[HTTPS-Everywhere] What does "([^/:@\.]+)\" and "$1" do?

Victor Garin vic.garin at gmail.com
Wed Aug 17 06:36:10 PDT 2011 

Oh and the http only url still works with the below rule

http://ca.movies.netflix.com/WiHome

<ruleset name="NetflixAll">
  <target host="netflix.com" />
  <target host="*.netflix.com" />
  <rule from="^http://(([^/:@\.]+\.)*)netflix\.com/"
to="https://$1netflix.com" />
</ruleset>

On Wed, Aug 17, 2011 at 6:34 AM, Victor Garin <vic.garin at gmail.com> wrote:
> So I was testing the new rule you suggested, to force unlimited
> subdomains on Netflix (see "Add Netflix sub-sub domain support i.e.
> ca.movies.netflix.com (Netflix Canada)" -
> https://mail1.eff.org/pipermail/https-everywhere-rules/2011-July/000429.html
> ):
>
> <ruleset name="NetflixAll">
>  <target host="netflix.com" />
>  <target host="*.netflix.com" />
>  <rule from="^http://(([^/:@\.]+\.)*)netflix\.com/"
> to="https://$1netflix.com" />
> </ruleset>
>
> But then after logging in I get this url:
>
> https://movies.netflix.comwihome/
>
> I don't suppose you have a Netflix US or Canadian account to test this?
>
> On Wed, Aug 17, 2011 at 6:01 AM, Andrew Sillers <apsillers at gmail.com> wrote:
>> Remove the first period in the "to" expression.
>> Also, I just realized that when using the * to match unlimited subdomains,
>> the backreference $1 will only yield the rightmost subdomain.  If you need
>> unlimit subdomain matching, do:
>> <rule from="^http://(([^/:@\.]+\.)*)faxzero\.com/"
>> to="https://$1faxzero.com" />
>> Just add an another set of parentheses around the sudomain expression and
>> the star.
>>
>> On Wed, Aug 17, 2011 at 8:53 AM, Victor Garin <vic.garin at gmail.com> wrote:
>>>
>>> <rule from="^http://([^/:@\.]+\.)*faxzero\.com/"
>>> to="https://$1.faxzero.com" />
>>>
>>> causes redirect to:
>>>
>>> https://.faxzero.com/
>>>
>>> But I don't want there to be a dot before the main domain if there is
>>> no subdomain.
>>>
>>> =============
>>>
>>> >> What does "(www\.)?" do?
>>> >
>>> > This allows you to go to both google.com and www.google.com and either
>>> > way
>>> > find yourself at encrypted.google.com (which is HTTPS).
>>> > The ? says that the preceding item should be matched 0 or 1 times.
>>> >
>>> >>
>>> >> Removing the www from all the rulesets will still work right?
>>> >>
>>> > Not when you type in www.google.com
>>> >>
>>> >>
>>>
>>> So is there a way to write a rule that forces it on all subdomains, no
>>> exceptions?
>>>
>>> A simple asterix * should be able to do the trick; so a rule written
>>> in a simple form should look like this:
>>>
>>> <rule from="http://*faxzero.com/" to="https://*faxzero.com" />
>>>
>>> But I am sure it won't work. Can you explain why?
>>>
>>> On Wed, Aug 17, 2011 at 5:45 AM, Colonel Graff
>>> <graffatcolmingov at gmail.com> wrote:
>>> >
>>> >
>>> > On Wed, Aug 17, 2011 at 8:39 AM, Victor Garin <vic.garin at gmail.com>
>>> > wrote:
>>> >>
>>> >> You mean like this:
>>> >>
>>> >> <ruleset name="FaxZero">
>>> >>  <target host="faxzero.com" />
>>> >>  <target host="*.faxzero.com" />
>>> >>  <rule from="^http://([^/:@\.]+\.)*.faxzero\.com/"
>>> >> to="https://$1.faxzero.com/"/>
>>> >> </ruleset>
>>> >>
>>> > Try
>>> > <rule from="^http://([^/:@\.]+\.)*faxzero\.com/"
>>> > to="https://$1.faxzero.com"
>>> > />
>>> >>
>>> >> The above rule still does not work.
>>> >>
>>> >> Also, now the green check box does show up in HTTPS Everywhere when I
>>> >> go to faxzero.com.
>>> >>
>>> >> ---------------
>>> >>
>>> >> Also why do most of the rules have this: "(www\.)?"
>>> >>
>>> >> What does "(www\.)?" do?
>>> >
>>> > This allows you to go to both google.com and www.google.com and either
>>> > way
>>> > find yourself at encrypted.google.com (which is HTTPS).
>>> > The ? says that the preceding item should be matched 0 or 1 times.
>>> >
>>> >>
>>> >> Removing the www from all the rulesets will still work right?
>>> >>
>>> > Not when you type in www.google.com
>>> >>
>>> >>
>>> >> On Tue, Aug 16, 2011 at 4:23 PM, Andrew Sillers <apsillers at gmail.com>
>>> >> wrote:
