'Re: [privoxy-users] Blocking by host patterns not working with https?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       privoxy-users
Subject:    Re: [privoxy-users] Blocking by host patterns not working with https?
From:       Jean Seurin <jean () eastcode ! org>
Date:       2017-02-25 18:14:45
Message-ID: 6504391c-0215-ed98-7833-2dd506a14496 () eastcode ! org
[Download RAW message or body]

Hi Lee,

thanks for mentioning http://config.privoxy.org/show-url-info

It indeed does show a very good explanation as for why my pattern wasn't
blocked (it wasn't a host pattern per se):

NOTE:

This is a HTTPS URL, so the part after the "/" is ignored as Privoxy
doesn't see the path for real HTTPS requests either.

As pointed out kindly by Nick on the mailing list, the problem lied in
my lack of understanding of how HTTPS works.
The NOTE added by the http://config.privoxy.org/show-url-info is indeed
a very explanatory sentence.

I'd say that it wouldn't help to link FAQ 4.15 to HOST-PATTERN section
for understanding (it would for the sake of convenience though).

IMHO, you could add what you've added between parentheses to 4.15, it
should be good enough. Maybe adding that NOTE explanation or part of it
would make it even clearer.

Best,
Jean

On 24/02/17 19:56, Lee wrote:
> https://www.privoxy.org/faq/trouble.html#FLUSHIT
>   Try pasting the full URL of the offending ad into
> http://config.privoxy.org/show-url-info
>
> which explains what the problem is.
>
> If we changed
>   The only exception to this is blocking by host patterns,
> to
>   The only exception to this is blocking by host patterns (ie.
> blocking on DNS name/IP address),
> would that make it clearer?  Or would making "host patterns" a link to
>   https://www.privoxy.org/user-manual/actions-file.html#HOST-PATTERN
> be good enuf?
>
> The documentation does explain host & path patterns
>   https://www.privoxy.org/user-manual/actions-file.html#HOST-PATTERN
>   https://www.privoxy.org/user-manual/actions-file.html#PATH-PATTERN
> but the FAQ could make it clearer that a host pattern matches just the
> DNS name or IP address.
>
> Regards,
> Lee
>
>
> On 2/24/17, Jean Seurin <jean@eastcode.org> wrote:
>> Hi Ian,
>>
>> sorry for not being precise enough: I meant FAQ's 4.15 section:
>> https://www.privoxy.org/faq/misc.html#SSL
>>
>> Excerpt:
>>
>> 4.15. How can Privoxy filter Secure (HTTPS) URLs?
>>
>> Since secure HTTP connections are encrypted SSL sessions between your
>> browser and the secure site, and are meant to be reliably secure, there is
>> little that Privoxy can do but hand the raw gibberish data though from one
>> end to the other unprocessed.
>>
>> The only exception to this is blocking by host patterns, as the client needs
>> to tell Privoxy the name of the remote server, so that Privoxy can establish
>> the connection. If that name matches a host-only pattern, the connection
>> will be blocked.
>>
>> Since we're not talking about content here, but really host pattern based, I
>> think my case is part of the exception
>>
>> { +block{Nasty ads.} }
>> .somesite.com/imp
>>
>> As for the email part, it doesn't matter: I'm talking about HTML email
>> downloading ressources through the Privoxy proxy ( I mentioned emails
>> because their HTML structure is different from DIV based pages, so it's a
>> different pattern matching)
>>
>> I 'm anyway testing with a browser, and as said:
>> http://test.somesite.com/imp is blocked but https://test.somesite.com/imp
>> goes through.
>>
>> I'm really surprised that the host pattern doesn't match here, and I suspect
>> it could be some config oddness on my part.
>>
>> I'd be happy with a confirmation that it should be working as expected (i.e.
>> blocking by host pattern works also for https), just want to make sure the
>> problem is on my side.
>>
>> Cheers,
>> Jean
>>
>> On 22/02/17 14:49, Ian Silvester wrote:
>>> Hi Jean,
>>>
>>> I'm afraid that no, Privoxy cannot filter HTTPS content. It is on the
>>> TODO list, but may require funding to ever get done, and it is further
>>> not clear how it could best be achieved whilst retaining the trust that
>>> HTTPS connections afford.
>>>
>>> Could you provide a URL for the document section where you got the
>>> impression that HTTPS is supported? I'm afraid I couldn't find section
>>> 4.15 in current documentation.
>>>
>>> Email is sent over the SMTP protocol, so the only content Privoxy could
>>> filter is that referenced via URLs in the messages (which is of course
>>> very common). You could indeed write rules to handle that.
>>>
>>> Cheers,
>>>
>>> Ian
>>>
>>> My PGP public
>>> key[http://diem.serveftp.net:8080/IanSilvesterPGPPublicKey.asc]
>>>
>>> On Tue, 21 Feb 2017, at 16:40, Jean Seurin wrote:
>>>> Hi,
>>>>
>>>> I have this behaviour with a host pattern as follow (3.0.26):
>>>>
>>>> { +block{Nasty ads.} }
>>>> .somesite.com/imp
>>>>
>>>> http://test.somesite.com/imp is blocked but
>>>> https://test.somesite.com/imp goes through.
>>>>
>>>> My understanding was that host pattern would apply the block
>>>> independently of the protocol (from the doc 4.15 section).
>>>>
>>>> Why isn't it blocking https? (My browsers and mail client are all using
>>>> Privoxy proxy for both HTTP and HTTPS)
>>>>
>>>> As a fallback method, is there a possibility to filter content in email
>>>> HTML (no div, only table tags) with a pattern? Like filter any <img>
>>>> maybe ?
>>>>
>>>> Regards,
>>>> Jean
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Check out the vibrant tech community on one of the world's most
>>>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>>>> _______________________________________________
>>>> Ijbswa-users mailing list
>>>> Ijbswa-users@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/ijbswa-users
>>> ------------------------------------------------------------------------------
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>>> _______________________________________________
>>> Ijbswa-users mailing list
>>> Ijbswa-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/ijbswa-users
>>
>>
>>





------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Ijbswa-users mailing list
Ijbswa-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ijbswa-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic