X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=doc%2Fwebserver%2Fuser-manual%2Factions-file.html;h=f78109e2f4808806fada3d9ad0e7b242a4a976bc;hp=221e7e2a3e0264159c1ee7716ddbb702068ad961;hb=7d0d8bdd53947864c64d968062ca132b65f2e162;hpb=aaff4cd0e076bb9d094f69ac83a4ff5429235991 diff --git a/doc/webserver/user-manual/actions-file.html b/doc/webserver/user-manual/actions-file.html index 221e7e2a..f78109e2 100644 --- a/doc/webserver/user-manual/actions-file.html +++ b/doc/webserver/user-manual/actions-file.html @@ -6,7 +6,7 @@ Actions Files - + @@ -21,7 +21,7 @@ - + @@ -117,7 +117,7 @@ in default.action are:

- +

Table 1. Default Configurations

@@ -314,8 +314,8 @@ actions.

-

8.1. Finding the Right - Mix

+

8.1. Finding the + Right Mix

Note that some actions, like cookie suppression or script disabling, may render some sites unusable @@ -339,7 +339,7 @@

-

8.2. How to +

8.2. How to Edit

The easiest way to edit the actions files is with a browser by using @@ -644,8 +644,8 @@

-

8.4.2. The Path - Pattern

+

8.4.2. The + Path Pattern

Privoxy uses "modern" POSIX 1003.2

8.4.3. The - Tag Pattern

+ Request Tag Pattern -

Tag patterns are used to change the applying actions based on the - request's tags. Tags can be created with either the Request tag patterns are used to change the applying actions based + on the request's tags. Tags can be created based on HTTP headers with + either the client-header-tagger or the server-header-tagger action.

-

Tag patterns have to start with "TAG:", - so Privoxy can tell them apart from - URL patterns. Everything after the colon including white space, is - interpreted as a regular expression with path pattern syntax, except - that tag patterns aren't left-anchored automatically (Privoxy doesn't silently add a "^", you have to do it yourself if you need it).

+

Request tag patterns have to start with "TAG:", so Privoxy + can tell them apart from other patterns. Everything after the colon + including white space, is interpreted as a regular expression with + path pattern syntax, except that tag patterns aren't left-anchored + automatically (Privoxy doesn't + silently add a "^", you have to do it + yourself if you need it).

To match all requests that are tagged with "foo" your pattern line should be "TAG: foo" wouldn't work as it requires white space.

-

Sections can contain URL and tag patterns at the same time, but - tag patterns are checked after the URL patterns and thus always - overrule them, even if they are located before the URL patterns.

+

Sections can contain URL and request tag patterns at the same + time, but request tag patterns are checked after the URL patterns and + thus always overrule them, even if they are located before the URL + patterns.

-

Once a new tag is added, Privoxy checks right away if it's matched - by one of the tag patterns and updates the action settings - accordingly. As a result tags can be used to activate other tagger - actions, as long as these other taggers look for headers that haven't - already be parsed.

+

Once a new request tag is added, Privoxy checks right away if it's + matched by one of the request tag patterns and updates the action + settings accordingly. As a result request tags can be used to + activate other tagger actions, as long as these other taggers look + for headers that haven't already be parsed.

For example you could tag client requests which use the POST method, then use this tag to activate another @@ -797,21 +800,86 @@

8.4.4. The Negative Tag Patterns

+ "NEGATIVE-TAG-PATTERNS">8.4.4. The Negative Request Tag + Patterns -

To match requests that do not have a certain tag, specify a - negative tag pattern by prefixing the tag pattern line with either +

To match requests that do not have a certain request tag, specify + a negative tag pattern by prefixing the tag pattern line with either "NO-REQUEST-TAG:" or "NO-RESPONSE-TAG:" instead of "TAG:".

-

Negative tag patterns created with Negative request tag patterns created with "NO-REQUEST-TAG:" are checked after all client headers are scanned, the ones created with "NO-RESPONSE-TAG:" are checked after all server headers are scanned. In both cases all the created tags are considered.

+ +
+

8.4.5. The Client Tag Pattern

+ +
+
Privoxy 3.0.22 User ManualPrivoxy 3.0.26 User Manual
+ + + + + + + +
Warning
+

This is an experimental feature. The syntax is likely to + change in future versions.

+
+ + +

Client tag patterns are not set based on HTTP headers but based on + the client's IP address. Users can enable them themselves, but the + Privoxy admin controls which tags are available and what their effect + is.

+ +

After a client-specific tag has been defined with the client-specific-tag, directive, + action sections can be activated based on the tag by using a + CLIENT-TAG pattern. The CLIENT-TAG pattern is evaluated at the same + priority as URL patterns, as a result the last matching pattern wins. + Tags that are created based on client or server headers are evaluated + later on and can overrule CLIENT-TAG and URL patterns!

+ +

The tag is set for all requests that come from clients that + requested it to be set. Note that "clients" are differentiated by IP + address, if the IP address changes the tag has to be requested + again.

+ +

Clients can request tags to be set by using the CGI interface + http://config.privoxy.org/client-tags.

+ +

Example:

+ + + + + +
+ 
+# If the admin defined the client-specific-tag circumvent-blocks,
+# and the request comes from a client that previously requested
+# the tag to be set, overrule all previous +block actions that
+# are enabled based on URL to CLIENT-TAG patterns.
+{-block}
+CLIENT-TAG:^circumvent-blocks$
+
+# This section is not overruled because it's located after
+# the previous one.
+{+block{Nobody is supposed to request this.}}
+example.org/blocked-example-page
+
+
+
@@ -996,7 +1064,16 @@ 
-+add-header{X-User-Tracking: sucks}
+# Add a DNT ("Do not track") header to all requests,
+# event to those that already have one.
+#
+# This is just an example, not a recommendation.
+#
+# There is no reason to believe that user-tracking websites care
+# about the DNT header and depending on the User-Agent, adding the
+# header may make user-tracking easier.
+{+add-header{DNT: 1}}
+/
@@ -1201,7 +1278,7 @@
Type:
-

Parameterized.

+

Multi-value.

Parameter:
@@ -1277,7 +1354,7 @@
Type:
-

Parameterized.

+

Multi-value.

Parameter:
@@ -1999,9 +2076,104 @@ problem-host.example.com
+
+

8.5.14. external-filter

+ +
+
+
Typical use:
+ +
+

Modify content using a programming language of your + choice.

+
+ +
Effect:
+ +
+

All instances of text-based type, most notably HTML and + JavaScript, to which this action applies, can be filtered + on-the-fly through the specified external filter. By default + plain text documents are exempted from filtering, because web + servers often use the text/plain MIME + type for all files whose type they don't know.)

+
+ +
Type:
+ +
+

Multi-value.

+
+ +
Parameter:
+ +
+

The name of an external content filter, as defined in the + filter file. External filters + can be defined in one or more files as defined by the + filterfile option in the + config file.

+ +

When used in its negative form, and without parameters, + all + filtering with external filters is completely disabled.

+
+ +
Notes:
+ +
+

External filters are scripts or programs that can modify the + content in case common filters aren't powerful + enough. With the exception that this action doesn't use + pcrs-based filters, the notes in the filter + section apply.

+ +
+ + + + + + + + +
Warning
+

Currently external filters are executed with + Privoxy's privileges. + Only use external filters you understand and trust.

+
+
+ +

This feature is experimental, the syntax may + change in the future.

+
+ +
Example usage:
+ +
+ + + + +
+ 
++external-filter{fancy-filter}
+
+
+
+
+
+
+

8.5.14. fast-redirects

+ "FAST-REDIRECTS">8.5.15. fast-redirects
@@ -2123,7 +2295,7 @@ problem-host.example.com
-

8.5.15. +

8.5.16. filter

@@ -2151,7 +2323,7 @@ problem-host.example.com
Type:
-

Parameterized.

+

Multi-value.

Parameter:
@@ -2597,7 +2769,7 @@ problem-host.example.com

8.5.16. force-text-mode

+ "FORCE-TEXT-MODE">8.5.17. force-text-mode

@@ -2678,7 +2850,7 @@ problem-host.example.com

8.5.17. forward-override

+ "FORWARD-OVERRIDE">8.5.18. forward-override
@@ -2699,7 +2871,7 @@ problem-host.example.com
Type:
-

Multi-value.

+

Parameterized.

Parameter:
@@ -2738,6 +2910,30 @@ problem-host.example.com "forward-socks5" for socks5 connections (with remote DNS resolution).

+ +
  • +

    "forward-webserver + 127.0.0.1:80" to use the HTTP server listening at + 127.0.0.1 port 80 without adjusting the request + headers.

    + +

    This makes it more convenient to use Privoxy to make + existing websites available as onion services as well.

    + +

    Many websites serve content with hardcoded URLs and + can't be easily adjusted to change the domain based on the + one used by the client.

    + +

    Putting Privoxy between Tor and the webserver (or an + stunnel that forwards to the webserver) allows to rewrite + headers and content to make client and server happy at the + same time.

    + +

    Using Privoxy for webservers that are only reachable + through onion addresses and whose location is supposed to + be secret is not recommended and should not be necessary + anyway.

    +
    • @@ -2767,7 +2963,9 @@ problem-host.example.com

    If the ports are missing or invalid, default values will be used. This might change in the future and you shouldn't rely on it. Otherwise incorrect syntax causes - Privoxy to exit.

    + Privoxy to exit. Due to design limitations, invalid + parameter syntax isn't detected until the action is + used the first time.

    Use the 

    -# Always use direct connections for requests previously tagged as
+# Use an ssh tunnel for requests previously tagged as
 # "User-Agent: fetch libfetch/2.0" and make sure
 # resuming downloads continues to work.
+#
 # This way you can continue to use Tor for your normal browsing,
 # without overloading the Tor network with your FreeBSD ports updates
 # or downloads of bigger files like ISOs.
+#
 # Note that HTTP headers are easy to fake and therefore their
 # values are as (un)trustworthy as your clients and users.
-{+forward-override{forward .} \
+{+forward-override{forward-socks5 10.0.0.2:2222 .} \
  -hide-if-modified-since      \
  -overwrite-last-modified     \
 }
@@ -2811,7 +3011,7 @@ TAG:^User-Agent: fetch libfetch/2\.0$
 
       
    
         
    8.5.18. handle-as-empty-document
    
+        "HANDLE-AS-EMPTY-DOCUMENT">8.5.19. handle-as-empty-document
 
         
    
           
    
@@ -2889,7 +3089,7 @@ example.org/.*\.js$
 
       
    
         
    8.5.19. handle-as-image
    
+        "HANDLE-AS-IMAGE">8.5.20. handle-as-image
 
         
    
           
    
@@ -2978,7 +3178,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
 
       
    
         
    8.5.20. hide-accept-language
    
+        "HIDE-ACCEPT-LANGUAGE">8.5.21. hide-accept-language
 
         
    
           
    
@@ -3058,7 +3258,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
 
       
    
         
    8.5.21. hide-content-disposition
    
+        "HIDE-CONTENT-DISPOSITION">8.5.22. hide-content-disposition
 
         
    
           
    
@@ -3144,7 +3344,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
 
       
    
         
    8.5.22. hide-if-modified-since
    
+        "HIDE-IF-MODIFIED-SINCE">8.5.23. hide-if-modified-since
 
         
    
           
    
@@ -3231,7 +3431,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
 
       
    
         
    8.5.23. hide-from-header
    
+        "HIDE-FROM-HEADER">8.5.24. hide-from-header
 
         
    
           
    
@@ -3306,7 +3506,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
       
    
 
       
    
-        
    8.5.24.
+        
    8.5.25.
         hide-referrer
    
 
         
    
@@ -3426,7 +3626,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
 
       
    
         
    8.5.25. hide-user-agent
    
+        "HIDE-USER-AGENT">8.5.26. hide-user-agent
    
 
         
    
           
    
@@ -3515,7 +3715,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
       
    
 
       
    
-        
    8.5.26.
+        
    8.5.27.
         limit-connect
    
 
         
    
@@ -3596,7 +3796,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
 
       
    
         
    8.5.27. limit-cookie-lifetime
    
+        "LIMIT-COOKIE-LIFETIME">8.5.28. limit-cookie-lifetime
    
 
         
    
           
    
@@ -3678,7 +3878,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
 
       
    
         
    8.5.28. prevent-compression
    
+        "PREVENT-COMPRESSION">8.5.29. prevent-compression
 
         
    
           
    
@@ -3782,7 +3982,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
 
       
    
         
    8.5.29. overwrite-last-modified
    
+        "OVERWRITE-LAST-MODIFIED">8.5.30. overwrite-last-modified
 
         
    
           
    
@@ -3878,7 +4078,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
       
    
 
       
    
-        
    8.5.30.
+        
    8.5.31.
         redirect
    
 
         
    
@@ -3920,11 +4120,15 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
               
    The syntax for pcrs commands is documented in the filter file section.
    
 
-              
    This action will be ignored if you use it together with
-              block. It can be combined
-              with fast-redirects{check-decoded-url}
+              
    Requests can't be blocked and redirected at the same time,
+              applying this action together with block is a configuration
+              error. Currently the request is blocked and an error message
+              logged, the behavior may change in the future and result in
+              Privoxy rejecting the action file.
    
