-# Sample Configuration file for the Internet Junkbuster 2.0
+# Sample Configuration file for the Internet Junkbuster 2.9.x
#
-# $Id: config,v 1.13 2001/06/04 18:31:58 swa Exp $
+# $Id: config,v 1.28 2002/03/04 19:32:07 oes Exp $
#
# Table of Contents
# you can make it a comment and it will be treated as if it weren't there.
# This is called "commenting out" an option and can be useful to turn
# off features: If you comment out the "logfile" line, junkbuster will
-# not log at all. Watch for the "default:" section in each explanation
-# to see what happens if the option is left unset (or commented out).
+# not log to a file at all. Watch for the "default:" section in each
+# explanation to see what happens if the option is left unset (or
+# commented out).
#
# Long lines can be continued on the next line by using a `\' as
-# the last character. This also works if comments are present in
-# between.
-#
-
+# the last character.
#
# 3. OTHER CONFIGURATION FILES
#
# files in the current working directory. In either case, an
# absolute path name can be used to avoid problems.
-# While we go modular and multiuser, the blocker, filter, and
-# per-user config will be stored in subdirectories of confdir.
-# Now, only confdir/templates is used for storing HTML templates
-# for CGI results.
+# While we go modular and multiuser, the blocker, filter, and
+# per-user config will be stored in subdirectories of confdir.
+# Now, only confdir/templates is used for storing HTML templates
+# for CGI results.
#
-# No trailing /, please.
+# No trailing /, please.
confdir .
#
-# The directory where all logging (i.e. logfile and jarfile) takes place
-# No trailing /, please.
+# The directory where all logging (i.e. logfile and jarfile) takes place
+# No trailing /, please.
#
logdir .
-#
-# Note that all file specifications below are relative to
-# the above two directories!!!
-#
+# Note that all file specifications below are relative to
+# the above two directories!!!
-# The permissions file contains patterns to specify the
-# filtering rules to apply to each site.
+# The actions file contains patterns to specify the
+# actions to apply to requests for each site.
#
# Default: Cookies to and from all destinations are filtered.
# Popups are disabled for all sites.
# All sites are filtered if re_filterfile specified.
# No sites are blocked. Nothing is an image.
#
-permissionsfile permissionsfile
+actionsfile ijb.action
-#
# The re_filterfile contains content modification rules. These rules
# permit powerful changes on the content of Web pages, e.g., you
# could disable your favourite JavaScript annoyances, rewrite the
# actual content, or just have some fun replacing "Microsoft"
# with "Microsuck" wherever it appears on a Web page.
#
-# Default: No content modification.
+# Default: content modification. (see '+-filter' in actionsfile)
#
-re_filterfile re_filterfile
+re_filterfile re_filterfile
#
# The logfile is where all logging and error messages are written.
#
# Default: Log to the standard error channel, not to a file
#
-logfile logfile
+logfile logfile
#
# The jarfile defines where Junkbuster stores the cookies it
#
# Default: Don't store intercepted cookies
#
-#jarfile jarfile
+jarfile jarfile
+#
+# If you specify a trustfile, Junkbuster will only allow access
+# to sites that are named in the trustfile. You can also mark
+# sites as trusted referrers, with the effect that access to
+# untrusted sites will be granted, if a link from a trusted
+# referrer was used. The link target will then be added to the
+# trustfile.
+# Note that this is a very restrictive feature that typical users
+# most propably want to leave disabled.
+#
+# Default: Don't use the trust mechanism
+#
+#trustfile trust
#
+# If you use the trust mechanism, it is a good idea to write up
+# some online documentation about your blocking policy and to
+# specify the URL(s) here. They will appear on the page that
+# your users receive when they try to access untrusted content.
+# Use multiple times for multiple URLs.
+#
+# Default: Don't display links on the "untrusted" info page.
+#
+trust-info-url http://www.your-site.com/why_we_block.html
+trust-info-url http://www.your-site.com/what_we_allow.html
+
# 4. OPTIONS
#
# This part of the configuration file contains options that control
# how Junkbuster operates.
#
+# Admin-address should be set to the email address of the proxy
+# administrator. It is used in many of the proxy-generated pages.
+#
+# Default: fill@me.in.please
+#
+admin-address fill@me.in.please
+
+#
+# Proxy-info-url can be set to a URL that contains more info about
+# this junkbuster installation, it's configuration and policies.
+# It is used in many of the proxy-generated pages and its use is
+# highly recommended, since your users will want to know why certain
+# content is blocked or modified.
+#
+# Default: Don't show a link to online documentation
+#
+proxy-info-url http://www.your-site.com/proxy.html
+
#
# Listen-address specifies the address and port where Junkbuster will
# listen for connections from your Web browser. The default is to
-# listen on the local host on port 8000, and this is suitable for
+# listen on the local host on port 8118, and this is suitable for
# most users. (In your web browser, under proxy configuration, list
-# the proxy server as 'localhost' and the port as '8000').
+# the proxy server as 'localhost' and the port as '8118').
#
-# If you already have another service running on port 8000, or if you
+# If you already have another service running on port 8118, or if you
# want to serve requests from other machines (e.g. on your local
# network) as well, you will need to override the default. The syntax
# is "listen-address [<ip-address>]:<port>" If you leave out the ip
# (192.168.0.0) and has another outside connection with a different
# address. You want it to serve requests from inside only:
#
-# listen-address 192.168.0.1:8000
+# listen-address 192.168.0.1:8118
#
# If you want it to listen on all addresses (including the outside
# connection):
#
-# listen-address :8000
+# listen-address :8118
#
# If you do this, consider using acls (see "aclfile" above).
#
# Note: you will need to point your browser(s) to the address
# and port that you have configured here.
#
-# Default: listen-address localhost:8000
-# listen-address 127.0.0.1:8000
+# Default: listen-address localhost:8118
+# listen-address 127.0.0.1:8118
#
# debug 16 # LOG = log all data into the logfile
# debug 32 # FRC = debug force feature
# debug 64 # REF = debug regular expression filter
-# debug 128 # RED = debug fast redirects
-# debug 256 # CLF = Common Log Format
+# debug 128 # = debug fast redirects
+# debug 256 # = debug GIF deanimation
+# debug 512 # CLF = Common Log Format
+# debug 1024 # = debug kill popups
# debug 4096 # INFO = Startup banner and warnings.
# debug 8192 # ERROR = Non-fatal errors
#
# The reporting of FATAL errors (i.e. ones which crash
# JunkBuster) is always on and cannot be disabled.
#
-# If you want to use CLF, you should set "debug 256" ONLY,
+# If you want to use CLF, you should set "debug 512" ONLY,
# do not enable anything else.
#
# Multiple "debug" directives, are OK - they're logical-OR'd
#
toggle 1
+#
+# For content filtering, i.e. the +filter and +deanimate-gif
+# actions, it is neccessary that Junkbuster buffers up the
+# whole document body. This can be potentially dangerous, since
+# a server could just keep sending data indefinitely and wait
+# for your RAM to exhaust.
+# The buffer-limit option lets you set the size in Kbytes that
+# each buffer may use at maximum. When the documents buffer
+# exceeds that size, it is flushed to the client unfiltered and
+# no further attempt to filter the rest of it is taken.
+# Remember that there may multiple threads running, which might
+# require up to buffer-limit Kbytes *each*, unless you have set
+# single-threaded below.
+#
+# Default: 4069, i.e. 4 MB
+#
+buffer-limit 4069
+
+
+#
+# Enable the web-based actionsfile editor. Set to 1 to enable,
+# 0 to disable. Note that you must have compiled JunkBuster
+# with support for this feature, otherwise this option has no
+# effect.
+#
+# Security note: If this is enabled, anyone who can use the proxy
+# can edit the actions file, and their changes will affect all users.
+# For shared proxies, you probably want to disable this.
+#
+# Default: Disabled
+#
+enable-edit-actions 1
+
+
+#
+# Allow JunkBuster to be toggled on and off remotely, using your
+# web browser. Set to 1 to enable, 0 to disable. Note that you
+# must have compiled JunkBuster with support for this feature,
+# otherwise this option has no effect.
+#
+# Security note: If this is enabled, anyone who can use the proxy
+# can toggle it on or off, and their changes will affect all users.
+# For shared proxies, you probably want to disable this.
+#
+# Default: Disabled
+#
+enable-remote-toggle 1
#############################################################################
# Access Control List
# There is an implicit line equivalent to the following, which specifies that
# anything not finding a match on the list is to go out without forwarding
# or gateway protocol; like so:
-# forward .* . # implicit
+# forward .* . # implicit
#
# In the following common configuration, everything goes to Lucent's LPWA,
# except SSL on port 443 (which it doesn't handle)
-# forward .* lpwa.com:8000
+# forward .* lpwa.com:8118
# forward :443 .
#
# See the FAQ for instructions on how to automate the login procedure for LPWA.
# Some users have reported difficulties related to LPWA's use of . as the
# last element of the domain, and have said that this can be fixed with this:
-# forward lpwa. lpwa.com:8000
+# forward lpwa. lpwa.com:8118
# (NOTE: the syntax for specifiying target_domain has changed since the
# previous paragraph weas written - it will not work now. More information
# is welcome.)
# In this fictitious example, everything goes via an ISP's caching proxy,
# except requests to that ISP:
#
-# forward .* caching.myisp.net:8000
+# forward .* caching.myisp.net:8118
# forward myisp.net .
#
# For the @home network, we're told the forwarding configuration is this:
# but everything else goes through Lucent's LPWA by way of the company's
# SOCKS gateway to the Internet.
#
-# forward_socks4 .* lpwa.com:8000 firewall.my_company.com:1080
+# forward-socks4 .* lpwa.com:8118 firewall.my_company.com:1080
# forward my_company.com .
#
# This is how you could set up a site that always uses SOCKS but no forwarders
#
-# forward_socks4a .* . firewall.my_company.com:1080
+# forward-socks4a .* . firewall.my_company.com:1080
#
# An advanced example for network administrators:
#
#
# host-a can run an Internet Junkbuster proxy with forwarding like this:
# forward .* .
-# forward isp-b.com host-b:8000
+# forward isp-b.com host-b:8118
#
# host-b can run an Internet Junkbuster proxy with forwarding like this:
# forward .* .
-# forward isp-a.com host-a:8000
+# forward isp-a.com host-a:8118
#
# Now, *anyone* on the Internet (including users on host-a and host-b)
# can set their browser's proxy to *either* host-a or host-b and
# forward .ukc.ac.uk . # Anything on the same domain as us
# forward * . # Host with no domain specified
# forward 129.12.*.* . # A dotted IP on our /16 network.
-# forward 128.*.*.* . # Loopback address
+# forward 127.*.*.* . # Loopback address
# forward localhost.localdomain . # Loopback address
# forward www.ukc.mirror.ac.uk . # Specific host
#
-
+#
+# Note: If you intend to chain junkbuster and squid locally, the chain
+# broswer -> squid -> junkbuster is the recommended way.
+#
+# Your squid configuration could then look like this:
+#
+# # Define junkbuster as parent cache
+# cache_peer 127.0.0.1 8118 parent 0 no-query
+#
+# # Define ACL for protocol FTP
+# acl FTP proto FTP
+#
+# # Do not forward ACL FTP to junkbuster
+# always_direct allow FTP
+#
+# # Do not forward ACL CONNECT (https) to junkbuster
+# always_direct allow CONNECT
+#
+# # Forward the rest to junkbuster
+# never_direct allow all
+#
#############################################################################
# 5. WINDOWS GUI OPTIONS
projects / privoxy.git / blobdiff