Again, the main configuration file is named
-
Assigns the value Assigns the value /etc/privoxy/etc/privoxy to the option - confdirconfdir and thus indicates that the configuration directory is named "/etc/privoxy/".
All options in the config file except for All options in the config file except for confdirconfdir and - logdirlogdir are optional. Watch out in the below description for what happens if you leave them unset.
7.1. Configuration and Log File Locations7.1. Configuration and Log File Locations
7.1.1. confdir7.1.1. confdir No trailing ""//", please
No trailing ""//", please
File name, relative to File name, relative to confdir, without the confdir, without the .action.action suffix Multiple Multiple actionsfileactionsfile lines are permitted, and are in fact recommended!
7.1.4. filterfile7.1.4. filterfileType of value: File name, relative to File name, relative to confdirconfdir No textual content filtering takes place, i.e. all
- +filter{{name}name}
actions in the actions files are turned neutral.
The
- +filter{{name}name}
- actions rely on the relevant filter (namename)
to be defined in the filter file!
File name, relative to File name, relative to logdirlogdir No log file is used, all log messages go to the console ( No log file is used, all log messages go to the console (STDERRSTDERR).
The logfile is where all logging and error messages are written. The level
- of detail and number of messages are set with the debugdebug
option (see below). The logfile can be useful for tracking down a problem with
7.1.6. jarfile7.1.6. jarfile File name, relative to File name, relative to logdirlogdir File name, relative to File name, relative to confdirconfdir Prepending a Prepending a ~~ character limits access to this site
only (and any sub-paths within this site), e.g.
- ~www.example.com~www.example.com.
trusted referrers, by
- prepending the name with a ++ character. The effect is that
access to untrusted sites will be granted -- but only if a link from this
trusted referrer was used. The link target will then be added to the
@@ -836,15 +842,15 @@ CLASS="QUOTE"
>"trustfile" so that future, direct accesses will be granted.
Sites added via this mechanism do not become trusted referrers themselves
- (i.e. they are added with a ~~ designation).
If you use the If you use the ++ operator in the trust file, it may grow
considerably over time.
If you intend to operate 7.2.1. user-manual7.2.1. user-manual user-manual file:///usr/share/doc/privoxy-3.0.3/user-manual/
user-manual file:///usr/share/doc/privoxy-3.0.4/user-manual/
user-manual file:/c:/some-dir/privoxy-3.0.3/user-manual/user-manual file:/c:/some-dir/privoxy-3.0.4/user-manual/
user-manual file://///some-server/some-path/privoxy-3.0.3/user-manual/user-manual file://///some-server/some-path/privoxy-3.0.4/user-manual/
If both If both admin-address and admin-address and proxy-info-urlproxy-info-url are unset, the whole "Local Privoxy Support" box on all generated pages will not be shown. @@ -1218,8 +1228,8 @@ CLASS="SECT3" CLASS="SECT3" >7.2.4. proxy-info-url7.2.4. proxy-info-url
If both If both admin-address and admin-address and proxy-info-urlproxy-info-url are unset, the whole "Local Privoxy Support" box on all generated pages will not be shown. @@ -1289,17 +1299,17 @@ CLASS="SECT2" CLASS="SECT2" >7.3. Debugging7.3. Debugging
These options are mainly useful when tracing a problem. Note that you might also want to invoke Privoxy with the with the --no-daemon--no-daemon command line option when debugging.
7.3.1. debug7.3.1. debugTo select multiple debug levels, you can either add them or use - multiple debugdebug lines.
7.3.2. single-threaded7.3.2. single-threaded
This section of the config file controls the security-relevant aspects
of 7.4.1. listen-address7.4.1. listen-address [[IP-Address]:IP-Address]:PortPort src_addr[/src_addr[/src_masklensrc_masklen]
- [dst_addr[/dst_addr[/dst_masklendst_masklen]]
Where Where src_addrsrc_addr and
- dst_addrdst_addr are IP addresses in dotted decimal notation or valid
- DNS names, and src_masklensrc_masklen and
- dst_masklendst_masklen are subnet masks in CIDR notation, i.e. integer
values from 2 to 30 representing the length (in bits) of the network address. The masks and the whole
destination part are optional.
@@ -1996,9 +2026,9 @@ CLASS="EMPHASIS"
>Effect if unset: Don't restrict access further than implied by Don't restrict access further than implied by listen-addresslisten-address
If Privoxy is using a forwarder (see is using a forwarder (see forwardforward below)
- for a particular destination URL, the dst_addrdst_addr
that is examined is the address of the forwarder and Explicitly define the default behavior if no ACL and
- listen-addresslisten-address are set: "localhost"
- is OK. The absence of a dst_addrdst_addr implies that
7.4.6. buffer-limit7.4.6. buffer-limit For content filtering, i.e. the For content filtering, i.e. the +filter+filter and
- +deanimate-gif+deanimate-gif actions, it is necessary that
When a document buffer size reaches the When a document buffer size reaches the buffer-limitbuffer-limit, it is
flushed to the client unfiltered and no further attempt to
filter the rest of the document is made. Remember that there may be multiple threads
- running, which might require up to buffer-limitbuffer-limit Kbytes
7.5. Forwarding7.5. Forwarding This feature allows routing of HTTP requests through a chain of
multiple proxies.
@@ -2307,8 +2341,8 @@ CLASS="SECT3"
CLASS="SECT3"
>7.5.1. forward7.5.1. forward target_patterntarget_pattern
- http_parent[:http_parent[:portport]
where where target_patterntarget_pattern is a URL pattern
- that specifies to which requests (i.e. URLs) this forward rule shall apply. Use // to
denote "all URLs".
- http_parent[:http_parent[:portport]
is the DNS name or IP address of the parent HTTP proxy through which the requests should be forwarded,
optionally followed by its listening port (default: 8080).
- Use a single dot (..) to denote "no forwarding"Notes: If If http_parenthttp_parent is "."7.5.2. forward-socks4 and forward-socks4a7.5.2. forward-socks4 and forward-socks4aType of value: target_patterntarget_pattern
- socks_proxy[:socks_proxy[:portport]
- http_parent[:http_parent[:portport]
where where target_patterntarget_pattern is a URL pattern
- that specifies to which requests (i.e. URLs) this forward rule shall apply. Use // to
denote "all URLs".
- http_parent and http_parent and socks_proxysocks_proxy
- are IP addresses in dotted decimal notation or valid DNS names (http_parenthttp_parent
may be "no HTTP forwarding"), and the optional
- portport parameters are TCP ports, i.e. integer values from 1 to 64535
The difference between The difference between forward-socks4 and forward-socks4 and forward-socks4aforward-socks4a
is that in the SOCKS 4A protocol, the DNS resolution of the target hostname happens on the SOCKS
server, while in SOCKS 4 it happens locally.
If If http_parenthttp_parent is "."7.5.3. Advanced Forwarding Examples7.5.3. Advanced Forwarding Examples If you have links to multiple ISPs that provide various special content
only to their subscribers, you can configure multiple squid locally, then chain as
- browser -> squid -> privoxybrowser -> squid -> privoxy is the recommended way. Assuming that squid's address and port.
- Squid normally uses port 3128. If unsure consult http_porthttp_port in squid.conf. You could just as well decide to only forward requests for Windows executables through
- a virus-scanning parent proxy, say, on antivir.example.comantivir.example.com, port 8010: