Privoxy utilizes the concept of " actions"
- that are used to manipulate and control web page data.
- Actions files
- are where these actions
- that Privoxy could take while processing a certain
- request, are configured. Typically, you would define a set of default actions
- that apply globally to all URLs, then add exceptions to these defaults where needed.
- There is a wide array of actions available that give the user a high degree
- of control and flexibility on how to process each and every web page.
Actions can be defined on a URL pattern basis, i.e.
- for single URLs, whole web sites, groups or parts thereof etc. Actions can also be
- grouped together and then applied to requests matching one or more patterns.
- There are many possible actions that might apply to any given site. As an example,
- if you are blocking cookies
- as one of your default actions, but need to accept cookies from a given site,
- you would need to define an exception for this site in one of your actions
- files, preferably in user.action.
Actions files are just text files in a special syntax and can be edited
- with a text editor. But probably the easiest way is to access
- Privoxy's user interface with your web browser
- at http://config.privoxy.org/
- (Shortcut: http://p.p/) and then select
- "View &
- change the current configuration" from the menu. Note
- that this feature must be explicitly enabled in the main config file
- (see enable-edit-actions).
Three actions files
- are being included by the developers, to be used for
- different purposes: These are
- default.action, the "main" actions file
- which is actively maintained by the Privoxy
- developers and typically sets the default policies, user.action,
- where users are encouraged to make their private customizations.
- Please see the actions chapter
- in the User Manual for a more
- detailed explanation.
Earlier versions included three different versions of the
- default.action file. The new scheme allows for
- greater flexibility of local configuration, and for browser based
- selection of pre-defined "aggressiveness" levels.
Based on your feedback and the continuing development, updates of
- default.action will be
- made available from time to time on the files section of
- our project page.
-
If you wish to receive an email notification whenever we release updates of
- Privoxy or the actions file, subscribe
- to our announce mailing list, ijbswa-announce@lists.sourceforge.net.
-
The syntax and purpose of configuration files has remained roughly the
- same throughout the 3.x series, but backwards compatibility is not guaranteed.
- Also each release contains updated, "improved" versions and it is
- therefore strongly recommended to install the newer configuration files
- and merge back your modifications.
-
"Complicated" is in the eye of the beholder. Those that are
- familiar with some of the underlying concepts, such as regular expression
- syntax, take to it like a fish takes to water. Also, software that tries
- hard to be "user friendly", often lacks sophistication and
- flexibility. There is always that trade-off there between power vs.
- easy-of-use. Furthermore, anyone is welcome to contribute ideas and
- implementations to enhance Privoxy.
-
The default configuration shouldn't impact the usability of any of these services.
- It may, however, make all cookies
- temporary, so that your browser will forget your
- login credentials in between browser sessions. If you would like not to have to log
- in manually each time you access those websites, simply turn off all cookie handling
- for them in the user.action file. An example for yahoo might
- look like:
-
# Allow all cookies for Yahoo login:
+
+
+
+
+ Configuration
+
+
+
+
+
+
+
+
+
+
Privoxy utilizes the concept of
+ " actions" that are used to manipulate and control web
+ page data. Actions files are where these actions
+ that Privoxy could take while
+ processing a certain request, are configured. Typically, you would
+ define a set of default actions that apply globally to all URLs, then
+ add exceptions to these defaults where needed. There is a wide array of
+ actions available that give the user a high degree of control and
+ flexibility on how to process each and every web page.
+
+
Actions can be defined on a URL
+ pattern basis, i.e. for single URLs, whole web sites, groups or
+ parts thereof etc. Actions can also be grouped together and then
+ applied to requests matching one or more patterns. There are many
+ possible actions that might apply to any given site. As an example, if
+ you are blocking cookies as one of your default actions, but need to
+ accept cookies from a given site, you would need to define an exception
+ for this site in one of your actions files, preferably in user.action.
Actions files are just text files in a special syntax and can be
+ edited with a text editor. But probably the easiest way is to access
+ Privoxy's user interface with your web
+ browser at http://config.privoxy.org/ (Shortcut: http://p.p/) and then select "View & change the current configuration" from the
+ menu. Note that this feature must be explicitly enabled in the main
+ config file (see enable-edit-actions).
Based on your feedback and the continuing development, updates of
+ default.action will be made available from
+ time to time on the files section of our project page.
