--- /dev/null
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">\r
+<!-- $Id: ijbman.html,v 1.2 2001/05/17 22:56:17 jongfoster Exp $\r
+\r
+ See copyright details at end of file\r
+\r
+ After changing this file, please run it through "HTML Tidy"\r
+ (from http://www.w3.org/People/Raggett/tidy/)\r
+ It should have no warnings or errors.\r
+-->\r
+\r
+<html>\r
+ <head>\r
+ <title>Internet Junkbuster Technical Information</title>\r
+ <meta name="description" content=\r
+ "The manual page for the Internet Junkbuster, free software to removes banner ads, cookies, and other stuff you don't want from your web browser.">\r
+ <meta name="keywords" content=\r
+ "stop, junk, busters, junkbusters, junkbuster, mail, email, e-mail, direct, spam, privacy, sharing, names, renting, direct, marketing, database, databases, junk mail, lists, environment, consumer, sending, opt out ">\r
+<style type="text/css">\r
+<!--\r
+h2 { text-align: Center; font-family: arial, helvetica, sans-serif }\r
+p.sans { font-family: arial, helvetica, sans-serif }\r
+b.dot { color: #FF0000 }\r
+b.eg { font-family: arial, helvetica, sans-serif }\r
+-->\r
+</style>\r
+ </head>\r
+\r
+ <body bgcolor="#f8f8f0" link="#000078" alink="#ff0022" vlink=\r
+ "#787878">\r
+ <p class="sans"><a href="http://ijbswa.sourceforge.net/">\r
+ Website</a> <b class="dot">·</b> <b>Manual</b> <b class=\r
+ "dot">·</b> <a href="ijbfaq.html">FAQ</a> <b class=\r
+ "dot">·</b> <a href="gpl.html">GPL</a></p>\r
+\r
+ <h1 align="center"><a name="top_of_page"></a>Internet\r
+ J<small>UNK<i style="color: #FF0000">BUSTER</i></small>\r
+ Technical Information</h1>\r
+\r
+ <p align="center" class="sans"><a href="#description">\r
+ Options</a> <b class="dot">·</b> <a href="#show">\r
+ Checking Options</a> <b class="dot">·</b> <a href=\r
+ "#install">Installation</a> <b class="dot">·</b> <a\r
+ href="#copyright">Copyright</a> <b class="dot">·</b> <a\r
+ href="ijbfaq.html#top_of_page">(FAQ)</a></p>\r
+\r
+ <h1>This document is out of date</h1>\r
+\r
+ <p><b>Development of JunkBuster is ongoing and this document is\r
+ no longer current. However, it may provide some assistance. If\r
+ you have problems, please use the <a href=\r
+ "http://groups.yahoo.com/group/junkbuster-users/">Yahoo Groups\r
+ mailing list</a> (which includes an archive of mail), the\r
+ SourceForge.net <a href=\r
+ "http://sourceforge.net/projects/ijbswa/">project page</a>, or\r
+ see the project's <a href="http://ijbswa.sourceforge.net/">home\r
+ page</a>. Please also bear in mind that versions 2.9.x of\r
+ JunkBuster are development releases, and are not production\r
+ quality.</b></p>\r
+\r
+ <h2><a name="man"></a>Manual Page</h2>\r
+\r
+ <p>A copy of this page in standard <code>man</code> macro\r
+ format is included in the <a href="ijbfaq.html#tar">tar\r
+ archive</a>.</p>\r
+\r
+ <h3><a name="name"></a><img border="0" src="fb.gif" alt="*"\r
+ width="14" height="14"> Name</h3>\r
+\r
+ <p><b><code>junkbuster</code></b> - The Internet Junkbuster\r
+ Proxy <a href=\r
+ "http://www.junkbusters.com/ht/en/legal.html#marks"><small>\r
+ <sup>TM</sup></small></a></p>\r
+\r
+ <h3><a name="synopsis"></a><img border="0" src="fb.gif" alt="*"\r
+ width="14" height="14"> Synopsis</h3>\r
+\r
+ <p><code><b>junkbuster</b></code> <i>configfile</i> (Unix)<br>\r
+ <b><code>junkbstr.exe</code></b> [<i>configfile</i>]\r
+ (Windows)</p>\r
+\r
+ <h3><a name="description"></a><img border="0" src="fb.gif" alt=\r
+ "*" width="14" height="14"> Description</h3>\r
+\r
+ <p><b><code>junkbuster</code></b> is an instrumentable proxy\r
+ that filters the HTTP stream between web servers and browsers.\r
+ Its main purposes are to block adverts and enhance privacy.</p>\r
+\r
+ <p><a name="dual"></a>It is configured using a configuration\r
+ file and several files listing URL patterns. The\r
+ configuration file must be specified on the command line. \r
+ The Windows version will default to using the configuration\r
+ file <code>junkbstr.ini</code> if it exists and no argument was\r
+ given.</p>\r
+\r
+ <p><a name="reread"></a>All files except the main configuration\r
+ file are checked for changes before each page is fetched, so\r
+ they may edited without restarting the proxy.</p>\r
+\r
+ <h4>Options</h4>\r
+\r
+ <dl>\r
+ <dt><i><a name="o_b"></a></i><a name=\r
+ "blockfile"></a><code>blockfile</code> <i>\r
+ blockfile</i></dt>\r
+\r
+ <dd>\r
+ <p><a href="ijbfaq.html#blocking">Block</a> requests to\r
+ URLs matching any pattern given in the lines of the <i>\r
+ blockfile</i>. The <b><code>junkbuster</code></b> instead\r
+ returns status 202, indicating that the request has been\r
+ accepted (though not completed), and a <a href=\r
+ "ijbfaq.html#show">message identifying itself</a> (though\r
+ the browser may display only a broken image icon). \r
+ The syntax of a pattern is <code>\r
+ [domain][:port][/path]</code> (the <code>http://</code> or\r
+ <code>https://</code> protocol part is omitted). To decide\r
+ if a pattern matches a target, the domains are compared\r
+ first, then the paths.</p>\r
+\r
+ <p><a name="compare"></a>To compare the domains, the\r
+ pattern domain and the target domain specified in the URL\r
+ are each broken into their components. (Components are\r
+ separated by the <code>.</code> (period) character.) Next\r
+ each of the target components is compared with the\r
+ corresponding pattern component: last with last,\r
+ next-to-last with next-to-last, and so on. (This is called\r
+ <i><dfn>right-anchored</dfn></i> matching.) If all of the\r
+ pattern components find their match in the target, then the\r
+ domains are considered a match. Case is irrelevant when\r
+ comparing domain components.</p>\r
+\r
+ <p><a name="substring"></a>A successfully matching pattern\r
+ can be an anchored substring of a target, but not vice\r
+ versa. Thus if a pattern doesn't specify a domain, it\r
+ matches all domains. <a name="wildcard"></a>Furthermore,\r
+ when comparing two components, the components must either\r
+ match in their entirety or up to a wildcard <code>*</code>\r
+ (star character) in the pattern. The wildcard feature\r
+ implements only a "prefix" match capability ("abc*" vs.\r
+ "abcdefg"), not suffix matching ("*efg" vs. "abcdefg") or\r
+ infix matching ("abc*efg" vs. "abcdefg"). The feature is\r
+ restricted to the domain component; it is unrelated to the\r
+ optional regular expression feature in the path <a href=\r
+ "#regex">(described below).</a></p>\r
+\r
+ <p><a name="numeric"></a>If a numeric port is specified in\r
+ the pattern domain, then the target port must match as\r
+ well. The default port in a target is port 80.</p>\r
+\r
+ <p><a name="onward"></a>If the domain and port match, then\r
+ the target URL path is checked for a match against the path\r
+ in the pattern. Paths are compared with a simple\r
+ case-sensitive left-anchored substring comparison. Once\r
+ again, the pattern can be an anchored substring of the\r
+ target, but not vice versa. A path of <code>/</code>\r
+ (slash) would match all paths. Wildcards are not considered\r
+ in path comparisons.</p>\r
+\r
+ <p><a name="example"></a>For example, the target URL<br>\r
+ <code>\r
+ the.yellow-brick-road.com/TinMan/has_no_brain</code><br>\r
+ would be matched (and blocked) by the following\r
+ patterns<br>\r
+ <code>yellow-brick-road.com</code><br>\r
+ and<br>\r
+ <code>Yellow*.COM</code><br>\r
+ and<br>\r
+ <code>/TinM</code><br>\r
+ but not<br>\r
+ <code>\r
+ follow.the.yellow-brick-road.com</code><br>\r
+ or<br>\r
+ <code>/tinman</code><br>\r
+ </p>\r
+\r
+ <p><a name="comments"></a>Comments in a blockfile start\r
+ with a <code>#</code> (hash) character and end at a new\r
+ line. Blank lines are also ignored.</p>\r
+\r
+ <p><a name="except"></a>Lines beginning with a <code>\r
+ ~</code> (tilde) character are taken to be <a href=\r
+ "ijbfaq.html#exceptions">exceptions:</a> a URL blocked by\r
+ previous patterns that matches the rest of the line is let\r
+ through. (The last match wins.)</p>\r
+\r
+ <p><a name="regex"></a>Patterns may contain POSIX <a href=\r
+ "ijbfaq.html#regex">regular expressions</a> provided the\r
+ <b><code>junkbuster</code></b> was compiled with this\r
+ option (the default in Version 2.0 on). The idiom <code>\r
+ /*.*/ad</code> can then be used to match any URL containing\r
+ <code>/ad</code> (such as <code>\r
+ http://nomatterwhere.com/images/advert/g3487.gif</code> for\r
+ example). These expressions <a href="#substring">don't\r
+ work</a> in the domain part.</p>\r
+\r
+ <p><a name="rereads"></a>In version 1.3 and later the\r
+ blockfile and cookiefile are checked for changes before\r
+ each request.</p>\r
+ </dd>\r
+\r
+ <dt><i><a name="o_w"></a></i><a name=\r
+ "wafer"></a><code>wafer</code> <i>\r
+ NAME=VALUE</i></dt>\r
+\r
+ <dd>\r
+ <p>Specifies a pair to be sent as a cookie with every\r
+ request <a href="ijbfaq.html#wafers">to the server.</a>\r
+ (Such boring cookies are called <i>wafers</i>.) This option\r
+ may be called more than once to generate multiple wafers.\r
+ The original Netscape specification prohibited semi-colons,\r
+ commas and white space; these characters will be\r
+ URL-encoded if used in wafers. \r
+ <!-- Aside: genuine cookies are not encoded --> \r
+ <!-- Aside: we could use quoted string as specified in the new RFC -->\r
+ The Path and Domain attributes are not currently\r
+ supported.</p>\r
+ </dd>\r
+\r
+ <dt><i><a name="o_c"></a></i><a name=\r
+ "cookiefile"></a><code>cookiefile</code> <i>\r
+ cookiefile</i></dt>\r
+\r
+ <dd>\r
+ <p>Enforce the cookie management policy specified in the\r
+ <i>cookiefile.</i> <a name="java"></a>If this option is not\r
+ used all cookies are silently crunched, so that users who\r
+ never want cookies aren't bothered by browsers asking\r
+ whether each cookie should be accepted. However, cookies\r
+ can <a href="ijbfaq.html#breakthrough">still get\r
+ through</a> via <a href=\r
+ "http://www.junkbusters.com/ht/en/links.html#javascript">\r
+ JavaScript</a> and SSL, so alerts should be left on.</p>\r
+\r
+ <p><a name="dropping"></a>In Version 1.2 and later this\r
+ option must be followed by a <a href="ijbfaq.html#crumble">\r
+ filename</a> containing instructions on which sites are\r
+ allowed to receive and set cookies. <a name="drop"></a>By\r
+ default cookies are dropped in both the browser's request\r
+ and the server's response, unless the URL requested matches\r
+ an entry in the <i>cookiefile</i>. The matching algorithm\r
+ is the same as for the blockfile. A leading <code>\r
+ ></code> character allows <a href=\r
+ "ijbfaq.html#directional">server-bound</a> cookies only; a\r
+ <code><</code> allows only browser-bound cookies; a\r
+ <code>~</code> character stops cookies in <a href=\r
+ "ijbfaq.html#crumble">both directions.</a> Thus a\r
+ cookiefile containing a single line with the two characters\r
+ <code>>*</code> will pass on all cookies to servers but\r
+ not give any new ones to the browser.</p>\r
+ </dd>\r
+\r
+ <dt><i><a name="o_j"></a></i><a name=\r
+ "jarfile"></a><code>jarfile</code> <i>\r
+ jarfile</i></dt>\r
+\r
+ <dd>\r
+ <p>All Set-cookie attempts by the server are <a href=\r
+ "ijbfaq.html#jar">logged</a> to <i>jarfile</i>. If no wafer\r
+ is specified, one containing a <a href=\r
+ "ijbfaq.html#notice">canned notice</a> (the <i>vanilla\r
+ wafer</i>) is added as an alert to the server unless the <a\r
+ href="#suppress-vanilla-wafer">suppress-vanilla-wafer</a>\r
+ option is invoked.</p>\r
+ </dd>\r
+\r
+ <dt><i><a name="o_v"></a></i><a name=\r
+ "suppress-vanilla-wafer"></a><code>suppress-vanilla-wafer</code></dt>\r
+\r
+ <dd>\r
+ <p>Suppress the vanilla wafer.</p>\r
+ </dd>\r
+\r
+ <dt><i><a name="o_t"></a></i><a name=\r
+ "from"></a><code>from</code> <i>from</i></dt>\r
+\r
+ <dd>\r
+ <p>If the browser <a href="ijbfaq.html#from">discloses an\r
+ email address</a> in the <code>FROM</code> header (most\r
+ don't), replace it with <i>from.</i> If <i>from</i> is set\r
+ to <b>.</b> (the period character) the <code>FROM</code> is\r
+ passed to the server unchanged. The default is to delete\r
+ the <code>FROM</code> header.</p>\r
+ </dd>\r
+\r
+ <dt><i><a name="o_r"></a></i><a name=\r
+ "referer"></a><code>referer</code> <i>\r
+ referer</i></dt>\r
+\r
+ <dd>\r
+ <p>Whenever the browser discloses the URL that <a href=\r
+ "ijbfaq.html#referer">led to</a> the current request,\r
+ replace it with <i>referer.</i> If <i>referer</i> is set to\r
+ <b>.</b> (period) the URL is passed to the server\r
+ unchanged. If referer is set to <b>@</b> (at) the URL is\r
+ sent in cases where the cookiefile specifies that a cookie\r
+ would be sent. (No way to send bogus referers selectively\r
+ is provided.) The default is to delete Referer.</p>\r
+\r
+ <p><a name="referrer"></a>Junkbuster also accepts the\r
+ spelling <code>referrer</code>, which most dictionaries\r
+ consider correct.</p>\r
+ </dd>\r
+\r
+ <dt><i><a name="o_u"></a></i><a name=\r
+ "user-agent"></a><code>user-agent</code> <i>\r
+ user-agent</i></dt>\r
+\r
+ <dd>\r
+ <p>Information disclosed by the browser <a href=\r
+ "ijbfaq.html#agent">about itself</a> is replaced with the\r
+ value <i>user-agent.</i> If <i>user-agent</i> is set to <b>\r
+ .</b> (period) the <code>User-Agent</code> header is passed\r
+ to the server unchanged, along with any <code>UA</code>\r
+ headers produced by MS-IE (which would otherwise be\r
+ deleted). If <i>user-agent</i> is set to <b>@</b> (at)\r
+ these headers are sent unchanged in cases where the\r
+ cookiefile specifies that a cookie would be sent, otherwise\r
+ only default <code>User-Agent</code> header is sent. That\r
+ default is Mozilla/3.0 (Netscape) with an unremarkable <a\r
+ href="ijbfaq.html#infer">Macintosh</a> configuration. If\r
+ used with a browser less advanced than Mozilla/3.0 or IE-3,\r
+ the default may encourage pages containing extensions that\r
+ confuse the browser.</p>\r
+ </dd>\r
+\r
+ <dt><a name="o_h"></a><a name=\r
+ "listen-address"></a><code>listen-address</code> \r
+ <i>[host][:port]</i></dt>\r
+\r
+ <dd>\r
+ <p>If <i>host</i> is specified, bind the <b><code>\r
+ junkbuster</code></b> to that IP address. If a <i>port</i>\r
+ is specified, use it. The default port is 8000; the default\r
+ host is <code>localhost</code>.</p>\r
+\r
+ <p>This default host setting means that you can only\r
+ connect to the proxy from ther local computer. This is a\r
+ security measure - if you allow anyone to use the proxy,\r
+ then hackers or fraudsters could use it to help hide their\r
+ identity. It also provides a lot of protection against any\r
+ undiscovered security flaws in JunkBuster - if they can't\r
+ connect to it, then they can't attack it.</p>\r
+\r
+ <p>If you change this value, we recommend you <i>either</i>\r
+ set the host to <code>localhost</code>:<br>\r
+ <code>listen-address\r
+ localhost:8080</code><br>\r
+ <i>or</i>, if you want to share a single internet\r
+ connection over your internal network, then set it to the\r
+ address of your internal ethernet card:<br>\r
+ <code>listen-address\r
+ 10.1.1.1:8080</code><br>\r
+ (replace 10.1.1.1 with your internal IP address), <i>\r
