PNG Support for PHP on OS X Yosemite

I recently upgraded to OS X Yosemite and ran into a small issue when attempting to create an image resource from a string. Here is what I am attempting to do:

  1. Parse HTML to obtain images on page
  2. Download each image
  3. Check that the image is large enough (to avoid little icon graphics/etc)
  4. Resize the image to a standard height and width

The issue is that after upgrading to OS X Yosemite the PHP build that ships with OS X does not have PNG support enabled. It’s honestly a bit surprising that this was excluded from the build. Here is the error message that I received

Warning (2): imagecreatefromstring(): No PNG support in this PHP build

Read more

Redirect to HTTPS

As part of my series on migrating a site to support HTTPS we are finally at the step where we will implement the redirect that will ensure our users are always using the HTTPS site. In this article I will show how to implement this redirect using:

  • Apache’s Mod Rewrite
  • IIS Rewrite

In the examples and instructions below I am going to be using Apache on my local Mac development environment and Windows Server 2008 R2 with IIS 7.5 for the production environment. The code for the Apache Mod Rewrite implementation can also be used if you are using Helicon’s ISAPI Rewrite module for IIS. This makes it possible to use the same .htaccess file on both my development (Mac) and production (Windows) environment.

Read more

Enabling Strict Transport Security (HSTS)

 

SSL with HSTS

I am continuing a series of articles focused on migrating a website to support HTTPS Everywhere. The goal of HTTPS Everywhere is to have the entire web be secure using the latest security and best practices. However, we also have to be aware of the possible performance implications with using HTTPS.

The first step we took to improve performance over HTTPS was to enable the keep-alive connection header. The next step we want to take now is to enable the strict transport security (HSTS) header. The HSTS header instructs your user’s browser to only connect to the current domain, and optionally all subdomains, using a secure connection.

In this article I will cover:

  • Why use HSTS?
  • Implementation in Apache and IIS
  • Testing to make sure it works

Before we get started, however, let me quickly point out that HSTS header is widely accepted by major browsers except for Internet Explorer up to 11, though Microsoft has announced that IE 12 will support HSTS.

Read more

Keep-Alive and HTTPS

Keep-Alive

As part of a series on setting up HTTPS Everywhere I am migrating a website to use HTTPS for all requests. So far we have configured the server with a SSL Certificate to serve our content via HTTPS, as well as doing some configuring of our SSL engine to ensure that we are use the latest security protocols and ciphers.

Now, we are going to fine tune our web server for HTTPS. Tuning your code and server for performance, both on the server and on the client, is important no matter if you are using HTTPS or not. However, as part of our migration to HTTPS we want to ensure that we reduce and performance issues or bottlenecks before they arise. Heck, we want to keep our load time under 1s.

Read more

HTTPS Protocols and Ciphers

 

https-protocols-ciphers

As part of a series on using HTTPS Everywhere we are migrating a website from HTTP to HTTPS. Previously we configured our web server with an SSL certificate, and we are now ready to configure the SSL engine on our server.

For this article I will mention the best practices for configuring both your Apache and IIS web server. For the IIS configuration I will be using the free IIS Crypto tool by Nartac Software.

FWIW, I am not a security expert. So, I am following the best practices as prescribed by Mozilla on their server side TLS article.

Read more

Enable HTTPS in Apache on Mac Yosemite

https-yosemite

In a previous post I showed you how to create a self-signed certificate on Mac OS X Yosemite. This is part of a series on implementing HTTPS Everywhere. If you followed along then you created the following files in the /etc/apache2/ssl folder:

  • local.example.com.crt
  • local.example.com.key

Now, we are going to go through the steps necessary to set up HTTPS on our local Apache web server:

  1. Load mod_ssl extension
  2. Include ssl config file
  3. Modify ssl config file, adding our new virtual host bound to port 443
  4. Optionally specify new testing domain in our hosts file
  5. Test and restart Apache

Read more