The new features

  • Zverinetz

    (@dimivoronov)


    6 years ago

    Hello,

    Thank you for the great and very useful plugin. Just wanted to ask you to add a few new features:
    1. Would be great if the plugin will appears the site is reached through a proxy server. In case when a user uses ‘Enabled web service’ for convertation.
    2. Will be a very useful if the process with converting an existing images in the Media – could have a manual mode or at least a visual bar. I had some problems with ‘0 bytes’ of converted webp files.
    3. And of course – Multisite supporting.

    Thank you for your good job.

    Regards,
    Dimi.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author rosell.dk

    (@roselldk)

    Hi Dimi,

    I don’t quite follow you on point 1… Can you explain it again with other words? Thanks

    Thread Starter Zverinetz

    (@dimivoronov)

    Hi Bj?rn,

    Sure, let me explain:
    by default, Apache puts the address of the caller in the REMOTE_ADDR variable, but when the reverse proxy works there is always the address of the reverse proxy itself…
    On the correct reverse proxy settings the next variables creating: X-Real-IP, X-Forwarded-For, X-Forwarded-Proto. So they contains information about the real client and the protocol through which it operates. (More details here: https://en.wikipedia.org/wiki/X-Forwarded-For)

    I am using one of your best plugin’s ‘Web service’ feature.
    But the problem is that my site is behind a proxy and has an internal IP on it. And generated link through your plugin – always is on external IP. Surelly I can only use ‘*’ (for all IPs) – but in this case the plugin’s service will be accessible from any IP from the web.

    So would be great to have an option, something like this:
    Site connection option:
    (?) It appears the site is reached through a proxy server (proxy IP: 192.168.0.1, your IP: 8.8.8.8)
    Direct connection [ ]
    From behind a reversy proxy [v]

    Please let me know if all above was helped to understand what I meant.

    Thanks

    • This reply was modified 6 years ago by Zverinetz.
    • This reply was modified 6 years ago by Zverinetz.
    • This reply was modified 6 years ago by Zverinetz.
    • This reply was modified 6 years ago by Zverinetz. Reason: corrections
    • This reply was modified 6 years ago by Zverinetz. Reason: links added
    Plugin Author rosell.dk

    (@roselldk)

    Ok, I get it now. Thank you for elaborating.

    Actually, the API key should be enough protection, as long as you keep it secret, and trust the security and the webmasters of the sites that are connecting to your server. The api key and the crypt option are doing the real job of guarding against exploitation. The IP filter is just an extra thin layer, but no real shield, because IP’s can be spoofed.

    I have considered adding info about how many conversions each site has asked for. And perhaps limits to each (ie max conversions per hour / max simultaneous conversions / max total conversions). As long as the sites that uses the service falls back to showing original image on conversion failure, it would work. The limits and status could be communicated, so the clients could fail early – to avoid uploading images that will be rejected. But as you can hear, it gets a little complicated. A simpler scheme is to have these limits just on a global level, to avoid sudden peaks of heavy load, such when a page with many big unconverted images is requested.

    Next thing on the way is a new converter, which calls imagick binary directly (on systems where it is installed). There might be some sites out there, where that will work, but cwebp and imagick extension does not.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘The new features’ is closed to new replies.