Changing outer_background

I have valid & verified SSL installed on my domain.

I got this error while trying to change the "outer_background" image by uploading a new image. As soon as I selected the the image to upload it, it halts the upload and the error pops up. 



This is what is in my .htaccess file in document root.  I exchanged my real domain to "mydomain.com"  on this posting.

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} ^mydomain\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.mydomain\.com$
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^/?$ "https\:\/\/mydomain\.com\/SSL_Secured" [R=301,L]

SSL/TLS (HTTPS) configuration

Home → Admin Zone → Security → SSL/TLS (HTTPS) configu…  ALL were unticked when I arrived at this page for the first time. During my install I did specify that the website is on a SSL.

Even though I ticked the following, I still get the HTTP error message.

I ticked these because I think they should be
My SSL is always active in the URL.  Everypage I go to is protected via a SSL connections.

My question is a two part question.  1.) Is it bad to configure composr to simply provide every page, every zone, every aspect of the site a SSL connection? 2.) How to I go about fixing this error?

I tried adding this to the .httacces obtained from:  https://compo.sr/docs/tut-security.htm#title__23, but no luck. I'm stilling getting the error after the below insertion. So I simply removed it.

RewriteEngine on

RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_METHOD} !POST
RewriteRule ^$ https://%{HTTP_HOST}%{REQUEST_URI} [L,NE,R=301]

RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_METHOD} !POST
RewriteRule ^.*\.(php|htm).*$ https://%{HTTP_HOST}%{REQUEST_URI} [L,NE,R=301]

RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_METHOD} !POST
RewriteRule ^.*/pg/.*$ https://%{HTTP_HOST}%{REQUEST_URI} [L,NE,R=301]

 

I serve my entire site via ssl.

This is all i added to me htaccess:

I just found two duplicate lines in my own .htaccess removing them now.

DUPLICATES
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$

---

CONFLICTING SETUP

I think I am having a conflicting setup.  I think Apache is setup to $https everywere. On the otherhand. Composr is not. 

Composr can be selective on what pages or areas of the site you want SSL enabled or not. But "I think" this is were my conflict is occuring?  Now,  I understand about the extra bandwidth being used when encrypting data and some pages really don't need ssl. Actually this does make since to reduce bandwidth for faster performance, less data to transmit ..etc.. and this would seem to be ok as long as their is no "WARNING - Your Connection Is Insecure" message thrown in the face of a visitor or member scaring the Sh*t out of them making them think that their connection just got insecure. Such a warning would and could make them think that the connection/the website connection is flakey or is messed up.  This would also put doubt in a customer's eyes and I could actually loose a sale. I don't want to loose a sale.

How do you make composr use SSL site wide? because it seems like all of "RewriteCond" I have in my .htaccess file is not getting the job done?

Paul Flavel said

I serve my entire site via ssl.

This is all i added to me htaccess:

Code

RewriteEngine on
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.mydomain.com/$1 [R=301,L]

From “Post #2,454”, 21st April 2017, 4:31 am

Per above.

Thanks paul, but I'm not trying to setup SSL with Apache,  I'm trying to get Composr to post using SSL, when posting or uploading an image for now.  For now, I am only getting an "HTTP:" warning message, Not an "HTTPS" When I try to change the image of my "outer_background"  in the

SSL/TLS (HTTPS) configuration
Section

Now, I went ahead and put a tick mark in every single tick box at: 
Home → Admin Zone → Security → SSL/TLS (HTTPS) configu…   after this while trying to  changed the "outer_background" image.

Im still getting the "http" error as soon as the script trys to upload the image.

Composr is trying to upload the image via "http" protocal when it needs to be uploading it via "https" protocal.  This is what needs fixing!
 

Running Composr Version: 10.1 - I havn't upgraded to version 10.3 yet

Subject:  While trying to change the "outer_background" image, I'm getting an [HTTP Error]. I First thought it had to be an issue with SSL, but after checking the error log, it was reporting the image was TOO SMALL? lol… wtf? The image is 220 x 220 @ 695 bytes. That is not even 1kb.

ERROR LOG CHECK

I checked the error log and what I found was that the error log was being amended every time I tried to upload/change the "outer_background" image and was reporting image to small. CrazzzYYeee !!!!

Only 10 entries before I attempted to upload/change "outer_background" again:


Attempted to upload, got HTTP Error again,  and now I have 11 entries.


Somebody please tell me what is going on here? I'm spending more time trouble shooting than actually getting work done.

In the off chance that you are seeing a bug, might I suggest you update to version 10.0.3. If you still have the issues as above then we could work from there. I had some uploading issues with earlier versions that have been fixed in 10.0.3.

PS: It is saying your file is too large.

Will do.

From version 10.1 to version 10.3 —– there is a long list of fixes.

I Will update to version 10.3.

Upgraded to Composr V10.0.3


  The problem still exist. (HTTP error) trying to post "outer_background" image .


 

What errors are you seeing in the error_log file in your sites home directory.

Ok let's see if I can quickly resolve this for you…

1) SSL

The best way is to not use the 'ssl' addon. Just change your base URL in _config.php to be an https base URL. It's also good to have redirects in .htaccess, we have some sample ones in Composr Tutorial: Security - Composr

2) HTTP error

Your upload_max_filesize PHP setting is too low.
We have rules in our recommended.htaccess to fix that:
Although not all servers run PHP as an Apache module, so these commands won't work for those.

In which case you can do it via a .user.ini file with this contents:

It is strange your upload limit is being exceeded. I am questioning whether the background you're using is huge, in which case I'd recommend doing something about that - you don't want to force users to download a 3MB file just for background tiles, for example.

What errors are you seeing in the error_log file in your sites home directory.

The only "error_log" I have period, is located: .softaculous/logs/error_log.log and it is completely empty.


I am going to try and solve this by what Chris has recommended.

Meanwhile here is my upload image and information about the image.

The size is not even 1 kilobyte.

General
Complete name                            : outer_background.png
Format                                   : PNG
Format/Info                              : Portable Network Graphic
File size                                : 695 Bytes

Image
Format                                   : PNG
Format/Info                              : Portable Network Graphic
Width                                    : 220 pixels
Height                                   : 220 pixels
Bit depth                                : 32 bits
Compression mode                         : Lossless
Stream size                              : 695 Bytes (100%)

 

---

The best way is to not use the 'ssl' addon.

SSL Module has been uninstalled

_config.php

The base URL has already been set to: $SITE_INFO['base_url'] = 'https://mydomian.com/SSL_Secured';

Therefore Composr was installed into the "/SSL_Secured" directory.

.htaccess

My ".htaccess" file/s locations and contents of these .htaccess files are as follows:

/public_html/.htaccess

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} ^mydomain\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.mydomain\.com$
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^/?$ "https\:\/\/mydomain\.com\/SSL_Secured" [R=301,L]

/public_html/SS_Secured/.htaccess ( This .htaccess file is "recommended.htaccess" renamed to ".htaccess" so Apache will read it.)

# Disable inaccurate security scanning (Composr has its own). This disabling only works with modsecurity1 unfortunately.
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
SecRuleRemoveById 300018 340147 340014 950119 950120 973331
</IfModule>

<IfModule mod_php5.c>
# Composr needs uploads; many hosts leave these low
php_value post_max_size "500M"
php_value upload_max_filesize "500M"

# Turn insecure things off
php_flag allow_url_fopen off
php_flag register_globals off

# Put some limits up. Composr is stable enough not to cause problems- it'll only use higher limits when it really needs them
php_value memory_limit "128M"
php_value max_execution_time "30"
php_value max_input_vars "2000"

# This causes unstability (and is known/documented to) but some hosts turn it on
php_value mbstring.func_overload "0"
php_flag mail.add_x_header off

