-to allow SSL transactions to proceed directly.\r
-The cautious would also\r
-add an entry in their blockfile to stop transactions\r
-to port 443 for all but specified trusted sites.\r
-.P\r
-If the winning\r
-\fB\&forward_to\fP\r
-field is\r
-\fC\&.\fP\r
-(the dot character) the proxy connects \r
-directly to the server given in the\r
-\s-2URL\s0,\r
-otherwise it forwards to the host and port number specified.\r
-The default port is 8000.\r
-The\r
-\fC\&via_gateway_type\fP\r
-and\r
-\fC\&gateway\fP\r
-fields also use a dot to indicate no gateway protocol.\r
-The gateway protocols are explained\r
-below.\" ijbman.html#o_g\r
-.P\r
-The example line above in a forwardfile alone\r
-would send everything through port 8000 at\r
-\fC\&lpwa.com\fP\r
-with no gateway protocol,\r
-and is equivalent to the old\r
-\fC\&-f lpwa.com:8000\fP\r
-with no\r
-\fC\&-g\fP\r
-option.\r
-For more information see the example file provided with the distribution.\r
-.P\r
-Configure with care: no loop detection is performed.\r
-When setting up chains of proxies that might loop back, try adding\r
-Squid.\" ijbman.html#squid\r
-.TP\r
-.\" anchor: o_g \r
-\fI-g gw_protocol[:[gw_host][:gw_port]]\fP (Old) \r
-Use\r
-\fI\&gw_protocol\fP\r
-as the gateway protocol.\r
-This option was introduced in Version 1.4,\r
-but was folded into the\r
-forwardfile\" ijbman.html#forwardfile\r
-option in Version 2.0.\r
-The default is to use no gateway protocol;\r
-this may be explicitly specified as\r
-\fB\&direct\fP\r
-on the command line\r
-or the dot character in the forwardfile.\r
-The\r
-\fC\&SOCKS4\fP\r
-protocol may be specified as\r
-\fB\&socks\fP\r
-or\r
-\fB\&socks4\fP.\r
-The\r
-\fC\&SOCKS4A\fP\r
-protocol is specified as\r
-\fB\&socks4a\fP.\r
-The\r
-\fC\&SOCKS5\fP\r
-protocol is not currently supported.\r
-The default\r
-\s-2SOCKS\s0\r
-\fI\&gw_port\fP\r
-is 1080.\r
-.P\r
-The user's browser should\r
-\fInot\fP\r
-be\r
-configured\" ijbfaq.html#socks\r
-to use\r
-\fC\&SOCKS\fP;\r
-the proxy conducts the negotiations, not the browser.\r
-.P\r
-The user identification capabilities of\r
-\fC\&SOCKS4\fP\r
-are deliberately not used;\r
-the user is always identified to the\r
-\fC\&SOCKS\fP\r
-server as\r
-\fC\&userid=anonymous\fP.\r
-If the server's policy is to reject requests from\r
-\fC\&anonymous\fP,\r
-the proxy will not work.\r
-Use a\r
-debug\" ijbman.html#o_d\r
-value of 3\r
-to see the status returned by the server.\r
-.TP\r
-.\" anchor: o_d debug\r
-\fI-d N\fP (Old) debug \fIN\fP (New)\r
-Set debug mode.\r
-The most common value is 1,\r
-to\r
-pinpoint\" ijbfaq.html#pinpoint\r
-offensive\r
-\s-2URL\s0s,\r
-so they can be added to the blockfile.\r
-The value of\r
-\fB\&N\fP\r
-is a bitwise\r
-logical-\s-2OR\s0\r
-of the following values:\r
-.br\r
-.br\r
-\h'-\w"1 = "u'1 = URLs (show each URL requested by the browser);\r
-.br\r
-\h'-\w"2 = "u'2 = Connections (show each connection to or from the proxy);\r
-.br\r
-\h'-\w"4 = "u'4 = I/O (log I/O errors);\r
-.br\r
-\h'-\w"8 = "u'8 = Headers (as each header is scanned, show the header and what is done to it);\r
-.br\r
-\h'-\w"16 = "u'16 = Log everything (including debugging traces and the contents of the pages).\r
-.\" anchor: or\r
-Multiple\r
-\fB\&debug\fP\r
-lines are permitted; they are logical OR-ed together.\r
-.P\r
-Because most browsers send several requests in parallel\r
-the debugging output may appear intermingled, so the\r
-single-threaded\" ijbman.html#single-threaded\r
-option is recommended when using\r
-debug\" ijbman.html#debug\r
-with\r
-\fB\&N\fP\r
-greater than 1.\r
-.TP\r
-.\" anchor: o_y add-forwarded-header\r
-\fI-y\fP (Old) add-forwarded-header \fI\fP (New)\r
-Add \r
-\fB\&X-Forwarded-For\fP\r
-headers to the server-bound \r
-\s-2HTTP\s0\r
-stream\r
-indicating the client \r
-\s-2IP\s0\r
-address\r
-to the server,\" ijbfaq.html#detect\r
-in the new style of\r
-Squid 1.1.4.\" ijbman.html#squid\r
-If you want the traditional\r
-\fC\&HTTP_FORWARDED\fP\r
-response header, add it manually with the\r
--x\" ijbman.html#o_x\r
-option.\r
-.TP\r
-.\" anchor: o_x add-header\r
-\fI-x HeaderText\fP (Old) add-header \fIHeaderText\fP (New)\r
-Add the\r
-\fI\&HeaderText\fP\r
-verbatim to requests to the server.\r
-Typical uses include\r
-adding old-style forwarding notices such as\r
-\fB\&Forwarded: by http://pro-privacy-isp.net\fP\r
-and reinstating the\r
-\fB\&Proxy-Connection: Keep-Alive\fP\r
-header\r
-(which the\r
-\fBjunkbuster\fP\r
-deletes so as\r
-not\" ijbfaq.html#detect\r
-to reveal its existence).\r
-No checking is done for correctness or plausibility,\r
-so it can be used to throw any old trash into the server-bound \r
-\s-2HTTP\s0\r
-stream.\r
-Please don't litter.\r
-.TP\r
-.\" anchor: o_s single-threaded\r
-\fI-s\fP (Old) single-threaded \fI\fP (New)\r
-Doesn't\r
-\fB\&fork()\fP\r
-a separate process\r
-(or create a separate thread)\r
-to handle each connection.\r
-Useful when debugging to keep the process single threaded.\r
-.TP\r
-.\" anchor: o_l logfile\r
-\fI-l logfile\fP (Old) logfile \fIlogfile\fP (New)\r
-Write all debugging data into\r
-\fI\&logfile.\fP\r
-The default\r
-\fI\&logfile\fP\r
-is the standard output.\r
-.TP\r
-.\" anchor: o_acl aclfile\r
-aclfile \fIaclfile\fP (New)\r
-Unless this option is used, the proxy talks to anyone who can connect to it,\r
-and everyone who can has equal permissions on where they can go.\r
-An access file allows restrictions to be placed on these two policies,\r
-by distinguishing some\r
-\fIsource\fP\r
-\s-2IP\s0\r
-addresses and/or\r
-some\r
-\fIdestination\fP\r
-addresses.\r
-(If a\r
-forwarder or a gateway\" ijbman.html#forwardfile\r
-is being used, its address is considered the destination address,\r
-not the ultimate\r
-\s-2IP\s0\r
-address of the\r
-\s-2URL\s0\r
-requested.)\r
-.P\r
-Each line of the access file begins with\r
-either the word\r
-\fB\&permit\fP\r
-or\r
-\fB\&deny\fP\r
-followed by source and (optionally) destination addresses \r
-to be matched against those of the\r
-\s-2HTTP\s0\r
-request.\r
-The last matching line specifies the result: if it was a\r
-\fB\&deny\fP\r
-line or if no line matched,\r
-the request will be refused.\r
-.P\r
-A source or destination\r
-can be specified as a single numeric\r
-\s-2IP\s0\r
-address,\r
-or with a hostname, provided that the host's name\r
-can be resolved to a numeric address: this cannot be used to block all\r
-\fB\&.mil \fP\r
-domains for example,\r
-because there is no single address associated with that domain name.\r
-Either form may be followed by a slash and an integer\r
-\fB\&N\fP,\r
-specifying a subnet mask of\r
-\fB\&N\fP\r
-bits.\r
-For example,\r
-\fB\&permit 207.153.200.72/24\fP\r
-matches the entire Class-C subnet from\r
-207.153.200.0\r
-through 207.153.200.255.\r
-(A netmask of 255.255.255.0 corresponds to 24 bits of\r
-ones in the netmask, as with\r
-\fC\&*_MASKLEN=24\fP.)\r
-A value of 16 would be used for a Class-B subnet.\r
-A value of zero for\r
-\fB\&N\fP\r
-in the subnet mask length will cause any address to match;\r
-this can be used to express a default rule.\r
-For more information see the example file provided with the distribution.\r
-.P\r
-If you like these access controls\r
-you should probably have\r
-firewall;\" ijbfaq.html#firewall\r
-they are not intended to replace one.\r
-.TP\r
-.\" anchor: o_tf trustfile\r
-trustfile \fItrustfile\fP (New)\r
-This feature is experimental, has not been fully documented and is\r
-very subject to change.\r
-The goal is for parents to be able to choose a page or site whose\r
-links they regard suitable for their\r
-young children\" ijbfaq.html#children\r
-and for the proxy to allow access only to sites mentioned there.\r
-To do this the proxy examines the\r
-referer\" ijbman.html#o_r\r
-variable on each page request to check they resulted from\r
-a click on the ``trusted referer'' site: if so the referred site\r
-is added to a list of trusted sites, so that the child can\r
-then move around that site.\r
-There are several uncertainties in this scheme that experience may be\r
-able to iron out; check back in the months ahead.\r
-.TP\r
-.\" anchor: o_ti trust_info_url\r
-trust_info_url \fItrust_info_url\fP (New)\r
-When access is denied due to lack of a trusted referer, this\r
-\s-2URL\s0\r
-is displayed with a message pointing the user to it for further information.\r
-.TP\r
-.\" anchor: o_hc hide-console\r
-hide-console \fI\fP (New)\r
-In the Windows version only, instructs the program\r
-to disconnect from and hide the command console after starting.\r
-.TP\r
-.\" anchor: o_a \r
-\fI-a\fP (Old) \r
-(Obsolete) Accept the server's\r
-\fB\&Set-cookie\fP\r
-headers, passing them through to the browser.\r
-.\" anchor: obsolete\r
-This option was removed in Version 1.2\r
-and replaced by an improvement to the\r
--c\" ijbman.html#o_c\r
-option.\r
-.LE\r
-.SH INSTALLATION AND USE\r
-Browsers must be told where to find the\r
-\fBjunkbuster\fP\r
-(e.g.\r
-\fB\&localhost\fP\r
-port 8000).\r
-To set the \r
-\s-2HTTP\s0\r
-proxy in Netscape 3.0,\r
-go through:\r
-\fB\&Options\fP;\r
-\fB\&Network Preferences\fP;\r
-\fB\&Proxies\fP;\r
-\fB\&Manual Proxy Configuration\fP;\r
-\fB\&View\fP.\r
-See the\r
-\s-2FAQ\s0\r
-for other browsers.\r
-The\r
-Security Proxy\" ijbfaq.html#security\r
-should also be set to the same values,\r
-otherwise\r
-\fB\&shttp:\fP\r
-\s-2URL\s0s\r
-won't work.\r
-.P\r
-Note the limitations\r
-explained in the\r
-\s-2FAQ\s0.\r
-.SH CHECKING OPTIONS\r
-To allow users to\r
-check\" ijbfaq.html#show\r
-that a\r
-\fBjunkbuster\fP\r
-is running and how it is configured,\r
-it intercepts requests for any\r
-\s-2URL\s0\r
-ending in\r
-\fB\&/show-proxy-args\fP\r
-and blocks it,\r
-returning instead returns information on its\r
-version number and\r
-current configuration\r
-including the contents of its blockfile.\r
-To get an explicit warning that no\r
-\fBjunkbuster\fP\r
-intervened if the proxy was not configured,\r
-it's best to point it to a\r
-\s-2URL\s0\r
-that does this, such as\r
-http://internet.junkbuster.com/cgi-bin/show-proxy-args\r
-on Junkbusters's website.\r
-.SH SEE ALSO\r
-http://www.waldherr.org/junkbuster/\" waldherr.org#\r