<ruleset name="Google Search">

	<target host="google.com" />
	<target host="*.google.com" />
	<target host="google.com.*" />
	<target host="www.google.com.*" />
	<target host="google.co.*" />
	<target host="www.google.co.*" />
	<target host="google.*" />
	<target host="www.google.*" />
	<!--
		Beyond clients1 these do not currently
		exist in the ccTLDs, but just in case...
							-->
	<target host="clients1.google.com.*" />
	<target host="clients2.google.com.*" />
	<target host="clients3.google.com.*" />
	<target host="clients4.google.com.*" />
	<target host="clients5.google.com.*" />
	<target host="clients6.google.com.*" />
	<target host="clients1.google.co.*" />
	<target host="clients2.google.co.*" />
	<target host="clients3.google.co.*" />
	<target host="clients4.google.co.*" />
	<target host="clients5.google.co.*" />
	<target host="clients6.google.co.*" />
	<target host="clients1.google.*" />
	<target host="clients2.google.*" />
	<target host="clients3.google.*" />
	<target host="clients4.google.*" />
	<target host="clients5.google.*" />
	<target host="clients6.google.*" />


	<!--	Some Google pages can generate naive links back to the
		unencrypted version of encrypted.google.com, which is
		a 301 but theoretically vulnerable to SSL stripping.
									-->
	<rule from="^http://encrypted\.google\.com/"
		to="https://encrypted.google.com/" />

	<!--	The most basic case.
					-->
	<rule from="^http://(?:www\.)?google\.com/search"
		to="https://encrypted.google.com/search" />

	<!--	A very annoying exception that we
		seem to need for the basic case
						-->
	<exclusion pattern="^http://(?:www\.)?google\.com/search.*tbs=shop" />
	<exclusion pattern="^http://clients\d\.google\.com/.*client=products.*" />
	<exclusion pattern="^http://suggestqueries\.google\.com/.*client=.*" />

  <!-- https://trac.torproject.org/projects/tor/ticket/9713 
         -->

  <exclusion pattern="^http://clients[0-9]\.google\.com/ocsp" />


	<!--	This is necessary for image results
		links from web search results
						-->
	<exclusion pattern="^http://(?:www\.)?google\.com/search.*tbm=isch.*" />

	<rule from="^http://(?:www\.)?google\.com/about"
		to="https://www.google.com/about" />

	<!--	There are two distinct cases for these firefox searches	-->

	<rule from="^http://(?:www\.)?google(?:\.com?)?\.[a-z]{2}/firefox/?$"
		to="https://encrypted.google.com/" />

	<rule from="^http://(?:www\.)?google(?:\.com?)?\.[a-z]{2}/firefox"
		to="https://encrypted.google.com/webhp" />

	<rule from="^http://(?:www\.)?google\.com/webhp"
		to="https://encrypted.google.com/webhp" />

	<rule from="^http://codesearch\.google\.com/"
		to="https://codesearch.google.com/" />

	<rule from="^http://(?:www\.)?google\.com/codesearch"
		to="https://www.google.com/codesearch" />

	<rule from="^http://(?:www\.)?google\.com/#"
		to="https://encrypted.google.com/#" />

	<rule from="^http://(?:www\.)?google\.com/$"
		to="https://encrypted.google.com/" />

	<!--	Google supports IPv6 search, including
		HTTPS with a valid certificate!	-->
	<rule from="^http://ipv6\.google\.com/"
		to="https://ipv6.google.com/" />

	<!--	most google international sites look like
		"google.fr", some look like "google.co.jp",
		and some crazy ones like "google.com.au"	-->

	<rule from="^http://(www\.)?google(\.com?)?\.([a-z]{2})/(search\?|#)"
		to="https://$1google$2.$3/$4" />

	<!--	Language preference setting	-->
	<rule from="^http://(www\.)?google(\.com?)?\.([a-z]{2})/setprefs"
	to="https://$1google$2.$3/setprefs" />

	<!--	Completion urls look like this:

http://clients2.google.co.jp/complete/search?hl=ja&client=hp&expIds=17259,24660,24729,24745&q=m&cp=1 HTTP/1.1\r\n

		-->
	<rule from="^http://clients\d\.google\.com/complete/search"
		to="https://clients1.google.com/complete/search" />

	<rule from="^http://clients\d\.google(\.com?\.[a-z]{2})/complete/search"
		to="https://clients1.google.$1/complete/search" />

	<rule from="^http://clients\d\.google\.([a-z]{2})/complete/search"
		to="https://clients1.google.$1/complete/search" />

	<rule from="^http://suggestqueries\.google\.com/complete/search"
		to="https://clients1.google.com/complete/search" />

	<rule from="^http://(www\.)?google\.(com?\.)?([a-z]{2})/(?:webhp)?$"
		to="https://$1google.$2$3/" />

	<!--	If there are URL parameters, keep them.	-->
	<rule from="^http://(www\.)?google\.(com?\.)?([a-z]{2})/(?:webhp)?\?"
		to="https://$1google.$2$3/webhp?" />

	<!-- teapot -->
	<rule from="^http://(www\.)?google(\.com?)?\.([a-z]{2})/teapot"
		to="https://$1google$2.$3/teapot" />

</ruleset>