[SOLVED]: How to replace 'http://' in 'https://' at once on all forum posts

Get help with installation and running phpBB 3.3.x here. Please do not post bug reports, feature requests, or extension related questions here.
Post Reply
ivanc
Registered User
Posts: 87
Joined: Thu Nov 06, 2008 12:11 pm

[SOLVED]: How to replace 'http://' in 'https://' at once on all forum posts

Post by ivanc »

I use phpBB 3.3.5
Until recently, I used "http://mydomain/forum".
A lot of my posts contain code Image

Now I use "https://mydomain/forum"
All the pictures I have on the forum are not visible now.
It’s hard for me to edit every post and correct it manually.

Is it possible to edit all "http://" to "https://" in one step or in some other way through ACP?
Last edited by ivanc on Sun Dec 05, 2021 3:13 pm, edited 1 time in total.
User avatar
AlfredoRamos
Recognised Extension Developer
Posts: 1302
Joined: Wed Dec 25, 2013 9:06 pm
Location: /dev/null
Name: Alfredo
Contact:

Re: How to replace 'http://' in 'https://' at once on all forum posts

Post by AlfredoRamos »

If you are worried about mixed content issues, you could just make sure your website is redirected to HTTPS and add the CSP upgrade-insecure-requests header on your server.

https://developer.mozilla.org/en-US/doc ... e-requests

If you still want to make changes to your database (you should have a backup), you could do it with a SQL query, then purge the cache.

You don't mention which RDBMS you use, so I'll assume you are running MySQL/MariaDB.

Code: Select all

UPDATE phpbb_posts
SET post_text = REPLACE(post_text, 'http://mydomain', 'https://mydomain')
WHERE post_text LIKE '%http://mydomain%';
I would suggest to try it first on a test replica of your database.

There's a other places you will need to make changes too, like the signatures and private messages, but I'm sure you'll be able to adapt the SQL query above.

You could also change the Server URL settings and enable the "Force URL settings" in the ACP, however I personally wouldn't recommend that way.
Some of my phpBB extensions:
:chart_with_upwards_trend: SEO Metadata | Image Markdown | :shield: hCaptcha
:trophy: Check out all my validated extensions :trophy:

:penguin: Arch Linux user | Linux Boards :penguin:
ivanc
Registered User
Posts: 87
Joined: Thu Nov 06, 2008 12:11 pm

[SOLVED] How to replace 'http://' in 'https://' at once on all forum posts

Post by ivanc »

Thank you for your response and willingness to help.
Problem solved
ivanc
Registered User
Posts: 87
Joined: Thu Nov 06, 2008 12:11 pm

Re: [SOLVED]: How to replace 'http://' in 'https://' at once on all forum posts

Post by ivanc »

I want to explain how I solved the problem.

In my .htaccess file I had this code below (Security Headers settings)

Code: Select all

<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
Header set X-Frame-Options "SAMEORIGIN"
Header set X-Content-Type-Options "nosniff"
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
# Header set Content-Security-Policy ...
Header set Content-Security-Policy "default-src https:; font-src https: data:; img-src https: data:; script-src https:; style-src https:;"
Header set Referrer-Policy "same-origin"
Header set Permissions-Policy: "accelerometer=(); camera=(); geolocation=(); gyroscope=(); magnetometer=(); microphone=(); speaker=(); usb=(); vibrate=(); sync-xhr=(self https://mydomain.com)"
</IfModule>
I replaced the code above with the code below.

Code: Select all

<IfModule mod_headers.c>
Header set X-Content-Type-Options "nosniff"
</IfModule>
Now all the pictures are visible on the forum, but I have weakened Security Headers.
User avatar
AmigoJack
Registered User
Posts: 6106
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: [SOLVED]: How to replace 'http://' in 'https://' at once on all forum posts

Post by AmigoJack »

ivanc wrote: Sun Dec 05, 2021 3:16 pmI want to explain how I solved the problem
You are not solving - you work around.

Also you cannot wildly change the protocol of URIs from HTTP to HTTPS, because there are still websites out there that indeed only serve HTTP but not automatically HTTPS, too. One needs to inspect every (sub)domain on its own, otherwise you will turn a few URIs into dead ones. I've tried to explain this a couple of times in the past: (Yes: the original post subjects were this stupid.)
  • "The problem is probably not my English but you do not want to understand correctly. ... We will not come anybody anyway, nevertheless, it's best to shit this." Affin, 2018-11-20
  • "But this shit is not here for you. You can follow with your. Maybe the question, instead, was for you, who know, so you shoved us how you are." axe70, 2020-10-10
  • "My reaction is not to everyone, especially to you." Raptiye, 2021-02-28
SQLnovice
Registered User
Posts: 115
Joined: Thu Oct 10, 2019 5:03 am

Re: [SOLVED]: How to replace 'http://' in 'https://' at once on all forum posts

Post by SQLnovice »

I did it a little differently, by cheating from some of the .htaccess syntax sites online. Substitute your domain anywhere you find 'domain.com' below.

This forces typed URL
a) domain.com
b) http://domain.com
c) http://www.domain.com
to be https://www.domain.com

RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www\.)?domain.com$
RewriteRule ^ https://domain.com%{REQUEST_URI} [NC,L,R]

Then in the ACP's Server Settings
Force server URL settings: Yes
Server protocol: https://
Domain name: domain.com
Server port: 443
ivanc
Registered User
Posts: 87
Joined: Thu Nov 06, 2008 12:11 pm

Re: [SOLVED]: How to replace 'http://' in 'https://' at once on all forum posts

Post by ivanc »

@AlfredoRamos
Thank you again for your effort and explanation, I think that is too difficult for me.

@AmigoJack
Thank you for the detailed explanation, I appreciate your effort and knowledge.
I need to study your posts you gave here (it will take me more time).
Since I don’t have enough IT knowledge, for now I’ve taken the solution offered by @SQLnovice

@SQLnovice
I have tried in '.htaccess' and in ACP, to make modifications on your advice.

This works (btw: After each change in the ACP, I clicked on 'Purge Cache' )

Code: Select all

Then in the ACP's Server Settings
Force server URL settings: Yes
Server protocol: https://
Domain name: domain.com
Server port: 443
Script path: /forum
This does not work for me in the '.htaccess' file

Code: Select all

RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www\.)?domain.com$
RewriteRule ^ https://domain.com%{REQUEST_URI} [NC,L,R]
But this works

Code: Select all

RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.domain\.com [NC]
RewriteRule (.*) https://domain.com/$1 [R=301,L]
Currently, I have the following (below) in my '.htaccess' file

Code: Select all

RewriteEngine On
#
##redirect from www to non-www 
RewriteCond %{HTTP_HOST} ^www\.domain.com [NC]
RewriteRule (.*) https://domain.com/$1 [R=301,L]
#
##Force server URL settings 'http' to 'https' -> this doesn't work?
#RewriteCond %{HTTP_HOST} ^(www\.)?domain.com$
#RewriteRule ^ https://domain.com%{REQUEST_URI} [NC,L,R]
#
###### Security Headers - test with https://securityheaders.com
<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
Header set X-Frame-Options "SAMEORIGIN"
Header set X-Content-Type-Options "nosniff"
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
## Header set Content-Security-Policy ...
#Header set Content-Security-Policy "default-src https:; font-src https: data:; img-src https: data:; script-src https:; style-src https:;"
Header set Referrer-Policy "same-origin"
Header set Permissions-Policy: "accelerometer=(); camera=(); geolocation=(); gyroscope=(); magnetometer=(); microphone=(); speaker=(); usb=(); vibrate=(); sync-xhr=(self https://domain.com)"
</IfModule>
Now, all my pictures are visible on the website and forum, Security Headers Report Summary show 'A'
BTW: I use Firefox, on my website and forum, there are no trackers, ads, google scripts, etc (they are simply clean installations).

This screenshot is the result of testing with https://securityheaders.com
This is the maximum I could achieve.
Attachments
security-headers-report.png
security-headers-report.png (8.99 KiB) Viewed 495 times
Post Reply

Return to “[3.3.x] Support Forum”