[HTTPS-E Rulesets] Fwd: icabanken.se

[Drake, Brian]

Yes, both <target> elements are required. As I understand it, they tell the
software which rulesets to process. Therefore, if you are missing the one
without “www”, then when you have a request to http://icabanken.se/, the
software won’t process this ruleset at all.

I had a quick look at the site and its cookies and there seems to be no
indication of any other subdomains.

So it would probably be a good idea to install the ruleset with the
<securecookie> tag and test it, if you haven’t done that already.

--
Brian Drake

All content created by me:
Copyright<http://www.wipo.int/treaties/en/ip/berne/trtdocs_wo001.html>©
2014 Brian Drake. All rights reserved.

On Tue, Jan 14, 2014 at 1627 (UTC), Joakim Walldén <joakim.wallden at gmail.com
> wrote:

> Thanks.
>
> So <target host="icabanken.se"/>, without “www”, must be included,
> although only www.icabanken.se is available.
>
> <ruleset name="ICABANKEN.se">
> <target host="www.icabanken.se"/>
>  <target host="icabanken.se"/>
>  <rule from="^http://icabanken\.se/" to="https://www.icabanken.se/"/>
>  <rule from="^http://www\.icabanken\.se/" to="https://www.icabanken.se/"/>
> </ruleset>
>
> Or, with the suggested combined rule:
>
> <ruleset name="ICABANKEN.se">
>  <target host="www.icabanken.se"/>
> <target host="icabanken.se"/>
>  <rule from="^http://(www\.)?icabanken\.se/" to="https://www.icabanken.se/"
> />
> </ruleset>
>
> Secure cookie, maybe
>
> <securecookie host="^(.*\.)?icabanken\.se$" name=".*" />
>
> As far as I have seen, the entire site is available over HTTPS. Most links
> on the page lead to HTTP, unless the user is logged in. However, I have the
> domain added to Chrome’s HSTS-list, and that works well. I am not aware of
> any subdomains, only www.icabanken.se.
>
> Thanks and regards,
> Joakim
>
>
> 2014/1/13 (UTC) Drake, Brian <brian at drakefamily.tk>
>
> It looks good, except that you are missing <target host="icabanken.se" />.
>>
>> Again, you could combine the rules:
>>
>> <rule from="^http://(www\.)?icabanken\.se/" to="https://www.icabanken.se/"
>> />
>>
>> This does the same thing as the separate rules, but in one rule.
>>
>> If the entire site is available over HTTPS, you should secure the cookies
>> (but I don’t have much experience myself in that area).
>>
>> <securecookie host="^(.*\.)?icabanken\.se$" name=".*" />
>>
>> Remember to consider any other subdomains of icabanken.se when you do
>> that.
>>
>> --
>> Brian Drake
>>
>> All content created by me: Copyright<http://www.wipo.int/treaties/en/ip/berne/trtdocs_wo001.html>© 2014 Brian Drake. All rights reserved.
>>
>> On Mon, Jan 13, 2014 at 1417 (UTC), Joakim Walldén <
>> joakim.wallden at gmail.com> wrote:
>>
>>> Hi,
>>>
>>> I suggest adding a ruleset for icabanken.se.
>>>
>>> <ruleset name="ICABANKEN.se">
>>>  <target host="www.icabanken.se"/>
>>>  <rule from="^http://icabanken\.se/" to="https://www.icabanken.se/"/>
>>>  <rule from="^http://www\.icabanken\.se/" to="https://www.icabanken.se/
>>> "/>
>>> </ruleset>
>>>
>>> I hope it is correctly created.
>>>
>>> Thanks and regards,
>>> Joakim
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/https-everywhere-rules/attachments/20140114/725f8e15/attachment.html>