+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
<HTML
><HEAD
><TITLE
>Actions Files</TITLE
><META
NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
REL="HOME"
-TITLE="Privoxy 3.0.7 User Manual"
+TITLE="Privoxy 3.0.8 User Manual"
HREF="index.html"><LINK
REL="PREVIOUS"
TITLE="The Main Configuration File"
HREF="filter-file.html"><LINK
REL="STYLESHEET"
TYPE="text/css"
-HREF="../p_doc.css">
+HREF="../p_doc.css"><META
+HTTP-EQUIV="Content-Type"
+CONTENT="text/html;
+charset=ISO-8859-1">
<LINK REL="STYLESHEET" TYPE="text/css" HREF="p_doc.css">
</head
><BODY
><TH
COLSPAN="3"
ALIGN="center"
->Privoxy 3.0.7 User Manual</TH
+>Privoxy 3.0.8 User Manual</TH
></TR
><TR
><TD
CLASS="SECT1"
><A
NAME="ACTIONS-FILE"
-></A
->8. Actions Files</H1
+>8. Actions Files</A
+></H1
><P
> The actions files are used to define what <SPAN
CLASS="emphasis"
> <DIV
CLASS="TABLE"
><A
-NAME="AEN2061"
+NAME="AEN2176"
></A
><P
><B
></P
><TABLE
BORDER="1"
+FRAME="border"
+RULES="all"
CLASS="CALSTABLE"
-><THEAD
+><COL
+WIDTH="1*"
+TITLE="C1"><COL
+WIDTH="1*"
+TITLE="C2"><COL
+WIDTH="1*"
+TITLE="C3"><COL
+WIDTH="1*"
+TITLE="C4"><THEAD
><TR
><TH
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>Feature</TH
><TH
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>Cautious</TH
><TH
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>Medium</TH
><TH
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>Advanced</TH
></TR
></THEAD
><TBODY
><TR
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>Ad-blocking Aggressiveness</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>medium</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>high</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>high</TD
></TR
><TR
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>Ad-filtering by size</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>no</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>yes</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>yes</TD
></TR
><TR
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>Ad-filtering by link</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>no</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>no</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>yes</TD
></TR
><TR
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>Pop-up killing</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>blocks only</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>blocks only</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>blocks only</TD
></TR
><TR
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>Privacy Features</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>low</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>medium</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>medium/high</TD
></TR
><TR
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>Cookie handling</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>none</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>session-only</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>kill</TD
></TR
><TR
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>Referer forging</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>no</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>yes</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>yes</TD
></TR
><TR
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>GIF de-animation</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>no</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>yes</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>yes</TD
></TR
><TR
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>Fast redirects</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>no</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>no</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>yes</TD
></TR
><TR
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>HTML taming</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>no</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>no</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>yes</TD
></TR
><TR
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>JavaScript taming</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>no</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>no</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>yes</TD
></TR
><TR
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>Web-bug killing</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>no</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>yes</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>yes</TD
></TR
><TR
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>Image tag reordering</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>no</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>no</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>yes</TD
></TR
></TBODY
>http://config.privoxy.org/show-status</A
>.
The over-riding principle when applying actions, is that the last action that
- matches a given URL, wins. The broadest, most general rules go first
+ matches a given URL wins. The broadest, most general rules go first
(defined in <TT
CLASS="FILENAME"
>default.action</TT
CLASS="FILENAME"
>default.action</TT
>,
- with the advantage that is a separate file, which makes preserving your
+ with the advantage that it is a separate file, which makes preserving your
personal settings across <SPAN
CLASS="APPLICATION"
>Privoxy</SPAN
><P
>
Actions can be used to block anything you want, including ads, banners, or
- just some obnoxious URL that you would rather not see. Cookies can be accepted
+ just some obnoxious URL whose content you would rather not see. Cookies can be accepted
or rejected, or accepted only during the current browser session (i.e. not
- written to disk), content can be modified, JavaScripts tamed, user-tracking
+ written to disk), content can be modified, some JavaScripts tamed, user-tracking
fooled, and much more. See below for a <A
HREF="actions-file.html#ACTIONS"
>complete list
><H2
CLASS="SECT2"
><A
-NAME="AEN2160"
-></A
->8.1. Finding the Right Mix</H2
+NAME="AEN2275"
+>8.1. Finding the Right Mix</A
+></H2
><P
> Note that some <A
HREF="actions-file.html#ACTIONS"
will have to make later. If, for example, you want to crunch all cookies per
default, you'll have to make exceptions from that rule for sites that you
regularly use and that require cookies for actually useful purposes, like maybe
- your bank, favorite shop, or newspaper. </P
+ your bank, favorite shop, or newspaper.</P
><P
> We have tried to provide you with reasonable rules to start from in the
distribution actions files. But there is no general rule of thumb on these
><H2
CLASS="SECT2"
><A
-NAME="AEN2167"
-></A
->8.2. How to Edit</H2
+NAME="AEN2282"
+>8.2. How to Edit</A
+></H2
><P
> The easiest way to edit the actions files is with a browser by
using our browser-based editor, which can be reached from <A
TARGET="_top"
>http://config.privoxy.org/show-status</A
>.
- The editor allows both fine-grained control over every single feature on a
- per-URL basis, and easy choosing from wholesale sets of defaults like
- <SPAN
+ Note: the config file option <A
+HREF="config.html#ENABLE-EDIT-ACTIONS"
+>enable-edit-actions</A
+> must be enabled for
+ this to work. The editor allows both fine-grained control over every single
+ feature on a per-URL basis, and easy choosing from wholesale sets of defaults
+ like <SPAN
CLASS="QUOTE"
>"Cautious"</SPAN
>, <SPAN
CLASS="QUOTE"
>"Medium"</SPAN
-> or <SPAN
+> or
+ <SPAN
CLASS="QUOTE"
>"Advanced"</SPAN
->.
- Warning: the <SPAN
+>. Warning: the <SPAN
CLASS="QUOTE"
>"Advanced"</SPAN
-> setting is more aggressive, and
- will be more likely to cause problems for some sites. Experienced users only!</P
+> setting is more
+ aggressive, and will be more likely to cause problems for some sites.
+ Experienced users only!
+ </P
><P
> If you prefer plain text editing to GUIs, you can of course also directly edit the
the actions files with your favorite text editor. Look at
CLASS="SECT2"
><A
NAME="ACTIONS-APPLY"
-></A
->8.3. How Actions are Applied to Requests</H2
+>8.3. How Actions are Applied to Requests</A
+></H2
><P
> Actions files are divided into sections. There are special sections,
like the <SPAN
CLASS="SECT2"
><A
NAME="AF-PATTERNS"
-></A
->8.4. Patterns</H2
+>8.4. Patterns</A
+></H2
><P
>
As mentioned, <SPAN
flexibility. This allows one expression to be expanded and potentially match
against many similar patterns.</P
><P
-> Generally, a URL pattern has the form
+> Generally, an URL pattern has the form
<TT
CLASS="LITERAL"
><domain>/<path></TT
><DT
><TT
CLASS="LITERAL"
->www.example.com/index.html</TT
+>www.example.com/index.html$</TT
+></DT
+><DD
+><P
+> matches all the documents on <TT
+CLASS="LITERAL"
+>www.example.com</TT
+>
+ whose name starts with <TT
+CLASS="LITERAL"
+>/index.html</TT
+>.
+ </P
+></DD
+><DT
+><TT
+CLASS="LITERAL"
+>www.example.com/index.html$</TT
></DT
><DD
><P
><DT
><TT
CLASS="LITERAL"
->/index.html</TT
+>/index.html$</TT
></DT
><DD
><P
></DT
><DD
><P
-> matches nothing, since it would be interpreted as a domain name and
+> matches nothing, since it would be interpreted as a domain name and
there is no top-level domain called <TT
CLASS="LITERAL"
>.html</TT
><H3
CLASS="SECT3"
><A
-NAME="AEN2250"
-></A
->8.4.1. The Domain Pattern</H3
+NAME="AEN2373"
+>8.4.1. The Domain Pattern</A
+></H3
><P
> The matching of the domain part offers some flexible options: if the
domain starts or ends with a dot, it becomes unanchored at that end.
></DT
><DD
><P
-> matches any domain that <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->ENDS</I
-></SPAN
-> in
- <TT
+> matches any domain with first-level domain <TT
CLASS="LITERAL"
->.example.com</TT
+>com</TT
>
+ and second-level domain <TT
+CLASS="LITERAL"
+>example</TT
+>.
+ For example <TT
+CLASS="LITERAL"
+>www.example.com</TT
+>,
+ <TT
+CLASS="LITERAL"
+>example.com</TT
+> and <TT
+CLASS="LITERAL"
+>foo.bar.baz.example.com</TT
+>.
+ Note that it wouldn't match if the second-level domain was <TT
+CLASS="LITERAL"
+>another-example</TT
+>.
</P
></DD
><DT
<TT
CLASS="LITERAL"
>www.</TT
->
+> (It also matches the domain
+ <TT
+CLASS="LITERAL"
+>www</TT
+> but most of the time that doesn't matter.)
</P
></DD
><DT
><H3
CLASS="SECT3"
><A
-NAME="AEN2321"
-></A
->8.4.2. The Path Pattern</H3
+NAME="AEN2449"
+>8.4.2. The Path Pattern</A
+></H3
><P
> <SPAN
CLASS="APPLICATION"
><DT
><TT
CLASS="LITERAL"
->.example.com/.*/index.html</TT
+>.example.com/.*/index.html$</TT
></DT
><DD
><P
><DT
><TT
CLASS="LITERAL"
->.example.com/(.*/)?index\.html</TT
+>.example.com/(.*/)?index\.html$</TT
></DT
><DD
><P
CLASS="SECT3"
><A
NAME="TAG-PATTERN"
-></A
->8.4.3. The Tag Pattern</H3
+>8.4.3. The Tag Pattern</A
+></H3
><P
> Tag patterns are used to change the applying actions based on the
request's tags. Tags can be created with either the
<A
-HREF="actions-file.html#CLIENT-HEADER-FILTER"
+HREF="actions-file.html#CLIENT-HEADER-TAGGER"
>client-header-tagger</A
>
or the <A
-HREF="actions-file.html#SERVER-HEADER-FILTER"
+HREF="actions-file.html#SERVER-HEADER-TAGGER"
>server-header-tagger</A
> action.</P
><P
>
can tell them apart from URL patterns. Everything after the colon
including white space, is interpreted as a regular expression with
- path patterns syntax, except that tag patterns aren't left-anchored
- automatically (Privoxy doesn't silently add a <SPAN
+ path pattern syntax, except that tag patterns aren't left-anchored
+ automatically (<SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> doesn't silently add a <SPAN
CLASS="QUOTE"
>"^"</SPAN
>,
match requests whose tags contain <SPAN
CLASS="QUOTE"
>"foo"</SPAN
-> somewhere.</P
+> somewhere.
+ <SPAN
+CLASS="QUOTE"
+>"TAG: foo"</SPAN
+> wouldn't work as it requires white space.</P
><P
> Sections can contain URL and tag patterns at the same time,
but tag patterns are checked after the URL patterns and thus
tags can be used to activate other tagger actions, as long as these other
taggers look for headers that haven't already be parsed.</P
><P
-> For example you could tag client requests which use the POST method,
- use this tag to activate another tagger that adds a tag if cookies
- are send, and then block based on the cookie tag. However if you'd
- reverse the position of the described taggers, and activated the method
- tagger based on the cookie tagger, no method tags would be created.
+> For example you could tag client requests which use the
+ <TT
+CLASS="LITERAL"
+>POST</TT
+> method,
+ then use this tag to activate another tagger that adds a tag if cookies
+ are sent, and then use a block action based on the cookie tag. This allows
+ the outcome of one action, to be input into a subsequent action. However if
+ you'd reverse the position of the described taggers, and activated the
+ method tagger based on the cookie tagger, no method tags would be created.
The method tagger would look for the request line, but at the time
- the cookie tag is created the request line has already been parsed.</P
+ the cookie tag is created, the request line has already been parsed.</P
><P
> While this is a limitation you should be aware of, this kind of
indirection is seldom needed anyway and even the example doesn't
CLASS="SECT2"
><A
NAME="ACTIONS"
-></A
->8.5. Actions</H2
+>8.5. Actions</A
+></H2
><P
> All actions are disabled by default, until they are explicitly enabled
somewhere in an actions file. Actions are turned on if preceded with a
>
Example: <TT
CLASS="LITERAL"
->+hide-user-agent{ Mozilla 1.0 }</TT
+>+hide-user-agent{Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.1.4) Gecko/20070602 Firefox/2.0.0.4}</TT
>
</P
></LI
CLASS="APPLICATION"
>Privoxy</SPAN
> would just be a
- normal, non-blocking, non-anonymizing proxy. You must specifically enable the
+ normal, non-blocking, non-filtering proxy. You must specifically enable the
privacy and blocking features you need (although the provided default actions
files will give a good starting point).</P
><P
-> Later defined actions always over-ride earlier ones. So exceptions
- to any rules you make, should come in the latter part of the file (or
+> Later defined action sections always over-ride earlier ones of the same type.
+ So exceptions to any rules you make, should come in the latter part of the file (or
in a file that is processed later when using multiple actions files such
as <TT
CLASS="FILENAME"
CLASS="SECT3"
><A
NAME="ADD-HEADER"
-></A
->8.5.1. add-header</H4
+>8.5.1. add-header</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="BLOCK"
-></A
->8.5.2. block</H4
+>8.5.2. block</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="CLIENT-HEADER-FILTER"
-></A
->8.5.3. client-header-filter</H4
+>8.5.3. client-header-filter</A
+></H4
><P
></P
><DIV
and use their output as input.
</P
><P
+> If the request URL gets changed, <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> will detect that and use the new
+ one. This can be used to rewrite the request destination behind the client's
+ back, for example to specify a Tor exit relay for certain requests.
+ </P
+><P
> Please refer to the <A
HREF="filter-file.html"
>filter file chapter</A
CLASS="SECT3"
><A
NAME="CLIENT-HEADER-TAGGER"
-></A
->8.5.4. client-header-tagger</H4
+>8.5.4. client-header-tagger</A
+></H4
><P
></P
><DIV
><PRE
CLASS="SCREEN"
># Tag every request with the User-Agent header
-{+client-header-filter{user-agent}}
+{+client-header-tagger{user-agent}}
/
</PRE
></TD
CLASS="SECT3"
><A
NAME="CONTENT-TYPE-OVERWRITE"
-></A
->8.5.5. content-type-overwrite</H4
+>8.5.5. content-type-overwrite</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="CRUNCH-CLIENT-HEADER"
-></A
->8.5.6. crunch-client-header</H4
+>8.5.6. crunch-client-header</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="CRUNCH-IF-NONE-MATCH"
-></A
->8.5.7. crunch-if-none-match</H4
+>8.5.7. crunch-if-none-match</A
+></H4
><P
></P
><DIV
</P
><P
> It is also useful to make sure the header isn't used as a cookie
- replacement.
+ replacement (unlikely but possible).
</P
><P
> Blocking the <SPAN
CLASS="QUOTE"
>"If-Modified-Since:"</SPAN
> header
- isn't blocked as well.
+ isn't blocked or missing as well.
</P
><P
> It is recommended to use this action together with
><TD
><PRE
CLASS="SCREEN"
-># Let the browser revalidate cached documents without being tracked across sessions
-{ +hide-if-modified-since{-60} \
+># Let the browser revalidate cached documents but don't
+# allow the server to use the revalidation headers for user tracking.
+{+hide-if-modified-since{-60} \
+overwrite-last-modified{randomize} \
+crunch-if-none-match}
/ </PRE
CLASS="SECT3"
><A
NAME="CRUNCH-INCOMING-COOKIES"
-></A
->8.5.8. crunch-incoming-cookies</H4
+>8.5.8. crunch-incoming-cookies</A
+></H4
><P
></P
><DIV
>Typical use:</DT
><DD
><P
-> Prevent the web server from setting any cookies on your system
+> Prevent the web server from setting HTTP cookies on your system
</P
></DD
><DT
CLASS="EMPHASIS"
>incoming</I
></SPAN
-> cookies. For
+> HTTP cookies. For
<SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>outgoing</I
></SPAN
-> cookies, use
+> HTTP cookies, use
<TT
CLASS="LITERAL"
><A
CLASS="EMPHASIS"
>both</I
></SPAN
-> to disable cookies completely.
+> to disable HTTP cookies completely.
</P
><P
> It makes <SPAN
CLASS="SECT3"
><A
NAME="CRUNCH-SERVER-HEADER"
-></A
->8.5.9. crunch-server-header</H4
+>8.5.9. crunch-server-header</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="CRUNCH-OUTGOING-COOKIES"
-></A
->8.5.10. crunch-outgoing-cookies</H4
+>8.5.10. crunch-outgoing-cookies</A
+></H4
><P
></P
><DIV
>Typical use:</DT
><DD
><P
-> Prevent the web server from reading any cookies from your system
+> Prevent the web server from reading any HTTP cookies from your system
</P
></DD
><DT
CLASS="EMPHASIS"
>outgoing</I
></SPAN
-> cookies. For
+> HTTP cookies. For
<SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>incoming</I
></SPAN
-> cookies, use
+> HTTP cookies, use
<TT
CLASS="LITERAL"
><A
CLASS="EMPHASIS"
>both</I
></SPAN
-> to disable cookies completely.
+> to disable HTTP cookies completely.
</P
><P
> It makes <SPAN
CLASS="SECT3"
><A
NAME="DEANIMATE-GIFS"
-></A
->8.5.11. deanimate-gifs</H4
+>8.5.11. deanimate-gifs</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="DOWNGRADE-HTTP-VERSION"
-></A
->8.5.12. downgrade-http-version</H4
+>8.5.12. downgrade-http-version</A
+></H4
><P
></P
><DIV
>
didn't support important HTTP/1.1 features well. It is left here for the
unlikely case that you experience HTTP/1.1 related problems with some server
- out there. Not all (optional) HTTP/1.1 features are supported yet, so there
- is a chance you might need this action.
+ out there. Not all HTTP/1.1 features and requirements are supported yet,
+ so there is a chance you might need this action.
</P
></DD
><DT
CLASS="SECT3"
><A
NAME="FAST-REDIRECTS"
-></A
->8.5.13. fast-redirects</H4
+>8.5.13. fast-redirects</A
+></H4
><P
></P
><DIV
><PRE
CLASS="SCREEN"
> { +fast-redirects{simple-check} }
- .example.com
+ one.example.com
{ +fast-redirects{check-decoded-url} }
another.example.com/testing</PRE
CLASS="SECT3"
><A
NAME="FILTER"
-></A
->8.5.14. filter</H4
+>8.5.14. filter</A
+></H4
><P
></P
><DIV
><TD
><PRE
CLASS="SCREEN"
->+filter{ie-exploits} # Disable some known Internet Explorer bug exploits</PRE
+>+filter{ie-exploits} # Disable a known Internet Explorer bug exploits</PRE
></TD
></TR
></TABLE
CLASS="SECT3"
><A
NAME="FORCE-TEXT-MODE"
-></A
->8.5.15. force-text-mode</H4
+>8.5.15. force-text-mode</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="FORWARD-OVERRIDE"
-></A
->8.5.16. forward-override</H4
+>8.5.16. forward-override</A
+></H4
><P
></P
><DIV
>Effect:</DT
><DD
><P
-> Overrules the forward directives in the configuration files.
+> Overrules the forward directives in the configuration file.
</P
></DD
><DT
> <SPAN
CLASS="QUOTE"
>"forward-socks4a 127.0.0.1:9050 ."</SPAN
-> to use the socks4a proxy listening at 127.0.0.1 port 9050.
- Replace <SPAN
+> to use the socks4a proxy listening at
+ 127.0.0.1 port 9050. Replace <SPAN
CLASS="QUOTE"
>"forward-socks4a"</SPAN
> with <SPAN
CLASS="QUOTE"
>"forward-socks4"</SPAN
-> to use a socks4 connection (with local DNS
- resolution) instead.
+>
+ to use a socks4 connection (with local DNS resolution) instead.
</P
></LI
><LI
> with <SPAN
CLASS="QUOTE"
>"forward-socks4"</SPAN
-> to use a socks4 connection (with local DNS
- resolution) instead.
+> to use a socks4 connection
+ (with local DNS resolution) instead.
</P
></LI
></UL
# This way you can continue to use Tor for your normal browsing,
# without overloading the Tor network with your FreeBSD ports updates
# or downloads of bigger files like ISOs.
+# Note that HTTP headers are easy to fake and therefore their
+# values are as (un)trustworthy as your clients and users.
{+forward-override{forward .} \
-hide-if-modified-since \
-overwrite-last-modified \
}
-TAG:^User-Agent: fetch libfetch/2.0$
+TAG:^User-Agent: fetch libfetch/2\.0$
</PRE
></TD
></TR
CLASS="SECT3"
><A
NAME="HANDLE-AS-EMPTY-DOCUMENT"
-></A
->8.5.17. handle-as-empty-document</H4
+>8.5.17. handle-as-empty-document</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="HANDLE-AS-IMAGE"
-></A
->8.5.18. handle-as-image</H4
+>8.5.18. handle-as-image</A
+></H4
><P
></P
><DIV
# blocked as images:
#
{+block +handle-as-image}
-some.nasty-banner-server.com/junk.cgi?output=trash
+some.nasty-banner-server.com/junk.cgi\?output=trash
# Banner source! Who cares if they also have non-image content?
ad.doubleclick.net </PRE
CLASS="SECT3"
><A
NAME="HIDE-ACCEPT-LANGUAGE"
-></A
->8.5.19. hide-accept-language</H4
+>8.5.19. hide-accept-language</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="HIDE-CONTENT-DISPOSITION"
-></A
->8.5.20. hide-content-disposition</H4
+>8.5.20. hide-content-disposition</A
+></H4
><P
></P
><DIV
to another one, but in most cases it isn't worth the time to set
it up.
</P
+><P
+> This action will probably be removed in the future,
+ use server-header filters instead.
+ </P
></DD
><DT
>Example usage:</DT
CLASS="SECT3"
><A
NAME="HIDE-IF-MODIFIED-SINCE"
-></A
->8.5.21. hide-if-modified-since</H4
+>8.5.21. hide-if-modified-since</A
+></H4
><P
></P
><DIV
CLASS="QUOTE"
>"If-Modified-Since:"</SPAN
> makes
- sure it isn't used as a cookie replacement, but you will run into
- caching problems if the random range is too high.
+ it less likely that the server can use the time as a cookie replacement,
+ but you will run into caching problems if the random range is too high.
</P
><P
> It is a good idea to only use a small negative value and let
HREF="actions-file.html#CRUNCH-IF-NONE-MATCH"
>crunch-if-none-match</A
></TT
->.
+>,
+ otherwise it's more or less pointless.
</P
></DD
><DT
><TD
><PRE
CLASS="SCREEN"
-># Let the browser revalidate without being tracked across sessions
-{ +hide-if-modified-since{-60} \
+># Let the browser revalidate but make tracking based on the time less likely.
+{+hide-if-modified-since{-60} \
+overwrite-last-modified{randomize} \
+crunch-if-none-match}
/</PRE
CLASS="SECT3"
><A
NAME="HIDE-FORWARDED-FOR-HEADERS"
-></A
->8.5.22. hide-forwarded-for-headers</H4
+>8.5.22. hide-forwarded-for-headers</A
+></H4
><P
></P
><DIV
>Typical use:</DT
><DD
><P
->Improve privacy by hiding the true source of the request</P
+>Improve privacy by not forwarding the source of the request in the HTTP headers.</P
></DD
><DT
>Effect:</DT
> Deletes any existing <SPAN
CLASS="QUOTE"
>"X-Forwarded-for:"</SPAN
-> HTTP header from client requests,
- and prevents adding a new one.
+> HTTP header from client requests.
</P
></DD
><DT
>Notes:</DT
><DD
><P
-> It is fairly safe to leave this on.
- </P
-><P
-> This action is scheduled for improvement: It should be able to generate forged
- <SPAN
-CLASS="QUOTE"
->"X-Forwarded-for:"</SPAN
-> headers using random IP addresses from a specified network,
- to make successive requests from the same client look like requests from a pool of different
- users sharing the same proxy.
+> It is safe and recommended to leave this on.
</P
></DD
><DT
CLASS="SECT3"
><A
NAME="HIDE-FROM-HEADER"
-></A
->8.5.23. hide-from-header</H4
+>8.5.23. hide-from-header</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="HIDE-REFERRER"
-></A
->8.5.24. hide-referrer</H4
+>8.5.24. hide-referrer</A
+></H4
><A
NAME="HIDE-REFERER"
></A
><P
><SPAN
CLASS="QUOTE"
+>"conditional-forge"</SPAN
+> to forge the header if the host has changed.</P
+></LI
+><LI
+><P
+><SPAN
+CLASS="QUOTE"
>"block"</SPAN
> to delete the header unconditionally.</P
></LI
><P
> Always blocking the referrer, or using a custom one, can lead to
failures on servers that check the referrer before they answer any
- requests, in an attempt to prevent their valuable content from being
+ requests, in an attempt to prevent their content from being
embedded or linked to elsewhere.
</P
><P
CLASS="SECT3"
><A
NAME="HIDE-USER-AGENT"
-></A
->8.5.25. hide-user-agent</H4
+>8.5.25. hide-user-agent</A
+></H4
><P
></P
><DIV
>Typical use:</DT
><DD
><P
->Conceal your type of browser and client operating system</P
+>Try to conceal your type of browser and client operating system</P
></DD
><DT
>Effect:</DT
></SPAN
> the right thing to do: good web sites
work browser-independently).
-
</P
></TD
></TR
(Must be just a silly MS goof, I'm sure :-).
</P
><P
-> This action is scheduled for improvement.
+> More information on known user-agent strings can be found at
+ <A
+HREF="http://www.user-agents.org/"
+TARGET="_top"
+>http://www.user-agents.org/</A
+>
+ and
+ <A
+HREF="http://en.wikipedia.org/wiki/User_agent"
+TARGET="_top"
+>http://en.wikipedia.org/wiki/User_agent</A
+>.
</P
></DD
><DT
CLASS="SECT3"
><A
NAME="INSPECT-JPEGS"
-></A
->8.5.26. inspect-jpegs</H4
+>8.5.26. inspect-jpegs</A
+></H4
><P
></P
><DIV
>Typical use:</DT
><DD
><P
->To protect against the MS buffer over-run in JPEG processing</P
+>Try to protect against a MS buffer over-run in JPEG processing</P
></DD
><DT
>Effect:</DT
allow execution of code on the target system, giving an attacker access
to the system in question by merely planting an altered JPEG image, which
would have no obvious indications of what lurks inside. This action
- prevents unwanted intrusion.
+ tries to prevent this exploit if delivered through unencrypted HTTP.
+ </P
+><P
+> Note that the exploit mentioned is several years old
+ and it's unlikely that your client is still vulnerable
+ against it. This action may be removed in one of the
+ next releases.
</P
></DD
><DT
CLASS="SECT3"
><A
NAME="KILL-POPUPS"
-></A
>8.5.27. kill-popups<A
NAME="KILL-POPUP"
></A
+></A
></H4
><P
></P
> This action is most appropriate for browsers that don't have any controls
for unwanted pop-ups. Not recommended for general usage.
</P
+><P
+> This action doesn't work very reliable and may be removed in future releases.
+ </P
></DD
><DT
>Example usage:</DT
CLASS="SECT3"
><A
NAME="LIMIT-CONNECT"
-></A
->8.5.28. limit-connect</H4
+>8.5.28. limit-connect</A
+></H4
><P
></P
><DIV
> URLs) through proxies. It works very simply:
the proxy connects to the server on the specified port, and then
short-circuits its connections to the client and to the remote server.
- This can be a big security hole, since CONNECT-enabled proxies can be
- abused as TCP relays very easily.
+ This means CONNECT-enabled proxies can be used as TCP relays very easily.
</P
><P
> <SPAN
CLASS="SECT3"
><A
NAME="PREVENT-COMPRESSION"
-></A
->8.5.29. prevent-compression</H4
+>8.5.29. prevent-compression</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="OVERWRITE-LAST-MODIFIED"
-></A
->8.5.30. overwrite-last-modified</H4
+>8.5.30. overwrite-last-modified</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="REDIRECT"
-></A
->8.5.31. redirect</H4
+>8.5.31. redirect</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="SEND-VANILLA-WAFER"
-></A
->8.5.32. send-vanilla-wafer</H4
+>8.5.32. send-vanilla-wafer</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="SEND-WAFER"
-></A
->8.5.33. send-wafer</H4
+>8.5.33. send-wafer</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="SERVER-HEADER-FILTER"
-></A
->8.5.34. server-header-filter</H4
+>8.5.34. server-header-filter</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="SERVER-HEADER-TAGGER"
-></A
->8.5.35. server-header-tagger</H4
+>8.5.35. server-header-tagger</A
+></H4
><P
></P
><DIV
>Typical use:</DT
><DD
><P
-> Disable or disable filters based on the Content-Type header.
+> Enable or disable filters based on the Content-Type header.
</P
></DD
><DT
><TD
><PRE
CLASS="SCREEN"
-># Tag every request with the declared content type
-{+client-header-filter{content-type}}
+># Tag every request with the content type declared by the server
+{+server-header-tagger{content-type}}
/
</PRE
></TD
CLASS="SECT3"
><A
NAME="SESSION-COOKIES-ONLY"
-></A
->8.5.36. session-cookies-only</H4
+>8.5.36. session-cookies-only</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="SET-IMAGE-BLOCKER"
-></A
->8.5.37. set-image-blocker</H4
+>8.5.37. set-image-blocker</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="TREAT-FORBIDDEN-CONNECTS-LIKE-BLOCKS"
-></A
->8.5.38. treat-forbidden-connects-like-blocks</H4
+>8.5.38. treat-forbidden-connects-like-blocks</A
+></H4
><P
></P
><DIV
><H3
CLASS="SECT3"
><A
-NAME="AEN4122"
-></A
->8.5.39. Summary</H3
+NAME="AEN4261"
+>8.5.39. Summary</A
+></H3
><P
> Note that many of these actions have the potential to cause a page to
misbehave, possibly even not to display at all. There are many ways
CLASS="SECT2"
><A
NAME="ALIASES"
-></A
->8.6. Aliases</H2
+>8.6. Aliases</A
+></H2
><P
> Custom <SPAN
CLASS="QUOTE"
CLASS="SECT2"
><A
NAME="ACT-EXAMPLES"
-></A
->8.7. Actions Files Tutorial</H2
+>8.7. Actions Files Tutorial</A
+></H2
><P
> The above chapters have shown <A
HREF="actions-file.html"
><H3
CLASS="SECT3"
><A
-NAME="AEN4187"
-></A
->8.7.1. default.action</H3
+NAME="AEN4326"
+>8.7.1. default.action</A
+></H3
><P
>Every config file should start with a short comment stating its purpose:</P
><P
experience.</P
><P
> Again, at the start of matching, all actions are disabled, so there is
- no real need to disable any actions here, but we will do that nonetheless,
- to have a complete listing for your reference. (Remember: a <SPAN
+ no need to disable any actions here. (Remember: a <SPAN
CLASS="QUOTE"
>"+"</SPAN
>
# "Defaults" section:
##########################################################################
{ \
- -<A
-HREF="actions-file.html#ADD-HEADER"
->add-header</A
-> \
- -<A
-HREF="actions-file.html#CLIENT-HEADER-FILTER"
->client-header-filter{hide-tor-exit-notation}</A
-> \
- -<A
-HREF="actions-file.html#BLOCK"
->block</A
-> \
- -<A
-HREF="actions-file.html#CONTENT-TYPE-OVERWRITE"
->content-type-overwrite</A
-> \
- -<A
-HREF="actions-file.html#CRUNCH-CLIENT-HEADER"
->crunch-client-header</A
-> \
- -<A
-HREF="actions-file.html#CRUNCH-IF-NONE-MATCH"
->crunch-if-none-match</A
-> \
- -<A
-HREF="actions-file.html#CRUNCH-INCOMING-COOKIES"
->crunch-incoming-cookies</A
-> \
- -<A
-HREF="actions-file.html#CRUNCH-SERVER-HEADER"
->crunch-server-header</A
-> \
- -<A
-HREF="actions-file.html#CRUNCH-OUTGOING-COOKIES"
->crunch-outgoing-cookies</A
-> \
+<A
HREF="actions-file.html#DEANIMATE-GIFS"
>deanimate-gifs</A
-> \
- -<A
-HREF="actions-file.html#DOWNGRADE-HTTP-VERSION"
->downgrade-http-version</A
-> \
- -<A
-HREF="actions-file.html#FAST-REDIRECTS"
->fast-redirects{check-decoded-url}</A
-> \
- -<A
-HREF="actions-file.html#FILTER-JS-ANNOYANCES"
->filter{js-annoyances}</A
-> \
- -<A
-HREF="actions-file.html#FILTER-JS-EVENTS"
->filter{js-events}</A
> \
+<A
HREF="actions-file.html#FILTER-HTML-ANNOYANCES"
>filter{html-annoyances}</A
-> \
- -<A
-HREF="actions-file.html#FILTER-CONTENT-COOKIES"
->filter{content-cookies}</A
> \
+<A
HREF="actions-file.html#FILTER-REFRESH-TAGS"
>filter{refresh-tags}</A
-> \
- -<A
-HREF="actions-file.html#FILTER-UNSOLICITED-POPUPS"
->filter{unsolicited-popups}</A
-> \
- -<A
-HREF="actions-file.html#FILTER-ALL-POPUPS"
->filter{all-popups}</A
-> \
- -<A
-HREF="actions-file.html#FILTER-IMG-REORDER"
->filter{img-reorder}</A
-> \
- -<A
-HREF="actions-file.html#FILTER-BANNERS-BY-SIZE"
->filter{banners-by-size}</A
-> \
- -<A
-HREF="actions-file.html#FILTER-BANNERS-BY-LINK"
->filter{banners-by-link}</A
> \
+<A
HREF="actions-file.html#FILTER-WEBBUGS"
>filter{webbugs}</A
-> \
- -<A
-HREF="actions-file.html#FILTER-TINY-TEXTFORMS"
->filter{tiny-textforms}</A
-> \
- -<A
-HREF="actions-file.html#FILTER-JUMPING-WINDOWS"
->filter{jumping-windows}</A
-> \
- -<A
-HREF="actions-file.html#FILTER-FRAMESET-BORDERS"
->filter{frameset-borders}</A
-> \
- -<A
-HREF="actions-file.html#FILTER-DEMORONIZER"
->filter{demoronizer}</A
-> \
- -<A
-HREF="actions-file.html#FILTER-SHOCKWAVE-FLASH"
->filter{shockwave-flash}</A
-> \
- -<A
-HREF="actions-file.html#FILTER-QUICKTIME-KIOSKMODE"
->filter{quicktime-kioskmode}</A
-> \
- -<A
-HREF="actions-file.html#FILTER-FUN"
->filter{fun}</A
-> \
- -<A
-HREF="actions-file.html#FILTER-CRUDE-PARENTAL"
->filter{crude-parental}</A
> \
+<A
HREF="actions-file.html#FILTER-IE-EXPLOITS"
>filter{ie-exploits}</A
> \
- -<A
-HREF="actions-file.html#FILTER-GOOGLE"
->filter{google}</A
-> \
- -<A
-HREF="actions-file.html#FILTER-YAHOO"
->filter{yahoo}</A
-> \
- -<A
-HREF="actions-file.html#FILTER-MSN"
->filter{msn}</A
-> \
- -<A
-HREF="actions-file.html#FILTER-BLOGSPOT"
->filter{blogspot}</A
-> \
- -<A
-HREF="actions-file.html#FILTER-NO-PING"
->filter{no-ping}</A
-> \
- -<A
-HREF="actions-file.html#FORCE-TEXT-MODE"
->force-text-mode</A
-> \
- -<A
-HREF="actions-file.html#HANDLE-AS-EMPTY-DOCUMENT"
->handle-as-empty-document</A
-> \
- -<A
-HREF="actions-file.html#HANDLE-AS-IMAGE"
->handle-as-image</A
-> \
- -<A
-HREF="actions-file.html#HIDE-ACCEPT-LANGUAGE"
->hide-accept-language</A
-> \
- -<A
-HREF="actions-file.html#HIDE-CONTENT-DISPOSITION"
->hide-content-disposition</A
-> \
- -<A
-HREF="actions-file.html#HIDE-IF-MODIFIED-SINCE"
->hide-if-modified-since</A
-> \
+<A
HREF="actions-file.html#HIDE-FORWARDED-FOR-HEADERS"
>hide-forwarded-for-headers</A
+<A
HREF="actions-file.html#HIDE-REFERER"
>hide-referrer{forge}</A
-> \
- -<A
-HREF="actions-file.html#HIDE-USER-AGENT"
->hide-user-agent</A
-> \
- -<A
-HREF="actions-file.html#INSPECT-JPEGS"
->inspect-jpegs</A
-> \
- -<A
-HREF="actions-file.html#KILL-POPUPS"
->kill-popups</A
-> \
- -<A
-HREF="actions-file.html#LIMIT-CONNECT"
->limit-connect</A
> \
+<A
HREF="actions-file.html#PREVENT-COMPRESSION"
>prevent-compression</A
-> \
- -<A
-HREF="actions-file.html#OVERWRITE-LAST-MODIFIED"
->overwrite-last-modified</A
-> \
- -<A
-HREF="actions-file.html#REDIRECT"
->redirect</A
-> \
- -<A
-HREF="actions-file.html#SEND-VANILLA-WAFER"
->send-vanilla-wafer</A
-> \
- -<A
-HREF="actions-file.html#SEND-WAFER"
->send-wafer</A
-> \
- -<A
-HREF="actions-file.html#SERVER-HEADER-FILTER"
->server-header-filter{xml-to-html}</A
-> \
- -<A
-HREF="actions-file.html#SERVER-HEADER-FILTER"
->server-header-filter{html-to-xml}</A
> \
+<A
HREF="actions-file.html#SESSION-COOKIES-ONLY"
+<A
HREF="actions-file.html#SET-IMAGE-BLOCKER"
>set-image-blocker{pattern}</A
-> \
- -<A
-HREF="actions-file.html#TREAT-FORBIDDEN-CONNECTS-LIKE-BLOCKS"
->treat-forbidden-connects-like-blocks</A
> \
}
/ # forward slash will match *all* potential URL patterns.</PRE
></TABLE
></P
><P
-> The default behavior is now set. Note that some actions, like not hiding
- the user agent, are part of a <SPAN
-CLASS="QUOTE"
->"general policy"</SPAN
-> that applies
- universally and won't get any exceptions defined later. Other choices,
- like not blocking (which is <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->understandably</I
-></SPAN
-> the
- default!) need exceptions, i.e. we need to specify explicitly what we
- want to block in later sections.</P
+> The default behavior is now set.
+ </P
><P
> The first of our specialized sections is concerned with <SPAN
CLASS="QUOTE"
><H3
CLASS="SECT3"
><A
-NAME="AEN4374"
-></A
->8.7.2. user.action</H3
+NAME="AEN4462"
+>8.7.2. user.action</A
+></H3
><P
> So far we are painting with a broad brush by setting general policies,
which would be a reasonable starting point for many people. Now,
><TD
><PRE
CLASS="SCREEN"
-># My user.action file. <fred@foobar.com></PRE
+># My user.action file. <fred@example.com></PRE
></TD
></TR
></TABLE
>block</A
> }
www.example.com/nasty-ads/sponsor\.gif
- another.popular.site.net/more/junk/here/</PRE
+ another.example.net/more/junk/here/</PRE
></TD
></TR
></TABLE
CLASS="FILENAME"
>default.filter</TT
>,
- but it is disabled in the distributed actions file. (My colleagues on the team just
- don't have a sense of humour, that's why! ;-). So you'd like to turn it on in your private,
+ but it is disabled in the distributed actions file.
+ So you'd like to turn it on in your private,
update-safe config, once and for all:</P
><P
><TABLE
projects / privoxy.git / blobdiff