--- Fabian Keil <freebsd-listen@xxxxxxxxxxxxx> wrote:
> Anothony Georgeo <anogeorgeo@xxxxxxxxx> wrote:
> [snip]
> How do you convince your browser not to fetch
> additional images and style sheet through HTTPS?
>
> Not actively visiting untrusted HTTPS sites doesn't
> stop anyone from spicing up his pages with HTTPS
> content to get more information about his visitors.
> [snip]
> Fabian
> --
Those are valid points and to be honest I did not
concider the possibility malicous HTTPS content on a
HTTP web site.
To that end I have updated my user.actions file to
block all "HTTP CONNECT" attempts via. HTTPS (by using
"limit-connect"). By blocking the CONNECT attempts
Privoxy does not forward HTTPS traffic.
I set the "limit-connect" paramiter to "Port -1"
(essentially Port "0") which does not exist and thus
blocked by Privoxy. I tried using "limit-connect{0}"
and "forward :443 ." (in "config.txt") but neither of
those worked properly.
IMO "limit-connect" is the most 'user-friendly' method
to block\unblock HTTPS traffic.
Here are the updated settings, I will update my
original post with the complete and updated
user.actions file.
Note:
Please read commented text I included which describes
the settings and how an end-users may configure them.
Note:
Word-wrap may be an issue in regards to the mailing
list's redition of this email.
*Updated* "user.actions" settings relevent to HTTPS:
# This setting blocks "HTTP CONNECT" attempts via.
# HTTPS (eg. SSl).
#
# This setting prevents Privoxy from forwarding HTTPS
# which it can not filter.
#
{ +limit-connect{-1} }
/
# This setting is for URLS (eg. web-sites) you trust
# and wish to access with an HTTPS (eg. SSL)
# connection.
#
# This setting will over-ride the previous
# "{ +limit-connect{-1} }" setting,
# thus allowing access to pre-selected and trusted
# HTTPS URL's.
#
# I included the HTTPS (SSL) URLs for the 'EFF' and
# for 'Yahoo' web-mail as working examples.
#
# CAUTION: When you access an HTTPS URL listed
# below you are preventing Privoxy from filtering
# your "Environmental Variables", web-bugs, etc
# while visiting that site.
#
# Filtration is suggested and use of these URLs
# will dimish your anonymity.
#
{ +limit-connect{443} }
*secure.eff.org/
*mail.yahoo.com/
*login.yahoo.com/
Any suggestions are welcome,
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com