>>> >> > Whoops, my mistake -- thanks for the correction.  Also, it doesn't
>>> >> > match
>>> >> > unlimited subdomains, as I suggested earlier; it matches just one.
>>> >> > To
>>> >> > catch
>>> >> > arbitrarily many subdomains in a hostname, using a "*" instead of a
>>> >> > "?"
>>> >> > should do the trick: ([^/:@\.]+\.)*
>>> >> >
>>> >> > Andrew
>>> >> >
>>> >> > On Tue, Aug 16, 2011 at 4:46 PM, Peter Eckersley <pde at eff.org> wrote:
>>> >> >>
>>> >> >> On Tue, Aug 16, 2011 at 04:38:45PM -0400, Andrew Sillers wrote:
>>> >> >> > Victor,
>>> >> >> >
>>> >> >> > Try removing the "\." before "faxzero" and adding a question mark
>>> >> >> > in
>>> >> >> > its
>>> >> >> > place: ([^/:@\.]+)?
>>> >> >>
>>> >> >> Don't remove the "\." -- instead put it inside the parentheses.  If
>>> >> >> you
>>> >> >> have a
>>> >> >> subdomain, you want the dot.
>>> >> >>
>>> >> >> >
>>> >> >> > Similarly, eliminate the "\." before "faxzero" in the "to" part of
>>> >> >> > the
>>> >> >> > rule.
>>> >> >> >
>>> >> >> > Right now, your rule requires something to precede the main
>>> >> >> > domain;
>>> >> >> > the
>>> >> >> > question mark will make a subdomain optional.  (Specifically,
>>> >> >> > ([^/:@\.]+)
>>> >> >> > grabs all subdommains and excludes authentication credentials,
>>> >> >> > which
>>> >> >> > use
>>> >> >> > "@"
>>> >> >> > and ":".)
>>> >> >> >
>>> >> >> > The $1 is a regular expression backreference (
>>> >> >> > http://www.regular-expressions.info/brackets.html), which is used
>>> >> >> > to
>>> >> >> > represent the first parenthesized clause in the "from" regex -- in
>>> >> >> > this
>>> >> >> > case, all the subdomains, grabbed by ([^/:@\.]+).
>>> >> >> >
>>> >> >> > Andrew
>>> >> >> >
>>> >> >> > On Tue, Aug 16, 2011 at 4:19 PM, Victor Garin
>>> >> >> > <vic.garin at gmail.com>
>>> >> >> > wrote:
>>> >> >> >
>>> >> >> > > When I started, I used the below rule as an example, because it
>>> >> >> > > used
>>> >> >> > > to encrypt all the subdomains:
>>> >> >> > >
>>> >> >> > > <ruleset name="Netflix">
>>> >> >> > >  <target host="netflix.com" />
>>> >> >> > >  <target host="*.netflix.com" />
>>> >> >> > >  <rule from="^http://([^/:@\.]+)\.netflix\.com/" to="https://$
>>> >> >> > > 1.netflix.com/"/>
>>> >> >> > > </ruleset>
>>> >> >> > >
>>> >> >> > > I assumed it also encrypted the main domain, but that doesn't
>>> >> >> > > seem
>>> >> >> > > to
>>> >> >> > > be the case for example here:
>>> >> >> > >
>>> >> >> > > <ruleset name="FaxZero">
>>> >> >> > >  <target host="faxzero.com" />
>>> >> >> > >  <target host="*.faxzero.com" />
>>> >> >> > >  <rule from="^http://([^/:@\.]+)\.faxzero\.com/" to="https://$
>>> >> >> > > 1.faxzero.com/"/>
>>> >> >> > > </ruleset>
>>> >> >> > >
>>> >> >> > >
>>> >> >> > > i.e. browsing to http://faxzero.com does nothing?
>>> >> >> > >
>>> >> >> > > What does "([^/:@\.]+)\" and "$1" do?
>>> >> >> > >
>>> >> >> > > Is there a way, to write in the same line, to redirect the main
>>> >> >> > > domain
>>> >> >> > > to https also? Or does the main domain rule, have to be in a new
>>> >> >> > > line?
>>> >> >> > > _______________________________________________
>>> >> >> > > HTTPS-everywhere mailing list
>>> >> >> > > HTTPS-everywhere at mail1.eff.org
>>> >> >> > > https://mail1.eff.org/mailman/listinfo/https-everywhere
>>> >> >> > >
>>> >> >>
>>> >> >> > _______________________________________________
>>> >> >> > HTTPS-everywhere mailing list
>>> >> >> > HTTPS-everywhere at mail1.eff.org
>>> >> >> > https://mail1.eff.org/mailman/listinfo/https-everywhere
>>> >> >>
>>> >> >>
>>> >> >> --
>>> >> >> Peter Eckersley                            pde at eff.org
>>> >> >> Technology Projects Director      Tel  +1 415 436 9333 x131
>>> >> >> Electronic Frontier Foundation    Fax  +1 415 436 9993
>>> >> >
>>> >> >
>>> >> _______________________________________________
>>> >> HTTPS-everywhere mailing list
>>> >> HTTPS-everywhere at mail1.eff.org
>>> >> https://mail1.eff.org/mailman/listinfo/https-everywhere
>>> >
>>> >
>>
>>
>

More information about the HTTPS-everywhere mailing list