Jump to content
adrian

Protected/Development/Maintenance Mode

Recommended Posts

Just now, horst said:

I think, sending a 503 and "retry after" should be done everytime if the whole site is closed / protected, regardless if you call it protect mode or maintenance mode. This is important for SEO.

I think both of the modules, yours and Petes, should do that by default, when the whole site is not accessible for SearchEngines. (just my 2cents) :)

 

I'd like to hear more on your thoughts about this, because I was just finalizing incorporating your changes and I was about to add a protected vs maintenance option, because I know that many people use this module to protect a site that is always protected (it is only ever for logged in users), so I am not sure in this case that Retry-After is appropriate, because it will always be inaccessible. I don't really think 503 sounds appropriate either. If you have a site that is protected from public view then you don't care about SEO anyways :)

Is there something obvious I am missing?

Share this post


Link to post
Share on other sites

On a site that is always protected, it simply doesn't matter. :)

But on a site, where I regularly only use some single protected pages but a big part is publicly accessible, there it is better to use SEO friendly headers when closing the whole site. It is important for sites that are already indexed, and temporarily are not accessible. That's why you thought it belongs to Petes module. But when I already have installed ProtectMode and it can close down the whole site, I have maintenance mode already, or not? :)

Maybe best solution would be to offer both methods for the root page? Radio or something else for: protect | maintenance, plus a datetime via showIf for maintenance?

  • Like 4

Share this post


Link to post
Share on other sites
6 minutes ago, horst said:

Maybe best solution would be to offer both methods for the root page? Radio or something else for: protect | maintenance, plus a datetime via showIf for maintenance?

Yeah, that's essentially what I have done.

Any thoughts/experience with this:

Quote

You have to be careful with Retry-After header if you send the same timestamp to a lot of unique clients. Imagine it's 15:30 and you send Retry-After: Thu, 10 Feb 2015 15:40:00 GMT to everyone around - just because you somehow estimated that service will be up at 15:40. The longer you keep sending the same timestamp, the bigger DDoS "attack" you can expect from clients respecting Retry-After. Basically everyone will schedule retry precisely at 15:40 (obviously clocks are not perfectly aligned and network latency varies, but still), flooding your system with requests. If your system is properly designed, you might survive it. However chances are you will mitigate this "attack" by sending another fixed Retry-After header, essentially re-scheduling attack later.

That being said avoid fixed, absolute timestamps sent to multiple unique clients. Even if you know precisely when your system will become available, spread Retry-Aftervalues along some time period. Actually you should gradually let in more and more clients, so experiment with different probability distributions.

http://www.nurkiewicz.com/2015/02/retry-after-http-header-in-practice.html

What clients do you think they are referring to? I would have thought that search bots might be triggered by this, but doubt they would all hit it immediately at the Retry-After time. As for manual users - that is unlikely also. I guess I could randomize the Retry-After time somewhat - maybe at 1 minute intervals for up to 10 minutes after the entered time, but it sounds like overkill for almost all sites. I'll ignore unless you have any strong thoughts on it.

  • Like 2

Share this post


Link to post
Share on other sites

Ok, I have committed the new version.  A huge thanks to @horst for contributing this functionality.

 Here are the key new sections to the module config:

Screen Shot 2016-10-13 at 2.46.06 PM.png

@Christophe - just pinging you to make sure you see this new functionality.

  • Like 8

Share this post


Link to post
Share on other sites

Many thanks @adrian,

now I'm back again in regular update process with the module. Yep! :lol:

---------------------

18 minutes ago, adrian said:

What clients do you think they are referring to? I would have thought that search bots might be triggered by this, but doubt they would all hit it immediately at the Retry-After time. As for manual users - that is unlikely also. I guess I could randomize the Retry-After time somewhat - maybe at 1 minute intervals for up to 10 minutes after the entered time, but it sounds like overkill for almost all sites. I'll ignore unless you have any strong thoughts on it.

I think only search bots will act according to retry-after.

I have read on Googles advices on how they like to see handled maintenance mode for already indexed sites. And it was a 503 with a "retry-after" .

If the estimated timestamp is passed, I added 60 minutes to the current time and sends this. Maybe, you can add this to the explanation, that one can check "send retry-after" but without a fixed timestamp too? This way we have enough possibilities, I think.

  • Like 3

Share this post


Link to post
Share on other sites
5 hours ago, horst said:

Maybe, you can add this to the explanation, that one can check "send retry-after" but without a fixed timestamp too?

I guess what you are saying here is if you set the "Estimated End of Maintenance" to a very short time from now, then the Retry-After timestamp will be changing constantly as soon as that initial timestamp point is reached. Is that what you mean but "without a fixed timestamp"? I see that the Retry-After actually allows specifying a timestamp or a delay in seconds, but a constantly changing timestamp would essentially be the same as the "seconds delayed" approach?

  • Like 2

Share this post


Link to post
Share on other sites
4 hours ago, adrian said:

I guess what you are saying here is if you set the "Estimated End of Maintenance" to a very short time from now, then the Retry-After timestamp will be changing constantly as soon as that initial timestamp point is reached. Is that what you mean but "without a fixed timestamp"? I see that the Retry-After actually allows specifying a timestamp or a delay in seconds, but a constantly changing timestamp would essentially be the same as the "seconds delayed" approach?

Yes, thats exactly what I mean. If one specify a fixed timestamp and this point is passed, I have added a delay to the current time and passed that back. As you said, this is the same as the delayed approach, but with little overhead. This can be simplyfied: send header with fix timestamp if it is in the future, otherwise send header with delay in seconds. Maybe, the delay should be configurable too?

Share this post


Link to post
Share on other sites

Thanks @adrian for this module. It would be great if it supports multilanguage depending on the browser language. F.e. if the browser fits one of the installed languages then show the message in this language, otherwise show the default language.

  • Like 4

Share this post


Link to post
Share on other sites
7 hours ago, Juergen said:

Thanks @adrian for this module. It would be great if it supports multilanguage depending on the browser language. F.e. if the browser fits one of the installed languages then show the message in this language, otherwise show the default language.

Of course that would be a good idea! I am going to be away for the next two weeks, but I'll add it to my list to do when I get back.

Thanks for the suggestion!

  • Like 4

Share this post


Link to post
Share on other sites
On 10/17/2016 at 9:57 PM, Juergen said:

Thanks @adrian for this module. It would be great if it supports multilanguage depending on the browser language. F.e. if the browser fits one of the installed languages then show the message in this language, otherwise show the default language.

Done!

Please let me know if you have any problems and also be sure to "Like" @Can's post over here: https://processwire.com/talk/topic/5825-multi-language-support-for-module-config-fields/?do=findComment&comment=131595 because he showed me how to add ML module config settings.

  • Like 6

Share this post


Link to post
Share on other sites

Wow ! Thanks adrian. Exactly what I mean. I will try it and if there are problems I will post it here.

  • Like 1

Share this post


Link to post
Share on other sites

Hello adrian,

does this module check for the browser language? I always get the German text. I have changed my browser settings to English and German but no changes on the frontend. English and German are the installed languages in my PW.

Best regards

Share this post


Link to post
Share on other sites
1 minute ago, Juergen said:

does this module check for the browser language?

Firstly, I am still not completely au fait with all the elements of multi-language, so happy for feedback on this.

Currently it doesn't check the browser language - it checks the user language, so if you send a person a link to something like: mysite.com/en/ then you should see the english version of the message - I am assuming your default language is not english in this example, but you get the idea.

Do you think there needs to be improvements here? I haven't done much reading/experience on this, but I though that automatic language detection was not recommended, but please correct me if I am wrong and let me know the best way to do that and I'll incorporate.

Share this post


Link to post
Share on other sites

Thanks to a request from @Rudy this module now supports "Allowed Roles". This is basically the same as the option in the Page Protector module, but I thought it might be nice here as well. It allows you to limit access when in Protected Mode to a defined list of roles. 

  • Like 4

Share this post


Link to post
Share on other sites

@adrian - Very nice module! I was requested to add password / passphrase protection of a Danish site, and this module came very handy.

Background image added:

html {
	background:url('/images/background.jpg') no-repeat center center;
	min-height: 100%;
	background-size: cover;
}
body {
	min-height: 100%;
}

Transparent background color added on top of the background photo (so the text remain readable):

legend {
	background: #eee;
	opacity: 0.7;
	color: #333;
	font-weight: bold; 
	font-size: larger;
}

If you have time to spare, then I have two minor enhancement requests:

1. The TITLE tag prepends "protected :: " before the site title.
Better: Make the prepended string translateable (perhaps that's already possible somehow?).
Or, add multi-language capabilities as suggested by Juergen (I would prefer a text string tough).

2. Login with a single passphrase field
I only need one field (password / passphrase) - but the module require that I add two fields (username and password).
Better: Allow the administrator to specify a passphrase ... if the passphrase is correct then a default username and password is activated. Here is how it may work:

* Administrator creates a guest user.
* Administrator creates a passphrase and links it to the guest user.
* When end-user logs in with correct passphrase, then user is logged in as the guest user.

Share this post


Link to post
Share on other sites

Thank you for this useful module.

Please allow a minor hint: By glorious GDPR, website owners must provide a privacy policy information.

This requirement may include a login page! It's absurd, I know, but even when visiting the login page, personal data (the IP address *sigh*)  is stored in the log file. Judges defined this as collecting personal data, web site owners have to inform about.

Just to let you know, so a sensitive client is not put at "risk".

  • Like 1

Share this post


Link to post
Share on other sites

@bartelsmedia - thanks for the heads up. I think you can achieve your needs quite easily via the "Login Template" option. Hope that helps.

@SwimToWin  - sorry I let your post go by un-noticed. I am afraid I don't really have the need (and hence the time) to add a single passphrase option, but I am certainly open to a PR if you're willing.

A tad OT, but I think PW needs to start fostering a culture of providing PRs more often than requests for features (both in 3rd party modules and in the core). This is absolutely not directed at you personally - I just feel like we need more contributors across the board because there are too few people being spread way too thin.

  • Like 2

Share this post


Link to post
Share on other sites

Hello,

strange behavior. This modul worked fine since activated 10 days ago. But all of sudden it stopped working. User can see the page even not logged in. Nothing has changed since.
Is there a cache-something-issue or anything else that might cause the problem?

Best,
Stefan

Share this post


Link to post
Share on other sites

Hi @sww - I really don't know what the issue might be. I would need to start debugging the steps in the module to see where / why it's not showing the login form. Can you try to investigate? If not, if you PM me login details for the site, I'd be happy to take a look.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By teppo
      Needed a really simple solution to embed audio files within page content and couldn't find a module for that, so here we go. Textformatter Audio Embed works a bit like Textformatter Video Embed, converting this:
      <p>https://www.domain.tld/path/to/file.mp3</p> Into this:
      <audio controls class="TextformatterAudioEmbed"> <source src="https://www.domain.tld/path/to/file.mp3" type="audio/mpeg"> </audio> The audio element has pretty good browser support, so quite often this should be enough to get things rolling 🙂
      GitHub repository: https://github.com/teppokoivula/TextformatterAudioEmbed Modules directory: https://modules.processwire.com/modules/textformatter-audio-embed/
    • By Richard Jedlička
      Tense    
      Tense (Test ENvironment Setup & Execution) is a command-line tool to easily run tests agains multiple versions of ProcessWire CMF.
      Are you building a module, or a template and you need to make sure it works in all supported ProcessWire versions? Then Tense is exactly what you need. Write the tests in any testing framework, tell Tense which ProcessWire versions you are interested in and it will do the rest for you.

      See example or see usage in a real project.
      How to use?
      1. Install it: 
      composer global require uiii/tense 2. Create tense.yml config:
      tense init 3. Run it:
      tense run  
      For detailed instructions see Github page: https://github.com/uiii/tense
       
      This is made possible thanks to the great wireshell tool by @justb3a, @marcus and others.
       
      What do you think about it? Do you find it useful? Do you have some idea? Did you find some bug? Tell me you opinion. Write it here or in the issue tracker.
    • By Chris Bennett
      Hi all, I am going round and round in circles and would greatly appreciate if anyone can point me in the right direction.
      I am sure I am doing something dumb, or missing something I should know, but don't. Story of my life 😉

      Playing round with a module and my basic problem is I want to upload an image and also use InputfieldMarkup and other Inputfields.
      Going back and forth between trying an api generated page defining Fieldgroup, Template, Fields, Page and the InputfieldWrapper method.

      InputfieldWrapper method works great for all the markup stuff, but I just can't wrap my head around what I need to do to save the image to the database.
      Can generate a Field for it (thanks to the api investigations) but not sure what I need to do to link the Inputfield to that. Tried a lot of stuff from various threads, of varying dates without luck.
      Undoubtedly not helped by me not knowing enough.

