php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73813 Access to php.net through a company firewall
Submitted: 2016-12-26 09:24 UTC Modified: 2017-01-16 04:44 UTC
From: julien dot w dot dev at gmail dot com Assigned: levim (profile)
Status: Closed Package: Website problem
PHP Version: Irrelevant OS: Linux Fedora 20, Windows 10
Private report: No CVE-ID: None
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
21 - 7 = ?
Subscribe to this entry?

 
 [2016-12-26 09:24 UTC] julien dot w dot dev at gmail dot com
Description:
------------
Hello,

I have a problem accessing 'http://www.php.net/' from my company network.
A colleague of mine found that we could still access the secure version of the website (https://secure.php.net/).

We told our Sys Admin about that, he took a look and he thinks the cause is 'the HTML structure of the page'.

The company firewall raises an error saying:

"Web 2.0: Php script loaded through an img HTML tag." and there seems to be is a filter rule about that, that is not set for secure connection, thus the fact that we can still access the secure version.

Any idea what might cause that on your page?
Any other words from such a problem?

Have a nice day!




Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-12-27 12:19 UTC] cmb@php.net
> "Web 2.0: Php script loaded through an img HTML tag." […]
>
> Any idea what might cause that on your page?

Apparently, your firewall doesn't like:

  <img src="/images/logo.php" width="48" height="24" alt="php">
 [2016-12-28 09:22 UTC] julien dot w dot dev at gmail dot com
Thank you for looking into this and for the lead, I'll forward it to our Sys Admin!

Why does this PNG image have a 'php' extension anyway?
 [2016-12-28 15:55 UTC] levim@php.net
This file is changed from time to time dynamically. I'd prefer to get rid of it myself especially since the elphpants caused complaints, which was the only other major change aside from it wearing a hat during the winter season.

Anyone opposed to always serving a PNG or SVG?
 [2016-12-28 16:07 UTC] maggus dot staab at gmail dot com
Souldnt php.net be https only (so redirect all unencrypted traffic to a encrypted equvialent)?

That way firewalls also cannot mess with the contents..
 [2016-12-28 17:10 UTC] levim@php.net
Perhaps we can work towards https on everything; historically this would have been cost prohibitive but perhaps we could use Let's Encrypt.
 [2017-01-06 23:50 UTC] cmb@php.net
> Anyone opposed to always serving a PNG or SVG?

What about changing the attribute value from logo.php to
logo.(png|svg)? If we want to serve dynamic content, we could
rewrite the URL to point to an actual PHP script. Guess the
firewall would be fine with this.
 [2017-01-16 04:42 UTC] krakjoe@php.net
-Assigned To: +Assigned To: levim
 [2017-01-16 04:42 UTC] krakjoe@php.net
Assigning to you Levi, do as you think is best please.
 [2017-01-16 04:44 UTC] levim@php.net
-Status: Assigned +Status: Closed
 [2017-01-16 04:44 UTC] levim@php.net
Thank you for your bug report. This issue has already been fixed
in the latest released version of PHP, which you can download at 
http://www.php.net/downloads.php


 [2017-01-16 04:44 UTC] levim@php.net
Meh, I didn't know what the text of that quick option would be; but this is fixed on live websites.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Oct 31 23:01:28 2024 UTC