-
-</pre>
- </td>
- </tr>
- </table>
-
- <p>Unencrypted connections to systems in these address ranges will be
- as (un)secure as the local network is, but the alternative is that your
- browser can't reach the network at all. Then again, that may actually
- be desired and if you don't know for sure that your browser has to be
- able to reach the local network, there's no reason to allow it.</p>
-
- <p>If you want your browser to be able to reach servers in your local
- network by using their names, you will need additional exceptions that
- look like this:</p>
-
- <table border="0" bgcolor="#E0E0E0" width="100%">
- <tr>
- <td>
- <pre class="SCREEN">
-# forward localhost/ .
-
-</pre>
- </td>
- </tr>
- </table>
-
- <p>Save the modified configuration file and open <a href=
- "http://config.privoxy.org/show-status" target=
- "_top">http://config.privoxy.org/show-status</a> in your browser,
- confirm that <span class="APPLICATION">Privoxy</span> has reloaded its
- configuration and that there are no other forward lines, unless you
- know that you need them. If everything looks good, refer to <a href=
- "https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#IsMyConnectionPrivate"
- target="_top">Tor Faq 4.2</a> to learn how to verify that you are
- really using <span class="APPLICATION">Tor</span>.</p>
-
- <p>Afterward, please take the time to at least skim through the rest of
- <span class="APPLICATION">Tor's</span> documentation. Make sure you
- understand what <span class="APPLICATION">Tor</span> does, why it is no
- replacement for application level security, and why you probably don't
- want to use it for unencrypted logins.</p>
- </div>
-
- <div class="SECT2">
- <h3 class="SECT2"><a name="AEN872" id="AEN872">4.11. Might some things
- break because header information or content is being altered?</a></h3>
-
- <p>Definitely. It is common for sites to use browser type, browser
- version, HTTP header content, and various other techniques in order to
- dynamically decide what to display and how to display it. What you see,
- and what I see, might be very different. There are many, many ways that
- this can be handled, so having hard and fast rules, is tricky.</p>
-
- <p>The <span class="QUOTE">"User-Agent"</span> is sometimes used in
- this way to identify the browser, and adjust content accordingly.</p>
-
- <p>Also, different browsers use different encodings of non-English
- characters, certain web servers convert pages on-the-fly according to
- the User Agent header. Giving a <span class="QUOTE">"User Agent"</span>
- with the wrong operating system or browser manufacturer causes some
- sites in these languages to be garbled; Surfers to Eastern European
- sites should change it to something closer. And then some page access
- counters work by looking at the <span class="QUOTE">"Referer"</span>
- header; they may fail or break if unavailable. The weather maps of
- Intellicast have been blocked by their server when no <span class=
- "QUOTE">"Referer"</span> or cookie is provided, is another example.
- (But you can forge both headers without giving information away). There
- are many other ways things can go wrong when trying to fool a web
- server. The results of which could inadvertently cause pages to load
- incorrectly, partially, or even not at all. And there may be no obvious
- clues as to just what went wrong, or why. Nowhere will there be a
- message that says <span class="QUOTE">"<span class="emphasis"><i class=
- "EMPHASIS">Turn off <tt class="LITERAL">fast-redirects</tt> or
- else!</i></span> "</span></p>
-
- <p>Similar thoughts apply to modifying JavaScript, and, to a lesser
- degree, HTML elements.</p>
-
- <p>If you have problems with a site, you will have to adjust your
- configuration accordingly. Cookies are probably the most likely
- adjustment that may be required, but by no means the only one.</p>
- </div>
-
- <div class="SECT2">
- <h3 class="SECT2"><a name="AEN886" id="AEN886">4.12. Can Privoxy act as
- a <span class="QUOTE">"caching"</span> proxy to speed up web
- browsing?</a></h3>
-
- <p>No, it does not have this ability at all. You want something like
- <a href="http://www.squid-cache.org/" target="_top">Squid</a> or
- <a href="http://www.pps.jussieu.fr/~jch/software/polipo/" target=
- "_top">Polipo</a> for this. And, yes, before you ask, <span class=
- "APPLICATION">Privoxy</span> can co-exist with other kinds of proxies
- like <span class="APPLICATION">Squid</span>. See the <a href=
- "../user-manual/config.html#FORWARDING" target="_top">forwarding
- chapter</a> in the <a href="../user-manual/index.html" target=
- "_top">user manual</a> for details.</p>
- </div>
-
- <div class="SECT2">
- <h3 class="SECT2"><a name="AEN896" id="AEN896">4.13. What about as a
- firewall? Can Privoxy protect me?</a></h3>
-
- <p>Not in the way you mean, or in the way some firewall vendors claim
- they can. <span class="APPLICATION">Privoxy</span> can help protect
- your privacy, but can't protect your system from intrusion attempts. It
- is, of course, perfectly possible to use <span class=
- "emphasis"><i class="EMPHASIS">both</i></span>.</p>
- </div>
-
- <div class="SECT2">
- <h3 class="SECT2"><a name="AEN901" id="AEN901">4.14. I have large empty
- spaces / a checkerboard pattern now where ads used to be. Why?</a></h3>
-
- <p>It is technically possible to eliminate banners and ads in a way
- that frees their allocated page space. This could easily be done by
- blocking with <span class="APPLICATION">Privoxy's</span> filters, and
- eliminating the <span class="emphasis"><i class=
- "EMPHASIS">entire</i></span> image references from the HTML page
- source.</p>
-
- <p>But, this would consume considerably more CPU resources (IOW, slow
- things down), would likely destroy the layout of some web pages which
- rely on the banners utilizing a certain amount of page space, and might
- fail in other cases, where the screen space is reserved (e.g. by HTML
- tables for instance). Also, making ads and banners disappear without
- any trace complicates troubleshooting, and would sooner or later be
- problematic.</p>
-
- <p>The better alternative is to instead let them stay, and block the
- resulting requests for the banners themselves as is now the case. This
- leaves either empty space, or the familiar checkerboard pattern.</p>
-
- <p>So the developers won't support this in the default configuration,
- but you can of course define appropriate filters yourself to achieve
- this.</p>
- </div>
-
- <div class="SECT2">
- <h3 class="SECT2"><a name="AEN909" id="AEN909">4.15. How can Privoxy
- filter Secure (HTTPS) URLs?</a></h3>
-
- <p>Since secure HTTP connections are encrypted SSL sessions between
- your browser and the secure site, and are meant to be reliably
- <span class="emphasis"><i class="EMPHASIS">secure</i></span>, there is
- little that <span class="APPLICATION">Privoxy</span> can do but hand
- the raw gibberish data though from one end to the other
- unprocessed.</p>
-
- <p>The only exception to this is blocking by host patterns, as the
- client needs to tell <span class="APPLICATION">Privoxy</span> the name
- of the remote server, so that <span class="APPLICATION">Privoxy</span>
- can establish the connection. If that name matches a host-only pattern,
- the connection will be blocked.</p>
-
- <p>As far as ad blocking is concerned, this is less of a restriction
- than it may seem, since ad sources are often identifiable by the host
- name, and often the banners to be placed in an encrypted page come
- unencrypted nonetheless for efficiency reasons, which exposes them to
- the full power of <span class="APPLICATION">Privoxy</span>'s ad
- blocking.</p>
-
- <p><span class="QUOTE">"Content cookies"</span> (those that are
- embedded in the actual HTML or JS page content, see <tt class=
- "LITERAL"><a href=
- "../user-manual/actions-file.html#FILTER-CONTENT-COOKIES" target=
- "_top">filter{content-cookies}</a></tt>), in an SSL transaction will be
- impossible to block under these conditions. Fortunately, this does not
- seem to be a very common scenario since most cookies come by
- traditional means.</p>
- </div>
-
- <div class="SECT2">
- <h3 class="SECT2"><a name="AEN923" id="AEN923">4.16. Privoxy runs as a
- <span class="QUOTE">"server"</span>. How secure is it? Do I need to
- take any special precautions?</a></h3>
-
- <p>On Unix-like systems, <span class="APPLICATION">Privoxy</span> can
- run as a non-privileged user, which is how we recommend it be run.
