CloudFlare Flexible SSL Redirect Loop Fix For WordPress / IIS

So you are hosting a WordPress Blog running on IIS (Internet Information Services) which is behind CloudFlare CDN (Content Distribution Network) and you want to enable CloudFlare’s free Flexible SSL so your WordPress Blog can be accessed over https. You have tried to set this up, however have ended up with an annoying a redirect loop leaving your WordPress Blog inaccessible, here is how to fix that redirect loop.

CloudFlare Flexible SSL Setup for WordPress Running On IIS:

  1. Log in to CloudFlare and find your domain
  2. Click the settings cog next to it and select “Cloudflare Settings”
  3. Scroll down to SSL and enable Flexible SSL

cloudflare-flexible-ssl

Next in your WordPress Admin Panel:

  1. Go to Settings
  2. Change your blogs URL’s from http:// to https://

wordpress-cloudflare-https-settings

You will have now forced WordPress to use https:// however you will find you now have the infamous redirect loop error.

Fix WordPress / CloudFlare Flexible SSL Redirect Loops:

  1. Open your wp-settings.php file and find the line which says require_once(ABSPATH . ‘wp-settings.php’)
  2. Before this line add the following code:
// Force Admin Login To SSL
define('FORCE_SSL_ADMIN', true); 
// CloudFlare SSL Fix
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') { 
$_SERVER['HTTPS']='on'; 
}
else {
$_SERVER['HTTPS'] = false;
} 
define('WP_SITE_URI', ($_SERVER["HTTPS"]?"https://":"http://").$_SERVER["HTTP_HOST"]);
define('WP_SITEURI', ($_SERVER["HTTPS"]?"https://":"http://").$_SERVER["HTTP_HOST"]);
define("WP_CONTENT_URL", WP_SITE_URI . "/wp-content");                   
define("WP_CONTENT_URL", WP_SITE_URI . "/wp-content");

Add these after the require_once(ABSPATH . ‘wp-settings.php’) line:

wp_cache_set("siteurl_secure", "https://" . $_SERVER["SERVER_NAME"], "options");
wp_cache_set("home", WP_SITE_URI, "options");
wp_cache_set("siteurl", WP_SITE_URI, "options");

That should fix your WordPress / Cloudflare redirect loop problems when accessing your WordPress blog from behind Cloudflare, now you simply need to force all connections to your blog to use https, to do this:

  1. Log in to CloudFlare and find your domain
  2. Click the settings cog next to it and select “Page Rules”
  3. Select always use https
  4. enter *yourdoamin.com* for the rule patterns, in this example i entered *matthill.eu*
  5. Click add rule

wordpress-cloudflare-https-redirect

All your old http:// url’s will now 301 redirect to the https:// URL’s.

The 301 redirect tells Google and other search engines that the page has moved permanently.

Note: if you do not wish to force https on sub domains enter yourdoamin.com* for the page rule on Cloudflare instead.

That’s it, your WordPress Blog should now be working fine with CloudFlare Flexible SSL.

You can test your SSL setup with Qualys SSL Test, matthill.eu got a grade “A” test result, which is the highest you can obtain.

ssl-test-results

A Good Reason To Block Adverts?

The Problem with adverts on Google search results

I’m someone who uses Google Adsense on a website I own, the adverts cover the server and software costs of running the website, leaving me a bit of extra cash for myself, which i usually spend on things to create more content / reviews for the website i have. With that in mind i generally don’t mind seeing the odd advert here and there, as long as the website is not covered with them.

However on to what this blog post is about… What i do think is really concerning is that if you Google some free software, for example Adobe Reader, the advert above the first result always appears to be an advert for a malicious download of that application. When installed this malicious download will install loads of ad-ware, spyware  and other malicious software you really don’t want on your computer.

Below is a screenshot of the search results on Google UK when “adobe reader” has been searched for. If you look at the URL for that advert below its clearly not an official link from Adobe. However companies appear to be using Google Adwords to trick people in to downloading their malicious software.

Fake Adobe Reader Advert

An example of a fake Adobe Reader advert

I imagine its pretty well known people generally click the advert at the top of search results, and not the first organic search result. With that in mind i wonder how many people think they are downloadinga legitimate version of Adobe Reader and end up infecting their computer with spyware, keyloggers or ad aware? PDF’s are pretty much the standard way of sending a document to someone, for example an Invoice, so this appears a very easy way to get malicious software on to someone’s computer.

It works too as i’ve seen it happen, which is the whole reason im making this blog post. Maybe this is not anything new, however as i usually block adverts in search results, so its certainly something i don’t see every day.

The Story:

Someone I know had got a new laptop, I was setting it up with a few programs for them. Anyway I left the new laptop updating (foolishly with this person), about half an hour later this person came and said “I thought i installed adobe reader, now my laptop is full of tool bars and security scanning programs”. So i went and had a look, then asked the person to show me how Adobe Reader was obtained.

Basically the person went on Google, searched for “Adobe Reader“, clicked the first result and downloaded it.

Sure enough, this is what clicking the first paid result on Google for Adobe Reader take you to:

Fake Adobe Reader Website

A website offering a download of Adobe Reader, which is actually a lot of fake security scanning programs.

To be fair to the person in question. how is your average person who is not very tech savvy supposed to know the first download result on Google is malicious? The above website has the Adobe Reader logo the person had seen before, screenshots of how the application looked, along with a good enough description.

Did this person just get unlucky?

