X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=default.action;h=70cd27617d13af52cb2fd44bf40a476978e6e202;hp=c14aa981ee52bb34bbcd07db8d668a6d72df9f0b;hb=5a5807409ae15a99c2e7365f292a6de0054257e3;hpb=e1606e41c444e6bbb95172cd47f8b3e86ff32034;ds=sidebyside diff --git a/default.action b/default.action index c14aa981..70cd2761 100644 --- a/default.action +++ b/default.action @@ -1,48 +1,425 @@ +###################################################################### +# +# File : $Source: /cvsroot/ijbswa/current/default.action,v $ +# +# $Id: default.action,v 1.27 2002/05/03 04:18:49 morcego Exp $ +# +# Purpose : Default actions file, see +# http://www.privoxy.org/faq/questions.html#CONFIGFILES +# +# Copyright : Written by and Copyright +# Privoxy team. http://www.privoxy.org/ +# +# Based on the Internet Junkbuster originally written +# by and Copyright (C) 1997 Anonymous Coders and +# Junkbusters Corporation. http://www.junkbusters.com +# +# We value your feedback. However, to provide you with the best support, +# please note: +# +# * Use the support forum to get help: +# http://sourceforge.net/tracker/?group_id=11118&atid=211118 +# * Submit feedback for this actions file only through our +# actions file feedback script: http://www.privoxy.org/actions +# * Submit bugs only through our bug forum: +# http://sourceforge.net/tracker/?group_id=11118&atid=111118 +# Make sure that the bug has not already been submitted. Please try +# to verify that it is a Privoxy bug, and not a browser or site +# bug first. If you are using your own custom configuration, please +# try the stock configs to see if the problem is a configuration +# related bug. And if not using the latest development snapshot, +# please try the latest one. Or even better, CVS sources. +# * Submit feature requests only through our feature request forum: +# http://sourceforge.net/tracker/?atid=361118&group_id=11118&func=browse +# +# For any other issues, feel free to use the mailing lists: +# http://sourceforge.net/mail/?group_id=11118 +# +# Anyone interested in actively participating in development and related +# discussions can join the appropriate mailing list here: +# http://sourceforge.net/mail/?group_id=11118. Archives are available +# here too. +# ############################################################################# +# Syntax +############################################################################# +# +# To determine which actions apply to a request, the URL of the request is +# compared to all patterns in this file. Every time it matches, the list of +# applicable actions for this URL is incrementally updated. You can trace +# this process by visiting http://i.j.b/show-url-info # -# Bare-bones actions file for Privoxy pre release testdrive +# There are 4 types of lines in this file: comments (like this line), +# actions, aliases and patterns, all of which are explained below. # -# For information, see http://www.oesterhelt.org/testdrive +############################################################################# +# Pattern Syntax +############################################################################# +# +# 1. On Domains and Paths +# ----------------------- +# +# Generally, a pattern has the form /, where both the +# and part are optional. If you only specify a domain part, the "/" +# can be left out: +# +# www.example.com +# is a domain-only pattern and will match any request to www.yahoo.com +# +# www.example.com/ +# means exactly the same (but is slightly less efficient) +# +# www.example.com/index.html +# matches only the document /index.html on www.example.com +# +# /index.html +# matches the document /index.html, regardless of the domain +# +# index.html +# matches nothing, since it would be interpreted as a domain name and +# there is no top-level domain called ".html". +# +# 2. Domain Syntax +# ---------------- +# +# The matching of the domain part offers some flexible options: If the +# domain starts or ends with a dot, it becomes unanchored at that end: +# +# www.example.com +# matches only www.example.com +# +# .example.com +# matches any domain that ENDS in .example.com +# +# www. +# matches any domain that STARTS with www. +# +# Additionally, there are wildcards that you can use in the domain names +# themselves. They work pretty similar to shell wildcards: "*" stands for +# zero or more arbitrary characters, "?" stands for one, and you can define +# charachter classes in square brackets and they can be freely mixed: +# +# ad*.example.com +# matches adserver.example.com, ads.example.com, etc but not sfads.example.com +# +# *ad*.example.com +# matches all of the above +# +# .?pix.com +# matches www.ipix.com, pictures.epix.com, a.b.c.d.e.upix.com etc +# +# www[1-9a-ez].example.com +# matches www1.example.com, www4.example.com, wwwd.example.com, +# wwwz.example.com etc, but not wwww.example.com +# +# You get the idea? +# +# 2. Path Syntax +# -------------- +# +# Paths are specified as regular expressions. A comprehensive discussion of +# regular expressions wouldn't fit here, but (FIXME) someone should paste +# a concise intro to the regex language here. +# +# If Privoxy was compiled with pcre support (default), Perl compatible +# regular expressions are used. See the pcre/docs/ direcory or man perlre +# (also available on http://www.perldoc.com/perl5.6/pod/perlre.html) for +# details. +# +# Please note that matching in the path is CASE INSENSITIVE by default, but +# you can switch to case sensitive by starting the pattern with the "(?-i)" +# switch: +# +# www.example.com/(?-i)PaTtErN.* +# will match only documents whose path starts with PaTtErN in exactly this +# capitalization. # +# Partially case-sensetive and partially case-insensitive patterns are +# possible, but the rules about splitting them up are extremely complex +# - see the PCRE documentation for more information. +# +############################################################################# +# Action Syntax +############################################################################# +# +# There are 3 kinds of action: +# +# Boolean (e.g. "block"): +# +name # enable +# -name # disable +# +# Parameterized (e.g. "hide-user-agent"): +# +name{param} # enable and set parameter to "param" +# -name # disable +# +# Multi-value (e.g. "add-header", "send-wafer"): +# +name{param} # enable and add parameter "param" +# -name{param} # remove the parameter "param" +# -name # disable totally +# +# The default (if you don't specify anything in this file) is not to take +# any actions - i.e completely disabled, so Privoxy will just be a +# normal, non-blocking, non-anonymizing proxy. You must specifically +# enable the privacy and blocking features you need (although the +# provided default actions file will do that for you). +# +# Later actions always override earlier ones. For multi-valued actions, +# the actions are applied in the order they are specified. +# +############################################################################# +# Valid actions are: +############################################################################# +# +# +add-header{Name: value} +# Adds the specified HTTP header, which is not checked for validity. +# You may specify this many times to specify many headers. +# +# +block +# Block this URL +# +# +deanimate-gifs{last} +# +deanimate-gifs{first} +# Deanimate all animated GIF images, i.e. reduce them to their last +# frame. This will also shrink the images considerably. (In bytes, +# not pixels!) +# If the option "first" is given, the first frame of the animation +# is used as the replacement. If "last" is given, the last frame of +# the animation is used instead, which propably makes more sense for +# most banner animations, but also has the risk of not showing the +# entire last frame (if it is only a delta to an earlier frame). +# +# +downgrade-http-version +# Downgrade HTTP/1.1 client requests to HTTP/1.0 and downgrade the +# responses as well. Use this action for servers that use HTTP/1.1 +# protocol features that Privoxy currently can't handle yet. +# +# +fast-redirects +# Many sites, like yahoo.com, don't just link to other sites. +# Instead, they will link to some script on their own server, +# giving the destination as a parameter, which will then redirect +# you to the final target. +# +# URLs resulting from this scheme typically look like: +# http://some.place/some_script?http://some.where-else +# +# Sometimes, there are even multiple consecutive redirects encoded +# in the URL. These redirections via scripts make your web browing +# more traceable, since the server from which you follow such a link +# can see where you go to. Apart from that, valuable bandwidth and +# time is wasted, while your browser aks the server for one redirect +# after the other. Plus, it feeds the advertisers. +# +# The +fast-redirects option enables interception of these requests +# by Privoxy, who will cut off all but the last valid URL in the +# request and send a local redirect back to your browser without +# contacting the intermediate sites. +# +# +filter{name} +# Filter the website through one or more regular expression filters. +# Repeat for multiple filters. +# +# Filters predefined in the supplied re_filterfile include: +# +# html-annoyances: Get rid of particularly annoying HTML abuse +# js-annoyances: Get rid of particularly annoying JavaScript abuse +# content-cookies: Kill cookies that come in the HTML or JS content +# popups: Kill all popups in JS and HTML +# frameset-borders: Give frames a border +# webbugs: Squish WebBugs (1x1 invisible GIFs used for user tracking) +# refresh-tags: Kill automatic refresh tags (for dial-on-demand setups) +# fun: Text replacements for subversive browsing fun! +# nimda: Remove Nimda (virus) code. +# banners-by-size: Kill banners by size (very efficient!) +# shockwave-flash: Kill embedded Shockwave Flash objects +# crude-parental: Kill all web pages that contain the words "sex" or "warez" +# +# +# +hide-forwarded-for-headers +# Block any existing X-Forwarded-for header, and do not add a new one. +# +# +hide-from-header{block} +# +hide-from-header{spam@sittingduck.xqq} +# If the browser sends a "From:" header containing your e-mail address, +# either completely removes the header ("block"), or change it to the +# specified e-mail address. +# +# +hide-referer{block} +# +hide-referer{forge} +# +hide-referer{http://nowhere.com} +# Don't send the "Referer:" (sic) header to the web site. You can +# block it, forge a URL to the same server as the request (which is +# preferred because some sites will not send images otherwise) or +# set it to a constant string. +# +# +hide-referrer{...} +# Alternative spelling of +hide-referer. Has the same parameters, +# and can be freely mixed with, "+hide-referer". ("referrer" is the +# correct English spelling, however the HTTP specification has a +# bug - it requires it to be spelt "referer"). +# +# +hide-user-agent{browser-type} +# Change the "User-Agent:" header so web servers can't tell your +# browser type. (Breaks many web sites). Specify the user-agent +# value you want - e.g., to pretend to be using Netscape on Linux: +# +hide-user-agent{Mozilla (X11; I; Linux 2.0.32 i586)} +# Or to identify yourself explicitly as a Privoxy user: +# +hide-user-agent{Privoxy/1.0} +# (Don't change the version number from 1.0 - after all, why tell them?) +# +# +handle-as-image +# Treat this URL as an image. This only matters if it's also "+block"ed, +# in which case a "blocked" image can be sent rather than a HTML page. +# See +set-image-blocker{} for the control over what is actually sent. +# +# +set-image-blocker{blank} +# +set-image-blocker{pattern} +# +set-image-blocker{} with being any valid image URL +# Decides what to do with URLs that end up tagged with {+block +handle-as-image}. +# There are 4 options: +# * "-set-image-blocker" will send a HTML "blocked" page, usually +# resulting in a "broken image" icon. +# * "+set-image-blocker{blank}" will send a 1x1 transparent image +# * "+set-image-blocker{pattern}" will send a 4x4 grey/white pattern +# which is less intrusive than the logo but easier to recognize +# than the transparent one. +# * "+set-image-blocker{}" will send a HTTP temporary redirect +# to the specified image URL. +# +# +# +limit-connect{portlist} +# The CONNECT methods exists in HTTP to allow access to secure websites +# (https:// URLs) through proxies. It works very simply: The proxy +# connects to the server on the specified port, and then short-circuits +# its connections to the cliant and to the remote proxy. +# This can be a big security hole, since CONNECT-enabled proxies can +# be abused as TCP relays very easily. +# By default, i.e. in the absence of a +limit-connect action, Privoxy +# will only allow CONNECT requests to port 443, which is the standard port +# for https. +# If you want to allow CONNECT for more ports than that, or want to forbid +# CONNECT altogether, you can specify a comma separated list of ports and port +# ranges (the latter using dashes, with the minimum defaulting to 0 and max to 65K): +# +# +limit-connect{443} # This is the default and need no be specified. +# +limit-connect{80,443} # Ports 80 and 443 are OK. +# +limit-connect{-3, 7, 20-100, 500-} # Port less than 3, 7, 20 to 100, and above 500 are OK. +# +# +prevent-compression +# Prevent the website from compressing the data. Some websites do +# that, which is a problem for Privoxy, since +filter, +kill-popups +# and +gif-deanimate will not work on compressed data. Will slow down +# connections to those websites, though. +# +# +prevent-keeping-cookies +# +session-cookies-only +# If the website sets cookies, make sure they are erased when you exit +# and restart your web browser. This makes profiling cookies useless, +# but won't break sites which require cookies so that you can log in +# or for transactions. +# +# +crunch-outgoing-cookies +# Prevent the website from reading cookies +# +# +crunch-incoming-cookies +# Prevent the website from setting cookies +# +# +kill-popups +# Filter the website through a built-in filter to disable +# 1;''.concat() etc. The two alternative spellings are +# equivalent. +# +# +send-vanilla-wafer +# This action only applies if you are using a jarfile. It sends a +# cookie to every site stating that you do not accept any copyright +# on cookies sent to you, and asking them not to track you. Of +# course, this is a (relatively) unique header they could use to +# track you. +# +# +send-wafer{name=value} +# This allows you to add an arbitrary cookie. Specify it multiple +# times in order to add several cookies. +# +############################################################################# + +############################################################################# +# Settings -- Don't change. +############################################################################# +{{settings}} +############################################################################# +for-privoxy-version=3.0 + +############################################################################# +# Aliases ############################################################################# {{alias}} +############################################################################# +# +# You can define a short form for a list of permissions - e.g., instead +# of "-crunch-incoming-cookies -crunch-outgoing-cookies -filter -fast-redirects", +# you can just write "shop". This is called an alias. +# +# Currently, an alias can contain any character except space, tab, '=', '{' +# or '}'. +# But please use only 'a'-'z', '0'-'9', '+', and '-'. +# +# Alias names are not case sensitive. +# +# Aliases beginning with '+' or '-' may be used for system permission names +# in future releases - so try to avoid alias names like this. (e.g. +# "+crunch-all-cookies" below is not a good name) +# +# Aliases must be defined before they are used. +# + # Useful aliases -+imageblock = +block +image ++crunch-all-cookies = +crunch-incoming-cookies +crunch-outgoing-cookies +-crunch-all-cookies = -crunch-incoming-cookies -crunch-outgoing-cookies ++imageblock = +block +handle-as-image # Fragile sites should have the minimum changes -fragile = -block -deanimate-gifs -fast-redirects -filter -hide-referer -no-cookies-keep -no-popups +fragile = -block -deanimate-gifs -fast-redirects -filter -hide-referer -crunch-all-cookies -kill-popups # Shops should be allowed to set persistent cookies -shop = -filter -no-cookies-keep +shop = -filter -crunch-all-cookies -prevent-keeping-cookies +# Your favourite blend of filters: +# +myfilters = +filter{html-annoyances} +filter{js-annoyances} +filter{popups}\ + +filter{webbugs} +filter{nimda} +filter{banners-by-size} #+filter{fun} +#... etc. Customize to your heart's content. ############################################################################# # Defaults ############################################################################# -{\ --add-header \ --block \ -+deanimate-gifs{last} \ --downgrade \ -+filter{html-annoyances} \ -+filter{content-cookies} \ -+filter{js-annoyances} \ -+filter{no-popups} \ -+filter{webbugs} \ -+filter{nimda} \ -+filter{banners-by-size} \ -+no-compression \ -+hide-forwarded \ -+hide-from{block} \ -+hide-referer{forge} \ --hide-user-agent \ --image \ -+image-blocker{pattern} \ -+no-cookies-keep \ --no-cookies-read \ --no-cookies-set \ -+no-popups \ --vanilla-wafer \ --wafer \ +{-add-header \ + -block \ + -crunch-incoming-cookies \ + -crunch-outgoing-cookies \ + +deanimate-gifs{last} \ + -downgrade-http-version \ + -fast-redirects \ + -filter{popups} \ + -filter{fun} \ + -filter{shockwave-flash} \ + -filter{crude-prental} \ + +filter{html-annoyances} \ + +filter{js-annoyances} \ + +filter{content-cookies} \ + +filter{webbugs} \ + +filter{refresh-tags} \ + +filter{nimda} \ + +filter{banners-by-size} \ + -handle-as-image \ + +hide-forwarded-for-headers \ + +hide-from-header{block} \ + +hide-referer{forge} \ + -hide-user-agent \ + -kill-popups \ + -limit-connect \ + +prevent-compression \ + -send-vanilla-wafer \ + -send-wafer \ + +session-cookies-only \ + +set-image-blocker{pattern} \ } / # Match all URLs @@ -50,8 +427,8 @@ shop = -filter -no-cookies-keep ############################################################################# # Needed for automatic feedback evaluation; Please don't delete! ############################################################################# -{+add-header{X-Actions-File-Version: 1.1} -filter -no-popups} -.privoxy.org/actions +{+add-header{X-Actions-File-Version: 1.2} -filter -kill-popups} +.privoxy.org .oesterhelt.org/actions @@ -75,7 +452,7 @@ shop = -filter -no-cookies-keep ############################################################################# # These shops require pop-ups ############################################################################# -{shop -no-popups -filter{no-poups}} +{shop -no-popups -filter{popups}} .dabs.com .overclockers.co.uk @@ -99,11 +476,11 @@ edit.europe.yahoo.com .cvs.sourceforge.net ############################################################################# -# Imagelist: +# These are images: ############################################################################# -{+image} +{+handle-as-image} ############################################################################# -/.*\.(gif|jpe?g|png|bmp|ico) +/.*\.(gif|jpe?g|png|bmp|ico)$ ############################################################################# {+imageblock} @@ -112,6 +489,12 @@ edit.europe.yahoo.com #BLOCK-REFERRER: http://www.aol.com/ ar.atwola.com +#BLOCK-REFERRER: http://www.altavista.com/ +.ad.doubleclick.net + +.a.yimg.com/(?:(?!/i/).)*$ +.a[0-9].yimg.com/(?:(?!/i/).)*$ + #BLOCK-REFERRER: bs*.gsanet.com bs*.einets.com @@ -155,3 +538,10 @@ advice. .uni-*.de www.ugu.com/sui/ugu/adv .*downloads. +# So many download pages being blocked +/downloads/ +# adv for globalintersec means advanced, not advertisement +www.globalintersec.com/adv +# We all want weather forecast to work +banners.wunderground.com/banner/gizmotemp/ +