X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=doc%2Fwebserver%2Ffaq%2Fconfiguration.html;h=68d33f080b4e285182468550ae9bbb23336a0cf1;hp=7141571706792afbdb52bf22b013fdbb7d75321c;hb=HEAD;hpb=3f4a348f6551cd8d03e1029e9fde113212e0cdb4 diff --git a/doc/webserver/faq/configuration.html b/doc/webserver/faq/configuration.html index 71415717..68d33f08 100644 --- a/doc/webserver/faq/configuration.html +++ b/doc/webserver/faq/configuration.html @@ -1,1798 +1,541 @@ - -
Privoxy utilizes the concept of " actions" - that are used to manipulate and control web page data. - Actions files - are where these actions - that Privoxy could take while processing a certain - request, are configured. Typically, you would define a set of default actions - that apply globally to all URLs, then add exceptions to these defaults where needed. - There is a wide array of actions available that give the user a high degree - of control and flexibility on how to process each and every web page.
Actions can be defined on a URL pattern basis, i.e. - for single URLs, whole web sites, groups or parts thereof etc. Actions can also be - grouped together and then applied to requests matching one or more patterns. - There are many possible actions that might apply to any given site. As an example, - if you are blocking cookies - as one of your default actions, but need to accept cookies from a given site, - you would need to define an exception for this site in one of your actions - files, preferably in user.action.
For a comprehensive discussion of the actions concept, please refer - to the actions file - chapter in the User - Manual. It includes a list of all actions - and an actions - file tutorial to get you started.
Actions files are just text files in a special syntax and can be edited - with a text editor. But probably the easiest way is to access - Privoxy's user interface with your web browser - at http://config.privoxy.org/ - (Shortcut: http://p.p/) and then select - "View & - change the current configuration" from the menu. Note - that this feature must be explicitly enabled in the main config file - (see enable-edit-actions).
Three actions files - are being included by the developers, to be used for - different purposes: These are - default.action, the "main" actions file - which is actively maintained by the Privoxy - developers and typically sets the default policies, user.action, where users are encouraged - to make their private customizations, and standard.action, - which is for internal Privoxy use only. - Please see the actions chapter - in the User Manual for a more - detailed explanation.
Earlier versions included three different versions of the - default.action file. The new scheme allows for - greater flexibility of local configuration, and for browser based - selection of pre-defined "aggressiveness" levels.
Based on your feedback and the continuing development, updates of - default.action will be - made available from time to time on the files section of - our project page. -
If you wish to receive an email notification whenever we release updates of - Privoxy or the actions file, subscribe - to our announce mailing list, ijbswa-announce@lists.sourceforge.net. -
The syntax and purpose of configuration files has remained roughly the - same throughout the 3.x series, but backwards compatibility is not guaranteed. - Also each release contains updated, "improved" versions and it is - therefore strongly recommended to install the newer configuration files - and merge back your modifications. -
"Complicated" is in the eye of the beholder. Those that are - familiar with some of the underlying concepts, such as regular expression - syntax, take to it like a fish takes to water. Also, software that tries - hard to be "user friendly", often lacks sophistication and - flexibility. There is always that trade-off there between power vs. - easy-of-use. Furthermore, anyone is welcome to contribute ideas and - implementations to enhance Privoxy. -
The default configuration shouldn't impact the usability of any of these services. - It may, however, make all cookies - temporary, so that your browser will forget your - login credentials in between browser sessions. If you would like not to have to log - in manually each time you access those websites, simply turn off all cookie handling - for them in the user.action file. An example for yahoo might - look like: -
# Allow all cookies for Yahoo login: -# -{ -crunch-incoming-cookies -crunch-outgoing-cookies -session-cookies-only } -.login.yahoo.com |
These kinds of sites are often quite complex and heavy with - Javascript and - thus "fragile". So if still a problem, - we have an alias just for such - sticky situations: -
# Gmail is a _fragile_ site: -# -{ fragile } - # Gmail is ... - mail.google.com |
Be sure to flush your browser's caches whenever making these kinds of - changes, just to make sure the changes "take". -
Make sure the domain, host and path are appropriate as well. Your browser can - tell you where you are specifically and you should use that information for - your configuration settings. Note that above it is not referenced as - gmail.com, which is a valid domain name. -
Configuring Privoxy is not entirely trivial. To - help you get started, we provide you with three different default action - "profiles" in the web based actions file editor at http://config.privoxy.org/show-status. - See the User - Manual for a list of actions, and how the default - profiles are set. -
Where the defaults are likely to break some sites, exceptions for - known popular "problem" sites are included, but in - general, the more aggressive your default settings are, the more exceptions - you will have to make later. New users are best to start off in - "Cautious" setting. This is safest and will have the fewest - problems. See the User Manual - for a more detailed discussion.
