security

On this tutorial I will show you how to configure your Pound proxy server so it can take advantage of the awesome SSL service provided by Let's Encrypt.

Let's Encrypt is an open-source certificate authority that issues SSL certificates for free making use of the ACME protocol, making possible to obtain trusted certificates for your websites and operate under HTTPS:// with no browser warnings and securing your content of course.

The services also provides a command line tool called Certbot, that can be easily installed on any Linux OS and it will help creating the necessary steps in…
Read more

Update: I have updated this tutorial to a latest release of Varnish, read here.

By default, Varnish does not work and it will never work with HTTPS requests it only understands plain HTTP. This means, that on mixed content websites, sites serving HTTPS and HTTP pages, the secure pages won't be or cannot be cached on Varnish reducing the load time compared to the non-secure version of the page for example.
There are many sites that offer lots of static content through HTTPS that can definitely be cached using Varnish and in order to do so we need to implement an extra layer before any…
Read more

And this happens with Drupal too!

When creating a node that has for instance a field where you place the embedded code of a youtube video, once submitted the add form, on Chrome the video does not get displayed unless you refresh the page. Basically this is how Chrome prevents XSS attacks.

What i did to solve this momentarily ( workaround) is adding a Javascript refresh page condition on my template.php:



function my_theme_preprocess_html(&$variables) {
// on chrome we need to reaload the page so the uploaded video can be shown
// this is due how Chrome prevents XSS (cross…
Read more