- </PRE
-></TD
-></TR
-></TABLE
->
- </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><H4
-CLASS="SECT3"
-><A
-NAME="CRUNCH-IF-NONE-MATCH"
-></A
->8.5.5. crunch-if-none-match</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->Typical use:</DT
-><DD
-><P
->Prevent yet another way to track the user's steps between sessions.</P
-></DD
-><DT
->Effect:</DT
-><DD
-><P
-> Deletes the <SPAN
-CLASS="QUOTE"
->"If-None-Match:"</SPAN
-> HTTP client header.
- </P
-></DD
-><DT
->Type:</DT
-><DD
-><P
->Boolean.</P
-></DD
-><DT
->Parameter:</DT
-><DD
-><P
-> N/A
- </P
-></DD
-><DT
->Notes:</DT
-><DD
-><P
-> Removing the <SPAN
-CLASS="QUOTE"
->"If-None-Match:"</SPAN
-> HTTP client header
- is useful for filter testing, where you want to force a real
- reload instead of getting status code <SPAN
-CLASS="QUOTE"
->"304"</SPAN
-> which
- would cause the browser to use a cached copy of the page.
- </P
-><P
-> It is also useful to make sure the header isn't used as a cookie
- replacement.
- </P
-><P
-> Blocking the <SPAN
-CLASS="QUOTE"
->"If-None-Match:"</SPAN
-> header shouldn't cause any
- caching problems, as long as the <SPAN
-CLASS="QUOTE"
->"If-Modified-Since:"</SPAN
-> header
- isn't blocked as well.
- </P
-><P
-> It is recommended to use this action together with
- <TT
-CLASS="LITERAL"
-><A
-HREF="actions-file.html#HIDE-IF-MODIFIED-SINCE"
->hide-if-modified-since</A
-></TT
->
- and
- <TT
-CLASS="LITERAL"
-><A
-HREF="actions-file.html#OVERWRITE-LAST-MODIFIED"
->overwrite-last-modified</A
-></TT
->.
- </P
-></DD
-><DT
->Example usage (section):</DT
-><DD
-><P
-> <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
-># Let the browser revalidate cached documents without being tracked across sessions
-{+hide-if-modified-since {-1} \
-+overwrite-last-modified {randomize} \
-+crunch-if-none-match}
-/ </PRE
-></TD
-></TR
-></TABLE
->
- </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><H4
-CLASS="SECT3"
-><A
-NAME="CRUNCH-INCOMING-COOKIES"
-></A
->8.5.6. crunch-incoming-cookies</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->Typical use:</DT
-><DD
-><P
-> Prevent the web server from setting any cookies on your system
- </P
-></DD
-><DT
->Effect:</DT
-><DD
-><P
-> Deletes any <SPAN
-CLASS="QUOTE"
->"Set-Cookie:"</SPAN
-> HTTP headers from server replies.
- </P
-></DD
-><DT
->Type:</DT
-><DD
-><P
->Boolean.</P
-></DD
-><DT
->Parameter:</DT
-><DD
-><P
-> N/A
- </P
-></DD
-><DT
->Notes:</DT
-><DD
-><P
-> This action is only concerned with <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->incoming</I
-></SPAN
-> cookies. For
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->outgoing</I
-></SPAN
-> cookies, use
- <TT
-CLASS="LITERAL"
-><A
-HREF="actions-file.html#CRUNCH-OUTGOING-COOKIES"
->crunch-outgoing-cookies</A
-></TT
->.
- Use <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->both</I
-></SPAN
-> to disable cookies completely.
- </P
-><P
-> It makes <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->no sense at all</I
-></SPAN
-> to use this action in conjunction
- with the <TT
-CLASS="LITERAL"
-><A
-HREF="actions-file.html#SESSION-COOKIES-ONLY"
->session-cookies-only</A
-></TT
-> action,
- since it would prevent the session cookies from being set. See also
- <TT
-CLASS="LITERAL"
-><A
-HREF="actions-file.html#FILTER-CONTENT-COOKIES"
->filter-content-cookies</A
-></TT
->.
- </P
-></DD
-><DT
->Example usage:</DT
-><DD
-><P
-> <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
->+crunch-incoming-cookies</PRE
-></TD
-></TR
-></TABLE
->
- </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><H4
-CLASS="SECT3"
-><A
-NAME="CRUNCH-SERVER-HEADER"
-></A
->8.5.7. crunch-server-header</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->Typical use:</DT
-><DD
-><P
->Remove a server header <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> has no dedicated action for.</P
-></DD
-><DT
->Effect:</DT
-><DD
-><P
-> Deletes every header sent by the server that contains the string the user supplied as parameter.
- </P
-></DD
-><DT
->Type:</DT
-><DD
-><P
->Parameterized.</P
-></DD
-><DT
->Parameter:</DT
-><DD
-><P
-> Any string.
- </P
-></DD
-><DT
->Notes:</DT
-><DD
-><P
-> This action allows you to block server headers for which no dedicated
- <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> action exists. <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
->
- will remove every server header that contains the string you supplied as parameter.
- </P
-><P
-> Regular expressions are <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->not supported</I
-></SPAN
-> and you can't
- use this action to block different headers in the same request, unless
- they contain the same string.
- </P
-><P
-> <TT
-CLASS="LITERAL"
->crunch-server-header</TT
-> is only meant for quick tests.
- If you have to block several different headers, or only want to modify
- parts of them, you should enable
- <TT
-CLASS="LITERAL"
-><A
-HREF="actions-file.html#FILTER-SERVER-HEADERS"
->filter-server-headers</A
-></TT
->
- and create your own filter.
- </P
-><DIV
-CLASS="WARNING"
-><P
-></P
-><TABLE
-CLASS="WARNING"
-BORDER="1"
-WIDTH="90%"
-><TR
-><TD
-ALIGN="CENTER"
-><B
->Warning</B
-></TD
-></TR
-><TR
-><TD
-ALIGN="LEFT"
-><P
-> Don't block any header without understanding the consequences.
- </P
-></TD
-></TR
-></TABLE
-></DIV
-></DD
-><DT
->Example usage (section):</DT
-><DD
-><P
-> <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
-># Crunch server headers that try to prevent caching
-{+crunch-server-header {no-cache}}
-/ </PRE
-></TD
-></TR
-></TABLE
->
- </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><H4
-CLASS="SECT3"
-><A
-NAME="CRUNCH-OUTGOING-COOKIES"
-></A
->8.5.8. crunch-outgoing-cookies</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->Typical use:</DT
-><DD
-><P
-> Prevent the web server from reading any cookies from your system
- </P
-></DD
-><DT
->Effect:</DT
-><DD
-><P
-> Deletes any <SPAN
-CLASS="QUOTE"
->"Cookie:"</SPAN
-> HTTP headers from client requests.
- </P
-></DD
-><DT
->Type:</DT
-><DD
-><P
->Boolean.</P
-></DD
-><DT
->Parameter:</DT
-><DD
-><P
-> N/A
- </P
-></DD
-><DT
->Notes:</DT
-><DD
-><P
-> This action is only concerned with <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->outgoing</I
-></SPAN
-> cookies. For
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->incoming</I
-></SPAN
-> cookies, use
- <TT
-CLASS="LITERAL"
-><A
-HREF="actions-file.html#CRUNCH-INCOMING-COOKIES"
->crunch-incoming-cookies</A
-></TT
->.
- Use <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->both</I
-></SPAN
-> to disable cookies completely.
- </P
-><P
-> It makes <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->no sense at all</I
-></SPAN
-> to use this action in conjunction
- with the <TT
-CLASS="LITERAL"
-><A
-HREF="actions-file.html#SESSION-COOKIES-ONLY"
->session-cookies-only</A
-></TT
-> action,
- since it would prevent the session cookies from being read.
- </P
-></DD
-><DT
->Example usage:</DT
-><DD
-><P
-> <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
->+crunch-outgoing-cookies</PRE
-></TD
-></TR
-></TABLE
->
- </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><H4
-CLASS="SECT3"
-><A
-NAME="DEANIMATE-GIFS"
-></A
->8.5.9. deanimate-gifs</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->Typical use:</DT
-><DD
-><P
->Stop those annoying, distracting animated GIF images.</P
-></DD
-><DT
->Effect:</DT
-><DD
-><P
-> De-animate GIF animations, i.e. reduce them to their first or last image.
- </P
-></DD
-><DT
->Type:</DT
-><DD
-><P
->Parameterized.</P
-></DD
-><DT
->Parameter:</DT
-><DD
-><P
-> <SPAN
-CLASS="QUOTE"
->"last"</SPAN
-> or <SPAN
-CLASS="QUOTE"
->"first"</SPAN
->
- </P
-></DD
-><DT
->Notes:</DT
-><DD
-><P
-> This will also shrink the images considerably (in bytes, not pixels!). If
- the option <SPAN
-CLASS="QUOTE"
->"first"</SPAN
-> is given, the first frame of the animation
- is used as the replacement. If <SPAN
-CLASS="QUOTE"
->"last"</SPAN
-> is given, the last
- frame of the animation is used instead, which probably makes more sense for
- most banner animations, but also has the risk of not showing the entire
- last frame (if it is only a delta to an earlier frame).
- </P
-><P
-> You can safely use this action with patterns that will also match non-GIF
- objects, because no attempt will be made at anything that doesn't look like
- a GIF.
- </P
-></DD
-><DT
->Example usage:</DT
-><DD
-><P
-> <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
->+deanimate-gifs{last}</PRE
-></TD
-></TR
-></TABLE
->
- </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><H4
-CLASS="SECT3"
-><A
-NAME="DOWNGRADE-HTTP-VERSION"
-></A
->8.5.10. downgrade-http-version</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->Typical use:</DT
-><DD
-><P
->Work around (very rare) problems with HTTP/1.1</P
-></DD
-><DT
->Effect:</DT
-><DD
-><P
-> Downgrades HTTP/1.1 client requests and server replies to HTTP/1.0.
- </P
-></DD
-><DT
->Type:</DT
-><DD
-><P
->Boolean.</P
-></DD
-><DT
->Parameter:</DT
-><DD
-><P
-> N/A
- </P
-></DD
-><DT
->Notes:</DT
-><DD
-><P
-> This is a left-over from the time when <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
->
- didn't support important HTTP/1.1 features well. It is left here for the
- unlikely case that you experience HTTP/1.1 related problems with some server
- out there. Not all (optional) HTTP/1.1 features are supported yet, so there
- is a chance you might need this action.
- </P
-></DD
-><DT
->Example usage (section):</DT
-><DD
-><P
-> <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
->{+downgrade-http-version}
-problem-host.example.com</PRE
-></TD
-></TR
-></TABLE
->
- </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><H4
-CLASS="SECT3"
-><A
-NAME="FAST-REDIRECTS"
-></A
->8.5.11. fast-redirects</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->Typical use:</DT
-><DD
-><P
->Fool some click-tracking scripts and speed up indirect links.</P
-></DD
-><DT
->Effect:</DT
-><DD
-><P
-> Detects redirection URLs and redirects the browser without contacting
- the redirection server first.
- </P
-></DD
-><DT
->Type:</DT
-><DD
-><P
->Parameterized.</P
-></DD
-><DT
->Parameter:</DT
-><DD
-><P
-></P
-><UL
-><LI
-><P
-> <SPAN
-CLASS="QUOTE"
->"simple-check"</SPAN
-> to just search for the string <SPAN
-CLASS="QUOTE"
->"http://"</SPAN
->
- to detect redirection URLs.
- </P
-></LI
-><LI
-><P
-> <SPAN
-CLASS="QUOTE"
->"check-decoded-url"</SPAN
-> to decode URLs (if necessary) before searching
- for redirection URLs.
- </P
-></LI
-></UL
-></DD
-><DT
->Notes:</DT
-><DD
-><P
->
- Many sites, like yahoo.com, don't just link to other sites. Instead, they
- will link to some script on their own servers, giving the destination as a
- parameter, which will then redirect you to the final target. URLs
- resulting from this scheme typically look like:
- <SPAN
-CLASS="QUOTE"
->"http://www.example.org/click-tracker.cgi?target=http%3a//www.example.net/"</SPAN
->.
- </P
-><P
-> Sometimes, there are even multiple consecutive redirects encoded in the
- URL. These redirections via scripts make your web browsing more traceable,
- since the server from which you follow such a link can see where you go
- to. Apart from that, valuable bandwidth and time is wasted, while your
- browser asks the server for one redirect after the other. Plus, it feeds
- the advertisers.
- </P
-><P
-> This feature is currently not very smart and is scheduled for improvement.
- If it is enabled by default, you will have to create some exceptions to
- this action. It can lead to failures in several ways:
- </P
-><P
-> Not every URLs with other URLs as parameters is evil.
- Some sites offer a real service that requires this information to work.
- For example a validation service needs to know, which document to validate.
- <TT
-CLASS="LITERAL"
->fast-redirects</TT
-> assumes that every URL parameter that
- looks like another URL is a redirection target, and will always redirect to
- the last one. Most of the time the assumption is correct, but if it isn't,
- the user gets redirected anyway.
- </P
-><P
-> Another failure occurs if the URL contains other parameters after the URL parameter.
- The URL:
- <SPAN
-CLASS="QUOTE"
->"http://www.example.org/?redirect=http%3a//www.example.net/&foo=bar"</SPAN
->.
- contains the redirection URL <SPAN
-CLASS="QUOTE"
->"http://www.example.net/"</SPAN
->,
- followed by another parameter. <TT
-CLASS="LITERAL"
->fast-redirects</TT
-> doesn't know that
- and will cause a redirect to <SPAN
-CLASS="QUOTE"
->"http://www.example.net/&foo=bar"</SPAN
->.
- Depending on the target server configuration, the parameter will be silently ignored
- or lead to a <SPAN
-CLASS="QUOTE"
->"page not found"</SPAN
-> error. It is possible to fix these redirected
- requests with <TT
-CLASS="LITERAL"
-><A
-HREF="actions-file.html#FILTER-CLIENT-HEADERS"
->filter-client-headers</A
-></TT
->
- but it requires a little effort.
- </P
-><P
-> To detect a redirection URL, <TT
-CLASS="LITERAL"
->fast-redirects</TT
-> only
- looks for the string <SPAN
-CLASS="QUOTE"
->"http://"</SPAN
->, either in plain text
- (invalid but often used) or encoded as <SPAN
-CLASS="QUOTE"
->"http%3a//"</SPAN
->.
- Some sites use their own URL encoding scheme, encrypt the address
- of the target server or replace it with a database id. In theses cases
- <TT
-CLASS="LITERAL"
->fast-redirects</TT
-> is fooled and the request reaches the
- redirection server where it probably gets logged.
- </P
-></DD
-><DT
->Example usage:</DT
-><DD
-><P
-> <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
->+fast-redirects{simple-check}</PRE
-></TD
-></TR
-></TABLE
->
- </P
-><P
-> <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
->+fast-redirects{check-decoded-url}</PRE
-></TD
-></TR
-></TABLE
->
- </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><H4
-CLASS="SECT3"
-><A
-NAME="FILTER"
-></A
->8.5.12. filter</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->Typical use:</DT
-><DD
-><P
->Get rid of HTML and JavaScript annoyances, banner advertisements (by size), do fun text replacements, etc.</P
-></DD
-><DT
->Effect:</DT
-><DD
-><P
-> All files of text-based type, most notably HTML and JavaScript, to which this
- action applies, are filtered on-the-fly through the specified regular expression
- based substitutions. (Note: as of version 3.0.3 plain text documents
- are exempted from filtering, because web servers often use the
- <TT
-CLASS="LITERAL"
->text/plain</TT
-> MIME type for all files whose type they
- don't know.) By default, filtering works only on the document content
- itself, not the headers.
- </P
-></DD
-><DT
->Type:</DT
-><DD
-><P
->Parameterized.</P
-></DD
-><DT
->Parameter:</DT
-><DD
-><P
-> The name of a filter, as defined in the <A
-HREF="filter-file.html"
->filter file</A
->.
- Filters can be defined in one or more files as defined by the
- <TT
-CLASS="LITERAL"
-><A
-HREF="config.html#FILTERFILE"
->filterfile</A
-></TT
->
- option in the <A
-HREF="config.html"
->config file</A
->.
- <TT
-CLASS="FILENAME"
->default.filter</TT
-> is the collection of filters
- supplied by the developers. Locally defined filters should go
- in their own file, such as <TT
-CLASS="FILENAME"
->user.filter</TT
->.
- </P
-><P
-> When used in its negative form,
- and without parameters, filtering is completely disabled.
- </P
-></DD
-><DT
->Notes:</DT
-><DD
-><P
-> For your convenience, there are a number of pre-defined filters available
- in the distribution filter file that you can use. See the examples below for
- a list.
- </P
-><P
-> Filtering requires buffering the page content, which may appear to
- slow down page rendering since nothing is displayed until all content has
- passed the filters. (It does not really take longer, but seems that way
- since the page is not incrementally displayed.) This effect will be more
- noticeable on slower connections.
- </P
-><P
-> This is very powerful feature, and <SPAN
-CLASS="QUOTE"
->"rolling your own"</SPAN
->
- filters requires a knowledge of regular expressions and HTML.
- </P
-><P
-> The amount of data that can be filtered is limited to the
- <TT
-CLASS="LITERAL"
-><A
-HREF="config.html#BUFFER-LIMIT"
->buffer-limit</A
-></TT
->
- option in the main <A
-HREF="config.html"
->config file</A
->. The
- default is 4096 KB (4 Megs). Once this limit is exceeded, the buffered
- data, and all pending data, is passed through unfiltered.
- </P
-><P
-> Inadequate MIME types, such as zipped files, are not filtered at all.
- (Again, only text-based types except plain text). Encrypted SSL data
- (from HTTPS servers) cannot be filtered either, since this would violate
- the integrity of the secure transaction. In some situations it might
- be necessary to protect certain text, like source code, from filtering
- by defining appropriate <TT
-CLASS="LITERAL"
->-filter</TT
-> sections.
- </P
-><P
-> At this time, <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> cannot (yet!) uncompress compressed
- documents. If you want filtering to work on all documents, even those that
- would normally be sent compressed, use the
- <TT
-CLASS="LITERAL"
-><A
-HREF="actions-file.html#PREVENT-COMPRESSION"
->prevent-compression</A
-></TT
->
- action in conjunction with <TT
-CLASS="LITERAL"
->filter</TT
->.
- </P
-><P
-> Filtering can achieve some of the same effects as the
- <TT
-CLASS="LITERAL"
-><A
-HREF="actions-file.html#BLOCK"
->block</A
-></TT
->
- action, i.e. it can be used to block ads and banners. But the mechanism
- works quite differently. One effective use, is to block ad banners
- based on their size (see below), since many of these seem to be somewhat
- standardized.
- </P
-><P
-> <A
-HREF="contact.html"
->Feedback</A
-> with suggestions for new or
- improved filters is particularly welcome!
- </P
-><P
-> The below list has only the names and a one-line description of each
- predefined filter. There are <A
-HREF="filter-file.html#PREDEFINED-FILTERS"
->more
- verbose explanations</A
-> of what these filters do in the <A
-HREF="filter-file.html"
->filter file chapter</A
->.
- </P
-></DD
-><DT
->Example usage (with filters from the distribution <TT
-CLASS="FILENAME"
->default.filter</TT
-> file).
- See <A
-HREF="filter-file.html#PREDEFINED-FILTERS"
->the Predefined Filters section</A
-> for
- more explanation on each:</DT
-><DD
-><P
-> <A
-NAME="FILTER-JS-ANNOYANCES"
-></A
->
- <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
->+filter{js-annoyances} # Get rid of particularly annoying JavaScript abuse</PRE
-></TD
-></TR
-></TABLE
->
- </P
-><P
-> <A
-NAME="FILTER-JS-EVENTS"
-></A
->
- <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
->+filter{js-events} # Kill all JS event bindings (Radically destructive! Only for extra nasty sites)</PRE
-></TD
-></TR
-></TABLE
->
- </P
-><P
-> <A
-NAME="FILTER-HTML-ANNOYANCES"
-></A
->
- <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
->+filter{html-annoyances} # Get rid of particularly annoying HTML abuse</PRE
-></TD
-></TR
-></TABLE
->
- </P
-><P
-> <A
-NAME="FILTER-CONTENT-COOKIES"
-></A
->
- <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
->+filter{content-cookies} # Kill cookies that come in the HTML or JS content</PRE
-></TD
-></TR
-></TABLE
->
- </P
-><P
-> <A
-NAME="FILTER-REFRESH-TAGS"
-></A
->
- <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
->+filter{refresh-tags} # Kill automatic refresh tags (for dial-on-demand setups)</PRE
-></TD
-></TR
-></TABLE
->
- </P
-><P
-> <A
-NAME="FILTER-UNSOLICITED-POPUPS"
-></A
->
- <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
->+filter{unsolicited-popups} # Disable only unsolicited pop-up windows</PRE
-></TD
-></TR
-></TABLE
->
- </P
-><P
-> <A
-NAME="FILTER-ALL-POPUPS"
-></A
->
- <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
->+filter{all-popups} # Kill all popups in JavaScript and HTML</PRE
-></TD
-></TR
-></TABLE
->
- </P
-><P
-> <A
-NAME="FILTER-IMG-REORDER"
-></A
->
- <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
->+filter{img-reorder} # Reorder attributes in <img> tags to make the banners-by-* filters more effective</PRE
-></TD
-></TR
-></TABLE
->
- </P
-><P
-> <A
-NAME="FILTER-BANNERS-BY-SIZE"
-></A
->
- <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
->+filter{banners-by-size} # Kill banners by size</PRE
-></TD
-></TR
-></TABLE
->
- </P
-><P
-> <A
-NAME="FILTER-BANNERS-BY-LINK"
-></A
->
- <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
->+filter{banners-by-link} # Kill banners by their links to known clicktrackers</PRE
-></TD
-></TR
-></TABLE
->
- </P
-><P
-> <A
-NAME="FILTER-WEBBUGS"
-></A
->
- <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
->+filter{webbugs} # Squish WebBugs (1x1 invisible GIFs used for user tracking)</PRE
-></TD
-></TR
-></TABLE
->
- </P
-><P
-> <A
-NAME="FILTER-TINY-TEXTFORMS"
-></A
->
- <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
->+filter{tiny-textforms} # Extend those tiny textareas up to 40x80 and kill the hard wrap</PRE
-></TD
-></TR
-></TABLE
->
- </P
-><P
-> <A
-NAME="FILTER-JUMPING-WINDOWS"
-></A
->
- <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
->+filter{jumping-windows} # Prevent windows from resizing and moving themselves</PRE
-></TD
-></TR
-></TABLE
->
- </P
-><P
-> <A
-NAME="FILTER-FRAMESET-BORDERS"
-></A
->
- <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
->+filter{frameset-borders} # Give frames a border and make them resizable</PRE
-></TD
-></TR
-></TABLE
->
- </P
-><P
-> <A
-NAME="FILTER-DEMORONIZER"
-></A
->
- <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
->+filter{demoronizer} # Fix MS's non-standard use of standard charsets</PRE
-></TD
-></TR
-></TABLE
->
- </P
-><P
-> <A
-NAME="FILTER-SHOCKWAVE-FLASH"
-></A
->
- <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
->+filter{shockwave-flash} # Kill embedded Shockwave Flash objects</PRE
-></TD
-></TR
-></TABLE
->
- </P
-><P
-> <A
-NAME="FILTER-QUICKTIME-KIOSKMODE"
-></A
->
- <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
->+filter{quicktime-kioskmode} # Make Quicktime movies saveable</PRE
-></TD
-></TR
-></TABLE
->
- </P
-><P
-> <A
-NAME="FILTER-FUN"
-></A
->
- <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
->+filter{fun} # Text replacements for subversive browsing fun!</PRE
-></TD
-></TR
-></TABLE
->
- </P
-><P
-> <A
-NAME="FILTER-CRUDE-PARENTAL"
-></A
->
- <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
->+filter{crude-parental} # Crude parental filtering (demo only)</PRE
-></TD
-></TR
-></TABLE
->
- </P
-><P
-> <A
-NAME="FILTER-IE-EXPLOITS"
-></A
->
- <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
->+filter{ie-exploits} # Disable some known Internet Explorer bug exploits</PRE
-></TD
-></TR
-></TABLE
->
- </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><H4
-CLASS="SECT3"
-><A
-NAME="FILTER-CLIENT-HEADERS"
-></A
->8.5.13. filter-client-headers</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->Typical use:</DT
-><DD
-><P
-> To apply filtering to the client's (browser's) headers
- </P
-></DD
-><DT
->Effect:</DT
-><DD
-><P
->Extend filtering capabilities to the client's headers, which
- by default applies only to the document itself.
- </P
-></DD
-><DT
->Type:</DT
-><DD
-><P
->Boolean.</P
-></DD
-><DT
->Parameter:</DT
-><DD
-><P
-> N/A
- </P
-></DD
-><DT
->Notes:</DT
-><DD
-><P
-> Regular expressions can be used to filter headers as well. Check your
- filters closely before activating this action, as it can easily lead to broken
- requests.
- </P
-><P
->
- These filters are applied to each header on its own, not to them
- all at once. This makes it easier to diagnose problems, but on the downside
- you can't write filters that only change header x if header y's value is
- z.
- </P
-><P
-> The filters are used after the other header actions have finished and can
- use their output as input.
- </P
-><P
-> Whenever possible one should specify <TT
-CLASS="LITERAL"
->^</TT
->,
- <TT
-CLASS="LITERAL"
->$</TT
->, the whole header name and the colon, to make sure
- the filter doesn't cause havoc to other headers or the
- page itself. For example if you want to transform
- <SPAN
-CLASS="APPLICATION"
->Galeon</SPAN
-> User-Agents to
- <SPAN
-CLASS="APPLICATION"
->Firefox</SPAN
-> User-Agents you
- shouldn't use:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
->s@Galeon/\d\.\d\.\d @@</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
-> but:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
->s@^(User-Agent:.*) Galeon/\d\.\d\.\d (Firefox/\d\.\d\.\d\.\d)$@$1 $2@</PRE
-></TD
-></TR
-></TABLE
-></P
-></DD
-><DT
->Example usage (section):</DT
-><DD
-><P
-> <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
->{+filter-client-headers +filter{test_filter}}
-problem-host.example.com
- </PRE
-></TD
-></TR
-></TABLE
->
- </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><H4
-CLASS="SECT3"
-><A
-NAME="FILTER-SERVER-HEADERS"
-></A
->8.5.14. filter-server-headers</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->Typical use:</DT
-><DD
-><P
-> To apply filtering to the server's headers
- </P
-></DD
-><DT
->Effect:</DT
-><DD
-><P
->Extend filtering capabilities to the server's headers, which
- by default applies only to the document itself.
- </P
-></DD
-><DT
->Type:</DT
-><DD
-><P
->Boolean.</P
-></DD
-><DT
->Parameter:</DT
-><DD
-><P
-> N/A
- </P
-></DD
-><DT
->Notes:</DT
-><DD
-><P
-> Similar to <TT
-CLASS="LITERAL"
->filter-client-headers</TT
->, but works on
- the server instead. To filter both server and client, use both.
- </P
-><P
-> As with <TT
-CLASS="LITERAL"
->filter-client-headers</TT
->, check your
- filters before activating this action, as it can easily lead to broken
- requests.
- </P
-><P
->
- These filters are applied to each header on its own, not to them
- all at once. This makes it easier to diagnose problems, but on the downside
- you can't write filters that only change header x if header y's value is
- z.
