Audit default_off rulesets

[cschanaj]

Type: ruleset issue

Domain: *

Similar to #9582, I suspect 168 out of 537 default_off="self-signed" rulesets can be re-activated. I added a date to PRs which haven't been merge after being reviewed for a long time.

Self-signed

• 112cafe.com
• www.aaai.org Re-activate and Rename AAAI.org.xml #9824
• connect.aber.ac.uk Re-activate and Update Aberystwyth-University.xml #10116
• airs.com Rename and Update Airs.com.xml #9815
• all-about-security.de Re-activate and Update All-About-Security.de.xml #11087
• alltop.com Re-activate and Update Alltop.com.xml #9862
• www.anarchistnews.org Update AnarchistNews.xml #9409 (4 Apr 2017)
• ancud.de
• atomicinsights.com Re-activate, Rename and Update Atomic_Insights.com.xml #10194
• av-comparatives.org [AV-Comparatives.org] Update and reactivate ruleset #10407
• badgeville.com
• crosswire.org Re-activate and Update CrossWire.org.xml #9845
• bartleby.com
• store.fileforum.com
• bioinfobank.com Re-activate and Update BioInfoBank.com related rulesets #9853
• bioinfo.pl Re-activate and Update BioInfoBank.com related rulesets #9853
• vz46.brenet.de
• b-link.bucknell.edu Re-activate and Update Bucknell_University.xml #10083
• alumni.buffalostate.edu Re-activate and Update Buffalo_State_College.xml #10121
• cn.calameo.com Re-activate and Update Calameo.com.xml #9869
• channeladvisor.com
• members.chicagotribune.com Re-activate and Update Chicago_Tribune.com.xml #10068
• coinjabber.com [CoinJabber.com] Reactivate ruleset #9872
• allure.com
• couragecampaign.org Rename and Update Courage_Campaign.org.xml #9858
• creativevirtual.com
• darkreading.com Re-activate and Update Dark_Reading.com.xml #9952
• dealzon.com Re-activate and Update DEALZON.com.xml #11086
• dave.org.uk Rename and Update DAVE.org.uk.xml #9907
• denx.de
• devconf.cz Re-activate and Update DevConf.cz.xml #9951
• digitalmars.com
• diygadget.com [Diygadget.com] Reactivate ruleset #10105
• dlisted.com
• drwho.virtadpt.net
• global.duke.edu Re-activate, Rename and Update Duke.edu.xml #10102
• echothrust.com
• egyptindependent.com
• energylivenews.com
• engelschall.com
• esportsea.com
• europe-consommateurs.eu Re-activate and Update europe-consommateurs.eu #9855
• evoliatis.com [Evoliatis.com] Update ruleset and reactivate on mixedcontent platforms #10103
• exiledonline.com
• fdopk.org [fdopk.org] Update and reactivate ruleset #10118
• files.poulsander.com
• g10code.com Rename, Re-activate and Update g10_Code.com.xml #10015
• fotoforensics.com [FotoForensics.com] Update and reactivate ruleset #9954
• downloads.rc.fas.harvard.edu Re-activate and Update Harvard.edu related rulesets #9878
• hiig.de
• how-to-box.com
• huxo.co.uk
• best-pariuri-online.com
• ihub.co.ke
• imgdino.com
• imperialcollegeunion.org Re-activate and Update Imperial-College-London-Union.xml #9870
• gentoo.ussg.indiana.edu Re-activate and Update Indiana.edu.xml #10075
• infile.com
• inphi.com
• ircreviews.org [IRCreviews.org] Reactivate ruleset #9860
• iwmnetwork.com
• jeja.pl
• jguitar.com
• joomlancers.com
• jpgmag.com [JPGmag.com] Update and reactivate ruleset #9873
• kenshoo.com
• blog.kapsobor.de
• blog.bibliothek.kit.edu Re-activate and Update Karlsruhe_Institute_of_Technology.xml #10117
• katzporn.in (NSFW)
• kosimak.com (NSFW)
• krautchan.net krautchan.net has a CA signed certificate now. No need to disable it #6850 (12 Sep 2016)
• linkomanija.net
• mediacru.sh (Deceptive site ahead warning from Google Safe Browsing)
• mediatakeout.com
• megastock.ru
• mercatus.org Re-activate and Update Mercatus-Center.xml #10192
• mersenne.org Re-activate and Update Mersenne.org.xml #9843
• milwaukeemakerspace.org
• mirt.net Re-activate and Update Mirt.net.xml #10230
• misadventureswithandi.com
• mobileenterprise360.com
• movim.eu [Movim.eu] Update and reactivate ruleset #9849
• mpagano.com [Mpagano.com] Update and reactivate ruleset #10104
• msfn.org Re-activate and Update MSFN.org.xml #9854
• piwik.mutantbrains.com
• dev.mutt.org Re-activate and Rename Mutt.org.xml #9844
• netveano.com [Netveano.com] Update, rename and reactivate ruleset #10109
• networkcomputing.com
• northdevontheatres.org.uk Re-activate and Update North_Devon_Theatres.org.uk.xml #10206
• offog.org Re-activate and Update Offog.org.xml #9865
• openwebmail.org Re-activate and Rename Open_WebMail.org.xml #9822
• www.palmcoastdata.com
• patternsinthevoid.net Rename and Update PatternsInTheVoid.net.xml #10014
• pcs.com
• deutsch.peerius.com
• picostocks.com Re-activate and Update BioInfoBank.com related rulesets #9853
• piraten-mfr.de
• fckme.org (NSFW)
• pocketmatrix.com
• praegnanz.de
• premiertaxfree.com
• qupzilla.com [QupZilla.com] Reactivate ruleset #10111
• racjonalista.pl Re-activate and Update Racjonalista.pl.xml #11089
• rage3d.com
• rdot.org Re-activate and Update RDot.org.xml #10195
• informabtl.com Delete ReformaBTL.xml #10207
• resonant.org Audit default_off rulesets #9842 (comment)
• sb-innovation.de
• pentacon.de
• scribus.net [Scribus.net] Remove wildcard and reactivate ruleset #9868
• sebastianwick.net Re-activate and Update Sebastian_Wick.net.xml #11088
• selectricity.org Re-activate and Update Selectricity.xml #9864
• sharethefiles.com [Sharethefiles.com] Reactivate ruleset #9833
• sheppyware.net [SheppyWare.org] Update and reactivate ruleset #10108
• sidux-ev.org [Sidux-ev.org] Reactivate ruleset #10119
• slipfire.com
• smashfly.com
• springfiles.com Re-activate, Rename and Update SpringFiles.com.xml #10204
• www.sraoss.co.jp
• suburban.nl
• susyradio.com
• sweetslyrics.com
• systemed.net [SystemeD.net] Update and reactivate ruleset #10106
• t3blog.com
• talkactive.net
• technoratimedia.com Re-activate, Rename and Update Technorati.com.xml #10203
• tinydl.com [TinyDL.com] Update subdomains and reactivate ruleset on Tor #9874
• tpg.com
• blog.tropo.com Re-activate and Update Tropo.xml #9863
• tv-release.net
• tweegy.nl
• uformia.com Re-activate, Rename and Update Uformia.com.xml #10208
• uglymugs.ie Re-activate and Update Ugly_Mugs.ie.xml #10191
• ucw.cz
• universe2.us
• astro.uchicago.edu Re-activate and Update University-of-Chicago.xml #10077
• fex.rus.uni-stuttgart.de Re-activate and Rename Uni-Stuttgart.de.xml #10100
• seclab.cs.washington.edu Re-activate and Update University-of-Washington.xml #10101
• unvanquished.net
• hpcf.upr.edu Re-activate and Update UPR.edu related rulesets #10054
• upxth.com (NSFW)
• vegasinc.com Re-activate, Rename and Update VegasInc.com.xml #9950
• vehiclevisuals.com
• weburbanist.com
• mytaxandbenefits.wyreforestdc.gov.uk Re-activate and Update wyreforestdc.gov.uk.xml #10084

