Again, the main configuration file is named 7.1. Local Set-up Documentation7.1. Local Set-up Documentation
If you intend to operate 7.1.1. user-manual7.1.1. user-manual The User Manual is then available to anyone with access to the proxy, by
- following the built-in URL: The User Manual is then available to anyone with access to
+ Privoxy, by following the built-in URL:
+ http://config.privoxy.org/user-manual/
@@ -332,8 +339,8 @@ CLASS="SECT3"
CLASS="SECT3"
>7.1.2. trust-info-url7.1.2. trust-info-url Two example URL are provided If you use the trust mechanism, it is a good idea to write up some on-line
@@ -400,8 +413,8 @@ CLASS="SECT3"
CLASS="SECT3"
>7.1.3. admin-address7.1.3. admin-address An email address to reach the proxy administrator.
+> An email address to reach the Privoxy administrator.
7.2.1. confdir7.2.1. confdir The directory where the other configuration files are located An alternative directory where the templates are loaded from Privoxy's original templates are usually overwritten
- with each update. Use this option to relocate customized templates
- that should be kept. Note that you might be missing new features
- if you use outdated templates.
+> Privoxy's original templates are usually
+ overwritten with each update. Use this option to relocate customized
+ templates that should be kept. As template variables might change
+ between updates, you shouldn't expect templates to work with
+ Privoxy releases other than the one
+ they were part of, though.
The directory where all logging takes place (i.e. where The directory where all logging takes place
+ (i.e. where the logfile and
- jarfile are located)
+> is located).
standard.action # Internal purposes, no editing recommended
default.action # Main actions file
default.action # Main actions fileuser.action # User customizations
user.action # User customizations- The default values include standard.action, which is used for internal - purposes and should be loaded, default.action, which is the + The default values are default.action, which is the "main"
- Actions files are where all the per site and per URL configuration is done for + Actions files contain all the per site and per URL configuration for ad blocking, cookie management, privacy considerations, etc. There is no point in using 7.2.5. filterfile7.2.5. filterfileregular expressions. These rules permit powerful changes on the content of Web pages, and optionally the headers - as well, e.g., you could disable your favorite JavaScript annoyances, + as well, e.g., you could try to disable your favorite JavaScript annoyances, re-write the actual displayed text, or just have some fun playing buzzword bingo with web pages.
7.2.6. logfile7.2.6. logfilelogfile (Unix) Unset (commented out). When activated: logfile (Unix) or privoxy.log (Windows)
privoxy.log (Windows).No log file is used, all log messages go to the console (STDERR). +> No logfile is written.
Depending on the debug options below, the logfile may be a privacy risk + if third parties can get access to it. As most users will never look + at it, Privoxy 3.0.7 and later only log fatal + errors by default. +
For most troubleshooting purposes, you will have to change that, + please refer to the debugging section for details.
Your logfile will grow indefinitely, and you will probably want to @@ -1088,30 +1128,18 @@ CLASS="APPLICATION" (see "man cron"). For Red Hat, a ). For Red Hat based Linux distributions, a + logrotate - script has been included. -
On SuSE Linux systems, you can place a line like "/var/log/privoxy.* - +1024k 644 nobody.nogroup" in /etc/logfiles, with - the effect that cron.daily will automatically archive, gzip, and empty the - log, when it exceeds 1M size. +> script has been included.
Any log files must be writable by whatever user Privoxy - is being run as (default on UNIX, user id is "privoxy"). @@ -1125,71 +1153,9 @@ CLASS="SECT3" >
The file to store intercepted cookies in -
File name, relative to logdir
Unset (commented out). When activated: jarfile (Unix) or privoxy.jar (Windows)
Intercepted cookies are not stored in a dedicated log file. -
The jarfile may grow to ridiculous sizes over time. -
If debug 8 (show header parsing) is enabled, cookies are - written to the logfile with the rest of the headers. -
These options are mainly useful when tracing a problem. Note that you might also want to invoke @@ -1357,8 +1323,8 @@ CLASS="SECT3" CLASS="SECT3" >7.3.1. debug7.3.1. debug
Key values that determine what information gets logged to the - logfile. +> Key values that determine what information gets logged.
