Difference between revisions of "User:Eighty5cacao/misc/HTTPS Everywhere/rulewip/New rulesets (default off)"

From Pin Eight
Jump to: navigation, search
(ShareThis-problematic: probably good to clarify this)
(Pin Eight-experimental: workaround for pics, with citation of discussion (also, removing "false MCB" since it doesn't meet other developers' guidelines for use of that term, per "no first-party scripts..."))
Line 29: Line 29:
  
 
- pics (mismatch, shows WebFaction error page)
 
- pics (mismatch, shows WebFaction error page)
 +
 +
However, see https://pineight.com/mw/index.php?title=User_talk:Tepples&oldid=9915#HTTPS_on_this_site:_further_follow-up
 +
for a workaround.
  
  
Line 36: Line 39:
  
 
* Secured by us
 
* Secured by us
 
+
No first-party scripts nor stylesheets at fault.
 
 
Since no first-party scripts nor stylesheets are guilty of mixed content,
 
and this is already off by default, platform="mixedcontent" has not been added.
 
  
  
Line 45: Line 45:
  
 
-->
 
-->
<ruleset name="Pin Eight (experimental; false MCB)" default_off="webmaster request">
+
<ruleset name="Pin Eight (experimental)" default_off="webmaster request">
 
     <target host="pineight.com" />
 
     <target host="pineight.com" />
 
     <target host="www.pineight.com" />
 
     <target host="www.pineight.com" />
 
         <!-- Handled in Pin_Eight.xml -->
 
         <!-- Handled in Pin_Eight.xml -->
 
         <exclusion pattern="^http://(?:www\.)?pineight\.com/(?:mw/|.+\.(?:css|gif|jpe?g|js|png|txt|zip)$)" />
 
         <exclusion pattern="^http://(?:www\.)?pineight\.com/(?:mw/|.+\.(?:css|gif|jpe?g|js|png|txt|zip)$)" />
 +
    <target host="pics.pineight.com" />
 +
  
 
     <rule from="^http://(www\.)?pineight\.com/"
 
     <rule from="^http://(www\.)?pineight\.com/"
 
             to="https://$1pineight.com/" />
 
             to="https://$1pineight.com/" />
 +
 +
    <rule from="^http://pics\.pineight\.com/"
 +
            to="https://pineight.com/pics/" />
 +
 
</ruleset>
 
</ruleset>
 
</syntaxhighlight>
 
</syntaxhighlight>

Revision as of 23:01, 7 December 2013

Devio.us

<!--
	Expired 6/22/2013

-->
<ruleset name="Devio.us (expired)" default_off="expired">
   <target host="devio.us" />
   <target host="www.devio.us" />

   <!-- Both www and !www match - should be retested if/when the cert is renewed
        Forcing !www to minimize number of exceptions needed
   -->
   <rule from="^http://(?:www\.)?devio\.us/"
           to="https://devio.us/" />
</ruleset>

Pin Eight-experimental

<!--
	For rules that are on by default, see Pin_Eight.xml.

	Cookies are handled there.


	Nonfunctional subdomains:

		- pics (mismatch, shows WebFaction error page)

	However, see https://pineight.com/mw/index.php?title=User_talk:Tepples&oldid=9915#HTTPS_on_this_site:_further_follow-up
	for a workaround.


	Mixed content:

		- scripts on (www.) pages outside mw/, from pagead2.googlesyndication.com *

	* Secured by us
	No first-party scripts nor stylesheets at fault.


	web369.webfaction.com

-->
<ruleset name="Pin Eight (experimental)" default_off="webmaster request">
    <target host="pineight.com" />
    <target host="www.pineight.com" />
        <!-- Handled in Pin_Eight.xml -->
        <exclusion pattern="^http://(?:www\.)?pineight\.com/(?:mw/|.+\.(?:css|gif|jpe?g|js|png|txt|zip)$)" />
    <target host="pics.pineight.com" />


    <rule from="^http://(www\.)?pineight\.com/"
            to="https://$1pineight.com/" />

    <rule from="^http://pics\.pineight\.com/"
            to="https://pineight.com/pics/" />

</ruleset>

ShareThis-problematic

<!--
	For rules that are on by default, see ShareThis.xml.

-->
<ruleset name="ShareThis (problematic)" default_off="expired">
	<target host="s.sharethis.com" />
	<target host="sd.sharethis.com" />

	<!--
		- sd: load balancers
			- 174.129.3.2
			- 174.129.3.30
			- 184.72.47.139	(expired 9-29-2011; all others valid)
			- 184.72.47.142
			- 184.73.155.15
			- 204.236.131.61
		- s: Akamai
		- s and sd appear equivalent, at least for loader.js
			Note that the script loads all resources from sd anyway.
		- support links protocol-relatively to s
	-->
	<rule from="^https?://sd?\.sharethis\.com/"
	        to="https://sd.sharethis.com/" />

</ruleset>

Sly Dog Studios

<!--
	Expired 2/7/2013

-->
<ruleset name="Sly Dog Studios (expired)" default_off="expired">
   <target host="slydogstudios.org" />
   <target host="www.slydogstudios.org" />
   <target host="sds.robertlbryant.com" />

   <rule from="^http://(?:(?:www\.)?slydogstudios\.org|sds\.robertlbryant\.com)/"
           to="https://slydogstudios.org/" />
</ruleset>

Stanford-University-break-flashproxy

<!--
    For rules that are on by default, see Stanford-University.xml.

-->
<ruleset name="Stanford University (breaks flashproxy)" default_off="breaks Flashproxy participation">
    <target host="crypto.stanford.edu" />

    <rule from="^http://crypto\.stanford\.edu/flashproxy/(embed\.html|flashproxy\.js)(\?|$)"
            to="https://crypto.stanford.edu/flashproxy/$1$2" />
</ruleset>