X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=doc%2Fsource%2Fp-config.sgml;h=2a6e911ee50980eda5e8c5d6a54d0c8d27851f67;hp=298c1758a9e3b370d0f7e903aa38b97efc5efd86;hb=7efd35f2aedefdc2c300b8034d26b2cd99c45687;hpb=028385ac043e6278a5a070b534e40334819e6d79 diff --git a/doc/source/p-config.sgml b/doc/source/p-config.sgml index 298c1758..2a6e911e 100644 --- a/doc/source/p-config.sgml +++ b/doc/source/p-config.sgml @@ -3,9 +3,9 @@ Purpose : Used with other docs and files only. - $Id: p-config.sgml,v 2.90 2012/12/16 11:06:08 fabiankeil Exp $ + $Id: p-config.sgml,v 2.116 2016/03/17 10:43:29 fabiankeil Exp $ - Copyright (C) 2001-2011 Privoxy Developers http://www.privoxy.org/ + Copyright (C) 2001-2016 Privoxy Developers http://www.privoxy.org/ See LICENSE. ======================================================================== @@ -94,13 +94,13 @@ @@TITLE<!-- between the @@ is stripped by Makefile -->@@ - Sample Configuration File for Privoxy v&p-version; + Sample Configuration File for Privoxy &p-version; - $Id: p-config.sgml,v 2.90 2012/12/16 11:06:08 fabiankeil Exp $ + $Id: p-config.sgml,v 2.116 2016/03/17 10:43:29 fabiankeil Exp $ -Copyright (C) 2001-2011 Privoxy Developers http://www.privoxy.org/ +Copyright (C) 2001-2016 Privoxy Developers http://www.privoxy.org/ @@ -117,7 +117,8 @@ Copyright (C) 2001-2011 Privoxy Developers http://www.privoxy.org/ 3. DEBUGGING # 4. ACCESS CONTROL AND SECURITY # 5. FORWARDING # - 6. WINDOWS GUI OPTIONS # + 6. MISCELLANEOUS # + 7. WINDOWS GUI OPTIONS # # ################################################################# @@ -533,16 +534,6 @@ II. FORMAT OF THE CONFIGURATION FILE No trailing /, please. - @@ -597,6 +588,55 @@ II. FORMAT OF THE CONFIGURATION FILE + +temporary-directory + + + + Specifies: + + A directory where Privoxy can create temporary files. + + + + Type of value: + + Path name + + + + Default value: + + unset + + + + Effect if unset: + + No temporary files are created, external filters don't work. + + + + Notes: + + + To execute external filters, + Privoxy has to create temporary files. + This directive specifies the directory the temporary files should + be written to. + + + It should be a directory only Privoxy + (and trusted users) can access. + + + + + +@@#temporary-directory .]]> + + + logdir @@ -703,13 +743,6 @@ actionsfile Actions files contain all the per site and per URL configuration for ad blocking, cookie management, privacy considerations, etc. - There is no point in using Privoxy without at - least one actions file. - - - Note that since Privoxy 3.0.7, the complete filename, including the .action - extension has to be specified. The syntax change was necessary to be consistent - with the other file options and to allow previously forbidden characters. @@ -846,22 +879,22 @@ actionsfile Depending on the debug options below, the logfile may be a privacy risk if third parties can get access to it. As most users will never look - at it, Privoxy 3.0.7 and later only log fatal - errors by default. + at it, Privoxy only logs fatal errors by default. For most troubleshooting purposes, you will have to change that, please refer to the debugging section for details. - - Your logfile will grow indefinitely, and you will probably want to - periodically remove it. On Unix systems, you can do this with a cron job - (see man cron). - Any log files must be writable by whatever user Privoxy is being run as (on Unix, default user id is privoxy). + + To prevent the logfile from growing indefinitely, it is recommended to + periodically rotate or shorten it. Many operating systems support log + rotation out of the box, some require additional software to do it. + For details, please refer to the documentation for your operating system. + @@ -1032,12 +1065,6 @@ actionsfile so that you will notice when things go wrong. The other levels are probably only of interest if you are hunting down a specific problem. They can produce a hell of an output (especially 16). - - - - &my-app; used to ship with the debug levels recommended above enabled by - default, but due to privacy concerns 3.0.7 and later are configured to - only log fatal errors. If you are used to the more verbose settings, simply enable the debug lines @@ -1083,13 +1110,13 @@ actionsfile Type of value: - None + 1 or 0 Default value: - Unset + 0 @@ -1112,7 +1139,7 @@ actionsfile -@@#single-threaded]]> +@@#single-threaded 1]]> @@ -1870,6 +1897,67 @@ ACLs: permit-access and deny-access @@buffer-limit 4096]]> + +enable-proxy-authentication-forwarding + + + Specifies: + + + Whether or not proxy authentication through &my-app; should work. + + + + + Type of value: + + 0 or 1 + + + + Default value: + + 0 + + + + Effect if unset: + + + Proxy authentication headers are removed. + + + + + Notes: + + + Privoxy itself does not support proxy authentication, but can + allow clients to authenticate against Privoxy's parent proxy. + + + By default Privoxy (3.0.21 and later) don't do that and remove + Proxy-Authorization headers in requests and Proxy-Authenticate + headers in responses to make it harder for malicious sites to + trick inexperienced users into providing login information. + + + If this option is enabled the headers are forwarded. + + + Enabling this option is not recommended if there is + no parent proxy that requires authentication or if the local network between + Privoxy and the parent proxy isn't trustworthy. If proxy authentication is + only required for some requests, it is recommended to use a client header filter + to remove the authentication headers for requests where they aren't needed. + + + + + +@@enable-proxy-authentication-forwarding 0]]> + + @@ -2133,11 +2221,16 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t - forward-socks5 / 127.0.0.1:9050 . + forward-socks5t / 127.0.0.1:9050 . - - + + Note that if you got Tor through one of the bundles, you may + have to change the port from 9050 to 9150 (or even another one). + For details, please check the documentation on the + Tor website. + + The public Tor network can't be used to reach your local network, if you need to access local servers you therefore might want to make some exceptions: @@ -2374,6 +2467,9 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t option and configure your packet filter to redirect outgoing HTTP connections into Privoxy. + + Note that intercepting encrypted connections (HTTPS) isn't supported. + Make sure that Privoxy's own requests aren't redirected as well. Additionally take care that @@ -2656,7 +2752,8 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t that improves performance mainly depends on the client configuration. - This options is new and should be considered experimental. + If you are seeing problems with pages not properly loading, + disabling this option could work around the problem. @@ -2669,7 +2766,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t -@@#tolerate-pipelining 1]]> +@@tolerate-pipelining 1]]> @@ -2930,7 +3027,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t Default value: - None + 128 @@ -2975,6 +3072,13 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t Obviously using this option only makes sense if you choose a limit below the one enforced by the operating system. + + One most POSIX-compliant systems &my-app; can't properly deal with + more than FD_SETSIZE file descriptors at the same time and has to reject + connections if the limit is reached. This will likely change in a + future version, but currently this limit can't be increased without + recompiling &my-app; with a different FD_SETSIZE limit. + @@ -3037,15 +3141,13 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t Notes: - This is a work-around for Firefox bug 492459: - - Websites are no longer rendered if SSL requests for JavaScripts are blocked by a proxy. - + This directive was added as a work-around for Firefox bug 492459: + Websites are no longer rendered if SSL requests for JavaScripts are blocked by a proxy. (https://bugzilla.mozilla.org/show_bug.cgi?id=492459) - As the bug has been fixed for quite some time this option should no longer - be needed and will be removed in a future release. Please speak up if you - have a reason why the option should be kept around. + >https://bugzilla.mozilla.org/show_bug.cgi?id=492459), + the bug has been fixed for quite some time, but this directive is also useful + to make it harder for websites to detect whether or not resources are being + blocked. @@ -3232,20 +3334,172 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t @@#client-header-order Host \ -# User-Agent \ -# Accept \ -# Accept-Language \ -# Accept-Encoding \ -# Proxy-Connection,\ -# Referer,Cookie \ -# If-Modified-Since \ -# Cache-Control \ -# Content-Length \ -# Content-Type + User-Agent \ + Accept \ + Accept-Language \ + Accept-Encoding \ + Proxy-Connection \ + Referer \ + Cookie \ + DNT \ + If-Modified-Since \ + Cache-Control \ + Content-Length \ + Content-Type ]]> +client-specific-tag + + + Specifies: + + + The name of a tag that will always be set for clients that + requested it through the webinterface. + + + + + Type of value: + + + Tag name followed by a description that will be shown in the webinterface + + + + + Default value: + + None + + + + Notes: + + + + This is an experimental feature. The syntax is likely to change + in future versions. + + + + Client-specific tags allow Privoxy admins to create different + profiles and let the users chose which one they want without + impacting other users. + + + One use case is allowing users to circumvent certain blocks + without having to allow them to circumvent all blocks. + This is not possible with the + enable-remote-toggle feature + because it would bluntly disable all blocks for all users and also affect + other actions like filters. + It also is set globally which renders it useless in most multi-user setups. + + + After a client-specific tag has been defined with the client-specific-tag + directive, action sections can be activated based on the tag by using a + CLIENT-TAG pattern. + The CLIENT-TAG pattern is evaluated at the same priority + as URL patterns, as a result the last matching pattern wins. + Tags that are created based on client or server headers are evaluated + later on and can overrule CLIENT-TAG and URL patterns! + + + The tag is set for all requests that come from clients that requested + it to be set. + Note that "clients" are differentiated by IP address, + if the IP address changes the tag has to be requested again. + + + Clients can request tags to be set by using the CGI interface http://config.privoxy.org/show-client-tags. + The specific tag description is only used on the web page and should + be phrased in away that the user understand the effect of the tag. + + + + + Examples: + + + + # Define a couple of tags, the described effect requires action sections + # that are enabled based on CLIENT-TAG patterns. + client-specific-tag circumvent-blocks Overrule blocks but do not affect other actions + disable-content-filters Disable content-filters but do not affect other actions + + + + + + + + + +client-tag-lifetime + + + Specifies: + + + How long a temporarily enabled tag remains enabled. + + + + + Type of value: + + + Time in seconds. + + + + + Default value: + + 60 + + + + Notes: + + + + This is an experimental feature. The syntax is likely to change + in future versions. + + + + In case of some tags users may not want to enable them permanently, + but only for a short amount of time, for example to circumvent a block + that is the result of an overly-broad URL pattern. + + + The CGI interface http://config.privoxy.org/show-client-tags + therefore provides a "enable this tag temporarily" option. + If it is used, the tag will be set until the client-tag-lifetime + is over. + + + + + Examples: + + + + # Increase the time to life for temporarily enabled tags to 3 minutes + client-tag-lifetime 180 + + + + + + +