<!entity license SYSTEM "license.sgml">
<!entity p-authors SYSTEM "p-authors.sgml">
<!entity config SYSTEM "p-config.sgml">
-<!entity p-version "3.0.10">
-<!entity p-status "stable">
+<!entity p-version "3.0.11">
+<!entity p-status "UNRELEASED">
<!entity % p-authors-formal "INCLUDE"> <!-- include additional text, etc -->
-<!entity % p-not-stable "IGNORE">
-<!entity % p-stable "INCLUDE">
+<!entity % p-not-stable "INCLUDE">
+<!entity % p-stable "IGNORE">
<!entity % p-text "IGNORE"> <!-- define we are not a text only doc -->
<!entity % p-doc "INCLUDE"> <!-- and we are a formal doc -->
<!entity % p-readme "IGNORE">
This file belongs into
ijbswa.sourceforge.net:/home/groups/i/ij/ijbswa/htdocs/
- $Id: user-manual.sgml,v 2.81 2008/08/16 08:51:28 fabiankeil Exp $
+ $Id: user-manual.sgml,v 2.90 2008/09/26 16:53:09 fabiankeil Exp $
- Copyright (C) 2001-2008 Privoxy Developers http://www.privoxy.org/
+ Copyright (C) 2001-2009 Privoxy Developers http://www.privoxy.org/
See LICENSE.
========================================================================
</subscript>
</pubdate>
-<pubdate>$Id: user-manual.sgml,v 2.81 2008/08/16 08:51:28 fabiankeil Exp $</pubdate>
+<pubdate>$Id: user-manual.sgml,v 2.90 2008/09/26 16:53:09 fabiankeil Exp $</pubdate>
<!--
</para>
<para>
Before installing <application>Privoxy</application> under Gentoo just do
- first <literal>emerge rsync</literal> to get the latest changes from the
+ first <literal>emerge --sync</literal> to get the latest changes from the
Portage tree. With <literal>emerge privoxy</literal> you install the latest
version.
</para>
<sect1 id="whatsnew">
<title>What's New in this Release</title>
<para>
- There are many improvements and new features since <application>Privoxy 3.0.8</application>, the last stable release:
+ There are only a few improvements and new features since
+ <application>Privoxy 3.0.10</application>, the last stable release:
</para>
<para>
<itemizedlist>
<listitem>
<para>
- Added SOCKS5 support (with address resolution done by
- the SOCKS5 server). Patch provided by Eric M. Hopper.
+ The mingw32 version uses mutex locks now which prevents
+ log message corruption under load. As a side effect,
+ the "no thread-safe PRNG" warning could be removed as well.
</para>
</listitem>
<listitem>
<para>
- The "blocked" CGI pages include a block reason that was
- provided as argument to the last-applying block action.
+ Support for remote toggling is controlled by the configure
+ option --disable-toggle only. In previous versions it also
+ depended on the action editor and thus configuring with the
+ --disable-editor option would disable remote toggling support
+ as well.
</para>
</listitem>
<listitem>
<para>
- If enable-edit-actions is disabled (the default since 3.0.7 beta)
- the show-status page hides the edit buttons and explains why.
- Previously the user would get the "this feature has been disabled"
- message after using the edit button.
- </para>
- </listitem>
- <listitem>
- <para>
- Forbidden CONNECT requests are treated like blocks by default.
- The now-pointless treat-forbidden-connects-like-blocks action
- has been removed.
- </para>
- </listitem>
- <listitem>
- <para>
- Not enabling limit-connect now allows CONNECT requests to all ports.
- In previous versions it would only allow CONNECT requests to port 443.
- Use +limit-connect{443} if you think you need the old default behaviour.
- </para>
- </listitem>
- <listitem>
- <para>
- The CGI editor gets turned off after three edit requests with invalid
- file modification timestamps. This makes life harder for attackers
- who can leverage browser bugs to send fake Referers and intend to
- brute-force edit URLs.
- </para>
- </listitem>
- <listitem>
- <para>
- Action settings for multiple patterns in the same section are
- shared in memory. As a result these sections take up less space
- (and are loaded slightly faster). Problem reported by Franz Schwartau.
