X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=doc%2Fwebserver%2Fuser-manual%2Factions-file.html;h=a5a7d7a4e8b3cf531e20f45b8f8328bbd3ab100f;hp=db8dae24afd32b29e00265d8f294858d14cbc553;hb=2d1af75a04189057eb4cf4949908a3cdf9ca2b6e;hpb=2727c136ceb730015412df0cf32d8761ffe13930 diff --git a/doc/webserver/user-manual/actions-file.html b/doc/webserver/user-manual/actions-file.html index db8dae24..a5a7d7a4 100644 --- a/doc/webserver/user-manual/actions-file.html +++ b/doc/webserver/user-manual/actions-file.html @@ -73,7 +73,7 @@
The default profiles, and their associated actions, as pre-defined in default.action are:
Table 1. Default Configurations
- {+enable-https-filtering} -www.example.com- |
-
To detect a redirection URL, fast-redirects only looks for the string "http://", either in plain text (invalid but often used) or encoded as "http%3a//". Some sites use their own URL encoding scheme, encrypt the address - of the target server or replace it with a database id. In theses cases fast-redirects is fooled and the request reaches the redirection server where it probably gets logged.
@@ -1589,7 +1549,7 @@ www.example.com
- - +filter{js-annoyances} # Get rid of particularly annoying JavaScript abuse.+ +filter{js-annoyances} # Get rid of particularly annoying JavaScript abuse. |
- - +filter{js-events} # Kill JavaScript event bindings and timers (Radically destructive! Only for extra nasty sites).+ +filter{js-events} # Kill JavaScript event bindings and timers (Radically destructive! Only for extra nasty sites). |
- - +filter{html-annoyances} # Get rid of particularly annoying HTML abuse.+ +filter{html-annoyances} # Get rid of particularly annoying HTML abuse. |
- - +filter{content-cookies} # Kill cookies that come in the HTML or JS content.+ +filter{content-cookies} # Kill cookies that come in the HTML or JS content. |
- - +filter{refresh-tags} # Kill automatic refresh tags if refresh time is larger than 9 seconds.+ +filter{refresh-tags} # Kill automatic refresh tags if refresh time is larger than 9 seconds. |
- - +filter{img-reorder} # Reorder attributes in <img> tags to make the banners-by-* filters more effective.+ +filter{img-reorder} # Reorder attributes in <img> tags to make the banners-by-* filters more effective. |
- - +filter{banners-by-link} # Kill banners by their links to known clicktrackers.+ +filter{banners-by-link} # Kill banners by their links to known clicktrackers. |
- - +filter{webbugs} # Squish WebBugs (1x1 invisible GIFs used for user tracking).+ +filter{webbugs} # Squish WebBugs (1x1 invisible GIFs used for user tracking). |
- - +filter{tiny-textforms} # Extend those tiny textareas up to 40x80 and kill the hard wrap.+ +filter{tiny-textforms} # Extend those tiny textareas up to 40x80 and kill the hard wrap. |
- - +filter{jumping-windows} # Prevent windows from resizing and moving themselves.+ +filter{jumping-windows} # Prevent windows from resizing and moving themselves. |
- - +filter{frameset-borders} # Give frames a border and make them resizable.+ +filter{frameset-borders} # Give frames a border and make them resizable. |
- - +filter{iframes} # Removes all detected iframes. Should only be enabled for individual sites.+ +filter{iframes} # Removes all detected iframes. Should only be enabled for individual sites. |
- - +filter{demoronizer} # Fix MS's non-standard use of standard charsets.+ +filter{demoronizer} # Fix MS's non-standard use of standard charsets. |
- - +filter{fun} # Text replacements for subversive browsing fun!+ +filter{fun} # Text replacements for subversive browsing fun! |
- - +filter{crude-parental} # Crude parental filtering. Note that this filter doesn't work reliably.+ +filter{crude-parental} # Crude parental filtering. Note that this filter doesn't work reliably. |
- - +filter{ie-exploits} # Disable some known Internet Explorer bug exploits.+ +filter{ie-exploits} # Disable some known Internet Explorer bug exploits. |
- - +filter{site-specifics} # Cure for site-specific problems. Don't apply generally!+ +filter{site-specifics} # Cure for site-specific problems. Don't apply generally! |
- - +filter{no-ping} # Removes non-standard ping attributes in <a> and <area> tags.+ +filter{no-ping} # Removes non-standard ping attributes in <a> and <area> tags. |
- - +filter{google} # CSS-based block for Google text ads. Also removes a width limitation and the toolbar advertisement.+ +filter{google} # CSS-based block for Google text ads. Also removes a width limitation and the toolbar advertisement. |
- - +filter{yahoo} # CSS-based block for Yahoo text ads. Also removes a width limitation.+ +filter{yahoo} # CSS-based block for Yahoo text ads. Also removes a width limitation. |
- - +filter{msn} # CSS-based block for MSN text ads. Also removes tracking URLs and a width limitation.+ +filter{msn} # CSS-based block for MSN text ads. Also removes tracking URLs and a width limitation. |
- - +filter{blogspot} # Cleans up some Blogspot blogs. Read the fine print before using this.+ +filter{blogspot} # Cleans up some Blogspot blogs. Read the fine print before using this. |
Filter encrypted requests and responses
+Encrypted requests are decrypted, filtered and forwarded encrypted.
+Boolean.
+N/A
+This action allows Privoxy to filter encrypted requests and + responses. For this to work Privoxy has to generate a certificate and + send it to the client which has to accept it.
+Before this works the directives in the HTTPS inspection section of the config + file have to be configured.
+Note that the action has to be enabled based on the CONNECT request which doesn't contain a path. + Enabling it based on a pattern with path doesn't work as the path is only seen by Privoxy if the action is already enabled.
+This is an experimental feature.
+
+ {+https-inspection} +www.example.com+ |
+
When the "+enable-https-filtering" action is used Privoxy by - default verifies that the remote site uses a valid certificate.
-If the certificate is invalid the connection is aborted.
-This action disabled the certificate check allowing requests to sites with invalid certificates.
+When the "+https-inspection" action is used Privoxy by default + verifies that the remote site uses a valid certificate.
+If the certificate can't be validated by Privoxy the connection is + aborted.
+This action disables the certificate check so requests to sites with certificates that can't be + validated are allowed.
+Note that enabling this action allows Man-in-the-middle attacks.
Note that some (rare) ill-configured sites don't handle requests for uncompressed documents correctly. Broken PHP applications tend to send an empty document body, some IIS versions only send the beginning of - the content. If you enable prevent-compression per default, you might want to - add exceptions for those sites. See the example for how to do that.
+ the content and some content delivery networks let the connection time out. If you enable prevent-compression per default, you might want to add exceptions for those sites. See the + example for how to do that.