X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;ds=inline;f=doc%2Fsource%2Fuser-manual.sgml;h=ef21bd299b4a97f7363d096416ed4b4f83bcf755;hb=f6d1a7ca82613239a15439cc9b3613750d5f55c5;hp=4f1653d97e74a18ac063a82ccbfcfa0e188c6ce7;hpb=fb678fa66e901c01900841c6924f08a0d06f1489;p=privoxy.git
diff --git a/doc/source/user-manual.sgml b/doc/source/user-manual.sgml
index 4f1653d9..ef21bd29 100644
--- a/doc/source/user-manual.sgml
+++ b/doc/source/user-manual.sgml
@@ -11,11 +11,11 @@
-
-
+
+
-
-
+
+
@@ -34,9 +34,9 @@
This file belongs into
ijbswa.sourceforge.net:/home/groups/i/ij/ijbswa/htdocs/
- $Id: user-manual.sgml,v 2.138 2011/11/13 17:03:54 fabiankeil Exp $
+ $Id: user-manual.sgml,v 2.159 2013/01/09 15:03:06 fabiankeil Exp $
- Copyright (C) 2001-2011 Privoxy Developers http://www.privoxy.org/
+ Copyright (C) 2001-2013 Privoxy Developers http://www.privoxy.org/
See LICENSE.
========================================================================
@@ -55,12 +55,12 @@
- Copyright &my-copy; 2001-2011 by
+ Copyright &my-copy; 2001-2013 by
Privoxy Developers
-$Id: user-manual.sgml,v 2.138 2011/11/13 17:03:54 fabiankeil Exp $
+$Id: user-manual.sgml,v 2.159 2013/01/09 15:03:06 fabiankeil Exp $Mac OS X
- Unzip the downloaded file (you can either double-click on the zip file
- icon from the Finder, or from the desktop if you downloaded it there).
- Then, double-click on the package installer icon and follow the
- installation process.
+ Installation instructions for the OS X platform depend upon whether
+ you downloaded a ready-built installation package (.pkg or .mpkg) or have
+ downloaded the source code.
+
+
+
+Installation from ready-built package
+
+ The downloaded file will either be a .pkg (for OS X 10.5 upwards) or a bzipped
+ .mpkg file (for OS X 10.4). The former can be double-clicked as is and the
+ installation will start; double-clicking the latter will unzip the .mpkg file
+ which can then be double-clicked to commence the installation.
+
+
+ The privoxy service will automatically start after a successful installation
+ (and thereafter every time your computer starts up) however you will need to
+ configure your web browser(s) to use it. To do so, configure them to use a
+ proxy for HTTP and HTTPS at the address 127.0.0.1:8118.
+
+
+ To prevent the privoxy service from automatically starting when your computer
+ starts up, remove or rename the file /Library/LaunchDaemons/org.ijbswa.privoxy.plist
+ (on OS X 10.5 and higher) or the folder named
+ /Library/StartupItems/Privoxy (on OS X 10.4 'Tiger').
+
+
+ To manually start or stop the privoxy service, use the scripts startPrivoxy.sh
+ and stopPrivoxy.sh supplied in /Applications/Privoxy. They must be run from an
+ administrator account, using sudo.
+
+
+ To uninstall, run /Applications/Privoxy/uninstall.command as sudo from an
+ administrator account.
+
+
+
+Installation from source
+
+ To build and install the Privoxy source code on OS X you will need to obtain
+ the macsetup module from the Privoxy Sourceforge CVS repository (refer to
+ Sourceforge help for details of how to set up a CVS client to have read-only
+ access to the repository). This module contains scripts that leverage the usual
+ open-source tools (available as part of Apple's free of charge Xcode
+ distribution or via the usual open-source software package managers for OS X
+ (MacPorts, Homebrew, Fink etc.) to build and then install the privoxy binary
+ and associated files. The macsetup module's README file contains complete
+ instructions for its use.
+
+
+ The privoxy service will automatically start after a successful installation
+ (and thereafter every time your computer starts up) however you will need to
+ configure your web browser(s) to use it. To do so, configure them to use a
+ proxy for HTTP and HTTPS at the address 127.0.0.1:8118.
- The privoxy service will automatically start after a successful
- installation (in addition to every time your computer starts up). To
- prevent the privoxy service from automatically starting when your
- computer starts up, remove or rename the folder named
- /Library/StartupItems/Privoxy.
+ To prevent the privoxy service from automatically starting when your computer
+ starts up, remove or rename the file /Library/LaunchDaemons/org.ijbswa.privoxy.plist
+ (on OS X 10.5 and higher) or the folder named
+ /Library/StartupItems/Privoxy (on OS X 10.4 'Tiger').
To manually start or stop the privoxy service, use the Privoxy Utility
- for Mac OS X. This application controls the privoxy service (e.g.
- starting and stopping the service as well as uninstalling the software).
+ for Mac OS X (also part of the macsetup module). This application can start
+ and stop the privoxy service and display its log and configuration files.
+
+
+ To uninstall, run the macsetup module's uninstall.sh as sudo from an
+ administrator account.
@@ -402,13 +454,6 @@ How to install the binary packages depends on your operating system:
Keeping your Installation Up-to-Date
-
- As user feedback comes in and development continues, we will make updated versions
- of both the main actions file (as a separate
- package) and the software itself (including the actions file) available for
- download.
-
If you wish to receive an email notification whenever we release updates of
@@ -437,8 +482,8 @@ How to install the binary packages depends on your operating system:
What's New in this Release
- Privoxy 3.0.18 is a stable release.
- The changes since 3.0.17 stable are:
+ Privoxy 3.0.19 is a stable release.
+ The changes since 3.0.18 stable are:
@@ -447,6 +492,74 @@ How to install the binary packages depends on your operating system:
Bug fixes:
+
+
+ Prevent a segmentation fault when de-chunking buffered content.
+ It could be triggered by malicious web servers if Privoxy was
+ configured to filter the content and running on a platform
+ where SIZE_T_MAX isn't larger than UINT_MAX, which probably
+ includes most 32-bit systems. On those platforms, all Privoxy
+ versions before 3.0.19 appear to be affected.
+ To be on the safe side, this bug should be presumed to allow
+ code execution as proving that it doesn't seems unrealistic.
