X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=doc%2Fsource%2Fuser-manual.sgml;h=0eb212cd280059fbccdd8ad0ce77190137ca0c77;hb=39c7832dc692f20d051dbdb29a0d5c7cbb10c561;hp=3f88ffb0961355e4b666b11631555ac015fac70a;hpb=043a1d495ada3ded930834bd238dbdc90bac47ef;p=privoxy.git diff --git a/doc/source/user-manual.sgml b/doc/source/user-manual.sgml index 3f88ffb0..0eb212cd 100644 --- a/doc/source/user-manual.sgml +++ b/doc/source/user-manual.sgml @@ -11,7 +11,7 @@ - + @@ -33,7 +33,7 @@ This file belongs into ijbswa.sourceforge.net:/home/groups/i/ij/ijbswa/htdocs/ - $Id: user-manual.sgml,v 2.57 2008/02/03 19:10:14 fabiankeil Exp $ + $Id: user-manual.sgml,v 2.82 2008/08/16 09:00:52 fabiankeil Exp $ Copyright (C) 2001-2008 Privoxy Developers http://www.privoxy.org/ See LICENSE. @@ -59,7 +59,7 @@ -$Id: user-manual.sgml,v 2.57 2008/02/03 19:10:14 fabiankeil Exp $ +$Id: user-manual.sgml,v 2.82 2008/08/16 09:00:52 fabiankeil Exp $ Mac OS X - Unzip the downloaded file (you can either double-click on the file - from the finder, or from the desktop if you downloaded it there). - Then, double-click on the package installer icon named - Privoxy.pkg - and follow the installation process. - Privoxy will be installed in the folder - /Library/Privoxy. - It will start automatically whenever you start up. To prevent it from - starting automatically, remove or rename the folder - /Library/StartupItems/Privoxy. - - - To start Privoxy by hand, double-click on - StartPrivoxy.command in the - /Library/Privoxy folder. - Or, type this command in the Terminal: + Unzip the downloaded file (you can either double-click on the zip file + icon from the Finder, or from the desktop if you downloaded it there). + Then, double-click on the package installer icon and follow the + installation process. - - /Library/Privoxy/StartPrivoxy.command - + The privoxy service will automatically start after a successful + installation (in addition to every time your computer starts up). To + prevent the privoxy service from automatically starting when your + computer starts up, remove or rename the folder named + /Library/StartupItems/Privoxy. - You will be prompted for the administrator password. + To manually start or stop the privoxy service, use the Privoxy Utility + for Mac OS X. This application controls the privoxy service (e.g. + starting and stopping the service as well as uninstalling the software). @@ -444,153 +436,203 @@ How to install the binary packages depends on your operating system: What's New in this Release - There are many improvements and new features since Privoxy 3.0.6, the last stable release: + There are many improvements and new features since Privoxy 3.0.8, the last stable release: - Two new actions server-header-tagger - and client-header-tagger - that can be used to create arbitrary tags - based on client and server headers. - These tags can then subsequently be used - to control the other actions used for the current request, - greatly increasing &my-app;'s flexibility and selectivity. See tag patterns for more information on tags. - - - - - - Header filtering is done with dedicated header filters now. As a result - the actions filter-client-headers and filter-server-headers - that were introduced with Privoxy 3.0.5 to apply - content filters to the headers have been removed. - See the new actions server-header-filter - and client-header-filter for details. - - - - - There are four new options for the main config file: - - - - - - allow-cgi-request-crunching - which allows requests for Privoxy's internal CGI pages to be - blocked, redirected or (un)trusted like ordinary requests. - - - - - split-large-forms - that will work around a browser bug that caused IE6 and IE7 to - ignore the Submit button on the Privoxy's edit-actions-for-url CGI - page. - - - - - accept-intercepted-requests - which allows to combine Privoxy with any packet filter to create an - intercepting proxy for HTTP/1.1 requests (and for HTTP/1.0 requests - with Host header set). This means clients can be forced to use - &my-app; even if their proxy settings are configured differently. - - - - - templdir - to designate an alternate location for &my-app;'s - locally customized CGI templates so that - these are not overwritten during upgrades. - - - - - + Added SOCKS5 support (with address resolution done by + the SOCKS5 server). Patch provided by Eric M. Hopper. + + - A new command line option --pre-chroot-nslookup hostname to - initialize the resolver library before chroot'ing. On some systems this - reduces the number of files that must be copied into the chroot tree. - (Patch provided by Stephen Gildea) + The "blocked" CGI pages include a block reason that was + provided as argument to the last-applying block action. - - The forward-override action - allows changing of the forwarding settings through the actions files. - Combined with tags, this allows to choose the forwarder based on - client headers like the User-Agent, or the request origin. - + If enable-edit-actions is disabled (the default since 3.0.7 beta) + the show-status page hides the edit buttons and explains why. + Previously the user would get the "this feature has been disabled" + message after using the edit button. + - - The redirect action can now use regular - expression substitutions against the original URL. + Forbidden CONNECT requests are treated like blocks by default. + The now-pointless treat-forbidden-connects-like-blocks action + has been removed. - - zlib support is now available as a compile - time option to filter compressed content. Patch provided by Wil Mahan. + Not enabling limit-connect now allows CONNECT requests to all ports. + In previous versions it would only allow CONNECT requests to port 443. + Use +limit-connect{443} if you think you need the old default behaviour. - - - Improve various filters, and add new ones. + + + The CGI editor gets turned off after three edit requests with invalid + file modification timestamps. This makes life harder for attackers + who can leverage browser bugs to send fake Referers and intend to + brute-force edit URLs. - - - Include support for RFC 3253 so that Subversion works - with &my-app;. Patch provided by Petr Kadlec. + Action settings for multiple patterns in the same section are + shared in memory. As a result these sections take up less space + (and are loaded slightly faster). Problem reported by Franz Schwartau. - - Logging can be completely turned off by not specifying a logfile directive. + Linear white space in HTTP headers will be normalized to single + spaces before parsing the header's content, headers split across + multiple lines get merged first. - - - A number of improvements to Privoxy's internal CGI pages, including the - use of favicons for error and control pages. + Host information is gathered outside the main thread so it's less + likely to delay other incoming connections if the host is misconfigured. - - Many bugfixes, memory leaks addressed, code improvements, and logging - improvements. + New config option "hostname" to use a hostname other than + the one returned by the operating system. Useful to speed-up responses + for CGI requests on misconfigured systems. Requested by Max Khon. + + + + + The CGI editor supports the "disable all filters of this type" + directives "-client-header-filter", "-server-header-filter", + "-client-header-tagger" and "-server-header-tagger". + + + + + Fixed false-positives with the link-by-url filter and URLs that + contain the pattern "/jump/". + + + + + The less-download-windows filter no longer messes + "Content-Type: application/x-shockwave-flash" headers up. + + + + + In the show-url-info page's "Final results" section active and + inactive actions are listed separately. Patch provided by Lee. + + + + + The GNUmakefile supports the DESTDIR variable. Patch for + the install target submitted by Radoslaw Zielinski. + + + + + Embedding the content of configuration files in the show-status + page is significantly faster now. For a largish action file (1 MB) + a speedup of about 2450 times has been measured. This is mostly + interesting if you are using large action files or regularly use + Privoxy-Regression-Test while running Privoxy through Valgrind, + for stock configuration files it doesn't really matter. + + + + + If zlib support is unavailable and there are content + filters active but the prevent-compression action is disabled, + the show-url-info page includes a warning that compression + might prevent filtering. + + + + + The show-url-info page provides an OpenSearch Description that + allows to access the page through browser search plugins. + + + + + The obsolete kill-popups action has been removed as the + PCRS-based popup filters can do the same and are slightly + less unreliable. + + + + + The inspect-jpegs action has been removed. + + + + + The send-wafer and send-vanilla-wafer actions have been removed. + They weren't particular useful and their behaviour could be emulated + with add-header anyway. + + + + + Privoxy-Regression-Test has been significantly improved. + + + + + Most sections in the default.action file contain tests for + Privoxy-Regression-Test to verify that they are working as intended. + + + + + Parts of Privoxy have been refactored to increase maintainability. + + + + + Building with zlib (if available) is done by default. + + + + + + Ordinary configuration file changes no longer cause program + termination on OS/2 if the name of the logfile hasn't been + changed as well. This regression probably crept in with the + logging improvements in 3.0.7. Reported by Maynard. + + + + + The img-reorder filter is less likely to mess up JavaScript code in + img tags. Problem and solution reported by Glenn Washburn in #2014552. + + + + + The source tar ball now includes Privoxy-Log-Parser, + a syntax-highlighter for Privoxy logs. For fancy screenshots see: + http://www.fabiankeil.de/sourcecode/privoxy-log-parser/ + Documentation is available through perldoc(1). - + + For a more detailed list of changes please have a look at the ChangeLog. @@ -1351,19 +1393,32 @@ Example Unix startup command: Mac OS X - During installation, Privoxy is configured to - start automatically when the system restarts. To start &my-app; manually, - double-click on the StartPrivoxy.command icon in the - /Library/Privoxy folder. Or, type this command - in the Terminal: + After downloading the privoxy software, unzip the downloaded file by + double-clicking on the zip file icon. Then, double-click on the + installer package icon and follow the installation process. + + + The privoxy service will automatically start after a successful + installation. In addition, the privoxy service will automatically + start every time your computer starts up. + + + To prevent the privoxy service from automatically starting when your + computer starts up, remove or rename the folder named + /Library/StartupItems/Privoxy. - - /Library/Privoxy/StartPrivoxy.command - + A simple application named Privoxy Utility has been created which + enables administrators to easily start and stop the privoxy service. - You will be prompted for the administrator password. + In addition, the Privoxy Utility presents a simple way for + administrators to edit the various privoxy config files. A method + to uninstall the software is also available. + + + An administrator username and password must be supplied in order for + the Privoxy Utility to perform any of the tasks. @@ -1436,11 +1491,9 @@ must find a better place for this paragraph Another feature where you will probably want to define exceptions for trusted - sites is the popup-killing (through the +kill-popups and - +filter{popups} - actions), because your favorite shopping, banking, or leisure site may need + sites is the popup-killing (through +filter{popups}), + because your favorite shopping, banking, or leisure site may need popups (explained below). @@ -1668,8 +1721,8 @@ for details.         ▪  Toggle Privoxy on or off -         ▪  Documentation +         ▪  Documentation @@ -1936,7 +1989,7 @@ for details. The default profiles, and their associated actions, as pre-defined in - standard.action are: + standard.action are: Default Configurations @@ -2051,7 +2104,7 @@ for details. Image tag reordering no - no + yes yes @@ -2188,7 +2241,7 @@ for details. - { +handle-as-image +block } + { +handle-as-image +block{Banner ads.} } # Block these as if they were images. Send no block page. banners.example.com media.example.com/.