+- The Un-Official Proxomitron Forum (https://www.prxbx.com/forums)
+-- Forum: Proxomitron Filters (/forumdisplay.php?fid=38)
+--- Forum: Others (/forumdisplay.php?fid=11)
+--- Thread: SSL warnings --> images & css (/showthread.php?tid=2071)
SSL warnings --> images & css - ProxRocks - Jan. 02, 2013 06:37 PM
i've noticed recently that some of the "certificate errors" that Proxo pops up from time to time are all 'favicon' .ico files...
(try Huffington Post in Half-SSL mode as an example [not the home page itself, but articles linked from the home page, most of those articles will have a DOZEN {not exaggerating} "favicon" files]... <and each and EVERY ONE OF THEM will pop up a "certificate error"... axe the favicon.ico, whoala, NO CERTIFICATE ERROR
>)here's what i'm currently using to axe any and ALL of those D@MN "favicon" files
(the first one is a header filter, the second two are web page filters...)
Code:
In = FALSE
Out = TRUE
Key = "Cookie: 3 Kill FavIcon Requests (Out) [add]"
URL = "*/favicon.ico"
Replace = "killed FavIcon request\k"
Name = "Block: FavIcon Cookies [add]"
Active = TRUE
URL = "$IHDR(Content-Type: (*(html|xml)*))"
Bounds = "<link\s[^>]++re(l|v)=$AV((shortcut |)icon)[^>]+>"
Limit = 300
Match = "*"
Name = "Block: FavIcon Images [add]"
Active = TRUE
URL = "($TST(hCT=*html)|$TYPE(js))(^$TST(keyword=*.(a_track|a_bug).*))"
Bounds = "<i(mg|nput|mage)\s*>(^\=)"
Limit = 2048
Match = "*(favicon|no-image).ico*"RE: SSL warnings --> images - ProxRocks - Jan. 08, 2013 12:10 PM
here's another...
example site - http://www.ittechware.com/public/screenshots
what it does is since the site is NON-SSL and it tries to load an SSL image (and in turn pops up a certificate error!), it 'converts' the image link to NON-SSL so that we don't get the certificat error...
has to be placed higher up in the config than "<*>: Half-SSL 09.05.03..."
Code:
Name = "Convert SSL-Images on non-SSL Sites"
Active = TRUE
URL = "$TST(hCT=*html)$TST(uProt=http:)"
Bounds = "<i(mg|nput|mage)\s*>(^\=)"
Limit = 2048
Match = "\1src=('|")\2https:\3(gif|png|jpg|jpeg|jpe|bmp|xbm|ico)\4('|")\5\6"
Replace = "\1src=\2http:\3\4\5\6"edit: ps - theoretically, this MAY produce "red X" images...
i have not seen any yet, but theory aside, i myself would rather have a 'silent' "red X" than an "in your face" certificate error
RE: SSL warnings --> images - Oddysey - Jan. 09, 2013 01:07 AM
ProxRocks;
Thanks for the tips!
In another direction of hunting down certificate errors, I see much more often than otherwise that the culprit wants to point to FaceBook, Twitter, Google+, and other ill-conceived notions whose sole intent is to circumvent one's privacy. To that end, the afflicted cert isn't necessarily a favicon, it's just as easily a web-bug that is being used to first determine if you are already connected to the site in question.
I found that simply scorching the earth with a total ban on such sites was somehow ineffective, even at the header level. I finally resorted to entering the BS sites into my router's BlackList table, and that finally cured 90% or more of my frustrations.
The status bar might hold one or more "Finished, but with errors" messages, but the screen remains 'user friendly'. 
FWIW.
Oddysey
RE: SSL warnings --> images & css - ProxRocks - Jan. 25, 2013 02:31 PM
no joke there, the vast majority of the cert-errors i've ran in to all come from "fbstatic-a.akamaihd.net/" (ie, FACEBOOK)...
i've changed my cert-error-preventer filters to add two schemes:
1) if a .CSS is trying to come in as SSL, i convert it to non-SSL...
