X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=doc%2Fwebserver%2Ffaq%2Ftrouble.html;h=236c34aeda381cc6ff26d440638384599ecce743;hp=78ae7759272864390884cca9a31764282bc94a72;hb=2da7c5e4fb2bd663ff7118bbabd2f0f4b3ea98dc;hpb=c07b987d0ff476c26500a0641baa0b8a42ce19de diff --git a/doc/webserver/faq/trouble.html b/doc/webserver/faq/trouble.html index 78ae7759..236c34ae 100644 --- a/doc/webserver/faq/trouble.html +++ b/doc/webserver/faq/trouble.html @@ -84,7 +84,7 @@ CLASS="SECT2" >

5.1. I cannot connect to any websites. Or, I am getting

5.3. I just added a new rule, but the steenkin ad is still getting through. How?

This can be caused by a problem with the local HOSTShosts file. If this file has been changed from the original, try reverting it to see if that helps. Make sure whatever name(s) are used for the local system, @@ -1042,6 +1042,176 @@ CLASS="APPLICATION" >Privoxy 3.0.9, zlib support is enabled in the default builds.

5.21. On some HTTPS sites my browser warns me about unauthenticated content, + the URL bar doesn't get highlighted and the lock symbol appears to be broken. + What's going on?

Probably the browser is requesting ads through HTTPS and Privoxy + is blocking the requests. Privoxy's error messages are delivered + unencrypted and while it's obvious for the browser that the HTTPS + request is already blocked by the proxy, some warn about unauthenticated + content anyway.

To work around the problem you can redirect those requests to an invalid + local address instead of blocking them. While the redirects aren't + encrypted either, many browsers don't care. They simply follow the + redirect, fail to reach a server and display an error message instead + of the ad.

To do that, enable logging to figure out which requests get blocked by + Privoxy and add the hosts (no path patterns) to a section like this:

{+redirect{http://127.0.0.1:0/} -block -limit-connect}
+.ivwbox.de:443/

Additionally you have to configure your browser to contact + "127.0.0.1:0" directly (instead of through Privoxy).

To add a proxy exception in Mozilla Firefox + open the "Preferences", click the "Settings" + button located on the "Network" tab in the "Advanced" + section, and add "127.0.0.1:0" in the "No Proxy for:" + field.

5.22. I get selinux error messages. How can I fix this?

Please report the problem to the creator of your selinux policies.

The problem is that some selinux policy writers aren't familiar + with the application they are trying to "secure" and + thus create policies that make no sense.

In Privoxy's case the problem usually + is that the policy only allows outgoing connections for certain + destination ports (e.g. 80 and 443). While this may cover the + standard ports, websites occasionally use other ports as well. + This isn't a security problem and therefore Privoxy's + default configuration doesn't block these requests.

If you really want to block these ports (and don't be able + to load websites that don't use standard ports), you should + configure Privoxy to block these ports as well, so it doesn't + trigger the selinux warnings.

5.23. I compiled Privoxy with Gentoo's portage and it appears to be very slow. Why?

Probably you unintentionally compiled Privoxy without threading support + in which case requests have to be serialized and only one can be served + at the same time.

Check your "USE" flags and make sure they include + "threads". If they don't, add the flag and rebuild Privoxy.

If you compiled Privoxy with threading support (on POSIX-based systems), + the "Conditional #defines" section on http://config.privoxy.org/show-status + will list "FEATURE_PTHREAD" as "enabled".