      Defining Fieldgroup etc through the api seems nice and clean and works great for the images but I can't wrap my head around how/if I can add/append/hook the InputfieldWrapper/InputfieldMarkup stuff I'd like to include on that template as well. Not even sure if it should be where it is on ___install with the Fieldtype stuff or later on . Not getting Tracy errors, just nothing seems to happen.
      If anyone has any ideas or can point me in the right direction, that would be great because at the moment I am stumbling round in the dark.
       
      public function ___install() { parent::___install(); $page = $this->pages->get('name='.self::PAGE_NAME); if (!$page->id) { // Create fieldgroup, template, fields and page // Create new fieldgroup $fmFieldgroup = new Fieldgroup(); $fmFieldgroup->name = MODULE_NAME.'-fieldgroup'; $fmFieldgroup->add($this->fields->get('title')); // needed title field $fmFieldgroup->save(); // Create new template using the fieldgroup $fmTemplate = new Template(); $fmTemplate->name = MODULE_NAME; $fmTemplate->fieldgroup = $fmFieldgroup; $fmTemplate->noSettings = 1; $fmTemplate->noChildren = 1; $fmTemplate->allowNewPages = 0; $fmTemplate->tabContent = MODULE_NAME; $fmTemplate->noChangeTemplate = 1; $fmTemplate->setIcon(ICON); $fmTemplate->save(); // Favicon source $fmField = new Field(); $fmField->type = $this->modules->get("FieldtypeImage"); $fmField->name = 'fmFavicon'; $fmField->label = 'Favicon'; $fmField->focusMode = 'off'; $fmField->gridMode = 'grid'; $fmField->extensions = 'svg png'; $fmField->columnWidth = 50; $fmField->collapsed = Inputfield::collapsedNever; $fmField->setIcon(ICON); $fmField->addTag(MODULE_NAME); $fmField->save(); $fmFieldgroup->add($fmField); // Favicon Silhouette source $fmField = new Field(); $fmField->type = $this->modules->get("FieldtypeImage"); $fmField->name = 'fmFaviconSilhouette'; $fmField->label = 'SVG Silhouette'; $fmField->notes = 'When creating a silhouette/mask svg version for Safari Pinned Tabs and Windows Tiles, we recommend setting your viewbox for 0 0 16 16, as this is what Apple requires. In many cases, the easiest way to do this in something like illustrator is a sacrificial rectangle with no fill, and no stroke at 16 x 16. This forces the desired viewbox and can then be discarded easily using something as simple as notepad. Easy is good, especially when you get the result you want without a lot of hassle.'; $fmField->focusMode = 'off'; $fmField->extensions = 'svg'; $fmField->columnWidth = 50; $fmField->collapsed = Inputfield::collapsedNever; $fmField->setIcon(ICON); $fmField->addTag(MODULE_NAME); $fmField->save(); $fmFieldgroup->add($fmField); // Create: Open Settings Tab $tabOpener = new Field(); $tabOpener->type = new FieldtypeFieldsetTabOpen(); $tabOpener->name = 'fmTab1'; $tabOpener->label = "Favicon Settings"; $tabOpener->collapsed = Inputfield::collapsedNever; $tabOpener->addTag(MODULE_NAME); $tabOpener->save(); // Create: Close Settings Tab $tabCloser = new Field(); $tabCloser->type = new FieldtypeFieldsetClose; $tabCloser->name = 'fmTab1' . FieldtypeFieldsetTabOpen::fieldsetCloseIdentifier; $tabCloser->label = "Close open tab"; $tabCloser->addTag(MODULE_NAME); $tabCloser->save(); // Create: Opens wrapper for Favicon Folder Name $filesOpener = new Field(); $filesOpener->type = new FieldtypeFieldsetOpen(); $filesOpener->name = 'fmOpenFolderName'; $filesOpener->label = 'Wrap Folder Name'; $filesOpener->class = 'inline'; $filesOpener->collapsed = Inputfield::collapsedNever; $filesOpener->addTag(MODULE_NAME); $filesOpener->save(); // Create: Close wrapper for Favicon Folder Name $filesCloser = new Field(); $filesCloser->type = new FieldtypeFieldsetClose(); $filesCloser->name = 'fmOpenFolderName' . FieldtypeFieldsetOpen::fieldsetCloseIdentifier; $filesCloser->label = "Close open fieldset"; $filesCloser->addTag(MODULE_NAME); $filesCloser->save(); // Create Favicon Folder Name $fmField = new Field(); $fmField->type = $this->modules->get("FieldtypeText"); $fmField->name = 'folderName'; $fmField->label = 'Favicon Folder:'; $fmField->description = $this->config->urls->files; $fmField->placeholder = 'Destination Folder for your generated favicons, webmanifest and browserconfig'; $fmField->columnWidth = 100; $fmField->collapsed = Inputfield::collapsedNever; $fmField->setIcon('folder'); $fmField->addTag(MODULE_NAME); $fmField->save(); $fmFieldgroup->add($tabOpener); $fmFieldgroup->add($filesOpener); $fmFieldgroup->add($fmField); $fmFieldgroup->add($filesCloser); $fmFieldgroup->add($tabCloser); $fmFieldgroup->save(); /////////////////////////////////////////////////////////////// // Experimental Markup Tests $wrapperFaviconMagic = new InputfieldWrapper(); $wrapperFaviconMagic->attr('id','faviconMagicWrapper'); $wrapperFaviconMagic->attr('title',$this->_('Favicon Magic')); // field show info what $field = $this->modules->get('InputfieldMarkup'); $field->name = 'use'; $field->label = __('How do I use it?'); $field->collapsed = Inputfield::collapsedNever; $field->icon('info'); $field->attr('value', 'Does this even begin to vaguely work?'); $field->columnWidth = 50; $wrapperFaviconMagic->add($field); $fmTemplate->fields->add($wrapperFaviconMagic); $fmTemplate->fields->save(); ///////////////////////////////////////////////////////////// // Create page $page = $this->wire( new Page() ); $page->template = MODULE_NAME; $page->parent = $this->wire('pages')->get('/'); $page->addStatus(Page::statusHidden); $page->title = 'Favicons'; $page->name = self::PAGE_NAME; $page->process = $this; $page->save(); } }  
