Purpose : Used with other docs and files only.
- $Id: p-config.sgml,v 1.1.2.3 2002/05/31 02:56:25 hal9 Exp $
+ $Id: p-config.sgml,v 2.3 2002/10/09 01:45:05 hal9 Exp $
Copyright (C) 2001, 2002 Privoxy Developers <developers@privoxy.org>
See LICENSE.
Sample Configuration File for Privoxy v&p-version;
</title>
<para>
-Copyright (C) 2001, 2002 Privoxy Developers http://privoxy.org
+ $Id: p-config.sgml,v 2.3 2002/10/09 01:45:05 hal9 Exp $
</para>
<para>
-$Id: p-config.sgml,v 1.1.2.3 2002/05/31 02:56:25 hal9 Exp $
+Copyright (C) 2001, 2002 Privoxy Developers http://privoxy.org
</para>
<para>
<varlistentry>
<term>Notes:</term>
<listitem>
+<!-- HB removed per bug report 688728 02/20/03
+
<para>
The windows version will additionally log to the console.
</para>
+-->
<para>
The logfile is where all logging and error messages are written. The level
of detail and number of messages are set with the <literal>debug</literal>
</para>
<para>
If you specify a trust file, <application>Privoxy</application> will only allow
- access to sites that are named in the trustfile.
- You can also mark sites as trusted referrers (with <literal>+</literal>), with
- the effect that access to untrusted sites will be granted, if a link from a
- trusted referrer was used.
- The link target will then be added to the <quote>trustfile</quote>.
- Possible applications include limiting Internet access for children.
+ access to sites that are specified in the trustfile. Sites can be listed
+ in one of two ways:
+ </para>
+ <para>
+ Prepending a <literal>~</literal> character limits access to this site
+ only (and any sub-paths within this site), e.g.
+ <literal>~www.example.com</literal>.
+ </para>
+ <para>
+ Or, you can designate sites as <emphasis>trusted referrers</emphasis>, by
+ prepending the name with a <literal>+</literal> character. The effect is that
+ access to untrusted sites will be granted -- but only if a link from this
+ trusted referrer was used. The link target will then be added to the
+ <quote>trustfile</quote> so that future, direct accesses will be granted.
+ Sites added via this mechanism do not become trusted referrers themselves
+ (i.e. they are added with a <literal>~</literal> designation).
+ </para>
+ <para>
+ If you use the <literal>+</literal> operator in the trust file, it may grow
+ considerably over time.
</para>
<para>
- If you use <literal>+</literal> operator in the trust file, it may grow considerably over time.
+ It is recommended that <application>Privoxy</application> be compiled with
+ the <literal>--disable-force</literal>, <literal>--disable-toggle</literal> and
+ <literal> --disable-editor</literal> options, if this feature is to be
+ used.
+ </para>
+ <para>
+ Possible applications include limiting Internet access for children.
</para>
</listitem>
</varlistentry>
<para>
Examples:
</para>
+ <!-- The below needs checking after a rebuild due to long file names -->
<para>
Unix, in local filesystem:
</para>
<para>
- <screen>user-manual file:///usr/share/doc/privoxy-&p-version;/user-manual/</screen>
+ <screen> user-manual file:///usr/share/doc/privoxy-&p-version;/user-manual/index.html</screen>
+ </para>
+ <para>
+ Windows, in local filesystem, <emphasis>must</emphasis> use forward slash notation, and <literal>%20</literal> to denote
+ spaces in path names:
+ </para>
+ <para>
+ <screen> user-manual file:///c:/some%20dir/privoxy/user-manual/index.html</screen>
+ </para>
+ <para>
+ Windows, UNC notation (forward slashes required again):
+ </para>
+ <para>
+ <screen> user-manual file://///some-server/some-path/privoxy/user-manual/index.html</screen>
</para>
<para>
Any platform, on local webserver (called <quote>local-webserver</quote>):
</para>
<para>
- <screen>user-manual http://local-webserver/privoxy-user-manual/</screen>
+ <screen> user-manual http://local-webserver/privoxy-user-manual/</screen>
</para>
<![%user-man;[
<!-- this gets hammered in conversion to config. Text repeated below. -->
debug 256 # debug GIF de-animation
debug 512 # Common Log Format
debug 1024 # debug kill pop-ups
+ debug 2048 # CGI user interface
debug 4096 # Startup banner and warnings.
debug 8192 # Non-fatal errors
</programlisting>
<![%config-file;[<literallayout>@@debug 1 # show each GET/POST/CONNECT request</literallayout>]]>
<![%config-file;[<literallayout>@@debug 4096 # Startup banner and warnings</literallayout>]]>
-<![%config-file;[<literallayout>@@debug 8192 # Errors - *we highly recommended enabling this</literallayout>]]>
+<![%config-file;[<literallayout>@@debug 8192 # Errors - *we highly recommended enabling this*</literallayout>]]>
</sect3>
<term>Type of value:</term>
<listitem>
<para>
- <replaceable class="parameter">target_domain</replaceable>[:<replaceable class="parameter">port</replaceable>]
- <replaceable class="parameter">http_parent</replaceable>[/<replaceable class="parameter">port</replaceable>]
+ <replaceable class="parameter">target_pattern</replaceable>
+ <replaceable class="parameter">http_parent</replaceable>[:<replaceable class="parameter">port</replaceable>]
</para>
<para>
- Where <replaceable class="parameter">target_domain</replaceable> is a domain name pattern (see the
- chapter on domain matching in the <filename>default.action</filename> file),
- <replaceable class="parameter">http_parent</replaceable> is the address of the parent HTTP proxy
- as an IP addresses in dotted decimal notation or as a valid DNS name (or <quote>.</quote> to denote
- <quote>no forwarding</quote>, and the optional
- <replaceable class="parameter">port</replaceable> parameters are TCP ports, i.e. integer
- values from 1 to 64535
+ where <replaceable class="parameter">target_pattern</replaceable> is a <link linkend="af-patterns">URL pattern</link>
+ that specifies to which requests (i.e. URLs) this forward rule shall apply. Use <literal>/</literal> to
+ denote <quote>all URLs</quote>.
+ <replaceable class="parameter">http_parent</replaceable>[:<replaceable class="parameter">port</replaceable>]
+ is the DNS name or IP address of the parent HTTP proxy through which the requests should be forwarded,
+ optionally followed by its listening port (default: 8080).
+ Use a single dot (<literal>.</literal>) to denote <quote>no forwarding</quote>.
</para>
</listitem>
</varlistentry>
</para>
<para>
<screen>
- forward .* anon-proxy.example.org:8080
+ forward / anon-proxy.example.org:8080
forward :443 .
</screen>
</para>
</para>
<para>
<screen>
- forward .*. caching-proxy.example-isp.net:8000
+ forward / caching-proxy.example-isp.net:8000
forward .example-isp.net .
</screen>
</para>
<term>Type of value:</term>
<listitem>
<para>
- <replaceable class="parameter">target_domain</replaceable>[:<replaceable class="parameter">port</replaceable>]
- <replaceable class="parameter">socks_proxy</replaceable>[/<replaceable class="parameter">port</replaceable>]
- <replaceable class="parameter">http_parent</replaceable>[/<replaceable class="parameter">port</replaceable>]
+ <replaceable class="parameter">target_pattern</replaceable>
+ <replaceable class="parameter">socks_proxy</replaceable>[:<replaceable class="parameter">port</replaceable>]
+ <replaceable class="parameter">http_parent</replaceable>[:<replaceable class="parameter">port</replaceable>]
</para>
<para>
- Where <replaceable class="parameter">target_domain</replaceable> is a domain name pattern (see the
- chapter on domain matching in the <filename>default.action</filename> file),
+ where <replaceable class="parameter">target_pattern</replaceable> is a <link linkend="af-patterns">URL pattern</link>
+ that specifies to which requests (i.e. URLs) this forward rule shall apply. Use <literal>/</literal> to
+ denote <quote>all URLs</quote>.
<replaceable class="parameter">http_parent</replaceable> and <replaceable class="parameter">socks_proxy</replaceable>
are IP addresses in dotted decimal notation or valid DNS names (<replaceable class="parameter">http_parent</replaceable>
may be <quote>.</quote> to denote <quote>no HTTP forwarding</quote>), and the optional
</para>
<para>
<screen>
- forward-socks4a .*. socks-gw.example.com:1080 www-cache.example-isp.net:8080
+ forward-socks4a / socks-gw.example.com:1080 www-cache.example-isp.net:8080
forward .example.com .
</screen>
</para>
</para>
<para>
<screen>
- forward-socks4 .*. socks-gw.example.com:1080 .
+ forward-socks4 / socks-gw.example.com:1080 .
</screen>
</para>
</listitem>
<para>
<screen>
- forward .*. .
+ forward / .
forward .isp-b.net host-b:8118
</screen>
</para>
<para>
<screen>
- forward .*. .
+ forward / .
forward .isp-a.net host-a:8118
</screen>
</para>
Squid normally uses port 3128. If unsure consult <literal>http_port</literal> in <filename>squid.conf</filename>.
</para>
+<para>
+ You could just as well decide to only forward requests for Windows executables through
+ a virus-scanning parent proxy, say, on <literal>antivir.example.com</literal>, port 8010:
+</para>
+
+<para>
+ <screen>
+ forward / .
+ forward /.*\.(exe|com|dll|zip)$ antivir.example.com:8010</screen>
+</para>
+
</sect3>
]]>
<!-- end config content common to both outputs -->
<![%config-file;[
-<!-- These are dummy anchors to keep the processor quiet -->
-<!-- Needed for config-file only -->
+<!-- These are dummy anchors to keep the processor quiet -->
+<!-- when building config-file only (ie. they are used in u-m only) -->
<sect1 label="">
<title></title>
<anchor id="filter">
<anchor id="filter-file">
<anchor id="regex">
<anchor id="actions-file">
+<anchor id="af-patterns">
</sect1>
]]>