- never_direct allow all</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
-> You would then need to change your browser's proxy settings to <SPAN
-CLASS="APPLICATION"
->squid</SPAN
->'s address and port.
- Squid normally uses port 3128. If unsure consult <TT
-CLASS="LITERAL"
->http_port</TT
-> in <TT
-CLASS="FILENAME"
->squid.conf</TT
->.</P
-><P
-> You could just as well decide to only forward requests you suspect
- of leading to Windows executables through a virus-scanning parent proxy,
- say, on <TT
-CLASS="LITERAL"
->antivir.example.com</TT
->, port 8010:</P
-><P
-> <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
-> forward / .
- forward /.*\.(exe|com|dll|zip)$ antivir.example.com:8010</PRE
-></TD
-></TR
-></TABLE
-> </P
-></DIV
-><DIV
-CLASS="SECT3"
-><H4
-CLASS="SECT3"
-><A
-NAME="FORWARDED-CONNECT-RETRIES"
->7.5.4. forwarded-connect-retries</A
-></H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->Specifies:</DT
-><DD
-><P
-> How often Privoxy retries if a forwarded connection request fails.
- </P
-></DD
-><DT
->Type of value:</DT
-><DD
-><P
-> <TT
-CLASS="REPLACEABLE"
-><I
->Number of retries.</I
-></TT
->
- </P
-></DD
-><DT
->Default value:</DT
-><DD
-><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->0</I
-></SPAN
-></P
-></DD
-><DT
->Effect if unset:</DT
-><DD
-><P
-> Connections forwarded through other proxies are treated like direct connections and no retry attempts are made.
- </P
-></DD
-><DT
->Notes:</DT
-><DD
-><P
-> <TT
-CLASS="REPLACEABLE"
-><I
->forwarded-connect-retries</I
-></TT
-> is mainly interesting
- for socks4a connections, where <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> can't detect why the connections failed.
- The connection might have failed because of a DNS timeout in which case a retry makes sense,
- but it might also have failed because the server doesn't exist or isn't reachable. In this
- case the retry will just delay the appearance of Privoxy's error message.
- </P
-><P
-> Note that in the context of this option, <SPAN
-CLASS="QUOTE"
->"forwarded connections"</SPAN
-> includes all connections
- that Privoxy forwards through other proxies. This option is not limited to the HTTP CONNECT method.
- </P
-><P
-> Only use this option, if you are getting lots of forwarding-related error messages
- that go away when you try again manually. Start with a small value and check Privoxy's
- logfile from time to time, to see how many retries are usually needed.
- </P
-></DD
-><DT
->Examples:</DT
-><DD
-><P
-> forwarded-connect-retries 1
- </P
-></DD
-></DL
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="SECT2"
-><H2
-CLASS="SECT2"
-><A
-NAME="MISC"
->7.6. Miscellaneous</A
-></H2
-><DIV
-CLASS="SECT3"
-><H4
-CLASS="SECT3"
-><A
-NAME="ACCEPT-INTERCEPTED-REQUESTS"
->7.6.1. accept-intercepted-requests</A
-></H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->Specifies:</DT
-><DD
-><P
-> Whether intercepted requests should be treated as valid.
- </P
-></DD
-><DT
->Type of value:</DT
-><DD
-><P
-> <TT
-CLASS="REPLACEABLE"
-><I
->0 or 1</I
-></TT
->
- </P
-></DD
-><DT
->Default value:</DT
-><DD
-><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->0</I
-></SPAN
-></P
-></DD
-><DT
->Effect if unset:</DT
-><DD
-><P
-> Only proxy requests are accepted, intercepted requests are treated as invalid.
- </P
-></DD
-><DT
->Notes:</DT
-><DD
-><P
-> If you don't trust your clients and want to force them
- to use <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
->, enable this
- option and configure your packet filter to redirect outgoing
- HTTP connections into <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
->.
- </P
-><P
-> Make sure that <SPAN
-CLASS="APPLICATION"
->Privoxy's</SPAN
-> own requests
- aren't redirected as well. Additionally take care that
- <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> can't intentionally connect
- to itself, otherwise you could run into redirection loops if
- <SPAN
-CLASS="APPLICATION"
->Privoxy's</SPAN
-> listening port is reachable
- by the outside or an attacker has access to the pages you visit.
- </P
-></DD
-><DT
->Examples:</DT
-><DD
-><P
-> accept-intercepted-requests 1
- </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><H4
-CLASS="SECT3"
-><A
-NAME="ALLOW-CGI-REQUEST-CRUNCHING"
->7.6.2. allow-cgi-request-crunching</A
-></H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->Specifies:</DT
-><DD
-><P
-> Whether requests to <SPAN
-CLASS="APPLICATION"
->Privoxy's</SPAN
-> CGI pages can be blocked or redirected.
- </P
-></DD
-><DT
->Type of value:</DT
-><DD
-><P
-> <TT
-CLASS="REPLACEABLE"
-><I
->0 or 1</I
-></TT
->
- </P
-></DD
-><DT
->Default value:</DT
-><DD
-><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->0</I
-></SPAN
-></P
-></DD
-><DT
->Effect if unset:</DT
-><DD
-><P
-> <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> ignores block and redirect actions for its CGI pages.
- </P
-></DD
-><DT
->Notes:</DT
-><DD
-><P
-> By default <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> ignores block or redirect actions
- for its CGI pages. Intercepting these requests can be useful in multi-user
- setups to implement fine-grained access control, but it can also render the complete
- web interface useless and make debugging problems painful if done without care.
- </P
-><P
-> Don't enable this option unless you're sure that you really need it.
- </P
-></DD
-><DT
->Examples:</DT
-><DD
-><P
-> allow-cgi-request-crunching 1
- </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><H4
-CLASS="SECT3"
-><A
-NAME="SPLIT-LARGE-FORMS"
->7.6.3. split-large-forms</A
-></H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->Specifies:</DT
-><DD
-><P
-> Whether the CGI interface should stay compatible with broken HTTP clients.
- </P
-></DD
-><DT
->Type of value:</DT
-><DD
-><P
-> <TT
-CLASS="REPLACEABLE"
-><I
->0 or 1</I
-></TT
->
- </P
-></DD
-><DT
->Default value:</DT
-><DD
-><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->0</I
-></SPAN
-></P
-></DD
-><DT
->Effect if unset:</DT
-><DD
-><P
-> The CGI form generate long GET URLs.
- </P
-></DD
-><DT
->Notes:</DT
-><DD
-><P
-> <SPAN
-CLASS="APPLICATION"
->Privoxy's</SPAN
-> CGI forms can lead to
- rather long URLs. This isn't a problem as far as the HTTP
- standard is concerned, but it can confuse clients with arbitrary
- URL length limitations.
- </P
-><P
-> Enabling split-large-forms causes <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
->
- to divide big forms into smaller ones to keep the URL length down.
- It makes editing a lot less convenient and you can no longer
- submit all changes at once, but at least it works around this
- browser bug.
- </P
-><P
-> If you don't notice any editing problems, there is no reason
- to enable this option, but if one of the submit buttons appears
- to be broken, you should give it a try.
- </P
-></DD
-><DT
->Examples:</DT
-><DD
-><P
-> split-large-forms 1
- </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><H4
-CLASS="SECT3"
-><A
-NAME="KEEP-ALIVE-TIMEOUT"
->7.6.4. keep-alive-timeout</A
-></H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->Specifies:</DT
-><DD
-><P
-> Number of seconds after which an open connection will no longer be reused.
- </P
-></DD
-><DT
->Type of value:</DT
-><DD
-><P
-> <TT
-CLASS="REPLACEABLE"
-><I
->Time in seconds.</I
-></TT
->
- </P
-></DD
-><DT
->Default value:</DT
-><DD
-><P
->None</P
-></DD
-><DT
->Effect if unset:</DT
-><DD
-><P
-> Connections are not kept alive.
- </P
-></DD
-><DT
->Notes:</DT
-><DD
-><P
-> This option allows clients to keep the connection to <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
->
- alive. If the server supports it, <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> will keep
- the connection to the server alive as well. Under certain
- circumstances this may result in speed-ups.
- </P
-><P
-> By default, <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> will close the connection to the server if
- the client connection gets closed, or if the specified timeout
- has been reached without a new request coming in. This behaviour
- can be changed with the <A
-HREF="#CONNECTION-SHARING"
-TARGET="_top"
->connection-sharing</A
-> option.
- </P
-><P
-> This option has no effect if <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
->
- has been compiled without keep-alive support.
- </P
-></DD
-><DT
->Examples:</DT
-><DD
-><P
-> keep-alive-timeout 300
- </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><H4
-CLASS="SECT3"
-><A
-NAME="CONNECTION-SHARING"
->7.6.5. connection-sharing</A
-></H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->Specifies:</DT
-><DD
-><P
-> Whether or not outgoing connections that have been kept alive
- should be shared between different incoming connections.
- </P
-></DD
-><DT
->Type of value:</DT
-><DD
-><P
-> <TT
-CLASS="REPLACEABLE"
-><I
->0 or 1</I
-></TT
->
- </P
-></DD
-><DT
->Default value:</DT
-><DD
-><P
->None</P
-></DD
-><DT
->Effect if unset:</DT
-><DD
-><P
-> Connections are not shared.
- </P
-></DD
-><DT
->Notes:</DT
-><DD
-><P
-> This option has no effect if <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
->
- has been compiled without keep-alive support, or if it's disabled.
- </P
-></DD
-><DT
->Notes:</DT
-><DD
-><P
-> Note that reusing connections doesn't necessary cause speedups.
- There are also a few privacy implications you should be aware of.
- </P
-><P
-> If this option is effective, outgoing connections are shared between
- clients (if there are more than one) and closing the client that initiated
- the outgoing connection does no longer affect the connection between <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
->
- and the server unless the client's request hasn't been completed yet.
- </P
-><P
-> If the outgoing connection is idle, it will not be closed until either
- <SPAN
-CLASS="APPLICATION"
->Privoxy's</SPAN
-> or the server's timeout is reached.
- While it's open, the server knows that the system running <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> is still
- there.
- </P
-><P
-> If there are more than one client (maybe even belonging to multiple users),
- they will be able to reuse each others connections. This is potentially
- dangerous in case of authentication schemes like NTLM where only the
- connection is authenticated, instead of requiring authentication for
- each request.
- </P
-><P
-> If there is only a single client, and if said client can keep connections
- alive on its own, enabling this option has next to no effect. If the client
- doesn't support connection keep-alive, enabling this option may make sense
- as it allows <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> to keep outgoing connections alive even if the client
- itself doesn't support it.
- </P
-><P
-> This option should only be used by experienced users who
- understand the risks and can weight them against the benefits.
- </P
-></DD
-><DT
->Examples:</DT
-><DD
-><P
-> connection-sharing 1
- </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><H4
-CLASS="SECT3"
-><A
-NAME="SOCKET-TIMEOUT"
->7.6.6. socket-timeout</A
-></H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->Specifies:</DT
-><DD
-><P
-> Number of seconds after which a socket times out if
- no data is received.
- </P
-></DD
-><DT
->Type of value:</DT
-><DD
-><P
-> <TT
-CLASS="REPLACEABLE"
-><I
->Time in seconds.</I
-></TT
->
- </P
-></DD
-><DT
->Default value:</DT
-><DD
-><P
->None</P
-></DD
-><DT
->Effect if unset:</DT
-><DD
-><P
-> A default value of 300 seconds is used.
- </P
-></DD
-><DT
->Notes:</DT
-><DD
-><P
-> For SOCKS requests the timeout currently doesn't start until
- the SOCKS server accepted the request. This will be fixed in
- the next release.
- </P
-></DD
-><DT
->Examples:</DT
-><DD
-><P
-> socket-timeout 300
- </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><H4
-CLASS="SECT3"
-><A
-NAME="MAX-CLIENT-CONNECTIONS"
->7.6.7. max-client-connections</A
-></H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->Specifies:</DT
-><DD
-><P
-> Maximum number of client connections that will be served.
- </P
-></DD
-><DT
->Type of value:</DT
-><DD
-><P
-> <TT
-CLASS="REPLACEABLE"
-><I
->Positive number.</I
-></TT
->
- </P
-></DD
-><DT
->Default value:</DT
-><DD
-><P
->None</P
-></DD
-><DT
->Effect if unset:</DT
-><DD
-><P
-> Connections are served until a resource limit is reached.
- </P
-></DD
-><DT
->Notes:</DT
-><DD
-><P
-> <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> creates one thread (or process) for every incoming client
- connection that isn't rejected based on the access control settings.
- </P
-><P
-> If the system is powerful enough, <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> can theoretically deal with
- several hundred (or thousand) connections at the same time, but some
- operating systems enforce resource limits by shutting down offending
- processes and their default limits may be below the ones <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> would
- require under heavy load.
- </P
-><P
-> Configuring <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> to enforce a connection limit below the thread
- or process limit used by the operating system makes sure this doesn't
- happen. Simply increasing the operating system's limit would work too,
- but if <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> isn't the only application running on the system,
- you may actually want to limit the resources used by <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
->.
- </P
-><P
-> If <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> is only used by a single trusted user, limiting the
- number of client connections is probably unnecessary. If there
- are multiple possibly untrusted users you probably still want to
- additionally use a packet filter to limit the maximal number of
- incoming connections per client. Otherwise a malicious user could
- intentionally create a high number of connections to prevent other
- users from using <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
->.
- </P
-><P
-> Obviously using this option only makes sense if you choose a limit
- below the one enforced by the operating system.
