Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 27 Oct 2009 03:08:57 -0500 (CDT)
From:      Scott Bennett <bennett@cs.niu.edu>
To:        freebsd-questions@freebsd.org, Michael Powell <nightrecon@hotmail.com>
Cc:        Alexander Best <alexbestms@math.uni-muenster.de>
Subject:   Re: howto use https in favour of http
Message-ID:  <200910270808.n9R88vMU011842@mp.cs.niu.edu>

next in thread | raw e-mail | index | archive | help
     On Mon, 26 Oct 2009 23:40:48 -0400 Michael Powell <nightrecon@hotmail.com>
wrote:
>Steve Bertrand wrote:
>
>> Alexander Best wrote:
>>> Olivier Nicole schrieb am 2009-10-27:
>>>> Hi,
>>> 
>>>>> i've added the following line to my /etc/hosts:
>>> 
>>>>> permail.uni-muenster.de:25      permail.uni-muenster.de:443
>>> 
>>>>> so what i want is for freebsd to never use http, but https for that
>>>>> address.
>>>>> unfortunately hosts doesn't seem to support this syntax.
>>> 
>[snip]
>>> 
>>> i'm not using a webserver or anything. i'm just a regular user. the point
>>> is: i often forget to specify https://... for that specific address in
>>> apps like lynx or firefox. that's why the non-ssl version of that site is
>>> being loaded. i'd like freebsd to take care of this so even if the app is
>>> trying to access the non-ssl version it should in fact be redirected to
>>> the ssl version by freebsd.
>> 
>> I thought that this is what you were originally after.
>> 
>> FreeBSD, in itself, can't do this... much like Mac OS or Windows can't
>> do this.
>> 
>> Most applications such as Firefox can't even do this (inherently).
>> 
>> If you are trying to enforce this as a personal/company policy, you will
>> need to write a 'wrapper' around your application (lynx/firefox) to do
>> this.
>> 
>> Note that your example was :25->:443, which implied SMTP over SSL...
>> 
>> Nonetheless, FreeBSD can't make these decisions inherently (thankfully).
>> 
>> Steve
>
>I think the OP does not have a clear grasp on how the various protocols 
>operate. Evidenced by confusing http with mail services. Yes, I know there 
>is 'web mail', but even web based mail is still a web server.
>
>It is up to the server operator to configure the services on the server end 
>of things. Whether its SMTP with SSL/TLS, HTTP/HTTPS, pop3 or imap with SSL, 
>etc., all of these things are made to work at the server end. True enough a 
>client may need to be configured to talk on port 995 for pop3/SSL or port 
>993 for IMAP/SSL but for the web a client shouldn't need to do anything.
>
>The web server operator configures which locations in his URI space should 
>be served up on port 443, and the client's browser should automatically 
>switch to HTTPS based upon this. The OP doesn't seem to understand that he 
>doesn't need to make this happen on his end, at least as far as HTTP/HTTPS 
>goes.

     All of this is true, but it is also true that many web sites offer part
or all of their content pages by both protocols, which allows a client to
fetch such pages by his/her choice of protocol.  For such sites, it can be
quite helpful to have a way to tell the browser to prefer, or even require,
one or the other.
>
>If he is actually trying to configure a mail client to talk TLS or SSL to an 
>SMTP server, then he needs to tell the email client software this. E.g., 
>"This connection requires encryption" and whether it is SSL or TLS. Mail 
>servers on port 25 do not use HTTP or HTTPS, but rather SMTP.
>
>So it seems as if he is just very confused.
>
     Definitely the case.  However, this list is intended to provide help
to users at all levels of experience and understanding.
     What has been overlooked in all of the above discussion is that there
*is* some help available for the OP.  A plug-in is available for Firefox
that should *always* be installed ASAP after Firefox has been installed
unless you don't give a rat's ass about browser security.  The plug-in is
called "NoScript".  (Other highly recommended Firefox security plug-ins
include QuickJava, SafeCache, Torbutton, Better Privacy, etc.)
     Directions for the OP:  after installing NoScript and restarting
Firefox, bring up the NoScript Options panel.  You can do this either by
clicking on "Tools" in the Firefox menu bar at the top of the window and
then on "Add-ons" or "Plug-ins" or some such, depending upon the Firefox
version.  This will bring up a panel listing all installed plug-ins.  Find
the entry for NoScript, click on the entry (not a button, though) to select
it, then click on its "Preferences" button.  Two alternative methods of
getting to the same NoScript Options panel depend upon what you see at the
bottom of the main Firefox window.  If you see a bar inside the window at
the bottom that says something about scripts with an "Options..." button
at the right, clock on the "Options" button and then on the "Options..."
line at the top of the resulting menu.  The other alternative method is
available when there is a capital letter "S" in a circle in the bottom
Firefox status bar.  Right-click on this "S", which may have a slash through
it or other decorations, to get a slightly differently ordered menu.  Click
on the "Options..." line of this menu to get the NoScript Options panel.
     Once the NoScript Options panel is visible, click on the "Advanced" tab
at the righthand end of the sequence of tabs.  This will display some
"subtabs" below the main tabs.  Click again on the righthandmost tab, which
says, "HTTPS".  A third line of tabs should appear, containing just two tabs:
"Behavior" and "Cookies".  The "Behavior" tab is the one you want.  You
should be able to figure out what to do from there, but basically you can
identify a site by host+domainname (e.g., www.sitename.com) into the upper
or lower box, depending upon whether you wish to force connections to use
HTTPS or instead to force connections *not* to use HTTPS.  You may also
specify an entire domain (e.g., *.sitename.com).
     Note, however, that you can tell the browser which protocol to use
to request a page, but if the server does not offer service by that protocol
you will get only an error page, as was implied by Michael Powell's remarks
quoted above.


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200910270808.n9R88vMU011842>