.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "PRIVOXY" "1" "09 April 2002" "Privoxy 2.9.14 beta" ""
+.TH "PRIVOXY" "1" "15 January 2009" "Privoxy 3.0.11 UNRELEASED" ""
.SH NAME
privoxy \- Privacy Enhancing Proxy
.SH SYNOPSIS
-\fBprivoxy\fR [\fB--help\fR] [\fB--version\fR] [\fB--no-daemon\fR] [\fB--pidfile \fIpidfile\fB\fR] [\fB--user \fIuser[.group]\fB\fR] [\fB\fIconfigfile\fB\fR] (UNIX)
-
-
-\fBprivoxy.exe\fR [\fB\fIconfigfile\fB\fR] (Windows)
+\fBprivoxy\fR [\fB\-\-help\fR ] [\fB\-\-version\fR ] [\fB\-\-no-daemon\fR ] [\fB\-\-pidfile \fIpidfile\fB\fR ] [\fB\-\-user \fIuser[.group]\fB\fR ] [\fB\-\-chroot\fR ] [\fB\-\-pre-chroot-nslookup \fIhostname\fB\fR ] [\fB\fIconfigfile\fB\fR ]
.SH "OPTIONS"
.PP
\fBPrivoxy\fR may be invoked with the following command line
options:
.TP
-\fB--help\fR
+\fB\-\-help\fR
Print brief usage info and exit.
.TP
-\fB--version\fR
+\fB\-\-version\fR
Print version info and exit.
.TP
-\fB--no-daemon\fR
+\fB\-\-no-daemon\fR
Don't become a daemon, i.e. don't fork and become process group
leader, don't detach from controlling tty, and do all logging there.
.TP
-\fB--pidfile \fIpidfile\fB\fR
-After (optionally) writing the PID file, assume the user ID of user
-and the GID of group, or, if the optional group was not given, the
-default group of user. Exit if the privileges are not sufficient to
-do so.
+\fB\-\-pidfile \fIpidfile\fB\fR
+On startup, write the process ID to \fIpidfile\fR.
+Delete the \fIpidfile\fR on exit.
+Failure to create or delete the \fIpidfile\fR
+is non-fatal. If no \fB\-\-pidfile\fR option is given, no PID file will be used.
.TP
-\fB--user \fIuser[.group]\fB\fR
+\fB\-\-user \fIuser[.group]\fB\fR
After (optionally) writing the PID file, assume the user ID of
\fIuser\fR and the GID of
\fIgroup\fR, or, if the optional
\fIgroup\fR was not given, the default group of
\fIuser\fR. Exit if the privileges are not
sufficient to do so.
+.TP
+\fB\-\-chroot\fR
+Before changing to the user ID given in the \-\-user option, chroot to
+that user's home directory, i.e. make the kernel pretend to the
+\fBPrivoxy\fR process that the directory tree starts
+there. If set up carefully, this can limit the impact of possible
+vulnerabilities in \fBPrivoxy\fR to the files contained in
+that hierarchy.
+.TP
+\fB\-\-pre-chroot-nslookup \fIhostname\fB\fR
+Initialize the resolver library using \fIhostname\fR
+before chroot'ing. On some systems this reduces the number of files
+that must be copied into the chroot tree.
.PP
If the \fIconfigfile\fR is not specified on the command line,
\fBPrivoxy\fR will look for a file named
-\fIconfig\fR in the current directory (except on Win32 where
-it will try \fIconfig.txt\fR). If no
+\fIconfig\fR in the current directory . If no
\fIconfigfile\fR is found, \fBPrivoxy\fR will
fail to start.
.SH "DESCRIPTION"
.PP
-\fBPrivoxy\fR is a web proxy with advanced filtering
-capabilities for protecting privacy, filtering web page content, managing
-cookies, controlling access, and removing ads, banners, pop-ups and other
-obnoxious Internet junk. \fBPrivoxy\fR has a very
-flexible configuration and can be customized to suit individual needs and
-tastes. \fBPrivoxy\fR has application for both
-stand-alone systems and multi-user networks.
+Privoxy is a non-caching
+web proxy
+with advanced filtering capabilities for enhancing privacy,
+modifying web page data, managing HTTP
+cookies,
+controlling access, and removing ads, banners, pop-ups and other obnoxious
+Internet junk. Privoxy has a flexible configuration and can be
+customized to suit individual needs and tastes. Privoxy has application for
+both stand-alone systems and multi-user networks.
.PP
-\fBPrivoxy\fR is based on the code of the
-\fBInternet Junkbuster\fR (tm).
-\fBJunkbuster\fR was originally written by Junkbusters
-Corporation, and was released as free open-source software under the GNU GPL.
-Stefan Waldherr made many improvements, and started the SourceForge project
-to continue development.
-.PP
-\fBPrivoxy\fR continues the
-\fBJunkbuster\fR tradition, but adds many
-refinements, enhancements and new features.
+Privoxy is based on Internet Junkbuster (tm).
.SH "INSTALLATION AND USAGE"
.PP
-Browsers must be individually configured to use \fBPrivoxy\fR as
-a HTTP proxy. The default setting is for localhost, on port 8118
-(configurable in the main config file). To set the HTTP proxy in Netscape
-and Mozilla, go through: \fBEdit\fR;
+Browsers can either be individually configured to use
+\fBPrivoxy\fR as a HTTP proxy (recommended),
+or \fBPrivoxy\fR can be combined with a packet
+filter to build an intercepting proxy
+(see \fIconfig\fR). The default setting is for
+localhost, on port 8118 (configurable in the main config file). To set the
+HTTP proxy in Netscape and Mozilla, go through: \fBEdit\fR;
\fBPreferences\fR; \fBAdvanced\fR;
\fBProxies\fR; \fBManual Proxy Configuration\fR;
\fBView\fR.
.PP
+For Firefox, go through: \fBTools\fR;
+\fBOptions\fR; \fBGeneral\fR;
+\fBConnection Settings\fR;
+\fBManual Proxy Configuration\fR.
+.PP
For Internet Explorer, go through: \fBTools\fR;
\fBInternet Properties\fR; \fBConnections\fR;
\fBLAN Settings\fR.
.PP
The Secure (SSL) Proxy should also be set to the same values, otherwise
-https: URLs will not be proxied.
+https: URLs will not be proxied. Note: \fBPrivoxy\fR can only
+proxy HTTP and HTTPS traffic. Do not try it with FTP or other protocols.
+HTTPS presents some limitations, and not all features will work with HTTPS
+connections.
.PP
For other browsers, check the documentation.
.SH "CONFIGURATION"
.PP
\fBPrivoxy\fR can be configured with the various configuration
files. The default configuration files are: \fIconfig\fR,
-\fIdefault.action\fR, and
-\fIdefault.filter\fR. These are well commented. On Unix and
-Unix-like systems, these are located in \fI/etc/privoxy/\fR by
-default. On Windows, OS/2 and AmigaOS, these files are in the same directory
-as the \fBPrivoxy\fR executable.
+\fIdefault.filter\fR, and
+\fIdefault.action\fR. \fIuser.action\fR should
+be used for locally defined exceptions to the default rules of
+\fIdefault.action\fR, and \fIuser.filter\fR for
+locally defined filters. These are well commented. On Unix
+and Unix-like systems, these are located in
+\fI/etc/privoxy/\fR by default.
.PP
-The name and number of configuration files has changed from previous
-versions, and is subject to change as development progresses. In fact, the
-configuration itself is changed and much more sophisticated. See the
-user-manual for a
-brief explanation of all configuration options.
+\fBPrivoxy\fR uses the concept of \fBactions\fR
+in order to manipulate the data stream between the browser and remote sites.
+There are various actions available with specific functions for such things
+as blocking web sites, managing cookies, etc. These actions can be invoked
+individually or combined, and used against individual URLs, or groups of URLs
+that can be defined using wildcards and regular expressions. The result is
+that the user has greatly enhanced control and freedom.
.PP
The actions list (ad blocks, etc) can also be configured with your
-web browser at http://ijbswa.sourceforge.net/config.
+web browser at http://config.privoxy.org/
+(assuming the configuration allows it).
\fBPrivoxy's\fR configuration parameters can also be viewed at
the same page. In addition, \fBPrivoxy\fR can be toggled on/off.
-This is an internal page.
+This is an internal page, and does not require Internet access.
+.PP
+See the \fIUser Manual\fR for a detailed
+explanation of installation, general usage, all configuration options, new
+features and notes on upgrading.
.SH "SAMPLE CONFIGURATION"
.PP
-A brief example of what a \fIdefault.action\fR configuration
-might look like:
+A brief example of what a simple \fIdefault.action\fR
+configuration might look like:
.nf
-
# Define a few useful custom aliases for later use
{{alias}}
- # Don't accept cookies
- +no-cookies = +no-cookies-set +no-cookies-read
+ # Useful aliases that combine more than one action
+ +crunch-cookies = +crunch-incoming-cookies +crunch-outgoing-cookies
+ \-crunch-cookies = \-crunch-incoming-cookies \-crunch-outgoing-cookies
+ +block-as-image = +block +handle-as-image
- # Do accept cookies
- -no-cookies = -no-cookies-set -no-cookies-read
+ # Fragile sites should have the minimum changes
+ fragile = \-block \-deanimate-gifs \-fast-redirects \-filter \\
+ \-hide-referer \-prevent-cookies
- # Treat these blocked URLs as images.
- +imageblock = +block +image
+ ## Turn some actions on ################################
+ ## NOTE: Actions are off by default, unless explictily turned on
+ ## otherwise with the '+' operator.
- # Define page filters we want to use.
- myfilters = +filter{html-annoyances} +filter{js-annoyances}\\
- +filter{no-popups} +filter{webbugs}
+{ \\
++change-x-forwarded-for{block} \\
++deanimate-gifs{last} \\
++filter{refresh-tags} \\
++filter{img-reorder} \\
++filter{banners-by-size} \\
++filter{webbugs} \\
++filter{jumping-windows} \\
++filter{ie-exploits} \\
++hide-from-header{block} \\
++hide-referrer{conditional-block} \\
++session-cookies-only \\
++set-image-blocker{pattern} \\
+}
+/ # '/' Match *all* URL patterns
- ## Default Policies (actions) ############################
- { \\
- -block \\
- -downgrade \\
- +fast-redirects \\
- myfilters \\
- +no-compression \\
- +hide-forwarded \\
- +hide-from{block} \\
- +hide-referer{forge} \\
- -hide-user-agent \\
- -image \\
- +image-blocker{blank} \\
- +no-cookies-keep \\
- -no-cookies-read \\
- -no-cookies-set \\
- +no-popups \\
- -vanilla-wafer \\
- -wafer \\
- }
- /
+
+ # Block all URLs that match these patterns
+ { +block }
+ ad.
+ ad[sv].
+ .*ads.
+ banner?.
+ /.*count(er)?\\.(pl|cgi|exe|dll|asp|php[34]?)
+ .hitbox.com
+ media./.*(ads|banner)
- # Now set exceptions to the above defined policies #######
+ # Block, and treat these URL patterns as if they were 'images'.
+ # We would expect these to be ads.
+ { +block-as-image }
+ .ad.doubleclick.net
+ .a[0-9].yimg.com/(?:(?!/i/).)*$
+ ad.*.doubleclick.net
- # Sites where we want persistant cookies
- {-no-cookies -no-cookies-keep}
- .redhat.com
- .sun.com
- .yahoo.com
- .msdn.microsoft.com
+ # Make exceptions for these harmless ones that would be
+ # caught by our +block patterns just above.
+ { \-block }
+ adsl.
+ adobe.
+ advice.
+ .*downloads.
+ # uploads or downloads
+ /.*loads
+.fi
+.PP
+Then for a \fIuser.action\fR, we would put local,
+narrowly defined exceptions:
- # This site requires cookies AND 'fast-redirects' on
- {-no-cookies -no-cookies-keep -fast-redirects}
- .nytimes.com
+.nf
+ # Re-define aliases as needed here
+ {{alias}}
- # Add custom headers, and turn off filtering of page source
- {+add-header{X-Privacy: Yes please} #-add-header{*} \\
- +add-header{X-User-Tracking: No thanks!} -filter}
- privacy.net
+ # Useful aliases
+ \-crunch-cookies = \-crunch-incoming-cookies \-crunch-outgoing-cookies
+
+ # Set personal exceptions to the policies in default.action #######
- # Block, and treat these URLs as 'images'.
- {+imageblock}
- .adforce.imgis.com
- .ad.preferences.com/image.*
- .ads.web.aol.com
- .ad-adex3.flycast.com
- .ad.doubleclick.net
- .ln.doubleclick.net
- .ad.de.doubleclick.net
- /.*/count\\.cgi\\?.*df=
- 194.221.183.22[1-7]
- a196.g.akamai.net/7/196/2670/000[12]/images.gmx.net/i4/images/.*/
+ # Sites where we want persistent cookies, so allow *all* cookies
+ { \-crunch-cookies \-session-cookies-only }
+ .redhat.com
+ .sun.com
+ .msdn.microsoft.com
+
+ # These sites break easily. Use our "fragile" alias here.
+ { fragile }
+ .forbes.com
+ mybank.example.com
- # Block any URLs that match these patterns
- {+block}
- /.*/(.*[-_.])?ads?[0-9]?(/|[-_.].*|\\.(gif|jpe?g))
- /.*/(plain|live|rotate)[-_.]?ads?/
- /.*/(sponsor)s?[0-9]?/
- /.*/ad(server|stream|juggler)\\.(cgi|pl|dll|exe)
- /.*/adbanners/
- /.*/adv((er)?ts?|ertis(ing|ements?))?/
- /.*/banners?/
- /.*/popupads/
- /.*/advert[0-9]+\\.jpg
- /ad_images/
- /.*/ads/
- /images/.*/.*_anim\\.gif
- /rotations/
- /.*(ms)?backoff(ice)?.*\\.(gif|jpe?g)
- 195.63.104.*/(inbox|log|meld|folderlu|folderru|log(in|out)[lmr]u|)
- .images.nytimes.com
- .images.yahoo.com/adv/
- /.*cnnstore\\.gif
+ # Replace example.com's style sheet with one of my choosing
+ { +redirect{http://localhost/css-replacements/example.com.css} }
+ .example.com/stylesheet.css
.fi
.PP
See the comments in the configuration files themselves, or the
-\fIuser-manual\fR
-for explanations of the above syntax, and other \fBPrivoxy\fR
+\fIUser Manual\fR
+for full explanations of the above syntax, and other \fBPrivoxy\fR
configuration options.
.SH "FILES"
\fI/usr/sbin/privoxy\fR
\fI/etc/privoxy/config\fR
\fI/etc/privoxy/default.action\fR
- \fI/etc/privoxy/advanced.action\fR
- \fI/etc/privoxy/basic.action\fR
- \fI/etc/privoxy/intermediate.action\fR
+ \fI/etc/privoxy/user.action\fR
\fI/etc/privoxy/default.filter\fR
+ \fI/etc/privoxy/user.filter\fR
\fI/etc/privoxy/trust\fR
\fI/etc/privoxy/templates/*\fR
\fI/var/log/privoxy/logfile\fR
.fi
.PP
Various other files should be included, but may vary depending on platform
-and build configuration. More documentation should be included in the local
-documentation directory, though is not complete at this time.
+and build configuration. Additional documentation should be included in the local
+documentation directory.
.SH "SIGNALS"
.PP
\fBPrivoxy\fR terminates on the \fBSIGINT\fR,
automatically.
.SH "NOTES"
.PP
-This is a beta version of \fBPrivoxy\fR. Not
+This is a UNRELEASED version of \fBPrivoxy\fR. Not
all features are well tested.
.PP
-Please see the \fIuser-manual\fR on how to contact the
-developers for feature requests, reporting problems, and other questions.
+Please see the \fIUser Manual\fR on how to contact the
+developers, for feature requests, reporting problems, and other questions.
.SH "SEE ALSO"
.PP
Other references and sites of interest to \fBPrivoxy\fR
.PP
http://www.privoxy.org/,
-The \fBPrivoxy\fR Home page.
+the \fBPrivoxy\fR Home page.
-http://sourceforge.net/projects/ijbswa,
+http://www.privoxy.org/faq/,
+the \fBPrivoxy\fR FAQ.
+
+http://sourceforge.net/projects/ijbswa/,
the Project Page for \fBPrivoxy\fR on
-Sourceforge.
+SourceForge.
+
+http://config.privoxy.org/,
+the web-based user interface. \fBPrivoxy\fR must be
+running for this to work. Shortcut: http://p.p/
+
+https://sourceforge.net/tracker/?group_id=11118&atid=460288, to submit ``misses'' and other
+configuration related suggestions to the developers.
+
+http://www.junkbusters.com/ht/en/cookies.html,
+an explanation how cookies are used to track web users.
-http://p.p/, access
-\fBPrivoxy\fR from your browser. Alternately,
-http://config.privoxy.org
-may work in some situations where the first does not.
+http://www.junkbusters.com/ijb.html,
+the original Internet Junkbuster.
-http://www.privoxy.org/actions/,
-submit ``misses'' to the developers.
+http://privacy.net/, a useful site
+to check what information about you is leaked while you browse the web.
-http://www.junkbusters.com/ht/en/cookies.html
+http://www.squid-cache.org/, a popular
+caching proxy, which is often used together with \fBPrivoxy\fR.
-http://www.waldherr.org/junkbuster/
+http://www.pps.jussieu.fr/~jch/software/polipo/,
+\fBPolipo\fR is a caching proxy with advanced features
+like pipelining, multiplexing and caching of partial instances. In many setups
+it can be used as \fBSquid\fR replacement.
-http://privacy.net/analyze/
+https://www.torproject.org/,
+\fBTor\fR can help anonymize web browsing,
+web publishing, instant messaging, IRC, SSH, and other applications.
-http://www.squid-cache.org/
+http://www.privoxy.org/developer-manual/,
+the \fBPrivoxy\fR developer manual.
.SH "DEVELOPMENT TEAM"
.nf
- Stefan Waldherr
- Andreas Oesterhelt
- Jon Foster
- Markus Breitenbach
- Thomas Steudten
- David Schmidt (OS/2, Mac OSX ports)
- Gabriel L. Somlo
- Hal Burgiss (docs)
- Haroon Rafique
- John Venvertloh
- Joerg Strohmayer
- Rodney Stromlund
- Rodrigo Barbosa (RPM specfiles)
- Sarantis Paskalis
- Shamim Mohamed
- Gábor Lipták
- Alexander Lazic
+ Fabian Keil, lead developer
+ David Schmidt, developer
+
+ Hal Burgiss
+ Mark Miller
+ Gerry Murphy
+ Lee Rian
+ Roland Rosenfeld
+ J\[:o]rg Strohmayer
.fi
.SH "COPYRIGHT AND LICENSE"
+.SS "COPYRIGHT"
+.PP
+Copyright (C) 2001-2009 by Privoxy Developers <ijbswa-developers@lists.sourceforge.net>
+.PP
+Some source code is based on code Copyright (C) 1997 by Anonymous Coders
+and Junkbusters, Inc. and licensed under the \fIGNU General Public
+License\fR.
+.SS "LICENSE"
.PP
\fBPrivoxy\fR is free software; you can
-redistribute it and/or modify it under the terms of the GNU General Public
-License as published by the Free Software Foundation; either version 2 of the
-License, or (at your option) any later version.
+redistribute it and/or modify it under the terms of the
+\fIGNU General Public License\fR, version 2,
+as published by the Free Software Foundation.
.PP
This program is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
-more details, which is available from the Free Software Foundation, Inc, 59
-Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+FITNESS FOR A PARTICULAR PURPOSE. See the \fIGNU General Public License\fR for details.
.PP
-You should have received a copy of the GNU General Public License
-along with this program; if not, write to the Free Software Foundation, Inc.,
-59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+You should have received a copy of the \fIGNU GPL\fR
+along with this program; if not, write to the Free Software
+Foundation, Inc. 51 Franklin Street, Fifth Floor
+Boston, MA 02110-1301
+USA
projects / privoxy.git / blobdiff