Unfortunately not. But I see a couple of modules that I know for a fact I don't need. Will try to clean up the list to see if that has any impact.
Thanks!
Digital Point Image Proxy [Paid] 1.0.4
- Thread starter digitalpoint
- Start date
Thanks!
digitalpoint
Well-known member
One I would definitely look at is the headers_module since that one in particular let's you alter HTTP headers. Like it would be easy for a system administrator to just assume that certain files (based on extension) aren't being generated at the application level. Like they could think they are doing something good by checking if the file exists and then altering some headers based on if it does/doesn't (like adding Cache-Control headers if it does, and HTTP 404 if it doesn't). Although that might not be the case if removing the .png extension didn't change anything (where you request the same URL but without the .png extension on it). As far as XF is concerned it just ignores the extension anyway, so the same URL can be any extension, or no extension... All these are the same as far as XF is concerned:
http://dev.gtswarm.com/proxy/fg6LzO...qh+SW5RuReebtk1zlzLZWyspw6gRkRHtM/NTcGt/image
http://dev.gtswarm.com/proxy/fg6LzO...W5RuReebtk1zlzLZWyspw6gRkRHtM/NTcGt/image.zip
http://dev.gtswarm.com/proxy/fg6LzO...W5RuReebtk1zlzLZWyspw6gRkRHtM/NTcGt/image.png
http://dev.gtswarm.com/proxy/fg6LzO...W5RuReebtk1zlzLZWyspw6gRkRHtM/NTcGt/image.jpg
http://dev.gtswarm.com/proxy/fg6LzO...W5RuReebtk1zlzLZWyspw6gRkRHtM/NTcGt/image.gif
etc...
The only reason the addon adds the .png extension is so that CDNs can cache them images (CloudFlare for example caches static content based on extension, not based on the HTTP content type header): https://support.cloudflare.com/hc/e...ons-does-CloudFlare-cache-for-static-content-
http://dev.gtswarm.com/proxy/fg6LzO...qh+SW5RuReebtk1zlzLZWyspw6gRkRHtM/NTcGt/image
http://dev.gtswarm.com/proxy/fg6LzO...W5RuReebtk1zlzLZWyspw6gRkRHtM/NTcGt/image.zip
http://dev.gtswarm.com/proxy/fg6LzO...W5RuReebtk1zlzLZWyspw6gRkRHtM/NTcGt/image.png
http://dev.gtswarm.com/proxy/fg6LzO...W5RuReebtk1zlzLZWyspw6gRkRHtM/NTcGt/image.jpg
http://dev.gtswarm.com/proxy/fg6LzO...W5RuReebtk1zlzLZWyspw6gRkRHtM/NTcGt/image.gif
etc...
The only reason the addon adds the .png extension is so that CDNs can cache them images (CloudFlare for example caches static content based on extension, not based on the HTTP content type header): https://support.cloudflare.com/hc/e...ons-does-CloudFlare-cache-for-static-content-
SectionEighty
Member
Hi,
I'm a bit unsure if this addon is for me. I'm currently facing a problem: People can get my origin IP through the xenforo built in proxy image. I've had to disable it, rendering my SSL a bit broken. When the proxy image is on, people can grab my real IP and bypass CloudFlare. Will this plugn fix that?
I'm a bit unsure if this addon is for me. I'm currently facing a problem: People can get my origin IP through the xenforo built in proxy image. I've had to disable it, rendering my SSL a bit broken. When the proxy image is on, people can grab my real IP and bypass CloudFlare. Will this plugn fix that?
digitalpoint
Well-known member
No, you will want to disable all proxies.
Robust
Well-known member
@digitalpoint My nginx config is taking /proxy/[...]/image.png literally instead of index.php?proxy/[...]/image.png. I tried my usual workaround and config change for nginx to fix this, but it didn't work. What nginx configuration for XF are you using if I can ask?
digitalpoint
Well-known member
Nothing fancy, just the standard config for XF. This is mine:
Definitely nothing that would fix what you are seeing. I would bet money you have something else going on outside of your XF config that is causing it.
There is no special rules you need for the Image Proxy addon. But that's not to say some servers don't have their own extra rules that might cause issues. I can't tell people what *not* to add to their server config. lol
Code:
location / {
index index.php index.html;
try_files $uri $uri/ /index.php?$uri&$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass php_cluster;
fastcgi_next_upstream error timeout http_500 http_503;
fastcgi_index index.php;
include fastcgi_params;
}Definitely nothing that would fix what you are seeing. I would bet money you have something else going on outside of your XF config that is causing it.
There is no special rules you need for the Image Proxy addon. But that's not to say some servers don't have their own extra rules that might cause issues. I can't tell people what *not* to add to their server config. lol
Robust
Well-known member
Really not sure. I have the same config. I had the same issue on a different box with a completely different config/setup.
https://www.gamingforums.net/proxy/...2cM0zG62TFXEFwyzQY8LdE//XkMeHPPUw==/image.png
^ fail
https://www.gamingforums.net/index....2cM0zG62TFXEFwyzQY8LdE//XkMeHPPUw==/image.png
^ of course, works
Something on my end but I don't have a clue what.
https://www.gamingforums.net/proxy/...2cM0zG62TFXEFwyzQY8LdE//XkMeHPPUw==/image.png
^ fail
https://www.gamingforums.net/index....2cM0zG62TFXEFwyzQY8LdE//XkMeHPPUw==/image.png
^ of course, works
Something on my end but I don't have a clue what.
digitalpoint
Well-known member
If you grep all your Nginx config files for "png", I bet you will find it. Like if you make one of the image proxy URLs have a random extension like ".whatever" does it start working? For the addon/XF routing, the extension is completely ignored, so you can change it to anything you want for testing. If Nginx is setup to intercept certain requests based on extensions (like .png), that should help determine that.
digitalpoint
Well-known member
The URLs you posted show Nginx intercepting requests based on extension before routing to XF... Like this works:
https://www.gamingforums.net/proxy/...G62TFXEFwyzQY8LdE//XkMeHPPUw==/image.whatever
This doesn't work, but you are seeing an Nginx error page, not XF (meaning it never even tries to send the request to the application because it's a .png):
https://www.gamingforums.net/proxy/...2cM0zG62TFXEFwyzQY8LdE//XkMeHPPUw==/image.png
https://www.gamingforums.net/proxy/...G62TFXEFwyzQY8LdE//XkMeHPPUw==/image.whatever
This doesn't work, but you are seeing an Nginx error page, not XF (meaning it never even tries to send the request to the application because it's a .png):
https://www.gamingforums.net/proxy/...2cM0zG62TFXEFwyzQY8LdE//XkMeHPPUw==/image.png
MonstaMunch
Member
I've been told this is what I need and it certainly looks that way, but I'm new at this and I'm assuming I don't get to see the installation instructions until after I buy it. Would it be possible for someone to outline what's involved so I can at least make sure it's something I can set up by myself? Thanks in advance.
digitalpoint
Well-known member
Yep agreed... You could set up your server to access the outside world via a proxy if you have access to one. You will have the same problem with things like sending email since things like registration emails (or any emails) will expose the originating server's IP.
Just wanted to update my findings on the issues I've described in page 8 in case anyone else is having an issue with your web server returning a 404 code for some of images being proxied.
I believe this is due to base64_encode/decode not being 'url' compatible and needing a small workaround:
Base64 - Wikipedia, the free encyclopedia
I found this gist and tested it out and it seems to be working for me:
base64url functionality for php · GitHub
Still YMMV as I am not sure why this is happening on some servers and not other servers. I am running Apache so may be nginx can handle +/= characters converted over to percent-encoded hexadecimals better? No idea.
Added:
Then replaced base64_encode/decode's inside the encrypt/decrypt methods in DigitalPointImageProxy/Helper/Encryption.php as follows:
I believe this is due to base64_encode/decode not being 'url' compatible and needing a small workaround:
Base64 - Wikipedia, the free encyclopedia
I found this gist and tested it out and it seems to be working for me:
base64url functionality for php · GitHub
Still YMMV as I am not sure why this is happening on some servers and not other servers. I am running Apache so may be nginx can handle +/= characters converted over to percent-encoded hexadecimals better? No idea.
Added:
Code:
private static function base64url_encode($data) {
return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
}
private static function base64url_decode($data) {
return base64_decode(str_pad(strtr($data, '-_', '+/'), strlen($data) + (strlen($data) % 4), '=', STR_PAD_RIGHT));
}Then replaced base64_encode/decode's inside the encrypt/decrypt methods in DigitalPointImageProxy/Helper/Encryption.php as follows:
Code:
return DigitalPointImageProxy_Helper_Encryption::base64url_encode(@mcrypt_encrypt(MCRYPT_RIJNDAEL_128, md5(XenForo_Application::getOptions()->get('boardUrl')), $string, MCRYPT_MODE_CFB, substr(md5(XenForo_Application::getOptions()->get('boardUrl')), 0, 16)));
Code:
return @mcrypt_decrypt(MCRYPT_RIJNDAEL_128, md5(XenForo_Application::getOptions()->get('boardUrl')), DigitalPointImageProxy_Helper_Encryption::base64url_decode($string), MCRYPT_MODE_CFB, substr(md5(XenForo_Application::getOptions()->get('boardUrl')), 0, 16));
The Sandman
Well-known member
Started getting these errors this morning - 13 so far:
Code:
Error Info
ErrorException: Fatal Error: Maximum execution time of 300 seconds exceeded - library/DigitalPointImageProxy/Helper/Svg.php:67
Generated By: Unknown Account, Today at 6:45 AM
Stack Trace
#0 [internal function]: XenForo_Application::handleFatalError()
#1 {main}
Request State
array(3) {
["url"] => string(109) "https://theadminzone.com/proxy/aHR0cHM6Ly9rcnlzdGFsLmNvLnVrL2Fzc2V0cy9pbWFnZXMvbG9nby1zbG9nYW4uc3Zn/image.png"
["_GET"] => array(1) {
["/proxy/aHR0cHM6Ly9rcnlzdGFsLmNvLnVrL2Fzc2V0cy9pbWFnZXMvbG9nby1zbG9nYW4uc3Zn/image_png"] => string(0) ""
}
["_POST"] => array(0) {
}
}digitalpoint
Well-known member
What version are you using?
The Sandman
Well-known member
digitalpoint
Well-known member
Any chance you could grep your web logs to see what URL/post on your site has the aHR0cHM6Ly9rcnlzdGFsLmNvLnVrL2Fzc2V0cy9pbWFnZXMvbG9nby1zbG9nYW4uc3Zn image in it? Can't tell on my end because it's an encrypted string with the encryption key being private/unique to your site.
Ultimately need to figure out the original SVG image being proxied... sounds like it could be a malformed SVG or something.
Ultimately need to figure out the original SVG image being proxied... sounds like it could be a malformed SVG or something.
The Sandman
Well-known member
MattW
Well-known member
Don't know what in particular you are looking for, but here you go
Code:
root@ny1:/srv/www/theadminzone.com/logs# zgrep "aHR0cHM6Ly9rcnlzdGFsLmNvLnVrL2Fzc2V0cy9pbWFnZXMvbG9nby1zbG9nYW4uc3Zn" access.log.[2-9].gz
access.log.2.gz:87.112.202.44 - - [06/Aug/2015:06:45:45 -0400] GET /proxy/aHR0cHM6Ly9rcnlzdGFsLmNvLnVrL2Fzc2V0cy9pbWFnZXMvbG9nby1zbG9nYW4uc3Zn/image.png HTTP/1.1 "499" 0 "https://theadminzone.com/threads/krystal-premium-hosting-reseller-packages-vpss.135492/" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.125 Safari/537.36" "-" "-"
access.log.2.gz:87.112.202.44 - - [06/Aug/2015:06:46:04 -0400] GET /proxy/aHR0cHM6Ly9rcnlzdGFsLmNvLnVrL2Fzc2V0cy9pbWFnZXMvbG9nby1zbG9nYW4uc3Zn/image.png HTTP/1.1 "499" 0 "https://theadminzone.com/threads/krystal-premium-hosting-reseller-packages-vpss.135492/" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.125 Safari/537.36" "-" "-"
access.log.2.gz:87.112.202.44 - - [06/Aug/2015:06:47:05 -0400] GET /proxy/aHR0cHM6Ly9rcnlzdGFsLmNvLnVrL2Fzc2V0cy9pbWFnZXMvbG9nby1zbG9nYW4uc3Zn/image.png HTTP/1.1 "504" 584 "https://theadminzone.com/threads/krystal-premium-hosting-reseller-packages-vpss.135492/" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.125 Safari/537.36" "-" "-"
access.log.2.gz:70.194.101.119 - - [06/Aug/2015:06:48:40 -0400] GET /proxy/aHR0cHM6Ly9rcnlzdGFsLmNvLnVrL2Fzc2V0cy9pbWFnZXMvbG9nby1zbG9nYW4uc3Zn/image.png HTTP/1.1 "499" 0 "https://theadminzone.com/threads/krystal-premium-hosting-reseller-packages-vpss.135492/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0" "-" "-"
access.log.2.gz:87.112.202.44 - - [06/Aug/2015:06:54:04 -0400] GET /proxy/aHR0cHM6Ly9rcnlzdGFsLmNvLnVrL2Fzc2V0cy9pbWFnZXMvbG9nby1zbG9nYW4uc3Zn/image.png HTTP/1.1 "499" 0 "https://theadminzone.com/threads/krystal-premium-hosting-reseller-packages-vpss.135492/" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.125 Safari/537.36" "-" "-"
access.log.2.gz:151.228.42.181 - - [06/Aug/2015:07:21:18 -0400] GET /proxy/aHR0cHM6Ly9rcnlzdGFsLmNvLnVrL2Fzc2V0cy9pbWFnZXMvbG9nby1zbG9nYW4uc3Zn/image.png HTTP/1.1 "504" 182 "https://theadminzone.com/threads/krystal-premium-hosting-reseller-packages-vpss.135492/" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0" "-" "-"
access.log.2.gz:151.228.42.181 - - [06/Aug/2015:07:30:06 -0400] GET /proxy/aHR0cHM6Ly9rcnlzdGFsLmNvLnVrL2Fzc2V0cy9pbWFnZXMvbG9nby1zbG9nYW4uc3Zn/image.png HTTP/1.1 "499" 0 "https://theadminzone.com/threads/krystal-premium-hosting-reseller-packages-vpss.135492/" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0" "-" "-"
access.log.2.gz:71.76.164.30 - - [06/Aug/2015:07:34:24 -0400] GET /proxy/aHR0cHM6Ly9rcnlzdGFsLmNvLnVrL2Fzc2V0cy9pbWFnZXMvbG9nby1zbG9nYW4uc3Zn/image.png HTTP/1.1 "499" 0 "https://theadminzone.com/threads/krystal-premium-hosting-reseller-packages-vpss.135492/" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.125 Safari/537.36" "-" "-"
access.log.2.gz:87.112.202.44 - - [06/Aug/2015:07:47:43 -0400] GET /proxy/aHR0cHM6Ly9rcnlzdGFsLmNvLnVrL2Fzc2V0cy9pbWFnZXMvbG9nby1zbG9nYW4uc3Zn/image.png HTTP/1.1 "504" 584 "https://theadminzone.com/threads/krystal-premium-hosting-reseller-packages-vpss.135492/" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.125 Safari/537.36" "-" "-"
access.log.2.gz:2607:fb90:b2c:9e69:cdff:4854:1632:ed9 - - [06/Aug/2015:07:58:32 -0400] GET /proxy/aHR0cHM6Ly9rcnlzdGFsLmNvLnVrL2Fzc2V0cy9pbWFnZXMvbG9nby1zbG9nYW4uc3Zn/image.png HTTP/1.1 "499" 0 "https://theadminzone.com/threads/krystal-premium-hosting-reseller-packages-vpss.135492/" "Mozilla/5.0 (Linux; Android 4.4.2; LG-D959 Build/KOT49I.D95920s) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36" "-" "-"
access.log.2.gz:183.82.214.8 - - [06/Aug/2015:08:10:04 -0400] GET /proxy/aHR0cHM6Ly9rcnlzdGFsLmNvLnVrL2Fzc2V0cy9pbWFnZXMvbG9nby1zbG9nYW4uc3Zn/image.png HTTP/1.1 "504" 584 "https://theadminzone.com/threads/krystal-premium-hosting-reseller-packages-vpss.135492/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.130 Safari/537.36" "-" "-"
access.log.2.gz:183.82.214.8 - - [06/Aug/2015:08:13:20 -0400] GET /proxy/aHR0cHM6Ly9rcnlzdGFsLmNvLnVrL2Fzc2V0cy9pbWFnZXMvbG9nby1zbG9nYW4uc3Zn/image.png HTTP/1.1 "499" 0 "https://theadminzone.com/threads/krystal-premium-hosting-reseller-packages-vpss.135492/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.130 Safari/537.36" "-" "-"
access.log.2.gz:183.82.214.8 - - [06/Aug/2015:08:13:22 -0400] GET /proxy/aHR0cHM6Ly9rcnlzdGFsLmNvLnVrL2Fzc2V0cy9pbWFnZXMvbG9nby1zbG9nYW4uc3Zn/image.png HTTP/1.1 "499" 0 "https://theadminzone.com/threads/krystal-premium-hosting-reseller-packages-vpss.135492/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.130 Safari/537.36" "-" "-"
access.log.2.gz:86.185.220.46 - - [06/Aug/2015:08:38:38 -0400] GET /proxy/aHR0cHM6Ly9rcnlzdGFsLmNvLnVrL2Fzc2V0cy9pbWFnZXMvbG9nby1zbG9nYW4uc3Zn/image.png HTTP/1.1 "499" 0 "https://theadminzone.com/threads/krystal-premium-hosting-reseller-packages-vpss.135492/" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.130 Safari/537.36" "-" "-"
access.log.2.gz:180.216.109.240 - - [06/Aug/2015:08:54:14 -0400] GET /proxy/aHR0cHM6Ly9rcnlzdGFsLmNvLnVrL2Fzc2V0cy9pbWFnZXMvbG9nby1zbG9nYW4uc3Zn/image.png HTTP/1.1 "504" 182 "https://theadminzone.com/threads/krystal-premium-hosting-reseller-packages-vpss.135492/" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0" "-" "-"
access.log.2.gz:195.188.150.130 - - [06/Aug/2015:08:58:03 -0400] GET /proxy/aHR0cHM6Ly9rcnlzdGFsLmNvLnVrL2Fzc2V0cy9pbWFnZXMvbG9nby1zbG9nYW4uc3Zn/image.png HTTP/1.1 "499" 0 "https://theadminzone.com/threads/krystal-premium-hosting-reseller-packages-vpss.135492/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.125 Safari/537.36" "-" "-"
access.log.2.gz:24.129.152.50 - - [06/Aug/2015:08:59:27 -0400] GET /proxy/aHR0cHM6Ly9rcnlzdGFsLmNvLnVrL2Fzc2V0cy9pbWFnZXMvbG9nby1zbG9nYW4uc3Zn/image.png HTTP/1.1 "504" 182 "https://theadminzone.com/threads/krystal-premium-hosting-reseller-packages-vpss.135492/" "Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4" "-" "-"
access.log.2.gz:24.129.152.50 - - [06/Aug/2015:09:01:29 -0400] GET /proxy/aHR0cHM6Ly9rcnlzdGFsLmNvLnVrL2Fzc2V0cy9pbWFnZXMvbG9nby1zbG9nYW4uc3Zn/image.png HTTP/1.1 "499" 0 "https://theadminzone.com/threads/krystal-premium-hosting-reseller-packages-vpss.135492/" "Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4" "-" "-"
access.log.2.gz:24.129.152.50 - - [06/Aug/2015:10:16:48 -0400] GET /proxy/aHR0cHM6Ly9rcnlzdGFsLmNvLnVrL2Fzc2V0cy9pbWFnZXMvbG9nby1zbG9nYW4uc3Zn/image.png HTTP/1.1 "499" 0 "https://theadminzone.com/threads/krystal-premium-hosting-reseller-packages-vpss.135492/" "Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4" "-" "-"
access.log.2.gz:178.162.216.34 - - [06/Aug/2015:16:05:06 -0400] GET /proxy/aHR0cHM6Ly9rcnlzdGFsLmNvLnVrL2Fzc2V0cy9pbWFnZXMvbG9nby1zbG9nYW4uc3Zn/image.png HTTP/1.1 "504" 584 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.130 Safari/537.36" "-" "-"
access.log.2.gz:178.162.216.34 - - [06/Aug/2015:16:06:07 -0400] GET /proxy/aHR0cHM6Ly9rcnlzdGFsLmNvLnVrL2Fzc2V0cy9pbWFnZXMvbG9nby1zbG9nYW4uc3Zn/image.png HTTP/1.1 "504" 584 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.130 Safari/537.36" "-" "-"
root@ny1:/srv/www/theadminzone.com/logs#Similar threads
