The default profiles, and their associated actions, as pre-defined in default.action are:
Table 1. Default Configurations
- {+enable-https-filtering}
-www.example.com
- |
-
To detect a redirection URL, fast-redirects only looks for the string "http://", either in plain text (invalid but often used) or encoded as "http%3a//". Some sites use their own URL encoding scheme, encrypt the address - of the target server or replace it with a database id. In theses cases fast-redirects is fooled and the request reaches the redirection server where it probably gets logged.
@@ -1589,7 +1549,7 @@ www.example.com
-
- +filter{js-annoyances} # Get rid of particularly annoying JavaScript abuse.
+ +filter{js-annoyances} # Get rid of particularly annoying JavaScript abuse.
|
-
- +filter{js-events} # Kill JavaScript event bindings and timers (Radically destructive! Only for extra nasty sites).
+ +filter{js-events} # Kill JavaScript event bindings and timers (Radically destructive! Only for extra nasty sites).
|
-
- +filter{html-annoyances} # Get rid of particularly annoying HTML abuse.
+ +filter{html-annoyances} # Get rid of particularly annoying HTML abuse.
|
-
- +filter{content-cookies} # Kill cookies that come in the HTML or JS content.
+ +filter{content-cookies} # Kill cookies that come in the HTML or JS content.
|
-
- +filter{refresh-tags} # Kill automatic refresh tags if refresh time is larger than 9 seconds.
+ +filter{refresh-tags} # Kill automatic refresh tags if refresh time is larger than 9 seconds.
|
-
- +filter{img-reorder} # Reorder attributes in <img> tags to make the banners-by-* filters more effective.
+ +filter{img-reorder} # Reorder attributes in <img> tags to make the banners-by-* filters more effective.
|
-
- +filter{banners-by-link} # Kill banners by their links to known clicktrackers.
+ +filter{banners-by-link} # Kill banners by their links to known clicktrackers.
|
-
- +filter{webbugs} # Squish WebBugs (1x1 invisible GIFs used for user tracking).
+ +filter{webbugs} # Squish WebBugs (1x1 invisible GIFs used for user tracking).
|
-
- +filter{tiny-textforms} # Extend those tiny textareas up to 40x80 and kill the hard wrap.
+ +filter{tiny-textforms} # Extend those tiny textareas up to 40x80 and kill the hard wrap.
|
-
- +filter{jumping-windows} # Prevent windows from resizing and moving themselves.
+ +filter{jumping-windows} # Prevent windows from resizing and moving themselves.
|
-
- +filter{frameset-borders} # Give frames a border and make them resizable.
+ +filter{frameset-borders} # Give frames a border and make them resizable.
|
-
- +filter{iframes} # Removes all detected iframes. Should only be enabled for individual sites.
+ +filter{iframes} # Removes all detected iframes. Should only be enabled for individual sites.
|
-
- +filter{demoronizer} # Fix MS's non-standard use of standard charsets.
+ +filter{demoronizer} # Fix MS's non-standard use of standard charsets.
|
-
- +filter{fun} # Text replacements for subversive browsing fun!
+ +filter{fun} # Text replacements for subversive browsing fun!
|
-
- +filter{crude-parental} # Crude parental filtering. Note that this filter doesn't work reliably.
+ +filter{crude-parental} # Crude parental filtering. Note that this filter doesn't work reliably.
|
-
- +filter{ie-exploits} # Disable some known Internet Explorer bug exploits.
+ +filter{ie-exploits} # Disable some known Internet Explorer bug exploits.
|
-
- +filter{site-specifics} # Cure for site-specific problems. Don't apply generally!
+ +filter{site-specifics} # Cure for site-specific problems. Don't apply generally!
|
-
- +filter{no-ping} # Removes non-standard ping attributes in <a> and <area> tags.
+ +filter{no-ping} # Removes non-standard ping attributes in <a> and <area> tags.
|
-
- +filter{google} # CSS-based block for Google text ads. Also removes a width limitation and the toolbar advertisement.
+ +filter{google} # CSS-based block for Google text ads. Also removes a width limitation and the toolbar advertisement.
|
-
- +filter{yahoo} # CSS-based block for Yahoo text ads. Also removes a width limitation.
+ +filter{yahoo} # CSS-based block for Yahoo text ads. Also removes a width limitation.
|
-
- +filter{msn} # CSS-based block for MSN text ads. Also removes tracking URLs and a width limitation.
+ +filter{msn} # CSS-based block for MSN text ads. Also removes tracking URLs and a width limitation.
|
-
- +filter{blogspot} # Cleans up some Blogspot blogs. Read the fine print before using this.
+ +filter{blogspot} # Cleans up some Blogspot blogs. Read the fine print before using this.
|
Filter encrypted requests and responses
+Encrypted requests are decrypted, filtered and forwarded encrypted.
+Boolean.
+N/A
+This action allows Privoxy to filter encrypted requests and + responses. For this to work Privoxy has to generate a certificate and + send it to the client which has to accept it.
+Before this works the directives in the HTTPS inspection section of the config + file have to be configured.
+Note that the action has to be enabled based on the CONNECT request which doesn't contain a path. + Enabling it based on a pattern with path doesn't work as the path is only seen by Privoxy if the action is already enabled.
+This is an experimental feature.
+
+ {+https-inspection}
+www.example.com
+ |
+
When the "+enable-https-filtering" action is used Privoxy by - default verifies that the remote site uses a valid certificate.
-If the certificate is invalid the connection is aborted.
-This action disabled the certificate check allowing requests to sites with invalid certificates.
+When the "+https-inspection" action is used Privoxy by default + verifies that the remote site uses a valid certificate.
+If the certificate can't be validated by Privoxy the connection is + aborted.
+This action disables the certificate check so requests to sites with certificates that can't be + validated are allowed.
+Note that enabling this action allows Man-in-the-middle attacks.
Note that some (rare) ill-configured sites don't handle requests for uncompressed documents correctly. Broken PHP applications tend to send an empty document body, some IIS versions only send the beginning of - the content. If you enable prevent-compression per default, you might want to - add exceptions for those sites. See the example for how to do that.
+ the content and some content delivery networks let the connection time out. If you enable prevent-compression per default, you might want to add exceptions for those sites. See the + example for how to do that.