SSL support and CloudFlare for Lanik.us forums
SSL support and CloudFlare for Lanik.us forums
All,
I've enabled SSL support for this forum as well as put it up on CloudFlare (http://www.cloudflare.com). If you have any questions please post them in this thread.
Thank you.
I've enabled SSL support for this forum as well as put it up on CloudFlare (http://www.cloudflare.com). If you have any questions please post them in this thread.
Thank you.
"If it ain't broke don't fix it."
If you mean this then I would have to see if my host and/or CloudFlare support it.
"If it ain't broke don't fix it."
Cloudflare would support it, it'd query it with your host
https://raymii.org/s/tutorials/HTTP_Str ... httpd.html
https://raymii.org/s/tutorials/HTTP_Str ... httpd.html
Here is what I put in .htaccess myself:fanboy wrote:Could use HSTS instead?
Code: Select all
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Thanks again for enabling HTTPS!
Thanks I've added that to my .htaccess (I wish I had access to Apache but its a hosted account ).harol wrote:Code: Select all
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains"
I've also added this to my .htaccess:
Code: Select all
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
You're welcome. We're passing usernames and passwords once people sign up and login and its about time we're doing it through HTTPS, especially this day and age.harol wrote:Thanks again for enabling HTTPS!
"If it ain't broke don't fix it."
now ...this forum is not available anymore from chrome on windows XP
A secure connection cannot be established because this site uses an unsupported protocol.
Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
A secure connection cannot be established because this site uses an unsupported protocol.
Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Does it apply to Firefox in xp?
https://www.cloudflare.com/ssl
I can see why given security around older operating systems, as well as limitations by Chrome on XP.Universal SSL uses SNI certificates with ECDSA. SNI & ECDSA certs work with the following modern browsers:
Desktop Browsers
Internet Explorer 7 and later
Firefox 2
Opera 8 with TLS 1.1 enabled
Google Chrome:
Supported on Vista and later by default
OS X 10.5.7 in Chrome Version 5.0.342.0 and later
Safari 2.1 and later (requires OS X 10.5.6 and later or Windows Vista and later)
those still with windows XP (still 20% in windows world...) can use only firefox to visit the forum
Going by stats, XP Web Clients is around 16-5% depending on your measurement http://en.wikipedia.org/wiki/Usage_shar ... ng_systems (and decreasing).
- The options could be to disable hsts so it'll allow non-https for older browsers
- Ditch the CDN, and just use a cert
- Keep the status quo, given the small percentages of XP users. Firefox still an option here
Sorry I have no love lost for a 14 year old operating system. If this becomes more of an issue besides one person I may change my mind, but not at this time as a workaround is still available.intense wrote:now ...this forum is not available anymore from chrome on windows XP
A secure connection cannot be established because this site uses an unsupported protocol.
Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
"If it ain't broke don't fix it."
- smed79 Verified
- Liste AR/FR Author
- Posts: 15839
- Joined: Sun Jan 17, 2010 4:00 am
- Location: EasyList Forum
on Windows XP, IE & Chrome can not manage ECDSA certificates > try using firefox or firefox portable edition.intense wrote:now ...this forum is not available anymore from chrome on windows XP
source: https://code.google.com/p/chromium/issu ... ?id=431176
I ended up here trying to find out why I couldn't access the forum anymore. At first I thought the site was down, until I figured out Chrome was the issue. And now I'm learning that you don't care about users on XP. Thank you, nice to know.
Its not we don't care, XP is an aging OS and the limitation is within Chrome itself. The SSL/CDN upgrade is to benefit 90-95% of the community, over a small minority of users not willing to upgrade their OS.. what needs to give?midas wrote:And now I'm learning that you don't care about users on XP. Thank you, nice to know.
Anyways there is always Firefox to get around the issue of Chrome on XP.
-
- New Member
- Posts: 1
- Joined: Mon Apr 13, 2015 7:01 pm
Cloudfare blocks Tor users by default with an unreadable captcha.
This may be disabled on a per cloudfare account basis.
Please look into it.
And just to get it out because I spent 20 minutes just to get the above message to you:
* lanik.us doens't have a webmaster@ email address.
* the keycaptcha required when registering doesn't work on Firefox 37 Linux. It may very well be some ublock/other addon interference but I did try disabling all for this site.
This may be disabled on a per cloudfare account basis.
Please look into it.
And just to get it out because I spent 20 minutes just to get the above message to you:
* lanik.us doens't have a webmaster@ email address.
* the keycaptcha required when registering doesn't work on Firefox 37 Linux. It may very well be some ublock/other addon interference but I did try disabling all for this site.
I'll check for Tor settings on CloudFlare.
You're correct I'm not using webmaster@ email. I'm using a different email to keep my mailbox somewhat spam free. PM me and I'll tell you what it is.
