X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=doc%2Fsource%2Fuser-manual.sgml;h=3f88ffb0961355e4b666b11631555ac015fac70a;hp=336155939e6af8c68beef86f242101f32be789aa;hb=043a1d495ada3ded930834bd238dbdc90bac47ef;hpb=65eac5e8553a475eff188a5b6e2a3256ed283a6f
diff --git a/doc/source/user-manual.sgml b/doc/source/user-manual.sgml
index 33615593..3f88ffb0 100644
--- a/doc/source/user-manual.sgml
+++ b/doc/source/user-manual.sgml
@@ -11,11 +11,11 @@
-
-
+
+
-
-
+
+
@@ -33,9 +33,9 @@
This file belongs into
ijbswa.sourceforge.net:/home/groups/i/ij/ijbswa/htdocs/
- $Id: user-manual.sgml,v 2.45 2007/11/16 11:48:46 hal9 Exp $
+ $Id: user-manual.sgml,v 2.57 2008/02/03 19:10:14 fabiankeil Exp $
- Copyright (C) 2001-2007 Privoxy Developers http://www.privoxy.org/
+ Copyright (C) 2001-2008 Privoxy Developers http://www.privoxy.org/
See LICENSE.
========================================================================
@@ -54,12 +54,12 @@
- Copyright &my-copy; 2001 - 2007 by
+ Copyright &my-copy; 2001 - 2008 by
Privoxy Developers
-$Id: user-manual.sgml,v 2.45 2007/11/16 11:48:46 hal9 Exp $
+$Id: user-manual.sgml,v 2.57 2008/02/03 19:10:14 fabiankeil Exp $
-Mac OSX
+Mac OS X
Unzip the downloaded file (you can either double-click on the file
from the finder, or from the desktop if you downloaded it there).
@@ -589,155 +589,6 @@ How to install the binary packages depends on your operating system:
-
-
-
@@ -757,20 +608,32 @@ How to install the binary packages depends on your operating system:
+
+
+ The recommended way to upgrade &my-app; is to backup your old
+ configuration files, install the new ones, verify that &my-app;
+ is working correctly and finally merge back your changes using
+ diff and maybe patch.
+
+
+ There are a number of new features in each &my-app; release and
+ most of them have to be explicitly enabled in the configuration
+ files. Old configuration files obviously don't do that and due
+ to syntax changes using old configuration files with a new
+ &my-app; isn't always possible anyway.
+
+
- Some installers may remove earlier versions completely, including
- configuration files. Save any important configuration files!
+ Note that some installers remove earlier versions completely,
+ including configuration files, therefore you should really save
+ any important configuration files!
- On the other hand, other installers may not overwrite any existing configuration
- files, thinking you will want to do that. You may want to manually check
- your saved files against the newer versions to see if the improvements have
- merit, or whether there are new options that you may want to consider.
- There are a number of new features, but most won't be available unless
- these features are incorporated into your configuration somehow.
+ On the other hand, other installers don't overwrite existing configuration
+ files, thinking you will want to do that yourself.
@@ -779,31 +642,15 @@ How to install the binary packages depends on your operating system:
Not all actions as before.
-
-
- Logging is off by default now. If you need logging, it can be turned on
- in the config file.
-
-
+
+ In the default configuration only fatal errors are logged now.
+ You can change that in the debug section
+ of the configuration file. You may also want to enable more verbose
+ logging until you verified that the new &my-app; version is working
+ as expected.
+
+
@@ -1348,7 +1195,7 @@ How to install the binary packages depends on your operating system:
- Tools -> Options -> General -> Connection Settings -> Manual Proxy Configuration
+ Tools -> Options -> Advanced -> Network ->Connection -> Settings
@@ -1376,7 +1223,7 @@ How to install the binary packages depends on your operating system:
- For Internet Explorer v.5-6:
+ For Internet Explorer v.5-7:
@@ -1461,23 +1308,6 @@ How to install the binary packages depends on your operating system:
-
Windows
@@ -1519,7 +1349,7 @@ Example Unix startup command:
-Mac OSX
+Mac OS X
During installation, Privoxy is configured to
start automatically when the system restarts. To start &my-app; manually,
@@ -2480,8 +2310,11 @@ for details.
.example.com
- matches any domain that ENDS in
- .example.com
+ matches any domain with first-level domain com
+ and second-level domain example.
+ For example www.example.com,
+ example.com and foo.bar.baz.example.com.
+ Note that it wouldn't match if the second-level domain was another-example.
@@ -2490,7 +2323,8 @@ for details.
matches any domain that STARTS with
- www.
+ www. (It also matches the domain
+ www but most of the time that doesn't matter.)
@@ -3096,6 +2930,11 @@ for details.
Client-header filters are executed after the other header actions have finished
and use their output as input.
+
+ If the request URL gets changed, &my-app; will detect that and use the new
+ one. This can be used to rewrite the request destination behind the client's
+ back, for example to specify a Tor exit relay for certain requests.
+
Please refer to the filter file chapter
to learn which client-header filters are available by default, and how to
@@ -3110,8 +2949,9 @@ for details.
+# Hide Tor exit notation in Host and Referer Headers
{+client-header-filter{hide-tor-exit-notation}}
-.exit/
+/
@@ -4312,7 +4152,8 @@ new action
forward-socks4a 127.0.0.1:9050 . to use the socks4a proxy listening at
127.0.0.1 port 9050. Replace forward-socks4a with forward-socks4
- to use a socks4 connection (with local DNS resolution) instead.
+ to use a socks4 connection (with local DNS resolution) instead, use forward-socks5
+ for socks5 connections (with remote DNS resolution).
@@ -4320,7 +4161,8 @@ new action
forward-socks4a 127.0.0.1:9050 proxy.example.org:8000 to use the socks4a proxy
listening at 127.0.0.1 port 9050 to reach the HTTP proxy listening at proxy.example.org port 8000.
Replace forward-socks4a with forward-socks4 to use a socks4 connection
- (with local DNS resolution) instead.
+ (with local DNS resolution) instead, use forward-socks5
+ for socks5 connections (with remote DNS resolution).
@@ -4331,7 +4173,7 @@ new action
Notes:
- This action takes parameters similar to the
+ This action takes parameters similar to the
forward directives in the configuration
file, but without the URL pattern. It can be used as replacement, but normally it's only
used in cases where matching based on the request URL isn't sufficient.
@@ -4366,6 +4208,8 @@ new action
# This way you can continue to use Tor for your normal browsing,
# without overloading the Tor network with your FreeBSD ports updates
# or downloads of bigger files like ISOs.
+# Note that HTTP headers are easy to fake and therefore their
+# values are as (un)trustworthy as your clients and users.
{+forward-override{forward .} \
-hide-if-modified-since \
-overwrite-last-modified \
@@ -4780,8 +4624,8 @@ new action
Randomizing the value of the If-Modified-Since: makes
- sure it isn't used as a cookie replacement, but you will run into
- caching problems if the random range is too high.
+ it less likely that the server can use the time as a cookie replacement,
+ but you will run into caching problems if the random range is too high.
It is a good idea to only use a small negative value and let
@@ -4790,7 +4634,8 @@ new action
It is also recommended to use this action together with
- crunch-if-none-match.
+ crunch-if-none-match,
+ otherwise it's more or less pointless.
@@ -4799,8 +4644,8 @@ new action
Example usage (section):
- # Let the browser revalidate without being tracked across sessions
-{ +hide-if-modified-since{-60} \
+ # Let the browser revalidate but make tracking based on the time less likely.
+{+hide-if-modified-since{-60} \
+overwrite-last-modified{randomize} \
+crunch-if-none-match}
/
@@ -4818,7 +4663,7 @@ new action
Typical use:
- Improve privacy by not embedding the source of the request in the HTTP headers.
+ Improve privacy by not forwarding the source of the request in the HTTP headers.
@@ -4826,8 +4671,7 @@ new action
Effect:
- Deletes any existing X-Forwarded-for: HTTP header from client requests,
- and prevents adding a new one.
+ Deletes any existing X-Forwarded-for: HTTP header from client requests.
@@ -4853,7 +4697,7 @@ new action
Notes:
- It is safe to leave this on.
+ It is safe and recommended to leave this on.
@@ -4979,11 +4823,9 @@ new action
conditional-block to delete the header completely if the host has changed.
-
block to delete the header unconditionally.
@@ -5017,7 +4859,7 @@ new action
Always blocking the referrer, or using a custom one, can lead to
failures on servers that check the referrer before they answer any
- requests, in an attempt to prevent their valuable content from being
+ requests, in an attempt to prevent their content from being
embedded or linked to elsewhere.
@@ -5056,7 +4898,7 @@ new action
Typical use:
- Conceal your type of browser and client operating system
+ Try to conceal your type of browser and client operating system
@@ -5096,10 +4938,6 @@ new action
order to customize their content for different browsers (which, by the
way, is NOT the right thing to do: good web sites
work browser-independently).
-
@@ -5139,14 +4977,11 @@ new action
inspect-jpegs
-
Typical use:
- To protect against the MS buffer over-run in JPEG processing
+ Try to protect against a MS buffer over-run in JPEG processing
@@ -5185,12 +5020,13 @@ new action
allow execution of code on the target system, giving an attacker access
to the system in question by merely planting an altered JPEG image, which
would have no obvious indications of what lurks inside. This action
- prevents this exploit.
+ tries to prevent this exploit if delivered through unencrypted HTTP.
- Note that the described exploit is only one of many,
- using this action does not mean that you no longer
- have to patch the client.
+ Note that the exploit mentioned is several years old
+ and it's unlikely that your client is still vulnerable
+ against it. This action may be removed in one of the
+ next releases.
@@ -5285,13 +5121,9 @@ new action
This action is most appropriate for browsers that don't have any controls
for unwanted pop-ups. Not recommended for general usage.
-
-
@@ -5359,8 +5191,7 @@ new action
(https:// URLs) through proxies. It works very simply:
the proxy connects to the server on the specified port, and then
short-circuits its connections to the client and to the remote server.
- This can be a big security hole, since CONNECT-enabled proxies can be
- abused as TCP relays very easily.
+ This means CONNECT-enabled proxies can be used as TCP relays very easily.
Privoxy relays HTTPS traffic without seeing
@@ -7082,8 +6913,7 @@ stupid-server.example.com/
default.filter. It is recommended that any locally
defined or modified filters go in a separately defined file such as
user.filter.
-
-
+
Common tasks for content filters are to eliminate common annoyances in
@@ -9093,6 +8923,48 @@ In file: user.action [ View ][ Edit ][ View ][ Edit ][ View ][ Edit ][ View ][ Edit ][ View ][ Edit ]