X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=config;h=51fe5f56aea5a754bd7352c1a50c931e6fbd430b;hp=56759df697f1224336f9ece7555fe53007f0e870;hb=e706fdbc99dd5824521dc63f8803e64f77e469c9;hpb=854baf8951a31a8107e73ff9aed352079b65f159 diff --git a/config b/config index 56759df6..51fe5f56 100644 --- a/config +++ b/config @@ -1,8 +1,8 @@ -# Sample Configuration File for Privoxy v3.0.20 +# Sample Configuration File for Privoxy 3.0.24 # -# $Id: p-config.sgml,v 2.92 2013/01/06 11:05:37 fabiankeil Exp $ +# $Id: p-config.sgml,v 2.113 2015/01/24 16:42:13 fabiankeil Exp $ # -# Copyright (C) 2001-2013 Privoxy Developers http://www.privoxy.org/ +# Copyright (C) 2001-2014 Privoxy Developers http://www.privoxy.org/ # #################################################################### # # @@ -16,7 +16,8 @@ # 3. DEBUGGING # # 4. ACCESS CONTROL AND SECURITY # # 5. FORWARDING # -# 6. WINDOWS GUI OPTIONS # +# 6. MISCELLANEOUS # +# 7. WINDOWS GUI OPTIONS # # # #################################################################### # @@ -68,7 +69,6 @@ # last character. # # -# # 1. LOCAL SET-UP DOCUMENTATION # ============================== # @@ -77,7 +77,6 @@ # you, what you block and why you do that, your policies, etc. # # -# # 1.1. user-manual # ================= # @@ -131,7 +130,6 @@ # #user-manual http://www.privoxy.org/user-manual/ # -# # 1.2. trust-info-url # ==================== # @@ -168,7 +166,6 @@ #trust-info-url http://www.example.com/why_we_block.html #trust-info-url http://www.example.com/what_we_allow.html # -# # 1.3. admin-address # =================== # @@ -197,7 +194,6 @@ # #admin-address privoxy-admin@example.com # -# # 1.4. proxy-info-url # ==================== # @@ -229,7 +225,6 @@ # #proxy-info-url http://www.example.com/proxy-service.html # -# # 2. CONFIGURATION AND LOG FILE LOCATIONS # ======================================== # @@ -242,7 +237,6 @@ # be modified, such as log files and actions files. # # -# # 2.1. confdir # ============= # @@ -268,7 +262,6 @@ # confdir . # -# # 2.2. templdir # ============== # @@ -298,8 +291,37 @@ confdir . # #templdir . # +# 2.3. temporary-directory +# ========================= +# +# Specifies: +# +# A directory where Privoxy can create temporary files. +# +# Type of value: +# +# Path name +# +# Default value: +# +# unset +# +# Effect if unset: +# +# No temporary files are created, external filters don't work. +# +# Notes: # -# 2.3. logdir +# To execute external filters, Privoxy has to create temporary +# files. This directive specifies the directory the temporary +# files should be written to. +# +# It should be a directory only Privoxy (and trusted users) can +# access. +# +#temporary-directory . +# +# 2.4. logdir # ============ # # Specifies: @@ -325,8 +347,7 @@ confdir . # logdir . # -# -# 2.4. actionsfile +# 2.5. actionsfile # ================= # # Specifies: @@ -360,20 +381,13 @@ logdir . # # Actions files contain all the per site and per URL # configuration for ad blocking, cookie management, privacy -# considerations, etc. There is no point in using Privoxy -# without at least one actions file. -# -# Note that since Privoxy 3.0.7, the complete filename, -# including the ".action" extension has to be specified. The -# syntax change was necessary to be consistent with the other -# file options and to allow previously forbidden characters. +# considerations, etc. # -actionsfile match-all.action ## +actionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on. actionsfile default.action # Main actions file actionsfile user.action # User customizations # -# -# 2.5. filterfile +# 2.6. filterfile # ================ # # Specifies: @@ -390,8 +404,8 @@ actionsfile user.action # User customizations # # Effect if unset: # -# No textual content filtering takes place, i.e. all +filter{ -# name} actions in the actions files are turned neutral. +# No textual content filtering takes place, i.e. all +filter{name} +# actions in the actions files are turned neutral. # # Notes: # @@ -418,8 +432,7 @@ actionsfile user.action # User customizations filterfile default.filter filterfile user.filter # User customizations # -# -# 2.6. logfile +# 2.7. logfile # ============= # # Specifies: @@ -450,23 +463,24 @@ filterfile user.filter # User customizations # # Depending on the debug options below, the logfile may be a # privacy risk if third parties can get access to it. As most -# users will never look at it, Privoxy 3.0.7 and later only log -# fatal errors by default. +# users will never look at it, Privoxy only logs fatal errors by +# default. # # For most troubleshooting purposes, you will have to change # that, please refer to the debugging section for details. # -# Your logfile will grow indefinitely, and you will probably -# want to periodically remove it. On Unix systems, you can do -# this with a cron job (see "man cron"). -# # Any log files must be writable by whatever user Privoxy is # being run as (on Unix, default user id is "privoxy"). # -logfile logfile +# To prevent the logfile from growing indefinitely, it is +# recommended to periodically rotate or shorten it. Many +# operating systems support log rotation out of the box, some +# require additional software to do it. For details, please +# refer to the documentation for your operating system. # +logfile logfile # -# 2.7. trustfile +# 2.8. trustfile # =============== # # Specifies: @@ -522,7 +536,6 @@ logfile logfile # #trustfile trust # -# # 3. DEBUGGING # ============= # @@ -531,7 +544,6 @@ logfile logfile # line option when debugging. # # -# # 3.1. debug # =========== # @@ -583,10 +595,6 @@ logfile logfile # down a specific problem. They can produce a hell of an output # (especially 16). # -# Privoxy used to ship with the debug levels recommended above -# enabled by default, but due to privacy concerns 3.0.7 and -# later are configured to only log fatal errors. -# # If you are used to the more verbose settings, simply enable # the debug lines below again. # @@ -602,12 +610,11 @@ logfile logfile # you read the log messages, you may even be able to solve the # problem on your own. # -#debug 1 ## -#debug 1024 ## +#debug 1 # Log the destination for each request Privoxy let through. See also debug 1024. +#debug 1024 # Actions that are applied to all sites and maybe overruled later on. #debug 4096 # Startup banner and warnings #debug 8192 # Non-fatal errors # -# # 3.2. single-threaded # ===================== # @@ -617,11 +624,11 @@ logfile logfile # # Type of value: # -# None +# 1 or 0 # # Default value: # -# Unset +# 0 # # Effect if unset: # @@ -633,8 +640,7 @@ logfile logfile # This option is only there for debugging purposes. It will # drastically reduce performance. # -#single-threaded -# +#single-threaded 1 # # 3.3. hostname # ============== @@ -671,7 +677,6 @@ logfile logfile # #hostname hostname.example.org # -# # 4. ACCESS CONTROL AND SECURITY # =============================== # @@ -679,7 +684,6 @@ logfile logfile # aspects of Privoxy's configuration. # # -# # 4.1. listen-address # ==================== # @@ -778,7 +782,6 @@ logfile logfile # listen-address 127.0.0.1:8118 # -# # 4.2. toggle # ============ # @@ -807,7 +810,6 @@ listen-address 127.0.0.1:8118 # toggle 1 # -# # 4.3. enable-remote-toggle # ========================== # @@ -850,7 +852,6 @@ toggle 1 # enable-remote-toggle 0 # -# # 4.4. enable-remote-http-toggle # =============================== # @@ -889,7 +890,6 @@ enable-remote-toggle 0 # enable-remote-http-toggle 0 # -# # 4.5. enable-edit-actions # ========================= # @@ -930,7 +930,6 @@ enable-remote-http-toggle 0 # enable-edit-actions 0 # -# # 4.6. enforce-blocks # ==================== # @@ -979,7 +978,6 @@ enable-edit-actions 0 # enforce-blocks 0 # -# # 4.7. ACLs: permit-access and deny-access # ========================================= # @@ -1091,7 +1089,6 @@ enforce-blocks 0 # permit-access [::ffff:192.0.2.0]/120 # # -# # 4.8. buffer-limit # ================== # @@ -1129,6 +1126,46 @@ enforce-blocks 0 # buffer-limit 4096 # +# 4.9. enable-proxy-authentication-forwarding +# ============================================ +# +# Specifies: +# +# Whether or not proxy authentication through Privoxy should +# work. +# +# Type of value: +# +# 0 or 1 +# +# Default value: +# +# 0 +# +# Effect if unset: +# +# Proxy authentication headers are removed. +# +# Notes: +# +# Privoxy itself does not support proxy authentication, but can +# allow clients to authenticate against Privoxy's parent proxy. +# +# By default Privoxy (3.0.21 and later) don't do that and remove +# Proxy-Authorization headers in requests and Proxy-Authenticate +# headers in responses to make it harder for malicious sites to +# trick inexperienced users into providing login information. +# +# If this option is enabled the headers are forwarded. +# +# Enabling this option is not recommended if there is no parent +# proxy that requires authentication or if the local network +# between Privoxy and the parent proxy isn't trustworthy. If +# proxy authentication is only required for some requests, it is +# recommended to use a client header filter to remove the +# authentication headers for requests where they aren't needed. +# +enable-proxy-authentication-forwarding 0 # # 5. FORWARDING # ============== @@ -1153,7 +1190,6 @@ buffer-limit 4096 # 4 and SOCKS 4A protocols. # # -# # 5.1. forward # ============= # @@ -1221,10 +1257,8 @@ buffer-limit 4096 # forward <[2-3][0-9a-f][0-9a-f][0-9a-f]:*> . # # -# -# 5.2. forward-socks4, forward-socks4a, forward-socks5 and -# ========================================================= -# forward-socks5t +# 5.2. forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t +# ========================================================================= # # Specifies: # @@ -1299,7 +1333,12 @@ buffer-limit 4096 # To chain Privoxy and Tor, both running on the same system, you # would use something like: # -# forward-socks5 / 127.0.0.1:9050 . +# forward-socks5t / 127.0.0.1:9050 . +# +# Note that if you got Tor through one of the bundles, you may +# have to change the port from 9050 to 9150 (or even another +# one). For details, please check the documentation on the Tor +# website. # # The public Tor network can't be used to reach your local # network, if you need to access local servers you therefore @@ -1323,7 +1362,6 @@ buffer-limit 4096 # forward localhost/ . # # -# # 5.3. forwarded-connect-retries # =============================== # @@ -1372,11 +1410,9 @@ buffer-limit 4096 # forwarded-connect-retries 0 # -# # 6. MISCELLANEOUS # ================= # -# # 6.1. accept-intercepted-requests # ================================= # @@ -1403,6 +1439,9 @@ forwarded-connect-retries 0 # Privoxy, enable this option and configure your packet filter # to redirect outgoing HTTP connections into Privoxy. # +# Note that intercepting encrypted connections (HTTPS) isn't +# supported. +# # Make sure that Privoxy's own requests aren't redirected as # well. Additionally take care that Privoxy can't intentionally # connect to itself, otherwise you could run into redirection @@ -1415,7 +1454,6 @@ forwarded-connect-retries 0 # accept-intercepted-requests 0 # -# # 6.2. allow-cgi-request-crunching # ================================= # @@ -1453,7 +1491,6 @@ accept-intercepted-requests 0 # allow-cgi-request-crunching 0 # -# # 6.3. split-large-forms # ======================= # @@ -1496,7 +1533,6 @@ allow-cgi-request-crunching 0 # split-large-forms 0 # -# # 6.4. keep-alive-timeout # ======================== # @@ -1553,7 +1589,6 @@ split-large-forms 0 # keep-alive-timeout 5 # -# # 6.5. tolerate-pipelining # ========================= # @@ -1597,7 +1632,6 @@ keep-alive-timeout 5 # tolerate-pipelining 1 # -# # 6.6. default-server-timeout # ============================ # @@ -1649,7 +1683,6 @@ tolerate-pipelining 1 # #default-server-timeout 60 # -# # 6.7. connection-sharing # ======================== # @@ -1720,7 +1753,6 @@ tolerate-pipelining 1 # #connection-sharing 1 # -# # 6.8. socket-timeout # ==================== # @@ -1753,7 +1785,6 @@ tolerate-pipelining 1 # socket-timeout 300 # -# # 6.9. max-client-connections # ============================ # @@ -1767,7 +1798,7 @@ socket-timeout 300 # # Default value: # -# None +# 128 # # Effect if unset: # @@ -1803,13 +1834,21 @@ socket-timeout 300 # Obviously using this option only makes sense if you choose a # limit below the one enforced by the operating system. # +# One most POSIX-compliant systems Privoxy can't properly deal +# with more than FD_SETSIZE file descriptors at the same time +# and has to reject connections if the limit is reached. This +# will likely change in a future version, but currently this +# limit can't be increased without recompiling Privoxy with a +# different FD_SETSIZE limit. +# # Examples: # # max-client-connections 256 # #max-client-connections 256 # -# 1.6.10. handle-as-empty-doc-returns-ok +# 6.10. handle-as-empty-doc-returns-ok +# ===================================== # # Specifies: # @@ -1836,17 +1875,18 @@ socket-timeout 300 # # Notes: # -# This is a work-around for Firefox bug 492459: " Websites are -# no longer rendered if SSL requests for JavaScripts are blocked -# by a proxy. " (https://bugzilla.mozilla.org/show_bug.cgi?id= -# 492459) As the bug has been fixed for quite some time this -# option should no longer be needed and will be removed in a -# future release. Please speak up if you have a reason why the -# option should be kept around. +# This directive was added as a work-around for Firefox bug +# 492459: "Websites are no longer rendered if SSL requests for +# JavaScripts are blocked by a proxy." +# (https://bugzilla.mozilla.org/show_bug.cgi?id=492459), the bug +# has been fixed for quite some time, but this directive is also +# useful to make it harder for websites to detect whether or not +# resources are being blocked. # #handle-as-empty-doc-returns-ok 1 # -# 1.6.11. enable-compression +# 6.11. enable-compression +# ========================= # # Specifies: # @@ -1886,7 +1926,8 @@ socket-timeout 300 # #enable-compression 1 # -# 1.6.12. compression-level +# 6.12. compression-level +# ======================== # # Specifies: # @@ -1917,8 +1958,10 @@ socket-timeout 300 # # # Best speed (compared to the other levels) # compression-level 1 +# # # Best compression # compression-level 9 +# # # No compression. Only useful for testing as the added header # # slightly increases the amount of data that has to be sent. # # If your benchmark shows that using this compression level @@ -1929,7 +1972,8 @@ socket-timeout 300 # #compression-level 1 # -# 1.6.13. client-header-order +# 6.13. client-header-order +# ========================== # # Specifies: # @@ -1966,15 +2010,16 @@ socket-timeout 300 # Accept \ # Accept-Language \ # Accept-Encoding \ -# Proxy-Connection,\ -# Referer,Cookie \ +# Proxy-Connection \ +# Referer \ +# Cookie \ +# DNT \ # If-Modified-Since \ # Cache-Control \ # Content-Length \ # Content-Type # # -# # 7. WINDOWS GUI OPTIONS # ======================= #