First Numbers from CloudFlare
-
@coliver said in First Numbers from CloudFlare:
Probably because the images are hosted by imgur?
Imgur, CloudFiles and things that people link directly. Sadly there isn't an easy fix to this one. Imgur is, I think, the easiest fix. CloudFiles doesn't appear to work. We looked into it and HTTPS doesn't work. For the ad hoc links, there is no solution except to ban them and break existing links.
-
@aaronstuder said in First Numbers from CloudFlare:
@scottalanmiller said:
But email was NOT on MY to do list. You never waited for me.
I'll read between the lines there
I had it implemented and ready to go around April, 2014.
-
It would be awesome if we could get CloudFiles to work with SSL. I'll look into it again when I'm back in the States. Which is soon. I definitely want that working and if we can fix CloudSites that handles 90% of the remaining issues. The ad hocs, I think we have to live with and hopefully they come up rarely.
-
@scottalanmiller said:
It's never been on my to do list. But HTTPS works. Are you using it? After the first month it only ever got up to 6% usage.
It only gets %6 usage because it's not enabled be default.
All 10 of the top 10 websites in the US have HTTPS by default, why not here too?
Also, defines "works" - as far as I am concerned it's only working, when you don't get any errors
https://support.google.com/chrome/answer/95617?p=ui_security_indicator&rd=1
-
@aaronstuder said in First Numbers from CloudFlare:
It only gets %6 usage because it's not enabled be default.
AND that only 6% of people care. If anyone cares, they get HTTPS. All this proves is that it isn't a priority for many people.
That we could FORCE it and get 100% doesn't tell us that it is useful or that people care. Only that we can make it happen.
-
@aaronstuder said in First Numbers from CloudFlare:
All 10 of the top 10 websites in the US have HTTPS by default, why not here too?
I'm confused by the use of the term default. It's certainly as much the default here as anything else.
-
@aaronstuder said in First Numbers from CloudFlare:
Also, defines "works" - as far as I am concerned it's only working, when you don't get any errors
So here are the options: either it works as it does not, or SSL isn't an option. Unless we disable media embedding. Sucks, but thems the breaks. If you have a solution to this that keeps things working AND allows for "no errors" to satisfy you, let me know what they are. I'm not saying it's impossible, but it's not something that I know how to address.
-
@scottalanmiller said:
I'm confused by the use of the term default. It's certainly as much the default here as anything else.
a preselected option adopted by a computer program or other mechanism when no alternative is specified by the user or programmer.
-
If I could magically make every request go over HTTPS, that would be awesome. But I just don't know how to make that happen. The top ten sites, I assume, all are not communities, right? So while on one hand you can look at the world from that perspective, there also needs to be some understanding that it's a different animal as well. Google and Facebook are different in many ways than ML. Similar in some ways too. But they definitely can do things that we cannot. And vice versa.
-
@aaronstuder said in First Numbers from CloudFlare:
@scottalanmiller said:
I'm confused by the use of the term default. It's certainly as much the default here as anything else.
a preselected option adopted by a computer program or other mechanism when no alternative is specified by the user or programmer.
Sure. And we have that, don't we? Since the end user has no choice but to select one, there is no concept of default in web protocols. So default can't be used in a discussion of HTTP vs HTTPS.
-
AFAIK, there are only two ways to have a HTTP vs HTTPS work.
- Standard. Both HTTP and HTTPS are available. The user selects the one that they want (or they allow their browser to choose for them which is the same thing as the browser is the user to us) and they get what they want.
- Forced. Where the web server only provides one or the other, period, no matter what the user / or user agent requests.
Is there some additional possibility of which I am not aware?
-
@scottalanmiller said in First Numbers from CloudFlare:
AFAIK, there are only two ways to have a HTTP vs HTTPS work.
- Standard. Both HTTP and HTTPS are available. The user selects the one that they want (or they allow their browser to choose for them which is the same thing as the browser is the user to us) and they get what they want.
- Forced. Where the web server only provides one or the other, period, no matter what the user / or user agent requests.
Is there some additional possibility of which I am not aware?
Yes
-
@scottalanmiller The only error you are getting is mixed content, however imgur, and gravatar are already using HTTPS, proving my point that many sites are moving to HTTPS.
Seems to me only thing that is braking it is the rackcdn.com links - which could be fixed with a simple find replace.
-
@scottalanmiller said):
Imgur is, I think, the easiest fix.
There is nothing to fix, there already using HTTPS - see my post above.
-
@aaronstuder said in First Numbers from CloudFlare:
Seems to me only thing that is braking it is the rackcdn.com links - which could be fixed with a simple find replace.
Tried that and HTTPS links don't work. Do you see them working if you try that manually? Because if failed in tests here.
