[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: "User.Actions" Template

To: or-talk@xxxxxxxxxxxxx
Subject: Re: "User.Actions" Template
From: Anothony Georgeo <anogeorgeo@xxxxxxxxx>
Date: Mon, 22 May 2006 00:41:04 -0700 (PDT)
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Mon, 22 May 2006 03:41:12 -0400
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=G8mdMnofOueTf//WanwRNRbIyjR9tdHQ/sKT1rrMqomEHfzadByaUXSWmpA4XxZNQ60mk7gBWNAWhY8ilrK7eR6gj1tCvv+SusyLxJR6/7N+HaGpzuxZeoqbAY4wI1N1REfNZEzWzmYr9VcDKw7WjlENzoUOkKtQDkTpiD4nROI= ;
In-reply-to: <20060521184447.28906523@localhost>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

--- Fabian Keil <freebsd-listen@xxxxxxxxxxxxx> wrote:

> Anothony Georgeo <anogeorgeo@xxxxxxxxx> wrote:
> [snip]
> How do you convince your browser not to fetch
> additional images and style sheet through HTTPS?
> 
> Not actively visiting untrusted HTTPS sites doesn't
> stop anyone from spicing up his pages with HTTPS
> content to get more information about his visitors.
> [snip]
> Fabian
> -- 

Those are valid points and to be honest I did not
concider the possibility malicous HTTPS content on a
HTTP web site.

To that end I have updated my user.actions file to
block all "HTTP CONNECT" attempts via. HTTPS (by using
"limit-connect").  By blocking the CONNECT attempts
Privoxy does not forward HTTPS traffic.  

I set the "limit-connect" paramiter to "Port -1"
(essentially Port "0") which does not exist and thus
blocked by Privoxy.  I tried using "limit-connect{0}"
and "forward :443 ." (in "config.txt") but neither of
those worked properly.

IMO "limit-connect" is the most 'user-friendly' method
to block\unblock HTTPS traffic.

Here are the updated settings, I will update my
original post with the complete and updated
user.actions file.

Note: 
Please read commented text I included which describes
the settings and how an end-users may configure them. 

Note:
Word-wrap may be an issue in regards to the mailing
list's redition of this email.

*Updated* "user.actions" settings relevent to HTTPS:

# This setting blocks "HTTP CONNECT" attempts via. 
# HTTPS (eg. SSl).
#  
# This setting prevents Privoxy from forwarding HTTPS 
# which it can not filter.
#
{ +limit-connect{-1} } 
/

# This setting is for URLS (eg. web-sites) you trust 
# and wish to access with an HTTPS (eg. SSL) 
# connection.  
#
# This setting will over-ride the previous 
# "{ +limit-connect{-1} }" setting, 
# thus allowing access to pre-selected and trusted 
# HTTPS URL's.
#
# I included the HTTPS (SSL) URLs for the 'EFF' and 
# for 'Yahoo' web-mail as working examples.  
#
# CAUTION: When you access an HTTPS URL listed 
# below you are preventing Privoxy from filtering 
# your "Environmental Variables", web-bugs, etc 
# while visiting that site.
#          
# Filtration is suggested and use of these URLs 
# will dimish your anonymity.
#         
{ +limit-connect{443} } 
*secure.eff.org/
*mail.yahoo.com/
*login.yahoo.com/

Any suggestions are welcome,

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Follow-Ups:
- Re: "User.Actions" Template
  - From: Ringo Kamens

References:
- Re: "User.Actions" Template
  - From: Fabian Keil

Prev by Author: Re: Threats to anonymity set at and above the application layer; HTTP headers
Next by Author: Update for "user.actions" template (Was: Re: "User.Actions" Template )
Previous by thread: Re: "User.Actions" Template
Next by thread: Re: "User.Actions" Template
Index(es):
- Author
- Thread