- </para>
- </listitem>
- <listitem>
- <para>
- Linear white space in HTTP headers will be normalized to single
- spaces before parsing the header's content, headers split across
- multiple lines get merged first.
- </para>
- </listitem>
- <listitem>
- <para>
- Host information is gathered outside the main thread so it's less
- likely to delay other incoming connections if the host is misconfigured.
- </para>
- </listitem>
- <listitem>
- <para>
- New config option "hostname" to use a hostname other than
- the one returned by the operating system. Useful to speed-up responses
- for CGI requests on misconfigured systems. Requested by Max Khon.
- </para>
- </listitem>
- <listitem>
- <para>
- The CGI editor supports the "disable all filters of this type"
- directives "-client-header-filter", "-server-header-filter",
- "-client-header-tagger" and "-server-header-tagger".
- </para>
- </listitem>
- <listitem>
- <para>
- Fixed false-positives with the link-by-url filter and URLs that
- contain the pattern "/jump/".
- </para>
- </listitem>
- <listitem>
- <para>
- The less-download-windows filter no longer messes
- "Content-Type: application/x-shockwave-flash" headers up.
- </para>
- </listitem>
- <listitem>
- <para>
- In the show-url-info page's "Final results" section active and
- inactive actions are listed separately. Patch provided by Lee.
- </para>
- </listitem>
- <listitem>
- <para>
- The GNUmakefile supports the DESTDIR variable. Patch for
- the install target submitted by Radoslaw Zielinski.
- </para>
- </listitem>
- <listitem>
- <para>
- Embedding the content of configuration files in the show-status
- page is significantly faster now. For a largish action file (1 MB)
- a speedup of about 2450 times has been measured. This is mostly
- interesting if you are using large action files or regularly use
- Privoxy-Regression-Test while running Privoxy through Valgrind,
- for stock configuration files it doesn't really matter.
- </para>
- </listitem>
- <listitem>
- <para>
- If zlib support is unavailable and there are content
- filters active but the prevent-compression action is disabled,
- the show-url-info page includes a warning that compression
- might prevent filtering.
- </para>
- </listitem>
- <listitem>
- <para>
- The show-url-info page provides an OpenSearch Description that
- allows to access the page through browser search plugins.
- </para>
- </listitem>
- <listitem>
- <para>
- The obsolete kill-popups action has been removed as the
- PCRS-based popup filters can do the same and are slightly
- less unreliable.
- </para>
- </listitem>
- <listitem>
- <para>
- The inspect-jpegs action has been removed.
- </para>
- </listitem>
- <listitem>
- <para>
- The send-wafer and send-vanilla-wafer actions have been removed.
- They weren't particular useful and their behaviour could be emulated
- with add-header anyway.
- </para>
- </listitem>
- <listitem>
- <para>
- Privoxy-Regression-Test has been significantly improved.
- </para>
- </listitem>
- <listitem>
- <para>
- Most sections in the default.action file contain tests for
- Privoxy-Regression-Test to verify that they are working as intended.
- </para>
- </listitem>
- <listitem>
- <para>
- Parts of Privoxy have been refactored to increase maintainability.
- </para>
- </listitem>
- <listitem>
- <para>
- Building with zlib (if available) is done by default.
+ The hide-forwarded-for-headers action has been replaced with
+ the change-x-forwarded-for{} action which can also be used to
+ add X-Forwarded-For headers. The latter functionality already
+ existed in Privoxy versions prior to 3.0.7 but has been removed
+ as it was often used unintentionally (by not using the
+ hide-forwarded-for-headers action).
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
- <filename>standard.action</filename> now only includes the enabled actions.
- Not all actions as before.
+ <filename>standard.action</filename> has been merged into
+ the <filename>default.action</filename> file.
</para>
</listitem>
<listitem>
<filename>default.action</filename> (which you will most probably want
to define sooner or later) are probably best applied in
<filename>user.action</filename>, where you can preserve them across
- upgrades. <filename>standard.action</filename> is only for
- <application>Privoxy's</application> internal use.
+ upgrades.
</para>
<para>
There is also a web based editor that can be accessed from
a set of broad rules that should work reasonably well as-is for most users.
This is the file that the developers are keeping updated, and <link
linkend="installation-keepupdated">making available to users</link>.
- The user's preferences as set in <filename>standard.action</filename>,
- e.g. either <literal>Cautious</literal> (the default),
+ It also contains the pre-defined sets of rules for the default actions,
+ e.g. <literal>Cautious</literal> (the default),
<literal>Medium</literal>, or <literal>Advanced</literal> (see
below).
</para>
has specific requirements, and need special handling, this kind of
thing should go here. This file will not be upgraded.
</para>
- </listitem>
+ </listitem>
<listitem>
- <para>
- <filename>standard.action</filename> - is used only by the web based editor
- at <ulink url="http://config.privoxy.org/edit-actions-list?f=default">
- http://config.privoxy.org/edit-actions-list?f=default</ulink>,
- to set various pre-defined sets of rules for the default actions section
- in <filename>default.action</filename>.
- </para>
<para>
<guibutton>Edit</guibutton> <guibutton>Set to Cautious</guibutton> <guibutton>Set to Medium</guibutton> <guibutton>Set to Advanced</guibutton>
</para>
<guibutton>Edit</guibutton> button. More fine-tuning can be done in the
lower sections of this internal page.
</para>
- <para>
- It is not recommend to edit the <filename>standard.action</filename> file
- itself.
- </para>
<para>
The default profiles, and their associated actions, as pre-defined in
- <filename>standard.action</filename> are:
+ <filename>default.action</filename> are:
</para>
<para>
<table frame=all><title>Default Configurations</title>
</sect3>
+<!-- ~~~~~ New section ~~~~~ -->
+<sect3 renderas="sect4" id="change-x-forwarded-for">
+<title>change-x-forwarded-for</title>
+
+<variablelist>
+ <varlistentry>
+ <term>Typical use:</term>
+ <listitem>
+ <para>Improve privacy by not forwarding the source of the request in the HTTP headers.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Effect:</term>
+ <listitem>
+ <para>
+ Deletes the <quote>X-Forwarded-For:</quote> HTTP header from the client request,
+ or adds a new one.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Type:</term>
+ <!-- Boolean, Parameterized, Multi-value -->
+ <listitem>
+ <para>Parameterized.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Parameter:</term>
+ <listitem>
+ <itemizedlist>
+ <listitem>
+ <para><quote>block</quote> to delete the header.</para>
+ </listitem>
+ <listitem>
+ <para>
+ <quote>add</quote> to create the header (or append
+ the client's IP address to an already existing one).
+ </para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ It is safe and recommended to use <literal>block</literal>.
+ </para>
+ <para>
+ Forwarding the source address of the request may make
+ sense in some multi-user setups but is also a privacy risk.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Example usage:</term>
+ <listitem>
+ <para>
+ <screen>+change-x-forwarded-for{block}</screen>
+ </para>
+ </listitem>
+ </varlistentry>
+</variablelist>
+</sect3>
+
<!-- ~~~~~ New section ~~~~~ -->
<sect3 renderas="sect4" id="client-header-filter">
<title>client-header-filter</title>
</sect3>
-<!-- ~~~~~ New section ~~~~~ -->
-<sect3 renderas="sect4" id="hide-forwarded-for-headers">
-<title>hide-forwarded-for-headers</title>
-<variablelist>
- <varlistentry>
- <term>Typical use:</term>
- <listitem>
- <para>Improve privacy by not forwarding the source of the request in the HTTP headers.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Effect:</term>
- <listitem>
- <para>
- Deletes any existing <quote>X-Forwarded-for:</quote> HTTP header from client requests.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Type:</term>
- <!-- Boolean, Parameterized, Multi-value -->
- <listitem>
- <para>Boolean.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Parameter:</term>
- <listitem>
- <para>
- N/A
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Notes:</term>
- <listitem>
- <para>
- It is safe and recommended to leave this on.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Example usage:</term>
- <listitem>
- <para>
- <screen>+hide-forwarded-for-headers</screen>
- </para>
- </listitem>
- </varlistentry>
-</variablelist>
-</sect3>
-
-
<!-- ~~~~~ New section ~~~~~ -->
<sect3 renderas="sect4" id="hide-from-header">
<title>hide-from-header</title>
# "Defaults" section:
##########################################################################
{ \
+ +<link linkend="CHANGE-X-FORWARDED-FOR">change-x-forwarded-for{block}</link> \
+<link linkend="DEANIMATE-GIFS">deanimate-gifs</link> \
+<link linkend="FILTER-HTML-ANNOYANCES">filter{html-annoyances}</link> \
+<link linkend="FILTER-REFRESH-TAGS">filter{refresh-tags}</link> \
+<link linkend="FILTER-WEBBUGS">filter{webbugs}</link> \
+<link linkend="FILTER-IE-EXPLOITS">filter{ie-exploits}</link> \
- +<link linkend="HIDE-FORWARDED-FOR-HEADERS">hide-forwarded-for-headers</link> \
+<link linkend="HIDE-FROM-HEADER">hide-from-header{block}</link> \
+<link linkend="HIDE-REFERER">hide-referrer{forge}</link> \
+<link linkend="PREVENT-COMPRESSION">prevent-compression</link> \
In file: default.action <guibutton>[ View ]</guibutton> <guibutton>[ Edit ]</guibutton>
- {+deanimate-gifs {last}
+ {+change-x-forwarded-for{block}
+ +deanimate-gifs {last}
+fast-redirects {check-decoded-url}
+filter {refresh-tags}
+filter {img-reorder}
+filter {webbugs}
+filter {jumping-windows}
+filter {ie-exploits}
- +hide-forwarded-for-headers
+hide-from-header {block}
+hide-referrer {forge}
+session-cookies-only
-add-header
-block
+ +change-x-forwarded-for{block}
-client-header-filter{hide-tor-exit-notation}
-content-type-overwrite
-crunch-client-header
-handle-as-image
-hide-accept-language
-hide-content-disposition
- +hide-forwarded-for-headers
+hide-from-header {block}
-hide-if-modified-since
+hide-referrer {forge}
{-add-header
-block
+ +change-x-forwarded-for{block}
-client-header-filter{hide-tor-exit-notation}
-content-type-overwrite
-crunch-client-header
-handle-as-image
-hide-accept-language
-hide-content-disposition
- +hide-forwarded-for-headers
+hide-from-header{block}
+hide-referer{forge}
-hide-user-agent
USA
$Log: user-manual.sgml,v $
+ Revision 2.90 2008/09/26 16:53:09 fabiankeil
+ Update "What's new" section.
+
+ Revision 2.89 2008/09/21 15:38:56 fabiankeil
+ Fix Portage tree sync instructions in Gentoo section.
+ Anonymously reported at ijbswa-developers@.
+
+ Revision 2.88 2008/09/21 14:42:52 fabiankeil
+ Add documentation for change-x-forwarded-for{},
+ remove documentation for hide-forwarded-for-headers.
+
+ Revision 2.87 2008/08/30 15:37:35 fabiankeil
+ Update entities.
+
+ Revision 2.86 2008/08/16 10:12:23 fabiankeil
+ Merge two sentences and move the URL to the end of the item.
+
+ Revision 2.85 2008/08/16 10:04:59 fabiankeil
+ Some more syntax fixes. This version actually builds.
+
+ Revision 2.84 2008/08/16 09:42:45 fabiankeil
+ Turns out building docs works better if the syntax is valid.
+
+ Revision 2.83 2008/08/16 09:32:02 fabiankeil
+ Mention changes since 3.0.9 beta.
+
+ Revision 2.82 2008/08/16 09:00:52 fabiankeil
+ Fix example URL pattern (once more with feeling).
+
Revision 2.81 2008/08/16 08:51:28 fabiankeil
Update version-related entities.