X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=doc%2Fsource%2Fuser-manual.sgml;h=8008218c812d4d3f0ca2ee930d966687419ae27a;hp=86cd6ab8b3355f8184ee17a02e4a58818af9fff7;hb=d65b7df9b986c4de1014b6b1b237d678e7b59fa8;hpb=9c0ce8009481f44c6875902b11aded997f150bc6
diff --git a/doc/source/user-manual.sgml b/doc/source/user-manual.sgml
index 86cd6ab8..8008218c 100644
--- a/doc/source/user-manual.sgml
+++ b/doc/source/user-manual.sgml
@@ -13,11 +13,11 @@
-
-
+
+
-
-
+
+
@@ -30,15 +30,11 @@
Privoxy">
]>
- Copyright &my-copy; 2001-2013 by
- Privoxy Developers
+ Copyright &my-copy; 2001-2018 by
+ Privoxy Developers
-$Id: user-manual.sgml,v 2.178 2014/05/05 09:47:20 fabiankeil Exp $
-
@@ -101,14 +95,11 @@ Hal.
You can find the latest version of the Privoxy User Manual at http://www.privoxy.org/user-manual/.
+ url="https://www.privoxy.org/user-manual/">https://www.privoxy.org/user-manual/.
Please see the Contact section on how to
contact the developers.
-
-
-
@@ -162,7 +153,7 @@ Hal.
Privoxy is available both in convenient pre-compiled
packages for a wide range of operating systems, and as raw source code.
For most users, we recommend using the packages, which can be downloaded from our
- Privoxy Project
+ Privoxy Project
Page.
@@ -244,7 +235,6 @@ How to install the binary packages depends on your operating system:
system. Check that no Junkbuster
or Privoxy objects are in
your startup folder.
-
@@ -349,38 +339,163 @@ How to install the binary packages depends on your operating system:
Building from Source
- The most convenient way to obtain the Privoxy sources
- is to download the source tarball from our
- project download
- page.
-
-
-
- If you like to live on the bleeding edge and are not afraid of using
- possibly unstable development versions, you can check out the up-to-the-minute
- version directly from the
- CVS repository.
-
+ The most convenient way to obtain the Privoxy source
+ code is to download the source tarball from our
+
+ project download page,
+ or you can get the up-to-the-minute, possibly unstable, development version from
+ https://www.privoxy.org/.
&buildsource;
+
+ Windows
+
+ Setup
+
+ Install the Cygwin utilities needed to build Privoxy.
+ If you have a 64 bit CPU (which most people do by now), get the
+ Cygwin setup-x86_64.exe program here
+ (the .sig file is here).
+
+
+ Run the setup program and from View / Category select:
+
+
+ Devel
+ autoconf 2.5
+ automake 1.15
+ binutils
+ cmake
+ gcc-core
+ gcc-g++
+ git
+ make
+ mingw64-i686-gcc-core
+ mingw64-i686-zlib
+ Editors
+ vim
+ Libs
+ libxslt: GNOME XSLT library (runtime)
+ Net
+ curl
+ openssh
+ Text
+ docbook-dssl
+ docbook-sgml31
+ docbook-utils
+ openjade
+ Utils
+ gnupg
+ Web
+ w3m
+
+
+
+ If you haven't already downloaded the Privoxy source code, get it now:
+
+
+ mkdir <root-dir>
+ cd <root-dir>
+ git clone https://www.privoxy.org/git/privoxy.git
+
+
+
+ Get the source code (.zip or .tar.gz) for tidy from
+
+ https://github.com/htacg/tidy-html5/releases,
+ unzip into <root-dir> and build the software:
+
+
+ cd <root-dir>
+ cd tidy-html5-x.y.z/build/cmake
+ cmake ../.. -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIB:BOOL=OFF -DCMAKE_INSTALL_PREFIX=/usr/local
+ make && make install
+
+
+
+ If you want to be able to make a Windows release package, get the NSIS .zip file from
+
+
+ https://sourceforge.net/projects/nsis/files/NSIS%203/
+ and extract the NSIS directory to privoxy/windows.
+ Then edit the windows/GNUmakefile to set the location of the NSIS executable - eg:
+
+
+# Path to NSIS
+MAKENSIS = ./nsis/makensis.exe
+
+
+
+
+ Build
+
+
+ To build just the Privoxy executable and not the whole installation package, do:
+
+
+ cd <root-dir>/privoxy
+ ./windows/MYconfigure && make
+
+
+
+ Privoxy uses the GNU Autotools
+ for building software, so the process is:
+
+
+ $ autoheader # creates config.h.in
+ $ autoconf # uses config.h.in to create the configure shell script
+ $ ./configure [options] # creates GNUmakefile
+ $ make [options] # builds the program
+
+
+
+ The usual configure options for building a native Windows application under cygwin are
+
+
+
+ --host=i686-w64-mingw32
+ --enable-mingw32
+ --enable-zlib
+ --enable-static-linking
+ --disable-pthread
+ --disable-dynamic-pcre
+
+
+
+ You can set the CFLAGS and LDFLAGS envars before
+ running configure to set compiler and linker flags. For example:
+
+
+
+ $ export CFLAGS="-O2" # set gcc optimization level
+ $ export LDFLAGS="-Wl,--nxcompat" # Enable DEP
+ $ ./configure --host=i686-w64-mingw32 --enable-mingw32 --enable-zlib \
+ > --enable-static-linking --disable-pthread --disable-dynamic-pcre
+ $ make # build Privoxy
+
+
+
+ See the Developer's Manual
+ for building a Windows release package.
+
+
+
+
+
+
Keeping your Installation Up-to-Date
If you wish to receive an email notification whenever we release updates of
Privoxy or the actions file, subscribe
- to our announce mailing list, ijbswa-announce@lists.sourceforge.net.
+ url="https://lists.privoxy.org/mailman/listinfo/privoxy-announce">subscribe
+ to our announce mailing list, privoxy-announce@lists.privoxy.org.
@@ -415,7 +530,6 @@ How to install the binary packages depends on your operating system:
versions of Privoxy:
-
@@ -500,11 +614,9 @@ How to install the binary packages depends on your operating system:
that filtering does not work on compressed pages, so if you use, or want to
use, filtering, you will need to force compression off. Example:
-
{ +filter{google} +prevent-compression }
.google.
-
Or if you use a number of filters, or filter many sites, you may just want
to turn off compression for all sites in
@@ -532,14 +644,13 @@ How to install the binary packages depends on your operating system:
-->
-Quickstart to Using Privoxy
-
+
@@ -624,18 +735,6 @@ How to install the binary packages depends on your operating system:
-
-
Please see the section Contacting the
@@ -651,7 +750,6 @@ How to install the binary packages depends on your operating system:
-
@@ -728,7 +826,6 @@ How to install the binary packages depends on your operating system:
set-image-blocker:
-
@@ -803,7 +900,6 @@ How to install the binary packages depends on your operating system:
-
Advanced users will eventually want to explore &my-app;
@@ -849,7 +945,6 @@ How to install the binary packages depends on your operating system:
A quick and simple step by step example:
-
@@ -873,7 +968,6 @@ How to install the binary packages depends on your operating system:
- Actions Files in Use
@@ -884,7 +978,6 @@ How to install the binary packages depends on your operating system:
-
@@ -919,7 +1012,6 @@ How to install the binary packages depends on your operating system:
-
This is a very crude and simple example. There might be good reasons to use a
@@ -967,7 +1059,6 @@ How to install the binary packages depends on your operating system:
- Proxy Configuration Showing
Mozilla/Netscape HTTP and HTTPS (SSL) Settings
@@ -979,7 +1070,6 @@ How to install the binary packages depends on your operating system:
-
@@ -988,7 +1078,6 @@ How to install the binary packages depends on your operating system:
Tools -> Options -> Advanced -> Network ->Connection -> Settings
-
@@ -997,7 +1086,6 @@ How to install the binary packages depends on your operating system:
Edit -> Preferences -> General -> Connection Settings -> Manual Proxy Configuration
-
@@ -1011,7 +1099,6 @@ How to install the binary packages depends on your operating system:
Edit -> Preferences -> Advanced -> Proxies -> HTTP Proxy
-
@@ -1031,7 +1118,6 @@ How to install the binary packages depends on your operating system:
- Proxy Configuration Showing
Internet Explorer HTTP and HTTPS (Secure) Settings
@@ -1043,7 +1129,6 @@ How to install the binary packages depends on your operating system:
-
@@ -1071,11 +1156,30 @@ How to install the binary packages depends on your operating system:
/etc/privoxy/config as its main configuration
file.
-
# /etc/init.d/privoxy start
+
+
+
+FreeBSD and ElectroBSD
+
+ To start Privoxy upon booting, add
+ "privoxy_enable='YES'" to /etc/rc.conf.
+ Privoxy will use
+ /usr/local/etc/privoxy/config as its main
+ configuration file.
+
+
+ If you installed Privoxy into a jail, the
+ paths above are relative to the jail root.
+
+
+ To start Privoxy manually, run:
+
+ # service privoxy onestart
+
@@ -1097,14 +1201,18 @@ Click on the &my-app; Icon to start Privoxy. If no co
-Solaris, NetBSD, FreeBSD, HP-UX and others
+Generic instructions for Unix derivates (Solaris, NetBSD, HP-UX etc.)
Example Unix startup command:
-
- # /usr/sbin/privoxy /etc/privoxy/config
+ # /usr/sbin/privoxy --user privoxy /etc/privoxy/config
+
+ Note that if you installed Privoxy through
+ a package manager, the package will probably contain a platform-specific
+ script or configuration file to start Privoxy
+ upon boot.
@@ -1121,32 +1229,21 @@ Example Unix startup command:
Mac OS X
- After downloading the privoxy software, unzip the downloaded file by
- double-clicking on the zip file icon. Then, double-click on the
- installer package icon and follow the installation process.
-
-
- The privoxy service will automatically start after a successful
- installation. In addition, the privoxy service will automatically
- start every time your computer starts up.
-
-
- To prevent the privoxy service from automatically starting when your
- computer starts up, remove or rename the folder named
- /Library/StartupItems/Privoxy.
-
-
- A simple application named Privoxy Utility has been created which
- enables administrators to easily start and stop the privoxy service.
+ The privoxy service will automatically start after a successful installation
+ (and thereafter every time your computer starts up) however you will need to
+ configure your web browser(s) to use it. To do so, configure them to use a
+ proxy for HTTP and HTTPS at the address 127.0.0.1:8118.
- In addition, the Privoxy Utility presents a simple way for
- administrators to edit the various privoxy config files. A method
- to uninstall the software is also available.
+ To prevent the privoxy service from automatically starting when your computer
+ starts up, remove or rename the file /Library/LaunchDaemons/org.ijbswa.privoxy.plist
+ (on OS X 10.5 and higher) or the folder named
+ /Library/StartupItems/Privoxy (on OS X 10.4 'Tiger').
- An administrator username and password must be supplied in order for
- the Privoxy Utility to perform any of the tasks.
+ To manually start or stop the privoxy service, use the scripts startPrivoxy.sh
+ and stopPrivoxy.sh supplied in /Applications/Privoxy. They must be run from an
+ administrator account, using sudo.
@@ -1257,7 +1354,6 @@ must find a better place for this paragraph
command-line options:
-
@@ -1373,7 +1469,6 @@ must find a better place for this paragraph
-
On MS Windows only there are two additional
@@ -1402,7 +1497,7 @@ for details.
-
+Controlling Privoxy with Your Web BrowserPrivoxy's user interface can be reached through the special
@@ -1410,14 +1505,12 @@ for details.
(shortcut: http://p.p/),
which is a built-in page and works without Internet access.
You will see the following section:
-
-
+ Privoxy Menu
-
▪ View & change the current configuration
@@ -1436,7 +1529,7 @@ for details.
▪ Documentation
+ url="https://www.privoxy.org/&p-version;/user-manual/">Documentation
@@ -1458,10 +1551,7 @@ for details.
it as a test to see whether it is Privoxy
causing the problem or not. Privoxy continues
to run as a proxy in this case, but all manipulation is disabled, i.e.
- Privoxy acts like a normal forwarding proxy. There
- is even a toggle Bookmarklet offered, so
- that you can toggle Privoxy with one click from
- your browser.
+ Privoxy acts like a normal forwarding proxy.
@@ -1484,9 +1574,9 @@ for details.
Configuration Files Overview
- For Unix, *BSD and Linux, all configuration files are located in
- /etc/privoxy/ by default. For MS Windows, OS/2, and
- AmigaOS these are all in the same directory as the
+ For Unix, *BSD and GNU/Linux, all configuration files are located in
+ /etc/privoxy/ by default. For MS Windows and OS/2
+ these are all in the same directory as the
Privoxy executable.
@@ -1498,13 +1588,12 @@ for details.
principle configuration files are:
-
The main configuration file is named config
- on Linux, Unix, BSD, OS/2, and AmigaOS and config.txt
+ on GNU/Linux, Unix, BSD, and OS/2, and config.txt
on Windows. This is a required file.
@@ -1556,7 +1645,6 @@ for details.
-
The syntax of the configuration and filter files may change between different
@@ -1642,7 +1730,6 @@ for details.
are three action files included with Privoxy with
differing purposes:
-
@@ -1705,7 +1792,6 @@ for details.
The default profiles, and their associated actions, as pre-defined in
default.action are:
-
Default Configurations
@@ -1823,11 +1909,9 @@ for details.
-
-
The list of actions files to be used are defined in the main configuration
@@ -1870,7 +1954,7 @@ for details.
-
+Finding the Right Mix
Note that some actions, like cookie suppression
@@ -1895,7 +1979,7 @@ for details.
-
+How to Edit
The easiest way to edit the actions files is with a browser by
@@ -1951,14 +2035,12 @@ for details.
might look like:
-
{ +handle-as-image +block{Banner ads.} }
# Block these as if they were images. Send no block page.
banners.example.com
media.example.com/.*banners
.example.com/images/ads/
-
You can trace this process for URL patterns and any given URL by visiting
-The Path Pattern
+The Path PatternPrivoxy uses modern POSIX 1003.2
@@ -2278,7 +2360,7 @@ for details.
This regular expression is conditional so it will match any page
named index.html regardless of path which in this case can
have one or more /'s. And this one must contain exactly
- .html (but does not have to end with that!).
+ .html (and end with that!).
@@ -2290,6 +2372,7 @@ for details.
that contains any of the words ads, banner,
banners (because of the ?) or junk.
The path does not have to end in these words, just contain them.
+ The path has to contain at least two slashes (including the one at the beginning).
@@ -2316,18 +2399,18 @@ for details.
-The Tag Pattern
+The Request Tag Pattern
- Tag patterns are used to change the applying actions based on the
- request's tags. Tags can be created with either the
- client-header-tagger
+ Request tag patterns are used to change the applying actions based on the
+ request's tags. Tags can be created based on HTTP headers with either
+ the client-header-tagger
or the server-header-tagger action.
- Tag patterns have to start with TAG:, so &my-app;
- can tell them apart from URL patterns. Everything after the colon
+ Request tag patterns have to start with TAG:, so &my-app;
+ can tell them apart from other patterns. Everything after the colon
including white space, is interpreted as a regular expression with
path pattern syntax, except that tag patterns aren't left-anchored
automatically (&my-app; doesn't silently add a ^,
@@ -2343,15 +2426,15 @@ for details.
- Sections can contain URL and tag patterns at the same time,
- but tag patterns are checked after the URL patterns and thus
+ Sections can contain URL and request tag patterns at the same time,
+ but request tag patterns are checked after the URL patterns and thus
always overrule them, even if they are located before the URL patterns.
- Once a new tag is added, Privoxy checks right away if it's matched by one
- of the tag patterns and updates the action settings accordingly. As a result
- tags can be used to activate other tagger actions, as long as these other
+ Once a new request tag is added, Privoxy checks right away if it's matched by one
+ of the request tag patterns and updates the action settings accordingly. As a result
+ request tags can be used to activate other tagger actions, as long as these other
taggers look for headers that haven't already be parsed.
@@ -2376,21 +2459,78 @@ for details.
-The Negative Tag Patterns
+The Negative Request Tag Patterns
- To match requests that do not have a certain tag, specify a negative tag pattern
+ To match requests that do not have a certain request tag, specify a negative tag pattern
by prefixing the tag pattern line with either NO-REQUEST-TAG:
or NO-RESPONSE-TAG: instead of TAG:.
- Negative tag patterns created with NO-REQUEST-TAG: are checked
+ Negative request tag patterns created with NO-REQUEST-TAG: are checked
after all client headers are scanned, the ones created with NO-RESPONSE-TAG:
are checked after all server headers are scanned. In both cases all the created
tags are considered.
+
+
+
+The Client Tag Pattern
+
+
+
+
+
+ This is an experimental feature. The syntax is likely to change in future versions.
+
+
+
+
+ Client tag patterns are not set based on HTTP headers but based on
+ the client's IP address. Users can enable them themselves, but the
+ Privoxy admin controls which tags are available and what their effect
+ is.
+
+
+
+ After a client-specific tag has been defined with the
+ client-specific-tag,
+ directive, action sections can be activated based on the tag by using a
+ CLIENT-TAG pattern. The CLIENT-TAG pattern is evaluated at the same priority
+ as URL patterns, as a result the last matching pattern wins. Tags that
+ are created based on client or server headers are evaluated later on
+ and can overrule CLIENT-TAG and URL patterns!
+
+
+ The tag is set for all requests that come from clients that requested
+ it to be set. Note that "clients" are differentiated by IP address,
+ if the IP address changes the tag has to be requested again.
+
+
+ Clients can request tags to be set by using the CGI interface http://config.privoxy.org/client-tags.
+
+
+
+ Example:
+
+
+
+# If the admin defined the client-specific-tag circumvent-blocks,
+# and the request comes from a client that previously requested
+# the tag to be set, overrule all previous +block actions that
+# are enabled based on URL to CLIENT-TAG patterns.
+{-block}
+CLIENT-TAG:^circumvent-blocks$
+
+# This section is not overruled because it's located after
+# the previous one.
+{+block{Nobody is supposed to request this.}}
+example.org/blocked-example-page
+
@@ -2410,7 +2550,6 @@ for details.
following patterns, and -block means don't
block URLs that match the following patterns, even if +block
previously applied.
-
@@ -2426,18 +2565,15 @@ for details.
Actions fall into three categories:
-
Boolean, i.e the action can only be enabled or
disabled. Syntax:
-
+name # enable action name
-name # disable action name
-
Example: +handle-as-image
@@ -2449,12 +2585,10 @@ for details.
Parameterized, where some value is required in order to enable this type of action.
Syntax:
-
+name{param} # enable action and set parameter to param,
# overwriting parameter from previous match if necessary
-name # disable action. The parameter can be omitted
-
Note that if the URL matches multiple positive forms of a parameterized action,
the last match wins, i.e. the params from earlier matches are simply ignored.
@@ -2473,13 +2607,11 @@ for details.
that can be executed for the same request repeatedly, like adding multiple
headers, or filtering through multiple filters. Syntax:
-
+name{param} # enable action and add param to the list of parameters
-name{param} # remove the parameter param from the list of parameters
# If it was the last one left, disable the action.
-name # disable this action completely and remove all parameters from the list
-
Examples: +add-header{X-Fun-Header: Some text} and
+filter{html-annoyances}
@@ -2487,7 +2619,6 @@ for details.
-
If nothing is specified in any actions file, no actions are
@@ -2582,9 +2713,16 @@ for details.
Example usage:
-
- +add-header{X-User-Tracking: sucks}
-
+ # Add a DNT ("Do not track") header to all requests,
+# event to those that already have one.
+#
+# This is just an example, not a recommendation.
+#
+# There is no reason to believe that user-tracking websites care
+# about the DNT header and depending on the User-Agent, adding the
+# header may make user-tracking easier.
+{+add-header{DNT: 1}}
+/
@@ -2673,7 +2811,6 @@ for details.
Example usage (section):
- {+block{No nasty stuff for you.}}
# Block and replace with "blocked" page
.nasty-stuff.example.com
@@ -2686,7 +2823,6 @@ for details.
{+block{Layered ads.} +handle-as-empty-document}
# Block and then ignore
adserver.example.net/.*\.js$
-
@@ -2757,9 +2893,7 @@ for details.
Example usage:
- +change-x-forwarded-for{block}
-
@@ -2793,7 +2927,7 @@ for details.
Type:
- Parameterized.
+ Multi-value.
@@ -2837,13 +2971,11 @@ for details.
Example usage (section):
-
# Hide Tor exit notation in Host and Referer Headers
{+client-header-filter{hide-tor-exit-notation}}
/
-
-
+
@@ -2880,7 +3012,7 @@ for details.
Type:
- Parameterized.
+ Multi-value.
@@ -2912,7 +3044,6 @@ for details.
Example usage (section):
-
# Tag every request with the User-Agent header
{+client-header-tagger{user-agent}}
@@ -2936,9 +3067,8 @@ TAG:^User-Agent: RPM APT-HTTP/
TAG:^User-Agent: fetch libfetch/
TAG:^User-Agent: Ubuntu APT-HTTP/
TAG:^User-Agent: MPlayer/
-
-
-
+
+
# Tag all requests with the Range header set
{+client-header-tagger{range-requests}}
@@ -2952,8 +3082,21 @@ TAG:^User-Agent: MPlayer/
# parts of multimedia files.
{-filter -deanimate-gifs}
TAG:^RANGE-REQUEST$
-
-
+
+
+
+# Tag all requests with the client IP address
+#
+# (Technically the client IP address isn't included in the
+# client headers but client-header taggers can set it anyway.
+# For details see the tagger in default.filter)
+{+client-header-tagger{client-ip-address}}
+/
+
+# Change forwarding settings for requests coming from address 10.0.0.1
+{+forward-override{forward-socks5 127.0.1.2:2222 .}}
+TAG:^IP-ADDRESS: 10\.0\.0\.1$
+
@@ -3053,7 +3196,6 @@ TAG:^RANGE-REQUEST$
Example usage (sections):
- # Check if www.example.net/ really uses valid XHTML
{ +content-type-overwrite{application/xml} }
www.example.net/
@@ -3063,7 +3205,6 @@ www.example.net/
www.example.net/.*\.css$
www.example.net/.*style
-
@@ -3142,12 +3283,10 @@ new action
Example usage (section):
- # Block the non-existent "Privacy-Violation:" client header
{ +crunch-client-header{Privacy-Violation:} }
/
-
-
+
@@ -3224,14 +3363,13 @@ new action
Example usage (section):
- # Let the browser revalidate cached documents but don't
# allow the server to use the revalidation headers for user tracking.
{+hide-if-modified-since{-60} \
+overwrite-last-modified{randomize} \
+crunch-if-none-match}
-/
-
+/
+
@@ -3299,9 +3437,7 @@ new action
Example usage:
- +crunch-incoming-cookies
-
@@ -3378,11 +3514,10 @@ new action
Example usage (section):
- # Crunch server headers that try to prevent caching
{ +crunch-server-header{no-cache} }
-/
-
+/
+
@@ -3449,9 +3584,7 @@ new action
Example usage:
- +crunch-outgoing-cookies
-
@@ -3519,9 +3652,7 @@ new action
Example usage:
- +deanimate-gifs{last}
-
@@ -3591,13 +3722,97 @@ new action
Example usage (section):
- {+downgrade-http-version}
problem-host.example.com
+
+
+
+
+
+
+
+
+external-filter
+
+
+
+ Typical use:
+
+ Modify content using a programming language of your choice.
+
+
+
+
+ Effect:
+
+
+ All instances of text-based type, most notably HTML and JavaScript, to which
+ this action applies, can be filtered on-the-fly through the specified external
+ filter.
+ By default plain text documents are exempted from filtering, because web
+ servers often use the text/plain MIME type for all files
+ whose type they don't know.)
+
+
+
+
+
+ Type:
+
+
+ Multi-value.
+
+
+
+
+ Parameter:
+
+
+ The name of an external content filter, as defined in the
+ filter file.
+ External filters can be defined in one or more files as defined by the
+ filterfile
+ option in the config file.
+
+
+ When used in its negative form,
+ and without parameters, all filtering with external
+ filters is completely disabled.
+
+
+
+
+
+ Notes:
+
+
+ External filters are scripts or programs that can modify the content in
+ case common filters
+ aren't powerful enough. With the exception that this action doesn't
+ use pcrs-based filters, the notes in the
+ filter section apply.
+
+
+
+ Currently external filters are executed with &my-app;'s privileges.
+ Only use external filters you understand and trust.
+
+
+ This feature is experimental, the syntax
+ may change in the future.
+
+
+
+ Example usage:
+
+ +external-filter{fancy-filter}
+
+
@@ -3710,14 +3925,12 @@ problem-host.example.com
Example usage:
-
{ +fast-redirects{simple-check} }
one.example.com
{ +fast-redirects{check-decoded-url} }
another.example.com/testing
-
@@ -3755,7 +3968,7 @@ problem-host.example.com
Type:
- Parameterized.
+ Multi-value.
@@ -3859,112 +4072,112 @@ problem-host.example.com
- +filter{js-annoyances} # Get rid of particularly annoying JavaScript abuse.
+ +filter{js-annoyances} # Get rid of particularly annoying JavaScript abuse.
- +filter{js-events} # Kill JavaScript event bindings and timers (Radically destructive! Only for extra nasty sites).
+ +filter{js-events} # Kill JavaScript event bindings and timers (Radically destructive! Only for extra nasty sites).
- +filter{html-annoyances} # Get rid of particularly annoying HTML abuse.
+ +filter{html-annoyances} # Get rid of particularly annoying HTML abuse.
- +filter{content-cookies} # Kill cookies that come in the HTML or JS content.
+ +filter{content-cookies} # Kill cookies that come in the HTML or JS content.
- +filter{refresh-tags} # Kill automatic refresh tags if refresh time is larger than 9 seconds.
+ +filter{refresh-tags} # Kill automatic refresh tags if refresh time is larger than 9 seconds.
- +filter{unsolicited-popups} # Disable only unsolicited pop-up windows.
+ +filter{unsolicited-popups} # Disable only unsolicited pop-up windows.
- +filter{all-popups} # Kill all popups in JavaScript and HTML.
+ +filter{all-popups} # Kill all popups in JavaScript and HTML.
- +filter{img-reorder} # Reorder attributes in <img> tags to make the banners-by-* filters more effective.
+ +filter{img-reorder} # Reorder attributes in <img> tags to make the banners-by-* filters more effective.
- +filter{banners-by-size} # Kill banners by size.
+ +filter{banners-by-size} # Kill banners by size.
- +filter{banners-by-link} # Kill banners by their links to known clicktrackers.
+ +filter{banners-by-link} # Kill banners by their links to known clicktrackers.
- +filter{webbugs} # Squish WebBugs (1x1 invisible GIFs used for user tracking).
+ +filter{webbugs} # Squish WebBugs (1x1 invisible GIFs used for user tracking).
- +filter{tiny-textforms} # Extend those tiny textareas up to 40x80 and kill the hard wrap.
+ +filter{tiny-textforms} # Extend those tiny textareas up to 40x80 and kill the hard wrap.
- +filter{jumping-windows} # Prevent windows from resizing and moving themselves.
+ +filter{jumping-windows} # Prevent windows from resizing and moving themselves.
- +filter{frameset-borders} # Give frames a border and make them resizable.
+ +filter{frameset-borders} # Give frames a border and make them resizable.
- +filter{iframes} # Removes all detected iframes. Should only be enabled for individual sites.
+ +filter{iframes} # Removes all detected iframes. Should only be enabled for individual sites.
- +filter{demoronizer} # Fix MS's non-standard use of standard charsets.
+ +filter{demoronizer} # Fix MS's non-standard use of standard charsets.
- +filter{shockwave-flash} # Kill embedded Shockwave Flash objects.
+ +filter{shockwave-flash} # Kill embedded Shockwave Flash objects.
- +filter{quicktime-kioskmode} # Make Quicktime movies saveable.
+ +filter{quicktime-kioskmode} # Make Quicktime movies saveable.
- +filter{fun} # Text replacements for subversive browsing fun!
+ +filter{fun} # Text replacements for subversive browsing fun!
- +filter{crude-parental} # Crude parental filtering. Note that this filter doesn't work reliably.
+ +filter{crude-parental} # Crude parental filtering. Note that this filter doesn't work reliably.
- +filter{ie-exploits} # Disable some known Internet Explorer bug exploits.
+ +filter{ie-exploits} # Disable some known Internet Explorer bug exploits.
- +filter{site-specifics} # Cure for site-specific problems. Don't apply generally!
+ +filter{site-specifics} # Cure for site-specific problems. Don't apply generally!
- +filter{no-ping} # Removes non-standard ping attributes in <a> and <area> tags.
+ +filter{no-ping} # Removes non-standard ping attributes in <a> and <area> tags.
- +filter{google} # CSS-based block for Google text ads. Also removes a width limitation and the toolbar advertisement.
+ +filter{google} # CSS-based block for Google text ads. Also removes a width limitation and the toolbar advertisement.
- +filter{yahoo} # CSS-based block for Yahoo text ads. Also removes a width limitation.
+ +filter{yahoo} # CSS-based block for Yahoo text ads. Also removes a width limitation.
- +filter{msn} # CSS-based block for MSN text ads. Also removes tracking URLs and a width limitation.
+ +filter{msn} # CSS-based block for MSN text ads. Also removes tracking URLs and a width limitation.
- +filter{blogspot} # Cleans up some Blogspot blogs. Read the fine print before using this.
+ +filter{blogspot} # Cleans up some Blogspot blogs. Read the fine print before using this.
@@ -4034,11 +4247,9 @@ new action
Example usage:
-
+force-text-mode
-
-
+
@@ -4072,7 +4283,7 @@ new action
Type:
- Multi-value.
+ Parameterized.
@@ -4105,6 +4316,32 @@ new action
for socks5 connections (with remote DNS resolution).
+
+
+ forward-webserver 127.0.0.1:80 to use the HTTP
+ server listening at 127.0.0.1 port 80 without adjusting the
+ request headers.
+
+
+ This makes it more convenient to use Privoxy to make
+ existing websites available as onion services as well.
+
+
+ Many websites serve content with hardcoded URLs and
+ can't be easily adjusted to change the domain based
+ on the one used by the client.
+
+
+ Putting Privoxy between Tor and the webserver (or an stunnel
+ that forwards to the webserver) allows to rewrite headers and
+ content to make client and server happy at the same time.
+
+
+ Using Privoxy for webservers that are only reachable through
+ onion addresses and whose location is supposed to be secret
+ is not recommended and should not be necessary anyway.
+
+
@@ -4127,7 +4364,8 @@ new action
If the ports are missing or invalid, default values will be used. This might change
in the future and you shouldn't rely on it. Otherwise incorrect syntax causes Privoxy
- to exit.
+ to exit. Due to design limitations, invalid parameter syntax isn't detected until the
+ action is used the first time.
Use the show-url-info CGI page
@@ -4140,23 +4378,23 @@ new action
Example usage:
-
-# Always use direct connections for requests previously tagged as
+# Use an ssh tunnel for requests previously tagged as
# User-Agent: fetch libfetch/2.0 and make sure
# resuming downloads continues to work.
+#
# This way you can continue to use Tor for your normal browsing,
# without overloading the Tor network with your FreeBSD ports updates
# or downloads of bigger files like ISOs.
+#
# Note that HTTP headers are easy to fake and therefore their
# values are as (un)trustworthy as your clients and users.
-{+forward-override{forward .} \
+{+forward-override{forward-socks5 10.0.0.2:2222 .} \
-hide-if-modified-since \
-overwrite-last-modified \
}
TAG:^User-Agent: fetch libfetch/2\.0$
-
-
+
@@ -4228,13 +4466,11 @@ new action
Example usage:
- # Block all documents on example.org that end with ".js",
# but send an empty document instead of the usual HTML message.
{+block{Blocked JavaScript} +handle-as-empty-document}
example.org/.*\.js$
-
-
+
@@ -4309,7 +4545,6 @@ example.org/.*\.js$
Example usage (sections):
- # Generic image extensions:
#
{+handle-as-image}
@@ -4321,7 +4556,6 @@ example.org/.*\.js$
{+block{Nasty banners.} +handle-as-image}
nasty-banner-server.example.com/junk.cgi\?output=trash
-
@@ -4401,13 +4635,12 @@ new action
Example usage (section):
- # Pretend to use Canadian language settings.
{+hide-accept-language{en-ca} \
+hide-user-agent{Mozilla/5.0 (X11; U; OpenBSD i386; en-CA; rv:1.8.0.4) Gecko/20060628 Firefox/1.5.0.4} \
}
-/
-
+/
+
@@ -4491,13 +4724,11 @@ new action
Example usage:
- # Disarm the download link in Sourceforge's patch tracker
{ -filter \
+content-type-overwrite{text/plain}\
+hide-content-disposition{block} }
.sourceforge.net/tracker/download\.php
-
@@ -4580,13 +4811,11 @@ new action
Example usage (section):
- # Let the browser revalidate but make tracking based on the time less likely.
{+hide-if-modified-since{-60} \
+overwrite-last-modified{randomize} \
+crunch-if-none-match}
/
-
@@ -4655,10 +4884,9 @@ new action
Example usage:
-
- +hide-from-header{block} or
+ +hide-from-header{block}
+ or+hide-from-header{spam-me-senseless@sittingduck.example.com}
-
@@ -4759,10 +4987,9 @@ new action
Example usage:
-
- +hide-referrer{forge} or
+ +hide-referrer{forge}
+ or+hide-referrer{http://www.yahoo.com/}
-
@@ -4841,9 +5068,7 @@ new action
Example usage:
- +hide-user-agent{Netscape 6.1 (X11; I; Linux 2.4.18 i686)}
-
@@ -4919,13 +5144,11 @@ new action
- +limit-connect{443} # Port 443 is OK.
+limit-connect{80,443} # Ports 80 and 443 are OK.
+limit-connect{-3, 7, 20-100, 500-} # Ports less than 3, 7, 20 to 100 and above 500 are OK.
+limit-connect{-} # All ports are OK
+limit-connect{,} # No HTTPS/SSL traffic is allowed
-
@@ -5010,10 +5233,7 @@ new action
Example usages:
-
- +limit-cookie-lifetime{60}
-
-
+ +limit-cookie-lifetime{60}
@@ -5099,7 +5319,6 @@ new action
Example usage (sections):
-
# Selectively turn off compression, and enable a filter
#
@@ -5118,7 +5337,6 @@ new action
#
{ -prevent-compression }
.compusa.com/
-
@@ -5210,13 +5428,11 @@ new action
Example usage:
- # Let the browser revalidate without being tracked across sessions
{ +hide-if-modified-since{-60} \
+overwrite-last-modified{randomize} \
+crunch-if-none-match}
/
-
@@ -5280,9 +5496,15 @@ new action
filter file section.
- This action will be ignored if you use it together with
- block.
- It can be combined with
+ Requests can't be blocked and redirected at the same time,
+ applying this action together with
+ block
+ is a configuration error. Currently the request is blocked
+ and an error message logged, the behavior may change in the
+ future and result in Privoxy rejecting the action file.
+
+
+ This action can be combined with
fast-redirects{check-decoded-url}
to redirect to a decoded version of a rewritten URL.
@@ -5301,14 +5523,13 @@ new action
Example usages:
- # Replace example.com's style sheet with another one
{ +redirect{http://localhost/css-replacements/example.com.css} }
example.com/stylesheet\.css
# Create a short, easy to remember nickname for a favorite site
# (relies on the browser to accept and forward invalid URLs to &my-app;)
-{ +redirect{http://www.privoxy.org/user-manual/actions-file.html} }
+{ +redirect{https://www.privoxy.org/user-manual/actions-file.html} }
a
# Always use the expanded view for Undeadly.org articles
@@ -5325,11 +5546,23 @@ undeadly.org/cgi\?action=article&sid=\d*$
{+redirect{s@^http://[^/]*/results\.aspx\?q=([^&]*).*@http://search.yahoo.com/search?p=$1@}}
search.msn.com//results\.aspx\?q=
+# Redirect http://example.com/&bla=fasel&toChange=foo (and any other value but "bar")
+# to http://example.com/&bla=fasel&toChange=bar
+#
+# The URL pattern makes sure that the following request isn't redirected again.
+{+redirect{s@toChange=[^&]+@toChange=bar@}}
+example.com/.*toChange=(?!bar)
+
+# Add a shortcut to look up illumos bugs
+{+redirect{s@^http://i([0-9]+)/.*@https://www.illumos.org/issues/$1@}}
+# Redirected URL = http://i4974/
+# Redirect Destination = https://www.illumos.org/issues/4974
+i[0-9][0-9][0-9][0-9]*/
+
# Redirect remote requests for this manual
# to the local version delivered by Privoxy
{+redirect{s@^http://www@http://config@}}
www.privoxy.org/user-manual/
-
@@ -5365,7 +5598,7 @@ www.privoxy.org/user-manual/
Type:
- Parameterized.
+ Multi-value.
@@ -5403,15 +5636,13 @@ www.privoxy.org/user-manual/
Example usage (section):
-
{+server-header-filter{html-to-xml}}
example.org/xml-instance-that-is-delivered-as-html
{+server-header-filter{xml-to-html}}
example.org/instance-that-is-delivered-as-xml-but-is-not
-
-
+
@@ -5448,7 +5679,7 @@ example.org/instance-that-is-delivered-as-xml-but-is-not
Type:
- Parameterized.
+ Multi-value.
@@ -5488,13 +5719,19 @@ example.org/instance-that-is-delivered-as-xml-but-is-not
Example usage (section):
-
# Tag every request with the content type declared by the server
{+server-header-tagger{content-type}}
/
-
-
+
+# If the response has a tag starting with 'image/' enable an external
+# filter that only applies to images.
+#
+# Note that the filter is not available by default, it's just a
+# silly example.
+{+external-filter{rotate-image} +force-text-mode}
+TAG:^image/
+
@@ -5587,9 +5824,7 @@ example.org/instance-that-is-delivered-as-xml-but-is-not
Example usage:
- +session-cookies-only
-
@@ -5689,21 +5924,15 @@ example.org/instance-that-is-delivered-as-xml-but-is-not
Built-in pattern:
- +set-image-blocker{pattern}
-
Redirect to the BSD daemon:
- +set-image-blocker{http://www.freebsd.org/gifs/dae_up3.gif}
-
Redirect to the built-in pattern for better caching:
- +set-image-blocker{http://config.privoxy.org/send-banner?type=pattern}
-
@@ -5711,7 +5940,7 @@ example.org/instance-that-is-delivered-as-xml-but-is-not
-
+Summary
Note that many of these actions have the potential to cause a page to
@@ -5770,7 +5999,6 @@ example.org/instance-that-is-delivered-as-xml-but-is-not
Now let's define some aliases...
-
# Useful custom aliases we can use later.
#
@@ -5798,7 +6026,6 @@ example.org/instance-that-is-delivered-as-xml-but-is-not
#
c0 = +crunch-all-cookies
c1 = -crunch-all-cookies
-
...and put them to use. These sections would appear in the lower part of an
@@ -5806,7 +6033,6 @@ example.org/instance-that-is-delivered-as-xml-but-is-not
up for the / pattern):
-
# These sites are either very complex or very keen on
# user data and require minimal interference to work:
@@ -5830,7 +6056,6 @@ example.org/instance-that-is-delivered-as-xml-but-is-not
{-filter{all-popups} -filter{unsolicited-popups}}
.dabs.com
.overclockers.co.uk
-
Aliases like shop and fragile are typically used for
@@ -5854,7 +6079,7 @@ hal stop here
and user.action file and see how all these pieces come together:
-
+match-all.action
Remember all actions are disabled when matching starts,
@@ -5881,7 +6106,6 @@ hal stop here
multiple lines with line continuation.
-
{ \
+change-x-forwarded-for{block} \
@@ -5889,15 +6113,14 @@ hal stop here
+set-image-blocker{pattern} \
}
/ # Match all URLs
-
-
+
The default behavior is now set.
-
+default.action
@@ -5917,14 +6140,12 @@ hal stop here
that prevents older &my-app; versions from reading the file:
-
##########################################################################
# Settings -- Don't change! For internal Privoxy use ONLY.
##########################################################################
{{settings}}
for-privoxy-version=3.0.11
-
After that comes the (optional) alias section. We'll use the example
@@ -5932,7 +6153,6 @@ for-privoxy-version=3.0.11
that also explains why and how aliases are used:
-
##########################################################################
# Aliases
@@ -5952,18 +6172,16 @@ for-privoxy-version=3.0.11
#
fragile = -block -filter -crunch-all-cookies -fast-redirects -hide-referrer
shop = -crunch-all-cookies -filter{all-popups}
-
The first of our specialized sections is concerned with fragile
sites, i.e. sites that require minimum interference, because they are either
very complex or very keen on tracking you (and have mechanisms in place that
- make them unusable for people who avoid being tracked). We will simply use
+ make them unusable for people who avoid being tracked). We will use
our pre-defined fragile alias instead of stating the list
of actions explicitly:
-
##########################################################################
# Exceptions for sites that'll break under the default action set:
@@ -5975,7 +6193,6 @@ for-privoxy-version=3.0.11
.office.microsoft.com # surprise, surprise!
.windowsupdate.microsoft.com
mail.google.com
-
Shopping sites are not as fragile, but they typically
@@ -5983,7 +6200,6 @@ mail.google.com
carts or item details. Again, we'll use a pre-defined alias:
-
# Shopping sites:
#
@@ -5992,7 +6208,6 @@ mail.google.com
.worldpay.com # for quietpc.com
.jungle.com
.scan.co.uk
-
The fast-redirects
@@ -6000,7 +6215,6 @@ mail.google.com
breaks some sites. So disable it for popular sites where we know it misbehaves:
-
{ -fast-redirects }
login.yahoo.com
@@ -6009,7 +6223,6 @@ edit.*.yahoo.com
.altavista.com/.*(like|url|link):http
.altavista.com/trans.*urltext=http
.nytimes.com
-
It is important that Privoxy knows which
@@ -6024,7 +6237,6 @@ edit.*.yahoo.com
good start:
-
##########################################################################
# Images:
@@ -6035,7 +6247,6 @@ edit.*.yahoo.com
#
{ +handle-as-image }
/.*\.(gif|jpe?g|png|bmp|ico)$
-
And then there are known banner sources. They often use scripts to
@@ -6052,7 +6263,6 @@ edit.*.yahoo.com
action before, it still applies and needn't be repeated:
-
# Known ad generators:
#
@@ -6064,7 +6274,6 @@ ar.atwola.com
.a[0-9].yimg.com/(?:(?!/i/).)*$
bs*.gsanet.com
.qkimg.net
-
One of the most important jobs of Privoxy
@@ -6084,7 +6293,6 @@ bs*.gsanet.com
to keep the example short:
-
##########################################################################
# Block these fine banners:
@@ -6103,12 +6311,11 @@ count*.
# Site-specific patterns (abbreviated):
#
.hitbox.com
-
It's quite remarkable how many advertisers actually call their banner
servers ads.company.com, or call the directory
- in which the banners are stored simply banners. So the above
+ in which the banners are stored literally banners. So the above
generic patterns are surprisingly effective.
@@ -6133,7 +6340,6 @@ count*.
with no block action applying.
-
##########################################################################
# Save some innocent victims of the above generic block patterns:
@@ -6157,7 +6363,6 @@ ad[ud]*. # (adult.* and add.*)
#
www.globalintersec.com/adv # (adv = advanced)
www.ugu.com/sui/ugu/adv
-
Filtering source code can have nasty side effects,
@@ -6167,7 +6372,6 @@ www.ugu.com/sui/ugu/adv
disables all filters in one fell swoop!
-
# Don't filter code!
#
@@ -6177,7 +6381,6 @@ bugzilla.
developer.
wiki.
.sourceforge.net
-
The actual default.action is of course much more
@@ -6186,7 +6389,7 @@ wiki.
-user.action
+user.action
So far we are painting with a broad brush by setting general policies,
@@ -6211,10 +6414,8 @@ wiki.
-
# My user.action file. <fred@example.com>
-
As aliases are local to the actions
@@ -6222,7 +6423,6 @@ wiki.
default.action, unless you repeat them here:
-
# Aliases are local to the file they are defined in.
# (Re-)define aliases for this file:
@@ -6253,8 +6453,6 @@ allow-ads = -block -filter{banners-by-size} -filter{banners-by-link}
# MIME types. We want the browser to force these to be text documents.
handle-as-text = -filter +-content-type-overwrite{text/plain} +-force-text-mode -hide-content-disposition
-
-
Say you have accounts on some sites that you visit regularly, and
you don't want to have to log in manually each time. So you'd like
@@ -6264,30 +6462,25 @@ handle-as-text = -filter +-filter }
.your-home-banking-site.com
-
Some file types you may not want to filter for various reasons:
-
# Technical documentation is likely to contain strings that might
# erroneously get altered by the JavaScript-oriented filters:
@@ -6299,7 +6492,6 @@ handle-as-text = -filter +-block action. Say you've
@@ -6312,12 +6504,10 @@ stupid-server.example.com/
in default.action anyway:
-
{ +block{Nasty ads.} }
www.example.com/nasty-ads/sponsor\.gif
another.example.net/more/junk/here/
-
The URLs of dynamically generated banners, especially from large banner
@@ -6331,14 +6521,12 @@ stupid-server.example.com/
browser. Use cautiously.
-
{ +block-as-image }
.doubleclick.net
.fastclick.net
/Realmedia/ads/
ar.atwola.com/
-
Now you noticed that the default configuration breaks Forbes Magazine,
@@ -6352,13 +6540,11 @@ stupid-server.example.com/
that misbehave, and add those to our personalized list of troublemakers:
-
{ fragile }
.forbes.com
webmail.example.com
.mybank.com
-
You like the fun text replacements in default.filter,
@@ -6367,11 +6553,9 @@ stupid-server.example.com/
update-safe config, once and for all:
-
{ +filter{fun} }
/ # For ALL sites!
-
Note that the above is not really a good idea: There are exceptions
@@ -6388,13 +6572,11 @@ stupid-server.example.com/
sites that you feel provide value to you:
-
{ allow-ads }
.sourceforge.net
.slashdot.org
.osdn.net
-
Note that allow-ads has been aliased to
@@ -6410,11 +6592,9 @@ stupid-server.example.com/
it should I choose to.
-
{ handle-as-text }
/.*\.sh$
-user.action is generally the best place to define
@@ -6426,11 +6606,9 @@ stupid-server.example.com/
paths and patterns:
-
{ +set-image-blocker{blank} }
/ # ALL sites
-
@@ -6453,7 +6631,7 @@ stupid-server.example.com/
- &my-app; supports three different filter actions:
+ &my-app; supports three different pcrs-based filter actions:
filter to
rewrite the content that is send to the client,
client-header-filter
@@ -6473,6 +6651,13 @@ stupid-server.example.com/
applying actions through sections with tag-patterns.
+
+ Finally &my-app; supports the
+ external-filter action
+ to enable external filters
+ written in proper programming languages.
+
+
Multiple filter files can be defined through the
like this:
-FILTER: foo Replace all "foo" with "bar"
-
Below that line, and up to the next header line, come the jobs that
@@ -6545,9 +6728,37 @@ stupid-server.example.com/
in a syntax that imitates Perl's
s/// operator. If you are familiar with Perl, you
will find this to be quite intuitive, and may want to look at the
- PCRS documentation for the subtle differences to Perl behaviour. Most
- notably, the non-standard option letter U is supported,
- which turns the default to ungreedy matching.
+ PCRS documentation for the subtle differences to Perl behaviour.
+
+
+
+ Most notably, the non-standard option letter U is supported,
+ which turns the default to ungreedy matching (add ? to
+ quantifiers to turn them greedy again).
+
+
+
+ The non-standard option letter D (dynamic) allows
+ to use the variables $host, $origin (the IP address the request came from),
+ $path, $url and $listen-address (the address on which Privoxy accepted the
+ client request. Example: 127.0.0.1:8118).
+ They will be replaced with the value they refer to before the filter
+ is executed.
+
+
+
+ Note that '$' is a bad choice for a delimiter in a dynamic filter as you
+ might end up with unintended variables if you use a variable name
+ directly after the delimiter. Variables will be resolved without
+ escaping anything, therefore you also have to be careful not to chose
+ delimiters that appear in the replacement text. For example '<' should
+ be save, while '?' will sooner or later cause conflicts with $url.
+
+
+
+ The non-standard option letter T (trivial) prevents
+ parsing for backreferences in the substitute. Use it if you want to include
+ text like '$&' in your substitute without quoting.
@@ -6567,7 +6778,7 @@ stupid-server.example.com/
-Filter File Tutorial
+Filter File Tutorial
Now, let's complete our foo content filter. We have already defined
the heading, but the jobs are still missing. Since all it does is to replace
@@ -6575,9 +6786,7 @@ stupid-server.example.com/
needed:
-s/foo/bar/
-
But wait! Didn't the comment say that all occurrences
@@ -6586,17 +6795,14 @@ stupid-server.example.com/
we'll need to add the g option:
-s/foo/bar/g
-
Our complete filter now looks like this:
-
+
FILTER: foo Replace all "foo" with "bar"
s/foo/bar/g
-
Let's look at some real filters for more interesting examples. Here you see
@@ -6605,14 +6811,12 @@ s/foo/bar/g
-
FILTER: js-annoyances Get rid of particularly annoying JavaScript abuse
# Get rid of JavaScript referrer tracking. Test page: http://www.randomoddness.com/untitled.htm
#
s|(<script.*)document\.referrer(.*</script>)|$1"Not Your Business!"$2|Usg
-
Following the header line and a comment, you see the job. Note that it uses
@@ -6694,12 +6898,10 @@ s|(<script.*)document\.referrer(.*</script>)|$1"Not Your Business!"$2|U
this time only point out the constructs of special interest:
-
# The status bar is for displaying link targets, not pointless blahblah
#
s/window\.status\s*=\s*(['"]).*?\1/dUmMy=1/ig
-\s stands for whitespace characters (space, tab, newline,
@@ -6722,12 +6924,10 @@ s/window\.status\s*=\s*(['"]).*?\1/dUmMy=1/ig
you move your mouse over links.
-
# Kill OnUnload popups. Yummy. Test: http://www.zdnet.com/zdsubs/yahoo/tree/yfs.html
#
s/(<body [^>]*)onunload(.*>)/$1never$2/iU
-
Including the
@@ -6748,14 +6948,12 @@ s/(<body [^>]*)onunload(.*>)/$1never$2/iU
The last example is from the fun department:
-
FILTER: fun Fun text replacements
# Spice the daily news:
#
s/microsoft(?!\.com)/MicroSuck/ig
-
Note the (?!\.com) part (a so-called negative lookahead)
@@ -6765,7 +6963,6 @@ s/microsoft(?!\.com)/MicroSuck/ig
still replacing the word everywhere else.
-
# Buzzword Bingo (example for extended regex syntax)
#
@@ -6781,7 +6978,6 @@ s* industry[ -]leading \
| unrivalled \
*<font color="red"><b>BINGO!</b></font> \
*igx
-
The x option in this job turns on extended syntax, and allows for
@@ -6816,6 +7012,7 @@ pre-defined filters for your convenience:
The purpose of this filter is to get rid of particularly annoying JavaScript abuse.
To that end, it
+
@@ -6839,7 +7036,6 @@ pre-defined filters for your convenience:
-
Use with caution. This is an aggressive filter, and can break sites that
rely heavily on JavaScript.
@@ -7264,6 +7460,78 @@ pre-defined filters for your convenience:
+
+
+External filter syntax
+
+ External filters are scripts or programs that can modify the content in
+ case common filters
+ aren't powerful enough.
+
+
+ External filters can be written in any language the platform &my-app; runs
+ on supports.
+
+
+ They are controlled with the
+ external-filter action
+ and have to be defined in the filterfile
+ first.
+
+
+ The header looks like any other filter, but instead of pcrs jobs, external
+ filters contain a single job which can be a program or a shell script (which
+ may call other scripts or programs).
+
+
+ External filters read the content from STDIN and write the rewritten
+ content to STDOUT.
+ The environment variables PRIVOXY_URL, PRIVOXY_PATH, PRIVOXY_HOST,
+ PRIVOXY_ORIGIN, PRIVOXY_LISTEN_ADDRESS can be used to get some details
+ about the client request.
+
+
+ &my-app; will temporary store the content to filter in the
+ temporary-directory.
+
+
+
+EXTERNAL-FILTER: cat Pointless example filter that doesn't actually modify the content
+/bin/cat
+
+# Incorrect reimplementation of the filter above in POSIX shell.
+#
+# Note that it's a single job that spans multiple lines, the line
+# breaks are not passed to the shell, thus the semicolons are required.
+#
+# If the script isn't trivial, it is recommended to put it into an external file.
+#
+# In general, writing external filters entirely in POSIX shell is not
+# considered a good idea.
+EXTERNAL-FILTER: cat2 Pointless example filter that despite its name may actually modify the content
+while read line; \
+do \
+ echo "$line"; \
+done
+
+EXTERNAL-FILTER: rotate-image Rotate an image by 180 degree. Test filter with limited value.
+/usr/local/bin/convert - -rotate 180 -
+
+EXTERNAL-FILTER: citation-needed Adds a "[citation needed]" tag to an image. The coordinates may need adjustment.
+/usr/local/bin/convert - -pointsize 16 -fill white -annotate +17+418 "[citation needed]" -
+
+
+
+
+ Currently external filters are executed with &my-app;'s privileges!
+ Only use external filters you understand and trust.
+
+
+
+ External filters are experimental and the syntax may change in the future.
+
+
+
@@ -7324,14 +7592,12 @@ pre-defined filters for your convenience:
is in an alpha or beta development stage:
-
<!-- @if-unstable-start -->
... beta warning HTML code goes here ...
<!-- if-unstable-end@ -->
-
If the "unstable" symbol is set, everything in between and including
@@ -7339,9 +7605,7 @@ pre-defined filters for your convenience:
will disappear, leaving nothing but an empty comment:
-<!-- -->
-
There's also an if-then-else construct and an #include
@@ -7394,9 +7658,8 @@ Requests
License
-
+
-
@@ -7485,35 +7748,35 @@ Requests
and then some examples:
-
+. - Matches any single character, e.g. a,
A, 4, :, or @.
-
+
-
+? - The preceding character or expression is matched ZERO or ONE
times. Either/or.
-
+
-
++ - The preceding character or expression is matched ONE or MORE
times.
-
+
-
+* - The preceding character or expression is matched ZERO or MORE
times.
-
+
-
+\ - The escape character denotes that
the following character should be taken literally. This is used where one of the
@@ -7522,25 +7785,25 @@ Requests
sure the period is recognized only as a period (and not expanded to its
meta-character meaning of any single character).
-
+
-
+[ ] - Characters enclosed in brackets will be matched if
any of the enclosed characters are encountered. For instance, [0-9]
matches any numeric digit (zero through nine). As an example, we can combine
this with + to match any digit one of more times: [0-9]+.
-
+
-
+( ) - parentheses are used to group a sub-expression,
or multiple sub-expressions.
-
+
-
+| - The bar character works like an
or conditional statement. A match is successful if the
@@ -7549,7 +7812,7 @@ Requests
and would match either this example or that
example, and nothing else.
-
+
These are just some of the ones you are likely to use when matching URLs with
@@ -7665,7 +7928,7 @@ Requests
-
+Privoxy's Internal Pages
@@ -7677,7 +7940,6 @@ Requests
rules and other configuration options, and even turn
Privoxy's filtering off, all with
a web browser.
-
@@ -7688,7 +7950,6 @@ Requests
necessary either.
-
@@ -7780,85 +8041,6 @@ Requests
-
-
-
- These may be bookmarked for quick reference. See next.
-
-
-
-
-Bookmarklets
-
- Below are some bookmarklets to allow you to easily access a
- mini version of some of Privoxy's
- special pages. They are designed for MS Internet Explorer, but should work
- equally well in Netscape, Mozilla, and other browsers which support
- JavaScript. They are designed to run directly from your bookmarks - not by
- clicking the links below (although that should work for testing).
-
-
- To save them, right-click the link and choose Add to Favorites
- (IE) or Add Bookmark (Netscape). You will get a warning that
- the bookmark may not be safe - just click OK. Then you can run the
- Bookmarklet directly from your favorites/bookmarks. For even faster access,
- you can put them on the Links bar (IE) or the Personal
- Toolbar (Netscape), and run them with a single click.
-
-
-
-
-
-
-
- Privoxy - Enable
-
-
-
-
-
- Privoxy - Disable
-
-
-
-
-
- Privoxy - Toggle Privoxy (Toggles between enabled and disabled)
-
-
-
-
-
- Privoxy- View Status
-
-
-
-
-
- Privoxy - Why?
-
-
-
-
-
-
- Credit: The site which gave us the general idea for these bookmarklets is
- www.bookmarklets.com. They
- have more information about bookmarklets.
-
-
-
-
@@ -7872,7 +8054,6 @@ Requests
page is requested by your browser:
-
@@ -7981,7 +8162,7 @@ Requests
-
+
NOTE: This is somewhat of a simplistic overview of what happens with each URL
request. For the sake of brevity and simplicity, we have focused on
@@ -8011,8 +8192,7 @@ Requests
One quick test to see if Privoxy is causing a problem
or not, is to disable it temporarily. This should be the first troubleshooting
- step. See the Bookmarklets section on a quick
- and easy way to do this (be sure to flush caches afterward!). Looking at the
+ step (be sure to flush caches afterward!). Looking at the
logs is a good idea too. (Note that both the toggle feature and logging are
enabled via config file settings, and may need to be
turned on.)
@@ -8055,7 +8235,6 @@ Requests
configuration may vary):
-
Matches for http://www.google.com:
@@ -8085,7 +8264,6 @@ Requests
In file: user.action [ View ][ Edit ]
(no matches in this file)
-
This is telling us how we have defined our
@@ -8141,12 +8319,9 @@ In file: user.action [ View ][ Edit ]Privoxy is applying all its actions
to google.com:
-
-
-
Final results:
-add-header
@@ -8204,8 +8379,8 @@ In file: user.action [ View ][ Edit ]
-
+ +set-image-blocker {pattern}
+
Notice the only difference here to the previous listing, is to
@@ -8218,9 +8393,7 @@ In file: user.action [ View ][ Edit ]ad.doubleclick.net:
-
-
{ +block{Domains starts with "ad"} }
ad*.
@@ -8230,7 +8403,6 @@ In file: user.action [ View ][ Edit ]
-
We'll just show the interesting part here - the explicit matches. It is
@@ -8262,9 +8434,7 @@ In file: user.action [ View ][ Edit ]
-
-
Matches for http://www.example.net/adsl/HOWTO/:
In file: default.action [ View ][ Edit ]
@@ -8328,7 +8498,6 @@ In file: user.action [ View ][ Edit ]
-
Ooops, the /adsl/ is matching /ads in our
@@ -8344,13 +8513,10 @@ In file: user.action [ View ][ Edit ]
-
-
{ -block }
/adsl
-
Now the page displays ;-)
@@ -8364,13 +8530,10 @@ In file: user.action [ View ][ Edit ]
-
-
{ +block{Path starts with "ads".} +handle-as-image }
/ads
-
That actually was very helpful and pointed us quickly to where the problem
@@ -8384,9 +8547,7 @@ In file: user.action [ View ][ Edit ]+filter:
-
-
{ shop }
.quietpc.com
.worldpay.com # for quietpc.com
@@ -8394,25 +8555,20 @@ In file: user.action [ View ][ Edit ]
-{ shop } is an alias that expands to
{ -filter -session-cookies-only }.
Or you could do your own exception to negate filtering:
-
-
-
{ -filter }
# Disable ALL filter actions for sites in this section
.forbes.com
developer.ibm.com
localhost
-
This would turn off all filtering for these sites. This is best
@@ -8435,14 +8591,12 @@ In file: user.action [ View ][ Edit ]
-
-
+
{ fragile }
# Handle with care: easy to break
mail.google.
mybank.example.com
-