X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=doc%2Fsource%2Fp-config.sgml;h=6c5ab408af74004bc86d5e4593ecbc672c5310db;hb=ff4254b8eefe93be720d1e3ebe358d36a00b9140;hp=c758a77b020733d2a59a683a3d9fef2e929d506d;hpb=daeaf3961880a3c7afd9165e526c2fc5457119b4;p=privoxy.git
diff --git a/doc/source/p-config.sgml b/doc/source/p-config.sgml
index c758a77b..6c5ab408 100644
--- a/doc/source/p-config.sgml
+++ b/doc/source/p-config.sgml
@@ -3,9 +3,9 @@
Purpose : Used with other docs and files only.
- $Id: p-config.sgml,v 2.121 2016/05/03 13:22:13 fabiankeil Exp $
+ $Id: p-config.sgml,v 2.124 2017/02/20 13:44:54 fabiankeil Exp $
- Copyright (C) 2001-2016 Privoxy Developers https://www.privoxy.org/
+ Copyright (C) 2001-2017 Privoxy Developers https://www.privoxy.org/
See LICENSE.
========================================================================
@@ -97,10 +97,10 @@
Sample Configuration File for Privoxy &p-version;
- $Id: p-config.sgml,v 2.121 2016/05/03 13:22:13 fabiankeil Exp $
+ $Id: p-config.sgml,v 2.124 2017/02/20 13:44:54 fabiankeil Exp $
-Copyright (C) 2001-2016 Privoxy Developers https://www.privoxy.org/
+Copyright (C) 2001-2017 Privoxy Developers https://www.privoxy.org/
@@ -1958,6 +1958,82 @@ ACLs: permit-access and deny-access
@@enable-proxy-authentication-forwarding 0]]>
+
+trusted-cgi-referer
+
+
+ Specifies:
+
+
+ A trusted website or webpage whose links can be followed to reach sensitive CGI pages
+
+
+
+
+ Type of value:
+
+ URL or URL prefix
+
+
+
+ Default value:
+
+ Unset
+
+
+
+ Effect if unset:
+
+
+ No external pages are considered trusted referers.
+
+
+
+
+ Notes:
+
+
+ Before &my-app; accepts configuration changes through CGI pages like
+ client-tags or the
+ remote toggle, it checks
+ the Referer header to see if the request comes from a trusted source.
+
+
+ By default only the webinterface domains
+ config.privoxy.org
+ and
+ p.p
+ are considered trustworthy.
+ Requests originating from other domains are rejected to prevent
+ third-parties from modifiying Privoxy's state by e.g. embedding
+ images that result in CGI requests.
+
+
+ In some environments it may be desirable to embed links to CGI pages
+ on external pages, for example on an Intranet homepage the Privoxy admin
+ controls.
+
+
+ The trusted-cgi-referer option can be used to add that page,
+ or the whole domain, as trusted source so the resulting requests aren't
+ rejected.
+ Requests are accepted if the specified trusted-cgi-refer is the prefix
+ of the Referer.
+
+
+
+ Declaring pages the admin doesn't control trustworthy may allow
+ malicious third parties to modify Privoxy's internal state against
+ the user's wishes and without the user's knowledge.
+
+
+
+
+
+
+@@trusted-cgi-referer http://www.example.org/local-privoxy-control-page]]>
+
+
@@ -3506,11 +3582,85 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
+
+
+trust-x-forwarded-for
+
+
+ Specifies:
+
+
+ Whether or not Privoxy should use IP addresses specified with the X-Forwarded-For header
+
+
+
+
+ Type of value:
+
+
+ 0 or one
+
+
+
+
+ Default value:
+
+ 0
+
+
+
+ Notes:
+
+
+
+ This is an experimental feature. The syntax is likely to change
+ in future versions.
+
+
+
+ If clients reach Privoxy through another proxy, for example a load
+ balancer, Privoxy can't tell the client's IP address from the connection.
+ If multiple clients use the same proxy, they will share the same
+ client tag settings which is usually not desired.
+
+
+ This option lets Privoxy use the X-Forwarded-For header value as
+ client IP address. If the proxy sets the header, multiple clients
+ using the same proxy do not share the same client tag settings.
+
+
+ This option should only be enabled if Privoxy can only be reached
+ through a proxy and if the proxy can be trusted to set the header
+ correctly. It is recommended that ACL are used to make sure only
+ trusted systems can reach Privoxy.
+
+
+ If access to Privoxy isn't limited to trusted systems, this option
+ would allow malicious clients to change the client tags for other
+ clients or increase Privoxy's memory requirements by registering
+ lots of client tag settings for clients that don't exist.
+
+
+
+
+ Examples:
+
+
+
+ # Allow systems that can reach Privoxy to provide the client
+ # IP address with a X-Forwarded-For header.
+ trust-x-forwarded-for 1
+
+
+
+
+
+
+
-