-
https://www.gravatar.com/avatar/d307fc23b9b79ac6c4f634f5f61d1c3d?size=192 https://i.imgur.com/xkR0aDU.jpg https://i.imgur.com/weCGPL4.jpg https://www.gravatar.com/avatar/260a5ce35cea9b07f139f50656cc82e5?size=192 https://i.imgur.com/unVk36Q.jpg https://www.gravatar.com/avatar/377dbb734a8277129a83e0fb1deb2bfd?size=192 http://21e0807cedce0f3145d0-a2bfed9a52e3055ccb3a48938906d1fd.r85.cf5.rackcdn.com/thumbnails/winelogo.png https://i.imgur.com/1d6aEJR.gif https://www.gravatar.com/avatar/27b1719d12759a429450e1d4746165fe?size=192 https://i.imgur.com/6GuoYrX.jpg https://i.imgur.com/oIEDGO6.jpg https://i.imgur.com/gS2JKQM.jpg http://21e0807cedce0f3145d0-a2bfed9a52e3055ccb3a48938906d1fd.r85.cf5.rackcdn.com/thumbnails/gaming.png https://i.imgur.com/c8RlkHY.jpg http://21e0807cedce0f3145d0-a2bfed9a52e3055ccb3a48938906d1fd.r85.cf5.rackcdn.com/giphy-facebook_s.jpg https://i.imgur.com/oGPS6PK.jpg https://i.imgur.com/jI2PTU0.jpg https://i.imgur.com/pOzWbGb.jpg https://i.imgur.com/idCm87t.jpg https://www.gravatar.com/avatar/3878d5e56d737cafdea8eaecf7dcc3f2?size=192 https://i.imgur.com/Qb2tAbY.jpg https://i.imgur.com/a5QvU6u.png https://www.gravatar.com/avatar/2016aac6733323a413cdb807883d92ba?size=192 https://www.gravatar.com/avatar/2408350250640df2fd5387d497533f15?size=192 https://i.imgur.com/VDi6mxv.jpg https://i.imgur.com/g0Yx0ll.jpg https://www.gravatar.com/avatar/451eb47bd9077a82e5338c5f29f7ec3d?size=192 https://i.imgur.com/mYgKHyx.jpg https://www.gravatar.com/avatar/46c1d8531a28365103adb2c5fa287585?size=192 https://i.imgur.com/WEESgKu.jpg https://i.imgur.com/BT6vPRE.jpg https://www.gravatar.com/avatar/b049205082b26309cc5386e339db71ad?size=192 https://www.gravatar.com/avatar/63205077d69aa1eec7f656f3525d4216?size=192 https://i.imgur.com/mckiOkj.jpg https://i.imgur.com/VFBFkju.jpg https://www.gravatar.com/avatar/1cb8b44c06ee9d8376a84d9c17af4dc5?size=192 https://i.imgur.com/tqw2V2d.png https://i.imgur.com/gblZvZH.png https://i.imgur.com/4E7r7zv.jpg http://21e0807cedce0f3145d0-a2bfed9a52e3055ccb3a48938906d1fd.r85.cf5.rackcdn.com/cat.jpg https://www.gravatar.com/avatar/d307fc23b9b79ac6c4f634f5f61d1c3d?size=192 https://i.imgur.com/xkR0aDU.jpg https://i.imgur.com/weCGPL4.jpg https://www.gravatar.com/avatar/260a5ce35cea9b07f139f50656cc82e5?size=192 https://i.imgur.com/unVk36Q.jpg https://www.gravatar.com/avatar/377dbb734a8277129a83e0fb1deb2bfd?size=192 http://21e0807cedce0f3145d0-a2bfed9a52e3055ccb3a48938906d1fd.r85.cf5.rackcdn.com/thumbnails/winelogo.png https://i.imgur.com/1d6aEJR.gif https://www.gravatar.com/avatar/27b1719d12759a429450e1d4746165fe?size=192 https://i.imgur.com/6GuoYrX.jpg https://i.imgur.com/oIEDGO6.jpg https://i.imgur.com/gS2JKQM.jpg http://21e0807cedce0f3145d0-a2bfed9a52e3055ccb3a48938906d1fd.r85.cf5.rackcdn.com/thumbnails/gaming.png https://i.imgur.com/c8RlkHY.jpg http://21e0807cedce0f3145d0-a2bfed9a52e3055ccb3a48938906d1fd.r85.cf5.rackcdn.com/giphy-facebook_s.jpg https://i.imgur.com/oGPS6PK.jpg https://i.imgur.com/jI2PTU0.jpg https://i.imgur.com/pOzWbGb.jpg https://i.imgur.com/idCm87t.jpg https://www.gravatar.com/avatar/3878d5e56d737cafdea8eaecf7dcc3f2?size=192 https://i.imgur.com/Qb2tAbY.jpg https://i.imgur.com/a5QvU6u.png https://www.gravatar.com/avatar/2016aac6733323a413cdb807883d92ba?size=192 https://www.gravatar.com/avatar/2408350250640df2fd5387d497533f15?size=192 https://i.imgur.com/VDi6mxv.jpg https://i.imgur.com/g0Yx0ll.jpg https://www.gravatar.com/avatar/451eb47bd9077a82e5338c5f29f7ec3d?size=192 https://i.imgur.com/mYgKHyx.jpg https://www.gravatar.com/avatar/46c1d8531a28365103adb2c5fa287585?size=192 https://i.imgur.com/WEESgKu.jpg https://i.imgur.com/BT6vPRE.jpg https://www.gravatar.com/avatar/b049205082b26309cc5386e339db71ad?size=192 https://www.gravatar.com/avatar/63205077d69aa1eec7f656f3525d4216?size=192 https://i.imgur.com/mckiOkj.jpg https://i.imgur.com/VFBFkju.jpg https://www.gravatar.com/avatar/1cb8b44c06ee9d8376a84d9c17af4dc5?size=192 https://i.imgur.com/tqw2V2d.png https://i.imgur.com/gblZvZH.png https://i.imgur.com/4E7r7zv.jpg http://21e0807cedce0f3145d0-a2bfed9a52e3055ccb3a48938906d1fd.r85.cf5.rackcdn.com/cat.jpg
-
@scottalanmiller Redirects in the VirtualHost section. A quick example from my now well secured default CentOS Apache page
RewriteEngine on RewriteCond %{SERVER_NAME} =www.travisdh1.net [OR] RewriteCond %{SERVER_NAME} =travisdh1.net RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
-
Anyone (probably @JaredBusch ) know if there is a way to force HTTPS from CloudFlare? If we can force it there, it would make sense (e.g. a CF managed redirect.) Seems like an easy thing to do there, but I don't see it in the interface.
-
I want to know where Gravatar avatar links are coming from as there is no Gravatar plugin!
-