+++ /dev/null
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">\r
-<!-- $Id$\r
-\r
- See copyright details at end of file\r
-\r
- After changing this file, please run it through "HTML Tidy"\r
- (from http://www.w3.org/People/Raggett/tidy/)\r
- It should have no warnings or errors.\r
--->\r
-\r
-<html>\r
- <head>\r
- <title>Internet Junkbuster Technical Information</title>\r
- <meta name="description" content=\r
- "The manual page for the Internet Junkbuster, free software to removes banner ads, cookies, and other stuff you don't want from your web browser.">\r
- <meta name="keywords" content=\r
- "stop, junk, busters, junkbusters, junkbuster, mail, email, e-mail, direct, spam, privacy, sharing, names, renting, direct, marketing, database, databases, junk mail, lists, environment, consumer, sending, opt out ">\r
-<style type="text/css">\r
-<!--\r
-h2 { text-align: Center; font-family: arial, helvetica, sans-serif }\r
-p.sans { font-family: arial, helvetica, sans-serif }\r
-b.dot { color: #FF0000 }\r
-b.eg { font-family: arial, helvetica, sans-serif }\r
--->\r
-</style>\r
- </head>\r
-\r
- <body bgcolor="#f8f8f0" link="#000078" alink="#ff0022" vlink=\r
- "#787878">\r
- <p class="sans"><a href="http://ijbswa.sourceforge.net/">\r
- Website</a> <b class="dot">·</b> <b>Manual</b> <b class=\r
- "dot">·</b> <a href="ijbfaq.html">FAQ</a> <b class=\r
- "dot">·</b> <a href="gpl.html">GPL</a></p>\r
-\r
- <h1 align="center"><a name="top_of_page"></a>Internet\r
- J<small>UNK<i style="color: #FF0000">BUSTER</i></small>\r
- Technical Information</h1>\r
-\r
- <p align="center" class="sans"><a href="#description">\r
- Options</a> <b class="dot">·</b> <a href="#show">\r
- Checking Options</a> <b class="dot">·</b> <a href=\r
- "#install">Installation</a> <b class="dot">·</b> <a\r
- href="#copyright">Copyright</a> <b class="dot">·</b> <a\r
- href="ijbfaq.html#top_of_page">(FAQ)</a></p>\r
-\r
- <h1>This document is out of date</h1>\r
-\r
- <p><b>Development of JunkBuster is ongoing and this document is\r
- no longer current. However, it may provide some assistance. If\r
- you have problems, please use the <a href=\r
- "http://groups.yahoo.com/group/junkbuster-users/">Yahoo Groups\r
- mailing list</a> (which includes an archive of mail), the\r
- SourceForge.net <a href=\r
- "http://sourceforge.net/projects/ijbswa/">project page</a>, or\r
- see the project's <a href="http://ijbswa.sourceforge.net/">home\r
- page</a>. Please also bear in mind that versions 2.9.x of\r
- JunkBuster are development releases, and are not production\r
- quality.</b></p>\r
-\r
- <h2><a name="man"></a>Manual Page</h2>\r
-\r
- <p>A copy of this page in standard <code>man</code> macro\r
- format is included in the <a href="ijbfaq.html#tar">tar\r
- archive</a>.</p>\r
-\r
- <h3><a name="name"></a><img border="0" src="fb.gif" alt="*"\r
- width="14" height="14"> Name</h3>\r
-\r
- <p><b><code>junkbuster</code></b> - The Internet Junkbuster\r
- Proxy <a href=\r
- "http://www.junkbusters.com/ht/en/legal.html#marks"><small>\r
- <sup>TM</sup></small></a></p>\r
-\r
- <h3><a name="synopsis"></a><img border="0" src="fb.gif" alt="*"\r
- width="14" height="14"> Synopsis</h3>\r
-\r
- <p><code><b>junkbuster</b></code> <i>configfile</i> (Unix)<br>\r
- <b><code>junkbstr.exe</code></b> [<i>configfile</i>]\r
- (Windows)</p>\r
-\r
- <h3><a name="description"></a><img border="0" src="fb.gif" alt=\r
- "*" width="14" height="14"> Description</h3>\r
-\r
- <p><b><code>junkbuster</code></b> is an instrumentable proxy\r
- that filters the HTTP stream between web servers and browsers.\r
- Its main purposes are to block adverts and enhance privacy.</p>\r
-\r
- <p><a name="dual"></a>It is configured using a configuration\r
- file and several files listing URL patterns. The\r
- configuration file must be specified on the command line. \r
- The Windows version will default to using the configuration\r
- file <code>junkbstr.ini</code> if it exists and no argument was\r
- given.</p>\r
-\r
- <p><a name="reread"></a>All files except the main configuration\r
- file are checked for changes before each page is fetched, so\r
- they may edited without restarting the proxy.</p>\r
-\r
- <h4>Options</h4>\r
-\r
- <dl>\r
- <dt><i><a name="o_b"></a></i><a name=\r
- "blockfile"></a><code>blockfile</code> <i>\r
- blockfile</i></dt>\r
-\r
- <dd>\r
- <p><a href="ijbfaq.html#blocking">Block</a> requests to\r
- URLs matching any pattern given in the lines of the <i>\r
- blockfile</i>. The <b><code>junkbuster</code></b> instead\r
- returns status 202, indicating that the request has been\r
- accepted (though not completed), and a <a href=\r
- "ijbfaq.html#show">message identifying itself</a> (though\r
- the browser may display only a broken image icon). \r
- The syntax of a pattern is <code>\r
- [domain][:port][/path]</code> (the <code>http://</code> or\r
- <code>https://</code> protocol part is omitted). To decide\r
- if a pattern matches a target, the domains are compared\r
- first, then the paths.</p>\r
-\r
- <p><a name="compare"></a>To compare the domains, the\r
- pattern domain and the target domain specified in the URL\r
- are each broken into their components. (Components are\r
- separated by the <code>.</code> (period) character.) Next\r
- each of the target components is compared with the\r
- corresponding pattern component: last with last,\r
- next-to-last with next-to-last, and so on. (This is called\r
- <i><dfn>right-anchored</dfn></i> matching.) If all of the\r
- pattern components find their match in the target, then the\r
- domains are considered a match. Case is irrelevant when\r
- comparing domain components.</p>\r
-\r
- <p><a name="substring"></a>A successfully matching pattern\r
- can be an anchored substring of a target, but not vice\r
- versa. Thus if a pattern doesn't specify a domain, it\r
- matches all domains. <a name="wildcard"></a>Furthermore,\r
- when comparing two components, the components must either\r
- match in their entirety or up to a wildcard <code>*</code>\r
- (star character) in the pattern. The wildcard feature\r
- implements only a "prefix" match capability ("abc*" vs.\r
- "abcdefg"), not suffix matching ("*efg" vs. "abcdefg") or\r
- infix matching ("abc*efg" vs. "abcdefg"). The feature is\r
- restricted to the domain component; it is unrelated to the\r
- optional regular expression feature in the path <a href=\r
- "#regex">(described below).</a></p>\r
-\r
- <p><a name="numeric"></a>If a numeric port is specified in\r
- the pattern domain, then the target port must match as\r
- well. The default port in a target is port 80.</p>\r
-\r
- <p><a name="onward"></a>If the domain and port match, then\r
- the target URL path is checked for a match against the path\r
- in the pattern. Paths are compared with a simple\r
- case-sensitive left-anchored substring comparison. Once\r
- again, the pattern can be an anchored substring of the\r
- target, but not vice versa. A path of <code>/</code>\r
- (slash) would match all paths. Wildcards are not considered\r
- in path comparisons.</p>\r
-\r
- <p><a name="example"></a>For example, the target URL<br>\r
- <code>\r
- the.yellow-brick-road.com/TinMan/has_no_brain</code><br>\r
- would be matched (and blocked) by the following\r
- patterns<br>\r
- <code>yellow-brick-road.com</code><br>\r
- and<br>\r
- <code>Yellow*.COM</code><br>\r
- and<br>\r
- <code>/TinM</code><br>\r
- but not<br>\r
- <code>\r
- follow.the.yellow-brick-road.com</code><br>\r
- or<br>\r
- <code>/tinman</code><br>\r
- </p>\r
-\r
- <p><a name="comments"></a>Comments in a blockfile start\r
- with a <code>#</code> (hash) character and end at a new\r
- line. Blank lines are also ignored.</p>\r
-\r
- <p><a name="except"></a>Lines beginning with a <code>\r
- ~</code> (tilde) character are taken to be <a href=\r
- "ijbfaq.html#exceptions">exceptions:</a> a URL blocked by\r
- previous patterns that matches the rest of the line is let\r
- through. (The last match wins.)</p>\r
-\r
- <p><a name="regex"></a>Patterns may contain POSIX <a href=\r
- "ijbfaq.html#regex">regular expressions</a> provided the\r
- <b><code>junkbuster</code></b> was compiled with this\r
- option (the default in Version 2.0 on). The idiom <code>\r
- /*.*/ad</code> can then be used to match any URL containing\r
- <code>/ad</code> (such as <code>\r
- http://nomatterwhere.com/images/advert/g3487.gif</code> for\r
- example). These expressions <a href="#substring">don't\r
- work</a> in the domain part.</p>\r
-\r
- <p><a name="rereads"></a>In version 1.3 and later the\r
- blockfile and cookiefile are checked for changes before\r
- each request.</p>\r
- </dd>\r
-\r
- <dt><i><a name="o_w"></a></i><a name=\r
- "wafer"></a><code>wafer</code> <i>\r
- NAME=VALUE</i></dt>\r
-\r
- <dd>\r
- <p>Specifies a pair to be sent as a cookie with every\r
- request <a href="ijbfaq.html#wafers">to the server.</a>\r
- (Such boring cookies are called <i>wafers</i>.) This option\r
- may be called more than once to generate multiple wafers.\r
- The original Netscape specification prohibited semi-colons,\r
- commas and white space; these characters will be\r
- URL-encoded if used in wafers. \r
- <!-- Aside: genuine cookies are not encoded --> \r
- <!-- Aside: we could use quoted string as specified in the new RFC -->\r
- The Path and Domain attributes are not currently\r
- supported.</p>\r
- </dd>\r
-\r
- <dt><i><a name="o_c"></a></i><a name=\r
- "cookiefile"></a><code>cookiefile</code> <i>\r
- cookiefile</i></dt>\r
-\r
- <dd>\r
- <p>Enforce the cookie management policy specified in the\r
- <i>cookiefile.</i> <a name="java"></a>If this option is not\r
- used all cookies are silently crunched, so that users who\r
- never want cookies aren't bothered by browsers asking\r
- whether each cookie should be accepted. However, cookies\r
- can <a href="ijbfaq.html#breakthrough">still get\r
- through</a> via <a href=\r
- "http://www.junkbusters.com/ht/en/links.html#javascript">\r
- JavaScript</a> and SSL, so alerts should be left on.</p>\r
-\r
- <p><a name="dropping"></a>In Version 1.2 and later this\r
- option must be followed by a <a href="ijbfaq.html#crumble">\r
- filename</a> containing instructions on which sites are\r
- allowed to receive and set cookies. <a name="drop"></a>By\r
- default cookies are dropped in both the browser's request\r
- and the server's response, unless the URL requested matches\r
- an entry in the <i>cookiefile</i>. The matching algorithm\r
- is the same as for the blockfile. A leading <code>\r
- ></code> character allows <a href=\r
- "ijbfaq.html#directional">server-bound</a> cookies only; a\r
- <code><</code> allows only browser-bound cookies; a\r
- <code>~</code> character stops cookies in <a href=\r
- "ijbfaq.html#crumble">both directions.</a> Thus a\r
- cookiefile containing a single line with the two characters\r
- <code>>*</code> will pass on all cookies to servers but\r
- not give any new ones to the browser.</p>\r
- </dd>\r
-\r
- <dt><i><a name="o_j"></a></i><a name=\r
- "jarfile"></a><code>jarfile</code> <i>\r
- jarfile</i></dt>\r
-\r
- <dd>\r
- <p>All Set-cookie attempts by the server are <a href=\r
- "ijbfaq.html#jar">logged</a> to <i>jarfile</i>. If no wafer\r
- is specified, one containing a <a href=\r
- "ijbfaq.html#notice">canned notice</a> (the <i>vanilla\r
- wafer</i>) is added as an alert to the server unless the <a\r
- href="#suppress-vanilla-wafer">suppress-vanilla-wafer</a>\r
- option is invoked.</p>\r
- </dd>\r
-\r
- <dt><i><a name="o_v"></a></i><a name=\r
- "suppress-vanilla-wafer"></a><code>suppress-vanilla-wafer</code></dt>\r
-\r
- <dd>\r
- <p>Suppress the vanilla wafer.</p>\r
- </dd>\r
-\r
- <dt><i><a name="o_t"></a></i><a name=\r
- "from"></a><code>from</code> <i>from</i></dt>\r
-\r
- <dd>\r
- <p>If the browser <a href="ijbfaq.html#from">discloses an\r
- email address</a> in the <code>FROM</code> header (most\r
- don't), replace it with <i>from.</i> If <i>from</i> is set\r
- to <b>.</b> (the period character) the <code>FROM</code> is\r
- passed to the server unchanged. The default is to delete\r
- the <code>FROM</code> header.</p>\r
- </dd>\r
-\r
- <dt><i><a name="o_r"></a></i><a name=\r
- "referer"></a><code>referer</code> <i>\r
- referer</i></dt>\r
-\r
- <dd>\r
- <p>Whenever the browser discloses the URL that <a href=\r
- "ijbfaq.html#referer">led to</a> the current request,\r
- replace it with <i>referer.</i> If <i>referer</i> is set to\r
- <b>.</b> (period) the URL is passed to the server\r
- unchanged. If referer is set to <b>@</b> (at) the URL is\r
- sent in cases where the cookiefile specifies that a cookie\r
- would be sent. (No way to send bogus referers selectively\r
- is provided.) The default is to delete Referer.</p>\r
-\r
- <p><a name="referrer"></a>Junkbuster also accepts the\r
- spelling <code>referrer</code>, which most dictionaries\r
- consider correct.</p>\r
- </dd>\r
-\r
- <dt><i><a name="o_u"></a></i><a name=\r
- "user-agent"></a><code>user-agent</code> <i>\r
- user-agent</i></dt>\r
-\r
- <dd>\r
- <p>Information disclosed by the browser <a href=\r
- "ijbfaq.html#agent">about itself</a> is replaced with the\r
- value <i>user-agent.</i> If <i>user-agent</i> is set to <b>\r
- .</b> (period) the <code>User-Agent</code> header is passed\r
- to the server unchanged, along with any <code>UA</code>\r
- headers produced by MS-IE (which would otherwise be\r
- deleted). If <i>user-agent</i> is set to <b>@</b> (at)\r
- these headers are sent unchanged in cases where the\r
- cookiefile specifies that a cookie would be sent, otherwise\r
- only default <code>User-Agent</code> header is sent. That\r
- default is Mozilla/3.0 (Netscape) with an unremarkable <a\r
- href="ijbfaq.html#infer">Macintosh</a> configuration. If\r
- used with a browser less advanced than Mozilla/3.0 or IE-3,\r
- the default may encourage pages containing extensions that\r
- confuse the browser.</p>\r
- </dd>\r
-\r
- <dt><a name="o_h"></a><a name=\r
- "listen-address"></a><code>listen-address</code> \r
- <i>[host][:port]</i></dt>\r
-\r
- <dd>\r
- <p>If <i>host</i> is specified, bind the <b><code>\r
- junkbuster</code></b> to that IP address. If a <i>port</i>\r
- is specified, use it. The default port is 8000; the default\r
- host is <code>localhost</code>.</p>\r
-\r
- <p>This default host setting means that you can only\r
- connect to the proxy from ther local computer. This is a\r
- security measure - if you allow anyone to use the proxy,\r
- then hackers or fraudsters could use it to help hide their\r
- identity. It also provides a lot of protection against any\r
- undiscovered security flaws in JunkBuster - if they can't\r
- connect to it, then they can't attack it.</p>\r
-\r
- <p>If you change this value, we recommend you <i>either</i>\r
- set the host to <code>localhost</code>:<br>\r
- <code>listen-address\r
- localhost:8080</code><br>\r
- <i>or</i>, if you want to share a single internet\r
- connection over your internal network, then set it to the\r
- address of your internal ethernet card:<br>\r
- <code>listen-address\r
- 10.1.1.1:8080</code><br>\r
- (replace 10.1.1.1 with your internal IP address), <i>\r
- or</i> set up an <i><a href="#aclfile">aclfile</a></i>. To\r
- make the proxy accessible from everywhere (e.g. if you're\r
- using an access control list or if you just don't care\r
- about security), specify just the port number - e.g:<br>\r
- <code>listen-address :8000</code><br>\r
- (This binds the proxy to <b>all</b> IP addresses\r
- (<code>INADDR_ANY</code>)).</p>\r
- </dd>\r
-\r
- <dt><i><a name="o_f"></a></i><a name=\r
- "forwardfile"></a><code>forwardfile</code> <i>\r
- forwardfile</i></dt>\r
-\r
- <dd>\r
- <p>Junkbuster has a flexible syntax for forwarding HTTP\r
- requests. This is used e.g. if you are behind a firewall\r
- and need to connect through it, or if you want to use a\r
- cacheing proxy to speed up your web browsing.</p>\r
-\r
- <p>Every line in the forwardfile consists of four\r
- components, seperated by whitespace. These are:<br>\r
- <br>\r
- <code><i>target forward_to via_gateway_type\r
- gateway</i></code></p>\r
-\r
- <p><i>target</i> is a pattern used to select which line of\r
- the forwardfile is used. "<code>*</code>" is the most\r
- commonly used value, and matches every URL. As usual, the\r
- last matching <i>target</i> wins. (If no pattern matches, a\r
- direct connection will be used)</p>\r
-\r
- <p><i>forward_to</i> specifies the HTTP proxy server to\r
- use, or "<code>.</code>" for none. This is used to connect\r
- to a cacheing proxy such as Squid, and for most types of\r
- firewall. The port number defaults to 8000 if it is not\r
- specified.</p>\r
-\r
- <p>Here is a typical line.</p>\r
-<pre>\r
-* lpwa.com:8000 . .\r
-</pre>\r
-\r
- <p>The target domain need not be a fully qualified\r
- hostname; it can be a general domain such as <code>\r
- com</code> or <code>co.uk</code> or even just a port\r
- number. <a name="nose"></a>For example, because <a href=\r
- "http://lpwa.com">LPWA</a> does not handle <a href=\r
- "ijbfaq.html#encrypt">SSL</a>, the line above will\r
- typically be followed by a line such as</p>\r
-<pre>\r
-:443 . . .\r
-</pre>\r
-\r
- <p>to allow SSL transactions to proceed directly. The\r
- cautious would also add an entry in their blockfile to stop\r
- transactions to port 443 for all but specified trusted\r
- sites.</p>\r
-\r
- <p><a name="loop"></a>Configure with care: no loop\r
- detection is performed. When setting up chains of proxies\r
- that might loop back, try adding <a href="#squid">\r
- Squid.</a></p>\r
-\r
- <p><i>via_gateway_type</i> and <i>gateway</i> are used to\r
- support SOCKS proxies. Some firewalls provide this type of\r
- proxy. If you do not not want to use a SOCKS proxy, specify\r
- both of these fields as "<code>.</code>".</p>\r
-\r
- <p><a name="configure"></a><a name="identify"></a>Note that\r
- JunkBuster is a SOCKS <b>client</b>, <b>not</b> a SOCKS <b>\r
- server</b>. The user's browser should <b>not</b> be <a\r
- href="ijbfaq.html#socks">configured</a> to use <code>\r
- SOCKS</code>; the proxy conducts the negotiations, not the\r
- browser.</p>\r
-\r
- <p>The <code>SOCKS4</code> protocol may be specified by\r
- setting <i>via_gateway_type</i> to <code>socks</code> or\r
- <code>socks4</code>. The <code>SOCKS4A</code> protocol is\r
- specified as <code>socks4a</code>. The <code>SOCKS5</code>\r
- protocol is not currently supported.</p>\r
-\r
- <p><i>gateway</i> should be the host and port of the SOCKS\r
- server. If you just specify a hostname, then the port\r
- number defaults to 1080.</p>\r
-\r
- <p>The user identification capabilities of <code>\r
- SOCKS4</code> are deliberately not used; the user is always\r
- identified to the <code>SOCKS</code> server as <code>\r
- userid=anonymous</code>. If the server's policy is to\r
- reject requests from <code>anonymous</code>, the proxy will\r
- not work. Use a <a href="#o_d">debug</a> value of 3 to see\r
- the status returned by the server.</p>\r
-\r
- <p>If you specify both a HTTP proxy (with <i>\r
- forward_to</i>) and a SOCKS proxy (with <i>gateway</i>)\r
- then the SOCKS proxy is used to connect to the HTTP proxy.\r
- If you just specify a SOCKS proxy, it is used to connect\r
- directly to the websites.</p>\r
- </dd>\r
-\r
- <dt><i><a name="o_d"></a></i><a name=\r
- "debug"></a><code>debug</code> <i>N</i></dt>\r
-\r
- <dd>\r
- <p>Set debug mode. The most common value is 1, to <a href=\r
- "ijbfaq.html#pinpoint">pinpoint</a> offensive URLs, so they\r
- can be added to the blockfile. The value of <b>N</b> is a\r
- bitwise logical-OR of the following values:<br>\r
- 1 = URLs (show each URL requested by the browser);<br>\r
- 2 = Connections (show each connection to or from the\r
- proxy);<br>\r
- 4 = I/O (log I/O errors);<br>\r
- 8 = Headers (as each header is scanned, show the header\r
- and what is done to it);<br>\r
- 16 = Log everything (including debugging traces and the\r
- contents of the pages).<br>\r
- 32 = Record accesses in Common Log Format, as used by most\r
- web and proxy servers.</p>\r
-\r
- <p><a name="or"></a>Multiple <code>debug</code> lines are\r
- permitted; they are logical OR-ed together.</p>\r
-\r
- <p><a name="single"></a>Because most browsers send several\r
- requests in parallel the debugging output may appear\r
- intermingled, so the <a href="#single-threaded">\r
- single-threaded</a> option is recommended when using <a\r
- href="#debug">debug</a> with <b>N</b> greater than 1. \r
- <!-- Aside: Yes, it's clumsy, but it's easy to parse. --></p>\r
- </dd>\r
-\r
- <dt><i><a name="o_y"></a></i><a name=\r
- "add-forwarded-header"></a><code>add-forwarded-header</code></dt>\r
-\r
- <dd>\r
- <p>Add <code>X-Forwarded-For</code> headers to the\r
- server-bound HTTP stream indicating the client IP address\r
- <a href="ijbfaq.html#detect">to the server,</a> in the new\r
- style of <a href="#squid">Squid 1.1.4.</a> If you want the\r
- traditional <code>HTTP_FORWARDED</code> response header,\r
- add it manually with the <a href="#o_x">-x</a> option. This\r
- also allows other <code>X-Forwarded-For</code> headers to\r
- be transmitted - usually they are discarded.</p>\r
- </dd>\r
-\r
- <dt><i><a name="o_x"></a></i><a name=\r
- "add-header"></a><code>add-header</code> <i>\r
- HeaderText</i></dt>\r
-\r
- <dd>\r
- <p>Add the <i>HeaderText</i> verbatim to requests to the\r
- server. Typical uses include adding old-style forwarding\r
- notices such as <code>Forwarded: by\r
- http://pro-privacy-isp.net</code> and reinstating the\r
- <code>Proxy-Connection: Keep-Alive</code> header (which the\r
- <b><code>junkbuster</code></b> deletes so as <a href=\r
- "ijbfaq.html#detect">not</a> to reveal its existence). No\r
- checking is done for correctness or plausibility, so it can\r
- be used to throw any old trash into the server-bound HTTP\r
- stream. Please don't litter. \r
- <!-- Aside: this represents "more than enough rope" --></p>\r
- </dd>\r
-\r
- <dt><i><a name="o_s"></a></i><a name=\r
- "single-threaded"></a><code>single-threaded</code></dt>\r
-\r
- <dd>\r
- <p>Doesn't <code>fork()</code> a separate process (or\r
- create a separate thread) to handle each connection. Useful\r
- when debugging to keep the process single threaded.</p>\r
- </dd>\r
-\r
- <dt><i><a name="o_l"></a></i><a name=\r
- "logfile"></a><code>logfile</code> <i>\r
- logfile</i></dt>\r
-\r
- <dd>\r
- <p>Write all debugging data into <i>logfile.</i> The\r
- default <i>logfile</i> is the standard output.</p>\r
- </dd>\r
-\r
- <dt><br>\r
- <a name="aclfile"></a><code>aclfile</code> <i>\r
- aclfile</i></dt>\r
-\r
- <dd>\r
- <p>Unless this option is used, the proxy talks to anyone\r
- who can connect to it, and everyone who can has equal\r
- permissions on where they can go. An access file allows\r
- restrictions to be placed on these two policies, by\r
- distinguishing some <i><dfn>source</dfn></i> IP addresses\r
- and/or some <i><dfn>destination</dfn></i> addresses. (If a\r
- <a href="#forwardfile">forwarder or a gateway</a> is being\r
- used, its address is considered the destination address,\r
- not the ultimate IP address of the URL requested.)</p>\r
-\r
- <p><a name="permit"></a>Each line of the access file begins\r
- with either the word <code>permit</code> or <code>\r
- deny</code> followed by source and (optionally) destination\r
- addresses to be matched against those of the HTTP request.\r
- The last matching line specifies the result: if it was a\r
- <code>deny</code> line or if no line matched, the request\r
- will be refused.</p>\r
-\r
- <p><a name="various"></a>A source or destination can be\r
- specified as a single numeric IP address, or with a\r
- hostname, provided that the host's name can be resolved to\r
- a numeric address: this cannot be used to block all <code>\r
- .mil</code> domains for example, because there is no single\r
- address associated with that domain name. Either form may\r
- be followed by a slash and an integer <code>N</code>,\r
- specifying a subnet mask of <code>N</code> bits. For\r
- example, <code>permit 207.153.200.72/24</code> matches the\r
- entire Class-C subnet from 207.153.200.0 through\r
- 207.153.200.255. (A netmask of 255.255.255.0 corresponds to\r
- 24 bits of ones in the netmask, as with <code>\r
- *_MASKLEN=24</code>.) A value of 16 would be used for a\r
- Class-B subnet. A value of zero for <code>N</code> in the\r
- subnet mask length will cause any address to match; this\r
- can be used to express a default rule. For more information\r
- see the example file provided with the distribution.</p>\r
-\r
- <p><a name="false"></a>If you like these access controls\r
- you should probably have <a href="ijbfaq.html#firewall">\r
- firewall</a>; they are not intended to replace one.</p>\r
- </dd>\r
-\r
- <dt><br>\r
- <a name="trustfile"></a><code>trustfile</code> \r
- <i>trustfile</i></dt>\r
-\r
- <dd>\r
- <p>This feature is experimental, has not been fully\r
- documented and is very subject to change. The goal is for\r
- parents to be able to choose a page or site whose links\r
- they regard suitable for their <a href=\r
- "ijbfaq.html#children">young children</a> and for the proxy\r
- to allow access only to sites mentioned there. To do this\r
- the proxy examines the <a href="#o_r">referer</a> variable\r
- on each page request to check they resulted from a click on\r
- the ``trusted referer'' site: if so the referred site is\r
- added to a list of trusted sites, so that the child can\r
- then move around that site. There are several uncertainties\r
- in this scheme that experience may be able to iron out;\r
- check back in the months ahead.</p>\r
- </dd>\r
-\r
- <dt><br>\r
- <a name="trust_info_url">\r
- </a><code>trust_info_url</code> <i>\r
- trust_info_url</i></dt>\r
-\r
- <dd>\r
- <p>When access is denied due to lack of a trusted referer,\r
- this URL is displayed with a message pointing the user to\r
- it for further information.</p>\r
- </dd>\r
-\r
- <dt><br>\r
- <a name="hide-console"></a><code>hide-console</code></dt>\r
-\r
- <dd>\r
- <p>In the Windows command-line version only, instructs the\r
- program to disconnect from and hide the command console\r
- after starting.</p>\r
- </dd>\r
- </dl>\r
-\r
- <h3><a name="install"></a><img border="0" src="fb.gif" alt="*"\r
- width="14" height="14"> Installation and Use</h3>\r
-\r
- <p>Browsers must be told where to find the <b><code>\r
- junkbuster</code></b> (e.g. <code>localhost</code> port 8000).\r
- To set the HTTP proxy in Netscape 3.0, go through: <b class=\r
- "eg">Options</b>; <b class="eg">Network Preferences</b>; <b\r
- class="eg">Proxies</b>; <b class="eg">Manual Proxy\r
- Configuration</b>; <b class="eg">View</b>. See the <a href=\r
- "ijbfaq.html">FAQ</a> for other browsers. The <a href=\r
- "ijbfaq.html#security">Security Proxy</a> should also be set to\r
- the same values, otherwise <code>shttp:</code> URLs won't\r
- work.</p>\r
-\r
- <p><a name="limitations"></a>Note the limitations explained in\r
- the <a href="ijbfaq.html">FAQ</a>.</p>\r
-\r
- <h3><a name="show"></a><img border="0" src="fb.gif" alt="*"\r
- width="14" height="14"> Checking Options</h3>\r
-\r
- <p>To allow users to <a href="ijbfaq.html#show">check</a> that\r
- a <b><code>junkbuster</code></b> is running and how it is\r
- configured, it intercepts requests for any URL ending in <code>\r
- /show-proxy-args</code> and blocks it, returning instead\r
- returns information on its version number and current\r
- configuration including the contents of its blockfile. To get\r
- an explicit warning that no <b><code>junkbuster</code></b>\r
- intervened if the proxy was not configured, it's best to point\r
- it to a URL that does this, such as <a href=\r
- "http://internet.junkbuster.com/cgi-bin/show-proxy-args">\r
- http://internet.junkbuster.com/cgi-bin/show-proxy-args</a> on\r
- Junkbusters's website.</p>\r
-\r
- <h3><a name="also"></a><img border="0" src="fb.gif" alt="*"\r
- width="14" height="14"> See Also</h3>\r
-\r
- <p><a href="ijbfaq.html">\r
- http://www.junkbusters.com/ht/en/ijbfaq.html</a><br>\r
- <a href="http://www.junkbusters.com/ht/en/cookies.html">\r
- http://www.junkbusters.com/ht/en/cookies.html</a><br>\r
- <a href=\r
- "http://internet.junkbuster.com/cgi-bin/show-proxy-args">\r
- http://internet.junkbuster.com/cgi-bin/show-proxy-args</a><br>\r
- <a name="kristol"></a><a href=\r
- "http://www.cis.ohio-state.edu/htbin/rfc/rfc2109.html">http://www.cis.ohio-state.edu/htbin/rfc/rfc2109.html</a><br>\r
-\r
- <a name="squid"></a><a href=\r
- "http://squid.nlanr.net/Squid/">http://squid.nlanr.net/Squid/</a><br>\r
-\r
- <a href="http://www-math.uni-paderborn.de/~axel/">\r
- http://www-math.uni-paderborn.de/~axel/</a></p>\r
-\r
- <h3><a name="copyright"></a><img border="0" src="fb.gif" alt=\r
- "*" width="14" height="14"> Copyright and GPL</h3>\r
-\r
- <p>Written and copyright by the Anonymous Coders and\r
- Junkbusters Corporation and made available under the <a href=\r
- "gpl.html">GNU General Public License (GPL).</a> This software\r
- comes with <a href="gpl.html#nowarr">NO WARRANTY.</a> Internet\r
- Junkbuster Proxy is a <a href=\r
- "http://www.junkbusters.com/ht/en/legal.html#marks">\r
- trademark</a> of Junkbusters Corporation.</p>\r
-\r
- <p align="center"><a href="#top_of_page"><img border="0" src=\r
- "top.gif" alt="--- Back to Top of Page ---" width="250" height=\r
- "15"></a></p>\r
-\r
- <p class="sans"><a href="http://ijbswa.sourceforge.net/">\r
- Website</a> <b class="dot">·</b> <b>Manual</b> <b class=\r
- "dot">·</b> <a href="ijbfaq.html">FAQ</a> <b class=\r
- "dot">·</b> <a href="gpl.html">GPL</a></p>\r
-\r
- <p class="sans"><small><small><a href="gpl.html#text">\r
- Copyright</a> © 1996-8 <a href=\r
- "http://www.junkbusters.com/">Junkbusters</a> <a href=\r
- "http://www.junkbusters.com/ht/en/legal.html#marks">®</a>\r
- Corporation. <a href="gpl.html#text">Copyright</a> © 2001\r
- <a href="http://sourceforge.net/projects/ijbswa/">Jon\r
- Foster</a>. Copying and distribution permitted under the <a\r
- href="gpl.html">GNU</a> General Public\r
- License.</small></small></p>\r
-\r
- <p><small><code><a href=\r
- "http://sourceforge.net/projects/ijbswa/">\r
- http://sourceforge.net/projects/ijbswa/</a></code></small></p>\r
- </body>\r
-</html>\r
-\r