X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;ds=inline;f=default.action.master;h=c73b3e560c3552db6fd1caa66ae612d38fd9d782;hb=fcb770522d872b974e2653638efdf92802b83126;hp=c19d26dc578f5d1966b248975647d8ad1e57ac6b;hpb=0c07a9821c86b1ed8b23cb1a1905520a2cb3421b;p=privoxy.git
diff --git a/default.action.master b/default.action.master
index c19d26dc..c73b3e56 100644
--- a/default.action.master
+++ b/default.action.master
@@ -1,25 +1,29 @@
#MASTER# COMMENT:
-#MASTER# COMMENT: Anyone adding specific rules to this file,
-#MASTER# COMMENT: wherever possible please include a *full* URL
-#MASTER# COMMENT: which can be used to verify the problem, and if
-#MASTER# COMMENT: the problem may not always be fully obvious, a
-#MASTER# COMMENT: brief explanation. Thanks.
+#MASTER# COMMENT: Anyone adding specific rules to this file,
+#MASTER# COMMENT: wherever possible please include a *full* URL
+#MASTER# COMMENT: which can be used to verify the problem, and if
+#MASTER# COMMENT: the problem may not always be fully obvious, a
+#MASTER# COMMENT: brief explanation. Please also add tests for
+#MASTER# COMMENT: Privoxy-Regression-Test so we can automatically
+#MASTER# COMMENT: verify that your rules are effective. Thanks.
#MASTER# COMMENT:
######################################################################
#
# File : $Source: /cvsroot/ijbswa/current/default.action.master,v $
#
-# $Id: default.action.master,v 1.118 2008/03/24 11:31:10 fabiankeil Exp $
+# $Id: default.action.master,v 1.165 2009/02/12 16:58:03 ler762 Exp $
#
-# Requires : This version requires Privoxy v3.0.9 or later due to
+# Requires : This version requires Privoxy v3.0.11 or later due to
# syntax changes.
#
# Purpose : Default actions file, see
# http://www.privoxy.org/user-manual/actions-file.html.
-# This file is subject to periodic updating. Local exceptions
-# and enhancements are better placed in user.action.
+# This file is subject to periodic updating. It is
+# not supposed to be edited by the user. Local exceptions
+# and enhancements are better placed in user.action,
+# the match-all section has been moved to match-all.action.
#
-# Copyright : Written by and Copyright (C) 2001-2008 the
+# Copyright : Written by and Copyright (C) 2001-2009 the
# Privoxy team. http://www.privoxy.org/
#
# Note: Updated versions of this file will be made available from time
@@ -176,7 +180,7 @@
# +name{param} # enable and set parameter to "param"
# -name # disable
#
-# Multi-value (e.g. "add-header", "send-wafer"):
+# Multi-value (e.g. "add-header", "filter"):
# +name{param} # enable and add parameter "param"
# -name{param} # remove the parameter "param"
# -name # disable totally
@@ -202,13 +206,19 @@
# Block this URL. Instead of forwarding the request, Privoxy will
# send a "block" page containing the specified reason.
#
+# +change-x-forwarded-for{add}
+# +change-x-forwarded-for{block}
+# Adds or blocks the "X-Forwarded-For:" HTTP header in client
+# requests.
+#
# +client-header-filter{name}
# All client headers to which this action applies are filtered on-the-fly
# through the specified regular expression based substitutions.
#
# Client-header filters predefined in the supplied default.filter include:
#
-# hide-tor-exit-notation: Removes the Tor exit node notation in Host and Referer headers
+# hide-tor-exit-notation: Removes the Tor exit node notation in Host and Referer headers.
+# privoxy-control: Removes X-Privoxy-Control headers.
#
# +client-header-tagger{string}
# Tag requests based on their headers. Client headers to which this
@@ -217,6 +227,17 @@
# Client-header taggers are the first actions that are executed and their
# tags can be used to control every other action.
#
+# Client-header taggers predefined in the supplied default.filter include:
+#
+# image-requests: Tags detected image requests as "IMAGE-REQUEST".
+# css-requests: Tags detected CSS requests as "CSS-REQUEST".
+# client-ip-address: Tags the request with the client's IP address.
+# http-method: Tags the request with its HTTP method.
+# allow-post: Tags POST requests as "ALLOWED-POST".
+# complete-url: Tags the request with the whole request URL.
+# user-agent: Tags the request with the complete User-Agent header.
+# privoxy-control: Creates tags with the content of X-Privoxy-Control headers.
+#
# +content-type-overwrite
# Replaces the "Content-Type:" HTTP server header, so that unwanted
# download menus will not pop up, or changes the browser's rendering mode.
@@ -282,32 +303,32 @@
#
# Filters predefined in the supplied default.filter include:
#
-# js-annoyances: Get rid of particularly annoying JavaScript abuse
-# js-events: Kill all JS event bindings (Radically destructive! Use only on real suckers)
-# html-annoyances: Get rid of particularly annoying HTML abuse
-# content-cookies: Kill cookies that come in the HTML or JS content
-# refresh-tags: Kill automatic refresh tags (for dial-on-demand setups)
-# unsolicited-popups: Disable only unsolicited pop-up windows
-# all-popups: Kill all popups in JavaScript and HTML
-# img-reorder: Reorder attributes in tags to make the banners-by-* filters more effective
-# banners-by-size: Kill banners by size (very efficient!)
-# banners-by-link: Kill banners by their links to known clicktrackers
-# webbugs: Squish WebBugs (1x1 invisible GIFs used for user tracking)
-# tiny-textforms: Extend those tiny textareas up to 40x80 and kill the hard wrap
-# jumping-windows: Prevent windows from resizing and moving themselves
-# frameset-borders: Give frames a border
-# demoronizer: Fix MS's non-standard use of standard charsets
-# shockwave-flash: Kill embedded Shockwave Flash objects
-# quicktime-kioskmode: Make Quicktime movies saveable
-# fun: Text replacements for subversive browsing fun!
-# crude-parental: Kill all web pages that contain the words "sex" or "warez"
-# ie-exploits: Disable some known Internet Explorer bug exploits
-# site-specifics: Cure for site-specific problems. Don't apply generally!
-# google: Removes text ads and other Google specific improvements
-# yahoo: Removes text ads and other Yahoo specific improvements
-# msn: Removes text ads and other MSN specific improvements
-# blogspot: Cleans up Blogspot blogs
-# no-ping: Removes non-standard ping attributes from anchor and area tags
+# js-annoyances: Get rid of particularly annoying JavaScript abuse.
+# js-events: Kill all JS event bindings and timers (Radically destructive! Only for extra nasty sites).
+# html-annoyances: Get rid of particularly annoying HTML abuse.
+# content-cookies: Kill cookies that come in the HTML or JS content.
+# refresh-tags: Kill automatic refresh tags (for dial-on-demand setups).
+# unsolicited-popups: Disable only unsolicited pop-up windows.
+# all-popups: Kill all popups in JavaScript and HTML.
+# img-reorder: Reorder attributes in tags to make the banners-by-* filters more effective.
+# banners-by-size: Kill banners by size.
+# banners-by-link: Kill banners by their links to known clicktrackers.
+# webbugs: Squish WebBugs (1x1 invisible GIFs used for user tracking).
+# tiny-textforms: Extend those tiny textareas up to 40x80 and kill the hard wrap.
+# jumping-windows: Prevent windows from resizing and moving themselves.
+# frameset-borders: Give frames a border and make them resizable.
+# demoronizer: Fix MS's non-standard use of standard charsets.
+# shockwave-flash: Kill embedded Shockwave Flash objects.
+# quicktime-kioskmode: Make Quicktime movies saveable.
+# fun: Text replacements for subversive browsing fun!
+# crude-parental: Crude parental filtering. Note that this filter doesn't work reliably.
+# ie-exploits: Disable some known Internet Explorer bug exploits.
+# site-specifics: Cure for site-specific problems. Don't apply generally!
+# no-ping: Removes non-standard ping attributes in and tags.
+# google: CSS-based block for Google text ads. Also removes a width limitation and the toolbar advertisement.
+# yahoo: CSS-based block for Yahoo text ads. Also removes a width limitation.
+# msn: CSS-based block for MSN text ads. Also removes tracking URLs and a width limitation.
+# blogspot: Cleans up some Blogspot blogs. Read the fine print before using this.
#
# +force-text-mode
# Declares a document as plain text, even if the "Content-Type:" isn't detected
@@ -327,6 +348,11 @@
# decides whether an HTML "blocked" page, or an empty document will be sent
# to the client as a substitute for the blocked content.
#
+# +handle-as-image
+# Treat this URL as an image. This only matters if it's also "+block"ed,
+# in which case a "blocked" image can be sent rather than a HTML page.
+# See +set-image-blocker{} for the control over what is actually sent.
+#
# +hide-accept-language{lang}
# +hide-accept-language{block}
# Deletes or replaces the "Accept-Language:" HTTP header in client
@@ -338,9 +364,6 @@
# servers. This can be used to prevent download menus for content you
# prefer to view inside the browser, for example.
#
-# +hide-forwarded-for-headers
-# Block any existing X-Forwarded-for header.
-#
# +hide-from-header{block}
# +hide-from-header{spam@sittingduck.xqq}
# If the browser sends a "From:" header containing your e-mail address,
@@ -375,31 +398,25 @@
# +hide-user-agent{Privoxy/1.0}
# (Don't change the version number from 1.0 - after all, why tell them?)
#
-# +handle-as-image
-# Treat this URL as an image. This only matters if it's also "+block"ed,
-# in which case a "blocked" image can be sent rather than a HTML page.
-# See +set-image-blocker{} for the control over what is actually sent.
-#
-# +inspect-jpegs
-# Scan jpeg headers for malformed comment blocks and correct them.
-#
# +limit-connect{portlist}
-# The CONNECT methods exists in HTTP to allow access to secure websites
-# (https:// URLs) through proxies. It works very simply: The proxy
-# connects to the server on the specified port, and then short-circuits
-# its connections to the client and to the remote proxy.
-# This can be a big security hole, since CONNECT-enabled proxies can
-# be abused as TCP relays very easily.
-# By default, i.e. in the absence of a +limit-connect action, Privoxy
-# will only allow CONNECT requests to port 443, which is the standard port
-# for https.
-# If you want to allow CONNECT for more ports than that, or want to forbid
-# CONNECT altogether, you can specify a comma separated list of ports and port
-# ranges (the latter using dashes, with the minimum defaulting to 0 and max to 65K):
-#
-# +limit-connect{443} # This is the default and need no be specified.
-# +limit-connect{80,443} # Ports 80 and 443 are OK.
-# +limit-connect{-3, 7, 20-100, 500-} # Port less than 3, 7, 20 to 100, and above 500 are OK.
+#
+# By default, i.e. if no limit-connect action applies, Privoxy
+# allows HTTP CONNECT requests to all ports. Use limit-connect
+# if fine-grained control is desired for some or all destinations.
+# The CONNECT methods exists in HTTP to allow access to secure websites
+# ("https://" URLs) through proxies. It works very simply: the proxy
+# connects to the server on the specified port, and then short-circuits
+# its connections to the client and to the remote server. This means
+# CONNECT-enabled proxies can be used as TCP relays very easily. Privoxy
+# relays HTTPS traffic without seeing the decoded content. Websites can
+# leverage this limitation to circumvent Privoxy's filters. By specifying
+# an invalid port range you can disable HTTPS entirely.
+#
+# +limit-connect{443} # Only port 443 is OK.
+# +limit-connect{80,443} # Ports 80 and 443 are OK.
+# +limit-connect{-3, 7, 20-100, 500-} # Ports less than 3, 7, 20 to 100 and above 500 are OK.
+# +limit-connect{-} # All ports are OK
+# +limit-connect{,} # No HTTPS/SSL traffic is allowed
#
# +overwrite-last-modified{block}
# +overwrite-last-modified{reset-to-request-time}
@@ -421,9 +438,9 @@
#
# +prevent-compression
# Prevent the website from compressing the data. Some websites do
-# that, which is a problem for Privoxy, since +filter, +kill-popups
-# and +gif-deanimate will not work on compressed data. Will slow down
-# connections to those websites, though.
