Opened 8 years ago

Closed 7 years ago

#5930 closed defect (fixed)

HTTPS on certain AWS sites broken

Reported by: cypherpunks Owned by: pde
Priority: Low Milestone:
Component: HTTPS Everywhere/EFF-HTTPS Everywhere Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I came across a problem today where HTTPS Everywhere was preventing access to certain AWS protected content. Instead of getting the download I received an XML document such as the following:

<Error>

<Code>PermanentRedirect</Code>
<Message>The bucket you are attempting to access must be addressed using the specified endpoint. Please send all future requests to this endpoint.</Message>
<RequestId>REDACTED</RequestId>
<Bucket>thewire</Bucket>
<HostId>REDACTED</HostId
<Endpoint>thewire.s3.amazonaws.com</Endpoint>

</Error>

Turning off HTTPS Everywhere support for AWS fixed the problem.

Child Tickets

Change History (3)

comment:1 Changed 8 years ago by pde

I fear this bug is going to unreproducible unless we know what URLs and context produced this error message.

comment:2 Changed 7 years ago by jbboehr

I can show how to reproduce this issue.

Here is the link:
http://devjohn.s3.amazonaws.com/uploads/1/38.thumb.jpg

Which is rewritten to:
https://s3.amazonaws.com/devjohn/uploads/1/38.thumb.jpg

Which should be:
https://devjohn.s3.amazonaws.com/uploads/1/38.thumb.jpg

I wonder if Amazon recently changed this, as I believe this had been working as of a couple months ago (although I may be mistaken).

comment:3 Changed 7 years ago by pde

Resolution: fixed
Status: newclosed

jbboehr's example has been fixed in 3.0, but I'm unsure about the original report regarding thewire.s3.amazonaws.com. Certainly we've had to add exclusions for some specific domains like that:

https://gitweb.torproject.org/https-everywhere.git/blob/HEAD:/src/chrome/content/rules/AmazonAWS.xml

Anyway, I'm closing this for now but if there's a concrete request for us to exclude thewire.s3.amazonaws.com from HTTPS protection, please reopen.

Note: See TracTickets for help on using tickets.