The pattern matching syntax is different for the domain and path parts of
the URL. The domain part uses a simple globbing type matching technique,
- while the path part uses a more flexible
+ while the path part uses more flexible
"Regular
- Expressions (PCRE)" based syntax.
(POSIX 1003.2).www.example.com/index.html$www.example.com/index.html matches any domain that ENDS in
- matches any domain with first-level domain .example.comcom
+ and second-level domain example.
+ For example www.example.com,
+ example.com and foo.bar.baz.example.com.
+ Note that it wouldn't match if the second-level domain was another-example.
www.
+> (It also matches the domain
+ www but most of the time that doesn't matter.)
Privoxy uses Perl compatible (PCRE)
+> uses "modern" POSIX 1003.2
"Regular
- Expression" based syntax
- (through the PCRE library) for
- matching the path portion (after the slash), and is thus more flexible.
for matching the path portion (after the slash),
+ and is thus more flexible. There is an Appendix with a brief quick-start into regular
- expressions, and full (very technical) documentation on PCRE regex syntax is available on-line
- at http://www.pcre.org/man.txt.
- You might also find the Perl man page on regular expressions (man perlre)
- useful, which is available on-line at http://perldoc.perl.org/perlre.html.
man re_format). Note that the path pattern is automatically left-anchored at the
Example: +block+handle-as-image
Type:Boolean.
Parameterized.Parameter:N/A
A block reason that should be given to the user.Notes:"BLOCKED" page
- for requests to blocked pages. This page contains links to find out why the request
- was blocked, and a click-through to the blocked content (the latter only if compiled with the
- force feature enabled). The
"BLOCKED" page adapts to the available
- screen space -- it displays full-blown if space allows, or miniaturized and text-only
- if loaded into a small frame or window. If you are using
Privoxy
- right now, you can take a look at the
-
"BLOCKED"
- page.
+ for requests to blocked pages. This page contains the block reason given as
+ parameter, a link to find out why the block action applies, and a click-through
+ to the blocked content (the latter only if the force feature is available and
+ enabled).
@@ -1981,18 +1971,18 @@ WIDTH="90%"
>
{+block}
+>{+block{No nasty stuff for you.}}
# Block and replace with "blocked" page
.nasty-stuff.example.com
-{+block +handle-as-image}
+{+block{Doubleclick banners.} +handle-as-image}
# Block and replace with image
.ad.doubleclick.net
.ads.r.us/banners/
-{+block +handle-as-empty-document}
+{+block{Layered ads.} +handle-as-empty-document}
# Block and then ignore
- adserver.exampleclick.net/.*\.js$ | If the request URL gets changed, Privoxy will detect that and use the new
+ one. This can be used to rewrite the request destination behind the client's
+ back, for example to specify a Tor exit relay for certain requests.
+
Please refer to the filter file chapter
{+client-header-filter{hide-tor-exit-notation}}
-.exit/
+># Hide Tor exit notation in Host and Referer Headers
+{+client-header-filter{hide-tor-exit-notation}}
+/
| # Tag every request with the User-Agent header
{+client-header-tagger{user-agent}}
/
+
+# Tagging itself doesn't change the action
+# settings, sections with TAG patterns do:
+#
+# If it's a download agent, use a different forwarding proxy,
+# show the real User-Agent and make sure resume works.
+{+forward-override{forward-socks5 10.0.0.2:2222 .} \
+ -hide-if-modified-since \
+ -overwrite-last-modified \
+ -hide-user-agent \
+ -filter \
+ -deanimate-gifs \
+}
+TAG:^User-Agent: NetBSD-ftp/
+TAG:^User-Agent: Novell ZYPP Installer
+TAG:^User-Agent: RPM APT-HTTP/
+TAG:^User-Agent: fetch libfetch/
+TAG:^User-Agent: Ubuntu APT-HTTP/
+TAG:^User-Agent: MPlayer/
+filter{js-annoyances} # Get rid of particularly annoying JavaScript abuse+filter{js-annoyances} # Get rid of particularly annoying JavaScript abuse. | +filter{js-events} # Kill all JS event bindings (Radically destructive! Only for extra nasty sites)+filter{js-events} # Kill all JS event bindings and timers (Radically destructive! Only for extra nasty sites). | +filter{html-annoyances} # Get rid of particularly annoying HTML abuse+filter{html-annoyances} # Get rid of particularly annoying HTML abuse. | +filter{content-cookies} # Kill cookies that come in the HTML or JS content+filter{content-cookies} # Kill cookies that come in the HTML or JS content. | +filter{refresh-tags} # Kill automatic refresh tags (for dial-on-demand setups)+filter{refresh-tags} # Kill automatic refresh tags (for dial-on-demand setups). | +filter{img-reorder} # Reorder attributes in <img> tags to make the banners-by-* filters more effective+filter{img-reorder} # Reorder attributes in <img> tags to make the banners-by-* filters more effective. | +filter{banners-by-size} # Kill banners by size+filter{banners-by-size} # Kill banners by size. | +filter{banners-by-link} # Kill banners by their links to known clicktrackers+filter{banners-by-link} # Kill banners by their links to known clicktrackers. | +filter{webbugs} # Squish WebBugs (1x1 invisible GIFs used for user tracking)+filter{webbugs} # Squish WebBugs (1x1 invisible GIFs used for user tracking). | +filter{tiny-textforms} # Extend those tiny textareas up to 40x80 and kill the hard wrap+filter{tiny-textforms} # Extend those tiny textareas up to 40x80 and kill the hard wrap. | +filter{jumping-windows} # Prevent windows from resizing and moving themselves+filter{jumping-windows} # Prevent windows from resizing and moving themselves. | +filter{frameset-borders} # Give frames a border and make them resizeable+filter{frameset-borders} # Give frames a border and make them resizable. | +filter{demoronizer} # Fix MS's non-standard use of standard charsets+filter{demoronizer} # Fix MS's non-standard use of standard charsets. | +filter{shockwave-flash} # Kill embedded Shockwave Flash objects+filter{shockwave-flash} # Kill embedded Shockwave Flash objects. | +filter{quicktime-kioskmode} # Make Quicktime movies savable+filter{quicktime-kioskmode} # Make Quicktime movies saveable. | +filter{crude-parental} # Crude parental filtering (demo only)+filter{crude-parental} # Crude parental filtering. Note that this filter doesn't work reliably. | +filter{ie-exploits} # Disable a known Internet Explorer bug exploits+filter{ie-exploits} # Disable some known Internet Explorer bug exploits. | +filter{site-specifics} # Custom filters for specific site related problems+filter{site-specifics} # Cure for site-specific problems. Don't apply generally! |
+filter{google} # Removes text ads and other Google specific improvements+filter{no-ping} # Removes non-standard ping attributes in <a> and <area> tags. |
+filter{yahoo} # Removes text ads and other Yahoo specific improvements+filter{google} # CSS-based block for Google text ads. Also removes a width limitation and the toolbar advertisement. |
+filter{msn} # Removes text ads and other MSN specific improvements+filter{yahoo} # CSS-based block for Yahoo text ads. Also removes a width limitation. |
+filter{blogspot} # Cleans up Blogspot blogs+filter{msn} # CSS-based block for MSN text ads. Also removes tracking URLs and a width limitation. |
+filter{no-ping} # Removes non-standard ping attributes from anchor and area tags+filter{blogspot} # Cleans up some Blogspot blogs. Read the fine print before using this. |
"forward-socks4"
- to use a socks4 connection (with local DNS resolution) instead.
+ to use a socks4 connection (with local DNS resolution) instead, use
"forward-socks5"
+ for socks5 connections (with remote DNS resolution).
"forward-socks4" to use a socks4 connection
- (with local DNS resolution) instead.
+ (with local DNS resolution) instead, use "forward-socks5"
+ for socks5 connections (with remote DNS resolution).
Notes:
This action takes parameters similar to the
+> This action takes parameters similar to the
forward# Block all documents on example.org that end with ".js",
# but send an empty document instead of the usual HTML message.
-{+block +handle-as-empty-document}
+{+block{Blocked JavaScript} +handle-as-empty-document}
example.org/.*\.js$
"If-Modified-Since:" makes
- sure it isn't used as a cookie replacement, but you will run into
- caching problems if the random range is too high.