# Suhosin can cause problems on configuration, language editing, and Catalogue forms, which use a lot of fields
php_value suhosin.post.max_vars "2000"
php_value suhosin.get.max_vars "100"
php_value suhosin.request.max_vars "2000"
php_value suhosin.cookie.max_vars "100"
php_value suhosin.post.max_value_length "100000000"
php_value suhosin.get.max_value_length "512"
php_value suhosin.request.max_value_length "100000000"
php_value suhosin.cookie.max_value_length "10000"
php_value suhosin.post.max_name_length "64"
php_value suhosin.get.max_name_length "64"
php_value suhosin.request.max_name_length "64"
php_value suhosin.cookie.max_name_length "64"
php_value suhosin.post.max_totalname_length "256"
php_value suhosin.get.max_totalname_length "256"
php_value suhosin.request.max_totalname_length "256"
php_value suhosin.cookie.max_totalname_length "256"
php_flag suhosin.cookie.encrypt off
php_flag suhosin.sql.union off
php_flag suhosin.sql.comment off
php_flag suhosin.sql.multiselect off
php_flag suhosin.upload.remove_binary off
# Some free hosts prepend/append junk, which is not legitimate (breaks binary and AJAX scripts, potentially more)
php_value auto_prepend_file none
php_value auto_append_file none
</IfModule>

# This unavoidably kills filedump folder creation, and stops us controlling our script execution time
# php_flag safe_mode off		But unfortunately we can't control it except from php.ini

# Sandbox Composr to its own directory
# php_value open_basedir "/tmp:/home/blah/public_html/composr/"		But needs customising for your server and only works outside php.ini in PHP6+

# Set Composr to handle 404 errors. Assume Composr is in the root
<FilesMatch !"\.(jpg|jpeg|gif|png|ico)$">
ErrorDocument 404 /index.php?page=404
</FilesMatch>

# Compress some static resources
<IfModule mod_deflate.c>
<IfModule mod_filter.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/javascript
</IfModule>
</IfModule>

# We do not want for TAR files, due to IE bug http://blogs.msdn.com/b/wndp/archive/2006/08/21/content-encoding-not-equal-content-type.aspx (IE won't decompress again as it thinks it's a mistake)
<IfModule mod_setenvif.c>
SetEnvIfNoCase Request_URI \.tar$ no-gzip dont-vary
</IfModule>

<IfModule mod_rewrite.c>

# Needed for mod_rewrite. Disable this line if your server does not have AllowOverride permission (can be one cause of Internal Server Errors)
Options +SymLinksIfOwnerMatch -MultiViews

RewriteEngine on
# If rewrites are directing to bogus URLs, try adding a "RewriteBase /" line, or a "RewriteBase /subdir" line if you're in a subdirectory. Requirements vary from server to server.

# Serve pre-compressed CSS/JS files if they exist and the client accepts gzip
<FilesMatch "\.js\.gz($|\?)">
ForceType application/javascript
Header set Content-Encoding: gzip
Header append Vary: Accept-Encoding
</FilesMatch>
<FilesMatch "\.css\.gz($|\?)">
ForceType text/css
Header set Content-Encoding: gzip
Header append Vary: Accept-Encoding
</FilesMatch>
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule (.*/templates_cached/[^/]*/[^/]*\.(css|js)) $1.gz [QSA]
SetEnvIfNoCase Request_URI (.*/templates_cached/[^/]*/[^/]*\.(css|js)) no-gzip

# Anything that would point to a real file should actually be allowed to do so. If you have a "RewriteBase /subdir" command, you may need to change to "%{DOCUMENT_ROOT}/subdir/$1".
RewriteCond $1 ^\d+.shtml [OR]
RewriteCond $1 \.(css|js|png|jpg|jpeg|gif) [OR]
RewriteCond %{DOCUMENT_ROOT}/$1 -f [OR]
RewriteCond %{DOCUMENT_ROOT}/$1 -l [OR]
RewriteCond %{DOCUMENT_ROOT}/$1 -d [OR]
RewriteCond $1 -f [OR]
RewriteCond $1 -l [OR]
RewriteCond $1 -d
RewriteRule ^(.*) - [L]

# crossdomain.xml is actually Composr-driven
RewriteRule ^crossdomain.xml data/crossdomain.php

# WebDAV implementation (requires the non-bundled WebDAV addon)
RewriteRule ^webdav(/.*|$) data_custom/webdav.php [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
RewriteCond %{HTTP_HOST} ^webdav\..*
RewriteRule ^(.*)$ data_custom/webdav.php [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

#FAILOVER STARTS
### LEAVE THIS ALONE, AUTOMATICALLY MAINTAINED ###
#FAILOVER ENDS

# Redirect away from modules called directly by URL. Helpful as it allows you to "run" a module file in a debugger and still see it running.
RewriteRule ^([^=]*)pages/(modules|modules_custom)/([^/]*)\.php$ $1index.php\?page=$3 [L,QSA,R]

# PG STYLE: These have a specially reduced form (no need to make it too explicit that these are Wiki+). We shouldn't shorten them too much, or the actual zone or base URL might conflict
RewriteRule ^([^=]*)pg/s/([^\&\?]*)/index\.php$ $1index.php\?page=wiki&id=$2 [L,QSA]

# PG STYLE: These are standard patterns
RewriteRule ^([^=]*)pg/([^/\&\?]*)/([^/\&\?]*)/([^\&\?]*)/index\.php(.*)$ $1index.php\?page=$2&type=$3&id=$4$5 [L,QSA]
RewriteRule ^([^=]*)pg/([^/\&\?]*)/([^/\&\?]*)/index\.php(.*)$ $1index.php\?page=$2&type=$3$4 [L,QSA]
RewriteRule ^([^=]*)pg/([^/\&\?]*)/index\.php(.*)$ $1index.php\?page=$2$3 [L,QSA]
RewriteRule ^([^=]*)pg/index\.php(.*)$ $1index.php\?page=$3 [L,QSA]

# PG STYLE: Now the same as the above sets, but without any additional parameters (and thus no index.php)
RewriteRule ^([^=]*)pg/s/([^\&\?]*)$ $1index.php\?page=wiki&id=$2 [L,QSA]
RewriteRule ^([^=]*)pg/([^/\&\?]*)/([^/\&\?]*)/([^\&\?]*)/$ $1index.php\?page=$2&type=$3&id=$4 [L,QSA]
RewriteRule ^([^=]*)pg/([^/\&\?]*)/([^/\&\?]*)/([^\&\?]*)$ $1index.php\?page=$2&type=$3&id=$4 [L,QSA]
RewriteRule ^([^=]*)pg/([^/\&\?]*)/([^/\&\?]*)$ $1index.php\?page=$2&type=$3 [L,QSA]
RewriteRule ^([^=]*)pg/([^/\&\?]*)$ $1index.php\?page=$2 [L,QSA]

# PG STYLE: And these for those nasty situations where index.php was missing and we couldn't do anything about it (usually due to keep_session creeping into a semi-cached URL)
RewriteRule ^([^=]*)pg/s/([^\&\?\.]*)&(.*)$ $1index.php\?$3&page=wiki&id=$2 [L,QSA]
RewriteRule ^([^=]*)pg/([^/\&\?\.]*)/([^/\&\?\.]*)/([^/\&\?\.]*)&(.*)$ $1index.php\?$5&page=$2&type=$3&id=$4 [L,QSA]
RewriteRule ^([^=]*)pg/([^/\&\?\.]*)/([^/\&\?\.]*)&(.*)$ $1index.php\?$4&page=$2&type=$3 [L,QSA]
RewriteRule ^([^=]*)pg/([^/\&\?\.]*)&(.*)$ $1index.php\?$3&page=$2 [L,QSA]

# HTM STYLE: These have a specially reduced form (no need to make it too explicit that these are Wiki+). We shouldn't shorten them too much, or the actual zone or base URL might conflict
RewriteRule ^(site|forum|adminzone|cms|collaboration)/s/([^\&\?]*)\.htm$ $1/index.php\?page=wiki&id=$2 [L,QSA]
RewriteRule ^s/([^\&\?]*)\.htm$ index\.php\?page=wiki&id=$1 [L,QSA]

