[HTTPS-Everywhere] Using the rules in a proxy?
Martin Mulazzani
mmulazzani at sba-research.org
Wed Jul 8 08:16:44 PDT 2015
Hi there!
Anyone ever tried to use the HTTPS Everywhere ruleset in a proxy? I'm
aware of https://github.com/apg/heproxy but I'm missing a general
discussion on reusability of the rules.
Benefit that I see: You can transparently upgrade entire networks, but
as Seth pointed out during a conversation is the total lack of user
transparency if a rule is broken. But this could be bypassed with a
(hand-crafted) subset of rules which are known to work, and are for
popular or extremely sensitive sites.
I'm thinking of a transparent proxy that redirects users e.g. using 302
responses from port 80 to 443, using something like Privoxy or nginx. Is
it worthwile to pursue (I think definitely, but would value your
feedback). What are the hurdles?
Greetz, Martin
--
Dr. Martin Mulazzani
http://www.sba-research.org
T: +43 1 5053688
F: +43 1 5047881
E: mmulazzani at sba-research.org
Identifizierung gemäß § 14 UGB:
Firmenname: SBA Research gGmbH
Firmensitz: Favoritenstraße 16, 1040 Wien
Firmenbuchnummer: 345659y
Firmenbuchgericht: Handelsgericht Wien
DVR-Nummer: 4012257
More information about the HTTPS-Everywhere
mailing list