首页 > 其他分享 >HTTPS Everywhere Rulesets (zz)

HTTPS Everywhere Rulesets (zz)

时间:2023-07-31 12:37:47浏览次数:58  
标签:zz rules Rulesets rule default Everywhere ruleset HTTPS


HTTPS Everywhere Rulesets

文件夹,HTTPSEverywhereUserRules
//z 2013-03-04 14:41:51 [email protected] .K[T229,L3029,R95,V3290]
照这这个样子写,就可以了。不过这个 add-on 似乎被 firefox 官方网站给移除了,原因不明;使用有风险。。。。

<ruleset name="Twitter">
  <target host="www.twitter.com" />
  <target host="twitter.com" />
  <rule from="^http://(www\.)?twitter\.com/" to="https://twitter.com/"/>
</ruleset>

默认规则本地路径:

Chrome:

%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\扩展版本号\rules\default.rulesets

Firefox:

%appdata%\Mozilla\Firefox\Profiles\随机字符.default\extensions\[email protected]\chrome\content\rules\default.rulesets



//z 2012-3-15 11:28:41 AM IS2120@


This page describes how to write rulesets for

HTTPS Everywhere, the Firefox plugin that switches sites over from http to https automatically. HTTPS Everywhere comes with

thousands of rulesets, but you might want to edit them, or write new ones.


[We believe this information is correct as of version 2.0 of HTTPS Everywhere.]

Rulesets are simple xml files. Here is a simplified version of Twitter.xml, from the plugin distribution:

<ruleset name="Twitter">
   <target host="www.twitter.com" />
   <target host="twitter.com" />
   <rule from="^http://(www\.)?twitter\.com/" to="https://twitter.com/"/>
 </ruleset>





The "target" tag specifies which domains the ruleset might apply to. The target host tag does not use regular expressions. The content of a target tag should be the actual name of a web server to which the ruleset applies or partially applies, like www.eff.org, www.google.com, secure.wikimedia.org, and so on. If your rule applies to the domain itself (like "eff.org", not just "www.eff.org"), you need an additional target tag to say so. For example, the sample ruleset above is meant to apply to either www.twitter.com or twitter.com, so it has a separate target tag for each.

A target may, however, contain a wildcard in one portion of the domain (like *.google.com or google.*, but *.google.* would not work). A wildcard on the left will match arbitrarily deep subdomains (for instance, *.facebook.com will match s-static.ak.facebook.com).1

The "rule" does the actual rewriting work. The "from" and "to" clauses in each rule areJavaScript regular expressions. You can use them to rewrite URLs in more complicated ways. Here's a simplified example for Wikipedia:

<ruleset name="Wikipedia">
   <target host="*.wikipedia.org" />

   <rule from="^http://([^@:/][^/:@])\.wikipedia\.org/wiki/"
           to="https://secure.wikimedia.org/wikipedia/$1/wiki/"/>
 </ruleset>



That rewrites a URL like http://fr.wikipedia.org/wiki/Chose to https://secure.wikimedia.org/wikipedia/fr/wiki/Chose. Notice, again, that the target is allowed to contain (just one) * as a wildcard meaning "any".

It is possible to add exclusions. An exclusion specifies a pattern, using a regular expression, for URLs where the rule shouldnot be applied. The EFF rule contains one exclusion, for a domain that is hosted externally and does not support HTTPS:<ruleset name="EFF">  <target host="eff.org" />  <target host="*.eff.org" />  <exclusion pattern="^http://action\.eff\.org/"/>  <rule from="^http://eff\.org/" to="https://eff.org/"/>  <rule from="^http://([^/:@]*)\.eff\.org/" to="https://$1.eff.org/"/></ruleset>




Note that if your rules include ampersands (&), they need to be appropriately XML-encoded: replace each occurence of& with&#x26;.

Lastly, because many HTTPS websites fail to correctly set the secure flag on authentication cookies, there is a facility for turning this flag on. For instance:



<securecookie host="^market\.android\.com$" name=".*" />



The "host" parameter is a regexp specifying which domains should have their cookies secured; the "name" parameter is a regexp specifying which cookies should be secured. Note that HTTPS Everywhere will only secure a cookie when it is set over HTTPS.

Once you've written a ruleset, you can use and test it by placing it in the HTTPSEverywhereUserRules/ subdirectory inyour Firefox profile directory, and then restarting Firefox. While using the rule, check for messages in the Firefox Error Console to see if there are any issues with the way the site supports HTTPS. Note that it is inadvisable to edit the builtin rules in-place, since they will be overwritten by upgrades to the extension. Either keep your edits in a safe place, or use agit repository.

If you've tested your rule and are sure it would be of use to the world at large, send it to the rulesets mailing list at https-everywhere-rules AT eff.org. Please be aware that this is a public and publicly-archived mailing list.NOTE: many rules that are not yet distributed in the official version of HTTPS Everywhere are already in our git repository! Before sending us a new rule, pleasecheck there to see if your rule has already been submitted by someone else.

Note that there are currently hundreds of pending rules which are not present in the latest stable version but which are included in development builds. If a version of the rule you're interested in is found inthe relevant part of our git repository, you don't need to write a new one -- just switch to the thedevelopment branch or build your own .xpi from git.

make-trivial-rule and trivial-validate.py

As an alternative to writing rules by hand, there are scripts you can run from a Unix command line to automate the process of creating a simple rule for a specified domain. These scripts are not included with HTTPS Everywhere releases but are available in our development repository and are described in our development documentation.


Disabling a ruleset by default

Sometimes rulesets are useful or interesting, but contain some bugs or issues that make them unsuitable for being enabled by default in everyone's browsers. For instance, the HTTPS website may use a Certificate Authority that is not trusted by everyone's browsers (most commonly, CAcert or a self-signed certificate). Or the ruleset may successfully secure parts of a site but interfere with others.

In such cases, rulesets should be disabled by default. This is done by adding a default_off attribute to the ruleset element, with a value explaining why the rule is off.

<ruleset name="Amazon (buggy)" default_off="currently somewhat broken">
    <target host="www.amazon.*" />
    <target host="amazon.*" />


By convention, you should add a parenthetical to the name of the ruleset — like (buggy) while it is off. If you reenable a ruleset, you should remove the parenthetical.This convention is important: it exists so that the change to the default override existing users' settings for whether the ruleset is on or off.


Disabling a ruleset on some platforms

Sometimes bugs on a platform may mean that a ruleset should be off by default on that platform only. For instance,this bug caused us to temporarily disable the Google Translate rules on Chromium and Chrome. This can be achieved with the "platform" attribute:<ruleset name="Google Translate" platform="firefox"><target host="translate.googleapis.com"/><target host="translate.google.com"/><rule from="^http://translate\.googleapis\.com/"         to="https://translate.googleapis.com/"/><rule from="^http://translate\.google\.com/translate_a/element\.js"        to="https://translate.google.com/translate_a/element.js"/></ruleset>




HTTPS Everywhere Rulesets

Platform is a space-delimited list of platforms on which the ruleset works. Currently anticipated values are "firefox", "chromium", and "cacert". If the platform attribute is present, but does not match the current platform, the ruleset will be treated as off-by-default.


  • 1. Exception: currently this is not true for a target host that is less than three levels deep. <target host="*.com"> would match thing.com but not very.thing.com. We would consider changing that if anybody needs to use it. <target host="*"> means a ruleset should be tested for every single URL.



