# Why Isn't GBAtemp using SSL?



## Termer (Jan 19, 2018)

I just noticed. Why isn't GBAtemp using SSL/HTTPS? That's pretty bad, considering how many users and accounts there are here.


----------



## Scarlet (Jan 19, 2018)

Termer said:


> I just noticed. Why isn't GBAtemp using SSL/HTTPS? That's pretty bad, considering how many users and accounts there are here.


Go to https://gbatemp.net/ and you should have a HTTPS connection. I believe it isn't forced HTTPS since the site would lose a lot of Chinese traffic. Something like that.


----------



## Termer (Jan 19, 2018)

Chinese traffic? I'm just curious, is there much legitimate chinese traffic going to the site? And why would forced HTTPS block out chinese connections?


----------



## Scarlet (Jan 19, 2018)

Termer said:


> Chinese traffic? I'm just curious, is there much legitimate chinese traffic going to the site? And why would forced HTTPS block out chinese connections?


Can't remember the specifics. I just remember from the last HTTPS thread that it was a reason it wasn't forced. 


FAST6191 said:


> Yes. The SSL on this site is a fairly complex setup and things like that are chosen for a reason, that being those in China (no small amount of the userbase and several flash cart and such team members) and other countries with fun approaches to such things get troubled by it.
> Anybody that cares can move to it, also run something like https://www.eff.org/Https-Everywhere


----------



## Termer (Jan 19, 2018)

Scarlet said:


> Can't remember the specifics. I just remember from the last HTTPS thread that it was a reason it wasn't forced.


Oh, I just read that they can't enforce censorship easily using encrypted connections. Makes sense. What doesn't made sense is why anyone in China would want to visit this site. The nature of the site is not one that would be condoned by the Chinese gov't (hacking, jailbreaking, pirating).

Oh, the joys of living in a communist country!


----------



## FAST6191 (Jan 19, 2018)

"The nature of the site is not one that would be condoned by the Chinese gov't (hacking, jailbreaking, pirating)."

Thankfully I have continued to leave the arms on my chair else I might have fallen off when laughing. General IP policy of China is "is it a Chinese piece of IP you are screwing with? No? Carry on unless it is one of those 2 weeks every 3 years where we pretend to care."



Volume wise I have not seen the stats but I am not expecting the highest (there are some fantastic Chinese language equivalents of this place, http://bbs.tgbus.com/forum.php to say nothing of tencent/qq groups actually being worthwhile unlike every discord* and facebook group on the matter), quality/usefulness wise there are several flash cart team members wanting to post updates and such.
It is not only China as well -- various places in the middle east, Africa, various employers... will block things or otherwise trouble things.
Equally it is just a forum.

*IRC is of course a different matter.


----------



## Xathya (Jan 21, 2018)

"is prety complex here"
the fuck is talk? its literal just normal free lets encrybt certifikat but doesnt redirects http to https. nothing advance about that mr fast but maybe you have no experient with the web servers


----------



## FAST6191 (Jan 21, 2018)

I was there for one of the big discussions on what should go into the .htaccess and the general implementation of SSL. After we sorted out how the various subdomains would play out (historically there were quite a few), someone groaned about having to sort hardlinks in a few places and all the other stuff that comes from a website with as long a history as this (as well as customisation as extensive as it is) then a major component of that discussion was on the demographics/user locations and relative effects of SSL and what might be done.
Such things are what inform the replies to these sorts of questions.


----------



## shadoom (Jan 21, 2018)

Maybe because the NSA couldn't spy on our religion, trans and politic talks.
Jk they already know O_O


----------



## DarthDub (Jan 21, 2018)

Wii U internet browser can't open GBATemp when it has the SSL connection, so I'm glad I can do without.


----------



## Xathya (Jan 22, 2018)

FAST6191 said:


> I was there for one of the big discussions on what should go into the .htaccess and the general implementation of SSL. After we sorted out how the various subdomains would play out (historically there were quite a few), someone groaned about having to sort hardlinks in a few places and all the other stuff that comes from a website with as long a history as this (as well as customisation as extensive as it is) then a major component of that discussion was on the demographics/user locations and relative effects of SSL and what might be done.
> Such things are what inform the replies to these sorts of questions.


>.htaccess
>ngnix
HMMMS you dont sem the very educate on web servers friend


----------



## Costello (Jan 22, 2018)

FAST has already answered, we could enforce HTTPS-only but it would harm traffic coming from China indeed.
they censor a lot of HTTPS-only sites for the reason you can imagine.
and we do have a lot of visitors from China, far from the majority but a significant enough number.
just set the HTTPS version of GBAtemp in your bookmarks and you'll be good. You can even use add-ons that force HTTPS.


----------



## Xathya (Jan 22, 2018)

Costello said:


> FAST has already answered, we could enforce HTTPS-only but it would harm traffic coming from China indeed.
> they censor a lot of HTTPS-only sites for the reason you can imagine.
> and we do have a lot of visitors from China, far from the majority but a significant enough number.
> just set the HTTPS version of GBAtemp in your bookmarks and you'll be good. You can even use add-ons that force HTTPS.


wel i know temp isnt realy a very ambitotions projec but why dont u do geo chek of redirects? set up an 301 from http to https but excludes chinsa.!


