1 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
\r
4 See copyright details at end of file
\r
6 After changing this file, please run it through "HTML Tidy"
\r
7 (from http://www.w3.org/People/Raggett/tidy/)
\r
8 It should have no warnings or errors.
\r
13 <title>Internet Junkbuster Technical Information</title>
\r
14 <meta name="description" content=
\r
15 "The manual page for the Internet Junkbuster, free software to removes banner ads, cookies, and other stuff you don't want from your web browser.">
\r
16 <meta name="keywords" content=
\r
17 "stop, junk, busters, junkbusters, junkbuster, mail, email, e-mail, direct, spam, privacy, sharing, names, renting, direct, marketing, database, databases, junk mail, lists, environment, consumer, sending, opt out ">
\r
18 <style type="text/css">
\r
20 h2 { text-align: Center; font-family: arial, helvetica, sans-serif }
\r
21 p.sans { font-family: arial, helvetica, sans-serif }
\r
22 b.dot { color: #FF0000 }
\r
23 b.eg { font-family: arial, helvetica, sans-serif }
\r
28 <body bgcolor="#f8f8f0" link="#000078" alink="#ff0022" vlink=
\r
30 <p class="sans"><a href="http://ijbswa.sourceforge.net/">
\r
31 Website</a> <b class="dot">·</b> <b>Manual</b> <b class=
\r
32 "dot">·</b> <a href="ijbfaq.html">FAQ</a> <b class=
\r
33 "dot">·</b> <a href="gpl.html">GPL</a></p>
\r
35 <h1 align="center"><a name="top_of_page"></a>Internet
\r
36 J<small>UNK<i style="color: #FF0000">BUSTER</i></small>
\r
37 Technical Information</h1>
\r
39 <p align="center" class="sans"><a href="#description">
\r
40 Options</a> <b class="dot">·</b> <a href="#show">
\r
41 Checking Options</a> <b class="dot">·</b> <a href=
\r
42 "#install">Installation</a> <b class="dot">·</b> <a
\r
43 href="#copyright">Copyright</a> <b class="dot">·</b> <a
\r
44 href="ijbfaq.html#top_of_page">(FAQ)</a></p>
\r
46 <h1>This document is out of date</h1>
\r
48 <p><b>Development of JunkBuster is ongoing and this document is
\r
49 no longer current. However, it may provide some assistance. If
\r
50 you have problems, please use the <a href=
\r
51 "http://groups.yahoo.com/group/junkbuster-users/">Yahoo Groups
\r
52 mailing list</a> (which includes an archive of mail), the
\r
53 SourceForge.net <a href=
\r
54 "http://sourceforge.net/projects/ijbswa/">project page</a>, or
\r
55 see the project's <a href="http://ijbswa.sourceforge.net/">home
\r
56 page</a>. Please also bear in mind that versions 2.9.x of
\r
57 JunkBuster are development releases, and are not production
\r
60 <h2><a name="man"></a>Manual Page</h2>
\r
62 <p>A copy of this page in standard <code>man</code> macro
\r
63 format is included in the <a href="ijbfaq.html#tar">tar
\r
66 <h3><a name="name"></a><img border="0" src="fb.gif" alt="*"
\r
67 width="14" height="14"> Name</h3>
\r
69 <p><b><code>junkbuster</code></b> - The Internet Junkbuster
\r
71 "http://www.junkbusters.com/ht/en/legal.html#marks"><small>
\r
72 <sup>TM</sup></small></a></p>
\r
74 <h3><a name="synopsis"></a><img border="0" src="fb.gif" alt="*"
\r
75 width="14" height="14"> Synopsis</h3>
\r
77 <p><code><b>junkbuster</b></code> <i>configfile</i> (Unix)<br>
\r
78 <b><code>junkbstr.exe</code></b> [<i>configfile</i>]
\r
81 <h3><a name="description"></a><img border="0" src="fb.gif" alt=
\r
82 "*" width="14" height="14"> Description</h3>
\r
84 <p><b><code>junkbuster</code></b> is an instrumentable proxy
\r
85 that filters the HTTP stream between web servers and browsers.
\r
86 Its main purposes are to block adverts and enhance privacy.</p>
\r
88 <p><a name="dual"></a>It is configured using a configuration
\r
89 file and several files listing URL patterns. The
\r
90 configuration file must be specified on the command line.
\r
91 The Windows version will default to using the configuration
\r
92 file <code>junkbstr.ini</code> if it exists and no argument was
\r
95 <p><a name="reread"></a>All files except the main configuration
\r
96 file are checked for changes before each page is fetched, so
\r
97 they may edited without restarting the proxy.</p>
\r
102 <dt><i><a name="o_b"></a></i><a name=
\r
103 "blockfile"></a><code>blockfile</code> <i>
\r
107 <p><a href="ijbfaq.html#blocking">Block</a> requests to
\r
108 URLs matching any pattern given in the lines of the <i>
\r
109 blockfile</i>. The <b><code>junkbuster</code></b> instead
\r
110 returns status 202, indicating that the request has been
\r
111 accepted (though not completed), and a <a href=
\r
112 "ijbfaq.html#show">message identifying itself</a> (though
\r
113 the browser may display only a broken image icon).
\r
114 The syntax of a pattern is <code>
\r
115 [domain][:port][/path]</code> (the <code>http://</code> or
\r
116 <code>https://</code> protocol part is omitted). To decide
\r
117 if a pattern matches a target, the domains are compared
\r
118 first, then the paths.</p>
\r
120 <p><a name="compare"></a>To compare the domains, the
\r
121 pattern domain and the target domain specified in the URL
\r
122 are each broken into their components. (Components are
\r
123 separated by the <code>.</code> (period) character.) Next
\r
124 each of the target components is compared with the
\r
125 corresponding pattern component: last with last,
\r
126 next-to-last with next-to-last, and so on. (This is called
\r
127 <i><dfn>right-anchored</dfn></i> matching.) If all of the
\r
128 pattern components find their match in the target, then the
\r
129 domains are considered a match. Case is irrelevant when
\r
130 comparing domain components.</p>
\r
132 <p><a name="substring"></a>A successfully matching pattern
\r
133 can be an anchored substring of a target, but not vice
\r
134 versa. Thus if a pattern doesn't specify a domain, it
\r
135 matches all domains. <a name="wildcard"></a>Furthermore,
\r
136 when comparing two components, the components must either
\r
137 match in their entirety or up to a wildcard <code>*</code>
\r
138 (star character) in the pattern. The wildcard feature
\r
139 implements only a "prefix" match capability ("abc*" vs.
\r
140 "abcdefg"), not suffix matching ("*efg" vs. "abcdefg") or
\r
141 infix matching ("abc*efg" vs. "abcdefg"). The feature is
\r
142 restricted to the domain component; it is unrelated to the
\r
143 optional regular expression feature in the path <a href=
\r
144 "#regex">(described below).</a></p>
\r
146 <p><a name="numeric"></a>If a numeric port is specified in
\r
147 the pattern domain, then the target port must match as
\r
148 well. The default port in a target is port 80.</p>
\r
150 <p><a name="onward"></a>If the domain and port match, then
\r
151 the target URL path is checked for a match against the path
\r
152 in the pattern. Paths are compared with a simple
\r
153 case-sensitive left-anchored substring comparison. Once
\r
154 again, the pattern can be an anchored substring of the
\r
155 target, but not vice versa. A path of <code>/</code>
\r
156 (slash) would match all paths. Wildcards are not considered
\r
157 in path comparisons.</p>
\r
159 <p><a name="example"></a>For example, the target URL<br>
\r
160 <code>
\r
161 the.yellow-brick-road.com/TinMan/has_no_brain</code><br>
\r
162 would be matched (and blocked) by the following
\r
164 <code>yellow-brick-road.com</code><br>
\r
166 <code>Yellow*.COM</code><br>
\r
168 <code>/TinM</code><br>
\r
170 <code>
\r
171 follow.the.yellow-brick-road.com</code><br>
\r
173 <code>/tinman</code><br>
\r
176 <p><a name="comments"></a>Comments in a blockfile start
\r
177 with a <code>#</code> (hash) character and end at a new
\r
178 line. Blank lines are also ignored.</p>
\r
180 <p><a name="except"></a>Lines beginning with a <code>
\r
181 ~</code> (tilde) character are taken to be <a href=
\r
182 "ijbfaq.html#exceptions">exceptions:</a> a URL blocked by
\r
183 previous patterns that matches the rest of the line is let
\r
184 through. (The last match wins.)</p>
\r
186 <p><a name="regex"></a>Patterns may contain POSIX <a href=
\r
187 "ijbfaq.html#regex">regular expressions</a> provided the
\r
188 <b><code>junkbuster</code></b> was compiled with this
\r
189 option (the default in Version 2.0 on). The idiom <code>
\r
190 /*.*/ad</code> can then be used to match any URL containing
\r
191 <code>/ad</code> (such as <code>
\r
192 http://nomatterwhere.com/images/advert/g3487.gif</code> for
\r
193 example). These expressions <a href="#substring">don't
\r
194 work</a> in the domain part.</p>
\r
196 <p><a name="rereads"></a>In version 1.3 and later the
\r
197 blockfile and cookiefile are checked for changes before
\r
201 <dt><i><a name="o_w"></a></i><a name=
\r
202 "wafer"></a><code>wafer</code> <i>
\r
203 NAME=VALUE</i></dt>
\r
206 <p>Specifies a pair to be sent as a cookie with every
\r
207 request <a href="ijbfaq.html#wafers">to the server.</a>
\r
208 (Such boring cookies are called <i>wafers</i>.) This option
\r
209 may be called more than once to generate multiple wafers.
\r
210 The original Netscape specification prohibited semi-colons,
\r
211 commas and white space; these characters will be
\r
212 URL-encoded if used in wafers.
\r
213 <!-- Aside: genuine cookies are not encoded -->
\r
214 <!-- Aside: we could use quoted string as specified in the new RFC -->
\r
215 The Path and Domain attributes are not currently
\r
219 <dt><i><a name="o_c"></a></i><a name=
\r
220 "cookiefile"></a><code>cookiefile</code> <i>
\r
221 cookiefile</i></dt>
\r
224 <p>Enforce the cookie management policy specified in the
\r
225 <i>cookiefile.</i> <a name="java"></a>If this option is not
\r
226 used all cookies are silently crunched, so that users who
\r
227 never want cookies aren't bothered by browsers asking
\r
228 whether each cookie should be accepted. However, cookies
\r
229 can <a href="ijbfaq.html#breakthrough">still get
\r
230 through</a> via <a href=
\r
231 "http://www.junkbusters.com/ht/en/links.html#javascript">
\r
232 JavaScript</a> and SSL, so alerts should be left on.</p>
\r
234 <p><a name="dropping"></a>In Version 1.2 and later this
\r
235 option must be followed by a <a href="ijbfaq.html#crumble">
\r
236 filename</a> containing instructions on which sites are
\r
237 allowed to receive and set cookies. <a name="drop"></a>By
\r
238 default cookies are dropped in both the browser's request
\r
239 and the server's response, unless the URL requested matches
\r
240 an entry in the <i>cookiefile</i>. The matching algorithm
\r
241 is the same as for the blockfile. A leading <code>
\r
242 ></code> character allows <a href=
\r
243 "ijbfaq.html#directional">server-bound</a> cookies only; a
\r
244 <code><</code> allows only browser-bound cookies; a
\r
245 <code>~</code> character stops cookies in <a href=
\r
246 "ijbfaq.html#crumble">both directions.</a> Thus a
\r
247 cookiefile containing a single line with the two characters
\r
248 <code>>*</code> will pass on all cookies to servers but
\r
249 not give any new ones to the browser.</p>
\r
252 <dt><i><a name="o_j"></a></i><a name=
\r
253 "jarfile"></a><code>jarfile</code> <i>
\r
257 <p>All Set-cookie attempts by the server are <a href=
\r
258 "ijbfaq.html#jar">logged</a> to <i>jarfile</i>. If no wafer
\r
259 is specified, one containing a <a href=
\r
260 "ijbfaq.html#notice">canned notice</a> (the <i>vanilla
\r
261 wafer</i>) is added as an alert to the server unless the <a
\r
262 href="#suppress-vanilla-wafer">suppress-vanilla-wafer</a>
\r
263 option is invoked.</p>
\r
266 <dt><i><a name="o_v"></a></i><a name=
\r
267 "suppress-vanilla-wafer"></a><code>suppress-vanilla-wafer</code></dt>
\r
270 <p>Suppress the vanilla wafer.</p>
\r
273 <dt><i><a name="o_t"></a></i><a name=
\r
274 "from"></a><code>from</code> <i>from</i></dt>
\r
277 <p>If the browser <a href="ijbfaq.html#from">discloses an
\r
278 email address</a> in the <code>FROM</code> header (most
\r
279 don't), replace it with <i>from.</i> If <i>from</i> is set
\r
280 to <b>.</b> (the period character) the <code>FROM</code> is
\r
281 passed to the server unchanged. The default is to delete
\r
282 the <code>FROM</code> header.</p>
\r
285 <dt><i><a name="o_r"></a></i><a name=
\r
286 "referer"></a><code>referer</code> <i>
\r
290 <p>Whenever the browser discloses the URL that <a href=
\r
291 "ijbfaq.html#referer">led to</a> the current request,
\r
292 replace it with <i>referer.</i> If <i>referer</i> is set to
\r
293 <b>.</b> (period) the URL is passed to the server
\r
294 unchanged. If referer is set to <b>@</b> (at) the URL is
\r
295 sent in cases where the cookiefile specifies that a cookie
\r
296 would be sent. (No way to send bogus referers selectively
\r
297 is provided.) The default is to delete Referer.</p>
\r
299 <p><a name="referrer"></a>Junkbuster also accepts the
\r
300 spelling <code>referrer</code>, which most dictionaries
\r
301 consider correct.</p>
\r
304 <dt><i><a name="o_u"></a></i><a name=
\r
305 "user-agent"></a><code>user-agent</code> <i>
\r
306 user-agent</i></dt>
\r
309 <p>Information disclosed by the browser <a href=
\r
310 "ijbfaq.html#agent">about itself</a> is replaced with the
\r
311 value <i>user-agent.</i> If <i>user-agent</i> is set to <b>
\r
312 .</b> (period) the <code>User-Agent</code> header is passed
\r
313 to the server unchanged, along with any <code>UA</code>
\r
314 headers produced by MS-IE (which would otherwise be
\r
315 deleted). If <i>user-agent</i> is set to <b>@</b> (at)
\r
316 these headers are sent unchanged in cases where the
\r
317 cookiefile specifies that a cookie would be sent, otherwise
\r
318 only default <code>User-Agent</code> header is sent. That
\r
319 default is Mozilla/3.0 (Netscape) with an unremarkable <a
\r
320 href="ijbfaq.html#infer">Macintosh</a> configuration. If
\r
321 used with a browser less advanced than Mozilla/3.0 or IE-3,
\r
322 the default may encourage pages containing extensions that
\r
323 confuse the browser.</p>
\r
326 <dt><a name="o_h"></a><a name=
\r
327 "listen-address"></a><code>listen-address</code>
\r
328 <i>[host][:port]</i></dt>
\r
331 <p>If <i>host</i> is specified, bind the <b><code>
\r
332 junkbuster</code></b> to that IP address. If a <i>port</i>
\r
333 is specified, use it. The default port is 8000; the default
\r
334 host is <code>localhost</code>.</p>
\r
336 <p>This default host setting means that you can only
\r
337 connect to the proxy from ther local computer. This is a
\r
338 security measure - if you allow anyone to use the proxy,
\r
339 then hackers or fraudsters could use it to help hide their
\r
340 identity. It also provides a lot of protection against any
\r
341 undiscovered security flaws in JunkBuster - if they can't
\r
342 connect to it, then they can't attack it.</p>
\r
344 <p>If you change this value, we recommend you <i>either</i>
\r
345 set the host to <code>localhost</code>:<br>
\r
346 <code>listen-address
\r
347 localhost:8080</code><br>
\r
348 <i>or</i>, if you want to share a single internet
\r
349 connection over your internal network, then set it to the
\r
350 address of your internal ethernet card:<br>
\r
351 <code>listen-address
\r
352 10.1.1.1:8080</code><br>
\r
353 (replace 10.1.1.1 with your internal IP address), <i>
\r
354 or</i> set up an <i><a href="#aclfile">aclfile</a></i>. To
\r
355 make the proxy accessible from everywhere (e.g. if you're
\r
356 using an access control list or if you just don't care
\r
357 about security), specify just the port number - e.g:<br>
\r
358 <code>listen-address :8000</code><br>
\r
359 (This binds the proxy to <b>all</b> IP addresses
\r
360 (<code>INADDR_ANY</code>)).</p>
\r
363 <dt><i><a name="o_f"></a></i><a name=
\r
364 "forwardfile"></a><code>forwardfile</code> <i>
\r
365 forwardfile</i></dt>
\r
368 <p>Junkbuster has a flexible syntax for forwarding HTTP
\r
369 requests. This is used e.g. if you are behind a firewall
\r
370 and need to connect through it, or if you want to use a
\r
371 cacheing proxy to speed up your web browsing.</p>
\r
373 <p>Every line in the forwardfile consists of four
\r
374 components, seperated by whitespace. These are:<br>
\r
376 <code><i>target forward_to via_gateway_type
\r
377 gateway</i></code></p>
\r
379 <p><i>target</i> is a pattern used to select which line of
\r
380 the forwardfile is used. "<code>*</code>" is the most
\r
381 commonly used value, and matches every URL. As usual, the
\r
382 last matching <i>target</i> wins. (If no pattern matches, a
\r
383 direct connection will be used)</p>
\r
385 <p><i>forward_to</i> specifies the HTTP proxy server to
\r
386 use, or "<code>.</code>" for none. This is used to connect
\r
387 to a cacheing proxy such as Squid, and for most types of
\r
388 firewall. The port number defaults to 8000 if it is not
\r
391 <p>Here is a typical line.</p>
\r
393 * lpwa.com:8000 . .
\r
396 <p>The target domain need not be a fully qualified
\r
397 hostname; it can be a general domain such as <code>
\r
398 com</code> or <code>co.uk</code> or even just a port
\r
399 number. <a name="nose"></a>For example, because <a href=
\r
400 "http://lpwa.com">LPWA</a> does not handle <a href=
\r
401 "ijbfaq.html#encrypt">SSL</a>, the line above will
\r
402 typically be followed by a line such as</p>
\r
407 <p>to allow SSL transactions to proceed directly. The
\r
408 cautious would also add an entry in their blockfile to stop
\r
409 transactions to port 443 for all but specified trusted
\r
412 <p><a name="loop"></a>Configure with care: no loop
\r
413 detection is performed. When setting up chains of proxies
\r
414 that might loop back, try adding <a href="#squid">
\r
417 <p><i>via_gateway_type</i> and <i>gateway</i> are used to
\r
418 support SOCKS proxies. Some firewalls provide this type of
\r
419 proxy. If you do not not want to use a SOCKS proxy, specify
\r
420 both of these fields as "<code>.</code>".</p>
\r
422 <p><a name="configure"></a><a name="identify"></a>Note that
\r
423 JunkBuster is a SOCKS <b>client</b>, <b>not</b> a SOCKS <b>
\r
424 server</b>. The user's browser should <b>not</b> be <a
\r
425 href="ijbfaq.html#socks">configured</a> to use <code>
\r
426 SOCKS</code>; the proxy conducts the negotiations, not the
\r
429 <p>The <code>SOCKS4</code> protocol may be specified by
\r
430 setting <i>via_gateway_type</i> to <code>socks</code> or
\r
431 <code>socks4</code>. The <code>SOCKS4A</code> protocol is
\r
432 specified as <code>socks4a</code>. The <code>SOCKS5</code>
\r
433 protocol is not currently supported.</p>
\r
435 <p><i>gateway</i> should be the host and port of the SOCKS
\r
436 server. If you just specify a hostname, then the port
\r
437 number defaults to 1080.</p>
\r
439 <p>The user identification capabilities of <code>
\r
440 SOCKS4</code> are deliberately not used; the user is always
\r
441 identified to the <code>SOCKS</code> server as <code>
\r
442 userid=anonymous</code>. If the server's policy is to
\r
443 reject requests from <code>anonymous</code>, the proxy will
\r
444 not work. Use a <a href="#o_d">debug</a> value of 3 to see
\r
445 the status returned by the server.</p>
\r
447 <p>If you specify both a HTTP proxy (with <i>
\r
448 forward_to</i>) and a SOCKS proxy (with <i>gateway</i>)
\r
449 then the SOCKS proxy is used to connect to the HTTP proxy.
\r
450 If you just specify a SOCKS proxy, it is used to connect
\r
451 directly to the websites.</p>
\r
454 <dt><i><a name="o_d"></a></i><a name=
\r
455 "debug"></a><code>debug</code> <i>N</i></dt>
\r
458 <p>Set debug mode. The most common value is 1, to <a href=
\r
459 "ijbfaq.html#pinpoint">pinpoint</a> offensive URLs, so they
\r
460 can be added to the blockfile. The value of <b>N</b> is a
\r
461 bitwise logical-OR of the following values:<br>
\r
462 1 = URLs (show each URL requested by the browser);<br>
\r
463 2 = Connections (show each connection to or from the
\r
465 4 = I/O (log I/O errors);<br>
\r
466 8 = Headers (as each header is scanned, show the header
\r
467 and what is done to it);<br>
\r
468 16 = Log everything (including debugging traces and the
\r
469 contents of the pages).<br>
\r
470 32 = Record accesses in Common Log Format, as used by most
\r
471 web and proxy servers.</p>
\r
473 <p><a name="or"></a>Multiple <code>debug</code> lines are
\r
474 permitted; they are logical OR-ed together.</p>
\r
476 <p><a name="single"></a>Because most browsers send several
\r
477 requests in parallel the debugging output may appear
\r
478 intermingled, so the <a href="#single-threaded">
\r
479 single-threaded</a> option is recommended when using <a
\r
480 href="#debug">debug</a> with <b>N</b> greater than 1.
\r
481 <!-- Aside: Yes, it's clumsy, but it's easy to parse. --></p>
\r
484 <dt><i><a name="o_y"></a></i><a name=
\r
485 "add-forwarded-header"></a><code>add-forwarded-header</code></dt>
\r
488 <p>Add <code>X-Forwarded-For</code> headers to the
\r
489 server-bound HTTP stream indicating the client IP address
\r
490 <a href="ijbfaq.html#detect">to the server,</a> in the new
\r
491 style of <a href="#squid">Squid 1.1.4.</a> If you want the
\r
492 traditional <code>HTTP_FORWARDED</code> response header,
\r
493 add it manually with the <a href="#o_x">-x</a> option. This
\r
494 also allows other <code>X-Forwarded-For</code> headers to
\r
495 be transmitted - usually they are discarded.</p>
\r
498 <dt><i><a name="o_x"></a></i><a name=
\r
499 "add-header"></a><code>add-header</code> <i>
\r
500 HeaderText</i></dt>
\r
503 <p>Add the <i>HeaderText</i> verbatim to requests to the
\r
504 server. Typical uses include adding old-style forwarding
\r
505 notices such as <code>Forwarded: by
\r
506 http://pro-privacy-isp.net</code> and reinstating the
\r
507 <code>Proxy-Connection: Keep-Alive</code> header (which the
\r
508 <b><code>junkbuster</code></b> deletes so as <a href=
\r
509 "ijbfaq.html#detect">not</a> to reveal its existence). No
\r
510 checking is done for correctness or plausibility, so it can
\r
511 be used to throw any old trash into the server-bound HTTP
\r
512 stream. Please don't litter.
\r
513 <!-- Aside: this represents "more than enough rope" --></p>
\r
516 <dt><i><a name="o_s"></a></i><a name=
\r
517 "single-threaded"></a><code>single-threaded</code></dt>
\r
520 <p>Doesn't <code>fork()</code> a separate process (or
\r
521 create a separate thread) to handle each connection. Useful
\r
522 when debugging to keep the process single threaded.</p>
\r
525 <dt><i><a name="o_l"></a></i><a name=
\r
526 "logfile"></a><code>logfile</code> <i>
\r
530 <p>Write all debugging data into <i>logfile.</i> The
\r
531 default <i>logfile</i> is the standard output.</p>
\r
535 <a name="aclfile"></a><code>aclfile</code> <i>
\r
539 <p>Unless this option is used, the proxy talks to anyone
\r
540 who can connect to it, and everyone who can has equal
\r
541 permissions on where they can go. An access file allows
\r
542 restrictions to be placed on these two policies, by
\r
543 distinguishing some <i><dfn>source</dfn></i> IP addresses
\r
544 and/or some <i><dfn>destination</dfn></i> addresses. (If a
\r
545 <a href="#forwardfile">forwarder or a gateway</a> is being
\r
546 used, its address is considered the destination address,
\r
547 not the ultimate IP address of the URL requested.)</p>
\r
549 <p><a name="permit"></a>Each line of the access file begins
\r
550 with either the word <code>permit</code> or <code>
\r
551 deny</code> followed by source and (optionally) destination
\r
552 addresses to be matched against those of the HTTP request.
\r
553 The last matching line specifies the result: if it was a
\r
554 <code>deny</code> line or if no line matched, the request
\r
555 will be refused.</p>
\r
557 <p><a name="various"></a>A source or destination can be
\r
558 specified as a single numeric IP address, or with a
\r
559 hostname, provided that the host's name can be resolved to
\r
560 a numeric address: this cannot be used to block all <code>
\r
561 .mil</code> domains for example, because there is no single
\r
562 address associated with that domain name. Either form may
\r
563 be followed by a slash and an integer <code>N</code>,
\r
564 specifying a subnet mask of <code>N</code> bits. For
\r
565 example, <code>permit 207.153.200.72/24</code> matches the
\r
566 entire Class-C subnet from 207.153.200.0 through
\r
567 207.153.200.255. (A netmask of 255.255.255.0 corresponds to
\r
568 24 bits of ones in the netmask, as with <code>
\r
569 *_MASKLEN=24</code>.) A value of 16 would be used for a
\r
570 Class-B subnet. A value of zero for <code>N</code> in the
\r
571 subnet mask length will cause any address to match; this
\r
572 can be used to express a default rule. For more information
\r
573 see the example file provided with the distribution.</p>
\r
575 <p><a name="false"></a>If you like these access controls
\r
576 you should probably have <a href="ijbfaq.html#firewall">
\r
577 firewall</a>; they are not intended to replace one.</p>
\r
581 <a name="trustfile"></a><code>trustfile</code>
\r
582 <i>trustfile</i></dt>
\r
585 <p>This feature is experimental, has not been fully
\r
586 documented and is very subject to change. The goal is for
\r
587 parents to be able to choose a page or site whose links
\r
588 they regard suitable for their <a href=
\r
589 "ijbfaq.html#children">young children</a> and for the proxy
\r
590 to allow access only to sites mentioned there. To do this
\r
591 the proxy examines the <a href="#o_r">referer</a> variable
\r
592 on each page request to check they resulted from a click on
\r
593 the ``trusted referer'' site: if so the referred site is
\r
594 added to a list of trusted sites, so that the child can
\r
595 then move around that site. There are several uncertainties
\r
596 in this scheme that experience may be able to iron out;
\r
597 check back in the months ahead.</p>
\r
601 <a name="trust_info_url">
\r
602 </a><code>trust_info_url</code> <i>
\r
603 trust_info_url</i></dt>
\r
606 <p>When access is denied due to lack of a trusted referer,
\r
607 this URL is displayed with a message pointing the user to
\r
608 it for further information.</p>
\r
612 <a name="hide-console"></a><code>hide-console</code></dt>
\r
615 <p>In the Windows command-line version only, instructs the
\r
616 program to disconnect from and hide the command console
\r
617 after starting.</p>
\r
621 <h3><a name="install"></a><img border="0" src="fb.gif" alt="*"
\r
622 width="14" height="14"> Installation and Use</h3>
\r
624 <p>Browsers must be told where to find the <b><code>
\r
625 junkbuster</code></b> (e.g. <code>localhost</code> port 8000).
\r
626 To set the HTTP proxy in Netscape 3.0, go through: <b class=
\r
627 "eg">Options</b>; <b class="eg">Network Preferences</b>; <b
\r
628 class="eg">Proxies</b>; <b class="eg">Manual Proxy
\r
629 Configuration</b>; <b class="eg">View</b>. See the <a href=
\r
630 "ijbfaq.html">FAQ</a> for other browsers. The <a href=
\r
631 "ijbfaq.html#security">Security Proxy</a> should also be set to
\r
632 the same values, otherwise <code>shttp:</code> URLs won't
\r
635 <p><a name="limitations"></a>Note the limitations explained in
\r
636 the <a href="ijbfaq.html">FAQ</a>.</p>
\r
638 <h3><a name="show"></a><img border="0" src="fb.gif" alt="*"
\r
639 width="14" height="14"> Checking Options</h3>
\r
641 <p>To allow users to <a href="ijbfaq.html#show">check</a> that
\r
642 a <b><code>junkbuster</code></b> is running and how it is
\r
643 configured, it intercepts requests for any URL ending in <code>
\r
644 /show-proxy-args</code> and blocks it, returning instead
\r
645 returns information on its version number and current
\r
646 configuration including the contents of its blockfile. To get
\r
647 an explicit warning that no <b><code>junkbuster</code></b>
\r
648 intervened if the proxy was not configured, it's best to point
\r
649 it to a URL that does this, such as <a href=
\r
650 "http://internet.junkbuster.com/cgi-bin/show-proxy-args">
\r
651 http://internet.junkbuster.com/cgi-bin/show-proxy-args</a> on
\r
652 Junkbusters's website.</p>
\r
654 <h3><a name="also"></a><img border="0" src="fb.gif" alt="*"
\r
655 width="14" height="14"> See Also</h3>
\r
657 <p><a href="ijbfaq.html">
\r
658 http://www.junkbusters.com/ht/en/ijbfaq.html</a><br>
\r
659 <a href="http://www.junkbusters.com/ht/en/cookies.html">
\r
660 http://www.junkbusters.com/ht/en/cookies.html</a><br>
\r
662 "http://internet.junkbuster.com/cgi-bin/show-proxy-args">
\r
663 http://internet.junkbuster.com/cgi-bin/show-proxy-args</a><br>
\r
664 <a name="kristol"></a><a href=
\r
665 "http://www.cis.ohio-state.edu/htbin/rfc/rfc2109.html">http://www.cis.ohio-state.edu/htbin/rfc/rfc2109.html</a><br>
\r
667 <a name="squid"></a><a href=
\r
668 "http://squid.nlanr.net/Squid/">http://squid.nlanr.net/Squid/</a><br>
\r
670 <a href="http://www-math.uni-paderborn.de/~axel/">
\r
671 http://www-math.uni-paderborn.de/~axel/</a></p>
\r
673 <h3><a name="copyright"></a><img border="0" src="fb.gif" alt=
\r
674 "*" width="14" height="14"> Copyright and GPL</h3>
\r
676 <p>Written and copyright by the Anonymous Coders and
\r
677 Junkbusters Corporation and made available under the <a href=
\r
678 "gpl.html">GNU General Public License (GPL).</a> This software
\r
679 comes with <a href="gpl.html#nowarr">NO WARRANTY.</a> Internet
\r
680 Junkbuster Proxy is a <a href=
\r
681 "http://www.junkbusters.com/ht/en/legal.html#marks">
\r
682 trademark</a> of Junkbusters Corporation.</p>
\r
684 <p align="center"><a href="#top_of_page"><img border="0" src=
\r
685 "top.gif" alt="--- Back to Top of Page ---" width="250" height=
\r
688 <p class="sans"><a href="http://ijbswa.sourceforge.net/">
\r
689 Website</a> <b class="dot">·</b> <b>Manual</b> <b class=
\r
690 "dot">·</b> <a href="ijbfaq.html">FAQ</a> <b class=
\r
691 "dot">·</b> <a href="gpl.html">GPL</a></p>
\r
693 <p class="sans"><small><small><a href="gpl.html#text">
\r
694 Copyright</a> © 1996-8 <a href=
\r
695 "http://www.junkbusters.com/">Junkbusters</a> <a href=
\r
696 "http://www.junkbusters.com/ht/en/legal.html#marks">®</a>
\r
697 Corporation. <a href="gpl.html#text">Copyright</a> © 2001
\r
698 <a href="http://sourceforge.net/projects/ijbswa/">Jon
\r
699 Foster</a>. Copying and distribution permitted under the <a
\r
700 href="gpl.html">GNU</a> General Public
\r
701 License.</small></small></p>
\r
703 <p><small><code><a href=
\r
704 "http://sourceforge.net/projects/ijbswa/">
\r
705 http://sourceforge.net/projects/ijbswa/</a></code></small></p>
\r
projects / privoxy.git / blob