HREF="actions-file.html"><LINK
REL="STYLESHEET"
TYPE="text/css"
-HREF="../p_doc.css"></HEAD
+HREF="../p_doc.css">
+<LINK REL="STYLESHEET" TYPE="text/css" HREF="p_doc.css">
+</head
><BODY
CLASS="SECT1"
BGCOLOR="#EEEEEE"
><H2
CLASS="SECT2"
><A
-NAME="CONF-LOG-LOC"
+NAME="LOCAL-SET-UP"
></A
->7.1. Configuration and Log File Locations</H2
-><P
-> <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> can (and normally does) use a number of
- other files for additional configuration, help and logging.
- This section of the configuration file tells <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
->
- where to find those other files. </P
+>7.1. Local Set-up Documentation</H2
><P
-> The user running <SPAN
+> If you intend to operate <SPAN
CLASS="APPLICATION"
>Privoxy</SPAN
->, must have read
- permission for all configuration files, and write permission to any files
- that would be modified, such as log files and actions files.</P
+> for more users
+ than just yourself, it might be a good idea to let them know how to reach
+ you, what you block and why you do that, your policies, etc.
+ </P
><DIV
CLASS="SECT3"
><H4
CLASS="SECT3"
><A
-NAME="CONFDIR"
+NAME="USER-MANUAL"
></A
->7.1.1. confdir</H4
+>7.1.1. user-manual</H4
><P
></P
><DIV
>Specifies:</DT
><DD
><P
->The directory where the other configuration files are located</P
+> Location of the <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> User Manual.
+ </P
></DD
><DT
>Type of value:</DT
><DD
><P
->Path name</P
+>A fully qualified URI</P
></DD
><DT
>Default value:</DT
><DD
><P
->/etc/privoxy (Unix) <SPAN
+><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
->or</I
+>Unset</I
></SPAN
-> <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> installation dir (Windows) </P
+></P
></DD
><DT
>Effect if unset:</DT
><DD
><P
-><SPAN
-CLASS="emphasis"
+> <A
+HREF="http://www.privoxy.org/user-manual/"
+TARGET="_top"
+>http://www.privoxy.org/<TT
+CLASS="REPLACEABLE"
><I
-CLASS="EMPHASIS"
->Mandatory</I
-></SPAN
-></P
+>version</I
+></TT
+>/user-manual/</A
+>
+ will be used, where <TT
+CLASS="REPLACEABLE"
+><I
+>version</I
+></TT
+> is the <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> version.
+ </P
></DD
><DT
>Notes:</DT
><DD
><P
-> No trailing <SPAN
-CLASS="QUOTE"
->"<TT
-CLASS="LITERAL"
->/</TT
->"</SPAN
->, please
+> The User Manual URI is the single best source of information on
+ <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+>, and is used for help links from some
+ of the internal CGI pages. The manual itself is normally packaged with the
+ binary distributions, so you probably want to set this to a locally
+ installed copy. For multi-user setups, you could provide a copy on a local
+ webserver for all your users and use the corresponding URL here.
</P
><P
-> When development goes modular and multi-user, the blocker, filter, and
- per-user config will be stored in subdirectories of <SPAN
-CLASS="QUOTE"
->"confdir"</SPAN
->.
- For now, the configuration directory structure is flat, except for
- <TT
-CLASS="FILENAME"
->confdir/templates</TT
->, where the HTML templates for CGI
- output reside (e.g. <SPAN
-CLASS="APPLICATION"
->Privoxy's</SPAN
-> 404 error page).
+> Examples:
+ </P
+><P
+> The best all purpose solution is simply to put the full local
+ <TT
+CLASS="LITERAL"
+>PATH</TT
+> to where the <I
+CLASS="CITETITLE"
+>User Manual</I
+> is
+ located:
+ </P
+><P
+> <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+> user-manual /usr/share/doc/privoxy/user-manual</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+><P
+> The User Manual is then available to anyone with access to the proxy, by
+ following the built-in URL: <TT
+CLASS="LITERAL"
+>http://config.privoxy.org/user-manual/</TT
+>
+ (or the shortcut: <TT
+CLASS="LITERAL"
+>http://p.p/user-manual/</TT
+>).
+ </P
+><P
+> If the documentation is not on the local system, it can be accessed
+ from a remote server, as:
+ </P
+><P
+> <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+> user-manual http://example.com/privoxy/user-manual/</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+><DIV
+CLASS="WARNING"
+><P
+></P
+><TABLE
+CLASS="WARNING"
+BORDER="1"
+WIDTH="90%"
+><TR
+><TD
+ALIGN="CENTER"
+><B
+>Warning</B
+></TD
+></TR
+><TR
+><TD
+ALIGN="LEFT"
+><P
+> If set, this option should be <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>the first option in the config
+ file</I
+></SPAN
+>, because it is used while the config file is being read
+ on start-up.
</P
+></TD
+></TR
+></TABLE
+></DIV
></DD
></DL
></DIV
><H4
CLASS="SECT3"
><A
-NAME="LOGDIR"
+NAME="TRUST-INFO-URL"
></A
->7.1.2. logdir</H4
+>7.1.2. trust-info-url</H4
><P
></P
><DIV
>Specifies:</DT
><DD
><P
-> The directory where all logging takes place (i.e. where <TT
-CLASS="FILENAME"
->logfile</TT
-> and
- <TT
-CLASS="FILENAME"
->jarfile</TT
-> are located)
+> A URL to be displayed in the error page that users will see if access to an untrusted page is denied.
</P
></DD
><DT
>Type of value:</DT
><DD
><P
->Path name</P
+>URL</P
></DD
><DT
>Default value:</DT
><DD
><P
->/var/log/privoxy (Unix) <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->or</I
-></SPAN
-> <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> installation dir (Windows) </P
+>Two example URL are provided</P
></DD
><DT
>Effect if unset:</DT
><DD
><P
+> No links are displayed on the "untrusted" error page.
+ </P
+></DD
+><DT
+>Notes:</DT
+><DD
+><P
+> The value of this option only matters if the experimental trust mechanism has been
+ activated. (See <A
+HREF="config.html#TRUSTFILE"
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
->Mandatory</I
+>trustfile</I
></SPAN
-></P
-></DD
-><DT
->Notes:</DT
-><DD
+></A
+> above.)
+ </P
><P
-> No trailing <SPAN
-CLASS="QUOTE"
->"<TT
-CLASS="LITERAL"
->/</TT
->"</SPAN
->, please
+> If you use the trust mechanism, it is a good idea to write up some on-line
+ documentation about your trust policy and to specify the URL(s) here.
+ Use multiple times for multiple URLs.
+ </P
+><P
+> The URL(s) should be added to the trustfile as well, so users don't end up
+ locked out from the information on why they were locked out in the first place!
</P
></DD
></DL
><H4
CLASS="SECT3"
><A
-NAME="ACTIONSFILE"
-></A
->7.1.3. actionsfile</H4
-><A
-NAME="DEFAULT.ACTION"
-></A
-><A
-NAME="STANDARD.ACTION"
-></A
-><A
-NAME="USER.ACTION"
+NAME="ADMIN-ADDRESS"
></A
+>7.1.3. admin-address</H4
><P
></P
><DIV
>Specifies:</DT
><DD
><P
-> The <A
-HREF="actions-file.html"
->actions file(s)</A
-> to use
+> An email address to reach the proxy administrator.
</P
></DD
><DT
>Type of value:</DT
><DD
><P
->File name, relative to <TT
-CLASS="LITERAL"
->confdir</TT
->, without the <TT
-CLASS="LITERAL"
->.action</TT
-> suffix</P
+>Email address</P
></DD
><DT
->Default values:</DT
+>Default value:</DT
><DD
><P
-></P
-><TABLE
-BORDER="0"
-><TBODY
-><TR
-><TD
-> <P
-CLASS="LITERALLAYOUT"
-> standard # Internal purposes, no editing recommended</P
->
- </TD
-></TR
-><TR
-><TD
-> <P
-CLASS="LITERALLAYOUT"
-> default # Main actions file</P
->
- </TD
-></TR
-><TR
-><TD
-> <P
-CLASS="LITERALLAYOUT"
-> user # User customizations</P
->
- </TD
-></TR
-></TBODY
-></TABLE
-><P
+><SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>Unset</I
+></SPAN
></P
></DD
><DT
>Effect if unset:</DT
><DD
><P
-> No actions are taken at all. Simple neutral proxying.
+> No email address is displayed on error pages and the CGI user interface.
</P
></DD
><DT
>Notes:</DT
><DD
><P
-> Multiple <TT
+> If both <TT
CLASS="LITERAL"
->actionsfile</TT
-> lines are permitted, and are in fact recommended!
- </P
-><P
->
- The default values include standard.action, which is used for internal
- purposes and should be loaded, default.action, which is the
- <SPAN
-CLASS="QUOTE"
->"main"</SPAN
-> actions file maintained by the developers, and
- <TT
-CLASS="FILENAME"
->user.action</TT
->, where you can make your personal additions.
- </P
-><P
->
- Actions files are where all the per site and per URL configuration is done for
- ad blocking, cookie management, privacy considerations, etc.
- There is no point in using <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> without at
- least one actions file.
+>admin-address</TT
+> and <TT
+CLASS="LITERAL"
+>proxy-info-url</TT
+>
+ are unset, the whole "Local Privoxy Support" box on all generated pages will
+ not be shown.
</P
></DD
></DL
><H4
CLASS="SECT3"
><A
-NAME="FILTERFILE"
-></A
->7.1.4. filterfile</H4
-><A
-NAME="DEFAULT.FILTER"
+NAME="PROXY-INFO-URL"
></A
+>7.1.4. proxy-info-url</H4
><P
></P
><DIV
>Specifies:</DT
><DD
><P
-> The <A
-HREF="filter-file.html"
->filter file(s)</A
-> to use
+> A URL to documentation about the local <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> setup,
+ configuration or policies.
