howto use https in favour of http

Alexander Best alexbestms at
Wed Oct 28 20:44:06 UTC 2009

Scott Bennett schrieb am 2009-10-27:
>      On Mon, 26 Oct 2009 23:40:48 -0400 Michael Powell
>      <nightrecon at>
> wrote:
> >Steve Bertrand wrote:

> >> Alexander Best wrote:
> >>> Olivier Nicole schrieb am 2009-10-27:
> >>>> Hi,

> >>>>> i've added the following line to my /etc/hosts:

> >>>>>

> >>>>> so what i want is for freebsd to never use http, but https for
> >>>>> that
> >>>>> address.
> >>>>> unfortunately hosts doesn't seem to support this syntax.

> >[snip]

> >>> i'm not using a webserver or anything. i'm just a regular user.
> >>> the point
> >>> is: i often forget to specify https://... for that specific
> >>> address in
> >>> apps like lynx or firefox. that's why the non-ssl version of that
> >>> site is
> >>> being loaded. i'd like freebsd to take care of this so even if
> >>> the app is
> >>> trying to access the non-ssl version it should in fact be
> >>> redirected to
> >>> the ssl version by freebsd.

> >> I thought that this is what you were originally after.

> >> FreeBSD, in itself, can't do this... much like Mac OS or Windows
> >> can't
> >> do this.

> >> Most applications such as Firefox can't even do this (inherently).

> >> If you are trying to enforce this as a personal/company policy,
> >> you will
> >> need to write a 'wrapper' around your application (lynx/firefox)
> >> to do
> >> this.

> >> Note that your example was :25->:443, which implied SMTP over
> >> SSL...

> >> Nonetheless, FreeBSD can't make these decisions inherently
> >> (thankfully).

> >> Steve

> >I think the OP does not have a clear grasp on how the various
> >protocols
> >operate. Evidenced by confusing http with mail services. Yes, I know
> >there
> >is 'web mail', but even web based mail is still a web server.

> >It is up to the server operator to configure the services on the
> >server end
> >of things. Whether its SMTP with SSL/TLS, HTTP/HTTPS, pop3 or imap
> >with SSL,
> >etc., all of these things are made to work at the server end. True
> >enough a
> >client may need to be configured to talk on port 995 for pop3/SSL or
> >port
> >993 for IMAP/SSL but for the web a client shouldn't need to do
> >anything.

> >The web server operator configures which locations in his URI space
> >should
> >be served up on port 443, and the client's browser should
> >automatically
> >switch to HTTPS based upon this. The OP doesn't seem to understand
> >that he
> >doesn't need to make this happen on his end, at least as far as
> >goes.

>      All of this is true, but it is also true that many web sites
>      offer part
> or all of their content pages by both protocols, which allows a
> client to
> fetch such pages by his/her choice of protocol.  For such sites, it
> can be
> quite helpful to have a way to tell the browser to prefer, or even
> require,
> one or the other.

> >If he is actually trying to configure a mail client to talk TLS or
> >SSL to an
> >SMTP server, then he needs to tell the email client software this.
> >E.g.,
> >"This connection requires encryption" and whether it is SSL or TLS.
> >Mail
> >servers on port 25 do not use HTTP or HTTPS, but rather SMTP.

> >So it seems as if he is just very confused.

>      Definitely the case.  However, this list is intended to provide
>      help
> to users at all levels of experience and understanding.
>      What has been overlooked in all of the above discussion is that
>      there
> *is* some help available for the OP.  A plug-in is available for
> Firefox
> that should *always* be installed ASAP after Firefox has been
> installed
> unless you don't give a rat's ass about browser security.  The
> plug-in is
> called "NoScript".  (Other highly recommended Firefox security
> plug-ins
> include QuickJava, SafeCache, Torbutton, Better Privacy, etc.)
>      Directions for the OP:  after installing NoScript and restarting
> Firefox, bring up the NoScript Options panel.  You can do this either
> by
> clicking on "Tools" in the Firefox menu bar at the top of the window
> and
> then on "Add-ons" or "Plug-ins" or some such, depending upon the
> Firefox
> version.  This will bring up a panel listing all installed plug-ins.
> Find
> the entry for NoScript, click on the entry (not a button, though) to
> select
> it, then click on its "Preferences" button.  Two alternative methods
> of
> getting to the same NoScript Options panel depend upon what you see
> at the
> bottom of the main Firefox window.  If you see a bar inside the
> window at
> the bottom that says something about scripts with an "Options..."
> button
> at the right, clock on the "Options" button and then on the
> "Options..."
> line at the top of the resulting menu.  The other alternative method
> is
> available when there is a capital letter "S" in a circle in the
> bottom
> Firefox status bar.  Right-click on this "S", which may have a slash
> through
> it or other decorations, to get a slightly differently ordered menu.
> Click
> on the "Options..." line of this menu to get the NoScript Options
> panel.
>      Once the NoScript Options panel is visible, click on the
>      "Advanced" tab
> at the righthand end of the sequence of tabs.  This will display some
> "subtabs" below the main tabs.  Click again on the righthandmost tab,
> which
> says, "HTTPS".  A third line of tabs should appear, containing just
> two tabs:
> "Behavior" and "Cookies".  The "Behavior" tab is the one you want.
> You
> should be able to figure out what to do from there, but basically you
> can
> identify a site by host+domainname (e.g., into the
> upper
> or lower box, depending upon whether you wish to force connections to
> use
> HTTPS or instead to force connections *not* to use HTTPS.  You may
> also
> specify an entire domain (e.g., *
>      Note, however, that you can tell the browser which protocol to
>      use
> to request a page, but if the server does not offer service by that
> protocol
> you will get only an error page, as was implied by Michael Powell's
> remarks
> quoted above.

>                                   Scott Bennett, Comm. ASMELG, CFIAG
> **********************************************************************
> * Internet:       bennett at
>   *
> *--------------------------------------------------------------------*
> * "A well regulated and disciplined militia, is at all times a good
>   *
> * objection to the introduction of that bane of all free governments
>   *
> * -- a standing army."
>   *
> *    -- Gov. John Hancock, New York Journal, 28 January 1790
>   *
> **********************************************************************

thanks a lot for all the hints. i'll have a look at noscript.


More information about the freebsd-questions mailing list