Hi I have a Drupal 6 site with Cloudflare as cdn. I also have gzip enabled via apache server setting.
I want to know if I can enable gzip along with Cloudflare html minify? Thanks
Cloudflare dynamically GZips content on supported browsers, and presents this to the end user. This works regardless of whether HTML minify is turned on or off.
Related:
What will Cloudflare gzip?
Does Cloudflare gzip resources?
Related
This is just a question out of curiosity.
How is it that Cloudflare is able to cache my admin panel? How do they do it?
By default, Cloudflare only caches files that should be static all the time (images, css, js, etc.). You can use Page Rules to configure caching of HTML; but, by default, Cloudflare should not cache user-specific markup.
More info from Cloudflare
I have an unusual problem when I used an iframe on a site i'm building. The hotlink protection is off on both servers. The iframe still doesn't work. both are ssl sites. What is strange is I can add a subdomain to the website where the webpage for the iframe, and redirect to the other server, and the site shows up in the iframe after that, but directly it doesn't. Is there by chance a setting on the webserver that doesn't allow external iframes? Is it better to just leave this alone and do a subdomain hop (I'm wondering if the web host guys at hostgator did that on purpose for security, and I should just do the hop method i stumbled upon). both servers are running nginx, webserver is using nginx+apache
Using iframes on external sites can be prevented with HTTP Header like X-Frame-Options
Documentation can be found from here:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
This header can be set by either the web server or the software that is running on the web server.
well, I got it working. in the .htaccess (after I turned back on hotlinking)
I wrote after the RewriteEngine on line:
AllowOverride All
Header set X-Frame-Options "ALLOW-FROM https://www.theothersite.com/"
and it works! of course I added the http and https urls too on the exception list. now I can Iframe and use document-forms POST method
Is it possible to use non-SSL sources with HLS on a page and playlist served via SSL HTTPS?
I have a page served over HTTPS. It uses Video.js to play a .m3u8 playlist. The playlist is fetched from the same server over HTTPS and is dynamically generated. The individual .ts segments within the playlist are stored on a CDN.
I'm finding that the SSL handshakes for each .ts GET request are high. Would like to instead make the .ts GETs use non-SSL HTTP -- the video content is not sensitive (and if it were, HLS supports symmetric AES encryption which is significantly faster than the asymmetric SSL handshake).
However, Chrome is refusing to load the .ts segments from a non-SSL HTTP source:
video.js:26948 Mixed Content: The page at 'https://localhost' was
loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint
'http://foo.com/20180110144476.ts'. This request has been blocked;
the content must be served over HTTPS.
Add a content security policy does not help:
<meta http-equiv="Content-Security-Policy" content="connect-src http://foo.com 'self';">
Since the ts files are fetched via XMLHttpRequest they're considered active mixed content and modern browsers will block access by default.
The CSP's connect-src option further restricts the origins you can connect to and it won't allow you to bypass the mixed-content check.
I'm afraid the only way is to serve everything over either HTTPS or HTTP.
I have a website built using by default using Http protocol , and I'd like to turn it to HTTPS for security purposes.
But, I have a lot of articles (more than 1000) with non-ssl elements like iframe, images from other sites etc...
How can I make it works? I see that CSS and JS are not loading because it use the HTTP link...
I know I can change the header, it's easy but what about these articles?
Is there a plugins that convert http:// to https// ?
I've a web app served by Apache, html pages sent to browsers include several CSS files that are hosted at same web app domain.
I've noticed some websites use my css (and images) including in their pages but this increase my (limited) Apache server traffic.
I want to allow css access only for pages hosted at specific domain(s).
How can I configure the web server (Apache) to refuse serving css outside specific domain(s)?
Example (valid access)
myhost.com/index.html contains inclusion for styles/mystyles.css
Example (invalid access)
foreignhost.com/index.html contains inclusion to myhost.com/styles/mystyles.css
Hotlinking can be prevented with .htaccess files, but it might be more fun to change the URL of your CSS files and put up a file at the old URL that makes their entire site hot pink.