</P
></DD
><DT
>Type of value:</DT
><DD
><P
->File name, relative to <TT
-CLASS="LITERAL"
->confdir</TT
-></P
+>URL</P
></DD
><DT
>Default value:</DT
><DD
><P
->default.filter (Unix) <SPAN
+><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
->or</I
+>Unset</I
></SPAN
-> default.filter.txt (Windows)</P
+></P
></DD
><DT
>Effect if unset:</DT
><DD
><P
-> No textual content filtering takes place, i.e. all
- <TT
-CLASS="LITERAL"
->+<A
-HREF="actions-file.html#FILTER"
->filter</A
->{<TT
-CLASS="REPLACEABLE"
-><I
->name</I
-></TT
->}</TT
->
- actions in the actions files are turned neutral.
+> No link to local documentation is displayed on error pages and the CGI user interface.
</P
></DD
><DT
>Notes:</DT
><DD
><P
-> Multiple <TT
-CLASS="LITERAL"
->filterfiles</TT
-> lines are permitted.
- </P
-><P
-> The <A
-HREF="filter-file.html"
->filter files</A
-> contain content modification
- rules that use <A
-HREF="appendix.html#REGEX"
->regular expressions</A
->. These rules permit
- powerful changes on the content of Web pages, and optionally the headers
- as well, e.g., you could disable your favorite JavaScript annoyances,
- re-write the actual displayed text, or just have some fun replacing
- <SPAN
-CLASS="QUOTE"
->"Microsoft"</SPAN
-> with <SPAN
-CLASS="QUOTE"
->"MicroSuck"</SPAN
-> wherever it appears
- on a Web page.
- </P
-><P
-> The
- <TT
+> If both <TT
CLASS="LITERAL"
->+<A
-HREF="actions-file.html#FILTER"
->filter</A
->{<TT
-CLASS="REPLACEABLE"
-><I
->name</I
-></TT
->}</TT
->
- actions rely on the relevant filter (<TT
-CLASS="REPLACEABLE"
-><I
->name</I
-></TT
->)
- to be defined in a filter file!
- </P
-><P
-> A pre-defined filter file called <TT
-CLASS="FILENAME"
->default.filter</TT
-> that contains
- a number of useful filters for common problems is included in the distribution.
- See the section on the <TT
+>admin-address</TT
+> and <TT
CLASS="LITERAL"
-><A
-HREF="actions-file.html#FILTER"
->filter</A
-></TT
+>proxy-info-url</TT
>
- action for a list.
+ are unset, the whole "Local Privoxy Support" box on all generated pages will
+ not be shown.
</P
><P
-> It is recommended to place any locally adapted filters into a separate
- file, such as <TT
-CLASS="FILENAME"
->user.filter</TT
->.
+> This URL shouldn't be blocked ;-)
</P
></DD
></DL
></DIV
></DIV
+></DIV
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="CONF-LOG-LOC"
+></A
+>7.2. Configuration and Log File Locations</H2
+><P
+> <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> can (and normally does) use a number of
+ other files for additional configuration, help and logging.
+ This section of the configuration file tells <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+>
+ where to find those other files. </P
+><P
+> The user running <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+>, must have read
+ permission for all configuration files, and write permission to any files
+ that would be modified, such as log files and actions files.</P
><DIV
CLASS="SECT3"
><H4
CLASS="SECT3"
><A
-NAME="LOGFILE"
+NAME="CONFDIR"
></A
->7.1.5. logfile</H4
+>7.2.1. confdir</H4
><P
></P
><DIV
>Specifies:</DT
><DD
><P
-> The log file to use
- </P
+>The directory where the other configuration files are located</P
></DD
><DT
>Type of value:</DT
><DD
><P
->File name, relative to <TT
-CLASS="LITERAL"
->logdir</TT
-></P
+>Path name</P
></DD
><DT
>Default value:</DT
><DD
><P
->logfile (Unix) <SPAN
+>/etc/privoxy (Unix) <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>or</I
></SPAN
-> privoxy.log (Windows)</P
+> <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> installation dir (Windows) </P
></DD
><DT
>Effect if unset:</DT
><DD
><P
-> No log file is used, all log messages go to the console (<TT
-CLASS="LITERAL"
->STDERR</TT
->).
- </P
+><SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>Mandatory</I
+></SPAN
+></P
></DD
><DT
>Notes:</DT
><DD
><P
-> The logfile is where all logging and error messages are written. The level
- of detail and number of messages are set with the <TT
+> No trailing <SPAN
+CLASS="QUOTE"
+>"<TT
CLASS="LITERAL"
->debug</TT
->
- option (see below). The logfile can be useful for tracking down a problem with
- <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> (e.g., it's not blocking an ad you
- think it should block) but in most cases you probably will never look at it.
