Re: howto use https in favour of http
Scott Bennett schrieb am 2009-10-27: > On Mon, 26 Oct 2009 23:40:48 -0400 Michael Powell > > wrote: > >Steve Bertrand wrote: > >> Alexander Best wrote: > >>> Olivier Nicole schrieb am 2009-10-27: > Hi, > > i've added the following line to my /etc/hosts: > > permail.uni-muenster.de:25 permail.uni-muenster.de:443 > > so what i want is for freebsd to never use http, but https for > > that > > address. > > unfortunately hosts doesn't seem to support this syntax. > >[snip] > >>> i'm not using a webserver or anything. i'm just a regular user. > >>> the point > >>> is: i often forget to specify https://... for that specific > >>> address in > >>> apps like lynx or firefox. that's why the non-ssl version of that > >>> site is > >>> being loaded. i'd like freebsd to take care of this so even if > >>> the app is > >>> trying to access the non-ssl version it should in fact be > >>> redirected to > >>> the ssl version by freebsd. > >> I thought that this is what you were originally after. > >> FreeBSD, in itself, can't do this... much like Mac OS or Windows > >> can't > >> do this. > >> Most applications such as Firefox can't even do this (inherently). > >> If you are trying to enforce this as a personal/company policy, > >> you will > >> need to write a 'wrapper' around your application (lynx/firefox) > >> to do > >> this. > >> Note that your example was :25->:443, which implied SMTP over > >> SSL... > >> Nonetheless, FreeBSD can't make these decisions inherently > >> (thankfully). > >> Steve > >I think the OP does not have a clear grasp on how the various > >protocols > >operate. Evidenced by confusing http with mail services. Yes, I know > >there > >is 'web mail', but even web based mail is still a web server. > >It is up to the server operator to configure the services on the > >server end > >of things. Whether its SMTP with SSL/TLS, HTTP/HTTPS, pop3 or imap > >with SSL, > >etc., all of these things are made to work at the server end. True > >enough a > >client may need to be configured to talk on port 995 for pop3/SSL or > >port > >993 for IMAP/SSL but for the web a client shouldn't need to do > >anything. > >The web server operator configures which locations in his URI space > >should > >be served up on port 443, and the client's browser should > >automatically > >switch to HTTPS based upon this. The OP doesn't seem to understand > >that he > >doesn't need to make this happen on his end, at least as far as > >HTTP/HTTPS > >goes. > All of this is true, but it is also true that many web sites > offer part > or all of their content pages by both protocols, which allows a > client to > fetch such pages by his/her choice of protocol. For such sites, it > can be > quite helpful to have a way to tell the browser to prefer, or even > require, > one or the other. > >If he is actually trying to configure a mail client to talk TLS or > >SSL to an > >SMTP server, then he needs to tell the email client software this. > >E.g., > >"This connection requires encryption" and whether it is SSL or TLS. > >Mail > >servers on port 25 do not use HTTP or HTTPS, but rather SMTP. > >So it seems as if he is just very confused. > Definitely the case. However, this list is intended to provide > help > to users at all levels of experience and understanding. > What has been overlooked in all of the above discussion is that > there > *is* some help available for the OP. A plug-in is available for > Firefox > that should *always* be installed ASAP after Firefox has been > installed > unless you don't give a rat's ass about browser security. The > plug-in is > called "NoScript". (Other highly recommended Firefox security > plug-ins > include QuickJava, SafeCache, Torbutton, Better Privacy, etc.) > Directions for the OP: after installing NoScript and restarting > Firefox, bring up the NoScript Options panel. You can do this either > by > clicking on "Tools" in the Firefox menu bar at the top of the window > and > then on "Add-ons" or "Plug-ins" or some such, depending upon the > Firefox > version. This will bring up a panel listing all installed plug-ins. > Find > the entry for NoScript, click on the entry (not a button, though) to > select > it, then click on its "Preferences" button. Two alternative methods > of > getting to the same NoScript Options panel depend upon what you see > at the > bottom of the main Firefox window. If you see a bar inside the > window at > the bottom that says something about scripts with an "Options..." > button > at the right, clock on the "Options" button and then on the > "Options..." > line at the top of the resulting menu. The other alternative method > is > available when there is a capital letter "S" in a circle in the > bottom > Firefox status bar. Right-click on this "S", which may have a slash > through > it or other decorations, to get a slightly differently ordered menu. > Click > on the "Optio
Re: howto use https in favour of http
On Tue, 27 Oct 2009 09:32:21 -0400 Michael Powell wrote: >Scott Bennett wrote: > > Alexander Best wrote: >> Hi, > >>> i've added the following line to my /etc/hosts: > >>> permail.uni-muenster.de:25 permail.uni-muenster.de:443 > >>> so what i want is for freebsd to never use http, but https for that >>> address. >[snip] > >Perhaps the easiest direct solution is to bookmark > >https://permail.uni-muenster.de/ in the browser bookmarks instead of > >http://permail.uni-muenster.de/ > If he wants to apply the HTTPS requirement only to a particular page (e.g., the home page) at a web site, that *might* work. OTOH, there may be points of failure, such as this example in the page whose URL is shown above. http://www.permail.uni-muenster.de"; rel="subsection" > Depending upon a bookmark would also fail to apply the restriction to any links to other pages at the same site that the user might click on on the page. It also ignores the many dozens (hundreds?) of security problems that are fixed/blocked by plug-ins like NoScript and Torbutton. Once NoScript has been installed, it is plenty easy, as I outlined previously, to apply such a restriction to an entire web site or to all web sites in a given domain. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: howto use https in favour of http
On Tue, 27 Oct 2009 03:29:13 +0100 (CET) Alexander Best wrote: > i'm not using a webserver or anything. i'm just a regular user. the > point is: i often forget to specify https://... for that specific > address in apps like lynx or firefox. that's why the non-ssl version > of that site is being loaded. That's internal to the application. > i'd like freebsd to take care of this > so even if the app is trying to access the non-ssl version it should > in fact be redirected to the ssl version by freebsd. Why not just use bookmarks? If you want to avoid unsecure connections to specific sites, you can do it with a firewall, or you can install a proxy (such as squid) and use ACLs. However some sites may not look quite the same due to insecure links to graphics etc. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: howto use https in favour of http
Scott Bennett wrote: >>> Alexander Best wrote: > Hi, >> i've added the following line to my /etc/hosts: >> permail.uni-muenster.de:25 permail.uni-muenster.de:443 >> so what i want is for freebsd to never use http, but https for that >> address. [snip] Perhaps the easiest direct solution is to bookmark https://permail.uni-muenster.de/ in the browser bookmarks instead of http://permail.uni-muenster.de/ -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: howto use https in favour of http
On Mon, 26 Oct 2009 23:40:48 -0400 Michael Powell wrote: >Steve Bertrand wrote: > >> Alexander Best wrote: >>> Olivier Nicole schrieb am 2009-10-27: Hi, >>> > i've added the following line to my /etc/hosts: >>> > permail.uni-muenster.de:25 permail.uni-muenster.de:443 >>> > so what i want is for freebsd to never use http, but https for that > address. > unfortunately hosts doesn't seem to support this syntax. >>> >[snip] >>> >>> i'm not using a webserver or anything. i'm just a regular user. the point >>> is: i often forget to specify https://... for that specific address in >>> apps like lynx or firefox. that's why the non-ssl version of that site is >>> being loaded. i'd like freebsd to take care of this so even if the app is >>> trying to access the non-ssl version it should in fact be redirected to >>> the ssl version by freebsd. >> >> I thought that this is what you were originally after. >> >> FreeBSD, in itself, can't do this... much like Mac OS or Windows can't >> do this. >> >> Most applications such as Firefox can't even do this (inherently). >> >> If you are trying to enforce this as a personal/company policy, you will >> need to write a 'wrapper' around your application (lynx/firefox) to do >> this. >> >> Note that your example was :25->:443, which implied SMTP over SSL... >> >> Nonetheless, FreeBSD can't make these decisions inherently (thankfully). >> >> Steve > >I think the OP does not have a clear grasp on how the various protocols >operate. Evidenced by confusing http with mail services. Yes, I know there >is 'web mail', but even web based mail is still a web server. > >It is up to the server operator to configure the services on the server end >of things. Whether its SMTP with SSL/TLS, HTTP/HTTPS, pop3 or imap with SSL, >etc., all of these things are made to work at the server end. True enough a >client may need to be configured to talk on port 995 for pop3/SSL or port >993 for IMAP/SSL but for the web a client shouldn't need to do anything. > >The web server operator configures which locations in his URI space should >be served up on port 443, and the client's browser should automatically >switch to HTTPS based upon this. The OP doesn't seem to understand that he >doesn't need to make this happen on his end, at least as far as HTTP/HTTPS >goes. All of this is true, but it is also true that many web sites offer part or all of their content pages by both protocols, which allows a client to fetch such pages by his/her choice of protocol. For such sites, it can be quite helpful to have a way to tell the browser to prefer, or even require, one or the other. > >If he is actually trying to configure a mail client to talk TLS or SSL to an >SMTP server, then he needs to tell the email client software this. E.g., >"This connection requires encryption" and whether it is SSL or TLS. Mail >servers on port 25 do not use HTTP or HTTPS, but rather SMTP. > >So it seems as if he is just very confused. > Definitely the case. However, this list is intended to provide help to users at all levels of experience and understanding. What has been overlooked in all of the above discussion is that there *is* some help available for the OP. A plug-in is available for Firefox that should *always* be installed ASAP after Firefox has been installed unless you don't give a rat's ass about browser security. The plug-in is called "NoScript". (Other highly recommended Firefox security plug-ins include QuickJava, SafeCache, Torbutton, Better Privacy, etc.) Directions for the OP: after installing NoScript and restarting Firefox, bring up the NoScript Options panel. You can do this either by clicking on "Tools" in the Firefox menu bar at the top of the window and then on "Add-ons" or "Plug-ins" or some such, depending upon the Firefox version. This will bring up a panel listing all installed plug-ins. Find the entry for NoScript, click on the entry (not a button, though) to select it, then click on its "Preferences" button. Two alternative methods of getting to the same NoScript Options panel depend upon what you see at the bottom of the main Firefox window. If you see a bar inside the window at the bottom that says something about scripts with an "Options..." button at the right, clock on the "Options" button and then on the "Options..." line at the top of the resulting menu. The other alternative method is available when there is a capital letter "S" in a circle in the bottom Firefox status bar. Right-click on this "S", which may have a slash through it or other decorations, to get a slightly differently ordered menu. Click on the "Options..." line of this menu to get the NoScript Options panel. Once the NoScript Options panel is visible, click on the "Advanced" tab at the righthand end of the sequence of tabs. This will display some "subtabs" below the main tabs. Click again on the righthandmost tab, which says, "HTTPS".
Re: howto use https in favour of http
On Mon, 26 Oct 2009 22:29, alexbestms@ wrote: Olivier Nicole schrieb am 2009-10-27: Hi, i've added the following line to my /etc/hosts: permail.uni-muenster.de:25 permail.uni-muenster.de:443 so what i want is for freebsd to never use http, but https for that address. unfortunately hosts doesn't seem to support this syntax. De3finitely not. man hosts to see the syntax and meaning of the /etc/hosts file. any advice on how to do this? I am not sure what you want to do. You want to install a web server that only serves https? then you configure your web server to only serve https, in Apache configuration you would only have a and none with port 80. Best regards, Olivier sorry if i didn't specify my problem in detail. i'm not using a webserver or anything. i'm just a regular user. the point is: i often forget to specify https://... for that specific address in apps like lynx or firefox. that's why the non-ssl version of that site is being loaded. i'd like freebsd to take care of this so even if the app is trying to access the non-ssl version it should in fact be redirected to the ssl version by freebsd. cheers. alex ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" Add some shell aliases to your shells rc's. Bourne style shells: alias your_name="lynx https://sub.domain.tld/"; Ill leave the c style shell syntax for you to figure out. Now as long as you can remember your_name then you shouldn't have to much of a problem. ;) Best regards, PC Pro Sch00lz -- ;; dataix.net!jhell 2048R/89D8547E 2009-09-30 ;; BSD since FreeBSD 4.2Linux since Slackware 2.1 ;; 85EF E26B 07BB 3777 76BE B12A 9057 8789 89D8 547E ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: howto use https in favour of http
Steve Bertrand wrote: > Alexander Best wrote: >> Olivier Nicole schrieb am 2009-10-27: >>> Hi, >> i've added the following line to my /etc/hosts: >> permail.uni-muenster.de:25 permail.uni-muenster.de:443 >> so what i want is for freebsd to never use http, but https for that address. unfortunately hosts doesn't seem to support this syntax. >> [snip] >> >> i'm not using a webserver or anything. i'm just a regular user. the point >> is: i often forget to specify https://... for that specific address in >> apps like lynx or firefox. that's why the non-ssl version of that site is >> being loaded. i'd like freebsd to take care of this so even if the app is >> trying to access the non-ssl version it should in fact be redirected to >> the ssl version by freebsd. > > I thought that this is what you were originally after. > > FreeBSD, in itself, can't do this... much like Mac OS or Windows can't > do this. > > Most applications such as Firefox can't even do this (inherently). > > If you are trying to enforce this as a personal/company policy, you will > need to write a 'wrapper' around your application (lynx/firefox) to do > this. > > Note that your example was :25->:443, which implied SMTP over SSL... > > Nonetheless, FreeBSD can't make these decisions inherently (thankfully). > > Steve I think the OP does not have a clear grasp on how the various protocols operate. Evidenced by confusing http with mail services. Yes, I know there is 'web mail', but even web based mail is still a web server. It is up to the server operator to configure the services on the server end of things. Whether its SMTP with SSL/TLS, HTTP/HTTPS, pop3 or imap with SSL, etc., all of these things are made to work at the server end. True enough a client may need to be configured to talk on port 995 for pop3/SSL or port 993 for IMAP/SSL but for the web a client shouldn't need to do anything. The web server operator configures which locations in his URI space should be served up on port 443, and the client's browser should automatically switch to HTTPS based upon this. The OP doesn't seem to understand that he doesn't need to make this happen on his end, at least as far as HTTP/HTTPS goes. If he is actually trying to configure a mail client to talk TLS or SSL to an SMTP server, then he needs to tell the email client software this. E.g., "This connection requires encryption" and whether it is SSL or TLS. Mail servers on port 25 do not use HTTP or HTTPS, but rather SMTP. So it seems as if he is just very confused. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: howto use https in favour of http
Alexander Best wrote: > Olivier Nicole schrieb am 2009-10-27: >> Hi, > >>> i've added the following line to my /etc/hosts: > >>> permail.uni-muenster.de:25 permail.uni-muenster.de:443 > >>> so what i want is for freebsd to never use http, but https for that >>> address. >>> unfortunately hosts doesn't seem to support this syntax. > >> De3finitely not. man hosts to see the syntax and meaning of the >> /etc/hosts file. > >>> any advice on how to do this? > >> I am not sure what you want to do. You want to install a web server >> that only serves https? then you configure your web server to only >> serve https, in Apache configuration you would only have a >> >> and none with port 80. > >> Best regards, > >> Olivier > > sorry if i didn't specify my problem in detail. > > i'm not using a webserver or anything. i'm just a regular user. the point is: > i often forget to specify https://... for that specific address in apps like > lynx or firefox. that's why the non-ssl version of that site is being loaded. > i'd like freebsd to take care of this so even if the app is trying to access > the non-ssl version it should in fact be redirected to the ssl version by > freebsd. I thought that this is what you were originally after. FreeBSD, in itself, can't do this... much like Mac OS or Windows can't do this. Most applications such as Firefox can't even do this (inherently). If you are trying to enforce this as a personal/company policy, you will need to write a 'wrapper' around your application (lynx/firefox) to do this. Note that your example was :25->:443, which implied SMTP over SSL... Nonetheless, FreeBSD can't make these decisions inherently (thankfully). Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: howto use https in favour of http
Alex, > i'm not using a webserver or anything. i'm just a regular user. the point is: > i often forget to specify https://... for that specific address in apps like > lynx or firefox. that's why the non-ssl version of that site is being loaded. > i'd like freebsd to take care of this so even if the app is trying to access > the non-ssl version it should in fact be redirected to the ssl version by > freebsd. I think it is the responsibility of the person in charge of the server to decide whether non-ssl connections are allowed or not; and to redirect non-ssl connections to ssl ones when needed. That should never be a burden for the client. Now on your client side what you can do is: - set-up a firewall to forbid non-ssl connections to certain web sites: if you try a non-ssl connection, it will be refused; easy enough to set-up, but frustrating when you see that your connection is refused; - set-up a proxy/redirector to change your non-ssl connections to ssl one: certainly an heavier thing to set-up, but would work transparently; Good luck, Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: howto use https in favour of http
Olivier Nicole schrieb am 2009-10-27: > Hi, > > i've added the following line to my /etc/hosts: > > permail.uni-muenster.de:25 permail.uni-muenster.de:443 > > so what i want is for freebsd to never use http, but https for that > > address. > > unfortunately hosts doesn't seem to support this syntax. > De3finitely not. man hosts to see the syntax and meaning of the > /etc/hosts file. > > any advice on how to do this? > I am not sure what you want to do. You want to install a web server > that only serves https? then you configure your web server to only > serve https, in Apache configuration you would only have a > > and none with port 80. > Best regards, > Olivier sorry if i didn't specify my problem in detail. i'm not using a webserver or anything. i'm just a regular user. the point is: i often forget to specify https://... for that specific address in apps like lynx or firefox. that's why the non-ssl version of that site is being loaded. i'd like freebsd to take care of this so even if the app is trying to access the non-ssl version it should in fact be redirected to the ssl version by freebsd. cheers. alex ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: howto use https in favour of http
Hi, > i've added the following line to my /etc/hosts: > > permail.uni-muenster.de:25 permail.uni-muenster.de:443 > > so what i want is for freebsd to never use http, but https for that address. > unfortunately hosts doesn't seem to support this syntax. De3finitely not. man hosts to see the syntax and meaning of the /etc/hosts file. > any advice on how to do this? I am not sure what you want to do. You want to install a web server that only serves https? then you configure your web server to only serve https, in Apache configuration you would only have a and none with port 80. Best regards, Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: howto use https in favour of http
Alexander Best wrote: > hi there, > > i've added the following line to my /etc/hosts: > > permail.uni-muenster.de:25 permail.uni-muenster.de:443 > > so what i want is for freebsd to never use http, but https for that address. > unfortunately hosts doesn't seem to support this syntax. It doesn't work that way. The 'hosts' file resolves a name to an IP address. I can see what you want to do here, but to get there, you must provide in your own words what it is you want exactly... Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
