X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=doc%2Fsource%2Fuser-manual.sgml;h=caac861cc51b386a334f00419c394c94f901e890;hp=349b430dbdea3aa9c609089b9582718186cb98ab;hb=11bc737be471676396d918924566f69483604626;hpb=a8156ded2b05b26bd90307f8a8bb4b0f0c87c9d3
diff --git a/doc/source/user-manual.sgml b/doc/source/user-manual.sgml
index 349b430d..caac861c 100644
--- a/doc/source/user-manual.sgml
+++ b/doc/source/user-manual.sgml
@@ -10,14 +10,15 @@
+
-
+
-
-
+
+
@@ -34,7 +35,7 @@
Purpose : user manual
- Copyright (C) 2001-2018 Privoxy Developers https://www.privoxy.org/
+ Copyright (C) 2001-2020 Privoxy Developers https://www.privoxy.org/
See LICENSE.
========================================================================
@@ -53,7 +54,7 @@
- Copyright &my-copy; 2001-2019 by
+ Copyright &my-copy; 2001-2020 by
Privoxy Developers
@@ -132,7 +133,7 @@ Hal.
In addition to the core
features of ad blocking and
- cookie management,
+ cookie management,
Privoxy provides many supplemental
features,
that give the end-user more control, more privacy and more freedom:
@@ -226,31 +227,6 @@ How to install the binary packages depends on your operating system:
-
-OS/2
-
-
- First, make sure that no previous installations of
- Junkbuster and / or
- Privoxy are left on your
- system. Check that no Junkbuster
- or Privoxy objects are in
- your startup folder.
-
-
-
- Then, just double-click the WarpIN self-installing archive, which will
- guide you through the installation process. A shadow of the
- Privoxy executable will be placed in your
- startup folder so it will start automatically whenever OS/2 starts.
-
-
-
- The directory you choose to install Privoxy
- into will contain all of the configuration files.
-
-
-
Mac OS X
@@ -683,7 +659,7 @@ MAKENSIS = ./nsis/makensis.exe
Set your browser to use Privoxy as HTTP and
- HTTPS (SSL) proxy
+ HTTPS (SSL) proxy
by setting the proxy configuration for address of
127.0.0.1 and port 8118.
DO NOT activate proxying for FTP or
@@ -696,7 +672,7 @@ MAKENSIS = ./nsis/makensis.exe
Flush your browser's disk and memory caches, to remove any cached ad images.
If using Privoxy to manage
- cookies,
+ cookies,
you should remove any currently stored cookies too.
@@ -1049,7 +1025,7 @@ MAKENSIS = ./nsis/makensis.exe
Before launching Privoxy for the first time, you
will want to configure your browser(s) to use
Privoxy as a HTTP and HTTPS (SSL)
- proxy. The default is
+ proxy. The default is
127.0.0.1 (or localhost) for the proxy address, and port 8118 (earlier versions
used port 8000). This is the one configuration step that must be done
!
@@ -1061,13 +1037,13 @@ MAKENSIS = ./nsis/makensis.exe
Proxy Configuration Showing
- Mozilla/Netscape HTTP and HTTPS (SSL) Settings
+ Mozilla Firefox HTTP and HTTPS (SSL) Settings
- [ Screenshot of Mozilla Proxy Configuration ]
+ [ Screenshot of Mozilla Firefox Proxy Configuration ]
@@ -1078,7 +1054,7 @@ MAKENSIS = ./nsis/makensis.exe
- Tools -> Options -> Advanced -> Network ->Connection -> Settings
+ Edit -> Preferences -> Network Settings -> Settings
@@ -1135,7 +1111,7 @@ MAKENSIS = ./nsis/makensis.exe
After doing this, flush your browser's disk and memory caches to force a
re-reading of all pages and to get rid of any ads that may be cached. Remove
- any cookies,
+ any cookies,
if you want Privoxy to manage that. You are now
ready to start enjoying the benefits of using
Privoxy!
@@ -1217,16 +1193,6 @@ Example Unix startup command:
-
-OS/2
-
- During installation, Privoxy is configured to
- start automatically when the system restarts. You can start it manually by
- double-clicking on the Privoxy icon in the
- Privoxy folder.
-
-
-
Mac OS X
@@ -1517,7 +1483,7 @@ for details.
▪ View & change the current configuration
- ▪ View or toggle the tags that can be set based on the clients address
+ ▪ View or toggle the tags that can be set based on the client's address
▪ View the request headers.
@@ -1576,7 +1542,7 @@ for details.
Configuration Files Overview
For Unix, *BSD and GNU/Linux, all configuration files are located in
- /etc/privoxy/ by default. For MS Windows and OS/2
+ /etc/privoxy/ by default. For MS Windows
these are all in the same directory as the
Privoxy executable.
The main configuration file is named config
- on GNU/Linux, Unix, BSD, and OS/2, and config.txt
+ on GNU/Linux, Unix, BSD, and config.txt
on Windows. This is a required file.
@@ -1793,7 +1759,7 @@ for details.
The default profiles, and their associated actions, as pre-defined in
default.action are:
-
Default Configurations
+
Default Configurations
@@ -2079,7 +2045,7 @@ for details.
The pattern matching syntax is different for the host and path parts of
the URL. The host part uses a simple globbing type matching technique,
while the path part uses more flexible
- Regular
+ Regular
Expressions (POSIX 1003.2).
@@ -2241,7 +2207,7 @@ for details.
themselves. These work similarly to shell globbing type wild-cards:
* represents zero or more arbitrary characters (this is
equivalent to the
- Regular
+ Regular
Expression based syntax of .*),
? represents any single character (this is equivalent to the
regular expression syntax of a simple .), and you can define
@@ -2293,6 +2259,12 @@ for details.
While flexible, this is not the sophistication of full regular expression based syntax.
+
+ When compiled with FEATURE_PCRE_HOST_PATTERNS patterns can be prefixed with
+ PCRE-HOST-PATTERN: in which case full regular expression
+ (PCRE) can be used for the host pattern as well.
+
+
@@ -2303,7 +2275,7 @@ for details.
Privoxy uses modern POSIX 1003.2
- Regular
+ Regular
Expressions for matching the path portion (after the slash),
and is thus more flexible.
@@ -3802,71 +3774,6 @@ problem-host.example.com
-
-
-enable-https-filtering
-
-
-
- Typical use:
-
- Filter encrypted requests and responses
-
-
-
-
- Effect:
-
-
- Encrypted requests are decrypted, filtered and forwarded encrypted.
-
-
-
-
-
- Type:
-
-
- Boolean.
-
-
-
-
- Parameter:
-
-
- N/A
-
-
-
-
-
- Notes:
-
-
- This action allows &my-app; to filter encrypted requests and responses.
- For this to work &my-app; has to generate a certificate and send it
- to the client which has to accept it.
-
-
- Before this works the directives in the
- TLS section of the config
- file have to be configured.
-
-
-
-
-
- Example usage (section):
-
- {+enable-https-filtering}
-www.example.com
-
-
-
-
-
-
external-filter
@@ -4052,7 +3959,7 @@ www.example.com
looks for the string http://, either in plain text
(invalid but often used) or encoded as http%3a//.
Some sites use their own URL encoding scheme, encrypt the address
- of the target server or replace it with a database id. In theses cases
+ of the target server or replace it with a database id. In these cases
fast-redirects is fooled and the request reaches the
redirection server where it probably gets logged.
@@ -4147,9 +4054,9 @@ www.example.com
Rolling your own
filters requires a knowledge of
- Regular
+ Regular
Expressions and
- HTML.
+ HTML.
This is very powerful feature, and potentially very intrusive.
Filters should be used with caution, and where an equivalent
action is not available.
@@ -5197,7 +5104,7 @@ new action
More information on known user-agent strings can be found at
http://www.user-agents.org/
and
- http://en.wikipedia.org/wiki/User_agent.
+ http://en.wikipedia.org/wiki/User_agent.
@@ -5205,9 +5112,84 @@ new action
Example usage:
- +hide-user-agent{Netscape 6.1 (X11; I; Linux 2.4.18 i686)}
+ +hide-user-agent{Mozilla/5.0 (X11; ElectroBSD i386; rv:78.0) Gecko/20100101 Firefox/78.0}
+
+
+
+
+
+
+
+
+https-inspection
+
+
+
+ Typical use:
+
+ Filter encrypted requests and responses
+
+
+
+
+ Effect:
+
+
+ Encrypted requests are decrypted, filtered and forwarded encrypted.
+
+
+
+
+
+ Type:
+
+
+ Boolean.
+
+
+
+
+ Parameter:
+
+
+ N/A
+
+
+
+
+
+ Notes:
+
+
+ This action allows &my-app; to filter encrypted requests and responses.
+ For this to work &my-app; has to generate a certificate and send it
+ to the client which has to accept it.
+
+
+ Before this works the directives in the
+ HTTPS inspection section
+ of the config file have to be configured.
+
+
+ Note that the action has to be enabled based on the CONNECT
+ request which doesn't contain a path. Enabling it based on
+ a pattern with path doesn't work as the path is only seen
+ by &my-app; if the action is already enabled.
+
+
+ This is an experimental feature.
+
+
+
+ Example usage (section):
+
+ {+https-inspection}
+www.example.com
+
+
+
@@ -5255,16 +5237,19 @@ new action
When the
- +enable-https-filtering
+ +https-inspection
action is used &my-app; by default verifies that the remote site uses a valid
certificate.
- If the certificate is invalid the connection is aborted.
+ If the certificate can't be validated by &my-app; the connection is aborted.
- This action disabled the certificate check allowing requests to sites
- with invalid certificates.
+ This action disables the certificate check so requests to sites
+ with certificates that can't be validated are allowed.
+
+
+ Note that enabling this action allows Man-in-the-middle attacks.
@@ -5516,9 +5501,10 @@ new action
Note that some (rare) ill-configured sites don't handle requests for uncompressed
documents correctly. Broken PHP applications tend to send an empty document body,
- some IIS versions only send the beginning of the content. If you enable
- prevent-compression per default, you might want to add
- exceptions for those sites. See the example for how to do that.
+ some IIS versions only send the beginning of the content and some content delivery
+ networks let the connection time out.
+ If you enable prevent-compression per default, you might
+ want to add exceptions for those sites. See the example for how to do that.
@@ -5766,6 +5752,10 @@ example.com/.*toChange=(?!bar)
# Redirect Destination = https://www.illumos.org/issues/4974
i[0-9][0-9][0-9][0-9]*/
+# Redirect requests for the old Tor Hidden Service of the Privoxy website to the new one
+{+redirect{s@^http://jvauzb4sb3bwlsnc.onion/@http://l3tczdiiwoo63iwxty4lhs6p7eaxop5micbn7vbliydgv63x5zrrrfyd.onion/@}}
+jvauzb4sb3bwlsnc.onion/
+
# Redirect remote requests for this manual
# to the local version delivered by Privoxy
{+redirect{s@^http://www@http://config@}}
@@ -6970,7 +6960,7 @@ stupid-server.example.com/
If you are new to
- Regular
+ Regular
Expressions, you might want to take a look at
the Appendix on regular expressions, and
see the Perl
@@ -7466,7 +7456,7 @@ pre-defined filters for your convenience:
sometimes appear on some pages, or user agents that don't correct for this on
the fly.
@@ -7857,16 +7847,37 @@ Requests
Privoxy is free software; you can
- redistribute it and/or modify it under the terms of the
- GNU General Public License, version 2,
- as published by the Free Software Foundation and included in
- the next section.
+ redistribute and/or modify its source code under the terms
+ of the GNU General Public License
+ as published by the Free Software Foundation, either version 2
+ of the license, or (at your option) any later version.
+
+
+
+ The same is true for Privoxy binaries
+ unless they are linked with a
+ mbed TLS version
+ that is licensed under the Apache 2.0 license in which
+ case you can redistribute and/or modify the Privoxy
+ binaries under the terms of the GNU General Public License
+ as published by the Free Software Foundation, either version 3
+ of the license, or (at your option) any later version.
+
+
+
+ Both licenses are included in the next section.
License
+GNU General Public License version 2
+
+
+GNU General Public License version 3
+
+