X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=config;h=345d982f508d6855de3c803e624a0ec8e3f47ade;hp=6c9466d9a9d7178fca8db948b5ee70c4df86f779;hb=d5c56c3c78cfd2969999ebdc311a44f0517b5cd4;hpb=48838cd08e13bf038e82e7a2ca7350a5826217d6 diff --git a/config b/config index 6c9466d9..345d982f 100644 --- a/config +++ b/config @@ -1,7 +1,7 @@ -# Sample Configuration file for the Internet Junkbuster 2.0 +# Sample Configuration file for the Internet Junkbuster 2.9.x # -# $Id: config,v 1.13 2001/06/04 18:31:58 swa Exp $ +# $Id: config,v 1.28 2002/03/04 19:32:07 oes Exp $ # # Table of Contents @@ -40,14 +40,12 @@ # you can make it a comment and it will be treated as if it weren't there. # This is called "commenting out" an option and can be useful to turn # off features: If you comment out the "logfile" line, junkbuster will -# not log at all. Watch for the "default:" section in each explanation -# to see what happens if the option is left unset (or commented out). +# not log to a file at all. Watch for the "default:" section in each +# explanation to see what happens if the option is left unset (or +# commented out). # # Long lines can be continued on the next line by using a `\' as -# the last character. This also works if comments are present in -# between. -# - +# the last character. # # 3. OTHER CONFIGURATION FILES # @@ -61,45 +59,42 @@ # files in the current working directory. In either case, an # absolute path name can be used to avoid problems. -# While we go modular and multiuser, the blocker, filter, and -# per-user config will be stored in subdirectories of confdir. -# Now, only confdir/templates is used for storing HTML templates -# for CGI results. +# While we go modular and multiuser, the blocker, filter, and +# per-user config will be stored in subdirectories of confdir. +# Now, only confdir/templates is used for storing HTML templates +# for CGI results. # -# No trailing /, please. +# No trailing /, please. confdir . # -# The directory where all logging (i.e. logfile and jarfile) takes place -# No trailing /, please. +# The directory where all logging (i.e. logfile and jarfile) takes place +# No trailing /, please. # logdir . -# -# Note that all file specifications below are relative to -# the above two directories!!! -# +# Note that all file specifications below are relative to +# the above two directories!!! -# The permissions file contains patterns to specify the -# filtering rules to apply to each site. +# The actions file contains patterns to specify the +# actions to apply to requests for each site. # # Default: Cookies to and from all destinations are filtered. # Popups are disabled for all sites. # All sites are filtered if re_filterfile specified. # No sites are blocked. Nothing is an image. # -permissionsfile permissionsfile +actionsfile ijb.action -# # The re_filterfile contains content modification rules. These rules # permit powerful changes on the content of Web pages, e.g., you # could disable your favourite JavaScript annoyances, rewrite the # actual content, or just have some fun replacing "Microsoft" # with "Microsuck" wherever it appears on a Web page. # -# Default: No content modification. +# Default: content modification. (see '+-filter' in actionsfile) # -re_filterfile re_filterfile +re_filterfile re_filterfile # # The logfile is where all logging and error messages are written. @@ -118,7 +113,7 @@ re_filterfile re_filterfile # # Default: Log to the standard error channel, not to a file # -logfile logfile +logfile logfile # # The jarfile defines where Junkbuster stores the cookies it @@ -127,24 +122,66 @@ logfile logfile # # Default: Don't store intercepted cookies # -#jarfile jarfile +jarfile jarfile +# +# If you specify a trustfile, Junkbuster will only allow access +# to sites that are named in the trustfile. You can also mark +# sites as trusted referrers, with the effect that access to +# untrusted sites will be granted, if a link from a trusted +# referrer was used. The link target will then be added to the +# trustfile. +# Note that this is a very restrictive feature that typical users +# most propably want to leave disabled. +# +# Default: Don't use the trust mechanism +# +#trustfile trust # +# If you use the trust mechanism, it is a good idea to write up +# some online documentation about your blocking policy and to +# specify the URL(s) here. They will appear on the page that +# your users receive when they try to access untrusted content. +# Use multiple times for multiple URLs. +# +# Default: Don't display links on the "untrusted" info page. +# +trust-info-url http://www.your-site.com/why_we_block.html +trust-info-url http://www.your-site.com/what_we_allow.html + # 4. OPTIONS # # This part of the configuration file contains options that control # how Junkbuster operates. # +# Admin-address should be set to the email address of the proxy +# administrator. It is used in many of the proxy-generated pages. +# +# Default: fill@me.in.please +# +admin-address fill@me.in.please + +# +# Proxy-info-url can be set to a URL that contains more info about +# this junkbuster installation, it's configuration and policies. +# It is used in many of the proxy-generated pages and its use is +# highly recommended, since your users will want to know why certain +# content is blocked or modified. +# +# Default: Don't show a link to online documentation +# +proxy-info-url http://www.your-site.com/proxy.html + # # Listen-address specifies the address and port where Junkbuster will # listen for connections from your Web browser. The default is to -# listen on the local host on port 8000, and this is suitable for +# listen on the local host on port 8118, and this is suitable for # most users. (In your web browser, under proxy configuration, list -# the proxy server as 'localhost' and the port as '8000'). +# the proxy server as 'localhost' and the port as '8118'). # -# If you already have another service running on port 8000, or if you +# If you already have another service running on port 8118, or if you # want to serve requests from other machines (e.g. on your local # network) as well, you will need to override the default. The syntax # is "listen-address []:" If you leave out the ip @@ -157,20 +194,20 @@ logfile logfile # (192.168.0.0) and has another outside connection with a different # address. You want it to serve requests from inside only: # -# listen-address 192.168.0.1:8000 +# listen-address 192.168.0.1:8118 # # If you want it to listen on all addresses (including the outside # connection): # -# listen-address :8000 +# listen-address :8118 # # If you do this, consider using acls (see "aclfile" above). # # Note: you will need to point your browser(s) to the address # and port that you have configured here. # -# Default: listen-address localhost:8000 -# listen-address 127.0.0.1:8000 +# Default: listen-address localhost:8118 +# listen-address 127.0.0.1:8118 # @@ -188,8 +225,10 @@ logfile logfile # debug 16 # LOG = log all data into the logfile # debug 32 # FRC = debug force feature # debug 64 # REF = debug regular expression filter -# debug 128 # RED = debug fast redirects -# debug 256 # CLF = Common Log Format +# debug 128 # = debug fast redirects +# debug 256 # = debug GIF deanimation +# debug 512 # CLF = Common Log Format +# debug 1024 # = debug kill popups # debug 4096 # INFO = Startup banner and warnings. # debug 8192 # ERROR = Non-fatal errors # @@ -199,7 +238,7 @@ logfile logfile # The reporting of FATAL errors (i.e. ones which crash # JunkBuster) is always on and cannot be disabled. # -# If you want to use CLF, you should set "debug 256" ONLY, +# If you want to use CLF, you should set "debug 512" ONLY, # do not enable anything else. # # Multiple "debug" directives, are OK - they're logical-OR'd @@ -244,6 +283,53 @@ debug 8192 # Errors - *we highly recommended enabling this* # toggle 1 +# +# For content filtering, i.e. the +filter and +deanimate-gif +# actions, it is neccessary that Junkbuster buffers up the +# whole document body. This can be potentially dangerous, since +# a server could just keep sending data indefinitely and wait +# for your RAM to exhaust. +# The buffer-limit option lets you set the size in Kbytes that +# each buffer may use at maximum. When the documents buffer +# exceeds that size, it is flushed to the client unfiltered and +# no further attempt to filter the rest of it is taken. +# Remember that there may multiple threads running, which might +# require up to buffer-limit Kbytes *each*, unless you have set +# single-threaded below. +# +# Default: 4069, i.e. 4 MB +# +buffer-limit 4069 + + +# +# Enable the web-based actionsfile editor. Set to 1 to enable, +# 0 to disable. Note that you must have compiled JunkBuster +# with support for this feature, otherwise this option has no +# effect. +# +# Security note: If this is enabled, anyone who can use the proxy +# can edit the actions file, and their changes will affect all users. +# For shared proxies, you probably want to disable this. +# +# Default: Disabled +# +enable-edit-actions 1 + + +# +# Allow JunkBuster to be toggled on and off remotely, using your +# web browser. Set to 1 to enable, 0 to disable. Note that you +# must have compiled JunkBuster with support for this feature, +# otherwise this option has no effect. +# +# Security note: If this is enabled, anyone who can use the proxy +# can toggle it on or off, and their changes will affect all users. +# For shared proxies, you probably want to disable this. +# +# Default: Disabled +# +enable-remote-toggle 1 ############################################################################# # Access Control List @@ -378,17 +464,17 @@ toggle 1 # There is an implicit line equivalent to the following, which specifies that # anything not finding a match on the list is to go out without forwarding # or gateway protocol; like so: -# forward .* . # implicit +# forward .* . # implicit # # In the following common configuration, everything goes to Lucent's LPWA, # except SSL on port 443 (which it doesn't handle) -# forward .* lpwa.com:8000 +# forward .* lpwa.com:8118 # forward :443 . # # See the FAQ for instructions on how to automate the login procedure for LPWA. # Some users have reported difficulties related to LPWA's use of . as the # last element of the domain, and have said that this can be fixed with this: -# forward lpwa. lpwa.com:8000 +# forward lpwa. lpwa.com:8118 # (NOTE: the syntax for specifiying target_domain has changed since the # previous paragraph weas written - it will not work now. More information # is welcome.) @@ -396,7 +482,7 @@ toggle 1 # In this fictitious example, everything goes via an ISP's caching proxy, # except requests to that ISP: # -# forward .* caching.myisp.net:8000 +# forward .* caching.myisp.net:8118 # forward myisp.net . # # For the @home network, we're told the forwarding configuration is this: @@ -409,12 +495,12 @@ toggle 1 # but everything else goes through Lucent's LPWA by way of the company's # SOCKS gateway to the Internet. # -# forward_socks4 .* lpwa.com:8000 firewall.my_company.com:1080 +# forward-socks4 .* lpwa.com:8118 firewall.my_company.com:1080 # forward my_company.com . # # This is how you could set up a site that always uses SOCKS but no forwarders # -# forward_socks4a .* . firewall.my_company.com:1080 +# forward-socks4a .* . firewall.my_company.com:1080 # # An advanced example for network administrators: # @@ -430,11 +516,11 @@ toggle 1 # # host-a can run an Internet Junkbuster proxy with forwarding like this: # forward .* . -# forward isp-b.com host-b:8000 +# forward isp-b.com host-b:8118 # # host-b can run an Internet Junkbuster proxy with forwarding like this: # forward .* . -# forward isp-a.com host-a:8000 +# forward isp-a.com host-a:8118 # # Now, *anyone* on the Internet (including users on host-a and host-b) # can set their browser's proxy to *either* host-a or host-b and @@ -449,11 +535,31 @@ toggle 1 # forward .ukc.ac.uk . # Anything on the same domain as us # forward * . # Host with no domain specified # forward 129.12.*.* . # A dotted IP on our /16 network. -# forward 128.*.*.* . # Loopback address +# forward 127.*.*.* . # Loopback address # forward localhost.localdomain . # Loopback address # forward www.ukc.mirror.ac.uk . # Specific host # - +# +# Note: If you intend to chain junkbuster and squid locally, the chain +# broswer -> squid -> junkbuster is the recommended way. +# +# Your squid configuration could then look like this: +# +# # Define junkbuster as parent cache +# cache_peer 127.0.0.1 8118 parent 0 no-query +# +# # Define ACL for protocol FTP +# acl FTP proto FTP +# +# # Do not forward ACL FTP to junkbuster +# always_direct allow FTP +# +# # Do not forward ACL CONNECT (https) to junkbuster +# always_direct allow CONNECT +# +# # Forward the rest to junkbuster +# never_direct allow all +# ############################################################################# # 5. WINDOWS GUI OPTIONS