+>/</TT
+>"</SPAN
+>, please
</P
><P
-> Your logfile will grow indefinitely, and you will probably want to
- periodically remove it. On Unix systems, you can do this with a cron job
- (see <SPAN
+> When development goes modular and multi-user, the blocker, filter, and
+ per-user config will be stored in subdirectories of <SPAN
CLASS="QUOTE"
->"man cron"</SPAN
->). For Red Hat, a <B
-CLASS="COMMAND"
->logrotate</B
->
- script has been included.
+>"confdir"</SPAN
+>.
+ For now, the configuration directory structure is flat, except for
+ <TT
+CLASS="FILENAME"
+>confdir/templates</TT
+>, where the HTML templates for CGI
+ output reside (e.g. <SPAN
+CLASS="APPLICATION"
+>Privoxy's</SPAN
+> 404 error page).
</P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><H4
+CLASS="SECT3"
+><A
+NAME="LOGDIR"
+></A
+>7.2.2. logdir</H4
><P
-> On SuSE Linux systems, you can place a line like <SPAN
-CLASS="QUOTE"
->"/var/log/privoxy.*
- +1024k 644 nobody.nogroup"</SPAN
-> in <TT
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>Specifies:</DT
+><DD
+><P
+> The directory where all logging takes place (i.e. where <TT
CLASS="FILENAME"
->/etc/logfiles</TT
->, with
- the effect that cron.daily will automatically archive, gzip, and empty the
- log, when it exceeds 1M size.
+>logfile</TT
+> and
+ <TT
+CLASS="FILENAME"
+>jarfile</TT
+> are located)
</P
+></DD
+><DT
+>Type of value:</DT
+><DD
><P
-> Any log files must be writable by whatever user <SPAN
+>Path name</P
+></DD
+><DT
+>Default value:</DT
+><DD
+><P
+>/var/log/privoxy (Unix) <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>or</I
+></SPAN
+> <SPAN
CLASS="APPLICATION"
>Privoxy</SPAN
->
- is being run as (default on UNIX, user id is <SPAN
+> installation dir (Windows) </P
+></DD
+><DT
+>Effect if unset:</DT
+><DD
+><P
+><SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>Mandatory</I
+></SPAN
+></P
+></DD
+><DT
+>Notes:</DT
+><DD
+><P
+> No trailing <SPAN
CLASS="QUOTE"
->"privoxy"</SPAN
->).
+>"<TT
+CLASS="LITERAL"
+>/</TT
+>"</SPAN
+>, please
</P
></DD
></DL
><H4
CLASS="SECT3"
><A
-NAME="JARFILE"
+NAME="ACTIONSFILE"
+></A
+>7.2.3. actionsfile</H4
+><A
+NAME="DEFAULT.ACTION"
+></A
+><A
+NAME="STANDARD.ACTION"
+></A
+><A
+NAME="USER.ACTION"
></A
->7.1.6. jarfile</H4
><P
></P
><DIV
>Specifies:</DT
><DD
><P
-> The file to store intercepted cookies in
+> The <A
+HREF="actions-file.html"
+>actions file(s)</A
+> to use
</P
></DD
><DT
><P
>File name, relative to <TT
CLASS="LITERAL"
->logdir</TT
-></P
+>confdir</TT
+>, without the <TT
+CLASS="LITERAL"
+>.action</TT
+> suffix</P
></DD
><DT
->Default value:</DT
+>Default values:</DT
><DD
><P
->jarfile (Unix) <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->or</I
-></SPAN
-> privoxy.jar (Windows)</P
+></P
+><TABLE
+BORDER="0"
+><TBODY
+><TR
+><TD
+> <P
+CLASS="LITERALLAYOUT"
+> standard # Internal purposes, no editing recommended</P
+>
+ </TD
+></TR
+><TR
+><TD
+> <P
+CLASS="LITERALLAYOUT"
+> default # Main actions file</P
+>
+ </TD
+></TR
+><TR
+><TD
+> <P
+CLASS="LITERALLAYOUT"
+> user # User customizations</P
+>
+ </TD
+></TR
+></TBODY
+></TABLE
+><P
+></P
></DD
><DT
>Effect if unset:</DT
><DD
><P
-> Intercepted cookies are not stored at all.
+> No actions are taken at all. Simple neutral proxying.
</P
></DD
><DT
>Notes:</DT
><DD
><P
-> The jarfile may grow to ridiculous sizes over time.
+> Multiple <TT
+CLASS="LITERAL"
+>actionsfile</TT
+> lines are permitted, and are in fact recommended!
+ </P
+><P
+>
+ The default values include standard.action, which is used for internal
+ purposes and should be loaded, default.action, which is the
+ <SPAN
+CLASS="QUOTE"
+>"main"</SPAN
+> actions file maintained by the developers, and
+ <TT
+CLASS="FILENAME"
+>user.action</TT
+>, where you can make your personal additions.
+ </P
+><P
+>
+ Actions files are where all the per site and per URL configuration is done for
+ ad blocking, cookie management, privacy considerations, etc.
+ There is no point in using <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> without at
+ least one actions file.
