4 >Privoxy Configuration</TITLE
7 CONTENT="Modular DocBook HTML Stylesheet Version 1.60"><LINK
9 TITLE="Privoxy User Manual"
10 HREF="index.html"><LINK
12 TITLE="Quickstart to Using Privoxy"
13 HREF="quickstart.html"><LINK
15 TITLE="Contacting the Developers, Bug Reporting and Feature
17 HREF="contact.html"><LINK
20 HREF="../p_doc.css"></HEAD
39 >Privoxy User Manual</TH
47 HREF="quickstart.html"
83 > configuration is stored
84 in text files. These files can be edited with a text editor.
85 Many important aspects of <SPAN
89 also be controlled easily with a web browser.
98 >5.1. Controlling <SPAN
101 > with Your Web Browser</A
107 > can be reached by the special
114 HREF="http://config.privoxy.org/"
116 >http://config.privoxy.org/</A
118 which is an internal page. You will see the following section: </P
128 > Please choose from the following options:
130 * Show information about the current configuration
131 * Show the source code version numbers
132 * Show the client's request headers.
133 * Show which actions apply to a URL and why
134 * Toggle Privoxy on or off
135 * Edit the actions list
143 > This should be self-explanatory. Note the last item is an editor for the
146 >"actions list"</SPAN
147 >, which is where much of the ad, banner, cookie,
148 and URL blocking magic is configured as well as other advanced features of
152 >. This is an easy way to adjust various
156 > configuration. The actions
157 file, and other configuration files, are explained in detail below.
161 > will automatically detect any changes
166 >"Toggle Privoxy On or Off"</SPAN
167 > is handy for sites that might
168 have problems with your current actions and filters, or just to test if
169 a site misbehaves, whether it is <SPAN
173 causing the problem or not. <SPAN
177 to run as a proxy in this case, but all filtering is disabled. </P
185 >5.2. Configuration Files Overview</A
188 > For Unix, *BSD and Linux, all configuration files are located in
192 > by default. For MS Windows, OS/2, and
193 AmigaOS these are all in the same directory as the
197 > executable. The name
198 and number of configuration files has changed from previous versions, and is
199 subject to change as development progresses.</P
201 > The installed defaults provide a reasonable starting point, though possibly
202 aggressive by some standards. For the time being, there are only three
203 default configuration files (this may change in time):</P
210 > The main configuration file is named <TT
214 on Linux, Unix, BSD, OS/2, and AmigaOS and <TT
226 > file is used to define various
230 > relating to images, banners, pop-ups, access
231 restrictions, banners and cookies. There is a CGI based editor for this
232 file that can be accessed via <A
237 files are included as well with differing levels of filtering
238 and blocking, e.g. <TT
249 > file can be used to re-write the raw
250 page content, including viewable text as well as embedded HTML and JavaScript,
251 and whatever else lurks on any given web page.
264 can use Perl style regular expressions for maximum flexibility. All files use
271 > character to denote a comment. Such
272 lines are not processed by <SPAN
276 making any changes, there is no need to restart
280 > in order for the changes to take
284 > should detect such changes
287 > While under development, the configuration content is subject to change.
288 The below documentation may not be accurate by the time you read this.
289 Also, what constitutes a <SPAN
292 > setting, may change, so
293 please check all your configuration files on important issues.</P
301 >5.3. The Main Configuration File</A
304 > Again, the main configuration file is named <TT
308 Linux/Unix/BSD and OS/2, and <TT
312 Configuration lines consist of an initial keyword followed by a list of
313 values, all separated by whitespace (any number of spaces or tabs). For
319 CLASS="LITERALLAYOUT"
322 >blockfile blocklist.ini</I
324 </P
329 > Indicates that the blockfile is named <SPAN
331 >"blocklist.ini"</SPAN
333 default installation does not use this.)</P
341 > indicates a comment. Any part of a
342 line following a <SPAN
348 > is ignored, except if
364 > Thus, by placing a <SPAN
371 existing configuration line, you can make it a comment and it will be treated
372 as if it weren't there. This is called <SPAN
374 >"commenting out"</SPAN
376 option and can be useful to turn off features: If you comment out the
384 log to a file at all. Watch for the <SPAN
388 explanation to see what happens if the option is left unset (or commented
391 > Long lines can be continued on the next line by using a
398 > as the very last character.</P
400 > There are various aspects of <SPAN
404 that can be tuned.</P
411 >5.3.1. Defining Other Configuration Files</A
417 > can use a number of other files to tell it
418 what ads to block, what cookies to accept, and perform other functions. This
419 section of the configuration file tells <SPAN
423 where to find all those other files. </P
435 > looks for these files in the same
436 directory as the executable. On Unix and OS/2,
440 > looks for these files in the current
441 working directory. In either case, an absolute path name can be used to
444 > When development goes modular and multi-user, the blocker, filter, and
445 per-user config will be stored in subdirectories of <SPAN
451 >confdir/templates</TT
452 > is used for storing HTML
453 templates for CGI results. </P
455 > The location of the configuration files:</P
460 CLASS="LITERALLAYOUT"
463 >confdir /etc/privoxy</I
464 > # No trailing /, please.<br>
465 </P
470 > The directory where all logging (i.e. <TT
477 >) takes place. No trailing
489 CLASS="LITERALLAYOUT"
492 >logdir /var/log/privoxy</I
494 </P
499 > Note that all file specifications below are relative to
500 the above two directories!</P
504 >"default.action"</SPAN
505 > file contains patterns to specify the
506 actions to apply to requests for each site. Default: Cookies to and from all
507 destinations are kept only during the current browser session (i.e. they are
508 not saved to disk). Pop-ups are disabled for all sites. All sites are
509 filtered through selected sections of <SPAN
511 >"default.filter"</SPAN
516 > displays a checkboard type
517 pattern for filtered ads and other images. The syntax of this file is
518 explained in detail <A
519 HREF="configuration.html#ACTIONSFILE"
525 > files are included, and you are free to use any of
526 them. They have varying degrees of aggressiveness.</P
531 CLASS="LITERALLAYOUT"
534 >actionsfile default.action</I
536 </P
543 >"default.filter"</SPAN
544 > file contains content modification rules
547 >"regular expressions"</SPAN
548 >. These rules permit powerful
549 changes on the content of Web pages, e.g., you could disable your favorite
550 JavaScript annoyances, re-write the actual displayed text, or just have some
558 it appears on a Web page. Default: whatever the developers are playing with
561 > Filtering requires buffering the page content, which may appear to slow down
562 page rendering since nothing is displayed until all content has passed
563 the filters. (It does not really take longer, but seems that way since
564 the page is not incrementally displayed.) This effect will be more noticeable
565 on slower connections. </P
570 CLASS="LITERALLAYOUT"
573 >filterfile default.filter</I
575 </P
580 > The logfile is where all logging and error messages are written. The logfile
581 can be useful for tracking down a problem with
585 > (e.g., it's not blocking an ad you
586 think it should block) but in most cases you probably will never look at it.</P
588 > Your logfile will grow indefinitely, and you will probably want to
589 periodically remove it. On Unix systems, you can do this with a cron job
597 script has been included.</P
599 > On SuSE Linux systems, you can place a line like <SPAN
602 +1024k 644 nobody.nogroup"</SPAN
607 the effect that cron.daily will automatically archive, gzip, and empty the
608 log, when it exceeds 1M size.</P
610 > Default: Log to the a file named <TT
614 Comment out to disable logging.</P
619 CLASS="LITERALLAYOUT"
624 </P
636 > stores the cookies it intercepts. Note
637 that if you use a <SPAN
640 >, it may grow quite large. Default:
641 Don't store intercepted cookies.</P
646 CLASS="LITERALLAYOUT"
651 </P
656 > If you specify a <SPAN
663 > will only allow access to sites that
664 are named in the trustfile. You can also mark sites as trusted referrers,
665 with the effect that access to untrusted sites will be granted, if a link
666 from a trusted referrer was used. The link target will then be added to the
670 >. This is a very restrictive feature that typical
671 users most probably want to leave disabled. Default: Disabled, don't use the
677 CLASS="LITERALLAYOUT"
682 </P
687 > If you use the trust mechanism, it is a good idea to write up some on-line
688 documentation about your blocking policy and to specify the URL(s) here. They
689 will appear on the page that your users receive when they try to access
690 untrusted content. Use multiple times for multiple URLs. Default: Don't
691 display links on the <SPAN
699 CLASS="LITERALLAYOUT"
702 >trust-info-url http://www.example.com/why_we_block.html</I
706 >trust-info-url http://www.example.com/what_we_allow.html</I
708 </P
719 >5.3.2. Other Configuration Options</A
722 > This part of the configuration file contains options that control how
730 >"Admin-address"</SPAN
731 > should be set to the email address of the proxy
732 administrator. It is used in many of the proxy-generated pages. Default:
733 fill@me.in.please.</P
738 CLASS="LITERALLAYOUT"
741 >#admin-address fill@me.in.please</I
743 </P
750 >"Proxy-info-url"</SPAN
751 > can be set to a URL that contains more info
756 configuration and policies. It is used in many of the proxy-generated pages
757 and its use is highly recommended in multi-user installations, since your
758 users will want to know why certain content is blocked or modified. Default:
759 Don't show a link to on-line documentation.</P
764 CLASS="LITERALLAYOUT"
767 >proxy-info-url http://www.example.com/proxy.html</I
769 </P
776 >"Listen-address"</SPAN
777 > specifies the address and port where
781 > will listen for connections from your
782 Web browser. The default is to listen on the localhost port 8118, and
783 this is suitable for most users. (In your web browser, under proxy
784 configuration, list the proxy server as <SPAN
793 > If you already have another service running on port 8118, or if you want to
794 serve requests from other machines (e.g. on your local network) as well, you
795 will need to override the default. The syntax is
798 >"listen-address [<ip-address>]:<port>"</SPAN
800 out the IP address, <SPAN
804 interfaces (addresses) on your machine and may become reachable from the
805 Internet. In that case, consider using access control lists (acl's) (see
809 > above), or a firewall.</P
811 > For example, suppose you are running <SPAN
815 a machine which has the address 192.168.0.1 on your local private network
816 (192.168.0.0) and has another outside connection with a different address.
817 You want it to serve requests from inside only:</P
822 CLASS="LITERALLAYOUT"
825 >listen-address 192.168.0.1:8118</I
827 </P
832 > If you want it to listen on all addresses (including the outside
838 CLASS="LITERALLAYOUT"
841 >listen-address :8118</I
843 </P
848 > If you do this, consider using ACLs (see <SPAN
852 you will need to point your browser(s) to the address and port that you have
853 configured here. Default: localhost:8118 (127.0.0.1:8118).</P
855 > The debug option sets the level of debugging information to log in the
856 logfile (and to the console in the Windows version). A debug level of 1 is
857 informative because it will show you each request as it happens. Higher
858 levels of debug are probably only of interest to developers.</P
863 CLASS="LITERALLAYOUT"
864 > debug 1 # GPC = show each GET/POST/CONNECT request<br>
865 debug 2 # CONN = show each connection status<br>
866 debug 4 # IO = show I/O status<br>
867 debug 8 # HDR = show header parsing<br>
868 debug 16 # LOG = log all data into the logfile<br>
869 debug 32 # FRC = debug force feature<br>
870 debug 64 # REF = debug regular expression filter <br>
871 debug 128 # = debug fast redirects<br>
872 debug 256 # = debug GIF de-animation<br>
873 debug 512 # CLF = Common Log Format<br>
874 debug 1024 # = debug kill pop-ups<br>
875 debug 4096 # INFO = Startup banner and warnings.<br>
876 debug 8192 # ERROR = Non-fatal errors<br>
877 </P
884 >highly recommended</I
885 > that you enable ERROR
886 reporting (debug 8192), at least until v3.0 is released.</P
888 > The reporting of FATAL errors (i.e. ones which crash
892 >) is always on and cannot be disabled.</P
894 > If you want to use CLF (Common Log Format), you should set <SPAN
898 > ONLY, do not enable anything else.</P
903 > directives, are OK - they're logical-OR'd
909 CLASS="LITERALLAYOUT"
912 >debug 15 # same as setting the first 4 listed above</I
914 </P
924 CLASS="LITERALLAYOUT"
931 >debug 4096 # Info</I
935 >debug 8192 # Errors - *we highly recommended enabling this*</I
937 </P
948 >"multi-threading"</SPAN
949 >, a software technique that permits it to
950 handle many different requests simultaneously. In some cases you may wish to
951 disable this -- particularly if you're trying to debug a problem. The
954 >"single-threaded"</SPAN
959 > to handle requests sequentially.
960 Default: Multi-threaded mode.</P
965 CLASS="LITERALLAYOUT"
970 </P
978 > allows you to temporarily disable all
982 > filtering. Just set <SPAN
988 > The Windows version of <SPAN
992 the system tray, which also allows you to change this option. If you
993 right-click on that icon (or select the <SPAN
1000 >. Clicking on enable toggles
1004 > on and off. This is useful if you want
1005 to temporarily disable <SPAN
1009 a site that requires cookies which you would otherwise have blocked. This can also
1010 be toggled via a web browser at the <SPAN
1014 internal address of <A
1035 > becomes a non-anonymizing non-blocking
1036 proxy. Default: 1 (on). </P
1041 CLASS="LITERALLAYOUT"
1046 </P
1051 > For content filtering, i.e. the <SPAN
1057 >"+deanimate-gif"</SPAN
1058 > actions, it is necessary that
1062 > buffers the entire document body.
1063 This can be potentially dangerous, since a server could just keep sending
1064 data indefinitely and wait for your RAM to exhaust. With nasty consequences.</P
1069 > option lets you set the maximum
1070 size in Kbytes that each buffer may use. When the documents buffer exceeds
1071 this size, it is flushed to the client unfiltered and no further attempt to
1072 filter the rest of it is made. Remember that there may multiple threads
1073 running, which might require increasing the <SPAN
1075 >"buffer-limit"</SPAN
1080 >, unless you have enabled
1083 >"single-threaded"</SPAN
1089 CLASS="LITERALLAYOUT"
1092 >buffer-limit 4069</I
1094 </P
1099 > To enable the web-based <TT
1105 >enable-edit-actions</SPAN
1106 > to 1, or 0 to disable. Note
1107 that you must have compiled <SPAN
1111 support for this feature, otherwise this option has no effect. This
1112 internal page can be reached at <A
1119 > Security note: If this is enabled, anyone who can use the proxy
1120 can edit the actions file, and their changes will affect all users.
1121 For shared proxies, you probably want to disable this. Default: enabled.</P
1126 CLASS="LITERALLAYOUT"
1129 >enable-edit-actions 1</I
1131 </P
1139 > to be toggled on and off
1140 remotely, using your web browser. Set <SPAN
1142 >"enable-remote-toggle"</SPAN
1144 1 to enable, and 0 to disable. Note that you must have compiled
1148 > with support for this feature,
1149 otherwise this option has no effect.</P
1151 > Security note: If this is enabled, anyone who can use the proxy can toggle
1152 it on or off (see <A
1157 their changes will affect all users. For shared proxies, you probably want to
1158 disable this. Default: enabled.</P
1163 CLASS="LITERALLAYOUT"
1166 >enable-remote-toggle 1</I
1168 </P
1179 >5.3.3. Access Control List (ACL)</A
1182 > Access controls are included at the request of some ISPs and systems
1183 administrators, and are not usually needed by individual users. Please note
1184 the warnings in the FAQ that this proxy is not intended to be a substitute
1185 for a firewall or to encourage anyone to defer addressing basic security
1188 > If no access settings are specified, the proxy talks to anyone that
1189 connects. If any access settings file are specified, then the proxy
1190 talks only to IP addresses permitted somewhere in this file and not
1191 denied later in this file.</P
1193 > Summary -- if using an ACL:</P
1201 > Client must have permission to receive service.
1215 > LAST match in ACL wins.
1229 > Default behavior is to deny service.
1237 > The syntax for an entry in the Access Control List is:</P
1242 CLASS="LITERALLAYOUT"
1243 > ACTION SRC_ADDR[/SRC_MASKLEN] [ DST_ADDR[/DST_MASKLEN] ]<br>
1244 </P
1249 > Where the individual fields are:</P
1254 CLASS="LITERALLAYOUT"
1258 > = <SPAN
1260 >"permit-access"</SPAN
1261 > or <SPAN
1263 >"deny-access"</SPAN
1269 > = client hostname or dotted IP address<br>
1273 > = number of bits in the subnet mask for the source<br>
1278 > = server or forwarder hostname or dotted IP address<br>
1282 > = number of bits in the subnet mask for the target<br>
1283 </P
1289 The field separator (FS) is whitespace (space or tab).</P
1291 > IMPORTANT NOTE: If <SPAN
1295 forwarder (see below) or a gateway for a particular destination URL, the
1299 > that is examined is the address of the forwarder
1300 or the gateway and <I
1303 > the address of the ultimate
1304 target. This is necessary because it may be impossible for the local
1308 > to determine the address of the
1309 ultimate target (that's often what gateways are used for).</P
1311 > Here are a few examples to show how the ACL features work:</P
1316 > is OK -- no DST_ADDR implies that
1320 > destination addresses are OK:</P
1325 CLASS="LITERALLAYOUT"
1328 >permit-access localhost</I
1330 </P
1335 > A silly example to illustrate permitting any host on the class-C subnet with
1339 > to go anywhere:</P
1344 CLASS="LITERALLAYOUT"
1347 >permit-access www.privoxy.com/24</I
1349 </P
1354 > Except deny one particular IP address from using it at all:</P
1359 CLASS="LITERALLAYOUT"
1362 >deny-access ident.privoxy.com</I
1364 </P
1369 > You can also specify an explicit network address and subnet mask.
1370 Explicit addresses do not have to be resolved to be used.</P
1375 CLASS="LITERALLAYOUT"
1378 >permit-access 207.153.200.0/24</I
1380 </P
1385 > A subnet mask of 0 matches anything, so the next line permits everyone.</P
1390 CLASS="LITERALLAYOUT"
1393 >permit-access 0.0.0.0/0</I
1395 </P
1408 CLASS="LITERALLAYOUT"
1411 >permit-access .org</I
1413 </P
1418 > to allow all *.org domains. Every IP address listed must resolve fully.</P
1420 > An ISP may want to provide a <SPAN
1427 > and yet restrict use of some of their
1428 private content to hosts on its internal network (i.e. its own subscribers).
1429 Say, for instance the ISP owns the Class-B IP address block 123.124.0.0 (a 16
1430 bit netmask). This is how they could do it:</P
1435 CLASS="LITERALLAYOUT"
1438 >permit-access 0.0.0.0/0 0.0.0.0/0</I
1439 > # other clients can go anywhere <br>
1440 # with the following exceptions:<br>
1445 > 0.0.0.0/0 123.124.0.0/16 # block all external requests for<br>
1446 # sites on the ISP's network<br>
1450 >permit 0.0.0.0/0 www.my_isp.com</I
1451 > # except for the ISP's main <br>
1452 # web site<br>
1456 >permit 123.124.0.0/16 0.0.0.0/0</I
1457 > # the ISP's clients can go <br>
1458 # anywhere<br>
1459 </P
1464 > Note that if some hostnames are listed with multiple IP addresses,
1465 the primary value returned by DNS (via gethostbyname()) is used. Default:
1466 Anyone can access the proxy.</P
1474 >5.3.4. Forwarding</A
1477 > This feature allows chaining of HTTP requests via multiple proxies.
1478 It can be used to better protect privacy and confidentiality when
1479 accessing specific domains by routing requests to those domains
1480 to a special purpose filtering proxy such as lpwa.com. Or to use
1481 a caching proxy to speed up browsing.</P
1483 > It can also be used in an environment with multiple networks to route
1484 requests via multiple gateways allowing transparent access to multiple
1485 networks without having to modify browser configurations.</P
1487 > Also specified here are SOCKS proxies. <SPAN
1491 SOCKS 4 and SOCKS 4A. The difference is that SOCKS 4A will resolve the target
1492 hostname using DNS on the SOCKS server, not our local DNS client.</P
1494 > The syntax of each line is:</P
1499 CLASS="LITERALLAYOUT"
1502 >forward target_domain[:port] http_proxy_host[:port]</I
1506 >forward-socks4 target_domain[:port] socks_proxy_host[:port] http_proxy_host[:port]</I
1510 >forward-socks4a target_domain[:port] socks_proxy_host[:port] http_proxy_host[:port]</I
1512 </P
1517 > If http_proxy_host is <SPAN
1520 >, then requests are not forwarded to a
1521 HTTP proxy but are made directly to the web servers.</P
1523 > Lines are checked in sequence, and the last match wins.</P
1525 > There is an implicit line equivalent to the following, which specifies that
1526 anything not finding a match on the list is to go out without forwarding
1527 or gateway protocol, like so:</P
1532 CLASS="LITERALLAYOUT"
1536 ># implicit<br>
1537 </P
1542 > In the following common configuration, everything goes to Lucent's LPWA,
1543 except SSL on port 443 (which it doesn't handle):</P
1548 CLASS="LITERALLAYOUT"
1551 >forward .* lpwa.com:8000</I
1557 </P
1563 Some users have reported difficulties related to LPWA's use of
1567 > as the last element of the domain, and have said that this
1568 can be fixed with this:</P
1573 CLASS="LITERALLAYOUT"
1576 >forward lpwa. lpwa.com:8000</I
1578 </P
1583 > (NOTE: the syntax for specifying target_domain has changed since the
1584 previous paragraph was written -- it will not work now. More information
1587 > In this fictitious example, everything goes via an ISP's caching proxy,
1588 except requests to that ISP:</P
1593 CLASS="LITERALLAYOUT"
1596 >forward .* caching.myisp.net:8000</I
1600 >forward myisp.net .</I
1602 </P
1607 > For the @home network, we're told the forwarding configuration is this:</P
1612 CLASS="LITERALLAYOUT"
1615 >forward .* proxy:8080</I
1617 </P
1622 > Also, we're told they insist on getting cookies and JavaScript, so you should
1623 allow cookies from home.com. We consider JavaScript a potential security risk.
1624 Java need not be enabled.</P
1626 > In this example direct connections are made to all <SPAN
1630 domains, but everything else goes through Lucent's LPWA by way of the
1631 company's SOCKS gateway to the Internet.</P
1636 CLASS="LITERALLAYOUT"
1639 >forward-socks4 .* lpwa.com:8000 firewall.my_company.com:1080</I
1643 >forward my_company.com .</I
1645 </P
1650 > This is how you could set up a site that always uses SOCKS but no forwarders:</P
1655 CLASS="LITERALLAYOUT"
1658 >forward-socks4a .* . firewall.my_company.com:1080</I
1660 </P
1665 > An advanced example for network administrators:</P
1667 > If you have links to multiple ISPs that provide various special content to
1668 their subscribers, you can configure forwarding to pass requests to the
1669 specific host that's connected to that ISP so that everybody can see all
1670 of the content on all of the ISPs.</P
1672 > This is a bit tricky, but here's an example:</P
1674 > host-a has a PPP connection to isp-a.com. And host-b has a PPP connection to
1675 isp-b.com. host-a can run a <SPAN
1679 forwarding like this: </P
1684 CLASS="LITERALLAYOUT"
1691 >forward isp-b.com host-b:8118</I
1693 </P
1698 > host-b can run a <SPAN
1701 > proxy with forwarding
1707 CLASS="LITERALLAYOUT"
1714 >forward isp-a.com host-a:8118</I
1716 </P
1724 > on the Internet (including users on host-a
1725 and host-b) can set their browser's proxy to <I
1729 host-a or host-b and be able to browse the content on isp-a or isp-b.</P
1731 > Here's another practical example, for University of Kent at
1732 Canterbury students with a network connection in their room, who
1733 need to use the University's Squid web cache.</P
1738 CLASS="LITERALLAYOUT"
1741 >forward *. ssbcache.ukc.ac.uk:3128</I
1742 > # Use the proxy, except for:<br>
1745 >forward .ukc.ac.uk . </I
1746 > # Anything on the same domain as us<br>
1750 > # Host with no domain specified<br>
1753 >forward 129.12.*.* . </I
1754 > # A dotted IP on our /16 network.<br>
1757 >forward 127.*.*.* . </I
1758 > # Loopback address<br>
1761 >forward localhost.localdomain . </I
1762 > # Loopback address<br>
1765 >forward www.ukc.mirror.ac.uk . </I
1766 > # Specific host<br>
1767 </P
1772 > If you intend to chain <SPAN
1779 > locally, then chain as
1782 >browser -> squid -> privoxy</TT
1783 > is the recommended way. </P
1785 >Your squid configuration could then look like this (assuming that the IP
1786 address of the box is <TT
1794 CLASS="LITERALLAYOUT"
1795 > # Define Privoxy as parent cache <br>
1797 cache_peer 192.168.0.1 parent 8118 0 no-query<br>
1799 # don't listen to the whole world<br>
1800 http_port 192.168.0.1:3128<br>
1802 # define the local lan<br>
1803 acl mylocallan src 192.168.0.1-192.168.0.5/255.255.255.255<br>
1805 # grant access for http to local lan<br>
1806 http_access allow mylocallan<br>
1808 # Define ACL for protocol FTP <br>
1809 acl FTP proto FTP <br>
1811 # Do not forward ACL FTP to privoxy<br>
1812 always_direct allow FTP <br>
1814 # Do not forward ACL CONNECT (https) to privoxy<br>
1815 always_direct allow CONNECT <br>
1817 # Forward the rest to privoxy<br>
1818 never_direct allow all <br>
1819 </P
1830 >5.3.5. Windows GUI Options</A
1836 > has a number of options specific to the
1837 Windows GUI interface:</P
1841 >"activity-animation"</SPAN
1846 > icon will animate when
1850 > is active. To turn off, set to 0.</P
1855 CLASS="LITERALLAYOUT"
1858 >activity-animation 1</I
1860 </P
1867 >"log-messages"</SPAN
1872 > will log messages to the console
1878 CLASS="LITERALLAYOUT"
1883 </P
1891 >"log-buffer-size"</SPAN
1892 > is set to 1, the size of the log buffer,
1893 i.e. the amount of memory used for the log messages displayed in the
1894 console window, will be limited to <SPAN
1896 >"log-max-lines"</SPAN
1899 > Warning: Setting this to 0 will result in the buffer to grow infinitely and
1900 eat up all your memory!</P
1905 CLASS="LITERALLAYOUT"
1908 >log-buffer-size 1</I
1910 </P
1917 >log-max-lines</SPAN
1918 > is the maximum number of lines held
1919 in the log buffer. See above.</P
1924 CLASS="LITERALLAYOUT"
1927 >log-max-lines 200</I
1929 </P
1936 >"log-highlight-messages"</SPAN
1941 > will highlight portions of the log
1942 messages with a bold-faced font:</P
1947 CLASS="LITERALLAYOUT"
1950 >log-highlight-messages 1</I
1952 </P
1957 > The font used in the console window:</P
1962 CLASS="LITERALLAYOUT"
1965 >log-font-name Comic Sans MS</I
1967 </P
1972 > Font size used in the console window:</P
1977 CLASS="LITERALLAYOUT"
1982 </P
1990 >"show-on-task-bar"</SPAN
1991 > controls whether or not
1995 > will appear as a button on the Task bar
2001 CLASS="LITERALLAYOUT"
2004 >show-on-task-bar 0</I
2006 </P
2013 >"close-button-minimizes"</SPAN
2014 > is set to 1, the Windows close
2015 button will minimize <SPAN
2018 > instead of closing
2019 the program (close with the exit option on the File menu).</P
2024 CLASS="LITERALLAYOUT"
2027 >close-button-minimizes 1</I
2029 </P
2036 >"hide-console"</SPAN
2037 > option is specific to the MS-Win console
2041 >. If this option is used,
2045 > will disconnect from and hide the
2051 CLASS="LITERALLAYOUT"
2052 > #hide-console<br>
2053 </P
2065 >5.4. The Actions File</A
2070 >"default.action"</SPAN
2079 to define what actions <SPAN
2083 determines how ad images, cookies and various other aspects of HTTP content
2084 and transactions are handled. These can be accepted or rejected for all
2085 sites, or just those sites you choose. See below for a complete list of
2089 Anything you want can blocked, including ads, banners, or just some obnoxious
2090 URL that you would rather not see. Cookies can be accepted or rejected, or
2091 accepted only during the current browser session (i.e. not written to disk).
2095 > should be immediately visible
2099 > without the need to restart.</P
2101 > Note that some sites may misbehave, or possibly not work at all with some
2102 actions. This may require some tinkering with the rules to get the most
2106 > features, and still be
2107 able to see and enjoy just what you want to. There is no general rule of
2108 thumb on these things. There just are too many variables, and sites are
2109 always changing. </P
2111 > The easiest way to edit the <SPAN
2114 > file is with a browser by
2122 >"Edit Actions List"</SPAN
2123 >. A text editor can also be used.</P
2125 > To determine which actions apply to a request, the URL of the request is
2126 compared to all patterns in this file. Every time it matches, the list of
2127 applicable actions for the URL is incrementally updated. You can trace
2128 this process by visiting <A
2129 HREF="http://p.p/show-url-info"
2131 >http://p.p/show-url-info</A
2134 > There are four types of lines in this file: comments (begin with a
2138 > character), actions, aliases and patterns, all of which are
2139 explained below, as well as the configuration file syntax that
2143 > understands. </P
2150 >5.4.1. URL Domain and Path Syntax</A
2153 > Generally, a pattern has the form <domain>/<path>, where both the
2154 <domain> and <path> part are optional. If you only specify a
2155 domain part, the <SPAN
2158 > can be left out:</P
2163 > - is a domain only pattern and will match any request to
2166 >"www.example.com"</SPAN
2171 >www.example.com/</I
2172 > - means exactly the same.</P
2176 >www.example.com/index.html</I
2177 > - matches only the single
2180 >"/index.html"</SPAN
2183 >"www.example.com"</SPAN
2189 > - matches the document <SPAN
2191 >"/index.html"</SPAN
2193 regardless of the domain. So would match any page named <SPAN
2202 > - matches nothing, since it would be
2203 interpreted as a domain name and there is no top-level domain called
2209 > The matching of the domain part offers some flexible options: if the
2210 domain starts or ends with a dot, it becomes unanchored at that end.
2216 > - matches any domain or sub-domain that
2222 >".example.com"</SPAN
2228 > - matches any domain that <I
2237 > Additionally, there are wild-cards that you can use in the domain names
2238 themselves. They work pretty similar to shell wild-cards: <SPAN
2242 stands for zero or more arbitrary characters, <SPAN
2246 any single character. And you can define character classes in square
2247 brackets and they can be freely mixed:</P
2254 >"adserver.example.com"</SPAN
2258 >"ads.example.com"</SPAN
2259 >, etc but not <SPAN
2261 >"sfads.example.com"</SPAN
2266 >*ad*.example.com</I
2267 > - matches all of the above, and then some.</P
2274 >"www.ipix.com"</SPAN
2278 >"pictures.epix.com"</SPAN
2281 >"a.b.c.d.e.upix.com"</SPAN
2286 >www[1-9a-ez].example.com</I
2289 >"www1.example.com"</SPAN
2293 >"www4.example.com"</SPAN
2296 >"wwwd.example.com"</SPAN
2300 >"wwwz.example.com"</SPAN
2307 >"wwww.example.com"</SPAN
2317 > support (the default), Perl compatible regular expressions
2318 can be used. These are more flexible and powerful than other types
2321 >"regular expressions"</SPAN
2325 > directory or <SPAN
2329 > (also available on <A
2330 HREF="http://www.perldoc.com/perl5.6/pod/perlre.html"
2332 >http://www.perldoc.com/perl5.6/pod/perlre.html</A
2334 for details. A brief discussion of regular expressions is in the
2336 HREF="appendix.html#REGEX"
2342 >/.*/advert[0-9]+\.jpe?g</I
2343 > - would match a URL from any
2344 domain, with any path that includes <SPAN
2348 immediately by one or more digits, then a <SPAN
2361 >"example.com/ads/advert2.jpg"</SPAN
2365 >"www.example.com/ads/banners/advert39.jpeg"</SPAN
2369 >"www.example.com/ads/banners/advert39.gif"</SPAN
2371 example pattern).</P
2373 > Please note that matching in the path is case
2377 > by default, but you can switch to case
2378 sensitive at any point in the pattern by using the
2386 >www.example.com/(?-i)PaTtErN.*</I
2388 documents whose path starts with <SPAN
2395 > this capitalization.</P
2406 > Actions are enabled if preceded with a <SPAN
2410 preceded with a <SPAN
2413 >. Actions are invoked by enclosing the
2414 action name in curly braces (e.g. {+some_action}), followed by a list of
2415 URLs to which the action applies. There are three classes of actions:</P
2432 CLASS="LITERALLAYOUT"
2436 > # enable this action<br>
2440 > # disable this action<br>
2441 </P
2450 parameterized (e.g. <SPAN
2452 >"+/-hide-user-agent"</SPAN
2459 CLASS="LITERALLAYOUT"
2463 > # enable action and set parameter to <SPAN
2470 > # disable action<br>
2471 </P
2480 Multi-value (e.g. <SPAN
2482 >"{+/-add-header{Name: value}}"</SPAN
2485 >"{+/-wafer{name=value}}"</SPAN
2492 CLASS="LITERALLAYOUT"
2496 > # enable action and add parameter <SPAN
2503 > # remove the parameter <SPAN
2510 > # disable this action totally<br>
2511 </P
2520 > If nothing is specified in this file, no <SPAN
2524 So in this case <SPAN
2528 normal, non-blocking, non-anonymizing proxy. You must specifically
2529 enable the privacy and blocking features you need (although the
2530 provided default <TT
2534 give a good starting point).</P
2536 > Later defined actions always over-ride earlier ones. So exceptions
2537 to any rules you make, should come in the latter part of the file. For
2538 multi-valued actions, the actions are applied in the order they are
2541 > The list of valid <SPAN
2555 Add the specified HTTP header, which is not checked for validity.
2556 You may specify this many times to specify many different headers:
2562 CLASS="LITERALLAYOUT"
2565 >+add-header{Name: value}</I
2567 </P
2576 Block this URL totally. In a default installation, a <SPAN
2580 URL will result in bright red banner that says <SPAN
2584 with a reason why it is being blocked, and an option to see it anyway.
2585 The page displayed for this is the <SPAN
2595 CLASS="LITERALLAYOUT"
2600 </P
2609 De-animate all animated GIF images, i.e. reduce them to their last frame.
2610 This will also shrink the images considerably (in bytes, not pixels!). If
2614 > is given, the first frame of the animation
2615 is used as the replacement. If <SPAN
2618 > is given, the last frame
2619 of the animation is used instead, which probably makes more sense for most
2620 banner animations, but also has the risk of not showing the entire last
2621 frame (if it is only a delta to an earlier frame).
2627 CLASS="LITERALLAYOUT"
2630 >+deanimate-gifs{last}</I
2634 >+deanimate-gifs{first}</I
2636 </P
2647 > will downgrade HTTP/1.1 client requests to
2648 HTTP/1.0 and downgrade the responses as well. Use this action for servers
2649 that use HTTP/1.1 protocol features that
2653 > doesn't handle well yet. HTTP/1.1
2654 is only partially implemented. Default is not to downgrade requests.
2660 CLASS="LITERALLAYOUT"
2665 </P
2674 Many sites, like yahoo.com, don't just link to other sites. Instead, they
2675 will link to some script on their own server, giving the destination as a
2676 parameter, which will then redirect you to the final target. URLs resulting
2677 from this scheme typically look like:
2680 >http://some.place/some_script?http://some.where-else</I
2684 > Sometimes, there are even multiple consecutive redirects encoded in the
2685 URL. These redirections via scripts make your web browsing more traceable,
2686 since the server from which you follow such a link can see where you go to.
2687 Apart from that, valuable bandwidth and time is wasted, while your browser
2688 ask the server for one redirect after the other. Plus, it feeds the
2694 >"+fast-redirects"</SPAN
2695 > option enables interception of these
2696 types of requests by <SPAN
2700 all but the last valid URL in the request and send a local redirect back to
2701 your browser without contacting the intermediate site(s).
2707 CLASS="LITERALLAYOUT"
2712 </P
2721 Apply the filters in the <TT
2728 > file to the site(s).
2732 > sections are grouped according to like
2733 functionality. <SPAN
2737 re-write any of the raw page content. This is a potentially a
2738 very powerful feature!
2744 CLASS="LITERALLAYOUT"
2747 >+filter{section_header}</I
2749 </P
2756 Filter sections that are pre-defined in the supplied
2777 >: Get rid of particularly annoying HTML abuse.
2794 >: Get rid of particularly annoying JavaScript abuse
2811 >: Kill all popups in JS and HTML
2827 >frameset-borders</I
2828 >: Give frames a border
2845 >: Squish WebBugs (1x1 invisible GIFs used for user tracking)
2862 >: Automatic refresh sucks on auto-dialup lines
2879 >: Text replacements for subversive browsing fun!
2896 >: Remove (virus) Nimda code.
2913 >: Kill banners by size
2930 >: Kill all web pages that contain the words "sex" or "warez"
2942 Block any existing X-Forwarded-for header, and do not add a new one:
2948 CLASS="LITERALLAYOUT"
2953 </P
2962 If the browser sends a <SPAN
2965 > header containing your e-mail
2966 address, this either completely removes the header (<SPAN
2970 changes it to the specified e-mail address.
2976 CLASS="LITERALLAYOUT"
2979 >+hide-from{block}</I
2983 >+hide-from{spam@sittingduck.xqq}</I
2985 </P
2994 Don't send the <SPAN
2997 > (sic) header to the web site. You
2998 can block it, forge a URL to the same server as the request (which is
2999 preferred because some sites will not send images otherwise) or set it to a
3000 constant, user defined string of your choice.
3006 CLASS="LITERALLAYOUT"
3009 >+hide-referer{block}</I
3013 >+hide-referer{forge}</I
3017 >+hide-referer{http://nowhere.com}</I
3019 </P
3028 Alternative spelling of <SPAN
3030 >"+hide-referer"</SPAN
3032 parameters, and can be freely mixed with, <SPAN
3034 >"+hide-referer"</SPAN
3039 > is the correct English spelling, however the HTTP
3040 specification has a bug - it requires it to be spelled <SPAN
3049 CLASS="LITERALLAYOUT"
3052 >+hide-referrer{...}</I
3054 </P
3065 >"User-Agent:"</SPAN
3066 > header so web servers can't tell your
3067 browser type. Warning! This breaks many web sites. Specify the
3068 user-agent value you want. Example, pretend to be using Netscape on
3075 CLASS="LITERALLAYOUT"
3078 >+hide-user-agent{Mozilla (X11; I; Linux 2.0.32 i586)}</I
3080 </P
3089 Treat this URL as an image. This only matters if it's also <SPAN
3093 in which case a <SPAN
3096 > image can be sent rather than a HTML page.
3099 >"+image-blocker{}"</SPAN
3100 > below for the control over what is actually sent.
3104 > ads, they should be defined as
3114 >"image-blocker"</SPAN
3115 > should be set to <SPAN
3119 cannot treat HTML pages as images in most cases. For instance, frames
3120 require an HTML page to display. So a frame that is an ad, cannot be
3121 treated as an image. Forcing an <SPAN
3125 situation just will not work.
3131 CLASS="LITERALLAYOUT"
3136 </P
3144 > Decides what to do with URLs that end up tagged with <SPAN
3148 >, e.g an advertizement. There are five options.
3151 >"-image-blocker"</SPAN
3152 > will send a HTML <SPAN
3156 usually resulting in a <SPAN
3158 >"broken image"</SPAN
3162 >"+image-blocker{blank}"</SPAN
3163 > will send a 1x1 transparent GIF
3164 image. And finally, <SPAN
3166 >"+image-blocker{http://xyz.com}"</SPAN
3168 HTTP temporary redirect to the specified image. This has the advantage of the
3169 icon being being cached by the browser, which will speed up the display.
3172 >"+image-blocker{pattern}"</SPAN
3173 > will send a checkboard type pattern
3179 CLASS="LITERALLAYOUT"
3182 >+image-blocker{blank}</I
3186 >+image-blocker{pattern}</I
3190 >+image-blocker{http://p.p/send-banner}</I
3192 </P
3201 By default (i.e. in the absence of a <SPAN
3203 >"+limit-connect"</SPAN
3208 > will only allow CONNECT
3209 requests to port 443, which is the standard port for https as a
3213 > The CONNECT methods exists in HTTP to allow access to secure websites
3214 (https:// URLs) through proxies. It works very simply: the proxy
3215 connects to the server on the specified port, and then short-circuits
3216 its connections to the client <I
3219 > to the remote proxy.
3220 This can be a big security hole, since CONNECT-enabled proxies can
3221 be abused as TCP relays very easily.
3225 If you want to allow CONNECT for more ports than this, or want to forbid
3226 CONNECT altogether, you can specify a comma separated list of ports and
3227 port ranges (the latter using dashes, with the minimum defaulting to 0 and
3234 CLASS="LITERALLAYOUT"
3237 >+limit-connect{443} # This is the default and need no be specified.</I
3241 >+limit-connect{80,443} # Ports 80 and 443 are OK.</I
3245 >+limit-connect{-3, 7, 20-100, 500-} # Port less than 3, 7, 20 to 100</I
3249 > #and above 500 are OK.</I
3251 </P
3261 >"+no-compression"</SPAN
3262 > prevents the website from compressing the
3263 data. Some websites do this, which can be a problem for
3276 >"+gif-deanimate"</SPAN
3278 compressed data. This will slow down connections to those websites,
3279 though. Default is <SPAN
3281 >"no-compression"</SPAN
3288 CLASS="LITERALLAYOUT"
3293 </P
3302 If the website sets cookies, <SPAN
3304 >"no-cookies-keep"</SPAN
3306 they are erased when you exit and restart your web browser. This makes
3307 profiling cookies useless, but won't break sites which require cookies so
3308 that you can log in for transactions. Default: on.
3314 CLASS="LITERALLAYOUT"
3317 >+no-cookies-keep</I
3319 </P
3328 Prevent the website from reading cookies:
3334 CLASS="LITERALLAYOUT"
3337 >+no-cookies-read</I
3339 </P
3348 Prevent the website from setting cookies:
3354 CLASS="LITERALLAYOUT"
3359 </P
3368 Filter the website through a built-in filter to disable those obnoxious
3369 JavaScript pop-up windows via window.open(), etc. The two alternative
3370 spellings are equivalent.
3376 CLASS="LITERALLAYOUT"
3385 </P
3394 This action only applies if you are using a <TT
3398 for saving cookies. It sends a cookie to every site stating that you do not
3399 accept any copyright on cookies sent to you, and asking them not to track
3400 you. Of course, this is a (relatively) unique header they could use to
3407 CLASS="LITERALLAYOUT"
3412 </P
3421 This allows you to add an arbitrary cookie. It can be specified multiple
3422 times in order to add as many cookies as you like.
3428 CLASS="LITERALLAYOUT"
3431 >+wafer{name=value}</I
3433 </P
3442 > The meaning of any of the above is reversed by preceding the action with a
3446 >, in place of the <SPAN
3453 > Turn off cookies by default, then allow a few through for specified sites:</P
3458 CLASS="LITERALLAYOUT"
3459 > # Turn off all persistent cookies<br>
3460 { +no-cookies-read }<br>
3461 { +no-cookies-set }<br>
3462 # Allow cookies for this browser session ONLY<br>
3463 { +no-cookies-keep }<br>
3465 # Exceptions to the above, sites that benefit from persistent cookies<br>
3466 { -no-cookies-read }<br>
3467 { -no-cookies-set }<br>
3468 { -no-cookies-keep }<br>
3469 .javasoft.com<br>
3471 .yahoo.com<br>
3472 .msdn.microsoft.com<br>
3473 .redhat.com<br>
3475 # Alternative way of saying the same thing<br>
3476 {-no-cookies-set -no-cookies-read -no-cookies-keep}<br>
3477 .sourceforge.net<br>
3479 </P
3484 > Now turn off <SPAN
3486 >"fast redirects"</SPAN
3487 >, and then we allow two exceptions:</P
3492 CLASS="LITERALLAYOUT"
3493 > # Turn them off!<br>
3494 {+fast-redirects}<br>
3496 # Reverse it for these two sites, which don't work right without it.<br>
3497 {-fast-redirects}<br>
3498 www.ukc.ac.uk/cgi-bin/wac\.cgi\?<br>
3499 login.yahoo.com<br>
3500 </P
3505 > Turn on page filtering according to rules in the defined sections
3509 >, and make one exception for
3516 CLASS="LITERALLAYOUT"
3517 > # Run everything through the filter file, using only the<br>
3518 # specified sections:<br>
3519 +filter{html-annoyances} +filter{js-annoyances} +filter{no-popups}\<br>
3520 +filter{webbugs} +filter{nimda} +filter{banners-by-size}<br>
3521 <br>
3522 # Then disable filtering of code from sourceforge!<br>
3524 .cvs.sourceforge.net<br>
3525 </P
3530 > Now some URLs that we want <SPAN
3533 > (normally generates
3537 > banner). Many of these use regular expressions
3538 that will expand to match multiple URLs:</P
3543 CLASS="LITERALLAYOUT"
3544 > # Blocklist:<br>
3545 {+block}<br>
3546 /.*/(.*[-_.])?ads?[0-9]?(/|[-_.].*|\.(gif|jpe?g))<br>
3547 /.*/(.*[-_.])?count(er)?(\.cgi|\.dll|\.exe|[?/])<br>
3548 /.*/(ng)?adclient\.cgi<br>
3549 /.*/(plain|live|rotate)[-_.]?ads?/<br>
3550 /.*/(sponsor)s?[0-9]?/<br>
3551 /.*/_?(plain|live)?ads?(-banners)?/<br>
3552 /.*/abanners/<br>
3553 /.*/ad(sdna_image|gifs?)/<br>
3554 /.*/ad(server|stream|juggler)\.(cgi|pl|dll|exe)<br>
3555 /.*/adbanners/<br>
3556 /.*/adserver<br>
3557 /.*/adstream\.cgi<br>
3558 /.*/adv((er)?ts?|ertis(ing|ements?))?/<br>
3559 /.*/banner_?ads/<br>
3560 /.*/banners?/<br>
3561 /.*/banners?\.cgi/<br>
3562 /.*/cgi-bin/centralad/getimage<br>
3563 /.*/images/addver\.gif<br>
3564 /.*/images/marketing/.*\.(gif|jpe?g)<br>
3565 /.*/popupads/<br>
3566 /.*/siteads/<br>
3567 /.*/sponsor.*\.gif<br>
3568 /.*/sponsors?[0-9]?/<br>
3569 /.*/advert[0-9]+\.jpg<br>
3570 /Media/Images/Adds/<br>
3571 /ad_images/<br>
3572 /adimages/<br>
3573 /.*/ads/<br>
3574 /bannerfarm/<br>
3575 /grafikk/annonse/<br>
3576 /graphics/defaultAd/<br>
3577 /image\.ng/AdType<br>
3578 /image\.ng/transactionID<br>
3579 /images/.*/.*_anim\.gif # alvin brattli<br>
3580 /ip_img/.*\.(gif|jpe?g)<br>
3581 /rotateads/<br>
3582 /rotations/ <br>
3583 /worldnet/ad\.cgi<br>
3584 /cgi-bin/nph-adclick.exe/<br>
3585 /.*/Image/BannerAdvertising/<br>
3586 /.*/ad-bin/<br>
3587 /.*/adlib/server\.cgi<br>
3588 /autoads/<br>
3589 </P
3594 > Note that many of these actions have the potential to cause a page to
3595 misbehave, possibly even not to display at all. There are many ways
3596 a site designer may choose to design his site, and what HTTP header
3597 content he may depend on. There is no way to have hard and fast rules
3598 for all sites. See the <A
3599 HREF="appendix.html#ACTIONSANAT"
3602 for a brief example on troubleshooting actions.</P
3623 >, can be defined by combining other <SPAN
3627 These can in turn be invoked just like the built-in <SPAN
3631 Currently, an alias can contain any character except space, tab, <SPAN
3641 >. But please use only <SPAN
3661 >. Alias names are not case sensitive, and
3664 >must be defined before anything</I
3669 >file! And there can only be one set of
3675 > Now let's define a few aliases:</P
3680 CLASS="LITERALLAYOUT"
3681 > # Useful custom aliases we can use later. These must come first!<br>
3683 +no-cookies = +no-cookies-set +no-cookies-read<br>
3684 -no-cookies = -no-cookies-set -no-cookies-read<br>
3685 fragile = -block -no-cookies -filter -fast-redirects -hide-referer -no-popups<br>
3686 shop = -no-cookies -filter -fast-redirects<br>
3687 +imageblock = +block +image<br>
3689 #For people who don't like to type too much: ;-)<br>
3690 c0 = +no-cookies<br>
3691 c1 = -no-cookies<br>
3692 c2 = -no-cookies-set +no-cookies-read<br>
3693 c3 = +no-cookies-set -no-cookies-read<br>
3694 #... etc. Customize to your heart's content.<br>
3695 </P
3700 > Some examples using our <SPAN
3707 aliases from above:</P
3712 CLASS="LITERALLAYOUT"
3713 > # These sites are very complex and require<br>
3714 # minimal interference.<br>
3716 .office.microsoft.com<br>
3717 .windowsupdate.microsoft.com<br>
3718 .nytimes.com<br>
3720 # Shopping sites - still want to block ads.<br>
3722 .quietpc.com<br>
3723 .worldpay.com # for quietpc.com<br>
3724 .jungle.com<br>
3725 .scan.co.uk<br>
3727 # These shops require pop-ups<br>
3728 {shop -no-popups}<br>
3730 .overclockers.co.uk<br>
3731 </P
3742 > aliases are often used for
3746 > sites that require most actions to be disabled
3747 in order to function properly. </P
3756 >5.5. The Filter File</A
3759 > Any web page can be dynamically modified with the filter file. This
3760 modification can be removal, or re-writing, of any web page content,
3761 including tags and non-visible content. The default filter file is
3765 >, located in the config directory. </P
3767 > This is potentially a very powerful feature, and requires knowledge of both
3770 >"regular expression"</SPAN
3771 > and HTML in order create custom
3772 filters. But, there are a number of useful filters included with
3776 > for many common situations.</P
3778 > The included example file is divided into sections. Each section begins
3782 > keyword, followed by the identifier
3783 for that section, e.g. <SPAN
3785 >"FILTER: webbugs"</SPAN
3786 >. Each section performs
3787 a similar type of filtering, such as <SPAN
3789 >"html-annoyances"</SPAN
3792 > This file uses regular expressions to alter or remove any string in the
3793 target page. The expressions can only operate on one line at a time. Some
3794 examples from the included default <TT
3799 > Stop web pages from displaying annoying messages in the status bar by
3800 deleting such references:</P
3805 CLASS="LITERALLAYOUT"
3806 > FILTER: html-annoyances<br>
3808 # New browser windows should be resizeable and have a location and status<br>
3809 # bar. Make it so.<br>
3811 s/resizable="?(no|0)"?/resizable=1/ig s/noresize/yesresize/ig<br>
3812 s/location="?(no|0)"?/location=1/ig s/status="?(no|0)"?/status=1/ig<br>
3813 s/scrolling="?(no|0|Auto)"?/scrolling=1/ig<br>
3814 s/menubar="?(no|0)"?/menubar=1/ig <br>
3816 # The <BLINK> tag was a crime!<br>
3818 s*<blink>|</blink>**ig<br>
3820 # Is this evil? <br>
3822 #s/framespacing="?(no|0)"?//ig<br>
3823 #s/margin(height|width)=[0-9]*//gi<br>
3824 </P
3829 > Just for kicks, replace any occurrence of <SPAN
3836 >, and have a little fun with topical buzzwords: </P
3841 CLASS="LITERALLAYOUT"
3842 > FILTER: fun<br>
3844 s/microsoft(?!.com)/MicroSuck/ig<br>
3846 # Buzzword Bingo:<br>
3848 s/industry-leading|cutting-edge|award-winning/<font color=red><b>BINGO!</b></font>/ig<br>
3849 </P
3854 > Kill those pesky little web-bugs:</P
3859 CLASS="LITERALLAYOUT"
3860 > # webbugs: Squish WebBugs (1x1 invisible GIFs used for user tracking)<br>
3861 FILTER: webbugs<br>
3863 s/<img\s+[^>]*?(width|height)\s*=\s*['"]?1\D[^>]*?(width|height)\s*=\s*['"]?1(\D[^>]*?)?>/<!-- Squished WebBug -->/sig<br>
3864 </P
3881 > displays one of its internal
3882 pages, such as a 404 Not Found error page, it uses the appropriate template.
3883 On Linux, BSD, and Unix, these are located in
3886 >/etc/privoxy/templates</TT
3887 > by default. These may be
3888 customized, if desired.</P
3893 > banner page with the bright red top
3894 banner, is called just <SPAN
3901 may be customized or replaced with something else if desired. </P
3919 HREF="quickstart.html"
3944 >Quickstart to Using <SPAN
3957 >Contacting the Developers, Bug Reporting and Feature
projects / privoxy.git / blob