+ <p>
+ Examples: <tt class="LITERAL">+add-header{X-Fun-Header: Some
+ text}</tt> and <tt class=
+ "LITERAL">+filter{html-annoyances}</tt>
+ </p>
+ </li>
+ </ul>
+
+ <p>
+ If nothing is specified in any actions file, no <span class=
+ "QUOTE">"actions"</span> are taken. So in this case <span class=
+ "APPLICATION">Privoxy</span> would just be a normal, non-blocking,
+ non-filtering proxy. You must specifically enable the privacy and
+ blocking features you need (although the provided default actions
+ files will give a good starting point).
+ </p>
+ <p>
+ Later defined action sections always over-ride earlier ones of the
+ same type. So exceptions to any rules you make, should come in the
+ latter part of the file (or in a file that is processed later when
+ using multiple actions files such as <tt class=
+ "FILENAME">user.action</tt>). For multi-valued actions, the actions
+ are applied in the order they are specified. Actions files are
+ processed in the order they are defined in <tt class=
+ "FILENAME">config</tt> (the default installation has three actions
+ files). It also quite possible for any given URL to match more than
+ one <span class="QUOTE">"pattern"</span> (because of wildcards and
+ regular expressions), and thus to trigger more than one set of
+ actions! Last match wins.
+ </p>
+ <p>
+ The list of valid <span class="APPLICATION">Privoxy</span> actions
+ are:
+ </p>
+ <div class="SECT3">
+ <h4 class="SECT3">
+ <a name="ADD-HEADER">8.5.1. add-header</a>
+ </h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>
+ Typical use:
+ </dt>
+ <dd>
+ <p>
+ Confuse log analysis, custom applications
+ </p>
+ </dd>
+ <dt>
+ Effect:
+ </dt>
+ <dd>
+ <p>
+ Sends a user defined HTTP header to the web server.
+ </p>
+ </dd>
+ <dt>
+ Type:
+ </dt>
+ <dd>
+ <p>
+ Multi-value.
+ </p>
+ </dd>
+ <dt>
+ Parameter:
+ </dt>
+ <dd>
+ <p>
+ Any string value is possible. Validity of the defined HTTP
+ headers is not checked. It is recommended that you use the
+ <span class="QUOTE">"<tt class="LITERAL">X-</tt>"</span>
+ prefix for custom headers.
+ </p>
+ </dd>
+ <dt>
+ Notes:
+ </dt>
+ <dd>
+ <p>
+ This action may be specified multiple times, in order to
+ define multiple headers. This is rarely needed for the
+ typical user. If you don't know what <span class=
+ "QUOTE">"HTTP headers"</span> are, you definitely don't
+ need to worry about this one.
+ </p>
+ <p>
+ Headers added by this action are not modified by other
+ actions.
+ </p>
+ </dd>
+ <dt>
+ Example usage:
+ </dt>
+ <dd>
+ <p>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
+# Add a DNT ("Do not track") header to all requests,
+# event to those that already have one.
+#
+# This is just an example, not a recommendation.
+#
+# There is no reason to believe that user-tracking websites care
+# about the DNT header and depending on the User-Agent, adding the
+# header may make user-tracking easier.
+{+add-header{DNT: 1}}
+/
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3">
+ <a name="BLOCK">8.5.2. block</a>
+ </h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>
+ Typical use:
+ </dt>
+ <dd>
+ <p>
+ Block ads or other unwanted content
+ </p>
+ </dd>
+ <dt>
+ Effect:
+ </dt>
+ <dd>
+ <p>
+ Requests for URLs to which this action applies are blocked,
+ i.e. the requests are trapped by <span class=
+ "APPLICATION">Privoxy</span> and the requested URL is never
+ retrieved, but is answered locally with a substitute page
+ or image, as determined by the <tt class="LITERAL"><a href=
+ "actions-file.html#HANDLE-AS-IMAGE">handle-as-image</a></tt>,
+ <tt class="LITERAL"><a href=
+ "actions-file.html#SET-IMAGE-BLOCKER">set-image-blocker</a></tt>,
+ and <tt class="LITERAL"><a href=
+ "actions-file.html#HANDLE-AS-EMPTY-DOCUMENT">handle-as-empty-document</a></tt>
+ actions.
+ </p>
+ </dd>
+ <dt>
+ Type:
+ </dt>
+ <dd>
+ <p>
+ Parameterized.
+ </p>
+ </dd>
+ <dt>
+ Parameter:
+ </dt>
+ <dd>
+ <p>
+ A block reason that should be given to the user.
+ </p>
+ </dd>
+ <dt>
+ Notes:
+ </dt>
+ <dd>
+ <p>
+ <span class="APPLICATION">Privoxy</span> sends a special
+ <span class="QUOTE">"BLOCKED"</span> page for requests to
+ blocked pages. This page contains the block reason given as
+ parameter, a link to find out why the block action applies,
+ and a click-through to the blocked content (the latter only
+ if the force feature is available and enabled).
+ </p>
+ <p>
+ A very important exception occurs if <span class=
+ "emphasis"><i class="EMPHASIS">both</i></span> <tt class=
+ "LITERAL">block</tt> and <tt class="LITERAL"><a href=
+ "actions-file.html#HANDLE-AS-IMAGE">handle-as-image</a></tt>,
+ apply to the same request: it will then be replaced by an
+ image. If <tt class="LITERAL"><a href=
+ "actions-file.html#SET-IMAGE-BLOCKER">set-image-blocker</a></tt>
+ (see below) also applies, the type of image will be
+ determined by its parameter, if not, the standard
+ checkerboard pattern is sent.
+ </p>
+ <p>
+ It is important to understand this process, in order to
+ understand how <span class="APPLICATION">Privoxy</span>
+ deals with ads and other unwanted content. Blocking is a
+ core feature, and one upon which various other features
+ depend.
+ </p>
+ <p>
+ The <tt class="LITERAL"><a href=
+ "actions-file.html#FILTER">filter</a></tt> action can
+ perform a very similar task, by <span class=
+ "QUOTE">"blocking"</span> banner images and other content
+ through rewriting the relevant URLs in the document's HTML
+ source, so they don't get requested in the first place.
+ Note that this is a totally different technique, and it's
+ easy to confuse the two.
+ </p>
+ </dd>
+ <dt>
+ Example usage (section):
+ </dt>
+ <dd>
+ <p>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
+{+block{No nasty stuff for you.}}
+# Block and replace with "blocked" page
+ .nasty-stuff.example.com
+
+{+block{Doubleclick banners.} +handle-as-image}
+# Block and replace with image
+ .ad.doubleclick.net
+ .ads.r.us/banners/
+
+{+block{Layered ads.} +handle-as-empty-document}
+# Block and then ignore
+ adserver.example.net/.*\.js$
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3">
+ <a name="CHANGE-X-FORWARDED-FOR">8.5.3.
+ change-x-forwarded-for</a>
+ </h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>
+ Typical use:
+ </dt>
+ <dd>
+ <p>
+ Improve privacy by not forwarding the source of the request
+ in the HTTP headers.
+ </p>
+ </dd>
+ <dt>
+ Effect:
+ </dt>
+ <dd>
+ <p>
+ Deletes the <span class="QUOTE">"X-Forwarded-For:"</span>
+ HTTP header from the client request, or adds a new one.
+ </p>
+ </dd>
+ <dt>
+ Type:
+ </dt>
+ <dd>
+ <p>
+ Parameterized.
+ </p>
+ </dd>
+ <dt>
+ Parameter:
+ </dt>
+ <dd>
+ <ul>
+ <li>
+ <p>
+ <span class="QUOTE">"block"</span> to delete the
+ header.
+ </p>
+ </li>
+ <li>
+ <p>
+ <span class="QUOTE">"add"</span> to create the header
+ (or append the client's IP address to an already
+ existing one).
+ </p>
+ </li>
+ </ul>
+ </dd>
+ <dt>
+ Notes:
+ </dt>
+ <dd>
+ <p>
+ It is safe and recommended to use <tt class=
+ "LITERAL">block</tt>.
+ </p>
+ <p>
+ Forwarding the source address of the request may make sense
+ in some multi-user setups but is also a privacy risk.
+ </p>
+ </dd>
+ <dt>
+ Example usage:
+ </dt>
+ <dd>
+ <p>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
++change-x-forwarded-for{block}
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3">
+ <a name="CLIENT-HEADER-FILTER">8.5.4. client-header-filter</a>
+ </h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>
+ Typical use:
+ </dt>
+ <dd>
+ <p>
+ Rewrite or remove single client headers.
+ </p>
+ </dd>
+ <dt>
+ Effect:
+ </dt>
+ <dd>
+ <p>
+ All client headers to which this action applies are
+ filtered on-the-fly through the specified regular
+ expression based substitutions.
+ </p>
+ </dd>
+ <dt>
+ Type:
+ </dt>
+ <dd>
+ <p>
+ Multi-value.
+ </p>
+ </dd>
+ <dt>
+ Parameter:
+ </dt>
+ <dd>
+ <p>
+ The name of a client-header filter, as defined in one of
+ the <a href="filter-file.html">filter files</a>.
+ </p>
+ </dd>
+ <dt>
+ Notes:
+ </dt>
+ <dd>
+ <p>
+ Client-header filters are applied to each header on its
+ own, not to all at once. This makes it easier to diagnose
+ problems, but on the downside you can't write filters that
+ only change header x if header y's value is z. You can do
+ that by using tags though.
+ </p>
+ <p>
+ Client-header filters are executed after the other header
+ actions have finished and use their output as input.
+ </p>
+ <p>
+ If the request URI gets changed, <span class=
+ "APPLICATION">Privoxy</span> will detect that and use the
+ new one. This can be used to rewrite the request
+ destination behind the client's back, for example to
+ specify a Tor exit relay for certain requests.
+ </p>
+ <p>
+ Please refer to the <a href="filter-file.html">filter file
+ chapter</a> to learn which client-header filters are
+ available by default, and how to create your own.
+ </p>
+ </dd>
+ <dt>
+ Example usage (section):
+ </dt>
+ <dd>
+ <p>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
+# Hide Tor exit notation in Host and Referer Headers
+{+client-header-filter{hide-tor-exit-notation}}
+/
+
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3">
+ <a name="CLIENT-HEADER-TAGGER">8.5.5. client-header-tagger</a>
+ </h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>
+ Typical use:
+ </dt>
+ <dd>
+ <p>
+ Block requests based on their headers.
+ </p>
+ </dd>
+ <dt>
+ Effect:
+ </dt>
+ <dd>
+ <p>
+ Client headers to which this action applies are filtered
+ on-the-fly through the specified regular expression based
+ substitutions, the result is used as tag.
+ </p>
+ </dd>
+ <dt>
+ Type:
+ </dt>
+ <dd>
+ <p>
+ Multi-value.
+ </p>
+ </dd>
+ <dt>
+ Parameter:
+ </dt>
+ <dd>
+ <p>
+ The name of a client-header tagger, as defined in one of
+ the <a href="filter-file.html">filter files</a>.
+ </p>
+ </dd>
+ <dt>
+ Notes:
+ </dt>
+ <dd>
+ <p>
+ Client-header taggers are applied to each header on its
+ own, and as the header isn't modified, each tagger <span
+ class="QUOTE">"sees"</span> the original.
+ </p>
+ <p>
+ Client-header taggers are the first actions that are
+ executed and their tags can be used to control every other
+ action.
+ </p>
+ </dd>
+ <dt>
+ Example usage (section):
+ </dt>
+ <dd>
+ <p>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
+# Tag every request with the User-Agent header
+{+client-header-tagger{user-agent}}
+/
+
+# Tagging itself doesn't change the action
+# settings, sections with TAG patterns do:
+#
+# If it's a download agent, use a different forwarding proxy,
+# show the real User-Agent and make sure resume works.
+{+forward-override{forward-socks5 10.0.0.2:2222 .} \
+ -hide-if-modified-since \
+ -overwrite-last-modified \
+ -hide-user-agent \
+ -filter \
+ -deanimate-gifs \
+}
+TAG:^User-Agent: NetBSD-ftp/
+TAG:^User-Agent: Novell ZYPP Installer
+TAG:^User-Agent: RPM APT-HTTP/
+TAG:^User-Agent: fetch libfetch/
+TAG:^User-Agent: Ubuntu APT-HTTP/
+TAG:^User-Agent: MPlayer/
+
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
+# Tag all requests with the Range header set
+{+client-header-tagger{range-requests}}
+/
+
+# Disable filtering for the tagged requests.
+#
+# With filtering enabled Privoxy would remove the Range headers
+# to be able to filter the whole response. The downside is that
+# it prevents clients from resuming downloads or skipping over
+# parts of multimedia files.
+{-filter -deanimate-gifs}
+TAG:^RANGE-REQUEST$
+
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3">
+ <a name="CONTENT-TYPE-OVERWRITE">8.5.6.
+ content-type-overwrite</a>
+ </h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>
+ Typical use:
+ </dt>
+ <dd>
+ <p>
+ Stop useless download menus from popping up, or change the
+ browser's rendering mode
+ </p>
+ </dd>
+ <dt>
+ Effect:
+ </dt>
+ <dd>
+ <p>
+ Replaces the <span class="QUOTE">"Content-Type:"</span>
+ HTTP server header.
+ </p>
+ </dd>
+ <dt>
+ Type:
+ </dt>
+ <dd>
+ <p>
+ Parameterized.
+ </p>
+ </dd>
+ <dt>
+ Parameter:
+ </dt>
+ <dd>
+ <p>
+ Any string.
+ </p>
+ </dd>
+ <dt>
+ Notes:
+ </dt>
+ <dd>
+ <p>
+ The <span class="QUOTE">"Content-Type:"</span> HTTP server
+ header is used by the browser to decide what to do with the
+ document. The value of this header can cause the browser to
+ open a download menu instead of displaying the document by
+ itself, even if the document's format is supported by the
+ browser.
+ </p>
+ <p>
+ The declared content type can also affect which rendering
+ mode the browser chooses. If XHTML is delivered as <span
+ class="QUOTE">"text/html"</span>, many browsers treat it as
+ yet another broken HTML document. If it is send as <span
+ class="QUOTE">"application/xml"</span>, browsers with XHTML
+ support will only display it, if the syntax is correct.
+ </p>
+ <p>
+ If you see a web site that proudly uses XHTML buttons, but
+ sets <span class="QUOTE">"Content-Type: text/html"</span>,
+ you can use <span class="APPLICATION">Privoxy</span> to
+ overwrite it with <span class=
+ "QUOTE">"application/xml"</span> and validate the web
+ master's claim inside your XHTML-supporting browser. If the
+ syntax is incorrect, the browser will complain loudly.
+ </p>
+ <p>
+ You can also go the opposite direction: if your browser
+ prints error messages instead of rendering a document
+ falsely declared as XHTML, you can overwrite the content
+ type with <span class="QUOTE">"text/html"</span> and have
+ it rendered as broken HTML document.
+ </p>
+ <p>
+ By default <tt class="LITERAL">content-type-overwrite</tt>
+ only replaces <span class="QUOTE">"Content-Type:"</span>
+ headers that look like some kind of text. If you want to
+ overwrite it unconditionally, you have to combine it with
+ <tt class="LITERAL"><a href=
+ "actions-file.html#FORCE-TEXT-MODE">force-text-mode</a></tt>.
+ This limitation exists for a reason, think twice before
+ circumventing it.
+ </p>
+ <p>
+ Most of the time it's easier to replace this action with a
+ custom <tt class="LITERAL"><a href=
+ "actions-file.html#SERVER-HEADER-FILTER">server-header
+ filter</a></tt>. It allows you to activate it for every
+ document of a certain site and it will still only replace
+ the content types you aimed at.
+ </p>
+ <p>
+ Of course you can apply <tt class=
+ "LITERAL">content-type-overwrite</tt> to a whole site and
+ then make URL based exceptions, but it's a lot more work to
+ get the same precision.
+ </p>
+ </dd>
+ <dt>
+ Example usage (sections):
+ </dt>
+ <dd>
+ <p>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
+# Check if www.example.net/ really uses valid XHTML
+{ +content-type-overwrite{application/xml} }
+www.example.net/
+
+# but leave the content type unmodified if the URL looks like a style sheet
+{-content-type-overwrite}
+www.example.net/.*\.css$
+www.example.net/.*style
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3">
+ <a name="CRUNCH-CLIENT-HEADER">8.5.7. crunch-client-header</a>
+ </h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>
+ Typical use:
+ </dt>
+ <dd>
+ <p>
+ Remove a client header <span class=
+ "APPLICATION">Privoxy</span> has no dedicated action for.
+ </p>
+ </dd>
+ <dt>
+ Effect:
+ </dt>
+ <dd>
+ <p>
+ Deletes every header sent by the client that contains the
+ string the user supplied as parameter.
+ </p>
+ </dd>
+ <dt>
+ Type:
+ </dt>
+ <dd>
+ <p>
+ Parameterized.
+ </p>
+ </dd>
+ <dt>
+ Parameter:
+ </dt>
+ <dd>
+ <p>
+ Any string.
+ </p>
+ </dd>
+ <dt>
+ Notes:
+ </dt>
+ <dd>
+ <p>
+ This action allows you to block client headers for which no
+ dedicated <span class="APPLICATION">Privoxy</span> action
+ exists. <span class="APPLICATION">Privoxy</span> will
+ remove every client header that contains the string you
+ supplied as parameter.
+ </p>
+ <p>
+ Regular expressions are <span class="emphasis"><i class=
+ "EMPHASIS">not supported</i></span> and you can't use this
+ action to block different headers in the same request,
+ unless they contain the same string.
+ </p>
+ <p>
+ <tt class="LITERAL">crunch-client-header</tt> is only meant
+ for quick tests. If you have to block several different
+ headers, or only want to modify parts of them, you should
+ use a <tt class="LITERAL"><a href=
+ "actions-file.html#CLIENT-HEADER-FILTER">client-header
+ filter</a></tt>.
+ </p>
+ <div class="WARNING">
+ <table class="WARNING" border="1" width="90%">
+ <tr>
+ <td align="CENTER">
+ <b>Warning</b>
+ </td>
+ </tr>
+ <tr>
+ <td align="LEFT">
+ <p>
+ Don't block any header without understanding the
+ consequences.
+ </p>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </dd>
+ <dt>
+ Example usage (section):
+ </dt>
+ <dd>
+ <p>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
+# Block the non-existent "Privacy-Violation:" client header
+{ +crunch-client-header{Privacy-Violation:} }
+/
+
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3">
+ <a name="CRUNCH-IF-NONE-MATCH">8.5.8. crunch-if-none-match</a>
+ </h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>
+ Typical use:
+ </dt>
+ <dd>
+ <p>
+ Prevent yet another way to track the user's steps between
+ sessions.
+ </p>
+ </dd>
+ <dt>
+ Effect:
+ </dt>
+ <dd>
+ <p>
+ Deletes the <span class="QUOTE">"If-None-Match:"</span>
+ HTTP client header.
+ </p>
+ </dd>
+ <dt>
+ Type:
+ </dt>
+ <dd>
+ <p>
+ Boolean.
+ </p>
+ </dd>
+ <dt>
+ Parameter:
+ </dt>
+ <dd>
+ <p>
+ N/A
+ </p>
+ </dd>
+ <dt>
+ Notes:
+ </dt>
+ <dd>
+ <p>
+ Removing the <span class="QUOTE">"If-None-Match:"</span>
+ HTTP client header is useful for filter testing, where you
+ want to force a real reload instead of getting status code
+ <span class="QUOTE">"304"</span> which would cause the
+ browser to use a cached copy of the page.
+ </p>
+ <p>
+ It is also useful to make sure the header isn't used as a
+ cookie replacement (unlikely but possible).
+ </p>
+ <p>
+ Blocking the <span class="QUOTE">"If-None-Match:"</span>
+ header shouldn't cause any caching problems, as long as the
+ <span class="QUOTE">"If-Modified-Since:"</span> header
+ isn't blocked or missing as well.
+ </p>
+ <p>
+ It is recommended to use this action together with <tt
+ class="LITERAL"><a href=
+ "actions-file.html#HIDE-IF-MODIFIED-SINCE">hide-if-modified-since</a></tt>
+ and <tt class="LITERAL"><a href=
+ "actions-file.html#OVERWRITE-LAST-MODIFIED">overwrite-last-modified</a></tt>.
+ </p>
+ </dd>
+ <dt>
+ Example usage (section):
+ </dt>
+ <dd>
+ <p>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
+# Let the browser revalidate cached documents but don't
+# allow the server to use the revalidation headers for user tracking.
+{+hide-if-modified-since{-60} \
+ +overwrite-last-modified{randomize} \
+ +crunch-if-none-match}
+/
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3">
+ <a name="CRUNCH-INCOMING-COOKIES">8.5.9.
+ crunch-incoming-cookies</a>
+ </h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>
+ Typical use:
+ </dt>
+ <dd>
+ <p>
+ Prevent the web server from setting HTTP cookies on your
+ system
+ </p>
+ </dd>
+ <dt>
+ Effect:
+ </dt>
+ <dd>
+ <p>
+ Deletes any <span class="QUOTE">"Set-Cookie:"</span> HTTP
+ headers from server replies.
+ </p>
+ </dd>
+ <dt>
+ Type:
+ </dt>
+ <dd>
+ <p>
+ Boolean.
+ </p>
+ </dd>
+ <dt>
+ Parameter:
+ </dt>
+ <dd>
+ <p>
+ N/A
+ </p>
+ </dd>
+ <dt>
+ Notes:
+ </dt>
+ <dd>
+ <p>
+ This action is only concerned with <span class=
+ "emphasis"><i class="EMPHASIS">incoming</i></span> HTTP
+ cookies. For <span class="emphasis"><i class=
+ "EMPHASIS">outgoing</i></span> HTTP cookies, use <tt class=
+ "LITERAL"><a href=
+ "actions-file.html#CRUNCH-OUTGOING-COOKIES">crunch-outgoing-cookies</a></tt>.
+ Use <span class="emphasis"><i class=
+ "EMPHASIS">both</i></span> to disable HTTP cookies
+ completely.
+ </p>
+ <p>
+ It makes <span class="emphasis"><i class="EMPHASIS">no
+ sense at all</i></span> to use this action in conjunction
+ with the <tt class="LITERAL"><a href=
+ "actions-file.html#SESSION-COOKIES-ONLY">session-cookies-only</a></tt>
+ action, since it would prevent the session cookies from
+ being set. See also <tt class="LITERAL"><a href=
+ "actions-file.html#FILTER-CONTENT-COOKIES">filter-content-cookies</a></tt>.
+ </p>
+ </dd>
+ <dt>
+ Example usage:
+ </dt>
+ <dd>
+ <p>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
++crunch-incoming-cookies
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3">
+ <a name="CRUNCH-SERVER-HEADER">8.5.10. crunch-server-header</a>
+ </h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>
+ Typical use:
+ </dt>
+ <dd>
+ <p>
+ Remove a server header <span class=
+ "APPLICATION">Privoxy</span> has no dedicated action for.
+ </p>
+ </dd>
+ <dt>
+ Effect:
+ </dt>
+ <dd>
+ <p>
+ Deletes every header sent by the server that contains the
+ string the user supplied as parameter.
+ </p>
+ </dd>
+ <dt>
+ Type:
+ </dt>
+ <dd>
+ <p>
+ Parameterized.
+ </p>
+ </dd>
+ <dt>
+ Parameter:
+ </dt>
+ <dd>
+ <p>
+ Any string.
+ </p>
+ </dd>
+ <dt>
+ Notes:
+ </dt>
+ <dd>
+ <p>
+ This action allows you to block server headers for which no
+ dedicated <span class="APPLICATION">Privoxy</span> action
+ exists. <span class="APPLICATION">Privoxy</span> will
+ remove every server header that contains the string you
+ supplied as parameter.
+ </p>
+ <p>
+ Regular expressions are <span class="emphasis"><i class=
+ "EMPHASIS">not supported</i></span> and you can't use this
+ action to block different headers in the same request,
+ unless they contain the same string.
+ </p>
+ <p>
+ <tt class="LITERAL">crunch-server-header</tt> is only meant
+ for quick tests. If you have to block several different
+ headers, or only want to modify parts of them, you should
+ use a custom <tt class="LITERAL"><a href=
+ "actions-file.html#SERVER-HEADER-FILTER">server-header
+ filter</a></tt>.
+ </p>
+ <div class="WARNING">
+ <table class="WARNING" border="1" width="90%">
+ <tr>
+ <td align="CENTER">
+ <b>Warning</b>
+ </td>
+ </tr>
+ <tr>
+ <td align="LEFT">
+ <p>
+ Don't block any header without understanding the
+ consequences.
+ </p>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </dd>
+ <dt>
+ Example usage (section):
+ </dt>
+ <dd>
+ <p>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
+# Crunch server headers that try to prevent caching
+{ +crunch-server-header{no-cache} }
+/
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3">
+ <a name="CRUNCH-OUTGOING-COOKIES">8.5.11.
+ crunch-outgoing-cookies</a>
+ </h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>
+ Typical use:
+ </dt>
+ <dd>
+ <p>
+ Prevent the web server from reading any HTTP cookies from
+ your system
+ </p>
+ </dd>
+ <dt>
+ Effect:
+ </dt>
+ <dd>
+ <p>
+ Deletes any <span class="QUOTE">"Cookie:"</span> HTTP
+ headers from client requests.
+ </p>
+ </dd>
+ <dt>
+ Type:
+ </dt>
+ <dd>
+ <p>
+ Boolean.
+ </p>
+ </dd>
+ <dt>
+ Parameter:
+ </dt>
+ <dd>
+ <p>
+ N/A
+ </p>
+ </dd>
+ <dt>
+ Notes:
+ </dt>
+ <dd>
+ <p>
+ This action is only concerned with <span class=
+ "emphasis"><i class="EMPHASIS">outgoing</i></span> HTTP
+ cookies. For <span class="emphasis"><i class=
+ "EMPHASIS">incoming</i></span> HTTP cookies, use <tt class=
+ "LITERAL"><a href=
+ "actions-file.html#CRUNCH-INCOMING-COOKIES">crunch-incoming-cookies</a></tt>.
+ Use <span class="emphasis"><i class=
+ "EMPHASIS">both</i></span> to disable HTTP cookies
+ completely.
+ </p>
+ <p>
+ It makes <span class="emphasis"><i class="EMPHASIS">no
+ sense at all</i></span> to use this action in conjunction
+ with the <tt class="LITERAL"><a href=
+ "actions-file.html#SESSION-COOKIES-ONLY">session-cookies-only</a></tt>
+ action, since it would prevent the session cookies from
+ being read.
+ </p>
+ </dd>
+ <dt>
+ Example usage:
+ </dt>
+ <dd>
+ <p>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
++crunch-outgoing-cookies
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3">
+ <a name="DEANIMATE-GIFS">8.5.12. deanimate-gifs</a>
+ </h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>
+ Typical use:
+ </dt>
+ <dd>
+ <p>
+ Stop those annoying, distracting animated GIF images.
+ </p>
+ </dd>
+ <dt>
+ Effect:
+ </dt>
+ <dd>
+ <p>
+ De-animate GIF animations, i.e. reduce them to their first
+ or last image.
+ </p>
+ </dd>
+ <dt>
+ Type:
+ </dt>
+ <dd>
+ <p>
+ Parameterized.
+ </p>
+ </dd>
+ <dt>
+ Parameter:
+ </dt>
+ <dd>
+ <p>
+ <span class="QUOTE">"last"</span> or <span class=
+ "QUOTE">"first"</span>
+ </p>
+ </dd>
+ <dt>
+ Notes:
+ </dt>
+ <dd>
+ <p>
+ This will also shrink the images considerably (in bytes,
+ not pixels!). If the option <span class=
+ "QUOTE">"first"</span> is given, the first frame of the
+ animation is used as the replacement. If <span class=
+ "QUOTE">"last"</span> is given, the last frame of the
+ animation is used instead, which probably makes more sense
+ for most banner animations, but also has the risk of not
+ showing the entire last frame (if it is only a delta to an
+ earlier frame).
+ </p>
+ <p>
+ You can safely use this action with patterns that will also
+ match non-GIF objects, because no attempt will be made at
+ anything that doesn't look like a GIF.
+ </p>
+ </dd>
+ <dt>
+ Example usage:
+ </dt>
+ <dd>
+ <p>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
++deanimate-gifs{last}
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3">
+ <a name="DOWNGRADE-HTTP-VERSION">8.5.13.
+ downgrade-http-version</a>
+ </h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>
+ Typical use:
+ </dt>
+ <dd>
+ <p>
+ Work around (very rare) problems with HTTP/1.1
+ </p>
+ </dd>
+ <dt>
+ Effect:
+ </dt>
+ <dd>
+ <p>
+ Downgrades HTTP/1.1 client requests and server replies to
+ HTTP/1.0.
+ </p>
+ </dd>
+ <dt>
+ Type:
+ </dt>
+ <dd>
+ <p>
+ Boolean.
+ </p>
+ </dd>
+ <dt>
+ Parameter:
+ </dt>
+ <dd>
+ <p>
+ N/A
+ </p>
+ </dd>
+ <dt>
+ Notes:
+ </dt>
+ <dd>
+ <p>
+ This is a left-over from the time when <span class=
+ "APPLICATION">Privoxy</span> didn't support important
+ HTTP/1.1 features well. It is left here for the unlikely
+ case that you experience HTTP/1.1-related problems with
+ some server out there.
+ </p>
+ <p>
+ Note that enabling this action is only a workaround. It
+ should not be enabled for sites that work without it. While
+ it shouldn't break any pages, it has an (usually negative)
+ performance impact.
+ </p>
+ <p>
+ If you come across a site where enabling this action helps,
+ please report it, so the cause of the problem can be
+ analyzed. If the problem turns out to be caused by a bug in
+ <span class="APPLICATION">Privoxy</span> it should be fixed
+ so the following release works without the work around.
+ </p>
+ </dd>
+ <dt>
+ Example usage (section):
+ </dt>
+ <dd>
+ <p>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
+{+downgrade-http-version}
+problem-host.example.com
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3">
+ <a name="EXTERNAL-FILTER">8.5.14. external-filter</a>
+ </h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>
+ Typical use:
+ </dt>
+ <dd>
+ <p>
+ Modify content using a programming language of your choice.
+ </p>
+ </dd>
+ <dt>
+ Effect:
+ </dt>
+ <dd>
+ <p>
+ All instances of text-based type, most notably HTML and
+ JavaScript, to which this action applies, can be filtered
+ on-the-fly through the specified external filter. By
+ default plain text documents are exempted from filtering,
+ because web servers often use the <tt class=
+ "LITERAL">text/plain</tt> MIME type for all files whose
+ type they don't know.)
+ </p>
+ </dd>
+ <dt>
+ Type:
+ </dt>
+ <dd>
+ <p>
+ Multi-value.
+ </p>
+ </dd>
+ <dt>
+ Parameter:
+ </dt>
+ <dd>
+ <p>
+ The name of an external content filter, as defined in the
+ <a href="filter-file.html">filter file</a>. External
+ filters can be defined in one or more files as defined by
+ the <tt class="LITERAL"><a href=
+ "config.html#FILTERFILE">filterfile</a></tt> option in the
+ <a href="config.html">config file</a>.
+ </p>
+ <p>
+ When used in its negative form, and without parameters,
+ <span class="emphasis"><i class="EMPHASIS">all</i></span>
+ filtering with external filters is completely disabled.
+ </p>
+ </dd>
+ <dt>
+ Notes:
+ </dt>
+ <dd>
+ <p>
+ External filters are scripts or programs that can modify
+ the content in case common <tt class="LITERAL"><a href=
+ "actions-file.html#FILTER">filters</a></tt> aren't powerful
+ enough. With the exception that this action doesn't use
+ pcrs-based filters, the notes in the <tt class="LITERAL"><a
+ href="actions-file.html#FILTER">filter</a></tt> section
+ apply.
+ </p>
+ <div class="WARNING">
+ <table class="WARNING" border="1" width="90%">
+ <tr>
+ <td align="CENTER">
+ <b>Warning</b>
+ </td>
+ </tr>
+ <tr>
+ <td align="LEFT">
+ <p>
+ Currently external filters are executed with <span
+ class="APPLICATION">Privoxy</span>'s privileges.
+ Only use external filters you understand and trust.
+ </p>
+ </td>
+ </tr>
+ </table>
+ </div>
+ <p>
+ This feature is experimental, the <tt class="LITERAL"><a
+ href=
+ "filter-file.html#EXTERNAL-FILTER-SYNTAX">syntax</a></tt>
+ may change in the future.
+ </p>
+ </dd>
+ <dt>
+ Example usage:
+ </dt>
+ <dd>
+ <p>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
++external-filter{fancy-filter}
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3">
+ <a name="FAST-REDIRECTS">8.5.15. fast-redirects</a>
+ </h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>
+ Typical use:
+ </dt>
+ <dd>
+ <p>
+ Fool some click-tracking scripts and speed up indirect
+ links.
+ </p>
+ </dd>
+ <dt>
+ Effect:
+ </dt>
+ <dd>
+ <p>
+ Detects redirection URLs and redirects the browser without
+ contacting the redirection server first.
+ </p>
+ </dd>
+ <dt>
+ Type:
+ </dt>
+ <dd>
+ <p>
+ Parameterized.
+ </p>
+ </dd>
+ <dt>
+ Parameter:
+ </dt>
+ <dd>
+ <ul>
+ <li>
+ <p>
+ <span class="QUOTE">"simple-check"</span> to just
+ search for the string <span class=
+ "QUOTE">"http://"</span> to detect redirection URLs.
+ </p>
+ </li>
+ <li>
+ <p>
+ <span class="QUOTE">"check-decoded-url"</span> to
+ decode URLs (if necessary) before searching for
+ redirection URLs.
+ </p>
+ </li>
+ </ul>
+ </dd>
+ <dt>
+ Notes:
+ </dt>
+ <dd>
+ <p>
+ Many sites, like yahoo.com, don't just link to other sites.
+ Instead, they will link to some script on their own
+ servers, giving the destination as a parameter, which will
+ then redirect you to the final target. URLs resulting from
+ this scheme typically look like: <span class=
+ "QUOTE">"http://www.example.org/click-tracker.cgi?target=http%3a//www.example.net/"</span>.
+ </p>
+ <p>
+ Sometimes, there are even multiple consecutive redirects
+ encoded in the URL. These redirections via scripts make
+ your web browsing more traceable, since the server from
+ which you follow such a link can see where you go to. Apart
+ from that, valuable bandwidth and time is wasted, while
+ your browser asks the server for one redirect after the
+ other. Plus, it feeds the advertisers.
+ </p>
+ <p>
+ This feature is currently not very smart and is scheduled
+ for improvement. If it is enabled by default, you will have
+ to create some exceptions to this action. It can lead to
+ failures in several ways:
+ </p>
+ <p>
+ Not every URLs with other URLs as parameters is evil. Some
+ sites offer a real service that requires this information
+ to work. For example a validation service needs to know,
+ which document to validate. <tt class=
+ "LITERAL">fast-redirects</tt> assumes that every URL
+ parameter that looks like another URL is a redirection
+ target, and will always redirect to the last one. Most of
+ the time the assumption is correct, but if it isn't, the
+ user gets redirected anyway.
+ </p>
+ <p>
+ Another failure occurs if the URL contains other parameters
+ after the URL parameter. The URL: <span class=
+ "QUOTE">"http://www.example.org/?redirect=http%3a//www.example.net/&foo=bar"</span>.
+ contains the redirection URL <span class=
+ "QUOTE">"http://www.example.net/"</span>, followed by
+ another parameter. <tt class="LITERAL">fast-redirects</tt>
+ doesn't know that and will cause a redirect to <span class=
+ "QUOTE">"http://www.example.net/&foo=bar"</span>.
+ Depending on the target server configuration, the parameter
+ will be silently ignored or lead to a <span class=
+ "QUOTE">"page not found"</span> error. You can prevent this
+ problem by first using the <tt class="LITERAL"><a href=
+ "actions-file.html#REDIRECT">redirect</a></tt> action to
+ remove the last part of the URL, but it requires a little
+ effort.
+ </p>
+ <p>
+ To detect a redirection URL, <tt class=
+ "LITERAL">fast-redirects</tt> only looks for the string
+ <span class="QUOTE">"http://"</span>, either in plain text
+ (invalid but often used) or encoded as <span class=
+ "QUOTE">"http%3a//"</span>. Some sites use their own URL
+ encoding scheme, encrypt the address of the target server
+ or replace it with a database id. In theses cases <tt
+ class="LITERAL">fast-redirects</tt> is fooled and the
+ request reaches the redirection server where it probably
+ gets logged.
+ </p>
+ </dd>
+ <dt>
+ Example usage:
+ </dt>
+ <dd>
+ <p>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
+ { +fast-redirects{simple-check} }
+ one.example.com
+
+ { +fast-redirects{check-decoded-url} }
+ another.example.com/testing
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3">
+ <a name="FILTER">8.5.16. filter</a>
+ </h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>
+ Typical use:
+ </dt>
+ <dd>
+ <p>
+ Get rid of HTML and JavaScript annoyances, banner
+ advertisements (by size), do fun text replacements, add
+ personalized effects, etc.
+ </p>
+ </dd>
+ <dt>
+ Effect:
+ </dt>
+ <dd>
+ <p>
+ All instances of text-based type, most notably HTML and
+ JavaScript, to which this action applies, can be filtered
+ on-the-fly through the specified regular expression based
+ substitutions. (Note: as of version 3.0.3 plain text
+ documents are exempted from filtering, because web servers
+ often use the <tt class="LITERAL">text/plain</tt> MIME type
+ for all files whose type they don't know.)
+ </p>
+ </dd>
+ <dt>
+ Type:
+ </dt>
+ <dd>
+ <p>
+ Multi-value.
+ </p>
+ </dd>
+ <dt>
+ Parameter:
+ </dt>
+ <dd>
+ <p>
+ The name of a content filter, as defined in the <a href=
+ "filter-file.html">filter file</a>. Filters can be defined
+ in one or more files as defined by the <tt class=
+ "LITERAL"><a href=
+ "config.html#FILTERFILE">filterfile</a></tt> option in the
+ <a href="config.html">config file</a>. <tt class=
+ "FILENAME">default.filter</tt> is the collection of filters
+ supplied by the developers. Locally defined filters should
+ go in their own file, such as <tt class=
+ "FILENAME">user.filter</tt>.
+ </p>
+ <p>
+ When used in its negative form, and without parameters,
+ <span class="emphasis"><i class="EMPHASIS">all</i></span>
+ filtering is completely disabled.
+ </p>
+ </dd>
+ <dt>
+ Notes:
+ </dt>
+ <dd>
+ <p>
+ For your convenience, there are a number of pre-defined
+ filters available in the distribution filter file that you
+ can use. See the examples below for a list.
+ </p>
+ <p>
+ Filtering requires buffering the page content, which may
+ appear to slow down page rendering since nothing is
+ displayed until all content has passed the filters. (The
+ total time until the page is completely rendered doesn't
+ change much, but it may be perceived as slower since the
+ page is not incrementally displayed.) This effect will be
+ more noticeable on slower connections.
+ </p>
+ <p>
+ <span class="QUOTE">"Rolling your own"</span> filters
+ requires a knowledge of <a href=
+ "http://en.wikipedia.org/wiki/Regular_expressions" target=
+ "_top"><span class="QUOTE">"Regular Expressions"</span></a>
+ and <a href="http://en.wikipedia.org/wiki/Html" target=
+ "_top"><span class="QUOTE">"HTML"</span></a>. This is very
+ powerful feature, and potentially very intrusive. Filters
+ should be used with caution, and where an equivalent <span
+ class="QUOTE">"action"</span> is not available.
+ </p>
+ <p>
+ The amount of data that can be filtered is limited to the
+ <tt class="LITERAL"><a href=
+ "config.html#BUFFER-LIMIT">buffer-limit</a></tt> option in
+ the main <a href="config.html">config file</a>. The default
+ is 4096 KB (4 Megs). Once this limit is exceeded, the
+ buffered data, and all pending data, is passed through
+ unfiltered.
+ </p>
+ <p>
+ Inappropriate MIME types, such as zipped files, are not
+ filtered at all. (Again, only text-based types except plain
+ text). Encrypted SSL data (from HTTPS servers) cannot be
+ filtered either, since this would violate the integrity of
+ the secure transaction. In some situations it might be
+ necessary to protect certain text, like source code, from
+ filtering by defining appropriate <tt class=
+ "LITERAL">-filter</tt> exceptions.
+ </p>
+ <p>
+ Compressed content can't be filtered either, but if <span
+ class="APPLICATION">Privoxy</span> is compiled with zlib
+ support and a supported compression algorithm is used (gzip
+ or deflate), <span class="APPLICATION">Privoxy</span> can
+ first decompress the content and then filter it.
+ </p>
+ <p>
+ If you use a <span class="APPLICATION">Privoxy</span>
+ version without zlib support, but want filtering to work on
+ as much documents as possible, even those that would
+ normally be sent compressed, you must use the <tt class=
+ "LITERAL"><a href=
+ "actions-file.html#PREVENT-COMPRESSION">prevent-compression</a></tt>
+ action in conjunction with <tt class="LITERAL">filter</tt>.
+ </p>
+ <p>
+ Content filtering can achieve some of the same effects as
+ the <tt class="LITERAL"><a href=
+ "actions-file.html#BLOCK">block</a></tt> action, i.e. it
+ can be used to block ads and banners. But the mechanism
+ works quite differently. One effective use, is to block ad
+ banners based on their size (see below), since many of
+ these seem to be somewhat standardized.
+ </p>
+ <p>
+ <a href="contact.html">Feedback</a> with suggestions for
+ new or improved filters is particularly welcome!
+ </p>
+ <p>
+ The below list has only the names and a one-line
+ description of each predefined filter. There are <a href=
+ "filter-file.html#PREDEFINED-FILTERS">more verbose
+ explanations</a> of what these filters do in the <a href=
+ "filter-file.html">filter file chapter</a>.
+ </p>
+ </dd>
+ <dt>
+ Example usage (with filters from the distribution <tt class=
+ "FILENAME">default.filter</tt> file). See <a href=
+ "filter-file.html#PREDEFINED-FILTERS">the Predefined Filters
+ section</a> for more explanation on each:
+ </dt>
+ <dd>
+ <p>
+ <a name="FILTER-JS-ANNOYANCES"></a>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
++filter{js-annoyances} # Get rid of particularly annoying JavaScript abuse.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p>
+ <a name="FILTER-JS-EVENTS"></a>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
++filter{js-events} # Kill JavaScript event bindings and timers (Radically destructive! Only for extra nasty sites).
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p>
+ <a name="FILTER-HTML-ANNOYANCES"></a>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
++filter{html-annoyances} # Get rid of particularly annoying HTML abuse.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p>
+ <a name="FILTER-CONTENT-COOKIES"></a>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
++filter{content-cookies} # Kill cookies that come in the HTML or JS content.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p>
+ <a name="FILTER-REFRESH-TAGS"></a>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
++filter{refresh-tags} # Kill automatic refresh tags if refresh time is larger than 9 seconds.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p>
+ <a name="FILTER-UNSOLICITED-POPUPS"></a>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
++filter{unsolicited-popups} # Disable only unsolicited pop-up windows.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p>
+ <a name="FILTER-ALL-POPUPS"></a>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
++filter{all-popups} # Kill all popups in JavaScript and HTML.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p>
+ <a name="FILTER-IMG-REORDER"></a>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
++filter{img-reorder} # Reorder attributes in <img> tags to make the banners-by-* filters more effective.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p>
+ <a name="FILTER-BANNERS-BY-SIZE"></a>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
++filter{banners-by-size} # Kill banners by size.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p>
+ <a name="FILTER-BANNERS-BY-LINK"></a>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
++filter{banners-by-link} # Kill banners by their links to known clicktrackers.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p>
+ <a name="FILTER-WEBBUGS"></a>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
++filter{webbugs} # Squish WebBugs (1x1 invisible GIFs used for user tracking).
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p>
+ <a name="FILTER-TINY-TEXTFORMS"></a>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
++filter{tiny-textforms} # Extend those tiny textareas up to 40x80 and kill the hard wrap.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p>
+ <a name="FILTER-JUMPING-WINDOWS"></a>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
++filter{jumping-windows} # Prevent windows from resizing and moving themselves.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p>
+ <a name="FILTER-FRAMESET-BORDERS"></a>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
++filter{frameset-borders} # Give frames a border and make them resizable.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p>
+ <a name="FILTER-IFRAMES"></a>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
++filter{iframes} # Removes all detected iframes. Should only be enabled for individual sites.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p>
+ <a name="FILTER-DEMORONIZER"></a>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
++filter{demoronizer} # Fix MS's non-standard use of standard charsets.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p>
+ <a name="FILTER-SHOCKWAVE-FLASH"></a>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
++filter{shockwave-flash} # Kill embedded Shockwave Flash objects.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p>
+ <a name="FILTER-QUICKTIME-KIOSKMODE"></a>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
++filter{quicktime-kioskmode} # Make Quicktime movies saveable.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p>
+ <a name="FILTER-FUN"></a>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
++filter{fun} # Text replacements for subversive browsing fun!
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p>
+ <a name="FILTER-CRUDE-PARENTAL"></a>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
++filter{crude-parental} # Crude parental filtering. Note that this filter doesn't work reliably.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p>
+ <a name="FILTER-IE-EXPLOITS"></a>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
++filter{ie-exploits} # Disable some known Internet Explorer bug exploits.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p>
+ <a name="FILTER-SITE-SPECIFICS"></a>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
++filter{site-specifics} # Cure for site-specific problems. Don't apply generally!
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p>
+ <a name="FILTER-NO-PING"></a>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
++filter{no-ping} # Removes non-standard ping attributes in <a> and <area> tags.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p>
+ <a name="FILTER-GOOGLE"></a>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
++filter{google} # CSS-based block for Google text ads. Also removes a width limitation and the toolbar advertisement.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p>
+ <a name="FILTER-YAHOO"></a>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
++filter{yahoo} # CSS-based block for Yahoo text ads. Also removes a width limitation.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p>
+ <a name="FILTER-MSN"></a>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
++filter{msn} # CSS-based block for MSN text ads. Also removes tracking URLs and a width limitation.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p>
+ <a name="FILTER-BLOGSPOT"></a>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
++filter{blogspot} # Cleans up some Blogspot blogs. Read the fine print before using this.
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3">
+ <a name="FORCE-TEXT-MODE">8.5.17. force-text-mode</a>
+ </h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>
+ Typical use:
+ </dt>
+ <dd>
+ <p>
+ Force <span class="APPLICATION">Privoxy</span> to treat a
+ document as if it was in some kind of <span class=
+ "emphasis"><i class="EMPHASIS">text</i></span> format.
+ </p>
+ </dd>
+ <dt>
+ Effect:
+ </dt>
+ <dd>
+ <p>
+ Declares a document as text, even if the <span class=
+ "QUOTE">"Content-Type:"</span> isn't detected as such.
+ </p>
+ </dd>
+ <dt>
+ Type:
+ </dt>
+ <dd>
+ <p>
+ Boolean.
+ </p>
+ </dd>
+ <dt>
+ Parameter:
+ </dt>
+ <dd>
+ <p>
+ N/A
+ </p>
+ </dd>
+ <dt>
+ Notes:
+ </dt>
+ <dd>
+ <p>
+ As explained <tt class="LITERAL"><a href=
+ "actions-file.html#FILTER">above</a></tt>, <span class=
+ "APPLICATION">Privoxy</span> tries to only filter files
+ that are in some kind of text format. The same restrictions
+ apply to <tt class="LITERAL"><a href=
+ "actions-file.html#CONTENT-TYPE-OVERWRITE">content-type-overwrite</a></tt>.
+ <tt class="LITERAL">force-text-mode</tt> declares a
+ document as text, without looking at the <span class=
+ "QUOTE">"Content-Type:"</span> first.
+ </p>
+ <div class="WARNING">
+ <table class="WARNING" border="1" width="90%">
+ <tr>
+ <td align="CENTER">
+ <b>Warning</b>
+ </td>
+ </tr>
+ <tr>
+ <td align="LEFT">
+ <p>
+ Think twice before activating this action.
+ Filtering binary data with regular expressions can
+ cause file damage.
+ </p>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </dd>
+ <dt>
+ Example usage:
+ </dt>
+ <dd>
+ <p>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
++force-text-mode
+
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3">
+ <a name="FORWARD-OVERRIDE">8.5.18. forward-override</a>
+ </h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>
+ Typical use:
+ </dt>
+ <dd>
+ <p>
+ Change the forwarding settings based on User-Agent or
+ request origin
+ </p>
+ </dd>
+ <dt>
+ Effect:
+ </dt>
+ <dd>
+ <p>
+ Overrules the forward directives in the configuration file.
+ </p>
+ </dd>
+ <dt>
+ Type:
+ </dt>
+ <dd>
+ <p>
+ Parameterized.
+ </p>
+ </dd>
+ <dt>
+ Parameter:
+ </dt>
+ <dd>
+ <ul>
+ <li>
+ <p>
+ <span class="QUOTE">"forward ."</span> to use a direct
+ connection without any additional proxies.
+ </p>
+ </li>
+ <li>
+ <p>
+ <span class="QUOTE">"forward 127.0.0.1:8123"</span> to
+ use the HTTP proxy listening at 127.0.0.1 port 8123.
+ </p>
+ </li>
+ <li>
+ <p>
+ <span class="QUOTE">"forward-socks4a 127.0.0.1:9050
+ ."</span> to use the socks4a proxy listening at
+ 127.0.0.1 port 9050. Replace <span class=
+ "QUOTE">"forward-socks4a"</span> with <span class=
+ "QUOTE">"forward-socks4"</span> to use a socks4
+ connection (with local DNS resolution) instead, use
+ <span class="QUOTE">"forward-socks5"</span> for socks5
+ connections (with remote DNS resolution).
+ </p>
+ </li>
+ <li>
+ <p>
+ <span class="QUOTE">"forward-socks4a 127.0.0.1:9050
+ proxy.example.org:8000"</span> to use the socks4a proxy
+ listening at 127.0.0.1 port 9050 to reach the HTTP
+ proxy listening at proxy.example.org port 8000. Replace
+ <span class="QUOTE">"forward-socks4a"</span> with <span
+ class="QUOTE">"forward-socks4"</span> to use a socks4
+ connection (with local DNS resolution) instead, use
+ <span class="QUOTE">"forward-socks5"</span> for socks5
+ connections (with remote DNS resolution).
+ </p>
+ </li>
+ <li>
+ <p>
+ <span class="QUOTE">"forward-webserver
+ 127.0.0.1:80"</span> to use the HTTP server listening
+ at 127.0.0.1 port 80 without adjusting the request
+ headers.
+ </p>
+ <p>
+ This makes it more convenient to use Privoxy to make
+ existing websites available as onion services as well.
+ </p>
+ <p>
+ Many websites serve content with hardcoded URLs and
+ can't be easily adjusted to change the domain based on
+ the one used by the client.
+ </p>
+ <p>
+ Putting Privoxy between Tor and the webserver (or an
+ stunnel that forwards to the webserver) allows to
+ rewrite headers and content to make client and server
+ happy at the same time.
+ </p>
+ <p>
+ Using Privoxy for webservers that are only reachable
+ through onion addresses and whose location is supposed
+ to be secret is not recommended and should not be
+ necessary anyway.
+ </p>
+ </li>
+ </ul>
+ </dd>
+ <dt>
+ Notes:
+ </dt>
+ <dd>
+ <p>
+ This action takes parameters similar to the <a href=
+ "config.html#FORWARDING">forward</a> directives in the
+ configuration file, but without the URL pattern. It can be
+ used as replacement, but normally it's only used in cases
+ where matching based on the request URL isn't sufficient.
+ </p>
+ <div class="WARNING">
+ <table class="WARNING" border="1" width="90%">
+ <tr>
+ <td align="CENTER">
+ <b>Warning</b>
+ </td>
+ </tr>
+ <tr>
+ <td align="LEFT">
+ <p>
+ Please read the description for the <a href=
+ "config.html#FORWARDING">forward</a> directives
+ before using this action. Forwarding to the wrong
+ people will reduce your privacy and increase the
+ chances of man-in-the-middle attacks.
+ </p>
+ <p>
+ If the ports are missing or invalid, default values
+ will be used. This might change in the future and
+ you shouldn't rely on it. Otherwise incorrect
+ syntax causes Privoxy to exit. Due to design
+ limitations, invalid parameter syntax isn't
+ detected until the action is used the first time.
+ </p>
+ <p>
+ Use the <a href=
+ "http://config.privoxy.org/show-url-info" target=
+ "_top">show-url-info CGI page</a> to verify that
+ your forward settings do what you thought the do.
+ </p>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </dd>
+ <dt>
+ Example usage:
+ </dt>
+ <dd>
+ <p>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
+# Use an ssh tunnel for requests previously tagged as
+# <span class="QUOTE">"User-Agent: fetch libfetch/2.0"</span> and make sure
+# resuming downloads continues to work.
+#
+# This way you can continue to use Tor for your normal browsing,
+# without overloading the Tor network with your FreeBSD ports updates
+# or downloads of bigger files like ISOs.
+#
+# Note that HTTP headers are easy to fake and therefore their
+# values are as (un)trustworthy as your clients and users.
+{+forward-override{forward-socks5 10.0.0.2:2222 .} \
+ -hide-if-modified-since \
+ -overwrite-last-modified \
+}
+TAG:^User-Agent: fetch libfetch/2\.0$
+
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3">
+ <a name="HANDLE-AS-EMPTY-DOCUMENT">8.5.19.
+ handle-as-empty-document</a>
+ </h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>
+ Typical use:
+ </dt>
+ <dd>
+ <p>
+ Mark URLs that should be replaced by empty documents <span
+ class="emphasis"><i class="EMPHASIS">if they get
+ blocked</i></span>
+ </p>
+ </dd>
+ <dt>
+ Effect:
+ </dt>
+ <dd>
+ <p>
+ This action alone doesn't do anything noticeable. It just
+ marks URLs. If the <tt class="LITERAL"><a href=
+ "actions-file.html#BLOCK">block</a></tt> action <span
+ class="emphasis"><i class="EMPHASIS">also
+ applies</i></span>, the presence or absence of this mark
+ decides whether an HTML <span class=
+ "QUOTE">"BLOCKED"</span> page, or an empty document will be
+ sent to the client as a substitute for the blocked content.
+ The <span class="emphasis"><i class=
+ "EMPHASIS">empty</i></span> document isn't literally empty,
+ but actually contains a single space.
+ </p>
+ </dd>
+ <dt>
+ Type:
+ </dt>
+ <dd>
+ <p>
+ Boolean.
+ </p>
+ </dd>
+ <dt>
+ Parameter:
+ </dt>
+ <dd>
+ <p>
+ N/A
+ </p>
+ </dd>
+ <dt>
+ Notes:
+ </dt>
+ <dd>
+ <p>
+ Some browsers complain about syntax errors if JavaScript
+ documents are blocked with <span class=
+ "APPLICATION">Privoxy's</span> default HTML page; this
+ option can be used to silence them. And of course this
+ action can also be used to eliminate the <span class=
+ "APPLICATION">Privoxy</span> BLOCKED message in frames.
+ </p>
+ <p>
+ The content type for the empty document can be specified
+ with <tt class="LITERAL"><a href=
+ "actions-file.html#CONTENT-TYPE-OVERWRITE">content-type-overwrite{}</a></tt>,
+ but usually this isn't necessary.
+ </p>
+ </dd>
+ <dt>
+ Example usage:
+ </dt>
+ <dd>
+ <p>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
+# Block all documents on example.org that end with ".js",
+# but send an empty document instead of the usual HTML message.
+{+block{Blocked JavaScript} +handle-as-empty-document}
+example.org/.*\.js$
+
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3">
+ <a name="HANDLE-AS-IMAGE">8.5.20. handle-as-image</a>
+ </h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>
+ Typical use:
+ </dt>
+ <dd>
+ <p>
+ Mark URLs as belonging to images (so they'll be replaced by
+ images <span class="emphasis"><i class="EMPHASIS">if they
+ do get blocked</i></span>, rather than HTML pages)
+ </p>
+ </dd>
+ <dt>
+ Effect:
+ </dt>
+ <dd>
+ <p>
+ This action alone doesn't do anything noticeable. It just
+ marks URLs as images. If the <tt class="LITERAL"><a href=
+ "actions-file.html#BLOCK">block</a></tt> action <span
+ class="emphasis"><i class="EMPHASIS">also
+ applies</i></span>, the presence or absence of this mark
+ decides whether an HTML <span class=
+ "QUOTE">"blocked"</span> page, or a replacement image (as
+ determined by the <tt class="LITERAL"><a href=
+ "actions-file.html#SET-IMAGE-BLOCKER">set-image-blocker</a></tt>
+ action) will be sent to the client as a substitute for the
+ blocked content.
+ </p>
+ </dd>
+ <dt>
+ Type:
+ </dt>
+ <dd>
+ <p>
+ Boolean.
+ </p>
+ </dd>
+ <dt>
+ Parameter:
+ </dt>
+ <dd>
+ <p>
+ N/A
+ </p>
+ </dd>
+ <dt>
+ Notes:
+ </dt>
+ <dd>
+ <p>
+ The below generic example section is actually part of <tt
+ class="FILENAME">default.action</tt>. It marks all URLs
+ with well-known image file name extensions as images and
+ should be left intact.
+ </p>
+ <p>
+ Users will probably only want to use the handle-as-image
+ action in conjunction with <tt class="LITERAL"><a href=
+ "actions-file.html#BLOCK">block</a></tt>, to block sources
+ of banners, whose URLs don't reflect the file type, like in
+ the second example section.
+ </p>
+ <p>
+ Note that you cannot treat HTML pages as images in most
+ cases. For instance, (in-line) ad frames require an HTML
+ page to be sent, or they won't display properly. Forcing
+ <tt class="LITERAL">handle-as-image</tt> in this situation
+ will not replace the ad frame with an image, but lead to
+ error messages.
+ </p>
+ </dd>
+ <dt>
+ Example usage (sections):
+ </dt>
+ <dd>
+ <p>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
+# Generic image extensions: