X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=doc%2Fwebserver%2Fuser-manual%2Factions-file.html;h=1e2b7341a426936c2e8265fbd3c97c2e9de39be0;hp=da7401d603e825fd587ba0b389c83d0ef1dfb0cd;hb=873efe14859c0fb3f53a905eb346c36cf5fe7eda;hpb=ba8c8fd40fb5e150e24819471977f46172acbae6 diff --git a/doc/webserver/user-manual/actions-file.html b/doc/webserver/user-manual/actions-file.html index da7401d6..1e2b7341 100644 --- a/doc/webserver/user-manual/actions-file.html +++ b/doc/webserver/user-manual/actions-file.html @@ -4,7 +4,7 @@ Actions Files - + @@ -15,7 +15,7 @@
- + @@ -73,7 +73,7 @@

The default profiles, and their associated actions, as pre-defined in default.action are:

- +

Table 1. Default Configurations

Privoxy 3.0.28 User ManualPrivoxy 3.0.30 User Manual
Prev
@@ -271,7 +271,7 @@ already!

The pattern matching syntax is different for the host and path parts of the URL. The host part uses a simple globbing type matching technique, while the path part uses more flexible "Regular + "https://en.wikipedia.org/wiki/Regular_expressions" target="_top">"Regular Expressions" (POSIX 1003.2).

The port part of a pattern is a decimal port number preceded by a colon (:). If the host part contains a numerical IPv6 address, it has to be put into angle brackets (<, @@ -363,7 +363,7 @@

Additionally, there are wild-cards that you can use in the domain names themselves. These work similarly to shell globbing type wild-cards: "*" represents zero or more arbitrary characters - (this is equivalent to the "Regular Expression" based syntax of ".*"), "?" represents any single character (this is equivalent to the regular expression syntax of a simple "."), and you can define "character @@ -394,11 +394,14 @@

While flexible, this is not the sophistication of full regular expression based syntax.

+

When compiled with FEATURE_PCRE_HOST_PATTERNS patterns can be prefixed with "PCRE-HOST-PATTERN:" in which case full regular expression (PCRE) can be used for the host + pattern as well.

8.4.2. The Path Pattern

Privoxy uses "modern" POSIX 1003.2 "Regular + "https://en.wikipedia.org/wiki/Regular_expressions" target="_top">"Regular Expressions" for matching the path portion (after the slash), and is thus more flexible.

There is an Appendix with a brief quick-start into regular expressions, you also might want to have a look at your operating system's documentation on regular expressions (try @@ -822,6 +825,13 @@ example.org/blocked-example-page

If the request URI gets changed, Privoxy will detect that and use the new one. This can be used to rewrite the request destination behind the client's back, for example to specify a Tor exit relay for certain requests.

+

Note that to change the destination host for https-inspected requests a protocol and host has to be added to + the URI.

+

If https inspection is enabled, the protocol can be + downgraded from https to http but upgrading a request from http to https is currently not supported.

+

After detecting a rewrite, Privoxy does not update the actions used + for the request based on the new host.

Please refer to the filter file chapter to learn which client-header filters are available by default, and how to create your own.

@@ -841,7 +851,55 @@ example.org/blocked-example-page
-

8.5.5. client-header-tagger

+

8.5.5. client-body-filter

+
+
+
Typical use:
+
+

Rewrite or remove client request body.

+
+
Effect:
+
+

All request bodies to which this action applies are filtered on-the-fly through the specified regular + expression based substitutions.

+
+
Type:
+
+

Multi-value.

+
+
Parameter:
+
+

The name of a client-body filter, as defined in one of the filter + files.

+
+
Notes:
+
+

Please refer to the filter file chapter to learn how to create your own + client-body filters.

+

The distribution default.filter file contains a selection of client-body + filters for example purposes.

+

The amount of data that can be filtered is limited by the buffer-limit option in the main config + file. The default is 4096 KB (4 Megs). Once this limit is exceeded, the whole request body is passed + through unfiltered.

+
+
Example usage (section):
+
+
+ + + +
+ 
# Remove "test" everywhere in the request body
+{+client-body-filter{remove-test}}
+/
+
+ + +
+ +
+

8.5.6. client-header-tagger

Typical use:
@@ -939,7 +997,7 @@ TAG:^IP-ADDRESS: 10\.0\.0\.1$
-

8.5.6. +

8.5.7. content-type-overwrite

@@ -1008,7 +1066,7 @@ www.example.net/.*style

-

8.5.7. crunch-client-header

+

8.5.8. crunch-client-header

Typical use:
@@ -1067,7 +1125,7 @@ www.example.net/.*style
-

8.5.8. crunch-if-none-match

+

8.5.9. crunch-if-none-match

Typical use:
@@ -1119,7 +1177,7 @@ www.example.net/.*style
-

8.5.9. +

8.5.10. crunch-incoming-cookies

@@ -1165,7 +1223,7 @@ www.example.net/.*style

-

8.5.10. +

8.5.11. crunch-server-header

@@ -1225,7 +1283,7 @@ www.example.net/.*style

-

8.5.11. +

8.5.12. crunch-outgoing-cookies

@@ -1270,7 +1328,7 @@ www.example.net/.*style

-

8.5.12. deanimate-gifs

+

8.5.13. deanimate-gifs

Typical use:
@@ -1313,7 +1371,7 @@ www.example.net/.*style
-

8.5.13. delay-response

+

8.5.14. delay-response

Typical use:
@@ -1356,7 +1414,7 @@ www.example.net/.*style
-

8.5.14. +

8.5.15. downgrade-http-version

@@ -1403,7 +1461,7 @@ problem-host.example.com

-

8.5.15. external-filter

+

8.5.16. external-filter

Typical use:
@@ -1465,7 +1523,7 @@ problem-host.example.com
-

8.5.16. fast-redirects

+

8.5.17. fast-redirects

Typical use:
@@ -1524,7 +1582,7 @@ problem-host.example.com

To detect a redirection URL, fast-redirects only looks for the string "http://", either in plain text (invalid but often used) or encoded as "http%3a//". Some sites use their own URL encoding scheme, encrypt the address - of the target server or replace it with a database id. In theses cases fast-redirects is fooled and the request reaches the redirection server where it probably gets logged.

@@ -1546,7 +1604,7 @@ problem-host.example.com
-

8.5.17. filter

+

8.5.18. filter

Typical use:
@@ -1584,11 +1642,11 @@ problem-host.example.com completely rendered doesn't change much, but it may be perceived as slower since the page is not incrementally displayed.) This effect will be more noticeable on slower connections.

"Rolling your own" filters requires a knowledge of "Regular - Expressions" and "Regular + Expressions" and "HTML". This is very powerful feature, and potentially very intrusive. Filters should be used with caution, and where an equivalent "action" is not available.

-

The amount of data that can be filtered is limited to the The amount of data that can be filtered is limited by the buffer-limit option in the main config file. The default is 4096 KB (4 Megs). Once this limit is exceeded, the buffered data, and all pending data, is passed through unfiltered.

@@ -1820,6 +1878,15 @@ problem-host.example.com +

+ + + + +
+ 
+filter{github}              # Removes the annoying "Sign-Up" banner and the Cookie disclaimer.
+

@@ -1829,6 +1896,14 @@ problem-host.example.com
+

+ + + + +
+ 
+filter{imdb}                # Removes some ads on IMDb.
+

@@ -1856,12 +1931,21 @@ problem-host.example.com
+

+ + + + +
+ 
+filter{sourceforge}         # Reduces the amount of ads for proprietary software on SourceForge.
+
-

8.5.18. force-text-mode

+

8.5.19. force-text-mode

Typical use:
@@ -1918,7 +2002,7 @@ problem-host.example.com
-

8.5.19. forward-override

+

8.5.20. forward-override

Typical use:
@@ -2025,7 +2109,7 @@ TAG:^User-Agent: fetch libfetch/2\.0$
-

8.5.20. +

8.5.21. handle-as-empty-document

@@ -2078,7 +2162,7 @@ example.org/.*\.js$

-

8.5.21. handle-as-image

+

8.5.22. handle-as-image

Typical use:
@@ -2138,7 +2222,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
-

8.5.22. +

8.5.23. hide-accept-language

@@ -2191,7 +2275,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash

-

8.5.23. +

8.5.24. hide-content-disposition

@@ -2247,7 +2331,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash

-

8.5.24. +

8.5.25. hide-if-modified-since

@@ -2306,7 +2390,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash

-

8.5.25. hide-from-header

+

8.5.26. hide-from-header

Typical use:
@@ -2357,7 +2441,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
-

8.5.26. hide-referrer

8.5.27. hide-referrer
@@ -2438,7 +2522,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
-

8.5.27. hide-user-agent

+

8.5.28. hide-user-agent

Typical use:
@@ -2482,7 +2566,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash occasionally useful to forge this in order to access sites that won't let you in otherwise (though there may be a good reason in some cases).

More information on known user-agent strings can be found at http://www.user-agents.org/ and http://www.user-agents.org/ and http://en.wikipedia.org/wiki/User_agent.

Example usage:
@@ -2490,7 +2574,8 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
- 
+hide-user-agent{Netscape 6.1 (X11; I; Linux 2.4.18 i686)}
+ 
+hide-user-agent{Mozilla/5.0 (X11; ElectroBSD i386; rv:78.0) Gecko/20100101 Firefox/78.0}
@@ -2499,7 +2584,101 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
-

8.5.28. limit-connect

+

8.5.29. https-inspection

+
+
+
Typical use:
+
+

Filter encrypted requests and responses

+
+
Effect:
+
+

Encrypted requests are decrypted, filtered and forwarded encrypted.

+
+
Type:
+
+

Boolean.

+
+
Parameter:
+
+

N/A

+
+
Notes:
+
+

This action allows Privoxy to filter encrypted requests and + responses. For this to work Privoxy has to generate a certificate and + send it to the client which has to accept it.

+

Before this works the directives in the HTTPS inspection section of the config + file have to be configured.

+

Note that the action has to be enabled based on the CONNECT request which doesn't contain a path. + Enabling it based on a pattern with path doesn't work as the path is only seen by Privoxy if the action is already enabled.

+

This is an experimental feature.

+
+
Example usage (section):
+
+ + + + +
+ 
{+https-inspection}
+www.example.com
+
+
+
+
+
+
+

8.5.30. + ignore-certificate-errors

+
+
+
Typical use:
+
+

Filter encrypted requests and responses without verifying the certificate

+
+
Effect:
+
+

Encrypted requests are forwarded to sites without verifying the certificate.

+
+
Type:
+
+

Boolean.

+
+
Parameter:
+
+

N/A

+
+
Notes:
+
+

When the "+https-inspection" action is used Privoxy by default + verifies that the remote site uses a valid certificate.

+

If the certificate can't be validated by Privoxy the connection is + aborted.

+

This action disables the certificate check so requests to sites with certificates that can't be + validated are allowed.

+

Note that enabling this action allows Man-in-the-middle attacks.

+
+
Example usage:
+
+ + + + +
+ 
    {+ignore-certificate-errors}
+    www.example.org
+
+
+
+
+
+
+
+

8.5.31. limit-connect

Typical use:
@@ -2551,7 +2730,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
-

8.5.29. +

8.5.32. limit-cookie-lifetime

@@ -2603,7 +2782,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash

-

8.5.30. prevent-compression

+

8.5.33. prevent-compression

Typical use:
@@ -2641,8 +2820,9 @@ nasty-banner-server.example.com/junk.cgi\?output=trash action settings.

Note that some (rare) ill-configured sites don't handle requests for uncompressed documents correctly. Broken PHP applications tend to send an empty document body, some IIS versions only send the beginning of - the content. If you enable prevent-compression per default, you might want to - add exceptions for those sites. See the example for how to do that.

+ the content and some content delivery networks let the connection time out. If you enable prevent-compression per default, you might want to add exceptions for those sites. See the + example for how to do that.

Example usage (sections):
@@ -2674,7 +2854,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
-

8.5.31. +

8.5.34. overwrite-last-modified

@@ -2736,7 +2916,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash

-

8.5.32. redirect

+

8.5.35. redirect

Typical use:
@@ -2816,6 +2996,10 @@ example.com/.*toChange=(?!bar) # Redirect Destination = https://www.illumos.org/issues/4974 i[0-9][0-9][0-9][0-9]*/ +# Redirect requests for the old Tor Hidden Service of the Privoxy website to the new one +{+redirect{s@^http://jvauzb4sb3bwlsnc.onion/@http://l3tczdiiwoo63iwxty4lhs6p7eaxop5micbn7vbliydgv63x5zrrrfyd.onion/@}} +jvauzb4sb3bwlsnc.onion/ + # Redirect remote requests for this manual # to the local version delivered by Privoxy {+redirect{s@^http://www@http://config@}} @@ -2828,7 +3012,7 @@ www.privoxy.org/user-manual/
-

8.5.33. +

8.5.36. server-header-filter

@@ -2878,7 +3062,7 @@ example.org/instance-that-is-delivered-as-xml-but-is-not

-

8.5.34. +

8.5.37. server-header-tagger

@@ -2935,7 +3119,45 @@ TAG:^image/

-

8.5.35. +

8.5.38. suppress-tag

+
+
+
Typical use:
+
+

Suppress client or server tag.

+
+
Effect:
+
+

Server or client tags to which this action applies are not added to the request, thus making all + actions that are specific to these request tags inactive.

+
+
Type:
+
+

Multi-value.

+
+
Parameter:
+
+

The result tag of a server-header or client-header tagger, as defined in one of the filter files.

+
+
Example usage (section):
+
+ + + + +
+ 
# Suppress tag produced by range-requests client-header tagger for requests coming from address 10.0.0.1
+{+suppress-tag{RANGE-REQUEST}}
+TAG:^IP-ADDRESS: 10\.0\.0\.1$
+
+
+
+
+

+
+

8.5.39. session-cookies-only

@@ -2997,7 +3219,7 @@ TAG:^image/
-

8.5.36. set-image-blocker

+

8.5.40. set-image-blocker

Typical use:
@@ -3086,7 +3308,7 @@ TAG:^image/
-

8.5.37. Summary

+

8.5.41. Summary

Note that many of these actions have the potential to cause a page to misbehave, possibly even not to display at all. There are many ways a site designer may choose to design his site, and what HTTP header content, and other criteria, he may depend on. There is no way to have hard and fast rules for all sites. See