[3.2][BETA] Image Redirect

A place for Extension Authors to post and receive feedback on Extensions still in development. No Extensions within this forum should be used within a live environment!
Scam Warning
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

IMPORTANT: Extensions Development rules

IMPORTANT FOR NEEDED EVENTS!!!
If you need an event for your extension please read this for the steps to follow to request the event(s)
v12mike
Registered User
Posts: 341
Joined: Thu Jul 09, 2015 5:03 pm

Re: [3.2][BETA] Image Redirect

Post by v12mike » Wed Oct 10, 2018 1:02 pm

For the sake of discussion and enlightenment, Amigo, can you tell us what harm a MITM attack can do on an image link in a typical phpBB forum context? Remember that the browser has been told to render the link content as an image.

Given the answer to that question, what action would you as a user take, if you were reading a phpBB forum over https but you get an insecure content warning for an image hosted on a http site?

User avatar
AmigoJack
Registered User
Posts: 5588
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: [3.2][BETA] Image Redirect

Post by AmigoJack » Wed Oct 10, 2018 2:06 pm

v12mike wrote:
Wed Oct 10, 2018 1:02 pm
what harm a MITM attack can do on an image link in a typical phpBB forum context? Remember that the browser has been told to render the link content as an image
The picture's integrity. When it should display text in it, that could have been modified. When it should display persons, their faces could have been modified. Such things. Not security.

v12mike wrote:
Wed Oct 10, 2018 1:02 pm
what action would you as a user take, if you were reading a phpBB forum over https but you get an insecure content warning for an image hosted on a http site?
My level in believing what I see: if I know it comes thru HTTP I could less trust it than when it comes thru HTTPS.

At least that's how I would do it from the other side: manipulate pictures in HTTP streams when someone is proxifying them as HTTPS. A board owner with malicious intentions has even less work to do, as then always his modified pictures are served instead of the originals (of course: this case applies to many other scenarios, like attachments being modified etc.).
The worst thing about censorship is ███████████
Affin wrote:
Tue Nov 20, 2018 9:51 am
The problem is probably not my English but you do not want to understand correctly.
...
We will not come anybody anyway, nevertheless, it's best to shit this.

User avatar
</Solidjeuh>
Registered User
Posts: 1618
Joined: Tue Mar 29, 2016 3:45 am
Location: Aalst (Belgium)
Name: Andy Dm
Contact:

Re: [3.2][BETA] Image Redirect

Post by </Solidjeuh> » Sat Jun 08, 2019 3:07 pm

Tried to install on Centos 7. After npm install I get this:

Image

And where to add this:

Code: Select all

# redirection of /camo/ to the local proxy
    RewriteRule ^/camo/(.*)$ balancer://camo/$1 [P,L] 
    <Proxy balancer://camo>
        BalancerMember http://127.0.0.1:8081
    </Proxy>
Image
Register a free account & Play!!
~~~ https://www.solidjeuh.be ~~~
Have a secret? --> https://www.tellyoursecrets.eu

v12mike
Registered User
Posts: 341
Joined: Thu Jul 09, 2015 5:03 pm

Re: [3.2][BETA] Image Redirect

Post by v12mike » Sat Jun 08, 2019 3:34 pm

I think I had the coffee-script warning last time I did a reinstall, but it is only a warning and I ignored it. I was hoping that it would be fixed upstream by now.

The camo config for apache should go just under the </Directory> section corresponding to your phpBB site root directory. I can't identify which of your listed files that is in.

User avatar
</Solidjeuh>
Registered User
Posts: 1618
Joined: Tue Mar 29, 2016 3:45 am
Location: Aalst (Belgium)
Name: Andy Dm
Contact:

Re: [3.2][BETA] Image Redirect

Post by </Solidjeuh> » Sat Jun 08, 2019 5:33 pm

v12mike wrote:
Sat Jun 08, 2019 3:34 pm
I think I had the coffee-script warning last time I did a reinstall, but it is only a warning and I ignored it. I was hoping that it would be fixed upstream by now.

The camo config for apache should go just under the </Directory> section corresponding to your phpBB site root directory. I can't identify which of your listed files that is in.
Found it, thank you :D
Register a free account & Play!!
~~~ https://www.solidjeuh.be ~~~
Have a secret? --> https://www.tellyoursecrets.eu

Post Reply

Return to “Extensions in Development”