|
1 | | - |
2 | 1 | <!-- |
3 | | -Disabled by https-everywhere-checker because: |
4 | | -Fetch error: http://club.lego.com/en-us/join/magazinesubscription => https://club.lego.com/en-us/join/magazinesubscription: (51, "SSL: no alternative certificate subject name matches target host name 'club.lego.com'") |
5 | | -Fetch error: http://27d.deviantart.net/ => https://27d.deviantart.net/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure') |
6 | | -Fetch error: http://aboutus.lego.com/ => https://aboutus.lego.com/: (51, "SSL: no alternative certificate subject name matches target host name 'aboutus.lego.com'") |
7 | | -Fetch error: http://assets.lego.com/ => https://assets.lego.com/: (51, "SSL: no alternative certificate subject name matches target host name 'assets.lego.com'") |
8 | | -Fetch error: http://rebrick.lego.com/ => https://rebrick.lego.com/: (51, "SSL: no alternative certificate subject name matches target host name 'rebrick.lego.com'") |
9 | | -
|
10 | | - CDN buckets: |
11 | | -
|
12 | | - lego.112.2o7.net/b/ss/legoglobal/ |
13 | | - - lego.reviews.bazaarvoice.com |
14 | | - - cache.lego.com.edgesuite.net |
15 | | -
|
16 | | -
|
17 | | - Nonfunctional subdomains: |
18 | | -
|
19 | | - - cs * |
20 | | - - service ** |
21 | | - - services ** |
22 | | - - cs.us * |
23 | | - - www * ³ |
24 | | -
|
25 | | - * 404, mismatched |
26 | | - ** At least some pages redirect to http |
27 | | - ³ Not all paths work when rewritten to wwwsecure |
28 | | -
|
29 | | -
|
30 | | - Problematic subdomains: |
31 | | -
|
32 | | - - cache Akamai |
33 | | - - en-us.kb (mismatched, CN: *.parature.com) |
34 | | - - reviews Akamai |
35 | | -
|
36 | | -
|
37 | | - Partially covered subdomains: |
38 | | -
|
39 | | - - club * |
40 | | - - education * |
41 | | - - shop * |
42 | | -
|
43 | | - * Some (most?) pages redirect to http |
44 | | -
|
45 | | -
|
46 | | - Insecure cookies are set for these domains: |
47 | | -
|
48 | | - - .lego.com |
49 | | -
|
| 2 | + Nonfunctional hosts in *.lego.com: |
| 3 | + - aboutus.lego.com (m) |
| 4 | + - assets.lego.com (m) |
| 5 | + - cache.lego.com (m) |
| 6 | + - club.lego.com (m) |
| 7 | + - community.lego.com (m) |
| 8 | + - factory.lego.com (m) |
| 9 | + - ldd.lego.com (m) |
| 10 | + - learninginstitute.lego.com (m) |
| 11 | + - rebrick.lego.com (m) |
| 12 | + - reviews.lego.com (m) |
| 13 | + - thehobbit.lego.com (m) |
| 14 | + - service.lego.com (404) |
| 15 | + - ldd.us.lego.com (m) |
| 16 | + - thelordoftherings.us.lego.com (m) |
| 17 | +
|
| 18 | + h: http redirect |
| 19 | + m: certificate mismatch |
| 20 | + r: connection refused |
| 21 | + s: self-signed certificate |
| 22 | + t: timeout on https |
| 23 | +
|
| 24 | + legocdn.com has a wildcard DNS record. |
50 | 25 | --> |
51 | | -<ruleset name="LEGO.com (partial)" default_off='failed ruleset test'> |
| 26 | +<ruleset name="LEGO.com (partial)"> |
52 | 27 |
|
53 | | - <!-- Direct rewrites: |
54 | | - --> |
55 | 28 | <target host="lego.com" /> |
56 | | - <target host="aboutus.lego.com" /> |
| 29 | + <target host="www.lego.com" /> |
57 | 30 | <target host="account.lego.com" /> |
58 | 31 | <target host="services.account.lego.com" /> |
59 | 32 | <target host="account2.lego.com" /> |
60 | | - <target host="assets.lego.com" /> |
61 | | - <target host="club.lego.com" /> |
62 | | - <target host="services.community.lego.com" /> |
| 33 | + <target host="catalogs.lego.com" /> |
| 34 | + <target host="citystudio.lego.com" /> |
63 | 35 | <target host="education.lego.com" /> |
64 | 36 | <target host="shop.education.lego.com" /> |
| 37 | + <target host="ideas.lego.com" /> |
| 38 | + <target host="jobsearch.lego.com" /> |
| 39 | + <!-- 403 --> |
| 40 | + <exclusion pattern="^http://jobsearch\.lego\.com/$" /> |