HSTS

Qualified but not preloaded

• tr0n.net

HSTS Preloaded

• aeon.co Delete Aeon.co.xml #9857, Release 5.2.16 forthcoming #9621 (comment)

HSTS

Strict-Transport-Security: max-age >= 10886400; includeSubDomains

• abma.de Re-activate, Rename and Update abma.de.xml #10019
• anders.com
• axelsimon.net Re-activate and Update Axel_Simon.net.xml #10193
• bel.fi Re-activate, Rename and Update BEL.fi.xml #10196
• docs.cs.cf.ac.uk Re-activate and Update Cardiff-University.xml #10074
• datapipe.cn
• forum.doom9.org Re-activate and Update Doom9.org.xml #9852
• contributors.gettyimages.com
• www.ginac.de Re-activate and Update GiNaC.de.xml #10048
• courtesan.com
• hackerspaces.org Re-activate and Update Hackerspaces.org.xml #10047
• hacklab.to [HackLab.to] Update and reactivate ruleset #10110
• kfwebs.net
• kovidgoyal.net
• merca20.com
• oscommerce.com Re-activate and Update OsCommerce.com.xml #10850
• pearsoncomputing.net
• waste.org Re-activate and Update Waste.org.xml #10055
• tibeti.xfce.org Update XFCE.org.xml #9832
• yabause.org Re-activate and Update Yabause.org.xml #9846

