Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
|
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
Thread Tools |
02-25-2017, 09:40 AM | #1 |
Too lazy to set a custom title
Join Date: Mar 2002
Location: Australia
Posts: 17,373
|
So I finally changed one of my sites to HTTPS...
Everything's going peachy as I set up my Let's Encrypt certificate, set up Apache on port 443, and start progressively changing references...
Then I discover that one of the affiliate programs I use only supports HTTP. It's inlined content (IFRAME) so there's really no option but to accept that it's going result in a broken padlock on most browsers. Anyone else had the same problem when switching to HTTPS? |
02-25-2017, 09:47 AM | #2 |
Too lazy to set a custom title
Join Date: Mar 2002
Location: Australia
Posts: 17,373
|
Well this is fun.
Program 1 - doesn't support HTTPS at all. Program 2 - server running on port 443, but certificate is for a different domain. I've not had much luck with contacting either program in the past but I've given it a go anyway. |
02-25-2017, 09:48 AM | #3 |
Confirmed User
Industry Role:
Join Date: Sep 2009
Posts: 2,302
|
PHP redirects link to your site and redirect
|
02-25-2017, 09:50 AM | #4 |
Too lazy to set a custom title
Join Date: Mar 2002
Location: Australia
Posts: 17,373
|
|
02-25-2017, 09:53 AM | #5 |
Confirmed User
Industry Role:
Join Date: Sep 2009
Posts: 2,302
|
Site.com/go/affiliate/
In the affiliate folder, create index.php that redirects a header to your sponsor. |
02-25-2017, 10:03 AM | #6 |
Too lazy to set a custom title
Join Date: Mar 2002
Location: Australia
Posts: 17,373
|
|
02-25-2017, 10:23 AM | #7 |
Confirmed User
Industry Role:
Join Date: Aug 2005
Location: YUROP
Posts: 8,508
|
Got the same issue with a VR video embed from one of the sponsors, they offer only HTTP.
__________________
Use coupon 'pauljohn' for a $1 discount at already super cheap NameSilo! Anal Webcams | Kinky Trans Cams Live | Hotwife XXX Tube | Get your Proxies here |
02-25-2017, 10:42 AM | #8 |
Confirmed User
Industry Role:
Join Date: Sep 2009
Posts: 2,302
|
I'm so so sorry. I totally misread some of your question!
|
02-25-2017, 10:48 AM | #9 |
StraightBro
Industry Role:
Join Date: Aug 2003
Location: Monarch Beach, CA USA
Posts: 56,232
|
html - How to allow http content within an iframe on a https site - Stack Overflow
The best solution I created is to simply use google as the ssl proxy... Code:
https://www.google.com/search?q=%http://yourhttpsite.com&btnI=Im+Feeling+Lucky Other Methods: Use a Third party such as embed.ly (but it it really only good for well known http APIs). Create your own redirect script on an https page you control (a simple javascript redirect on a relative linked page should do the trick. Something like: (you can use any langauge/method) https://mysite.com That has a iframe linking to... https://mysite.com/utilities/redirect.html Which has a simple js redirect script like... document.location.href ="http://thenonsslsite.com"; Alternatively, you could add an RSS feed or write some reader/parser to read the http site and display it within your https site. You could/should also recommend to the http site owner that they create an ssl connection. If for no other reason than it increases seo. Unless you can get the http site owner to create an ssl certificate, the most secure and permanent solution would be to create an RSS feed grabing the content you need (presumably you are not actually 'doing' anything on the http site -that is to say not logging in to any system). The real issue is that having http elements inside a https site represents a security issue. There are no completely kosher ways around this security risk so the above are just current work arounds. Note, that you can disable this security measure in most browsers (yourself, not for others). Also note that these 'hacks' may become obsolete over time. |
02-25-2017, 01:09 PM | #10 |
Confirmed User
Join Date: Dec 2007
Location: Chatsworth, CA
Posts: 1,964
|
LOL. Thanks Google for forcing everyone to waste time with https even when we aren't transmitting anything that requires security.
|
02-25-2017, 01:24 PM | #11 |
👏 REVOLUTIONARY 👏
Industry Role:
Join Date: Jan 2016
Posts: 1,440
|
That's the stupidest boneheaded fucking statement I've ever fucking read in my entire fucking life. Congratulations on being a dip shit.
|
02-25-2017, 01:47 PM | #12 | |
Confirmed User
Industry Role:
Join Date: Jun 2003
Location: Switzerland / Germany / Thailand
Posts: 5,469
|
Quote:
you will have a problem with all links and includes what are NOT on https. so if you have NO FORM on your page where users have to send data (like email or personal information) i would not recommend to use https and i have NOT seen yet a site what suffers on that as long there are no forms in the page. and i can tell you that i have analytics access to many sites what are receiving a few 100 thsd users per day from google. |
|
02-25-2017, 02:20 PM | #13 | |
Bye - Left to do stuff
Industry Role:
Join Date: Feb 2013
Posts: 4,110
|
Quote:
No matter what you claim, a Secure site (using https) would always rank better than an unsecure site. So if you want the extra edge in the race to page1, then you need to use all elements possible. If you cant figure out how to run the site from HTTPS only, you are in for some trouble in the future. That said, I still run many sites with no encryption, if its just for contact info or refference. |
|
02-25-2017, 02:22 PM | #14 | |
👏 REVOLUTIONARY 👏
Industry Role:
Join Date: Jan 2016
Posts: 1,440
|
Quote:
Educate yourself, and stop being a dipshit like shit for brains above. |
|
02-25-2017, 02:50 PM | #15 | |
Confirmed User
Industry Role:
Join Date: Jun 2003
Location: Switzerland / Germany / Thailand
Posts: 5,469
|
Quote:
btw - i do not have to educate myself i do this for 20 years you twip and i have for sure more sites in the top position as you have ever seen. so do what you want - i just tell you my experience but if you have a method to reach a position higher than no. 1 than you obviously know more then me. |
|
02-25-2017, 02:52 PM | #16 | |
StraightBro
Industry Role:
Join Date: Aug 2003
Location: Monarch Beach, CA USA
Posts: 56,232
|
Quote:
|
|
02-25-2017, 03:05 PM | #17 | |
👏 REVOLUTIONARY 👏
Industry Role:
Join Date: Jan 2016
Posts: 1,440
|
Quote:
First and foremost, HTTPS protects your users. Posting a news update on a user forum may cost a dissident his life in an oppressive regime; A strict workplace may terminate employment based on an employee?s browsing activity; And of course, the Snowden affairs have clearly shown governments simply can?t get enough of this data. Using HTTPS makes it dramatically harder for these players to know what users are doing, and helps you maintain your most important responsibility ? your users trust. Unencrypted content can easily be tampered. In addition, unencrypted pages are often in the path to secure ones. For instance, consider a shopping site where a product page is unencrypted, but the actual purchase flow uses HTTPS. A man-in-the-middle can change the unprotected product page, making the ?Add to Cart? button go to their evil copy of the website, and the browser (and user) will see no difference. If you only want your users to see the content you actually posted, and want their actions to always reach you, use HTTPS. Roughly 18 years after its inception, HTTP/1.1 is finally getting refreshed. It?s successor, HTTP/2, has been officially completed in May (2015). HTTP/2 further evolves Google?s SPDY, and includes many significant improvements over HTTP/1.1, ranging from request multiplexing to header compression to server-side push. For compatibility reasons, as well as a desire to make the web secure, browsers will only support HTTP/2 over HTTPS (the spec states encryption is optional). If you want to benefit from this evolution of the web ? you need to switch to HTTPS. Criminals are not the only ones looking to make money of your site ? Internet and WiFi providers want in on it too. As many as 38% of WiFi proxies, ranging from giants like Comcast to smaller providers, inject their own ads on unencrypted pages. If ads are how you make money, know those ads may be hijacked, and your users will be none the wiser. If your website is not using ads? Your users may see some anyway, and blame you for it. Use HTTPS to prevent such tampering and protect your revenue & brand. HTTPS aims to protect your privacy, including not sharing with others what you?re browsing. Imagine you browse https://secret.com/HelloKitty/ and click a link to the unencrypted http://other.com/. If the request to other.com included the URL in a Referer (sic) header, anyone listening (as well as other.com) would know of your love for the little not-a-cat. To avoid such a violation, browsers do not send a Referer header when navigating from HTTPS to HTTP (unless explicitly overridden using a Referrer Policy). As more websites switch to HTTPS, staying on HTTP would hurt your insight into where your visitors are coming from. Just to name a few. |
