X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=config;h=24dcb5a20f31ba504567b984883c3c17b60fd64b;hp=8403b701d2e11c9c5e1b88003a6e9f1b639010dc;hb=6482e058f35d398401f8576fb2de4121c41870d0;hpb=5fa30e9c838ec797b5ac1886ef0e2337b0134836 diff --git a/config b/config index 8403b701..24dcb5a2 100644 --- a/config +++ b/config @@ -1,8 +1,6 @@ -# Sample Configuration File for Privoxy 3.0.25 +# Sample Configuration File for Privoxy 3.0.29 # -# $Id: p-config.sgml,v 2.121 2016/05/03 13:22:13 fabiankeil Exp $ -# -# Copyright (C) 2001-2016 Privoxy Developers https://www.privoxy.org/ +# Copyright (C) 2001-2019 Privoxy Developers https://www.privoxy.org/ # ##################################################################### # # @@ -611,7 +609,7 @@ logfile logfile # problem on your own. # #debug 1 # Log the destination for each request Privoxy let through. See also debug 1024. -#debug 1024 # Actions that are applied to all sites and maybe overruled later on. +#debug 1024 # Log the destination for requests Privoxy didn't let through, and the reason why. #debug 4096 # Startup banner and warnings #debug 8192 # Non-fatal errors # @@ -1167,6 +1165,108 @@ buffer-limit 4096 # enable-proxy-authentication-forwarding 0 # +# 4.10. trusted-cgi-referer +# ========================== +# +# Specifies: +# +# A trusted website or webpage whose links can be followed to +# reach sensitive CGI pages +# +# Type of value: +# +# URL or URL prefix +# +# Default value: +# +# Unset +# +# Effect if unset: +# +# No external pages are considered trusted referers. +# +# Notes: +# +# Before Privoxy accepts configuration changes through CGI pages +# like client-tags or the remote toggle, it checks the Referer +# header to see if the request comes from a trusted source. +# +# By default only the webinterface domains config.privoxy.org +# and p.p are considered trustworthy. Requests originating from +# other domains are rejected to prevent third-parties from +# modifiying Privoxy's state by e.g. embedding images that +# result in CGI requests. +# +# In some environments it may be desirable to embed links to CGI +# pages on external pages, for example on an Intranet homepage +# the Privoxy admin controls. +# +# The "trusted-cgi-referer" option can be used to add that page, +# or the whole domain, as trusted source so the resulting +# requests aren't rejected. Requests are accepted if the +# specified trusted-cgi-refer is the prefix of the Referer. +# +# If the trusted source is supposed to access the CGI pages via +# JavaScript the cors-allowed-origin option can be used. +# +# +-----------------------------------------------------+ +# | Warning | +# |-----------------------------------------------------| +# |Declaring pages the admin doesn't control trustworthy| +# |may allow malicious third parties to modify Privoxy's| +# |internal state against the user's wishes and without | +# |the user's knowledge. | +# +-----------------------------------------------------+ +# +#trusted-cgi-referer http://www.example.org/local-privoxy-control-page +# +# 4.11. cors-allowed-origin +# ========================== +# +# Specifies: +# +# A trusted website which can access Privoxy's CGI pages through +# JavaScript. +# +# Type of value: +# +# URL +# +# Default value: +# +# Unset +# +# Effect if unset: +# +# No external sites get access via cross-origin resource +# sharing. +# +# Notes: +# +# Modern browsers by default prevent cross-origin requests made +# via JavaScript to Privoxy's CGI interface even if Privoxy +# would trust the referer because it's white listed via the +# trusted-cgi-referer directive. +# +# Cross-origin resource sharing (CORS) is a mechanism to allow +# cross-origin requests. +# +# The "cors-allowed-origin" option can be used to specify a +# domain that is allowed to make requests to Privoxy CGI +# interface via JavaScript. It is used in combination with the +# trusted-cgi-referer directive. +# +# +-----------------------------------------------------+ +# | Warning | +# |-----------------------------------------------------| +# |Declaring domains the admin doesn't control | +# |trustworthy may allow malicious third parties to | +# |modify Privoxy's internal state against the user's | +# |wishes and without the user's knowledge. | +# +-----------------------------------------------------+ +# +#cors-allowed-origin http://www.example.org/ +# # 5. FORWARDING # ============== # @@ -1267,7 +1367,7 @@ enable-proxy-authentication-forwarding 0 # # Type of value: # -# target_pattern socks_proxy[:port] http_parent[:port] +# target_pattern [user:pass@]socks_proxy[:port] http_parent[:port] # # where target_pattern is a URL pattern that specifies to which # requests (i.e. URLs) this forward rule shall apply. Use / to @@ -1275,7 +1375,8 @@ enable-proxy-authentication-forwarding 0 # addresses in dotted decimal notation or valid DNS names ( # http_parent may be "." to denote "no HTTP forwarding"), and # the optional port parameters are TCP ports, i.e. integer -# values from 1 to 65535 +# values from 1 to 65535. user and pass can be used for SOCKS5 +# authentication if required. # # Default value: # @@ -1330,6 +1431,11 @@ enable-proxy-authentication-forwarding 0 # # forward-socks4 / socks-gw.example.com:1080 . # +# To connect SOCKS5 proxy which requires username/password +# authentication: +# +# forward-socks5 / user:pass@socks-gw.example.com:1080 . +# # To chain Privoxy and Tor, both running on the same system, you # would use something like: # @@ -1852,7 +1958,103 @@ socket-timeout 300 # #max-client-connections 256 # -# 6.10. handle-as-empty-doc-returns-ok +# 6.10. listen-backlog +# ===================== +# +# Specifies: +# +# Connection queue length requested from the operating system. +# +# Type of value: +# +# Number. +# +# Default value: +# +# 128 +# +# Effect if unset: +# +# A connection queue length of 128 is requested from the +# operating system. +# +# Notes: +# +# Under high load incoming connection may queue up before +# Privoxy gets around to serve them. The queue length is +# limitted by the operating system. Once the queue is full, +# additional connections are dropped before Privoxy can accept +# and serve them. +# +# Increasing the queue length allows Privoxy to accept more +# incomming connections that arrive roughly at the same time. +# +# Note that Privoxy can only request a certain queue length, +# whether or not the requested length is actually used depends +# on the operating system which may use a different length +# instead. +# +# On many operating systems a limit of -1 can be specified to +# instruct the operating system to use the maximum queue length +# allowed. Check the listen man page to see if your platform +# allows this. +# +# On some platforms you can use "netstat -Lan -p tcp" to see the +# effective queue length. +# +# Effectively using a value above 128 usually requires changing +# the system configuration as well. On FreeBSD-based system the +# limit is controlled by the kern.ipc.soacceptqueue sysctl. +# +# Examples: +# +# listen-backlog 4096 +# +#listen-backlog -1 +# +# 6.11. enable-accept-filter +# =========================== +# +# Specifies: +# +# Whether or not Privoxy should use an accept filter +# +# Type of value: +# +# 0 or 1 +# +# Default value: +# +# 0 +# +# Effect if unset: +# +# No accept filter is enabled. +# +# Notes: +# +# Accept filters reduce the number of context switches by not +# passing sockets for new connections to Privoxy until a +# complete HTTP request is available. +# +# As a result, Privoxy can process the whole request right away +# without having to wait for additional data first. +# +# For this option to work, Privoxy has to be compiled with +# FEATURE_ACCEPT_FILTER and the operating system has to support +# it (which may require loading a kernel module). +# +# Currently accept filters are only supported on FreeBSD-based +# systems. Check the accf_http(9) man page to learn how to +# enable the support in the operating system. +# +# Examples: +# +# enable-accept-filter 1 +# +#enable-accept-filter 1 +# +# 6.12. handle-as-empty-doc-returns-ok # ===================================== # # Specifies: @@ -1890,7 +2092,7 @@ socket-timeout 300 # #handle-as-empty-doc-returns-ok 1 # -# 6.11. enable-compression +# 6.13. enable-compression # ========================= # # Specifies: @@ -1931,7 +2133,7 @@ socket-timeout 300 # #enable-compression 1 # -# 6.12. compression-level +# 6.14. compression-level # ======================== # # Specifies: @@ -1977,7 +2179,7 @@ socket-timeout 300 # #compression-level 1 # -# 6.13. client-header-order +# 6.15. client-header-order # ========================== # # Specifies: @@ -2012,6 +2214,7 @@ socket-timeout 300 # affected by this directive. # #client-header-order Host \ +# User-Agent \ # Accept \ # Accept-Language \ # Accept-Encoding \ @@ -2025,7 +2228,7 @@ socket-timeout 300 # Content-Type # # -# 6.14. client-specific-tag +# 6.16. client-specific-tag # ========================== # # Specifies: @@ -2090,7 +2293,7 @@ socket-timeout 300 # # # -# 6.15. client-tag-lifetime +# 6.17. client-tag-lifetime # ========================== # # Specifies: @@ -2131,7 +2334,7 @@ socket-timeout 300 # # # -# 6.16. trust-x-forwarded-for +# 6.18. trust-x-forwarded-for # ============================ # # Specifies: @@ -2186,6 +2389,53 @@ socket-timeout 300 # # # +# 6.19. receive-buffer-size +# ========================== +# +# Specifies: +# +# The size of the buffer Privoxy uses to receive data from the +# server. +# +# Type of value: +# +# Size in bytes +# +# Default value: +# +# 5000 +# +# Notes: +# +# Increasing the receive-buffer-size increases Privoxy's memory +# usage but can lower the number of context switches and thereby +# reduce the cpu usage and potentially increase the throughput. +# +# This is mostly relevant for fast network connections and large +# downloads that don't require filtering. +# +# Reducing the buffer size reduces the amount of memory Privoxy +# needs to handle the request but increases the number of +# systemcalls and may reduce the throughput. +# +# A dtrace command like: "sudo dtrace -n 'syscall::read:return / +# execname == "privoxy"/ { @[execname] = llquantize(arg0, 10, 0, +# 5, 20); @m = max(arg0)}'" can be used to properly tune the +# receive-buffer-size. On systems without dtrace, strace or +# truss may be used as less convenient alternatives. +# +# If the buffer is too large it will increase Privoxy's memory +# footprint without any benefit. As the memory is (currently) +# cleared before using it, a buffer that is too large can +# actually reduce the throughput. +# +# Examples: +# +# # Increase the receive buffer size +# receive-buffer-size 32768 +# +# +# # 7. WINDOWS GUI OPTIONS # ======================= #