Privoxy Frequently Asked Questions

+ +

Privoxy Frequently Asked Questions -$Id: faq.sgml,v 1.35 2002/03/30 04:14:19 hal9 Exp $ + + + + + Copyright &my-copy; 2001-2014 by + Privoxy Developers + + + +$Id: faq.sgml,v 2.117 2016/03/04 13:21:33 fabiankeil Exp $ + + + - - This FAQ gives users and developers alike answers to frequently asked - questions about Privoxy. - - - Privoxy is a web proxy with advanced filtering - capabilities for protecting privacy, filtering web page content, managing - cookies, controlling access, and removing ads, banners, pop-ups and other - obnoxious Internet junk. Privoxy has a very - flexible configuration and can be customized to suit individual needs and - tastes. Privoxy has application for both - stand-alone systems and multi-user networks. - + - Privoxy is based on the code of the - Internet Junkbuster. - Junkbuster was originally written by JunkBusters - Corporation, and was released as free open-source software under the GNU GPL. - Stefan Waldherr made many improvements, and started the SourceForge project - to continue development. + + This is here to keep vim syntax file from breaking :/ + If I knew enough to fix it, I would. + PLEASE DO NOT REMOVE! HB: hal@foobox.net + +]]> + + This FAQ gives quick answers to frequently asked questions about + Privoxy. + It is not a substitute for the + Privoxy User Manual. + + + + What is Privoxy? &p-intro; + -You can find the latest version of the document at http://www.privoxy.org/faq/. -Please see the Contact section in the -user-manual if you want to contact the developers. + Please note that this document is a work in progress. This copy represents + the state at the release of version &p-version;. + You can find the latest version of the document at http://www.privoxy.org/faq/. + Please see the Contact section if you want to + contact the developers. @@ -69,1514 +149,2919 @@ Please see the Contact section in the - - - -Frequently Asked Questions - - +General Information +Who should give &my-app; a try? + + Anyone who is interested in security, privacy, or in + finer-grained control over their web and Internet experience. + + -General Information +Is Privoxy the best choice for +me? + + &my-app; is certainly a good choice, especially for those who want more + control and security. Those with the willingness to read the documentation + and the ability to fine-tune their installation will benefit the most. + + + One of Privoxy's + strengths is that it is highly configurable giving you the ability to + completely personalize your installation. Being familiar with, or at least + having an interest in learning about HTTP and other networking + protocols, HTML, and + Regular + Expressions + will be a big plus and will help you get the most out of &my-app;. + A new installation just includes a very basic configuration. The user + should take this as a starting point only, and enhance it as he or she + sees fit. In fact, the user is encouraged, and expected to, fine-tune the + configuration. + + + Much of Privoxy's configuration can be done + with a Web browser. + But there are areas where configuration is done using a + text editor + to edit configuration files. Also note that the web-based action editor + doesn't use authentication and should only be enabled in environments + where all clients with access to &my-app; listening port can be trusted. + + -What is this new version of <application>Privoxy</application>? +What is a <quote>proxy</quote>? How does +Privoxy work? + + A web proxy + is a service, based on a software such as &my-app;, that clients + (i.e. browsers) can use instead of connecting to web servers directly. + The clients then ask the proxy to request objects (web pages, images, movies etc) + on their behalf and to forward the data to the clients. + It is a go-between. For details, see + Wikipedia's proxy definition. + - The original Internet Junkbuster (tm) is a - copyrighted product of Junkbusters - Corporation. Development of this effort stopped some time ago as of - version 2.0.2. Stefan Waldherr started the ijbswa project on Sourceforge to rekindle - development. Other developers subsequently joined with Stefan, and have - since added many new features, refinements and enhancements. The result - of this effort is Privoxy. + There are many reasons to use web proxies, such as security (firewalling), + efficiency (caching) and others, and there are any number of proxies + to accommodate those needs. - Privoxy started with the - Junkbuster 2.0.2 code base, but has advanced - significantly at this point. + &my-app; is a proxy that is primarily focused on + privacy enhancement, ad and junk elimination and freeing the user from + restrictions placed on his activities. Sitting between your browser(s) and the Internet, + it is in a perfect position to filter outbound personal information that your + browser is leaking, as well as inbound junk. It uses a variety of techniques to do + this, all of which are under your complete control via the various configuration + files and options. Being a proxy also makes it easier to share + configurations among multiple browsers and/or users. + - + +Does Privoxy do anything more than ad blocking? + + Yes, ad blocking is but one possible use. There are many, many ways &my-app; + can be used to sanitize and customize web browsing. + + + +What is this new version of +<quote><citetitle>Junkbuster</citetitle></quote>? + + + &history; + + + - -Why <quote>Privoxy</quote>? Why a name change at all? + +Why <quote>Privoxy</quote>? Why change the name from +Junkbuster at all? - Privoxy is the - Privacy Enhancing Proxy. + Though outdated, Junkbusters Corporation continued to offer their original + version of the Internet Junkbuster for a while, + so publishing our Junkbuster-derived software + under the same name would have led to confusion. - There are possible legal complications from the continued use of the - Junkbuster name, which is a trademark of - Junkbusters Corporation. - (There are, however, no objections from Junkbusters Corporation to the - Privoxy project itself, and they, in fact, still - share our ideals and goals.) + There were also potential legal reasons not to use the + Junkbuster name, as it was (and maybe still is) + a registered trademark of Junkbusters Corporation. + There were, however, no objections from Junkbusters Corporation to the + Privoxy project itself, and they, in fact, + shared our ideals and goals. - - The developers also believed that there so many changes from the original - code, that it was time to make a clean break from the past and make - a name in their own right, especially now with the pending release of - version 3.0. - + The Privoxy developers also believed that there were so many improvements + over the original code, that it was time to make a clean break from the past + and make a name in their own right. - - - -How does <application>Privoxy</application> differ -from the old <application>Junkbuster?</application> - Privoxy picks up where - Junkbuster left off. All the old features remain. - The new Privoxy still blocks ads and banners, - still manages cookies, and still helps protect your privacy. But, these are - all enhanced, and many new features have been added, all in the same vein. - - - The configuration has changed significantly as well. This is something that - users will notice right off the bat. The blocklist file does - not exist any more. This is replaced by actions files, such - as default.actions. This is where most of the per site - configuration is now. + Privoxy is the + Privacy Enhancing Proxy. Also, its content + modification and junk suppression gives you, the user, more + control, more freedom, and allows you to browse your personal and + private edition of the web. + + +How does Privoxy differ +from the old Junkbuster? + + Privoxy picks up where + Junkbuster left off. + Privoxy still blocks ads and banners, + still manages cookies, and still + helps protect your privacy. But, most of these features have been enhanced, + and many new ones have been added, all in the same vein. - - -What are some of the new features? - - - - - - Integrated browser based configuration and control utility (http://p.p). Browser-based tracing of rule - and filter effects. - - - - - - Blocking of annoying pop-up browser windows. - - - - - - HTTP/1.1 compliant (most, but not all 1.1 features are supported). - - + Privoxy's new features include: + - - - Support for Perl Compatible Regular Expressions in the configuration files, and - generally a more sophisticated and flexible configuration syntax over - previous versions. - - + + &newfeatures; + - - - GIF de-animation. - - - - - - Web page content filtering (removes banners based on size, - invisible web-bugs, JavaScript, pop-ups, status bar abuse, - etc.) - - - - - - Bypass many click-tracking scripts (avoids script redirection). - - - - - - - Multi-threaded (POSIX and native threads). - - + - - - Auto-detection and re-reading of config file changes. - - + +How does Privoxy know what is an ad, and what is not? + + Privoxy's approach to blocking ads is twofold: + + + First, there are certain patterns in the locations (URLs) + of banner images. This applies to both the path (you wouldn't guess how many + web sites serve their banners from a directory called banners!) + and the host (blocking the big banner hosting services like doublecklick.net + already helps a lot). Privoxy takes advantage of this + fact by using URL + patterns to sort out and block the requests for things that sound + like they would be ads or banners. + + + Second, banners tend to come in certain sizes. But you + can't tell the size of an image by its URL without downloading it, and if you + do, it's too late to save bandwidth. Therefore, Privoxy + also inspects the HTML sources of web pages while they are loaded, and replaces + references to images with standard banner sizes by dummy references, so that + your browser doesn't request them anymore in the first place. + + + Both of this involves a certain amount of guesswork and is, of course, freely + and readily configurable. + + - - - User-customizable HTML templates (e.g. 404 error page). - - + +Can Privoxy make mistakes? +This does not sound very scientific. + + Actually, it's a black art ;-) And yes, it is always possible to have a broad + rule accidentally block or change something by mistake. You will almost surely + run into such situations at some point. It is tricky writing rules to + cover every conceivable possibility, and not occasionally get false positives. + - - - Improved cookie management features (e.g. session based cookies). - - + + But this should not be a big concern since the + Privoxy configuration is very flexible, and + includes tools to help identify these types of situations so they can be + addressed as needed, allowing you to customize your installation. + (See the Troubleshooting section below.) + - - - Improved signal handling, and a true daemon mode (Unix). - - + - - - Builds from source on most UNIX-like systems. Packages available for: Linux - (RedHat, SuSE, or Debian), Windows, Sun Solaris, Mac OSX, OS/2, HP-UX 11 and AmigaOS. - - - + +Will I have to configure Privoxy + before I can use it? + + That depends on your expectations. + The default installation should give you a good starting + point, and block most ads and unwanted content, + but many of the more advanced features are off by default, and require + you to activate them. + + + You do have to set up your browser to use + Privoxy (see the Installation section below). + + + And you will certainly run into situations where there are false positives, + or ads not being blocked that you may not want to see. In these cases, you + would certainly benefit by customizing Privoxy's + configuration to more closely match your individual situation. And we + encourage you to do this. This is where the real power of + Privoxy lies! + - - - In addition, the configuration is much more powerful and versatile over-all. - - + - + +Can Privoxy run as a server on a network? + + Yes, &my-app; runs as a server already, and can easily be configured to + serve more than one client. See + How can I set up Privoxy to act as a proxy for my LAN below. + - - -What is a <quote>proxy</quote>? How does -<application>Privoxy</application> work? +My browser does the same things as +Privoxy. Why should I use Privoxy at all? - When you connect to a web site with Privoxy, - you are really connecting to your locally running version of - Privoxy. Privoxy - intercepts your requests for the web page, and relays that to the - real web site. The web site sends the HTTP data stream - back to Privoxy, where - Privoxy can work its magic before it - relays this data back to your web browser. + Modern browsers do indeed have some of the same + functionality as Privoxy. Maybe this is + adequate for you. But Privoxy is very + versatile and powerful, and can probably do a number of things + your browser just can't. - - Since Privoxy sits between you and the - WWW, it is in a position to intercept and completely manage all web traffic and - HTTP content before it gets to your browser. - Privoxy uses various programming methods to do - this, all of which is under your control via the various configuration - files and options. + In addition, a proxy is good choice if you use multiple browsers, or + have a LAN with multiple computers since &my-app; can run as a server + application. This way all the configuration is in one place, and you don't + have to maintain a similar configuration for possibly many browsers or + users. + + Note, however, that it's recommended to leverage both your browser's + and Privoxy's privacy enhancing features + at the same time. While your browser probably lacks some features + &my-app; offers, it should also be able to do some things more + reliably, for example restricting and suppressing JavaScript. + + +Why should I trust Privoxy? - There are many kinds of proxies. Privoxy best - fits the filtering proxy category. + The most important reason is because you have access to + everything, and you can control everything. You can + check every line of every configuration file yourself. You can check every + last bit of source code should you desire. And even if you can't read code, + there should be some comfort in knowing that other people can, + and do read it. You can build the software from scratch, if you want, + so that you know the executable is clean, and that it is + yours. In fact, we encourage this level of scrutiny. It + is one reason we use &my-app; ourselves. + - +Is there is a license or fee? What about a +warranty? Registration? + + Privoxy is free software and licensed under the GNU General Public License (GPL) version 2. + It is free to use, copy, modify or distribute as you wish under the terms of this + license. Please see the Copyright section for more + information on the license and copyright. Or the LICENSE file + that should be included. + + + There is no warranty of any kind, expressed, implied or otherwise. + That is something that would cost real money ;-) There is no registration either. + + - -How does <application>Privoxy</application> know what is -an ad, and what is not? + +Can Privoxy remove spyware? Adware? Viruses? - Privoxy processes all the raw content of every - web page. So it reads everything on each page. It then compares this to the - rules as set up in the configuration files, and looks for any matches to - these rules. Privoxy makes heavy use of - regular expressions. (If you are not familiar with regular - expressions, it is explained briefly in the user manual.) Regular - expressions facilitate matching of one text string against another, using - wildcards to build complex patterns. So Privoxy - will typically look for URLs and other content that match certain key words - and expressions as defined in the configuration files. For instance a URL - that contains /banners, has a high probability of containing - ad banners, and thus would be a prime candidate to have a matching rule. + No, at least not reliably enough to trust it. &my-app; is not designed to be + a malware removal tool and the default configuration doesn't even try to + filter out any malware. - So Privoxy will look for these kinds of obvious - looking culprits. And also, will use lists of known organizations that - specialize in ads. Again, using complex patterns to match as many potential - combinations as possible since there tend to be many, many variations used by - advertisers, and new ones are being introduced all the time. + &my-app; could help prevent contact from (known) sites that use such + tactics with appropriate configuration rules, and thus could conceivably + prevent contamination from such sites. However, keeping such a configuration + up to date would require a lot of time and effort that would be better spend + on keeping your software itself up to date so it doesn't have known + vulnerabilities. - + - -Can <application>Privoxy</application> make mistakes? -This does not sound very scientific. + + +Can I use Privoxy with other ad-blocking software? - Actually, it's a black art ;-) And yes, it is always possible to have a broad rule - accidentally block something by mistake. There is a good chance you may run - into such a situation at some point. It is tricky writing rules to cover - every conceivable possibility, and not occasionally get false positives. + &my-app; should work fine with other proxies and other software in general. - - But this should not be a big concern since the - Privoxy configuration is very flexible, and - includes tools to help identify these types of situations so they can be - addressed as needed, allowing you to customize your installation. - (See the appendix below.) + But it is probably not necessary to use &my-app; in conjunction with other + ad-blocking products, and this could conceivably cause undesirable results. + It might be better to choose one software or the other and work a little to + tweak its configuration to your liking. + + Note that this is an advice specific to ad blocking. + + - - +I would like to help you, what can I do? -My browser does the same things as -<application>Privoxy</application>. Why should I use -<application>Privoxy</application> at all? - - Modern browsers do indeed have some of the same - functionality as Privoxy. Maybe this is - adequate for you. But Privoxy is much more - versatile and powerful, and can do a number of things that browsers just can't. +Would you like to participate? + + Well, we always need help. There is something for + everybody who wants to help us. We welcome new developers, packagers, + testers, documentation writers or really anyone with a desire to help in + any way. You DO NOT need to be a + programmer. There are many other tasks available. In fact, + the programmers often can't spend as much time programming because of some + of the other, more mundane things that need to be done, like checking the + Tracker feedback sections or responding to user questions on the mailing + lists. - In addition, a proxy is good choice if you use multiple browsers, or - have a LAN with multiple computers. This way all the configuration - is in one place, and you don't have to maintain a similar configuration - for possibly many browsers. - + So first thing, subscribe to the Privoxy Users + or the Privoxy + Developers mailing list, join the discussion, help out other users, provide general + feedback or report problems you noticed. - - - - -Is there is a license or fee? What about a -warranty? Registration? - - Privoxy is licensed under the - GNU General Public License (GPL). It is free to use, copy, - modify or distribute as you wish under the terms of this license. - See http://www.gnu.org/copyleft/gpl.html - for specifics. - - There is no warranty of any kind, expressed, implied or otherwise. That is - something that would cost real money ;-) There is no registration either. - Privoxy really is free - in every respect! - + If you intend to help out with the trackers, you also might want to get an account on SourceForge.net + so we don't confuse you with the other name-less users. + + We also have a Developer's Manual. + While it is partly out of date, it's still worth reading. + + + Our TODO list + may be of interest to you as well. + Please let us know if you want to work on one of the items listed. + -I would like to help you, what do I do? +Would you like to donate? + + Donations are welcome. Our + TODO list + is rather long and being able to pay one (or more) developers to work on Privoxy + would make a huge difference, even if it was only for a couple of weeks. Donations may + also be used for Privoxy-related travel expenses (for example to attend conferences), + for hardware used for Privoxy development and for hosting expenses etc. + -Money Money Money - We, of course, welcome donations and use the money for domain registering, - regular world-wide get-togethers (hahaha). Anyway, we'll soon describe the - process how to donate money to the team. + Privoxy is an associated + project of Software + in the Public Interest (SPI), which allows us to receive + tax-deductible donations in the United States. If you want to donate through + SPI, please use SPI's donation page + to see what the options are. - -You want to work with us? - Well, helping the team is always a good idea. We welcome new developers, - RPM gurus or documentation makers. Simply get an account on sourceforge.net - and mail your id to the developer mailing list. Then read the - section Quickstart in the - Developer's Manual. + You can also donate to Privoxy using a bank account or a "Paypal" address: + + Name on account: Zwiebelfreunde e.V. + IBAN: DE95430609671126825604 + BIC: GENODEM1GLS + Bank: GLS Bank + + + "Paypal" address: privoxy@zwiebelfreunde.de + - Once we have added you to the team, you'll have write access to the CVS - repository, and together we'll find a suitable task for you. + Donations made through Zwiebelfreunde e.V. are tax-deductible in Germany + and other countries that recognize German charitable clubs. Feel free to + use the Subject field to provide a name to be credited and a list of TODO + list items you are interested in the most. For example: Max Mustermann: #16, #1, #14. - + + Note that donations made through Zwiebelfreunde e.V. currently can't be checked + automatically so you may not get credited right away. The credits currently + reflect donations received before 2016-01-14. + + + + If you have any questions regarding donations please mail to either the + public user mailing list or, if it's a private matter, to + Fabian Keil (Privoxy's SPI liason) + directly. + + -Installation +Installation - -Which browsers are supported by <application>Privoxy</application>? + +Which browsers are supported by Privoxy? - Any browser that can be configured to use a proxy, which - should be virtually all browsers. Direct browser support is not necessary - since Privoxy runs as a separate application and - just exchanges standard HTML data with your browser. + Any browser that can be configured to use a proxy, which + should be virtually all browsers, including + Firefox, Internet + Explorer, Opera, and + Safari among others. + Direct browser support is not an absolute requirement since + Privoxy runs as a separate application and talks + to the browser in the standardized HTTP protocol, just like a web server + does. - + - + Which operating systems are supported? + +&supported; + + + +Can I use Privoxy with my email client? - Right now Win32, Mac OSX, OS/2, AmigaOS, Linux, and many - flavors of Unix. + As long as there is some way to set a HTTP proxy for the client, then yes, + any application can be used, whether it is strictly speaking a + browser or not. Though this may not be the best approach for + dealing with some of the common abuses of HTML in email. See How can I configure Privoxy + with Outlook? below for more on + this. - - Source code is available, so porting to other operating systems, - is always a possibility. - + Be aware that HTML email presents a number of unique security and privacy + related issues, that can require advanced skills to overcome. The developers + recommend using email clients that can be configured to convert HTML to plain + text for these reasons. - + -Can I install - <application>Privoxy</application> over <application>Junkbuster</application>? + + + +I just installed Privoxy. Is there anything special I have to do now? - All browsers must be told to use Privoxy - as a proxy by specifying the correct proxy address and port number - in the appropriate configuration area for the browser. See below. - Also, you should flush your browser's memory and disk cache to get rid of any - cached items. + All browsers should be told to use Privoxy + as a proxy by specifying the correct proxy address and port number + in the appropriate configuration area for the browser. It's possible + to combine &my-app; with a packet filter to intercept HTTP requests + even if the client isn't explicitly configured to use &my-app;, + but where possible, configuring the client is recommended. See + the User Manual for more + details. You should also flush your browser's memory and disk + cache to get rid of any cached junk items, and remove any stored + cookies. - - + -What is the proxy address of <application>Privoxy</application>? +What is the proxy address of Privoxy? If you set up the Privoxy to run on the computer you browse from (rather than your ISP's server or some - networked computer on a LAN), the proxy will be on localhost - (which is the special name used by every computer on the Internet to refer - to itself) and the port will be 8118 (unless you have Privoxy to run on a different port with the - listen-address config option). + networked computer on a LAN), the proxy will be on 127.0.0.1 + (sometimes referred to as localhost, + which is the special name used by every computer on the Internet to refer + to itself) and the port will be 8118 (unless you used the listen-address + config option to tell Privoxy to run on + a different port). When configuring your browser's proxy settings you typically enter - the word localhost in the boxes next to HTTP - and Secure (HTTPS) and then the number 8118 - for port. This tells your browser to send all web - requests to Privoxy instead of directly to the - Internet. + the word localhost or the IP address 127.0.0.1 + in the boxes next to HTTP and Secure (HTTPS) and + then the number 8118 for port. + This tells your browser to send all web requests to Privoxy + instead of directly to the Internet. - Privoxy can also be used to proxy for - a Local Area Network. In this case, your would enter either the IP - address of the LAN host where Privoxy - is running, or the equivalent hostname. Port assignment would be - same as above. + Privoxy can also be used to proxy for + a Local Area Network. In this case, your would enter either the IP + address of the LAN host where Privoxy + is running, or the equivalent hostname, e.g. 192.168.1.1. + Port assignment would be same as above. Note that + Privoxy doesn't listen on any LAN interfaces by + default. Privoxy does not currently handle - protocols such as FTP, SMTP, IM, IRC, ICQ, or other Internet - protocols. + any other protocols such as FTP, SMTP, IM, IRC, ICQ, etc. - + - -I just installed <application>Privoxy</application>, and nothing is happening. +<sect2 renderas="sect3" id="nothing"> +<title>I just installed Privoxy, and nothing is happening. All the ads are there. What's wrong? - Did you configure your browser to use Privoxy + Did you configure your browser to use Privoxy as a proxy? It does not sound like it. See above. You might also try flushing - the browser's caches to force a full re-reading of pages. You can verify - that Privoxy is running, and your browser - is correctly configured by entering the special URL: - http://p.p/. This should give you - a banner that says This is Privoxy and - access to Privoxy's internal configuration. - If you see this, then you are good to go. If not, the browser or - Privoxy are not set up correctly. + the browser's caches to force a full re-reading of pages. You can verify + that Privoxy is running, and your browser + is correctly configured by entering the special URL: + http://p.p/. + + This should take you to a page titled This is Privoxy.. with + access to Privoxy's internal configuration. + If you see this, then you are good to go. If you receive a page saying + Privoxy is not running, then the browser is not set up to use + your Privoxy installation. + If you receive anything else (probably nothing at all), it could either + be that the browser is not set up correctly, or that + Privoxy is not running at all. Check the log file. For instructions + on starting Privoxy and browser configuration, + see the chapter + on starting Privoxy in the + User Manual. + + + + +I get a <quote>Privoxy is not being used</quote> dummy page although +Privoxy is running and being used. + + + First, make sure that Privoxy is really running and + being used by visiting http://p.p/. You + should see the Privoxy main page. If not, see + the chapter + on starting Privoxy in the + User Manual. - + + Now if http://p.p/ works for you, but + other parts of Privoxy's web interface show + the dummy page, your browser has cached a redirection it encountered before + Privoxy was being used. You need to clear your + browser's cache. Note that shift-reloading the dummy page won't help, since + that'll only refresh the dummy page, not the redirection that lead you there. + + + The procedure for clearing the cache varies from browser to browser. For + example, Mozilla/Netscape users would click + Edit --> Preferences --> + Advanced --> Cache and + then click both Clear Memory Cache + and Clear Disk Cache. + In some Firefox versions it's + Tools --> Options --> + Privacy --> Cache and + then click Clear Cache Now. + + + - - -Configuration -Can I use my old config files? - - There are major changes to Junkbuster, - Privoxy, configuration from version 2.0.x to - 2.9.x and later. Most of the older files will not work at all. This is - especially true of blocklist. If this is the case, you - will need to re-enter your old data into the new configuration structure. - This is probably also a good recommendation even if upgrading from 2.9.x to - 3.x since there were many minor changes along the way. - - + - -What is an <quote>actions</quote> file? +Configuration + +What exactly is an <quote>actions</quote> file? - actions files are where various actions that - Privoxy might take, are configured. - Typically, you would define a set of default actions that apply - to all URLs, then add exceptions to these defaults. - - - - Actions can be defined on a per site basis, or for groups of sites. Actions - can also be grouped together and then applied to one or more sites. There - are many possible actions that might apply to any given site. As an example, - if we are blocking cookies as one of our default - actions, but need to accept cookies from a given - site, we would define this in our actions file. - + &my-app; utilizes the concept of + actions + that are used to manipulate and control web page data. + Actions files + are where these actions + that Privoxy could take while processing a certain + request, are configured. Typically, you would define a set of default actions + that apply globally to all URLs, then add exceptions to these defaults where needed. + There is a wide array of actions available that give the user a high degree + of control and flexibility on how to process each and every web page. - Privoxy comes with several default - actions files, with varying degrees - of filtering and blocking, as starting points for your own - configuration (see below). + Actions can be defined on a URL pattern basis, i.e. + for single URLs, whole web sites, groups or parts thereof etc. Actions can also be + grouped together and then applied to requests matching one or more patterns. + There are many possible actions that might apply to any given site. As an example, + if you are blocking cookies + as one of your default actions, but need to accept cookies from a given site, + you would need to define an exception for this site in one of your actions + files, preferably in user.action. - + - -The <quote>actions</quote>concept confuses me. Please list +<sect2 renderas="sect3" id="actionss"> +<title>The <quote>actions</quote> concept confuses me. Please list some of these <quote>actions</quote>. - These are all explained in the - user-manual. - Please refer to that. + For a comprehensive discussion of the actions concept, please refer + to the actions file + chapter in the User + Manual. It includes a list of all actions + and an actions + file tutorial to get you started. - + - -How are actions files configured? What is the easiest -way to do this? + +How are actions files configured? What is the easiest +way to do this? - The easiest way to do this, is to access Privoxy - with your web browser at http://p.p/, - and then select - "Edit the actions list" - from the selection list. You can also do this by editing the appropriate - file with a text editor. + Actions files are just text files in a special syntax and can be edited + with a text editor. But probably the easiest way is to access + Privoxy's user interface with your web browser + at http://config.privoxy.org/ + (Shortcut: http://p.p/) and then select + View & + change the current configuration from the menu. Note + that this feature must be explicitly enabled in the main config file + (see enable-edit-actions). + + + +There are several different <quote>actions</quote> files. What are +the differences? - Please see the - user-manual for a - detailed explanation of these and other configuration files, and their - various options and syntax. + Please have a look at the the actions chapter + in the User Manual for a detailed explanation. - + - + - What are the differences between -intermediate.action, basic.action, etc.? + +Why is the configuration so complicated? -Configuring Privoxy is not easy. To help you get -started, we provide you with three different default configurations. The -following table shows you, which features are enabled in each configuration. + Complicated is in the eye of the beholder. -Default Configurations - - - - - - - - - Feature - default.action - basic.action - intermediate.action - advanced.action - - - - - - - - - - - - - - - - - ad-filtering - ? - x - x - x - - - - blank image - ? - x - x - x - - - - de-animate GIFs - ? - x - x - x - - - - referer forging - ? - x - x - x - - - - jon's +no-cookies-keep (i.e. session cookies only) - ? - x - x - x - - - - no-popup windows - ? - - x - x - - - - fast redirects - ? - - x - x - - - - hide-referrer - ? - - x - x - - - - hide-useragent - ? - - x - x - - - - content-modification - ? - - - x - - - - feature-x - ? - - - - - - - feature-y - ? - - - - - - - feature-z - ? - - - - - - - -

- - + Privoxy is currently mainly written by and for people who are already + familiar with the underlying concepts like regular expressions, HTTP and HTML, + or are willing to become familiar with them to be able to get the most + out of a powerful and flexible tool such as Privoxy. + + + While everybody is expected to be able to get a Privoxy default installation + up and running, fine-tuning requires a certain amount of background + information and Privoxy's documentation mainly concentrates on the + Privoxy-specific parts while only providing references to the rest. + + + If you or anyone you know has the skills, time and energy to + reduce the barrier of entry, please get involved. + + - Why can I change the configuration with a -browser? Does that not raise security issues? +How can I make my Yahoo/Hotmail/Gmail account work? -What I don't understand, is how I can browser edit the config file as a -regular user, while the whole /etc/privoxy hierarchy belongs to the user -"privoxy", with only 644 perms. + The default configuration shouldn't impact the usability of any of these services. + It may, however, make all cookies + temporary, so that your browser will forget your + login credentials in between browser sessions. If you would like not to have to log + in manually each time you access those websites, simply turn off all cookie handling + for them in the user.action file. An example for yahoo might + look like: -When you use the browser-based editor, Privoxy -itself is writing to the config files. Because -Privoxy is running as the user "privoxy", it can -update the config files. + # Allow all cookies for Yahoo login: +# +{ -crunch-incoming-cookies -crunch-outgoing-cookies -session-cookies-only } +.login.yahoo.com -If you don't like this, setting "enable-edit-actions 0" in the config file -will disable the browser-based editor. If you're that paranoid, you should -also consider setting "enable-remote-toggle 0" to prevent browser-based -enabling/disabling of Privoxy. + These kinds of sites are often quite complex and heavy with + Javascript and + thus fragile. So if still a problem, + we have an alias just for such + sticky situations: -Note that normally only local users can connect to Privoxy, so this is not -(normally) a security problem. + # Gmail is a _fragile_ site: +# +{ fragile } + # Gmail is ... + mail.google.com + + + Be sure to flush your browser's caches whenever making these kinds of + changes, just to make sure the changes take. + + + Make sure the domain, host and path are appropriate as well. Your browser can + tell you where you are specifically and you should use that information for + your configuration settings. Note that above it is not referenced as + gmail.com, which is a valid domain name. - + - -What is <quote>default.filter</quote>? - - The default.filter file is used to filter any - web page content. By filtering we mean it can modify, remove, - or change anything on the page, including HTML tags, and - JavaScript. Regular expressions are used to accomplish this, and operate - on a line by line basis. This is potentially a very powerful feature, but - requires some expertise. - + What's the difference between the +<quote>Cautious</quote>, <quote>Medium</quote> and <quote>Advanced</quote> defaults? + + Configuring Privoxy is not entirely trivial. To + help you get started, we provide you with three different default action + profiles in the web based actions file editor at http://config.privoxy.org/show-status. + See the User + Manual for a list of actions, and how the default + profiles are set. + - If you are familiar with regular expressions, and HTML, you can look at - the provided default.filter with a text editor and see - some of things it can be used for. + Where the defaults are likely to break some sites, exceptions for + known popular problem sites are included, but in + general, the more aggressive your default settings are, the more exceptions + you will have to make later. New users are best to start off in + Cautious setting. This is safest and will have the fewest + problems. See the User Manual + for a more detailed discussion. - Presently, there is no GUI editor option for this part of the configuration, - but you can disable/enable various sections of the included default - file with the Actions List Editor from your browser. + It should be noted that the Advanced profile (formerly known + as the Adventuresome profile) is more + aggressive, and will make use of some of + Privoxy's advanced features. Use at your own risk! - + - -How can I set up <application>Privoxy</application> to act as a proxy for my - LAN? + Why can I change the configuration +with a browser? Does that not raise security issues? + + It may seem strange that regular users can edit the config files with their + browsers, although the whole /etc/privoxy hierarchy + belongs to the user privoxy, with only 644 permissions. + + + When you use the browser-based editor, Privoxy + itself is writing to the config files. Because + Privoxy is running as the user privoxy, + it can update its own config files. + + + If you run Privoxy for multiple untrusted users (e.g. in + a LAN) or aren't entirely in control of your own browser, you will probably want + to make sure that the web-based editor and remote toggle features are + off by setting enable-edit-actions + 0 and enable-remote-toggle + 0 in the main configuration file. + + + As of &my-app; 3.0.7 these options are disabled by default. + + + + + +What is the <filename>default.filter</filename> file? What is a <quote>filter</quote>? - By default, Privoxy only responds to requests - from localhost. To have it act as a server for a network, this needs to be - changed in the main config file where the Privoxy - configuration is located. In that file is a listen-address - option. It may be commented out with a # symbol. Make sure - it is uncommented, and assign it the address of the LAN gateway interface, - and port number to use: + The default.filter + file is where filters as supplied by the developers are defined. + Filters are a special subset of actions that can be used to modify or + remove web page content or headers on the fly. Content filters can + be applied to anything in the page source, + header filters can be applied to either server or client headers. + Regular expressions are used to accomplish this. - - - listen-address 192.168.1.1:8118 - + There are a number of pre-defined filters to deal with common annoyances. The + filters are only defined here, to invoke them, you need to use the + filter + action in one of the actions files. Content filtering is automatically + disabled for inappropriate MIME types, but if you know better than Privoxy + what should or should not be filtered you can filter any content you like. - - Save the file, and restart Privoxy. Configure - all browsers on the network then to use this address and port number. + Filters should + not be confused with blocks, which + is a completely different action, and is more typically used to block ads and + unwanted sites. - - - - -Instead of ads, now I get a checkerboard pattern. I don't want to see anything. - This is a configuration option for images that - Privoxy is stopping. You have the choice of a checkerboard - pattern, a transparent 1x1 GIF image (aka blank), or a custom - URL of your choice. Note that to fit this category, the URL must match both - the +image and +block actions. + If you are familiar with regular expressions, and HTML, you can look at + the provided default.filter with a text editor and define + your own filters. This is potentially a very powerful feature, but + requires some expertise in both regular expressions and HTML/HTTP. + user.filter, so they won't + be overwritten during upgrades. + The ability to define multiple filter files + in config is a new feature as of v. 3.0.5.]]> - If you want to see nothing, then change the +image-blocker - action to +image-blocker{blank}. This can be done from the - Edit Actions List selection at http://p.p/. Or by hand editing the appropriate - actions file. This will only effect what is defined as images - though. Also, any URLs that generate the bright red Blocked - banner, can be moved to the +image-blocker section for the - same reason. - + There is no GUI editor option for this part of the configuration, + but you can disable/enable the various pre-defined filters of the included + default.filter file with the web-based actions file editor. + Note that the custom actions editor must be explicitly enabled in + the main config file (see enable-edit-actions). - - - - -Why would anybody want to see a checkerboard pattern? - This can be helpful for troubleshooting problems. It might also be good - for anyone new to Privoxy so that they can - see if their favorite pages are displaying correctly, and - Privoxy is not inadvertently removing something - important. + If you intend to develop your own filters, you might want to have a look at + Privoxy-Filter-Test. - + - -I see large red banners on some pages that say -<quote>Blocked</quote>. Why and how do I get rid of this? + +How can I set up Privoxy to act as a proxy for my + LAN? - These are URLs that match something in one of - Privoxy's block actions (+block). It is meant - to be a warning so that you know something has been blocked and an easy way - for you to see why. These are handled differently than what has been defined - explicitly as images (e.g. ad banners). Depending on the - URL itself, it is sometimes hard for Privoxy to - really know whether it is indeed an ad image or not. And there are - limitations as to what Privoxy can do to - fool the browser. + By default, Privoxy only responds to requests + from 127.0.0.1 (localhost). To have it act as a server for + a network, this needs to be changed in the main configuration file. Look for + the listen-address + option, which may be commented out with a # symbol. Make sure + it is uncommented, and assign it the address of the LAN gateway interface, + and port number to use. Assuming your LAN address is 192.168.1.1 and you + wish to run Privoxy on port 8118, this line + should look like: - For instance, if the ad is in a frame, then it is embedded in the separate - HTML page used for the frame. In this case, you cannot just substitute an - aribitray image (like we would for a blank image), for an HTML - page. The browser is expecting an HTML page, and that is what it must have - for frames. So this situation can be a little trickier to deal with, and - Privoxy will use the Blocked page. + + listen-address 192.168.1.1:8118 - If you want these to be treated as if they were images, so that they can be - made invisible, you can try moving the offending URL from the - +block section to the +imageblock section of - your actions file. Just be forewarned, if any URL is made - invisible, you may not have any inkling that something has - been removed from that page. If this approach does not work, then you are - probably dealing with a frame (or ilayer), and the only thing - that can go there is an HTML page of some sort. + Save the file, and restart Privoxy. Configure + all browsers on the network then to use this address and port number. + - To deal with this situation, you could modify the - block HTML template that is used by - Privoxy to display this, and make it something - more to your liking. Currently, there is no configuration option for this. - You will have to modify, or create your own page, and use this to replace - templates/blocked, which is what - Privoxy uses to display the Blocked - page. + Alternately, you can have Privoxy listen on + all available interfaces: + - Another way to deal with this is find why and where - Privoxy is blocking the frame, and - diable this. Then let the +image-blocker action - handle the ad that is embedded in the frame's HTML page. + + listen-address :8118 - - - -I cannot see all of the <quote>Blocked</quote> page banner. All I -see is a bright red square. - There is not enough space to fit the entire page. Try right clicking on the - visible, red portion, and select Show Frame, or equivalent. - This will usually allow you to see the entire Privoxy Blocked - page, and from there you can see just what is being blocked, and why. + And then use Privoxy's + permit-access + feature to limit connections. A firewall in this situation is recommended + as well. - - -How can I make <application>Privoxy</application> work with other -proxies like <application>Squid</application>? - This can be done. See the user manual, - which describes how to do this. - + The above steps should be the same for any TCP network, regardless of + operating system. - + + If you run Privoxy on a LAN with untrusted users, + we recommend that you double-check the access control and security + options! + - - -Miscellaneous - -How much does <application>Privoxy</application> slow my browsing down? This -has to add extra time to browsing. + +Instead of ads, now I get a checkerboard pattern. I don't want to see anything. - It should not slow you down any in real terms, and may actually help - speed things up since ads, banners and other junk are not being displayed. - The actual processing time required by Privoxy - itself for each page, is relatively small in the overall scheme of things, - and happens very quickly. This is typically more than offset by time saved - not downloading and rendering ad images. + The replacement for blocked images can be controlled with the set-image-blocker + action. You have the choice of a checkerboard pattern, a transparent 1x1 GIF + image (aka blank), or a redirect to a custom image of your choice. + Note that this choice only has effect for images which are blocked as images, i.e. + whose URLs match both a handle-as-image + and block action. - - Filtering via the filterfile - mechanism may cause a perceived slowdown, since the entire page is buffered - before displaying. See below. + If you want to see nothing, then change the set-image-blocker + action to blank. This can be done by editing the + user.action file, or through the web-based actions file editor. - + + +Why would anybody want to see a checkerboard pattern? + + Remember that telling which image is an ad and which + isn't, is an educated guess. While we hope that the standard configuration + is rather smart, it will make occasional mistakes. The checkerboard image is visually + decent, and it shows you where images have been blocked, which can be very + helpful in case some navigation aid or otherwise innocent image was + erroneously blocked. It is recommended for new users so they can + see what is happening. Some people might also enjoy seeing how + many banners they don't have to see. + + -I noticed considerable -delays in page requests compared to the old Junkbuster. What's wrong? + +I see some images being replaced with text +instead of the checkerboard image. Why and how do I get rid of this? -Using the default filtering configuration, I noticed considerable delays in -page requests compared to the old Junkbuster. Loading pages with large contents -seemed to take forever, then suddenly delivering all the content at once. - + This happens when the banners are not embedded in the HTML code of the + page itself, but in separate HTML (sub)documents that are loaded into (i)frames + or (i)layers, and these external HTML documents are blocked. Being non-images + they get replaced by a substitute HTML page rather than a substitute image, + which wouldn't work out technically, since the browser expects and accepts + only HTML when it has requested an HTML document. + -The whole content must be loaded in order to filter, and nothing is is -sent to the browser during this time. The loading time does not really -change in real numbers, but the feeling is different, because most -browsers are able to start rendering incomplete content, giving the -user a feeling of "it works". - + The substitute page adapts to the available space and shows itself as a + miniature two-liner if loaded into small frames, or full-blown with a + large red "BLOCKED" banner if space allows. + -To modify the content of a page (i.e. make frames resizeable again, etc.) and -not just replace ads, Privoxy needs to download the -entire page first, do its content magic and then send the page to the browser. + If you prefer the banners to be blocked by images, you must see to it that + the HTML documents in which they are embedded are not blocked. Clicking + the See why link offered in the substitute page will show + you which rule blocked the page. After changing the rule and un-blocking + the HTML documents, the browser will try to load the actual banner images + and the usual image blocking will (hopefully!) kick in. - + -What is the "http://p.p/"? + +Can Privoxy run as a service +on Win2K/NT/XP? -Since Privoxy sits between your web browser and the Internet, it can be -programmed to handle certain pages specially. +Windows service + functionality. See + the User Manual for details on how to install and configure + Privoxy as a service. - -With recent versions of Privoxy (version 2.9.x), you can get some -information about Privoxy and change some settings by going to -http://p.p/ or, equivalently, http://config.privoxy.org/ -(Note that p.p is far easier to type but may not work in some -configurations. With the name change to Privoxy, -this is changed from the previous http://i.j.b/ or earlier 2.9.x versions). + Earlier ]]>3.x versions could run as a system service using srvany.exe. + See the discussion at http://sourceforge.net/tracker/?func=detail&atid=361118&aid=485617&group_id=11118, + for details, and a sample configuration. + + + +How can I make Privoxy work with other proxies? -These pages are not forwarded to a server on the Internet -- instead they are handled by a special web server which is built in to -Privoxy. + This can be done and is often useful to combine the benefits of + Privoxy with those of a another proxy, + for example to cache content. + See the forwarding chapter + in the User Manual which + describes how to do this. If you intend to use Privoxy with Tor, + please also have a look at + How do I use Privoxy together with Tor. + + + +Can I just set Privoxy to use port 80 +and thus avoid individual browser configuration? -If you are not running Privoxy, then http://p.p/ will fail, and http://config.privoxy.org/ will -return a web page telling you you're not running -Privoxy. + No, its more complicated than that. This only works with special kinds + of proxies known as intercepting proxies + (see below). + + + +Can Privoxy run as a <quote>transparent +</quote> proxy? -If you have version 2.0.2, then the equivalent is -http://example.com/show-proxy-args (but you get far less information, and you -should really consider upgrading to 2.9.x). + The whole idea of Privoxy is to modify client requests + and server responses in all sorts of ways and therefore + it's not a transparent proxy as described in + RFC 2616. + + + However, some people say transparent proxy when they + mean intercepting proxy. If you are one of them, + please read the next entry. - - -Do you still maintain the blocklists? + + + +How can I configure Privoxy for use with Outlook? - No. The format of the blocklists has changed significantly in the versions - 2.9.x. Once we have released the new stable version, v3.0, there will - again be blocklists that you can update automatically. + Versions of Outlook prior to Office 2007, use + Internet Explorer components to both render HTML, + and fetch any HTTP requests that may be embedded in an HTML email. So however + you have Privoxy configured to work with IE, this + configuration should automatically be shared, at least with older version of + Internet Explorer. - - -How can I submit new ads? - As of now, please discontinue to submit new ad blocking infos. Once we - have released the new version, there will again be a form on the website, - which you can use to contribute new ads. + Starting with Office 2007, Microsoft is instead using the MS-Word rendering + engine with Outlook. It is unknown whether this can be configured to use a + proxy. + - + -How can I hide my IP address? + +How can I have separate rules just for HTML mail? - You cannot hide your IP address with Privoxy or any other software, since -the server needs to know your IP address to send the answer to you. + The short answer is, you can't. Privoxy has no way + of knowing which particular application makes a request, so there is no way to + distinguish between web pages and HTML mail. + Privoxy just blindly proxies all requests. In the + case of Outlook Express (see above), OE uses + IE anyway, and there is no way for Privoxy to ever + be able to distinguish between them (nor could any other proxy type application for + that matter). -Fortunately there are many publicly usable anonymous proxies out there, which -solve the problem by providing a further level of indirection between you and -the web server, shared by many people and thus letting your requests "drown" -in white noise of unrelated requests as far as user tracking is concerned. + For a good discussion of some of the issues involved (including privacy and + security issues), see + http://sourceforge.net/tracker/?func=detail&atid=211118&aid=629518&group_id=11118. + + + + +I sometimes notice cookies sneaking through. How? + + Cookies can be + set in several ways. The classic method is via the + Set-Cookie HTTP header. This is straightforward, and an + easy one to manipulate, such as the &my-app; concept of + session-cookies-only. + There is also the possibility of using + Javascript to + set cookies (&my-app; calls these content-cookies). This + is trickier because the syntax can vary widely, and thus requires a certain + amount of guesswork. It is not realistic to catch all of these short of + disabling Javascript, which would break many sites. And lastly, if the + cookies are embedded in a HTTPS/SSL secure session via Javascript, they are beyond + Privoxy's reach. + + + All in all, &my-app; can help manage cookies in general, can help minimize + the loss of privacy posed by cookies, but can't realistically stop all + cookies. + + + +Are all cookies bad? Why? -Most of them will, however, log your IP address and make it available to the -authorities in case you abuse that anonymity for criminal purposes. In fact -you can't even rule out that some of them only exist to *collect* information -on (those suspicious) people with a more than average preference for privacy. + No, in fact there are many beneficial uses of + cookies. Cookies are just a + method that browsers can use to store data between pages, or between browser + sessions. Sometimes there is a good reason for this, and the user's life is a + bit easier as a result. But there is a long history of some websites taking + advantage of this layer of trust, and using the data they glean from you and + your browsing habits for their own purposes, and maybe to your potential + detriment. Such sites are using you and storing their data on your system. + That is why the privacy conscious watch from whom those cookies come, and why + they really need to be there. -You can find a list of anonymous public proxies at multiproxy.org and many -more through Google. + See the + Wikipedia cookie + definition for more. - + - - - - - - - + +How can I allow permanent cookies for my trusted sites? - -Can <application>Privoxy</application> guarantee I am anonymous? - No. Your chances of remaining anonymous are greatly improved, but unless you - are an expert on Internet security it would be safest to assume that - everything you do on the Web can be traced back to you. + There are several actions that relate to cookies. The default behavior is to + allow only session cookies, which means the cookies only last + for the current browser session. This eliminates most kinds of abuse related + to cookies. But there may be cases where you want cookies to last. - Privoxy can remove various information about you, - and allows you more freedom to decide which sites - you can trust. But it's still possible that web sites can find out who you - are. Here's one way this can happen. + To disable all cookie actions, so that cookies are allowed unrestricted, + both in and out, for example.com: - A few browsers disclose the user's email address in certain situations, such - as when transferring a file by FTP. Privoxy - does not filter FTP. If you need this feature, or are concerned about the - mail handler of your browser disclosing your email address, you might - consider products such as NSClean. + + { -crunch-incoming-cookies -crunch-outgoing-cookies -session-cookies-only -filter{content-cookies} } + .example.com - Browsers available only as binaries could use non-standard headers to give - out any information they can have access to: see the manufacturer's license - agreement. It's impossible to anticipate and prevent every breach of privacy - that might occur. The professionally paranoid prefer browsers available as - source code, because anticipating their behavior is easier. Trust the source, - Luke! + Place the above in user.action. Note that some of these may + be off by default anyway, so this might be redundant, but there is no harm + being explicit in what you want to happen. user.action + includes an alias for this situation, called + allow-all-cookies. + - - - -Might some things break because header information is -being altered? - + +Can I have separate configurations for different users? - Definitely. More and more sites use HTTP header content to decide what to - display and how to display it. There is many ways that this can be handled, - so having hard and fast rules, is tricky. + Each instance of Privoxy has its own + configuration, including such attributes as the TCP port that it listens on. + What you can do is run multiple instances of Privoxy, each with + a unique + listen-address + configuration setting, and configuration path, and then + each of these can have their own configurations. Think of it as per-port + configuration. - - USER AGENT in particular is often used in this way to identify - the browser, and adjust content accordingly. Changing this now is not - recommended, since so many sites do look for this. You may get undesirable - results by changing this. + Simple enough for a few users, but for large installations, consider having + groups of users that might share like configurations. + + +Can I set-up Privoxy as a whitelist of +<quote>good</quote> sites? - For instance, different browsers use different encodings of Russian and Czech - characters, certain web servers convert pages on-the-fly according to the - User Agent header. Giving a User Agent with the wrong - operating system or browser manufacturer causes some sites in these languages - to be garbled; Surfers to Eastern European sites should change it to - something closer. And then some page access counters work by looking at the - REFERER header; they may fail or break if unavailable. The - weather maps of Intellicast have been blocked by their server when no - REFERER or cookie is provided, is another example. There are - many, many other ways things can go wrong when trying to fool a web server. + Sure. There are a couple of things you can do for simple white-listing. + Here's one real easy one: + + ############################################################ + # Blacklist + ############################################################ + { +block } + / # Block *all* URLs + ############################################################ + # Whitelist + ############################################################ + { -block } + kids.example.com + toys.example.com + games.example.com - If you have problems with a site, you will have to adjust your configuration - accordingly. Cookies are probably the most likely adjustment that may - be required, but by no means the only one. - + This allows access to only those three sites by first blocking all URLs, and + then subsequently allowing three specific exceptions. - - - - - -Can <application>Privoxy</application> act as a <quote>caching</quote> proxy to -speed up web browsing? - No, it does not have this ability at all. You want something like - Squid for this. And, yes, - before you ask, Privoxy can co-exist - with other kinds of proxies like Squid. + Another approach is Privoxy's + trustfile concept, which incorporates the notion of + trusted referrers. See the Trust documentation + for details. - - - -What about as a firewall? Can <application>Privoxy</application> protect me? - Not in the way you mean, or in the way a true firewall can, or a proxy that - has this specific capability. Privoxy can help - protect your privacy, but not really protect you from intrusion attempts. + These are fairly simple approaches and are not completely foolproof. There + are various other configuration options that should be disabled (described + elsewhere here and in the User Manual) + so that users can't modify their own configuration and easily circumvent the + whitelist. - - - - -The <application>Privoxy</application> logo that replaces ads is very blocky -and ugly looking. Can't a better font be used? + + +How can I turn off ad-blocking? + + Ad blocking is achieved through a complex application of various &my-app; + actions. These + actions are deployed against simple images, banners, flash animations, + text pages, JavaScript, pop-ups and pop-unders, etc., so its not as simple as + just turning one or two actions off. The various actions that make up + &my-app; ad blocking are hard-coded into the default configuration files. It + has been assumed that everyone using &my-app; is interested in this + particular feature. + + + If you want to do without this, there are several approaches you can take: + You can manually undo the many block rules in + default.action. Or even easier, just create your own + default.action file from scratch without the many ad + blocking rules, and corresponding exceptions. Or lastly, if you are not + concerned about the additional blocks that are done for privacy reasons, you + can very easily over-ride all blocking with the + following very simple rule in your user.action: + + + + # Unblock everybody, everywhere + { -block } + / # UN-Block *all* URLs + - This is not a font problem. The logo is an image that is created by - Privoxy on the fly. So as to not waste - memory, the image is rather small. The blockiness comes when the - image is scaled to fill a largish area. There is not much to be done - about this, other than to use one of the other - imageblock directives: pattern, - blank, or a URL of your choosing. + Or even a more comprehensive reversing of various ad related actions: -Given the above problem, we have decided to remove the logo option entirely -[as of v2.9.13]. + + # Unblock everybody, everywhere, and turn off appropriate filtering, etc + { -block \ + -filter{banners-by-size} \ + -filter{banners-by-link} \ + allow-popups \ + } + / # UN-Block *all* URLs and allow ads - - - - -I have large empty spaces now where ads used to be. -Why? - It would be easy enough to just eliminate this space altogether, rather than - fill it with blank space. But, this would create problems with many pages - that use the overall size of the ad to help organize the page layout and - position the various components of the page where they were intended to be. - It is best left this way. + This last action in this compound statement, + allow-popups, is an alias that disables + various pop-up blocking features. + - - - -How can <application>Privoxy</application> filter Secure (HTTPS) URLs? + +How can I have custom template pages, like the +<emphasis>BLOCKED</emphasis> page? - This is a limitation since HTTPS transactions are encrypted SSL sessions - between your browser and the secure site, and are meant to be reliably - secure and private. This means that all cookies and HTTP - header information are also encrypted from the time they leave your browser, - to the site, and vice versa. Privoxy does not - try to unencrypt this information, so it just passes through as is. - Privoxy can still catch images and ads that - are embedded in the SSL stream though. + &my-app; templates are specialized text files utilized by + &my-app; for various purposes and can easily be modified using any text + editor. All the template pages are installed in a sub-directory appropriately + named: templates. Knowing something about HTML syntax + will of course be helpful. - - - - - -<application>Privoxy</application> runs as a <quote>server</quote>. How -secure is it? Do I need to take any special precautions? - There are no known exploits that might effect - Privoxy. On Unix-like systems, - Privoxy can run as a non-privileged - user, which is how we recommend it be run. Also, by default - Privoxy only listens to requests - from localhost. The server aspect of - Privoxy is not itself directly exposed to the - Internet in this configuration. If you want to have - Privoxy serve as a LAN proxy, this will have to - be opened up to allow for LAN requests. In this case, we'd recommend - you specify only the LAN gateway address, e.g. 192.168.1.1, in the main - Privoxy config file. All LAN hosts can then use - this as their proxy address in the browser proxy configuration. In this way, - Privoxy will not listen on any external ports. - Of course, a firewall is always good too. Better safe than sorry. + Be forewarned that the default templates are subject to being overwritten + during upgrades. You can, however, create completely new templates, + place them in another directory and specify the alternate path in the main + config. For details, have a look at the templdir option. + - - - -How can I temporarily disable <application>Privoxy</application>? + +How can I remove the <quote>Go There Anyway</quote> link from +the <emphasis>BLOCKED</emphasis> page? - The easiest way is to access Privoxy with your - browser by using the special URL: http://p.p/ - and select "Toggle Privoxy on or off" from that page. - + There is more than one way to do it (although Perl is not involved). + + + Editing the BLOCKED template page (see above) may dissuade some users, but + this method is easily circumvented. Where you need this level of control, you + might want to build &my-app; from source, and disable various features that are + available as compile-time options. You should + configure the sources as follows: + + + + ./configure --disable-toggle --disable-editor --disable-force + + + This will create an executable with hard-coded security features so that + &my-app; does not allow easy bypassing of blocked sites, or changing the + current configuration via any connected user's web browser. + + + Finally, all of these features can also be toggled on/off via options in + Privoxy's main config file which + means you don't have to recompile anything. - - + + + + - -Troubleshooting +Miscellaneous - -I just upgraded and am getting <quote>connection refused</quote> -with every web page? + +How much does Privoxy slow my browsing down? This +has to add extra time to browsing. - Either Privoxy is not running, or your - browser is configured for a different port than what - Privoxy is using. + How much of an impact depends on many things, including the CPU of the host + system, how aggressive the configuration is, which specific actions are being triggered, + the size of the page, the bandwidth of the connection, etc. - - The old Privoxy (and also - Junkbuster) used port 8000 by - default. This has been changed to port 8118 now, due to a conflict - with NAS (Network Audio Service), which uses port 8000. If you haven't, - you need to change your browser to the new port number, or alternately - change Privoxy's listen-address - setting in the config file used to start - Privoxy. + Overall, it should not slow you down any in real terms, and may actually help + speed things up since ads, banners and other junk are not typically being + retrieved and displayed. The actual processing time required by + Privoxy itself for each page, is relatively small + in the overall scheme of things, and happens very quickly. This is typically + more than offset by time saved not downloading and rendering ad images and + other junk content (if ad blocking is being used). - - - -I just added a new rule, but the steenkin ad is -still getting through. How? - If the ad had been displayed before you added its URL, it will probably be - held in the browser's cache for some time, so it will be displayed without - the need for any request to the server, and Privoxy - will not be in the picture. The best thing to do is try flushing the browser's - caches. And then try again. + Filtering content via the filter or + deanimate-gifs + actions may cause a perceived slowdown, since the entire document + needs to be buffered before displaying. And on very large documents, + filtering may have some measurable impact. How much depends on the page size, + the actual definition of the filter(s), etc. See below. Most other actions + have little to no impact on speed. - - If this doesn't help, you probably have an error in the rule you - applied. Try pasting the full URL of the offending ad into http://config.privoxy.org/show-url-info - and see if any actions match your new rule. + Also, when filtering is enabled but zlib support isn't available, compression + is often disabled (see prevent-compression). + This can have an impact on speed as well, although it's probably smaller than + you might think. Again, the page size, etc. will determine how much of an impact. - + - -One of my favorite sites does not work with <application>Privoxy</application>. -What can I do? +I notice considerable +delays in page requests. What's wrong? - First verify that it is indeed a Privoxy problem, - by disabling Privoxy filtering and blocking. - Go to http://p.p/ and click on - Toggle Privoxy On or Off, then disable it. Now try that - page again. It's probably a good idea to flush the browser cache as well. + If you use any filter action, + such as filtering banners by size, web-bugs etc, or the deanimate-gifs + action, the entire document must be loaded into memory in order for the filtering + mechanism to work, and nothing is sent to the browser during this time. - - If still a problem, go to Show which actions apply to a URL and - why from http://p.p/ and paste - the full URL of the page in question into the prompt. See which actions are - being applied to the URL. Now, armed with this information, go to Edit - the actions list. Here you should see various sections that have - various Privoxy features disabled for specific - sites. Disabled actions will have a - (minus - sign) in front of them. Add your problem page URL to one of these sections - that looks like it is disabling the feature that is causing the - problem. Re-try the page. There might be some trial and error involved. This - is discussed in a little more detail in the - user-manual - appendix. - + The loading time typically does not really change much in real numbers, but + the feeling is different, because most browsers are able to start rendering + incomplete content, giving the user a feeling of "it works". This effect is + more noticeable on slower dialup connections. Extremely large documents + may have some impact on the time to load the page where there is filtering + being done. But overall, the difference should be very minimal. If there is a + big impact, then probably some other situation is contributing (like + anti-virus software). + + + Filtering is automatically disabled for inappropriate MIME types. But note + that if the web server mis-reports the MIME type, then content that should + not be filtered, could be. Privoxy only knows how + to differentiate filterable content because of the MIME type as reported by + the server, or because of some configuration setting that enables/disables + filtering. + +What are "http://config.privoxy.org/" and +"http://p.p/"? + + http://config.privoxy.org/ is the + address of Privoxy's built-in user interface, and + http://p.p/ is a shortcut for it. + + + Since Privoxy sits between your web browser and the Internet, + it can simply intercept requests for these addresses and answer them with its built-in + web server. + + + This also makes for a good test for your browser configuration: If entering the + URL http://config.privoxy.org/ + takes you to a page saying This is Privoxy ..., everything is OK. + If you get a page saying Privoxy is not working instead, then + your browser didn't use Privoxy for the request, + hence it could not be intercepted, and you have accessed the real + web site at config.privoxy.org. + - Alternately, if you are comfortable with a text editor, you can accomplish - the same thing by editing the appropriate actions file. + Note that config.privoxy.org resolves to a public IP address. + If you use config.privoxy.org as ping or traceroute target you will + reach the system on the Internet (Privoxy can't intercept ICMP requests). + If you want to ping the system Privoxy runs on, + you should use its IP address or local DNS name (if it has got one). - + - -Where can I get help? Report bugs? Feature Requests? Etc? + +How can I submit new ads, or report +problems? - Feedback is encouraged, whether good, bad or ugly. Please see the contact - page in the user-manual for - details. - +Please see the Contact section for +various ways to interact with the developers. - + - -What time is it? +If I do submit missed ads, will +they be included in future updates? - Time for you to go! + Whether such submissions are eventually included in the + default.action configuration file depends on how + significant the issue is. We of course want to address any potential + problem with major, high-profile sites such as Google, + Yahoo, etc. Any site with global or regional reach, + has a good chance of being a candidate. But at the other end of the spectrum + are any number of smaller, low-profile sites such as for local clubs or + schools. Since their reach and impact are much less, they are best handled by + inclusion in the user's user.action, and thus would be + unlikely to be included. - - - - - - - - -Copyright and History - Please see the -user-manual for - information on Copyright and History. + There are many publicly usable "anonymous" proxies out there, which + provide a further level of indirection between you and the web server. - - - -See also - Please see the - user-manual for - others references. + However, these proxies are called "anonymous" because you don't need + to authenticate, not because they would offer any real anonymity. + Most of them will log your IP address and make it available to the + authorities in case you violate the law of the country they run in. In fact + you can't even rule out that some of them only exist to *collect* information + on (those suspicious) people with a more than average preference for privacy. - - - - + &seealso; + + + + + + +I've noticed that Privoxy changes <quote>Microsoft</quote> to +<quote>MicroSuck</quote>! Why are you manipulating my browsing? + + + We're not. The text substitutions that you are seeing are disabled + in the default configuration as shipped. You have either manually + activated the fun filter which + is clearly labeled Text replacements for subversive browsing + fun! or you are using an older Privoxy version and have implicitly + activated it by choosing the Advanced profile in the + web-based editor. Please upgrade. + + + + +Does Privoxy produce <quote>valid</quote> HTML (or XHTML)? + + + Privoxy generates HTML in both its own templates, and possibly + whenever there are text substitutions via a &my-app; filter. While this + should always conform to the HTML 4.01 specifications, it has not been + validated against this or any other standard. + + + + +How did you manage to get Privoxy on my computer without my consent? + + + We didn't. We make Privoxy available for download, but we don't go + around installing it on other people's systems behind their back. + If you discover Privoxy running on your system and are sure you didn't + install it yourself, somebody else did. You may not even be running + the real Privoxy, but maybe something else that only pretends to be + Privoxy, or maybe something that is based on the real Privoxy, + but has been modified. + + + Lately there have been reports of problems with some kind of + "parental control" software based on Privoxy that came preinstalled on + certain ASUS Netbooks. + The problems described are inconsistent with the behaviour of official + Privoxy versions, which suggests that the preinstalled software may + contain vendor modifications that we don't know about and thus can't debug. + + + Privoxy's license allows vendor + modifications, but the vendor has to comply with the license, + which involves informing the user about the changes and to make + the changes available under the same license as Privoxy itself. + + + If you are having trouble with a modified Privoxy version, + please try to talk to whoever made the modifications before + reporting the problem to us. Please also try to convince + whoever made the modifications to talk to us. If you think + somebody gave you a modified Privoxy version without complying + to the license, please let us know. + + + + + + + + + + +Troubleshooting + + +I cannot connect to any websites. Or, I am getting +<quote>connection refused</quote> message with every web page. Why? + + There are several possibilities: + + + + +Privoxy is not running. Solution: verify + that &my-app; is installed correctly, has not crashed, and is indeed running. + Turn on Privoxy's logging, and look at the logs to see what they say. + + Or your browser is configured for a different port than what + Privoxy is using. Solution: verify that &my-app; + and your browser are set to the same port (listen-address). + + Or if using a forwarding rule, you have a configuration problem or a + problem with a host in the forwarding chain. Solution: temporarily alter your + configuration and take the forwarders out of the equation. + + + Or you have a firewall that is interfering and blocking you. Solution: + try disabling or removing the firewall as a simple test. + + + + + + + + +Why am I getting a 503 Error (WSAECONNREFUSED) on every page? + + More than likely this is a problem with your TCP/IP networking. ZoneAlarm has + been reported to cause this symptom -- even if not running! The solution is + to either fight the ZA configuration, or uninstall ZoneAlarm, and then find + something better behaved in its place. Other personal firewall type products + may cause similar type problems if not configured correctly. + + -$Log: faq.sgml,v $ -Revision 1.35 2002/03/30 04:14:19 hal9 -Fix privoxy.org/config links. + +I just added a new rule, but the steenkin ad is +still getting through. How? + + If the ad had been displayed before you added its URL, it will probably be + held in the browser's cache for some time, so it will be displayed without + the need for any request to the server, and Privoxy + will not be involved. Flush the browser's caches, and then try again. + -Revision 1.34 2002/03/29 04:35:56 hal9 -Touch ups. + + If this doesn't help, you probably have an error in the rule you + applied. Try pasting the full URL of the offending ad into http://config.privoxy.org/show-url-info + and see if it really matches your new rule. Blocking ads is like blocking + spam: a lot of tinkering is required to stay ahead of the game. And + remember you need to block the URL of the ad in question, which may be + entirely different from the site URL itself. Most ads are hosted on different + servers than the main site itself. If you right-click on the ad, you should + be able to get all the relevant information you need. Alternately, you can + find the correct URL by looking at Privoxy's logs + (you may need to enable logging in the main config file if its disabled). + + + Below is a slightly modified real-life log snippet that originates with one + requested URL: www.example.com (name of site was changed + for this example, the number of requests is real). You can see in this the + complexity of what goes into making up this one page. There + are eight different domains involved here, with thirty two separate URLs + requested in all, making up all manner of images, Shockwave Flash, + JavaScript, CSS stylesheets, scripts, and other related content. Some of this + content is obviously good or bad, but not all. + Many of the more questionable looking requests, are going to outside domains + that seem to be identifying themselves with suspicious looking names, making + our job a little easier. &my-app; has crunched (meaning caught + and BLOCKED) quite a few items in this example, but perhaps missed a few as well. + + + + + + + + Despite 12 out of 32 requests being blocked, the page looked, and seemed to + behave perfectly normal (minus some ads, of course). + -Revision 1.33 2002/03/29 01:31:48 hal9 -Several new Q/A's and other touch ups. + -Revision 1.32 2002/03/27 00:57:03 hal9 -Touch ups for name change. + +One of my favorite sites does not work with Privoxy. +What can I do? -Revision 1.31 2002/03/26 22:29:55 swa -we have a new homepage! + + First verify that it is indeed a Privoxy problem, + by toggling off Privoxy through http://config.privoxy.org/toggle + (the toggle feature may need to be enabled in the main + config), + and then shift-reloading the problem page (i.e. holding down the shift key + while clicking reload. Alternatively, flush your browser's disk and memory + caches). + -Revision 1.30 2002/03/25 16:39:22 hal9 -A few new sections. Made all links relative to user-manual. + + If the problem went away, we know we have a configuration related problem. + Now go to http://config.privoxy.org/show-url-info + and paste the full URL of the page in question into the prompt. See which + actions are being applied to the URL, and which matches in which actions + files are responsible for that. It might be helpful also to look at your logs + for this site too, to see what else might be happening (note: logging may need + to be enabled in the main config file). Many sites are + complex and require a number of related pages to help present their content. + Look at what else might be used by the page in question, and what of that + might be required. + Now, armed with this information, go to + http://config.privoxy.org/show-status + and select the appropriate actions files for editing. + + You can now either look for a section which disables the actions that + you suspect to cause the problem and add a pattern for your site there, + or make up a completely new section for your site. In any case, the recommended + way is to disable only the prime suspect, reload the problem page, and only + if the problem persists, disable more and more actions until you have + identified the culprit. You may or may not want to turn the other actions + on again. Remember to flush your browser's caches in between any such changes! + + + Alternately, if you are comfortable with a text editor, you can accomplish + the same thing by editing the appropriate actions file. Probably the easiest + way to deal with such problems when editing by hand is to add your + site to a { fragile } section in user.action, + which is an alias that turns off most dangerous + actions, but is also likely to turn off more actions then needed, and thus lower + your privacy and protection more than necessary, + + + Troubleshooting actions is discussed in more detail in the User Manual appendix, + Troubleshooting: the Anatomy of an Action. + There is also an actions tutorial + with general configuration information and examples. + + + As a last resort, you can always see if your browser has a setting that will + bypass the proxy setting for selective sites. Modern browsers can do this. + -Revision 1.29 2002/03/25 05:23:57 hal9 -Moved section, and touch ups. + -Revision 1.28 2002/03/25 04:27:33 hal9 -New section related to name change. -Revision 1.25 2002/03/24 16:08:08 swa -we are too lazy to make a block-built -privoxy logo. hence removed the option. + + +After installing Privoxy, I have to log in +every time I start IE. What gives? -Revision 1.24 2002/03/24 15:46:20 swa -name change related issue. + + This is a quirk that affects the installation of + Privoxy, in conjunction with Internet Explorer and + Internet Connection Sharing on Windows 2000 and Windows XP. The symptoms may + appear to be corrupted or invalid DUN settings, or passwords. + -Revision 1.23 2002/03/24 12:33:01 swa -more additions. + + When setting up an NT based Windows system with + Privoxy you may find that things do not seem to be + doing what you expect. When you set your system up you will probably have set + up Internet Connection Sharing (ICS) with Dial up Networking (DUN) when + logged in with administrator privileges. You will probably have made this DUN + connection available to other accounts that you may have set-up on your + system. E.g. Mum or Dad sets up the system and makes accounts suitably + configured for the kids. + -Revision 1.22 2002/03/24 11:51:00 swa -name change. changed filenames. + + When setting up Privoxy in this environment you + will have to alter the proxy set-up of Internet Explorer (IE) for the + specific DUN connection on which you wish to use + Privoxy. When you do this the ICS DUN set-up + becomes user specific. In this instance you will see no difference if you + change the DUN connection under the account used to set-up the connection. + However when you do this from another user you will notice that the DUN + connection changes to make available to "Me only". You will also find that + you have to store the password under each different user! + -Revision 1.21 2002/03/24 11:01:06 swa -name change + + The reason for this is that each user's set-up for IE is user specific. Each + set-up DUN connection and each LAN connection in IE store the settings for + each user individually. As such this enforces individual configurations + rather than common ones. Hence the first time you use a DUN connection after + re-booting your system it may not perform as you expect, and prompt you for + the password. Just set and save the password again and all should be OK. + -Revision 1.20 2002/03/23 15:13:11 swa -renamed every reference to the old name with foobar. -fixed "application foobar application" tag, fixed -"the foobar" with "foobar". left junkbustser in cvs -comments and remarks to history untouched. + +[Thanks to Ray Griffith for this submission.] + + -Revision 1.19 2002/03/21 17:01:54 hal9 -Some touch ups. -Revision 1.18 2002/03/18 16:40:31 hal9 -More additions. + + +I cannot connect to any FTP sites. Privoxy + is blocking me. + + Privoxy cannot act as a proxy for FTP traffic, + so do not configure your browser to use Privoxy + as an FTP proxy. The same is true for any protocol other than HTTP + or HTTPS (SSL). + + + Most browsers understand FTP as well as HTTP. If you connect to a site, with + a URL like ftp://ftp.example.com, your browser is making + an FTP connection, and not a HTTP connection. So while your browser may + speak FTP, Privoxy does not, and cannot proxy + such traffic. + + + To complicate matters, some systems may have a generic proxy + setting, which will enable various protocols, including + both HTTP and FTP proxying! So it is possible to + accidentally enable FTP proxying in these cases. And of course, if this + happens, Privoxy will indeed cause problems since + it does not know FTP. Just disable the FTP setting + and all will be well again. + + + Will Privoxy ever proxy FTP traffic? Unlikely. + There just is not much reason, and the work to make this happen is more than + it may seem. + + -Revision 1.17 2002/03/18 03:53:53 hal9 -Some new additions. + + +In Mac OS X, I can't configure Microsoft Internet Explorer to use + Privoxy as the HTTP proxy. + + Microsoft Internet Explorer (in versions like 5.1) respects system-wide + network settings. In order to change the HTTP proxy, open System + Preferences, and click on the Network icon. In the settings pane that + comes up, click on the Proxies tab. Ensure the "Web Proxy (HTTP)" checkbox + is checked and enter 127.0.0.1 in the entry field. + Enter 8118 in the Port field. The next time you start + IE, it should reflect these values. + + -Revision 1.16 2002/03/17 21:32:56 hal9 -A few more additions. + + +In Mac OS X, I dragged the Privoxy folder to the trash in order to + uninstall it. Now the finder tells me I don't have sufficient privileges to + empty the trash. + + Note: This ONLY applies to privoxy 3.0.6 and earlier. + + + Just dragging the Privoxy folder to the trash is + not enough to delete it. Privoxy supplies an + uninstall.command file that takes care of + these details. Open the trash, drag the uninstall.command + file out of the trash and double-click on it. You will be prompted for + confirmation and the administration password. + + + The trash may still appear full after this command; emptying the trash + from the desktop should make it appear empty again. + + -Revision 1.15 2002/03/17 07:25:59 hal9 -Correcting some of my typos, and some additions. + + +In Mac OS X Panther (10.3), images often fail to load and/or I + experience random delays in page loading. I'm using + <literal>localhost</literal> as my browser's proxy setting. + + We believe this is due to an IPv6-related bug in Mac OS X, but don't fully + understand the issue yet. In any case, changing the proxy setting to + 127.0.0.1 instead of localhost + works around the problem. + + -Revision 1.14 2002/03/17 02:39:13 hal9 -A little more added ... + + +I just upgraded to Mac OS X 10.9 (Mavericks) and now &my-app; has stopped + working. + + The upgrade process to Mac OS X Mavericks (10.9) from an earlier version of OS + X deletes all user accounts that are either not part of OS X itself or are + not interactive user accounts (ones you log in with). Since, for the sake of + security, &my-app; runs as a non-privileged user that is created by its + installer (_privoxy), it can no longer start up once that account gets deleted. + The solution is to perform a complete uninstall using the supplied + uninstall.command script (either back up your + configuration files or select to not have the uninstaller remove them when it + prompts you) and then reinstall &my-app; using the installer package and merge + in your configuration. + + -Revision 1.13 2002/03/17 00:22:20 hal9 -Adding new stuff, and trying to incorporate stuff from old faq. + + + +I get a completely blank page at one site. <quote>View Source</quote> + shows only: <markup><![CDATA[<html><body></body></html>]]></markup>. Without + Privoxy the page loads fine. + + Chances are that the site suffers from a bug in + PHP, + which results in empty pages being sent if the client explicitly requests + an uncompressed page, like Privoxy does. + This bug has been fixed in PHP 4.2.3. + + + To find out if this is in fact the source of the problem, try adding + the site to a -prevent-compression section in + user.action: + + + # Make exceptions for ill-behaved sites: + # + {-prevent-compression} + .example.com + + If that works, you may also want to report the problem to the + site's webmasters, telling them to use zlib.output_compression + instead of ob_gzhandler in their PHP applications (workaround) + or upgrade to PHP 4.2.3 or later (fix). + + -Revision 1.12 2002/03/11 20:13:21 swa -typo + +My logs show many <quote>Unable to get my own hostname</quote> lines. +Why? + + Privoxy tries to get the hostname of the system + its running on from the IP address of the system interface it is bound to + (from the config file + listen-address setting). If the system cannot supply + this information, Privoxy logs this condition. + + + Typically, this would be considered a minor system configuration error. It is + not a fatal error to Privoxy however, but may + result in a much slower response from Privoxy on + some platforms due to DNS timeouts. + + + This can be caused by a problem with the local hosts + file. If this file has been changed from the original, try reverting it to + see if that helps. Make sure whatever name(s) are used for the local system, + that they resolve both ways. + + + You should also be able to work around the problem with the + hostname option. + + -Revision 1.11 2002/03/11 18:42:27 swa -new section + +When I try to launch Privoxy, I get an +error message <quote>port 8118 is already in use</quote> (or similar wording). +Why? + + Port 8118 is Privoxy's default TCP + listening port. Typically this message would mean that there + is already one instance of Privoxy running, and + your system is actually trying to start a second + Privoxy on the same port, which will not work. + (You can have multiple instances but they must be assigned different ports.) + How and why this might happen varies from platform to platform, but you need + to check your installation and start-up procedures. + + -Revision 1.10 2002/03/11 13:13:27 swa -correct feedback channels + + + Pages with UTF-8 fonts are garbled. + + + This may be the result of an overly aggressive filter. The filters that + are enabled in the default configuration aren't expected to cause problems + like this. If you enabled the demoronizer filter, please + try temporarily disabling it. + + + If that doesn't help, temporarily disable all filters to see if another + filter could be the culprit. If the problem disappears, enable the filters + one by one, until the problem reappears and the offending filter is found. + + + Once the problem-causing filter is known, it can be fixed or disabled. + + + Upgrading Privoxy, or going to the most recent + default.action file available from SourceForge + might be worth a try, too. + + -Revision 1.9 2002/03/10 23:34:04 swa -more info on not hiding ip address + + + Why are binary files (such as images) corrupted when Privoxy + is used? + + + This may also be caused by an (overly aggressive + filter in conjunction with a web server that is misreporting the content + type. By default binary files are exempted from + Privoxy's filtering + (unless the web server by mistake says the file is something else). + + -Revision 1.8 2002/03/09 15:55:48 swa -added default config section + + + What is the <quote>demoronizer</quote> and why is it there? + + + The original demoronizer was a Perl script that cleaned up HTML pages which + were created with certain Microsoft products. MS has used proprietary extensions + to standardized font encodings (ISO 8859-1), which has caused problems for pages + that are viewed with non-Microsoft products (and are expecting to see a + standard set of fonts). The demoronizer corrected these errors so the pages + displayed correctly. Privoxy borrowed from this + script, introducing a filter based on the original demoronizer, which in turn could + correct these errors on the fly. + + + But this is only needed in some situations, and will cause serious problems in some + other situations. + + + If you are using Microsoft products, you do not need it. If you need to view + pages with UTF-8 characters (such as Cyrillic or Chinese), then it will + cause corruption of the fonts, and thus should not be on. + + + On the other hand, if you use non-Microsoft products, and you occasionally + notice weird characters on pages, you might want to try it. + + + + + + Why do I keep seeing <quote>PrivoxyWindowOpen()</quote> in raw source code? + + + Privoxy is attempting to disable malicious + Javascript + in this case, with the unsolicited-popups + filter. Privoxy cannot tell very well + good code snippets from bad code snippets. + + + If you see this in HTML source, and the page displays without problems, then + this is good, and likely some pop-up window was disabled. If you see this + where it is causing a problem, such as a downloaded program source code file, + then you should set an exception for this site or page such that the + integrity of the page stays in tact by disabling all filtering. + + + + + + I am getting too many DNS errors like <quote>404 No Such Domain</quote>. Why + can't Privoxy do this better? + + + There are potentially several factors here. First of all, the DNS resolution + is done by the underlying operating system -- not + Privoxy itself. Privoxy + merely initiates the process and hands it off, and then later reports + whatever the outcome was and tries to give a coherent message if there seems + to be a problem. In some cases, this might otherwise be mitigated by the + browser itself which might try some work-arounds and alternate approaches (e.g + adding www. to the URL). + + + In other cases, if Privoxy is being chained + with another proxy, this could complicate the issue, and cause undue + delays and timeouts. In the case of a socks4a proxy, the socks + server handles all the DNS. Privoxy would just be + the messenger which is reporting whatever problem occurred + downstream, and not the root cause of the error. + + + In any case, versions newer than 3.0.3 include various improvements to help + Privoxy better handle these cases. +]]> + + + + + At one site Privoxy just hangs, and starts taking + all CPU. Why is this? + + + This is probably a manifestation of the 100% cpu problem that + occurs on pages containing many (thousands upon thousands) of blank lines. The blank lines + are in the raw HTML source of the page, and the browser just ignores them. But the + pattern matching in Privoxy's page filtering + mechanism is trying to match against absurdly long strings and this becomes + very CPU-intensive, taking a long, long time to complete. + + + Until a better solution comes along, disable filtering on these pages, + particularly the js-annoyances and + unsolicited-popups filters. If you run into this problem + with a recent &my-app; version, please send a problem report. + + + + +I just installed Privoxy, and all my +browsing has slowed to a crawl. What gives? + + This should not happen, and for the overwhelming number of users world-wide, + it does not happen. I would suspect some inadvertent interaction of software + components such as anti-virus software, spyware protectors, personal + firewalls or similar components. Try disabling (or uninstalling) these one + at a time and see if that helps. Either way, if you are using a + recent &my-app; version, please report the problem. + + + + +Why do my filters work on some sites but not on others? + + It's probably due to compression. It is a common practice for web servers to + send their content compressed in order to speed things up, and + then let the browser uncompress them. When compiled with zlib support + &my-app; can decompress content before filtering, otherwise you may want to enable +prevent-compression. + + + As of &my-app; 3.0.9, zlib support is enabled in the default builds. + + + + + +On some HTTPS sites my browser warns me about unauthenticated content, + the URL bar doesn't get highlighted and the lock symbol appears to be broken. + What's going on? + + Probably the browser is requesting ads through HTTPS and &my-app; + is blocking the requests. Privoxy's error messages are delivered + unencrypted and while it's obvious for the browser that the HTTPS + request is already blocked by the proxy, some warn about unauthenticated + content anyway. + + + To work around the problem you can redirect those requests to an invalid + local address instead of blocking them. While the redirects aren't + encrypted either, many browsers don't care. They simply follow the + redirect, fail to reach a server and display an error message instead + of the ad. + + + To do that, enable logging to figure out which requests get blocked by + &my-app; and add the hosts (no path patterns) to a section like this: + + + + + + + + Additionally you have to configure your browser to contact + 127.0.0.1:0 directly (instead of through &my-app;). + + + To add a proxy exception in Mozilla Firefox + open the Preferences, click the Settings + button located on the Network tab in the Advanced + section, and add 127.0.0.1:0 in the No Proxy for: + field. + + + + + +I get selinux error messages. How can I fix this? + + Please report the problem to the creator of your selinux policies. + + + The problem is that some selinux policy writers aren't familiar + with the application they are trying to secure and + thus create policies that make no sense. + + + In Privoxy's case the problem usually + is that the policy only allows outgoing connections for certain + destination ports (e.g. 80 and 443). While this may cover the + standard ports, websites occasionally use other ports as well. + This isn't a security problem and therefore Privoxy's + default configuration doesn't block these requests. + + + If you really want to block these ports (and don't be able + to load websites that don't use standard ports), you should + configure Privoxy to block these ports as well, so it doesn't + trigger the selinux warnings. + + + + + +I compiled &my-app; with Gentoo's portage and it appears to be very slow. Why? + + Probably you unintentionally compiled &my-app; without threading support + in which case requests have to be serialized and only one can be served + at the same time. + + + Check your USE flags and make sure they include + threads. If they don't, add the flag and rebuild &my-app;. + + + If you compiled &my-app; with threading support (on POSIX-based systems), + the Conditional #defines section on http://config.privoxy.org/show-status + will list FEATURE_PTHREAD as enabled. + + + + +What are tainted sockets and how do I prevent them? + + &my-app; marks sockets as tainted when it can't use them to + serve additional requests. + This does not necessarily mean that something went wrong and + information about tainted sockets is only logged if connection + debugging is enabled (debug 2). + + + For example server sockets that were used for CONNECT requests + (which are used to tunnel https:// requests) are considered tainted + once the client closed its connection to &my-app;. + Technically &my-app; could keep the connection to the server open, + but the server would not accept requests that do not belong to the + previous TLS/SSL session (and the client may even have terminated + the session). + + + Server sockets are also marked tainted when a client requests a + resource, but closes the connection before &my-app; has completely + received (and forwarded) the resource to the client. + In this case the server would (probably) accept additional requests, + but &my-app; could not get the response without completely reading + the leftovers from the previous response. + + + These are just two examples, there are currently a bit more than + 25 scenarios in which a socket is considered tainted. + + + While sockets can also be marked tainted as a result of a technical + problem that may be worth fixing, the problem will be explicitly + logged as error. + + + + -Revision 1.7 2002/03/07 18:16:55 swa -looks better + + Contacting the developers, Bug Reporting and Feature Requests + + &contacting; + + -Revision 1.6 2002/03/07 13:16:31 oes -Committing changes by Stefan + +Privoxy Copyright, License and History -Revision 1.5 2002/03/02 15:50:04 swa -2.9.11 version. more input for docs. + + ©right; + -Revision 1.4 2002/02/24 14:34:24 jongfoster -Formatting changes. Now changing the doctype to DocBook XML 4.1 -will work - no other changes are needed. -Revision 1.3 2001/09/23 10:13:48 swa -upload process established. run make webserver and -the documentation is moved to the webserver. documents -are now linked correctly. + + Portions of this document are borrowed from the original + Junkbuster (tm) FAQ, and modified as + appropriate for Privoxy. + -Revision 1.2 2001/09/13 15:20:17 swa -merged standards into developer manual + + License + + &license; + + + -Revision 1.1 2001/09/12 15:36:41 swa -source files for junkbuster documentation + + History + + &history; + + -Revision 1.3 2001/09/10 17:43:59 swa -first proposal of a structure. + + -Revision 1.2 2001/06/13 14:28:31 swa -docs should have an author. -Revision 1.1 2001/06/13 14:20:37 swa -first import of project's documentation for the webserver. + + + + + + +