Captcha worked for me on Chrome last time I looked.
You're correct I'm not using webmaster@ email. I'm using a different email to keep my mailbox somewhat spam free. PM me and I'll tell you what it is.
Captcha worked for me on Chrome last time I looked.
"If it ain't broke don't fix it."
It's not a Windows XP issue, at least not solely, since I'm not using that. There is definitely connection issues that have nothing to do with the browser. I cannot access the website directly anymore, as I posted in the "bumping" thread, but was completely ignored by lanik.
The proxy I was using last time has now also been blocked and I'm having to use a different proxy to access the website, in the exact same browser.
While I could blame this issue on changing to cloudflare, the fact is this issue started happening AFTER that. So I can only assume a setting has been changed that is overly aggressive.
There is no captcha, the connection just times out.
The proxy I was using last time has now also been blocked and I'm having to use a different proxy to access the website, in the exact same browser.
While I could blame this issue on changing to cloudflare, the fact is this issue started happening AFTER that. So I can only assume a setting has been changed that is overly aggressive.
There is no captcha, the connection just times out.
Around what time did it start happening?
I haven't made changes to CloudeFlare since I've set it up.
I haven't made changes to CloudeFlare since I've set it up.
"If it ain't broke don't fix it."
Around the end of February/Beginning of March.
It seems to be getting worse by the day, with most proxy sites reporting an "SSL error" when trying to access the website.
I don't see any proxy settings on CloudFlare. Then again I haven't been using it for long. If someone knows, other then me, knows about any proxy that would be great if they can share. The only thing I'm seeing is firewall logs sorted by IP so I could see what's going by IP if you can provide to me. Honestly I don't think its going to do anything beyond confirming there is a problem which we already know. I think this would be something you need to contact CloudFlare about since I have no control what they block or not.
Alternatively I suggest not using a proxy as its known to cause problems.
Alternatively I suggest not using a proxy as its known to cause problems.
"If it ain't broke don't fix it."
I can't not use a proxy, I can no longer access the site directly... I HAVE to use a proxy just to access it, the site is completely broken. It seems there is some form of geo blocking enabled.
Here is an easy way to reproduce it:
https://hide.me/en/proxy
Select Netherlands
type forums.lanik.us
error
Now select USA
type forums.lanik.us
works fine
Here is an easy way to reproduce it:
https://hide.me/en/proxy
Select Netherlands
type forums.lanik.us
error
Now select USA
type forums.lanik.us
works fine
That gives me a 404.funkydude wrote:https://hide.me/en/proxy
"If it ain't broke don't fix it."
Eh? No it doesn't. It's a top search result.Lanik wrote:That gives me a 404.funkydude wrote:https://hide.me/en/proxy
startpage.com
search lanik forums
select view by ixquick proxy
403 forbidden
goto https://www.proxfree.com/
type forums.lanik.us
error
I don't really understand why this is taking so long for you to investigate. Personally I'd rather you revert the whole thing.
Restricting users to a site like this is outright stupid, this isn't some kind of top security banking website, it's a forum.
Same problem ... 404.funkydude wrote:https://www.proxfree.com/
That's not going to happen. I'm not going to revert those changes for 1 or even 2 users.funkydude wrote:I don't really understand why this is taking so long for you to investigate. Personally I'd rather you revert the whole thing.
This is NOT up for debate. Its take it or leave it simple as that. Unless you're paying my hosting bills this is how it's going to be.funkydude wrote:Restricting users to a site like this is outright stupid, this isn't some kind of top security banking website, it's a forum.
"If it ain't broke don't fix it."
You clearly have proxy websites blocked locally. We're not going to get any further with this until you work that out.Lanik wrote:Same problem ... 404.
What makes you think this only affects 1 or 2 users? I can't access the website directly, anyone with the same problem would naturally assume the website is down, it just times out. This is clearly a major issue if country specific proxies can't access the website.Lanik wrote:That's not going to happen. I'm not going to revert those changes for 1 or even 2 users.
That's kind of odd logic there. You're talking about bills in the way someone would reason trying to save money, yet the cloudflare approach is not for those trying to save money...Lanik wrote:This is NOT up for debate. Its take it or leave it simple as that. Unless you're paying my hosting bills this is how it's going to be.
Am I to assume you don't care enough to fix this?
When attempting to access via startpage proxy:
When attempting to access via startpage proxy:
The page you requested could not be retrieved by the StartPage Proxy, as a "403 Forbidden" message was received.
It is possible that the page is not available to anyone. Alternatively, the page may require the use of a certain browser, or cookies, or a password, for access.
You're right. I don't care to fix a problem one user is having that I can't reproduce.funkydude wrote:Am I to assume you don't care enough to fix this?
Obviously if you're posting this you can get to the site.
"If it ain't broke don't fix it."