X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=default.action.master;h=700481488bb98d86cc0d3a2d5df75062d5a99104;hp=dc60724d8701136e6e29aeb1da7777191145d5a5;hb=a389452bbd01a44968971333366dcba5a2879ab9;hpb=ac160a42382ae8f6fda89f6ea4a01d4a5ed9f7ad diff --git a/default.action.master b/default.action.master index dc60724d..70048148 100644 --- a/default.action.master +++ b/default.action.master @@ -1,25 +1,29 @@ -#MASTER# COMMENT: -#MASTER# COMMENT: Anyone adding specific rules to this file, -#MASTER# COMMENT: wherever possible please include a *full* URL -#MASTER# COMMENT: which can be used to verify the problem, and if -#MASTER# COMMENT: the problem may not always be fully obvious, a -#MASTER# COMMENT: brief explanation. Thanks. -#MASTER# COMMENT: +#MASTER# COMMENT: +#MASTER# COMMENT: Anyone adding specific rules to this file, +#MASTER# COMMENT: wherever possible please include a *full* URL +#MASTER# COMMENT: which can be used to verify the problem, and if +#MASTER# COMMENT: the problem may not always be fully obvious, a +#MASTER# COMMENT: brief explanation. Please also add tests for +#MASTER# COMMENT: Privoxy-Regression-Test so we can automatically +#MASTER# COMMENT: verify that your rules are effective. Thanks. +#MASTER# COMMENT: ###################################################################### -# +# # File : $Source: /cvsroot/ijbswa/current/default.action.master,v $ -# -# $Id: default.action.master,v 1.88 2007/07/31 07:16:08 proactivesvcs Exp $ # -# Requires : This version requires Privoxy v3.0.7 or later due to +# $Id: default.action.master,v 1.186 2009/08/15 16:24:39 fabiankeil Exp $ +# +# Requires : This version requires Privoxy v3.0.11 or later due to # syntax changes. # # Purpose : Default actions file, see # http://www.privoxy.org/user-manual/actions-file.html. -# This file is subject to periodic updating. Local exceptions -# and enhancements are better placed in user.action. +# This file is subject to periodic updating. It is +# not supposed to be edited by the user. Local exceptions +# and enhancements are better placed in user.action, +# the match-all section has been moved to match-all.action. # -# Copyright : Written by and Copyright (C) 2001 - 2007 the +# Copyright : Written by and Copyright (C) 2001-2009 the # Privoxy team. http://www.privoxy.org/ # # Note: Updated versions of this file will be made available from time @@ -30,14 +34,14 @@ # # We value your feedback. However, to provide you with the best support, # please note: -# +# # * Use the support forum to get help: # http://sourceforge.net/tracker/?group_id=11118&atid=211118 -# * Submit feedback for this actions file only through the -# SF actions file feedback tracker: +# * Submit feedback for this actions file only through the +# SF actions file feedback tracker: # http://sourceforge.net/tracker/?group_id=11118&atid=460288 # * Submit bugs only through our bug forum: -# http://sourceforge.net/tracker/?group_id=11118&atid=111118 +# http://sourceforge.net/tracker/?group_id=11118&atid=111118 # Make sure that the bug has not already been submitted. Please try # to verify that it is a Privoxy bug, and not a browser or site # bug first. If you are using your own custom configuration, please @@ -45,22 +49,22 @@ # related bug. And if possible please try the latest CVS sources. # * Submit feature requests only through our feature request forum: # http://sourceforge.net/tracker/?atid=361118&group_id=11118&func=browse -# +# # For any other issues, feel free to use the mailing lists: # http://sourceforge.net/mail/?group_id=11118 -# +# # Anyone interested in actively participating in development and related # discussions can join the appropriate mailing list here: # http://sourceforge.net/mail/?group_id=11118. Archives are available -# here too. +# here too. # -# The current development version of this file is located: +# The current development version of this file is located: # http://ijbswa.cvs.sourceforge.net/*checkout*/ijbswa/current/default.action.master -# +# ############################################################################# # Syntax ############################################################################# -# +# # A much better explanation can be found in the user manual which is # part of the distribution and can be found at http://www.privoxy.org/user-manual # @@ -75,7 +79,7 @@ ############################################################################# # Pattern Syntax ############################################################################# -# +# # 1. On Domains and Paths # ----------------------- # @@ -83,92 +87,92 @@ # and part are optional. The pattern matching syntax is different for # each. If you only specify a domain part, the "/" can be left out, but it is # required for the path part. -# -# www.example.com +# +# www.example.com # is a domain-only pattern and will match any request to www.example.com -# +# # www.example.com/ # means exactly the same (but is slightly less efficient) -# +# # www.example.com/index.html # matches only the document /index.html on www.example.com -# +# # /index.html # matches the document /index.html, regardless of the domain -# +# # index.html # matches nothing, since it would be interpreted as a domain name and # there is no top-level domain called ".html". -# +# # 2. Domain Syntax # ---------------- -# +# # The matching of the domain part offers some flexible options: If the # domain starts or ends with a dot, it becomes unanchored at that end: -# +# # www.example.com # matches only www.example.com -# +# # .example.com # matches any domain that ENDS in .example.com -# +# # www. # matches any domain that STARTS with www. # # .example. # matches any domain that CONTAINS example # -# +# # Additionally, there are wildcards that you can use in the domain names # themselves. They work pretty similar to shell wildcards: "*" stands for # zero or more arbitrary characters, "?" stands for one, and you can define -# charachter classes in square brackets and they can be freely mixed: -# +# character classes in square brackets and they can be freely mixed: +# # ad*.example.com # matches adserver.example.com, ads.example.com, etc but not sfads.example.com -# +# # *ad*.example.com # matches all of the above -# +# # .?pix.com # matches www.ipix.com, pictures.epix.com, a.b.c.d.e.upix.com etc -# +# # www[1-9a-ez].example.com -# matches www1.example.com, www4.example.com, wwwd.example.com, +# matches www1.example.com, www4.example.com, wwwd.example.com, # wwwz.example.com etc, but not wwww.example.com -# +# # You get the idea? -# +# # 2. Path Syntax # -------------- -# +# # Paths are specified as full regular expressions, and are more flexible than # the domain syntax above. A comprehensive discussion of regular expressions # wouldn't fit here. -# +# # Perl compatible regular expressions are used. See the pcre/docs/ direcory or # man perlre (also available at http://perldoc.perl.org/perlre.html) for # details. The appendix to our User Manual also has some detail. -# +# # Please note that matching in the path is CASE INSENSITIVE by default, but # you can switch to case sensitive by starting the pattern with the "(?-i)" # switch: -# +# # www.example.com/(?-i)PaTtErN.* # will match only documents whose path starts with PaTtErN in exactly this # capitalization. # -# Partially case-sensetive and partially case-insensitive patterns are +# Partially case-sensitive and partially case-insensitive patterns are # possible, but the rules about splitting them up are extremely complex # - see the PCRE documentation for more information. -# +# ############################################################################# # Action Syntax ############################################################################# # # There are 3 kinds of actions: # -# Boolean (e.g. "block"): +# Boolean (e.g. "handle-as-image"): # +name # enable # -name # disable # @@ -176,7 +180,7 @@ # +name{param} # enable and set parameter to "param" # -name # disable # -# Multi-value (e.g. "add-header", "send-wafer"): +# Multi-value (e.g. "add-header", "filter"): # +name{param} # enable and add parameter "param" # -name{param} # remove the parameter "param" # -name # disable totally @@ -184,7 +188,7 @@ # The default (if you don't specify anything in this file) is not to take # any actions - i.e completely disabled, so Privoxy will just be a # normal, non-blocking, non-anonymizing proxy. You must specifically -# enable the privacy and blocking features you need (although the +# enable the privacy and blocking features you need (although the # provided default actions file will do that for you). # # Later actions always override earlier ones. For multi-valued actions, @@ -198,9 +202,14 @@ # Adds the specified HTTP header, which is not checked for validity. # You may specify this many times to specify many headers. # -# +block -# Block this URL. Privoxy will ignore this URL completely, and not request -# it. +# +block{reason} +# Block this URL. Instead of forwarding the request, Privoxy will +# send a "block" page containing the specified reason. +# +# +change-x-forwarded-for{add} +# +change-x-forwarded-for{block} +# Adds or blocks the "X-Forwarded-For:" HTTP header in client +# requests. # # +client-header-filter{name} # All client headers to which this action applies are filtered on-the-fly @@ -208,28 +217,47 @@ # # Client-header filters predefined in the supplied default.filter include: # -# hide-tor-exit-notation: Removes the Tor exit node notation in Host and Referer headers +# hide-tor-exit-notation: Removes the Tor exit node notation in Host and Referer headers. +# privoxy-control: Removes X-Privoxy-Control headers. +# +# +client-header-tagger{string} +# Tag requests based on their headers. Client headers to which this +# action applies are filtered on-the-fly through the specified regular +# expression based substitutions, the result is used as a tag. +# Client-header taggers are the first actions that are executed and their +# tags can be used to control every other action. +# +# Client-header taggers predefined in the supplied default.filter include: +# +# image-requests: Tags detected image requests as "IMAGE-REQUEST". +# css-requests: Tags detected CSS requests as "CSS-REQUEST". +# client-ip-address: Tags the request with the client's IP address. +# http-method: Tags the request with its HTTP method. +# allow-post: Tags POST requests as "ALLOWED-POST". +# complete-url: Tags the request with the whole request URL. +# user-agent: Tags the request with the complete User-Agent header. +# privoxy-control: Creates tags with the content of X-Privoxy-Control headers. # # +content-type-overwrite # Replaces the "Content-Type:" HTTP server header, so that unwanted # download menus will not pop up, or changes the browser's rendering mode. # # +crunch-client-header{string} -# Deletes every header sent by the client that contains the string the -# user supplied as parameter. -# +# Deletes every header sent by the client that contains the string the +# user supplied as parameter. +# # +crunch-if-none-match -# Deletes the "If-None-Match:" HTTP client header. +# Deletes the "If-None-Match:" HTTP client header. # # +crunch-server-header{string} -# Deletes every header sent by the server that contains the string the -# user supplied as a parameter. -# +# Deletes every header sent by the server that contains the string the +# user supplied as a parameter. +# # +deanimate-gifs{last} # +deanimate-gifs{first} # Deanimate all animated GIF images, i.e. reduce them to their last # frame. This will also shrink the images considerably. (In bytes, -# not pixels!) +# not pixels!) # If the option "first" is given, the first frame of the animation # is used as the replacement. If "last" is given, the last frame of # the animation is used instead, which propably makes more sense for @@ -246,20 +274,20 @@ # Many sites, like yahoo.com, don't just link to other sites. # Instead, they will link to some script on their own server, # giving the destination as a parameter, which will then redirect -# you to the final target. +# you to the final target. # # URLs resulting from this scheme typically look like: # http://some.place/some_script?http://some.where-else # # Sometimes, there are even multiple consecutive redirects encoded -# in the URL. These redirections via scripts make your web browing +# in the URL. These redirections via scripts make your web browsing # more traceable, since the server from which you follow such a link # can see where you go to. Apart from that, valuable bandwidth and -# time is wasted, while your browser aks the server for one redirect +# time is wasted, while your browser asks the server for one redirect # after the other. Plus, it feeds the advertisers. # -# The +fast-redirects{check-decoded-url} option enables interception of -# these requests by Privoxy, who will cut off all but the last valid URL +# The +fast-redirects{check-decoded-url} option enables interception of +# these requests by Privoxy, who will cut off all but the last valid URL # in the request and send a local redirect back to your browser without # contacting the intermediate sites. NOTE: Syntax change as of v.3.0.4. # @@ -272,39 +300,47 @@ # filtering works only on the raw document content itself (that which can # be seen with View Source), not the headers. Repeat for multiple filters. # Use with caution: filters can be very intrusive. -# +# # Filters predefined in the supplied default.filter include: # -# js-annoyances: Get rid of particularly annoying JavaScript abuse -# js-events: Kill all JS event bindings (Radically destructive! Use only on real suckers) -# html-annoyances: Get rid of particularly annoying HTML abuse -# content-cookies: Kill cookies that come in the HTML or JS content -# refresh-tags: Kill automatic refresh tags (for dial-on-demand setups) -# unsolicited-popups: Disable only unsolicited pop-up windows -# all-popups: Kill all popups in JavaScript and HTML -# img-reorder: Reorder attributes in tags to make the banners-by-* filters more effective -# banners-by-size: Kill banners by size (very efficient!) -# banners-by-link: Kill banners by their links to known clicktrackers -# webbugs: Squish WebBugs (1x1 invisible GIFs used for user tracking) -# tiny-textforms: Extend those tiny textareas up to 40x80 and kill the hard wrap -# jumping-windows: Prevent windows from resizing and moving themselves -# frameset-borders: Give frames a border -# demoronizer: Fix MS's non-standard use of standard charsets -# shockwave-flash: Kill embedded Shockwave Flash objects -# quicktime-kioskmode: Make Quicktime movies saveable -# fun: Text replacements for subversive browsing fun! -# crude-parental: Kill all web pages that contain the words "sex" or "warez" -# ie-exploits: Disable some known Internet Explorer bug exploits -# site-specifics: Cure for site-specific problems. Don't apply generally! -# google: Removes text ads and other Google specific improvements -# yahoo: Removes text ads and other Yahoo specific improvements -# msn: Removes text ads and other MSN specific improvements -# blogspot: Cleans up Blogspot blogs -# no-ping: Removes non-standard ping attributes from anchor and area tags +# js-annoyances: Get rid of particularly annoying JavaScript abuse. +# js-events: Kill all JS event bindings and timers (Radically destructive! Only for extra nasty sites). +# html-annoyances: Get rid of particularly annoying HTML abuse. +# content-cookies: Kill cookies that come in the HTML or JS content. +# refresh-tags: Kill automatic refresh tags (for dial-on-demand setups). +# unsolicited-popups: Disable only unsolicited pop-up windows. +# all-popups: Kill all popups in JavaScript and HTML. +# img-reorder: Reorder attributes in tags to make the banners-by-* filters more effective. +# banners-by-size: Kill banners by size. +# banners-by-link: Kill banners by their links to known clicktrackers. +# webbugs: Squish WebBugs (1x1 invisible GIFs used for user tracking). +# tiny-textforms: Extend those tiny textareas up to 40x80 and kill the hard wrap. +# jumping-windows: Prevent windows from resizing and moving themselves. +# frameset-borders: Give frames a border and make them resizable. +# demoronizer: Fix MS's non-standard use of standard charsets. +# shockwave-flash: Kill embedded Shockwave Flash objects. +# quicktime-kioskmode: Make Quicktime movies saveable. +# fun: Text replacements for subversive browsing fun! +# crude-parental: Crude parental filtering. Note that this filter doesn't work reliably. +# ie-exploits: Disable some known Internet Explorer bug exploits. +# site-specifics: Cure for site-specific problems. Don't apply generally! +# no-ping: Removes non-standard ping attributes in and tags. +# google: CSS-based block for Google text ads. Also removes a width limitation and the toolbar advertisement. +# yahoo: CSS-based block for Yahoo text ads. Also removes a width limitation. +# msn: CSS-based block for MSN text ads. Also removes tracking URLs and a width limitation. +# blogspot: Cleans up some Blogspot blogs. Read the fine print before using this. # # +force-text-mode -# Declares a document as plain text, even if the "Content-Type:" isn't detected -# as such. +# Declares a document as plain text, even if the "Content-Type:" isn't detected +# as such. +# +# +forward-override{forward .} +# +forward-override{forward 127.0.0.1:8123} +# +forward-override{forward-socks4a 127.0.0.1:9050 .} +# +forward-override{forward-socks4a 127.0.0.1:9050 proxy.example.org:8000} +# +forward-override{forward-socks5 127.0.0.1:9050 .} +# +forward-override{forward-socks5 127.0.0.1:9050 proxy.example.org:8000} +# This action overrules the forward directives in the configuration file. # # +handle-as-empty-document # This action alone doesn't do anything noticeable. It just marks URLs. If @@ -312,6 +348,11 @@ # decides whether an HTML "blocked" page, or an empty document will be sent # to the client as a substitute for the blocked content. # +# +handle-as-image +# Treat this URL as an image. This only matters if it's also "+block"ed, +# in which case a "blocked" image can be sent rather than a HTML page. +# See +set-image-blocker{} for the control over what is actually sent. +# # +hide-accept-language{lang} # +hide-accept-language{block} # Deletes or replaces the "Accept-Language:" HTTP header in client @@ -319,22 +360,19 @@ # # +hide-content-disposition{block} # +hide-content-disposition{string} -# Deletes or replaces the "Content-Disposition:" HTTP header set by some -# servers. This can be used to prevent download menus for content you +# Deletes or replaces the "Content-Disposition:" HTTP header set by some +# servers. This can be used to prevent download menus for content you # prefer to view inside the browser, for example. # -# +hide-forwarded-for-headers -# Block any existing X-Forwarded-for header, and do not add a new one. -# # +hide-from-header{block} # +hide-from-header{spam@sittingduck.xqq} -# If the browser sends a "From:" header containing your e-mail address, +# If the browser sends a "From:" header containing your e-mail address, # either completely removes the header ("block"), or change it to the # specified e-mail address. # # +hide-if-modified-since{block} # +hide-if-modified-since{-60} -# Deletes the "If-Modified-Since:" HTTP client header or modifies its +# Deletes the "If-Modified-Since:" HTTP client header or modifies its # value, preventing another way to track users. # # +hide-referer{block} @@ -347,8 +385,8 @@ # # +hide-referrer{...} # Alternative spelling of +hide-referer. Has the same parameters, -# and can be freely mixed with, "+hide-referer". ("referrer" is the -# correct English spelling, however the HTTP specification has a +# and can be freely mixed with, "+hide-referer". ("referrer" is the +# correct English spelling, however the HTTP specification has a # bug - it requires it to be spelt "referer"). # # +hide-user-agent{browser-type} @@ -360,31 +398,25 @@ # +hide-user-agent{Privoxy/1.0} # (Don't change the version number from 1.0 - after all, why tell them?) # -# +handle-as-image -# Treat this URL as an image. This only matters if it's also "+block"ed, -# in which case a "blocked" image can be sent rather than a HTML page. -# See +set-image-blocker{} for the control over what is actually sent. -# -# +inspect-jpegs -# Scan jpeg headers for malformed comment blocks and correct them. -# # +limit-connect{portlist} -# The CONNECT methods exists in HTTP to allow access to secure websites -# (https:// URLs) through proxies. It works very simply: The proxy -# connects to the server on the specified port, and then short-circuits -# its connections to the client and to the remote proxy. -# This can be a big security hole, since CONNECT-enabled proxies can -# be abused as TCP relays very easily. -# By default, i.e. in the absence of a +limit-connect action, Privoxy -# will only allow CONNECT requests to port 443, which is the standard port -# for https. -# If you want to allow CONNECT for more ports than that, or want to forbid -# CONNECT altogether, you can specify a comma separated list of ports and port -# ranges (the latter using dashes, with the minimum defaulting to 0 and max to 65K): -# -# +limit-connect{443} # This is the default and need no be specified. -# +limit-connect{80,443} # Ports 80 and 443 are OK. -# +limit-connect{-3, 7, 20-100, 500-} # Port less than 3, 7, 20 to 100, and above 500 are OK. +# +# By default, i.e. if no limit-connect action applies, Privoxy +# allows HTTP CONNECT requests to all ports. Use limit-connect +# if fine-grained control is desired for some or all destinations. +# The CONNECT methods exists in HTTP to allow access to secure websites +# ("https://" URLs) through proxies. It works very simply: the proxy +# connects to the server on the specified port, and then short-circuits +# its connections to the client and to the remote server. This means +# CONNECT-enabled proxies can be used as TCP relays very easily. Privoxy +# relays HTTPS traffic without seeing the decoded content. Websites can +# leverage this limitation to circumvent Privoxy's filters. By specifying +# an invalid port range you can disable HTTPS entirely. +# +# +limit-connect{443} # Only port 443 is OK. +# +limit-connect{80,443} # Ports 80 and 443 are OK. +# +limit-connect{-3, 7, 20-100, 500-} # Ports less than 3, 7, 20 to 100 and above 500 are OK. +# +limit-connect{-} # All ports are OK +# +limit-connect{,} # No HTTPS/SSL traffic is allowed # # +overwrite-last-modified{block} # +overwrite-last-modified{reset-to-request-time} @@ -402,13 +434,13 @@ # # "reset-to-request-time" overwrites the value of the "Last-Modified:" # header with the current time. You could use this option together with -# hided-if-modified-since to further customize your random range. -# +# hide-if-modified-since to further customize your random range. +# # +prevent-compression # Prevent the website from compressing the data. Some websites do -# that, which is a problem for Privoxy, since +filter, +kill-popups -# and +gif-deanimate will not work on compressed data. Will slow down -# connections to those websites, though. +# that, which is a problem for Privoxy when built without zlib support, +# since +filter and +gif-deanimate will not work on compressed data. +# Will slow down connections to those websites, though. # # +server-header-filter{name} # All server headers to which this action applies are filtered on-the-fly @@ -416,8 +448,24 @@ # # Server-header filters predefined in the supplied default.filter include: # -# html-to-xml: Changes the Content-Type header from html to xml -# xml-to-html: Changes the Content-Type header from xml to html +# x-httpd-php-to-html: Changes the Content-Type header from x-httpd-php to html. +# html-to-xml: Changes the Content-Type header from html to xml. +# xml-to-html: Changes the Content-Type header from xml to html. +# less-download-windows: Prevent annoying download windows for content types the browser can handle itself. +# privoxy-control: Removes X-Privoxy-Control headers. +# +# +server-header-tagger{content-type} +# Server headers to which this action applies are filtered on-the-fly +# through the specified regular expression based substitutions, the result +# is used as a tag. Server-header taggers are executed before all other +# header actions that modify server headers. Their tags can be used to +# control all of the other server-header actions, the content filters and +# the crunch actions (redirect and block). +# +# Server-header taggers predefined in the supplied default.filter include: +# +# content-type: Tags the request with the content type declared by the server. +# privoxy-control: Creates tags with the content of X-Privoxy-Control headers. # # +session-cookies-only # If the website sets cookies, make sure they are erased when you exit @@ -446,39 +494,12 @@ # +crunch-incoming-cookies # Prevent the website from setting cookies # -# +kill-popups (deprecated) -# Filter the website through a built-in filter to disable -# window.open() etc. The two alternative spellings are -# equivalent. -# # +redirect{} # +redirect{} # Convinces the browser that the requested document has been moved to # another location and the browser should get it from the specified # URL. # -# +send-vanilla-wafer -# This action only applies if you are using a jarfile. It sends a -# cookie to every site stating that you do not accept any copyright -# on cookies sent to you, and asking them not to track you. Of -# course, this is a (relatively) unique header they could use to -# track you. -# -# +send-wafer{name=value} -# This allows you to add an arbitrary cookie. Specify it multiple -# times in order to add several cookies. -# -# +treat-forbidden-connects-like-blocks -# If this action is enabled, Privoxy no longer makes a difference between -# forbidden connects and ordinary blocks. -# -# By default Privoxy answers forbidden "Connect" requests with a short -# error message inside the headers. If the browser doesn't display headers -# (most don't), you just see an empty page. With this action enabled, -# Privoxy displays the message that is used for ordinary blocks instead. If -# you decide to make an exception for the page in question, you can do so -# by following the "See why" link. -# ############################################################################# ############################################################################# @@ -487,7 +508,7 @@ {{settings}} ############################################################################# #MASTER# COMMENT: The minimum Privoxy version: -for-privoxy-version=3.0.7 +for-privoxy-version=3.0.11 ############################################################################# # Aliases @@ -505,104 +526,106 @@ for-privoxy-version=3.0.7 # # Alias names are not case sensitive. # -# Aliases beginning with '+' or '-' may be used for system action names -# in future releases - so try to avoid alias names like this. (e.g. +# Aliases beginning with '+' or '-' may be used for system action names +# in future releases - so try to avoid alias names like this. (e.g. # "+crunch-all-cookies" below is not a good name) # # Aliases must be defined before they are used. -# +# # These aliases just save typing later: # +crunch-all-cookies = +crunch-incoming-cookies +crunch-outgoing-cookies -crunch-all-cookies = -crunch-incoming-cookies -crunch-outgoing-cookies - allow-all-cookies = -crunch-all-cookies -session-cookies-only - allow-popups = -filter{all-popups} -kill-popups -filter{unsolicited-popups} -+block-as-image = +block +handle-as-image + allow-all-cookies = -crunch-all-cookies -session-cookies-only + allow-popups = -filter{all-popups} -filter{unsolicited-popups} ++block-as-image = +block{Blocked image request.} +handle-as-image -block-as-image = -block # These aliases define combinations of actions # that are useful for certain types of sites: # -fragile = -block -crunch-all-cookies -filter -fast-redirects -hide-referer -kill-popups -prevent-compression +fragile = -block -crunch-all-cookies -filter -fast-redirects -hide-referer -prevent-compression shop = -crunch-all-cookies allow-popups # Your favourite blend of filters: # myfilters = +filter{html-annoyances} +filter{js-annoyances} +filter{all-popups}\ - +filter{webbugs} +filter{nimda} +filter{banners-by-size} #+filter{fun} + +filter{webbugs} +filter{banners-by-size} # Allow ads for selected useful free sites: # allow-ads = -block -filter{banners-by-size} -filter{banners-by-link} -############################################################################# -# Defaults -############################################################################# +################ +# +# Cautious settings -- safe for all sites, but offer little privacy protection +# +{ \ ++change-x-forwarded-for{block} \ ++hide-from-header{block} \ ++set-image-blocker{pattern} \ +} +standard.Cautious + +################ +# +# Medium settings -- safe for most sites, with reasonable protection/damage tradeoff +# +{ \ ++change-x-forwarded-for{block} \ ++deanimate-gifs{last} \ ++filter{refresh-tags} \ ++filter{img-reorder} \ ++filter{banners-by-size} \ ++filter{webbugs} \ ++filter{jumping-windows} \ ++filter{ie-exploits} \ ++hide-from-header{block} \ ++hide-referrer{conditional-block} \ ++session-cookies-only \ ++set-image-blocker{pattern} \ +} +standard.Medium + +################ +# +# Advanced settings -- reasonable privacy protection but +# require some exceptions for trusted sites, most likely +# because of cookies or SSL. Also testing ground for +# new options. +# +# CAUTION: These settings can still be subverted by a +# misconfigured client that executes code from untrusted +# sources. +# { \ --add-header \ --block \ --client-header-filter{hide-tor-exit-notation} \ --content-type-overwrite \ --crunch-client-header \ --crunch-if-none-match \ --crunch-outgoing-cookies \ --crunch-incoming-cookies \ --crunch-server-header \ --deanimate-gifs \ --downgrade-http-version \ --fast-redirects \ --filter{js-annoyances} \ --filter{js-events} \ --filter{html-annoyances} \ --filter{content-cookies} \ --filter{refresh-tags} \ --filter{unsolicited-popups} \ --filter{all-popups} \ --filter{img-reorder} \ --filter{banners-by-size} \ --filter{banners-by-link} \ --filter{webbugs} \ --filter{tiny-textforms} \ --filter{jumping-windows} \ --filter{frameset-borders} \ --filter{demoronizer} \ --filter{shockwave-flash} \ --filter{quicktime-kioskmode} \ --filter{fun} \ --filter{crude-parental} \ --filter{ie-exploits} \ --filter{site-specifics} \ --filter{google} \ --filter{yahoo} \ --filter{msn} \ --filter{blogspot} \ --filter{no-ping} \ --force-text-mode \ --handle-as-empty-document \ --handle-as-image \ --hide-accept-language \ --hide-content-disposition \ --hide-if-modified-since \ -+hide-forwarded-for-headers \ ++change-x-forwarded-for{block} \ ++client-header-tagger{css-requests} \ ++client-header-tagger{image-requests} \ ++crunch-if-none-match \ ++crunch-outgoing-cookies \ ++crunch-incoming-cookies \ ++deanimate-gifs{last} \ ++fast-redirects{check-decoded-url} \ ++filter{html-annoyances} \ ++filter{content-cookies} \ ++filter{refresh-tags} \ ++filter{img-reorder} \ ++filter{banners-by-size} \ ++filter{banners-by-link} \ ++filter{webbugs} \ ++filter{jumping-windows} \ ++filter{frameset-borders} \ ++filter{quicktime-kioskmode} \ ++hide-if-modified-since{-60} \ +hide-from-header{block} \ --hide-referrer \ --hide-user-agent \ --inspect-jpegs \ --kill-popups \ --limit-connect \ --prevent-compression \ --overwrite-last-modified \ --redirect \ --send-vanilla-wafer \ --send-wafer \ --server-header-filter{xml-to-html} \ --server-header-filter{html-to-xml} \ --session-cookies-only \ ++hide-referrer{conditional-block} \ ++limit-connect{,} \ ++overwrite-last-modified{randomize} \ +set-image-blocker{pattern} \ --treat-forbidden-connects-like-blocks \ } -/ # Match all URLs +standard.Advanced ############################################################################# # These extensions belong to images: @@ -617,30 +640,43 @@ allow-ads = -block -filter{banners-by-size} -filter{banners-by-link} {-handle-as-image} /.*\.(js|php|css|.?html?) +############################################################################# +# These belong to multimedia files of which Firefox occasionally only +# requests parts. #2816708 +############################################################################# +{-filter -deanimate-gifs} +# Sticky Actions = -filter -deanimate-gifs +# URL = http://www.example.org/foo/bar.ogg +# URL = http://www.example.net/bar.ogv +/.*\.og[gv]$ + ############################################################################# # Generic block patterns by host: ############################################################################# -{+block} -#MASTER# DONT-VERIFY (generic) +{+block{Host matches generic block pattern.}} ad*. .*ads. -.ad. -#MASTER# PROBLEM URL: http://alternativos.iw-advertising.com/ +#MASTER# REMARKS: removed .ad. 2007-12-18 HB +#MASTER# REMARKS: Modifications per Actionsfile feedback item #1807613 +.ad.?. +.ad.[a-ik-z][a-oq-z]. +.ad.jp.*. +.ad.???*. +# Blocked URL = http://alternativos.iw-advertising.com/ .*advert*. *banner*. count*. *counter. #MASTER# PROBLEM URL: http://www.newegg.com promotions. -#MASTER# PROBLEM URL: http://metrics.performancing.com/ 11/04/06 #MASTER# BLOCK-REFERRER: http://tech.cybernetnews.com/ +# Blocked URL = http://metrics.performancing.com/ metrics. ############################################################################# # Generic unblockers by host: ############################################################################# {-block} -#MASTER# DONT-VERIFY (generic) adsl. ad[udmw]*. adbl*. @@ -650,6 +686,7 @@ adob*. adrenaline. adtp*. adv[oia]*. +adventure*. .*road*. .olympiad*. .*load*. @@ -660,15 +697,15 @@ countr*. ############################################################################# # Generic block patterns by path: ############################################################################# -{+block} -#MASTER# DONT-VERIFY (generic) +{+block{Path matches generic block pattern.}} /(.*/)?ad(\?|/|s|v|_?(image|se?rv|box)|cycle|rotate|mentor|click|f[ra]m|script|stream|fetch|log|space) +# Blocked URL = http://www.example.org/adimage +# Blocked URL = http://www.example.org/adspace /phpads(new)?/ /(.*/)?(ad|all|nn|db|promo(tion)?)?[-_]?banner -/(.*/)?(publicite|werbung|reklaa?m|annonse|maino(kset|nta|s)?/) +/(.*/)?(publicite|werbung|rekla(me|am)|annonse|maino(kset|nta|s)?/) /.*(count|track|compteur|(?