<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook V3.1//EN" [
-<!entity % dummy "INCLUDE">
+<!entity % dummy "IGNORE">
<!entity supported SYSTEM "supported.sgml">
<!entity newfeatures SYSTEM "newfeatures.sgml">
<!entity p-intro SYSTEM "privoxy.sgml">
<!entity contacting SYSTEM "contacting.sgml">
<!entity history SYSTEM "history.sgml">
<!entity copyright SYSTEM "copyright.sgml">
-<!entity p-version "2.9.13">
-<!entity p-status "BETA">
-<!entity % p-not-stable "INCLUDE"> <!-- set to IGNORE for stable release -->
-<!entity % p-stable "IGNORE"> <!-- set INCLUDE for stable release -->
+<!entity p-version "2.9.14">
+<!entity p-status "beta">
+<!entity % p-not-stable "INCLUDE">
+<!entity % p-stable "IGNORE">
<!entity % p-text "IGNORE"> <!-- define we are not a text only doc -->
<!entity % p-doc "INCLUDE"> <!-- and we are a formal doc -->
<!entity % p-readme "IGNORE">
+<!entity % p-config "IGNORE">
<!entity % p-supp-userman "IGNORE"> <!-- Omit some from supported.sgml -->
]>
<!--
This file belongs into
ijbswa.sourceforge.net:/home/groups/i/ij/ijbswa/htdocs/
- $Id: user-manual.sgml,v 1.68 2002/04/04 18:46:47 swa Exp $
+ $Id: user-manual.sgml,v 1.95 2002/04/26 17:23:29 swa Exp $
Written by and Copyright (C) 2001 the SourceForge
Privoxy team. http://www.privoxy.org/
========================================================================
NOTE: Please read developer-manual/documentation.html before touching
- anything in this, or other Privoxy documentation. You have been warned!
- Failure to abide by this rule will result in the revocation of your license
- to live a peaceful existence!
+ anything in this, or other Privoxy documentation.
========================================================================
-->
<artheader>
<title>Privoxy User Manual</title>
-<pubdate>$Id: user-manual.sgml,v 1.68 2002/04/04 18:46:47 swa Exp $</pubdate>
+<pubdate>$Id: user-manual.sgml,v 1.95 2002/04/26 17:23:29 swa Exp $</pubdate>
<authorgroup>
<author>
<para>
The user manual gives users information on how to install, configure and use
- <application>Privoxy</application>.
+ <ulink
+ url="http://www.privoxy.org/"><application>Privoxy</application></ulink>.
</para>
-<!--
- Include privoxy.sgml boilerplate:
--->
+<!-- Include privoxy.sgml boilerplate: -->
&p-intro;
+<!-- end privoxy.sgml -->
<para>
You can find the latest version of the user manual at <ulink
- url="http://www.privoxy.org/user-manual/">http://www.privoxy.org/user-manual/</ulink>. Please see the Contact section on how to contact the developers.
+ url="http://www.privoxy.org/user-manual/">http://www.privoxy.org/user-manual/</ulink>.
+ Please see the <ulink url="contact.html">Contact section</ulink> on how to
+ contact the developers.
</para>
<!-- <para> -->
</sect1>
<!-- ~~~~~ New section ~~~~~ -->
-
<sect1 label="1" id="introduction"><title>Introduction</title>
-
<para>
This documentation is included with the current &p-status; version of
<application>Privoxy</application>, v.&p-version;<![%p-not-stable;[,
stable v3.0 is <quote>soon</quote> ;-)]]>.
</para>
-<![%p-not-stable;[
<!-- include only in non-stable versions -->
+<![%p-not-stable;[
<para>
Since this is a &p-status; version, not all new features are well tested. This
documentation may be slightly out of sync as a result (especially with
]]>
<!-- ~~~~~ New section ~~~~~ -->
-<sect2>
-<title>New Features</title>
+<sect2 id="features"><title>Features</title>
<para>
In addition to <application>Internet Junkbuster's</application> traditional
- feature of ad and banner blocking and cookie management,
+ features of ad and banner blocking and cookie management,
<application>Privoxy</application> provides new features<![%p-not-stable;[,
some of them currently under development]]>:
</para>
-
<!-- Include newfeatures.sgml boilerplate here: -->
&newfeatures;
<!-- end boilerplate -->
-
</sect2>
</sect1>
<!-- ~~~~~ New section ~~~~~ -->
<sect1 id="installation"><title>Installation</title>
+
<para>
- <application>Privoxy</application> is available as raw source code (tarball
- or via CVS), or pre-compiled binaries for various platforms. See the <ulink
- url="http://sourceforge.net/projects/ijbswa/">Privoxy Project Page</ulink> for
- the most up to date release information.
- <application>Privoxy</application> is also available via <ulink
- url="http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/ijbswa/current/">CVS</ulink>.
- <![%p-not-stable;[This is the recommended approach at this time.]]> But
- please be aware that CVS is constantly changing, and it may break in
- mysterious ways.
+ <application>Privoxy</application> is available both in convenient pre-compiled
+ packages for a wide range of operating systems, and as raw source code.
+ For most users, we recommend using the packages, which can be downloaded from our
+ <ulink url="http://sourceforge.net/projects/ijbswa/">Privoxy Project
+ Page</ulink>. For installing and compiling the source code, please look
+ into our Developer Manual.
</para>
-<!-- Include supported.sgml boilerplate -->
- &supported;
-<!-- end boilerplate -->
-
-<!-- ~~~~~ New section ~~~~~ -->
-<sect2 id="installation-source"><title>Source</title>
-
-
-<!-- include buildsource.sgml boilerplate: -->
- &buildsource;
-<!-- end boilerplate -->
-
<para>
- For Redhat and SuSE Linux RPM packages, see below.
+ If you like to live on the bleeding edge and are not afraid of using
+ possibly unstable development versions, you can check out the up-to-the-minute
+ version directly from <ulink url="http://sourceforge.net/cvs/?group_id=11118">the
+ CVS repository</ulink> or simply download <ulink
+ url="http://cvs.sourceforge.net/cvstarballs/ijbswa-cvsroot.tar.gz">the nightly CVS
+ tarball.</ulink> Again, we refer you to the Developer Manual.
</para>
+<!-- Include supported.sgml boilerplate -->
+ &supported;
+<!-- end boilerplate -->
-<!-- ~~~~~ New section ~~~~~ -->
-<sect3 id="installation-rh"><title>Red Hat</title>
<para>
- To build Redhat RPM packages from source, install source as above. Then:
+ Note: If you have a previous <application>Junkbuster</application> or
+ <application>Privoxy</application> installation on your system, you
+ will need to remove it. Some platforms do this for you as part
+ of their installation procedure. (See below for your platform).
</para>
<para>
- <screen>
- autoheader
- autoconf
- ./configure
- make redhat-dist
- </screen>
+ In any case <emphasis>be sure to backup your old configuration
+ if it is valuable to you.</emphasis> See the
+ <link linkend="upgradersnote">note to upgraders</link> section
+ below.
</para>
-<para>
- This will create both binary and src RPMs in the usual places. Example:
-</para>
+<!-- ~~~~~ New section ~~~~~ -->
+<sect2 id="installation-pack-rpm"><title>Red Hat and SuSE RPMs</title>
<para>
- /usr/src/redhat/RPMS/i686/privoxy-&p-version;-1.i686.rpm
+ RPMs can be installed with <literal>rpm -Uvh privoxy-&p-version;-1.rpm</literal>,
+ and will use <filename>/etc/privoxy</filename> for the location
+ of configuration files.
</para>
+
<para>
- /usr/src/redhat/SRPMS/privoxy-&p-version;-1.src.rpm
+ Note that on Red Hat, <application>Privoxy</application> will
+ <emphasis>not</emphasis> be automatically started on system boot. You will
+ need to enable that using <command>chkconfig</command>,
+ <command>ntsysv</command>, or similar methods. Note that SuSE will
+automatically start Privoxy in the boot process.
</para>
<para>
- To install, of course:
+ If you have problems with failed dependencies, try rebuilding the SRC RPM:
+ <literal>rpm --rebuild privoxy-&p-version;-1.src.rpm;</literal>. This
+ will use your locally installed libraries and RPM version.
</para>
<para>
- <screen>
- rpm -Uvv /usr/src/redhat/RPMS/i686/privoxy-&p-version;-1.i686.rpm
- </screen>
+ Also note that if you have a <application>Junkbuster</application> RPM installed
+ on your system, you need to remove it first, because the packages conflict.
+ Otherwise, RPM will try to remove <application>Junkbuster</application>
+ automatically, before installing <application>Privoxy</application>.
</para>
+</sect2>
+<!-- ~~~~~ New section ~~~~~ -->
+<sect2 id="installation-deb"><title>Debian</title>
<para>
- This will place the <application>Privoxy</application> configuration
- files in <filename>/etc/privoxy/</filename>, and log files in
- <filename>/var/log/privoxy/</filename>. Run
- <command>ckconfig privoxy on</command> to have
- <application>Privoxy</application> start automatically during init.
-
+ FIXME.
</para>
-
-</sect3>
+</sect2>
<!-- ~~~~~ New section ~~~~~ -->
-<sect3 id="installation-suse"><title>SuSE</title>
+<sect2 id="installation-pack-win"><title>Windows</title>
+
<para>
- To build SuSE RPM packages, install source as above. Then:
+ Just double-click the installer, which will guide you through
+ the installation process. You will find the configuration files
+ in the same directory as you installed Privoxy in. We do not
+ use the registry of Windows.
</para>
+</sect2>
+
+<!-- ~~~~~ New section ~~~~~ -->
+<sect2 id="installation-pack-bintgz"><title>Solaris, NetBSD, FreeBSD, HP-UX</title>
<para>
- <screen>
- autoheader
- autoconf
- ./configure
- make suse-dist
- </screen>
+ Create a new directory, <literal>cd</literal> to it, then unzip and
+ untar the archive. For the most part, you'll have to figure out where
+ things go. FIXME.
</para>
+</sect2>
+
+<!-- ~~~~~ New section ~~~~~ -->
+<sect2 id="installation-os2"><title>OS/2</title>
<para>
- This will create both binary and src RPMs in the usual places. Example:
+ First, make sure that no previous installations of
+ <application>Junkbuster</application> and / or
+ <application>Privoxy</application> are left on your
+ system. You can do this by
</para>
<para>
- /usr/src/packages/RPMS/i686/privoxy-&p-version;-1.i686.rpm
+ Then, just double-click the WarpIN self-installing archive, which will
+ guide you through the installation process. A shadow of the
+ <application>Privoxy</application> executable will be placed in your
+ startup folder so it will start automatically whenever OS/2 starts.
</para>
+
<para>
- /usr/src/packages/SRPMS/privoxy-&p-version;-1.src.rpm
+ The directory you choose to install <application>Privoxy</application>
+ into will contain all of the configuration files.
</para>
+</sect2>
-<para>
- To install, of course:
+<!-- ~~~~~ New section ~~~~~ -->
+<sect2 id="installation-mac"><title>Max OSX</title>
+<para>
+ Unzip the downloaded package (you can either double-click on the file
+ in the finder, or on the desktop if you downloaded it there). Then,
+ double-click on the package installer icon and follow the installation
+ process.
+ <application>Privoxy</application> will be installed in the subdirectory
+ <literal>/Applications/Privoxy.app</literal>.
+ <application>Privoxy</application> will set itself up to start
+ automatically on system bring-up via
+ <literal>/System/Library/StartupItems/Privoxy</literal>.
</para>
+</sect2>
+<!-- ~~~~~ New section ~~~~~ -->
+<sect2 id="installation-amiga"><title>AmigaOS</title>
<para>
- <screen>
- rpm -Uvv /usr/src/packages/RPMS/i686/privoxy-&p-version;-1.i686.rpm
- </screen>
+ Copy and then unpack the <filename>lha</filename> archive to a suitable location.
+ All necessary files will be installed into <application>Privoxy</application>
+ directory, including all configuration and log files. To uninstall, just
+ remove this directory.
</para>
-
<para>
- This will place the <application>Privoxy</application> configuration
- files in <filename>/etc/privoxy/</filename>, and log files in
- <filename>/var/log/privoxy/</filename>.
+ Start <application>Privoxy</application> (with RUN <>NIL:) in your
+ <filename>startnet</filename> script (AmiTCP), in
+ <filename>s:user-startup</filename> (RoadShow), as startup program in your
+ startup script (Genesis), or as startup action (Miami and MiamiDx).
+ <application>Privoxy</application> will automatically quit when you quit your
+ TCP/IP stack (just ignore the harmless warning your TCP/IP stack may display that
+ <application>Privoxy</application> is still running).
</para>
+</sect2>
+</sect1>
-</sect3>
-
+<!-- ~ End section ~ -->
<!-- ~~~~~ New section ~~~~~ -->
-<sect3 id="installation-os2"><title>OS/2</title>
-
-<!--
-Thanx David Schmidt!
--->
-
+<sect1 id="upgradersnote">
+<title>Note to Upgraders</title>
<para>
- <application>Privoxy</application> is packaged in a WarpIN self-
- installing archive. The self-installing program will be named depending
- on the release version, something like:
- <filename>privoxyos2_setup_&p-version;.exe</filename>. In order to install it, simply
- run this executable or double-click on its icon and follow the WarpIN
- installation panels. A shadow of the <application>Privoxy</application>
- executable will be placed in your startup folder so it will start
- automatically whenever OS/2 starts.
+ There are very significant changes from older versions of
+ <application>Junkbuster</application> to the current
+ <application>Privoxy</application>. Configuration is substantially
+ changed. <application>Junkbuster 2.0.x</application> and earlier
+ configuration files will not migrate. The functionality of the old
+ <filename>blockfile</filename>, <filename>cookiefile</filename> and
+ <filename>imagelist</filename>, are now combined into the
+ <quote>actions files</quote>. <filename>default.action</filename>,
+ is the main actions file. Local exceptions should best be put into
+ <filename>user.action</filename>.
</para>
-
<para>
- The directory you choose to install <application>Privoxy</application>
- into will contain all of the configuration files.
+ A <quote>filter file</quote> (typically <filename>default.filter</filename>)
+ is new as of <application>Privoxy 2.9.x</application>, and provides some
+ of the new sophistication (explained below). <filename>config</filename> is
+ much the same as before.
</para>
-
<para>
- If you would like to build binary images on OS/2 yourself, you will need
- a few Unix-like tools: autoconf, autoheader and sh. These tools will be
- used to create the required config.h file, which is not part of the
- source distribution because it differs based on platform. You will also
- need a compiler.
- The distribution has been created using IBM VisualAge compilers, but you
- can use any compiler you like. GCC/EMX has the disadvantage of needing
- to be single-threaded due to a limitation of EMX's implementation of the
- <function>select()</function> socket call.
+ If upgrading from a 2.0.x version, you will have to use the new config
+ files, and possibly adapt any personal rules from your older files.
+ When porting personal rules over from the old <filename>blockfile</filename>
+ to the new actions files, please note that even the pattern syntax has
+ changed. If upgrading from 2.9.x development versions, it is still
+ recommended to use the new configuration files.
</para>
-
<para>
- In addition to needing the source code distribution as outlined earlier,
- you will want to extract the <filename>os2seutp</filename> directory from CVS:
- <screen>
- cvs -d:pserver:anonymous@cvs.ijbswa.sourceforge.net:/cvsroot/ijbswa login
- cvs -z3 -d:pserver:anonymous@cvs.ijbswa.sourceforge.net:/cvsroot/ijbswa co os2setup
- </screen>
- This will create a directory named os2setup/, which will contain the
- <filename>Makefile.vac</filename> makefile and <filename>os2build.cmd</filename>
- which is used to completely create the binary distribution. The sequence
- of events for building the executable for yourself goes something like this:
- <screen>
- cd current
- autoheader
- autoconf
- sh configure
- cd ..\os2setup
- nmake -f Makefile.vac
- </screen>
- You will see this sequence laid out in <filename>os2build.cmd</filename>.
+ A quick list of things to be aware of before upgrading:
</para>
-</sect3>
+<para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ The default listening port is now 8118 due to a conflict with another
+ service (NAS).
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Some installers may remove earlier versions completely. Save any
+ important configuration files!
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <application>Privoxy</application> is controllable with a web browser
+ at the special URL: <ulink
+ url="http://config.privoxy.org/">http://config.privoxy.org/</ulink>
+ (Shortcut: <ulink url="http://p.p/">http://p.p/</ulink>). Many
+ aspects of configuration can be done here, including temporarily disabling
+ <application>Privoxy</application>.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ The primary configuration file for cookie management, ad and banner
+ blocking, and many other aspects of <application>Privoxy</application>
+ configuration is in the <quote>actions</quote> files. It is strongly
+ recommended to become familiar with the new actions concept below,
+ before modifying these files. Locally defined rules
+ should go into <filename>user.action</filename>.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+<!-- I think it is best to keep this somewhat vague, in case -->
+<!-- the situation changes under our feet. -->
+ Some installers may not automatically start
+ <application>Privoxy</application> after installation.
+ </para>
+ </listitem>
-<!-- ~~~~~ New section ~~~~~ -->
-<sect3 id="installation-win"><title>Windows</title>
-<para>Click-click. (I need help on this. Not a clue here. Also for
-configuration section below. HB.)
+ </itemizedlist>
</para>
-</sect3>
+</sect1>
<!-- ~~~~~ New section ~~~~~ -->
-<sect3 id="installation-other"><title>Other</title>
+<sect1 id="quickstart"><title>Quickstart to Using <application>Privoxy</application></title>
<para>
- Some quick notes on other Operating Systems.
-</para>
+ <itemizedlist>
-<para>
- For FreeBSD (and other *BSDs?), the build will require <command>gmake</command>
- instead of the included <command>make</command>. <command>gmake</command> is
- available from <ulink url="http://www.gnu.org">http://www.gnu.org</ulink>.
- The rest should be the same as above for Linux/Unix.
-</para>
+ <listitem>
+ <para>
+ Install <application>Privoxy</application>. See the section <link linkend="installation">Installing</link>.
+ </para>
+ </listitem>
-</sect3>
-</sect2>
+ <listitem>
+ <para>
+ Start <application>Privoxy</application>. See the section <link linkend="startup">Starting <application>Privoxy</application></link>.
+ </para>
+ </listitem>
-</sect1>
+ <listitem>
+ <para>
+ Change your browser's configuration to use the proxy <literal>localhost</literal> on port
+ <literal>8118</literal>. See the section <link linkend="startup">Starting <application>Privoxy</application></link>.
+ </para>
+ </listitem>
-<!-- ~ End section ~ -->
+ <listitem>
+ <para>
+ Enjoy surfing with enhanced comfort and privacy. Please see the section
+ <link linkend="contact">Contacting the Developers</link> on how to report
+ bugs or problems with websites or to get help. You may want to change the
+ file <filename>user.action</filename> to further tweak your new browsing
+ experience.
+ </para>
+ </listitem>
+ </itemizedlist>
+</para>
-<!-- ~~~~~ New section ~~~~~ -->
+</sect1>
-<sect1 id="quickstart"><title>Quickstart to Using <application>Privoxy</application></title>
+<!-- ~~~~~ New section ~~~~~ -->
+<sect1 id="startup">
+<title>Starting <application>Privoxy</application></title>
<para>
Before launching <application>Privoxy</application> for the first time, you
will want to configure your browser(s) to use <application>Privoxy</application>
as a HTTP and HTTPS proxy. The default is localhost for the proxy address,
- and port 8118 (earlier versions used port 800). This is the one required
- configuration that must be done!
+ and port 8118 (earlier versions used port 8000). This is the one
+ configuration step that must be done!
</para>
<para>
<para>
After doing this, flush your browser's disk and memory caches to force a
- re-reading of all pages and get rid of any ads that may be cached. You
+ re-reading of all pages and to get rid of any ads that may be cached. You
are now ready to start enjoying the benefits of using
- <application>Privoxy</application>.
+ <application>Privoxy</application>!
</para>
<para>
<screen>
-
# /usr/sbin/privoxy /etc/privoxy/config
-
- </screen>
+</screen>
+</para>
+
+<para>
+ See <link linkend="cmdoptions">below</link> for other command line options.
</para>
<para>
- An init script is provided for SuSE and Redhat.
+ An init script is provided for SuSE and Red Hat.
</para>
<para>
- For for SuSE: <command>/etc/rc.d/privoxy start</command>
+ For for SuSE: <command>rcprivoxy start</command>
</para>
<para>
- For RedHat: <command>/etc/rc.d/init.d/privoxy start</command>
+ For Red Hat and Debian: <command>/etc/rc.d/init.d/privoxy start</command>
</para>
<para>
The included default configuration files should give a reasonable starting
- point, though may be somewhat aggressive in blocking junk. Most of the
- per site configuration is done in the <quote>actions</quote> files. These
- are where various cookie actions are defined, ad and banner blocking,
- and other aspects of <application>Privoxy</application> configuration. There
- are several such files included, with varying levels of aggressiveness.
+ point. Most of the per site configuration is done in the
+ <quote>actions</quote> files. These are where various cookie actions are
+ defined, ad and banner blocking, and other aspects of
+ <application>Privoxy</application> configuration. There are several such
+ files included, with varying levels of aggressiveness.
</para>
<para>
- You will probably want to keep an eye out for sites that require persistent
- cookies, and add these to <filename>default.action</filename> as needed. By
+ You will probably want to keep an eye out for sites for which you may prefer
+ persistent cookies, and add these to your actions configuration as needed. By
default, most of these will be accepted only during the current browser
- session, until you add them to the configuration. If you want the browser to
- handle this instead, you will need to edit
- <filename>default.action</filename> and disable this feature. If you use more
- than one browser, it would make more sense to let
- <application>Privoxy</application> handle this. In which case, the browser(s)
- should be set to accept all cookies.
+ session (aka <quote>session cookies</quote>), unless you add them to the
+ configuration. If you want the browser to handle this instead, you will need
+ to edit <filename>user.action</filename> (or through the web based interface)
+ and disable this feature. If you use more than one browser, it would make
+ more sense to let <application>Privoxy</application> handle this. In which
+ case, the browser(s) should be set to accept all cookies.
</para>
<para>
- <application>Privoxy</application> is HTTP/1.1 compliant, but not all 1.1
- features are as yet implemented. If browsers that support HTTP/1.1 (like
- <application>Mozilla</application> or recent versions of I.E.) experience
- problems, you might try to force HTTP/1.0 compatibility. For Mozilla, look
- under <literal>Edit -> Preferences -> Debug -> Networking</literal>.
- Or set the <quote>+downgrade</quote> config option in
- <filename>default.action</filename>.
+ Another feature where you will probably want to define exceptions for trusted
+ sites is the popup-killing (through the <literal>+popup</literal> and
+ <literal>+filter{popups}</literal> actions), because your favorite shopping,
+ banking, or leisure site may need popups (explained below).
+</para>
+
+<para>
+ <application>Privoxy</application> is HTTP/1.1 compliant, but not all of
+ the optional 1.1 features are as yet supported. In the unlikely event that
+ you experience inexplicable problems with browsers that use HTTP/1.1 per default
+ (like <application>Mozilla</application> or recent versions of I.E.), you might
+ try to force HTTP/1.0 compatibility. For Mozilla, look under <literal>Edit ->
+ Preferences -> Debug -> Networking</literal>.
+ Alternatively, set the <quote>+downgrade-http-version</quote> config option in
+ <filename>default.action</filename> which will downgrade your browser's HTTP
+ requests from HTTP/1.1 to HTTP/1.0 before processing them.
</para>
<para>
After running <application>Privoxy</application> for a while, you can
start to fine tune the configuration to suit your personal, or site,
preferences and requirements. There are many, many aspects that can
- be customized. <quote>Actions</quote> (as specified in <filename>default.action</filename>)
+ be customized. <quote>Actions</quote>
can be adjusted by pointing your browser to
- <ulink url="http://p.p/">http://p.p/</ulink>,
- and then follow the link to <quote>edit the actions list</quote>.
+ <ulink url="http://config.privoxy.org/">http://config.privoxy.org/</ulink>
+ (shortcut: <ulink url="http://p.p/">http://p.p/</ulink>),
+ and then follow the link to <quote>View & Change the Current Configuration</quote>.
(This is an internal page and does not require Internet access.)
</para>
configuration can be viewed from this page, including
current configuration parameters, source code version numbers,
the browser's request headers, and <quote>actions</quote> that apply
- to a given URL. In addition to the <filename>default.action</filename> file
+ to a given URL. In addition to the actions file
editor mentioned above, <application>Privoxy</application> can also
- be turned <quote>on</quote> and <quote>off</quote> from this page.
+ be turned <quote>on</quote> and <quote>off</quote> (toggled) from this page.
+</para>
+
+<para>
+ If you encounter problems, try loading the page without
+ <application>Privoxy</application>. If that helps, enter the URL where
+ you have the problems into <ulink url="http://p.p/show-url-info">the browser
+ based rule tracing utility</ulink>. See which rules apply and why, and
+ then try turning them off for that site one after the other, until the problem
+ is gone. When you have found the culprit, you might want to turn the rest on
+ again.
</para>
<para>
- If you encounter problems, please verify it is a
- <application>Privoxy</application> bug, by disabling
- <application>Privoxy</application>, and then trying the same page.
- Also, try another browser if possible to eliminate browser or site
- problems. Before reporting it as a bug, see if there is not a configuration
- option that is enabled that is causing the page not to load. You can then add
- an exception for that page or site. For instance, try adding it to the
- <literal>{fragile}</literal> section of <filename>default.action</filename>.
- This will turn off most actions for this site. For more on troubleshooting
- problem sites, see the <ulink
- url="appendix.html#ACTIONSANAT">Appendix</ulink>. If a bug, please report it
- to the developers (see below).
+ If the above paragraph sounds gibberish to you, you might want to <ulink
+ url="configuration.html#ACTIONSFILE">read more about the actions concept</ulink>
+ or even dive deep into the <ulink url="appendix.html#ACTIONSANAT">Appendix
+ on actions</ulink>.
</para>
+<para>
+ If you can't get rid of the problem at all, think you've found a bug in
+ Privoxy, want to propose a new feature or smarter rules, please see the
+ section <ulink url="contact.html"><quote>Contacting the
+ Developers</quote></ulink> below.
+</para>
<!-- ~~~~~ New section ~~~~~ -->
-
-<sect2>
+<sect2 id="cmdoptions">
<title>Command Line Options</title>
<para>
<application>Privoxy</application> may be invoked with the following
<emphasis>--version</emphasis>
</para>
<para>
- Print version info and exit, Unix only.
+ Print version info and exit. Unix only.
</para>
</listitem>
<listitem>
<emphasis>--help</emphasis>
</para>
<para>
- Print a short usage info and exit, Unix only.
+ Print short usage info and exit. Unix only.
</para>
</listitem>
<listitem>
</para>
<para>
Don't become a daemon, i.e. don't fork and become process group
- leader, don't detach from controlling tty. Unix only.
+ leader, and don't detach from controlling tty. Unix only.
</para>
</listitem>
<listitem>
</para>
<para>
On startup, write the process ID to <emphasis>FILE</emphasis>. Delete the
- <emphasis>FILE</emphasis> on exit. Failiure to create or delete the
+ <emphasis>FILE</emphasis> on exit. Failure to create or delete the
<emphasis>FILE</emphasis> is non-fatal. If no <emphasis>FILE</emphasis>
option is given, no PID file will be used. Unix only.
</para>
<application>Privoxy</application> will look for a file named
<quote>config</quote> in the current directory (except on Win32
where it will look for <quote>config.txt</quote> instead). Specify
- full path to avoid confusion.
+ full path to avoid confusion. If no config file is found,
+ <application>Privoxy</application> will fail to start.
</para>
</listitem>
in text files. These files can be edited with a text editor.
Many important aspects of <application>Privoxy</application> can
also be controlled easily with a web browser.
-
</para>
<sect2>
<title>Controlling <application>Privoxy</application> with Your Web Browser</title>
<para>
- <application>Privoxy</application> can be reached by the special
- URL <ulink url="http://p.p/">http://p.p/</ulink> (or alternately
- <ulink url="http://config.privoxy.org/">http://config.privoxy.org/</ulink>),
- which is an internal page. You will see the following section:
+ <application>Privoxy</application>'s user interface can be reached through the special
+ URL <ulink url="http://config.privoxy.org/">http://config.privoxy.org/</ulink>
+ (shortcut: <ulink url="http://p.p/">http://p.p/</ulink>),
+ which is a built-in page and works without Internet access.
+ You will see the following section:
</para>
-<para>
- <screen>
-
-Please choose from the following options:
+<!-- Needs to be put in a table and colorized -->
+<screen>
+ <msgtext>
+ <bridgehead renderas="sect2">Privoxy Menu</bridgehead>
- * Show information about the current configuration
- * Show the source code version numbers
- * Show the client's request headers.
- * Show which actions apply to a URL and why
- * Toggle Privoxy on or off
- * Edit the actions list
+ <simplelist>
+ <member>
+ ▪ <ulink url="http://config.privoxy.org/show-status">View & change the current configuration</ulink>
+ </member>
+ <member>
+ ▪ <ulink url="http://config.privoxy.org/show-version">View the source code version numbers</ulink>
+ </member>
+ <member>
+ ▪ <ulink url="http://config.privoxy.org/show-request">View the request headers.</ulink>
+ </member>
+ <member>
+ ▪ <ulink url="http://config.privoxy.org/show-url-info">Look up which actions apply to a URL and why</ulink>
+ </member>
+ <member>
+ ▪ <ulink url="http://config.privoxy.org/toggle">Toggle Privoxy on or off</ulink>
+ </member>
+ </simplelist>
+ </msgtext>
+</screen>
- </screen>
-</para>
<para>
- This should be self-explanatory. Note the last item is an editor for the
- <quote>actions list</quote>, which is where much of the ad, banner, cookie,
+ This should be self-explanatory. Note the first item leads to an editor for the
+ <quote>actions list</quote>, which is where the ad, banner, cookie,
and URL blocking magic is configured as well as other advanced features of
<application>Privoxy</application>. This is an easy way to adjust various
aspects of <application>Privoxy</application> configuration. The actions
file, and other configuration files, are explained in detail below.
- <application>Privoxy</application> will automatically detect any changes
- to these files.
</para>
<para>
<quote>Toggle Privoxy On or Off</quote> is handy for sites that might
- have problems with your current actions and filters, or just to test if
-
a site misbehaves, whether it is <application>Privoxy</application>
+ have problems with your current actions and filters. You can in fact use
+
it as a test to see whether it is <application>Privoxy</application>
causing the problem or not. <application>Privoxy</application> continues
- to run as a proxy in this case, but all filtering is disabled.
-
+ to run as a proxy in this case, but all filtering is disabled. There
+ is even a toggle <link linkend="bookmarklets">Bookmarklet</link> offered, so
+ that you can toggle <application>Privoxy</application> with one click from
+ your browser.
</para>
</sect2>
<!-- ~~~~~ New section ~~~~~ -->
-<sect2>
+<sect2 id="confoverview">
<title>Configuration Files Overview</title>
<para>
For Unix, *BSD and Linux, all configuration files are located in
</para>
<para>
- The installed defaults provide a reasonable starting point, though possibly
- aggressive by some standards. For the time being, there are only three
- default configuration files (this may change in time):
+ The installed defaults provide a reasonable starting point, though
+ some settings may be aggressive by some standards. For the time being, the
+ principle configuration files are:
</para>
<para>
<listitem>
<para>
- The main configuration file is named <filename>config</filename>
+ The main configuration file is named <link linkend="config">config</link>
on Linux, Unix, BSD, OS/2, and AmigaOS and <filename>config.txt</filename>
- on Windows.
+ on Windows. This is a required file.
</para>
</listitem>
<listitem>
<para>
- The <filename>default.action</filename> file is used to define various
- <quote>actions</quote> relating to images, banners, pop-ups, access
- restrictions, banners and cookies. There is a CGI based editor for this
- file that can be accessed via <ulink
- url="http://p.p">http://p.p</ulink>. (Other actions
- files are included as well with differing levels of filtering
- and blocking, e.g. <filename>basic.action</filename>.)
+ <filename>default.action</filename> (the main <link linkend="actions-file">actions file</link>) is used to define
+ the default settings for various <quote>actions</quote> relating to images, banners,
+ pop-ups, access restrictions, banners and cookies.
+ </para>
+ <para>
+ Multiple actions files may be defined in <filename>config</filename>. These
+ are processed in the order they are defined. Local customizations and locally
+ preferred exceptions to the default policies as defined in
+ <filename>default.action</filename> are probably best applied in
+ <filename>user.action</filename>, which should be preserved across
+ upgrades. <filename>standard.action</filename> is also included. This is mostly
+ for <application>Privoxy's</application> internal use.
+ </para>
+ <para>
+ There is also a web based editor that can be accessed from
+ <ulink
+ url="http://config.privoxy.org/show-status/">http://config.privoxy.org/show-status/</ulink>
+ (Shortcut: <ulink
+ url="http://p.p/show-status/">http://p.p/show-status/</ulink>) for the
+ various actions files.
</para>
</listitem>
<listitem>
<para>
- The <filename>default.filter</filename> file can be used to re-write the raw
- page content, including viewable text as well as embedded HTML and JavaScript,
- and whatever else lurks on any given web page.
+ <filename>default.filter</filename> (the <link linkend="filter-file">filter
+ file</link>) can be used to re-write the raw page content, including
+ viewable text as well as embedded HTML and JavaScript, and whatever else
+ lurks on any given web page. The filtering jobs are only pre-defined here;
+ whether to apply them or not is up to the actions files.
</para>
</listitem>
</para>
<para>
- <filename>default.action</filename> and <filename>default.filter</filename>
- can use Perl style regular expressions for maximum flexibility. All files use
- the <quote><literal>#</literal></quote> character to denote a comment. Such
- lines are not processed by <application>Privoxy</application>. After
- making any changes, there is no need to restart
+ All files use the <quote><literal>#</literal></quote> character to denote a
+ comment (the rest of the line will be ignored) angd understand line continuation
+ through placing a backslash ("<literal>\</literal>") as the very last character
+ in a line. If the <literal>#</literal> is preceded by a backslash, it looses
+ its special function. Placing a <literal>#</literal> in front of an otherwise
+ valid configuration line to prevent it from being interpreted is called "commenting
+ out" that line.
+</para>
+
+<para>
+ The actions files and <filename>default.filter</filename>
+ can use Perl style <link linkend="regex">regular expressions</link> for
+ maximum flexibility.
+</para>
+
+<para>
+ After making any changes, there is no need to restart
<application>Privoxy</application> in order for the changes to take
- effect. <application>Privoxy</application> should detect such changes
- automatically.
+ effect. <application>Privoxy</application> detects such changes
+ automatically. Note, however, that it may take one or two additional
+ requests for the change to take effect. When changing the listening address
+ of <application>Privoxy</application>, these <quote>wake up</quote> requests
+ must obviously be sent to the <emphasis>old</emphasis> listening address.
</para>
<![%p-not-stable;[
<!-- ~~~~~ New section ~~~~~ -->
-<sect2>
+<sect2 id="config">
<title>The Main Configuration File</title>
<para>
Again, the main configuration file is named <filename>config</filename> on
<literal>
<msgtext>
<literallayout>
- <emphasis>blockfile blocklist.ini</emphasis>
+ <emphasis>confdir /etc/privoxy</emphasis>
</literallayout>
- </msgtext>
- </literal>
-</para>
-
-<para>
- Indicates that the blockfile is named <quote>blocklist.ini</quote>. (A
- default installation does not use this.)
-</para>
-
-<para>
- A <quote><literal>#</literal></quote> indicates a comment. Any part of a
- line following a <quote><literal>#</literal></quote> is ignored, except if
- the <quote><literal>#</literal></quote> is preceded by a
- <quote><literal>\</literal></quote>.
+ </msgtext>
+ </literal>
</para>
<para>
- Thus, by placing a <quote><literal>#</literal></quote> at the start of an
- existing configuration line, you can make it a comment and it will be treated
- as if it weren't there. This is called <quote>commenting out</quote> an
- option and can be useful to turn off features: If you comment out the
- <quote>logfile</quote> line, <application>Privoxy</application> will not
- log to a file at all. Watch for the <quote>default:</quote> section in each
- explanation to see what happens if the option is left unset (or commented
- out).
+ Assigns the value <literal>/etc/privoxy</literal> to the option
+ <literal>confdir</literal> and thus indicates that the configuration
+ directory is named <quote>/etc/privoxy/</quote>.
</para>
<para>
- Long lines can be continued on the next line by using a
- <quote><literal>\</literal></quote> as the very last character.
+ All options in the config file except for <literal>confdir</literal> and
+ <literal>logdir</literal> are optional. Watch out in the below description
+ for what happens if you leave them unset.
</para>
<para>
- There are various aspects of <application>Privoxy</application> behavior
- that can be tuned.
+ The main config file controls all aspects of <application>Privoxy</application>'s
+ operation that are not location dependent (i.e. they apply universally, no matter
+ where you may be surfing).
</para>
<!-- ~~~~~ New section ~~~~~ -->
-<sect3>
-<title>Defining Other Configuration Files</title>
-
-<para>
- <application>Privoxy</application> can use a number of other files to tell it
- what ads to block, what cookies to accept, and perform other functions. This
- section of the configuration file tells <application>Privoxy</application>
- where to find all those other files.
-</para>
+<sect3 id="conf-log-loc">
+<title>Configuration and Log File Locations</title>
<para>
- On <application>Windows</application> and <application>AmigaOS</application>,
- <application>Privoxy</application> looks for these files in the same
- directory as the executable. On Unix and OS/2,
- <application>Privoxy</application> looks for these files in the current
- working directory. In either case, an absolute path name can be used to
- avoid problems.
+ <application>Privoxy</application> can (and normally does) use a number of
+ other files for additional configuration and logging.
+ This section of the configuration file tells <application>Privoxy</application>
+ where to find those other files.
</para>
-<para>
- When development goes modular and multi-user, the blocker, filter, and
- per-user config will be stored in subdirectories of <quote>confdir</quote>.
- For now, only <filename>confdir/templates</filename> is used for storing HTML
- templates for CGI results.
-</para>
-<para>
- The location of the configuration files:
-</para>
+<sect4 id="confdir"><title>confdir</title>
-<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>confdir /etc/privoxy</emphasis> # No trailing /, please.
- </literallayout>
- </msgtext>
- </literal>
-</para>
+<variablelist>
+ <varlistentry>
+ <term>Specifies:</term>
+ <listitem>
+ <para>The directory where the other configuration files are located</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Type of value:</term>
+ <listitem>
+ <para>Path name</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Default value:</term>
+ <listitem>
+ <para>/etc/privoxy (Unix) <emphasis>or</emphasis> <application>Privoxy</application> installation dir (Windows) </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Effect if unset:</term>
+ <listitem>
+ <para><emphasis>Mandatory</emphasis></para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ No trailing <quote><literal>/</literal></quote>, please
+ </para>
+ <para>
+ When development goes modular and multi-user, the blocker, filter, and
+ per-user config will be stored in subdirectories of <quote>confdir</quote>.
+ For now, the configuration directory structure is flat, except for
+ <filename>confdir/templates</filename>, where the HTML templates for CGI
+ output reside (e.g. <application>Privoxy's</application> 404 error page).
+ </para>
+ </listitem>
+ </varlistentry>
+</variablelist>
+</sect4>
-<para>
- The directory where all logging (i.e. <filename>logfile</filename> and
- <filename>jarfile</filename>) takes place. No trailing
- <quote><literal>/</literal></quote>, please:
-</para>
-<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>logdir /var/log/privoxy</emphasis>
- </literallayout>
- </msgtext>
- </literal>
-</para>
+<sect4 id="logdir"><title>logdir</title>
-<para>
- Note that all file specifications below are relative to
- the above two directories!
-</para>
+<variablelist>
+ <varlistentry>
+ <term>Specifies:</term>
+ <listitem>
+ <para>
+ The directory where all logging takes place (i.e. where <filename>logfile</filename> and
+ <filename>jarfile</filename> are located)
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Type of value:</term>
+ <listitem>
+ <para>Path name</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Default value:</term>
+ <listitem>
+ <para>/var/log/privoxy (Unix) <emphasis>or</emphasis> <application>Privoxy</application> installation dir (Windows) </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Effect if unset:</term>
+ <listitem>
+ <para><emphasis>Mandatory</emphasis></para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ No trailing <quote><literal>/</literal></quote>, please
+ </para>
+ </listitem>
+ </varlistentry>
+</variablelist>
+</sect4>
+
+<sect4 id="actionsfile"><title>
+actionsfile
+</title>
+<anchor id="default.action">
+<anchor id="standard.action">
+<anchor id="user.action">
+
+<variablelist>
+ <varlistentry>
+ <term>Specifies:</term>
+ <listitem>
+ <para>
+ The <link linkend="actions">actions</link> file(s) to use
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Type of value:</term>
+ <listitem>
+ <para>File name, relative to <literal>confdir</literal></para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Default value:</term>
+ <listitem>
+ <simplelist>
+ <member>
+ <msgtext><literallayout> standard # Internal purposes, recommended not editing</literallayout></msgtext>
+ </member>
+ <member>
+ <msgtext><literallayout> default # Main actions file</literallayout></msgtext>
+ </member>
+ <member>
+ <msgtext><literallayout> user # User customizations</literallayout></msgtext>
+ </member>
+ </simplelist>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Effect if unset:</term>
+ <listitem>
+ <para>
+ No actions are taken at all. Simple neutral proxying.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ Multiple <literal>actionsfile</literal> lines are OK and are in fact recommended!
+ </para>
+ <para>
+ The default values include standard.action, which is used for internal
+ purposes and should be loaded, default.action, which is the
+ <quote>main</quote> actions file maintained by the developers, and
+ <filename>user.action</filename>, where you can make your personal additions.
+ </para>
+ <para>
+ There is no point in using <application>Privoxy</application> without an actions file.
+ </para>
+ </listitem>
+ </varlistentry>
+</variablelist>
+</sect4>
+
+<sect4 id="filterfile"><title>filterfile</title>
+<anchor id="default.filter">
+<variablelist>
+ <varlistentry>
+ <term>Specifies:</term>
+ <listitem>
+ <para>
+ The <link linkend="filter">filter</link> file to use
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Type of value:</term>
+ <listitem>
+ <para>File name, relative to <literal>confdir</literal></para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Default value:</term>
+ <listitem>
+ <para>default.filter (Unix) <emphasis>or</emphasis> default.filter.txt (Windows)</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Effect if unset:</term>
+ <listitem>
+ <para>
+ No textual content filtering takes place, i.e. all
+ <literal>+filter{<replaceable class="parameter">name</replaceable>}</literal>
+ actions in the actions files are turned off
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ The <quote>default.filter</quote> file contains content modification rules
+ that use <quote>regular expressions</quote>. These rules permit powerful
+ changes on the content of Web pages, e.g., you could disable your favorite
+ JavaScript annoyances, re-write the actual displayed text, or just have some
+ fun replacing <quote>Microsoft</quote> with <quote>MicroSuck</quote> wherever
+ it appears on a Web page.
+ </para>
+ </listitem>
+ </varlistentry>
+</variablelist>
+</sect4>
-<para>
- The <quote>default.action</quote> file contains patterns to specify the
- actions to apply to requests for each site. Default: Cookies to and from all
- destinations are kept only during the current browser session (i.e. they are
- not saved to disk). Pop-ups are disabled for all sites. All sites are
- filtered through selected sections of <quote>default.filter</quote>. No sites
- are blocked. <application>Privoxy</application> displays a checkboard type
- pattern for filtered ads and other images. The syntax of this file is
- explained in detail <link linkend="actionsfile">below</link>. Other
- <quote>actions</quote> files are included, and you are free to use any of
- them. They have varying degrees of aggressiveness.
-</para>
+<sect4 id="logfile"><title>logfile</title>
-<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>actionsfile default.action</emphasis>
- </literallayout>
- </msgtext>
- </literal>
-</para>
+<variablelist>
+ <varlistentry>
+ <term>Specifies:</term>
+ <listitem>
+ <para>
+ The log file to use
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Type of value:</term>
+ <listitem>
+ <para>File name, relative to <literal>logdir</literal></para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Default value:</term>
+ <listitem>
+ <para>logfile (Unix) <emphasis>or</emphasis> privoxy.log (Windows)</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Effect if unset:</term>
+ <listitem>
+ <para>
+ No log file is used, all log messages go to the console (<literal>stderr</literal>).
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ The windows version will additionally log to the console.
+ </para>
+ <para>
+ The logfile is where all logging and error messages are written. The level
+ of detail and number of messages are set with the <literal>debug</literal>
+ option (see below). The logfile can be useful for tracking down a problem with
+ <application>Privoxy</application> (e.g., it's not blocking an ad you
+ think it should block) but in most cases you probably will never look at it.
+ </para>
+ <para>
+ Your logfile will grow indefinitely, and you will probably want to
+ periodically remove it. On Unix systems, you can do this with a cron job
+ (see <quote>man cron</quote>). For Red Hat, a <command>logrotate</command>
+ script has been included.
+ </para>
+ <para>
+ On SuSE Linux systems, you can place a line like <quote>/var/log/privoxy.*
+ +1024k 644 nobody.nogroup</quote> in <filename>/etc/logfiles</filename>, with
+ the effect that cron.daily will automatically archive, gzip, and empty the
+ log, when it exceeds 1M size.
+ </para>
+ </listitem>
+ </varlistentry>
+</variablelist>
+</sect4>
-<para>
- The <quote>default.filter</quote> file contains content modification rules
- that use <quote>regular expressions</quote>. These rules permit powerful
- changes on the content of Web pages, e.g., you could disable your favorite
- JavaScript annoyances, re-write the actual displayed text, or just have some
- fun replacing <quote>Microsoft</quote> with <quote>MicroSuck</quote> wherever
- it appears on a Web page. Default: whatever the developers are playing with
- :-/
-</para>
+<sect4 id="jarfile"><title>jarfile</title>
-<para>
- Filtering requires buffering the page content, which may appear to slow down
- page rendering since nothing is displayed until all content has passed
- the filters. (It does not really take longer, but seems that way since
- the page is not incrementally displayed.) This effect will be more noticeable
- on slower connections.
+<variablelist>
+ <varlistentry>
+ <term>Specifies:</term>
+ <listitem>
+ <para>
+ The file to store intercepted cookies in
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Type of value:</term>
+ <listitem>
+ <para>File name, relative to <literal>logdir</literal></para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Default value:</term>
+ <listitem>
+ <para>jarfile (Unix) <emphasis>or</emphasis> privoxy.jar (Windows)</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Effect if unset:</term>
+ <listitem>
+ <para>
+ Intercepted cookies are not stored at all.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ The jarfile may grow to ridiculous sizes over time.
+ </para>
+ </listitem>
+ </varlistentry>
+</variablelist>
+</sect4>
-</para>
+<sect4 id="trustfile"><title>trustfile</title>
-<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>filterfile default.filter</emphasis>
- </literallayout>
- </msgtext>
- </literal>
-</para>
+<variablelist>
+ <varlistentry>
+ <term>Specifies:</term>
+ <listitem>
+ <para>
+ The trust file to use
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Type of value:</term>
+ <listitem>
+ <para>File name, relative to <literal>confdir</literal></para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Default value:</term>
+ <listitem>
+ <para><emphasis>Unset (commented out)</emphasis>. When activated: trust (Unix) <emphasis>or</emphasis> trust.txt (Windows)</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Effect if unset:</term>
+ <listitem>
+ <para>
+ The whole trust mechanism is turned off.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ The trust mechanism is an experimental feature for building white-lists and should
+ be used with care. It is <emphasis>NOT</emphasis> recommended for the casual user.
+ </para>
+ <para>
+ If you specify a trust file, <application>Privoxy</application> will only allow
+ access to sites that are named in the trustfile.
+ You can also mark sites as trusted referrers (with <literal>+</literal>), with
+ the effect that access to untrusted sites will be granted, if a link from a
+ trusted referrer was used.
+ The link target will then be added to the <quote>trustfile</quote>.
+ Possible applications include limiting Internet access for children.
+ </para>
+ <para>
+ If you use <literal>+</literal> operator in the trust file, it may grow considerably over time.
+ </para>
+ </listitem>
+ </varlistentry>
+</variablelist>
+</sect4>
-<para>
- The logfile is where all logging and error messages are written. The logfile
- can be useful for tracking down a problem with
- <application>Privoxy</application> (e.g., it's not blocking an ad you
- think it should block) but in most cases you probably will never look at it.
-</para>
+</sect3>
-<para>
- Your logfile will grow indefinitely, and you will probably want to
- periodically remove it. On Unix systems, you can do this with a cron job
- (see <quote>man cron</quote>). For Redhat, a <command>logrotate</command>
- script has been included.
-</para>
+<!-- ~ End section ~ -->
-<para>
- On SuSE Linux systems, you can place a line like <quote>/var/log/privoxy.*
- +1024k 644 nobody.nogroup</quote> in <filename>/etc/logfiles</filename>, with
- the effect that cron.daily will automatically archive, gzip, and empty the
- log, when it exceeds 1M size.
-</para>
-<para>
- Default: Log to the a file named <filename>logfile</filename>.
- Comment out to disable logging.
-</para>
-<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>logfile logfile</emphasis>
- </literallayout>
- </msgtext>
- </literal>
-</para>
+<!-- ~~~~~ New section ~~~~~ -->
-<para>
- The <quote>jarfile</quote> defines where
- <application>Privoxy</application> stores the cookies it intercepts. Note
- that if you use a <quote>jarfile</quote>, it may grow quite large. Default:
- Don't store intercepted cookies.
-</para>
+<sect3 id="local-set-up">
+<title>Local Set-up Documentation</title>
-<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>#jarfile jarfile</emphasis>
- </literallayout>
- </msgtext>
- </literal>
-</para>
+ <para>
+ If you intend to operate <application>Privoxy</application> for more users
+ that just yourself, it might be a good idea to let them know how to reach
+ you, what you block and why you do that, your policies etc.
+ </para>
-<para>
- If you specify a <quote>trustfile</quote>,
- <application>Privoxy</application> will only allow access to sites that
- are named in the trustfile. You can also mark sites as trusted referrers,
- with the effect that access to untrusted sites will be granted, if a link
- from a trusted referrer was used. The link target will then be added to the
- <quote>trustfile</quote>. This is a very restrictive feature that typical
- users most probably want to leave disabled. Default: Disabled, don't use the
- trust mechanism.
-</para>
+<sect4 id="trust-info-url"><title>trust-info-url</title>
-<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>#trustfile trust</emphasis>
- </literallayout>
- </msgtext>
- </literal>
-</para>
-
-<para>
- If you use the trust mechanism, it is a good idea to write up some on-line
- documentation about your blocking policy and to specify the URL(s) here. They
- will appear on the page that your users receive when they try to access
- untrusted content. Use multiple times for multiple URLs. Default: Don't
- display links on the <quote>untrusted</quote> info page.
-</para>
+<variablelist>
+ <varlistentry>
+ <term>Specifies:</term>
+ <listitem>
+ <para>
+ A URL to be displayed in the error page that users will see if access to an untrusted page is denied.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Type of value:</term>
+ <listitem>
+ <para>URL</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Default value:</term>
+ <listitem>
+ <para>Two example URL are provided</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Effect if unset:</term>
+ <listitem>
+ <para>
+ No links are displayed on the "untrusted" error page.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ The value of this option only matters if the experimental trust mechanism has been
+ activated. (See <literal>trustfile</literal> above.)
+ </para>
+ <para>
+ If you use the trust mechanism, it is a good idea to write up some on-line
+ documentation about your trust policy and to specify the URL(s) here.
+ Use multiple times for multiple URLs.
+ </para>
+ <para>
+ The URL(s) should be added to the trustfile as well, so users don't end up
+ locked out from the information on why they were locked out in the first place!
+ </para>
+ </listitem>
+ </varlistentry>
+</variablelist>
+</sect4>
-<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>trust-info-url http://www.example.com/why_we_block.html</emphasis>
- <emphasis>trust-info-url http://www.example.com/what_we_allow.html</emphasis>
- </literallayout>
- </msgtext>
- </literal>
-</para>
+<sect4 id="admin-address"><title>admin-address</title>
-</sect3>
+<variablelist>
+ <varlistentry>
+ <term>Specifies:</term>
+ <listitem>
+ <para>
+ An email address to reach the proxy administrator.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Type of value:</term>
+ <listitem>
+ <para>Email address</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Default value:</term>
+ <listitem>
+ <para><emphasis>Unset</emphasis></para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Effect if unset:</term>
+ <listitem>
+ <para>
+ No email address is displayed on error pages and the CGI user interface.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ If both <literal>admin-address</literal> and <literal>proxy-info-url</literal>
+ are unset, the whole "Local Privoxy Support" box on all generated pages will
+ not be shown.
+ </para>
+ </listitem>
+ </varlistentry>
+</variablelist>
+</sect4>
+
+<sect4 id="proxy-info-url"><title>proxy-info-url</title>
+
+<variablelist>
+ <varlistentry>
+ <term>Specifies:</term>
+ <listitem>
+ <para>
+ A URL to documentation about the local <application>Privoxy</application> setup,
+ configuration or policies.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Type of value:</term>
+ <listitem>
+ <para>URL</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Default value:</term>
+ <listitem>
+ <para><emphasis>Unset</emphasis></para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Effect if unset:</term>
+ <listitem>
+ <para>
+ No link to local documentation is displayed on error pages and the CGI user interface.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ If both <literal>admin-address</literal> and <literal>proxy-info-url</literal>
+ are unset, the whole "Local Privoxy Support" box on all generated pages will
+ not be shown.
+ </para>
+ <para>
+ This URL shouldn't be blocked ;-)
+ </para>
+ </listitem>
+ </varlistentry>
+</variablelist>
+</sect4>
+</sect3>
<!-- ~ End section ~ -->
+<!-- ~~~~~ New section ~~~~~ -->
+<sect3 id="debugging">
+<title>Debugging</title>
-<!-- ~~~~~ New section ~~~~~ -->
+ <para>
+ These options are mainly useful when tracing a problem.
+ Note that you might also want to invoke
+ <application>Privoxy</application> with the <literal>--no-daemon</literal>
+ command line option when debugging.
+ </para>
-<sect3>
-<title>Other Configuration Options</title>
+<sect4 id="debug"><title>debug</title>
-<para>
- This part of the configuration file contains options that control how
- <application>Privoxy</application> operates.
-</para>
+<variablelist>
+ <varlistentry>
+ <term>Specifies:</term>
+ <listitem>
+ <para>
+ Key values that determine what information gets logged.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Type of value:</term>
+ <listitem>
+ <para>Integer values</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Default value:</term>
+ <listitem>
+ <para>12289 (i.e.: URLs plus informational and warning messages)</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Effect if unset:</term>
+ <listitem>
+ <para>
+ Nothing gets logged.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ The available debug levels are:
+ </para>
+ <para>
+ <programlisting>
+ debug 1 # show each GET/POST/CONNECT request
+ debug 2 # show each connection status
+ debug 4 # show I/O status
+ debug 8 # show header parsing
+ debug 16 # log all data into the logfile
+ debug 32 # debug force feature
+ debug 64 # debug regular expression filter
+ debug 128 # debug fast redirects
+ debug 256 # debug GIF de-animation
+ debug 512 # Common Log Format
+ debug 1024 # debug kill pop-ups
+ debug 4096 # Startup banner and warnings.
+ debug 8192 # Non-fatal errors
+</programlisting>
+ </para>
+ <para>
+ To select multiple debug levels, you can either add them or use
+ multiple <literal>debug</literal> lines.
+ </para>
+ <para>
+ A debug level of 1 is informative because it will show you each request
+ as it happens. <emphasis>1, 4096 and 8192 are highly recommended</emphasis>
+ so that you will notice when things go wrong. The other levels are probably
+ only of interest if you are hunting down a specific problem. They can produce
+ a hell of an output (especially 16).
+ <!-- LOL -->
+ </para>
+ <para>
+ The reporting of <emphasis>fatal</emphasis> errors (i.e. ones which crash
+ <application>Privoxy</application>) is always on and cannot be disabled.
+ </para>
+ <para>
+ If you want to use CLF (Common Log Format), you should set <quote>debug
+ 512</quote> <emphasis>ONLY</emphasis> and not enable anything else.
+ </para>
+ </listitem>
+ </varlistentry>
+</variablelist>
+</sect4>
-<para>
- <quote>Admin-address</quote> should be set to the email address of the proxy
- administrator. It is used in many of the proxy-generated pages. Default:
- fill@me.in.please.
-</para>
+<sect4 id="single-threaded"><title>single-threaded</title>
-<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>#admin-address fill@me.in.please</emphasis>
- </literallayout>
- </msgtext>
- </literal>
-</para>
+<variablelist>
+ <varlistentry>
+ <term>Specifies:</term>
+ <listitem>
+ <para>
+ Whether to run only one server thread
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Type of value:</term>
+ <listitem>
+ <para><emphasis>None</emphasis></para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Default value:</term>
+ <listitem>
+ <para><emphasis>Unset</emphasis></para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Effect if unset:</term>
+ <listitem>
+ <para>
+ Multi-threaded (or, where unavailable: forked) operation, i.e. the ability to
+ serve multiple requests simultaneously.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ This option is only there for debug purposes and you should never
+ need to use it. <emphasis>It will drastically reduce performance.</emphasis>
+ </para>
+ </listitem>
+ </varlistentry>
+</variablelist>
+</sect4>
-<para>
- <quote>Proxy-info-url</quote> can be set to a URL that contains more info
- about this <application>Privoxy</application> installation, it's
- configuration and policies. It is used in many of the proxy-generated pages
- and its use is highly recommended in multi-user installations, since your
- users will want to know why certain content is blocked or modified. Default:
- Don't show a link to on-line documentation.
-</para>
+</sect3>
-<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>proxy-info-url http://www.example.com/proxy.html</emphasis>
- </literallayout>
- </msgtext>
- </literal>
-</para>
+<!-- ~~~~~ New section ~~~~~ -->
-<para>
- <quote>Listen-address</quote> specifies the address and port where
- <application>Privoxy</application> will listen for connections from your
- Web browser. The default is to listen on the localhost port 8118, and
- this is suitable for most users. (In your web browser, under proxy
- configuration, list the proxy server as <quote>localhost</quote> and the
- port as <quote>8118</quote>).
-</para>
+<sect3 id="access-control">
+<title>Access Control and Security</title>
-<para>
- If you already have another service running on port 8118, or if you want to
- serve requests from other machines (e.g. on your local network) as well, you
- will need to override the default. The syntax is
- <quote>listen-address [<ip-address>]:<port></quote>. If you leave
- out the IP address, <application>Privoxy</application> will bind to all
- interfaces (addresses) on your machine and may become reachable from the
- Internet. In that case, consider using access control lists (acl's) (see
- <quote>aclfile</quote> above), or a firewall.
-</para>
+ <para>
+ This section of the config file controls the security-relevant aspects
+ of <application>Privoxy</application>'s configuration.
+ </para>
-<para>
- For example, suppose you are running <application>Privoxy</application> on
- a machine which has the address 192.168.0.1 on your local private network
- (192.168.0.0) and has another outside connection with a different address.
- You want it to serve requests from inside only:
-</para>
+<sect4 id="listen-address"><title>listen-address</title>
-<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>listen-address 192.168.0.1:8118</emphasis>
- </literallayout>
- </msgtext>
- </literal>
-</para>
+<variablelist>
+ <varlistentry>
+ <term>Specifies:</term>
+ <listitem>
+ <para>
+ The IP address and TCP port on which <application>Privoxy</application> will
+ listen for client requests.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Type of value:</term>
+ <listitem>
+ <para>[<replaceable class="parameter">IP-Address</replaceable>]:<replaceable class="parameter">Port</replaceable></para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Default value:</term>
+ <listitem>
+ <para>localhost:8118</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Effect if unset:</term>
+ <listitem>
+ <para>
+ Bind to localhost (127.0.0.1), port 8118. This is suitable and recommended for
+ home users who run <application>Privoxy</application> on the same machine as
+ their browser.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ You will need to configure your browser(s) to this proxy address and port.
+ </para>
+ <para>
+ If you already have another service running on port 8118, or if you want to
+ serve requests from other machines (e.g. on your local network) as well, you
+ will need to override the default.
+ </para>
+ <para>
+ If you leave out the IP address, <application>Privoxy</application> will
+ bind to all interfaces (addresses) on your machine and may become reachable
+ from the Internet. In that case, consider using access control lists (ACL's)
+ (see <quote>ACLs</quote> below), or a firewall.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Example:</term>
+ <listitem>
+ <para>
+ Suppose you are running <application>Privoxy</application> on
+ a machine which has the address 192.168.0.1 on your local private network
+ (192.168.0.0) and has another outside connection with a different address.
+ You want it to serve requests from inside only:
+ </para>
+ <para>
+ <programlisting>
+ listen-address 192.168.0.1:8118
+</programlisting>
+ </para>
+ </listitem>
+ </varlistentry>
+</variablelist>
+</sect4>
-<para>
- If you want it to listen on all addresses (including the outside
- connection):
-</para>
+<sect4 id="toggle"><title>toggle</title>
-<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>listen-address :8118</emphasis>
- </literallayout>
- </msgtext>
- </literal>
+<variablelist>
+ <varlistentry>
+ <term>Specifies:</term>
+ <listitem>
+ <para>
+ Initial state of "toggle" status
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Type of value:</term>
+ <listitem>
+ <para>1 or 0</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Default value:</term>
+ <listitem>
+ <para>1</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Effect if unset:</term>
+ <listitem>
+ <para>
+ Act as if toggled on
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ If set to 0, <application>Privoxy</application> will start in
+ <quote>toggled off</quote> mode, i.e. behave like a normal, content-neutral
+ proxy. See <literal>enable-remote-toggle</literal>
+ below. This is not really useful anymore, since toggling is much easier
+ via <ulink url="http://config.privoxy.org/toggle">the web
+ interface</ulink> then via editing the <filename>conf</filename> file.
+ </para>
+ <para>
+ The windows version will only display the toggle icon in the system tray
+ if this option is present.
+ </para>
+ </listitem>
+ </varlistentry>
+</variablelist>
+</sect4>
+
+
+<sect4 id="enable-remote-toggle"><title>enable-remote-toggle</title>
+<variablelist>
+ <varlistentry>
+ <term>Specifies:</term>
+ <listitem>
+ <para>
+ Whether or not the <ulink url="http://config.privoxy.org/toggle">web-based toggle
+ feature</ulink> may be used
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Type of value:</term>
+ <listitem>
+ <para>0 or 1</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Default value:</term>
+ <listitem>
+ <para>1</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Effect if unset:</term>
+ <listitem>
+ <para>
+ The web-based toggle feature is disabled.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ When toggled off, <application>Privoxy</application> acts like a normal,
+ content-neutral proxy, i.e. it acts as if none of the actions applied to
+ any URL.
+ </para>
+ <para>
+ For the time being, access to the toggle feature can <emphasis>not</emphasis> be
+ controlled separately by <quote>ACLs</quote> or HTTP authentication,
+ so that everybody who can access <application>Privoxy</application> (see
+ <quote>ACLs</quote> and <literal>listen-address</literal> above) can
+ toggle it for all users. So this option is <emphasis>not recommended</emphasis>
+ for multi-user environments with untrusted users.
+ </para>
+ <para>
+ Note that you must have compiled <application>Privoxy</application> with
+ support for this feature, otherwise this option has no effect.
+ </para>
+ </listitem>
+ </varlistentry>
+</variablelist>
+</sect4>
+
+
+<sect4 id="enable-edit-actions"><title>enable-edit-actions</title>
+<variablelist>
+ <varlistentry>
+ <term>Specifies:</term>
+ <listitem>
+ <para>
+ Whether or not the <ulink url="http://config.privoxy.org/show-status">web-based actions
+ file editor</ulink> may be used
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Type of value:</term>
+ <listitem>
+ <para>0 or 1</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Default value:</term>
+ <listitem>
+ <para>1</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Effect if unset:</term>
+ <listitem>
+ <para>
+ The web-based actions file editor is disabled.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ For the time being, access to the editor can <emphasis>not</emphasis> be
+ controlled separately by <quote>ACLs</quote> or HTTP authentication,
+ so that everybody who can access <application>Privoxy</application> (see
+ <quote>ACLs</quote> and <literal>listen-address</literal> above) can
+ modify its configuration for all users. So this option is <emphasis>not
+ recommended</emphasis> for multi-user environments with untrusted users.
+ </para>
+ <para>
+ Note that you must have compiled <application>Privoxy</application> with
+ support for this feature, otherwise this option has no effect.
+ </para>
+ </listitem>
+ </varlistentry>
+</variablelist>
+</sect4>
+
+<sect4 id="acls"><title>
+ACLs: permit-access and deny-access</title>
+<anchor id="permit-acces">
+<anchor id="deny-acces">
+
+<variablelist>
+ <varlistentry>
+ <term>Specifies:</term>
+ <listitem>
+ <para>
+ Who can access what.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Type of value:</term>
+ <listitem>
+ <para>
+ <replaceable class="parameter">src_addr</replaceable>[/<replaceable class="parameter">src_masklen</replaceable>]
+ [<replaceable class="parameter">dst_addr</replaceable>[/<replaceable class="parameter">dst_masklen</replaceable>]]
+ </para>
+ <para>
+ Where <replaceable class="parameter">src_addr</replaceable> and
+ <replaceable class="parameter">dst_addr</replaceable> are IP addresses in dotted decimal notation or valid
+ DNS names, and <replaceable class="parameter">src_masklen</replaceable> and
+ <replaceable class="parameter">dst_masklen</replaceable> are subnet masks in CIDR notation, i.e. integer
+ values from 2 to 30 representing the length (in bits) of the network address. The masks and the whole
+ destination part are optional.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Default value:</term>
+ <listitem>
+ <para><emphasis>Unset</emphasis></para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Effect if unset:</term>
+ <listitem>
+ <para>
+ Don't restrict access further than implied by <literal>listen-address</literal>
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ Access controls are included at the request of ISPs and systems
+ administrators, and <emphasis>are not usually needed by individual users</emphasis>.
+ For a typical home user, it will normally suffice to ensure that
+ <application>Privoxy</application> only listens on the localhost or internal (home)
+ network address by means of the <literal>listen-address</literal> option.
+ </para>
+ <para>
+ Please see the warnings in the FAQ that this proxy is not intended to be a substitute
+ for a firewall or to encourage anyone to defer addressing basic security
+ weaknesses.
+ </para>
+ <para>
+ Multiple ACL lines are OK.
+ If any ACLs are specified, then the <application>Privoxy</application>
+ talks only to IP addresses that match at least one <literal>permit-access</literal> line
+ and don't match any subsequent <literal>deny-access</literal> line. In other words, the
+ last match wins, with the default being <literal>deny-access</literal>.
+ </para>
+ <para>
+ If <application>Privoxy</application> is using a forwarder (see <literal>forward</literal> below)
+ for a particular destination URL, the <replaceable class="parameter">dst_addr</replaceable>
+ that is examined is the address of the forwarder and <emphasis>NOT</emphasis> the address
+ of the ultimate target. This is necessary because it may be impossible for the local
+ <application>Privoxy</application> to determine the IP address of the
+ ultimate target (that's often what gateways are used for).
+ </para>
+ <para>
+ You should prefer using IP addresses over DNS names, because the address lookups take
+ time. All DNS names must resolve! You can <emphasis>not</emphasis> use domain patterns
+ like <quote>*.org</quote> or partial domain names. If a DNS name resolves to multiple
+ IP addresses, only the first one is used.
+ </para>
+ <para>
+ Denying access to particular sites by ACL may have undesired side effects
+ if the site in question is hosted on a machine which also hosts other sites.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Examples:</term>
+ <listitem>
+ <para>
+ Explicitly define the default behavior if no ACL and
+ <literal>listen-address</literal> are set: <quote>localhost</quote>
+ is OK. The absence of a <replaceable class="parameter">dst_addr</replaceable> implies that
+ <emphasis>all</emphasis> destination addresses are OK:
+ </para>
+ <para>
+ <screen>
+ permit-access localhost
+</screen>
+ </para>
+ <para>
+ Allow any host on the same class C subnet as www.privoxy.org access to
+ nothing but www.example.com:
+ </para>
+ <para>
+ <screen>
+ permit-access www.privoxy.org/24 www.example.com/32
+</screen>
+ </para>
+ <para>
+ Allow access from any host on the 26-bit subnet 192.168.45.64 to anywhere,
+ with the exception that 192.168.45.73 may not access www.dirty-stuff.example.com:
+ </para>
+ <para>
+ <screen>
+ permit-access 192.168.45.64/26
+ deny-access 192.168.45.73 www.dirty-stuff.example.com
+</screen>
+ </para>
+ </listitem>
+ </varlistentry>
+</variablelist>
+</sect4>
+
+<sect4 id="buffer-limit"><title>buffer-limit</title>
+
+<variablelist>
+ <varlistentry>
+ <term>Specifies:</term>
+ <listitem>
+ <para>
+ Maximum size of the buffer for content filtering.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Type of value:</term>
+ <listitem>
+ <para>Size in Kbytes</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Default value:</term>
+ <listitem>
+ <para>4096</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Effect if unset:</term>
+ <listitem>
+ <para>
+ Use a 4MB (4096 KB) limit.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ For content filtering, i.e. the <literal>+filter</literal> and
+ <literal>+deanimate-gif</literal> actions, it is necessary that
+ <application>Privoxy</application> buffers the entire document body.
+ This can be potentially dangerous, since a server could just keep sending
+ data indefinitely and wait for your RAM to exhaust -- with nasty consequences.
+ Hence this option.
+ </para>
+ <para>
+ When a document buffer size reaches the <literal>buffer-limit</literal>, it is
+ flushed to the client unfiltered and no further attempt to
+ filter the rest of the document is made. Remember that there may be multiple threads
+ running, which might require up to <literal>buffer-limit</literal> Kbytes
+ <emphasis>each</emphasis>, unless you have enabled <quote>single-threaded</quote>
+ above.
+ </para>
+ </listitem>
+ </varlistentry>
+</variablelist>
+</sect4>
+
+</sect3>
+
+<!-- ~ End section ~ -->
+
+
+<!-- ~~~~~ New section ~~~~~ -->
+
+<sect3 id="forwarding">
+<title>Forwarding</title>
+
+<para>
+ This feature allows routing of HTTP requests through a chain of
+ multiple proxies.
+ It can be used to better protect privacy and confidentiality when
+ accessing specific domains by routing requests to those domains
+ through an anonymous public proxy (see e.g. <ulink
+ url="http://www.multiproxy.org/anon_list.htm">http://www.multiproxy.org/anon_list.htm</ulink>)
+ Or to use a caching proxy to speed up browsing. Or chaining to a parent
+ proxy may be necessary because the machine that <application>Privoxy</application>
+ runs on has no direct Internet access.
+</para>
+
+<para>
+ Also specified here are SOCKS proxies. <application>Privoxy</application>
+ supports the SOCKS 4 and SOCKS 4A protocols.
+</para>
+
+<sect4 id="forward"><title>forward</title>
+<variablelist>
+ <varlistentry>
+ <term>Specifies:</term>
+ <listitem>
+ <para>
+ To which parent HTTP proxy specific requests should be routed.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Type of value:</term>
+ <listitem>
+ <para>
+ <replaceable class="parameter">target_domain</replaceable>[:<replaceable class="parameter">port</replaceable>]
+ <replaceable class="parameter">http_parent</replaceable>[/<replaceable class="parameter">port</replaceable>]
+ </para>
+ <para>
+ Where <replaceable class="parameter">target_domain</replaceable> is a domain name pattern (see the
+ chapter on domain matching in the <filename>default.action</filename> file),
+ <replaceable class="parameter">http_parent</replaceable> is the address of the parent HTTP proxy
+ as an IP addresses in dotted decimal notation or as a valid DNS name (or <quote>.</quote> to denote
+ <quote>no forwarding</quote>, and the optional
+ <replaceable class="parameter">port</replaceable> parameters are TCP ports, i.e. integer
+ values from 1 to 64535
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Default value:</term>
+ <listitem>
+ <para><emphasis>Unset</emphasis></para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Effect if unset:</term>
+ <listitem>
+ <para>
+ Don't use parent HTTP proxies.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ If <replaceable class="parameter">http_parent</replaceable> is <quote>.</quote>, then requests are not
+ forwarded to another HTTP proxy but are made directly to the web servers.
+ </para>
+ <para>
+ Multiple lines are OK, they are checked in sequence, and the last match wins.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Examples:</term>
+ <listitem>
+ <para>
+ Everything goes to an example anonymizing proxy, except SSL on port 443 (which it doesn't handle):
+ </para>
+ <para>
+ <screen>
+ forward .* anon-proxy.example.org:8080
+ forward :443 .
+</screen>
+ </para>
+ <para>
+ Everything goes to our example ISP's caching proxy, except for requests
+ to that ISP's sites:
+ </para>
+ <para>
+ <screen>
+ forward .*. caching-proxy.example-isp.net:8000
+ forward .example-isp.net .
+</screen>
+ </para>
+ </listitem>
+ </varlistentry>
+</variablelist>
+</sect4>
+
+<sect4 id="socks"><title>
+forward-socks4 and forward-socks4a</title>
+<anchor id="forward-socks4">
+<anchor id="forward-socks4a">
+
+<variablelist>
+ <varlistentry>
+ <term>Specifies:</term>
+ <listitem>
+ <para>
+ Through which SOCKS proxy (and to which parent HTTP proxy) specific requests should be routed.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Type of value:</term>
+ <listitem>
+ <para>
+ <replaceable class="parameter">target_domain</replaceable>[:<replaceable class="parameter">port</replaceable>]
+ <replaceable class="parameter">socks_proxy</replaceable>[/<replaceable class="parameter">port</replaceable>]
+ <replaceable class="parameter">http_parent</replaceable>[/<replaceable class="parameter">port</replaceable>]
+ </para>
+ <para>
+ Where <replaceable class="parameter">target_domain</replaceable> is a domain name pattern (see the
+ chapter on domain matching in the <filename>default.action</filename> file),
+ <replaceable class="parameter">http_parent</replaceable> and <replaceable class="parameter">socks_proxy</replaceable>
+ are IP addresses in dotted decimal notation or valid DNS names (<replaceable class="parameter">http_parent</replaceable>
+ may be <quote>.</quote> to denote <quote>no HTTP forwarding</quote>), and the optional
+ <replaceable class="parameter">port</replaceable> parameters are TCP ports, i.e. integer values from 1 to 64535
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Default value:</term>
+ <listitem>
+ <para><emphasis>Unset</emphasis></para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Effect if unset:</term>
+ <listitem>
+ <para>
+ Don't use SOCKS proxies.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ Multiple lines are OK, they are checked in sequence, and the last match wins.
+ </para>
+ <para>
+ The difference between <literal>forward-socks4</literal> and <literal>forward-socks4a</literal>
+ is that in the SOCKS 4A protocol, the DNS resolution of the target hostname happens on the SOCKS
+ server, while in SOCKS 4 it happens locally.
+ </para>
+ <para>
+ If <replaceable class="parameter">http_parent</replaceable> is <quote>.</quote>, then requests are not
+ forwarded to another HTTP proxy but are made (HTTP-wise) directly to the web servers, albeit through
+ a SOCKS proxy.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Examples:</term>
+ <listitem>
+ <para>
+ From the company example.com, direct connections are made to all
+ <quote>internal</quote> domains, but everything outbound goes through
+ their ISP's proxy by way of example.com's corporate SOCKS 4A gateway to
+ the Internet.
+ </para>
+ <para>
+ <screen>
+ forward-socks4a .*. socks-gw.example.com:1080 www-cache.example-isp.net:8080
+ forward .example.com .
+</screen>
+ </para>
+ <para>
+ A rule that uses a SOCKS 4 gateway for all destinations but no HTTP parent looks like this:
+ </para>
+ <para>
+ <screen>
+ forward-socks4 .*. socks-gw.example.com:1080 .
+</screen>
+ </para>
+ </listitem>
+ </varlistentry>
+</variablelist>
+</sect4>
+
+<sect4 id="advanced-forwarding-examples"><title>Advanced Forwarding Examples</title>
+
+<para>
+ If you have links to multiple ISPs that provide various special content
+ only to their subscribers, you can configure multiple <application>Privoxies</application>
+ which have connections to the respective ISPs to act as forwarders to each other, so that
+ <emphasis>your</emphasis> users can see the internal content of all ISPs.
</para>
<para>
- If you do this, consider using ACLs (see <quote>aclfile</quote> above). Note:
- you will need to point your browser(s) to the address and port that you have
- configured here. Default: localhost:8118 (127.0.0.1:8118).
+ Assume that host-a has a PPP connection to isp-a.net. And host-b has a PPP connection to
+ isp-b.net. Both run <application>Privoxy</application>. Their forwarding
+ configuration can look like this:
</para>
<para>
- The debug option sets the level of debugging information to log in the
- logfile (and to the console in the Windows version). A debug level of 1 is
- informative because it will show you each request as it happens. Higher
- levels of debug are probably only of interest to developers.
+ host-a:
</para>
<para>
- <literal>
- <msgtext>
- <literallayout>
- debug 1 # GPC = show each GET/POST/CONNECT request
- debug 2 # CONN = show each connection status
- debug 4 # IO = show I/O status
- debug 8 # HDR = show header parsing
- debug 16 # LOG = log all data into the logfile
- debug 32 # FRC = debug force feature
- debug 64 # REF = debug regular expression filter
- debug 128 # = debug fast redirects
- debug 256 # = debug GIF de-animation
- debug 512 # CLF = Common Log Format
- debug 1024 # = debug kill pop-ups
- debug 4096 # INFO = Startup banner and warnings.
- debug 8192 # ERROR = Non-fatal errors
- </literallayout>
- </msgtext>
- </literal>
+ <screen>
+ forward .*. .
+ forward .isp-b.net host-b:8118
+</screen>
</para>
-<![%p-not-stable;[
<para>
- It is <emphasis>highly recommended</emphasis> that you enable ERROR
- reporting (debug 8192), at least until v3.0 is released.
+ host-b:
</para>
-]]>
<para>
- The reporting of FATAL errors (i.e. ones which crash
- <application>Privoxy</application>) is always on and cannot be disabled.
+ <screen>
+ forward .*. .
+ forward .isp-a.net host-a:8118
+</screen>
</para>
<para>
- If you want to use CLF (Common Log Format), you should set <quote>debug
- 512</quote> ONLY, do not enable anything else.
+ Now, your users can set their browser's proxy to use either
+ host-a or host-b and be able to browse the internal content
+ of both isp-a and isp-b.
</para>
<para>
- Multiple <quote>debug</quote> directives, are OK - they're logical-OR'd
- together.
+ If you intend to chain <application>Privoxy</application> and
+ <application>squid</application> locally, then chain as
+ <literal>browser -> squid -> privoxy</literal> is the recommended way.
</para>
<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>debug 15 # same as setting the first 4 listed above</emphasis>
- </literallayout>
- </msgtext>
- </literal>
+ Assuming that <application>Privoxy</application> and <application>squid</application>
+ run on the same box, your squid configuration could then look like this:
+</para>
+
+<para>
+ <screen>
+ # Define Privoxy as parent proxy (without ICP)
+ cache_peer 127.0.0.1 parent 8118 7 no-query
+
+ # Define ACL for protocol FTP
+ acl ftp proto FTP
+
+ # Do not forward FTP requests to Privoxy
+ always_direct allow ftp
+
+ # Forward all the rest to Privoxy
+ never_direct allow all</screen>
+</para>
+
+<para>
+ You would then need to change your browser's proxy settings to <application>squid</application>'s address and port.
+ Squid normally uses port 3128. If unsure consult <literal>http_port</literal> in <filename>squid.conf</filename>.
+</para>
+
+</sect4>
+
+</sect3>
+
+<!-- ~ End section ~ -->
+
+
+<!-- ~~~~~ New section ~~~~~ -->
+
+<sect3 id="windows-gui">
+<title>Windows GUI Options</title>
+<para>
+ <application>Privoxy</application> has a number of options specific to the
+ Windows GUI interface:
</para>
+<anchor id="activity-animation">
<para>
- Default:
+ If <quote>activity-animation</quote> is set to 1, the
+ <application>Privoxy</application> icon will animate when
+ <quote>Privoxy</quote> is active. To turn off, set to 0.
</para>
<para>
<literal>
<msgtext>
<literallayout>
- <emphasis>debug 1 # URLs</emphasis>
- <emphasis>debug 4096 # Info</emphasis>
- <emphasis>debug 8192 # Errors - *we highly recommended enabling this*</emphasis>
+ <emphasis>activity-animation 1</emphasis>
</literallayout>
</msgtext>
</literal>
</para>
+<anchor id="log-messages">
<para>
- <application>Privoxy</application> normally uses
- <quote>multi-threading</quote>, a software technique that permits it to
- handle many different requests simultaneously. In some cases you may wish to
- disable this -- particularly if you're trying to debug a problem. The
- <quote>single-threaded</quote> option forces
- <application>Privoxy</application> to handle requests sequentially.
- Default: Multi-threaded mode.
+ If <quote>log-messages</quote> is set to 1,
+ <application>Privoxy</application> will log messages to the console
+ window:
</para>
<para>
<literal>
<msgtext>
<literallayout>
- <emphasis>#single-threaded</emphasis>
+ <emphasis>log-messages 1</emphasis>
</literallayout>
</msgtext>
</literal>
</para>
-<para>
- <quote>toggle</quote> allows you to temporarily disable all
- <application>Privoxy's</application> filtering. Just set <quote>toggle
- 0</quote>.
-</para>
-
-<para>
- The Windows version of <application>Privoxy</application> puts an icon in
- the system tray, which also allows you to change this option. If you
- right-click on that icon (or select the <quote>Options</quote> menu), one
- choice is <quote>Enable</quote>. Clicking on enable toggles
- <application>Privoxy</application> on and off. This is useful if you want
- to temporarily disable <application>Privoxy</application>, e.g., to access
- a site that requires cookies which you would otherwise have blocked. This can also
- be toggled via a web browser at the <application>Privoxy</application>
- internal address of <ulink url="http://p.p">http://p.p</ulink> on
- any platform.
+<anchor id="log-buffer-size">
+<para>
+ If <quote>log-buffer-size</quote> is set to 1, the size of the log buffer,
+ i.e. the amount of memory used for the log messages displayed in the
+ console window, will be limited to <quote>log-max-lines</quote> (see below).
</para>
<para>
- <quote>toggle 1</quote> means <application>Privoxy</application> runs
- normally, <quote>toggle 0</quote> means that
- <application>Privoxy</application> becomes a non-anonymizing non-blocking
- proxy. Default: 1 (on).
+ Warning: Setting this to 0 will result in the buffer to grow infinitely and
+ eat up all your memory!
</para>
<para>
<literal>
<msgtext>
<literallayout>
- <emphasis>toggle 1</emphasis>
+ <emphasis>log-buffer-size 1</emphasis>
</literallayout>
</msgtext>
</literal>
</para>
+<anchor id="log-max-lines">
<para>
- For content filtering, i.e. the <quote>+filter</quote> and
- <quote>+deanimate-gif</quote> actions, it is necessary that
- <application>Privoxy</application> buffers the entire document body.
- This can be potentially dangerous, since a server could just keep sending
- data indefinitely and wait for your RAM to exhaust. With nasty consequences.
-</para>
-
-<para>
- The <application>buffer-limit</application> option lets you set the maximum
- size in Kbytes that each buffer may use. When the documents buffer exceeds
- this size, it is flushed to the client unfiltered and no further attempt to
- filter the rest of it is made. Remember that there may multiple threads
- running, which might require increasing the <quote>buffer-limit</quote>
- Kbytes <emphasis>each</emphasis>, unless you have enabled
- <quote>single-threaded</quote> above.
+ <application>log-max-lines</application> is the maximum number of lines held
+ in the log buffer. See above.
</para>
<para>
<literal>
<msgtext>
<literallayout>
- <emphasis>buffer-limit 4069</emphasis>
+ <emphasis>log-max-lines 200</emphasis>
</literallayout>
</msgtext>
</literal>
</para>
+<anchor id="log-highlight-messages">
<para>
- To enable the web-based <filename>default.action</filename> file editor set
- <application>enable-edit-actions</application> to 1, or 0 to disable. Note
- that you must have compiled <application>Privoxy</application> with
- support for this feature, otherwise this option has no effect. This
- internal page can be reached at <ulink
- url="http://p.p">http://p.p</ulink>.
- </para>
-
-<para>
- Security note: If this is enabled, anyone who can use the proxy
- can edit the actions file, and their changes will affect all users.
- For shared proxies, you probably want to disable this. Default: enabled.
+ If <quote>log-highlight-messages</quote> is set to 1,
+ <application>Privoxy</application> will highlight portions of the log
+ messages with a bold-faced font:
</para>
<para>
<literal>
<msgtext>
<literallayout>
- <emphasis>enable-edit-actions 1</emphasis>
+ <emphasis>log-highlight-messages 1</emphasis>
</literallayout>
</msgtext>
</literal>
</para>
+<anchor id="log-font-name">
<para>
- Allow <application>Privoxy</application> to be toggled on and off
- remotely, using your web browser. Set <quote>enable-remote-toggle</quote>to
- 1 to enable, and 0 to disable. Note that you must have compiled
- <application>Privoxy</application> with support for this feature,
- otherwise this option has no effect.
-</para>
-
-<para>
- Security note: If this is enabled, anyone who can use the proxy can toggle
- it on or off (see <ulink url="http://p.p">http://p.p</ulink>), and
- their changes will affect all users. For shared proxies, you probably want to
- disable this. Default: enabled.
+ The font used in the console window:
</para>
<para>
<literal>
<msgtext>
<literallayout>
- <emphasis>enable-remote-toggle 1</emphasis>
- </literallayout>
- </msgtext>
- </literal>
-</para>
-
-</sect3>
-
-<!-- ~ End section ~ -->
-
-
-<!-- ~~~~~ New section ~~~~~ -->
-
-<sect3>
-<title>Access Control List (ACL)</title>
-<para>
- Access controls are included at the request of some ISPs and systems
- administrators, and are not usually needed by individual users. Please note
- the warnings in the FAQ that this proxy is not intended to be a substitute
- for a firewall or to encourage anyone to defer addressing basic security
- weaknesses.
-</para>
-
-<para>
- If no access settings are specified, the proxy talks to anyone that
- connects. If any access settings file are specified, then the proxy
- talks only to IP addresses permitted somewhere in this file and not
- denied later in this file.
-</para>
-
-<para>
- Summary -- if using an ACL:
-</para>
-
- <simplelist>
- <member>
- Client must have permission to receive service.
- </member>
- </simplelist>
- <simplelist>
- <member>
- LAST match in ACL wins.
- </member>
- </simplelist>
- <simplelist>
- <member>
- Default behavior is to deny service.
- </member>
- </simplelist>
-
-<para>
- The syntax for an entry in the Access Control List is:
-</para>
-
-<para>
- <literal>
- <msgtext>
- <literallayout>
- ACTION SRC_ADDR[/SRC_MASKLEN] [ DST_ADDR[/DST_MASKLEN] ]
+ <emphasis>log-font-name Comic Sans MS</emphasis>
</literallayout>
</msgtext>
</literal>
</para>
+<anchor id="log-font-size">
<para>
- Where the individual fields are:
+ Font size used in the console window:
</para>
<para>
<literal>
<msgtext>
<literallayout>
- <emphasis>ACTION</emphasis> = <quote>permit-access</quote> or <quote>deny-access</quote>
-
- <emphasis>SRC_ADDR</emphasis> = client hostname or dotted IP address
- <emphasis>SRC_MASKLEN</emphasis> = number of bits in the subnet mask for the source
-
- <emphasis>DST_ADDR</emphasis> = server or forwarder hostname or dotted IP address
- <emphasis>DST_MASKLEN</emphasis> = number of bits in the subnet mask for the target
+ <emphasis>log-font-size 8</emphasis>
</literallayout>
</msgtext>
</literal>
</para>
-
-<para>
- The field separator (FS) is whitespace (space or tab).
-</para>
-
-<para>
- IMPORTANT NOTE: If <application>Privoxy</application> is using a
- forwarder (see below) or a gateway for a particular destination URL, the
- <literal>DST_ADDR</literal> that is examined is the address of the forwarder
- or the gateway and <emphasis>NOT</emphasis> the address of the ultimate
- target. This is necessary because it may be impossible for the local
- <application>Privoxy</application> to determine the address of the
- ultimate target (that's often what gateways are used for).
-</para>
-
-<para>
- Here are a few examples to show how the ACL features work:
-</para>
-
-<para>
- <quote>localhost</quote> is OK -- no DST_ADDR implies that
- <emphasis>ALL</emphasis> destination addresses are OK:
+<anchor id="show-on-task-bar">
+<para>
+ <quote>show-on-task-bar</quote> controls whether or not
+ <application>Privoxy</application> will appear as a button on the Task bar
+ when minimized:
</para>
<para>
<literal>
<msgtext>
<literallayout>
- <emphasis>permit-access localhost</emphasis>
+ <emphasis>show-on-task-bar 0</emphasis>
</literallayout>
</msgtext>
</literal>
</para>
+<anchor id="close-button-minimizes">
<para>
- A silly example to illustrate permitting any host on the class-C subnet with
- <application>Privoxy</application> to go anywhere:
+ If <quote>close-button-minimizes</quote> is set to 1, the Windows close
+ button will minimize <application>Privoxy</application> instead of closing
+ the program (close with the exit option on the File menu).
</para>
<para>
<literal>
<msgtext>
<literallayout>
- <emphasis>permit-access www.privoxy.com/24</emphasis>
+ <emphasis>close-button-minimizes 1</emphasis>
</literallayout>
</msgtext>
</literal>
</para>
+<anchor id="hide-console">
<para>
- Except deny one particular IP address from using it at all:
+ The <quote>hide-console</quote> option is specific to the MS-Win console
+ version of <application>Privoxy</application>. If this option is used,
+ <application>Privoxy</application> will disconnect from and hide the
+ command console.
</para>
<para>
<literal>
<msgtext>
<literallayout>
- <emphasis>deny-access ident.privoxy.com</emphasis>
+ #hide-console
</literallayout>
</msgtext>
</literal>
</para>
-<para>
- You can also specify an explicit network address and subnet mask.
- Explicit addresses do not have to be resolved to be used.
-</para>
+</sect3>
+</sect2>
-<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>permit-access 207.153.200.0/24</emphasis>
- </literallayout>
- </msgtext>
- </literal>
-</para>
+<!-- ~ End section ~ -->
-<para>
- A subnet mask of 0 matches anything, so the next line permits everyone.
-</para>
-<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>permit-access 0.0.0.0/0</emphasis>
- </literallayout>
- </msgtext>
- </literal>
-</para>
+<!-- ~~~~~ New section ~~~~~ -->
+<sect2 id="actions-file"><title>Actions Files</title>
+
+<para>
+ The actions files are used to define what actions
+ <application>Privoxy</application> takes for which URLs, and thus determines
+ how ad images, cookies and various other aspects of HTTP content and
+ transactions are handled, and on which sites (or even parts thereof). There
+ are three such files included with <application>Privoxy</application>,
+ with slightly different purposes. <filename>default.action</filename> sets
+ the default policies. <filename>standard.action</filename> is used by
+ <application>Privoxy</application> and the web based editor to set
+ pre-defined values (and normally should not be edited). Local exceptions
+ are best done in <filename>user.action</filename>. The content of these
+ can all be viewed and edited from <ulink
+ url="http://config.privoxy.org/show-status">http://config.privoxy.org/show-status</ulink>.
+ </para>
-<para>
- Note, you <emphasis>cannot</emphasis> say:
+<para>
+ Anything you want can be blocked, including ads, banners, or just some obnoxious
+ URL that you would rather not see is done here. Cookies can be accepted or rejected, or
+ accepted only during the current browser session (i.e. not written to disk),
+ content can be modified, JavaScripts tamed, user-tracking fooled, and much more.
+ See below for a complete list of available actions.
</para>
<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>permit-access .org</emphasis>
- </literallayout>
- </msgtext>
- </literal>
+ An actions file typically has sections. Near the top, <quote>aliases</quote> are
+ optionally defined (discussed <ulink
+ url="configuration.html#ALIASES">below</ulink>), then the default set of rules
+ which will apply universally to all sites and pages. And then below that,
+ exceptions to the defined universal policies.
</para>
+<!-- ~~~~~ New section ~~~~~ -->
+<sect3>
+<title>Finding the Right Mix</title>
<para>
- to allow all *.org domains. Every IP address listed must resolve fully.
+ Note that some <link linkend="actions">actions</link> like cookie suppression
+ or script disabling may render some sites unusable, which rely on these
+ techniques to work properly. Finding the right mix of actions is not easy and
+ certainly a matter of personal taste. In general, it can be said that the more
+ <quote>aggressive</quote> your default settings (in the top section of the
+ actions file) are, the more exceptions for <quote>trusted</quote> sites you
+ will have to make later. If, for example, you want to kill popup windows per
+ default, you'll have to make exceptions from that rule for sites that you
+ regularly use and that require popups for actually useful content, like maybe
+ your bank, favorite shop, or newspaper.
</para>
<para>
- An ISP may want to provide a <application>Privoxy</application> that is
- accessible by <quote>the world</quote> and yet restrict use of some of their
- private content to hosts on its internal network (i.e. its own subscribers).
- Say, for instance the ISP owns the Class-B IP address block 123.124.0.0 (a 16
- bit netmask). This is how they could do it:
+ We have tried to provide you with reasonable rules to start from in the
+ distribution actions files. But there is no general rule of thumb on these
+ things. There just are too many variables, and sites are constantly changing.
+ Sooner or later you will want to change the rules (and read this chapter again :).
</para>
+</sect3>
+<!-- ~~~~~ New section ~~~~~ -->
+<sect3>
+<title>How to Edit</title>
<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>permit-access 0.0.0.0/0 0.0.0.0/0</emphasis> # other clients can go anywhere
- # with the following exceptions:
-
- <emphasis>deny-access</emphasis> 0.0.0.0/0 123.124.0.0/16 # block all external requests for
- # sites on the ISP's network
-
- <emphasis>permit 0.0.0.0/0 www.my_isp.com</emphasis> # except for the ISP's main
- # web site
-
- <emphasis>permit 123.124.0.0/16 0.0.0.0/0</emphasis> # the ISP's clients can go
- # anywhere
- </literallayout>
- </msgtext>
- </literal>
+ The easiest way to edit the <quote>actions</quote> files is with a browser by
+ using our browser-based editor, which can be reached from <ulink
+ url="http://config.privoxy.org/show-status">http://config.privoxy.org/show-status</ulink>.
</para>
<para>
- Note that if some hostnames are listed with multiple IP addresses,
- the primary value returned by DNS (via gethostbyname()) is used. Default:
- Anyone can access the proxy.
+ If you prefer plain text editing to GUIs, you can of course also directly edit the
+ the actions files.
</para>
-
</sect3>
-<!-- ~ End section ~ -->
-
-
-<!-- ~~~~~ New section ~~~~~ -->
-
-<sect3 id="forwarding">
-<title>Forwarding</title>
+<sect3>
+<title>How Actions are Applied to URLs</title>
<para>
- This feature allows chaining of HTTP requests via multiple proxies.
- It can be used to better protect privacy and confidentiality when
- accessing specific domains by routing requests to those domains
- to a special purpose filtering proxy such as lpwa.com. Or to use
- a caching proxy to speed up browsing.
+ Actions files are divided into sections. There are special sections,
+ like the <quote><link linkend="aliases">alias</link></quote> sections which will be discussed later. For now
+ let's concentrate on regular sections: They have a heading line (often split
+ up to multiple lines for readability) which consist of a list of actions,
+ separated by whitespace and enclosed in curly braces. Below that, there
+ is a list of URL patterns, each on a separate line.
</para>
<para>
- It can also be used in an environment with multiple networks to route
- requests via multiple gateways allowing transparent access to multiple
- networks without having to modify browser configurations.
+ To determine which actions apply to a request, the URL of the request is
+ compared to all patterns in this file. Every time it matches, the list of
+ applicable actions for the URL is incrementally updated, using the heading
+ of the section in which the pattern is located. If multiple matches for
+ the same URL set the same action differently, the last match wins. If not,
+ the effects are aggregated (e.g. a URL might match both the
+ <ulink url="configuration.html#HANDLE-AS-IMAGE"><quote>+handle-as-image</quote></ulink>
+ and <ulink url="configuration.html#BLOCK"><quote>+block</quote></ulink> actions).
+
</para>
<para>
- Also specified here are SOCKS proxies. <application>Privoxy</application>
- SOCKS 4 and SOCKS 4A. The difference is that SOCKS 4A will resolve the target
- hostname using DNS on the SOCKS server, not our local DNS client.
+ You can trace this process by visiting <ulink
+ url="http://config.privoxy.org/show-url-info">http://config.privoxy.org/show-url-info</ulink>.
</para>
<para>
- The syntax of each line is:
+ More detail on this is provided in the Appendix, <link linkend="ACTIONSANAT">
+ Anatomy of an Action</link>.
</para>
+</sect3>
+<!-- ~~~~~ New section ~~~~~ -->
+<sect3>
+<title>Patterns</title>
<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>forward target_domain[:port] http_proxy_host[:port]</emphasis>
- <emphasis>forward-socks4 target_domain[:port] socks_proxy_host[:port] http_proxy_host[:port]</emphasis>
- <emphasis>forward-socks4a target_domain[:port] socks_proxy_host[:port] http_proxy_host[:port]</emphasis>
- </literallayout>
- </msgtext>
- </literal>
+ Generally, a pattern has the form <literal><domain>/<path></literal>,
+ where both the <literal><domain></literal> and <literal><path></literal>
+ are optional. (This is why the pattern <literal>/</literal> matches all URLs).
</para>
-<para>
- If http_proxy_host is <quote>.</quote>, then requests are not forwarded to a
- HTTP proxy but are made directly to the web servers.
-</para>
+<variablelist>
+ <varlistentry>
+ <term><literal>www.example.com/</literal></term>
+ <listitem>
+ <para>
+ is a domain-only pattern and will match any request to <literal>www.example.com</literal>,
+ regardless of which document on that server is requested.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><literal>www.example.com</literal></term>
+ <listitem>
+ <para>
+ means exactly the same. For domain-only patterns, the trailing <literal>/</literal> may
+ be omitted.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><literal>www.example.com/index.html</literal></term>
+ <listitem>
+ <para>
+ matches only the single document <literal>/index.html</literal>
+ on <literal>www.example.com</literal>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><literal>/index.html</literal></term>
+ <listitem>
+ <para>
+ matches the document <literal>/index.html</literal>, regardless of the domain,
+ i.e. on <emphasis>any</emphasis> web server.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><literal>index.html</literal></term>
+ <listitem>
+ <para>
+ matches nothing, since it would be interpreted as a domain name and
+ there is no top-level domain called <literal>.html</literal>.
+ </para>
+ </listitem>
+ </varlistentry>
+</variablelist>
-<para>
- Lines are checked in sequence, and the last match wins.
-</para>
+<sect4><title>The Domain Pattern</title>
<para>
- There is an implicit line equivalent to the following, which specifies that
- anything not finding a match on the list is to go out without forwarding
- or gateway protocol, like so:
+ The matching of the domain part offers some flexible options: if the
+ domain starts or ends with a dot, it becomes unanchored at that end.
+ For example:
</para>
-<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>forward .* . </emphasis># implicit
- </literallayout>
- </msgtext>
- </literal>
-</para>
+<variablelist>
+ <varlistentry>
+ <term><literal>.example.com</literal></term>
+ <listitem>
+ <para>
+ matches any domain that <emphasis>ENDS</emphasis> in
+ <literal>.example.com</literal>
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><literal>www.</literal></term>
+ <listitem>
+ <para>
+ matches any domain that <emphasis>STARTS</emphasis> with
+ <literal>www.</literal>
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><literal>.example.</literal></term>
+ <listitem>
+ <para>
+ matches any domain that <emphasis>CONTAINS</emphasis> <literal>.example.</literal>
+ (Correctly speaking: It matches any FQDN that contains <literal>example</literal> as a domain.)
+ </para>
+ </listitem>
+ </varlistentry>
+</variablelist>
<para>
- In the following common configuration, everything goes to Lucent's LPWA,
- except SSL on port 443 (which it doesn't handle):
+ Additionally, there are wild-cards that you can use in the domain names
+ themselves. They work pretty similar to shell wild-cards: <quote>*</quote>
+ stands for zero or more arbitrary characters, <quote>?</quote> stands for
+ any single character, you can define character classes in square
+ brackets and all of that can be freely mixed:
</para>
-<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>forward .* lpwa.com:8000</emphasis>
- <emphasis>forward :443 .</emphasis>
- </literallayout>
- </msgtext>
- </literal>
-</para>
+<variablelist>
+ <varlistentry>
+ <term><literal>ad*.example.com</literal></term>
+ <listitem>
+ <para>
+ matches <quote>adserver.example.com</quote>,
+ <quote>ads.example.com</quote>, etc but not <quote>sfads.example.com</quote>
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><literal>*ad*.example.com</literal></term>
+ <listitem>
+ <para>
+ matches all of the above, and then some.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><literal>.?pix.com</literal></term>
+ <listitem>
+ <para>
+ matches <literal>www.ipix.com</literal>,
+ <literal>pictures.epix.com</literal>, <literal>a.b.c.d.e.upix.com</literal> etc.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><literal>www[1-9a-ez].example.c*</literal></term>
+ <listitem>
+ <para>
+ matches <literal>www1.example.com</literal>,
+ <literal>www4.example.cc</literal>, <literal>wwwd.example.cy</literal>,
+ <literal>wwwz.example.com</literal> etc., but <emphasis>not</emphasis>
+ <literal>wwww.example.com</literal>.
+ </para>
+ </listitem>
+ </varlistentry>
+</variablelist>
-<para>
-<!--
- See the FAQ for instructions on how to automate the login procedure for LPWA.
--->
- Some users have reported difficulties related to LPWA's use of
- <quote>.</quote> as the last element of the domain, and have said that this
- can be fixed with this:
-</para>
-
-<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>forward lpwa. lpwa.com:8000</emphasis>
- </literallayout>
- </msgtext>
- </literal>
-</para>
-
-<para>
- (NOTE: the syntax for specifying target_domain has changed since the
- previous paragraph was written -- it will not work now. More information
- is welcome.)
-</para>
+</sect4>
-<para>
- In this fictitious example, everything goes via an ISP's caching proxy,
- except requests to that ISP:
-</para>
+<sect4><title>The Path Pattern</title>
<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>forward .* caching.myisp.net:8000</emphasis>
- <emphasis>forward myisp.net .</emphasis>
- </literallayout>
- </msgtext>
- </literal>
+ <application>Privoxy</application> uses Perl compatible regular expressions
+ (through the <ulink url="http://www.pcre.org/">PCRE</ulink> library) for
+ matching the path.
</para>
<para>
- For the @home network, we're told the forwarding configuration is this:
+ There is an <link linkend="regex">Appendix</link> with a brief quick-start into regular
+ expressions, and full (very technical) documentation on PCRE regex syntax is available on-line
+ at <ulink url="http://www.pcre.org/man.txt">http://www.pcre.org/man.txt</ulink>.
+ You might also find the Perl man page on regular expressions (<literal>man perlre</literal>)
+ useful, which is available on-line at <ulink
+ url="http://www.perldoc.com/perl5.6/pod/perlre.html">http://www.perldoc.com/perl5.6/pod/perlre.html</ulink>.
</para>
-
<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>forward .* proxy:8080</emphasis>
- </literallayout>
- </msgtext>
- </literal>
+ Note that the path pattern is automatically left-anchored at the <quote>/</quote>,
+ i.e. it matches as if it would start with a <quote>^</quote> (regular expression speak
+ for the beginning of a line).
</para>
<para>
- Also, we're told they insist on getting cookies and JavaScript, so you should
- allow cookies from home.com. We consider JavaScript a potential security risk.
- Java need not be enabled.
+ Please also note that matching in the path is case
+ <emphasis>INSENSITIVE</emphasis> by default, but you can switch to case
+ sensitive at any point in the pattern by using the
+ <quote>(?-i)</quote> switch:
+ <literal>www.example.com/(?-i)PaTtErN.*</literal> will match only
+ documents whose path starts with <literal>PaTtErN</literal> in
+ <emphasis>exactly</emphasis> this capitalization.
</para>
+</sect4>
-<para>
- In this example direct connections are made to all <quote>internal</quote>
- domains, but everything else goes through Lucent's LPWA by way of the
- company's SOCKS gateway to the Internet.
-</para>
+</sect3>
-<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>forward-socks4 .* lpwa.com:8000 firewall.my_company.com:1080</emphasis>
- <emphasis>forward my_company.com .</emphasis>
- </literallayout>
- </msgtext>
- </literal>
-</para>
+<!-- ~ End section ~ -->
-<para>
- This is how you could set up a site that always uses SOCKS but no forwarders:
-</para>
+<!-- ~~~~~ New section ~~~~~ -->
+
+<sect3 id="actions">
+<title>Actions</title>
<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>forward-socks4a .* . firewall.my_company.com:1080</emphasis>
- </literallayout>
- </msgtext>
- </literal>
+ All actions are disabled by default, until they are explicitly enabled
+ somewhere in an actions file. Actions are turned on if preceded with a
+ <quote>+</quote>, and turned off if preceded with a <quote>-</quote>. So a
+ <quote>+action</quote> means <quote>do that action</quote>, e.g.
+ <quote>+block</quote> means please <quote>block the following URL
+ patterns</quote>.
</para>
-<para>
- An advanced example for network administrators:
+<para>
+ Actions are invoked by enclosing the action name in curly braces (e.g.
+ {+some_action}), followed by a list of URLs (or patterns that match URLs) to
+ which the action applies. There are three classes of actions:
</para>
<para>
- If you have links to multiple ISPs that provide various special content to
- their subscribers, you can configure forwarding to pass requests to the
- specific host that's connected to that ISP so that everybody can see all
- of the content on all of the ISPs.
-</para>
+ <itemizedlist>
-<para>
- This is a bit tricky, but here's an example:
-</para>
+ <listitem>
+ <para>
+ Boolean, i.e the action can only be <quote>on</quote> or
+ <quote>off</quote>. Examples:
+ </para>
+ <para>
+ <literal>
+ <msgtext>
+ <literallayout>
+ <emphasis>{+name}</emphasis> # enable this action
+ <emphasis>{-name}</emphasis> # disable this action
+ </literallayout>
+ </msgtext>
+ </literal>
+ </para>
+ </listitem>
-<para>
- host-a has a PPP connection to isp-a.com. And host-b has a PPP connection to
- isp-b.com. host-a can run a <application>Privoxy</application> proxy with
- forwarding like this:
-</para>
+ <listitem>
+ <para>
+ Parameterized, e.g. <quote>+/-hide-user-agent{ Mozilla 1.0 }</quote>,
+ where some value is required in order to enable this type of action.
+ Examples:
+ </para>
+ <para>
+ <literal>
+ <msgtext>
+ <literallayout>
+ <emphasis>{+name{param}}</emphasis> # enable action and set parameter to <quote>param</quote>
+ <emphasis>{-name}</emphasis> # disable action (<quote>parameter</quote>) can be omitted
+ </literallayout>
+ </msgtext>
+ </literal>
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ <!-- oes, or someone, check this. Re-worded 04/20/02 HB. -->
+ Multi-value, e.g. <quote>{+/-add-header{Name: value}}</quote> or
+ <quote>{+/-send-wafer{name=value}}</quote>), where some value needs to be defined
+ in addition to simply enabling the action. Examples:
+ </para>
+ <para>
+ <literal>
+ <msgtext>
+ <literallayout>
+ <emphasis>{+name{param=value}}</emphasis> # enable action and set <quote>param</quote> to <quote>value</quote>
+ <emphasis>{-name{param=value}}</emphasis> # remove the parameter <quote>param</quote> completely
+ <emphasis>{-name}</emphasis> # disable this action totally and remove <application>param</application> too
+ </literallayout>
+ </msgtext>
+ </literal>
+ </para>
+ </listitem>
-<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>forward .* .</emphasis>
- <emphasis>forward isp-b.com host-b:8118</emphasis>
- </literallayout>
- </msgtext>
- </literal>
+ </itemizedlist>
</para>
<para>
- host-b can run a <application>Privoxy</application> proxy with forwarding
- like this:
+ If nothing is specified in any actions file, no <quote>actions</quote> are
+ taken. So in this case <application>Privoxy</application> would just be a
+ normal, non-blocking, non-anonymizing proxy. You must specifically enable the
+ privacy and blocking features you need (although the provided default actions
+ files will give a good starting point).
</para>
<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>forward .* .</emphasis>
- <emphasis>forward isp-a.com host-a:8118</emphasis>
- </literallayout>
- </msgtext>
- </literal>
+ Later defined actions always over-ride earlier ones. So exceptions
+ to any rules you make, should come in the latter part of the file (or
+ in a file that is processed later when using multiple actions files). For
+ multi-valued actions, the actions are applied in the order they are specified.
+ Actions files are processed in the order they are defined in
+ <filename>config</filename> (the default installation has three actions
+ files). It also quite possible for any given URL pattern to match more than
+ one action!
</para>
+<!-- start actions listing -->
<para>
- Now, <emphasis>anyone</emphasis> on the Internet (including users on host-a
- and host-b) can set their browser's proxy to <emphasis>either</emphasis>
- host-a or host-b and be able to browse the content on isp-a or isp-b.
+ The list of valid <application>Privoxy</application> <quote>actions</quote> are:
</para>
-<para>
- Here's another practical example, for University of Kent at
- Canterbury students with a network connection in their room, who
- need to use the University's Squid web cache.
-</para>
-<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>forward *. ssbcache.ukc.ac.uk:3128</emphasis> # Use the proxy, except for:
- <emphasis>forward .ukc.ac.uk . </emphasis> # Anything on the same domain as us
- <emphasis>forward * . </emphasis> # Host with no domain specified
- <emphasis>forward 129.12.*.* . </emphasis> # A dotted IP on our /16 network.
- <emphasis>forward 127.*.*.* . </emphasis> # Loopback address
- <emphasis>forward localhost.localdomain . </emphasis> # Loopback address
- <emphasis>forward www.ukc.mirror.ac.uk . </emphasis> # Specific host
- </literallayout>
- </msgtext>
- </literal>
-</para>
+<!-- ********************************************************** -->
+<!-- Please note the below defined actions use id's that are -->
+<!-- probably linked from other places, so please don't change. -->
+<!-- -->
+<!-- ********************************************************** -->
-<para>
- If you intend to chain <application>Privoxy</application> and
- <application>squid</application> locally, then chain as
- <literal>browser -> squid -> privoxy</literal> is the recommended way.
