-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>The Main Configuration File</TITLE
><META
NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
+"><LINK
REL="HOME"
-TITLE="Privoxy 3.0.3 User Manual"
+TITLE="Privoxy 3.0.7 User Manual"
HREF="index.html"><LINK
REL="PREVIOUS"
TITLE="Privoxy Configuration"
HREF="actions-file.html"><LINK
REL="STYLESHEET"
TYPE="text/css"
-HREF="../p_doc.css"></HEAD
+HREF="../p_doc.css">
+<LINK REL="STYLESHEET" TYPE="text/css" HREF="p_doc.css">
+</head
><BODY
CLASS="SECT1"
BGCOLOR="#EEEEEE"
><TH
COLSPAN="3"
ALIGN="center"
->Privoxy 3.0.3 User Manual</TH
+>Privoxy 3.0.7 User Manual</TH
></TR
><TR
><TD
CLASS="SECT1"
><A
NAME="CONFIG"
->7. The Main Configuration File</A
-></H1
+></A
+>7. The Main Configuration File</H1
><P
> Again, the main configuration file is named <TT
CLASS="FILENAME"
values, all separated by whitespace (any number of spaces or tabs). For
example:</P
><P
-> <VAR
+> <TT
CLASS="LITERAL"
> <P
CLASS="LITERALLAYOUT"
></SPAN
></P
>
- </VAR
+ </TT
> </P
><P
-> Assigns the value <VAR
+> Assigns the value <TT
CLASS="LITERAL"
->/etc/privoxy</VAR
+>/etc/privoxy</TT
> to the option
- <VAR
+ <TT
CLASS="LITERAL"
->confdir</VAR
+>confdir</TT
> and thus indicates that the configuration
directory is named <SPAN
CLASS="QUOTE"
>"/etc/privoxy/"</SPAN
>.</P
><P
-> All options in the config file except for <VAR
+> All options in the config file except for <TT
CLASS="LITERAL"
->confdir</VAR
+>confdir</TT
> and
- <VAR
+ <TT
CLASS="LITERAL"
->logdir</VAR
+>logdir</TT
> are optional. Watch out in the below description
for what happens if you leave them unset.</P
><P
><H2
CLASS="SECT2"
><A
-NAME="CONF-LOG-LOC"
->7.1. Configuration and Log File Locations</A
-></H2
-><P
-> <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> can (and normally does) use a number of
- other files for additional configuration, help and logging.
- This section of the configuration file tells <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
->
- where to find those other files. </P
+NAME="LOCAL-SET-UP"
+></A
+>7.1. Local Set-up Documentation</H2
><P
-> The user running <SPAN
+> If you intend to operate <SPAN
CLASS="APPLICATION"
>Privoxy</SPAN
->, must have read
- permission for all configuration files, and write permission to any files
- that would be modified, such as log files and actions files.</P
+> for more users
+ than just yourself, it might be a good idea to let them know how to reach
+ you, what you block and why you do that, your policies, etc.
+ </P
><DIV
CLASS="SECT3"
><H4
CLASS="SECT3"
><A
-NAME="CONFDIR"
->7.1.1. confdir</A
-></H4
+NAME="USER-MANUAL"
+></A
+>7.1.1. user-manual</H4
><P
></P
><DIV
>Specifies:</DT
><DD
><P
->The directory where the other configuration files are located</P
+> Location of the <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> User Manual.
+ </P
></DD
><DT
>Type of value:</DT
><DD
><P
->Path name</P
+>A fully qualified URI</P
></DD
><DT
>Default value:</DT
><DD
><P
->/etc/privoxy (Unix) <SPAN
+><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
->or</I
+>Unset</I
></SPAN
-> <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> installation dir (Windows) </P
+></P
></DD
><DT
>Effect if unset:</DT
><DD
><P
-><SPAN
-CLASS="emphasis"
+> <A
+HREF="http://www.privoxy.org/user-manual/"
+TARGET="_top"
+>http://www.privoxy.org/<TT
+CLASS="REPLACEABLE"
><I
-CLASS="EMPHASIS"
->Mandatory</I
-></SPAN
-></P
+>version</I
+></TT
+>/user-manual/</A
+>
+ will be used, where <TT
+CLASS="REPLACEABLE"
+><I
+>version</I
+></TT
+> is the <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> version.
+ </P
></DD
><DT
>Notes:</DT
><DD
><P
-> No trailing <SPAN
-CLASS="QUOTE"
->"<VAR
-CLASS="LITERAL"
->/</VAR
->"</SPAN
->, please
+> The User Manual URI is the single best source of information on
+ <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+>, and is used for help links from some
+ of the internal CGI pages. The manual itself is normally packaged with the
+ binary distributions, so you probably want to set this to a locally
+ installed copy.
</P
><P
-> When development goes modular and multi-user, the blocker, filter, and
- per-user config will be stored in subdirectories of <SPAN
-CLASS="QUOTE"
->"confdir"</SPAN
->.
- For now, the configuration directory structure is flat, except for
- <TT
-CLASS="FILENAME"
->confdir/templates</TT
->, where the HTML templates for CGI
- output reside (e.g. <SPAN
-CLASS="APPLICATION"
->Privoxy's</SPAN
-> 404 error page).
+> Examples:
+ </P
+><P
+> The best all purpose solution is simply to put the full local
+ <TT
+CLASS="LITERAL"
+>PATH</TT
+> to where the <I
+CLASS="CITETITLE"
+>User Manual</I
+> is
+ located:
+ </P
+><P
+> <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+> user-manual /usr/share/doc/privoxy/user-manual</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+><P
+> The User Manual is then available to anyone with access to the proxy, by
+ following the built-in URL: <TT
+CLASS="LITERAL"
+>http://config.privoxy.org/user-manual/</TT
+>
+ (or the shortcut: <TT
+CLASS="LITERAL"
+>http://p.p/user-manual/</TT
+>).
+ </P
+><P
+> If the documentation is not on the local system, it can be accessed
+ from a remote server, as:
+ </P
+><P
+> <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+> user-manual http://example.com/privoxy/user-manual/</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+><DIV
+CLASS="WARNING"
+><P
+></P
+><TABLE
+CLASS="WARNING"
+BORDER="1"
+WIDTH="90%"
+><TR
+><TD
+ALIGN="CENTER"
+><B
+>Warning</B
+></TD
+></TR
+><TR
+><TD
+ALIGN="LEFT"
+><P
+> If set, this option should be <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>the first option in the config
+ file</I
+></SPAN
+>, because it is used while the config file is being read
+ on start-up.
</P
+></TD
+></TR
+></TABLE
+></DIV
></DD
></DL
></DIV
><H4
CLASS="SECT3"
><A
-NAME="LOGDIR"
->7.1.2. logdir</A
-></H4
+NAME="TRUST-INFO-URL"
+></A
+>7.1.2. trust-info-url</H4
><P
></P
><DIV
>Specifies:</DT
><DD
><P
-> The directory where all logging takes place (i.e. where <TT
-CLASS="FILENAME"
->logfile</TT
-> and
- <TT
-CLASS="FILENAME"
->jarfile</TT
-> are located)
+> A URL to be displayed in the error page that users will see if access to an untrusted page is denied.
</P
></DD
><DT
>Type of value:</DT
><DD
><P
->Path name</P
+>URL</P
></DD
><DT
>Default value:</DT
><DD
><P
->/var/log/privoxy (Unix) <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->or</I
-></SPAN
-> <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> installation dir (Windows) </P
+>Two example URL are provided</P
></DD
><DT
>Effect if unset:</DT
><DD
><P
+> No links are displayed on the "untrusted" error page.
+ </P
+></DD
+><DT
+>Notes:</DT
+><DD
+><P
+> The value of this option only matters if the experimental trust mechanism has been
+ activated. (See <A
+HREF="config.html#TRUSTFILE"
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
->Mandatory</I
+>trustfile</I
></SPAN
-></P
-></DD
-><DT
->Notes:</DT
-><DD
+></A
+> above.)
+ </P
><P
-> No trailing <SPAN
-CLASS="QUOTE"
->"<VAR
-CLASS="LITERAL"
->/</VAR
->"</SPAN
->, please
+> If you use the trust mechanism, it is a good idea to write up some on-line
+ documentation about your trust policy and to specify the URL(s) here.
+ Use multiple times for multiple URLs.
+ </P
+><P
+> The URL(s) should be added to the trustfile as well, so users don't end up
+ locked out from the information on why they were locked out in the first place!
</P
></DD
></DL
><H4
CLASS="SECT3"
><A
-NAME="ACTIONSFILE"
->7.1.3. actionsfile</A
-></H4
-><A
-NAME="DEFAULT.ACTION"
-></A
-><A
-NAME="STANDARD.ACTION"
-></A
-><A
-NAME="USER.ACTION"
+NAME="ADMIN-ADDRESS"
></A
+>7.1.3. admin-address</H4
><P
></P
><DIV
>Specifies:</DT
><DD
><P
-> The <A
-HREF="actions-file.html"
->actions file(s)</A
-> to use
+> An email address to reach the proxy administrator.
</P
></DD
><DT
>Type of value:</DT
><DD
><P
->File name, relative to <VAR
-CLASS="LITERAL"
->confdir</VAR
->, without the <VAR
-CLASS="LITERAL"
->.action</VAR
-> suffix</P
+>Email address</P
></DD
><DT
->Default values:</DT
+>Default value:</DT
><DD
><P
+><SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>Unset</I
+></SPAN
></P
-><TABLE
-BORDER="0"
-><TBODY
-><TR
-><TD
-> <P
-CLASS="LITERALLAYOUT"
-> standard # Internal purposes, no editing recommended</P
+></DD
+><DT
+>Effect if unset:</DT
+><DD
+><P
+> No email address is displayed on error pages and the CGI user interface.
+ </P
+></DD
+><DT
+>Notes:</DT
+><DD
+><P
+> If both <TT
+CLASS="LITERAL"
+>admin-address</TT
+> and <TT
+CLASS="LITERAL"
+>proxy-info-url</TT
>
- </TD
-></TR
-><TR
-><TD
-> <P
-CLASS="LITERALLAYOUT"
-> default # Main actions file</P
->
- </TD
-></TR
-><TR
-><TD
-> <P
-CLASS="LITERALLAYOUT"
-> user # User customizations</P
->
- </TD
-></TR
-></TBODY
-></TABLE
-><P
-></P
-></DD
-><DT
->Effect if unset:</DT
-><DD
-><P
-> No actions are taken at all. Simple neutral proxying.
- </P
-></DD
-><DT
->Notes:</DT
-><DD
-><P
-> Multiple <VAR
-CLASS="LITERAL"
->actionsfile</VAR
-> lines are permitted, and are in fact recommended!
- </P
-><P
->
- The default values include standard.action, which is used for internal
- purposes and should be loaded, default.action, which is the
- <SPAN
-CLASS="QUOTE"
->"main"</SPAN
-> actions file maintained by the developers, and
- <TT
-CLASS="FILENAME"
->user.action</TT
->, where you can make your personal additions.
- </P
-><P
->
- Actions files are where all the per site and per URL configuration is done for
- ad blocking, cookie management, privacy considerations, etc.
- There is no point in using <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> without at
- least one actions file.
+ are unset, the whole "Local Privoxy Support" box on all generated pages will
+ not be shown.
</P
></DD
></DL
><H4
CLASS="SECT3"
><A
-NAME="FILTERFILE"
->7.1.4. filterfile</A
-></H4
-><A
-NAME="DEFAULT.FILTER"
+NAME="PROXY-INFO-URL"
></A
+>7.1.4. proxy-info-url</H4
><P
></P
><DIV
>Specifies:</DT
><DD
><P
-> The <A
-HREF="filter-file.html"
->filter file</A
-> to use
+> A URL to documentation about the local <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> setup,
+ configuration or policies.
</P
></DD
><DT
>Type of value:</DT
><DD
><P
->File name, relative to <VAR
-CLASS="LITERAL"
->confdir</VAR
-></P
+>URL</P
></DD
><DT
>Default value:</DT
><DD
><P
->default.filter (Unix) <SPAN
+><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
->or</I
+>Unset</I
></SPAN
-> default.filter.txt (Windows)</P
+></P
></DD
><DT
>Effect if unset:</DT
><DD
><P
-> No textual content filtering takes place, i.e. all
- <VAR
-CLASS="LITERAL"
->+<A
-HREF="actions-file.html#FILTER"
->filter</A
->{<VAR
-CLASS="REPLACEABLE"
->name</VAR
->}</VAR
->
- actions in the actions files are turned neutral.
+> No link to local documentation is displayed on error pages and the CGI user interface.
</P
></DD
><DT
>Notes:</DT
><DD
><P
-> The <A
-HREF="filter-file.html"
->filter file</A
-> contains content modification
- rules that use <A
-HREF="appendix.html#REGEX"
->regular expressions</A
->. These rules permit
- powerful changes on the content of Web pages, e.g., you could disable your favorite
- JavaScript annoyances, re-write the actual displayed text, or just have some
- fun replacing <SPAN
-CLASS="QUOTE"
->"Microsoft"</SPAN
-> with <SPAN
-CLASS="QUOTE"
->"MicroSuck"</SPAN
-> wherever
- it appears on a Web page.
- </P
-><P
-> The
- <VAR
+> If both <TT
CLASS="LITERAL"
->+<A
-HREF="actions-file.html#FILTER"
->filter</A
->{<VAR
-CLASS="REPLACEABLE"
->name</VAR
->}</VAR
+>admin-address</TT
+> and <TT
+CLASS="LITERAL"
+>proxy-info-url</TT
>
- actions rely on the relevant filter (<VAR
-CLASS="REPLACEABLE"
->name</VAR
->)
- to be defined in the filter file!
+ are unset, the whole "Local Privoxy Support" box on all generated pages will
+ not be shown.
</P
><P
-> A pre-defined filter file called <TT
-CLASS="FILENAME"
->default.filter</TT
-> that contains
- a bunch of handy filters for common problems is included in the distribution.
- See the section on the <VAR
-CLASS="LITERAL"
-><A
-HREF="actions-file.html#FILTER"
->filter</A
-></VAR
->
- action for a list.
+> This URL shouldn't be blocked ;-)
</P
></DD
></DL
></DIV
></DIV
+></DIV
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="CONF-LOG-LOC"
+></A
+>7.2. Configuration and Log File Locations</H2
+><P
+> <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> can (and normally does) use a number of
+ other files for additional configuration, help and logging.
+ This section of the configuration file tells <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+>
+ where to find those other files. </P
+><P
+> The user running <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+>, must have read
+ permission for all configuration files, and write permission to any files
+ that would be modified, such as log files and actions files.</P
><DIV
CLASS="SECT3"
><H4
CLASS="SECT3"
><A
-NAME="LOGFILE"
->7.1.5. logfile</A
-></H4
+NAME="CONFDIR"
+></A
+>7.2.1. confdir</H4
><P
></P
><DIV
>Specifies:</DT
><DD
><P
-> The log file to use
- </P
+>The directory where the other configuration files are located</P
></DD
><DT
>Type of value:</DT
><DD
><P
->File name, relative to <VAR
-CLASS="LITERAL"
->logdir</VAR
-></P
+>Path name</P
></DD
><DT
>Default value:</DT
><DD
><P
->logfile (Unix) <SPAN
+>/etc/privoxy (Unix) <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>or</I
></SPAN
-> privoxy.log (Windows)</P
+> <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> installation dir (Windows) </P
></DD
><DT
>Effect if unset:</DT
><DD
><P
-> No log file is used, all log messages go to the console (<VAR
-CLASS="LITERAL"
->STDERR</VAR
->).
- </P
+><SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>Mandatory</I
+></SPAN
+></P
></DD
><DT
>Notes:</DT
><DD
><P
-> The logfile is where all logging and error messages are written. The level
- of detail and number of messages are set with the <VAR
-CLASS="LITERAL"
->debug</VAR
->
- option (see below). The logfile can be useful for tracking down a problem with
- <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> (e.g., it's not blocking an ad you
- think it should block) but in most cases you probably will never look at it.
- </P
-><P
-> Your logfile will grow indefinitely, and you will probably want to
- periodically remove it. On Unix systems, you can do this with a cron job
- (see <SPAN
-CLASS="QUOTE"
->"man cron"</SPAN
->). For Red Hat, a <B
-CLASS="COMMAND"
->logrotate</B
->
- script has been included.
- </P
-><P
-> On SuSE Linux systems, you can place a line like <SPAN
-CLASS="QUOTE"
->"/var/log/privoxy.*
- +1024k 644 nobody.nogroup"</SPAN
-> in <TT
-CLASS="FILENAME"
->/etc/logfiles</TT
->, with
- the effect that cron.daily will automatically archive, gzip, and empty the
- log, when it exceeds 1M size.
- </P
-><P
-> Any log files must be writable by whatever user <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
->
- is being run as (default on UNIX, user id is <SPAN
+> No trailing <SPAN
CLASS="QUOTE"
->"privoxy"</SPAN
->).
+>"<TT
+CLASS="LITERAL"
+>/</TT
+>"</SPAN
+>, please
</P
></DD
></DL
><H4
CLASS="SECT3"
><A
-NAME="JARFILE"
->7.1.6. jarfile</A
-></H4
+NAME="TEMPLDIR"
+></A
+>7.2.2. templdir</H4
><P
></P
><DIV
>Specifies:</DT
><DD
><P
-> The file to store intercepted cookies in
- </P
+>An alternative directory where the templates are loaded from</P
></DD
><DT
>Type of value:</DT
><DD
><P
->File name, relative to <VAR
-CLASS="LITERAL"
->logdir</VAR
-></P
+>Path name</P
></DD
><DT
>Default value:</DT
><DD
><P
->jarfile (Unix) <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->or</I
-></SPAN
-> privoxy.jar (Windows)</P
+>unset</P
></DD
><DT
>Effect if unset:</DT
><DD
><P
-> Intercepted cookies are not stored at all.
- </P
+>The templates are assumed to be located in confdir/template.</P
></DD
><DT
>Notes:</DT
><DD
><P
-> The jarfile may grow to ridiculous sizes over time.
+> Privoxy's original templates are usually overwritten
+ with each update. Use this option to relocate customized templates
+ that should be kept. Note that you might be missing new features
+ if you use outdated templates.
</P
></DD
></DL
><H4
CLASS="SECT3"
><A
-NAME="TRUSTFILE"
->7.1.7. trustfile</A
-></H4
+NAME="LOGDIR"
+></A
+>7.2.3. logdir</H4
><P
></P
><DIV
>Specifies:</DT
><DD
><P
-> The trust file to use
+> The directory where all logging takes place (i.e. where <TT
+CLASS="FILENAME"
+>logfile</TT
+> and
+ <TT
+CLASS="FILENAME"
+>jarfile</TT
+> are located)
</P
></DD
><DT
>Type of value:</DT
><DD
><P
->File name, relative to <VAR
-CLASS="LITERAL"
->confdir</VAR
-></P
+>Path name</P
></DD
><DT
>Default value:</DT
><DD
><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->Unset (commented out)</I
-></SPAN
->. When activated: trust (Unix) <SPAN
+>/var/log/privoxy (Unix) <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>or</I
></SPAN
-> trust.txt (Windows)</P
+> <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> installation dir (Windows) </P
></DD
><DT
>Effect if unset:</DT
><DD
><P
-> The entire trust mechanism is turned off.
- </P
+><SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>Mandatory</I
+></SPAN
+></P
></DD
><DT
>Notes:</DT
><DD
><P
-> The trust mechanism is an experimental feature for building white-lists and should
- be used with care. It is <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->NOT</I
-></SPAN
-> recommended for the casual user.
+> No trailing <SPAN
+CLASS="QUOTE"
+>"<TT
+CLASS="LITERAL"
+>/</TT
+>"</SPAN
+>, please
</P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><H4
+CLASS="SECT3"
+><A
+NAME="ACTIONSFILE"
+></A
+>7.2.4. actionsfile</H4
+><A
+NAME="DEFAULT.ACTION"
+></A
+><A
+NAME="STANDARD.ACTION"
+></A
+><A
+NAME="USER.ACTION"
+></A
><P
-> If you specify a trust file, <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> will only allow
- access to sites that are specified in the trustfile. Sites can be listed
- in one of two ways:
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>Specifies:</DT
+><DD
+><P
+> The <A
+HREF="actions-file.html"
+>actions file(s)</A
+> to use
</P
+></DD
+><DT
+>Type of value:</DT
+><DD
><P
-> Prepending a <VAR
-CLASS="LITERAL"
->~</VAR
-> character limits access to this site
- only (and any sub-paths within this site), e.g.
- <VAR
+>Complete file name, relative to <TT
CLASS="LITERAL"
->~www.example.com</VAR
->.
+>confdir</TT
+></P
+></DD
+><DT
+>Default values:</DT
+><DD
+><P
+></P
+><TABLE
+BORDER="0"
+><TBODY
+><TR
+><TD
+> <P
+CLASS="LITERALLAYOUT"
+> standard.action # Internal purposes, no editing recommended</P
+>
+ </TD
+></TR
+><TR
+><TD
+> <P
+CLASS="LITERALLAYOUT"
+> default.action # Main actions file</P
+>
+ </TD
+></TR
+><TR
+><TD
+> <P
+CLASS="LITERALLAYOUT"
+> user.action # User customizations</P
+>
+ </TD
+></TR
+></TBODY
+></TABLE
+><P
+></P
+></DD
+><DT
+>Effect if unset:</DT
+><DD
+><P
+> No actions are taken at all. More or less neutral proxying.
</P
+></DD
+><DT
+>Notes:</DT
+><DD
><P
-> Or, you can designate sites as <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->trusted referrers</I
-></SPAN
->, by
- prepending the name with a <VAR
-CLASS="LITERAL"
->+</VAR
-> character. The effect is that
- access to untrusted sites will be granted -- but only if a link from this
- trusted referrer was used. The link target will then be added to the
- <SPAN
-CLASS="QUOTE"
->"trustfile"</SPAN
-> so that future, direct accesses will be granted.
- Sites added via this mechanism do not become trusted referrers themselves
- (i.e. they are added with a <VAR
+> Multiple <TT
CLASS="LITERAL"
->~</VAR
-> designation).
+>actionsfile</TT
+> lines are permitted, and are in fact recommended!
</P
><P
-> If you use the <VAR
-CLASS="LITERAL"
->+</VAR
-> operator in the trust file, it may grow
- considerably over time.
+>
+ The default values include standard.action, which is used for internal
+ purposes and should be loaded, default.action, which is the
+ <SPAN
+CLASS="QUOTE"
+>"main"</SPAN
+> actions file maintained by the developers, and
+ <TT
+CLASS="FILENAME"
+>user.action</TT
+>, where you can make your personal additions.
</P
><P
-> It is recommended that <SPAN
+>
+ Actions files are where all the per site and per URL configuration is done for
+ ad blocking, cookie management, privacy considerations, etc.
+ There is no point in using <SPAN
CLASS="APPLICATION"
>Privoxy</SPAN
-> be compiled with
- the <VAR
-CLASS="LITERAL"
->--disable-force</VAR
->, <VAR
-CLASS="LITERAL"
->--disable-toggle</VAR
-> and
- <VAR
-CLASS="LITERAL"
-> --disable-editor</VAR
-> options, if this feature is to be
- used.
+> without at
+ least one actions file.
</P
><P
-> Possible applications include limiting Internet access for children.
+> Note that since Privoxy 3.0.7, the complete filename, including the <SPAN
+CLASS="QUOTE"
+>".action"</SPAN
+>
+ extension has to be specified. The syntax change was necessary to be consistent
+ with the other file options and to allow previously forbidden characters.
</P
></DD
></DL
></DIV
></DIV
-></DIV
-><DIV
-CLASS="SECT2"
-><H2
-CLASS="SECT2"
-><A
-NAME="LOCAL-SET-UP"
->7.2. Local Set-up Documentation</A
-></H2
-><P
-> If you intend to operate <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> for more users
- than just yourself, it might be a good idea to let them know how to reach
- you, what you block and why you do that, your policies, etc.
- </P
><DIV
CLASS="SECT3"
><H4
CLASS="SECT3"
><A
-NAME="USER-MANUAL"
->7.2.1. user-manual</A
-></H4
+NAME="FILTERFILE"
+></A
+>7.2.5. filterfile</H4
+><A
+NAME="DEFAULT.FILTER"
+></A
><P
></P
><DIV
>Specifies:</DT
><DD
><P
-> Location of the <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> User Manual.
+> The <A
+HREF="filter-file.html"
+>filter file(s)</A
+> to use
</P
></DD
><DT
>Type of value:</DT
><DD
><P
->A fully qualified URI</P
+>File name, relative to <TT
+CLASS="LITERAL"
+>confdir</TT
+></P
></DD
><DT
>Default value:</DT
><DD
><P
-><SPAN
+>default.filter (Unix) <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
->Unset</I
+>or</I
></SPAN
-></P
+> default.filter.txt (Windows)</P
></DD
><DT
>Effect if unset:</DT
><DD
><P
-> <A
-HREF="http://www.privoxy.org/user-manual/"
-TARGET="_top"
->http://www.privoxy.org/<VAR
+> No textual content filtering takes place, i.e. all
+ <TT
+CLASS="LITERAL"
+>+<A
+HREF="actions-file.html#FILTER"
+>filter</A
+>{<TT
CLASS="REPLACEABLE"
->version</VAR
->/user-manual/</A
+><I
+>name</I
+></TT
+>}</TT
>
- will be used, where <VAR
-CLASS="REPLACEABLE"
->version</VAR
-> is the <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> version.
+ actions in the actions files are turned neutral.
</P
></DD
><DT
>Notes:</DT
><DD
><P
-> The User Manual URI is used for help links from some of the internal CGI pages.
- The manual itself is normally packaged with the binary distributions, so you probably want
- to set this to a locally installed copy. For multi-user setups, you could provide a copy on
- a local webserver for all your users and use the corresponding URL here.
+> Multiple <TT
+CLASS="LITERAL"
+>filterfile</TT
+> lines are permitted.
</P
><P
-> Examples:
+> The <A
+HREF="filter-file.html"
+>filter files</A
+> contain content modification
+ rules that use <A
+HREF="appendix.html#REGEX"
+>regular expressions</A
+>. These rules permit
+ powerful changes on the content of Web pages, and optionally the headers
+ as well, e.g., you could disable your favorite JavaScript annoyances,
+ re-write the actual displayed text, or just have some fun
+ playing buzzword bingo with web pages.
</P
><P
-> Unix, in local filesystem:
- </P
-><P
-> <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
-> user-manual file:///usr/share/doc/privoxy-3.0.3/user-manual/</PRE
-></TD
-></TR
-></TABLE
->
- </P
-><P
-> Windows, in local filesystem, <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->must</I
-></SPAN
-> use forward slash notation:
- </P
-><P
-> <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
-> user-manual file:/c:/some-dir/privoxy-3.0.3/user-manual/</PRE
-></TD
-></TR
-></TABLE
->
- </P
-><P
-> Windows, UNC notation (with forward slashes):
- </P
-><P
-> <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
-> user-manual file://///some-server/some-path/privoxy-3.0.3/user-manual/</PRE
-></TD
-></TR
-></TABLE
->
- </P
-><P
-> Any platform, on local webserver (called <SPAN
-CLASS="QUOTE"
->"local-webserver"</SPAN
->):
- </P
-><P
-> <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
-> user-manual http://local-webserver/privoxy-user-manual/</PRE
-></TD
-></TR
-></TABLE
+> The
+ <TT
+CLASS="LITERAL"
+>+<A
+HREF="actions-file.html#FILTER"
+>filter</A
+>{<TT
+CLASS="REPLACEABLE"
+><I
+>name</I
+></TT
+>}</TT
>
- </P
-><DIV
-CLASS="WARNING"
+ actions rely on the relevant filter (<TT
+CLASS="REPLACEABLE"
+><I
+>name</I
+></TT
+>)
+ to be defined in a filter file!
+ </P
><P
-></P
-><TABLE
-CLASS="WARNING"
-BORDER="1"
-WIDTH="90%"
-><TR
-><TD
-ALIGN="CENTER"
-><B
->Warning</B
-></TD
-></TR
-><TR
-><TD
-ALIGN="LEFT"
+> A pre-defined filter file called <TT
+CLASS="FILENAME"
+>default.filter</TT
+> that contains
+ a number of useful filters for common problems is included in the distribution.
+ See the section on the <TT
+CLASS="LITERAL"
+><A
+HREF="actions-file.html#FILTER"
+>filter</A
+></TT
+>
+ action for a list.
+ </P
><P
-> If set, this option should be <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->the first option in the config
- file</I
-></SPAN
->, because it is used while the config file is being read.
+> It is recommended to place any locally adapted filters into a separate
+ file, such as <TT
+CLASS="FILENAME"
+>user.filter</TT
+>.
</P
-></TD
-></TR
-></TABLE
-></DIV
></DD
></DL
></DIV
><H4
CLASS="SECT3"
><A
-NAME="TRUST-INFO-URL"
->7.2.2. trust-info-url</A
-></H4
+NAME="LOGFILE"
+></A
+>7.2.6. logfile</H4
><P
></P
><DIV
>Specifies:</DT
><DD
><P
-> A URL to be displayed in the error page that users will see if access to an untrusted page is denied.
+> The log file to use
</P
></DD
><DT
>Type of value:</DT
><DD
><P
->URL</P
+>File name, relative to <TT
+CLASS="LITERAL"
+>logdir</TT
+></P
></DD
><DT
>Default value:</DT
><DD
><P
->Two example URL are provided</P
+>logfile (Unix) <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>or</I
+></SPAN
+> privoxy.log (Windows)</P
></DD
><DT
>Effect if unset:</DT
><DD
><P
-> No links are displayed on the "untrusted" error page.
+> No log file is used, all log messages go to the console (<TT
+CLASS="LITERAL"
+>STDERR</TT
+>).
</P
></DD
><DT
>Notes:</DT
><DD
><P
-> The value of this option only matters if the experimental trust mechanism has been
- activated. (See <A
-HREF="config.html#TRUSTFILE"
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->trustfile</I
-></SPAN
-></A
-> above.)
+> The logfile is where all logging and error messages are written. The level
+ of detail and number of messages are set with the <TT
+CLASS="LITERAL"
+>debug</TT
+>
+ option (see below). The logfile can be useful for tracking down a problem with
+ <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> (e.g., it's not blocking an ad you
+ think it should block) but in most cases you probably will never look at it.
</P
><P
-> If you use the trust mechanism, it is a good idea to write up some on-line
- documentation about your trust policy and to specify the URL(s) here.
- Use multiple times for multiple URLs.
+> Your logfile will grow indefinitely, and you will probably want to
+ periodically remove it. On Unix systems, you can do this with a cron job
+ (see <SPAN
+CLASS="QUOTE"
+>"man cron"</SPAN
+>). For Red Hat, a <B
+CLASS="COMMAND"
+>logrotate</B
+>
+ script has been included.
</P
><P
-> The URL(s) should be added to the trustfile as well, so users don't end up
- locked out from the information on why they were locked out in the first place!
+> On SuSE Linux systems, you can place a line like <SPAN
+CLASS="QUOTE"
+>"/var/log/privoxy.*
+ +1024k 644 nobody.nogroup"</SPAN
+> in <TT
+CLASS="FILENAME"
+>/etc/logfiles</TT
+>, with
+ the effect that cron.daily will automatically archive, gzip, and empty the
+ log, when it exceeds 1M size.
+ </P
+><P
+> Any log files must be writable by whatever user <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+>
+ is being run as (default on UNIX, user id is <SPAN
+CLASS="QUOTE"
+>"privoxy"</SPAN
+>).
</P
></DD
></DL
><H4
CLASS="SECT3"
><A
-NAME="ADMIN-ADDRESS"
->7.2.3. admin-address</A
-></H4
+NAME="JARFILE"
+></A
+>7.2.7. jarfile</H4
><P
></P
><DIV
>Specifies:</DT
><DD
><P
-> An email address to reach the proxy administrator.
+> The file to store intercepted cookies in
</P
></DD
><DT
>Type of value:</DT
><DD
><P
->Email address</P
+>File name, relative to <TT
+CLASS="LITERAL"
+>logdir</TT
+></P
></DD
><DT
>Default value:</DT
><DD
><P
-><SPAN
+>Unset (commented out). When activated: jarfile (Unix) <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
->Unset</I
+>or</I
></SPAN
-></P
+> privoxy.jar (Windows)</P
></DD
><DT
>Effect if unset:</DT
><DD
><P
-> No email address is displayed on error pages and the CGI user interface.
+> Intercepted cookies are not stored in a dedicated log file.
</P
></DD
><DT
>Notes:</DT
><DD
><P
-> If both <VAR
-CLASS="LITERAL"
->admin-address</VAR
-> and <VAR
-CLASS="LITERAL"
->proxy-info-url</VAR
->
- are unset, the whole "Local Privoxy Support" box on all generated pages will
- not be shown.
+> The jarfile may grow to ridiculous sizes over time.
+ </P
+><P
+> If debug 8 (show header parsing) is enabled, cookies are
+ written to the logfile with the rest of the headers.
</P
></DD
></DL
><H4
CLASS="SECT3"
><A
-NAME="PROXY-INFO-URL"
->7.2.4. proxy-info-url</A
-></H4
+NAME="TRUSTFILE"
+></A
+>7.2.8. trustfile</H4
><P
></P
><DIV
>Specifies:</DT
><DD
><P
-> A URL to documentation about the local <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> setup,
- configuration or policies.
+> The name of the trust file to use
</P
></DD
><DT
>Type of value:</DT
><DD
><P
->URL</P
+>File name, relative to <TT
+CLASS="LITERAL"
+>confdir</TT
+></P
></DD
><DT
>Default value:</DT
CLASS="emphasis"
><I
CLASS="EMPHASIS"
->Unset</I
+>Unset (commented out)</I
></SPAN
-></P
+>. When activated: trust (Unix) <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>or</I
+></SPAN
+> trust.txt (Windows)</P
></DD
><DT
>Effect if unset:</DT
><DD
><P
-> No link to local documentation is displayed on error pages and the CGI user interface.
+> The entire trust mechanism is disabled.
</P
></DD
><DT
>Notes:</DT
><DD
><P
-> If both <VAR
+> The trust mechanism is an experimental feature for building white-lists and should
+ be used with care. It is <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>NOT</I
+></SPAN
+> recommended for the casual user.
+ </P
+><P
+> If you specify a trust file, <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> will only allow
+ access to sites that are specified in the trustfile. Sites can be listed
+ in one of two ways:
+ </P
+><P
+> Prepending a <TT
CLASS="LITERAL"
->admin-address</VAR
-> and <VAR
+>~</TT
+> character limits access to this site
+ only (and any sub-paths within this site), e.g.
+ <TT
CLASS="LITERAL"
->proxy-info-url</VAR
->
- are unset, the whole "Local Privoxy Support" box on all generated pages will
- not be shown.
+>~www.example.com</TT
+> allows access to
+ <TT
+CLASS="LITERAL"
+>~www.example.com/features/news.html</TT
+>, etc.
</P
><P
-> This URL shouldn't be blocked ;-)
+> Or, you can designate sites as <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>trusted referrers</I
+></SPAN
+>, by
+ prepending the name with a <TT
+CLASS="LITERAL"
+>+</TT
+> character. The effect is that
+ access to untrusted sites will be granted -- but only if a link from this
+ trusted referrer was used to get there. The link target will then be added
+ to the <SPAN
+CLASS="QUOTE"
+>"trustfile"</SPAN
+> so that future, direct accesses will be
+ granted. Sites added via this mechanism do not become trusted referrers
+ themselves (i.e. they are added with a <TT
+CLASS="LITERAL"
+>~</TT
+> designation).
+ There is a limit of 512 such entries, after which new entries will not be
+ made.
+ </P
+><P
+> If you use the <TT
+CLASS="LITERAL"
+>+</TT
+> operator in the trust file, it may grow
+ considerably over time.
+ </P
+><P
+> It is recommended that <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> be compiled with
+ the <TT
+CLASS="LITERAL"
+>--disable-force</TT
+>, <TT
+CLASS="LITERAL"
+>--disable-toggle</TT
+> and
+ <TT
+CLASS="LITERAL"
+> --disable-editor</TT
+> options, if this feature is to be
+ used.
+ </P
+><P
+> Possible applications include limiting Internet access for children.
</P
></DD
></DL
CLASS="SECT2"
><A
NAME="DEBUGGING"
->7.3. Debugging</A
-></H2
+></A
+>7.3. Debugging</H2
><P
> These options are mainly useful when tracing a problem.
Note that you might also want to invoke
<SPAN
CLASS="APPLICATION"
>Privoxy</SPAN
-> with the <VAR
+> with the <TT
CLASS="LITERAL"
->--no-daemon</VAR
+>--no-daemon</TT
>
command line option when debugging.
</P
CLASS="SECT3"
><A
NAME="DEBUG"
->7.3.1. debug</A
-></H4
+></A
+>7.3.1. debug</H4
><P
></P
><DIV
debug 2 # show each connection status
debug 4 # show I/O status
debug 8 # show header parsing
- debug 16 # log all data into the logfile
+ debug 16 # log all data written to the network into the logfile
debug 32 # debug force feature
- debug 64 # debug regular expression filter
- debug 128 # debug fast redirects
+ debug 64 # debug regular expression filters
+ debug 128 # debug redirects
debug 256 # debug GIF de-animation
debug 512 # Common Log Format
debug 1024 # debug kill pop-ups
</P
><P
> To select multiple debug levels, you can either add them or use
- multiple <VAR
+ multiple <TT
CLASS="LITERAL"
->debug</VAR
+>debug</TT
> lines.
</P
><P
CLASS="EMPHASIS"
>fatal</I
></SPAN
-> errors (i.e. ones which crash
+> errors (i.e. ones which causes
<SPAN
CLASS="APPLICATION"
>Privoxy</SPAN
->) is always on and cannot be disabled.
+> to exit) is always on and cannot be disabled.
</P
><P
> If you want to use CLF (Common Log Format), you should set <SPAN
></SPAN
> and not enable anything else.
</P
+><P
+> <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> has a hard-coded limit for the
+ length of log messages. If it's reached, messages are logged truncated
+ and marked with <SPAN
+CLASS="QUOTE"
+>"... [too long, truncated]"</SPAN
+>.
+ </P
></DD
></DL
></DIV
CLASS="SECT3"
><A
NAME="SINGLE-THREADED"
->7.3.2. single-threaded</A
-></H4
+></A
+>7.3.2. single-threaded</H4
><P
></P
><DIV
CLASS="SECT2"
><A
NAME="ACCESS-CONTROL"
->7.4. Access Control and Security</A
-></H2
+></A
+>7.4. Access Control and Security</H2
><P
> This section of the config file controls the security-relevant aspects
of <SPAN
CLASS="SECT3"
><A
NAME="LISTEN-ADDRESS"
->7.4.1. listen-address</A
-></H4
+></A
+>7.4.1. listen-address</H4
><P
></P
><DIV
>Type of value:</DT
><DD
><P
->[<VAR
+>[<TT
CLASS="REPLACEABLE"
->IP-Address</VAR
->]:<VAR
+><I
+>IP-Address</I
+></TT
+>]:<TT
CLASS="REPLACEABLE"
->Port</VAR
+><I
+>Port</I
+></TT
></P
></DD
><DT
CLASS="APPLICATION"
>Privoxy</SPAN
> to untrusted users, you will
- also want to turn off the <VAR
+ also want to turn off the <TT
CLASS="LITERAL"
><A
HREF="config.html#ENABLE-EDIT-ACTIONS"
>enable-edit-actions</A
-></VAR
+></TT
> and
- <VAR
+ <TT
CLASS="LITERAL"
><A
HREF="config.html#ENABLE-REMOTE-TOGGLE"
>enable-remote-toggle</A
-></VAR
+></TT
>
options!
</P
CLASS="SECT3"
><A
NAME="TOGGLE"
->7.4.2. toggle</A
-></H4
+></A
+>7.4.2. toggle</H4
><P
></P
><DIV
<SPAN
CLASS="QUOTE"
>"toggled off"</SPAN
-> mode, i.e. behave like a normal, content-neutral
- proxy where all ad blocking, filtering, etc are disabled. See
- <VAR
+> mode, i.e. mostly behave like a normal,
+ content-neutral proxy where all ad blocking, filtering, etc are disabled. See
+ <TT
CLASS="LITERAL"
->enable-remote-toggle</VAR
+>enable-remote-toggle</TT
> below. This is not really useful
anymore, since toggling is much easier via <A
HREF="http://config.privoxy.org/toggle"
CLASS="SECT3"
><A
NAME="ENABLE-REMOTE-TOGGLE"
->7.4.3. enable-remote-toggle</A
-></H4
+></A
+>7.4.3. enable-remote-toggle</H4
><P
></P
><DIV
> When toggled off, <SPAN
CLASS="APPLICATION"
>Privoxy</SPAN
-> acts like a normal,
+> mostly acts like a normal,
content-neutral proxy, i.e. it acts as if none of the actions applied to
any URL.
</P
<SPAN
CLASS="QUOTE"
>"ACLs"</SPAN
-> and <VAR
+> and <TT
CLASS="LITERAL"
->listen-address</VAR
+>listen-address</TT
> above) can
toggle it for all users. So this option is <SPAN
CLASS="emphasis"
><H4
CLASS="SECT3"
><A
+NAME="ENABLE-REMOTE-HTTP-TOGGLE"
+></A
+>7.4.4. enable-remote-http-toggle</H4
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>Specifies:</DT
+><DD
+><P
+> Whether or not Privoxy recognizes special HTTP headers to change its behaviour.
+ </P
+></DD
+><DT
+>Type of value:</DT
+><DD
+><P
+>0 or 1</P
+></DD
+><DT
+>Default value:</DT
+><DD
+><P
+>1</P
+></DD
+><DT
+>Effect if unset:</DT
+><DD
+><P
+> Privoxy ignores special HTTP headers.
+ </P
+></DD
+><DT
+>Notes:</DT
+><DD
+><P
+> When toggled on, the client can change <SPAN
+CLASS="APPLICATION"
+>Privoxy's</SPAN
+>
+ behaviour by setting special HTTP headers. Currently the only supported
+ special header is <SPAN
+CLASS="QUOTE"
+>"X-Filter: No"</SPAN
+>, to disable filtering for
+ the ongoing request, even if it is enabled in one of the action files.
+ </P
+><P
+> If you are using <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> in a
+ multi-user environment or with untrustworthy clients and want to
+ enforce filtering, you will have to disable this option,
+ otherwise you can ignore it.
+ </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><H4
+CLASS="SECT3"
+><A
NAME="ENABLE-EDIT-ACTIONS"
->7.4.4. enable-edit-actions</A
-></H4
+></A
+>7.4.5. enable-edit-actions</H4
><P
></P
><DIV
<SPAN
CLASS="QUOTE"
>"ACLs"</SPAN
-> and <VAR
+> and <TT
CLASS="LITERAL"
->listen-address</VAR
+>listen-address</TT
> above) can
modify its configuration for all users. So this option is <SPAN
CLASS="emphasis"
><H4
CLASS="SECT3"
><A
+NAME="ENFORCE-BLOCKS"
+></A
+>7.4.6. enforce-blocks</H4
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>Specifies:</DT
+><DD
+><P
+> Whether the user is allowed to ignore blocks and can <SPAN
+CLASS="QUOTE"
+>"go there anyway"</SPAN
+>.
+ </P
+></DD
+><DT
+>Type of value:</DT
+><DD
+><P
+> <TT
+CLASS="REPLACEABLE"
+><I
+>0 or 1</I
+></TT
+>
+ </P
+></DD
+><DT
+>Default value:</DT
+><DD
+><P
+><SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>0</I
+></SPAN
+></P
+></DD
+><DT
+>Effect if unset:</DT
+><DD
+><P
+> Blocks are not enforced.
+ </P
+></DD
+><DT
+>Notes:</DT
+><DD
+><P
+> <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> is mainly used to block and filter
+ requests as a service to the user, for example to block ads and other
+ junk that clogs the pipes. <SPAN
+CLASS="APPLICATION"
+>Privoxy's</SPAN
+> configuration
+ isn't perfect and sometimes innocent pages are blocked. In this situation it
+ makes sense to allow the user to enforce the request and have
+ <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> ignore the block.
+ </P
+><P
+> In the default configuration <SPAN
+CLASS="APPLICATION"
+>Privoxy's</SPAN
+>
+ <SPAN
+CLASS="QUOTE"
+>"Blocked"</SPAN
+> page contains a <SPAN
+CLASS="QUOTE"
+>"go there anyway"</SPAN
+>
+ link to adds a special string (the force prefix) to the request URL.
+ If that link is used, <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> will
+ detect the force prefix, remove it again and let the request pass.
+ </P
+><P
+> Of course <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> can also be used to enforce
+ a network policy. In that case the user obviously should not be able to
+ bypass any blocks, and that's what the <SPAN
+CLASS="QUOTE"
+>"enforce-blocks"</SPAN
+>
+ option is for. If it's enabled, <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> hides
+ the <SPAN
+CLASS="QUOTE"
+>"go there anyway"</SPAN
+> link. If the user adds the force
+ prefix by hand, it will not be accepted and the circumvention attempt
+ is logged.
+ </P
+></DD
+><DT
+>Examples:</DT
+><DD
+><P
+> enforce-blocks 1
+ </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><H4
+CLASS="SECT3"
+><A
NAME="ACLS"
->7.4.5. ACLs: permit-access and deny-access</A
-></H4
+></A
+>7.4.7. ACLs: permit-access and deny-access</H4
><A
NAME="PERMIT-ACCESS"
></A
>Type of value:</DT
><DD
><P
-> <VAR
+> <TT
CLASS="REPLACEABLE"
->src_addr</VAR
->[/<VAR
+><I
+>src_addr</I
+></TT
+>[/<TT
CLASS="REPLACEABLE"
->src_masklen</VAR
+><I
+>src_masklen</I
+></TT
>]
- [<VAR
+ [<TT
CLASS="REPLACEABLE"
->dst_addr</VAR
->[/<VAR
+><I
+>dst_addr</I
+></TT
+>[/<TT
CLASS="REPLACEABLE"
->dst_masklen</VAR
+><I
+>dst_masklen</I
+></TT
>]]
</P
><P
-> Where <VAR
+> Where <TT
CLASS="REPLACEABLE"
->src_addr</VAR
+><I
+>src_addr</I
+></TT
> and
- <VAR
+ <TT
CLASS="REPLACEABLE"
->dst_addr</VAR
+><I
+>dst_addr</I
+></TT
> are IP addresses in dotted decimal notation or valid
- DNS names, and <VAR
+ DNS names, and <TT
CLASS="REPLACEABLE"
->src_masklen</VAR
+><I
+>src_masklen</I
+></TT
> and
- <VAR
+ <TT
CLASS="REPLACEABLE"
->dst_masklen</VAR
+><I
+>dst_masklen</I
+></TT
> are subnet masks in CIDR notation, i.e. integer
values from 2 to 30 representing the length (in bits) of the network address. The masks and the whole
destination part are optional.
>Effect if unset:</DT
><DD
><P
-> Don't restrict access further than implied by <VAR
+> Don't restrict access further than implied by <TT
CLASS="LITERAL"
->listen-address</VAR
+>listen-address</TT
>
</P
></DD
</P
><P
> Multiple ACL lines are OK.
- If any ACLs are specified, then the <SPAN
+ If any ACLs are specified, <SPAN
CLASS="APPLICATION"
>Privoxy</SPAN
->
- talks only to IP addresses that match at least one <VAR
+> only talks
+ to IP addresses that match at least one <TT
CLASS="LITERAL"
->permit-access</VAR
+>permit-access</TT
> line
- and don't match any subsequent <VAR
+ and don't match any subsequent <TT
CLASS="LITERAL"
->deny-access</VAR
+>deny-access</TT
> line. In other words, the
- last match wins, with the default being <VAR
+ last match wins, with the default being <TT
CLASS="LITERAL"
->deny-access</VAR
+>deny-access</TT
>.
</P
><P
> If <SPAN
CLASS="APPLICATION"
>Privoxy</SPAN
-> is using a forwarder (see <VAR
+> is using a forwarder (see <TT
CLASS="LITERAL"
->forward</VAR
+>forward</TT
> below)
- for a particular destination URL, the <VAR
+ for a particular destination URL, the <TT
CLASS="REPLACEABLE"
->dst_addr</VAR
+><I
+>dst_addr</I
+></TT
>
that is examined is the address of the forwarder and <SPAN
CLASS="emphasis"
</P
><P
> Denying access to particular sites by ACL may have undesired side effects
- if the site in question is hosted on a machine which also hosts other sites.
+ if the site in question is hosted on a machine which also hosts other sites
+ (most sites are).
</P
></DD
><DT
><DD
><P
> Explicitly define the default behavior if no ACL and
- <VAR
+ <TT
CLASS="LITERAL"
->listen-address</VAR
+>listen-address</TT
> are set: <SPAN
CLASS="QUOTE"
>"localhost"</SPAN
>
- is OK. The absence of a <VAR
+ is OK. The absence of a <TT
CLASS="REPLACEABLE"
->dst_addr</VAR
+><I
+>dst_addr</I
+></TT
> implies that
<SPAN
CLASS="emphasis"
</P
><P
> Allow any host on the same class C subnet as www.privoxy.org access to
- nothing but www.example.com:
+ nothing but www.example.com (or other domains hosted on the same system):
</P
><P
> <TABLE
</P
><P
> Allow access from any host on the 26-bit subnet 192.168.45.64 to anywhere,
- with the exception that 192.168.45.73 may not access www.dirty-stuff.example.com:
+ with the exception that 192.168.45.73 may not access the IP address behind
+ www.dirty-stuff.example.com:
</P
><P
> <TABLE
CLASS="SECT3"
><A
NAME="BUFFER-LIMIT"
->7.4.6. buffer-limit</A
-></H4
+></A
+>7.4.8. buffer-limit</H4
><P
></P
><DIV
>Notes:</DT
><DD
><P
-> For content filtering, i.e. the <VAR
+> For content filtering, i.e. the <TT
CLASS="LITERAL"
->+filter</VAR
+>+filter</TT
> and
- <VAR
+ <TT
CLASS="LITERAL"
->+deanimate-gif</VAR
+>+deanimate-gif</TT
> actions, it is necessary that
<SPAN
CLASS="APPLICATION"
Hence this option.
</P
><P
-> When a document buffer size reaches the <VAR
+> When a document buffer size reaches the <TT
CLASS="LITERAL"
->buffer-limit</VAR
+>buffer-limit</TT
>, it is
flushed to the client unfiltered and no further attempt to
filter the rest of the document is made. Remember that there may be multiple threads
- running, which might require up to <VAR
+ running, which might require up to <TT
CLASS="LITERAL"
->buffer-limit</VAR
+>buffer-limit</TT
> Kbytes
<SPAN
CLASS="emphasis"
CLASS="SECT2"
><A
NAME="FORWARDING"
->7.5. Forwarding</A
-></H2
+></A
+>7.5. Forwarding</H2
><P
> This feature allows routing of HTTP requests through a chain of
- multiple proxies.
- It can be used to better protect privacy and confidentiality when
- accessing specific domains by routing requests to those domains
- through an anonymous public proxy (see e.g. <A
-HREF="http://www.multiproxy.org/anon_list.htm"
-TARGET="_top"
->http://www.multiproxy.org/anon_list.htm</A
->)
- Or to use a caching proxy to speed up browsing. Or chaining to a parent
- proxy may be necessary because the machine that <SPAN
+ multiple proxies.</P
+><P
+> Forwarding can be used to chain Privoxy with a caching proxy to speed
+ up browsing. Using a parent proxy may also be necessary if the machine
+ that <SPAN
CLASS="APPLICATION"
>Privoxy</SPAN
+> runs on has no direct Internet access.</P
+><P
+> Note that parent proxies can severely decrease your privacy level.
+ For example a parent proxy could add your IP address to the request
+ headers and if it's a caching proxy it may add the <SPAN
+CLASS="QUOTE"
+>"Etag"</SPAN
>
- runs on has no direct Internet access.</P
+ header to revalidation requests again, even though you configured Privoxy
+ to remove it. It may also ignore Privoxy's header time randomization and use the
+ original values which could be used by the server as cookie replacement
+ to track your steps between visits.</P
><P
> Also specified here are SOCKS proxies. <SPAN
CLASS="APPLICATION"
CLASS="SECT3"
><A
NAME="FORWARD"
->7.5.1. forward</A
-></H4
+></A
+>7.5.1. forward</H4
><P
></P
><DIV
>Type of value:</DT
><DD
><P
-> <VAR
+> <TT
CLASS="REPLACEABLE"
->target_pattern</VAR
+><I
+>target_pattern</I
+></TT
>
- <VAR
+ <TT
CLASS="REPLACEABLE"
->http_parent</VAR
->[:<VAR
+><I
+>http_parent</I
+></TT
+>[:<TT
CLASS="REPLACEABLE"
->port</VAR
+><I
+>port</I
+></TT
>]
</P
><P
-> where <VAR
+> where <TT
CLASS="REPLACEABLE"
->target_pattern</VAR
+><I
+>target_pattern</I
+></TT
> is a <A
HREF="actions-file.html#AF-PATTERNS"
>URL pattern</A
>
- that specifies to which requests (i.e. URLs) this forward rule shall apply. Use <VAR
+ that specifies to which requests (i.e. URLs) this forward rule shall apply. Use <TT
CLASS="LITERAL"
->/</VAR
+>/</TT
> to
denote <SPAN
CLASS="QUOTE"
>"all URLs"</SPAN
>.
