-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">\r
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">\r
+<!-- $Id$\r
+\r
+ See copyright details at end of file\r
+\r
+ After changing this file, please run it through "HTML Tidy"\r
+ (from http://www.w3.org/People/Raggett/tidy/)\r
+ It should have no warnings or errors.\r
+-->\r
+\r
<html>\r
-<head>\r
-<!-- Copyright 1996-8 Junkbusters Corporation -->\r
-<!-- This work comes with NO WARRANTY -->\r
-<!-- It may be redistributed and modified under the GNU GPL-->\r
-<!-- See the body of http://www.junkbusters.com/ht/en/gpl.html for details-->\r
-<!-- Junkbusters is a registered trade mark of Junkbusters Corporation -->\r
-<!-- Generated 1998/10/31 03:58:25 UTC -->\r
-<meta name="Generator" content="Junkbusters Ebira $Revision: 1.1 $ $Date: 2001/04/16 21:10:38 $">\r
-<!-- Document ID: $Revision: 1.1 $ $Date: 2001/04/16 21:10:38 $ -->\r
-<title>\r
-Internet Junkbuster Technical Information\r
-</title>\r
-<base href="http://www.junkbusters.com/ht/en/ijbman.html">\r
-<meta name="description" content="The manual page for the Internet Junkbuster, free software to removes banner ads, cookies, and other stuff you don't want from your web browser.">\r
-<meta name="keywords" content="stop, junk, busters, junkbusters, junkbuster, mail, email, e-mail, direct, spam, spamoff, declare, telemarketing, telemarketers, privacy, sharing, names, renting, direct, marketing, database, databases, junk mail, lists, environment, conservation, recycling, catalogs, consumer, sending, opt out ">\r
-<link rel="next" href="cookies.html">\r
-<link rel="previous" href="ijbfaq.html">\r
-<link rel="contents" href="toc.html">\r
-</head>\r
-<body bgcolor="#f8f8f0" link="#000078" alink="#ff0022" vlink="#787878">\r
-<center>\r
-<h1><a name="top_of_page">Internet J<small>UNK<i><font color=red>BUSTER</font></i></small> Technical Information\r
-</a></h1>\r
-</center>\r
-<font face="arial, helvetica">\r
-<p align="center">\r
-<a href="#description">Options</a>\r
-<font color="#ff0000">\r
-<b> · </b></font><a href="#show">Checking Options</a>\r
-<font color="#ff0000">\r
-<b> · </b></font><a href="#install">Installation</a>\r
-<font color="#ff0000">\r
-<b> · </b></font><a href="#copyright">Copyright</a>\r
-<font color="#ff0000">\r
-<b> · </b></font><a href="ijbfaq.html#top_of_page">(FAQ)</a>\r
-</p>\r
-</font><br>\r
-<center>\r
-<h2><a name="man"><font face="arial, helvetica">\r
-Manual Page\r
-</font></a>\r
-</h2>\r
-</center>\r
-<br>A copy of this page\r
-in standard\r
-<big><kbd>man</kbd></big>\r
-macro format\r
-is included in the\r
-<a href="ijbfaq.html#tar">tar archive</a>.\r
-\r
-<h3><a name="name" href="/cgi-bin/gp?pg=ijbman&pr=name"><img border=0 width=14 height=14 src="/images/fb.gif" alt="<Feedback>"></a> \r
-Name\r
-</h3>\r
-<p>\r
-<b><kbd>junkbuster</kbd></b>\r
-- The\r
-Internet Junkbuster\r
-Proxy\r
-<a href="legal.html#marks"><small><sup>TM</sup></small></a>\r
-</p>\r
-\r
-<h3><a name="synopsis" href="/cgi-bin/gp?pg=ijbman&pr=synopsis"><img border=0 width=14 height=14 src="/images/fb.gif" alt="<Feedback>"></a> \r
-Synopsis\r
-</h3>\r
-<p>\r
-<b><kbd>junkbuster</kbd></b>\r
-<i>configfile</i>\r
-(Version 2.0 onwards)\r
-<br>\r
-<b><kbd>junkbstr.exe</kbd></b>\r
-<i>configfile</i>\r
-(Windows)\r
-<br>\r
-<b><kbd>junkbuster</kbd></b>\r
-<a href="#o_a">[-a]</a>\r
-<a href="#o_y">[-y]</a>\r
-<a href="#o_s">[-s]</a>\r
-<a href="#o_c">[-c]</a>\r
-<a href="#o_v">[-v]</a>\r
-<br>\r
-<a href="#o_u">[-u user_agent]</a>\r
-<a href="#o_r">[-r referer]</a>\r
-<a href="#o_t">[-t from]</a>\r
-<br>\r
-<a href="#o_b">[-b blockfile]</a>\r
-<a href="#o_j">[-j jarfile]</a>\r
-<a href="#o_l">[-l logfile]</a>\r
-<br>\r
-<a href="#o_w">[-w NAME=VALUE]</a>\r
-<a href="#o_x">[-x Header_text]</a>\r
-<br>\r
-<a href="#o_h">[-h [bind_host_address][:bind_port]]</a>\r
-<br>\r
-<a href="#o_f">[-f forward_host[:port]]</a>\r
-<a href="#o_d">[-d N]</a>\r
-<br>\r
-<a href="#o_g">[-g gw_protocol[:[gw_host][:gw_port]]]</a>\r
-<br>\r
-(Version 1.4 and earlier)\r
-</p>\r
-\r
-<h3><a name="description" href="/cgi-bin/gp?pg=ijbman&pr=description"><img border=0 width=14 height=14 src="/images/fb.gif" alt="<Feedback>"></a> \r
-Description\r
-</h3>\r
-<p>\r
-<b><kbd>junkbuster</kbd></b>\r
-is an instrumentable proxy that filters the \r
-<small>HTTP</small>\r
-stream between\r
-web servers and browsers.\r
-Its main purpose is to enhance privacy.\r
-<p>\r
-<a name="dual">Versions before 2.0 used command-line options;</a>\r
-Versions from 2.0 onward use a configuration file.\r
-The following descriptions of the options first give the older\r
-command-line usage, then the new configfile line.\r
-<p>\r
-<a name="won">In Versions 2.0.1 upwards on Windows,</a>\r
-a start-up message is printed and the configuration is read from the file\r
-<big><kbd>junkbstr.ini</kbd></big>\r
-if it exists and no argument was given.\r
-<p>\r
-<a name="reread">All files except the configfile</a>\r
-are checked for changes before each page is fetched,\r
-so they may edited without restarting the proxy.\r
-<h4>Options\r
-</h4>\r
-<dl><p><dt><i><a name="o_b">-b blockfile</a></i><br><a name="blockfile"><tt>blockfile</tt>  <i>blockfile</i></a><dd>\r
-<a href="ijbfaq.html#blocking">Block</a>\r
-requests to\r
-<small>URL</small>s\r
-matching any pattern given in the lines of the\r
-<i>blockfile</i>.\r
-The\r
-<b><kbd>junkbuster</kbd></b>\r
-instead returns status 202, indicating that the request has been accepted\r
-(though not completed),\r
-and a\r
-<a href="ijbfaq.html#show">message identifying itself</a>\r
-(though the browser may\r
-display only a broken image icon).\r
-(Versions before 2.0 returned an error 403 (Forbidden).)\r
-The syntax of a pattern is\r
-<big><kbd>[domain][:port][/path]</kbd></big>\r
-(the\r
-<big><kbd>http://</kbd></big>\r
-or\r
-<big><kbd>https://</kbd></big>\r
-protocol part is omitted).\r
-To decide if a pattern matches a target, the domains are compared first,\r
-then the paths. \r
-<p>\r
-<a name="compare">To compare the domains,</a>\r
-the pattern domain and the target\r
-domain specified in the\r
-<small>URL</small>\r
-are each broken into their components.\r
-(Components are separated by the\r
-<big><kbd>.</kbd></big>\r
-(period) character.)\r
-Next each of the target components\r
-is compared with the corresponding pattern component: last with last,\r
-next-to-last with next-to-last, and so on.\r
-(This is called\r
-<i><dfn>right-anchored</dfn></i>\r
-matching.)\r
-If all of the pattern components find their match in the target,\r
-then the domains are considered a match.\r
-Case is irrelevant when comparing domain components.\r
-<p>\r
-<a name="substring">A successfully</a>\r
-matching pattern can be an anchored substring of a target, but\r
-not vice versa.\r
-Thus if a pattern doesn't specify a domain,\r
-it matches all domains.\r
-<a name="wildcard">Furthermore, when comparing two components,</a>\r
-the components must either match in their entirety or up to a wildcard\r
-<big><kbd>* </kbd></big>\r
-(star character) in the pattern. The wildcard feature\r
-implements only a "prefix" match capability ("abc*" vs. "abcdefg"),\r
-not suffix matching ("*efg" vs. "abcdefg") or\r
-infix matching ("abc*efg" vs. "abcdefg").\r
-The feature is restricted to the domain component;\r
-it is unrelated to the optional\r
-regular expression\r
-feature in the path\r
-<a href="ijbman.html#regex">(described below).</a>\r
-<p>\r
-<a name="numeric">If a numeric port</a>\r
-is specified in the pattern domain, then the target port must\r
-match as well. The default port in a target is port 80.\r
-<p>\r
-<a name="onward">If the domain and port match,</a>\r
-then the target\r
-<small>URL</small>\r
-path is checked for\r
-a match against the path in the pattern.\r
-Paths are compared with a simple case-sensitive\r
-left-anchored substring comparison.\r
-Once again, the pattern can be an\r
-anchored substring of the target, but not vice versa.\r
-A path of\r
-<big><kbd>/</kbd></big>\r
-(slash) would match all paths. Wildcards are not considered in\r
-path comparisons.\r
-<p>\r
-<a name="example">For example, the target</a>\r
-<small>URL</small>\r
-<br>\r
-   <big><kbd>the.yellow-brick-road.com/TinMan/has_no_brain</kbd></big>\r
-<br>\r
-would be matched (and blocked) by the following patterns\r
-<br>\r
-   <big><kbd>yellow-brick-road.com</kbd></big>\r
-<br>\r
-and\r
-<br>\r
-   <big><kbd>Yellow*.COM</kbd></big>\r
-<br>\r
-and\r
-<br>\r
-   <big><kbd>/TinM</kbd></big>\r
-<br>\r
-but not\r
-<br>\r
-   <big><kbd>follow.the.yellow-brick-road.com</kbd></big>\r
-<br>\r
-or\r
-<br>\r
-   <big><kbd>/tinman</kbd></big>\r
-<br>\r
-<p>\r
-<a name="comments">Comments in a blockfile start with a</a>\r
-<big><kbd>#</kbd></big>\r
-(hash) character and end at a new line.\r
-Blank lines are also ignored.\r
-<p>\r
-<a name="except">Lines beginning with a</a>\r
-<big><kbd>~</kbd></big>\r
-(tilde) character are taken to be\r
-<a href="ijbfaq.html#exceptions">exceptions:</a>\r
-a\r
-<small>URL</small>\r
-blocked by previous patterns that matches the rest of\r
-the line is let through. (The last match wins.)\r
-<p>\r
-<a name="regex">Patterns</a>\r
-may contain\r
-<small>POSIX</small>\r
-<a href="ijbfaq.html#regex">regular expressions</a>\r
-provided the\r
-<b><kbd>junkbuster</kbd></b>\r
-was compiled with this option\r
-(the default in Version 2.0 on).\r
-The idiom\r
-<big><kbd>/*.*/ad</kbd></big>\r
-can then be used\r
-to match any\r
-<small>URL</small>\r
-containing\r
-<big><kbd>/ad</kbd></big>\r
-(such as\r
-<big><kbd>http://nomatterwhere.com/images/advert/g3487.gif</kbd></big>\r
-for example).\r
-These expressions\r
-<a href="ijbman.html#substring">don't work</a>\r
-in the domain part.\r
-<p>\r
-<a name="rereads">In version 1.3 and later</a>\r
-the blockfile and cookiefile are checked for changes before each request.\r
-<p><dt><i><a name="o_w">-w NAME=VALUE</a></i><br><a name="wafer"><tt>wafer</tt>  <i>NAME=VALUE</i></a><dd>\r
-Specifies a pair to be sent as a cookie with every request\r
-<a href="ijbfaq.html#wafers">to the server.</a>\r
-(Such boring cookies are called\r
-<i>wafers</i>.)\r
-This option may be called more than once to generate multiple wafers.\r
-The original\r
-Netscape specification\r
-prohibited\r
-semi-colons, commas and white space;\r
-these characters will be\r
-<small>URL</small>-encoded\r
-if used in wafers.\r
-<!-- Aside: genuine cookies are not encoded -->\r
-<!-- Aside: we could use quoted string as specified in the new RFC -->\r
-The Path and Domain attributes are not currently supported.\r
-<p><dt><i><a name="o_c">-c cookiefile</a></i><br><a name="cookiefile"><tt>cookiefile</tt>  <i>cookiefile</i></a><dd>\r
-Enforce the cookie management policy specified in the\r
-<i>cookiefile.</i>\r
-<a name="java">If this option is not used all cookies are silently crunched,</a>\r
-so that users who never want cookies aren't bothered by browsers\r
-asking whether each cookie should be accepted.\r
-However, cookies can\r
-<a href="ijbfaq.html#breakthrough">still get through</a>\r
-via\r
-<a href="links.html#javascript">JavaScript</a>\r
-and\r
-<small>SSL</small>,\r
-so alerts should be left on.\r
-<p>\r
-<a name="dropping">In Version 1.2 and later</a>\r
-this option must be followed by a\r
-<a href="ijbfaq.html#crumble">filename</a>\r
-containing instructions on which sites are allowed to\r
-receive and set cookies.\r
-<a name="drop">By default cookies are dropped in both the browser's request</a>\r
-and the server's response, unless the\r
-<small>URL</small>\r
-requested matches an entry in the\r
-<i>cookiefile</i>.\r
-The matching algorithm is the same as for the blockfile.\r
-A leading\r
-<big><kbd>></kbd></big>\r
-character allows\r
-<a href="ijbfaq.html#directional">server-bound</a>\r
-cookies only;\r
-a\r
-<big><kbd><</kbd></big>\r
-allows only browser-bound cookies;\r
-a\r
-<big><kbd>~</kbd></big>\r
-character stops cookies in\r
-<a href="ijbfaq.html#crumble">both directions.</a>\r
-Thus a cookiefile containing a single line with the two characters\r
-<big><kbd>>*</kbd></big>\r
-will pass on all cookies to servers but not give any new ones to the browser.\r
-<p><dt><i><a name="o_j">-j jarfile</a></i><br><a name="jarfile"><tt>jarfile</tt>  <i>jarfile</i></a><dd>\r
-All Set-cookie attempts by the server are\r
-<a href="ijbfaq.html#jar">logged</a>\r
-to\r
-<i>jarfile</i>.\r
-If no wafer is specified,\r
-one containing a\r
-<a href="ijbfaq.html#notice">canned notice</a>\r
-(the \r
-<i>vanilla wafer</i>)\r
-is added as an alert to the server\r
-unless the\r
-<a href="ijbman.html#suppress-vanilla-wafer">suppress-vanilla-wafer</a>\r
-<!-- Aside: (no vanilla~wafer) -->\r
-option is invoked.\r
-<p><dt><i><a name="o_v">-v</a></i><br><a name="suppress-vanilla-wafer"><tt>suppress-vanilla-wafer</tt></a><dd>\r
-Suppress the vanilla wafer.\r
-<p><dt><i><a name="o_t">-t from</a></i><br><a name="from"><tt>from</tt>  <i>from</i></a><dd>\r
-If the browser\r
-<a href="ijbfaq.html#from">discloses an email address</a>\r
-in the\r
-<big><kbd>FROM</kbd></big>\r
-header (most don't),\r
-replace it with\r
-<i>from.</i>\r
-If\r
-<i>from</i>\r
-is set to\r
-<b>.</b>\r
-(the period character)\r
-the\r
-<big><kbd>FROM</kbd></big>\r
-is passed to the server unchanged.\r
-The default is to delete the\r
-<big><kbd>FROM</kbd></big>\r
-header.\r
-<p><dt><i><a name="o_r">-r referer</a></i><br><a name="referer"><tt>referer</tt>  <i>referer</i></a><dd>\r
-Whenever the browser discloses the\r
-<small>URL</small>\r
-that\r
-<a href="ijbfaq.html#referer">led to</a>\r
-the current request,\r
-replace it with\r
-<i>referer.</i>\r
-If\r
-<i>referer</i>\r
-is set to\r
-<b>.</b>\r
-(period)\r
-the \r
-<small>URL</small>\r
-is passed to the server unchanged.\r
-In \r
-Version <a href="ijbdist.html#c4">1.4</a>\r
-and later, if referer is set to \r
-<b>@</b>\r
-(at) the\r
-<small>URL</small>\r
-is sent in cases where the cookiefile\r
-specifies that a cookie would be sent.\r
-(No way to send bogus referers selectively is provided.)\r
-The default is to delete Referer.\r
-<p>\r
-<a name="referrer">Version 2.0 also accepts the spelling</a>\r
-<big><kbd>referrer</kbd></big>,\r
-which most dictionaries consider correct.\r
-<p><dt><i><a name="o_u">-u user-agent</a></i><br><a name="user-agent"><tt>user-agent</tt>  <i>user-agent</i></a><dd>\r
-Information disclosed by the browser\r
-<a href="ijbfaq.html#agent">about itself</a>\r
-is replaced with the value\r
-<i>user-agent.</i>\r
-If\r
-<i>user-agent</i>\r
-is set to\r
-<b>.</b>\r
-(period)\r
-the\r
-<big><kbd>User-Agent</kbd></big>\r
-header is passed to the server unchanged,\r
-along with any\r
-<big><kbd>UA</kbd></big>\r
-headers produced by\r
-<small>MS-IE</small>\r
-(which would otherwise be deleted).\r
-In \r
-Version <a href="ijbdist.html#c4">1.4</a>\r
-and later, if\r
-<i>user-agent</i>\r
-is set to\r
-<b>@</b>\r
-(at) these headers are sent unchanged in cases where the cookiefile\r
-specifies that a cookie would be sent,\r
-otherwise only default\r
-<big><kbd>User-Agent</kbd></big>\r
-header is sent.\r
-That default\r
-is Mozilla/3.0 (Netscape)\r
-with an unremarkable\r
-<a href="ijbfaq.html#infer">Macintosh</a>\r
-configuration.\r
-If used with a browser less advanced than Mozilla/3.0 or IE-3, the default\r
-may encourage pages containing extensions that confuse the browser.\r
-<!-- Aside: Some servers use extensions to everyone anyway. But in that case it's probably ignoring cookies anyway. Some servers attempt to send cookies only to browsers identifying themselves as Mozilla. -->\r
-<p><dt><i><a name="o_h">-h [host][:port]</a></i><br><a name="listen-address"><tt>listen-address</tt>  <i>[host][:port]</i></a><dd>\r
-If\r
-<i>host</i>\r
-is specified,\r
-bind the\r
-<b><kbd>junkbuster</kbd></b>\r
-to that\r
-<small>IP</small>\r
-address.\r
-If a\r
-<i>port</i>\r
-is specified, use it.\r
-The default\r
-port\r
-is 8000;\r
-the default host is\r
-<big><kbd>localhost</kbd></big>.\r
-Before Version 2.0.2,\r
-the default was to bind to all \r
-<small>IP</small>\r
-addresses\r
-(<big><kbd>INADDR_ANY</kbd></big>);\r
-but this has been restricted to\r
-<big><kbd>localhost</kbd></big>\r
-to avoid unintended security breaches.\r
-(To open the proxy to all, use the line\r
-<br>\r
-   <big><kbd>listen-address :8000</kbd></big>\r
-<br>\r
-in the configuration file.)\r
-<p><dt><i><a name="o_f">-f forward_host[:port]</a></i><br><a name="forwardfile"><tt>forwardfile</tt>  <i>forwardfile</i></a><dd>\r
-Version 1.X required all\r
-<small>HTTP</small>\r
-requests from the client to be forwarded to the same destination.\r
-Version 2.0 takes its routing specification from a\r
-<i>forwardfile</i>,\r
-allowing selection of the proxy (a.k.a. forwarding host) and gateway\r
-according to the\r
-<small>URL</small>.\r
-Here is a typical line.\r
-<br>\r
+ <head>\r
+ <title>Internet Junkbuster Technical Information</title>\r
+ <meta name="description" content=\r
+ "The manual page for the Internet Junkbuster, free software to removes banner ads, cookies, and other stuff you don't want from your web browser.">\r
+ <meta name="keywords" content=\r
+ "stop, junk, busters, junkbusters, junkbuster, mail, email, e-mail, direct, spam, privacy, sharing, names, renting, direct, marketing, database, databases, junk mail, lists, environment, consumer, sending, opt out ">\r
+<style type="text/css">\r
+<!--\r
+h2 { text-align: Center; font-family: arial, helvetica, sans-serif }\r
+p.sans { font-family: arial, helvetica, sans-serif }\r
+b.dot { color: #FF0000 }\r
+b.eg { font-family: arial, helvetica, sans-serif }\r
+-->\r
+</style>\r
+ </head>\r
+\r
+ <body bgcolor="#f8f8f0" link="#000078" alink="#ff0022" vlink=\r
+ "#787878">\r
+ <p class="sans"><a href="http://ijbswa.sourceforge.net/">\r
+ Website</a> <b class="dot">·</b> <b>Manual</b> <b class=\r
+ "dot">·</b> <a href="ijbfaq.html">FAQ</a> <b class=\r
+ "dot">·</b> <a href="gpl.html">GPL</a></p>\r
+\r
+ <h1 align="center"><a name="top_of_page"></a>Internet\r
+ J<small>UNK<i style="color: #FF0000">BUSTER</i></small>\r
+ Technical Information</h1>\r
+\r
+ <p align="center" class="sans"><a href="#description">\r
+ Options</a> <b class="dot">·</b> <a href="#show">\r
+ Checking Options</a> <b class="dot">·</b> <a href=\r
+ "#install">Installation</a> <b class="dot">·</b> <a\r
+ href="#copyright">Copyright</a> <b class="dot">·</b> <a\r
+ href="ijbfaq.html#top_of_page">(FAQ)</a></p>\r
+\r
+ <h1>This document is out of date</h1>\r
+\r
+ <p><b>Development of JunkBuster is ongoing and this document is\r
+ no longer current. However, it may provide some assistance. If\r
+ you have problems, please use the <a href=\r
+ "http://groups.yahoo.com/group/junkbuster-users/">Yahoo Groups\r
+ mailing list</a> (which includes an archive of mail), the\r
+ SourceForge.net <a href=\r
+ "http://sourceforge.net/projects/ijbswa/">project page</a>, or\r
+ see the project's <a href="http://ijbswa.sourceforge.net/">home\r
+ page</a>. Please also bear in mind that versions 2.9.x of\r
+ JunkBuster are development releases, and are not production\r
+ quality.</b></p>\r
+\r
+ <h2><a name="man"></a>Manual Page</h2>\r
+\r
+ <p>A copy of this page in standard <code>man</code> macro\r
+ format is included in the <a href="ijbfaq.html#tar">tar\r
+ archive</a>.</p>\r
+\r
+ <h3><a name="name"></a><img border="0" src="fb.gif" alt="*"\r
+ width="14" height="14"> Name</h3>\r
+\r
+ <p><b><code>junkbuster</code></b> - The Internet Junkbuster\r
+ Proxy <a href=\r
+ "http://www.junkbusters.com/ht/en/legal.html#marks"><small>\r
+ <sup>TM</sup></small></a></p>\r
+\r
+ <h3><a name="synopsis"></a><img border="0" src="fb.gif" alt="*"\r
+ width="14" height="14"> Synopsis</h3>\r
+\r
+ <p><code><b>junkbuster</b></code> <i>configfile</i> (Unix)<br>\r
+ <b><code>junkbstr.exe</code></b> [<i>configfile</i>]\r
+ (Windows)</p>\r
+\r
+ <h3><a name="description"></a><img border="0" src="fb.gif" alt=\r
+ "*" width="14" height="14"> Description</h3>\r
+\r
+ <p><b><code>junkbuster</code></b> is an instrumentable proxy\r
+ that filters the HTTP stream between web servers and browsers.\r
+ Its main purposes are to block adverts and enhance privacy.</p>\r
+\r
+ <p><a name="dual"></a>It is configured using a configuration\r
+ file and several files listing URL patterns. The\r
+ configuration file must be specified on the command line. \r
+ The Windows version will default to using the configuration\r
+ file <code>junkbstr.ini</code> if it exists and no argument was\r
+ given.</p>\r
+\r
+ <p><a name="reread"></a>All files except the main configuration\r
+ file are checked for changes before each page is fetched, so\r
+ they may edited without restarting the proxy.</p>\r
+\r
+ <h4>Options</h4>\r
+\r
+ <dl>\r
+ <dt><i><a name="o_b"></a></i><a name=\r
+ "blockfile"></a><code>blockfile</code> <i>\r
+ blockfile</i></dt>\r
+\r
+ <dd>\r
+ <p><a href="ijbfaq.html#blocking">Block</a> requests to\r
+ URLs matching any pattern given in the lines of the <i>\r
+ blockfile</i>. The <b><code>junkbuster</code></b> instead\r
+ returns status 202, indicating that the request has been\r
+ accepted (though not completed), and a <a href=\r
+ "ijbfaq.html#show">message identifying itself</a> (though\r
+ the browser may display only a broken image icon). \r
+ The syntax of a pattern is <code>\r
+ [domain][:port][/path]</code> (the <code>http://</code> or\r
+ <code>https://</code> protocol part is omitted). To decide\r
+ if a pattern matches a target, the domains are compared\r
+ first, then the paths.</p>\r
+\r
+ <p><a name="compare"></a>To compare the domains, the\r
+ pattern domain and the target domain specified in the URL\r
+ are each broken into their components. (Components are\r
+ separated by the <code>.</code> (period) character.) Next\r
+ each of the target components is compared with the\r
+ corresponding pattern component: last with last,\r
+ next-to-last with next-to-last, and so on. (This is called\r
+ <i><dfn>right-anchored</dfn></i> matching.) If all of the\r
+ pattern components find their match in the target, then the\r
+ domains are considered a match. Case is irrelevant when\r
+ comparing domain components.</p>\r
+\r
+ <p><a name="substring"></a>A successfully matching pattern\r
+ can be an anchored substring of a target, but not vice\r
+ versa. Thus if a pattern doesn't specify a domain, it\r
+ matches all domains. <a name="wildcard"></a>Furthermore,\r
+ when comparing two components, the components must either\r
+ match in their entirety or up to a wildcard <code>*</code>\r
+ (star character) in the pattern. The wildcard feature\r
+ implements only a "prefix" match capability ("abc*" vs.\r
+ "abcdefg"), not suffix matching ("*efg" vs. "abcdefg") or\r
+ infix matching ("abc*efg" vs. "abcdefg"). The feature is\r
+ restricted to the domain component; it is unrelated to the\r
+ optional regular expression feature in the path <a href=\r
+ "#regex">(described below).</a></p>\r
+\r
+ <p><a name="numeric"></a>If a numeric port is specified in\r
+ the pattern domain, then the target port must match as\r
+ well. The default port in a target is port 80.</p>\r
+\r
+ <p><a name="onward"></a>If the domain and port match, then\r
+ the target URL path is checked for a match against the path\r
+ in the pattern. Paths are compared with a simple\r
+ case-sensitive left-anchored substring comparison. Once\r
+ again, the pattern can be an anchored substring of the\r
+ target, but not vice versa. A path of <code>/</code>\r
+ (slash) would match all paths. Wildcards are not considered\r
+ in path comparisons.</p>\r
+\r
+ <p><a name="example"></a>For example, the target URL<br>\r
+ <code>\r
+ the.yellow-brick-road.com/TinMan/has_no_brain</code><br>\r
+ would be matched (and blocked) by the following\r
+ patterns<br>\r
+ <code>yellow-brick-road.com</code><br>\r
+ and<br>\r
+ <code>Yellow*.COM</code><br>\r
+ and<br>\r
+ <code>/TinM</code><br>\r
+ but not<br>\r
+ <code>\r
+ follow.the.yellow-brick-road.com</code><br>\r
+ or<br>\r
+ <code>/tinman</code><br>\r
+ </p>\r
+\r
+ <p><a name="comments"></a>Comments in a blockfile start\r
+ with a <code>#</code> (hash) character and end at a new\r
+ line. Blank lines are also ignored.</p>\r
+\r
+ <p><a name="except"></a>Lines beginning with a <code>\r
+ ~</code> (tilde) character are taken to be <a href=\r
+ "ijbfaq.html#exceptions">exceptions:</a> a URL blocked by\r
+ previous patterns that matches the rest of the line is let\r
+ through. (The last match wins.)</p>\r
+\r
+ <p><a name="regex"></a>Patterns may contain POSIX <a href=\r
+ "ijbfaq.html#regex">regular expressions</a> provided the\r
+ <b><code>junkbuster</code></b> was compiled with this\r
+ option (the default in Version 2.0 on). The idiom <code>\r
+ /*.*/ad</code> can then be used to match any URL containing\r
+ <code>/ad</code> (such as <code>\r
+ http://nomatterwhere.com/images/advert/g3487.gif</code> for\r
+ example). These expressions <a href="#substring">don't\r
+ work</a> in the domain part.</p>\r
+\r
+ <p><a name="rereads"></a>In version 1.3 and later the\r
+ blockfile and cookiefile are checked for changes before\r
+ each request.</p>\r
+ </dd>\r
+\r
+ <dt><i><a name="o_w"></a></i><a name=\r
+ "wafer"></a><code>wafer</code> <i>\r
+ NAME=VALUE</i></dt>\r
+\r
+ <dd>\r
+ <p>Specifies a pair to be sent as a cookie with every\r
+ request <a href="ijbfaq.html#wafers">to the server.</a>\r
+ (Such boring cookies are called <i>wafers</i>.) This option\r
+ may be called more than once to generate multiple wafers.\r
+ The original Netscape specification prohibited semi-colons,\r
+ commas and white space; these characters will be\r
+ URL-encoded if used in wafers. \r
+ <!-- Aside: genuine cookies are not encoded --> \r
+ <!-- Aside: we could use quoted string as specified in the new RFC -->\r
+ The Path and Domain attributes are not currently\r
+ supported.</p>\r
+ </dd>\r
+\r
+ <dt><i><a name="o_c"></a></i><a name=\r
+ "cookiefile"></a><code>cookiefile</code> <i>\r
+ cookiefile</i></dt>\r
+\r
+ <dd>\r
+ <p>Enforce the cookie management policy specified in the\r
+ <i>cookiefile.</i> <a name="java"></a>If this option is not\r
+ used all cookies are silently crunched, so that users who\r
+ never want cookies aren't bothered by browsers asking\r
+ whether each cookie should be accepted. However, cookies\r
+ can <a href="ijbfaq.html#breakthrough">still get\r
+ through</a> via <a href=\r
+ "http://www.junkbusters.com/ht/en/links.html#javascript">\r
+ JavaScript</a> and SSL, so alerts should be left on.</p>\r
+\r
+ <p><a name="dropping"></a>In Version 1.2 and later this\r
+ option must be followed by a <a href="ijbfaq.html#crumble">\r
+ filename</a> containing instructions on which sites are\r
+ allowed to receive and set cookies. <a name="drop"></a>By\r
+ default cookies are dropped in both the browser's request\r
+ and the server's response, unless the URL requested matches\r
+ an entry in the <i>cookiefile</i>. The matching algorithm\r
+ is the same as for the blockfile. A leading <code>\r
+ ></code> character allows <a href=\r
+ "ijbfaq.html#directional">server-bound</a> cookies only; a\r
+ <code><</code> allows only browser-bound cookies; a\r
+ <code>~</code> character stops cookies in <a href=\r
+ "ijbfaq.html#crumble">both directions.</a> Thus a\r
+ cookiefile containing a single line with the two characters\r
+ <code>>*</code> will pass on all cookies to servers but\r
+ not give any new ones to the browser.</p>\r
+ </dd>\r
+\r
+ <dt><i><a name="o_j"></a></i><a name=\r
+ "jarfile"></a><code>jarfile</code> <i>\r
+ jarfile</i></dt>\r
+\r
+ <dd>\r
+ <p>All Set-cookie attempts by the server are <a href=\r
+ "ijbfaq.html#jar">logged</a> to <i>jarfile</i>. If no wafer\r
+ is specified, one containing a <a href=\r
+ "ijbfaq.html#notice">canned notice</a> (the <i>vanilla\r
+ wafer</i>) is added as an alert to the server unless the <a\r
+ href="#suppress-vanilla-wafer">suppress-vanilla-wafer</a>\r
+ option is invoked.</p>\r
+ </dd>\r
+\r
+ <dt><i><a name="o_v"></a></i><a name=\r
+ "suppress-vanilla-wafer"></a><code>suppress-vanilla-wafer</code></dt>\r
+\r
+ <dd>\r
+ <p>Suppress the vanilla wafer.</p>\r
+ </dd>\r
+\r
+ <dt><i><a name="o_t"></a></i><a name=\r
+ "from"></a><code>from</code> <i>from</i></dt>\r
+\r
+ <dd>\r
+ <p>If the browser <a href="ijbfaq.html#from">discloses an\r
+ email address</a> in the <code>FROM</code> header (most\r
+ don't), replace it with <i>from.</i> If <i>from</i> is set\r
+ to <b>.</b> (the period character) the <code>FROM</code> is\r
+ passed to the server unchanged. The default is to delete\r
+ the <code>FROM</code> header.</p>\r
+ </dd>\r
+\r
+ <dt><i><a name="o_r"></a></i><a name=\r
+ "referer"></a><code>referer</code> <i>\r
+ referer</i></dt>\r
+\r
+ <dd>\r
+ <p>Whenever the browser discloses the URL that <a href=\r
+ "ijbfaq.html#referer">led to</a> the current request,\r
+ replace it with <i>referer.</i> If <i>referer</i> is set to\r
+ <b>.</b> (period) the URL is passed to the server\r
+ unchanged. If referer is set to <b>@</b> (at) the URL is\r
+ sent in cases where the cookiefile specifies that a cookie\r
+ would be sent. (No way to send bogus referers selectively\r
+ is provided.) The default is to delete Referer.</p>\r
+\r
+ <p><a name="referrer"></a>Junkbuster also accepts the\r
+ spelling <code>referrer</code>, which most dictionaries\r
+ consider correct.</p>\r
+ </dd>\r
+\r
+ <dt><i><a name="o_u"></a></i><a name=\r
+ "user-agent"></a><code>user-agent</code> <i>\r
+ user-agent</i></dt>\r
+\r
+ <dd>\r
+ <p>Information disclosed by the browser <a href=\r
+ "ijbfaq.html#agent">about itself</a> is replaced with the\r
+ value <i>user-agent.</i> If <i>user-agent</i> is set to <b>\r
+ .</b> (period) the <code>User-Agent</code> header is passed\r
+ to the server unchanged, along with any <code>UA</code>\r
+ headers produced by MS-IE (which would otherwise be\r
+ deleted). If <i>user-agent</i> is set to <b>@</b> (at)\r
+ these headers are sent unchanged in cases where the\r
+ cookiefile specifies that a cookie would be sent, otherwise\r
+ only default <code>User-Agent</code> header is sent. That\r
+ default is Mozilla/3.0 (Netscape) with an unremarkable <a\r
+ href="ijbfaq.html#infer">Macintosh</a> configuration. If\r
+ used with a browser less advanced than Mozilla/3.0 or IE-3,\r
+ the default may encourage pages containing extensions that\r
+ confuse the browser.</p>\r
+ </dd>\r
+\r
+ <dt><a name="o_h"></a><a name=\r
+ "listen-address"></a><code>listen-address</code> \r
+ <i>[host][:port]</i></dt>\r
+\r
+ <dd>\r
+ <p>If <i>host</i> is specified, bind the <b><code>\r
+ junkbuster</code></b> to that IP address. If a <i>port</i>\r
+ is specified, use it. The default port is 8000; the default\r
+ host is <code>localhost</code>.</p>\r
+\r
+ <p>This default host setting means that you can only\r
+ connect to the proxy from ther local computer. This is a\r
+ security measure - if you allow anyone to use the proxy,\r
+ then hackers or fraudsters could use it to help hide their\r
+ identity. It also provides a lot of protection against any\r
+ undiscovered security flaws in JunkBuster - if they can't\r
+ connect to it, then they can't attack it.</p>\r
+\r
+ <p>If you change this value, we recommend you <i>either</i>\r
+ set the host to <code>localhost</code>:<br>\r
+ <code>listen-address\r
+ localhost:8080</code><br>\r
+ <i>or</i>, if you want to share a single internet\r
+ connection over your internal network, then set it to the\r
+ address of your internal ethernet card:<br>\r
+ <code>listen-address\r
+ 10.1.1.1:8080</code><br>\r
+ (replace 10.1.1.1 with your internal IP address), <i>\r
+ or</i> set up an <i><a href="#aclfile">aclfile</a></i>. To\r
+ make the proxy accessible from everywhere (e.g. if you're\r
+ using an access control list or if you just don't care\r
+ about security), specify just the port number - e.g:<br>\r
+ <code>listen-address :8000</code><br>\r
+ (This binds the proxy to <b>all</b> IP addresses\r
+ (<code>INADDR_ANY</code>)).</p>\r
+ </dd>\r
+\r
+ <dt><i><a name="o_f"></a></i><a name=\r
+ "forwardfile"></a><code>forwardfile</code> <i>\r
+ forwardfile</i></dt>\r
+\r
+ <dd>\r
+ <p>Junkbuster has a flexible syntax for forwarding HTTP\r
+ requests. This is used e.g. if you are behind a firewall\r
+ and need to connect through it, or if you want to use a\r
+ cacheing proxy to speed up your web browsing.</p>\r
+\r
+ <p>Every line in the forwardfile consists of four\r
+ components, seperated by whitespace. These are:<br>\r
+ <br>\r
+ <code><i>target forward_to via_gateway_type\r
+ gateway</i></code></p>\r
+\r
+ <p><i>target</i> is a pattern used to select which line of\r
+ the forwardfile is used. "<code>*</code>" is the most\r
+ commonly used value, and matches every URL. As usual, the\r
+ last matching <i>target</i> wins. (If no pattern matches, a\r
+ direct connection will be used)</p>\r
+\r
+ <p><i>forward_to</i> specifies the HTTP proxy server to\r
+ use, or "<code>.</code>" for none. This is used to connect\r
+ to a cacheing proxy such as Squid, and for most types of\r
+ firewall. The port number defaults to 8000 if it is not\r
+ specified.</p>\r
+\r
+ <p>Here is a typical line.</p>\r
<pre>\r
* lpwa.com:8000 . .\r
</pre>\r
-<p>\r
-<a name="lines">Each line contains four fields:</a>\r
-<big><kbd>target</kbd></big>,\r
-<big><kbd>forward_to</kbd></big>,\r
-<big><kbd>via_gateway_type</kbd></big>\r
-and\r
-<big><kbd>gateway</kbd></big>.\r
-As usual, the\r
-<a href="ijbman.html#compare">last</a>\r
-<big><kbd>target</kbd></big>\r
-domain that matches the requested\r
-<small>URL</small>\r
-wins,\r
-and the\r
-<big><kbd>*</kbd></big>\r
-character alone matches any domain.\r
-The target domain need not be a fully qualified\r
-hostname; it can be a general domain such as\r
-<big><kbd>com</kbd></big>\r
-or\r
-<big><kbd>co.uk</kbd></big>\r
-or even just a port number.\r
-<a name="nose">For example, because</a>\r
-<a href="http://lpwa.com">LPWA</a>\r
-does not handle\r
-<a href="ijbfaq.html#encrypt">SSL</a>,\r
-the line above will typically be followed by a line such as\r
-<br>\r
+\r
+ <p>The target domain need not be a fully qualified\r
+ hostname; it can be a general domain such as <code>\r
+ com</code> or <code>co.uk</code> or even just a port\r
+ number. <a name="nose"></a>For example, because <a href=\r
+ "http://lpwa.com">LPWA</a> does not handle <a href=\r
+ "ijbfaq.html#encrypt">SSL</a>, the line above will\r
+ typically be followed by a line such as</p>\r
<pre>\r
-:443 . . .\r
+:443 . . .\r
</pre>\r
-to allow SSL transactions to proceed directly.\r
-The cautious would also\r
-add an entry in their blockfile to stop transactions\r
-to port 443 for all but specified trusted sites.\r
-<p>\r
-<a name="forward">If the winning</a>\r
-<big><kbd>forward_to</kbd></big>\r
-field is\r
-<big><kbd>.</kbd></big>\r
-(the dot character) the proxy connects \r
-directly to the server given in the\r
-<small>URL</small>,\r
-otherwise it forwards to the host and port number specified.\r
-The default port is 8000.\r
-The\r
-<big><kbd>via_gateway_type</kbd></big>\r
-and\r
-<big><kbd>gateway</kbd></big>\r
-fields also use a dot to indicate no gateway protocol.\r
-The gateway protocols are explained\r
-<a href="ijbman.html#o_g">below</a>.\r
-<p>\r
-<a name="old">The example line above in a forwardfile alone</a>\r
-would send everything through port 8000 at\r
-<big><kbd>lpwa.com</kbd></big>\r
-with no gateway protocol,\r
-and is equivalent to the old\r
-<big><kbd>-f lpwa.com:8000</kbd></big>\r
-with no\r
-<big><kbd>-g</kbd></big>\r
-option.\r
-For more information see the example file provided with the distribution.\r
-<p>\r
-<a name="loop">Configure with care: no loop detection is performed.</a>\r
-When setting up chains of proxies that might loop back, try adding\r
-<a href="ijbman.html#squid">Squid.</a>\r
-<p><dt><i><a name="o_g">-g gw_protocol[:[gw_host][:gw_port]]</a></i><dd>\r
-Use\r
-<i>gw_protocol</i>\r
-as the gateway protocol.\r
-This option was introduced in Version 1.4,\r
-but was folded into the\r
-<a href="ijbman.html#forwardfile">forwardfile</a>\r
-option in Version 2.0.\r
-The default is to use no gateway protocol;\r
-this may be explicitly specified as\r
-<big><kbd>direct</kbd></big>\r
-on the command line\r
-or the dot character in the forwardfile.\r
-The\r
-<big><kbd>SOCKS4</kbd></big>\r
-protocol may be specified as\r
-<big><kbd>socks</kbd></big>\r
-or\r
-<big><kbd>socks4</kbd></big>.\r
-The\r
-<big><kbd>SOCKS4A</kbd></big>\r
-protocol is specified as\r
-<big><kbd>socks4a</kbd></big>.\r
-The\r
-<big><kbd>SOCKS5</kbd></big>\r
-protocol is not currently supported.\r
-The default\r
-<small>SOCKS</small>\r
-<i>gw_port</i>\r
-is 1080.\r
-<p>\r
-<a name="configure">The user's browser should</a>\r
-<em>not</em>\r
-be\r
-<a href="ijbfaq.html#socks">configured</a>\r
-to use\r
-<big><kbd>SOCKS</kbd></big>;\r
-the proxy conducts the negotiations, not the browser.\r
-<p>\r
-<a name="identify">The user identification capabilities of</a>\r
-<big><kbd>SOCKS4</kbd></big>\r
-are deliberately not used;\r
-the user is always identified to the\r
-<big><kbd>SOCKS</kbd></big>\r
-server as\r
-<big><kbd>userid=anonymous</kbd></big>.\r
-If the server's policy is to reject requests from\r
-<big><kbd>anonymous</kbd></big>,\r
-the proxy will not work.\r
-Use a\r
-<a href="ijbman.html#o_d">debug</a>\r
-value of 3\r
-to see the status returned by the server.\r
-<p><dt><i><a name="o_d">-d N</a></i><br><a name="debug"><tt>debug</tt>  <i>N</i></a><dd>\r
-Set debug mode.\r
-The most common value is 1,\r
-to\r
-<a href="ijbfaq.html#pinpoint">pinpoint</a>\r
-offensive\r
-<small>URL</small>s,\r
-so they can be added to the blockfile.\r
-The value of\r
-<b>N</b>\r
-is a bitwise\r
-logical-<small>OR</small>\r
-of the following values:\r
-<br>\r
-1 = URLs (show each URL requested by the browser);<br>\r
-2 = Connections (show each connection to or from the proxy);<br>\r
-4 = I/O (log I/O errors);<br>\r
-8 = Headers (as each header is scanned, show the header and what is done to it);<br>\r
-16 = Log everything (including debugging traces and the contents of the pages).<br>\r
-<a name="or">Multiple</a>\r
-<big><kbd>debug</kbd></big>\r
-lines are permitted; they are logical OR-ed together.\r
-<p>\r
-<a name="single">Because most browsers send several requests in parallel</a>\r
-the debugging output may appear intermingled, so the\r
-<a href="ijbman.html#single-threaded">single-threaded</a>\r
-option is recommended when using\r
-<a href="ijbman.html#debug">debug</a>\r
-with\r
-<b>N</b>\r
-greater than 1.\r
-<!-- Aside: Yes, it's clumsy, but it's easy to parse. -->\r
-<p><dt><i><a name="o_y">-y</a></i><br><a name="add-forwarded-header"><tt>add-forwarded-header</tt></a><dd>\r
-Add \r
-<big><kbd>X-Forwarded-For</kbd></big>\r
-headers to the server-bound \r
-<small>HTTP</small>\r
-stream\r
-indicating the client \r
-<small>IP</small>\r
-address\r
-<a href="ijbfaq.html#detect">to the server,</a>\r
-in the new style of\r
-<a href="ijbman.html#squid">Squid 1.1.4.</a>\r
-If you want the traditional\r
-<big><kbd>HTTP_FORWARDED</kbd></big>\r
-response header, add it manually with the\r
-<a href="ijbman.html#o_x">-x</a>\r
-option.\r
