1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
8 CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
10 TITLE="Privoxy Frequently Asked Questions"
11 HREF="index.html"><LINK
14 HREF="installation.html"><LINK
17 HREF="misc.html"><LINK
20 HREF="../p_doc.css"></HEAD
31 SUMMARY="Header navigation table"
40 >Privoxy Frequently Asked Questions</TH
48 HREF="installation.html"
85 >3.1. What exactly is an <SPAN
94 > utilizes the concept of <SPAN
97 HREF="../user-manual/actions-file.html#ACTIONS"
102 that are used to manipulate and control web page data.
104 HREF="../user-manual/actions-file.html"
109 HREF="../user-manual/actions-file.html#ACTIONS"
116 > could take while processing a certain
117 request, are configured. Typically, you would define a set of default actions
118 that apply globally to all URLs, then add exceptions to these defaults where needed.
119 There is a wide array of actions available that give the user a high degree
120 of control and flexibility on how to process each and every web page.</P
122 > Actions can be defined on a <A
123 HREF="../user-manual/actions-file.html#AF-PATTERNS"
127 for single URLs, whole web sites, groups or parts thereof etc. Actions can also be
128 grouped together and then applied to requests matching one or more patterns.
129 There are many possible actions that might apply to any given site. As an example,
130 if you are blocking <A
131 HREF="http://en.wikipedia.org/wiki/Browser_cookie"
135 as one of your default actions, but need to accept cookies from a given site,
136 you would need to define an exception for this site in one of your actions
137 files, preferably in <TT
151 > concept confuses me. Please list
158 > For a comprehensive discussion of the actions concept, please refer
160 HREF="../user-manual/actions-file.html"
165 HREF="../user-manual/index.html"
170 HREF="../user-manual/actions-file.html#ACTIONS"
172 >list of all actions</A
175 HREF="../user-manual/actions-file.html#ACT-EXAMPLES"
179 > to get you started.</P
187 >3.3. How are actions files configured? What is the easiest
191 > Actions files are just text files in a special syntax and can be edited
192 with a text editor. But probably the easiest way is to access
196 >'s user interface with your web browser
198 HREF="http://config.privoxy.org/"
200 >http://config.privoxy.org/</A
210 HREF="http://config.privoxy.org/show-status"
213 change the current configuration</A
215 > from the menu. Note
216 that this feature must be explicitly enabled in the main config file
218 HREF="../user-manual/config.html#ENABLE-EDIT-ACTIONS"
220 >enable-edit-actions</A
229 >3.4. There are several different <SPAN
236 > Three actions files
237 are being included by the developers, to be used for
238 different purposes: These are
246 which is actively maintained by the <SPAN
250 developers and typically sets the default policies, <TT
253 >, where users are encouraged
254 to make their private customizations, and <TT
258 which is for internal <SPAN
263 HREF="../user-manual/actions-file.html"
265 >the actions chapter</A
268 HREF="../user-manual/index.html"
272 detailed explanation.</P
274 > Earlier versions included three different versions of the
278 > file. The new scheme allows for
279 greater flexibility of local configuration, and for browser based
280 selection of pre-defined <SPAN
282 >"aggressiveness"</SPAN
291 >3.5. Where can I get updated Actions Files?</A
294 > Based on your feedback and the continuing development, updates of
299 made available from time to time on the <A
300 HREF="http://sourceforge.net/project/showfiles.php?group_id=11118"
305 HREF="http://sf.net/projects/ijbswa/"
311 > If you wish to receive an email notification whenever we release updates of
315 > or the actions file, <A
316 HREF="http://lists.sourceforge.net/lists/listinfo/ijbswa-announce/"
319 to our announce mailing list</A
320 >, ijbswa-announce@lists.sourceforge.net.
329 >3.6. Can I use my old config files?</A
332 > The syntax and purpose of configuration files has remained roughly the
333 same throughout the 3.x series, but backwards compatibility is not guaranteed.
334 Also each release contains updated, <SPAN
338 therefore strongly recommended to use the newer configuration files.