- <VAR
+ <TT
CLASS="REPLACEABLE"
->http_parent</VAR
->[:<VAR
+><I
+>http_parent</I
+></TT
+>[:<TT
CLASS="REPLACEABLE"
->port</VAR
+><I
+>port</I
+></TT
>]
is the DNS name or IP address of the parent HTTP proxy through which the requests should be forwarded,
optionally followed by its listening port (default: 8080).
- Use a single dot (<VAR
+ Use a single dot (<TT
CLASS="LITERAL"
->.</VAR
+>.</TT
>) to denote <SPAN
CLASS="QUOTE"
>"no forwarding"</SPAN
>Notes:</DT
><DD
><P
-> If <VAR
+> If <TT
CLASS="REPLACEABLE"
->http_parent</VAR
+><I
+>http_parent</I
+></TT
> is <SPAN
CLASS="QUOTE"
>"."</SPAN
>Examples:</DT
><DD
><P
-> Everything goes to an example anonymizing proxy, except SSL on port 443 (which it doesn't handle):
+> Everything goes to an example parent proxy, except SSL on port 443 (which it doesn't handle):
</P
><P
> <TABLE
><TD
><PRE
CLASS="SCREEN"
-> forward / anon-proxy.example.org:8080
+> forward / parent-proxy.example.org:8080
forward :443 .</PRE
></TD
></TR
CLASS="SECT3"
><A
NAME="SOCKS"
->7.5.2. forward-socks4 and forward-socks4a</A
-></H4
+></A
+>7.5.2. forward-socks4 and forward-socks4a</H4
><A
NAME="FORWARD-SOCKS4"
></A
>Specifies:</DT
><DD
><P
-> Through which SOCKS proxy (and to which parent HTTP proxy) specific requests should be routed.
+> Through which SOCKS proxy (and optionally to which parent HTTP proxy) specific requests should be routed.
</P
></DD
><DT
>Type of value:</DT
><DD
><P
-> <VAR
+> <TT
CLASS="REPLACEABLE"
->target_pattern</VAR
+><I
+>target_pattern</I
+></TT
>
- <VAR
+ <TT
CLASS="REPLACEABLE"
->socks_proxy</VAR
->[:<VAR
+><I
+>socks_proxy</I
+></TT
+>[:<TT
CLASS="REPLACEABLE"
->port</VAR
+><I
+>port</I
+></TT
>]
- <VAR
+ <TT
CLASS="REPLACEABLE"
->http_parent</VAR
->[:<VAR
+><I
+>http_parent</I
+></TT
+>[:<TT
CLASS="REPLACEABLE"
->port</VAR
+><I
+>port</I
+></TT
>]
</P
><P
-> where <VAR
+> where <TT
CLASS="REPLACEABLE"
->target_pattern</VAR
+><I
+>target_pattern</I
+></TT
> is a <A
HREF="actions-file.html#AF-PATTERNS"
>URL pattern</A
>
- that specifies to which requests (i.e. URLs) this forward rule shall apply. Use <VAR
+ that specifies to which requests (i.e. URLs) this forward rule shall apply. Use <TT
CLASS="LITERAL"
->/</VAR
+>/</TT
> to
denote <SPAN
CLASS="QUOTE"
>"all URLs"</SPAN
>.
- <VAR
+ <TT
CLASS="REPLACEABLE"
->http_parent</VAR
-> and <VAR
+><I
+>http_parent</I
+></TT
+> and <TT
CLASS="REPLACEABLE"
->socks_proxy</VAR
+><I
+>socks_proxy</I
+></TT
>
- are IP addresses in dotted decimal notation or valid DNS names (<VAR
+ are IP addresses in dotted decimal notation or valid DNS names (<TT
CLASS="REPLACEABLE"
->http_parent</VAR
+><I
+>http_parent</I
+></TT
>
may be <SPAN
CLASS="QUOTE"
CLASS="QUOTE"
>"no HTTP forwarding"</SPAN
>), and the optional
- <VAR
+ <TT
CLASS="REPLACEABLE"
->port</VAR
+><I
+>port</I
+></TT
> parameters are TCP ports, i.e. integer values from 1 to 64535
</P
></DD
> Multiple lines are OK, they are checked in sequence, and the last match wins.
</P
><P
-> The difference between <VAR
-CLASS="LITERAL"
->forward-socks4</VAR
-> and <VAR
-CLASS="LITERAL"
->forward-socks4a</VAR
->
- is that in the SOCKS 4A protocol, the DNS resolution of the target hostname happens on the SOCKS
- server, while in SOCKS 4 it happens locally.
+> The difference between <TT
+CLASS="LITERAL"
+>forward-socks4</TT
+> and <TT
+CLASS="LITERAL"
+>forward-socks4a</TT
+>
+ is that in the SOCKS 4A protocol, the DNS resolution of the target hostname happens on the SOCKS
+ server, while in SOCKS 4 it happens locally.
+ </P
+><P
+> If <TT
+CLASS="REPLACEABLE"
+><I
+>http_parent</I
+></TT
+> is <SPAN
+CLASS="QUOTE"
+>"."</SPAN
+>, then requests are not
+ forwarded to another HTTP proxy but are made (HTTP-wise) directly to the web servers, albeit through
+ a SOCKS proxy.
+ </P
+></DD
+><DT
+>Examples:</DT
+><DD
+><P
+> From the company example.com, direct connections are made to all
+ <SPAN
+CLASS="QUOTE"
+>"internal"</SPAN
+> domains, but everything outbound goes through
+ their ISP's proxy by way of example.com's corporate SOCKS 4A gateway to
+ the Internet.
+ </P
+><P
+> <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+> forward-socks4a / socks-gw.example.com:1080 www-cache.example-isp.net:8080
+ forward .example.com .</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+><P
+> A rule that uses a SOCKS 4 gateway for all destinations but no HTTP parent looks like this:
+ </P
+><P
+> <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+> forward-socks4 / socks-gw.example.com:1080 .</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+><P
+> To chain Privoxy and Tor, both running on the same system, you should use
+ the rule:
</P
><P
-> If <VAR
-CLASS="REPLACEABLE"
->http_parent</VAR
-> is <SPAN
-CLASS="QUOTE"
->"."</SPAN
->, then requests are not
- forwarded to another HTTP proxy but are made (HTTP-wise) directly to the web servers, albeit through
- a SOCKS proxy.
+> <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+> forward-socks4 / 127.0.0.1:9050 .</PRE
+></TD
+></TR
+></TABLE
+>
</P
-></DD
-><DT
->Examples:</DT
-><DD
><P
-> From the company example.com, direct connections are made to all
- <SPAN
-CLASS="QUOTE"
->"internal"</SPAN
-> domains, but everything outbound goes through
- their ISP's proxy by way of example.com's corporate SOCKS 4A gateway to
- the Internet.
+> The public <SPAN
+CLASS="APPLICATION"
+>Tor</SPAN
+> network can't be used to reach your local network,
+ therefore it's a good idea to make some exceptions:
</P
><P
> <TABLE
><TD
><PRE
CLASS="SCREEN"
-> forward-socks4a / socks-gw.example.com:1080 www-cache.example-isp.net:8080
- forward .example.com .</PRE
+> forward 192.168.*.*/ .
+ forward 10.*.*.*/ .
+ forward 127.*.*.*/ .</PRE
></TD
></TR
></TABLE
>
</P
><P
-> A rule that uses a SOCKS 4 gateway for all destinations but no HTTP parent looks like this:
+> Unencrypted connections to systems in these address ranges will
+ be as (un)secure as the local network is, but the alternative is that you
+ can't reach the network at all.
+ </P
+><P
+> If you also want to be able to reach servers in your local network by
+ using their names, you will need additional exceptions that look like
+ this:
</P
><P
> <TABLE
><TD
><PRE
CLASS="SCREEN"
-> forward-socks4 / socks-gw.example.com:1080 .</PRE
+> forward localhost/ .</PRE
></TD
></TR
></TABLE
CLASS="SECT3"
><A
NAME="ADVANCED-FORWARDING-EXAMPLES"
->7.5.3. Advanced Forwarding Examples</A
-></H4
+></A
+>7.5.3. Advanced Forwarding Examples</H4
><P
> If you have links to multiple ISPs that provide various special content
only to their subscribers, you can configure multiple <SPAN
CLASS="APPLICATION"
>squid</SPAN
> locally, then chain as
- <VAR
+ <TT
CLASS="LITERAL"
->browser -> squid -> privoxy</VAR
+>browser -> squid -> privoxy</TT
> is the recommended way. </P
><P
> Assuming that <SPAN
CLASS="APPLICATION"
>squid</SPAN
>'s address and port.
- Squid normally uses port 3128. If unsure consult <VAR
+ Squid normally uses port 3128. If unsure consult <TT
CLASS="LITERAL"
->http_port</VAR
+>http_port</TT
> in <TT
CLASS="FILENAME"
>squid.conf</TT
>.</P
><P
> You could just as well decide to only forward requests for Windows executables through
- a virus-scanning parent proxy, say, on <VAR
+ a virus-scanning parent proxy, say, on <TT
CLASS="LITERAL"
->antivir.example.com</VAR
+>antivir.example.com</TT
>, port 8010:</P
><P
> <TABLE
></TABLE
> </P
></DIV
+><DIV
+CLASS="SECT3"
+><H4
+CLASS="SECT3"
+><A
+NAME="FORWARDED-CONNECT-RETRIES"
+></A
+>7.5.4. forwarded-connect-retries</H4
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>Specifies:</DT
+><DD
+><P
+> How often Privoxy retries if a forwarded connection request fails.
+ </P
+></DD
+><DT
+>Type of value:</DT
+><DD
+><P
+> <TT
+CLASS="REPLACEABLE"
+><I
+>Number of retries.</I
+></TT
+>
+ </P
+></DD
+><DT
+>Default value:</DT
+><DD
+><P
+><SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>0</I
+></SPAN
+></P
+></DD
+><DT
+>Effect if unset:</DT
+><DD
+><P
+> Connections forwarded through other proxies are treated like direct connections and no retry attempts are made.
+ </P
+></DD
+><DT
+>Notes:</DT
+><DD
+><P
+> <TT
+CLASS="REPLACEABLE"
+><I
+>forwarded-connect-retries</I
+></TT
+> is mainly interesting
+ for socks4a connections, where <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> can't detect why the connections failed.
+ The connection might have failed because of a DNS timeout in which case a retry makes sense,
+ but it might also have failed because the server doesn't exist or isn't reachable. In this
+ case the retry will just delay the appearance of Privoxy's error message.
+ </P
+><P
+> Note that in the context of this option, <SPAN
+CLASS="QUOTE"
+>"forwarded connections"</SPAN
+> includes all connections
+ that Privoxy forwards through other proxies. This option is not limited to the HTTP CONNECT method.
+ </P
+><P
+> Only use this option, if you are getting many forwarding related error messages,
+ that go away when you try again manually. Start with a small value and check Privoxy's
+ logfile from time to time, to see how many retries are usually needed.
+ </P
+></DD
+><DT
+>Examples:</DT
+><DD
+><P
+> forwarded-connect-retries 1
+ </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><H4
+CLASS="SECT3"
+><A
+NAME="ACCEPT-INTERCEPTED-REQUESTS"
+></A
+>7.5.5. accept-intercepted-requests</H4
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>Specifies:</DT
+><DD
+><P
+> Whether intercepted requests should be treated as valid.
+ </P
+></DD
+><DT
+>Type of value:</DT
+><DD
+><P
+> <TT
+CLASS="REPLACEABLE"
+><I
+>0 or 1</I
+></TT
+>
+ </P
+></DD
+><DT
+>Default value:</DT
+><DD
+><P
+><SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>0</I
+></SPAN
+></P
+></DD
+><DT
+>Effect if unset:</DT
+><DD
+><P
+> Only proxy requests are accepted, intercepted requests are treated as invalid.
+ </P
+></DD
+><DT
+>Notes:</DT
+><DD
+><P
+> If you don't trust your clients and want to force them
+ to use <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+>, enable this
+ option and configure your packet filter to redirect outgoing
+ HTTP connections into <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+>.
+ </P
+><P
+> Make sure that <SPAN
+CLASS="APPLICATION"
+>Privoxy's</SPAN
+> own requests
+ aren't redirected as well. Additionally take care that
+ <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> can't intentionally connect
+ to itself, otherwise you could run into redirection loops if
+ <SPAN
+CLASS="APPLICATION"
+>Privoxy's</SPAN
+> listening port is reachable
+ by the outside or an attacker has access to the pages you visit.
+ </P
+></DD
+><DT
+>Examples:</DT
+><DD
+><P
+> accept-intercepted-requests 1
+ </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><H4
+CLASS="SECT3"
+><A
+NAME="SPLIT-LARGE-FORMS"
+></A
+>7.5.6. split-large-forms</H4
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>Specifies:</DT
+><DD
+><P
+> Whether the CGI interface should stay compatible with broken HTTP clients.
+ </P
+></DD
+><DT
+>Type of value:</DT
+><DD
+><P
+> <TT
+CLASS="REPLACEABLE"
+><I
+>0 or 1</I
+></TT
+>
+ </P
+></DD
+><DT
+>Default value:</DT
+><DD
+><P
+><SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>0</I
+></SPAN
+></P
+></DD
+><DT
+>Effect if unset:</DT
+><DD
+><P
+> The CGI form generate long GET URLs.
+ </P
+></DD
+><DT
+>Notes:</DT
+><DD
+><P
+> <SPAN
+CLASS="APPLICATION"
+>Privoxy's</SPAN
+> CGI forms can lead to
+ rather long URLs. This isn't a problem as far as the HTTP
+ standard is concerned, but it can confuse clients with arbitrary
+ URL lenght limitations.
+ </P
+><P
+> Enabling split-large-forms causes <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+>
+ to devide big forms into smaller ones to keep the URL length down.
+ It makes editing a lot less convenient and you can no longer
+ submit all changes at once, but at least it works around this
+ browser bug.
+ </P
+><P
+> If you don't notice any editing problems, there is no reason
+ to enable this option, but if one of the submit buttons appears
+ to be broken, you should give it a try.
+ </P
+></DD
+><DT
+>Examples:</DT
+><DD
+><P
+> split-large-forms 1
+ </P
+></DD
+></DL
+></DIV
+></DIV
></DIV
><DIV
CLASS="SECT2"
CLASS="SECT2"
><A
NAME="WINDOWS-GUI"
->7.6. Windows GUI Options</A
-></H2
+></A
+>7.6. Windows GUI Options</H2
><P
> <SPAN
CLASS="APPLICATION"
>"Privoxy"</SPAN
> is active. To turn off, set to 0.</P
><P
-> <VAR
+> <TT
CLASS="LITERAL"
> <P
CLASS="LITERALLAYOUT"
><br>
</P
>
- </VAR
+ </TT
></P
><A
NAME="LOG-MESSAGES"
> will log messages to the console
window:</P
><P
-> <VAR
+> <TT
CLASS="LITERAL"
> <P
CLASS="LITERALLAYOUT"
><br>
</P
>
- </VAR
+ </TT
></P
><A
NAME="LOG-BUFFER-SIZE"
> Warning: Setting this to 0 will result in the buffer to grow infinitely and
eat up all your memory!</P
><P
-> <VAR
+> <TT
CLASS="LITERAL"
> <P
CLASS="LITERALLAYOUT"
><br>
</P
>
- </VAR
+ </TT
></P
><A
NAME="LOG-MAX-LINES"
> is the maximum number of lines held
in the log buffer. See above.</P
><P
-> <VAR
+> <TT
CLASS="LITERAL"
> <P
CLASS="LITERALLAYOUT"
><br>
</P
>
- </VAR
+ </TT
></P
><A
NAME="LOG-HIGHLIGHT-MESSAGES"
> will highlight portions of the log
messages with a bold-faced font:</P
><P
-> <VAR
+> <TT
CLASS="LITERAL"
> <P
CLASS="LITERALLAYOUT"
><br>
</P
>
- </VAR
+ </TT
></P
><A
NAME="LOG-FONT-NAME"
><P
> The font used in the console window:</P
><P
-> <VAR
+> <TT
CLASS="LITERAL"
> <P
CLASS="LITERALLAYOUT"
><br>
</P
>
- </VAR
+ </TT
></P
><A
NAME="LOG-FONT-SIZE"
><P
> Font size used in the console window:</P
><P
-> <VAR
+> <TT
CLASS="LITERAL"
> <P
CLASS="LITERALLAYOUT"
><br>
</P
>
- </VAR
+ </TT
></P
><A
NAME="SHOW-ON-TASK-BAR"
> will appear as a button on the Task bar
when minimized:</P
><P
-> <VAR
+> <TT
CLASS="LITERAL"
> <P
CLASS="LITERALLAYOUT"
><br>
</P
>
- </VAR
+ </TT
></P
><A
NAME="CLOSE-BUTTON-MINIMIZES"
> instead of closing
the program (close with the exit option on the File menu).</P
><P
-> <VAR
+> <TT
CLASS="LITERAL"
> <P
CLASS="LITERALLAYOUT"
><br>
</P
>
- </VAR
+ </TT
></P
><A
NAME="HIDE-CONSOLE"
> will disconnect from and hide the
command console.</P
><P
-> <VAR
+> <TT
CLASS="LITERAL"
> <P
CLASS="LITERALLAYOUT"
><br>
</P
>
- </VAR
+ </TT
></P
></DIV
></DIV
WIDTH="33%"
ALIGN="left"
VALIGN="top"
-><SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> Configuration</TD
+>Privoxy Configuration</TD
><TD
WIDTH="34%"
ALIGN="center"