+
+
If you wish to receive an email notification whenever we release
+ updates of Privoxy or the actions
+ file, subscribe to our announce mailing list,
+ ijbswa-announce@lists.sourceforge.net.
The syntax and purpose of configuration files has remained roughly
+ the same throughout the 3.x series, but backwards compatibility is not
+ guaranteed. Also each release contains updated, "improved" versions and it is therefore strongly
+ recommended to install the newer configuration files and merge back
+ your modifications.
"Complicated" is in the eye of the
+ beholder. Those that are familiar with some of the underlying concepts,
+ such as regular expression syntax, take to it like a fish takes to
+ water. Also, software that tries hard to be "user
+ friendly", often lacks sophistication and flexibility. There is
+ always that trade-off there between power vs. easy-of-use. Furthermore,
+ anyone is welcome to contribute ideas and implementations to enhance
+ Privoxy.
The default configuration shouldn't impact the usability of any of
+ these services. It may, however, make all cookies
+ temporary, so that your browser will forget your login credentials in
+ between browser sessions. If you would like not to have to log in
+ manually each time you access those websites, simply turn off all
+ cookie handling for them in the user.action
+ file. An example for yahoo might look like:
These kinds of sites are often quite complex and heavy with
- Javascript and
- thus "fragile". So if still a problem,
- we have an alias just for such
- sticky situations:
-
These kinds of sites are often quite complex and heavy with Javascript
+ and thus "fragile". So if still a problem, we have an
+ alias just for such sticky situations:
+
+
+
+
+
+# Gmail is a _fragile_ site:
#
-{ fragile }
+{ fragile }
# Gmail is ...
- mail.google.com
-
Be sure to flush your browser's caches whenever making these kinds of
- changes, just to make sure the changes "take".
-
Make sure the domain, host and path are appropriate as well. Your browser can
- tell you where you are specifically and you should use that information for
- your configuration settings. Note that above it is not referenced as
- gmail.com, which is a valid domain name.
-
Configuring Privoxy is not entirely trivial. To
- help you get started, we provide you with three different default action
- "profiles" in the web based actions file editor at http://config.privoxy.org/show-status.
- See the User
- Manual for a list of actions, and how the default
- profiles are set.
-
Where the defaults are likely to break some sites, exceptions for
- known popular "problem" sites are included, but in
- general, the more aggressive your default settings are, the more exceptions
- you will have to make later. New users are best to start off in
- "Cautious" setting. This is safest and will have the fewest
- problems. See the User Manual
- for a more detailed discussion.
It should be noted that the "Advanced" profile (formerly known
- as the "Adventuresome" profile) is more
- aggressive, and will make use of some of
- Privoxy's advanced features. Use at your own risk!
It may seem strange that regular users can edit the config files with their
- browsers, although the whole /etc/privoxy hierarchy
- belongs to the user "privoxy", with only 644 permissions.
-
When you use the browser-based editor, Privoxy
- itself is writing to the config files. Because
- Privoxy is running as the user "privoxy",
- it can update its own config files.
-
If you run Privoxy for multiple untrusted users (e.g. in
- a LAN) or aren't entirely in control of your own browser, you will probably want
- to make sure that the the web-based editor and remote toggle features are
- "off" by setting "enable-edit-actions
- 0" and "enable-remote-toggle
- 0" in the main configuration file.
-
As of Privoxy 3.0.7 these options are disabled by default.
-
The default.filter
- file is where filters as supplied by the developers are defined.
- Filters are a special subset of actions that can be used to modify or
- remove web page content or headers on the fly. Content filters can
- be applied to anything in the page source,
- header filters can be applied to either server or client headers.
- Regular expressions are used to accomplish this.
There are a number of pre-defined filters to deal with common annoyances. The
- filters are only defined here, to invoke them, you need to use the
- filter
- action in one of the actions files. Content filtering is automatically
- disabled for inappropriate MIME types, but if you now better than Privoxy
- what should or should not be filtered you can filter any content you like.
Filters should
- not be confused with blocks, which
- is a completely different action, and is more typically used to block ads and
- unwanted sites.
If you are familiar with regular expressions, and HTML, you can look at
- the provided default.filter with a text editor and define
- your own filters. This is potentially a very powerful feature, but
- requires some expertise in both regular expressions and HTML/HTTP.
- You should
- place any modifications to the default filters, or any new ones you create
- in a separate file, such as user.filter, so they won't
- be overwritten during upgrades.
- The ability to define multiple filter files
- in config is a new feature as of v. 3.0.5.
There is no GUI editor option for this part of the configuration,
- but you can disable/enable the various pre-defined filters of the included
- default.filter file with the web-based actions file editor.
- Note that the custom actions editor must be explicitly enabled in
- the main config file (see enable-edit-actions).
If you intend to develop your own filters, you might want to have a look at
- Privoxy-Filter-Test.
By default, Privoxy only responds to requests
- from 127.0.0.1 (localhost). To have it act as a server for
- a network, this needs to be changed in the main configuration file. Look for
- the listen-address
- option, which may be commented out with a "#" symbol. Make sure
- it is uncommented, and assign it the address of the LAN gateway interface,
- and port number to use. Assuming your LAN address is 192.168.1.1 and you
- wish to run Privoxy on port 8118, this line
- should look like:
listen-address 192.168.1.1:8118
Save the file, and restart Privoxy. Configure
- all browsers on the network then to use this address and port number.
Alternately, you can have Privoxy listen on
- all available interfaces:
listen-address :8118
And then use Privoxy's
- permit-access
- feature to limit connections. A firewall in this situation is recommended
- as well.
The above steps should be the same for any TCP network, regardless of
- operating system.
If you run Privoxy on a LAN with untrusted users,
- we recommend that you double-check the access control and security
- options!
The replacement for blocked images can be controlled with the set-image-blocker
- action. You have the choice of a checkerboard pattern, a transparent 1x1 GIF
- image (aka "blank"), or a redirect to a custom image of your choice.
- Note that this choice only has effect for images which are blocked as images, i.e.
- whose URLs match both a handle-as-image
- andblock action.
Remember that telling which image is an ad and which
- isn't, is an educated guess. While we hope that the standard configuration
- is rather smart, it will make occasional mistakes. The checkerboard image is visually
- decent, and it shows you where images have been blocked, which can be very
- helpful in case some navigation aid or otherwise innocent image was
- erroneously blocked. It is recommended for new users so they can
- "see" what is happening. Some people might also enjoy seeing how
- many banners they don't have to see.
This happens when the banners are not embedded in the HTML code of the
- page itself, but in separate HTML (sub)documents that are loaded into (i)frames
- or (i)layers, and these external HTML documents are blocked. Being non-images
- they get replaced by a substitute HTML page rather than a substitute image,
- which wouldn't work out technically, since the browser expects and accepts
- only HTML when it has requested an HTML document.
The substitute page adapts to the available space and shows itself as a
- miniature two-liner if loaded into small frames, or full-blown with a
- large red "BLOCKED" banner if space allows.
If you prefer the banners to be blocked by images, you must see to it that
- the HTML documents in which they are embedded are not blocked. Clicking
- the "See why" link offered in the substitute page will show
- you which rule blocked the page. After changing the rule and un-blocking
- the HTML documents, the browser will try to load the actual banner images
- and the usual image blocking will (hopefully!) kick in.
Yes. Version 3.0.5 introduces full Windows service
- functionality. See the User Manual for details on how to install and configure
- Privoxy as a service.
The whole idea of Privoxy is to modify client requests
- and server responses in all sorts of ways and therefore
- it's not a transparent proxy as described in
- RFC 2616.
However, some people say "transparent proxy" when they
- mean "intercepting proxy". If you are one of them,
- please read the next entry.
Privoxy can't intercept traffic itself,
- but it can handle requests that where intercepted and redirected
- with a packet filter (like PF or
- iptables), as long as the Host
- header is present.
-
As the Host header is required by HTTP/1.1 and as most
- web sites rely on it anyway, this limitation shouldn't be a problem.
Please refer to your packet filter's documentation to learn how to
- intercept and redirect traffic into Privoxy.
- Afterward you just have to configure Privoxy to
- accept
- intercepted requests.
Versions of Outlook prior to Office 2007, use
- Internet Explorer components to both render HTML,
- and fetch any HTTP requests that may be embedded in an HTML email. So however
- you have Privoxy configured to work with IE, this
- configuration should automatically be shared, at least with older version of
- Internet Explorer.
Starting with Office 2007, Microsoft is instead using the MS-Word rendering
- engine with Outlook. It is unknown whether this can be configured to use a
- proxy.
-
The short answer is, you can't. Privoxy has no way
- of knowing which particular application makes a request, so there is no way to
- distinguish between web pages and HTML mail.