You might think this person just got unlucky, well that screen shot was taken in October 2013, its now February 2014 and if you Google “Adobe Reader” the first paid for result still takes you to the exact same website in the screenshot above. I don’t want to link to any malicious websites like that, however do a search and see for your self.

The same also happens if you search for “Skype download” on Google, this time you are shown three adverts, all linking to supposed downloads of Skype which are actually malicious. Again the screenshot below was taken in October 2013, the exact same results are still displayed in February 2014:

Fake Skype Advert

A screenshot showing adverts for malicious Skype downloads on Google

So what about when we search for some Google Software, such as the popular web browser Google Chrome? well the first paid result on Google for that is also a link to a malicious download too…

Google Chrome Fake Advert

A screenshot showing a malicious download of Google Chrome

With the Google Chrome link if you scroll right to the bottom of the quite large fake webpage about it, the site is honest and states:

Modified Installer (website name removed) is distributing custom installers which are different from the originally available distribution. These new installers comply with the original software manufacturers’ policies and terms & conditions, however, they are not the originals. Our proprietay download manager will manage the installation of your chosen software. In addition to managing your download and installation, our proprietay download manager will offer free popular software that you may be interested in. You are not required to install any additional software to complete your installation of your selected software. You can always completely remove the programs at any time in Windows’ Add/Remove Programs.

I would however be amazed if anyone is going to read the entire page and see that however. I still dont personally see how adverts like this are been approved by Google. I know from past experiences of running Google Ad-Word campaigns i’ve had to wait a few hours for my adverts to be approved. With that in mind i would think at least some sort of verification is going on after an advert has been created on Google Adwords.

Without taking a million and one screenshots you will also find the same sort of thing going on if you search for other popular free software such as “Winamp”, “Google Earth Download” and various other free applications.

So is this a good enough reason to justify blocking adverts? well to be honest your average computer user is probably safer on the internet with an ad blocker enabled, however as mobile devices and tablets are becoming more popular these malicious websites targeting Windows based PC’s are not going to have any effect.

Regardless I think if your not a very tech savvy user you probably are safer blocking adverts in my opinion, however if you use a certain website a lot i do believe you should white list that website and see the adverts on it. If everyone on the internet blocked adverts a lot of popular website probably would not be able to afford to stay on-line. I guess its one of those catch 22 situations where something is been abused for malicious purposes.

TP-Link TG-3468 Network Adapter Review

The TP-Link TG-3468 Box

The TP-Link TG-3468 is a cheap PCI Express (1x) gigabit network card currently retailing for £5.98 on Amazon UK, the question i was wondering when purchasing the TP-Link TG-3468 was is this network card actually any good? The TP-Link TG-3468 appeared to get generally positive reviews on Amazon, however some of them did contradict each other. To cut a long story short it works fantastic on Windows 8.1 x64, however read on if your wanting to know a little more.

Installing the TP-Link TG-3468 Network Adapter

Really its quite hard to say anything here other than it just works, i placed the TP-Link TG-3468 in a spare PCI express slot, power on my PC and that was that. Windows 8.1 booted and i had a network connection as soon as Windows had booted to the desktop. I didn’t have to even download any drivers. Windows 8.1 recognised the TP-Link TG-3468 as a Realtek PCIe GBE Family Controller and installed a driver from the 10/05/2013.

TP-Link TG 3468 Drivers   Drivers on a CD included with the TP-Link TG-3468 support Windows XP, Vista (32bit and 64bit editions), Windows 7 (32bit and 64bit editions), however any Windows OS after XP will simply have drivers or download them from Windows Update. So needless to say if you have a version of Windows released in the last 12 years this Network Adapter will just work. I can even confirm it works with Windows Server 2008 R2 and Windows Server 2012 R2. Apparently various Linux distributions also have support out the box too.

TP-Link TG-3468 File Transfer Speeds

With the TP-Link TG-3468 i was able to copy files from my Windows Server 2012 R2 server to my Windows 8 PC at 93MB/s or 744mbps. I have no doubght the only limitation here is likely the hard drives i was copying from / to. I was copying from a Western Digital Green 4TB  5900rpm SATA3 hard drive to a Western Digital 500GB Green 5900rpm SATA3 hard drive. I’m sure with a faster drive the card would have been pretty much maxed out. Although 93MB/s is a lot higher than any of the reviews mentioned on Amazon. So basically if you wish to move large files around on your network the  TP-Link TG-3468 will do the job perfectly.

TP-Link TG 3468 Network Transfer Speed

Supported Features on the TP-Link TG-3468 Network Adapter

  • ARP Offload
  • Flow Control
  • Interrupt Moderation
  • Jumbo Frames (9KB)
  • Large Send Offload V2 (IPV4 and IPV6)
  • NS Offload
  • Priority and VLAN
  • Receive Buffers
  • Wake On Lan
  • Speed and Duplex
  • TCP Checksum Offload (IPV4 and IPV6)
  • Transmit Buffers
  • UDP Checksum Offload (IPV4 and IPV6)
  • Wake on Magic Packet
  • Wake on pattern match
  • WOL & Shutdown Link Speed

Something else worth mentioning here is that some Amazon reviews stated only 4K jumbo frames were supported, however i can select up to 9K.

TP-Link TG-3468 9KB Jumbo Frames

That’s about it really, in conclusion i don’t think for £6 you will be disappointed with the TP-Link TG-3468, it should be a great network card for the majority of people.

The TP-Link TG-3468 can be purchased from Amazon UK.