Comments (12)
They seem to indicate that CloudFlare does not support the proper Host header in the calls. If CF does not respect this, they are breaking the RFC standard indicated here: https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.23
I doubt CF is breaking a very critical RFC. I've tested both fsocket and curl implantations and both work on my systems. Which seems to prove this point false. The RFC says the port number is valid as we have specified in the system. The only default is that without the port specified, it defaults to the default port, which is 80. Our systems still respond on port 80 for services like the SMF files as to not break installations that have not updated.
Altervista indicates they are using a customized version of PHP
“Optimized for Altervista” PHP 7.3, a release of php checked by the Altervista team and stitched around the platform, with big improvements in terms of performances and security
I am going to say their "customized" version of PHP, is causing this issue. I don't know if 8.0 that they have is customized as well. It may also be that they are not handling the HTTPS implantation correctly.
from smf.
Interesting points, but it would be even more interesting to understand why version 2.0.19 is not affected. Is there anything special introduced in 2.1.x that could explain this?
from smf.
2.0 tries curl first, whereas 2.1 tries fsocketopen first. The socket connection succeeds but the connection later fails if wha they say is true that they are rejecting the connection because of the port in the Host header.
from smf.
Just to avoid possible misunderstandings, I don't have CloudFlare enabled on my Altervista account and I can still reproduce the issue. Altervista started to remove its support (and vice versa) from May 2022, so I think CF here is irrelevant: 293526-cloudflare-disattivato-senza-motivo.html#post1486965
I'm going to inform their support thread about the existence of this issue, so any suggestion coming from either side would be appreciated.
from smf.
An Altervista staff member recently provided a workaround that seems to work.
However, it's not the best and I hope there will be a permanent fix on their side or on the SMF side.
from smf.
Looks like they are having you connect to a local proxy and it is connecting out.
from smf.
How many issues related to this host have been reported now? Software packages can code as defensively as possible, but at the end of the day a strangely configured host environment will always be able to break things.
In this case, it appears that the host is interfering with outbound requests in some fashion. The solution would be for them to stop doing that.
from smf.
I've been having similar issues on different hosting providers since I started using SMF. With the test script from the URL above:
<?php
$fp = fsockopen("www.simplemachines.org", 443, $errno, $errstr, 30);
if (!$fp) {
echo "$errstr ($errno)<br />\n";
} else {
$out = "GET /smf/current-version.js?version=SMF+2.1.1 HTTP/1.1\r\n";
$out .= "Host: www.simplemachines.org\r\n";
$out .= "Connection: Close\r\n\r\n";
fwrite($fp, $out);
while (!feof($fp)) {
echo fgets($fp, 128);
}
fclose($fp);
}
?>
… my current server (hosted by Contabo) returns the following:
HTTP/1.1 400 Bad Request
Server: cloudflare
Date: Sun, 11 Jun 2023 10:41:28 GMT
Content-Type: text/html
Content-Length: 253
Connection: close
CF-RAY: -
<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>cloudflare</center>
</body>
</html>
Until now I didn't even know they were using Cloudflare.
from smf.
Then again, their other test script that is using the SMF code seems to work for me, returning string(32) "window.smfVersion = "SMF 2.1.4";"
.
from smf.
Huh, apparently it works with my current hosting provider, and I didn't notice for almost a year. 🤡
from smf.
If your using fsocketopen, you need to prefix the hostname with ssl://, in addition to the port number.
https://stackoverflow.com/questions/1757957/how-do-i-get-ssl-working-in-fsockopen
The port number alone won't tell it to use https.
from smf.
I can confirm that it also works when using the fixed script:
<?php
$fp = fsockopen("ssl://www.simplemachines.org", 443, $errno, $errstr, 30);
if (!$fp) {
echo "$errstr ($errno)<br />\n";
} else {
$out = "GET /smf/current-version.js?version=SMF+2.1.1 HTTP/1.1\r\n";
$out .= "Host: www.simplemachines.org\r\n";
$out .= "Connection: Close\r\n\r\n";
fwrite($fp, $out);
while (!feof($fp)) {
echo fgets($fp, 128);
}
fclose($fp);
}
?>
This results in the following:
HTTP/1.1 200 OK
Date: Mon, 12 Jun 2023 10:36:07 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Cache-Control: no-cache, must-revalidate
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Sat, 10 Jun 2023 17:24:13 GMT
etag: "[…]"
vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=[…]"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: […]-FRA
20
window.smfVersion = "SMF 2.1.4";
0
PS: I only realized after my last post that Cloudflare might also be on the SMorg side, not at my hoster.
from smf.
Related Issues (20)
- 3.0: Interface for background tasks queue HOT 4
- [3.0]: Actions\Admin\Permissions::$permission_groups HOT 1
- [3.0]: Background tasks not running
- [3.0]: TypeError on export profile data
- [3.0]: TypeError on adding new languages HOT 1
- [2.1.4]: Installing mod package fails? but succeeds
- [2.1.4]: Renaming a ban fails with Database Error if name is too long HOT 2
- [3.0]: Avatar changing HOT 4
- [3.0]: htmlspecialcharsRecursive receives integers HOT 2
- [3.0]: Alert::fetch() $to_fetch is receiving integers HOT 14
- [3.0] Backards compat strict type error HOT 3
- [3.0]: Undefined array key in SMF\Actions\Admin\Permissions
- [3.0]: Problems with loading default language strings when using additional languages HOT 3
- [3.0]: Type of SMF\Actions\Post2::$obj must be SMF\Actions\Post HOT 13
- [3.0]: TypeError on removing topic/message
- [3.0]: Class "SMF_BackgroundTask" not found HOT 2
- [2.1, 3.0]: Wrong position for $context['error_code'] in template HOT 3
- [3.0]: Undefined array key "passwrd1" when changing password HOT 4
- [3.0]: Permissions with the 'never_guest' property still show a checkbox for guests in inline permission forms
- [3.0]: Package Manager dies horribly
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from smf.