X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=doc%2Fsource%2Fuser-manual.sgml;h=c23a4c70c1be79e790a1f68bb8a03b1c632da36c;hb=8566fa5928990558ee7fb10b2fb662ac3d20fb90;hp=886a200621e7bfd683ca125d7609c80d50d646d5;hpb=b23820b98f95fe68176ec2706f05e1044bac3900;p=privoxy.git
diff --git a/doc/source/user-manual.sgml b/doc/source/user-manual.sgml
index 886a2006..c23a4c70 100644
--- a/doc/source/user-manual.sgml
+++ b/doc/source/user-manual.sgml
@@ -14,7 +14,7 @@
-
+
@@ -35,7 +35,7 @@
Purpose : user manual
- Copyright (C) 2001-2020 Privoxy Developers https://www.privoxy.org/
+ Copyright (C) 2001-2023 Privoxy Developers https://www.privoxy.org/
See LICENSE.
========================================================================
@@ -54,7 +54,7 @@
- Copyright &my-copy; 2001-2020 by
+ Copyright &my-copy; 2001-2023 by
Privoxy Developers
@@ -133,7 +133,7 @@ Hal.
In addition to the core
features of ad blocking and
- cookie management,
+ cookie management,
Privoxy provides many supplemental
features,
that give the end-user more control, more privacy and more freedom:
@@ -302,12 +302,16 @@ How to install the binary packages depends on your operating system:
-FreeBSD
+FreeBSD and ElectroBSD
Privoxy is part of FreeBSD's Ports Collection, you can build and install
it with cd /usr/ports/www/privoxy; make install clean.
+
+ If your system is configured to install binary packages you can
+ try to install &my-app; with pkg install privoxy.
+
@@ -342,42 +346,42 @@ How to install the binary packages depends on your operating system:
Run the setup program and from View / Category select:
- Devel
- autoconf 2.5
- automake 1.15
- binutils
- cmake
- gcc-core
- gcc-g++
- git
- make
- mingw64-i686-gcc-core
- mingw64-i686-zlib
- Editors
- vim
- Libs
- libxslt: GNOME XSLT library (runtime)
- Net
- curl
- openssh
- Text
- docbook-dssl
- docbook-sgml31
- docbook-utils
- openjade
- Utils
- gnupg
- Web
- w3m
+Devel
+ autoconf 2.5
+ automake 1.15
+ binutils
+ cmake
+ gcc-core
+ gcc-g++
+ git
+ make
+ mingw64-i686-gcc-core
+ mingw64-i686-zlib
+Editors
+ vim
+Libs
+ libxslt: GNOME XSLT library (runtime)
+Net
+ curl
+ openssh
+Text
+ docbook-dssl
+ docbook-sgml31
+ docbook-utils
+ openjade
+Utils
+ gnupg
+Web
+ w3m
If you haven't already downloaded the Privoxy source code, get it now:
- mkdir <root-dir>
- cd <root-dir>
- git clone https://www.privoxy.org/git/privoxy.git
+mkdir <root-dir>
+cd <root-dir>
+git clone https://www.privoxy.org/git/privoxy.git
@@ -387,10 +391,10 @@ How to install the binary packages depends on your operating system:
unzip into <root-dir> and build the software:
- cd <root-dir>
- cd tidy-html5-x.y.z/build/cmake
- cmake ../.. -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIB:BOOL=OFF -DCMAKE_INSTALL_PREFIX=/usr/local
- make && make install
+cd <root-dir>
+cd tidy-html5-x.y.z/build/cmake
+cmake ../.. -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIB:BOOL=OFF -DCMAKE_INSTALL_PREFIX=/usr/local
+make && make install
@@ -398,14 +402,93 @@ How to install the binary packages depends on your operating system:
https://sourceforge.net/projects/nsis/files/NSIS%203/
- and extract the NSIS directory to privoxy/windows.
- Then edit the windows/GNUmakefile to set the location of the NSIS executable - eg:
+ and extract the NSIS directory to /<root-dir>/nsis/.
+ Then edit the windows/GNUmakefile to set the location
+ of the NSIS executable - eg:
# Path to NSIS
-MAKENSIS = ./nsis/makensis.exe
+MAKENSIS = /<root-dir>/nsis/makensis.exe
+
+ Get the latest 8.x PCRE code from
+ PCRE
+ https://sourceforge.net/projects/pcre/files/pcre/
+ and build the static PCRE libraries with
+
+
+export CFLAGS="-O2 -fstack-protector-strong -D_FORTIFY_SOURCE=2"
+export LDFLAGS="-fstack-protector-strong"
+export CPPFLAGS="-DPCRE_STATIC"
+
+./configure --host=i686-w64-mingw32 \
+ --prefix=/usr/local/i686-w64-mingw32 \
+ --enable-utf --enable-unicode-properties \
+ --enable-jit \
+ --enable-newline-is-anycrlf \
+ --enable-pcre16 \
+ --enable-pcre32 \
+ --disable-pcregrep-libbz2 \
+ --disable-pcregrep-libz \
+ --disable-pcretest-libreadline \
+ --disable-stack-for-recursion \
+ --enable-static --disable-shared \
+ && make
+
+
+
+
+
+ If you want to be able to have Privoxy do TLS Inspection, get the latest
+ 2.28.x MBED-TLS library source code from
+
+ https://github.com/Mbed-TLS/mbedtls/tags,
+ extract the tar file into <root-dir>
+ and build the static libraries with
+
+export WINDOWS_BUILD=1
+# build for a Windows platform
+
+unset DEBUG
+
+export CC=i686-w64-mingw32-gcc
+export LD=i686-w64-mingw32-gcc
+export CFLAGS="-O2 -fstack-protector-strong -D_FORTIFY_SOURCE=2"
+export LDFLAGS="${LDFLAGS} -fstack-protector-strong"
+
+make lib
+# build the libraries
+
+
+
+
+
+ Get the brotli library from
+
+ https://github.com/google/brotli/releases
+ and build the static libraries with
+
+./bootstrap
+# to create the GNU autotools files
+
+autoconf
+
+export CFLAGS="-O2 -fstack-protector-strong -D_FORTIFY_SOURCE=2"
+export LDFLAGS="${LDFLAGS} -fstack-protector-strong"
+
+./configure --host=i686-w64-mingw32 \
+ --prefix=/usr/local/i686-w64-mingw32 \
+ --enable-static \
+ --disable-shared \
+ --with-gnu-ld \
+ --disable-silent-rules \
+ && make
+
+
+
+
+
Build
@@ -414,8 +497,8 @@ MAKENSIS = ./nsis/makensis.exe
To build just the Privoxy executable and not the whole installation package, do:
- cd <root-dir>/privoxy
- ./windows/MYconfigure && make
+cd <root-dir>/privoxy
+./windows/MYconfigure && make
@@ -423,10 +506,10 @@ MAKENSIS = ./nsis/makensis.exe
for building software, so the process is:
- $ autoheader # creates config.h.in
- $ autoconf # uses config.h.in to create the configure shell script
- $ ./configure [options] # creates GNUmakefile
- $ make [options] # builds the program
+autoheader # creates config.h.in
+autoconf # uses config.h.in to create the configure shell script
+./configure [options] # creates GNUmakefile
+make [options] # builds the program
@@ -439,7 +522,8 @@ MAKENSIS = ./nsis/makensis.exe
--enable-zlib
--enable-static-linking
--disable-pthread
- --disable-dynamic-pcre
+ --with-brotli
+ --with-mbedtls
@@ -448,11 +532,11 @@ MAKENSIS = ./nsis/makensis.exe
- $ export CFLAGS="-O2" # set gcc optimization level
- $ export LDFLAGS="-Wl,--nxcompat" # Enable DEP
- $ ./configure --host=i686-w64-mingw32 --enable-mingw32 --enable-zlib \
- > --enable-static-linking --disable-pthread --disable-dynamic-pcre
- $ make # build Privoxy
+$ export CFLAGS="-O2" # set gcc optimization level
+$ export LDFLAGS="-Wl,--nxcompat" # Enable DEP
+$ ./configure --host=i686-w64-mingw32 --enable-mingw32 --enable-zlib \
+> --enable-static-linking --disable-pthread
+$ make # build Privoxy
@@ -592,8 +676,9 @@ MAKENSIS = ./nsis/makensis.exe
use, filtering, you will need to force compression off. Example:
- { +filter{google} +prevent-compression }
- .google.
+{ +filter{google} +prevent-compression }
+.google.
+
Or if you use a number of filters, or filter many sites, you may just want
to turn off compression for all sites in
@@ -659,7 +744,7 @@ MAKENSIS = ./nsis/makensis.exe
Set your browser to use Privoxy as HTTP and
- HTTPS (SSL) proxy
+ HTTPS (SSL) proxy
by setting the proxy configuration for address of
127.0.0.1 and port 8118.
DO NOT activate proxying for FTP or
@@ -672,7 +757,7 @@ MAKENSIS = ./nsis/makensis.exe
Flush your browser's disk and memory caches, to remove any cached ad images.
If using Privoxy to manage
- cookies,
+ cookies,
you should remove any currently stored cookies too.
@@ -1025,7 +1110,7 @@ MAKENSIS = ./nsis/makensis.exe
Before launching Privoxy for the first time, you
will want to configure your browser(s) to use
Privoxy as a HTTP and HTTPS (SSL)
- proxy. The default is
+ proxy. The default is
127.0.0.1 (or localhost) for the proxy address, and port 8118 (earlier versions
used port 8000). This is the one configuration step that must be done
!
@@ -1037,13 +1122,13 @@ MAKENSIS = ./nsis/makensis.exe
@@ -1054,7 +1139,7 @@ MAKENSIS = ./nsis/makensis.exe
- Tools -> Options -> Advanced -> Network ->Connection -> Settings
+ Edit -> Preferences -> Network Settings -> Settings
@@ -1111,7 +1196,7 @@ MAKENSIS = ./nsis/makensis.exe
After doing this, flush your browser's disk and memory caches to force a
re-reading of all pages and to get rid of any ads that may be cached. Remove
- any cookies,
+ any cookies,
if you want Privoxy to manage that. You are now
ready to start enjoying the benefits of using
Privoxy!
@@ -1134,7 +1219,7 @@ MAKENSIS = ./nsis/makensis.exe
file.
- # /etc/init.d/privoxy start
+# /etc/init.d/privoxy start
@@ -1155,7 +1240,7 @@ MAKENSIS = ./nsis/makensis.exe
To start Privoxy manually, run:
- # service privoxy onestart
+# service privoxy onestart
@@ -1183,7 +1268,7 @@ Click on the &my-app; Icon to start Privoxy. If no co
Example Unix startup command:
- # /usr/sbin/privoxy --user privoxy /etc/privoxy/config
+# /usr/sbin/privoxy --user privoxy /etc/privoxy/config
Note that if you installed Privoxy through
@@ -1759,7 +1844,7 @@ for details.
The default profiles, and their associated actions, as pre-defined in
default.action are:
-
Default Configurations
+
Default Configurations
@@ -2002,12 +2087,13 @@ for details.
might look like:
-
- { +handle-as-image +block{Banner ads.} }
- # Block these as if they were images. Send no block page.
- banners.example.com
- media.example.com/.*banners
- .example.com/images/ads/
+
+{ +handle-as-image +block{Banner ads.} }
+# Block these as if they were images. Send no block page.
+banners.example.com
+media.example.com/.*banners
+.example.com/images/ads/
+
You can trace this process for URL patterns and any given URL by visiting Regular
+ Regular
Expressions (POSIX 1003.2).
@@ -2207,7 +2293,7 @@ for details.
themselves. These work similarly to shell globbing type wild-cards:
* represents zero or more arbitrary characters (this is
equivalent to the
- Regular
+ Regular
Expression based syntax of .*),
? represents any single character (this is equivalent to the
regular expression syntax of a simple .), and you can define
@@ -2275,7 +2361,7 @@ for details.
Privoxy uses modern POSIX 1003.2
- Regular
+ Regular
Expressions for matching the path portion (after the slash),
and is thus more flexible.
@@ -2454,12 +2540,6 @@ for details.
-
-
- This is an experimental feature. The syntax is likely to change in future versions.
-
-
-
Client tag patterns are not set based on HTTP headers but based on
the client's IP address. Users can enable them themselves, but the
@@ -2545,8 +2625,9 @@ example.org/blocked-example-page
disabled. Syntax:
- +name # enable action name
- -name # disable action name
++name # enable action name
+-name # disable action name
+
Example: +handle-as-image
@@ -2558,10 +2639,11 @@ example.org/blocked-example-page
Parameterized, where some value is required in order to enable this type of action.
Syntax:
-
- +name{param} # enable action and set parameter to param,
- # overwriting parameter from previous match if necessary
- -name # disable action. The parameter can be omitted
+
++name{param} # enable action and set parameter to param,
+ # overwriting parameter from previous match if necessary
+-name # disable action. The parameter can be omitted
+
Note that if the URL matches multiple positive forms of a parameterized action,
the last match wins, i.e. the params from earlier matches are simply ignored.
@@ -2580,11 +2662,12 @@ example.org/blocked-example-page
that can be executed for the same request repeatedly, like adding multiple
headers, or filtering through multiple filters. Syntax:
-
- +name{param} # enable action and add param to the list of parameters
- -name{param} # remove the parameter param from the list of parameters
- # If it was the last one left, disable the action.
- -name # disable this action completely and remove all parameters from the list
+
++name{param} # enable action and add param to the list of parameters
+-name{param} # remove the parameter param from the list of parameters
+ # If it was the last one left, disable the action.
+-name # disable this action completely and remove all parameters from the list
+
Examples: +add-header{X-Fun-Header: Some text} and
+filter{html-annoyances}
@@ -2784,18 +2867,20 @@ example.org/blocked-example-page
Example usage (section):
- {+block{No nasty stuff for you.}}
+
+{+block{No nasty stuff for you.}}
# Block and replace with "blocked" page
- .nasty-stuff.example.com
+.nasty-stuff.example.com
{+block{Doubleclick banners.} +handle-as-image}
# Block and replace with image
- .ad.doubleclick.net
- .ads.r.us/banners/
+.ad.doubleclick.net
+.ads.r.us/banners/
{+block{Layered ads.} +handle-as-empty-document}
# Block and then ignore
- adserver.example.net/.*\.js$
+adserver.example.net/.*\.js$
+
@@ -2932,6 +3017,21 @@ example.org/blocked-example-page
one. This can be used to rewrite the request destination behind the client's
back, for example to specify a Tor exit relay for certain requests.
+
+ Note that to change the destination host for
+ https-inspected
+ requests a protocol and host has to be added to the URI.
+
+
+ If https inspection
+ is enabled, the protocol can be downgraded from https to http
+ but upgrading a request from http to https is currently not
+ supported.
+
+
+ After detecting a rewrite, &my-app; does not update the actions
+ used for the request based on the new host.
+
Please refer to the filter file chapter
to learn which client-header filters are available by default, and how to
@@ -2955,6 +3055,162 @@ example.org/blocked-example-page
+
+
+client-body-filter
+
+
+
+ Typical use:
+
+
+ Rewrite or remove client request body.
+
+
+
+
+
+ Effect:
+
+
+ All request bodies to which this action applies are filtered on-the-fly through
+ the specified regular expression based substitutions.
+
+
+
+
+
+ Type:
+
+
+ Multi-value.
+
+
+
+
+ Parameter:
+
+
+ The name of a client-body filter, as defined in one of the
+ filter files.
+
+
+
+
+
+ Notes:
+
+
+ Please refer to the filter file chapter
+ to learn how to create your own client-body filters.
+
+
+ The distribution default.filter file contains a selection of
+ client-body filters for example purposes.
+
+
+ The amount of data that can be filtered is limited by the
+ buffer-limit
+ option in the main config file. The
+ default is 4096 KB (4 Megs). Once this limit is exceeded, the whole
+ request body is passed through unfiltered.
