Hey everyone :smile:

I made a simple .xml file for those of you who use HTTPSEverywhere Firefox extension.

I am aware that you can simply input https for the normal http that I believe the board still uses; however, because I've been on a public wifi for a while now and probably still will be for a shorter while yet, I felt it necessary to installed HTTPSEverywhere firefox extension.

For the fun of it, I also made this ruleset (within an .xml file) that I placed inside my ruleset folder for that extension.

Would like others to test it, though as far as I know, while looking through the Console2 extension, I don't see any concerns for that file with respect to sb-innovation that are listed there in.

I have not yet submitted it to gitrepository website for others to download. And if it seems to go well as I think it is so far, have a go, let me know, and then I can submit it for everyone to use. I figured that if passthepopcorn website has one, so should we. :smile:


*Removed (see post #15)*

PLease do post your comments, concerns, questions, results here.

*Removed (see post #15)*

I think that would be more efficient. Feedback appreciated too (my HTTPS Everywhere is currently disabled, among many others, since I'm trying to trace a leaky addon).

that's a very welcome addition. big thanks to both of you :sbi:

What's the difference between your script and mine, anon? Unless some minor detail escaped me, I didn't notice the difference btw either one??

Or is it the following info I just saw in your code??


(www\.)

As the inclusion would just be that, is it not normally adjusted as such within the URL bar when going to any particular website??

So if the one that I've posted above and if there aren't any problems with it as I have not noticed any either, though I'm still hoping some others will comment, I would then just submit this to the torproject then.

This part of yours:


<rule from="^sb-innovation\.de/" to="https://sb-innovation.de/"/>

Repointing the request to 'https://sb-innovation.de/restofurlgoeshere' will make it redirect to 'https://www.sb-innovation.de/restofurlgoeshere', because of how the server works. Mine points any link starting with http://www.sb-innovation.de/ (the underlined part could be there or not) to https://www.sb-innovation.de/, avoiding that.

By the way, HTTPS Everywhere doesn't seem to be one of the leaky addons, so I'll try it myself later today and see how it fares in reality.

---------- Post added at 15:10 ---------- Previous post was at 14:10 ----------

Disregard that and use this:

*Removed (see post #15)*

No leaks (verified with SmartSniff) and sets the secure flag on all site cookies for additional protection. :gsmile:

Ok so what your saying then is that even without the www within the ruleset, it still makes it redirect to https:/www, correct??

I understand that the ruleset is being given the benefit, so to speak, by the forum's server to the correct redirection. But from what I understand of your information is that, rather than having the forum's server redirect a URL without the www, to a URL with the https://www, you are actually having to cut out 1-step of a 2-step redirection to just a 1-step redirection by placing inside the ruleset the www so that it the extension and server correctly redirect a URL with the www to a https://www address?? Is that correct??

I understand that the ruleset is being given the benefit, so to speak, by the forum's server to the correct redirection. But from what I understand of your information is that, rather than having the forum's server redirect a URL without the www, to a URL with the https://www, you are actually having to cut out 1-step of a 2-step redirection to just a 1-step redirection by placing inside the ruleset the www so that it the extension and server correctly redirect a URL with the www to a https://www address?? Is that correct??

Yes :happy:

Ok. Great. On to the next question. In the ruleset you've placed above, you have 'securecookie host' placed. Is not the https considered automatically a securecookie host by the redirected action?? And a supplemental question to that is what is the primary purpose of the entire line having the securecookie host?? How or why would that be a necessity as you've already provided a ruleset stating the redirection to the https://www directly underneath that line??

And a supplemental question to that is what is the primary purpose of the entire line having the securecookie host?? How or why would that be a necessity as you've already provided a ruleset stating the redirection to the https://www directly underneath that line??

Additional security. Say the HTTPS Everywhere addon breaks for whatever reason - since all your forum cookies are marked as secure, they wouldn't be sent over the resulting unencrypted connections, therefore keeping your account here safe.

I see. Ok. Great. Well, then I think that I"ll replace the one that I've used with the 2nd one you've posted. You might as well take credit and post it to the gitweb.torproject.org list then if you want. Very much an asset to have this available to those who use the extension.

I merely improved on something you posted, so I think it'd be fair if you still went ahead and submitted it. :gsmile:

By all means, I'm also happy we have this now. vBulletin's HTTPS support is very broken when it comes to leaks.

Ok. Well I"ll do that then. I"ll email the site today for submission on this script for that particular extension. And for those who have been reading this thread and would like to know where the gitweb.torproject.org list is for HTTPSEverywhere firefox extension, I'll post the link here:


https://gitweb.torproject.org/https-everywhere.git/tree/HEAD:/src/chrome/content/rules

Inside your user profile folder, find ( unless there exists already) a folder called HTTPSEverywhereUserRule. Start a file and copy/paste inside some of the rulesets already there (or make your own following the directions at the extensions website). Rename it as an .xml file. Restart your browser.

@ anon:

Is there something wrong with this?? I basically took directions from you and how you managed to make the ruleset for sb-i more compatible with potential extension breakages and elimination of 2-steps down to 1. (http taken out and replaced with hxxp. Same with all the links given below)



<ruleset name="warez-bb.org">
<target host="*.warez-bb.org" />
<target host="warez-bb.org" />
<securecookie host="^(.*?\.)?warez-bb\.org$" name=".*" />
<rule from="^hxxp://(.*?\.)?.warez-bb\.org/" to="hxxps://www.warez-bb.org/" />
</ruleset>


For some reason I keep getting some errors about these though I don't believe that they amount to much. It just shows errors about unrelated matters.



Warning: Unknown property 'box-sizing'. Declaration dropped.
Source file: hxxp://img9.warez-bb.org/wbb3_theme/styles/main.css
Line: 37


and

NOTE: The below link is not a direct warez link. You'll get a pop stating that the protocol of 'hxxp' is unknown and your browser won't know how to open it.


Warning: Expected media feature name but found 'view-mode'.
Source file: Index :: Warez-BB.org (hxxp://www.warez-bb.org/)
Line: 1


and



Warning: Unknown pseudo-class or pseudo-element 'selected'. Ruleset ignored due to bad selector.
Source file: hxxp://img9.warez-bb.org/wbb3_theme/styles/main.css
Line: 9



you can see from the last console error in which it states 'ruleset ignored'. This is the only error that I would have most concern about. I am none too sure what is referencing to pseudo-elements.

Those are just CSS errors, you can ignore them.

A little bump for this. HTTPS Everywhere supports this forum out of the box, but the corresponding rule is disabled by default because our certificate is "expired, self-signed" (which it was before Cloudflare). Merely enabling it in the settings is enough, and the ruleset is well-written, therefore I've removed the "experimental" ones that were posted in this thread.

The extension doesn't work on Pale Moon, but its fork HTTPS Always (https://addons.palemoon.org/addon/https-always/) does.