X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=doc%2Fsource%2Fuser-manual.sgml;h=88adb4fa5a969a63752ba8772818983cefdcf656;hb=ccedf2853b21370ecb456bda0551e7dbfa76aee9;hp=f5fd8b263d90622fd51ae21706d39d1dbda8a7e9;hpb=15608555a60be079b7bfcd07d523658548e0425e;p=privoxy.git diff --git a/doc/source/user-manual.sgml b/doc/source/user-manual.sgml index f5fd8b26..88adb4fa 100644 --- a/doc/source/user-manual.sgml +++ b/doc/source/user-manual.sgml @@ -7,7 +7,7 @@ This file belongs into ijbswa.sourceforge.net:/home/groups/i/ij/ijbswa/htdocs/ - $Id: user-manual.sgml,v 1.10 2001/09/28 02:18:12 hal9 Exp $ + $Id: user-manual.sgml,v 1.26 2002/01/09 20:02:50 hal9 Exp $ Written by and Copyright (C) 2001 the SourceForge IJBSWA team. http://ijbswa.sourceforge.net @@ -30,7 +30,7 @@ Hal Burgiss Junkbuster User Manual -$Id: user-manual.sgml,v 1.10 2001/09/28 02:18:12 hal9 Exp $ +$Id: user-manual.sgml,v 1.26 2002/01/09 20:02:50 hal9 Exp $ @@ -48,7 +48,7 @@ Hal Burgiss security to users of the World Wide Web. -You can find the latest version of the user manual at http://ijbswa.sourceforge.net/doc/user-manual/. +You can find the latest version of the user manual at http://ijbswa.sourceforge.net/user-manual/. @@ -65,11 +65,11 @@ You can find the latest version of the user manual at Internet Junkbuster and is incomplete at this point. The most up to date reference for the time being is still the comments in the source files and in the individual configuration files. Development - of version 3.0 is currently underway, and includes significant changes and + of version 3.0 is currently underway, and includes many significant changes and enhancements over earlier verions. The target release date for stable v3.0 is December 2001. Since this is a development version, some features are in the process of - being implemented. And there are bugs! + being implemented. This documentation may be slightly out of sync as a + result. And there are bugs, though hopefully not many! @@ -102,14 +103,15 @@ You can find the latest version of the user manual at http://i.j.b). - A web based GUI configuration utility. + Modularized configuration that will allow for system wide settings, and + individual user settings. (not implemented yet, probably a 3.1 feature) @@ -122,14 +124,14 @@ You can find the latest version of the user manual at - - - - - - - -New Features - - In addition to Junkbuster's traditional features - of ad and banner blocking and cookie management, this is a list of new - features currently under development: - - - - - - - - Modularized configuration that will allow for system wide settings, and - individual user settings. - - - - A web based GUI configuration utility. + Multi-threaded. - Blocking of annoying pop-up browser windows (previously available as a - patch). + Auto-detection of config file changes. - - - Support for HTTP 1.1. - - - - - Support for Perl Compatible Regular Expressions in the configuration files, and - generally a more sophisticated configuration syntax. - - - - - - Web page content filtering. - - - + + In addition, the configuration is much more versatile overall. + + @@ -211,7 +174,7 @@ You can find the latest version of the user manual at Junkbuster Home Page - for current releases. Junkbuster is also available + for current release info. Junkbuster is also available via CVS. This is the recommended approach at this time. But please be aware that CVS @@ -226,8 +189,8 @@ You can find the latest version of the user manual at - Then, in either case, to build from source: + Then, in either case, to build from tarball/CVS source: - ./configure - make - su - make install + ./configure (--help to see options) + make (the make from gnu, gmake for *BSD) + su + make -n install (to see where all the files will go) + make install (to really install) @@ -277,6 +241,8 @@ You can find the latest version of the user manual at -    /usr/src/redhat/RPMS/i686/junkbuster-2.9.8-1.i686.rpm +    /usr/src/redhat/RPMS/i686/junkbuster-2.9.10-1.i686.rpm -    /usr/src/redhat/SRPMS/junkbuster-2.9.8-1.src.rpm +    /usr/src/redhat/SRPMS/junkbuster-2.9.10-1.src.rpm @@ -299,7 +265,7 @@ You can find the latest version of the user manual at + autoheader [suggested for CVS source] + autoconf [suggested for CVS source] ./configure make suse-dist @@ -329,10 +297,10 @@ You can find the latest version of the user manual at - rpm -Uvv /usr/src/suse/RPMS/i686/junkbuster-2.9.8-1.i686.rpm + rpm -Uvv /usr/src/packages/RPMS/i686/junkbuster-2.9.10-1.i686.rpm @@ -409,8 +377,8 @@ Thanx David Schmidt! Windows -I need help on this. Not a clue here. Also for -configuration section below. +Click-click. (I need help on this. Not a clue here. Also for +configuration section below. HB.) @@ -421,7 +389,7 @@ configuration section below. - For FreeBSD (and other *BSDs?), the build will need gmake + For FreeBSD (and other *BSDs?), the build will require gmake instead of the included make. gmake is available from http://www.gnu.org. The rest should be the same as above for Linux/Unix. @@ -446,9 +414,9 @@ configuration section below. - The installed defaults provide a reasonable starting point. For the - time being, there are only three default configuration files (this will - change in time): + The installed defaults provide a reasonable starting point, though possibly + aggressive by some standards. For the time being, there are only three + default configuration files (this will change in time): @@ -457,15 +425,22 @@ configuration section below. The main configuration file is named config - on Linux, Unix, BSD, and OS/2, and junkbustr.txt on - Windows. + on Linux, Unix, BSD, and OS/2, and config.txt on + Windows. On Amiga, it is + AmiTCP:db/junkbuster/config. - The actionsfile file is used to define various - actions relating to images, banners, pop-ups, banners and cookies. + The ijb.action file is used to define various + actions relating to images, banners, pop-ups, access + restrictions, banners and cookies. There is a CGI based editor for this + file that can be accessed via http://i.j.b. This is the easiest method of + configuring actions. (Still under active development. Other actions + files are included as well with differing levels of filtering + and blocking, e.g. ijb-basic.action.) @@ -480,14 +455,22 @@ configuration section below. - actionsfile and re_filterfile + ijb.action and re_filterfile can use Perl style regular expressions for maximum flexibility. All files use the # character to denote a comment. Such lines are not processed by Junkbuster. After - making any changes, restart Junkbuster in order - for the changes to take effect. + making any changes, there is no need to restart + Junkbuster in order for the changes to take + effect. Junkbuster should detect such changes + automatically. + + While under development, the configuration content is subject to change. + The below documentation may not be accurate by the time you read this. + Also, what constitutes a default setting, may change, so + please check all your configuration files on important issues. + @@ -495,7 +478,7 @@ configuration section below. The Main Configuration File Again, the main configuration file is named config on - Linux/Unix/BSD and OS/2, and junkbustr.txt on Windows. + Linux/Unix/BSD and OS/2, and config.txt on Windows. Configuration lines consist of an initial keyword followed by a list of values, all separated by whitespace (any number of spaces or tabs). For example: @@ -516,7 +499,7 @@ configuration section below. - The # indicates a comment. Any part of a + A # indicates a comment. Any part of a line following a # is ignored, except if the # is preceded by a \. @@ -540,7 +523,7 @@ configuration section below. There are various aspects of Junkbuster behavior - that can be adjusted. + that can be tuned. @@ -607,20 +590,21 @@ configuration section below. - The actionsfile contains patterns to specify the actions to + The ijb.action file contains patterns to specify the actions to apply to requests for each site. Default: Cookies to and from all - destinations are filtered. Popups are disabled for all sites. All sites are - filtered if re_filterfile specified. No sites are blocked. An empty image is - displayed for filtered ads and other images (formerly - tinygif). The syntax of this file is explained in detail - below. + destinations are kept only during the current browser session (i.e. they + are not saved to disk). Popups are disabled for all sites. All sites are + filtered if re_filterfile specified. No sites are blocked. An + empty image is displayed for filtered ads and other images (formerly + tinygif). The syntax of this file is explained in detail below. - actionsfile