X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=doc%2Fwebserver%2Fuser-manual%2Factions-file.html;h=f78109e2f4808806fada3d9ad0e7b242a4a976bc;hp=5a3ac071b1ae0c7b8b894407e5f13bee20de6bd8;hb=7d0d8bdd53947864c64d968062ca132b65f2e162;hpb=4fef8970e4e382c21598949e7b035e596a4a8048 diff --git a/doc/webserver/user-manual/actions-file.html b/doc/webserver/user-manual/actions-file.html index 5a3ac071..f78109e2 100644 --- a/doc/webserver/user-manual/actions-file.html +++ b/doc/webserver/user-manual/actions-file.html @@ -6,7 +6,7 @@ Actions Files - + @@ -21,7 +21,7 @@ - + @@ -117,7 +117,7 @@ in default.action are:

- +

Table 1. Default Configurations

@@ -314,8 +314,8 @@ actions.

-

8.1. Finding the Right - Mix

+

8.1. Finding the + Right Mix

Note that some actions, like cookie suppression or script disabling, may render some sites unusable @@ -339,7 +339,7 @@

-

8.2. How to +

8.2. How to Edit

The easiest way to edit the actions files is with a browser by using @@ -430,8 +430,8 @@ and potentially match against many similar patterns.

Generally, an URL pattern has the form <domain><port>/<path>, where the - <domain>, the <host><port>/<path>, where the + <host>, the <port> and the <path> are optional. (This is why the special / pattern matches all URLs). Note that the @@ -440,15 +440,15 @@ "EMPHASIS">not be included in the pattern. This is assumed already!

-

The pattern matching syntax is different for the domain and path - parts of the URL. The domain part uses a simple globbing type matching +

The pattern matching syntax is different for the host and path parts + of the URL. The host part uses a simple globbing type matching technique, while the path part uses more flexible "Regular Expressions" (POSIX 1003.2).

The port part of a pattern is a decimal port number preceded by a - colon (:). If the domain part contains a + colon (:). If the host part contains a numerical IPv6 address, it has to be put into angle brackets (<, >).

@@ -457,7 +457,7 @@
www.example.com/
-

is a domain-only pattern and will match any request to +

is a host-only pattern and will match any request to www.example.com, regardless of which document on that server is requested. So ALL pages in this domain would be covered by the scope of this action. Note that a simple @@ -468,7 +468,7 @@

www.example.com
-

means exactly the same. For domain-only patterns, the trailing +

means exactly the same. For host-only patterns, the trailing / may be omitted.

@@ -510,6 +510,14 @@

Matches any URL pointing to TCP port 8000.

+
10.0.0.1/
+ +
+

Matches any URL with the host address 10.0.0.1. (Note that the real URL uses plain + brackets, not angle brackets.)

+
+
<2001:db8::1>/
@@ -529,12 +537,14 @@

-

8.4.1. The Domain - Pattern

+

8.4.1. The + Host Pattern

-

The matching of the domain part offers some flexible options: if - the domain starts or ends with a dot, it becomes unanchored at that - end. For example:

+

The matching of the host part offers some flexible options: if the + host pattern starts or ends with a dot, it becomes unanchored at that + end. The host pattern is often referred to as domain pattern as it is + usually used to match domain names and not IP addresses. For + example:

@@ -634,8 +644,8 @@
-

8.4.2. The Path - Pattern

+

8.4.2. The + Path Pattern

Privoxy uses "modern" POSIX 1003.2

8.4.3. The - Tag Pattern

+ Request Tag Pattern -

Tag patterns are used to change the applying actions based on the - request's tags. Tags can be created with either the Request tag patterns are used to change the applying actions based + on the request's tags. Tags can be created based on HTTP headers with + either the client-header-tagger or the server-header-tagger action.

-

Tag patterns have to start with "TAG:", - so Privoxy can tell them apart from - URL patterns. Everything after the colon including white space, is - interpreted as a regular expression with path pattern syntax, except - that tag patterns aren't left-anchored automatically (Privoxy doesn't silently add a "^", you have to do it yourself if you need it).

+

Request tag patterns have to start with "TAG:", so Privoxy + can tell them apart from other patterns. Everything after the colon + including white space, is interpreted as a regular expression with + path pattern syntax, except that tag patterns aren't left-anchored + automatically (Privoxy doesn't + silently add a "^", you have to do it + yourself if you need it).

To match all requests that are tagged with "foo" your pattern line should be "TAG: foo" wouldn't work as it requires white space.

-

Sections can contain URL and tag patterns at the same time, but - tag patterns are checked after the URL patterns and thus always - overrule them, even if they are located before the URL patterns.

+

Sections can contain URL and request tag patterns at the same + time, but request tag patterns are checked after the URL patterns and + thus always overrule them, even if they are located before the URL + patterns.

-

Once a new tag is added, Privoxy checks right away if it's matched - by one of the tag patterns and updates the action settings - accordingly. As a result tags can be used to activate other tagger - actions, as long as these other taggers look for headers that haven't - already be parsed.

+

Once a new request tag is added, Privoxy checks right away if it's + matched by one of the request tag patterns and updates the action + settings accordingly. As a result request tags can be used to + activate other tagger actions, as long as these other taggers look + for headers that haven't already be parsed.

For example you could tag client requests which use the POST method, then use this tag to activate another @@ -784,6 +797,89 @@ indirection is seldom needed anyway and even the example doesn't make too much sense.

+ +
+

8.4.4. The Negative Request Tag + Patterns

+ +

To match requests that do not have a certain request tag, specify + a negative tag pattern by prefixing the tag pattern line with either + "NO-REQUEST-TAG:" or "NO-RESPONSE-TAG:" instead of "TAG:".

+ +

Negative request tag patterns created with "NO-REQUEST-TAG:" are checked after all client headers + are scanned, the ones created with "NO-RESPONSE-TAG:" are checked after all server + headers are scanned. In both cases all the created tags are + considered.

+
+ +
+

8.4.5. The Client Tag Pattern

+ +
+
Privoxy 3.0.20 User ManualPrivoxy 3.0.26 User Manual
+ + + + + + + +
Warning
+

This is an experimental feature. The syntax is likely to + change in future versions.

+
+ + +

Client tag patterns are not set based on HTTP headers but based on + the client's IP address. Users can enable them themselves, but the + Privoxy admin controls which tags are available and what their effect + is.

+ +

After a client-specific tag has been defined with the client-specific-tag, directive, + action sections can be activated based on the tag by using a + CLIENT-TAG pattern. The CLIENT-TAG pattern is evaluated at the same + priority as URL patterns, as a result the last matching pattern wins. + Tags that are created based on client or server headers are evaluated + later on and can overrule CLIENT-TAG and URL patterns!

+ +

The tag is set for all requests that come from clients that + requested it to be set. Note that "clients" are differentiated by IP + address, if the IP address changes the tag has to be requested + again.

+ +

Clients can request tags to be set by using the CGI interface + http://config.privoxy.org/client-tags.

+ +

Example:

+ + + + + +
+ 
+# If the admin defined the client-specific-tag circumvent-blocks,
+# and the request comes from a client that previously requested
+# the tag to be set, overrule all previous +block actions that
+# are enabled based on URL to CLIENT-TAG patterns.
+{-block}
+CLIENT-TAG:^circumvent-blocks$
+
+# This section is not overruled because it's located after
+# the previous one.
+{+block{Nobody is supposed to request this.}}
+example.org/blocked-example-page
+
+
+
@@ -968,7 +1064,16 @@ 
-+add-header{X-User-Tracking: sucks}
+# Add a DNT ("Do not track") header to all requests,
+# event to those that already have one.
+#
+# This is just an example, not a recommendation.
+#
+# There is no reason to believe that user-tracking websites care
+# about the DNT header and depending on the User-Agent, adding the
+# header may make user-tracking easier.
+{+add-header{DNT: 1}}
+/
@@ -1173,7 +1278,7 @@
Type:
-

Parameterized.

+

Multi-value.

Parameter:
@@ -1249,7 +1354,7 @@
Type:
-

Parameterized.

+

Multi-value.

Parameter:
@@ -1971,9 +2076,104 @@ problem-host.example.com
+
+

8.5.14. external-filter

+ +
+
+
Typical use:
+ +
+

Modify content using a programming language of your + choice.

+
+ +
Effect:
+ +
+

All instances of text-based type, most notably HTML and + JavaScript, to which this action applies, can be filtered + on-the-fly through the specified external filter. By default + plain text documents are exempted from filtering, because web + servers often use the text/plain MIME + type for all files whose type they don't know.)

+
+ +
Type:
+ +
+

Multi-value.

+
+ +
Parameter:
+ +
+

The name of an external content filter, as defined in the + filter file. External filters + can be defined in one or more files as defined by the + filterfile option in the + config file.

+ +

When used in its negative form, and without parameters, + all + filtering with external filters is completely disabled.

+
+ +
Notes:
+ +
+

External filters are scripts or programs that can modify the + content in case common filters aren't powerful + enough. With the exception that this action doesn't use + pcrs-based filters, the notes in the filter + section apply.

+ +
+ + + + + + + + +
Warning
+

Currently external filters are executed with + Privoxy's privileges. + Only use external filters you understand and trust.

+
+
+ +

This feature is experimental, the syntax may + change in the future.

+
+ +
Example usage:
+ +
+ + + + +
+ 
++external-filter{fancy-filter}
+
+
+
+
+
+
+

8.5.14. fast-redirects

+ "FAST-REDIRECTS">8.5.15. fast-redirects
@@ -2095,7 +2295,7 @@ problem-host.example.com
-

8.5.15. +

8.5.16. filter

@@ -2123,7 +2323,7 @@ problem-host.example.com
Type:
-

Parameterized.

+

Multi-value.

Parameter:
@@ -2241,7 +2441,7 @@ problem-host.example.com 
-+filter{js-events}           # Kill all JS event bindings and timers (Radically destructive! Only for extra nasty sites).
++filter{js-events}           # Kill JavaScript event bindings and timers (Radically destructive! Only for extra nasty sites).
@@ -2280,7 +2480,7 @@ problem-host.example.com 
-+filter{refresh-tags}        # Kill automatic refresh tags (for dial-on-demand setups).
++filter{refresh-tags}        # Kill automatic refresh tags if refresh time is larger than 9 seconds.
@@ -2293,7 +2493,7 @@ problem-host.example.com 
-+filter{unsolicited-popups}  # Disable only unsolicited pop-up windows. Useful if your browser lacks this ability.
++filter{unsolicited-popups}  # Disable only unsolicited pop-up windows.
@@ -2305,7 +2505,7 @@ problem-host.example.com 
-+filter{all-popups}          # Kill all popups in JavaScript and HTML. Useful if your browser lacks this ability.
++filter{all-popups}          # Kill all popups in JavaScript and HTML.
@@ -2401,6 +2601,18 @@ problem-host.example.com +

+ + + + + +
+ 
++filter{iframes}             # Removes all detected iframes. Should only be enabled for individual sites.
+
+
+

@@ -2557,7 +2769,7 @@ problem-host.example.com

8.5.16. force-text-mode

+ "FORCE-TEXT-MODE">8.5.17. force-text-mode

@@ -2638,7 +2850,7 @@ problem-host.example.com

8.5.17. forward-override

+ "FORWARD-OVERRIDE">8.5.18. forward-override
@@ -2659,7 +2871,7 @@ problem-host.example.com
Type:
-

Multi-value.

+

Parameterized.

Parameter:
@@ -2698,6 +2910,30 @@ problem-host.example.com "forward-socks5" for socks5 connections (with remote DNS resolution).

+ +
  • +

    "forward-webserver + 127.0.0.1:80" to use the HTTP server listening at + 127.0.0.1 port 80 without adjusting the request + headers.

    + +

    This makes it more convenient to use Privoxy to make + existing websites available as onion services as well.

    + +

    Many websites serve content with hardcoded URLs and + can't be easily adjusted to change the domain based on the + one used by the client.

    + +

    Putting Privoxy between Tor and the webserver (or an + stunnel that forwards to the webserver) allows to rewrite + headers and content to make client and server happy at the + same time.

    + +

    Using Privoxy for webservers that are only reachable + through onion addresses and whose location is supposed to + be secret is not recommended and should not be necessary + anyway.

    +
    • @@ -2727,7 +2963,9 @@ problem-host.example.com

    If the ports are missing or invalid, default values will be used. This might change in the future and you shouldn't rely on it. Otherwise incorrect syntax causes - Privoxy to exit.

    + Privoxy to exit. Due to design limitations, invalid + parameter syntax isn't detected until the action is + used the first time.

    Use the 

    -# Always use direct connections for requests previously tagged as
+# Use an ssh tunnel for requests previously tagged as
 # "User-Agent: fetch libfetch/2.0" and make sure
 # resuming downloads continues to work.
+#
 # This way you can continue to use Tor for your normal browsing,
 # without overloading the Tor network with your FreeBSD ports updates
 # or downloads of bigger files like ISOs.
+#
 # Note that HTTP headers are easy to fake and therefore their
 # values are as (un)trustworthy as your clients and users.
-{+forward-override{forward .} \
+{+forward-override{forward-socks5 10.0.0.2:2222 .} \
  -hide-if-modified-since      \
  -overwrite-last-modified     \
 }
@@ -2771,7 +3011,7 @@ TAG:^User-Agent: fetch libfetch/2\.0$
 
       
    
         
    8.5.18. handle-as-empty-document
    
+        "HANDLE-AS-EMPTY-DOCUMENT">8.5.19. handle-as-empty-document
 
         
    
           
    
@@ -2849,7 +3089,7 @@ example.org/.*\.js$
 
       
    
         
    8.5.19. handle-as-image
    
+        "HANDLE-AS-IMAGE">8.5.20. handle-as-image
 
         
    
           
    
@@ -2938,7 +3178,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
 
       
    
         
    8.5.20. hide-accept-language
    
+        "HIDE-ACCEPT-LANGUAGE">8.5.21. hide-accept-language
 
         
    
           
    
@@ -3018,7 +3258,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
 
       
    
         
    8.5.21. hide-content-disposition
    
+        "HIDE-CONTENT-DISPOSITION">8.5.22. hide-content-disposition
 
         
    
           
    
@@ -3104,7 +3344,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
 
       
    
         
    8.5.22. hide-if-modified-since
    
+        "HIDE-IF-MODIFIED-SINCE">8.5.23. hide-if-modified-since
 
         
    
           
    
@@ -3191,7 +3431,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
 
       
    
         
    8.5.23. hide-from-header
    
+        "HIDE-FROM-HEADER">8.5.24. hide-from-header
 
         
    
           
    
@@ -3266,7 +3506,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
       
    
 
       
    
-        
    8.5.24.
+        
    8.5.25.
         hide-referrer
    
 
         
    
@@ -3386,7 +3626,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
 
       
    
         
    8.5.25. hide-user-agent
    
+        "HIDE-USER-AGENT">8.5.26. hide-user-agent
    
 
         
    
           
    
@@ -3475,7 +3715,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
       
    
 
       
    
-        
    8.5.26.
+        
    8.5.27.
         limit-connect
    
 
         
    
@@ -3556,7 +3796,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
 
       
    
         
    8.5.27. limit-cookie-lifetime
    
+        "LIMIT-COOKIE-LIFETIME">8.5.28. limit-cookie-lifetime
    
 
         
    
           
    
@@ -3638,7 +3878,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
 
       
    
         
    8.5.28. prevent-compression
    
+        "PREVENT-COMPRESSION">8.5.29. prevent-compression
 
         
    
           
    
@@ -3742,7 +3982,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
 
       
    
         
    8.5.29. overwrite-last-modified
    
+        "OVERWRITE-LAST-MODIFIED">8.5.30. overwrite-last-modified
 
         
    
           
    
@@ -3838,7 +4078,7 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
       
    
 
       
    
-        
    8.5.30.
+        
    8.5.31.
         redirect
    
 
         
    
@@ -3880,11 +4120,15 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
               
    The syntax for pcrs commands is documented in the filter file section.
    
 
-              
    This action will be ignored if you use it together with
-              block. It can be combined
-              with fast-redirects{check-decoded-url}
+              
    Requests can't be blocked and redirected at the same time,
+              applying this action together with block is a configuration
+              error. Currently the request is blocked and an error message
+              logged, the behavior may change in the future and result in
+              Privoxy rejecting the action file.
    
+
+              
    This action can be combined with fast-redirects{check-decoded-url}
               to redirect to a decoded version of a rewritten URL.
    
 
               
    Use this action carefully, make sure not to create
@@ -3908,9 +4152,9 @@ nasty-banner-server.example.com/junk.cgi\?output=trash
  example.com/stylesheet\.css
 
 # Create a short, easy to remember nickname for a favorite site
-# (relies on the browser accept and forward invalid URLs to Privoxy)
-{ +redirect{http://www.privoxy.org/user-manual/actions-file.html} }
+{ +redirect{https://www.privoxy.org/user-manual/actions-file.html} }
  a
 
 # Always use the expanded view for Undeadly.org articles
@@ -3927,6 +4171,19 @@ undeadly.org/cgi\?action=article&sid=\d*$
 {+redirect{s@^http://[^/]*/results\.aspx\?q=([^&]*).*@http://search.yahoo.com/search?p=$1@}}
 search.msn.com//results\.aspx\?q=
 
+# Redirect http://example.com/&bla=fasel&toChange=foo (and any other value but "bar")
+# to       http://example.com/&bla=fasel&toChange=bar
+#
+# The URL pattern makes sure that the following request isn't redirected again.
+{+redirect{s@toChange=[^&]+@toChange=bar@}}
+example.com/.*toChange=(?!bar)
+
+# Add a shortcut to look up illumos bugs
+{+redirect{s@^http://i([0-9]+)/.*@https://www.illumos.org/issues/$1@}}
+# Redirected URL = http://i4974/
+# Redirect Destination = https://www.illumos.org/issues/4974
+i[0-9][0-9][0-9][0-9]*/
+
 # Redirect remote requests for this manual
 # to the local version delivered by Privoxy
 {+redirect{s@^http://www@http://config@}}
@@ -3942,7 +4199,7 @@ www.privoxy.org/user-manual/
 
       
    
         
    8.5.31. server-header-filter
    
+        "SERVER-HEADER-FILTER">8.5.32. server-header-filter
    
 
         
    
           
    
@@ -3963,7 +4220,7 @@ www.privoxy.org/user-manual/
             
    Type:
    
 
             
    
-              
    Parameterized.
    
+              
    Multi-value.
    
             
    
 
             
    Parameter:
    
@@ -4014,7 +4271,7 @@ example.org/instance-that-is-delivered-as-xml-but-is-not
 
       
    
         
    8.5.32. server-header-tagger
    
+        "SERVER-HEADER-TAGGER">8.5.33. server-header-tagger
 
         
    
           
    
@@ -4036,7 +4293,7 @@ example.org/instance-that-is-delivered-as-xml-but-is-not
             
    Type:
    
 
             
    
-              
    Parameterized.
    
+              
    Multi-value.
    
             
    
 
             
    Parameter:
    
@@ -4076,6 +4333,15 @@ example.org/instance-that-is-delivered-as-xml-but-is-not
 {+server-header-tagger{content-type}}
 /
 
+# If the response has a tag starting with 'image/' enable an external
+# filter that only applies to images.
+#
+# Note that the filter is not available by default, it's just a
+# silly example.
+{+external-filter{rotate-image} +force-text-mode}
+TAG:^image/
+
    @@ -4087,7 +4353,7 @@ example.org/instance-that-is-delivered-as-xml-but-is-not

    8.5.33. session-cookies-only

    + "SESSION-COOKIES-ONLY">8.5.34. session-cookies-only
    @@ -4185,7 +4451,7 @@ example.org/instance-that-is-delivered-as-xml-but-is-not

    8.5.34. set-image-blocker

    + "SET-IMAGE-BLOCKER">8.5.35. set-image-blocker
    @@ -4324,7 +4590,7 @@ example.org/instance-that-is-delivered-as-xml-but-is-not
    -

    8.5.35. +

    8.5.36. Summary

    Note that many of these actions have the potential to cause a page @@ -4483,7 +4749,7 @@ example.org/instance-that-is-delivered-as-xml-but-is-not together:

    -

    8.7.1. +

    8.7.1. match-all.action

    Remember all actions @@ -4532,7 +4798,7 @@ example.org/instance-that-is-delivered-as-xml-but-is-not

    -

    8.7.2. +

    8.7.2. default.action

    If you aren't a developer, there's no need for you to edit the @@ -4875,7 +5141,7 @@ wiki.

    -

    8.7.3. +

    8.7.3. user.action

    So far we are painting with a broad brush by setting general