X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=doc%2Fwebserver%2Fuser-manual%2Factions-file.html;h=da04b8a36692f49521bd482471b975735d0fffcb;hp=770fb4b534e56e96790784934bfa4cd4ac74da59;hb=a034442e634c7b54d3dfe42c1a53234f3369b091;hpb=521b46fe672fed762b385560f350fbe59d32b6cf diff --git a/doc/webserver/user-manual/actions-file.html b/doc/webserver/user-manual/actions-file.html index 770fb4b5..da04b8a3 100644 --- a/doc/webserver/user-manual/actions-file.html +++ b/doc/webserver/user-manual/actions-file.html @@ -73,7 +73,7 @@
The default profiles, and their associated actions, as pre-defined in default.action are:
Table 1. Default Configurations
- {+enable-https-filtering} -www.example.com- |
-
To detect a redirection URL, fast-redirects only looks for the string "http://", either in plain text (invalid but often used) or encoded as "http%3a//". Some sites use their own URL encoding scheme, encrypt the address - of the target server or replace it with a database id. In theses cases fast-redirects is fooled and the request reaches the redirection server where it probably gets logged.
@@ -1589,7 +1549,7 @@ www.example.comFilter encrypted requests and responses
+Encrypted requests are decrypted, filtered and forwarded encrypted.
+Boolean.
+N/A
+This action allows Privoxy to filter encrypted requests and + responses. For this to work Privoxy has to generate a certificate and + send it to the client which has to accept it.
+Before this works the directives in the TLS section of the config file have to be configured.
+Note that the action has to be enabled based on the CONNECT request which doesn't contain a path. + Enabling it based on a pattern with path doesn't work as the path is only seen by Privoxy if the action is already enabled.
+This is an experimental feature.
+
+ {+https-inspection} +www.example.com+ |
+
When the "+enable-https-filtering" action is used Privoxy by - default verifies that the remote site uses a valid certificate.
-If the certificate is invalid the connection is aborted.
-This action disabled the certificate check allowing requests to sites with invalid certificates.
+When the "+https-inspection" action is used Privoxy by default + verifies that the remote site uses a valid certificate.
+If the certificate can't be validated by Privoxy the connection is + aborted.
+This action disables the certificate check so requests to sites with certificates that can't be + validated are allowed.
+Note that enabling this action allows Man-in-the-middle attacks.
Note that some (rare) ill-configured sites don't handle requests for uncompressed documents correctly. Broken PHP applications tend to send an empty document body, some IIS versions only send the beginning of - the content. If you enable prevent-compression per default, you might want to - add exceptions for those sites. See the example for how to do that.
+ the content and some content delivery networks let the connection time out. If you enable prevent-compression per default, you might want to add exceptions for those sites. See the + example for how to do that.