Purpose : Used with other docs and files only.
- $Id: p-config.sgml,v 2.20 2007/11/07 11:36:53 hal9 Exp $
+ $Id: p-config.sgml,v 2.27 2008/01/17 01:49:51 hal9 Exp $
- Copyright (C) 2001-2007 Privoxy Developers http://www.privoxy.org/
+ Copyright (C) 2001-2008 Privoxy Developers http://www.privoxy.org/
See LICENSE.
========================================================================
Sample Configuration File for Privoxy v&p-version;
</title>
<para>
- $Id: p-config.sgml,v 2.20 2007/11/07 11:36:53 hal9 Exp $
+ $Id: p-config.sgml,v 2.27 2008/01/17 01:49:51 hal9 Exp $
</para>
<para>
-Copyright (C) 2001-2007 Privoxy Developers http://www.privoxy.org/
+Copyright (C) 2001-2008 Privoxy Developers http://www.privoxy.org/
</para>
<para>
<listitem>
<para>
The value of this option only matters if the experimental trust mechanism has been
- activated. (See <link linkend="trustfile"><emphasis>trustfile</emphasis></link> above.)
+ activated. (See <link linkend="trustfile"><emphasis>trustfile</emphasis></link> below.)
</para>
<para>
If you use the trust mechanism, it is a good idea to write up some on-line
<varlistentry>
<term>Specifies:</term>
<listitem>
- <para>The directory where the other configuration files are located</para>
+ <para>The directory where the other configuration files are located.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Notes:</term>
<listitem>
<para>
- No trailing <quote><literal>/</literal></quote>, please
+ No trailing <quote><literal>/</literal></quote>, please.
</para>
<!--
This is really outdated and not likely to happen. HB 09/20/06
<varlistentry>
<term>Specifies:</term>
<listitem>
- <para>An alternative directory where the templates are loaded from</para>
+ <para>An alternative directory where the templates are loaded from.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Notes:</term>
<listitem>
<para>
- Privoxy's original templates are usually overwritten
- with each update. Use this option to relocate customized templates
- that should be kept. Note that template variables might change
- between updates and templates are not guaranteed to work with
+ <application>Privoxy's</application> original templates are usually
+ overwritten with each update. Use this option to relocate customized
+ templates that should be kept. As template variables might change
+ between updates, you shouldn't expect templates to work with
<application>Privoxy</application> releases other than the one
- they were part of.
+ they were part of, though.
</para>
</listitem>
</varlistentry>
<term>Specifies:</term>
<listitem>
<para>
- The directory where all logging takes place (i.e. where <filename>logfile</filename> and
- <filename>jarfile</filename> are located)
+ The directory where all logging takes place
+ (i.e. where <filename>logfile</filename> and
+ <filename>jarfile</filename> are located).
</para>
</listitem>
</varlistentry>
<term>Notes:</term>
<listitem>
<para>
- No trailing <quote><literal>/</literal></quote>, please
+ No trailing <quote><literal>/</literal></quote>, please.
</para>
</listitem>
</varlistentry>
Multiple <literal>actionsfile</literal> lines are permitted, and are in fact recommended!
</para>
<para>
- The default values include standard.action, which is used for internal
- purposes and should be loaded, default.action, which is the
- <quote>main</quote> actions file maintained by the developers, and
+ The default values include <filename>standard.action</filename>, which is used
+ for internal purposes and should be loaded, <filename>default.action</filename>,
+ which is the <quote>main</quote> actions file maintained by the developers, and
<filename>user.action</filename>, where you can make your personal additions.
</para>
<para>
- Actions files are where all the per site and per URL configuration is done for
+ Actions files contain all the per site and per URL configuration for
ad blocking, cookie management, privacy considerations, etc.
There is no point in using <application>Privoxy</application> without at
least one actions file.
<varlistentry>
<term>Default value:</term>
<listitem>
- <para><emphasis>Unset (commented out)</emphasis>. When activated: logfile (Unix) <emphasis>or</emphasis> privoxy.log (Windows)</para>
+ <para><emphasis>Unset (commented out)</emphasis>. When activated: logfile (Unix) <emphasis>or</emphasis> privoxy.log (Windows).</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Effect if unset:</term>
<listitem>
<para>
- Logging is disabled unless <literal>--no-daemon</literal> mode is used.
+ No logfile is written.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Notes:</term>
<listitem>
- <!--
- removed per bug report 688728 02/20/03 HB
-
- <para>
- The windows version will additionally log to the console.
- </para>
- -->
<para>
The logfile is where all logging and error messages are written. The level
of detail and number of messages are set with the <literal>debug</literal>
is doing.
</para>
<para>
- Many users will never look at it, however, and it's a privacy risk
- if third parties can get access to it. It is therefore disabled by
- default in <application>Privoxy</application> 3.0.7 and later.
- </para>
- <para>
- For troubleshooting purposes, you will have to explicitly enable it.
- Please don't file any support requests without trying to reproduce
- the problem with logging enabled first. Once you read the log messages,
- you may even be able to solve the problem on your own.
+ Depending on the debug options below, the logfile may be a privacy risk
+ if third parties can get access to it. As most users will never look
+ at it, <application>Privoxy</application> 3.0.7 and later only log fatal
+ errors by default.
+ </para>
+ <para>
+ For most troubleshooting purposes, you will have to change that,
+ please refer to the debugging section for details.
</para>
<para>
Your logfile will grow indefinitely, and you will probably want to
(see <quote>man cron</quote>). For Red Hat based Linux distributions, a
<command>logrotate</command> script has been included.
</para>
-<!--
-No one cares enough about SuSE to build privoxy packages,
-so most Privoxy users seem to use different platforms and
-are thus unlikely to care about these instructions.
-It's also questionable if they still work.
-fk 2007-11-07
- <para>
- On SuSE Linux systems, you can place a line like <quote>/var/log/privoxy.*
- +1024k 644 nobody.nogroup</quote> in <filename>/etc/logfiles</filename>, with
- the effect that cron.daily will automatically archive, gzip, and empty the
- log, when it exceeds 1M size.
- </para>
--->
<para>
Any log files must be writable by whatever user <application>Privoxy</application>
is being run as (on Unix, default user id is <quote>privoxy</quote>).
</varlistentry>
</variablelist>
-<![%config-file;[<literallayout>@@#logfile logfile</literallayout>]]>
+<![%config-file;[<literallayout>@@logfile logfile</literallayout>]]>
</sect3>
<varlistentry>
<term>Default value:</term>
<listitem>
- <para><emphasis>Unset (commented out)</emphasis>. When activated: jarfile (Unix) <emphasis>or</emphasis> privoxy.jar (Windows)</para>
+ <para><emphasis>Unset (commented out)</emphasis>. When activated: jarfile (Unix) <emphasis>or</emphasis> privoxy.jar (Windows).</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Specifies:</term>
<listitem>
<para>
- Key values that determine what information gets logged to the
- <link linkend="logfile"><emphasis>logfile</emphasis></link>.
+ Key values that determine what information gets logged.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Default value:</term>
<listitem>
- <para>12289 (i.e.: URLs plus informational and warning messages)</para>
+ <para>0 (i.e.: only fatal errors (that cause Privoxy to exit) are logged)</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Effect if unset:</term>
<listitem>
<para>
- Nothing gets logged.
+ Default value is used (see above).
</para>
</listitem>
</varlistentry>
</para>
<para>
<programlisting>
- debug 1 # show each GET/POST/CONNECT request
+ debug 1 # log each request destination (and the crunch reason if &my-app; intercepted the request)
debug 2 # show each connection status
debug 4 # show I/O status
debug 8 # show header parsing
</para>
<para>
A debug level of 1 is informative because it will show you each request
- as it happens. <emphasis>1, 4096 and 8192 are highly recommended</emphasis>
- so that you will notice when things go wrong. The other levels are probably
- only of interest if you are hunting down a specific problem. They can produce
- a hell of an output (especially 16).
+ as it happens. <emphasis>1, 4096 and 8192 are recommended</emphasis>
+ so that you will notice when things go wrong. The other levels are
+ probably only of interest if you are hunting down a specific problem.
+ They can produce a hell of an output (especially 16).
<!-- LOL -->
</para>
<para>
- The reporting of <emphasis>fatal</emphasis> errors (i.e. ones which causes
- <application>Privoxy</application> to exit) is always on and cannot be disabled.
+ &my-app; used to ship with the debug levels recommended above enabled by
+ default, but due to privacy concerns 3.0.7 and later are configured to
+ only log fatal errors.
</para>
<para>
- If you want to use CLF (Common Log Format), you should set <quote>debug
+ If you are used to the more verbose settings, simply enable the debug lines
+ below again.
+ </para>
+ <para>
+ If you want to use pure CLF (Common Log Format), you should set <quote>debug
512</quote> <emphasis>ONLY</emphasis> and not enable anything else.
</para>
<para>
length of log messages. If it's reached, messages are logged truncated
and marked with <quote>... [too long, truncated]</quote>.
</para>
+ <para>
+ Please don't file any support requests without trying to reproduce
+ the problem with increased debug level first. Once you read the log
+ messages, you may even be able to solve the problem on your own.
+ </para>
</listitem>
</varlistentry>
</variablelist>
-<![%config-file;[<literallayout>@@debug 1 # show each GET/POST/CONNECT request</literallayout>]]>
-<![%config-file;[<literallayout>@@debug 4096 # Startup banner and warnings</literallayout>]]>
-<![%config-file;[<literallayout>@@debug 8192 # Errors - *we highly recommended enabling this*</literallayout>]]>
+<![%config-file;[<literallayout>@@#debug 1 # log each request destination (and the crunch reason if &my-app; intercepted the request)</literallayout>]]>
+<![%config-file;[<literallayout>@@#debug 4096 # Startup banner and warnings</literallayout>]]>
+<![%config-file;[<literallayout>@@#debug 8192 # Non-fatal errors</literallayout>]]>
</sect3>
<term>Specifies:</term>
<listitem>
<para>
- Whether to run only one server thread
+ Whether to run only one server thread.
</para>
</listitem>
</varlistentry>
<term>Notes:</term>
<listitem>
<para>
- This option is only there for debugging purposes and you should never
- need to use it. <emphasis>It will drastically reduce performance.</emphasis>
+ This option is only there for debugging purposes.
+ <emphasis>It will drastically reduce performance.</emphasis>
</para>
</listitem>
</varlistentry>
</para>
<para>
As a lot of <application>Privoxy</application> users don't read
- documentation, this feature has been disabled by default.
+ documentation, this feature is disabled by default.
</para>
<para>
Note that you must have compiled <application>Privoxy</application> with
side code (e.g Java) is also capable of using this feature.
</para>
<para>
- This option may be removed in future releases as it has been obsoleted
+ This option will be removed in future releases as it has been obsoleted
by the more general header taggers.
</para>
</listitem>
</para>
<para>
This option is <emphasis>not recommended</emphasis> for environments
- with untrusted users and is therefore disabled by default.
+ with untrusted users and as a lot of <application>Privoxy</application>
+ users don't read documentation, this feature is disabled by default.
</para>
<para>
Note that malicious client side code (e.g Java) is also
this options unless you understand the consequences and are
sure your browser is configured correctly.
</para>
- <para>
- As a lot of <application>Privoxy</application> users don't read
- documentation, this feature has been disabled by default.
- </para>
<para>
Note that you must have compiled <application>Privoxy</application> with
support for this feature, otherwise this option has no effect.
option.
</para>
<para>
- Please see the warnings in the FAQ that this proxy is not intended to be a substitute
- for a firewall or to encourage anyone to defer addressing basic security
- weaknesses.
+ Please see the warnings in the FAQ that <application>Privoxy</application>
+ is not intended to be a substitute for a firewall or to encourage anyone
+ to defer addressing basic security weaknesses.
</para>
<para>
Multiple ACL lines are OK.
</para>
<para>
<screen>
- forward / caching-proxy.example-isp.net:8000
- forward .example-isp.net .
+ forward / caching-proxy.isp.example.net:8000
+ forward .isp.example.net .
</screen>
</para>
</listitem>
<!-- ~~~~~ New section ~~~~~ -->
<sect3 renderas="sect4" id="socks"><title>
-forward-socks4 and forward-socks4a</title>
+forward-socks4, forward-socks4a and forward-socks5</title>
<anchor id="forward-socks4">
<anchor id="forward-socks4a">
<replaceable class="parameter">http_parent</replaceable>[:<replaceable class="parameter">port</replaceable>]
</para>
<para>
- where <replaceable class="parameter">target_pattern</replaceable> is a <link linkend="af-patterns">URL pattern</link>
- that specifies to which requests (i.e. URLs) this forward rule shall apply. Use <literal>/</literal> to
- denote <quote>all URLs</quote>.
- <replaceable class="parameter">http_parent</replaceable> and <replaceable class="parameter">socks_proxy</replaceable>
- are IP addresses in dotted decimal notation or valid DNS names (<replaceable class="parameter">http_parent</replaceable>
+ where <replaceable class="parameter">target_pattern</replaceable> is a
+ <link linkend="af-patterns">URL pattern</link> that specifies to which
+ requests (i.e. URLs) this forward rule shall apply. Use <literal>/</literal> to
+ denote <quote>all URLs</quote>. <replaceable class="parameter">http_parent</replaceable>
+ and <replaceable class="parameter">socks_proxy</replaceable>
+ are IP addresses in dotted decimal notation or valid DNS names
+ (<replaceable class="parameter">http_parent</replaceable>
may be <quote>.</quote> to denote <quote>no HTTP forwarding</quote>), and the optional
- <replaceable class="parameter">port</replaceable> parameters are TCP ports, i.e. integer values from 1 to 64535
+ <replaceable class="parameter">port</replaceable> parameters are TCP ports,
+ i.e. integer values from 1 to 65535
</para>
</listitem>
</varlistentry>
is that in the SOCKS 4A protocol, the DNS resolution of the target hostname happens on the SOCKS
server, while in SOCKS 4 it happens locally.
</para>
+ <para>
+ With <literal>forward-socks5</literal> the DNS resolution will happen on the remote server as well.
+ </para>
<para>
If <replaceable class="parameter">http_parent</replaceable> is <quote>.</quote>, then requests are not
forwarded to another HTTP proxy but are made (HTTP-wise) directly to the web servers, albeit through
</para>
<para>
<screen>
- forward-socks4a / socks-gw.example.com:1080 www-cache.example-isp.net:8080
+ forward-socks4a / socks-gw.example.com:1080 www-cache.isp.example.net:8080
forward .example.com .
</screen>
</para>
</para>
<para>
- To chain Privoxy and Tor, both running on the same system, you should use
- the rule:
+ To chain Privoxy and Tor, both running on the same system, you would use
+ something like:
</para>
<para>
<screen>
Unencrypted connections to systems in these address ranges will
be as (un)secure as the local network is, but the alternative is that you
can't reach the local network through <application>Privoxy</application>
- at all.
+ at all. Of course this may actually be desired and there is no reason
+ to make these exceptions if you aren't sure you need them.
</para>
<para>
If you also want to be able to reach servers in your local network by
</para>
<para>
- Assume that host-a has a PPP connection to isp-a.net. And host-b has a PPP connection to
- isp-b.net. Both run <application>Privoxy</application>. Their forwarding
+ Assume that host-a has a PPP connection to isp-a.example.net. And host-b has a PPP connection to
+ isp-b.example.org. Both run <application>Privoxy</application>. Their forwarding
configuration can look like this:
</para>
<para>
<screen>
forward / .
- forward .isp-b.net host-b:8118
+ forward .isp-b.example.net host-b:8118
</screen>
</para>
<para>
<screen>
forward / .
- forward .isp-a.net host-a:8118
+ forward .isp-a.example.org host-a:8118
</screen>
</para>
<para>
If you intend to chain <application>Privoxy</application> and
- <application>squid</application> locally, then chain as
+ <application>squid</application> locally, then chaining as
<literal>browser -> squid -> privoxy</literal> is the recommended way.
</para>
</para>
<para>
- You could just as well decide to only forward requests for Windows executables through
- a virus-scanning parent proxy, say, on <literal>antivir.example.com</literal>, port 8010:
+ You could just as well decide to only forward requests you suspect
+ of leading to Windows executables through a virus-scanning parent proxy,
+ say, on <literal>antivir.example.com</literal>, port 8010:
</para>
<para>
<application>Privoxy's</application> CGI forms can lead to
rather long URLs. This isn't a problem as far as the HTTP
standard is concerned, but it can confuse clients with arbitrary
- URL lenght limitations.
+ URL length limitations.
</para>
<para>
Enabling split-large-forms causes <application>Privoxy</application>
- to devide big forms into smaller ones to keep the URL length down.
+ to divide big forms into smaller ones to keep the URL length down.
It makes editing a lot less convenient and you can no longer
submit all changes at once, but at least it works around this
browser bug.
<para>
The <quote>hide-console</quote> option is specific to the MS-Win console
version of <application>Privoxy</application>. If this option is used,
- <application>Privoxy</application> will disconnect from and hide the
+ <application>Privoxy</application> will disconnect from and hide the
command console.
</para>