-<!DOCTYPE Article PUBLIC "-//OASIS//DTD DocBook V3.1//EN">
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook V3.1//EN">
<!--
-<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
File : $Source: /cvsroot/ijbswa/current/doc/source/user-manual.sgml,v $
Purpose : user manual
This file belongs into
ijbswa.sourceforge.net:/home/groups/i/ij/ijbswa/htdocs/
- $Id: user-manual.sgml,v 1.15 2001/10/14 23:46:24 hal9 Exp $
+ $Id: user-manual.sgml,v 1.27 2002/01/11 14:14:32 hal9 Exp $
Written by and Copyright (C) 2001 the SourceForge
IJBSWA team. http://ijbswa.sourceforge.net
<artheader>
<title>Junkbuster User Manual</title>
-<pubdate>$Id: user-manual.sgml,v 1.15 2001/10/14 23:46:24 hal9 Exp $</pubdate>
+<pubdate>$Id: user-manual.sgml,v 1.27 2002/01/11 14:14:32 hal9 Exp $</pubdate>
<authorgroup>
<author>
<listitem>
<para>
- Modularized configuration that will allow for system wide settings, and
- individual user settings.
+ A browser based configuration utility (WIP at
+ <ulink url="http://i.j.b">http://i.j.b</ulink>).
</para>
</listitem>
<listitem>
<para>
- A browser based GUI configuration utility (not finished).
+ Modularized configuration that will allow for system wide settings, and
+ individual user settings. (not implemented yet, probably a 3.1 feature)
</para>
</listitem>
<listitem>
<para>
- Partial support for HTTP/1.1.
+ Support for HTTP/1.1 (partially implemented at this point).
</para>
</listitem>
</para>
</listitem>
+ <listitem>
+ <para>
+ Auto-detection of config file changes.
+ </para>
+ </listitem>
+
+
</itemizedlist>
</para>
+<para>
+ In addition, the configuration is much more versatile overall.
+</para>
+
</sect2>
</sect1>
<para>
<screen>
- tar zxvf ijb_source_2.9*
- cd ijb_source_2.9*
+ tar xzvf ijb_source_* [.tgz or .tar.gz]
+ cd ijb_source_2.9.10_beta
</screen>
</para>
</para>
<para>
- Then, in either case, to build from source:
+ Then, in either case, to build from tarball/CVS source:
</para>
<para>
<screen>
- ./configure
- make
- su
- make install
+ ./configure (--help to see options)
+ make (the make from gnu, gmake for *BSD)
+ su
+ make -n install (to see where all the files will go)
+ make install (to really install)
</screen>
</para>
<para>
<screen>
+ autoheader [suggested for CVS source]
+ autoconf [suggested for CVS source]
./configure
make redhat-dist
</screen>
</para>
<para>
- /usr/src/redhat/RPMS/i686/junkbuster-2.9.8-1.i686.rpm
+ /usr/src/redhat/RPMS/i686/junkbuster-2.9.10-1.i686.rpm
</para>
<para>
- /usr/src/redhat/SRPMS/junkbuster-2.9.9-1.src.rpm
+ /usr/src/redhat/SRPMS/junkbuster-2.9.10-1.src.rpm
</para>
<para>
<para>
<screen>
- rpm -Uvv /usr/src/redhat/RPMS/i686/junkbuster-2.9.9-1.i686.rpm
+ rpm -Uvv /usr/src/redhat/RPMS/i686/junkbuster-2.9.10-1.i686.rpm
</screen>
</para>
<para>
<screen>
+ autoheader [suggested for CVS source]
+ autoconf [suggested for CVS source]
./configure
make suse-dist
</screen>
</para>
<para>
- /usr/src/suse/RPMS/i686/junkbuster-2.9.9-1.i686.rpm
+ /usr/src/packages/RPMS/i686/junkbuster-2.9.10-1.i686.rpm
</para>
<para>
- /usr/src/suse/SRPMS/junkbuster-2.9.9-1.src.rpm
+ /usr/src/packages/SRPMS/junkbuster-2.9.10-1.src.rpm
</para>
<para>
<para>
<screen>
- rpm -Uvv /usr/src/suse/RPMS/i686/junkbuster-2.9.9-1.i686.rpm
+ rpm -Uvv /usr/src/packages/RPMS/i686/junkbuster-2.9.10-1.i686.rpm
</screen>
</para>
</para>
<para>
- For FreeBSD (and other *BSDs?), the build will need <command>gmake</command>
+ For FreeBSD (and other *BSDs?), the build will require <command>gmake</command>
instead of the included <command>make</command>. <command>gmake</command> is
available from <ulink url="http://www.gnu.org">http://www.gnu.org</ulink>.
The rest should be the same as above for Linux/Unix.
</para>
<para>
- The installed defaults provide a reasonable starting point. For the
- time being, there are only three default configuration files (this will
- change in time):
+ The installed defaults provide a reasonable starting point, though possibly
+ aggressive by some standards. For the time being, there are only three
+ default configuration files (this will change in time):
</para>
<para>
<listitem>
<para>
The main configuration file is named <filename>config</filename>
- on Linux, Unix, BSD, and OS/2, and <filename>junkbustr.txt</filename> on
+ on Linux, Unix, BSD, and OS/2, and <filename>config.txt</filename> on
Windows. On Amiga, it is
<filename>AmiTCP:db/junkbuster/config</filename>.
</para>
<listitem>
<para>
- The <filename>actionsfile</filename> file is used to define various
- actions relating to images, banners, pop-ups, banners and cookies.
+ The <filename>ijb.action</filename> file is used to define various
+ <quote>actions</quote> relating to images, banners, pop-ups, access
+ restrictions, banners and cookies. There is a CGI based editor for this
+ file that can be accessed via <ulink
+ url="http://i.j.b">http://i.j.b</ulink>. This is the easiest method of
+ configuring actions. (Still under active development. Other actions
+ files are included as well with differing levels of filtering
+ and blocking, e.g. <filename>ijb-basic.action</filename>.)
</para>
</listitem>
</para>
<para>
- <filename>actionsfile</filename> and <filename>re_filterfile</filename>
+ <filename>ijb.action</filename> and <filename>re_filterfile</filename>
can use Perl style regular expressions for maximum flexibility. All files use
the <quote><literal>#</literal></quote> character to denote a comment. Such
lines are not processed by <application>Junkbuster</application>. After
- making any changes, restart <application>Junkbuster</application> in order
- for the changes to take effect.
+ making any changes, there is no need to restart
+ <application>Junkbuster</application> in order for the changes to take
+ effect. <application>Junkbuster</application> should detect such changes
+ automatically.
</para>
+<para>
+ While under development, the configuration content is subject to change.
+ The below documentation may not be accurate by the time you read this.
+ Also, what constitutes a <quote>default</quote> setting, may change, so
+ please check all your configuration files on important issues.
+</para>
<!-- ~~~~~ New section ~~~~~ -->
<title>The Main Configuration File</title>
<para>
Again, the main configuration file is named <filename>config</filename> on
- Linux/Unix/BSD and OS/2, and <filename>junkbustr.txt</filename> on Windows.
+ Linux/Unix/BSD and OS/2, and <filename>config.txt</filename> on Windows.
Configuration lines consist of an initial keyword followed by a list of
values, all separated by whitespace (any number of spaces or tabs). For
example:
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>blockfile blocklist.ini</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
</para>
<para>
- The <quote><literal>#</literal></quote> indicates a comment. Any part of a
+ A <quote><literal>#</literal></quote> indicates a comment. Any part of a
line following a <quote><literal>#</literal></quote> is ignored, except if
the <quote><literal>#</literal></quote> is preceded by a
<quote><literal>\</literal></quote>.
<para>
There are various aspects of <application>Junkbuster</application> behavior
- that can be adjusted.
+ that can be tuned.
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>confdir /etc/junkbuster</emphasis> # No trailing /, please.
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>logdir /var/log/junkbuster</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
</para>
<para>
- The <quote>actionsfile</quote> contains patterns to specify the actions to
+ The <quote>ijb.action</quote> file contains patterns to specify the actions to
apply to requests for each site. Default: Cookies to and from all
- destinations are filtered. Popups are disabled for all sites. All sites are
- filtered if re_filterfile specified. No sites are blocked. An empty image is
- displayed for filtered ads and other images (formerly
- <quote>tinygif</quote>). The syntax of this file is explained in detail
- <link linkend="actionsfile">below</link>.
