Add OpenSSL to the list of libraries that may be licensed under the Apache 2.0 license

[privoxy.git] / doc / source / p-config.sgml

diff --git a/doc/source/p-config.sgml b/doc/source/p-config.sgml
index a372d36..0a9330d 100644 (file)
--- a/doc/source/p-config.sgml
+++ b/doc/source/p-config.sgml
@@ -1067,10 +1067,17 @@ debug 65536 # Log the applying actions
  </varlistentry>
 </variablelist>
 
  </varlistentry>
 </variablelist>
 

-<![%config-file;[<literallayout>@@#debug     1 # Log the destination for each request &my-app; let through.</literallayout>]]>
+<![%config-file;[<literallayout>@@#debug     1 # Log the destination for each request. See also debug 1024.</literallayout>]]>
+<![%config-file;[<literallayout>@@#debug     2 # show each connection status</literallayout>]]>
+<![%config-file;[<literallayout>@@#debug     4 # show tagging-related messages</literallayout>]]>
+<![%config-file;[<literallayout>@@#debug     8 # show header parsing</literallayout>]]>
+<![%config-file;[<literallayout>@@#debug   128 # debug redirects</literallayout>]]>
+<![%config-file;[<literallayout>@@#debug   256 # debug GIF de-animation</literallayout>]]>
+<![%config-file;[<literallayout>@@#debug   512 # Common Log Format</literallayout>]]>

 <![%config-file;[<literallayout>@@#debug  1024 # Log the destination for requests &my-app; didn't let through, and the reason why.</literallayout>]]>
 <![%config-file;[<literallayout>@@#debug  4096 # Startup banner and warnings</literallayout>]]>
 <![%config-file;[<literallayout>@@#debug  8192 # Non-fatal errors</literallayout>]]>
 <![%config-file;[<literallayout>@@#debug  1024 # Log the destination for requests &my-app; didn't let through, and the reason why.</literallayout>]]>
 <![%config-file;[<literallayout>@@#debug  4096 # Startup banner and warnings</literallayout>]]>
 <![%config-file;[<literallayout>@@#debug  8192 # Non-fatal errors</literallayout>]]>

+<![%config-file;[<literallayout>@@#debug 65536 # Log applying actions</literallayout>]]>

 </sect3>
 
 
 </sect3>
 
 


@@ -1295,8 +1302,8 @@ debug 65536 # Log the applying actions
     (ACL's, see below), and/or a firewall.
    </para>
    <para>
     (ACL's, see below), and/or a firewall.
    </para>
    <para>

-    If you open <application>Privoxy</application> to untrusted users, you will
-    also want to make sure that the following actions are disabled:  <literal><link
+    If you open <application>Privoxy</application> to untrusted users, you should
+    also make sure that the following actions are disabled:  <literal><link

     linkend="enable-edit-actions">enable-edit-actions</link></literal> and
     <literal><link linkend="enable-remote-toggle">enable-remote-toggle</link></literal>
    </para>
     linkend="enable-edit-actions">enable-edit-actions</link></literal> and
     <literal><link linkend="enable-remote-toggle">enable-remote-toggle</link></literal>
    </para>


@@ -3008,9 +3015,9 @@ forward   /.*\.(exe|com|dll|zip)$    antivir.example.com:8010
     There are also a few privacy implications you should be aware of.
    </para>
    <para>
     There are also a few privacy implications you should be aware of.
    </para>
    <para>

-    If this option is effective, outgoing connections are shared between
+    If this option is enabled, outgoing connections are shared between

     clients (if there are more than one) and closing the browser that initiated
     clients (if there are more than one) and closing the browser that initiated

-    the outgoing connection does no longer affect the connection between &my-app;
+    the outgoing connection does not affect the connection between &my-app;

     and the server unless the client's request hasn't been completed yet.
    </para>
    <para>
     and the server unless the client's request hasn't been completed yet.
    </para>
    <para>


@@ -3098,6 +3105,14 @@ forward   /.*\.(exe|com|dll|zip)$    antivir.example.com:8010
     If you aren't using an occasionally slow proxy like Tor, reducing
     it to a few seconds should be fine.
    </para>
     If you aren't using an occasionally slow proxy like Tor, reducing
     it to a few seconds should be fine.
    </para>

+   <warning>
+    <para>
+     When a TLS library is being used to read or write data from a socket with
+     <literal><ulink url="actions-file.html#HTTPS-INSPECTION">https-inspection</ulink></literal>
+     enabled the socket-timeout currently isn't applied and the timeout
+     used depends on the library (which may not even use a timeout).
+    </para>
+   </warning>

   </listitem>
  </varlistentry>
  <varlistentry>
   </listitem>
  </varlistentry>
  <varlistentry>


@@ -3176,10 +3191,15 @@ forward   /.*\.(exe|com|dll|zip)$    antivir.example.com:8010
    </para>
    <para>
     One most POSIX-compliant systems &my-app; can't properly deal with
    </para>
    <para>
     One most POSIX-compliant systems &my-app; can't properly deal with

-    more than FD_SETSIZE file descriptors at the same time and has to reject
-    connections if the limit is reached. This will likely change in a
-    future version, but currently this limit can't be increased without
-    recompiling &my-app; with a different FD_SETSIZE limit.
+    more than FD_SETSIZE file descriptors if &my-app; has been configured
+    to use select() and has to reject connections if the limit is reached.
+    When using select() this limit therefore can't be increased without
+    recompiling &my-app; with a different FD_SETSIZE limit unless &my-app;
+    is running on Windows with _WIN32 defined.
+   </para>
+   <para>
+    When &my-app; has been configured to use poll() the FD_SETSIZE limit
+    does not apply.

    </para>
   </listitem>
  </varlistentry>
    </para>
   </listitem>
  </varlistentry>


@@ -4142,10 +4162,17 @@ compression-level 0
     that is used when Privoxy generates certificates for intercepted
     requests.
    </para>
     that is used when Privoxy generates certificates for intercepted
     requests.
    </para>

+   <warning>

    <para>
      Note that the password is shown on the CGI page so don't
      reuse an important one.
    </para>
    <para>
      Note that the password is shown on the CGI page so don't
      reuse an important one.
    </para>

+   <para>
+     If disclosure of the password is a compliance issue consider blocking
+     the relevant CGI requests after enabling the <link linkend="enforce-blocks">enforce-blocks</link>
+     and <link linkend="allow-cgi-request-crunching">allow-cgi-request-crunching</link>.
+   </para>
+   </warning>

   </listitem>
  </varlistentry>
  <varlistentry>
   </listitem>
  </varlistentry>
  <varlistentry>