X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=doc%2Fwebserver%2Ffaq%2Fconfiguration.html;h=a8de99ca7e11ead8d5053017b528b5bde90d0207;hb=2947590db0de0bd3c1baee0b51a98b8aec43a3df;hp=24a165336e2365f1cdb75b8c54148c82ec0937ee;hpb=0a3750f6302df8349b5be2e15a9a4fefe3c35889;p=privoxy.git diff --git a/doc/webserver/faq/configuration.html b/doc/webserver/faq/configuration.html index 24a16533..a8de99ca 100644 --- a/doc/webserver/faq/configuration.html +++ b/doc/webserver/faq/configuration.html @@ -1,11 +1,11 @@ +
Next |
# Allow all cookies for Yahoo login: +# +{ -crunch-incoming-cookies -crunch-outgoing-cookies -session-cookies-only } +.login.yahoo.com |
These kinds of sites are often quite complex and heavy with + Javascript and + thus "#" symbol. Make sure - it is uncommented, and assign it the address of the LAN gateway interface, - and port number to use:
"fragile". So if still a problem, + we have an alias just for such + sticky situations: +
listen-address 192.168.1.1:8118# Gmail is a _fragile_ site: +# +{ fragile } + # Gmail is ... + mail.google.com |
Save the file, and restart Privoxy. Configure - all browsers on the network then to use this address and port number.
Be sure to flush your browser's caches whenever making these kinds of + changes, just to make sure the changes "take". +Make sure the domain, host and path are appropriate as well. Your browser can + tell you where you are specifically and you should use that information for + your configuration settings. Note that above it is not referenced as + gmail.com, which is a valid domain name. +
This is a configuration option for images that - Privoxy is stopping. You have the choice of a checkerboard - pattern, a transparent 1x1 GIF image (aka 3.9. What's the difference between the +"blank"), or a custom - URL of your choice. Note that to fit this category, the URL must match both - the "Cautious", "+image""Medium" and "+block" actions.
"Advanced" defaults?If you want to see nothing, then change the Configuring Privoxy is not entirely trivial. To + help you get started, we provide you with three different default action + "+image-blocker" - action to "profiles" in the web based actions file editor at http://config.privoxy.org/show-status. + See the User + Manual for a list of actions, and how the default + profiles are set. +
Where the defaults are likely to break some sites, exceptions for
+ known popular "+image-blocker{blank}". This can be done from the
+>"problem" sites are included, but in
+ general, the more aggressive your default settings are, the more exceptions
+ you will have to make later. New users are best to start off in
"Edit Actions List" selection at "Cautious" setting. This is safest and will have the fewest
+ problems. See the http://p.p/. Or by hand editing the appropriate
- actions file. This will only effect what is defined as "images"User Manual
- though. Also, some URLs that generate the bright red It should be noted that the "Blocked"
- banner, can be moved to the "Advanced" profile (formerly known
+ as the "+image-blocker" section for the
- same reason, but there are some limits and risks to this (see below).
This can be helpful for troubleshooting problems. It might also be good - for anyone new to Privoxy so that they can - see if their favorite pages are displaying correctly, and +>"Adventuresome" profile) is more + aggressive, and will make use of some of Privoxy is not inadvertently removing something - important.
Privoxy's advanced features. Use at your own risk!These are URLs that match something in one of - Privoxy's block actions (+block). It is meant - to be a warning so that you know something has been blocked and an easy way - for you to see why. These are handled differently than what has been defined - explicitly as It may seem strange that regular users can edit the config files with their + browsers, although the whole /etc/privoxy hierarchy + belongs to the user "images" (e.g. ad banners). Depending on the - URL itself, it is sometimes hard for "privoxy", with only 644 permissions. +
When you use the browser-based editor, Privoxy to - really know whether there is indeed an ad image there or not. And there are - limitations as to what + itself is writing to the config files. Because + Privoxy can do to - is running as the user "fool" the browser.
"privoxy", + it can update its own config files. +For instance, if the ad is in a frame, then it is embedded in the separate - HTML page used for the frame. In this case, you cannot just substitute an - aribitray image (like we would for a "blank" image), for an HTML - page. The browser is expecting an HTML page, and that is what it must have - for frames. So this situation can be a little trickier to deal with, and - If you run Privoxy will use the "Blocked" page.
