<title>The Main Configuration File</title>
<meta name="GENERATOR" content=
"Modular DocBook HTML Stylesheet Version 1.79">
- <link rel="HOME" title="Privoxy 3.0.20 User Manual" href="index.html">
+ <link rel="HOME" title="Privoxy 3.0.25 User Manual" href="index.html">
<link rel="PREVIOUS" title="Privoxy Configuration" href=
"configuration.html">
<link rel="NEXT" title="Actions Files" href="actions-file.html">
<table summary="Header navigation table" width="100%" border="0"
cellpadding="0" cellspacing="0">
<tr>
- <th colspan="3" align="center">Privoxy 3.0.20 User Manual</th>
+ <th colspan="3" align="center">Privoxy 3.0.25 User Manual</th>
</tr>
<tr>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="LOGDIR" id="LOGDIR">7.2.3. logdir</a></h4>
+ <h4 class="SECT3"><a name="TEMPORARY-DIRECTORY" id=
+ "TEMPORARY-DIRECTORY">7.2.3. temporary-directory</a></h4>
+
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Specifies:</dt>
+
+ <dd>
+ <p>A directory where Privoxy can create temporary files.</p>
+ </dd>
+
+ <dt>Type of value:</dt>
+
+ <dd>
+ <p>Path name</p>
+ </dd>
+
+ <dt>Default value:</dt>
+
+ <dd>
+ <p>unset</p>
+ </dd>
+
+ <dt>Effect if unset:</dt>
+
+ <dd>
+ <p>No temporary files are created, external filters don't
+ work.</p>
+ </dd>
+
+ <dt>Notes:</dt>
+
+ <dd>
+ <p>To execute <tt class="LITERAL"><a href=
+ "actions-file.html#EXTERNAL-FILTER" target="_top">external
+ filters</a></tt>, <span class="APPLICATION">Privoxy</span> has
+ to create temporary files. This directive specifies the
+ directory the temporary files should be written to.</p>
+
+ <p>It should be a directory only <span class=
+ "APPLICATION">Privoxy</span> (and trusted users) can
+ access.</p>
+ </dd>
+ </dl>
+ </div>
+ </div>
+
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="LOGDIR" id="LOGDIR">7.2.4. logdir</a></h4>
<div class="VARIABLELIST">
<dl>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="ACTIONSFILE" id="ACTIONSFILE">7.2.4.
+ <h4 class="SECT3"><a name="ACTIONSFILE" id="ACTIONSFILE">7.2.5.
actionsfile</a></h4><a name="DEFAULT.ACTION" id=
"DEFAULT.ACTION"></a><a name="STANDARD.ACTION" id=
"STANDARD.ACTION"></a><a name="USER.ACTION" id="USER.ACTION"></a>
<p>Actions files contain all the per site and per URL
configuration for ad blocking, cookie management, privacy
- considerations, etc. There is no point in using <span class=
- "APPLICATION">Privoxy</span> without at least one actions
- file.</p>
-
- <p>Note that since Privoxy 3.0.7, the complete filename,
- including the <span class="QUOTE">".action"</span> extension
- has to be specified. The syntax change was necessary to be
- consistent with the other file options and to allow previously
- forbidden characters.</p>
+ considerations, etc.</p>
</dd>
</dl>
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="FILTERFILE" id="FILTERFILE">7.2.5.
+ <h4 class="SECT3"><a name="FILTERFILE" id="FILTERFILE">7.2.6.
filterfile</a></h4><a name="DEFAULT.FILTER" id="DEFAULT.FILTER"></a>
<div class="VARIABLELIST">
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="LOGFILE" id="LOGFILE">7.2.6.
