[HTTPS-E Rulesets] bug in the wikipedia rule

Greg Lindahl greg at blekko.com
Mon May 6 12:01:25 PDT 2013 

Hm, looks like "www.en" was fixed a while ago.

However, it appears to me that mobile sites like en.m.wikipedia.org
are not transformed by the current rule -- but
https://en.m.wikipedia.org/ works fine. The domains in the cert ought
to be a good starting point for what will work.

-- greg

On Sat, May 04, 2013 at 08:35:49PM -0700, Greg Lindahl wrote:
> <rule from="^http://([^@:/]+\.)?wik(ipedia|inews|isource|ibooks|iquote|iversity|tionary|imedia|idata)\.org/" to="https://$1wik$2.org/"/>
> 
> Now consider this url 
> 
> http://www.en.wikipedia.org/wiki/Guy_Gavriel_Kay
> 
> which is a redir to
> 
> http://en.wikipedia.org/wiki/Guy_Gavriel_Kay
> 
> The above rule matches www.en as $1, and generates
> https://www.en.wikipedia.org/...
> 
> Firefox throws a security error for https://www.en.wikipedia.org and
> tells me I'm not matching the cert. The cert is good for:
> 
> *.wikipedia.org , wikipedia.org , m.wikipedia.org ,
> *.m.wikipedia.org , wikibooks.org , m.wikibooks.org , *.wikibooks.org ,
> *.m.wikibooks.org , wikidata.org , m.wikidata.org , *.wikidata.org ,
> *.m.wikidata.org , wikimedia.org , m.wikimedia.org , *.wikimedia.org ,
> *.m.wikimedia.org , wikimediafoundation.org ,
> m.wikimediafoundation.org , *.wikimediafoundation.org ,
> *.m.wikimediafoundation.org , wikinews.org , m.wikinews.org ,
> *.wikinews.org , *.m.wikinews.org , wikiquote.org , m.wikiquote.org ,
> *.wikiquote.org , *.m.wikiquote.org , wikisource.org ,
> m.wikisource.org , *.wikisource.org , *.m.wikisource.org ,
> wikiversity.org , m.wikiversity.org , *.wikiversity.org ,
> *.m.wikiversity.org , wikivoyage.org , m.wikivoyage.org ,
> *.wikivoyage.org , *.m.wikivoyage.org , wiktionary.org ,
> m.wiktionary.org , *.wiktionary.org , *.m.wiktionary.org ,
> mediawiki.org , *.mediawiki.org , m.mediawiki.org , *.m.mediawiki.org
> 
> I've never known what * means in this context, but presumably Firefox
> is correct that * doesn't allow periods. So *.wikipedia.org does
> not match www.en.wikipedia.org.
> 
> I suspect that this won't be tripped on very often, but pity the user
> who does! Given the cert, this rule ought to be correct:
> 
> <rule from="^http://([^@:/.]+\.)?wik(ipedia|inews|isource|ibooks|iquote|iversity|tionary|imedia|idata)\.org/" to="https://$1wik$2.org/"/>
> <rule from="^http://([^@:/.]+\.m\.)?wik(ipedia|inews|isource|ibooks|iquote|iversity|tionary|imedia|idata)\.org/" to="https://$1wik$2.org/"/>
> 
> Basically, don't allow period in the set, and add m as a domain that's
> allow to go deeper.
> 
> -- greg
> 
>

More information about the HTTPS-Everywhere-Rules mailing list