----------



## Costello (Jan 22, 2018)

Xathya said:


> wel i know temp isnt realy a very ambitotions projec but why dont u do geo chek of redirects? set up an 301 from http to https but excludes chinsa.!



it's not a bad idea actually  we can look into it


----------



## FAST6191 (Jan 22, 2018)

While that might sort China if you can get the IP ranges sorted (China is not gobbling up IPv4 as much as you might imagine but it is happening in dribs and drabs) there are also a bunch of institutions (normally done such that 443 is slow as sin, enough to get email but wouldn't want to do day to day internet on it), devices and other countries which aspire to similar things.

At that point you end up in the equivalent of

and

But for this
Most work I see done for it is for spam and DDOS protection (the local Indian takeaway you just made a site for is unlikely to be getting traffic from anywhere other than your country, or your country + India/Pakistan/Bangladesh + tourist countries)... and you have dealt with the fun of third party blacklists for the last how many years now?

Not as troubling as losing China (or the technically less capable Chinese) but if business as usual results in no great harm done...


----------



## Xathya (Jan 22, 2018)

FAST6191 said:


> While that might sort China if you can get the IP ranges sorted (China is not gobbling up IPv4 as much as you might imagine but it is happening in dribs and drabs) there are also a bunch of institutions (normally done such that 443 is slow as sin, enough to get email but wouldn't want to do day to day internet on it), devices and other countries which aspire to similar things.
> 
> At that point you end up in the equivalent of
> 
> ...



fast you sem to read more than you practic. no one is talkings about seting up ip blox or ranches for chinsa, but to geo loksup if sais IP IS chinsa, then not forces the ssls.


----------



## FAST6191 (Jan 22, 2018)

I was saying the geo lookups, the security peeps having a very vested in that andthen being the primary source for a lot of them, lag behind the times* and if the simple solution of "remove the s" is not there then you risk excluding people. As SSL is there for those that want and even if not it is just a forum so no harm done if sniffing traffic. If it is done like that then so it goes but from where I sit the current system is working just fine.

*one spammer squeaks out of a geo lookup and nobody cares as the rest are blocked, or get to continue running the gauntlet of your other security.

I was also saying it is far from only China that does it. Various other Asian states, various African ones, various middle Eastern ones, not sure about south America these days but it would not be unknown. In some ways it would not be as bad as blocking China but we have had many nice members living in countries with suspect approaches to surveillance. I mentioned institutions which do it (bored people at work/school making up an appreciable fraction) and we have a user in this very thread saying a popular device does not support the implementation (not sure if crypto mismatch or unrecognised CA). If you start down that path you either exclude those, try your best and hope nobody gets blocked, or end up in a nightmare like those videos show.


----------



## Costello (Jan 23, 2018)

there's also the issue of server resources...
adding a geo IP check on every HTTP request could take a toll on the server.
I could add the check only on the / uri (home page) but then if people land on gbatemp through search engine results they wont land on the home page so the HTTPS redirect wont be useful


----------



## Costello (Feb 20, 2018)

Xathya said:


> wel i know temp isnt realy a very ambitotions projec but why dont u do geo chek of redirects? set up an 301 from http to https but excludes chinsa.!



I have now enforced HTTPS site wide except for Chinese visitors 

thanks for the suggestions guys


----------



## The Real Jdbye (Feb 20, 2018)

Costello said:


> there's also the issue of server resources...
> adding a geo IP check on every HTTP request could take a toll on the server.
> I could add the check only on the / uri (home page) but then if people land on gbatemp through search engine results they wont land on the home page so the HTTPS redirect wont be useful


Why not do it client side in JavaScript? That way it doesn't take up server resources.


----------



## Termer (Jan 19, 2018)

I just noticed. Why isn't GBAtemp using SSL/HTTPS? That's pretty bad, considering how many users and accounts there are here.


----------



## Xathya (Feb 21, 2018)

Costello said:


> I have now enforced HTTPS site wide except for Chinese visitors
> 
> thanks for the suggestions guys


awesome god jobs mr costels! i see ur become nginx ninja likes mes :sunglesis:
we habst now protect milion of pipels on temp from fishnig and mens in midels atack! 



The Real Jdbye said:


> Why not do it client side in JavaScript? That way it doesn't take up server resources.


such an redrect shol not be at clint for many reason and shoul handels on server livels so is not temporarys redirec but actuals send to corects.! inportend for seos to!


----------



## SirNapkin1334 (Feb 22, 2018)

Darn.... http://sd-55944.dedibox.fr now redirects to gbatemp.net, so now I can't access the temp from the school computers :/


Costello said:


> I have now enforced HTTPS site wide except for Chinese visitors
> 
> thanks for the suggestions guys


The blocking system is exploitable, somebody actually figured out the password, and it only blocks http://, but if you connect over https://, google chrome itself blocks it, so, yeah, this is unfortunate.
Also, what is http://ftp.gbatemp.net? It seems to be the exact same but not SSL and the logins are handled separately.


----------