-</para>
-<para>
-Your squid configuration could then look like this (assuming that the IP
-address of the box is <literal>192.168.0.1</literal> ):
-</para>
+<!-- ~~~~~ New section ~~~~~ -->
-<para>
- <literal>
- <msgtext>
- <literallayout>
- # Define Privoxy as parent cache
- <!-- per feedback from user...
- cache_peer 127.0.0.1 8118 parent 0 no-query
- -->
- cache_peer 192.168.0.1 parent 8118 0 no-query
+<sect4 id="add-header">
+<title><emphasis>+add-header</emphasis></title>
- # don't listen to the whole world
- http_port 192.168.0.1:3128
+<variablelist>
+ <varlistentry>
+ <term>Type:</term>
+ <!-- boolean, parameterized, Multi-value -->
+ <listitem>
+ <para>Multi-value.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Typical uses:</term>
+ <listitem>
+ <para>
+ Send a user defined HTTP header to the web server.
+ </para>
+ </listitem>
+ </varlistentry>
- # define the local lan
- acl mylocallan src 192.168.0.1-192.168.0.5/255.255.255.255
+ <varlistentry>
+ <term>Possible values:</term>
+ <listitem>
+ <para>
+ Any value is possible. Validity of the defined HTTP headers is not checked.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Example usage:</term>
+ <listitem>
+ <literallayout>
+ <emphasis>{+add-header{X-User-Tracking: sucks}}</emphasis>
+ <emphasis>.example.com</emphasis>
+ </literallayout>
+ </listitem>
+ </varlistentry>
- # grant access for http to local lan
- http_access allow mylocallan
-
- # Define ACL for protocol FTP
- acl FTP proto FTP
+<varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ This action may be specified multiple times, in order to define multiple
+ headers. This is rarely needed for the typical user. If you don't know what
+ <quote>HTTP headers</quote> are, you definitely don't need to worry about this
+ one.
+ </para>
+ </listitem>
+ </varlistentry>
+</variablelist>
+</sect4>
- # Do not forward ACL FTP to privoxy
- always_direct allow FTP
- # Do not forward ACL CONNECT (https) to privoxy
- always_direct allow CONNECT
+<!-- ~~~~~ New section ~~~~~ -->
+<sect4 id="block">
+<title><emphasis>+block</emphasis></title>
- # Forward the rest to privoxy
- never_direct allow all
- </literallayout>
- </msgtext>
- </literal>
-</para>
+<variablelist>
+ <varlistentry>
+ <term>Type:</term>
+ <!-- boolean, parameterized, Multi-value -->
+ <listitem>
+ <para>Boolean.</para>
+ </listitem>
+ </varlistentry>
-</sect3>
+ <varlistentry>
+ <term>Typical uses:</term>
+ <listitem>
+ <para>
+ Used to block a URL from reaching your browser. The URL may be
+ anything, but is typically used to block ads or other obnoxious
+ content.
+ </para>
+ </listitem>
+ </varlistentry>
-<!-- ~ End section ~ -->
+ <varlistentry>
+ <term>Possible values:</term>
+ <listitem>
+ <para>N/A</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Example usage:</term>
+ <listitem>
+ <literallayout>
+ <emphasis>{+block}</emphasis>
+ <emphasis>.banners.example.com</emphasis>
+ <emphasis>.ads.r.us</emphasis>
+ </literallayout>
+ </listitem>
+ </varlistentry>
+<varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ If a URL matches one of the blocked patterns, <application>Privoxy</application>
+ will intercept the URL and display its special <quote>BLOCKED</quote> page
+ instead. If there is sufficient space, a large red banner will appear with
+ a friendly message about why the page was blocked, and a way to go there
+ anyway. If there is insufficient space a smaller <quote>BLOCKED</quote>
+ page will appear without the red banner.
+ <ulink url="http://ads.bannerserver.example.com/nasty-ads/sponsor.html">Click here</ulink>
+ to view the default blocked HTML page (<application>Privoxy</application> must be running
+ for this to work as intended!).
+ </para>
-<!-- ~~~~~ New section ~~~~~ -->
+ <para>
+ A very important exception is if the URL <emphasis>matches both</emphasis>
+ <quote>+block</quote> and <ulink
+ url="configuration.html#HANDLE-AS-IMAGE"><quote>+handle-as-image</quote></ulink>,
+ then it will be handled by
+ <ulink url="configuration.html#SET-IMAGE-BLOCKER"><quote>+set-image-blocker</quote></ulink>
+ (see below). It is important to understand this process, in order
+ to understand how <application>Privoxy</application> is able to deal with
+ ads and other objectionable content.
+ </para>
+ <para>
+ The <ulink url="configuration.html#FILTER"><quote>+filter</quote></ulink>
+ action can also perform some of the
+ same functionality as <quote>+block</quote>, but by virtue of very
+ different programming techniques, and is most often used for different
+ reasons.
+ </para>
+ </listitem>
+ </varlistentry>
-<sect3>
-<title>Windows GUI Options</title>
-<!--
-Removed references to Win32. HB 09/23/01
--->
-<para>
- <application>Privoxy</application> has a number of options specific to the
- Windows GUI interface:
-</para>
+</variablelist>
+</sect4>
-<para>
- If <quote>activity-animation</quote> is set to 1, the
- <application>Privoxy</application> icon will animate when
- <quote>Privoxy</quote> is active. To turn off, set to 0.
-</para>
-<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>activity-animation 1</emphasis>
- </literallayout>
- </msgtext>
- </literal>
-</para>
+<!-- ~~~~~ New section ~~~~~ -->
+<sect4 id="deanimate-gifs">
+<title><emphasis>+deanimate-gifs</emphasis></title>
-<para>
- If <quote>log-messages</quote> is set to 1,
- <application>Privoxy</application> will log messages to the console
- window:
-</para>
+<variablelist>
+ <varlistentry>
+ <term>Type:</term>
+ <!-- boolean, parameterized, Multi-value -->
+ <listitem>
+ <para>Parameterized.</para>
+ </listitem>
+ </varlistentry>
-<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>log-messages 1</emphasis>
- </literallayout>
- </msgtext>
- </literal>
-</para>
+ <varlistentry>
+ <term>Typical uses:</term>
+ <listitem>
+ <para>
+ To stop those annoying, distracting animated GIF images.
+ </para>
+ </listitem>
+ </varlistentry>
-<para>
- If <quote>log-buffer-size</quote> is set to 1, the size of the log buffer,
- i.e. the amount of memory used for the log messages displayed in the
- console window, will be limited to <quote>log-max-lines</quote> (see below).
-</para>
+ <varlistentry>
+ <term>Possible values:</term>
+ <listitem>
+ <para>
+ <quote>last</quote> or <quote>first</quote>
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Example usage:</term>
+ <listitem>
+ <literallayout>
+ <emphasis>{+deanimate-gifs{last}}</emphasis>
+ <emphasis>.example.com</emphasis>
+ </literallayout>
+ </listitem>
+ </varlistentry>
-<para>
- Warning: Setting this to 0 will result in the buffer to grow infinitely and
- eat up all your memory!
-</para>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ De-animate all animated GIF images, i.e. reduce them to their last frame.
+ This will also shrink the images considerably (in bytes, not pixels!). If
+ the option <quote>first</quote> is given, the first frame of the animation
+ is used as the replacement. If <quote>last</quote> is given, the last
+ frame of the animation is used instead, which probably makes more sense for
+ most banner animations, but also has the risk of not showing the entire
+ last frame (if it is only a delta to an earlier frame).
+ </para>
+ </listitem>
+ </varlistentry>
-<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>log-buffer-size 1</emphasis>
- </literallayout>
- </msgtext>
- </literal>
-</para>
+</variablelist>
+</sect4>
-<para>
- <application>log-max-lines</application> is the maximum number of lines held
- in the log buffer. See above.
-</para>
+<!-- ~~~~~ New section ~~~~~ -->
+<sect4 id="downgrade-http-version">
+<title><emphasis>+downgrade-http-version</emphasis></title>
-<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>log-max-lines 200</emphasis>
- </literallayout>
- </msgtext>
- </literal>
-</para>
+<variablelist>
+ <varlistentry>
+ <term>Type:</term>
+ <!-- boolean, parameterized, Multi-value -->
+ <listitem>
+ <para>Boolean.</para>
+ </listitem>
+ </varlistentry>
-<para>
- If <quote>log-highlight-messages</quote> is set to 1,
- <application>Privoxy</application> will highlight portions of the log
- messages with a bold-faced font:
-</para>
+ <varlistentry>
+ <term>Typical uses:</term>
+ <listitem>
+ <para>
+ <quote>+downgrade-http-version</quote> will downgrade HTTP/1.1 client requests to
+ HTTP/1.0 and downgrade the responses as well.
+ </para>
+ </listitem>
+ </varlistentry>
-<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>log-highlight-messages 1</emphasis>
- </literallayout>
- </msgtext>
- </literal>
-</para>
+ <varlistentry>
+ <term>Possible values:</term>
+ <listitem>
+ <para>
+ N/A
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Example usage:</term>
+ <listitem>
+ <literallayout>
+ <emphasis>{+downgrade-http-version}</emphasis>
+ <emphasis>.example.com</emphasis>
+ </literallayout>
+ </listitem>
+ </varlistentry>
-<para>
- The font used in the console window:
-</para>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ Use this action for servers that use HTTP/1.1 protocol features that
+ <application>Privoxy</application> doesn't handle well yet. HTTP/1.1 is
+ only partially implemented. Default is not to downgrade requests. This is
+ an infrequently needed action, and is used to help with rare problem sites only.
+ </para>
+ </listitem>
+ </varlistentry>
-<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>log-font-name Comic Sans MS</emphasis>
- </literallayout>
- </msgtext>
- </literal>
-</para>
+</variablelist>
+</sect4>
-<para>
- Font size used in the console window:
-</para>
+<!-- ~~~~~ New section ~~~~~ -->
+<sect4 id="fast-redirects">
+<title><emphasis>+fast-redirects</emphasis></title>
-<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>log-font-size 8</emphasis>
- </literallayout>
- </msgtext>
- </literal>
-</para>
+<variablelist>
+ <varlistentry>
+ <term>Type:</term>
+ <!-- boolean, parameterized, Multi-value -->
+ <listitem>
+ <para>Boolean.</para>
+ </listitem>
+ </varlistentry>
-<para>
- <quote>show-on-task-bar</quote> controls whether or not
- <application>Privoxy</application> will appear as a button on the Task bar
- when minimized:
-</para>
+ <varlistentry>
+ <term>Typical uses:</term>
+ <listitem>
+ <para>
+ The <quote>+fast-redirects</quote> action enables interception of
+ <quote>redirect</quote> requests from one server to another, which
+ are used to track users.<application>Privoxy</application> can cut off
+ all but the last valid URL in a redirect request and send a local redirect
+ back to your browser without contacting the intermediate site(s).
+ </para>
+ </listitem>
+ </varlistentry>
-<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>show-on-task-bar 0</emphasis>
- </literallayout>
- </msgtext>
- </literal>
-</para>
+ <varlistentry>
+ <term>Possible values:</term>
+ <listitem>
+ <para>
+ N/A
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Example usage:</term>
+ <listitem>
+ <literallayout>
+ <emphasis>{+fast-redirects}</emphasis>
+ <emphasis>.example.com</emphasis>
+ </literallayout>
+ </listitem>
+ </varlistentry>
-<para>
- If <quote>close-button-minimizes</quote> is set to 1, the Windows close
- button will minimize <application>Privoxy</application> instead of closing
- the program (close with the exit option on the File menu).
-</para>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ Many sites, like yahoo.com, don't just link to other sites. Instead, they
+ will link to some script on their own server, giving the destination as a
+ parameter, which will then redirect you to the final target. URLs
+ resulting from this scheme typically look like:
+ <emphasis>http://some.place/some_script?http://some.where-else</emphasis>.
+ </para>
+ <para>
+ Sometimes, there are even multiple consecutive redirects encoded in the
+ URL. These redirections via scripts make your web browsing more traceable,
+ since the server from which you follow such a link can see where you go
+ to. Apart from that, valuable bandwidth and time is wasted, while your
+ browser ask the server for one redirect after the other. Plus, it feeds
+ the advertisers.
+ </para>
+ <para>
+ This is a normally <quote>on</quote> feature, and often requires exceptions
+ for sites that are sensitive to defeating this mechanism.
+ </para>
+ </listitem>
+ </varlistentry>
-<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>close-button-minimizes 1</emphasis>
- </literallayout>
- </msgtext>
- </literal>
-</para>
+</variablelist>
+</sect4>
-<para>
- The <quote>hide-console</quote> option is specific to the MS-Win console
- version of <application>Privoxy</application>. If this option is used,
- <application>Privoxy</application> will disconnect from and hide the
- command console.
-</para>
-<para>
- <literal>
- <msgtext>
- <literallayout>
- #hide-console
- </literallayout>
- </msgtext>
- </literal>
-</para>
+<!-- ~~~~~ New section ~~~~~ -->
+<sect4 id="filter">
+<title><emphasis>+filter</emphasis></title>
-</sect3>
-</sect2>
+<variablelist>
+ <varlistentry>
+ <term>Type:</term>
+ <!-- boolean, parameterized, Multi-value -->
+ <listitem>
+ <para>Parameterized.</para>
+ </listitem>
+ </varlistentry>
-<!-- ~ End section ~ -->
+ <varlistentry>
+ <term>Typical uses:</term>
+ <listitem>
+ <para>
+ Apply page filtering as defined by named sections of the
+ <filename>default.filter</filename> file to the specified site(s).
+ <quote>Filtering</quote> can be any modification of the raw
+ page content, including re-writing or deletion of content.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Possible values:</term>
+ <listitem>
+ <para>
+ <quote>+filter</quote> must include the name of one of the section identifiers
+ from <filename>default.filter</filename> (or whatever
+ <emphasis>filterfile</emphasis> is specified in <filename>config</filename>).
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Example usage (from the current <filename>default.filter</filename>):</term>
+ <listitem>
+ <simplelist>
+ <member>
+ <emphasis>+filter{html-annoyances}</emphasis>: Get rid of particularly annoying HTML abuse.
+ </member>
+ </simplelist>
+ <simplelist>
+ <member>
+ <emphasis>+filter{js-annoyances}</emphasis>: Get rid of particularly annoying JavaScript abuse
+ </member>
+ </simplelist>
+ <simplelist>
+ <member>
+ <emphasis>+filter{content-cookies}</emphasis>: Kill cookies that come in the HTML or JS content
+ </member>
+ </simplelist>
+ <simplelist>
+ <member>
+ <emphasis>+filter{popups}</emphasis>: Kill all popups in JS and HTML
+ </member>
+ </simplelist>
+ <simplelist>
+ <member>
+ <emphasis>+filter{frameset-borders}</emphasis>: Give frames a border and make them resizable
+ </member>
+ </simplelist>
+ <simplelist>
+ <member>
+ <emphasis>+filter{webbugs}</emphasis>: Squish WebBugs (1x1 invisible GIFs used for user tracking)
+ </member>
+ </simplelist>
+ <simplelist>
+ <member>
+ <emphasis>+filter{refresh-tags}</emphasis>: Kill automatic refresh tags (for dial-on-demand setups)
+ </member>
+ </simplelist>
+ <simplelist>
+ <member>
+ <emphasis>+filter{fun}</emphasis>: Text replacements for subversive browsing fun!
+ </member>
+ </simplelist>
+ <simplelist>
+ <member>
+ <emphasis>+filter{nimda}</emphasis>: Remove Nimda (virus) code.
+ </member>
+ </simplelist>
+ <simplelist>
+ <member>
+ <emphasis>+filter{banners-by-size}</emphasis>: Kill banners by size (<emphasis>very</emphasis> efficient!)
+ </member>
+ </simplelist>
+ <simplelist>
+ <member>
+ <emphasis>+filter{shockwave-flash}</emphasis>: Kill embedded Shockwave Flash objects
+ </member>
+ </simplelist>
+ <simplelist>
+ <member>
+ <emphasis>+filter{crude-parental}</emphasis>: Kill all web pages that contain the words "sex" or "warez"
+ </member>
+ </simplelist>
+ </listitem>
+ </varlistentry>
-<!-- ~~~~~ New section ~~~~~ -->
-<sect2 id="actionsfile">
-<title>The Actions File</title>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ This is potentially a very powerful feature! And requires a knowledge
+ of regular expressions if you want to <quote>roll your own</quote>.
+ Filtering operates on a line by line basis throughout the entire page.
+ </para>
+ <para>
+ Filtering requires buffering the page content, which may appear to
+ slow down page rendering since nothing is displayed until all content has
+ passed the filters. (It does not really take longer, but seems that way
+ since the page is not incrementally displayed.) This effect will be more
+ noticeable on slower connections.
+ </para>
+ <para>
+ Filtering can achieve some of the effects as the
+ <ulink url="configuration.html#BLOCK"><quote>+block</quote></ulink>
+ action, i.e. it can be used to block ads and banners. In the overall
+ scheme of things, filtering is one of the first things <quote>Privoxy</quote>
+ does with a web page. So other most other actions are applied to the
+ already <quote>filtered</quote> page.
+ </para>
+ </listitem>
+ </varlistentry>
-<para>
- The <quote>default.action</quote> file (formerly
- <filename>actionsfile</filename> or <filename>ijb.action</filename>) is used
- to define what actions <application>Privoxy</application> takes, and thus
- determines how ad images, cookies and various other aspects of HTTP content
- and transactions are handled. These can be accepted or rejected for all
- sites, or just those sites you choose. See below for a complete list of
- actions.
-</para>
-<para>
- Anything you want can blocked, including ads, banners, or just some obnoxious
- URL that you would rather not see. Cookies can be accepted or rejected, or
- accepted only during the current browser session (i.e. not written to disk).
- Changes to <filename>default.action</filename> should be immediately visible
- to <application>Privoxy</application> without the need to restart.
-</para>
+</variablelist>
+</sect4>
-<para>
- Note that some sites may misbehave, or possibly not work at all with some
- actions. This may require some tinkering with the rules to get the most
- mileage of <application>Privoxy's</application> features, and still be
- able to see and enjoy just what you want to. There is no general rule of
- thumb on these things. There just are too many variables, and sites are
- always changing.
-</para>
+<!-- ~~~~~ New section ~~~~~ -->
+<sect4 id="hide-forwarded-for-headers">
+<title><emphasis>+hide-forwarded-for-headers</emphasis></title>
-<para>
- The easiest way to edit the <quote>actions</quote> file is with a browser by
- loading <ulink url="http://p.p/">http://p.p/</ulink>, and then select
- <quote>Edit Actions List</quote>. A text editor can also be used.
-</para>
+<variablelist>
+ <varlistentry>
+ <term>Type:</term>
+ <!-- Boolean, Parameterized, Multi-value -->
+ <listitem>
+ <para>Boolean.</para>
+ </listitem>
+ </varlistentry>
-<para>
- To determine which actions apply to a request, the URL of the request is
- compared to all patterns in this file. Every time it matches, the list of
- applicable actions for the URL is incrementally updated. You can trace
- this process by visiting <ulink
- url="http://p.p/show-url-info">http://p.p/show-url-info</ulink>.
-</para>
+ <varlistentry>
+ <term>Typical uses:</term>
+ <listitem>
+ <para>
+ Block any existing X-Forwarded-for HTTP header, and do not add a new one.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Possible values:</term>
+ <listitem>
+ <para>
+ N/A
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Example usage:</term>
+ <listitem>
+ <literallayout>
+ <emphasis>{+hide-forwarded-for-headers}</emphasis>
+ <emphasis>.example.com</emphasis>
+ </literallayout>
+ </listitem>
+ </varlistentry>
-<para>
- There are four types of lines in this file: comments (begin with a
- <quote>#</quote> character), actions, aliases and patterns, all of which are
- explained below, as well as the configuration file syntax that
- <application>Privoxy</application> understands.
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ It is fairly safe to leave this on. It does not seem to break many sites.
+ </para>
+ </listitem>
+ </varlistentry>
-</para>
+</variablelist>
+</sect4>
<!-- ~~~~~ New section ~~~~~ -->
-<sect3>
-<title>URL Domain and Path Syntax</title>
-<para>
- Generally, a pattern has the form <domain>/<path>, where both the
- <domain> and <path> part are optional. If you only specify a
- domain part, the <quote>/</quote> can be left out:
-</para>
+<sect4 id="hide-from-header">
+<title><emphasis>+hide-from-header</emphasis></title>
-<para>
- <emphasis>www.example.com</emphasis> - is a domain only pattern and will match any request to
- <quote>www.example.com</quote>.
-</para>
-
-<para>
- <emphasis>www.example.com/</emphasis> - means exactly the same.
-</para>
+<variablelist>
+ <varlistentry>
+ <term>Type:</term>
+ <!-- Boolean, Parameterized, Multi-value -->
+ <listitem>
+ <para>Parameterized.</para>
+ </listitem>
+ </varlistentry>
-<para>
- <emphasis>www.example.com/index.html</emphasis> - matches only the single
- document <quote>/index.html</quote> on <quote>www.example.com</quote>.
-</para>
+ <varlistentry>
+ <term>Typical uses:</term>
+ <listitem>
+ <para>
+ To block the browser from sending your email address in a <quote>From:</quote>
+ header.
+ </para>
+ </listitem>
+ </varlistentry>
-<para>
- <emphasis>/index.html</emphasis> - matches the document <quote>/index.html</quote>,
- regardless of the domain. So would match any page named <quote>index.html</quote>
- on any site.
-</para>
+ <varlistentry>
+ <term>Possible values:</term>
+ <listitem>
+ <para>
+ Keyword: <quote>block</quote>, or any user defined value.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Example usage:</term>
+ <listitem>
+ <literallayout>
+ <emphasis>{+hide-from-header{block}}</emphasis>
+ <emphasis>.example.com</emphasis>
+ </literallayout>
+ </listitem>
+ </varlistentry>
-<para>
- <emphasis>index.html</emphasis> - matches nothing, since it would be
- interpreted as a domain name and there is no top-level domain called
- <quote>.html</quote>.
-</para>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ The keyword <quote>block</quote> will completely remove the header
+ (not to be confused with the <ulink
+ url="configuration.html#BLOCK"><quote>+block</quote></ulink> action).
+ Alternately, you can specify any value you prefer to send to the web
+ server.
+ </para>
+ </listitem>
+ </varlistentry>
-<para>
- The matching of the domain part offers some flexible options: if the
- domain starts or ends with a dot, it becomes unanchored at that end.
- For example:
-</para>
+</variablelist>
+</sect4>
-<para>
- <emphasis>.example.com</emphasis> - matches any domain or sub-domain that
- <emphasis>ENDS</emphasis> in <quote>.example.com</quote>.
-</para>
-<para>
- <emphasis>www.</emphasis> - matches any domain that <emphasis>STARTS</emphasis> with
- <quote>www</quote>.
-</para>
+<!-- ~~~~~ New section ~~~~~ -->
+<sect4 id="hide-referer">
+<title><emphasis>+hide-referer</emphasis></title>
+<anchor id="hide-referrer">
+<variablelist>
+ <varlistentry>
+ <term>Type:</term>
+ <!-- Boolean, Parameterized, Multi-value -->
+ <listitem>
+ <para>Parameterized.</para>
+ </listitem>
+ </varlistentry>
-<para>
- Additionally, there are wild-cards that you can use in the domain names
- themselves. They work pretty similar to shell wild-cards: <quote>*</quote>
- stands for zero or more arbitrary characters, <quote>?</quote> stands for
- any single character. And you can define character classes in square
- brackets and they can be freely mixed:
-</para>
+ <varlistentry>
+ <term>Typical uses:</term>
+ <listitem>
+ <para>
+ Don't send the <quote>Referer:</quote> (sic) HTTP header to the web site.
+ Or, alternately send a forged header instead.
+ </para>
+ </listitem>
+ </varlistentry>
-<para>
- <emphasis>ad*.example.com</emphasis> - matches <quote>adserver.example.com</quote>,
- <quote>ads.example.com</quote>, etc but not <quote>sfads.example.com</quote>.
-</para>
+ <varlistentry>
+ <term>Possible values:</term>
+ <listitem>
+ <para>
+ Prevent the header from being sent with the keyword, <quote>block</quote>.
+ Or, <quote>forge</quote> a URL to one from the same server as the request.
+ Or, set to user defined value of your choice.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Example usage:</term>
+ <listitem>
+ <literallayout>
+ <emphasis>{+hide-referer{forge}}</emphasis>
+ <emphasis>.example.com</emphasis>
+ </literallayout>
+ </listitem>
+ </varlistentry>
-<para>
- <emphasis>*ad*.example.com</emphasis> - matches all of the above, and then some.
-</para>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ <quote>forge</quote> is the preferred option here, since some servers will
+ not send images back otherwise.
+ </para>
+ <para>
+ <quote>+hide-referrer</quote> is an alternate spelling of
+ <quote>+hide-referer</quote>. It has the exact same parameters, and can be freely
+ mixed with, <quote>+hide-referer</quote>. (<quote>referrer</quote> is the
+ correct English spelling, however the HTTP specification has a bug - it
+ requires it to be spelled as <quote>referer</quote>.)
+ </para>
+ </listitem>
+ </varlistentry>
-<para>
- <emphasis>.?pix.com</emphasis> - matches <quote>www.ipix.com</quote>,
- <quote>pictures.epix.com</quote>, <quote>a.b.c.d.e.upix.com</quote>, etc.
-</para>
+</variablelist>
+</sect4>
-<para>
- <emphasis>www[1-9a-ez].example.com</emphasis> - matches <quote>www1.example.com</quote>,
- <quote>www4.example.com</quote>, <quote>wwwd.example.com</quote>,
- <quote>wwwz.example.com</quote>, etc., but <emphasis>not</emphasis>
- <quote>wwww.example.com</quote>.
-</para>
-<para>
- If <application>Privoxy</application> was compiled with
- <quote>pcre</quote> support (the default), Perl compatible regular expressions
- can be used. These are more flexible and powerful than other types
- of <quote>regular expressions</quote>. See the <filename>pcre/docs/</filename> directory or <quote>man
- perlre</quote> (also available on <ulink
- url="http://www.perldoc.com/perl5.6/pod/perlre.html">http://www.perldoc.com/perl5.6/pod/perlre.html</ulink>)
- for details. A brief discussion of regular expressions is in the
- <link linkend="regex">Appendix</link>. For instance:
-</para>
+<!-- ~~~~~ New section ~~~~~ -->
+<sect4 id="hide-user-agent">
+<title><emphasis>+hide-user-agent</emphasis></title>
-<para>
- <emphasis>/.*/advert[0-9]+\.jpe?g</emphasis> - would match a URL from any
- domain, with any path that includes <quote>advert</quote> followed
- immediately by one or more digits, then a <quote>.</quote> and ending in
- either <quote>jpeg</quote> or <quote>jpg</quote>. So we match
- <quote>example.com/ads/advert2.jpg</quote>, and
- <quote>www.example.com/ads/banners/advert39.jpeg</quote>, but not
- <quote>www.example.com/ads/banners/advert39.gif</quote> (no gifs in the
- example pattern).
-</para>
+<variablelist>
+ <varlistentry>
+ <term>Type:</term>
+ <!-- Boolean, Parameterized, Multi-value -->
+ <listitem>
+ <para>Parameterized.</para>
+ </listitem>
+ </varlistentry>
-<para>
- Please note that matching in the path is case
- <emphasis>INSENSITIVE</emphasis> by default, but you can switch to case
- sensitive at any point in the pattern by using the
- <quote>(?-i)</quote> switch:
-</para>
+ <varlistentry>
+ <term>Typical uses:</term>
+ <listitem>
+ <para>
+ To change the <quote>User-Agent:</quote> header so web servers can't tell
+ your browser type. Who's business is it anyway?
+ </para>
+ </listitem>
+ </varlistentry>
-<para>
- <emphasis>www.example.com/(?-i)PaTtErN.*</emphasis> - will match only
- documents whose path starts with <quote>PaTtErN</quote> in
- <emphasis>exactly</emphasis> this capitalization.
-</para>
+ <varlistentry>
+ <term>Possible values:</term>
+ <listitem>
+ <para>
+ Any user defined string.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Example usage:</term>
+ <listitem>
+ <literallayout>
+ <emphasis>{+hide-user-agent{Netscape 6.1 (X11; I; Linux 2.4.18 i686)}}</emphasis>
+ <emphasis>.msn.com</emphasis>
+ </literallayout>
+ </listitem>
+ </varlistentry>
-</sect3>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ Warning! This breaks many web sites that depend on this in order
+ to determine how the target browser will respond to various
+ requests. Use with caution.
+ </para>
+ </listitem>
+ </varlistentry>
-<!-- ~ End section ~ -->
+</variablelist>
+</sect4>
+<!-- ~~~~~ New section ~~~~~ -->
+<sect4 id="handle-as-image">
+<title><emphasis>+handle-as-image</emphasis></title>
+<variablelist>
+ <varlistentry>
+ <term>Type:</term>
+ <!-- Boolean, Parameterized, Multi-value -->
+ <listitem>
+ <para>Boolean.</para>
+ </listitem>
+ </varlistentry>
-<!-- ~~~~~ New section ~~~~~ -->
+ <varlistentry>
+ <term>Typical uses:</term>
+ <listitem>
+ <para>
+ To define what <application>Privoxy</application> should treat
+ automatically as an image, and is an important ingredient of how
+ ads are handled.
+ </para>
+ </listitem>
+ </varlistentry>
-<sect3>
-<title>Actions</title>
-<para>
- Actions are enabled if preceded with a <quote>+</quote>, and disabled if
- preceded with a <quote>-</quote>. Actions are invoked by enclosing the
- action name in curly braces (e.g. {+some_action}), followed by a list of
- URLs to which the action applies. There are three classes of actions:
-</para>
+ <varlistentry>
+ <term>Possible values:</term>
+ <listitem>
+ <para>
+ N/A
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Example usage:</term>
+ <listitem>
+ <literallayout>
+ <emphasis>{+handle-as-image}</emphasis>
+ <emphasis>/.*\.(gif|jpg|jpeg|png|bmp|ico)</emphasis>
+ </literallayout>
+ </listitem>
+ </varlistentry>
-<para>
- <itemizedlist>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ This only has meaning if the URL (or pattern) also is
+ <quote>+block</quote>ed, in which case a user definable image can
+ be sent rather than a HTML page. This is integral to the whole concept of
+ ad blocking: the URL must match <emphasis>both</emphasis> a <ulink
+ url="configuration.html#BLOCK"><quote>+block</quote></ulink> rule,
+ <emphasis>and</emphasis> <quote>+handle-as-image</quote>.
+ (See <ulink
+ url="configuration.html#SET-IMAGE-BLOCKER"><quote>+set-image-blocker</quote></ulink>
+ below for control over what will actually be displayed by the browser.)
+ </para>
+ <para>
+ There is little reason to change the default definition for this action.
+ </para>
+ </listitem>
+ </varlistentry>
- <listitem>
- <para>
- Boolean (e.g. <quote>+/-block</quote>):
- </para>
- <para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>{+name}</emphasis> # enable this action
- <emphasis>{-name}</emphasis> # disable this action
- </literallayout>
- </msgtext>
- </literal>
- </para>
- </listitem>
+</variablelist>
+</sect4>
- <listitem>
- <para>
- parameterized (e.g. <quote>+/-hide-user-agent</quote>):
- </para>
- <para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>{+name{param}}</emphasis> # enable action and set parameter to <quote>param</quote>
- <emphasis>{-name}</emphasis> # disable action
- </literallayout>
- </msgtext>
- </literal>
- </para>
- </listitem>
+<!-- ~~~~~ New section ~~~~~ -->
+<sect4 id="set-image-blocker">
+<title><emphasis>+set-image-blocker</emphasis></title>
+
+<variablelist>
+ <varlistentry>
+ <term>Type:</term>
+ <!-- Boolean, Parameterized, Multi-value -->
+ <listitem>
+ <para>Parameterized.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Typical uses:</term>
+ <listitem>
+ <para>
+ Decide what to do with URLs that end up tagged with <emphasis>both</emphasis>
+ <ulink url="configuration.html#BLOCK"><quote>+block</quote></ulink>
+ and <ulink
+ url="configuration.html#HANDLE-AS-IMAGE"><quote>+handle-as-image</quote></ulink>,
+ e.g an advertisement.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Possible values:</term>
+ <listitem>
+ <para>
+ There are four available options: <quote>-set-image-blocker</quote> will send a HTML
+ <quote>blocked</quote> page, usually resulting in a <quote>broken
+ image</quote> icon.
+ <quote>+set-image-blocker{<emphasis>blank</emphasis>}</quote> will send a
+ 1x1 transparent GIF image.
+ <quote>+set-image-blocker{<emphasis>pattern</emphasis>}</quote> will send a
+ checkerboard type pattern (the default). And finally,
+ <quote>+set-image-blocker{<emphasis>http://xyz.com</emphasis>}</quote> will
+ send a HTTP temporary redirect to the specified image. This has the
+ advantage of the icon being being cached by the browser, which will speed
+ up the display.
+ </para>
+ </listitem>
+ </varlistentry>
- <listitem>
- <para>
- Multi-value (e.g. <quote>{+/-add-header{Name: value}}</quote>, <quote>{+/-wafer{name=value}}</quote>):
- </para>
- <para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>{+name{param}}</emphasis> # enable action and add parameter <quote>param</quote>
- <emphasis>{-name{param}}</emphasis> # remove the parameter <quote>param</quote>
- <emphasis>{-name}</emphasis> # disable this action totally
- </literallayout>
- </msgtext>
- </literal>
- </para>
- </listitem>
+ <varlistentry>
+ <term>Example usage:</term>
+ <listitem>
+ <literallayout>
+ <emphasis>{+set-image-blocker{blank}}</emphasis>
+ <emphasis>.example.com</emphasis>
+ </literallayout>
+ </listitem>
+ </varlistentry>
- </itemizedlist>
-</para>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ If you want <emphasis>invisible</emphasis> ads, they need to meet
+ criteria as matching both <emphasis>images</emphasis> and <emphasis>blocked</emphasis>
+ actions. And then, <quote>image-blocker</quote> should be set to
+ <quote>blank</quote> for invisibility. Note you cannot treat HTML pages as
+ images in most cases. For instance, frames require an HTML page to
+ display. So a frame that is an ad, typically cannot be treated as an image.
+ Forcing an <quote>image</quote> in this situation just will not work
+ reliably.
+ </para>
+ </listitem>
+ </varlistentry>
-<para>
- If nothing is specified in this file, no <quote>actions</quote> are taken.
- So in this case <application>Privoxy</application> would just be a
- normal, non-blocking, non-anonymizing proxy. You must specifically
- enable the privacy and blocking features you need (although the
- provided default <filename>default.action</filename> file will
- give a good starting point).
-</para>
+</variablelist>
+</sect4>
-<para>
- Later defined actions always over-ride earlier ones. So exceptions
- to any rules you make, should come in the latter part of the file. For
- multi-valued actions, the actions are applied in the order they are
- specified.
-</para>
+<!-- ~~~~~ New section ~~~~~ -->
+<sect4 id="limit-connect">
+<title><emphasis>+limit-connect</emphasis></title>
-<para>
- The list of valid <application>Privoxy</application> <quote>actions</quote> are:
-</para>
+<variablelist>
+ <varlistentry>
+ <term>Type:</term>
+ <!-- Boolean, Parameterized, Multi-value -->
+ <listitem>
+ <para>Parameterized.</para>
+ </listitem>
+ </varlistentry>
-<para>
- <itemizedlist>
-
- <listitem>
- <para>
- Add the specified HTTP header, which is not checked for validity.
- You may specify this many times to specify many different headers:
- </para>
- <para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>+add-header{Name: value}</emphasis>
- </literallayout>
- </msgtext>
- </literal>
- </para>
- </listitem>
-
-
- <listitem>
- <para>
- Block this URL totally. In a default installation, a <quote>blocked</quote>
- URL will result in bright red banner that says <quote>BLOCKED</quote>,
- with a reason why it is being blocked, and an option to see it anyway.
- The page displayed for this is the <quote>blocked</quote> template
- file.
- </para>
- <para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>+block</emphasis>
- </literallayout>
- </msgtext>
- </literal>
- </para>
- </listitem>
-
+ <varlistentry>
+ <term>Typical uses:</term>
+ <listitem>
+ <para>
+ By default, <application>Privoxy</application> only allows HTTP CONNECT
+ requests to port 443 (the standard, secure HTTPS port). Use
+ <quote>+limit-connect</quote> to disable this altogether, or to allow
+ more ports.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Possible values:</term>
+ <listitem>
+ <para>
+ Any valid port number, or port number range.
+ </para>
+ </listitem>
+ </varlistentry>
- <listitem>
- <para>
- De-animate all animated GIF images, i.e. reduce them to their last frame.
- This will also shrink the images considerably (in bytes, not pixels!). If
- the option <quote>first</quote> is given, the first frame of the animation
- is used as the replacement. If <quote>last</quote> is given, the last frame
- of the animation is used instead, which probably makes more sense for most
- banner animations, but also has the risk of not showing the entire last
- frame (if it is only a delta to an earlier frame).
- </para>
- <para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>+deanimate-gifs{last}</emphasis>
- <emphasis>+deanimate-gifs{first}</emphasis>
- </literallayout>
- </msgtext>
- </literal>
+ <varlistentry>
+ <term>Example usages:</term>
+ <listitem>
+ <!-- I had trouble getting the spacing to look right in my browser -->
+ <!-- I probably have the wrong font setup, bollocks. -->
+ <!-- Apparently the emphasis tag uses a proportional font no matter what -->
+ <literallayout>
+ <emphasis>+limit-connect{443}</emphasis> # This is the default and need not be specified.
+ <emphasis>+limit-connect{80,443}</emphasis> # Ports 80 and 443 are OK.
+ <emphasis>+limit-connect{-3, 7, 20-100, 500-}</emphasis> # Port less than 3, 7, 20 to 100 and above 500 are OK.
+ </literallayout>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ The CONNECT methods exists in HTTP to allow access to secure websites
+ (https:// URLs) through proxies. It works very simply: the proxy connects
+ to the server on the specified port, and then short-circuits its
+ connections to the client <emphasis>and</emphasis> to the remote proxy.
+ This can be a big security hole, since CONNECT-enabled proxies can be
+ abused as TCP relays very easily.
</para>
- </listitem>
-
- <listitem>
- <para>
- <quote>+downgrade</quote> will downgrade HTTP/1.1 client requests to
- HTTP/1.0 and downgrade the responses as well. Use this action for servers
- that use HTTP/1.1 protocol features that
- <application>Privoxy</application> doesn't handle well yet. HTTP/1.1
- is only partially implemented. Default is not to downgrade requests.
+ <para>
+ If you want to allow CONNECT for more ports than this, or want to forbid
+ CONNECT altogether, you can specify a comma separated list of ports and
+ port ranges (the latter using dashes, with the minimum defaulting to 0 and
+ max to 65K).
</para>
<para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>+downgrade</emphasis>
- </literallayout>
- </msgtext>
- </literal>
+ If you don't know what any of this means, there probably is no reason to
+ change this one.
</para>
- </listitem>
+ </listitem>
+ </varlistentry>
+
+</variablelist>
+</sect4>
+
+<!-- ~~~~~ New section ~~~~~ -->
+<sect4 id="prevent-compression">
+<title><emphasis>+prevent-compression</emphasis></title>
+
+<variablelist>
+ <varlistentry>
+ <term>Type:</term>
+ <!-- Boolean, Parameterized, Multi-value -->
+ <listitem>
+ <para>Boolean.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Typical uses:</term>
+ <listitem>
+ <para>
+ Prevent the specified websites from compressing HTTP data.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Possible values:</term>
+ <listitem>
+ <para>
+ N/A
+ </para>
+ </listitem>
+ </varlistentry>
- <listitem>
- <para>
- Many sites, like yahoo.com, don't just link to other sites. Instead, they
- will link to some script on their own server, giving the destination as a
- parameter, which will then redirect you to the final target. URLs resulting
- from this scheme typically look like:
- <emphasis>http://some.place/some_script?http://some.where-else</emphasis>.
- </para>
- <para>
- Sometimes, there are even multiple consecutive redirects encoded in the
- URL. These redirections via scripts make your web browsing more traceable,
- since the server from which you follow such a link can see where you go to.
- Apart from that, valuable bandwidth and time is wasted, while your browser
- ask the server for one redirect after the other. Plus, it feeds the
- advertisers.
- </para>
- <para>
- The <quote>+fast-redirects</quote> option enables interception of these
- types of requests by <application>Privoxy</application>, who will cut off
- all but the last valid URL in the request and send a local redirect back to
- your browser without contacting the intermediate site(s).
- </para>
- <para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>+fast-redirects</emphasis>
- </literallayout>
- </msgtext>
- </literal>
- </para>
- </listitem>
+ <varlistentry>
+ <term>Example usage:</term>
+ <listitem>
+ <literallayout>
+ <emphasis>{+prevent-compression}</emphasis>
+ <emphasis>.example.com</emphasis>
+ </literallayout>
+ </listitem>
+ </varlistentry>
- <listitem>
- <para>
- Apply the filters in the <literal>section_header</literal>
- section of the <filename>default.filter</filename> file to the site(s).
- <filename>default.filter</filename> sections are grouped according to like
- functionality. <application>Filters</application> can be used to
- re-write any of the raw page content. This is a potentially a
- very powerful feature!
- </para>
-
- <para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>+filter{section_header}</emphasis>
- </literallayout>
- </msgtext>
- </literal>
- </para>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ Some websites do this, which can be a problem for
+ <application>Privoxy</application>, since
+ <ulink url="configuration.html#FILTER"><quote>+filter</quote></ulink>,
+ <ulink url="configuration.html#KILL-POPUPS"><quote>+kill-popups</quote></ulink>
+ and <ulink
+ url="configuration.html#GIF-DEANIMATE"><quote>+gif-deanimate</quote></ulink>
+ will not work on compressed data. This will slow down connections to those
+ websites, though. Default typically is to turn
+ <quote>prevent-compression</quote> on.
+ </para>
+ </listitem>
+ </varlistentry>
- <para>
- Filter sections that are pre-defined in the supplied
- <filename>default.filter</filename> include:
- </para>
+</variablelist>
+</sect4>
- <blockquote>
- <simplelist>
- <member>
- <emphasis>html-annoyances</emphasis>: Get rid of particularly annoying HTML abuse.
- </member>
- </simplelist>
- <simplelist>
- <member>
- <emphasis>js-annoyances</emphasis>: Get rid of particularly annoying JavaScript abuse
- </member>
- </simplelist>
- <simplelist>
- <member>
- <emphasis>no-poups</emphasis>: Kill all popups in JS and HTML
- </member>
- </simplelist>
- <simplelist>
- <member>
- <emphasis>frameset-borders</emphasis>: Give frames a border
- </member>
- </simplelist>
- <simplelist>
- <member>
- <emphasis>webbugs</emphasis>: Squish WebBugs (1x1 invisible GIFs used for user tracking)
- </member>
- </simplelist>
- <simplelist>
- <member>
- <emphasis>no-refresh</emphasis>: Automatic refresh sucks on auto-dialup lines
- </member>
- </simplelist>
- <simplelist>
- <member>
- <emphasis>fun</emphasis>: Text replacements for subversive browsing fun!
- </member>
- </simplelist>
- <simplelist>
- <member>
- <emphasis>nimda</emphasis>: Remove (virus) Nimda code.
- </member>
- </simplelist>
- <simplelist>
- <member>
- <emphasis>banners-by-size</emphasis>: Kill banners by size
- </member>
- </simplelist>
- <simplelist>
- <member>
- <emphasis>crude-parental</emphasis>: Kill all web pages that contain the words "sex" or "warez"
- </member>
- </simplelist>
- </blockquote>
+<!-- ~~~~~ New section ~~~~~ -->
+<sect4 id="session-cookies-only">
+<title><emphasis>+session-cookies-only</emphasis></title>
- </listitem>
+<variablelist>
+ <varlistentry>
+ <term>Type:</term>
+ <!-- Boolean, Parameterized, Multi-value -->
+ <listitem>
+ <para>Boolean.</para>
+ </listitem>
+ </varlistentry>
- <listitem>
- <para>
- Block any existing X-Forwarded-for header, and do not add a new one:
- </para>
- <para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>+hide-forwarded</emphasis>
- </literallayout>
- </msgtext>
- </literal>
- </para>
- </listitem>
+ <varlistentry>
+ <term>Typical uses:</term>
+ <listitem>
+ <para>
+ Allow cookies for the current browser session <emphasis>only</emphasis>.
+ </para>
+ </listitem>
+ </varlistentry>
- <listitem>
- <para>
- If the browser sends a <quote>From:</quote> header containing your e-mail
- address, this either completely removes the header (<quote>block</quote>), or
- changes it to the specified e-mail address.
- </para>
- <para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>+hide-from{block}</emphasis>
- <emphasis>+hide-from{spam@sittingduck.xqq}</emphasis>
- </literallayout>
- </msgtext>
- </literal>
- </para>
- </listitem>
-
- <listitem>
- <para>
- Don't send the <quote>Referer:</quote> (sic) header to the web site. You
- can block it, forge a URL to the same server as the request (which is
- preferred because some sites will not send images otherwise) or set it to a
- constant, user defined string of your choice.
- </para>
- <para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>+hide-referer{block}</emphasis>
- <emphasis>+hide-referer{forge}</emphasis>
- <emphasis>+hide-referer{http://nowhere.com}</emphasis>
- </literallayout>
- </msgtext>
- </literal>
- </para>
- </listitem>
+ <varlistentry>
+ <term>Possible values:</term>
+ <listitem>
+ <para>
+ N/A
+ </para>
+ </listitem>
+ </varlistentry>
- <listitem>
- <para>
- Alternative spelling of <quote>+hide-referer</quote>. It has the same
- parameters, and can be freely mixed with, <quote>+hide-referer</quote>.
- (<quote>referrer</quote> is the correct English spelling, however the HTTP
- specification has a bug - it requires it to be spelled <quote>referer</quote>.)
- </para>
- <para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>+hide-referrer{...}</emphasis>
- </literallayout>
- </msgtext>
- </literal>
- </para>
- </listitem>
+ <varlistentry>
+ <term>Example usage (disabling):</term>
+ <listitem>
+ <literallayout>
+ <emphasis>{-session-cookies-only}</emphasis>
+ <emphasis>.example.com</emphasis>
+ </literallayout>
+ </listitem>
+ </varlistentry>
- <listitem>
- <para>
- Change the <quote>User-Agent:</quote> header so web servers can't tell your
- browser type. Warning! This breaks many web sites. Specify the
- user-agent value you want. Example, pretend to be using Netscape on
- Linux:
- </para>
- <para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>+hide-user-agent{Mozilla (X11; I; Linux 2.0.32 i586)}</emphasis>
- </literallayout>
- </msgtext>
- </literal>
- </para>
- <!--
- <para>
- Or to identify yourself explicitly as a <application>Privoxy</application> user:
- </para>
- <para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>+hide-user-agent{Privoxy/1.0}</emphasis>
- </literallayout>
- </msgtext>
- </literal>
- </para>
- (Don't change the version number from 1.0 - after all, why tell them?)
- <para>
- </para>
- <para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>+hide-user-agent{browser-type}</emphasis>
- </literallayout>
- </msgtext>
- </literal>
- </para>
--->
- </listitem>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ If websites set cookies, <quote>+session-cookies-only</quote> will make sure
+ they are erased when you exit and restart your web browser. This makes
+ profiling cookies useless, but won't break sites which require cookies so
+ that you can log in for transactions. This is generally turned on for all
+ sites, and is the recommended setting.
+ </para>
+ <para>
+ <quote>+prevent-*-cookies</quote> actions should be turned off as well (see
+ below), for <quote>+session-cookies-only</quote> to work. Or, else no cookies
+ will get through at all. For, <quote>persistent</quote> cookies that survive
+ across browser sessions, see below as well.
+ </para>
+ </listitem>
+ </varlistentry>
- <listitem>
- <para>
- Treat this URL as an image. This only matters if it's also <quote>+block</quote>ed,
- in which case a <quote>blocked</quote> image can be sent rather than a HTML page.
- See <quote>+image-blocker{}</quote> below for the control over what is actually sent.
- If you want <emphasis>invisible</emphasis> ads, they should be defined as
- <emphasis>images</emphasis> and <emphasis>blocked</emphasis>. And also,
- <quote>image-blocker</quote> should be set to <quote>blank</quote>. Note you
- cannot treat HTML pages as images in most cases. For instance, frames
- require an HTML page to display. So a frame that is an ad, cannot be
- treated as an image. Forcing an <quote>image</quote> in this
- situation just will not work.
- </para>
- <para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>+image</emphasis>
- </literallayout>
- </msgtext>
- </literal>
- </para>
- </listitem>
-
- <listitem>
- <para> Decides what to do with URLs that end up tagged with <quote>{+block
- +image}</quote>, e.g an advertizement. There are five options.
- <quote>-image-blocker</quote> will send a HTML <quote>blocked</quote> page,
- usually resulting in a <quote>broken image</quote> icon.
-<!-- <quote>+image-blocker{logo}</quote> will send a -->
-<!-- <application>Privoxy</application> logo -->
-<!-- image. -->
-<quote>+image-blocker{blank}</quote> will send a 1x1 transparent GIF
-image. And finally, <quote>+image-blocker{http://xyz.com}</quote> will send a
-HTTP temporary redirect to the specified image. This has the advantage of the
-icon being being cached by the browser, which will speed up the display.
-<quote>+image-blocker{pattern}</quote> will send a checkboard type pattern
-<!-- , -->
-<!-- which scales better than the logo (which can get blocky if the browser -->
-<!-- enlarges it too much). -->
- </para>
- <para>
- <literal>
- <msgtext>
- <literallayout>
-<!-- <emphasis>+image-blocker{logo}</emphasis> -->
- <emphasis>+image-blocker{blank}</emphasis>
- <emphasis>+image-blocker{pattern}</emphasis>
- <emphasis>+image-blocker{http://p.p/send-banner}</emphasis>
- </literallayout>
- </msgtext>
- </literal>
- </para>
- </listitem>
-
- <listitem>
- <para>
- By default (i.e. in the absence of a <quote>+limit-connect</quote>
- action), <application>Privoxy</application> will only allow CONNECT
- requests to port 443, which is the standard port for https as a
- precaution.
- </para>
-
- <para>
- The CONNECT methods exists in HTTP to allow access to secure websites
- (https:// URLs) through proxies. It works very simply: the proxy
- connects to the server on the specified port, and then short-circuits
- its connections to the client <emphasis>and</emphasis> to the remote proxy.
- This can be a big security hole, since CONNECT-enabled proxies can
- be abused as TCP relays very easily.
- </para>
-
- <para>
- If you want to allow CONNECT for more ports than this, or want to forbid
- CONNECT altogether, you can specify a comma separated list of ports and
- port ranges (the latter using dashes, with the minimum defaulting to 0 and
- max to 65K):
- </para>
+</variablelist>
+</sect4>
- <para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>+limit-connect{443} # This is the default and need no be specified.</emphasis>
- <emphasis>+limit-connect{80,443} # Ports 80 and 443 are OK.</emphasis>
- <emphasis>+limit-connect{-3, 7, 20-100, 500-} # Port less than 3, 7, 20 to 100</emphasis>
- <emphasis> #and above 500 are OK.</emphasis>
- </literallayout>
- </msgtext>
- </literal>
- </para>
- </listitem>
-
- <listitem>
- <para>
- <quote>+no-compression</quote> prevents the website from compressing the
- data. Some websites do this, which can be a problem for
- <application>Privoxy</application>, since <quote>+filter</quote>,
- <quote>+no-popup</quote> and <quote>+gif-deanimate</quote> will not work on
- compressed data. This will slow down connections to those websites,
- though. Default is <quote>no-compression</quote> is turned on.
- </para>
+<!-- ~~~~~ New section ~~~~~ -->
+<sect4 id="prevent-reading-cookies">
+<title><emphasis>+prevent-reading-cookies</emphasis></title>
- <para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>+nocompression</emphasis>
- </literallayout>
- </msgtext>
- </literal>
- </para>
- </listitem>
-
- <listitem>
- <para>
- If the website sets cookies, <quote>no-cookies-keep</quote> will make sure
- they are erased when you exit and restart your web browser. This makes
- profiling cookies useless, but won't break sites which require cookies so
- that you can log in for transactions. Default: on.
- </para>
- <para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>+no-cookies-keep</emphasis>
- </literallayout>
- </msgtext>
- </literal>
- </para>
- </listitem>
+<variablelist>
+ <varlistentry>
+ <term>Type:</term>
+ <!-- Boolean, Parameterized, Multi-value -->
+ <listitem>
+ <para>Boolean.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Typical uses:</term>
+ <listitem>
+ <para>
+ Explicitly prevent the web server from reading any cookies on your
+ system.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Possible values:</term>
+ <listitem>
+ <para>
+ N/A
+ </para>
+ </listitem>
+ </varlistentry>
- <listitem>
- <para>
- Prevent the website from reading cookies:
- </para>
- <para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>+no-cookies-read</emphasis>
- </literallayout>
- </msgtext>
- </literal>
- </para>
- </listitem>
+ <varlistentry>
+ <term>Example usage:</term>
+ <listitem>
+ <literallayout>
+ <emphasis>{+prevent-reading-cookies}</emphasis>
+ <emphasis>.example.com</emphasis>
+ </literallayout>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ Often used in conjunction with <quote>+prevent-setting-cookies</quote> to
+ disable cookies completely. Note that
+ <ulink url="configuration.html#SESSION-COOKIES-ONLY"><quote>+session-cookies-only</quote></ulink>
+ requires these to both be disabled (or else it never gets any cookies to cache).
+ </para>
+ <para>
+ For <quote>persistent</quote> cookies to work (i.e. they survive across browser
+ sessions and reboots), all three cookie settings should be <quote>off</quote>
+ for the specified sites.
+ </para>
+ </listitem>
+ </varlistentry>
+
+</variablelist>
+</sect4>
+
+
+<!-- ~~~~~ New section ~~~~~ -->
+<sect4 id="prevent-setting-cookies">
+<title><emphasis>+prevent-setting-cookies</emphasis></title>
+
+<variablelist>
+ <varlistentry>
+ <term>Type:</term>
+ <!-- Boolean, Parameterized, Multi-value -->
+ <listitem>
+ <para>Boolean.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Typical uses:</term>
+ <listitem>
+ <para>
+ Explicitly block the web server from storing cookies on your
+ system.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Possible values:</term>
+ <listitem>
+ <para>
+ N/A
+ </para>
+ </listitem>
+ </varlistentry>
- <listitem>
- <para>
- Prevent the website from setting cookies:
- </para>
- <para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>+no-cookies-set</emphasis>
- </literallayout>
- </msgtext>
- </literal>
- </para>
- </listitem>
+ <varlistentry>
+ <term>Example usage:</term>
+ <listitem>
+ <literallayout>
+ <emphasis>{+prevent-setting-cookies}</emphasis>
+ <emphasis>.example.com</emphasis>
+ </literallayout>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ Often used in conjunction with <quote>+prevent-reading-cookies</quote> to
+ disable cookies completely (see above).
+ </para>
+ </listitem>
+ </varlistentry>
+
+</variablelist>
+</sect4>
+
+
+<!-- ~~~~~ Nvarlistentryew section ~~~~~ -->
+<sect4 id="kill-popup">
+<title><emphasis>+kill-popups<anchor id="kill-popups"></emphasis></title>
+<variablelist>
+ <varlistentry>
+ <term>Type:</term>
+ <!-- Boolean, Parameterized, Multi-value -->
+ <listitem>
+ <para>Boolean.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Typical uses:</term>
+ <listitem>
+ <para>
+ Stop those annoying JavaScript pop-up windows!
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Possible values:</term>
+ <listitem>
+ <para>
+ N/A
+ </para>
+ </listitem>
+ </varlistentry>
- <listitem>
- <para>
- Filter the website through a built-in filter to disable those obnoxious
- JavaScript pop-up windows via window.open(), etc. The two alternative
- spellings are equivalent.
- </para>
- <para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>+no-popup</emphasis>
- <emphasis>+no-popups</emphasis>
- </literallayout>
- </msgtext>
- </literal>
- </para>
- </listitem>
+ <varlistentry>
+ <term>Example usage:</term>
+ <listitem>
+ <literallayout>
+ <emphasis>{+kill-popups}</emphasis>
+ <emphasis>.example.com</emphasis>
+ </literallayout>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ <quote>+kill-popups</quote> uses a built in filter to disable pop-ups
+ that use the <literal>window.open()</literal> function, etc. This is
+ one of the first actions processed by <application>Privoxy</application>
+ as it contacts the remote web server. This action is not always 100% reliable,
+ and is supplemented by <quote>+filter{<emphasis>popups</emphasis>}</quote>.
+ </para>
+ <!--
+ <para>
+ An alternate spelling is <quote>+kill-popup</quote>, which is
+ interchangeable.
+ </para>
+ -->
+ </listitem>
+ </varlistentry>
+
+</variablelist>
+</sect4>
+
+
+<!-- ~~~~~ New section ~~~~~ -->
+<sect4 id="send-vanilla-wafer">
+<title><emphasis>+send-vanilla-wafer</emphasis></title>
+
+<variablelist>
+ <varlistentry>
+ <term>Type:</term>
+ <!-- Boolean, Parameterized, Multi-value -->
+ <listitem>
+ <para>Boolean.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Typical uses:</term>
+ <listitem>
+ <para>
+ Sends a cookie for every site stating that you do not accept any copyright
+ on cookies sent to you, and asking them not to track you.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Possible values:</term>
+ <listitem>
+ <para>
+ N/A
+ </para>
+ </listitem>
+ </varlistentry>
- <listitem>
- <para>
- This action only applies if you are using a <filename>jarfile</filename>
- for saving cookies. It sends a cookie to every site stating that you do not
- accept any copyright on cookies sent to you, and asking them not to track
- you. Of course, this is a (relatively) unique header they could use to
- track you.
- </para>
- <para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>+vanilla-wafer</emphasis>
- </literallayout>
- </msgtext>
- </literal>
- </para>
- </listitem>
+ <varlistentry>
+ <term>Example usage:</term>
+ <listitem>
+ <literallayout>
+ <emphasis>{+send-vanilla-wafer}</emphasis>
+ <emphasis>.example.com</emphasis>
+ </literallayout>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ This action only applies if you are using a <filename>jarfile</filename>
+ for saving cookies. Of course, this is a (relatively) unique header and
+ could conceivably be used to track you.
+ </para>
+ </listitem>
+ </varlistentry>
+
+</variablelist>
+</sect4>
+
+
+<!-- ~~~~~ New section ~~~~~ -->
+<sect4 id="send-wafer">
+<title><emphasis>+send-wafer</emphasis></title>
+
+<variablelist>
+ <varlistentry>
+ <term>Type:</term>
+ <!-- Boolean, Parameterized, Multi-value -->
+ <listitem>
+ <para>Multi-value.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Typical uses:</term>
+ <listitem>
+ <para>
+ This allows you to send an arbitrary, user definable cookie.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Possible values:</term>
+ <listitem>
+ <para>
+ User specified cookie name and corresponding value.
+ </para>
+ </listitem>
+ </varlistentry>
- <listitem>
- <para>
- This allows you to add an arbitrary cookie. It can be specified multiple
- times in order to add as many cookies as you like.
- </para>
- <para>
- <literal>
- <msgtext>
- <literallayout>
- <emphasis>+wafer{name=value}</emphasis>
- </literallayout>
- </msgtext>
- </literal>
- </para>
- </listitem>
+ <varlistentry>
+ <term>Example usage:</term>
+ <listitem>
+ <literallayout>
+ <emphasis>{+send-wafer{name=value}}</emphasis>
+ <emphasis>.example.com</emphasis>
+ </literallayout>
+ </listitem>
+ </varlistentry>
- </itemizedlist>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ This can be specified multiple times in order to add as many cookies as you
+ like.
+ </para>
+ </listitem>
+ </varlistentry>
+
+</variablelist>
+</sect4>
+
+
+<!-- ~~~~~ New section ~~~~~ -->
+<sect4 id="act-examples" renderas="sect3">
+<title>Actions Examples</title>
+<para>
+ Note that the meaning of any of the above examples is reversed by preceding
+ the action with a <quote>-</quote>, in place of the <quote>+</quote>. Also,
+ that some actions are turned on in the default section of the actions file,
+ and require little to no additional configuration. These are just <quote>on</quote>.
+ But, other actions that are turned on the default section <emphasis>do
+ typically require</emphasis> exceptions to be listed in the latter sections of
+ one of our actions file. For instance, by default no URLs are
+ <quote>blocked</quote> (i.e. in the default definitions of
+ <filename>default.action</filename>). We need exceptions to this in order to
+ enable ad blocking in the lower sections. But we need to be very selective
+ about what we do block.
+</para>
+
+<para>
+ Below is a liberally commented <filename>default.action</filename> file to
+ demonstrate how all the pieces come together. And to show how exceptions to
+ the default policies can be handled. This is followed by a
+ <filename>user.action</filename> with similar examples.
+</para>
+
+<para>
+ <literal>
+ <msgtext>
+ <literallayout>
+
+# Settings -- Don't change! For internal Privoxy use ONLY.
+{{settings}}
+for-privoxy-version=3.0
+
+
+##########################################################################
+# <ulink url="configuration.html#ALIASES">Aliases</ulink> must be defined *before* they are used. These are
+# easier to remember, and combine several actions into one. Once defined
+# they can be used just like any built-in action.
+##########################################################################
+
+# Some useful aliases.
+ -prevent-cookies = -prevent-setting-cookies -prevent-reading-cookies
+ +imageblock = +block +handle-as-image
+
+# Fragile sites should have the minimum changes:
+ fragile = -block -deanimate-gifs -fast-redirects -filter -hide-referer \
+ -prevent-cookies -kill-popups
+
+# Shops should be allowed to set persistent cookies
+ shop = -filter -prevent-cookies -session-cookies-only
+
+
+##########################################################################
+# Begin default action settings. Anything in this section will match
+# all URLs -- UNLESS we have exceptions that match defined below this
+# section. We will show all potential actions here whether they are on
+# or off. We could omit any disabled action if we wanted, since all
+# actions are 'off' by default anyway. Shown for completeness only.
+# Actions are enabled if preceded by a '+', otherwise they are disabled.
+##########################################################################
+ { \
+ <ulink url="configuration.html#ADD-HEADER">-add-header</ulink> \
+ <ulink url="configuration.html#BLOCK">-block</ulink> \
+ <ulink url="configuration.html#DEANIMATE-GIFS">-deanimate-gifs</ulink> \
+ <ulink url="configuration.html#DOWNGRADE-HTTP-VERSION">-downgrade-http-version</ulink> \
+ <ulink url="configuration.html#FAST-REDIRECTS">+fast-redirects</ulink> \
+ <ulink url="configuration.html#FILTER">+filter{html-annoyances}</ulink> \
+ <ulink url="configuration.html#FILTER">+filter{js-annoyances}</ulink> \
+ <ulink url="configuration.html#FILTER">-filter{content-cookies}</ulink> \
+ <ulink url="configuration.html#FILTER">-filter{popups}</ulink> \
+ <ulink url="configuration.html#FILTER">+filter{webbugs}</ulink> \
+ <ulink url="configuration.html#FILTER">-filter{refresh-tags}</ulink> \
+ <ulink url="configuration.html#FILTER">-filter{fun}</ulink> \
+ <ulink url="configuration.html#FILTER">+filter{nimda}</ulink> \
+ <ulink url="configuration.html#FILTER">+filter{banners-by-size}</ulink> \
+ <ulink url="configuration.html#FILTER">-filter{shockwave-flash}</ulink> \
+ <ulink url="configuration.html#FILTER">-filter{crude-prental}</ulink> \
+ <ulink url="configuration.html#HIDE-FORWARDED-FOR-HEADERS">+hide-forwarded-for-headers</ulink> \
+ <ulink url="configuration.html#HIDE-FROM-HEADER">+hide-from-header{block}</ulink> \
+ <ulink url="configuration.html#HIDE-REFERER">-hide-referrer</ulink> \
+ <ulink url="configuration.html#HIDE-USER-AGENT">-hide-user-agent</ulink> \
+ <ulink url="configuration.html#HANDLE-AS-IMAGE">-handle-as-image</ulink> \
+ <ulink url="configuration.html#SET-IMAGE-BLOCKER">+set-image-blocker{pattern}</ulink> \
+ <ulink url="configuration.html#LIMIT-CONNECT">-limit-connect</ulink> \
+ <ulink url="configuration.html#PREVENT-COMPRESSION">+prevent-compression</ulink> \
+ <ulink url="configuration.html#SESSION-COOKIES-ONLY">-session-cookies-only</ulink> \
+ <ulink url="configuration.html#PREVENT-READING-COOKIES">-prevent-reading-cookies</ulink> \
+ <ulink url="configuration.html#PREVENT-SETTING-COOKIES">-prevent-setting-cookies</ulink> \
+ <ulink url="configuration.html#KILL-POPUPS">-kill-popups</ulink> \
+ <ulink url="configuration.html#SEND-VANILLA-WAFER">-send-vanilla-wafer</ulink> \
+ <ulink url="configuration.html#SEND-WAFER">-send-wafer</ulink> \
+ }
+ / # forward slash will match *all* potential URL patterns.
+
+##########################################################################
+# Default behavior is now set. Time for some exceptions to our
+# default actions.
+##########################################################################
+
+# These sites are very complex and require very minimal interference.
+# We'll disable most actions with our 'fragile' alias.
+ {fragile}
+ .office.microsoft.com # surprise, surprise!
+ .windowsupdate.microsoft.com
+
+
+# Shopping sites - not as fragile but require some special
+# handling. We still want to block ads, and we will allow
+# persistant cookies via the 'shop' alias.
+ {shop}
+ .quietpc.com
+ .worldpay.com # for quietpc.com
+ .jungle.com
+ .scan.co.uk
+
+
+# These sites require pop-ups too :( We'll combine our 'shop'
+# alias with two other actions into one rule to allow all popups.
+ {shop -no-popups -filter{popups}}
+ .dabs.com
+ .overclockers.co.uk
+
+
+# The 'Fast-redirects' action breaks some sites. Disable this action
+# for these known sensitive sites.
+ {-fast-redirects}
+ www.ukc.ac.uk/cgi-bin/wac\.cgi\?
+ login.yahoo.com
+ edit.europe.yahoo.com
+ .google.com
+ .altavista.com/.*(like|url|link):http
+ .altavista.com/trans.*urltext=http
+ .nytimes.com
+
+
+# Define which file types will be treated as images. Important
+# for ad blocking.
+ {+handle-as-image}
+ /.*\.(gif|jpe?g|png|bmp|ico)
+
+
+# Now lets list some domains that are known ad generators. And
+# our alias here will block these as well as force them to be
+# treated as images. This combination of actions is important
+# for ad blocking. What the browser will show instead is
+# determined by the setting of <ulink url="configuration.html#SET-IMAGE-BLOCKER"><quote>+set-image-blocker</quote></ulink>
+ {+imageblock}
+ ar.atwola.com
+ .ad.doubleclick.net
+ .a.yimg.com/(?:(?!/i/).)*$
+ .a[0-9].yimg.com/(?:(?!/i/).)*$
+ bs*.gsanet.com
+ bs*.einets.com
+ .qkimg.net
+ ad.*.doubleclick.net
+
+
+# These will just simply be blocked. They will generate the BLOCKED
+# banner page, if matched. Heavy use of wildcards and regular
+# expressions in this example.
+ {+block}
+ ad*.
+ .*ads.
+ banner?.
+ count*.
+ /.*count(er)?\.(pl|cgi|exe|dll|asp|php[34]?)
+ /(?:.*/)?(publicite|werbung|rekla(ma|me|am)|annonse|maino(kset|nta|s)?)/
+ .hitbox.com
+
+
+# The above block section will catch some sites we DO NOT want
+# blocked via the wildcards and regular expressions. Now let's set
+# exceptions to the exceptions so the good guys get better treatment.
+ {-block}
+ advogato.org
+ adsl.
+ ad[ud]*.
+ advice.
+# Let's just trust all .edu top level domains.
+ .edu
+ www.ugu.com/sui/ugu/adv
+# We'll need to access to path names containing 'download'
+ .*downloads.
+ /downloads/
+# 'adv' is for globalintersec and means advanced, not advertisement
+ www.globalintersec.com/adv
+
+
+# Don't filter *anything* from our friends at sourceforge.
+# Notice we don't have to name the individual filter
+# identifiers -- we just turn them all off in one fell swoop.
+ {-filter}
+ .sourceforge.net
+
+ </literallayout>
+ </msgtext>
+ </literal>
+</para>
+
+<para>
+ So far we are painting with a broad brush by setting general policies.
+ The above would be a reasonable starting point for many situations. Now,
+ we want to be more specific and have customized rules that are more suitable
+ to our personal habits and preferences. These should be placed in
+ <filename>user.action</filename>, which is parsed after all other
+ actions files. So any settings here, will have the last word.
</para>
<para>
- The meaning of any of the above is reversed by preceding the action with a
- <quote>-</quote>, in place of the <quote>+</quote>.
+ Now an example of a few things that one might do with a <filename>user.action</filename>
+ file. This is where user preferences are defined.
</para>
+<!-- brief sample user.action here -->
+
+
+<!-- This is the old stuff. Left in temporarily for reference -->
+<!-- To be deleted when above is finished -->
<para>
Some examples:
</para>
<para>
- Turn off cookies by default, then allow a few through for specified sites:
+ Turn off cookies by default, then allow a few through for specified sites
+ (showing an excerpt from the <quote>default</quote> section of an actions
+ file ONLY):
</para>
<para>
<literal>
<msgtext>
<literallayout>
- # Turn off all persistent cookies
- { +no-cookies-read }
- { +no-cookies-set }
- # Allow cookies for this browser session ONLY
- { +no-cookies-keep }
+ # Excerpt only:
+ # Allow cookies to and from the server, but
+ # for this browser session ONLY
+ {
+ # other actions normally listed here...
+ -prevent-setting-cookies \
+ -prevent-reading-cookies \
+ +session-cookies-only \
+ }
+ / # match all URLs
# Exceptions to the above, sites that benefit from persistent cookies
- { -no-cookies-read }
- { -no-cookies-set }
- { -no-cookies-keep }
- .javasoft.com
- .sun.com
- .yahoo.com
- .msdn.microsoft.com
- .redhat.com
-
- # Alternative way of saying the same thing
- {-no-cookies-set -no-cookies-read -no-cookies-keep}
- .sourceforge.net
- .sf.net
+ # that are saved from one browser session to the next.
+ { -session-cookies-only }
+ .javasoft.com
+ .sun.com
+ .yahoo.com
+ .msdn.microsoft.com
+ .redhat.com
+
</literallayout>
</msgtext>
</literal>
<literal>
<msgtext>
<literallayout>
- # Turn them off!
- {+fast-redirects}
+ # Turn them off (excerpt only)!
+ {
+ # other actions normally listed here...
+ +fast-redirects
+ }
+ / # match all URLs
# Reverse it for these two sites, which don't work right without it.
{-fast-redirects}
- www.ukc.ac.uk/cgi-bin/wac\.cgi\?
- login.yahoo.com
+ www.ukc.ac.uk/cgi-bin/wac\.cgi\?
+ login.yahoo.com
</literallayout>
</msgtext>
</literal>
<para>
Turn on page filtering according to rules in the defined sections
- of <filename>refilterfile</filename>, and make one exception for
- sourceforge:
+ of <filename>default.filter</filename>, and make one exception for
+ Sourceforge:
</para>
<para>
<literal>
<msgtext>
<literallayout>
- # Run everything through the filter file, using only the
+ # Run everything through the filter file, using only certain
# specified sections:
- +filter{html-annoyances} +filter{js-annoyances} +filter{no-popups}\
- +filter{webbugs} +filter{nimda} +filter{banners-by-size}
+ {
+ # other actions normally listed here...
+ +filter{html-annoyances} +filter{js-annoyances} +filter{kill-popups}\
+ +filter{webbugs} +filter{nimda} +filter{banners-by-size}
+ }
+ / #match all URLs
- # Then disable filtering of code from sourceforge!
+ # Then disable filtering of code from all sourceforge domains!
{-filter}
- .cvs.sourceforge.net
+ .sourceforge.net
</literallayout>
</msgtext>
</literal>
<para>
Now some URLs that we want <quote>blocked</quote> (normally generates
- the <quote>blocked</quote> banner). Many of these use regular expressions
- that will expand to match multiple URLs:
-</para>
+ the <quote>blocked</quote> banner). Typically, the <quote>block</quote>
+ action is off by default in the upper section of an actions file, then enabled
+ against certain URLs and patterns in the lower part of the file. Many of these use <link
+ linkend="regex">regular expressions</link> that will expand to match multiple
+ URLs: </para>
<para>
<literal>
<literallayout>
# Blocklist:
{+block}
- /.*/(.*[-_.])?ads?[0-9]?(/|[-_.].*|\.(gif|jpe?g))
- /.*/(.*[-_.])?count(er)?(\.cgi|\.dll|\.exe|[?/])
+ ad*.
+ .*ads.
+ banner?.
+ count*.
+ /.*count(er)?\.(pl|cgi|exe|dll|asp|php[34]?)
+ /(?:.*/)?(publicite|werbung|rekla(ma|me|am)|annonse|maino(kset|nta|s)?)/
+ .hitbox.com
/.*/(ng)?adclient\.cgi
/.*/(plain|live|rotate)[-_.]?ads?/
- /.*/(sponsor)s?[0-9]?/
- /.*/_?(plain|live)?ads?(-banners)?/
/.*/abanners/
- /.*/ad(sdna_image|gifs?)/
- /.*/ad(server|stream|juggler)\.(cgi|pl|dll|exe)
- /.*/adbanners/
- /.*/adserver
- /.*/adstream\.cgi
- /.*/adv((er)?ts?|ertis(ing|ements?))?/
- /.*/banner_?ads/
- /.*/banners?/
- /.*/banners?\.cgi/
- /.*/cgi-bin/centralad/getimage
- /.*/images/addver\.gif
- /.*/images/marketing/.*\.(gif|jpe?g)
- /.*/popupads/
- /.*/siteads/
- /.*/sponsor.*\.gif
- /.*/sponsors?[0-9]?/
- /.*/advert[0-9]+\.jpg
- /Media/Images/Adds/
- /ad_images/
- /adimages/
- /.*/ads/
- /bannerfarm/
- /grafikk/annonse/
- /graphics/defaultAd/
- /image\.ng/AdType
- /image\.ng/transactionID
- /images/.*/.*_anim\.gif # alvin brattli
- /ip_img/.*\.(gif|jpe?g)
- /rotateads/
- /rotations/
- /worldnet/ad\.cgi
- /cgi-bin/nph-adclick.exe/
- /.*/Image/BannerAdvertising/
- /.*/ad-bin/
- /.*/adlib/server\.cgi
/autoads/
</literallayout>
</msgtext>
Note that many of these actions have the potential to cause a page to
misbehave, possibly even not to display at all. There are many ways
a site designer may choose to design his site, and what HTTP header
- content he may depend on. There is no way to have hard and fast rules
- for all sites. See the <link linkend="ACTIONSANAT">Appendix</link>
- for a brief example on troubleshooting actions.
+ content, and other criteria, he may depend on. There is no way to have hard
+ and fast rules for all sites. See the <link
+ linkend="ACTIONSANAT">Appendix</link> for a brief example on troubleshooting
+ actions.
</para>
+</sect4>
</sect3>
<!-- ~~~~~ New section ~~~~~ -->
-<sect3>
+<sect3 id="aliases">
<title>Aliases</title>
<para>
Custom <quote>actions</quote>, known to <application>Privoxy</application>
<quote>{</quote> or <quote>}</quote>. But please use only <quote>a</quote>-
<quote>z</quote>, <quote>0</quote>-<quote>9</quote>, <quote>+</quote>, and
<quote>-</quote>. Alias names are not case sensitive, and
- <emphasis>must be defined before anything</emphasis> else in the
- <filename>default.action</filename>file! And there can only be one set of
- <quote>aliases</quote> defined.
+ <emphasis>must be defined before other actions</emphasis> in the
+ actions file! And there can only be one set of <quote>aliases</quote>
+ defined per file. Each actions file may have its own aliases, but they are
+ only visible within that file.
</para>
<para>
<literallayout>
# Useful custom aliases we can use later. These must come first!
{{alias}}
- +no-cookies = +no-cookies-set +no-cookies-read
- -no-cookies = -no-cookies-set -no-cookies-read
- fragile = -block -no-cookies -filter -fast-redirects -hide-referer -no-popups
- shop = -no-cookies -filter -fast-redirects
- +imageblock = +block +image
-
- #For people who don't like to type too much: ;-)
- c0 = +no-cookies
- c1 = -no-cookies
- c2 = -no-cookies-set +no-cookies-read
- c3 = +no-cookies-set -no-cookies-read
+ +prevent-cookies = +prevent-setting-cookies +prevent-reading-cookies
+ -prevent-cookies = -prevent-setting-cookies -prevent-reading-cookies
+ fragile = -block -prevent-cookies -filter -fast-redirects -hide-referer -kill-popups
+ shop = -prevent-cookies -filter -fast-redirects
+ +imageblock = +block +handle-as-image
+
+ # Aliases defined from other aliases, for people who don't like to type
+ # too much: ;-)
+ c0 = +prevent-cookies
+ c1 = -prevent-cookies
#... etc. Customize to your heart's content.
</literallayout>
</msgtext>
<para>
Some examples using our <quote>shop</quote> and <quote>fragile</quote>
- aliases from above:
+ aliases from above. These would appear in the lower sections of an
+ actions file as exceptions to the default actions (as defined in the
+ upper section):
</para>
<para>
# These sites are very complex and require
# minimal interference.
{fragile}
- .office.microsoft.com
- .windowsupdate.microsoft.com
- .nytimes.com
+ .office.microsoft.com
+ .windowsupdate.microsoft.com
+ .nytimes.com
- # Shopping sites - still want to block ads.
+ # Shopping sites - but we still want to block ads.
{shop}
- .quietpc.com
- .worldpay.com # for quietpc.com
- .jungle.com
- .scan.co.uk
-
- # These shops require pop-ups
- {shop -no-popups}
- .dabs.com
- .overclockers.co.uk
+ .quietpc.com
+ .worldpay.com # for quietpc.com
+ .scan.co.uk
+
+ # These shops require pop-ups also
+ {shop -kill-popups}
+ .dabs.com
+ .overclockers.co.uk
</literallayout>
</msgtext>
</literal>
<!-- ~~~~~ New section ~~~~~ -->
-<sect2 id="filterfile">
+<sect2 id="filter-file">
<title>The Filter File</title>
<para>
Any web page can be dynamically modified with the filter file. This
</literal>
</para>
+
+<!-- ~~~~~ New section ~~~~~ -->
+<sect3>
+<title>The +filter Action</title>
+<para>
+ Filters are enabled with the <ulink
+ url="configuration.html#FILTER"><quote>+filter</quote></ulink> action from within
+ one of the actions files. <quote>+filter</quote> requires one parameter, which
+ should match one of the section identifiers in the filter file itself. Example:
+</para>
+
+<para>
+ <screen>
+ +filter{html-annoyances}
+ </screen>
+</para>
+
+<para>
+ This would activate that particular filter. Similarly, <quote>+filter</quote>
+ can be turned off for selected sites as:
+ <quote>-filter{html-annoyances}</quote>. Remember, all actions are off by
+ default, unless they are explicity enabled in one of the actions files.
+</para>
+
+</sect3>
+
</sect2>
<!-- ~ End section ~ -->
pages, such as a 404 Not Found error page, it uses the appropriate template.
On Linux, BSD, and Unix, these are located in
<filename>/etc/privoxy/templates</filename> by default. These may be
- customized, if desired.
+ customized, if desired. <filename>cgi-style.css</filename> is
+ used to control the HTML attributes (fonts, etc).
</para>
<para>
The default <quote>Blocked</quote> banner page with the bright red top
Requests</title>
<!-- Include contacting.sgml boilerplate: -->
-
&contacting;
-
<!-- end boilerplate -->
</sect1>
and then some examples:
</para>
-<simplelist>
+<para><simplelist>
<member>
<emphasis>.</emphasis> - Matches any single character, e.g. <quote>a</quote>,
<quote>A</quote>, <quote>4</quote>, <quote>:</quote>, or <quote>@</quote>.
</member>
-</simplelist>
+</simplelist></para>
-<simplelist>
+<para><simplelist>
<member>
<emphasis>?</emphasis> - The preceding character or expression is matched ZERO or ONE
times. Either/or.
</member>
-</simplelist>
+</simplelist></para>
-<simplelist>
+<para><simplelist>
<member>
<emphasis>+</emphasis> - The preceding character or expression is matched ONE or MORE
times.
</member>
-</simplelist>
+</simplelist></para>
-<simplelist>
+<para><simplelist>
<member>
<emphasis>*</emphasis> - The preceding character or expression is matched ZERO or MORE
times.
</member>
-</simplelist>
+</simplelist></para>
-<simplelist>
+<para><simplelist>
<member>
<emphasis>\</emphasis> - The <quote>escape</quote> character denotes that
the following character should be taken literally. This is used where one of the
special characters (e.g. <quote>.</quote>) needs to be taken literally and
- not as a special meta-character.
+ not as a special meta-character. Example: <quote>example\.com</quote>, makes
+ sure the period is recognized only as a period (and not expanded to its
+ meta-character meaning of any single character).
</member>
-</simplelist>
+</simplelist></para>
-<simplelist>
+<para><simplelist>
<member>
<emphasis>[]</emphasis> - Characters enclosed in brackets will be matched if
- any of the enclosed characters are encountered.
+ any of the enclosed characters are encountered. For instance, <quote>[0-9]</quote>
+ matches any numeric digit (zero through nine). As an example, we can combine
+ this with <quote>+</quote> to match any digit one of more times: <quote>[0-9]+</quote>.
</member>
-</simplelist>
+</simplelist></para>
-<simplelist>
+<para><simplelist>
<member>
<emphasis>()</emphasis> - parentheses are used to group a sub-expression,
or multiple sub-expressions.
</member>
-</simplelist>
+</simplelist></para>
-<simplelist>
+<para><simplelist>
<member>
<emphasis>|</emphasis> - The <quote>bar</quote> character works like an
<quote>or</quote> conditional statement. A match is successful if the
- sub-expression on either side of <quote>|</quote> matches.
+ sub-expression on either side of <quote>|</quote> matches. As an example:
+ <quote>/(this|that) example/</quote> uses grouping and the bar character
+ and would match either <quote>this example</quote> or <quote>that
+ example</quote>, and nothing else.
</member>
-</simplelist>
+</simplelist></para>
-<simplelist>
+<para><simplelist>
<member>
<emphasis>s/string1/string2/g</emphasis> - This is used to rewrite strings of text.
<quote>string1</quote> is replaced by <quote>string2</quote> in this
- example.
+ example. There must of course be a match on <quote>string1</quote> first.
</member>
-</simplelist>
+</simplelist></para>
<para>
These are just some of the ones you are likely to use when matching URLs with
<listitem>
<para>
- Show information about the current configuration:
+ Show information about the current configuration, including viewing and
+ editing of actions files:
</para>
<blockquote>
<para>
<listitem>
<para>
- Show the client's request headers:
+ Show the browser's request headers:
</para>
<blockquote>
<para>
</para>
</blockquote>
</listitem>
-
- <listitem>
- <para>
- Edit the actions list file:
- </para>
- <blockquote>
- <para>
- <ulink url="http://config.privoxy.org/edit-actions">http://config.privoxy.org/edit-actions</ulink>
- </para>
- </blockquote>
- </listitem>
</itemizedlist>
</para>
<para>
- These may be bookmarked for quick reference.
+ These may be bookmarked for quick reference. See next.
</para>
<sect3 id="bookmarklets">
<title>Bookmarklets</title>
<para>
- Here are some bookmarklets to allow you to easily access a
- <quote>mini</quote> version of this page. They are designed for MS Internet
- Explorer, but should work equally well in Netscape, Mozilla, and other
- browsers which support JavaScript. They are designed to run directly from
- your bookmarks - not by clicking the links below (although that will work for
- testing).
+ Below are some <quote>bookmarklets</quote> to allow you to easily access a
+ <quote>mini</quote> version of some of <application>Privoxy's</application>
+ special pages. They are designed for MS Internet Explorer, but should work
+ equally well in Netscape, Mozilla, and other browsers which support
+ JavaScript. They are designed to run directly from your bookmarks - not by
+ clicking the links below (although that should work for testing).
</para>
<para>
To save them, right-click the link and choose <quote>Add to Favorites</quote>
(IE) or <quote>Add Bookmark</quote> (Netscape). You will get a warning that
the bookmark <quote>may not be safe</quote> - just click OK. Then you can run the
- Bookmarklet directly from your favourites/bookmarks. For even faster access,
+ Bookmarklet directly from your favorites/bookmarks. For even faster access,
you can put them on the <quote>Links</quote> bar (IE) or the <quote>Personal
Toolbar</quote> (Netscape), and run them with a single click.
</para>
<listitem>
<para>
- <ulink url="javascript:void(window.open('http://config.privoxy.org/toggle?mini=y&set=enabled','ijbstatus','width=250,height=100,resizable=yes,scrollbars=no,toolbar=no,location=no,directories=no,status=no,menubar=no,copyhistory=no').focus());">Enable Privoxy</ulink>
+ <ulink
+ url="javascript:void(window.open('http://config.privoxy.org/toggle?mini=y&set=enabled','ijbstatus','width=250,height=100,resizable=yes,scrollbars=no,toolbar=no,location=no,directories=no,status=no,menubar=no,copyhistory=no').focus());">Privoxy - Enable</ulink>
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ <ulink
+ url="javascript:void(window.open('http://config.privoxy.org/toggle?mini=y&set=disabled','ijbstatus','width=250,height=100,resizable=yes,scrollbars=no,toolbar=no,location=no,directories=no,status=no,menubar=no,copyhistory=no').focus());">Privoxy - Disable</ulink>
</para>
</listitem>
<listitem>
<para>
- <ulink url="javascript:void(window.open('http://config.privoxy.org/toggle?mini=y&set=disabled','ijbstatus','width=250,height=100,resizable=yes,scrollbars=no,toolbar=no,location=no,directories=no,status=no,menubar=no,copyhistory=no').focus());">Disable Privoxy</ulink>
+ <ulink
+ url="javascript:void(window.open('http://config.privoxy.org/toggle?mini=y&set=toggle','ijbstatus','width=250,height=100,resizable=yes,scrollbars=no,toolbar=no,location=no,directories=no,status=no,menubar=no,copyhistory=no').focus());">Privoxy - Toggle Privoxy</ulink> (Toggles between enabled and disabled)
</para>
</listitem>
<listitem>
<para>
- <ulink url="javascript:void(window.open('http://config.privoxy.org/toggle?mini=y&set=toggle','ijbstatus','width=250,height=100,resizable=yes,scrollbars=no,toolbar=no,location=no,directories=no,status=no,menubar=no,copyhistory=no').focus());">Toggle Privoxy</ulink> (Toggles between enabled and disabled)
+ <ulink
+ url="javascript:void(window.open('http://config.privoxy.org/toggle?mini=y','ijbstatus','width=250,height=2,resizable=yes,scrollbars=no,toolbar=no,location=no,directories=no,status=no,menubar=no,copyhistory=no').focus());">Privoxy- View Status</ulink>
</para>
</listitem>
<listitem>
<para>
- <ulink url="javascript:void(window.open('http://config.privoxy.org/toggle?mini=y','ijbstatus','width=250,height=2,resizable=yes,scrollbars=no,toolbar=no,location=no,directories=no,status=no,menubar=no,copyhistory=no').focus());">View Privoxy Status</ulink>
+ <ulink url="javascript:w=Math.floor(screen.width/2);h=Math.floor(screen.height*0.9);void(window.open('http://www.privoxy.org/actions','Feedback','screenx='+w+',width='+w+',height='+h+',scrollbars=yes,toolbar=no,location=no,directories=no,status=no,menubar=no,copyhistory=no').focus());">Privoxy - Submit Filter Feedback</ulink>
</para>
</listitem>
</itemizedlist>
</para>
+
+
<para>
Credit: The site which gave me the general idea for these bookmarklets is
<ulink url="http://www.bookmarklets.com">www.bookmarklets.com</ulink>. They
</sect2>
+<!-- ~~~~~ New section ~~~~~ -->
+<sect2 id="chain">
+<title>Chain of Events</title>
+<para>
+ Let's take a quick look at the basic sequence of events when a web page is
+ requested by your browser and <application>Privoxy</application> is on duty:
+</para>
+
+<para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ First, your web browser requests a web page. The browser knows to send
+ the request to <application>Privoxy</application>, which will in turn,
+ relay the request to the remote web server after passing the following
+ tests:
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <application>Privoxy</application> traps any request for its own internal CGI
+ pages (e.g http://p.p/) and sends the CGI page back to the browser.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Next, <application>Privoxy</application> checks to see if the URL
+ matches any <ulink
+ url="configuration.html#BLOCK"><quote>+block</quote></ulink> patterns. If
+ so, the URL is then blocked, and the remote web server will not be contacted.
+ <ulink url="configuration.html#HANDLE-AS-IMAGE"><quote>+handle-as-image</quote></ulink>
+ is then checked and if it does not match, an
+ HTML <quote>BLOCKED</quote> page is sent back. Otherwise, if it does match,
+ an image is returned. The type of image depends on the setting of <ulink
+ url="configuration.html#SET-IMAGE-BLOCKER"><quote>+set-image-blocker</quote></ulink>
+ (blank, checkerboard pattern, or an HTTP redirect to an image elsewhere).
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Untrusted URLs are blocked. If URLs are being added to the
+ <filename>trust</filename> file, then that is done.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ If the URL pattern matches the <ulink
+ url="configuration.html#FAST-REDIRECTS"><quote>+fast-redirects</quote></ulink> action,
+ it is then processed. Unwanted parts of the requested URL are stripped.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Now the rest of the client browser's request headers are processed. If any
+ of these match any of the relevant actions (e.g. <ulink
+ url="configuration.html#HIDE-USER-AGENT"><quote>+hide-user-agent</quote></ulink>,
+ etc.), headers are suppressed or forged as determined by these actions and
+ their parameters.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Now the web server starts sending its response back (i.e. typically a web page and related
+ data).
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ First, the server headers are read and processed to determine, among other
+ things, the MIME type (document type) and encoding. The headers are then
+ filtered as deterimed by the
+ <ulink url="configuration.html#PREVENT-SETTING-COOKIES"><quote>+prevent-setting-cookies</quote></ulink>,
+ <ulink url="configuration.html#SESSION-COOKIES-ONLY"><quote>+session-cookies-only</quote></ulink>,
+ and <ulink url="configuration.html#DOWNGRADE-HTTP-VERSION"><quote>+downgrade-http-version</quote></ulink>
+ actions.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ If the <ulink url="configuration.html#KILL-POPUPS"><quote>+kill-popups</quote></ulink>
+ action applies, and it is an HTML or JavaScript document, the popup-code in the
+ response is filtered on-the-fly as it is received.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ If a <ulink url="configuration.html#FILTER"><quote>+filter</quote></ulink>
+ or <ulink
+ url="configuration.html#DEANIMATE-GIFS"><quote>+deanimate-gifs</quote></ulink>
+ action applies (and the document type fits the action), the rest of the page is
+ read into memory (up to a configurable limit). Then the filter rules (from
+ <filename>default.filter</filename>) are processed against the buffered
+ content. Filters are applied in the order they are specified in the
+ <filename>default.filter</filename> file. Animated GIFs, if present, are
+ reduced to either the first or last frame, depending on the action
+ setting.The entire page, which is now filtered, is then sent by
+ <application>Privoxy</application> back to your browser.
+ </para>
+ <para>
+ If neither <ulink url="configuration.html#FILTER"><quote>+filter</quote></ulink>
+ or <ulink
+ url="configuration.html#DEANIMATE-GIFS"><quote>+deanimate-gifs</quote></ulink>
+ matches, then <application>Privoxy</application> passes the raw data through
+ to the client browser as it becomes available.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ As the browser receives the now (probably filtered) page content, it
+ reads and then requests any URLs that may be embedded within the page
+ source, e.g. ad images, stylesheets, JavaScript, other HTML documents (e.g.
+ frames), sounds, etc. For each of these objects, the browser issues a new
+ request. And each such request is in turn processed as above. Note that a
+ complex web page may have many such embedded URLs.
+ </para>
+ </listitem>
+
+ </itemizedlist>
+</para>
+
+</sect2>
+
+
<!-- ~~~~~ New section ~~~~~ -->
<sect2 id="actionsanat">
<title>Anatomy of an Action</title>
<para>
- The way <application>Privoxy</application> applies <quote>actions</quote>
- and <quote>filters</quote> to any given URL can be complex, and not always so
+ The way <application>Privoxy</application> applies
+ <ulink url="configuration.html#ACTIONS"><quote>actions</quote></ulink>
+ and <ulink url="configuration.html#FILTER"><quote>filters</quote></ulink>
+ to any given URL can be complex, and not always so
easy to understand what is happening. And sometimes we need to be able to
<emphasis>see</emphasis> just what <application>Privoxy</application> is
doing. Especially, if something <application>Privoxy</application> is doing
- is causing us a problem inadvertantly. It can be a little daunting to look at
+ is causing us a problem inadvertently. It can be a little daunting to look at
the actions and filters files themselves, since they tend to be filled with
<quote>regular expressions</quote> whose consequences are not always
- so obvious. <application>Privoxy</application> provides the
+ so obvious.
+</para>
+
+<para>
+ One quick test to see if <application>Privoxy</application> is causing a problem
+ or not, is to disable it temporarily. This should be the first troubleshooting
+ step. See <link linkend="bookmarklets">the Bookmarklets</link> section on a quick
+ and easy way to do this (be sure to flush caches afterward!).
+</para>
+
+<para>
+ <application>Privoxy</application> also provides the
<ulink url="http://config.privoxy.org/show-url-info">http://config.privoxy.org/show-url-info</ulink>
page that can show us very specifically how <application>actions</application>
are being applied to any given URL. This is a big help for troubleshooting.
- </para>
+</para>
<para>
First, enter one URL (or partial URL) at the prompt, and then
<application>Privoxy</application> will tell us
how the current configuration will handle it. This will not
- help with filtering effects from the <filename>default.filter</filename> file! It
- also will not tell you about any other URLs that may be embedded within the
- URL you are testing. For instance, images such as ads are expressed as URLs
- within the raw page source of HTML pages. So you will only get info for the
- actual URL that is pasted into the prompt area -- not any sub-URLs. If you
- want to know about embedded URLs like ads, you will have to dig those out of
- the HTML source. Use your browser's <quote>View Page Source</quote> option
- for this. Or right click on the ad, and grab the URL.
+ help with filtering effects (i.e. the <ulink
+ url="configuration.html#FILTER"><quote>+filter</quote></ulink> action) from
+ the <filename>default.filter</filename> file since this is handled very
+ differently and not so easy to trap! It also will not tell you about any other
+ URLs that may be embedded within the URL you are testing. For instance, images
+ such as ads are expressed as URLs within the raw page source of HTML pages. So
+ you will only get info for the actual URL that is pasted into the prompt area
+ -- not any sub-URLs. If you want to know about embedded URLs like ads, you
+ will have to dig those out of the HTML source. Use your browser's <quote>View
+ Page Source</quote> option for this. Or right click on the ad, and grab the
+ URL.
</para>
<para>
- Let's
look at an example, <ulink url="http://google.com">google.com</ulink>,
- one section at a time:
+ Let's
try an example, <ulink url="http://google.com">google.com</ulink>,
+ and look at it one section at a time:
</para>
<para>
<screen>
- System default actions:
-
- { -add-header -block -deanimate-gifs -downgrade -fast-redirects -filter
- -hide-forwarded -hide-from -hide-referer -hide-user-agent -image
- -image-blocker -limit-connect -no-compression -no-cookies-keep
- -no-cookies-read -no-cookies-set -no-popups -vanilla-wafer -wafer }
-
- </screen>
-</para>
-
-<para>
- This is the top section, and only tells us of the compiled in defaults. This
- is basically what <application>Privoxy</application> would do if there
- were not any <quote>actions</quote> defined, i.e. it does nothing. Every action
- is disabled. This is not particularly informative for our purposes here. OK,
- next section:
-</para>
+ Matches for http://google.com:
-<para>
- <screen>
+--- File standard ---
+(no matches in this file)
- Matches for http://google.com:
+--- File default ---
- { -add-header -block +deanimate-gifs -downgrade +fast-redirects
- +filter{html-annoyances} +filter{js-annoyances} +filter{no-popups}
- +filter{webbugs} +filter{nimda} +filter{banners-by-size} +filter{hal}
- +filter{fun} +hide-forwarded +hide-from{block} +hide-referer{forge}
- -hide-user-agent -image +image-blocker{blank} +no-compression
- +no-cookies-keep -no-cookies-read -no-cookies-set +no-popups
- -vanilla-wafer -wafer }
- /
+{ -add-header -block +deanimate-gifs{last} -downgrade-http-version +fast-redirects
+ -filter{popups} -filter{fun} -filter{shockwave-flash} -filter{crude-parental}
+ +filter{html-annoyances} +filter{js-annoyances} +filter{content-cookies}
+ +filter{webbugs} +filter{refresh-tags} +filter{nimda} +filter{banners-by-size}
+ +hide-forwarded-for-headers +hide-from-header{block} +hide-referer{forge}
+ -hide-user-agent -handle-as-image +set-image-blocker{pattern} -limit-connect
+ +prevent-compression +session-cookies-only -prevent-reading-cookies
+ -prevent-setting-cookies -kill-popups -send-vanilla-wafer -send-wafer }
+/
- { -no-cookies-keep -no-cookies-read -no-cookies-set }
- .google.com
+ { -session-cookies-only }
+ .google.com
{ -fast-redirects }
- .google.com
+ .google.com
- </screen>
+--- File user ---
+(no matches in this file)
+</screen>
</para>
<para>
- This is much more informative, and tells us how we have defined our
- <quote>actions</quote>, and which ones match for our example,
- <quote>google.com</quote>. The first grouping shows our default
- settings, which would apply to all URLs. If you look at your <quote>actions</quote>
- file, this would be the section just below the <quote>aliases</quote> section
- near the top. This applies to all URLs as signified by the single forward
- slash -- <quote>/</quote>.
-
+ This tells us how we have defined our
+ <ulink url="configuration.html#ACTIONS"><quote>actions</quote></ulink>, and
+ which ones match for our example, <quote>google.com</quote>. The first listing
+ is any matches for the <filename>standard.action</filename> file. No hits at
+ all here on <quote>standard</quote>. Then next is <quote>default</quote>, or
+ our <filename>default.action</filename> file. The large, multi-line listing,
+ is how the actions are set to match for all URLs, i.e. our default settings.
+ If you look at your <quote>actions</quote> file, this would be the section
+ just below the <quote>aliases</quote> section near the top. This will apply to
+ all URLs as signified by the single forward slash at the end of the listing
+ -- <quote>/</quote>.
</para>
<para>
- These are the default actions we have enabled. But we can define additional
- actions that would be exceptions to these general rules, and then list
- specific URLs that these exceptions would apply to. Last match wins.
- Just below this then are two explict matches for <quote>.google.com</quote>.
- The first is negating our various cookie blocking actions (i.e. we will allow
- cookies here). The second is allowing <quote>fast-redirects</quote>. Note
- that there is a leading dot here -- <quote>.google.com</quote>. This will
- match any hosts and sub-domains, in the google.com domain also, such as
- <quote>www.google.com</quote>. So, apparently, we have these actions defined
- somewhere in the lower part of our actions file, and
- <quote>google.com</quote> is referenced in these sections.
+ But we can define additional actions that would be exceptions to these general
+ rules, and then list specific URLs (or patterns) that these exceptions would
+ apply to. Last match wins. Just below this then are two explicit matches for
+ <quote>.google.com</quote>. The first is negating our previous cookie setting,
+ which was for <ulink
+ url="configuration.html#SESSION-COOKIES-ONLY"><quote>+session-cookies-only</quote></ulink>
+ (i.e. not persistent). So we will allow persistent cookies for google. The
+ second turns <emphasis>off</emphasis> any
+ <ulink
+ url="configuration.html#FAST-REDIRECTS"><quote>+fast-redirects</quote></ulink>
+ action, allowing this to take place unmolested. Note that there is a leading
+ dot here -- <quote>.google.com</quote>. This will match any hosts and
+ sub-domains, in the google.com domain also, such as
+ <quote>www.google.com</quote>. So, apparently, we have these two actions
+ defined somewhere in the lower part of our <filename>default.action</filename>
+ file, and <quote>google.com</quote> is referenced somewhere in these latter
+ sections.
+</para>
+<para>
+ Then, for our <filename>user.action</filename> file, we again have no hits.
</para>
<para>
- And now we pull it altogether in the bottom section and summarize how
- <application>Privoxy</application> is appying all its <quote>actions</quote>
+ And finally we pull it all together in the bottom section and summarize how
+ <application>Privoxy</application> is applying all its <quote>actions</quote>
to <quote>google.com</quote>:
</para>
<screen>
Final results:
+ -add-header -block +deanimate-gifs{last} -downgrade-http-version -fast-redirects
+ -filter{popups} -filter{fun} -filter{shockwave-flash} -filter{crude-parental}
+ +filter{html-annoyances} +filter{js-annoyances} +filter{content-cookies}
+ +filter{webbugs} +filter{refresh-tags} +filter{nimda} +filter{banners-by-size}
+ +hide-forwarded-for-headers +hide-from-header{block} +hide-referer{forge}
+ -hide-user-agent -handle-as-image +set-image-blocker{pattern} -limit-connect
+ +prevent-compression -session-cookies-only -prevent-reading-cookies
+ -prevent-setting-cookies -kill-popups -send-vanilla-wafer -send-wafer
+</screen>
+</para>
- -add-header -block -deanimate-gifs -downgrade -fast-redirects
- +filter{html-annoyances} +filter{js-annoyances} +filter{no-popups}
- +filter{webbugs} +filter{nimda} +filter{banners-by-size} +filter{hal}
- +filter{fun} +hide-forwarded +hide-from{block} +hide-referer{forge}
- -hide-user-agent -image +image-blocker{blank} -limit-connect +no-compression
- -no-cookies-keep -no-cookies-read -no-cookies-set +no-popups -vanilla-wafer
- -wafer
-
- </screen>
+<para>
+ Notice the only difference here to the previous listing, is to
+ <quote>fast-redirects</quote> and <quote>session-cookies-only</quote>.
</para>
<para>
<para>
<screen>
- { +block +image }
+ { +block +handle-as-image }
.ad.doubleclick.net
- { +block +image }
+ { +block +handle-as-image }
ad*.
- { +block +image }
+ { +block +handle-as-image }
.doubleclick.net
-
- </screen>
+</screen>
</para>
<para>
We'll just show the interesting part here, the explicit matches. It is
- matched three different times. Each as an <quote>+block +image</quote>,
+ matched three different times. Each as an <quote>+block +handle-as-image</quote>,
which is the expanded form of one of our aliases that had been defined as:
- <quote>+imageblock</quote>. (<quote>Aliases</quote> are defined in the
- first section of the actions file and typically used to combine more
+ <quote>+imageblock</quote>. (<ulink
+ url="configuration.html#ALIASES"><quote>Aliases</quote></ulink> are defined in
+ the first section of the actions file and typically used to combine more
than one action.)
</para>
would also cover the first. No point in taking chances with these guys
though ;-) Note that if you want an ad or obnoxious
URL to be invisible, it should be defined as <quote>ad.doubleclick.net</quote>
- is done here -- as both a <quote>+block</quote> <emphasis>and</emphasis> an
- <quote>+image</quote>. The custom alias <quote>+imageblock</quote> does this
- for us.
+ is done here -- as both a <ulink
+ url="configuration.html#BLOCK"><quote>+block</quote></ulink>
+ <emphasis>and</emphasis> an
+ <ulink
+ url="configuration.html#HANDLE-AS-IMAGE"><quote>+handle-as-image</quote></ulink>.
+ The custom alias <quote>+imageblock</quote> just simplifies the process and make
+ it more readable.
</para>
<para>
Matches for http://www.rhapsodyk.net/adsl/HOWTO/:
- { -add-header -block +deanimate-gifs -downgrade +fast-redirects
- +filter{html-annoyances} +filter{js-annoyances} +filter{no-popups}
+ { -add-header -block +deanimate-gifs -downgrade-http-version +fast-redirects
+ +filter{html-annoyances} +filter{js-annoyances} +filter{kill-popups}
+filter{webbugs} +filter{nimda} +filter{banners-by-size} +filter{hal}
- +filter{fun} +hide-forwarded +hide-from{block} +hide-referer{forge}
- -hide-user-agent -image +image-blocker{blank} +no-compression
- +no-cookies-keep -no-cookies-read -no-cookies-set +no-popups
- -vanilla-wafer -wafer }
+ +filter{fun} +hide-forwarded-for-headers +hide-from-header{block}
+ +hide-referer{forge} -hide-user-agent -handle-as-image +set-image-blocker{blank}
+ +prevent-compression +session-cookies-only -prevent-setting-cookies
+ -prevent-reading-cookies +kill-popups -send-vanilla-wafer -send-wafer }
/
- { +block +image }
+ { +block +handle-as-image }
/ads
-
- </screen>
+</screen>
</para>
<para>
Ooops, the <quote>/adsl/</quote> is matching <quote>/ads</quote>! But
we did not want this at all! Now we see why we get the blank page. We could
- now add a new action below this that explictly does <emphasis>not</emphasis>
- block (-block) pages with <quote>adsl</quote>. There are various ways to
- handle such exceptions. Example:
+ now add a new action below this that explicitly does <emphasis>not</emphasis>
+ block (<quote>{-block}</quote>) paths with <quote>adsl</quote>. There are
+ various ways to handle such exceptions. Example:
</para>
<para>
{ -block }
/adsl
-
- </screen>
+</screen>
</para>
<para>
<para>
<screen>
- { -block }
- /adsl
-
- </screen>
+ { +block +handle-as-image }
+ /ads
+</screen>
</para>
<para>
.jungle.com
.scan.co.uk
.forbes.com
-
- </screen>
+</screen>
</para>
<para>
<quote>{shop}</quote> is an <quote>alias</quote> that expands to
- <quote>{ -filter -no-cookies -no-cookies-keep }</quote>. Or you could do
- your own exception to negate filtering:
+ <quote>{ -filter -session-cookies-only }</quote>.
+ Or you could do your own exception to negate filtering:
</para>
{-filter}
.forbes.com
-
- </screen>
+</screen>
+</para>
+
+<para>
+ This would probably be most appropriately put in <filename>user.action</filename>,
+ for local site exceptions.
</para>
<para>
Temple Place - Suite 330, Boston, MA 02111-1307, USA.
$Log: user-manual.sgml,v $
+ Revision 1.95 2002/04/26 17:23:29 swa
+ bookmarks cleaned, changed structure of user manual, screen and programlisting cleanups, and numerous other changes that I forgot
+
+ Revision 1.94 2002/04/26 05:24:36 hal9
+ -Add most of Andreas suggestions to Chain of Events section.
+ -A few other minor corrections and touch up.
+
+ Revision 1.92 2002/04/25 18:55:13 hal9
+ More catchups on new actions files, and new actions names.
+ Other assorted cleanups, and minor modifications.
+
+ Revision 1.91 2002/04/24 02:39:31 hal9
+ Add 'Chain of Events' section.
+
+ Revision 1.90 2002/04/23 21:41:25 hal9
+ Linuxconf is deprecated on RH, substitute chkconfig.
+
+ Revision 1.89 2002/04/23 21:05:28 oes
+ Added hint for startup on Red Hat
+
+ Revision 1.88 2002/04/23 05:37:54 hal9
+ Add AmigaOS install stuff.
+
+ Revision 1.87 2002/04/23 02:53:15 david__schmidt
+ Updated OSX installation section
+ Added a few English tweaks here an there
+
+ Revision 1.86 2002/04/21 01:46:32 hal9
+ Re-write actions section.
+
+ Revision 1.85 2002/04/18 21:23:23 hal9
+ Fix ugly typo (mine).
+
+ Revision 1.84 2002/04/18 21:17:13 hal9
+ Spell Redhat correctly (ie Red Hat). A few minor grammar corrections.
+
+ Revision 1.83 2002/04/18 18:21:12 oes
+ Added RPM install detail
+
+ Revision 1.82 2002/04/18 12:04:50 oes
+ Cosmetics
+
+ Revision 1.81 2002/04/18 11:50:24 oes
+ Extended Install section - needs fixing by packagers
+
+ Revision 1.80 2002/04/18 10:45:19 oes
+ Moved text to buildsource.sgml, renamed some filters, details
+
+ Revision 1.79 2002/04/18 03:18:06 hal9
+ Spellcheck, and minor touchups.
+
+ Revision 1.78 2002/04/17 18:04:16 oes
+ Proofreading part 2
+
+ Revision 1.77 2002/04/17 13:51:23 oes
+ Proofreading, part one
+
+ Revision 1.76 2002/04/16 04:25:51 hal9
+ -Added 'Note to Upgraders' and re-ordered the 'Quickstart' section.
+ -Note about proxy may need requests to re-read config files.
+
+ Revision 1.75 2002/04/12 02:08:48 david__schmidt
+ Remove OS/2 building info... it is already in the developer-manual
+
+ Revision 1.74 2002/04/11 00:54:38 hal9
+ Add small section on submitting actions.
+
+ Revision 1.73 2002/04/10 18:45:15 swa
+ generated
+
+ Revision 1.72 2002/04/10 04:06:19 hal9
+ Added actions feedback to Bookmarklets section
+
+ Revision 1.71 2002/04/08 22:59:26 hal9
+ Version update. Spell chkconfig correctly :)
+
+ Revision 1.70 2002/04/08 20:53:56 swa
+ ?
+
+ Revision 1.69 2002/04/06 05:07:29 hal9
+ -Add privoxy-man-page.sgml, for man page.
+ -Add authors.sgml for AUTHORS (and p-authors.sgml)
+ -Reworked various aspects of various docs.
+ -Added additional comments to sub-docs.
+
Revision 1.68 2002/04/04 18:46:47 swa
consistent look. reuse of copyright, history et. al.
projects / privoxy.git / blobdiff