1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01
2 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
6 The Main Configuration File
8 <meta name="GENERATOR" content=
9 "Modular DocBook HTML Stylesheet Version 1.79">
10 <link rel="HOME" title="Privoxy 3.0.25 User Manual" href="index.html">
11 <link rel="PREVIOUS" title="Privoxy Configuration" href=
13 <link rel="NEXT" title="Actions Files" href="actions-file.html">
14 <link rel="STYLESHEET" type="text/css" href="../p_doc.css">
15 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
16 <link rel="STYLESHEET" type="text/css" href="p_doc.css">
18 <body class="SECT1" bgcolor="#EEEEEE" text="#000000" link="#0000FF" vlink=
19 "#840084" alink="#0000FF">
20 <div class="NAVHEADER">
21 <table summary="Header navigation table" width="100%" border="0"
22 cellpadding="0" cellspacing="0">
24 <th colspan="3" align="center">
25 Privoxy 3.0.25 User Manual
29 <td width="10%" align="left" valign="bottom">
30 <a href="configuration.html" accesskey="P">Prev</a>
32 <td width="80%" align="center" valign="bottom">
34 <td width="10%" align="right" valign="bottom">
35 <a href="actions-file.html" accesskey="N">Next</a>
39 <hr align="LEFT" width="100%">
43 <a name="CONFIG">7. The Main Configuration File</a>
46 By default, the main configuration file is named <tt class=
47 "FILENAME">config</tt>, with the exception of Windows, where it is
48 named <tt class="FILENAME">config.txt</tt>. Configuration lines
49 consist of an initial keyword followed by a list of values, all
50 separated by whitespace (any number of spaces or tabs). For example:
54 <p class="LITERALLAYOUT">
55 <tt class="LITERAL"> <span class="emphasis"><i class=
56 "EMPHASIS">confdir /etc/privoxy</i></span></tt>
60 Assigns the value <tt class="LITERAL">/etc/privoxy</tt> to the option
61 <tt class="LITERAL">confdir</tt> and thus indicates that the
62 configuration directory is named <span class=
63 "QUOTE">"/etc/privoxy/"</span>.
66 All options in the config file except for <tt class=
67 "LITERAL">confdir</tt> and <tt class="LITERAL">logdir</tt> are
68 optional. Watch out in the below description for what happens if you
72 The main config file controls all aspects of <span class=
73 "APPLICATION">Privoxy</span>'s operation that are not location
74 dependent (i.e. they apply universally, no matter where you may be
75 surfing). Like the filter and action files, the config file is a
76 plain text file and can be modified with a text editor like emacs,
81 <a name="LOCAL-SET-UP">7.1. Local Set-up Documentation</a>
84 If you intend to operate <span class="APPLICATION">Privoxy</span>
85 for more users than just yourself, it might be a good idea to let
86 them know how to reach you, what you block and why you do that,
91 <a name="USER-MANUAL">7.1.1. user-manual</a>
93 <div class="VARIABLELIST">
100 Location of the <span class="APPLICATION">Privoxy</span>
109 A fully qualified URI
117 <span class="emphasis"><i class="EMPHASIS">Unset</i></span>
125 <a href="https://www.privoxy.org/user-manual/" target=
126 "_top">https://www.privoxy.org/<tt class=
127 "REPLACEABLE"><i>version</i></tt>/user-manual/</a> will be
128 used, where <tt class="REPLACEABLE"><i>version</i></tt> is
129 the <span class="APPLICATION">Privoxy</span> version.
137 The User Manual URI is the single best source of
138 information on <span class="APPLICATION">Privoxy</span>,
139 and is used for help links from some of the internal CGI
140 pages. The manual itself is normally packaged with the
141 binary distributions, so you probably want to set this to a
142 locally installed copy.
148 The best all purpose solution is simply to put the full
149 local <tt class="LITERAL">PATH</tt> to where the <i class=
150 "CITETITLE">User Manual</i> is located:
154 <table border="0" bgcolor="#E0E0E0" width="90%">
158 user-manual /usr/share/doc/privoxy/user-manual
165 The User Manual is then available to anyone with access to
166 <span class="APPLICATION">Privoxy</span>, by following the
167 built-in URL: <tt class=
168 "LITERAL">http://config.privoxy.org/user-manual/</tt> (or
169 the shortcut: <tt class=
170 "LITERAL">http://p.p/user-manual/</tt>).
173 If the documentation is not on the local system, it can be
174 accessed from a remote server, as:
178 <table border="0" bgcolor="#E0E0E0" width="90%">
182 user-manual http://example.com/privoxy/user-manual/
188 <div class="WARNING">
189 <table class="WARNING" border="1" width="90%">
198 If set, this option should be <span class=
199 "emphasis"><i class="EMPHASIS">the first option in
200 the config file</i></span>, because it is used
201 while the config file is being read on start-up.
213 <a name="TRUST-INFO-URL">7.1.2. trust-info-url</a>
215 <div class="VARIABLELIST">
222 A URL to be displayed in the error page that users will see
223 if access to an untrusted page is denied.
239 <span class="emphasis"><i class="EMPHASIS">Unset</i></span>
247 No links are displayed on the "untrusted" error page.
255 The value of this option only matters if the experimental
256 trust mechanism has been activated. (See <a href=
257 "config.html#TRUSTFILE"><span class="emphasis"><i class=
258 "EMPHASIS">trustfile</i></span></a> below.)
261 If you use the trust mechanism, it is a good idea to write
262 up some on-line documentation about your trust policy and
263 to specify the URL(s) here. Use multiple times for multiple
267 The URL(s) should be added to the trustfile as well, so
268 users don't end up locked out from the information on why
269 they were locked out in the first place!
277 <a name="ADMIN-ADDRESS">7.1.3. admin-address</a>
279 <div class="VARIABLELIST">
286 An email address to reach the <span class=
287 "APPLICATION">Privoxy</span> administrator.
303 <span class="emphasis"><i class="EMPHASIS">Unset</i></span>
311 No email address is displayed on error pages and the CGI
320 If both <tt class="LITERAL">admin-address</tt> and <tt
321 class="LITERAL">proxy-info-url</tt> are unset, the whole
322 "Local Privoxy Support" box on all generated pages will not
331 <a name="PROXY-INFO-URL">7.1.4. proxy-info-url</a>
333 <div class="VARIABLELIST">
340 A URL to documentation about the local <span class=
341 "APPLICATION">Privoxy</span> setup, configuration or
358 <span class="emphasis"><i class="EMPHASIS">Unset</i></span>
366 No link to local documentation is displayed on error pages
367 and the CGI user interface.
375 If both <tt class="LITERAL">admin-address</tt> and <tt
376 class="LITERAL">proxy-info-url</tt> are unset, the whole
377 "Local Privoxy Support" box on all generated pages will not
381 This URL shouldn't be blocked ;-)
390 <a name="CONF-LOG-LOC">7.2. Configuration and Log File
394 <span class="APPLICATION">Privoxy</span> can (and normally does)
395 use a number of other files for additional configuration, help and
396 logging. This section of the configuration file tells <span class=
397 "APPLICATION">Privoxy</span> where to find those other files.
400 The user running <span class="APPLICATION">Privoxy</span>, must
401 have read permission for all configuration files, and write
402 permission to any files that would be modified, such as log files
407 <a name="CONFDIR">7.2.1. confdir</a>
409 <div class="VARIABLELIST">
416 The directory where the other configuration files are
433 /etc/privoxy (Unix) <span class="emphasis"><i class=
434 "EMPHASIS">or</i></span> <span class=
435 "APPLICATION">Privoxy</span> installation dir (Windows)
443 <span class="emphasis"><i class=
444 "EMPHASIS">Mandatory</i></span>
452 No trailing <span class="QUOTE">"<tt class=
453 "LITERAL">/</tt>"</span>, please.
461 <a name="TEMPLDIR">7.2.2. templdir</a>
463 <div class="VARIABLELIST">
470 An alternative directory where the templates are loaded
495 The templates are assumed to be located in
504 <span class="APPLICATION">Privoxy's</span> original
505 templates are usually overwritten with each update. Use
506 this option to relocate customized templates that should be
507 kept. As template variables might change between updates,
508 you shouldn't expect templates to work with <span class=
509 "APPLICATION">Privoxy</span> releases other than the one
510 they were part of, though.
518 <a name="TEMPORARY-DIRECTORY">7.2.3. temporary-directory</a>
520 <div class="VARIABLELIST">
527 A directory where Privoxy can create temporary files.
551 No temporary files are created, external filters don't
560 To execute <tt class="LITERAL"><a href=
561 "actions-file.html#EXTERNAL-FILTER" target="_top">external
562 filters</a></tt>, <span class="APPLICATION">Privoxy</span>
563 has to create temporary files. This directive specifies the
564 directory the temporary files should be written to.
567 It should be a directory only <span class=
568 "APPLICATION">Privoxy</span> (and trusted users) can
577 <a name="LOGDIR">7.2.4. logdir</a>
579 <div class="VARIABLELIST">
586 The directory where all logging takes place (i.e. where the
587 <tt class="FILENAME">logfile</tt> is located).
603 /var/log/privoxy (Unix) <span class="emphasis"><i class=
604 "EMPHASIS">or</i></span> <span class=
605 "APPLICATION">Privoxy</span> installation dir (Windows)
613 <span class="emphasis"><i class=
614 "EMPHASIS">Mandatory</i></span>
622 No trailing <span class="QUOTE">"<tt class=
623 "LITERAL">/</tt>"</span>, please.
631 <a name="ACTIONSFILE">7.2.5. actionsfile</a>
633 <a name="DEFAULT.ACTION"></a><a name="STANDARD.ACTION"></a><a name=
635 <div class="VARIABLELIST">
642 The <a href="actions-file.html">actions file(s)</a> to use
650 Complete file name, relative to <tt class=
651 "LITERAL">confdir</tt>
662 <p class="LITERALLAYOUT">
663 match-all.action # Actions that are applied to all sites and maybe overruled later on.
669 <p class="LITERALLAYOUT">
670 default.action # Main actions file
676 <p class="LITERALLAYOUT">
677 user.action # User customizations
689 No actions are taken at all. More or less neutral proxying.
697 Multiple <tt class="LITERAL">actionsfile</tt> lines are
698 permitted, and are in fact recommended!
701 The default values are <tt class=
702 "FILENAME">default.action</tt>, which is the <span class=
703 "QUOTE">"main"</span> actions file maintained by the
704 developers, and <tt class="FILENAME">user.action</tt>,
705 where you can make your personal additions.
708 Actions files contain all the per site and per URL
709 configuration for ad blocking, cookie management, privacy
718 <a name="FILTERFILE">7.2.6. filterfile</a>
720 <a name="DEFAULT.FILTER"></a>
721 <div class="VARIABLELIST">
728 The <a href="filter-file.html">filter file(s)</a> to use
736 File name, relative to <tt class="LITERAL">confdir</tt>
744 default.filter (Unix) <span class="emphasis"><i class=
745 "EMPHASIS">or</i></span> default.filter.txt (Windows)
753 No textual content filtering takes place, i.e. all <tt
754 class="LITERAL">+<a href=
755 "actions-file.html#FILTER">filter</a>{<tt class=
756 "REPLACEABLE"><i>name</i></tt>}</tt> actions in the actions
757 files are turned neutral.
765 Multiple <tt class="LITERAL">filterfile</tt> lines are
769 The <a href="filter-file.html">filter files</a> contain
770 content modification rules that use <a href=
771 "appendix.html#REGEX">regular expressions</a>. These rules
772 permit powerful changes on the content of Web pages, and
773 optionally the headers as well, e.g., you could try to
774 disable your favorite JavaScript annoyances, re-write the
775 actual displayed text, or just have some fun playing
776 buzzword bingo with web pages.
779 The <tt class="LITERAL">+<a href=
780 "actions-file.html#FILTER">filter</a>{<tt class=
781 "REPLACEABLE"><i>name</i></tt>}</tt> actions rely on the
782 relevant filter (<tt class="REPLACEABLE"><i>name</i></tt>)
783 to be defined in a filter file!
786 A pre-defined filter file called <tt class=
787 "FILENAME">default.filter</tt> that contains a number of
788 useful filters for common problems is included in the
789 distribution. See the section on the <tt class="LITERAL"><a
790 href="actions-file.html#FILTER">filter</a></tt> action for
794 It is recommended to place any locally adapted filters into
795 a separate file, such as <tt class=
796 "FILENAME">user.filter</tt>.
804 <a name="LOGFILE">7.2.7. logfile</a>
806 <div class="VARIABLELIST">
821 File name, relative to <tt class="LITERAL">logdir</tt>
829 <span class="emphasis"><i class="EMPHASIS">Unset (commented
830 out)</i></span>. When activated: logfile (Unix) <span
831 class="emphasis"><i class="EMPHASIS">or</i></span>
832 privoxy.log (Windows).
840 No logfile is written.
848 The logfile is where all logging and error messages are
849 written. The level of detail and number of messages are set
850 with the <tt class="LITERAL">debug</tt> option (see below).
851 The logfile can be useful for tracking down a problem with
852 <span class="APPLICATION">Privoxy</span> (e.g., it's not
853 blocking an ad you think it should block) and it can help
854 you to monitor what your browser is doing.
857 Depending on the debug options below, the logfile may be a
858 privacy risk if third parties can get access to it. As most
859 users will never look at it, <span class=
860 "APPLICATION">Privoxy</span> only logs fatal errors by
864 For most troubleshooting purposes, you will have to change
865 that, please refer to the debugging section for details.
868 Any log files must be writable by whatever user <span
869 class="APPLICATION">Privoxy</span> is being run as (on
870 Unix, default user id is <span class=
871 "QUOTE">"privoxy"</span>).
874 To prevent the logfile from growing indefinitely, it is
875 recommended to periodically rotate or shorten it. Many
876 operating systems support log rotation out of the box, some
877 require additional software to do it. For details, please
878 refer to the documentation for your operating system.
886 <a name="TRUSTFILE">7.2.8. trustfile</a>
888 <div class="VARIABLELIST">
895 The name of the trust file to use
903 File name, relative to <tt class="LITERAL">confdir</tt>
911 <span class="emphasis"><i class="EMPHASIS">Unset (commented
912 out)</i></span>. When activated: trust (Unix) <span class=
913 "emphasis"><i class="EMPHASIS">or</i></span> trust.txt
922 The entire trust mechanism is disabled.
930 The trust mechanism is an experimental feature for building
931 white-lists and should be used with care. It is <span
932 class="emphasis"><i class="EMPHASIS">NOT</i></span>
933 recommended for the casual user.
936 If you specify a trust file, <span class=
937 "APPLICATION">Privoxy</span> will only allow access to
938 sites that are specified in the trustfile. Sites can be
939 listed in one of two ways:
942 Prepending a <tt class="LITERAL">~</tt> character limits
943 access to this site only (and any sub-paths within this
944 site), e.g. <tt class="LITERAL">~www.example.com</tt>
945 allows access to <tt class=
946 "LITERAL">~www.example.com/features/news.html</tt>, etc.
949 Or, you can designate sites as <span class="emphasis"><i
950 class="EMPHASIS">trusted referrers</i></span>, by
951 prepending the name with a <tt class="LITERAL">+</tt>
952 character. The effect is that access to untrusted sites
953 will be granted -- but only if a link from this trusted
954 referrer was used to get there. The link target will then
955 be added to the <span class="QUOTE">"trustfile"</span> so
956 that future, direct accesses will be granted. Sites added
957 via this mechanism do not become trusted referrers
958 themselves (i.e. they are added with a <tt class=
959 "LITERAL">~</tt> designation). There is a limit of 512 such
960 entries, after which new entries will not be made.
963 If you use the <tt class="LITERAL">+</tt> operator in the
964 trust file, it may grow considerably over time.
967 It is recommended that <span class=
968 "APPLICATION">Privoxy</span> be compiled with the <tt
969 class="LITERAL">--disable-force</tt>, <tt class=
970 "LITERAL">--disable-toggle</tt> and <tt class=
971 "LITERAL">--disable-editor</tt> options, if this feature is
975 Possible applications include limiting Internet access for
985 <a name="DEBUGGING">7.3. Debugging</a>
988 These options are mainly useful when tracing a problem. Note that
989 you might also want to invoke <span class=
990 "APPLICATION">Privoxy</span> with the <tt class=
991 "LITERAL">--no-daemon</tt> command line option when debugging.
995 <a name="DEBUG">7.3.1. debug</a>
997 <div class="VARIABLELIST">
1004 Key values that determine what information gets logged.
1020 0 (i.e.: only fatal errors (that cause Privoxy to exit) are
1029 Default value is used (see above).
1037 The available debug levels are:
1041 <table border="0" bgcolor="#E0E0E0" width="90%">
1044 <pre class="PROGRAMLISTING">
1045 debug 1 # Log the destination for each request <span class=
1046 "APPLICATION">Privoxy</span> let through. See also debug 1024.
1047 debug 2 # show each connection status
1048 debug 4 # show I/O status
1049 debug 8 # show header parsing
1050 debug 16 # log all data written to the network
1051 debug 32 # debug force feature
1052 debug 64 # debug regular expression filters
1053 debug 128 # debug redirects
1054 debug 256 # debug GIF de-animation
1055 debug 512 # Common Log Format
1056 debug 1024 # Log the destination for requests <span class=
1057 "APPLICATION">Privoxy</span> didn't let through, and the reason why.
1058 debug 2048 # CGI user interface
1059 debug 4096 # Startup banner and warnings.
1060 debug 8192 # Non-fatal errors
1061 debug 32768 # log all data read from the network
1062 debug 65536 # Log the applying actions
1069 To select multiple debug levels, you can either add them or
1070 use multiple <tt class="LITERAL">debug</tt> lines.
1073 A debug level of 1 is informative because it will show you
1074 each request as it happens. <span class="emphasis"><i
1075 class="EMPHASIS">1, 1024, 4096 and 8192 are
1076 recommended</i></span> so that you will notice when things
1077 go wrong. The other levels are probably only of interest if
1078 you are hunting down a specific problem. They can produce a
1079 hell of an output (especially 16).
1082 If you are used to the more verbose settings, simply enable
1083 the debug lines below again.
1086 If you want to use pure CLF (Common Log Format), you should
1087 set <span class="QUOTE">"debug 512"</span> <span class=
1088 "emphasis"><i class="EMPHASIS">ONLY</i></span> and not
1089 enable anything else.
1092 <span class="APPLICATION">Privoxy</span> has a hard-coded
1093 limit for the length of log messages. If it's reached,
1094 messages are logged truncated and marked with <span class=
1095 "QUOTE">"... [too long, truncated]"</span>.
1098 Please don't file any support requests without trying to
1099 reproduce the problem with increased debug level first.
1100 Once you read the log messages, you may even be able to
1101 solve the problem on your own.
1109 <a name="SINGLE-THREADED">7.3.2. single-threaded</a>
1111 <div class="VARIABLELIST">
1118 Whether to run only one server thread.
1126 <span class="emphasis"><i class="EMPHASIS">1 or
1135 <span class="emphasis"><i class="EMPHASIS">0</i></span>
1143 Multi-threaded (or, where unavailable: forked) operation,
1144 i.e. the ability to serve multiple requests simultaneously.
1152 This option is only there for debugging purposes. <span
1153 class="emphasis"><i class="EMPHASIS">It will drastically
1154 reduce performance.</i></span>
1162 <a name="HOSTNAME">7.3.3. hostname</a>
1164 <div class="VARIABLELIST">
1171 The hostname shown on the CGI pages.
1187 <span class="emphasis"><i class="EMPHASIS">Unset</i></span>
1195 The hostname provided by the operating system is used.
1203 On some misconfigured systems resolving the hostname fails
1204 or takes too much time and slows Privoxy down. Setting a
1205 fixed hostname works around the problem.
1208 In other circumstances it might be desirable to show a
1209 hostname other than the one returned by the operating
1210 system. For example if the system has several different
1211 hostnames and you don't want to use the first one.
1214 Note that Privoxy does not validate the specified hostname
1224 <a name="ACCESS-CONTROL">7.4. Access Control and Security</a>
1227 This section of the config file controls the security-relevant
1228 aspects of <span class="APPLICATION">Privoxy</span>'s
1233 <a name="LISTEN-ADDRESS">7.4.1. listen-address</a>
1235 <div class="VARIABLELIST">
1242 The address and TCP port on which <span class=
1243 "APPLICATION">Privoxy</span> will listen for client
1252 [<tt class="REPLACEABLE"><i>IP-Address</i></tt>]:<tt class=
1253 "REPLACEABLE"><i>Port</i></tt>
1256 [<tt class="REPLACEABLE"><i>Hostname</i></tt>]:<tt class=
1257 "REPLACEABLE"><i>Port</i></tt>
1273 Bind to 127.0.0.1 (IPv4 localhost), port 8118. This is
1274 suitable and recommended for home users who run <span
1275 class="APPLICATION">Privoxy</span> on the same machine as
1284 You will need to configure your browser(s) to this proxy
1288 If you already have another service running on port 8118,
1289 or if you want to serve requests from other machines (e.g.
1290 on your local network) as well, you will need to override
1294 You can use this statement multiple times to make <span
1295 class="APPLICATION">Privoxy</span> listen on more ports or
1296 more <abbr class="ABBREV">IP</abbr> addresses. Suitable if
1297 your operating system does not support sharing <abbr class=
1298 "ABBREV">IPv6</abbr> and <abbr class="ABBREV">IPv4</abbr>
1299 protocols on the same socket.
1302 If a hostname is used instead of an IP address, <span
1303 class="APPLICATION">Privoxy</span> will try to resolve it
1304 to an IP address and if there are multiple, use the first
1308 If the address for the hostname isn't already known on the
1309 system (for example because it's in /etc/hostname), this
1310 may result in DNS traffic.
1313 If the specified address isn't available on the system, or
1314 if the hostname can't be resolved, <span class=
1315 "APPLICATION">Privoxy</span> will fail to start.
1318 IPv6 addresses containing colons have to be quoted by
1319 brackets. They can only be used if <span class=
1320 "APPLICATION">Privoxy</span> has been compiled with IPv6
1321 support. If you aren't sure if your version supports it,
1322 have a look at <tt class=
1323 "LITERAL">http://config.privoxy.org/show-status</tt>.
1326 Some operating systems will prefer IPv6 to IPv4 addresses
1327 even if the system has no IPv6 connectivity which is
1328 usually not expected by the user. Some even rely on DNS to
1329 resolve localhost which mean the "localhost" address used
1330 may not actually be local.
1333 It is therefore recommended to explicitly configure the
1334 intended IP address instead of relying on the operating
1335 system, unless there's a strong reason not to.
1338 If you leave out the address, <span class=
1339 "APPLICATION">Privoxy</span> will bind to all IPv4
1340 interfaces (addresses) on your machine and may become
1341 reachable from the Internet and/or the local network. Be
1342 aware that some GNU/Linux distributions modify that
1343 behaviour without updating the documentation. Check for
1344 non-standard patches if your <span class=
1345 "APPLICATION">Privoxy</span> version behaves differently.
1348 If you configure <span class="APPLICATION">Privoxy</span>
1349 to be reachable from the network, consider using <a href=
1350 "config.html#ACLS">access control lists</a> (ACL's, see
1351 below), and/or a firewall.
1354 If you open <span class="APPLICATION">Privoxy</span> to
1355 untrusted users, you will also want to make sure that the
1356 following actions are disabled: <tt class="LITERAL"><a
1358 "config.html#ENABLE-EDIT-ACTIONS">enable-edit-actions</a></tt>
1359 and <tt class="LITERAL"><a href=
1360 "config.html#ENABLE-REMOTE-TOGGLE">enable-remote-toggle</a></tt>
1368 Suppose you are running <span class=
1369 "APPLICATION">Privoxy</span> on a machine which has the
1370 address 192.168.0.1 on your local private network
1371 (192.168.0.0) and has another outside connection with a
1372 different address. You want it to serve requests from
1377 <table border="0" bgcolor="#E0E0E0" width="90%">
1380 <pre class="PROGRAMLISTING">
1381 listen-address 192.168.0.1:8118
1388 Suppose you are running <span class=
1389 "APPLICATION">Privoxy</span> on an IPv6-capable machine and
1390 you want it to listen on the IPv6 address of the loopback
1395 <table border="0" bgcolor="#E0E0E0" width="90%">
1398 <pre class="PROGRAMLISTING">
1399 listen-address [::1]:8118
1410 <a name="TOGGLE">7.4.2. toggle</a>
1412 <div class="VARIABLELIST">
1419 Initial state of "toggle" status
1443 Act as if toggled on
1451 If set to 0, <span class="APPLICATION">Privoxy</span> will
1452 start in <span class="QUOTE">"toggled off"</span> mode,
1453 i.e. mostly behave like a normal, content-neutral proxy
1454 with both ad blocking and content filtering disabled. See
1455 <tt class="LITERAL">enable-remote-toggle</tt> below.
1463 <a name="ENABLE-REMOTE-TOGGLE">7.4.3. enable-remote-toggle</a>
1465 <div class="VARIABLELIST">
1472 Whether or not the <a href=
1473 "http://config.privoxy.org/toggle" target="_top">web-based
1474 toggle feature</a> may be used
1498 The web-based toggle feature is disabled.
1506 When toggled off, <span class="APPLICATION">Privoxy</span>
1507 mostly acts like a normal, content-neutral proxy, i.e.
1508 doesn't block ads or filter content.
1511 Access to the toggle feature can <span class="emphasis"><i
1512 class="EMPHASIS">not</i></span> be controlled separately by
1513 <span class="QUOTE">"ACLs"</span> or HTTP authentication,
1514 so that everybody who can access <span class=
1515 "APPLICATION">Privoxy</span> (see <span class=
1516 "QUOTE">"ACLs"</span> and <tt class=
1517 "LITERAL">listen-address</tt> above) can toggle it for all
1518 users. So this option is <span class="emphasis"><i class=
1519 "EMPHASIS">not recommended</i></span> for multi-user
1520 environments with untrusted users.
1523 Note that malicious client side code (e.g Java) is also
1524 capable of using this option.
1527 As a lot of <span class="APPLICATION">Privoxy</span> users
1528 don't read documentation, this feature is disabled by
1532 Note that you must have compiled <span class=
1533 "APPLICATION">Privoxy</span> with support for this feature,
1534 otherwise this option has no effect.
1542 <a name="ENABLE-REMOTE-HTTP-TOGGLE">7.4.4.
1543 enable-remote-http-toggle</a>
1545 <div class="VARIABLELIST">
1552 Whether or not Privoxy recognizes special HTTP headers to
1553 change its behaviour.
1577 Privoxy ignores special HTTP headers.
1585 When toggled on, the client can change <span class=
1586 "APPLICATION">Privoxy's</span> behaviour by setting special
1587 HTTP headers. Currently the only supported special header
1588 is <span class="QUOTE">"X-Filter: No"</span>, to disable
1589 filtering for the ongoing request, even if it is enabled in
1590 one of the action files.
1593 This feature is disabled by default. If you are using <span
1594 class="APPLICATION">Privoxy</span> in a environment with
1595 trusted clients, you may enable this feature at your
1596 discretion. Note that malicious client side code (e.g Java)
1597 is also capable of using this feature.
1600 This option will be removed in future releases as it has
1601 been obsoleted by the more general header taggers.
1609 <a name="ENABLE-EDIT-ACTIONS">7.4.5. enable-edit-actions</a>
1611 <div class="VARIABLELIST">
1618 Whether or not the <a href=
1619 "http://config.privoxy.org/show-status" target=
1620 "_top">web-based actions file editor</a> may be used
1644 The web-based actions file editor is disabled.
1652 Access to the editor can <span class="emphasis"><i class=
1653 "EMPHASIS">not</i></span> be controlled separately by <span
1654 class="QUOTE">"ACLs"</span> or HTTP authentication, so that
1655 everybody who can access <span class=
1656 "APPLICATION">Privoxy</span> (see <span class=
1657 "QUOTE">"ACLs"</span> and <tt class=
1658 "LITERAL">listen-address</tt> above) can modify its
1659 configuration for all users.
1662 This option is <span class="emphasis"><i class=
1663 "EMPHASIS">not recommended</i></span> for environments with
1664 untrusted users and as a lot of <span class=
1665 "APPLICATION">Privoxy</span> users don't read
1666 documentation, this feature is disabled by default.
1669 Note that malicious client side code (e.g Java) is also
1670 capable of using the actions editor and you shouldn't
1671 enable this options unless you understand the consequences
1672 and are sure your browser is configured correctly.
1675 Note that you must have compiled <span class=
1676 "APPLICATION">Privoxy</span> with support for this feature,
1677 otherwise this option has no effect.
1685 <a name="ENFORCE-BLOCKS">7.4.6. enforce-blocks</a>
1687 <div class="VARIABLELIST">
1694 Whether the user is allowed to ignore blocks and can <span
1695 class="QUOTE">"go there anyway"</span>.
1703 <tt class="REPLACEABLE"><i>0 or 1</i></tt>
1711 <span class="emphasis"><i class="EMPHASIS">0</i></span>
1719 Blocks are not enforced.
1727 <span class="APPLICATION">Privoxy</span> is mainly used to
1728 block and filter requests as a service to the user, for
1729 example to block ads and other junk that clogs the pipes.
1730 <span class="APPLICATION">Privoxy's</span> configuration
1731 isn't perfect and sometimes innocent pages are blocked. In
1732 this situation it makes sense to allow the user to enforce
1733 the request and have <span class=
1734 "APPLICATION">Privoxy</span> ignore the block.
1737 In the default configuration <span class=
1738 "APPLICATION">Privoxy's</span> <span class=
1739 "QUOTE">"Blocked"</span> page contains a <span class=
1740 "QUOTE">"go there anyway"</span> link to adds a special
1741 string (the force prefix) to the request URL. If that link
1742 is used, <span class="APPLICATION">Privoxy</span> will
1743 detect the force prefix, remove it again and let the
1747 Of course <span class="APPLICATION">Privoxy</span> can also
1748 be used to enforce a network policy. In that case the user
1749 obviously should not be able to bypass any blocks, and
1750 that's what the <span class="QUOTE">"enforce-blocks"</span>
1751 option is for. If it's enabled, <span class=
1752 "APPLICATION">Privoxy</span> hides the <span class=
1753 "QUOTE">"go there anyway"</span> link. If the user adds the
1754 force prefix by hand, it will not be accepted and the
1755 circumvention attempt is logged.
1771 <a name="ACLS">7.4.7. ACLs: permit-access and deny-access</a>
1773 <a name="PERMIT-ACCESS"></a><a name="DENY-ACCESS"></a>
1774 <div class="VARIABLELIST">
1781 Who can access what.
1789 <tt class="REPLACEABLE"><i>src_addr</i></tt>[:<tt class=
1790 "REPLACEABLE"><i>port</i></tt>][/<tt class=
1791 "REPLACEABLE"><i>src_masklen</i></tt>] [<tt class=
1792 "REPLACEABLE"><i>dst_addr</i></tt>[:<tt class=
1793 "REPLACEABLE"><i>port</i></tt>][/<tt class=
1794 "REPLACEABLE"><i>dst_masklen</i></tt>]]
1797 Where <tt class="REPLACEABLE"><i>src_addr</i></tt> and <tt
1798 class="REPLACEABLE"><i>dst_addr</i></tt> are IPv4 addresses
1799 in dotted decimal notation or valid DNS names, <tt class=
1800 "REPLACEABLE"><i>port</i></tt> is a port number, and <tt
1801 class="REPLACEABLE"><i>src_masklen</i></tt> and <tt class=
1802 "REPLACEABLE"><i>dst_masklen</i></tt> are subnet masks in
1803 CIDR notation, i.e. integer values from 2 to 30
1804 representing the length (in bits) of the network address.
1805 The masks and the whole destination part are optional.
1808 If your system implements <a href=
1809 "http://tools.ietf.org/html/rfc3493" target="_top">RFC
1810 3493</a>, then <tt class="REPLACEABLE"><i>src_addr</i></tt>
1811 and <tt class="REPLACEABLE"><i>dst_addr</i></tt> can be
1812 IPv6 addresses delimeted by brackets, <tt class=
1813 "REPLACEABLE"><i>port</i></tt> can be a number or a service
1814 name, and <tt class="REPLACEABLE"><i>src_masklen</i></tt>
1815 and <tt class="REPLACEABLE"><i>dst_masklen</i></tt> can be
1816 a number from 0 to 128.
1824 <span class="emphasis"><i class="EMPHASIS">Unset</i></span>
1827 If no <tt class="REPLACEABLE"><i>port</i></tt> is
1828 specified, any port will match. If no <tt class=
1829 "REPLACEABLE"><i>src_masklen</i></tt> or <tt class=
1830 "REPLACEABLE"><i>src_masklen</i></tt> is given, the
1831 complete IP address has to match (i.e. 32 bits for IPv4 and
1840 Don't restrict access further than implied by <tt class=
1841 "LITERAL">listen-address</tt>
1849 Access controls are included at the request of ISPs and
1850 systems administrators, and <span class="emphasis"><i
1851 class="EMPHASIS">are not usually needed by individual
1852 users</i></span>. For a typical home user, it will normally
1853 suffice to ensure that <span class=
1854 "APPLICATION">Privoxy</span> only listens on the localhost
1855 (127.0.0.1) or internal (home) network address by means of
1856 the <a href="config.html#LISTEN-ADDRESS"><span class=
1857 "emphasis"><i class=
1858 "EMPHASIS">listen-address</i></span></a> option.
1861 Please see the warnings in the FAQ that <span class=
1862 "APPLICATION">Privoxy</span> is not intended to be a
1863 substitute for a firewall or to encourage anyone to defer
1864 addressing basic security weaknesses.
1867 Multiple ACL lines are OK. If any ACLs are specified, <span
1868 class="APPLICATION">Privoxy</span> only talks to IP
1869 addresses that match at least one <tt class=
1870 "LITERAL">permit-access</tt> line and don't match any
1871 subsequent <tt class="LITERAL">deny-access</tt> line. In
1872 other words, the last match wins, with the default being
1873 <tt class="LITERAL">deny-access</tt>.
1876 If <span class="APPLICATION">Privoxy</span> is using a
1877 forwarder (see <tt class="LITERAL">forward</tt> below) for
1878 a particular destination URL, the <tt class=
1879 "REPLACEABLE"><i>dst_addr</i></tt> that is examined is the
1880 address of the forwarder and <span class="emphasis"><i
1881 class="EMPHASIS">NOT</i></span> the address of the ultimate
1882 target. This is necessary because it may be impossible for
1883 the local <span class="APPLICATION">Privoxy</span> to
1884 determine the IP address of the ultimate target (that's
1885 often what gateways are used for).
1888 You should prefer using IP addresses over DNS names,
1889 because the address lookups take time. All DNS names must
1890 resolve! You can <span class="emphasis"><i class=
1891 "EMPHASIS">not</i></span> use domain patterns like <span
1892 class="QUOTE">"*.org"</span> or partial domain names. If a
1893 DNS name resolves to multiple IP addresses, only the first
1897 Some systems allow IPv4 clients to connect to IPv6 server
1898 sockets. Then the client's IPv4 address will be translated
1899 by the system into IPv6 address space with special prefix
1900 ::ffff:0:0/96 (so called IPv4 mapped IPv6 address). <span
1901 class="APPLICATION">Privoxy</span> can handle it and maps
1902 such ACL addresses automatically.
1905 Denying access to particular sites by ACL may have
1906 undesired side effects if the site in question is hosted on
1907 a machine which also hosts other sites (most sites are).
1915 Explicitly define the default behavior if no ACL and <tt
1916 class="LITERAL">listen-address</tt> are set: <span class=
1917 "QUOTE">"localhost"</span> is OK. The absence of a <tt
1918 class="REPLACEABLE"><i>dst_addr</i></tt> implies that <span
1919 class="emphasis"><i class="EMPHASIS">all</i></span>
1920 destination addresses are OK:
1924 <table border="0" bgcolor="#E0E0E0" width="90%">
1927 <pre class="SCREEN">
1928 permit-access localhost
1935 Allow any host on the same class C subnet as
1936 www.privoxy.org access to nothing but www.example.com (or
1937 other domains hosted on the same system):
1941 <table border="0" bgcolor="#E0E0E0" width="90%">
1944 <pre class="SCREEN">
1945 permit-access www.privoxy.org/24 www.example.com/32
1952 Allow access from any host on the 26-bit subnet
1953 192.168.45.64 to anywhere, with the exception that
1954 192.168.45.73 may not access the IP address behind
1955 www.dirty-stuff.example.com:
1959 <table border="0" bgcolor="#E0E0E0" width="90%">
1962 <pre class="SCREEN">
1963 permit-access 192.168.45.64/26
1964 deny-access 192.168.45.73 www.dirty-stuff.example.com
1971 Allow access from the IPv4 network 192.0.2.0/24 even if
1972 listening on an IPv6 wild card address (not supported on
1977 <table border="0" bgcolor="#E0E0E0" width="90%">
1980 <pre class="PROGRAMLISTING">
1981 permit-access 192.0.2.0/24
1988 This is equivalent to the following line even if listening
1989 on an IPv4 address (not supported on all platforms):
1993 <table border="0" bgcolor="#E0E0E0" width="90%">
1996 <pre class="PROGRAMLISTING">
1997 permit-access [::ffff:192.0.2.0]/120
2008 <a name="BUFFER-LIMIT">7.4.8. buffer-limit</a>
2010 <div class="VARIABLELIST">
2017 Maximum size of the buffer for content filtering.
2041 Use a 4MB (4096 KB) limit.
2049 For content filtering, i.e. the <tt class=
2050 "LITERAL">+filter</tt> and <tt class=
2051 "LITERAL">+deanimate-gif</tt> actions, it is necessary that
2052 <span class="APPLICATION">Privoxy</span> buffers the entire
2053 document body. This can be potentially dangerous, since a
2054 server could just keep sending data indefinitely and wait
2055 for your RAM to exhaust -- with nasty consequences. Hence
2059 When a document buffer size reaches the <tt class=
2060 "LITERAL">buffer-limit</tt>, it is flushed to the client
2061 unfiltered and no further attempt to filter the rest of the
2062 document is made. Remember that there may be multiple
2063 threads running, which might require up to <tt class=
2064 "LITERAL">buffer-limit</tt> Kbytes <span class=
2065 "emphasis"><i class="EMPHASIS">each</i></span>, unless you
2066 have enabled <span class="QUOTE">"single-threaded"</span>
2075 <a name="ENABLE-PROXY-AUTHENTICATION-FORWARDING">7.4.9.
2076 enable-proxy-authentication-forwarding</a>
2078 <div class="VARIABLELIST">
2085 Whether or not proxy authentication through <span class=
2086 "APPLICATION">Privoxy</span> should work.
2110 Proxy authentication headers are removed.
2118 Privoxy itself does not support proxy authentication, but
2119 can allow clients to authenticate against Privoxy's parent
2123 By default Privoxy (3.0.21 and later) don't do that and
2124 remove Proxy-Authorization headers in requests and
2125 Proxy-Authenticate headers in responses to make it harder
2126 for malicious sites to trick inexperienced users into
2127 providing login information.
2130 If this option is enabled the headers are forwarded.
2133 Enabling this option is <span class="emphasis"><i class=
2134 "EMPHASIS">not recommended</i></span> if there is no parent
2135 proxy that requires authentication or if the local network
2136 between Privoxy and the parent proxy isn't trustworthy. If
2137 proxy authentication is only required for some requests, it
2138 is recommended to use a client header filter to remove the
2139 authentication headers for requests where they aren't
2149 <a name="FORWARDING">7.5. Forwarding</a>
2152 This feature allows routing of HTTP requests through a chain of
2156 Forwarding can be used to chain Privoxy with a caching proxy to
2157 speed up browsing. Using a parent proxy may also be necessary if
2158 the machine that <span class="APPLICATION">Privoxy</span> runs on
2159 has no direct Internet access.
2162 Note that parent proxies can severely decrease your privacy level.
2163 For example a parent proxy could add your IP address to the request
2164 headers and if it's a caching proxy it may add the <span class=
2165 "QUOTE">"Etag"</span> header to revalidation requests again, even
2166 though you configured Privoxy to remove it. It may also ignore
2167 Privoxy's header time randomization and use the original values
2168 which could be used by the server as cookie replacement to track
2169 your steps between visits.
2172 Also specified here are SOCKS proxies. <span class=
2173 "APPLICATION">Privoxy</span> supports the SOCKS 4 and SOCKS 4A
2178 <a name="FORWARD">7.5.1. forward</a>
2180 <div class="VARIABLELIST">
2187 To which parent HTTP proxy specific requests should be
2196 <tt class="REPLACEABLE"><i>target_pattern</i></tt> <tt
2197 class="REPLACEABLE"><i>http_parent</i></tt>[:<tt class=
2198 "REPLACEABLE"><i>port</i></tt>]
2201 where <tt class="REPLACEABLE"><i>target_pattern</i></tt> is
2202 a <a href="actions-file.html#AF-PATTERNS">URL pattern</a>
2203 that specifies to which requests (i.e. URLs) this forward
2204 rule shall apply. Use <tt class="LITERAL">/</tt> to denote
2205 <span class="QUOTE">"all URLs"</span>. <tt class=
2206 "REPLACEABLE"><i>http_parent</i></tt>[:<tt class=
2207 "REPLACEABLE"><i>port</i></tt>] is the DNS name or IP
2208 address of the parent HTTP proxy through which the requests
2209 should be forwarded, optionally followed by its listening
2210 port (default: 8000). Use a single dot (<tt class=
2211 "LITERAL">.</tt>) to denote <span class="QUOTE">"no
2220 <span class="emphasis"><i class="EMPHASIS">Unset</i></span>
2228 Don't use parent HTTP proxies.
2236 If <tt class="REPLACEABLE"><i>http_parent</i></tt> is <span
2237 class="QUOTE">"."</span>, then requests are not forwarded
2238 to another HTTP proxy but are made directly to the web
2242 <tt class="REPLACEABLE"><i>http_parent</i></tt> can be a
2243 numerical IPv6 address (if <a href=
2244 "http://tools.ietf.org/html/rfc3493" target="_top">RFC
2245 3493</a> is implemented). To prevent clashes with the port
2246 delimiter, the whole IP address has to be put into
2247 brackets. On the other hand a <tt class=
2248 "REPLACEABLE"><i>target_pattern</i></tt> containing an IPv6
2249 address has to be put into angle brackets (normal brackets
2250 are reserved for regular expressions already).
2253 Multiple lines are OK, they are checked in sequence, and
2254 the last match wins.
2262 Everything goes to an example parent proxy, except SSL on
2263 port 443 (which it doesn't handle):
2267 <table border="0" bgcolor="#E0E0E0" width="90%">
2270 <pre class="SCREEN">
2271 forward / parent-proxy.example.org:8080
2279 Everything goes to our example ISP's caching proxy, except
2280 for requests to that ISP's sites:
2284 <table border="0" bgcolor="#E0E0E0" width="90%">
2287 <pre class="SCREEN">
2288 forward / caching-proxy.isp.example.net:8000
2289 forward .isp.example.net .
2296 Parent proxy specified by an IPv6 address:
2300 <table border="0" bgcolor="#E0E0E0" width="90%">
2303 <pre class="PROGRAMLISTING">
2304 forward / [2001:DB8::1]:8000
2311 Suppose your parent proxy doesn't support IPv6:
2315 <table border="0" bgcolor="#E0E0E0" width="90%">
2318 <pre class="PROGRAMLISTING">
2319 forward / parent-proxy.example.org:8000
2320 forward ipv6-server.example.org .
2321 forward <[2-3][0-9a-f][0-9a-f][0-9a-f]:*> .
2332 <a name="SOCKS">7.5.2. forward-socks4, forward-socks4a,
2333 forward-socks5 and forward-socks5t</a>
2335 <a name="FORWARD-SOCKS4"></a><a name="FORWARD-SOCKS4A"></a>
2336 <div class="VARIABLELIST">
2343 Through which SOCKS proxy (and optionally to which parent
2344 HTTP proxy) specific requests should be routed.
2352 <tt class="REPLACEABLE"><i>target_pattern</i></tt> <tt
2353 class="REPLACEABLE"><i>socks_proxy</i></tt>[:<tt class=
2354 "REPLACEABLE"><i>port</i></tt>] <tt class=
2355 "REPLACEABLE"><i>http_parent</i></tt>[:<tt class=
2356 "REPLACEABLE"><i>port</i></tt>]
2359 where <tt class="REPLACEABLE"><i>target_pattern</i></tt> is
2360 a <a href="actions-file.html#AF-PATTERNS">URL pattern</a>
2361 that specifies to which requests (i.e. URLs) this forward
2362 rule shall apply. Use <tt class="LITERAL">/</tt> to denote
2363 <span class="QUOTE">"all URLs"</span>. <tt class=
2364 "REPLACEABLE"><i>http_parent</i></tt> and <tt class=
2365 "REPLACEABLE"><i>socks_proxy</i></tt> are IP addresses in
2366 dotted decimal notation or valid DNS names (<tt class=
2367 "REPLACEABLE"><i>http_parent</i></tt> may be <span class=
2368 "QUOTE">"."</span> to denote <span class="QUOTE">"no HTTP
2369 forwarding"</span>), and the optional <tt class=
2370 "REPLACEABLE"><i>port</i></tt> parameters are TCP ports,
2371 i.e. integer values from 1 to 65535
2379 <span class="emphasis"><i class="EMPHASIS">Unset</i></span>
2387 Don't use SOCKS proxies.
2395 Multiple lines are OK, they are checked in sequence, and
2396 the last match wins.
2399 The difference between <tt class=
2400 "LITERAL">forward-socks4</tt> and <tt class=
2401 "LITERAL">forward-socks4a</tt> is that in the SOCKS 4A
2402 protocol, the DNS resolution of the target hostname happens
2403 on the SOCKS server, while in SOCKS 4 it happens locally.
2406 With <tt class="LITERAL">forward-socks5</tt> the DNS
2407 resolution will happen on the remote server as well.
2410 <tt class="LITERAL">forward-socks5t</tt> works like vanilla
2411 <tt class="LITERAL">forward-socks5</tt> but lets <span
2412 class="APPLICATION">Privoxy</span> additionally use
2413 Tor-specific SOCKS extensions. Currently the only supported
2414 SOCKS extension is optimistic data which can reduce the
2415 latency for the first request made on a newly created
2419 <tt class="REPLACEABLE"><i>socks_proxy</i></tt> and <tt
2420 class="REPLACEABLE"><i>http_parent</i></tt> can be a
2421 numerical IPv6 address (if <a href=
2422 "http://tools.ietf.org/html/rfc3493" target="_top">RFC
2423 3493</a> is implemented). To prevent clashes with the port
2424 delimiter, the whole IP address has to be put into
2425 brackets. On the other hand a <tt class=
2426 "REPLACEABLE"><i>target_pattern</i></tt> containing an IPv6
2427 address has to be put into angle brackets (normal brackets
2428 are reserved for regular expressions already).
2431 If <tt class="REPLACEABLE"><i>http_parent</i></tt> is <span
2432 class="QUOTE">"."</span>, then requests are not forwarded
2433 to another HTTP proxy but are made (HTTP-wise) directly to
2434 the web servers, albeit through a SOCKS proxy.
2442 From the company example.com, direct connections are made
2443 to all <span class="QUOTE">"internal"</span> domains, but
2444 everything outbound goes through their ISP's proxy by way
2445 of example.com's corporate SOCKS 4A gateway to the
2450 <table border="0" bgcolor="#E0E0E0" width="90%">
2453 <pre class="SCREEN">
2454 forward-socks4a / socks-gw.example.com:1080 www-cache.isp.example.net:8080
2455 forward .example.com .
2462 A rule that uses a SOCKS 4 gateway for all destinations but
2463 no HTTP parent looks like this:
2467 <table border="0" bgcolor="#E0E0E0" width="90%">
2470 <pre class="SCREEN">
2471 forward-socks4 / socks-gw.example.com:1080 .
2478 To chain Privoxy and Tor, both running on the same system,
2479 you would use something like:
2483 <table border="0" bgcolor="#E0E0E0" width="90%">
2486 <pre class="SCREEN">
2487 forward-socks5t / 127.0.0.1:9050 .
2494 Note that if you got Tor through one of the bundles, you
2495 may have to change the port from 9050 to 9150 (or even
2496 another one). For details, please check the documentation
2497 on the <a href="https://torproject.org/" target="_top">Tor
2501 The public <span class="APPLICATION">Tor</span> network
2502 can't be used to reach your local network, if you need to
2503 access local servers you therefore might want to make some
2508 <table border="0" bgcolor="#E0E0E0" width="90%">
2511 <pre class="SCREEN">
2512 forward 192.168.*.*/ .
2514 forward 127.*.*.*/ .
2521 Unencrypted connections to systems in these address ranges
2522 will be as (un)secure as the local network is, but the
2523 alternative is that you can't reach the local network
2524 through <span class="APPLICATION">Privoxy</span> at all. Of
2525 course this may actually be desired and there is no reason
2526 to make these exceptions if you aren't sure you need them.
2529 If you also want to be able to reach servers in your local
2530 network by using their names, you will need additional
2531 exceptions that look like this:
2535 <table border="0" bgcolor="#E0E0E0" width="90%">
2538 <pre class="SCREEN">
2539 forward localhost/ .
2550 <a name="ADVANCED-FORWARDING-EXAMPLES">7.5.3. Advanced Forwarding
2554 If you have links to multiple ISPs that provide various special
2555 content only to their subscribers, you can configure multiple
2556 <span class="APPLICATION">Privoxies</span> which have connections
2557 to the respective ISPs to act as forwarders to each other, so
2558 that <span class="emphasis"><i class="EMPHASIS">your</i></span>
2559 users can see the internal content of all ISPs.
2562 Assume that host-a has a PPP connection to isp-a.example.net. And
2563 host-b has a PPP connection to isp-b.example.org. Both run <span
2564 class="APPLICATION">Privoxy</span>. Their forwarding
2565 configuration can look like this:
2572 <table border="0" bgcolor="#E0E0E0" width="100%">
2575 <pre class="SCREEN">
2577 forward .isp-b.example.net host-b:8118
2588 <table border="0" bgcolor="#E0E0E0" width="100%">
2591 <pre class="SCREEN">
2593 forward .isp-a.example.org host-a:8118
2600 Now, your users can set their browser's proxy to use either
2601 host-a or host-b and be able to browse the internal content of
2602 both isp-a and isp-b.
2605 If you intend to chain <span class="APPLICATION">Privoxy</span>
2606 and <span class="APPLICATION">squid</span> locally, then chaining
2607 as <tt class="LITERAL">browser -> squid -> privoxy</tt> is
2608 the recommended way.
2611 Assuming that <span class="APPLICATION">Privoxy</span> and <span
2612 class="APPLICATION">squid</span> run on the same box, your <span
2613 class="APPLICATION">squid</span> configuration could then look
2618 <table border="0" bgcolor="#E0E0E0" width="100%">
2621 <pre class="SCREEN">
2622 # Define Privoxy as parent proxy (without ICP)
2623 cache_peer 127.0.0.1 parent 8118 7 no-query
2625 # Define ACL for protocol FTP
2628 # Do not forward FTP requests to Privoxy
2629 always_direct allow ftp
2631 # Forward all the rest to Privoxy
2632 never_direct allow all
2639 You would then need to change your browser's proxy settings to
2640 <span class="APPLICATION">squid</span>'s address and port. Squid
2641 normally uses port 3128. If unsure consult <tt class=
2642 "LITERAL">http_port</tt> in <tt class="FILENAME">squid.conf</tt>.
2645 You could just as well decide to only forward requests you
2646 suspect of leading to Windows executables through a
2647 virus-scanning parent proxy, say, on <tt class=
2648 "LITERAL">antivir.example.com</tt>, port 8010:
2652 <table border="0" bgcolor="#E0E0E0" width="100%">
2655 <pre class="SCREEN">
2657 forward /.*\.(exe|com|dll|zip)$ antivir.example.com:8010
2665 <a name="FORWARDED-CONNECT-RETRIES">7.5.4.
2666 forwarded-connect-retries</a>
2668 <div class="VARIABLELIST">
2675 How often Privoxy retries if a forwarded connection request
2684 <tt class="REPLACEABLE"><i>Number of retries.</i></tt>
2692 <span class="emphasis"><i class="EMPHASIS">0</i></span>
2700 Connections forwarded through other proxies are treated
2701 like direct connections and no retry attempts are made.
2710 "REPLACEABLE"><i>forwarded-connect-retries</i></tt> is
2711 mainly interesting for socks4a connections, where <span
2712 class="APPLICATION">Privoxy</span> can't detect why the
2713 connections failed. The connection might have failed
2714 because of a DNS timeout in which case a retry makes sense,
2715 but it might also have failed because the server doesn't
2716 exist or isn't reachable. In this case the retry will just
2717 delay the appearance of Privoxy's error message.
2720 Note that in the context of this option, <span class=
2721 "QUOTE">"forwarded connections"</span> includes all
2722 connections that Privoxy forwards through other proxies.
2723 This option is not limited to the HTTP CONNECT method.
2726 Only use this option, if you are getting lots of
2727 forwarding-related error messages that go away when you try
2728 again manually. Start with a small value and check
2729 Privoxy's logfile from time to time, to see how many
2730 retries are usually needed.
2738 forwarded-connect-retries 1
2747 <a name="MISC">7.6. Miscellaneous</a>
2751 <a name="ACCEPT-INTERCEPTED-REQUESTS">7.6.1.
2752 accept-intercepted-requests</a>
2754 <div class="VARIABLELIST">
2761 Whether intercepted requests should be treated as valid.
2769 <tt class="REPLACEABLE"><i>0 or 1</i></tt>
2777 <span class="emphasis"><i class="EMPHASIS">0</i></span>
2785 Only proxy requests are accepted, intercepted requests are
2794 If you don't trust your clients and want to force them to
2795 use <span class="APPLICATION">Privoxy</span>, enable this
2796 option and configure your packet filter to redirect
2797 outgoing HTTP connections into <span class=
2798 "APPLICATION">Privoxy</span>.
2801 Note that intercepting encrypted connections (HTTPS) isn't
2805 Make sure that <span class="APPLICATION">Privoxy's</span>
2806 own requests aren't redirected as well. Additionally take
2807 care that <span class="APPLICATION">Privoxy</span> can't
2808 intentionally connect to itself, otherwise you could run
2809 into redirection loops if <span class=
2810 "APPLICATION">Privoxy's</span> listening port is reachable
2811 by the outside or an attacker has access to the pages you
2815 If you are running Privoxy as intercepting proxy without
2816 being able to intercept all client requests you may want to
2817 adjust the CGI templates to make sure they don't reference
2818 content from config.privoxy.org.
2826 accept-intercepted-requests 1
2834 <a name="ALLOW-CGI-REQUEST-CRUNCHING">7.6.2.
2835 allow-cgi-request-crunching</a>
2837 <div class="VARIABLELIST">
2844 Whether requests to <span class=
2845 "APPLICATION">Privoxy's</span> CGI pages can be blocked or
2854 <tt class="REPLACEABLE"><i>0 or 1</i></tt>
2862 <span class="emphasis"><i class="EMPHASIS">0</i></span>
2870 <span class="APPLICATION">Privoxy</span> ignores block and
2871 redirect actions for its CGI pages.
2879 By default <span class="APPLICATION">Privoxy</span> ignores
2880 block or redirect actions for its CGI pages. Intercepting
2881 these requests can be useful in multi-user setups to
2882 implement fine-grained access control, but it can also
2883 render the complete web interface useless and make
2884 debugging problems painful if done without care.
2887 Don't enable this option unless you're sure that you really
2896 allow-cgi-request-crunching 1
2904 <a name="SPLIT-LARGE-FORMS">7.6.3. split-large-forms</a>
2906 <div class="VARIABLELIST">
2913 Whether the CGI interface should stay compatible with
2914 broken HTTP clients.
2922 <tt class="REPLACEABLE"><i>0 or 1</i></tt>
2930 <span class="emphasis"><i class="EMPHASIS">0</i></span>
2938 The CGI form generate long GET URLs.
2946 <span class="APPLICATION">Privoxy's</span> CGI forms can
2947 lead to rather long URLs. This isn't a problem as far as
2948 the HTTP standard is concerned, but it can confuse clients
2949 with arbitrary URL length limitations.
2952 Enabling split-large-forms causes <span class=
2953 "APPLICATION">Privoxy</span> to divide big forms into
2954 smaller ones to keep the URL length down. It makes editing
2955 a lot less convenient and you can no longer submit all
2956 changes at once, but at least it works around this browser
2960 If you don't notice any editing problems, there is no
2961 reason to enable this option, but if one of the submit
2962 buttons appears to be broken, you should give it a try.
2978 <a name="KEEP-ALIVE-TIMEOUT">7.6.4. keep-alive-timeout</a>
2980 <div class="VARIABLELIST">
2987 Number of seconds after which an open connection will no
2996 <tt class="REPLACEABLE"><i>Time in seconds.</i></tt>
3012 Connections are not kept alive.
3020 This option allows clients to keep the connection to <span
3021 class="APPLICATION">Privoxy</span> alive. If the server
3022 supports it, <span class="APPLICATION">Privoxy</span> will
3023 keep the connection to the server alive as well. Under
3024 certain circumstances this may result in speed-ups.
3027 By default, <span class="APPLICATION">Privoxy</span> will
3028 close the connection to the server if the client connection
3029 gets closed, or if the specified timeout has been reached
3030 without a new request coming in. This behaviour can be
3031 changed with the <a href="#CONNECTION-SHARING" target=
3032 "_top">connection-sharing</a> option.
3035 This option has no effect if <span class=
3036 "APPLICATION">Privoxy</span> has been compiled without
3040 Note that a timeout of five seconds as used in the default
3041 configuration file significantly decreases the number of
3042 connections that will be reused. The value is used because
3043 some browsers limit the number of connections they open to
3044 a single host and apply the same limit to proxies. This can
3045 result in a single website <span class=
3046 "QUOTE">"grabbing"</span> all the connections the browser
3047 allows, which means connections to other websites can't be
3048 opened until the connections currently in use time out.
3051 Several users have reported this as a Privoxy bug, so the
3052 default value has been reduced. Consider increasing it to
3053 300 seconds or even more if you think your browser can
3054 handle it. If your browser appears to be hanging, it
3063 keep-alive-timeout 300
3071 <a name="TOLERATE-PIPELINING">7.6.5. tolerate-pipelining</a>
3073 <div class="VARIABLELIST">
3080 Whether or not pipelined requests should be served.
3088 <tt class="REPLACEABLE"><i>0 or 1.</i></tt>
3104 If Privoxy receives more than one request at once, it
3105 terminates the client connection after serving the first
3114 <span class="APPLICATION">Privoxy</span> currently doesn't
3115 pipeline outgoing requests, thus allowing pipelining on the
3116 client connection is not guaranteed to improve the
3120 By default <span class="APPLICATION">Privoxy</span> tries
3121 to discourage clients from pipelining by discarding
3122 aggressively pipelined requests, which forces the client to
3123 resend them through a new connection.
3126 This option lets <span class="APPLICATION">Privoxy</span>
3127 tolerate pipelining. Whether or not that improves
3128 performance mainly depends on the client configuration.
3131 If you are seeing problems with pages not properly loading,
3132 disabling this option could work around the problem.
3140 tolerate-pipelining 1
3148 <a name="DEFAULT-SERVER-TIMEOUT">7.6.6.
3149 default-server-timeout</a>
3151 <div class="VARIABLELIST">
3158 Assumed server-side keep-alive timeout if not specified by
3167 <tt class="REPLACEABLE"><i>Time in seconds.</i></tt>
3183 Connections for which the server didn't specify the
3184 keep-alive timeout are not reused.
3192 Enabling this option significantly increases the number of
3193 connections that are reused, provided the <a href=
3194 "#KEEP-ALIVE-TIMEOUT" target="_top">keep-alive-timeout</a>
3195 option is also enabled.
3198 While it also increases the number of connections problems
3199 when <span class="APPLICATION">Privoxy</span> tries to
3200 reuse a connection that already has been closed on the
3201 server side, or is closed while <span class=
3202 "APPLICATION">Privoxy</span> is trying to reuse it, this
3203 should only be a problem if it happens for the first
3204 request sent by the client. If it happens for requests on
3205 reused client connections, <span class=
3206 "APPLICATION">Privoxy</span> will simply close the
3207 connection and the client is supposed to retry the request
3208 without bothering the user.
3211 Enabling this option is therefore only recommended if the
3212 <a href="#CONNECTION-SHARING" target=
3213 "_top">connection-sharing</a> option is disabled.
3216 It is an error to specify a value larger than the <a href=
3217 "#KEEP-ALIVE-TIMEOUT" target="_top">keep-alive-timeout</a>
3221 This option has no effect if <span class=
3222 "APPLICATION">Privoxy</span> has been compiled without
3231 default-server-timeout 60
3239 <a name="CONNECTION-SHARING">7.6.7. connection-sharing</a>
3241 <div class="VARIABLELIST">
3248 Whether or not outgoing connections that have been kept
3249 alive should be shared between different incoming
3258 <tt class="REPLACEABLE"><i>0 or 1</i></tt>
3274 Connections are not shared.
3282 This option has no effect if <span class=
3283 "APPLICATION">Privoxy</span> has been compiled without
3284 keep-alive support, or if it's disabled.
3292 Note that reusing connections doesn't necessary cause
3293 speedups. There are also a few privacy implications you
3297 If this option is effective, outgoing connections are
3298 shared between clients (if there are more than one) and
3299 closing the browser that initiated the outgoing connection
3300 does no longer affect the connection between <span class=
3301 "APPLICATION">Privoxy</span> and the server unless the
3302 client's request hasn't been completed yet.
3305 If the outgoing connection is idle, it will not be closed
3306 until either <span class="APPLICATION">Privoxy's</span> or
3307 the server's timeout is reached. While it's open, the
3308 server knows that the system running <span class=
3309 "APPLICATION">Privoxy</span> is still there.
3312 If there are more than one client (maybe even belonging to
3313 multiple users), they will be able to reuse each others
3314 connections. This is potentially dangerous in case of
3315 authentication schemes like NTLM where only the connection
3316 is authenticated, instead of requiring authentication for
3320 If there is only a single client, and if said client can
3321 keep connections alive on its own, enabling this option has
3322 next to no effect. If the client doesn't support connection
3323 keep-alive, enabling this option may make sense as it
3324 allows <span class="APPLICATION">Privoxy</span> to keep
3325 outgoing connections alive even if the client itself
3329 You should also be aware that enabling this option
3330 increases the likelihood of getting the "No server or
3331 forwarder data" error message, especially if you are using
3332 a slow connection to the Internet.
3335 This option should only be used by experienced users who
3336 understand the risks and can weight them against the
3345 connection-sharing 1
3353 <a name="SOCKET-TIMEOUT">7.6.8. socket-timeout</a>
3355 <div class="VARIABLELIST">
3362 Number of seconds after which a socket times out if no data
3371 <tt class="REPLACEABLE"><i>Time in seconds.</i></tt>
3387 A default value of 300 seconds is used.
3395 The default is quite high and you probably want to reduce
3396 it. If you aren't using an occasionally slow proxy like
3397 Tor, reducing it to a few seconds should be fine.
3413 <a name="MAX-CLIENT-CONNECTIONS">7.6.9.
3414 max-client-connections</a>
3416 <div class="VARIABLELIST">
3423 Maximum number of client connections that will be served.
3431 <tt class="REPLACEABLE"><i>Positive number.</i></tt>
3447 Connections are served until a resource limit is reached.
3455 <span class="APPLICATION">Privoxy</span> creates one thread
3456 (or process) for every incoming client connection that
3457 isn't rejected based on the access control settings.
3460 If the system is powerful enough, <span class=
3461 "APPLICATION">Privoxy</span> can theoretically deal with
3462 several hundred (or thousand) connections at the same time,
3463 but some operating systems enforce resource limits by
3464 shutting down offending processes and their default limits
3465 may be below the ones <span class=
3466 "APPLICATION">Privoxy</span> would require under heavy
3470 Configuring <span class="APPLICATION">Privoxy</span> to
3471 enforce a connection limit below the thread or process
3472 limit used by the operating system makes sure this doesn't
3473 happen. Simply increasing the operating system's limit
3474 would work too, but if <span class=
3475 "APPLICATION">Privoxy</span> isn't the only application
3476 running on the system, you may actually want to limit the
3477 resources used by <span class="APPLICATION">Privoxy</span>.
3480 If <span class="APPLICATION">Privoxy</span> is only used by
3481 a single trusted user, limiting the number of client
3482 connections is probably unnecessary. If there are multiple
3483 possibly untrusted users you probably still want to
3484 additionally use a packet filter to limit the maximal
3485 number of incoming connections per client. Otherwise a
3486 malicious user could intentionally create a high number of
3487 connections to prevent other users from using <span class=
3488 "APPLICATION">Privoxy</span>.
3491 Obviously using this option only makes sense if you choose
3492 a limit below the one enforced by the operating system.
3495 One most POSIX-compliant systems <span class=
3496 "APPLICATION">Privoxy</span> can't properly deal with more
3497 than FD_SETSIZE file descriptors at the same time and has
3498 to reject connections if the limit is reached. This will
3499 likely change in a future version, but currently this limit
3500 can't be increased without recompiling <span class=
3501 "APPLICATION">Privoxy</span> with a different FD_SETSIZE
3510 max-client-connections 256
3518 <a name="HANDLE-AS-EMPTY-DOC-RETURNS-OK">7.6.10.
3519 handle-as-empty-doc-returns-ok</a>
3521 <div class="VARIABLELIST">
3528 The status code Privoxy returns for pages blocked with <tt
3529 class="LITERAL"><a href=
3530 "actions-file.html#HANDLE-AS-EMPTY-DOCUMENT" target=
3531 "_top">+handle-as-empty-document</a></tt>.
3539 <tt class="REPLACEABLE"><i>0 or 1</i></tt>
3555 Privoxy returns a status 403(forbidden) for all blocked
3564 Privoxy returns a status 200(OK) for pages blocked with
3565 +handle-as-empty-document and a status 403(Forbidden) for
3566 all other blocked pages.
3574 This directive was added as a work-around for Firefox bug
3575 492459: <span class="QUOTE">"Websites are no longer
3576 rendered if SSL requests for JavaScripts are blocked by a
3577 proxy."</span> (<a href=
3578 "https://bugzilla.mozilla.org/show_bug.cgi?id=492459"
3580 "_top">https://bugzilla.mozilla.org/show_bug.cgi?id=492459</a>),
3581 the bug has been fixed for quite some time, but this
3582 directive is also useful to make it harder for websites to
3583 detect whether or not resources are being blocked.
3591 <a name="ENABLE-COMPRESSION">7.6.11. enable-compression</a>
3593 <div class="VARIABLELIST">
3600 Whether or not buffered content is compressed before
3609 <tt class="REPLACEABLE"><i>0 or 1</i></tt>
3625 Privoxy does not compress buffered content.
3633 Privoxy compresses buffered content before delivering it to
3634 the client, provided the client supports it.
3642 This directive is only supported if Privoxy has been
3643 compiled with FEATURE_COMPRESSION, which should not to be
3644 confused with FEATURE_ZLIB.
3647 Compressing buffered content is mainly useful if Privoxy
3648 and the client are running on different systems. If they
3649 are running on the same system, enabling compression is
3650 likely to slow things down. If you didn't measure
3651 otherwise, you should assume that it does and keep this
3655 Privoxy will not compress buffered content below a certain
3664 <a name="COMPRESSION-LEVEL">7.6.12. compression-level</a>
3666 <div class="VARIABLELIST">
3673 The compression level that is passed to the zlib library
3674 when compressing buffered content.
3682 <tt class="REPLACEABLE"><i>Positive number ranging from 0
3699 Compressing the data more takes usually longer than
3700 compressing it less or not compressing it at all. Which
3701 level is best depends on the connection between Privoxy and
3702 the client. If you can't be bothered to benchmark it for
3703 yourself, you should stick with the default and keep
3704 compression disabled.
3707 If compression is disabled, the compression level is
3717 <table border="0" bgcolor="#E0E0E0" width="90%">
3720 <pre class="SCREEN">
3721 # Best speed (compared to the other levels)
3725 # No compression. Only useful for testing as the added header
3726 # slightly increases the amount of data that has to be sent.
3727 # If your benchmark shows that using this compression level
3728 # is superior to using no compression at all, the benchmark
3729 # is likely to be flawed.
3742 <a name="CLIENT-HEADER-ORDER">7.6.13. client-header-order</a>
3744 <div class="VARIABLELIST">
3751 The order in which client headers are sorted before
3760 <tt class="REPLACEABLE"><i>Client header names delimited by
3761 spaces or tabs</i></tt>
3777 By default <span class="APPLICATION">Privoxy</span> leaves
3778 the client headers in the order they were sent by the
3779 client. Headers are modified in-place, new headers are
3780 added at the end of the already existing headers.
3783 The header order can be used to fingerprint client requests
3784 independently of other headers like the User-Agent.
3787 This directive allows to sort the headers differently to
3788 better mimic a different User-Agent. Client headers will be
3789 emitted in the order given, headers whose name isn't
3790 explicitly specified are added at the end.
3793 Note that sorting headers in an uncommon way will make
3794 fingerprinting actually easier. Encrypted headers are not
3795 affected by this directive.
3803 <a name="CLIENT-SPECIFIC-TAG">7.6.14. client-specific-tag</a>
3805 <div class="VARIABLELIST">
3812 The name of a tag that will always be set for clients that
3813 requested it through the webinterface.
3821 <tt class="REPLACEABLE"><i>Tag name followed by a
3822 description that will be shown in the webinterface</i></tt>
3837 <div class="WARNING">
3838 <table class="WARNING" border="1" width="90%">
3847 This is an experimental feature. The syntax is
3848 likely to change in future versions.
3855 Client-specific tags allow Privoxy admins to create
3856 different profiles and let the users chose which one they
3857 want without impacting other users.
3860 One use case is allowing users to circumvent certain blocks
3861 without having to allow them to circumvent all blocks. This
3862 is not possible with the <a href=
3863 "config.html#ENABLE-REMOTE-TOGGLE">enable-remote-toggle
3864 feature</a> because it would bluntly disable all blocks for
3865 all users and also affect other actions like filters. It
3866 also is set globally which renders it useless in most
3870 After a client-specific tag has been defined with the
3871 client-specific-tag directive, action sections can be
3872 activated based on the tag by using a <a href=
3873 "actions-file.html#CLIENT-TAG-PATTERN" target=
3874 "_top">CLIENT-TAG</a> pattern. The CLIENT-TAG pattern is
3875 evaluated at the same priority as URL patterns, as a result
3876 the last matching pattern wins. Tags that are created based
3877 on client or server headers are evaluated later on and can
3878 overrule CLIENT-TAG and URL patterns!
3881 The tag is set for all requests that come from clients that
3882 requested it to be set. Note that "clients" are
3883 differentiated by IP address, if the IP address changes the
3884 tag has to be requested again.
3887 Clients can request tags to be set by using the CGI
3888 interface <a href="http://config.privoxy.org/client-tags"
3889 target="_top">http://config.privoxy.org/client-tags</a>.
3890 The specific tag description is only used on the web page
3891 and should be phrased in away that the user understand the
3901 <table border="0" bgcolor="#E0E0E0" width="90%">
3904 <pre class="SCREEN">
3905 # Define a couple of tags, the described effect requires action sections
3906 # that are enabled based on CLIENT-TAG patterns.
3907 client-specific-tag circumvent-blocks Overrule blocks but do not affect other actions
3908 disable-content-filters Disable content-filters but do not affect other actions
3920 <a name="CLIENT-TAG-LIFETIME">7.6.15. client-tag-lifetime</a>
3922 <div class="VARIABLELIST">
3929 How long a temporarily enabled tag remains enabled.
3937 <tt class="REPLACEABLE"><i>Time in seconds.</i></tt>
3952 <div class="WARNING">
3953 <table class="WARNING" border="1" width="90%">
3962 This is an experimental feature. The syntax is
3963 likely to change in future versions.
3970 In case of some tags users may not want to enable them
3971 permanently, but only for a short amount of time, for
3972 example to circumvent a block that is the result of an
3973 overly-broad URL pattern.
3976 The CGI interface <a href=
3977 "http://config.privoxy.org/client-tags" target=
3978 "_top">http://config.privoxy.org/client-tags</a> therefore
3979 provides a "enable this tag temporarily" option. If it is
3980 used, the tag will be set until the client-tag-lifetime is
3990 <table border="0" bgcolor="#E0E0E0" width="90%">
3993 <pre class="SCREEN">
3994 # Increase the time to life for temporarily enabled tags to 3 minutes
3995 client-tag-lifetime 180
4007 <a name="TRUST-X-FORWARDED-FOR">7.6.16. trust-x-forwarded-for</a>
4009 <div class="VARIABLELIST">
4016 Whether or not Privoxy should use IP addresses specified
4017 with the X-Forwarded-For header
4025 <tt class="REPLACEABLE"><i>0 or one</i></tt>
4040 <div class="WARNING">
4041 <table class="WARNING" border="1" width="90%">
4050 This is an experimental feature. The syntax is
4051 likely to change in future versions.
4058 If clients reach Privoxy through another proxy, for example
4059 a load balancer, Privoxy can't tell the client's IP address
4060 from the connection. If multiple clients use the same
4061 proxy, they will share the same client tag settings which
4062 is usually not desired.
4065 This option lets Privoxy use the X-Forwarded-For header
4066 value as client IP address. If the proxy sets the header,
4067 multiple clients using the same proxy do not share the same
4068 client tag settings.
4071 This option should only be enabled if Privoxy can only be
4072 reached through a proxy and if the proxy can be trusted to
4073 set the header correctly. It is recommended that ACL are
4074 used to make sure only trusted systems can reach Privoxy.
4077 If access to Privoxy isn't limited to trusted systems, this
4078 option would allow malicious clients to change the client
4079 tags for other clients or increase Privoxy's memory
4080 requirements by registering lots of client tag settings for
4081 clients that don't exist.
4090 <table border="0" bgcolor="#E0E0E0" width="90%">
4093 <pre class="SCREEN">
4094 # Allow systems that can reach Privoxy to provide the client
4095 # IP address with a X-Forwarded-For header.
4096 trust-x-forwarded-for 1
4109 <a name="WINDOWS-GUI">7.7. Windows GUI Options</a>
4112 <span class="APPLICATION">Privoxy</span> has a number of options
4113 specific to the Windows GUI interface:
4115 <a name="ACTIVITY-ANIMATION"></a>
4117 If <span class="QUOTE">"activity-animation"</span> is set to 1, the
4118 <span class="APPLICATION">Privoxy</span> icon will animate when
4119 <span class="QUOTE">"Privoxy"</span> is active. To turn off, set to
4124 <p class="LITERALLAYOUT">
4125 <tt class="LITERAL"> <span class="emphasis"><i class=
4126 "EMPHASIS">activity-animation 1</i></span><br>
4127 </tt>
4129 <a name="LOG-MESSAGES"></a>
4131 If <span class="QUOTE">"log-messages"</span> is set to 1, <span
4132 class="APPLICATION">Privoxy</span> copies log messages to the
4133 console window. The log detail depends on the <a href=
4134 "config.html#DEBUG">debug</a> directive.
4138 <p class="LITERALLAYOUT">
4139 <tt class="LITERAL"> <span class="emphasis"><i class=
4140 "EMPHASIS">log-messages 1</i></span><br>
4141 </tt>
4143 <a name="LOG-BUFFER-SIZE"></a>
4145 If <span class="QUOTE">"log-buffer-size"</span> is set to 1, the
4146 size of the log buffer, i.e. the amount of memory used for the log
4147 messages displayed in the console window, will be limited to <span
4148 class="QUOTE">"log-max-lines"</span> (see below).
4151 Warning: Setting this to 0 will result in the buffer to grow
4152 infinitely and eat up all your memory!
4156 <p class="LITERALLAYOUT">
4157 <tt class="LITERAL"> <span class="emphasis"><i class=
4158 "EMPHASIS">log-buffer-size 1</i></span><br>
4159 </tt>
4161 <a name="LOG-MAX-LINES"></a>
4163 <span class="APPLICATION">log-max-lines</span> is the maximum
4164 number of lines held in the log buffer. See above.
4168 <p class="LITERALLAYOUT">
4169 <tt class="LITERAL"> <span class="emphasis"><i class=
4170 "EMPHASIS">log-max-lines 200</i></span><br>
4171 </tt>
4173 <a name="LOG-HIGHLIGHT-MESSAGES"></a>
4175 If <span class="QUOTE">"log-highlight-messages"</span> is set to 1,
4176 <span class="APPLICATION">Privoxy</span> will highlight portions of
4177 the log messages with a bold-faced font:
4181 <p class="LITERALLAYOUT">
4182 <tt class="LITERAL"> <span class="emphasis"><i class=
4183 "EMPHASIS">log-highlight-messages 1</i></span><br>
4184 </tt>
4186 <a name="LOG-FONT-NAME"></a>
4188 The font used in the console window:
4192 <p class="LITERALLAYOUT">
4193 <tt class="LITERAL"> <span class="emphasis"><i class=
4194 "EMPHASIS">log-font-name Comic Sans MS</i></span><br>
4195 </tt>
4197 <a name="LOG-FONT-SIZE"></a>
4199 Font size used in the console window:
4203 <p class="LITERALLAYOUT">
4204 <tt class="LITERAL"> <span class="emphasis"><i class=
4205 "EMPHASIS">log-font-size 8</i></span><br>
4206 </tt>
4208 <a name="SHOW-ON-TASK-BAR"></a>
4210 <span class="QUOTE">"show-on-task-bar"</span> controls whether or
4211 not <span class="APPLICATION">Privoxy</span> will appear as a
4212 button on the Task bar when minimized:
4216 <p class="LITERALLAYOUT">
4217 <tt class="LITERAL"> <span class="emphasis"><i class=
4218 "EMPHASIS">show-on-task-bar 0</i></span><br>
4219 </tt>
4221 <a name="CLOSE-BUTTON-MINIMIZES"></a>
4223 If <span class="QUOTE">"close-button-minimizes"</span> is set to 1,
4224 the Windows close button will minimize <span class=
4225 "APPLICATION">Privoxy</span> instead of closing the program (close
4226 with the exit option on the File menu).
4230 <p class="LITERALLAYOUT">
4231 <tt class="LITERAL"> <span class="emphasis"><i class=
4232 "EMPHASIS">close-button-minimizes 1</i></span><br>
4233 </tt>
4235 <a name="HIDE-CONSOLE"></a>
4237 The <span class="QUOTE">"hide-console"</span> option is specific to
4238 the MS-Win console version of <span class=
4239 "APPLICATION">Privoxy</span>. If this option is used, <span class=
4240 "APPLICATION">Privoxy</span> will disconnect from and hide the
4245 <p class="LITERALLAYOUT">
4246 <tt class="LITERAL"> #<span class="emphasis"><i class=
4247 "EMPHASIS">hide-console</i></span><br>
4248 </tt>
4252 <div class="NAVFOOTER">
4253 <hr align="LEFT" width="100%">
4254 <table summary="Footer navigation table" width="100%" border="0"
4255 cellpadding="0" cellspacing="0">
4257 <td width="33%" align="left" valign="top">
4258 <a href="configuration.html" accesskey="P">Prev</a>
4260 <td width="34%" align="center" valign="top">
4261 <a href="index.html" accesskey="H">Home</a>
4263 <td width="33%" align="right" valign="top">
4264 <a href="actions-file.html" accesskey="N">Next</a>
4268 <td width="33%" align="left" valign="top">
4269 Privoxy Configuration
4271 <td width="34%" align="center" valign="top">
4274 <td width="33%" align="right" valign="top">
projects / privoxy.git / blob