| Next | 3. Configuration3. Configuration
# Allow all cookies for Yahoo login:
+#
+{ -crunch-incoming-cookies -crunch-outgoing-cookies -session-cookies-only }
+.login.yahoo.com |
These kinds of sites are often quite complex and heavy with + Javascript and + thus "fragile". So if still a problem, + we have an alias just for such + sticky situations: +
# Gmail is a _fragile_ site:
+#
+{ fragile }
+ mail.google.com |
Be sure to flush your browser's caches whenever making these kinds of + changes, just to make sure the changes "take". +
Make sure the domain, host and path are appropriate as well. Your browser can + tell you where you are specifically and you should use that information for + your configuration settings. Note that above it is not referenced as + gmail.com, which is a valid domain name. +
Configuring Privoxy is not entirely trivial. To + help you get started, we provide you with three different default action + "profiles" in the web based actions file editor at http://config.privoxy.org/show-status. + See the User + Manual for a list of actions, and how the default + profiles are set. +
Where the defaults are likely to break some sites, exceptions for + known popular "problem" sites are included, but in + general, the more aggressive your default settings are, the more exceptions + you will have to make later. See the User Manual + for a more detailed discussion.
It should be noted that the "Advanced" profile (formerly known + as the "Adventuresome" profile) is more + aggressive, and will make use of some of + Privoxy's advanced features. Use at your own risk!
What I don't understand, is how I can browser edit the config file as a -regular user, while the whole It may seem strange that regular users can edit the config files with their + browsers, although the whole /etc/privoxy hierarchy -belongs to the user "privoxy", with only 644 permissions.
When you use the browser-based editor, When you use the browser-based editor, Privoxy -itself is writing to the config files. Because -Privoxy is running as the user "privoxy", it can -update the config files. +>, + it can update the config files.
If you don't like this, setting "enable-edit-actions 0" in the -config file will disable the browser-based editor. If you're that paranoid, -you should also consider setting "enable-remote-toggle 0" to prevent -browser-based enabling/disabling of If you run Privoxy for multiple untrusted users (e.g. in + a LAN), you will probably want to turn the web-based editor and remote toggle + features off by setting "enable-edit-actions + 0" and "enable-remote-toggle + 0" in the main configuration file.
Note that normally only local users can connect to - Note that in the default configuration, only local users (i.e. those on + "localhost") can connect to Privoxy, so this is not (normally) a security -problem. +>, + so this is not (normally) a security problem.
The "default.filter" file is where "filters" The default.filter - are defined, which are used to "filter" any - web page content. By "filtering" we mean it can modify, remove, - or change filters as supplied by the developers are defined. + Filters are a special subset of actions that can be used to modify or + remove, web page content on the fly. Filters apply to anything on the page, including HTML tags, and - JavaScript. Regular expressions are used to accomplish this, and operate - on a line by line basis. This is potentially a very powerful feature, but - requires some expertise.
+ in the page source (and optionally both client and server headers), including + HTML tags, and JavaScript. Regular expressions are used to accomplish this. + There are a number of pre-defined filters to deal with common annoyances. The + filters are only defined here, to invoke them, you need to use the + filter + action in one of the actions files. Filtering is automatically + disabled for inappropriate MIME types.If you are familiar with regular expressions, and HTML, you can look at the provided default.filter with a text editor and see - some of things it can be used for.
with a text editor and define + your own filters. This is potentially a very powerful feature, but + requires some expertise in both regular expressions and HTML/HTTP. + You should + place any modifications to the default filters, or any new ones you create + in a separate file, such as user.filter, so they won't + be overwritten during upgrades. + The ability to define multiple filter files + in config is a new feature as of v. 3.0.4.Presently, there is no GUI editor option for this part of the configuration, - but you can disable/enable various sections of the included default - file with the "View & change the current configuration" from - your browser.
There is no GUI editor option for this part of the configuration, + but you can disable/enable the various pre-defined filters of the included + default.filter file with the web-based actions file editor.By default, Privoxy only responds to requests - from localhost. To have it act as a server for a network, this needs to be - changed in the main config file where the Privoxy127.0.0.1 (localhost). To have it act as a server for + a network, this needs to be changed in the main configuration file. Look for + the listen-address - configuration is located. In that file is a "listen-address" - option. It may be commented out with a "#" symbol. Make sure - it is uncommented, and assign it the address of the LAN gateway interface, - and port number to use:
symbol. Make sure + it is uncommented, and assign it the address of the LAN gateway interface, + and port number to use. Assuming your LAN address is 192.168.1.1 and you + wish to run Privoxy on port 8118, this line + should look like:
listen-address :8118 |
And then use Privoxy's "+set-image-blocker"permit-access + feature to limit connections. A firewall in this situation is recommended + as well.