-<!-- Aside: Not a default, since the end-client usually doesn't wish to be identified, but may be helpful in debugging chains. -->\r
-<p><dt><i><a name="o_x">-x HeaderText</a></i><br><a name="add-header"><tt>add-header</tt>  <i>HeaderText</i></a><dd>\r
-Add the\r
-<i>HeaderText</i>\r
-verbatim to requests to the server.\r
-Typical uses include\r
-adding old-style forwarding notices such as\r
-<big><kbd>Forwarded: by http://pro-privacy-isp.net</kbd></big>\r
-and reinstating the\r
-<big><kbd>Proxy-Connection: Keep-Alive</kbd></big>\r
-header\r
-(which the\r
-<b><kbd>junkbuster</kbd></b>\r
-deletes so as\r
-<a href="ijbfaq.html#detect">not</a>\r
-to reveal its existence).\r
-No checking is done for correctness or plausibility,\r
-so it can be used to throw any old trash into the server-bound \r
-<small>HTTP</small>\r
-stream.\r
-Please don't litter.\r
-<!-- Aside: this represents "more than enough rope" -->\r
-<p><dt><i><a name="o_s">-s</a></i><br><a name="single-threaded"><tt>single-threaded</tt></a><dd>\r
-Doesn't\r
-<big><kbd>fork()</kbd></big>\r
-a separate process\r
-(or create a separate thread)\r
-to handle each connection.\r
-Useful when debugging to keep the process single threaded.\r
-<p><dt><i><a name="o_l">-l logfile</a></i><br><a name="logfile"><tt>logfile</tt>  <i>logfile</i></a><dd>\r
-Write all debugging data into\r
-<i>logfile.</i>\r
-The default\r
-<i>logfile</i>\r
-is the standard output.\r
-<p><dt><br><a name="aclfile"><tt>aclfile</tt>  <i>aclfile</i></a><dd>\r
-Unless this option is used, the proxy talks to anyone who can connect to it,\r
-and everyone who can has equal permissions on where they can go.\r
-An access file allows restrictions to be placed on these two policies,\r
-by distinguishing some\r
-<i><dfn>source</dfn></i>\r
-<small>IP</small>\r
-addresses and/or\r
-some\r
-<i><dfn>destination</dfn></i>\r
-addresses.\r
-(If a\r
-<a href="ijbman.html#forwardfile">forwarder or a gateway</a>\r
-is being used, its address is considered the destination address,\r
-not the ultimate\r
-<small>IP</small>\r
-address of the\r
-<small>URL</small>\r
-requested.)\r
-<p>\r
-<a name="permit">Each line of the access file begins with</a>\r
-either the word\r
-<big><kbd>permit</kbd></big>\r
-or\r
-<big><kbd>deny</kbd></big>\r
-followed by source and (optionally) destination addresses \r
-to be matched against those of the\r
-<small>HTTP</small>\r
-request.\r
-The last matching line specifies the result: if it was a\r
-<big><kbd>deny</kbd></big>\r
-line or if no line matched,\r
-the request will be refused.\r
-<p>\r
-<a name="various">A source or destination</a>\r
-can be specified as a single numeric\r
-<small>IP</small>\r
-address,\r
-or with a hostname, provided that the host's name\r
-can be resolved to a numeric address: this cannot be used to block all\r
-<big><kbd>.mil </kbd></big>\r
-domains for example,\r
-because there is no single address associated with that domain name.\r
-Either form may be followed by a slash and an integer\r
-<big><kbd>N</kbd></big>,\r
-specifying a subnet mask of\r
-<big><kbd>N</kbd></big>\r
-bits.\r
-For example,\r
-<big><kbd>permit 207.153.200.72/24</kbd></big>\r
-matches the entire Class-C subnet from\r
-207.153.200.0\r
-through 207.153.200.255.\r
-(A netmask of 255.255.255.0 corresponds to 24 bits of\r
-ones in the netmask, as with\r
-<big><kbd>*_MASKLEN=24</kbd></big>.)\r
-A value of 16 would be used for a Class-B subnet.\r
-A value of zero for\r
-<big><kbd>N</kbd></big>\r
-in the subnet mask length will cause any address to match;\r
-this can be used to express a default rule.\r
-For more information see the example file provided with the distribution.\r
-<p>\r
-<a name="false">If you like these access controls</a>\r
-you should probably have\r
-<a href="ijbfaq.html#firewall">firewall</a>;\r
-they are not intended to replace one.\r
-<p><dt><br><a name="trustfile"><tt>trustfile</tt>  <i>trustfile</i></a><dd>\r
-This feature is experimental, has not been fully documented and is\r
-very subject to change.\r
-The goal is for parents to be able to choose a page or site whose\r
-links they regard suitable for their\r
-<a href="ijbfaq.html#children">young children</a>\r
-and for the proxy to allow access only to sites mentioned there.\r
-To do this the proxy examines the\r
-<a href="ijbman.html#o_r">referer</a>\r
-variable on each page request to check they resulted from\r
-a click on the ``trusted referer'' site: if so the referred site\r
-is added to a list of trusted sites, so that the child can\r
-then move around that site.\r
-There are several uncertainties in this scheme that experience may be\r
-able to iron out; check back in the months ahead.\r
-<p><dt><br><a name="trust_info_url"><tt>trust_info_url</tt>  <i>trust_info_url</i></a><dd>\r
-When access is denied due to lack of a trusted referer, this\r
-<small>URL</small>\r
-is displayed with a message pointing the user to it for further information.\r
-<p><dt><br><a name="hide-console"><tt>hide-console</tt></a><dd>\r
-In the Windows version only, instructs the program\r
-to disconnect from and hide the command console after starting.\r
-<p><dt><i><a name="o_a">-a</a></i><dd>\r
-(Obsolete) Accept the server's\r
-<big><kbd>Set-cookie</kbd></big>\r
-headers, passing them through to the browser.\r
-<a name="obsolete">This option was removed in Version 1.2</a>\r
-and replaced by an improvement to the\r
-<a href="ijbman.html#o_c">-c</a>\r
-option.\r
-</dl>\r
-</p>\r
-\r
-<h3><a name="install" href="/cgi-bin/gp?pg=ijbman&pr=install"><img border=0 width=14 height=14 src="/images/fb.gif" alt="<Feedback>"></a> \r
-Installation and Use\r
-</h3>\r
-<p>\r
-Browsers must be told where to find the\r
-<b><kbd>junkbuster</kbd></b>\r
-(e.g.\r
-<big><kbd>localhost</kbd></big>\r
-port 8000).\r
-To set the \r
-<small>HTTP</small>\r
-proxy in Netscape 3.0,\r
-go through:\r
-<b><font face="arial, helvetica">\r
-Options</font></b>;\r
-<b><font face="arial, helvetica">\r
-Network Preferences</font></b>;\r
-<b><font face="arial, helvetica">\r
-Proxies</font></b>;\r
-<b><font face="arial, helvetica">\r
-Manual Proxy Configuration</font></b>;\r
-<b><font face="arial, helvetica">\r
-View</font></b>.\r
-See the\r
-<a href="ijbfaq.html"><small>FAQ</small></a>\r
-for other browsers.\r
-The\r
-<a href="ijbfaq.html#security">Security Proxy</a>\r
-should also be set to the same values,\r
-otherwise\r
-<big><kbd>shttp:</kbd></big>\r
-<small>URL</small>s\r
-won't work.\r
-<p>\r
-<a name="limitations">Note the limitations</a>\r
-explained in the\r
-<a href="ijbfaq.html"><small>FAQ</small></a>.\r
-</p>\r
-\r
-<h3><a name="show" href="/cgi-bin/gp?pg=ijbman&pr=show"><img border=0 width=14 height=14 src="/images/fb.gif" alt="<Feedback>"></a> \r
-Checking Options\r
-</h3>\r
-<p>\r
-To allow users to\r
-<a href="ijbfaq.html#show">check</a>\r
-that a\r
-<b><kbd>junkbuster</kbd></b>\r
-is running and how it is configured,\r
-it intercepts requests for any\r
-<small>URL</small>\r
-ending in\r
-<big><kbd>/show-proxy-args</kbd></big>\r
-and blocks it,\r
-returning instead returns information on its\r
-version number and\r
-current configuration\r
-including the contents of its blockfile.\r
-To get an explicit warning that no\r
-<b><kbd>junkbuster</kbd></b>\r
-intervened if the proxy was not configured,\r
-it's best to point it to a\r
-<small>URL</small>\r
-that does this, such as\r
-<a href="http://internet.junkbuster.com/cgi-bin/show-proxy-args">http://internet.junkbuster.com/cgi-bin/show-proxy-args</a>\r
-on Junkbusters's website.\r
-</p>\r
-\r
-<h3><a name="also" href="/cgi-bin/gp?pg=ijbman&pr=also"><img border=0 width=14 height=14 src="/images/fb.gif" alt="<Feedback>"></a> \r
-See Also\r
-</h3>\r
-<p>\r
-<a href="ijbfaq.html">http://www.junkbusters.com/ht/en/ijbfaq.html</a>\r
-<br>\r
-<a href="cookies.html">http://www.junkbusters.com/ht/en/cookies.html</a>\r
-<br>\r
-<a href="http://internet.junkbuster.com/cgi-bin/show-proxy-args">http://internet.junkbuster.com/cgi-bin/show-proxy-args</a>\r
-<br>\r
-<a name ="kristol" href="http://www.cis.ohio-state.edu/htbin/rfc/rfc2109.html">http://www.cis.ohio-state.edu/htbin/rfc/rfc2109.html</a>\r
-<br>\r
-<a name ="squid" href="http://squid.nlanr.net/Squid/">http://squid.nlanr.net/Squid/</a>\r
-<br>\r
-<a href="http://www-math.uni-paderborn.de/~axel/">http://www-math.uni-paderborn.de/~axel/</a>\r
-</p>\r
-\r
-<h3><a name="copyright" href="/cgi-bin/gp?pg=ijbman&pr=copyright"><img border=0 width=14 height=14 src="/images/fb.gif" alt="<Feedback>"></a> \r
-Copyright and GPL\r
-</h3>\r
-<p>\r
-Written and copyright by the Anonymous Coders and Junkbusters Corporation\r
-and made available under the\r
-<a href="gpl.html">GNU General Public License (GPL).</a>\r
-This software comes with\r
-<a href="gpl.html#nowarr">NO WARRANTY.</a>\r
-Internet Junkbuster\r
-Proxy\r
-is a\r
-<a href="legal.html#marks">trademark</a>\r
-of Junkbusters Corporation.\r
-</p>\r
-<p align="center"><a href="#top_of_page"><img border=0 width=250 height=15 src="/images/top.gif" alt="--- Back to Top of Page ---"></a></p>\r
-<font face="arial, helvetica">\r
-<a rel="begin" href="index.html">Home</a> <font color="#ff0000">\r
-<b> · </b></font>\r
-<a rel="next" href="cookies.html">Next</a>\r
-<font color="#ff0000">\r
-<b> · </b></font><a href="lopt.html">Site Map</a>\r
-<font color="#ff0000">\r
-<b> · </b></font><a href="legal.html">Legal</a>\r
-<font color="#ff0000">\r
-<b> · </b></font><a href="junkdata.html">Privacy</a>\r
-<font color="#ff0000">\r
-<b> · </b></font><a href="cookies.html">Cookies</a>\r
-<font color="#ff0000">\r
-<b> · </b></font><a href="ijb.html">Banner Ads</a>\r
-<font color="#ff0000">\r
-<b> · </b></font><a href="telemarketing.html">Telemarketing</a>\r
-<font color="#ff0000">\r
-<b> · </b></font><a href="junkmail.html">Mail</a>\r
-<font color="#ff0000">\r
-<b> · </b></font><a href="junkemail.html">Spam</a>\r
-\r
-</font><form action="/cgi-bin/search" method="GET">\r
-<input type="text" name="q" size=60 maxlength=120 value="">\r
-<input type="submit" value="Search"></form>\r
-<small>\r
-<small>\r
-<p>\r
-<a href="legal.html#copy">Copyright</a> © 1996-8 Junkbusters\r
-<a href="legal.html#marks">®</a> Corporation.\r
-Copying and distribution permitted under\r
-the <a href="gpl.html"><small>GNU</small></a>\r
-General Public License.\r
-</small>\r
-<tt>\r
-1998/10/31\r
-http://www.junkbusters.com/ht/en/ijbman.html\r
-</tt>\r
-<address><kbd>webmaster@junkbusters.com</kbd></address>\r
-</small>\r
-</body>\r
+\r
+ <p>to allow SSL transactions to proceed directly. The\r
+ cautious would also add an entry in their blockfile to stop\r
+ transactions to port 443 for all but specified trusted\r
+ sites.</p>\r
+\r
+ <p><a name="loop"></a>Configure with care: no loop\r
+ detection is performed. When setting up chains of proxies\r
+ that might loop back, try adding <a href="#squid">\r
+ Squid.</a></p>\r
+\r
+ <p><i>via_gateway_type</i> and <i>gateway</i> are used to\r
+ support SOCKS proxies. Some firewalls provide this type of\r
+ proxy. If you do not not want to use a SOCKS proxy, specify\r
+ both of these fields as "<code>.</code>".</p>\r
+\r
+ <p><a name="configure"></a><a name="identify"></a>Note that\r
+ JunkBuster is a SOCKS <b>client</b>, <b>not</b> a SOCKS <b>\r
+ server</b>. The user's browser should <b>not</b> be <a\r
+ href="ijbfaq.html#socks">configured</a> to use <code>\r
+ SOCKS</code>; the proxy conducts the negotiations, not the\r
+ browser.</p>\r
+\r
+ <p>The <code>SOCKS4</code> protocol may be specified by\r
+ setting <i>via_gateway_type</i> to <code>socks</code> or\r
+ <code>socks4</code>. The <code>SOCKS4A</code> protocol is\r
+ specified as <code>socks4a</code>. The <code>SOCKS5</code>\r
+ protocol is not currently supported.</p>\r
+\r
+ <p><i>gateway</i> should be the host and port of the SOCKS\r
+ server. If you just specify a hostname, then the port\r
+ number defaults to 1080.</p>\r
+\r
+ <p>The user identification capabilities of <code>\r
+ SOCKS4</code> are deliberately not used; the user is always\r
+ identified to the <code>SOCKS</code> server as <code>\r
+ userid=anonymous</code>. If the server's policy is to\r
+ reject requests from <code>anonymous</code>, the proxy will\r
+ not work. Use a <a href="#o_d">debug</a> value of 3 to see\r
+ the status returned by the server.</p>\r
+\r
+ <p>If you specify both a HTTP proxy (with <i>\r
+ forward_to</i>) and a SOCKS proxy (with <i>gateway</i>)\r
+ then the SOCKS proxy is used to connect to the HTTP proxy.\r
+ If you just specify a SOCKS proxy, it is used to connect\r
+ directly to the websites.</p>\r
+ </dd>\r
+\r
+ <dt><i><a name="o_d"></a></i><a name=\r
+ "debug"></a><code>debug</code> <i>N</i></dt>\r
+\r
+ <dd>\r
+ <p>Set debug mode. The most common value is 1, to <a href=\r
+ "ijbfaq.html#pinpoint">pinpoint</a> offensive URLs, so they\r
+ can be added to the blockfile. The value of <b>N</b> is a\r
+ bitwise logical-OR of the following values:<br>\r
+ 1 = URLs (show each URL requested by the browser);<br>\r
+ 2 = Connections (show each connection to or from the\r
+ proxy);<br>\r
+ 4 = I/O (log I/O errors);<br>\r
+ 8 = Headers (as each header is scanned, show the header\r
+ and what is done to it);<br>\r
+ 16 = Log everything (including debugging traces and the\r
+ contents of the pages).<br>\r
+ 32 = Record accesses in Common Log Format, as used by most\r
+ web and proxy servers.</p>\r
+\r
+ <p><a name="or"></a>Multiple <code>debug</code> lines are\r
+ permitted; they are logical OR-ed together.</p>\r
+\r
+ <p><a name="single"></a>Because most browsers send several\r
+ requests in parallel the debugging output may appear\r
+ intermingled, so the <a href="#single-threaded">\r
+ single-threaded</a> option is recommended when using <a\r
+ href="#debug">debug</a> with <b>N</b> greater than 1. \r
+ <!-- Aside: Yes, it's clumsy, but it's easy to parse. --></p>\r
+ </dd>\r
+\r
+ <dt><i><a name="o_y"></a></i><a name=\r
+ "add-forwarded-header"></a><code>add-forwarded-header</code></dt>\r
+\r
+ <dd>\r
+ <p>Add <code>X-Forwarded-For</code> headers to the\r
+ server-bound HTTP stream indicating the client IP address\r
+ <a href="ijbfaq.html#detect">to the server,</a> in the new\r
+ style of <a href="#squid">Squid 1.1.4.</a> If you want the\r
+ traditional <code>HTTP_FORWARDED</code> response header,\r
+ add it manually with the <a href="#o_x">-x</a> option. This\r
+ also allows other <code>X-Forwarded-For</code> headers to\r
+ be transmitted - usually they are discarded.</p>\r
+ </dd>\r
+\r
+ <dt><i><a name="o_x"></a></i><a name=\r
+ "add-header"></a><code>add-header</code> <i>\r
+ HeaderText</i></dt>\r
+\r
+ <dd>\r
+ <p>Add the <i>HeaderText</i> verbatim to requests to the\r
+ server. Typical uses include adding old-style forwarding\r
+ notices such as <code>Forwarded: by\r
+ http://pro-privacy-isp.net</code> and reinstating the\r
+ <code>Proxy-Connection: Keep-Alive</code> header (which the\r
+ <b><code>junkbuster</code></b> deletes so as <a href=\r
+ "ijbfaq.html#detect">not</a> to reveal its existence). No\r
+ checking is done for correctness or plausibility, so it can\r
+ be used to throw any old trash into the server-bound HTTP\r
+ stream. Please don't litter. \r
+ <!-- Aside: this represents "more than enough rope" --></p>\r
+ </dd>\r
+\r
+ <dt><i><a name="o_s"></a></i><a name=\r
+ "single-threaded"></a><code>single-threaded</code></dt>\r
+\r
+ <dd>\r
+ <p>Doesn't <code>fork()</code> a separate process (or\r
+ create a separate thread) to handle each connection. Useful\r
+ when debugging to keep the process single threaded.</p>\r
+ </dd>\r
+\r
+ <dt><i><a name="o_l"></a></i><a name=\r
+ "logfile"></a><code>logfile</code> <i>\r
+ logfile</i></dt>\r
+\r
+ <dd>\r
+ <p>Write all debugging data into <i>logfile.</i> The\r
+ default <i>logfile</i> is the standard output.</p>\r
+ </dd>\r
+\r
+ <dt><br>\r
+ <a name="aclfile"></a><code>aclfile</code> <i>\r
+ aclfile</i></dt>\r
+\r
+ <dd>\r
+ <p>Unless this option is used, the proxy talks to anyone\r
+ who can connect to it, and everyone who can has equal\r
+ permissions on where they can go. An access file allows\r
+ restrictions to be placed on these two policies, by\r
+ distinguishing some <i><dfn>source</dfn></i> IP addresses\r
+ and/or some <i><dfn>destination</dfn></i> addresses. (If a\r
+ <a href="#forwardfile">forwarder or a gateway</a> is being\r
+ used, its address is considered the destination address,\r
+ not the ultimate IP address of the URL requested.)</p>\r
+\r
+ <p><a name="permit"></a>Each line of the access file begins\r
+ with either the word <code>permit</code> or <code>\r
+ deny</code> followed by source and (optionally) destination\r
+ addresses to be matched against those of the HTTP request.\r
+ The last matching line specifies the result: if it was a\r
+ <code>deny</code> line or if no line matched, the request\r
+ will be refused.</p>\r
+\r
+ <p><a name="various"></a>A source or destination can be\r
+ specified as a single numeric IP address, or with a\r
+ hostname, provided that the host's name can be resolved to\r
+ a numeric address: this cannot be used to block all <code>\r
+ .mil</code> domains for example, because there is no single\r
+ address associated with that domain name. Either form may\r
+ be followed by a slash and an integer <code>N</code>,\r
+ specifying a subnet mask of <code>N</code> bits. For\r
+ example, <code>permit 207.153.200.72/24</code> matches the\r
+ entire Class-C subnet from 207.153.200.0 through\r
+ 207.153.200.255. (A netmask of 255.255.255.0 corresponds to\r
+ 24 bits of ones in the netmask, as with <code>\r
+ *_MASKLEN=24</code>.) A value of 16 would be used for a\r
+ Class-B subnet. A value of zero for <code>N</code> in the\r
+ subnet mask length will cause any address to match; this\r
+ can be used to express a default rule. For more information\r
+ see the example file provided with the distribution.</p>\r
+\r
+ <p><a name="false"></a>If you like these access controls\r
+ you should probably have <a href="ijbfaq.html#firewall">\r
+ firewall</a>; they are not intended to replace one.</p>\r
+ </dd>\r
+\r
+ <dt><br>\r
+ <a name="trustfile"></a><code>trustfile</code> \r
+ <i>trustfile</i></dt>\r
+\r
+ <dd>\r
+ <p>This feature is experimental, has not been fully\r
+ documented and is very subject to change. The goal is for\r
+ parents to be able to choose a page or site whose links\r
+ they regard suitable for their <a href=\r
+ "ijbfaq.html#children">young children</a> and for the proxy\r
+ to allow access only to sites mentioned there. To do this\r
+ the proxy examines the <a href="#o_r">referer</a> variable\r
+ on each page request to check they resulted from a click on\r
+ the ``trusted referer'' site: if so the referred site is\r
+ added to a list of trusted sites, so that the child can\r
+ then move around that site. There are several uncertainties\r
+ in this scheme that experience may be able to iron out;\r
+ check back in the months ahead.</p>\r
+ </dd>\r
+\r
+ <dt><br>\r
+ <a name="trust_info_url">\r
+ </a><code>trust_info_url</code> <i>\r
+ trust_info_url</i></dt>\r
+\r
+ <dd>\r
+ <p>When access is denied due to lack of a trusted referer,\r
+ this URL is displayed with a message pointing the user to\r
+ it for further information.</p>\r
+ </dd>\r
+\r
+ <dt><br>\r
+ <a name="hide-console"></a><code>hide-console</code></dt>\r
+\r
+ <dd>\r
+ <p>In the Windows command-line version only, instructs the\r
+ program to disconnect from and hide the command console\r
+ after starting.</p>\r
+ </dd>\r
+ </dl>\r
+\r
+ <h3><a name="install"></a><img border="0" src="fb.gif" alt="*"\r
+ width="14" height="14"> Installation and Use</h3>\r
+\r
+ <p>Browsers must be told where to find the <b><code>\r
+ junkbuster</code></b> (e.g. <code>localhost</code> port 8000).\r
+ To set the HTTP proxy in Netscape 3.0, go through: <b class=\r
+ "eg">Options</b>; <b class="eg">Network Preferences</b>; <b\r
+ class="eg">Proxies</b>; <b class="eg">Manual Proxy\r
+ Configuration</b>; <b class="eg">View</b>. See the <a href=\r
+ "ijbfaq.html">FAQ</a> for other browsers. The <a href=\r
+ "ijbfaq.html#security">Security Proxy</a> should also be set to\r
+ the same values, otherwise <code>shttp:</code> URLs won't\r
+ work.</p>\r
+\r
+ <p><a name="limitations"></a>Note the limitations explained in\r
+ the <a href="ijbfaq.html">FAQ</a>.</p>\r
+\r
+ <h3><a name="show"></a><img border="0" src="fb.gif" alt="*"\r
+ width="14" height="14"> Checking Options</h3>\r
+\r
+ <p>To allow users to <a href="ijbfaq.html#show">check</a> that\r
+ a <b><code>junkbuster</code></b> is running and how it is\r
+ configured, it intercepts requests for any URL ending in <code>\r
+ /show-proxy-args</code> and blocks it, returning instead\r
+ returns information on its version number and current\r
+ configuration including the contents of its blockfile. To get\r
+ an explicit warning that no <b><code>junkbuster</code></b>\r
+ intervened if the proxy was not configured, it's best to point\r
+ it to a URL that does this, such as <a href=\r
+ "http://internet.junkbuster.com/cgi-bin/show-proxy-args">\r
+ http://internet.junkbuster.com/cgi-bin/show-proxy-args</a> on\r
+ Junkbusters's website.</p>\r
+\r
+ <h3><a name="also"></a><img border="0" src="fb.gif" alt="*"\r
+ width="14" height="14"> See Also</h3>\r
+\r
+ <p><a href="ijbfaq.html">\r
+ http://www.junkbusters.com/ht/en/ijbfaq.html</a><br>\r
+ <a href="http://www.junkbusters.com/ht/en/cookies.html">\r
+ http://www.junkbusters.com/ht/en/cookies.html</a><br>\r
+ <a href=\r
+ "http://internet.junkbuster.com/cgi-bin/show-proxy-args">\r
+ http://internet.junkbuster.com/cgi-bin/show-proxy-args</a><br>\r
+ <a name="kristol"></a><a href=\r
+ "http://www.cis.ohio-state.edu/htbin/rfc/rfc2109.html">http://www.cis.ohio-state.edu/htbin/rfc/rfc2109.html</a><br>\r
+\r
+ <a name="squid"></a><a href=\r
+ "http://squid.nlanr.net/Squid/">http://squid.nlanr.net/Squid/</a><br>\r
+\r
+ <a href="http://www-math.uni-paderborn.de/~axel/">\r
+ http://www-math.uni-paderborn.de/~axel/</a></p>\r
+\r
+ <h3><a name="copyright"></a><img border="0" src="fb.gif" alt=\r
+ "*" width="14" height="14"> Copyright and GPL</h3>\r
+\r
+ <p>Written and copyright by the Anonymous Coders and\r
+ Junkbusters Corporation and made available under the <a href=\r
+ "gpl.html">GNU General Public License (GPL).</a> This software\r
+ comes with <a href="gpl.html#nowarr">NO WARRANTY.</a> Internet\r
+ Junkbuster Proxy is a <a href=\r
+ "http://www.junkbusters.com/ht/en/legal.html#marks">\r
+ trademark</a> of Junkbusters Corporation.</p>\r
+\r
+ <p align="center"><a href="#top_of_page"><img border="0" src=\r
+ "top.gif" alt="--- Back to Top of Page ---" width="250" height=\r
+ "15"></a></p>\r
+\r
+ <p class="sans"><a href="http://ijbswa.sourceforge.net/">\r
+ Website</a> <b class="dot">·</b> <b>Manual</b> <b class=\r
+ "dot">·</b> <a href="ijbfaq.html">FAQ</a> <b class=\r
+ "dot">·</b> <a href="gpl.html">GPL</a></p>\r
+\r
+ <p class="sans"><small><small><a href="gpl.html#text">\r
+ Copyright</a> © 1996-8 <a href=\r
+ "http://www.junkbusters.com/">Junkbusters</a> <a href=\r
+ "http://www.junkbusters.com/ht/en/legal.html#marks">®</a>\r
+ Corporation. <a href="gpl.html#text">Copyright</a> © 2001\r
+ <a href="http://sourceforge.net/projects/ijbswa/">Jon\r
+ Foster</a>. Copying and distribution permitted under the <a\r
+ href="gpl.html">GNU</a> General Public\r
+ License.</small></small></p>\r
+\r
+ <p><small><code><a href=\r
+ "http://sourceforge.net/projects/ijbswa/">\r
+ http://sourceforge.net/projects/ijbswa/</a></code></small></p>\r
+ </body>\r
</html>\r
+\r