[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: set privoxy to rewrite http to https

On Sat, 01 Jan 2011 03:46:09 -0800, S Mathias wrote:

> I use the
> KB SSL Enforcer
> https://chrome.google.com/extensions/detail/flcpelgcagfhfoegekianiofphddckof?hl=en
> so i could browse the net safer [i mean webserver <-> me] with using
> https, if available.

Do you feel "safer" just for browsing the web using "https"? Sure, 
your data is encrypted but the server you are contacting can have 
been compromised and you still can be hosed >:-)

What I want to say is that security is _not just_ encryption.

> The problem is: e.g.: facebook...
> if i go to
> https://www.facebook.com/
> that's ok, it's https.
> But all the links are "http" on the site.. if i click on a "http" link,
> it will request the page on "http", and THEN it switches to "https".
> Heres the problem.

You may be facing this bug:

Issue 25: Enforce SSL before the HTTP request is sent from the browser
> How/where could i write a privoxy rule, to rewrite all the "http" links
> to "https"? [so that it would by always trully over https]
> Are there any "general" rules (with privoxy), so that i don't have to
> write rules / site?

Managing privoxy goes beyond my scope, sorry.

> with the KB SSL Enforcer its always first http, then it recognizes that
> the site can do https, than it switches to it. But i want to "bypass"
> the http part.

I think this should be directly handled by the "KB SSL Enforcer" extension 
and by reading the above bug report, it should be solved in newer versions.



Reply to: