X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=doc%2Fsource%2Fuser-manual.sgml;h=91a53b0ff54a33f48e3a009803cebc4fc2be5c58;hp=b4ad6a3b873d08378acd05eab66b0c37718f9c55;hb=1d256618be63270402824a950ed15af3a44c19c3;hpb=9448b3b6afaaa1ba52b6dd0995052ace74415798
diff --git a/doc/source/user-manual.sgml b/doc/source/user-manual.sgml
index b4ad6a3b..91a53b0f 100644
--- a/doc/source/user-manual.sgml
+++ b/doc/source/user-manual.sgml
@@ -10,10 +10,11 @@
+
-
+
@@ -30,15 +31,11 @@
Privoxy">
]>
- Copyright &my-copy; 2001-2014 by
- Privoxy Developers
+ Copyright &my-copy; 2001-2020 by
+ Privoxy Developers
-$Id: user-manual.sgml,v 2.203 2016/02/26 12:27:32 fabiankeil Exp $
-
@@ -101,14 +96,11 @@ Hal.
You can find the latest version of the Privoxy User Manual at http://www.privoxy.org/user-manual/.
+ url="https://www.privoxy.org/user-manual/">https://www.privoxy.org/user-manual/.
Please see the Contact section on how to
contact the developers.
-
-
-
@@ -130,7 +122,8 @@ Hal.
Since this is a &p-status; version, not all new features are well tested. This
documentation may be slightly out of sync as a result (especially with
- CVS sources). And there may be bugs, though hopefully
+ git sources).
+ And there may be bugs, though hopefully
not many!
]]>
@@ -140,7 +133,7 @@ Hal.
In addition to the core
features of ad blocking and
- cookie management,
+ cookie management,
Privoxy provides many supplemental
features,
that give the end-user more control, more privacy and more freedom:
@@ -162,7 +155,7 @@ Hal.
Privoxy is available both in convenient pre-compiled
packages for a wide range of operating systems, and as raw source code.
For most users, we recommend using the packages, which can be downloaded from our
- Privoxy Project
+ Privoxy Project
Page.
@@ -234,32 +227,6 @@ How to install the binary packages depends on your operating system:
-
-OS/2
-
-
- First, make sure that no previous installations of
- Junkbuster and / or
- Privoxy are left on your
- system. Check that no Junkbuster
- or Privoxy objects are in
- your startup folder.
-
-
-
-
- Then, just double-click the WarpIN self-installing archive, which will
- guide you through the installation process. A shadow of the
- Privoxy executable will be placed in your
- startup folder so it will start automatically whenever OS/2 starts.
-
-
-
- The directory you choose to install Privoxy
- into will contain all of the configuration files.
-
-
-
Mac OS X
@@ -349,38 +316,163 @@ How to install the binary packages depends on your operating system:
Building from Source
- The most convenient way to obtain the Privoxy sources
- is to download the source tarball from our
- project download
- page.
-
-
-
- If you like to live on the bleeding edge and are not afraid of using
- possibly unstable development versions, you can check out the up-to-the-minute
- version directly from the
- CVS repository.
-
+ The most convenient way to obtain the Privoxy source
+ code is to download the source tarball from our
+
+ project download page,
+ or you can get the up-to-the-minute, possibly unstable, development version from
+ https://www.privoxy.org/.
&buildsource;
+
+ Windows
+
+ Setup
+
+ Install the Cygwin utilities needed to build Privoxy.
+ If you have a 64 bit CPU (which most people do by now), get the
+ Cygwin setup-x86_64.exe program here
+ (the .sig file is here).
+
+
+ Run the setup program and from View / Category select:
+
+
+ Devel
+ autoconf 2.5
+ automake 1.15
+ binutils
+ cmake
+ gcc-core
+ gcc-g++
+ git
+ make
+ mingw64-i686-gcc-core
+ mingw64-i686-zlib
+ Editors
+ vim
+ Libs
+ libxslt: GNOME XSLT library (runtime)
+ Net
+ curl
+ openssh
+ Text
+ docbook-dssl
+ docbook-sgml31
+ docbook-utils
+ openjade
+ Utils
+ gnupg
+ Web
+ w3m
+
+
+
+ If you haven't already downloaded the Privoxy source code, get it now:
+
+
+ mkdir <root-dir>
+ cd <root-dir>
+ git clone https://www.privoxy.org/git/privoxy.git
+
+
+
+ Get the source code (.zip or .tar.gz) for tidy from
+
+ https://github.com/htacg/tidy-html5/releases,
+ unzip into <root-dir> and build the software:
+
+
+ cd <root-dir>
+ cd tidy-html5-x.y.z/build/cmake
+ cmake ../.. -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIB:BOOL=OFF -DCMAKE_INSTALL_PREFIX=/usr/local
+ make && make install
+
+
+
+ If you want to be able to make a Windows release package, get the NSIS .zip file from
+
+
+ https://sourceforge.net/projects/nsis/files/NSIS%203/
+ and extract the NSIS directory to privoxy/windows.
+ Then edit the windows/GNUmakefile to set the location of the NSIS executable - eg:
+
+
+# Path to NSIS
+MAKENSIS = ./nsis/makensis.exe
+
+
+
+
+ Build
+
+
+ To build just the Privoxy executable and not the whole installation package, do:
+
+
+ cd <root-dir>/privoxy
+ ./windows/MYconfigure && make
+
+
+
+ Privoxy uses the GNU Autotools
+ for building software, so the process is:
+
+
+ $ autoheader # creates config.h.in
+ $ autoconf # uses config.h.in to create the configure shell script
+ $ ./configure [options] # creates GNUmakefile
+ $ make [options] # builds the program
+
+
+
+ The usual configure options for building a native Windows application under cygwin are
+
+
+
+ --host=i686-w64-mingw32
+ --enable-mingw32
+ --enable-zlib
+ --enable-static-linking
+ --disable-pthread
+ --disable-dynamic-pcre
+
+
+
+ You can set the CFLAGS and LDFLAGS envars before
+ running configure to set compiler and linker flags. For example:
+
+
+
+ $ export CFLAGS="-O2" # set gcc optimization level
+ $ export LDFLAGS="-Wl,--nxcompat" # Enable DEP
+ $ ./configure --host=i686-w64-mingw32 --enable-mingw32 --enable-zlib \
+ > --enable-static-linking --disable-pthread --disable-dynamic-pcre
+ $ make # build Privoxy
+
+
+
+ See the Developer's Manual
+ for building a Windows release package.
+
+
+
+
+
+
Keeping your Installation Up-to-Date
If you wish to receive an email notification whenever we release updates of
Privoxy or the actions file, subscribe
- to our announce mailing list, ijbswa-announce@lists.sourceforge.net.
+ url="https://lists.privoxy.org/mailman/listinfo/privoxy-announce">subscribe
+ to our announce mailing list, privoxy-announce@lists.privoxy.org.
@@ -415,7 +507,6 @@ How to install the binary packages depends on your operating system:
versions of Privoxy:
-
@@ -500,11 +591,9 @@ How to install the binary packages depends on your operating system:
that filtering does not work on compressed pages, so if you use, or want to
use, filtering, you will need to force compression off. Example:
-
{ +filter{google} +prevent-compression }
.google.
-
Or if you use a number of filters, or filter many sites, you may just want
to turn off compression for all sites in
@@ -532,14 +621,13 @@ How to install the binary packages depends on your operating system:
-->
-Quickstart to Using Privoxy
-
+
@@ -571,7 +659,7 @@ How to install the binary packages depends on your operating system:
Set your browser to use Privoxy as HTTP and
- HTTPS (SSL) proxy
+ HTTPS (SSL) proxy
by setting the proxy configuration for address of
127.0.0.1 and port 8118.
DO NOT activate proxying for FTP or
@@ -584,7 +672,7 @@ How to install the binary packages depends on your operating system:
Flush your browser's disk and memory caches, to remove any cached ad images.
If using Privoxy to manage
- cookies,
+ cookies,
you should remove any currently stored cookies too.
@@ -639,7 +727,6 @@ How to install the binary packages depends on your operating system:
-
@@ -716,7 +803,6 @@ How to install the binary packages depends on your operating system:
set-image-blocker:
-
@@ -791,7 +877,6 @@ How to install the binary packages depends on your operating system:
-
Advanced users will eventually want to explore &my-app;
@@ -837,7 +922,6 @@ How to install the binary packages depends on your operating system:
A quick and simple step by step example:
-
@@ -861,7 +945,6 @@ How to install the binary packages depends on your operating system:
- Actions Files in Use
@@ -872,7 +955,6 @@ How to install the binary packages depends on your operating system:
-
@@ -907,7 +989,6 @@ How to install the binary packages depends on your operating system:
-
This is a very crude and simple example. There might be good reasons to use a
@@ -944,7 +1025,7 @@ How to install the binary packages depends on your operating system:
Before launching Privoxy for the first time, you
will want to configure your browser(s) to use
Privoxy as a HTTP and HTTPS (SSL)
- proxy. The default is
+ proxy. The default is
127.0.0.1 (or localhost) for the proxy address, and port 8118 (earlier versions
used port 8000). This is the one configuration step that must be done
!
@@ -955,19 +1036,17 @@ How to install the binary packages depends on your operating system:
- Proxy Configuration Showing
- Mozilla/Netscape HTTP and HTTPS (SSL) Settings
+ Mozilla Firefox HTTP and HTTPS (SSL) Settings
- [ Screenshot of Mozilla Proxy Configuration ]
+ [ Screenshot of Mozilla Firefox Proxy Configuration ]
-
@@ -975,8 +1054,7 @@ How to install the binary packages depends on your operating system:
- Tools -> Options -> Advanced -> Network ->Connection -> Settings
-
+ Edit -> Preferences -> Network Settings -> Settings
@@ -985,7 +1063,6 @@ How to install the binary packages depends on your operating system:
Edit -> Preferences -> General -> Connection Settings -> Manual Proxy Configuration
-
@@ -999,7 +1076,6 @@ How to install the binary packages depends on your operating system:
Edit -> Preferences -> Advanced -> Proxies -> HTTP Proxy
-
@@ -1019,7 +1095,6 @@ How to install the binary packages depends on your operating system:
- Proxy Configuration Showing
Internet Explorer HTTP and HTTPS (Secure) Settings
@@ -1031,13 +1106,12 @@ How to install the binary packages depends on your operating system:
-
After doing this, flush your browser's disk and memory caches to force a
re-reading of all pages and to get rid of any ads that may be cached. Remove
- any cookies,
+ any cookies,
if you want Privoxy to manage that. You are now
ready to start enjoying the benefits of using
Privoxy!
@@ -1059,11 +1133,9 @@ How to install the binary packages depends on your operating system:
/etc/privoxy/config as its main configuration
file.
-
# /etc/init.d/privoxy start
-
@@ -1082,11 +1154,9 @@ How to install the binary packages depends on your operating system:
To start Privoxy manually, run:
-
# service privoxy onestart
-
@@ -1112,11 +1182,9 @@ Click on the &my-app; Icon to start Privoxy. If no co
Example Unix startup command:
-
# /usr/sbin/privoxy --user privoxy /etc/privoxy/config
-
Note that if you installed Privoxy through
a package manager, the package will probably contain a platform-specific
@@ -1125,16 +1193,6 @@ Example Unix startup command:
-
-OS/2
-
- During installation, Privoxy is configured to
- start automatically when the system restarts. You can start it manually by
- double-clicking on the Privoxy icon in the
- Privoxy folder.
-
-
-
Mac OS X
@@ -1263,7 +1321,6 @@ must find a better place for this paragraph
command-line options:
-
@@ -1379,7 +1436,6 @@ must find a better place for this paragraph
-
On MS Windows only there are two additional
@@ -1416,20 +1472,18 @@ for details.
(shortcut: http://p.p/),
which is a built-in page and works without Internet access.
You will see the following section:
-
-
+ Privoxy Menu
-
▪ View & change the current configuration
- ▪ View the source code version numbers
+ ▪ View or toggle the tags that can be set based on the client's address
▪ View the request headers.
@@ -1442,7 +1496,7 @@ for details.
▪ Documentation
+ url="https://www.privoxy.org/&p-version;/user-manual/">Documentation
@@ -1487,9 +1541,9 @@ for details.
Configuration Files Overview
- For Unix, *BSD and Linux, all configuration files are located in
- /etc/privoxy/ by default. For MS Windows, OS/2, and
- AmigaOS these are all in the same directory as the
+ For Unix, *BSD and GNU/Linux, all configuration files are located in
+ /etc/privoxy/ by default. For MS Windows
+ these are all in the same directory as the
Privoxy executable.
@@ -1501,13 +1555,12 @@ for details.
principle configuration files are:
-
The main configuration file is named config
- on Linux, Unix, BSD, OS/2, and AmigaOS and config.txt
+ on GNU/Linux, Unix, BSD, and config.txt
on Windows. This is a required file.
@@ -1559,7 +1612,6 @@ for details.
-
The syntax of the configuration and filter files may change between different
@@ -1645,7 +1697,6 @@ for details.
are three action files included with Privoxy with
differing purposes:
-
@@ -1708,8 +1759,7 @@ for details.
The default profiles, and their associated actions, as pre-defined in
default.action are:
-
-
Default Configurations
+
Default Configurations
@@ -1826,11 +1876,9 @@ for details.
-
-
The list of actions files to be used are defined in the main configuration
@@ -1954,14 +2002,12 @@ for details.
might look like:
-
{ +handle-as-image +block{Banner ads.} }
# Block these as if they were images. Send no block page.
banners.example.com
media.example.com/.*banners
.example.com/images/ads/
-
You can trace this process for URL patterns and any given URL by visiting Regular
+ Regular
Expressions (POSIX 1003.2).
@@ -2161,7 +2207,7 @@ for details.
themselves. These work similarly to shell globbing type wild-cards:
* represents zero or more arbitrary characters (this is
equivalent to the
- Regular
+ Regular
Expression based syntax of .*),
? represents any single character (this is equivalent to the
regular expression syntax of a simple .), and you can define
@@ -2213,6 +2259,12 @@ for details.
While flexible, this is not the sophistication of full regular expression based syntax.
+
+ When compiled with FEATURE_PCRE_HOST_PATTERNS patterns can be prefixed with
+ PCRE-HOST-PATTERN: in which case full regular expression
+ (PCRE) can be used for the host pattern as well.
+
+
@@ -2223,7 +2275,7 @@ for details.
Privoxy uses modern POSIX 1003.2
- Regular
+ Regular
Expressions for matching the path portion (after the slash),
and is thus more flexible.
@@ -2281,7 +2333,7 @@ for details.
This regular expression is conditional so it will match any page
named index.html regardless of path which in this case can
have one or more /'s. And this one must contain exactly
- .html (but does not have to end with that!).
+ .html (and end with that!).
@@ -2293,6 +2345,7 @@ for details.
that contains any of the words ads, banner,
banners (because of the ?) or junk.
The path does not have to end in these words, just contain them.
+ The path has to contain at least two slashes (including the one at the beginning).
@@ -2319,18 +2372,18 @@ for details.
-The Tag Pattern
+The Request Tag Pattern
- Tag patterns are used to change the applying actions based on the
- request's tags. Tags can be created with either the
- client-header-tagger
+ Request tag patterns are used to change the applying actions based on the
+ request's tags. Tags can be created based on HTTP headers with either
+ the client-header-tagger
or the server-header-tagger action.
- Tag patterns have to start with TAG:, so &my-app;
- can tell them apart from URL patterns. Everything after the colon
+ Request tag patterns have to start with TAG:, so &my-app;
+ can tell them apart from other patterns. Everything after the colon
including white space, is interpreted as a regular expression with
path pattern syntax, except that tag patterns aren't left-anchored
automatically (&my-app; doesn't silently add a ^,
@@ -2346,15 +2399,15 @@ for details.
- Sections can contain URL and tag patterns at the same time,
- but tag patterns are checked after the URL patterns and thus
+ Sections can contain URL and request tag patterns at the same time,
+ but request tag patterns are checked after the URL patterns and thus
always overrule them, even if they are located before the URL patterns.
- Once a new tag is added, Privoxy checks right away if it's matched by one
- of the tag patterns and updates the action settings accordingly. As a result
- tags can be used to activate other tagger actions, as long as these other
+ Once a new request tag is added, Privoxy checks right away if it's matched by one
+ of the request tag patterns and updates the action settings accordingly. As a result
+ request tags can be used to activate other tagger actions, as long as these other
taggers look for headers that haven't already be parsed.
@@ -2379,21 +2432,78 @@ for details.
-The Negative Tag Patterns
+The Negative Request Tag Patterns
- To match requests that do not have a certain tag, specify a negative tag pattern
+ To match requests that do not have a certain request tag, specify a negative tag pattern
by prefixing the tag pattern line with either NO-REQUEST-TAG:
or NO-RESPONSE-TAG: instead of TAG:.
- Negative tag patterns created with NO-REQUEST-TAG: are checked
+ Negative request tag patterns created with NO-REQUEST-TAG: are checked
after all client headers are scanned, the ones created with NO-RESPONSE-TAG:
are checked after all server headers are scanned. In both cases all the created
tags are considered.
+
+
+
+The Client Tag Pattern
+
+
+
+
+
+ This is an experimental feature. The syntax is likely to change in future versions.
+
+
+
+
+ Client tag patterns are not set based on HTTP headers but based on
+ the client's IP address. Users can enable them themselves, but the
+ Privoxy admin controls which tags are available and what their effect
+ is.
+
+
+
+ After a client-specific tag has been defined with the
+ client-specific-tag,
+ directive, action sections can be activated based on the tag by using a
+ CLIENT-TAG pattern. The CLIENT-TAG pattern is evaluated at the same priority
+ as URL patterns, as a result the last matching pattern wins. Tags that
+ are created based on client or server headers are evaluated later on
+ and can overrule CLIENT-TAG and URL patterns!
+
+
+ The tag is set for all requests that come from clients that requested
+ it to be set. Note that "clients" are differentiated by IP address,
+ if the IP address changes the tag has to be requested again.
+
+
+ Clients can request tags to be set by using the CGI interface http://config.privoxy.org/client-tags.
+
+
+
+ Example:
+
+
+
+# If the admin defined the client-specific-tag circumvent-blocks,
+# and the request comes from a client that previously requested
+# the tag to be set, overrule all previous +block actions that
+# are enabled based on URL to CLIENT-TAG patterns.
+{-block}
+CLIENT-TAG:^circumvent-blocks$
+
+# This section is not overruled because it's located after
+# the previous one.
+{+block{Nobody is supposed to request this.}}
+example.org/blocked-example-page
+
@@ -2413,7 +2523,6 @@ for details.
following patterns, and -block means don't
block URLs that match the following patterns, even if +block
previously applied.
-
@@ -2429,18 +2538,15 @@ for details.
Actions fall into three categories:
-
Boolean, i.e the action can only be enabled or
disabled. Syntax:
-
+name # enable action name
-name # disable action name
-
Example: +handle-as-image
@@ -2452,12 +2558,10 @@ for details.
Parameterized, where some value is required in order to enable this type of action.
Syntax:
-
+name{param} # enable action and set parameter to param,
# overwriting parameter from previous match if necessary
-name # disable action. The parameter can be omitted
-
Note that if the URL matches multiple positive forms of a parameterized action,
the last match wins, i.e. the params from earlier matches are simply ignored.
@@ -2476,13 +2580,11 @@ for details.
that can be executed for the same request repeatedly, like adding multiple
headers, or filtering through multiple filters. Syntax:
-
+name{param} # enable action and add param to the list of parameters
-name{param} # remove the parameter param from the list of parameters
# If it was the last one left, disable the action.
-name # disable this action completely and remove all parameters from the list
-
Examples: +add-header{X-Fun-Header: Some text} and
+filter{html-annoyances}
@@ -2490,7 +2592,6 @@ for details.
-
If nothing is specified in any actions file, no actions are
@@ -2585,9 +2686,16 @@ for details.
Example usage:
-
- +add-header{X-User-Tracking: sucks}
-
+ # Add a DNT ("Do not track") header to all requests,
+# event to those that already have one.
+#
+# This is just an example, not a recommendation.
+#
+# There is no reason to believe that user-tracking websites care
+# about the DNT header and depending on the User-Agent, adding the
+# header may make user-tracking easier.
+{+add-header{DNT: 1}}
+/
@@ -2676,7 +2784,6 @@ for details.
Example usage (section):
- {+block{No nasty stuff for you.}}
# Block and replace with "blocked" page
.nasty-stuff.example.com
@@ -2689,7 +2796,6 @@ for details.
{+block{Layered ads.} +handle-as-empty-document}
# Block and then ignore
adserver.example.net/.*\.js$
-
@@ -2760,9 +2866,7 @@ for details.
Example usage:
- +change-x-forwarded-for{block}
-
@@ -2828,6 +2932,11 @@ for details.
one. This can be used to rewrite the request destination behind the client's
back, for example to specify a Tor exit relay for certain requests.
+
+ Note that to change the destination host for
+ https-inspected
+ requests a protocol and host has to be added to the URI.
+
Please refer to the filter file chapter
to learn which client-header filters are available by default, and how to
@@ -2840,16 +2949,91 @@ for details.
Example usage (section):
-
# Hide Tor exit notation in Host and Referer Headers
{+client-header-filter{hide-tor-exit-notation}}
/
-
+
+
+
+
+
+
+
+
+
+client-body-filter
+
+
+
+ Typical use:
+
+
+ Rewrite or remove client request body.
+
+
+
+
+
+ Effect:
+
+
+ All request bodies to which this action applies are filtered on-the-fly through
+ the specified regular expression based substitutions.
+
+
+
+
+
+ Type:
+
+
+ Multi-value.
+
+
+
+
+ Parameter:
+
+
+ The name of a client-body filter, as defined in one of the
+ filter files.
+
+ Notes:
+
+
+ Please refer to the filter file chapter
+ to learn how to create your own client-body filters.
+
+
+ The distribution default.filter file contains a selection of
+ client-body filters for example purposes.
+
+
+ The amount of data that can be filtered is limited by the
+ buffer-limit
+ option in the main config file. The
+ default is 4096 KB (4 Megs). Once this limit is exceeded, the whole
+ request body is passed through unfiltered.
+
+
+
+
+
+ Example usage (section):
+
+
+# Remove "test" everywhere in the request body
+{+client-body-filter{remove-test}}
+/
+
+
+
+
@@ -2915,7 +3099,6 @@ for details.
Example usage (section):
-
# Tag every request with the User-Agent header
{+client-header-tagger{user-agent}}
@@ -2939,9 +3122,8 @@ TAG:^User-Agent: RPM APT-HTTP/
TAG:^User-Agent: fetch libfetch/
TAG:^User-Agent: Ubuntu APT-HTTP/
TAG:^User-Agent: MPlayer/
-
-
-
+
+
# Tag all requests with the Range header set
{+client-header-tagger{range-requests}}
@@ -2955,8 +3137,21 @@ TAG:^User-Agent: MPlayer/
# parts of multimedia files.
{-filter -deanimate-gifs}
TAG:^RANGE-REQUEST$
-
-
+
+
+
+# Tag all requests with the client IP address
+#
+# (Technically the client IP address isn't included in the
+# client headers but client-header taggers can set it anyway.
+# For details see the tagger in default.filter)
+{+client-header-tagger{client-ip-address}}
+/
+
+# Change forwarding settings for requests coming from address 10.0.0.1
+{+forward-override{forward-socks5 127.0.1.2:2222 .}}
+TAG:^IP-ADDRESS: 10\.0\.0\.1$
+
@@ -3056,7 +3251,6 @@ TAG:^RANGE-REQUEST$
Example usage (sections):
- # Check if www.example.net/ really uses valid XHTML
{ +content-type-overwrite{application/xml} }
www.example.net/
@@ -3066,7 +3260,6 @@ www.example.net/
www.example.net/.*\.css$
www.example.net/.*style
-
@@ -3145,12 +3338,10 @@ new action
Example usage (section):
- # Block the non-existent "Privacy-Violation:" client header
{ +crunch-client-header{Privacy-Violation:} }
/
-
-
+
@@ -3227,14 +3418,13 @@ new action
Example usage (section):
- # Let the browser revalidate cached documents but don't
# allow the server to use the revalidation headers for user tracking.
{+hide-if-modified-since{-60} \
+overwrite-last-modified{randomize} \
+crunch-if-none-match}
-/
-
+/
+
@@ -3302,9 +3492,7 @@ new action
Example usage:
- +crunch-incoming-cookies
-
@@ -3381,11 +3569,10 @@ new action
Example usage (section):
- # Crunch server headers that try to prevent caching
{ +crunch-server-header{no-cache} }
-/
-
+/
+
@@ -3452,9 +3639,7 @@ new action
Example usage:
- +crunch-outgoing-cookies
-
@@ -3522,14 +3707,82 @@ new action
Example usage:
- +deanimate-gifs{last}
-
+
+
+
+delay-response
+
+
+
+ Typical use:
+
+ Delay responses to the client to reduce the load
+
+
+
+
+ Effect:
+
+
+ Delays responses to the client by sending the response in ca. 10 byte chunks.
+
+
+
+
+
+ Type:
+
+
+ Parameterized.
+
+
+
+
+ Parameter:
+
+
+ Number of milliseconds
+
+
+
+
+
+ Notes:
+
+
+ Sometimes when JavaScript code is used to fetch advertisements
+ it doesn't respect Privoxy's blocks and retries to fetch the
+ same resource again causing unnecessary load on the client.
+
+
+ This action delays responses to the client and can be combined
+ with blocks
+ to slow down the JavaScript code, thus reducing
+ the load on the client.
+
+
+ When used without blocks
+ the action can also be used to simulate a slow internet connection.
+
+
+
+
+
+ Example usage:
+
+ +delay-response{100}
+
+
+
+
+
+
downgrade-http-version
@@ -3594,16 +3847,15 @@ new action
Example usage (section):
- {+downgrade-http-version}
problem-host.example.com
-
+
external-filter
@@ -3684,9 +3936,7 @@ problem-host.example.com
Example usage:
- +external-filter{fancy-filter}
-
@@ -3791,7 +4041,7 @@ problem-host.example.com
looks for the string http://, either in plain text
(invalid but often used) or encoded as http%3a//.
Some sites use their own URL encoding scheme, encrypt the address
- of the target server or replace it with a database id. In theses cases
+ of the target server or replace it with a database id. In these cases
fast-redirects is fooled and the request reaches the
redirection server where it probably gets logged.
@@ -3801,14 +4051,12 @@ problem-host.example.com
Example usage:
-
{ +fast-redirects{simple-check} }
one.example.com
{ +fast-redirects{check-decoded-url} }
another.example.com/testing
-
@@ -3888,15 +4136,15 @@ problem-host.example.com
Rolling your own
filters requires a knowledge of
- Regular
+ Regular
Expressions and
- HTML.
+ HTML.
This is very powerful feature, and potentially very intrusive.
Filters should be used with caution, and where an equivalent
action is not available.
- The amount of data that can be filtered is limited to the
+ The amount of data that can be filtered is limited by the
buffer-limit
option in the main config file. The
default is 4096 KB (4 Megs). Once this limit is exceeded, the buffered
@@ -3950,112 +4198,112 @@ problem-host.example.com
- +filter{js-annoyances} # Get rid of particularly annoying JavaScript abuse.
+ +filter{js-annoyances} # Get rid of particularly annoying JavaScript abuse.
- +filter{js-events} # Kill JavaScript event bindings and timers (Radically destructive! Only for extra nasty sites).
+ +filter{js-events} # Kill JavaScript event bindings and timers (Radically destructive! Only for extra nasty sites).
- +filter{html-annoyances} # Get rid of particularly annoying HTML abuse.
+ +filter{html-annoyances} # Get rid of particularly annoying HTML abuse.
- +filter{content-cookies} # Kill cookies that come in the HTML or JS content.
+ +filter{content-cookies} # Kill cookies that come in the HTML or JS content.
- +filter{refresh-tags} # Kill automatic refresh tags if refresh time is larger than 9 seconds.
+ +filter{refresh-tags} # Kill automatic refresh tags if refresh time is larger than 9 seconds.
- +filter{unsolicited-popups} # Disable only unsolicited pop-up windows.
+ +filter{unsolicited-popups} # Disable only unsolicited pop-up windows.
- +filter{all-popups} # Kill all popups in JavaScript and HTML.
+ +filter{all-popups} # Kill all popups in JavaScript and HTML.
- +filter{img-reorder} # Reorder attributes in <img> tags to make the banners-by-* filters more effective.
+ +filter{img-reorder} # Reorder attributes in <img> tags to make the banners-by-* filters more effective.
- +filter{banners-by-size} # Kill banners by size.
+ +filter{banners-by-size} # Kill banners by size.
- +filter{banners-by-link} # Kill banners by their links to known clicktrackers.
+ +filter{banners-by-link} # Kill banners by their links to known clicktrackers.
- +filter{webbugs} # Squish WebBugs (1x1 invisible GIFs used for user tracking).
+ +filter{webbugs} # Squish WebBugs (1x1 invisible GIFs used for user tracking).
- +filter{tiny-textforms} # Extend those tiny textareas up to 40x80 and kill the hard wrap.
+ +filter{tiny-textforms} # Extend those tiny textareas up to 40x80 and kill the hard wrap.
- +filter{jumping-windows} # Prevent windows from resizing and moving themselves.
+ +filter{jumping-windows} # Prevent windows from resizing and moving themselves.
- +filter{frameset-borders} # Give frames a border and make them resizable.
+ +filter{frameset-borders} # Give frames a border and make them resizable.
- +filter{iframes} # Removes all detected iframes. Should only be enabled for individual sites.
+ +filter{iframes} # Removes all detected iframes. Should only be enabled for individual sites.
- +filter{demoronizer} # Fix MS's non-standard use of standard charsets.
+ +filter{demoronizer} # Fix MS's non-standard use of standard charsets.
- +filter{shockwave-flash} # Kill embedded Shockwave Flash objects.
+ +filter{shockwave-flash} # Kill embedded Shockwave Flash objects.
- +filter{quicktime-kioskmode} # Make Quicktime movies saveable.
+ +filter{quicktime-kioskmode} # Make Quicktime movies saveable.
- +filter{fun} # Text replacements for subversive browsing fun!
+ +filter{fun} # Text replacements for subversive browsing fun!
- +filter{crude-parental} # Crude parental filtering. Note that this filter doesn't work reliably.
+ +filter{crude-parental} # Crude parental filtering. Note that this filter doesn't work reliably.
- +filter{ie-exploits} # Disable some known Internet Explorer bug exploits.
+ +filter{ie-exploits} # Disable some known Internet Explorer bug exploits.
- +filter{site-specifics} # Cure for site-specific problems. Don't apply generally!
+ +filter{site-specifics} # Cure for site-specific problems. Don't apply generally!
- +filter{no-ping} # Removes non-standard ping attributes in <a> and <area> tags.
+ +filter{no-ping} # Removes non-standard ping attributes in <a> and <area> tags.
- +filter{google} # CSS-based block for Google text ads. Also removes a width limitation and the toolbar advertisement.
+ +filter{google} # CSS-based block for Google text ads. Also removes a width limitation and the toolbar advertisement.
- +filter{yahoo} # CSS-based block for Yahoo text ads. Also removes a width limitation.
+ +filter{yahoo} # CSS-based block for Yahoo text ads. Also removes a width limitation.
- +filter{msn} # CSS-based block for MSN text ads. Also removes tracking URLs and a width limitation.
+ +filter{msn} # CSS-based block for MSN text ads. Also removes tracking URLs and a width limitation.
- +filter{blogspot} # Cleans up some Blogspot blogs. Read the fine print before using this.
+ +filter{blogspot} # Cleans up some Blogspot blogs. Read the fine print before using this.
@@ -4125,11 +4373,9 @@ new action
Example usage:
-
+force-text-mode
-
-
+
@@ -4258,7 +4504,6 @@ new action
Example usage:
-
# Use an ssh tunnel for requests previously tagged as
# User-Agent: fetch libfetch/2.0 and make sure
@@ -4275,8 +4520,7 @@ new action
-overwrite-last-modified \
}
TAG:^User-Agent: fetch libfetch/2\.0$
-
-
+
@@ -4348,13 +4592,11 @@ new action
Example usage:
- # Block all documents on example.org that end with ".js",
# but send an empty document instead of the usual HTML message.
{+block{Blocked JavaScript} +handle-as-empty-document}
example.org/.*\.js$
-
-
+
@@ -4429,7 +4671,6 @@ example.org/.*\.js$
Example usage (sections):
- # Generic image extensions:
#
{+handle-as-image}
@@ -4441,7 +4682,6 @@ example.org/.*\.js$
{+block{Nasty banners.} +handle-as-image}
nasty-banner-server.example.com/junk.cgi\?output=trash
-
@@ -4521,13 +4761,12 @@ new action
Example usage (section):
- # Pretend to use Canadian language settings.
{+hide-accept-language{en-ca} \
+hide-user-agent{Mozilla/5.0 (X11; U; OpenBSD i386; en-CA; rv:1.8.0.4) Gecko/20060628 Firefox/1.5.0.4} \
}
-/
-
+/
+
@@ -4611,13 +4850,11 @@ new action
Example usage:
- # Disarm the download link in Sourceforge's patch tracker
{ -filter \
+content-type-overwrite{text/plain}\
+hide-content-disposition{block} }
.sourceforge.net/tracker/download\.php
-
@@ -4700,13 +4937,11 @@ new action
Example usage (section):
- # Let the browser revalidate but make tracking based on the time less likely.
{+hide-if-modified-since{-60} \
+overwrite-last-modified{randomize} \
+crunch-if-none-match}
/
-
@@ -4775,10 +5010,9 @@ new action
Example usage:
-
- +hide-from-header{block} or
+ +hide-from-header{block}
+ or+hide-from-header{spam-me-senseless@sittingduck.example.com}
-
@@ -4867,37 +5101,190 @@ new action
are on the same host. Most of the time that's the case.
- hide-referer is an alternate spelling of
- hide-referrer and the two can be can be freely
- substituted with each other. (referrer is the
- correct English spelling, however the HTTP specification has a bug - it
- requires it to be spelled as referer.)
+ hide-referer is an alternate spelling of
+ hide-referrer and the two can be can be freely
+ substituted with each other. (referrer is the
+ correct English spelling, however the HTTP specification has a bug - it
+ requires it to be spelled as referer.)
+
+
+
+
+
+ Example usage:
+
+ +hide-referrer{forge}
+ or
+ +hide-referrer{http://www.yahoo.com/}
+
+
+
+
+
+
+
+
+hide-user-agent
+
+
+
+ Typical use:
+
+ Try to conceal your type of browser and client operating system
+
+
+
+
+ Effect:
+
+
+ Replaces the value of the User-Agent: HTTP header
+ in client requests with the specified value.
+
+
+
+
+
+ Type:
+
+
+ Parameterized.
+
+
+
+
+ Parameter:
+
+
+ Any user-defined string.
+
+
+
+
+
+ Notes:
+
+
+
+ This can lead to problems on web sites that depend on looking at this header in
+ order to customize their content for different browsers (which, by the
+ way, is NOT the right thing to do: good web sites
+ work browser-independently).
+
+
+
+ Using this action in multi-user setups or wherever different types of
+ browsers will access the same Privoxy is
+ not recommended. In single-user, single-browser
+ setups, you might use it to delete your OS version information from
+ the headers, because it is an invitation to exploit known bugs for your
+ OS. It is also occasionally useful to forge this in order to access
+ sites that won't let you in otherwise (though there may be a good
+ reason in some cases).
+
+
+ More information on known user-agent strings can be found at
+ http://www.user-agents.org/
+ and
+ http://en.wikipedia.org/wiki/User_agent.
+
+
+
+
+
+ Example usage:
+
+ +hide-user-agent{Mozilla/5.0 (X11; ElectroBSD i386; rv:78.0) Gecko/20100101 Firefox/78.0}
+
+
+
+
+
+
+
+
+https-inspection
+
+
+
+ Typical use:
+
+ Filter encrypted requests and responses
+
+
+
+
+ Effect:
+
+
+ Encrypted requests are decrypted, filtered and forwarded encrypted.
+
+
+
+
+
+ Type:
+
+
+ Boolean.
+
+
+
+
+ Parameter:
+
+
+ N/A
+
+
+
+
+
+ Notes:
+
+
+ This action allows &my-app; to filter encrypted requests and responses.
+ For this to work &my-app; has to generate a certificate and send it
+ to the client which has to accept it.
+
+
+ Before this works the directives in the
+ HTTPS inspection section
+ of the config file have to be configured.
+
+
+ Note that the action has to be enabled based on the CONNECT
+ request which doesn't contain a path. Enabling it based on
+ a pattern with path doesn't work as the path is only seen
+ by &my-app; if the action is already enabled.
+
+
+ This is an experimental feature.
- Example usage:
+ Example usage (section):
-
- +hide-referrer{forge} or
- +hide-referrer{http://www.yahoo.com/}
-
+ {+https-inspection}
+www.example.com
+
-
-hide-user-agent
+
+ignore-certificate-errorsTypical use:
- Try to conceal your type of browser and client operating system
+ Filter encrypted requests and responses without verifying the certificate
@@ -4905,8 +5292,7 @@ new action
Effect:
- Replaces the value of the User-Agent: HTTP header
- in client requests with the specified value.
+ Encrypted requests are forwarded to sites without verifying the certificate.
@@ -4915,7 +5301,7 @@ new action
Type:
- Parameterized.
+ Boolean.
@@ -4923,7 +5309,7 @@ new action
Parameter:
- Any user-defined string.
+ N/A
@@ -4931,29 +5317,21 @@ new action
Notes:
-
-
- This can lead to problems on web sites that depend on looking at this header in
- order to customize their content for different browsers (which, by the
- way, is NOT the right thing to do: good web sites
- work browser-independently).
-
-
- Using this action in multi-user setups or wherever different types of
- browsers will access the same Privoxy is
- not recommended. In single-user, single-browser
- setups, you might use it to delete your OS version information from
- the headers, because it is an invitation to exploit known bugs for your
- OS. It is also occasionally useful to forge this in order to access
- sites that won't let you in otherwise (though there may be a good
- reason in some cases).
+ When the
+ +https-inspection
+ action is used &my-app; by default verifies that the remote site uses a valid
+ certificate.
- More information on known user-agent strings can be found at
- http://www.user-agents.org/
- and
- http://en.wikipedia.org/wiki/User_agent.
+ If the certificate can't be validated by &my-app; the connection is aborted.
+
+
+ This action disables the certificate check so requests to sites
+ with certificates that can't be validated are allowed.
+
+
+ Note that enabling this action allows Man-in-the-middle attacks.
@@ -4961,9 +5339,10 @@ new action
Example usage:
-
- +hide-user-agent{Netscape 6.1 (X11; I; Linux 2.4.18 i686)}
-
+
+ {+ignore-certificate-errors}
+ www.example.org
+
@@ -5039,13 +5418,11 @@ new action
- +limit-connect{443} # Port 443 is OK.
+limit-connect{80,443} # Ports 80 and 443 are OK.
+limit-connect{-3, 7, 20-100, 500-} # Ports less than 3, 7, 20 to 100 and above 500 are OK.
+limit-connect{-} # All ports are OK
+limit-connect{,} # No HTTPS/SSL traffic is allowed
-
@@ -5130,10 +5507,7 @@ new action
Example usages:
-
- +limit-cookie-lifetime{60}
-
-
+ +limit-cookie-lifetime{60}
@@ -5209,9 +5583,10 @@ new action
Note that some (rare) ill-configured sites don't handle requests for uncompressed
documents correctly. Broken PHP applications tend to send an empty document body,
- some IIS versions only send the beginning of the content. If you enable
- prevent-compression per default, you might want to add
- exceptions for those sites. See the example for how to do that.
+ some IIS versions only send the beginning of the content and some content delivery
+ networks let the connection time out.
+ If you enable prevent-compression per default, you might
+ want to add exceptions for those sites. See the example for how to do that.
@@ -5219,7 +5594,6 @@ new action
Example usage (sections):
-
# Selectively turn off compression, and enable a filter
#
@@ -5238,7 +5612,6 @@ new action
#
{ -prevent-compression }
.compusa.com/
-
@@ -5330,13 +5703,11 @@ new action
Example usage:
- # Let the browser revalidate without being tracked across sessions
{ +hide-if-modified-since{-60} \
+overwrite-last-modified{randomize} \
+crunch-if-none-match}
/
-
@@ -5427,14 +5798,13 @@ new action
Example usages:
- # Replace example.com's style sheet with another one
{ +redirect{http://localhost/css-replacements/example.com.css} }
example.com/stylesheet\.css
# Create a short, easy to remember nickname for a favorite site
# (relies on the browser to accept and forward invalid URLs to &my-app;)
-{ +redirect{http://www.privoxy.org/user-manual/actions-file.html} }
+{ +redirect{https://www.privoxy.org/user-manual/actions-file.html} }
a
# Always use the expanded view for Undeadly.org articles
@@ -5464,11 +5834,14 @@ example.com/.*toChange=(?!bar)
# Redirect Destination = https://www.illumos.org/issues/4974
i[0-9][0-9][0-9][0-9]*/
+# Redirect requests for the old Tor Hidden Service of the Privoxy website to the new one
+{+redirect{s@^http://jvauzb4sb3bwlsnc.onion/@http://l3tczdiiwoo63iwxty4lhs6p7eaxop5micbn7vbliydgv63x5zrrrfyd.onion/@}}
+jvauzb4sb3bwlsnc.onion/
+
# Redirect remote requests for this manual
# to the local version delivered by Privoxy
{+redirect{s@^http://www@http://config@}}
www.privoxy.org/user-manual/
-
@@ -5542,15 +5915,13 @@ www.privoxy.org/user-manual/
Example usage (section):
-
{+server-header-filter{html-to-xml}}
example.org/xml-instance-that-is-delivered-as-html
{+server-header-filter{xml-to-html}}
example.org/instance-that-is-delivered-as-xml-but-is-not
-
-
+
@@ -5627,7 +5998,6 @@ example.org/instance-that-is-delivered-as-xml-but-is-not
Example usage (section):
-
# Tag every request with the content type declared by the server
{+server-header-tagger{content-type}}
@@ -5640,8 +6010,64 @@ example.org/instance-that-is-delivered-as-xml-but-is-not
# silly example.
{+external-filter{rotate-image} +force-text-mode}
TAG:^image/
-
-
+
+
+
+
+
+
+
+
+
+
+suppress-tag
+
+
+
+ Typical use:
+
+
+ Suppress client or server tag.
+
+
+
+
+
+ Effect:
+
+
+ Server or client tags to which this action applies are not added to the request,
+ thus making all actions that are specific to these request tags inactive.
+
+
+
+
+
+ Type:
+
+
+ Multi-value.
+
+
+
+
+ Parameter:
+
+
+ The result tag of a server-header or client-header tagger, as defined in one of the
+ filter files.
+
+
+
+
+
+ Example usage (section):
+
+
+# Suppress tag produced by range-requests client-header tagger for requests coming from address 10.0.0.1
+{+suppress-tag{RANGE-REQUEST}}
+TAG:^IP-ADDRESS: 10\.0\.0\.1$
+
@@ -5734,9 +6160,7 @@ TAG:^image/
Example usage:
- +session-cookies-only
-
@@ -5836,21 +6260,15 @@ TAG:^image/
Built-in pattern:
- +set-image-blocker{pattern}
-
Redirect to the BSD daemon:
- +set-image-blocker{http://www.freebsd.org/gifs/dae_up3.gif}
-
Redirect to the built-in pattern for better caching:
- +set-image-blocker{http://config.privoxy.org/send-banner?type=pattern}
-
@@ -5917,7 +6335,6 @@ TAG:^image/
Now let's define some aliases...
-
# Useful custom aliases we can use later.
#
@@ -5945,7 +6362,6 @@ TAG:^image/
#
c0 = +crunch-all-cookies
c1 = -crunch-all-cookies
-
...and put them to use. These sections would appear in the lower part of an
@@ -5953,7 +6369,6 @@ TAG:^image/
up for the / pattern):
-
# These sites are either very complex or very keen on
# user data and require minimal interference to work:
@@ -5977,7 +6392,6 @@ TAG:^image/
{-filter{all-popups} -filter{unsolicited-popups}}
.dabs.com
.overclockers.co.uk
-
Aliases like shop and fragile are typically used for
@@ -6028,7 +6442,6 @@ hal stop here
multiple lines with line continuation.
-
{ \
+change-x-forwarded-for{block} \
@@ -6036,8 +6449,7 @@ hal stop here
+set-image-blocker{pattern} \
}
/ # Match all URLs
-
-
+
The default behavior is now set.
@@ -6064,14 +6476,12 @@ hal stop here
that prevents older &my-app; versions from reading the file:
-
##########################################################################
# Settings -- Don't change! For internal Privoxy use ONLY.
##########################################################################
{{settings}}
for-privoxy-version=3.0.11
-
After that comes the (optional) alias section. We'll use the example
@@ -6079,7 +6489,6 @@ for-privoxy-version=3.0.11
that also explains why and how aliases are used:
-
##########################################################################
# Aliases
@@ -6099,18 +6508,16 @@ for-privoxy-version=3.0.11
#
fragile = -block -filter -crunch-all-cookies -fast-redirects -hide-referrer
shop = -crunch-all-cookies -filter{all-popups}
-
The first of our specialized sections is concerned with fragile
sites, i.e. sites that require minimum interference, because they are either
very complex or very keen on tracking you (and have mechanisms in place that
- make them unusable for people who avoid being tracked). We will simply use
+ make them unusable for people who avoid being tracked). We will use
our pre-defined fragile alias instead of stating the list
of actions explicitly:
-
##########################################################################
# Exceptions for sites that'll break under the default action set:
@@ -6122,7 +6529,6 @@ for-privoxy-version=3.0.11
.office.microsoft.com # surprise, surprise!
.windowsupdate.microsoft.com
mail.google.com
-
Shopping sites are not as fragile, but they typically
@@ -6130,7 +6536,6 @@ mail.google.com
carts or item details. Again, we'll use a pre-defined alias:
-
# Shopping sites:
#
@@ -6139,7 +6544,6 @@ mail.google.com
.worldpay.com # for quietpc.com
.jungle.com
.scan.co.uk
-
The fast-redirects
@@ -6147,7 +6551,6 @@ mail.google.com
breaks some sites. So disable it for popular sites where we know it misbehaves:
-
{ -fast-redirects }
login.yahoo.com
@@ -6156,7 +6559,6 @@ edit.*.yahoo.com
.altavista.com/.*(like|url|link):http
.altavista.com/trans.*urltext=http
.nytimes.com
-
It is important that Privoxy knows which
@@ -6171,7 +6573,6 @@ edit.*.yahoo.com
good start:
-
##########################################################################
# Images:
@@ -6182,7 +6583,6 @@ edit.*.yahoo.com
#
{ +handle-as-image }
/.*\.(gif|jpe?g|png|bmp|ico)$
-
And then there are known banner sources. They often use scripts to
@@ -6199,7 +6599,6 @@ edit.*.yahoo.com
action before, it still applies and needn't be repeated:
-
# Known ad generators:
#
@@ -6211,7 +6610,6 @@ ar.atwola.com
.a[0-9].yimg.com/(?:(?!/i/).)*$
bs*.gsanet.com
.qkimg.net
-
One of the most important jobs of Privoxy
@@ -6231,7 +6629,6 @@ bs*.gsanet.com
to keep the example short:
-
##########################################################################
# Block these fine banners:
@@ -6250,12 +6647,11 @@ count*.
# Site-specific patterns (abbreviated):
#
.hitbox.com
-
It's quite remarkable how many advertisers actually call their banner
servers ads.company.com, or call the directory
- in which the banners are stored simply banners. So the above
+ in which the banners are stored literally banners. So the above
generic patterns are surprisingly effective.
@@ -6280,7 +6676,6 @@ count*.
with no block action applying.
-
##########################################################################
# Save some innocent victims of the above generic block patterns:
@@ -6304,7 +6699,6 @@ ad[ud]*. # (adult.* and add.*)
#
www.globalintersec.com/adv # (adv = advanced)
www.ugu.com/sui/ugu/adv
-
Filtering source code can have nasty side effects,
@@ -6314,7 +6708,6 @@ www.ugu.com/sui/ugu/adv
disables all filters in one fell swoop!
-
# Don't filter code!
#
@@ -6324,7 +6717,6 @@ bugzilla.
developer.
wiki.
.sourceforge.net
-
The actual default.action is of course much more
@@ -6358,10 +6750,8 @@ wiki.
-
# My user.action file. <fred@example.com>
-
As aliases are local to the actions
@@ -6369,7 +6759,6 @@ wiki.
default.action, unless you repeat them here:
-
# Aliases are local to the file they are defined in.
# (Re-)define aliases for this file:
@@ -6400,8 +6789,6 @@ allow-ads = -block -filter{banners-by-size} -filter{banners-by-link}
# MIME types. We want the browser to force these to be text documents.
handle-as-text = -filter +-content-type-overwrite{text/plain} +-force-text-mode -hide-content-disposition
-
-
Say you have accounts on some sites that you visit regularly, and
you don't want to have to log in manually each time. So you'd like
@@ -6411,30 +6798,25 @@ handle-as-text = -filter +-filter }
.your-home-banking-site.com
-
Some file types you may not want to filter for various reasons:
-
# Technical documentation is likely to contain strings that might
# erroneously get altered by the JavaScript-oriented filters:
@@ -6446,7 +6828,6 @@ handle-as-text = -filter +-block action. Say you've
@@ -6459,12 +6840,10 @@ stupid-server.example.com/
in default.action anyway:
-
{ +block{Nasty ads.} }
www.example.com/nasty-ads/sponsor\.gif
another.example.net/more/junk/here/
-
The URLs of dynamically generated banners, especially from large banner
@@ -6478,14 +6857,12 @@ stupid-server.example.com/
browser. Use cautiously.
-
{ +block-as-image }
.doubleclick.net
.fastclick.net
/Realmedia/ads/
ar.atwola.com/
-
Now you noticed that the default configuration breaks Forbes Magazine,
@@ -6499,13 +6876,11 @@ stupid-server.example.com/
that misbehave, and add those to our personalized list of troublemakers:
-
{ fragile }
.forbes.com
webmail.example.com
.mybank.com
-
You like the fun text replacements in default.filter,
@@ -6514,11 +6889,9 @@ stupid-server.example.com/
update-safe config, once and for all:
-
{ +filter{fun} }
/ # For ALL sites!
-
Note that the above is not really a good idea: There are exceptions
@@ -6535,13 +6908,11 @@ stupid-server.example.com/
sites that you feel provide value to you:
-
{ allow-ads }
.sourceforge.net
.slashdot.org
.osdn.net
-
Note that allow-ads has been aliased to
@@ -6557,11 +6928,9 @@ stupid-server.example.com/
it should I choose to.
-
{ handle-as-text }
/.*\.sh$
-user.action is generally the best place to define
@@ -6573,11 +6942,9 @@ stupid-server.example.com/
paths and patterns:
-
{ +set-image-blocker{blank} }
/ # ALL sites
-
@@ -6600,13 +6967,15 @@ stupid-server.example.com/
- &my-app; supports three different pcrs-based filter actions:
+ &my-app; supports four different pcrs-based filter actions:
filter to
rewrite the content that is send to the client,
client-header-filter
- to rewrite headers that are send by the client, and
+ to rewrite headers that are send by the client,
server-header-filter
- to rewrite headers that are send by the server.
+ to rewrite headers that are send by the server, and
+ client-body-filter
+ to rewrite client request body.
@@ -6665,7 +7034,8 @@ stupid-server.example.com/
filter file is organized in sections, which are called filters
here. Each filter consists of a heading line, that starts with one of the
keywordsFILTER:,
- CLIENT-HEADER-FILTER: or SERVER-HEADER-FILTER:
+ CLIENT-HEADER-FILTER:, SERVER-HEADER-FILTER: or
+ CLIENT-BODY-FILTER:
followed by the filter's name, and a short (one line)
description of what it does. Below that line
come the jobs, i.e. lines that define the actual
@@ -6689,9 +7059,7 @@ stupid-server.example.com/
like this:
-FILTER: foo Replace all "foo" with "bar"
-
Below that line, and up to the next header line, come the jobs that
@@ -6711,8 +7079,10 @@ stupid-server.example.com/
The non-standard option letter D (dynamic) allows
to use the variables $host, $origin (the IP address the request came from),
- $path and $url. They will be replaced with the value they refer to before
- the filter is executed.
+ $path, $url and $listen-address (the address on which Privoxy accepted the
+ client request. Example: 127.0.0.1:8118).
+ They will be replaced with the value they refer to before the filter
+ is executed.
@@ -6732,7 +7102,7 @@ stupid-server.example.com/
If you are new to
- Regular
+ Regular
Expressions, you might want to take a look at
the Appendix on regular expressions, and
see the Perl
@@ -6755,9 +7125,7 @@ stupid-server.example.com/
needed:
-s/foo/bar/
-
But wait! Didn't the comment say that all occurrences
@@ -6766,17 +7134,14 @@ stupid-server.example.com/
we'll need to add the g option:
-s/foo/bar/g
-
Our complete filter now looks like this:
-
+
FILTER: foo Replace all "foo" with "bar"
s/foo/bar/g
-
Let's look at some real filters for more interesting examples. Here you see
@@ -6785,14 +7150,12 @@ s/foo/bar/g
-
FILTER: js-annoyances Get rid of particularly annoying JavaScript abuse
# Get rid of JavaScript referrer tracking. Test page: http://www.randomoddness.com/untitled.htm
#
s|(<script.*)document\.referrer(.*</script>)|$1"Not Your Business!"$2|Usg
-
Following the header line and a comment, you see the job. Note that it uses
@@ -6874,12 +7237,10 @@ s|(<script.*)document\.referrer(.*</script>)|$1"Not Your Business!"$2|U
this time only point out the constructs of special interest:
-
# The status bar is for displaying link targets, not pointless blahblah
#
s/window\.status\s*=\s*(['"]).*?\1/dUmMy=1/ig
-\s stands for whitespace characters (space, tab, newline,
@@ -6902,12 +7263,10 @@ s/window\.status\s*=\s*(['"]).*?\1/dUmMy=1/ig
you move your mouse over links.
-
# Kill OnUnload popups. Yummy. Test: http://www.zdnet.com/zdsubs/yahoo/tree/yfs.html
#
s/(<body [^>]*)onunload(.*>)/$1never$2/iU
-
Including the
@@ -6928,14 +7287,12 @@ s/(<body [^>]*)onunload(.*>)/$1never$2/iU
The last example is from the fun department:
-
FILTER: fun Fun text replacements
# Spice the daily news:
#
s/microsoft(?!\.com)/MicroSuck/ig
-
Note the (?!\.com) part (a so-called negative lookahead)
@@ -6945,7 +7302,6 @@ s/microsoft(?!\.com)/MicroSuck/ig
still replacing the word everywhere else.
-
# Buzzword Bingo (example for extended regex syntax)
#
@@ -6961,7 +7317,6 @@ s* industry[ -]leading \
| unrivalled \
*<font color="red"><b>BINGO!</b></font> \
*igx
-
The x option in this job turns on extended syntax, and allows for
@@ -6996,6 +7351,7 @@ pre-defined filters for your convenience:
The purpose of this filter is to get rid of particularly annoying JavaScript abuse.
To that end, it
+
@@ -7019,7 +7375,6 @@ pre-defined filters for your convenience:
-
Use with caution. This is an aggressive filter, and can break sites that
rely heavily on JavaScript.
@@ -7243,7 +7598,7 @@ pre-defined filters for your convenience:
sometimes appear on some pages, or user agents that don't correct for this on
the fly.
@@ -7469,15 +7824,16 @@ pre-defined filters for your convenience:
External filters read the content from STDIN and write the rewritten
- content to STDOUT. The environment variables PRIVOXY_URL, PRIVOXY_PATH,
- PRIVOXY_HOST, PRIVOXY_ORIGIN can be used to get some details about the
- client request.
+ content to STDOUT.
+ The environment variables PRIVOXY_URL, PRIVOXY_PATH, PRIVOXY_HOST,
+ PRIVOXY_ORIGIN, PRIVOXY_LISTEN_ADDRESS can be used to get some details
+ about the client request.
&my-app; will temporary store the content to filter in the
temporary-directory.
-
+
EXTERNAL-FILTER: cat Pointless example filter that doesn't actually modify the content
/bin/cat
@@ -7503,7 +7859,6 @@ EXTERNAL-FILTER: rotate-image Rotate an image by 180 degree. Test filter with li
EXTERNAL-FILTER: citation-needed Adds a "[citation needed]" tag to an image. The coordinates may need adjustment.
/usr/local/bin/convert - -pointsize 16 -fill white -annotate +17+418 "[citation needed]" -
-
@@ -7576,14 +7931,12 @@ EXTERNAL-FILTER: citation-needed Adds a "[citation needed]" tag to an image. The
is in an alpha or beta development stage:
-
<!-- @if-unstable-start -->
... beta warning HTML code goes here ...
<!-- if-unstable-end@ -->
-
If the "unstable" symbol is set, everything in between and including
@@ -7591,9 +7944,7 @@ EXTERNAL-FILTER: citation-needed Adds a "[citation needed]" tag to an image. The
will disappear, leaving nothing but an empty comment:
-<!-- -->
-
There's also an if-then-else construct and an #include
@@ -7638,17 +7989,37 @@ Requests
Privoxy is free software; you can
- redistribute it and/or modify it under the terms of the
- GNU General Public License, version 2,
- as published by the Free Software Foundation and included in
- the next section.
+ redistribute and/or modify its source code under the terms
+ of the GNU General Public License
+ as published by the Free Software Foundation, either version 2
+ of the license, or (at your option) any later version.
+
+
+
+ The same is true for Privoxy binaries
+ unless they are linked with a
+ mbed TLS version
+ that is licensed under the Apache 2.0 license in which
+ case you can redistribute and/or modify the Privoxy
+ binaries under the terms of the GNU General Public License
+ as published by the Free Software Foundation, either version 3
+ of the license, or (at your option) any later version.
+
+
+
+ Both licenses are included in the next section.
License
-
+
+GNU General Public License version 2
-
+
+
+GNU General Public License version 3
+
+
@@ -7737,35 +8108,35 @@ Requests
and then some examples:
-
+. - Matches any single character, e.g. a,
A, 4, :, or @.
-
+
-
+? - The preceding character or expression is matched ZERO or ONE
times. Either/or.
-
+
-
++ - The preceding character or expression is matched ONE or MORE
times.
-
+
-
+* - The preceding character or expression is matched ZERO or MORE
times.
-
+
-
+\ - The escape character denotes that
the following character should be taken literally. This is used where one of the
@@ -7774,25 +8145,25 @@ Requests
sure the period is recognized only as a period (and not expanded to its
meta-character meaning of any single character).
-
+
-
+[ ] - Characters enclosed in brackets will be matched if
any of the enclosed characters are encountered. For instance, [0-9]
matches any numeric digit (zero through nine). As an example, we can combine
this with + to match any digit one of more times: [0-9]+.
-
+
-
+( ) - parentheses are used to group a sub-expression,
or multiple sub-expressions.
-
+
-
+| - The bar character works like an
or conditional statement. A match is successful if the
@@ -7801,7 +8172,7 @@ Requests
and would match either this example or that
example, and nothing else.
-
+
These are just some of the ones you are likely to use when matching URLs with
@@ -7929,7 +8300,6 @@ Requests
rules and other configuration options, and even turn
Privoxy's filtering off, all with
a web browser.
-
@@ -7940,7 +8310,6 @@ Requests
necessary either.
-
@@ -7961,23 +8330,23 @@ Requests
- Show information about the current configuration, including viewing and
- editing of actions files:
+ View and toggle client tags:
@@ -8032,7 +8401,6 @@ Requests
-
@@ -8046,7 +8414,6 @@ Requests
page is requested by your browser:
-
@@ -8155,7 +8522,7 @@ Requests
-
+
NOTE: This is somewhat of a simplistic overview of what happens with each URL
request. For the sake of brevity and simplicity, we have focused on
@@ -8228,7 +8595,6 @@ Requests
configuration may vary):
-
Matches for http://www.google.com:
@@ -8258,7 +8624,6 @@ Requests
In file: user.action [ View ][ Edit ]
(no matches in this file)
-
This is telling us how we have defined our
@@ -8314,12 +8679,9 @@ In file: user.action [ View ][ Edit ]Privoxy is applying all its actions
to google.com:
-
-
-
Final results:
-add-header
@@ -8377,8 +8739,8 @@ In file: user.action [ View ][ Edit ]
-
+ +set-image-blocker {pattern}
+
Notice the only difference here to the previous listing, is to
@@ -8391,9 +8753,7 @@ In file: user.action [ View ][ Edit ]ad.doubleclick.net:
-
-
{ +block{Domains starts with "ad"} }
ad*.
@@ -8403,7 +8763,6 @@ In file: user.action [ View ][ Edit ]
-
We'll just show the interesting part here - the explicit matches. It is
@@ -8435,9 +8794,7 @@ In file: user.action [ View ][ Edit ]
-
-
Matches for http://www.example.net/adsl/HOWTO/:
In file: default.action [ View ][ Edit ]
@@ -8501,7 +8858,6 @@ In file: user.action [ View ][ Edit ]
-
Ooops, the /adsl/ is matching /ads in our
@@ -8517,13 +8873,10 @@ In file: user.action [ View ][ Edit ]
-
-
{ -block }
/adsl
-
Now the page displays ;-)
@@ -8537,13 +8890,10 @@ In file: user.action [ View ][ Edit ]
-
-
{ +block{Path starts with "ads".} +handle-as-image }
/ads
-
That actually was very helpful and pointed us quickly to where the problem
@@ -8557,9 +8907,7 @@ In file: user.action [ View ][ Edit ]+filter:
-
-
{ shop }
.quietpc.com
.worldpay.com # for quietpc.com
@@ -8567,25 +8915,20 @@ In file: user.action [ View ][ Edit ]
-{ shop } is an alias that expands to
{ -filter -session-cookies-only }.
Or you could do your own exception to negate filtering:
-
-
-
{ -filter }
# Disable ALL filter actions for sites in this section
.forbes.com
developer.ibm.com
localhost
-
This would turn off all filtering for these sites. This is best
@@ -8608,14 +8951,12 @@ In file: user.action [ View ][ Edit ]
-
-
+
{ fragile }
# Handle with care: easy to break
mail.google.
mybank.example.com
-