[HTTPS-E Rulesets] Amazon Web Services: typo, Epicmafia fix, Caltech improvement, ap-northeast-1 region

[Christopher Liu]

To whom it may concern:

(All this concerns the Amazon Web Services ruleset - two defects and
two enhancements, in that order)

In the rule that handles s3-website-us-east-1.amazonaws.com, the "to"
field appears to be missing the digit 3 (currently at line 125).
--

Regarding the Epicmafia issue
https://trac.torproject.org/projects/tor/ticket/7857 , no account is
actually needed to reproduce this; there was some broken content on
the homepage as well (but the site is currently down, so it's hard for
me to be more specific).
The offending bucket is em.css.s3.amazonaws.com ; the rewrite to
s3.amazonaws.com/em.css/ breaks some relative paths for images
specified by the stylesheets. The fix is of course to exclude the
domain.
(Sorry for not commenting on the ticket directly; should I do that too?)
--

The Caltech homepage (www.caltech.edu) uses the bucket
www-prod-storage.cloud.caltech.edu.s3.amazonaws.com for images.
Currently, this is excluded because it 301s to the us-west-1 region.
It seems possible to rewrite this to
s3-us-west-1.amazonaws.com/www-prod-storage.cloud.caltech.edu/, i.e.
<rule from="^https?://www-prod-storage\.cloud\.caltech\.edu\.s3\.amazonaws\.com/"
to="https://s3-us-west-1.amazonaws.com/www-prod-storage.cloud.caltech.edu/" />
placed before any rule that deals with *.s3.amazonaws.com generally.
(Similar fixes may be possible for the other "bloody forced
redirection" buckets once we check which region each is in...)
--

There exists an "ap-northeast-1" region which has working https. For
example, thewonder.it uses
wonder-production.s3-ap-northeast-1.amazonaws.com for image content
(it appears that the site already hardcodes https for such requests).
I am not aware of -website- or -external- existing in this region.
--

As usual, thank you for your time and help.
C. Liu