X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;ds=sidebyside;f=doc%2Fsource%2Fuser-manual.sgml;h=1c15cc5ab45a07ca036ceeb6c965754b4be8abe8;hb=c1c254de39540a55a837a6ab24b6a4ce22fc7fa2;hp=09a6d786616405215c7336bf3362d21cfb004b73;hpb=03823f0f8c5523a04a1d50c74a84b9cda0e06f75;p=privoxy.git
diff --git a/doc/source/user-manual.sgml b/doc/source/user-manual.sgml
index 09a6d786..1c15cc5a 100644
--- a/doc/source/user-manual.sgml
+++ b/doc/source/user-manual.sgml
@@ -10,14 +10,15 @@
+
-
-
+
+
-
-
+
+
@@ -34,7 +35,7 @@
Purpose : user manual
- Copyright (C) 2001-2018 Privoxy Developers https://www.privoxy.org/
+ Copyright (C) 2001-2020 Privoxy Developers https://www.privoxy.org/
See LICENSE.
========================================================================
@@ -53,7 +54,7 @@
- Copyright &my-copy; 2001-2018 by
+ Copyright &my-copy; 2001-2020 by
Privoxy Developers
@@ -1517,7 +1518,7 @@ for details.
▪ View & change the current configuration
- ▪ View the source code version numbers
+ ▪ View or toggle the tags that can be set based on the clients address
▪ View the request headers.
@@ -3801,6 +3802,7 @@ problem-host.example.com
+
external-filter
@@ -3986,7 +3988,7 @@ problem-host.example.com
looks for the string http://, either in plain text
(invalid but often used) or encoded as http%3a//.
Some sites use their own URL encoding scheme, encrypt the address
- of the target server or replace it with a database id. In theses cases
+ of the target server or replace it with a database id. In these cases
fast-redirects is fooled and the request reaches the
redirection server where it probably gets logged.
@@ -5146,6 +5148,151 @@ new action
+
+
+https-inspection
+
+
+
+ Typical use:
+
+ Filter encrypted requests and responses
+
+
+
+
+ Effect:
+
+
+ Encrypted requests are decrypted, filtered and forwarded encrypted.
+
+
+
+
+
+ Type:
+
+
+ Boolean.
+
+
+
+
+ Parameter:
+
+
+ N/A
+
+
+
+
+
+ Notes:
+
+
+ This action allows &my-app; to filter encrypted requests and responses.
+ For this to work &my-app; has to generate a certificate and send it
+ to the client which has to accept it.
+
+
+ Before this works the directives in the
+ TLS section
+ of the config file have to be configured.
+
+
+ Note that the action has to be enabled based on the CONNECT
+ request which doesn't contain a path. Enabling it based on
+ a pattern with path doesn't work as the path is only seen
+ by &my-app; if the action is already enabled.
+
+
+
+
+
+ Example usage (section):
+
+ {+https-inspection}
+www.example.com
+
+
+
+
+
+
+
+
+
+ignore-certificate-errors
+
+
+
+ Typical use:
+
+ Filter encrypted requests and responses without verifying the certificate
+
+
+
+
+ Effect:
+
+
+ Encrypted requests are forwarded to sites without verifying the certificate.
+
+
+
+
+
+ Type:
+
+
+ Boolean.
+
+
+
+
+ Parameter:
+
+
+ N/A
+
+
+
+
+
+ Notes:
+
+
+ When the
+ +https-inspection
+ action is used &my-app; by default verifies that the remote site uses a valid
+ certificate.
+
+
+ If the certificate can't be validated by &my-app; the connection is aborted.
+
+
+ This action disables the certificate check so requests to sites
+ with certificates that can't be validated are allowed.
+
+
+ Note that enabling this action allows Man-in-the-middle attacks.
+
+
+
+
+
+ Example usage:
+
+
+ {+ignore-certificate-errors}
+ www.example.org
+
+
+
+
+
+
+
limit-connect
@@ -5380,9 +5527,10 @@ new action
Note that some (rare) ill-configured sites don't handle requests for uncompressed
documents correctly. Broken PHP applications tend to send an empty document body,
- some IIS versions only send the beginning of the content. If you enable
- prevent-compression per default, you might want to add
- exceptions for those sites. See the example for how to do that.
+ some IIS versions only send the beginning of the content and some content delivery
+ networks let the connection time out.
+ If you enable prevent-compression per default, you might
+ want to add exceptions for those sites. See the example for how to do that.
@@ -7330,7 +7478,7 @@ pre-defined filters for your convenience:
sometimes appear on some pages, or user agents that don't correct for this on
the fly.
@@ -7721,16 +7869,36 @@ Requests
Privoxy is free software; you can
- redistribute it and/or modify it under the terms of the
- GNU General Public License, version 2,
- as published by the Free Software Foundation and included in
- the next section.
+ redistribute and/or modify its source code under the terms
+ of the GNU General Public License
+ as published by the Free Software Foundation, either version 2
+ of the license, or (at your option) any later version.
+
+
+
+ The same is true for Privoxy binaries
+ unless they are linked with
+ mbed TLS in which
+ case you can redistribute them and/or modify them under the terms
+ of the GNU General Public License
+ as published by the Free Software Foundation, either version 3
+ of the license, or (at your option) any later version.
+
+
+
+ Both licenses are included in the next section.
License
+GNU General Public License version 2
+
+
+GNU General Public License version 3
+
+
@@ -8041,23 +8209,23 @@ Requests
- Show information about the current configuration, including viewing and
- editing of actions files:
+ View and toggle client tags: