aging OS and the limitation is within Chrome itself. The SSL/CDN upgrade is to benefit 90-95% of the community, over a small minority of users not willing to upgrade their OS.. what needs to give?
Anyways there is always Firefox to get around the issue of Chrome on XP.
Re: SSL support and CloudFlare for Lanik.us forums
Posted: Mon Apr 13, 2015 7:11 pm
by arthurtiteica
Cloudfare blocks Tor users by default with an unreadable captcha.
This may be disabled on a per cloudfare account basis.
Please look into it.
And just to get it out because I spent 20 minutes just to get the above message to you:
* lanik.us doens't have a webmaster@ email address.
* the keycaptcha required when registering doesn't work on Firefox 37 Linux. It may very well be some ublock/other addon interference but I did try disabling all for this site.
Re: SSL support and CloudFlare for Lanik.us forums
Posted: Thu Apr 16, 2015 7:59 pm
by LanikSJ
I'll check for Tor settings on CloudFlare.
You're correct I'm not using webmaster@ email. I'm using a different email to keep my mailbox somewhat spam free. PM me and I'll tell you what it is.
Captcha worked for me on Chrome last time I looked.
Re: SSL support and CloudFlare for Lanik.us forums
Posted: Thu Apr 23, 2015 1:03 am
by funkydude
It's not a Windows XP issue, at least not solely, since I'm not using that. There is definitely connection issues that have nothing to do with the browser. I cannot access the website directly anymore, as I posted in the "bumping" thread, but was completely ignored by lanik.
The proxy I was using last time has now also been blocked and I'm having to use a different proxy to access the website, in the exact same browser.
While I could blame this issue on changing to cloudflare, the fact is this issue started happening AFTER that. So I can only assume a setting has been changed that is overly aggressive.
There is no captcha, the connection just times out.
Re: SSL support and CloudFlare for Lanik.us forums
Posted: Fri Apr 24, 2015 11:09 pm
by LanikSJ
Around what time did it start happening?
I haven't made changes to CloudeFlare since I've set it up.
Re: SSL support and CloudFlare for Lanik.us forums
Posted: Sat Apr 25, 2015 12:13 am
by funkydude
Around the end of February/Beginning of March.
Re: SSL support and CloudFlare for Lanik.us forums
Posted: Fri May 01, 2015 5:15 pm
by funkydude
It seems to be getting worse by the day, with most proxy sites reporting an "SSL error" when trying to access the website.
Re: SSL support and CloudFlare for Lanik.us forums
Posted: Mon May 04, 2015 11:50 pm
by LanikSJ
I don't see any proxy settings on CloudFlare. Then again I haven't been using it for long. If someone knows, other then me, knows about any proxy that would be great if they can share. The only thing I'm seeing is firewall logs sorted by IP so I could see what's going by IP if you can provide to me. Honestly I don't think its going to do anything beyond confirming there is a problem which we already know. I think this would be something you need to contact CloudFlare about since I have no control what they block or not.
Alternatively I suggest not using a proxy as its known to cause problems.
Re: SSL support and CloudFlare for Lanik.us forums
Posted: Wed May 06, 2015 2:09 pm
by funkydude
I can't not use a proxy, I can no longer access the site directly... I HAVE to use a proxy just to access it, the site is completely broken. It seems there is some form of geo blocking enabled.
Here is an easy way to reproduce it:
https://hide.me/en/proxy
Select Netherlands
type forums.lanik.us
error
Now select USA
type forums.lanik.us
works fine
Re: SSL support and CloudFlare for Lanik.us forums
Posted: Wed May 06, 2015 6:05 pm
by LanikSJ
Re: SSL support and CloudFlare for Lanik.us forums
Posted: Sat May 09, 2015 11:33 am
by funkydude
Lanik wrote:That gives me a 404.
Eh? No it doesn't. It's a top search result.
startpage.com
search lanik forums
select view by ixquick proxy
403 forbidden
goto
https://www.proxfree.com/
type forums.lanik.us
error
I don't really understand why this is taking so long for you to investigate. Personally I'd rather you revert the whole thing.
Restricting users to a site like this is outright stupid, this isn't some kind of top security banking website, it's a forum.
Re: SSL support and CloudFlare for Lanik.us forums
Posted: Mon May 11, 2015 5:14 pm
by LanikSJ
Same problem ... 404.
funkydude wrote:I don't really understand why this is taking so long for you to investigate. Personally I'd rather you revert the whole thing.
That's not going to happen. I'm not going to revert those changes for 1 or even 2 users.
funkydude wrote:Restricting users to a site like this is outright stupid, this isn't some kind of top security banking website, it's a forum.
This is
NOT up for debate. Its take it or leave it simple as that. Unless you're paying my hosting bills this is how it's going to be.
Re: SSL support and CloudFlare for Lanik.us forums
Posted: Tue May 12, 2015 12:50 am
by funkydude
Lanik wrote:Same problem ... 404.
You clearly have proxy websites blocked locally. We're not going to get any further with this until you work that out.
Lanik wrote:That's not going to happen. I'm not going to revert those changes for 1 or even 2 users.
What makes you think this only affects 1 or 2 users? I can't access the website directly, anyone with the same problem would naturally assume the website is down, it just times out. This is clearly a major issue if country specific proxies can't access the website.
Lanik wrote:This is NOT up for debate. Its take it or leave it simple as that. Unless you're paying my hosting bills this is how it's going to be.
That's kind of odd logic there. You're talking about bills in the way someone would reason trying to save money, yet the cloudflare approach is not for those trying to save money...
Re: SSL support and CloudFlare for Lanik.us forums
Posted: Fri Jun 12, 2015 1:37 am
by funkydude
Am I to assume you don't care enough to fix this?
When attempting to access via startpage proxy:
The page you requested could not be retrieved by the StartPage Proxy, as a "403 Forbidden" message was received.
It is possible that the page is not available to anyone. Alternatively, the page may require the use of a certain browser, or cookies, or a password, for access.
Re: SSL support and CloudFlare for Lanik.us forums
Posted: Fri Jun 12, 2015 7:07 pm
by LanikSJ
funkydude wrote:Am I to assume you don't care enough to fix this?
You're right. I don't care to fix a problem
one user is having that I can't reproduce.
Obviously if you're posting this you can get to the site.