Hi there! Anyone ever tried to use the HTTPS Everywhere ruleset in a proxy? I'm aware of https://github.com/apg/heproxy but I'm missing a general discussion on reusability of the rules.
Benefit that I see: You can transparently upgrade entire networks, but as Seth pointed out during a conversation is the total lack of user transparency if a rule is broken. But this could be bypassed with a (hand-crafted) subset of rules which are known to work, and are for popular or extremely sensitive sites. I'm thinking of a transparent proxy that redirects users e.g. using 302 responses from port 80 to 443, using something like Privoxy or nginx. Is it worthwile to pursue (I think definitely, but would value your feedback). What are the hurdles? Greetz, Martin -- Dr. Martin Mulazzani http://www.sba-research.org T: +43 1 5053688 F: +43 1 5047881 E: [email protected] Identifizierung gemäß § 14 UGB: Firmenname: SBA Research gGmbH Firmensitz: Favoritenstraße 16, 1040 Wien Firmenbuchnummer: 345659y Firmenbuchgericht: Handelsgericht Wien DVR-Nummer: 4012257 _______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
