- </PRE
-></TD
-></TR
-></TABLE
-></P
-><P
-> Unencrypted connections to systems in these address ranges will
- be as (un)secure as the local network is, but the alternative is
- that you can't reach the network at all.
- If you also want to be able to reach servers in your local
- network by using their names, you will need additional
- exceptions that look like this:</P
-><P
-> <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
-># forward localhost/ .
- </PRE
-></TD
-></TR
-></TABLE
-></P
-><P
-> Save the modified configuration file and open
- <A
-HREF="http://config.privoxy.org/show-status"
-TARGET="_top"
->http://config.privoxy.org/show-status/</A
->
- in your browser, confirm that <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> has reloaded its configuration
- and that there are no other forward lines, unless you know that you need them. If everything looks good,
- refer to
- <A
-HREF="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#head-0e1cc2ac330ede8c6ad1ac0d0db0ac163b0e6143"
-TARGET="_top"
->Tor
- Faq 4.2</A
-> to learn how to verify that you are really using <SPAN
-CLASS="APPLICATION"
->Tor</SPAN
->.</P
-><P
-> Afterward, please take the time to at least skim through the rest
- of <SPAN
-CLASS="APPLICATION"
->Tor's</SPAN
-> documentation. Make sure you understand
- what <SPAN
-CLASS="APPLICATION"
->Tor</SPAN
-> does, why it is no replacement for
- application level security, and why you shouldn't use it for unencrypted logins.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><H3
-CLASS="SECT2"
-><A
-NAME="AEN859"
-></A
->4.11. Might some things break because header information or
-content is being altered?</H3
-><P
-> Definitely. It is common for sites to use browser type, browser version,
- HTTP header content, and various other techniques in order to dynamically
- decide what to display and how to display it. What you see, and what I see,
- might be very different. There are many, many ways that this can be handled,
- so having hard and fast rules, is tricky.</P
-><P
-> <SPAN
-CLASS="QUOTE"
->"User-Agent"</SPAN
-> is often used in this way to identify
- the browser, and adjust content accordingly. Changing this now (at least not
- further than removing the OS information) is not recommended, since so many
- sites do look for it. You may get undesirable results by changing just this
- one aspect.</P
-><P
-> Also, different browsers use different encodings of Russian and Czech
- characters, certain web servers convert pages on-the-fly according to the
- User Agent header. Giving a <SPAN
-CLASS="QUOTE"
->"User Agent"</SPAN
-> with the wrong
- operating system or browser manufacturer causes some sites in these languages
- to be garbled; Surfers to Eastern European sites should change it to
- something closer. And then some page access counters work by looking at the
- <SPAN
-CLASS="QUOTE"
->"Referer"</SPAN
-> header; they may fail or break if unavailable. The
- weather maps of Intellicast have been blocked by their server when no
- <SPAN
-CLASS="QUOTE"
->"Referer"</SPAN
-> or cookie is provided, is another example. (But you
- can forge both headers without giving information away). There are
- many other ways things that can go wrong when trying to fool a web server. The
- results of which could inadvertently cause pages to load incorrectly,
- partially, or even not at all. And there may be no obvious clues as to just
- what went wrong, or why. Nowhere will there be a message that says
- <SPAN
-CLASS="QUOTE"
->"<SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->Turn off <TT
-CLASS="LITERAL"
->fast-redirects</TT
-> or else!</I
-></SPAN
->
- "</SPAN
-></P
-><P
-> Similar thoughts apply to modifying JavaScript, and, to a lesser degree,
- HTML elements.</P
-><P
-> If you have problems with a site, you will have to adjust your configuration
- accordingly. Cookies are probably the most likely adjustment that may
- be required, but by no means the only one.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><H3
-CLASS="SECT2"
-><A
-NAME="AEN873"
-></A
->4.12. Can Privoxy act as a <SPAN
-CLASS="QUOTE"
->"caching"</SPAN
-> proxy to
-speed up web browsing?</H3
-><P
-> No, it does not have this ability at all. You want something like
- <A
-HREF="http://www.squid-cache.org/"
-TARGET="_top"
->Squid</A
-> for this. And, yes,
- before you ask, <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> can co-exist
- with other kinds of proxies like <SPAN
-CLASS="APPLICATION"
->Squid</SPAN
->.
- See the <A
-HREF="../user-manual/config.html#FORWARDING"
-TARGET="_top"
->forwarding
- chapter</A
-> in the <A
-HREF="../user-manual/index.html"
-TARGET="_top"
->user
- manual</A
-> for details.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><H3
-CLASS="SECT2"
-><A
-NAME="AEN882"
-></A
->4.13. What about as a firewall? Can Privoxy protect me?</H3
-><P
-> Not in the way you mean, or in the way a true firewall can.
- <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> can help protect your privacy, but not
- protect you from intrusion attempts. It is, of course, perfectly possible
- and recommended to use <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->both</I
-></SPAN
->.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><H3
-CLASS="SECT2"
-><A
-NAME="AEN887"
-></A
->4.14. I have large empty spaces / a checkerboard pattern now where
-ads used to be. Why?</H3
-><P
-> It is technically possible to eliminate banners and ads in a way that frees
- their allocated page space. This could easily be done by blocking with
- <SPAN
-CLASS="APPLICATION"
->Privoxy's</SPAN
-> filters,
- and eliminating the <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->entire</I
-></SPAN
-> image references from the
- HTML page source. </P
-><P
-> But, this would consume considerably more CPU resources (IOW, slow things
- down), would likely destroy the layout of some web pages which rely on the
- banners utilizing a certain amount of page space, and might fail in other
- cases, where the screen space is reserved (e.g. by HTML tables for instance).
- Also, making ads and banners disappear without any trace complicates
- troubleshooting, and would sooner or later be problematic.</P
-><P
-> The better alternative is to instead let them stay, and block the resulting
- requests for the banners themselves as is now the case. This leaves either
- empty space, or the familiar checkerboard pattern.</P
-><P
-> So the developers won't support this in the default configuration, but you
- can of course define appropriate filters yourself to achieve this.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><H3
-CLASS="SECT2"
-><A
-NAME="AEN895"
-></A
->4.15. How can Privoxy filter Secure (HTTPS) URLs?</H3
-><P
-> Since secure HTTP connections are encrypted SSL sessions between your browser
- and the secure site, and are meant to be reliably <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->secure</I
-></SPAN
->,
- there is little that <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> can do but hand the raw
- gibberish data though from one end to the other unprocessed.</P
-><P
-> The only exception to this is blocking by host patterns, as the client needs
- to tell <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> the name of the remote server,
- so that <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> can establish the connection.
- If that name matches a host-only pattern, the connection will be blocked.</P
-><P
-> As far as ad blocking is concerned, this is less of a restriction than it may
- seem, since ad sources are often identifiable by the host name, and often
- the banners to be placed in an encrypted page come unencrypted nonetheless
- for efficiency reasons, which exposes them to the full power of
- <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
->'s ad blocking.</P
-><P
-> <SPAN
-CLASS="QUOTE"
->"Content cookies"</SPAN
-> (those that are embedded in the actual HTML or
- JS page content, see <TT
-CLASS="LITERAL"
-><A
-HREF="../user-manual/actions-file.html#FILTER-CONTENT-COOKIES"
-TARGET="_top"
->filter{content-cookies}</A
-></TT
->),
- in an SSL transaction will be impossible to block under these conditions.
- Fortunately, this does not seem to be a very common scenario since most
- cookies come by traditional means.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><H3
-CLASS="SECT2"
-><A
-NAME="AEN909"
-></A
->4.16. Privoxy runs as a <SPAN
-CLASS="QUOTE"
->"server"</SPAN
->. How
-secure is it? Do I need to take any special precautions?</H3
-><P
-> There are no known exploits that might affect
- <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
->. On Unix-like systems,
- <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> can run as a non-privileged
- user, which is how we recommend it be run. Also, by default
- <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> only listens to requests
- from <SPAN
-CLASS="QUOTE"
->"localhost"</SPAN
-> only. The server aspect of
- <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> is not itself directly exposed to the
- Internet in this configuration. If you want to have
- <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> serve as a LAN proxy, this will have to
- be opened up to allow for LAN requests. In this case, we'd recommend
- you specify only the LAN gateway address, e.g. 192.168.1.1, in the main
- <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> configuration file and check all <A
-HREF="../user-manual/config.html#ACCESS-CONTROL"
-TARGET="_top"
->access control and security
- options</A
->. All LAN hosts can then use this as their proxy address
- in the browser proxy configuration, but <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
->
- will not listen on any external interfaces. ACLs can be defined in addition,
- and using a firewall is always good too. Better safe than sorry.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><H3
-CLASS="SECT2"
-><A
-NAME="TURNOFF"
-></A
->4.17. How can I temporarily disable Privoxy?</H3
-><P
-> The easiest way is to access <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> with your
- browser by using the remote toggle URL: <A
-HREF="http://config.privoxy.org/toggle"
-TARGET="_top"
->http://config.privoxy.org/toggle</A
->.
- See the <A
-HREF="../user-manual/appendix.html#BOOKMARKLETS"
-TARGET="_top"
->Bookmarklets section</A
->
- of the <I
-CLASS="CITETITLE"
->User Manual</I
-> for an easy way to access this
- feature.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><H3
-CLASS="SECT2"
-><A
-NAME="REALLYOFF"
-></A
->4.18. When <SPAN
-CLASS="QUOTE"
->"disabled"</SPAN
-> is Privoxy totally
-out of the picture?</H3
-><P
-> No, this just means all filtering and actions are disabled.
- <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> is still acting as a proxy, but just not
- doing any of the things that <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> would
- normally be expected to do. It is still a <SPAN
-CLASS="QUOTE"
->"middle-man"</SPAN
-> in
- the interaction between your browser and web sites. See below to bypass
- the proxy.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><H3
-CLASS="SECT2"
-><A
-NAME="TURNOFF2"
-></A
->4.19. How can I tell Privoxy to totally ignore certain sites?</H3
-><P
-> Bypassing a proxy, or proxying based on arbitrary criteria, is purely a browser
- configuration issue, not a <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> issue. Modern browsers typically do have
- settings for not proxying certain sites. Check your browser's help files.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><H3
-CLASS="SECT2"
-><A
-NAME="CRUNCH"
-></A
->4.20. My logs show Privoxy <SPAN
-CLASS="QUOTE"
->"crunches"</SPAN
->
-ads, but also its own internal CGI pages. What is a <SPAN
-CLASS="QUOTE"
->"crunch"</SPAN
->?</H3
-><P
-> A <SPAN
-CLASS="QUOTE"
->"crunch"</SPAN
-> simply means <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> intercepted
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->something</I
-></SPAN
->, nothing more. Often this is indeed ads or
- banners, but <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> uses the same mechanism for
- trapping requests for its own internal pages. For instance, a request for
- <SPAN
-CLASS="APPLICATION"
->Privoxy's</SPAN
-> configuration page at: <A
-HREF="http://config.privoxy.org"
-TARGET="_top"
->http://config.privoxy.org</A
->, is
- intercepted (i.e. it does not go out to the 'net), and the familiar CGI
- configuration is returned to the browser, and the log consequently will show
- a <SPAN
-CLASS="QUOTE"
->"crunch"</SPAN
->.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><H3
-CLASS="SECT2"
-><A
-NAME="DOWNLOADS"
-></A
->4.21. Can Privoxy effect files that I download
-from a webserver? FTP server?</H3
-><P
-> From the webserver's perspective, there is no difference between
- viewing a document (i.e. a page), and downloading a file. The same is true of
- <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
->. If there is a match for a <TT
-CLASS="LITERAL"
-><A
-HREF="../user-manual/actions-file.html#BLOCK"
-TARGET="_top"
->block</A
-></TT
-> pattern,
- it will still be blocked, and of course this is obvious.
- </P
-><P
-> Filtering is potentially more of a concern since the results are not always
- so obvious, and the effects of filtering are there whether the file is simply
- viewed, or downloaded. And potentially whether the content is some obnoxious
- advertisement, or Mr. Jimmy's latest/greatest source code jewel. Of course,
- one of these presumably is <SPAN
-CLASS="QUOTE"
->"bad"</SPAN
-> content that we don't want, and
- the other is <SPAN
-CLASS="QUOTE"
->"good"</SPAN
-> content that we do want.
- <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> is blind to the differences, and can only
- distinguish <SPAN
-CLASS="QUOTE"
->"good from bad"</SPAN
-> by the configuration parameters
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->we</I
-></SPAN
-> give it.</P
-><P
-> <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> knows the differences in files according
- to the <SPAN
-CLASS="QUOTE"
->"Document Type"</SPAN
-> as reported by the webserver. If this is
- reported accurately (e.g. <SPAN
-CLASS="QUOTE"
->"application/zip"</SPAN
-> for a zip archive),
- then <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> knows to ignore these where
- appropriate. <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> potentially can filter HTML
- as well as plain text documents, subject to configuration parameters of
- course. Also, documents that are of an unknown type (generally assumed to be
- <SPAN
-CLASS="QUOTE"
->"text/plain"</SPAN
->) can be filtered, as will those that might be
- incorrectly reported by the webserver. If such a file is a downloaded file
- that is intended to be saved to disk, then any content that might have been
- altered by filtering, will be saved too, for these (probably rare) cases.</P
-><P
-> Note that versions later than 3.0.2 do NOT filter document types reported as
- <SPAN
-CLASS="QUOTE"
->"text/plain"</SPAN
->. Prior to this, <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
->
- did filter this document type.</P
-><P
-> In short, filtering is <SPAN
-CLASS="QUOTE"
->"ON"</SPAN
-> if a) the Document Type as reported
- by the webserver is appropriate <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->and</I
-></SPAN
-> b) the configuration
- allows it (or at least does not disallow it). That's it. There is no magic
- cookie anywhere to say this is <SPAN
-CLASS="QUOTE"
->"good"</SPAN
-> and this is
- <SPAN
-CLASS="QUOTE"
->"bad"</SPAN
->. It's the configuration that let's it all happen or not.</P
-><P
-> If you download text files, you probably do not want these to be filtered,
- particularly if the content is source code, or other critical content. Source
- code sometimes might be mistaken for Javascript (i.e. the kind that might
- open a pop-up window). It is recommended to turn off filtering for download
- sites (particularly if the content may be plain text files and you are using
- version 3.0.2 or earlier) in your <TT
-CLASS="FILENAME"
->user.action</TT
-> file. And
- also, for any site or page where making <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->any</I
-></SPAN
-> changes at
- all to the content is to be avoided.</P
-><P
-> <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> does not do FTP at all, only HTTP
- and HTTPS (SSL) protocols, so please don't try.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><H3
-CLASS="SECT2"
-><A
-NAME="DOWNLOADS2"
-></A
->4.22. I just downloaded a Perl script, and Privoxy
-altered it! Yikes, what is wrong!</H3
-><P
-> Please read above.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><H3
-CLASS="SECT2"
-><A
-NAME="HOSTSFILE"
-></A
->4.23. Should I continue to use a <SPAN
-CLASS="QUOTE"
->"HOSTS"</SPAN
-> file for ad-blocking?</H3
-><P
-> One time-tested technique to defeat common ads is to trick the local DNS
- system by giving a phony IP address for the ad generator in the local
- <TT
-CLASS="FILENAME"
->HOSTS</TT
-> file, typically using <TT
-CLASS="LITERAL"
->127.0.0.1</TT
->, aka
- <TT
-CLASS="LITERAL"
->localhost</TT
->. This effectively blocks the ad.</P
-><P
-> There is no reason to use this technique in conjunction with
- <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
->. <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
->
- does essentially the same thing, much more elegantly and with much more
- flexibility. A large <TT
-CLASS="FILENAME"
->HOSTS</TT
-> file, in fact, not only
- duplicates effort, but may get in the way. It is recommended to remove
- such entries from your <TT
-CLASS="FILENAME"
->HOSTS</TT
-> file. If you think
- your hosts list is neglected by <SPAN
-CLASS="APPLICATION"
->Privoxy's </SPAN
->
- configuration, consider adding your list to your <TT
-CLASS="FILENAME"
->user.action</TT
-> file:</P
-><P
-> <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
-> { +block }
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p>
+ Unencrypted connections to systems in these address ranges will be
+ as (un)secure as the local network is, but the alternative is that
+ your browser can't reach the network at all. Then again, that may
+ actually be desired and if you don't know for sure that your
+ browser has to be able to reach the local network, there's no
+ reason to allow it.
+ </p>
+ <p>
+ If you want your browser to be able to reach servers in your local
+ network by using their names, you will need additional exceptions
+ that look like this:
+ </p>
+ <p>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="100%">
+ <tr>
+ <td>
+<pre class="SCREEN">
+# forward localhost/ .
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p>
+ Save the modified configuration file and open <a href=
+ "http://config.privoxy.org/show-status" target=
+ "_top">http://config.privoxy.org/show-status</a> in your browser,
+ confirm that <span class="APPLICATION">Privoxy</span> has reloaded
+ its configuration and that there are no other forward lines, unless
+ you know that you need them. If everything looks good, refer to <a
+ href=
+ "https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#IsMyConnectionPrivate"
+ target="_top">Tor Faq 4.2</a> to learn how to verify that you are
+ really using <span class="APPLICATION">Tor</span>.
+ </p>
+ <p>
+ Afterward, please take the time to at least skim through the rest
+ of <span class="APPLICATION">Tor's</span> documentation. Make sure
+ you understand what <span class="APPLICATION">Tor</span> does, why
+ it is no replacement for application level security, and why you
+ probably don't want to use it for unencrypted logins.
+ </p>
+ </div>
+ <div class="SECT2">
+ <h3 class="SECT2">
+ <a name="SITEBREAK">4.11. Might some things break because header
+ information or content is being altered?</a>
+ </h3>
+ <p>
+ Definitely. It is common for sites to use browser type, browser
+ version, HTTP header content, and various other techniques in order
+ to dynamically decide what to display and how to display it. What
+ you see, and what I see, might be very different. There are many,
+ many ways that this can be handled, so having hard and fast rules,
+ is tricky.
+ </p>
+ <p>
+ The <span class="QUOTE">"User-Agent"</span> is sometimes used in
+ this way to identify the browser, and adjust content accordingly.
+ </p>
+ <p>
+ Also, different browsers use different encodings of non-English
+ characters, certain web servers convert pages on-the-fly according
+ to the User Agent header. Giving a <span class="QUOTE">"User
+ Agent"</span> with the wrong operating system or browser
+ manufacturer causes some sites in these languages to be garbled;
+ Surfers to Eastern European sites should change it to something
+ closer. And then some page access counters work by looking at the
+ <span class="QUOTE">"Referer"</span> header; they may fail or break
+ if unavailable. The weather maps of Intellicast have been blocked
+ by their server when no <span class="QUOTE">"Referer"</span> or
+ cookie is provided, is another example. (But you can forge both
+ headers without giving information away). There are many other ways
+ things can go wrong when trying to fool a web server. The results
+ of which could inadvertently cause pages to load incorrectly,
+ partially, or even not at all. And there may be no obvious clues as
+ to just what went wrong, or why. Nowhere will there be a message
+ that says <span class="QUOTE">"<span class="emphasis"><i class=
+ "EMPHASIS">Turn off <tt class="LITERAL">fast-redirects</tt> or
+ else!</i></span> "</span>
+ </p>
+ <p>
+ Similar thoughts apply to modifying JavaScript, and, to a lesser
+ degree, HTML elements.
+ </p>
+ <p>
+ If you have problems with a site, you will have to adjust your
+ configuration accordingly. Cookies are probably the most likely
+ adjustment that may be required, but by no means the only one.
+ </p>
+ </div>
+ <div class="SECT2">
+ <h3 class="SECT2">
+ <a name="CACHING">4.12. Can Privoxy act as a <span class=
+ "QUOTE">"caching"</span> proxy to speed up web browsing?</a>
+ </h3>
+ <p>
+ No, it does not have this ability at all. You want something like
+ <a href="http://www.squid-cache.org/" target="_top">Squid</a> or <a
+ href="http://www.pps.jussieu.fr/~jch/software/polipo/" target=
+ "_top">Polipo</a> for this. And, yes, before you ask, <span class=
+ "APPLICATION">Privoxy</span> can co-exist with other kinds of
+ proxies like <span class="APPLICATION">Squid</span>. See the <a
+ href="../user-manual/config.html#FORWARDING" target=
+ "_top">forwarding chapter</a> in the <a href=
+ "../user-manual/index.html" target="_top">user manual</a> for
+ details.
+ </p>
+ </div>
+ <div class="SECT2">
+ <h3 class="SECT2">
+ <a name="FIREWALL">4.13. What about as a firewall? Can Privoxy
+ protect me?</a>
+ </h3>
+ <p>
+ Not in the way you mean, or in the way some firewall vendors claim
+ they can. <span class="APPLICATION">Privoxy</span> can help protect
+ your privacy, but can't protect your system from intrusion
+ attempts. It is, of course, perfectly possible to use <span class=
+ "emphasis"><i class="EMPHASIS">both</i></span>.
+ </p>
+ </div>
+ <div class="SECT2">
+ <h3 class="SECT2">
+ <a name="WASTED">4.14. I have large empty spaces / a checkerboard
+ pattern now where ads used to be. Why?</a>
+ </h3>
+ <p>
+ It is technically possible to eliminate banners and ads in a way
+ that frees their allocated page space. This could easily be done by
+ blocking with <span class="APPLICATION">Privoxy's</span> filters,
+ and eliminating the <span class="emphasis"><i class=
+ "EMPHASIS">entire</i></span> image references from the HTML page
+ source.
+ </p>
+ <p>
+ But, this would consume considerably more CPU resources (IOW, slow
+ things down), would likely destroy the layout of some web pages
+ which rely on the banners utilizing a certain amount of page space,
+ and might fail in other cases, where the screen space is reserved
+ (e.g. by HTML tables for instance). Also, making ads and banners
+ disappear without any trace complicates troubleshooting, and would
+ sooner or later be problematic.
+ </p>
+ <p>
+ The better alternative is to instead let them stay, and block the
+ resulting requests for the banners themselves as is now the case.
+ This leaves either empty space, or the familiar checkerboard
+ pattern.
+ </p>
+ <p>
+ So the developers won't support this in the default configuration,
+ but you can of course define appropriate filters yourself to
+ achieve this.
+ </p>
+ </div>
+ <div class="SECT2">
+ <h3 class="SECT2">
+ <a name="SSL">4.15. How can Privoxy filter Secure (HTTPS) URLs?</a>
+ </h3>
+ <p>
+ Since secure HTTP connections are encrypted SSL sessions between
+ your browser and the secure site, and are meant to be reliably
+ <span class="emphasis"><i class="EMPHASIS">secure</i></span>, there
+ is little that <span class="APPLICATION">Privoxy</span> can do but
+ hand the raw gibberish data though from one end to the other
+ unprocessed.
+ </p>
+ <p>
+ The only exception to this is blocking by host patterns, as the
+ client needs to tell <span class="APPLICATION">Privoxy</span> the
+ name of the remote server, so that <span class=
+ "APPLICATION">Privoxy</span> can establish the connection. If that
+ name matches a host-only pattern, the connection will be blocked.
+ </p>
+ <p>
+ As far as ad blocking is concerned, this is less of a restriction
+ than it may seem, since ad sources are often identifiable by the
+ host name, and often the banners to be placed in an encrypted page
+ come unencrypted nonetheless for efficiency reasons, which exposes
+ them to the full power of <span class=
+ "APPLICATION">Privoxy</span>'s ad blocking.
+ </p>
+ <p>
+ <span class="QUOTE">"Content cookies"</span> (those that are
+ embedded in the actual HTML or JS page content, see <tt class=
+ "LITERAL"><a href=
+ "../user-manual/actions-file.html#FILTER-CONTENT-COOKIES" target=
+ "_top">filter{content-cookies}</a></tt>), in an SSL transaction
+ will be impossible to block under these conditions. Fortunately,
+ this does not seem to be a very common scenario since most cookies
+ come by traditional means.
+ </p>
+ </div>
+ <div class="SECT2">
+ <h3 class="SECT2">
+ <a name="SECURE">4.16. Privoxy runs as a <span class=
+ "QUOTE">"server"</span>. How secure is it? Do I need to take any
+ special precautions?</a>
+ </h3>
+ <p>
+ On Unix-like systems, <span class="APPLICATION">Privoxy</span> can
+ run as a non-privileged user, which is how we recommend it be run.
+ Also, by default <span class="APPLICATION">Privoxy</span> listens
+ to requests from <span class="QUOTE">"localhost"</span> only.
+ </p>
+ <p>
+ The server aspect of <span class="APPLICATION">Privoxy</span> is
+ not itself directly exposed to the Internet in this configuration.
+ If you want to have <span class="APPLICATION">Privoxy</span> serve
+ as a LAN proxy, this will have to be opened up to allow for LAN
+ requests. In this case, we'd recommend you specify only the LAN
+ gateway address, e.g. 192.168.1.1, in the main <span class=
+ "APPLICATION">Privoxy</span> configuration file and check all <a
+ href="../user-manual/config.html#ACCESS-CONTROL" target=
+ "_top">access control and security options</a>. All LAN hosts can
+ then use this as their proxy address in the browser proxy
+ configuration, but <span class="APPLICATION">Privoxy</span> will
+ not listen on any external interfaces. ACLs can be defined in
+ addition, and using a firewall is always good too. Better safe than
+ sorry.
+ </p>
+ </div>
+ <div class="SECT2">
+ <h3 class="SECT2">
+ <a name="TURNOFF">4.17. Can I temporarily disable Privoxy?</a>
+ </h3>
+ <p>
+ <span class="APPLICATION">Privoxy</span> doesn't have a transparent
+ proxy mode, but you can toggle off blocking and content filtering.
+ </p>
+ <p>
+ The easiest way to do that is to point your browser to the remote
+ toggle URL: <a href="http://config.privoxy.org/toggle" target=
+ "_top">http://config.privoxy.org/toggle</a>.
+ </p>
+ <p>
+ See the <a href="../user-manual/appendix.html#BOOKMARKLETS" target=
+ "_top">Bookmarklets section</a> of the <i class="CITETITLE">User
+ Manual</i> for an easy way to access this feature. Note that this
+ is a feature that may need to be enabled in the main <tt class=
+ "FILENAME">config</tt> file.
+ </p>
+ </div>
+ <div class="SECT2">
+ <h3 class="SECT2">
+ <a name="REALLYOFF">4.18. When <span class=
+ "QUOTE">"disabled"</span> is Privoxy totally out of the
+ picture?</a>
+ </h3>
+ <p>
+ No, this just means all optional filtering and actions are
+ disabled. <span class="APPLICATION">Privoxy</span> is still acting
+ as a proxy, but just doing less of the things that <span class=
+ "APPLICATION">Privoxy</span> would normally be expected to do. It
+ is still a <span class="QUOTE">"middle-man"</span> in the
+ interaction between your browser and web sites. See below to bypass
+ the proxy.
+ </p>
+ </div>
+ <div class="SECT2">
+ <h3 class="SECT2">
+ <a name="TURNOFF2">4.19. How can I tell Privoxy to totally ignore
+ certain sites?</a>
+ </h3>
+ <p>
+ Bypassing a proxy, or proxying based on arbitrary criteria, is
+ purely a browser configuration issue, not a <span class=
+ "APPLICATION">Privoxy</span> issue. Modern browsers typically do
+ have settings for not proxying certain sites. Check your browser's
+ help files.
+ </p>
+ </div>
+ <div class="SECT2">
+ <h3 class="SECT2">
+ <a name="CRUNCH">4.20. My logs show Privoxy <span class=
+ "QUOTE">"crunches"</span> ads, but also its own internal CGI pages.
+ What is a <span class="QUOTE">"crunch"</span>?</a>
+ </h3>
+ <p>
+ A <span class="QUOTE">"crunch"</span> simply means <span class=
+ "APPLICATION">Privoxy</span> intercepted <span class="emphasis"><i
+ class="EMPHASIS">something</i></span>, nothing more. Often this is
+ indeed ads or banners, but <span class="APPLICATION">Privoxy</span>
+ uses the same mechanism for trapping requests for its own internal
+ pages. For instance, a request for <span class=
+ "APPLICATION">Privoxy's</span> configuration page at: <a href=
+ "http://config.privoxy.org" target=
+ "_top">http://config.privoxy.org</a>, is intercepted (i.e. it does
+ not go out to the 'net), and the familiar CGI configuration is
+ returned to the browser, and the log consequently will show a <span
+ class="QUOTE">"crunch"</span>.
+ </p>
+ <p>
+ Since version 3.0.7, Privoxy will also log the crunch reason. If
+ you are using an older version you might want to upgrade.
+ </p>
+ </div>
+ <div class="SECT2">
+ <h3 class="SECT2">
+ <a name="DOWNLOADS">4.21. Can Privoxy affect files that I download
+ from a webserver? FTP server?</a>
+ </h3>
+ <p>
+ From the webserver's perspective, there is no difference between
+ viewing a document (i.e. a page), and downloading a file. The same
+ is true of <span class="APPLICATION">Privoxy</span>. If there is a
+ match for a <tt class="LITERAL"><a href=
+ "../user-manual/actions-file.html#BLOCK" target=
+ "_top">block</a></tt> pattern, it will still be blocked, and of
+ course this is obvious.
+ </p>
+ <p>
+ Filtering is potentially more of a concern since the results are
+ not always so obvious, and the effects of filtering are there
+ whether the file is simply viewed, or downloaded. And potentially
+ whether the content is some obnoxious advertisement, or Mr. Jimmy's
+ latest/greatest source code jewel. Of course, one of these
+ presumably is <span class="QUOTE">"bad"</span> content that we
+ don't want, and the other is <span class="QUOTE">"good"</span>
+ content that we do want. <span class="APPLICATION">Privoxy</span>
+ is blind to the differences, and can only distinguish <span class=
+ "QUOTE">"good from bad"</span> by the configuration parameters
+ <span class="emphasis"><i class="EMPHASIS">we</i></span> give it.
+ </p>
+ <p>
+ <span class="APPLICATION">Privoxy</span> knows the differences in
+ files according to the <span class="QUOTE">"Content Type"</span> as
+ reported by the webserver. If this is reported accurately (e.g.
+ <span class="QUOTE">"application/zip"</span> for a zip archive),
+ then <span class="APPLICATION">Privoxy</span> knows to ignore these
+ where appropriate. <span class="APPLICATION">Privoxy</span>
+ potentially can filter HTML as well as plain text documents,
+ subject to configuration parameters of course. Also, documents that
+ are of an unknown type (generally assumed to be <span class=
+ "QUOTE">"text/plain"</span>) can be filtered, as will those that
+ might be incorrectly reported by the webserver. If such a file is a
+ downloaded file that is intended to be saved to disk, then any
+ content that might have been altered by filtering, will be saved
+ too, for these (probably rare) cases.
+ </p>
+ <p>
+ Note that versions later than 3.0.2 do NOT filter document types
+ reported as <span class="QUOTE">"text/plain"</span>. Prior to this,
+ <span class="APPLICATION">Privoxy</span> did filter this document
+ type.
+ </p>
+ <p>
+ In short, filtering is <span class="QUOTE">"ON"</span> if a) the
+ content type as reported by the webserver is appropriate <span
+ class="emphasis"><i class="EMPHASIS">and</i></span> b) the
+ configuration allows it (or at least does not disallow it). That's
+ it. There is no magic cookie anywhere to say this is <span class=
+ "QUOTE">"good"</span> and this is <span class="QUOTE">"bad"</span>.
+ It's the configuration that lets it all happen or not.
+ </p>
+ <p>
+ If you download text files, you probably do not want these to be
+ filtered, particularly if the content is source code, or other
+ critical content. Source code sometimes might be mistaken for
+ Javascript (i.e. the kind that might open a pop-up window). It is
+ recommended to turn off filtering for download sites (particularly
+ if the content may be plain text files and you are using version
+ 3.0.2 or earlier) in your <tt class="FILENAME">user.action</tt>
+ file. And also, for any site or page where making <span class=
+ "emphasis"><i class="EMPHASIS">any</i></span> changes at all to the
+ content is to be avoided.
+ </p>
+ <p>
+ <span class="APPLICATION">Privoxy</span> does not do FTP at all,
+ only HTTP and HTTPS (SSL) protocols.
+ </p>
+ </div>
+ <div class="SECT2">
+ <h3 class="SECT2">
+ <a name="DOWNLOADS2">4.22. I just downloaded a Perl script, and
+ Privoxy altered it! Yikes, what is wrong!</a>
+ </h3>
+ <p>
+ Please read above.
+ </p>
+ </div>
+ <div class="SECT2">
+ <h3 class="SECT2">
+ <a name="HOSTSFILE">4.23. Should I continue to use a <span class=
+ "QUOTE">"HOSTS"</span> file for ad-blocking?</a>
+ </h3>
+ <p>
+ One time-tested technique to defeat common ads is to trick the
+ local DNS system by giving a phony IP address for the ad generator
+ in the local <tt class="FILENAME">HOSTS</tt> file, typically using
+ <tt class="LITERAL">127.0.0.1</tt>, aka <tt class=
+ "LITERAL">localhost</tt>. This effectively blocks the ad.
+ </p>
+ <p>
+ There is no reason to use this technique in conjunction with <span
+ class="APPLICATION">Privoxy</span>. <span class=
+ "APPLICATION">Privoxy</span> does essentially the same thing, much
+ more elegantly and with much more flexibility. A large <tt class=
+ "FILENAME">HOSTS</tt> file, in fact, not only duplicates effort,
+ but may get in the way and seriously slow down your system. It is
+ recommended to remove such entries from your <tt class=
+ "FILENAME">HOSTS</tt> file. If you think your hosts list is
+ neglected by <span class="APPLICATION">Privoxy's</span>
+ configuration, consider adding your list to your <tt class=
+ "FILENAME">user.action</tt> file:
+ </p>
+ <p>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="100%">
+ <tr>
+ <td>
+<pre class="SCREEN">
+ { +block }