[3.2][BETA] Image Redirect

A place for Extension Authors to post and receive feedback on Extensions still in development. No Extensions within this forum should be used within a live environment!
Scam Warning
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

IMPORTANT: Extensions Development rules

IMPORTANT FOR NEEDED EVENTS!!!
If you need an event for your extension please read this for the steps to follow to request the event(s)
v12mike
Registered User
Posts: 246
Joined: Thu Jul 09, 2015 5:03 pm

[3.2][BETA] Image Redirect

Post by v12mike » Sat Sep 22, 2018 7:21 am

Extension Name: Image Redirect
Author: v12mike

Extension Description: An extension for automatically redirecting links inserted with BBCode [IMG] tags
Extension Version: 2.0.0-b2

Extension Download: https://github.com/v12mike/imageredirec ... 0.0-b2.zip
Source Repository: github:repository: https://github.com/v12mike/imageredirect

Features:
This extension provides 2 main features, which may be used individually or together:
  1. Secure image proxy redirection:
    • Eliminates insecure or mixed content browser warnings by redirecting external image links with http:// protocol to a secure proxy server
    • More efficient than the phpBB/sslAssets extension.
  2. Local image store redirection:
    • Redirects external image links to a local store of harvested image files
Requirements:
  1. Secure image proxy redirection:
    • This version requires phpBB 3.2.x
    • The secure image proxy feature requires a secure proxy server (e.g. a Camo Proxy) which is not part of this extension.
  2. Local image store redirection:
    • This version requires phpBB 3.2.x
    • The redirection to a local image store feature requires that image files have been harvested and stored in a suitable format. Scripts for achieving this are available separately (see: viewtopic.php?f=6&t=2429041#p14776436).
Last edited by v12mike on Sun Oct 07, 2018 1:34 pm, edited 2 times in total.

v12mike
Registered User
Posts: 246
Joined: Thu Jul 09, 2015 5:03 pm

Re: [3.2][BETA] Image Redirect

Post by v12mike » Sat Sep 22, 2018 7:22 am

Explanation of the Secure Image Proxy feature::
If a phpBB board is served from a https:// server, all of the locally hosted content will be served over https:// and a browser will report it as a secure site, but any BBCode [IMG] links posted by users pointing to http://... will appear to browsers to be insecure content, in some browsers promoting a security warning dialogue, and in other browsers resulting in the image becoming inaccessible. It has been reported that insecure content has a negative impact on Google SEO.

An accepted solution for fixing mixed external content is to use a SSL proxy server to make the images appear to be secure. Camo is an example of such a proxy.

With this extension installed, when a phpBB page is being loaded by a user, [IMG] links to http://... images are rewritten by the phpBB renderer so that they become https:// links to the ssecure proxy server, with the original link address encoded into the new link. The user's browser then requests the image from the secure proxy which accesses the original hosting server and re-serves the content on-the-fly using the https:// protocol.

As it is assumed that the server hosting the phpBB board is able to support the https:// protocol, any http://... [IMG] links to the server hosting the phpBB board will be directly re-written to access the original server via https:// bypassing the camo proxy.

This phpBB extension does not supply the actual proxy service, you will need to install camo separately outside of phpBB (but perhaps on the same server), or use another SSL proxy service.

Explanation of the Local Image Store feature feature:
Some phpBB forums (particularly those which have been around for several years) have a large number of posts which contain inline images linked using the BBCode [IMG] tag. Over time a proportion of these images suffer "link rot" and disappear from the forum because the image is removed from the original external host, or the original host goes permanently off-line. This can cause significant anguish to users who expect the forum to provide a lasting historical record.

In some cases the images can be re-hosted or uploaded as attachments to the forum, but often this does not happen because the original poster has moved on (in one sense or another) or no copy of the image can be found for re-hosting. We have taken the approach of making a backup copy of all externally-hosted in-line images on our forum, which are saved to a local server directory.

This extension provides the last linkin the chain by redirecting external [IMG] tags to the locally hosted copy. If there is no locally hosted copy, the original link is used.

History of this extension:
This extension started life in 2016 as an attempt to improve the phpBB/sslAssets extension for redirecting http:// image links to a camo proxy server by adding configurability via the ACP. See v12mike/camosslimageproxy. After that extension was declared abandoned, I just used it on my own forums.

Then when Photobucket started hiding images that users had linked to our forums, I wrote some scripts that harvested externally hosted images for local storage. To display these local images, I added an extra mode to my existing extension and renamed it to Image Redirect. A number of forums have to my knowledge been using v1.x of this extension since then.

The original phpBB/sslAssets extension and v1.x of this extension worked by parsing the html output of the phpBB renderer, looking for html code that the renderer would bave produced from a BBCode [IMG] tag. While working on an idea for a different extension, I became more familiar with the s9e parser/renderer introduced into phpBB v3.2 and it became obvious that it would be more efficient to re-implement this extension to hook into the renderer, avoiding the html parsing operation. That rework has become v2.0 of this extension, and I thought it worth publishing it here.

v12mike
Registered User
Posts: 246
Joined: Thu Jul 09, 2015 5:03 pm

Re: [3.2][BETA] Image Redirect

Post by v12mike » Sat Sep 22, 2018 7:22 am

Installation:
You can install this on any release of phpBB 3.2 by following the steps below:
  • In the `ext/` directory of your phpBB board, create a new directory named `v12mike/` (if it does not already exist) and navigate to it
  • Create a directory 'imageredirect'.
  • Copy the extension files into the directory 'ext/v12mike/imageredirect/'.
  • Navigate in the ACP to `Customise -> Manage extensions`.
  • Look for `Image Redirect` under the Disabled Extensions list, and click its `Enable` link.
Configuration of Secure Proxy mode:
  • Configuration for 'camo' mode:
    This applies if you are using a camo proxy.
    • Navigate in the ACP to 'Extensions -> Image Redirect -> Proxy Settings'.
    • Ensure that 'Camo Mode' is selected and that 'Proxy Mode' is enabled
    • Enter the proxy address without protocol specifier or trailing / e.g. mydomain.com/camo (these are added automatically)
    • Enter the camo API key (as defined in your cam server configuration)
    • Click the "save proxy configuration" button
  • Configuration for 'simple' mode:
    This applies if you are using an alternate (not camo) proxy.
    Note that the proxy url generated is of the form: https://my_proxy_domain/prefixoriginal_stripped_urlsuffix, where original_stripped_url is the original image url with the leading http:// stripped off.
    • Navigate in the ACP to 'Extensions -> Image Redirect -> Proxy Settings'.
    • Ensure that 'Simple Mode' is selected and that 'Proxy Mode' is enabled
    • Enter the proxy address myproxydomain/prefix (without protocol specifier) e.g. res.cloudinary.com/abcdefg/image/fetch/http:// Note that the leading http:// will be stripped off of the original image link, so should be added here if needed.
    • Enter any suffix to be appended to the url mysuffix as the camo API key (or leave it blank)
    • Click the "save proxy configuration" button
Configuration of Local Image Store mode:
This applies if you are using a local image store located (or symlinked) somewhere under the board root directory.
  • Navigate in the ACP to 'Extensions -> Image Redirect -> Local Image Store Settings'.
  • Ensure that 'Local Image Store Mode' is enabled
  • Enter the path to your local image store directory (e.g. images/ext/)
  • Click the "save local image store settings" button

v12mike
Registered User
Posts: 246
Joined: Thu Jul 09, 2015 5:03 pm

Re: [3.2][BETA] Image Redirect

Post by v12mike » Sat Sep 22, 2018 7:23 am

Reserved

User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 3243
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James
Contact:

Re: [3.2][BETA] Image Redirect

Post by HiFiKabin » Sat Sep 22, 2018 7:27 am

Sounds brilliant Mike. Downloading it now.

User avatar
AmigoJack
Registered User
Posts: 5332
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: [3.2][BETA] Image Redirect

Post by AmigoJack » Sat Sep 22, 2018 12:13 pm

v12mike wrote:
Sat Sep 22, 2018 7:22 am
The user's browser then requests the image from the secure proxy which accesses the original hosting server and re-serves the content on-the-fly using the https:// protocol.
I understand which problem(s) this extensions wants to resolve and I guess the vast majority of users want/love it. But practising this undermines security and SSL and has happened before and elsewhere - it will just reset the trust level over time back to before HTTPS became popular, because then every website can appear secure and under the hood it's accessing everything unsecured.

To whoever reads this: the concept of using SSL/HTTPS is not to "make the internet browser giving your website a green icon". If your website embeds HTTP resources then better decide between dumping those resources or not serving your website in HTTPS to begin with. Using proxies in this way is dishonest and wrong - the whole idea of internet browsers warning users about mixed content is nowadays broken because of most people eliminating symptoms instead of problems.
The worst thing about censorship is ███████████

v12mike
Registered User
Posts: 246
Joined: Thu Jul 09, 2015 5:03 pm

Re: [3.2][BETA] Image Redirect

Post by v12mike » Sat Sep 22, 2018 12:21 pm

Do you have a issue with the phpBB.com forums using the same technique? That is where I learned the concept.

[edit]
It is worth noting that this extension only modifies <img src=... > urls. This means that a standards compliant browser will only attempt to render the contents of a link as an image. it will not attempt to run any script that is hiding in the linked content.
[/edit]

User avatar
lopoto
Registered User
Posts: 86
Joined: Thu Feb 12, 2015 3:13 pm

Re: [3.2][BETA] Image Redirect

Post by lopoto » Sat Sep 22, 2018 3:57 pm

You can clearly describe how to configure for - Local Image Store mode:

for dummes :mrgreen: please

v12mike
Registered User
Posts: 246
Joined: Thu Jul 09, 2015 5:03 pm

Re: [3.2][BETA] Image Redirect

Post by v12mike » Sat Sep 22, 2018 4:06 pm

lopoto wrote:
Sat Sep 22, 2018 3:57 pm
You can clearly describe how to configure for - Local Image Store mode:

for dummes :mrgreen: please
I think that I would like to keep this topic only for discussion of the Image Redirect extension, not the associated image harvesting scripts, nor the configuration of a camo proxy server.

For the image harvesting scripts and setting up a local image store, seehttps://www.phpbb.com/community/viewtopic.php?p ... #p14776436 which is a fairly long topic, but should answer most of your questions.

For setting up a camo proxy, I will probably start another topic in the general discussion forum.

User avatar
RomaamoR
Registered User
Posts: 150
Joined: Tue Feb 24, 2015 4:45 pm
Contact:

Re: [3.2][BETA] Image Redirect

Post by RomaamoR » Sat Sep 22, 2018 4:15 pm

And how does this extension differ from "Camo SSL Image Proxy Configuration" ?

v12mike
Registered User
Posts: 246
Joined: Thu Jul 09, 2015 5:03 pm

Re: [3.2][BETA] Image Redirect

Post by v12mike » Sat Sep 22, 2018 4:58 pm

RomaamoR wrote:
Sat Sep 22, 2018 4:15 pm
And how does this extension differ from "Camo SSL Image Proxy Configuration" ?
That is covered in the second post in this topic. This extension supercedes it.

