Purpose : Used with other docs and files only.
- $Id: p-config.sgml,v 2.87 2012/10/21 13:02:01 fabiankeil Exp $
+ $Id: p-config.sgml,v 2.102 2013/10/30 14:30:24 fabiankeil Exp $
Copyright (C) 2001-2011 Privoxy Developers http://www.privoxy.org/
See LICENSE.
<sect1 id="config">
<title>
@@TITLE<!-- between the @@ is stripped by Makefile -->@@
- Sample Configuration File for Privoxy v&p-version;
+ Sample Configuration File for Privoxy &p-version;
</title>
<para>
- $Id: p-config.sgml,v 2.87 2012/10/21 13:02:01 fabiankeil Exp $
+ $Id: p-config.sgml,v 2.102 2013/10/30 14:30:24 fabiankeil Exp $
</para>
<para>
-Copyright (C) 2001-2011 Privoxy Developers http://www.privoxy.org/
+Copyright (C) 2001-2013 Privoxy Developers http://www.privoxy.org/
</para>
<para>
3. DEBUGGING #
4. ACCESS CONTROL AND SECURITY #
5. FORWARDING #
- 6. WINDOWS GUI OPTIONS #
+ 6. MISCELLANEOUS #
+ 7. WINDOWS GUI OPTIONS #
#
#################################################################
</literallayout>
<para>
No trailing <quote><literal>/</literal></quote>, please.
</para>
- <!--
- This is really outdated and not likely to happen. HB 09/20/06
- <para>
- When development goes modular and multi-user, the blocker, filter, and
- per-user config will be stored in subdirectories of <quote>confdir</quote>.
- For now, the configuration directory structure is flat, except for
- <filename>confdir/templates</filename>, where the HTML templates for CGI
- output reside (e.g. <application>Privoxy's</application> 404 error page).
- </para>
- -->
</listitem>
</varlistentry>
</variablelist>
<varlistentry>
<term>Type of value:</term>
<listitem>
- <para><emphasis>None</emphasis></para>
+ <para><emphasis>1 or 0</emphasis></para>
</listitem>
</varlistentry>
<varlistentry>
<term>Default value:</term>
<listitem>
- <para><emphasis>Unset</emphasis></para>
+ <para><emphasis>0</emphasis></para>
</listitem>
</varlistentry>
<varlistentry>
</varlistentry>
</variablelist>
-<![%config-file;[<literallayout>@@#single-threaded</literallayout>]]>
+<![%config-file;[<literallayout>@@#single-threaded 1</literallayout>]]>
</sect3>
<!-- ~~~~~ New section ~~~~~ -->
<quote>toggled off</quote> mode, i.e. mostly behave like a normal,
content-neutral proxy with both ad blocking and content filtering
disabled. See <literal>enable-remote-toggle</literal> below.
-<!--
- This is not really useful
- anymore, since toggling is much easier via <ulink
- url="http://config.privoxy.org/toggle">the web interface</ulink> than via
- editing the <filename>conf</filename> file.
-
- Remote toggling is now disabled by default. fk 2007-11-07)
--->
- </para>
- <para>
- The windows version will only display the toggle icon in the system tray
- if this option is present.
</para>
</listitem>
</varlistentry>
<![%config-file;[<literallayout>@@buffer-limit 4096</literallayout>]]>
</sect3>
+<!-- ~~~~~ New section ~~~~~ -->
+<sect3 renderas="sect4" id="enable-proxy-authentication-forwarding"><title>enable-proxy-authentication-forwarding</title>
+<variablelist>
+ <varlistentry>
+ <term>Specifies:</term>
+ <listitem>
+ <para>
+ Whether or not proxy authentication through &my-app; should work.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Type of value:</term>
+ <listitem>
+ <para>0 or 1</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Default value:</term>
+ <listitem>
+ <para>0</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Effect if unset:</term>
+ <listitem>
+ <para>
+ Proxy authentication headers are removed.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ Privoxy itself does not support proxy authentication, but can
+ allow clients to authenticate against Privoxy's parent proxy.
+ </para>
+ <para>
+ By default Privoxy (3.0.21 and later) don't do that and remove
+ Proxy-Authorization headers in requests and Proxy-Authenticate
+ headers in responses to make it harder for malicious sites to
+ trick inexperienced users into providing login information.
+ </para>
+ <para>
+ If this option is enabled the headers are forwarded.
+ </para>
+ <para>
+ Enabling this option is <emphasis>not recommended</emphasis> if there is
+ no parent proxy that requires authentication or if the local network between
+ Privoxy and the parent proxy isn't trustworthy. If proxy authentication is
+ only required for some requests, it is recommended to use a client header filter
+ to remove the authentication headers for requests where they aren't needed.
+ </para>
+ </listitem>
+ </varlistentry>
+</variablelist>
+
+<![%config-file;[<literallayout>@@enable-proxy-authentication-forwarding 0</literallayout>]]>
+</sect3>
+
</sect2>
<!-- ~ End section ~ -->
<!-- ~~~~~ New section ~~~~~ -->
<sect3 renderas="sect4" id="socks"><title>
-forward-socks4, forward-socks4a and forward-socks5</title>
+forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t</title>
<anchor id="forward-socks4">
<anchor id="forward-socks4a">
<para>
With <literal>forward-socks5</literal> the DNS resolution will happen on the remote server as well.
</para>
+ <para>
+ <literal>forward-socks5t</literal> works like vanilla <literal>forward-socks5</literal> but
+ lets &my-app; additionally use Tor-specific SOCKS extensions. Currently the only supported
+ SOCKS extension is optimistic data which can reduce the latency for the first request made
+ on a newly created connection.
+ </para>
<para>
<replaceable class="parameter">socks_proxy</replaceable> and
<replaceable class="parameter">http_parent</replaceable> can be a
option and configure your packet filter to redirect outgoing
HTTP connections into <application>Privoxy</application>.
</para>
+ <para>
+ Note that intercepting encrypted connections (HTTPS) isn't supported.
+ </para>
<para>
Make sure that <application>Privoxy's</application> own requests
aren't redirected as well. Additionally take care that
that improves performance mainly depends on the client configuration.
</para>
<para>
- This options is new and should be considered experimental.
+ If you are seeing problems with pages not properly loading,
+ disabling this option could work around the problem.
</para>
</listitem>
</varlistentry>
</listitem>
</varlistentry>
</variablelist>
-<![%config-file;[<literallayout>@@#tolerate-pipelining 1</literallayout>]]>
+<![%config-file;[<literallayout>@@tolerate-pipelining 1</literallayout>]]>
</sect3>
<varlistentry>
<term>Default value:</term>
<listitem>
- <para>None</para>
+ <para>128</para>
</listitem>
</varlistentry>
<varlistentry>
Obviously using this option only makes sense if you choose a limit
below the one enforced by the operating system.
</para>
+ <para>
+ One most POSIX-compliant systems &my-app; can't properly deal with
+ more than FD_SETSIZE file descriptors at the same time and has to reject
+ connections if the limit is reached. This will likely change in a
+ future version, but currently this limit can't be increased without
+ recompiling &my-app; with a different FD_SETSIZE limit.
+ </para>
</listitem>
</varlistentry>
<varlistentry>
</varlistentry>
</variablelist>
<![%config-file;[<literallayout>@@#client-header-order Host \
-# User-Agent \
-# Accept \
-# Accept-Language \
-# Accept-Encoding \
-# Proxy-Connection,\
-# Referer,Cookie \
-# If-Modified-Since \
-# Cache-Control \
-# Content-Length \
-# Content-Type
+ User-Agent \
+ Accept \
+ Accept-Language \
+ Accept-Encoding \
+ Proxy-Connection \
+ Referer \
+ Cookie \
+ DNT \
+ If-Modified-Since \
+ Cache-Control \
+ Content-Length \
+ Content-Type
</literallayout>]]>
</sect3>