Yes, both <target> elements are required. As I understand it, they tell the software which rulesets to process. Therefore, if you are missing the one without “www”, then when you have a request to http://icabanken.se/, the software won’t process this ruleset at all.
I had a quick look at the site and its cookies and there seems to be no indication of any other subdomains. So it would probably be a good idea to install the ruleset with the <securecookie> tag and test it, if you haven’t done that already. -- Brian Drake All content created by me: Copyright<http://www.wipo.int/treaties/en/ip/berne/trtdocs_wo001.html>© 2014 Brian Drake. All rights reserved. On Tue, Jan 14, 2014 at 1627 (UTC), Joakim Walldén <[email protected] > wrote: > Thanks. > > So <target host="icabanken.se"/>, without “www”, must be included, > although only www.icabanken.se is available. > > <ruleset name="ICABANKEN.se"> > <target host="www.icabanken.se"/> > <target host="icabanken.se"/> > <rule from="^http://icabanken\.se/"; to="https://www.icabanken.se/"/> > <rule from="^http://www\.icabanken\.se/"; to="https://www.icabanken.se/"/> > </ruleset> > > Or, with the suggested combined rule: > > <ruleset name="ICABANKEN.se"> > <target host="www.icabanken.se"/> > <target host="icabanken.se"/> > <rule from="^http://(www\.)?icabanken\.se/" to="https://www.icabanken.se/"; > /> > </ruleset> > > Secure cookie, maybe > > <securecookie host="^(.*\.)?icabanken\.se$" name=".*" /> > > As far as I have seen, the entire site is available over HTTPS. Most links > on the page lead to HTTP, unless the user is logged in. However, I have the > domain added to Chrome’s HSTS-list, and that works well. I am not aware of > any subdomains, only www.icabanken.se. > > Thanks and regards, > Joakim > > > 2014/1/13 (UTC) Drake, Brian <[email protected]> > > It looks good, except that you are missing <target host="icabanken.se" />. >> >> Again, you could combine the rules: >> >> <rule from="^http://(www\.)?icabanken\.se/" to="https://www.icabanken.se/"; >> /> >> >> This does the same thing as the separate rules, but in one rule. >> >> If the entire site is available over HTTPS, you should secure the cookies >> (but I don’t have much experience myself in that area). >> >> <securecookie host="^(.*\.)?icabanken\.se$" name=".*" /> >> >> Remember to consider any other subdomains of icabanken.se when you do >> that. >> >> -- >> Brian Drake >> >> All content created by me: >> Copyright<http://www.wipo.int/treaties/en/ip/berne/trtdocs_wo001.html>© 2014 >> Brian Drake. All rights reserved. >> >> On Mon, Jan 13, 2014 at 1417 (UTC), Joakim Walldén < >> [email protected]> wrote: >> >>> Hi, >>> >>> I suggest adding a ruleset for icabanken.se. >>> >>> <ruleset name="ICABANKEN.se"> >>> <target host="www.icabanken.se"/> >>> <rule from="^http://icabanken\.se/"; to="https://www.icabanken.se/"/> >>> <rule from="^http://www\.icabanken\.se/"; to="https://www.icabanken.se/ >>> "/> >>> </ruleset> >>> >>> I hope it is correctly created. >>> >>> Thanks and regards, >>> Joakim >>> >>