347 >3.7. Why is the configuration so complicated?</A
353 > is in the eye of the beholder. Those that are
354 familiar with some of the underlying concepts, such as regular expression
355 syntax, take to it like a fish takes to water. Also, software that tries
358 >"user friendly"</SPAN
359 >, often lacks sophistication and
360 flexibility. There is always that trade-off there between power vs.
361 easy-of-use. Furthermore, anyone is welcome to contribute ideas and
362 implementations to enhance <SPAN
374 >3.8. How can I make my Yahoo/Hotmail/Gmail account work?</A
377 > The default configuration shouldn't impact the usability of any of these services.
378 It may, however, make all <A
379 HREF="http://en.wikipedia.org/wiki/Browser_cookie"
383 temporary, so that your browser will forget your
384 login credentials in between browser sessions. If you would like not to have to log
385 in manually each time you access those websites, simply turn off all cookie handling
389 > file. An example for yahoo might
401 ># Allow all cookies for Yahoo login:
404 HREF="../user-manual/actions-file.html#CRUNCH-INCOMING-COOKIES"
406 >crunch-incoming-cookies</A
408 HREF="../user-manual/actions-file.html#CRUNCH-OUTGOING-COOKIES"
410 >crunch-outgoing-cookies</A
412 HREF="../user-manual/actions-file.html#SESSION-COOKIES-ONLY"
414 >session-cookies-only</A
416 .login.yahoo.com</PRE
423 > These kinds of sites are often quite complex and heavy with
425 HREF="http://en.wikipedia.org/wiki/Javascript"
440 HREF="../user-manual/actions-file.html#ALIASES"
455 ># Gmail is a _fragile_ site:
469 > Be sure to flush your browser's caches whenever making these kinds of
470 changes, just to make sure the changes <SPAN
476 > Make sure the domain, host and path are appropriate as well. Your browser can
477 tell you where you are specifically and you should use that information for
478 your configuration settings. Note that above it is not referenced as
482 >, which is a valid domain name.
491 >3.9. What's the difference between the
507 > is not entirely trivial. To
508 help you get started, we provide you with three different default action
512 > in the web based actions file editor at <A
513 HREF="http://config.privoxy.org/show-status"
515 >http://config.privoxy.org/show-status</A
518 HREF="../user-manual/actions-file.html"
525 > for a list of actions, and how the default
529 > Where the defaults are likely to break some sites, exceptions for
533 > sites are included, but in
534 general, the more aggressive your default settings are, the more exceptions
535 you will have to make later. New users are best to start off in
539 > setting. This is safest and will have the fewest
541 HREF="../user-manual/index.html"
548 for a more detailed discussion.</P
550 > It should be noted that the <SPAN
553 > profile (formerly known
556 >"Adventuresome"</SPAN
558 aggressive, and will make use of some of
562 > advanced features. Use at your own risk!</P
570 >3.10. Why can I change the configuration
571 with a browser? Does that not raise security issues?</A
574 > It may seem strange that regular users can edit the config files with their
575 browsers, although the whole <TT
579 belongs to the user <SPAN
582 >, with only 644 permissions.
585 > When you use the browser-based editor, <SPAN
589 itself is writing to the config files. Because
593 > is running as the user <SPAN
597 it can update its own config files.
603 > for multiple untrusted users (e.g. in
604 a LAN), you will probably want to make sure that the the web-based
605 editor and remote toggle features are <SPAN
613 HREF="../user-manual/config.html#ENABLE-EDIT-ACTIONS"
615 >enable-edit-actions</A
624 HREF="../user-manual/config.html#ENABLE-REMOTE-TOGGLE"
626 >enable-remote-toggle</A
631 HREF="../user-manual/config.html"
633 >main configuration file</A
637 > Note that in the default configuration, only local users (i.e. those on
641 >) can connect to <SPAN
645 so this is (normally) not a security problem.
654 >3.11. What is the <TT
657 > file? What is a <SPAN
664 HREF="../user-manual/filter-file.html"
677 > as supplied by the developers are defined.
678 Filters are a special subset of actions that can be used to modify or
679 remove, web page content on the fly. Filters apply to <SPAN
686 in the page source (and optionally both client and server headers), including
687 HTML tags, and JavaScript. Regular expressions are used to accomplish this.
688 There are a number of pre-defined filters to deal with common annoyances. The
689 filters are only defined here, to invoke them, you need to use the
691 HREF="../user-manual/actions-file.html#FILTER"
698 > in one of the actions files. Filtering is automatically
699 disabled for inappropriate MIME types. Filters should
706 > be confused with <A
707 HREF="../user-manual/actions-file.html#BLOCK"
714 is a completely different action, and is more typically used to block ads and
717 > If you are familiar with regular expressions, and HTML, you can look at
721 > with a text editor and define
722 your own filters. This is potentially a very powerful feature, but
723 requires some expertise in both regular expressions and HTML/HTTP.
725 place any modifications to the default filters, or any new ones you create
726 in a separate file, such as <TT
730 be overwritten during upgrades.
731 The ability to define multiple filter files
735 > is a new feature as of v. 3.0.5.</P
737 > There is no GUI editor option for this part of the configuration,
738 but you can disable/enable the various pre-defined filters of the included
743 HREF="http://config.privoxy.org/show-status"
745 >web-based actions file editor</A
748 that the custom actions editor must be explicitly enabled in the main config file
750 HREF="../user-manual/config.html#ENABLE-EDIT-ACTIONS"
752 >enable-edit-actions</A
761 >3.12. How can I set up Privoxy to act as a proxy for my
768 > only responds to requests
772 > (localhost). To have it act as a server for
773 a network, this needs to be changed in the <A
774 HREF="../user-manual/config.html"
776 >main configuration file</A
781 HREF="../user-manual/config.html#LISTEN-ADDRESS"
786 option, which may be commented out with a <SPAN
790 it is uncommented, and assign it the address of the LAN gateway interface,
791 and port number to use. Assuming your LAN address is 192.168.1.1 and you
795 > on port 8118, this line
806 > listen-address 192.168.1.1:8118</PRE
812 > Save the file, and restart <SPAN
816 all browsers on the network then to use this address and port number.</P
818 > Alternately, you can have <SPAN
822 all available interfaces:</P
832 > listen-address :8118</PRE
843 HREF="../user-manual/config.html#PERMIT-ACCESS"
847 feature to limit connections. A firewall in this situation is recommended
850 > The above steps should be the same for any TCP network, regardless of
856 > on a LAN with untrusted users,
857 we recommend that you double-check the <A
858 HREF="../user-manual/config.html#ACCESS-CONTROL"
860 >access control and security</A
870 >3.13. Instead of ads, now I get a checkerboard pattern. I don't want to see anything.</A
873 > The replacement for blocked images can be controlled with the <A
874 HREF="../user-manual/actions-file.html#SET-IMAGE-BLOCKER"
878 >set-image-blocker</TT
881 >. You have the choice of a checkerboard pattern, a transparent 1x1 GIF
885 >), or a redirect to a custom image of your choice.
886 Note that this choice only has effect for images which are blocked as images, i.e.
887 whose URLs match both a <TT
890 HREF="../user-manual/actions-file.html#HANDLE-AS-IMAGE"
904 HREF="../user-manual/actions-file.html#BLOCK"
910 > If you want to see nothing, then change the <A
911 HREF="../user-manual/actions-file.html#SET-IMAGE-BLOCKER"
915 >set-image-blocker</TT
921 >. This can be done by editing the
925 > file, or through the <A
926 HREF="http://config.privoxy.org/show-status"
928 >web-based actions file editor</A
937 >3.14. Why would anybody want to see a checkerboard pattern?</A
941 HREF="general.html#WHATSANAD"
942 >telling which image is an ad and which
944 >, is an educated guess. While we hope that the standard configuration
945 is rather smart, it will make occasional mistakes. The checkerboard image is visually
946 decent, and it shows you where images have been blocked, which can be very
947 helpful in case some navigation aid or otherwise innocent image was
948 erroneously blocked. It is recommended for new users so they can
952 > what is happening. Some people might also enjoy seeing how
953 many banners they <SPAN
967 >3.15. I see some images being replaced with text
968 instead of the checkerboard image. Why and how do I get rid of this?</A
971 > This happens when the banners are not embedded in the HTML code of the
972 page itself, but in separate HTML (sub)documents that are loaded into (i)frames
973 or (i)layers, and these external HTML documents are blocked. Being non-images
974 they get replaced by a substitute HTML page rather than a substitute image,
975 which wouldn't work out technically, since the browser expects and accepts
976 only HTML when it has requested an HTML document. </P
978 > The substitute page adapts to the available space and shows itself as a
979 miniature two-liner if loaded into small frames, or full-blown with a
980 large red "BLOCKED" banner if space allows.</P
982 > If you prefer the banners to be blocked by images, you must see to it that
983 the HTML documents in which they are embedded are not blocked. Clicking
987 > link offered in the substitute page will show
988 you which rule blocked the page. After changing the rule and un-blocking
989 the HTML documents, the browser will try to load the actual banner images
990 and the usual image blocking will (hopefully!) kick in.</P
998 >3.16. Can Privoxy run as a service
1002 > Yes. Version 3.0.5 introduces full <SPAN
1006 functionality. See <A
1007 HREF="../user-manual/installation.html#installation-pack-win"
1013 > for details on how to install and configure
1019 > Earlier 3.x versions could run as a system service using <B
1023 See the discussion at <A
1024 HREF="http://sourceforge.net/tracker/?func=detail&atid=361118&aid=485617&group_id=11118"
1026 >http://sourceforge.net/tracker/?func=detail&atid=361118&aid=485617&group_id=11118</A
1028 for details, and a sample configuration.</P
1036 >3.17. How can I make Privoxy work with other
1037 proxies like Squid or Tor?</A
1040 > This can be done and is often useful to combine the benefits of
1044 > with those of a another proxy.
1046 HREF="../user-manual/config.html#FORWARDING"
1048 >forwarding chapter</A
1051 HREF="../user-manual/index.html"
1055 describes how to do this, and the <A
1056 HREF="misc.html#TOR"
1057 > How do I use Privoxy together with
1067 >3.18. Can I just set Privoxy to use port 80
1068 and thus avoid individual browser configuration?</A
1071 > No, its more complicated than that. This only works with special kinds
1072 of proxies known as <SPAN
1074 >"intercepting"</SPAN
1075 > proxies (see below).</P
1083 >3.19. Can Privoxy run as a <SPAN
1085 >"transparent"</SPAN
1089 > The whole idea of Privoxy is to modify client requests
1090 and server responses in all sorts of ways and therefore
1091 it's not a transparent proxy as described in
1093 HREF="http://tools.ietf.org/html/rfc2616"
1098 > However, some people say <SPAN
1100 >"transparent proxy"</SPAN
1104 >"intercepting proxy"</SPAN
1105 >. If you are one of them,
1107 HREF="#intercepting"
1118 >3.20. Can Privoxy run as a <SPAN
1120 >"intercepting"</SPAN
1127 > can't intercept traffic itself,
1128 but it can handle requests that where intercepted and redirected
1129 with a packet filter (like <SPAN
1136 >), as long as the <TT
1146 > header is required by HTTP/1.1 and as most
1147 web sites don't work if it isn't set, this limitation shouldn't be a
1150 > Please refer to your packet filter's documentation to learn how to
1151 intercept and redirect traffic into <SPAN
1154 >. Afterward you just have
1160 HREF="../user-manual/config.html#ACCEPT-INTERCEPTED-REQUESTS"
1162 >accept intercepted requests</A
1171 >3.21. How can I configure Privoxy for use with Outlook
1177 >Outlook Express</SPAN
1180 >Internet Explorer</SPAN
1182 components to both render HTML, and fetch any HTTP requests that may be embedded in an HTML email.
1183 So however you have <SPAN
1186 > configured to work
1187 with IE, this configuration should automatically be shared.</P
1195 >3.22. How can I have separate rules just for HTML mail?</A
1198 > The short answer is, you can't. <SPAN
1202 of knowing which particular application makes a request, so there is no way to
1203 distinguish between web pages and HTML mail.