It should be noted that the "Advanced" profile (formerly known - as the "Adventuresome" profile) is more - aggressive, and will make use of some of - Privoxy's advanced features. Use at your own risk!
It may seem strange that regular users can edit the config files with their - browsers, although the whole /etc/privoxy hierarchy - belongs to the user "privoxy", with only 644 permissions. -
When you use the browser-based editor, Privoxy - itself is writing to the config files. Because - Privoxy is running as the user "privoxy", - it can update its own config files. -
If you run Privoxy for multiple untrusted users (e.g. in - a LAN) or aren't entirely in control of your own browser, you will probably want - to make sure that the the web-based editor and remote toggle features are - "off" by setting "enable-edit-actions - 0" and "enable-remote-toggle - 0" in the main configuration file. -
As of Privoxy 3.0.7 these options are disabled by default. -
The default.filter - file is where filters as supplied by the developers are defined. - Filters are a special subset of actions that can be used to modify or - remove web page content or headers on the fly. Content filters can - be applied to anything in the page source, - header filters can be applied to either server or client headers. - Regular expressions are used to accomplish this.
There are a number of pre-defined filters to deal with common annoyances. The - filters are only defined here, to invoke them, you need to use the - filter - action in one of the actions files. Content filtering is automatically - disabled for inappropriate MIME types, but if you now better than Privoxy - what should or should not be filtered you can filter any content you like.
Filters should - not be confused with blocks, which - is a completely different action, and is more typically used to block ads and - unwanted sites.
If you are familiar with regular expressions, and HTML, you can look at - the provided default.filter with a text editor and define - your own filters. This is potentially a very powerful feature, but - requires some expertise in both regular expressions and HTML/HTTP. - You should - place any modifications to the default filters, or any new ones you create - in a separate file, such as user.filter, so they won't - be overwritten during upgrades. - The ability to define multiple filter files - in config is a new feature as of v. 3.0.5.
There is no GUI editor option for this part of the configuration, - but you can disable/enable the various pre-defined filters of the included - default.filter file with the web-based actions file editor. - Note that the custom actions editor must be explicitly enabled in - the main config file (see enable-edit-actions).
If you intend to develop your own filters, you might want to have a look at - Privoxy-Filter-Test.
By default, Privoxy only responds to requests - from 127.0.0.1 (localhost). To have it act as a server for - a network, this needs to be changed in the main configuration file. Look for - the listen-address - option, which may be commented out with a "#" symbol. Make sure - it is uncommented, and assign it the address of the LAN gateway interface, - and port number to use. Assuming your LAN address is 192.168.1.1 and you - wish to run Privoxy on port 8118, this line - should look like:
listen-address 192.168.1.1:8118 |
Save the file, and restart Privoxy. Configure - all browsers on the network then to use this address and port number.
Alternately, you can have Privoxy listen on - all available interfaces:
listen-address :8118 |
And then use Privoxy's - permit-access - feature to limit connections. A firewall in this situation is recommended - as well.
The above steps should be the same for any TCP network, regardless of - operating system.
If you run Privoxy on a LAN with untrusted users, - we recommend that you double-check the access control and security - options!
The replacement for blocked images can be controlled with the set-image-blocker - action. You have the choice of a checkerboard pattern, a transparent 1x1 GIF - image (aka "blank"), or a redirect to a custom image of your choice. - Note that this choice only has effect for images which are blocked as images, i.e. - whose URLs match both a handle-as-image - and block action.
If you want to see nothing, then change the set-image-blocker - action to "blank". This can be done by editing the - user.action file, or through the web-based actions file editor.
Remember that telling which image is an ad and which - isn't, is an educated guess. While we hope that the standard configuration - is rather smart, it will make occasional mistakes. The checkerboard image is visually - decent, and it shows you where images have been blocked, which can be very - helpful in case some navigation aid or otherwise innocent image was - erroneously blocked. It is recommended for new users so they can - "see" what is happening. Some people might also enjoy seeing how - many banners they don't have to see.
This happens when the banners are not embedded in the HTML code of the - page itself, but in separate HTML (sub)documents that are loaded into (i)frames - or (i)layers, and these external HTML documents are blocked. Being non-images - they get replaced by a substitute HTML page rather than a substitute image, - which wouldn't work out technically, since the browser expects and accepts - only HTML when it has requested an HTML document.
The substitute page adapts to the available space and shows itself as a - miniature two-liner if loaded into small frames, or full-blown with a - large red "BLOCKED" banner if space allows.
If you prefer the banners to be blocked by images, you must see to it that - the HTML documents in which they are embedded are not blocked. Clicking - the "See why" link offered in the substitute page will show - you which rule blocked the page. After changing the rule and un-blocking - the HTML documents, the browser will try to load the actual banner images - and the usual image blocking will (hopefully!) kick in.
Yes. Version 3.0.5 introduces full Windows service - functionality. See the User Manual for details on how to install and configure - Privoxy as a service.
Earlier 3.x versions could run as a system service using srvany.exe. - See the discussion at http://sourceforge.net/tracker/?func=detail&atid=361118&aid=485617&group_id=11118, - for details, and a sample configuration.
This can be done and is often useful to combine the benefits of - Privoxy with those of a another proxy. - See the forwarding chapter - in the User Manual which - describes how to do this, and the How do I use Privoxy together with - Tor section below.
No, its more complicated than that. This only works with special kinds - of proxies known as "intercepting" proxies (see below).
The whole idea of Privoxy is to modify client requests - and server responses in all sorts of ways and therefore - it's not a transparent proxy as described in - RFC 2616.
However, some people say "transparent proxy" when they - mean "intercepting proxy". If you are one of them, - please read the next entry.
Privoxy can't intercept traffic itself, - but it can handle requests that where intercepted and redirected - with a packet filter (like PF or - iptables), as long as the Host - header is present. -
As the Host header is required by HTTP/1.1 and as most - web sites rely on it anyway, this limitation shouldn't be a problem.
Please refer to your packet filter's documentation to learn how to - intercept and redirect traffic into Privoxy. - Afterward you just have to configure Privoxy to - accept - intercepted requests.
Outlook Express uses Internet Explorer - components to both render HTML, and fetch any HTTP requests that may be embedded in an HTML email. - So however you have Privoxy configured to work - with IE, this configuration should automatically be shared.
The short answer is, you can't. Privoxy has no way - of knowing which particular application makes a request, so there is no way to - distinguish between web pages and HTML mail. - Privoxy just blindly proxies all requests. In the - case of Outlook Express (see above), OE uses - IE anyway, and there is no way for Privoxy to ever - be able to distinguish between them (nor could any other proxy type application for - that matter).
For a good discussion of some of the issues involved (including privacy and - security issues), see - http://sourceforge.net/tracker/?func=detail&atid=211118&aid=629518&group_id=11118.
Cookies can be - set in several ways. The classic method is via the - Set-Cookie HTTP header. This is straightforward, and an - easy one to manipulate, such as the Privoxy concept of - session-cookies-only. - There is also the possibility of using - Javascript to - set cookies (Privoxy calls these content-cookies). This - is trickier because the syntax can vary widely, and thus requires a certain - amount of guesswork. It is not realistic to catch all of these short of - disabling Javascript, which would break many sites. And lastly, if the - cookies are embedded in a HTTPS/SSL secure session via Javascript, they are beyond - Privoxy's reach.
All in all, Privoxy can help manage cookies in general, can help minimize - the loss of privacy posed by cookies, but can't realistically stop all - cookies.
No, in fact there are many beneficial uses of - cookies. Cookies are just a - method that browsers can use to store data between pages, or between browser - sessions. Sometimes there is a good reason for this, and the user's life is a - bit easier as a result. But there is a long history of some websites taking - advantage of this layer of trust, and using the data they glean from you and - your browsing habits for their own purposes, and maybe to your potential - detriment. Such sites are using you and storing their data on your system. - That is why the privacy conscious watch from whom those cookies come, and why - they really need to be there.
See the - Wikipedia cookie - definition for more.
There are several actions that relate to cookies. The default behavior is to - allow only "session cookies", which means the cookies only last - for the current browser session. This eliminates most kinds of abuse related - to cookies. But there may be cases where you want cookies to last.
To disable all cookie actions, so that cookies are allowed unrestricted, - both in and out, for example.com:
{ -crunch-incoming-cookies -crunch-outgoing-cookies -session-cookies-only -filter{content-cookies} } - .example.com |
Place the above in user.action. Note that some of these may - be off by default anyway, so this might be redundant, but there is no harm - being explicit in what you want to happen. user.action - includes an alias for this situation, called - allow-all-cookies.
Each instance of Privoxy has its own - configuration, including such attributes as the TCP port that it listens on. - What you can do is run multiple instances of Privoxy, each with - a unique - listen-address - configuration setting, and configuration path, and then - each of these can have their own configurations. Think of it as per-port - configuration.
- Simple enough for a few users, but for large installations, consider having - groups of users that might share like configurations.
Sure. There are a couple of things you can do for simple white-listing. - Here's one real easy one:
############################################################ - # Blacklist - ############################################################ - { +block } - / # Block *all* URLs - - ############################################################ - # Whitelist - ############################################################ - { -block } + + + ++ |
+
This allows access to only those three sites by first blocking all URLs, and then subsequently allowing three + specific exceptions.
+Another approach is Privoxy's trustfile concept, + which incorporates the notion of "trusted referrers". See the Trust documentation for details.
+These are fairly simple approaches and are not completely foolproof. There are various other configuration + options that should be disabled (described elsewhere here and in the User + Manual) so that users can't modify their own configuration and easily circumvent the whitelist.
+Ad blocking is achieved through a complex application of various Privoxy + actions. These actions are deployed against simple + images, banners, flash animations, text pages, JavaScript, pop-ups and pop-unders, etc., so its not as simple as + just turning one or two actions off. The various actions that make up Privoxy ad + blocking are hard-coded into the default configuration files. It has been assumed that everyone using + Privoxy is interested in this particular feature.
+If you want to do without this, there are several approaches you can take: You can manually undo the many + block rules in default.action. Or even easier, just create your own default.action file from scratch without the many ad blocking rules, and corresponding + exceptions. Or lastly, if you are not concerned about the additional blocks that are done for privacy reasons, + you can very easily over-ride all blocking with the + following very simple rule in your user.action:
+
+ # Unblock everybody, everywhere + { -block } + / # UN-Block *all* URLs+ |
+
Or even a more comprehensive reversing of various ad related actions:
+
+ # Unblock everybody, everywhere, and turn off appropriate filtering, etc + { -block \ + -filter{banners-by-size} \ + -filter{banners-by-link} \ + allow-popups \ + } + / # UN-Block *all* URLs and allow ads+ |
+
This last "action" in this compound statement, allow-popups, is an alias + that disables various pop-up blocking features.
+Privoxy "templates" are specialized text files + utilized by Privoxy for various purposes and can easily be modified using any + text editor. All the template pages are installed in a sub-directory appropriately named: templates. Knowing something about HTML syntax will of course be helpful.
+Be forewarned that the default templates are subject to being overwritten during upgrades. You can, however, + create completely new templates, place them in another directory and specify the alternate path in the main + config. For details, have a look at the templdir option.
+There is more than one way to do it (although Perl is not involved).
+Editing the BLOCKED template page (see above) may dissuade some users, but this method is easily circumvented. + Where you need this level of control, you might want to build Privoxy from + source, and disable various features that are available as compile-time options. You should configure the sources as follows:
+
+ ./configure --disable-toggle --disable-editor --disable-force+ |
+
This will create an executable with hard-coded security features so that Privoxy does not allow easy bypassing of blocked sites, or changing the current + configuration via any connected user's web browser.
+Finally, all of these features can also be toggled on/off via options in Privoxy's main config + file which means you don't have to recompile anything.
+