<!entity history SYSTEM "history.sgml">
<!entity copyright SYSTEM "copyright.sgml">
<!entity license SYSTEM "license.sgml">
-<!entity p-version "3.0.22">
+<!entity p-version "3.0.29">
<!entity p-status "UNRELEASED">
<!entity % p-not-stable "INCLUDE">
<!entity % p-stable "IGNORE">
<!entity my-app "<application>Privoxy</application>">
]>
<!--
- File : $Source: /cvsroot/ijbswa/current/doc/source/faq.sgml,v $
+ File : doc/source/faq.sgml
Purpose : FAQ
- This file belongs into
- ijbswa.sourceforge.net:/home/groups/i/ij/ijbswa/htdocs/
- $Id: faq.sgml,v 2.105 2014/11/28 14:26:35 fabiankeil Exp $
-
- Copyright (C) 2001-2014 Privoxy Developers http://www.privoxy.org/
+ Copyright (C) 2001-2020 Privoxy Developers https://www.privoxy.org/
See LICENSE.
Based partially on the Internet Junkbuster FAQ originally written by and
<subscript>
<!-- Completely the wrong markup, but very little is allowed -->
<!-- in this part of an article. FIXME -->
- <link linkend="copyright">Copyright</link> &my-copy; 2001-2014 by
- <ulink url="http://www.privoxy.org/">Privoxy Developers</ulink>
+ <link linkend="copyright">Copyright</link> &my-copy; 2001-2020 by
+ <ulink url="https://www.privoxy.org/">Privoxy Developers</ulink>
</subscript>
</pubdate>
-<pubdate>$Id: faq.sgml,v 2.105 2014/11/28 14:26:35 fabiankeil Exp $</pubdate>
-
<!--
Note: this should generate a separate page, and a live link to it.
]]>
<para>
This FAQ gives quick answers to frequently asked questions about
- <ulink url="http://www.privoxy.org/">Privoxy</ulink>.
+ <ulink url="https://www.privoxy.org/">Privoxy</ulink>.
It is not a substitute for the
<ulink url="../user-manual/index.html"><citetitle>Privoxy User Manual</citetitle></ulink>.
-<!--
- This works, at least in some situtations:
- Test: <ulink url="privoxy-user-manual.pdf"><citetitle>User Manual</citetitle></ulink>.
--->
</para>
<!-- Include privoxy.sgml boilerplate: -->
Please note that this document is a work in progress. This copy represents
the state at the release of version &p-version;.
You can find the latest version of the document at <ulink
- url="http://www.privoxy.org/faq/">http://www.privoxy.org/faq/</ulink>.
+ url="https://www.privoxy.org/faq/">https://www.privoxy.org/faq/</ulink>.
Please see the <link linkend="contact">Contact section</link> if you want to
contact the developers.
</para>
-<!-- <para> -->
-<!-- Feel free to send a note to the developers at <email>ijbswa-developers@lists.sourceforge.net</email>. -->
-<!-- </para> -->
</abstract>
</artheader>
</sect2>
-<sect2 renderas="sect3">
-<title id="whyprivoxy">Why <quote>Privoxy</quote>? Why change the name from
+<sect2 renderas="sect3" id="whyprivoxy">
+<title>Why <quote>Privoxy</quote>? Why change the name from
Junkbuster at all?</title>
<para>
Though outdated, Junkbusters Corporation continued to offer their original
</sect2>
<sect2 renderas="sect3" id="whatsanad">
-<title id="knows">How does Privoxy know what is
-an ad, and what is not?</title>
+<title>How does Privoxy know what is an ad, and what is not?</title>
<para>
<application>Privoxy</application>'s approach to blocking ads is twofold:
</para>
</para>
</sect2>
-<sect2 renderas="sect3">
-<title id="mistakes">Can Privoxy make mistakes?
+<sect2 renderas="sect3" id="mistakes">
+<title>Can Privoxy make mistakes?
This does not sound very scientific.</title>
<para>
Actually, it's a black art ;-) And yes, it is always possible to have a broad
</sect2>
-<sect2 renderas="sect3">
-<title id="configornot">Will I have to configure Privoxy
+<sect2 renderas="sect3" id="configornot">
+<title>Will I have to configure Privoxy
before I can use it?</title>
<para>
That depends on your expectations.