- </P
-></DD
-><DT
->Examples:</DT
-><DD
-><P
-> max-client-connections 256
- </P
-></DD
-></DL
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="SECT2"
-><H2
-CLASS="SECT2"
-><A
-NAME="WINDOWS-GUI"
->7.7. Windows GUI Options</A
-></H2
-><P
-> <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> has a number of options specific to the
- Windows GUI interface:</P
-><A
-NAME="ACTIVITY-ANIMATION"
-></A
-><P
-> If <SPAN
-CLASS="QUOTE"
->"activity-animation"</SPAN
-> is set to 1, the
- <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> icon will animate when
- <SPAN
-CLASS="QUOTE"
->"Privoxy"</SPAN
-> is active. To turn off, set to 0.</P
-><P
-> <TT
-CLASS="LITERAL"
-> <P
-CLASS="LITERALLAYOUT"
-> <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->activity-animation 1</I
-></SPAN
-><br>
- </P
->
- </TT
-></P
-><A
-NAME="LOG-MESSAGES"
-></A
-><P
-> If <SPAN
-CLASS="QUOTE"
->"log-messages"</SPAN
-> is set to 1,
- <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> will log messages to the console
- window:</P
-><P
-> <TT
-CLASS="LITERAL"
-> <P
-CLASS="LITERALLAYOUT"
-> <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->log-messages 1</I
-></SPAN
-><br>
- </P
->
- </TT
-></P
-><A
-NAME="LOG-BUFFER-SIZE"
-></A
-><P
->
- If <SPAN
-CLASS="QUOTE"
->"log-buffer-size"</SPAN
-> is set to 1, the size of the log buffer,
- i.e. the amount of memory used for the log messages displayed in the
- console window, will be limited to <SPAN
-CLASS="QUOTE"
->"log-max-lines"</SPAN
-> (see below).</P
-><P
-> Warning: Setting this to 0 will result in the buffer to grow infinitely and
- eat up all your memory!</P
-><P
-> <TT
-CLASS="LITERAL"
-> <P
-CLASS="LITERALLAYOUT"
-> <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->log-buffer-size 1</I
-></SPAN
-><br>
- </P
->
- </TT
-></P
-><A
-NAME="LOG-MAX-LINES"
-></A
-><P
-> <SPAN
-CLASS="APPLICATION"
->log-max-lines</SPAN
-> is the maximum number of lines held
- in the log buffer. See above.</P
-><P
-> <TT
-CLASS="LITERAL"
-> <P
-CLASS="LITERALLAYOUT"
-> <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->log-max-lines 200</I
-></SPAN
-><br>
- </P
->
- </TT
-></P
-><A
-NAME="LOG-HIGHLIGHT-MESSAGES"
-></A
-><P
-> If <SPAN
-CLASS="QUOTE"
->"log-highlight-messages"</SPAN
-> is set to 1,
- <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> will highlight portions of the log
- messages with a bold-faced font:</P
-><P
-> <TT
-CLASS="LITERAL"
-> <P
-CLASS="LITERALLAYOUT"
-> <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->log-highlight-messages 1</I
-></SPAN
-><br>
- </P
->
- </TT
-></P
-><A
-NAME="LOG-FONT-NAME"
-></A
-><P
-> The font used in the console window:</P
-><P
-> <TT
-CLASS="LITERAL"
-> <P
-CLASS="LITERALLAYOUT"
-> <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->log-font-name Comic Sans MS</I
-></SPAN
-><br>
- </P
->
- </TT
-></P
-><A
-NAME="LOG-FONT-SIZE"
-></A
-><P
-> Font size used in the console window:</P
-><P
-> <TT
-CLASS="LITERAL"
-> <P
-CLASS="LITERALLAYOUT"
-> <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->log-font-size 8</I
-></SPAN
-><br>
- </P
->
- </TT
-></P
-><A
-NAME="SHOW-ON-TASK-BAR"
-></A
-><P
->
- <SPAN
-CLASS="QUOTE"
->"show-on-task-bar"</SPAN
-> controls whether or not
- <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> will appear as a button on the Task bar
- when minimized:</P
-><P
-> <TT
-CLASS="LITERAL"
-> <P
-CLASS="LITERALLAYOUT"
-> <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->show-on-task-bar 0</I
-></SPAN
-><br>
- </P
->
- </TT
-></P
-><A
-NAME="CLOSE-BUTTON-MINIMIZES"
-></A
-><P
-> If <SPAN
-CLASS="QUOTE"
->"close-button-minimizes"</SPAN
-> is set to 1, the Windows close
- button will minimize <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> instead of closing
- the program (close with the exit option on the File menu).</P
-><P
-> <TT
-CLASS="LITERAL"
-> <P
-CLASS="LITERALLAYOUT"
-> <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->close-button-minimizes 1</I
-></SPAN
-><br>
- </P
->
- </TT
-></P
-><A
-NAME="HIDE-CONSOLE"
-></A
-><P
-> The <SPAN
-CLASS="QUOTE"
->"hide-console"</SPAN
-> option is specific to the MS-Win console
- version of <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
->. If this option is used,
- <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> will disconnect from and hide the
- command console.</P
-><P
-> <TT
-CLASS="LITERAL"
-> <P
-CLASS="LITERALLAYOUT"
-> #<SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->hide-console</I
-></SPAN
-><br>
- </P
->
- </TT
-></P
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-><A
-HREF="configuration.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="index.html"
-ACCESSKEY="H"
->Home</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-><A
-HREF="actions-file.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
->Privoxy Configuration</TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-> </TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
->Actions Files</TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
+ never_direct allow all</pre>
+ </td>
+ </tr>
+ </table>
+ <p>You would then need to change your browser's proxy settings to
+ <span class="APPLICATION">squid</span>'s address and port. Squid
+ normally uses port 3128. If unsure consult <tt class=
+ "LITERAL">http_port</tt> in <tt class="FILENAME">squid.conf</tt>.</p>
+ <p>You could just as well decide to only forward requests you suspect
+ of leading to Windows executables through a virus-scanning parent
+ proxy, say, on <tt class="LITERAL">antivir.example.com</tt>, port
+ 8010:</p>
+ <table border="0" bgcolor="#E0E0E0" width="100%">
+ <tr>
+ <td>
+ <pre class="SCREEN"> forward / .
+ forward /.*\.(exe|com|dll|zip)$ antivir.example.com:8010</pre>
+ </td>
+ </tr>
+ </table>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="FORWARDED-CONNECT-RETRIES" id=
+ "FORWARDED-CONNECT-RETRIES">7.5.4. forwarded-connect-retries</a></h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Specifies:</dt>
+ <dd>
+ <p>How often Privoxy retries if a forwarded connection request
+ fails.</p>
+ </dd>
+ <dt>Type of value:</dt>
+ <dd>
+ <p><tt class="REPLACEABLE"><i>Number of retries.</i></tt></p>
+ </dd>
+ <dt>Default value:</dt>
+ <dd>
+ <p><span class="emphasis"><i class="EMPHASIS">0</i></span></p>
+ </dd>
+ <dt>Effect if unset:</dt>
+ <dd>
+ <p>Connections forwarded through other proxies are treated like
+ direct connections and no retry attempts are made.</p>
+ </dd>
+ <dt>Notes:</dt>
+ <dd>
+ <p><tt class=
+ "REPLACEABLE"><i>forwarded-connect-retries</i></tt> is mainly
+ interesting for socks4a connections, where <span class=
+ "APPLICATION">Privoxy</span> can't detect why the connections
+ failed. The connection might have failed because of a DNS
+ timeout in which case a retry makes sense, but it might also
+ have failed because the server doesn't exist or isn't
+ reachable. In this case the retry will just delay the
+ appearance of Privoxy's error message.</p>
+ <p>Note that in the context of this option, <span class=
+ "QUOTE">"forwarded connections"</span> includes all connections
+ that Privoxy forwards through other proxies. This option is not
+ limited to the HTTP CONNECT method.</p>
+ <p>Only use this option, if you are getting lots of
+ forwarding-related error messages that go away when you try
+ again manually. Start with a small value and check Privoxy's
+ logfile from time to time, to see how many retries are usually
+ needed.</p>
+ </dd>
+ <dt>Examples:</dt>
+ <dd>
+ <p>forwarded-connect-retries 1</p>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ </div>
+ <div class="SECT2">
+ <h2 class="SECT2"><a name="MISC" id="MISC">7.6. Miscellaneous</a></h2>
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="ACCEPT-INTERCEPTED-REQUESTS" id=
+ "ACCEPT-INTERCEPTED-REQUESTS">7.6.1.
+ accept-intercepted-requests</a></h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Specifies:</dt>
+ <dd>
+ <p>Whether intercepted requests should be treated as valid.</p>
+ </dd>
+ <dt>Type of value:</dt>
+ <dd>
+ <p><tt class="REPLACEABLE"><i>0 or 1</i></tt></p>
+ </dd>
+ <dt>Default value:</dt>
+ <dd>
+ <p><span class="emphasis"><i class="EMPHASIS">0</i></span></p>
+ </dd>
+ <dt>Effect if unset:</dt>
+ <dd>
+ <p>Only proxy requests are accepted, intercepted requests are
+ treated as invalid.</p>
+ </dd>
+ <dt>Notes:</dt>
+ <dd>
+ <p>If you don't trust your clients and want to force them to
+ use <span class="APPLICATION">Privoxy</span>, enable this
+ option and configure your packet filter to redirect outgoing
+ HTTP connections into <span class=
+ "APPLICATION">Privoxy</span>.</p>
+ <p>Note that intercepting encrypted connections (HTTPS) isn't
+ supported.</p>
+ <p>Make sure that <span class="APPLICATION">Privoxy's</span>
+ own requests aren't redirected as well. Additionally take care
+ that <span class="APPLICATION">Privoxy</span> can't
+ intentionally connect to itself, otherwise you could run into
+ redirection loops if <span class="APPLICATION">Privoxy's</span>
+ listening port is reachable by the outside or an attacker has
+ access to the pages you visit.</p>
+ <p>If you are running Privoxy as intercepting proxy without
+ being able to intercept all client requests you may want to
+ adjust the CGI templates to make sure they don't reference
+ content from config.privoxy.org.</p>
+ </dd>
+ <dt>Examples:</dt>
+ <dd>
+ <p>accept-intercepted-requests 1</p>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="ALLOW-CGI-REQUEST-CRUNCHING" id=
+ "ALLOW-CGI-REQUEST-CRUNCHING">7.6.2.
+ allow-cgi-request-crunching</a></h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Specifies:</dt>
+ <dd>
+ <p>Whether requests to <span class=
+ "APPLICATION">Privoxy's</span> CGI pages can be blocked or
+ redirected.</p>
+ </dd>
+ <dt>Type of value:</dt>
+ <dd>
+ <p><tt class="REPLACEABLE"><i>0 or 1</i></tt></p>
+ </dd>
+ <dt>Default value:</dt>
+ <dd>
+ <p><span class="emphasis"><i class="EMPHASIS">0</i></span></p>
+ </dd>
+ <dt>Effect if unset:</dt>
+ <dd>
+ <p><span class="APPLICATION">Privoxy</span> ignores block and
+ redirect actions for its CGI pages.</p>
+ </dd>
+ <dt>Notes:</dt>
+ <dd>
+ <p>By default <span class="APPLICATION">Privoxy</span> ignores
+ block or redirect actions for its CGI pages. Intercepting these
+ requests can be useful in multi-user setups to implement
+ fine-grained access control, but it can also render the
+ complete web interface useless and make debugging problems
+ painful if done without care.</p>
+ <p>Don't enable this option unless you're sure that you really
+ need it.</p>
+ </dd>
+ <dt>Examples:</dt>
+ <dd>
+ <p>allow-cgi-request-crunching 1</p>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="SPLIT-LARGE-FORMS" id=
+ "SPLIT-LARGE-FORMS">7.6.3. split-large-forms</a></h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Specifies:</dt>
+ <dd>
+ <p>Whether the CGI interface should stay compatible with broken
+ HTTP clients.</p>
+ </dd>
+ <dt>Type of value:</dt>
+ <dd>
+ <p><tt class="REPLACEABLE"><i>0 or 1</i></tt></p>
+ </dd>
+ <dt>Default value:</dt>
+ <dd>
+ <p><span class="emphasis"><i class="EMPHASIS">0</i></span></p>
+ </dd>
+ <dt>Effect if unset:</dt>
+ <dd>
+ <p>The CGI form generate long GET URLs.</p>
+ </dd>
+ <dt>Notes:</dt>
+ <dd>
+ <p><span class="APPLICATION">Privoxy's</span> CGI forms can
+ lead to rather long URLs. This isn't a problem as far as the
+ HTTP standard is concerned, but it can confuse clients with
+ arbitrary URL length limitations.</p>
+ <p>Enabling split-large-forms causes <span class=
+ "APPLICATION">Privoxy</span> to divide big forms into smaller
+ ones to keep the URL length down. It makes editing a lot less
+ convenient and you can no longer submit all changes at once,
+ but at least it works around this browser bug.</p>
+ <p>If you don't notice any editing problems, there is no reason
+ to enable this option, but if one of the submit buttons appears
+ to be broken, you should give it a try.</p>
+ </dd>
+ <dt>Examples:</dt>
+ <dd>
+ <p>split-large-forms 1</p>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="KEEP-ALIVE-TIMEOUT" id=
+ "KEEP-ALIVE-TIMEOUT">7.6.4. keep-alive-timeout</a></h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Specifies:</dt>
+ <dd>
+ <p>Number of seconds after which an open connection will no
+ longer be reused.</p>
+ </dd>
+ <dt>Type of value:</dt>
+ <dd>
+ <p><tt class="REPLACEABLE"><i>Time in seconds.</i></tt></p>
+ </dd>
+ <dt>Default value:</dt>
+ <dd>
+ <p>None</p>
+ </dd>
+ <dt>Effect if unset:</dt>
+ <dd>
+ <p>Connections are not kept alive.</p>
+ </dd>
+ <dt>Notes:</dt>
+ <dd>
+ <p>This option allows clients to keep the connection to
+ <span class="APPLICATION">Privoxy</span> alive. If the server
+ supports it, <span class="APPLICATION">Privoxy</span> will keep
+ the connection to the server alive as well. Under certain
+ circumstances this may result in speed-ups.</p>
+ <p>By default, <span class="APPLICATION">Privoxy</span> will
+ close the connection to the server if the client connection
+ gets closed, or if the specified timeout has been reached
+ without a new request coming in. This behaviour can be changed
+ with the <a href="#CONNECTION-SHARING" target=
+ "_top">connection-sharing</a> option.</p>
+ <p>This option has no effect if <span class=
+ "APPLICATION">Privoxy</span> has been compiled without
+ keep-alive support.</p>
+ <p>Note that a timeout of five seconds as used in the default
+ configuration file significantly decreases the number of
+ connections that will be reused. The value is used because some
+ browsers limit the number of connections they open to a single
+ host and apply the same limit to proxies. This can result in a
+ single website <span class="QUOTE">"grabbing"</span> all the
+ connections the browser allows, which means connections to
+ other websites can't be opened until the connections currently
+ in use time out.</p>
+ <p>Several users have reported this as a Privoxy bug, so the
+ default value has been reduced. Consider increasing it to 300
+ seconds or even more if you think your browser can handle it.
+ If your browser appears to be hanging, it probably can't.</p>
+ </dd>
+ <dt>Examples:</dt>
+ <dd>
+ <p>keep-alive-timeout 300</p>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="TOLERATE-PIPELINING" id=
+ "TOLERATE-PIPELINING">7.6.5. tolerate-pipelining</a></h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Specifies:</dt>
+ <dd>
+ <p>Whether or not pipelined requests should be served.</p>
+ </dd>
+ <dt>Type of value:</dt>
+ <dd>
+ <p><tt class="REPLACEABLE"><i>0 or 1.</i></tt></p>
+ </dd>
+ <dt>Default value:</dt>
+ <dd>
+ <p>None</p>
+ </dd>
+ <dt>Effect if unset:</dt>
+ <dd>
+ <p>If Privoxy receives more than one request at once, it
+ terminates the client connection after serving the first
+ one.</p>
+ </dd>
+ <dt>Notes:</dt>
+ <dd>
+ <p><span class="APPLICATION">Privoxy</span> currently doesn't
+ pipeline outgoing requests, thus allowing pipelining on the
+ client connection is not guaranteed to improve the
+ performance.</p>
+ <p>By default <span class="APPLICATION">Privoxy</span> tries to
+ discourage clients from pipelining by discarding aggressively
+ pipelined requests, which forces the client to resend them
+ through a new connection.</p>
+ <p>This option lets <span class="APPLICATION">Privoxy</span>
+ tolerate pipelining. Whether or not that improves performance
+ mainly depends on the client configuration.</p>
+ <p>If you are seeing problems with pages not properly loading,
+ disabling this option could work around the problem.</p>
+ </dd>
+ <dt>Examples:</dt>
+ <dd>
+ <p>tolerate-pipelining 1</p>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="DEFAULT-SERVER-TIMEOUT" id=
+ "DEFAULT-SERVER-TIMEOUT">7.6.6. default-server-timeout</a></h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Specifies:</dt>
+ <dd>
+ <p>Assumed server-side keep-alive timeout if not specified by
+ the server.</p>
+ </dd>
+ <dt>Type of value:</dt>
+ <dd>
+ <p><tt class="REPLACEABLE"><i>Time in seconds.</i></tt></p>
+ </dd>
+ <dt>Default value:</dt>
+ <dd>
+ <p>None</p>
+ </dd>
+ <dt>Effect if unset:</dt>
+ <dd>
+ <p>Connections for which the server didn't specify the
+ keep-alive timeout are not reused.</p>
+ </dd>
+ <dt>Notes:</dt>
+ <dd>
+ <p>Enabling this option significantly increases the number of
+ connections that are reused, provided the <a href=
+ "#KEEP-ALIVE-TIMEOUT" target="_top">keep-alive-timeout</a>
+ option is also enabled.</p>
+ <p>While it also increases the number of connections problems
+ when <span class="APPLICATION">Privoxy</span> tries to reuse a
+ connection that already has been closed on the server side, or
+ is closed while <span class="APPLICATION">Privoxy</span> is
+ trying to reuse it, this should only be a problem if it happens
+ for the first request sent by the client. If it happens for
+ requests on reused client connections, <span class=
+ "APPLICATION">Privoxy</span> will simply close the connection
+ and the client is supposed to retry the request without
+ bothering the user.</p>
+ <p>Enabling this option is therefore only recommended if the
+ <a href="#CONNECTION-SHARING" target=
+ "_top">connection-sharing</a> option is disabled.</p>
+ <p>It is an error to specify a value larger than the <a href=
+ "#KEEP-ALIVE-TIMEOUT" target="_top">keep-alive-timeout</a>
+ value.</p>
+ <p>This option has no effect if <span class=
+ "APPLICATION">Privoxy</span> has been compiled without
+ keep-alive support.</p>
+ </dd>
+ <dt>Examples:</dt>
+ <dd>
+ <p>default-server-timeout 60</p>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="CONNECTION-SHARING" id=
+ "CONNECTION-SHARING">7.6.7. connection-sharing</a></h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Specifies:</dt>
+ <dd>
+ <p>Whether or not outgoing connections that have been kept
+ alive should be shared between different incoming
+ connections.</p>
+ </dd>
+ <dt>Type of value:</dt>
+ <dd>
+ <p><tt class="REPLACEABLE"><i>0 or 1</i></tt></p>
+ </dd>
+ <dt>Default value:</dt>
+ <dd>
+ <p>None</p>
+ </dd>
+ <dt>Effect if unset:</dt>
+ <dd>
+ <p>Connections are not shared.</p>
+ </dd>
+ <dt>Notes:</dt>
+ <dd>
+ <p>This option has no effect if <span class=
+ "APPLICATION">Privoxy</span> has been compiled without
+ keep-alive support, or if it's disabled.</p>
+ </dd>
+ <dt>Notes:</dt>
+ <dd>
+ <p>Note that reusing connections doesn't necessary cause
+ speedups. There are also a few privacy implications you should
+ be aware of.</p>
+ <p>If this option is effective, outgoing connections are shared
+ between clients (if there are more than one) and closing the
+ browser that initiated the outgoing connection does no longer
+ affect the connection between <span class=
+ "APPLICATION">Privoxy</span> and the server unless the client's
+ request hasn't been completed yet.</p>
+ <p>If the outgoing connection is idle, it will not be closed
+ until either <span class="APPLICATION">Privoxy's</span> or the
+ server's timeout is reached. While it's open, the server knows
+ that the system running <span class=
+ "APPLICATION">Privoxy</span> is still there.</p>
+ <p>If there are more than one client (maybe even belonging to
+ multiple users), they will be able to reuse each others
+ connections. This is potentially dangerous in case of
+ authentication schemes like NTLM where only the connection is
+ authenticated, instead of requiring authentication for each
+ request.</p>
+ <p>If there is only a single client, and if said client can
+ keep connections alive on its own, enabling this option has
+ next to no effect. If the client doesn't support connection
+ keep-alive, enabling this option may make sense as it allows
+ <span class="APPLICATION">Privoxy</span> to keep outgoing
+ connections alive even if the client itself doesn't support
+ it.</p>
+ <p>You should also be aware that enabling this option increases
+ the likelihood of getting the "No server or forwarder data"
+ error message, especially if you are using a slow connection to
+ the Internet.</p>
+ <p>This option should only be used by experienced users who
+ understand the risks and can weight them against the
+ benefits.</p>
+ </dd>
+ <dt>Examples:</dt>
+ <dd>
+ <p>connection-sharing 1</p>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="SOCKET-TIMEOUT" id="SOCKET-TIMEOUT">7.6.8.
+ socket-timeout</a></h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Specifies:</dt>
+ <dd>
+ <p>Number of seconds after which a socket times out if no data
+ is received.</p>
+ </dd>
+ <dt>Type of value:</dt>
+ <dd>
+ <p><tt class="REPLACEABLE"><i>Time in seconds.</i></tt></p>
+ </dd>
+ <dt>Default value:</dt>
+ <dd>
+ <p>None</p>
+ </dd>
+ <dt>Effect if unset:</dt>
+ <dd>
+ <p>A default value of 300 seconds is used.</p>
+ </dd>
+ <dt>Notes:</dt>
+ <dd>
+ <p>The default is quite high and you probably want to reduce
+ it. If you aren't using an occasionally slow proxy like Tor,
+ reducing it to a few seconds should be fine.</p>
+ </dd>
+ <dt>Examples:</dt>
+ <dd>
+ <p>socket-timeout 300</p>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="MAX-CLIENT-CONNECTIONS" id=
+ "MAX-CLIENT-CONNECTIONS">7.6.9. max-client-connections</a></h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Specifies:</dt>
+ <dd>
+ <p>Maximum number of client connections that will be
+ served.</p>
+ </dd>
+ <dt>Type of value:</dt>
+ <dd>
+ <p><tt class="REPLACEABLE"><i>Positive number.</i></tt></p>
+ </dd>
+ <dt>Default value:</dt>
+ <dd>
+ <p>128</p>
+ </dd>
+ <dt>Effect if unset:</dt>
+ <dd>
+ <p>Connections are served until a resource limit is
+ reached.</p>
+ </dd>
+ <dt>Notes:</dt>
+ <dd>
+ <p><span class="APPLICATION">Privoxy</span> creates one thread
+ (or process) for every incoming client connection that isn't
+ rejected based on the access control settings.</p>
+ <p>If the system is powerful enough, <span class=
+ "APPLICATION">Privoxy</span> can theoretically deal with
+ several hundred (or thousand) connections at the same time, but
+ some operating systems enforce resource limits by shutting down
+ offending processes and their default limits may be below the
+ ones <span class="APPLICATION">Privoxy</span> would require
+ under heavy load.</p>
+ <p>Configuring <span class="APPLICATION">Privoxy</span> to
+ enforce a connection limit below the thread or process limit
+ used by the operating system makes sure this doesn't happen.
+ Simply increasing the operating system's limit would work too,
+ but if <span class="APPLICATION">Privoxy</span> isn't the only
+ application running on the system, you may actually want to
+ limit the resources used by <span class=
+ "APPLICATION">Privoxy</span>.</p>
+ <p>If <span class="APPLICATION">Privoxy</span> is only used by
+ a single trusted user, limiting the number of client
+ connections is probably unnecessary. If there are multiple
+ possibly untrusted users you probably still want to
+ additionally use a packet filter to limit the maximal number of
+ incoming connections per client. Otherwise a malicious user
+ could intentionally create a high number of connections to
+ prevent other users from using <span class=
+ "APPLICATION">Privoxy</span>.</p>
+ <p>Obviously using this option only makes sense if you choose a
+ limit below the one enforced by the operating system.</p>
+ <p>One most POSIX-compliant systems <span class=
+ "APPLICATION">Privoxy</span> can't properly deal with more than
+ FD_SETSIZE file descriptors at the same time and has to reject
+ connections if the limit is reached. This will likely change in
+ a future version, but currently this limit can't be increased
+ without recompiling <span class="APPLICATION">Privoxy</span>
+ with a different FD_SETSIZE limit.</p>
+ </dd>
+ <dt>Examples:</dt>
+ <dd>
+ <p>max-client-connections 256</p>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="LISTEN-BACKLOG" id=
+ "LISTEN-BACKLOG">7.6.10. listen-backlog</a></h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Specifies:</dt>
+ <dd>
+ <p>Connection queue length requested from the operating
+ system.</p>
+ </dd>
+ <dt>Type of value:</dt>
+ <dd>
+ <p><tt class="REPLACEABLE"><i>Number.</i></tt></p>
+ </dd>
+ <dt>Default value:</dt>
+ <dd>
+ <p>128</p>
+ </dd>
+ <dt>Effect if unset:</dt>
+ <dd>
+ <p>A connection queue length of 128 is requested from the
+ operating system.</p>
+ </dd>
+ <dt>Notes:</dt>
+ <dd>
+ <p>Under high load incoming connection may queue up before
+ Privoxy gets around to serve them. The queue length is limitted
+ by the operating system. Once the queue is full, additional
+ connections are dropped before Privoxy can accept and serve
+ them.</p>
+ <p>Increasing the queue length allows Privoxy to accept more
+ incomming connections that arrive roughly at the same time.</p>
+ <p>Note that Privoxy can only request a certain queue length,
+ whether or not the requested length is actually used depends on
+ the operating system which may use a different length
+ instead.</p>
+ <p>On many operating systems a limit of -1 can be specified to
+ instruct the operating system to use the maximum queue length
+ allowed. Check the listen man page to see if your platform
+ allows this.</p>
+ <p>On some platforms you can use "netstat -Lan -p tcp" to see
+ the effective queue length.</p>
+ <p>Effectively using a value above 128 usually requires
+ changing the system configuration as well. On FreeBSD-based
+ system the limit is controlled by the kern.ipc.soacceptqueue
+ sysctl.</p>
+ </dd>
+ <dt>Examples:</dt>
+ <dd>
+ <p>listen-backlog 4096</p>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="HANDLE-AS-EMPTY-DOC-RETURNS-OK" id=
+ "HANDLE-AS-EMPTY-DOC-RETURNS-OK">7.6.11.
+ handle-as-empty-doc-returns-ok</a></h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Specifies:</dt>
+ <dd>
+ <p>The status code Privoxy returns for pages blocked with
+ <tt class="LITERAL"><a href=
+ "actions-file.html#HANDLE-AS-EMPTY-DOCUMENT" target=
+ "_top">+handle-as-empty-document</a></tt>.</p>
+ </dd>
+ <dt>Type of value:</dt>
+ <dd>
+ <p><tt class="REPLACEABLE"><i>0 or 1</i></tt></p>
+ </dd>
+ <dt>Default value:</dt>
+ <dd>
+ <p>0</p>
+ </dd>
+ <dt>Effect if unset:</dt>
+ <dd>
+ <p>Privoxy returns a status 403(forbidden) for all blocked
+ pages.</p>
+ </dd>
+ <dt>Effect if set:</dt>
+ <dd>
+ <p>Privoxy returns a status 200(OK) for pages blocked with
+ +handle-as-empty-document and a status 403(Forbidden) for all
+ other blocked pages.</p>
+ </dd>
+ <dt>Notes:</dt>
+ <dd>
+ <p>This directive was added as a work-around for Firefox bug
+ 492459: <span class="QUOTE">"Websites are no longer rendered if
+ SSL requests for JavaScripts are blocked by a proxy."</span>
+ (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=492459"
+ target=
+ "_top">https://bugzilla.mozilla.org/show_bug.cgi?id=492459</a>),
+ the bug has been fixed for quite some time, but this directive
+ is also useful to make it harder for websites to detect whether
+ or not resources are being blocked.</p>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="ENABLE-COMPRESSION" id=
+ "ENABLE-COMPRESSION">7.6.12. enable-compression</a></h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Specifies:</dt>
+ <dd>
+ <p>Whether or not buffered content is compressed before
+ delivery.</p>
+ </dd>
+ <dt>Type of value:</dt>
+ <dd>
+ <p><tt class="REPLACEABLE"><i>0 or 1</i></tt></p>
+ </dd>
+ <dt>Default value:</dt>
+ <dd>
+ <p>0</p>
+ </dd>
+ <dt>Effect if unset:</dt>
+ <dd>
+ <p>Privoxy does not compress buffered content.</p>
+ </dd>
+ <dt>Effect if set:</dt>
+ <dd>
+ <p>Privoxy compresses buffered content before delivering it to
+ the client, provided the client supports it.</p>
+ </dd>
+ <dt>Notes:</dt>
+ <dd>
+ <p>This directive is only supported if Privoxy has been
+ compiled with FEATURE_COMPRESSION, which should not to be
+ confused with FEATURE_ZLIB.</p>
+ <p>Compressing buffered content is mainly useful if Privoxy and
+ the client are running on different systems. If they are
+ running on the same system, enabling compression is likely to
+ slow things down. If you didn't measure otherwise, you should
+ assume that it does and keep this option disabled.</p>
+ <p>Privoxy will not compress buffered content below a certain
+ length.</p>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="COMPRESSION-LEVEL" id=
+ "COMPRESSION-LEVEL">7.6.13. compression-level</a></h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Specifies:</dt>
+ <dd>
+ <p>The compression level that is passed to the zlib library
+ when compressing buffered content.</p>
+ </dd>
+ <dt>Type of value:</dt>
+ <dd>
+ <p><tt class="REPLACEABLE"><i>Positive number ranging from 0 to
+ 9.</i></tt></p>
+ </dd>
+ <dt>Default value:</dt>
+ <dd>
+ <p>1</p>
+ </dd>
+ <dt>Notes:</dt>
+ <dd>
+ <p>Compressing the data more takes usually longer than
+ compressing it less or not compressing it at all. Which level
+ is best depends on the connection between Privoxy and the
+ client. If you can't be bothered to benchmark it for yourself,
+ you should stick with the default and keep compression
+ disabled.</p>
+ <p>If compression is disabled, the compression level is
+ irrelevant.</p>
+ </dd>
+ <dt>Examples:</dt>
+ <dd>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
+ # Best speed (compared to the other levels)
+ compression-level 1
+ # Best compression
+ compression-level 9
+ # No compression. Only useful for testing as the added header
+ # slightly increases the amount of data that has to be sent.
+ # If your benchmark shows that using this compression level
+ # is superior to using no compression at all, the benchmark
+ # is likely to be flawed.
+ compression-level 0
+ </pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="CLIENT-HEADER-ORDER" id=
+ "CLIENT-HEADER-ORDER">7.6.14. client-header-order</a></h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Specifies:</dt>
+ <dd>
+ <p>The order in which client headers are sorted before
+ forwarding them.</p>
+ </dd>
+ <dt>Type of value:</dt>
+ <dd>
+ <p><tt class="REPLACEABLE"><i>Client header names delimited by
+ spaces or tabs</i></tt></p>
+ </dd>
+ <dt>Default value:</dt>
+ <dd>
+ <p>None</p>
+ </dd>
+ <dt>Notes:</dt>
+ <dd>
+ <p>By default <span class="APPLICATION">Privoxy</span> leaves
+ the client headers in the order they were sent by the client.
+ Headers are modified in-place, new headers are added at the end
+ of the already existing headers.</p>
+ <p>The header order can be used to fingerprint client requests
+ independently of other headers like the User-Agent.</p>
+ <p>This directive allows to sort the headers differently to
+ better mimic a different User-Agent. Client headers will be
+ emitted in the order given, headers whose name isn't explicitly
+ specified are added at the end.</p>
+ <p>Note that sorting headers in an uncommon way will make
+ fingerprinting actually easier. Encrypted headers are not
+ affected by this directive.</p>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="CLIENT-SPECIFIC-TAG" id=
+ "CLIENT-SPECIFIC-TAG">7.6.15. client-specific-tag</a></h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Specifies:</dt>
+ <dd>
+ <p>The name of a tag that will always be set for clients that
+ requested it through the webinterface.</p>
+ </dd>
+ <dt>Type of value:</dt>
+ <dd>
+ <p><tt class="REPLACEABLE"><i>Tag name followed by a
+ description that will be shown in the webinterface</i></tt></p>
+ </dd>
+ <dt>Default value:</dt>
+ <dd>
+ <p>None</p>
+ </dd>
+ <dt>Notes:</dt>
+ <dd>
+ <div class="WARNING">
+ <table class="WARNING" border="1" width="90%">
+ <tr>
+ <td align="center"><b>Warning</b></td>
+ </tr>
+ <tr>
+ <td align="left">
+ <p>This is an experimental feature. The syntax is
+ likely to change in future versions.</p>
+ </td>
+ </tr>
+ </table>
+ </div>
+ <p>Client-specific tags allow Privoxy admins to create
+ different profiles and let the users chose which one they want
+ without impacting other users.</p>
+ <p>One use case is allowing users to circumvent certain blocks
+ without having to allow them to circumvent all blocks. This is
+ not possible with the <a href=
+ "config.html#ENABLE-REMOTE-TOGGLE">enable-remote-toggle
+ feature</a> because it would bluntly disable all blocks for all
+ users and also affect other actions like filters. It also is
+ set globally which renders it useless in most multi-user
+ setups.</p>
+ <p>After a client-specific tag has been defined with the
+ client-specific-tag directive, action sections can be activated
+ based on the tag by using a <a href=
+ "actions-file.html#CLIENT-TAG-PATTERN" target=
+ "_top">CLIENT-TAG</a> pattern. The CLIENT-TAG pattern is
+ evaluated at the same priority as URL patterns, as a result the
+ last matching pattern wins. Tags that are created based on
+ client or server headers are evaluated later on and can
+ overrule CLIENT-TAG and URL patterns!</p>
+ <p>The tag is set for all requests that come from clients that
+ requested it to be set. Note that "clients" are differentiated
+ by IP address, if the IP address changes the tag has to be
+ requested again.</p>
+ <p>Clients can request tags to be set by using the CGI
+ interface <a href="http://config.privoxy.org/client-tags"
+ target="_top">http://config.privoxy.org/client-tags</a>. The
+ specific tag description is only used on the web page and
+ should be phrased in away that the user understand the effect
+ of the tag.</p>
+ </dd>
+ <dt>Examples:</dt>
+ <dd>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
+ # Define a couple of tags, the described effect requires action sections
+ # that are enabled based on CLIENT-TAG patterns.
+ client-specific-tag circumvent-blocks Overrule blocks but do not affect other actions
+ disable-content-filters Disable content-filters but do not affect other actions
+ </pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="CLIENT-TAG-LIFETIME" id=
+ "CLIENT-TAG-LIFETIME">7.6.16. client-tag-lifetime</a></h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Specifies:</dt>
+ <dd>
+ <p>How long a temporarily enabled tag remains enabled.</p>
+ </dd>
+ <dt>Type of value:</dt>
+ <dd>
+ <p><tt class="REPLACEABLE"><i>Time in seconds.</i></tt></p>
+ </dd>
+ <dt>Default value:</dt>
+ <dd>
+ <p>60</p>
+ </dd>
+ <dt>Notes:</dt>
+ <dd>
+ <div class="WARNING">
+ <table class="WARNING" border="1" width="90%">
+ <tr>
+ <td align="center"><b>Warning</b></td>
+ </tr>
+ <tr>
+ <td align="left">
+ <p>This is an experimental feature. The syntax is
+ likely to change in future versions.</p>
+ </td>
+ </tr>
+ </table>
+ </div>
+ <p>In case of some tags users may not want to enable them
+ permanently, but only for a short amount of time, for example
+ to circumvent a block that is the result of an overly-broad URL
+ pattern.</p>
+ <p>The CGI interface <a href=
+ "http://config.privoxy.org/client-tags" target=
+ "_top">http://config.privoxy.org/client-tags</a> therefore
+ provides a "enable this tag temporarily" option. If it is used,
+ the tag will be set until the client-tag-lifetime is over.</p>
+ </dd>
+ <dt>Examples:</dt>
+ <dd>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
+ # Increase the time to life for temporarily enabled tags to 3 minutes
+ client-tag-lifetime 180
+ </pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="TRUST-X-FORWARDED-FOR" id=
+ "TRUST-X-FORWARDED-FOR">7.6.17. trust-x-forwarded-for</a></h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Specifies:</dt>
+ <dd>
+ <p>Whether or not Privoxy should use IP addresses specified
+ with the X-Forwarded-For header</p>
+ </dd>
+ <dt>Type of value:</dt>
+ <dd>
+ <p><tt class="REPLACEABLE"><i>0 or one</i></tt></p>
+ </dd>
+ <dt>Default value:</dt>
+ <dd>
+ <p>0</p>
+ </dd>
+ <dt>Notes:</dt>
+ <dd>
+ <div class="WARNING">
+ <table class="WARNING" border="1" width="90%">
+ <tr>
+ <td align="center"><b>Warning</b></td>
+ </tr>
+ <tr>
+ <td align="left">
+ <p>This is an experimental feature. The syntax is
+ likely to change in future versions.</p>
+ </td>
+ </tr>
+ </table>
+ </div>
+ <p>If clients reach Privoxy through another proxy, for example
+ a load balancer, Privoxy can't tell the client's IP address
+ from the connection. If multiple clients use the same proxy,
+ they will share the same client tag settings which is usually
+ not desired.</p>
+ <p>This option lets Privoxy use the X-Forwarded-For header
+ value as client IP address. If the proxy sets the header,
+ multiple clients using the same proxy do not share the same
+ client tag settings.</p>
+ <p>This option should only be enabled if Privoxy can only be
+ reached through a proxy and if the proxy can be trusted to set
+ the header correctly. It is recommended that ACL are used to
+ make sure only trusted systems can reach Privoxy.</p>
+ <p>If access to Privoxy isn't limited to trusted systems, this
+ option would allow malicious clients to change the client tags
+ for other clients or increase Privoxy's memory requirements by
+ registering lots of client tag settings for clients that don't
+ exist.</p>
+ </dd>
+ <dt>Examples:</dt>
+ <dd>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
+ # Allow systems that can reach Privoxy to provide the client
+ # IP address with a X-Forwarded-For header.
+ trust-x-forwarded-for 1
+ </pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="RECEIVE-BUFFER-SIZE" id=
+ "RECEIVE-BUFFER-SIZE">7.6.18. receive-buffer-size</a></h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Specifies:</dt>
+ <dd>
+ <p>The size of the buffer Privoxy uses to receive data from the
+ server.</p>
+ </dd>
+ <dt>Type of value:</dt>
+ <dd>
+ <p><tt class="REPLACEABLE"><i>Size in bytes</i></tt></p>
+ </dd>
+ <dt>Default value:</dt>
+ <dd>
+ <p>5000</p>
+ </dd>
+ <dt>Notes:</dt>
+ <dd>
+ <p>Increasing the receive-buffer-size increases Privoxy's
+ memory usage but can lower the number of context switches and
+ thereby reduce the cpu usage and potentially increase the
+ throughput.</p>
+ <p>This is mostly relevant for fast network connections and
+ large downloads that don't require filtering.</p>
+ <p>Reducing the buffer size reduces the amount of memory
+ Privoxy needs to handle the request but increases the number of
+ systemcalls and may reduce the throughput.</p>
+ <p>A dtrace command like: <span class="QUOTE">"sudo dtrace -n
+ 'syscall::read:return /execname == "privoxy"/ { @[execname] =
+ llquantize(arg0, 10, 0, 5, 20); @m = max(arg0)}'"</span> can be
+ used to properly tune the receive-buffer-size. On systems
+ without dtrace, strace or truss may be used as less convenient
+ alternatives.</p>
+ <p>If the buffer is too large it will increase Privoxy's memory
+ footprint without any benefit. As the memory is (currently)
+ cleared before using it, a buffer that is too large can
+ actually reduce the throughput.</p>
+ </dd>
+ <dt>Examples:</dt>
+ <dd>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
+ # Increase the receive buffer size
+ receive-buffer-size 32768
+ </pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ </div>
+ <div class="SECT2">
+ <h2 class="SECT2"><a name="WINDOWS-GUI" id="WINDOWS-GUI">7.7. Windows
+ GUI Options</a></h2>
+ <p><span class="APPLICATION">Privoxy</span> has a number of options
+ specific to the Windows GUI interface:</p><a name="ACTIVITY-ANIMATION"
+ id="ACTIVITY-ANIMATION"></a>
+ <p>If <span class="QUOTE">"activity-animation"</span> is set to 1, the
+ <span class="APPLICATION">Privoxy</span> icon will animate when
+ <span class="QUOTE">"Privoxy"</span> is active. To turn off, set to
+ 0.</p>
+ <p class="LITERALLAYOUT"><tt class="LITERAL"> <span class=
+ "emphasis"><i class="EMPHASIS">activity-animation 1</i></span><br>
+ </tt></p><a name="LOG-MESSAGES" id=
+ "LOG-MESSAGES"></a>
+ <p>If <span class="QUOTE">"log-messages"</span> is set to 1,
+ <span class="APPLICATION">Privoxy</span> copies log messages to the
+ console window. The log detail depends on the <a href=
+ "config.html#DEBUG">debug</a> directive.</p>
+ <p class="LITERALLAYOUT"><tt class="LITERAL"> <span class=
+ "emphasis"><i class="EMPHASIS">log-messages 1</i></span><br>
+ </tt></p><a name="LOG-BUFFER-SIZE" id=
+ "LOG-BUFFER-SIZE"></a>
+ <p>If <span class="QUOTE">"log-buffer-size"</span> is set to 1, the
+ size of the log buffer, i.e. the amount of memory used for the log
+ messages displayed in the console window, will be limited to
+ <span class="QUOTE">"log-max-lines"</span> (see below).</p>
+ <p>Warning: Setting this to 0 will result in the buffer to grow
+ infinitely and eat up all your memory!</p>
+ <p class="LITERALLAYOUT"><tt class="LITERAL"> <span class=
+ "emphasis"><i class="EMPHASIS">log-buffer-size 1</i></span><br>
+ </tt></p><a name="LOG-MAX-LINES" id=
+ "LOG-MAX-LINES"></a>
+ <p><span class="APPLICATION">log-max-lines</span> is the maximum number
+ of lines held in the log buffer. See above.</p>
+ <p class="LITERALLAYOUT"><tt class="LITERAL"> <span class=
+ "emphasis"><i class="EMPHASIS">log-max-lines 200</i></span><br>
+ </tt></p><a name="LOG-HIGHLIGHT-MESSAGES" id=
+ "LOG-HIGHLIGHT-MESSAGES"></a>
+ <p>If <span class="QUOTE">"log-highlight-messages"</span> is set to 1,
+ <span class="APPLICATION">Privoxy</span> will highlight portions of the
+ log messages with a bold-faced font:</p>
+ <p class="LITERALLAYOUT"><tt class="LITERAL"> <span class=
+ "emphasis"><i class="EMPHASIS">log-highlight-messages 1</i></span><br>
+ </tt></p><a name="LOG-FONT-NAME" id=
+ "LOG-FONT-NAME"></a>
+ <p>The font used in the console window:</p>
+ <p class="LITERALLAYOUT"><tt class="LITERAL"> <span class=
+ "emphasis"><i class="EMPHASIS">log-font-name Comic Sans
+ MS</i></span><br>
+ </tt></p><a name="LOG-FONT-SIZE" id=
+ "LOG-FONT-SIZE"></a>
+ <p>Font size used in the console window:</p>
+ <p class="LITERALLAYOUT"><tt class="LITERAL"> <span class=
+ "emphasis"><i class="EMPHASIS">log-font-size 8</i></span><br>
+ </tt></p><a name="SHOW-ON-TASK-BAR" id=
+ "SHOW-ON-TASK-BAR"></a>
+ <p><span class="QUOTE">"show-on-task-bar"</span> controls whether or
+ not <span class="APPLICATION">Privoxy</span> will appear as a button on
+ the Task bar when minimized:</p>
+ <p class="LITERALLAYOUT"><tt class="LITERAL"> <span class=
+ "emphasis"><i class="EMPHASIS">show-on-task-bar 0</i></span><br>
+ </tt></p><a name="CLOSE-BUTTON-MINIMIZES" id=
+ "CLOSE-BUTTON-MINIMIZES"></a>
+ <p>If <span class="QUOTE">"close-button-minimizes"</span> is set to 1,
+ the Windows close button will minimize <span class=
+ "APPLICATION">Privoxy</span> instead of closing the program (close with
+ the exit option on the File menu).</p>
+ <p class="LITERALLAYOUT"><tt class="LITERAL"> <span class=
+ "emphasis"><i class="EMPHASIS">close-button-minimizes 1</i></span><br>
+ </tt></p><a name="HIDE-CONSOLE" id=
+ "HIDE-CONSOLE"></a>
+ <p>The <span class="QUOTE">"hide-console"</span> option is specific to
+ the MS-Win console version of <span class="APPLICATION">Privoxy</span>.
+ If this option is used, <span class="APPLICATION">Privoxy</span> will
+ disconnect from and hide the command console.</p>
+ <p class="LITERALLAYOUT"><tt class="LITERAL"> #<span class=
+ "emphasis"><i class="EMPHASIS">hide-console</i></span><br>
+ </tt></p>
+ </div>
+ </div>
+ <div class="NAVFOOTER">
+ <hr align="left" width="100%">
+ <table summary="Footer navigation table" width="100%" border="0"
+ cellpadding="0" cellspacing="0">
+ <tr>
+ <td width="33%" align="left" valign="top"><a href=
+ "configuration.html" accesskey="P">Prev</a></td>
+ <td width="34%" align="center" valign="top"><a href="index.html"
+ accesskey="H">Home</a></td>
+ <td width="33%" align="right" valign="top"><a href=
+ "actions-file.html" accesskey="N">Next</a></td>
+ </tr>
+ <tr>
+ <td width="33%" align="left" valign="top">Privoxy Configuration</td>
+ <td width="34%" align="center" valign="top"> </td>
+ <td width="33%" align="right" valign="top">Actions Files</td>
+ </tr>
+ </table>
+ </div>
+</body>
+</html>