X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=doc%2Fwebserver%2Fuser-manual%2Factions-file.html;h=f78109e2f4808806fada3d9ad0e7b242a4a976bc;hp=5a3ac071b1ae0c7b8b894407e5f13bee20de6bd8;hb=7d0d8bdd53947864c64d968062ca132b65f2e162;hpb=4fef8970e4e382c21598949e7b035e596a4a8048 diff --git a/doc/webserver/user-manual/actions-file.html b/doc/webserver/user-manual/actions-file.html index 5a3ac071..f78109e2 100644 --- a/doc/webserver/user-manual/actions-file.html +++ b/doc/webserver/user-manual/actions-file.html @@ -6,7 +6,7 @@
Privoxy 3.0.20 User Manual | +Privoxy 3.0.26 User Manual | |||||||||
---|---|---|---|---|---|---|---|---|---|---|
Warning | +
+ This is an experimental feature. The syntax is likely to + change in future versions. + |
+
Client tag patterns are not set based on HTTP headers but based on + the client's IP address. Users can enable them themselves, but the + Privoxy admin controls which tags are available and what their effect + is.
+ +After a client-specific tag has been defined with the client-specific-tag, directive, + action sections can be activated based on the tag by using a + CLIENT-TAG pattern. The CLIENT-TAG pattern is evaluated at the same + priority as URL patterns, as a result the last matching pattern wins. + Tags that are created based on client or server headers are evaluated + later on and can overrule CLIENT-TAG and URL patterns!
+ +The tag is set for all requests that come from clients that + requested it to be set. Note that "clients" are differentiated by IP + address, if the IP address changes the tag has to be requested + again.
+ +Clients can request tags to be set by using the CGI interface + http://config.privoxy.org/client-tags.
+ +Example:
+ +
+ +# If the admin defined the client-specific-tag circumvent-blocks, +# and the request comes from a client that previously requested +# the tag to be set, overrule all previous +block actions that +# are enabled based on URL to CLIENT-TAG patterns. +{-block} +CLIENT-TAG:^circumvent-blocks$ + +# This section is not overruled because it's located after +# the previous one. +{+block{Nobody is supposed to request this.}} +example.org/blocked-example-page ++ |
+
-+add-header{X-User-Tracking: sucks} +# Add a DNT ("Do not track") header to all requests, +# event to those that already have one. +# +# This is just an example, not a recommendation. +# +# There is no reason to believe that user-tracking websites care +# about the DNT header and depending on the User-Agent, adding the +# header may make user-tracking easier. +{+add-header{DNT: 1}} +/
Parameterized.
+Multi-value.
Parameterized.
+Multi-value.
Modify content using a programming language of your + choice.
+All instances of text-based type, most notably HTML and + JavaScript, to which this action applies, can be filtered + on-the-fly through the specified external filter. By default + plain text documents are exempted from filtering, because web + servers often use the text/plain MIME + type for all files whose type they don't know.)
+Multi-value.
+The name of an external content filter, as defined in the + filter file. External filters + can be defined in one or more files as defined by the + filterfile option in the + config file.
+ +When used in its negative form, and without parameters, + all + filtering with external filters is completely disabled.
+External filters are scripts or programs that can modify the + content in case common filters aren't powerful + enough. With the exception that this action doesn't use + pcrs-based filters, the notes in the filter + section apply.
+ +Warning | +
+ Currently external filters are executed with + Privoxy's privileges. + Only use external filters you understand and trust. + |
+
This feature is experimental, the syntax may + change in the future.
+
+ ++external-filter{fancy-filter} ++ |
+
Parameterized.
+Multi-value.
-+filter{js-events} # Kill all JS event bindings and timers (Radically destructive! Only for extra nasty sites). ++filter{js-events} # Kill JavaScript event bindings and timers (Radically destructive! Only for extra nasty sites).
-+filter{refresh-tags} # Kill automatic refresh tags (for dial-on-demand setups). ++filter{refresh-tags} # Kill automatic refresh tags if refresh time is larger than 9 seconds.
-+filter{unsolicited-popups} # Disable only unsolicited pop-up windows. Useful if your browser lacks this ability. ++filter{unsolicited-popups} # Disable only unsolicited pop-up windows.
-+filter{all-popups} # Kill all popups in JavaScript and HTML. Useful if your browser lacks this ability. ++filter{all-popups} # Kill all popups in JavaScript and HTML.
+ ++filter{iframes} # Removes all detected iframes. Should only be enabled for individual sites. ++ |
+
Multi-value.
+Parameterized.
"forward-webserver + 127.0.0.1:80" to use the HTTP server listening at + 127.0.0.1 port 80 without adjusting the request + headers.
+ +This makes it more convenient to use Privoxy to make + existing websites available as onion services as well.
+ +Many websites serve content with hardcoded URLs and + can't be easily adjusted to change the domain based on the + one used by the client.
+ +Putting Privoxy between Tor and the webserver (or an + stunnel that forwards to the webserver) allows to rewrite + headers and content to make client and server happy at the + same time.
+ +Using Privoxy for webservers that are only reachable + through onion addresses and whose location is supposed to + be secret is not recommended and should not be necessary + anyway.
+If the ports are missing or invalid, default values will be used. This might change in the future and you shouldn't rely on it. Otherwise incorrect syntax causes - Privoxy to exit.
+ Privoxy to exit. Due to design limitations, invalid + parameter syntax isn't detected until the action is + used the first time.-# Always use direct connections for requests previously tagged as +# Use an ssh tunnel for requests previously tagged as # "User-Agent: fetch libfetch/2.0" and make sure # resuming downloads continues to work. +# # This way you can continue to use Tor for your normal browsing, # without overloading the Tor network with your FreeBSD ports updates # or downloads of bigger files like ISOs. +# # Note that HTTP headers are easy to fake and therefore their # values are as (un)trustworthy as your clients and users. -{+forward-override{forward .} \ +{+forward-override{forward-socks5 10.0.0.2:2222 .} \ -hide-if-modified-since \ -overwrite-last-modified \ } @@ -2771,7 +3011,7 @@ TAG:^User-Agent: fetch libfetch/2\.0$8.5.18. handle-as-empty-document
+ "HANDLE-AS-EMPTY-DOCUMENT">8.5.19. handle-as-empty-document@@ -2849,7 +3089,7 @@ example.org/.*\.js$
8.5.19. handle-as-image
+ "HANDLE-AS-IMAGE">8.5.20. handle-as-image@@ -2938,7 +3178,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
8.5.20. hide-accept-language
+ "HIDE-ACCEPT-LANGUAGE">8.5.21. hide-accept-language@@ -3018,7 +3258,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
8.5.21. hide-content-disposition
+ "HIDE-CONTENT-DISPOSITION">8.5.22. hide-content-disposition@@ -3104,7 +3344,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
8.5.22. hide-if-modified-since
+ "HIDE-IF-MODIFIED-SINCE">8.5.23. hide-if-modified-since@@ -3191,7 +3431,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
8.5.23. hide-from-header
+ "HIDE-FROM-HEADER">8.5.24. hide-from-header@@ -3266,7 +3506,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
-8.5.24. +
8.5.25. hide-referrer
@@ -3386,7 +3626,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash8.5.25. hide-user-agent
+ "HIDE-USER-AGENT">8.5.26. hide-user-agent@@ -3475,7 +3715,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
-8.5.26. +
8.5.27. limit-connect
@@ -3556,7 +3796,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash8.5.27. limit-cookie-lifetime
+ "LIMIT-COOKIE-LIFETIME">8.5.28. limit-cookie-lifetime@@ -3638,7 +3878,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
8.5.28. prevent-compression
+ "PREVENT-COMPRESSION">8.5.29. prevent-compression@@ -3742,7 +3982,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
8.5.29. overwrite-last-modified
+ "OVERWRITE-LAST-MODIFIED">8.5.30. overwrite-last-modified@@ -3838,7 +4078,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
-8.5.30. +
8.5.31. redirect
@@ -3880,11 +4120,15 @@ nasty-banner-server.example.com/junk.cgi\?output=trashThe syntax for pcrs commands is documented in the filter file section.
-This action will be ignored if you use it together with - block. It can be combined - with fast-redirects{check-decoded-url} +
Requests can't be blocked and redirected at the same time, + applying this action together with block is a configuration + error. Currently the request is blocked and an error message + logged, the behavior may change in the future and result in + Privoxy rejecting the action file.
+ +This action can be combined with fast-redirects{check-decoded-url} to redirect to a decoded version of a rewritten URL.
Use this action carefully, make sure not to create @@ -3908,9 +4152,9 @@ nasty-banner-server.example.com/junk.cgi\?output=trash example.com/stylesheet\.css # Create a short, easy to remember nickname for a favorite site -# (relies on the browser accept and forward invalid URLs to Privoxy) -{ +redirect{http://www.privoxy.org/user-manual/actions-file.html} } +{ +redirect{https://www.privoxy.org/user-manual/actions-file.html} } a # Always use the expanded view for Undeadly.org articles @@ -3927,6 +4171,19 @@ undeadly.org/cgi\?action=article&sid=\d*$ {+redirect{s@^http://[^/]*/results\.aspx\?q=([^&]*).*@http://search.yahoo.com/search?p=$1@}} search.msn.com//results\.aspx\?q= +# Redirect http://example.com/&bla=fasel&toChange=foo (and any other value but "bar") +# to http://example.com/&bla=fasel&toChange=bar +# +# The URL pattern makes sure that the following request isn't redirected again. +{+redirect{s@toChange=[^&]+@toChange=bar@}} +example.com/.*toChange=(?!bar) + +# Add a shortcut to look up illumos bugs +{+redirect{s@^http://i([0-9]+)/.*@https://www.illumos.org/issues/$1@}} +# Redirected URL = http://i4974/ +# Redirect Destination = https://www.illumos.org/issues/4974 +i[0-9][0-9][0-9][0-9]*/ + # Redirect remote requests for this manual # to the local version delivered by Privoxy {+redirect{s@^http://www@http://config@}} @@ -3942,7 +4199,7 @@ www.privoxy.org/user-manual/
8.5.31. server-header-filter
+ "SERVER-HEADER-FILTER">8.5.32. server-header-filter@@ -3963,7 +4220,7 @@ www.privoxy.org/user-manual/
- Type:
- -
Parameterized.
+Multi-value.
- Parameter:
@@ -4014,7 +4271,7 @@ example.org/instance-that-is-delivered-as-xml-but-is-not8.5.32. server-header-tagger
+ "SERVER-HEADER-TAGGER">8.5.33. server-header-tagger@@ -4036,7 +4293,7 @@ example.org/instance-that-is-delivered-as-xml-but-is-not
- Type:
- -
Parameterized.
+Multi-value.
- Parameter:
@@ -4076,6 +4333,15 @@ example.org/instance-that-is-delivered-as-xml-but-is-not {+server-header-tagger{content-type}} / +# If the response has a tag starting with 'image/' enable an external +# filter that only applies to images. +# +# Note that the filter is not available by default, it's just a +# silly example. +{+external-filter{rotate-image} +force-text-mode} +TAG:^image/ +
Note that many of these actions have the potential to cause a page @@ -4483,7 +4749,7 @@ example.org/instance-that-is-delivered-as-xml-but-is-not together:
Remember all actions @@ -4532,7 +4798,7 @@ example.org/instance-that-is-delivered-as-xml-but-is-not