- </P
-><P
-> The filters are used after the other header actions have finished and can
- use their output as input.
- </P
-><P
-> Remember too, whenever possible one should specify <TT
-CLASS="LITERAL"
->^</TT
->,
- <TT
-CLASS="LITERAL"
->$</TT
->, the whole header name and the colon, to make sure
- the filter doesn't cause havoc to other headers or the
- page itself. See above for example.
- </P
-></DD
-><DT
->Example usage (section):</DT
-><DD
-><P
-> <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
->{+filter-server-headers +filter{test_filter}}
-problem-host.example.com
- </PRE
-></TD
-></TR
-></TABLE
->
- </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><H4
-CLASS="SECT3"
-><A
-NAME="FORCE-TEXT-MODE"
-></A
->8.5.15. force-text-mode</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->Typical use:</DT
-><DD
-><P
->Force <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> to treat a document as if it was in some kind of <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->text</I
-></SPAN
-> format. </P
-></DD
-><DT
->Effect:</DT
-><DD
-><P
-> Declares a document as text, even if the <SPAN
-CLASS="QUOTE"
->"Content-Type:"</SPAN
-> isn't detected as such.
- </P
-></DD
-><DT
->Type:</DT
-><DD
-><P
->Boolean.</P
-></DD
-><DT
->Parameter:</DT
-><DD
-><P
-> N/A
- </P
-></DD
-><DT
->Notes:</DT
-><DD
-><P
-> As explained <TT
-CLASS="LITERAL"
-><A
-HREF="actions-file.html#FILTER"
->above</A
-></TT
->,
- <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> tries to only filter files that are
- in some kind of text format. The same restrictions apply to
- <TT
-CLASS="LITERAL"
-><A
-HREF="actions-file.html#CONTENT-TYPE-OVERWRITE"
->content-type-overwrite</A
-></TT
->.
- <TT
-CLASS="LITERAL"
->force-text-mode</TT
-> declares a document as text,
- without looking at the <SPAN
-CLASS="QUOTE"
->"Content-Type:"</SPAN
-> first.
- </P
-><DIV
-CLASS="WARNING"
-><P
-></P
-><TABLE
-CLASS="WARNING"
-BORDER="1"
-WIDTH="90%"
-><TR
-><TD
-ALIGN="CENTER"
-><B
->Warning</B
-></TD
-></TR
-><TR
-><TD
-ALIGN="LEFT"
-><P
-> Think twice before activating this action. Filtering binary data
- with regular expressions can cause file damage.
- </P
-></TD
-></TR
-></TABLE
-></DIV
-></DD
-><DT
->Example usage:</DT
-><DD
-><P
-> <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
->+force-text-mode
- </PRE
-></TD
-></TR
-></TABLE
->
- </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><H4
-CLASS="SECT3"
-><A
-NAME="HANDLE-AS-EMPTY-DOCUMENT"
-></A
->8.5.16. handle-as-empty-document</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->Typical use:</DT
-><DD
-><P
->Mark URLs that should be replaced by empty documents <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->if they get blocked</I
-></SPAN
-></P
-></DD
-><DT
->Effect:</DT
-><DD
-><P
-> This action alone doesn't do anything noticeable. It just marks URLs.
- If the <TT
-CLASS="LITERAL"
-><A
-HREF="actions-file.html#BLOCK"
->block</A
-></TT
-> action <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->also applies</I
-></SPAN
->,
- the presence or absence of this mark decides whether an HTML <SPAN
-CLASS="QUOTE"
->"blocked"</SPAN
->
- page, or an empty document will be sent to the client as a substitute for the blocked content.
- The <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->empty</I
-></SPAN
-> document isn't literally empty, but actually contains a single space.
- </P
-></DD
-><DT
->Type:</DT
-><DD
-><P
->Boolean.</P
-></DD
-><DT
->Parameter:</DT
-><DD
-><P
-> N/A
- </P
-></DD
-><DT
->Notes:</DT
-><DD
-><P
-> Some browsers complain about syntax errors if JavaScript documents
- are blocked with <SPAN
-CLASS="APPLICATION"
->Privoxy's</SPAN
->
- default HTML page; this option can be used to silence them.
- </P
-><P
-> The content type for the empty document can be specified with
- <TT
-CLASS="LITERAL"
-><A
-HREF="actions-file.html#CONTENT-TYPE-OVERWRITE"
->content-type-overwrite{}</A
-></TT
->,
- but usually this isn't necessary.
- </P
-></DD
-><DT
->Example usage:</DT
-><DD
-><P
-> <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
-># Block all documents on example.org that end with ".js",
-# but send an empty document instead of the usual HTML message.
-{+block +handle-as-empty-document}
-example.org/.*\.js$
- </PRE
-></TD
-></TR
-></TABLE
->
- </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><H4
-CLASS="SECT3"
-><A
-NAME="HANDLE-AS-IMAGE"
-></A
->8.5.17. handle-as-image</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->Typical use:</DT
-><DD
-><P
->Mark URLs as belonging to images (so they'll be replaced by imagee <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->if they get blocked</I
-></SPAN
->)</P
-></DD
-><DT
->Effect:</DT
-><DD
-><P
-> This action alone doesn't do anything noticeable. It just marks URLs as images.
- If the <TT
-CLASS="LITERAL"
-><A
-HREF="actions-file.html#BLOCK"
->block</A
-></TT
-> action <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->also applies</I
-></SPAN
->,
- the presence or absence of this mark decides whether an HTML <SPAN
-CLASS="QUOTE"
->"blocked"</SPAN
->
- page, or a replacement image (as determined by the <TT
-CLASS="LITERAL"
-><A
-HREF="actions-file.html#SET-IMAGE-BLOCKER"
->set-image-blocker</A
-></TT
-> action) will be sent to the
- client as a substitute for the blocked content.
- </P
-></DD
-><DT
->Type:</DT
-><DD
-><P
->Boolean.</P
-></DD
-><DT
->Parameter:</DT
-><DD
-><P
-> N/A
- </P
-></DD
-><DT
->Notes:</DT
-><DD
-><P
-> The below generic example section is actually part of <TT
-CLASS="FILENAME"
->default.action</TT
->.
- It marks all URLs with well-known image file name extensions as images and should
- be left intact.
- </P
-><P
-> Users will probably only want to use the handle-as-image action in conjunction with
- <TT
-CLASS="LITERAL"
-><A
-HREF="actions-file.html#BLOCK"
->block</A
-></TT
->, to block sources of banners, whose URLs don't
- reflect the file type, like in the second example section.
- </P
-><P
-> Note that you cannot treat HTML pages as images in most cases. For instance, (in-line) ad
- frames require an HTML page to be sent, or they won't display properly.
- Forcing <TT
-CLASS="LITERAL"
->handle-as-image</TT
-> in this situation will not replace the
- ad frame with an image, but lead to error messages.
- </P
-></DD
-><DT
->Example usage (sections):</DT
-><DD
-><P
-> <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
-># Generic image extensions:
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="BLOCK" id="BLOCK">8.5.2. block</a></h4>
+
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Typical use:</dt>
+
+ <dd>
+ <p>Block ads or other unwanted content</p>
+ </dd>
+
+ <dt>Effect:</dt>
+
+ <dd>
+ <p>Requests for URLs to which this action applies are blocked,
+ i.e. the requests are trapped by <span class=
+ "APPLICATION">Privoxy</span> and the requested URL is never
+ retrieved, but is answered locally with a substitute page or
+ image, as determined by the <tt class="LITERAL"><a href=
+ "actions-file.html#HANDLE-AS-IMAGE">handle-as-image</a></tt>,
+ <tt class="LITERAL"><a href=
+ "actions-file.html#SET-IMAGE-BLOCKER">set-image-blocker</a></tt>,
+ and <tt class="LITERAL"><a href=
+ "actions-file.html#HANDLE-AS-EMPTY-DOCUMENT">handle-as-empty-document</a></tt>
+ actions.</p>
+ </dd>
+
+ <dt>Type:</dt>
+
+ <dd>
+ <p>Parameterized.</p>
+ </dd>
+
+ <dt>Parameter:</dt>
+
+ <dd>
+ <p>A block reason that should be given to the user.</p>
+ </dd>
+
+ <dt>Notes:</dt>
+
+ <dd>
+ <p><span class="APPLICATION">Privoxy</span> sends a special
+ <span class="QUOTE">"BLOCKED"</span> page for requests to
+ blocked pages. This page contains the block reason given as
+ parameter, a link to find out why the block action applies, and
+ a click-through to the blocked content (the latter only if the
+ force feature is available and enabled).</p>
+
+ <p>A very important exception occurs if <span class=
+ "emphasis"><i class="EMPHASIS">both</i></span> <tt class=
+ "LITERAL">block</tt> and <tt class="LITERAL"><a href=
+ "actions-file.html#HANDLE-AS-IMAGE">handle-as-image</a></tt>,
+ apply to the same request: it will then be replaced by an
+ image. If <tt class="LITERAL"><a href=
+ "actions-file.html#SET-IMAGE-BLOCKER">set-image-blocker</a></tt>
+ (see below) also applies, the type of image will be determined
+ by its parameter, if not, the standard checkerboard pattern is
+ sent.</p>
+
+ <p>It is important to understand this process, in order to
+ understand how <span class="APPLICATION">Privoxy</span> deals
+ with ads and other unwanted content. Blocking is a core
+ feature, and one upon which various other features depend.</p>
+
+ <p>The <tt class="LITERAL"><a href=
+ "actions-file.html#FILTER">filter</a></tt> action can perform a
+ very similar task, by <span class="QUOTE">"blocking"</span>
+ banner images and other content through rewriting the relevant
+ URLs in the document's HTML source, so they don't get requested
+ in the first place. Note that this is a totally different
+ technique, and it's easy to confuse the two.</p>
+ </dd>
+
+ <dt>Example usage (section):</dt>
+
+ <dd>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
+{+block{No nasty stuff for you.}}
+# Block and replace with "blocked" page
+ .nasty-stuff.example.com
+
+{+block{Doubleclick banners.} +handle-as-image}
+# Block and replace with image
+ .ad.doubleclick.net
+ .ads.r.us/banners/
+
+{+block{Layered ads.} +handle-as-empty-document}
+# Block and then ignore
+ adserver.example.net/.*\.js$
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="CHANGE-X-FORWARDED-FOR" id=
+ "CHANGE-X-FORWARDED-FOR">8.5.3. change-x-forwarded-for</a></h4>
+
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Typical use:</dt>
+
+ <dd>
+ <p>Improve privacy by not forwarding the source of the request
+ in the HTTP headers.</p>
+ </dd>
+
+ <dt>Effect:</dt>
+
+ <dd>
+ <p>Deletes the <span class="QUOTE">"X-Forwarded-For:"</span>
+ HTTP header from the client request, or adds a new one.</p>
+ </dd>
+
+ <dt>Type:</dt>
+
+ <dd>
+ <p>Parameterized.</p>
+ </dd>
+
+ <dt>Parameter:</dt>
+
+ <dd>
+ <ul>
+ <li>
+ <p><span class="QUOTE">"block"</span> to delete the
+ header.</p>
+ </li>
+
+ <li>
+ <p><span class="QUOTE">"add"</span> to create the header
+ (or append the client's IP address to an already existing
+ one).</p>
+ </li>
+ </ul>
+ </dd>
+
+ <dt>Notes:</dt>
+
+ <dd>
+ <p>It is safe and recommended to use <tt class=
+ "LITERAL">block</tt>.</p>
+
+ <p>Forwarding the source address of the request may make sense
+ in some multi-user setups but is also a privacy risk.</p>
+ </dd>
+
+ <dt>Example usage:</dt>
+
+ <dd>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++change-x-forwarded-for{block}
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="CLIENT-HEADER-FILTER" id=
+ "CLIENT-HEADER-FILTER">8.5.4. client-header-filter</a></h4>
+
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Typical use:</dt>
+
+ <dd>
+ <p>Rewrite or remove single client headers.</p>
+ </dd>
+
+ <dt>Effect:</dt>
+
+ <dd>
+ <p>All client headers to which this action applies are filtered
+ on-the-fly through the specified regular expression based
+ substitutions.</p>
+ </dd>
+
+ <dt>Type:</dt>
+
+ <dd>
+ <p>Multi-value.</p>
+ </dd>
+
+ <dt>Parameter:</dt>
+
+ <dd>
+ <p>The name of a client-header filter, as defined in one of the
+ <a href="filter-file.html">filter files</a>.</p>
+ </dd>
+
+ <dt>Notes:</dt>
+
+ <dd>
+ <p>Client-header filters are applied to each header on its own,
+ not to all at once. This makes it easier to diagnose problems,
+ but on the downside you can't write filters that only change
+ header x if header y's value is z. You can do that by using
+ tags though.</p>
+
+ <p>Client-header filters are executed after the other header
+ actions have finished and use their output as input.</p>
+
+ <p>If the request URI gets changed, <span class=
+ "APPLICATION">Privoxy</span> will detect that and use the new
+ one. This can be used to rewrite the request destination behind
+ the client's back, for example to specify a Tor exit relay for
+ certain requests.</p>
+
+ <p>Please refer to the <a href="filter-file.html">filter file
+ chapter</a> to learn which client-header filters are available
+ by default, and how to create your own.</p>
+ </dd>
+
+ <dt>Example usage (section):</dt>
+
+ <dd>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
+# Hide Tor exit notation in Host and Referer Headers
+{+client-header-filter{hide-tor-exit-notation}}
+/
+
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="CLIENT-HEADER-TAGGER" id=
+ "CLIENT-HEADER-TAGGER">8.5.5. client-header-tagger</a></h4>
+
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Typical use:</dt>
+
+ <dd>
+ <p>Block requests based on their headers.</p>
+ </dd>
+
+ <dt>Effect:</dt>
+
+ <dd>
+ <p>Client headers to which this action applies are filtered
+ on-the-fly through the specified regular expression based
+ substitutions, the result is used as tag.</p>
+ </dd>
+
+ <dt>Type:</dt>
+
+ <dd>
+ <p>Multi-value.</p>
+ </dd>
+
+ <dt>Parameter:</dt>
+
+ <dd>
+ <p>The name of a client-header tagger, as defined in one of the
+ <a href="filter-file.html">filter files</a>.</p>
+ </dd>
+
+ <dt>Notes:</dt>
+
+ <dd>
+ <p>Client-header taggers are applied to each header on its own,
+ and as the header isn't modified, each tagger <span class=
+ "QUOTE">"sees"</span> the original.</p>
+
+ <p>Client-header taggers are the first actions that are
+ executed and their tags can be used to control every other
+ action.</p>
+ </dd>
+
+ <dt>Example usage (section):</dt>
+
+ <dd>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
+# Tag every request with the User-Agent header
+{+client-header-tagger{user-agent}}
+/
+
+# Tagging itself doesn't change the action
+# settings, sections with TAG patterns do:
+#
+# If it's a download agent, use a different forwarding proxy,
+# show the real User-Agent and make sure resume works.
+{+forward-override{forward-socks5 10.0.0.2:2222 .} \
+ -hide-if-modified-since \
+ -overwrite-last-modified \
+ -hide-user-agent \
+ -filter \
+ -deanimate-gifs \
+}
+TAG:^User-Agent: NetBSD-ftp/
+TAG:^User-Agent: Novell ZYPP Installer
+TAG:^User-Agent: RPM APT-HTTP/
+TAG:^User-Agent: fetch libfetch/
+TAG:^User-Agent: Ubuntu APT-HTTP/
+TAG:^User-Agent: MPlayer/
+
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
+# Tag all requests with the Range header set
+{+client-header-tagger{range-requests}}
+/
+
+# Disable filtering for the tagged requests.
+#
+# With filtering enabled Privoxy would remove the Range headers
+# to be able to filter the whole response. The downside is that
+# it prevents clients from resuming downloads or skipping over
+# parts of multimedia files.
+{-filter -deanimate-gifs}
+TAG:^RANGE-REQUEST$
+
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="CONTENT-TYPE-OVERWRITE" id=
+ "CONTENT-TYPE-OVERWRITE">8.5.6. content-type-overwrite</a></h4>
+
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Typical use:</dt>
+
+ <dd>
+ <p>Stop useless download menus from popping up, or change the
+ browser's rendering mode</p>
+ </dd>
+
+ <dt>Effect:</dt>
+
+ <dd>
+ <p>Replaces the <span class="QUOTE">"Content-Type:"</span> HTTP
+ server header.</p>
+ </dd>
+
+ <dt>Type:</dt>
+
+ <dd>
+ <p>Parameterized.</p>
+ </dd>
+
+ <dt>Parameter:</dt>
+
+ <dd>
+ <p>Any string.</p>
+ </dd>
+
+ <dt>Notes:</dt>
+
+ <dd>
+ <p>The <span class="QUOTE">"Content-Type:"</span> HTTP server
+ header is used by the browser to decide what to do with the
+ document. The value of this header can cause the browser to
+ open a download menu instead of displaying the document by
+ itself, even if the document's format is supported by the
+ browser.</p>
+
+ <p>The declared content type can also affect which rendering
+ mode the browser chooses. If XHTML is delivered as <span class=
+ "QUOTE">"text/html"</span>, many browsers treat it as yet
+ another broken HTML document. If it is send as <span class=
+ "QUOTE">"application/xml"</span>, browsers with XHTML support
+ will only display it, if the syntax is correct.</p>
+
+ <p>If you see a web site that proudly uses XHTML buttons, but
+ sets <span class="QUOTE">"Content-Type: text/html"</span>, you
+ can use <span class="APPLICATION">Privoxy</span> to overwrite
+ it with <span class="QUOTE">"application/xml"</span> and
+ validate the web master's claim inside your XHTML-supporting
+ browser. If the syntax is incorrect, the browser will complain
+ loudly.</p>
+
+ <p>You can also go the opposite direction: if your browser
+ prints error messages instead of rendering a document falsely
+ declared as XHTML, you can overwrite the content type with
+ <span class="QUOTE">"text/html"</span> and have it rendered as
+ broken HTML document.</p>
+
+ <p>By default <tt class="LITERAL">content-type-overwrite</tt>
+ only replaces <span class="QUOTE">"Content-Type:"</span>
+ headers that look like some kind of text. If you want to
+ overwrite it unconditionally, you have to combine it with
+ <tt class="LITERAL"><a href=
+ "actions-file.html#FORCE-TEXT-MODE">force-text-mode</a></tt>.
+ This limitation exists for a reason, think twice before
+ circumventing it.</p>
+
+ <p>Most of the time it's easier to replace this action with a
+ custom <tt class="LITERAL"><a href=
+ "actions-file.html#SERVER-HEADER-FILTER">server-header
+ filter</a></tt>. It allows you to activate it for every
+ document of a certain site and it will still only replace the
+ content types you aimed at.</p>
+
+ <p>Of course you can apply <tt class=
+ "LITERAL">content-type-overwrite</tt> to a whole site and then
+ make URL based exceptions, but it's a lot more work to get the
+ same precision.</p>
+ </dd>
+
+ <dt>Example usage (sections):</dt>
+
+ <dd>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
+# Check if www.example.net/ really uses valid XHTML
+{ +content-type-overwrite{application/xml} }
+www.example.net/
+
+# but leave the content type unmodified if the URL looks like a style sheet
+{-content-type-overwrite}
+www.example.net/.*\.css$
+www.example.net/.*style
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="CRUNCH-CLIENT-HEADER" id=
+ "CRUNCH-CLIENT-HEADER">8.5.7. crunch-client-header</a></h4>
+
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Typical use:</dt>
+
+ <dd>
+ <p>Remove a client header <span class=
+ "APPLICATION">Privoxy</span> has no dedicated action for.</p>
+ </dd>
+
+ <dt>Effect:</dt>
+
+ <dd>
+ <p>Deletes every header sent by the client that contains the
+ string the user supplied as parameter.</p>
+ </dd>
+
+ <dt>Type:</dt>
+
+ <dd>
+ <p>Parameterized.</p>
+ </dd>
+
+ <dt>Parameter:</dt>
+
+ <dd>
+ <p>Any string.</p>
+ </dd>
+
+ <dt>Notes:</dt>
+
+ <dd>
+ <p>This action allows you to block client headers for which no
+ dedicated <span class="APPLICATION">Privoxy</span> action
+ exists. <span class="APPLICATION">Privoxy</span> will remove
+ every client header that contains the string you supplied as
+ parameter.</p>
+
+ <p>Regular expressions are <span class="emphasis"><i class=
+ "EMPHASIS">not supported</i></span> and you can't use this
+ action to block different headers in the same request, unless
+ they contain the same string.</p>
+
+ <p><tt class="LITERAL">crunch-client-header</tt> is only meant
+ for quick tests. If you have to block several different
+ headers, or only want to modify parts of them, you should use a
+ <tt class="LITERAL"><a href=
+ "actions-file.html#CLIENT-HEADER-FILTER">client-header
+ filter</a></tt>.</p>
+
+ <div class="WARNING">
+ <table class="WARNING" border="1" width="90%">
+ <tr>
+ <td align="center"><b>Warning</b></td>
+ </tr>
+
+ <tr>
+ <td align="left">
+ <p>Don't block any header without understanding the
+ consequences.</p>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </dd>
+
+ <dt>Example usage (section):</dt>
+
+ <dd>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
+# Block the non-existent "Privacy-Violation:" client header
+{ +crunch-client-header{Privacy-Violation:} }
+/
+
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="CRUNCH-IF-NONE-MATCH" id=
+ "CRUNCH-IF-NONE-MATCH">8.5.8. crunch-if-none-match</a></h4>
+
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Typical use:</dt>
+
+ <dd>
+ <p>Prevent yet another way to track the user's steps between
+ sessions.</p>
+ </dd>
+
+ <dt>Effect:</dt>
+
+ <dd>
+ <p>Deletes the <span class="QUOTE">"If-None-Match:"</span> HTTP
+ client header.</p>
+ </dd>
+
+ <dt>Type:</dt>
+
+ <dd>
+ <p>Boolean.</p>
+ </dd>
+
+ <dt>Parameter:</dt>
+
+ <dd>
+ <p>N/A</p>
+ </dd>
+
+ <dt>Notes:</dt>
+
+ <dd>
+ <p>Removing the <span class="QUOTE">"If-None-Match:"</span>
+ HTTP client header is useful for filter testing, where you want
+ to force a real reload instead of getting status code
+ <span class="QUOTE">"304"</span> which would cause the browser
+ to use a cached copy of the page.</p>
+
+ <p>It is also useful to make sure the header isn't used as a
+ cookie replacement (unlikely but possible).</p>
+
+ <p>Blocking the <span class="QUOTE">"If-None-Match:"</span>
+ header shouldn't cause any caching problems, as long as the
+ <span class="QUOTE">"If-Modified-Since:"</span> header isn't
+ blocked or missing as well.</p>
+
+ <p>It is recommended to use this action together with
+ <tt class="LITERAL"><a href=
+ "actions-file.html#HIDE-IF-MODIFIED-SINCE">hide-if-modified-since</a></tt>
+ and <tt class="LITERAL"><a href=
+ "actions-file.html#OVERWRITE-LAST-MODIFIED">overwrite-last-modified</a></tt>.</p>
+ </dd>
+
+ <dt>Example usage (section):</dt>
+
+ <dd>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
+# Let the browser revalidate cached documents but don't
+# allow the server to use the revalidation headers for user tracking.
+{+hide-if-modified-since{-60} \
+ +overwrite-last-modified{randomize} \
+ +crunch-if-none-match}
+/
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="CRUNCH-INCOMING-COOKIES" id=
+ "CRUNCH-INCOMING-COOKIES">8.5.9. crunch-incoming-cookies</a></h4>
+
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Typical use:</dt>
+
+ <dd>
+ <p>Prevent the web server from setting HTTP cookies on your
+ system</p>
+ </dd>
+
+ <dt>Effect:</dt>
+
+ <dd>
+ <p>Deletes any <span class="QUOTE">"Set-Cookie:"</span> HTTP
+ headers from server replies.</p>
+ </dd>
+
+ <dt>Type:</dt>
+
+ <dd>
+ <p>Boolean.</p>
+ </dd>
+
+ <dt>Parameter:</dt>
+
+ <dd>
+ <p>N/A</p>
+ </dd>
+
+ <dt>Notes:</dt>
+
+ <dd>
+ <p>This action is only concerned with <span class=
+ "emphasis"><i class="EMPHASIS">incoming</i></span> HTTP
+ cookies. For <span class="emphasis"><i class=
+ "EMPHASIS">outgoing</i></span> HTTP cookies, use <tt class=
+ "LITERAL"><a href=
+ "actions-file.html#CRUNCH-OUTGOING-COOKIES">crunch-outgoing-cookies</a></tt>.
+ Use <span class="emphasis"><i class="EMPHASIS">both</i></span>
+ to disable HTTP cookies completely.</p>
+
+ <p>It makes <span class="emphasis"><i class="EMPHASIS">no sense
+ at all</i></span> to use this action in conjunction with the
+ <tt class="LITERAL"><a href=
+ "actions-file.html#SESSION-COOKIES-ONLY">session-cookies-only</a></tt>
+ action, since it would prevent the session cookies from being
+ set. See also <tt class="LITERAL"><a href=
+ "actions-file.html#FILTER-CONTENT-COOKIES">filter-content-cookies</a></tt>.</p>
+ </dd>
+
+ <dt>Example usage:</dt>
+
+ <dd>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++crunch-incoming-cookies
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="CRUNCH-SERVER-HEADER" id=
+ "CRUNCH-SERVER-HEADER">8.5.10. crunch-server-header</a></h4>
+
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Typical use:</dt>
+
+ <dd>
+ <p>Remove a server header <span class=
+ "APPLICATION">Privoxy</span> has no dedicated action for.</p>
+ </dd>
+
+ <dt>Effect:</dt>
+
+ <dd>
+ <p>Deletes every header sent by the server that contains the
+ string the user supplied as parameter.</p>
+ </dd>
+
+ <dt>Type:</dt>
+
+ <dd>
+ <p>Parameterized.</p>
+ </dd>
+
+ <dt>Parameter:</dt>
+
+ <dd>
+ <p>Any string.</p>
+ </dd>
+
+ <dt>Notes:</dt>
+
+ <dd>
+ <p>This action allows you to block server headers for which no
+ dedicated <span class="APPLICATION">Privoxy</span> action
+ exists. <span class="APPLICATION">Privoxy</span> will remove
+ every server header that contains the string you supplied as
+ parameter.</p>
+
+ <p>Regular expressions are <span class="emphasis"><i class=
+ "EMPHASIS">not supported</i></span> and you can't use this
+ action to block different headers in the same request, unless
+ they contain the same string.</p>
+
+ <p><tt class="LITERAL">crunch-server-header</tt> is only meant
+ for quick tests. If you have to block several different
+ headers, or only want to modify parts of them, you should use a
+ custom <tt class="LITERAL"><a href=
+ "actions-file.html#SERVER-HEADER-FILTER">server-header
+ filter</a></tt>.</p>
+
+ <div class="WARNING">
+ <table class="WARNING" border="1" width="90%">
+ <tr>
+ <td align="center"><b>Warning</b></td>
+ </tr>
+
+ <tr>
+ <td align="left">
+ <p>Don't block any header without understanding the
+ consequences.</p>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </dd>
+
+ <dt>Example usage (section):</dt>
+
+ <dd>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
+# Crunch server headers that try to prevent caching
+{ +crunch-server-header{no-cache} }
+/
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="CRUNCH-OUTGOING-COOKIES" id=
+ "CRUNCH-OUTGOING-COOKIES">8.5.11. crunch-outgoing-cookies</a></h4>
+
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Typical use:</dt>
+
+ <dd>
+ <p>Prevent the web server from reading any HTTP cookies from
+ your system</p>
+ </dd>
+
+ <dt>Effect:</dt>
+
+ <dd>
+ <p>Deletes any <span class="QUOTE">"Cookie:"</span> HTTP
+ headers from client requests.</p>
+ </dd>
+
+ <dt>Type:</dt>
+
+ <dd>
+ <p>Boolean.</p>
+ </dd>
+
+ <dt>Parameter:</dt>
+
+ <dd>
+ <p>N/A</p>
+ </dd>
+
+ <dt>Notes:</dt>
+
+ <dd>
+ <p>This action is only concerned with <span class=
+ "emphasis"><i class="EMPHASIS">outgoing</i></span> HTTP
+ cookies. For <span class="emphasis"><i class=
+ "EMPHASIS">incoming</i></span> HTTP cookies, use <tt class=
+ "LITERAL"><a href=
+ "actions-file.html#CRUNCH-INCOMING-COOKIES">crunch-incoming-cookies</a></tt>.
+ Use <span class="emphasis"><i class="EMPHASIS">both</i></span>
+ to disable HTTP cookies completely.</p>
+
+ <p>It makes <span class="emphasis"><i class="EMPHASIS">no sense
+ at all</i></span> to use this action in conjunction with the
+ <tt class="LITERAL"><a href=
+ "actions-file.html#SESSION-COOKIES-ONLY">session-cookies-only</a></tt>
+ action, since it would prevent the session cookies from being
+ read.</p>
+ </dd>
+
+ <dt>Example usage:</dt>
+
+ <dd>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++crunch-outgoing-cookies
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="DEANIMATE-GIFS" id=
+ "DEANIMATE-GIFS">8.5.12. deanimate-gifs</a></h4>
+
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Typical use:</dt>
+
+ <dd>
+ <p>Stop those annoying, distracting animated GIF images.</p>
+ </dd>
+
+ <dt>Effect:</dt>
+
+ <dd>
+ <p>De-animate GIF animations, i.e. reduce them to their first
+ or last image.</p>
+ </dd>
+
+ <dt>Type:</dt>
+
+ <dd>
+ <p>Parameterized.</p>
+ </dd>
+
+ <dt>Parameter:</dt>
+
+ <dd>
+ <p><span class="QUOTE">"last"</span> or <span class=
+ "QUOTE">"first"</span></p>
+ </dd>
+
+ <dt>Notes:</dt>
+
+ <dd>
+ <p>This will also shrink the images considerably (in bytes, not
+ pixels!). If the option <span class="QUOTE">"first"</span> is
+ given, the first frame of the animation is used as the
+ replacement. If <span class="QUOTE">"last"</span> is given, the
+ last frame of the animation is used instead, which probably
+ makes more sense for most banner animations, but also has the
+ risk of not showing the entire last frame (if it is only a
+ delta to an earlier frame).</p>
+
+ <p>You can safely use this action with patterns that will also
+ match non-GIF objects, because no attempt will be made at
+ anything that doesn't look like a GIF.</p>
+ </dd>
+
+ <dt>Example usage:</dt>
+
+ <dd>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++deanimate-gifs{last}
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="DOWNGRADE-HTTP-VERSION" id=
+ "DOWNGRADE-HTTP-VERSION">8.5.13. downgrade-http-version</a></h4>
+
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Typical use:</dt>
+
+ <dd>
+ <p>Work around (very rare) problems with HTTP/1.1</p>
+ </dd>
+
+ <dt>Effect:</dt>
+
+ <dd>
+ <p>Downgrades HTTP/1.1 client requests and server replies to
+ HTTP/1.0.</p>
+ </dd>
+
+ <dt>Type:</dt>
+
+ <dd>
+ <p>Boolean.</p>
+ </dd>
+
+ <dt>Parameter:</dt>
+
+ <dd>
+ <p>N/A</p>
+ </dd>
+
+ <dt>Notes:</dt>
+
+ <dd>
+ <p>This is a left-over from the time when <span class=
+ "APPLICATION">Privoxy</span> didn't support important HTTP/1.1
+ features well. It is left here for the unlikely case that you
+ experience HTTP/1.1-related problems with some server out
+ there.</p>
+
+ <p>Note that enabling this action is only a workaround. It
+ should not be enabled for sites that work without it. While it
+ shouldn't break any pages, it has an (usually negative)
+ performance impact.</p>
+
+ <p>If you come across a site where enabling this action helps,
+ please report it, so the cause of the problem can be analyzed.
+ If the problem turns out to be caused by a bug in <span class=
+ "APPLICATION">Privoxy</span> it should be fixed so the
+ following release works without the work around.</p>
+ </dd>
+
+ <dt>Example usage (section):</dt>
+
+ <dd>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
+{+downgrade-http-version}
+problem-host.example.com
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="EXTERNAL-FILTER" id=
+ "EXTERNAL-FILTER">8.5.14. external-filter</a></h4>
+
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Typical use:</dt>
+
+ <dd>
+ <p>Modify content using a programming language of your
+ choice.</p>
+ </dd>
+
+ <dt>Effect:</dt>
+
+ <dd>
+ <p>All instances of text-based type, most notably HTML and
+ JavaScript, to which this action applies, can be filtered
+ on-the-fly through the specified external filter. By default
+ plain text documents are exempted from filtering, because web
+ servers often use the <tt class="LITERAL">text/plain</tt> MIME
+ type for all files whose type they don't know.)</p>
+ </dd>
+
+ <dt>Type:</dt>
+
+ <dd>
+ <p>Multi-value.</p>
+ </dd>
+
+ <dt>Parameter:</dt>
+
+ <dd>
+ <p>The name of an external content filter, as defined in the
+ <a href="filter-file.html">filter file</a>. External filters
+ can be defined in one or more files as defined by the
+ <tt class="LITERAL"><a href=
+ "config.html#FILTERFILE">filterfile</a></tt> option in the
+ <a href="config.html">config file</a>.</p>
+
+ <p>When used in its negative form, and without parameters,
+ <span class="emphasis"><i class="EMPHASIS">all</i></span>
+ filtering with external filters is completely disabled.</p>
+ </dd>
+
+ <dt>Notes:</dt>
+
+ <dd>
+ <p>External filters are scripts or programs that can modify the
+ content in case common <tt class="LITERAL"><a href=
+ "actions-file.html#FILTER">filters</a></tt> aren't powerful
+ enough. With the exception that this action doesn't use
+ pcrs-based filters, the notes in the <tt class=
+ "LITERAL"><a href="actions-file.html#FILTER">filter</a></tt>
+ section apply.</p>
+
+ <div class="WARNING">
+ <table class="WARNING" border="1" width="90%">
+ <tr>
+ <td align="center"><b>Warning</b></td>
+ </tr>
+
+ <tr>
+ <td align="left">
+ <p>Currently external filters are executed with
+ <span class="APPLICATION">Privoxy</span>'s privileges.
+ Only use external filters you understand and trust.</p>
+ </td>
+ </tr>
+ </table>
+ </div>
+
+ <p>This feature is experimental, the <tt class=
+ "LITERAL"><a href=
+ "filter-file.html#EXTERNAL-FILTER-SYNTAX">syntax</a></tt> may
+ change in the future.</p>
+ </dd>
+
+ <dt>Example usage:</dt>
+
+ <dd>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++external-filter{fancy-filter}
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="FAST-REDIRECTS" id=
+ "FAST-REDIRECTS">8.5.15. fast-redirects</a></h4>
+
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Typical use:</dt>
+
+ <dd>
+ <p>Fool some click-tracking scripts and speed up indirect
+ links.</p>
+ </dd>
+
+ <dt>Effect:</dt>
+
+ <dd>
+ <p>Detects redirection URLs and redirects the browser without
+ contacting the redirection server first.</p>
+ </dd>
+
+ <dt>Type:</dt>
+
+ <dd>
+ <p>Parameterized.</p>
+ </dd>
+
+ <dt>Parameter:</dt>
+
+ <dd>
+ <ul>
+ <li>
+ <p><span class="QUOTE">"simple-check"</span> to just search
+ for the string <span class="QUOTE">"http://"</span> to
+ detect redirection URLs.</p>
+ </li>
+
+ <li>
+ <p><span class="QUOTE">"check-decoded-url"</span> to decode
+ URLs (if necessary) before searching for redirection
+ URLs.</p>
+ </li>
+ </ul>
+ </dd>
+
+ <dt>Notes:</dt>
+
+ <dd>
+ <p>Many sites, like yahoo.com, don't just link to other sites.
+ Instead, they will link to some script on their own servers,
+ giving the destination as a parameter, which will then redirect
+ you to the final target. URLs resulting from this scheme
+ typically look like: <span class=
+ "QUOTE">"http://www.example.org/click-tracker.cgi?target=http%3a//www.example.net/"</span>.</p>
+
+ <p>Sometimes, there are even multiple consecutive redirects
+ encoded in the URL. These redirections via scripts make your
+ web browsing more traceable, since the server from which you
+ follow such a link can see where you go to. Apart from that,
+ valuable bandwidth and time is wasted, while your browser asks
+ the server for one redirect after the other. Plus, it feeds the
+ advertisers.</p>
+
+ <p>This feature is currently not very smart and is scheduled
+ for improvement. If it is enabled by default, you will have to
+ create some exceptions to this action. It can lead to failures
+ in several ways:</p>
+
+ <p>Not every URLs with other URLs as parameters is evil. Some
+ sites offer a real service that requires this information to
+ work. For example a validation service needs to know, which
+ document to validate. <tt class="LITERAL">fast-redirects</tt>
+ assumes that every URL parameter that looks like another URL is
+ a redirection target, and will always redirect to the last one.
+ Most of the time the assumption is correct, but if it isn't,
+ the user gets redirected anyway.</p>
+
+ <p>Another failure occurs if the URL contains other parameters
+ after the URL parameter. The URL: <span class=
+ "QUOTE">"http://www.example.org/?redirect=http%3a//www.example.net/&foo=bar"</span>.
+ contains the redirection URL <span class=
+ "QUOTE">"http://www.example.net/"</span>, followed by another
+ parameter. <tt class="LITERAL">fast-redirects</tt> doesn't know
+ that and will cause a redirect to <span class=
+ "QUOTE">"http://www.example.net/&foo=bar"</span>. Depending
+ on the target server configuration, the parameter will be
+ silently ignored or lead to a <span class="QUOTE">"page not
+ found"</span> error. You can prevent this problem by first
+ using the <tt class="LITERAL"><a href=
+ "actions-file.html#REDIRECT">redirect</a></tt> action to remove
+ the last part of the URL, but it requires a little effort.</p>
+
+ <p>To detect a redirection URL, <tt class=
+ "LITERAL">fast-redirects</tt> only looks for the string
+ <span class="QUOTE">"http://"</span>, either in plain text
+ (invalid but often used) or encoded as <span class=
+ "QUOTE">"http%3a//"</span>. Some sites use their own URL
+ encoding scheme, encrypt the address of the target server or
+ replace it with a database id. In theses cases <tt class=
+ "LITERAL">fast-redirects</tt> is fooled and the request reaches
+ the redirection server where it probably gets logged.</p>
+ </dd>
+
+ <dt>Example usage:</dt>
+
+ <dd>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
+ { +fast-redirects{simple-check} }
+ one.example.com
+
+ { +fast-redirects{check-decoded-url} }
+ another.example.com/testing
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="FILTER" id="FILTER">8.5.16.