- Privoxy just blindly proxies all requests. In the
- case of Outlook Express (see above), OE uses
- IE anyway, and there is no way for Privoxy to ever
- be able to distinguish between them (nor could any other proxy type application for
- that matter).
Cookies can be
- set in several ways. The classic method is via the
- Set-Cookie HTTP header. This is straightforward, and an
- easy one to manipulate, such as the Privoxy concept of
- session-cookies-only.
- There is also the possibility of using
- Javascript to
- set cookies (Privoxy calls these content-cookies). This
- is trickier because the syntax can vary widely, and thus requires a certain
- amount of guesswork. It is not realistic to catch all of these short of
- disabling Javascript, which would break many sites. And lastly, if the
- cookies are embedded in a HTTPS/SSL secure session via Javascript, they are beyond
- Privoxy's reach.
All in all, Privoxy can help manage cookies in general, can help minimize
- the loss of privacy posed by cookies, but can't realistically stop all
- cookies.
No, in fact there are many beneficial uses of
- cookies. Cookies are just a
- method that browsers can use to store data between pages, or between browser
- sessions. Sometimes there is a good reason for this, and the user's life is a
- bit easier as a result. But there is a long history of some websites taking
- advantage of this layer of trust, and using the data they glean from you and
- your browsing habits for their own purposes, and maybe to your potential
- detriment. Such sites are using you and storing their data on your system.
- That is why the privacy conscious watch from whom those cookies come, and why
- they really need to be there.
There are several actions that relate to cookies. The default behavior is to
- allow only "session cookies", which means the cookies only last
- for the current browser session. This eliminates most kinds of abuse related
- to cookies. But there may be cases where you want cookies to last.
To disable all cookie actions, so that cookies are allowed unrestricted,
- both in and out, for example.com:
Place the above in user.action. Note that some of these may
- be off by default anyway, so this might be redundant, but there is no harm
- being explicit in what you want to happen. user.action
- includes an alias for this situation, called
- allow-all-cookies.
Each instance of Privoxy has its own
- configuration, including such attributes as the TCP port that it listens on.
- What you can do is run multiple instances of Privoxy, each with
- a unique
- listen-address
- configuration setting, and configuration path, and then
- each of these can have their own configurations. Think of it as per-port
- configuration.
- Simple enough for a few users, but for large installations, consider having
- groups of users that might share like configurations.
Be sure to flush your browser's caches whenever making these kinds
+ of changes, just to make sure the changes "take".
+
+
Make sure the domain, host and path are appropriate as well. Your
+ browser can tell you where you are specifically and you should use that
+ information for your configuration settings. Note that above it is not
+ referenced as gmail.com, which is a valid
+ domain name.
Configuring Privoxy is not entirely
+ trivial. To help you get started, we provide you with three different
+ default action "profiles" in the web based
+ actions file editor at http://config.privoxy.org/show-status. See the
+ User Manual for a list of actions, and how the
+ default profiles are set.
+
+
Where the defaults are likely to break some sites, exceptions for
+ known popular "problem" sites are included,
+ but in general, the more aggressive your default settings are, the more
+ exceptions you will have to make later. New users are best to start off
+ in "Cautious" setting. This is safest and
+ will have the fewest problems. See the User
+ Manual for a more detailed discussion.
+
+
It should be noted that the "Advanced"
+ profile (formerly known as the "Adventuresome" profile) is more aggressive, and will
+ make use of some of Privoxy's advanced
+ features. Use at your own risk!
It may seem strange that regular users can edit the config files
+ with their browsers, although the whole /etc/privoxy hierarchy belongs to the user "privoxy", with only 644 permissions.
+
+
When you use the browser-based editor, Privoxy itself is writing to the config files.
+ Because Privoxy is running as the user
+ "privoxy", it can update its own config
+ files.
+
+
If you run Privoxy for multiple
+ untrusted users (e.g. in a LAN) or aren't entirely in control of your
+ own browser, you will probably want to make sure that the web-based
+ editor and remote toggle features are "off"
+ by setting "enable-edit-actions 0" and "enable-remote-toggle 0" in the main configuration
+ file.
+
+
As of Privoxy 3.0.7 these options
+ are disabled by default.
The default.filter file is where
+ filters as
+ supplied by the developers are defined. Filters are a special subset of
+ actions that can be used to modify or remove web page content or
+ headers on the fly. Content filters can be applied to anything in the page source,
+ header filters can be applied to either server or client headers.
+ Regular expressions are used to accomplish this.
+
+
There are a number of pre-defined filters to deal with common
+ annoyances. The filters are only defined here, to invoke them, you need
+ to use the filter action in one of the actions
+ files. Content filtering is automatically disabled for inappropriate
+ MIME types, but if you know better than Privoxy what should or should
+ not be filtered you can filter any content you like.
+
+
Filters should not be confused with blocks, which is a completely different action, and
+ is more typically used to block ads and unwanted sites.
+
+
If you are familiar with regular expressions, and HTML, you can look
+ at the provided default.filter with a text
+ editor and define your own filters. This is potentially a very powerful
+ feature, but requires some expertise in both regular expressions and
+ HTML/HTTP. You should place any modifications to the default filters,
+ or any new ones you create in a separate file, such as user.filter, so they won't be overwritten during
+ upgrades. The ability to define multiple filter files in config is a new feature as of v. 3.0.5.
+
+
There is no GUI editor option for this part of the configuration,
+ but you can disable/enable the various pre-defined filters of the
+ included default.filter file with the
+ web-based
+ actions file editor. Note that the custom actions editor must be
+ explicitly enabled in the main config file (see enable-edit-actions).
+
+
If you intend to develop your own filters, you might want to have a
+ look at Privoxy-Filter-Test.
By default, Privoxy only responds
+ to requests from 127.0.0.1 (localhost). To
+ have it act as a server for a network, this needs to be changed in the
+ main configuration
+ file. Look for the listen-address option, which may be commented out with
+ a "#" symbol. Make sure it is uncommented,
+ and assign it the address of the LAN gateway interface, and port number
+ to use. Assuming your LAN address is 192.168.1.1 and you wish to run
+ Privoxy on port 8118, this line should
+ look like:
+
+
+
+
+
+ listen-address 192.168.1.1:8118
+
+
+
+
+
+
Save the file, and restart Privoxy.
+ Configure all browsers on the network then to use this address and port
+ number.
+
+
Alternately, you can have Privoxy
+ listen on all available interfaces:
+
+
+
+
+
+ listen-address :8118
+
+
+
+
+
+
And then use Privoxy'spermit-access feature to limit connections. A firewall in
+ this situation is recommended as well.
+
+
The above steps should be the same for any TCP network, regardless
+ of operating system.
+
+
If you run Privoxy on a LAN with
+ untrusted users, we recommend that you double-check the access
+ control and security options!
The replacement for blocked images can be controlled with the
+ set-image-blocker action. You have
+ the choice of a checkerboard pattern, a transparent 1x1 GIF image (aka
+ "blank"), or a redirect to a custom image of
+ your choice. Note that this choice only has effect for images which are
+ blocked as images, i.e. whose URLs match both a handle-as-imageandblock
+ action.
Remember that telling which image
+ is an ad and which isn't, is an educated guess. While we hope that
+ the standard configuration is rather smart, it will make occasional
+ mistakes. The checkerboard image is visually decent, and it shows you
+ where images have been blocked, which can be very helpful in case some
+ navigation aid or otherwise innocent image was erroneously blocked. It
+ is recommended for new users so they can "see" what is happening. Some people might also enjoy
+ seeing how many banners they don't have to see.
This happens when the banners are not embedded in the HTML code of
+ the page itself, but in separate HTML (sub)documents that are loaded
+ into (i)frames or (i)layers, and these external HTML documents are
+ blocked. Being non-images they get replaced by a substitute HTML page
+ rather than a substitute image, which wouldn't work out technically,
+ since the browser expects and accepts only HTML when it has requested
+ an HTML document.
+
+
The substitute page adapts to the available space and shows itself
+ as a miniature two-liner if loaded into small frames, or full-blown
+ with a large red "BLOCKED" banner if space allows.
+
+
If you prefer the banners to be blocked by images, you must see to
+ it that the HTML documents in which they are embedded are not blocked.
+ Clicking the "See why" link offered in the
+ substitute page will show you which rule blocked the page. After
+ changing the rule and un-blocking the HTML documents, the browser will
+ try to load the actual banner images and the usual image blocking will
+ (hopefully!) kick in.
Yes. Version 3.0.5 introduces full Windows service functionality. See the User Manual for details on how
+ to install and configure Privoxy as a
+ service.