标签:zz,rules,Rulesets,rule,default,Everywhere,ruleset,HTTPS
From: https://blog.51cto.com/u_16156420/6907000

相关文章

  • 64bit系统下操作注册表的注意事项 ZZ
    前一篇注册表重定向64bit系统下操作注册表的注意事项 (2010-03-1917:50:54)  1、注册表位置       64bit系统(WindowsServer2008R2只有64bit系统)的注册表分32 位注册表项和64位注册表项两部分。       在64bit系统下,通过regedit中查看到指定路径下的注册......
  • csc工具一般使用说明zz
    csc工具一般使用说明。工具CSC.exe是.net用来编译.cs文件的命令工具。它的路径默认在framework安装路径下。如:C:\WINDOWS\Microsoft.NET\Framework\版本\csc.exe常用的情况如下:编译File.cs以产生File.exe:cscFile.cs编译File.cs以产生File.dll:csc/target:libraryFile......
  • 浅谈AFL++ fuzzing(上):如何用进行有效且规整的fuzzing
    适用于白盒fuzzinginputcorpus收集语料库对于模糊测试工具而言,我们需要为其准备一个或多个起始的输入案例,这些案例通常能够很好的测试目标程序的预期功能,这样我们就可以尽可能多的覆盖目标程序。收集语料的来源多种多样。通常目标程序会包含一些测试用例,我们可以将其做位我......
  • CF613E Puzzle Lover 思考--zhengjun
    题很简单,一遍写对却比较困难。犯的错误:预处理\({base}^i\)时应该要处理到\(\max\{n,m\}\);去重的时候(reduce函数)特判\(m=1,2\)。代码#include<bits/stdc++.h>usingnamespacestd;usingll=longlong;constintN=2e3+10,mod=1e9+7,base=23333;intn,m;chara......
  • ProFuzzBench搭建
    概述论文:ProFuzzBench-ABenchmarkforStatefulProtocolFuzzing会议:2021年第30届ACMSIGSOFT软件测试与分析国际研讨会(ISSTA)项目地址:https://github.com/profuzzbench/profuzzbenchProFuzzBench是网络协议状态模糊化的基准。它包括一套用于流行协议(如TLS、SSH、SMTP、FT......
  • 关于AJAZZ机械键盘的一些备忘录
    使用说明按键作用Fn+Ins调节灯光模式(整体明暗)(常亮)Fn+上下方向键灯光亮暗Fn+Del滚动灯光Fn+Home按的按键会亮并向两边扩散/按下的按键会亮Fn+PgUp/PgDn灯光动效Fn+End灯光亮灭性状Fn++/-控制流速度......
  • CF449D Jzzhu and Numbers
    有一个很蠢但是很好写的做法。就是你先令\(t_i\)为与起来恰好为\(i\)的方案数,然后\(g_i\)为与起来子集中有\(i\)的方案数。然后\(g_S=\sum\limits_{T\subseteqS}t_T\),反演一下变成\(t_{S}=\sum\limits_{T\subseteqS}(-1)^{|S|-|T|}g_{T}\)。注意到可以\(O(w)\)枚......
  • debug go fuzz test
    Listallpackagegolist./...Runtestcasedlvtest--build-flags='api/tests/fuzz'---test.run^FuzzGetNodes$dlvtestapi/tests/fuzz---test.runFuzzGetNodes-test.v dlvdebugfuncsbapi/tests/fuzz.FuzzGetNodescbt ......
  • terraform安装与命令详解 zz
    terraform安装与命令详解by wanzi2021-02-25约3703字-预计阅读8分钟 devops|阅读 92安装TerraformMac系统安装12brewtaphashicorp/tapbrewinstallhashicorp/tap/terraformLinux系统安装ubuntu安装123curl-fsSLhtt......
  • Proj. CMI Paper Reading: Distributed System Fuzzing
    Abstract背景:当前分布式系统分析一般都是黑盒工具,难以探索程序状态工具:MALLORY任务:greyboxfuzzingtestingdistributedsystem方法:timeline-driventesting,timelineabstraction步骤:动态构建描述系统行为的Lamporttimelines将这些timelines抽象化为happens-beforesu......