- </td>
- </tr>
- </table>
-
- <p>
- Save the modified configuration file and open <a href=
- "http://config.privoxy.org/show-status" target=
- "_top">http://config.privoxy.org/show-status</a> in your browser,
- confirm that <span class="APPLICATION">Privoxy</span> has reloaded
- its configuration and that there are no other forward lines, unless
- you know that you need them. If everything looks good, refer to <a
- href=
- "https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#IsMyConnectionPrivate"
- target="_top">Tor Faq 4.2</a> to learn how to verify that you are
- really using <span class="APPLICATION">Tor</span>.
- </p>
- <p>
- Afterward, please take the time to at least skim through the rest
- of <span class="APPLICATION">Tor's</span> documentation. Make sure
- you understand what <span class="APPLICATION">Tor</span> does, why
- it is no replacement for application level security, and why you
- probably don't want to use it for unencrypted logins.
- </p>
- </div>
- <div class="SECT2">
- <h3 class="SECT2">
- <a name="SITEBREAK">4.11. Might some things break because header
- information or content is being altered?</a>
- </h3>
- <p>
- Definitely. It is common for sites to use browser type, browser
- version, HTTP header content, and various other techniques in order
- to dynamically decide what to display and how to display it. What
- you see, and what I see, might be very different. There are many,
- many ways that this can be handled, so having hard and fast rules,
- is tricky.
- </p>
- <p>
- The <span class="QUOTE">"User-Agent"</span> is sometimes used in
- this way to identify the browser, and adjust content accordingly.
- </p>
- <p>
- Also, different browsers use different encodings of non-English
- characters, certain web servers convert pages on-the-fly according
- to the User Agent header. Giving a <span class="QUOTE">"User
- Agent"</span> with the wrong operating system or browser
- manufacturer causes some sites in these languages to be garbled;
- Surfers to Eastern European sites should change it to something
- closer. And then some page access counters work by looking at the
- <span class="QUOTE">"Referer"</span> header; they may fail or break
- if unavailable. The weather maps of Intellicast have been blocked
- by their server when no <span class="QUOTE">"Referer"</span> or
- cookie is provided, is another example. (But you can forge both
- headers without giving information away). There are many other ways
- things can go wrong when trying to fool a web server. The results
- of which could inadvertently cause pages to load incorrectly,
- partially, or even not at all. And there may be no obvious clues as
- to just what went wrong, or why. Nowhere will there be a message
- that says <span class="QUOTE">"<span class="emphasis"><i class=
- "EMPHASIS">Turn off <tt class="LITERAL">fast-redirects</tt> or
- else!</i></span> "</span>
- </p>
- <p>
- Similar thoughts apply to modifying JavaScript, and, to a lesser
- degree, HTML elements.
- </p>
- <p>
- If you have problems with a site, you will have to adjust your
- configuration accordingly. Cookies are probably the most likely
- adjustment that may be required, but by no means the only one.
- </p>
- </div>
- <div class="SECT2">
- <h3 class="SECT2">
- <a name="CACHING">4.12. Can Privoxy act as a <span class=
- "QUOTE">"caching"</span> proxy to speed up web browsing?</a>
- </h3>
- <p>
- No, it does not have this ability at all. You want something like
- <a href="http://www.squid-cache.org/" target="_top">Squid</a> or <a
- href="http://www.pps.jussieu.fr/~jch/software/polipo/" target=
- "_top">Polipo</a> for this. And, yes, before you ask, <span class=
- "APPLICATION">Privoxy</span> can co-exist with other kinds of
- proxies like <span class="APPLICATION">Squid</span>. See the <a
- href="../user-manual/config.html#FORWARDING" target=
- "_top">forwarding chapter</a> in the <a href=
- "../user-manual/index.html" target="_top">user manual</a> for
- details.
- </p>
- </div>
- <div class="SECT2">
- <h3 class="SECT2">
- <a name="FIREWALL">4.13. What about as a firewall? Can Privoxy
- protect me?</a>
- </h3>
- <p>
- Not in the way you mean, or in the way some firewall vendors claim
- they can. <span class="APPLICATION">Privoxy</span> can help protect
- your privacy, but can't protect your system from intrusion
- attempts. It is, of course, perfectly possible to use <span class=
- "emphasis"><i class="EMPHASIS">both</i></span>.
- </p>
- </div>
- <div class="SECT2">
- <h3 class="SECT2">
- <a name="WASTED">4.14. I have large empty spaces / a checkerboard
- pattern now where ads used to be. Why?</a>
- </h3>
- <p>
- It is technically possible to eliminate banners and ads in a way
- that frees their allocated page space. This could easily be done by
- blocking with <span class="APPLICATION">Privoxy's</span> filters,
- and eliminating the <span class="emphasis"><i class=
- "EMPHASIS">entire</i></span> image references from the HTML page
- source.
- </p>
- <p>
- But, this would consume considerably more CPU resources (IOW, slow
- things down), would likely destroy the layout of some web pages
- which rely on the banners utilizing a certain amount of page space,
- and might fail in other cases, where the screen space is reserved
- (e.g. by HTML tables for instance). Also, making ads and banners
- disappear without any trace complicates troubleshooting, and would
- sooner or later be problematic.
- </p>
- <p>
- The better alternative is to instead let them stay, and block the
- resulting requests for the banners themselves as is now the case.
- This leaves either empty space, or the familiar checkerboard
- pattern.
- </p>
- <p>
- So the developers won't support this in the default configuration,
- but you can of course define appropriate filters yourself to
- achieve this.
- </p>
- </div>
- <div class="SECT2">
- <h3 class="SECT2">
- <a name="SSL">4.15. How can Privoxy filter Secure (HTTPS) URLs?</a>
- </h3>
- <p>
- Since secure HTTP connections are encrypted SSL sessions between
- your browser and the secure site, and are meant to be reliably
- <span class="emphasis"><i class="EMPHASIS">secure</i></span>, there
- is little that <span class="APPLICATION">Privoxy</span> can do but
- hand the raw gibberish data though from one end to the other
- unprocessed.
- </p>
- <p>
- The only exception to this is blocking by host patterns, as the
- client needs to tell <span class="APPLICATION">Privoxy</span> the
- name of the remote server, so that <span class=
- "APPLICATION">Privoxy</span> can establish the connection. If that
- name matches a host-only pattern, the connection will be blocked.
- </p>
- <p>
- As far as ad blocking is concerned, this is less of a restriction
- than it may seem, since ad sources are often identifiable by the
- host name, and often the banners to be placed in an encrypted page
- come unencrypted nonetheless for efficiency reasons, which exposes
- them to the full power of <span class=
- "APPLICATION">Privoxy</span>'s ad blocking.
- </p>
- <p>
- <span class="QUOTE">"Content cookies"</span> (those that are
- embedded in the actual HTML or JS page content, see <tt class=
- "LITERAL"><a href=
- "../user-manual/actions-file.html#FILTER-CONTENT-COOKIES" target=
- "_top">filter{content-cookies}</a></tt>), in an SSL transaction
- will be impossible to block under these conditions. Fortunately,
- this does not seem to be a very common scenario since most cookies
- come by traditional means.
- </p>
- </div>
- <div class="SECT2">
- <h3 class="SECT2">
- <a name="SECURE">4.16. Privoxy runs as a <span class=
- "QUOTE">"server"</span>. How secure is it? Do I need to take any
- special precautions?</a>
- </h3>
- <p>
- On Unix-like systems, <span class="APPLICATION">Privoxy</span> can
- run as a non-privileged user, which is how we recommend it be run.
- Also, by default <span class="APPLICATION">Privoxy</span> listens
- to requests from <span class="QUOTE">"localhost"</span> only.
- </p>
- <p>
- The server aspect of <span class="APPLICATION">Privoxy</span> is
- not itself directly exposed to the Internet in this configuration.
- If you want to have <span class="APPLICATION">Privoxy</span> serve
- as a LAN proxy, this will have to be opened up to allow for LAN
- requests. In this case, we'd recommend you specify only the LAN
- gateway address, e.g. 192.168.1.1, in the main <span class=
- "APPLICATION">Privoxy</span> configuration file and check all <a
- href="../user-manual/config.html#ACCESS-CONTROL" target=
- "_top">access control and security options</a>. All LAN hosts can
- then use this as their proxy address in the browser proxy
- configuration, but <span class="APPLICATION">Privoxy</span> will
- not listen on any external interfaces. ACLs can be defined in
- addition, and using a firewall is always good too. Better safe than
- sorry.
- </p>
- </div>
- <div class="SECT2">
- <h3 class="SECT2">
- <a name="TURNOFF">4.17. Can I temporarily disable Privoxy?</a>
- </h3>
- <p>
- <span class="APPLICATION">Privoxy</span> doesn't have a transparent
- proxy mode, but you can toggle off blocking and content filtering.
- </p>
- <p>
- The easiest way to do that is to point your browser to the remote
- toggle URL: <a href="http://config.privoxy.org/toggle" target=
- "_top">http://config.privoxy.org/toggle</a>.
- </p>
- <p>
- See the <a href="../user-manual/appendix.html#BOOKMARKLETS" target=
- "_top">Bookmarklets section</a> of the <i class="CITETITLE">User
- Manual</i> for an easy way to access this feature. Note that this
- is a feature that may need to be enabled in the main <tt class=
- "FILENAME">config</tt> file.
- </p>
- </div>
- <div class="SECT2">
- <h3 class="SECT2">
- <a name="REALLYOFF">4.18. When <span class=
- "QUOTE">"disabled"</span> is Privoxy totally out of the
- picture?</a>
- </h3>
- <p>
- No, this just means all optional filtering and actions are
- disabled. <span class="APPLICATION">Privoxy</span> is still acting
- as a proxy, but just doing less of the things that <span class=
- "APPLICATION">Privoxy</span> would normally be expected to do. It
- is still a <span class="QUOTE">"middle-man"</span> in the
- interaction between your browser and web sites. See below to bypass
- the proxy.
- </p>
- </div>
- <div class="SECT2">
- <h3 class="SECT2">
- <a name="TURNOFF2">4.19. How can I tell Privoxy to totally ignore
- certain sites?</a>
- </h3>
- <p>
- Bypassing a proxy, or proxying based on arbitrary criteria, is
- purely a browser configuration issue, not a <span class=
- "APPLICATION">Privoxy</span> issue. Modern browsers typically do
- have settings for not proxying certain sites. Check your browser's
- help files.
- </p>
- </div>
- <div class="SECT2">
- <h3 class="SECT2">
- <a name="CRUNCH">4.20. My logs show Privoxy <span class=
- "QUOTE">"crunches"</span> ads, but also its own internal CGI pages.
- What is a <span class="QUOTE">"crunch"</span>?</a>
- </h3>
- <p>
- A <span class="QUOTE">"crunch"</span> simply means <span class=
- "APPLICATION">Privoxy</span> intercepted <span class="emphasis"><i
- class="EMPHASIS">something</i></span>, nothing more. Often this is
- indeed ads or banners, but <span class="APPLICATION">Privoxy</span>
- uses the same mechanism for trapping requests for its own internal
- pages. For instance, a request for <span class=
- "APPLICATION">Privoxy's</span> configuration page at: <a href=
- "http://config.privoxy.org" target=
- "_top">http://config.privoxy.org</a>, is intercepted (i.e. it does
- not go out to the 'net), and the familiar CGI configuration is
- returned to the browser, and the log consequently will show a <span
- class="QUOTE">"crunch"</span>.
- </p>
- <p>
- Since version 3.0.7, Privoxy will also log the crunch reason. If
- you are using an older version you might want to upgrade.
- </p>
- </div>
- <div class="SECT2">
- <h3 class="SECT2">
- <a name="DOWNLOADS">4.21. Can Privoxy affect files that I download
- from a webserver? FTP server?</a>
- </h3>
- <p>
- From the webserver's perspective, there is no difference between
- viewing a document (i.e. a page), and downloading a file. The same
- is true of <span class="APPLICATION">Privoxy</span>. If there is a
- match for a <tt class="LITERAL"><a href=
- "../user-manual/actions-file.html#BLOCK" target=
- "_top">block</a></tt> pattern, it will still be blocked, and of
- course this is obvious.
- </p>
- <p>
- Filtering is potentially more of a concern since the results are
- not always so obvious, and the effects of filtering are there
- whether the file is simply viewed, or downloaded. And potentially
- whether the content is some obnoxious advertisement, or Mr. Jimmy's
- latest/greatest source code jewel. Of course, one of these
- presumably is <span class="QUOTE">"bad"</span> content that we
- don't want, and the other is <span class="QUOTE">"good"</span>
- content that we do want. <span class="APPLICATION">Privoxy</span>
- is blind to the differences, and can only distinguish <span class=
- "QUOTE">"good from bad"</span> by the configuration parameters
- <span class="emphasis"><i class="EMPHASIS">we</i></span> give it.
