Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
- <meta name="generator" content="HTML Tidy, see www.w3.org">
<title>
The Main Configuration File
</title>
<meta name="GENERATOR" content=
"Modular DocBook HTML Stylesheet Version 1.79">
- <link rel="HOME" title="Privoxy 3.0.18 User Manual" href="index.html">
+ <link rel="HOME" title="Privoxy 3.0.26 User Manual" href="index.html">
<link rel="PREVIOUS" title="Privoxy Configuration" href=
"configuration.html">
<link rel="NEXT" title="Actions Files" href="actions-file.html">
<link rel="STYLESHEET" type="text/css" href="../p_doc.css">
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<link rel="STYLESHEET" type="text/css" href="p_doc.css">
-<style type="text/css">
- body {
- background-color: #EEEEEE;
- color: #000000;
- }
- :link { color: #0000FF }
- :visited { color: #840084 }
- :active { color: #0000FF }
- hr.c1 {text-align: left}
-</style>
</head>
- <body class="SECT1">
+ <body class="SECT1" bgcolor="#EEEEEE" text="#000000" link="#0000FF" vlink=
+ "#840084" alink="#0000FF">
<div class="NAVHEADER">
<table summary="Header navigation table" width="100%" border="0"
cellpadding="0" cellspacing="0">
<tr>
<th colspan="3" align="center">
- Privoxy 3.0.18 User Manual
+ Privoxy 3.0.26 User Manual
</th>
</tr>
<tr>
</td>
</tr>
</table>
- <hr width="100%" class="c1">
+ <hr align="LEFT" width="100%">
</div>
<div class="SECT1">
<h1 class="SECT1">
</dt>
<dd>
<p>
- <a href="http://www.privoxy.org/user-manual/" target=
- "_top">http://www.privoxy.org/<tt class=
+ <a href="https://www.privoxy.org/user-manual/" target=
+ "_top">https://www.privoxy.org/<tt class=
"REPLACEABLE"><i>version</i></tt>/user-manual/</a> will be
used, where <tt class="REPLACEABLE"><i>version</i></tt> is
the <span class="APPLICATION">Privoxy</span> version.
</div>
<div class="SECT3">
<h4 class="SECT3">
- <a name="LOGDIR">7.2.3. logdir</a>
+ <a name="TEMPORARY-DIRECTORY">7.2.3. temporary-directory</a>
+ </h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>
+ Specifies:
+ </dt>
+ <dd>
+ <p>
+ A directory where Privoxy can create temporary files.
+ </p>
+ </dd>
+ <dt>
+ Type of value:
+ </dt>
+ <dd>
+ <p>
+ Path name
+ </p>
+ </dd>
+ <dt>
+ Default value:
+ </dt>
+ <dd>
+ <p>
+ unset
+ </p>
+ </dd>
+ <dt>
+ Effect if unset:
+ </dt>
+ <dd>
+ <p>
+ No temporary files are created, external filters don't
+ work.
+ </p>
+ </dd>
+ <dt>
+ Notes:
+ </dt>
+ <dd>
+ <p>
+ To execute <tt class="LITERAL"><a href=
+ "actions-file.html#EXTERNAL-FILTER" target="_top">external
+ filters</a></tt>, <span class="APPLICATION">Privoxy</span>
+ has to create temporary files. This directive specifies the
+ directory the temporary files should be written to.
+ </p>
+ <p>
+ It should be a directory only <span class=
+ "APPLICATION">Privoxy</span> (and trusted users) can
+ access.
+ </p>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3">
+ <a name="LOGDIR">7.2.4. logdir</a>
</h4>
<div class="VARIABLELIST">
<dl>
</div>
<div class="SECT3">
<h4 class="SECT3">
- <a name="ACTIONSFILE">7.2.4. actionsfile</a>
+ <a name="ACTIONSFILE">7.2.5. actionsfile</a>
</h4>
<a name="DEFAULT.ACTION"></a><a name="STANDARD.ACTION"></a><a name=
"USER.ACTION"></a>
<p>
Actions files contain all the per site and per URL
configuration for ad blocking, cookie management, privacy
- considerations, etc. There is no point in using <span
- class="APPLICATION">Privoxy</span> without at least one
- actions file.