+ destinations are kept only during the current browser session (i.e. they
+ are not saved to disk). Popups are disabled for all sites. All sites are
+ filtered if <quote>re_filterfile</quote> specified. No sites are blocked. An
+ empty image is displayed for filtered ads and other images (formerly
+ <quote>tinygif</quote>). The syntax of this file is explained in detail <link
+ linkend="actionsfile">below</link>.
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
- <emphasis>actionsfile actionsfile</emphasis>
+ <emphasis>actionsfile ijb.action</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>re_filterfile re_filterfile</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>logfile logfile</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>#jarfile jarfile</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>#trustfile trust</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>trust-info-url http://www.your-site.com/why_we_block.html</emphasis>
<emphasis>trust-info-url http://www.your-site.com/what_we_allow.html</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>#admin-address fill@me.in.please</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>proxy-info-url http://www.your-site.com/proxy.html</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
serve requests from other machines (e.g. on your local network) as well, you
will need to override the default. The syntax is
<quote>listen-address [<ip-address>]:<port></quote>. If you leave
- out the IP adress, <application>junkbuster</application> will bind to all
+ out the IP ad
dress, <application>junkbuster</application> will bind to all
interfaces (addresses) on your machine and may become reachable from the
- internet. In that case, consider using access control lists (acl's) (see
- <quote>aclfile</quote> above).
+ Internet. In that case, consider using access control lists (acl's) (see
+ <quote>aclfile</quote> above), or a firewall.
</para>
<para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>listen-address 192.168.0.1:8000</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>listen-address :8000</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
levels of debug are probably only of interest to developers.
</para>
-<Para>
- <Literal>
- <MSGText>
- <LiteralLayout>
+<para>
+ <literal>
+ <msgtext>
+ <literallayout>
debug 1 # GPC = show each GET/POST/CONNECT request
debug 2 # CONN = show each connection status
debug 4 # IO = show I/O status
debug 1024 # = debug kill popups
debug 4096 # INFO = Startup banner and warnings.
debug 8192 # ERROR = Non-fatal errors
- </LiteralLayout>
- </MSGText>
- </Literal>
-</Para>
+ </literallayout>
+ </msgtext>
+ </literal>
+</para>
<para>
It is <emphasis>highly recommended</emphasis> that you enable ERROR
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>debug 15 # same as setting the first 4 listed above</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>debug 1 # URLs</emphasis>
<emphasis>debug 4096 # Info</emphasis>
<emphasis>debug 8192 # Errors - *we highly recommended enabling this*</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>#single-threaded</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
The Windows version of <application>Junkbuster</application> puts an icon in
- the system tray, which allows you to change this option without having to
- edit this file. If you right-click on that icon (or select the
- <quote>Options</quote> menu), one choice is <quote>Enable</quote>. Clicking
- on enable toggles <application>Junkbuster</application> on and off. This is
- useful if you want to temporarily disable
- <application>Junkbuster</application>, e.g., to access a site that requires
- cookies which you normally have blocked.
+ the system tray, which also allows you to change this option. If you
+ right-click on that icon (or select the <quote>Options</quote> menu), one
+ choice is <quote>Enable</quote>. Clicking on enable toggles
+ <application>Junkbuster</application> on and off. This is useful if you want
+ to temporarily disable <application>Junkbuster</application>, e.g., to access
+ a site that requires cookies which you would otherwise have blocked. This can also
+ be toggled via a web browser at the <application>Junkbuster</application>
+ internal address of <ulink url="http://i.j.b">http://i.j.b</ulink> on
+ any platform.
</para>
<para>
<quote>toggle 1</quote> means <application>Junkbuster</application> runs
normally, <quote>toggle 0</quote> means that
<application>Junkbuster</application> becomes a non-anonymizing non-blocking
- proxy. Default: 1.
+ proxy. Default: 1 (on).
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>toggle 1</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
+ </literal>
+</para>
+
+<para>
+ For content filtering, i.e. the <quote>+filter</quote> and
+ <quote>+deanimate-gif</quote> actions, it is neccessary that
+ <application>Junkbuster</application> buffers the entire document body.
+ This can be potentially dangerous, since a server could just keep sending
+ data indefinitely and wait for your RAM to exhaust. With nasty consequences.
+</para>
+
+<para>
+ The <application>buffer-limit</application> option lets you set the maximum
+ size in Kbytes that each buffer may use. When the documents buffer exceeds
+ this size, it is flushed to the client unfiltered and no further attempt to
+ filter the rest of it is made. Remember that there may multiple threads
+ running, which might require increasing the <quote>buffer-limit</quote>
+ Kbytes <emphasis>each</emphasis>, unless you have enabled
+ <quote>single-threaded</quote> above.
+</para>
+
+<para>
+ <literal>
+ <msgtext>
+ <literallayout>
+ <emphasis>buffer-limit 4069</emphasis>
+ </literallayout>
+ </msgtext>
+ </literal>
+</para>
+
+<para>
+ To enable the web-based <filename>ijb.action</filename> file editor set
+ <application>enable-edit-actions</application> to 1, or 0 to disable. Note
+ that you must have compiled <application>JunkBuster</application> with
+ support for this feature, otherwise this option has no effect. This
+ internal page can be reached at <ulink
+ url="http://i.j.b">http://i.j.b</ulink>.
+ </para>
+
+<para>
+ Security note: If this is enabled, anyone who can use the proxy
+ can edit the actions file, and their changes will affect all users.
+ For shared proxies, you probably want to disable this. Default: enabled.
+</para>
+
+<para>
+ <literal>
+ <msgtext>
+ <literallayout>
+ <emphasis>enable-edit-actions 1</emphasis>
+ </literallayout>
+ </msgtext>
+ </literal>
+</para>
+
+<para>
+ Allow <application>JunkBuster</application> to be toggled on and off
+ remotely, using your web browser. Set <quote>enable-remote-toggle</quote>to
+ 1 to enable, and 0 to disable. Note that you must have compiled
+ <application>JunkBuster</application> with support for this feature,
+ otherwise this option has no effect.
+</para>
+
+<para>
+ Security note: If this is enabled, anyone who can use the proxy can toggle
+ it on or off (see <ulink url="http://i.j.b">http://i.j.b</ulink>), and
+ their changes will affect all users. For shared proxies, you probably want to
+ disable this. Default: enabled.
+</para>
+
+<para>
+ <literal>
+ <msgtext>
+ <literallayout>
+ <emphasis>enable-remote-toggle 1</emphasis>
+ </literallayout>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
ACTION SRC_ADDR[/SRC_MASKLEN] [ DST_ADDR[/DST_MASKLEN] ]
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>ACTION</emphasis> = <quote>permit-access</quote> or <quote>deny-access</quote>
<emphasis>DST_ADDR</emphasis> = server or forwarder hostname or dotted IP address
<emphasis>DST_MASKLEN</emphasis> = number of bits in the subnet mask for the target
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>permit-access localhost</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>permit-access www.junkbusters.com/24</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>deny-access ident.junkbusters.com</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>permit-access 207.153.200.0/24</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>permit-access 0.0.0.0/0</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>permit-access .org</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>permit-access 0.0.0.0/0 0.0.0.0/0</emphasis> # other clients can go anywhere
# with the following exceptions:
<emphasis>permit 123.124.0.0/16 0.0.0.0/0</emphasis> # the ISP's clients can go
# anywhere
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
This feature allows chaining of HTTP requests via multiple proxies.
It can be used to better protect privacy and confidentiality when
accessing specific domains by routing requests to those domains
- to a special purpose filtering proxy such as lpwa.com.
+ to a special purpose filtering proxy such as lpwa.com. Or to use
+ a caching proxy to speed up browsing.
