X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=doc%2Fsource%2Fuser-manual.sgml;h=9d2e1ab9f689e53ec97a2585719fcf2efc4e1b8f;hb=8d9c02dc25976d840a8e371e07ac7552facf3f32;hp=28b581fe78700ddde5fc53bcaabd793dfede1daa;hpb=156eb857e612b8e125ba5d1448e953c42aa046cd;p=privoxy.git
diff --git a/doc/source/user-manual.sgml b/doc/source/user-manual.sgml
index 28b581fe..9d2e1ab9 100644
--- a/doc/source/user-manual.sgml
+++ b/doc/source/user-manual.sgml
@@ -33,7 +33,7 @@
This file belongs into
ijbswa.sourceforge.net:/home/groups/i/ij/ijbswa/htdocs/
- $Id: user-manual.sgml,v 2.30 2007/04/25 15:10:36 fabiankeil Exp $
+ $Id: user-manual.sgml,v 2.36 2007/08/26 16:47:14 fabiankeil Exp $
Copyright (C) 2001-2007 Privoxy Developers http://www.privoxy.org/
See LICENSE.
@@ -59,7 +59,7 @@
-$Id: user-manual.sgml,v 2.30 2007/04/25 15:10:36 fabiankeil Exp $
+$Id: user-manual.sgml,v 2.36 2007/08/26 16:47:14 fabiankeil Exp $
@@ -1886,7 +1898,7 @@ for details.
The default profiles, and their associated actions, as pre-defined in
- standard.action are:
+ standard.action are:
Default Configurations
@@ -2022,7 +2034,7 @@ for details.
edited from http://config.privoxy.org/show-status.
The over-riding principle when applying actions, is that the last action that
- matches a given URL, wins. The broadest, most general rules go first
+ matches a given URL wins. The broadest, most general rules go first
(defined in default.action),
followed by any exceptions (typically also in
default.action), which are then followed lastly by any
@@ -2041,15 +2053,15 @@ for details.
from consulting any previous file). And then below that,
exceptions to the defined universal policies. You can regard
user.action as an appendix to default.action,
- with the advantage that is a separate file, which makes preserving your
+ with the advantage that it is a separate file, which makes preserving your
personal settings across Privoxy upgrades easier.
Actions can be used to block anything you want, including ads, banners, or
- just some obnoxious URL that you would rather not see. Cookies can be accepted
+ just some obnoxious URL whose content you would rather not see. Cookies can be accepted
or rejected, or accepted only during the current browser session (i.e. not
- written to disk), content can be modified, JavaScripts tamed, user-tracking
+ written to disk), content can be modified, some JavaScripts tamed, user-tracking
fooled, and much more. See below for a complete list
of actions.
@@ -2068,7 +2080,7 @@ for details.
will have to make later. If, for example, you want to crunch all cookies per
default, you'll have to make exceptions from that rule for sites that you
regularly use and that require cookies for actually useful purposes, like maybe
- your bank, favorite shop, or newspaper.
+ your bank, favorite shop, or newspaper.
@@ -2166,7 +2178,7 @@ for details.
- Generally, a URL pattern has the form
+ Generally, an URL pattern has the form
<domain>/<path>, where both the
<domain> and <path> are
optional. (This is why the special / pattern matches all
@@ -2204,7 +2216,16 @@ for details.
- www.example.com/index.html
+ www.example.com/index.html$
+
+
+ matches all the documents on www.example.com
+ whose name starts with /index.html.
+
+
+
+
+ www.example.com/index.html$
matches only the single document /index.html
@@ -2213,7 +2234,7 @@ for details.
- /index.html
+ /index.html$
matches the document /index.html, regardless of the domain,
@@ -2225,7 +2246,7 @@ for details.
index.html
- matches nothing, since it would be interpreted as a domain name and
+ matches nothing, since it would be interpreted as a domain name and
there is no top-level domain called .html. So its
a mistake.
@@ -2387,7 +2408,7 @@ for details.
- .example.com/.*/index.html
+ .example.com/.*/index.html$
Will match any page in the domain of example.com that is
@@ -2402,7 +2423,7 @@ for details.
- .example.com/(.*/)?index\.html
+ .example.com/(.*/)?index\.html$
This regular expression is conditional so it will match any page
@@ -2442,8 +2463,6 @@ for details.
-
-
@@ -2453,15 +2472,15 @@ for details.
Tag patterns are used to change the applying actions based on the
request's tags. Tags can be created with either the
- client-header-tagger
- or the server-header-tagger action.
+ client-header-tagger
+ or the server-header-tagger action.
Tag patterns have to start with TAG:, so &my-app;
can tell them apart from URL patterns. Everything after the colon
including white space, is interpreted as a regular expression with
- path patterns syntax, except that tag patterns aren't left-anchored
+ path pattern syntax, except that tag patterns aren't left-anchored
automatically (Privoxy doesn't silently add a ^,
you have to do it yourself if you need it).
@@ -2471,6 +2490,7 @@ for details.
your pattern line should be TAG:^foo$,
TAG:foo would work as well, but it would also
match requests whose tags contain foo somewhere.
+ TAG: foo wouldn't work as it requires white space.
@@ -2572,7 +2592,7 @@ for details.
the last match wins, i.e. the params from earlier matches are simply ignored.
- Example: +hide-user-agent{ Mozilla 1.0 }
+ Example: +hide-user-agent{Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.1.4) Gecko/20070602 Firefox/2.0.0.4}
@@ -2604,14 +2624,14 @@ for details.
If nothing is specified in any actions file, no actions are
taken. So in this case Privoxy would just be a
- normal, non-blocking, non-anonymizing proxy. You must specifically enable the
+ normal, non-blocking, non-filtering proxy. You must specifically enable the
privacy and blocking features you need (although the provided default actions
files will give a good starting point).
- Later defined actions always over-ride earlier ones. So exceptions
- to any rules you make, should come in the latter part of the file (or
+ Later defined action sections always over-ride earlier ones of the same type.
+ So exceptions to any rules you make, should come in the latter part of the file (or
in a file that is processed later when using multiple actions files such
as user.action). For multi-valued actions, the actions
are applied in the order they are specified. Actions files are processed in
@@ -2869,6 +2889,7 @@ for details.
create your own.
+
@@ -2942,7 +2963,7 @@ for details.
Client-header taggers are the first actions that are executed
and their tags can be used to control every other action.
-
+
@@ -2964,9 +2985,6 @@ for details.
-
content-type-overwrite
@@ -3209,12 +3227,12 @@ new action
It is also useful to make sure the header isn't used as a cookie
- replacement.
+ replacement (unlikely but possible).
Blocking the If-None-Match: header shouldn't cause any
caching problems, as long as the If-Modified-Since: header
- isn't blocked as well.
+ isn't blocked or missing as well.
It is recommended to use this action together with
@@ -3229,8 +3247,9 @@ new action
Example usage (section):
- # Let the browser revalidate cached documents without being tracked across sessions
-{ +hide-if-modified-since{-60} \
+ # Let the browser revalidate cached documents but don't
+# allow the server to use the revalidation headers for user tracking.
+{+hide-if-modified-since{-60} \
+overwrite-last-modified{randomize} \
+crunch-if-none-match}
/
@@ -3250,7 +3269,7 @@ new action
Typical use:
- Prevent the web server from setting any cookies on your system
+ Prevent the web server from setting HTTP cookies on your system
@@ -3285,10 +3304,10 @@ new action
Notes:
- This action is only concerned with incoming cookies. For
- outgoing cookies, use
+ This action is only concerned with incoming HTTP cookies. For
+ outgoing HTTP cookies, use
crunch-outgoing-cookies.
- Use both to disable cookies completely.
+ Use both to disable HTTP cookies completely.
It makes no sense at all to use this action in conjunction
@@ -3401,7 +3420,7 @@ new action
Typical use:
- Prevent the web server from reading any cookies from your system
+ Prevent the web server from reading any HTTP cookies from your system
@@ -3436,10 +3455,10 @@ new action
Notes:
- This action is only concerned with outgoing cookies. For
- incoming cookies, use
+ This action is only concerned with outgoing HTTP cookies. For
+ incoming HTTP cookies, use
crunch-incoming-cookies.
- Use both to disable cookies completely.
+ Use both to disable HTTP cookies completely.
It makes no sense at all to use this action in conjunction
@@ -3575,8 +3594,8 @@ new action
This is a left-over from the time when Privoxy
didn't support important HTTP/1.1 features well. It is left here for the
unlikely case that you experience HTTP/1.1 related problems with some server
- out there. Not all (optional) HTTP/1.1 features are supported yet, so there
- is a chance you might need this action.
+ out there. Not all HTTP/1.1 features and requirements are supported yet,
+ so there is a chance you might need this action.
@@ -3706,7 +3725,7 @@ problem-host.example.com
{ +fast-redirects{simple-check} }
- .example.com
+ one.example.com
{ +fast-redirects{check-decoded-url} }
another.example.com/testing
@@ -3927,7 +3946,7 @@ problem-host.example.com
- +filter{ie-exploits} # Disable some known Internet Explorer bug exploits
+ +filter{ie-exploits} # Disable a known Internet Explorer bug exploits
@@ -4051,7 +4070,7 @@ new action
Effect:
- Overrules the forward directives in the configuration files.
+ Overrules the forward directives in the configuration file.
@@ -4078,17 +4097,17 @@ new action
- forward-socks4a 127.0.0.1:9050 . to use the socks4a proxy listening at 127.0.0.1 port 9050.
- Replace forward-socks4a with forward-socks4 to use a socks4 connection (with local DNS
- resolution) instead.
+ forward-socks4a 127.0.0.1:9050 . to use the socks4a proxy listening at
+ 127.0.0.1 port 9050. Replace forward-socks4a with forward-socks4
+ to use a socks4 connection (with local DNS resolution) instead.
forward-socks4a 127.0.0.1:9050 proxy.example.org:8000 to use the socks4a proxy
listening at 127.0.0.1 port 9050 to reach the HTTP proxy listening at proxy.example.org port 8000.
- Replace forward-socks4a with forward-socks4 to use a socks4 connection (with local DNS
- resolution) instead.
+ Replace forward-socks4a with forward-socks4 to use a socks4 connection
+ (with local DNS resolution) instead.
@@ -4116,7 +4135,7 @@ new action
to exit.
- Use the show-url-info CGI page
+ Use the show-url-info CGI page
to verify that your forward settings do what you thought the do.
@@ -4138,7 +4157,7 @@ new action
-hide-if-modified-since \
-overwrite-last-modified \
}
-TAG:^User-Agent: fetch libfetch/2.0$
+TAG:^User-Agent: fetch libfetch/2\.0$
@@ -4303,7 +4322,7 @@ example.org/.*\.js$
# blocked as images:
#
{+block +handle-as-image}
-some.nasty-banner-server.com/junk.cgi?output=trash
+some.nasty-banner-server.com/junk.cgi\?output=trash
# Banner source! Who cares if they also have non-image content?
ad.doubleclick.net
@@ -4468,6 +4487,10 @@ new action
to another one, but in most cases it isn't worth the time to set
it up.
+
+ This action will probably be removed in the future,
+ use server-header filters instead.
+
@@ -4578,14 +4601,11 @@ new action
hide-forwarded-for-headers
-
Typical use:
- Improve privacy by hiding the true source of the request
+ Improve privacy by not embedding the source of the request in the HTTP headers.
@@ -4620,13 +4640,7 @@ new action
Notes:
- It is fairly safe to leave this on.
-
-
- This action is scheduled for improvement: It should be able to generate forged
- X-Forwarded-for: headers using random IP addresses from a specified network,
- to make successive requests from the same client look like requests from a pool of different
- users sharing the same proxy.
+ It is safe to leave this on.
@@ -4752,6 +4766,11 @@ new action
conditional-block to delete the header completely if the host has changed.
+
block to delete the header unconditionally.
@@ -4884,7 +4903,10 @@ new action
(Must be just a silly MS goof, I'm sure :-).
- This action is scheduled for improvement.
+ More information on known user-agent strings can be found at
+ http://www.user-agents.org/
+ and
+ http://en.wikipedia.org/wiki/User_agent.
@@ -4950,7 +4972,12 @@ new action
allow execution of code on the target system, giving an attacker access
to the system in question by merely planting an altered JPEG image, which
would have no obvious indications of what lurks inside. This action
- prevents unwanted intrusion.
+ prevents this exploit.
+
+
+ Note that the described exploit is only one of many,
+ using this action does not mean that you no longer
+ have to patch the client.
@@ -4966,8 +4993,6 @@ new action
-
-
kill-popups<anchor id="kill-popup">
@@ -5642,6 +5667,7 @@ my-internal-testing-server.void
to learn which server-header filters are available by default, and how to
create your own.
+
@@ -5726,6 +5752,7 @@ example.org/instance-that-is-delivered-as-xml-but-is-not
doesn't prevent the request from showing up in the server's log file.
+
@@ -8930,6 +8957,34 @@ In file: user.action [ View ][ Edit ]