If you want these to be treated as if they were images, so that they can be - made invisible, you can try moving the offending URL from the - "+block" section to the "+imageblock" section of - your actions file. Just be forewarned, if any URL is made - for multiple untrusted users (e.g. in + a LAN), you will probably want to make sure that the the web-based + editor and remote toggle features are "invisible", you may not have any inkling that something has - been removed from that page, or why. If this approach does not work, then you are - probably dealing with a frame (or "ilayer"), and the only thing - that can go there is an HTML page of some sort.
To deal with this situation, you could modify the - "off" by setting "blockenable-edit-actions + 0" HTML template that is used by - Privoxy to display this, and make it something - more to your liking. Currently, there is no configuration option for this. - You will have to modify, or create your own page, and use this to replace - templates/blocked, which is what - Privoxy uses to display the and "Blocked""enable-remote-toggle - page.
" in the main configuration file. +Another way to deal with this is find why and where - Note that in the default configuration, only local users (i.e. those on + "localhost") can connect to Privoxy is blocking the frame, and - diable this. Then let the "+image-blocker" action - handle the ad that is embedded in the frame's HTML page.
, + so this is (normally) not a security problem. +The default.filter + file is where filters as supplied by the developers are defined. + Filters are a special subset of actions that can be used to modify or + remove, web page content on the fly. Filters apply to anything + in the page source (and optionally both client and server headers), including + HTML tags, and JavaScript. Regular expressions are used to accomplish this. + There are a number of pre-defined filters to deal with common annoyances. The + filters are only defined here, to invoke them, you need to use the + filter + action in one of the actions files. Filtering is automatically + disabled for inappropriate MIME types. Filters should + not be confused with blocks, which + is a completely different action, and is more typically used to block ads and + unwanted sites.
If you are familiar with regular expressions, and HTML, you can look at + the provided default.filter with a text editor and define + your own filters. This is potentially a very powerful feature, but + requires some expertise in both regular expressions and HTML/HTTP. + You should + place any modifications to the default filters, or any new ones you create + in a separate file, such as user.filter, so they won't + be overwritten during upgrades. + The ability to define multiple filter files + in config is a new feature as of v. 3.0.5.
There is no GUI editor option for this part of the configuration, + but you can disable/enable the various pre-defined filters of the included + default.filter file with the web-based actions file editor + Note + that the custom actions editor must be explicitly enabled in the main config file + (see enable-edit-actions).
There is not enough space to fit the entire page. Try right clicking on the - visible, red portion, and select By default, Privoxy only responds to requests + from 127.0.0.1 (localhost). To have it act as a server for + a network, this needs to be changed in the main configuration file. Look for + the listen-address + option, which may be commented out with a "Show Frame", or equivalent. - This will usually allow you to see the entire Privoxy "#" symbol. Make sure + it is uncommented, and assign it the address of the LAN gateway interface, + and port number to use. Assuming your LAN address is 192.168.1.1 and you + wish to run Privoxy on port 8118, this line + should look like:
listen-address 192.168.1.1:8118 |
Save the file, and restart Privoxy. Configure + all browsers on the network then to use this address and port number.
Alternately, you can have Privoxy listen on + all available interfaces:
listen-address :8118 |
And then use Privoxy's + permit-access + feature to limit connections. A firewall in this situation is recommended + as well.
The above steps should be the same for any TCP network, regardless of + operating system.
If you run Privoxy on a LAN with untrusted users, + we recommend that you double-check the access control and security + options!
The replacement for blocked images can be controlled with the set-image-blocker + action. You have the choice of a checkerboard pattern, a transparent 1x1 GIF + image (aka "Blocked""blank"), or a redirect to a custom image of your choice. + Note that this choice only has effect for images which are blocked as images, i.e. + whose URLs match both a handle-as-image + and block action.
If you want to see nothing, then change the set-image-blocker - page, and from there you can see just what is being blocked, and why.
to "blank". This can be done by editing the + user.action file, or through the web-based actions file editor.Remember that telling which image is an ad and which + isn't, is an educated guess. While we hope that the standard configuration + is rather smart, it will make occasional mistakes. The checkerboard image is visually + decent, and it shows you where images have been blocked, which can be very + helpful in case some navigation aid or otherwise innocent image was + erroneously blocked. It is recommended for new users so they can + "see" what is happening. Some people might also enjoy seeing how + many banners they don't have to see.
