generated

[privoxy.git] / default.action

######################################################################
# 
#  File        :  $Source: /cvsroot/ijbswa/current/default.action,v $
# 
#  $Id: default.action,v 1.27 2002/05/03 04:18:49 morcego Exp $
#
#  Purpose     :  Default actions file, see
#                 http://www.privoxy.org/faq/questions.html#CONFIGFILES
#
#  Copyright   :  Written by and Copyright
#                 Privoxy team. http://www.privoxy.org/
#
#                 Based on the Internet Junkbuster originally written
#                 by and Copyright (C) 1997 Anonymous Coders and
#                 Junkbusters Corporation.  http://www.junkbusters.com
# 
# We value your feedback. However, to provide you with the best support,
# please note:
#  
#  * Use the support forum to get help:
#    http://sourceforge.net/tracker/?group_id=11118&atid=211118
#  * Submit feedback for this actions file only through our
#    actions file feedback script: http://www.privoxy.org/actions
#  * Submit bugs only through our bug forum:
#    http://sourceforge.net/tracker/?group_id=11118&atid=111118 
#    Make sure that the bug has not already been submitted. Please try
#    to verify that it is a Privoxy bug, and not a browser or site
#    bug first. If you are using your own custom configuration, please
#    try the stock configs to see if the problem is a configuration
#    related bug. And if not using the latest development snapshot,
#    please try the latest one. Or even better, CVS sources.
#  * Submit feature requests only through our feature request forum:
#    http://sourceforge.net/tracker/?atid=361118&group_id=11118&func=browse
#      
# For any other issues, feel free to use the mailing lists:
# http://sourceforge.net/mail/?group_id=11118
#    
# Anyone interested in actively participating in development and related
# discussions can join the appropriate mailing list here:
# http://sourceforge.net/mail/?group_id=11118. Archives are available
# here too.
# 
#############################################################################
# Syntax
#############################################################################
# 
# To determine which actions apply to a request, the URL of the request is
# compared to all patterns in this file. Every time it matches, the list of
# applicable actions for this URL is incrementally updated. You can trace
# this process by visiting http://i.j.b/show-url-info
#
# There are 4 types of lines in this file: comments (like this line),
# actions, aliases and patterns, all of which are explained below.
#
#############################################################################
# Pattern Syntax
#############################################################################
# 
# 1. On Domains and Paths
# -----------------------
#
# Generally, a pattern has the form <domain>/<path>, where both the <domain>
# and <path> part are optional. If you only specify a domain part, the "/"
# can be left out:
# 
# www.example.com 
#   is a domain-only pattern and will match any request to www.yahoo.com
# 
# www.example.com/
#   means exactly the same (but is slightly less efficient)
# 
# www.example.com/index.html
#   matches only the document /index.html on www.example.com
# 
# /index.html
#   matches the document /index.html, regardless of the domain
# 
# index.html
#   matches nothing, since it would be interpreted as a domain name and
#   there is no top-level domain called ".html".
# 
# 2. Domain Syntax
# ----------------
# 
# The matching of the domain part offers some flexible options: If the
# domain starts or ends with a dot, it becomes unanchored at that end:
# 
# www.example.com
#   matches only www.example.com
# 
# .example.com
#   matches any domain that ENDS in .example.com
# 
# www.
#   matches any domain that STARTS with www.
# 
# Additionally, there are wildcards that you can use in the domain names
# themselves. They work pretty similar to shell wildcards: "*" stands for
# zero or more arbitrary characters, "?" stands for one, and you can define
# charachter classes in square brackets and they can be freely mixed:
# 
# ad*.example.com
#   matches adserver.example.com, ads.example.com, etc but not sfads.example.com
# 
# *ad*.example.com
#   matches all of the above
# 
# .?pix.com
#   matches www.ipix.com, pictures.epix.com, a.b.c.d.e.upix.com etc
# 
# www[1-9a-ez].example.com
#   matches www1.example.com, www4.example.com, wwwd.example.com, 
#   wwwz.example.com etc, but not wwww.example.com
# 
# You get the idea?
# 
# 2. Path Syntax
# --------------
# 
# Paths are specified as regular expressions. A comprehensive discussion of
# regular expressions wouldn't fit here, but (FIXME) someone should paste
# a concise intro to the regex language here.
# 
# If Privoxy was compiled with pcre support (default), Perl compatible
# regular expressions are used. See the pcre/docs/ direcory or man perlre
# (also available on http://www.perldoc.com/perl5.6/pod/perlre.html) for
# details.
# 
# Please note that matching in the path is CASE INSENSITIVE by default, but
# you can switch to case sensitive by starting the pattern with the "(?-i)"
# switch:
# 
# www.example.com/(?-i)PaTtErN.*
#   will match only documents whose path starts with PaTtErN in exactly this
#   capitalization.
#
# Partially case-sensetive and partially case-insensitive patterns are
# possible, but the rules about splitting them up are extremely complex
# - see the PCRE documentation for more information.
# 
#############################################################################
# Action Syntax
#############################################################################
#
# There are 3 kinds of action:
#
# Boolean (e.g. "block"):
#   +name  # enable
#   -name  # disable
#
# Parameterized (e.g. "hide-user-agent"):
#   +name{param}  # enable and set parameter to "param"
#   -name         # disable
#
# Multi-value (e.g. "add-header", "send-wafer"):
#   +name{param}  # enable and add parameter "param"
#   -name{param}  # remove the parameter "param"
#   -name         # disable totally
#
# The default (if you don't specify anything in this file) is not to take
# any actions - i.e completely disabled, so Privoxy will just be a
# normal, non-blocking, non-anonymizing proxy.  You must specifically
# enable the privacy and blocking features you need (although the 
# provided default actions file will do that for you).
#
# Later actions always override earlier ones.  For multi-valued actions,
# the actions are applied in the order they are specified.
#
#############################################################################
# Valid actions are:
#############################################################################
#
# +add-header{Name: value}
#    Adds the specified HTTP header, which is not checked for validity.
#    You may specify this many times to specify many headers.
#
# +block
#    Block this URL
#
# +deanimate-gifs{last}
# +deanimate-gifs{first}
#    Deanimate all animated GIF images, i.e. reduce them to their last
#    frame. This will also shrink the images considerably. (In bytes,
#    not pixels!) 
#    If the option "first" is given, the first frame of the animation
#    is used as the replacement. If "last" is given, the last frame of
#    the animation is used instead, which propably makes more sense for
#    most banner animations, but also has the risk of not showing the
#    entire last frame (if it is only a delta to an earlier frame).
#
# +downgrade-http-version
#    Downgrade HTTP/1.1 client requests to HTTP/1.0 and downgrade the
#    responses as well. Use this action for servers that use HTTP/1.1
#    protocol features that Privoxy currently can't handle yet.
#
# +fast-redirects
#    Many sites, like yahoo.com, don't just link to other sites.
#    Instead, they will link to some script on their own server,
#    giving the destination as a parameter, which will then redirect
#    you to the final target. 
#
#    URLs resulting from this scheme typically look like:
#    http://some.place/some_script?http://some.where-else
#
#    Sometimes, there are even multiple consecutive redirects encoded
#    in the URL. These redirections via scripts make your web browing
#    more traceable, since the server from which you follow such a link
#    can see where you go to. Apart from that, valuable bandwidth and
#    time is wasted, while your browser aks the server for one redirect
#    after the other. Plus, it feeds the advertisers.
#
#    The +fast-redirects option enables interception of these requests
#    by Privoxy, who will cut off all but the last valid URL in the
#    request and send a local redirect back to your browser without
#    contacting the intermediate sites.
#
# +filter{name}
#    Filter the website through one or more regular expression filters.
#    Repeat for multiple filters.
#   
#    Filters predefined in the supplied re_filterfile include:
#
#     html-annoyances:  Get rid of particularly annoying HTML abuse
#     js-annoyances:    Get rid of particularly annoying JavaScript abuse
#     content-cookies:  Kill cookies that come in the HTML or JS content
#     popups:           Kill all popups in JS and HTML
#     frameset-borders: Give frames a border
#     webbugs:          Squish WebBugs (1x1 invisible GIFs used for user tracking)
#     refresh-tags:     Kill automatic refresh tags (for dial-on-demand setups)
#     fun:              Text replacements  for subversive browsing fun!
#     nimda:            Remove Nimda (virus) code.
#     banners-by-size:  Kill banners by size (very efficient!)
#     shockwave-flash:  Kill embedded Shockwave Flash objects
#     crude-parental:   Kill all web pages that contain the words "sex" or "warez"
#
#
# +hide-forwarded-for-headers
#    Block any existing X-Forwarded-for header, and do not add a new one.
#
# +hide-from-header{block}
# +hide-from-header{spam@sittingduck.xqq}
#    If the browser sends a "From:" header containing your e-mail address, 
#    either completely removes the header ("block"), or change it to the
#    specified e-mail address.
#
# +hide-referer{block}
# +hide-referer{forge}
# +hide-referer{http://nowhere.com}
#    Don't send the "Referer:" (sic) header to the web site.  You can
#    block it, forge a URL to the same server as the request (which is
#    preferred because some sites will not send images otherwise) or
#    set it to a constant string.
#
# +hide-referrer{...}
#    Alternative spelling of +hide-referer.  Has the same parameters,
#    and can be freely mixed with, "+hide-referer".  ("referrer" is the 
#    correct English spelling, however the HTTP specification has a 
#    bug - it requires it to be spelt "referer").
#
# +hide-user-agent{browser-type}
#    Change the "User-Agent:" header so web servers can't tell your
#    browser type.  (Breaks many web sites).  Specify the user-agent
#    value you want - e.g., to pretend to be using Netscape on Linux:
#      +hide-user-agent{Mozilla (X11; I; Linux 2.0.32 i586)}
#    Or to identify yourself explicitly as a Privoxy user:
#      +hide-user-agent{Privoxy/1.0}
#    (Don't change the version number from 1.0 - after all, why tell them?)
#
# +handle-as-image
#    Treat this URL as an image.  This only matters if it's also "+block"ed,
#    in which case a "blocked" image can be sent rather than a HTML page.
#    See +set-image-blocker{} for the control over what is actually sent.
#
# +set-image-blocker{blank}
# +set-image-blocker{pattern}
# +set-image-blocker{<URL>} with <url> being any valid image URL
#    Decides what to do with URLs that end up tagged with {+block +handle-as-image}.
#    There are 4 options:
#      * "-set-image-blocker" will send a HTML "blocked" page, usually
#         resulting in a "broken image" icon.
#      * "+set-image-blocker{blank}" will send a 1x1 transparent image
#      * "+set-image-blocker{pattern}" will send a 4x4 grey/white pattern
#        which is less intrusive than the logo but easier to recognize
#        than the transparent one.
#      * "+set-image-blocker{<URL>}" will send a HTTP temporary redirect
#        to the specified image URL.
#
#
# +limit-connect{portlist}
#   The CONNECT methods exists in HTTP to allow access to secure websites
#   (https:// URLs) through proxies. It works very simply: The proxy
#   connects to the server on the specified port, and then short-circuits
#   its connections to the cliant and to the remote proxy.
#   This can be a big security hole, since CONNECT-enabled proxies can
#   be abused as TCP relays very easily.
#   By default, i.e. in the absence of a +limit-connect action, Privoxy
#   will only allow CONNECT requests to port 443, which is the standard port
#   for https.
#   If you want to allow CONNECT for more ports than that, or want to forbid
#   CONNECT altogether, you can specify a comma separated list of ports and port
#   ranges (the latter using dashes, with the minimum defaulting to 0 and max to 65K):
#
#   +limit-connect{443} # This is the default and need no be specified.
#   +limit-connect{80,443} # Ports 80 and 443 are OK.
#   +limit-connect{-3, 7, 20-100, 500-} # Port less than 3, 7, 20 to 100, and above 500 are OK.
#
# +prevent-compression
#    Prevent the website from compressing the data. Some websites do
#    that, which is a problem for Privoxy, since +filter, +kill-popups
#    and +gif-deanimate will not work on compressed data. Will slow down
#    connections to those websites, though.
#
# +prevent-keeping-cookies
# +session-cookies-only
#    If the website sets cookies, make sure they are erased when you exit
#    and restart your web browser.  This makes profiling cookies useless,
#    but won't break sites which require cookies so that you can log in
#    or for transactions.
#
# +crunch-outgoing-cookies
#    Prevent the website from reading cookies
#
# +crunch-incoming-cookies
#    Prevent the website from setting cookies
#
# +kill-popups
#    Filter the website through a built-in filter to disable
#    1;''.concat() etc.  The two alternative spellings are
#    equivalent.
#
# +send-vanilla-wafer
#    This action only applies if you are using a jarfile.  It sends a
#    cookie to every site stating that you do not accept any copyright
#    on cookies sent to you, and asking them not to track you.  Of
#    course, this is a (relatively) unique header they could use to 
#    track you.
#
# +send-wafer{name=value}
#    This allows you to add an arbitrary cookie.  Specify it multiple
#    times in order to add several cookies.
#
#############################################################################

#############################################################################
# Settings -- Don't change.
#############################################################################
{{settings}}
#############################################################################
for-privoxy-version=3.0

#############################################################################
# Aliases
#############################################################################
{{alias}}
#############################################################################
#
# You can define a short form for a list of permissions - e.g., instead
# of "-crunch-incoming-cookies -crunch-outgoing-cookies -filter -fast-redirects",
# you can just write "shop". This is called an alias.
#
# Currently, an alias can contain any character except space, tab, '=', '{'
# or '}'.
# But please use only 'a'-'z', '0'-'9', '+', and '-'.
#
# Alias names are not case sensitive.
#
# Aliases beginning with '+' or '-' may be used for system permission names 
# in future releases - so try to avoid alias names like this.  (e.g. 
# "+crunch-all-cookies" below is not a good name)
#
# Aliases must be defined before they are used.
# 

# Useful aliases
+crunch-all-cookies = +crunch-incoming-cookies +crunch-outgoing-cookies
-crunch-all-cookies = -crunch-incoming-cookies -crunch-outgoing-cookies
+imageblock      = +block +handle-as-image

# Fragile sites should have the minimum changes
fragile     = -block -deanimate-gifs -fast-redirects -filter -hide-referer -crunch-all-cookies -kill-popups

# Shops should be allowed to set persistent cookies
shop        = -filter -crunch-all-cookies -prevent-keeping-cookies

# Your favourite blend of filters:
#
myfilters   = +filter{html-annoyances} +filter{js-annoyances} +filter{popups}\
              +filter{webbugs} +filter{nimda} +filter{banners-by-size} #+filter{fun}
#... etc.  Customize to your heart's content.
#############################################################################
# Defaults
#############################################################################
{-add-header \
 -block \
 -crunch-incoming-cookies \
 -crunch-outgoing-cookies \
 +deanimate-gifs{last} \
 -downgrade-http-version \
 -fast-redirects \
 -filter{popups} \
 -filter{fun} \
 -filter{shockwave-flash} \
 -filter{crude-prental} \
 +filter{html-annoyances} \
 +filter{js-annoyances} \
 +filter{content-cookies} \
 +filter{webbugs} \
 +filter{refresh-tags} \
 +filter{nimda} \
 +filter{banners-by-size} \
 -handle-as-image \
 +hide-forwarded-for-headers \
 +hide-from-header{block} \
 +hide-referer{forge} \
 -hide-user-agent \
 -kill-popups \
 -limit-connect \
 +prevent-compression \
 -send-vanilla-wafer \
 -send-wafer \
 +session-cookies-only \
 +set-image-blocker{pattern} \
}
/ # Match all URLs


#############################################################################
# Needed for automatic feedback evaluation; Please don't delete!
#############################################################################
{+add-header{X-Actions-File-Version: 1.2} -filter -kill-popups}
.privoxy.org
.oesterhelt.org/actions


#############################################################################
# These sites are very complex and require
# minimal interference.
#############################################################################
{fragile}
.office.microsoft.com
.windowsupdate.microsoft.com

#############################################################################
# Shopping sites - still want to block ads.
#############################################################################
{shop}
.quietpc.com
.worldpay.com   # for quietpc.com
.jungle.com
.scan.co.uk

#############################################################################
# These shops require pop-ups
#############################################################################
{shop -no-popups -filter{popups}}
.dabs.com
.overclockers.co.uk

#############################################################################
# Sometimes fast-redirects catches things by mistake
#############################################################################
{-fast-redirects}
www.ukc.ac.uk/cgi-bin/wac\.cgi\?
login.yahoo.com
edit.europe.yahoo.com
.google.com
.altavista.com/.*(like|url|link):http
.altavista.com/trans.*urltext=http
.speedfind.de
.nytimes.com

#############################################################################
# Don't filter code!
#############################################################################
{-filter}
.cvs.sourceforge.net

#############################################################################
# These are images:
#############################################################################
{+handle-as-image}
#############################################################################
/.*\.(gif|jpe?g|png|bmp|ico)$

#############################################################################
{+imageblock}
#############################################################################
#BLOCK-REFERRER: http://www.cnn.com/
#BLOCK-REFERRER: http://www.aol.com/
ar.atwola.com 

#BLOCK-REFERRER: http://www.altavista.com/
.ad.doubleclick.net

.a.yimg.com/(?:(?!/i/).)*$
.a[0-9].yimg.com/(?:(?!/i/).)*$

#BLOCK-REFERRER: 
bs*.gsanet.com
bs*.einets.com

#BLOCK-REFERRER: Opera browser built-in
.qkimg.net

#BLOCK-REFERRER: http://www.tecchannel.de/index.html
#BLOCK-REFERRER: and thousands more
ad.*.doubleclick.net

#############################################################################
# Blocklist:
#############################################################################
{+block}
#############################################################################
#BLOCK-GENERIC:
ad*.
.*ads.
banner?.
count*.

/(?:.*/)?(ads(erver?|tream)?|.*?ads|adv(ert(s|enties|is(ing|e?ments)?)?)?|(ad)?[-_]?banner(s|ads?|farm)?)/
/.*count(er)?\.(pl|cgi|exe|dll|asp|php[34]?)
/(?:.*/)?(publicite|werbung|rekla(ma|me|am)|annonse|maino(kset|nta|s)?)/

#BLOCK-REFERRER: http://www.brooksbrothers.com
#BLOCK-REFERRER: http://www.autodesk.com
.hitbox.com 

#############################################################################
{-block}
#############################################################################
include.ebay.com
advogato.org
adsl.
ad[ud]*.
advice.
.edu
.ac.uk
.uni-*.de
www.ugu.com/sui/ugu/adv
.*downloads.
# So many download pages being blocked
/downloads/
# adv for globalintersec means advanced, not advertisement
www.globalintersec.com/adv
# We all want weather forecast to work
banners.wunderground.com/banner/gizmotemp/