+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
<HTML
><HEAD
><TITLE
>Actions Files</TITLE
><META
NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
REL="HOME"
TITLE="Privoxy 3.0.7 User Manual"
HREF="index.html"><LINK
CLASS="SECT1"
><A
NAME="ACTIONS-FILE"
-></A
->8. Actions Files</H1
+>8. Actions Files</A
+></H1
><P
> The actions files are used to define what <SPAN
CLASS="emphasis"
> <DIV
CLASS="TABLE"
><A
-NAME="AEN2061"
+NAME="AEN2145"
></A
><P
><B
></P
><TABLE
BORDER="1"
+FRAME="border"
+RULES="all"
CLASS="CALSTABLE"
-><THEAD
+><COL
+WIDTH="1*"
+TITLE="C1"><COL
+WIDTH="1*"
+TITLE="C2"><COL
+WIDTH="1*"
+TITLE="C3"><COL
+WIDTH="1*"
+TITLE="C4"><THEAD
><TR
><TH
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>Feature</TH
><TH
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>Cautious</TH
><TH
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>Medium</TH
><TH
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>Advanced</TH
></TR
></THEAD
><TBODY
><TR
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>Ad-blocking Aggressiveness</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>medium</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>high</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>high</TD
></TR
><TR
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>Ad-filtering by size</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>no</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>yes</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>yes</TD
></TR
><TR
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>Ad-filtering by link</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>no</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>no</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>yes</TD
></TR
><TR
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>Pop-up killing</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>blocks only</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>blocks only</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>blocks only</TD
></TR
><TR
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>Privacy Features</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>low</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>medium</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>medium/high</TD
></TR
><TR
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>Cookie handling</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>none</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>session-only</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>kill</TD
></TR
><TR
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>Referer forging</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>no</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>yes</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>yes</TD
></TR
><TR
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>GIF de-animation</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>no</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>yes</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>yes</TD
></TR
><TR
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>Fast redirects</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>no</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>no</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>yes</TD
></TR
><TR
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>HTML taming</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>no</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>no</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>yes</TD
></TR
><TR
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>JavaScript taming</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>no</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>no</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>yes</TD
></TR
><TR
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>Web-bug killing</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>no</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>yes</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>yes</TD
></TR
><TR
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>Image tag reordering</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>no</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>no</TD
><TD
-WIDTH="25%"
-ALIGN="LEFT"
-VALIGN="TOP"
>yes</TD
></TR
></TBODY
>http://config.privoxy.org/show-status</A
>.
The over-riding principle when applying actions, is that the last action that
- matches a given URL, wins. The broadest, most general rules go first
+ matches a given URL wins. The broadest, most general rules go first
(defined in <TT
CLASS="FILENAME"
>default.action</TT
CLASS="FILENAME"
>default.action</TT
>,
- with the advantage that is a separate file, which makes preserving your
+ with the advantage that it is a separate file, which makes preserving your
personal settings across <SPAN
CLASS="APPLICATION"
>Privoxy</SPAN
><P
>
Actions can be used to block anything you want, including ads, banners, or
- just some obnoxious URL that you would rather not see. Cookies can be accepted
+ just some obnoxious URL whose content you would rather not see. Cookies can be accepted
or rejected, or accepted only during the current browser session (i.e. not
- written to disk), content can be modified, JavaScripts tamed, user-tracking
+ written to disk), content can be modified, some JavaScripts tamed, user-tracking
fooled, and much more. See below for a <A
HREF="actions-file.html#ACTIONS"
>complete list
><H2
CLASS="SECT2"
><A
-NAME="AEN2160"
-></A
->8.1. Finding the Right Mix</H2
+NAME="AEN2244"
+>8.1. Finding the Right Mix</A
+></H2
><P
> Note that some <A
HREF="actions-file.html#ACTIONS"
will have to make later. If, for example, you want to crunch all cookies per
default, you'll have to make exceptions from that rule for sites that you
regularly use and that require cookies for actually useful purposes, like maybe
- your bank, favorite shop, or newspaper. </P
+ your bank, favorite shop, or newspaper.</P
><P
> We have tried to provide you with reasonable rules to start from in the
distribution actions files. But there is no general rule of thumb on these
><H2
CLASS="SECT2"
><A
-NAME="AEN2167"
-></A
->8.2. How to Edit</H2
+NAME="AEN2251"
+>8.2. How to Edit</A
+></H2
><P
> The easiest way to edit the actions files is with a browser by
using our browser-based editor, which can be reached from <A
TARGET="_top"
>http://config.privoxy.org/show-status</A
>.
- The editor allows both fine-grained control over every single feature on a
- per-URL basis, and easy choosing from wholesale sets of defaults like
- <SPAN
+ Note: the config file option <A
+HREF="config.html#ENABLE-EDIT-ACTIONS"
+>enale-edit-actions</A
+> must be enabled for
+ this to work. The editor allows both fine-grained control over every single
+ feature on a per-URL basis, and easy choosing from wholesale sets of defaults
+ like <SPAN
CLASS="QUOTE"
>"Cautious"</SPAN
>, <SPAN
CLASS="QUOTE"
>"Medium"</SPAN
-> or <SPAN
+> or
+ <SPAN
CLASS="QUOTE"
>"Advanced"</SPAN
->.
- Warning: the <SPAN
+>. Warning: the <SPAN
CLASS="QUOTE"
>"Advanced"</SPAN
-> setting is more aggressive, and
- will be more likely to cause problems for some sites. Experienced users only!</P
+> setting is more
+ aggressive, and will be more likely to cause problems for some sites.
+ Experienced users only!
+ </P
><P
> If you prefer plain text editing to GUIs, you can of course also directly edit the
the actions files with your favorite text editor. Look at
CLASS="SECT2"
><A
NAME="ACTIONS-APPLY"
-></A
->8.3. How Actions are Applied to Requests</H2
+>8.3. How Actions are Applied to Requests</A
+></H2
><P
> Actions files are divided into sections. There are special sections,
like the <SPAN
CLASS="SECT2"
><A
NAME="AF-PATTERNS"
-></A
->8.4. Patterns</H2
+>8.4. Patterns</A
+></H2
><P
>
As mentioned, <SPAN
flexibility. This allows one expression to be expanded and potentially match
against many similar patterns.</P
><P
-> Generally, a URL pattern has the form
+> Generally, an URL pattern has the form
<TT
CLASS="LITERAL"
><domain>/<path></TT
><DT
><TT
CLASS="LITERAL"
->www.example.com/index.html</TT
+>www.example.com/index.html$</TT
+></DT
+><DD
+><P
+> matches all the documents on <TT
+CLASS="LITERAL"
+>www.example.com</TT
+>
+ whose name starts with <TT
+CLASS="LITERAL"
+>/index.html</TT
+>.
+ </P
+></DD
+><DT
+><TT
+CLASS="LITERAL"
+>www.example.com/index.html$</TT
></DT
><DD
><P
><DT
><TT
CLASS="LITERAL"
->/index.html</TT
+>/index.html$</TT
></DT
><DD
><P
></DT
><DD
><P
-> matches nothing, since it would be interpreted as a domain name and
+> matches nothing, since it would be interpreted as a domain name and
there is no top-level domain called <TT
CLASS="LITERAL"
>.html</TT
><H3
CLASS="SECT3"
><A
-NAME="AEN2250"
-></A
->8.4.1. The Domain Pattern</H3
+NAME="AEN2342"
+>8.4.1. The Domain Pattern</A
+></H3
><P
> The matching of the domain part offers some flexible options: if the
domain starts or ends with a dot, it becomes unanchored at that end.
><H3
CLASS="SECT3"
><A
-NAME="AEN2321"
-></A
->8.4.2. The Path Pattern</H3
+NAME="AEN2413"
+>8.4.2. The Path Pattern</A
+></H3
><P
> <SPAN
CLASS="APPLICATION"
><DT
><TT
CLASS="LITERAL"
->.example.com/.*/index.html</TT
+>.example.com/.*/index.html$</TT
></DT
><DD
><P
><DT
><TT
CLASS="LITERAL"
->.example.com/(.*/)?index\.html</TT
+>.example.com/(.*/)?index\.html$</TT
></DT
><DD
><P
CLASS="SECT3"
><A
NAME="TAG-PATTERN"
-></A
->8.4.3. The Tag Pattern</H3
+>8.4.3. The Tag Pattern</A
+></H3
><P
> Tag patterns are used to change the applying actions based on the
request's tags. Tags can be created with either the
<A
-HREF="actions-file.html#CLIENT-HEADER-FILTER"
+HREF="actions-file.html#CLIENT-HEADER-TAGGER"
>client-header-tagger</A
>
or the <A
-HREF="actions-file.html#SERVER-HEADER-FILTER"
+HREF="actions-file.html#SERVER-HEADER-TAGGER"
>server-header-tagger</A
> action.</P
><P
>
can tell them apart from URL patterns. Everything after the colon
including white space, is interpreted as a regular expression with
- path patterns syntax, except that tag patterns aren't left-anchored
+ path pattern syntax, except that tag patterns aren't left-anchored
automatically (Privoxy doesn't silently add a <SPAN
CLASS="QUOTE"
>"^"</SPAN
match requests whose tags contain <SPAN
CLASS="QUOTE"
>"foo"</SPAN
-> somewhere.</P
+> somewhere.
+ <SPAN
+CLASS="QUOTE"
+>"TAG: foo"</SPAN
+> wouldn't work as it requires white space.</P
><P
> Sections can contain URL and tag patterns at the same time,
but tag patterns are checked after the URL patterns and thus
CLASS="SECT2"
><A
NAME="ACTIONS"
-></A
->8.5. Actions</H2
+>8.5. Actions</A
+></H2
><P
> All actions are disabled by default, until they are explicitly enabled
somewhere in an actions file. Actions are turned on if preceded with a
>
Example: <TT
CLASS="LITERAL"
->+hide-user-agent{ Mozilla 1.0 }</TT
+>+hide-user-agent{Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.1.4) Gecko/20070602 Firefox/2.0.0.4}</TT
>
</P
></LI
CLASS="APPLICATION"
>Privoxy</SPAN
> would just be a
- normal, non-blocking, non-anonymizing proxy. You must specifically enable the
+ normal, non-blocking, non-filtering proxy. You must specifically enable the
privacy and blocking features you need (although the provided default actions
files will give a good starting point).</P
><P
-> Later defined actions always over-ride earlier ones. So exceptions
- to any rules you make, should come in the latter part of the file (or
+> Later defined action sections always over-ride earlier ones of the same type.
+ So exceptions to any rules you make, should come in the latter part of the file (or
in a file that is processed later when using multiple actions files such
as <TT
CLASS="FILENAME"
CLASS="SECT3"
><A
NAME="ADD-HEADER"
-></A
->8.5.1. add-header</H4
+>8.5.1. add-header</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="BLOCK"
-></A
->8.5.2. block</H4
+>8.5.2. block</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="CLIENT-HEADER-FILTER"
-></A
->8.5.3. client-header-filter</H4
+>8.5.3. client-header-filter</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="CLIENT-HEADER-TAGGER"
-></A
->8.5.4. client-header-tagger</H4
+>8.5.4. client-header-tagger</A
+></H4
><P
></P
><DIV
><PRE
CLASS="SCREEN"
># Tag every request with the User-Agent header
-{+client-header-filter{user-agent}}
+{+client-header-tagger{user-agent}}
/
</PRE
></TD
CLASS="SECT3"
><A
NAME="CONTENT-TYPE-OVERWRITE"
-></A
->8.5.5. content-type-overwrite</H4
+>8.5.5. content-type-overwrite</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="CRUNCH-CLIENT-HEADER"
-></A
->8.5.6. crunch-client-header</H4
+>8.5.6. crunch-client-header</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="CRUNCH-IF-NONE-MATCH"
-></A
->8.5.7. crunch-if-none-match</H4
+>8.5.7. crunch-if-none-match</A
+></H4
><P
></P
><DIV
</P
><P
> It is also useful to make sure the header isn't used as a cookie
- replacement.
+ replacement (unlikely but possible).
</P
><P
> Blocking the <SPAN
CLASS="QUOTE"
>"If-Modified-Since:"</SPAN
> header
- isn't blocked as well.
+ isn't blocked or missing as well.
</P
><P
> It is recommended to use this action together with
><TD
><PRE
CLASS="SCREEN"
-># Let the browser revalidate cached documents without being tracked across sessions
-{ +hide-if-modified-since{-60} \
+># Let the browser revalidate cached documents but don't
+# allow the server to use the revalidation headers for user tracking.
+{+hide-if-modified-since{-60} \
+overwrite-last-modified{randomize} \
+crunch-if-none-match}
/ </PRE
CLASS="SECT3"
><A
NAME="CRUNCH-INCOMING-COOKIES"
-></A
->8.5.8. crunch-incoming-cookies</H4
+>8.5.8. crunch-incoming-cookies</A
+></H4
><P
></P
><DIV
>Typical use:</DT
><DD
><P
-> Prevent the web server from setting any cookies on your system
+> Prevent the web server from setting HTTP cookies on your system
</P
></DD
><DT
CLASS="EMPHASIS"
>incoming</I
></SPAN
-> cookies. For
+> HTTP cookies. For
<SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>outgoing</I
></SPAN
-> cookies, use
+> HTTP cookies, use
<TT
CLASS="LITERAL"
><A
CLASS="EMPHASIS"
>both</I
></SPAN
-> to disable cookies completely.
+> to disable HTTP cookies completely.
</P
><P
> It makes <SPAN
CLASS="SECT3"
><A
NAME="CRUNCH-SERVER-HEADER"
-></A
->8.5.9. crunch-server-header</H4
+>8.5.9. crunch-server-header</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="CRUNCH-OUTGOING-COOKIES"
-></A
->8.5.10. crunch-outgoing-cookies</H4
+>8.5.10. crunch-outgoing-cookies</A
+></H4
><P
></P
><DIV
>Typical use:</DT
><DD
><P
-> Prevent the web server from reading any cookies from your system
+> Prevent the web server from reading any HTTP cookies from your system
</P
></DD
><DT
CLASS="EMPHASIS"
>outgoing</I
></SPAN
-> cookies. For
+> HTTP cookies. For
<SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>incoming</I
></SPAN
-> cookies, use
+> HTTP cookies, use
<TT
CLASS="LITERAL"
><A
CLASS="EMPHASIS"
>both</I
></SPAN
-> to disable cookies completely.
+> to disable HTTP cookies completely.
</P
><P
> It makes <SPAN
CLASS="SECT3"
><A
NAME="DEANIMATE-GIFS"
-></A
->8.5.11. deanimate-gifs</H4
+>8.5.11. deanimate-gifs</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="DOWNGRADE-HTTP-VERSION"
-></A
->8.5.12. downgrade-http-version</H4
+>8.5.12. downgrade-http-version</A
+></H4
><P
></P
><DIV
>
didn't support important HTTP/1.1 features well. It is left here for the
unlikely case that you experience HTTP/1.1 related problems with some server
- out there. Not all (optional) HTTP/1.1 features are supported yet, so there
- is a chance you might need this action.
+ out there. Not all HTTP/1.1 features and requirements are supported yet,
+ so there is a chance you might need this action.
</P
></DD
><DT
CLASS="SECT3"
><A
NAME="FAST-REDIRECTS"
-></A
->8.5.13. fast-redirects</H4
+>8.5.13. fast-redirects</A
+></H4
><P
></P
><DIV
><PRE
CLASS="SCREEN"
> { +fast-redirects{simple-check} }
- .example.com
+ one.example.com
{ +fast-redirects{check-decoded-url} }
another.example.com/testing</PRE
CLASS="SECT3"
><A
NAME="FILTER"
-></A
->8.5.14. filter</H4
+>8.5.14. filter</A
+></H4
><P
></P
><DIV
><TD
><PRE
CLASS="SCREEN"
->+filter{ie-exploits} # Disable some known Internet Explorer bug exploits</PRE
+>+filter{ie-exploits} # Disable a known Internet Explorer bug exploits</PRE
></TD
></TR
></TABLE
CLASS="SECT3"
><A
NAME="FORCE-TEXT-MODE"
-></A
->8.5.15. force-text-mode</H4
+>8.5.15. force-text-mode</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="FORWARD-OVERRIDE"
-></A
->8.5.16. forward-override</H4
+>8.5.16. forward-override</A
+></H4
><P
></P
><DIV
>Effect:</DT
><DD
><P
-> Overrules the forward directives in the configuration files.
+> Overrules the forward directives in the configuration file.
</P
></DD
><DT
> <SPAN
CLASS="QUOTE"
>"forward-socks4a 127.0.0.1:9050 ."</SPAN
-> to use the socks4a proxy listening at 127.0.0.1 port 9050.
- Replace <SPAN
+> to use the socks4a proxy listening at
+ 127.0.0.1 port 9050. Replace <SPAN
CLASS="QUOTE"
>"forward-socks4a"</SPAN
> with <SPAN
CLASS="QUOTE"
>"forward-socks4"</SPAN
-> to use a socks4 connection (with local DNS
- resolution) instead.
+>
+ to use a socks4 connection (with local DNS resolution) instead.
</P
></LI
><LI
> with <SPAN
CLASS="QUOTE"
>"forward-socks4"</SPAN
-> to use a socks4 connection (with local DNS
- resolution) instead.
+> to use a socks4 connection
+ (with local DNS resolution) instead.
</P
></LI
></UL
-hide-if-modified-since \
-overwrite-last-modified \
}
-TAG:^User-Agent: fetch libfetch/2.0$
+TAG:^User-Agent: fetch libfetch/2\.0$
</PRE
></TD
></TR
CLASS="SECT3"
><A
NAME="HANDLE-AS-EMPTY-DOCUMENT"
-></A
->8.5.17. handle-as-empty-document</H4
+>8.5.17. handle-as-empty-document</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="HANDLE-AS-IMAGE"
-></A
->8.5.18. handle-as-image</H4
+>8.5.18. handle-as-image</A
+></H4
><P
></P
><DIV
# blocked as images:
#
{+block +handle-as-image}
-some.nasty-banner-server.com/junk.cgi?output=trash
+some.nasty-banner-server.com/junk.cgi\?output=trash
# Banner source! Who cares if they also have non-image content?
ad.doubleclick.net </PRE
CLASS="SECT3"
><A
NAME="HIDE-ACCEPT-LANGUAGE"
-></A
->8.5.19. hide-accept-language</H4
+>8.5.19. hide-accept-language</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="HIDE-CONTENT-DISPOSITION"
-></A
->8.5.20. hide-content-disposition</H4
+>8.5.20. hide-content-disposition</A
+></H4
><P
></P
><DIV
to another one, but in most cases it isn't worth the time to set
it up.
</P
+><P
+> This action will probably be removed in the future,
+ use server-header filters instead.
+ </P
></DD
><DT
>Example usage:</DT
CLASS="SECT3"
><A
NAME="HIDE-IF-MODIFIED-SINCE"
-></A
->8.5.21. hide-if-modified-since</H4
+>8.5.21. hide-if-modified-since</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="HIDE-FORWARDED-FOR-HEADERS"
-></A
->8.5.22. hide-forwarded-for-headers</H4
+>8.5.22. hide-forwarded-for-headers</A
+></H4
><P
></P
><DIV
>Typical use:</DT
><DD
><P
->Improve privacy by hiding the true source of the request</P
+>Improve privacy by not embedding the source of the request in the HTTP headers.</P
></DD
><DT
>Effect:</DT
>Notes:</DT
><DD
><P
-> It is fairly safe to leave this on.
- </P
-><P
-> This action is scheduled for improvement: It should be able to generate forged
- <SPAN
-CLASS="QUOTE"
->"X-Forwarded-for:"</SPAN
-> headers using random IP addresses from a specified network,
- to make successive requests from the same client look like requests from a pool of different
- users sharing the same proxy.
+> It is safe to leave this on.
</P
></DD
><DT
CLASS="SECT3"
><A
NAME="HIDE-FROM-HEADER"
-></A
->8.5.23. hide-from-header</H4
+>8.5.23. hide-from-header</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="HIDE-REFERRER"
-></A
->8.5.24. hide-referrer</H4
+>8.5.24. hide-referrer</A
+></H4
><A
NAME="HIDE-REFERER"
></A
CLASS="SECT3"
><A
NAME="HIDE-USER-AGENT"
-></A
->8.5.25. hide-user-agent</H4
+>8.5.25. hide-user-agent</A
+></H4
><P
></P
><DIV
(Must be just a silly MS goof, I'm sure :-).
</P
><P
-> This action is scheduled for improvement.
+> More information on known user-agent strings can be found at
+ <A
+HREF="http://www.user-agents.org/"
+TARGET="_top"
+>http://www.user-agents.org/</A
+>
+ and
+ <A
+HREF="http://en.wikipedia.org/wiki/User_agent"
+TARGET="_top"
+>http://en.wikipedia.org/wiki/User_agent</A
+>.
</P
></DD
><DT
CLASS="SECT3"
><A
NAME="INSPECT-JPEGS"
-></A
->8.5.26. inspect-jpegs</H4
+>8.5.26. inspect-jpegs</A
+></H4
><P
></P
><DIV
allow execution of code on the target system, giving an attacker access
to the system in question by merely planting an altered JPEG image, which
would have no obvious indications of what lurks inside. This action
- prevents unwanted intrusion.
+ prevents this exploit.
+ </P
+><P
+> Note that the described exploit is only one of many,
+ using this action does not mean that you no longer
+ have to patch the client.
</P
></DD
><DT
CLASS="SECT3"
><A
NAME="KILL-POPUPS"
-></A
>8.5.27. kill-popups<A
NAME="KILL-POPUP"
></A
+></A
></H4
><P
></P
CLASS="SECT3"
><A
NAME="LIMIT-CONNECT"
-></A
->8.5.28. limit-connect</H4
+>8.5.28. limit-connect</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="PREVENT-COMPRESSION"
-></A
->8.5.29. prevent-compression</H4
+>8.5.29. prevent-compression</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="OVERWRITE-LAST-MODIFIED"
-></A
->8.5.30. overwrite-last-modified</H4
+>8.5.30. overwrite-last-modified</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="REDIRECT"
-></A
->8.5.31. redirect</H4
+>8.5.31. redirect</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="SEND-VANILLA-WAFER"
-></A
->8.5.32. send-vanilla-wafer</H4
+>8.5.32. send-vanilla-wafer</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="SEND-WAFER"
-></A
->8.5.33. send-wafer</H4
+>8.5.33. send-wafer</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="SERVER-HEADER-FILTER"
-></A
->8.5.34. server-header-filter</H4
+>8.5.34. server-header-filter</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="SERVER-HEADER-TAGGER"
-></A
->8.5.35. server-header-tagger</H4
+>8.5.35. server-header-tagger</A
+></H4
><P
></P
><DIV
><PRE
CLASS="SCREEN"
># Tag every request with the declared content type
-{+client-header-filter{content-type}}
+{+server-header-tagger{content-type}}
/
</PRE
></TD
CLASS="SECT3"
><A
NAME="SESSION-COOKIES-ONLY"
-></A
->8.5.36. session-cookies-only</H4
+>8.5.36. session-cookies-only</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="SET-IMAGE-BLOCKER"
-></A
->8.5.37. set-image-blocker</H4
+>8.5.37. set-image-blocker</A
+></H4
><P
></P
><DIV
CLASS="SECT3"
><A
NAME="TREAT-FORBIDDEN-CONNECTS-LIKE-BLOCKS"
-></A
->8.5.38. treat-forbidden-connects-like-blocks</H4
+>8.5.38. treat-forbidden-connects-like-blocks</A
+></H4
><P
></P
><DIV
><H3
CLASS="SECT3"
><A
-NAME="AEN4122"
-></A
->8.5.39. Summary</H3
+NAME="AEN4217"
+>8.5.39. Summary</A
+></H3
><P
> Note that many of these actions have the potential to cause a page to
misbehave, possibly even not to display at all. There are many ways
CLASS="SECT2"
><A
NAME="ALIASES"
-></A
->8.6. Aliases</H2
+>8.6. Aliases</A
+></H2
><P
> Custom <SPAN
CLASS="QUOTE"
CLASS="SECT2"
><A
NAME="ACT-EXAMPLES"
-></A
->8.7. Actions Files Tutorial</H2
+>8.7. Actions Files Tutorial</A
+></H2
><P
> The above chapters have shown <A
HREF="actions-file.html"
><H3
CLASS="SECT3"
><A
-NAME="AEN4187"
-></A
->8.7.1. default.action</H3
+NAME="AEN4282"
+>8.7.1. default.action</A
+></H3
><P
>Every config file should start with a short comment stating its purpose:</P
><P
><H3
CLASS="SECT3"
><A
-NAME="AEN4374"
-></A
->8.7.2. user.action</H3
+NAME="AEN4469"
+>8.7.2. user.action</A
+></H3
><P
> So far we are painting with a broad brush by setting general policies,
which would be a reasonable starting point for many people. Now,