>The Main Configuration File</TITLE
><META
NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.64
+CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK
REL="HOME"
-TITLE="Privoxy User Manual"
+TITLE="Privoxy 3.0.4 User Manual"
HREF="index.html"><LINK
REL="PREVIOUS"
TITLE="Privoxy Configuration"
><DIV
CLASS="NAVHEADER"
><TABLE
+SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
><TH
COLSPAN="3"
ALIGN="center"
->Privoxy User Manual</TH
+>Privoxy 3.0.4 User Manual</TH
></TR
><TR
><TD
VALIGN="bottom"
><A
HREF="configuration.html"
+ACCESSKEY="P"
>Prev</A
></TD
><TD
VALIGN="bottom"
><A
HREF="actions-file.html"
+ACCESSKEY="N"
>Next</A
></TD
></TR
CLASS="SECT1"
><A
NAME="CONFIG"
->8. The Main Configuration File</A
-></H1
+></A
+>7. The Main Configuration File</H1
><P
> Again, the main configuration file is named <TT
CLASS="FILENAME"
CLASS="LITERAL"
> <P
CLASS="LITERALLAYOUT"
-> <I
+> <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>confdir /etc/privoxy</I
-><br>
- </P
+></SPAN
+></P
>
</TT
> </P
CLASS="SECT2"
><A
NAME="CONF-LOG-LOC"
->8.1. Configuration and Log File Locations</A
-></H2
+></A
+>7.1. Configuration and Log File Locations</H2
><P
> <SPAN
CLASS="APPLICATION"
>Privoxy</SPAN
>
where to find those other files. </P
+><P
+> The user running <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+>, must have read
+ permission for all configuration files, and write permission to any files
+ that would be modified, such as log files and actions files.</P
><DIV
CLASS="SECT3"
><H4
CLASS="SECT3"
><A
NAME="CONFDIR"
->8.1.1. confdir</A
-></H4
+></A
+>7.1.1. confdir</H4
><P
></P
><DIV
>Default value:</DT
><DD
><P
->/etc/privoxy (Unix) <I
+>/etc/privoxy (Unix) <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>or</I
+></SPAN
> <SPAN
CLASS="APPLICATION"
>Privoxy</SPAN
>Effect if unset:</DT
><DD
><P
+><SPAN
+CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Mandatory</I
+></SPAN
></P
></DD
><DT
CLASS="SECT3"
><A
NAME="LOGDIR"
->8.1.2. logdir</A
-></H4
+></A
+>7.1.2. logdir</H4
><P
></P
><DIV
>Default value:</DT
><DD
><P
->/var/log/privoxy (Unix) <I
+>/var/log/privoxy (Unix) <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>or</I
+></SPAN
> <SPAN
CLASS="APPLICATION"
>Privoxy</SPAN
>Effect if unset:</DT
><DD
><P
+><SPAN
+CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Mandatory</I
+></SPAN
></P
></DD
><DT
CLASS="SECT3"
><A
NAME="ACTIONSFILE"
->8.1.3. actionsfile</A
-></H4
+></A
+>7.1.3. actionsfile</H4
><A
NAME="DEFAULT.ACTION"
></A
><DD
><P
> The <A
-HREF="actions-file.html#ACTIONS"
->actions</A
-> file(s) to use
+HREF="actions-file.html"
+>actions file(s)</A
+> to use
</P
></DD
><DT
>File name, relative to <TT
CLASS="LITERAL"
>confdir</TT
-></P
+>, without the <TT
+CLASS="LITERAL"
+>.action</TT
+> suffix</P
></DD
><DT
->Default value:</DT
+>Default values:</DT
><DD
><P
></P
><TD
> <P
CLASS="LITERALLAYOUT"
-> standard # Internal purposes, recommended not editing</P
+> standard # Internal purposes, no editing recommended</P
>
</TD
></TR
CLASS="SECT3"
><A
NAME="FILTERFILE"
->8.1.4. filterfile</A
-></H4
+></A
+>7.1.4. filterfile</H4
><A
NAME="DEFAULT.FILTER"
></A
><DD
><P
> The <A
-HREF="actions-file.html#FILTER"
->filter</A
-> file to use
+HREF="filter-file.html"
+>filter file</A
+> to use
</P
></DD
><DT
>Default value:</DT
><DD
><P
->default.filter (Unix) <I
+>default.filter (Unix) <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>or</I
+></SPAN
> default.filter.txt (Windows)</P
></DD
><DT
> No textual content filtering takes place, i.e. all
<TT
CLASS="LITERAL"
->+filter{<TT
+>+<A
+HREF="actions-file.html#FILTER"
+>filter</A
+>{<TT
CLASS="REPLACEABLE"
><I
>name</I
></TT
>}</TT
>
- actions in the actions files are turned off
+ actions in the actions files are turned neutral.
</P
></DD
><DT
>Notes:</DT
><DD
><P
-> The <SPAN
-CLASS="QUOTE"
->"default.filter"</SPAN
-> file contains content modification rules
- that use <SPAN
-CLASS="QUOTE"
->"regular expressions"</SPAN
->. These rules permit powerful
- changes on the content of Web pages, e.g., you could disable your favorite
+> The <A
+HREF="filter-file.html"
+>filter file</A
+> contains content modification
+ rules that use <A
+HREF="appendix.html#REGEX"
+>regular expressions</A
+>. These rules permit
+ powerful changes on the content of Web pages, e.g., you could disable your favorite
JavaScript annoyances, re-write the actual displayed text, or just have some
fun replacing <SPAN
CLASS="QUOTE"
> wherever
it appears on a Web page.
</P
+><P
+> The
+ <TT
+CLASS="LITERAL"
+>+<A
+HREF="actions-file.html#FILTER"
+>filter</A
+>{<TT
+CLASS="REPLACEABLE"
+><I
+>name</I
+></TT
+>}</TT
+>
+ actions rely on the relevant filter (<TT
+CLASS="REPLACEABLE"
+><I
+>name</I
+></TT
+>)
+ to be defined in the filter file!
+ </P
+><P
+> A pre-defined filter file called <TT
+CLASS="FILENAME"
+>default.filter</TT
+> that contains
+ a bunch of handy filters for common problems is included in the distribution.
+ See the section on the <TT
+CLASS="LITERAL"
+><A
+HREF="actions-file.html#FILTER"
+>filter</A
+></TT
+>
+ action for a list.
+ </P
></DD
></DL
></DIV
CLASS="SECT3"
><A
NAME="LOGFILE"
->8.1.5. logfile</A
-></H4
+></A
+>7.1.5. logfile</H4
><P
></P
><DIV
>Default value:</DT
><DD
><P
->logfile (Unix) <I
+>logfile (Unix) <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>or</I
+></SPAN
> privoxy.log (Windows)</P
></DD
><DT
><P
> No log file is used, all log messages go to the console (<TT
CLASS="LITERAL"
->stderr</TT
+>STDERR</TT
>).
</P
></DD
>Notes:</DT
><DD
><P
-> The windows version will additionally log to the console.
- </P
-><P
> The logfile is where all logging and error messages are written. The level
of detail and number of messages are set with the <TT
CLASS="LITERAL"
the effect that cron.daily will automatically archive, gzip, and empty the
log, when it exceeds 1M size.
</P
+><P
+> Any log files must be writable by whatever user <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+>
+ is being run as (default on UNIX, user id is <SPAN
+CLASS="QUOTE"
+>"privoxy"</SPAN
+>).
+ </P
></DD
></DL
></DIV
CLASS="SECT3"
><A
NAME="JARFILE"
->8.1.6. jarfile</A
-></H4
+></A
+>7.1.6. jarfile</H4
><P
></P
><DIV
>Default value:</DT
><DD
><P
->jarfile (Unix) <I
+>jarfile (Unix) <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>or</I
+></SPAN
> privoxy.jar (Windows)</P
></DD
><DT
CLASS="SECT3"
><A
NAME="TRUSTFILE"
->8.1.7. trustfile</A
-></H4
+></A
+>7.1.7. trustfile</H4
><P
></P
><DIV
>Default value:</DT
><DD
><P
+><SPAN
+CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Unset (commented out)</I
->. When activated: trust (Unix) <I
+></SPAN
+>. When activated: trust (Unix) <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>or</I
+></SPAN
> trust.txt (Windows)</P
></DD
><DT
>Effect if unset:</DT
><DD
><P
-> The whole trust mechanism is turned off.
+> The entire trust mechanism is turned off.
</P
></DD
><DT
><DD
><P
> The trust mechanism is an experimental feature for building white-lists and should
- be used with care. It is <I
+ be used with care. It is <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>NOT</I
+></SPAN
> recommended for the casual user.
</P
><P
CLASS="APPLICATION"
>Privoxy</SPAN
> will only allow
- access to sites that are named in the trustfile.
- You can also mark sites as trusted referrers (with <TT
+ access to sites that are specified in the trustfile. Sites can be listed
+ in one of two ways:
+ </P
+><P
+> Prepending a <TT
+CLASS="LITERAL"
+>~</TT
+> character limits access to this site
+ only (and any sub-paths within this site), e.g.
+ <TT
+CLASS="LITERAL"
+>~www.example.com</TT
+>.
+ </P
+><P
+> Or, you can designate sites as <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>trusted referrers</I
+></SPAN
+>, by
+ prepending the name with a <TT
CLASS="LITERAL"
>+</TT
->), with
- the effect that access to untrusted sites will be granted, if a link from a
- trusted referrer was used.
- The link target will then be added to the <SPAN
+> character. The effect is that
+ access to untrusted sites will be granted -- but only if a link from this
+ trusted referrer was used. The link target will then be added to the
+ <SPAN
CLASS="QUOTE"
>"trustfile"</SPAN
->.
- Possible applications include limiting Internet access for children.
+> so that future, direct accesses will be granted.
+ Sites added via this mechanism do not become trusted referrers themselves
+ (i.e. they are added with a <TT
+CLASS="LITERAL"
+>~</TT
+> designation).
</P
><P
-> If you use <TT
+> If you use the <TT
CLASS="LITERAL"
>+</TT
-> operator in the trust file, it may grow considerably over time.
+> operator in the trust file, it may grow
+ considerably over time.
+ </P
+><P
+> It is recommended that <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> be compiled with
+ the <TT
+CLASS="LITERAL"
+>--disable-force</TT
+>, <TT
+CLASS="LITERAL"
+>--disable-toggle</TT
+> and
+ <TT
+CLASS="LITERAL"
+> --disable-editor</TT
+> options, if this feature is to be
+ used.
+ </P
+><P
+> Possible applications include limiting Internet access for children.
</P
></DD
></DL
></DIV
></DIV
+></DIV
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="LOCAL-SET-UP"
+></A
+>7.2. Local Set-up Documentation</H2
+><P
+> If you intend to operate <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> for more users
+ than just yourself, it might be a good idea to let them know how to reach
+ you, what you block and why you do that, your policies, etc.
+ </P
><DIV
CLASS="SECT3"
><H4
CLASS="SECT3"
><A
NAME="USER-MANUAL"
->8.1.8. user-manual</A
-></H4
+></A
+>7.2.1. user-manual</H4
><P
></P
><DIV
>Default value:</DT
><DD
><P
-><A
-HREF="http://www.privoxy.org/user-manual/"
-TARGET="_top"
->http://www.privoxy.org/user-manual/</A
+><SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>Unset</I
+></SPAN
></P
></DD
><DT
>Effect if unset:</DT
><DD
><P
-> The default will be used.
+> <A
+HREF="http://www.privoxy.org/user-manual/"
+TARGET="_top"
+>http://www.privoxy.org/<TT
+CLASS="REPLACEABLE"
+><I
+>version</I
+></TT
+>/user-manual/</A
+>
+ will be used, where <TT
+CLASS="REPLACEABLE"
+><I
+>version</I
+></TT
+> is the <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> version.
</P
></DD
><DT
>Notes:</DT
><DD
><P
-> The User Manual is used for help hints from some of the internal CGI pages.
- It is normally packaged with the binary distributions, and would make more
- sense to have this pointed at a locally installed copy.
+> The User Manual URI is used for help links from some of the internal CGI pages.
+ The manual itself is normally packaged with the binary distributions, so you probably want
+ to set this to a locally installed copy. For multi-user setups, you could provide a copy on
+ a local webserver for all your users and use the corresponding URL here.
</P
><P
-> A more useful example (Unix):
+> Examples:
</P
><P
->
- Â Â <I
+> Unix, in local filesystem:
+ </P
+><P
+> <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>  user-manual  file:///usr/share/doc/privoxy-3.0.4/user-manual/</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+><P
+> Windows, in local filesystem, <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
->user-manual  file:///usr/share/doc/privoxy-2.9.14/user-manual/</I
+>must</I
+></SPAN
+> use forward slash notation:
+ </P
+><P
+> <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>  user-manual  file:/c:/some-dir/privoxy-3.0.4/user-manual/</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+><P
+> Windows, UNC notation (with forward slashes):
+ </P
+><P
+> <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>  user-manual  file://///some-server/some-path/privoxy-3.0.4/user-manual/</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+><P
+> Any platform, on local webserver (called <SPAN
+CLASS="QUOTE"
+>"local-webserver"</SPAN
+>):
+ </P
+><P
+> <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>  user-manual  http://local-webserver/privoxy-user-manual/</PRE
+></TD
+></TR
+></TABLE
>
</P
+><DIV
+CLASS="WARNING"
+><P
+></P
+><TABLE
+CLASS="WARNING"
+BORDER="1"
+WIDTH="90%"
+><TR
+><TD
+ALIGN="CENTER"
+><B
+>Warning</B
+></TD
+></TR
+><TR
+><TD
+ALIGN="LEFT"
+><P
+> If set, this option should be <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>the first option in the config
+ file</I
+></SPAN
+>, because it is used while the config file is being read.
+ </P
+></TD
+></TR
+></TABLE
+></DIV
></DD
></DL
></DIV
></DIV
-></DIV
-><DIV
-CLASS="SECT2"
-><H2
-CLASS="SECT2"
-><A
-NAME="LOCAL-SET-UP"
->8.2. Local Set-up Documentation</A
-></H2
-><P
-> If you intend to operate <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> for more users
- that just yourself, it might be a good idea to let them know how to reach
- you, what you block and why you do that, your policies etc.
- </P
><DIV
CLASS="SECT3"
><H4
CLASS="SECT3"
><A
NAME="TRUST-INFO-URL"
->8.2.1. trust-info-url</A
-></H4
+></A
+>7.2.2. trust-info-url</H4
><P
></P
><DIV
><DD
><P
> The value of this option only matters if the experimental trust mechanism has been
- activated. (See <TT
-CLASS="LITERAL"
->trustfile</TT
+ activated. (See <A
+HREF="config.html#TRUSTFILE"
+><SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>trustfile</I
+></SPAN
+></A
> above.)
</P
><P
CLASS="SECT3"
><A
NAME="ADMIN-ADDRESS"
->8.2.2. admin-address</A
-></H4
+></A
+>7.2.3. admin-address</H4
><P
></P
><DIV
>Default value:</DT
><DD
><P
+><SPAN
+CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Unset</I
+></SPAN
></P
></DD
><DT
CLASS="SECT3"
><A
NAME="PROXY-INFO-URL"
->8.2.3. proxy-info-url</A
-></H4
+></A
+>7.2.4. proxy-info-url</H4
><P
></P
><DIV
>Default value:</DT
><DD
><P
+><SPAN
+CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Unset</I
+></SPAN
></P
></DD
><DT
CLASS="SECT2"
><A
NAME="DEBUGGING"
->8.3. Debugging</A
-></H2
+></A
+>7.3. Debugging</H2
><P
> These options are mainly useful when tracing a problem.
Note that you might also want to invoke
CLASS="SECT3"
><A
NAME="DEBUG"
->8.3.1. debug</A
-></H4
+></A
+>7.3.1. debug</H4
><P
></P
><DIV
>Specifies:</DT
><DD
><P
-> Key values that determine what information gets logged.
+> Key values that determine what information gets logged to the
+ <A
+HREF="config.html#LOGFILE"
+><SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>logfile</I
+></SPAN
+></A
+>.
</P
></DD
><DT
debug 8 # show header parsing
debug 16 # log all data into the logfile
debug 32 # debug force feature
- debug 64 # debug regular expression filter
+ debug 64 # debug regular expression filter
debug 128 # debug fast redirects
debug 256 # debug GIF de-animation
debug 512 # Common Log Format
debug 1024 # debug kill pop-ups
+ debug 2048 # CGI user interface
debug 4096 # Startup banner and warnings.
debug 8192 # Non-fatal errors</PRE
></TD
</P
><P
> A debug level of 1 is informative because it will show you each request
- as it happens. <I
+ as it happens. <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>1, 4096 and 8192 are highly recommended</I
+></SPAN
>
so that you will notice when things go wrong. The other levels are probably
only of interest if you are hunting down a specific problem. They can produce
</P
><P
-> The reporting of <I
+> The reporting of <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>fatal</I
+></SPAN
> errors (i.e. ones which crash
<SPAN
CLASS="APPLICATION"
CLASS="QUOTE"
>"debug
512"</SPAN
-> <I
+> <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>ONLY</I
+></SPAN
> and not enable anything else.
</P
></DD
CLASS="SECT3"
><A
NAME="SINGLE-THREADED"
->8.3.2. single-threaded</A
-></H4
+></A
+>7.3.2. single-threaded</H4
><P
></P
><DIV
>Type of value:</DT
><DD
><P
+><SPAN
+CLASS="emphasis"
><I
CLASS="EMPHASIS"
>None</I
+></SPAN
></P
></DD
><DT
>Default value:</DT
><DD
><P
+><SPAN
+CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Unset</I
+></SPAN
></P
></DD
><DT
><DD
><P
> This option is only there for debug purposes and you should never
- need to use it. <I
+ need to use it. <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>It will drastically reduce performance.</I
+></SPAN
>
</P
></DD
CLASS="SECT2"
><A
NAME="ACCESS-CONTROL"
->8.4. Access Control and Security</A
-></H2
+></A
+>7.4. Access Control and Security</H2
><P
> This section of the config file controls the security-relevant aspects
of <SPAN
CLASS="SECT3"
><A
NAME="LISTEN-ADDRESS"
->8.4.1. listen-address</A
-></H4
+></A
+>7.4.1. listen-address</H4
><P
></P
><DIV
>Default value:</DT
><DD
><P
->localhost:8118</P
+>127.0.0.1:8118</P
></DD
><DT
>Effect if unset:</DT
><DD
><P
-> Bind to localhost (127.0.0.1), port 8118. This is suitable and recommended for
+> Bind to 127.0.0.1 (localhost), port 8118. This is suitable and recommended for
home users who run <SPAN
CLASS="APPLICATION"
>Privoxy</SPAN
>Privoxy</SPAN
> will
bind to all interfaces (addresses) on your machine and may become reachable
- from the Internet. In that case, consider using access control lists (ACL's)
- (see <SPAN
-CLASS="QUOTE"
->"ACLs"</SPAN
-> below), or a firewall.
+ from the Internet. In that case, consider using <A
+HREF="config.html#ACLS"
+>access control lists</A
+> (ACL's, see below), and/or
+ a firewall.
+ </P
+><P
+> If you open <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> to untrusted users, you will
+ also want to turn off the <TT
+CLASS="LITERAL"
+><A
+HREF="config.html#ENABLE-EDIT-ACTIONS"
+>enable-edit-actions</A
+></TT
+> and
+ <TT
+CLASS="LITERAL"
+><A
+HREF="config.html#ENABLE-REMOTE-TOGGLE"
+>enable-remote-toggle</A
+></TT
+>
+ options!
</P
></DD
><DT
CLASS="SECT3"
><A
NAME="TOGGLE"
->8.4.2. toggle</A
-></H4
+></A
+>7.4.2. toggle</H4
><P
></P
><DIV
CLASS="QUOTE"
>"toggled off"</SPAN
> mode, i.e. behave like a normal, content-neutral
- proxy. See <TT
+ proxy where all ad blocking, filtering, etc are disabled. See
+ <TT
CLASS="LITERAL"
>enable-remote-toggle</TT
->
- below. This is not really useful anymore, since toggling is much easier
- via <A
+> below. This is not really useful
+ anymore, since toggling is much easier via <A
HREF="http://config.privoxy.org/toggle"
TARGET="_top"
->the web
- interface</A
-> than via editing the <TT
+>the web interface</A
+> than via
+ editing the <TT
CLASS="FILENAME"
>conf</TT
> file.
CLASS="SECT3"
><A
NAME="ENABLE-REMOTE-TOGGLE"
->8.4.3. enable-remote-toggle</A
-></H4
+></A
+>7.4.3. enable-remote-toggle</H4
><P
></P
><DIV
any URL.
</P
><P
-> For the time being, access to the toggle feature can <I
+> For the time being, access to the toggle feature can <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>not</I
+></SPAN
> be
controlled separately by <SPAN
CLASS="QUOTE"
CLASS="LITERAL"
>listen-address</TT
> above) can
- toggle it for all users. So this option is <I
+ toggle it for all users. So this option is <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>not recommended</I
+></SPAN
>
for multi-user environments with untrusted users.
</P
CLASS="SECT3"
><A
NAME="ENABLE-EDIT-ACTIONS"
->8.4.4. enable-edit-actions</A
-></H4
+></A
+>7.4.4. enable-edit-actions</H4
><P
></P
><DIV
>Notes:</DT
><DD
><P
-> For the time being, access to the editor can <I
+> For the time being, access to the editor can <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>not</I
+></SPAN
> be
controlled separately by <SPAN
CLASS="QUOTE"
CLASS="LITERAL"
>listen-address</TT
> above) can
- modify its configuration for all users. So this option is <I
+ modify its configuration for all users. So this option is <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>not
recommended</I
+></SPAN
> for multi-user environments with untrusted users.
</P
><P
CLASS="SECT3"
><A
NAME="ACLS"
->8.4.5. ACLs: permit-access and deny-access</A
-></H4
+></A
+>7.4.5. ACLs: permit-access and deny-access</H4
><A
-NAME="PERMIT-ACCES"
+NAME="PERMIT-ACCESS"
></A
><A
-NAME="DENY-ACCES"
+NAME="DENY-ACCESS"
></A
><P
></P
>Default value:</DT
><DD
><P
+><SPAN
+CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Unset</I
+></SPAN
></P
></DD
><DT
><DD
><P
> Access controls are included at the request of ISPs and systems
- administrators, and <I
+ administrators, and <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>are not usually needed by individual users</I
+></SPAN
>.
For a typical home user, it will normally suffice to ensure that
<SPAN
CLASS="APPLICATION"
>Privoxy</SPAN
-> only listens on the localhost or internal (home)
- network address by means of the <TT
-CLASS="LITERAL"
->listen-address</TT
-> option.
+> only listens on the localhost
+ (127.0.0.1) or internal (home) network address by means of the
+ <A
+HREF="config.html#LISTEN-ADDRESS"
+><SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>listen-address</I
+></SPAN
+></A
+>
+ option.
</P
><P
> Please see the warnings in the FAQ that this proxy is not intended to be a substitute
>dst_addr</I
></TT
>
- that is examined is the address of the forwarder and <I
+ that is examined is the address of the forwarder and <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>NOT</I
+></SPAN
> the address
of the ultimate target. This is necessary because it may be impossible for the local
<SPAN
</P
><P
> You should prefer using IP addresses over DNS names, because the address lookups take
- time. All DNS names must resolve! You can <I
+ time. All DNS names must resolve! You can <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>not</I
+></SPAN
> use domain patterns
like <SPAN
CLASS="QUOTE"
>dst_addr</I
></TT
> implies that
- <I
+ <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>all</I
+></SPAN
> destination addresses are OK:
</P
><P
CLASS="SECT3"
><A
NAME="BUFFER-LIMIT"
->8.4.6. buffer-limit</A
-></H4
+></A
+>7.4.6. buffer-limit</H4
><P
></P
><DIV
CLASS="LITERAL"
>buffer-limit</TT
> Kbytes
- <I
+ <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>each</I
+></SPAN
>, unless you have enabled <SPAN
CLASS="QUOTE"
>"single-threaded"</SPAN
CLASS="SECT2"
><A
NAME="FORWARDING"
->8.5. Forwarding</A
-></H2
+></A
+>7.5. Forwarding</H2
><P
> This feature allows routing of HTTP requests through a chain of
multiple proxies.
CLASS="SECT3"
><A
NAME="FORWARD"
->8.5.1. forward</A
-></H4
+></A
+>7.5.1. forward</H4
><P
></P
><DIV
> <TT
CLASS="REPLACEABLE"
><I
->target_domain</I
-></TT
->[:<TT
-CLASS="REPLACEABLE"
-><I
->port</I
+>target_pattern</I
></TT
->]
+>
<TT
CLASS="REPLACEABLE"
><I
>http_parent</I
></TT
->[/<TT
+>[:<TT
CLASS="REPLACEABLE"
><I
>port</I
>]
</P
><P
-> Where <TT
+> where <TT
CLASS="REPLACEABLE"
><I
->target_domain</I
+>target_pattern</I
></TT
-> is a domain name pattern (see the
- chapter on domain matching in the <TT
-CLASS="FILENAME"
->default.action</TT
-> file),
+> is a <A
+HREF="actions-file.html#AF-PATTERNS"
+>URL pattern</A
+>
+ that specifies to which requests (i.e. URLs) this forward rule shall apply. Use <TT
+CLASS="LITERAL"
+>/</TT
+> to
+ denote <SPAN
+CLASS="QUOTE"
+>"all URLs"</SPAN
+>.
<TT
CLASS="REPLACEABLE"
><I
>http_parent</I
></TT
-> is the address of the parent HTTP proxy
- as an IP addresses in dotted decimal notation or as a valid DNS name (or <SPAN
-CLASS="QUOTE"
->"."</SPAN
-> to denote
- <SPAN
-CLASS="QUOTE"
->"no forwarding"</SPAN
->, and the optional
- <TT
+>[:<TT
CLASS="REPLACEABLE"
><I
>port</I
></TT
-> parameters are TCP ports, i.e. integer
- values from 1 to 64535
+>]
+ is the DNS name or IP address of the parent HTTP proxy through which the requests should be forwarded,
+ optionally followed by its listening port (default: 8080).
+ Use a single dot (<TT
+CLASS="LITERAL"
+>.</TT
+>) to denote <SPAN
+CLASS="QUOTE"
+>"no forwarding"</SPAN
+>.
</P
></DD
><DT
>Default value:</DT
><DD
><P
+><SPAN
+CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Unset</I
+></SPAN
></P
></DD
><DT
><TD
><PRE
CLASS="SCREEN"
-> forward .* anon-proxy.example.org:8080
+> forward / anon-proxy.example.org:8080
forward :443 .</PRE
></TD
></TR
><TD
><PRE
CLASS="SCREEN"
-> forward .*. caching-proxy.example-isp.net:8000
+> forward / caching-proxy.example-isp.net:8000
forward .example-isp.net .</PRE
></TD
></TR
CLASS="SECT3"
><A
NAME="SOCKS"
->8.5.2. forward-socks4 and forward-socks4a</A
-></H4
+></A
+>7.5.2. forward-socks4 and forward-socks4a</H4
><A
NAME="FORWARD-SOCKS4"
></A
> <TT
CLASS="REPLACEABLE"
><I
->target_domain</I
+>target_pattern</I
></TT
->[:<TT
-CLASS="REPLACEABLE"
-><I
->port</I
-></TT
->]
+>
<TT
CLASS="REPLACEABLE"
><I
>socks_proxy</I
></TT
->[/<TT
+>[:<TT
CLASS="REPLACEABLE"
><I
>port</I
><I
>http_parent</I
></TT
->[/<TT
+>[:<TT
CLASS="REPLACEABLE"
><I
>port</I
>]
</P
><P
-> Where <TT
+> where <TT
CLASS="REPLACEABLE"
><I
->target_domain</I
+>target_pattern</I
></TT
-> is a domain name pattern (see the
- chapter on domain matching in the <TT
-CLASS="FILENAME"
->default.action</TT
-> file),
+> is a <A
+HREF="actions-file.html#AF-PATTERNS"
+>URL pattern</A
+>
+ that specifies to which requests (i.e. URLs) this forward rule shall apply. Use <TT
+CLASS="LITERAL"
+>/</TT
+> to
+ denote <SPAN
+CLASS="QUOTE"
+>"all URLs"</SPAN
+>.
<TT
CLASS="REPLACEABLE"
><I
>Default value:</DT
><DD
><P
+><SPAN
+CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Unset</I
+></SPAN
></P
></DD
><DT
><TD
><PRE
CLASS="SCREEN"
-> forward-socks4a .*. socks-gw.example.com:1080 www-cache.example-isp.net:8080
+> forward-socks4a / socks-gw.example.com:1080 www-cache.example-isp.net:8080
forward .example.com .</PRE
></TD
></TR
><TD
><PRE
CLASS="SCREEN"
-> forward-socks4 .*. socks-gw.example.com:1080 .</PRE
+> forward-socks4 / socks-gw.example.com:1080 .</PRE
></TD
></TR
></TABLE
CLASS="SECT3"
><A
NAME="ADVANCED-FORWARDING-EXAMPLES"
->8.5.3. Advanced Forwarding Examples</A
-></H4
+></A
+>7.5.3. Advanced Forwarding Examples</H4
><P
> If you have links to multiple ISPs that provide various special content
only to their subscribers, you can configure multiple <SPAN
>Privoxies</SPAN
>
which have connections to the respective ISPs to act as forwarders to each other, so that
- <I
+ <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>your</I
+></SPAN
> users can see the internal content of all ISPs.</P
><P
> Assume that host-a has a PPP connection to isp-a.net. And host-b has a PPP connection to
><TD
><PRE
CLASS="SCREEN"
-> forward .*. .
+> forward / .
forward .isp-b.net host-b:8118</PRE
></TD
></TR
><TD
><PRE
CLASS="SCREEN"
-> forward .*. .
+> forward / .
forward .isp-a.net host-a:8118</PRE
></TD
></TR
CLASS="APPLICATION"
>squid</SPAN
>
- run on the same box, your squid configuration could then look like this:</P
+ run on the same box, your <SPAN
+CLASS="APPLICATION"
+>squid</SPAN
+> configuration could then look like this:</P
><P
> <TABLE
BORDER="0"
CLASS="FILENAME"
>squid.conf</TT
>.</P
+><P
+> You could just as well decide to only forward requests for Windows executables through
+ a virus-scanning parent proxy, say, on <TT
+CLASS="LITERAL"
+>antivir.example.com</TT
+>, port 8010:</P
+><P
+> <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+> forward / .
+ forward /.*\.(exe|com|dll|zip)$ antivir.example.com:8010</PRE
+></TD
+></TR
+></TABLE
+> </P
></DIV
></DIV
><DIV
CLASS="SECT2"
><A
NAME="WINDOWS-GUI"
->8.6. Windows GUI Options</A
-></H2
+></A
+>7.6. Windows GUI Options</H2
><P
> <SPAN
CLASS="APPLICATION"
CLASS="LITERAL"
> <P
CLASS="LITERALLAYOUT"
-> <I
+> <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>activity-animation 1</I
+></SPAN
><br>
</P
>
CLASS="LITERAL"
> <P
CLASS="LITERALLAYOUT"
-> <I
+> <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>log-messages 1</I
+></SPAN
><br>
</P
>
CLASS="LITERAL"
> <P
CLASS="LITERALLAYOUT"
-> <I
+> <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>log-buffer-size 1</I
+></SPAN
><br>
</P
>
CLASS="LITERAL"
> <P
CLASS="LITERALLAYOUT"
-> <I
+> <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>log-max-lines 200</I
+></SPAN
><br>
</P
>
CLASS="LITERAL"
> <P
CLASS="LITERALLAYOUT"
-> <I
+> <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>log-highlight-messages 1</I
+></SPAN
><br>
</P
>
CLASS="LITERAL"
> <P
CLASS="LITERALLAYOUT"
-> <I
+> <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>log-font-name Comic Sans MS</I
+></SPAN
><br>
</P
>
CLASS="LITERAL"
> <P
CLASS="LITERALLAYOUT"
-> <I
+> <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>log-font-size 8</I
+></SPAN
><br>
</P
>
CLASS="LITERAL"
> <P
CLASS="LITERALLAYOUT"
-> <I
+> <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>show-on-task-bar 0</I
+></SPAN
><br>
</P
>
CLASS="LITERAL"
> <P
CLASS="LITERALLAYOUT"
-> <I
+> <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>close-button-minimizes 1</I
+></SPAN
><br>
</P
>
CLASS="LITERAL"
> <P
CLASS="LITERALLAYOUT"
-> #<I
+> #<SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>hide-console</I
+></SPAN
><br>
</P
>
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
+SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
VALIGN="top"
><A
HREF="configuration.html"
+ACCESSKEY="P"
>Prev</A
></TD
><TD
VALIGN="top"
><A
HREF="index.html"
+ACCESSKEY="H"
>Home</A
></TD
><TD
VALIGN="top"
><A
HREF="actions-file.html"
+ACCESSKEY="N"
>Next</A
></TD
></TR
projects / privoxy.git / blobdiff