From: swa Date: Thu, 21 Mar 2002 21:04:00 +0000 (+0000) Subject: newly generated. X-Git-Tag: v_2_9_12~6 X-Git-Url: http://www.privoxy.org/gitweb/%22https:/developer-manual/faq/user-manual/static/edit-actions-section-add?a=commitdiff_plain;h=92c9aee6be8119ba6e2c1e70063c988de06d69a2;p=privoxy.git newly generated. --- diff --git a/doc/text/faq.txt b/doc/text/faq.txt index 98f09684..470e2931 100644 --- a/doc/text/faq.txt +++ b/doc/text/faq.txt @@ -1,744 +1,818 @@ -Junkbuster Frequently Asked Questions - -By: Junkbuster Developers - -$Id: faq.sgml,v 1.18 2002/03/18 16:40:31 hal9 Exp $ - -The FAQ document gives users and developers alike answers to frequently asked -questions about the Internet Junkbuster. Internet Junkbuster is a web proxy -with advanced filtering capabilities for protecting privacy, filtering web page -content, managing cookies, controlling access, and removing ads, banners, -pop-ups and other obnoxious Internet Junk. Junkbuster has a very flexible -configuration and can be customized to suit individual needs and tastes. -Internet Junkbuster has application for both stand-alone systems and multi-user -networks. -You can find the latest version of the document at http:// -ijbswa.sourceforge.net/faq/. Please see the Contact section in the user-manual -if you want to contact the developers. - -------------------------------------------------------------------------------- +Junkbuster Frequently Asked Questions -Table of Contents -1. Frequently Asked Questions + By: Junkbuster Developers - 1.1. General Information - - 1.1.1. What is this new version of Junkbuster? - 1.1.2. How does it differ from the old Junkbuster? - 1.1.3. What are some of the new features? - 1.1.4. What is a "proxy"? How does Junkbuster work? - 1.1.5. My browser does the same things as Junkbuster. Why should I use - Junkbuster at all? - 1.1.6. Is there is a license or fee? What about a warranty? - Registration? - - 1.2. Installation - - 1.2.1. Can I install the new Junkbuster over the old one? - 1.2.2. I just installed Junkbuster. Is there anything special I have to - do now? - 1.2.3. What is the proxy address of Junkbuster? - 1.2.4. I just installed Junkbuster, and nothing is happening. All the - ads are there. What's wrong? - - 1.3. Configuration - - 1.3.1. Can I use my old config files? - 1.3.2. What is an "actions" file? - 1.3.3. The "actions"concept confuses me. Please list some of these - "actions". - 1.3.4. How are actions files configured? What is the easiest way to do - this? - 1.3.5. What are the differences between ijb-intermediate.action, - ijb-basic.action, etc.? - 1.3.6. Why can I change the configuration with a browser? Does that not - raise security issues? - 1.3.7. How can I set up Junkbuster to act as a proxy for my LAN? - 1.3.8. Instead of ads, now I get a Junkbuster logo [or checkerboard]. I - don't want to see anything. - 1.3.9. Why would anybody want to see the logo or checkerboard? - 1.3.10. I see large red banners on some pages that say "Blocked". How - do I get rid of this? - - 1.4. Misc - - 1.4.1. How much does Junkbuster slow my browsing down? This has to add - extra time to browsing. - 1.4.2. I noticed considerable delays in page requests compared to the - old IJB. What's wrong? - 1.4.3. What is the "http://i.j.b/"? - 1.4.4. I would like to help you, what do I do? - 1.4.5. Do you still maintain the blocklists? - 1.4.6. How can I submit new ads? - 1.4.7. How can I hide my IP address? - 1.4.8. Can Junkbuster guarantee I am anonymous? - 1.4.9. Might some things break because header information is being - altered? - 1.4.10. Can Junkbuster act as a "caching" proxy to speed up web - browsing? - 1.4.11. What about as a firewall? Can Junkbuster protect me? - 1.4.12. The Junkbuster logo that replaces ads is very blocky and ugly - looking. Can't a better font be used? - 1.4.13. I have large empty spaces now where ads used to be. Why does - Junkbuster leave these large gaps? - 1.4.14. How can Junkbuster filter Secure (HTTPS) URLs? - 1.4.15. Junkbuster runs as a "server". How secure is it? Do I need to - take any special precautions? - 1.4.16. What is a "re_filterfile"? - - 1.5. Troubleshooting - - 1.5.1. I just upgraded and am getting "connection refused" with every - web page? - 1.5.2. I just added a new rule, but the steenkin ad is still getting - through. How? - 1.5.3. One of my favorite sites does not work with Junkbuster. What can - I do? - 1.5.4. What time is it? - -2. Contact the developers -3. Copyright and History -4. See also - + $Id: faq.sgml,v 1.19 2002/03/21 17:01:54 hal9 Exp $ + + The FAQ document gives users and developers alike answers to + frequently asked questions about the Internet Junkbuster. Internet + Junkbuster is a web proxy with advanced filtering capabilities for + protecting privacy, filtering web page content, managing cookies, + controlling access, and removing ads, banners, pop-ups and other + obnoxious Internet Junk. Junkbuster has a very flexible configuration + and can be customized to suit individual needs and tastes. Internet + Junkbuster has application for both stand-alone systems and multi-user + networks. + + You can find the latest version of the document at + [1]http://ijbswa.sourceforge.net/faq/. Please see the Contact section + in the [2]user-manual if you want to contact the developers. + _________________________________________________________________ + + Table of Contents + 1. [3]Frequently Asked Questions + + 1.1. [4]General Information + + 1.1.1. [5]What is this new version of Junkbuster? + 1.1.2. [6]How does it differ from the old Junkbuster? + 1.1.3. [7]What are some of the new features? + 1.1.4. [8]What is a "proxy"? How does Junkbuster work? + 1.1.5. [9]My browser does the same things as Junkbuster. + Why should I use Junkbuster at all? + + 1.1.6. [10]Is there is a license or fee? What about a + warranty? Registration? + + 1.2. [11]Installation + + 1.2.1. [12]Can I install the new Junkbuster over the old + one? + + 1.2.2. [13]I just installed Junkbuster. Is there anything + special I have to do now? + + 1.2.3. [14]What is the proxy address of Junkbuster? + 1.2.4. [15]I just installed Junkbuster, and nothing is + happening. All the ads are there. What's wrong? + + 1.3. [16]Configuration + + 1.3.1. [17]Can I use my old config files? + 1.3.2. [18]What is an "actions" file? + 1.3.3. [19]The "actions"concept confuses me. Please list + some of these "actions". + + 1.3.4. [20]How are actions files configured? What is the + easiest way to do this? + + 1.3.5. [21]What are the differences between + ijb-intermediate.action, ijb-basic.action, etc.? + + 1.3.6. [22]Why can I change the configuration with a + browser? Does that not raise security issues? + + 1.3.7. [23]How can I set up Junkbuster to act as a proxy + for my LAN? + + 1.3.8. [24]Instead of ads, now I get a Junkbuster logo [or + checkerboard]. I don't want to see anything. + + 1.3.9. [25]Why would anybody want to see the logo or + checkerboard? + + 1.3.10. [26]I see large red banners on some pages that say + "Blocked". How do I get rid of this? + + 1.4. [27]Misc + + 1.4.1. [28]How much does Junkbuster slow my browsing down? + This has to add extra time to browsing. + + 1.4.2. [29]I noticed considerable delays in page requests + compared to the old IJB. What's wrong? + + 1.4.3. [30]What is the "http://i.j.b/"? + 1.4.4. [31]I would like to help you, what do I do? + 1.4.5. [32]Do you still maintain the blocklists? + 1.4.6. [33]How can I submit new ads? + 1.4.7. [34]How can I hide my IP address? + 1.4.8. [35]Can Junkbuster guarantee I am anonymous? + 1.4.9. [36]Might some things break because header + information is being altered? + + 1.4.10. [37]Can Junkbuster act as a "caching" proxy to + speed up web browsing? + + 1.4.11. [38]What about as a firewall? Can Junkbuster + protect me? + + 1.4.12. [39]The Junkbuster logo that replaces ads is very + blocky and ugly looking. Can't a better font be + used? + + 1.4.13. [40]I have large empty spaces now where ads used to + be. Why does Junkbuster leave these large gaps? + + 1.4.14. [41]How can Junkbuster filter Secure (HTTPS) URLs? + 1.4.15. [42]Junkbuster runs as a "server". How secure is + it? Do I need to take any special precautions? + + 1.4.16. [43]What is a "re_filterfile"? + + 1.5. [44]Troubleshooting + + 1.5.1. [45]I just upgraded and am getting "connection + refused" with every web page? + + 1.5.2. [46]I just added a new rule, but the steenkin ad is + still getting through. How? + + 1.5.3. [47]One of my favorite sites does not work with + Junkbuster. What can I do? + + 1.5.4. [48]What time is it? + + 2. [49]Contact the developers + 3. [50]Copyright and History + 4. [51]See also + 1. Frequently Asked Questions 1.1. General Information 1.1.1. What is this new version of Junkbuster? -The original Internet Junkbuster (tm) is a coyrighted product of Junkbusters -Corporation. Development of this effort stopped some time ago as of version -2.0.2. Stefan Walherr started the ijbswa project on Sourceforge to rekindle -development. Other developers subsequently joined with Stefan, and have since -added many new features, refinements and enhancements. - -The new Junkbuster started with the same code base, but has changed -significantly at this point. - -------------------------------------------------------------------------------- - -1.1.2. How does it differ from the old Junkbuster? - -All the old features remain. The new Junkbuster still blocks ads and banners, -still manages cookies, and still helps protect your privacy. But, these are all -enhanced, and many new features have been added, all in the same vein. - -The configuration has changed significantly as well. This is something that -users will notice right off the bat. The "blocklist" file does not exist any -more. This is replaced by "actions" files, such as ijb.actions. This is where -most of the per site configuration is now. - -------------------------------------------------------------------------------- - -1.1.3. What are some of the new features? - - * Integrated browser based configuration and control utility (http://i.j.b). - Browser-based tracing of rule and filter effects. - - * Blocking of annoying pop-up browser windows. - - * HTTP/1.1 compliant (most, but not all 1.1 features are supported). - - * Support for Perl Compatible Regular Expressions in the configuration files, - and generally a more sophisticated and flexible configuration syntax over - previous versions. - - * GIF de-animation. - - * Web page content filtering (removes banners based on size, invisible - "web-bugs", JavaScript, pop-ups, status bar abuse, etc.) + The original Internet Junkbuster (tm) is a coyrighted product of + [52]Junkbusters Corporation. Development of this effort stopped some + time ago as of version 2.0.2. Stefan Walherr started the ijbswa + project on [53]Sourceforge to rekindle development. Other developers + subsequently joined with Stefan, and have since added many new + features, refinements and enhancements. - * Bypass many click-tracking scripts (avoids script redirection). + The new Junkbuster started with the same code base, but has changed + significantly at this point. + _________________________________________________________________ - * Multi-threaded (POSIX and native threads). +1.1.2. How does it differ from the old Junkbuster? + + All the old features remain. The new Junkbuster still blocks ads and + banners, still manages cookies, and still helps protect your privacy. + But, these are all enhanced, and many new features have been added, + all in the same vein. - * Auto-detection and re-reading of config file changes. + The configuration has changed significantly as well. This is something + that users will notice right off the bat. The "blocklist" file does + not exist any more. This is replaced by "actions" files, such as + ijb.actions. This is where most of the per site configuration is now. + _________________________________________________________________ - * User-customizable HTML templates (e.g. 404 error page). +1.1.3. What are some of the new features? + + * Integrated browser based configuration and control utility + ([54]http://i.j.b). Browser-based tracing of rule and filter + effects. + * Blocking of annoying pop-up browser windows. + * HTTP/1.1 compliant (most, but not all 1.1 features are supported). + * Support for Perl Compatible Regular Expressions in the + configuration files, and generally a more sophisticated and + flexible configuration syntax over previous versions. + * GIF de-animation. + * Web page content filtering (removes banners based on size, + invisible "web-bugs", JavaScript, pop-ups, status bar abuse, etc.) + * Bypass many click-tracking scripts (avoids script redirection). + * Multi-threaded (POSIX and native threads). + * Auto-detection and re-reading of config file changes. + * User-customizable HTML templates (e.g. 404 error page). + * Improved cookie management features (e.g. session based cookies). + * Builds from source on most UNIX-like systems. Packages available + for: Linux (RedHat, SuSE, or Debian), Windows, Sun Solaris, Mac + OSX, OS/2, HP-UX 11 and AmigaOS. + * In addition, the configuration is much more powerful and versatile + over-all. + _________________________________________________________________ - * Improved cookie management features (e.g. session based cookies). +1.1.4. What is a "proxy"? How does Junkbuster work? + + When you connect to a web site with Junkbuster, you are really + connecting to your locally running version of Junkbuster. Junkbuster + intercepts your requests for the web page, and relays that to the + "real" web site. The web site sends the HTTP data stream back to + Junkbuster, where Junkbuster can work its magic before it relays this + data back to your web browser. - * Builds from source on most UNIX-like systems. Packages available for: Linux - (RedHat, SuSE, or Debian), Windows, Sun Solaris, Mac OSX, OS/2, HP-UX 11 - and AmigaOS. + Since Junkbuster sits between you and the WWW, it is in a position to + intercept and completely manage all web traffic and HTTP content + before it gets to your browser. Junkbuster uses various programming + methods to do this, all of which is under your control via the various + configuration files and options. - * In addition, the configuration is much more powerful and versatile - over-all. + There are many kinds of proxies. Junkbuster best fits the "filtering + proxy" category. + _________________________________________________________________ -------------------------------------------------------------------------------- - -1.1.4. What is a "proxy"? How does Junkbuster work? - -When you connect to a web site with Junkbuster, you are really connecting to -your locally running version of Junkbuster. Junkbuster intercepts your requests -for the web page, and relays that to the "real" web site. The web site sends -the HTTP data stream back to Junkbuster, where Junkbuster can work its magic -before it relays this data back to your web browser. - -Since Junkbuster sits between you and the WWW, it is in a position to intercept -and completely manage all web traffic and HTTP content before it gets to your -browser. Junkbuster uses various programming methods to do this, all of which -is under your control via the various configuration files and options. - -There are many kinds of proxies. Junkbuster best fits the "filtering proxy" -category. - -------------------------------------------------------------------------------- - 1.1.5. My browser does the same things as Junkbuster. Why should I use Junkbuster at all? -Modern browsers do indeed have some of the same functionality as Junkbuster. -Maybe this is adequate for you. But Junkbuster is much more verstatile and -powerful, and can do a number of things that browsers just can't. - -In addition, a proxy is good choice if you use multiple browsers, or have a LAN -with multiple computers. This way all the configuration is in one place, and -you don't have to maintain a similar configuration for possibly many browsers. - -------------------------------------------------------------------------------- - + Modern browsers do indeed have some of the same functionality as + Junkbuster. Maybe this is adequate for you. But Junkbuster is much + more verstatile and powerful, and can do a number of things that + browsers just can't. + + In addition, a proxy is good choice if you use multiple browsers, or + have a LAN with multiple computers. This way all the configuration is + in one place, and you don't have to maintain a similar configuration + for possibly many browsers. + _________________________________________________________________ + 1.1.6. Is there is a license or fee? What about a warranty? Registration? -Junkbuster is licensed under the GNU General Public License (GPL). It is free -to use, copy, modify or distribute as you wish under the terms of this license. -See http://www.gnu.org/copyleft/gpl.html for specifics. - -There is no warranty of any kind, expressed, implied or otherwise. That is -something that would cost real money ;-) There is no registration either. -Junkbuster really is free in every respect! - -------------------------------------------------------------------------------- - + Junkbuster is licensed under the GNU General Public License (GPL). It + is free to use, copy, modify or distribute as you wish under the terms + of this license. See [55]http://www.gnu.org/copyleft/gpl.html for + specifics. + + There is no warranty of any kind, expressed, implied or otherwise. + That is something that would cost real money ;-) There is no + registration either. Junkbuster really is free in every respect! + _________________________________________________________________ + 1.2. Installation 1.2.1. Can I install the new Junkbuster over the old one? -We recommend you uninstall the old Junkbuster first to minimize conflicts and -confusion. You may want to save your old configuration files for future -reference. The configuration is substantially changed. - -See the user-manual for platform specific installation instructions. [FIXME: -This is meant for after the name change for 3.0!] - -------------------------------------------------------------------------------- - -1.2.2. I just installed Junkbuster. Is there anything special I have to do now? - -All browsers must be told to use Junkbuster as a proxy by specifying the -correct proxy address and port number in the appropriate configuration area for -the browser. See below. - -------------------------------------------------------------------------------- + We recommend you uninstall the old Junkbuster first to minimize + conflicts and confusion. You may want to save your old configuration + files for future reference. The configuration is substantially + changed. + + See the [56]user-manual for platform specific installation + instructions. [FIXME: This is meant for after the name change for + 3.0!] + _________________________________________________________________ + +1.2.2. I just installed Junkbuster. Is there anything special I have to do +now? + All browsers must be told to use Junkbuster as a proxy by specifying + the correct proxy address and port number in the appropriate + configuration area for the browser. See below. + _________________________________________________________________ + 1.2.3. What is the proxy address of Junkbuster? -If you set up the Junkbuster to run on the computer you browse from (rather -than your ISP's server or some networked computer on a LAN), the proxy will be -on "localhost" (which is the special name used by every computer on the -Internet to refer to itself) and the port will be 8118 (unless you have told -the Internet Junkbuster to run on a different port with the listen-address -config option). - -When configuring your browser's proxy settings you typically enter the word -"localhost" in the boxes next to "HTTP" and "Secure" (HTTPS) and then the -number "8118" for "port". This tells your browser to send all web requests to -"Junkbuster" instead of directly to the Interenet. - -Junkbuster can also be used to proxy for a Local Area Network. In this case, -your would enter either the IP address of the LAN host where Junkbuster is -running, or the equivalent hostname. Port assignment would be same as above. - -Junkbuster does not currently handle protocols such as FTP, SMTP, IM, IRC, ICQ, -or other Internet protocols. - -------------------------------------------------------------------------------- - -1.2.4. I just installed Junkbuster, and nothing is happening. All the ads are -there. What's wrong? - -Did you configure your browser to use Junkbuster as a proxy? It does not sound -like it. See above. You might also try flushing the browser's caches to force a -full re-reading of pages. You can verify that Junkbuster is running, and your -browser is correctly configured by entering the special URL: http://i.j.b/. -This should give you a banner that says "This is the Internet JUNKBUSTER" and -access to Junkbuster's internal configuration. If you see this, then you are -good to go. If not, the browser or Junkbuster are not set up correctly. - -------------------------------------------------------------------------------- - + If you set up the Junkbuster to run on the computer you browse from + (rather than your ISP's server or some networked computer on a LAN), + the proxy will be on "localhost" (which is the special name used by + every computer on the Internet to refer to itself) and the port will + be 8118 (unless you have told the Internet Junkbuster to run on a + different port with the listen-address config option). + + When configuring your browser's proxy settings you typically enter the + word "localhost" in the boxes next to "HTTP" and "Secure" (HTTPS) and + then the number "8118" for "port". This tells your browser to send all + web requests to "Junkbuster" instead of directly to the Interenet. + + Junkbuster can also be used to proxy for a Local Area Network. In this + case, your would enter either the IP address of the LAN host where + Junkbuster is running, or the equivalent hostname. Port assignment + would be same as above. + + Junkbuster does not currently handle protocols such as FTP, SMTP, IM, + IRC, ICQ, or other Internet protocols. + _________________________________________________________________ + +1.2.4. I just installed Junkbuster, and nothing is happening. All the ads +are there. What's wrong? + + Did you configure your browser to use Junkbuster as a proxy? It does + not sound like it. See above. You might also try flushing the + browser's caches to force a full re-reading of pages. You can verify + that Junkbuster is running, and your browser is correctly configured + by entering the special URL: [57]http://i.j.b/. This should give you a + banner that says "This is the Internet JUNKBUSTER" and access to + Junkbuster's internal configuration. If you see this, then you are + good to go. If not, the browser or Junkbuster are not set up + correctly. + _________________________________________________________________ + 1.3. Configuration 1.3.1. Can I use my old config files? -There are major changes to Junkbuster configuration from version 2.0.x to 2.9.x -and later. The older files will not work at all. If this is the case, you will -need to re-enter your old data into the new configuration structure. This is -probably also a good recommendation even if upgrading from 2.9.x to 3.x since -there were many minor changes along the way. - -------------------------------------------------------------------------------- - + There are major changes to Junkbuster configuration from version 2.0.x + to 2.9.x and later. The older files will not work at all. If this is + the case, you will need to re-enter your old data into the new + configuration structure. This is probably also a good recommendation + even if upgrading from 2.9.x to 3.x since there were many minor + changes along the way. + _________________________________________________________________ + 1.3.2. What is an "actions" file? -"actions" files are where various actions that Junkbuster might take, are -configured. Typically, you would define a set of default actions that apply to -all URLs, then add exceptions to these defaults. - -Actions can be defined on a per site basis, or for groups of sites. Actions can -also be grouped together and then applied to one or more sites. There are many -possible actions that might apply to any given site. As an example, if we are -blocking cookies as one of our default actions, but need to accept cookies from -a given site, we would define this in our "actions" file. - -Junkbuster comes with several default actions files, with varying degrees of -filtering and blocking, as starting points for your own configuration (see -below). - -------------------------------------------------------------------------------- - -1.3.3. The "actions"concept confuses me. Please list some of these "actions". - -These are all explained in the user-manual. Please refer to that. - -------------------------------------------------------------------------------- + "actions" files are where various actions that Junkbuster might take, + are configured. Typically, you would define a set of default actions + that apply to all URLs, then add exceptions to these defaults. + + Actions can be defined on a per site basis, or for groups of sites. + Actions can also be grouped together and then applied to one or more + sites. There are many possible actions that might apply to any given + site. As an example, if we are blocking cookies as one of our default + actions, but need to accept cookies from a given site, we would define + this in our "actions" file. + + Junkbuster comes with several default actions files, with varying + degrees of filtering and blocking, as starting points for your own + configuration (see below). + _________________________________________________________________ + +1.3.3. The "actions"concept confuses me. Please list some of these +"actions". + These are all explained in the [58]user-manual. Please refer to that. + _________________________________________________________________ + 1.3.4. How are actions files configured? What is the easiest way to do this? -The easiest way to do this, is to access Junkbuster with your web browser at -http://i.j.b/, and then select "Edit the actions list" from the selection list. -You can also do this by editing the appropriate file with a text editor. - -Please see the user-manual for a detailed explanation of these and other -configuration files, and their various options and syntax. - -------------------------------------------------------------------------------- - + The easiest way to do this, is to access Junkbuster with your web + browser at [59]http://i.j.b/, and then select "[60]Edit the actions + list" from the selection list. You can also do this by editing the + appropriate file with a text editor. + + Please see the [61]user-manual for a detailed explanation of these and + other configuration files, and their various options and syntax. + _________________________________________________________________ + 1.3.5. What are the differences between ijb-intermediate.action, ijb-basic.action, etc.? -Configuring the Internet Junkbuster is not easy. To help you get started, we -provide you with three different default configurations. The following table -shows you, which features are enabled in each configuration. - -Table 1. Default Configurations - -+------------------------------------------------------------------------------------------------+ -|Feature |ijb.action |ijb-basic.action|ijb-intermediate.action|ijb-advanced.action| -|--------------------+--------------+----------------+-----------------------+-------------------| -|ad-filtering |? |x |x |x | -|--------------------+--------------+----------------+-----------------------+-------------------| -|blank image |? |x |x |x | -|--------------------+--------------+----------------+-----------------------+-------------------| -|de-animate GIFs |? |x |x |x | -|--------------------+--------------+----------------+-----------------------+-------------------| -|referer forging |? |x |x |x | -|--------------------+--------------+----------------+-----------------------+-------------------| -|jon's |? |x |x |x | -|+no-cookies-keep | | | | | -|(i.e. session | | | | | -|cookies only) | | | | | -|--------------------+--------------+----------------+-----------------------+-------------------| -|no-popup windows |? | |x |x | -|--------------------+--------------+----------------+-----------------------+-------------------| -|fast redirects |? | |x |x | -|--------------------+--------------+----------------+-----------------------+-------------------| -|hide-referrer |? | |x |x | -|--------------------+--------------+----------------+-----------------------+-------------------| -|hide-useragent |? | |x |x | -|--------------------+--------------+----------------+-----------------------+-------------------| -|content-modification|? | | |x | -|--------------------+--------------+----------------+-----------------------+-------------------| -|feature-x |? | | | | -|--------------------+--------------+----------------+-----------------------+-------------------| -|feature-y |? | | | | -|--------------------+--------------+----------------+-----------------------+-------------------| -|feature-z |? | | | | -+------------------------------------------------------------------------------------------------+ - -------------------------------------------------------------------------------- - -1.3.6. Why can I change the configuration with a browser? Does that not raise -security issues? - -What I don't understand, is how I can browser edit the config file as a regular -user, while the whole /etc/junkbuster hierarchy belongs to the user -"junkbuster", with only 644 perms. - -When you use the browser-based editor, JunkBuster itself is writing to the -config files. Because JunkBuster is running as the user "junkbuster", it can -update the config files. - -If you don't like this, setting "enable-edit-actions 0" in the config file will -disable the browser-based editor. If you're that paranoid, you should also -consider setting "enable-remote-toggle 0" to prevent browser-based enabling/ -disabling of JunkBuster. - -Note that normally only local users can connect to JunkBuster, so this is not -(normally) a security problem. - -------------------------------------------------------------------------------- + Configuring the Internet Junkbuster is not easy. To help you get + started, we provide you with three different default configurations. + The following table shows you, which features are enabled in each + configuration. + + Table 1. Default Configurations + Feature ijb.action ijb-basic.action ijb-intermediate.action + ijb-advanced.action + ad-filtering ? x x x + blank image ? x x x + de-animate GIFs ? x x x + referer forging ? x x x + jon's +no-cookies-keep (i.e. session cookies only) ? x x x + no-popup windows ? x x + fast redirects ? x x + hide-referrer ? x x + hide-useragent ? x x + content-modification ? x + feature-x ? + feature-y ? + feature-z ? + _________________________________________________________________ + +1.3.6. Why can I change the configuration with a browser? Does that not +raise security issues? + What I don't understand, is how I can browser edit the config file as + a regular user, while the whole /etc/junkbuster hierarchy belongs to + the user "junkbuster", with only 644 perms. + + When you use the browser-based editor, JunkBuster itself is writing to + the config files. Because JunkBuster is running as the user + "junkbuster", it can update the config files. + + If you don't like this, setting "enable-edit-actions 0" in the config + file will disable the browser-based editor. If you're that paranoid, + you should also consider setting "enable-remote-toggle 0" to prevent + browser-based enabling/disabling of JunkBuster. + + Note that normally only local users can connect to JunkBuster, so this + is not (normally) a security problem. + _________________________________________________________________ + 1.3.7. How can I set up Junkbuster to act as a proxy for my LAN? -By default, Junkbuster only responds to requests from localhost. To have it act -as a server for a network, this needs to be changed in the main config file -where the Junkbuster configuration is located. In that file is a -"listen-address" option. It may be commented out with a "#" symbol. Make sure -it is uncommented, and assign it the address of the LAN gateway interface, and -port number to use: - - listen-address 192.168.1.1:8118 - - -Save the file, and restart Junkbuster. Configure all browsers on the network -then to use this address and port number. - -------------------------------------------------------------------------------- - -1.3.8. Instead of ads, now I get a Junkbuster logo [or checkerboard]. I don't -want to see anything. - -This is a configuration option for images that Junkbuster is stopping. You have -the choice of the Junkbuster logo, a checkerboard pattern (this scales better), -a transparent 1x1 GIF image, or a custom URL or your choice. - -If you want to see nothing, then change the "+image-blocker" action to -"+image-blocker{blank}". This can be done from the "Edit Actions List" -selection at http://i.j.b/. Or by hand editing the appropriate actions file. -This will only effect what is defined as "images" though. + By default, Junkbuster only responds to requests from localhost. To + have it act as a server for a network, this needs to be changed in the + main config file where the Junkbuster configuration is located. In + that file is a "listen-address" option. It may be commented out with a + "#" symbol. Make sure it is uncommented, and assign it the address of + the LAN gateway interface, and port number to use: + + listen-address 192.168.1.1:8118 -------------------------------------------------------------------------------- + Save the file, and restart Junkbuster. Configure all browsers on the + network then to use this address and port number. + _________________________________________________________________ + +1.3.8. Instead of ads, now I get a Junkbuster logo [or checkerboard]. I +don't want to see anything. + This is a configuration option for images that Junkbuster is stopping. + You have the choice of the Junkbuster logo, a checkerboard pattern + (this scales better), a transparent 1x1 GIF image, or a custom URL or + your choice. + + If you want to see nothing, then change the "+image-blocker" action to + "+image-blocker{blank}". This can be done from the "Edit Actions List" + selection at [62]http://i.j.b/. Or by hand editing the appropriate + actions file. This will only effect what is defined as "images" + though. + _________________________________________________________________ + 1.3.9. Why would anybody want to see the logo or checkerboard? -This can be helpful for troubleshooting problems. It might also be good for -anyone new to Junkbuster so that they can see if their favorite pages are -displaying correctly, and Junkbuster is not inadvertantly removing something -important. - -------------------------------------------------------------------------------- - -1.3.10. I see large red banners on some pages that say "Blocked". How do I get -rid of this? - -These are URLs that match something in one of Junkbuster's block actions -(+block). It is meant to be a warning so that you know something has been -blocked and an easy way for you to see why. These are handled differently than -what has been defined as "images" (e.g. ad banners). If you want them to be -treated as if they were images, so that they can be invisible, then move the -offending URL from the "+block" section to the "+imageblock" section of your -actions file. Alternately, you could modify the "block" HTML template that is -used by Junkbuster to display this, and make it something more to your liking. - -------------------------------------------------------------------------------- - + This can be helpful for troubleshooting problems. It might also be + good for anyone new to Junkbuster so that they can see if their + favorite pages are displaying correctly, and Junkbuster is not + inadvertantly removing something important. + _________________________________________________________________ + +1.3.10. I see large red banners on some pages that say "Blocked". How do I +get rid of this? + + These are URLs that match something in one of Junkbuster's block + actions (+block). It is meant to be a warning so that you know + something has been blocked and an easy way for you to see why. These + are handled differently than what has been defined as "images" (e.g. + ad banners). If you want them to be treated as if they were images, so + that they can be invisible, then move the offending URL from the + "+block" section to the "+imageblock" section of your actions file. + Alternately, you could modify the "block" HTML template that is used + by Junkbuster to display this, and make it something more to your + liking. + _________________________________________________________________ + 1.4. Misc 1.4.1. How much does Junkbuster slow my browsing down? This has to add extra time to browsing. -It should not slow you down any in real terms, and may actually help speed -things up since ads, banners and other junk are not being displayed. The actual -processing time required by Junkbuster itself for each page, is relatively -small in the overall scheme of things, and happens very quickly. This is -typically more than offset by time saved not downloading and rendering ad -images. - -"Filtering" via the re_filterfile mechanism may cause a perceived slowdown, -since the entire page is buffered before displaying. See below. - -------------------------------------------------------------------------------- - -1.4.2. I noticed considerable delays in page requests compared to the old IJB. -What's wrong? - -Using the default filtering configuration, I noticed considerable delays in -page requests compared to the old IJB. Loading pages with large contents seemed -to take forever, then suddenly delivering all the content at once. - -The whole content must be loaded in order to filter, and nothing is is sent to -the browser during this time. The loading time does not really change in real -numbers, but the feeling is different, because most browsers are able to start -rendering incomplete content, giving the user a feeling of "it works". - -To modify the content of a page (i.e. make frames resizeable again, etc.) and -not just replace ads, the Internet Junkbuster needs to download the entire page -first, do its content magic and then send the page to the browser. - -------------------------------------------------------------------------------- + It should not slow you down any in real terms, and may actually help + speed things up since ads, banners and other junk are not being + displayed. The actual processing time required by Junkbuster itself + for each page, is relatively small in the overall scheme of things, + and happens very quickly. This is typically more than offset by time + saved not downloading and rendering ad images. + + "Filtering" via the re_filterfile mechanism may cause a perceived + slowdown, since the entire page is buffered before displaying. See + below. + _________________________________________________________________ + +1.4.2. I noticed considerable delays in page requests compared to the old +IJB. What's wrong? + Using the default filtering configuration, I noticed considerable + delays in page requests compared to the old IJB. Loading pages with + large contents seemed to take forever, then suddenly delivering all + the content at once. + + The whole content must be loaded in order to filter, and nothing is is + sent to the browser during this time. The loading time does not really + change in real numbers, but the feeling is different, because most + browsers are able to start rendering incomplete content, giving the + user a feeling of "it works". + + To modify the content of a page (i.e. make frames resizeable again, + etc.) and not just replace ads, the Internet Junkbuster needs to + download the entire page first, do its content magic and then send the + page to the browser. + _________________________________________________________________ + 1.4.3. What is the "http://i.j.b/"? -Since JunkBuster sits between your web browser and the Internet, it can be -programmed to handle certain pages specially. - -With recent versions of JunkBuster (version 2.9.x), you can get some -information about JunkBuster and change some settings by going to http://i.j.b/ -or, equivalently, http://ijbswa.sourceforge.net/config/ (Note that i.j.b is far -easier to type but may not work in some configurations). - -These pages are *not* forwarded to a server on the internet - instead they are -handled by a special web server which is built in to JunkBuster. - -If you are not running JunkBuster, then http://i.j.b/ will fail, and http:// -ijbswa.sourceforge.net/config/ will return a web page telling you you're not -running JunkBuster. - -If you have version 2.0.2, then the equivalent is http://example.com/ -show-proxy-args (but you get far less information, and you should really -consider upgrading to 2.9.x). - -------------------------------------------------------------------------------- - + Since JunkBuster sits between your web browser and the Internet, it + can be programmed to handle certain pages specially. + + With recent versions of JunkBuster (version 2.9.x), you can get some + information about JunkBuster and change some settings by going to + http://i.j.b/ or, equivalently, http://ijbswa.sourceforge.net/config/ + (Note that i.j.b is far easier to type but may not work in some + configurations). + + These pages are *not* forwarded to a server on the internet - instead + they are handled by a special web server which is built in to + JunkBuster. + + If you are not running JunkBuster, then http://i.j.b/ will fail, and + http://ijbswa.sourceforge.net/config/ will return a web page telling + you you're not running JunkBuster. + + If you have version 2.0.2, then the equivalent is + http://example.com/show-proxy-args (but you get far less information, + and you should really consider upgrading to 2.9.x). + _________________________________________________________________ + 1.4.4. I would like to help you, what do I do? -Well, helping the team is always a good idea. We welcome new developers, RPM -gurus or documentation makers. Simply get an account on sourceforge.net and -mail your id to the developer mailing list. Once we have added you to the team, -you'll have write access to the CVS repository, and together we'll find a -suitable task for you. - -------------------------------------------------------------------------------- - + Well, helping the team is always a good idea. We welcome new + developers, RPM gurus or documentation makers. Simply get an account + on sourceforge.net and mail your id to the developer mailing list. + Once we have added you to the team, you'll have write access to the + CVS repository, and together we'll find a suitable task for you. + _________________________________________________________________ + 1.4.5. Do you still maintain the blocklists? -No. The format of the blocklists has changed significantly in the versions -2.9.x. Once we have released the new version, there will again be blocklists -that you can update automatically. - -------------------------------------------------------------------------------- - + No. The format of the blocklists has changed significantly in the + versions 2.9.x. Once we have released the new version, there will + again be blocklists that you can update automatically. + _________________________________________________________________ + 1.4.6. How can I submit new ads? -As of now, please discontinue to submit new ad blocking infos. Once we have -released the new version, there will again be a form on the website, which you -can use to contribute new ads. - -------------------------------------------------------------------------------- - + As of now, please discontinue to submit new ad blocking infos. Once we + have released the new version, there will again be a form on the + website, which you can use to contribute new ads. + _________________________________________________________________ + 1.4.7. How can I hide my IP address? -You cannot hide your IP address with Junkbuster or any other software, since -the server needs to know your IP address to send the answer to you. - -Fortunately there are many publicly usable anonymous proxies out there, which -solve the problem by providing a further level of indirection between you and -the web server, shared by many people and thus letting your requests "drown" in -white noise of unrelated requests as far as user tracking is concerned. - -Most of them will, however, log your IP address and make it available to the -authorities in case you abuse that anonymity for criminal purposes. In fact you -can't even rule out that some of them only exist to *collect* information on -(those suspicious) people with a more than average preference for privacy. - -You can find a list of anonymous public proxies at multiproxy.org and many more -through Google. - -------------------------------------------------------------------------------- - + You cannot hide your IP address with Junkbuster or any other software, + since the server needs to know your IP address to send the answer to + you. + + Fortunately there are many publicly usable anonymous proxies out + there, which solve the problem by providing a further level of + indirection between you and the web server, shared by many people and + thus letting your requests "drown" in white noise of unrelated + requests as far as user tracking is concerned. + + Most of them will, however, log your IP address and make it available + to the authorities in case you abuse that anonymity for criminal + purposes. In fact you can't even rule out that some of them only exist + to *collect* information on (those suspicious) people with a more than + average preference for privacy. + + You can find a list of anonymous public proxies at [63]multiproxy.org + and many more through Google. + _________________________________________________________________ + 1.4.8. Can Junkbuster guarantee I am anonymous? -No. Your chances of remaining anonymous are greatly improved, but unless you -are an expert on Internet security it would be safest to assume that everything -you do on the Web can be traced back to you. - -Junkbuster can remove various information about you, and allows you more -freedom to decide which sites you can trust. But it's still possible that web -sites can find out who you are. Here's one way this can happen. - -A few browsers disclose the user's email address in certain situations, such as -when transferring a file by FTP. Junkbuster does not filter FTP. If you need -this feature, or are concerned about the mail handler of your browser -disclosing your email address, you might consider products such as NSClean. - -Browsers available only as binaries could use non-standard headers to give out -any information they can have access to: see the manufacturer's license -agreement. It's impossible to anticipate and prevent every breach of privacy -that might occur. The professionally paranoid prefer browsers available as -source code, because anticipating their behavior is easier. Trust the source, -Luke! - -------------------------------------------------------------------------------- - + No. Your chances of remaining anonymous are greatly improved, but + unless you are an expert on Internet security it would be safest to + assume that everything you do on the Web can be traced back to you. + + Junkbuster can remove various information about you, and allows you + more freedom to decide which sites you can trust. But it's still + possible that web sites can find out who you are. Here's one way this + can happen. + + A few browsers disclose the user's email address in certain + situations, such as when transferring a file by FTP. Junkbuster does + not filter FTP. If you need this feature, or are concerned about the + mail handler of your browser disclosing your email address, you might + consider products such as NSClean. + + Browsers available only as binaries could use non-standard headers to + give out any information they can have access to: see the + manufacturer's license agreement. It's impossible to anticipate and + prevent every breach of privacy that might occur. The professionally + paranoid prefer browsers available as source code, because + anticipating their behavior is easier. Trust the source, Luke! + _________________________________________________________________ + 1.4.9. Might some things break because header information is being altered? -Definitely. More and more sites use HTTP header content to decide what to -display and how to display it. There is many ways that this can be handled, so -having hard and fast rules, is tricky. - -"USER AGENT" in particular is often used in this way to identify the browser, -and adjust content accordingly. Changing this now is not recommended, since so -many sites do look for this. You may get undesirable results by changing this. - -For instance, different browsers use different encodings of Russian and Czech -characters, certain web servers convert pages on-the-fly according to the User -Agent header. Giving a "User Agent" with the wrong operating system or browser -manufacturer causes some sites in these languages to be garbled; Surfers to -Eastern European sites should change it to something closer. And then some page -access counters work by looking at the "REFERER" header; they may fail or break -if unavailable. The weather maps of Intellicast have been blocked by their -server when no "REFERER" or cookie is provided, is another example. There are -many, many other ways things can go wrong when trying to fool a web server. - -If you have problems with a site, you will have to adjust your configuration -accordingly. Cookies are probably the most likely adjustment that may be -required, but by no means the only one. - -------------------------------------------------------------------------------- - + Definitely. More and more sites use HTTP header content to decide what + to display and how to display it. There is many ways that this can be + handled, so having hard and fast rules, is tricky. + + "USER AGENT" in particular is often used in this way to identify the + browser, and adjust content accordingly. Changing this now is not + recommended, since so many sites do look for this. You may get + undesirable results by changing this. + + For instance, different browsers use different encodings of Russian + and Czech characters, certain web servers convert pages on-the-fly + according to the User Agent header. Giving a "User Agent" with the + wrong operating system or browser manufacturer causes some sites in + these languages to be garbled; Surfers to Eastern European sites + should change it to something closer. And then some page access + counters work by looking at the "REFERER" header; they may fail or + break if unavailable. The weather maps of Intellicast have been + blocked by their server when no "REFERER" or cookie is provided, is + another example. There are many, many other ways things can go wrong + when trying to fool a web server. + + If you have problems with a site, you will have to adjust your + configuration accordingly. Cookies are probably the most likely + adjustment that may be required, but by no means the only one. + _________________________________________________________________ + 1.4.10. Can Junkbuster act as a "caching" proxy to speed up web browsing? -No, it does not have this ability at all. You want something like Squid for -this. And, yes, before you ask, Junkbuster can co-exist with other kinds of -proxies like "Squid". - -------------------------------------------------------------------------------- - + No, it does not have this ability at all. You want something like + [64]Squid for this. And, yes, before you ask, Junkbuster can co-exist + with other kinds of proxies like "Squid". + _________________________________________________________________ + 1.4.11. What about as a firewall? Can Junkbuster protect me? -Not in the way you mean, or in the way a true firewall can, or a proxy that has -this specific capability. Junkbuster can help protect your privacy, but not -really protect you from intrusion attempts. - -------------------------------------------------------------------------------- - -1.4.12. The Junkbuster logo that replaces ads is very blocky and ugly looking. -Can't a better font be used? - -This is not a font problem. The logo is an image that is created by Junkbuster -on the fly. So as to not waste memory, the image is rather small. The -blockiness comes when the image is scaled to fill a largish area. There is not -much to be done about this, other than to use one of the other "imageblock" -directives: pattern, blank, or a URL of your chosing. - -------------------------------------------------------------------------------- - -1.4.13. I have large empty spaces now where ads used to be. Why does Junkbuster -leave these large gaps? - -It would be easy enough to just eliminate this space altogether, rather than -fill it with blank space. But, this would create problems with many pages that -use the overall size of the ad to help organize the page layout and position -the various components of the page where they were intended to be. It is best -left this way. - -------------------------------------------------------------------------------- - + Not in the way you mean, or in the way a true firewall can, or a proxy + that has this specific capability. Junkbuster can help protect your + privacy, but not really protect you from intrusion attempts. + _________________________________________________________________ + +1.4.12. The Junkbuster logo that replaces ads is very blocky and ugly +looking. Can't a better font be used? + + This is not a font problem. The logo is an image that is created by + Junkbuster on the fly. So as to not waste memory, the image is rather + small. The blockiness comes when the image is scaled to fill a largish + area. There is not much to be done about this, other than to use one + of the other "imageblock" directives: pattern, blank, or a URL of your + chosing. + _________________________________________________________________ + +1.4.13. I have large empty spaces now where ads used to be. Why does +Junkbuster leave these large gaps? + + It would be easy enough to just eliminate this space altogether, + rather than fill it with blank space. But, this would create problems + with many pages that use the overall size of the ad to help organize + the page layout and position the various components of the page where + they were intended to be. It is best left this way. + _________________________________________________________________ + 1.4.14. How can Junkbuster filter Secure (HTTPS) URLs? -This is a limitation since HTTPS transactions are encrypted SSL sessions -between your browser and the secure site, and are meant to be reliably secure -and private. This means that all cookies and HTTP header information are also -encrypted from the time they leave your browser, to the site, and vice versa. -Junkbuster does not try to unencrypt this information, so it just passes -through as is. Junkbuster can still catch images and ads that are embedded in -the SSL stream though. - -------------------------------------------------------------------------------- - -1.4.15. Junkbuster runs as a "server". How secure is it? Do I need to take any -special precautions? - -There are no known exploits that might effect Junkbuster. On Unix-like systems, -Junkbuster can run as a non-privileged user, which is how we recommend it be -run. Also, by default Junkbuster only listens to requests from "localhost". It -is not itself directly exposed to the Internet in this configuration. If you -want to have Junkbuster serve as a LAN proxy, this will have to be opened up to -allow for LAN requests. In this case, we'd recommend you specify only the LAN -gateway address, e.g. 192.168.1.1 in the main Junkbuster config file. All LAN -hosts can then use this as their proxy address in the browser proxy -configuration. In this way, Junkbuster will not listen on any external ports. -Of course, a firewall is always good too. Better safe than sorry. - -------------------------------------------------------------------------------- - + This is a limitation since HTTPS transactions are encrypted SSL + sessions between your browser and the secure site, and are meant to be + reliably secure and private. This means that all cookies and HTTP + header information are also encrypted from the time they leave your + browser, to the site, and vice versa. Junkbuster does not try to + unencrypt this information, so it just passes through as is. + Junkbuster can still catch images and ads that are embedded in the SSL + stream though. + _________________________________________________________________ + +1.4.15. Junkbuster runs as a "server". How secure is it? Do I need to take +any special precautions? + + There are no known exploits that might effect Junkbuster. On Unix-like + systems, Junkbuster can run as a non-privileged user, which is how we + recommend it be run. Also, by default Junkbuster only listens to + requests from "localhost". It is not itself directly exposed to the + Internet in this configuration. If you want to have Junkbuster serve + as a LAN proxy, this will have to be opened up to allow for LAN + requests. In this case, we'd recommend you specify only the LAN + gateway address, e.g. 192.168.1.1 in the main Junkbuster config file. + All LAN hosts can then use this as their proxy address in the browser + proxy configuration. In this way, Junkbuster will not listen on any + external ports. Of course, a firewall is always good too. Better safe + than sorry. + _________________________________________________________________ + 1.4.16. What is a "re_filterfile"? -The "re_filterfile" is used to "filter" any page content. By "filtering" we -mean it can modify, remove, or change anything on the page, including HTML -tags, and JavaScript. Regular expressions are used to accomplish this. This is -potentially a very powerful feature, but requires some expertise. - -If you are familiar with regular expressions, and HTML, you can look at the -provided re_filterfile with a text editor and see some of things it can be used -for. - -Presently, there is no GUI editor option for this part of the configuration. - -------------------------------------------------------------------------------- - + The "re_filterfile" is used to "filter" any page content. By + "filtering" we mean it can modify, remove, or change anything on the + page, including HTML tags, and JavaScript. Regular expressions are + used to accomplish this. This is potentially a very powerful feature, + but requires some expertise. + + If you are familiar with regular expressions, and HTML, you can look + at the provided re_filterfile with a text editor and see some of + things it can be used for. + + Presently, there is no GUI editor option for this part of the + configuration. + _________________________________________________________________ + 1.5. Troubleshooting -1.5.1. I just upgraded and am getting "connection refused" with every web page? +1.5.1. I just upgraded and am getting "connection refused" with every web +page? -Either Junkbuster is not running, or your browser is configured for a different -port than what Junkbuster is using. - -The old Junkbuster used port 8000 by default. This has been changed to port -8118 now, due to a conflict with NAS (Network Audio Service), which uses port -8000. If you haven't, you need to change your browser to the new port number, -or alternately change Junkbuster's "listen-address" setting in the config file -used to start Junkbuster. - -------------------------------------------------------------------------------- - -1.5.2. I just added a new rule, but the steenkin ad is still getting through. -How? - -If the ad had been displayed before you added its URL, it will probably be held -in the browser's cache for some time, so it will be displayed without the need -for any request to the server, and Junkbuster will not be in the picture. The -best thing to do is try flusing the browser's caches. And then try again. - -If this doesn't help, you probably have an error in the rule you applied. Try -pasting the full URL of the offending ad into http://ijbswa.sourceforge.net/ -config/show-url-info and see if any actions match your new rule. - -------------------------------------------------------------------------------- - -1.5.3. One of my favorite sites does not work with Junkbuster. What can I do? - -First verify that it is indeed a Junkbuster problem, by disabling Junkbuster -filtering and blocking. Go to http://i.j.b/ and click on "Toggle Junkbuster On -or Off", then disable it. Now try that page again. - -If still a problem, go to "Show which actions apply to a URL and why" from -http://i.j.b/ and paste the full URL of the page in question into the prompt. -See which actions are being applied to the URL. Now, armed with this -information, go to "Edit the actions list". Here you should see various -sections that have various "Junkbuster" features disabled for specific sites. -Disabled "actions" will have a "-" (minus sign) in front of them. Add your -problem page URL to one of these sections that looks like it is disabling the -feature that is causing the problem. Re-try the page. There might be some trial -and error involved. This is discussed in a little more detail in the -user-manual appendix. - -Alternately, if you are comfortable with a text editor, you can accomplish the -same thing by editing the appropriate "actions" file. - -------------------------------------------------------------------------------- + Either Junkbuster is not running, or your browser is configured for a + different port than what Junkbuster is using. + + The old Junkbuster used port 8000 by default. This has been changed to + port 8118 now, due to a conflict with NAS (Network Audio Service), + which uses port 8000. If you haven't, you need to change your browser + to the new port number, or alternately change Junkbuster's + "listen-address" setting in the config file used to start Junkbuster. + _________________________________________________________________ + +1.5.2. I just added a new rule, but the steenkin ad is still getting +through. How? + + If the ad had been displayed before you added its URL, it will + probably be held in the browser's cache for some time, so it will be + displayed without the need for any request to the server, and + Junkbuster will not be in the picture. The best thing to do is try + flusing the browser's caches. And then try again. + + If this doesn't help, you probably have an error in the rule you + applied. Try pasting the full URL of the offending ad into + [65]http://ijbswa.sourceforge.net/config/show-url-info and see if any + actions match your new rule. + _________________________________________________________________ + +1.5.3. One of my favorite sites does not work with Junkbuster. What can I +do? + First verify that it is indeed a Junkbuster problem, by disabling + Junkbuster filtering and blocking. Go to [66]http://i.j.b/ and click + on "Toggle Junkbuster On or Off", then disable it. Now try that page + again. + + If still a problem, go to "Show which actions apply to a URL and why" + from [67]http://i.j.b/ and paste the full URL of the page in question + into the prompt. See which actions are being applied to the URL. Now, + armed with this information, go to "Edit the actions list". Here you + should see various sections that have various "Junkbuster" features + disabled for specific sites. Disabled "actions" will have a "-" (minus + sign) in front of them. Add your problem page URL to one of these + sections that looks like it is disabling the feature that is causing + the problem. Re-try the page. There might be some trial and error + involved. This is discussed in a little more detail in the + [68]user-manual appendix. + + Alternately, if you are comfortable with a text editor, you can + accomplish the same thing by editing the appropriate "actions" file. + _________________________________________________________________ + 1.5.4. What time is it? -Time for you to go! - -------------------------------------------------------------------------------- - + Time for you to go! + _________________________________________________________________ + 2. Contact the developers -Please see the user manual for information on how to contact the developers. - -------------------------------------------------------------------------------- - + Please see the user manual for information on how to contact the + developers. + _________________________________________________________________ + 3. Copyright and History -Please see the user manual for information on Copyright and History. - -------------------------------------------------------------------------------- - + Please see the user manual for information on Copyright and History. + _________________________________________________________________ + 4. See also -Please see the user manual for information on references. - + Please see the user manual for information on references. + +References + + 1. http://ijbswa.sourceforge.net/faq/ + 2. http://ijbswa.sourceforge.net/user-manual/contact.html + 3. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#QUESTIONS + 4. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#GENERAL + 5. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#NEWJB + 6. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#DIFFERS + 7. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#FEATURES + 8. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#PROXYMORON + 9. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#BROWSERS2 + 10. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#LICENSE + 11. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#INSTALLATION + 12. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#NEWINSTALL + 13. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN111 + 14. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#LOCALHOST + 15. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN133 + 16. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#CONFIGURATION + 17. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#NEWCONFIG + 18. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN148 + 19. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#ACTIONSS + 20. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN166 + 21. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#CONFIGFILES + 22. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#BROWSECONFIG + 23. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN278 + 24. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN289 + 25. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN300 + 26. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN305 + 27. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#MISC + 28. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN318 + 29. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#LOADINGTIMES + 30. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#CONFIGURL + 31. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#JOINTEAM + 32. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#BLOCKLIST + 33. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#NEWADS + 34. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#IP + 35. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN353 + 36. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN363 + 37. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN373 + 38. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN380 + 39. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN384 + 40. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN391 + 41. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN394 + 42. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN400 + 43. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN411 + 44. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN422 + 45. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN424 + 46. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN436 + 47. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN442 + 48. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN459 + 49. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#CONTACT + 50. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#COPYRIGHT + 51. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#SEEALSO + 52. http://www.junkbusters.com/ + 53. http://ijbswa.sourceforge.net/ + 54. http://i.j.b/ + 55. http://www.gnu.org/copyleft/gpl.html + 56. http://ijbswa.sourceforge.net/user-manual/ + 57. http://i.j.b/ + 58. http://ijbswa.sourceforge.net/user-manual/configuration.html#ACTIONSFILE + 59. http://i.j.b/ + 60. http://ijbswa.sourceforge.net/config/edit-actions + 61. http://ijbswa.sourceforge.net/user-manual/configuration.html#ACTIONSFILE + 62. http://i.j.b/ + 63. http://www.multiproxy.org/anon_list.htm + 64. http://www.squid-cache.org/ + 65. http://ijbswa.sourceforge.net/config/show-url-info + 66. http://i.j.b/ + 67. http://i.j.b/ + 68. http://ijbswa.sourceforge.net/user-manual/appenix.html#ACTIONSANAT diff --git a/doc/text/user-manual.txt b/doc/text/user-manual.txt index 695a3e1c..4aa02f57 100644 --- a/doc/text/user-manual.txt +++ b/doc/text/user-manual.txt @@ -1,2064 +1,2056 @@ -Junkbuster User Manual - -By: Junkbuster Developers - -$Id: user-manual.sgml,v 1.48 2002/03/12 06:33:01 hal9 Exp $ - -The user manual gives users information on how to install, configure and use -Internet Junkbuster. Internet Junkbuster is a web proxy with advanced filtering -capabilities for protecting privacy, filtering web page content, managing -cookies, controlling access, and removing ads, banners, pop-ups and other -obnoxious Internet Junk. Junkbuster has a very flexible configuration and can -be customized to suit individual needs and tastes. Internet Junkbuster has -application for both stand-alone systems and multi-user networks. -You can find the latest version of the user manual at http:// -ijbswa.sourceforge.net/user-manual/. - -------------------------------------------------------------------------------- +Junkbuster User Manual -Table of Contents + By: Junkbuster Developers + + $Id: user-manual.sgml,v 1.49 2002/03/21 17:01:05 hal9 Exp $ + + The user manual gives users information on how to install, configure + and use Internet Junkbuster. Internet Junkbuster is a web proxy with + advanced filtering capabilities for protecting privacy, filtering web + page content, managing cookies, controlling access, and removing ads, + banners, pop-ups and other obnoxious Internet Junk. Junkbuster has a + very flexible configuration and can be customized to suit individual + needs and tastes. Internet Junkbuster has application for both + stand-alone systems and multi-user networks. + + You can find the latest version of the user manual at + [1]http://ijbswa.sourceforge.net/user-manual/. + _________________________________________________________________ + + Table of Contents + 1. [2]Introduction + + 1.1. [3]New Features + + 2. [4]Installation + + 2.1. [5]Source + 2.2. [6]Red Hat + 2.3. [7]SuSE + 2.4. [8]OS/2 + 2.5. [9]Windows + 2.6. [10]Other + + 3. [11]JunkBuster Configuration + + 3.1. [12]Controlling Junkbuster with Your Web Browser + 3.2. [13]Configuration Files Overview + 3.3. [14]The Main Configuration File + + 3.3.1. [15]Defining Other Configuration Files + 3.3.2. [16]Other Configuration Options + 3.3.3. [17]Access Control List (ACL) + 3.3.4. [18]Forwarding + 3.3.5. [19]Windows GUI Options + + 3.4. [20]The Actions File + + 3.4.1. [21]URL Domain and Path Syntax + 3.4.2. [22]Actions + 3.4.3. [23]Aliases + + 3.5. [24]The Filter File + 3.6. [25]Templates + + 4. [26]Quickstart to Using Junkbuster + + 4.1. [27]Command Line Options + + 5. [28]Contacting the Developers, Bug Reporting and Feature Requests + 6. [29]Copyright and History + + 6.1. [30]License + 6.2. [31]History + + 7. [32]See also + 8. [33]Appendix + + 8.1. [34]Regular Expressions + + 21 + 22 + 23 + 24 + 25 + 26 + 27 + 28 + 29 + + 8.2. [35]JunkBuster's Internal Pages + 8.3. [36]Anatomy of an Action + 1. Introduction + + Internet Junkbuster is a web proxy with advanced filtering + capabilities for protecting privacy, filtering and modifying web page + content, managing cookies, controlling access, and removing ads, + banners, pop-ups and other obnoxious Internet Junk. Junkbuster has a + very flexible configuration and can be customized to suit individual + needs and tastes. Internet Junkbuster has application for both + stand-alone systems and multi-user networks. + + This documentation is included with the current BETA version of + Internet Junkbuster and is mostly complete at this point. The most up + to date reference for the time being is still the comments in the + source files and in the individual configuration files. Development of + version 3.0 is currently nearing completion, and includes many + significant changes and enhancements over earlier versions. The target + release date for stable v3.0 is "soon" ;-) + + Since this is a BETA version, not all new features are well tested. + This documentation may be slightly out of sync as a result (especially + with CVS sources). And there may be bugs, though hopefully not many! + _________________________________________________________________ - 1.1. New Features +1.1. New Features + + In addition to Junkbuster's traditional features of ad and banner + blocking and cookie management, this is a list of new features + currently under development: + + * Integrated browser based configuration and control utility + ([37]http://i.j.b). Browser-based tracing of rule and filter + effects. + * Blocking of annoying pop-up browser windows. + * HTTP/1.1 compliant (most, but not all 1.1 features are supported). + * Support for Perl Compatible Regular Expressions in the + configuration files, and generally a more sophisticated and + flexible configuration syntax over previous versions. + * GIF de-animation. + * Web page content filtering (removes banners based on size, + invisible "web-bugs", JavaScript, pop-ups, status bar abuse, etc.) + * Bypass many click-tracking scripts (avoids script redirection). + * Multi-threaded (POSIX and native threads). + * Auto-detection and re-reading of config file changes. + * User-customizable HTML templates (e.g. 404 error page). + * Improved cookie management features (e.g. session based cookies). + * Builds from source on most UNIX-like systems. Packages available + for: Linux (RedHat, SuSE, or Debian), Windows, Sun Solaris, Mac + OSX, OS/2, HP-UX 11 and AmigaOS. + * In addition, the configuration is much more powerful and versatile + over-all. + _________________________________________________________________ 2. Installation + + Junkbuster is available as raw source code, or pre-compiled binaries. + See the [38]Junkbuster Home Page for binaries and current release + info. Junkbuster is also available via [39]CVS. This is the + recommended approach at this time. But please be aware that CVS is + constantly changing, and it may break in mysterious ways. + _________________________________________________________________ - 2.1. Source - 2.2. Red Hat - 2.3. SuSE - 2.4. OS/2 - 2.5. Windows - 2.6. Other - -3. JunkBuster Configuration - - 3.1. Controlling Junkbuster with Your Web Browser - 3.2. Configuration Files Overview - 3.3. The Main Configuration File - - 3.3.1. Defining Other Configuration Files - 3.3.2. Other Configuration Options - 3.3.3. Access Control List (ACL) - 3.3.4. Forwarding - 3.3.5. Windows GUI Options - - 3.4. The Actions File - - 3.4.1. URL Domain and Path Syntax - 3.4.2. Actions - 3.4.3. Aliases - - 3.5. The Filter File - 3.6. Templates - -4. Quickstart to Using Junkbuster - - 4.1. Command Line Options - -5. Contacting the Developers, Bug Reporting and Feature Requests -6. Copyright and History +2.1. Source + + For gzipped tar archives, unpack the source: - 6.1. License - 6.2. History + tar xzvf ijb_source_* [.tgz or .tar.gz] + cd ijb_source_2.9.11_beta + + For retrieving the current CVS sources, you'll need the CVS package + installed first. To download CVS source: -7. See also -8. Appendix + cvs -d:pserver:anonymous@cvs.ijbswa.sourceforge.net:/cvsroot/ijbswa login + cvs -z3 -d:pserver:anonymous@cvs.ijbswa.sourceforge.net:/cvsroot/ijbswa co cu +rrent + cd current + + This will create a directory named current/, which will contain the + source tree. - 8.1. Regular Expressions - 8.2. JunkBuster's Internal Pages - 8.3. Anatomy of an Action + Then, in either case, to build from tarball/CVS source: -1. Introduction - -Internet Junkbuster is a web proxy with advanced filtering capabilities for -protecting privacy, filtering and modifying web page content, managing cookies, -controlling access, and removing ads, banners, pop-ups and other obnoxious -Internet Junk. Junkbuster has a very flexible configuration and can be -customized to suit individual needs and tastes. Internet Junkbuster has -application for both stand-alone systems and multi-user networks. - -This documentation is included with the current BETA version of Internet -Junkbuster and is mostly complete at this point. The most up to date reference -for the time being is still the comments in the source files and in the -individual configuration files. Development of version 3.0 is currently nearing -completion, and includes many significant changes and enhancements over earlier -versions. The target release date for stable v3.0 is "soon" ;-) + ./configure (--help to see options) + make (the make from gnu, gmake for *BSD) + su + make -n install (to see where all the files will go) + make install (to really install) -Since this is a BETA version, not all new features are well tested. This -documentation may be slightly out of sync as a result (especially with CVS -sources). And there may be bugs, though hopefully not many! - -------------------------------------------------------------------------------- - -1.1. New Features - -In addition to Junkbuster's traditional features of ad and banner blocking and -cookie management, this is a list of new features currently under development: - - * Integrated browser based configuration and control utility (http://i.j.b). - Browser-based tracing of rule and filter effects. - - * Blocking of annoying pop-up browser windows. + For Redhat and SuSE Linux RPM packages, see below. + _________________________________________________________________ - * HTTP/1.1 compliant (most, but not all 1.1 features are supported). +2.2. Red Hat + + To build Redhat RPM packages, install source as above. Then: - * Support for Perl Compatible Regular Expressions in the configuration files, - and generally a more sophisticated and flexible configuration syntax over - previous versions. + autoheader [suggested for CVS source] + autoconf [suggested for CVS source] + ./configure + make redhat-dist + + This will create both binary and src RPMs in the usual places. + Example: - * GIF de-animation. + /usr/src/redhat/RPMS/i686/junkbuster-2.9.11-1.i686.rpm - * Web page content filtering (removes banners based on size, invisible - "web-bugs", JavaScript, pop-ups, status bar abuse, etc.) + /usr/src/redhat/SRPMS/junkbuster-2.9.11-1.src.rpm - * Bypass many click-tracking scripts (avoids script redirection). + To install, of course: - * Multi-threaded (POSIX and native threads). + rpm -Uvv /usr/src/redhat/RPMS/i686/junkbuster-2.9.11-1.i686.rpm + + This will place the Junkbuster configuration files in + /etc/junkbuster/, and log files in /var/log/junkbuster/. + _________________________________________________________________ - * Auto-detection and re-reading of config file changes. +2.3. SuSE + + To build SuSE RPM packages, install source as above. Then: - * User-customizable HTML templates (e.g. 404 error page). + autoheader [suggested for CVS source] + autoconf [suggested for CVS source] + ./configure + make suse-dist + + This will create both binary and src RPMs in the usual places. + Example: - * Improved cookie management features (e.g. session based cookies). + /usr/src/packages/RPMS/i686/junkbuster-2.9.11-1.i686.rpm - * Builds from source on most UNIX-like systems. Packages available for: Linux - (RedHat, SuSE, or Debian), Windows, Sun Solaris, Mac OSX, OS/2, HP-UX 11 - and AmigaOS. + /usr/src/packages/SRPMS/junkbuster-2.9.11-1.src.rpm - * In addition, the configuration is much more powerful and versatile - over-all. + To install, of course: -------------------------------------------------------------------------------- - -2. Installation - -Junkbuster is available as raw source code, or pre-compiled binaries. See the -Junkbuster Home Page for binaries and current release info. Junkbuster is also -available via CVS. This is the recommended approach at this time. But please be -aware that CVS is constantly changing, and it may break in mysterious ways. - -------------------------------------------------------------------------------- - -2.1. Source - -For gzipped tar archives, unpack the source: - - tar xzvf ijb_source_* [.tgz or .tar.gz] - cd ijb_source_2.9.11_beta - - -For retrieving the current CVS sources, you'll need the CVS package installed -first. To download CVS source: - - cvs -d:pserver:anonymous@cvs.ijbswa.sourceforge.net:/cvsroot/ijbswa login - cvs -z3 -d:pserver:anonymous@cvs.ijbswa.sourceforge.net:/cvsroot/ijbswa co current - cd current - - -This will create a directory named current/, which will contain the source -tree. - -Then, in either case, to build from tarball/CVS source: - - ./configure (--help to see options) - make (the make from gnu, gmake for *BSD) - su - make -n install (to see where all the files will go) - make install (to really install) - - -For Redhat and SuSE Linux RPM packages, see below. - -------------------------------------------------------------------------------- - -2.2. Red Hat - -To build Redhat RPM packages, install source as above. Then: - - autoheader [suggested for CVS source] - autoconf [suggested for CVS source] - ./configure - make redhat-dist - - -This will create both binary and src RPMs in the usual places. Example: - - /usr/src/redhat/RPMS/i686/junkbuster-2.9.11-1.i686.rpm - - /usr/src/redhat/SRPMS/junkbuster-2.9.11-1.src.rpm - -To install, of course: - - rpm -Uvv /usr/src/redhat/RPMS/i686/junkbuster-2.9.11-1.i686.rpm - - -This will place the Junkbuster configuration files in /etc/junkbuster/, and log -files in /var/log/junkbuster/. - -------------------------------------------------------------------------------- - -2.3. SuSE - -To build SuSE RPM packages, install source as above. Then: - - autoheader [suggested for CVS source] - autoconf [suggested for CVS source] - ./configure - make suse-dist - - -This will create both binary and src RPMs in the usual places. Example: - - /usr/src/packages/RPMS/i686/junkbuster-2.9.11-1.i686.rpm - - /usr/src/packages/SRPMS/junkbuster-2.9.11-1.src.rpm - -To install, of course: - - rpm -Uvv /usr/src/packages/RPMS/i686/junkbuster-2.9.11-1.i686.rpm - - -This will place the Junkbuster configuration files in /etc/junkbuster/, and log -files in /var/log/junkbuster/. - -------------------------------------------------------------------------------- + rpm -Uvv /usr/src/packages/RPMS/i686/junkbuster-2.9.11-1.i686.rpm + This will place the Junkbuster configuration files in + /etc/junkbuster/, and log files in /var/log/junkbuster/. + _________________________________________________________________ + 2.4. OS/2 -Junkbuster is packaged in a WarpIN self- installing archive. The -self-installing program will be named depending on the release version, -something like: ijbos2_setup_1.2.3.exe. In order to install it, simply run this -executable or double-click on its icon and follow the WarpIN installation -panels. A shadow of the Junkbuster executable will be placed in your startup -folder so it will start automatically whenever OS/2 starts. - -The directory you choose to install Junkbuster into will contain all of the -configuration files. - -If you would like to build binary images on OS/2 yourself, you will need a few -Unix-like tools: autoconf, autoheader and sh. These tools will be used to -create the required config.h file, which is not part of the source distribution -because it differs based on platform. You will also need a compiler. The -distribution has been created using IBM VisualAge compilers, but you can use -any compiler you like. GCC/EMX has the disadvantage of needing to be -single-threaded due to a limitation of EMX's implementation of the select() -socket call. - -In addition to needing the source code distribution as outlined earlier, you -will want to extract the os2seutp directory from CVS: - - cvs -d:pserver:anonymous@cvs.ijbswa.sourceforge.net:/cvsroot/ijbswa login - cvs -z3 -d:pserver:anonymous@cvs.ijbswa.sourceforge.net:/cvsroot/ijbswa co os2setup - - -This will create a directory named os2setup/, which will contain the -Makefile.vac makefile and os2build.cmd which is used to completely create the -binary distribution. The sequence of events for building the executable for -yourself goes something like this: - - cd current - autoheader - autoconf - sh configure - cd ..\os2setup - nmake -f Makefile.vac - - -You will see this sequence laid out in os2build.cmd. - -------------------------------------------------------------------------------- - + Junkbuster is packaged in a WarpIN self- installing archive. The + self-installing program will be named depending on the release + version, something like: ijbos2_setup_1.2.3.exe. In order to install + it, simply run this executable or double-click on its icon and follow + the WarpIN installation panels. A shadow of the Junkbuster executable + will be placed in your startup folder so it will start automatically + whenever OS/2 starts. + + The directory you choose to install Junkbuster into will contain all + of the configuration files. + + If you would like to build binary images on OS/2 yourself, you will + need a few Unix-like tools: autoconf, autoheader and sh. These tools + will be used to create the required config.h file, which is not part + of the source distribution because it differs based on platform. You + will also need a compiler. The distribution has been created using IBM + VisualAge compilers, but you can use any compiler you like. GCC/EMX + has the disadvantage of needing to be single-threaded due to a + limitation of EMX's implementation of the select() socket call. + + In addition to needing the source code distribution as outlined + earlier, you will want to extract the os2seutp directory from CVS: + cvs -d:pserver:anonymous@cvs.ijbswa.sourceforge.net:/cvsroot/ijbswa login + + cvs -z3 -d:pserver:anonymous@cvs.ijbswa.sourceforge.net:/cvsroot/ijbswa co os2 +setup + + This will create a directory named os2setup/, which will contain the + Makefile.vac makefile and os2build.cmd which is used to completely + create the binary distribution. The sequence of events for building + the executable for yourself goes something like this: + cd current + autoheader + autoconf + sh configure + cd ..\os2setup + nmake -f Makefile.vac + + You will see this sequence laid out in os2build.cmd. + _________________________________________________________________ + 2.5. Windows -Click-click. (I need help on this. Not a clue here. Also for configuration -section below. HB.) - -------------------------------------------------------------------------------- - + Click-click. (I need help on this. Not a clue here. Also for + configuration section below. HB.) + _________________________________________________________________ + 2.6. Other -Some quick notes on other Operating Systems. - -For FreeBSD (and other *BSDs?), the build will require gmake instead of the -included make. gmake is available from http://www.gnu.org. The rest should be -the same as above for Linux/Unix. - -------------------------------------------------------------------------------- - + Some quick notes on other Operating Systems. + + For FreeBSD (and other *BSDs?), the build will require gmake instead + of the included make. gmake is available from [40]http://www.gnu.org. + The rest should be the same as above for Linux/Unix. + _________________________________________________________________ + 3. JunkBuster Configuration -All JunkBuster configuration is kept in text files. These files can be edited -with a text editor. Many important aspects of JunkBuster can also be controlled -easily with a web browser. - -------------------------------------------------------------------------------- - + All JunkBuster configuration is kept in text files. These files can be + edited with a text editor. Many important aspects of JunkBuster can + also be controlled easily with a web browser. + _________________________________________________________________ + 3.1. Controlling Junkbuster with Your Web Browser -JunkBuster can be reached by the special URL http://i.j.b/ (or alternately -http://ijbswa.sourceforge.net/config/), which is an internal page. You will see -the following section: - -Please choose from the following options: - - * Show information about the current configuration - * Show the source code version numbers - * Show the client's request headers. - * Show which actions apply to a URL and why - * Toggle JunkBuster on or off - * Edit the actions list - - - -This should be self-explanatory. Note the last item is an editor for the -"actions list", which is where much of the ad, banner, cookie, and URL blocking -magic is configured as well as other advanced features of Junkbuster. This is -an easy way to adjust various aspects of Junkbuster configuration. The actions -file, and other configuration files, are explained in detail below. Junkbuster -will automatically detect any changes to these files. - -"Toggle JunkBuster On or Off" is handy for sites that might have problems with -your current actions and filters, or just to test if a site misbehaves, whether -it is JunkBuster causing the problem or not. Junkbuster continues to run as a -proxy in this case, but all filtering is disabled. - -------------------------------------------------------------------------------- - -3.2. Configuration Files Overview + JunkBuster can be reached by the special URL [41]http://i.j.b/ (or + alternately [42]http://ijbswa.sourceforge.net/config/), which is an + internal page. You will see the following section: + +Please choose from the following options: -For Unix, *BSD and Linux, all configuration files are located in /etc/ -junkbuster/ by default. For MS Windows, OS/2, and AmigaOS these are all in the -same directory as the Junkbuster executable. The name and number of -configuration files has changed from previous versions, and is subject to -change as development progresses. + * Show information about the current configuration + * Show the source code version numbers + * Show the client's request headers. + * Show which actions apply to a URL and why + * Toggle JunkBuster on or off + * Edit the actions list -The installed defaults provide a reasonable starting point, though possibly -aggressive by some standards. For the time being, there are only three default -configuration files (this will change in time): - * The main configuration file is named config on Linux, Unix, BSD, OS/2, and - AmigaOS and config.txt on Windows. + This should be self-explanatory. Note the last item is an editor for + the "actions list", which is where much of the ad, banner, cookie, and + URL blocking magic is configured as well as other advanced features of + Junkbuster. This is an easy way to adjust various aspects of + Junkbuster configuration. The actions file, and other configuration + files, are explained in detail below. Junkbuster will automatically + detect any changes to these files. - * The ijb.action file is used to define various "actions" relating to images, - banners, pop-ups, access restrictions, banners and cookies. There is a CGI - based editor for this file that can be accessed via http://i.j.b. (Other - actions files are included as well with differing levels of filtering and - blocking, e.g. ijb-basic.action.) + "Toggle JunkBuster On or Off" is handy for sites that might have + problems with your current actions and filters, or just to test if a + site misbehaves, whether it is JunkBuster causing the problem or not. + Junkbuster continues to run as a proxy in this case, but all filtering + is disabled. + _________________________________________________________________ - * The re_filterfile file can be used to re-write the raw page content, - including viewable text as well as embedded HTML and JavaScript, and - whatever else lurks on any given web page. - -ijb.action and re_filterfile can use Perl style regular expressions for maximum -flexibility. All files use the "#" character to denote a comment. Such lines -are not processed by Junkbuster. After making any changes, there is no need to -restart Junkbuster in order for the changes to take effect. Junkbuster should -detect such changes automatically. - -While under development, the configuration content is subject to change. The -below documentation may not be accurate by the time you read this. Also, what -constitutes a "default" setting, may change, so please check all your -configuration files on important issues. - -------------------------------------------------------------------------------- +3.2. Configuration Files Overview + For Unix, *BSD and Linux, all configuration files are located in + /etc/junkbuster/ by default. For MS Windows, OS/2, and AmigaOS these + are all in the same directory as the Junkbuster executable. The name + and number of configuration files has changed from previous versions, + and is subject to change as development progresses. + + The installed defaults provide a reasonable starting point, though + possibly aggressive by some standards. For the time being, there are + only three default configuration files (this will change in time): + + * The main configuration file is named config on Linux, Unix, BSD, + OS/2, and AmigaOS and config.txt on Windows. + * The ijb.action file is used to define various "actions" relating + to images, banners, pop-ups, access restrictions, banners and + cookies. There is a CGI based editor for this file that can be + accessed via [43]http://i.j.b. (Other actions files are included + as well with differing levels of filtering and blocking, e.g. + ijb-basic.action.) + * The re_filterfile file can be used to re-write the raw page + content, including viewable text as well as embedded HTML and + JavaScript, and whatever else lurks on any given web page. + + ijb.action and re_filterfile can use Perl style regular expressions + for maximum flexibility. All files use the "#" character to denote a + comment. Such lines are not processed by Junkbuster. After making any + changes, there is no need to restart Junkbuster in order for the + changes to take effect. Junkbuster should detect such changes + automatically. + + While under development, the configuration content is subject to + change. The below documentation may not be accurate by the time you + read this. Also, what constitutes a "default" setting, may change, so + please check all your configuration files on important issues. + _________________________________________________________________ + 3.3. The Main Configuration File -Again, the main configuration file is named config on Linux/Unix/BSD and OS/2, -and config.txt on Windows. Configuration lines consist of an initial keyword -followed by a list of values, all separated by whitespace (any number of spaces -or tabs). For example: - - blockfile blocklist.ini + Again, the main configuration file is named config on Linux/Unix/BSD + and OS/2, and config.txt on Windows. Configuration lines consist of an + initial keyword followed by a list of values, all separated by + whitespace (any number of spaces or tabs). For example: + + blockfile blocklist.ini + + Indicates that the blockfile is named "blocklist.ini". (A default + installation does not use this.) + + A "#" indicates a comment. Any part of a line following a "#" is + ignored, except if the "#" is preceded by a "\". + + Thus, by placing a "#" at the start of an existing configuration line, + you can make it a comment and it will be treated as if it weren't + there. This is called "commenting out" an option and can be useful to + turn off features: If you comment out the "logfile" line, junkbuster + will not log to a file at all. Watch for the "default:" section in + each explanation to see what happens if the option is left unset (or + commented out). + + Long lines can be continued on the next line by using a "\" as the + very last character. + + There are various aspects of Junkbuster behavior that can be tuned. + _________________________________________________________________ - -Indicates that the blockfile is named "blocklist.ini". (A default installation -does not use this.) - -A "#" indicates a comment. Any part of a line following a "#" is ignored, -except if the "#" is preceded by a "\". - -Thus, by placing a "#" at the start of an existing configuration line, you can -make it a comment and it will be treated as if it weren't there. This is called -"commenting out" an option and can be useful to turn off features: If you -comment out the "logfile" line, junkbuster will not log to a file at all. Watch -for the "default:" section in each explanation to see what happens if the -option is left unset (or commented out). - -Long lines can be continued on the next line by using a "\" as the very last -character. - -There are various aspects of Junkbuster behavior that can be tuned. - -------------------------------------------------------------------------------- - 3.3.1. Defining Other Configuration Files -Junkbuster can use a number of other files to tell it what ads to block, what -cookies to accept, etc. This section of the configuration file tells Junkbuster -where to find all those other files. - -On Windows and AmigaOS, Junkbuster looks for these files in the same directory -as the executable. On Unix and OS/2, Junkbuster looks for these files in the -current working directory. In either case, an absolute path name can be used to -avoid problems. - -When development goes modular and multi-user, the blocker, filter, and per-user -config will be stored in subdirectories of "confdir". For now, only confdir/ -templates is used for storing HTML templates for CGI results. - -The location of the configuration files: - - confdir /etc/junkbuster # No trailing /, please. + Junkbuster can use a number of other files to tell it what ads to + block, what cookies to accept, etc. This section of the configuration + file tells Junkbuster where to find all those other files. - -The directory where all logging (i.e. logfile and jarfile) takes place. No -trailing "/", please: - - logdir /var/log/junkbuster + On Windows and AmigaOS, Junkbuster looks for these files in the same + directory as the executable. On Unix and OS/2, Junkbuster looks for + these files in the current working directory. In either case, an + absolute path name can be used to avoid problems. - -Note that all file specifications below are relative to the above two -directories! - -The "ijb.action" file contains patterns to specify the actions to apply to -requests for each site. Default: Cookies to and from all destinations are kept -only during the current browser session (i.e. they are not saved to disk). -Pop-ups are disabled for all sites. All sites are filtered through selected -sections of "re_filterfile". No sites are blocked. The JunkBuster logo is -displayed for filtered ads and other images. The syntax of this file is -explained in detail below. Other "actions" files are included, and you are free -to use any of them. They have varying degrees of aggressiveness. - - actionsfile ijb.action + When development goes modular and multi-user, the blocker, filter, and + per-user config will be stored in subdirectories of "confdir". For + now, only confdir/templates is used for storing HTML templates for CGI + results. - -The "re_filterfile" file contains content modification rules that use "regular -expressions". These rules permit powerful changes on the content of Web pages, -e.g., you could disable your favorite JavaScript annoyances, re-write the -actual displayed text, or just have some fun replacing "Microsoft" with -"MicroSuck" wherever it appears on a Web page. Default: whatever the developers -are playing with :-/ - -Filtering requires buffering the page content, which may appear to slow down -page rendering since nothing is displayed until all content has passed the -filters. (It does not really take longer, but seems that way since the page is -not incrementally displayed.) This effect will be more noticeable on slower -connections. - - re_filterfile re_filterfile + The location of the configuration files: - -The logfile is where all logging and error messages are written. The logfile -can be useful for tracking down a problem with Junkbuster (e.g., it's not -blocking an ad you think it should block) but in most cases you probably will -never look at it. - -Your logfile will grow indefinitely, and you will probably want to periodically -remove it. On Unix systems, you can do this with a cron job (see "man cron"). -For Redhat, a logrotate script has been included. - -On SuSE Linux systems, you can place a line like "/var/log/junkbuster.* +1024k -644 nobody.nogroup" in /etc/logfiles, with the effect that cron.daily will -automatically archive, gzip, and empty the log, when it exceeds 1M size. - -Default: Log to the a file named logfile. Comment out to disable logging. - - logfile logfile + confdir /etc/junkbuster # No trailing /, please. - -The "jarfile" defines where Junkbuster stores the cookies it intercepts. Note -that if you use a "jarfile", it may grow quite large. Default: Don't store -intercepted cookies. - - #jarfile jarfile + The directory where all logging (i.e. logfile and jarfile) takes + place. No trailing "/", please: - -If you specify a "trustfile", Junkbuster will only allow access to sites that -are named in the trustfile. You can also mark sites as trusted referrers, with -the effect that access to untrusted sites will be granted, if a link from a -trusted referrer was used. The link target will then be added to the -"trustfile". This is a very restrictive feature that typical users most -probably want to leave disabled. Default: Disabled, don't use the trust -mechanism. - - #trustfile trust + logdir /var/log/junkbuster - -If you use the trust mechanism, it is a good idea to write up some on-line -documentation about your blocking policy and to specify the URL(s) here. They -will appear on the page that your users receive when they try to access -untrusted content. Use multiple times for multiple URLs. Default: Don't display -links on the "untrusted" info page. - - trust-info-url http://www.your-site.com/why_we_block.html - trust-info-url http://www.your-site.com/what_we_allow.html + Note that all file specifications below are relative to the above two + directories! - -------------------------------------------------------------------------------- - -3.3.2. Other Configuration Options - -This part of the configuration file contains options that control how -Junkbuster operates. - -"Admin-address" should be set to the email address of the proxy administrator. -It is used in many of the proxy-generated pages. Default: fill@me.in.please. - - #admin-address fill@me.in.please + The "ijb.action" file contains patterns to specify the actions to + apply to requests for each site. Default: Cookies to and from all + destinations are kept only during the current browser session (i.e. + they are not saved to disk). Pop-ups are disabled for all sites. All + sites are filtered through selected sections of "re_filterfile". No + sites are blocked. The JunkBuster logo is displayed for filtered ads + and other images. The syntax of this file is explained in detail + [44]below. Other "actions" files are included, and you are free to use + any of them. They have varying degrees of aggressiveness. - -"Proxy-info-url" can be set to a URL that contains more info about this -Junkbuster installation, it's configuration and policies. It is used in many of -the proxy-generated pages and its use is highly recommended in multi-user -installations, since your users will want to know why certain content is -blocked or modified. Default: Don't show a link to on-line documentation. - - proxy-info-url http://www.your-site.com/proxy.html + actionsfile ijb.action - -"Listen-address" specifies the address and port where Junkbuster will listen -for connections from your Web browser. The default is to listen on the -localhost port 8118, and this is suitable for most users. (In your web browser, -under proxy configuration, list the proxy server as "localhost" and the port as -"8118"). - -If you already have another service running on port 8118, or if you want to -serve requests from other machines (e.g. on your local network) as well, you -will need to override the default. The syntax is "listen-address -[]:". If you leave out the IP address, junkbuster will bind -to all interfaces (addresses) on your machine and may become reachable from the -Internet. In that case, consider using access control lists (acl's) (see -"aclfile" above), or a firewall. - -For example, suppose you are running Junkbuster on a machine which has the -address 192.168.0.1 on your local private network (192.168.0.0) and has another -outside connection with a different address. You want it to serve requests from -inside only: - - listen-address 192.168.0.1:8118 + The "re_filterfile" file contains content modification rules that use + "regular expressions". These rules permit powerful changes on the + content of Web pages, e.g., you could disable your favorite JavaScript + annoyances, re-write the actual displayed text, or just have some fun + replacing "Microsoft" with "MicroSuck" wherever it appears on a Web + page. Default: whatever the developers are playing with :-/ - -If you want it to listen on all addresses (including the outside connection): - - listen-address :8118 + Filtering requires buffering the page content, which may appear to + slow down page rendering since nothing is displayed until all content + has passed the filters. (It does not really take longer, but seems + that way since the page is not incrementally displayed.) This effect + will be more noticeable on slower connections. - -If you do this, consider using ACLs (see "aclfile" above). Note: you will need -to point your browser(s) to the address and port that you have configured here. -Default: localhost:8118 (127.0.0.1:8118). - -The debug option sets the level of debugging information to log in the logfile -(and to the console in the Windows version). A debug level of 1 is informative -because it will show you each request as it happens. Higher levels of debug are -probably only of interest to developers. - - debug 1 # GPC = show each GET/POST/CONNECT request - debug 2 # CONN = show each connection status - debug 4 # IO = show I/O status - debug 8 # HDR = show header parsing - debug 16 # LOG = log all data into the logfile - debug 32 # FRC = debug force feature - debug 64 # REF = debug regular expression filter - debug 128 # = debug fast redirects - debug 256 # = debug GIF de-animation - debug 512 # CLF = Common Log Format - debug 1024 # = debug kill pop-ups - debug 4096 # INFO = Startup banner and warnings. - debug 8192 # ERROR = Non-fatal errors - - -It is highly recommended that you enable ERROR reporting (debug 8192), at least -until v3.0 is released. - -The reporting of FATAL errors (i.e. ones which crash JunkBuster) is always on -and cannot be disabled. - -If you want to use CLF (Common Log Format), you should set "debug 512" ONLY, do -not enable anything else. - -Multiple "debug" directives, are OK - they're logical-OR'd together. - - debug 15 # same as setting the first 4 listed above + re_filterfile re_filterfile - -Default: - - debug 1 # URLs - debug 4096 # Info - debug 8192 # Errors - *we highly recommended enabling this* + The logfile is where all logging and error messages are written. The + logfile can be useful for tracking down a problem with Junkbuster + (e.g., it's not blocking an ad you think it should block) but in most + cases you probably will never look at it. - -Junkbuster normally uses "multi-threading", a software technique that permits -it to handle many different requests simultaneously. In some cases you may wish -to disable this -- particularly if you're trying to debug a problem. The -"single-threaded" option forces Junkbuster to handle requests sequentially. -Default: Multi-threaded mode. - - #single-threaded + Your logfile will grow indefinitely, and you will probably want to + periodically remove it. On Unix systems, you can do this with a cron + job (see "man cron"). For Redhat, a logrotate script has been + included. - -"toggle" allows you to temporarily disable all Junkbuster's filtering. Just set -"toggle 0". - -The Windows version of Junkbuster puts an icon in the system tray, which also -allows you to change this option. If you right-click on that icon (or select -the "Options" menu), one choice is "Enable". Clicking on enable toggles -Junkbuster on and off. This is useful if you want to temporarily disable -Junkbuster, e.g., to access a site that requires cookies which you would -otherwise have blocked. This can also be toggled via a web browser at the -Junkbuster internal address of http://i.j.b on any platform. - -"toggle 1" means Junkbuster runs normally, "toggle 0" means that Junkbuster -becomes a non-anonymizing non-blocking proxy. Default: 1 (on). - - toggle 1 + On SuSE Linux systems, you can place a line like + "/var/log/junkbuster.* +1024k 644 nobody.nogroup" in /etc/logfiles, + with the effect that cron.daily will automatically archive, gzip, and + empty the log, when it exceeds 1M size. - -For content filtering, i.e. the "+filter" and "+deanimate-gif" actions, it is -necessary that Junkbuster buffers the entire document body. This can be -potentially dangerous, since a server could just keep sending data indefinitely -and wait for your RAM to exhaust. With nasty consequences. - -The buffer-limit option lets you set the maximum size in Kbytes that each -buffer may use. When the documents buffer exceeds this size, it is flushed to -the client unfiltered and no further attempt to filter the rest of it is made. -Remember that there may multiple threads running, which might require -increasing the "buffer-limit" Kbytes each, unless you have enabled -"single-threaded" above. - - buffer-limit 4069 + Default: Log to the a file named logfile. Comment out to disable + logging. - -To enable the web-based ijb.action file editor set enable-edit-actions to 1, or -0 to disable. Note that you must have compiled JunkBuster with support for this -feature, otherwise this option has no effect. This internal page can be reached -at http://i.j.b. - -Security note: If this is enabled, anyone who can use the proxy can edit the -actions file, and their changes will affect all users. For shared proxies, you -probably want to disable this. Default: enabled. - - enable-edit-actions 1 + logfile logfile - -Allow JunkBuster to be toggled on and off remotely, using your web browser. Set -"enable-remote-toggle"to 1 to enable, and 0 to disable. Note that you must have -compiled JunkBuster with support for this feature, otherwise this option has no -effect. - -Security note: If this is enabled, anyone who can use the proxy can toggle it -on or off (see http://i.j.b), and their changes will affect all users. For -shared proxies, you probably want to disable this. Default: enabled. - - enable-remote-toggle 1 + The "jarfile" defines where Junkbuster stores the cookies it + intercepts. Note that if you use a "jarfile", it may grow quite large. + Default: Don't store intercepted cookies. + #jarfile jarfile + + If you specify a "trustfile", Junkbuster will only allow access to + sites that are named in the trustfile. You can also mark sites as + trusted referrers, with the effect that access to untrusted sites will + be granted, if a link from a trusted referrer was used. The link + target will then be added to the "trustfile". This is a very + restrictive feature that typical users most probably want to leave + disabled. Default: Disabled, don't use the trust mechanism. + + #trustfile trust + + If you use the trust mechanism, it is a good idea to write up some + on-line documentation about your blocking policy and to specify the + URL(s) here. They will appear on the page that your users receive when + they try to access untrusted content. Use multiple times for multiple + URLs. Default: Don't display links on the "untrusted" info page. + + trust-info-url http://www.your-site.com/why_we_block.html + trust-info-url http://www.your-site.com/what_we_allow.html + _________________________________________________________________ + +3.3.2. Other Configuration Options -------------------------------------------------------------------------------- - + This part of the configuration file contains options that control how + Junkbuster operates. + + "Admin-address" should be set to the email address of the proxy + administrator. It is used in many of the proxy-generated pages. + Default: fill@me.in.please. + + #admin-address fill@me.in.please + + "Proxy-info-url" can be set to a URL that contains more info about + this Junkbuster installation, it's configuration and policies. It is + used in many of the proxy-generated pages and its use is highly + recommended in multi-user installations, since your users will want to + know why certain content is blocked or modified. Default: Don't show a + link to on-line documentation. + + proxy-info-url http://www.your-site.com/proxy.html + + "Listen-address" specifies the address and port where Junkbuster will + listen for connections from your Web browser. The default is to listen + on the localhost port 8118, and this is suitable for most users. (In + your web browser, under proxy configuration, list the proxy server as + "localhost" and the port as "8118"). + + If you already have another service running on port 8118, or if you + want to serve requests from other machines (e.g. on your local + network) as well, you will need to override the default. The syntax is + "listen-address []:". If you leave out the IP + address, junkbuster will bind to all interfaces (addresses) on your + machine and may become reachable from the Internet. In that case, + consider using access control lists (acl's) (see "aclfile" above), or + a firewall. + + For example, suppose you are running Junkbuster on a machine which has + the address 192.168.0.1 on your local private network (192.168.0.0) + and has another outside connection with a different address. You want + it to serve requests from inside only: + + listen-address 192.168.0.1:8118 + + If you want it to listen on all addresses (including the outside + connection): + + listen-address :8118 + + If you do this, consider using ACLs (see "aclfile" above). Note: you + will need to point your browser(s) to the address and port that you + have configured here. Default: localhost:8118 (127.0.0.1:8118). + + The debug option sets the level of debugging information to log in the + logfile (and to the console in the Windows version). A debug level of + 1 is informative because it will show you each request as it happens. + Higher levels of debug are probably only of interest to developers. + + debug 1 # GPC = show each GET/POST/CONNECT request + debug 2 # CONN = show each connection status + debug 4 # IO = show I/O status + debug 8 # HDR = show header parsing + debug 16 # LOG = log all data into the logfile + debug 32 # FRC = debug force feature + debug 64 # REF = debug regular expression filter + debug 128 # = debug fast redirects + debug 256 # = debug GIF de-animation + debug 512 # CLF = Common Log Format + debug 1024 # = debug kill pop-ups + debug 4096 # INFO = Startup banner and warnings. + debug 8192 # ERROR = Non-fatal errors + + It is highly recommended that you enable ERROR reporting (debug 8192), + at least until v3.0 is released. + + The reporting of FATAL errors (i.e. ones which crash JunkBuster) is + always on and cannot be disabled. + + If you want to use CLF (Common Log Format), you should set "debug 512" + ONLY, do not enable anything else. + + Multiple "debug" directives, are OK - they're logical-OR'd together. + + debug 15 # same as setting the first 4 listed above + + Default: + + debug 1 # URLs + debug 4096 # Info + debug 8192 # Errors - *we highly recommended enabling this* + + Junkbuster normally uses "multi-threading", a software technique that + permits it to handle many different requests simultaneously. In some + cases you may wish to disable this -- particularly if you're trying to + debug a problem. The "single-threaded" option forces Junkbuster to + handle requests sequentially. Default: Multi-threaded mode. + + #single-threaded + + "toggle" allows you to temporarily disable all Junkbuster's filtering. + Just set "toggle 0". + + The Windows version of Junkbuster puts an icon in the system tray, + which also allows you to change this option. If you right-click on + that icon (or select the "Options" menu), one choice is "Enable". + Clicking on enable toggles Junkbuster on and off. This is useful if + you want to temporarily disable Junkbuster, e.g., to access a site + that requires cookies which you would otherwise have blocked. This can + also be toggled via a web browser at the Junkbuster internal address + of [45]http://i.j.b on any platform. + + "toggle 1" means Junkbuster runs normally, "toggle 0" means that + Junkbuster becomes a non-anonymizing non-blocking proxy. Default: 1 + (on). + + toggle 1 + + For content filtering, i.e. the "+filter" and "+deanimate-gif" + actions, it is necessary that Junkbuster buffers the entire document + body. This can be potentially dangerous, since a server could just + keep sending data indefinitely and wait for your RAM to exhaust. With + nasty consequences. + + The buffer-limit option lets you set the maximum size in Kbytes that + each buffer may use. When the documents buffer exceeds this size, it + is flushed to the client unfiltered and no further attempt to filter + the rest of it is made. Remember that there may multiple threads + running, which might require increasing the "buffer-limit" Kbytes + each, unless you have enabled "single-threaded" above. + + buffer-limit 4069 + + To enable the web-based ijb.action file editor set enable-edit-actions + to 1, or 0 to disable. Note that you must have compiled JunkBuster + with support for this feature, otherwise this option has no effect. + This internal page can be reached at [46]http://i.j.b. + + Security note: If this is enabled, anyone who can use the proxy can + edit the actions file, and their changes will affect all users. For + shared proxies, you probably want to disable this. Default: enabled. + + enable-edit-actions 1 + + Allow JunkBuster to be toggled on and off remotely, using your web + browser. Set "enable-remote-toggle"to 1 to enable, and 0 to disable. + Note that you must have compiled JunkBuster with support for this + feature, otherwise this option has no effect. + + Security note: If this is enabled, anyone who can use the proxy can + toggle it on or off (see [47]http://i.j.b), and their changes will + affect all users. For shared proxies, you probably want to disable + this. Default: enabled. + + enable-remote-toggle 1 + _________________________________________________________________ + 3.3.3. Access Control List (ACL) -Access controls are included at the request of some ISPs and systems -administrators, and are not usually needed by individual users. Please note the -warnings in the FAQ that this proxy is not intended to be a substitute for a -firewall or to encourage anyone to defer addressing basic security weaknesses. - -If no access settings are specified, the proxy talks to anyone that connects. -If any access settings file are specified, then the proxy talks only to IP -addresses permitted somewhere in this file and not denied later in this file. - -Summary -- if using an ACL: - -Client must have permission to receive service. - -LAST match in ACL wins. - -Default behavior is to deny service. - -The syntax for an entry in the Access Control List is: - - ACTION SRC_ADDR[/SRC_MASKLEN] [ DST_ADDR[/DST_MASKLEN] ] + Access controls are included at the request of some ISPs and systems + administrators, and are not usually needed by individual users. Please + note the warnings in the FAQ that this proxy is not intended to be a + substitute for a firewall or to encourage anyone to defer addressing + basic security weaknesses. - -Where the individual fields are: - - ACTION = "permit-access" or "deny-access" - - SRC_ADDR = client hostname or dotted IP address - SRC_MASKLEN = number of bits in the subnet mask for the source - - DST_ADDR = server or forwarder hostname or dotted IP address - DST_MASKLEN = number of bits in the subnet mask for the target + If no access settings are specified, the proxy talks to anyone that + connects. If any access settings file are specified, then the proxy + talks only to IP addresses permitted somewhere in this file and not + denied later in this file. - -The field separator (FS) is whitespace (space or tab). - -IMPORTANT NOTE: If the junkbuster is using a forwarder (see below) or a gateway -for a particular destination URL, the DST_ADDR that is examined is the address -of the forwarder or the gateway and NOT the address of the ultimate target. -This is necessary because it may be impossible for the local Junkbuster to -determine the address of the ultimate target (that's often what gateways are -used for). - -Here are a few examples to show how the ACL features work: - -"localhost" is OK -- no DST_ADDR implies that ALL destination addresses are OK: - - permit-access localhost + Summary -- if using an ACL: - -A silly example to illustrate permitting any host on the class-C subnet with -Junkbuster to go anywhere: - - permit-access www.junkbusters.com/24 + Client must have permission to receive service. - -Except deny one particular IP address from using it at all: - - deny-access ident.junkbusters.com + LAST match in ACL wins. - -You can also specify an explicit network address and subnet mask. Explicit -addresses do not have to be resolved to be used. - - permit-access 207.153.200.0/24 + Default behavior is to deny service. - -A subnet mask of 0 matches anything, so the next line permits everyone. - - permit-access 0.0.0.0/0 + The syntax for an entry in the Access Control List is: - -Note, you cannot say: - - permit-access .org + ACTION SRC_ADDR[/SRC_MASKLEN] [ DST_ADDR[/DST_MASKLEN] ] - -to allow all *.org domains. Every IP address listed must resolve fully. - -An ISP may want to provide a Junkbuster that is accessible by "the world" and -yet restrict use of some of their private content to hosts on its internal -network (i.e. its own subscribers). Say, for instance the ISP owns the Class-B -IP address block 123.124.0.0 (a 16 bit netmask). This is how they could do it: - - permit-access 0.0.0.0/0 0.0.0.0/0 # other clients can go anywhere - # with the following exceptions: - - deny-access 0.0.0.0/0 123.124.0.0/16 # block all external requests for - # sites on the ISP's network - - permit 0.0.0.0/0 www.my_isp.com # except for the ISP's main - # web site - - permit 123.124.0.0/16 0.0.0.0/0 # the ISP's clients can go - # anywhere + Where the individual fields are: + + ACTION = "permit-access" or "deny-access" + SRC_ADDR = client hostname or dotted IP address + SRC_MASKLEN = number of bits in the subnet mask for the source + DST_ADDR = server or forwarder hostname or dotted IP address + DST_MASKLEN = number of bits in the subnet mask for the target + + The field separator (FS) is whitespace (space or tab). + + IMPORTANT NOTE: If the junkbuster is using a forwarder (see below) or + a gateway for a particular destination URL, the DST_ADDR that is + examined is the address of the forwarder or the gateway and NOT the + address of the ultimate target. This is necessary because it may be + impossible for the local Junkbuster to determine the address of the + ultimate target (that's often what gateways are used for). + + Here are a few examples to show how the ACL features work: + + "localhost" is OK -- no DST_ADDR implies that ALL destination + addresses are OK: + + permit-access localhost + + A silly example to illustrate permitting any host on the class-C + subnet with Junkbuster to go anywhere: + + permit-access www.junkbusters.com/24 + + Except deny one particular IP address from using it at all: + + deny-access ident.junkbusters.com + + You can also specify an explicit network address and subnet mask. + Explicit addresses do not have to be resolved to be used. + + permit-access 207.153.200.0/24 + + A subnet mask of 0 matches anything, so the next line permits + everyone. + + permit-access 0.0.0.0/0 + + Note, you cannot say: + + permit-access .org + + to allow all *.org domains. Every IP address listed must resolve + fully. + + An ISP may want to provide a Junkbuster that is accessible by "the + world" and yet restrict use of some of their private content to hosts + on its internal network (i.e. its own subscribers). Say, for instance + the ISP owns the Class-B IP address block 123.124.0.0 (a 16 bit + netmask). This is how they could do it: + + permit-access 0.0.0.0/0 0.0.0.0/0 # other clients can go anywhere + # with the following exceptions + : + + deny-access 0.0.0.0/0 123.124.0.0/16 # block all external request + s for + # sites on the ISP's network + permit 0.0.0.0/0 www.my_isp.com # except for the ISP's main + # web site + permit 123.124.0.0/16 0.0.0.0/0 # the ISP's clients can go + # anywhere + + Note that if some hostnames are listed with multiple IP addresses, the + primary value returned by DNS (via gethostbyname()) is used. Default: + Anyone can access the proxy. + _________________________________________________________________ - -Note that if some hostnames are listed with multiple IP addresses, the primary -value returned by DNS (via gethostbyname()) is used. Default: Anyone can access -the proxy. - -------------------------------------------------------------------------------- - 3.3.4. Forwarding -This feature allows chaining of HTTP requests via multiple proxies. It can be -used to better protect privacy and confidentiality when accessing specific -domains by routing requests to those domains to a special purpose filtering -proxy such as lpwa.com. Or to use a caching proxy to speed up browsing. - -It can also be used in an environment with multiple networks to route requests -via multiple gateways allowing transparent access to multiple networks without -having to modify browser configurations. - -Also specified here are SOCKS proxies. Junkbuster SOCKS 4 and SOCKS 4A. The -difference is that SOCKS 4A will resolve the target hostname using DNS on the -SOCKS server, not our local DNS client. - -The syntax of each line is: - - forward target_domain[:port] http_proxy_host[:port] - forward-socks4 target_domain[:port] socks_proxy_host[:port] http_proxy_host[: -port] - forward-socks4a target_domain[:port] socks_proxy_host[:port] http_proxy_host[: -port] + This feature allows chaining of HTTP requests via multiple proxies. It + can be used to better protect privacy and confidentiality when + accessing specific domains by routing requests to those domains to a + special purpose filtering proxy such as lpwa.com. Or to use a caching + proxy to speed up browsing. - -If http_proxy_host is ".", then requests are not forwarded to a HTTP proxy but -are made directly to the web servers. - -Lines are checked in sequence, and the last match wins. - -There is an implicit line equivalent to the following, which specifies that -anything not finding a match on the list is to go out without forwarding or -gateway protocol, like so: - - forward .* . # implicit + It can also be used in an environment with multiple networks to route + requests via multiple gateways allowing transparent access to multiple + networks without having to modify browser configurations. - -In the following common configuration, everything goes to Lucent's LPWA, except -SSL on port 443 (which it doesn't handle): - - forward .* lpwa.com:8000 - forward :443 . + Also specified here are SOCKS proxies. Junkbuster SOCKS 4 and SOCKS + 4A. The difference is that SOCKS 4A will resolve the target hostname + using DNS on the SOCKS server, not our local DNS client. - -Some users have reported difficulties related to LPWA's use of "." as the last -element of the domain, and have said that this can be fixed with this: - - forward lpwa. lpwa.com:8000 + The syntax of each line is: - -(NOTE: the syntax for specifying target_domain has changed since the previous -paragraph was written -- it will not work now. More information is welcome.) - -In this fictitious example, everything goes via an ISP's caching proxy, except -requests to that ISP: - - forward .* caching.myisp.net:8000 - forward myisp.net . + forward target_domain[:port] http_proxy_host[:port] + forward-socks4 target_domain[:port] socks_proxy_host[:port] + http_proxy_host[:port] + forward-socks4a target_domain[:port] socks_proxy_host[:port] + http_proxy_host[:port] - -For the @home network, we're told the forwarding configuration is this: - - forward .* proxy:8080 + If http_proxy_host is ".", then requests are not forwarded to a HTTP + proxy but are made directly to the web servers. - -Also, we're told they insist on getting cookies and JavaScript, so you should -allow cookies from home.com. We consider JavaScript a potential security risk. -Java need not be enabled. - -In this example direct connections are made to all "internal" domains, but -everything else goes through Lucent's LPWA by way of the company's SOCKS -gateway to the Internet. - - forward-socks4 .* lpwa.com:8000 firewall.my_company.com:1080 - forward my_company.com . + Lines are checked in sequence, and the last match wins. - -This is how you could set up a site that always uses SOCKS but no forwarders: - - forward-socks4a .* . firewall.my_company.com:1080 + There is an implicit line equivalent to the following, which specifies + that anything not finding a match on the list is to go out without + forwarding or gateway protocol, like so: - -An advanced example for network administrators: - -If you have links to multiple ISPs that provide various special content to -their subscribers, you can configure forwarding to pass requests to the -specific host that's connected to that ISP so that everybody can see all of the -content on all of the ISPs. - -This is a bit tricky, but here's an example: - -host-a has a PPP connection to isp-a.com. And host-b has a PPP connection to -isp-b.com. host-a can run a Junkbuster proxy with forwarding like this: - - forward .* . - forward isp-b.com host-b:8118 + forward .* . # implicit - -host-b can run a Junkbuster proxy with forwarding like this: - - forward .* . - forward isp-a.com host-a:8118 + In the following common configuration, everything goes to Lucent's + LPWA, except SSL on port 443 (which it doesn't handle): - -Now, anyone on the Internet (including users on host-a and host-b) can set -their browser's proxy to either host-a or host-b and be able to browse the -content on isp-a or isp-b. - -Here's another practical example, for University of Kent at Canterbury students -with a network connection in their room, who need to use the University's Squid -web cache. - - forward *. ssbcache.ukc.ac.uk:3128 # Use the proxy, except for: - forward .ukc.ac.uk . # Anything on the same domain as us - forward * . # Host with no domain specified - forward 129.12.*.* . # A dotted IP on our /16 network. - forward 127.*.*.* . # Loopback address - forward localhost.localdomain . # Loopback address - forward www.ukc.mirror.ac.uk . # Specific host + forward .* lpwa.com:8000 + forward :443 . - -If you intend to chain Junkbuster and squid locally, then chain as browser -> -squid -> junkbuster is the recommended way. - -Your squid configuration could then look like this: - - # Define junkbuster as parent cache - - cache_peer 127.0.0.1 parent 8118 0 no-query - - # Define ACL for protocol FTP - acl FTP proto FTP - - # Do not forward ACL FTP to junkbuster - always_direct allow FTP - - # Do not forward ACL CONNECT (https) to junkbuster - always_direct allow CONNECT - - # Forward the rest to junkbuster - never_direct allow all + Some users have reported difficulties related to LPWA's use of "." as + the last element of the domain, and have said that this can be fixed + with this: + + forward lpwa. lpwa.com:8000 + + (NOTE: the syntax for specifying target_domain has changed since the + previous paragraph was written -- it will not work now. More + information is welcome.) + + In this fictitious example, everything goes via an ISP's caching + proxy, except requests to that ISP: + + forward .* caching.myisp.net:8000 + forward myisp.net . + + For the @home network, we're told the forwarding configuration is + this: + + forward .* proxy:8080 + + Also, we're told they insist on getting cookies and JavaScript, so you + should allow cookies from home.com. We consider JavaScript a potential + security risk. Java need not be enabled. + + In this example direct connections are made to all "internal" domains, + but everything else goes through Lucent's LPWA by way of the company's + SOCKS gateway to the Internet. + + forward-socks4 .* lpwa.com:8000 firewall.my_company.com:1080 + forward my_company.com . + + This is how you could set up a site that always uses SOCKS but no + forwarders: + + forward-socks4a .* . firewall.my_company.com:1080 + + An advanced example for network administrators: + + If you have links to multiple ISPs that provide various special + content to their subscribers, you can configure forwarding to pass + requests to the specific host that's connected to that ISP so that + everybody can see all of the content on all of the ISPs. + + This is a bit tricky, but here's an example: + + host-a has a PPP connection to isp-a.com. And host-b has a PPP + connection to isp-b.com. host-a can run a Junkbuster proxy with + forwarding like this: + + forward .* . + forward isp-b.com host-b:8118 + + host-b can run a Junkbuster proxy with forwarding like this: + + forward .* . + forward isp-a.com host-a:8118 + + Now, anyone on the Internet (including users on host-a and host-b) can + set their browser's proxy to either host-a or host-b and be able to + browse the content on isp-a or isp-b. + + Here's another practical example, for University of Kent at Canterbury + students with a network connection in their room, who need to use the + University's Squid web cache. + + forward *. ssbcache.ukc.ac.uk:3128 # Use the proxy, except for: + forward .ukc.ac.uk . # Anything on the same domain as us + forward * . # Host with no domain specified + forward 129.12.*.* . # A dotted IP on our /16 network. + forward 127.*.*.* . # Loopback address + forward localhost.localdomain . # Loopback address + forward www.ukc.mirror.ac.uk . # Specific host + + If you intend to chain Junkbuster and squid locally, then chain as + browser -> squid -> junkbuster is the recommended way. + + Your squid configuration could then look like this: + + # Define junkbuster as parent cache + + cache_peer 127.0.0.1 parent 8118 0 no-query + + # Define ACL for protocol FTP + acl FTP proto FTP + # Do not forward ACL FTP to junkbuster + always_direct allow FTP + # Do not forward ACL CONNECT (https) to junkbuster + always_direct allow CONNECT + # Forward the rest to junkbuster + never_direct allow all + _________________________________________________________________ - -------------------------------------------------------------------------------- - 3.3.5. Windows GUI Options -Junkbuster has a number of options specific to the Windows GUI interface: - -If "activity-animation" is set to 1, the Junkbuster icon will animate when -"Junkbuster" is active. To turn off, set to 0. - - activity-animation 1 + Junkbuster has a number of options specific to the Windows GUI + interface: - -If "log-messages" is set to 1, Junkbuster will log messages to the console -window: - - log-messages 1 + If "activity-animation" is set to 1, the Junkbuster icon will animate + when "Junkbuster" is active. To turn off, set to 0. - -If "log-buffer-size" is set to 1, the size of the log buffer, i.e. the amount -of memory used for the log messages displayed in the console window, will be -limited to "log-max-lines" (see below). - -Warning: Setting this to 0 will result in the buffer to grow infinitely and eat -up all your memory! - - log-buffer-size 1 + activity-animation 1 - -log-max-lines is the maximum number of lines held in the log buffer. See above. - - log-max-lines 200 + If "log-messages" is set to 1, Junkbuster will log messages to the + console window: - -If "log-highlight-messages" is set to 1, Junkbuster will highlight portions of -the log messages with a bold-faced font: - - log-highlight-messages 1 + log-messages 1 - -The font used in the console window: - - log-font-name Comic Sans MS + If "log-buffer-size" is set to 1, the size of the log buffer, i.e. the + amount of memory used for the log messages displayed in the console + window, will be limited to "log-max-lines" (see below). - -Font size used in the console window: - - log-font-size 8 + Warning: Setting this to 0 will result in the buffer to grow + infinitely and eat up all your memory! - -"show-on-task-bar" controls whether or not Junkbuster will appear as a button -on the Task bar when minimized: - - show-on-task-bar 0 + log-buffer-size 1 - -If "close-button-minimizes" is set to 1, the Windows close button will minimize -Junkbuster instead of closing the program (close with the exit option on the -File menu). - - close-button-minimizes 1 + log-max-lines is the maximum number of lines held in the log buffer. + See above. - -The "hide-console" option is specific to the MS-Win console version of -JunkBuster. If this option is used, Junkbuster will disconnect from and hide -the command console. - - #hide-console + log-max-lines 200 - -------------------------------------------------------------------------------- - -3.4. The Actions File - -The "ijb.action" file (formerly actionsfile) is used to define what actions -Junkbuster takes, and thus determines how images, cookies and various other -aspects of HTTP content and transactions are handled. Images can be anything -you want, including ads, banners, or just some obnoxious URL that you would -rather not see. Cookies can be accepted or rejected, or accepted only during -the current browser session (i.e. not written to disk). Changes to ijb.action -should be immediately visible to Junkbuster without the need to restart. - -To determine which actions apply to a request, the URL of the request is -compared to all patterns in this file. Every time it matches, the list of -applicable actions for the URL is incrementally updated. You can trace this -process by visiting http://i.j.b/show-url-info. - -The actions file can be edited with a browser by loading http://i.j.b/, and -then select "Edit Actions List". - -There are four types of lines in this file: comments (begin with a "#" -character), actions, aliases and patterns, all of which are explained below, as -well as the configuration file syntax that Junkbuster understands. - -------------------------------------------------------------------------------- - -3.4.1. URL Domain and Path Syntax - -Generally, a pattern has the form /, where both the and - part are optional. If you only specify a domain part, the "/" can be -left out: - -www.example.com - is a domain only pattern and will match any request to -"www.example.com". - -www.example.com/ - means exactly the same. - -www.example.com/index.html - matches only the single document "/index.html" on -"www.example.com". - -/index.html - matches the document "/index.html", regardless of the domain. - -index.html - matches nothing, since it would be interpreted as a domain name -and there is no top-level domain called ".html". - -The matching of the domain part offers some flexible options: if the domain -starts or ends with a dot, it becomes unanchored at that end. For example: - -.example.com - matches any domain that ENDS in ".example.com". - -www. - matches any domain that STARTS with "www". - -Additionally, there are wild-cards that you can use in the domain names -themselves. They work pretty similar to shell wild-cards: "*" stands for zero -or more arbitrary characters, "?" stands for any single character. And you can -define character classes in square brackets and they can be freely mixed: - -ad*.example.com - matches "adserver.example.com", "ads.example.com", etc but -not "sfads.example.com". - -*ad*.example.com - matches all of the above, and then some. - -.?pix.com - matches "www.ipix.com", "pictures.epix.com", "a.b.c.d.e.upix.com", -etc. - -www[1-9a-ez].example.com - matches "www1.example.com", "www4.example.com", -"wwwd.example.com", "wwwz.example.com", etc., but not "wwww.example.com". - -If Junkbuster was compiled with "pcre" support (default), Perl compatible -regular expressions can be used. See the pcre/docs/ directory or "man perlre" -(also available on http://www.perldoc.com/perl5.6/pod/perlre.html) for details. -A brief discussion of regular expressions is in the Appendix. For instance: - -/.*/advert[0-9]+\.jpe?g - would match a URL from any domain, with any path that -includes "advert" followed immediately by one or more digits, then a "." and -ending in either "jpeg" or "jpg". So we match "example.com/ads/advert2.jpg", -and "www.example.com/ads/banners/advert39.jpeg", but not "www.example.com/ads/ -banners/advert39.gif" (no gifs in the example pattern). - -Please note that matching in the path is case INSENSITIVE by default, but you -can switch to case sensitive at any point in the pattern by using the "(?-i)" -switch: - -www.example.com/(?-i)PaTtErN.* - will match only documents whose path starts -with "PaTtErN" in exactly this capitalization. - -------------------------------------------------------------------------------- - -3.4.2. Actions - -Actions are enabled if preceded with a "+", and disabled if preceded with a -"-". Actions are invoked by enclosing the action name in curly braces (e.g. -{+some_action}), followed by a list of URLs to which the action applies. There -are three classes of actions: - - * Boolean (e.g. "+/-block"): + If "log-highlight-messages" is set to 1, Junkbuster will highlight + portions of the log messages with a bold-faced font: - {+name} # enable this action - {-name} # disable this action - + log-highlight-messages 1 - * parameterized (e.g. "+/-hide-user-agent"): + The font used in the console window: - {+name{param}} # enable action and set parameter to "param" - {-name} # disable action - + log-font-name Comic Sans MS - * Multi-value (e.g. "{+/-add-header{Name: value}}", "{+/-wafer{name=value}} - "): + Font size used in the console window: - {+name{param}} # enable action and add parameter "param" - {-name{param}} # remove the parameter "param" - {-name} # disable this action totally - + log-font-size 8 -If nothing is specified in this file, no "actions" are taken. So in this case -JunkBuster would just be a normal, non-blocking, non-anonymizing proxy. You -must specifically enable the privacy and blocking features you need (although -the provided default ijb.action file will give a good starting point). - -Later defined actions always over-ride earlier ones. For multi-valued actions, -the actions are applied in the order they are specified. + "show-on-task-bar" controls whether or not Junkbuster will appear as a + button on the Task bar when minimized: + + show-on-task-bar 0 + + If "close-button-minimizes" is set to 1, the Windows close button will + minimize Junkbuster instead of closing the program (close with the + exit option on the File menu). + + close-button-minimizes 1 + + The "hide-console" option is specific to the MS-Win console version of + JunkBuster. If this option is used, Junkbuster will disconnect from + and hide the command console. + + #hide-console + _________________________________________________________________ + +3.4. The Actions File -The list of valid Junkbuster "actions" are: + The "ijb.action" file (formerly actionsfile) is used to define what + actions Junkbuster takes, and thus determines how images, cookies and + various other aspects of HTTP content and transactions are handled. + Images can be anything you want, including ads, banners, or just some + obnoxious URL that you would rather not see. Cookies can be accepted + or rejected, or accepted only during the current browser session (i.e. + not written to disk). Changes to ijb.action should be immediately + visible to Junkbuster without the need to restart. + + The easiest way to edit "actions" file is with a browser by loading + [48]http://i.j.b/, and then select "Edit Actions List". A text editor + can also be used. + + To determine which actions apply to a request, the URL of the request + is compared to all patterns in this file. Every time it matches, the + list of applicable actions for the URL is incrementally updated. You + can trace this process by visiting [49]http://i.j.b/show-url-info. + + There are four types of lines in this file: comments (begin with a "#" + character), actions, aliases and patterns, all of which are explained + below, as well as the configuration file syntax that Junkbuster + understands. + _________________________________________________________________ + +3.4.1. URL Domain and Path Syntax - * Add the specified HTTP header, which is not checked for validity. You may - specify this many times to specify many different headers: + Generally, a pattern has the form /, where both the + and part are optional. If you only specify a domain + part, the "/" can be left out: + + www.example.com - is a domain only pattern and will match any request + to "www.example.com". + + www.example.com/ - means exactly the same. + + www.example.com/index.html - matches only the single document + "/index.html" on "www.example.com". - +add-header{Name: value} - + /index.html - matches the document "/index.html", regardless of the + domain. - * Block this URL totally. In a default installation, a "blocked" URL will - result in bright red banner that says "BLOCKED", with a reason why it is - being blocked. + index.html - matches nothing, since it would be interpreted as a + domain name and there is no top-level domain called ".html". - +block - + The matching of the domain part offers some flexible options: if the + domain starts or ends with a dot, it becomes unanchored at that end. + For example: - * De-animate all animated GIF images, i.e. reduce them to their last frame. - This will also shrink the images considerably (in bytes, not pixels!). If - the option "first" is given, the first frame of the animation is used as - the replacement. If "last" is given, the last frame of the animation is - used instead, which probably makes more sense for most banner animations, - but also has the risk of not showing the entire last frame (if it is only a - delta to an earlier frame). + .example.com - matches any domain that ENDS in ".example.com". - +deanimate-gifs{last} - +deanimate-gifs{first} - + www. - matches any domain that STARTS with "www". - * "+downgrade" will downgrade HTTP/1.1 client requests to HTTP/1.0 and - downgrade the responses as well. Use this action for servers that use HTTP/ - 1.1 protocol features that Junkbuster doesn't handle well yet. HTTP/1.1 is - only partially implemented. Default is not to downgrade requests. + Additionally, there are wild-cards that you can use in the domain + names themselves. They work pretty similar to shell wild-cards: "*" + stands for zero or more arbitrary characters, "?" stands for any + single character. And you can define character classes in square + brackets and they can be freely mixed: - +downgrade - + ad*.example.com - matches "adserver.example.com", "ads.example.com", + etc but not "sfads.example.com". - * Many sites, like yahoo.com, don't just link to other sites. Instead, they - will link to some script on their own server, giving the destination as a - parameter, which will then redirect you to the final target. URLs resulting - from this scheme typically look like: http://some.place/some_script?http:// - some.where-else. + *ad*.example.com - matches all of the above, and then some. - Sometimes, there are even multiple consecutive redirects encoded in the - URL. These redirections via scripts make your web browsing more traceable, - since the server from which you follow such a link can see where you go to. - Apart from that, valuable bandwidth and time is wasted, while your browser - ask the server for one redirect after the other. Plus, it feeds the - advertisers. + .?pix.com - matches "www.ipix.com", "pictures.epix.com", + "a.b.c.d.e.upix.com", etc. - The "+fast-redirects" option enables interception of these requests by - Junkbuster, who will cut off all but the last valid URL in the request and - send a local redirect back to your browser without contacting the remote - site. + www[1-9a-ez].example.com - matches "www1.example.com", + "www4.example.com", "wwwd.example.com", "wwwz.example.com", etc., but + not "wwww.example.com". - +fast-redirects - + If Junkbuster was compiled with "pcre" support (default), Perl + compatible regular expressions can be used. See the pcre/docs/ + directory or "man perlre" (also available on + [50]http://www.perldoc.com/perl5.6/pod/perlre.html) for details. A + brief discussion of regular expressions is in the [51]Appendix. For + instance: - * Apply the filters in the section_header section of the re_filterfile file - to the site(s). Re_filterfile sections are grouped according to like - functionality. + /.*/advert[0-9]+\.jpe?g - would match a URL from any domain, with any + path that includes "advert" followed immediately by one or more + digits, then a "." and ending in either "jpeg" or "jpg". So we match + "example.com/ads/advert2.jpg", and + "www.example.com/ads/banners/advert39.jpeg", but not + "www.example.com/ads/banners/advert39.gif" (no gifs in the example + pattern). - +filter{section_header} - + Please note that matching in the path is case INSENSITIVE by default, + but you can switch to case sensitive at any point in the pattern by + using the "(?-i)" switch: - Filter sections that are pre-defined in the supplied re_filterfile include: + www.example.com/(?-i)PaTtErN.* - will match only documents whose path + starts with "PaTtErN" in exactly this capitalization. + _________________________________________________________________ - html-annoyances: Get rid of particularly annoying HTML abuse. +3.4.2. Actions + + Actions are enabled if preceded with a "+", and disabled if preceded + with a "-". Actions are invoked by enclosing the action name in curly + braces (e.g. {+some_action}), followed by a list of URLs to which the + action applies. There are three classes of actions: + + * Boolean (e.g. "+/-block"): + {+name} # enable this action + {-name} # disable this action - js-annoyances: Get rid of particularly annoying JavaScript abuse + * parameterized (e.g. "+/-hide-user-agent"): + {+name{param}} # enable action and set parameter to "param" + {-name} # disable action - no-poups: Kill all popups in JS and HTML + * Multi-value (e.g. "{+/-add-header{Name: value}}", + "{+/-wafer{name=value}}"): + {+name{param}} # enable action and add parameter "param" + {-name{param}} # remove the parameter "param" + {-name} # disable this action totally - frameset-borders: Give frames a border + If nothing is specified in this file, no "actions" are taken. So in + this case JunkBuster would just be a normal, non-blocking, + non-anonymizing proxy. You must specifically enable the privacy and + blocking features you need (although the provided default ijb.action + file will give a good starting point). + + Later defined actions always over-ride earlier ones. For multi-valued + actions, the actions are applied in the order they are specified. + + The list of valid Junkbuster "actions" are: + + * Add the specified HTTP header, which is not checked for validity. + You may specify this many times to specify many different headers: + +add-header{Name: value} - webbugs: Squish WebBugs (1x1 invisible GIFs used for user tracking) + * Block this URL totally. In a default installation, a "blocked" URL + will result in bright red banner that says "BLOCKED", with a + reason why it is being blocked. + +block - no-refresh: Automatic refresh sucks on auto-dialup lines + * De-animate all animated GIF images, i.e. reduce them to their last + frame. This will also shrink the images considerably (in bytes, + not pixels!). If the option "first" is given, the first frame of + the animation is used as the replacement. If "last" is given, the + last frame of the animation is used instead, which probably makes + more sense for most banner animations, but also has the risk of + not showing the entire last frame (if it is only a delta to an + earlier frame). + +deanimate-gifs{last} + +deanimate-gifs{first} - fun: Text replacements for subversive browsing fun! + * "+downgrade" will downgrade HTTP/1.1 client requests to HTTP/1.0 + and downgrade the responses as well. Use this action for servers + that use HTTP/1.1 protocol features that Junkbuster doesn't handle + well yet. HTTP/1.1 is only partially implemented. Default is not + to downgrade requests. + +downgrade - nimda: Remove (virus) Nimda code. + * Many sites, like yahoo.com, don't just link to other sites. + Instead, they will link to some script on their own server, giving + the destination as a parameter, which will then redirect you to + the final target. URLs resulting from this scheme typically look + like: http://some.place/some_script?http://some.where-else. + Sometimes, there are even multiple consecutive redirects encoded + in the URL. These redirections via scripts make your web browsing + more traceable, since the server from which you follow such a link + can see where you go to. Apart from that, valuable bandwidth and + time is wasted, while your browser ask the server for one redirect + after the other. Plus, it feeds the advertisers. + The "+fast-redirects" option enables interception of these + requests by Junkbuster, who will cut off all but the last valid + URL in the request and send a local redirect back to your browser + without contacting the remote site. + +fast-redirects - banners-by-size: Kill banners by size + * Apply the filters in the section_header section of the + re_filterfile file to the site(s). Re_filterfile sections are + grouped according to like functionality. + +filter{section_header} - crude-parental: Kill all web pages that contain the words "sex" or - "warez" + Filter sections that are pre-defined in the supplied re_filterfile + include: - * Block any existing X-Forwarded-for header, and do not add a new one: - - +hide-forwarded - - - * If the browser sends a "From:" header containing your e-mail address, this - either completely removes the header ("block"), or changes it to the - specified e-mail address. - - +hide-from{block} - +hide-from{spam@sittingduck.xqq} - - - * Don't send the "Referer:" (sic) header to the web site. You can block it, - forge a URL to the same server as the request (which is preferred because - some sites will not send images otherwise) or set it to a constant string - of your choice. - - +hide-referer{block} - +hide-referer{forge} - +hide-referer{http://nowhere.com} - - - * Alternative spelling of "+hide-referer". It has the same parameters, and - can be freely mixed with, "+hide-referer". ("referrer" is the correct - English spelling, however the HTTP specification has a bug - it requires it - to be spelled "referer".) - - +hide-referrer{...} - - - * Change the "User-Agent:" header so web servers can't tell your browser - type. Warning! This breaks many web sites. Specify the user-agent value you - want. Example, pretend to be using Netscape on Linux: - - +hide-user-agent{Mozilla (X11; I; Linux 2.0.32 i586)} - - - * Treat this URL as an image. This only matters if it's also "+block"ed, in - which case a "blocked" image can be sent rather than a HTML page. See - "+image-blocker{}" below for the control over what is actually sent. If you - want invisible ads, they should be defined as images and blocked. And also, - "image-blocker" should be set to "blank". - - +image - - - * Decides what to do with URLs that end up tagged with "{+block +image}", e.g - an advertizement. There are five options. "-image-blocker" will send a HTML - "blocked" page, usually resulting in a "broken image" icon. "+image-blocker - {logo}" will send a "JunkBuster" logo image. "+image-blocker{blank}" will - send a 1x1 transparent GIF image. And finally, "+image-blocker{http:// - xyz.com}" will send a HTTP temporary redirect to the specified image. This - has the advantage of the icon being being cached by the browser, which will - speed up the display. "+image-blocker{pattern}" will send a checkboard type - pattern, which scales better than the logo (which can get blocky if the - browser enlarges it too much). - - +image-blocker{logo} - +image-blocker{blank} - +image-blocker{pattern} - +image-blocker{http://i.j.b/send-banner} - - - * By default (i.e. in the absence of a "+limit-connect" action), Junkbuster - will only allow CONNECT requests to port 443, which is the standard port - for https as a precaution. - - The CONNECT methods exists in HTTP to allow access to secure websites - (https:// URLs) through proxies. It works very simply: the proxy connects - to the server on the specified port, and then short-circuits its - connections to the client and to the remote proxy. This can be a big - security hole, since CONNECT-enabled proxies can be abused as TCP relays - very easily. - - If you want to allow CONNECT for more ports than this, or want to forbid - CONNECT altogether, you can specify a comma separated list of ports and - port ranges (the latter using dashes, with the minimum defaulting to 0 and - max to 65K): - - +limit-connect{443} # This is the default and need no be specified. - +limit-connect{80,443} # Ports 80 and 443 are OK. - +limit-connect{-3, 7, 20-100, 500-} # Port less than 3, 7, 20 to 100 - #and above 500 are OK. - - - * "+no-compression" prevents the website from compressing the data. Some - websites do this, which can be a problem for Junkbuster, since "+filter", - "+no-popup" and "+gif-deanimate" will not work on compressed data. This - will slow down connections to those websites, though. Default is - "nocompression" is turned on. - - +nocompression - - - * If the website sets cookies, "no-cookies-keep" will make sure they are - erased when you exit and restart your web browser. This makes profiling - cookies useless, but won't break sites which require cookies so that you - can log in for transactions. Default: on. - - +no-cookies-keep - - - * Prevent the website from reading cookies: - - +no-cookies-read - - - * Prevent the website from setting cookies: - - +no-cookies-set - - - * Filter the website through a built-in filter to disable those obnoxious - JavaScript pop-up windows via window.open(), etc. The two alternative - spellings are equivalent. - - +no-popup - +no-popups - - - * This action only applies if you are using a jarfile for saving cookies. It - sends a cookie to every site stating that you do not accept any copyright - on cookies sent to you, and asking them not to track you. Of course, this - is a (relatively) unique header they could use to track you. - - +vanilla-wafer - - - * This allows you to add an arbitrary cookie. It can be specified multiple - times in order to add as many cookies as you like. - - +wafer{name=value} - - -The meaning of any of the above is reversed by preceding the action with a "-", -in place of the "+". - -Some examples: - -Turn off cookies by default, then allow a few through for specified sites: - - # Turn off all persistent cookies - { +no-cookies-read } - { +no-cookies-set } - # Allow cookies for this browser session ONLY - { +no-cookies-keep } - - # Exceptions to the above, sites that benefit from persistent cookies - { -no-cookies-read } - { -no-cookies-set } - { -no-cookies-keep } - .javasoft.com - .sun.com - .yahoo.com - .msdn.microsoft.com - .redhat.com - - # Alternative way of saying the same thing - {-no-cookies-set -no-cookies-read -no-cookies-keep} - .sourceforge.net - .sf.net - - -Now turn off "fast redirects", and then we allow two exceptions: - - # Turn them off! - {+fast-redirects} - - # Reverse it for these two sites, which don't work right without it. - {-fast-redirects} - www.ukc.ac.uk/cgi-bin/wac\.cgi\? - login.yahoo.com - - -Turn on page filtering according to rules in the defined sections of -refilterfile, and make one exception for sourceforge: - - # Run everything through the filter file, using only the - # specified sections: - +filter{html-annoyances} +filter{js-annoyances} +filter{no-popups}\ - +filter{webbugs} +filter{nimda} +filter{banners-by-size} - - # Then disable filtering of code from sourceforge! - {-filter} - .cvs.sourceforge.net - - -Now some URLs that we want "blocked", ie we won't see them. Many of these use -regular expressions that will expand to match multiple URLs: - - # Blocklist: - {+block} - /.*/(.*[-_.])?ads?[0-9]?(/|[-_.].*|\.(gif|jpe?g)) - /.*/(.*[-_.])?count(er)?(\.cgi|\.dll|\.exe|[?/]) - /.*/(ng)?adclient\.cgi - /.*/(plain|live|rotate)[-_.]?ads?/ - /.*/(sponsor)s?[0-9]?/ - /.*/_?(plain|live)?ads?(-banners)?/ - /.*/abanners/ - /.*/ad(sdna_image|gifs?)/ - /.*/ad(server|stream|juggler)\.(cgi|pl|dll|exe) - /.*/adbanners/ - /.*/adserver - /.*/adstream\.cgi - /.*/adv((er)?ts?|ertis(ing|ements?))?/ - /.*/banner_?ads/ - /.*/banners?/ - /.*/banners?\.cgi/ - /.*/cgi-bin/centralad/getimage - /.*/images/addver\.gif - /.*/images/marketing/.*\.(gif|jpe?g) - /.*/popupads/ - /.*/siteads/ - /.*/sponsor.*\.gif - /.*/sponsors?[0-9]?/ - /.*/advert[0-9]+\.jpg - /Media/Images/Adds/ - /ad_images/ - /adimages/ - /.*/ads/ - /bannerfarm/ - /grafikk/annonse/ - /graphics/defaultAd/ - /image\.ng/AdType - /image\.ng/transactionID - /images/.*/.*_anim\.gif # alvin brattli - /ip_img/.*\.(gif|jpe?g) - /rotateads/ - /rotations/ - /worldnet/ad\.cgi - /cgi-bin/nph-adclick.exe/ - /.*/Image/BannerAdvertising/ - /.*/ad-bin/ - /.*/adlib/server\.cgi - /autoads/ - - -Note that many of these actions have the potential to cause a page to -misbehave, possibly even not to display at all. There are many ways a site -designer may choose to design his site, and what HTTP header content he may -depend on. There is no way to have hard and fast rules for all sites. See the -Appendix for a brief example on troubleshooting actions. - -------------------------------------------------------------------------------- - -3.4.3. Aliases - -Custom "actions", known to Junkbuster as "aliases", can be defined by combining -other "actions". These can in turn be invoked just like the built-in "actions". -Currently, an alias can contain any character except space, tab, "=", "{" or "} -". But please use only "a"- "z", "0"-"9", "+", and "-". Alias names are not -case sensitive, and must be defined before anything else in the ijb.actionfile -! And there can only be one set of "aliases" defined. - -Now let's define a few aliases: - - # Useful customer aliases we can use later. These must come first! - {{alias}} - +no-cookies = +no-cookies-set +no-cookies-read - -no-cookies = -no-cookies-set -no-cookies-read - fragile = - -block -no-cookies -filter -fast-redirects -hide-referer -no-popups - shop = -no-cookies -filter -fast-redirects - +imageblock = +block +image - - #For people who don't like to type too much: ;-) - c0 = +no-cookies - c1 = -no-cookies - c2 = -no-cookies-set +no-cookies-read - c3 = +no-cookies-set -no-cookies-read - #... etc. Customize to your heart's content. + html-annoyances: Get rid of particularly annoying HTML abuse. - -Some examples using our "shop" and "fragile" aliases from above: - - # These sites are very complex and require - # minimal interference. - {fragile} - .office.microsoft.com - .windowsupdate.microsoft.com - .nytimes.com - - # Shopping sites - still want to block ads. - {shop} - .quietpc.com - .worldpay.com # for quietpc.com - .jungle.com - .scan.co.uk - - # These shops require pop-ups - {shop -no-popups} - .dabs.com - .overclockers.co.uk + js-annoyances: Get rid of particularly annoying JavaScript abuse - -------------------------------------------------------------------------------- - -3.5. The Filter File - -Any web page can be dynamically modified with the filter file. This -modification can be removal, or re-writing, of any web page content, including -tags and non-visible content. The default filter file is re_filterfile, located -in the config directory. - -The included example file is divided into sections. Each section begins with -the FILTER keyword, followed by the identifier for that section, e.g. "FILTER: -webbugs". Each section performs a similar type of filtering, such as -"html-annoyances". - -This file uses regular expressions to alter or remove any string in the target -page. The expressions can only operate on one line at a time. Some examples -from the included default re_filterfile: - -Stop web pages from displaying annoying messages in the status bar by deleting -such references: - - FILTER: html-annoyances - - # New browser windows should be resizeable and have a location and status - # bar. Make it so. - # - s/resizable="?(no|0)"?/resizable=1/ig s/noresize/yesresize/ig - s/location="?(no|0)"?/location=1/ig s/status="?(no|0)"?/status=1/ig - s/scrolling="?(no|0|Auto)"?/scrolling=1/ig - s/menubar="?(no|0)"?/menubar=1/ig - - # The tag was a crime! - # - s*|**ig - - # Is this evil? - # - #s/framespacing="?(no|0)"?//ig - #s/margin(height|width)=[0-9]*//gi + no-poups: Kill all popups in JS and HTML - -Just for kicks, replace any occurrence of "Microsoft" with "MicroSuck", and -have a little fun with topical buzzwords: - - FILTER: fun - - s/microsoft(?!.com)/MicroSuck/ig - - # Buzzword Bingo: - # - s/industry-leading|cutting-edge|award-winning/BINGO!/ig + frameset-borders: Give frames a border - -Kill those pesky little web-bugs: - - # webbugs: Squish WebBugs (1x1 invisible GIFs used for user tracking) - FILTER: webbugs - - s/]*?(width|height)\s*=\s*['"]?1\D[^>]*?(width|height)\s*=\s*['"]?1 -(\D[^>]*?)?>//sig + webbugs: Squish WebBugs (1x1 invisible GIFs used for user tracking) - -------------------------------------------------------------------------------- - -3.6. Templates - -When Junkbuster displays one of its internal pages, such as a 404 Not Found -error page, it uses the appropriate template. On Linux, BSD, and Unix, these -are located in /etc/junkbuster/templates by default. These may be customized, -if desired. - -------------------------------------------------------------------------------- - -4. Quickstart to Using Junkbuster - -Install package, then run and enjoy! JunkBuster is typically started by -specifying the main configuration file to be used on the command line. Example -Unix startup command: - - - # /usr/sbin/junkbuster /etc/junkbuster/config - - - -An init script is provided for SuSE and Redhat. - -For for SuSE: /etc/rc.d/junkbuster start - -For RedHat: /etc/rc.d/init.d/junkbuster start - -If no configuration file is specified on the command line, Junkbuster will look -for a file named config in the current directory. Except on Win32 where it will -try config.txt. If no file is specified on the command line and no default -configuration file can be found, Junkbuster will fail to start. - -Be sure your browser is set to use the proxy which is by default at localhost, -port 8118. With Netscape (and Mozilla), this can be set under Edit -> -Preferences -> Advanced -> Proxies -> HTTP Proxy. For Internet Explorer: Tools -> Internet Properties -> Connections -> LAN Setting. Then, check "Use Proxy" -and fill in the appropriate info (Address: localhost, Port: 8118). Include if -HTTPS proxy support too. - -The included default configuration files should give a reasonable starting -point, though may be somewhat aggressive in blocking junk. You will probably -want to keep an eye out for sites that require persistent cookies, and add -these to ijb.action as needed. By default, most of these will be accepted only -during the current browser session, until you add them to the configuration. If -you want the browser to handle this instead, you will need to edit ijb.action -and disable this feature. If you use more than one browser, it would make more -sense to let Junkbuster handle this. In which case, the browser(s) should be -set to accept all cookies. - -If a particular site shows problems loading properly, try adding it to the -{fragile} section of ijb.action. This will turn off most actions for this site. - -Junkbuster is HTTP/1.1 compliant, but not all 1.1 features are as yet -implemented. If browsers that support HTTP/1.1 (like Mozilla or recent versions -of I.E.) experience problems, you might try to force HTTP/1.0 compatibility. -For Mozilla, look under Edit -> Preferences -> Debug -> Networking. Or set the -"+downgrade" config option in ijb.action. - -After running Junkbuster for a while, you can start to fine tune the -configuration to suit your personal, or site, preferences and requirements. -There are many, many aspects that can be customized. "Actions" (as specified in -ijb.action) can be adjusted by pointing your browser to http://i.j.b/, and then -follow the link to "edit the actions list". (This is an internal page and does -not require Internet access.) - -In fact, various aspects of Junkbuster configuration can be viewed from this -page, including current configuration parameters, source code version numbers, -the browser's request headers, and "actions" that apply to a given URL. In -addition to the ijb.action file editor mentioned above, Junkbuster can also be -turned "on" and "off" from this page. - -If you encounter problems, please verify it is a Junkbuster bug, by disabling -Junkbuster, and then trying the same page. Also, try another browser if -possible to eliminate browser or site problems. Before reporting it as a bug, -see if there is not a configuration option that is enabled that is causing the -page not to load. You can then add an exception for that page or site. If a -bug, please report it to the developers (see below). - -------------------------------------------------------------------------------- - -4.1. Command Line Options - -JunkBuster may be invoked with the following command-line options: - - * --version - - Print version info and exit, Unix only. - - * --help + no-refresh: Automatic refresh sucks on auto-dialup lines - Print a short usage info and exit, Unix only. + fun: Text replacements for subversive browsing fun! - * --no-daemon + nimda: Remove (virus) Nimda code. - Don't become a daemon, i.e. don't fork and become process group leader, - don't detach from controlling tty. Unix only. + banners-by-size: Kill banners by size - * --pidfile FILE + crude-parental: Kill all web pages that contain the words "sex" or + "warez" - On startup, write the process ID to FILE. Delete the FILE on exit. Failiure - to create or delete the FILE is non-fatal. If no FILE option is given, no - PID file will be used. Unix only. + * Block any existing X-Forwarded-for header, and do not add a new + one: + +hide-forwarded + + * If the browser sends a "From:" header containing your e-mail + address, this either completely removes the header ("block"), or + changes it to the specified e-mail address. + +hide-from{block} + +hide-from{spam@sittingduck.xqq} + + * Don't send the "Referer:" (sic) header to the web site. You can + block it, forge a URL to the same server as the request (which is + preferred because some sites will not send images otherwise) or + set it to a constant string of your choice. + +hide-referer{block} + +hide-referer{forge} + +hide-referer{http://nowhere.com} + + * Alternative spelling of "+hide-referer". It has the same + parameters, and can be freely mixed with, "+hide-referer". + ("referrer" is the correct English spelling, however the HTTP + specification has a bug - it requires it to be spelled "referer".) + +hide-referrer{...} + + * Change the "User-Agent:" header so web servers can't tell your + browser type. Warning! This breaks many web sites. Specify the + user-agent value you want. Example, pretend to be using Netscape + on Linux: + +hide-user-agent{Mozilla (X11; I; Linux 2.0.32 i586)} + + * Treat this URL as an image. This only matters if it's also + "+block"ed, in which case a "blocked" image can be sent rather + than a HTML page. See "+image-blocker{}" below for the control + over what is actually sent. If you want invisible ads, they should + be defined as images and blocked. And also, "image-blocker" should + be set to "blank". + +image + + * Decides what to do with URLs that end up tagged with "{+block + +image}", e.g an advertizement. There are five options. + "-image-blocker" will send a HTML "blocked" page, usually + resulting in a "broken image" icon. "+image-blocker{logo}" will + send a "JunkBuster" logo image. "+image-blocker{blank}" will send + a 1x1 transparent GIF image. And finally, + "+image-blocker{http://xyz.com}" will send a HTTP temporary + redirect to the specified image. This has the advantage of the + icon being being cached by the browser, which will speed up the + display. "+image-blocker{pattern}" will send a checkboard type + pattern, which scales better than the logo (which can get blocky + if the browser enlarges it too much). + +image-blocker{logo} + +image-blocker{blank} + +image-blocker{pattern} + +image-blocker{http://i.j.b/send-banner} + + * By default (i.e. in the absence of a "+limit-connect" action), + Junkbuster will only allow CONNECT requests to port 443, which is + the standard port for https as a precaution. + The CONNECT methods exists in HTTP to allow access to secure + websites (https:// URLs) through proxies. It works very simply: + the proxy connects to the server on the specified port, and then + short-circuits its connections to the client and to the remote + proxy. This can be a big security hole, since CONNECT-enabled + proxies can be abused as TCP relays very easily. + If you want to allow CONNECT for more ports than this, or want to + forbid CONNECT altogether, you can specify a comma separated list + of ports and port ranges (the latter using dashes, with the + minimum defaulting to 0 and max to 65K): + +limit-connect{443} # This is the default and need no be + specified. + +limit-connect{80,443} # Ports 80 and 443 are OK. + +limit-connect{-3, 7, 20-100, 500-} # Port less than 3, 7, 20 to + 100 + #and above 500 are OK. + + * "+no-compression" prevents the website from compressing the data. + Some websites do this, which can be a problem for Junkbuster, + since "+filter", "+no-popup" and "+gif-deanimate" will not work on + compressed data. This will slow down connections to those + websites, though. Default is "nocompression" is turned on. + +nocompression + + * If the website sets cookies, "no-cookies-keep" will make sure they + are erased when you exit and restart your web browser. This makes + profiling cookies useless, but won't break sites which require + cookies so that you can log in for transactions. Default: on. + +no-cookies-keep + + * Prevent the website from reading cookies: + +no-cookies-read + + * Prevent the website from setting cookies: + +no-cookies-set + + * Filter the website through a built-in filter to disable those + obnoxious JavaScript pop-up windows via window.open(), etc. The + two alternative spellings are equivalent. + +no-popup + +no-popups + + * This action only applies if you are using a jarfile for saving + cookies. It sends a cookie to every site stating that you do not + accept any copyright on cookies sent to you, and asking them not + to track you. Of course, this is a (relatively) unique header they + could use to track you. + +vanilla-wafer + + * This allows you to add an arbitrary cookie. It can be specified + multiple times in order to add as many cookies as you like. + +wafer{name=value} + + The meaning of any of the above is reversed by preceding the action + with a "-", in place of the "+". + + Some examples: + + Turn off cookies by default, then allow a few through for specified + sites: + + # Turn off all persistent cookies + { +no-cookies-read } + { +no-cookies-set } + # Allow cookies for this browser session ONLY + { +no-cookies-keep } + # Exceptions to the above, sites that benefit from persistent cookies + { -no-cookies-read } + { -no-cookies-set } + { -no-cookies-keep } + .javasoft.com + .sun.com + .yahoo.com + .msdn.microsoft.com + .redhat.com + # Alternative way of saying the same thing + {-no-cookies-set -no-cookies-read -no-cookies-keep} + .sourceforge.net + .sf.net + + Now turn off "fast redirects", and then we allow two exceptions: + + # Turn them off! + {+fast-redirects} + + # Reverse it for these two sites, which don't work right without it. + {-fast-redirects} + www.ukc.ac.uk/cgi-bin/wac\.cgi\? + login.yahoo.com + + Turn on page filtering according to rules in the defined sections of + refilterfile, and make one exception for sourceforge: + + # Run everything through the filter file, using only the + # specified sections: + +filter{html-annoyances} +filter{js-annoyances} +filter{no-popups}\ + +filter{webbugs} +filter{nimda} +filter{banners-by-size} + + # Then disable filtering of code from sourceforge! + {-filter} + .cvs.sourceforge.net + + Now some URLs that we want "blocked", ie we won't see them. Many of + these use regular expressions that will expand to match multiple URLs: + + # Blocklist: + {+block} + /.*/(.*[-_.])?ads?[0-9]?(/|[-_.].*|\.(gif|jpe?g)) + /.*/(.*[-_.])?count(er)?(\.cgi|\.dll|\.exe|[?/]) + /.*/(ng)?adclient\.cgi + /.*/(plain|live|rotate)[-_.]?ads?/ + /.*/(sponsor)s?[0-9]?/ + /.*/_?(plain|live)?ads?(-banners)?/ + /.*/abanners/ + /.*/ad(sdna_image|gifs?)/ + /.*/ad(server|stream|juggler)\.(cgi|pl|dll|exe) + /.*/adbanners/ + /.*/adserver + /.*/adstream\.cgi + /.*/adv((er)?ts?|ertis(ing|ements?))?/ + /.*/banner_?ads/ + /.*/banners?/ + /.*/banners?\.cgi/ + /.*/cgi-bin/centralad/getimage + /.*/images/addver\.gif + /.*/images/marketing/.*\.(gif|jpe?g) + /.*/popupads/ + /.*/siteads/ + /.*/sponsor.*\.gif + /.*/sponsors?[0-9]?/ + /.*/advert[0-9]+\.jpg + /Media/Images/Adds/ + /ad_images/ + /adimages/ + /.*/ads/ + /bannerfarm/ + /grafikk/annonse/ + /graphics/defaultAd/ + /image\.ng/AdType + /image\.ng/transactionID + /images/.*/.*_anim\.gif # alvin brattli + /ip_img/.*\.(gif|jpe?g) + /rotateads/ + /rotations/ + /worldnet/ad\.cgi + /cgi-bin/nph-adclick.exe/ + /.*/Image/BannerAdvertising/ + /.*/ad-bin/ + /.*/adlib/server\.cgi + /autoads/ + + Note that many of these actions have the potential to cause a page to + misbehave, possibly even not to display at all. There are many ways a + site designer may choose to design his site, and what HTTP header + content he may depend on. There is no way to have hard and fast rules + for all sites. See the [52]Appendix for a brief example on + troubleshooting actions. + _________________________________________________________________ - * --user USER[.GROUP] +3.4.3. Aliases + + Custom "actions", known to Junkbuster as "aliases", can be defined by + combining other "actions". These can in turn be invoked just like the + built-in "actions". Currently, an alias can contain any character + except space, tab, "=", "{" or "}". But please use only "a"- "z", + "0"-"9", "+", and "-". Alias names are not case sensitive, and must be + defined before anything else in the ijb.actionfile ! And there can + only be one set of "aliases" defined. + + Now let's define a few aliases: + + # Useful customer aliases we can use later. These must come first! + {{alias}} + +no-cookies = +no-cookies-set +no-cookies-read + -no-cookies = -no-cookies-set -no-cookies-read + fragile = -block -no-cookies -filter -fast-redirects -hide-refere + r -no-popups + shop = -no-cookies -filter -fast-redirects + +imageblock = +block +image + #For people who don't like to type too much: ;-) + c0 = +no-cookies + c1 = -no-cookies + c2 = -no-cookies-set +no-cookies-read + c3 = +no-cookies-set -no-cookies-read + #... etc. Customize to your heart's content. + + Some examples using our "shop" and "fragile" aliases from above: + + # These sites are very complex and require + # minimal interference. + {fragile} + .office.microsoft.com + .windowsupdate.microsoft.com + .nytimes.com + # Shopping sites - still want to block ads. + {shop} + .quietpc.com + .worldpay.com # for quietpc.com + .jungle.com + .scan.co.uk + # These shops require pop-ups + {shop -no-popups} + .dabs.com + .overclockers.co.uk + _________________________________________________________________ - After (optionally) writing the PID file, assume the user ID of USER, and if - included the GID of GROUP. Exit if the privileges are not sufficient to do - so. Unix only. +3.5. The Filter File + + Any web page can be dynamically modified with the filter file. This + modification can be removal, or re-writing, of any web page content, + including tags and non-visible content. The default filter file is + re_filterfile, located in the config directory. + + The included example file is divided into sections. Each section + begins with the FILTER keyword, followed by the identifier for that + section, e.g. "FILTER: webbugs". Each section performs a similar type + of filtering, such as "html-annoyances". + + This file uses regular expressions to alter or remove any string in + the target page. The expressions can only operate on one line at a + time. Some examples from the included default re_filterfile: + + Stop web pages from displaying annoying messages in the status bar by + deleting such references: + + FILTER: html-annoyances + # New browser windows should be resizeable and have a location and st + atus + # bar. Make it so. + # + s/resizable="?(no|0)"?/resizable=1/ig s/noresize/yesresize/ig + s/location="?(no|0)"?/location=1/ig s/status="?(no|0)"?/status=1/ig + s/scrolling="?(no|0|Auto)"?/scrolling=1/ig + s/menubar="?(no|0)"?/menubar=1/ig + # The tag was a crime! + # + s*|**ig + # Is this evil? + # + #s/framespacing="?(no|0)"?//ig + #s/margin(height|width)=[0-9]*//gi + + Just for kicks, replace any occurrence of "Microsoft" with + "MicroSuck", and have a little fun with topical buzzwords: + + FILTER: fun + s/microsoft(?!.com)/MicroSuck/ig + # Buzzword Bingo: + # + s/industry-leading|cutting-edge|award-winning/BING + O!/ig + + Kill those pesky little web-bugs: + + # webbugs: Squish WebBugs (1x1 invisible GIFs used for user tracking) + FILTER: webbugs + s/]*?(width|height)\s*=\s*['"]?1\D[^>]*?(width|height)\s*=\ + s*['"]?1(\D[^>]*?)?>//sig + _________________________________________________________________ - * configfile +3.6. Templates + + When Junkbuster displays one of its internal pages, such as a 404 Not + Found error page, it uses the appropriate template. On Linux, BSD, and + Unix, these are located in /etc/junkbuster/templates by default. These + may be customized, if desired. + _________________________________________________________________ - If no configfile is included on the command line, JunkBuster will look for - a file named "config" in the current directory (except on Win32 where it - will look for "config.txt" instead). Specify full path to avoid confusion. +4. Quickstart to Using Junkbuster + + Install package, then run and enjoy! JunkBuster is typically started + by specifying the main configuration file to be used on the command + line. Example Unix startup command: + + + # /usr/sbin/junkbuster /etc/junkbuster/config + + + An init script is provided for SuSE and Redhat. + + For for SuSE: /etc/rc.d/junkbuster start + + For RedHat: /etc/rc.d/init.d/junkbuster start + + If no configuration file is specified on the command line, Junkbuster + will look for a file named config in the current directory. Except on + Win32 where it will try config.txt. If no file is specified on the + command line and no default configuration file can be found, + Junkbuster will fail to start. + + Be sure your browser is set to use the proxy which is by default at + localhost, port 8118. With Netscape (and Mozilla), this can be set + under Edit -> Preferences -> Advanced -> Proxies -> HTTP Proxy. For + Internet Explorer: Tools > Internet Properties -> Connections -> LAN + Setting. Then, check "Use Proxy" and fill in the appropriate info + (Address: localhost, Port: 8118). Include if HTTPS proxy support too. + + The included default configuration files should give a reasonable + starting point, though may be somewhat aggressive in blocking junk. + You will probably want to keep an eye out for sites that require + persistent cookies, and add these to ijb.action as needed. By default, + most of these will be accepted only during the current browser + session, until you add them to the configuration. If you want the + browser to handle this instead, you will need to edit ijb.action and + disable this feature. If you use more than one browser, it would make + more sense to let Junkbuster handle this. In which case, the + browser(s) should be set to accept all cookies. + + If a particular site shows problems loading properly, try adding it to + the {fragile} section of ijb.action. This will turn off most actions + for this site. + + Junkbuster is HTTP/1.1 compliant, but not all 1.1 features are as yet + implemented. If browsers that support HTTP/1.1 (like Mozilla or recent + versions of I.E.) experience problems, you might try to force HTTP/1.0 + compatibility. For Mozilla, look under Edit -> Preferences -> Debug -> + Networking. Or set the "+downgrade" config option in ijb.action. + + After running Junkbuster for a while, you can start to fine tune the + configuration to suit your personal, or site, preferences and + requirements. There are many, many aspects that can be customized. + "Actions" (as specified in ijb.action) can be adjusted by pointing + your browser to [53]http://i.j.b/, and then follow the link to "edit + the actions list". (This is an internal page and does not require + Internet access.) + + In fact, various aspects of Junkbuster configuration can be viewed + from this page, including current configuration parameters, source + code version numbers, the browser's request headers, and "actions" + that apply to a given URL. In addition to the ijb.action file editor + mentioned above, Junkbuster can also be turned "on" and "off" from + this page. + + If you encounter problems, please verify it is a Junkbuster bug, by + disabling Junkbuster, and then trying the same page. Also, try another + browser if possible to eliminate browser or site problems. Before + reporting it as a bug, see if there is not a configuration option that + is enabled that is causing the page not to load. You can then add an + exception for that page or site. If a bug, please report it to the + developers (see below). + _________________________________________________________________ -------------------------------------------------------------------------------- +4.1. Command Line Options + JunkBuster may be invoked with the following command-line options: + + * --version + Print version info and exit, Unix only. + * --help + Print a short usage info and exit, Unix only. + * --no-daemon + Don't become a daemon, i.e. don't fork and become process group + leader, don't detach from controlling tty. Unix only. + * --pidfile FILE + On startup, write the process ID to FILE. Delete the FILE on exit. + Failiure to create or delete the FILE is non-fatal. If no FILE + option is given, no PID file will be used. Unix only. + * --user USER[.GROUP] + After (optionally) writing the PID file, assume the user ID of + USER, and if included the GID of GROUP. Exit if the privileges are + not sufficient to do so. Unix only. + * configfile + If no configfile is included on the command line, JunkBuster will + look for a file named "config" in the current directory (except on + Win32 where it will look for "config.txt" instead). Specify full + path to avoid confusion. + _________________________________________________________________ + 5. Contacting the Developers, Bug Reporting and Feature Requests -We value your feedback. However, to provide you with the best support, please -note: - - * Use the Sourceforge support forum to get help. - - * Submit bugs only thru our Sourceforge bug forum. Make sure that the bug has - not already been submitted. Please try to verify that it is a Junkbuster - bug, and not a browser or site bug first. If you are using your own custom - configuration, please try the stock configs to see if the problem is a - configuration related bug. And if not using the latest development - snapshot, please try the latest one. Or even better, CVS sources. + We value your feedback. However, to provide you with the best support, + please note: + + * Use the [54]Sourceforge support forum to get help. + * Submit bugs only thru our [55]Sourceforge bug forum. Make sure + that the bug has not already been submitted. Please try to verify + that it is a Junkbuster bug, and not a browser or site bug first. + If you are using your own custom configuration, please try the + stock configs to see if the problem is a configuration related + bug. And if not using the latest development snapshot, please try + the latest one. Or even better, CVS sources. + * Submit feature requests only thru our [56]Sourceforge feature + request forum. + + For any other issues, feel free to use the [57]mailing lists. - * Submit feature requests only thru our Sourceforge feature request forum. + Anyone interested in actively participating in development and related + discussions can join the appropriate mailing list [58]here. Archives + are available here too. + _________________________________________________________________ - - -For any other issues, feel free to use the mailing lists. - -Anyone interested in actively participating in development and related -discussions can join the appropriate mailing list here. Archives are available -here too. - -------------------------------------------------------------------------------- - 6. Copyright and History 6.1. License -Internet Junkbuster is free software; you can redistribute it and/or modify it -under the terms of the GNU General Public License as published by the Free -Software Foundation; either version 2 of the License, or (at your option) any -later version. - -This program is distributed in the hope that it will be useful, but WITHOUT ANY -WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A -PARTICULAR PURPOSE. See the GNU General Public License for more details, which -is available from the Free Software Foundation, Inc, 59 Temple Place - Suite -330, Boston, MA 02111-1307, USA. - -------------------------------------------------------------------------------- - + Internet Junkbuster is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as + published by the Free Software Foundation; either version 2 of the + License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details, which is available from + [59]the Free Software Foundation, Inc, 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. + _________________________________________________________________ + 6.2. History -Junkbuster was originally written by Anonymous Coders and Junkbuster's -Corporation, and was released as free open-source software under the GNU GPL. -Stefan Waldherr made many improvements, and started the SourceForge project to -rekindle development. There are now several active developers contributing. The -last stable release was v2.0.2, which has now grown whiskers ;-). - -------------------------------------------------------------------------------- - + Junkbuster was originally written by Anonymous Coders and + [60]Junkbuster's Corporation, and was released as free open-source + software under the GNU GPL. [61]Stefan Waldherr made many + improvements, and started the [62]SourceForge project to rekindle + development. There are now several active developers contributing. The + last stable release was v2.0.2, which has now grown whiskers ;-). + _________________________________________________________________ + 7. See also - http://sourceforge.net/projects/ijbswa - - http://ijbswa.sourceforge.net/ - - http://i.j.b/ - - http://www.junkbusters.com/ht/en/cookies.html - - http://www.waldherr.org/junkbuster/ - - http://privacy.net/analyze/ - - http://www.squid-cache.org/ - - - -------------------------------------------------------------------------------- - + [63]http://sourceforge.net/projects/ijbswa + + [64]http://ijbswa.sourceforge.net/ + + [65]http://i.j.b/ + + [66]http://www.junkbusters.com/ht/en/cookies.html + + [67]http://www.waldherr.org/junkbuster/ + + [68]http://privacy.net/analyze/ + + [69]http://www.squid-cache.org/ + _________________________________________________________________ + 8. Appendix 8.1. Regular Expressions -Junkbuster can use "regular expressions" in various config files. Assuming -support for "pcre" (Perl Compatible Regular Expressions) is compiled in, which -is the default. Such configuration directives do not require regular -expressions, but they can be used to increase flexibility by matching a pattern -with wild-cards against URLs. - -If you are reading this, you probably don't understand what "regular -expressions" are, or what they can do. So this will be a very brief -introduction only. A full explanation would require a book ;-) - -"Regular expressions" is a way of matching one character expression against -another to see if it matches or not. One of the "expressions" is a literal -string of readable characters (letter, numbers, etc), and the other is a -complex string of literal characters combined with wild-cards, and other -special characters, called meta-characters. The "meta-characters" have special -meanings and are used to build the complex pattern to be matched against. Perl -Compatible Regular Expressions is an enhanced form of the regular expression -language with backward compatibility. - -To make a simple analogy, we do something similar when we use wild-card -characters when listing files with the dir command in DOS. *.* matches all -filenames. The "special" character here is the asterisk which matches any and -all characters. We can be more specific and use ? to match just individual -characters. So "dir file?.text" would match "file1.txt", "file2.txt", etc. We -are pattern matching, using a similar technique to "regular expressions"! - -Regular expressions do essentially the same thing, but are much, much more -powerful. There are many more "special characters" and ways of building complex -patterns however. Let's look at a few of the common ones, and then some -examples: - -. - Matches any single character, e.g. "a", "A", "4", ":", or "@". - -? - The preceding character or expression is matched ZERO or ONE times. Either/ -or. - -+ - The preceding character or expression is matched ONE or MORE times. - -* - The preceding character or expression is matched ZERO or MORE times. - -\ - The "escape" character denotes that the following character should be taken -literally. This is used where one of the special characters (e.g. ".") needs to -be taken literally and not as a special meta-character. - -[] - Characters enclosed in brackets will be matched if any of the enclosed -characters are encountered. - -() - parentheses are used to group a sub-expression, or multiple -sub-expressions. - -| - The "bar" character works like an "or" conditional statement. A match is -successful if the sub-expression on either side of "|" matches. - -s/string1/string2/g - This is used to rewrite strings of text. "string1" is -replaced by "string2" in this example. - -These are just some of the ones you are likely to use when matching URLs with -Junkbuster, and is a long way from a definitive list. This is enough to get us -started with a few simple examples which may be more illuminating: - -/.*/banners/.* - A simple example that uses the common combination of "." and " -*" to denote any character, zero or more times. In other words, any string at -all. So we start with a literal forward slash, then our regular expression -pattern (".*") another literal forward slash, the string "banners", another -forward slash, and lastly another ".*". We are building a directory path here. -This will match any file with the path that has a directory named "banners" in -it. The ".*" matches any characters, and this could conceivably be more forward -slashes, so it might expand into a much longer looking path. For example, this -could match: "/eye/hate/spammers/banners/annoy_me_please.gif", or just "/ -banners/annoying.html", or almost an infinite number of other possible -combinations, just so it has "banners" in the path somewhere. - -A now something a little more complex: - -/.*/adv((er)?ts?|ertis(ing|ements?))?/ - We have several literal forward -slashes again ("/"), so we are building another expression that is a file path -statement. We have another ".*", so we are matching against any conceivable -sub-path, just so it matches our expression. The only true literal that must -match our pattern is adv, together with the forward slashes. What comes after -the "adv" string is the interesting part. - -Remember the "?" means the preceding expression (either a literal character or -anything grouped with "(...)" in this case) can exist or not, since this means -either zero or one match. So "((er)?ts?|ertis(ing|ements?))" is optional, as -are the individual sub-expressions: "(er)", "(ing|ements?)", and the "s". The " -|" means "or". We have two of those. For instance, "(ing|ements?)", can expand -to match either "ing" OR "ements?". What is being done here, is an attempt at -matching as many variations of "advertisement", and similar, as possible. So -this would expand to match just "adv", or "advert", or "adverts", or -"advertising", or "advertisement", or "advertisements". You get the idea. But -it would not match "advertizements" (with a "z"). We could fix that by changing -our regular expression to: "/.*/adv((er)?ts?|erti(s|z)(ing|ements?))?/", which -would then match either spelling. - -/.*/advert[0-9]+\.(gif|jpe?g) - Again another path statement with forward -slashes. Anything in the square brackets "[]" can be matched. This is using -"0-9" as a shorthand expression to mean any digit one through nine. It is the -same as saying "0123456789". So any digit matches. The "+" means one or more of -the preceding expression must be included. The preceding expression here is -what is in the square brackets -- in this case, any digit one through nine. -Then, at the end, we have a grouping: "(gif|jpe?g)". This includes a "|", so -this needs to match the expression on either side of that bar character also. A -simple "gif" on one side, and the other side will in turn match either "jpeg" -or "jpg", since the "?" means the letter "e" is optional and can be matched -once or not at all. So we are building an expression here to match image GIF or -JPEG type image file. It must include the literal string "advert", then one or -more digits, and a "." (which is now a literal, and not a special character, -since it is escaped with "\"), and lastly either "gif", or "jpeg", or "jpg". -Some possible matches would include: "//advert1.jpg", "/nasty/ads/ -advert1234.gif", "/banners/from/hell/advert99.jpg". It would not match -"advert1.gif" (no leading slash), or "/adverts232.jpg" (the expression does not -include an "s"), or "/advert1.jsp" ("jsp" is not in the expression anywhere). - -s/microsoft(?!.com)/MicroSuck/i - This is a substitution. "MicroSuck" will -replace any occurrence of "microsoft". The "i" at the end of the expression -means ignore case. The "(?!.com)" means the match should fail if "microsoft" is -followed by ".com". In other words, this acts like a "NOT" modifier. In case -this is a hyperlink, we don't want to break it ;-). - -We are barely scratching the surface of regular expressions here so that you -can understand the default Junkbuster configuration files, and maybe use this -knowledge to customize your own installation. There is much, much more that can -be done with regular expressions. Now that you know enough to get started, you -can learn more on your own :/ - -More reading on Perl Compatible Regular expressions: http://www.perldoc.com/ -perl5.6/pod/perlre.html - -------------------------------------------------------------------------------- - + Junkbuster can use "regular expressions" in various config files. + Assuming support for "pcre" (Perl Compatible Regular Expressions) is + compiled in, which is the default. Such configuration directives do + not require regular expressions, but they can be used to increase + flexibility by matching a pattern with wild-cards against URLs. + + If you are reading this, you probably don't understand what "regular + expressions" are, or what they can do. So this will be a very brief + introduction only. A full explanation would require a book ;-) + + "Regular expressions" is a way of matching one character expression + against another to see if it matches or not. One of the "expressions" + is a literal string of readable characters (letter, numbers, etc), and + the other is a complex string of literal characters combined with + wild-cards, and other special characters, called meta-characters. The + "meta-characters" have special meanings and are used to build the + complex pattern to be matched against. Perl Compatible Regular + Expressions is an enhanced form of the regular expression language + with backward compatibility. + + To make a simple analogy, we do something similar when we use + wild-card characters when listing files with the dir command in DOS. + *.* matches all filenames. The "special" character here is the + asterisk which matches any and all characters. We can be more specific + and use ? to match just individual characters. So "dir file?.text" + would match "file1.txt", "file2.txt", etc. We are pattern matching, + using a similar technique to "regular expressions"! + + Regular expressions do essentially the same thing, but are much, much + more powerful. There are many more "special characters" and ways of + building complex patterns however. Let's look at a few of the common + ones, and then some examples: + + . - Matches any single character, e.g. "a", "A", "4", ":", or "@". + + ? - The preceding character or expression is matched ZERO or ONE + times. Either/or. + + + - The preceding character or expression is matched ONE or MORE + times. + + * - The preceding character or expression is matched ZERO or MORE + times. + + \ - The "escape" character denotes that the following character should + be taken literally. This is used where one of the special characters + (e.g. ".") needs to be taken literally and not as a special + meta-character. + + [] - Characters enclosed in brackets will be matched if any of the + enclosed characters are encountered. + + () - parentheses are used to group a sub-expression, or multiple + sub-expressions. + + | - The "bar" character works like an "or" conditional statement. A + match is successful if the sub-expression on either side of "|" + matches. + + s/string1/string2/g - This is used to rewrite strings of text. + "string1" is replaced by "string2" in this example. + + These are just some of the ones you are likely to use when matching + URLs with Junkbuster, and is a long way from a definitive list. This + is enough to get us started with a few simple examples which may be + more illuminating: + + /.*/banners/.* - A simple example that uses the common combination of + "." and "*" to denote any character, zero or more times. In other + words, any string at all. So we start with a literal forward slash, + then our regular expression pattern (".*") another literal forward + slash, the string "banners", another forward slash, and lastly another + ".*". We are building a directory path here. This will match any file + with the path that has a directory named "banners" in it. The ".*" + matches any characters, and this could conceivably be more forward + slashes, so it might expand into a much longer looking path. For + example, this could match: + "/eye/hate/spammers/banners/annoy_me_please.gif", or just + "/banners/annoying.html", or almost an infinite number of other + possible combinations, just so it has "banners" in the path somewhere. + + A now something a little more complex: + + /.*/adv((er)?ts?|ertis(ing|ements?))?/ - We have several literal + forward slashes again ("/"), so we are building another expression + that is a file path statement. We have another ".*", so we are + matching against any conceivable sub-path, just so it matches our + expression. The only true literal that must match our pattern is adv, + together with the forward slashes. What comes after the "adv" string + is the interesting part. + + Remember the "?" means the preceding expression (either a literal + character or anything grouped with "(...)" in this case) can exist or + not, since this means either zero or one match. So + "((er)?ts?|ertis(ing|ements?))" is optional, as are the individual + sub-expressions: "(er)", "(ing|ements?)", and the "s". The "|" means + "or". We have two of those. For instance, "(ing|ements?)", can expand + to match either "ing" OR "ements?". What is being done here, is an + attempt at matching as many variations of "advertisement", and + similar, as possible. So this would expand to match just "adv", or + "advert", or "adverts", or "advertising", or "advertisement", or + "advertisements". You get the idea. But it would not match + "advertizements" (with a "z"). We could fix that by changing our + regular expression to: "/.*/adv((er)?ts?|erti(s|z)(ing|ements?))?/", + which would then match either spelling. + + /.*/advert[0-9]+\.(gif|jpe?g) - Again another path statement with + forward slashes. Anything in the square brackets "[]" can be matched. + This is using "0-9" as a shorthand expression to mean any digit one + through nine. It is the same as saying "0123456789". So any digit + matches. The "+" means one or more of the preceding expression must be + included. The preceding expression here is what is in the square + brackets -- in this case, any digit one through nine. Then, at the + end, we have a grouping: "(gif|jpe?g)". This includes a "|", so this + needs to match the expression on either side of that bar character + also. A simple "gif" on one side, and the other side will in turn + match either "jpeg" or "jpg", since the "?" means the letter "e" is + optional and can be matched once or not at all. So we are building an + expression here to match image GIF or JPEG type image file. It must + include the literal string "advert", then one or more digits, and a + "." (which is now a literal, and not a special character, since it is + escaped with "\"), and lastly either "gif", or "jpeg", or "jpg". Some + possible matches would include: "//advert1.jpg", + "/nasty/ads/advert1234.gif", "/banners/from/hell/advert99.jpg". It + would not match "advert1.gif" (no leading slash), or "/adverts232.jpg" + (the expression does not include an "s"), or "/advert1.jsp" ("jsp" is + not in the expression anywhere). + + s/microsoft(?!.com)/MicroSuck/i - This is a substitution. "MicroSuck" + will replace any occurrence of "microsoft". The "i" at the end of the + expression means ignore case. The "(?!.com)" means the match should + fail if "microsoft" is followed by ".com". In other words, this acts + like a "NOT" modifier. In case this is a hyperlink, we don't want to + break it ;-). + + We are barely scratching the surface of regular expressions here so + that you can understand the default Junkbuster configuration files, + and maybe use this knowledge to customize your own installation. There + is much, much more that can be done with regular expressions. Now that + you know enough to get started, you can learn more on your own :/ + + More reading on Perl Compatible Regular expressions: + [70]http://www.perldoc.com/perl5.6/pod/perlre.html + _________________________________________________________________ + 8.2. JunkBuster's Internal Pages -Since JunkBuster proxies each requested web page, it is easy for JunkBuster to -trap certain URLs. In this way, we can talk directly to JunkBuster, and see how -it is configured, see how our rules are being applied, change these rules and -other configuration options, and even turn JunkBuster's filtering off, all with -a web browser. - -The URLs listed below are the special ones that allow direct access to -JunkBuster. Of course, JunkBuster must be running to access these. If not, you -will get a friendly error message. Internet access is not necessary either. - - * Junkbuster main page: - - http://ijbswa.sourceforge.net/config/ - - Alternately, this may be reached at http://i.j.b/, but this variation may - not work as reliably as the above in some configurations. + Since JunkBuster proxies each requested web page, it is easy for + JunkBuster to trap certain URLs. In this way, we can talk directly to + JunkBuster, and see how it is configured, see how our rules are being + applied, change these rules and other configuration options, and even + turn JunkBuster's filtering off, all with a web browser. - * Show information about the current configuration: + The URLs listed below are the special ones that allow direct access to + JunkBuster. Of course, JunkBuster must be running to access these. If + not, you will get a friendly error message. Internet access is not + necessary either. - http://ijbswa.sourceforge.net/config/show-status + * Junkbuster main page: - * Show the source code version numbers: - - http://ijbswa.sourceforge.net/config/show-version + [71]http://ijbswa.sourceforge.net/config/ + Alternately, this may be reached at [72]http://i.j.b/, but this + variation may not work as reliably as the above in some + configurations. + * Show information about the current configuration: - * Show the client's request headers: - - http://ijbswa.sourceforge.net/config/show-request + [73]http://ijbswa.sourceforge.net/config/show-status + * Show the source code version numbers: - * Show which actions apply to a URL and why: - - http://ijbswa.sourceforge.net/config/show-url-info + [74]http://ijbswa.sourceforge.net/config/show-version + * Show the client's request headers: - * Toggle JunkBuster on or off: - - http://ijbswa.sourceforge.net/config/toggle + [75]http://ijbswa.sourceforge.net/config/show-request + * Show which actions apply to a URL and why: - Short cuts. Turn off, then on: - - http://ijbswa.sourceforge.net/config/toggle?set=disable + [76]http://ijbswa.sourceforge.net/config/show-url-info + * Toggle JunkBuster on or off: - http://ijbswa.sourceforge.net/config/toggle?set=enable + [77]http://ijbswa.sourceforge.net/config/toggle + Short cuts. Turn off, then on: - * Edit the actions list file: - - http://ijbswa.sourceforge.net/config/edit-actions + [78]http://ijbswa.sourceforge.net/config/toggle?set=disable -These may be bookmarked for quick reference. - -------------------------------------------------------------------------------- - + [79]http://ijbswa.sourceforge.net/config/toggle?set=enable + * Edit the actions list file: + + [80]http://ijbswa.sourceforge.net/config/edit-actions + + These may be bookmarked for quick reference. + _________________________________________________________________ + 8.3. Anatomy of an Action -The way Junkbuster applies "actions" to any given URL can be complex, and not -always so easy to understand what is happening. And sometimes we need to be -able to see just what Junkbuster is doing. Especially, if something Junkbuster -is doing is causing us a problem inadvertantly. It can be a little daunting to -look at the actions files themselves, since they tend to be filled with -"regular expressions" whose consequences are not always so obvious. - -First, you enter one URL (or partial URL), and this page will tell you how the -currently configured Junkbuster "actions" are being applied to that specific -URL. This will not help with filtering effects from the re_filterfile! It also -will not tell you about any other URLs that may be embedded within the URL you -are testing. For instance, images such as ads are expressed as URLs within the -raw page source of HTML pages. So you will only get info for the actual URL -that is pasted into the prompt area -- not any sub-URLs. If you want to know -about embedded URLs like ads, you will have to dig those out of the HTML -source. Use your browser's "View Page Source" option for this. - -Let's look at an example, google.com, one section at a time: - - System default actions: - - { -add-header -block -deanimate-gifs -downgrade -fast-redirects -filter - -hide-forwarded -hide-from -hide-referer -hide-user-agent -image - -image-blocker -limit-connect -no-compression -no-cookies-keep - -no-cookies-read -no-cookies-set -no-popups -vanilla-wafer -wafer } - - - -This is the top section, and only tells us of the compiled in defaults. This is -basically what Junkbuster would do if there were not any "actions" defined, -i.e. it does nothing. Every action is disabled. This is not particularly -informative for our purposes here. OK, next section: - - Matches for http://google.com: - - { -add-header -block +deanimate-gifs -downgrade +fast-redirects - +filter{html-annoyances} +filter{js-annoyances} +filter{no-popups} - +filter{webbugs} +filter{nimda} +filter{banners-by-size} +filter{hal} - +filter{fun} +hide-forwarded +hide-from{block} +hide-referer{forge} - -hide-user-agent -image +image-blocker{blank} +no-compression - +no-cookies-keep -no-cookies-read -no-cookies-set +no-popups - -vanilla-wafer -wafer } - / - - { -no-cookies-keep -no-cookies-read -no-cookies-set } - .google.com - - { -fast-redirects } - .google.com - - - -This is much more informative, and tells us how we have defined our "actions", -and which ones match for our example, "google.com". The first grouping shows -our default settings, which would apply to all URLs. If you look at your -"actions" file, this would be the section just below the "aliases" section near -the top. This applies to all URLs as signified by the single forward slash -- " -/". - -These are the default actions we have enabled. But we can define additional -actions that would be exceptions to these general rules, and then list specific -URLs that these exceptions would apply to. Last match wins. Just below this -then are two explict matches for ".google.com". The first is negating our -various cookie blocking actions (i.e. we will allow cookies here). The second -is allowing "fast-redirects". Note that there is a leading dot here -- -".google.com". This will match any hosts and sub-domains, in the google.com -domain also, such as "www.google.com". So, apparently, we have these actions -defined somewhere in the lower part of our actions file, and "google.com" is -referenced in these sections. - -And now we pull it altogether in the bottom section and summarize how -Junkbuster is appying all its "actions" to "google.com": - - Final results: - - -add-header -block -deanimate-gifs -downgrade -fast-redirects - +filter{html-annoyances} +filter{js-annoyances} +filter{no-popups} - +filter{webbugs} +filter{nimda} +filter{banners-by-size} +filter{hal} - +filter{fun} +hide-forwarded +hide-from{block} +hide-referer{forge} - -hide-user-agent -image +image-blocker{blank} -limit-connect +no-compression - -no-cookies-keep -no-cookies-read -no-cookies-set +no-popups -vanilla-wafer - -wafer - - - -Now another example, "ad.doubleclick.net": - - { +block +image } - .ad.doubleclick.net - - { +block +image } - ad*. - - { +block +image } - .doubleclick.net - - - -We'll just show the interesting part here, the explicit matches. It is matched -three different times. Each as an "+block +image", which is the expanded form -of one of our aliases that had been defined as: "+imageblock". ("Aliases" are -defined in the first section of the actions file and typically used to combine -more than one action.) - -Any one of these would have done the trick and blocked this as an unwanted -image. This is unnecessarily redundant since the last case effectively would -also cover the first. No point in taking chances with these guys though ;-) -Note that if you want an ad or obnoxious URL to be invisible, it should be -defined as "ad.doubleclick.net" is done here -- as both a "+block" and an -"+image". The custom alias "+imageblock" does this for us. - -One last example. Let's try "http://www.rhapsodyk.net/adsl/HOWTO/". This one is -giving us problems. We are getting a blank page. Hmmm... - - Matches for http://www.rhapsodyk.net/adsl/HOWTO/: - - { -add-header -block +deanimate-gifs -downgrade +fast-redirects - +filter{html-annoyances} +filter{js-annoyances} +filter{no-popups} - +filter{webbugs} +filter{nimda} +filter{banners-by-size} +filter{hal} - +filter{fun} +hide-forwarded +hide-from{block} +hide-referer{forge} - -hide-user-agent -image +image-blocker{blank} +no-compression - +no-cookies-keep -no-cookies-read -no-cookies-set +no-popups - -vanilla-wafer -wafer } - / - - { +block +image } - /ads - - - -Ooops, the "/adsl/" is matching "/ads"! But we did not want this at all! Now we -see why we get the blank page. We could now add a new action below this that -explictly does not block (-block) pages with "adsl". There are various ways to -handle such exceptions. Example: - - { -block } - /adsl - - - -Now the page displays ;-) + The way Junkbuster applies "actions" to any given URL can be complex, + and not always so easy to understand what is happening. And sometimes + we need to be able to see just what Junkbuster is doing. Especially, + if something Junkbuster is doing is causing us a problem + inadvertantly. It can be a little daunting to look at the actions + files themselves, since they tend to be filled with "regular + expressions" whose consequences are not always so obvious. + + First, you enter one URL (or partial URL), and this page will tell you + how the currently configured Junkbuster "actions" are being applied to + that specific URL. This will not help with filtering effects from the + re_filterfile! It also will not tell you about any other URLs that may + be embedded within the URL you are testing. For instance, images such + as ads are expressed as URLs within the raw page source of HTML pages. + So you will only get info for the actual URL that is pasted into the + prompt area -- not any sub-URLs. If you want to know about embedded + URLs like ads, you will have to dig those out of the HTML source. Use + your browser's "View Page Source" option for this. + + Let's look at an example, [81]google.com, one section at a time: + + System default actions: + + { -add-header -block -deanimate-gifs -downgrade -fast-redirects -filter + -hide-forwarded -hide-from -hide-referer -hide-user-agent -image + -image-blocker -limit-connect -no-compression -no-cookies-keep + -no-cookies-read -no-cookies-set -no-popups -vanilla-wafer -wafer } + + + This is the top section, and only tells us of the compiled in + defaults. This is basically what Junkbuster would do if there were not + any "actions" defined, i.e. it does nothing. Every action is disabled. + This is not particularly informative for our purposes here. OK, next + section: + + Matches for http://google.com: + + { -add-header -block +deanimate-gifs -downgrade +fast-redirects + +filter{html-annoyances} +filter{js-annoyances} +filter{no-popups} + +filter{webbugs} +filter{nimda} +filter{banners-by-size} +filter{hal} + +filter{fun} +hide-forwarded +hide-from{block} +hide-referer{forge} + -hide-user-agent -image +image-blocker{blank} +no-compression + +no-cookies-keep -no-cookies-read -no-cookies-set +no-popups + -vanilla-wafer -wafer } + / + { -no-cookies-keep -no-cookies-read -no-cookies-set } + .google.com + + { -fast-redirects } + .google.com + + + This is much more informative, and tells us how we have defined our + "actions", and which ones match for our example, "google.com". The + first grouping shows our default settings, which would apply to all + URLs. If you look at your "actions" file, this would be the section + just below the "aliases" section near the top. This applies to all + URLs as signified by the single forward slash -- "/". + + These are the default actions we have enabled. But we can define + additional actions that would be exceptions to these general rules, + and then list specific URLs that these exceptions would apply to. Last + match wins. Just below this then are two explict matches for + ".google.com". The first is negating our various cookie blocking + actions (i.e. we will allow cookies here). The second is allowing + "fast-redirects". Note that there is a leading dot here -- + ".google.com". This will match any hosts and sub-domains, in the + google.com domain also, such as "www.google.com". So, apparently, we + have these actions defined somewhere in the lower part of our actions + file, and "google.com" is referenced in these sections. + + And now we pull it altogether in the bottom section and summarize how + Junkbuster is appying all its "actions" to "google.com": + + Final results: + + -add-header -block -deanimate-gifs -downgrade -fast-redirects + +filter{html-annoyances} +filter{js-annoyances} +filter{no-popups} + +filter{webbugs} +filter{nimda} +filter{banners-by-size} +filter{hal} + +filter{fun} +hide-forwarded +hide-from{block} +hide-referer{forge} + -hide-user-agent -image +image-blocker{blank} -limit-connect +no-compression + -no-cookies-keep -no-cookies-read -no-cookies-set +no-popups -vanilla-wafer + -wafer + + + Now another example, "ad.doubleclick.net": + + { +block +image } + .ad.doubleclick.net + + { +block +image } + ad*. + + { +block +image } + .doubleclick.net + + + We'll just show the interesting part here, the explicit matches. It is + matched three different times. Each as an "+block +image", which is + the expanded form of one of our aliases that had been defined as: + "+imageblock". ("Aliases" are defined in the first section of the + actions file and typically used to combine more than one action.) + + Any one of these would have done the trick and blocked this as an + unwanted image. This is unnecessarily redundant since the last case + effectively would also cover the first. No point in taking chances + with these guys though ;-) Note that if you want an ad or obnoxious + URL to be invisible, it should be defined as "ad.doubleclick.net" is + done here -- as both a "+block" and an "+image". The custom alias + "+imageblock" does this for us. + + One last example. Let's try "http://www.rhapsodyk.net/adsl/HOWTO/". + This one is giving us problems. We are getting a blank page. Hmmm... + + Matches for http://www.rhapsodyk.net/adsl/HOWTO/: + + { -add-header -block +deanimate-gifs -downgrade +fast-redirects + +filter{html-annoyances} +filter{js-annoyances} +filter{no-popups} + +filter{webbugs} +filter{nimda} +filter{banners-by-size} +filter{hal} + +filter{fun} +hide-forwarded +hide-from{block} +hide-referer{forge} + -hide-user-agent -image +image-blocker{blank} +no-compression + +no-cookies-keep -no-cookies-read -no-cookies-set +no-popups + -vanilla-wafer -wafer } + / + + { +block +image } + /ads + + + Ooops, the "/adsl/" is matching "/ads"! But we did not want this at + all! Now we see why we get the blank page. We could now add a new + action below this that explictly does not block (-block) pages with + "adsl". There are various ways to handle such exceptions. Example: + + { -block } + /adsl + + + Now the page displays ;-) + +References + + Visible links + 1. http://ijbswa.sourceforge.net/user-manual/ + 2. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#INTRODUCTION + 3. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN27 + 4. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#INSTALLATION + 5. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#INSTALLATION-SOURCE + 6. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#INSTALLATION-RH + 7. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#INSTALLATION-SUSE + 8. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#INSTALLATION-OS2 + 9. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#INSTALLATION-WIN + 10. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#INSTALLATION-OTHER + 11. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#CONFIGURATION + 12. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN144 + 13. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN161 + 14. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN192 + 15. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN225 + 16. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN317 + 17. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN454 + 18. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN542 + 19. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN651 + 20. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#ACTIONSFILE + 21. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN749 + 22. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN823 + 23. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN1143 + 24. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#FILTERFILE + 25. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN1202 + 26. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#QUICKSTART + 27. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN1257 + 28. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#CONTACT + 29. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#COPYRIGHT + 30. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN1316 + 31. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN1322 + 32. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#SEEALSO + 33. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#APPENDIX + 34. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#REGEX + 35. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN1506 + 36. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#ACTIONSANAT + 37. http://i.j.b/ + 38. http://sourceforge.net/projects/ijbswa/ + 39. http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/ijbswa/current/ + 40. http://www.gnu.org/ + 41. http://i.j.b/ + 42. http://ijbswa.sourceforge.net/config/ + 43. http://i.j.b/ + 44. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#ACTIONSFILE + 45. http://i.j.b/ + 46. http://i.j.b/ + 47. http://i.j.b/ + 48. http://i.j.b/ + 49. http://i.j.b/show-url-info + 50. http://www.perldoc.com/perl5.6/pod/perlre.html + 51. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#REGEX + 52. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#ACTIONSANAT + 53. http://i.j.b/ + 54. http://sourceforge.net/tracker/?group_id=11118&atid=211118 + 55. http://sourceforge.net/tracker/?group_id=11118&atid=111118 + 56. http://sourceforge.net/tracker/?atid=361118&group_id=11118&func=browse + 57. http://sourceforge.net/mail/?group_id=11118 + 58. http://sourceforge.net/mail/?group_id=11118 + 59. http://www.gnu.org/copyleft/gpl.html + 60. http://www.junkbusters.com/ht/en/ijbfaq.html + 61. http://www.waldherr.org/junkbuster/ + 62. http://sourceforge.net/projects/ijbswa/ + 63. http://sourceforge.net/projects/ijbswa + 64. http://ijbswa.sourceforge.net/ + 65. http://i.j.b/ + 66. http://www.junkbusters.com/ht/en/cookies.html + 67. http://www.waldherr.org/junkbuster/ + 68. http://privacy.net/analyze/ + 69. http://www.squid-cache.org/ + 70. http://www.perldoc.com/perl5.6/pod/perlre.html + 71. http://ijbswa.sourceforge.net/config/ + 72. http://i.j.b/ + 73. http://ijbswa.sourceforge.net/config/show-status + 74. http://ijbswa.sourceforge.net/config/show-version + 75. http://ijbswa.sourceforge.net/config/show-request + 76. http://ijbswa.sourceforge.net/config/show-url-info + 77. http://ijbswa.sourceforge.net/config/toggle + 78. http://ijbswa.sourceforge.net/config/toggle?set=disable + 79. http://ijbswa.sourceforge.net/config/toggle?set=enable + 80. http://ijbswa.sourceforge.net/config/edit-actions + 81. http://google.com/ + + Hidden links: + 82. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN1378 + 83. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN1386 + 84. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN1389 + 85. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN1392 + 86. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN1395 + 87. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN1400 + 88. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN1403 + 89. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN1406 + 90. file://localhost/home/swa/sf/current-org/doc/source/tmp.html#AEN1412