- Also, by default <span class="APPLICATION">Privoxy</span> listens to
- requests from <span class="QUOTE">"localhost"</span> only.</p>
-
- <p>The server aspect of <span class="APPLICATION">Privoxy</span> is not
- itself directly exposed to the Internet in this configuration. If you
- want to have <span class="APPLICATION">Privoxy</span> serve as a LAN
- proxy, this will have to be opened up to allow for LAN requests. In
- this case, we'd recommend you specify only the LAN gateway address,
- e.g. 192.168.1.1, in the main <span class="APPLICATION">Privoxy</span>
- configuration file and check all <a href=
- "../user-manual/config.html#ACCESS-CONTROL" target="_top">access
- control and security options</a>. All LAN hosts can then use this as
- their proxy address in the browser proxy configuration, but
- <span class="APPLICATION">Privoxy</span> will not listen on any
- external interfaces. ACLs can be defined in addition, and using a
- firewall is always good too. Better safe than sorry.</p>
- </div>
-
- <div class="SECT2">
- <h3 class="SECT2"><a name="TURNOFF" id="TURNOFF">4.17. Can I
- temporarily disable Privoxy?</a></h3>
-
- <p><span class="APPLICATION">Privoxy</span> doesn't have a transparent
- proxy mode, but you can toggle off blocking and content filtering.</p>
-
- <p>The easiest way to do that is to point your browser to the remote
- toggle URL: <a href="http://config.privoxy.org/toggle" target=
- "_top">http://config.privoxy.org/toggle</a>.</p>
-
- <p>See the <a href="../user-manual/appendix.html#BOOKMARKLETS" target=
- "_top">Bookmarklets section</a> of the <i class="CITETITLE">User
- Manual</i> for an easy way to access this feature. Note that this is a
- feature that may need to be enabled in the main <tt class=
- "FILENAME">config</tt> file.</p>
- </div>
-
- <div class="SECT2">
- <h3 class="SECT2"><a name="REALLYOFF" id="REALLYOFF">4.18. When
- <span class="QUOTE">"disabled"</span> is Privoxy totally out of the
- picture?</a></h3>
-
- <p>No, this just means all optional filtering and actions are disabled.
- <span class="APPLICATION">Privoxy</span> is still acting as a proxy,
- but just doing less of the things that <span class=
- "APPLICATION">Privoxy</span> would normally be expected to do. It is
- still a <span class="QUOTE">"middle-man"</span> in the interaction
- between your browser and web sites. See below to bypass the proxy.</p>
- </div>
-
- <div class="SECT2">
- <h3 class="SECT2"><a name="TURNOFF2" id="TURNOFF2">4.19. How can I tell
- Privoxy to totally ignore certain sites?</a></h3>
-
- <p>Bypassing a proxy, or proxying based on arbitrary criteria, is
- purely a browser configuration issue, not a <span class=
- "APPLICATION">Privoxy</span> issue. Modern browsers typically do have
- settings for not proxying certain sites. Check your browser's help
- files.</p>
- </div>
-
- <div class="SECT2">
- <h3 class="SECT2"><a name="CRUNCH" id="CRUNCH">4.20. My logs show
- Privoxy <span class="QUOTE">"crunches"</span> ads, but also its own
- internal CGI pages. What is a <span class=
- "QUOTE">"crunch"</span>?</a></h3>
-
- <p>A <span class="QUOTE">"crunch"</span> simply means <span class=
- "APPLICATION">Privoxy</span> intercepted <span class=
- "emphasis"><i class="EMPHASIS">something</i></span>, nothing more.
- Often this is indeed ads or banners, but <span class=
- "APPLICATION">Privoxy</span> uses the same mechanism for trapping
- requests for its own internal pages. For instance, a request for
- <span class="APPLICATION">Privoxy's</span> configuration page at:
- <a href="http://config.privoxy.org" target=
- "_top">http://config.privoxy.org</a>, is intercepted (i.e. it does not
- go out to the 'net), and the familiar CGI configuration is returned to
- the browser, and the log consequently will show a <span class=
- "QUOTE">"crunch"</span>.</p>
-
- <p>Since version 3.0.7, Privoxy will also log the crunch reason. If you
- are using an older version you might want to upgrade.</p>
- </div>
-
- <div class="SECT2">
- <h3 class="SECT2"><a name="DOWNLOADS" id="DOWNLOADS">4.21. Can Privoxy
- effect files that I download from a webserver? FTP server?</a></h3>
-
- <p>From the webserver's perspective, there is no difference between
- viewing a document (i.e. a page), and downloading a file. The same is
- true of <span class="APPLICATION">Privoxy</span>. If there is a match
- for a <tt class="LITERAL"><a href=
- "../user-manual/actions-file.html#BLOCK" target="_top">block</a></tt>
- pattern, it will still be blocked, and of course this is obvious.</p>
-
- <p>Filtering is potentially more of a concern since the results are not
- always so obvious, and the effects of filtering are there whether the
- file is simply viewed, or downloaded. And potentially whether the
- content is some obnoxious advertisement, or Mr. Jimmy's latest/greatest
- source code jewel. Of course, one of these presumably is <span class=
- "QUOTE">"bad"</span> content that we don't want, and the other is
- <span class="QUOTE">"good"</span> content that we do want. <span class=
- "APPLICATION">Privoxy</span> is blind to the differences, and can only
- distinguish <span class="QUOTE">"good from bad"</span> by the
- configuration parameters <span class="emphasis"><i class=
- "EMPHASIS">we</i></span> give it.</p>
-
- <p><span class="APPLICATION">Privoxy</span> knows the differences in
- files according to the <span class="QUOTE">"Content Type"</span> as
- reported by the webserver. If this is reported accurately (e.g.
