+
+<para>
+ When setting up an NT based Windows system with
+ <application>Privoxy</application> you may find that things do not seem to be
+ doing what you expect. When you set your system up you will probably have set
+ up Internet Connection Sharing (ICS) with Dial up Networking (DUN) when
+ logged in with administrator privileges. You will probably have made this DUN
+ connection available to other accounts that you may have set-up on your
+ system. E.g. Mum or Dad sets up the system and makes accounts suitably
+ configured for the kids.
+</para>
+
+<para>
+ When setting up <application>Privoxy</application> in this environment you
+ will have to alter the proxy set-up of Internet Explorer (IE) for the
+ specific DUN connection on which you wish to use
+ <application>Privoxy</application>. When you do this the ICS DUN set-up
+ becomes user specific. In this instance you will see no difference if you
+ change the DUN connection under the account used to set-up the connection.
+ However when you do this from another user you will notice that the DUN
+ connection changes to make available to "Me only". You will also find that
+ you have to store the password under each different user!
+</para>
+
+<para>
+ The reason for this is that each user's set-up for IE is user specific. Each
+ set-up DUN connection and each LAN connection in IE store the settings for
+ each user individually. As such this enforces individual configurations
+ rather than common ones. Hence the first time you use a DUN connection after
+ re-booting your system it may not perform as you expect, and prompt you for
+ the password. Just set and save the password again and all should be OK.
+</para>
+
+<para>
+[Thanks to Ray Griffith for this submission.]
+</para>
+</sect2>
+
+
+<!-- ~~~~~ New section ~~~~~ -->
+<sect2 id="ftp" renderas="sect3">
+<title>I cannot connect to any FTP sites. Privoxy
+ is blocking me.</title>
+ <para>
+ <application>Privoxy</application> cannot act as a proxy for FTP traffic,
+ so do not configure your browser to use <application>Privoxy</application>
+ as an FTP proxy. The same is true for <emphasis>any protocol other than HTTP
+ or HTTPS (SSL)</emphasis>.
+ </para>
+ <para>
+ Most browsers understand FTP as well as HTTP. If you connect to a site, with
+ a URL like <literal>ftp://ftp.example.com</literal>, your browser is making
+ an FTP connection, and not a HTTP connection. So while your browser may
+ speak FTP, <application>Privoxy</application> does not, and cannot proxy
+ such traffic.
+ </para>
+ <para>
+ To complicate matters, some systems may have a generic <quote>proxy</quote>
+ setting, which will enable various protocols, including
+ <emphasis>both</emphasis> HTTP and FTP proxying! So it is possible to
+ accidentally enable FTP proxying in these cases. And of course, if this
+ happens, <application>Privoxy</application> will indeed cause problems since
+ it does not know FTP. <![%p-newstuff;[Newer version will give a sane error
+ message if a FTP connection is attempted.]]> Just disable the FTP setting
+ and all will be well again.
+ </para>
+ <para>
+ Will <application>Privoxy</application> ever proxy FTP traffic? Unlikely.
+ There just is not much reason, and the work to make this happen is more than
+ it may seem.
+ </para>
+</sect2>
+
+<!-- ~~~~~ New section ~~~~~ -->
+<sect2 id="macosxie" renderas="sect3">
+<title>In Mac OS X, I can't configure Microsoft Internet Explorer to use
+ Privoxy as the HTTP proxy.</title>
+ <para>
+ Microsoft Internet Explorer (in versions like 5.1) respects system-wide
+ network settings. In order to change the HTTP proxy, open System
+ Preferences, and click on the Network icon. In the settings pane that
+ comes up, click on the Proxies tab. Ensure the "Web Proxy (HTTP)" checkbox
+ is checked and enter <literal>127.0.0.1</literal> in the entry field.
+ Enter <literal>8118</literal> in the Port field. The next time you start
+ IE, it should reflect these values.
+ </para>
+</sect2>
+
+<!-- ~~~~~ New section ~~~~~ -->
+<sect2 renderas="sect3" id="macosxuninstall">
+<title>In Mac OS X, I dragged the Privoxy folder to the trash in order to
+ uninstall it. Now the finder tells me I don't have sufficient privileges to
+ empty the trash.</title>
+ <para>
+ Note: This ONLY applies to privoxy 3.0.6 and earlier.
+ </para>
+ <para>
+ Just dragging the <application>Privoxy</application> folder to the trash is
+ not enough to delete it. <application>Privoxy</application> supplies an
+ <application>uninstall.command</application> file that takes care of
+ these details. Open the trash, drag the <application>uninstall.command</application>
+ file out of the trash and double-click on it. You will be prompted for
+ confirmation and the administration password.
+ </para>
+ <para>
+ The trash may still appear full after this command; emptying the trash
+ from the desktop should make it appear empty again.
+ </para>
+</sect2>
+
+
+<!-- ~~~~~ New section ~~~~~ -->
+<sect2 renderas="sect3" id="macosximages">
+<title>In Mac OS X Panther (10.3), images often fail to load and/or I
+ experience random delays in page loading. I'm using
+ <literal>localhost</literal> as my browser's proxy setting.</title>
+ <para>
+ We believe this is due to an IPv6-related bug in Mac OS X, but don't fully
+ understand the issue yet. In any case, changing the proxy setting to
+ <literal>127.0.0.1</literal> instead of <literal>localhost</literal>
+ works around the problem.
+ </para>
+</sect2>
+
+<!-- ~~~~~ New section ~~~~~ -->
+<!-- XXX: Is this still relevant now that we have gzip support? -->
+<sect2 renderas="sect3" id="blankpage">
+<title>I get a completely blank page at one site. <quote>View Source</quote>
+ shows only: <markup><![CDATA[<html><body></body></html>]]></markup>. Without
+ Privoxy the page loads fine.</title>
+ <para>
+ Chances are that the site suffers from a bug in
+ <ulink url="http://www.php.net/"><application>PHP</application></ulink>,
+ which results in empty pages being sent if the client explicitly requests
+ an uncompressed page, like <application>Privoxy</application> does.
+ This bug has been fixed in PHP 4.2.3.
+ </para>
+ <para>
+ To find out if this is in fact the source of the problem, try adding
+ the site to a <literal>-prevent-compression</literal> section in
+ <filename>user.action</filename>:
+ </para>
+ <screen>
+ # Make exceptions for ill-behaved sites:
+ #
+ {-prevent-compression}
+ .example.com</screen>
+ <para>
+ If that works, you may also want to report the problem to the
+ site's webmasters, telling them to use zlib.output_compression
+ instead of ob_gzhandler in their PHP applications (workaround)
+ or upgrade to PHP 4.2.3 or later (fix).
+ </para>
+</sect2>
+
+<sect2 renderas="sect3" id="nohostname">
+<title>My logs show many <quote>Unable to get my own hostname</quote> lines.
+Why?</title>
+<para>
+ <application>Privoxy</application> tries to get the hostname of the system
+ its running on from the IP address of the system interface it is bound to
+ (from the <filename>config</filename> file
+ <emphasis>listen-address</emphasis> setting). If the system cannot supply
+ this information, <application>Privoxy</application> logs this condition.
+</para>
+<para>
+ Typically, this would be considered a minor system configuration error. It is
+ not a fatal error to <application>Privoxy</application> however, but may
+ result in a much slower response from <application>Privoxy</application> on
+ some platforms due to DNS timeouts.
+</para>
+<para>
+ This can be caused by a problem with the local <filename>hosts</filename>
+ file. If this file has been changed from the original, try reverting it to
+ see if that helps. Make sure whatever name(s) are used for the local system,
+ that they resolve both ways.
+</para>
+<para>
+ You should also be able to work around the problem with the
+ <ulink url="../user-manual/config.html#HOSTNAME">hostname option</ulink>.
+</para>
+</sect2>
+
+<sect2 renderas="sect3" id="inuse">
+<title>When I try to launch Privoxy, I get an
+error message <quote>port 8118 is already in use</quote> (or similar wording).
+Why?</title>
+<para>
+ Port 8118 is <application>Privoxy's</application> default TCP
+ <quote>listening</quote> port. Typically this message would mean that there
+ is already one instance of <application>Privoxy</application> running, and
+ your system is actually trying to start a second
+ <application>Privoxy</application> on the same port, which will not work.
+ (You can have multiple instances but they must be assigned different ports.)
+ How and why this might happen varies from platform to platform, but you need
+ to check your installation and start-up procedures.
+</para>
+</sect2>
+
+<sect2 renderas="sect3" id="demoronizer">
+<title>
+ Pages with UTF-8 fonts are garbled.
+</title>
+<para>
+ This is caused by the <quote>demoronizer</quote> filter. You should either
+ upgrade <application>Privoxy</application>, or at least upgrade to the most
+ recent <filename>default.action</filename> file available from <ulink
+ url="http://sourceforge.net/project/showfiles.php?group_id=11118">SourceForge</ulink>.
+ Or you can simply disable the demoronizer filter.
+</para>
+</sect2>
+
+<sect2 renderas="sect3" id="demoronizer2">
+<title>
+ Why are binary files (such as images) corrupted when Privoxy
+ is used?
+</title>
+<para>
+ This may also be caused by the <quote>demoronizer</quote> filter,
+ in conjunction with a web server that is misreporting the content type. Binary
+ files are exempted from <application>Privoxy's</application> filtering
+ (unless the web server by mistake says the file is something else). Either
+ upgrade <application>Privoxy</application>, or go to the most recent
+ <filename>default.action</filename> file available from <ulink
+ url="http://sourceforge.net/project/showfiles.php?group_id=11118">SourceForge</ulink>.
+</para>
+</sect2>
+
+<sect2 renderas="sect3" id="demoronizer3">
+<title>
+ What is the <quote>demoronizer</quote> and why is it there?
+</title>
+<para>
+ The original demoronizer was a Perl script that cleaned up HTML pages which
+ were created with certain Microsoft products. MS has used proprietary extensions
+ to standardized font encodings (ISO 8859-1), which has caused problems for pages
+ that are viewed with non-Microsoft products (and are expecting to see a
+ standard set of fonts). The demoronizer corrected these errors so the pages
+ displayed correctly. <application>Privoxy</application> borrowed from this
+ script, introducing a filter based on the original demoronizer, which in turn could
+ correct these errors on the fly.
+</para>
+<para>
+ But this is only needed in some situations, and will cause serious problems in some
+ other situations.
+</para>
+<para>
+ If you are using Microsoft products, you do not need it. If you need to view
+ pages with UTF-8 characters (such as Cyrillic or Chinese), then it will
+ cause corruption of the fonts, and thus <emphasis>should not be on</emphasis>.
+</para>
+<para>
+ On the other hand, if you use non-Microsoft products, and you occasionally
+ notice weird characters on pages, you might want to try it.
+</para>
+</sect2>
+
+<sect2 renderas="sect3" id="windowopen">
+<title>
+ Why do I keep seeing <quote>PrivoxyWindowOpen()</quote> in raw source code?
+</title>
+<para>
+ <application>Privoxy</application> is attempting to disable malicious
+ <ulink url="http://en.wikipedia.org/wiki/Javascript">Javascript</ulink>
+ in this case, with the <literal>unsolicited-popups</literal>
+ filter. <application>Privoxy</application> cannot tell very well
+ <quote>good</quote> code snippets from <quote>bad</quote> code snippets.
+</para>
+<para>
+ If you see this in HTML source, and the page displays without problems, then
+ this is good, and likely some pop-up window was disabled. If you see this
+ where it is causing a problem, such as a downloaded program source code file,
+ then you should set an exception for this site or page such that the
+ integrity of the page stays in tact by disabling all filtering.
+</para>
+</sect2>
+
+<sect2 renderas="sect3" id="dnserrors">
+<title>
+ I am getting too many DNS errors like <quote>404 No Such Domain</quote>. Why
+ can't Privoxy do this better?
+</title>
+<para>
+ There are potentially several factors here. First of all, the DNS resolution
+ is done by the underlying operating system -- not
+ <application>Privoxy</application> itself. <application>Privoxy</application>
+ merely initiates the process and hands it off, and then later reports
+ whatever the outcome was and tries to give a coherent message if there seems
+ to be a problem. In some cases, this might otherwise be mitigated by the
+ browser itself which might try some work-arounds and alternate approaches (e.g
+ adding <quote>www.</quote> to the URL).
+</para>
+<para>
+ In other cases, if <application>Privoxy</application> is being chained
+ with another proxy, this could complicate the issue, and cause undue
+ delays and timeouts. In the case of a <quote>socks4a</quote> proxy, the socks
+ server handles all the DNS. <application>Privoxy</application> would just be
+ the <quote>messenger</quote> which is reporting whatever problem occurred
+ downstream, and not the root cause of the error.
+</para>
+<![%p-newstuff;[
+<para>
+ In any case, versions newer than 3.0.3 include various improvements to help
+ <application>Privoxy</application> better handle these cases.
+</para>]]>
+</sect2>
+
+<sect2 renderas="sect3" id="allcpu">
+<title>
+ At one site Privoxy just hangs, and starts taking
+ all CPU. Why is this?
+</title>
+<para>
+ This is probably a manifestation of the <quote>100% cpu</quote> problem that
+ occurs on pages containing many (thousands upon thousands) of blank lines. The blank lines
+ are in the raw HTML source of the page, and the browser just ignores them. But the
+ pattern matching in <application>Privoxy's</application> page filtering
+ mechanism is trying to match against absurdly long strings and this becomes
+ very CPU-intensive, taking a long, long time to complete.
+</para>
+<para>
+ Until a better solution comes along, disable filtering on these pages,
+ particularly the <literal>js-annoyances</literal> and
+ <literal>unsolicited-popups</literal> filters. If you run into this problem
+ with a recent &my-app; version, please send a problem report.
+</para>
+</sect2>
+
+<sect2 renderas="sect3" id="slowcrawl">
+<title>I just installed Privoxy, and all my
+browsing has slowed to a crawl. What gives? </title>
+<para>
+ This should not happen, and for the overwhelming number of users world-wide,
+ it does not happen. I would suspect some inadvertent interaction of software
+ components such as anti-virus software, spyware protectors, personal
+ firewalls or similar components. Try disabling (or uninstalling) these one
+ at a time and see if that helps. Either way, if you are using a
+ recent &my-app; version, please report the problem.
+</para>
+</sect2>
+
+<sect2 renderas="sect3" id="preventcomp">
+<title>Why do my filters work on some sites but not on others? </title>
+<para>
+ It's probably due to compression. It is a common practice for web servers to
+ send their content <quote>compressed</quote> in order to speed things up, and
+ then let the browser <quote>uncompress</quote> them. When compiled with zlib support
+ &my-app; can decompress content before filtering, otherwise you may want to enable
+<ulink
+ url="../user-manual/actions-file.html#PREVENT-COMPRESSION">prevent-compression</ulink>.
+</para>
+<para>
+ As of &my-app; 3.0.9, zlib support is enabled in the default builds.
+</para>
+</sect2>
+
+
+<sect2 renderas="sect3" id="ssl-warnings">
+<title>On some HTTPS sites my browser warns me about unauthenticated content,
+ the URL bar doesn't get highlighted and the lock symbol appears to be broken.
+ What's going on?</title>
+<para>
+ Probably the browser is requesting ads through HTTPS and &my-app;
+ is blocking the requests. Privoxy's error messages are delivered
+ unencrypted and while it's obvious for the browser that the HTTPS
+ request is already blocked by the proxy, some warn about unauthenticated
+ content anyway.
+</para>
+<para>
+ To work around the problem you can redirect those requests to an invalid
+ local address instead of blocking them. While the redirects aren't
+ encrypted either, many browsers don't care. They simply follow the
+ redirect, fail to reach a server and display an error message instead
+ of the ad.
+</para>
+<para>
+ To do that, enable logging to figure out which requests get blocked by
+ &my-app; and add the hosts (no path patterns) to a section like this:
+</para>
+<para>
+<screen>
+<![CDATA[
+{+redirect{http://127.0.0.1:0/} -block -limit-connect}
+.ivwbox.de:443/
+]]>
+</screen>
+</para>
+<para>
+ Additionally you have to configure your browser to contact
+ <quote>127.0.0.1:0</quote> directly (instead of through &my-app;).
+</para>
+<para>
+ To add a proxy exception in <application>Mozilla Firefox</application>
+ open the <quote>Preferences</quote>, click the <quote>Settings</quote>
+ button located on the <quote>Network</quote> tab in the <quote>Advanced</quote>
+ section, and add <quote>127.0.0.1:0</quote> in the <quote>No Proxy for:</quote>
+ field.
+</para>
+</sect2>
+
+
+<sect2 renderas="sect3" id="se-linux">
+<title>I get selinux error messages. How can I fix this?</title>
+<para>
+ Please report the problem to the creator of your selinux policies.
+</para>
+<para>
+ The problem is that some selinux policy writers aren't familiar
+ with the application they are trying to <quote>secure</quote> and
+ thus create policies that make no sense.
+</para>
+<para>
+ In <application>Privoxy's</application> case the problem usually
+ is that the policy only allows outgoing connections for certain
+ destination ports (e.g. 80 and 443). While this may cover the
+ standard ports, websites occasionally use other ports as well.
+ This isn't a security problem and therefore <application>Privoxy's</application>
+ default configuration doesn't block these requests.
+</para>
+<para>
+ If you really want to block these ports (and don't be able
+ to load websites that don't use standard ports), you should
+ configure Privoxy to block these ports as well, so it doesn't
+ trigger the selinux warnings.
+</para>
+</sect2>
+
+
+<sect2 renderas="sect3" id="gentoo-ricers">
+<title>I compiled &my-app; with Gentoo's portage and it appears to be very slow. Why?</title>
+<para>
+ Probably you unintentionally compiled &my-app; without threading support
+ in which case requests have to be serialized and only one can be served
+ at the same time.
+</para>
+<para>
+ Check your <quote>USE</quote> flags and make sure they include
+ <quote>threads</quote>. If they don't, add the flag and rebuild &my-app;.
+</para>
+<para>
+ If you compiled &my-app; with threading support (on POSIX-based systems),
+ the <quote>Conditional #defines</quote> section on <ulink
+ url="http://config.privoxy.org/show-status">http://config.privoxy.org/show-status</ulink>
+ will list <quote>FEATURE_PTHREAD</quote> as <quote>enabled</quote>.
+</para>
+</sect2>
+
+