+ filter</a></h4>
+
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Typical use:</dt>
+
+ <dd>
+ <p>Get rid of HTML and JavaScript annoyances, banner
+ advertisements (by size), do fun text replacements, add
+ personalized effects, etc.</p>
+ </dd>
+
+ <dt>Effect:</dt>
+
+ <dd>
+ <p>All instances of text-based type, most notably HTML and
+ JavaScript, to which this action applies, can be filtered
+ on-the-fly through the specified regular expression based
+ substitutions. (Note: as of version 3.0.3 plain text documents
+ are exempted from filtering, because web servers often use the
+ <tt class="LITERAL">text/plain</tt> MIME type for all files
+ whose type they don't know.)</p>
+ </dd>
+
+ <dt>Type:</dt>
+
+ <dd>
+ <p>Multi-value.</p>
+ </dd>
+
+ <dt>Parameter:</dt>
+
+ <dd>
+ <p>The name of a content filter, as defined in the <a href=
+ "filter-file.html">filter file</a>. Filters can be defined in
+ one or more files as defined by the <tt class=
+ "LITERAL"><a href="config.html#FILTERFILE">filterfile</a></tt>
+ option in the <a href="config.html">config file</a>. <tt class=
+ "FILENAME">default.filter</tt> is the collection of filters
+ supplied by the developers. Locally defined filters should go
+ in their own file, such as <tt class=
+ "FILENAME">user.filter</tt>.</p>
+
+ <p>When used in its negative form, and without parameters,
+ <span class="emphasis"><i class="EMPHASIS">all</i></span>
+ filtering is completely disabled.</p>
+ </dd>
+
+ <dt>Notes:</dt>
+
+ <dd>
+ <p>For your convenience, there are a number of pre-defined
+ filters available in the distribution filter file that you can
+ use. See the examples below for a list.</p>
+
+ <p>Filtering requires buffering the page content, which may
+ appear to slow down page rendering since nothing is displayed
+ until all content has passed the filters. (The total time until
+ the page is completely rendered doesn't change much, but it may
+ be perceived as slower since the page is not incrementally
+ displayed.) This effect will be more noticeable on slower
+ connections.</p>
+
+ <p><span class="QUOTE">"Rolling your own"</span> filters
+ requires a knowledge of <a href=
+ "http://en.wikipedia.org/wiki/Regular_expressions" target=
+ "_top"><span class="QUOTE">"Regular Expressions"</span></a> and
+ <a href="http://en.wikipedia.org/wiki/Html" target=
+ "_top"><span class="QUOTE">"HTML"</span></a>. This is very
+ powerful feature, and potentially very intrusive. Filters
+ should be used with caution, and where an equivalent
+ <span class="QUOTE">"action"</span> is not available.</p>
+
+ <p>The amount of data that can be filtered is limited to the
+ <tt class="LITERAL"><a href=
+ "config.html#BUFFER-LIMIT">buffer-limit</a></tt> option in the
+ main <a href="config.html">config file</a>. The default is 4096
+ KB (4 Megs). Once this limit is exceeded, the buffered data,
+ and all pending data, is passed through unfiltered.</p>
+
+ <p>Inappropriate MIME types, such as zipped files, are not
+ filtered at all. (Again, only text-based types except plain
+ text). Encrypted SSL data (from HTTPS servers) cannot be
+ filtered either, since this would violate the integrity of the
+ secure transaction. In some situations it might be necessary to
+ protect certain text, like source code, from filtering by
+ defining appropriate <tt class="LITERAL">-filter</tt>
+ exceptions.</p>
+
+ <p>Compressed content can't be filtered either, but if
+ <span class="APPLICATION">Privoxy</span> is compiled with zlib
+ support and a supported compression algorithm is used (gzip or
+ deflate), <span class="APPLICATION">Privoxy</span> can first
+ decompress the content and then filter it.</p>
+
+ <p>If you use a <span class="APPLICATION">Privoxy</span>
+ version without zlib support, but want filtering to work on as
+ much documents as possible, even those that would normally be
+ sent compressed, you must use the <tt class="LITERAL"><a href=
+ "actions-file.html#PREVENT-COMPRESSION">prevent-compression</a></tt>
+ action in conjunction with <tt class="LITERAL">filter</tt>.</p>
+
+ <p>Content filtering can achieve some of the same effects as
+ the <tt class="LITERAL"><a href=
+ "actions-file.html#BLOCK">block</a></tt> action, i.e. it can be
+ used to block ads and banners. But the mechanism works quite
+ differently. One effective use, is to block ad banners based on
+ their size (see below), since many of these seem to be somewhat
+ standardized.</p>
+
+ <p><a href="contact.html">Feedback</a> with suggestions for new
+ or improved filters is particularly welcome!</p>
+
+ <p>The below list has only the names and a one-line description
+ of each predefined filter. There are <a href=
+ "filter-file.html#PREDEFINED-FILTERS">more verbose
+ explanations</a> of what these filters do in the <a href=
+ "filter-file.html">filter file chapter</a>.</p>
+ </dd>
+
+ <dt>Example usage (with filters from the distribution <tt class=
+ "FILENAME">default.filter</tt> file). See <a href=
+ "filter-file.html#PREDEFINED-FILTERS">the Predefined Filters
+ section</a> for more explanation on each:</dt>
+
+ <dd>
+ <p><a name="FILTER-JS-ANNOYANCES" id=
+ "FILTER-JS-ANNOYANCES"></a></p>
+
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++filter{js-annoyances} # Get rid of particularly annoying JavaScript abuse.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p><a name="FILTER-JS-EVENTS" id="FILTER-JS-EVENTS"></a></p>
+
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++filter{js-events} # Kill JavaScript event bindings and timers (Radically destructive! Only for extra nasty sites).
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p><a name="FILTER-HTML-ANNOYANCES" id=
+ "FILTER-HTML-ANNOYANCES"></a></p>
+
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++filter{html-annoyances} # Get rid of particularly annoying HTML abuse.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p><a name="FILTER-CONTENT-COOKIES" id=
+ "FILTER-CONTENT-COOKIES"></a></p>
+
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++filter{content-cookies} # Kill cookies that come in the HTML or JS content.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p><a name="FILTER-REFRESH-TAGS" id=
+ "FILTER-REFRESH-TAGS"></a></p>
+
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++filter{refresh-tags} # Kill automatic refresh tags if refresh time is larger than 9 seconds.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p><a name="FILTER-UNSOLICITED-POPUPS" id=
+ "FILTER-UNSOLICITED-POPUPS"></a></p>
+
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++filter{unsolicited-popups} # Disable only unsolicited pop-up windows.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p><a name="FILTER-ALL-POPUPS" id="FILTER-ALL-POPUPS"></a></p>
+
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++filter{all-popups} # Kill all popups in JavaScript and HTML.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p><a name="FILTER-IMG-REORDER" id=
+ "FILTER-IMG-REORDER"></a></p>
+
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++filter{img-reorder} # Reorder attributes in <img> tags to make the banners-by-* filters more effective.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p><a name="FILTER-BANNERS-BY-SIZE" id=
+ "FILTER-BANNERS-BY-SIZE"></a></p>
+
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++filter{banners-by-size} # Kill banners by size.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p><a name="FILTER-BANNERS-BY-LINK" id=
+ "FILTER-BANNERS-BY-LINK"></a></p>
+
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++filter{banners-by-link} # Kill banners by their links to known clicktrackers.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p><a name="FILTER-WEBBUGS" id="FILTER-WEBBUGS"></a></p>
+
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++filter{webbugs} # Squish WebBugs (1x1 invisible GIFs used for user tracking).
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p><a name="FILTER-TINY-TEXTFORMS" id=
+ "FILTER-TINY-TEXTFORMS"></a></p>
+
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++filter{tiny-textforms} # Extend those tiny textareas up to 40x80 and kill the hard wrap.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p><a name="FILTER-JUMPING-WINDOWS" id=
+ "FILTER-JUMPING-WINDOWS"></a></p>
+
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++filter{jumping-windows} # Prevent windows from resizing and moving themselves.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p><a name="FILTER-FRAMESET-BORDERS" id=
+ "FILTER-FRAMESET-BORDERS"></a></p>
+
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++filter{frameset-borders} # Give frames a border and make them resizable.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p><a name="FILTER-IFRAMES" id="FILTER-IFRAMES"></a></p>
+
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++filter{iframes} # Removes all detected iframes. Should only be enabled for individual sites.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p><a name="FILTER-DEMORONIZER" id=
+ "FILTER-DEMORONIZER"></a></p>
+
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++filter{demoronizer} # Fix MS's non-standard use of standard charsets.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p><a name="FILTER-SHOCKWAVE-FLASH" id=
+ "FILTER-SHOCKWAVE-FLASH"></a></p>
+
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++filter{shockwave-flash} # Kill embedded Shockwave Flash objects.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p><a name="FILTER-QUICKTIME-KIOSKMODE" id=
+ "FILTER-QUICKTIME-KIOSKMODE"></a></p>
+
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++filter{quicktime-kioskmode} # Make Quicktime movies saveable.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p><a name="FILTER-FUN" id="FILTER-FUN"></a></p>
+
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++filter{fun} # Text replacements for subversive browsing fun!
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p><a name="FILTER-CRUDE-PARENTAL" id=
+ "FILTER-CRUDE-PARENTAL"></a></p>
+
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++filter{crude-parental} # Crude parental filtering. Note that this filter doesn't work reliably.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p><a name="FILTER-IE-EXPLOITS" id=
+ "FILTER-IE-EXPLOITS"></a></p>
+
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++filter{ie-exploits} # Disable some known Internet Explorer bug exploits.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p><a name="FILTER-SITE-SPECIFICS" id=
+ "FILTER-SITE-SPECIFICS"></a></p>
+
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++filter{site-specifics} # Cure for site-specific problems. Don't apply generally!
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p><a name="FILTER-NO-PING" id="FILTER-NO-PING"></a></p>
+
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++filter{no-ping} # Removes non-standard ping attributes in <a> and <area> tags.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p><a name="FILTER-GOOGLE" id="FILTER-GOOGLE"></a></p>
+
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++filter{google} # CSS-based block for Google text ads. Also removes a width limitation and the toolbar advertisement.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p><a name="FILTER-YAHOO" id="FILTER-YAHOO"></a></p>
+
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++filter{yahoo} # CSS-based block for Yahoo text ads. Also removes a width limitation.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p><a name="FILTER-MSN" id="FILTER-MSN"></a></p>
+
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++filter{msn} # CSS-based block for MSN text ads. Also removes tracking URLs and a width limitation.
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p><a name="FILTER-BLOGSPOT" id="FILTER-BLOGSPOT"></a></p>
+
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++filter{blogspot} # Cleans up some Blogspot blogs. Read the fine print before using this.
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="FORCE-TEXT-MODE" id=
+ "FORCE-TEXT-MODE">8.5.17. force-text-mode</a></h4>
+
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Typical use:</dt>
+
+ <dd>
+ <p>Force <span class="APPLICATION">Privoxy</span> to treat a
+ document as if it was in some kind of <span class=
+ "emphasis"><i class="EMPHASIS">text</i></span> format.</p>
+ </dd>
+
+ <dt>Effect:</dt>
+
+ <dd>
+ <p>Declares a document as text, even if the <span class=
+ "QUOTE">"Content-Type:"</span> isn't detected as such.</p>
+ </dd>
+
+ <dt>Type:</dt>
+
+ <dd>
+ <p>Boolean.</p>
+ </dd>
+
+ <dt>Parameter:</dt>
+
+ <dd>
+ <p>N/A</p>
+ </dd>
+
+ <dt>Notes:</dt>
+
+ <dd>
+ <p>As explained <tt class="LITERAL"><a href=
+ "actions-file.html#FILTER">above</a></tt>, <span class=
+ "APPLICATION">Privoxy</span> tries to only filter files that
+ are in some kind of text format. The same restrictions apply to
+ <tt class="LITERAL"><a href=
+ "actions-file.html#CONTENT-TYPE-OVERWRITE">content-type-overwrite</a></tt>.
+ <tt class="LITERAL">force-text-mode</tt> declares a document as
+ text, without looking at the <span class=
+ "QUOTE">"Content-Type:"</span> first.</p>
+
+ <div class="WARNING">
+ <table class="WARNING" border="1" width="90%">
+ <tr>
+ <td align="center"><b>Warning</b></td>
+ </tr>
+
+ <tr>
+ <td align="left">
+ <p>Think twice before activating this action. Filtering
+ binary data with regular expressions can cause file
+ damage.</p>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </dd>
+
+ <dt>Example usage:</dt>
+
+ <dd>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++force-text-mode
+
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="FORWARD-OVERRIDE" id=
+ "FORWARD-OVERRIDE">8.5.18. forward-override</a></h4>
+
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Typical use:</dt>
+
+ <dd>
+ <p>Change the forwarding settings based on User-Agent or
+ request origin</p>
+ </dd>
+
+ <dt>Effect:</dt>
+
+ <dd>
+ <p>Overrules the forward directives in the configuration
+ file.</p>
+ </dd>
+
+ <dt>Type:</dt>
+
+ <dd>
+ <p>Parameterized.</p>
+ </dd>
+
+ <dt>Parameter:</dt>
+
+ <dd>
+ <ul>
+ <li>
+ <p><span class="QUOTE">"forward ."</span> to use a direct
+ connection without any additional proxies.</p>
+ </li>
+
+ <li>
+ <p><span class="QUOTE">"forward 127.0.0.1:8123"</span> to
+ use the HTTP proxy listening at 127.0.0.1 port 8123.</p>
+ </li>
+
+ <li>
+ <p><span class="QUOTE">"forward-socks4a 127.0.0.1:9050
+ ."</span> to use the socks4a proxy listening at 127.0.0.1
+ port 9050. Replace <span class=
+ "QUOTE">"forward-socks4a"</span> with <span class=
+ "QUOTE">"forward-socks4"</span> to use a socks4 connection
+ (with local DNS resolution) instead, use <span class=
+ "QUOTE">"forward-socks5"</span> for socks5 connections
+ (with remote DNS resolution).</p>
+ </li>
+
+ <li>
+ <p><span class="QUOTE">"forward-socks4a 127.0.0.1:9050
+ proxy.example.org:8000"</span> to use the socks4a proxy
+ listening at 127.0.0.1 port 9050 to reach the HTTP proxy
+ listening at proxy.example.org port 8000. Replace
+ <span class="QUOTE">"forward-socks4a"</span> with
+ <span class="QUOTE">"forward-socks4"</span> to use a socks4
+ connection (with local DNS resolution) instead, use
+ <span class="QUOTE">"forward-socks5"</span> for socks5
+ connections (with remote DNS resolution).</p>
+ </li>
+
+ <li>
+ <p><span class="QUOTE">"forward-webserver
+ 127.0.0.1:80"</span> to use the HTTP server listening at
+ 127.0.0.1 port 80 without adjusting the request
+ headers.</p>
+
+ <p>This makes it more convenient to use Privoxy to make
+ existing websites available as onion services as well.</p>
+
+ <p>Many websites serve content with hardcoded URLs and
+ can't be easily adjusted to change the domain based on the
+ one used by the client.</p>
+
+ <p>Putting Privoxy between Tor and the webserver (or an
+ stunnel that forwards to the webserver) allows to rewrite
+ headers and content to make client and server happy at the
+ same time.</p>
+
+ <p>Using Privoxy for webservers that are only reachable
+ through onion addresses and whose location is supposed to
+ be secret is not recommended and should not be necessary
+ anyway.</p>
+ </li>
+ </ul>
+ </dd>
+
+ <dt>Notes:</dt>
+
+ <dd>
+ <p>This action takes parameters similar to the <a href=
+ "config.html#FORWARDING">forward</a> directives in the
+ configuration file, but without the URL pattern. It can be used
+ as replacement, but normally it's only used in cases where
+ matching based on the request URL isn't sufficient.</p>
+
+ <div class="WARNING">
+ <table class="WARNING" border="1" width="90%">
+ <tr>
+ <td align="center"><b>Warning</b></td>
+ </tr>
+
+ <tr>
+ <td align="left">
+ <p>Please read the description for the <a href=
+ "config.html#FORWARDING">forward</a> directives before
+ using this action. Forwarding to the wrong people will
+ reduce your privacy and increase the chances of
+ man-in-the-middle attacks.</p>
+
+ <p>If the ports are missing or invalid, default values
+ will be used. This might change in the future and you
+ shouldn't rely on it. Otherwise incorrect syntax causes
+ Privoxy to exit. Due to design limitations, invalid
+ parameter syntax isn't detected until the action is
+ used the first time.</p>
+
+ <p>Use the <a href=
+ "http://config.privoxy.org/show-url-info" target=
+ "_top">show-url-info CGI page</a> to verify that your
+ forward settings do what you thought the do.</p>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </dd>
+
+ <dt>Example usage:</dt>
+
+ <dd>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
+# Use an ssh tunnel for requests previously tagged as
+# <span class="QUOTE">"User-Agent: fetch libfetch/2.0"</span> and make sure
+# resuming downloads continues to work.
+#
+# This way you can continue to use Tor for your normal browsing,
+# without overloading the Tor network with your FreeBSD ports updates
+# or downloads of bigger files like ISOs.
+#
+# Note that HTTP headers are easy to fake and therefore their
+# values are as (un)trustworthy as your clients and users.
+{+forward-override{forward-socks5 10.0.0.2:2222 .} \
+ -hide-if-modified-since \
+ -overwrite-last-modified \
+}
+TAG:^User-Agent: fetch libfetch/2\.0$
+
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="HANDLE-AS-EMPTY-DOCUMENT" id=
+ "HANDLE-AS-EMPTY-DOCUMENT">8.5.19. handle-as-empty-document</a></h4>
+
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Typical use:</dt>
+
+ <dd>
+ <p>Mark URLs that should be replaced by empty documents
+ <span class="emphasis"><i class="EMPHASIS">if they get
+ blocked</i></span></p>
+ </dd>
+
+ <dt>Effect:</dt>
+
+ <dd>
+ <p>This action alone doesn't do anything noticeable. It just
+ marks URLs. If the <tt class="LITERAL"><a href=
+ "actions-file.html#BLOCK">block</a></tt> action <span class=
+ "emphasis"><i class="EMPHASIS">also applies</i></span>, the
+ presence or absence of this mark decides whether an HTML
+ <span class="QUOTE">"BLOCKED"</span> page, or an empty document
+ will be sent to the client as a substitute for the blocked
+ content. The <span class="emphasis"><i class=
+ "EMPHASIS">empty</i></span> document isn't literally empty, but
+ actually contains a single space.</p>
+ </dd>
+
+ <dt>Type:</dt>
+
+ <dd>
+ <p>Boolean.</p>
+ </dd>
+
+ <dt>Parameter:</dt>
+
+ <dd>
+ <p>N/A</p>
+ </dd>
+
+ <dt>Notes:</dt>
+
+ <dd>
+ <p>Some browsers complain about syntax errors if JavaScript
+ documents are blocked with <span class=
+ "APPLICATION">Privoxy's</span> default HTML page; this option
+ can be used to silence them. And of course this action can also
+ be used to eliminate the <span class=
+ "APPLICATION">Privoxy</span> BLOCKED message in frames.</p>
+
+ <p>The content type for the empty document can be specified
+ with <tt class="LITERAL"><a href=
+ "actions-file.html#CONTENT-TYPE-OVERWRITE">content-type-overwrite{}</a></tt>,
+ but usually this isn't necessary.</p>
+ </dd>
+
+ <dt>Example usage:</dt>
+
+ <dd>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
+# Block all documents on example.org that end with ".js",
+# but send an empty document instead of the usual HTML message.
+{+block{Blocked JavaScript} +handle-as-empty-document}
+example.org/.*\.js$
+
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="HANDLE-AS-IMAGE" id=
+ "HANDLE-AS-IMAGE">8.5.20. handle-as-image</a></h4>
+
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Typical use:</dt>
+
+ <dd>
+ <p>Mark URLs as belonging to images (so they'll be replaced by
+ images <span class="emphasis"><i class="EMPHASIS">if they do
+ get blocked</i></span>, rather than HTML pages)</p>
+ </dd>
+
+ <dt>Effect:</dt>
+
+ <dd>
+ <p>This action alone doesn't do anything noticeable. It just
+ marks URLs as images. If the <tt class="LITERAL"><a href=
+ "actions-file.html#BLOCK">block</a></tt> action <span class=
+ "emphasis"><i class="EMPHASIS">also applies</i></span>, the
+ presence or absence of this mark decides whether an HTML
+ <span class="QUOTE">"blocked"</span> page, or a replacement
+ image (as determined by the <tt class="LITERAL"><a href=
+ "actions-file.html#SET-IMAGE-BLOCKER">set-image-blocker</a></tt>
+ action) will be sent to the client as a substitute for the
+ blocked content.</p>
+ </dd>
+
+ <dt>Type:</dt>
+
+ <dd>
+ <p>Boolean.</p>
+ </dd>
+
+ <dt>Parameter:</dt>
+
+ <dd>
+ <p>N/A</p>
+ </dd>
+
+ <dt>Notes:</dt>
+
+ <dd>
+ <p>The below generic example section is actually part of
+ <tt class="FILENAME">default.action</tt>. It marks all URLs
+ with well-known image file name extensions as images and should
+ be left intact.</p>
+
+ <p>Users will probably only want to use the handle-as-image
+ action in conjunction with <tt class="LITERAL"><a href=
+ "actions-file.html#BLOCK">block</a></tt>, to block sources of
+ banners, whose URLs don't reflect the file type, like in the
+ second example section.</p>
+
+ <p>Note that you cannot treat HTML pages as images in most
+ cases. For instance, (in-line) ad frames require an HTML page
+ to be sent, or they won't display properly. Forcing <tt class=
+ "LITERAL">handle-as-image</tt> in this situation will not
+ replace the ad frame with an image, but lead to error
+ messages.</p>
+ </dd>
+
+ <dt>Example usage (sections):</dt>
+
+ <dd>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
+# Generic image extensions:
+#
+{+handle-as-image}
+/.*\.(gif|jpg|jpeg|png|bmp|ico)$
+
+# These don't look like images, but they're banners and should be
+# blocked as images:
+#
+{+block{Nasty banners.} +handle-as-image}
+nasty-banner-server.example.com/junk.cgi\?output=trash
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="HIDE-ACCEPT-LANGUAGE" id=
+ "HIDE-ACCEPT-LANGUAGE">8.5.21. hide-accept-language</a></h4>
+
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Typical use:</dt>
+
+ <dd>
+ <p>Pretend to use different language settings.</p>
+ </dd>
+
+ <dt>Effect:</dt>
+
+ <dd>
+ <p>Deletes or replaces the <span class=
+ "QUOTE">"Accept-Language:"</span> HTTP header in client
+ requests.</p>
+ </dd>
+
+ <dt>Type:</dt>
+
+ <dd>
+ <p>Parameterized.</p>
+ </dd>
+
+ <dt>Parameter:</dt>
+
+ <dd>
+ <p>Keyword: <span class="QUOTE">"block"</span>, or any user
+ defined value.</p>
+ </dd>
+
+ <dt>Notes:</dt>
+
+ <dd>
+ <p>Faking the browser's language settings can be useful to make
+ a foreign User-Agent set with <tt class="LITERAL"><a href=
+ "actions-file.html#HIDE-USER-AGENT">hide-user-agent</a></tt>
+ more believable.</p>
+
+ <p>However some sites with content in different languages check
+ the <span class="QUOTE">"Accept-Language:"</span> to decide
+ which one to take by default. Sometimes it isn't possible to
+ later switch to another language without changing the
+ <span class="QUOTE">"Accept-Language:"</span> header first.</p>
+
+ <p>Therefore it's a good idea to either only change the
+ <span class="QUOTE">"Accept-Language:"</span> header to
+ languages you understand, or to languages that aren't wide
+ spread.</p>
+
+ <p>Before setting the <span class=
+ "QUOTE">"Accept-Language:"</span> header to a rare language,
+ you should consider that it helps to make your requests unique
+ and thus easier to trace. If you don't plan to change this
+ header frequently, you should stick to a common language.</p>
+ </dd>
+
+ <dt>Example usage (section):</dt>
+
+ <dd>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
+# Pretend to use Canadian language settings.
+{+hide-accept-language{en-ca} \
++hide-user-agent{Mozilla/5.0 (X11; U; OpenBSD i386; en-CA; rv:1.8.0.4) Gecko/20060628 Firefox/1.5.0.4} \
+}
+/
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="HIDE-CONTENT-DISPOSITION" id=
+ "HIDE-CONTENT-DISPOSITION">8.5.22. hide-content-disposition</a></h4>
+
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Typical use:</dt>
+
+ <dd>
+ <p>Prevent download menus for content you prefer to view inside
+ the browser.</p>
+ </dd>
+
+ <dt>Effect:</dt>
+
+ <dd>
+ <p>Deletes or replaces the <span class=
+ "QUOTE">"Content-Disposition:"</span> HTTP header set by some
+ servers.</p>
+ </dd>
+
+ <dt>Type:</dt>
+
+ <dd>
+ <p>Parameterized.</p>
+ </dd>
+
+ <dt>Parameter:</dt>
+
+ <dd>
+ <p>Keyword: <span class="QUOTE">"block"</span>, or any user
+ defined value.</p>
+ </dd>
+
+ <dt>Notes:</dt>
+
+ <dd>
+ <p>Some servers set the <span class=
+ "QUOTE">"Content-Disposition:"</span> HTTP header for documents
+ they assume you want to save locally before viewing them. The
+ <span class="QUOTE">"Content-Disposition:"</span> header
+ contains the file name the browser is supposed to use by
+ default.</p>
+
+ <p>In most browsers that understand this header, it makes it
+ impossible to <span class="emphasis"><i class="EMPHASIS">just
+ view</i></span> the document, without downloading it first,
+ even if it's just a simple text file or an image.</p>
+
+ <p>Removing the <span class=
+ "QUOTE">"Content-Disposition:"</span> header helps to prevent
+ this annoyance, but some browsers additionally check the
+ <span class="QUOTE">"Content-Type:"</span> header, before they
+ decide if they can display a document without saving it first.
+ In these cases, you have to change this header as well, before
+ the browser stops displaying download menus.</p>
+
+ <p>It is also possible to change the server's file name
+ suggestion to another one, but in most cases it isn't worth the
+ time to set it up.</p>
+
+ <p>This action will probably be removed in the future, use
+ server-header filters instead.</p>
+ </dd>
+
+ <dt>Example usage:</dt>
+
+ <dd>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
+# Disarm the download link in Sourceforge's patch tracker
+{ -filter \
+ +content-type-overwrite{text/plain}\
+ +hide-content-disposition{block} }
+ .sourceforge.net/tracker/download\.php
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="HIDE-IF-MODIFIED-SINCE" id=
+ "HIDE-IF-MODIFIED-SINCE">8.5.23. hide-if-modified-since</a></h4>
+
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Typical use:</dt>
+
+ <dd>
+ <p>Prevent yet another way to track the user's steps between
+ sessions.</p>
+ </dd>
+
+ <dt>Effect:</dt>
+
+ <dd>
+ <p>Deletes the <span class="QUOTE">"If-Modified-Since:"</span>
+ HTTP client header or modifies its value.</p>
+ </dd>
+
+ <dt>Type:</dt>
+
+ <dd>
+ <p>Parameterized.</p>
+ </dd>
+
+ <dt>Parameter:</dt>
+
+ <dd>
+ <p>Keyword: <span class="QUOTE">"block"</span>, or a user
+ defined value that specifies a range of hours.</p>
+ </dd>
+
+ <dt>Notes:</dt>
+
+ <dd>
+ <p>Removing this header is useful for filter testing, where you
+ want to force a real reload instead of getting status code
+ <span class="QUOTE">"304"</span>, which would cause the browser
+ to use a cached copy of the page.</p>
+
+ <p>Instead of removing the header, <tt class=
+ "LITERAL">hide-if-modified-since</tt> can also add or subtract
+ a random amount of time to/from the header's value. You specify
+ a range of minutes where the random factor should be chosen
+ from and <span class="APPLICATION">Privoxy</span> does the
+ rest. A negative value means subtracting, a positive value
+ adding.</p>
+
+ <p>Randomizing the value of the <span class=
+ "QUOTE">"If-Modified-Since:"</span> makes it less likely that
+ the server can use the time as a cookie replacement, but you
+ will run into caching problems if the random range is too
+ high.</p>
+
+ <p>It is a good idea to only use a small negative value and let
+ <tt class="LITERAL"><a href=
+ "actions-file.html#OVERWRITE-LAST-MODIFIED">overwrite-last-modified</a></tt>
+ handle the greater changes.</p>
+
+ <p>It is also recommended to use this action together with
+ <tt class="LITERAL"><a href=
+ "actions-file.html#CRUNCH-IF-NONE-MATCH">crunch-if-none-match</a></tt>,
+ otherwise it's more or less pointless.</p>
+ </dd>
+
+ <dt>Example usage (section):</dt>
+
+ <dd>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
+# Let the browser revalidate but make tracking based on the time less likely.
+{+hide-if-modified-since{-60} \
+ +overwrite-last-modified{randomize} \
+ +crunch-if-none-match}
+/
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="HIDE-FROM-HEADER" id=
+ "HIDE-FROM-HEADER">8.5.24. hide-from-header</a></h4>
+
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Typical use:</dt>
+
+ <dd>
+ <p>Keep your (old and ill) browser from telling web servers
+ your email address</p>
+ </dd>
+
+ <dt>Effect:</dt>
+
+ <dd>
+ <p>Deletes any existing <span class="QUOTE">"From:"</span> HTTP
+ header, or replaces it with the specified string.</p>
+ </dd>
+
+ <dt>Type:</dt>
+
+ <dd>
+ <p>Parameterized.</p>
+ </dd>
+
+ <dt>Parameter:</dt>
+
+ <dd>
+ <p>Keyword: <span class="QUOTE">"block"</span>, or any user
+ defined value.</p>
+ </dd>
+
+ <dt>Notes:</dt>
+
+ <dd>
+ <p>The keyword <span class="QUOTE">"block"</span> will
+ completely remove the header (not to be confused with the
+ <tt class="LITERAL"><a href=
+ "actions-file.html#BLOCK">block</a></tt> action).</p>
+
+ <p>Alternately, you can specify any value you prefer to be sent
+ to the web server. If you do, it is a matter of fairness not to
+ use any address that is actually used by a real person.</p>
+
+ <p>This action is rarely needed, as modern web browsers don't
+ send <span class="QUOTE">"From:"</span> headers anymore.</p>
+ </dd>
+
+ <dt>Example usage:</dt>
+
+ <dd>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++hide-from-header{block}
+</pre>
+ </td>
+ </tr>
+ </table>or
+
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++hide-from-header{spam-me-senseless@sittingduck.example.com}
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="HIDE-REFERRER" id="HIDE-REFERRER">8.5.25.
+ hide-referrer</a></h4><a name="HIDE-REFERER" id="HIDE-REFERER"></a>
+
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Typical use:</dt>
+
+ <dd>
+ <p>Conceal which link you followed to get to a particular
+ site</p>
+ </dd>
+
+ <dt>Effect:</dt>
+
+ <dd>
+ <p>Deletes the <span class="QUOTE">"Referer:"</span> (sic) HTTP
+ header from the client request, or replaces it with a forged
+ one.</p>
+ </dd>
+
+ <dt>Type:</dt>
+
+ <dd>
+ <p>Parameterized.</p>
+ </dd>
+
+ <dt>Parameter:</dt>
+
+ <dd>
+ <ul>
+ <li>
+ <p><span class="QUOTE">"conditional-block"</span> to delete
+ the header completely if the host has changed.</p>
+ </li>
+
+ <li>
+ <p><span class="QUOTE">"conditional-forge"</span> to forge
+ the header if the host has changed.</p>
+ </li>
+
+ <li>
+ <p><span class="QUOTE">"block"</span> to delete the header
+ unconditionally.</p>
+ </li>
+
+ <li>
+ <p><span class="QUOTE">"forge"</span> to pretend to be
+ coming from the homepage of the server we are talking
+ to.</p>
+ </li>
+
+ <li>
+ <p>Any other string to set a user defined referrer.</p>
+ </li>
+ </ul>
+ </dd>
+
+ <dt>Notes:</dt>
+
+ <dd>
+ <p><tt class="LITERAL">conditional-block</tt> is the only
+ parameter, that isn't easily detected in the server's log file.
+ If it blocks the referrer, the request will look like the
+ visitor used a bookmark or typed in the address directly.</p>
+
+ <p>Leaving the referrer unmodified for requests on the same
+ host allows the server owner to see the visitor's <span class=
+ "QUOTE">"click path"</span>, but in most cases she could also
+ get that information by comparing other parts of the log file:
+ for example the User-Agent if it isn't a very common one, or
+ the user's IP address if it doesn't change between different
+ requests.</p>
+
+ <p>Always blocking the referrer, or using a custom one, can
+ lead to failures on servers that check the referrer before they
+ answer any requests, in an attempt to prevent their content
+ from being embedded or linked to elsewhere.</p>
+
+ <p>Both <tt class="LITERAL">conditional-block</tt> and
+ <tt class="LITERAL">forge</tt> will work with referrer checks,
+ as long as content and valid referring page are on the same
+ host. Most of the time that's the case.</p>
+
+ <p><tt class="LITERAL">hide-referer</tt> is an alternate
+ spelling of <tt class="LITERAL">hide-referrer</tt> and the two
+ can be can be freely substituted with each other. (<span class=
+ "QUOTE">"referrer"</span> is the correct English spelling,
+ however the HTTP specification has a bug - it requires it to be
+ spelled as <span class="QUOTE">"referer"</span>.)</p>
+ </dd>
+
+ <dt>Example usage:</dt>
+
+ <dd>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++hide-referrer{forge}
+</pre>
+ </td>
+ </tr>
+ </table>or
+
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++hide-referrer{http://www.yahoo.com/}
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="HIDE-USER-AGENT" id=
+ "HIDE-USER-AGENT">8.5.26. hide-user-agent</a></h4>
+
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Typical use:</dt>
+
+ <dd>
+ <p>Try to conceal your type of browser and client operating
+ system</p>
+ </dd>
+
+ <dt>Effect:</dt>
+
+ <dd>
+ <p>Replaces the value of the <span class=
+ "QUOTE">"User-Agent:"</span> HTTP header in client requests
+ with the specified value.</p>
+ </dd>
+
+ <dt>Type:</dt>
+
+ <dd>
+ <p>Parameterized.</p>
+ </dd>
+
+ <dt>Parameter:</dt>
+
+ <dd>
+ <p>Any user-defined string.</p>
+ </dd>
+
+ <dt>Notes:</dt>
+
+ <dd>
+ <div class="WARNING">
+ <table class="WARNING" border="1" width="90%">
+ <tr>
+ <td align="center"><b>Warning</b></td>
+ </tr>
+
+ <tr>
+ <td align="left">
+ <p>This can lead to problems on web sites that depend
+ on looking at this header in order to customize their
+ content for different browsers (which, by the way, is
+ <span class="emphasis"><i class=
+ "EMPHASIS">NOT</i></span> the right thing to do: good
+ web sites work browser-independently).</p>
+ </td>
+ </tr>
+ </table>
+ </div>
+
+ <p>Using this action in multi-user setups or wherever different
+ types of browsers will access the same <span class=
+ "APPLICATION">Privoxy</span> is <span class=
+ "emphasis"><i class="EMPHASIS">not recommended</i></span>. In
+ single-user, single-browser setups, you might use it to delete
+ your OS version information from the headers, because it is an
+ invitation to exploit known bugs for your OS. It is also
+ occasionally useful to forge this in order to access sites that
+ won't let you in otherwise (though there may be a good reason
+ in some cases).</p>
+
+ <p>More information on known user-agent strings can be found at
+ <a href="http://www.user-agents.org/" target=
+ "_top">http://www.user-agents.org/</a> and <a href=
+ "http://en.wikipedia.org/wiki/User_agent" target=
+ "_top">http://en.wikipedia.org/wiki/User_agent</a>.</p>
+ </dd>
+
+ <dt>Example usage:</dt>
+
+ <dd>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++hide-user-agent{Netscape 6.1 (X11; I; Linux 2.4.18 i686)}
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="LIMIT-CONNECT" id="LIMIT-CONNECT">8.5.27.
+ limit-connect</a></h4>
+
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Typical use:</dt>
+
+ <dd>
+ <p>Prevent abuse of <span class="APPLICATION">Privoxy</span> as
+ a TCP proxy relay or disable SSL for untrusted sites</p>
+ </dd>
+
+ <dt>Effect:</dt>
+
+ <dd>
+ <p>Specifies to which ports HTTP CONNECT requests are
+ allowable.</p>
+ </dd>
+
+ <dt>Type:</dt>
+
+ <dd>
+ <p>Parameterized.</p>
+ </dd>
+
+ <dt>Parameter:</dt>
+
+ <dd>
+ <p>A comma-separated list of ports or port ranges (the latter
+ using dashes, with the minimum defaulting to 0 and the maximum
+ to 65K).</p>
+ </dd>
+
+ <dt>Notes:</dt>
+
+ <dd>
+ <p>By default, i.e. if no <tt class=
+ "LITERAL">limit-connect</tt> action applies, <span class=
+ "APPLICATION">Privoxy</span> allows HTTP CONNECT requests to
+ all ports. Use <tt class="LITERAL">limit-connect</tt> if
+ fine-grained control is desired for some or all
+ destinations.</p>
+
+ <p>The CONNECT methods exists in HTTP to allow access to secure
+ websites (<span class="QUOTE">"https://"</span> URLs) through
+ proxies. It works very simply: the proxy connects to the server
+ on the specified port, and then short-circuits its connections
+ to the client and to the remote server. This means
+ CONNECT-enabled proxies can be used as TCP relays very
+ easily.</p>
+
+ <p><span class="APPLICATION">Privoxy</span> relays HTTPS
+ traffic without seeing the decoded content. Websites can
+ leverage this limitation to circumvent <span class=
+ "APPLICATION">Privoxy</span>'s filters. By specifying an
+ invalid port range you can disable HTTPS entirely.</p>
+ </dd>
+
+ <dt>Example usages:</dt>
+
+ <dd>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++limit-connect{443} # Port 443 is OK.
++limit-connect{80,443} # Ports 80 and 443 are OK.
++limit-connect{-3, 7, 20-100, 500-} # Ports less than 3, 7, 20 to 100 and above 500 are OK.
++limit-connect{-} # All ports are OK
++limit-connect{,} # No HTTPS/SSL traffic is allowed
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="LIMIT-COOKIE-LIFETIME" id=
+ "LIMIT-COOKIE-LIFETIME">8.5.28. limit-cookie-lifetime</a></h4>
+
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Typical use:</dt>
+
+ <dd>
+ <p>Limit the lifetime of HTTP cookies to a couple of minutes or
+ hours.</p>
+ </dd>
+
+ <dt>Effect:</dt>
+
+ <dd>
+ <p>Overwrites the expires field in Set-Cookie server headers if
+ it's above the specified limit.</p>
+ </dd>
+
+ <dt>Type:</dt>
+
+ <dd>
+ <p>Parameterized.</p>
+ </dd>
+
+ <dt>Parameter:</dt>
+
+ <dd>
+ <p>The lifetime limit in minutes, or 0.</p>
+ </dd>
+
+ <dt>Notes:</dt>
+
+ <dd>
+ <p>This action reduces the lifetime of HTTP cookies coming from
+ the server to the specified number of minutes, starting from
+ the time the cookie passes Privoxy.</p>
+
+ <p>Cookies with a lifetime below the limit are not modified.
+ The lifetime of session cookies is set to the specified
+ limit.</p>
+
+ <p>The effect of this action depends on the server.</p>
+
+ <p>In case of servers which refresh their cookies with each
+ response (or at least frequently), the lifetime limit set by
+ this action is updated as well. Thus, a session associated with
+ the cookie continues to work with this action enabled, as long
+ as a new request is made before the last limit set is
+ reached.</p>
+
+ <p>However, some servers send their cookies once, with a
+ lifetime of several years (the year 2037 is a popular choice),
+ and do not refresh them until a certain event in the future,
+ for example the user logging out. In this case this action may
+ limit the absolute lifetime of the session, even if requests
+ are made frequently.</p>
+
+ <p>If the parameter is <span class="QUOTE">"0"</span>, this
+ action behaves like <tt class="LITERAL"><a href=
+ "actions-file.html#SESSION-COOKIES-ONLY">session-cookies-only</a></tt>.</p>
+ </dd>
+
+ <dt>Example usages:</dt>
+
+ <dd>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
++limit-cookie-lifetime{60}
+
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="PREVENT-COMPRESSION" id=
+ "PREVENT-COMPRESSION">8.5.29. prevent-compression</a></h4>
+
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Typical use:</dt>
+
+ <dd>
+ <p>Ensure that servers send the content uncompressed, so it can
+ be passed through <tt class="LITERAL"><a href=
+ "actions-file.html#FILTER">filter</a></tt>s.</p>
+ </dd>
+
+ <dt>Effect:</dt>
+
+ <dd>
+ <p>Removes the Accept-Encoding header which can be used to ask
+ for compressed transfer.</p>
+ </dd>
+
+ <dt>Type:</dt>
+
+ <dd>
+ <p>Boolean.</p>
+ </dd>
+
+ <dt>Parameter:</dt>
+
+ <dd>
+ <p>N/A</p>
+ </dd>
+
+ <dt>Notes:</dt>
+
+ <dd>
+ <p>More and more websites send their content compressed by
+ default, which is generally a good idea and saves bandwidth.
+ But the <tt class="LITERAL"><a href=
+ "actions-file.html#FILTER">filter</a></tt> and <tt class=
+ "LITERAL"><a href=
+ "actions-file.html#DEANIMATE-GIFS">deanimate-gifs</a></tt>
+ actions need access to the uncompressed data.</p>
+
+ <p>When compiled with zlib support (available since
+ <span class="APPLICATION">Privoxy</span> 3.0.7), content that
+ should be filtered is decompressed on-the-fly and you don't
+ have to worry about this action. If you are using an older
+ <span class="APPLICATION">Privoxy</span> version, or one that
+ hasn't been compiled with zlib support, this action can be used
+ to convince the server to send the content uncompressed.</p>
+
+ <p>Most text-based instances compress very well, the size is
+ seldom decreased by less than 50%, for markup-heavy instances
+ like news feeds saving more than 90% of the original size isn't
+ unusual.</p>
+
+ <p>Not using compression will therefore slow down the transfer,
+ and you should only enable this action if you really need it.
+ As of <span class="APPLICATION">Privoxy</span> 3.0.7 it's
+ disabled in all predefined action settings.</p>
+
+ <p>Note that some (rare) ill-configured sites don't handle
+ requests for uncompressed documents correctly. Broken PHP
+ applications tend to send an empty document body, some IIS
+ versions only send the beginning of the content. If you enable
+ <tt class="LITERAL">prevent-compression</tt> per default, you
+ might want to add exceptions for those sites. See the example
+ for how to do that.</p>
+ </dd>
+
+ <dt>Example usage (sections):</dt>
+
+ <dd>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
+# Selectively turn off compression, and enable a filter