</para>
<para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>forward target_domain[:port] http_proxy_host[:port]</emphasis>
<emphasis>forward-socks4 target_domain[:port] socks_proxy_host[:port] http_proxy_host[:port]</emphasis>
<emphasis>forward-socks4a target_domain[:port] socks_proxy_host[:port] http_proxy_host[:port]</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>forward .* . </emphasis># implicit
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>forward .* lpwa.com:8000</emphasis>
<emphasis>forward :443 .</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>forward lpwa. lpwa.com:8000</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>forward .* caching.myisp.net:8000</emphasis>
<emphasis>forward myisp.net .</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>forward .* proxy:8080</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
- Also, we're told they insist on getting cookies and JavaScript, so you need
- to add home.com to the cookie file. We consider JavaScript a security risk.
+ Also, we're told they insist on getting cookies and JavaScript, so you should
+ add home.com to the cookie file. We consider JavaScript a security risk.
Java need not be enabled.
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
- <emphasis>forward_socks4 .* lpwa.com:8000 firewall.my_company.com:1080</emphasis>
+ <emphasis>forward-socks4 .* lpwa.com:8000 firewall.my_company.com:1080</emphasis>
<emphasis>forward my_company.com .</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
- <emphasis>forward_socks4a .* . firewall.my_company.com:1080</emphasis>
+ <emphasis>forward-socks4a .* . firewall.my_company.com:1080</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>forward .* .</emphasis>
<emphasis>forward isp-b.com host-b:8000</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>forward .* .</emphasis>
<emphasis>forward isp-a.com host-a:8000</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>forward *. ssbcache.ukc.ac.uk:3128</emphasis> # Use the proxy, except for:
<emphasis>forward .ukc.ac.uk . </emphasis> # Anything on the same domain as us
<emphasis>forward localhost.localdomain . </emphasis> # Loopback address
<emphasis>forward www.ukc.mirror.ac.uk . </emphasis> # Specific host
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
# Define junkbuster as parent cache
<!-- per feedback from user...
# Forward the rest to junkbuster
never_direct allow all
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>activity-animation 1</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>log-messages 1</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>log-buffer-size 1</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>log-max-lines 200</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>log-highlight-messages 1</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>log-font-name Comic Sans MS</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>log-font-size 8</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>show-on-task-bar 0</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>close-button-minimizes 1</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
#hide-console
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<title>The Actions File</title>
<para>
- The <quote>actionsfile</quote> is used to define what actions
+ The <quote>ijb.action</quote> file (formerly
+ <filename>actionsfile</filename>) is used to define what actions
<application>Junkbuster</application> takes, and thus determines how images,
cookies and various other aspects of HTTP content and transactions are
handled. Images can be anything you want, including ads, banners, or just
some obnoxious image that you would rather not see. Cookies can be accepted
- or rejected. The default file is in fact named <filename>actionsfile</filename>.
+ or rejected, or accepted only during the current browser session (i.e.
+ not written to disk). Changes to <filename>ijb.action</filename> should
+ be immediately visible to <application>Junkbuster</application> without
+ the need to restart.
</para>
<para>
url="http://i.j.b/show-url-info">http://i.j.b/show-url-info</ulink>.
</para>
+<para>
+ The actions file can be edited with a browser by loading
+ <ulink url="http://i.j.b/">http://i.j.b/</ulink>, and then select
+ <quote>Edit Actions</quote>.
+</para>
+
<para>
There are four types of lines in this file: comments (begin with a
<quote>#</quote> character), actions, aliases and patterns, all of which are
- explained below.
+ explained below, as well as the configuration file syntax that
+ <application>Junkbuster</application> understands.
+
</para>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>{+name}</emphasis> # enable this action
<emphasis>{-name}</emphasis> # disable this action
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
</listitem>
<listitem>
<para>
- Parameterized (e.g. <quote>+/-hide-user-agent</quote>):
+ parameterized (e.g. <quote>+/-hide-user-agent</quote>):
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>{+name{param}}</emphasis> # enable action and set parameter to <quote>param</quote>
<emphasis>{-name}</emphasis> # disable action
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
</listitem>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>{+name{param}}</emphasis> # enable action and add parameter <quote>param</quote>
<emphasis>{-name{param}}</emphasis> # remove the parameter <quote>param</quote>
<emphasis>{-name}</emphasis> # disable this action totally
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
</listitem>
So in this case <application>JunkBuster</application> would just be a
normal, non-blocking, non-anonymizing proxy. You must specifically
enable the privacy and blocking features you need (although the
- provided default <filename>actionsfile</filename> file will
+ provided default <filename>ijb.action</filename> file will
give a good starting point).
</para>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>+add-header{Name: value}</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
</listitem>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>+block</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
</listitem>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>+deanimate-gifs{last}</emphasis>
<emphasis>+deanimate-gifs{first}</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
</listitem>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>+downgrade</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
</listitem>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>+fast-redirects</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
</listitem>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>+filter{filename}</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
</listitem>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>+hide-forwarded</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
</listitem>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>+hide-from{block}</emphasis>
<emphasis>+hide-from{spam@sittingduck.xqq}</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
</listitem>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>+hide-referer{block}</emphasis>
<emphasis>+hide-referer{forge}</emphasis>
<emphasis>+hide-referer{http://nowhere.com}</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
</listitem>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>+hide-referrer{...}</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
</listitem>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>+hide-user-agent{Mozilla (X11; I; Linux 2.0.32 i586)}</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<!--
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>+hide-user-agent{JunkBuster/1.0}</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
(Don't change the version number from 1.0 - after all, why tell them?)
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>+hide-user-agent{browser-type}</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
-->
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>+image</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
</listitem>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>+image-blocker{logo}</emphasis>
<emphasis>+image-blocker{blank}</emphasis>
<emphasis>+image-blocker{http://i.j.b/send-banner}</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
</listitem>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>+limit-connect{443} # This is the default and need no be specified.</emphasis>
<emphasis>+limit-connect{80,443} # Ports 80 and 443 are OK.</emphasis>
<emphasis>+limit-connect{-3, 7, 20-100, 500-} # Port less than 3, 7, 20 to 100</emphasis>
<emphasis> #and above 500 are OK.</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>+nocompression</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
</listitem>
+ <listitem>
+ <para>
+ If the website sets cookies, <quote>no-cookies-keep</quote> will make sure
+ they are erased when you exit and restart your web browser. This makes
+ profiling cookies useless, but won't break sites which require cookies so
+ that you can log in for transactions. Default: on.
+ </para>
+ <para>
+ <literal>
+ <msgtext>
+ <literallayout>
+ <emphasis>+no-cookies-keep</emphasis>
+ </literallayout>
+ </msgtext>
+ </literal>
+ </para>
+ </listitem>
+
<listitem>
<para>
Prevent the website from reading cookies:
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>+no-cookies-read</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
</listitem>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>+no-cookies-set</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
</listitem>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>+no-popup</emphasis>
<emphasis>+no-popups</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
</listitem>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>+vanilla-wafer</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
</listitem>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
<emphasis>+wafer{name=value}</emphasis>
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
</listitem>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
- # Turn off all cookies
+ # Turn off all persistant cookies
{ +no-cookies-read }
{ +no-cookies-set }
+ # Allow cookies for this browser session ONLY
+ { +no-cookies-keep }
- # Execeptions to the above, sites that need cookies
+ # Execeptions to the above, sites that benefit from persistant cookies
{ -no-cookies-read }
{ -no-cookies-set }
+ { -no-cookies-keep }
.javasoft.com
.sun.com
.yahoo.com
.redhat.com
# Alternative way of saying the same thing
- {-no-cookies-set -no-cookies-read}
+ {-no-cookies-set -no-cookies-read -no-cookies-keep}
.sourceforge.net
.sf.net
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
# Turn them off!
{+fast-redirects}
www.ukc.ac.uk/cgi-bin/wac\.cgi\?
login.yahoo.com
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
# Run everything through the default filter file (<filename>re_filterfile</filename>):
{+filter}
{-filter}
.cvs.sourceforge.net
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
# Blocklist:
{+block}
/.*/adlib/server\.cgi
/autoads/
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<quote>{</quote> or <quote>}</quote>. But please use only <quote>a</quote>-
<quote>z</quote>, <quote>0</quote>-<quote>9</quote>, <quote>+</quote>, and
<quote>-</quote>. Alias names are not case sensitive, and
- <emphasis>must be defined before anything</emphasis> else in
- <filename>actionsfile</filename>! And there can only be one set of
- <quote>aliases</quote> of defined.
+ <emphasis>must be defined before anything</emphasis> else in the
+ <filename>ijb.action</filename>file ! And there can only be one set of
+ <quote>aliases</quote> defined.
</para>
<para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
# Useful customer aliases we can use later. These must come first!
{{alias}}
c3 = +no-cookies-set -no-cookies-read
#... etc. Customize to your heart's content.
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
# These sites are very complex and require
# minimal interference.
.dabs.com
.overclockers.co.uk
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
# The status bar is for displaying link targets, not pointless buzzwords.
# Again, check it out on http://www.airport-cgn.de/.
s/status='.*?';*//ig
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
s/microsoft(?!.com)/MicroSuck/ig
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
<para>
<literal>
- <MSGText>
+ <msgtext>
<literallayout>
# Kill refresh tags. I like to refresh myself. Manually.
# check it out on http://www.airport-cgn.de/ and go to the arrivals page.
s/<meta[^>]*http-equiv[^>]*refresh.*URL=([^>]*?)"?>/<link rev="x-refresh" href=$1>/i
s/<meta[^>]*http-equiv="?page-enter"?[^>]*content=[^>]*>/<!--no page enter for me-->/i
</literallayout>
- </MSGText>
+ </msgtext>
</literal>
</para>
</sect2>
+<!-- ~ End section ~ -->
+
+
+
+<!-- ~~~~~ New section ~~~~~ -->
+
+<sect2>
+<title>Templates</title>
+<para>
+ When <application>Junkbuster</application> displays one of its internal
+ pages, such as a 404 Not Found error page, it uses the appropriate template.
+ On Linux, BSD, and Unix, these are locate in
+ <filename>/etc/junkbuster/templates</filename> by default. These may be
+ customized, if desired.
+
+</para>
+</sect2>
+
</sect1>
+<!-- ~ End section ~ -->
+
+
+
<!-- ~~~~~ New section ~~~~~ -->
<sect1 id="quickstart"><title>Quickstart to Using Junkbuster</title>
<para>
<para>
<screen>
- # /usr/sbin/junkbuster /etc/junkbuster/config &
+ # /usr/sbin/junkbuster /etc/junkbuster/config
</screen>
</para>
+<para>
+ An init script is provided for SuSE and Redhat.
+</para>
+
+<para>
+For for SuSE: /etc/rc.d/junkbuster start
+</para>
+
+<para>
+For RedHat: /etc/rc.d/init.d/junkbuster start
+</para>
+
+
<para>
If no configuration file is specified on the command line,
<application>Junkbuster</application> will look for a file named
<filename>config</filename> in the current directory. Except on Amiga where
it will look for <filename>AmiTCP:db/junkbuster/config</filename> and Win32
- where it will try <filename>junkbstr.txt</filename>. If no file is specified
+ where it will try <filename>config.txt</filename>. If no file is specified
on the command line and no default configuration file can be found,
<application>Junkbuster</application> will fail to start.
</para>
<para>
- Be sure your browser is set to use
- the proxy which is by default at localhost, port 8000. With
- <application>Netscape</application> (and <application>Mozilla</application>),
- this can be set under <literal>Edit -> Preferences -> Advanced ->
- Proxies -> HTTP Proxy</literal>. For <application>Internet
- Explorer</application>: <literal>Tools > Internet Properties ->
- Connections -> LAN Setting</literal>. Then, check <quote>Use Proxy</quote>
- and fill in the appropriate info (Address: localhost, Port: 8000).
- Include if HTTPS proxy support too.
+ Be sure your browser is set to use the proxy which is by default at
+ localhost, port 8000. With <application>Netscape</application> (and
+ <application>Mozilla</application>), this can be set under <literal>Edit
+ -> Preferences -> Advanced -> Proxies -> HTTP Proxy</literal>.
+ For <application>Internet Explorer</application>: <literal>Tools >
+ Internet Properties -> Connections -> LAN Setting</literal>. Then,
+ check <quote>Use Proxy</quote> and fill in the appropriate info (Address:
+ localhost, Port: 8000). Include if HTTPS proxy support too.
</para>
<para>
The included default configuration files should give a reasonable starting
point, though may be somewhat aggressive in blocking junk. You will probably
- want to keep an eye out for sites that require cookies, and add these to
- <filename>actionsfile</filename> as needed. By default, most of these will
- be blocked until you add them to the configuration. If you want the browser
- to handle this instead, you will need to edit
- <filename>actionsfile</filename> and disable this feature. If you use more
- than one browser, it would make more sense to let
+ want to keep an eye out for sites that require persistant cookies, and add these to
+ <filename>ijb.action</filename> as needed. By default, most of these will
+ be accepted only during the current browser session, until you add them to
+ the configuration. If you want the browser to handle this instead, you will
+ need to edit <filename>ijb.action</filename> and disable this feature. If you
+ use more than one browser, it would make more sense to let
<application>Junkbuster</application> handle this. In which case, the
browser(s) should be set to accept all cookies.
</para>
<para>
If a particular site shows problems loading properly, try adding it
to the <literal>{fragile}</literal> section of
- <filename>actionsfile</filename>. This will turn off most actions for
+ <filename>ijb.action</filename>. This will turn off most actions for
this site.
</para>
of I.E.) experience problems, you might try to force HTTP/1.0 compatiblity.
For Mozilla, look under <literal>Edit -> Preferences -> Debug ->
Networking</literal>. Or set the <quote>+downgrade</quote> config option in
- <filename>actionsfile</filename>.
+ <filename>ijb.action</filename>.
</para>
<para>
After running <application>Junkbuster</application> for a while, you can
start to fine tune the configuration to suit your personal, or site,
preferences and requirements. There are many, many aspects that can
- be customized.
+ be customized. <quote>Actions</quote> (as specified in <filename>ijb.action</filename>)
+ can be adjusted by pointing your browser to
+ <ulink url="http://i.j.b/">http://i.j.b/</ulink>,
+ and then follow the link to <quote>edit the actions list</quote>.
+ (This is an internal page and does not require Internet access.)
+</para>
+
+<para>
+ In fact, various aspects of <application>Junkbuster</application>
+ configuration can be viewed from this page, including
+ current configuration parameters, source code version numbers,
+ the browser's request headers, and <quote>actions</quote> that apply
+ to a given URL. In addition to the <filename>ijb.action</filename> file
+ editor mentioned above, <application>Junkbuster</application> can also
+ be turned <quote>on</quote> and <quote>off</quote> from this page.
</para>
<para>
</simplelist>
<simplelist>
<member>
- <ulink url="http://ijbswa.sourceforge.net/config/">http://ijbswa.sourceforge.net/config/</ulink>
+ <ulink url="http://i.j.b/">http://i.j.b/</ulink>
</member>
</simplelist>
<simplelist>
<simplelist>
<member>
- <emphasis>()</emphasis> - Pararentheses are used to group a sub-expression,
+ <emphasis>()</emphasis> - pararentheses are used to group a sub-expression,
or multiple sub-expressions.
</member>
</simplelist>
Temple Place - Suite 330, Boston, MA 02111-1307, USA.
$Log: user-manual.sgml,v $
+ Revision 1.27 2002/01/11 14:14:32 hal9
+ Added a very short section on Templates
+
+ Revision 1.26 2002/01/09 20:02:50 hal9
+ Fix bug re: auto-detect config file changes.
+
+ Revision 1.25 2002/01/09 18:20:30 hal9
+ Touch ups for *.action files.
+
+ Revision 1.24 2001/12/02 01:13:42 hal9
+ Fix typo.
+
+ Revision 1.23 2001/12/02 00:20:41 hal9
+ Updates for recent changes.
+
+ Revision 1.22 2001/11/05 23:57:51 hal9
+ Minor update for startup now daemon mode.
+
+ Revision 1.21 2001/10/31 21:11:03 hal9
+ Correct 2 minor errors
+
+ Revision 1.18 2001/10/24 18:45:26 hal9
+ *** empty log message ***
+
+ Revision 1.17 2001/10/24 17:10:55 hal9
+ Catching up with Jon's recent work, and a few other things.
+
+ Revision 1.16 2001/10/21 17:19:21 swa
+ wrong url in documentation
+
Revision 1.15 2001/10/14 23:46:24 hal9
Various minor changes. Fleshed out SEE ALSO section.
projects / privoxy.git / blobdiff