It is currently Sat Apr 20, 2019 8:02 am

All times are UTC - 7 hours





Post new topic Reply to topic  [ 6 posts ] 
Author Message
PostPosted: Thu Nov 23, 2017 3:40 pm 
Offline
User avatar

Joined: Sun Jan 22, 2012 12:03 pm
Posts: 7408
Location: Canada
HTTPS links to the root page of the wiki get redirected to an HTTP page, losing security:
https://wiki.nesdev.com

A direct link to any article, however, takes me to an HTTPS page as expected:
https://wiki.nesdev.com/w/index.php/Nesdev

I presume that whatever's at the root page contains a hardcoded redirect to http://wiki.nesdev.com/w/index.php/Nesdev_Wiki rather than something that preserves the security protocol?


Top
 Profile  
 
PostPosted: Wed Mar 20, 2019 9:04 pm 
Offline
User avatar

Joined: Thu Apr 23, 2009 11:21 pm
Posts: 981
Location: cypress, texas
It seems to be still redirecting to http.

Maybe this page could provide the needed addition to the .htaccess file used for wiki.nesdev.com. It seems to me, after reading arkascha's reply, that replacing the http://, in wiki.nesdev.com's .htaccess's RewriteRule line, with %{REQUEST_SCHEME}:// would allow https://wiki.nesdev.com to redirect to https://wiki.nesdev.com/w/index.php/Nesdev_Wiki bc REQUEST_SCHEME must be the server's variable that holds the user-entered http or https.

Am definitly not an .htaccess champion, but this seems like it is worth trying to me. :)

p.s. maybe a redirect to ftp://wiki.nesdev.com/w/index.php/Nesdev_Wiki from ftp://wiki.nesdev.com would be kind of weird, but, if you you want to, I'm sure those types of REQUEST_SCHEME can be prevented. :)


Top
 Profile  
 
PostPosted: Thu Mar 21, 2019 1:48 am 
Offline
User avatar

Joined: Sun Sep 19, 2004 9:28 pm
Posts: 4012
Location: A world gone mad
@rainwarrior Your theory is pretty much correct. I don't maintain the site any longer, but when I did, pretty sure that was the exact situation. It's just a configuration redirect that needs to be modified to retain the URI scheme (see below).

To be clear, the way the redirections work is as follows -- there are actually two redirects involved, but it happens fairly quickly so you don't notice it:

http://wiki.nesdev.com/ --> HTTP 302 --> http://wiki.nesdev.com/w/ --> HTTP 302 --> https://wiki.nesdev.com/w/index.php/Nesdev_Wiki
https://wiki.nesdev.com/ --> HTTP 302 --> http://wiki.nesdev.com/w/ --> same as above

The stuff under /w/ is all MediaWiki; that's just how the site was set up long ago.

@unregistered -- As for .htaccess -- I do not know if the server running the site and wiki still uses Apache. It did when I helped maintain it and had shell access, but BootGod revamped things heavily (there's now an intermediary proxy running nginx that inserts ads and other stuff), so I dunno if Apache is still involved or if he switched the back-end to nginx+php-fpm. If it's using nginx+php-fpm: nginx does not have .htaccess support, and such redirections have to be done in the nginx configuration natively by the systems administrator. If it is still using Apache, then it's either an httpd.conf redirection, an .htaccess redirection either through one of mod_alias's Redirect* directives or through mod_rewrite's Rewrite* directives (the latter are more CPU intensive and complicated and shouldn't be needed to retain URI scheme), possibly done in PHP, etc... Just too many situations to cover. I can't remember if the site used mod_alias or mod_rewrite directives.

In other words, in Apache-speak, all you really need to do is something like this for the wiki.nesdev.com VirtualHost using mod_alias and the URI scheme gets retained regardless of which you use, since the destination of the redirect isn't a full URI thus "path relative":

Code:
RedirectMatch "^/?$" "/w/"

Most people end up writing awful redirection directives (especially in mod_rewrite) that complicate matters greatly. Less = better. If I still maintained the server/etc. this is literally a 10 second task, heh. :)


Top
 Profile  
 
PostPosted: Thu Mar 21, 2019 8:55 am 
Offline
User avatar

Joined: Thu Apr 23, 2009 11:21 pm
Posts: 981
Location: cypress, texas
koitsu wrote:
To be clear, the way the redirections work is as follows -- there are actually two redirects involved, but it happens fairly quickly so you don't notice it:

http://wiki.nesdev.com/ --> HTTP 302 --> http://wiki.nesdev.com/w/ --> HTTP 302 --> https://wiki.nesdev.com/w/index.php/Nesdev_Wiki
https://wiki.nesdev.com/ --> HTTP 302 --> http://wiki.nesdev.com/w/ --> same as above
I bet it was a typo, but http never redirects to https... for me at least :)

koitsu wrote:
In other words, in Apache-speak, all you really need to do is something like this for the wiki.nesdev.com VirtualHost using mod_alias and the URI scheme gets retained regardless of which you use, since the destination of the redirect isn't a full URI thus "path relative":

Code:
RedirectMatch "^/?$" "/w/"

Most people end up writing awful redirection directives (especially in mod_rewrite) that complicate matters greatly. Less = better. If I still maintained the server/etc. this is literally a 10 second task, heh. :)
Really cool! Thank you for sharing! :D My suggestion was just to change RewriteRule's "http" to "%{REQUEST_SCHEME}", but I had never read about RedirectMatch... you seem like an .htaccess champion, koitsu, and so I hope the nesdev wiki is hosted on an apache server. :)


Top
 Profile  
 
PostPosted: Thu Mar 21, 2019 9:11 am 
Offline

Joined: Sun Sep 19, 2004 11:12 pm
Posts: 21311
Location: NE Indiana, USA (NTSC)
The recommended fix is to edit LocalSettings.php to make $wgServer scheme-relative.
Code:
// Replace this
$wgServer = "http://wiki.nesdev.com";
// with this
$wgServer = "//wiki.nesdev.com";

_________________
Pin Eight | Twitter | GitHub | Patreon


Top
 Profile  
 
PostPosted: Thu Mar 21, 2019 9:29 am 
Offline
User avatar

Joined: Thu Apr 23, 2009 11:21 pm
Posts: 981
Location: cypress, texas
tepples wrote:
The recommended fix is to edit LocalSettings.php to make $wgServer scheme-relative.
Code:
// Replace this
$wgServer = "http://wiki.nesdev.com";
// with this
$wgServer = "//wiki.nesdev.com";
WOW, that's a great very specific fix... even 5 less characters! Extremely impressive tepples! :D

"scheme-relative" is so cool! :D


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC - 7 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group