User avatar
AmigoJack
Registered User
Posts: 5332
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: [3.2][BETA] Image Redirect

Post by AmigoJack » Sun Sep 23, 2018 8:06 am

v12mike wrote:
Sat Sep 22, 2018 12:21 pm
Do you have a issue with the phpBB.com forums using the same technique?
Yes, of course. When it started I thought Camo was used to anonymize URIs only, along with partly the same disadvantage.
The worst thing about censorship is ███████████

v12mike
Registered User
Posts: 246
Joined: Thu Jul 09, 2015 5:03 pm

Re: [3.2][BETA] Image Redirect

Post by v12mike » Sat Oct 06, 2018 4:39 pm

I just created version 2.0.0-b2 which has a 1 line change to fix a php warning. I would advise updating to this version if you are testing the extension.

User avatar
Ger
Recognised Extension Developer
Posts: 1736
Joined: Wed Jan 02, 2008 7:35 pm
Location: 192.168.1.100
Contact:

Re: [3.2][BETA] Image Redirect

Post by Ger » Wed Oct 10, 2018 8:18 am

AmigoJack wrote:
Sat Sep 22, 2018 12:13 pm
v12mike wrote:
Sat Sep 22, 2018 7:22 am
The user's browser then requests the image from the secure proxy which accesses the original hosting server and re-serves the content on-the-fly using the https:// protocol.
I understand which problem(s) this extensions wants to resolve and I guess the vast majority of users want/love it. But practising this undermines security and SSL and has happened before and elsewhere - it will just reset the trust level over time back to before HTTPS became popular, because then every website can appear secure and under the hood it's accessing everything unsecured.

To whoever reads this: the concept of using SSL/HTTPS is not to "make the internet browser giving your website a green icon". If your website embeds HTTP resources then better decide between dumping those resources or not serving your website in HTTPS to begin with. Using proxies in this way is dishonest and wrong - the whole idea of internet browsers warning users about mixed content is nowadays broken because of most people eliminating symptoms instead of problems.
This is not entirely true.

Mixed content simply states that your browser is downloading a mix of encrypted and unencrypted sources. When you use a camo proxy like this, you only download encrypted sources. That results in a "green icon" like you write. That's true, but it's only a side-effect. The purpose of SSL is only to encrypt the connection and show information about the host. No more, no less. SSL does NOT mean everything is secure. If you download bogus over SSL, you still get bogus. One can easily load a hidden crypto miner overloading your CPU over SSL.

So when I visit a board about some medical condition and that has images hosted from other sources, with the board being server over SSL while the image host isn't, a MITM could still find out what image I downloaded. With an extension like this one enabled, the MITM could only find out that I'm requesting an image though the proxy without any knowledge about the original source.

That's what this extension is about. Not about that green icon you refer to.
My extensions:
Simple CMS, Feed post bot, Avatar Resize, Modbreak, Magic OGP, Live topic update, Modern Quote, Quoted Where (GDPR) and Autoresponder.
Newest: FAQ manager for 3.2

Like my work? Buy me a coffee to keep it coming. :ugeek:
-Available for custom work-

User avatar
AmigoJack
Registered User
Posts: 5332
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: [3.2][BETA] Image Redirect

Post by AmigoJack » Wed Oct 10, 2018 10:48 am

Ger wrote:
Wed Oct 10, 2018 8:18 am
If you download bogus over SSL, you still get bogus. One can easily load a hidden crypto miner overloading your CPU over SSL.
This is so obvious I don't even care for people thinking HTTPS prevents viruses.
Ger wrote:
Wed Oct 10, 2018 8:18 am
With an extension like this one enabled, the MITM could only find out that I'm requesting an image though the proxy without any knowledge about the original source.
With an extension like this no one will ever find out a MITM attack for the HTTP download - you put that into a box with the only goal to serve HTTPS, but neglect analyzing what happened before. That's what's wrong with these kinds of proxies - I as the end user have no chance to see if it happened on the server already, but using a mixed content website (requesting all resources directly) I also have more chances to see what happens.
The worst thing about censorship is ███████████

Post Reply

Return to “Extensions in Development”

Who is online

Users browsing this forum: andares, oBot, Tbot [Bot] and 27 guests