12289 (i.e.: URLs plus informational and warning messages)
0 (i.e.: only fatal errors (that cause Privoxy to exit) are logged)Nothing gets logged. +> Default value is used (see above).
debug 1 # show each GET/POST/CONNECT request - debug 2 # show each connection status - debug 4 # show I/O status - debug 8 # show header parsing - debug 16 # log all data written to the network into the logfile - debug 32 # debug force feature - debug 64 # debug regular expression filters - debug 128 # debug redirects - debug 256 # debug GIF de-animation - debug 512 # Common Log Format - debug 1024 # debug kill pop-ups - debug 2048 # CGI user interface - debug 4096 # Startup banner and warnings. - debug 8192 # Non-fatal errorsdebug 1 # Log the destination for each request Privoxy let through. See also debug 1024. + debug 2 # show each connection status + debug 4 # show I/O status + debug 8 # show header parsing + debug 16 # log all data written to the network into the logfile + debug 32 # debug force feature + debug 64 # debug regular expression filters + debug 128 # debug redirects + debug 256 # debug GIF de-animation + debug 512 # Common Log Format + debug 1024 # Log the destination for requests Privoxy didn't let through, and the reason why. + debug 2048 # CGI user interface + debug 4096 # Startup banner and warnings. + debug 8192 # Non-fatal errors
The reporting of fatal errors (i.e. ones which causes - Privoxy to exit) is always on and cannot be disabled. +> used to ship with the debug levels recommended above enabled by + default, but due to privacy concerns 3.0.7 and later are configured to + only log fatal errors. +
If you are used to the more verbose settings, simply enable the debug lines + below again.
If you want to use CLF (Common Log Format), you should set If you want to use pure CLF (Common Log Format), you should set "debug 512""... [too long, truncated]".
Please don't file any support requests without trying to reproduce + the problem with increased debug level first. Once you read the log + messages, you may even be able to solve the problem on your own. +
Whether to run only one server thread +> Whether to run only one server thread.
This option is only there for debug purposes and you should never - need to use it. This option is only there for debugging purposes. +
The hostname shown on the CGI pages. +
Text
Unset
The hostname provided by the operating system is used. +
On some misconfigured systems resolving the hostname fails or + takes too much time and slows Privoxy down. Setting a fixed hostname + works around the problem. +
In other circumstances it might be desirable to show a hostname + other than the one returned by the operating system. For example + if the system has several different hostnames and you don't want + to use the first one. +
Note that Privoxy does not validate the specified hostname value. +
This section of the config file controls the security-relevant aspects
of 7.4.1. listen-address7.4.1. listen-address The windows version will only display the toggle icon in the system tray
@@ -1795,8 +1817,8 @@ CLASS="SECT3"
CLASS="SECT3"
>7.4.3. enable-remote-toggle7.4.3. enable-remote-toggle 1 For the time being, access to the toggle feature can Access to the toggle feature can Note that malicious client side code (e.g Java) is also
+ capable of using this option.
+ As a lot of Privoxy users don't read
+ documentation, this feature is disabled by default.
+ Note that you must have compiled Privoxy7.4.4. enable-remote-http-toggle7.4.4. enable-remote-http-toggle 1 If you are using This feature is disabled by default. If you are using
+ Privoxy in a
- multi-user environment or with untrustworthy clients and want to
- enforce filtering, you will have to disable this option,
- otherwise you can ignore it.
+> in a environment with trusted clients,
+ you may enable this feature at your discretion. Note that malicious client
+ side code (e.g Java) is also capable of using this feature.
+ This option will be removed in future releases as it has been obsoleted
+ by the more general header taggers.
1 For the time being, access to the editor can Access to the editor can listen-address above) can
- modify its configuration for all users. So this option is This option is not
- recommendednot recommended Note that malicious client side code (e.g Java) is also
+ capable of using the actions editor and you shouldn't enable
+ this options unless you understand the consequences and are
+ sure your browser is configured correctly.
Note that you must have compiled 7.4.6. enforce-blocks7.4.6. enforce-blocks Please see the warnings in the FAQ that this proxy is not intended to be a substitute
- for a firewall or to encourage anyone to defer addressing basic security
- weaknesses.
+> Please see the warnings in the FAQ that Privoxy
+ is not intended to be a substitute for a firewall or to encourage anyone
+ to defer addressing basic security weaknesses.
Multiple ACL lines are OK.
@@ -2467,8 +2519,8 @@ CLASS="SECT3"
CLASS="SECT3"
>7.4.8. buffer-limit7.4.8. buffer-limit This feature allows routing of HTTP requests through a chain of
multiple proxies. With forward-socks5 the DNS resolution will happen on the remote server as well.
+ If To chain Privoxy and Tor, both running on the same system, you should use
- the rule:
+> To chain Privoxy and Tor, both running on the same system, you would use
+ something like:
You could just as well decide to only forward requests for Windows executables through
- a virus-scanning parent proxy, say, on You could just as well decide to only forward requests you suspect
+ of leading to Windows executables through a virus-scanning parent proxy,
+ say, on antivir.example.com, port 8010: Only use this option, if you are getting many forwarding related error messages,
+> Only use this option, if you are getting lots of forwarding-related error messages
that go away when you try again manually. Start with a small value and check Privoxy's
logfile from time to time, to see how many retries are usually needed.
Whether requests to Privoxy's CGI pages can be blocked or redirected.
+ 0 or 1
+ 0 Privoxy ignores block and redirect actions for its CGI pages.
+ By default Privoxy ignores block or redirect actions
+ for its CGI pages. Intercepting these requests can be useful in multi-user
+ setups to implement fine-grained access control, but it can also render the complete
+ web interface useless and make debugging problems painful if done without care.
+ Don't enable this option unless you're sure that you really need it.
+ allow-cgi-request-crunching 1
+ Enabling split-large-forms causes Privoxy
- to devide big forms into smaller ones to keep the URL length down.
+ to divide big forms into smaller ones to keep the URL length down.
It makes editing a lot less convenient and you can no longer
submit all changes at once, but at least it works around this
browser bug.
@@ -3451,6 +3602,163 @@ CLASS="APPLICATION"
> Number of seconds after which an open connection will no longer be reused.
+ Time in seconds.
+ None Connections are not reused.
+ This option has no effect if Privoxy
+ has been compiled without keep-alive support.
+ Note that reusing connections doesn't necessary cause speedups.
+ There are also a few privacy implications you should be aware of.
+ Outgoing connections are shared between clients (if there are more
+ than one) and closing the client that initiated the outgoing connection
+ does not affect the connection between Privoxy and the server unless
+ the client's request hasn't been completed yet. If the outgoing connection
+ is idle, it will not be closed until either Privoxy's
+ or the server's timeout is reached. While it's open, the server knows
+ that the system running Privoxy is still there.
+ keep-alive-timeout 300
+ Number of seconds after which a socket times out if
+ no data is received.
+ Time in seconds.
+ None A default value of 300 seconds is used.
+ For SOCKS requests the timeout currently doesn't start until
+ the SOCKS server accepted the request. This will be fixed in
+ the next release.
+ socket-timeout 300
+ forward / caching-proxy.example-isp.net:8000
- forward .example-isp.net .
forward / caching-proxy.isp.example.net:8000
+ forward .isp.example.net . forward-socks4a / socks-gw.example.com:1080 www-cache.example-isp.net:8080
+> forward-socks4a / socks-gw.example.com:1080 www-cache.isp.example.net:8080
forward .example.com .
The public Tor network can't be used to reach your local network,
- therefore it's a good idea to make some exceptions:
+> network can't be used to
+ reach your local network, if you need to access local servers you
+ therefore might want to make some exceptions:
forward-socks4 / 127.0.0.1:9050 .
forward-socks4a / 127.0.0.1:9050 . forward / .
- forward .isp-a.net host-a:8118
squid locally, then chain as
+> locally, then chaining as
browser -> squid -> privoxysquid.conf7.5.6. allow-cgi-request-crunching
7.5.6. split-large-forms
7.5.7. split-large-forms7.5.8. keep-alive-timeout
7.5.9. socket-timeout