This happens when the banners are not embedded in the HTML code of the + page itself, but in separate HTML (sub)documents that are loaded into (i)frames + or (i)layers, and these external HTML documents are blocked. Being non-images + they get replaced by a substitute HTML page rather than a substitute image, + which wouldn't work out technically, since the browser expects and accepts + only HTML when it has requested an HTML document.
The substitute page adapts to the available space and shows itself as a + miniature two-liner if loaded into small frames, or full-blown with a + large red "BLOCKED" banner if space allows.
If you prefer the banners to be blocked by images, you must see to it that + the HTML documents in which they are embedded are not blocked. Clicking + the "See why" link offered in the substitute page will show + you which rule blocked the page. After changing the rule and un-blocking + the HTML documents, the browser will try to load the actual banner images + and the usual image blocking will (hopefully!) kick in.
Yes. Version 3.0.5 introduces full Windows service + functionality. See the User Manual for details on how to install and configure + Privoxy run as a service -on Win2K/NT? as a service.
Yes, it can run as a system service using Earlier 3.x versions could run as a system service using srvany.exe. - The only catch is that this will effectively disable the + See the discussion at http://sourceforge.net/tracker/?func=detail&atid=361118&aid=485617&group_id=11118, + for details, and a sample configuration.
This can be done and is often useful to combine the benefits of Privoxy icon in the taskbar. You can have - one or the other, but not both at this time :(
with those of a another proxy. + See the forwarding chapter + in the User Manual which + describes how to do this, and the How do I use Privoxy together with + Tor section below.There is a pending feature request for this functionality. See - thread: No, its more complicated than that. This only works with special kinds + of proxies known as "intercepting" proxies (see below).
The whole idea of Privoxy is to modify client requests + and server responses in all sorts of ways and therefore + it's not a transparent proxy as described in + http://sourceforge.net/tracker/?func=detail&atid=361118&aid=485617&group_id=11118, - for details, and a sample configuration.
RFC 2616.However, some people say "transparent proxy" when they + mean "intercepting proxy". If you are one of them, + please read the next entry.
Privoxy work with other -proxies like can't intercept traffic itself, + but it can handle requests that where intercepted and redirected + with a packet filter (like Squid?PF or + iptables), as long as the Host + header is present. +
As the Host header is required by HTTP/1.1 and as most + web sites don't work if it isn't set, this limitation shouldn't be a + problem.
Please refer to your packet filter's documentation to learn how to + intercept and redirect traffic into Privoxy. Afterward you just have + to configure Privoxy to + accept intercepted requests.
Outlook Express uses Internet Explorer + components to both render HTML, and fetch any HTTP requests that may be embedded in an HTML email. + So however you have Privoxy configured to work + with IE, this configuration should automatically be shared.
The short answer is, you can't. Privoxy has no way + of knowing which particular application makes a request, so there is no way to + distinguish between web pages and HTML mail. + Privoxy just blindly proxies all requests. In the + case of Outlook Express (see above), OE uses + IE anyway, and there is no way for Privoxy to ever + be able to distinguish between them (nor could any other proxy type application for + that matter).
For a good discussion of some of the issues involved (including privacy and + security issues), see + http://sourceforge.net/tracker/?func=detail&atid=211118&aid=629518&group_id=11118.
This can be done. See the user manual, - which describes how to do this.
Cookies can be + set in several ways. The classic method is via the + Set-Cookie HTTP header. This is straightforward, and an + easy one to manipulate, such as the Privoxy concept of + session-cookies-only. + There is also the possibility of using + Javascript to + set cookies (Privoxy calls these content-cookies). This + is trickier because the syntax can vary widely, and thus requires a certain + amount of guesswork. It is not realistic to catch all of these short of + disabling Javascript, which would break many sites. And lastly, if the + cookies are embedded in a HTTPS/SSL secure session via Javascript, they are beyond + Privoxy's reach.All in all, Privoxy can help manage cookies in general, can help minimize + the loss of privacy posed by cookies, but can't realistically stop all + cookies.
No, in fact there are many beneficial uses of + cookies. Cookies are just a + method that browsers can use to store data between pages, or between browser + sessions. Sometimes there is a good reason for this, and the user's life is a + bit easier as a result. But there is a long history of some websites taking + advantage of this layer of trust, and using the data they glean from you and + your browsing habits for their own purposes, and maybe to your potential + detriment. Such sites are using you and storing their data on your system. + That is why the privacy conscious watch from whom those cookies come, and why + they really need to be there.
See the + Wikipedia cookie + definition for more.
There are several actions that relate to cookies. The default behavior is to + allow only "session cookies", which means the cookies only last + for the current browser session. This eliminates most kinds of abuse related + to cookies. But there may be cases where you want cookies to last.
To disable all cookie actions, so that cookies are allowed unrestricted, + both in and out, for example.com:
{ -crunch-incoming-cookies -crunch-outgoing-cookies -session-cookies-only -filter{content-cookies} } + .example.com |
Place the above in user.action. Note that some of these may + be off by default anyway, so this might be redundant, but there is no harm + being explicit in what you want to happen. user.action + includes an alias for this situation, called + allow-all-cookies.
Each instance of Privoxy has its own + configuration, including such attributes as the TCP port that it listens on. + What you can do is run multiple instances of Privoxy, each with + a unique + listen-address + configuration setting, and configuration path, and then + each of these can have their own configurations. Think of it as per-port + configuration.
+ Simple enough for a few users, but for large installations, consider having + groups of users that might share like configurations.
Sure. There are a couple of things you can do for simple white-listing. + Here's one real easy one:
############################################################ + # Blacklist + ############################################################ + { +block } + / # Block *all* URLs + + ############################################################ + # Whitelist + ############################################################ + { -block } + kids.example.com + toys.example.com + games.example.com |
This allows access to only those three sites by first blocking all URLs, and + then subsequently allowing three specific exceptions.
A more interesting approach is Privoxy's + trustfile concept, which incorporates the notion of + "trusted referrers". See the User Manual Trust + documentation.
These are fairly simple approaches and are not completely foolproof. There + are various other configuration options that should be disabled (described + elsewhere here and in the User Manual) + so that users can't modify their own configuration and easily circumvent the + whitelist.
Ad blocking is achieved through a complex application of various Privoxy + actions. These + actions are deployed against simple images, banners, flash animations, + text pages, JavaScript, pop-ups and pop-unders, etc., so its not as simple as + just turning one or two actions off. The various actions that make up + Privoxy ad blocking are hard-coded into the default configuration files. It + has been assumed that everyone using Privoxy is interested in this + particular feature. +
If you want to do without this, there are several approaches you can take: + You can manually undo the many block rules in + default.action. Or even easier, just create your own + default.action file from scratch without the many ad + blocking rules, and corresponding exceptions. Or lastly, if you are not + concerned about the additional blocks that are done for privacy reasons, you + can very easily over-ride all blocking with the + following very simple rule in your user.action: +
# Unblock everybody, everywhere + { -block } + / # UN-Block *all* URLs |
+ Or even a more comprehensive reversing of various ad related actions:
# Unblock everybody, everywhere, and turn off appropriate filtering, etc + { -block \ + -filter{banners-by-size} \ + -filter{banners-by-link} \ + allow-popups \ + } + / # UN-Block *all* URLs and allow ads |
This last "action" in this compound statement, + allow-popups, is an alias that disables + various pop-up blocking features.
Privoxy "templates" are specialized text files utilized by + Privoxy for various purposes and can easily be modified using any text + editor. All the template pages are installed in a sub-directory appropriately + named: templates. Knowing something about HTML syntax + will of course be helpful. Be forewarned that the default templates are + subject to being overwritten during upgrades. You can, however, create + completely new templates by specifying an alternate path for them in the main + config, see the templdir option.
There is more than one way to do it.
Editing the BLOCKED template page (see above) may dissuade some users, but + this method is easily circumvented. Where you need this level of control, you + should build Privoxy from source, and enable various features that are + available as compile-time options. You should + configure the sources as follows:
./configure --disable-toggle --disable-editor --disable-force |
This will create an executable with hard-coded security features so that + Privoxy does not allow easy bypassing of blocked sites, or changing the + current configuration via any connected user's web browser.
Note that all of these features can also be toggled on/off via options in + Privoxy's main config file which + means you don't have to recompile anything.