<!entity license SYSTEM "license.sgml">
<!entity p-authors SYSTEM "p-authors.sgml">
<!entity config SYSTEM "p-config.sgml">
-<!entity p-version "3.0.8">
-<!entity p-status "stable">
+<!entity p-version "3.0.11">
+<!entity p-status "UNRELEASED">
<!entity % p-authors-formal "INCLUDE"> <!-- include additional text, etc -->
-<!entity % p-not-stable "IGNORE">
-<!entity % p-stable "INCLUDE">
+<!entity % p-not-stable "INCLUDE">
+<!entity % p-stable "IGNORE">
<!entity % p-text "IGNORE"> <!-- define we are not a text only doc -->
<!entity % p-doc "INCLUDE"> <!-- and we are a formal doc -->
<!entity % p-readme "IGNORE">
This file belongs into
ijbswa.sourceforge.net:/home/groups/i/ij/ijbswa/htdocs/
- $Id: user-manual.sgml,v 2.54 2008/01/19 17:52:39 hal9 Exp $
+ $Id: user-manual.sgml,v 2.90 2008/09/26 16:53:09 fabiankeil Exp $
- Copyright (C) 2001-2008 Privoxy Developers http://www.privoxy.org/
+ Copyright (C) 2001-2009 Privoxy Developers http://www.privoxy.org/
See LICENSE.
========================================================================
</subscript>
</pubdate>
-<pubdate>$Id: user-manual.sgml,v 2.54 2008/01/19 17:52:39 hal9 Exp $</pubdate>
+<pubdate>$Id: user-manual.sgml,v 2.90 2008/09/26 16:53:09 fabiankeil Exp $</pubdate>
<!--
</sect3>
<!-- ~~~~~ New section ~~~~~ -->
-<sect3 id="installation-mac"><title>Mac OSX</title>
-<para>
- Unzip the downloaded file (you can either double-click on the file
- from the finder, or from the desktop if you downloaded it there).
- Then, double-click on the package installer icon named
- <literal>Privoxy.pkg</literal>
- and follow the installation process.
- <application>Privoxy</application> will be installed in the folder
- <literal>/Library/Privoxy</literal>.
- It will start automatically whenever you start up. To prevent it from
- starting automatically, remove or rename the folder
- <literal>/Library/StartupItems/Privoxy</literal>.
-</para>
+<sect3 id="installation-mac"><title>Mac OS X</title>
<para>
- To start Privoxy by hand, double-click on
- <literal>StartPrivoxy.command</literal> in the
- <literal>/Library/Privoxy</literal> folder.
- Or, type this command in the Terminal:
+ Unzip the downloaded file (you can either double-click on the zip file
+ icon from the Finder, or from the desktop if you downloaded it there).
+ Then, double-click on the package installer icon and follow the
+ installation process.
</para>
<para>
- <screen>
- /Library/Privoxy/StartPrivoxy.command
- </screen>
+ The privoxy service will automatically start after a successful
+ installation (in addition to every time your computer starts up). To
+ prevent the privoxy service from automatically starting when your
+ computer starts up, remove or rename the folder named
+ <literal>/Library/StartupItems/Privoxy</literal>.
</para>
<para>
- You will be prompted for the administrator password.
+ To manually start or stop the privoxy service, use the Privoxy Utility
+ for Mac OS X. This application controls the privoxy service (e.g.
+ starting and stopping the service as well as uninstalling the software).
</para>
</sect3>
</para>
<para>
Before installing <application>Privoxy</application> under Gentoo just do
- first <literal>emerge rsync</literal> to get the latest changes from the
+ first <literal>emerge --sync</literal> to get the latest changes from the
Portage tree. With <literal>emerge privoxy</literal> you install the latest
version.
</para>
<sect1 id="whatsnew">
<title>What's New in this Release</title>
<para>
- There are many improvements and new features since <application>Privoxy 3.0.6</application>, the last stable release:
+ There are only a few improvements and new features since
+ <application>Privoxy 3.0.10</application>, the last stable release:
</para>
<para>
<itemizedlist>
<listitem>
<para>
- Two new actions <link
- linkend="server-header-tagger">server-header-tagger</link>
- and <link
- linkend="client-header-tagger">client-header-tagger</link>
- that can be used to create arbitrary <quote>tags</quote>
- based on client and server headers.
- These <quote>tags</quote> can then subsequently be used
- to control the other actions used for the current request,
- greatly increasing &my-app;'s flexibility and selectivity. See <link
- linkend="tag-pattern">tag patterns</link> for more information on tags.
- </para>
- </listitem>
-
- <listitem>
- <para>
- Header filtering is done with dedicated header filters now. As a result
- the actions <quote>filter-client-headers</quote> and <quote>filter-server-headers</quote>
- that were introduced with <application>Privoxy 3.0.5</application> to apply
- content filters to the headers have been removed.
- See the new actions <link
- linkend="server-header-filter">server-header-filter</link>
- and <link
- linkend="client-header-filter">client-header-filter</link> for details.
- </para>
- </listitem>
- <listitem>
- <para>
- There are four new options for the main <filename>config</filename> file:
- </para>
-
- <itemizedlist>
- <listitem>
- <para>
- <link
- linkend="allow-cgi-request-crunching">allow-cgi-request-crunching</link>
- which allows requests for Privoxy's internal CGI pages to be
- blocked, redirected or (un)trusted like ordinary requests.
- </para>
- </listitem>
- <listitem>
- <para>
- <link
- linkend="split-large-forms">split-large-forms</link>
- that will work around a browser bug that caused IE6 and IE7 to
- ignore the Submit button on the Privoxy's edit-actions-for-url CGI
- page.
- </para>
- </listitem>
- <listitem>
- <para>
- <link
- linkend="accept-intercepted-requests">accept-intercepted-requests</link>
- which allows to combine Privoxy with any packet filter to create an
- intercepting proxy for HTTP/1.1 requests (and for HTTP/1.0 requests
- with Host header set). This means clients can be forced to use
- &my-app; even if their proxy settings are configured differently.
- </para>
- </listitem>
- <listitem>
- <para>
- <link
- linkend="templdir">templdir</link>
- to designate an alternate location for &my-app;'s
- locally customized CGI templates so that
- these are not overwritten during upgrades.
- </para>
- </listitem>
- </itemizedlist>
- </listitem>
-
- <listitem>
- <para>
- A new command line option <literal>--pre-chroot-nslookup hostname</literal> to
- initialize the resolver library before chroot'ing. On some systems this
- reduces the number of files that must be copied into the chroot tree.
- (Patch provided by Stephen Gildea)
- </para>
- </listitem>
-
- <listitem>
- <para>
- The <link
- linkend="forward-override">forward-override</link> action
- allows changing of the forwarding settings through the actions files.
- Combined with tags, this allows to choose the forwarder based on
- client headers like the <literal>User-Agent</literal>, or the request origin.
- </para>
- </listitem>
-
- <listitem>
- <para>
- The <link
- linkend="redirect">redirect</link> action can now use regular
- expression substitutions against the original URL.
- </para>
- </listitem>
-
- <listitem>
- <para>
- <application>zlib</application> support is now available as a compile
- time option to filter compressed content. Patch provided by Wil Mahan.
- </para>
- </listitem>
- <listitem>
- <para>
- Improve various filters, and add new ones.
- </para>
- </listitem>
-
-
- <listitem>
- <para>
- Include support for RFC 3253 so that <filename>Subversion</filename> works
- with &my-app;. Patch provided by Petr Kadlec.
+ The mingw32 version uses mutex locks now which prevents
+ log message corruption under load. As a side effect,
+ the "no thread-safe PRNG" warning could be removed as well.
</para>
</listitem>
-
- <listitem>
- <para>
- Logging can be completely turned off by not specifying a logfile directive.
- </para>
- </listitem>
-
-
<listitem>
<para>
- A number of improvements to Privoxy's internal CGI pages, including the
- use of favicons for error and control pages.
+ Support for remote toggling is controlled by the configure
+ option --disable-toggle only. In previous versions it also
+ depended on the action editor and thus configuring with the
+ --disable-editor option would disable remote toggling support
+ as well.
</para>
</listitem>
-
<listitem>
<para>
- Many bugfixes, memory leaks addressed, code improvements, and logging
- improvements.
+ The hide-forwarded-for-headers action has been replaced with
+ the change-x-forwarded-for{} action which can also be used to
+ add X-Forwarded-For headers. The latter functionality already
+ existed in Privoxy versions prior to 3.0.7 but has been removed
+ as it was often used unintentionally (by not using the
+ hide-forwarded-for-headers action).
</para>
</listitem>
-
</itemizedlist>
</para>
+
<para>
For a more detailed list of changes please have a look at the ChangeLog.
</para>
</listitem>
<listitem>
<para>
- <filename>standard.action</filename> now only includes the enabled actions.
- Not all actions as before.
+ <filename>standard.action</filename> has been merged into
+ the <filename>default.action</filename> file.
</para>
</listitem>
<listitem>
</sect2>
<sect2 id="start-macosx">
-<title>Mac OSX</title>
+<title>Mac OS X</title>
<para>
- During installation, <application>Privoxy</application> is configured to
- start automatically when the system restarts. To start &my-app; manually,
- double-click on the <literal>StartPrivoxy.command</literal> icon in the
- <literal>/Library/Privoxy</literal> folder. Or, type this command
- in the Terminal:
+ After downloading the privoxy software, unzip the downloaded file by
+ double-clicking on the zip file icon. Then, double-click on the
+ installer package icon and follow the installation process.
+</para>
+<para>
+ The privoxy service will automatically start after a successful
+ installation. In addition, the privoxy service will automatically
+ start every time your computer starts up.
+</para>
+<para>
+ To prevent the privoxy service from automatically starting when your
+ computer starts up, remove or rename the folder named
+ /Library/StartupItems/Privoxy.
+</para>
+<para>
+ A simple application named Privoxy Utility has been created which
+ enables administrators to easily start and stop the privoxy service.
</para>
<para>
- <screen>
- /Library/Privoxy/StartPrivoxy.command
- </screen>
+ In addition, the Privoxy Utility presents a simple way for
+ administrators to edit the various privoxy config files. A method
+ to uninstall the software is also available.
</para>
<para>
- You will be prompted for the administrator password.
+ An administrator username and password must be supplied in order for
+ the Privoxy Utility to perform any of the tasks.
</para>
</sect2>
<para>
Another feature where you will probably want to define exceptions for trusted
- sites is the popup-killing (through the <ulink
- url="actions-file.html#KILL-POPUPS"><quote>+kill-popups</quote></ulink> and
- <ulink
- url="actions-file.html#FILTER-POPUPS"><quote>+filter{popups}</quote></ulink>
- actions), because your favorite shopping, banking, or leisure site may need
+ sites is the popup-killing (through <ulink
+ url="actions-file.html#FILTER-POPUPS"><quote>+filter{popups}</quote></ulink>),
+ because your favorite shopping, banking, or leisure site may need
popups (explained below).
</para>
▪ <ulink url="http://config.privoxy.org/toggle">Toggle Privoxy on or off</ulink>
</member>
<member>
- ▪ <ulink url="http://www.privoxy.org/
- &p-version;/user-manual/">Documentation</ulink>
+ ▪ <ulink
+ url="http://www.privoxy.org/&p-version;/user-manual/">Documentation</ulink>
</member>
</simplelist>
</msgtext>
<filename>default.action</filename> (which you will most probably want
to define sooner or later) are probably best applied in
<filename>user.action</filename>, where you can preserve them across
- upgrades. <filename>standard.action</filename> is only for
- <application>Privoxy's</application> internal use.
+ upgrades.
</para>
<para>
There is also a web based editor that can be accessed from
a set of broad rules that should work reasonably well as-is for most users.
This is the file that the developers are keeping updated, and <link
linkend="installation-keepupdated">making available to users</link>.
- The user's preferences as set in <filename>standard.action</filename>,
- e.g. either <literal>Cautious</literal> (the default),
+ It also contains the pre-defined sets of rules for the default actions,
+ e.g. <literal>Cautious</literal> (the default),
<literal>Medium</literal>, or <literal>Advanced</literal> (see
below).
</para>
has specific requirements, and need special handling, this kind of
thing should go here. This file will not be upgraded.
</para>
- </listitem>
+ </listitem>
<listitem>
- <para>
- <filename>standard.action</filename> - is used only by the web based editor
- at <ulink url="http://config.privoxy.org/edit-actions-list?f=default">
- http://config.privoxy.org/edit-actions-list?f=default</ulink>,
- to set various pre-defined sets of rules for the default actions section
- in <filename>default.action</filename>.
- </para>
<para>
<guibutton>Edit</guibutton> <guibutton>Set to Cautious</guibutton> <guibutton>Set to Medium</guibutton> <guibutton>Set to Advanced</guibutton>
</para>
<guibutton>Edit</guibutton> button. More fine-tuning can be done in the
lower sections of this internal page.
</para>
- <para>
- It is not recommend to edit the <filename>standard.action</filename> file
- itself.
- </para>
<para>
The default profiles, and their associated actions, as pre-defined in
- <filename>standard.action</filename> are<!-- different than this table which is out of date -->:
+ <filename>default.action</filename> are:
</para>
<para>
<table frame=all><title>Default Configurations</title>
<row>
<entry>Image tag reordering</entry>
<entry>no</entry>
- <entry>no</entry>
+ <entry>yes</entry>
<entry>yes</entry>
</row>
<para>
<screen>
- { +<literal>handle-as-image</literal> +<literal>block</literal> }
+ { +<literal>handle-as-image</literal> +<literal>block{Banner ads.}</literal> }
# Block these as if they were images. Send no block page.
banners.example.com
media.example.com/.*banners
<para>
The pattern matching syntax is different for the domain and path parts of
the URL. The domain part uses a simple globbing type matching technique,
- while the path part uses a more flexible
+ while the path part uses more flexible
<ulink url="http://en.wikipedia.org/wiki/Regular_expressions"><quote>Regular
- Expressions (PCRE)</quote></ulink> based syntax.
+ Expressions</quote></ulink> (POSIX 1003.2).
</para>
<variablelist>
</listitem>
</varlistentry>
<varlistentry>
- <term><literal>www.example.com/index.html$</literal></term>
+ <term><literal>www.example.com/index.html</literal></term>
<listitem>
<para>
matches all the documents on <literal>www.example.com</literal>
<sect3><title>The Path Pattern</title>
<para>
- <application>Privoxy</application> uses Perl compatible (PCRE)
+ <application>Privoxy</application> uses <quote>modern</quote> POSIX 1003.2
<ulink url="http://en.wikipedia.org/wiki/Regular_expressions"><quote>Regular
- Expression</quote></ulink> based syntax
- (through the <ulink url="http://www.pcre.org/">PCRE</ulink> library) for
- matching the path portion (after the slash), and is thus more flexible.
+ Expressions</quote></ulink> for matching the path portion (after the slash),
+ and is thus more flexible.
</para>
<para>
There is an <link linkend="regex">Appendix</link> with a brief quick-start into regular
- expressions, and full (very technical) documentation on PCRE regex syntax is available on-line
- at <ulink url="http://www.pcre.org/man.txt">http://www.pcre.org/man.txt</ulink>.
- You might also find the Perl man page on regular expressions (<literal>man perlre</literal>)
- useful, which is available on-line at <ulink
- url="http://perldoc.perl.org/perlre.html">http://perldoc.perl.org/perlre.html</ulink>.
+ expressions, you also might want to have a look at your operating system's documentation
+ on regular expressions (try <literal>man re_format</literal>).
</para>
<para>
-<replaceable class="function">name</replaceable> # disable action <replaceable class="parameter">name</replaceable></screen>
</para>
<para>
- Example: <literal>+block</literal>
+ Example: <literal>+handle-as-image</literal>
</para>
</listitem>
<term>Type:</term>
<!-- boolean, parameterized, Multi-value -->
<listitem>
- <para>Boolean.</para>
+ <para>Parameterized.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Parameter:</term>
<listitem>
- <para>N/A</para>
+ <para>A block reason that should be given to the user.</para>
</listitem>
</varlistentry>
<listitem>
<para>
<application>Privoxy</application> sends a special <quote>BLOCKED</quote> page
- for requests to blocked pages. This page contains links to find out why the request
- was blocked, and a click-through to the blocked content (the latter only if compiled with the
- force feature enabled). The <quote>BLOCKED</quote> page adapts to the available
- screen space -- it displays full-blown if space allows, or miniaturized and text-only
- if loaded into a small frame or window. If you are using <application>Privoxy</application>
- right now, you can take a look at the
- <ulink url="http://ads.bannerserver.example.com/nasty-ads/sponsor.html"><quote>BLOCKED</quote>
- page</ulink>.
+ for requests to blocked pages. This page contains the block reason given as
+ parameter, a link to find out why the block action applies, and a click-through
+ to the blocked content (the latter only if the force feature is available and
+ enabled).
</para>
<para>
A very important exception occurs if <emphasis>both</emphasis>
<term>Example usage (section):</term>
<listitem>
<para>
- <screen>{+block}
+ <screen>{+block{No nasty stuff for you.}}
# Block and replace with "blocked" page
.nasty-stuff.example.com
-{+block +handle-as-image}
+{+block{Doubleclick banners.} +handle-as-image}
# Block and replace with image
.ad.doubleclick.net
.ads.r.us/banners/
-{+block +handle-as-empty-document}
+{+block{Layered ads.} +handle-as-empty-document}
# Block and then ignore
- adserver.exampleclick.net/.*\.js$</screen>
+ adserver.example.net/.*\.js$</screen>
</para>
</listitem>
</varlistentry>
</sect3>
+<!-- ~~~~~ New section ~~~~~ -->
+<sect3 renderas="sect4" id="change-x-forwarded-for">
+<title>change-x-forwarded-for</title>
+
+<variablelist>
+ <varlistentry>
+ <term>Typical use:</term>
+ <listitem>
+ <para>Improve privacy by not forwarding the source of the request in the HTTP headers.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Effect:</term>
+ <listitem>
+ <para>
+ Deletes the <quote>X-Forwarded-For:</quote> HTTP header from the client request,
+ or adds a new one.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Type:</term>
+ <!-- Boolean, Parameterized, Multi-value -->
+ <listitem>
+ <para>Parameterized.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Parameter:</term>
+ <listitem>
+ <itemizedlist>
+ <listitem>
+ <para><quote>block</quote> to delete the header.</para>
+ </listitem>
+ <listitem>
+ <para>
+ <quote>add</quote> to create the header (or append
+ the client's IP address to an already existing one).
+ </para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ It is safe and recommended to use <literal>block</literal>.
+ </para>
+ <para>
+ Forwarding the source address of the request may make
+ sense in some multi-user setups but is also a privacy risk.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Example usage:</term>
+ <listitem>
+ <para>
+ <screen>+change-x-forwarded-for{block}</screen>
+ </para>
+ </listitem>
+ </varlistentry>
+</variablelist>
+</sect3>
+
<!-- ~~~~~ New section ~~~~~ -->
<sect3 renderas="sect4" id="client-header-filter">
<title>client-header-filter</title>
<listitem>
<para>
<screen>
+# Hide Tor exit notation in Host and Referer Headers
{+client-header-filter{hide-tor-exit-notation}}
-.exit/
+/
</screen>
</para>
</listitem>
# Tag every request with the User-Agent header
{+client-header-tagger{user-agent}}
/
+
+# Tagging itself doesn't change the action
+# settings, sections with TAG patterns do:
+#
+# If it's a download agent, use a different forwarding proxy,
+# show the real User-Agent and make sure resume works.
+{+forward-override{forward-socks5 10.0.0.2:2222 .} \
+ -hide-if-modified-since \
+ -overwrite-last-modified \
+ -hide-user-agent \
+ -filter \
+ -deanimate-gifs \
+}
+TAG:^User-Agent: NetBSD-ftp/
+TAG:^User-Agent: Novell ZYPP Installer
+TAG:^User-Agent: RPM APT-HTTP/
+TAG:^User-Agent: fetch libfetch/
+TAG:^User-Agent: Ubuntu APT-HTTP/
+TAG:^User-Agent: MPlayer/
</screen>
</para>
</listitem>
<listitem>
<para>
<anchor id="filter-js-annoyances">
- <screen>+filter{js-annoyances} # Get rid of particularly annoying JavaScript abuse</screen>
+ <screen>+filter{js-annoyances} # Get rid of particularly annoying JavaScript abuse.</screen>
</para>
<para>
<anchor id="filter-js-events">
- <screen>+filter{js-events} # Kill all JS event bindings (Radically destructive! Only for extra nasty sites)</screen>
+ <screen>+filter{js-events} # Kill all JS event bindings and timers (Radically destructive! Only for extra nasty sites).</screen>
</para>
<para>
<anchor id="filter-html-annoyances">
- <screen>+filter{html-annoyances} # Get rid of particularly annoying HTML abuse</screen>
+ <screen>+filter{html-annoyances} # Get rid of particularly annoying HTML abuse.</screen>
</para>
<para>
<anchor id="filter-content-cookies">
- <screen>+filter{content-cookies} # Kill cookies that come in the HTML or JS content</screen>
+ <screen>+filter{content-cookies} # Kill cookies that come in the HTML or JS content.</screen>
</para>
<para>
<anchor id="filter-refresh-tags">
- <screen>+filter{refresh-tags} # Kill automatic refresh tags (for dial-on-demand setups)</screen>
+ <screen>+filter{refresh-tags} # Kill automatic refresh tags (for dial-on-demand setups).</screen>
</para>
<para>
<anchor id="filter-unsolicited-popups">
</para>
<para>
<anchor id="filter-img-reorder">
- <screen>+filter{img-reorder} # Reorder attributes in <img> tags to make the banners-by-* filters more effective</screen>
+ <screen>+filter{img-reorder} # Reorder attributes in <img> tags to make the banners-by-* filters more effective.</screen>
</para>
<para>
<anchor id="filter-banners-by-size">
- <screen>+filter{banners-by-size} # Kill banners by size</screen>
+ <screen>+filter{banners-by-size} # Kill banners by size.</screen>
</para>
<para>
<anchor id="filter-banners-by-link">
- <screen>+filter{banners-by-link} # Kill banners by their links to known clicktrackers</screen>
+ <screen>+filter{banners-by-link} # Kill banners by their links to known clicktrackers.</screen>
</para>
<para>
<anchor id="filter-webbugs">
- <screen>+filter{webbugs} # Squish WebBugs (1x1 invisible GIFs used for user tracking)</screen>
+ <screen>+filter{webbugs} # Squish WebBugs (1x1 invisible GIFs used for user tracking).</screen>
</para>
<para>
<anchor id="filter-tiny-textforms">
- <screen>+filter{tiny-textforms} # Extend those tiny textareas up to 40x80 and kill the hard wrap</screen>
