[HTTPS-E Rulesets] Tweaks (2) - Lenovo, Microsoft, Quantcast, Rackspace, Scientific American, Wikipedia, WordPress

Christopher Liu cmliu00151 at gmail.com
Sun Jun 3 14:31:01 PDT 2012


To whom it may concern:

Continuing from my previous message:

Lenovo:
A downgrade rule appears to be necessary for www.lenovovision.com, for
which https connection attempts time out;
https://shop.lenovo.com/SEUILibrary/controller/e/web/LenovoPortal/en_US/special-offers.workflow:ShowPromo?LandingPage=/All/US/Portals/Products
points to it via protocol-relative URLs for some scripts.

Microsoft:
Could https://trac.torproject.org/projects/tor/ticket/5754 be a
duplicate of https://trac.torproject.org/projects/tor/ticket/4278
(these concern msdn.microsoft.com)? I don't use Chrome, so I can't
give more info.
--Could we consider removing msdn.microsoft.com or moving it to a
separate ruleset?--
The "FamilyID" exclusion may need to be made case-insensitive; I've
seen search engines give results with the all-lowercase "familyid"
(but I'm having difficulty finding an example now.)

Quantcast:
edge.quantserve.com appears to have working https. However, the 2nd
rule seems to assume it doesn't.
What exactly is the issue? (Does it have cert/protocol problems only
in some regions of the world? Was the rule written this way because
Colonel Graff's testing scripts noticed a redirection on the
homepage?)
--Could the rule in question be removed, allowing the wildcard rule to
cover this domain?--

Rackspace:
MathJax potentially uses c328740.r40.cf1.rackcdn.com (mentioned a
couple emails ago, where I suggested some new rulesets; refer to
http://www.mathjax.org/2012/05/07/news/upcoming-changes-to-the-cdn/ )
Discover Magazine uses c727752.r52.cf2.rackcdn.com for some images
(found in a slideshow on the homepage, directly to the right of the
"Latest News/Most Popular" box, e.g.
http://c727752.r52.cf2.rackcdn.com/homepage/darkmat.jpg )
These appear to work fine under the existing rules once suitable
targets are added for them.

Scientific American:
www.scientificamerican.com/media/cover/current.jpg appears not to load
successfully in https (a complete fix would need both an exclusion and
a downgrade, because www.scientificamerican.com calls it via relative
URLs but blogs.scientificamerican.com calls it via absolute URLs).
This is the cover image that appears in the upper-right-hand corner of
every page, near some links to subscription options. The actual
content of the image changes depending on what cover is current.

Wikipedia:
lists.wikimedia.org has started redirecting back to http, e.g. on
http://lists.wikimedia.org/pipermail/wikitech-l/2012-June/060896.html
Also, the periods in the exclusion should probably be escaped.

WordPress:
The domains s0.wp.com, s1.wp.com, and s2.wp.com now support https
natively and no longer need to be rewritten to s-ssl.wordpress.com.
Also, there is no longer a need to limit the rule to specific paths;
for example, the https://wordpress.com/ homepage uses the "imgpress"
feature which is not currently covered, e.g.
https://s1.wp.com/imgpress?w=222&url=http%3A%2F%2Ffarm8.staticflickr.com%2F7074%2F7181933538_dc6d57d823_z.jpg&unsharpmask=80,0.5,3
- it now works fine.

C. Liu

P.S. You may as well put my name and/or email address in a comment in
the UCSD ruleset, seeing as this has already been done for several
other rulesets.




More information about the HTTPS-Everywhere-Rules mailing list