[HTTPS-Everywhere] Style for HTTPS Everywhere rules that cover a lot of domains

Peter Eckersley pde at eff.org
Sat Feb 19 18:12:28 PST 2011 

Thanks for the ruleset!  Thereoretically rulesets should be posted to the
https-everywhere-rules mailing list, but this one raises an interesting
general question of style:

  If you're trying to write a rule that covers dozens of domains at once,
  should you write a single regexp to do all of that, or a different regexp
  for each case?

Readability argues for the latter.  Performance argues for the former.  Which
wins?  The answer is that readability would win [*], but the best solution
lets you have it both ways.  Just copy this excellent hack that Jeroen van der
Gun used in the rulesets for the Netherlands government:

https://gitweb.torproject.org/https-everywhere.git/blob/70f2a1999e135a94129283f332a1ef1ebf8edb2b:/src/chrome/content/rules/Nederland.xml

[*] The <target host> mechanism should guarantee acceptable performance in all
cases regardless of how baroque rulesets are.

On Sat, Feb 19, 2011 at 09:38:27PM +0000, David Batley wrote:
> Hi,
> 
> I've made some rules for local government websites in the UK.
> 
> http://dbatley.com/https/localgov/UKLocalGovernment.xml
> 
> There's about 450 local councils, so I decided to automate the process
> by fetching the homepage of each website (following the 302 redirects
> to get to the actual website), then fetching the http and https
> version of the homepage and comparing them. Although I've uploaded the
> script to http://dbatley.com/https/localgov/ , it's really bad
> hacked-together code: unstructured code with no parallellzation, no
> retry on failure, no cookie support, and with plenty of hard-coded
> special cases.
> 
> The script is really only good for getting the initial list of
> websites, and weeding out the un-interesting cases. It doesn't (for
> example) check the validity of the ssl cert. So I have visited each of
> the entries by hand to check they work.
> 
> I've done all these councils in one file because there's a lot of them
> (would spam the config dialog), and most people are only likely to
> visit their local one. Hope that's ok?
> 
> --dave
> 
> PS: https://www.derrycity.gov.uk/ was an interesting case - they're on
> a shared hosting plan and aren't the default https entry :)
> _______________________________________________
> HTTPS-everywhere mailing list
> HTTPS-everywhere at mail1.eff.org
> https://mail1.eff.org/mailman/listinfo/https-everywhere

-- 
Peter Eckersley                            pde at eff.org
Senior Staff Technologist         Tel  +1 415 436 9333 x131
Electronic Frontier Foundation    Fax  +1 415 436 9993

More information about the HTTPS-everywhere mailing list