X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=config;h=70c560722d579216b8b3bcbf93cf76aa6388db3f;hp=2e3dee59adeb290b8bdbb37771107d23f6e94e96;hb=1edcb831bff7e8043e302d36aca13d2a893401ea;hpb=7b7cf8c81400bfdbb49318f141600b2adc8f904a diff --git a/config b/config index 2e3dee59..70c56072 100644 --- a/config +++ b/config @@ -1,24 +1,25 @@ -# Sample Configuration File for Privoxy v3.0.20 -# -# $Id: config,v 1.100 2013/01/09 15:07:39 fabiankeil Exp $ -# -# Copyright (C) 2001-2013 Privoxy Developers http://www.privoxy.org/ -# -#################################################################### -# # -# Table of Contents # -# # -# I. INTRODUCTION # -# II. FORMAT OF THE CONFIGURATION FILE # -# # -# 1. LOCAL SET-UP DOCUMENTATION # -# 2. CONFIGURATION AND LOG FILE LOCATIONS # -# 3. DEBUGGING # -# 4. ACCESS CONTROL AND SECURITY # -# 5. FORWARDING # -# 6. WINDOWS GUI OPTIONS # -# # -#################################################################### +# Sample Configuration File for Privoxy 3.0.26 +# +# $Id: config,v 1.111 2016/05/22 12:44:17 fabiankeil Exp $ +# +# Copyright (C) 2001-2016 Privoxy Developers https://www.privoxy.org/ +# +##################################################################### +# # +# Table of Contents # +# # +# I. INTRODUCTION # +# II. FORMAT OF THE CONFIGURATION FILE # +# # +# 1. LOCAL SET-UP DOCUMENTATION # +# 2. CONFIGURATION AND LOG FILE LOCATIONS # +# 3. DEBUGGING # +# 4. ACCESS CONTROL AND SECURITY # +# 5. FORWARDING # +# 6. MISCELLANEOUS # +# 7. WINDOWS GUI OPTIONS # +# # +##################################################################### # # # I. INTRODUCTION @@ -68,7 +69,6 @@ # last character. # # -# # 1. LOCAL SET-UP DOCUMENTATION # ============================== # @@ -77,7 +77,6 @@ # you, what you block and why you do that, your policies, etc. # # -# # 1.1. user-manual # ================= # @@ -95,7 +94,7 @@ # # Effect if unset: # -# http://www.privoxy.org/version/user-manual/ will be used, +# https://www.privoxy.org/version/user-manual/ will be used, # where version is the Privoxy version. # # Notes: @@ -129,8 +128,7 @@ # config file, because it is used while the config file is # being read. # -#user-manual http://www.privoxy.org/user-manual/ -# +#user-manual https://www.privoxy.org/user-manual/ # # 1.2. trust-info-url # ==================== @@ -168,7 +166,6 @@ #trust-info-url http://www.example.com/why_we_block.html #trust-info-url http://www.example.com/what_we_allow.html # -# # 1.3. admin-address # =================== # @@ -197,7 +194,6 @@ # #admin-address privoxy-admin@example.com # -# # 1.4. proxy-info-url # ==================== # @@ -229,7 +225,6 @@ # #proxy-info-url http://www.example.com/proxy-service.html # -# # 2. CONFIGURATION AND LOG FILE LOCATIONS # ======================================== # @@ -242,7 +237,6 @@ # be modified, such as log files and actions files. # # -# # 2.1. confdir # ============= # @@ -268,7 +262,6 @@ # confdir . # -# # 2.2. templdir # ============== # @@ -298,8 +291,37 @@ confdir . # #templdir . # +# 2.3. temporary-directory +# ========================= +# +# Specifies: +# +# A directory where Privoxy can create temporary files. +# +# Type of value: +# +# Path name +# +# Default value: +# +# unset +# +# Effect if unset: +# +# No temporary files are created, external filters don't work. +# +# Notes: +# +# To execute external filters, Privoxy has to create temporary +# files. This directive specifies the directory the temporary +# files should be written to. +# +# It should be a directory only Privoxy (and trusted users) can +# access. # -# 2.3. logdir +#temporary-directory . +# +# 2.4. logdir # ============ # # Specifies: @@ -325,8 +347,7 @@ confdir . # logdir . # -# -# 2.4. actionsfile +# 2.5. actionsfile # ================= # # Specifies: @@ -360,20 +381,13 @@ logdir . # # Actions files contain all the per site and per URL # configuration for ad blocking, cookie management, privacy -# considerations, etc. There is no point in using Privoxy -# without at least one actions file. -# -# Note that since Privoxy 3.0.7, the complete filename, -# including the ".action" extension has to be specified. The -# syntax change was necessary to be consistent with the other -# file options and to allow previously forbidden characters. +# considerations, etc. # actionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on. actionsfile default.action # Main actions file actionsfile user.action # User customizations # -# -# 2.5. filterfile +# 2.6. filterfile # ================ # # Specifies: @@ -418,8 +432,7 @@ actionsfile user.action # User customizations filterfile default.filter filterfile user.filter # User customizations # -# -# 2.6. logfile +# 2.7. logfile # ============= # # Specifies: @@ -450,23 +463,24 @@ filterfile user.filter # User customizations # # Depending on the debug options below, the logfile may be a # privacy risk if third parties can get access to it. As most -# users will never look at it, Privoxy 3.0.7 and later only log -# fatal errors by default. +# users will never look at it, Privoxy only logs fatal errors by +# default. # # For most troubleshooting purposes, you will have to change # that, please refer to the debugging section for details. # -# Your logfile will grow indefinitely, and you will probably -# want to periodically remove it. On Unix systems, you can do -# this with a cron job (see "man cron"). -# # Any log files must be writable by whatever user Privoxy is # being run as (on Unix, default user id is "privoxy"). # -logfile logfile +# To prevent the logfile from growing indefinitely, it is +# recommended to periodically rotate or shorten it. Many +# operating systems support log rotation out of the box, some +# require additional software to do it. For details, please +# refer to the documentation for your operating system. # +logfile logfile # -# 2.7. trustfile +# 2.8. trustfile # =============== # # Specifies: @@ -522,7 +536,6 @@ logfile logfile # #trustfile trust # -# # 3. DEBUGGING # ============= # @@ -531,7 +544,6 @@ logfile logfile # line option when debugging. # # -# # 3.1. debug # =========== # @@ -583,10 +595,6 @@ logfile logfile # down a specific problem. They can produce a hell of an output # (especially 16). # -# Privoxy used to ship with the debug levels recommended above -# enabled by default, but due to privacy concerns 3.0.7 and -# later are configured to only log fatal errors. -# # If you are used to the more verbose settings, simply enable # the debug lines below again. # @@ -607,7 +615,6 @@ logfile logfile #debug 4096 # Startup banner and warnings #debug 8192 # Non-fatal errors # -# # 3.2. single-threaded # ===================== # @@ -617,11 +624,11 @@ logfile logfile # # Type of value: # -# None +# 1 or 0 # # Default value: # -# Unset +# 0 # # Effect if unset: # @@ -633,8 +640,7 @@ logfile logfile # This option is only there for debugging purposes. It will # drastically reduce performance. # -#single-threaded -# +#single-threaded 1 # # 3.3. hostname # ============== @@ -671,7 +677,6 @@ logfile logfile # #hostname hostname.example.org # -# # 4. ACCESS CONTROL AND SECURITY # =============================== # @@ -679,7 +684,6 @@ logfile logfile # aspects of Privoxy's configuration. # # -# # 4.1. listen-address # ==================== # @@ -778,7 +782,6 @@ logfile logfile # listen-address 127.0.0.1:8118 # -# # 4.2. toggle # ============ # @@ -807,7 +810,6 @@ listen-address 127.0.0.1:8118 # toggle 1 # -# # 4.3. enable-remote-toggle # ========================== # @@ -850,7 +852,6 @@ toggle 1 # enable-remote-toggle 0 # -# # 4.4. enable-remote-http-toggle # =============================== # @@ -889,7 +890,6 @@ enable-remote-toggle 0 # enable-remote-http-toggle 0 # -# # 4.5. enable-edit-actions # ========================= # @@ -930,7 +930,6 @@ enable-remote-http-toggle 0 # enable-edit-actions 0 # -# # 4.6. enforce-blocks # ==================== # @@ -979,7 +978,6 @@ enable-edit-actions 0 # enforce-blocks 0 # -# # 4.7. ACLs: permit-access and deny-access # ========================================= # @@ -1091,7 +1089,6 @@ enforce-blocks 0 # permit-access [::ffff:192.0.2.0]/120 # # -# # 4.8. buffer-limit # ================== # @@ -1129,6 +1126,46 @@ enforce-blocks 0 # buffer-limit 4096 # +# 4.9. enable-proxy-authentication-forwarding +# ============================================ +# +# Specifies: +# +# Whether or not proxy authentication through Privoxy should +# work. +# +# Type of value: +# +# 0 or 1 +# +# Default value: +# +# 0 +# +# Effect if unset: +# +# Proxy authentication headers are removed. +# +# Notes: +# +# Privoxy itself does not support proxy authentication, but can +# allow clients to authenticate against Privoxy's parent proxy. +# +# By default Privoxy (3.0.21 and later) don't do that and remove +# Proxy-Authorization headers in requests and Proxy-Authenticate +# headers in responses to make it harder for malicious sites to +# trick inexperienced users into providing login information. +# +# If this option is enabled the headers are forwarded. +# +# Enabling this option is not recommended if there is no parent +# proxy that requires authentication or if the local network +# between Privoxy and the parent proxy isn't trustworthy. If +# proxy authentication is only required for some requests, it is +# recommended to use a client header filter to remove the +# authentication headers for requests where they aren't needed. +# +enable-proxy-authentication-forwarding 0 # # 5. FORWARDING # ============== @@ -1153,7 +1190,6 @@ buffer-limit 4096 # 4 and SOCKS 4A protocols. # # -# # 5.1. forward # ============= # @@ -1221,7 +1257,6 @@ buffer-limit 4096 # forward <[2-3][0-9a-f][0-9a-f][0-9a-f]:*> . # # -# # 5.2. forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t # ========================================================================= # @@ -1298,7 +1333,12 @@ buffer-limit 4096 # To chain Privoxy and Tor, both running on the same system, you # would use something like: # -# forward-socks5 / 127.0.0.1:9050 . +# forward-socks5t / 127.0.0.1:9050 . +# +# Note that if you got Tor through one of the bundles, you may +# have to change the port from 9050 to 9150 (or even another +# one). For details, please check the documentation on the Tor +# website. # # The public Tor network can't be used to reach your local # network, if you need to access local servers you therefore @@ -1322,7 +1362,6 @@ buffer-limit 4096 # forward localhost/ . # # -# # 5.3. forwarded-connect-retries # =============================== # @@ -1371,11 +1410,9 @@ buffer-limit 4096 # forwarded-connect-retries 0 # -# # 6. MISCELLANEOUS # ================= # -# # 6.1. accept-intercepted-requests # ================================= # @@ -1402,19 +1439,26 @@ forwarded-connect-retries 0 # Privoxy, enable this option and configure your packet filter # to redirect outgoing HTTP connections into Privoxy. # +# Note that intercepting encrypted connections (HTTPS) isn't +# supported. +# # Make sure that Privoxy's own requests aren't redirected as # well. Additionally take care that Privoxy can't intentionally # connect to itself, otherwise you could run into redirection # loops if Privoxy's listening port is reachable by the outside # or an attacker has access to the pages you visit. # +# If you are running Privoxy as intercepting proxy without being +# able to intercept all client requests you may want to adjust +# the CGI templates to make sure they don't reference content +# from config.privoxy.org. +# # Examples: # # accept-intercepted-requests 1 # accept-intercepted-requests 0 # -# # 6.2. allow-cgi-request-crunching # ================================= # @@ -1452,7 +1496,6 @@ accept-intercepted-requests 0 # allow-cgi-request-crunching 0 # -# # 6.3. split-large-forms # ======================= # @@ -1495,7 +1538,6 @@ allow-cgi-request-crunching 0 # split-large-forms 0 # -# # 6.4. keep-alive-timeout # ======================== # @@ -1552,7 +1594,6 @@ split-large-forms 0 # keep-alive-timeout 5 # -# # 6.5. tolerate-pipelining # ========================= # @@ -1596,7 +1637,6 @@ keep-alive-timeout 5 # tolerate-pipelining 1 # -# # 6.6. default-server-timeout # ============================ # @@ -1648,7 +1688,6 @@ tolerate-pipelining 1 # #default-server-timeout 60 # -# # 6.7. connection-sharing # ======================== # @@ -1719,7 +1758,6 @@ tolerate-pipelining 1 # #connection-sharing 1 # -# # 6.8. socket-timeout # ==================== # @@ -1752,7 +1790,6 @@ tolerate-pipelining 1 # socket-timeout 300 # -# # 6.9. max-client-connections # ============================ # @@ -1766,7 +1803,7 @@ socket-timeout 300 # # Default value: # -# None +# 128 # # Effect if unset: # @@ -1802,13 +1839,21 @@ socket-timeout 300 # Obviously using this option only makes sense if you choose a # limit below the one enforced by the operating system. # +# One most POSIX-compliant systems Privoxy can't properly deal +# with more than FD_SETSIZE file descriptors at the same time +# and has to reject connections if the limit is reached. This +# will likely change in a future version, but currently this +# limit can't be increased without recompiling Privoxy with a +# different FD_SETSIZE limit. +# # Examples: # # max-client-connections 256 # #max-client-connections 256 # -# 1.6.10. handle-as-empty-doc-returns-ok +# 6.10. handle-as-empty-doc-returns-ok +# ===================================== # # Specifies: # @@ -1835,17 +1880,18 @@ socket-timeout 300 # # Notes: # -# This is a work-around for Firefox bug 492459: " Websites are -# no longer rendered if SSL requests for JavaScripts are blocked -# by a proxy. " (https://bugzilla.mozilla.org/show_bug.cgi?id= -# 492459) As the bug has been fixed for quite some time this -# option should no longer be needed and will be removed in a -# future release. Please speak up if you have a reason why the -# option should be kept around. +# This directive was added as a work-around for Firefox bug +# 492459: "Websites are no longer rendered if SSL requests for +# JavaScripts are blocked by a proxy." +# (https://bugzilla.mozilla.org/show_bug.cgi?id=492459), the bug +# has been fixed for quite some time, but this directive is also +# useful to make it harder for websites to detect whether or not +# resources are being blocked. # #handle-as-empty-doc-returns-ok 1 # -# 1.6.11. enable-compression +# 6.11. enable-compression +# ========================= # # Specifies: # @@ -1885,7 +1931,8 @@ socket-timeout 300 # #enable-compression 1 # -# 1.6.12. compression-level +# 6.12. compression-level +# ======================== # # Specifies: # @@ -1930,7 +1977,8 @@ socket-timeout 300 # #compression-level 1 # -# 1.6.13. client-header-order +# 6.13. client-header-order +# ========================== # # Specifies: # @@ -1970,12 +2018,173 @@ socket-timeout 300 # Proxy-Connection \ # Referer \ # Cookie \ +# DNT \ # If-Modified-Since \ # Cache-Control \ # Content-Length \ # Content-Type # # +# 6.14. client-specific-tag +# ========================== +# +# Specifies: +# +# The name of a tag that will always be set for clients that +# requested it through the webinterface. +# +# Type of value: +# +# Tag name followed by a description that will be shown in the +# webinterface +# +# Default value: +# +# None +# +# Notes: +# +# +-----------------------------------------------------+ +# | Warning | +# |-----------------------------------------------------| +# |This is an experimental feature. The syntax is likely| +# |to change in future versions. | +# +-----------------------------------------------------+ +# +# Client-specific tags allow Privoxy admins to create different +# profiles and let the users chose which one they want without +# impacting other users. +# +# One use case is allowing users to circumvent certain blocks +# without having to allow them to circumvent all blocks. This is +# not possible with the enable-remote-toggle feature because it +# would bluntly disable all blocks for all users and also affect +# other actions like filters. It also is set globally which +# renders it useless in most multi-user setups. +# +# After a client-specific tag has been defined with the +# client-specific-tag directive, action sections can be +# activated based on the tag by using a CLIENT-TAG pattern. The +# CLIENT-TAG pattern is evaluated at the same priority as URL +# patterns, as a result the last matching pattern wins. Tags +# that are created based on client or server headers are +# evaluated later on and can overrule CLIENT-TAG and URL +# patterns! +# +# The tag is set for all requests that come from clients that +# requested it to be set. Note that "clients" are differentiated +# by IP address, if the IP address changes the tag has to be +# requested again. +# +# Clients can request tags to be set by using the CGI interface +# http://config.privoxy.org/client-tags. The specific tag +# description is only used on the web page and should be phrased +# in away that the user understand the effect of the tag. +# +# Examples: +# +# # Define a couple of tags, the described effect requires action sections +# # that are enabled based on CLIENT-TAG patterns. +# client-specific-tag circumvent-blocks Overrule blocks but do not affect other actions +# disable-content-filters Disable content-filters but do not affect other actions +# +# +# +# 6.15. client-tag-lifetime +# ========================== +# +# Specifies: +# +# How long a temporarily enabled tag remains enabled. +# +# Type of value: +# +# Time in seconds. +# +# Default value: +# +# 60 +# +# Notes: +# +# +-----------------------------------------------------+ +# | Warning | +# |-----------------------------------------------------| +# |This is an experimental feature. The syntax is likely| +# |to change in future versions. | +# +-----------------------------------------------------+ +# +# In case of some tags users may not want to enable them +# permanently, but only for a short amount of time, for example +# to circumvent a block that is the result of an overly-broad +# URL pattern. +# +# The CGI interface http://config.privoxy.org/client-tags +# therefore provides a "enable this tag temporarily" option. If +# it is used, the tag will be set until the client-tag-lifetime +# is over. +# +# Examples: +# +# # Increase the time to life for temporarily enabled tags to 3 minutes +# client-tag-lifetime 180 +# +# +# +# 6.16. trust-x-forwarded-for +# ============================ +# +# Specifies: +# +# Whether or not Privoxy should use IP addresses specified with +# the X-Forwarded-For header +# +# Type of value: +# +# 0 or one +# +# Default value: +# +# 0 +# +# Notes: +# +# +-----------------------------------------------------+ +# | Warning | +# |-----------------------------------------------------| +# |This is an experimental feature. The syntax is likely| +# |to change in future versions. | +# +-----------------------------------------------------+ +# +# If clients reach Privoxy through another proxy, for example a +# load balancer, Privoxy can't tell the client's IP address from +# the connection. If multiple clients use the same proxy, they +# will share the same client tag settings which is usually not +# desired. +# +# This option lets Privoxy use the X-Forwarded-For header value +# as client IP address. If the proxy sets the header, multiple +# clients using the same proxy do not share the same client tag +# settings. +# +# This option should only be enabled if Privoxy can only be +# reached through a proxy and if the proxy can be trusted to set +# the header correctly. It is recommended that ACL are used to +# make sure only trusted systems can reach Privoxy. +# +# If access to Privoxy isn't limited to trusted systems, this +# option would allow malicious clients to change the client tags +# for other clients or increase Privoxy's memory requirements by +# registering lots of client tag settings for clients that don't +# exist. +# +# Examples: +# +# # Allow systems that can reach Privoxy to provide the client +# # IP address with a X-Forwarded-For header. +# trust-x-forwarded-for 1 +# +# # # 7. WINDOWS GUI OPTIONS # =======================