The above steps should be the same for any TCP network, regardless of + operating system.
If you run Privoxy on a LAN with untrusted users, + we recommend that you double-check the access control and security + options!
The replacement for blocked images can be controlled with the set-image-blocker - action to "+image-blocker{blank}". This can be done from the - . You have the choice of a checkerboard pattern, a transparent 1x1 GIF + image (aka "View & change the current configuration" selection at "blank"), or a redirect to a custom image of your choice. + Note that this choice only has effect for images which are blocked as images, i.e. + whose URLs match both a http://p.p/. Or by hand editing the appropriate - actions file. This will only effect what is defined as "images"handle-as-image - though. Also, some URLs that generate the bright red "Blocked"and block action.
If you want to see nothing, then change the set-image-blocker - banner, can be moved to the to "+set-image-blocker" section for the - same reason, but there are some limits and risks to this (see below).
"blank". This can be done by editing the + default.action file, or trough the web-based actions file editor.This can be helpful for troubleshooting problems. It might also be good - for anyone new to Privoxy so that they can - see if their favorite pages are displaying correctly, and - Privoxy is not inadvertently removing something - important.
Remember that telling which image is an ad and which + isn't, is mostly guesswork. While we hope that the standard configuration + is rather smart, it can and will make errors. The checkerboard image is visually + decent, but it shows you that and where images were blocked, which can be very + helpful in case some navigation aid or otherwise innocent image was + erroneously blocked. Some people might also enjoy seeing how many banners + they don't have to see..These are URLs that match something in one of - Privoxy's block actions - ( This happens when the banners are not embedded in the HTML code of the + page itself, but in separate HTML (sub)documents that are loaded into (i)frames + or (i)layers, and these external HTML documents are blocked. Being non-images + they get replaced by a substitute HTML page rather than a substitute image, + which wouldn't work out technically, since the browser expects and accepts + only HTML when it has requested an HTML document.
The substitute page adapts to the available space and shows itself as a + miniature two-liner if loaded into small frames, or full-blown with a + large red "BLOCKED" banner if space allows.
If you prefer the banners to be blocked by images, you must see to it that + the HTML documents in which they are embedded are not blocked. Clicking + the "+block""See why" link offered in the substitute page will show + you which rule blocked the page. After changing the rule and un-blocking + the HTML documents, the browser will try to load the actual banner images + and the usual image blocking will (hopefully!) kick in.
Yes. Version 3.0.4 introduces full Privoxy to really know whether there is indeed an - ad image there or not. And there are limitations as to what +>Windows service + functionality. See the User Manual for details on how to install and configure Privoxy can do to "fool" the - browser.
as a service.For instance, if the ad is in a frame, then it is embedded in the separate - HTML page used for the frame. In this case, you cannot just substitute an - aribitrary image (like we would for a "blank" image), for an HTML - page. The browser is expecting an HTML page, and that is what it must have - for frames. Such situations can be a little trickier to deal with, and +> Earlier 3.x versions could run as a system service using srvany.exe. + See the discussion at http://sourceforge.net/tracker/?func=detail&atid=361118&aid=485617&group_id=11118, + for details, and a sample configuration.
This can be done and is often useful to combine the benefits of Privoxy may show the "Blocked" page, - despite your best efforts.
with those of a another proxy. + See the forwarding chapter + in the User Manual which + describes how to do this, and the How do I use Privoxy together with + Tor section below.If you want these to be treated as if they were images, so that they can be - made invisible, you can try moving the offending URL from the - No, its more complicated than that. This only works with special kinds + of proxies known as "+block" section to the "+imageblock" section of - your actions file. Just be forewarned, if any URL is made - "invisible", you may not have any inkling that something has - been removed from that page, or why. If this approach does not work, then you are - probably dealing with a frame (or "transparent" proxies (see below).
To deal with this situation, you could modify the - "block" HTML template that is used by - No, Privoxy to display this, and make it something - more to your liking. Currently, there is no configuration option for this. - You will have to modify, or create your own page, and use this to replace - templates/blocked, which is what +> currently does not have this ability, + though it may be added in a future release. Transparent proxies require + special handling of the request headers beyond what Privoxy uses to display the "Blocked" - page.
is now capable of.Another way to deal with this is find why and where - Chaining Privoxy is blocking the frame, and - diable this. Then let the "+set-image-blocker" action - handle the ad that is embedded in the frame's HTML page.
behind another proxy that has + this ability should work though. + See the forwarding chapter + in the User Manual. As + a transparent proxy to be used for chaining we recommend Transproxy + (http://transproxy.sourceforge.net/).There is not enough available space to fit the entire Blocked page. Try right - clicking on the visible portion, and select "Show Frame", - or equivalent. This will usually allow you to see the entire Privoxy - "Blocked" page, and from there you can see just what is being - blocked, and why.
3.19. How can I configure Privoxy for use with Outlook + Express?As of Privoxy 2.9.14, the Blocked banner page is re-sizeable, and tries - to adjust to the allotted space. There may be occassions where there - just isn't enough room to display much of anything useful though.
Outlook Express uses Internet Explorer + components to both render HTML, and fetch any HTTP requests that may be embedded in an HTML email. + So however you have Privoxy configured to work + with IE, this configuration should automatically be shared.The short answer is, you can't. Privoxy run as a service -on Win2K/NT?
Yes, it can run as a system service using srvany.exe. - The only catch is that this will effectively disable the +> has no way + of knowing which particular application makes a request, so there is no way to + distinguish between web pages and HTML mail. Privoxy icon in the taskbar. You can have - one or the other, but not both at this time :(
just blindly proxies all requests. In the + case of Outlook Express (see above), OE uses + IE anyway, and there is no way for Privoxy to ever + be able to distinguish between them (nor could any other proxy type application for + that matter).There is a pending feature request for this functionality. See - thread: For a good discussion of some of the issues involved (including privacy and + security issues), see + http://sourceforge.net/tracker/?func=detail&atid=361118&aid=485617&group_id=11118, - for details, and a sample configuration.
http://sourceforge.net/tracker/?func=detail&atid=211118&aid=629518&group_id=11118.Cookies can be + set in several ways. The classic method is via the + Set-Cookie HTTP header. This is straightforward, and an + easy one to manipulate, such as the Privoxy work with other -proxies like concept of + session-cookies-only. + There is also the possibility of using + Javascript to + set cookies (Squid?Privoxy calls these content-cookies). This + is trickier because the syntax can vary widely, and thus requires a certain + amount of guesswork. It is not realistic to catch all of these short of + disabling Javascript, which would break many sites. And lastly, if the + cookies are embedded in a HTTPS/SSL secure session via Javascript, they are beyond + Privoxy's reach.
This can be done. See the All in all, Privoxy can help manage cookies in general, can help minimize + the loss of privacy posed by cookies, but can't realistically stop all + cookies.
No, in fact there are many beneficial uses of + user manual, - which describes how to do this.
cookies. Cookies are just a + method that browsers can use to store data between pages, or between browser + sessions. Sometimes there is a good reason for this, and the user's life is a + bit easier as a result. But there is a long history of some websites taking + advantage of this layer of trust, and using the data they glean from you and + your browsing habits for their own purposes, and maybe to your potential + detriment. Such sites are using you and storing their data on your system. + That is why the security conscious watch from whom those cookies come, and why + they really need to be there.See the + Wikipedia cookie + definition for more.
There are several actions that relate to cookies. The default behavior is to + allow only "transparent" proxy?"session cookies", which means the cookies only last + for the current browser session. This eliminates most kinds of abuse related + to cookies. But there may be cases where we want cookies to last.
No, To disable all cookie actions, so that cookies are allowed unrestricted, + both in and out, for example.com:
{ -crunch-incoming-cookies -crunch-outgoing-cookies -session-cookies-only -filter{content-cookies} }
+ .example.com |
Place the above in user.action. Note some of these may + be off by default anyway, so this might be redundant, but there is no harm + being explicit in what you want to happen. user.action + includes an alias for this situation, called + allow-all-cookies.
Each instance of Privoxy currently does not have this ability, - though it is planned for a future release. Transparent proxies require - special handling of the request headers beyond what - has its own + configuration, including such attributes as the TCP port that it listens on. + What you can do is run multiple instances of Privoxy is now capable of.
, each with + a unique listen-address and configuration path, and then + each of these can have their own configurations. Think of it as per-port + configuration.Chaining + Simple enough for a few users, but for large installations, consider having + groups of users that might share like configurations.
Sure. There are a couple of things you can do for simple whitelisting. + Here's one real easy one:
############################################################
+ # Blacklist
+ ############################################################
+ { +block }
+ / # Block *all* URLs
+
+ ############################################################
+ # Whitelist
+ ############################################################
+ { -block }
+ kids.example.com
+ toys.example.com
+ games.example.com |
This allows access to only those three sites.
A more interesting approach is Privoxy with another proxy that has - this ability should work though. - See the Privoxy's + trustfile concept, which incorporates the notion of + "trusted referrers". See the user - manual, which describes this, and also User Manual Trust + documentation.
These are fairly simple approaches and are not completely foolproof. There + are various other configuration options that should be disabled (described + elsewhere here and in http://www.transproxy.nlc.net.au/.
the User Manual) + so that users can't modify their own configuration and easily circumvent the + whitelist.