From owner-freebsd-questions@FreeBSD.ORG Tue Oct 27 02:38:05 2009 Return-Path: Delivered-To: freebsd-questions@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1B194106566B for ; Tue, 27 Oct 2009 02:38:05 +0000 (UTC) (envelope-from Olivier.Nicole@cs.ait.ac.th) Received: from mail.cs.ait.ac.th (mail.cs.ait.ac.th [192.41.170.16]) by mx1.freebsd.org (Postfix) with ESMTP id BB0A28FC15 for ; Tue, 27 Oct 2009 02:38:04 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.cs.ait.ac.th (Postfix) with ESMTP id 0C7183A3898; Tue, 27 Oct 2009 09:38:02 +0700 (ICT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.ait.ac.th; h= references:subject:subject:in-reply-to:from:from:message-id:date :date:received:received:received; s=selector1; t=1256611082; x= 1258425482; bh=a44x9e2ROEr9AF0CaCp3w9y6vizDHoH7Rgkq9eM/m48=; b=i 3zy83/lQAvwIAt2mEJKV1kfZAWFutjXIYVPDKidqWQVwq5LR3ZqJFbivlkRJWPkR HkuHzcO90h5mO1AKVnJahb2kCKi/xfBZFXjOV75cx+I3E2kiGiiG6S12g6Peyeoq xU8mrE9s6GH6lhPHVrdJceNS0GmCK/iowC3DHbm844= X-Virus-Scanned: amavisd-new at cs.ait.ac.th Received: from mail.cs.ait.ac.th ([127.0.0.1]) by localhost (mail.cs.ait.ac.th [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 0MQXABYZcgwE; Tue, 27 Oct 2009 09:38:02 +0700 (ICT) Received: from banyan.cs.ait.ac.th (banyan.cs.ait.ac.th [192.41.170.5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.cs.ait.ac.th (Postfix) with ESMTPS id CA7C03A388D; Tue, 27 Oct 2009 09:38:01 +0700 (ICT) Received: (from on@localhost) by banyan.cs.ait.ac.th (8.14.3/8.14.3/Submit) id n9R2bwQ3037698; Tue, 27 Oct 2009 09:37:58 +0700 (ICT) (envelope-from on) Date: Tue, 27 Oct 2009 09:37:58 +0700 (ICT) Message-Id: <200910270237.n9R2bwQ3037698@banyan.cs.ait.ac.th> From: Olivier Nicole To: alexbestms@math.uni-muenster.de In-reply-to: (message from Alexander Best on Tue, 27 Oct 2009 03:29:13 +0100 (CET)) References: Cc: alexbestms@math.uni-muenster.de, freebsd-questions@FreeBSD.org, steve@ibctech.ca Subject: Re: howto use https in favour of http X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Oct 2009 02:38:05 -0000 Alex, > i'm not using a webserver or anything. i'm just a regular user. the point is: > i often forget to specify https://... for that specific address in apps like > lynx or firefox. that's why the non-ssl version of that site is being loaded. > i'd like freebsd to take care of this so even if the app is trying to access > the non-ssl version it should in fact be redirected to the ssl version by > freebsd. I think it is the responsibility of the person in charge of the server to decide whether non-ssl connections are allowed or not; and to redirect non-ssl connections to ssl ones when needed. That should never be a burden for the client. Now on your client side what you can do is: - set-up a firewall to forbid non-ssl connections to certain web sites: if you try a non-ssl connection, it will be refused; easy enough to set-up, but frustrating when you see that your connection is refused; - set-up a proxy/redirector to change your non-ssl connections to ssl one: certainly an heavier thing to set-up, but would work transparently; Good luck, Olivier