- </p>
- <p>
- Note that since Privoxy 3.0.7, the complete filename,
- including the <span class="QUOTE">".action"</span>
- extension has to be specified. The syntax change was
- necessary to be consistent with the other file options and
- to allow previously forbidden characters.
+ considerations, etc.
</p>
</dd>
</dl>
</div>
<div class="SECT3">
<h4 class="SECT3">
- <a name="FILTERFILE">7.2.5. filterfile</a>
+ <a name="FILTERFILE">7.2.6. filterfile</a>
</h4>
<a name="DEFAULT.FILTER"></a>
<div class="VARIABLELIST">
</div>
<div class="SECT3">
<h4 class="SECT3">
- <a name="LOGFILE">7.2.6. logfile</a>
+ <a name="LOGFILE">7.2.7. logfile</a>
</h4>
<div class="VARIABLELIST">
<dl>
Depending on the debug options below, the logfile may be a
privacy risk if third parties can get access to it. As most
users will never look at it, <span class=
- "APPLICATION">Privoxy</span> 3.0.7 and later only log fatal
- errors by default.
+ "APPLICATION">Privoxy</span> only logs fatal errors by
+ default.
</p>
<p>
For most troubleshooting purposes, you will have to change
that, please refer to the debugging section for details.
</p>
- <p>
- Your logfile will grow indefinitely, and you will probably
- want to periodically remove it. On Unix systems, you can do
- this with a cron job (see <span class="QUOTE">"man
- cron"</span>). For Red Hat based Linux distributions, a <b
- class="COMMAND">logrotate</b> script has been included.
- </p>
<p>
Any log files must be writable by whatever user <span
class="APPLICATION">Privoxy</span> is being run as (on
Unix, default user id is <span class=
"QUOTE">"privoxy"</span>).
</p>
+ <p>
+ To prevent the logfile from growing indefinitely, it is
+ recommended to periodically rotate or shorten it. Many
+ operating systems support log rotation out of the box, some
+ require additional software to do it. For details, please
+ refer to the documentation for your operating system.
+ </p>
</dd>
</dl>
</div>
</div>
<div class="SECT3">
<h4 class="SECT3">
- <a name="TRUSTFILE">7.2.7. trustfile</a>
+ <a name="TRUSTFILE">7.2.8. trustfile</a>
</h4>
<div class="VARIABLELIST">
<dl>
debug 4096 # Startup banner and warnings.
debug 8192 # Non-fatal errors
debug 32768 # log all data read from the network
+ debug 65536 # Log the applying actions
</pre>
</td>
</tr>
you are hunting down a specific problem. They can produce a
hell of an output (especially 16).
</p>
- <p>
- <span class="APPLICATION">Privoxy</span> used to ship with
- the debug levels recommended above enabled by default, but
- due to privacy concerns 3.0.7 and later are configured to
- only log fatal errors.
- </p>
<p>
If you are used to the more verbose settings, simply enable
the debug lines below again.
</dt>
<dd>
<p>
- <span class="emphasis"><i class="EMPHASIS">None</i></span>
+ <span class="emphasis"><i class="EMPHASIS">1 or
+ 0</i></span>
</p>
</dd>
<dt>
</dt>
<dd>
<p>
- <span class="emphasis"><i class="EMPHASIS">Unset</i></span>
+ <span class="emphasis"><i class="EMPHASIS">0</i></span>
</p>
</dd>
<dt>
aware that some GNU/Linux distributions modify that
behaviour without updating the documentation. Check for
non-standard patches if your <span class=
- "APPLICATION">Privoxy</span>version behaves differently.
+ "APPLICATION">Privoxy</span> version behaves differently.
</p>
<p>
- If you configure <span class="APPLICATION">Privoxy</span>to
- be reachable from the network, consider using <a href=
+ If you configure <span class="APPLICATION">Privoxy</span>
+ to be reachable from the network, consider using <a href=
"config.html#ACLS">access control lists</a> (ACL's, see
below), and/or a firewall.
</p>
and <tt class="LITERAL"><a href=
"config.html#ENABLE-REMOTE-TOGGLE">enable-remote-toggle</a></tt>
</p>
- <p>
- With the exception noted above, listening on multiple
- addresses is currently not supported by <span class=
- "APPLICATION">Privoxy</span> directly. It can be done on
- most operating systems by letting a packet filter redirect
- request for certain addresses to Privoxy, though.
- </p>
</dd>
<dt>
Example:
with both ad blocking and content filtering disabled. See
<tt class="LITERAL">enable-remote-toggle</tt> below.
</p>
- <p>
- The windows version will only display the toggle icon in
- the system tray if this option is present.
- </p>
</dd>
</dl>
</div>
</dl>
</div>
</div>
+ <div class="SECT3">
+ <h4 class="SECT3">
+ <a name="ENABLE-PROXY-AUTHENTICATION-FORWARDING">7.4.9.
+ enable-proxy-authentication-forwarding</a>
+ </h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>
+ Specifies:
+ </dt>
+ <dd>
+ <p>
+ Whether or not proxy authentication through <span class=
+ "APPLICATION">Privoxy</span> should work.
+ </p>
+ </dd>
+ <dt>
+ Type of value:
+ </dt>
+ <dd>
+ <p>
+ 0 or 1
+ </p>
+ </dd>
+ <dt>
+ Default value:
+ </dt>
+ <dd>
+ <p>
+ 0
+ </p>
+ </dd>
+ <dt>
+ Effect if unset:
+ </dt>
+ <dd>
+ <p>
+ Proxy authentication headers are removed.
+ </p>
+ </dd>
+ <dt>
+ Notes:
+ </dt>
+ <dd>
+ <p>
+ Privoxy itself does not support proxy authentication, but
+ can allow clients to authenticate against Privoxy's parent
+ proxy.
+ </p>
+ <p>
+ By default Privoxy (3.0.21 and later) don't do that and
+ remove Proxy-Authorization headers in requests and
+ Proxy-Authenticate headers in responses to make it harder
+ for malicious sites to trick inexperienced users into
+ providing login information.
+ </p>
+ <p>
+ If this option is enabled the headers are forwarded.
+ </p>
+ <p>
+ Enabling this option is <span class="emphasis"><i class=
+ "EMPHASIS">not recommended</i></span> if there is no parent
+ proxy that requires authentication or if the local network
+ between Privoxy and the parent proxy isn't trustworthy. If
+ proxy authentication is only required for some requests, it
+ is recommended to use a client header filter to remove the
+ authentication headers for requests where they aren't
+ needed.
+ </p>
+ </dd>
+ </dl>
+ </div>
+ </div>
</div>
<div class="SECT2">
<h2 class="SECT2">
</div>
<div class="SECT3">
<h4 class="SECT3">
- <a name="SOCKS">7.5.2. forward-socks4, forward-socks4a and
- forward-socks5</a>
+ <a name="SOCKS">7.5.2. forward-socks4, forward-socks4a,
+ forward-socks5 and forward-socks5t</a>
</h4>
<a name="FORWARD-SOCKS4"></a><a name="FORWARD-SOCKS4A"></a>
<div class="VARIABLELIST">
With <tt class="LITERAL">forward-socks5</tt> the DNS
resolution will happen on the remote server as well.
</p>
+ <p>
+ <tt class="LITERAL">forward-socks5t</tt> works like vanilla
+ <tt class="LITERAL">forward-socks5</tt> but lets <span
+ class="APPLICATION">Privoxy</span> additionally use
+ Tor-specific SOCKS extensions. Currently the only supported
+ SOCKS extension is optimistic data which can reduce the
+ latency for the first request made on a newly created
+ connection.
+ </p>
<p>
<tt class="REPLACEABLE"><i>socks_proxy</i></tt> and <tt
class="REPLACEABLE"><i>http_parent</i></tt> can be a
<tr>
<td>
<pre class="SCREEN">
- forward-socks5 / 127.0.0.1:9050 .
+ forward-socks5t / 127.0.0.1:9050 .
</pre>
</td>
</tr>
</table>
+ <p>
+ Note that if you got Tor through one of the bundles, you
+ may have to change the port from 9050 to 9150 (or even
+ another one). For details, please check the documentation
+ on the <a href="https://torproject.org/" target="_top">Tor
+ website</a>.
+ </p>
<p>
The public <span class="APPLICATION">Tor</span> network
can't be used to reach your local network, if you need to
outgoing HTTP connections into <span class=
"APPLICATION">Privoxy</span>.
</p>
+ <p>
+ Note that intercepting encrypted connections (HTTPS) isn't
+ supported.
+ </p>
<p>
Make sure that <span class="APPLICATION">Privoxy's</span>
own requests aren't redirected as well. Additionally take
by the outside or an attacker has access to the pages you
visit.
</p>
+ <p>
+ If you are running Privoxy as intercepting proxy without
+ being able to intercept all client requests you may want to
+ adjust the CGI templates to make sure they don't reference
+ content from config.privoxy.org.
+ </p>
</dd>
<dt>
Examples:
Several users have reported this as a Privoxy bug, so the
default value has been reduced. Consider increasing it to
300 seconds or even more if you think your browser can
- handle it. If your browser appears to be hanging it can't.
+ handle it. If your browser appears to be hanging, it
+ probably can't.
</p>
</dd>
<dt>
</div>
<div class="SECT3">
<h4 class="SECT3">
- <a name="DEFAULT-SERVER-TIMEOUT">7.6.5.
+ <a name="TOLERATE-PIPELINING">7.6.5. tolerate-pipelining</a>
+ </h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>
+ Specifies:
+ </dt>
+ <dd>
+ <p>
+ Whether or not pipelined requests should be served.
+ </p>
+ </dd>
+ <dt>
+ Type of value:
+ </dt>
+ <dd>
+ <p>
+ <tt class="REPLACEABLE"><i>0 or 1.</i></tt>
+ </p>
+ </dd>
+ <dt>
+ Default value:
+ </dt>
+ <dd>
+ <p>
+ None
+ </p>
+ </dd>
+ <dt>
+ Effect if unset:
+ </dt>
+ <dd>
+ <p>
+ If Privoxy receives more than one request at once, it
+ terminates the client connection after serving the first
+ one.
+ </p>
+ </dd>
+ <dt>
+ Notes:
+ </dt>
+ <dd>
+ <p>
+ <span class="APPLICATION">Privoxy</span> currently doesn't
+ pipeline outgoing requests, thus allowing pipelining on the
+ client connection is not guaranteed to improve the
+ performance.
+ </p>
+ <p>
+ By default <span class="APPLICATION">Privoxy</span> tries
+ to discourage clients from pipelining by discarding
+ aggressively pipelined requests, which forces the client to
+ resend them through a new connection.
+ </p>
+ <p>
+ This option lets <span class="APPLICATION">Privoxy</span>
+ tolerate pipelining. Whether or not that improves
+ performance mainly depends on the client configuration.
+ </p>
+ <p>
+ If you are seeing problems with pages not properly loading,
+ disabling this option could work around the problem.
+ </p>
+ </dd>
+ <dt>
+ Examples:
+ </dt>
+ <dd>
+ <p>
+ tolerate-pipelining 1
+ </p>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3">
+ <a name="DEFAULT-SERVER-TIMEOUT">7.6.6.
default-server-timeout</a>
</h4>
<div class="VARIABLELIST">
</div>
<div class="SECT3">
<h4 class="SECT3">
- <a name="CONNECTION-SHARING">7.6.6. connection-sharing</a>
+ <a name="CONNECTION-SHARING">7.6.7. connection-sharing</a>
</h4>
<div class="VARIABLELIST">
<dl>
</div>
<div class="SECT3">
<h4 class="SECT3">
- <a name="SOCKET-TIMEOUT">7.6.7. socket-timeout</a>
+ <a name="SOCKET-TIMEOUT">7.6.8. socket-timeout</a>
</h4>
<div class="VARIABLELIST">
<dl>
</div>
<div class="SECT3">
<h4 class="SECT3">
- <a name="MAX-CLIENT-CONNECTIONS">7.6.8.
+ <a name="MAX-CLIENT-CONNECTIONS">7.6.9.
max-client-connections</a>
</h4>
<div class="VARIABLELIST">
</dt>
<dd>
<p>
- None
+ 128
</p>
</dd>
<dt>
Obviously using this option only makes sense if you choose
a limit below the one enforced by the operating system.
</p>
+ <p>
+ One most POSIX-compliant systems <span class=
+ "APPLICATION">Privoxy</span> can't properly deal with more
+ than FD_SETSIZE file descriptors at the same time and has
+ to reject connections if the limit is reached. This will
+ likely change in a future version, but currently this limit
+ can't be increased without recompiling <span class=
+ "APPLICATION">Privoxy</span> with a different FD_SETSIZE
+ limit.
+ </p>
</dd>
<dt>
Examples:
</div>
<div class="SECT3">
<h4 class="SECT3">
- <a name="HANDLE-AS-EMPTY-DOC-RETURNS-OK">7.6.9.
+ <a name="HANDLE-AS-EMPTY-DOC-RETURNS-OK">7.6.10.
handle-as-empty-doc-returns-ok</a>
</h4>
<div class="VARIABLELIST">
</dt>
<dd>
<p>
- This is a work-around for Firefox bug 492459: <span class=
- "QUOTE">" Websites are no longer rendered if SSL requests
- for JavaScripts are blocked by a proxy. "</span> (<a href=
+ This directive was added as a work-around for Firefox bug
+ 492459: <span class="QUOTE">"Websites are no longer
+ rendered if SSL requests for JavaScripts are blocked by a
+ proxy."</span> (<a href=
"https://bugzilla.mozilla.org/show_bug.cgi?id=492459"
target=
- "_top">https://bugzilla.mozilla.org/show_bug.cgi?id=492459</a>)
- As the bug has been fixed for quite some time this option
- should no longer be needed and will be removed in a future
- release. Please speak up if you have a reason why the
- option should be kept around.
+ "_top">https://bugzilla.mozilla.org/show_bug.cgi?id=492459</a>),
+ the bug has been fixed for quite some time, but this
+ directive is also useful to make it harder for websites to
+ detect whether or not resources are being blocked.
</p>
</dd>
</dl>
</div>
<div class="SECT3">
<h4 class="SECT3">
- <a name="ENABLE-COMPRESSION">7.6.10. enable-compression</a>
+ <a name="ENABLE-COMPRESSION">7.6.11. enable-compression</a>
</h4>
<div class="VARIABLELIST">
<dl>
</div>
<div class="SECT3">
<h4 class="SECT3">
- <a name="COMPRESSION-LEVEL">7.6.11. compression-level</a>
+ <a name="COMPRESSION-LEVEL">7.6.12. compression-level</a>
</h4>
<div class="VARIABLELIST">
<dl>
# is likely to be flawed.
compression-level 0
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3">
+ <a name="CLIENT-HEADER-ORDER">7.6.13. client-header-order</a>
+ </h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>
+ Specifies:
+ </dt>
+ <dd>
+ <p>
+ The order in which client headers are sorted before
+ forwarding them.
+ </p>
+ </dd>
+ <dt>
+ Type of value:
+ </dt>
+ <dd>
+ <p>
+ <tt class="REPLACEABLE"><i>Client header names delimited by
+ spaces or tabs</i></tt>
+ </p>
+ </dd>
+ <dt>
+ Default value:
+ </dt>
+ <dd>
+ <p>
+ None
+ </p>
+ </dd>
+ <dt>
+ Notes:
+ </dt>
+ <dd>
+ <p>
+ By default <span class="APPLICATION">Privoxy</span> leaves
+ the client headers in the order they were sent by the
+ client. Headers are modified in-place, new headers are
+ added at the end of the already existing headers.
+ </p>
+ <p>
+ The header order can be used to fingerprint client requests
+ independently of other headers like the User-Agent.
+ </p>
+ <p>
+ This directive allows to sort the headers differently to
+ better mimic a different User-Agent. Client headers will be
+ emitted in the order given, headers whose name isn't
+ explicitly specified are added at the end.
+ </p>
+ <p>
+ Note that sorting headers in an uncommon way will make
+ fingerprinting actually easier. Encrypted headers are not
+ affected by this directive.
+ </p>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3">
+ <a name="CLIENT-SPECIFIC-TAG">7.6.14. client-specific-tag</a>
+ </h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>
+ Specifies:
+ </dt>
+ <dd>
+ <p>
+ The name of a tag that will always be set for clients that
+ requested it through the webinterface.
+ </p>
+ </dd>
+ <dt>
+ Type of value:
+ </dt>
+ <dd>
+ <p>
+ <tt class="REPLACEABLE"><i>Tag name followed by a
+ description that will be shown in the webinterface</i></tt>
+ </p>
+ </dd>
+ <dt>
+ Default value:
+ </dt>
+ <dd>
+ <p>
+ None
+ </p>
+ </dd>
+ <dt>
+ Notes:
+ </dt>
+ <dd>
+ <div class="WARNING">
+ <table class="WARNING" border="1" width="90%">
+ <tr>
+ <td align="CENTER">
+ <b>Warning</b>
+ </td>
+ </tr>
+ <tr>
+ <td align="LEFT">
+ <p>
+ This is an experimental feature. The syntax is
+ likely to change in future versions.
+ </p>
+ </td>
+ </tr>
+ </table>
+ </div>
+ <p>
+ Client-specific tags allow Privoxy admins to create
+ different profiles and let the users chose which one they
+ want without impacting other users.
+ </p>
+ <p>
+ One use case is allowing users to circumvent certain blocks
+ without having to allow them to circumvent all blocks. This
+ is not possible with the <a href=
+ "config.html#ENABLE-REMOTE-TOGGLE">enable-remote-toggle
+ feature</a> because it would bluntly disable all blocks for
+ all users and also affect other actions like filters. It
+ also is set globally which renders it useless in most
+ multi-user setups.
+ </p>
+ <p>
+ After a client-specific tag has been defined with the
+ client-specific-tag directive, action sections can be
+ activated based on the tag by using a <a href=
+ "actions-file.html#CLIENT-TAG-PATTERN" target=
+ "_top">CLIENT-TAG</a> pattern. The CLIENT-TAG pattern is
+ evaluated at the same priority as URL patterns, as a result
+ the last matching pattern wins. Tags that are created based
+ on client or server headers are evaluated later on and can
+ overrule CLIENT-TAG and URL patterns!
+ </p>
+ <p>
+ The tag is set for all requests that come from clients that
+ requested it to be set. Note that "clients" are
+ differentiated by IP address, if the IP address changes the
+ tag has to be requested again.
+ </p>
+ <p>
+ Clients can request tags to be set by using the CGI
+ interface <a href="http://config.privoxy.org/client-tags"
+ target="_top">http://config.privoxy.org/client-tags</a>.
+ The specific tag description is only used on the web page
+ and should be phrased in away that the user understand the
+ effect of the tag.
+ </p>
+ </dd>
+ <dt>
+ Examples:
+ </dt>
+ <dd>
+ <p>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
+ # Define a couple of tags, the described effect requires action sections
+ # that are enabled based on CLIENT-TAG patterns.
+ client-specific-tag circumvent-blocks Overrule blocks but do not affect other actions
+ disable-content-filters Disable content-filters but do not affect other actions
+
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3">
+ <a name="CLIENT-TAG-LIFETIME">7.6.15. client-tag-lifetime</a>
+ </h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>
+ Specifies:
+ </dt>
+ <dd>
+ <p>
+ How long a temporarily enabled tag remains enabled.
+ </p>
+ </dd>
+ <dt>
+ Type of value:
+ </dt>
+ <dd>
+ <p>
+ <tt class="REPLACEABLE"><i>Time in seconds.</i></tt>
+ </p>
+ </dd>
+ <dt>
+ Default value:
+ </dt>
+ <dd>
+ <p>
+ 60
+ </p>
+ </dd>
+ <dt>
+ Notes:
+ </dt>
+ <dd>
+ <div class="WARNING">
+ <table class="WARNING" border="1" width="90%">
+ <tr>
+ <td align="CENTER">
+ <b>Warning</b>
+ </td>
+ </tr>
+ <tr>
+ <td align="LEFT">
+ <p>
+ This is an experimental feature. The syntax is
+ likely to change in future versions.
+ </p>
+ </td>
+ </tr>
+ </table>
+ </div>
+ <p>
+ In case of some tags users may not want to enable them
+ permanently, but only for a short amount of time, for
+ example to circumvent a block that is the result of an
+ overly-broad URL pattern.
+ </p>
+ <p>
+ The CGI interface <a href=
+ "http://config.privoxy.org/client-tags" target=
+ "_top">http://config.privoxy.org/client-tags</a> therefore
+ provides a "enable this tag temporarily" option. If it is
+ used, the tag will be set until the client-tag-lifetime is
+ over.
+ </p>
+ </dd>
+ <dt>
+ Examples:
+ </dt>
+ <dd>
+ <p>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
+ # Increase the time to life for temporarily enabled tags to 3 minutes
+ client-tag-lifetime 180
+
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3">
+ <a name="TRUST-X-FORWARDED-FOR">7.6.16. trust-x-forwarded-for</a>
+ </h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>
+ Specifies:
+ </dt>
+ <dd>
+ <p>
+ Whether or not Privoxy should use IP addresses specified
+ with the X-Forwarded-For header
+ </p>
+ </dd>
+ <dt>
+ Type of value:
+ </dt>
+ <dd>
+ <p>
+ <tt class="REPLACEABLE"><i>0 or one</i></tt>
+ </p>
+ </dd>
+ <dt>
+ Default value:
+ </dt>
+ <dd>
+ <p>
+ 0
+ </p>
+ </dd>
+ <dt>
+ Notes:
+ </dt>
+ <dd>
+ <div class="WARNING">
+ <table class="WARNING" border="1" width="90%">
+ <tr>
+ <td align="CENTER">
+ <b>Warning</b>
+ </td>
+ </tr>
+ <tr>
+ <td align="LEFT">
+ <p>
+ This is an experimental feature. The syntax is
+ likely to change in future versions.
+ </p>
+ </td>
+ </tr>
+ </table>
+ </div>
+ <p>
+ If clients reach Privoxy through another proxy, for example
+ a load balancer, Privoxy can't tell the client's IP address
+ from the connection. If multiple clients use the same
+ proxy, they will share the same client tag settings which
+ is usually not desired.
+ </p>
+ <p>
+ This option lets Privoxy use the X-Forwarded-For header
+ value as client IP address. If the proxy sets the header,
+ multiple clients using the same proxy do not share the same
+ client tag settings.
+ </p>
+ <p>
+ This option should only be enabled if Privoxy can only be
+ reached through a proxy and if the proxy can be trusted to
+ set the header correctly. It is recommended that ACL are
+ used to make sure only trusted systems can reach Privoxy.
+ </p>
+ <p>
+ If access to Privoxy isn't limited to trusted systems, this
+ option would allow malicious clients to change the client
+ tags for other clients or increase Privoxy's memory
+ requirements by registering lots of client tag settings for
+ clients that don't exist.
+ </p>
+ </dd>
+ <dt>
+ Examples:
+ </dt>
+ <dd>
+ <p>
+ </p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+<pre class="SCREEN">
+ # Allow systems that can reach Privoxy to provide the client
+ # IP address with a X-Forwarded-For header.
+ trust-x-forwarded-for 1
+
</pre>
</td>
</tr>
<a name="LOG-MESSAGES"></a>
<p>
If <span class="QUOTE">"log-messages"</span> is set to 1, <span
- class="APPLICATION">Privoxy</span> will log messages to the console
- window:
+ class="APPLICATION">Privoxy</span> copies log messages to the
+ console window. The log detail depends on the <a href=
+ "config.html#DEBUG">debug</a> directive.
</p>
<p>
</p>
</div>
</div>
<div class="NAVFOOTER">
- <hr width="100%" class="c1">
+ <hr align="LEFT" width="100%">
<table summary="Footer navigation table" width="100%" border="0"
cellpadding="0" cellspacing="0">
<tr>