|
02-25-2017, 03:22 PM | #18 | ||
Confirmed User
Industry Role:
Join Date: Jun 2003
Location: Switzerland / Germany / Thailand
Posts: 5,469
|
Quote:
did you really read what i wrote ???? Quote:
how many trafficexchanges you have seen i.e. WITH https ? how many adservers are NOT using https? how many counters? how many dynamic advertisements from sponsors? it can be easy to change yourself to https but it is a mess if you want to change ALL what might be included. so IT DEPENDS on the website if that makes sense now or not. practically it WILL BE an issue in a not so far future but til THAN a website on http what does not have any 2way communication where personal data can be spied will not have a problem NOW. ipv6 was possible already 10 years ago and WHY isn´t it standard til today? its the SAME issue !!! you can not change the circumstances around you and THAT is my point. but anyway - you brought me on a HUGE idea with another issue i need to resolve and that little kinky conversation helped me to find it. thanks to you for that ;-) |
||
02-25-2017, 03:37 PM | #19 |
It's 42
Industry Role:
Join Date: Jun 2010
Location: Global
Posts: 18,083
|
XloveCam.com affiliate tools are 100% HTTPS
Lots of other sponsors have had to do the same. Use sponsors that can support your change to HTTPS. |
02-25-2017, 03:39 PM | #20 | |
👏 REVOLUTIONARY 👏
Industry Role:
Join Date: Jan 2016
Posts: 1,440
|
Quote:
|
|
02-25-2017, 03:49 PM | #21 |
(>^_^)b
Industry Role:
Join Date: Dec 2011
Posts: 7,174
|
Edit: idk
__________________
Join the BEST cam affiliate program on the internet! I've referred over $1.7mil in spending this past year, you should join in. I make a lot more money in the medical field in a lab now, fuck you guys. Don't ask me to come back, but do join Chaturbate in my sig, it still makes bank without me touching shit for years.. |
02-25-2017, 05:51 PM | #22 |
Too lazy to set a custom title
Join Date: Mar 2002
Location: Australia
Posts: 17,373
|
Hasn't been a totally clean switch either. I expected some odd behaviour here and there, but I've noticed quite a bit, even from browsers with common user agents that should support HTTPS 100%.
Here's some log entries. The last value is the port (HTTP=80, HTTPS=443). There's browsers which switch without fuss, going from port 80 to 443 within a second: Code:
x.x.x.x - - [26/Feb/2017:04:19:33 +1100] "GET / HTTP/1.1" 302 - https://www.google.com/ 55308 0 80 x.x.x.x - - [26/Feb/2017:04:19:34 +1100] "GET / HTTP/1.1" 200 1878 https://www.google.com/ 55308 0 443 (...fetch all future objects on port 443) There's browsers which are delayed for some reason, perhaps because of a user confirmation dialog? This IP had 22 seconds between the redirect (HTTP) and the content fetch (HTTPS) : Code:
x.x.x.x - - [26/Feb/2017:04:19:47 +1100] "GET / HTTP/1.1" 302 - - 55278 0 80 x.x.x.x - - [26/Feb/2017:04:20:09 +1100] "GET / HTTP/1.1" 200 1878 - 55308 0 443 Then there's these browsers, which don't redirect to HTTPS, and they continue connecting to port 80, even though the referer suggests they're HTTPS capable: Code:
x.x.x.x - - [26/Feb/2017:04:22:13 +1100] "GET / HTTP/1.1" 302 - https://www.google.com/ 55278 0 80 x.x.x.x - - [26/Feb/2017:04:22:31 +1100] "GET / HTTP/1.1" 302 - https://www.google.com/ 55278 0 80 x.x.x.x - - [26/Feb/2017:05:22:43 +1100] "GET / HTTP/1.1" 302 - http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=[.....] 55278 0 80 It's the latter case that concerns me, because it looks like they're no longer able to access the site at all. I ended up writing some extra scripting that only sends the 302 HTTP->HTTPS redirect once; if the browser continues to connect to port 80, it will fall back to permitting normal site access via HTTP. So far around 19% of IPs have hit that fallback exception, which seems a very high number. |
02-25-2017, 06:16 PM | #23 |
It's 42
Industry Role:
Join Date: Jun 2010
Location: Global
Posts: 18,083
|
You got root on the server?
