searxng/searx/plugins/https_rules/GoogleServices.xml

<!--
	Other Google rulesets:

		- 2mdn.net.xml
		- Admeld.xml
		- ChannelIntelligence.com.xml
		- Doubleclick.net.xml
		- FeedBurner.xml
		- Google.org.xml
		- GoogleAPIs.xml
		- Google_App_Engine.xml
		- GoogleImages.xml
		- GoogleShopping.xml
		- Ingress.xml
		- Meebo.xml
		- Orkut.xml
		- Postini.xml
		- WebM_Project.org.xml


	Nonfunctional domains:

		- feedproxy.google.com			(404, valid cert)
		- partnerpage.google.com *
		- safebrowsing.clients.google.com	(404, mismatched)
		- (www.)googlesyndicatedsearch.com	(404; mismatched, CN: google.com)
		- buttons.googlesyndication.com *

	* 404, valid cert


	Nonfunctional google.com paths:

		- analytics	(redirects to http)
		- imgres
		- gadgets *
		- hangouts	(404)
		- u/		(404)

	* Redirects to http


	Problematic domains:

		- www.goo.gl		(404; mismatched, CN: *.google.com)

		- google.com subdomains:

			- books		(googlebooks/, images/, & intl/ 404, but works when rewritten to www)
			- cbks0 ****
			- earth *
			- gg		($ 404s)
			- knoll *
			- scholar **
			- trends *

		- news.google.cctld **
		- scholar.google.cctld **
		- *-opensocial.googleusercontent.com ***

	**** $ 404s
	* 404, valid cert
	** Redirects to http, valid cert
	*** Breaks followers widget - https://trac.torproject.org/projects/tor/ticket/7294


	Partially covered domains:

		- google.cctld subdomains:

			- scholar	(→ www)

		- google.com subdomains:

			- (www.)
			- cbks0		($ 404s)
			- gg		($ 404s)
			- news		(→ www)
			- scholar	(→ www)

		- *.googleusercontent.com	(*-opensocial excluded)


	Fully covered domains:

		- lh[3-6].ggpht.com
		- (www.)goo.gl		(www → ^)

		- google.com subdomains:

			- accounts
			- adwords
			- apis
			- appengine
			- books		(→ encrypted)
			- calendar
			- checkout
			- chrome
			- clients[12]
			- code
			- *.corp
			- developers
			- dl
			- docs
			- docs\d
			- \d.docs
			- drive
			- earth		(→ www)
			- encrypted
			- encrypted-tbn[123]
			- feedburner
			- fiber
			- finance
			- glass
			- groups
			- health
			- helpouts
			- history
			- hostedtalkgadget
			- id
			- investor
			- knol
			- knoll		(→ knol)
			- lh\d
			- mail
			- chatenabled.mail
			- pack
			- picasaweb
			- pki
			- play
			- plus
			- plusone
			- productforums
			- profiles
			- safebrowsing-cache
			- cert-test.sandbox
			- plus.sandbox
			- sb-ssl
			- script
			- security
			- services
			- servicessites
			- sites
			- spreadsheets
			- spreadsheets\d
			- support
			- talk
			- talkgadget
			- tbn2			(→ encrypted-tbn2)
			- tools
			- trends		(→ www)

		- partner.googleadservices.com
		- (www.)googlecode.com
		- *.googlecode.com	(per-project subdomains)
		- googlesource.com
		- *.googlesource.com
		- pagead2.googlesyndication.com
		- tpc.googlesyndication.com
		- mail-attachment.googleusercontent.com
		- webcache.googleusercontent.com


