[privoxy.git] / privoxy.1

.\" This manpage has been automatically generated by docbook2man 
.\" from a DocBook document.  This tool can be found at:
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
.\" Please send any bug reports, improvements, comments, patches, 
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "PRIVOXY" "1" "12 November 2007" "Privoxy 3.0.7 UNRELEASED" ""
.SH NAME
privoxy \- Privacy Enhancing Proxy
.SH SYNOPSIS

\fBprivoxy\fR [\fB--help\fR ] [\fB--version\fR ] [\fB--no-daemon\fR ] [\fB--pidfile \fIpidfile\fB\fR ] [\fB--user \fIuser[.group]\fB\fR ] [\fB--chroot\fR ] [\fB--pre-chroot-nslookup \fIhostname\fB\fR ] [\fB\fIconfigfile\fB\fR ]

.SH "OPTIONS"
.PP
\fBPrivoxy\fR may be invoked with the following command line
options:
.TP
\fB--help\fR
Print brief usage info and exit.
.TP
\fB--version\fR
Print version info and exit.
.TP
\fB--no-daemon\fR
Don't  become  a daemon, i.e. don't fork and become process group
leader, don't detach from controlling tty, and do all logging there.
.TP
\fB--pidfile \fIpidfile\fB\fR
On startup, write the process ID to \fIpidfile\fR.
Delete the \fIpidfile\fR on exit.
Failure to create or delete the \fIpidfile\fR
is non-fatal. If no \fB--pidfile\fR option is given, no PID file will be used.
.TP
\fB--user \fIuser[.group]\fB\fR
After (optionally) writing the PID file, assume the user ID of
\fIuser\fR and the GID of
\fIgroup\fR, or, if the optional
\fIgroup\fR was not given, the default group of
\fIuser\fR. Exit if the privileges are not
sufficient to do so.
.TP
\fB--chroot\fR
Before changing to the user ID given in the --user option, chroot to
that user's home directory, i.e. make the kernel pretend to the
\fBPrivoxy\fR process that the directory tree starts
there. If set up carefully, this can limit the impact of possible
vulnerabilities in \fBPrivoxy\fR to the files contained in
that hierarchy. 
.TP
\fB--pre-chroot-nslookup \fIhostname\fB\fR
Initialize the resolver library using \fIhostname\fR
before chroot'ing. On some systems this reduces the number of files
that must be copied into the chroot tree.
.PP
If the \fIconfigfile\fR is not specified on  the  command  line,
\fBPrivoxy\fR  will  look for a file named
\fIconfig\fR in the current directory . If no
\fIconfigfile\fR is found, \fBPrivoxy\fR will 
fail to start.
.SH "DESCRIPTION"
.PP
Privoxy is a non-caching
web proxy
with advanced filtering capabilities for enhancing privacy,
modifying web page data, managing HTTP
cookies, 
controlling access, and removing ads, banners, pop-ups and other obnoxious
Internet junk. Privoxy has a flexible configuration and can be
customized to suit individual needs and tastes. Privoxy has application for
both stand-alone systems and multi-user networks.
.PP
Privoxy is based on Internet Junkbuster (tm).
.SH "INSTALLATION AND USAGE"
.PP
Browsers can either be individually configured to use
\fBPrivoxy\fR as a HTTP proxy, or \fBPrivoxy\fR can
be set to act as an intercepting proxy (see \fIconfig\fR).  The default setting is  for
localhost,  on port  8118 (configurable in the main config file).  To set the
HTTP proxy in Netscape and Mozilla, go through:  \fBEdit\fR;
\fBPreferences\fR;  \fBAdvanced\fR;
\fBProxies\fR;  \fBManual Proxy Configuration\fR;
\fBView\fR. 
.PP
For Firefox, go through: \fBTools\fR; 
\fBOptions\fR; \fBGeneral\fR;
\fBConnection Settings\fR;
\fBManual Proxy Configuration\fR. 
.PP
For Internet Explorer, go through: \fBTools\fR; 
\fBInternet Properties\fR; \fBConnections\fR;
\fBLAN Settings\fR. 
.PP
The Secure (SSL) Proxy should also be set to the same values, otherwise
https: URLs will not be proxied. Note: \fBPrivoxy\fR can only
proxy HTTP and HTTPS traffic. Do not try it with FTP or other protocols.
HTTPS presents some limitations, and not all features will work with HTTPS 
connections.
.PP
For other browsers, check the documentation.
.SH "CONFIGURATION"
.PP
\fBPrivoxy\fR can be configured with the various configuration
files. The default configuration files are: \fIconfig\fR,
\fIdefault.filter\fR, and
\fIdefault.action\fR. \fIuser.action\fR should 
be used for locally defined exceptions to the default rules of
\fIdefault.action\fR, and \fIuser.filter\fR for 
locally defined filters. These are well commented.  On Unix
and Unix-like systems, these are located in
\fI/etc/privoxy/\fR by default. 
.PP
\fBPrivoxy\fR uses the concept of \fBactions\fR 
in order to manipulate the data stream between the browser and remote sites.
There are various actions available with specific functions for such things 
as blocking web sites, managing cookies, etc. These actions can be invoked
individually or combined, and used against individual URLs, or groups of URLs 
that can be defined using wildcards and regular expressions. The result is
that the user has greatly enhanced control and freedom.
.PP
The actions list (ad blocks, etc) can also be configured with your
web browser at http://config.privoxy.org/ 
(assuming the configuration allows it).
\fBPrivoxy's\fR configuration parameters  can also  be viewed at
the same page. In addition, \fBPrivoxy\fR can be toggled on/off.
This is an internal page, and does not require Internet access.
.PP
See the \fIUser Manual\fR for a detailed
explanation of installation, general usage, all configuration options, new
features and notes on upgrading.
.SH "SAMPLE CONFIGURATION"
.PP
A brief example of what a simple \fIdefault.action\fR
configuration might look like:

.nf
 # Define a few useful custom aliases for later use
 {{alias}}

 # Useful aliases that combine more than one action
 +crunch-cookies = +crunch-incoming-cookies +crunch-outgoing-cookies
 -crunch-cookies = -crunch-incoming-cookies -crunch-outgoing-cookies
 +block-as-image = +block +handle-as-image

 # Fragile sites should have the minimum changes
 fragile     = -block -deanimate-gifs -fast-redirects -filter \\
               -hide-referer -prevent-cookies -kill-popups

 ## Turn some actions on ################################
 ## NOTE: Actions are off by default, unless explictily turned on 
 ## otherwise with the '+' operator.

{ \\
-add-header \\
-block \\
-client-header-filter{hide-tor-exit-notation} \\
-content-type-overwrite \\
-crunch-client-header \\
-crunch-if-none-match \\
-crunch-outgoing-cookies \\
-crunch-incoming-cookies \\
-crunch-server-header \\
-deanimate-gifs \\
-downgrade-http-version \\
-fast-redirects \\
-filter{js-annoyances} \\
-filter{js-events} \\
-filter{html-annoyances} \\
-filter{content-cookies} \\
-filter{refresh-tags} \\
-filter{unsolicited-popups} \\
-filter{all-popups} \\
-filter{img-reorder} \\
-filter{banners-by-size} \\
-filter{banners-by-link} \\
-filter{webbugs} \\
-filter{tiny-textforms} \\
-filter{jumping-windows} \\
-filter{frameset-borders} \\
-filter{demoronizer} \\
-filter{shockwave-flash} \\
-filter{quicktime-kioskmode} \\
-filter{fun} \\
-filter{crude-parental} \\
-filter{ie-exploits} \\
-filter{site-specifics} \\
-filter{google} \\
-filter{yahoo} \\
-filter{msn} \\
-filter{blogspot} \\
-filter{no-ping} \\
-force-text-mode \\
-handle-as-empty-document \\
-handle-as-image \\
-hide-accept-language \\
-hide-content-disposition \\
-hide-if-modified-since \\
+hide-forwarded-for-headers \\
+hide-from-header{block} \\
-hide-referrer \\
-hide-user-agent \\
-inspect-jpegs \\
-kill-popups \\
-limit-connect \\
-overwrite-last-modified \\
-prevent-compression \\
-redirect \\
-send-vanilla-wafer \\
-send-wafer \\
-server-header-filter{xml-to-html} \\
-server-header-filter{html-to-xml} \\
-session-cookies-only \\
+set-image-blocker{pattern} \\
-treat-forbidden-connects-like-blocks \\
}
/ # '/' Match *all* URL patterns

 
 # Block all URLs that match these patterns
 { +block }
  ad.
  ad[sv].
  .*ads.
  banner?.
  /.*count(er)?\\.(pl|cgi|exe|dll|asp|php[34]?)
  .hitbox.com 
  media./.*(ads|banner)

 # Block, and treat these URL patterns as if they were 'images'.
 # We would expect these to be ads.
 { +block-as-image }
  .ad.doubleclick.net
  .a[0-9].yimg.com/(?:(?!/i/).)*$
  ad.*.doubleclick.net

 # Make exceptions for these harmless ones that would be 
 # caught by our +block patterns just above.
 { -block }
  adsl.
  adobe.
  advice.
  .*downloads.
  # uploads or downloads
  /.*loads
.fi
.PP
Then for a \fIuser.action\fR, we would put local,
narrowly defined exceptions:

.nf
 # Re-define aliases as needed here
 {{alias}}

 # Useful aliases
 -crunch-cookies = -crunch-incoming-cookies -crunch-outgoing-cookies
 
 # Set personal exceptions to the policies in default.action #######

 # Sites where we want persistent cookies, so allow *all* cookies
 { -crunch-cookies -session-cookies-only }
  .redhat.com
  .sun.com
  .msdn.microsoft.com
 
 # These sites break easily. Use our "fragile" alias here.
 { fragile }
  .forbes.com
  mybank.example.com

 # Replace example.com's style sheet with one of my choosing
 { +redirect{http://localhost/css-replacements/example.com.css} }
  example.com/stylesheet.css
.fi
.PP
See the comments in the configuration files themselves, or the 
\fIUser Manual\fR
for full explanations of the above syntax, and other \fBPrivoxy\fR
configuration options.
.SH "FILES"

.nf
 
 \fI/usr/sbin/privoxy\fR
 \fI/etc/privoxy/config\fR
 \fI/etc/privoxy/default.action\fR
 \fI/etc/privoxy/standard.action\fR
 \fI/etc/privoxy/user.action\fR
 \fI/etc/privoxy/default.filter\fR
 \fI/etc/privoxy/user.filter\fR
 \fI/etc/privoxy/trust\fR
 \fI/etc/privoxy/templates/*\fR
 \fI/var/log/privoxy/logfile\fR
.fi
.PP
Various other files should be included, but may vary depending on platform
and build configuration. Additional documentation should be included in the local
documentation directory.
.SH "SIGNALS"
.PP
\fBPrivoxy\fR terminates on the \fBSIGINT\fR,
\fBSIGTERM\fR and \fBSIGABRT\fR signals. Log
rotation scripts may cause a re-opening of the logfile by sending a 
\fBSIGHUP\fR to \fBPrivoxy\fR. Note that unlike
other daemons,  \fBPrivoxy\fR does not need to be made aware of
config file changes by \fBSIGHUP\fR -- it will detect them
automatically. 
.SH "NOTES"
.PP
This is a UNRELEASED version of \fBPrivoxy\fR. Not 
all features are well tested.
.PP
Please see the \fIUser Manual\fR on how to contact the
developers, for feature requests, reporting problems, and other questions.
.SH "SEE ALSO"
.PP
Other references and sites of interest to \fBPrivoxy\fR
users:
.PP

http://www.privoxy.org/, 
the \fBPrivoxy\fR Home page. 

http://www.privoxy.org/faq/, 
the \fBPrivoxy\fR FAQ. 

http://sourceforge.net/projects/ijbswa/, 
the Project Page for \fBPrivoxy\fR on 
SourceForge.

http://config.privoxy.org/,
the web-based user interface. \fBPrivoxy\fR must be
running for this to work. Shortcut: http://p.p/

http://sourceforge.net/tracker/?group_id=11118&atid=460288, to submit ``misses'' and other
configuration related suggestions to the developers. 

http://www.junkbusters.com/ht/en/cookies.html,
an explanation how cookies are used to track web users.

http://www.junkbusters.com/ijb.html,
the original Internet Junkbuster.

http://privacy.net/, a useful site
to check what information about you is leaked while you browse the web.

http://www.squid-cache.org/, a popular
caching proxy, which is often used together with \fBPrivoxy\fR.

http://www.pps.jussieu.fr/~jch/software/polipo/,
\fBPolipo\fR is a caching proxy with advanced features
like pipelining, multiplexing and caching of partial instances. In many setups
it can be used as \fBSquid\fR replacement.

http://tor.eff.org/, 
\fBTor\fR can help anonymize web browsing, 
web publishing, instant messaging, IRC, SSH, and other applications.

http://www.privoxy.org/developer-manual/, 
the \fBPrivoxy\fR developer manual. 
.SH "DEVELOPMENT TEAM"

.nf
 Fabian Keil, lead developer
 David Schmidt, developer
 
 Hal Burgiss
 Roland Rosenfeld
.fi
.SH "COPYRIGHT AND LICENSE"
.SS "COPYRIGHT"
.PP
Copyright (C) 2001 - 2007 by Privoxy Developers <ijbswa-developers@lists.sourceforge.net>
.PP
Some source code is based on code Copyright (C) 1997 by Anonymous Coders
and Junkbusters, Inc. and licensed under the \fIGNU General Public
License\fR.
.SS "LICENSE"
.PP
\fBPrivoxy\fR is free software; you can
redistribute it and/or modify it under the terms of the 
\fIGNU General Public
License\fR, version 2, as published by the Free Software Foundation.
.PP
This program is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE.  See the 
\fIGNU General Public License\fR for
more details, which is available from the Free Software Foundation, Inc, 
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
.PP
You should have received a copy of the  \fIGNU General Public License\fR
along with this program; if not, write to the  Free Software
Foundation, Inc. 51 Franklin Street, Fifth Floor
Boston, MA 02110-1301
USA