Code:
LoadModule ssl_module modules/mod_ssl.so Listen 443 <VirtualHost *:443> ServerName www.example.com SSLEngine on SSLCertificateFile "/path/to/www.example.com.cert" SSLCertificateKeyFile "/path/to/www.example.com.key" </VirtualHost> https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html https://httpd.apache.org/docs/2.4/mod/mpm_common.html Multiple Listen directives may be used to specify a number of addresses and ports to listen to. The server will respond to requests from any of the listed addresses and ports. For example, to make the server accept connections on both port 80 and port 8000, use: Code:
Listen 80 Listen 443 that should* solve some of the problem -- I don't think that would redirect ALL requests to HTTPS/TLS 443 You don't want to use 301 redirection in a php script or are you using an Apache .htaccess directive like Rewrite of Redirect Match This is much simpler to do with Nginx Configuring HTTPS servers Code: Code:
server { listen 80; listen 443 ssl; # force https-redirects if ($scheme = http) { return 301 https://$server_name$request_uri; } } |
02-25-2017, 06:34 PM | #24 |
Too lazy to set a custom title
Join Date: Mar 2002
Location: Australia
Posts: 17,373
|
? As per my above post I already have Apache listening on both port 80 and port 443. Exact same config, except the latter has the SSL directives.
I've also shown that unconditional HTTP->HTTPS redirection doesn't seem to work for a lot of people, which is why I added in the conditional redirect. What's wrong with doing a redirection in a PHP script? |
02-25-2017, 10:26 PM | #25 |
It's 42
Industry Role:
Join Date: Jun 2010
Location: Global
Posts: 18,083
|
PHP is way too slow
Code:
RewriteCond %{SERVER_PORT} ^80$ RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L] htaccess HTTPS / SSL Tips, Tricks, and Hacks very good site and usually dead nuts right. |
02-25-2017, 10:44 PM | #26 |
Confirmed User
Industry Role:
Join Date: May 2012
Location: With your mom
Posts: 5,189
|
HTTPS is crap.
|
02-26-2017, 12:05 AM | #27 |
Too lazy to set a custom title
Join Date: Mar 2002
Location: Australia
Posts: 17,373
|
Have you actually used it at any time in the past 15 years?
The site is PHP based, so adding an extra few statements makes near zero difference to load time. HTTPS negotiation is the bottleneck here... This is an unconditional redirect. As I've already mentioned above this does not seem to work for many browsers. I started with an unconditional redirect and noted that browsers were getting stuck on port 80, which is why I changed it to a "try once" HTTPS redirect, with fallback to plain HTTP if they continue to connect to port 80. Try doing that with htaccess |
02-26-2017, 06:24 AM | #28 |
It's 42
Industry Role:
Join Date: Jun 2010
Location: Global
Posts: 18,083
|
Server daemons are a lot faster than ALL interpreter languages -- good luck
What are the user-agents that are not accepting the redirects. It is also possible that ad blockers may be a factor. What percentage of browsers are a problem -- and do they matter? If its 5% -- and obsolete --fuck em some people still tweak CSS3 for IE7 You post log entries that are incomplete and useless How the fuck can I tell -- there are no user agents? The only problem we have had with HTTPS/TLS is with the googlebot and ITS indexing -- Google is so full of shit. Did you first try in .htaccess <= the fastest way or not? |
02-26-2017, 08:14 AM | #29 | |
...
Industry Role:
Join Date: Apr 2003
Posts: 2,280
|
Quote:
Outgoing links don't have to be https, the only thing that will trigger a warning is when you include a non secure item (such as a js file or iframe/ad code or image). Any reputable ad network, counter, third party plugins, etc. offer https. If you use any sponsor, ad network, counter, js, etc. that doesn't in 2017 I would leave them asap, because they obviously don't take security seriously, so I wouldn't trust them with anything. |
|
02-26-2017, 08:18 AM | #30 | |
...
Industry Role:
Join Date: Apr 2003
Posts: 2,280
|
Quote:
|
|
02-26-2017, 08:19 AM | #31 | |
It's 42
Industry Role:
Join Date: Jun 2010
Location: Global
Posts: 18,083
|
Quote:
|
|
02-26-2017, 08:43 AM | #32 | |
It's 42
Industry Role:
Join Date: Jun 2010
Location: Global
Posts: 18,083
|
https://gist.github.com/medhi/25368643e33d650630cb
Maybe this will help -- it is 1 year old. Quote:
|
|
02-27-2017, 02:13 PM | #33 |
Too lazy to set a custom title
Join Date: Mar 2002
Location: Australia
Posts: 17,373
|
Looks like the redirect issue is mostly moot now - Google has picked up the 301, and is now referring people directly to the HTTPS URL.
No chance now of an automated fallback to HTTP, if a browser referred by Google decides (for whatever reason) that it doesn't like my Let's Encrypt certificate. Guess I now need to be looking for port 443 connections that don't fully load the page... |
03-31-2017, 09:42 AM | #34 | |
Too lazy to set a custom title
Join Date: Mar 2002
Location: Australia
Posts: 17,373
|
Quote:
Daily referrals to the webcam affiliate program dropped from 90-100, down to around 10. The drop happened immediately after I switched to HTTPS. This is a massive decrease in leads, and potentially, my long term income from that program. I'm going to have to set up some kind of HTTP->HTTPS proxy so that I can serve the content myself, because the program is too damn lazy/apathetic to spend a couple of hundred bucks on a certificate and set up HTTPS. So think twice about switching to HTTPS "because Google told you to" |
|
03-31-2017, 10:04 AM | #35 |
Too lazy to set a custom title
Join Date: Mar 2002
Location: Australia
Posts: 17,373
|
Graph showing the clear drop in leads right after switching to HTTPS. Daily traffic on my own site has changed very little since the switch, but leads to the HTTP-only program have. |
03-31-2017, 10:06 AM | #36 |
It's 42
Industry Role:
Join Date: Jun 2010
Location: Global
Posts: 18,083
|
XloveCam/XloveCash affiliate tools are 100% HTTPS for some months now ...
Unfortunately, you may experience a SERPs problem while your website is being reindexed in HTTPS. |
03-31-2017, 10:11 AM | #37 | |
The Boogeyman
Industry Role:
Join Date: Nov 2003
Posts: 22,857
|
Quote:
Na Barry I'm just busting. I hear you run a great program man. And you always have great tech input. Duke
__________________
Friend of Bears and Guest of Eagles I am the clue-finder Falcon catcher I am he who causes Falcons to soar due south but no winds caused me. I am he who has eyes, but not to see. I am the ring wearer and apron wearer I am he that carries a pointed staff and raises his fellows with certain grips and words I am he that knows my brethren in the darkness as well as in the light Mechanic / Fixer. Literally and figuratively |
|
03-31-2017, 10:14 AM | #38 |
The Boogeyman
Industry Role:
Join Date: Nov 2003
Posts: 22,857
|
We went https by our old tech and he fucked us out of seo results, downtime, you name it. Had to have woj fix everything.
Ds
__________________
Friend of Bears and Guest of Eagles I am the clue-finder Falcon catcher I am he who causes Falcons to soar due south but no winds caused me. I am he who has eyes, but not to see. I am the ring wearer and apron wearer I am he that carries a pointed staff and raises his fellows with certain grips and words I am he that knows my brethren in the darkness as well as in the light Mechanic / Fixer. Literally and figuratively |
03-31-2017, 11:11 AM | #39 | |
Confirmed User
Industry Role:
Join Date: Jun 2003
Location: Switzerland / Germany / Thailand
Posts: 5,469
|
Quote:
can be a victim of the last google update or someone who have copied the page. @ rowan: if you pm me the url i will have a look on it. |
|
04-01-2017, 12:35 AM | #40 |
Confirmed User
Industry Role:
Join Date: Jun 2004
Location: Dark Side of the Moon
Posts: 813
|
If there is anything in your site coding that relies on http header data you will have serious issues switching an http site to https. When you redirect incoming http traffic to the https site via .htaccess, the http header data is not retained.
|
04-01-2017, 12:58 AM | #41 |
Too lazy to set a custom title
Join Date: Mar 2002
Location: Australia
Posts: 17,373
|
Do you mean POST data? I log all HTTP headers, and I just looked at a couple of HTTP 301->HTTPS 200 sequences - all headers are preserved over the redirect, including the referer.
|
04-01-2017, 05:57 AM | #42 |
So Fucking Banned
Industry Role:
Join Date: Jul 2015
Location: elmer blackwood mansion
Posts: 1,459
|
Google really sucketh dicketh.
|
04-01-2017, 06:40 AM | #43 |
Confirmed User
Industry Role:
Join Date: Jan 2012
Location: NC
Posts: 7,681
|
i siwtched my site to https and traffic dropped 90% .
becuase google is stupid and treats http and https as 2 separate sites/entities. it takes time to get back to old position/rankings ... lesson learned., https is not that important if you are not having members area or billing members. majority top 10k alexa sites are still using http as preferred its not that they dont support https, but at least they are not doing 301 from http to https.. 2 cents.
__________________
SSD Cloud Server, VPS Server, Simple Cloud Hosting | DigitalOcean
|
04-01-2017, 06:47 AM | #44 | |
So Fucking Banned
Industry Role:
Join Date: Jul 2015
Location: elmer blackwood mansion
Posts: 1,459
|
Quote:
|
|
04-01-2017, 09:30 AM | #45 |
Confirmed User
Industry Role:
Join Date: Sep 2012
Posts: 1,432
|
I submit to the HUN a lot and never received any notice from them on the https issue..Just went and check there rules again and I do not see anywhere in there about switching to https. Unless I'm not looking in the right place.
__________________
Awesome Hosting At Awesome Pricing At Vacares |
04-01-2017, 10:43 AM | #46 |
Confirmed User
Industry Role:
Join Date: Jan 2012
Location: NC
Posts: 7,681
|
imho just enabling https doesnt hurt, but force redirecting one protocol to another does . i am talking about serp here and not direct traffic.
__________________
SSD Cloud Server, VPS Server, Simple Cloud Hosting | DigitalOcean
|
04-01-2017, 12:02 PM | #47 |
👏 REVOLUTIONARY 👏
Industry Role:
Join Date: Jan 2016
Posts: 1,440
|
You realize HTTPS is now a form of SEO, right? Google favors HTTPS over non-HTTPS.
__________________
|
04-01-2017, 12:05 PM | #48 |
Confirmed User
Join Date: Apr 2008
Posts: 393
|
Has anyone made the transition from http to https: on Wordpress without any ranking drop? If so what plugin if any?
Thanks
__________________
email frozenthype [at] gmail com |
04-02-2017, 01:10 AM | #49 |
Confirmed User
Industry Role:
Join Date: Sep 2009
Posts: 2,302
|
|
04-09-2017, 09:26 AM | #50 |
Too lazy to set a custom title
Join Date: Mar 2002
Location: Australia
Posts: 17,373
|
So I got the HTTPS proxy set up, which rewrites http:// references to go via the script (which is fetched via HTTPS) rather than the affiliate site (which is HTTP). The intent is to prevent the browser warning of insecure content, because my HTTPS page includes content from a HTTP URL.
Then I find that the affiliate program drops my refid from the HTML when my server fetches the content on behalf of the visitor, instead of the visitor's browser fetching it directly. My workaround does NOT work. I've sent them 3 messages in the past 6 weeks and there's been no response. Don't know whether to laugh, or cry. |