*banners @@ -2230,9 +2283,9 @@ for details. The pattern matching syntax is different for the domain and path parts of the URL. The domain part uses a simple globbing type matching technique, - while the path part uses a more flexible + while the path part uses more flexible Regular - Expressions (PCRE) based syntax. + Expressions (POSIX 1003.2). @@ -2257,7 +2310,7 @@ for details. - www.example.com/index.html$ + www.example.com/index.html matches all the documents on www.example.com @@ -2411,20 +2464,16 @@ for details. The Path Pattern - Privoxy uses Perl compatible (PCRE) + Privoxy uses modern POSIX 1003.2 Regular - Expression based syntax - (through the PCRE library) for - matching the path portion (after the slash), and is thus more flexible. + Expressions for matching the path portion (after the slash), + and is thus more flexible. There is an Appendix with a brief quick-start into regular - expressions, and full (very technical) documentation on PCRE regex syntax is available on-line - at http://www.pcre.org/man.txt. - You might also find the Perl man page on regular expressions (man perlre) - useful, which is available on-line at http://perldoc.perl.org/perlre.html. + expressions, you also might want to have a look at your operating system's documentation + on regular expressions (try man re_format). @@ -2618,7 +2667,7 @@ for details. -name # disable action name - Example: +block + Example: +handle-as-image @@ -2801,14 +2850,14 @@ for details. Type: - Boolean. + Parameterized. Parameter: - N/A + A block reason that should be given to the user. @@ -2817,14 +2866,10 @@ for details. Privoxy sends a special BLOCKED page - for requests to blocked pages. This page contains links to find out why the request - was blocked, and a click-through to the blocked content (the latter only if compiled with the - force feature enabled). The BLOCKED page adapts to the available - screen space -- it displays full-blown if space allows, or miniaturized and text-only - if loaded into a small frame or window. If you are using Privoxy - right now, you can take a look at the - BLOCKED - page. + for requests to blocked pages. This page contains the block reason given as + parameter, a link to find out why the block action applies, and a click-through + to the blocked content (the latter only if the force feature is available and + enabled). A very important exception occurs if both @@ -2854,18 +2899,18 @@ for details. Example usage (section): - {+block} + {+block{No nasty stuff for you.}} # Block and replace with "blocked" page .nasty-stuff.example.com -{+block +handle-as-image} +{+block{Doubleclick banners.} +handle-as-image} # Block and replace with image .ad.doubleclick.net .ads.r.us/banners/ -{+block +handle-as-empty-document} +{+block{Layered ads.} +handle-as-empty-document} # Block and then ignore - adserver.exampleclick.net/.*\.js$ + adserver.example.net/.*\.js$ @@ -3027,6 +3072,25 @@ for details. # Tag every request with the User-Agent header {+client-header-tagger{user-agent}} / + +# Tagging itself doesn't change the action +# settings, sections with TAG patterns do: +# +# If it's a download agent, use a different forwarding proxy, +# show the real User-Agent and make sure resume works. +{+forward-override{forward-socks5 10.0.0.2:2222 .} \ + -hide-if-modified-since \ + -overwrite-last-modified \ + -hide-user-agent \ + -filter \ + -deanimate-gifs \ +} +TAG:^User-Agent: NetBSD-ftp/ +TAG:^User-Agent: Novell ZYPP Installer +TAG:^User-Agent: RPM APT-HTTP/ +TAG:^User-Agent: fetch libfetch/ +TAG:^User-Agent: Ubuntu APT-HTTP/ +TAG:^User-Agent: MPlayer/ @@ -3923,23 +3987,23 @@ problem-host.example.com - +filter{js-annoyances} # Get rid of particularly annoying JavaScript abuse + +filter{js-annoyances} # Get rid of particularly annoying JavaScript abuse. - +filter{js-events} # Kill all JS event bindings (Radically destructive! Only for extra nasty sites) + +filter{js-events} # Kill all JS event bindings and timers (Radically destructive! Only for extra nasty sites). - +filter{html-annoyances} # Get rid of particularly annoying HTML abuse + +filter{html-annoyances} # Get rid of particularly annoying HTML abuse. - +filter{content-cookies} # Kill cookies that come in the HTML or JS content + +filter{content-cookies} # Kill cookies that come in the HTML or JS content. - +filter{refresh-tags} # Kill automatic refresh tags (for dial-on-demand setups) + +filter{refresh-tags} # Kill automatic refresh tags (for dial-on-demand setups). @@ -3951,43 +4015,43 @@ problem-host.example.com - +filter{img-reorder} # Reorder attributes in <img> tags to make the banners-by-* filters more effective + +filter{img-reorder} # Reorder attributes in <img> tags to make the banners-by-* filters more effective. - +filter{banners-by-size} # Kill banners by size + +filter{banners-by-size} # Kill banners by size. - +filter{banners-by-link} # Kill banners by their links to known clicktrackers + +filter{banners-by-link} # Kill banners by their links to known clicktrackers. - +filter{webbugs} # Squish WebBugs (1x1 invisible GIFs used for user tracking) + +filter{webbugs} # Squish WebBugs (1x1 invisible GIFs used for user tracking). - +filter{tiny-textforms} # Extend those tiny textareas up to 40x80 and kill the hard wrap + +filter{tiny-textforms} # Extend those tiny textareas up to 40x80 and kill the hard wrap. - +filter{jumping-windows} # Prevent windows from resizing and moving themselves + +filter{jumping-windows} # Prevent windows from resizing and moving themselves. - +filter{frameset-borders} # Give frames a border and make them resizeable + +filter{frameset-borders} # Give frames a border and make them resizable. - +filter{demoronizer} # Fix MS's non-standard use of standard charsets + +filter{demoronizer} # Fix MS's non-standard use of standard charsets. - +filter{shockwave-flash} # Kill embedded Shockwave Flash objects + +filter{shockwave-flash} # Kill embedded Shockwave Flash objects. - +filter{quicktime-kioskmode} # Make Quicktime movies savable + +filter{quicktime-kioskmode} # Make Quicktime movies saveable. @@ -3995,35 +4059,35 @@ problem-host.example.com - +filter{crude-parental} # Crude parental filtering (demo only) + +filter{crude-parental} # Crude parental filtering. Note that this filter doesn't work reliably. - +filter{ie-exploits} # Disable a known Internet Explorer bug exploits + +filter{ie-exploits} # Disable some known Internet Explorer bug exploits. - +filter{site-specifics} # Custom filters for specific site related problems + +filter{site-specifics} # Cure for site-specific problems. Don't apply generally! + + + + +filter{no-ping} # Removes non-standard ping attributes in <a> and <area> tags. - +filter{google} # Removes text ads and other Google specific improvements + +filter{google} # CSS-based block for Google text ads. Also removes a width limitation and the toolbar advertisement. - +filter{yahoo} # Removes text ads and other Yahoo specific improvements + +filter{yahoo} # CSS-based block for Yahoo text ads. Also removes a width limitation. - +filter{msn} # Removes text ads and other MSN specific improvements + +filter{msn} # CSS-based block for MSN text ads. Also removes tracking URLs and a width limitation. - +filter{blogspot} # Cleans up Blogspot blogs - - - - +filter{no-ping} # Removes non-standard ping attributes from anchor and area tags + +filter{blogspot} # Cleans up some Blogspot blogs. Read the fine print before using this. @@ -4291,7 +4355,7 @@ new action # Block all documents on example.org that end with ".js", # but send an empty document instead of the usual HTML message. -{+block +handle-as-empty-document} +{+block{Blocked JavaScript} +handle-as-empty-document} example.org/.*\.js$ @@ -4378,11 +4442,8 @@ example.org/.*\.js$ # These don't look like images, but they're banners and should be # blocked as images: # -{+block +handle-as-image} -some.nasty-banner-server.com/junk.cgi\?output=trash - -# Banner source! Who cares if they also have non-image content? -ad.doubleclick.net +{+block{Nasty banners.} +handle-as-image} +nasty-banner-server.example.com/junk.cgi\?output=trash @@ -4974,169 +5035,6 @@ new action - - -inspect-jpegs - - - Typical use: - - Try to protect against a MS buffer over-run in JPEG processing - - - - - Effect: - - - Protect against a known exploit - - - - - - Type: - - - Boolean. - - - - - Parameter: - - - N/A - - - - - - Notes: - - - See Microsoft Security Bulletin MS04-028. JPEG images are one of the most - common image types found across the Internet. The exploit as described can - allow execution of code on the target system, giving an attacker access - to the system in question by merely planting an altered JPEG image, which - would have no obvious indications of what lurks inside. This action - tries to prevent this exploit if delivered through unencrypted HTTP. - - - Note that the exploit mentioned is several years old - and it's unlikely that your client is still vulnerable - against it. This action may be removed in one of the - next releases. - - - - - - - Example usage: - - +inspect-jpegs - - - - - - - - -kill-popups<anchor id="kill-popup"> - - - - Typical use: - - Eliminate those annoying pop-up windows (deprecated) - - - - - Effect: - - - While loading the document, replace JavaScript code that opens - pop-up windows with (syntactically neutral) dummy code on the fly. - - - - - - Type: - - - Boolean. - - - - - Parameter: - - - N/A - - - - - - Notes: - - - This action is basically a built-in, hardwired special-purpose filter - action, but there are important differences: For kill-popups, - the document need not be buffered, so it can be incrementally rendered while - downloading. But kill-popups doesn't catch as many pop-ups as - filter{all-popups} - does and is not as smart as filter{unsolicited-popups} - is. - - - Think of it as a fast and efficient replacement for a filter that you - can use if you don't want any filtering at all. Note that it doesn't make - sense to combine it with any filter action, - since as soon as one filter applies, - the whole document needs to be buffered anyway, which destroys the advantage of - the kill-popups action over its filter equivalent. - - - Killing all pop-ups unconditionally is problematic. Many shops and banks rely on - pop-ups to display forms, shopping carts etc, and the filter{unsolicited-popups} - does a better job of catching only the unwanted ones. - - - If the only kind of pop-ups that you want to kill are exit consoles (those - really nasty windows that appear when you close an other - one), you might want to use - filter{js-annoyances} - instead. - - - This action is most appropriate for browsers that don't have any controls - for unwanted pop-ups. Not recommended for general usage. - - - This action doesn't work very reliable and may be removed in future releases. - - - - - - Example usage: - - +kill-popups - - - - - - limit-connect @@ -5181,10 +5079,9 @@ new action By default, i.e. if no limit-connect action applies, - Privoxy only allows HTTP CONNECT - requests to port 443 (the standard, secure HTTPS port). Use - limit-connect if more fine-grained control is desired - for some or all destinations. + Privoxy allows HTTP CONNECT requests to all + ports. Use limit-connect if fine-grained control + is desired for some or all destinations. The CONNECT methods exists in HTTP to allow access to secure websites @@ -5197,9 +5094,6 @@ new action Privoxy relays HTTPS traffic without seeing the decoded content. Websites can leverage this limitation to circumvent &my-app;'s filters. By specifying an invalid port range you can disable HTTPS entirely. - If you plan to disable SSL by default, consider enabling - treat-forbidden-connects-like-blocks - as well, to be able to quickly create exceptions. @@ -5211,7 +5105,7 @@ new action - +limit-connect{443} # This is the default and need not be specified. + +limit-connect{443} # Port 443 is OK. +limit-connect{80,443} # Ports 80 and 443 are OK. +limit-connect{-3, 7, 20-100, 500-} # Ports less than 3, 7, 20 to 100 and above 500 are OK. +limit-connect{-} # All ports are OK @@ -5269,9 +5163,9 @@ new action More and more websites send their content compressed by default, which is generally a good idea and saves bandwidth. But the filter, deanimate-gifs - and kill-popups actions need - access to the uncompressed data. + linkend="filter">filter and + deanimate-gifs + actions need access to the uncompressed data. When compiled with zlib support (available since &my-app; 3.0.7), content that should be @@ -5490,6 +5384,10 @@ new action and be aware that using your own redirects might make it possible to fingerprint your requests. + + In case of problems with your redirects, or simply to watch + them working, enable debug 128. + @@ -5510,143 +5408,24 @@ new action # (Note the $ at the end of the URL pattern to make sure # the request for the rewritten URL isn't redirected as well) {+redirect{s@$@&mode=expanded@}} -undeadly.org/cgi\?action=article&sid=\d*$ - - - +undeadly.org/cgi\?action=article&sid=\d*$ - - +# Redirect Google search requests to MSN +{+redirect{s@^http://[^/]*/search\?q=([^&]*).