<p>The default profiles, and their associated actions, as pre-defined in <tt class=
"FILENAME">default.action</tt> are:</p>
<div class="TABLE">
- <a name="AEN3105" id="AEN3105"></a>
+ <a name="AEN3092" id="AEN3092"></a>
<p><b>Table 1. Default Configurations</b></p>
<table border="1" frame="border" rules="all" class="CALSTABLE">
<col width="1*" title="C1">
</dl>
</div>
<p>While flexible, this is not the sophistication of full regular expression based syntax.</p>
+ <p>When compiled with FEATURE_PCRE_HOST_PATTERNS patterns can be prefixed with <span class=
+ "QUOTE">"PCRE-HOST-PATTERN:"</span> in which case full regular expression (PCRE) can be used for the host
+ pattern as well.</p>
</div>
<div class="SECT3">
<h3 class="SECT3"><a name="PATH-PATTERN" id="PATH-PATTERN">8.4.2. The Path Pattern</a></h3>
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="ENABLE-HTTPS-FILTERING" id="ENABLE-HTTPS-FILTERING">8.5.15.
- enable-https-filtering</a></h4>
- <div class="VARIABLELIST">
- <dl>
- <dt>Typical use:</dt>
- <dd>
- <p>Filter encrypted requests and responses</p>
- </dd>
- <dt>Effect:</dt>
- <dd>
- <p>Encrypted requests are decrypted, filtered and forwarded encrypted.</p>
- </dd>
- <dt>Type:</dt>
- <dd>
- <p>Boolean.</p>
- </dd>
- <dt>Parameter:</dt>
- <dd>
- <p>N/A</p>
- </dd>
- <dt>Notes:</dt>
- <dd>
- <p>This action allows <span class="APPLICATION">Privoxy</span> to filter encrypted requests and
- responses. For this to work <span class="APPLICATION">Privoxy</span> has to generate a certificate and
- send it to the client which has to accept it.</p>
- <p>Before this works the directives in the <tt class="LITERAL"><a href="config.html#TLS" target=
- "_top">TLS section</a></tt> of the config file have to be configured.</p>
- </dd>
- <dt>Example usage (section):</dt>
- <dd>
- <table border="0" bgcolor="#E0E0E0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">{+enable-https-filtering}
-www.example.com</pre>
- </td>
- </tr>
- </table>
- </dd>
- </dl>
- </div>
- </div>
- <div class="SECT3">
- <h4 class="SECT3"><a name="EXTERNAL-FILTER" id="EXTERNAL-FILTER">8.5.16. external-filter</a></h4>
+ <h4 class="SECT3"><a name="EXTERNAL-FILTER" id="EXTERNAL-FILTER">8.5.15. external-filter</a></h4>
<div class="VARIABLELIST">
<dl>
<dt>Typical use:</dt>
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="FAST-REDIRECTS" id="FAST-REDIRECTS">8.5.17. fast-redirects</a></h4>
+ <h4 class="SECT3"><a name="FAST-REDIRECTS" id="FAST-REDIRECTS">8.5.16. fast-redirects</a></h4>
<div class="VARIABLELIST">
<dl>
<dt>Typical use:</dt>
<p>To detect a redirection URL, <tt class="LITERAL">fast-redirects</tt> only looks for the string
<span class="QUOTE">"http://"</span>, either in plain text (invalid but often used) or encoded as
<span class="QUOTE">"http%3a//"</span>. Some sites use their own URL encoding scheme, encrypt the address
- of the target server or replace it with a database id. In theses cases <tt class=
+ of the target server or replace it with a database id. In these cases <tt class=
"LITERAL">fast-redirects</tt> is fooled and the request reaches the redirection server where it probably
gets logged.</p>
</dd>
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="FILTER" id="FILTER">8.5.18. filter</a></h4>
+ <h4 class="SECT3"><a name="FILTER" id="FILTER">8.5.17. filter</a></h4>
<div class="VARIABLELIST">
<dl>
<dt>Typical use:</dt>
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="FORCE-TEXT-MODE" id="FORCE-TEXT-MODE">8.5.19. force-text-mode</a></h4>
+ <h4 class="SECT3"><a name="FORCE-TEXT-MODE" id="FORCE-TEXT-MODE">8.5.18. force-text-mode</a></h4>
<div class="VARIABLELIST">
<dl>
<dt>Typical use:</dt>
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="FORWARD-OVERRIDE" id="FORWARD-OVERRIDE">8.5.20. forward-override</a></h4>
+ <h4 class="SECT3"><a name="FORWARD-OVERRIDE" id="FORWARD-OVERRIDE">8.5.19. forward-override</a></h4>
<div class="VARIABLELIST">
<dl>
<dt>Typical use:</dt>
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="HANDLE-AS-EMPTY-DOCUMENT" id="HANDLE-AS-EMPTY-DOCUMENT">8.5.21.
+ <h4 class="SECT3"><a name="HANDLE-AS-EMPTY-DOCUMENT" id="HANDLE-AS-EMPTY-DOCUMENT">8.5.20.
handle-as-empty-document</a></h4>
<div class="VARIABLELIST">
<dl>
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="HANDLE-AS-IMAGE" id="HANDLE-AS-IMAGE">8.5.22. handle-as-image</a></h4>
+ <h4 class="SECT3"><a name="HANDLE-AS-IMAGE" id="HANDLE-AS-IMAGE">8.5.21. handle-as-image</a></h4>
<div class="VARIABLELIST">
<dl>
<dt>Typical use:</dt>
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="HIDE-ACCEPT-LANGUAGE" id="HIDE-ACCEPT-LANGUAGE">8.5.23.
+ <h4 class="SECT3"><a name="HIDE-ACCEPT-LANGUAGE" id="HIDE-ACCEPT-LANGUAGE">8.5.22.
hide-accept-language</a></h4>
<div class="VARIABLELIST">
<dl>
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="HIDE-CONTENT-DISPOSITION" id="HIDE-CONTENT-DISPOSITION">8.5.24.
+ <h4 class="SECT3"><a name="HIDE-CONTENT-DISPOSITION" id="HIDE-CONTENT-DISPOSITION">8.5.23.
hide-content-disposition</a></h4>
<div class="VARIABLELIST">
<dl>
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="HIDE-IF-MODIFIED-SINCE" id="HIDE-IF-MODIFIED-SINCE">8.5.25.
+ <h4 class="SECT3"><a name="HIDE-IF-MODIFIED-SINCE" id="HIDE-IF-MODIFIED-SINCE">8.5.24.
hide-if-modified-since</a></h4>
<div class="VARIABLELIST">
<dl>
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="HIDE-FROM-HEADER" id="HIDE-FROM-HEADER">8.5.26. hide-from-header</a></h4>
+ <h4 class="SECT3"><a name="HIDE-FROM-HEADER" id="HIDE-FROM-HEADER">8.5.25. hide-from-header</a></h4>
<div class="VARIABLELIST">
<dl>
<dt>Typical use:</dt>
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="HIDE-REFERRER" id="HIDE-REFERRER">8.5.2
7. hide-referrer</a></h4><a name=
+ <h4 class="SECT3"><a name="HIDE-REFERRER" id="HIDE-REFERRER">8.5.2
6. hide-referrer</a></h4><a name=
"HIDE-REFERER" id="HIDE-REFERER"></a>
<div class="VARIABLELIST">
<dl>
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="HIDE-USER-AGENT" id="HIDE-USER-AGENT">8.5.28. hide-user-agent</a></h4>
+ <h4 class="SECT3"><a name="HIDE-USER-AGENT" id="HIDE-USER-AGENT">8.5.27. hide-user-agent</a></h4>
<div class="VARIABLELIST">
<dl>
<dt>Typical use:</dt>
</dl>
</div>
</div>
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="HTTPS-INSPECTION" id="HTTPS-INSPECTION">8.5.28. https-inspection</a></h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Typical use:</dt>
+ <dd>
+ <p>Filter encrypted requests and responses</p>
+ </dd>
+ <dt>Effect:</dt>
+ <dd>
+ <p>Encrypted requests are decrypted, filtered and forwarded encrypted.</p>
+ </dd>
+ <dt>Type:</dt>
+ <dd>
+ <p>Boolean.</p>
+ </dd>
+ <dt>Parameter:</dt>
+ <dd>
+ <p>N/A</p>
+ </dd>
+ <dt>Notes:</dt>
+ <dd>
+ <p>This action allows <span class="APPLICATION">Privoxy</span> to filter encrypted requests and
+ responses. For this to work <span class="APPLICATION">Privoxy</span> has to generate a certificate and
+ send it to the client which has to accept it.</p>
+ <p>Before this works the directives in the <tt class="LITERAL"><a href="config.html#TLS" target=
+ "_top">TLS section</a></tt> of the config file have to be configured.</p>
+ <p>Note that the action has to be enabled based on the CONNECT request which doesn't contain a path.
+ Enabling it based on a pattern with path doesn't work as the path is only seen by <span class=
+ "APPLICATION">Privoxy</span> if the action is already enabled.</p>
+ <p>This is an experimental feature.</p>
+ </dd>
+ <dt>Example usage (section):</dt>
+ <dd>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">{+https-inspection}
+www.example.com</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
<div class="SECT3">
<h4 class="SECT3"><a name="IGNORE-CERTIFICATE-ERRORS" id="IGNORE-CERTIFICATE-ERRORS">8.5.29.
ignore-certificate-errors</a></h4>
</dd>
<dt>Notes:</dt>
<dd>
- <p>When the <a href="actions-file.html#ENABLE-HTTPS-FILTERING"><span class=
- "QUOTE">"+enable-https-filtering"</span></a> action is used <span class="APPLICATION">Privoxy</span> by
- default verifies that the remote site uses a valid certificate.</p>
- <p>If the certificate is invalid the connection is aborted.</p>
- <p>This action disabled the certificate check allowing requests to sites with invalid certificates.</p>
+ <p>When the <a href="actions-file.html#HTTPS-INSPECTION"><span class=
+ "QUOTE">"+https-inspection"</span></a> action is used <span class="APPLICATION">Privoxy</span> by default
+ verifies that the remote site uses a valid certificate.</p>
+ <p>If the certificate can't be validated by <span class="APPLICATION">Privoxy</span> the connection is
+ aborted.</p>
+ <p>This action disables the certificate check so requests to sites with certificates that can't be
+ validated are allowed.</p>
+ <p>Note that enabling this action allows Man-in-the-middle attacks.</p>
</dd>
<dt>Example usage:</dt>
<dd>
action settings.</p>
<p>Note that some (rare) ill-configured sites don't handle requests for uncompressed documents correctly.
Broken PHP applications tend to send an empty document body, some IIS versions only send the beginning of
- the content. If you enable <tt class="LITERAL">prevent-compression</tt> per default, you might want to
- add exceptions for those sites. See the example for how to do that.</p>
+ the content and some content delivery networks let the connection time out. If you enable <tt class=
+ "LITERAL">prevent-compression</tt> per default, you might want to add exceptions for those sites. See the
+ example for how to do that.</p>
</dd>
<dt>Example usage (sections):</dt>
<dd>
projects / privoxy.git / blobdiff