+ <screen>+filter{tiny-textforms} # Extend those tiny textareas up to 40x80 and kill the hard wrap.</screen>
</para>
<para>
<anchor id="filter-jumping-windows">
- <screen>+filter{jumping-windows} # Prevent windows from resizing and moving themselves</screen>
+ <screen>+filter{jumping-windows} # Prevent windows from resizing and moving themselves.</screen>
</para>
<para>
<anchor id="filter-frameset-borders">
- <screen>+filter{frameset-borders} # Give frames a border and make them resizeable</screen>
+ <screen>+filter{frameset-borders} # Give frames a border and make them resizable.</screen>
</para>
<para>
<anchor id="filter-demoronizer">
- <screen>+filter{demoronizer} # Fix MS's non-standard use of standard charsets</screen>
+ <screen>+filter{demoronizer} # Fix MS's non-standard use of standard charsets.</screen>
</para>
<para>
<anchor id="filter-shockwave-flash">
- <screen>+filter{shockwave-flash} # Kill embedded Shockwave Flash objects</screen>
+ <screen>+filter{shockwave-flash} # Kill embedded Shockwave Flash objects.</screen>
</para>
<para>
<anchor id="filter-quicktime-kioskmode">
- <screen>+filter{quicktime-kioskmode} # Make Quicktime movies savable</screen>
+ <screen>+filter{quicktime-kioskmode} # Make Quicktime movies saveable.</screen>
</para>
<para>
<anchor id="filter-fun">
</para>
<para>
<anchor id="filter-crude-parental">
- <screen>+filter{crude-parental} # Crude parental filtering (demo only)</screen>
+ <screen>+filter{crude-parental} # Crude parental filtering. Note that this filter doesn't work reliably.</screen>
</para>
<para>
<anchor id="filter-ie-exploits">
- <screen>+filter{ie-exploits} # Disable a known Internet Explorer bug exploits</screen>
+ <screen>+filter{ie-exploits} # Disable some known Internet Explorer bug exploits.</screen>
</para>
<para>
<anchor id="filter-site-specifics">
- <screen>+filter{site-specifics} # Custom filters for specific site related problems</screen>
+ <screen>+filter{site-specifics} # Cure for site-specific problems. Don't apply generally!</screen>
+ </para>
+ <para>
+ <anchor id="filter-no-ping">
+ <screen>+filter{no-ping} # Removes non-standard ping attributes in <a> and <area> tags.</screen>
</para>
<para>
<anchor id="filter-google">
- <screen>+filter{google} # Removes text ads and other Google specific improvements</screen>
+ <screen>+filter{google} # CSS-based block for Google text ads. Also removes a width limitation and the toolbar advertisement.</screen>
</para>
<para>
<anchor id="filter-yahoo">
- <screen>+filter{yahoo} # Removes text ads and other Yahoo specific improvements</screen>
+ <screen>+filter{yahoo} # CSS-based block for Yahoo text ads. Also removes a width limitation.</screen>
</para>
<para>
<anchor id="filter-msn">
- <screen>+filter{msn} # Removes text ads and other MSN specific improvements</screen>
+ <screen>+filter{msn} # CSS-based block for MSN text ads. Also removes tracking URLs and a width limitation.</screen>
</para>
<para>
<anchor id="filter-blogspot">
- <screen>+filter{blogspot} # Cleans up Blogspot blogs</screen>
- </para>
- <para>
- <anchor id="filter-no-ping">
- <screen>+filter{no-ping} # Removes non-standard ping attributes from anchor and area tags</screen>
+ <screen>+filter{blogspot} # Cleans up some Blogspot blogs. Read the fine print before using this.</screen>
</para>
</listitem>
</varlistentry>
<para>
<quote>forward-socks4a 127.0.0.1:9050 .</quote> to use the socks4a proxy listening at
127.0.0.1 port 9050. Replace <quote>forward-socks4a</quote> with <quote>forward-socks4</quote>
- to use a socks4 connection (with local DNS resolution) instead.
+ to use a socks4 connection (with local DNS resolution) instead, use <quote>forward-socks5</quote>
+ for socks5 connections (with remote DNS resolution).
</para>
</listitem>
<listitem>
<quote>forward-socks4a 127.0.0.1:9050 proxy.example.org:8000</quote> to use the socks4a proxy
listening at 127.0.0.1 port 9050 to reach the HTTP proxy listening at proxy.example.org port 8000.
Replace <quote>forward-socks4a</quote> with <quote>forward-socks4</quote> to use a socks4 connection
- (with local DNS resolution) instead.
+ (with local DNS resolution) instead, use <quote>forward-socks5</quote>
+ for socks5 connections (with remote DNS resolution).
</para>
</listitem>
</itemizedlist>
<term>Notes:</term>
<listitem>
<para>
- This action takes parameters similar to the <!-- I hope this link actual works -->
+ This action takes parameters similar to the
<link linkend="forwarding">forward</link> directives in the configuration
file, but without the URL pattern. It can be used as replacement, but normally it's only
used in cases where matching based on the request URL isn't sufficient.
<para>
<screen># Block all documents on example.org that end with ".js",
# but send an empty document instead of the usual HTML message.
-{+block +handle-as-empty-document}
+{+block{Blocked JavaScript} +handle-as-empty-document}
example.org/.*\.js$
</screen>
</para>
# These don't look like images, but they're banners and should be
# blocked as images:
#
-{+block +handle-as-image}
-some.nasty-banner-server.com/junk.cgi\?output=trash
-
-# Banner source! Who cares if they also have non-image content?
-ad.doubleclick.net
+{+block{Nasty banners.} +handle-as-image}
+nasty-banner-server.example.com/junk.cgi\?output=trash
</screen>
</para>
</listitem>
</sect3>
-<!-- ~~~~~ New section ~~~~~ -->
-<sect3 renderas="sect4" id="hide-forwarded-for-headers">
-<title>hide-forwarded-for-headers</title>
-<variablelist>
- <varlistentry>
- <term>Typical use:</term>
- <listitem>
- <para>Improve privacy by not forwarding the source of the request in the HTTP headers.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Effect:</term>
- <listitem>
- <para>
- Deletes any existing <quote>X-Forwarded-for:</quote> HTTP header from client requests.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Type:</term>
- <!-- Boolean, Parameterized, Multi-value -->
- <listitem>
- <para>Boolean.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Parameter:</term>
- <listitem>
- <para>
- N/A
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Notes:</term>
- <listitem>
- <para>
- It is safe and recommended to leave this on.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Example usage:</term>
- <listitem>
- <para>
- <screen>+hide-forwarded-for-headers</screen>
- </para>
- </listitem>
- </varlistentry>
-</variablelist>
-</sect3>
-
-
<!-- ~~~~~ New section ~~~~~ -->
<sect3 renderas="sect4" id="hide-from-header">
<title>hide-from-header</title>
</sect3>
-<!-- ~~~~~ New section ~~~~~ -->
-<sect3 renderas="sect4" id="inspect-jpegs">
-<title>inspect-jpegs</title>
-<variablelist>
- <varlistentry>
- <term>Typical use:</term>
- <listitem>
- <para>Try to protect against a MS buffer over-run in JPEG processing</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Effect:</term>
- <listitem>
- <para>
- Protect against a known exploit
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Type:</term>
- <!-- Boolean, Parameterized, Multi-value -->
- <listitem>
- <para>Boolean.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Parameter:</term>
- <listitem>
- <para>
- N/A
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Notes:</term>
- <listitem>
- <para>
- See Microsoft Security Bulletin MS04-028. JPEG images are one of the most
- common image types found across the Internet. The exploit as described can
- allow execution of code on the target system, giving an attacker access
- to the system in question by merely planting an altered JPEG image, which
- would have no obvious indications of what lurks inside. This action
- tries to prevent this exploit if delivered through unencrypted HTTP.
