[ Copyright 2001 - 2007 by Privoxy Developers ]
-$Id: user-manual.sgml,v 2.46 2007/11/17 17:24:44 fabiankeil Exp $
+$Id: user-manual.sgml,v 2.49 2007/12/06 18:21:55 fabiankeil Exp $
The Privoxy User Manual gives users information on how to install, configure
and use Privoxy.
will not be overwritten, and the new ones will be installed with a "new"
extension. default.action, default.filter, and standard.action will be
overwritten. You will then need to manually update the other installed
-configuration files as needed. All template files will be overwritten. If you
-have customized, local templates, you should save these first, and in fact it
-is wise to always save any important configuration files "just in case". If a
-previous version of Privoxy is already running, you will have to restart it
-manually.
+configuration files as needed. The default template files will be overwritten.
+If you have customized, local templates, these should be stored safely in a
+separate directory and defined in config by the "templdir" directive. It is of
+course wise to always back-up any important configuration files "just in case".
+If a previous version of Privoxy is already running, you will have to restart
+it manually.
For more detailed instructions on how to build Redhat RPMs, Windows
self-extracting installers, building on platforms with special requirements
A quick list of things to be aware of before upgrading from earlier versions of
Privoxy:
- • Some installers may remove earlier versions completely, including
- configuration files. Save any important configuration files!
+ • The recommended way to upgrade Privoxy is to backup your old configuration
+ files, install the new ones, verify that Privoxy is working correctly and
+ finally merge back your changes using diff and maybe patch.
- • On the other hand, other installers may not overwrite any existing
- configuration files, thinking you will want to do that. You may want to
- manually check your saved files against the newer versions to see if the
- improvements have merit, or whether there are new options that you may want
- to consider. There are a number of new features, but most won't be
- available unless these features are incorporated into your configuration
- somehow.
+ There are a number of new features in each Privoxy release and most of them
+ have to be explicitly enabled in the configuration files. Old configuration
+ files obviously don't do that and due to syntax changes using old
+ configuration files with a new Privoxy isn't always possible anyway.
+
+ • Note that some installers remove earlier versions completely, including
+ configuration files, therefore you should really save any important
+ configuration files!
+
+ • On the other hand, other installers don't overwrite existing configuration
+ files, thinking you will want to do that yourself.
• standard.action now only includes the enabled actions. Not all actions as
before.
• Logging is off by default now. If you need logging, it can be turned on in
- the config file.
+ the config file. You may also want to enable logging until you verified
+ that the new Privoxy version is working as expected.
• Three other config file settings are now off by default:
enable-remote-toggle, enable-remote-http-toggle, and enable-edit-actions.
Client-header filters are executed after the other header actions have
finished and use their output as input.
+ If the request URL gets changed, Privoxy will detect that and use the new
+ one. This can be used to rewrite the request destination behind the
+ client's back, for example to specify a Tor exit relay for certain
+ requests.
+
Please refer to the filter file chapter to learn which client-header
filters are available by default, and how to create your own.
# This way you can continue to use Tor for your normal browsing,
# without overloading the Tor network with your FreeBSD ports updates
# or downloads of bigger files like ISOs.
+ # Note that HTTP headers are easy to fake and therefore their
+ # values are as (un)trustworthy as your clients and users.
{+forward-override{forward .} \
-hide-if-modified-since \
-overwrite-last-modified \
range of minutes where the random factor should be chosen from and Privoxy
does the rest. A negative value means subtracting, a positive value adding.
- Randomizing the value of the "If-Modified-Since:" makes sure it isn't used
- as a cookie replacement, but you will run into caching problems if the
- random range is too high.
+ Randomizing the value of the "If-Modified-Since:" makes it less likely that
+ the server can use the time as a cookie replacement, but you will run into
+ caching problems if the random range is too high.
It is a good idea to only use a small negative value and let
overwrite-last-modified handle the greater changes.
It is also recommended to use this action together with
- crunch-if-none-match.
+ crunch-if-none-match, otherwise it's more or less pointless.
Example usage (section):
- # Let the browser revalidate without being tracked across sessions
- { +hide-if-modified-since{-60} \
+ # Let the browser revalidate but make tracking based on the time less likely.
+ {+hide-if-modified-since{-60} \
+overwrite-last-modified{randomize} \
+crunch-if-none-match}
/
Typical use:
- Improve privacy by not embedding the source of the request in the HTTP
+ Improve privacy by not forwarding the source of the request in the HTTP
headers.
Effect:
- Deletes any existing "X-Forwarded-for:" HTTP header from client requests,
- and prevents adding a new one.
+ Deletes any existing "X-Forwarded-for:" HTTP header from client requests.
Type:
Notes:
- It is safe to leave this on.
+ It is safe and recommended to leave this on.
Example usage:
□ "conditional-block" to delete the header completely if the host has
changed.
+ □ "conditional-forge" to forge the header if the host has changed.
+
□ "block" to delete the header unconditionally.
□ "forge" to pretend to be coming from the homepage of the server we are
Always blocking the referrer, or using a custom one, can lead to failures
on servers that check the referrer before they answer any requests, in an
- attempt to prevent their valuable content from being embedded or linked to
+ attempt to prevent their content from being embedded or linked to
elsewhere.
Both conditional-block and forge will work with referrer checks, as long as
Typical use:
- Conceal your type of browser and client operating system
+ Try to conceal your type of browser and client operating system
Effect:
Typical use:
- To protect against the MS buffer over-run in JPEG processing
+ Try to protect against a MS buffer over-run in JPEG processing
Effect:
common image types found across the Internet. The exploit as described can
allow execution of code on the target system, giving an attacker access to
the system in question by merely planting an altered JPEG image, which
- would have no obvious indications of what lurks inside. This action
- prevents this exploit.
+ would have no obvious indications of what lurks inside. This action tries
+ to prevent this exploit if delivered through unencrypted HTTP.
- Note that the described exploit is only one of many, using this action does
- not mean that you no longer have to patch the client.
+ Note that the exploit mentioned is several years old and it's unlikely that
+ your client is still vulnerable against it. This action may be removed in
+ one of the next releases.
Example usage:
This action is most appropriate for browsers that don't have any controls
for unwanted pop-ups. Not recommended for general usage.
+ This action doesn't work very reliable and may be removed in future
+ releases.
+
Example usage:
+kill-popups
The CONNECT methods exists in HTTP to allow access to secure websites
("https://" URLs) through proxies. It works very simply: the proxy connects
to the server on the specified port, and then short-circuits its
- connections to the client and to the remote server. This can be a big
- security hole, since CONNECT-enabled proxies can be abused as TCP relays
- very easily.
+ connections to the client and to the remote server. This means
+ CONNECT-enabled proxies can be used as TCP relays very easily.
Privoxy relays HTTPS traffic without seeing the decoded content. Websites
can leverage this limitation to circumvent Privoxy's filters. By specifying
12. Privoxy Copyright, License and History
-Copyright 2001 - 2007 by Privoxy Developers <
+Copyright 2001-2007 by Privoxy Developers <
ijbswa-developers@lists.sourceforge.net>
Some source code is based on code Copyright 1997 by Anonymous Coders and
projects / privoxy.git / blobdiff