+
+
+
+
+ Do not expect a response from the SOCKS4/4A server until it
+ got something to respond to. This regression was introduced
+ in 3.0.18 and prevented the SOCKS4/4A negotiation from working.
+ Reported by qqqqqw in #3459781.
+
+
+
+
+
+
+
+ General improvements:
+
+
+
+ Fix an off-by-one in an error message about connect failures.
+
+
+
+
+ Use a GNUMakefile variable for the webserver root directory and
+ update the path. Sourceforge changed it which broke various
+ web-related targets.
+
+
+
+
+ Update the CODE_STATUS description.
+
+
+
+
+
+
+
+
+
+ The following changes were made between 3.0.17 and 3.0.18:
+
+
+
+
+
+
+ Bug fixes:
+
+
+
+ If a generated redirect URL contains characters RFC 3986 doesn't
+ permit, they are (re)encoded. Not doing this makes Privoxy versions
+ from 3.0.5 to 3.0.17 susceptible to HTTP response splitting (CWE-113)
+ attacks if the +fast-redirects{check-decoded-url} action is used.
+
+
Fix a logic bug that could cause Privoxy to reuse a server
@@ -478,7 +591,7 @@ How to install the binary packages depends on your operating system:
Fix a subtle race condition between prepare_csp_for_next_request()
- and sweep() A thread preparing itself for the next client request
+ and sweep(). A thread preparing itself for the next client request
could briefly appear to be inactive.
If all other threads were already using more recent files,
the thread could get its files swept away under its feet.
@@ -486,6 +599,72 @@ How to install the binary packages depends on your operating system:
valgrind while touching action files in a loop. It's unlikely
to have caused any actual problems in the real world.
+
+
+
+ Disable filters if SDCH compression is used unless filtering is forced.
+ If SDCH was combined with a supported compression algorithm, Privoxy
+ previously could try to decompress it and ditch the Content-Encoding
+ header even though the SDCH compression wasn't dealt with.
+ Reported by zebul666 in #3225863.
+
+
+
+
+ Make a copy of the --user value and only mess with that when splitting
+ user and group. On some operating systems modifying the value directly
+ is reflected in the output of ps and friends and can be misleading.
+ Reported by zepard in #3292710.
+
+
+
+
+ If forwarded-connect-retries is set, only retry if Privoxy is actually
+ forwarding the request. Previously direct connections would be retried
+ as well.
+
+
+
+
+ Fixed a small memory leak when retrying connections with IPv6
+ support enabled.
+
+
+
+
+ Remove an incorrect assertion in compile_dynamic_pcrs_job_list()
+ It could be triggered by a pcrs job with an invalid pcre
+ pattern (for example one that contains a lone quantifier).
+
+
+
+
+ If the --user argument user[.group] contains a dot, always bail out
+ if no group has been specified. Previously the intended, but undocumented
+ (and apparently untested), behaviour was to try interpreting the whole
+ argument as user name, but the detection was flawed and checked for '0'
+ instead of '\0', thus merely preventing group names beginning with a zero.
+
+
+
+
+ In html_code_map[], use a numeric character reference instead of '
+ which wasn't standardized before XHTML 1.0.
+
+
+
+
+ Fix an invalid free when compiled with FEATURE_GRACEFUL_TERMINATION
+ and shut down through http://config.privoxy.org/die
+
+
+
+
+ In get_actions(), fix the "temporary" backwards compatibility hack
+ to accept block actions without reason.
+ It also covered other actions that should be rejected as invalid.
+ Reported by Billy Crook.
+
@@ -525,24 +704,9 @@ How to install the binary packages depends on your operating system:
- Set socket_error to errno if connecting fails in rfc2553_connect_to()
+ Set socket_error to errno if connecting fails in rfc2553_connect_to().
Previously rejected direct connections could be incorrectly reported
- as DNS issues.
-
-
-
-
- Disable filters if SDCH compression is used unless filtering is forced.
- If SDCH was combined with a supported compression algorithm,
- we'd previously try to decompress it, when successful apply
- the enabled filters and ditch the Content-Encoding header
- even though the SDCH compression wasn't removed.
- Reported by zebul666 in #3225863.
-
-
-
-
- Properly deal with FEATURE_TOGGLE being disabled
+ as DNS issues if Privoxy was compiled with IPv6 support.
@@ -550,7 +714,7 @@ How to install the binary packages depends on your operating system:
Adjust url_code_map[] so spaces are replaced with %20 instead of '+'
While '+' can be used by client's submitting form data, this is not
actually what Privoxy is using the lookups for. This is more of a
- cosmetic issue and doesn't fix any actual problems.
+ cosmetic issue and doesn't fix any known problems.
@@ -586,33 +750,6 @@ How to install the binary packages depends on your operating system:
(when grepping in multiple log files) without hassle.
-
-
- Make a copy of the --user value and only mess with that when splitting
- user and group. On some operating systems modifying the value directly
- is reflected in the output of ps and friends and can be misleading.
- Reported by zepard in #3292710.
-
-
-
-
- If forwarded-connect-retries is set, only retry if the we are actually
- forwarding the request. Previously direct connections would be retried
- as well.
-
-
-
-
- Fixed a small memory leak when retrying connection
-
-
-
-
- Remove an incorrect assertion in compile_dynamic_pcrs_job_list()
- It could be triggered by a pcrs job with an invalid pcre
- pattern (for example one that contains a lone quantifier).
-
-
In get_last_url(), do not bother trying to decode URLs that do
@@ -622,76 +759,57 @@ How to install the binary packages depends on your operating system:
- If the --user argument user[.group] contains a dot,
- always bail out if no group has been specified.
- Previously the intended, but undocumented (and apparently
- untested), behaviour was to try interpreting the whole
- argument as user name, but the detection was flawed and
- checked for '0' isntead of '\0', thus merely preventing
- group names beginning with a zero.
-
-
-
-
- Simplify the signal setup in main()
+ In case of SOCKS5 failures, dump the socks response in the log message.
- Streamline socks5_connect() slightly
+ Simplify the signal setup in main().
- In case of SOCKS5 failures, dump the socks response
+ Streamline socks5_connect() slightly.
- In socks5_connect(), require a complete socks response from the server
- Previously we didn't care how much data the server response
+ In socks5_connect(), require a complete socks response from the server.
+ Previously Privoxy didn't care how much data the server response
contained as long as the first two bytes contained the expected
- values.
- While at it, shrink the buffer size so we can't read more
- than a whole socks response. This is required to support
- Tor's optimistic data extension.
+ values. While at it, shrink the buffer size so Privoxy can't read
+ more than a whole socks response.
In chat(), do not bother to generate a client request in case of
- direct CONNECT requests
-
-
-
-
- Reduce server_last_modified()'s stack size
+ direct CONNECT requests. It will not be used anyway.
- Shorten get_http_time() by using strftime()
+ Reduce server_last_modified()'s stack size.
- Constify the known_http_methods pointers in unknown_method()
+ Shorten get_http_time() by using strftime().
- Constify the time_formats pointers in parse_header_time()
+ Constify the known_http_methods pointers in unknown_method().
- Constify the formerly_valid_actions pointers in action_used_to_be_valid()
+ Constify the time_formats pointers in parse_header_time().
- In html_code_map[], use a numeric character reference instead of '
- which wasn't standardized before XHTML 1.0
+ Constify the formerly_valid_actions pointers in action_used_to_be_valid().
@@ -714,7 +832,7 @@ How to install the binary packages depends on your operating system:
- Remove a useless NULL pointer check in load_trustfile()
+ Remove a useless NULL pointer check in load_trustfile().
@@ -725,14 +843,13 @@ How to install the binary packages depends on your operating system:
Change url_code_map[] from an array of pointers to an array of arrays
- It removes an unnecessary layer of indirection and on
- 64bit system reduces the size of the binary a bit.
+ It removes an unnecessary layer of indirection and on 64bit system reduces
+ the size of the binary a bit.
- Fix various typos.
- Fixes taken from Debian's 29_typos.dpatch by Roland Rosenfeld.
+ Fix various typos. Fixes taken from Debian's 29_typos.dpatch by Roland Rosenfeld.
@@ -759,10 +876,9 @@ How to install the binary packages depends on your operating system:
- Add a dedicated function to parse the values of toggles
- Reduces duplicated code in load_config() and provides
- better error handling. Invalid or missing toggle values
- are now a fatal error instead of being silently ignored.
+ Add a dedicated function to parse the values of toggles. Reduces duplicated
+ code in load_config() and provides better error handling. Invalid or missing
+ toggle values are now a fatal error instead of being silently ignored.
@@ -778,7 +894,7 @@ How to install the binary packages depends on your operating system:
In LogPutString(), don't bother looking at pszText when not
- actually logging anything
+ actually logging anything.
@@ -796,7 +912,7 @@ How to install the binary packages depends on your operating system:
- In rfc2553_connect_to(), start setting cgi->error_message on error
+ In rfc2553_connect_to(), start setting cgi->error_message on error.
@@ -820,44 +936,30 @@ How to install the binary packages depends on your operating system:
- Fix an invalid free when compiled with FEATURE_GRACEFUL_TERMINATION
- and shut down through http://config.privoxy.org/die
-
-
-
-
- Don't enforce a logical line length limit in read_config_line()
+ Don't enforce a logical line length limit in read_config_line().
- Slightly refactor server_last_modified() to remove useless gmtime*() calls
+ Slightly refactor server_last_modified() to remove useless gmtime*() calls.
- In get_content_type(), also recognize '.jpeg' as JPEG extension
+ In get_content_type(), also recognize '.jpeg' as JPEG extension.
- Add '.png' to the list of recognized file extenstions in get_content_type()
+ Add '.png' to the list of recognized file extensions in get_content_type().
In block_url(), consistently use the block reason "Request blocked by Privoxy"
- In two places the reason was "Request for blocked URL" which
- hides the fact that the request got blocked by Privoxy and
- isn't necessarly correct as the block may be due to tags.
-
-
-
-
- In get_actions(), fix the "temporary" backwards compatibility hack
- to accept block actions without reason.
- It also covered other actions that should be rejected as invalid.
- Reported by Billy Crook.
+ In two places the reason was "Request for blocked URL" which hides the
+ fact that the request got blocked by Privoxy and isn't necessarily
+ correct as the block may be due to tags.
@@ -878,16 +980,16 @@ How to install the binary packages depends on your operating system:
- The socket timeout is used for SOCKS negotiation as well.
+ The socket timeout is used for SOCKS negotiations as well which
+ previously couldn't timeout.
Don't keep the client connection alive if any configuration file
- changed since the time the connection came in.
- This is closer to Privoxy's behaviour before keep-alive support
- for client connection has been added and also less confusing in
- general.
+ changed since the time the connection came in. This is closer to
+ Privoxy's behaviour before keep-alive support for client connection
+ has been added and also less confusing in general.
@@ -913,27 +1015,26 @@ How to install the binary packages depends on your operating system:
- Remove -prevent-compression from the fragile alias
- It's no longer used anywhere by default and isn't
- known to break stuff anyway.
+ Remove -prevent-compression from the fragile alias. It's no longer
+ used anywhere by default and isn't known to break stuff anyway.
- Add a (disabled) section to block various Facebook tracking URLs
+ Add a (disabled) section to block various Facebook tracking URLs.
Reported by Dan Stahlke in #3421764.
Add a (disabled) section to rewrite and redirect click-tracking
- URLs used on news.google.com
+ URLs used on news.google.com.
Reported by Dan Stahlke in #3421755.
- Unblock linuxcounter.net/
+ Unblock linuxcounter.net/.
Reported by Dan Stahlke in #3422612.
@@ -957,7 +1058,7 @@ How to install the binary packages depends on your operating system:
- Unblock and fast-redirect ".awin1.com/.*=http://"
+ Unblock and fast-redirect ".awin1.com/.*=http://".
Reported by Adam Piggott in #3170921.
@@ -980,34 +1081,34 @@ How to install the binary packages depends on your operating system:
- Disable banners-by-size filters for '.thinkgeek.com/'
+ Disable banners-by-size filters for '.thinkgeek.com/'.
The filter only seems to catch pictures of the inventory.
- Block requests for 'go.idmnet.bbelements.com/please/showit/'
+ Block requests for 'go.idmnet.bbelements.com/please/showit/'.
Reported by kacperdominik in #3372959.
- Unblock adainitiative.org/
+ Unblock adainitiative.org/.
- Add a fast-redirects exception for '.googleusercontent.com/.*=cache'
+ Add a fast-redirects exception for '.googleusercontent.com/.*=cache'.
- Add a fast-redirects exception for webcache.googleusercontent.com/
+ Add a fast-redirects exception for webcache.googleusercontent.com/.
- Unblock http://adassier.wordpress.com/ and http://adassier.files.wordpress.com/
+ Unblock http://adassier.wordpress.com/ and http://adassier.files.wordpress.com/.
@@ -1019,23 +1120,19 @@ How to install the binary packages depends on your operating system:
- Let the yahoo filter hide '.ads'
-
-
-
-
- Let the msn filter hide overlay ads for Facebook 'likes' in search results.
+ Let the yahoo filter hide '.ads'.
- Let the msn filter hide elements with the id 's_notf_div'.
- They only seem to be used to advertise site 'enhancements'.
+ Let the msn filter hide overlay ads for Facebook 'likes' in search
+ results and elements with the id 's_notf_div'. They only seem to be
+ used to advertise site 'enhancements'.
- Let the js-events filter additionally disarm setInterval()
+ Let the js-events filter additionally disarm setInterval().
Suggested by dg1727 in #3423775.
@@ -1048,29 +1145,27 @@ How to install the binary packages depends on your operating system:
- Clarify the effect of compiling Privoxy with zlib support
+ Clarify the effect of compiling Privoxy with zlib support.
Suggested by dg1727 in #3423782.
- Point out that the SourceForge messaging system works
- like a blackhole and should thus not be used to contact
- individual developers.
+ Point out that the SourceForge messaging system works like a black
+ hole and should thus not be used to contact individual developers.
- Mention some of the problems one can experience when not
- explicitly configuring an IP addresses as listen address.
+ Mention some of the problems one can experience when not explicitly
+ configuring an IP addresses as listen address.
- Explicitly mention that hostnames can be used instead of
- IP addresses for the listen-address, that only the first
- address returned will be used and what happens if the
- address is invalid.
+ Explicitly mention that hostnames can be used instead of IP addresses
+ for the listen-address, that only the first address returned will be
+ used and what happens if the address is invalid.
Requested by Calestyo in #3302213.
@@ -1083,49 +1178,49 @@ How to install the binary packages depends on your operating system:
- If only the server connection is kept alive, do not pretent to
+ If only the server connection is kept alive, do not pretend to
wait for a new client request.
- Remove a superfluos log message in forget_connection()
+ Remove a superfluous log message in forget_connection().
In chat(), properly report missing server responses as such
- instead of calling them empty
+ instead of calling them empty.
- In forwarded_connect(), fix a log message nobody should ever see
+ In forwarded_connect(), fix a log message nobody should ever see.
Fix a log message in socks5_connect(), a failed write operation
- was logged as failed read operation
+ was logged as failed read operation.
Let load_one_actions_file() properly complain about a missing
- '{' at the beginning of the file
+ '{' at the beginning of the file.
Simply stating that a line is invalid isn't particularly helpful.
- Do not claim to listen on a socket until we actually do.
+ Do not claim to listen on a socket until Privoxy actually does.
Patch submitted by Petr Pisar #3354485
Prevent a duplicated LOG_LEVEL_CLF message when sending out
- the "no-server-data" response
+ the "no-server-data" response.
@@ -1143,7 +1238,7 @@ How to install the binary packages depends on your operating system:
Prevent a duplicated log message if none of the resolved IP
- addresses were reachable
+ addresses were reachable.
@@ -1160,47 +1255,46 @@ How to install the binary packages depends on your operating system:
- In rfc2553_connect_to(), explain getnameinfo() errors differently.
+ In rfc2553_connect_to(), explain getnameinfo() errors better.
- Remove a useless log message in chat()
+ Remove a useless log message in chat().
When retrying to connect, also log the maximum number of connection
- attempts
+ attempts.
- Rephrase a log message in compile_dynamic_pcrs_job_list()
- Divide the error code and its meaning with a colon.
- Call the pcrs job dynamic and not the filter. Filters may
- contain dynamic and non-dynamic pcrs jobs at the same time.
- Only mention the name of the filter or tagger, but don't
- claim it's a filter when it could be a tagger.
+ Rephrase a log message in compile_dynamic_pcrs_job_list().
+ Divide the error code and its meaning with a colon. Call the pcrs
+ job dynamic and not the filter. Filters may contain dynamic and
+ non-dynamic pcrs jobs at the same time. Only mention the name of
+ the filter or tagger, but don't claim it's a filter when it could
+ be a tagger.
In a fatal error message in load_one_actions_file(), cover both
- URL and TAG patterns
+ URL and TAG patterns.
In pcrs_strerror(), properly report unknown positive error code
- values as unknown.
- Previously they were handled like 0 (no error).
+ values as such. Previously they were handled like 0 (no error).
In compile_dynamic_pcrs_job_list(), also log the actual error code as
- pcrs_strerror() doesn't handle all errors reported by pcre
+ pcrs_strerror() doesn't handle all errors reported by pcre.
@@ -1211,24 +1305,24 @@ How to install the binary packages depends on your operating system:
- Make two fatal error message in load_one_actions_file() more descriptive
+ Make two fatal error message in load_one_actions_file() more descriptive.
- In cgi_send_user_manual(), log when rejecting a file name due to '/' or '..'
+ In cgi_send_user_manual(), log when rejecting a file name due to '/' or '..'.
- In load_file(), log a message if opening a file failed
+ In load_file(), log a message if opening a file failed.
The CGI error message alone isn't too helpful.
- In connection_destination_matches(), improve two log messages to
- help understand why the destinations don't match
+ In connection_destination_matches(), improve two log messages
+ to help understand why the destinations don't match.
@@ -1246,9 +1340,8 @@ How to install the binary packages depends on your operating system:
Let mark_server_socket_tainted() always mark the server socket tainted,
- just don't talk about it in cases where it has no effect.
- It doesn't change Privoxy's behaviour, but makes understanding
- the log file easier.
+ just don't talk about it in cases where it has no effect. It doesn't change
+ Privoxy's behaviour, but makes understanding the log file easier.
@@ -1271,22 +1364,22 @@ How to install the binary packages depends on your operating system:
- Remove a useless test for setpgrp(2). Privoxy doesn't
- need it and it can cause problems when cross-compiling
+ Remove a useless test for setpgrp(2). Privoxy doesn't need it and
+ it can cause problems when cross-compiling.
- Rename the --disable-acl-files switch to --disable-acl-support
- Since about 2001, ACL directives are specified in the standard config file.
+ Rename the --disable-acl-files switch to --disable-acl-support.
+ Since about 2001, ACL directives are specified in the standard
+ config file.
Update the URL of the 'Removing outdated PCRE version after the
- next stable release' posting.
- The old URL stopped working after one of SF's recent layout pessimizations.
- Reported by Han Liu.
+ next stable release' posting. The old URL stopped working after
+ one of SF's recent site "optimizations". Reported by Han Liu.
@@ -1298,29 +1391,27 @@ How to install the binary packages depends on your operating system:
- Added --shuffle-tests option to increase the chances of detection race conditions
+ Added --shuffle-tests option to increase the chances of detection race conditions.
- Added a --local-test-file option that allows to use Privoxy-Regression-Test without Privoxy
+ Added a --local-test-file option that allows to use Privoxy-Regression-Test without Privoxy.
- Added tests for missing socks4 and socks4a forwarders
+ Added tests for missing socks4 and socks4a forwarders.
- The --privoxy-address option now works with IPv6 addresses
- containing brackets, too
+ The --privoxy-address option now works with IPv6 addresses containing brackets, too.
- Perform limited sanity checks for parameters that are supposed
- to have numerical values.
+ Perform limited sanity checks for parameters that are supposed to have numerical values.
@@ -1331,7 +1422,7 @@ How to install the binary packages depends on your operating system:
- Disable the range-requests tagger for tests that break if it's enabled
+ Disable the range-requests tagger for tests that break if it's enabled.
@@ -1348,6 +1439,11 @@ How to install the binary packages depends on your operating system:
In the --help output, include a list of supported tests and their default levels.
+
+
+
+ Adjust the tests to properly deal with FEATURE_TOGGLE being disabled.
+
@@ -1358,8 +1454,8 @@ How to install the binary packages depends on your operating system:
- Perform limited sanity checks for parameters that are supposed
- to have numerical values.
+ Perform limited sanity checks for command line parameters that
+ are supposed to have numerical values.
@@ -1389,7 +1485,7 @@ How to install the binary packages depends on your operating system:
- Accept log messages with ISO 8601 time stamps, too
+ Accept log messages with ISO 8601 time stamps, too.
@@ -1401,13 +1497,14 @@ How to install the binary packages depends on your operating system:
- Bump generated Firefox version to 8.0
+ Bump generated Firefox version to 8.0.
- Only randomize the release date if the new --randomize-release-date option is enabled.
- Firefox versions after 4 use a fixed date string without meaning.
+ Only randomize the release date if the new --randomize-release-date
+ option is enabled. Firefox versions after 4 use a fixed date string
+ without meaning.
@@ -2336,6 +2433,27 @@ must find a better place for this paragraph
+
+
+ --config-test
+
+
+ Exit after loading the configuration files before binding to
+ the listen address. The exit code signals whether or not the
+ configuration files have been successfully loaded.
+
+
+ If the exit code is 1, at least one of the configuration files
+ is invalid, if it is 0, all the configuration files have been
+ successfully loaded (but may still contain errors that can
+ currently only be detected at run time).
+
+
+ This option doesn't affect the log setting, combination with
+ --no-daemon is recommended if a configured
+ log file shouldn't be used.
+
+ --version
@@ -3847,7 +3965,7 @@ for details.
and use their output as input.
- If the request URL gets changed, &my-app; will detect that and use the new
+ If the request URI gets changed, &my-app; will detect that and use the new
one. This can be used to rewrite the request destination behind the client's
back, for example to specify a Tor exit relay for certain requests.
@@ -3869,7 +3987,7 @@ for details.
{+client-header-filter{hide-tor-exit-notation}}
/
-
+
@@ -3963,6 +4081,22 @@ TAG:^User-Agent: fetch libfetch/
TAG:^User-Agent: Ubuntu APT-HTTP/
TAG:^User-Agent: MPlayer/
+
+
+
+# Tag all requests with the Range header set
+{+client-header-tagger{range-requests}}
+/
+
+# Disable filtering for the tagged requests.
+#
+# With filtering enabled Privoxy would remove the Range headers
+# to be able to filter the whole response. The downside is that
+# it prevents clients from resuming downloads or skipping over
+# parts of multimedia files.
+{-filter -deanimate-gifs}
+TAG:^RANGE-REQUEST$
+
@@ -4581,9 +4715,19 @@ new action
This is a left-over from the time when Privoxy
didn't support important HTTP/1.1 features well. It is left here for the
- unlikely case that you experience HTTP/1.1 related problems with some server
- out there. Not all HTTP/1.1 features and requirements are supported yet,
- so there is a chance you might need this action.
+ unlikely case that you experience HTTP/1.1-related problems with some server
+ out there.
+
+
+ Note that enabling this action is only a workaround. It should not
+ be enabled for sites that work without it. While it shouldn't break
+ any pages, it has an (usually negative) performance impact.
+
+
+ If you come across a site where enabling this action helps, please report it,
+ so the cause of the problem can be analyzed. If the problem turns out to be
+ caused by a bug in Privoxy it should be
+ fixed so the following release works without the work around.
@@ -5927,18 +6071,16 @@ new action
+
-
-prevent-compression
+
+limit-cookie-lifetimeTypical use:
-
- Ensure that servers send the content uncompressed, so it can be
- passed through filters.
-
+ Limit the lifetime of HTTP cookies to a couple of minutes or hours.
@@ -5946,7 +6088,7 @@ new action
Effect:
- Removes the Accept-Encoding header which can be used to ask for compressed transfer.
+ Overwrites the expires field in Set-Cookie server headers if it's above the specified limit.
@@ -5955,7 +6097,7 @@ new action
Type:
- Boolean.
+ Parameterized.
@@ -5963,7 +6105,7 @@ new action
Parameter:
- N/A
+ The lifetime limit in minutes, or 0.
@@ -5972,53 +6114,143 @@ new action
Notes:
- More and more websites send their content compressed by default, which
- is generally a good idea and saves bandwidth. But the filter and
- deanimate-gifs
- actions need access to the uncompressed data.
+ This action reduces the lifetime of HTTP cookies coming from the
+ server to the specified number of minutes, starting from the time
+ the cookie passes Privoxy.
- When compiled with zlib support (available since &my-app; 3.0.7), content that should be
- filtered is decompressed on-the-fly and you don't have to worry about this action.
- If you are using an older &my-app; version, or one that hasn't been compiled with zlib
- support, this action can be used to convince the server to send the content uncompressed.
+ Cookies with a lifetime below the limit are not modified.
+ The lifetime of session cookies is set to the specified limit.
- Most text-based instances compress very well, the size is seldom decreased by less than 50%,
- for markup-heavy instances like news feeds saving more than 90% of the original size isn't
- unusual.
+ The effect of this action depends on the server.
- Not using compression will therefore slow down the transfer, and you should only
- enable this action if you really need it. As of &my-app; 3.0.7 it's disabled in all
- predefined action settings.
+ In case of servers which refresh their cookies with each response
+ (or at least frequently), the lifetime limit set by this action
+ is updated as well.
+ Thus, a session associated with the cookie continues to work with
+ this action enabled, as long as a new request is made before the
+ last limit set is reached.
- Note that some (rare) ill-configured sites don't handle requests for uncompressed
- documents correctly. Broken PHP applications tend to send an empty document body,
- some IIS versions only send the beginning of the content. If you enable
- prevent-compression per default, you might want to add
- exceptions for those sites. See the example for how to do that.
+ However, some servers send their cookies once, with a lifetime of several
+ years (the year 2037 is a popular choice), and do not refresh them
+ until a certain event in the future, for example the user logging out.
+ In this case this action may limit the absolute lifetime of the session,
+ even if requests are made frequently.
+
+
+ If the parameter is 0, this action behaves like
+ session-cookies-only.
- Example usage (sections):
+ Example usages:
-
-
-# Selectively turn off compression, and enable a filter
-#
-{ +filter{tiny-textforms} +prevent-compression }
-# Match only these sites
- .google.
- sourceforge.net
- sf.net
-
-# Or instead, we could set a universal default:
-#
+
+ +limit-cookie-lifetime{60}
+
+
+
+
+
+
+
+
+
+prevent-compression
+
+
+
+ Typical use:
+
+
+ Ensure that servers send the content uncompressed, so it can be
+ passed through filters.
+
+
+
+
+
+ Effect:
+
+
+ Removes the Accept-Encoding header which can be used to ask for compressed transfer.
+
+
+
+
+
+ Type:
+
+
+ Boolean.
+
+
+
+
+ Parameter:
+
+
+ N/A
+
+
+
+
+
+ Notes:
+
+
+ More and more websites send their content compressed by default, which
+ is generally a good idea and saves bandwidth. But the filter and
+ deanimate-gifs
+ actions need access to the uncompressed data.
+
+
+ When compiled with zlib support (available since &my-app; 3.0.7), content that should be
+ filtered is decompressed on-the-fly and you don't have to worry about this action.
+ If you are using an older &my-app; version, or one that hasn't been compiled with zlib
+ support, this action can be used to convince the server to send the content uncompressed.
+
+
+ Most text-based instances compress very well, the size is seldom decreased by less than 50%,
+ for markup-heavy instances like news feeds saving more than 90% of the original size isn't
+ unusual.
+
+
+ Not using compression will therefore slow down the transfer, and you should only
+ enable this action if you really need it. As of &my-app; 3.0.7 it's disabled in all
+ predefined action settings.
+
+
+ Note that some (rare) ill-configured sites don't handle requests for uncompressed
+ documents correctly. Broken PHP applications tend to send an empty document body,
+ some IIS versions only send the beginning of the content. If you enable
+ prevent-compression per default, you might want to add
+ exceptions for those sites. See the example for how to do that.
+
+
+
+
+
+ Example usage (sections):
+
+
+
+# Selectively turn off compression, and enable a filter
+#
+{ +filter{tiny-textforms} +prevent-compression }
+# Match only these sites
+ .google.
+ sourceforge.net
+ sf.net
+
+# Or instead, we could set a universal default:
+#
{ +prevent-compression }
/ # Match all sites
@@ -6183,6 +6415,10 @@ new action
either provided as parameter, or derived by applying a
single pcrs command to the original URL.
+
+ The syntax for pcrs commands is documented in the
+ filter file section.
+
This action will be ignored if you use it together with
block.
@@ -7803,7 +8039,7 @@ pre-defined filters for your convenience:
- refresh tags
+ refresh-tags
Disable any refresh tags if the interval is greater than nine seconds (so
@@ -9377,994 +9613,6 @@ In file: user.action [ View ][ Edit ] style.
- - Small fixes in the actions chapter
- - Small clarifications in the quickstart to ad blocking
- - Removed from s since the new doc CSS
- renders them red (bad in TOC).
-
- Revision 1.120 2002/05/23 19:16:43 roro
- Correct Debian specials (installation and startup).
-
- Revision 1.119 2002/05/22 17:17:05 oes
- Added Security hint
-
- Revision 1.118 2002/05/21 04:54:55 hal9
- -New Section: Quickstart to Ad Blocking
- -Reformat Actions Anatomy to match new CGI layout
-
- Revision 1.117 2002/05/17 13:56:16 oes
- - Reworked & extended Templates chapter
- - Small changes to Regex appendix
- - #included authors.sgml into (C) and hist chapter
-
- Revision 1.116 2002/05/17 03:23:46 hal9
- Fixing merge conflict in Quickstart section.
-
- Revision 1.115 2002/05/16 16:25:00 oes
- Extended the Filter File chapter & minor fixes
-
- Revision 1.114 2002/05/16 09:42:50 oes
- More ulink->link, added some hints to Quickstart section
-
- Revision 1.113 2002/05/15 21:07:25 oes
- Extended and further commented the example actions files
-
- Revision 1.112 2002/05/15 03:57:14 hal9
- Spell check. A few minor edits here and there for better syntax and
- clarification.
-
- Revision 1.111 2002/05/14 23:01:36 oes
- Fixing the fixes
-
- Revision 1.110 2002/05/14 19:10:45 oes
- Restored alphabetical order of actions
-
- Revision 1.109 2002/05/14 17:23:11 oes
- Renamed the prevent-*-cookies actions, extended aliases section and moved it before the example AFs
-
- Revision 1.108 2002/05/14 15:29:12 oes
- Completed proofreading the actions chapter
-
- Revision 1.107 2002/05/12 03:20:41 hal9
- Small clarifications for 127.0.0.1 vs localhost for listen-address since this
- apparently an important distinction for some OS's.
-
- Revision 1.106 2002/05/10 01:48:20 hal9
- This is mostly proposed copyright/licensing additions and changes. Docs
- are still GPL, but licensing and copyright are more visible. Also, copyright
- changed in doc header comments (eliminate references to JB except FAQ).
-
- Revision 1.105 2002/05/05 20:26:02 hal9
- Sorting out license vs copyright in these docs.
-
- Revision 1.104 2002/05/04 08:44:45 swa
- bumped version
-
- Revision 1.103 2002/05/04 00:40:53 hal9
- -Remove the TOC first page kludge. It's fixed proper now in ldp.dsl.in.
- -Some minor additions to Quickstart.
-
- Revision 1.102 2002/05/03 17:46:00 oes
- Further proofread & reactivated short build instructions
-
- Revision 1.101 2002/05/03 03:58:30 hal9
- Move the user-manual config directive to top of section. Add note about
- Privoxy needing read permissions for configs, and write for logs.
-
- Revision 1.100 2002/04/29 03:05:55 hal9
- Add clarification on differences of new actions files.
-
- Revision 1.99 2002/04/28 16:59:05 swa
- more structure in starting section
-
- Revision 1.98 2002/04/28 05:43:59 hal9
- This is the break up of configuration.html into multiple files. This
- will probably break links elsewhere :(
-
- Revision 1.97 2002/04/27 21:04:42 hal9
- -Rewrite of Actions File example.
- -Add section for user-manual directive in config.
-
- Revision 1.96 2002/04/27 05:32:00 hal9
- -Add short section to Filter Files to tie in with +filter action.
- -Start rewrite of examples in Actions Examples (not finished).
-
- Revision 1.95 2002/04/26 17:23:29 swa
- bookmarks cleaned, changed structure of user manual, screen and programlisting cleanups, and numerous other changes that I forgot
-
- Revision 1.94 2002/04/26 05:24:36 hal9
- -Add most of Andreas suggestions to Chain of Events section.
- -A few other minor corrections and touch up.
-
- Revision 1.92 2002/04/25 18:55:13 hal9
- More catchups on new actions files, and new actions names.
- Other assorted cleanups, and minor modifications.
-
- Revision 1.91 2002/04/24 02:39:31 hal9
- Add 'Chain of Events' section.
-
- Revision 1.90 2002/04/23 21:41:25 hal9
- Linuxconf is deprecated on RH, substitute chkconfig.
-
- Revision 1.89 2002/04/23 21:05:28 oes
- Added hint for startup on Red Hat
-
- Revision 1.88 2002/04/23 05:37:54 hal9
- Add AmigaOS install stuff.
-
- Revision 1.87 2002/04/23 02:53:15 david__schmidt
- Updated Mac OS X installation section
- Added a few English tweaks here an there
-
- Revision 1.86 2002/04/21 01:46:32 hal9
- Re-write actions section.
-
- Revision 1.85 2002/04/18 21:23:23 hal9
- Fix ugly typo (mine).
-
- Revision 1.84 2002/04/18 21:17:13 hal9
- Spell Redhat correctly (ie Red Hat). A few minor grammar corrections.
-
- Revision 1.83 2002/04/18 18:21:12 oes
- Added RPM install detail
-
- Revision 1.82 2002/04/18 12:04:50 oes
- Cosmetics
-
- Revision 1.81 2002/04/18 11:50:24 oes
- Extended Install section - needs fixing by packagers
-
- Revision 1.80 2002/04/18 10:45:19 oes
- Moved text to buildsource.sgml, renamed some filters, details
-
- Revision 1.79 2002/04/18 03:18:06 hal9
- Spellcheck, and minor touchups.
-
- Revision 1.78 2002/04/17 18:04:16 oes
- Proofreading part 2
-
- Revision 1.77 2002/04/17 13:51:23 oes
- Proofreading, part one
-
- Revision 1.76 2002/04/16 04:25:51 hal9
- -Added 'Note to Upgraders' and re-ordered the 'Quickstart' section.
- -Note about proxy may need requests to re-read config files.
-
- Revision 1.75 2002/04/12 02:08:48 david__schmidt
- Remove OS/2 building info... it is already in the developer-manual
-
- Revision 1.74 2002/04/11 00:54:38 hal9
- Add small section on submitting actions.
-
- Revision 1.73 2002/04/10 18:45:15 swa
- generated
-
- Revision 1.72 2002/04/10 04:06:19 hal9
- Added actions feedback to Bookmarklets section
-
- Revision 1.71 2002/04/08 22:59:26 hal9
- Version update. Spell chkconfig correctly :)
-
- Revision 1.70 2002/04/08 20:53:56 swa
- ?
-
- Revision 1.69 2002/04/06 05:07:29 hal9
- -Add privoxy-man-page.sgml, for man page.
- -Add authors.sgml for AUTHORS (and p-authors.sgml)
- -Reworked various aspects of various docs.
- -Added additional comments to sub-docs.
-
- Revision 1.68 2002/04/04 18:46:47 swa
- consistent look. reuse of copyright, history et. al.
-
- Revision 1.67 2002/04/04 17:27:57 swa
- more single file to be included at multiple points. make maintaining easier
-
- Revision 1.66 2002/04/04 06:48:37 hal9
- Structural changes to allow for conditional inclusion/exclusion of content
- based on entity toggles, e.g. 'entity % p-not-stable "INCLUDE"'. And
- definition of internal entities, e.g. 'entity p-version "2.9.13"' that will
- eventually be set by Makefile.
- More boilerplate text for use across multiple docs.
-
- Revision 1.65 2002/04/03 19:52:07 swa
- enhance squid section due to user suggestion
-
- Revision 1.64 2002/04/03 03:53:43 hal9
- A few minor bug fixes, and touch ups. Ready for review.
-
- Revision 1.63 2002/04/01 16:24:49 hal9
- Define entities to include boilerplate text. See doc/source/*.
-
- Revision 1.62 2002/03/30 04:15:53 hal9
- - Fix privoxy.org/config links.
- - Paste in Bookmarklets from Toggle page.
- - Move Quickstart nearer top, and minor rework.
-
- Revision 1.61 2002/03/29 01:31:08 hal9
- Minor update.
-
- Revision 1.60 2002/03/27 01:57:34 hal9
- Added more to Anatomy section.
-
- Revision 1.59 2002/03/27 00:54:33 hal9
- Touch up intro for new name.
-
- Revision 1.58 2002/03/26 22:29:55 swa
- we have a new homepage!
-
- Revision 1.57 2002/03/24 20:33:30 hal9
- A few minor catch ups with name change.
-
- Revision 1.56 2002/03/24 16:17:06 swa
- configure needs to be generated.
-
- Revision 1.55 2002/03/24 16:08:08 swa
- we are too lazy to make a block-built
- privoxy logo. hence removed the option.
-
- Revision 1.54 2002/03/24 15:46:20 swa
- name change related issue.
-
- Revision 1.53 2002/03/24 11:51:00 swa
- name change. changed filenames.
-
- Revision 1.52 2002/03/24 11:01:06 swa
- name change
-
- Revision 1.51 2002/03/23 15:13:11 swa
- renamed every reference to the old name with foobar.
- fixed "application foobar application" tag, fixed
- "the foobar" with "foobar". left junkbustser in cvs
- comments and remarks to history untouched.
-
- Revision 1.50 2002/03/23 05:06:21 hal9
- Touch up.
-
- Revision 1.49 2002/03/21 17:01:05 hal9
- New section in Appendix.
-
- Revision 1.48 2002/03/12 06:33:01 hal9
- Catching up to Andreas and re_filterfile changes.
-
- Revision 1.47 2002/03/11 13:13:27 swa
- correct feedback channels
-
- Revision 1.46 2002/03/10 00:51:08 hal9
- Added section on JB internal pages in Appendix.
-
- Revision 1.45 2002/03/09 17:43:53 swa
- more distros
-
- Revision 1.44 2002/03/09 17:08:48 hal9
- New section on Jon's actions file editor, and move some stuff around.
-
- Revision 1.43 2002/03/08 00:47:32 hal9
- Added imageblock{pattern}.
-
- Revision 1.42 2002/03/07 18:16:55 swa
- looks better
-
- Revision 1.41 2002/03/07 16:46:43 hal9
- Fix a few markup problems for jade.
-
- Revision 1.40 2002/03/07 16:28:39 swa
- provide correct feedback channels
-
- Revision 1.39 2002/03/06 16:19:28 hal9
- Note on perceived filtering slowdown per FR.
-
- Revision 1.38 2002/03/05 23:55:14 hal9
- Stupid I did it again. Double hyphen in comment breaks jade.
-
- Revision 1.37 2002/03/05 23:53:49 hal9
- jade barfs on '- -' embedded in comments. - -user option broke it.
-
- Revision 1.36 2002/03/05 22:53:28 hal9
- Add new - - user option.
-
- Revision 1.35 2002/03/05 00:17:27 hal9
- Added section on command line options.
-
- Revision 1.34 2002/03/04 19:32:07 oes
- Changed default port to 8118
-
- Revision 1.33 2002/03/03 19:46:13 hal9
- Emphasis on where/how to report bugs, etc
-
- Revision 1.32 2002/03/03 09:26:06 joergs
- AmigaOS changes, config is now loaded from PROGDIR: instead of
- AmiTCP:db/junkbuster/ if no configuration file is specified on the
- command line.
-
- Revision 1.31 2002/03/02 22:45:52 david__schmidt
- Just tweaking
-
- Revision 1.30 2002/03/02 22:00:14 hal9
- Updated 'New Features' list. Ran through spell-checker.
-
- Revision 1.29 2002/03/02 20:34:07 david__schmidt
- Update OS/2 build section
-
- Revision 1.28 2002/02/24 14:34:24 jongfoster
- Formatting changes. Now changing the doctype to DocBook XML 4.1
- will work - no other changes are needed.
-
- Revision 1.27 2002/01/11 14:14:32 hal9
- Added a very short section on Templates
-
- Revision 1.26 2002/01/09 20:02:50 hal9
- Fix bug re: auto-detect config file changes.
-
- Revision 1.25 2002/01/09 18:20:30 hal9
- Touch ups for *.action files.
-
- Revision 1.24 2001/12/02 01:13:42 hal9
- Fix typo.
-
- Revision 1.23 2001/12/02 00:20:41 hal9
- Updates for recent changes.
-
- Revision 1.22 2001/11/05 23:57:51 hal9
- Minor update for startup now daemon mode.
-
- Revision 1.21 2001/10/31 21:11:03 hal9
- Correct 2 minor errors
-
- Revision 1.18 2001/10/24 18:45:26 hal9
- *** empty log message ***
-
- Revision 1.17 2001/10/24 17:10:55 hal9
- Catching up with Jon's recent work, and a few other things.
-
- Revision 1.16 2001/10/21 17:19:21 swa
- wrong url in documentation
-
- Revision 1.15 2001/10/14 23:46:24 hal9
- Various minor changes. Fleshed out SEE ALSO section.
-
- Revision 1.13 2001/10/10 17:28:33 hal9
- Very minor changes.
-
- Revision 1.12 2001/09/28 02:57:04 hal9
- Ditto :/
-
- Revision 1.11 2001/09/28 02:25:20 hal9
- Ditto.
-
- Revision 1.9 2001/09/27 23:50:29 hal9
- A few changes. A short section on regular expression in appendix.
-
- Revision 1.8 2001/09/25 00:34:59 hal9
- Some additions, and re-arranging.
-
- Revision 1.7 2001/09/24 14:31:36 hal9
- Diddling.
-
- Revision 1.6 2001/09/24 14:10:32 hal9
- Including David's OS/2 installation instructions.
-
- Revision 1.2 2001/09/13 15:27:40 swa
- cosmetics
-
- Revision 1.1 2001/09/12 15:36:41 swa
- source files for junkbuster documentation
-
- Revision 1.3 2001/09/10 17:43:59 swa
- first proposal of a structure.
-
- Revision 1.2 2001/06/13 14:28:31 swa
- docs should have an author.
-
- Revision 1.1 2001/06/13 14:20:37 swa
- first import of project's documentation for the webserver.
-
-->
</article>