</para>
</sect2>
-<sect2 renderas="sect3" id="help-the-developers"><title id="jointeam">I would like to help you, what can I do?</title>
+<sect2 renderas="sect3" id="help-the-developers"><title>I would like to help you, what can I do?</title>
-<sect3 renderas="sect4" id="participate"><title id="jointeam-work">Would you like to participate?</title>
+<sect3 renderas="sect4" id="participate"><title>Would you like to participate?</title>
<para>
Well, we <emphasis>always</emphasis> need help. There is something for
everybody who wants to help us. We welcome new developers, packagers,
</para>
<para>
So first thing, subscribe to the <ulink
- url="https://lists.sourceforge.net/lists/listinfo/ijbswa-users">Privoxy Users</ulink>
- or the <ulink url="https://lists.sourceforge.net/lists/listinfo/ijbswa-developers">Privoxy
+ url="https://lists.privoxy.org/mailman/listinfo/privoxy-users">Privoxy Users</ulink>
+ or the <ulink url="https://lists.privoxy.org/mailman/listinfo/privoxy-devel">Privoxy
Developers</ulink> mailing list, join the discussion, help out other users, provide general
feedback or report problems you noticed.
</para>
While it is partly out of date, it's still worth reading.
</para>
<para>
- Our <ulink url="http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/TODO?view=markup">TODO list</ulink>
+ Our <ulink url="https://www.privoxy.org/gitweb/?p=privoxy.git;a=blob_plain;f=TODO;hb=HEAD">TODO list</ulink>
may be of interest to you as well.
Please let us know if you want to work on one of the items listed.
</para>
<sect3 renderas="sect4" id="donate"><title>Would you like to donate?</title>
<para>
Donations are welcome. Our
- <ulink url="http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/TODO">TODO list</ulink>
+ <ulink url="https://www.privoxy.org/gitweb/?p=privoxy.git;a=blob_plain;f=TODO;hb=HEAD">TODO list</ulink>
is rather long and being able to pay one (or more) developers to work on Privoxy
would make a huge difference, even if it was only for a couple of weeks. Donations may
also be used for Privoxy-related travel expenses (for example to attend conferences),
<para>
<application>Privoxy</application> is an associated
- project of <ulink url="http://www.spi-inc.org/">Software
+ project of <ulink url="https://www.spi-inc.org/">Software
in the Public Interest (SPI)</ulink>, which allows us to receive
- tax-deductible donations in the United States. If you want to donate through
- SPI, please use <ulink url="http://www.spi-inc.org/donations">SPI's donation page</ulink>
- to see what the options are.
+ tax-deductible donations in the United States.
+ You can <ulink url="https://www.spi-inc.org/projects/privoxy/">donate via Paypal</ulink>
+ and <ulink url="https://co.clickandpledge.com/advanced/default.aspx?wid=34115">Click & Pledge</ulink>.
+ For details, please have a look at
+ <ulink url="https://www.spi-inc.org/donations">SPI's general donation page</ulink>.
</para>
<para>
- You can also donate to Privoxy using a bank account managed by
- <ulink url="https://www.zwiebelfreunde.de/">Zwiebelfreunde e.V.</ulink>:
+ You can also donate to Privoxy using a bank account or a "Paypal" address:
</para>
<literallayout>
- Name on Account: Zwiebelfreunde e.V.
+ Name on account: <ulink url="https://www.zwiebelfreunde.de/">Zwiebelfreunde e.V.</ulink>
IBAN: DE95430609671126825604
BIC: GENODEM1GLS
Bank: GLS Bank
</literallayout>
+<literallayout>
+ "Paypal" address: privoxy@zwiebelfreunde.de
+</literallayout>
<para>
Donations made through Zwiebelfreunde e.V. are tax-deductible in Germany
and other countries that recognize German charitable clubs. Feel free to
list items you are interested in the most. For example: Max Mustermann: #16, #1, #14.
</para>
+<para>
+ Note that donations made through Zwiebelfreunde e.V. currently can't be checked
+ automatically so you may not get credited right away. The credits currently
+ reflect donations received before 2016-01-14.
+</para>
+
<para>
If you have any questions regarding donations please mail to either the
public user mailing list or, if it's a private matter, to
- <ulink url="mailto:fk@fabiankeil.de">Fabian Keil</ulink> (Privoxy's SPI liason)
+ <ulink url="mailto:fk@fabiankeil.de">Fabian Keil</ulink> (Privoxy's SPI liaison)
directly.
+</para>
</sect3>
+</sect2>
+<sect2 id="sponsor"><title>How can I become a sponsor and get my logo or link on privoxy.org?</title>
+<para>
+ We are currently offering the following sponsor levels as an experiment:
+</para>
+<variablelist>
+ <varlistentry>
+ <term>Gold (12000 USD/year)</term>
+ <listitem>
+ <para>
+ Logo shown at the bottom of the
+ <ulink url="https://www.privoxy.org/">Privoxy homepage</ulink>.
+ Logo, link and self description on the
+ <ulink url="https://www.privoxy.org/sponsors/">sponsor page</ulink>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Silver (1200 USD/year)</term>
+ <listitem>
+ <para>
+ Logo shown randomly at the bottom of the
+ <ulink url="https://www.privoxy.org/">Privoxy homepage</ulink>.
+ Logo, link and self description on the
+ <ulink url="https://www.privoxy.org/sponsors/">sponsor page</ulink>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Bronze (600 USD/year)</term>
+ <listitem>
+ <para>
+ Logo and link on the <ulink url="https://www.privoxy.org/sponsors/">sponsor page</ulink>.
+ </para>
+ </listitem>
+ </varlistentry>
+</variablelist>
+<para>
+ The logo sizes depend on the sponsor level. Logos are served from
+ our server, no requests are made to the sponsor website unless
+ the links are being used.
+</para>
+<para>
+ The details may change over time but changes will only affect new sponsors
+ (or existing sponsors that explicitly agreed to the changes).
+</para>
+<para>
+ If you want to become a sponsor, please contact
+ <ulink url="mailto:fk@fabiankeil.de">Fabian Keil</ulink>.
+ New sponsors are only accepted if no developer objects.
+</para>
</sect2>
details</ulink>. You should also flush your browser's memory and disk
cache to get rid of any cached junk items, and remove any stored
<ulink url="http://en.wikipedia.org/wiki/Browser_cookie">cookies</ulink>.
-
</para>
</sect2>
<application>Privoxy</application> is not running at all. Check the <ulink
url="../user-manual/config.html#LOGFILE">log file</ulink>. For instructions
on starting <application>Privoxy</application> and browser configuration,
- see the <ulink url="http://www.privoxy.org/user-manual/startup.html">chapter
+ see the <ulink url="https://www.privoxy.org/user-manual/startup.html">chapter
on starting <application>Privoxy</application></ulink> in the
- <ulink url="http://www.privoxy.org/user-manual/">User Manual</ulink>.
+ <ulink url="https://www.privoxy.org/user-manual/">User Manual</ulink>.
</para>
</sect2>
First, make sure that Privoxy is <emphasis>really</emphasis> running and
being used by visiting <ulink url="http://p.p/">http://p.p/</ulink>. You
should see the <application>Privoxy</application> main page. If not, see
- the <ulink url="http://www.privoxy.org/user-manual/startup.html">chapter
+ the <ulink url="https://www.privoxy.org/user-manual/startup.html">chapter
on starting <application>Privoxy</application></ulink> in the
- <ulink url="http://www.privoxy.org/user-manual/">User Manual</ulink>.
+ <ulink url="https://www.privoxy.org/user-manual/">User Manual</ulink>.
</para>
<para>
<!-- ~~~~~ New section ~~~~~ -->
<sect1 id="configuration"><title>Configuration</title>
-<sect2 renderas="sect3">
-<title id="actionsfile">What exactly is an <quote>actions</quote> file?</title>
+<sect2 renderas="sect3" id="actionsfile">
+<title>What exactly is an <quote>actions</quote> file?</title>
<para>
&my-app; utilizes the concept of <quote>
</sect2>
-<sect2 renderas="sect3">
-<title id="actconfig">How are actions files configured? What is the easiest
+<sect2 renderas="sect3" id="actconfig">
+<title>How are actions files configured? What is the easiest
way to do this?</title>
<para>
Based on your feedback and the continuing development, updates of
<filename>default.action</filename> will be
made available from time to time on the <ulink
- url="http://sourceforge.net/project/showfiles.php?group_id=11118">files section</ulink> of
- our <ulink url="http://sf.net/projects/ijbswa/">project page</ulink>.
+ url="https://sourceforge.net/project/showfiles.php?group_id=11118">files section</ulink> of
+ our <ulink url="https://sourceforge.net/projects/ijbswa/">project page</ulink>.
</para>
<para>
If you wish to receive an email notification whenever we release updates of
<application>Privoxy</application> or the actions file, <ulink
- url="http://lists.sourceforge.net/lists/listinfo/ijbswa-announce/">subscribe
- to our announce mailing list</ulink>, ijbswa-announce@lists.sourceforge.net.
+ url="https://lists.privoxy.org/mailman/listinfo/privoxy-announce">subscribe
+ to our announce mailing list</ulink>, privoxy-announce@lists.privoxy.org.
</para>
</sect2>
for them in the <filename>user.action</filename> file. An example for yahoo might
look like:
</para>
- <para>
<screen># Allow all cookies for Yahoo login:
#
{ -<ulink url="../user-manual/actions-file.html#CRUNCH-INCOMING-COOKIES">crunch-incoming-cookies</ulink> -<ulink url="../user-manual/actions-file.html#CRUNCH-OUTGOING-COOKIES">crunch-outgoing-cookies</ulink> -<ulink url="../user-manual/actions-file.html#SESSION-COOKIES-ONLY">session-cookies-only</ulink> }
.login.yahoo.com</screen>
- </para>
<para>
These kinds of sites are often quite complex and heavy with
<ulink url="http://en.wikipedia.org/wiki/Javascript">Javascript</ulink> and
url="../user-manual/actions-file.html#ALIASES">alias</ulink> just for such
sticky situations:
</para>
- <para>
<screen># Gmail is a _fragile_ site:
#
{ <literal>fragile</literal> }
# Gmail is ...
mail.google.com</screen>
- </para>
<para>
Be sure to flush your browser's caches whenever making these kinds of
changes, just to make sure the changes <quote>take</quote>.
</sect2>
-<sect2 renderas="sect3">
-<title id="filterfile">What is the <filename>default.filter</filename> file? What is a <quote>filter</quote>?</title>
+<sect2 renderas="sect3" id="filterfile">
+<title>What is the <filename>default.filter</filename> file? What is a <quote>filter</quote>?</title>
<para>
The <ulink url="../user-manual/filter-file.html"><filename>default.filter</filename></ulink>
file is where <emphasis>filters</emphasis> as supplied by the developers are defined.
<para>
If you intend to develop your own filters, you might want to have a look at
<ulink
- url="http://www.fabiankeil.de/sourcecode/pft/">Privoxy-Filter-Test</ulink>.
+ url="https://www.fabiankeil.de/sourcecode/pft/">Privoxy-Filter-Test</ulink>.
</para>
</sect2>
should look like:
</para>
-<para>
<screen>
listen-address 192.168.1.1:8118</screen>
-</para>
<para>
Save the file, and restart <application>Privoxy</application>. Configure
all available interfaces:
</para>
-<para>
<screen>
listen-address :8118</screen>
-</para>
<para>
And then use <application>Privoxy's</application>
</sect2>
-<sect2 renderas="sect3">
-<title id="noseeum">Instead of ads, now I get a checkerboard pattern. I don't want to see anything.</title>
+<sect2 renderas="sect3" id="noseeum">
+<title>Instead of ads, now I get a checkerboard pattern. I don't want to see anything.</title>
<para>
The replacement for blocked images can be controlled with the <ulink
url="../user-manual/actions-file.html#SET-IMAGE-BLOCKER"><literal>set-image-blocker</literal>
</sect2>
-<sect2 renderas="sect3">
-<title id="whyseeum">Why would anybody want to see a checkerboard pattern?</title>
+<sect2 renderas="sect3" id="whyseeum">
+<title>Why would anybody want to see a checkerboard pattern?</title>
<para>
Remember that <link linkend="whatsanad">telling which image is an ad and which
isn't</link>, is an educated guess. While we hope that the standard configuration
</sect2>
-<sect2 renderas="sect3">
-<title id="blockedbytext">I see some images being replaced with text
+<sect2 renderas="sect3" id="blockedbytext">
+<title>I see some images being replaced with text
instead of the checkerboard image. Why and how do I get rid of this?</title>
<para>
This happens when the banners are not embedded in the HTML code of the
<para>
<![%p-newstuff;[
Yes. Version 3.0.5 introduces full <application>Windows</application> service
- functionality. See <ulink url="../user-manual/installation.html#installation-pack-win">
+ functionality. See <ulink url="../user-manual/installation.html#INSTALLATION-PACK-WIN">
the <citetitle>User Manual</citetitle></ulink> for details on how to install and configure
<application>Privoxy</application> as a service.
</para>
<para>
Earlier ]]>3.x versions could run as a system service using <command>srvany.exe</command>.
See the discussion at <ulink
- url="http://sourceforge.net/tracker/?func=detail&atid=361118&aid=485617&group_id=11118">http://sourceforge.net/tracker/?func=detail&atid=361118&aid=485617&group_id=11118</ulink>,
+ url="https://sourceforge.net/tracker/?func=detail&atid=361118&aid=485617&group_id=11118">https://sourceforge.net/tracker/?func=detail&atid=361118&aid=485617&group_id=11118</ulink>,
for details, and a sample configuration.
</para>
</sect2>
<para>
For a good discussion of some of the issues involved (including privacy and
security issues), see
- <ulink url="http://sourceforge.net/tracker/?func=detail&atid=211118&aid=629518&group_id=11118">http://sourceforge.net/tracker/?func=detail&atid=211118&aid=629518&group_id=11118</ulink>.
+ <ulink url="https://sourceforge.net/tracker/?func=detail&atid=211118&aid=629518&group_id=11118">https://sourceforge.net/tracker/?func=detail&atid=211118&aid=629518&group_id=11118</ulink>.
</para>
</sect2>
amount of guesswork. It is not realistic to catch all of these short of
disabling Javascript, which would break many sites. And lastly, if the
cookies are embedded in a HTTPS/SSL secure session via Javascript, they are beyond
- <application>Privoxy's</application> reach.
+ <application>Privoxy's</application> reach unless you enable
+ <ulink url="../user-manual/actions-file.html#HTTPS-INSPECTION">https-inspection</ulink>.
</para>
<para>
All in all, &my-app; can help manage cookies in general, can help minimize
To disable all cookie actions, so that cookies are allowed unrestricted,
both in and out, for <literal>example.com</literal>:
</para>
-<para>
<screen>
{ -crunch-incoming-cookies -crunch-outgoing-cookies -session-cookies-only -filter{content-cookies} }
.example.com</screen>
-</para>
<para>
Place the above in <filename>user.action</filename>. Note that some of these may
be off by default anyway, so this might be redundant, but there is no harm
can very easily over-ride <emphasis>all</emphasis> blocking with the
following very simple rule in your <filename>user.action</filename>:
</para>
- <para>
<screen>
# Unblock everybody, everywhere
{ <ulink url="../user-manual/actions-file.html#BLOCK">-block</ulink> }
/ # UN-Block *all* URLs</screen>
-</para>
<para>
Or even a more comprehensive reversing of various ad related actions:
</para>
-<para>
<screen>
# Unblock everybody, everywhere, and turn off appropriate filtering, etc
{ <ulink url="../user-manual/actions-file.html#BLOCK">-block</ulink> \
<literal>allow-popups</literal> \
}
/ # UN-Block *all* URLs and allow ads</screen>
-</para>
<para>
This last <quote>action</quote> in this compound statement,
<literal>allow-popups</literal>, is an <ulink
during upgrades. You can, however, create completely new templates,
place them in another directory and specify the alternate path in the main
<filename>config</filename>. For details, have a look at the <ulink
- url="../user-manual/config.html#templdir">templdir</ulink> option.
+ url="../user-manual/config.html#TEMPLDIR">templdir</ulink> option.
</para>
</sect2>
available as compile-time options. You should
<command>configure</command> the sources as follows:
</para>
-<para>
<screen>
./configure --disable-toggle --disable-editor --disable-force</screen>
-</para>
<para>
This will create an executable with hard-coded security features so that
&my-app; does not allow easy bypassing of blocked sites, or changing the
<sect1 id="misc"><title>Miscellaneous</title>
-<sect2 renderas="sect3">
-<title id="slowsme">How much does Privoxy slow my browsing down? This
+<sect2 renderas="sect3" id="slowsme">
+<title>How much does Privoxy slow my browsing down? This
has to add extra time to browsing.</title>
<para>
How much of an impact depends on many things, including the CPU of the host
hence it could not be intercepted, and you have accessed the <emphasis>real</emphasis>
web site at config.privoxy.org.
</para>
+<para>
+ Note that config.privoxy.org resolves to a public IP address.
+ If you use config.privoxy.org as ping or traceroute target you will
+ reach the system on the Internet (Privoxy can't intercept ICMP requests).
+ If you want to ping the system Privoxy runs on,
+ you should use its IP address or local DNS name (if it has got one).
+</para>
</sect2>
</para>
</sect2>
-<sect2 renderas="sect3">
-<title id="anonforsure">Can Privoxy guarantee I am anonymous?</title>
+<sect2 renderas="sect3" id="anonforsure">
+<title>Can Privoxy guarantee I am anonymous?</title>
<para>
No. Your chances of remaining anonymous are improved, but unless you
<ulink url="#TOR">chain <application>Privoxy</application> with <application>Tor</application></ulink>
</sect2>
-<sect2 renderas="sect3">
-<title id="proxytest">A test site says I am not using a Proxy.</title>
+<sect2 renderas="sect3" id="proxytest">
+<title>A test site says I am not using a Proxy.</title>
<para>
Good! Actually, they are probably testing for some other kinds of proxies.
Hiding yourself completely would require additional steps.
<ulink url="../user-manual/config.html#FORWARDING">forwarding section</ulink>
and uncomment the line:
</para>
-<para>
<screen>
# forward-socks5t / 127.0.0.1:9050 .
- </screen>
-</para>
+</screen>
<para>
Note that if you got Tor through one of the bundles, you may
have to change the port from 9050 to 9150 (or even another one).
uncomment the following forward rules, to make sure your local network is still
reachable through Privoxy:
</para>
-<para>
<screen>
# forward 192.168.*.*/ .
# forward 10.*.*.*/ .
# forward 127.*.*.*/ .
- </screen>
-</para>
+</screen>
<para>
Unencrypted connections to systems in these address ranges will
be as (un)secure as the local network is, but the alternative is
network by using their names, you will need additional exceptions
that look like this:
</para>
-<para>
<screen>
# forward localhost/ .
- </screen>
-</para>
+</screen>
<para>
Save the modified configuration file and open
<ulink url="http://config.privoxy.org/show-status">http://config.privoxy.org/show-status</ulink>
</para>
</sect2>
-<sect2 renderas="sect3">
-<title id="sitebreak">Might some things break because header information or
+<sect2 renderas="sect3" id="sitebreak">
+<title>Might some things break because header information or
content is being altered?</title>
<para>
</sect2>
-<sect2 renderas="sect3">
-<title id="caching">Can Privoxy act as a <quote>caching</quote> proxy to
+<sect2 renderas="sect3" id="caching">
+<title>Can Privoxy act as a <quote>caching</quote> proxy to
speed up web browsing?</title>
<para>
No, it does not have this ability at all. You want something like
</para>
</sect2>
-<sect2 renderas="sect3">
-<title id="firewall">What about as a firewall? Can Privoxy protect me?</title>
+<sect2 renderas="sect3" id="firewall">
+<title>What about as a firewall? Can Privoxy protect me?</title>
<para>
Not in the way you mean, or in the way some firewall vendors claim they can.
<application>Privoxy</application> can help protect your privacy, but can't
</para>
</sect2>
-<sect2 renderas="sect3">
-<title id="wasted">I have large empty spaces / a checkerboard pattern now where
+<sect2 renderas="sect3" id="wasted">
+<title>I have large empty spaces / a checkerboard pattern now where
ads used to be. Why?</title>
<para>
It is technically possible to eliminate banners and ads in a way that frees
</para>
</sect2>
-<sect2 renderas="sect3">
-<title id="ssl">How can Privoxy filter Secure (HTTPS) URLs?</title>
+<sect2 renderas="sect3" id="ssl">
+<title>How can Privoxy filter Secure (HTTPS) URLs?</title>
<para>
- Since secure HTTP connections are encrypted SSL sessions between your browser
- and the secure site, and are meant to be reliably <emphasis>secure</emphasis>,
- there is little that <application>Privoxy</application> can do but hand the raw
+ If you enable
+ <ulink url="../user-manual/actions-file.html#HTTPS-INSPECTION">https-inspection</ulink>
+ <application>Privoxy</application> will impersonate the destination
+ server and can thus filter encrypted requests and responses as well.
+</para>
+<para>
+ Without
+ <ulink url="../user-manual/actions-file.html#HTTPS-INSPECTION">https-inspection</ulink>
+ secure HTTP connections are encrypted SSL sessions between your
+ browser and the secure site, and there is little
+ that <application>Privoxy</application> can do but hand the raw
gibberish data though from one end to the other unprocessed.
</para>
<para>
</sect2>
-<sect2 renderas="sect3">
-<title id="secure">Privoxy runs as a <quote>server</quote>. How
+<sect2 renderas="sect3" id="http2">
+<title>Does Privoxy support HTTP/2?</title>
+<para>
+ Privoxy currently doesn't parse HTTP/2 but applications
+ can tunnel HTTP/2 through Privoxy if Privoxy is configured
+ to allow CONNECT requests (default) which are also used
+ for HTTPS.
+</para>
+<para>
+ Adding HTTP/2 support is on the
+ <ulink url="https://www.privoxy.org/gitweb/?p=privoxy.git;a=blob_plain;f=TODO;hb=HEAD">TODO</ulink>
+ list but currently nobody is known to work on it.
+</para>
+</sect2>
+
+<sect2 renderas="sect3" id="secure">
+<title>Privoxy runs as a <quote>server</quote>. How
secure is it? Do I need to take any special precautions?</title>
<para>
On Unix-like systems, <application>Privoxy</application> can run as a non-privileged
<title>My logs show Privoxy <quote>crunches</quote>
ads, but also its own internal CGI pages. What is a <quote>crunch</quote>?</title>
<para>
- A <quote>crunch</quote> simply means <application>Privoxy</application> intercepted
+ A <quote>crunch</quote> means <application>Privoxy</application> intercepted
<emphasis>something</emphasis>, nothing more. Often this is indeed ads or
banners, but <application>Privoxy</application> uses the same mechanism for
trapping requests for its own internal pages. For instance, a request for
</sect2>
<sect2 renderas="sect3" id="downloads">
-<title>Can Privoxy effect files that I download
+<title>Can Privoxy affect files that I download
from a webserver? FTP server?</title>
<para>
From the webserver's perspective, there is no difference between
your hosts list is neglected by <application>Privoxy's </application>
configuration, consider adding your list to your <filename>user.action</filename> file:
</para>
-<para>
<screen>
{ +block }
www.ad.example1.com
ad.example2.com
ads.galore.example.com
etc.example.com</screen>
-</para>
</sect2>
<sect2 renderas="sect3" id="seealso">
</para>
<para>
Lately there have been reports of problems with some kind of
- Privoxy versions that come preinstalled on some Netbooks.
- Some of the problems described are inconsistent with the behaviour
- of official Privoxy versions, which suggests that the preinstalled
- software may contain vendor modifications that we don't know about
- and thus can't debug.
+ "parental control" software based on Privoxy that came preinstalled on
+ certain <ulink url="https://sourceforge.net/p/ijbswa/bugs/813/">ASUS Netbooks</ulink>.
+ The problems described are inconsistent with the behaviour of official
+ Privoxy versions, which suggests that the preinstalled software may
+ contain vendor modifications that we don't know about and thus can't debug.
</para>
<para>
Privoxy's <link linkend="copyright">license</link> allows vendor
<sect1 id="trouble">
<title>Troubleshooting</title>
-<sect2 renderas="sect3">
-<title id="refused">I cannot connect to any websites. Or, I am getting
+<sect2 renderas="sect3" id="refused">
+<title>I cannot connect to any websites. Or, I am getting
<quote>connection refused</quote> message with every web page. Why?</title>
<para>
There are several possibilities:
</para>
-<para>
<itemizedlist>
<listitem><para>
<application>Privoxy</application> is not running. Solution: verify
try disabling or removing the firewall as a simple test.
</para></listitem>
</itemizedlist>
-</para>
</sect2>
</para>
</sect2>
-<sect2 renderas="sect3">
-<title id="flushit">I just added a new rule, but the steenkin ad is
+<sect2 renderas="sect3" id="flushit">
+<title>I just added a new rule, but the steenkin ad is
still getting through. How?</title>
<para>
If the ad had been displayed before you added its URL, it will probably be
our job a little easier. &my-app; has <quote>crunched</quote> (meaning caught
and BLOCKED) quite a few items in this example, but perhaps missed a few as well.
</para>
-<para>
<screen>
<![CDATA[
Request: www.example.com/
Request: 66.70.21.80/scripts/click.php?hid=a71b9f6504b0c5681fa5&si=Ua
]]>
</screen>
-</para>
<para>
Despite 12 out of 32 requests being blocked, the page looked, and seemed to
behave perfectly <quote>normal</quote> (minus some ads, of course).
</sect2>
-<sect2 id="badsite" renderas="sect3">
-<title >One of my favorite sites does not work with Privoxy.
+<sect2 renderas="sect3" id="badsite">
+<title>One of my favorite sites does not work with Privoxy.
What can I do?</title>
<para>
every time I start IE. What gives?</title>
<para>
- This is a quirk that effects the installation of
+ This is a quirk that affects the installation of
<application>Privoxy</application>, in conjunction with Internet Explorer and
Internet Connection Sharing on Windows 2000 and Windows XP. The symptoms may
appear to be corrupted or invalid DUN settings, or passwords.
</para>
</sect2>
-<!-- ~~~~~ New section ~~~~~ -->
-<!-- XXX: Is this still relevant now that we have gzip support? -->
-<sect2 renderas="sect3" id="blankpage">
-<title>I get a completely blank page at one site. <quote>View Source</quote>
- shows only: <markup><![CDATA[<html><body></body></html>]]></markup>. Without
- Privoxy the page loads fine.</title>
- <para>
- Chances are that the site suffers from a bug in
- <ulink url="http://www.php.net/"><application>PHP</application></ulink>,
- which results in empty pages being sent if the client explicitly requests
- an uncompressed page, like <application>Privoxy</application> does.
- This bug has been fixed in PHP 4.2.3.
- </para>
- <para>
- To find out if this is in fact the source of the problem, try adding
- the site to a <literal>-prevent-compression</literal> section in
- <filename>user.action</filename>:
- </para>
- <screen>
- # Make exceptions for ill-behaved sites:
- #
- {-prevent-compression}
- .example.com</screen>
- <para>
- If that works, you may also want to report the problem to the
- site's webmasters, telling them to use zlib.output_compression
- instead of ob_gzhandler in their PHP applications (workaround)
- or upgrade to PHP 4.2.3 or later (fix).
- </para>
-</sect2>
-
<sect2 renderas="sect3" id="nohostname">
<title>My logs show many <quote>Unable to get my own hostname</quote> lines.
Why?</title>
<para>
Upgrading <application>Privoxy</application>, or going to the most recent
<filename>default.action</filename> file available from <ulink
- url="http://sourceforge.net/project/showfiles.php?group_id=11118">SourceForge</ulink>
+ url="https://sourceforge.net/project/showfiles.php?group_id=11118">SourceForge</ulink>
might be worth a try, too.
</para>
</sect2>
To do that, enable logging to figure out which requests get blocked by
&my-app; and add the hosts (no path patterns) to a section like this:
</para>
-<para>
<screen>
<![CDATA[
{+redirect{http://127.0.0.1:0/} -block -limit-connect}
.ivwbox.de:443/
]]>
</screen>
-</para>
<para>
Additionally you have to configure your browser to contact
<quote>127.0.0.1:0</quote> directly (instead of through &my-app;).
</para>
</sect2>
+<sect2 renderas="sect3" id="tainted-sockets">
+<title>What are tainted sockets and how do I prevent them?</title>
+<para>
+ &my-app; marks sockets as tainted when it can't use them to
+ serve additional requests.
+ This does not necessarily mean that something went wrong and
+ information about tainted sockets is only logged if connection
+ debugging is enabled (debug 2).
+</para>
+<para>
+ For example server sockets that were used for CONNECT requests
+ (which are used to tunnel https:// requests) are considered tainted
+ once the client closed its connection to &my-app;.
+ Technically &my-app; could keep the connection to the server open,
+ but the server would not accept requests that do not belong to the
+ previous TLS/SSL session (and the client may even have terminated
+ the session).
+</para>
+<para>
+ Server sockets are also marked tainted when a client requests a
+ resource, but closes the connection before &my-app; has completely
+ received (and forwarded) the resource to the client.
+ In this case the server would (probably) accept additional requests,
+ but &my-app; could not get the response without completely reading
+ the leftovers from the previous response.
+</para>
+<para>
+ These are just two examples, there are currently a bit more than
+ 25 scenarios in which a socket is considered tainted.
+</para>
+<para>
+ While sockets can also be marked tainted as a result of a technical
+ problem that may be worth fixing, the problem will be explicitly
+ logged as error.
+</para>
+</sect2>
+
+<sect2 renderas="sect3" id="pcre-stack-limit">
+<title>After adding my custom filters, &my-app; crashes when visitting certain websites</title>
+<para>
+ This can happen if your custom filters require more memory than &my-app;
+ is allowed to use.
+ Usually the problem is that the operating system enforces a stack size limit
+ that isn't sufficient.
+</para>
+<para>
+ Unless the problem occurs with the filters available in the default configuration,
+ this is not considered a Privoxy bug.
+</para>
+<para>
+ To prevent the crashes you can rewrite your filter to use less resources,
+ increase the relevant memory limit or recompile pcre to use less stack space.
+ For details please see the
+ <ulink url="http://pcre.org/original/doc/html/pcrestack.html">pcrestack man page</ulink>
+ and the documentation of your operating system.
+</para>
+</sect2>
+
+<sect2 renderas="sect3" id="file-permissions">
+<title>What to do if editing the config file of privoxy is access denied?</title>
+<para>
+ Your userid probably isn't allowed to edit the file.
+ <!-- show how to check permissions? -->
+ On Windows you can use the windows equivalent of sudo:
+</para>
+ <screen>runas /user:administrator "notepad \privoxy\config.txt"</screen>
+
+<para>
+ or fix the file permissions:
+</para>
+<screen>C:\Privoxy>icacls config.txt
+config.txt BUILTIN\Administrators:(I)(F)
+ NT AUTHORITY\SYSTEM:(I)(F)
+ BUILTIN\Users:(I)(RX)
+ NT AUTHORITY\Authenticated Users:(I)(M)
+
+Successfully processed 1 files; Failed processing 0 files
+
+C:\Privoxy>icacls config.txt /grant Lee:F
+processed file: config.txt
+Successfully processed 1 files; Failed processing 0 files
+
+C:\Privoxy>icacls config.txt
+config.txt I3668\Lee:(F)
+ BUILTIN\Administrators:(I)(F)
+ NT AUTHORITY\SYSTEM:(I)(F)
+ BUILTIN\Users:(I)(RX)
+ NT AUTHORITY\Authenticated Users:(I)(M)
+
+Successfully processed 1 files; Failed processing 0 files
+
+C:\Privoxy></screen>
+
+<para>
+ or try to point-n-click your way through adjusting the file
+ permissions in windows explorer.
+</para>
+</sect2>
</sect1>