[HTTPS-E Rulesets] More ruleset comments

Mike Cardwell https-everywhere at lists.grepular.com
Tue Sep 27 01:55:41 PDT 2011


I have addressed most of the issues in this email in my git repository.
Please pull from git://github.com/mikecardwell/https-everywhere.git

There are inline comments for Christopher regarding what has been done,
and what hasn't.

Mike

On 26/09/11 05:48, Christopher Liu wrote:

> --The following apply to rulesets shipped in stable builds--
> Bloglines and EPEAT remain broken for me, with the symptoms unchanged
> from my last report. (Reminder: The symptoms are a general connection
> failure for Bloglines and ssl_error_rx_record_too_long for EPEAT. I
> have no problem accessing these sites in plain HTTP, so I believe
> nothing is specifically blocking these sites. I haven't changed any
> configs that might specifically cause this problem.)

I have removed these rulesets.

> Dr. Web has a comment that states "includes plaintext from st. drweb.
> com," which I assume is obsoleted by the rule and target that are
> currently present for that domain. Please remove the comment if
> appropriate.

I have removed this comment.

> Flickr has recently added HTTPS support for the farm#. static. flickr.
> com servers used to hold image content. (Valid digits include at least
> 1 through 7, but I'm not sure this is comprehensive.) Such a rule is
> mainly to protect third-party use of the images - it would not fix
> mixed content on secure. flickr. com itself, on which l. yimg. com is
> the offender.

These rules already existed, except farm5 was excluded. It seems farm5
now also supports https so I have updated the ruleset.

> Concerning the Wikipedia ruleset, the second-level domain wikisource.
> org has actual wiki content. The secure equivalent is https ://
> secure. wikimedia. org/wikipedia/sources/ . This should be handled by
> a pair of rules for $ and (w|wiki)/, similar to what I submitted for
> mediawiki. org and wikimediafoundation. org, except that (www\.)?
> should not be included. (This fixes mixed content on language-specific
> Wikisources, which load some CSS/JS from wikisource. org.)

Please provide rules for this one. I don't have time at the moment to
try and figure out what is needed from this.

> --The following apply to rulesets NOT yet shipped in stable builds--
> Concerning the dev version of the UCSD ruleset, please add a trivial
> target and rule for aventeur. ucsd. edu to the first section
> ("normally https only"). ("Trivial" means "simply rewrite http to
> https on the exact domain")

Done

> Concerning my previously submitted Caltech ruleset, please add a
> trivial target and rule for tqfr. caltech. edu to the first section
> ("normally https only").

Done

> Concerning my previously submitted YouTube (partial) ruleset, please
> add "api/moderator" and "subscription" to the list of safe URL items -
> that is, the rule containing (all_comments|api/moderator|artist| ...
> ("subscription" is short for "subscription_center"; using a shorter
> word to cover possible variants/future changes. Again, this is just
> for informational purposes - I'm aware this ruleset might never be
> shipped as submitted)

	I can't find this.

> --New ruleset: Binaryturf--
> hxxp obfuscation has been used in the "from" fields of the rule
> elements to prevent hyperlinking of URL parts. Elsewhere, only
> extraneous spacing is used for this purpose. Obviously, I've left out
> some basic XML syntax for brevity / to avoid attracting suspicion from
> anti-malware systems.
> 
> target host="binaryturf. com" /
> target host="www. binaryturf. com" /
> target host="forums. binaryturf. com" /
> rule from="^hxxp://(www\.)?binaryturf\.com/" to="https :// www.
> binaryturf. com/" /
> rule from="^hxxp://forums\.binaryturf\.com/$" to="https :// www.
> binaryturf. com/forum/" /
> 
> forums. binaryturf. com is just a redirector and should not have any
> (working) subpages to the best of my knowledge.

Ruleset created.

-- 
Mike Cardwell https://grepular.com/  https://twitter.com/mickeyc
Professional  http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu   0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://lists.eff.org/pipermail/https-everywhere-rules/attachments/20110927/0e560e32/attachment.sig>


More information about the HTTPS-Everywhere-Rules mailing list