X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=doc%2Fsource%2Fuser-manual.sgml;h=b4ad6a3b873d08378acd05eab66b0c37718f9c55;hp=bc4a46778bc44a7950797c6221df8839fce08d12;hb=7a99a61ab1a3ce0401821aedcd06eba19a698b2a;hpb=8f2e5b9f70798ddd806db094d78e49d7d1fda1e5
diff --git a/doc/source/user-manual.sgml b/doc/source/user-manual.sgml
index bc4a4677..b4ad6a3b 100644
--- a/doc/source/user-manual.sgml
+++ b/doc/source/user-manual.sgml
@@ -9,10 +9,11 @@
+
-
+
@@ -35,9 +36,9 @@
This file belongs into
ijbswa.sourceforge.net:/home/groups/i/ij/ijbswa/htdocs/
- $Id: user-manual.sgml,v 2.167 2013/01/25 14:19:27 fabiankeil Exp $
+ $Id: user-manual.sgml,v 2.203 2016/02/26 12:27:32 fabiankeil Exp $
- Copyright (C) 2001-2013 Privoxy Developers http://www.privoxy.org/
+ Copyright (C) 2001-2014 Privoxy Developers http://www.privoxy.org/
See LICENSE.
========================================================================
@@ -56,12 +57,12 @@
- Copyright &my-copy; 2001-2013 by
+ Copyright &my-copy; 2001-2014 by
Privoxy Developers
-$Id: user-manual.sgml,v 2.167 2013/01/25 14:19:27 fabiankeil Exp $
+$Id: user-manual.sgml,v 2.203 2016/02/26 12:27:32 fabiankeil Exp $
-FreeBSD
+FreeBSD
Privoxy is part of FreeBSD's Ports Collection, you can build and install
it with cd /usr/ports/www/privoxy; make install clean.
-
- If you don't use the ports, you can fetch and install
- the package with pkg_add -r privoxy.
-
-
- The port skeleton and the package can also be downloaded from the
- File Release
- Page, but there's no reason to use them unless you're interested in the
- beta releases which are only available there.
-
@@ -633,18 +624,6 @@ How to install the binary packages depends on your operating system:
-
-
Please see the section Contacting the
@@ -1087,6 +1066,29 @@ How to install the binary packages depends on your operating system:
+
+FreeBSD and ElectroBSD
+
+ To start Privoxy upon booting, add
+ "privoxy_enable='YES'" to /etc/rc.conf.
+ Privoxy will use
+ /usr/local/etc/privoxy/config as its main
+ configuration file.
+
+
+ If you installed Privoxy into a jail, the
+ paths above are relative to the jail root.
+
+
+ To start Privoxy manually, run:
+
+
+
+ # service privoxy onestart
+
+
+
+
Windows
@@ -1106,15 +1108,21 @@ Click on the &my-app; Icon to start Privoxy. If no co
-Solaris, NetBSD, FreeBSD, HP-UX and others
+Generic instructions for Unix derivates (Solaris, NetBSD, HP-UX etc.)
Example Unix startup command:
- # /usr/sbin/privoxy /etc/privoxy/config
+ # /usr/sbin/privoxy --user privoxy /etc/privoxy/config
+
+ Note that if you installed Privoxy through
+ a package manager, the package will probably contain a platform-specific
+ script or configuration file to start Privoxy
+ upon boot.
+
@@ -1130,32 +1138,21 @@ Example Unix startup command:
Mac OS X
- After downloading the privoxy software, unzip the downloaded file by
- double-clicking on the zip file icon. Then, double-click on the
- installer package icon and follow the installation process.
-
-
- The privoxy service will automatically start after a successful
- installation. In addition, the privoxy service will automatically
- start every time your computer starts up.
-
-
- To prevent the privoxy service from automatically starting when your
- computer starts up, remove or rename the folder named
- /Library/StartupItems/Privoxy.
-
-
- A simple application named Privoxy Utility has been created which
- enables administrators to easily start and stop the privoxy service.
+ The privoxy service will automatically start after a successful installation
+ (and thereafter every time your computer starts up) however you will need to
+ configure your web browser(s) to use it. To do so, configure them to use a
+ proxy for HTTP and HTTPS at the address 127.0.0.1:8118.
- In addition, the Privoxy Utility presents a simple way for
- administrators to edit the various privoxy config files. A method
- to uninstall the software is also available.
+ To prevent the privoxy service from automatically starting when your computer
+ starts up, remove or rename the file /Library/LaunchDaemons/org.ijbswa.privoxy.plist
+ (on OS X 10.5 and higher) or the folder named
+ /Library/StartupItems/Privoxy (on OS X 10.4 'Tiger').
- An administrator username and password must be supplied in order for
- the Privoxy Utility to perform any of the tasks.
+ To manually start or stop the privoxy service, use the scripts startPrivoxy.sh
+ and stopPrivoxy.sh supplied in /Applications/Privoxy. They must be run from an
+ administrator account, using sudo.
@@ -1353,9 +1350,10 @@ must find a better place for this paragraph
--pre-chroot-nslookup hostname
- Specifies a hostname to look up before doing a chroot. On some systems, initializing the
- resolver library involves reading config files from /etc and/or loading additional shared
- libraries from /lib. On these systems, doing a hostname lookup before the chroot reduces
+ Specifies a hostname (for example www.privoxy.org) to look up before doing a chroot.
+ On some systems, initializing the resolver library involves reading config files from
+ /etc and/or loading additional shared libraries from /lib.
+ On these systems, doing a hostname lookup before the chroot reduces
the number of files that must be copied into the chroot tree.
@@ -1410,7 +1408,7 @@ for details.
-
+
Controlling Privoxy with Your Web Browser
Privoxy's user interface can be reached through the special
@@ -1466,10 +1464,7 @@ for details.
it as a test to see whether it is Privoxy
causing the problem or not. Privoxy continues
to run as a proxy in this case, but all manipulation is disabled, i.e.
- Privoxy acts like a normal forwarding proxy. There
- is even a toggle Bookmarklet offered, so
- that you can toggle Privoxy with one click from
- your browser.
+ Privoxy acts like a normal forwarding proxy.
@@ -1878,7 +1873,7 @@ for details.
-
+
Finding the Right Mix
Note that some actions, like cookie suppression
@@ -1903,7 +1898,7 @@ for details.
-
+
How to Edit
The easiest way to edit the actions files is with a browser by
@@ -1993,23 +1988,23 @@ for details.
Generally, an URL pattern has the form
- <domain><port>/<path>, where the
- <domain>, the <port>
+ <host><port>/<path>, where the
+ <host>, the <port>
and the <path> are optional. (This is why the special
/ pattern matches all URLs). Note that the protocol
portion of the URL pattern (e.g. http://) should
not be included in the pattern. This is assumed already!
- The pattern matching syntax is different for the domain and path parts of
- the URL. The domain part uses a simple globbing type matching technique,
+ The pattern matching syntax is different for the host and path parts of
+ the URL. The host part uses a simple globbing type matching technique,
while the path part uses more flexible
Regular
Expressions
(POSIX 1003.2).
The port part of a pattern is a decimal port number preceded by a colon
- (:). If the domain part contains a numerical IPv6 address,
+ (:). If the host part contains a numerical IPv6 address,
it has to be put into angle brackets
(<, >).
@@ -2019,7 +2014,7 @@ for details.
www.example.com/
- is a domain-only pattern and will match any request to www.example.com,
+ is a host-only pattern and will match any request to www.example.com,
regardless of which document on that server is requested. So ALL pages in
this domain would be covered by the scope of this action. Note that a
simple example.com is different and would NOT match.
@@ -2030,7 +2025,7 @@ for details.
www.example.com
- means exactly the same. For domain-only patterns, the trailing / may
+ means exactly the same. For host-only patterns, the trailing / may
be omitted.
@@ -2079,6 +2074,15 @@ for details.
+
+ 10.0.0.1/
+
+
+ Matches any URL with the host address 10.0.0.1.
+ (Note that the real URL uses plain brackets, not angle brackets.)
+
+
+
<2001:db8::1>/
@@ -2102,11 +2106,13 @@ for details.
-The Domain Pattern
+The Host Pattern
- The matching of the domain part offers some flexible options: if the
- domain starts or ends with a dot, it becomes unanchored at that end.
+ The matching of the host part offers some flexible options: if the
+ host pattern starts or ends with a dot, it becomes unanchored at that end.
+ The host pattern is often referred to as domain pattern as it is usually
+ used to match domain names and not IP addresses.
For example:
@@ -2213,7 +2219,7 @@ for details.
-The Path Pattern
+The Path Pattern
Privoxy uses modern
POSIX 1003.2
@@ -2372,6 +2378,23 @@ for details.
+
+The Negative Tag Patterns
+
+
+ To match requests that do not have a certain tag, specify a negative tag pattern
+ by prefixing the tag pattern line with either NO-REQUEST-TAG:
+ or NO-RESPONSE-TAG:
instead of TAG:
.
+
+
+
+ Negative tag patterns created with NO-REQUEST-TAG:
are checked
+ after all client headers are scanned, the ones created with NO-RESPONSE-TAG:
+ are checked after all server headers are scanned. In both cases all the created
+ tags are considered.
+
+
+
@@ -2773,7 +2796,7 @@ for details.
Type:
- Parameterized.
+ Multi-value.
@@ -2860,7 +2883,7 @@ for details.
Type:
- Parameterized.
+ Multi-value.
@@ -3581,6 +3604,94 @@ problem-host.example.com
+
+
+external-filter
+
+
+
+ Typical use:
+
+ Modify content using a programming language of your choice.
+
+
+
+
+ Effect:
+
+
+ All instances of text-based type, most notably HTML and JavaScript, to which
+ this action applies, can be filtered on-the-fly through the specified external
+ filter.
+ By default plain text documents are exempted from filtering, because web
+ servers often use the text/plain MIME type for all files
+ whose type they don't know.)
+
+
+
+
+
+ Type:
+
+
+ Multi-value.
+
+
+
+
+ Parameter:
+
+
+ The name of an external content filter, as defined in the
+ filter file.
+ External filters can be defined in one or more files as defined by the
+ filterfile
+ option in the config file.
+
+
+ When used in its negative form,
+ and without parameters, all filtering with external
+ filters is completely disabled.
+
+
+
+
+
+ Notes:
+
+
+ External filters are scripts or programs that can modify the content in
+ case common filters
+ aren't powerful enough. With the exception that this action doesn't
+ use pcrs-based filters, the notes in the
+ filter section apply.
+
+
+
+ Currently external filters are executed with &my-app;'s privileges.
+ Only use external filters you understand and trust.
+
+
+
+ This feature is experimental, the syntax
+ may change in the future.
+
+
+
+
+
+
+ Example usage:
+
+
+ +external-filter{fancy-filter}
+
+
+
+
+
+
fast-redirects
@@ -3735,7 +3846,7 @@ problem-host.example.com
Type:
- Parameterized.
+ Multi-value.
@@ -3843,7 +3954,7 @@ problem-host.example.com
- +filter{js-events} # Kill all JS event bindings and timers (Radically destructive! Only for extra nasty sites).
+ +filter{js-events} # Kill JavaScript event bindings and timers (Radically destructive! Only for extra nasty sites).
@@ -3855,15 +3966,15 @@ problem-host.example.com
- +filter{refresh-tags} # Kill automatic refresh tags (for dial-on-demand setups).
+ +filter{refresh-tags} # Kill automatic refresh tags if refresh time is larger than 9 seconds.
@@ -3893,6 +4004,10 @@ problem-host.example.com
+filter{frameset-borders} # Give frames a border and make them resizable.
+
+
+ +filter{iframes} # Removes all detected iframes. Should only be enabled for individual sites.
+
+filter{demoronizer} # Fix MS's non-standard use of standard charsets.
@@ -4048,7 +4163,7 @@ new action
Type:
- Multi-value.
+ Parameterized.
@@ -4081,6 +4196,32 @@ new action
for socks5 connections (with remote DNS resolution).
+
+
+ forward-webserver 127.0.0.1:80
to use the HTTP
+ server listening at 127.0.0.1 port 80 without adjusting the
+ request headers.
+
+
+ This makes it more convenient to use Privoxy to make
+ existing websites available as onion services as well.
+
+
+ Many websites serve content with hardcoded URLs and
+ can't be easily adjusted to change the domain based
+ on the one used by the client.
+
+
+ Putting Privoxy between Tor and the webserver (or an stunnel
+ that forwards to the webserver) allows to rewrite headers and
+ content to make client and server happy at the same time.
+
+
+ Using Privoxy for webservers that are only reachable through
+ onion addresses and whose location is supposed to be secret
+ is not recommended and should not be necessary anyway.
+
+
@@ -4103,7 +4244,8 @@ new action
If the ports are missing or invalid, default values will be used. This might change
in the future and you shouldn't rely on it. Otherwise incorrect syntax causes Privoxy
- to exit.
+ to exit. Due to design limitations, invalid parameter syntax isn't detected until the
+ action is used the first time.
Use the show-url-info CGI page
@@ -4118,15 +4260,17 @@ new action
-# Always use direct connections for requests previously tagged as
+# Use an ssh tunnel for requests previously tagged as
# User-Agent: fetch libfetch/2.0
and make sure
# resuming downloads continues to work.
+#
# This way you can continue to use Tor for your normal browsing,
# without overloading the Tor network with your FreeBSD ports updates
# or downloads of bigger files like ISOs.
+#
# Note that HTTP headers are easy to fake and therefore their
# values are as (un)trustworthy as your clients and users.
-{+forward-override{forward .} \
+{+forward-override{forward-socks5 10.0.0.2:2222 .} \
-hide-if-modified-since \
-overwrite-last-modified \
}
@@ -5256,9 +5400,15 @@ new action
filter file section.
- This action will be ignored if you use it together with
- block.
- It can be combined with
+ Requests can't be blocked and redirected at the same time,
+ applying this action together with
+ block
+ is a configuration error. Currently the request is blocked
+ and an error message logged, the behavior may change in the
+ future and result in Privoxy rejecting the action file.
+
+
+ This action can be combined with
fast-redirects{check-decoded-url}
to redirect to a decoded version of a rewritten URL.
@@ -5283,7 +5433,7 @@ new action
example.com/stylesheet\.css
# Create a short, easy to remember nickname for a favorite site
-# (relies on the browser accept and forward invalid URLs to &my-app;)
+# (relies on the browser to accept and forward invalid URLs to &my-app;)
{ +redirect{http://www.privoxy.org/user-manual/actions-file.html} }
a
@@ -5301,6 +5451,19 @@ undeadly.org/cgi\?action=article&sid=\d*$
{+redirect{s@^http://[^/]*/results\.aspx\?q=([^&]*).*@http://search.yahoo.com/search?p=$1@}}
search.msn.com//results\.aspx\?q=
+# Redirect http://example.com/&bla=fasel&toChange=foo (and any other value but "bar")
+# to http://example.com/&bla=fasel&toChange=bar
+#
+# The URL pattern makes sure that the following request isn't redirected again.
+{+redirect{s@toChange=[^&]+@toChange=bar@}}
+example.com/.*toChange=(?!bar)
+
+# Add a shortcut to look up illumos bugs
+{+redirect{s@^http://i([0-9]+)/.*@https://www.illumos.org/issues/$1@}}
+# Redirected URL = http://i4974/
+# Redirect Destination = https://www.illumos.org/issues/4974
+i[0-9][0-9][0-9][0-9]*/
+
# Redirect remote requests for this manual
# to the local version delivered by Privoxy
{+redirect{s@^http://www@http://config@}}
@@ -5341,7 +5504,7 @@ www.privoxy.org/user-manual/
Type:
- Parameterized.
+ Multi-value.
@@ -5424,7 +5587,7 @@ example.org/instance-that-is-delivered-as-xml-but-is-not
Type:
- Parameterized.
+ Multi-value.
@@ -5469,6 +5632,14 @@ example.org/instance-that-is-delivered-as-xml-but-is-not
# Tag every request with the content type declared by the server
{+server-header-tagger{content-type}}
/
+
+# If the response has a tag starting with 'image/' enable an external
+# filter that only applies to images.
+#
+# Note that the filter is not available by default, it's just a
+# silly example.
+{+external-filter{rotate-image} +force-text-mode}
+TAG:^image/
@@ -5687,7 +5858,7 @@ example.org/instance-that-is-delivered-as-xml-but-is-not
-
+
Summary
Note that many of these actions have the potential to cause a page to
@@ -5830,7 +6001,7 @@ hal stop here
and user.action file and see how all these pieces come together:
-
+
match-all.action
Remember all actions are disabled when matching starts,
@@ -5873,7 +6044,7 @@ hal stop here
-
+
default.action
@@ -6162,7 +6333,7 @@ wiki.
-user.action
+user.action
So far we are painting with a broad brush by setting general policies,
@@ -6429,7 +6600,7 @@ stupid-server.example.com/
- &my-app; supports three different filter actions:
+ &my-app; supports three different pcrs-based filter actions:
filter to
rewrite the content that is send to the client,
client-header-filter
@@ -6449,6 +6620,13 @@ stupid-server.example.com/
applying actions through sections with tag-patterns.
+
+ Finally &my-app; supports the
+ external-filter action
+ to enable external filters
+ written in proper programming languages.
+
+
Multiple filter files can be defined through the
in a syntax that imitates Perl's
s/// operator. If you are familiar with Perl, you
will find this to be quite intuitive, and may want to look at the
- PCRS documentation for the subtle differences to Perl behaviour. Most
- notably, the non-standard option letter U is supported,
- which turns the default to ungreedy matching.
+ PCRS documentation for the subtle differences to Perl behaviour.
+
+
+
+ Most notably, the non-standard option letter U is supported,
+ which turns the default to ungreedy matching (add ? to
+ quantifiers to turn them greedy again).
+
+
+
+ The non-standard option letter D (dynamic) allows
+ to use the variables $host, $origin (the IP address the request came from),
+ $path and $url. They will be replaced with the value they refer to before
+ the filter is executed.
+
+
+
+ Note that '$' is a bad choice for a delimiter in a dynamic filter as you
+ might end up with unintended variables if you use a variable name
+ directly after the delimiter. Variables will be resolved without
+ escaping anything, therefore you also have to be careful not to chose
+ delimiters that appear in the replacement text. For example '<' should
+ be save, while '?' will sooner or later cause conflicts with $url.
+
+
+
+ The non-standard option letter T (trivial) prevents
+ parsing for backreferences in the substitute. Use it if you want to include
+ text like '$&' in your substitute without quoting.
@@ -6543,7 +6747,7 @@ stupid-server.example.com/
-Filter File Tutorial
+Filter File Tutorial
Now, let's complete our foo
content filter. We have already defined
the heading, but the jobs are still missing. Since all it does is to replace
@@ -7240,6 +7444,78 @@ pre-defined filters for your convenience:
+
+
+External filter syntax
+
+ External filters are scripts or programs that can modify the content in
+ case common filters
+ aren't powerful enough.
+
+
+ External filters can be written in any language the platform &my-app; runs
+ on supports.
+
+
+ They are controlled with the
+ external-filter action
+ and have to be defined in the filterfile
+ first.
+
+
+ The header looks like any other filter, but instead of pcrs jobs, external
+ filters contain a single job which can be a program or a shell script (which
+ may call other scripts or programs).
+
+
+ External filters read the content from STDIN and write the rewritten
+ content to STDOUT. The environment variables PRIVOXY_URL, PRIVOXY_PATH,
+ PRIVOXY_HOST, PRIVOXY_ORIGIN can be used to get some details about the
+ client request.
+
+
+ &my-app; will temporary store the content to filter in the
+ temporary-directory.
+
+
+
+EXTERNAL-FILTER: cat Pointless example filter that doesn't actually modify the content
+/bin/cat
+
+# Incorrect reimplementation of the filter above in POSIX shell.
+#
+# Note that it's a single job that spans multiple lines, the line
+# breaks are not passed to the shell, thus the semicolons are required.
+#
+# If the script isn't trivial, it is recommended to put it into an external file.
+#
+# In general, writing external filters entirely in POSIX shell is not
+# considered a good idea.
+EXTERNAL-FILTER: cat2 Pointless example filter that despite its name may actually modify the content
+while read line; \
+do \
+ echo "$line"; \
+done
+
+EXTERNAL-FILTER: rotate-image Rotate an image by 180 degree. Test filter with limited value.
+/usr/local/bin/convert - -rotate 180 -
+
+EXTERNAL-FILTER: citation-needed Adds a "[citation needed]" tag to an image. The coordinates may need adjustment.
+/usr/local/bin/convert - -pointsize 16 -fill white -annotate +17+418 "[citation needed]" -
+
+
+
+
+
+ Currently external filters are executed with &my-app;'s privileges!
+ Only use external filters you understand and trust.
+
+
+
+ External filters are experimental and the syntax may change in the future.
+
+
+
@@ -7360,11 +7636,20 @@ Requests
©right;
+
+ Privoxy is free software; you can
+ redistribute it and/or modify it under the terms of the
+ GNU General Public License, version 2,
+ as published by the Free Software Foundation and included in
+ the next section.
+
+
-License
-
- &license;
-
+License
+
+
+
+
@@ -7632,7 +7917,7 @@ Requests
-
+
Privoxy's Internal Pages
@@ -7749,84 +8034,6 @@ Requests
-
- These may be bookmarked for quick reference. See next.
-
-
-
-
-Bookmarklets
-
- Below are some bookmarklets
to allow you to easily access a
- mini
version of some of Privoxy's
- special pages. They are designed for MS Internet Explorer, but should work
- equally well in Netscape, Mozilla, and other browsers which support
- JavaScript. They are designed to run directly from your bookmarks - not by
- clicking the links below (although that should work for testing).
-
-
- To save them, right-click the link and choose Add to Favorites
- (IE) or Add Bookmark
(Netscape). You will get a warning that
- the bookmark may not be safe
- just click OK. Then you can run the
- Bookmarklet directly from your favorites/bookmarks. For even faster access,
- you can put them on the Links
bar (IE) or the Personal
- Toolbar
(Netscape), and run them with a single click.
-
-
-
-
-
-
-
- Privoxy - Enable
-
-
-
-
-
- Privoxy - Disable
-
-
-
-
-
- Privoxy - Toggle Privoxy (Toggles between enabled and disabled)
-
-
-
-
-
- Privoxy- View Status
-
-
-
-
-
- Privoxy - Why?
-
-
-
-
-
-
- Credit: The site which gave us the general idea for these bookmarklets is
- www.bookmarklets.com. They
- have more information about bookmarklets.
-
-
-
-
-
@@ -7978,8 +8185,7 @@ Requests
One quick test to see if Privoxy is causing a problem
or not, is to disable it temporarily. This should be the first troubleshooting
- step. See the Bookmarklets section on a quick
- and easy way to do this (be sure to flush caches afterward!). Looking at the
+ step (be sure to flush caches afterward!). Looking at the
logs is a good idea too. (Note that both the toggle feature and logging are
enabled via config file settings, and may need to be
turned on
.)