| 41 | + <test url="http://jobsearch.lego.com/sap/bc/webdynpro/sap/" /> |
| 42 | + <target host="lan.lego.com" /> |
65 | 43 | <target host="moderation.lego.com" /> |
66 | | - <target host="rebrick.lego.com" /> |
| 44 | + <target host="ninjagochallenge.lego.com" /> |
| 45 | + <target host="savethecity.lego.com" /> |
| 46 | + <target host="services.lego.com" /> |
67 | 47 | <target host="shop.lego.com" /> |
| 48 | + <target host="www.us.lego.com" /> |
| 49 | + <target host="wwwsecure.us.lego.com" /> |
| 50 | + <target host="usaevents.lego.com" /> |
| 51 | + <target host="worldofcreativity.lego.com" /> |
68 | 52 | <target host="wwwsecure.lego.com" /> |
69 | 53 |
|
70 | | - <!-- Complications: |
71 | | - --> |
72 | | - <!--target host="www.lego.com" /--> |
73 | | - |
74 | | - <exclusion pattern="^http://club\.lego\.com/(?!en-us/join/magazinesubscription)" /> |
75 | | - |
76 | | - <!-- +ve: |
77 | | - --> |
78 | | - <test url="http://club.lego.com/de-de/" /> |
79 | | - |
80 | | - <!-- -ve: |
81 | | - --> |
82 | | - <test url="http://club.lego.com/en-us/join/magazinesubscription" /> |
83 | | - |
84 | | - <exclusion pattern="^http://education\.lego\.com/(?!\w\w-\w\w/[\w-]+/|Design/|WebResource\.axd)" /> |
85 | | - |
86 | | - <!-- +ve: |
87 | | - --> |
88 | | - <test url="http://education.lego.com/downloads/" /> |
89 | | - <test url="http://education.lego.com/ja-jp" /> |
90 | | - <test url="http://education.lego.com/ko-kr" /> |
91 | | - <test url="http://education.lego.com/zh-cn" /> |
92 | | - |
93 | | - <!-- -ve: |
94 | | - --> |
95 | | - <test url="http://education.lego.com/ko-kr/products/" /> |
96 | | - |
97 | | - <exclusion pattern="^http://shop.lego.com/(?!VIP/modal/vipLearnMoreModal\.jsp)" /> |
98 | | - |
99 | | - <!-- +ve: |
100 | | - --> |
101 | | - <test url="http://shop.lego.com/VIP" /> |
102 | | - |
103 | | - <!-- -ve: |
104 | | - --> |
105 | | - <test url="http://shop.lego.com/VIP/modal/vipLearnMoreModal.jsp" /> |
106 | | - |
107 | | - <!-- Breakage is more extensive than this: |
108 | | - https://github.com/EFForg/https-everywhere/issues/2858 |
109 | | -
|
110 | | - So default-inclusion of www → wwwsecure is disabled in favor of |
111 | | - including what we know to work as we find it. |
112 | | -
|
113 | | - Exclusions and tests are left as commentary and for future use. |
114 | | -
|
115 | | - 404: |
116 | | - --> |
117 | | - <!--exclusion pattern="^http://www\.lego\.com/(?:\w\w-\w\w/bionicle|friends)(?:$|[?/])" /--> |
118 | | - |
119 | | - <!-- +ve: |
120 | | - --> |
121 | | - <!--test url="http://www.lego.com/en-us/bionicle" /--> |
122 | | - <!--test url="http://www.lego.com/en-us/bionicle/" /--> |
123 | | - <!--test url="http://www.lego.com/en-us/bionicle/?domainredir=" /--> |
124 | | - <!--test url="http://www.lego.com/en-us/bionicle/?domainredir=www.bionicle.com" /--> |
125 | | - <!--test url="http://www.lego.com/en-us/friends" /--> |
126 | | - |
127 | | - |
128 | | - <!-- Not secured by server: |
129 | | - --> |
130 | | - <!--securecookie host="^\.lego\.com$" name="^XLB$" /--> |
131 | | - |
132 | | - <securecookie host="^(?:aboutus|account2?|services\.account|assets|rebrick)\.lego\.com$" name=".+" /> |
133 | | - |
134 | | - |
135 | | - <!--rule from="^http://www\.lego\.com/" |
136 | | - to="https://wwwsecure.lego.com/" /--> |
| 54 | + <target host="lc-www-live-s.legocdn.com" /> |
| 55 | + <test url="http://lc-www-live-s.legocdn.com/r/www/r/globalnavigationservices/content/images/lego-logo-menu.svg" /> |
137 | 56 |
|
138 | | - <test url="http://27d.deviantart.net/" /> |
| 57 | + <securecookie host=".+" name=".+" /> |
139 | 58 |
|
140 | 59 | <rule from="^http:" |
141 | 60 | to="https:" /> |
|
0 commit comments