2) prevent .CSS from loading images via SSL...
those two added to the previous two:
1) block FavIcon POS...
2) convert SSL images on non-SSL sites (no longer by file extension though)...
Code:
Name = "Block: FavIcon Images [add]"
Active = TRUE
URL = "($TST(hCT=*html)|$TYPE(js))(^$TST(keyword=*.(a_track|a_bug).*))"
Bounds = "<i(mg|nput|mage)\s*>(^\=)"
Limit = 2048
Match = "*(favicon|no-image).ico*"
Name = "Convert SSL CSS to non-SSL CSS"
Active = TRUE
URL = "$TST(hCT=*html)"
Bounds = "<link rel="stylesheet"*>"
Limit = 2048
Match = "\1href=('|")\2https:\3.css('|")\4\5"
Replace = "\1href=\2http:\3.css\4\5"
Name = "Convert SSL Images on non-SSL Sites"
Active = TRUE
URL = "$TST(hCT=*html)$TST(uProt=http:)"
Bounds = "<i(mg|nput|mage)\s*>(^\=)"
Limit = 2048
Match = "\1src=('|")\2https:\3('|")\4\5"
Replace = "\1src=\2http:\3\4\5"
Name = "Convert SSL Images inside non-SSL CSS"
Active = TRUE
URL = "$TYPE(css)$TST(uProt=http:)"
Limit = 2048
Match = "url\(https:\/\/\1(gif|png|jpg|jpeg|jpe|bmp|xbm|ico)\2\3\)"
Replace = "url(http://\1\2\3)"RE: SSL warnings --> images & css - ProxRocks - Jan. 30, 2013 01:34 PM
i have replaced the "Convert SSL Images on non-SSL Sites" filter with the following two "togglers":
Code:
Name = "Block & Fetch: Third Party Images (convert if SSL) - Linked {PFR 13.01.30}"
Active = TRUE
URL = "($TYPE(htm)|$TYPE(js))(^$TST(keyword=*.a_tpi.*))"
Bounds = "<a\s*</a>"
Limit = 1024
Match = "<a[^>]++\shref=$AV(http(s$SET(9=https-px-.)|)://\1)\2> & *href="(*//|)([^('|")]+{1,30})\3*"
"<i(mg|nput)[^>]++\s(src*|)src=$AV((http(s$SET(8=ssl)|)://((^([^/]++.|)$TST(uDom)|local.ptron)*)\7)\4)\5>\6"
"$TST(($GET(pIimg)+)=$LST(Count)|*)$SET(pIimg=$GET(i))$SET(tIimg=)"
Replace = "<span class=ProxI_$DTM(c)_$GET(pIimg) ProxToggle style=display:inline>"
"<a class=Pr0xToggle Pr0xTogO-A"
" href="javascript:prxO.oInt.inToggleB('ProxI_$DTM(c)_$GET(pIimg)','cl','span');"
"var prxIimg;prxIimg=document.getElementById('proxII_$DTM(c)_$GET(pIimg)');"
"prxIimg.src=prxIimg.longDesc;"
"void(prxIimg.style.display='inline');""
" target=_self> F </a>"
"<a class=Pr0xToggle Pr0xTogO-A href=http://\7\5 target=_top> I\8 </a>"
"<a class=Pr0xToggle Pr0xTogO-A href=http://\9\1\2 target=_top> L </a>"
"</span>"
"<a href=http://\9\1\2><img id="proxII_$DTM(c)_$GET(pIimg)" style="display:none;" src="about:blank" longdesc=http://\7\5>\6"
Name = "Block & Fetch: Third Party Images (convert if SSL) - Not Linked {PFR 13.01.30}"
Active = TRUE
URL = "($TYPE(htm)|$TYPE(js))(^$TST(keyword=*.a_tpi.*))"
Bounds = "<img\s*>|<input\s*>"
Limit = 1024
Match = "(<(img|input))\1*src=($AV((^http(s$SET(8=ssl)|)://(([^/]++.|)$TST(uDom)|local.ptron)*)(\4//\5)\2)\6)\3>"
"$TST(($GET(pIimg)+)=$LST(Count)|*)$SET(pIimg=$GET(i))$SET(tIimg=)"
Replace = "<span class=ProxI_$DTM(c)_$GET(pIimg) ProxToggle style=display:inline>"
"<a class=Pr0xToggle Pr0xTogO-A"
" href="javascript:prxO.oInt.inToggleB('ProxI_$DTM(c)_$GET(pIimg)','cl','span');"
"var prxIimg;prxIimg=document.getElementById('proxII_$DTM(c)_$GET(pIimg)');"
"prxIimg.src=prxIimg.longDesc;"
"void(prxIimg.style.display='inline');""
" target=_self> F </a>"
"<a class=Pr0xToggle Pr0xTogO-A href=http://\5 target=_top> I\8 </a>"
"</span>"
"\1 id="proxII_$DTM(c)_$GET(pIimg)" style="display:none;" src="about:blank" longdesc=http://\5\6>"RE: SSL warnings --> images & css - ProxRocks - Jan. 30, 2013 04:02 PM
a quick update, the "not linked" was catching too much (like onmouseover on-site images)...
i'm also now intentionally "breaking" 'input forms' that hide behind an off-site image:
Code:
Name = "Block & Fetch: 3rd Party Images (convert SSL, break input) - Not Linked {PFR 13.01.30}"
Active = TRUE
URL = "($TYPE(htm)|$TYPE(js))(^$TST(keyword=*.a_tpi.*))"
Bounds = "<img\s*>|<input\s*>"
Limit = 1024
Match = "(<(img|input))\1*src=(^\\)($AV((^http(s$SET(8=ssl)|)://(([^/]++.|)$TST(uDom)|local.ptron)*)(\4//\5)\2)\6)\3>"
"$TST(($GET(pIimg)+)=$LST(Count)|*)$SET(pIimg=$GET(i))$SET(tIimg=)"
Replace = "<span class=ProxI_$DTM(c)_$GET(pIimg) ProxToggle style=display:inline>"
"<a class=Pr0xToggle Pr0xTogO-A"
" href="javascript:prxO.oInt.inToggleB('ProxI_$DTM(c)_$GET(pIimg)','cl','span');"
"var prxIimg;prxIimg=document.getElementById('proxII_$DTM(c)_$GET(pIimg)');"
"prxIimg.src=prxIimg.longDesc;"
"void(prxIimg.style.display='inline');""
" target=_self> F </a>"
"<a class=Pr0xToggle Pr0xTogO-A href=http://\5 target=_top> I\8 </a>"
"</span>"
"<img id="proxII_$DTM(c)_$GET(pIimg)" style="display:none;" src="about:blank" longdesc=http://\5\6>"RE: SSL warnings --> images & css - ProxRocks - Jan. 30, 2013 09:31 PM
one more quick update, a few .png's in particular did not want to 'toggle' without a single-quote around the href and longdesc (only the "not linked" changed, but since i changed their "titles", i'm putting both here so that i can keep track of just what i posted and did not post, so to speak):
Code:
Name = "Block & Fetch: 3rd Party Images (convert SSL) - Linked [add]"
Active = TRUE
URL = "($TYPE(htm)|$TYPE(js))(^$TST(keyword=*.a_tpi.*))"
Bounds = "<a\s*</a>"
Limit = 1024
Match = "<a[^>]++\shref=$AV(http(s$SET(9=https-px-.)|)://\1)\2> & *href="(*//|)([^('|")]+{1,30})\3*"
"<i(mg|nput)[^>]++\s(src*|)src=$AV((http(s$SET(8=ssl)|)://((^([^/]++.|)$TST(uDom)|local.ptron)*)\7)\4)\5>\6"
"$TST(($GET(pIimg)+)=$LST(Count)|*)$SET(pIimg=$GET(i))$SET(tIimg=)"
Replace = "<span class=ProxI_$DTM(c)_$GET(pIimg) ProxToggle style=display:inline>"
"<a class=Pr0xToggle Pr0xTogO-A"
" href="javascript:prxO.oInt.inToggleB('ProxI_$DTM(c)_$GET(pIimg)','cl','span');"
"var prxIimg;prxIimg=document.getElementById('proxII_$DTM(c)_$GET(pIimg)');"
"prxIimg.src=prxIimg.longDesc;"
"void(prxIimg.style.display='inline');""
" target=_self> F </a>"
"<a class=Pr0xToggle Pr0xTogO-A href=http://\7\5 target=_top> I\8 </a>"
"<a class=Pr0xToggle Pr0xTogO-A href=http://\9\1\2 target=_top> L </a>"
"</span>"
"<a href=http://\9\1\2><img id="proxII_$DTM(c)_$GET(pIimg)" style="display:none;" src="about:blank" longdesc=http://\7\5>\6"
Name = "Block & Fetch: 3rd Party Images (convert SSL, break input) - Not Linked [add]"
Active = TRUE
URL = "($TYPE(htm)|$TYPE(js))(^$TST(keyword=*.a_tpi.*))"
Bounds = "<img\s*>|<input\s*>"
Limit = 1024
Match = "(<(img|input))\1*src=(^\\)($AV((^http(s$SET(8=ssl)|)://(([^/]++.|)$TST(uDom)|local.ptron)*)(\4//\5)\2)\6)\3>"
"$TST(($GET(pIimg)+)=$LST(Count)|*)$SET(pIimg=$GET(i))$SET(tIimg=)"
Replace = "<span class=ProxI_$DTM(c)_$GET(pIimg) ProxToggle style=display:inline>"
"<a class=Pr0xToggle Pr0xTogO-A"
" href="javascript:prxO.oInt.inToggleB('ProxI_$DTM(c)_$GET(pIimg)','cl','span');"
"var prxIimg;prxIimg=document.getElementById('proxII_$DTM(c)_$GET(pIimg)');"
"prxIimg.src=prxIimg.longDesc;"
"void(prxIimg.style.display='inline');""
" target=_self> F </a>"
"<a class=Pr0xToggle Pr0xTogO-A href='http://\5' target=_top> I\8 </a>"
"</span>"
"<img id="proxII_$DTM(c)_$GET(pIimg)" style="display:none;" src="about:blank" longdesc='http://\5'\6>"RE: SSL warnings --> images & css - ProxRocks - Jan. 30, 2013 09:57 PM
the irony is that i used to block any-and-all "off-site" content...
i loosened the reigns over the years only for it to bite me in the butt - dang near ALL cert-warning POS's that i get while in half-ssl mode are due to OFF-SITE CONTENT...
RE: SSL warnings --> images & css - chatterer - Feb. 03, 2013 11:38 AM
Hi,
where is the best place in sidki's config?
I think, this is is a good update for ProxBlox-v1.0.0.1 and it needs a black- and white list.
thanks,
chatterer
RE: SSL warnings --> images & css - ProxRocks - Feb. 04, 2013 11:33 AM
i place all five of them at the bottom of the "||| Anti-Tracking" section...
ie, the section with the "Remove: Image Trackers", "Remove: Webbugs", and "Remove: Webbugs & Trackers"...
i "whitelist" via the "(^$TST(keyword=*.a_tpi.*)" ["allow third party images"]...
like javascript CRAP in general, i prefer to error on the side of CAUTION and to NEVER allow them by "default", to BLOCK them and ONLY allow "white-listed" javascript...
why ALLOW them by default and only block them *AFTER* you find out a given site is "malicious", AFTER any "damage" is done?
yes, BLOCKING java-crap and off-site images will "break" pages, SO WHAT, *ANY-AND-ALL "MALICIOUS" ACTIVITY IS STOPPED DEAD IN THEIR TRACKS*