This can be done and is often useful to combine the benefits of
+ Privoxy with those of a another proxy,
+ for example to cache content. See the forwarding
+ chapter in the User Manual which describes how to do this. If you intend to
+ use Privoxy with Tor, please also have a look at How do I use Privoxy together with Tor.
The whole idea of Privoxy is to modify client requests and server
+ responses in all sorts of ways and therefore it's not a transparent
+ proxy as described in RFC 2616.
+
+
However, some people say "transparent
+ proxy" when they mean "intercepting
+ proxy". If you are one of them, please read the next entry.
Privoxy can't intercept traffic
+ itself, but it can handle requests that where intercepted and
+ redirected with a packet filter (like PF or iptables),
+ as long as the Host header is present.
+
+
As the Host header is required by HTTP/1.1
+ and as most web sites rely on it anyway, this limitation shouldn't be a
+ problem.
+
+
Please refer to your packet filter's documentation to learn how to
+ intercept and redirect traffic into Privoxy. Afterward you just have to configure
+ Privoxy to accept intercepted requests.
Versions of Outlook prior to Office
+ 2007, use Internet Explorer components
+ to both render HTML, and fetch any HTTP requests that may be embedded
+ in an HTML email. So however you have Privoxy configured to work with IE, this
+ configuration should automatically be shared, at least with older
+ version of Internet Explorer.
+
+
Starting with Office 2007, Microsoft is instead using the MS-Word
+ rendering engine with Outlook. It is unknown whether this can be
+ configured to use a proxy.
The short answer is, you can't. Privoxy has no way of knowing which particular
+ application makes a request, so there is no way to distinguish between
+ web pages and HTML mail. Privoxy just
+ blindly proxies all requests. In the case of Outlook Express (see above), OE uses IE anyway,
+ and there is no way for Privoxy to
+ ever be able to distinguish between them (nor could any other proxy
+ type application for that matter).
Cookies can be set in several ways. The classic method is
+ via the Set-Cookie HTTP header. This is
+ straightforward, and an easy one to manipulate, such as the
+ Privoxy concept of session-cookies-only. There is also the possibility of using
+ Javascript to set cookies (Privoxy calls these content-cookies). This is trickier because the syntax
+ can vary widely, and thus requires a certain amount of guesswork. It is
+ not realistic to catch all of these short of disabling Javascript,
+ which would break many sites. And lastly, if the cookies are embedded
+ in a HTTPS/SSL secure session via Javascript, they are beyond
+ Privoxy's reach.
+
+
All in all, Privoxy can help manage
+ cookies in general, can help minimize the loss of privacy posed by
+ cookies, but can't realistically stop all cookies.
No, in fact there are many beneficial uses of cookies. Cookies are just a method that browsers can use to
+ store data between pages, or between browser sessions. Sometimes there
+ is a good reason for this, and the user's life is a bit easier as a
+ result. But there is a long history of some websites taking advantage
+ of this layer of trust, and using the data they glean from you and your
+ browsing habits for their own purposes, and maybe to your potential
+ detriment. Such sites are using you and storing their data on your
+ system. That is why the privacy conscious watch from whom those cookies
+ come, and why they really need to be there.
There are several actions that relate to cookies. The default
+ behavior is to allow only "session cookies",
+ which means the cookies only last for the current browser session. This
+ eliminates most kinds of abuse related to cookies. But there may be
+ cases where you want cookies to last.
+
+
To disable all cookie actions, so that cookies are allowed
+ unrestricted, both in and out, for example.com:
Place the above in user.action. Note that
+ some of these may be off by default anyway, so this might be redundant,
+ but there is no harm being explicit in what you want to happen.
+ user.action includes an alias for this
+ situation, called allow-all-cookies.
Each instance of Privoxy has its
+ own configuration, including such attributes as the TCP port that it
+ listens on. What you can do is run multiple instances of Privoxy, each with a unique listen-address configuration setting, and configuration
+ path, and then each of these can have their own configurations. Think
+ of it as per-port configuration.
+
+
Simple enough for a few users, but for large installations, consider
+ having groups of users that might share like configurations.
This allows access to only those three sites by first blocking all URLs, and
- then subsequently allowing three specific exceptions.
Another approach is Privoxy's
- trustfile concept, which incorporates the notion of
- "trusted referrers". See the Trust documentation
- for details.
These are fairly simple approaches and are not completely foolproof. There
- are various other configuration options that should be disabled (described
- elsewhere here and in the User Manual)
- so that users can't modify their own configuration and easily circumvent the
- whitelist.
Ad blocking is achieved through a complex application of various Privoxy
- actions. These
- actions are deployed against simple images, banners, flash animations,
- text pages, JavaScript, pop-ups and pop-unders, etc., so its not as simple as
- just turning one or two actions off. The various actions that make up
- Privoxy ad blocking are hard-coded into the default configuration files. It
- has been assumed that everyone using Privoxy is interested in this
- particular feature.
-
If you want to do without this, there are several approaches you can take:
- You can manually undo the many block rules in
- default.action. Or even easier, just create your own
- default.action file from scratch without the many ad
- blocking rules, and corresponding exceptions. Or lastly, if you are not
- concerned about the additional blocks that are done for privacy reasons, you
- can very easily over-ride all blocking with the
- following very simple rule in your user.action:
-
This allows access to only those three sites by first blocking all
+ URLs, and then subsequently allowing three specific exceptions.
+
+
Another approach is Privoxy's
+ trustfile concept, which incorporates the
+ notion of "trusted referrers". See the
+ Trust
+ documentation for details.
+
+
These are fairly simple approaches and are not completely foolproof.
+ There are various other configuration options that should be disabled
+ (described elsewhere here and in the User Manual) so that users can't modify their own
+ configuration and easily circumvent the whitelist.
Ad blocking is achieved through a complex application of various
+ Privoxyactions. These
+ actions are deployed against simple images, banners, flash animations,
+ text pages, JavaScript, pop-ups and pop-unders, etc., so its not as
+ simple as just turning one or two actions off. The various actions that
+ make up Privoxy ad blocking are
+ hard-coded into the default configuration files. It has been assumed
+ that everyone using Privoxy is
+ interested in this particular feature.
+
+
If you want to do without this, there are several approaches you can
+ take: You can manually undo the many block rules in default.action. Or even easier, just create your own
+ default.action file from scratch without the
+ many ad blocking rules, and corresponding exceptions. Or lastly, if you
+ are not concerned about the additional blocks that are done for privacy
+ reasons, you can very easily over-ride all blocking with the following very simple rule
+ in your user.action:
Privoxy"templates" are specialized text files utilized by
- Privoxy for various purposes and can easily be modified using any text
- editor. All the template pages are installed in a sub-directory appropriately
- named: templates. Knowing something about HTML syntax
- will of course be helpful.
Be forewarned that the default templates are subject to being overwritten
- during upgrades. You can, however, create completely new templates,
- place them in another directory and specify the alternate path in the main
- config. For details, have a look at the templdir option.
There is more than one way to do it (although Perl is not involved).
Editing the BLOCKED template page (see above) may dissuade some users, but
- this method is easily circumvented. Where you need this level of control, you
- might want to build Privoxy from source, and disable various features that are
- available as compile-time options. You should
- configure the sources as follows:
This will create an executable with hard-coded security features so that
- Privoxy does not allow easy bypassing of blocked sites, or changing the
- current configuration via any connected user's web browser.
Finally, all of these features can also be toggled on/off via options in
- Privoxy's main config file which
- means you don't have to recompile anything.
Privoxy"templates" are specialized text files utilized by
+ Privoxy for various purposes and can
+ easily be modified using any text editor. All the template pages are
+ installed in a sub-directory appropriately named: templates. Knowing something about HTML syntax will of
+ course be helpful.
+
+
Be forewarned that the default templates are subject to being
+ overwritten during upgrades. You can, however, create completely new
+ templates, place them in another directory and specify the alternate
+ path in the main config. For details, have a
+ look at the templdir option.
There is more than one way to do it (although Perl is not
+ involved).
+
+
Editing the BLOCKED template page (see above) may dissuade some
+ users, but this method is easily circumvented. Where you need this
+ level of control, you might want to build Privoxy from source, and disable various features
+ that are available as compile-time options. You should configure the sources as follows:
This will create an executable with hard-coded security features so
+ that Privoxy does not allow easy
+ bypassing of blocked sites, or changing the current configuration via
+ any connected user's web browser.
+
+
Finally, all of these features can also be toggled on/off via
+ options in Privoxy's main config
+ file which means you don't have to recompile anything.