#MASTER# COMMENT:
-#MASTER# COMMENT: Anyone adding specific rules to this file,
-#MASTER# COMMENT: wherever possible please include a *full* URL
-#MASTER# COMMENT: which can be used to verify the problem, and if
-#MASTER# COMMENT: the problem may not always be fully obvious, a
-#MASTER# COMMENT: brief explanation. Thanks.
+#MASTER# COMMENT: Anyone adding specific rules to this file,
+#MASTER# COMMENT: wherever possible please include a *full* URL
+#MASTER# COMMENT: which can be used to verify the problem, and if
+#MASTER# COMMENT: the problem may not always be fully obvious, a
+#MASTER# COMMENT: brief explanation. Please also add tests for
+#MASTER# COMMENT: Privoxy-Regression-Test so we can automatically
+#MASTER# COMMENT: verify that your rules are effective. Thanks.
#MASTER# COMMENT:
######################################################################
#
# File : $Source: /cvsroot/ijbswa/current/default.action.master,v $
#
-# $Id: default.action.master,v 1.153 2008/12/13 10:05:29 fabiankeil Exp $
+# $Id: default.action.master,v 1.165 2009/02/12 16:58:03 ler762 Exp $
#
# Requires : This version requires Privoxy v3.0.11 or later due to
# syntax changes.
#
# Purpose : Default actions file, see
# http://www.privoxy.org/user-manual/actions-file.html.
-# This file is subject to periodic updating. Local exceptions
-# and enhancements are better placed in user.action.
+# This file is subject to periodic updating. It is
+# not supposed to be edited by the user. Local exceptions
+# and enhancements are better placed in user.action,
+# the match-all section has been moved to match-all.action.
#
-# Copyright : Written by and Copyright (C) 2001-2008 the
+# Copyright : Written by and Copyright (C) 2001-2009 the
# Privoxy team. http://www.privoxy.org/
#
# Note: Updated versions of this file will be made available from time
# (Don't change the version number from 1.0 - after all, why tell them?)
#
# +limit-connect{portlist}
-# The CONNECT methods exists in HTTP to allow access to secure websites
-# (https:// URLs) through proxies. It works very simply: The proxy
-# connects to the server on the specified port, and then short-circuits
-# its connections to the client and to the remote proxy.
-# This can be a big security hole, since CONNECT-enabled proxies can
-# be abused as TCP relays very easily.
-# By default, i.e. in the absence of a +limit-connect action, Privoxy
-# will only allow CONNECT requests to port 443, which is the standard port
-# for https.
-# If you want to allow CONNECT for more ports than that, or want to forbid
-# CONNECT altogether, you can specify a comma separated list of ports and port
-# ranges (the latter using dashes, with the minimum defaulting to 0 and max to 65K):
-#
-# +limit-connect{443} # This is the default and need no be specified.
-# +limit-connect{80,443} # Ports 80 and 443 are OK.
-# +limit-connect{-3, 7, 20-100, 500-} # Port less than 3, 7, 20 to 100, and above 500 are OK.
+#
+# By default, i.e. if no limit-connect action applies, Privoxy
+# allows HTTP CONNECT requests to all ports. Use limit-connect
+# if fine-grained control is desired for some or all destinations.
+# The CONNECT methods exists in HTTP to allow access to secure websites
+# ("https://" URLs) through proxies. It works very simply: the proxy
+# connects to the server on the specified port, and then short-circuits
+# its connections to the client and to the remote server. This means
+# CONNECT-enabled proxies can be used as TCP relays very easily. Privoxy
+# relays HTTPS traffic without seeing the decoded content. Websites can
+# leverage this limitation to circumvent Privoxy's filters. By specifying
+# an invalid port range you can disable HTTPS entirely.
+#
+# +limit-connect{443} # Only port 443 is OK.
+# +limit-connect{80,443} # Ports 80 and 443 are OK.
+# +limit-connect{-3, 7, 20-100, 500-} # Ports less than 3, 7, 20 to 100 and above 500 are OK.
+# +limit-connect{-} # All ports are OK
+# +limit-connect{,} # No HTTPS/SSL traffic is allowed
#
# +overwrite-last-modified{block}
# +overwrite-last-modified{reset-to-request-time}
#
allow-ads = -block -filter{banners-by-size} -filter{banners-by-link}
-#############################################################################
-# Defaults
-#############################################################################
+################
+#
+# Cautious settings -- safe for all sites, but offer little privacy protection
+#
+{ \
++change-x-forwarded-for{block} \
++hide-from-header{block} \
++set-image-blocker{pattern} \
+}
+standard.Cautious
+
+################
+#
+# Medium settings -- safe for most sites, with reasonable protection/damage tradeoff
+#
+{ \
++change-x-forwarded-for{block} \
++deanimate-gifs{last} \
++filter{refresh-tags} \
++filter{img-reorder} \
++filter{banners-by-size} \
++filter{webbugs} \
++filter{jumping-windows} \
++filter{ie-exploits} \
++hide-from-header{block} \
++hide-referrer{conditional-block} \
++session-cookies-only \
++set-image-blocker{pattern} \
+}
+standard.Medium
+
+################
+#
+# Advanced settings -- reasonable privacy protection but
+# require some exceptions for trusted sites, most likely
+# because of cookies or SSL. Also testing ground for
+# new options.
+#
+# CAUTION: These settings can still be subverted by a
+# misconfigured client that executes code from untrusted
+# sources.
+#
{ \
+change-x-forwarded-for{block} \
++client-header-tagger{css-requests} \
++client-header-tagger{image-requests} \
++crunch-if-none-match \
++crunch-outgoing-cookies \
++crunch-incoming-cookies \
++deanimate-gifs{last} \
++fast-redirects{check-decoded-url} \
++filter{html-annoyances} \
++filter{content-cookies} \
++filter{refresh-tags} \
++filter{img-reorder} \
++filter{banners-by-size} \
++filter{banners-by-link} \
++filter{webbugs} \
++filter{jumping-windows} \
++filter{frameset-borders} \
++filter{quicktime-kioskmode} \
++hide-if-modified-since{-60} \
+hide-from-header{block} \
++hide-referrer{conditional-block} \
++limit-connect{,} \
++overwrite-last-modified{randomize} \
+set-image-blocker{pattern} \
}
-/ # Match all URLs
+standard.Advanced
#############################################################################
# These extensions belong to images:
#############################################################################
# Site-specific block patterns;
#############################################################################
+{+block{Domain parking site}}
+#MASTER# BLOCK-REFERRER: http://www.inetcat.org
+# Blocked URL = http://www.sedoparking.com/www.inetcat.org
+.sedoparking.com/
+# Blocked URL = http://landing.trafficz.com/index.php?domain=www.inetcat.org
+landing.trafficz.com/
+# Blocked URL = http://www.searchnut.com/?domain=www.inetcat.org
+.searchnut.com/\?domain
+
{+block{Site-specific block pattern matches.}}
#MASTER# BLOCK-REFERRER: http://www.brooksbrothers.com/ 10/18/06
#MASTER# BLOCK-REFERRER: http://www.autodesk.com/
# Blocked URL = http://clk.atdmt.com/
.atdmt.com/
-
#----------------------------------------------------------------------------
# Misc Web-bugs, JS and just plain Junk. Images here aren't normal images.
#----------------------------------------------------------------------------
#MASTER# BLOCK-REFERRER: http://www.thinkbroadband.com/news/3621-complaint-about-orange-broadband-advertising-upheld.html
# URL = http://eas.apm.emediate.eu/media.5/1/1228/19193/ACT1215_120x600_v3.gif
.emediate.eu/
+# URL = http://feedads.googleadservices.com/~a/dPlpGU767u4D4kVO8EGuUlnf1Q0/i
+# URL = http://feedads.googleadservices.com/~at/EpX-FnAXxwdaBSq-GRze37-rG0M/i
+.googleadservices.com/~
+#MASTER# REMARKS: Block yahoo email & ygroups banner ad
+# URL = http://ts.richmedia.yahoo.com/...hummingbird.jpg?adxq=NNN
+.richmedia.yahoo.com/.*\.(gif|jpe?g)\?ad
#----------------------------------------------------------------------------
# Cross-site user tracking
#MASTER# BLOCK-REFERER: http://www.buch.de/
# URL = http://track.webtrekk.de/471497967328727/wt.pl?p=177,de.buch.show.home,1,1024x768,24,1,1218816426275,0,884x653,0&enc1=%FC&enc2=iso-8859-1&st=view&la=en-US&np=Default%20Plugi
track.webtrekk.de/
-# URL = http://feedads.googleadservices.com/~a/dPlpGU767u4D4kVO8EGuUlnf1Q0/i
-# URL = http://feedads.googleadservices.com/~at/EpX-FnAXxwdaBSq-GRze37-rG0M/i
-.googleadservices.com/~
#----------------------------------------------------------------------------
# Specific counters (see above for generic patterns)
.adobe.com
# URL = http://qa.debian.org/popcon.php
qa.debian.org/popcon\.php
+#MASTER# REMARKS: Support Requests item #2432535 2008-12-16
+# URL = http://www.mta.info/bandt/traffic/advmain.htm
+.mta.info/.*advmain.htm$
#MASTER# REMARKS: We also use this as a light character class test, therefore the additional URL directives.
# URL = http://www.proaurum.de/bannerA2/image/pro_master_r3_01_04.gif
# URL = http://www.proaurum.de/bannerA1/image/limitorder2.gif
.proaurum.de/banner[ABC]\d_?/
# URL = http://www.goldmoney.com/en/images/home/banner_r4_c1.gif
.goldmoney.com/
+#MASTER# REMARKS: Actionsfile feedback item #2017126 2008-07-13
+#MASTER# REMARKS: The dutch newspaper site of Algemeen Dagblad (http://www.ad.nl) is blocked
+# URL = http://www.ad.nl/
+.ad.nl/
#############################################################################
# Site-specific special rules: