https-everywhere-rules-raw-4.0: vendor/https-everywhere/src/chrome/content/rules/Live.xml
<!--
For other Microsoft coverage, see Microsoft.xml.
Nonfunctional domains:
- explore.live.com (404; mismatched, CN: *.windows.microsoft.com)
- idsignup.live.com (no https)
- security.live.com (no https)
- messenger.services.live.com
- startup.live.com
- msrvideo.vo.msecnd.net (400)
- www.wlmessenger.net
Problematic domains:
- www.hotmail.co.jp *
- www.hotmail.co.uk *
- live.com (no https)
- sc[34].maps.live.com
* Mismatched
Fully covered domains:
- dub*.afx.ms:
- dub002
- dub10[1-9]
- dub11\d
- dub12[0-4]
- a.gfx.ms
- auth.gfx.ms
- (www.)hotmail.co.jp (www → ^)
- (www.)hotmail.co.uk (www → ^)
- hotmail.com
- www.hotmail.com
- gfx[5-8].hotmail.com
- live.com subdomains:
- (www.) (^ → www)
- account
- c
- c-mid
- calendar
- consent
- contacts
- devices
- directory
- \w+.directory:
- people
- domains
- login.domains
- favorites
- g
- groups
- h
- client.hip
- dc[12].client.hip
- hipservice
- home
- hotmail
- sc.imp
- login
- \w+.login
- mail
- *.mail:
- snt\d+
- m
- www
- *.*.mail
- maps subdomains:
- mc1
- sc[12]
- sc[34] (→ sc1.maps)
- messenger
- \w+.gateway.messenger:
- baymsg\d+
- mid
- oauth
- office
- onecare
- people
- photos
- profile
- \w+.profile:
- cid-\w+
- rad
- secure.\w+
- secure.shared
- directory.services
- livecontacts.services
- geo.messenger.services
- signout
- signup
- skydrive
- skygfx
- status
- storage
- \w+.storage:
- blufiles
- byfiles
- dm1files
- \w+.users.storage:
- cid-\w+
- max.sup
- live.net subdomains:
- apis
- df-feeds
- feeds
- js
- l
- \w+.bay.livefilestore.com:
- c
- \w+.vo.msecnd.net:
- az83882.vo.msecnd.net (on windowsazure.com
- az94986.vo.msecnd.net (on so.cl)
- officeimg.vo.msecnd.net
- s1-word-view-15.vo.msecnd.net
- accountservices.passport.net
- www.passportimages.com
- p.sfx.ms
- so.cl
- www.so.cl
- \w+.wlxrs.com:
- js2
- secure
- skydrive
Wildcard cookies:
- *.account.live.com
-->
<ruleset name="Hotmail / Live">
<target host="*.afx.ms" />
<target host="*.gfx.ms" />
<target host="hotmail.co.*" />
<target host="www.hotmail.co.*" />
<!--
Target host is * because Live URLs can contain multiple unpredictable
components, like http://snXXXw.sntXXX.mail.live.com/default.aspx
In the current target host syntax, a wildcard can match only one
hostname element, not two, and only one wildcard per target host
is permitted.
-->
<target host="hotmail.com" />
<target host="*.hotmail.com" />
<target host="live.com" />
<target host="*.live.com" />
<target host="*.live.net" />
<target host="*.bay.livefilestore.com" />
<target host="*.vo.msecnd.net" />
<!--
400:
https://trac.torproject.org/projects/tor/ticket/9026
-->
<exclusion pattern="^http://(?:az307127|az31465|az354189|az373151|az412849|msnchansea|msrvideo)\.vo\.msecnd\.net/" />
<target host="www.passportimages.com" />
<target host="p.sfx.ms" />
<target host="so.cl" />
<target host="www.so.cl" />
<target host="*.wlxrs.com" />
<!-- NB: Are cross-domain cookies needed on unsecurable pages?
<securecookie host="^\.live\.com$" name=".+" /-->
<securecookie host="^\.?(?:account|consent|(?:login\.)?domains|login|mail|messenger|profile|signup)\.live\.com$" name=".+" />
<securecookie host="^people\.directory\.live\.com$" name=".+" />
<securecookie host="^l\.live\.net$" name=".+" />
<rule from="^http://dub(\d+)\.afx\.ms/"
to="https://dub$1.afx.ms/" />
<rule from="^http://a(uth)?\.gfx\.ms/"
to="https://a$1.gfx.ms/" />
<rule from="^https?://live\.com/"
to="https://www.live.com/" />
<!-- Microsoft itself protects the login this way but we can prevent
against SSL stripping.
-->
<rule from="^http://(account|calendar|c|c-mid|consent|contacts|devices|(?:[\w-]+\.)?(?:directory|login|profile)|(?:login\.)?domains|favorites|g|groups|h|(?:dc\d\.)?client\.hip|hipservice|home|hotmail|sc\.imp|mail|(?:mc1|sc[12])\.maps|(?:\w+\.gateway\.)?messenger|mid|oauth|office|onecare|people|photos|rad|secure\.\w+|(?:directory|livecontacts|geo\.messenger)\.services|signout|signup|skydrive|skygfx|status|(?:[\w-]+(?:\.users)?\.)?storage|max\.sup|www)\.live\.com/"
to="https://$1.live.com/" />
<rule from="^https?://sc[34]\.maps\.live\.com/"
to="https://sc1.maps.live.com/" />
<rule from="^http://accountservices\.passport\.net/"
to="https://accountservices.passport.net/" />
<rule from="^https?://(?:www\.)?hotmail\.co\.(jp|uk)/"
to="https://hotmail.co.$1/" />
<!-- Both of these appear to trigger two good things: (1) the user is
prompted to make HTTPS the default; (2) even if the user decides
not to, the remainder of that mail-reading session is automatically
HTTPS-only.
-->
<rule from="^http://(www\.)?hotmail\.com/"
to="https://$1hotmail.com/" />
<rule from="^http://gfx(\d)\.hotmail\.com/"
to="https://gfx$1.hotmail.com/" />
<!-- Example:
http://sn133w.snt133.mail.live.com/default.aspx?wa=wsignin1.0 >>>
https://snt133.mail.live.com/default.aspx?wa=wsignin1.0
-->
<rule from="^http://[^@:/\.]+\.([^@:/\.]+)\.mail\.live\.com/"
to="https://$1.mail.live.com/" />
<rule from="^http://(apis|df-feeds|feeds|js|l)\.live\.net/"
to="https://$1.live.net/" />
<rule from="^http://(\w+)\.bay\.livefilestore\.com/"
to="https://$1.bay.livefilestore.com/" />
<rule from="^http://(\w+)\.vo\.msecnd\.net/"
to="https://$1.vo.msecnd.net/" />
<rule from="^http://www\.passportimages\.com/"
to="https://www.passportimages.com/" />
<rule from="^http://p\.sfx\.ms/"
to="https://p.sfx.ms/" />
<rule from="^http://(www\.)?so\.cl/"
to="https://$1so.cl/" />
<rule from="^http://(\w+)\.wlxrs\.com/"
to="https://$1.wlxrs.com/" />
</ruleset>