+
+
+
+
+
+ Example usage (section):
+
+
+# Remove "test" everywhere in the request body
+{+client-body-filter{remove-test}}
+/
+
+
+
+
+
+
+
+
+
+
+client-body-tagger
+
+
+
+ Typical use:
+
+
+ Block requests based on the content of the body data.
+
+
+
+
+
+ Effect:
+
+
+ Client request bodies to which this action applies are filtered on-the-fly through
+ the specified regular expression based substitutions, the result is used as tag.
+
+
+
+
+
+ Type:
+
+
+ Multi-value.
+
+
+
+
+ Parameter:
+
+
+ The name of a client-body tagger, as defined in one of the
+ filter files.
+
+
+
+
+
+ Notes:
+
+
+ Please refer to the filter file chapter
+ to learn how to create your own client-body tagger.
+
+
+ Client-body taggers are applied to each request body on its own,
+ and as the body isn't modified, each tagger "sees" the original.
+
+
+ Chunk-encoded request bodies currently can't be tagged.
+ Request bodies larger than the buffer-limit can't be tagged either.
+
+
+
+
+
+ Example usage (section):
+
+
+# Apply blafasel tagger.
+{+client-body-tagger{blafasel}}
+/
+
+# Block request based on the tag created by the blafasel tagger.
+{+block{Request body contains blafasel}}
+TAG:^content contains blafasel$
+
+
+
+
+
+
+
@@ -3847,6 +4103,12 @@ problem-host.example.com
linkend="external-filter-syntax">syntax
may change in the future.
+
+ If you want to apply external filters to images or other content
+ that isn't text-based, enable the
+ force-text-mode
+ action as well.
+
@@ -3970,11 +4232,12 @@ problem-host.example.com
Example usage:
- { +fast-redirects{simple-check} }
- one.example.com
+{ +fast-redirects{simple-check} }
+one.example.com
- { +fast-redirects{check-decoded-url} }
- another.example.com/testing
+{ +fast-redirects{check-decoded-url} }
+another.example.com/testing
+
@@ -4054,15 +4317,15 @@ problem-host.example.com
Rolling your own
filters requires a knowledge of
- Regular
+ Regular
Expressions and
- HTML.
+ HTML.
This is very powerful feature, and potentially very intrusive.
Filters should be used with caution, and where an equivalent
action is not available.
- The amount of data that can be filtered is limited to the
+ The amount of data that can be filtered is limited by the
buffer-limit
option in the main config file. The
default is 4096 KB (4 Megs). Once this limit is exceeded, the buffered
@@ -4206,10 +4469,22 @@ problem-host.example.com
+filter{no-ping} # Removes non-standard ping attributes in <a> and <area> tags.
+
+
+
+ +filter{bundeswehr.de} # Hide the cookie and privacy info banner on bundeswehr.de.
+
+
+
+ +filter{github} # Removes the annoying "Sign-Up" banner and the Cookie disclaimer.+filter{google} # CSS-based block for Google text ads. Also removes a width limitation and the toolbar advertisement.
+
+
+
+ +filter{imdb} # Removes some ads on IMDb.
@@ -4222,6 +4497,10 @@ problem-host.example.com
+filter{blogspot} # Cleans up some Blogspot blogs. Read the fine print before using this.
+
+
+
+ +filter{sourceforge} # Reduces the amount of ads for proprietary software on SourceForge.
@@ -4768,11 +5047,14 @@ new action
Example usage:
- # Disarm the download link in Sourceforge's patch tracker
+
+# Disarm the download link in Sourceforge's patch tracker
{ -filter \
- +content-type-overwrite{text/plain}\
- +hide-content-disposition{block} }
- .sourceforge.net/tracker/download\.php
+ +content-type-overwrite{text/plain} \
+ +hide-content-disposition{block} \
+}
+.sourceforge.net/tracker/download\.php
+
@@ -5104,7 +5386,7 @@ new action
More information on known user-agent strings can be found at
http://www.user-agents.org/
and
- http://en.wikipedia.org/wiki/User_agent.
+ http://en.wikipedia.org/wiki/User_agent.
@@ -5112,7 +5394,7 @@ new action
Example usage:
- +hide-user-agent{Netscape 6.1 (X11; I; Linux 2.4.18 i686)}
+ +hide-user-agent{Mozilla/5.0 (X11; ElectroBSD i386; rv:78.0) Gecko/20100101 Firefox/78.0}
@@ -5162,12 +5444,12 @@ new action
This action allows &my-app; to filter encrypted requests and responses.
- For this to work &my-app; has to generate a certificate and send it
- to the client which has to accept it.
+ For this to work &my-app; has to generate a certificate for the web site
+ and send it to the client which has to accept it.
Before this works the directives in the
- TLS section
+ HTTPS inspection section
of the config file have to be configured.
@@ -5176,9 +5458,6 @@ new action
a pattern with path doesn't work as the path is only seen
by &my-app; if the action is already enabled.
-
- This is an experimental feature.
-
@@ -5260,7 +5539,7 @@ www.example.com
{+ignore-certificate-errors}
www.example.org
-
+
@@ -5517,19 +5796,20 @@ www.example.com
#
{ +filter{tiny-textforms} +prevent-compression }
# Match only these sites
- .google.
- sourceforge.net
- sf.net
+.google.
