X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=doc%2Fwebserver%2Fuser-manual%2Factions-file.html;h=2128e6fc4f9c0529999a97115ca43857c872ba30;hp=64c5b9b372ef34a405710643429a66aa64338c4b;hb=3b3e93244ab9a04daf15de964593063779e382ed;hpb=d74ec2c8f9726f42df2ce1e45749d74dee43b781 diff --git a/doc/webserver/user-manual/actions-file.html b/doc/webserver/user-manual/actions-file.html index 64c5b9b3..2128e6fc 100644 --- a/doc/webserver/user-manual/actions-file.html +++ b/doc/webserver/user-manual/actions-file.html @@ -1,13 +1,13 @@ +
The actions files are used to define what actions
+> The actions files are used to define what actions
Privoxy takes for which URLs, and thus determine
+> takes for which URLs, and thus determines
how ad images, cookies and various other aspects of HTTP content and
- transactions are handled, and on which sites (or even parts thereof). There
- are three such files included with There
+ are three action files included with Privoxy
- with differing purposes:
+> with
+ differing purposes:
Privoxy's
Edit Set to Cautious Set to Medium Set to Advanced +
These have increasing levels of aggressiveness and have no influence on your browsing unless - you select them explicitly in the editorand have no + influence on your browsing unless you select them explicitly in the + editor. It is not recommend - to edit this file. +>. A default installation should be pre-set to + Cautious (versions prior to 3.0.5 were set to + Medium). New users should try this for a while before + adjusting the settings to more aggressive levels. The more aggressive + the settings, then the more likelihood there is of problems such as sites + not working as they should. +
The Edit button allows you to turn each + action on/off individually for fine-tuning. The Cautious + button changes the actions list to low/safe settings which will activate + ad blocking and a minimal set of Privoxy's features, and subsequently + there will be less of a chance for accidental problems. The + Medium button sets the list to a medium level of + other features and a low level set of privacy features. The + Advanced button sets the list to a high level of + ad blocking and medium level of privacy. See the chart below. The latter + three buttons over-ride any changes via with the + Edit button. More fine-tuning can be done in the + lower sections of this internal page. +
It is not recommend to edit the standard.action file + itself.
The default profiles, and their associated actions, as pre-defined in @@ -156,7 +259,7 @@ CLASS="FILENAME" >
Feature | Cautious | Medium | Adventuresome | Advanced
---|---|---|---|
Ad-blocking by URL | Ad-blocking Aggressivenessyes | mediumyes | highyes | high
Ad-filtering by size | yes | yes | yes |
GIF de-animation | no | yes | yes |
Referer forging | Ad-filtering by linkno | yes | noyes |
Cookie handling | Pop-up killingnone | blocks onlysession-only | blocks onlykill | blocks only
Pop-up killing | Privacy Featuresunsolicited | lowunsolicited | mediumall | medium/high
Fast redirects | Cookie handlingno | noneno | session-onlyyes | kill
HTML taming | Referer forgingyes | noyes | yes |
JavaScript taming | GIF de-animationyes | noyes | yes |
Web-bug killing | Fast redirectsyes | noyes | noyes |
Fun text replacements | HTML tamingno | no | yes |
Image tag reordering | JavaScript tamingno | no | yes |
Ad-filtering by link | Web-bug killingno | no | yesyes |
Demoronizer | Image tag reorderingno | no | yes |
{ +handle-as-image +block } + # Block these as if they were images. Send no block page. + banners.example.com + media.example.com/.*banners + .example.com/images/ads/ |
You can trace this process for any given URL by visiting You can trace this process for URL patterns and any given URL by visiting http://config.privoxy.org/show-url-info.
More detail on this is provided in the Appendix, Examples and more detail on this is provided in the Appendix, Anatomy of an Action.
Troubleshooting: Anatomy of an Action section.As mentioned, "patterns" - to determine what actions might apply to which sites and pages your browser - attempts to access. These actions might apply to which sites and + pages your browser attempts to access. These "patterns" use wild card type - use wild + card type pattern matching to achieve a high degree of +> matching to achieve a high degree of flexibility. This allows one expression to be expanded and potentially match against many similar patterns.
Generally, a Privoxy pattern has the form +> Generally, an URL pattern has the form <domain>/<path> be included in the pattern. This is assumed already!
The pattern matching syntax is different for the domain and path parts of + the URL. The domain part uses a simple globbing type matching technique, + while the path part uses a more flexible + "Regular + Expressions (PCRE)" based syntax.
matches all the documents on www.example.com + whose name starts with /index.html. +
any web server. +> web server anywhere.
matches nothing, since it would be interpreted as a domain name and +> matches nothing, since it would be interpreted as a domain name and there is no top-level domain called .html. +>. So its + a mistake.
The matching of the domain part offers some flexible options: if the domain starts or ends with a dot, it becomes unanchored at that end. @@ -937,27 +961,63 @@ CLASS="EMPHASIS" > .example. - (Correctly speaking: It matches any FQDN that contains . + And, by the way, also included would be any files or documents that exist + within that domain since no path limitations are specified. (Correctly + speaking: It matches any FQDN that contains example as a domain.) +> as + a domain.) This might be www.example.com, + news.example.de, or + www.example.net/cgi/testing.pl for instance. All these + cases are matched.
Additionally, there are wild-cards that you can use in the domain names - themselves. They work pretty similar to shell wild-cards: "*" - stands for zero or more arbitrary characters, represents zero or more arbitrary characters (this is + equivalent to the + "Regular + Expression" based syntax of ".*"), + "?" stands for - any single character, you can define character classes in square - brackets and all of that can be freely mixed:
represents any single character (this is equivalent to the + regular expression syntax of a simple "."), and you can define + "character classes" in square brackets which is similar to + the same regular expression technique. All of this can be freely mixed:While flexible, this is not the sophistication of full regular expression based syntax.
Privoxy uses Perl compatible regular expressions +> uses Perl compatible (PCRE) + "Regular + Expression" based syntax (through the PCRE library) for - matching the path.
There is an man perlre) useful, which is available on-line at http://www.perldoc.com/perl5.6/pod/perlre.htmlhttp://perldoc.perl.org/perlre.html.
Note that the path pattern is automatically left-anchored at the exactly this capitalization.
Is equivalent to just ".example.com", since any documents + within that domain are matched with or without the ".*" + regular expression. This is redundant +
Will match any page in the domain of "example.com" that is + named "index.html", and that is part of some path. For + example, it matches "www.example.com/testing/index.html" but + NOT "www.example.com/index.html" because the regular + expression called for at least two "/'s", thus the path + requirement. It also would match + "www.example.com/testing/index_html", because of the + special meta-character ".". +
This regular expression is conditional so it will match any page + named "index.html" regardless of path which in this case can + have one or more "/'s". And this one must contain exactly + ".html" (but does not have to end with that!). +
This regular expression will match any path of "example.com" + that contains any of the words "ads", "banner", + "banners" (because of the "?") or "junk". + The path does not have to end in these words, just contain them. +
This is very much the same as above, except now it must end in either + ".jpg", ".jpeg", ".gif" or ".png". So this + one is limited to common image formats. +
There are many, many good examples to be found in default.action, + and more tutorials below in Appendix on regular expressions.
Tag patterns are used to change the applying actions based on the + request's tags. Tags can be created with either the + client-header-tagger + or the server-header-tagger action.
Tag patterns have to start with "TAG:", so Privoxy + can tell them apart from URL patterns. Everything after the colon + including white space, is interpreted as a regular expression with + path pattern syntax, except that tag patterns aren't left-anchored + automatically (Privoxy doesn't silently add a "^", + you have to do it yourself if you need it).
To match all requests that are tagged with "foo" + your pattern line should be "TAG:^foo$", + "TAG:foo" would work as well, but it would also + match requests whose tags contain "foo" somewhere. + "TAG: foo" wouldn't work as it requires white space.
Sections can contain URL and tag patterns at the same time, + but tag patterns are checked after the URL patterns and thus + always overrule them, even if they are located before the URL patterns.
Once a new tag is added, Privoxy checks right away if it's matched by one + of the tag patterns and updates the action settings accordingly. As a result + tags can be used to activate other tagger actions, as long as these other + taggers look for headers that haven't already be parsed.
For example you could tag client requests which use the + POST method, + then use this tag to activate another tagger that adds a tag if cookies + are sent, and then use a block action based on the cookie tag. This allows + the outcome of one action, to be input into a subsequent action. However if + you'd reverse the position of the described taggers, and activated the + method tagger based on the cookie tagger, no method tags would be created. + The method tagger would look for the request line, but at the time + the cookie tag is created, the request line has already been parsed.
While this is a limitation you should be aware of, this kind of + indirection is seldom needed anyway and even the example doesn't + make too much sense.
All actions are disabled by default, until they are explicitly enabled somewhere in an actions file. Actions are turned on if preceded with a @@ -1185,7 +1491,7 @@ CLASS="LITERAL" of the actions file.
- There are three classes of actions:
Example: +hide-user-agent{ Mozilla 1.0 }+hide-user-agent{Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.1.4) Gecko/20070602 Firefox/2.0.0.4} Privoxy would just be a - normal, non-blocking, non-anonymizing proxy. You must specifically enable the + normal, non-blocking, non-filtering proxy. You must specifically enable the privacy and blocking features you need (although the provided default actions files will give a good starting point).
Later defined actions always over-ride earlier ones. So exceptions - to any rules you make, should come in the latter part of the file (or - in a file that is processed later when using multiple actions files). For - multi-valued actions, the actions are applied in the order they are specified. - Actions files are processed in the order they are defined in - Later defined action sections always over-ride earlier ones of the same type. + So exceptions to any rules you make, should come in the latter part of the file (or + in a file that is processed later when using multiple actions files such + as user.action). For multi-valued actions, the actions + are applied in the order they are specified. Actions files are processed in + the order they are defined in config (the default installation has three actions - files). It also quite possible for any given URL pattern to match more than - one pattern and thus more than one set of actions!
(the default + installation has three actions files). It also quite possible for any given + URL to match more than one "pattern" (because of wildcards and + regular expressions), and thus to trigger more than one set of actions! Last + match wins. The list of valid 8.5.1. add-header8.5.1. add-header Block ads or other obnoxious content Requests for URLs to which this action applies are blocked, i.e. the requests are not
- forwarded to the remote server, but answered locally with a substitute page or image,
- as determined by the Requests for URLs to which this action applies are blocked, i.e. the
+ requests are trapped by Privoxy and the requested URL is never retrieved,
+ but is answered locally with a substitute page or image, as determined by
+ the handle-as-image
- and ,
+ set-image-blocker, and
+ handle-as-empty-document actions.
+
The {+block} # Block and replace with "blocked" page
-.nasty-stuff.example.com
+>{+block}
+# Block and replace with "blocked" page
+ .nasty-stuff.example.com
-{+block +handle-as-image} # Block and replace with image
-.ad.doubleclick.net
-.ads.r.us
Stop useless download menus from popping up, or change the browser's rendering mode
Rewrite or remove single client headers. +Replaces the "Content-Type:" HTTP server header. +> All client headers to which this action applies are filtered on-the-fly through + the specified regular expression based substitutions.
Any string. +> The name of a client-header filter, as defined in one of the + filter files.
The "Content-Type:" HTTP server header is used by the - browser to decide what to do with the document. The value of this - header can cause the browser to open a download menu instead of - displaying the document by itself, even if the document's format is - supported by the browser. -
The declared content type can also affect which rendering mode - the browser chooses. If XHTML is delivered as "text/html", - many browsers treat it as yet another broken HTML document. - If it is send as "application/xml", browsers with - XHTML support will only display it, if the syntax is correct. -
If you see a web site that proudly uses XHTML buttons, but sets - "Content-Type: text/html", you can use Privoxy - to overwrite it with "application/xml" and validate - the web master's claim inside your XHTML-supporting browser. - If the syntax is incorrect, the browser will complain loudly. -
You can also go the opposite direction: if your browser prints - error messages instead of rendering a document falsely declared - as XHTML, you can overwrite the content type with - "text/html" and have it rendered as broken HTML document. +> Client-header filters are applied to each header on its own, not to + all at once. This makes it easier to diagnose problems, but on the downside + you can't write filters that only change header x if header y's value is z. + You can do that by using tags though.
By default content-type-overwrite only replaces - "Content-Type:" headers that look like some kind of text. - If you want to overwrite it unconditionally, you have to combine it with - force-text-mode. - This limitation exists for a reason, think twice before circumventing it. +> Client-header filters are executed after the other header actions have finished + and use their output as input.
Most of the time it's easier to enable - filter-server-headers - and replace this action with a custom regular expression. It allows you - to activate it for every document of a certain site and it will still - only replace the content types you aimed at. +> If the request URL gets changed, Privoxy will detect that and use the new + one. This can be used to rewrite the request destination behind the client's + back, for example to specify a Tor exit relay for certain requests.
Of course you can apply content-type-overwrite Please refer to the filter file chapter - to a whole site and then make URL based exceptions, but it's a lot - more work to get the same precision. + to learn which client-header filters are available by default, and how to + create your own.
# Check if www.example.net/ really uses valid XHTML -{+content-type-overwrite {application/xml}} -www.example.net/ -# but leave the content type unmodified if the URL looks like a style sheet -{-content-type-overwrite} -www.example.net/*.\.css$ -www.example.net/*.style{+client-header-filter{hide-tor-exit-notation}} +.exit/ + |
Remove a client header Privoxy has no dedicated action for.
Block requests based on their headers. +Deletes every header send by the client that contains the string the user supplied as parameter. +> Client headers to which this action applies are filtered on-the-fly through + the specified regular expression based substitutions, the result is used as + tag. +
Parameterized.
The name of a client-header tagger, as defined in one of the + filter files. +
Client-header taggers are applied to each header on its own, + and as the header isn't modified, each tagger "sees" + the original. +
Client-header taggers are the first actions that are executed + and their tags can be used to control every other action. +
# Tag every request with the User-Agent header +{+client-header-tagger{user-agent}} +/ + |
Stop useless download menus from popping up, or change the browser's rendering mode
Replaces the "Content-Type:" HTTP server header. +
Parameterized.
Any string. +
The "Content-Type:" HTTP server header is used by the + browser to decide what to do with the document. The value of this + header can cause the browser to open a download menu instead of + displaying the document by itself, even if the document's format is + supported by the browser. +
The declared content type can also affect which rendering mode + the browser chooses. If XHTML is delivered as "text/html", + many browsers treat it as yet another broken HTML document. + If it is send as "application/xml", browsers with + XHTML support will only display it, if the syntax is correct. +
If you see a web site that proudly uses XHTML buttons, but sets + "Content-Type: text/html", you can use Privoxy + to overwrite it with "application/xml" and validate + the web master's claim inside your XHTML-supporting browser. + If the syntax is incorrect, the browser will complain loudly. +
You can also go the opposite direction: if your browser prints + error messages instead of rendering a document falsely declared + as XHTML, you can overwrite the content type with + "text/html" and have it rendered as broken HTML document. +
By default content-type-overwrite only replaces + "Content-Type:" headers that look like some kind of text. + If you want to overwrite it unconditionally, you have to combine it with + force-text-mode. + This limitation exists for a reason, think twice before circumventing it. +
Most of the time it's easier to replace this action with a custom + server-header filter. + It allows you to activate it for every document of a certain site and it will still + only replace the content types you aimed at. +
Of course you can apply content-type-overwrite + to a whole site and then make URL based exceptions, but it's a lot + more work to get the same precision. +
# Check if www.example.net/ really uses valid XHTML +{ +content-type-overwrite{application/xml} } +www.example.net/ + +# but leave the content type unmodified if the URL looks like a style sheet +{-content-type-overwrite} +www.example.net/.*\.css$ +www.example.net/.*style |
Remove a client header Privoxy has no dedicated action for.
Deletes every header sent by the client that contains the string the user supplied as parameter.
# Block the non-existent "Privacy-Violation:" client header -{+crunch-client-header {Privacy-Violation:}} +{ +crunch-client-header{Privacy-Violation:} } /
It is also useful to make sure the header isn't used as a cookie - replacement. + replacement (unlikely but possible).
Blocking the "If-Modified-Since:" header - isn't blocked as well. + isn't blocked or missing as well.
It is recommended to use this action together with @@ -2066,10 +2587,11 @@ WIDTH="90%" >
# Let the browser revalidate cached documents without being tracked across sessions -{+hide-if-modified-since {-1} \ -+overwrite-last-modified {randomize} \ -+crunch-if-none-match} +># Let the browser revalidate cached documents but don't +# allow the server to use the revalidation headers for user tracking. +{+hide-if-modified-since{-60} \ + +overwrite-last-modified{randomize} \ + +crunch-if-none-match} /
Prevent the web server from setting any cookies on your system +> Prevent the web server from setting HTTP cookies on your system
It makes 8.5.7. crunch-server-header8.5.9. crunch-server-header
# Crunch server headers that try to prevent caching -{+crunch-server-header {no-cache}} +{ +crunch-server-header{no-cache} } /8.5.8. crunch-outgoing-cookies8.5.10. crunch-outgoing-cookies
Prevent the web server from reading any cookies from your system +> Prevent the web server from reading any HTTP cookies from your system
To detect a redirection URL,
- +fast-redirects{simple-check}
+fast-redirects{check-decoded-url}{ +fast-redirects{simple-check} } + one.example.com + + { +fast-redirects{check-decoded-url} } + another.example.com/testing |
Get rid of HTML and JavaScript annoyances, banner advertisements (by size), do fun text replacements, etc.
Get rid of HTML and JavaScript annoyances, banner advertisements (by size), + do fun text replacements, add personalized effects, etc.All files of text-based type, most notably HTML and JavaScript, to which this - action applies, are filtered on-the-fly through the specified regular expression - based substitutions. (Note: as of version 3.0.3 plain text documents +> All instances of text-based type, most notably HTML and JavaScript, to which + this action applies, can be filtered on-the-fly through the specified regular + expression based substitutions. (Note: as of version 3.0.3 plain text documents are exempted from filtering, because web servers often use the - text/plain MIME type for all files whose type they - don't know.) +> MIME type for all files whose type they don't know.)
The name of a filter, as defined in the The name of a content filter, as defined in the filter file. @@ -2883,7 +3393,13 @@ CLASS="FILENAME"
When used in its negative form, - and without parameters, filtering is completely disabled. + and without parameters, all filtering is completely disabled.
This is very powerful feature, and "rolling your own""Rolling your own" - filters requires a knowledge of regular expressions and HTML. + filters requires a knowledge of + "Regular + Expressions" and + "HTML". + This is very powerful feature, and potentially very intrusive. + Filters should be used with caution, and where an equivalent + "action" is not available.
The amount of data that can be filtered is limited to the @@ -2925,7 +3464,7 @@ HREF="config.html" data, and all pending data, is passed through unfiltered.
Inadequate MIME types, such as zipped files, are not filtered at all. +> Inappropriate MIME types, such as zipped files, are not filtered at all. (Again, only text-based types except plain text). Encrypted SSL data (from HTTPS servers) cannot be filtered either, since this would violate the integrity of the secure transaction. In some situations it might @@ -2933,16 +3472,30 @@ HREF="config.html" by defining appropriate -filter sections. +> exceptions.
At this time, Compressed content can't be filtered either, unless Privoxy cannot (yet!) uncompress compressed - documents. If you want filtering to work on all documents, even those that - would normally be sent compressed, use the - + is compiled with zlib support (requires at least Privoxy 3.0.7), + in which case Privoxy will decompress the content before filtering + it. +
If you use a Privoxy version without zlib support, but want filtering to work on + as much documents as possible, even those that would normally be sent compressed, + you must use the .
Filtering can achieve some of the same effects as the
+> Content filtering can achieve some of the same effects as the
+filter{unsolicited-popups} # Disable only unsolicited pop-up windows
+filter{unsolicited-popups} # Disable only unsolicited pop-up windows. Useful if your browser lacks this ability.+filter{all-popups} # Kill all popups in JavaScript and HTML
+filter{all-popups} # Kill all popups in JavaScript and HTML. Useful if your browser lacks this ability.+filter{frameset-borders} # Give frames a border and make them resizable
+filter{frameset-borders} # Give frames a border and make them resizeable+filter{quicktime-kioskmode} # Make Quicktime movies saveable
+filter{quicktime-kioskmode} # Make Quicktime movies savable
+ +filter{ie-exploits} # Disable some known Internet Explorer bug exploits
+filter{ie-exploits} # Disable a known Internet Explorer bug exploits
+filter{site-specifics} # Custom filters for specific site related problems |
+filter{google} # Removes text ads and other Google specific improvements |
+filter{yahoo} # Removes text ads and other Yahoo specific improvements |
+filter{msn} # Removes text ads and other MSN specific improvements |
+filter{blogspot} # Cleans up Blogspot blogs |
+filter{no-ping} # Removes non-standard ping attributes from anchor and area tags |
Warning |
Think twice before activating this action. Filtering binary data + with regular expressions can cause file damage. + |
+force-text-mode + |
Change the forwarding settings based on User-Agent or request origin
Overrules the forward directives in the configuration file. +
Multi-value.
"forward ." to use a direct connection without any additional proxies.
"forward 127.0.0.1:8123" to use the HTTP proxy listening at 127.0.0.1 port 8123. +
"forward-socks4a 127.0.0.1:9050 ." to use the socks4a proxy listening at + 127.0.0.1 port 9050. Replace "forward-socks4a" with "forward-socks4" + to use a socks4 connection (with local DNS resolution) instead. +
"forward-socks4a 127.0.0.1:9050 proxy.example.org:8000" to use the socks4a proxy + listening at 127.0.0.1 port 9050 to reach the HTTP proxy listening at proxy.example.org port 8000. + Replace "forward-socks4a" with "forward-socks4" to use a socks4 connection + (with local DNS resolution) instead. +
This action takes parameters similar to the + forward directives in the configuration + file, but without the URL pattern. It can be used as replacement, but normally it's only + used in cases where matching based on the request URL isn't sufficient.
Think twice before activating this action. Filtering binary data - with regular expressions can cause file damage. +> Please read the description for the forward directives before + using this action. Forwarding to the wrong people will reduce your privacy and increase the + chances of man-in-the-middle attacks. +
If the ports are missing or invalid, default values will be used. This might change + in the future and you shouldn't rely on it. Otherwise incorrect syntax causes Privoxy + to exit. +
Use the show-url-info CGI page + to verify that your forward settings do what you thought the do.
+force-text-mode
+># Always use direct connections for requests previously tagged as
+# "User-Agent: fetch libfetch/2.0" and make sure
+# resuming downloads continues to work.
+# This way you can continue to use Tor for your normal browsing,
+# without overloading the Tor network with your FreeBSD ports updates
+# or downloads of bigger files like ISOs.
+# Note that HTTP headers are easy to fake and therefore their
+# values are as (un)trustworthy as your clients and users.
+{+forward-override{forward .} \
+ -hide-if-modified-since \
+ -overwrite-last-modified \
+}
+TAG:^User-Agent: fetch libfetch/2\.0$
The content type for the empty document can be specified with @@ -3640,8 +4494,8 @@ CLASS="SECT3" CLASS="SECT3" >8.5.15. handle-as-image8.5.18. handle-as-image
Mark URLs as belonging to images (so they'll be replaced by imagee Mark URLs as belonging to images (so they'll be replaced by images if they get blockedif they do get blocked)
, rather than HTML pages)This action will probably be removed in the future, + use server-header filters instead. +
# Disarm the download link in Sourceforge's patch tracker -{-filter\ -+content-type-overwrite {text/plain}\ -+hide-content-disposition {block} } -.sourceforge.net/tracker/download.php8.5.18. hide-if-modified-since8.5.21. hide-if-modified-since
It is a good idea to only use a small negative value and let @@ -4100,7 +4958,8 @@ CLASS="LITERAL" HREF="actions-file.html#CRUNCH-IF-NONE-MATCH" >crunch-if-none-match. +>, + otherwise it's more or less pointless.
# Let the browser revalidate without being tracked across sessions -{+hide-if-modified-since {-1}\ -+overwrite-last-modified {randomize}\ -+crunch-if-none-match} +># Let the browser revalidate but make tracking based on the time less likely. +{+hide-if-modified-since{-60} \ + +overwrite-last-modified{randomize} \ + +crunch-if-none-match} /
Improve privacy by hiding the true source of the request
Improve privacy by not forwarding the source of the request in the HTTP headers.It is fairly safe to leave this on. -
This action is scheduled for improvement: It should be able to generate forged - "X-Forwarded-for:" headers using random IP addresses from a specified network, - to make successive requests from the same client look like requests from a pool of different - users sharing the same proxy. +> It is safe and recommended to leave this on.
"conditional-forge" to forge the header if the host has changed.
"block" to delete the header unconditionally.
Always blocking the referrer, or using a custom one, can lead to failures on servers that check the referrer before they answer any - requests, in an attempt to prevent their valuable content from being + requests, in an attempt to prevent their content from being embedded or linked to elsewhere.
8.5.22. hide-user-agent8.5.25. hide-user-agent
Conceal your type of browser and client operating system
Try to conceal your type of browser and client operating systemThis action is scheduled for improvement. +> More information on known user-agent strings can be found at + http://www.user-agents.org/ + and + http://en.wikipedia.org/wiki/User_agent.
To protect against the MS buffer over-run in JPEG processing
Try to protect against a MS buffer over-run in JPEG processingTo protect against a known exploit +> Protect against a known exploit
Note that the exploit mentioned is several years old + and it's unlikely that your client is still vulnerable + against it. This action may be removed in one of the + next releases.
If the only kind of pop-ups that you want to kill are exit consoles (those @@ -4842,6 +5714,13 @@ CLASS="REPLACEABLE" > instead.
This action is most appropriate for browsers that don't have any controls + for unwanted pop-ups. Not recommended for general usage. +
This action doesn't work very reliable and may be removed in future releases. +
Privoxy relays HTTPS traffic without seeing - the decoded content. Websites can leverage this limitation to circumvent Privoxy's + the decoded content. Websites can leverage this limitation to circumvent Privoxy's filters. By specifying an invalid port range you can disable HTTPS entirely. If you plan to disable SSL by default, consider enabling 8.5.26. prevent-compression8.5.29. prevent-compression
More and more websites send their content compressed by default, which - is generally a good idea and saves bandwidth. But for the kill-popups actions to work, - actions need + access to the uncompressed data. +
When compiled with zlib support (available since Privoxy needs access to the uncompressed data. - Unfortunately, 3.0.7), content that should be + filtered is decompressed on-the-fly and you don't have to worry about this action. + If you are using an older Privoxy can't yet(!) uncompress, filter, and - re-compress the content on the fly. So if you want to ensure that all websites, including - those that normally compress, can be filtered, you need to use this action. +> version, or one that hasn't been compiled with zlib + support, this action can be used to convince the server to send the content uncompressed.
This will slow down transfers from those websites, though. If you use any of the above-mentioned - actions, you will typically want to use prevent-compression in conjunction - with them. +> Most text-based instances compress very well, the size is seldom decreased by less than 50%, + for markup-heavy instances like news feeds saving more than 90% of the original size isn't + unusual. +
Not using compression will therefore slow down the transfer, and you should only + enable this action if you really need it. As of Privoxy 3.0.7 it's disabled in all + predefined action settings.
Note that some (rare) ill-configured sites don't handle requests for uncompressed - documents correctly (they send an empty document body). If you use prevent-compression - per default, you'll have to add exceptions for those sites. See the example for how to do that. +> per default, you might want to add + exceptions for those sites. See the example for how to do that.
# Set default: +># Selectively turn off compression, and enable a filter # -{+prevent-compression} -/ # Match all sites +{ +filter{tiny-textforms} +prevent-compression } +# Match only these sites + .google. + sourceforge.net + sf.net -# Make exceptions for ill sites: +# Or instead, we could set a universal default: # -{-prevent-compression} -www.debianhelp.org -www.pclinuxonline.com
# Let the browser revalidate without being tracked across sessions -{+hide-if-modified-since {-1}\ -+overwrite-last-modified {randomize}\ -+crunch-if-none-match} -/# Let the browser revalidate without being tracked across sessions +{ +hide-if-modified-since{-60} \ + +overwrite-last-modified{randomize} \ + +crunch-if-none-match} +/
Redirect requests to other sites. +
Convinces the browser that the requested document has been moved + to another location and the browser should get it from there. +
Parameterized
An absolute URL or a single pcrs command. +
Requests to which this action applies are answered with a + HTTP redirect to URLs of your choosing. The new URL is + either provided as parameter, or derived by applying a + single pcrs command to the original URL. +
This action will be ignored if you use it together with + block. + It can be combined with + fast-redirects{check-decoded-url} + to redirect to a decoded version of a rewritten URL. +
Use this action carefully, make sure not to create redirection loops + and be aware that using your own redirects might make it + possible to fingerprint your requests. +
# Replace example.com's style sheet with another one
+{ +redirect{http://localhost/css-replacements/example.com.css} }
+ example.com/stylesheet\.css
+
+# Create a short, easy to remember nickname for a favorite site
+# (relies on the browser accept and forward invalid URLs to Privoxy)
+{ +redirect{http://www.privoxy.org/user-manual/actions-file.html} }
+ a
+
+# Always use the expanded view for Undeadly.org articles
+# (Note the $ at the end of the URL pattern to make sure
+# the request for the rewritten URL isn't redirected as well)
+{+redirect{s@$@&mode=expanded@}}
+undeadly.org/cgi\?action=article&sid=\d*$ |
Feed log analysis scripts with useless data. +
Sends a cookie with each request stating that you do not accept any copyright + on cookies sent to you, and asking the site operator not to track you. +
Boolean.
N/A +
The vanilla wafer is a (relatively) unique header and could conceivably be used to track you. +
This action is rarely used and not enabled in the default configuration. +
+send-vanilla-wafer |
Redirect requests to other sites. +> Send custom cookies or feed log analysis scripts with even more useless data.
Convinces the browser that the requested document has been moved - to another location and the browser should get it from there. +> Sends a custom, user-defined cookie with each request.
Parameterized
Multi-value.Any URL. +> A string of the form "name=value".
This action is useful to replace whole documents with your own - ones. For that to work, they have to be available on another server. -
You can do the same by combining the actions - block, - handle-as-image and - set-image-blocker{URL}. - It doesn't sound right for non-image documents, and that's why this action - was created. +> Being multi-valued, multiple instances of this action can apply to the same request, + resulting in multiple cookies being sent.
This action will be ignored if you use it together with - block. +> This action is rarely used and not enabled in the default configuration.
# Replace example.com's style sheet with another one -{+redirect{http://localhost/css-replacements/example.com.css}} -example.com/stylesheet.css{+send-wafer{UsingPrivoxy=true}} +my-internal-testing-server.void |
Feed log analysis scripts with useless data. +> Rewrite or remove single server headers.
Sends a cookie with each request stating that you do not accept any copyright - on cookies sent to you, and asking the site operator not to track you. +> All server headers to which this action applies are filtered on-the-fly + through the specified regular expression based substitutions.
Boolean.
Parameterized.N/A +> The name of a server-header filter, as defined in one of the + filter files.
The vanilla wafer is a (relatively) unique header and could conceivably be used to track you. +> Server-header filters are applied to each header on its own, not to + all at once. This makes it easier to diagnose problems, but on the downside + you can't write filters that only change header x if header y's value is z. + You can do that by using tags though.
This action is rarely used and not enabled in the default configuration. +> Server-header filters are executed after the other header actions have finished + and use their output as input. +
Please refer to the filter file chapter + to learn which server-header filters are available by default, and how to + create your own.
+send-vanilla-wafer{+server-header-filter{html-to-xml}} +example.org/xml-instance-that-is-delivered-as-html + +{+server-header-filter{xml-to-html}} +example.org/instance-that-is-delivered-as-xml-but-is-not + |
Send custom cookies or feed log analysis scripts with even more useless data. +> Enable or disable filters based on the Content-Type header.
Sends a custom, user-defined cookie with each request. +> Server headers to which this action applies are filtered on-the-fly through + the specified regular expression based substitutions, the result is used as + tag.
Multi-value.
Parameterized.A string of the form "name=value" The name of a server-header tagger, as defined in one of the + filter files.
Being multi-valued, multiple instances of this action can apply to the same request, - resulting in multiple cookies being sent. +> Server-header taggers are applied to each header on its own, + and as the header isn't modified, each tagger "sees" + the original.
This action is rarely used and not enabled in the default configuration. +> Server-header taggers are executed before all other header actions + that modify server headers. Their tags can be used to control + all of the other server-header actions, the content filters + and the crunch actions (redirect + and block). +
Obviously crunching based on tags created by server-header taggers + doesn't prevent the request from showing up in the server's log file.
{+send-wafer{UsingPrivoxy=true}} -my-internal-testing-server.void# Tag every request with the content type declared by the server +{+server-header-tagger{content-type}} +/ + |
Redirect to the BSD devil: +> Redirect to the BSD daemon:
The default behavior is now set. Note that some actions, like not hiding - the user agent, are part of a "general policy" that applies - universally and won't get any exceptions defined later. Other choices, - like not blocking (which is understandably the - default!) need exceptions, i.e. we need to specify explicitly what we - want to block in later sections.
The default behavior is now set. +The first of our specialized sections is concerned with
First comes a bunch of generic patterns, which do most of the work, by +> First comes many generic patterns, which do most of the work, by matching typical domain and path name components of banners. Then comes a list of individual patterns for specific sites, which is omitted here to keep the example short:
You wouldn't believe how many advertisers actually call their banner +> It's quite remarkable how many advertisers actually call their banner servers ads. } adv[io]*. # (for advogato.org and advice.*) adsl. # (has nothing to do with ads) +adobe. # (has nothing to do with ads either) ad[ud]*. # (adult.* and add.*) .edu # (universities don't host banners (yet!)) .*loads. # (downloads, uploads etc) @@ -7227,7 +8188,10 @@ CLASS="SCREEN" HREF="actions-file.html#FILTER" >filter } -/.*cvs +/(.*/)?cvs +bugzilla. +developer. +wiki. .sourceforge.net The actual default.action is of course more +> is of course much more comprehensive, but we hope this example made clear how it works.
So far we are painting with a broad brush by setting general policies, which would be a reasonable starting point for many people. Now, @@ -7294,7 +8258,7 @@ WIDTH="100%" >
# My user.action file. <fred@foobar.com># My user.action file. <fred@example.com>
Say you have accounts on some sites that you visit regularly, and you don't want to have to log in manually each time. So you'd like @@ -7368,12 +8346,10 @@ WIDTH="100%" >
{ allow-all-cookies } -sourceforge.net -sunsolve.sun.com -.slashdot.org -.yahoo.com -.msdn.microsoft.com -.redhat.comfilter } -.your-home-banking-site.comblock } -www.example.com/nasty-ads/sponsor.gif -another.popular.site.net/more/junk/here/
{ +block-as-image } -.doubleclick.net -/Realmedia/ads/ -ar.atwola.com/Privoxy - that is causing the problem or not.
{ allow-ads } -.sourceforge.net -.slashdot.org -.osdn.netabove.
Invoke another alias here to force an over-ride of the MIME type application/x-sh which typically would open a download type + dialog. In my case, I want to look at the shell script, and then I can save + it should I choose to.
{ handle-as-text } + /.*\.sh$ |
user.action