Date: Wed, 28 Oct 2009 21:44:03 +0100 (CET) From: Alexander Best <alexbestms@math.uni-muenster.de> To: Scott Bennett <bennett@cs.niu.edu>, <freebsd-questions@freebsd.org>, Michael Powell <nightrecon@hotmail.com> Cc: Alexander Best <alexbestms@math.uni-muenster.de> Subject: Re: howto use https in favour of http Message-ID: <permail-2009102820440380e26a0b0000356f-a_best01@message-id.uni-muenster.de> In-Reply-To: <200910270808.n9R88vMU011842@mp.cs.niu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Scott Bennett schrieb am 2009-10-27: > On Mon, 26 Oct 2009 23:40:48 -0400 Michael Powell > <nightrecon@hotmail.com> > wrote: > >Steve Bertrand wrote: > >> Alexander Best wrote: > >>> Olivier Nicole schrieb am 2009-10-27: > >>>> Hi, > >>>>> i've added the following line to my /etc/hosts: > >>>>> permail.uni-muenster.de:25 permail.uni-muenster.de:443 > >>>>> so what i want is for freebsd to never use http, but https for > >>>>> that > >>>>> address. > >>>>> unfortunately hosts doesn't seem to support this syntax. > >[snip] > >>> i'm not using a webserver or anything. i'm just a regular user. > >>> the point > >>> is: i often forget to specify https://... for that specific > >>> address in > >>> apps like lynx or firefox. that's why the non-ssl version of that > >>> site is > >>> being loaded. i'd like freebsd to take care of this so even if > >>> the app is > >>> trying to access the non-ssl version it should in fact be > >>> redirected to > >>> the ssl version by freebsd. > >> I thought that this is what you were originally after. > >> FreeBSD, in itself, can't do this... much like Mac OS or Windows > >> can't > >> do this. > >> Most applications such as Firefox can't even do this (inherently). > >> If you are trying to enforce this as a personal/company policy, > >> you will > >> need to write a 'wrapper' around your application (lynx/firefox) > >> to do > >> this. > >> Note that your example was :25->:443, which implied SMTP over > >> SSL... > >> Nonetheless, FreeBSD can't make these decisions inherently > >> (thankfully). > >> Steve > >I think the OP does not have a clear grasp on how the various > >protocols > >operate. Evidenced by confusing http with mail services. Yes, I know > >there > >is 'web mail', but even web based mail is still a web server. > >It is up to the server operator to configure the services on the > >server end > >of things. Whether its SMTP with SSL/TLS, HTTP/HTTPS, pop3 or imap > >with SSL, > >etc., all of these things are made to work at the server end. True > >enough a > >client may need to be configured to talk on port 995 for pop3/SSL or > >port > >993 for IMAP/SSL but for the web a client shouldn't need to do > >anything. > >The web server operator configures which locations in his URI space > >should > >be served up on port 443, and the client's browser should > >automatically > >switch to HTTPS based upon this. The OP doesn't seem to understand > >that he > >doesn't need to make this happen on his end, at least as far as > >HTTP/HTTPS > >goes. > All of this is true, but it is also true that many web sites > offer part > or all of their content pages by both protocols, which allows a > client to > fetch such pages by his/her choice of protocol. For such sites, it > can be > quite helpful to have a way to tell the browser to prefer, or even > require, > one or the other. > >If he is actually trying to configure a mail client to talk TLS or > >SSL to an > >SMTP server, then he needs to tell the email client software this. > >E.g., > >"This connection requires encryption" and whether it is SSL or TLS. > >Mail > >servers on port 25 do not use HTTP or HTTPS, but rather SMTP. > >So it seems as if he is just very confused. > Definitely the case. However, this list is intended to provide > help > to users at all levels of experience and understanding. > What has been overlooked in all of the above discussion is that > there > *is* some help available for the OP. A plug-in is available for > Firefox > that should *always* be installed ASAP after Firefox has been > installed > unless you don't give a rat's ass about browser security. The > plug-in is > called "NoScript". (Other highly recommended Firefox security > plug-ins > include QuickJava, SafeCache, Torbutton, Better Privacy, etc.) > Directions for the OP: after installing NoScript and restarting > Firefox, bring up the NoScript Options panel. You can do this either > by > clicking on "Tools" in the Firefox menu bar at the top of the window > and > then on "Add-ons" or "Plug-ins" or some such, depending upon the > Firefox > version. This will bring up a panel listing all installed plug-ins. > Find > the entry for NoScript, click on the entry (not a button, though) to > select > it, then click on its "Preferences" button. Two alternative methods > of > getting to the same NoScript Options panel depend upon what you see > at the > bottom of the main Firefox window. If you see a bar inside the > window at > the bottom that says something about scripts with an "Options..." > button > at the right, clock on the "Options" button and then on the > "Options..." > line at the top of the resulting menu. The other alternative method > is > available when there is a capital letter "S" in a circle in the > bottom > Firefox status bar. Right-click on this "S", which may have a slash > through > it or other decorations, to get a slightly differently ordered menu. > Click > on the "Options..." line of this menu to get the NoScript Options > panel. > Once the NoScript Options panel is visible, click on the > "Advanced" tab > at the righthand end of the sequence of tabs. This will display some > "subtabs" below the main tabs. Click again on the righthandmost tab, > which > says, "HTTPS". A third line of tabs should appear, containing just > two tabs: > "Behavior" and "Cookies". The "Behavior" tab is the one you want. > You > should be able to figure out what to do from there, but basically you > can > identify a site by host+domainname (e.g., www.sitename.com) into the > upper > or lower box, depending upon whether you wish to force connections to > use > HTTPS or instead to force connections *not* to use HTTPS. You may > also > specify an entire domain (e.g., *.sitename.com). > Note, however, that you can tell the browser which protocol to > use > to request a page, but if the server does not offer service by that > protocol > you will get only an error page, as was implied by Michael Powell's > remarks > quoted above. > Scott Bennett, Comm. ASMELG, CFIAG > ********************************************************************** > * Internet: bennett at cs.niu.edu > * > *--------------------------------------------------------------------* > * "A well regulated and disciplined militia, is at all times a good > * > * objection to the introduction of that bane of all free governments > * > * -- a standing army." > * > * -- Gov. John Hancock, New York Journal, 28 January 1790 > * > ********************************************************************** thanks a lot for all the hints. i'll have a look at noscript. cheers. alex
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?permail-2009102820440380e26a0b0000356f-a_best01>