[HTTPS-Everywhere] What does "([^/:@\.]+)\" and "$1" do?

Victor Garin vic.garin at gmail.com
Wed Aug 17 06:50:48 PDT 2011 

Forward slash solved that problem with signing in. Thanks.

Now the only problem is encrypting the sub-subdomain.

I tried both:

<rule from="^http://(.*)netflix\.com/" to="https://$1netflix.com/" />

and

<rule from="^http://(([^/:@\.]+\.)*)netflix\.com/"
to="https://$1netflix.com/" />

But I am still able to browse to the below url with http only:

http://ca.movies.netflix.com/WiHome

By the way the above url (with the ca prefix) should also work on US
accounts if you are signed in.

On Wed, Aug 17, 2011 at 6:40 AM, Andrew Sillers <apsillers at gmail.com> wrote:
> Looks like you need to add a forward slash to the end of your "to" string.
>  I don't know why it doesn't match at all, though.  I just did a quick test
> (just of the regular expression, not actually on Netflix) it it looks like
> it should work.  See if adding the slash fixes both issues.
>
> On Wed, Aug 17, 2011 at 9:36 AM, Victor Garin <vic.garin at gmail.com> wrote:
>>
>> Oh and the http only url still works with the below rule
>>
>> http://ca.movies.netflix.com/WiHome
>>
>> <ruleset name="NetflixAll">
>>  <target host="netflix.com" />
>>  <target host="*.netflix.com" />
>>  <rule from="^http://(([^/:@\.]+\.)*)netflix\.com/"
>> to="https://$1netflix.com" />
>> </ruleset>
>>
>> On Wed, Aug 17, 2011 at 6:34 AM, Victor Garin <vic.garin at gmail.com> wrote:
>> > So I was testing the new rule you suggested, to force unlimited
>> > subdomains on Netflix (see "Add Netflix sub-sub domain support i.e.
>> > ca.movies.netflix.com (Netflix Canada)" -
>> >
>> > https://mail1.eff.org/pipermail/https-everywhere-rules/2011-July/000429.html
>> > ):
>> >
>> > <ruleset name="NetflixAll">
>> >  <target host="netflix.com" />
>> >  <target host="*.netflix.com" />
>> >  <rule from="^http://(([^/:@\.]+\.)*)netflix\.com/"
>> > to="https://$1netflix.com" />
>> > </ruleset>
>> >
>> > But then after logging in I get this url:
>> >
>> > https://movies.netflix.comwihome/
>> >
>> > I don't suppose you have a Netflix US or Canadian account to test this?
>> >
>> > On Wed, Aug 17, 2011 at 6:01 AM, Andrew Sillers <apsillers at gmail.com>
>> > wrote:
>> >> Remove the first period in the "to" expression.
>> >> Also, I just realized that when using the * to match unlimited
>> >> subdomains,
>> >> the backreference $1 will only yield the rightmost subdomain.  If you
>> >> need
>> >> unlimit subdomain matching, do:
>> >> <rule from="^http://(([^/:@\.]+\.)*)faxzero\.com/"
>> >> to="https://$1faxzero.com" />
>> >> Just add an another set of parentheses around the sudomain expression
>> >> and
>> >> the star.
>> >>
>> >> On Wed, Aug 17, 2011 at 8:53 AM, Victor Garin <vic.garin at gmail.com>
>> >> wrote:
>> >>>
>> >>> <rule from="^http://([^/:@\.]+\.)*faxzero\.com/"
>> >>> to="https://$1.faxzero.com" />
>> >>>
>> >>> causes redirect to:
>> >>>
>> >>> https://.faxzero.com/
>> >>>
>> >>> But I don't want there to be a dot before the main domain if there is
>> >>> no subdomain.
>> >>>
>> >>> =============
>> >>>
>> >>> >> What does "(www\.)?" do?
>> >>> >
>> >>> > This allows you to go to both google.com and www.google.com and
>> >>> > either
>> >>> > way
>> >>> > find yourself at encrypted.google.com (which is HTTPS).
>> >>> > The ? says that the preceding item should be matched 0 or 1 times.
>> >>> >
>> >>> >>
>> >>> >> Removing the www from all the rulesets will still work right?
>> >>> >>
>> >>> > Not when you type in www.google.com
>> >>> >>
>> >>> >>
>> >>>
>> >>> So is there a way to write a rule that forces it on all subdomains, no
>> >>> exceptions?
>> >>>
>> >>> A simple asterix * should be able to do the trick; so a rule written
>> >>> in a simple form should look like this:
>> >>>
>> >>> <rule from="http://*faxzero.com/" to="https://*faxzero.com" />
>> >>>
>> >>> But I am sure it won't work. Can you explain why?
>> >>>
>> >>> On Wed, Aug 17, 2011 at 5:45 AM, Colonel Graff
>> >>> <graffatcolmingov at gmail.com> wrote:
>> >>> >
>> >>> >
>> >>> > On Wed, Aug 17, 2011 at 8:39 AM, Victor Garin <vic.garin at gmail.com>
>> >>> > wrote:
>> >>> >>
>> >>> >> You mean like this:
>> >>> >>
>> >>> >> <ruleset name="FaxZero">
>> >>> >>  <target host="faxzero.com" />
>> >>> >>  <target host="*.faxzero.com" />
>> >>> >>  <rule from="^http://([^/:@\.]+\.)*.faxzero\.com/"
>> >>> >> to="https://$1.faxzero.com/"/>
>> >>> >> </ruleset>
>> >>> >>
>> >>> > Try
>> >>> > <rule from="^http://([^/:@\.]+\.)*faxzero\.com/"
>> >>> > to="https://$1.faxzero.com"
>> >>> > />
>> >>> >>
>> >>> >> The above rule still does not work.
>> >>> >>
>> >>> >> Also, now the green check box does show up in HTTPS Everywhere when
>> >>> >> I
>> >>> >> go to faxzero.com.
>> >>> >>
>> >>> >> ---------------
>> >>> >>
>> >>> >> Also why do most of the rules have this: "(www\.)?"
>> >>> >>
>> >>> >> What does "(www\.)?" do?
>> >>> >
>> >>> > This allows you to go to both google.com and www.google.com and
>> >>> > either
>> >>> > way
>> >>> > find yourself at encrypted.google.com (which is HTTPS).
>> >>> > The ? says that the preceding item should be matched 0 or 1 times.
>> >>> >
>> >>> >>
>> >>> >> Removing the www from all the rulesets will still work right?
>> >>> >>
>> >>> > Not when you type in www.google.com
>> >>> >>
>> >>> >>
>> >>> >> On Tue, Aug 16, 2011 at 4:23 PM, Andrew Sillers
>> >>> >> <apsillers at gmail.com>
>> >>> >> wrote:
>> >>> >> > Whoops, my mistake -- thanks for the correction.  Also, it
>> >>> >> > doesn't
>> >>> >> > match
>> >>> >> > unlimited subdomains, as I suggested earlier; it matches just
>> >>> >> > one.
>> >>> >> > To
>> >>> >> > catch
>> >>> >> > arbitrarily many subdomains in a hostname, using a "*" instead of
>> >>> >> > a
>> >>> >> > "?"
>> >>> >> > should do the trick: ([^/:@\.]+\.)*
>> >>> >> >
>> >>> >> > Andrew
>> >>> >> >
>> >>> >> > On Tue, Aug 16, 2011 at 4:46 PM, Peter Eckersley <pde at eff.org>
>> >>> >> > wrote:
>> >>> >> >>
>> >>> >> >> On Tue, Aug 16, 2011 at 04:38:45PM -0400, Andrew Sillers wrote:
>> >>> >> >> > Victor,
>> >>> >> >> >
>> >>> >> >> > Try removing the "\." before "faxzero" and adding a question
>> >>> >> >> > mark
>> >>> >> >> > in
>> >>> >> >> > its
>> >>> >> >> > place: ([^/:@\.]+)?
>> >>> >> >>
>> >>> >> >> Don't remove the "\." -- instead put it inside the parentheses.
>> >>> >> >>  If
>> >>> >> >> you
>> >>> >> >> have a
>> >>> >> >> subdomain, you want the dot.
>> >>> >> >>
>> >>> >> >> >
>> >>> >> >> > Similarly, eliminate the "\." before "faxzero" in the "to"
>> >>> >> >> > part of
>> >>> >> >> > the
>> >>> >> >> > rule.
>> >>> >> >> >
>> >>> >> >> > Right now, your rule requires something to precede the main
>> >>> >> >> > domain;
>> >>> >> >> > the
>> >>> >> >> > question mark will make a subdomain optional.  (Specifically,
>> >>> >> >> > ([^/:@\.]+)
>> >>> >> >> > grabs all subdommains and excludes authentication credentials,
>> >>> >> >> > which
>> >>> >> >> > use
>> >>> >> >> > "@"
>> >>> >> >> > and ":".)
>> >>> >> >> >
>> >>> >> >> > The $1 is a regular expression backreference (
>> >>> >> >> > http://www.regular-expressions.info/brackets.html), which is
>> >>> >> >> > used
>> >>> >> >> > to
>> >>> >> >> > represent the first parenthesized clause in the "from" regex
>> >>> >> >> > -- in
>> >>> >> >> > this
>> >>> >> >> > case, all the subdomains, grabbed by ([^/:@\.]+).
>> >>> >> >> >
>> >>> >> >> > Andrew
>> >>> >> >> >
>> >>> >> >> > On Tue, Aug 16, 2011 at 4:19 PM, Victor Garin
>> >>> >> >> > <vic.garin at gmail.com>
>> >>> >> >> > wrote:
>> >>> >> >> >
>> >>> >> >> > > When I started, I used the below rule as an example, because
>> >>> >> >> > > it
>> >>> >> >> > > used
>> >>> >> >> > > to encrypt all the subdomains:
>> >>> >> >> > >
>> >>> >> >> > > <ruleset name="Netflix">
>> >>> >> >> > >  <target host="netflix.com" />
>> >>> >> >> > >  <target host="*.netflix.com" />
>> >>> >> >> > >  <rule from="^http://([^/:@\.]+)\.netflix\.com/"
>> >>> >> >> > > to="https://$
>> >>> >> >> > > 1.netflix.com/"/>
>> >>> >> >> > > </ruleset>
>> >>> >> >> > >
>> >>> >> >> > > I assumed it also encrypted the main domain, but that
>> >>> >> >> > > doesn't
>> >>> >> >> > > seem
>> >>> >> >> > > to
>> >>> >> >> > > be the case for example here:
>> >>> >> >> > >
>> >>> >> >> > > <ruleset name="FaxZero">
>> >>> >> >> > >  <target host="faxzero.com" />
>> >>> >> >> > >  <target host="*.faxzero.com" />
>> >>> >> >> > >  <rule from="^http://([^/:@\.]+)\.faxzero\.com/"
>> >>> >> >> > > to="https://$
>> >>> >> >> > > 1.faxzero.com/"/>
>> >>> >> >> > > </ruleset>
>> >>> >> >> > >
>> >>> >> >> > >
>> >>> >> >> > > i.e. browsing to http://faxzero.com does nothing?
>> >>> >> >> > >
>> >>> >> >> > > What does "([^/:@\.]+)\" and "$1" do?
>> >>> >> >> > >
>> >>> >> >> > > Is there a way, to write in the same line, to redirect the
>> >>> >> >> > > main
>> >>> >> >> > > domain
>> >>> >> >> > > to https also? Or does the main domain rule, have to be in a
>> >>> >> >> > > new
>> >>> >> >> > > line?
>> >>> >> >> > > _______________________________________________
>> >>> >> >> > > HTTPS-everywhere mailing list
>> >>> >> >> > > HTTPS-everywhere at mail1.eff.org
>> >>> >> >> > > https://mail1.eff.org/mailman/listinfo/https-everywhere
>> >>> >> >> > >
>> >>> >> >>
>> >>> >> >> > _______________________________________________
>> >>> >> >> > HTTPS-everywhere mailing list
>> >>> >> >> > HTTPS-everywhere at mail1.eff.org
>> >>> >> >> > https://mail1.eff.org/mailman/listinfo/https-everywhere
>> >>> >> >>
>> >>> >> >>
>> >>> >> >> --
>> >>> >> >> Peter Eckersley                            pde at eff.org
>> >>> >> >> Technology Projects Director      Tel  +1 415 436 9333 x131
>> >>> >> >> Electronic Frontier Foundation    Fax  +1 415 436 9993
>> >>> >> >
>> >>> >> >
>> >>> >> _______________________________________________
>> >>> >> HTTPS-everywhere mailing list
>> >>> >> HTTPS-everywhere at mail1.eff.org
>> >>> >> https://mail1.eff.org/mailman/listinfo/https-everywhere
>> >>> >
>> >>> >
>> >>
>> >>
>> >
>
>

More information about the HTTPS-everywhere mailing list