X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=doc%2Fwebserver%2Fuser-manual%2Fconfig.html;h=e0566ac5931f2ae31f0886f9f93d8c3cfa75302f;hb=12c8dc0f934964557294fcee2ea4b5444754e032;hp=a26665553c0f7ca9e2626101008ffaa8bf1bd851;hpb=6be4997a13c22c081656b1d3960e2e2ee4fac60f;p=privoxy.git diff --git a/doc/webserver/user-manual/config.html b/doc/webserver/user-manual/config.html index a2666555..e0566ac5 100644 --- a/doc/webserver/user-manual/config.html +++ b/doc/webserver/user-manual/config.html @@ -4,7 +4,7 @@
Privoxy 3.0.27 User Manual | +Privoxy 3.0.29 User Manual | ||||
---|---|---|---|---|---|
Prev | @@ -689,7 +689,9 @@
Warning | +
+ Declaring domains the admin doesn't control trustworthy may allow malicious third parties to + modify Privoxy's internal state against the user's wishes and without the user's knowledge. + |
+
target_pattern target_pattern [user:pass@]socks_proxy[:port] http_parent[:port]
where target_pattern is a http_parent may be "." to denote "no HTTP forwarding"), and the optional port - parameters are TCP ports, i.e. integer values from 1 to 65535
+ parameters are TCP ports, i.e. integer values from 1 to 65535. user + and pass can be used for SOCKS5 authentication if required.
- - forward-socks4a / socks-gw.example.com:1080 www-cache.isp.example.net:8080 +forward-socks4a / socks-gw.example.com:1080 www-cache.isp.example.net:8080 forward .example.com . |
To connect SOCKS5 proxy which requires username/password authentication:
+
+ forward-socks5 / user:pass@socks-gw.example.com:1080 .+ |
+
To chain Privoxy and Tor, both running on the same system, you would use something like:
Directory with the CA key, the CA certificate and the trusted CAs file.
+Text
+Empty string
+Default value is used.
+This directive specifies the directory where the CA key, the CA certificate and the trusted CAs file + are located.
+The permissions should only let Privoxy and the Privoxy admin access the directory.
+ca-directory /usr/local/etc/privoxy/CA
+The CA certificate file in ".crt" format.
+Text
+cacert.crt
+Default value is used.
+This directive specifies the name of the CA certificate file in ".crt" format.
+The file is used by Privoxy to generate website certificates when + https inspection is enabled with the https-inspection action.
+Privoxy clients should import the certificate so that they can + validate the generated certificates.
+The file can be generated with: openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out + cacert.crt -days 3650
+ca-cert-file root.crt
+The CA key file in ".pem" format.
+Text
+cacert.pem
+Default value is used.
+This directive specifies the name of the CA key file in ".pem" format. See the ca-cert-file for a command to generate it.
+ca-key-file cakey.pem
+The password for the CA keyfile.
+Text
+Empty string
+Default value is used.
+This directive specifies the password for the CA keyfile that is used when Privoxy generates + certificates for intercepted requests.
+Note that the password is shown on the CGI page so don't reuse an important one.
+ca-password blafasel
+Directory to safe generated keys and certificates.
+Text
+./certs
+Default value is used.
+This directive specifies the directory where generated TLS/SSL keys and certificates are saved when + https inspection is enabled with the https-inspection action.
+The keys and certificates currently have to be deleted manually when changing the ca-cert-file and the ca-cert-key.
+The permissions should only let Privoxy and the Privoxy admin access the directory.
+certificate-directory /usr/local/var/privoxy/certs
+The trusted CAs file in ".pem" format.
+File name relative to ca-directory
+trustedCAs.pem
+Default value is used.
+This directive specifies the trusted CAs file that is used when validating certificates for + intercepted TLS/SSL requests.
+An example file can be downloaded from https://curl.haxx.se/ca/cacert.pem.
+trusted-cas-file trusted_cas_file.pem
+Privoxy has a number of options specific to the Windows GUI interface:
If "activity-animation" is set to 1, the Privoxy