- </p>
- <p>
- <span class="APPLICATION">Privoxy</span> knows the differences in
- files according to the <span class="QUOTE">"Content Type"</span> as
- reported by the webserver. If this is reported accurately (e.g.
- <span class="QUOTE">"application/zip"</span> for a zip archive),
- then <span class="APPLICATION">Privoxy</span> knows to ignore these
- where appropriate. <span class="APPLICATION">Privoxy</span>
- potentially can filter HTML as well as plain text documents,
- subject to configuration parameters of course. Also, documents that
- are of an unknown type (generally assumed to be <span class=
- "QUOTE">"text/plain"</span>) can be filtered, as will those that
- might be incorrectly reported by the webserver. If such a file is a
- downloaded file that is intended to be saved to disk, then any
- content that might have been altered by filtering, will be saved
- too, for these (probably rare) cases.
- </p>
- <p>
- Note that versions later than 3.0.2 do NOT filter document types
- reported as <span class="QUOTE">"text/plain"</span>. Prior to this,
- <span class="APPLICATION">Privoxy</span> did filter this document
- type.
- </p>
- <p>
- In short, filtering is <span class="QUOTE">"ON"</span> if a) the
- content type as reported by the webserver is appropriate <span
- class="emphasis"><i class="EMPHASIS">and</i></span> b) the
- configuration allows it (or at least does not disallow it). That's
- it. There is no magic cookie anywhere to say this is <span class=
- "QUOTE">"good"</span> and this is <span class="QUOTE">"bad"</span>.
- It's the configuration that lets it all happen or not.
- </p>
- <p>
- If you download text files, you probably do not want these to be
- filtered, particularly if the content is source code, or other
- critical content. Source code sometimes might be mistaken for
- Javascript (i.e. the kind that might open a pop-up window). It is
- recommended to turn off filtering for download sites (particularly
- if the content may be plain text files and you are using version
- 3.0.2 or earlier) in your <tt class="FILENAME">user.action</tt>
- file. And also, for any site or page where making <span class=
- "emphasis"><i class="EMPHASIS">any</i></span> changes at all to the
- content is to be avoided.
- </p>
- <p>
- <span class="APPLICATION">Privoxy</span> does not do FTP at all,
- only HTTP and HTTPS (SSL) protocols.
- </p>
- </div>
- <div class="SECT2">
- <h3 class="SECT2">
- <a name="DOWNLOADS2">4.22. I just downloaded a Perl script, and
- Privoxy altered it! Yikes, what is wrong!</a>
- </h3>
- <p>
- Please read above.
- </p>
- </div>
- <div class="SECT2">
- <h3 class="SECT2">
- <a name="HOSTSFILE">4.23. Should I continue to use a <span class=
- "QUOTE">"HOSTS"</span> file for ad-blocking?</a>
- </h3>
- <p>
- One time-tested technique to defeat common ads is to trick the
- local DNS system by giving a phony IP address for the ad generator
- in the local <tt class="FILENAME">HOSTS</tt> file, typically using
- <tt class="LITERAL">127.0.0.1</tt>, aka <tt class=
- "LITERAL">localhost</tt>. This effectively blocks the ad.
