"User.Actions" Template

Ringo Kamens 2600denver at gmail.com
Mon May 22 12:21:31 UTC 2006 

If you are visiting an HTTPS site, so extensions like noscript and the
firefox settings to disable java still work?

On 5/22/06, Anothony Georgeo <anogeorgeo at yahoo.com> wrote:
> --- Fabian Keil <freebsd-listen at fabiankeil.de> wrote:
>
> > Anothony Georgeo <anogeorgeo at yahoo.com> wrote:
> > [snip]
> > How do you convince your browser not to fetch
> > additional images and style sheet through HTTPS?
> >
> > Not actively visiting untrusted HTTPS sites doesn't
> > stop anyone from spicing up his pages with HTTPS
> > content to get more information about his visitors.
> > [snip]
> > Fabian
> > --
>
>
> Those are valid points and to be honest I did not
> concider the possibility malicous HTTPS content on a
> HTTP web site.
>
> To that end I have updated my user.actions file to
> block all "HTTP CONNECT" attempts via. HTTPS (by using
> "limit-connect").  By blocking the CONNECT attempts
> Privoxy does not forward HTTPS traffic.
>
> I set the "limit-connect" paramiter to "Port -1"
> (essentially Port "0") which does not exist and thus
> blocked by Privoxy.  I tried using "limit-connect{0}"
> and "forward :443 ." (in "config.txt") but neither of
> those worked properly.
>
> IMO "limit-connect" is the most 'user-friendly' method
> to block\unblock HTTPS traffic.
>
> Here are the updated settings, I will update my
> original post with the complete and updated
> user.actions file.
>
> Note:
> Please read commented text I included which describes
> the settings and how an end-users may configure them.
>
> Note:
> Word-wrap may be an issue in regards to the mailing
> list's redition of this email.
>
>
>
> *Updated* "user.actions" settings relevent to HTTPS:
>
> # This setting blocks "HTTP CONNECT" attempts via.
> # HTTPS (eg. SSl).
> #
> # This setting prevents Privoxy from forwarding HTTPS
> # which it can not filter.
> #
> { +limit-connect{-1} }
> /
>
> # This setting is for URLS (eg. web-sites) you trust
> # and wish to access with an HTTPS (eg. SSL)
> # connection.
> #
> # This setting will over-ride the previous
> # "{ +limit-connect{-1} }" setting,
> # thus allowing access to pre-selected and trusted
> # HTTPS URL's.
> #
> # I included the HTTPS (SSL) URLs for the 'EFF' and
> # for 'Yahoo' web-mail as working examples.
> #
> # CAUTION: When you access an HTTPS URL listed
> # below you are preventing Privoxy from filtering
> # your "Environmental Variables", web-bugs, etc
> # while visiting that site.
> #
> # Filtration is suggested and use of these URLs
> # will dimish your anonymity.
> #
> { +limit-connect{443} }
> *secure.eff.org/
> *mail.yahoo.com/
> *login.yahoo.com/
>
>
> Any suggestions are welcome,
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>

More information about the tor-talk mailing list