X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=doc%2Fsource%2Fuser-manual.sgml;h=e0ec372ea09cc071f39ee2435df0b22b34904720;hp=1b6ac81367601b36dbe90d88397d057f0bd9704a;hb=305ebc18d945e01bd76a2ac36529489e9f650414;hpb=ce0952da61bb0c60341ada1627bcde2a05b46d98

diff --git a/doc/source/user-manual.sgml b/doc/source/user-manual.sgml
index 1b6ac813..e0ec372e 100644
--- a/doc/source/user-manual.sgml
+++ b/doc/source/user-manual.sgml
@@ -13,7 +13,7 @@
 <!entity p-authors SYSTEM "p-authors.sgml">
 <!entity config SYSTEM "p-config.sgml">
 <!entity changelog SYSTEM "changelog.sgml">
-<!entity p-version "3.0.22">
+<!entity p-version "3.0.25">
 <!entity p-status "UNRELEASED">
 <!entity % p-authors-formal "INCLUDE"> <!-- include additional text, etc  -->
 <!entity % p-not-stable "INCLUDE">
@@ -36,7 +36,7 @@
                 This file belongs into
                 ijbswa.sourceforge.net:/home/groups/i/ij/ijbswa/htdocs/
 
- $Id: user-manual.sgml,v 2.194 2014/10/21 15:30:52 fabiankeil Exp $
+ $Id: user-manual.sgml,v 2.205 2016/03/17 10:42:54 fabiankeil Exp $
 
  Copyright (C) 2001-2014 Privoxy Developers http://www.privoxy.org/
  See LICENSE.
@@ -62,7 +62,7 @@
  </subscript>
 </pubdate>
 
-<pubdate>$Id: user-manual.sgml,v 2.194 2014/10/21 15:30:52 fabiankeil Exp $</pubdate>
+<pubdate>$Id: user-manual.sgml,v 2.205 2016/03/17 10:42:54 fabiankeil Exp $</pubdate>
 
 <!--
 
@@ -1066,6 +1066,29 @@ How to install the binary packages depends on your operating system:
 </para>
 </sect2>
 
+<sect2 id="start-freebsd">
+<title>FreeBSD and ElectroBSD</title>
+<para>
+ To start <application>Privoxy</application> upon booting, add
+ "privoxy_enable='YES'" to <filename>/etc/rc.conf</filename>.
+ <application>Privoxy</application> will use
+ <filename>/usr/local/etc/privoxy/config</filename> as its main
+ configuration file.
+</para>
+<para>
+ If you installed <application>Privoxy</application> into a jail, the
+ paths above are relative to the jail root.
+</para>
+<para>
+ To start <application>Privoxy</application> manually, run:
+</para>
+<para>
+ <screen>
+ # service privoxy onestart
+</screen>
+</para>
+</sect2>
+
 <sect2 id="start-windows">
 <title>Windows</title>
 <para>
@@ -1085,15 +1108,21 @@ Click on the &my-app; Icon to start <application>Privoxy</application>. If no co
 </sect2>
 
 <sect2 id="start-unices">
-<title>Solaris, NetBSD, FreeBSD, HP-UX and others</title>
+<title>Generic instructions for Unix derivates (Solaris, NetBSD, HP-UX etc.)</title>
 <para>
 Example Unix startup command:
 </para>
 <para>
  <screen>
- # /usr/sbin/privoxy /etc/privoxy/config
+ # /usr/sbin/privoxy --user privoxy /etc/privoxy/config
 </screen>
 </para>
+<para>
+ Note that if you installed <application>Privoxy</application> through
+ a package manager, the package will probably contain a platform-specific
+ script or configuration file to start <application>Privoxy</application>
+ upon boot.
+</para>
 </sect2>
 
 <sect2 id="start-os2">
@@ -1109,32 +1138,21 @@ Example Unix startup command:
 <sect2 id="start-macosx">
 <title>Mac OS X</title>
 <para>
-  After downloading the privoxy software, unzip the downloaded file by
-  double-clicking on the zip file icon.  Then, double-click on the
-  installer package icon and follow the installation process.
-</para>
-<para>
-  The privoxy service will automatically start after a successful
-  installation.  In addition, the privoxy service will automatically
-  start every time your computer starts up.
-</para>
-<para>
-  To prevent the privoxy service from automatically starting when your
-  computer starts up, remove or rename the folder named
-  /Library/StartupItems/Privoxy.
-</para>
-<para>
-  A simple application named Privoxy Utility has been created which
-  enables administrators to easily start and stop the privoxy service.
+ The privoxy service will automatically start after a successful installation
+ (and thereafter every time your computer starts up) however you will need to
+ configure your web browser(s) to use it. To do so, configure them to use a
+ proxy for HTTP and HTTPS at the address 127.0.0.1:8118.
 </para>
 <para>
-  In addition, the Privoxy Utility presents a simple way for
-  administrators to edit the various privoxy config files.  A method
-  to uninstall the software is also available.
+ To prevent the privoxy service from automatically starting when your computer
+ starts up, remove or rename the file <literal>/Library/LaunchDaemons/org.ijbswa.privoxy.plist</literal>
+ (on OS X 10.5 and higher) or the folder named
+ <literal>/Library/StartupItems/Privoxy</literal> (on OS X 10.4 'Tiger').
 </para>
 <para>
-  An administrator username and password must be supplied in order for
-  the Privoxy Utility to perform any of the tasks.
+ To manually start or stop the privoxy service, use the scripts startPrivoxy.sh
+ and stopPrivoxy.sh supplied in /Applications/Privoxy. They must be run from an
+ administrator account, using sudo.
 </para>
 </sect2>
 
@@ -1390,7 +1408,7 @@ for details.
 
 <!--   ~~~~~       New section      ~~~~~     -->
 
-<sect2>
+<sect2 id="control-with-webbrowser">
 <title>Controlling Privoxy with Your Web Browser</title>
 <para>
  <application>Privoxy</application>'s user interface can be reached through the special
@@ -1855,7 +1873,7 @@ for details.
 </para>
 
 <!--   ~~~~~       New section      ~~~~~     -->
-<sect2>
+<sect2 id="right-mix">
 <title>Finding the Right Mix</title>
 <para>
  Note that some <link linkend="actions">actions</link>, like cookie suppression
@@ -1880,7 +1898,7 @@ for details.
 </sect2>
 
 <!--   ~~~~~       New section      ~~~~~     -->
-<sect2>
+<sect2 id="how-to-edit">
 <title>How to Edit</title>
 <para>
  The easiest way to edit the actions files is with a browser by
@@ -2201,7 +2219,7 @@ for details.
 
 
 <!--   ~~~~~       New section      ~~~~~     -->
-<sect3><title>The Path Pattern</title>
+<sect3 id="path-pattern"><title>The Path Pattern</title>
 
 <para>
  <application>Privoxy</application> uses <quote>modern</quote> POSIX 1003.2
@@ -2301,18 +2319,18 @@ for details.
 
 
 <!--   ~~~~~       New section      ~~~~~     -->
-<sect3 id="tag-pattern"><title>The Tag Pattern</title>
+<sect3 id="tag-pattern"><title>The Request Tag Pattern</title>
 
 <para>
- Tag patterns are used to change the applying actions based on the
- request's tags. Tags can be created with either the
- <link linkend="CLIENT-HEADER-TAGGER">client-header-tagger</link>
+ Request tag patterns are used to change the applying actions based on the
+ request's tags. Tags can be created based on HTTP headers with either
+ the <link linkend="CLIENT-HEADER-TAGGER">client-header-tagger</link>
  or the  <link linkend="SERVER-HEADER-TAGGER">server-header-tagger</link> action.
 </para>
 
 <para>
- Tag patterns have to start with <quote>TAG:</quote>, so &my-app;
- can tell them apart from URL patterns. Everything after the colon
+ Request tag patterns have to start with <quote>TAG:</quote>, so &my-app;
+ can tell them apart from other patterns. Everything after the colon
  including white space, is interpreted as a regular expression with
  path pattern syntax, except that tag patterns aren't left-anchored
  automatically (&my-app; doesn't silently add a <quote>^</quote>,
@@ -2328,15 +2346,15 @@ for details.
 </para>
 
 <para>
- Sections can contain URL and tag patterns at the same time,
- but tag patterns are checked after the URL patterns and thus
+ Sections can contain URL and request tag patterns at the same time,
+ but request tag patterns are checked after the URL patterns and thus
  always overrule them, even if they are located before the URL patterns.
 </para>
 
 <para>
- Once a new tag is added, Privoxy checks right away if it's matched by one
- of the tag patterns and updates the action settings accordingly. As a result
- tags can be used to activate other tagger actions, as long as these other
+ Once a new request tag is added, Privoxy checks right away if it's matched by one
+ of the request tag patterns and updates the action settings accordingly. As a result
+ request tags can be used to activate other tagger actions, as long as these other
  taggers look for headers that haven't already be parsed.
 </para>
 
@@ -2361,21 +2379,77 @@ for details.
 </sect3>
 
 <!--   ~~~~~       New section      ~~~~~     -->
-<sect3 id="negative-tag-patterns"><title>The Negative Tag Patterns</title>
+<sect3 id="negative-tag-patterns"><title>The Negative Request Tag Patterns</title>
 
 <para>
- To match requests that do not have a certain tag, specify a negative tag pattern
+ To match requests that do not have a certain request tag, specify a negative tag pattern
  by prefixing the tag pattern line with either <quote>NO-REQUEST-TAG:</quote>
  or <quote>NO-RESPONSE-TAG:</quote> instead of <quote>TAG:</quote>.
 </para>
 
 <para>
- Negative tag patterns created with <quote>NO-REQUEST-TAG:</quote> are checked
+ Negative request tag patterns created with <quote>NO-REQUEST-TAG:</quote> are checked
  after all client headers are scanned, the ones created with <quote>NO-RESPONSE-TAG:</quote>
  are checked after all server headers are scanned. In both cases all the created
  tags are considered.
 </para>
 
+<!--   ~~~~~       New section      ~~~~~     -->
+<sect3 id="client-tag-pattern"><title>The Client Tag Pattern</title>
+
+<!-- XXX: This section contains duplicates content from the
+          client-specific-tag documentation. -->
+
+<warning>
+<para>
+ This is an experimental feature. The syntax is likely to change in future versions.
+</para>
+</warning>
+
+<para>
+ Client tag patterns are not set based on HTTP headers but based on
+ the client's IP address. Users can enable them themselves, but the
+ Privoxy admin controls which tags are available and what their effect
+ is.
+</para>
+
+<para>
+ After a client-specific tag has been defined with the
+ <link linkend="client-specific-tag">client-specific-tag</link>,
+ directive, action sections can be activated based on the tag by using a
+ CLIENT-TAG pattern. The CLIENT-TAG pattern is evaluated at the same priority
+ as URL patterns, as a result the last matching pattern wins. Tags that
+ are created based on client or server headers are evaluated later on
+ and can overrule CLIENT-TAG and URL patterns!
+</para>
+<para>
+ The tag is set for all requests that come from clients that requested
+ it to be set. Note that "clients" are  differentiated by IP address,
+ if the IP address changes the tag has to be requested again.
+</para>
+<para>
+ Clients can request tags to be set by using the CGI interface <ulink
+  url="http://config.privoxy.org/show-client-tags">http://config.privoxy.org/show-client-tags</ulink>.
+</para>
+
+<para>
+ Example:
+</para>
+
+<para>
+ <screen>
+# If the admin defined the client-specific-tag circumvent-blocks,
+# and the request comes from a client that previously requested
+# the tag to be set, overrule all previous +block actions that
+# are enabled based on URL to CLIENT-TAG patterns.
+{-block}
+CLIENT-TAG:^circumvent-blocks$
+
+# This section is not overruled because it's located after
+# the previous one.
+{+block{Nobody is supposed to request this.}}
+example.org/blocked-example-page</screen>
+</para>
 
 </sect2>
 
@@ -4145,7 +4219,7 @@ new action
   <term>Type:</term>
   <!-- Boolean, Parameterized, Multi-value -->
   <listitem>
-   <para>Multi-value.</para>
+   <para>Parameterized.</para>
   </listitem>
  </varlistentry>
 
@@ -4178,6 +4252,32 @@ new action
       for socks5 connections (with remote DNS resolution).
      </para>
     </listitem>
+    <listitem>
+     <para>
+      <quote>forward-webserver 127.0.0.1:80</quote> to use the HTTP
+      server listening at 127.0.0.1 port 80 without adjusting the
+      request headers.
+     </para>
+     <para>
+      This makes it more convenient to use Privoxy to make
+      existing websites available as onion services as well.
+     </para>
+     <para>
+      Many websites serve content with hardcoded URLs and
+      can't be easily adjusted to change the domain based
+      on the one used by the client.
+     </para>
+     <para>
+      Putting Privoxy between Tor and the webserver (or an stunnel
+      that forwards to the webserver) allows to rewrite headers and
+      content to make client and server happy at the same time.
+     </para>
+     <para>
+      Using Privoxy for webservers that are only reachable through
+      onion addresses and whose location is supposed to be secret
+      is not recommended and should not be necessary anyway.
+     </para>
+    </listitem>
    </itemizedlist>
   </listitem>
  </varlistentry>
@@ -5814,7 +5914,7 @@ TAG:^image/
 
 
 <!--   ~~~~~       New section      ~~~~~     -->
-<sect3>
+<sect3 id="summary">
 <title>Summary</title>
 <para>
  Note that many of these actions have the potential to cause a page to
@@ -5957,7 +6057,7 @@ hal stop here
  and <filename>user.action</filename> file and see how all these pieces come together:
 </para>
 
-<sect3>
+<sect3 id="match-all">
 <title>match-all.action</title>
 <para>
  Remember <emphasis>all actions are disabled when matching starts</emphasis>,
@@ -6000,7 +6100,7 @@ hal stop here
 </para>
 </sect3>
 
-<sect3>
+<sect3 id="default-action">
 <title>default.action</title>
 
 <para>
@@ -6289,7 +6389,7 @@ wiki.
 
 </sect3>
 
-<sect3><title>user.action</title>
+<sect3 id="user-action"><title>user.action</title>
 
 <para>
  So far we are painting with a broad brush by setting general policies,
@@ -6703,7 +6803,7 @@ stupid-server.example.com/</screen>
 
 <!--   ~~~~~~~~       New section Header    ~~~~~~~~~     -->
 
-<sect2><title>Filter File Tutorial</title>
+<sect2 id="filter-file-tut"><title>Filter File Tutorial</title>
 <para>
  Now, let's complete our <quote>foo</quote> content filter. We have already defined
  the heading, but the jobs are still missing. Since all it does is to replace
@@ -7873,7 +7973,7 @@ Requests</title>
 
 
 <!--   ~~~~~       New section      ~~~~~     -->
-<sect2>
+<sect2 id="internal-pages">
 <title>Privoxy's Internal Pages</title>
 
 <para>
