X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=config;h=70c560722d579216b8b3bcbf93cf76aa6388db3f;hp=863ff6e51c1631d12e817a0587e327daf234012c;hb=1edcb831bff7e8043e302d36aca13d2a893401ea;hpb=8e0c7f9ca000395f481ae25b22f9b498f12d554e diff --git a/config b/config index 863ff6e5..70c56072 100644 --- a/config +++ b/config @@ -1,25 +1,25 @@ -# Sample Configuration File for Privoxy 3.0.21 -# -# $Id: config,v 1.103 2013/03/02 14:47:05 fabiankeil Exp $ -# -# Copyright (C) 2001-2013 Privoxy Developers http://www.privoxy.org/ -# -#################################################################### -# # -# Table of Contents # -# # -# I. INTRODUCTION # -# II. FORMAT OF THE CONFIGURATION FILE # -# # -# 1. LOCAL SET-UP DOCUMENTATION # -# 2. CONFIGURATION AND LOG FILE LOCATIONS # -# 3. DEBUGGING # -# 4. ACCESS CONTROL AND SECURITY # -# 5. FORWARDING # -# 6. MISCELLANEOUS # -# 7. WINDOWS GUI OPTIONS # -# # -#################################################################### +# Sample Configuration File for Privoxy 3.0.26 +# +# $Id: config,v 1.111 2016/05/22 12:44:17 fabiankeil Exp $ +# +# Copyright (C) 2001-2016 Privoxy Developers https://www.privoxy.org/ +# +##################################################################### +# # +# Table of Contents # +# # +# I. INTRODUCTION # +# II. FORMAT OF THE CONFIGURATION FILE # +# # +# 1. LOCAL SET-UP DOCUMENTATION # +# 2. CONFIGURATION AND LOG FILE LOCATIONS # +# 3. DEBUGGING # +# 4. ACCESS CONTROL AND SECURITY # +# 5. FORWARDING # +# 6. MISCELLANEOUS # +# 7. WINDOWS GUI OPTIONS # +# # +##################################################################### # # # I. INTRODUCTION @@ -94,7 +94,7 @@ # # Effect if unset: # -# http://www.privoxy.org/version/user-manual/ will be used, +# https://www.privoxy.org/version/user-manual/ will be used, # where version is the Privoxy version. # # Notes: @@ -128,7 +128,7 @@ # config file, because it is used while the config file is # being read. # -#user-manual http://www.privoxy.org/user-manual/ +#user-manual https://www.privoxy.org/user-manual/ # # 1.2. trust-info-url # ==================== @@ -291,7 +291,37 @@ confdir . # #templdir . # -# 2.3. logdir +# 2.3. temporary-directory +# ========================= +# +# Specifies: +# +# A directory where Privoxy can create temporary files. +# +# Type of value: +# +# Path name +# +# Default value: +# +# unset +# +# Effect if unset: +# +# No temporary files are created, external filters don't work. +# +# Notes: +# +# To execute external filters, Privoxy has to create temporary +# files. This directive specifies the directory the temporary +# files should be written to. +# +# It should be a directory only Privoxy (and trusted users) can +# access. +# +#temporary-directory . +# +# 2.4. logdir # ============ # # Specifies: @@ -317,7 +347,7 @@ confdir . # logdir . # -# 2.4. actionsfile +# 2.5. actionsfile # ================= # # Specifies: @@ -351,19 +381,13 @@ logdir . # # Actions files contain all the per site and per URL # configuration for ad blocking, cookie management, privacy -# considerations, etc. There is no point in using Privoxy -# without at least one actions file. -# -# Note that since Privoxy 3.0.7, the complete filename, -# including the ".action" extension has to be specified. The -# syntax change was necessary to be consistent with the other -# file options and to allow previously forbidden characters. +# considerations, etc. # actionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on. actionsfile default.action # Main actions file actionsfile user.action # User customizations # -# 2.5. filterfile +# 2.6. filterfile # ================ # # Specifies: @@ -408,7 +432,7 @@ actionsfile user.action # User customizations filterfile default.filter filterfile user.filter # User customizations # -# 2.6. logfile +# 2.7. logfile # ============= # # Specifies: @@ -439,22 +463,24 @@ filterfile user.filter # User customizations # # Depending on the debug options below, the logfile may be a # privacy risk if third parties can get access to it. As most -# users will never look at it, Privoxy 3.0.7 and later only log -# fatal errors by default. +# users will never look at it, Privoxy only logs fatal errors by +# default. # # For most troubleshooting purposes, you will have to change # that, please refer to the debugging section for details. # -# Your logfile will grow indefinitely, and you will probably -# want to periodically remove it. On Unix systems, you can do -# this with a cron job (see "man cron"). -# # Any log files must be writable by whatever user Privoxy is # being run as (on Unix, default user id is "privoxy"). # +# To prevent the logfile from growing indefinitely, it is +# recommended to periodically rotate or shorten it. Many +# operating systems support log rotation out of the box, some +# require additional software to do it. For details, please +# refer to the documentation for your operating system. +# logfile logfile # -# 2.7. trustfile +# 2.8. trustfile # =============== # # Specifies: @@ -569,10 +595,6 @@ logfile logfile # down a specific problem. They can produce a hell of an output # (especially 16). # -# Privoxy used to ship with the debug levels recommended above -# enabled by default, but due to privacy concerns 3.0.7 and -# later are configured to only log fatal errors. -# # If you are used to the more verbose settings, simply enable # the debug lines below again. # @@ -602,11 +624,11 @@ logfile logfile # # Type of value: # -# None +# 1 or 0 # # Default value: # -# Unset +# 0 # # Effect if unset: # @@ -618,7 +640,7 @@ logfile logfile # This option is only there for debugging purposes. It will # drastically reduce performance. # -#single-threaded +#single-threaded 1 # # 3.3. hostname # ============== @@ -1311,7 +1333,12 @@ enable-proxy-authentication-forwarding 0 # To chain Privoxy and Tor, both running on the same system, you # would use something like: # -# forward-socks5 / 127.0.0.1:9050 . +# forward-socks5t / 127.0.0.1:9050 . +# +# Note that if you got Tor through one of the bundles, you may +# have to change the port from 9050 to 9150 (or even another +# one). For details, please check the documentation on the Tor +# website. # # The public Tor network can't be used to reach your local # network, if you need to access local servers you therefore @@ -1412,12 +1439,20 @@ forwarded-connect-retries 0 # Privoxy, enable this option and configure your packet filter # to redirect outgoing HTTP connections into Privoxy. # +# Note that intercepting encrypted connections (HTTPS) isn't +# supported. +# # Make sure that Privoxy's own requests aren't redirected as # well. Additionally take care that Privoxy can't intentionally # connect to itself, otherwise you could run into redirection # loops if Privoxy's listening port is reachable by the outside # or an attacker has access to the pages you visit. # +# If you are running Privoxy as intercepting proxy without being +# able to intercept all client requests you may want to adjust +# the CGI templates to make sure they don't reference content +# from config.privoxy.org. +# # Examples: # # accept-intercepted-requests 1 @@ -1845,13 +1880,13 @@ socket-timeout 300 # # Notes: # -# This is a work-around for Firefox bug 492459: " Websites are -# no longer rendered if SSL requests for JavaScripts are blocked -# by a proxy. " (https://bugzilla.mozilla.org/show_bug.cgi?id= -# 492459) As the bug has been fixed for quite some time this -# option should no longer be needed and will be removed in a -# future release. Please speak up if you have a reason why the -# option should be kept around. +# This directive was added as a work-around for Firefox bug +# 492459: "Websites are no longer rendered if SSL requests for +# JavaScripts are blocked by a proxy." +# (https://bugzilla.mozilla.org/show_bug.cgi?id=492459), the bug +# has been fixed for quite some time, but this directive is also +# useful to make it harder for websites to detect whether or not +# resources are being blocked. # #handle-as-empty-doc-returns-ok 1 # @@ -1990,6 +2025,167 @@ socket-timeout 300 # Content-Type # # +# 6.14. client-specific-tag +# ========================== +# +# Specifies: +# +# The name of a tag that will always be set for clients that +# requested it through the webinterface. +# +# Type of value: +# +# Tag name followed by a description that will be shown in the +# webinterface +# +# Default value: +# +# None +# +# Notes: +# +# +-----------------------------------------------------+ +# | Warning | +# |-----------------------------------------------------| +# |This is an experimental feature. The syntax is likely| +# |to change in future versions. | +# +-----------------------------------------------------+ +# +# Client-specific tags allow Privoxy admins to create different +# profiles and let the users chose which one they want without +# impacting other users. +# +# One use case is allowing users to circumvent certain blocks +# without having to allow them to circumvent all blocks. This is +# not possible with the enable-remote-toggle feature because it +# would bluntly disable all blocks for all users and also affect +# other actions like filters. It also is set globally which +# renders it useless in most multi-user setups. +# +# After a client-specific tag has been defined with the +# client-specific-tag directive, action sections can be +# activated based on the tag by using a CLIENT-TAG pattern. The +# CLIENT-TAG pattern is evaluated at the same priority as URL +# patterns, as a result the last matching pattern wins. Tags +# that are created based on client or server headers are +# evaluated later on and can overrule CLIENT-TAG and URL +# patterns! +# +# The tag is set for all requests that come from clients that +# requested it to be set. Note that "clients" are differentiated +# by IP address, if the IP address changes the tag has to be +# requested again. +# +# Clients can request tags to be set by using the CGI interface +# http://config.privoxy.org/client-tags. The specific tag +# description is only used on the web page and should be phrased +# in away that the user understand the effect of the tag. +# +# Examples: +# +# # Define a couple of tags, the described effect requires action sections +# # that are enabled based on CLIENT-TAG patterns. +# client-specific-tag circumvent-blocks Overrule blocks but do not affect other actions +# disable-content-filters Disable content-filters but do not affect other actions +# +# +# +# 6.15. client-tag-lifetime +# ========================== +# +# Specifies: +# +# How long a temporarily enabled tag remains enabled. +# +# Type of value: +# +# Time in seconds. +# +# Default value: +# +# 60 +# +# Notes: +# +# +-----------------------------------------------------+ +# | Warning | +# |-----------------------------------------------------| +# |This is an experimental feature. The syntax is likely| +# |to change in future versions. | +# +-----------------------------------------------------+ +# +# In case of some tags users may not want to enable them +# permanently, but only for a short amount of time, for example +# to circumvent a block that is the result of an overly-broad +# URL pattern. +# +# The CGI interface http://config.privoxy.org/client-tags +# therefore provides a "enable this tag temporarily" option. If +# it is used, the tag will be set until the client-tag-lifetime +# is over. +# +# Examples: +# +# # Increase the time to life for temporarily enabled tags to 3 minutes +# client-tag-lifetime 180 +# +# +# +# 6.16. trust-x-forwarded-for +# ============================ +# +# Specifies: +# +# Whether or not Privoxy should use IP addresses specified with +# the X-Forwarded-For header +# +# Type of value: +# +# 0 or one +# +# Default value: +# +# 0 +# +# Notes: +# +# +-----------------------------------------------------+ +# | Warning | +# |-----------------------------------------------------| +# |This is an experimental feature. The syntax is likely| +# |to change in future versions. | +# +-----------------------------------------------------+ +# +# If clients reach Privoxy through another proxy, for example a +# load balancer, Privoxy can't tell the client's IP address from +# the connection. If multiple clients use the same proxy, they +# will share the same client tag settings which is usually not +# desired. +# +# This option lets Privoxy use the X-Forwarded-For header value +# as client IP address. If the proxy sets the header, multiple +# clients using the same proxy do not share the same client tag +# settings. +# +# This option should only be enabled if Privoxy can only be +# reached through a proxy and if the proxy can be trusted to set +# the header correctly. It is recommended that ACL are used to +# make sure only trusted systems can reach Privoxy. +# +# If access to Privoxy isn't limited to trusted systems, this +# option would allow malicious clients to change the client tags +# for other clients or increase Privoxy's memory requirements by +# registering lots of client tag settings for clients that don't +# exist. +# +# Examples: +# +# # Allow systems that can reach Privoxy to provide the client +# # IP address with a X-Forwarded-For header. +# trust-x-forwarded-for 1 +# +# +# # 7. WINDOWS GUI OPTIONS # ======================= #