HSTS

Strict-Transport-Security: max-age < 10886400; includeSubDomains

• logilab.org [Logilab.(org|fr)] Update, reactivate and rename rulesets #8986
• gnd-tech.com

local issuser certificates

• accan.org.au
• adxpansion.com
• alias.io
• alliedmedia.org
• charities.org [Charities.org] Update and reactivate ruleset #10088
• anb.com.sa
• atipso.com
• auctionthing.net
• hydra.aufbix.org
• savethekoala.com [SaveTheKoala.com] Update and reactivate ruleset #10237
• secure.avahost.net
• www.avropa.se
• brenet.de
• lung.ca
• canaldigital.dk
• capitolmachine.com
• chipworks.com
• webmail.bln.de.clara.net
• cloudscaling.com
• projects.coin-or.org [COIN-OR.org] Update and reactivate ruleset #10384
• secure.prleap.com
• consumerswin.com
• coolkeywest.com
• cruisersforum.com
• cts-strasbourg.eu
• cvut.cz
• datacell.com
• www.datatilsynet.no
• depfile.com
• desire2learn.com
• dittdistrikt.no
• domaincamp.de
• duracellcloud.com
• global.ebsco-content.com
• e-estonia.com
• equinix.com
• esomar.org
• admin.exmasters.com
• ehostpros.com
• fromorbit.com
• gsn.com
• geoamigo.com
• givingprograms.com
• greatnet.de
• grouplogic.com
• hackerrank.com
• checksconnect.com
• hartvoorinternetvrijheid.nl
• headstrong.de
• www.hgo.se
• ihgmerlin.com
• crcpress.com
• ims-dm.com
• interlan.se
• my.ispsystem.com
• images.jxt.net.au
• www.kabelkiosk.de
• ksh.hu
• laptop.hu
• linguee.com [Linguee.com] Update and reactivate ruleset #10364
• magazinesdirect.com
• services-sj.mediuscorp.com
• meego.com
• mentoringcentral.net
• midnight-commander.org [Midnight-Commander.org] Reactivate ruleset #10239
• gomoxie.com
• mozy.com
• hds.nerc.ac.uk
• naughtydog.com [NaughtyDog.com] Update and reactivate ruleset #10383
• nydailynews.com
• oppo.com Re-activate and Update Oppo.com.xml #10266
• outernet.is
• pacebus.com
• packetwerk.com
• catalog.plsinfo.org
• cdn.assets-phoenix.net
• photonconsulting.com
• pingability.com [Pingability.com] Update and reactivate ruleset #10238
• placeimg.com
• planet-source-code.com [Planet-Source-Code.com] Update and reactivate ruleset #10381
• powerspeaking.com
• reformal.ru
• relate.org.uk
• rfparts.com
• forums.sabnzbd.org
• sandsmedia.com
• sfm-offshore.com
• shoplocal.com
• simplebooklet.com
• siteblindado.com
• socialtheater.com
• techmeme.com Re-activate and Update Techmeme.com.xml #10271
• tehconnection.eu
• tendatta.com
• terragalleria.com [TerraGalleria.com] Update and reactivate ruleset #10380
• terrapass.com [TerraPass.com] Update and reactivate ruleset #10379
• prospect.org
• bookdepository.co.uk Update bookdepository.com related rulesets #10240
• threatmetrix.com Re-activate and Update ThreatMetrix.com.xml #10241
• broadcaster.email-tickets.com
• easyedi.tietoenator.com
• tinychat.com
• tribler.org [Tribler.org] Update and reactivate ruleset #10382
• apol-recruit.ucsd.edu
• ufies.org
• unclineberger.org
• rug.nl
• www.strath.ac.uk
• utk.edu Re-activate and Update University_of_Tennessee_Knoxville.xml #10275
• www.ebenefits.va.gov
• uwinnipeg.ca
• vault.cca.edu Re-activate, Rename and Update CCA.edu.xml #10264
• visionairlines.com
• secure.vispa.net.uk
• vr.se
• moneyandmarkets.com
• winzip.com Merge, disable WinZip.com related rulesets  #10265

[Bisaloo]

#9409

[Bisaloo]

For your script, you should note that sometimes several reasons are listed for default_off. Do you currently catch such rulesets?

For example, WorkWithColor.xml (although it is maybe not the best example as it is still broken but you get the idea).

[cschanaj]

@Bisaloo You are right, the same hold true for #9582. The script I use now only check if default_off="self-signed" is a full-match.

I can make a generic script such that it works when we would like to audit on mismatch, cacert, self-signed etc (maybe tonight).

P.S. If you don't care about the terrible performance, you can do

grep -il 'default_off=\".*self-signed.*\"' *.xml

in the corresponding directory.

[cschanaj]

You can now refer to the newly created script on GIST. (Performance-wise I believe it can be further optimized). To use the script, you need to set the KEYWORD variable, for example

$ export KEYWORD="self-signed"
$ ./audit.sh

P.S. I will update the above list accordingly.

[https-everywhere-bot]

I still don't see the type of issue in your description. Can you edit your issue to add this (perhaps referring to the issue template?)

[https-everywhere-bot]

Thanks! Your edit helped me out. I'll take it from here now.

[J0WI]

Can we close this in favor of smaller issues (e.g. #13290, #13176, #13088)?

[cschanaj]

@J0WI I agree. let's close this in favor of small issues 😄