howto use https in favour of http
alexbestms at math.uni-muenster.de
Wed Oct 28 20:44:06 UTC 2009
Scott Bennett schrieb am 2009-10-27:
> On Mon, 26 Oct 2009 23:40:48 -0400 Michael Powell
> <nightrecon at hotmail.com>
> >Steve Bertrand wrote:
> >> Alexander Best wrote:
> >>> Olivier Nicole schrieb am 2009-10-27:
> >>>> Hi,
> >>>>> i've added the following line to my /etc/hosts:
> >>>>> permail.uni-muenster.de:25 permail.uni-muenster.de:443
> >>>>> so what i want is for freebsd to never use http, but https for
> >>>>> that
> >>>>> address.
> >>>>> unfortunately hosts doesn't seem to support this syntax.
> >>> i'm not using a webserver or anything. i'm just a regular user.
> >>> the point
> >>> is: i often forget to specify https://... for that specific
> >>> address in
> >>> apps like lynx or firefox. that's why the non-ssl version of that
> >>> site is
> >>> being loaded. i'd like freebsd to take care of this so even if
> >>> the app is
> >>> trying to access the non-ssl version it should in fact be
> >>> redirected to
> >>> the ssl version by freebsd.
> >> I thought that this is what you were originally after.
> >> FreeBSD, in itself, can't do this... much like Mac OS or Windows
> >> can't
> >> do this.
> >> Most applications such as Firefox can't even do this (inherently).
> >> If you are trying to enforce this as a personal/company policy,
> >> you will
> >> need to write a 'wrapper' around your application (lynx/firefox)
> >> to do
> >> this.
> >> Note that your example was :25->:443, which implied SMTP over
> >> SSL...
> >> Nonetheless, FreeBSD can't make these decisions inherently
> >> (thankfully).
> >> Steve
> >I think the OP does not have a clear grasp on how the various
> >operate. Evidenced by confusing http with mail services. Yes, I know
> >is 'web mail', but even web based mail is still a web server.
> >It is up to the server operator to configure the services on the
> >server end
> >of things. Whether its SMTP with SSL/TLS, HTTP/HTTPS, pop3 or imap
> >with SSL,
> >etc., all of these things are made to work at the server end. True
> >enough a
> >client may need to be configured to talk on port 995 for pop3/SSL or
> >993 for IMAP/SSL but for the web a client shouldn't need to do
> >The web server operator configures which locations in his URI space
> >be served up on port 443, and the client's browser should
> >switch to HTTPS based upon this. The OP doesn't seem to understand
> >that he
> >doesn't need to make this happen on his end, at least as far as
> All of this is true, but it is also true that many web sites
> offer part
> or all of their content pages by both protocols, which allows a
> client to
> fetch such pages by his/her choice of protocol. For such sites, it
> can be
> quite helpful to have a way to tell the browser to prefer, or even
> one or the other.
> >If he is actually trying to configure a mail client to talk TLS or
> >SSL to an
> >SMTP server, then he needs to tell the email client software this.
> >"This connection requires encryption" and whether it is SSL or TLS.
> >servers on port 25 do not use HTTP or HTTPS, but rather SMTP.
> >So it seems as if he is just very confused.
> Definitely the case. However, this list is intended to provide
> to users at all levels of experience and understanding.
> What has been overlooked in all of the above discussion is that
> *is* some help available for the OP. A plug-in is available for
> that should *always* be installed ASAP after Firefox has been
> unless you don't give a rat's ass about browser security. The
> plug-in is
> called "NoScript". (Other highly recommended Firefox security
> include QuickJava, SafeCache, Torbutton, Better Privacy, etc.)
> Directions for the OP: after installing NoScript and restarting
> Firefox, bring up the NoScript Options panel. You can do this either
> clicking on "Tools" in the Firefox menu bar at the top of the window
> then on "Add-ons" or "Plug-ins" or some such, depending upon the
> version. This will bring up a panel listing all installed plug-ins.
> the entry for NoScript, click on the entry (not a button, though) to
> it, then click on its "Preferences" button. Two alternative methods
> getting to the same NoScript Options panel depend upon what you see
> at the
> bottom of the main Firefox window. If you see a bar inside the
> window at
> the bottom that says something about scripts with an "Options..."
> at the right, clock on the "Options" button and then on the
> line at the top of the resulting menu. The other alternative method
> available when there is a capital letter "S" in a circle in the
> Firefox status bar. Right-click on this "S", which may have a slash
> it or other decorations, to get a slightly differently ordered menu.
> on the "Options..." line of this menu to get the NoScript Options
> Once the NoScript Options panel is visible, click on the
> "Advanced" tab
> at the righthand end of the sequence of tabs. This will display some
> "subtabs" below the main tabs. Click again on the righthandmost tab,
> says, "HTTPS". A third line of tabs should appear, containing just
> two tabs:
> "Behavior" and "Cookies". The "Behavior" tab is the one you want.
> should be able to figure out what to do from there, but basically you
> identify a site by host+domainname (e.g., www.sitename.com) into the
> or lower box, depending upon whether you wish to force connections to
> HTTPS or instead to force connections *not* to use HTTPS. You may
> specify an entire domain (e.g., *.sitename.com).
> Note, however, that you can tell the browser which protocol to
> to request a page, but if the server does not offer service by that
> you will get only an error page, as was implied by Michael Powell's
> quoted above.
> Scott Bennett, Comm. ASMELG, CFIAG
> * Internet: bennett at cs.niu.edu
> * "A well regulated and disciplined militia, is at all times a good
> * objection to the introduction of that bane of all free governments
> * -- a standing army."
> * -- Gov. John Hancock, New York Journal, 28 January 1790
thanks a lot for all the hints. i'll have a look at noscript.
More information about the freebsd-questions