+# that, which is a problem for Privoxy when built without zlib support,
+# since +filter and +gif-deanimate will not work on compressed data.
+# Will slow down connections to those websites, though.
#
# +server-header-filter{name}
# All server headers to which this action applies are filtered on-the-fly
@@ -431,8 +448,11 @@
#
# Server-header filters predefined in the supplied default.filter include:
#
-# html-to-xml: Changes the Content-Type header from html to xml
-# xml-to-html: Changes the Content-Type header from xml to html
+# x-httpd-php-to-html: Changes the Content-Type header from x-httpd-php to html.
+# html-to-xml: Changes the Content-Type header from html to xml.
+# xml-to-html: Changes the Content-Type header from xml to html.
+# less-download-windows: Prevent annoying download windows for content types the browser can handle itself.
+# privoxy-control: Removes X-Privoxy-Control headers.
#
# +server-header-tagger{content-type}
# Server headers to which this action applies are filtered on-the-fly
@@ -442,6 +462,11 @@
# control all of the other server-header actions, the content filters and
# the crunch actions (redirect and block).
#
+# Server-header taggers predefined in the supplied default.filter include:
+#
+# content-type: Tags the request with the content type declared by the server.
+# privoxy-control: Creates tags with the content of X-Privoxy-Control headers.
+#
# +session-cookies-only
# If the website sets cookies, make sure they are erased when you exit
# and restart your web browser. This makes profiling cookies useless,
@@ -469,28 +494,12 @@
# +crunch-incoming-cookies
# Prevent the website from setting cookies
#
-# +kill-popups (deprecated)
-# Filter the website through a built-in filter to disable
-# window.open() etc. The two alternative spellings are
-# equivalent.
-#
# +redirect{}
# +redirect{}
# Convinces the browser that the requested document has been moved to
# another location and the browser should get it from the specified
# URL.
#
-# +send-vanilla-wafer
-# This action only applies if you are using a jarfile. It sends a
-# cookie to every site stating that you do not accept any copyright
-# on cookies sent to you, and asking them not to track you. Of
-# course, this is a (relatively) unique header they could use to
-# track you.
-#
-# +send-wafer{name=value}
-# This allows you to add an arbitrary cookie. Specify it multiple
-# times in order to add several cookies.
-#
#############################################################################
#############################################################################
@@ -499,7 +508,7 @@
{{settings}}
#############################################################################
#MASTER# COMMENT: The minimum Privoxy version:
-for-privoxy-version=3.0.9
+for-privoxy-version=3.0.11
#############################################################################
# Aliases
@@ -529,14 +538,14 @@ for-privoxy-version=3.0.9
+crunch-all-cookies = +crunch-incoming-cookies +crunch-outgoing-cookies
-crunch-all-cookies = -crunch-incoming-cookies -crunch-outgoing-cookies
allow-all-cookies = -crunch-all-cookies -session-cookies-only
- allow-popups = -filter{all-popups} -kill-popups -filter{unsolicited-popups}
+ allow-popups = -filter{all-popups} -filter{unsolicited-popups}
+block-as-image = +block{Blocked image request.} +handle-as-image
-block-as-image = -block
# These aliases define combinations of actions
# that are useful for certain types of sites:
#
-fragile = -block -crunch-all-cookies -filter -fast-redirects -hide-referer -kill-popups -prevent-compression
+fragile = -block -crunch-all-cookies -filter -fast-redirects -hide-referer -prevent-compression
shop = -crunch-all-cookies allow-popups
# Your favourite blend of filters:
@@ -548,15 +557,75 @@ myfilters = +filter{html-annoyances} +filter{js-annoyances} +filter{all-popups
#
allow-ads = -block -filter{banners-by-size} -filter{banners-by-link}
-#############################################################################
-# Defaults
-#############################################################################
+################
+#
+# Cautious settings -- safe for all sites, but offer little privacy protection
+#
{ \
-+hide-forwarded-for-headers \
++change-x-forwarded-for{block} \
+hide-from-header{block} \
+set-image-blocker{pattern} \
}
-/ # Match all URLs
+standard.Cautious
+
+################
+#
+# Medium settings -- safe for most sites, with reasonable protection/damage tradeoff
+#
+{ \
++change-x-forwarded-for{block} \
++deanimate-gifs{last} \
++filter{refresh-tags} \
++filter{img-reorder} \
++filter{banners-by-size} \
++filter{webbugs} \
++filter{jumping-windows} \
++filter{ie-exploits} \
++hide-from-header{block} \
++hide-referrer{conditional-block} \
++session-cookies-only \
++set-image-blocker{pattern} \
+}
+standard.Medium
+
+################
+#
+# Advanced settings -- reasonable privacy protection but
+# require some exceptions for trusted sites, most likely
+# because of cookies or SSL. Also testing ground for
+# new options.
+#
+# CAUTION: These settings can still be subverted by a
+# misconfigured client that executes code from untrusted
+# sources.
+#
+{ \
++change-x-forwarded-for{block} \
++client-header-tagger{css-requests} \
++client-header-tagger{image-requests} \
++crunch-if-none-match \
++crunch-outgoing-cookies \
++crunch-incoming-cookies \
++deanimate-gifs{last} \
++fast-redirects{check-decoded-url} \
++filter{html-annoyances} \
++filter{content-cookies} \
++filter{refresh-tags} \
++filter{img-reorder} \
++filter{banners-by-size} \
++filter{banners-by-link} \
++filter{webbugs} \
++filter{jumping-windows} \
++filter{frameset-borders} \
++filter{quicktime-kioskmode} \
++hide-if-modified-since{-60} \
++hide-from-header{block} \
++hide-referrer{conditional-block} \
++limit-connect{,} \
++overwrite-last-modified{randomize} \
++set-image-blocker{pattern} \
+}
+standard.Advanced
#############################################################################
# These extensions belong to images:
@@ -575,7 +644,6 @@ allow-ads = -block -filter{banners-by-size} -filter{banners-by-link}
# Generic block patterns by host:
#############################################################################
{+block{Host matches generic block pattern.}}
-#MASTER# DONT-VERIFY (generic)
ad*.
.*ads.
#MASTER# REMARKS: removed .ad. 2007-12-18 HB
@@ -584,7 +652,6 @@ ad*.
.ad.[a-ik-z][a-oq-z].
.ad.jp.*.
.ad.???*.
-#MASTER# PROBLEM URL: http://alternativos.iw-advertising.com/
# Blocked URL = http://alternativos.iw-advertising.com/
.*advert*.
*banner*.
@@ -592,15 +659,14 @@ count*.
*counter.
#MASTER# PROBLEM URL: http://www.newegg.com
promotions.
-#MASTER# PROBLEM URL: http://metrics.performancing.com/ 11/04/06
#MASTER# BLOCK-REFERRER: http://tech.cybernetnews.com/
+# Blocked URL = http://metrics.performancing.com/
metrics.
#############################################################################
# Generic unblockers by host:
#############################################################################
{-block}
-#MASTER# DONT-VERIFY (generic)
adsl.
ad[udmw]*.
adbl*.
@@ -610,7 +676,6 @@ adob*.
adrenaline.
adtp*.
adv[oia]*.
-#MASTER# REMARKS: Added 2008-02-08 HB
adventure*.
.*road*.
.olympiad*.
@@ -623,16 +688,14 @@ countr*.
# Generic block patterns by path:
#############################################################################
{+block{Path matches generic block pattern.}}
-#MASTER# DONT-VERIFY (generic)
/(.*/)?ad(\?|/|s|v|_?(image|se?rv|box)|cycle|rotate|mentor|click|f[ra]m|script|stream|fetch|log|space)
# Blocked URL = http://www.example.org/adimage
# Blocked URL = http://www.example.org/adspace
/phpads(new)?/
/(.*/)?(ad|all|nn|db|promo(tion)?)?[-_]?banner
-/(.*/)?(publicite|werbung|reklaa?m|annonse|maino(kset|nta|s)?/)
+/(.*/)?(publicite|werbung|rekla(me|am)|annonse|maino(kset|nta|s)?/)
/.*(count|track|compteur|(?