X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=doc%2Fwebserver%2Fuser-manual%2Factions-file.html;h=17f6e835725614bf6c13482f25ea90e2eec84800;hp=cbffcee712ef30e84850927870b542f02ef159db;hb=1c4bd7276a5f733e283c0484803bfca670f76654;hpb=6d810395712f0337682205c4ea304009c86c128f diff --git a/doc/webserver/user-manual/actions-file.html b/doc/webserver/user-manual/actions-file.html index cbffcee7..17f6e835 100644 --- a/doc/webserver/user-manual/actions-file.html +++ b/doc/webserver/user-manual/actions-file.html @@ -2,38 +2,27 @@ Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
-- Privoxy 3.0.18 User Manual + Privoxy 3.0.26 User Manual | ||
---|---|---|
- Table 1. Default Configurations + +
+ Table 1. Default Configurations
+ Warning + | +
+ + This is an experimental feature. The syntax is likely to + change in future versions. + + |
+
+ Client tag patterns are not set based on HTTP headers but based + on the client's IP address. Users can enable them themselves, but + the Privoxy admin controls which tags are available and what + their effect is. +
++ After a client-specific tag has been defined with the client-specific-tag, + directive, action sections can be activated based on the tag by + using a CLIENT-TAG pattern. The CLIENT-TAG pattern is evaluated + at the same priority as URL patterns, as a result the last + matching pattern wins. Tags that are created based on client or + server headers are evaluated later on and can overrule CLIENT-TAG + and URL patterns! +
++ The tag is set for all requests that come from clients that + requested it to be set. Note that "clients" are differentiated by + IP address, if the IP address changes the tag has to be requested + again. +
++ Clients can request tags to be set by using the CGI interface http://config.privoxy.org/client-tags. +
++ Example: +
++
+
++# If the admin defined the client-specific-tag circumvent-blocks, +# and the request comes from a client that previously requested +# the tag to be set, overrule all previous +block actions that +# are enabled based on URL to CLIENT-TAG patterns. +{-block} +CLIENT-TAG:^circumvent-blocks$ + +# This section is not overruled because it's located after +# the previous one. +{+block{Nobody is supposed to request this.}} +example.org/blocked-example-page ++ |
+
-+add-header{X-User-Tracking: sucks} +# Add a DNT ("Do not track") header to all requests, +# event to those that already have one. +# +# This is just an example, not a recommendation. +# +# There is no reason to believe that user-tracking websites care +# about the DNT header and depending on the User-Agent, adding the +# header may make user-tracking easier. +{+add-header{DNT: 1}} +/
- Parameterized. + Multi-value.
- If the request URL gets changed, Privoxy will detect that and use the new one. This can be used to rewrite the request destination behind the client's back, for example to @@ -1511,7 +1617,7 @@ class="REPLACEABLE">param,
- Parameterized. + Multi-value.
+
+
++# Tag all requests with the Range header set +{+client-header-tagger{range-requests}} +/ + +# Disable filtering for the tagged requests. +# +# With filtering enabled Privoxy would remove the Range headers +# to be able to filter the whole response. The downside is that +# it prevents clients from resuming downloads or skipping over +# parts of multimedia files. +{-filter -deanimate-gifs} +TAG:^RANGE-REQUEST$ + |
+ Warning + | +
+ + Currently external filters are executed with Privoxy's privileges. + Only use external filters you understand and trust. + + |
+
+ This feature is experimental, the syntax + may change in the future. +
++
+
+++external-filter{fancy-filter} ++ |
+
- Parameterized. + Multi-value.
- Compressed content can't be filtered either, unless Privoxy is compiled with zlib - support (requires at least Privoxy 3.0.7), in which case Privoxy will decompress the - content before filtering it. + support and a supported compression algorithm is used (gzip + or deflate), Privoxy can + first decompress the content and then filter it.
If you use a Privoxy @@ -2649,7 +2900,7 @@ problem-host.example.com
-+filter{js-events} # Kill all JS event bindings and timers (Radically destructive! Only for extra nasty sites). ++filter{js-events} # Kill JavaScript event bindings and timers (Radically destructive! Only for extra nasty sites).
-+filter{refresh-tags} # Kill automatic refresh tags (for dial-on-demand setups). ++filter{refresh-tags} # Kill automatic refresh tags if refresh time is larger than 9 seconds.
-+filter{unsolicited-popups} # Disable only unsolicited pop-up windows. Useful if your browser lacks this ability. ++filter{unsolicited-popups} # Disable only unsolicited pop-up windows.
-+filter{all-popups} # Kill all popups in JavaScript and HTML. Useful if your browser lacks this ability. ++filter{all-popups} # Kill all popups in JavaScript and HTML.
+++filter{iframes} # Removes all detected iframes. Should only be enabled for individual sites. ++ |
+
- Multi-value. + Parameterized.
+ "forward-webserver + 127.0.0.1:80" to use the HTTP server listening + at 127.0.0.1 port 80 without adjusting the request + headers. +
++ This makes it more convenient to use Privoxy to make + existing websites available as onion services as well. +
++ Many websites serve content with hardcoded URLs and + can't be easily adjusted to change the domain based on + the one used by the client. +
++ Putting Privoxy between Tor and the webserver (or an + stunnel that forwards to the webserver) allows to + rewrite headers and content to make client and server + happy at the same time. +
++ Using Privoxy for webservers that are only reachable + through onion addresses and whose location is supposed + to be secret is not recommended and should not be + necessary anyway. +
+-# Always use direct connections for requests previously tagged as +# Use an ssh tunnel for requests previously tagged as # "User-Agent: fetch libfetch/2.0" and make sure # resuming downloads continues to work. +# # This way you can continue to use Tor for your normal browsing, # without overloading the Tor network with your FreeBSD ports updates # or downloads of bigger files like ISOs. +# # Note that HTTP headers are easy to fake and therefore their # values are as (un)trustworthy as your clients and users. -{+forward-override{forward .} \ +{+forward-override{forward-socks5 10.0.0.2:2222 .} \ -hide-if-modified-since \ -overwrite-last-modified \ } @@ -3218,7 +3515,7 @@ TAG:^User-Agent: fetch libfetch/2\.0$- 8.5.18. + 8.5.19. handle-as-empty-document
@@ -3311,7 +3608,7 @@ example.org/.*\.js$- 8.5.19. handle-as-image + 8.5.20. handle-as-image
@@ -3415,7 +3712,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
- 8.5.20. hide-accept-language + 8.5.21. hide-accept-language
@@ -3512,7 +3809,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
- 8.5.21. + 8.5.22. hide-content-disposition
@@ -3617,7 +3914,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash- 8.5.22. + 8.5.23. hide-if-modified-since
@@ -3721,7 +4018,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash- 8.5.23. hide-from-header + 8.5.24. hide-from-header
@@ -3812,7 +4109,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
- 8.5.24. hide-referrer + 8.5.25. hide-referrer
@@ -3953,7 +4250,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash- 8.5.25. hide-user-agent + 8.5.26. hide-user-agent
@@ -4058,7 +4355,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
- 8.5.26. limit-connect + 8.5.27. limit-connect
@@ -4152,7 +4449,106 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
+- 8.5.27. prevent-compression + 8.5.28. limit-cookie-lifetime +
++++
+- + Typical use: +
+- +
++ Limit the lifetime of HTTP cookies to a couple of minutes + or hours. +
+- + Effect: +
+- +
++ Overwrites the expires field in Set-Cookie server headers + if it's above the specified limit. +
+- + Type: +
+- +
++ Parameterized. +
+- + Parameter: +
+- +
++ The lifetime limit in minutes, or 0. +
+- + Notes: +
+- +
++ This action reduces the lifetime of HTTP cookies coming + from the server to the specified number of minutes, + starting from the time the cookie passes Privoxy. +
++ Cookies with a lifetime below the limit are not modified. + The lifetime of session cookies is set to the specified + limit. +
++ The effect of this action depends on the server. +
++ In case of servers which refresh their cookies with each + response (or at least frequently), the lifetime limit set + by this action is updated as well. Thus, a session + associated with the cookie continues to work with this + action enabled, as long as a new request is made before the + last limit set is reached. +
++ However, some servers send their cookies once, with a + lifetime of several years (the year 2037 is a popular + choice), and do not refresh them until a certain event in + the future, for example the user logging out. In this case + this action may limit the absolute lifetime of the session, + even if requests are made frequently. +
++ If the parameter is "0", this + action behaves like session-cookies-only. +
+- + Example usages: +
+- +
++
++
++ ++ +++limit-cookie-lifetime{60} + ++++ 8.5.29. prevent-compression
@@ -4274,7 +4670,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
- 8.5.28. + 8.5.30. overwrite-last-modified
@@ -4389,7 +4785,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash- 8.5.29. redirect + 8.5.31. redirect
@@ -4438,10 +4834,20 @@ nasty-banner-server.example.com/junk.cgi\?output=trash single pcrs command to the original URL.
- This action will be ignored if you use it together with block. It can be - combined with filter file section. +
++ Requests can't be blocked and redirected at the same time, + applying this action together with block is a + configuration error. Currently the request is blocked and + an error message logged, the behavior may change in the + future and result in Privoxy rejecting the action file. +
++ This action can be combined with fast-redirects{check-decoded-url} to redirect to a decoded version of a rewritten URL.
@@ -4472,9 +4878,9 @@ nasty-banner-server.example.com/junk.cgi\?output=trash example.com/stylesheet\.css # Create a short, easy to remember nickname for a favorite site -# (relies on the browser accept and forward invalid URLs to Privoxy) -{ +redirect{http://www.privoxy.org/user-manual/actions-file.html} } +{ +redirect{https://www.privoxy.org/user-manual/actions-file.html} } a # Always use the expanded view for Undeadly.org articles @@ -4491,6 +4897,19 @@ undeadly.org/cgi\?action=article&sid=\d*$ {+redirect{s@^http://[^/]*/results\.aspx\?q=([^&]*).*@http://search.yahoo.com/search?p=$1@}} search.msn.com//results\.aspx\?q= +# Redirect http://example.com/&bla=fasel&toChange=foo (and any other value but "bar") +# to http://example.com/&bla=fasel&toChange=bar +# +# The URL pattern makes sure that the following request isn't redirected again. +{+redirect{s@toChange=[^&]+@toChange=bar@}} +example.com/.*toChange=(?!bar) + +# Add a shortcut to look up illumos bugs +{+redirect{s@^http://i([0-9]+)/.*@https://www.illumos.org/issues/$1@}} +# Redirected URL = http://i4974/ +# Redirect Destination = https://www.illumos.org/issues/4974 +i[0-9][0-9][0-9][0-9]*/ + # Redirect remote requests for this manual # to the local version delivered by Privoxy {+redirect{s@^http://www@http://config@}} @@ -4505,7 +4924,7 @@ www.privoxy.org/user-manual/- 8.5.30. server-header-filter + 8.5.32. server-header-filter
@@ -4532,7 +4951,7 @@ www.privoxy.org/user-manual/
- Parameterized. + Multi-value.
- @@ -4591,7 +5010,7 @@ example.org/instance-that-is-delivered-as-xml-but-is-not
- 8.5.31. server-header-tagger + 8.5.33. server-header-tagger
@@ -4618,7 +5037,7 @@ example.org/instance-that-is-delivered-as-xml-but-is-not
- Parameterized. + Multi-value.
- @@ -4667,6 +5086,15 @@ example.org/instance-that-is-delivered-as-xml-but-is-not {+server-header-tagger{content-type}} / +# If the response has a tag starting with 'image/' enable an external +# filter that only applies to images. +# +# Note that the filter is not available by default, it's just a +# silly example. +{+external-filter{rotate-image} +force-text-mode} +TAG:^image/ +
Note that many of these actions have the potential to cause a @@ -5134,7 +5562,7 @@ href="actions-file.html#CRUNCH-OUTGOING-COOKIES">crunch-outgoing-cookies
Remember all actions @@ -5188,7 +5616,7 @@ href="actions-file.html#CRUNCH-OUTGOING-COOKIES">crunch-outgoing-cookies
If you aren't a developer, there's no need for you to edit the @@ -5575,7 +6003,7 @@ wiki.
So far we are painting with a broad brush by setting general @@ -5902,7 +6330,7 @@ stupid-server.example.com/