[HTTPS-Everywhere] new rule
Guy CARRÉ
guycarre at free.fr
Tue Aug 17 04:06:12 PDT 2010
----- Mail Original -----
De: "Marti Raudsepp" <marti at juffo.org>
À: "Colonel Graff" <graffatcolmingov at gmail.com>
Cc: https-everywhere at eff.org, guycarre at free.fr
Envoyé: Mardi 17 Août 2010 11h37:11 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne
Objet: Re: [HTTPS-Everywhere] new rule
On Tue, Aug 17, 2010 at 5:30 AM, Colonel Graff
<graffatcolmingov at gmail.com> wrote:
> I'm not a HTTPS dev but I just thought I'd point out that your ruleset isn't
> covering websites included in linuxfr.org i.e. http://linuxfr.org/stats/
>
> You might want to change it to
>
> <rule from = "^http://([^/:@]*)\.linuxfr\.org/([^/:@]*)([^/:@]*)"
> to = "https://$1.linuxfr.org/$2" />
Generally you should only match domains that you *know* accept
connections on HTTPS and have valid certificates.
https://www.linuxfr.org/ does not have a valid certificate because
it's only valid for "linuxfr.org" (without www). Also keep your rules
simple. The only secure subdomain that I found is "dev".
I usually write my rulesets like this:
<rule from="^http://(www\.)?linuxfr\.org" to="https://linuxfr.org"/>
<rule from="^http://dev\.linuxfr\.org" to="https://dev.linuxfr.org"/>
Regards,
Marti
Hi,
Thank for your comments. Ok it is better to do rules for websites which have valid certificate. But this site is one of my favourite and I wanted to test it and maybe it would be useful for some people. I also tried with other site like planet-libre.org but the certificate is auto-signed. This site https://www.april.org/ have a valid certificate (GANDI SAS), I think it could be integrate into HTTPS everywhere. About this site, it is a French website which promote free software (association "loi 1901") and work to defend the neutrality of the internet, it could be useful for French people or people who speak French.
Best regards,
Guy
More information about the HTTPS-everywhere
mailing list