+sourceforge.net
+sf.net
# Or instead, we could set a universal default:
#
{ +prevent-compression }
- / # Match all sites
+/ # Match all sites
# Then maybe make exceptions for broken sites:
#
{ -prevent-compression }
-.compusa.com/
+.compusa.com/
+
@@ -5621,11 +5901,14 @@ new action
Example usage:
- # Let the browser revalidate without being tracked across sessions
+
+# Let the browser revalidate without being tracked across sessions
{ +hide-if-modified-since{-60} \
- +overwrite-last-modified{randomize} \
- +crunch-if-none-match}
-/
+ +overwrite-last-modified{randomize} \
+ +crunch-if-none-match \
+}
+/
+
@@ -5716,14 +5999,15 @@ new action
Example usages:
- # Replace example.com's style sheet with another one
+
+# Replace example.com's style sheet with another one
{ +redirect{http://localhost/css-replacements/example.com.css} }
- example.com/stylesheet\.css
+example.com/stylesheet\.css
# Create a short, easy to remember nickname for a favorite site
# (relies on the browser to accept and forward invalid URLs to &my-app;)
{ +redirect{https://www.privoxy.org/user-manual/actions-file.html} }
- a
+a
# Always use the expanded view for Undeadly.org articles
# (Note the $ at the end of the URL pattern to make sure
@@ -5752,6 +6036,10 @@ example.com/.*toChange=(?!bar)
# Redirect Destination = https://www.illumos.org/issues/4974
i[0-9][0-9][0-9][0-9]*/
+# Redirect requests for the old Tor Hidden Service of the Privoxy website to the new one
+{+redirect{s@^http://jvauzb4sb3bwlsnc.onion/@http://l3tczdiiwoo63iwxty4lhs6p7eaxop5micbn7vbliydgv63x5zrrrfyd.onion/@}}
+jvauzb4sb3bwlsnc.onion/
+
# Redirect remote requests for this manual
# to the local version delivered by Privoxy
{+redirect{s@^http://www@http://config@}}
@@ -5932,6 +6220,63 @@ TAG:^image/
+
+
+suppress-tag
+
+
+
+ Typical use:
+
+
+ Suppress client or server tag.
+
+
+
+
+
+ Effect:
+
+
+ Server or client tags to which this action applies are not added to the request,
+ thus making all actions that are specific to these request tags inactive.
+
+
+
+
+
+ Type:
+
+
+ Multi-value.
+
+
+
+
+ Parameter:
+
+
+ The result tag of a server-header or client-header tagger, as defined in one of the
+ filter files.
+
+
+
+
+
+ Example usage (section):
+
+
+# Suppress tag produced by range-requests client-header tagger for requests coming from address 10.0.0.1
+{+suppress-tag{RANGE-REQUEST}}
+TAG:^IP-ADDRESS: 10\.0\.0\.1$
+
+
+
+
+
+
+
+
session-cookies-only
@@ -6193,32 +6538,33 @@ TAG:^image/
- # Useful custom aliases we can use later.
- #
- # Note the (required!) section header line and that this section
- # must be at the top of the actions file!
- #
- {{alias}}
+# Useful custom aliases we can use later.
+#
+# Note the (required!) section header line and that this section
+# must be at the top of the actions file!
+#
+{{alias}}
- # These aliases just save typing later:
- # (Note that some already use other aliases!)
- #
- +crunch-all-cookies = +crunch-incoming-cookies +crunch-outgoing-cookies
- -crunch-all-cookies = -crunch-incoming-cookies -crunch-outgoing-cookies
- +block-as-image = +block{Blocked image.} +handle-as-image
- allow-all-cookies = -crunch-all-cookies -session-cookies-only -filter{content-cookies}
+# These aliases just save typing later:
+# (Note that some already use other aliases!)
+#
++crunch-all-cookies = +crunch-incoming-cookies +crunch-outgoing-cookies
+-crunch-all-cookies = -crunch-incoming-cookies -crunch-outgoing-cookies
++block-as-image = +block{Blocked image.} +handle-as-image
+allow-all-cookies = -crunch-all-cookies -session-cookies-only -filter{content-cookies}
- # These aliases define combinations of actions
- # that are useful for certain types of sites:
- #
- fragile = -block -filter -crunch-all-cookies -fast-redirects -hide-referrer -prevent-compression
+# These aliases define combinations of actions
+# that are useful for certain types of sites:
+#
+fragile = -block -filter -crunch-all-cookies -fast-redirects -hide-referrer -prevent-compression
- shop = -crunch-all-cookies -filter{all-popups}
+shop = -crunch-all-cookies -filter{all-popups}
- # Short names for other aliases, for really lazy people ;-)
- #
- c0 = +crunch-all-cookies
- c1 = -crunch-all-cookies
+# Short names for other aliases, for really lazy people ;-)
+#
+c0 = +crunch-all-cookies
+c1 = -crunch-all-cookies
+
...and put them to use. These sections would appear in the lower part of an
@@ -6227,28 +6573,29 @@ TAG:^image/
- # These sites are either very complex or very keen on
- # user data and require minimal interference to work:
- #
- {fragile}
- .office.microsoft.com
- .windowsupdate.microsoft.com
- # Gmail is really mail.google.com, not gmail.com
- mail.google.com
-
- # Shopping sites:
- # Allow cookies (for setting and retrieving your customer data)
- #
- {shop}
- .quietpc.com
- .worldpay.com # for quietpc.com
- mybank.example.com
+# These sites are either very complex or very keen on
+# user data and require minimal interference to work:
+#
+{fragile}
+.office.microsoft.com
+.windowsupdate.microsoft.com
+# Gmail is really mail.google.com, not gmail.com
+mail.google.com
- # These shops require pop-ups:
- #
- {-filter{all-popups} -filter{unsolicited-popups}}
- .dabs.com
- .overclockers.co.uk
+# Shopping sites:
+# Allow cookies (for setting and retrieving your customer data)
+#
+{shop}
+.quietpc.com
+.worldpay.com # for quietpc.com
+mybank.example.com
+
+# These shops require pop-ups:
+#
+{-filter{all-popups} -filter{unsolicited-popups}}
+.dabs.com
+.overclockers.co.uk
+
Aliases like shop and fragile are typically used for
@@ -6357,7 +6704,7 @@ for-privoxy-version=3.0.11
#
+crunch-all-cookies = +crunch-incoming-cookies +crunch-outgoing-cookies
-crunch-all-cookies = -crunch-incoming-cookies -crunch-outgoing-cookies
- +block-as-image = +block{Blocked image.} +handle-as-image
+ +block-as-image = +block{Blocked image.} +handle-as-image
mercy-for-cookies = -crunch-all-cookies -session-cookies-only -filter{content-cookies}
# These aliases define combinations of actions
@@ -6657,10 +7004,11 @@ handle-as-text = -filter +-filter +-filter }
- .your-home-banking-site.com
+.your-home-banking-site.com
+
Some file types you may not want to filter for various reasons:
@@ -6699,8 +7048,9 @@ stupid-server.example.com/
{ +block{Nasty ads.} }
- www.example.com/nasty-ads/sponsor\.gif
- another.example.net/more/junk/here/
+www.example.com/nasty-ads/sponsor\.gif
+another.example.net/more/junk/here/
+
The URLs of dynamically generated banners, especially from large banner
@@ -6716,10 +7066,11 @@ stupid-server.example.com/
{ +block-as-image }
- .doubleclick.net
- .fastclick.net
- /Realmedia/ads/
- ar.atwola.com/
+.doubleclick.net
+.fastclick.net
+/Realmedia/ads/
+ar.atwola.com/
+
Now you noticed that the default configuration breaks Forbes Magazine,
@@ -6735,9 +7086,10 @@ stupid-server.example.com/
{ fragile }
- .forbes.com
- webmail.example.com
- .mybank.com
+.forbes.com
+webmail.example.com
+.mybank.com
+
You like the fun text replacements in default.filter,
@@ -6748,7 +7100,8 @@ stupid-server.example.com/
{ +filter{fun} }
- / # For ALL sites!
+/ # For ALL sites!
+
Note that the above is not really a good idea: There are exceptions
@@ -6767,9 +7120,10 @@ stupid-server.example.com/
{ allow-ads }
- .sourceforge.net
- .slashdot.org
- .osdn.net
+.sourceforge.net
+.slashdot.org
+.osdn.net
+
Note that allow-ads has been aliased to
@@ -6787,7 +7141,8 @@ stupid-server.example.com/
{ handle-as-text }
- /.*\.sh$
+/.*\.sh$
+
user.action is generally the best place to define
@@ -6824,18 +7179,21 @@ stupid-server.example.com/
- &my-app; supports three different pcrs-based filter actions:
+ &my-app; supports four different pcrs-based filter actions:
filter to
rewrite the content that is send to the client,
client-header-filter
- to rewrite headers that are send by the client, and
+ to rewrite headers that are send by the client,
server-header-filter
- to rewrite headers that are send by the server.
+ to rewrite headers that are send by the server, and
+ client-body-filter
+ to rewrite client request body.
- &my-app; also supports two tagger actions:
- client-header-tagger
+ &my-app; also supports three tagger actions:
+ client-header-tagger,
+ client-body-tagger
and
server-header-tagger.
Taggers and filters use the same syntax in the filter files, the difference
@@ -6889,7 +7247,8 @@ stupid-server.example.com/
filter file is organized in sections, which are called filters
here. Each filter consists of a heading line, that starts with one of the
keywordsFILTER:,
- CLIENT-HEADER-FILTER: or SERVER-HEADER-FILTER:
+ CLIENT-HEADER-FILTER:, SERVER-HEADER-FILTER: or
+ CLIENT-BODY-FILTER:
followed by the filter's name, and a short (one line)
description of what it does. Below that line
come the jobs, i.e. lines that define the actual
@@ -6956,7 +7315,7 @@ stupid-server.example.com/
If you are new to
- Regular
+ Regular
Expressions, you might want to take a look at
the Appendix on regular expressions, and
see the Perl
@@ -7368,9 +7727,9 @@ pre-defined filters for your convenience:
banners-by-link
- This is an experimental filter that attempts to kill any banners if
- their URLs seem to point to known or suspected click trackers. It is currently
- not of much value and is not recommended for use by default.
+ This filter attempts to kill any banners if their URLs seem to point
+ to known or suspected click trackers. It is currently not of much value
+ and is not recommended for use by default.
@@ -7851,10 +8210,11 @@ Requests
The same is true for Privoxy binaries
- unless they are linked with
- mbed TLS in which
- case you can redistribute them and/or modify them under the terms
- of the GNU General Public License
+ unless they are linked with a
+ mbed TLS version
+ that is licensed under the Apache 2.0 license in which
+ case you can redistribute and/or modify the Privoxy
+ binaries under the terms of the GNU General Public License
as published by the Free Software Foundation, either version 3
of the license, or (at your option) any later version.
@@ -7867,11 +8227,37 @@ Requests
LicenseGNU General Public License version 2
-
+ GNU General Public License version 3
-
+
+
+
+Third-party licenses and copyrights
+
+ Privoxy depends on a couple of third-party libraries which have seperate licenses.
+ Please refer to the third-party websites for up-to-date license and copyright
+ information.
+
+
+ Privoxy depends on pcre.
+
+
+ When compiled with FEATURE_BROTLI (optional), Privoxy depends on
+ brotli.
+
+
+ When compiled with FEATURE_HTTPS_INSPECTION (optional),
+ Privoxy depends on a TLS library. The supported libraries are
+ LibreSSL,
+ mbed TLS 2.28.x and
+ OpenSSL.
+
+
+ When compiled with FEATURE_ZLIB (optional),
+ Privoxy depends on zlib.
+
@@ -8449,11 +8835,11 @@ Requests
- Matches for http://www.google.com:
+Matches for http://www.google.com:
- In file: default.action [ View ][ Edit ]
+In file: default.action [ View ][ Edit ]
- {+change-x-forwarded-for{block}
+{+change-x-forwarded-for{block}
+deanimate-gifs {last}
+fast-redirects {check-decoded-url}
+filter {refresh-tags}
@@ -8465,14 +8851,14 @@ Requests
+hide-from-header {block}
+hide-referrer {forge}
+session-cookies-only
- +set-image-blocker {pattern}
+ +set-image-blocker {pattern} }
/
- { -session-cookies-only }
- .google.com
+{ -session-cookies-only }
+.google.com
- { -fast-redirects }
- .google.com
+{ -fast-redirects }
+.google.com
In file: user.action [ View ][ Edit ]
(no matches in this file)
@@ -8535,64 +8921,64 @@ In file: user.action [ View ][ Edit ]
- Final results:
-
- -add-header
- -block
- +change-x-forwarded-for{block}
- -client-header-filter{hide-tor-exit-notation}
- -content-type-overwrite
- -crunch-client-header
- -crunch-if-none-match
- -crunch-incoming-cookies
- -crunch-outgoing-cookies
- -crunch-server-header
- +deanimate-gifs {last}
- -downgrade-http-version
- -fast-redirects
- -filter {js-events}
- -filter {content-cookies}
- -filter {all-popups}
- -filter {banners-by-link}
- -filter {tiny-textforms}
- -filter {frameset-borders}
- -filter {demoronizer}
- -filter {shockwave-flash}
- -filter {quicktime-kioskmode}
- -filter {fun}
- -filter {crude-parental}
- -filter {site-specifics}
- -filter {js-annoyances}
- -filter {html-annoyances}
- +filter {refresh-tags}
- -filter {unsolicited-popups}
- +filter {img-reorder}
- +filter {banners-by-size}
- +filter {webbugs}
- +filter {jumping-windows}
- +filter {ie-exploits}
- -filter {google}
- -filter {yahoo}
- -filter {msn}
- -filter {blogspot}
- -filter {no-ping}
- -force-text-mode
- -handle-as-empty-document
- -handle-as-image
- -hide-accept-language
- -hide-content-disposition
- +hide-from-header {block}
- -hide-if-modified-since
- +hide-referrer {forge}
- -hide-user-agent
- -limit-connect
- -overwrite-last-modified
- -prevent-compression
- -redirect
- -server-header-filter{xml-to-html}
- -server-header-filter{html-to-xml}
- -session-cookies-only
- +set-image-blocker {pattern}
+Final results:
+
+-add-header
+-block
++change-x-forwarded-for{block}
+-client-header-filter{hide-tor-exit-notation}
+-content-type-overwrite
+-crunch-client-header
+-crunch-if-none-match
+-crunch-incoming-cookies
+-crunch-outgoing-cookies
+-crunch-server-header
++deanimate-gifs {last}
+-downgrade-http-version
+-fast-redirects
+-filter {js-events}
+-filter {content-cookies}
+-filter {all-popups}
+-filter {banners-by-link}
+-filter {tiny-textforms}
+-filter {frameset-borders}
+-filter {demoronizer}
+-filter {shockwave-flash}
+-filter {quicktime-kioskmode}
+-filter {fun}
+-filter {crude-parental}
+-filter {site-specifics}
+-filter {js-annoyances}
+-filter {html-annoyances}
++filter {refresh-tags}
+-filter {unsolicited-popups}
++filter {img-reorder}
++filter {banners-by-size}
++filter {webbugs}
++filter {jumping-windows}
++filter {ie-exploits}
+-filter {google}
+-filter {yahoo}
+-filter {msn}
+-filter {blogspot}
+-filter {no-ping}
+-force-text-mode
+-handle-as-empty-document
+-handle-as-image
+-hide-accept-language
+-hide-content-disposition
++hide-from-header {block}
+-hide-if-modified-since
++hide-referrer {forge}
+-hide-user-agent
+-limit-connect
+-overwrite-last-modified
+-prevent-compression
+-redirect
+-server-header-filter{xml-to-html}
+-server-header-filter{html-to-xml}
+-session-cookies-only
++set-image-blocker {pattern}
@@ -8607,14 +8993,14 @@ In file: user.action [ View ][ Edit ]
- { +block{Domains starts with "ad"} }
- ad*.
+{ +block{Domains starts with "ad"} }
+ad*.
- { +block{Domain contains "ad"} }
- .ad.
+{ +block{Domain contains "ad"} }
+.ad.
- { +block{Doubleclick banner server} +handle-as-image }
- .[a-vx-z]*.doubleclick.net
+{ +block{Doubleclick banner server} +handle-as-image }
+.[a-vx-z]*.doubleclick.net
@@ -8648,68 +9034,68 @@ In file: user.action [ View ][ Edit ]
- Matches for http://www.example.net/adsl/HOWTO/:
-
- In file: default.action [ View ][ Edit ]
-
- {-add-header
- -block
- +change-x-forwarded-for{block}
- -client-header-filter{hide-tor-exit-notation}
- -content-type-overwrite
- -crunch-client-header
- -crunch-if-none-match
- -crunch-incoming-cookies
- -crunch-outgoing-cookies
- -crunch-server-header
- +deanimate-gifs
- -downgrade-http-version
- +fast-redirects {check-decoded-url}
- -filter {js-events}
- -filter {content-cookies}
- -filter {all-popups}
- -filter {banners-by-link}
- -filter {tiny-textforms}
- -filter {frameset-borders}
- -filter {demoronizer}
- -filter {shockwave-flash}
- -filter {quicktime-kioskmode}
- -filter {fun}
- -filter {crude-parental}
- -filter {site-specifics}
- -filter {js-annoyances}
- -filter {html-annoyances}
- +filter {refresh-tags}
- -filter {unsolicited-popups}
- +filter {img-reorder}
- +filter {banners-by-size}
- +filter {webbugs}
- +filter {jumping-windows}
- +filter {ie-exploits}
- -filter {google}
- -filter {yahoo}
- -filter {msn}
- -filter {blogspot}
- -filter {no-ping}
- -force-text-mode
- -handle-as-empty-document
- -handle-as-image
- -hide-accept-language
- -hide-content-disposition
- +hide-from-header{block}
- +hide-referer{forge}
- -hide-user-agent
- -overwrite-last-modified
- +prevent-compression
- -redirect
- -server-header-filter{xml-to-html}
- -server-header-filter{html-to-xml}
- +session-cookies-only
- +set-image-blocker{blank} }
- /
-
- { +block{Path contains "ads".} +handle-as-image }
- /ads
+Matches for http://www.example.net/adsl/HOWTO/:
+
+In file: default.action [ View ][ Edit ]
+
+{-add-header
+ -block
+ +change-x-forwarded-for{block}
+ -client-header-filter{hide-tor-exit-notation}
+ -content-type-overwrite
+ -crunch-client-header
+ -crunch-if-none-match
+ -crunch-incoming-cookies
+ -crunch-outgoing-cookies
+ -crunch-server-header
+ +deanimate-gifs
+ -downgrade-http-version
+ +fast-redirects {check-decoded-url}
+ -filter {js-events}
+ -filter {content-cookies}
+ -filter {all-popups}
+ -filter {banners-by-link}
+ -filter {tiny-textforms}
+ -filter {frameset-borders}
+ -filter {demoronizer}
+ -filter {shockwave-flash}
+ -filter {quicktime-kioskmode}
+ -filter {fun}
+ -filter {crude-parental}
+ -filter {site-specifics}
+ -filter {js-annoyances}
+ -filter {html-annoyances}
+ +filter {refresh-tags}
+ -filter {unsolicited-popups}
+ +filter {img-reorder}
+ +filter {banners-by-size}
+ +filter {webbugs}
+ +filter {jumping-windows}
+ +filter {ie-exploits}
+ -filter {google}
+ -filter {yahoo}
+ -filter {msn}
+ -filter {blogspot}
+ -filter {no-ping}
+ -force-text-mode
+ -handle-as-empty-document
+ -handle-as-image
+ -hide-accept-language
+ -hide-content-disposition
+ +hide-from-header{block}
+ +hide-referer{forge}
+ -hide-user-agent
+ -overwrite-last-modified
+ +prevent-compression
+ -redirect
+ -server-header-filter{xml-to-html}
+ -server-header-filter{html-to-xml}
+ +session-cookies-only
+ +set-image-blocker{blank} }
+/
+
+{ +block{Path contains "ads".} +handle-as-image }
+/ads
@@ -8727,8 +9113,8 @@ In file: user.action [ View ][ Edit ]
- { -block }
- /adsl
+{ -block }
+/adsl
@@ -8744,8 +9130,8 @@ In file: user.action [ View ][ Edit ]
- { +block{Path starts with "ads".} +handle-as-image }
- /ads
+{ +block{Path starts with "ads".} +handle-as-image }
+/ads
@@ -8761,12 +9147,12 @@ In file: user.action [ View ][ Edit ]
- { shop }
- .quietpc.com
- .worldpay.com # for quietpc.com
- .jungle.com
- .scan.co.uk
- .forbes.com
+{ shop }
+.quietpc.com
+.worldpay.com # for quietpc.com
+.jungle.com
+.scan.co.uk
+.forbes.com
@@ -8776,11 +9162,11 @@ In file: user.action [ View ][ Edit ]
- { -filter }
- # Disable ALL filter actions for sites in this section
- .forbes.com
- developer.ibm.com
- localhost
+{ -filter }
+# Disable ALL filter actions for sites in this section
+.forbes.com
+developer.ibm.com
+localhost
@@ -8806,10 +9192,11 @@ In file: user.action [ View ][ Edit ]
- { fragile }
- # Handle with care: easy to break
- mail.google.
- mybank.example.com
+{ fragile }
+# Handle with care: easy to break
+mail.google.
+mybank.example.com
+