- </p>
- <p>
- There is no reason to use this technique in conjunction with <span
- class="APPLICATION">Privoxy</span>. <span class=
- "APPLICATION">Privoxy</span> does essentially the same thing, much
- more elegantly and with much more flexibility. A large <tt class=
- "FILENAME">HOSTS</tt> file, in fact, not only duplicates effort,
- but may get in the way and seriously slow down your system. It is
- recommended to remove such entries from your <tt class=
- "FILENAME">HOSTS</tt> file. If you think your hosts list is
- neglected by <span class="APPLICATION">Privoxy's</span>
- configuration, consider adding your list to your <tt class=
- "FILENAME">user.action</tt> file:
- </p>
- <p>
- </p>
- <table border="0" bgcolor="#E0E0E0" width="100%">
- <tr>
- <td>
-<pre class="SCREEN">
+ </td>
+ </tr>
+ </table>
+
+ <p>Save the modified configuration file and open <a href=
+ "http://config.privoxy.org/show-status" target=
+ "_top">http://config.privoxy.org/show-status</a> in your browser,
+ confirm that <span class="APPLICATION">Privoxy</span> has reloaded its
+ configuration and that there are no other forward lines, unless you
+ know that you need them. If everything looks good, refer to <a href=
+ "https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#IsMyConnectionPrivate"
+ target="_top">Tor Faq 4.2</a> to learn how to verify that you are
+ really using <span class="APPLICATION">Tor</span>.</p>
+
+ <p>Afterward, please take the time to at least skim through the rest of
+ <span class="APPLICATION">Tor's</span> documentation. Make sure you
+ understand what <span class="APPLICATION">Tor</span> does, why it is no
+ replacement for application level security, and why you probably don't
+ want to use it for unencrypted logins.</p>
+ </div>
+
+ <div class="SECT2">
+ <h3 class="SECT2"><a name="SITEBREAK" id="SITEBREAK">4.11. Might some
+ things break because header information or content is being
+ altered?</a></h3>
+
+ <p>Definitely. It is common for sites to use browser type, browser
+ version, HTTP header content, and various other techniques in order to
+ dynamically decide what to display and how to display it. What you see,
+ and what I see, might be very different. There are many, many ways that
+ this can be handled, so having hard and fast rules, is tricky.</p>
+
+ <p>The <span class="QUOTE">"User-Agent"</span> is sometimes used in
+ this way to identify the browser, and adjust content accordingly.</p>
+
+ <p>Also, different browsers use different encodings of non-English
+ characters, certain web servers convert pages on-the-fly according to
+ the User Agent header. Giving a <span class="QUOTE">"User Agent"</span>
+ with the wrong operating system or browser manufacturer causes some
+ sites in these languages to be garbled; Surfers to Eastern European
+ sites should change it to something closer. And then some page access
+ counters work by looking at the <span class="QUOTE">"Referer"</span>
+ header; they may fail or break if unavailable. The weather maps of
+ Intellicast have been blocked by their server when no <span class=
+ "QUOTE">"Referer"</span> or cookie is provided, is another example.
+ (But you can forge both headers without giving information away). There
+ are many other ways things can go wrong when trying to fool a web
+ server. The results of which could inadvertently cause pages to load
+ incorrectly, partially, or even not at all. And there may be no obvious
+ clues as to just what went wrong, or why. Nowhere will there be a
+ message that says <span class="QUOTE">"<span class="emphasis"><i class=
+ "EMPHASIS">Turn off <tt class="LITERAL">fast-redirects</tt> or
+ else!</i></span> "</span></p>
+
+ <p>Similar thoughts apply to modifying JavaScript, and, to a lesser
+ degree, HTML elements.</p>
+
+ <p>If you have problems with a site, you will have to adjust your
+ configuration accordingly. Cookies are probably the most likely
+ adjustment that may be required, but by no means the only one.</p>
+ </div>
+
+ <div class="SECT2">
+ <h3 class="SECT2"><a name="CACHING" id="CACHING">4.12. Can Privoxy act
+ as a <span class="QUOTE">"caching"</span> proxy to speed up web
+ browsing?</a></h3>
+
+ <p>No, it does not have this ability at all. You want something like
+ <a href="http://www.squid-cache.org/" target="_top">Squid</a> or
+ <a href="http://www.pps.jussieu.fr/~jch/software/polipo/" target=
+ "_top">Polipo</a> for this. And, yes, before you ask, <span class=
+ "APPLICATION">Privoxy</span> can co-exist with other kinds of proxies
+ like <span class="APPLICATION">Squid</span>. See the <a href=
+ "../user-manual/config.html#FORWARDING" target="_top">forwarding
+ chapter</a> in the <a href="../user-manual/index.html" target=
+ "_top">user manual</a> for details.</p>
+ </div>
+
+ <div class="SECT2">
+ <h3 class="SECT2"><a name="FIREWALL" id="FIREWALL">4.13. What about as
+ a firewall? Can Privoxy protect me?</a></h3>
+
+ <p>Not in the way you mean, or in the way some firewall vendors claim
+ they can. <span class="APPLICATION">Privoxy</span> can help protect
+ your privacy, but can't protect your system from intrusion attempts. It
+ is, of course, perfectly possible to use <span class=
+ "emphasis"><i class="EMPHASIS">both</i></span>.</p>
+ </div>
+
+ <div class="SECT2">
+ <h3 class="SECT2"><a name="WASTED" id="WASTED">4.14. I have large empty
+ spaces / a checkerboard pattern now where ads used to be. Why?</a></h3>
+
+ <p>It is technically possible to eliminate banners and ads in a way
+ that frees their allocated page space. This could easily be done by
+ blocking with <span class="APPLICATION">Privoxy's</span> filters, and
+ eliminating the <span class="emphasis"><i class=
+ "EMPHASIS">entire</i></span> image references from the HTML page
+ source.</p>
+
+ <p>But, this would consume considerably more CPU resources (IOW, slow
+ things down), would likely destroy the layout of some web pages which
+ rely on the banners utilizing a certain amount of page space, and might
+ fail in other cases, where the screen space is reserved (e.g. by HTML
+ tables for instance). Also, making ads and banners disappear without
+ any trace complicates troubleshooting, and would sooner or later be
+ problematic.</p>
+
+ <p>The better alternative is to instead let them stay, and block the
+ resulting requests for the banners themselves as is now the case. This
+ leaves either empty space, or the familiar checkerboard pattern.</p>
+
+ <p>So the developers won't support this in the default configuration,
+ but you can of course define appropriate filters yourself to achieve
+ this.</p>
+ </div>
+
+ <div class="SECT2">
+ <h3 class="SECT2"><a name="SSL" id="SSL">4.15. How can Privoxy filter
+ Secure (HTTPS) URLs?</a></h3>
+
+ <p>Since secure HTTP connections are encrypted SSL sessions between
+ your browser and the secure site, and are meant to be reliably
+ <span class="emphasis"><i class="EMPHASIS">secure</i></span>, there is
+ little that <span class="APPLICATION">Privoxy</span> can do but hand
+ the raw gibberish data though from one end to the other
+ unprocessed.</p>
+
+ <p>The only exception to this is blocking by host patterns, as the
+ client needs to tell <span class="APPLICATION">Privoxy</span> the name
+ of the remote server, so that <span class="APPLICATION">Privoxy</span>
+ can establish the connection. If that name matches a host-only pattern,
+ the connection will be blocked.</p>
+
+ <p>As far as ad blocking is concerned, this is less of a restriction
+ than it may seem, since ad sources are often identifiable by the host
+ name, and often the banners to be placed in an encrypted page come
+ unencrypted nonetheless for efficiency reasons, which exposes them to
+ the full power of <span class="APPLICATION">Privoxy</span>'s ad
+ blocking.</p>
+
+ <p><span class="QUOTE">"Content cookies"</span> (those that are
+ embedded in the actual HTML or JS page content, see <tt class=
+ "LITERAL"><a href=
+ "../user-manual/actions-file.html#FILTER-CONTENT-COOKIES" target=
+ "_top">filter{content-cookies}</a></tt>), in an SSL transaction will be
+ impossible to block under these conditions. Fortunately, this does not
+ seem to be a very common scenario since most cookies come by
+ traditional means.</p>
+ </div>
+
+ <div class="SECT2">
+ <h3 class="SECT2"><a name="SECURE" id="SECURE">4.16. Privoxy runs as a
+ <span class="QUOTE">"server"</span>. How secure is it? Do I need to
+ take any special precautions?</a></h3>
+
+ <p>On Unix-like systems, <span class="APPLICATION">Privoxy</span> can
+ run as a non-privileged user, which is how we recommend it be run.
+ Also, by default <span class="APPLICATION">Privoxy</span> listens to
+ requests from <span class="QUOTE">"localhost"</span> only.</p>
+
+ <p>The server aspect of <span class="APPLICATION">Privoxy</span> is not
+ itself directly exposed to the Internet in this configuration. If you
+ want to have <span class="APPLICATION">Privoxy</span> serve as a LAN
+ proxy, this will have to be opened up to allow for LAN requests. In
+ this case, we'd recommend you specify only the LAN gateway address,
+ e.g. 192.168.1.1, in the main <span class="APPLICATION">Privoxy</span>
+ configuration file and check all <a href=
+ "../user-manual/config.html#ACCESS-CONTROL" target="_top">access
+ control and security options</a>. All LAN hosts can then use this as
+ their proxy address in the browser proxy configuration, but
+ <span class="APPLICATION">Privoxy</span> will not listen on any
+ external interfaces. ACLs can be defined in addition, and using a
+ firewall is always good too. Better safe than sorry.</p>
+ </div>
+
+ <div class="SECT2">
+ <h3 class="SECT2"><a name="TURNOFF" id="TURNOFF">4.17. Can I
+ temporarily disable Privoxy?</a></h3>
+
+ <p><span class="APPLICATION">Privoxy</span> doesn't have a transparent
+ proxy mode, but you can toggle off blocking and content filtering.</p>
+
+ <p>The easiest way to do that is to point your browser to the remote
+ toggle URL: <a href="http://config.privoxy.org/toggle" target=
+ "_top">http://config.privoxy.org/toggle</a>.</p>
+
+ <p>See the <a href="../user-manual/appendix.html#BOOKMARKLETS" target=
+ "_top">Bookmarklets section</a> of the <i class="CITETITLE">User
+ Manual</i> for an easy way to access this feature. Note that this is a
+ feature that may need to be enabled in the main <tt class=
+ "FILENAME">config</tt> file.</p>
+ </div>
+
+ <div class="SECT2">
+ <h3 class="SECT2"><a name="REALLYOFF" id="REALLYOFF">4.18. When
+ <span class="QUOTE">"disabled"</span> is Privoxy totally out of the
+ picture?</a></h3>
+
+ <p>No, this just means all optional filtering and actions are disabled.
+ <span class="APPLICATION">Privoxy</span> is still acting as a proxy,
+ but just doing less of the things that <span class=
+ "APPLICATION">Privoxy</span> would normally be expected to do. It is
+ still a <span class="QUOTE">"middle-man"</span> in the interaction
+ between your browser and web sites. See below to bypass the proxy.</p>
+ </div>
+
+ <div class="SECT2">
+ <h3 class="SECT2"><a name="TURNOFF2" id="TURNOFF2">4.19. How can I tell
+ Privoxy to totally ignore certain sites?</a></h3>
+
+ <p>Bypassing a proxy, or proxying based on arbitrary criteria, is
+ purely a browser configuration issue, not a <span class=
+ "APPLICATION">Privoxy</span> issue. Modern browsers typically do have
+ settings for not proxying certain sites. Check your browser's help
+ files.</p>
+ </div>
+
+ <div class="SECT2">
+ <h3 class="SECT2"><a name="CRUNCH" id="CRUNCH">4.20. My logs show
+ Privoxy <span class="QUOTE">"crunches"</span> ads, but also its own
+ internal CGI pages. What is a <span class=
+ "QUOTE">"crunch"</span>?</a></h3>
+
+ <p>A <span class="QUOTE">"crunch"</span> simply means <span class=
+ "APPLICATION">Privoxy</span> intercepted <span class=
+ "emphasis"><i class="EMPHASIS">something</i></span>, nothing more.
+ Often this is indeed ads or banners, but <span class=
+ "APPLICATION">Privoxy</span> uses the same mechanism for trapping
+ requests for its own internal pages. For instance, a request for
+ <span class="APPLICATION">Privoxy's</span> configuration page at:
+ <a href="http://config.privoxy.org" target=
+ "_top">http://config.privoxy.org</a>, is intercepted (i.e. it does not
+ go out to the 'net), and the familiar CGI configuration is returned to
+ the browser, and the log consequently will show a <span class=
+ "QUOTE">"crunch"</span>.</p>
+
+ <p>Since version 3.0.7, Privoxy will also log the crunch reason. If you
+ are using an older version you might want to upgrade.</p>
+ </div>
+
+ <div class="SECT2">
+ <h3 class="SECT2"><a name="DOWNLOADS" id="DOWNLOADS">4.21. Can Privoxy
+ affect files that I download from a webserver? FTP server?</a></h3>
+
+ <p>From the webserver's perspective, there is no difference between
+ viewing a document (i.e. a page), and downloading a file. The same is
+ true of <span class="APPLICATION">Privoxy</span>. If there is a match
+ for a <tt class="LITERAL"><a href=
+ "../user-manual/actions-file.html#BLOCK" target="_top">block</a></tt>
+ pattern, it will still be blocked, and of course this is obvious.</p>
+
+ <p>Filtering is potentially more of a concern since the results are not
+ always so obvious, and the effects of filtering are there whether the
+ file is simply viewed, or downloaded. And potentially whether the
+ content is some obnoxious advertisement, or Mr. Jimmy's latest/greatest
+ source code jewel. Of course, one of these presumably is <span class=
+ "QUOTE">"bad"</span> content that we don't want, and the other is
+ <span class="QUOTE">"good"</span> content that we do want. <span class=
+ "APPLICATION">Privoxy</span> is blind to the differences, and can only
+ distinguish <span class="QUOTE">"good from bad"</span> by the
+ configuration parameters <span class="emphasis"><i class=
+ "EMPHASIS">we</i></span> give it.</p>
+
+ <p><span class="APPLICATION">Privoxy</span> knows the differences in
+ files according to the <span class="QUOTE">"Content Type"</span> as
+ reported by the webserver. If this is reported accurately (e.g.
+ <span class="QUOTE">"application/zip"</span> for a zip archive), then
+ <span class="APPLICATION">Privoxy</span> knows to ignore these where
+ appropriate. <span class="APPLICATION">Privoxy</span> potentially can
+ filter HTML as well as plain text documents, subject to configuration
+ parameters of course. Also, documents that are of an unknown type
+ (generally assumed to be <span class="QUOTE">"text/plain"</span>) can
+ be filtered, as will those that might be incorrectly reported by the
+ webserver. If such a file is a downloaded file that is intended to be
+ saved to disk, then any content that might have been altered by
+ filtering, will be saved too, for these (probably rare) cases.</p>
+
+ <p>Note that versions later than 3.0.2 do NOT filter document types
+ reported as <span class="QUOTE">"text/plain"</span>. Prior to this,
+ <span class="APPLICATION">Privoxy</span> did filter this document
+ type.</p>
+
+ <p>In short, filtering is <span class="QUOTE">"ON"</span> if a) the
+ content type as reported by the webserver is appropriate <span class=
+ "emphasis"><i class="EMPHASIS">and</i></span> b) the configuration
+ allows it (or at least does not disallow it). That's it. There is no
+ magic cookie anywhere to say this is <span class="QUOTE">"good"</span>
+ and this is <span class="QUOTE">"bad"</span>. It's the configuration
+ that lets it all happen or not.</p>
+
+ <p>If you download text files, you probably do not want these to be
+ filtered, particularly if the content is source code, or other critical
+ content. Source code sometimes might be mistaken for Javascript (i.e.
+ the kind that might open a pop-up window). It is recommended to turn
+ off filtering for download sites (particularly if the content may be
+ plain text files and you are using version 3.0.2 or earlier) in your
+ <tt class="FILENAME">user.action</tt> file. And also, for any site or
+ page where making <span class="emphasis"><i class=
+ "EMPHASIS">any</i></span> changes at all to the content is to be
+ avoided.</p>
+
+ <p><span class="APPLICATION">Privoxy</span> does not do FTP at all,
+ only HTTP and HTTPS (SSL) protocols.</p>
+ </div>
+
+ <div class="SECT2">
+ <h3 class="SECT2"><a name="DOWNLOADS2" id="DOWNLOADS2">4.22. I just
+ downloaded a Perl script, and Privoxy altered it! Yikes, what is
+ wrong!</a></h3>
+
+ <p>Please read above.</p>
+ </div>
+
+ <div class="SECT2">
+ <h3 class="SECT2"><a name="HOSTSFILE" id="HOSTSFILE">4.23. Should I
+ continue to use a <span class="QUOTE">"HOSTS"</span> file for
+ ad-blocking?</a></h3>
+
+ <p>One time-tested technique to defeat common ads is to trick the local
+ DNS system by giving a phony IP address for the ad generator in the
+ local <tt class="FILENAME">HOSTS</tt> file, typically using <tt class=
+ "LITERAL">127.0.0.1</tt>, aka <tt class="LITERAL">localhost</tt>. This
+ effectively blocks the ad.</p>
+
+ <p>There is no reason to use this technique in conjunction with
+ <span class="APPLICATION">Privoxy</span>. <span class=
+ "APPLICATION">Privoxy</span> does essentially the same thing, much more
+ elegantly and with much more flexibility. A large <tt class=
+ "FILENAME">HOSTS</tt> file, in fact, not only duplicates effort, but
+ may get in the way and seriously slow down your system. It is
+ recommended to remove such entries from your <tt class=
+ "FILENAME">HOSTS</tt> file. If you think your hosts list is neglected
+ by <span class="APPLICATION">Privoxy's</span> configuration, consider
+ adding your list to your <tt class="FILENAME">user.action</tt>
+ file:</p>
+
+ <table border="0" bgcolor="#E0E0E0" width="100%">
+ <tr>
+ <td>
+ <pre class="SCREEN">