X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=doc%2Fwebserver%2Fuser-manual%2Fconfig.html;h=e0566ac5931f2ae31f0886f9f93d8c3cfa75302f;hb=12c8dc0f934964557294fcee2ea4b5444754e032;hp=a26665553c0f7ca9e2626101008ffaa8bf1bd851;hpb=6be4997a13c22c081656b1d3960e2e2ee4fac60f;p=privoxy.git diff --git a/doc/webserver/user-manual/config.html b/doc/webserver/user-manual/config.html index a2666555..e0566ac5 100644 --- a/doc/webserver/user-manual/config.html +++ b/doc/webserver/user-manual/config.html @@ -4,7 +4,7 @@ The Main Configuration File - + @@ -15,7 +15,7 @@
- + @@ -689,7 +689,9 @@

If the address for the hostname isn't already known on the system (for example because it's in /etc/hostname), this may result in DNS traffic.

If the specified address isn't available on the system, or if the hostname can't be resolved, - Privoxy will fail to start.

+ Privoxy will fail to start. On GNU/Linux, and other platforms that can + listen on not yet assigned IP addresses, Privoxy will start and will listen on the specified address + whenever the IP address is assigned to the system

IPv6 addresses containing colons have to be quoted by brackets. They can only be used if Privoxy has been compiled with IPv6 support. If you aren't sure if your version supports it, have a look at http://config.privoxy.org/show-status.

@@ -1154,6 +1156,8 @@

The "trusted-cgi-referer" option can be used to add that page, or the whole domain, as trusted source so the resulting requests aren't rejected. Requests are accepted if the specified trusted-cgi-refer is the prefix of the Referer.

+

If the trusted source is supposed to access the CGI pages via JavaScript the cors-allowed-origin option can be used.

Privoxy 3.0.27 User ManualPrivoxy 3.0.29 User Manual
Prev
@@ -1171,6 +1175,55 @@ +
+

7.4.11. cors-allowed-origin

+
+
+
Specifies:
+
+

A trusted website which can access Privoxy's CGI pages through + JavaScript.

+
+
Type of value:
+
+

URL

+
+
Default value:
+
+

Unset

+
+
Effect if unset:
+
+

No external sites get access via cross-origin resource sharing.

+
+
Notes:
+
+

Modern browsers by default prevent cross-origin requests made via JavaScript to Privoxy's CGI interface even if Privoxy would trust + the referer because it's white listed via the trusted-cgi-referer directive.

+

Cross-origin + resource sharing (CORS) is a mechanism to allow cross-origin requests.

+

The "cors-allowed-origin" option can be used to specify a domain that is + allowed to make requests to Privoxy CGI interface via JavaScript. It is used in combination with the + trusted-cgi-referer directive.

+
+
+ + + + + + +
Warning
+

Declaring domains the admin doesn't control trustworthy may allow malicious third parties to + modify Privoxy's internal state against the user's wishes and without the user's knowledge.

+
+
+ + + +

7.5. Forwarding

@@ -1279,7 +1332,8 @@
Type of value:
-

target_pattern target_pattern [user:pass@]socks_proxy[:port] http_parent[:port]

where target_pattern is a http_parent may be "." to denote "no HTTP forwarding"), and the optional port - parameters are TCP ports, i.e. integer values from 1 to 65535

+ parameters are TCP ports, i.e. integer values from 1 to 65535. user + and pass can be used for SOCKS5 authentication if required.

Default value:
@@ -1329,8 +1384,8 @@ @@ -1343,6 +1398,14 @@
- 
-                    forward-socks4a   /              socks-gw.example.com:1080  www-cache.isp.example.net:8080
+                    
  forward-socks4a   /              socks-gw.example.com:1080  www-cache.isp.example.net:8080
   forward           .example.com   .
+

To connect SOCKS5 proxy which requires username/password authentication:

+ + + + +
+ 
  forward-socks5   /               user:pass@socks-gw.example.com:1080  .
+

To chain Privoxy and Tor, both running on the same system, you would use something like:

@@ -2179,7 +2242,7 @@ 
    # Define a couple of tags, the described effect requires action sections
     # that are enabled based on CLIENT-TAG patterns.
     client-specific-tag circumvent-blocks Overrule blocks but do not affect other actions
-    disable-content-filters Disable content-filters but do not affect other actions
+ client-specific-tag disable-content-filters Disable content-filters but do not affect other actions
@@ -2343,7 +2406,220 @@
-

7.7. Windows GUI Options

+

7.7. TLS/SSL

+
+

7.7.1. ca-directory

+
+
+
Specifies:
+
+

Directory with the CA key, the CA certificate and the trusted CAs file.

+
+
Type of value:
+
+

Text

+
+
Default value:
+
+

Empty string

+
+
Effect if unset:
+
+

Default value is used.

+
+
Notes:
+
+

This directive specifies the directory where the CA key, the CA certificate and the trusted CAs file + are located.

+

The permissions should only let Privoxy and the Privoxy admin access the directory.

+
+
Examples:
+
+

ca-directory /usr/local/etc/privoxy/CA

+
+
+
+
+
+

7.7.2. ca-cert-file

+
+
+
Specifies:
+
+

The CA certificate file in ".crt" format.

+
+
Type of value:
+
+

Text

+
+
Default value:
+
+

cacert.crt

+
+
Effect if unset:
+
+

Default value is used.

+
+
Notes:
+
+

This directive specifies the name of the CA certificate file in ".crt" format.

+

The file is used by Privoxy to generate website certificates when + https inspection is enabled with the https-inspection action.

+

Privoxy clients should import the certificate so that they can + validate the generated certificates.

+

The file can be generated with: openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out + cacert.crt -days 3650

+
+
Examples:
+
+

ca-cert-file root.crt

+
+
+
+
+
+

7.7.3. ca-key-file

+
+
+
Specifies:
+
+

The CA key file in ".pem" format.

+
+
Type of value:
+
+

Text

+
+
Default value:
+
+

cacert.pem

+
+
Effect if unset:
+
+

Default value is used.

+
+
Notes:
+
+

This directive specifies the name of the CA key file in ".pem" format. See the ca-cert-file for a command to generate it.

+
+
Examples:
+
+

ca-key-file cakey.pem

+
+
+
+
+
+

7.7.4. ca-password

+
+
+
Specifies:
+
+

The password for the CA keyfile.

+
+
Type of value:
+
+

Text

+
+
Default value:
+
+

Empty string

+
+
Effect if unset:
+
+

Default value is used.

+
+
Notes:
+
+

This directive specifies the password for the CA keyfile that is used when Privoxy generates + certificates for intercepted requests.

+

Note that the password is shown on the CGI page so don't reuse an important one.

+
+
Examples:
+
+

ca-password blafasel

+
+
+
+
+
+

7.7.5. + certificate-directory

+
+
+
Specifies:
+
+

Directory to safe generated keys and certificates.

+
+
Type of value:
+
+

Text

+
+
Default value:
+
+

./certs

+
+
Effect if unset:
+
+

Default value is used.

+
+
Notes:
+
+

This directive specifies the directory where generated TLS/SSL keys and certificates are saved when + https inspection is enabled with the https-inspection action.

+

The keys and certificates currently have to be deleted manually when changing the ca-cert-file and the ca-cert-key.

+

The permissions should only let Privoxy and the Privoxy admin access the directory.

+
+
Examples:
+
+

certificate-directory /usr/local/var/privoxy/certs

+
+
+
+
+
+

7.7.6. trusted-cas-file

+
+
+
Specifies:
+
+

The trusted CAs file in ".pem" format.

+
+
Type of value:
+
+

File name relative to ca-directory

+
+
Default value:
+
+

trustedCAs.pem

+
+
Effect if unset:
+
+

Default value is used.

+
+
Notes:
+
+

This directive specifies the trusted CAs file that is used when validating certificates for + intercepted TLS/SSL requests.

+

An example file can be downloaded from https://curl.haxx.se/ca/cacert.pem.

+
+
Examples:
+
+

trusted-cas-file trusted_cas_file.pem

+
+
+
+
+
+
+

7.8. Windows GUI Options

Privoxy has a number of options specific to the Windows GUI interface:

If "activity-animation" is set to 1, the Privoxy