actionsfile + actionsfile ijb.action @@ -803,10 +787,10 @@ configuration section below. serve requests from other machines (e.g. on your local network) as well, you will need to override the default. The syntax is listen-address [<ip-address>]:<port>. If you leave - out the IP adress, junkbuster will bind to all + out the IP address, junkbuster will bind to all interfaces (addresses) on your machine and may become reachable from the - internet. In that case, consider using access control lists (acl's) (see - aclfile above). + Internet. In that case, consider using access control lists (acl's) (see + aclfile above), or a firewall. @@ -950,20 +934,22 @@ configuration section below. The Windows version of Junkbuster puts an icon in - the system tray, which allows you to change this option without having to - edit this file. If you right-click on that icon (or select the - Options menu), one choice is Enable. Clicking - on enable toggles Junkbuster on and off. This is - useful if you want to temporarily disable - Junkbuster, e.g., to access a site that requires - cookies which you normally have blocked. + the system tray, which also allows you to change this option. If you + right-click on that icon (or select the Options menu), one + choice is Enable. Clicking on enable toggles + Junkbuster on and off. This is useful if you want + to temporarily disable Junkbuster, e.g., to access + a site that requires cookies which you would otherwise have blocked. This can also + be toggled via a web browser at the Junkbuster + internal address of http://i.j.b on + any platform. toggle 1 means Junkbuster runs normally, toggle 0 means that Junkbuster becomes a non-anonymizing non-blocking - proxy. Default: 1. + proxy. Default: 1 (on). @@ -976,6 +962,84 @@ configuration section below. + + For content filtering, i.e. the +filter and + +deanimate-gif actions, it is neccessary that + Junkbuster buffers the entire document body. + This can be potentially dangerous, since a server could just keep sending + data indefinitely and wait for your RAM to exhaust. With nasty consequences. + + + + The buffer-limit option lets you set the maximum + size in Kbytes that each buffer may use. When the documents buffer exceeds + this size, it is flushed to the client unfiltered and no further attempt to + filter the rest of it is made. Remember that there may multiple threads + running, which might require increasing the buffer-limit + Kbytes each, unless you have enabled + single-threaded above. + + + + + + + buffer-limit 4069 + + + + + + + To enable the web-based ijb.action file editor set + enable-edit-actions to 1, or 0 to disable. Note + that you must have compiled JunkBuster with + support for this feature, otherwise this option has no effect. This + internal page can be reached at http://i.j.b. + + + + Security note: If this is enabled, anyone who can use the proxy + can edit the actions file, and their changes will affect all users. + For shared proxies, you probably want to disable this. Default: enabled. + + + + + + + enable-edit-actions 1 + + + + + + + Allow JunkBuster to be toggled on and off + remotely, using your web browser. Set enable-remote-toggleto + 1 to enable, and 0 to disable. Note that you must have compiled + JunkBuster with support for this feature, + otherwise this option has no effect. + + + + Security note: If this is enabled, anyone who can use the proxy can toggle + it on or off (see http://i.j.b), and + their changes will affect all users. For shared proxies, you probably want to + disable this. Default: enabled. + + + + + + + enable-remote-toggle 1 + + + + + @@ -1209,10 +1273,11 @@ configuration section below. Forwarding - This feature allows routing of HTTP requests via multiple proxies. + This feature allows chaining of HTTP requests via multiple proxies. It can be used to better protect privacy and confidentiality when accessing specific domains by routing requests to those domains - to a special purpose filtering proxy such as lpwa.com. + to a special purpose filtering proxy such as lpwa.com. Or to use + a caching proxy to speed up browsing. @@ -1339,8 +1404,8 @@ configuration section below. - Also, we're told they insist on getting cookies and JavaScript, so you need - to add home.com to the cookie file. We consider JavaScript a security risk. + Also, we're told they insist on getting cookies and JavaScript, so you should + add home.com to the cookie file. We consider JavaScript a security risk. Java need not be enabled. @@ -1354,7 +1419,7 @@ configuration section below. - forward_socks4 .* lpwa.com:8000 firewall.my_company.com:1080 + forward-socks4 .* lpwa.com:8000 firewall.my_company.com:1080 forward my_company.com . @@ -1369,7 +1434,7 @@ configuration section below. - forward_socks4a .* . firewall.my_company.com:1080 + forward-socks4a .* . firewall.my_company.com:1080 @@ -1467,8 +1532,11 @@ configuration section below. # Define junkbuster as parent cache + + cache_peer 127.0.0.1 parent 8000 0 no-query + # Define ACL for protocol FTP acl FTP proto FTP @@ -1674,12 +1742,16 @@ Removed references to Win32. HB 09/23/01 The Actions File - The actionsfile is used to define what actions + The ijb.action file (formerly + actionsfile) is used to define what actions Junkbuster takes, and thus determines how images, cookies and various other aspects of HTTP content and transactions are handled. Images can be anything you want, including ads, banners, or just some obnoxious image that you would rather not see. Cookies can be accepted - or rejected. The default file is in fact named actionsfile. + or rejected, or accepted only during the current browser session (i.e. + not written to disk). Changes to ijb.action should + be immediately visible to Junkbuster without + the need to restart. @@ -1690,10 +1762,18 @@ Removed references to Win32. HB 09/23/01 url="http://i.j.b/show-url-info">http://i.j.b/show-url-info. + + The actions file can be edited with a browser by loading + http://i.j.b/, and then select + Edit Actions. + + There are four types of lines in this file: comments (begin with a # character), actions, aliases and patterns, all of which are - explained below. + explained below, as well as the configuration file syntax that + Junkbuster understands. + @@ -1888,7 +1968,7 @@ Removed references to Win32. HB 09/23/01 So in this case JunkBuster would just be a normal, non-blocking, non-anonymizing proxy. You must specifically enable the privacy and blocking features you need (although the - provided default actionsfile file will + provided default ijb.action file will give a good starting point). @@ -1958,7 +2038,26 @@ Removed references to Win32. HB 09/23/01 - + + + + +downgrade will downgrade HTTP/1.1 client requests to + HTTP/1.0 and downgrade the responses as well. Use this action for servers + that use HTTP/1.1 protocol features that + Junkbuster doesn't handle well yet. HTTP/1.1 + is only partially implemented. Default is not to downgrade requests. + + + + + + +downgrade + + + + + + Many sites, like yahoo.com, don't just link to other sites. Instead, they @@ -2164,6 +2263,84 @@ Removed references to Win32. HB 09/23/01 + + + By default (i.e. in the absence of a +limit-connect + action), Junkbuster will only allow CONNECT + requests to port 443, which is the standard port for https as a + precaution. + + + + The CONNECT methods exists in HTTP to allow access to secure websites + (https:// URLs) through proxies. It works very simply: the proxy + connects to the server on the specified port, and then short-circuits + its connections to the client and to the remote proxy. + This can be a big security hole, since CONNECT-enabled proxies can + be abused as TCP relays very easily. + + + + If you want to allow CONNECT for more ports than this, or want to forbid + CONNECT altogether, you can specify a comma separated list of ports and + port ranges (the latter using dashes, with the minimum defaulting to 0 and + max to 65K): + + + + + + + +limit-connect{443} # This is the default and need no be specified. + +limit-connect{80,443} # Ports 80 and 443 are OK. + +limit-connect{-3, 7, 20-100, 500-} # Port less than 3, 7, 20 to 100 + #and above 500 are OK. + + + + + + + + + + +no-compression prevents the website from compressing the + data. Some websites do this, which can be a problem for + Junkbuster, since +filter, + +no-popup and +gif-deanimate will not work on + compressed data. This will slow down connections to those websites, + though. Default is nocompression is turned on. + + + + + + + +nocompression + + + + + + + + + If the website sets cookies, no-cookies-keep will make sure + they are erased when you exit and restart your web browser. This makes + profiling cookies useless, but won't break sites which require cookies so + that you can log in for transactions. Default: on. + + + + + + +no-cookies-keep + + + + + + Prevent the website from reading cookies: @@ -2267,13 +2444,16 @@ Removed references to Win32. HB 09/23/01 - # Turn off all cookies + # Turn off all persistant cookies { +no-cookies-read } { +no-cookies-set } + # Allow cookies for this browser session ONLY + { +no-cookies-keep } - # Execeptions to the above, sites that need cookies + # Execeptions to the above, sites that benefit from persistant cookies { -no-cookies-read } { -no-cookies-set } + { -no-cookies-keep } .javasoft.com .sun.com .yahoo.com @@ -2281,7 +2461,7 @@ Removed references to Win32. HB 09/23/01 .redhat.com # Alternative way of saying the same thing - {-no-cookies-set -no-cookies-read} + {-no-cookies-set -no-cookies-read -no-cookies-keep} .sourceforge.net .sf.net @@ -2398,13 +2578,15 @@ Removed references to Win32. HB 09/23/01 Aliases Custom actions, known to Junkbuster - as aliases, can be defined by combing other actions. + as aliases, can be defined by combining other actions. These can in turn be invoked just like the built-in actions. Currently, an alias can contain any character except space, tab, =, { or }. But please use only a- z, 0-9, +, and - -. Alias names are not case sensitive, and must be defined - before they are used. + -. Alias names are not case sensitive, and + must be defined before anything else in the + ijb.actionfile ! And there can only be one set of + aliases defined. @@ -2415,10 +2597,8 @@ Removed references to Win32. HB 09/23/01 - # Aliases + # Useful customer aliases we can use later. These must come first! {{alias}} - - # Useful aliases +no-cookies = +no-cookies-set +no-cookies-read -no-cookies = -no-cookies-set -no-cookies-read fragile = -block -no-cookies -filter -fast-redirects -hide-referer -no-popups @@ -2450,6 +2630,7 @@ Removed references to Win32. HB 09/23/01 {fragile} .office.microsoft.com .windowsupdate.microsoft.com + .nytimes.com # Shopping sites - still want to block ads. {shop} @@ -2541,38 +2722,136 @@ Removed references to Win32. HB 09/23/01 + + + + + + + +Templates + + When Junkbuster displays one of its internal + pages, such as a 404 Not Found error page, it uses the appropriate template. + On Linux, BSD, and Unix, these are locate in + /etc/junkbuster/templates by default. These may be + customized, if desired. + + + + + + + + Quickstart to Using Junkbuster - Install package, then run and enjoy! Be sure your browser is set to use - the proxy which is by default at localhost, port 8000. With - Netscape (and Mozilla), - this can be set under Edit -> Preferences -> Advanced -> - Proxies -> HTTP Proxy. For Internet - Explorer: Internet Properties -> Connections -> - LAN Setting. Then, check Use Proxy and fill in the - appropriate info (Address: localhost, Port: 8000). + Install package, then run and enjoy! Junbuster + accepts only one command line option -- the configuration file to be + used. Example Unix startup command: + + + + + + # /usr/sbin/junkbuster /etc/junkbuster/config + + + + + + An init script is provided for SuSE and Redhat. + + + +For for SuSE: /etc/rc.d/junkbuster start + + + +For RedHat: /etc/rc.d/init.d/junkbuster start + + + + + If no configuration file is specified on the command line, + Junkbuster will look for a file named + config in the current directory. Except on Amiga where + it will look for AmiTCP:db/junkbuster/config and Win32 + where it will try config.txt. If no file is specified + on the command line and no default configuration file can be found, + Junkbuster will fail to start. + + + + Be sure your browser is set to use the proxy which is by default at + localhost, port 8000. With Netscape (and + Mozilla), this can be set under Edit + -> Preferences -> Advanced -> Proxies -> HTTP Proxy. + For Internet Explorer: Tools > + Internet Properties -> Connections -> LAN Setting. Then, + check Use Proxy and fill in the appropriate info (Address: + localhost, Port: 8000). Include if HTTPS proxy support too. The included default configuration files should give a reasonable starting point, though may be somewhat aggressive in blocking junk. You will probably - want to keep an eye out for sites that require cookies, and