X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=doc%2Fwebserver%2Fuser-manual%2Factions-file.html;h=b66732899062b72e11660c0af4145a0a2f2afaef;hp=87a7d5175454629d321d121271ce0e7a4f90bb95;hb=9cc96e485bce416f04f758a6785e655348b186c8;hpb=9c113a4c0231441c0005cae73bc9e1cf32a71596 diff --git a/doc/webserver/user-manual/actions-file.html b/doc/webserver/user-manual/actions-file.html index 87a7d517..b6673289 100644 --- a/doc/webserver/user-manual/actions-file.html +++ b/doc/webserver/user-manual/actions-file.html @@ -259,7 +259,7 @@ CLASS="FILENAME" >

8.1. Finding the Right Mix

8.2. How to Edit

8.4.1. The Domain Pattern

8.4.2. The Path Pattern

If the request URL gets changed, Privoxy will detect that and use the new + one. This can be used to rewrite the request destination behind the client's + back, for example to specify a Tor exit relay for certain requests. +

Please refer to the filter file chapter"If-Modified-Since:" makes - sure it isn't used as a cookie replacement, but you will run into - caching problems if the random range is too high. + it less likely that the server can use the time as a cookie replacement, + but you will run into caching problems if the random range is too high.

It is a good idea to only use a small negative value and let @@ -4948,7 +4958,8 @@ CLASS="LITERAL" HREF="actions-file.html#CRUNCH-IF-NONE-MATCH" >crunch-if-none-match. +>, + otherwise it's more or less pointless. 

# Let the browser revalidate without being tracked across sessions
-{ +hide-if-modified-since{-60} \
+># Let the browser revalidate but make tracking based on the time less likely.
+{+hide-if-modified-since{-60} \
  +overwrite-last-modified{randomize} \
  +crunch-if-none-match}
 /
Typical use:

Improve privacy by not embedding the source of the request in the HTTP headers.

Improve privacy by not forwarding the source of the request in the HTTP headers.

Effect:
Deletes any existing "X-Forwarded-for:" HTTP header from client requests, - and prevents adding a new one. +> HTTP header from client requests.

Notes:

It is safe to leave this on. +> It is safe and recommended to leave this on.

"conditional-forge" to forge the header if the host has changed.

  • "block" to delete the header unconditionally.

    • Always blocking the referrer, or using a custom one, can lead to failures on servers that check the referrer before they answer any - requests, in an attempt to prevent their valuable content from being + requests, in an attempt to prevent their content from being embedded or linked to elsewhere.

    Typical use:

    Conceal your type of browser and client operating system

    Try to conceal your type of browser and client operating system

    Effect:
    the right thing to do: good web sites work browser-independently). -

    Typical use:

    To protect against the MS buffer over-run in JPEG processing

    Try to protect against a MS buffer over-run in JPEG processing

    Effect:

    Note that the described exploit is only one of many, - using this action does not mean that you no longer - have to patch the client. +> Note that the exploit mentioned is several years old + and it's unlikely that your client is still vulnerable + against it. This action may be removed in one of the + next releases.

    This action is most appropriate for browsers that don't have any controls for unwanted pop-ups. Not recommended for general usage.

    This action doesn't work very reliable and may be removed in future releases. +

    Example usage:
    URLs) through proxies. It works very simply: the proxy connects to the server on the specified port, and then short-circuits its connections to the client and to the remote server. - This can be a big security hole, since CONNECT-enabled proxies can be - abused as TCP relays very easily. + This means CONNECT-enabled proxies can be used as TCP relays very easily.

    8.5.39. Summary

    8.7.1. default.action

    Again, at the start of matching, all actions are disabled, so there is - no real need to disable any actions here, but we will do that nonetheless, - to have a complete listing for your reference. (Remember: a "+" @@ -7655,178 +7673,26 @@ CLASS="SCREEN" # "Defaults" section: ########################################################################## { \ - -add-header \ - -client-header-filter{hide-tor-exit-notation} \ - -block \ - -content-type-overwrite \ - -crunch-client-header \ - -crunch-if-none-match \ - -crunch-incoming-cookies \ - -crunch-server-header \ - -crunch-outgoing-cookies \ +deanimate-gifs \ - -downgrade-http-version \ - -fast-redirects{check-decoded-url} \ - -filter{js-annoyances} \ - -filter{js-events} \ +filter{html-annoyances} \ - -filter{content-cookies} \ +filter{refresh-tags} \ - -filter{unsolicited-popups} \ - -filter{all-popups} \ - -filter{img-reorder} \ - -filter{banners-by-size} \ - -filter{banners-by-link} \ +filter{webbugs} \ - -filter{tiny-textforms} \ - -filter{jumping-windows} \ - -filter{frameset-borders} \ - -filter{demoronizer} \ - -filter{shockwave-flash} \ - -filter{quicktime-kioskmode} \ - -filter{fun} \ - -filter{crude-parental} \ +filter{ie-exploits} \ - -filter{google} \ - -filter{yahoo} \ - -filter{msn} \ - -filter{blogspot} \ - -filter{no-ping} \ - -force-text-mode \ - -handle-as-empty-document \ - -handle-as-image \ - -hide-accept-language \ - -hide-content-disposition \ - -hide-if-modified-since \ +hide-forwarded-for-headershide-referrer{forge} \ - -hide-user-agent \ - -inspect-jpegs \ - -kill-popups \ - -limit-connect \ +prevent-compression \ - -overwrite-last-modified \ - -redirect \ - -send-vanilla-wafer \ - -send-wafer \ - -server-header-filter{xml-to-html} \ - -server-header-filter{html-to-xml} \ +set-image-blocker{pattern} \ - -treat-forbidden-connects-like-blocks \ } / # forward slash will match *all* potential URL patterns.

    The default behavior is now set. Note that some actions, like not hiding - the user agent, are part of a "general policy" that applies - universally and won't get any exceptions defined later. Other choices, - like not blocking (which is understandably the - default!) need exceptions, i.e. we need to specify explicitly what we - want to block in later sections.

    The default behavior is now set. +

    The first of our specialized sections is concerned with

    8.7.2. user.action

    # My user.action file. <fred@foobar.com>
    # My user.action file. <fred@example.com>block } www.example.com/nasty-ads/sponsor\.gif - another.popular.site.net/more/junk/here/default.filter, - but it is disabled in the distributed actions file. (My colleagues on the team just - don't have a sense of humour, that's why! ;-). So you'd like to turn it on in your private, + but it is disabled in the distributed actions file. + So you'd like to turn it on in your private, update-safe config, once and for all: