PHP :: Bug #73813 :: Access to php.net through a company firewall

Bug #73813	Access to php.net through a company firewall
Submitted:	2016-12-26 09:24 UTC	Modified:	2017-01-16 04:44 UTC
From:	julien dot w dot dev at gmail dot com	Assigned:	levim (profile)
Status:	Closed	Package:	Website problem
PHP Version:	Irrelevant	OS:	Linux Fedora 20, Windows 10
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2016-12-26 09:24 UTC] julien dot w dot dev at gmail dot com

Description:
------------
Hello,

I have a problem accessing 'http://www.php.net/' from my company network.
A colleague of mine found that we could still access the secure version of the website (https://secure.php.net/).

We told our Sys Admin about that, he took a look and he thinks the cause is 'the HTML structure of the page'.

The company firewall raises an error saying:

"Web 2.0: Php script loaded through an img HTML tag." and there seems to be is a filter rule about that, that is not set for secure connection, thus the fact that we can still access the secure version.

Any idea what might cause that on your page?
Any other words from such a problem?

Have a nice day!

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2016-12-27 12:19 UTC] cmb@php.net

> "Web 2.0: Php script loaded through an img HTML tag." […]
>
> Any idea what might cause that on your page?

Apparently, your firewall doesn't like:

  <img src="/images/logo.php" width="48" height="24" alt="php">

[2016-12-28 09:22 UTC] julien dot w dot dev at gmail dot com

Thank you for looking into this and for the lead, I'll forward it to our Sys Admin!

Why does this PNG image have a 'php' extension anyway?

[2016-12-28 15:55 UTC] levim@php.net

This file is changed from time to time dynamically. I'd prefer to get rid of it myself especially since the elphpants caused complaints, which was the only other major change aside from it wearing a hat during the winter season.

Anyone opposed to always serving a PNG or SVG?

[2016-12-28 16:07 UTC] maggus dot staab at gmail dot com

Souldnt php.net be https only (so redirect all unencrypted traffic to a encrypted equvialent)?

That way firewalls also cannot mess with the contents..

[2016-12-28 17:10 UTC] levim@php.net

Perhaps we can work towards https on everything; historically this would have been cost prohibitive but perhaps we could use Let's Encrypt.

[2017-01-06 23:50 UTC] cmb@php.net

> Anyone opposed to always serving a PNG or SVG?

What about changing the attribute value from logo.php to
logo.(png|svg)? If we want to serve dynamic content, we could
rewrite the URL to point to an actual PHP script. Guess the
firewall would be fine with this.

[2017-01-16 04:42 UTC] krakjoe@php.net

-Assigned To: +Assigned To: levim

[2017-01-16 04:42 UTC] krakjoe@php.net

Assigning to you Levi, do as you think is best please.

[2017-01-16 04:44 UTC] levim@php.net

-Status: Assigned +Status: Closed

[2017-01-16 04:44 UTC] levim@php.net

Thank you for your bug report. This issue has already been fixed
in the latest released version of PHP, which you can download at 
http://www.php.net/downloads.php

[2017-01-16 04:44 UTC] levim@php.net

Meh, I didn't know what the text of that quick option would be; but this is fixed on live websites.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Mon Apr 29 19:01:30 2024 UTC