+
+              
    This action can be combined with fast-redirects{check-decoded-url}
               to redirect to a decoded version of a rewritten URL.
    
 
               
    Use this action carefully, make sure not to create
@@ -3950,7 +4154,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
 # Create a short, easy to remember nickname for a favorite site
 # (relies on the browser to accept and forward invalid URLs to Privoxy)
-{ +redirect{http://www.privoxy.org/user-manual/actions-file.html} }
+{ +redirect{https://www.privoxy.org/user-manual/actions-file.html} }
  a
 
 # Always use the expanded view for Undeadly.org articles
@@ -3967,6 +4171,19 @@ undeadly.org/cgi\?action=article&sid=\d*$
 {+redirect{s@^http://[^/]*/results\.aspx\?q=([^&]*).*@http://search.yahoo.com/search?p=$1@}}
 search.msn.com//results\.aspx\?q=
 
+# Redirect http://example.com/&bla=fasel&toChange=foo (and any other value but "bar")
+# to       http://example.com/&bla=fasel&toChange=bar
+#
+# The URL pattern makes sure that the following request isn't redirected again.
+{+redirect{s@toChange=[^&]+@toChange=bar@}}
+example.com/.*toChange=(?!bar)
+
+# Add a shortcut to look up illumos bugs
+{+redirect{s@^http://i([0-9]+)/.*@https://www.illumos.org/issues/$1@}}
+# Redirected URL = http://i4974/
+# Redirect Destination = https://www.illumos.org/issues/4974
+i[0-9][0-9][0-9][0-9]*/
+
 # Redirect remote requests for this manual
 # to the local version delivered by Privoxy
 {+redirect{s@^http://www@http://config@}}
@@ -3982,7 +4199,7 @@ www.privoxy.org/user-manual/
 
       
    
         
    8.5.31. server-header-filter
    
+        "SERVER-HEADER-FILTER">8.5.32. server-header-filter
    
 
         
    
           
    
@@ -4003,7 +4220,7 @@ www.privoxy.org/user-manual/
             
    Type:
    
 
             
    
-              
    Parameterized.
    
+              
    Multi-value.
    
             
    
 
             
    Parameter:
    
@@ -4054,7 +4271,7 @@ example.org/instance-that-is-delivered-as-xml-but-is-not
 
       
    
         
    8.5.32. server-header-tagger
    
+        "SERVER-HEADER-TAGGER">8.5.33. server-header-tagger
 
         
    
           
    
@@ -4076,7 +4293,7 @@ example.org/instance-that-is-delivered-as-xml-but-is-not
             
    Type:
    
 
             
    
-              
    Parameterized.
    
+              
    Multi-value.
    
             
    
 
             
    Parameter:
    
@@ -4116,6 +4333,15 @@ example.org/instance-that-is-delivered-as-xml-but-is-not
 {+server-header-tagger{content-type}}
 /
 
+# If the response has a tag starting with 'image/' enable an external
+# filter that only applies to images.
+#
+# Note that the filter is not available by default, it's just a
+# silly example.
+{+external-filter{rotate-image} +force-text-mode}
+TAG:^image/
+
    @@ -4127,7 +4353,7 @@ example.org/instance-that-is-delivered-as-xml-but-is-not

    8.5.33. session-cookies-only

    + "SESSION-COOKIES-ONLY">8.5.34. session-cookies-only
    @@ -4225,7 +4451,7 @@ example.org/instance-that-is-delivered-as-xml-but-is-not

    8.5.34. set-image-blocker

    + "SET-IMAGE-BLOCKER">8.5.35. set-image-blocker
    @@ -4364,7 +4590,7 @@ example.org/instance-that-is-delivered-as-xml-but-is-not
    -

    8.5.35. +

    8.5.36. Summary

    Note that many of these actions have the potential to cause a page @@ -4523,7 +4749,7 @@ example.org/instance-that-is-delivered-as-xml-but-is-not together:

    -

    8.7.1. +

    8.7.1. match-all.action

    Remember all actions @@ -4572,7 +4798,7 @@ example.org/instance-that-is-delivered-as-xml-but-is-not

    -

    8.7.2. +

    8.7.2. default.action

    If you aren't a developer, there's no need for you to edit the @@ -4915,7 +5141,7 @@ wiki.

    -

    8.7.3. +

    8.7.3. user.action

    So far we are painting with a broad brush by setting general