- <span class="QUOTE">"application/zip"</span> for a zip archive), then
- <span class="APPLICATION">Privoxy</span> knows to ignore these where
- appropriate. <span class="APPLICATION">Privoxy</span> potentially can
- filter HTML as well as plain text documents, subject to configuration
- parameters of course. Also, documents that are of an unknown type
- (generally assumed to be <span class="QUOTE">"text/plain"</span>) can
- be filtered, as will those that might be incorrectly reported by the
- webserver. If such a file is a downloaded file that is intended to be
- saved to disk, then any content that might have been altered by
- filtering, will be saved too, for these (probably rare) cases.</p>
-
- <p>Note that versions later than 3.0.2 do NOT filter document types
- reported as <span class="QUOTE">"text/plain"</span>. Prior to this,
- <span class="APPLICATION">Privoxy</span> did filter this document
- type.</p>
-
- <p>In short, filtering is <span class="QUOTE">"ON"</span> if a) the
- content type as reported by the webserver is appropriate <span class=
- "emphasis"><i class="EMPHASIS">and</i></span> b) the configuration
- allows it (or at least does not disallow it). That's it. There is no
- magic cookie anywhere to say this is <span class="QUOTE">"good"</span>
- and this is <span class="QUOTE">"bad"</span>. It's the configuration
- that lets it all happen or not.</p>
-
- <p>If you download text files, you probably do not want these to be
- filtered, particularly if the content is source code, or other critical
- content. Source code sometimes might be mistaken for Javascript (i.e.
- the kind that might open a pop-up window). It is recommended to turn
- off filtering for download sites (particularly if the content may be
- plain text files and you are using version 3.0.2 or earlier) in your
- <tt class="FILENAME">user.action</tt> file. And also, for any site or
- page where making <span class="emphasis"><i class=
- "EMPHASIS">any</i></span> changes at all to the content is to be
- avoided.</p>
-
- <p><span class="APPLICATION">Privoxy</span> does not do FTP at all,
- only HTTP and HTTPS (SSL) protocols.</p>
- </div>
-
- <div class="SECT2">
- <h3 class="SECT2"><a name="DOWNLOADS2" id="DOWNLOADS2">4.22. I just
- downloaded a Perl script, and Privoxy altered it! Yikes, what is
- wrong!</a></h3>
-
- <p>Please read above.</p>
- </div>
-
- <div class="SECT2">
- <h3 class="SECT2"><a name="HOSTSFILE" id="HOSTSFILE">4.23. Should I
- continue to use a <span class="QUOTE">"HOSTS"</span> file for
- ad-blocking?</a></h3>
-
- <p>One time-tested technique to defeat common ads is to trick the local
- DNS system by giving a phony IP address for the ad generator in the
- local <tt class="FILENAME">HOSTS</tt> file, typically using <tt class=
- "LITERAL">127.0.0.1</tt>, aka <tt class="LITERAL">localhost</tt>. This
- effectively blocks the ad.</p>
-
- <p>There is no reason to use this technique in conjunction with
- <span class="APPLICATION">Privoxy</span>. <span class=
- "APPLICATION">Privoxy</span> does essentially the same thing, much more
- elegantly and with much more flexibility. A large <tt class=
- "FILENAME">HOSTS</tt> file, in fact, not only duplicates effort, but
- may get in the way and seriously slow down your system. It is
- recommended to remove such entries from your <tt class=
- "FILENAME">HOSTS</tt> file. If you think your hosts list is neglected
- by <span class="APPLICATION">Privoxy's</span> configuration, consider
- adding your list to your <tt class="FILENAME">user.action</tt>
- file:</p>
-
- <table border="0" bgcolor="#E0E0E0" width="100%">
- <tr>
- <td>
- <pre class="SCREEN">
- { +block }
+ </PRE
+></TD
+></TR
+></TABLE
+><P
+> Unencrypted connections to systems in these address ranges will
+ be as (un)secure as the local network is, but the alternative is
+ that your browser can't reach the network at all. Then again,
+ that may actually be desired and if you don't know for sure
+ that your browser has to be able to reach the local network,
+ there's no reason to allow it.</P
+><P
+> If you want your browser to be able to reach servers in your local
+ network by using their names, you will need additional exceptions
+ that look like this:</P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+># forward localhost/ .
+ </PRE
+></TD
+></TR
+></TABLE
+><P
+> Save the modified configuration file and open
+ <A
+HREF="http://config.privoxy.org/show-status"
+TARGET="_top"
+>http://config.privoxy.org/show-status</A
+>
+ in your browser, confirm that <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> has reloaded its configuration
+ and that there are no other forward lines, unless you know that you need them. If everything looks good,
+ refer to
+ <A
+HREF="https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#IsMyConnectionPrivate"
+TARGET="_top"
+>Tor
+ Faq 4.2</A
+> to learn how to verify that you are really using <SPAN
+CLASS="APPLICATION"
+>Tor</SPAN
+>.</P
+><P
+> Afterward, please take the time to at least skim through the rest
+ of <SPAN
+CLASS="APPLICATION"
+>Tor's</SPAN
+> documentation. Make sure you understand
+ what <SPAN
+CLASS="APPLICATION"
+>Tor</SPAN
+> does, why it is no replacement for
+ application level security, and why you probably don't want to
+ use it for unencrypted logins.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><H3
+CLASS="SECT2"
+><A
+NAME="SITEBREAK"
+>4.11. Might some things break because header information or
+content is being altered?</A
+></H3
+><P
+> Definitely. It is common for sites to use browser type, browser version,
+ HTTP header content, and various other techniques in order to dynamically
+ decide what to display and how to display it. What you see, and what I see,
+ might be very different. There are many, many ways that this can be handled,
+ so having hard and fast rules, is tricky.</P
+><P
+> The <SPAN
+CLASS="QUOTE"
+>"User-Agent"</SPAN
+> is sometimes used in this way to identify
+ the browser, and adjust content accordingly.</P
+><P
+> Also, different browsers use different encodings of non-English
+ characters, certain web servers convert pages on-the-fly according to the
+ User Agent header. Giving a <SPAN
+CLASS="QUOTE"
+>"User Agent"</SPAN
+> with the wrong
+ operating system or browser manufacturer causes some sites in these languages
+ to be garbled; Surfers to Eastern European sites should change it to
+ something closer. And then some page access counters work by looking at the
+ <SPAN
+CLASS="QUOTE"
+>"Referer"</SPAN
+> header; they may fail or break if unavailable. The
+ weather maps of Intellicast have been blocked by their server when no
+ <SPAN
+CLASS="QUOTE"
+>"Referer"</SPAN
+> or cookie is provided, is another example. (But you
+ can forge both headers without giving information away). There are
+ many other ways things can go wrong when trying to fool a web server. The
+ results of which could inadvertently cause pages to load incorrectly,
+ partially, or even not at all. And there may be no obvious clues as to just
+ what went wrong, or why. Nowhere will there be a message that says
+ <SPAN
+CLASS="QUOTE"
+>"<SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>Turn off <TT
+CLASS="LITERAL"
+>fast-redirects</TT
+> or else!</I
+></SPAN
+>
+ "</SPAN
+></P
+><P
+> Similar thoughts apply to modifying JavaScript, and, to a lesser degree,
+ HTML elements.</P
+><P
+> If you have problems with a site, you will have to adjust your configuration
+ accordingly. Cookies are probably the most likely adjustment that may
+ be required, but by no means the only one.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><H3
+CLASS="SECT2"
+><A
+NAME="CACHING"
+>4.12. Can Privoxy act as a <SPAN
+CLASS="QUOTE"
+>"caching"</SPAN
+> proxy to
+speed up web browsing?</A
+></H3
+><P
+> No, it does not have this ability at all. You want something like
+ <A
+HREF="http://www.squid-cache.org/"
+TARGET="_top"
+>Squid</A
+> or
+ <A
+HREF="http://www.pps.jussieu.fr/~jch/software/polipo/"
+TARGET="_top"
+>Polipo</A
+> for this.
+ And, yes, before you ask, <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> can co-exist
+ with other kinds of proxies like <SPAN
+CLASS="APPLICATION"
+>Squid</SPAN
+>.
+ See the <A
+HREF="../user-manual/config.html#FORWARDING"
+TARGET="_top"
+>forwarding
+ chapter</A
+> in the <A
+HREF="../user-manual/index.html"
+TARGET="_top"
+>user
+ manual</A
+> for details.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><H3
+CLASS="SECT2"
+><A
+NAME="FIREWALL"
+>4.13. What about as a firewall? Can Privoxy protect me?</A
+></H3
+><P
+> Not in the way you mean, or in the way some firewall vendors claim they can.
+ <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> can help protect your privacy, but can't
+ protect your system from intrusion attempts. It is, of course, perfectly possible
+ to use <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>both</I
+></SPAN
+>.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><H3
+CLASS="SECT2"
+><A
+NAME="WASTED"
+>4.14. I have large empty spaces / a checkerboard pattern now where
+ads used to be. Why?</A
+></H3
+><P
+> It is technically possible to eliminate banners and ads in a way that frees
+ their allocated page space. This could easily be done by blocking with
+ <SPAN
+CLASS="APPLICATION"
+>Privoxy's</SPAN
+> filters,
+ and eliminating the <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>entire</I
+></SPAN
+> image references from the
+ HTML page source.</P
+><P
+> But, this would consume considerably more CPU resources (IOW, slow things
+ down), would likely destroy the layout of some web pages which rely on the
+ banners utilizing a certain amount of page space, and might fail in other
+ cases, where the screen space is reserved (e.g. by HTML tables for instance).
+ Also, making ads and banners disappear without any trace complicates
+ troubleshooting, and would sooner or later be problematic.</P
+><P
+> The better alternative is to instead let them stay, and block the resulting
+ requests for the banners themselves as is now the case. This leaves either
+ empty space, or the familiar checkerboard pattern.</P
+><P
+> So the developers won't support this in the default configuration, but you
+ can of course define appropriate filters yourself to achieve this.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><H3
+CLASS="SECT2"
+><A
+NAME="SSL"
+>4.15. How can Privoxy filter Secure (HTTPS) URLs?</A
+></H3
+><P
+> Since secure HTTP connections are encrypted SSL sessions between your browser
+ and the secure site, and are meant to be reliably <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>secure</I
+></SPAN
+>,
+ there is little that <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> can do but hand the raw
+ gibberish data though from one end to the other unprocessed.</P
+><P
+> The only exception to this is blocking by host patterns, as the client needs
+ to tell <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> the name of the remote server,
+ so that <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> can establish the connection.
+ If that name matches a host-only pattern, the connection will be blocked.</P
+><P
+> As far as ad blocking is concerned, this is less of a restriction than it may
+ seem, since ad sources are often identifiable by the host name, and often
+ the banners to be placed in an encrypted page come unencrypted nonetheless
+ for efficiency reasons, which exposes them to the full power of
+ <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+>'s ad blocking.</P
+><P
+> <SPAN
+CLASS="QUOTE"
+>"Content cookies"</SPAN
+> (those that are embedded in the actual HTML or
+ JS page content, see <TT
+CLASS="LITERAL"
+><A
+HREF="../user-manual/actions-file.html#FILTER-CONTENT-COOKIES"
+TARGET="_top"
+>filter{content-cookies}</A
+></TT
+>),
+ in an SSL transaction will be impossible to block under these conditions.
+ Fortunately, this does not seem to be a very common scenario since most
+ cookies come by traditional means.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><H3
+CLASS="SECT2"
+><A
+NAME="HTTP2"
+>4.16. Does Privoxy support HTTP/2?</A
+></H3
+><P
+> Privoxy currently doesn't parse HTTP/2 but applications
+ can tunnel HTTP/2 through Privoxy if Privoxy is configured
+ to allow CONNECT requests (default) which are also used
+ for HTTPS.</P
+><P
+> Adding HTTP/2 support is on the TODO list but currently
+ nobody is known to work on it.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><H3
+CLASS="SECT2"
+><A
+NAME="SECURE"
+>4.17. Privoxy runs as a <SPAN
+CLASS="QUOTE"
+>"server"</SPAN
+>. How
+secure is it? Do I need to take any special precautions?</A
+></H3
+><P
+> On Unix-like systems, <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> can run as a non-privileged
+ user, which is how we recommend it be run. Also, by default
+ <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> listens to requests from <SPAN
+CLASS="QUOTE"
+>"localhost"</SPAN
+>
+ only.</P
+><P
+> The server aspect of <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> is not itself directly
+ exposed to the Internet in this configuration. If you want to have
+ <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> serve as a LAN proxy, this will have to
+ be opened up to allow for LAN requests. In this case, we'd recommend
+ you specify only the LAN gateway address, e.g. 192.168.1.1, in the main
+ <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> configuration file and check all <A
+HREF="../user-manual/config.html#ACCESS-CONTROL"
+TARGET="_top"
+>access control and security
+ options</A
+>. All LAN hosts can then use this as their proxy address
+ in the browser proxy configuration, but <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+>
+ will not listen on any external interfaces. ACLs can be defined in addition,
+ and using a firewall is always good too. Better safe than sorry.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><H3
+CLASS="SECT2"
+><A
+NAME="TURNOFF"
+>4.18. Can I temporarily disable Privoxy?</A
+></H3
+><P
+> <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> doesn't have a transparent proxy mode,
+ but you can toggle off blocking and content filtering.</P
+><P
+> The easiest way to do that is to point your browser
+ to the remote toggle URL: <A
+HREF="http://config.privoxy.org/toggle"
+TARGET="_top"
+>http://config.privoxy.org/toggle</A
+>.</P
+><P
+> See the <A
+HREF="../user-manual/appendix.html#BOOKMARKLETS"
+TARGET="_top"
+>Bookmarklets section</A
+>
+ of the <I
+CLASS="CITETITLE"
+>User Manual</I
+> for an easy way to access this
+ feature. Note that this is a feature that may need to be enabled in the main
+ <TT
+CLASS="FILENAME"
+>config</TT
+> file.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><H3
+CLASS="SECT2"
+><A
+NAME="REALLYOFF"
+>4.19. When <SPAN
+CLASS="QUOTE"
+>"disabled"</SPAN
+> is Privoxy totally
+out of the picture?</A
+></H3
+><P
+> No, this just means all optional filtering and actions are disabled.
+ <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> is still acting as a proxy, but just
+ doing less of the things that <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> would
+ normally be expected to do. It is still a <SPAN
+CLASS="QUOTE"
+>"middle-man"</SPAN
+> in
+ the interaction between your browser and web sites. See below to bypass
+ the proxy.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><H3
+CLASS="SECT2"
+><A
+NAME="TURNOFF2"
+>4.20. How can I tell Privoxy to totally ignore certain sites?</A
+></H3
+><P
+> Bypassing a proxy, or proxying based on arbitrary criteria, is purely a browser
+ configuration issue, not a <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> issue. Modern browsers typically do have
+ settings for not proxying certain sites. Check your browser's help files.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><H3
+CLASS="SECT2"
+><A
+NAME="CRUNCH"
+>4.21. My logs show Privoxy <SPAN
+CLASS="QUOTE"
+>"crunches"</SPAN
+>
+ads, but also its own internal CGI pages. What is a <SPAN
+CLASS="QUOTE"
+>"crunch"</SPAN
+>?</A
+></H3
+><P
+> A <SPAN
+CLASS="QUOTE"
+>"crunch"</SPAN
+> means <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> intercepted
+ <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>something</I
+></SPAN
+>, nothing more. Often this is indeed ads or
+ banners, but <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> uses the same mechanism for
+ trapping requests for its own internal pages. For instance, a request for
+ <SPAN
+CLASS="APPLICATION"
+>Privoxy's</SPAN
+> configuration page at: <A
+HREF="http://config.privoxy.org"
+TARGET="_top"
+>http://config.privoxy.org</A
+>, is
+ intercepted (i.e. it does not go out to the 'net), and the familiar CGI
+ configuration is returned to the browser, and the log consequently will show
+ a <SPAN
+CLASS="QUOTE"
+>"crunch"</SPAN
+>.</P
+><P
+> Since version 3.0.7, Privoxy will also log the crunch reason.
+ If you are using an older version you might want to upgrade.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><H3
+CLASS="SECT2"
+><A
+NAME="DOWNLOADS"
+>4.22. Can Privoxy affect files that I download
+from a webserver? FTP server?</A
+></H3
+><P
+> From the webserver's perspective, there is no difference between
+ viewing a document (i.e. a page), and downloading a file. The same is true of
+ <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+>. If there is a match for a <TT
+CLASS="LITERAL"
+><A
+HREF="../user-manual/actions-file.html#BLOCK"
+TARGET="_top"
+>block</A
+></TT
+> pattern,
+ it will still be blocked, and of course this is obvious.
+ </P
+><P
+> Filtering is potentially more of a concern since the results are not always
+ so obvious, and the effects of filtering are there whether the file is simply
+ viewed, or downloaded. And potentially whether the content is some obnoxious
+ advertisement, or Mr. Jimmy's latest/greatest source code jewel. Of course,
+ one of these presumably is <SPAN
+CLASS="QUOTE"
+>"bad"</SPAN
+> content that we don't want, and
+ the other is <SPAN
+CLASS="QUOTE"
+>"good"</SPAN
+> content that we do want.
+ <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> is blind to the differences, and can only
+ distinguish <SPAN
+CLASS="QUOTE"
+>"good from bad"</SPAN
+> by the configuration parameters
+ <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>we</I
+></SPAN
+> give it.</P
+><P
+> <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> knows the differences in files according
+ to the <SPAN
+CLASS="QUOTE"
+>"Content Type"</SPAN
+> as reported by the webserver. If this is
+ reported accurately (e.g. <SPAN
+CLASS="QUOTE"
+>"application/zip"</SPAN
+> for a zip archive),
+ then <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> knows to ignore these where
+ appropriate. <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> potentially can filter HTML
+ as well as plain text documents, subject to configuration parameters of
+ course. Also, documents that are of an unknown type (generally assumed to be
+ <SPAN
+CLASS="QUOTE"
+>"text/plain"</SPAN
+>) can be filtered, as will those that might be
+ incorrectly reported by the webserver. If such a file is a downloaded file
+ that is intended to be saved to disk, then any content that might have been
+ altered by filtering, will be saved too, for these (probably rare) cases.</P
+><P
+> Note that versions later than 3.0.2 do NOT filter document types reported as
+ <SPAN
+CLASS="QUOTE"
+>"text/plain"</SPAN
+>. Prior to this, <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+>
+ did filter this document type.</P
+><P
+> In short, filtering is <SPAN
+CLASS="QUOTE"
+>"ON"</SPAN
+> if a) the content type as reported
+ by the webserver is appropriate <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>and</I
+></SPAN
+> b) the configuration
+ allows it (or at least does not disallow it). That's it. There is no magic
+ cookie anywhere to say this is <SPAN
+CLASS="QUOTE"
+>"good"</SPAN
+> and this is
+ <SPAN
+CLASS="QUOTE"
+>"bad"</SPAN
+>. It's the configuration that lets it all happen or not.</P
+><P
+> If you download text files, you probably do not want these to be filtered,
+ particularly if the content is source code, or other critical content. Source
+ code sometimes might be mistaken for Javascript (i.e. the kind that might
+ open a pop-up window). It is recommended to turn off filtering for download
+ sites (particularly if the content may be plain text files and you are using
+ version 3.0.2 or earlier) in your <TT
+CLASS="FILENAME"
+>user.action</TT
+> file. And
+ also, for any site or page where making <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>any</I
+></SPAN
+> changes at
+ all to the content is to be avoided.</P
+><P
+> <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> does not do FTP at all, only HTTP
+ and HTTPS (SSL) protocols.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><H3
+CLASS="SECT2"
+><A
+NAME="DOWNLOADS2"
+>4.23. I just downloaded a Perl script, and Privoxy
+altered it! Yikes, what is wrong!</A
+></H3
+><P
+> Please read above.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><H3
+CLASS="SECT2"
+><A
+NAME="HOSTSFILE"
+>4.24. Should I continue to use a <SPAN
+CLASS="QUOTE"
+>"HOSTS"</SPAN
+> file for ad-blocking?</A
+></H3
+><P
+> One time-tested technique to defeat common ads is to trick the local DNS
+ system by giving a phony IP address for the ad generator in the local
+ <TT
+CLASS="FILENAME"
+>HOSTS</TT
+> file, typically using <TT
+CLASS="LITERAL"
+>127.0.0.1</TT
+>, aka
+ <TT
+CLASS="LITERAL"
+>localhost</TT
+>. This effectively blocks the ad.</P
+><P
+> There is no reason to use this technique in conjunction with
+ <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+>. <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+>
+ does essentially the same thing, much more elegantly and with much more
+ flexibility. A large <TT
+CLASS="FILENAME"
+>HOSTS</TT
+> file, in fact, not only
+ duplicates effort, but may get in the way and seriously slow down your system.
+ It is recommended to remove such entries from your <TT
+CLASS="FILENAME"
+>HOSTS</TT
+> file. If you think
+ your hosts list is neglected by <SPAN
+CLASS="APPLICATION"
+>Privoxy's </SPAN
+>
+ configuration, consider adding your list to your <TT
+CLASS="FILENAME"
+>user.action</TT
+> file:</P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+> { +block }