1207 > just blindly proxies all requests. In the
1210 >Outlook Express</SPAN
1211 > (see above), OE uses
1212 IE anyway, and there is no way for <SPAN
1216 be able to distinguish between them (nor could any other proxy type application for
1219 > For a good discussion of some of the issues involved (including privacy and
1220 security issues), see
1222 HREF="http://sourceforge.net/tracker/?func=detail&atid=211118&aid=629518&group_id=11118"
1224 >http://sourceforge.net/tracker/?func=detail&atid=211118&aid=629518&group_id=11118</A
1232 NAME="SNEAKY-COOKIES"
1233 >3.23. I sometimes notice cookies sneaking through. How?</A
1237 HREF="http://en.wikipedia.org/wiki/Browser_cookie"
1241 set in several ways. The classic method is via the
1245 > HTTP header. This is straightforward, and an
1246 easy one to manipulate, such as the <SPAN
1251 HREF="../user-manual/actions-file.html#SESSION-COOKIES-ONLY"
1253 >session-cookies-only</A
1255 There is also the possibility of using
1257 HREF="http://en.wikipedia.org/wiki/Javascript"
1266 >content-cookies</TT
1268 is trickier because the syntax can vary widely, and thus requires a certain
1269 amount of guesswork. It is not realistic to catch all of these short of
1270 disabling Javascript, which would break many sites. And lastly, if the
1271 cookies are embedded in a HTTPS/SSL secure session via Javascript, they are beyond
1280 > can help manage cookies in general, can help minimize
1281 the loss of privacy posed by cookies, but can't realistically stop all
1290 >3.24. Are all cookies bad? Why?</A
1293 > No, in fact there are many beneficial uses of
1295 HREF="http://en.wikipedia.org/wiki/Browser_cookie"
1298 >. Cookies are just a
1299 method that browsers can use to store data between pages, or between browser
1300 sessions. Sometimes there is a good reason for this, and the user's life is a
1301 bit easier as a result. But there is a long history of some websites taking
1302 advantage of this layer of trust, and using the data they glean from you and
1303 your browsing habits for their own purposes, and maybe to your potential
1304 detriment. Such sites are using you and storing their data on your system.
1305 That is why the privacy conscious watch from whom those cookies come, and why
1316 HREF="http://en.wikipedia.org/wiki/Browser_cookie"
1327 NAME="ALLOW-COOKIES"
1328 >3.25. How can I allow permanent cookies for my trusted sites?</A
1331 > There are several actions that relate to cookies. The default behavior is to
1334 >"session cookies"</SPAN
1335 >, which means the cookies only last
1336 for the current browser session. This eliminates most kinds of abuse related
1337 to cookies. But there may be cases where you want cookies to last.</P
1339 > To disable all cookie actions, so that cookies are allowed unrestricted,
1340 both in and out, for <TT
1353 > { -crunch-incoming-cookies -crunch-outgoing-cookies -session-cookies-only -filter{content-cookies} }
1360 > Place the above in <TT
1363 >. Note that some of these may
1364 be off by default anyway, so this might be redundant, but there is no harm
1365 being explicit in what you want to happen. <TT
1369 includes an alias for this situation, called
1372 >allow-all-cookies</TT
1381 >3.26. Can I have separate configurations for different users?</A
1384 > Each instance of <SPAN
1388 configuration, including such attributes as the TCP port that it listens on.
1389 What you can do is run multiple instances of <SPAN
1395 HREF="../user-manual/config.html#LISTEN-ADDRESS"
1399 configuration setting, and configuration path, and then
1400 each of these can have their own configurations. Think of it as per-port
1404 Simple enough for a few users, but for large installations, consider having
1405 groups of users that might share like configurations.</P
1413 >3.27. Can I set-up Privoxy as a whitelist of
1420 > Sure. There are a couple of things you can do for simple white-listing.
1421 Here's one real easy one:</P
1430 > ############################################################
1432 ############################################################
1434 HREF="../user-manual/actions-file.html#BLOCK"
1438 / # Block *all* URLs
1440 ############################################################
1442 ############################################################
1444 HREF="../user-manual/actions-file.html#BLOCK"
1450 games.example.com</PRE
1455 > This allows access to only those three sites by first blocking all URLs, and
1456 then subsequently allowing three specific exceptions.</P
1458 > A more interesting approach is <SPAN
1465 > concept, which incorporates the notion of
1468 >"trusted referrers"</SPAN
1470 HREF="../user-manual/config.html#TRUSTFILE"
1472 >User Manual Trust</A
1476 > These are fairly simple approaches and are not completely foolproof. There
1477 are various other configuration options that should be disabled (described
1478 elsewhere here and in <A
1479 HREF="../user-manual/"
1483 so that users can't modify their own configuration and easily circumvent the
1492 >3.28. How can I turn off ad-blocking?</A
1495 > Ad blocking is achieved through a complex application of various <SPAN
1500 HREF="../user-manual/actions-file.html"
1504 actions are deployed against simple images, banners, flash animations,
1505 text pages, JavaScript, pop-ups and pop-unders, etc., so its not as simple as
1506 just turning one or two actions off. The various actions that make up
1510 > ad blocking are hard-coded into the default configuration files. It
1511 has been assumed that everyone using <SPAN
1514 > is interested in this
1518 > If you want to do without this, there are several approaches you can take:
1519 You can manually undo the many block rules in
1523 >. Or even easier, just create your own
1527 > file from scratch without the many ad
1528 blocking rules, and corresponding exceptions. Or lastly, if you are not
1529 concerned about the additional blocks that are done for privacy reasons, you
1530 can very easily over-ride <SPAN
1537 following very simple rule in your <TT
1551 > # Unblock everybody, everywhere
1553 HREF="../user-manual/actions-file.html#BLOCK"
1557 / # UN-Block *all* URLs</PRE
1564 Or even a more comprehensive reversing of various ad related actions:</P
1574 > # Unblock everybody, everywhere, and turn off appropriate filtering, etc
1576 HREF="../user-manual/actions-file.html#BLOCK"
1581 HREF="../user-manual/actions-file.html#FILTER-BANNERS-BY-SIZE"
1583 >-filter{banners-by-size}</A
1586 HREF="../user-manual/actions-file.html#FILTER-BANNERS-BY-LINK"
1588 >-filter{banners-by-link}</A
1595 / # UN-Block *all* URLs and allow ads</PRE
1604 > in this compound statement,
1609 HREF="../user-manual/actions-file.html#ALIASES"
1613 various pop-up blocking features.</P
1621 >3.29. How can I have custom template pages, like the
1637 > are specialized text files utilized by
1641 > for various purposes and can easily be modified using any text
1642 editor. All the template pages are installed in a sub-directory appropriately
1646 >. Knowing something about HTML syntax
1647 will of course be helpful. Be forewarned that the default templates are
1648 subject to being overwritten during upgrades. You can, however, create
1649 completely new templates by specifying an alternate path for them in the main
1654 HREF="../user-manual/config.html#templdir"
1665 >3.30. How can I remove the <SPAN
1667 >"Go There Anyway"</SPAN
1678 > There is more than one way to do it.</P
1680 > Editing the BLOCKED template page (see above) may dissuade some users, but
1681 this method is easily circumvented. Where you need this level of control, you
1685 > from source, and enable various features that are
1686 available as compile-time options. You should
1690 > the sources as follows:</P
1700 > ./configure --disable-toggle --disable-editor --disable-force</PRE
1706 > This will create an executable with hard-coded security features so that
1710 > does not allow easy bypassing of blocked sites, or changing the
1711 current configuration via any connected user's web browser.</P
1713 > Note that all of these features can also be toggled on/off via options in
1718 HREF="../user-manual/config.html#ACCESS-CONTROL"
1722 means you don't have to recompile anything.</P
1730 SUMMARY="Footer navigation table"
1741 HREF="installation.html"
projects / privoxy.git / blob