# HTM STYLE: These are standard patterns
RewriteRule ^(site|forum|adminzone|cms|collaboration)/([^/\&\?]+)/([^/\&\?]*)/([^\&\?]*)\.htm$ $1/index.php\?page=$2&type=$3&id=$4 [L,QSA]
RewriteRule ^(site|forum|adminzone|cms|collaboration)/([^/\&\?]+)/([^/\&\?]*)\.htm$ $1/index.php\?page=$2&type=$3 [L,QSA]
RewriteRule ^(site|forum|adminzone|cms|collaboration)/([^/\&\?]+)\.htm$ $1/index.php\?page=$2 [L,QSA]
RewriteRule ^([^/\&\?]+)/([^/\&\?]*)/([^\&\?]*)\.htm$ index.php\?page=$1&type=$2&id=$3 [L,QSA]
RewriteRule ^([^/\&\?]+)/([^/\&\?]*)\.htm$ index.php\?page=$1&type=$2 [L,QSA]
RewriteRule ^([^/\&\?]+)\.htm$ index.php\?page=$1 [L,QSA]

# SIMPLE STYLE: These have a specially reduced form (no need to make it too explicit that these are Wiki+). We shouldn't shorten them too much, or the actual zone or base URL might conflict
#RewriteRule ^(site|forum|adminzone|cms|collaboration)/s/([^\&\?]*)$ $1/index.php\?page=wiki&id=$2 [L,QSA]
#RewriteRule ^s/([^\&\?]*)$ index\.php\?page=wiki&id=$1 [L,QSA]

# SIMPLE STYLE: These are standard patterns
#RewriteRule ^(site|forum|adminzone|cms|collaboration)/([^/\&\?]+)/([^/\&\?]*)/([^\&\?]*)$ $1/index.php\?page=$2&type=$3&id=$4 [L,QSA]
#RewriteRule ^(site|forum|adminzone|cms|collaboration)/([^/\&\?]+)/([^/\&\?]*)$ $1/index.php\?page=$2&type=$3 [L,QSA]
#RewriteRule ^(site|forum|adminzone|cms|collaboration)/([^/\&\?]+)$ $1/index.php\?page=$2 [L,QSA]
#RewriteRule ^([^/\&\?]+)/([^/\&\?]*)/([^\&\?]*)$ index.php\?page=$1&type=$2&id=$3 [L,QSA]
#RewriteRule ^([^/\&\?]+)/([^/\&\?]*)$ index.php\?page=$1&type=$2 [L,QSA]
#RewriteRule ^([^/\&\?]+)$ index.php\?page=$1 [L,QSA]
</IfModule>


order allow,deny
allow from all
# IP bans go here (leave this comment here! If this file is writeable, Composr will write in IP bans below, in sync with its own DB-based banning - this makes DOS/hack attack prevention stronger)
# deny from xxx.xx.x.x (leave this comment here!)

SUCCESS, I hope. My fingers are crossed.

Upon completion of Chris's suggestions this fixed the problem with images not being able to be upload.  I was able to upload the image, but the image did not show immediately.  I had to use the "Website Cleanup tools" to make it the "outer_background" image appear.  I think I had to do this is because I named my new "outer_background" image with the same file name as the default image. So I renamed the new file I was trying to upload differently.






 

Glad you got it to work.

In the aim of sharing information, knowing you already fixed your issue…

Meanwhile here is my upload image and information about the image.

The size is not even 1 kilobyte.

Sometimes people misconfigure the post_max_size or upload_max_filesize PHP settings, and PHP then treats them as lower.
For example, if you entered "25MB", that would count as 25 bytes as the correct syntax would be "25M". PHP: Using PHP - Manual

So that's a possibility, that some config file (.htaccess, php.ini, .user.ini, a server setting) is introducing a corrupt setting. I've seen even web hosts make this mistake.

I've added a check to Composr's php-info (which already runs other checks) that detects if post_max_size or upload_max_filesize is too low.
You can already manually see what the setting in use is from the PHP-Info.

Therefore Composr was installed into the "/SSL_Secured" directory.

I just read back over what you wrote. It doesn't seem to be anything to do with SSL then.

"HTTP Error" is just the default error given by plUpload (the uploader we use within Composr) when any kind of error status comes back from the server.
I'm actually going to change that in the patch release as I'd agree it's not clear.

Great points Chris. I agree with all of it.