X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=config;h=26755154d883d536d5c7035c6dbb1bc3e83fca45;hp=e0ea87a4c81d31d3e83680b9b208d0f235012b28;hb=d5481434ef147801786b7914446dbeb88351e527;hpb=c84204c65022a7323e321339715fc0eaea9494b3 diff --git a/config b/config index e0ea87a4..26755154 100644 --- a/config +++ b/config @@ -1,8 +1,8 @@ -# Sample Configuration File for Privoxy v3.0.13 +# Sample Configuration File for Privoxy v3.0.17 # -# $Id: p-config.sgml,v 2.48 2009/04/17 11:42:07 fabiankeil Exp $ +# $Id: config,v 1.92 2010/11/06 12:58:42 fabiankeil Exp $ # -# Copyright (C) 2001-2009 Privoxy Developers http://www.privoxy.org/ +# Copyright (C) 2001-2010 Privoxy Developers http://www.privoxy.org/ # #################################################################### # # @@ -113,7 +113,6 @@ # # user-manual /usr/share/doc/privoxy/user-manual # -# # The User Manual is then available to anyone with # access to Privoxy, by following the built-in URL: # http://config.privoxy.org/user-manual/ (or the shortcut: @@ -124,7 +123,6 @@ # # user-manual http://example.com/privoxy/user-manual/ # -# # WARNING!!! # # If set, this option should be the first option in the config @@ -416,7 +414,7 @@ actionsfile user.action # User customizations # separate file, such as user.filter. # filterfile default.filter -#filterfile user.filter # User customizations +filterfile user.filter # User customizations # # # 2.6. logfile @@ -560,7 +558,7 @@ logfile logfile # debug 2 # show each connection status # debug 4 # show I/O status # debug 8 # show header parsing -# debug 16 # log all data written to the network into the logfile +# debug 16 # log all data written to the network # debug 32 # debug force feature # debug 64 # debug regular expression filters # debug 128 # debug redirects @@ -570,6 +568,7 @@ logfile logfile # debug 2048 # CGI user interface # debug 4096 # Startup banner and warnings. # debug 8192 # Non-fatal errors +# debug 32768 # log all data read from the network # # # To select multiple debug levels, you can either add them or @@ -713,10 +712,7 @@ logfile logfile # If you leave out the IP address, Privoxy will bind to all IPv4 # interfaces (addresses) on your machine and may become reachable # from the Internet. In that case, consider using access control -# lists (ACL's, see below), and/or a firewall. If the hostname -# is localhost, Privoxy will explicitly try to bind to an IPv4 -# address. For other hostnames it depends on the operating system -# which IP version will be used. +# lists (ACL's, see below), and/or a firewall. # # If you open Privoxy to untrusted users, you will also # want to make sure that the following actions are disabled: @@ -731,13 +727,11 @@ logfile logfile # # listen-address 192.168.0.1:8118 # -# # Suppose you are running Privoxy on an IPv6-capable machine and # you want it to listen on the IPv6 address of the loopback device: # # listen-address [::1]:8118 # -# listen-address 127.0.0.1:8118 # # @@ -1010,10 +1004,10 @@ enforce-blocks 0 # names. If a DNS name resolves to multiple IP addresses, only # the first one is used. # -# Some systems allows IPv4 client to connect to IPv6 server -# socket. Then the client's IPv4 address will be translated by +# Some systems allow IPv4 clients to connect to IPv6 server +# sockets. Then the client's IPv4 address will be translated by the # system into IPv6 address space with special prefix ::ffff:0:0/96 -# (so called IPv4 mapped IPv6 address). Privoxy can handle it +# (so called IPv4 mapped IPv6 address). Privoxy can handle it # and maps such ACL addresses automatically. # # Denying access to particular sites by ACL may have undesired @@ -1280,7 +1274,6 @@ buffer-limit 4096 # # # -# # 5.3. forwarded-connect-retries # =============================== # @@ -1321,6 +1314,9 @@ buffer-limit 4096 # manually. Start with a small value and check Privoxy's logfile # from time to time, to see how many retries are usually needed. # +# Due to a bug, this option currently also causes Privoxy to +# retry in case of certain problems with direct connections. +# # Examples: # # forwarded-connect-retries 1 @@ -1328,7 +1324,10 @@ buffer-limit 4096 forwarded-connect-retries 0 # # -# 5.4. accept-intercepted-requests +# 6. MISCELLANEOUS +# ================= +# +# 6.1. accept-intercepted-requests # ================================= # # Specifies: @@ -1367,7 +1366,7 @@ forwarded-connect-retries 0 accept-intercepted-requests 0 # # -# 