The Main Configuration File
- Again, the main configuration file is named config on
- Linux/Unix/BSD and OS/2, and config.txt on Windows.
+ By default, the main configuration file is named config,
+ with the exception of Windows, where it is named config.txt.
Configuration lines consist of an initial keyword followed by a list of
values, all separated by whitespace (any number of spaces or tabs). For
example:
@@ -97,10 +97,10 @@
Sample Configuration File for Privoxy v&p-version;
- $Id: p-config.sgml,v 2.54 2009/11/27 13:47:34 fabiankeil Exp $
+ $Id: p-config.sgml,v 2.73 2011/06/25 12:45:47 fabiankeil Exp $
-Copyright (C) 2001-2009 Privoxy Developers http://www.privoxy.org/
+Copyright (C) 2001-2010 Privoxy Developers http://www.privoxy.org/
@@ -796,7 +796,7 @@ actionsfile
@@filterfile default.filter]]>
-@@#filterfile user.filter # User customizations]]>
+@@filterfile user.filter # User customizations]]>
@@ -1009,7 +1009,7 @@ actionsfile
debug 2 # show each connection status
debug 4 # show I/O status
debug 8 # show header parsing
- debug 16 # log all data written to the network into the logfile
+ debug 16 # log all data written to the network
debug 32 # debug force feature
debug 64 # debug regular expression filters
debug 128 # debug redirects
@@ -1019,6 +1019,7 @@ actionsfile
debug 2048 # CGI user interface
debug 4096 # Startup banner and warnings.
debug 8192 # Non-fatal errors
+ debug 32768 # log all data read from the network
@@ -1193,7 +1194,7 @@ actionsfile
Specifies:
- The IP address and TCP port on which Privoxy will
+ The address and TCP port on which Privoxy will
listen for client requests.
@@ -1202,6 +1203,7 @@ actionsfile
Type of value:[IP-Address]:Port
+ [Hostname]:Port
@@ -1232,15 +1234,49 @@ actionsfile
serve requests from other machines (e.g. on your local network) as well, you
will need to override the default.
+
+ If a hostname is used instead of an IP address, Privoxy
+ will try to resolve it to an IP address and if there are multiple, use the first
+ one returned.
+
+
+ If the address for the hostname isn't already known on the system
+ (for example because it's in /etc/hostname), this may result in DNS
+ traffic.
+
+
+ If the specified address isn't available on the system, or if the
+ hostname can't be resolved, Privoxy
+ will fail to start.
+
IPv6 addresses containing colons have to be quoted by brackets.
+ They can only be used if Privoxy has
+ been compiled with IPv6 support. If you aren't sure if your version
+ supports it, have a look at
+ http://config.privoxy.org/show-status.
+
+
+ Some operating systems will prefer IPv6 to IPv4 addresses even if the
+ system has no IPv6 connectivity which is usually not expected by the user.
+ Some even rely on DNS to resolve localhost which mean the "localhost" address
+ used may not actually be local.
- If you leave out the IP address, Privoxy will
- bind to all IPv4 interfaces (addresses) on your machine and may become reachable
- from the Internet. In that case, consider using access control lists (ACL's, see below), and/or
- a firewall.
+ It is therefore recommended to explicitly configure the intended IP address
+ instead of relying on the operating system, unless there's a strong reason not to.
+
+
+ If you leave out the address, Privoxy will bind to all
+ IPv4 interfaces (addresses) on your machine and may become reachable from the
+ Internet and/or the local network. Be aware that some GNU/Linux distributions
+ modify that behaviour without updating the documentation. Check for non-standard
+ patches if your Privoxyversion behaves differently.
+
+
+ If you configure Privoxyto be reachable from the
+ network, consider using access control lists
+ (ACL's, see below), and/or a firewall.
If you open Privoxy to untrusted users, you will
@@ -1248,6 +1284,12 @@ actionsfile
linkend="enable-edit-actions">enable-edit-actions and
enable-remote-toggle
+
+ With the exception noted above, listening on multiple addresses is currently
+ not supported by Privoxy directly.
+ It can be done on most operating systems by letting a packet filter
+ redirect request for certain addresses to Privoxy, though.
+
@@ -1710,8 +1752,8 @@ ACLs: permit-access and deny-access
IP addresses, only the first one is used.
- Some systems allows IPv4 client to connect to IPv6 server socket.
- Then the client's IPv4 address will be translated by system into
+ Some systems allow IPv4 clients to connect to IPv6 server sockets.
+ Then the client's IPv4 address will be translated by the system into
IPv6 address space with special prefix ::ffff:0:0/96 (so called IPv4
mapped IPv6 address). Privoxy can handle it
and maps such ACL addresses automatically.
@@ -1964,7 +2006,7 @@ ACLs: permit-access and deny-access
- foward / [2001:DB8::1]:8000
+ forward / [2001:DB8::1]:8000
@@ -2536,6 +2578,23 @@ forward-socks4, forward-socks4a and forward-socks5
This option has no effect if Privoxy
has been compiled without keep-alive support.
+
+ Note that a timeout of five seconds as used in the default
+ configuration file significantly decreases the number of
+ connections that will be reused. The value is used because
+ some browsers limit the number of connections they open to
+ a single host and apply the same limit to proxies. This can
+ result in a single website grabbing all the
+ connections the browser allows, which means connections to
+ other websites can't be opened until the connections currently
+ in use time out.
+
+
+ Several users have reported this as a Privoxy bug, so the
+ default value has been reduced. Consider increasing it to
+ 300 seconds or even more if you think your browser can handle
+ it. If your browser appears to be hanging it can't.
+
@@ -2547,7 +2606,7 @@ forward-socks4, forward-socks4a and forward-socks5
-@@keep-alive-timeout 300]]>
+@@keep-alive-timeout 5]]>
@@ -2768,9 +2827,9 @@ forward-socks4, forward-socks4a and forward-socks5
Notes:
- For SOCKS requests the timeout currently doesn't start until
- the SOCKS server accepted the request. This will be fixed in
- the next release.
+ The default is quite high and you probably want to reduce it.
+ If you aren't using an occasionally slow proxy like Tor, reducing
+ it to a few seconds should be fine.
@@ -2868,6 +2927,135 @@ forward-socks4, forward-socks4a and forward-socks5
+handle-as-empty-doc-returns-ok
+
+
+ Specifies:
+
+
+ The status code Privoxy returns for pages blocked with
+
+ +handle-as-empty-document.
+
+
+
+
+ Type of value:
+
+
+ 0 or 1
+
+
+
+
+ Default value:
+
+ 0
+
+
+
+ Effect if unset:
+
+
+ Privoxy returns a status 403(forbidden) for all blocked pages.
+
+
+
+
+ Effect if set:
+
+
+ Privoxy returns a status 200(OK) for pages blocked with +handle-as-empty-document
+ and a status 403(Forbidden) for all other blocked pages.
+
+
+
+
+ Notes:
+
+
+ This is a work-around for Firefox bug 492459:
+
+ Websites are no longer rendered if SSL requests for JavaScripts are blocked by a proxy.
+
+ (https://bugzilla.mozilla.org/show_bug.cgi?id=492459)
+ As the bug has been fixed for quite some time this option should no longer
+ be needed and will be removed in a future release. Please speak up if you
+ have a reason why the option should be kept around.
+
+
+
+
+@@#handle-as-empty-doc-returns-ok 1]]>
+
+
+
+enable-compression
+
+
+ Specifies:
+
+
+ Whether or not buffered content is compressed before delivery.
+
+
+
+
+ Type of value:
+
+
+ 0 or 1
+
+
+
+
+ Default value:
+
+ 0
+
+
+
+ Effect if unset:
+
+
+ Privoxy does not compress buffered content.
+
+
+
+
+ Effect if set:
+
+
+ Privoxy compresses buffered content before delivering it to the client,
+ provided the client supports it.
+
+
+
+
+ Notes:
+
+
+ This directive is only supported if Privoxy has been compiled with
+ FEATURE_COMPRESSION, which should not to be confused with FEATURE_ZLIB.
+
+
+ Compressing buffered content is mainly useful if Privoxy and the
+ client are running on different systems. If they are running on the
+ same system, enabling compression is likely to slow things down.
+ If you didn't measure otherwise, you should assume that it does
+ and keep this option disabled.
+
+
+ Privoxy will not compress buffered content below a certain length.
+
+
+
+
+@@#enable-compression 1]]>
+
+
+