Purpose : Used with other docs and files only.
- Copyright (C) 2001-2020 Privoxy Developers https://www.privoxy.org/
+ Copyright (C) 2001-2021 Privoxy Developers https://www.privoxy.org/
See LICENSE.
========================================================================
Sample Configuration File for Privoxy &p-version;
</title>
<para>
-Copyright (C) 2001-2020 Privoxy Developers https://www.privoxy.org/
+Copyright (C) 2001-2021 Privoxy Developers https://www.privoxy.org/
</para>
<literallayout>
4. ACCESS CONTROL AND SECURITY #
5. FORWARDING #
6. MISCELLANEOUS #
- 7. TLS #
+ 7. HTTPS INSPECTION (EXPERIMENTAL) #
8. WINDOWS GUI OPTIONS #
#
##################################################################
fk 2007-11-07
-->
<![%config-file;[<literallayout>@@actionsfile user.action # User customizations</literallayout>]]>
+<![%config-file;[<literallayout>@@#regression-tests.action # Tests for privoxy-regression-test</literallayout>]]>
</sect3>
<!-- ~~~~~ New section ~~~~~ -->
<programlisting>
debug 1 # Log the destination for each request. See also debug 1024.
debug 2 # show each connection status
- debug 4 # show I/O status
+ debug 4 # show tagging-related messages
debug 8 # show header parsing
debug 16 # log all data written to the network
debug 32 # debug force feature
They can only be used if <application>Privoxy</application> has
been compiled with IPv6 support. If you aren't sure if your version
supports it, have a look at
- <literal>http://config.privoxy.org/show-status</literal>.
+ <ulink url="http://config.privoxy.org/show-status">http://config.privoxy.org/show-status</ulink>.
</para>
<para>
Some operating systems will prefer IPv6 to IPv4 addresses even if the
</para>
<para>
Note that sorting headers in an uncommon way will make fingerprinting
- actually easier. Encrypted headers are not affected by this directive.
+ actually easier.
+ Encrypted headers are not affected by this directive unless
+ <literal><ulink url="actions-file.html#HTTPS-INSPECTION">https-inspection</ulink></literal>
+ is enabled.
</para>
</listitem>
</varlistentry>
Referer \
Cookie \
DNT \
+ Connection \
+ Pragma \
+ Upgrade-Insecure-Requests \
If-Modified-Since \
Cache-Control \
Content-Length \
+ Origin \
Content-Type
</literallayout>]]>
</sect3>
<varlistentry>
<term>Notes:</term>
<listitem>
- <warning>
- <para>
- This is an experimental feature. The syntax is likely to change
- in future versions.
- </para>
- </warning>
<para>
Client-specific tags allow Privoxy admins to create different
profiles and let the users chose which one they want without
Clients can request tags to be set by using the CGI interface <ulink
url="http://config.privoxy.org/client-tags">http://config.privoxy.org/client-tags</ulink>.
The specific tag description is only used on the web page and should
- be phrased in away that the user understand the effect of the tag.
+ be phrased in away that the user understands the effect of the tag.
</para>
</listitem>
</varlistentry>
# that are enabled based on CLIENT-TAG patterns.
client-specific-tag circumvent-blocks Overrule blocks but do not affect other actions
client-specific-tag disable-content-filters Disable content-filters but do not affect other actions
+ client-specific-tag overrule-redirects Overrule redirect sections
+ client-specific-tag allow-cookies Do not crunch cookies in either direction
+ client-specific-tag change-tor-socks-port Change forward-socks5 settings to use a different Tor socks port (and circuits)
+ client-specific-tag no-https-inspection Disable HTTPS inspection
+ client-specific-tag no-tls-verification Don't verify certificates when http-inspection is enabled
</screen>
</listitem>
</varlistentry>
<varlistentry>
<term>Notes:</term>
<listitem>
- <warning>
- <para>
- This is an experimental feature. The syntax is likely to change
- in future versions.
- </para>
- </warning>
<para>
In case of some tags users may not want to enable them permanently,
but only for a short amount of time, for example to circumvent a block
<varlistentry>
<term>Notes:</term>
<listitem>
- <warning>
- <para>
- This is an experimental feature. The syntax is likely to change
- in future versions.
- </para>
- </warning>
<para>
If clients reach Privoxy through another proxy, for example a load
balancer, Privoxy can't tell the client's IP address from the connection.
</sect2>
-<sect2 id="tls">
-<title>TLS/SSL Inspection (Experimental)</title>
+<sect2 id="https-inspection-directives">
+<title>HTTPS Inspection (Experimental)</title>
+
+<para>
+ HTTPS inspection allows to filter encrypted requests and responses.
+ This is only supported when <application>Privoxy</application>
+ has been built with FEATURE_HTTPS_INSPECTION.
+ If you aren't sure if your version supports it, have a look at
+ <ulink url="http://config.privoxy.org/show-status">http://config.privoxy.org/show-status</ulink>.
+</para>
<!-- ~~~~~ New section ~~~~~ -->
</para>
<para>
The file can be generated with:
- openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.crt -days 3650
+ <command>openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.crt -days 3650</command>
</para>
</listitem>
</varlistentry>
<term>Notes:</term>
<listitem>
<para>
- This directive specifies the name of the CA key file
- in ".pem" format. See the <ulink url="#CA-CERT-FILE">ca-cert-file</ulink>
- for a command to generate it.
+ This directive specifies the name of the CA key file in ".pem" format.
+ The <ulink url="#CA-CERT-FILE">ca-cert-file section</ulink> contains
+ a command to generate it.
+ </para>
+ <para>
+ The CA key is used by &my-app; to sign generated certificates.
+ </para>
+ <para>
+ Access to the key should be limited to Privoxy.
</para>
</listitem>
</varlistentry>
AES128-SHA
</screen>
<screen>
- # Use keywords instead of explicity naming the ciphers (Does not work with MbedTLS)
+ # Use keywords instead of explicitly naming the ciphers (Does not work with MbedTLS)
cipher-list ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
</screen>
</listitem>
</para>
<para>
An example file can be downloaded from
- <ulink url="https://curl.haxx.se/ca/cacert.pem">https://curl.haxx.se/ca/cacert.pem</ulink>.
+ <ulink url="https://curl.se/ca/cacert.pem">https://curl.se/ca/cacert.pem</ulink>.
+ If you want to create the file yourself, please see:
+ <ulink url="https://curl.se/docs/caextract.html">https://curl.se/docs/caextract.html</ulink>.
</para>
</listitem>
</varlistentry>