5.5. allow-cgi-request-crunching +# 6.2. allow-cgi-request-crunching # ================================= # # Specifies: @@ -1405,7 +1404,7 @@ accept-intercepted-requests 0 allow-cgi-request-crunching 0 # # -# 5.6. split-large-forms +# 6.3. split-large-forms # ======================= # # Specifies: @@ -1447,7 +1446,7 @@ allow-cgi-request-crunching 0 split-large-forms 0 # # -# 5.7. keep-alive-timeout +# 6.4. keep-alive-timeout # ======================== # # Specifies: @@ -1465,36 +1464,168 @@ split-large-forms 0 # # Effect if unset: # -# Connections are not reused. +# Connections are not kept alive. +# +# Notes: +# +# This option allows clients to keep the connection to Privoxy +# alive. If the server supports it, Privoxy will keep the +# connection to the server alive as well. Under certain +# circumstances this may result in speed-ups. +# +# By default, Privoxy will close the connection to the server if +# the client connection gets closed, or if the specified timeout +# has been reached without a new request coming in. This behaviour +# can be changed with the connection-sharing option. +# +# This option has no effect if Privoxy has been compiled without +# keep-alive support. +# +# Note that a timeout of five seconds as used in the default +# configuration file significantly decreases the number of +# connections that will be reused. The value is used because some +# browsers limit the number of connections they open to a single +# host and apply the same limit to proxies. This can result in a +# single website "grabbing" all the connections the browser allows, +# which means connections to other websites can't be opened until +# the connections currently in use time out. +# +# Several users have reported this as a Privoxy bug, so the default +# value has been reduced. Consider increasing it to 300 seconds +# or even more if you think your browser can handle it. If your +# browser appears to be hanging it can't. +# +# Examples: +# +# keep-alive-timeout 300 +# +keep-alive-timeout 5 +# +# +# 6.5. default-server-timeout +# ============================ +# +# Specifies: +# +# Assumed server-side keep-alive timeout if not specified by +# the server. +# +# Type of value: +# +# Time in seconds. +# +# Default value: +# +# None +# +# Effect if unset: +# +# Connections for which the server didn't specify the keep-alive +# timeout are not reused. # # Notes: # +# Enabling this option significantly increases the number of +# connections that are reused, provided the keep-alive-timeout +# option is also enabled. +# +# While it also increases the number of connections problems when +# Privoxy tries to reuse a connection that already has been closed +# on the server side, or is closed while Privoxy is trying to +# reuse it, this should only be a problem if it happens for the +# first request sent by the client. If it happens for requests +# on reused client connections, Privoxy will simply close the +# connection and the client is supposed to retry the request +# without bothering the user. +# +# Enabling this option is therefore only recommended if the +# connection-sharing option is disabled. +# +# It is an error to specify a value larger than the +# keep-alive-timeout value. +# # This option has no effect if Privoxy has been compiled without # keep-alive support. # +# Examples: +# +# default-server-timeout 60 +# +#default-server-timeout 60 +# +# +# 6.6. connection-sharing +# ======================== +# +# Specifies: +# +# Whether or not outgoing connections that have been kept alive +# should be shared between different incoming connections. +# +# Type of value: +# +# 0 or 1 +# +# Default value: +# +# None +# +# Effect if unset: +# +# Connections are not shared. +# +# Notes: +# +# This option has no effect if Privoxy has been compiled without +# keep-alive support, or if it's disabled. +# # Notes: # # Note that reusing connections doesn't necessary cause # speedups. There are also a few privacy implications you should # be aware of. # -# Outgoing connections are shared between clients (if there are -# more than one) and closing the client that initiated the outgoing -# connection does not affect the connection between Privoxy and -# the server unless the client's request hasn't been completed -# yet. If the outgoing connection is idle, it will not be closed -# until either Privoxy's or the server's timeout is reached. While +# If this option is effective, outgoing connections are shared +# between clients (if there are more than one) and closing the +# browser that initiated the outgoing connection does no longer +# affect the connection between Privoxy and the server unless +# the client's request hasn't been completed yet. +# +# If the outgoing connection is idle, it will not be closed until +# either Privoxy's or the server's timeout is reached. While # it's open, the server knows that the system running Privoxy is # still there. # +# If there are more than one client (maybe even belonging to +# multiple users), they will be able to reuse each others +# connections. This is potentially dangerous in case of +# authentication schemes like NTLM where only the connection +# is authenticated, instead of requiring authentication for +# each request. +# +# If there is only a single client, and if said client can keep +# connections alive on its own, enabling this option has next to +# no effect. If the client doesn't support connection keep-alive, +# enabling this option may make sense as it allows Privoxy to keep +# outgoing connections alive even if the client itself doesn't +# support it. +# +# You should also be aware that enabling this option increases +# the likelihood of getting the "No server or forwarder data" +# error message, especially if you are using a slow connection +# to the Internet. +# +# This option should only be used by experienced users who +# understand the risks and can weight them against the benefits. +# # Examples: # -# keep-alive-timeout 300 +# connection-sharing 1 # -keep-alive-timeout 300 +#connection-sharing 1 # # -# 5.8. socket-timeout +# 6.7. socket-timeout # ==================== # # Specifies: @@ -1527,7 +1658,98 @@ keep-alive-timeout 300 socket-timeout 300 # # -# 6. WINDOWS GUI OPTIONS +# 6.8. max-client-connections +# ============================ +# +# Specifies: +# +# Maximum number of client connections that will be served. +# +# Type of value: +# +# Positive number. +# +# Default value: +# +# None +# +# Effect if unset: +# +# Connections are served until a resource limit is reached. +# +# Notes: +# +# Privoxy creates one thread (or process) for every incoming +# client connection that isn't rejected based on the access +# control settings. +# +# If the system is powerful enough, Privoxy can theoretically deal +# with several hundred (or thousand) connections at the same time, +# but some operating systems enforce resource limits by shutting +# down offending processes and their default limits may be below +# the ones Privoxy would require under heavy load. +# +# Configuring Privoxy to enforce a connection limit below the +# thread or process limit used by the operating system makes +# sure this doesn't happen. Simply increasing the operating +# system's limit would work too, but if Privoxy isn't the only +# application running on the system, you may actually want to +# limit the resources used by Privoxy. +# +# If Privoxy is only used by a single trusted user, limiting the +# number of client connections is probably unnecessary. If there +# are multiple possibly untrusted users you probably still want +# to additionally use a packet filter to limit the maximal number +# of incoming connections per client. Otherwise a malicious user +# could intentionally create a high number of connections to +# prevent other users from using Privoxy. +# +# Obviously using this option only makes sense if you choose a +# limit below the one enforced by the operating system. +# +# Examples: +# +# max-client-connections 256 +# +#max-client-connections 256 +# +# +# 6.9. handle-as-empty-doc-returns-ok +# ==================================== +# +# Note: +# +# This is a work-around for Firefox bug 492459: " Websites are no +# longer rendered if SSL requests for JavaScripts are blocked by +# a proxy. " (https:/ /bugzilla.mozilla.org/show_bug.cgi?id=492459) +# +# Specifies: +# +# The status code Privoxy returns for pages blocked with +# +handle-as-empty-document. +# +# Type of value: +# +# 0 or 1 +# +# Default value: +# +# 0 +# +# Effect if unset: +# +# Privoxy returns a status 403(forbidden) for all blocked pages. +# +# Effect if set: +# +# Privoxy returns a status 200(OK) for pages blocked with +# +handle-as-empty-document and a status 403(Forbidden) for all +# other blocked pages. +# +handle-as-empty-doc-returns-ok 1 +# +# +# 7. WINDOWS GUI OPTIONS # ======================= # # Privoxy has a number of options specific to the Windows GUI