	XXX: Needs more testing

-->
<ruleset name="Google Services">

	<target host="*.ggpht.com" />
	<target host="gmail.com" />
	<target host="www.gmail.com" />
	<target host="goo.gl" />
	<target host="www.goo.gl" />
	<target host="google.*" />
	<target host="accounts.google.*" />
	<target host="adwords.google.*" />
	<target host="finance.google.*" />
	<target host="groups.google.*" />
	<target host="it.google.*" />
	<target host="news.google.*" />
		<exclusion pattern="^http://(?:news\.)?google\.com/(?:archivesearch|newspapers)" />
	<target host="picasaweb.google.*" />
	<target host="scholar.google.*" />
	<target host="www.google.*" />
	<target host="*.google.ca" />
	<target host="google.co.*" />
	<target host="accounts.google.co.*" />
	<target host="adwords.google.co.*" />
	<target host="finance.google.co.*" />
	<target host="groups.google.co.*" />
	<target host="id.google.co.*" />
	<target host="news.google.co.*" />
	<target host="picasaweb.google.co.*" />
	<target host="scholar.google.co.*" />
	<target host="www.google.co.*" />
	<target host="google.com" />
	<target host="*.google.com" />
		<exclusion pattern="^http://(?:www\.)?google\.com/analytics/*(?:/[^/]+)?(?:\?.*)?$" />
		<!--exclusion pattern="^http://books\.google\.com/(?!books/(\w+\.js|css/|javascript/)|favicon\.ico|googlebooks/|images/|intl/)" /-->
		<exclusion pattern="^http://cbks0\.google\.com/(?:$|\?)" />
		<exclusion pattern="^http://gg\.google\.com/(?!csi(?:$|\?))" />
	<target host="google.com.*" />
	<target host="accounts.google.com.*" />
	<target host="adwords.google.com.*" />
	<target host="groups.google.com.*" />
	<target host="id.google.com.*" />
	<target host="news.google.com.*" />
	<target host="picasaweb.google.com.*" />
	<target host="scholar.google.com.*" />
	<target host="www.google.com.*" />
	<target host="partner.googleadservices.com" />
	<target host="googlecode.com" />
	<target host="*.googlecode.com" />
	<target host="googlemail.com" />
	<target host="www.googlemail.com" />
	<target host="googlesource.com" />
	<target host="*.googlesource.com" />
	<target host="*.googlesyndication.com" />
	<target host="www.googletagservices.com" />
	<target host="googleusercontent.com" />
	<target host="*.googleusercontent.com" />
		<!--
			Necessary for the Followers widget:

				 https://trac.torproject.org/projects/tor/ticket/7294
											-->
		<exclusion pattern="http://[^@:\./]+-opensocial\.googleusercontent\.com" />


	<!--	Can we secure any of these wildcard cookies safely?
									-->
	<!--securecookie host="^\.google\.com$" name="^(hl|I4SUserLocale|NID|PREF|S)$" /-->
	<!--securecookie host="^\.google\.[\w.]{2,6}$" name="^(hl|I4SUserLocale|NID|PREF|S|S_awfe)$" /-->
	<securecookie host="^(?:accounts|adwords|\.code|login\.corp|developers|docs|\d\.docs|fiber|mail|picasaweb|plus|\.?productforums|support)\.google\.[\w.]{2,6}$" name=".+" />
	<securecookie host="^www\.google\.com$" name="^GoogleAccountsLocale_session$" />
	<securecookie host="^mail-attachment\.googleusercontent\.com$" name=".+" />
	<securecookie host="^gmail\.com$" name=".+" />
	<securecookie host="^www\.gmail\.com$" name=".+" />
	<securecookie host="^googlemail\.com$" name=".+" />
	<securecookie host="^www\.googlemail\.com$" name=".+" />


	<!--    - lh 3-6 exist
		- All appear identical
		- Identical to lh\d.googleusercontent.com
					-->
	<rule from="^http://lh(\d)\.ggpht\.com/"
		to="https://lh$1.ggpht.com/" />

	<rule from="^http://lh(\d)\.google\.ca/"
		to="https://lh$1.google.ca/" />


	<rule from="^http://(www\.)?g(oogle)?mail\.com/"
		to="https://$1g$2mail.com/" />

	<rule from="^http://(?:www\.)?goo\.gl/"
		to="https://goo.gl/" />


	<!--	Redirects to http when rewritten to www:
							-->
	<rule from="^http://books\.google\.com/"
		to="https://encrypted.google.com/" />

	<!--	tisp$ 404s:
				-->
	<rule from="^http://(?:www\.)?google\.((?:com?\.)?\w{2,3})/tisp(?=$|\?)"
		to="https://www.google.$1/tisp/" />

	<!--	Paths that work on all in google.*
							-->
	<rule from="^http://(?:www\.)?google\.((?:com?\.)?\w{2,3})/(accounts|adplanner|ads|adsense|adwords|analytics|bookmarks|chrome|contacts|coop|cse|css|culturalinstitute|doodles|earth|favicon\.ico|finance|get|goodtoknow|googleblogs|grants|green|hostednews|images|intl|js|landing|logos|mapmaker|newproducts|news|nexus|patents|policies|prdhp|profiles|products|reader|s2|settings|shopping|support|tisp|tools|transparencyreport|trends|urchin|webmasters)(?=$|[?/])"
		 to="https://www.google.$1/$2" />

	<!--	Paths that 404 on .ccltd, but work on .com:
								-->
	<rule from="^http://(?:www\.)?google\.(?:com?\.)?\w{2,3}/(?=calendar|dictionary|doubleclick|help|ideas|pacman|postini|powermeter|url)"
		 to="https://www.google.com/" />

	<rule from="^http://(?:www\.)?google\.(?:com?\.)?\w{2,3}/custom"
		 to="https://www.google.com/cse" />

	<!--	Paths that only exist/work on .com
							-->
	<rule from="^http://(?:www\.)?google\.com/(\+|appsstatus|books|buzz|extern_js|glass|googlebooks|ig|insights|moderator|phone|safebrowsing|videotargetting|webfonts)(?=$|[?/])"
		to="https://www.google.com/$1" />

	<!--	Subdomains that work on all in google.*
							-->
	<rule from="^http://(accounts|adwords|finance|groups|id|picasaweb|)\.google\.((?:com?\.)?\w{2,3})/"
		to="https://$1.google.$2/" />

	<!--	Subdomains that only exist/work on .com
							-->
	<rule from="^http://(apis|appengine|books|calendar|cbks0|chat|checkout|chrome|clients[12]|code|[\w-]+\.corp|developers|dl|docs\d?|\d\.docs|drive|encrypted|encrypted-tbn[123]|feedburner|fiber|fonts|gg|glass||health|helpouts|history|(?:hosted)?talkgadget|investor|lh\d|(?:chatenabled\.)?mail|pack|pki|play|plus(?:\.sandbox)?|plusone|productforums|profiles|safebrowsing-cache|cert-test\.sandbox|sb-ssl|script|security|services|servicessites|sites|spreadsheets\d?|support|talk|tools)\.google\.com/"
		to="https://$1.google.com/" />

	<exclusion pattern="^http://clients[0-9]\.google\.com/ocsp"/>

	<rule from="^http://earth\.google\.com/"
		to="https://www.google.com/earth/" />

	<rule from="^http://scholar\.google\.((?:com?\.)?\w{2,3})/intl/"
		to="https://www.google.$1/intl/" />

	<rule from="^http://(?:encrypted-)?tbn2\.google\.com/"
		to="https://encrypted-tbn2.google.com/" />


	<rule from="^http://knoll?\.google\.com/"
		to="https://knol.google.com/" />


	<rule from="^http://news\.google\.(?:com?\.)?\w{2,3}/(?:$|news|newshp)"
		to="https://www.google.com/news" />

	<rule from="^http://trends\.google\.com/"
		 to="https://www.google.com/trends" />


	<rule from="^http://([^/:@\.]+\.)?googlecode\.com/"
		 to="https://$1googlecode.com/" />

	<rule from="^http://([^\./]\.)?googlesource\.com/"
		to="https://$1googlesource.com/" />


	<rule from="^http://partner\.googleadservices\.com/"
		 to="https://partner.googleadservices.com/" />

	<rule from="^http://(pagead2|tpc)\.googlesyndication\.com/"
		 to="https://$1.googlesyndication.com/" />

	<!--	!www doesn't exist.
					-->
	<rule from="^http://www\.googletagservices\.com/tag/js/"
		to="https://www.googletagservices.com/tag/js/" />


	<rule from="^http://([^@:\./]+)\.googleusercontent\.com/"
		to="https://$1.googleusercontent.com/" />
	

</ruleset>