If you are visiting an HTTPS site, so extensions like noscript and the firefox settings to disable java still work?
On 5/22/06, Anothony Georgeo <[EMAIL PROTECTED]> wrote:
--- Fabian Keil <[EMAIL PROTECTED]> wrote: > Anothony Georgeo <[EMAIL PROTECTED]> wrote: > [snip] > How do you convince your browser not to fetch > additional images and style sheet through HTTPS? > > Not actively visiting untrusted HTTPS sites doesn't > stop anyone from spicing up his pages with HTTPS > content to get more information about his visitors. > [snip] > Fabian > -- Those are valid points and to be honest I did not concider the possibility malicous HTTPS content on a HTTP web site. To that end I have updated my user.actions file to block all "HTTP CONNECT" attempts via. HTTPS (by using "limit-connect"). By blocking the CONNECT attempts Privoxy does not forward HTTPS traffic. I set the "limit-connect" paramiter to "Port -1" (essentially Port "0") which does not exist and thus blocked by Privoxy. I tried using "limit-connect{0}" and "forward :443 ." (in "config.txt") but neither of those worked properly. IMO "limit-connect" is the most 'user-friendly' method to block\unblock HTTPS traffic. Here are the updated settings, I will update my original post with the complete and updated user.actions file. Note: Please read commented text I included which describes the settings and how an end-users may configure them. Note: Word-wrap may be an issue in regards to the mailing list's redition of this email. *Updated* "user.actions" settings relevent to HTTPS: # This setting blocks "HTTP CONNECT" attempts via. # HTTPS (eg. SSl). # # This setting prevents Privoxy from forwarding HTTPS # which it can not filter. # { +limit-connect{-1} } / # This setting is for URLS (eg. web-sites) you trust # and wish to access with an HTTPS (eg. SSL) # connection. # # This setting will over-ride the previous # "{ +limit-connect{-1} }" setting, # thus allowing access to pre-selected and trusted # HTTPS URL's. # # I included the HTTPS (SSL) URLs for the 'EFF' and # for 'Yahoo' web-mail as working examples. # # CAUTION: When you access an HTTPS URL listed # below you are preventing Privoxy from filtering # your "Environmental Variables", web-bugs, etc # while visiting that site. # # Filtration is suggested and use of these URLs # will dimish your anonymity. # { +limit-connect{443} } *secure.eff.org/ *mail.yahoo.com/ *login.yahoo.com/ Any suggestions are welcome, __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com