</P
></DD
></DL
><H4
CLASS="SECT3"
><A
-NAME="TRUSTFILE"
+NAME="FILTERFILE"
+></A
+>7.2.4. filterfile</H4
+><A
+NAME="DEFAULT.FILTER"
></A
->7.1.7. trustfile</H4
><P
></P
><DIV
>Specifies:</DT
><DD
><P
-> The trust file to use
+> The <A
+HREF="filter-file.html"
+>filter file(s)</A
+> to use
</P
></DD
><DT
>Default value:</DT
><DD
><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->Unset (commented out)</I
-></SPAN
->. When activated: trust (Unix) <SPAN
+>default.filter (Unix) <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>or</I
></SPAN
-> trust.txt (Windows)</P
+> default.filter.txt (Windows)</P
></DD
><DT
>Effect if unset:</DT
><DD
><P
-> The entire trust mechanism is turned off.
+> No textual content filtering takes place, i.e. all
+ <TT
+CLASS="LITERAL"
+>+<A
+HREF="actions-file.html#FILTER"
+>filter</A
+>{<TT
+CLASS="REPLACEABLE"
+><I
+>name</I
+></TT
+>}</TT
+>
+ actions in the actions files are turned neutral.
</P
></DD
><DT
>Notes:</DT
><DD
><P
-> The trust mechanism is an experimental feature for building white-lists and should
- be used with care. It is <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->NOT</I
-></SPAN
-> recommended for the casual user.
+> Multiple <TT
+CLASS="LITERAL"
+>filterfile</TT
+> lines are permitted.
</P
><P
-> If you specify a trust file, <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> will only allow
- access to sites that are specified in the trustfile. Sites can be listed
- in one of two ways:
+> The <A
+HREF="filter-file.html"
+>filter files</A
+> contain content modification
+ rules that use <A
+HREF="appendix.html#REGEX"
+>regular expressions</A
+>. These rules permit
+ powerful changes on the content of Web pages, and optionally the headers
+ as well, e.g., you could disable your favorite JavaScript annoyances,
+ re-write the actual displayed text, or just have some fun
+ playing buzzword bingo with web pages.
</P
><P
-> Prepending a <TT
-CLASS="LITERAL"
->~</TT
-> character limits access to this site
- only (and any sub-paths within this site), e.g.
+> The
<TT
CLASS="LITERAL"
->~www.example.com</TT
->.
- </P
-><P
-> Or, you can designate sites as <SPAN
-CLASS="emphasis"
+>+<A
+HREF="actions-file.html#FILTER"
+>filter</A
+>{<TT
+CLASS="REPLACEABLE"
><I
-CLASS="EMPHASIS"
->trusted referrers</I
-></SPAN
->, by
- prepending the name with a <TT
-CLASS="LITERAL"
->+</TT
-> character. The effect is that
- access to untrusted sites will be granted -- but only if a link from this
- trusted referrer was used. The link target will then be added to the
- <SPAN
-CLASS="QUOTE"
->"trustfile"</SPAN
-> so that future, direct accesses will be granted.
- Sites added via this mechanism do not become trusted referrers themselves
- (i.e. they are added with a <TT
-CLASS="LITERAL"
->~</TT
-> designation).
- </P
-><P
-> If you use the <TT
-CLASS="LITERAL"
->+</TT
-> operator in the trust file, it may grow
- considerably over time.
+>name</I
+></TT
+>}</TT
+>
+ actions rely on the relevant filter (<TT
+CLASS="REPLACEABLE"
+><I
+>name</I
+></TT
+>)
+ to be defined in a filter file!
</P
><P
-> It is recommended that <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> be compiled with
- the <TT
-CLASS="LITERAL"
->--disable-force</TT
->, <TT
-CLASS="LITERAL"
->--disable-toggle</TT
-> and
- <TT
+> A pre-defined filter file called <TT
+CLASS="FILENAME"
+>default.filter</TT
+> that contains
+ a number of useful filters for common problems is included in the distribution.
+ See the section on the <TT
CLASS="LITERAL"
-> --disable-editor</TT
-> options, if this feature is to be
- used.
+><A
+HREF="actions-file.html#FILTER"
+>filter</A
+></TT
+>
+ action for a list.
</P
><P
-> Possible applications include limiting Internet access for children.
+> It is recommended to place any locally adapted filters into a separate
+ file, such as <TT
+CLASS="FILENAME"
+>user.filter</TT
+>.
</P
></DD
></DL
></DIV
></DIV
-></DIV
-><DIV
-CLASS="SECT2"
-><H2
-CLASS="SECT2"
-><A
-NAME="LOCAL-SET-UP"
-></A
->7.2. Local Set-up Documentation</H2
-><P
-> If you intend to operate <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> for more users
- than just yourself, it might be a good idea to let them know how to reach
- you, what you block and why you do that, your policies, etc.
- </P
><DIV
CLASS="SECT3"
><H4
CLASS="SECT3"
><A
-NAME="USER-MANUAL"
+NAME="LOGFILE"
></A
->7.2.1. user-manual</H4
+>7.2.5. logfile</H4
><P
></P
><DIV
>Specifies:</DT
><DD
><P
-> Location of the <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> User Manual.
+> The log file to use
</P
></DD
><DT
>Type of value:</DT
><DD
><P
->A fully qualified URI</P
+>File name, relative to <TT
+CLASS="LITERAL"
+>logdir</TT
+></P
></DD
><DT
>Default value:</DT
><DD
><P
-><SPAN
+>logfile (Unix) <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
->Unset</I
+>or</I
></SPAN
-></P
+> privoxy.log (Windows)</P
></DD
><DT
>Effect if unset:</DT
><DD
><P
-> <A
-HREF="http://www.privoxy.org/user-manual/"
-TARGET="_top"
->http://www.privoxy.org/<TT
-CLASS="REPLACEABLE"
-><I
->version</I
-></TT
->/user-manual/</A
->
- will be used, where <TT
-CLASS="REPLACEABLE"
-><I
->version</I
-></TT
-> is the <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> version.
+> No log file is used, all log messages go to the console (<TT
+CLASS="LITERAL"
+>STDERR</TT
+>).
</P
></DD
><DT
>Notes:</DT
><DD
><P
-> The User Manual URI is used for help links from some of the internal CGI pages.
- The manual itself is normally packaged with the binary distributions, so you probably want
- to set this to a locally installed copy. For multi-user setups, you could provide a copy on
- a local webserver for all your users and use the corresponding URL here.
+> The logfile is where all logging and error messages are written. The level
+ of detail and number of messages are set with the <TT
+CLASS="LITERAL"
+>debug</TT
+>
+ option (see below). The logfile can be useful for tracking down a problem with
+ <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> (e.g., it's not blocking an ad you
+ think it should block) but in most cases you probably will never look at it.
</P
><P
-> Examples:
+> Your logfile will grow indefinitely, and you will probably want to
+ periodically remove it. On Unix systems, you can do this with a cron job
+ (see <SPAN
+CLASS="QUOTE"
+>"man cron"</SPAN
+>). For Red Hat, a <B
+CLASS="COMMAND"
+>logrotate</B
+>
+ script has been included.
</P
><P
-> Unix, in local filesystem:
- </P
-><P
-> <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
-> user-manual file:///usr/share/doc/privoxy-3.0.4/user-manual/</PRE
-></TD
-></TR
-></TABLE
->
- </P
-><P
-> Windows, in local filesystem, <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->must</I
-></SPAN
-> use forward slash notation:
- </P
-><P
-> <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
-> user-manual file:/c:/some-dir/privoxy-3.0.4/user-manual/</PRE
-></TD
-></TR
-></TABLE
->
- </P
-><P
-> Windows, UNC notation (with forward slashes):
- </P
-><P
-> <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
-> user-manual file://///some-server/some-path/privoxy-3.0.4/user-manual/</PRE
-></TD
-></TR
-></TABLE
->
- </P
-><P
-> Any platform, on local webserver (called <SPAN
+> On SuSE Linux systems, you can place a line like <SPAN
CLASS="QUOTE"
->"local-webserver"</SPAN
->):
- </P
+>"/var/log/privoxy.*
+ +1024k 644 nobody.nogroup"</SPAN
+> in <TT
+CLASS="FILENAME"
+>/etc/logfiles</TT
+>, with
+ the effect that cron.daily will automatically archive, gzip, and empty the
+ log, when it exceeds 1M size.
+ </P
><P
-> <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
-> user-manual http://local-webserver/privoxy-user-manual/</PRE
-></TD
-></TR
-></TABLE
+> Any log files must be writable by whatever user <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
>
- </P
-><DIV
-CLASS="WARNING"
-><P
-></P
-><TABLE
-CLASS="WARNING"
-BORDER="1"
-WIDTH="90%"
-><TR
-><TD
-ALIGN="CENTER"
-><B
->Warning</B
-></TD
-></TR
-><TR
-><TD
-ALIGN="LEFT"
-><P
-> If set, this option should be <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->the first option in the config
- file</I
-></SPAN
->, because it is used while the config file is being read.
+ is being run as (default on UNIX, user id is <SPAN
+CLASS="QUOTE"
+>"privoxy"</SPAN
+>).
</P
-></TD
-></TR
-></TABLE
-></DIV
></DD
></DL
></DIV
><H4
CLASS="SECT3"
><A
-NAME="TRUST-INFO-URL"
+NAME="JARFILE"
></A
->7.2.2. trust-info-url</H4
+>7.2.6. jarfile</H4
><P
></P
><DIV
>Specifies:</DT
><DD
><P
-> A URL to be displayed in the error page that users will see if access to an untrusted page is denied.
+> The file to store intercepted cookies in
</P
></DD
><DT
>Type of value:</DT
><DD
><P
->URL</P
+>File name, relative to <TT
+CLASS="LITERAL"
+>logdir</TT
+></P
></DD
><DT
>Default value:</DT
><DD
><P
->Two example URL are provided</P
+>Unset (commented out). When activated: jarfile (Unix) <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>or</I
+></SPAN
+> privoxy.jar (Windows)</P
></DD
><DT
>Effect if unset:</DT
><DD
><P
-> No links are displayed on the "untrusted" error page.
+> Intercepted cookies are not stored in a dedicated log file.
</P
></DD
><DT
>Notes:</DT
><DD
><P
-> The value of this option only matters if the experimental trust mechanism has been
- activated. (See <A
-HREF="config.html#TRUSTFILE"
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->trustfile</I
-></SPAN
-></A
-> above.)
- </P
-><P
-> If you use the trust mechanism, it is a good idea to write up some on-line
- documentation about your trust policy and to specify the URL(s) here.
- Use multiple times for multiple URLs.
+> The jarfile may grow to ridiculous sizes over time.
</P
><P
-> The URL(s) should be added to the trustfile as well, so users don't end up
- locked out from the information on why they were locked out in the first place!
+> If debug 8 (show header parsing) is enabled, cookies are
+ written to the logfile with the rest of the headers.
</P
></DD
></DL
><H4
CLASS="SECT3"
><A
-NAME="ADMIN-ADDRESS"
+NAME="TRUSTFILE"
></A
->7.2.3. admin-address</H4
+>7.2.7. trustfile</H4
><P
></P
><DIV
>Specifies:</DT
><DD
><P
-> An email address to reach the proxy administrator.
+> The trust file to use
</P
></DD
><DT
>Type of value:</DT
><DD
><P
->Email address</P
+>File name, relative to <TT
+CLASS="LITERAL"
+>confdir</TT
+></P
></DD
><DT
>Default value:</DT
CLASS="emphasis"
><I
CLASS="EMPHASIS"
->Unset</I
+>Unset (commented out)</I
></SPAN
-></P
+>. When activated: trust (Unix) <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>or</I
+></SPAN
+> trust.txt (Windows)</P
></DD
><DT
>Effect if unset:</DT
><DD
><P
-> No email address is displayed on error pages and the CGI user interface.
+> The entire trust mechanism is turned off.
</P
></DD
><DT
>Notes:</DT
><DD
><P
-> If both <TT
-CLASS="LITERAL"
->admin-address</TT
-> and <TT
-CLASS="LITERAL"
->proxy-info-url</TT
->
- are unset, the whole "Local Privoxy Support" box on all generated pages will
- not be shown.
- </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><H4
-CLASS="SECT3"
-><A
-NAME="PROXY-INFO-URL"
-></A
->7.2.4. proxy-info-url</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->Specifies:</DT
-><DD
+> The trust mechanism is an experimental feature for building white-lists and should
+ be used with care. It is <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>NOT</I
+></SPAN
+> recommended for the casual user.
+ </P
><P
-> A URL to documentation about the local <SPAN
+> If you specify a trust file, <SPAN
CLASS="APPLICATION"
>Privoxy</SPAN
-> setup,
- configuration or policies.
+> will only allow
+ access to sites that are specified in the trustfile. Sites can be listed
+ in one of two ways:
</P
-></DD
-><DT
->Type of value:</DT
-><DD
><P
->URL</P
-></DD
-><DT
->Default value:</DT
-><DD
+> Prepending a <TT
+CLASS="LITERAL"
+>~</TT
+> character limits access to this site
+ only (and any sub-paths within this site), e.g.
+ <TT
+CLASS="LITERAL"
+>~www.example.com</TT
+>.
+ </P
><P
-><SPAN
+> Or, you can designate sites as <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
->Unset</I
+>trusted referrers</I
></SPAN
-></P
-></DD
-><DT
->Effect if unset:</DT
-><DD
+>, by
+ prepending the name with a <TT
+CLASS="LITERAL"
+>+</TT
+> character. The effect is that
+ access to untrusted sites will be granted -- but only if a link from this
+ trusted referrer was used. The link target will then be added to the
+ <SPAN
+CLASS="QUOTE"
+>"trustfile"</SPAN
+> so that future, direct accesses will be granted.
+ Sites added via this mechanism do not become trusted referrers themselves
+ (i.e. they are added with a <TT
+CLASS="LITERAL"
+>~</TT
+> designation).
+ </P
><P
-> No link to local documentation is displayed on error pages and the CGI user interface.
+> If you use the <TT
+CLASS="LITERAL"
+>+</TT
+> operator in the trust file, it may grow
+ considerably over time.
</P
-></DD
-><DT
->Notes:</DT
-><DD
><P
-> If both <TT
+> It is recommended that <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> be compiled with
+ the <TT
CLASS="LITERAL"
->admin-address</TT
-> and <TT
+>--disable-force</TT
+>, <TT
CLASS="LITERAL"
->proxy-info-url</TT
->
- are unset, the whole "Local Privoxy Support" box on all generated pages will
- not be shown.
+>--disable-toggle</TT
+> and
+ <TT
+CLASS="LITERAL"
+> --disable-editor</TT
+> options, if this feature is to be
+ used.
</P
><P
-> This URL shouldn't be blocked ;-)
+> Possible applications include limiting Internet access for children.
</P
></DD
></DL
><H4
CLASS="SECT3"
><A
+NAME="ENABLE-REMOTE-HTTP-TOGGLE"
+></A
+>7.4.4. enable-remote-http-toggle</H4
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>Specifies:</DT
+><DD
+><P
+> Whether or not Privoxy recognizes special HTTP headers to change its behaviour.
+ </P
+></DD
+><DT
+>Type of value:</DT
+><DD
+><P
+>0 or 1</P
+></DD
+><DT
+>Default value:</DT
+><DD
+><P
+>1</P
+></DD
+><DT
+>Effect if unset:</DT
+><DD
+><P
+> Privoxy ignores special HTTP headers.
+ </P
+></DD
+><DT
+>Notes:</DT
+><DD
+><P
+> When toggled on, the client can change <SPAN
+CLASS="APPLICATION"
+>Privoxy's</SPAN
+>
+ behaviour by setting special HTTP headers. Currently the only supported
+ special header is <SPAN
+CLASS="QUOTE"
+>"X-Filter: No"</SPAN
+>, to disable filtering for
+ the ongoing request, even if it is enabled in one of the action files.
+ </P
+><P
+> If you are using <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> in a
+ multi-user environment or with untrustworthy clients and want to
+ enforce filtering, you will have to disable this option,
+ otherwise you can ignore it.
+ </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><H4
+CLASS="SECT3"
+><A
NAME="ENABLE-EDIT-ACTIONS"
></A
->7.4.4. enable-edit-actions</H4
+>7.4.5. enable-edit-actions</H4
><P
></P
><DIV
><A
NAME="ACLS"
></A
->7.4.5. ACLs: permit-access and deny-access</H4
+>7.4.6. ACLs: permit-access and deny-access</H4
><A
NAME="PERMIT-ACCESS"
></A
><A
NAME="BUFFER-LIMIT"
></A
->7.4.6. buffer-limit</H4
+>7.4.7. buffer-limit</H4
><P
></P
><DIV
></TD
></TR
></TABLE
+>
+ </P
+><P
+> To chain Privoxy and Tor, both running on the same system, you should use
+ the rule:
+ </P
+><P
+> <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+> forward-socks4 / 127.0.0.1:9050 .</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+><P
+> The public <SPAN
+CLASS="APPLICATION"
+>Tor</SPAN
+> network can't be used to reach your local network,
+ therefore it's a good idea to make some exceptions:
+ </P
+><P
+> <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+> forward 192.168.*.*/ .
+ forward 10.*.*.*/ .
+ forward 127.*.*.*/ .</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+><P
+> Unencrypted connections to systems in these address ranges will
+ be as (un)secure as the local network is, but the alternative is that you
+ can't reach the network at all.
+ </P
+><P
+> If you also want to be able to reach servers in your local network by
+ using their names, you will need additional exceptions that look like
+ this:
+ </P
+><P
+> <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+> forward localhost/ .</PRE
+></TD
+></TR
+></TABLE
>
</P
></DD
></TABLE
> </P
></DIV
+><DIV
+CLASS="SECT3"
+><H4
+CLASS="SECT3"
+><A
+NAME="FORWARDED-CONNECT-RETRIES"
+></A
+>7.5.4. forwarded-connect-retries</H4
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>Specifies:</DT
+><DD
+><P
+> How often Privoxy retries if a forwarded connection request fails.
+ </P
+></DD
+><DT
+>Type of value:</DT
+><DD
+><P
+> <TT
+CLASS="REPLACEABLE"
+><I
+>Number of retries.</I
+></TT
+>
+ </P
+></DD
+><DT
+>Default value:</DT
+><DD
+><P
+><SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>0</I
+></SPAN
+></P
+></DD
+><DT
+>Effect if unset:</DT
+><DD
+><P
+> Forwarded connections are treated like direct connections and no retry attempts are made.
+ </P
+></DD
+><DT
+>Notes:</DT
+><DD
+><P
+> <TT
+CLASS="REPLACEABLE"
+><I
+>forwarded-connect-retries</I
+></TT
+> is mainly interesting
+ for socks4a connections, where Privoxy can't detect why the connections failed.
+ The connection might have failed because of a DNS timeout in which case a retry makes sense,
+ but it might also have failed because the server doesn't exist or isn't reachable. In this
+ case the retry will just delay the appearance of Privoxy's error message.
+ </P
+><P
+> Only use this option, if you are getting many forwarding related error messages,
+ that go away when you try again manually. Start with a small value and check Privoxy's
+ logfile from time to time, to see how many retries are usually needed.
+ </P
+></DD
+><DT
+>Examples:</DT
+><DD
+><P
+> forwarded-connect-retries 1
+ </P
+></DD
+></DL
+></DIV
+></DIV
></DIV
><DIV
CLASS="SECT2"
projects / privoxy.git / blobdiff