Purpose : Used with other docs and files only.
- Copyright (C) 2001-2021 Privoxy Developers https://www.privoxy.org/
+ Copyright (C) 2001-2023 Privoxy Developers https://www.privoxy.org/
See LICENSE.
========================================================================
Sample Configuration File for Privoxy &p-version;
</title>
<para>
-Copyright (C) 2001-2021 Privoxy Developers https://www.privoxy.org/
+Copyright (C) 2001-2023 Privoxy Developers https://www.privoxy.org/
</para>
<literallayout>
4. ACCESS CONTROL AND SECURITY #
5. FORWARDING #
6. MISCELLANEOUS #
- 7. HTTPS INSPECTION (EXPERIMENTAL) #
+ 7. HTTPS INSPECTION #
8. WINDOWS GUI OPTIONS #
#
##################################################################
<term>Notes:</term>
<listitem>
<para>
- The value of this option only matters if the experimental trust mechanism has been
+ The value of this option only matters if the trust mechanism has been
activated. (See <link linkend="trustfile"><emphasis>trustfile</emphasis></link> below.)
</para>
<para>
as it happens. <emphasis>1, 1024, 4096 and 8192 are recommended</emphasis>
so that you will notice when things go wrong. The other levels are
probably only of interest if you are hunting down a specific problem.
- They can produce a hell of an output (especially 16).
+ They can produce a lot of output (especially 16).
</para>
<para>
If you are used to the more verbose settings, simply enable the debug lines
</varlistentry>
</variablelist>
-<![%config-file;[<literallayout>@@#debug 1 # Log the destination for each request &my-app; let through.</literallayout>]]>
+<![%config-file;[<literallayout>@@#debug 1 # Log the destination for each request. See also debug 1024.</literallayout>]]>
+<![%config-file;[<literallayout>@@#debug 2 # show each connection status</literallayout>]]>
+<![%config-file;[<literallayout>@@#debug 4 # show tagging-related messages</literallayout>]]>
+<![%config-file;[<literallayout>@@#debug 8 # show header parsing</literallayout>]]>
+<![%config-file;[<literallayout>@@#debug 128 # debug redirects</literallayout>]]>
+<![%config-file;[<literallayout>@@#debug 256 # debug GIF de-animation</literallayout>]]>
+<![%config-file;[<literallayout>@@#debug 512 # Common Log Format</literallayout>]]>
<![%config-file;[<literallayout>@@#debug 1024 # Log the destination for requests &my-app; didn't let through, and the reason why.</literallayout>]]>
<![%config-file;[<literallayout>@@#debug 4096 # Startup banner and warnings</literallayout>]]>
<![%config-file;[<literallayout>@@#debug 8192 # Non-fatal errors</literallayout>]]>
+<![%config-file;[<literallayout>@@#debug 65536 # Log applying actions</literallayout>]]>
</sect3>
(ACL's, see below), and/or a firewall.
</para>
<para>
- If you open <application>Privoxy</application> to untrusted users, you will
- also want to make sure that the following actions are disabled: <literal><link
+ If you open <application>Privoxy</application> to untrusted users, you should
+ also make sure that the following actions are disabled: <literal><link
linkend="enable-edit-actions">enable-edit-actions</link></literal> and
<literal><link linkend="enable-remote-toggle">enable-remote-toggle</link></literal>
</para>
There are also a few privacy implications you should be aware of.
</para>
<para>
- If this option is effective, outgoing connections are shared between
+ If this option is enabled, outgoing connections are shared between
clients (if there are more than one) and closing the browser that initiated
- the outgoing connection does no longer affect the connection between &my-app;
+ the outgoing connection does not affect the connection between &my-app;
and the server unless the client's request hasn't been completed yet.
</para>
<para>
If you aren't using an occasionally slow proxy like Tor, reducing
it to a few seconds should be fine.
</para>
+ <warning>
+ <para>
+ When a TLS library is being used to read or write data from a socket with
+ <literal><ulink url="actions-file.html#HTTPS-INSPECTION">https-inspection</ulink></literal>
+ enabled the socket-timeout currently isn't applied and the timeout
+ used depends on the library (which may not even use a timeout).
+ </para>
+ </warning>
</listitem>
</varlistentry>
<varlistentry>
</para>
<para>
One most POSIX-compliant systems &my-app; can't properly deal with
- more than FD_SETSIZE file descriptors at the same time and has to reject
- connections if the limit is reached. This will likely change in a
- future version, but currently this limit can't be increased without
- recompiling &my-app; with a different FD_SETSIZE limit.
+ more than FD_SETSIZE file descriptors if &my-app; has been configured
+ to use select() and has to reject connections if the limit is reached.
+ When using select() this limit therefore can't be increased without
+ recompiling &my-app; with a different FD_SETSIZE limit unless &my-app;
+ is running on Windows with _WIN32 defined.
+ </para>
+ <para>
+ When &my-app; has been configured to use poll() the FD_SETSIZE limit
+ does not apply.
</para>
</listitem>
</varlistentry>
<sect2 id="https-inspection-directives">
-<title>HTTPS Inspection (Experimental)</title>
+<title>HTTPS Inspection</title>
<para>
HTTPS inspection allows to filter encrypted requests and responses.
<varlistentry>
<term>Default value:</term>
<listitem>
- <para><emphasis>Empty string</emphasis></para>
+ <para><emphasis>./CA</emphasis></para>
</listitem>
</varlistentry>
<varlistentry>
that is used when Privoxy generates certificates for intercepted
requests.
</para>
+ <warning>
<para>
Note that the password is shown on the CGI page so don't
reuse an important one.
</para>
+ <para>
+ If disclosure of the password is a compliance issue consider blocking
+ the relevant CGI requests after enabling the <link linkend="enforce-blocks">enforce-blocks</link>
+ and <link linkend="allow-cgi-request-crunching">allow-cgi-request-crunching</link>.
+ </para>
+ </warning>
</listitem>
</varlistentry>
<varlistentry>
projects / privoxy.git / blobdiff