+ <h4 class="SECT3"><a name="LOGFILE" id="LOGFILE">7.2.7.
logfile</a></h4>
<div class="VARIABLELIST">
<p>Depending on the debug options below, the logfile may be a
privacy risk if third parties can get access to it. As most
users will never look at it, <span class=
- "APPLICATION">Privoxy</span> 3.0.7 and later only log fatal
- errors by default.</p>
+ "APPLICATION">Privoxy</span> only logs fatal errors by
+ default.</p>
<p>For most troubleshooting purposes, you will have to change
that, please refer to the debugging section for details.</p>
- <p>Your logfile will grow indefinitely, and you will probably
- want to periodically remove it. On Unix systems, you can do
- this with a cron job (see <span class="QUOTE">"man
- cron"</span>).</p>
-
<p>Any log files must be writable by whatever user <span class=
"APPLICATION">Privoxy</span> is being run as (on Unix, default
user id is <span class="QUOTE">"privoxy"</span>).</p>
+
+ <p>To prevent the logfile from growing indefinitely, it is
+ recommended to periodically rotate or shorten it. Many
+ operating systems support log rotation out of the box, some
+ require additional software to do it. For details, please refer
+ to the documentation for your operating system.</p>
</dd>
</dl>
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="TRUSTFILE" id="TRUSTFILE">7.2.7.
+ <h4 class="SECT3"><a name="TRUSTFILE" id="TRUSTFILE">7.2.8.
trustfile</a></h4>
<div class="VARIABLELIST">
problem. They can produce a hell of an output (especially
16).</p>
- <p><span class="APPLICATION">Privoxy</span> used to ship with
- the debug levels recommended above enabled by default, but due
- to privacy concerns 3.0.7 and later are configured to only log
- fatal errors.</p>
-
<p>If you are used to the more verbose settings, simply enable
the debug lines below again.</p>
<dt>Type of value:</dt>
<dd>
- <p><span class="emphasis"><i class=
- "EMPHASIS">None</i></span></p>
+ <p><span class="emphasis"><i class="EMPHASIS">1 or
+ 0</i></span></p>
</dd>
<dt>Default value:</dt>
<dd>
- <p><span class="emphasis"><i class=
- "EMPHASIS">Unset</i></span></p>
+ <p><span class="emphasis"><i class="EMPHASIS">0</i></span></p>
</dd>
<dt>Effect if unset:</dt>
</dl>
</div>
</div>
+
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="ENABLE-PROXY-AUTHENTICATION-FORWARDING"
+ id="ENABLE-PROXY-AUTHENTICATION-FORWARDING">7.4.9.
+ enable-proxy-authentication-forwarding</a></h4>
+
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Specifies:</dt>
+
+ <dd>
+ <p>Whether or not proxy authentication through <span class=
+ "APPLICATION">Privoxy</span> should work.</p>
+ </dd>
+
+ <dt>Type of value:</dt>
+
+ <dd>
+ <p>0 or 1</p>
+ </dd>
+
+ <dt>Default value:</dt>
+
+ <dd>
+ <p>0</p>
+ </dd>
+
+ <dt>Effect if unset:</dt>
+
+ <dd>
+ <p>Proxy authentication headers are removed.</p>
+ </dd>
+
+ <dt>Notes:</dt>
+
+ <dd>
+ <p>Privoxy itself does not support proxy authentication, but
+ can allow clients to authenticate against Privoxy's parent
+ proxy.</p>
+
+ <p>By default Privoxy (3.0.21 and later) don't do that and
+ remove Proxy-Authorization headers in requests and
+ Proxy-Authenticate headers in responses to make it harder for
+ malicious sites to trick inexperienced users into providing
+ login information.</p>
+
+ <p>If this option is enabled the headers are forwarded.</p>
+
+ <p>Enabling this option is <span class="emphasis"><i class=
+ "EMPHASIS">not recommended</i></span> if there is no parent
+ proxy that requires authentication or if the local network
+ between Privoxy and the parent proxy isn't trustworthy. If
+ proxy authentication is only required for some requests, it is
+ recommended to use a client header filter to remove the
+ authentication headers for requests where they aren't
+ needed.</p>
+ </dd>
+ </dl>
+ </div>
+ </div>
</div>
<div class="SECT2">
<tr>
<td>
<pre class="SCREEN">
- forward-socks5 / 127.0.0.1:9050 .
+ forward-socks5t / 127.0.0.1:9050 .
</pre>
</td>
</tr>
</table>
+ <p>Note that if you got Tor through one of the bundles, you may
+ have to change the port from 9050 to 9150 (or even another
+ one). For details, please check the documentation on the
+ <a href="https://torproject.org/" target="_top">Tor
+ website</a>.</p>
+
<p>The public <span class="APPLICATION">Tor</span> network
can't be used to reach your local network, if you need to
access local servers you therefore might want to make some
HTTP connections into <span class=
"APPLICATION">Privoxy</span>.</p>
+ <p>Note that intercepting encrypted connections (HTTPS) isn't
+ supported.</p>
+
<p>Make sure that <span class="APPLICATION">Privoxy's</span>
own requests aren't redirected as well. Additionally take care
that <span class="APPLICATION">Privoxy</span> can't
<dt>Default value:</dt>
<dd>
- <p>None</p>
+ <p>128</p>
</dd>
<dt>Effect if unset:</dt>
<p>Obviously using this option only makes sense if you choose a
limit below the one enforced by the operating system.</p>
+
+ <p>One most POSIX-compliant systems <span class=
+ "APPLICATION">Privoxy</span> can't properly deal with more than
+ FD_SETSIZE file descriptors at the same time and has to reject
+ connections if the limit is reached. This will likely change in
+ a future version, but currently this limit can't be increased
+ without recompiling <span class="APPLICATION">Privoxy</span>
+ with a different FD_SETSIZE limit.</p>
</dd>
<dt>Examples:</dt>
<dt>Notes:</dt>
<dd>
- <p>This is a work-around for Firefox bug 492459: <span class=
- "QUOTE">" Websites are no longer rendered if SSL requests for
- JavaScripts are blocked by a proxy. "</span> (<a href=
- "https://bugzilla.mozilla.org/show_bug.cgi?id=492459" target=
- "_top">https://bugzilla.mozilla.org/show_bug.cgi?id=492459</a>)
- As the bug has been fixed for quite some time this option
- should no longer be needed and will be removed in a future
- release. Please speak up if you have a reason why the option
- should be kept around.</p>
+ <p>This directive was added as a work-around for Firefox bug
+ 492459: <span class="QUOTE">"Websites are no longer rendered if
+ SSL requests for JavaScripts are blocked by a proxy."</span>
+ (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=492459"
+ target=
+ "_top">https://bugzilla.mozilla.org/show_bug.cgi?id=492459</a>),
+ the bug has been fixed for quite some time, but this directive
+ is also useful to make it harder for websites to detect whether
+ or not resources are being blocked.</p>
</dd>
</dl>
</div>
</dl>
</div>
</div>
+
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="CLIENT-SPECIFIC-TAG" id=
+ "CLIENT-SPECIFIC-TAG">7.6.14. client-specific-tag</a></h4>
+
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Specifies:</dt>
+
+ <dd>
+ <p>The name of a tag that will always be set for clients that
+ requested it through the webinterface.</p>
+ </dd>
+
+ <dt>Type of value:</dt>
+
+ <dd>
+ <p><tt class="REPLACEABLE"><i>Tag name followed by a
+ description that will be shown in the webinterface</i></tt></p>
+ </dd>
+
+ <dt>Default value:</dt>
+
+ <dd>
+ <p>None</p>
+ </dd>
+
+ <dt>Notes:</dt>
+
+ <dd>
+ <div class="WARNING">
+ <table class="WARNING" border="1" width="90%">
+ <tr>
+ <td align="center"><b>Warning</b></td>
+ </tr>
+
+ <tr>
+ <td align="left">
+ <p>This is an experimental feature. The syntax is
+ likely to change in future versions.</p>
+ </td>
+ </tr>
+ </table>
+ </div>
+
+ <p>Client-specific tags allow Privoxy admins to create
+ different profiles and let the users chose which one they want
+ without impacting other users.</p>
+
+ <p>One use case is allowing users to circumvent certain blocks
+ without having to allow them to circumvent all blocks. This is
+ not possible with the <a href=
+ "config.html#ENABLE-REMOTE-TOGGLE">enable-remote-toggle
+ feature</a> because it would bluntly disable all blocks for all
+ users and also affect other actions like filters. It also is
+ set globally which renders it useless in most multi-user
+ setups.</p>
+
+ <p>After a client-specific tag has been defined with the
+ client-specific-tag directive, action sections can be activated
+ based on the tag by using a <a href="#CLIENT-TAG-PATTERN"
+ target="_top">CLIENT-TAG</a> pattern. The CLIENT-TAG pattern is
+ evaluated at the same priority as URL patterns, as a result the
+ last matching pattern wins. Tags that are created based on
+ client or server headers are evaluated later on and can
+ overrule CLIENT-TAG and URL patterns!</p>
+
+ <p>The tag is set for all requests that come from clients that
+ requested it to be set. Note that "clients" are differentiated
+ by IP address, if the IP address changes the tag has to be
+ requested again.</p>
+
+ <p>Clients can request tags to be set by using the CGI
+ interface <a href="http://config.privoxy.org/show-client-tags"
+ target="_top">http://config.privoxy.org/show-client-tags</a>.
+ The specific tag description is only used on the web page and
+ should be phrased in away that the user understand the effect
+ of the tag.</p>
+ </dd>
+
+ <dt>Examples:</dt>
+
+ <dd>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
+ # Define a couple of tags, the described effect requires action sections
+ # that are enabled based on CLIENT-TAG patterns.
+ client-specific-tag circumvent-blocks Overrule blocks but do not affect other actions
+ disable-content-filters Disable content-filters but do not affect other actions
+
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="CLIENT-TAG-LIFETIME" id=
+ "CLIENT-TAG-LIFETIME">7.6.15. client-tag-lifetime</a></h4>
+
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Specifies:</dt>
+
+ <dd>
+ <p>How long a temporarily enabled tag remains enabled.</p>
+ </dd>
+
+ <dt>Type of value:</dt>
+
+ <dd>
+ <p><tt class="REPLACEABLE"><i>Time in seconds.</i></tt></p>
+ </dd>
+
+ <dt>Default value:</dt>
+
+ <dd>
+ <p>60</p>
+ </dd>
+
+ <dt>Notes:</dt>
+
+ <dd>
+ <div class="WARNING">
+ <table class="WARNING" border="1" width="90%">
+ <tr>
+ <td align="center"><b>Warning</b></td>
+ </tr>
+
+ <tr>
+ <td align="left">
+ <p>This is an experimental feature. The syntax is
+ likely to change in future versions.</p>
+ </td>
+ </tr>
+ </table>
+ </div>
+
+ <p>In case of some tags users may not want to enable them
+ permanently, but only for a short amount of time, for example
+ to circumvent a block that is the result of an overly-broad URL
+ pattern.</p>
+
+ <p>The CGI interface <a href=
+ "http://config.privoxy.org/show-client-tags" target=
+ "_top">http://config.privoxy.org/show-client-tags</a> therefore
+ provides a "enable this tag temporarily" option. If it is used,
+ the tag will be set until the client-tag-lifetime is over.</p>
+ </dd>
+
+ <dt>Examples:</dt>
+
+ <dd>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">
+ # Increase the time to life for temporarily enabled tags to 3 minutes
+ client-tag-lifetime 180
+
+</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
</div>
<div class="SECT2">
projects / privoxy.git / blobdiff