add these to - actionsfile as needed. By default, most of these will - be blocked until you add them to the configuration. If you want the browser - to handle this, you will need to edit actionsfile and - disable this feature. If you use more than one browser, it would make more - sense to let Junkbuster handle this. In which - case, the browser(s) should be set to accept all cookies. + want to keep an eye out for sites that require persistant cookies, and add these to + ijb.action as needed. By default, most of these will + be accepted only during the current browser session, until you add them to + the configuration. If you want the browser to handle this instead, you will + need to edit ijb.action and disable this feature. If you + use more than one browser, it would make more sense to let + Junkbuster handle this. In which case, the + browser(s) should be set to accept all cookies. + + + + If a particular site shows problems loading properly, try adding it + to the {fragile} section of + ijb.action. This will turn off most actions for + this site. + + + + HTTP/1.1 support is not fully implemented. If browsers that + support HTTP/1.1 (like Mozilla or recent versions + of I.E.) experience problems, you might try to force HTTP/1.0 compatiblity. + For Mozilla, look under Edit -> Preferences -> Debug -> + Networking. Or set the +downgrade config option in + ijb.action. + + + + After running Junkbuster for a while, you can + start to fine tune the configuration to suit your personal, or site, + preferences and requirements. There are many, many aspects that can + be customized. Actions (as specified in ijb.action) + can be adjusted by pointing your browser to + http://i.j.b/, + and then follow the link to edit the actions list. + (This is an internal page and does not require Internet access.) + + + + In fact, various aspects of Junkbuster + configuration can be viewed from this page, including + current configuration parameters, source code version numbers, + the browser's request headers, and actions that apply + to a given URL. In addition to the ijb.action file + editor mentioned above, Junkbuster can also + be turned on and off from this page. If you encounter problems, please verify it is a Junkbuster bug, by disabling Junkbuster, and then trying the same page. - Before reporting it as a bug, see if there is not a configuration + Also, try another browser if possible to eliminate browser or site + problems. Before reporting it as a bug, see if there is not a configuration option that is enabled that is causing the page not to load. You can then add an exception for that page or site. If a bug, please report it to the developers (see below). @@ -2659,7 +2938,44 @@ communication (bugs, feature requests, etc.) See also -To be filled. What should go here :/ + + + + +   http://sourceforge.net/projects/ijbswa + + + + +   http://ijbswa.sourceforge.net/ + + + + +   http://i.j.b/ + + + + +   http://www.junkbusters.com/ht/en/cookies.html + + + + +   http://www.waldherr.org/junkbuster/ + + + + +   http://privacy.net/analyze/ + + + + +  http://www.squid-cache.org/ + + + @@ -2922,7 +3238,45 @@ communication (bugs, feature requests, etc.) Temple Place - Suite 330, Boston, MA 02111-1307, USA. $Log: user-manual.sgml,v $ - + Revision 1.26 2002/01/09 20:02:50 hal9 + Fix bug re: auto-detect config file changes. + + Revision 1.25 2002/01/09 18:20:30 hal9 + Touch ups for *.action files. + + Revision 1.24 2001/12/02 01:13:42 hal9 + Fix typo. + + Revision 1.23 2001/12/02 00:20:41 hal9 + Updates for recent changes. + + Revision 1.22 2001/11/05 23:57:51 hal9 + Minor update for startup now daemon mode. + + Revision 1.21 2001/10/31 21:11:03 hal9 + Correct 2 minor errors + + Revision 1.18 2001/10/24 18:45:26 hal9 + *** empty log message *** + + Revision 1.17 2001/10/24 17:10:55 hal9 + Catching up with Jon's recent work, and a few other things. + + Revision 1.16 2001/10/21 17:19:21 swa + wrong url in documentation + + Revision 1.15 2001/10/14 23:46:24 hal9 + Various minor changes. Fleshed out SEE ALSO section. + + Revision 1.13 2001/10/10 17:28:33 hal9 + Very minor changes. + + Revision 1.12 2001/09/28 02:57:04 hal9 + Ditto :/ + + Revision 1.11 2001/09/28 02:25:20 hal9 + Ditto. + Revision 1.9 2001/09/27 23:50:29 hal9 A few changes. A short section on regular expression in appendix.