+ or</i> set up an <i><a href="#aclfile">aclfile</a></i>. To\r
+ make the proxy accessible from everywhere (e.g. if you're\r
+ using an access control list or if you just don't care\r
+ about security), specify just the port number - e.g:<br>\r
+ <code>listen-address :8000</code><br>\r
+ (This binds the proxy to <b>all</b> IP addresses\r
+ (<code>INADDR_ANY</code>)).</p>\r
+ </dd>\r
+\r
+ <dt><i><a name="o_f"></a></i><a name=\r
+ "forwardfile"></a><code>forwardfile</code> <i>\r
+ forwardfile</i></dt>\r
+\r
+ <dd>\r
+ <p>Junkbuster has a flexible syntax for forwarding HTTP\r
+ requests. This is used e.g. if you are behind a firewall\r
+ and need to connect through it, or if you want to use a\r
+ cacheing proxy to speed up your web browsing.</p>\r
+\r
+ <p>Every line in the forwardfile consists of four\r
+ components, seperated by whitespace. These are:<br>\r
+ <br>\r
+ <code><i>target forward_to via_gateway_type\r
+ gateway</i></code></p>\r
+\r
+ <p><i>target</i> is a pattern used to select which line of\r
+ the forwardfile is used. "<code>*</code>" is the most\r
+ commonly used value, and matches every URL. As usual, the\r
+ last matching <i>target</i> wins. (If no pattern matches, a\r
+ direct connection will be used)</p>\r
+\r
+ <p><i>forward_to</i> specifies the HTTP proxy server to\r
+ use, or "<code>.</code>" for none. This is used to connect\r
+ to a cacheing proxy such as Squid, and for most types of\r
+ firewall. The port number defaults to 8000 if it is not\r
+ specified.</p>\r
+\r
+ <p>Here is a typical line.</p>\r
+<pre>\r
+* lpwa.com:8000 . .\r
+</pre>\r
+\r
+ <p>The target domain need not be a fully qualified\r
+ hostname; it can be a general domain such as <code>\r
+ com</code> or <code>co.uk</code> or even just a port\r
+ number. <a name="nose"></a>For example, because <a href=\r
+ "http://lpwa.com">LPWA</a> does not handle <a href=\r
+ "ijbfaq.html#encrypt">SSL</a>, the line above will\r
+ typically be followed by a line such as</p>\r
+<pre>\r
+:443 . . .\r
+</pre>\r
+\r
+ <p>to allow SSL transactions to proceed directly. The\r
+ cautious would also add an entry in their blockfile to stop\r
+ transactions to port 443 for all but specified trusted\r
+ sites.</p>\r
+\r
+ <p><a name="loop"></a>Configure with care: no loop\r
+ detection is performed. When setting up chains of proxies\r
+ that might loop back, try adding <a href="#squid">\r
+ Squid.</a></p>\r
+\r
+ <p><i>via_gateway_type</i> and <i>gateway</i> are used to\r
+ support SOCKS proxies. Some firewalls provide this type of\r
+ proxy. If you do not not want to use a SOCKS proxy, specify\r
+ both of these fields as "<code>.</code>".</p>\r
+\r
+ <p><a name="configure"></a><a name="identify"></a>Note that\r
+ JunkBuster is a SOCKS <b>client</b>, <b>not</b> a SOCKS <b>\r
+ server</b>. The user's browser should <b>not</b> be <a\r
+ href="ijbfaq.html#socks">configured</a> to use <code>\r
+ SOCKS</code>; the proxy conducts the negotiations, not the\r
+ browser.</p>\r
+\r
+ <p>The <code>SOCKS4</code> protocol may be specified by\r
+ setting <i>via_gateway_type</i> to <code>socks</code> or\r
+ <code>socks4</code>. The <code>SOCKS4A</code> protocol is\r
+ specified as <code>socks4a</code>. The <code>SOCKS5</code>\r
+ protocol is not currently supported.</p>\r
+\r
+ <p><i>gateway</i> should be the host and port of the SOCKS\r
+ server. If you just specify a hostname, then the port\r
+ number defaults to 1080.</p>\r
+\r
+ <p>The user identification capabilities of <code>\r
+ SOCKS4</code> are deliberately not used; the user is always\r
+ identified to the <code>SOCKS</code> server as <code>\r
+ userid=anonymous</code>. If the server's policy is to\r
+ reject requests from <code>anonymous</code>, the proxy will\r
+ not work. Use a <a href="#o_d">debug</a> value of 3 to see\r
+ the status returned by the server.</p>\r
+\r
+ <p>If you specify both a HTTP proxy (with <i>\r
+ forward_to</i>) and a SOCKS proxy (with <i>gateway</i>)\r
+ then the SOCKS proxy is used to connect to the HTTP proxy.\r
+ If you just specify a SOCKS proxy, it is used to connect\r
+ directly to the websites.</p>\r
+ </dd>\r
+\r
+ <dt><i><a name="o_d"></a></i><a name=\r
+ "debug"></a><code>debug</code> <i>N</i></dt>\r
+\r
+ <dd>\r
+ <p>Set debug mode. The most common value is 1, to <a href=\r
+ "ijbfaq.html#pinpoint">pinpoint</a> offensive URLs, so they\r
+ can be added to the blockfile. The value of <b>N</b> is a\r
+ bitwise logical-OR of the following values:<br>\r
+ 1 = URLs (show each URL requested by the browser);<br>\r
+ 2 = Connections (show each connection to or from the\r
+ proxy);<br>\r
+ 4 = I/O (log I/O errors);<br>\r
+ 8 = Headers (as each header is scanned, show the header\r
+ and what is done to it);<br>\r
+ 16 = Log everything (including debugging traces and the\r
+ contents of the pages).<br>\r
+ 32 = Record accesses in Common Log Format, as used by most\r
+ web and proxy servers.</p>\r
+\r
+ <p><a name="or"></a>Multiple <code>debug</code> lines are\r
+ permitted; they are logical OR-ed together.</p>\r
+\r
+ <p><a name="single"></a>Because most browsers send several\r
+ requests in parallel the debugging output may appear\r
+ intermingled, so the <a href="#single-threaded">\r
+ single-threaded</a> option is recommended when using <a\r
+ href="#debug">debug</a> with <b>N</b> greater than 1. \r
+ <!-- Aside: Yes, it's clumsy, but it's easy to parse. --></p>\r
+ </dd>\r
+\r
+ <dt><i><a name="o_y"></a></i><a name=\r
+ "add-forwarded-header"></a><code>add-forwarded-header</code></dt>\r
+\r
+ <dd>\r
+ <p>Add <code>X-Forwarded-For</code> headers to the\r
+ server-bound HTTP stream indicating the client IP address\r
+ <a href="ijbfaq.html#detect">to the server,</a> in the new\r
+ style of <a href="#squid">Squid 1.1.4.</a> If you want the\r
+ traditional <code>HTTP_FORWARDED</code> response header,\r
+ add it manually with the <a href="#o_x">-x</a> option. This\r
+ also allows other <code>X-Forwarded-For</code> headers to\r
+ be transmitted - usually they are discarded.</p>\r
+ </dd>\r
+\r
+ <dt><i><a name="o_x"></a></i><a name=\r
+ "add-header"></a><code>add-header</code> <i>\r
+ HeaderText</i></dt>\r
+\r
+ <dd>\r
+ <p>Add the <i>HeaderText</i> verbatim to requests to the\r
+ server. Typical uses include adding old-style forwarding\r
+ notices such as <code>Forwarded: by\r
+ http://pro-privacy-isp.net</code> and reinstating the\r
+ <code>Proxy-Connection: Keep-Alive</code> header (which the\r
+ <b><code>junkbuster</code></b> deletes so as <a href=\r
+ "ijbfaq.html#detect">not</a> to reveal its existence). No\r
+ checking is done for correctness or plausibility, so it can\r
+ be used to throw any old trash into the server-bound HTTP\r
+ stream. Please don't litter. \r
+ <!-- Aside: this represents "more than enough rope" --></p>\r
+ </dd>\r
+\r
+ <dt><i><a name="o_s"></a></i><a name=\r
+ "single-threaded"></a><code>single-threaded</code></dt>\r
+\r
+ <dd>\r
+ <p>Doesn't <code>fork()</code> a separate process (or\r
+ create a separate thread) to handle each connection. Useful\r
+ when debugging to keep the process single threaded.</p>\r
+ </dd>\r
+\r
+ <dt><i><a name="o_l"></a></i><a name=\r
+ "logfile"></a><code>logfile</code> <i>\r
+ logfile</i></dt>\r
+\r
+ <dd>\r
+ <p>Write all debugging data into <i>logfile.</i> The\r
+ default <i>logfile</i> is the standard output.</p>\r
+ </dd>\r
+\r
+ <dt><br>\r
+ <a name="aclfile"></a><code>aclfile</code> <i>\r
+ aclfile</i></dt>\r
+\r
+ <dd>\r
+ <p>Unless this option is used, the proxy talks to anyone\r
+ who can connect to it, and everyone who can has equal\r
+ permissions on where they can go. An access file allows\r
+ restrictions to be placed on these two policies, by\r
+ distinguishing some <i><dfn>source</dfn></i> IP addresses\r
+ and/or some <i><dfn>destination</dfn></i> addresses. (If a\r
+ <a href="#forwardfile">forwarder or a gateway</a> is being\r
+ used, its address is considered the destination address,\r
+ not the ultimate IP address of the URL requested.)</p>\r
+\r
+ <p><a name="permit"></a>Each line of the access file begins\r
+ with either the word <code>permit</code> or <code>\r
+ deny</code> followed by source and (optionally) destination\r
+ addresses to be matched against those of the HTTP request.\r
+ The last matching line specifies the result: if it was a\r
+ <code>deny</code> line or if no line matched, the request\r
+ will be refused.</p>\r
+\r
+ <p><a name="various"></a>A source or destination can be\r
+ specified as a single numeric IP address, or with a\r
+ hostname, provided that the host's name can be resolved to\r
+ a numeric address: this cannot be used to block all <code>\r
+ .mil</code> domains for example, because there is no single\r
+ address associated with that domain name. Either form may\r
+ be followed by a slash and an integer <code>N</code>,\r
+ specifying a subnet mask of <code>N</code> bits. For\r
+ example, <code>permit 207.153.200.72/24</code> matches the\r
+ entire Class-C subnet from 207.153.200.0 through\r
+ 207.153.200.255. (A netmask of 255.255.255.0 corresponds to\r
+ 24 bits of ones in the netmask, as with <code>\r
+ *_MASKLEN=24</code>.) A value of 16 would be used for a\r
+ Class-B subnet. A value of zero for <code>N</code> in the\r
+ subnet mask length will cause any address to match; this\r
+ can be used to express a default rule. For more information\r
+ see the example file provided with the distribution.</p>\r
+\r
+ <p><a name="false"></a>If you like these access controls\r
+ you should probably have <a href="ijbfaq.html#firewall">\r
+ firewall</a>; they are not intended to replace one.</p>\r
+ </dd>\r
+\r
+ <dt><br>\r
+ <a name="trustfile"></a><code>trustfile</code> \r
+ <i>trustfile</i></dt>\r
+\r
+ <dd>\r
+ <p>This feature is experimental, has not been fully\r
+ documented and is very subject to change. The goal is for\r
+ parents to be able to choose a page or site whose links\r
+ they regard suitable for their <a href=\r
+ "ijbfaq.html#children">young children</a> and for the proxy\r
+ to allow access only to sites mentioned there. To do this\r
+ the proxy examines the <a href="#o_r">referer</a> variable\r
+ on each page request to check they resulted from a click on\r
+ the ``trusted referer'' site: if so the referred site is\r
+ added to a list of trusted sites, so that the child can\r
+ then move around that site. There are several uncertainties\r
+ in this scheme that experience may be able to iron out;\r
+ check back in the months ahead.</p>\r
+ </dd>\r
+\r
+ <dt><br>\r
+ <a name="trust_info_url">\r
+ </a><code>trust_info_url</code> <i>\r
+ trust_info_url</i></dt>\r
+\r
+ <dd>\r
+ <p>When access is denied due to lack of a trusted referer,\r
+ this URL is displayed with a message pointing the user to\r
+ it for further information.</p>\r
+ </dd>\r
+\r
+ <dt><br>\r
+ <a name="hide-console"></a><code>hide-console</code></dt>\r
+\r
+ <dd>\r
+ <p>In the Windows command-line version only, instructs the\r
+ program to disconnect from and hide the command console\r
+ after starting.</p>\r
+ </dd>\r
+ </dl>\r
+\r
+ <h3><a name="install"></a><img border="0" src="fb.gif" alt="*"\r
+ width="14" height="14"> Installation and Use</h3>\r
+\r
+ <p>Browsers must be told where to find the <b><code>\r
+ junkbuster</code></b> (e.g. <code>localhost</code> port 8000).\r
