#27925: Permanent link on /exonerator.html? is http --------------------------------+----------------------------------- Reporter: modik | Owner: metrics-team Type: defect | Status: needs_information Priority: Medium | Milestone: Component: Metrics/ExoneraTor | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: --------------------------------+----------------------------------- Changes (by karsten):
* status: new => needs_information * cc: metrics-team (added) Comment: Good catch! This is indeed not ideal. It's even a tiny bit worse than described above: we also include the `http` link in other places, for example, when an IP address was not found but nearby IP addresses in the same /24 have possible hits. Try searching for .170 and look at the HTML sources: {{{ <div class="panel-body"> <p>We did not find IP address 62.138.7.170 on or within a day of 2018-09-20. But we did find other IP addresses of Tor relays in the same /24 network around the time:</p> <ul> <li><a href="http://metrics.torproject.org/exonerator.html?ip=62.138.7.171×tamp=2018-09-20&lang=en">62.138.7.171</a></li> </ul> </div><!-- panel-body --> }}} The underlying issue is that we have an Apache running on the metrics host that listens on 443 and rewrites to 8080. In our servlet, we don't even learn that the request came in via `https`. I don't really have an elegant solution. The best thing I can come up with is that we pretend that we're living in an HTTPS world now and simply rewrite `http` to `https`. And for local testing environments we provide a simple configuration option that turns off this internal rewriting. Changing to needs_information to collect feedback on this plan. If I don't hear otherwise, I'll hack something next week. Unless somebody else wants to do it, in which case, please just grab the ticket! -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27925#comment:1> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs