<!entity license SYSTEM "license.sgml">
<!entity p-authors SYSTEM "p-authors.sgml">
<!entity config SYSTEM "p-config.sgml">
-<!entity p-version "3.0.9">
-<!entity p-status "UNRELEASED">
+<!entity p-version "3.0.10">
+<!entity p-status "stable">
<!entity % p-authors-formal "INCLUDE"> <!-- include additional text, etc -->
-<!entity % p-not-stable "INCLUDE">
-<!entity % p-stable "IGNORE">
+<!entity % p-not-stable "IGNORE">
+<!entity % p-stable "INCLUDE">
<!entity % p-text "IGNORE"> <!-- define we are not a text only doc -->
<!entity % p-doc "INCLUDE"> <!-- and we are a formal doc -->
<!entity % p-readme "IGNORE">
This file belongs into
ijbswa.sourceforge.net:/home/groups/i/ij/ijbswa/htdocs/
- $Id: user-manual.sgml,v 2.71 2008/04/10 17:37:16 fabiankeil Exp $
+ $Id: user-manual.sgml,v 2.83 2008/08/16 09:32:02 fabiankeil Exp $
Copyright (C) 2001-2008 Privoxy Developers http://www.privoxy.org/
See LICENSE.
</subscript>
</pubdate>
-<pubdate>$Id: user-manual.sgml,v 2.71 2008/04/10 17:37:16 fabiankeil Exp $</pubdate>
+<pubdate>$Id: user-manual.sgml,v 2.83 2008/08/16 09:32:02 fabiankeil Exp $</pubdate>
<!--
<sect1 id="whatsnew">
<title>What's New in this Release</title>
<para>
- There are many improvements and new features since <application>Privoxy 3.0.6</application>, the last stable release:
+ There are many improvements and new features since <application>Privoxy 3.0.8</application>, the last stable release:
</para>
<para>
<itemizedlist>
<listitem>
<para>
- Two new actions <link
- linkend="server-header-tagger">server-header-tagger</link>
- and <link
- linkend="client-header-tagger">client-header-tagger</link>
- that can be used to create arbitrary <quote>tags</quote>
- based on client and server headers.
- These <quote>tags</quote> can then subsequently be used
- to control the other actions used for the current request,
- greatly increasing &my-app;'s flexibility and selectivity. See <link
- linkend="tag-pattern">tag patterns</link> for more information on tags.
- </para>
- </listitem>
-
- <listitem>
- <para>
- Header filtering is done with dedicated header filters now. As a result
- the actions <quote>filter-client-headers</quote> and <quote>filter-server-headers</quote>
- that were introduced with <application>Privoxy 3.0.5</application> to apply
- content filters to the headers have been removed.
- See the new actions <link
- linkend="server-header-filter">server-header-filter</link>
- and <link
- linkend="client-header-filter">client-header-filter</link> for details.
- </para>
- </listitem>
- <listitem>
- <para>
- There are four new options for the main <filename>config</filename> file:
- </para>
-
- <itemizedlist>
- <listitem>
- <para>
- <link
- linkend="allow-cgi-request-crunching">allow-cgi-request-crunching</link>
- which allows requests for Privoxy's internal CGI pages to be
- blocked, redirected or (un)trusted like ordinary requests.
- </para>
- </listitem>
- <listitem>
- <para>
- <link
- linkend="split-large-forms">split-large-forms</link>
- that will work around a browser bug that caused IE6 and IE7 to
- ignore the Submit button on the Privoxy's edit-actions-for-url CGI
- page.
- </para>
- </listitem>
- <listitem>
- <para>
- <link
- linkend="accept-intercepted-requests">accept-intercepted-requests</link>
- which allows to combine Privoxy with any packet filter to create an
- intercepting proxy for HTTP/1.1 requests (and for HTTP/1.0 requests
- with Host header set). This means clients can be forced to use
- &my-app; even if their proxy settings are configured differently.
- </para>
- </listitem>
- <listitem>
- <para>
- <link
- linkend="templdir">templdir</link>
- to designate an alternate location for &my-app;'s
- locally customized CGI templates so that
- these are not overwritten during upgrades.
- </para>
- </listitem>
- </itemizedlist>
- </listitem>
-
+ Added SOCKS5 support (with address resolution done by
+ the SOCKS5 server). Patch provided by Eric M. Hopper.
+ </para>
+ </listitem>
<listitem>
<para>
- A new command line option <literal>--pre-chroot-nslookup hostname</literal> to
- initialize the resolver library before chroot'ing. On some systems this
- reduces the number of files that must be copied into the chroot tree.
- (Patch provided by Stephen Gildea)
+ The "blocked" CGI pages include a block reason that was
+ provided as argument to the last-applying block action.
</para>
</listitem>
-
<listitem>
<para>
- The <link
- linkend="forward-override">forward-override</link> action
- allows changing of the forwarding settings through the actions files.
- Combined with tags, this allows to choose the forwarder based on
- client headers like the <literal>User-Agent</literal>, or the request origin.
- </para>
+ If enable-edit-actions is disabled (the default since 3.0.7 beta)
+ the show-status page hides the edit buttons and explains why.
+ Previously the user would get the "this feature has been disabled"
+ message after using the edit button.
+ </para>
</listitem>
-
<listitem>
<para>
- The <link
- linkend="redirect">redirect</link> action can now use regular
- expression substitutions against the original URL.
+ Forbidden CONNECT requests are treated like blocks by default.
+ The now-pointless treat-forbidden-connects-like-blocks action
+ has been removed.
</para>
</listitem>
-
<listitem>
<para>
- <application>zlib</application> support is now available as a compile
- time option to filter compressed content. Patch provided by Wil Mahan.
+ Not enabling limit-connect now allows CONNECT requests to all ports.
+ In previous versions it would only allow CONNECT requests to port 443.
+ Use +limit-connect{443} if you think you need the old default behaviour.
</para>
</listitem>
- <listitem>
- <para>
- Improve various filters, and add new ones.
+ <listitem>
+ <para>
+ The CGI editor gets turned off after three edit requests with invalid
+ file modification timestamps. This makes life harder for attackers
+ who can leverage browser bugs to send fake Referers and intend to
+ brute-force edit URLs.
</para>
</listitem>
-
-
<listitem>
<para>
- Include support for RFC 3253 so that <filename>Subversion</filename> works
- with &my-app;. Patch provided by Petr Kadlec.
+ Action settings for multiple patterns in the same section are
+ shared in memory. As a result these sections take up less space
+ (and are loaded slightly faster). Problem reported by Franz Schwartau.
</para>
</listitem>
-
<listitem>
<para>
- Logging can be completely turned off by not specifying a logfile directive.
+ Linear white space in HTTP headers will be normalized to single
+ spaces before parsing the header's content, headers split across
+ multiple lines get merged first.
</para>
</listitem>
-
-
<listitem>
<para>
- A number of improvements to Privoxy's internal CGI pages, including the
- use of favicons for error and control pages.
+ Host information is gathered outside the main thread so it's less
+ likely to delay other incoming connections if the host is misconfigured.
</para>
</listitem>
-
<listitem>
<para>
- Many bugfixes, memory leaks addressed, code improvements, and logging
- improvements.
+ New config option "hostname" to use a hostname other than
+ the one returned by the operating system. Useful to speed-up responses
+ for CGI requests on misconfigured systems. Requested by Max Khon.
</para>
</listitem>
-
+ <listitem>
+ <para>
+ The CGI editor supports the "disable all filters of this type"
+ directives "-client-header-filter", "-server-header-filter",
+ "-client-header-tagger" and "-server-header-tagger".
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Fixed false-positives with the link-by-url filter and URLs that
+ contain the pattern "/jump/".
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ The less-download-windows filter no longer messes
+ "Content-Type: application/x-shockwave-flash" headers up.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ In the show-url-info page's "Final results" section active and
+ inactive actions are listed separately. Patch provided by Lee.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ The GNUmakefile supports the DESTDIR variable. Patch for
+ the install target submitted by Radoslaw Zielinski.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Embedding the content of configuration files in the show-status
+ page is significantly faster now. For a largish action file (1 MB)
+ a speedup of about 2450 times has been measured. This is mostly
+ interesting if you are using large action files or regularly use
+ Privoxy-Regression-Test while running Privoxy through Valgrind,
+ for stock configuration files it doesn't really matter.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ If zlib support is unavailable and there are content
+ filters active but the prevent-compression action is disabled,
+ the show-url-info page includes a warning that compression
+ might prevent filtering.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ The show-url-info page provides an OpenSearch Description that
+ allows to access the page through browser search plugins.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ The obsolete kill-popups action has been removed as the
+ PCRS-based popup filters can do the same and are slightly
+ less unreliable.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ The inspect-jpegs action has been removed.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ The send-wafer and send-vanilla-wafer actions have been removed.
+ They weren't particular useful and their behaviour could be emulated
+ with add-header anyway.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Privoxy-Regression-Test has been significantly improved.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Most sections in the default.action file contain tests for
+ Privoxy-Regression-Test to verify that they are working as intended.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Parts of Privoxy have been refactored to increase maintainability.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Building with zlib (if available) is done by default.
+ </para>
+ </listitem>
+ <itemizedlist>
+ <listitem>
+ <para>
+ Ordinary configuration file changes no longer cause program
+ termination on OS/2 if the name of the logfile hasn't been
+ changed as well. This regression probably crept in with the
+ logging improvements in 3.0.7. Reported by Maynard.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ The img-reorder filter is less likely to mess up JavaScript code in
+ img tags. Problem and solution reported by Glenn Washburn in #2014552.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ The source tar ball now includes Privoxy-Log-Parser,
+ a syntax-highlighter for Privoxy logs. For fancy screenshots see:
+ <link url="http://www.fabiankeil.de/sourcecode/privoxy-log-parser/"
+ >http://www.fabiankeil.de/sourcecode/privoxy-log-parser/</link>
+ Documentation is available through perldoc(1).
+ </para>
+ </listitem>
+ </itemizedlist>
</itemizedlist>
</para>
+
<para>
For a more detailed list of changes please have a look at the ChangeLog.
</para>
An administrator username and password must be supplied in order for
the Privoxy Utility to perform any of the tasks.
</para>
-<para>
- During installation, <application>Privoxy</application> is configured to
- start automatically when the system restarts. To start &my-app; manually,
- double-click on the <literal>StartPrivoxy.command</literal> icon in the
- <literal>/Library/Privoxy</literal> folder. Or, type this command
- in the Terminal:
-</para>
-<para>
- <screen>
- /Library/Privoxy/StartPrivoxy.command
- </screen>
-</para>
-<para>
- You will be prompted for the administrator password.
-</para>
</sect2>
▪ <ulink url="http://config.privoxy.org/toggle">Toggle Privoxy on or off</ulink>
</member>
<member>
- ▪ <ulink url="http://www.privoxy.org/
- &p-version;/user-manual/">Documentation</ulink>
+ ▪ <ulink
+ url="http://www.privoxy.org/&p-version;/user-manual/">Documentation</ulink>
</member>
</simplelist>
</msgtext>
</para>
<para>
The default profiles, and their associated actions, as pre-defined in
- <filename>standard.action</filename> are<!-- different than this table which is out of date -->:
+ <filename>standard.action</filename> are:
</para>
<para>
<table frame=all><title>Default Configurations</title>
<row>
<entry>Image tag reordering</entry>
<entry>no</entry>
- <entry>no</entry>
+ <entry>yes</entry>
<entry>yes</entry>
</row>
</listitem>
</varlistentry>
<varlistentry>
- <term><literal>www.example.com/index.html$</literal></term>
+ <term><literal>www.example.com/index.html</literal></term>
<listitem>
<para>
matches all the documents on <literal>www.example.com</literal>
to the blocked content (the latter only if the force feature is available and
enabled).
</para>
-<!--
-This doesn't actually work in all browser configuration and the user probably doesn't care anyway.
- <para>
- The <quote>BLOCKED</quote> page adapts to the available
- screen space -- it displays full-blown if space allows, or miniaturized and text-only
- if loaded into a small frame or window. If you are using <application>Privoxy</application>
- right now, you can take a look at the
- <ulink url="http://ads.bannerserver.example.com/nasty-ads/sponsor.html"><quote>BLOCKED</quote>
- page</ulink>.
- </para>
--->
<para>
A very important exception occurs if <emphasis>both</emphasis>
<literal>block</literal> and <literal><link linkend="handle-as-image">handle-as-image</link></literal>,
</para>
<para>
<anchor id="filter-crude-parental">
- <screen>+filter{crude-parental} # Crude parental filtering. Note that this filter doesn't work reliable.</screen>
+ <screen>+filter{crude-parental} # Crude parental filtering. Note that this filter doesn't work reliably.</screen>
</para>
<para>
<anchor id="filter-ie-exploits">
and be aware that using your own redirects might make it
possible to fingerprint your requests.
</para>
+ <para>
+ In case of problems with your redirects, or simply to watch
+ them working, enable <link linkend="DEBUG">debug 128</link>.
+ </para>
</listitem>
</varlistentry>
# (Note the $ at the end of the URL pattern to make sure
# the request for the rewritten URL isn't redirected as well)
{+redirect{s@$@&mode=expanded@}}
-undeadly.org/cgi\?action=article&sid=\d*$</screen>
+undeadly.org/cgi\?action=article&sid=\d*$
+
+# Redirect Google search requests to MSN
+{+redirect{s@^http://[^/]*/search\?q=([^&]*).*@http://search.msn.com/results.aspx?q=$1@}}
+.google.com/search
+
+# Redirect MSN search requests to Yahoo
+{+redirect{s@^http://[^/]*/results\.aspx\?q=([^&]*).*@http://search.yahoo.com/search?p=$1@}}
+search.msn.com//results\.aspx\?q=
+
+# Redirect remote requests for this manual
+# to the local version delivered by Privoxy
+{+redirect{s@^http://www@http://config@}}
+www.privoxy.org/user-manual/</screen>
</para>
</listitem>
</varlistentry>
USA
$Log: user-manual.sgml,v $
+ Revision 2.83 2008/08/16 09:32:02 fabiankeil
+ Mention changes since 3.0.9 beta.
+
+ Revision 2.82 2008/08/16 09:00:52 fabiankeil
+ Fix example URL pattern (once more with feeling).
+
+ Revision 2.81 2008/08/16 08:51:28 fabiankeil
+ Update version-related entities.
+
+ Revision 2.80 2008/07/18 16:54:30 fabiankeil
+ Remove erroneous whitespace in documentation link.
+ Reported by John Chronister in #2021611.
+
+ Revision 2.79 2008/06/27 18:00:53 markm68k
+ remove outdated startup information for mac os x
+
+ Revision 2.78 2008/06/21 17:03:03 fabiankeil
+ Fix typo.
+
+ Revision 2.77 2008/06/14 13:45:22 fabiankeil
+ Re-add a colon I unintentionally removed a few revisions ago.
+
+ Revision 2.76 2008/06/14 13:21:28 fabiankeil
+ Prepare for the upcoming 3.0.9 beta release.
+
+ Revision 2.75 2008/06/13 16:06:48 fabiankeil
+ Update the "What's New in this Release" section with
+ the ChangeLog entries changelog2doc.pl could handle.
+
+ Revision 2.74 2008/05/26 15:55:46 fabiankeil
+ - Update "default profiles" table.
+ - Add some more pcrs redirect examples and note that
+ enabling debug 128 helps to get redirects working.
+
+ Revision 2.73 2008/05/23 14:43:18 fabiankeil
+ Remove previously out-commented block that caused syntax problems.
+
+ Revision 2.72 2008/05/12 10:26:14 fabiankeil
+ Synchronize content filter descriptions with the ones in default.filter.
+
Revision 2.71 2008/04/10 17:37:16 fabiankeil
Actually we use "modern" POSIX 1003.2 regular
expressions in path patterns, not PCRE.
projects / privoxy.git / blobdiff