    • By Sebi
      Since it's featured in ProcessWire Weekly #310, now is the time to make it official:
      Here is Twack!
      I really like the following introduction from ProcessWire Weekly, so I hope it is ok if I use it here, too. Look at the project's README for more details!
      Twack is a new — or rather newish — third party module for ProcessWire that provides support for reusable components in an Angular-inspired way. Twack is implemented as an installable module, and a collection of helper and base classes. Key concepts introduced by this module are:
      Components, which have separate views and controllers. Views are simple PHP files that handle the output for the component, whereas controllers extend the TwackComponent base class and provide additional data handling capabilities. Services, which are singletons that provide a shared service where components can request data. The README for Twack uses a NewsService, which returns data related to news items, as an example of a service. Twack components are designed for reusability and encapsulating a set of features for easy maintainability, can handle hierarchical or recursive use (child components), and are simple to integrate with an existing site — even when said site wasn't originally developed with Twack.
      A very basic Twack component view could look something like this:
      <?php namespace ProcessWire; ?> <h1>Hello World!</h1> And here's how you could render it via the API:
      <?php namespace Processwire; $twack = $modules->get('Twack'); $hello = $twack->getNewComponent('HelloWorld'); ?> <html> <head> <title>Hello World</title> </head> <body> <?= $hello->render() ?> </body> </html> Now, just to add a bit more context, here's a simple component controller:
      <?php namespace ProcessWire; class HelloWorld extends TwackComponent { public function __construct($args) { parent::__construct($args); $this->title = 'Hello World!'; if(isset($args['title'])) { $this->title = $args['title']; } } } As you can see, there's not a whole lot new stuff to learn here if you'd like to give Twack a try in one of your projects. The Twack README provides a really informative and easy to follow introduction to all the key concepts (as well as some additional examples) so be sure to check that out before getting started. 
      Twack is in development for several years and I use it for every new project I build. Also integrated is an easy to handle workflow to make outputs as JSON, so it can be used to build responses for a REST-api as well. I will work that out in one section in the readme as well. 
      If you want to see the module in an actual project, I have published the code of www.musical-fabrik.de in a repository. It runs completely with Twack and has an app-endpoint with ajax-output as well.
      I really look forward to hear, what you think of Twack🥳!
      Features Installation Usage Quickstart: Creating a component Naming conventions & component variants Component Parameters directory page parameters viewname Asset handling Services Named components Global components Ajax-Output Configuration Versioning License Changelog
    • By Robin S
      Page Reference Default Value
      Most ProcessWire core inputfield types that can be used with a Page Reference field support a "Default value" setting. This module extends support for default values to the following core inputfield types:
      Page List Select Page List Select Multiple Page Autocomplete (single and multiple) Seeing as these inputfield types only support the selection of pages a Page List Select / Page List Select Multiple is used for defining the default value instead of the Text / Textarea field used by the core for other inputfield types. This makes defining a default value a bit more user-friendly.
      Note that as per the core "Default value" setting, the Page Reference field must be set to "required" in order for the default value to be used.
      Screenshot

       
      https://github.com/Toutouwai/PageReferenceDefaultValue
      https://modules.processwire.com/modules/page-reference-default-value/
×
×
  • Create New...