Threaded Mode | Linear Mode

***JJoe*** · (This post was last modified: Oct. 30, 2012 02:55 AM by JJoe.)

(Oct. 25, 2009 12:51 AM)leecovuk Wrote: Regarding YLogin, I remember looking at and setting those options; I have just looked at YLogin.txt and I am set as follows:
#$SET(YLaction=https://)(^)
$SET(YLaction=http://https.)(^)

As always with me, I will just end up confusing myself and re-treading already explained ground. I just wanted to generally check I was filtering https in the least 'annoying' way whilst doing it as effectively as possible.

So you have been hiding the secure connection from the browser (aka using Half-SSL) to avoid seeing the 'who is Proxomitron' warning.

(Oct. 25, 2009 12:51 AM)leecovuk Wrote: For a while, for example, I recall I was wanting to use half-ssl with the understanding that filtering https through Prox using half-ssl helps avoid certificate warnings, but I was only passing http through Prox in the browser proxy settings. I forget now my reasoning for doing that, but presumably it was to try avoiding some remaining certificate warnings, and it appeared to be doing filtering of (some/all?) secure pages.

Quote:I know somebody who only filters Half-SSLed pages.

Is that what I have just described above?

Close.
Your browser's https saw no filtering. There were no warnings about the Proxomitron.
I believe he routes http and https through the Proxomitron but disables "Use SSLeay/OpenSSL to filter secure pages".
So, his browser's https sees minimal header filtering. The files are not modified. There are no warnings about the Proxomitron.

Either method:
Https addresses found in headers or web pages and converted by Half-SSL routines may be filtered.
Half-SSL addresses requested by the browser may be filtered.
Should generate less certificate warnings and errors because the Proxomitron is older. Modern browsers should make fewer mistakes but they still don't filter.

Oct 29, 2012 It took awhile to get back to this. Lee was asking how to disable filtering. For some reason I showed how to enable.

(Oct. 25, 2009 12:51 AM)leecovuk Wrote: Finally, should I not want to filter a certain https url, what syntax would you use in the bypass list or IncludeExclude-U.ptxt? I know IncludeExclude-U.ptxt has the following:

don't use half-SSL (if default) $SET(0=i_ssl_h:0.)

but it is the url matching expressions which consistently elude me.
If you like, let's use an example that would match both
https://subdomain.domain.com
and
https://www.subdomain.domain.com

but not

http://subdomain.domain.com
and
http://www.subdomain.domain.com

Oct 29, 2012 Why and how $SET(0=i_ssl_h:1.) and $SET(0=i_ssl_h:2.) enable filtering follows

I think that should be
$SET(0=i_ssl_h:1.)

Code:

[HTTP headers]

In = FALSE

Out = TRUE

Key = "! |||||||||||| 2.2 Use Half-SSL     5.01.12 [jjoe] (o.2) (Out)"

URL = "$SET(keyword=$TST(keyword=(^*.i_ssl_h:)\1)\1i_ssl_h:1.)"

or

$SET(0=i_ssl_h:2.)

Code:

[Patterns]

Name = "<*>: Half-SSL     8.03.06 (cch! multi) [sd jjoe] (d.2)"

Active = TRUE

Multi = TRUE

URL = "$TYPE(htm)$TST(keyword=*.i_ssl_h:[12].*)"

Bounds = "$NEST(<[abdefhilmostu],*https://*,>)"

Limit = 2048

Match = "(^$TST(comment=1)|$TST(tNoscript=1))("

        ""

        "(*\s(href|src|action|background|style|content|value|on[a-z]+)=)\#"

        "$AVQ("

        "(\\+"+ https://&\#s://$SET(#=://https-px-.)\#)"

        "|(\0https://(^$TST(\0=\\+"+ (http:/|/|..|)/*))&&\#s://$SET(#=://https-px-.))+{1,*}\#"

        ")"

        ""

        ")+{1,*}\#"

Replace = "\@"

Proxomitron adds the port for https.
So, I'd try something like:

(www.|)subdomain.domain.com:443 $SET(0=i_ssl_h:1.)

Test at https://addons.mozilla.org/en-US/firefox/
with
(www.|)addons.mozilla.org:443 $SET(0=i_ssl_h:1.)
seems to work.

HTH

Edit: Remove http:// that forum software adds to www; Try to clarify my mistakes to salvage thread.