+ it less likely that the server can use the time as a cookie replacement,
+ but you will run into caching problems if the random range is too high.
It is a good idea to only use a small negative value and let
@@ -4948,7 +4973,8 @@ CLASS="LITERAL"
HREF="actions-file.html#CRUNCH-IF-NONE-MATCH"
>crunch-if-none-match.
+>,
+ otherwise it's more or less pointless.
# Let the browser revalidate without being tracked across sessions
-{ +hide-if-modified-since{-60} \
+># Let the browser revalidate but make tracking based on the time less likely.
+{+hide-if-modified-since{-60} \
+overwrite-last-modified{randomize} \
+crunch-if-none-match}
/Typical use:Improve privacy by not embedding the source of the request in the HTTP headers. Improve privacy by not forwarding the source of the request in the HTTP headers.Effect: Deletes any existing "X-Forwarded-for:" HTTP header from client requests,
- and prevents adding a new one.
+> HTTP header from client requests.
Notes: It is safe to leave this on.
+> It is safe and recommended to leave this on.
"conditional-forge" to forge the header if the host has changed. "block" to delete the header unconditionally. Always blocking the referrer, or using a custom one, can lead to
failures on servers that check the referrer before they answer any
- requests, in an attempt to prevent their valuable content from being
+ requests, in an attempt to prevent their content from being
embedded or linked to elsewhere.
Typical use: Conceal your type of browser and client operating system Try to conceal your type of browser and client operating systemEffect: the right thing to do: good web sites
work browser-independently).
-
| Typical use:To protect against the MS buffer over-run in JPEG processing
Prevent abuse of Privoxy as a TCP proxy relay or disable SSL for untrusted sitesEffect: Protect against a known exploit
+> Specifies to which ports HTTP CONNECT requests are allowable.
Type:Boolean.
Parameterized.Parameter: N/A
+> A comma-separated list of ports or port ranges (the latter using dashes, with the minimum
+ defaulting to 0 and the maximum to 65K).
Notes: See Microsoft Security Bulletin MS04-028. JPEG images are one of the most
- common image types found across the Internet. The exploit as described can
- allow execution of code on the target system, giving an attacker access
- to the system in question by merely planting an altered JPEG image, which
- would have no obvious indications of what lurks inside. This action
- prevents this exploit.
+> By default, i.e. if no limit-connect action applies,
+ Privoxy allows HTTP CONNECT requests to all
+ ports. Use limit-connect if fine-grained control
+ is desired for some or all destinations.
Note that the described exploit is only one of many,
- using this action does not mean that you no longer
- have to patch the client.
-
The CONNECT methods exists in HTTP to allow access to secure websites
+ ("https://" URLs) through proxies. It works very simply:
+ the proxy connects to the server on the specified port, and then
+ short-circuits its connections to the client and to the remote server.
+ This means CONNECT-enabled proxies can be used as TCP relays very easily.
+ Privoxy relays HTTPS traffic without seeing
+ the decoded content. Websites can leverage this limitation to circumvent Privoxy's
+ filters. By specifying an invalid port range you can disable HTTPS entirely.
+
Example usage:Example usages:
+inspect-jpegs +limit-connect{443} # Port 443 is OK.
++limit-connect{80,443} # Ports 80 and 443 are OK.
++limit-connect{-3, 7, 20-100, 500-} # Ports less than 3, 7, 20 to 100 and above 500 are OK.
++limit-connect{-} # All ports are OK
++limit-connect{,} # No HTTPS/SSL traffic is allowed |
+ Typical use:Eliminate those annoying pop-up windows (deprecated)
Ensure that servers send the content uncompressed, so it can be
+ passed through filters.
+ Effect: While loading the document, replace JavaScript code that opens
- pop-up windows with (syntactically neutral) dummy code on the fly.
+> Removes the Accept-Encoding header which can be used to ask for compressed transfer.
Notes: This action is basically a built-in, hardwired special-purpose filter
- action, but there are important differences: For kill-popups,
- the document need not be buffered, so it can be incrementally rendered while
- downloading. But kill-popups doesn't catch as many pop-ups as
- More and more websites send their content compressed by default, which
+ is generally a good idea and saves bandwidth. But the filter{all-popups}filter
- does and is not as smart as and
+ filter{unsolicited-popupsdeanimate-gifs}
- is.
+ actions need access to the uncompressed data.
Think of it as a fast and efficient replacement for a filter that you
- can use if you don't want any filtering at all. Note that it doesn't make
- sense to combine it with any filter action,
- since as soon as one filter applies,
- the whole document needs to be buffered anyway, which destroys the advantage of
- the kill-popups action over its filter equivalent.
+> When compiled with zlib support (available since Privoxy 3.0.7), content that should be
+ filtered is decompressed on-the-fly and you don't have to worry about this action.
+ If you are using an older Privoxy version, or one that hasn't been compiled with zlib
+ support, this action can be used to convince the server to send the content uncompressed.
Killing all pop-ups unconditionally is problematic. Many shops and banks rely on
- pop-ups to display forms, shopping carts etc, and the filter{unsolicited-popups}
- does a better job of catching only the unwanted ones.
+> Most text-based instances compress very well, the size is seldom decreased by less than 50%,
+ for markup-heavy instances like news feeds saving more than 90% of the original size isn't
+ unusual.
If the only kind of pop-ups that you want to kill are exit consoles (those
- really nasty windows that appear when you close an other
- one), you might want to use
- filter{js-annoyances}
- instead.
+> Not using compression will therefore slow down the transfer, and you should only
+ enable this action if you really need it. As of Privoxy 3.0.7 it's disabled in all
+ predefined action settings.
This action is most appropriate for browsers that don't have any controls
- for unwanted pop-ups. Not recommended for general usage.
+> Note that some (rare) ill-configured sites don't handle requests for uncompressed
+ documents correctly. Broken PHP applications tend to send an empty document body,
+ some IIS versions only send the beginning of the content. If you enable
+ prevent-compression per default, you might want to add
+ exceptions for those sites. See the example for how to do that.
Example usage:Example usage (sections): +kill-popups # Selectively turn off compression, and enable a filter
+#
+{ +filter{tiny-textforms} +prevent-compression }
+# Match only these sites
+ .google.
+ sourceforge.net
+ sf.net
+
+# Or instead, we could set a universal default:
+#
+{ +prevent-compression }
+ / # Match all sites
+
+# Then maybe make exceptions for broken sites:
+#
+{ -prevent-compression }
+.compusa.com/ |
- Typical use:
Prevent abuse of Privoxy as a TCP proxy relay or disable SSL for untrusted sites
- Effect:
Specifies to which ports HTTP CONNECT requests are allowable.
-
- Type:
Parameterized.
- Parameter:
A comma-separated list of ports or port ranges (the latter using dashes, with the minimum
- defaulting to 0 and the maximum to 65K).
-
- Notes:
By default, i.e. if no limit-connect action applies,
- Privoxy only allows HTTP CONNECT
- requests to port 443 (the standard, secure HTTPS port). Use
- limit-connect if more fine-grained control is desired
- for some or all destinations.
-
The CONNECT methods exists in HTTP to allow access to secure websites
- ("https://" URLs) through proxies. It works very simply:
- the proxy connects to the server on the specified port, and then
- short-circuits its connections to the client and to the remote server.
- This can be a big security hole, since CONNECT-enabled proxies can be
- abused as TCP relays very easily.
-
Privoxy relays HTTPS traffic without seeing
- the decoded content. Websites can leverage this limitation to circumvent Privoxy's
- filters. By specifying an invalid port range you can disable HTTPS entirely.
- If you plan to disable SSL by default, consider enabling
- treat-forbidden-connects-like-blocks
- as well, to be able to quickly create exceptions.
-
- Example usages:
+limit-connect{443} # This is the default and need not be specified.
-+limit-connect{80,443} # Ports 80 and 443 are OK.
-+limit-connect{-3, 7, 20-100, 500-} # Ports less than 3, 7, 20 to 100 and above 500 are OK.
-+limit-connect{-} # All ports are OK
-+limit-connect{,} # No HTTPS/SSL traffic is allowed |
-
- Typical use:
Ensure that servers send the content uncompressed, so it can be
- passed through filters.