*@http://search.msn.com/results.aspx?q=$1@}} +.google.com/search +# Redirect MSN search requests to Yahoo +{+redirect{s@^http://[^/]*/results\.aspx\?q=([^&]*).*@http://search.yahoo.com/search?p=$1@}} +search.msn.com//results\.aspx\?q= - - -send-vanilla-wafer - - - - Typical use: - - - Feed log analysis scripts with useless data. - - - - - - Effect: - - - Sends a cookie with each request stating that you do not accept any copyright - on cookies sent to you, and asking the site operator not to track you. +# Redirect remote requests for this manual +# to the local version delivered by Privoxy +{+redirect{s@^http://www@http://config@}} +www.privoxy.org/user-manual/ - - Type: - - - Boolean. - - - - - Parameter: - - - N/A - - - - - - Notes: - - - The vanilla wafer is a (relatively) unique header and could conceivably be used to track you. - - - This action is rarely used and not enabled in the default configuration. - - - - - - Example usage: - - - +send-vanilla-wafer - - - - - - - - - - -send-wafer - - - - Typical use: - - - Send custom cookies or feed log analysis scripts with even more useless data. - - - - - - Effect: - - - Sends a custom, user-defined cookie with each request. - - - - - - Type: - - - Multi-value. - - - - - Parameter: - - - A string of the form name=value. - - - - - - Notes: - - - Being multi-valued, multiple instances of this action can apply to the same request, - resulting in multiple cookies being sent. - - - This action is rarely used and not enabled in the default configuration. - - - - - Example usage (section): - - - {+send-wafer{UsingPrivoxy=true}} -my-internal-testing-server.void - - - @@ -6024,81 +5803,6 @@ example.org/instance-that-is-delivered-as-xml-but-is-not - - -treat-forbidden-connects-like-blocks - - - - Typical use: - - Block forbidden connects with an easy to find error message. - - - - - Effect: - - - If this action is enabled, Privoxy no longer - makes a difference between forbidden connects and ordinary blocks. - - - - - - Type: - - - Boolean - - - - - Parameter: - - N/A - - - - - Notes: - - - By default Privoxy answers - forbidden Connect requests - with a short error message inside the headers. If the browser doesn't display - headers (most don't), you just see an empty page. - - - With this action enabled, Privoxy displays - the message that is used for ordinary blocks instead. If you decide - to make an exception for the page in question, you can do so by - following the See why link. - - - For Connect requests the clients tell - Privoxy which host they are interested - in, but not which document they plan to get later. As a result, the - Go there anyway wouldn't work and is therefore suppressed. - - - - - - Example usage: - - - +treat-forbidden-connects-like-blocks - - - - - - - Summary @@ -6173,15 +5877,15 @@ new action # +crunch-all-cookies = +crunch-incoming-cookies +crunch-outgoing-cookies -crunch-all-cookies = -crunch-incoming-cookies -crunch-outgoing-cookies - +block-as-image = +block +handle-as-image + +block-as-image = +block{Blocked image.} +handle-as-image allow-all-cookies = -crunch-all-cookies -session-cookies-only -filter{content-cookies} # These aliases define combinations of actions # that are useful for certain types of sites: # - fragile = -block -filter -crunch-all-cookies -fast-redirects -hide-referrer -kill-popups -prevent-compression + fragile = -block -filter -crunch-all-cookies -fast-redirects -hide-referrer -prevent-compression - shop = -crunch-all-cookies -filter{all-popups} -kill-popups + shop = -crunch-all-cookies -filter{all-popups} # Short names for other aliases, for really lazy people ;-) # @@ -6216,7 +5920,7 @@ new action # These shops require pop-ups: # - {-kill-popups -filter{all-popups} -filter{unsolicited-popups}} + {-filter{all-popups} -filter{unsolicited-popups}} .dabs.com .overclockers.co.uk @@ -6287,14 +5991,14 @@ that also explains why and how aliases are used: # +crunch-all-cookies = +crunch-incoming-cookies +crunch-outgoing-cookies -crunch-all-cookies = -crunch-incoming-cookies -crunch-outgoing-cookies - +block-as-image = +block +handle-as-image + +block-as-image = +block{Blocked image.} +handle-as-image mercy-for-cookies = -crunch-all-cookies -session-cookies-only -filter{content-cookies} # These aliases define combinations of actions # that are useful for certain types of sites: # - fragile = -block -filter -crunch-all-cookies -fast-redirects -hide-referrer -kill-popups - shop = -crunch-all-cookies -filter{all-popups} -kill-popups + fragile = -block -filter -crunch-all-cookies -fast-redirects -hide-referrer + shop = -crunch-all-cookies -filter{all-popups} @@ -6407,8 +6111,7 @@ mail.google.com now. Mozilla users, who can turn on smart handling of unwanted pop-ups in their browsers, can safely choose - -filter{popups} (and - -kill-popups) above + -filter{popups} above and hence don't need this section. Anyway, disabling an already disabled action doesn't hurt, so we'll define our exceptions regardless of what was chosen in the defaults section: @@ -6418,7 +6121,7 @@ mail.google.com # These sites require pop-ups too :( # -{ -kill-popups -filter{popups} } +{ -filter{popups} } .dabs.com .overclockers.co.uk .deutsche-bank-24.de @@ -6521,7 +6224,7 @@ bs*.gsanet.com ########################################################################## # Block these fine banners: ########################################################################## -{ +block } +{ +block{Banner ads.} } # Generic patterns: # @@ -6667,14 +6370,14 @@ wiki. +crunch-all-cookies = +crunch-incoming-cookies +crunch-outgoing-cookies -crunch-all-cookies = -crunch-incoming-cookies -crunch-outgoing-cookies allow-all-cookies = -crunch-all-cookies -session-cookies-only - allow-popups = -filter{all-popups} -kill-popups -+block-as-image = +block +handle-as-image + allow-popups = -filter{all-popups} ++block-as-image = +block{Blocked as image.} +handle-as-image -block-as-image = -block # These aliases define combinations of actions that are useful for # certain types of sites: # -fragile = -block -crunch-all-cookies -filter -fast-redirects -hide-referrer -kill-popups +fragile = -block -crunch-all-cookies -filter -fast-redirects -hide-referrer shop = -crunch-all-cookies allow-popups # Allow ads for selected useful free sites: @@ -6738,7 +6441,7 @@ stupid-server.example.com/ seen an ad on your favourite page on example.com that you want to get rid of. You have right-clicked the image, selected copy image location and pasted the URL below while removing the leading http://, into a - { +block } section. Note that { +handle-as-image + { +block{} } section. Note that { +handle-as-image } need not be specified, since all URLs ending in .gif will be tagged as images by the general rules as set in default.action anyway: @@ -6746,7 +6449,7 @@ stupid-server.example.com/ -{ +block } +{ +block{Nasty ads.} } www.example.com/nasty-ads/sponsor\.gif another.example.net/more/junk/here/ @@ -8367,13 +8070,6 @@ Requests actions. - - - If the +kill-popups - action applies, and it is an HTML or JavaScript document, the popup-code in the - response is filtered on-the-fly as it is received. - - If any +filter action @@ -8627,19 +8323,14 @@ In file: user.action [ View ] [ Edit ] + +set-image-blocker {pattern} @@ -8656,21 +8347,21 @@ In file: user.action [ View ] [ Edit ] - { +block } + { +block{Domains starts with "ad"} } ad*. - { +block } + { +block{Domain contains "ad"} } .ad. - { +block +handle-as-image } + { +block{Doubleclick banner server} +handle-as-image } .[a-vx-z]*.doubleclick.net We'll just show the interesting part here - the explicit matches. It is - matched three different times. Two +block sections, - and a +block +handle-as-image, + matched three different times. Two +block{} sections, + and a +block{} +handle-as-image, which is the expanded form of one of our aliases that had been defined as: +block-as-image. (Aliases are defined in @@ -8685,7 +8376,7 @@ In file: user.action [ View ] [ Edit ]ad.doubleclick.net is done here -- as both a +block + linkend="BLOCK">+block{} and an +handle-as-image. The custom alias +block-as-image just @@ -8751,21 +8442,16 @@ In file: user.action [ View ] [ Edit ] @@ -8807,7 +8493,7 @@ In file: user.action [ View ] [ Edit ] - { +block +handle-as-image } + { +block{Path starts with "ads".} +handle-as-image } /ads @@ -8923,6 +8609,88 @@ In file: user.action [ View ] [ Edit ]