<!entity history SYSTEM "history.sgml">
<!entity copyright SYSTEM "copyright.sgml">
<!entity license SYSTEM "license.sgml">
-<!entity p-version "3.0.27">
+<!entity p-version "3.0.29">
<!entity p-status "UNRELEASED">
<!entity % p-not-stable "INCLUDE">
<!entity % p-stable "IGNORE">
<!entity my-app "<application>Privoxy</application>">
]>
<!--
- File : $Source: /cvsroot/ijbswa/current/doc/source/faq.sgml,v $
+ File : doc/source/faq.sgml
Purpose : FAQ
- This file belongs into
- ijbswa.sourceforge.net:/home/groups/i/ij/ijbswa/htdocs/
- $Id: faq.sgml,v 2.135 2017/03/27 10:22:27 fabiankeil Exp $
-
- Copyright (C) 2001-2014 Privoxy Developers https://www.privoxy.org/
+ Copyright (C) 2001-2020 Privoxy Developers https://www.privoxy.org/
See LICENSE.
Based partially on the Internet Junkbuster FAQ originally written by and
<subscript>
<!-- Completely the wrong markup, but very little is allowed -->
<!-- in this part of an article. FIXME -->
- <link linkend="copyright">Copyright</link> &my-copy; 2001-2016 by
+ <link linkend="copyright">Copyright</link> &my-copy; 2001-2020 by
<ulink url="https://www.privoxy.org/">Privoxy Developers</ulink>
</subscript>
</pubdate>
-<pubdate>$Id: faq.sgml,v 2.135 2017/03/27 10:22:27 fabiankeil Exp $</pubdate>
-
<!--
Note: this should generate a separate page, and a live link to it.
<ulink url="https://www.privoxy.org/">Privoxy</ulink>.
It is not a substitute for the
<ulink url="../user-manual/index.html"><citetitle>Privoxy User Manual</citetitle></ulink>.
-<!--
- This works, at least in some situtations:
- Test: <ulink url="privoxy-user-manual.pdf"><citetitle>User Manual</citetitle></ulink>.
--->
</para>
<!-- Include privoxy.sgml boilerplate: -->
While it is partly out of date, it's still worth reading.
</para>
<para>
- Our <ulink url="http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/TODO?view=markup">TODO list</ulink>
+ Our <ulink url="https://www.privoxy.org/gitweb/?p=privoxy.git;a=blob_plain;f=TODO;hb=HEAD">TODO list</ulink>
may be of interest to you as well.
Please let us know if you want to work on one of the items listed.
</para>
<sect3 renderas="sect4" id="donate"><title>Would you like to donate?</title>
<para>
Donations are welcome. Our
- <ulink url="http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/TODO?view=markup">TODO list</ulink>
+ <ulink url="https://www.privoxy.org/gitweb/?p=privoxy.git;a=blob_plain;f=TODO;hb=HEAD">TODO list</ulink>
is rather long and being able to pay one (or more) developers to work on Privoxy
would make a huge difference, even if it was only for a couple of weeks. Donations may
also be used for Privoxy-related travel expenses (for example to attend conferences),
</para>
<variablelist>
<varlistentry>
- <term>Gold (10000 EUR/year)</term>
+ <term>Gold (12000 USD/year)</term>
<listitem>
<para>
Logo shown at the bottom of the
</listitem>
</varlistentry>
<varlistentry>
- <term>Silver (1000 EUR/year)</term>
+ <term>Silver (1200 USD/year)</term>
<listitem>
<para>
Logo shown randomly at the bottom of the
</listitem>
</varlistentry>
<varlistentry>
- <term>Bronze (500 EUR/year)</term>
+ <term>Bronze (600 USD/year)</term>
<listitem>
<para>
Logo and link on the <ulink url="https://www.privoxy.org/sponsors/">sponsor page</ulink>.
details</ulink>. You should also flush your browser's memory and disk
cache to get rid of any cached junk items, and remove any stored
<ulink url="http://en.wikipedia.org/wiki/Browser_cookie">cookies</ulink>.
-
</para>
</sect2>
for them in the <filename>user.action</filename> file. An example for yahoo might
look like:
</para>
- <para>
<screen># Allow all cookies for Yahoo login:
#
{ -<ulink url="../user-manual/actions-file.html#CRUNCH-INCOMING-COOKIES">crunch-incoming-cookies</ulink> -<ulink url="../user-manual/actions-file.html#CRUNCH-OUTGOING-COOKIES">crunch-outgoing-cookies</ulink> -<ulink url="../user-manual/actions-file.html#SESSION-COOKIES-ONLY">session-cookies-only</ulink> }
.login.yahoo.com</screen>
- </para>
<para>
These kinds of sites are often quite complex and heavy with
<ulink url="http://en.wikipedia.org/wiki/Javascript">Javascript</ulink> and
url="../user-manual/actions-file.html#ALIASES">alias</ulink> just for such
sticky situations:
</para>
- <para>
<screen># Gmail is a _fragile_ site:
#
{ <literal>fragile</literal> }
# Gmail is ...
mail.google.com</screen>
- </para>
<para>
Be sure to flush your browser's caches whenever making these kinds of
changes, just to make sure the changes <quote>take</quote>.
should look like:
</para>
-<para>
<screen>
listen-address 192.168.1.1:8118</screen>
-</para>
<para>
Save the file, and restart <application>Privoxy</application>. Configure
all available interfaces:
</para>
-<para>
<screen>
listen-address :8118</screen>
-</para>
<para>
And then use <application>Privoxy's</application>
<para>
<![%p-newstuff;[
Yes. Version 3.0.5 introduces full <application>Windows</application> service
- functionality. See <ulink url="../user-manual/installation.html#installation-pack-win">
+ functionality. See <ulink url="../user-manual/installation.html#INSTALLATION-PACK-WIN">
the <citetitle>User Manual</citetitle></ulink> for details on how to install and configure
<application>Privoxy</application> as a service.
</para>
amount of guesswork. It is not realistic to catch all of these short of
disabling Javascript, which would break many sites. And lastly, if the
cookies are embedded in a HTTPS/SSL secure session via Javascript, they are beyond
- <application>Privoxy's</application> reach.
+ <application>Privoxy's</application> reach unless you enable
+ <ulink url="../user-manual/actions-file.html#HTTPS-INSPECTION">https-inspection</ulink>.
</para>
<para>
All in all, &my-app; can help manage cookies in general, can help minimize
To disable all cookie actions, so that cookies are allowed unrestricted,
both in and out, for <literal>example.com</literal>:
</para>
-<para>
<screen>
{ -crunch-incoming-cookies -crunch-outgoing-cookies -session-cookies-only -filter{content-cookies} }
.example.com</screen>
-</para>
<para>
Place the above in <filename>user.action</filename>. Note that some of these may
be off by default anyway, so this might be redundant, but there is no harm
can very easily over-ride <emphasis>all</emphasis> blocking with the
following very simple rule in your <filename>user.action</filename>:
</para>
- <para>
<screen>
# Unblock everybody, everywhere
{ <ulink url="../user-manual/actions-file.html#BLOCK">-block</ulink> }
/ # UN-Block *all* URLs</screen>
-</para>
<para>
Or even a more comprehensive reversing of various ad related actions:
</para>
-<para>
<screen>
# Unblock everybody, everywhere, and turn off appropriate filtering, etc
{ <ulink url="../user-manual/actions-file.html#BLOCK">-block</ulink> \
<literal>allow-popups</literal> \
}
/ # UN-Block *all* URLs and allow ads</screen>
-</para>
<para>
This last <quote>action</quote> in this compound statement,
<literal>allow-popups</literal>, is an <ulink
during upgrades. You can, however, create completely new templates,
place them in another directory and specify the alternate path in the main
<filename>config</filename>. For details, have a look at the <ulink
- url="../user-manual/config.html#templdir">templdir</ulink> option.
+ url="../user-manual/config.html#TEMPLDIR">templdir</ulink> option.
</para>
</sect2>
available as compile-time options. You should
<command>configure</command> the sources as follows:
</para>
-<para>
<screen>
./configure --disable-toggle --disable-editor --disable-force</screen>
-</para>
<para>
This will create an executable with hard-coded security features so that
&my-app; does not allow easy bypassing of blocked sites, or changing the
<ulink url="../user-manual/config.html#FORWARDING">forwarding section</ulink>
and uncomment the line:
</para>
-<para>
<screen>
# forward-socks5t / 127.0.0.1:9050 .
- </screen>
-</para>
+</screen>
<para>
Note that if you got Tor through one of the bundles, you may
have to change the port from 9050 to 9150 (or even another one).
uncomment the following forward rules, to make sure your local network is still
reachable through Privoxy:
</para>
-<para>
<screen>
# forward 192.168.*.*/ .
# forward 10.*.*.*/ .
# forward 127.*.*.*/ .
- </screen>
-</para>
+</screen>
<para>
Unencrypted connections to systems in these address ranges will
be as (un)secure as the local network is, but the alternative is
network by using their names, you will need additional exceptions
that look like this:
</para>
-<para>
<screen>
# forward localhost/ .
- </screen>
-</para>
+</screen>
<para>
Save the modified configuration file and open
<ulink url="http://config.privoxy.org/show-status">http://config.privoxy.org/show-status</ulink>
<sect2 renderas="sect3" id="ssl">
<title>How can Privoxy filter Secure (HTTPS) URLs?</title>
<para>
- Since secure HTTP connections are encrypted SSL sessions between your browser
- and the secure site, and are meant to be reliably <emphasis>secure</emphasis>,
- there is little that <application>Privoxy</application> can do but hand the raw
+ If you enable
+ <ulink url="../user-manual/actions-file.html#HTTPS-INSPECTION">https-inspection</ulink>
+ <application>Privoxy</application> will impersonate the destination
+ server and can thus filter encrypted requests and responses as well.
+</para>
+<para>
+ Without
+ <ulink url="../user-manual/actions-file.html#HTTPS-INSPECTION">https-inspection</ulink>
+ secure HTTP connections are encrypted SSL sessions between your
+ browser and the secure site, and there is little
+ that <application>Privoxy</application> can do but hand the raw
gibberish data though from one end to the other unprocessed.
</para>
<para>
for HTTPS.
</para>
<para>
- Adding HTTP/2 support is on the TODO list but currently
- nobody is known to work on it.
+ Adding HTTP/2 support is on the
+ <ulink url="https://www.privoxy.org/gitweb/?p=privoxy.git;a=blob_plain;f=TODO;hb=HEAD">TODO</ulink>
+ list but currently nobody is known to work on it.
</para>
</sect2>
your hosts list is neglected by <application>Privoxy's </application>
configuration, consider adding your list to your <filename>user.action</filename> file:
</para>
-<para>
<screen>
{ +block }
www.ad.example1.com
ad.example2.com
ads.galore.example.com
etc.example.com</screen>
-</para>
</sect2>
<sect2 renderas="sect3" id="seealso">
<para>
There are several possibilities:
</para>
-<para>
<itemizedlist>
<listitem><para>
<application>Privoxy</application> is not running. Solution: verify
try disabling or removing the firewall as a simple test.
</para></listitem>
</itemizedlist>
-</para>
</sect2>
our job a little easier. &my-app; has <quote>crunched</quote> (meaning caught
and BLOCKED) quite a few items in this example, but perhaps missed a few as well.
</para>
-<para>
<screen>
<![CDATA[
Request: www.example.com/
Request: 66.70.21.80/scripts/click.php?hid=a71b9f6504b0c5681fa5&si=Ua
]]>
</screen>
-</para>
<para>
Despite 12 out of 32 requests being blocked, the page looked, and seemed to
behave perfectly <quote>normal</quote> (minus some ads, of course).
To do that, enable logging to figure out which requests get blocked by
&my-app; and add the hosts (no path patterns) to a section like this:
</para>
-<para>
<screen>
<![CDATA[
{+redirect{http://127.0.0.1:0/} -block -limit-connect}
.ivwbox.de:443/
]]>
</screen>
-</para>
<para>
Additionally you have to configure your browser to contact
<quote>127.0.0.1:0</quote> directly (instead of through &my-app;).
this is not considered a Privoxy bug.
</para>
<para>
- To prevent the crashes you can rewrite your filter to use less ressources,
+ To prevent the crashes you can rewrite your filter to use less resources,
increase the relevant memory limit or recompile pcre to use less stack space.
For details please see the
<ulink url="http://pcre.org/original/doc/html/pcrestack.html">pcrestack man page</ulink>
</para>
</sect2>
+<sect2 renderas="sect3" id="file-permissions">
+<title>What to do if editing the config file of privoxy is access denied?</title>
+<para>
+ Your userid probably isn't allowed to edit the file.
+ <!-- show how to check permissions? -->
+ On Windows you can use the windows equivalent of sudo:
+</para>
+ <screen>runas /user:administrator "notepad \privoxy\config.txt"</screen>
+
+<para>
+ or fix the file permissions:
+</para>
+<screen>C:\Privoxy>icacls config.txt
+config.txt BUILTIN\Administrators:(I)(F)
+ NT AUTHORITY\SYSTEM:(I)(F)
+ BUILTIN\Users:(I)(RX)
+ NT AUTHORITY\Authenticated Users:(I)(M)
+
+Successfully processed 1 files; Failed processing 0 files
+
+C:\Privoxy>icacls config.txt /grant Lee:F
+processed file: config.txt
+Successfully processed 1 files; Failed processing 0 files
+
+C:\Privoxy>icacls config.txt
+config.txt I3668\Lee:(F)
+ BUILTIN\Administrators:(I)(F)
+ NT AUTHORITY\SYSTEM:(I)(F)
+ BUILTIN\Users:(I)(RX)
+ NT AUTHORITY\Authenticated Users:(I)(M)
+
+Successfully processed 1 files; Failed processing 0 files
+
+C:\Privoxy></screen>
+
+<para>
+ or try to point-n-click your way through adjusting the file
+ permissions in windows explorer.
+</para>
+</sect2>
+
</sect1>
<!-- ~~~~~ New section ~~~~~ -->