+ To set the HTTP proxy in Netscape 3.0, go through: <b class=\r
+ "eg">Options</b>; <b class="eg">Network Preferences</b>; <b\r
+ class="eg">Proxies</b>; <b class="eg">Manual Proxy\r
+ Configuration</b>; <b class="eg">View</b>. See the <a href=\r
+ "ijbfaq.html">FAQ</a> for other browsers. The <a href=\r
+ "ijbfaq.html#security">Security Proxy</a> should also be set to\r
+ the same values, otherwise <code>shttp:</code> URLs won't\r
+ work.</p>\r
+\r
+ <p><a name="limitations"></a>Note the limitations explained in\r
+ the <a href="ijbfaq.html">FAQ</a>.</p>\r
+\r
+ <h3><a name="show"></a><img border="0" src="fb.gif" alt="*"\r
+ width="14" height="14"> Checking Options</h3>\r
+\r
+ <p>To allow users to <a href="ijbfaq.html#show">check</a> that\r
+ a <b><code>junkbuster</code></b> is running and how it is\r
+ configured, it intercepts requests for any URL ending in <code>\r
+ /show-proxy-args</code> and blocks it, returning instead\r
+ returns information on its version number and current\r
+ configuration including the contents of its blockfile. To get\r
+ an explicit warning that no <b><code>junkbuster</code></b>\r
+ intervened if the proxy was not configured, it's best to point\r
+ it to a URL that does this, such as <a href=\r
+ "http://internet.junkbuster.com/cgi-bin/show-proxy-args">\r
+ http://internet.junkbuster.com/cgi-bin/show-proxy-args</a> on\r
+ Junkbusters's website.</p>\r
+\r
+ <h3><a name="also"></a><img border="0" src="fb.gif" alt="*"\r
+ width="14" height="14"> See Also</h3>\r
+\r
+ <p><a href="ijbfaq.html">\r
+ http://www.junkbusters.com/ht/en/ijbfaq.html</a><br>\r
+ <a href="http://www.junkbusters.com/ht/en/cookies.html">\r
+ http://www.junkbusters.com/ht/en/cookies.html</a><br>\r
+ <a href=\r
+ "http://internet.junkbuster.com/cgi-bin/show-proxy-args">\r
+ http://internet.junkbuster.com/cgi-bin/show-proxy-args</a><br>\r
+ <a name="kristol"></a><a href=\r
+ "http://www.cis.ohio-state.edu/htbin/rfc/rfc2109.html">http://www.cis.ohio-state.edu/htbin/rfc/rfc2109.html</a><br>\r
+\r
+ <a name="squid"></a><a href=\r
+ "http://squid.nlanr.net/Squid/">http://squid.nlanr.net/Squid/</a><br>\r
+\r
+ <a href="http://www-math.uni-paderborn.de/~axel/">\r
+ http://www-math.uni-paderborn.de/~axel/</a></p>\r
+\r
+ <h3><a name="copyright"></a><img border="0" src="fb.gif" alt=\r
+ "*" width="14" height="14"> Copyright and GPL</h3>\r
+\r
+ <p>Written and copyright by the Anonymous Coders and\r
+ Junkbusters Corporation and made available under the <a href=\r
+ "gpl.html">GNU General Public License (GPL).</a> This software\r
+ comes with <a href="gpl.html#nowarr">NO WARRANTY.</a> Internet\r
+ Junkbuster Proxy is a <a href=\r
+ "http://www.junkbusters.com/ht/en/legal.html#marks">\r
+ trademark</a> of Junkbusters Corporation.</p>\r
+\r
+ <p align="center"><a href="#top_of_page"><img border="0" src=\r
+ "top.gif" alt="--- Back to Top of Page ---" width="250" height=\r
+ "15"></a></p>\r
+\r
+ <p class="sans"><a href="http://ijbswa.sourceforge.net/">\r
+ Website</a> <b class="dot">·</b> <b>Manual</b> <b class=\r
+ "dot">·</b> <a href="ijbfaq.html">FAQ</a> <b class=\r
+ "dot">·</b> <a href="gpl.html">GPL</a></p>\r
+\r
+ <p class="sans"><small><small><a href="gpl.html#text">\r
+ Copyright</a> © 1996-8 <a href=\r
+ "http://www.junkbusters.com/">Junkbusters</a> <a href=\r
+ "http://www.junkbusters.com/ht/en/legal.html#marks">®</a>\r
+ Corporation. <a href="gpl.html#text">Copyright</a> © 2001\r
+ <a href="http://sourceforge.net/projects/ijbswa/">Jon\r
+ Foster</a>. Copying and distribution permitted under the <a\r
+ href="gpl.html">GNU</a> General Public\r
+ License.</small></small></p>\r
+\r
+ <p><small><code><a href=\r
+ "http://sourceforge.net/projects/ijbswa/">\r
+ http://sourceforge.net/projects/ijbswa/</a></code></small></p>\r
+ </body>\r
+</html>\r
+\r