- </para>
- <para>
- Note that the exploit mentioned is several years old
- and it's unlikely that your client is still vulnerable
- against it. This action may be removed in one of the
- next releases.
- </para>
-
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Example usage:</term>
- <listitem>
- <para><screen>+inspect-jpegs</screen></para>
- </listitem>
- </varlistentry>
-</variablelist>
-</sect3>
-
-
-<!-- ~~~~~ New section ~~~~~ -->
-<sect3 renderas="sect4" id="kill-popups">
-<title>kill-popups<anchor id="kill-popup"></title>
-
-<variablelist>
- <varlistentry>
- <term>Typical use:</term>
- <listitem>
- <para>Eliminate those annoying pop-up windows (deprecated)</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Effect:</term>
- <listitem>
- <para>
- While loading the document, replace JavaScript code that opens
- pop-up windows with (syntactically neutral) dummy code on the fly.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Type:</term>
- <!-- Boolean, Parameterized, Multi-value -->
- <listitem>
- <para>Boolean.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Parameter:</term>
- <listitem>
- <para>
- N/A
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Notes:</term>
- <listitem>
- <para>
- This action is basically a built-in, hardwired special-purpose filter
- action, but there are important differences: For <literal>kill-popups</literal>,
- the document need not be buffered, so it can be incrementally rendered while
- downloading. But <literal>kill-popups</literal> doesn't catch as many pop-ups as
- <literal><link
- linkend="FILTER-ALL-POPUPS">filter{<replaceable>all-popups</replaceable>}</link></literal>
- does and is not as smart as <literal><link
- linkend="FILTER-UNSOLICITED-POPUPS">filter{<replaceable>unsolicited-popups</replaceable>}</link>
- </literal>is.
- </para>
- <para>
- Think of it as a fast and efficient replacement for a filter that you
- can use if you don't want any filtering at all. Note that it doesn't make
- sense to combine it with any <literal><link linkend="filter">filter</link></literal> action,
- since as soon as one <literal><link linkend="filter">filter</link></literal> applies,
- the whole document needs to be buffered anyway, which destroys the advantage of
- the <literal>kill-popups</literal> action over its filter equivalent.
- </para>
- <para>
- Killing all pop-ups unconditionally is problematic. Many shops and banks rely on
- pop-ups to display forms, shopping carts etc, and the <literal><link
- linkend="FILTER-UNSOLICITED-POPUPS">filter{<replaceable>unsolicited-popups</replaceable>}</link>
- </literal> does a better job of catching only the unwanted ones.
- </para>
- <para>
- If the only kind of pop-ups that you want to kill are exit consoles (those
- <emphasis>really nasty</emphasis> windows that appear when you close an other
- one), you might want to use
- <literal><link
- linkend="filter">filter</link>{<replaceable>js-annoyances</replaceable>}</literal>
- instead.
- </para>
- <para>
- This action is most appropriate for browsers that don't have any controls
- for unwanted pop-ups. Not recommended for general usage.
- </para>
- <para>
- This action doesn't work very reliable and may be removed in future releases.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Example usage:</term>
- <listitem>
- <para><screen>+kill-popups</screen></para>
- </listitem>
- </varlistentry>
-</variablelist>
-</sect3>
-
-
<!-- ~~~~~ New section ~~~~~ -->
<sect3 renderas="sect4" id="limit-connect">
<title>limit-connect</title>
<listitem>
<para>
By default, i.e. if no <literal>limit-connect</literal> action applies,
- <application>Privoxy</application> only allows HTTP CONNECT
- requests to port 443 (the standard, secure HTTPS port). Use
- <literal>limit-connect</literal> if more fine-grained control is desired
- for some or all destinations.
+ <application>Privoxy</application> allows HTTP CONNECT requests to all
+ ports. Use <literal>limit-connect</literal> if fine-grained control
+ is desired for some or all destinations.
</para>
<para>
The CONNECT methods exists in HTTP to allow access to secure websites
<application>Privoxy</application> relays HTTPS traffic without seeing
the decoded content. Websites can leverage this limitation to circumvent &my-app;'s
filters. By specifying an invalid port range you can disable HTTPS entirely.
- If you plan to disable SSL by default, consider enabling
- <literal><link linkend="treat-forbidden-connects-like-blocks ">treat-forbidden-connects-like-blocks</link></literal>
- as well, to be able to quickly create exceptions.
</para>
</listitem>
</varlistentry>
<!-- I probably have the wrong font setup, bollocks. -->
<!-- Apparently the emphasis tag uses a proportional font no matter what -->
<para>
- <screen>+limit-connect{443} # This is the default and need not be specified.
+ <screen>+limit-connect{443} # Port 443 is OK.
+limit-connect{80,443} # Ports 80 and 443 are OK.
+limit-connect{-3, 7, 20-100, 500-} # Ports less than 3, 7, 20 to 100 and above 500 are OK.
+limit-connect{-} # All ports are OK
<para>
More and more websites send their content compressed by default, which
is generally a good idea and saves bandwidth. But the <literal><link
- linkend="filter">filter</link></literal>, <literal><link linkend="deanimate-gifs">deanimate-gifs</link></literal>
- and <literal><link linkend="kill-popups">kill-popups</link></literal> actions need
- access to the uncompressed data.
+ linkend="filter">filter</link></literal> and
+ <literal><link linkend="deanimate-gifs">deanimate-gifs</link></literal>
+ actions need access to the uncompressed data.
</para>
<para>
When compiled with zlib support (available since &my-app; 3.0.7), content that should be
and be aware that using your own redirects might make it
possible to fingerprint your requests.
</para>
+ <para>
+ In case of problems with your redirects, or simply to watch
+ them working, enable <link linkend="DEBUG">debug 128</link>.
+ </para>
</listitem>
</varlistentry>
# (Note the $ at the end of the URL pattern to make sure
# the request for the rewritten URL isn't redirected as well)
{+redirect{s@$@&mode=expanded@}}
-undeadly.org/cgi\?action=article&sid=\d*$</screen>
- </para>
- </listitem>
- </varlistentry>
-
-</variablelist>
-</sect3>
-
-
-<!-- ~~~~~ New section ~~~~~ -->
-<sect3 renderas="sect4" id="send-vanilla-wafer">
-<title>send-vanilla-wafer</title>
-
-<variablelist>
- <varlistentry>
- <term>Typical use:</term>
- <listitem>
- <para>
- Feed log analysis scripts with useless data.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Effect:</term>
- <listitem>
- <para>
- Sends a cookie with each request stating that you do not accept any copyright
- on cookies sent to you, and asking the site operator not to track you.
- </para>
- </listitem>
- </varlistentry>
+undeadly.org/cgi\?action=article&sid=\d*$
- <varlistentry>
- <term>Type:</term>
- <!-- Boolean, Parameterized, Multi-value -->
- <listitem>
- <para>Boolean.</para>
- </listitem>
- </varlistentry>
+# Redirect Google search requests to MSN
+{+redirect{s@^http://[^/]*/search\?q=([^&]*).*@http://search.msn.com/results.aspx?q=$1@}}
+.google.com/search
- <varlistentry>
- <term>Parameter:</term>
- <listitem>
- <para>
- N/A
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Notes:</term>
- <listitem>
- <para>
- The vanilla wafer is a (relatively) unique header and could conceivably be used to track you.
- </para>
- <para>
- This action is rarely used and not enabled in the default configuration.
- </para>
- </listitem>
- </varlistentry>
+# Redirect MSN search requests to Yahoo
+{+redirect{s@^http://[^/]*/results\.aspx\?q=([^&]*).*@http://search.yahoo.com/search?p=$1@}}
+search.msn.com//results\.aspx\?q=
- <varlistentry>
- <term>Example usage:</term>
- <listitem>
- <para>
- <screen>+send-vanilla-wafer</screen>
+# Redirect remote requests for this manual
+# to the local version delivered by Privoxy
+{+redirect{s@^http://www@http://config@}}
+www.privoxy.org/user-manual/</screen>
</para>
</listitem>
</varlistentry>
</sect3>
-<!-- ~~~~~ New section ~~~~~ -->
-<sect3 renderas="sect4" id="send-wafer">
-<title>send-wafer</title>
-
-<variablelist>
- <varlistentry>
- <term>Typical use:</term>
- <listitem>
- <para>
- Send custom cookies or feed log analysis scripts with even more useless data.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Effect:</term>
- <listitem>
- <para>
- Sends a custom, user-defined cookie with each request.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Type:</term>
- <!-- Boolean, Parameterized, Multi-value -->
- <listitem>
- <para>Multi-value.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Parameter:</term>
- <listitem>
- <para>
- A string of the form <quote><replaceable class="option">name</replaceable>=<replaceable
- class="parameter">value</replaceable></quote>.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Notes:</term>
- <listitem>
- <para>
- Being multi-valued, multiple instances of this action can apply to the same request,
- resulting in multiple cookies being sent.
- </para>
- <para>
- This action is rarely used and not enabled in the default configuration.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>Example usage (section):</term>
- <listitem>
- <para>
- <screen>{+send-wafer{UsingPrivoxy=true}}
-my-internal-testing-server.void</screen>
- </para>
- </listitem>
- </varlistentry>
-</variablelist>
-</sect3>
-
-
<!-- ~~~~~ New section ~~~~~ -->
<sect3 renderas="sect4" id="server-header-filter">
<title>server-header-filter</title>
</sect3>
-<!-- ~~~~~ New section ~~~~~ -->
-<sect3 renderas="sect4" id="treat-forbidden-connects-like-blocks">
-<title>treat-forbidden-connects-like-blocks</title>
-<!--
-new action
--->
-<variablelist>
- <varlistentry>
- <term>Typical use:</term>
- <listitem>
- <para>Block forbidden connects with an easy to find error message.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Effect:</term>
- <listitem>
- <para>
- If this action is enabled, <application>Privoxy</application> no longer
- makes a difference between forbidden connects and ordinary blocks.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Type:</term>
- <!-- Boolean, Parameterized, Multi-value -->
- <listitem>
- <para>Boolean</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Parameter:</term>
- <listitem>
- <para>N/A</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Notes:</term>
- <listitem>
- <para>
- By default <application>Privoxy</application> answers
- <link linkend="limit-connect">forbidden <quote>Connect</quote> requests</link>
- with a short error message inside the headers. If the browser doesn't display
- headers (most don't), you just see an empty page.
- </para>
- <para>
- With this action enabled, <application>Privoxy</application> displays
- the message that is used for ordinary blocks instead. If you decide
- to make an exception for the page in question, you can do so by
- following the <quote>See why</quote> link.
- </para>
- <para>
- For <quote>Connect</quote> requests the clients tell
- <application>Privoxy</application> which host they are interested
- in, but not which document they plan to get later. As a result, the
- <quote>Go there anyway</quote> wouldn't work and is therefore suppressed.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Example usage:</term>
- <listitem>
- <para>
- <screen>+treat-forbidden-connects-like-blocks</screen>
- </para>
- </listitem>
- </varlistentry>
-</variablelist>
-</sect3>
-
-
<!-- ~~~~~ New section ~~~~~ -->
<sect3>
<title>Summary</title>
#
+crunch-all-cookies = +<link linkend="CRUNCH-INCOMING-COOKIES">crunch-incoming-cookies</link> +<link linkend="CRUNCH-OUTGOING-COOKIES">crunch-outgoing-cookies</link>
-crunch-all-cookies = -<link linkend="CRUNCH-INCOMING-COOKIES">crunch-incoming-cookies</link> -<link linkend="CRUNCH-OUTGOING-COOKIES">crunch-outgoing-cookies</link>
- +block-as-image = +block +handle-as-image
+ +block-as-image = +block{Blocked image.} +handle-as-image
allow-all-cookies = -crunch-all-cookies -<link linkend="SESSION-COOKIES-ONLY">session-cookies-only</link> -<link linkend="FILTER-CONTENT-COOKIES">filter{content-cookies}</link>
# These aliases define combinations of actions
# that are useful for certain types of sites:
#
- fragile = -<link linkend="BLOCK">block</link> -<link linkend="FILTER">filter</link> -crunch-all-cookies -<link linkend="FAST-REDIRECTS">fast-redirects</link> -<link linkend="HIDE-REFERER">hide-referrer</link> -<link linkend="KILL-POPUPS">kill-popups</link> -<link linkend="PREVENT-COMPRESSION">prevent-compression</link>
+ fragile = -<link linkend="BLOCK">block</link> -<link linkend="FILTER">filter</link> -crunch-all-cookies -<link linkend="FAST-REDIRECTS">fast-redirects</link> -<link linkend="HIDE-REFERER">hide-referrer</link> -<link linkend="PREVENT-COMPRESSION">prevent-compression</link>
- shop = -crunch-all-cookies -<link linkend="FILTER-ALL-POPUPS">filter{all-popups}</link> -<link linkend="KILL-POPUPS">kill-popups</link>
+ shop = -crunch-all-cookies -<link linkend="FILTER-ALL-POPUPS">filter{all-popups}</link>
# Short names for other aliases, for really lazy people ;-)
#
# These shops require pop-ups:
#
- {-kill-popups -filter{all-popups} -filter{unsolicited-popups}}
+ {-filter{all-popups} -filter{unsolicited-popups}}
.dabs.com
.overclockers.co.uk</screen>
</para>
#
+crunch-all-cookies = +<link linkend="CRUNCH-INCOMING-COOKIES">crunch-incoming-cookies</link> +<link linkend="CRUNCH-OUTGOING-COOKIES">crunch-outgoing-cookies</link>
-crunch-all-cookies = -<link linkend="CRUNCH-INCOMING-COOKIES">crunch-incoming-cookies</link> -<link linkend="CRUNCH-OUTGOING-COOKIES">crunch-outgoing-cookies</link>
- +block-as-image = +block +handle-as-image
+ +block-as-image = +block{Blocked image.} +handle-as-image
mercy-for-cookies = -crunch-all-cookies -<link linkend="SESSION-COOKIES-ONLY">session-cookies-only</link> -<link linkend="FILTER-CONTENT-COOKIES">filter{content-cookies}</link>
# These aliases define combinations of actions
# that are useful for certain types of sites:
#
- fragile = -<link linkend="BLOCK">block</link> -<link linkend="FILTER">filter</link> -crunch-all-cookies -<link linkend="FAST-REDIRECTS">fast-redirects</link> -<link linkend="HIDE-REFERER">hide-referrer</link> -<link linkend="KILL-POPUPS">kill-popups</link>
- shop = -crunch-all-cookies -<link linkend="FILTER-ALL-POPUPS">filter{all-popups}</link> -<link linkend="KILL-POPUPS">kill-popups</link></screen>
+ fragile = -<link linkend="BLOCK">block</link> -<link linkend="FILTER">filter</link> -crunch-all-cookies -<link linkend="FAST-REDIRECTS">fast-redirects</link> -<link linkend="HIDE-REFERER">hide-referrer</link>
+ shop = -crunch-all-cookies -<link linkend="FILTER-ALL-POPUPS">filter{all-popups}</link></screen>
</para>
<para>
# "Defaults" section:
##########################################################################
{ \
+ +<link linkend="CHANGE-X-FORWARDED-FOR">change-x-forwarded-for{block}</link> \
+<link linkend="DEANIMATE-GIFS">deanimate-gifs</link> \
+<link linkend="FILTER-HTML-ANNOYANCES">filter{html-annoyances}</link> \
+<link linkend="FILTER-REFRESH-TAGS">filter{refresh-tags}</link> \
+<link linkend="FILTER-WEBBUGS">filter{webbugs}</link> \
+<link linkend="FILTER-IE-EXPLOITS">filter{ie-exploits}</link> \
- +<link linkend="HIDE-FORWARDED-FOR-HEADERS">hide-forwarded-for-headers</link> \
+<link linkend="HIDE-FROM-HEADER">hide-from-header{block}</link> \
+<link linkend="HIDE-REFERER">hide-referrer{forge}</link> \
+<link linkend="PREVENT-COMPRESSION">prevent-compression</link> \
now. <ulink url="http://www.mozilla.org/">Mozilla</ulink> users, who
can turn on smart handling of unwanted pop-ups in their browsers, can
safely choose
- -<literal><link linkend="FILTER-ALL-POPUPS">filter{popups}</link></literal> (and
- -<literal><link linkend="KILL-POPUPS">kill-popups</link></literal>) above
+ -<literal><link linkend="FILTER-ALL-POPUPS">filter{popups}</link></literal> above
and hence don't need this section. Anyway, disabling an already disabled
action doesn't hurt, so we'll define our exceptions regardless of what was
chosen in the defaults section:
<screen>
# These sites require pop-ups too :(
#
-{ -<link linkend="KILL-POPUPS">kill-popups</link> -<link linkend="FILTER-ALL-POPUPS">filter{popups}</link> }
+{ -<link linkend="FILTER-ALL-POPUPS">filter{popups}</link> }
.dabs.com
.overclockers.co.uk
.deutsche-bank-24.de</screen>
##########################################################################
# Block these fine banners:
##########################################################################
-{ <link linkend="BLOCK">+block</link> }
+{ <link linkend="BLOCK">+block{Banner ads.}</link> }
# Generic patterns:
#
+crunch-all-cookies = +crunch-incoming-cookies +crunch-outgoing-cookies
-crunch-all-cookies = -crunch-incoming-cookies -crunch-outgoing-cookies
allow-all-cookies = -crunch-all-cookies -session-cookies-only
- allow-popups = -filter{all-popups} -kill-popups
-+block-as-image = +block +handle-as-image
+ allow-popups = -filter{all-popups}
++block-as-image = +block{Blocked as image.} +handle-as-image
-block-as-image = -block
# These aliases define combinations of actions that are useful for
# certain types of sites:
#
-fragile = -block -crunch-all-cookies -filter -fast-redirects -hide-referrer -kill-popups
+fragile = -block -crunch-all-cookies -filter -fast-redirects -hide-referrer
shop = -crunch-all-cookies allow-popups
# Allow ads for selected useful free sites:
seen an ad on your favourite page on example.com that you want to get rid of.
You have right-clicked the image, selected <quote>copy image location</quote>
and pasted the URL below while removing the leading http://, into a
- <literal>{ +block }</literal> section. Note that <literal>{ +handle-as-image
+ <literal>{ +block{} }</literal> section. Note that <literal>{ +handle-as-image
}</literal> need not be specified, since all URLs ending in
<literal>.gif</literal> will be tagged as images by the general rules as set
in default.action anyway:
<para>
<screen>
-{ +<link linkend="BLOCK">block</link> }
+{ +<link linkend="BLOCK">block</link>{Nasty ads.} }
www.example.com/nasty-ads/sponsor\.gif
another.example.net/more/junk/here/</screen>
</para>
actions.
</para>
</listitem>
- <listitem>
- <para>
- If the <link linkend="KILL-POPUPS"><quote>+kill-popups</quote></link>
- action applies, and it is an HTML or JavaScript document, the popup-code in the
- response is filtered on-the-fly as it is received.
- </para>
- </listitem>
<listitem>
<para>
If any <link linkend="FILTER"><quote>+filter</quote></link> action
In file: default.action <guibutton>[ View ]</guibutton> <guibutton>[ Edit ]</guibutton>
- {+deanimate-gifs {last}
+ {+change-x-forwarded-for{block}
+ +deanimate-gifs {last}
+fast-redirects {check-decoded-url}
+filter {refresh-tags}
+filter {img-reorder}
+filter {webbugs}
+filter {jumping-windows}
+filter {ie-exploits}
- +hide-forwarded-for-headers
+hide-from-header {block}
+hide-referrer {forge}
+session-cookies-only
-add-header
-block
+ +change-x-forwarded-for{block}
-client-header-filter{hide-tor-exit-notation}
-content-type-overwrite
-crunch-client-header
-handle-as-image
-hide-accept-language
-hide-content-disposition
- +hide-forwarded-for-headers
+hide-from-header {block}
-hide-if-modified-since
+hide-referrer {forge}
-hide-user-agent
- -inspect-jpegs
- -kill-popups
-limit-connect
-overwrite-last-modified
-prevent-compression
-redirect
- -send-vanilla-wafer
- -send-wafer
-server-header-filter{xml-to-html}
-server-header-filter{html-to-xml}
-session-cookies-only
- +set-image-blocker {pattern}
- -treat-forbidden-connects-like-blocks </screen>
+ +set-image-blocker {pattern} </screen>
</para>
<para>
<para>
<screen>
- { +block }
+ { +block{Domains starts with "ad"} }
ad*.
- { +block }
+ { +block{Domain contains "ad"} }
.ad.
- { +block +handle-as-image }
+ { +block{Doubleclick banner server} +handle-as-image }
.[a-vx-z]*.doubleclick.net
</screen>
</para>
<para>
We'll just show the interesting part here - the explicit matches. It is
- matched three different times. Two <quote>+block</quote> sections,
- and a <quote>+block +handle-as-image</quote>,
+ matched three different times. Two <quote>+block{}</quote> sections,
+ and a <quote>+block{} +handle-as-image</quote>,
which is the expanded form of one of our aliases that had been defined as:
<quote>+block-as-image</quote>. (<link
linkend="ALIASES"><quote>Aliases</quote></link> are defined in
though ;-) Note that if you want an ad or obnoxious
URL to be invisible, it should be defined as <quote>ad.doubleclick.net</quote>
is done here -- as both a <link
- linkend="BLOCK"><quote>+block</quote></link>
+ linkend="BLOCK"><quote>+block{}</quote></link>
<emphasis>and</emphasis> an
<link linkend="HANDLE-AS-IMAGE"><quote>+handle-as-image</quote></link>.
The custom alias <quote><literal>+block-as-image</literal></quote> just
{-add-header
-block
+ +change-x-forwarded-for{block}
-client-header-filter{hide-tor-exit-notation}
-content-type-overwrite
-crunch-client-header
-handle-as-image
-hide-accept-language
-hide-content-disposition
- +hide-forwarded-for-headers
+hide-from-header{block}
+hide-referer{forge}
-hide-user-agent
- -inspect-jpegs
- -kill-popups
-overwrite-last-modified
+prevent-compression
-redirect
- -send-vanilla-wafer
- -send-wafer
-server-header-filter{xml-to-html}
-server-header-filter{html-to-xml}
+session-cookies-only
- +set-image-blocker{blank}
- -treat-forbidden-connects-like-blocks }
+ +set-image-blocker{blank} }
/
- { +block +handle-as-image }
+ { +block{Path contains "ads".} +handle-as-image }
/ads
</screen>
</para>
<para>
<screen>
- { +block +handle-as-image }
+ { +block{Path starts with "ads".} +handle-as-image }
/ads
</screen>
</para>
USA
$Log: user-manual.sgml,v $
+ Revision 2.90 2008/09/26 16:53:09 fabiankeil
+ Update "What's new" section.
+
+ Revision 2.89 2008/09/21 15:38:56 fabiankeil
+ Fix Portage tree sync instructions in Gentoo section.
+ Anonymously reported at ijbswa-developers@.
+
+ Revision 2.88 2008/09/21 14:42:52 fabiankeil
+ Add documentation for change-x-forwarded-for{},
+ remove documentation for hide-forwarded-for-headers.
+
+ Revision 2.87 2008/08/30 15:37:35 fabiankeil
+ Update entities.
+
+ Revision 2.86 2008/08/16 10:12:23 fabiankeil
+ Merge two sentences and move the URL to the end of the item.
+
+ Revision 2.85 2008/08/16 10:04:59 fabiankeil
+ Some more syntax fixes. This version actually builds.
+
+ Revision 2.84 2008/08/16 09:42:45 fabiankeil
+ Turns out building docs works better if the syntax is valid.
+
+ Revision 2.83 2008/08/16 09:32:02 fabiankeil
+ Mention changes since 3.0.9 beta.
+
+ Revision 2.82 2008/08/16 09:00:52 fabiankeil
+ Fix example URL pattern (once more with feeling).
+
+ Revision 2.81 2008/08/16 08:51:28 fabiankeil
+ Update version-related entities.
+
+ Revision 2.80 2008/07/18 16:54:30 fabiankeil
+ Remove erroneous whitespace in documentation link.
+ Reported by John Chronister in #2021611.
+
+ Revision 2.79 2008/06/27 18:00:53 markm68k
+ remove outdated startup information for mac os x
+
+ Revision 2.78 2008/06/21 17:03:03 fabiankeil
+ Fix typo.
+
+ Revision 2.77 2008/06/14 13:45:22 fabiankeil
+ Re-add a colon I unintentionally removed a few revisions ago.
+
+ Revision 2.76 2008/06/14 13:21:28 fabiankeil
+ Prepare for the upcoming 3.0.9 beta release.
+
+ Revision 2.75 2008/06/13 16:06:48 fabiankeil
+ Update the "What's New in this Release" section with
+ the ChangeLog entries changelog2doc.pl could handle.
+
+ Revision 2.74 2008/05/26 15:55:46 fabiankeil
+ - Update "default profiles" table.
+ - Add some more pcrs redirect examples and note that
+ enabling debug 128 helps to get redirects working.
+
+ Revision 2.73 2008/05/23 14:43:18 fabiankeil
+ Remove previously out-commented block that caused syntax problems.
+
+ Revision 2.72 2008/05/12 10:26:14 fabiankeil
+ Synchronize content filter descriptions with the ones in default.filter.
+
+ Revision 2.71 2008/04/10 17:37:16 fabiankeil
+ Actually we use "modern" POSIX 1003.2 regular
+ expressions in path patterns, not PCRE.
+
+ Revision 2.70 2008/04/10 15:59:12 fabiankeil
+ Add another section to the client-header-tagger example that shows
+ how to actually change the action settings once the tag is created.
+
+ Revision 2.69 2008/03/29 12:14:25 fabiankeil
+ Remove send-wafer and send-vanilla-wafer actions.
+
+ Revision 2.68 2008/03/28 15:13:43 fabiankeil
+ Remove inspect-jpegs action.
+
+ Revision 2.67 2008/03/27 18:31:21 fabiankeil
+ Remove kill-popups action.
+
+ Revision 2.66 2008/03/06 16:33:47 fabiankeil
+ If limit-connect isn't used, don't limit CONNECT requests to port 443.
+
+ Revision 2.65 2008/03/04 18:30:40 fabiankeil
+ Remove the treat-forbidden-connects-like-blocks action. We now
+ use the "blocked" page for forbidden CONNECT requests by default.
+
+ Revision 2.64 2008/03/01 14:10:28 fabiankeil
+ Use new block syntax. Still needs some polishing.
+
+ Revision 2.63 2008/02/22 05:50:37 markm68k
+ fix merge problem
+
+ Revision 2.62 2008/02/11 11:52:23 hal9
+ Fix entity ... s/&/&
+
+ Revision 2.61 2008/02/11 03:41:47 markm68k
+ more updates for mac os x
+
+ Revision 2.60 2008/02/11 03:40:25 markm68k
+ more updates for mac os x
+
+ Revision 2.59 2008/02/11 00:52:34 markm68k
+ reflect new changes for mac os x
+
+ Revision 2.58 2008/02/03 21:37:40 hal9
+ Apply patch from Mark: s/OSX/OS X/
+
+ Revision 2.57 2008/02/03 19:10:14 fabiankeil
+ Mention forward-socks5.
+
+ Revision 2.56 2008/01/31 19:11:35 fabiankeil
+ Let the +client-header-filter{hide-tor-exit-notation} example apply
+ to all requests as "tainted" Referers aren't limited to exit TLDs.
+
+ Revision 2.55 2008/01/19 21:26:37 hal9
+ Add IE7 to configuration section per Gerry.
+
Revision 2.54 2008/01/19 17:52:39 hal9
Re-commit to fix various minor issues for new release.
Spell checked (only one typo this time!).
Revision 1.123.2.16 2002/08/09 19:20:54 david__schmidt
- Update to Mac OSX startup script name
+ Update to Mac OS X startup script name
Revision 1.123.2.15 2002/08/07 17:32:11 oes
Converted some internal links from ulink to link for PDF creation; no content changed
Revision 1.123.2.9 2002/07/11 03:40:28 david__schmidt
- Updated Mac OSX sections due to installation location change
+ Updated Mac OS X sections due to installation location change
Revision 1.123.2.8 2002/06/09 16:36:32 hal9
Clarifications on filtering and MIME. Hardcode 'latest release' in index.html.
Ooops missed something from David.
Revision 1.123.2.3 2002/05/27 03:23:17 hal9
- Fix FIXMEs for OS2 and OSX startup. Fix Redhat typos (should be Red Hat).
+ Fix FIXMEs for OS2 and Mac OS X startup. Fix Redhat typos (should be Red Hat).
That's a wrap, I think.
Revision 1.123.2.2 2002/05/26 19:02:09 hal9
Add AmigaOS install stuff.
Revision 1.87 2002/04/23 02:53:15 david__schmidt
- Updated OSX installation section
+ Updated Mac OS X installation section
Added a few English tweaks here an there
Revision 1.86 2002/04/21 01:46:32 hal9
projects / privoxy.git / blobdiff