-
- Effect:
Removes the Accept-Encoding header which can be used to ask for compressed transfer.
-
- Type:
Boolean.
- Parameter:
N/A
-
- Notes:
More and more websites send their content compressed by default, which
- is generally a good idea and saves bandwidth. But the filter, deanimate-gifs
- and kill-popups actions need
- access to the uncompressed data.
-
When compiled with zlib support (available since Privoxy 3.0.7), content that should be
- filtered is decompressed on-the-fly and you don't have to worry about this action.
- If you are using an older Privoxy version, or one that hasn't been compiled with zlib
- support, this action can be used to convince the server to send the content uncompressed.
-
Most text-based instances compress very well, the size is seldom decreased by less than 50%,
- for markup-heavy instances like news feeds saving more than 90% of the original size isn't
- unusual.
-
Not using compression will therefore slow down the transfer, and you should only
- enable this action if you really need it. As of Privoxy 3.0.7 it's disabled in all
- predefined action settings.
-
Note that some (rare) ill-configured sites don't handle requests for uncompressed
- documents correctly. Broken PHP applications tend to send an empty document body,
- some IIS versions only send the beginning of the content. If you enable
- prevent-compression per default, you might want to add
- exceptions for those sites. See the example for how to do that.
-
- Example usage (sections):
# Selectively turn off compression, and enable a filter
-#
-{ +filter{tiny-textforms} +prevent-compression }
-# Match only these sites
- .google.
- sourceforge.net
- sf.net
-
-# Or instead, we could set a universal default:
-#
-{ +prevent-compression }
- / # Match all sites
-
-# Then maybe make exceptions for broken sites:
-#
-{ -prevent-compression }
-.compusa.com/ |
-
+
8.5.28. overwrite-last-modified
crunch-if-none-match.
-
Example usage:
# Let the browser revalidate without being tracked across sessions
-{ +hide-if-modified-since{-60} \
- +overwrite-last-modified{randomize} \
- +crunch-if-none-match}
-/ |
- - Typical use:
Redirect requests to other sites.
-
- Effect:
Convinces the browser that the requested document has been moved
- to another location and the browser should get it from there.
-
- Type:
Parameterized
- Parameter:
An absolute URL or a single pcrs command.
-
- Notes:
Requests to which this action applies are answered with a
- HTTP redirect to URLs of your choosing. The new URL is
- either provided as parameter, or derived by applying a
- single pcrs command to the original URL.
-
This action will be ignored if you use it together with
- block.
- It can be combined with
- fast-redirects{check-decoded-url}
- to redirect to a decoded version of a rewritten URL.
-
Use this action carefully, make sure not to create redirection loops
- and be aware that using your own redirects might make it
- possible to fingerprint your requests.
-
- Example usages:
# Replace example.com's style sheet with another one
-{ +redirect{http://localhost/css-replacements/example.com.css} }
- example.com/stylesheet\.css
-
-# Create a short, easy to remember nickname for a favorite site
-# (relies on the browser accept and forward invalid URLs to Privoxy)
-{ +redirect{http://www.privoxy.org/user-manual/actions-file.html} }
- a
-
-# Always use the expanded view for Undeadly.org articles
-# (Note the $ at the end of the URL pattern to make sure
-# the request for the rewritten URL isn't redirected as well)
-{+redirect{s@$@&mode=expanded@}}
-undeadly.org/cgi\?action=article&sid=\d*$ |
-
- Typical use:
Feed log analysis scripts with useless data.
-
- Effect:
Sends a cookie with each request stating that you do not accept any copyright
- on cookies sent to you, and asking the site operator not to track you.
-
- Type:
Boolean.
- Parameter:
N/A
-
- Notes:
The vanilla wafer is a (relatively) unique header and could conceivably be used to track you.
-
This action is rarely used and not enabled in the default configuration.
+>.
+send-vanilla-wafer # Let the browser revalidate without being tracked across sessions
+{ +hide-if-modified-since{-60} \
+ +overwrite-last-modified{randomize} \
+ +crunch-if-none-match}
+/ |
Typical use: Send custom cookies or feed log analysis scripts with even more useless data.
+> Redirect requests to other sites.
Effect: Sends a custom, user-defined cookie with each request.
+> Convinces the browser that the requested document has been moved
+ to another location and the browser should get it from there.
Type:Multi-value.
ParameterizedParameter: A string of the form "name=value".
+> An absolute URL or a single pcrs command.
Notes: Being multi-valued, multiple instances of this action can apply to the same request,
- resulting in multiple cookies being sent.
+> Requests to which this action applies are answered with a
+ HTTP redirect to URLs of your choosing. The new URL is
+ either provided as parameter, or derived by applying a
+ single pcrs command to the original URL.
+
This action will be ignored if you use it together with
+ block.
+ It can be combined with
+ fast-redirects{check-decoded-url}
+ to redirect to a decoded version of a rewritten URL.
+
Use this action carefully, make sure not to create redirection loops
+ and be aware that using your own redirects might make it
+ possible to fingerprint your requests.
This action is rarely used and not enabled in the default configuration.
+> In case of problems with your redirects, or simply to watch
+ them working, enable debug 128.
Example usage (section):Example usages:
{+send-wafer{UsingPrivoxy=true}}
-my-internal-testing-server.void# Replace example.com's style sheet with another one
+{ +redirect{http://localhost/css-replacements/example.com.css} }
+ example.com/stylesheet\.css
+
+# Create a short, easy to remember nickname for a favorite site
+# (relies on the browser accept and forward invalid URLs to Privoxy)
+{ +redirect{http://www.privoxy.org/user-manual/actions-file.html} }
+ a
+
+# Always use the expanded view for Undeadly.org articles
+# (Note the $ at the end of the URL pattern to make sure
+# the request for the rewritten URL isn't redirected as well)
+{+redirect{s@$@&mode=expanded@}}
+undeadly.org/cgi\?action=article&sid=\d*$
+
+# Redirect Google search requests to MSN
+{+redirect{s@^http://[^/]*/search\?q=([^&]*).*@http://search.msn.com/results.aspx?q=$1@}}
+.google.com/search
+
+# Redirect MSN search requests to Yahoo
+{+redirect{s@^http://[^/]*/results\.aspx\?q=([^&]*).*@http://search.yahoo.com/search?p=$1@}}
+search.msn.com//results\.aspx\?q=
+
+# Redirect remote requests for this manual
+# to the local version delivered by Privoxy
+{+redirect{s@^http://www@http://config@}}
+www.privoxy.org/user-manual/ |
8.5.34. server-header-filter8.5.30. server-header-filter8.5.35. server-header-tagger8.5.31. server-header-tagger8.5.36. session-cookies-only8.5.32. session-cookies-only8.5.37. set-image-blocker8.5.33. set-image-blocker- Typical use:
Block forbidden connects with an easy to find error message.
- Effect:
If this action is enabled, Privoxy no longer
- makes a difference between forbidden connects and ordinary blocks.
-
- Type:
Boolean
- Parameter:
N/A
- Notes:
By default Privoxy answers
- forbidden "Connect" requests
- with a short error message inside the headers. If the browser doesn't display
- headers (most don't), you just see an empty page.
-
With this action enabled, Privoxy displays
- the message that is used for ordinary blocks instead. If you decide
- to make an exception for the page in question, you can do so by
- following the "See why" link.
-
For "Connect" requests the clients tell
- Privoxy which host they are interested
- in, but not which document they plan to get later. As a result, the
- "Go there anyway" wouldn't work and is therefore suppressed.
-
- Example usage:
+treat-forbidden-connects-like-blocks |
-
Note that many of these actions have the potential to cause a page to
@@ -7324,7 +6839,7 @@ HREF="actions-file.html#CRUNCH-INCOMING-COOKIES"
HREF="actions-file.html#CRUNCH-OUTGOING-COOKIES"
>crunch-outgoing-cookies
- +block-as-image = +block +handle-as-image
+ +block-as-image = +block{Blocked image.} +handle-as-image
allow-all-cookies = -crunch-all-cookies -session-cookies-onlyhide-referrer -kill-popups -prevent-compression
@@ -7359,9 +6871,6 @@ HREF="actions-file.html#PREVENT-COMPRESSION"
shop = -crunch-all-cookies -filter{all-popups} -kill-popups
# Short names for other aliases, for really lazy people ;-)
@@ -7407,7 +6916,7 @@ CLASS="SCREEN"
# These shops require pop-ups:
#
- {-kill-popups -filter{all-popups} -filter{unsolicited-popups}}
+ {-filter{all-popups} -filter{unsolicited-popups}}
.dabs.com
.overclockers.co.uk
crunch-outgoing-cookies
- +block-as-image = +block +handle-as-image
+ +block-as-image = +block{Blocked image.} +handle-as-image
mercy-for-cookies = -crunch-all-cookies -session-cookies-only -hide-referrer -kill-popups
shop = -crunch-all-cookies -filter{all-popups} -kill-popups
Again, at the start of matching, all actions are disabled, so there is
- no real need to disable any actions here, but we will do that nonetheless,
- to have a complete listing for your reference. (Remember: a "+"
@@ -7655,178 +7157,26 @@ CLASS="SCREEN"
# "Defaults" section:
##########################################################################
{ \
- -add-header \
- -client-header-filter{hide-tor-exit-notation} \
- -block \
- -content-type-overwrite \
- -crunch-client-header \
- -crunch-if-none-match \
- -crunch-incoming-cookies \
- -crunch-server-header \
- -crunch-outgoing-cookies \
+deanimate-gifs \
- -downgrade-http-version \
- -fast-redirects{check-decoded-url} \
- -filter{js-annoyances} \
- -filter{js-events} \
+filter{html-annoyances} \
- -filter{content-cookies} \
+filter{refresh-tags} \
- -filter{unsolicited-popups} \
- -filter{all-popups} \
- -filter{img-reorder} \
- -filter{banners-by-size} \
- -filter{banners-by-link} \
+filter{webbugs} \
- -filter{tiny-textforms} \
- -filter{jumping-windows} \
- -filter{frameset-borders} \
- -filter{demoronizer} \
- -filter{shockwave-flash} \
- -filter{quicktime-kioskmode} \
- -filter{fun} \
- -filter{crude-parental} \
+filter{ie-exploits} \
- -filter{google} \
- -filter{yahoo} \
- -filter{msn} \
- -filter{blogspot} \
- -filter{no-ping} \
- -force-text-mode \
- -handle-as-empty-document \
- -handle-as-image \
- -hide-accept-language \
- -hide-content-disposition \
- -hide-if-modified-since \
+hide-forwarded-for-headershide-referrer{forge} \
- -hide-user-agent \
- -inspect-jpegs \
- -kill-popups \
- -limit-connect \
+prevent-compression \
- -overwrite-last-modified \
- -redirect \
- -send-vanilla-wafer \
- -send-wafer \
- -server-header-filter{xml-to-html} \
- -server-header-filter{html-to-xml} \
+set-image-blocker{pattern} \
- -treat-forbidden-connects-like-blocks \
}
/ # forward slash will match *all* potential URL patterns.
The default behavior is now set. Note that some actions, like not hiding
- the user agent, are part of a "general policy" that applies
- universally and won't get any exceptions defined later. Other choices,
- like not blocking (which is understandably the
- default!) need exceptions, i.e. we need to specify explicitly what we
- want to block in later sections.
The default behavior is now set.
+ The first of our specialized sections is concerned with +block+block{Banner ads.} }
# Generic patterns:
@@ -8400,7 +7693,7 @@ CLASS="SECT3"
>
# My user.action file. <fred@foobar.com> # My user.action file. <fred@example.com> | { +block }{ +block{} } section. Note that { +handle-as-image
@@ -8626,9 +7919,9 @@ CLASS="SCREEN"
>{ +block }
+>{Nasty ads.} }
www.example.com/nasty-ads/sponsor\.gif
- another.popular.site.net/more/junk/here/default.filter,
- but it is disabled in the distributed actions file. (My colleagues on the team just
- don't have a sense of humour, that's why! ;-). So you'd like to turn it on in your private,
+ but it is disabled in the distributed actions file.
+ So you'd like to turn it on in your private,
update-safe config, once and for all: