X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=doc%2Fwebserver%2Fuser-manual%2Fconfig.html;h=532657350d8820798c2d798d7931d3fdd5bb1a69;hp=3037bc6c355f94e89093f923d781ecf8cf3be208;hb=3f970a064dc22c089ae2e9c78ef7ce8539908bdd;hpb=694302ba33c361b948db3ab1f17d77dc7eb6e9b6 diff --git a/doc/webserver/user-manual/config.html b/doc/webserver/user-manual/config.html index 3037bc6c..53265735 100644 --- a/doc/webserver/user-manual/config.html +++ b/doc/webserver/user-manual/config.html @@ -4,7 +4,7 @@ The Main Configuration File - + @@ -15,7 +15,7 @@
- + @@ -550,7 +550,7 @@ 
  debug     1 # Log the destination for each request. See also debug 1024.
   debug     2 # show each connection status
-  debug     4 # show I/O status
+  debug     4 # show tagging-related messages
   debug     8 # show header parsing
   debug    16 # log all data written to the network
   debug    32 # debug force feature
@@ -694,7 +694,8 @@
               whenever the IP address is assigned to the system

               
IPv6 addresses containing colons have to be quoted by brackets. They can only be used if Privoxy has been compiled with IPv6 support. If you aren't sure if your version
-              supports it, have a look at http://config.privoxy.org/show-status.

+              supports it, have a look at http://config.privoxy.org/show-status.

               
Some operating systems will prefer IPv6 to IPv4 addresses even if the system has no IPv6 connectivity
               which is usually not expected by the user. Some even rely on DNS to resolve localhost which mean the
               "localhost" address used may not actually be local.

@@ -2179,7 +2180,8 @@
               headers will be emitted in the order given, headers whose name isn't explicitly specified are added at
               the end.

               
Note that sorting headers in an uncommon way will make fingerprinting actually easier. Encrypted
-              headers are not affected by this directive.

+              headers are not affected by this directive unless https-inspection is enabled.

             
           
         
@@ -2203,18 +2205,6 @@
             
             
Notes:

             

-              

-
Privoxy 3.0.29 User ManualPrivoxy 3.0.30 User Manual
Prev
- - - - - - -
Warning
-

This is an experimental feature. The syntax is likely to change in future versions.

-
-

Client-specific tags allow Privoxy admins to create different profiles and let the users chose which one they want without impacting other users.

One use case is allowing users to circumvent certain blocks without having to allow them to circumvent @@ -2232,7 +2222,7 @@

Clients can request tags to be set by using the CGI interface http://config.privoxy.org/client-tags. The specific tag description is only used on the web page and should be phrased in away that the user - understand the effect of the tag.

+ understands the effect of the tag.

Examples:
@@ -2242,7 +2232,12 @@ 
    # Define a couple of tags, the described effect requires action sections
     # that are enabled based on CLIENT-TAG patterns.
     client-specific-tag circumvent-blocks Overrule blocks but do not affect other actions
-    client-specific-tag disable-content-filters Disable content-filters but do not affect other actions
+ client-specific-tag disable-content-filters Disable content-filters but do not affect other actions + client-specific-tag overrule-redirects Overrule redirect sections + client-specific-tag allow-cookies Do not crunch cookies in either direction + client-specific-tag change-tor-socks-port Change forward-socks5 settings to use a different Tor socks port (and circuits) + client-specific-tag no-https-inspection Disable HTTPS inspection + client-specific-tag no-tls-verification Don't verify certificates when http-inspection is enabled @@ -2268,18 +2263,6 @@
Notes:
-
- - - - - - - -
Warning
-

This is an experimental feature. The syntax is likely to change in future versions.

-
-

In case of some tags users may not want to enable them permanently, but only for a short amount of time, for example to circumvent a block that is the result of an overly-broad URL pattern.

The CGI interface

Notes:
-
- - - - - - - -
Warning
-

This is an experimental feature. The syntax is likely to change in future versions.

-
-

If clients reach Privoxy through another proxy, for example a load balancer, Privoxy can't tell the client's IP address from the connection. If multiple clients use the same proxy, they will share the same client tag settings which is usually not desired.

@@ -2408,8 +2379,10 @@

7.7. HTTPS Inspection (Experimental)

-

HTTPS inspection allows to filter encrypted requests. This is only supported when Privoxy has been built with FEATURE_HTTPS_INSPECTION.

+

HTTPS inspection allows to filter encrypted requests and responses. This is only supported when Privoxy has been built with FEATURE_HTTPS_INSPECTION. If you aren't sure if your version + supports it, have a look at http://config.privoxy.org/show-status.

7.7.1. ca-directory

@@ -2472,8 +2445,8 @@ target="_top">https-inspection action.

Privoxy clients should import the certificate so that they can validate the generated certificates.

-

The file can be generated with: openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out - cacert.crt -days 3650

+

The file can be generated with: openssl req -new -x509 -extensions v3_ca -keyout + cakey.pem -out cacert.crt -days 3650

Example:
@@ -2504,8 +2477,9 @@
Notes:
-

This directive specifies the name of the CA key file in ".pem" format. See the ca-cert-file for a command to generate it.

+

This directive specifies the name of the CA key file in ".pem" format. The ca-cert-file section contains a command to generate it.

+

Access to the key should be limited to Privoxy.

Example:
@@ -2748,8 +2722,9 @@ AES128-SHA

This directive specifies the trusted CAs file that is used when validating certificates for intercepted TLS/SSL requests.

-

An example file can be downloaded from https://curl.haxx.se/ca/cacert.pem.

+

An example file can be downloaded from https://curl.se/ca/cacert.pem. If you want to create the file yourself, please see: https://curl.se/docs/caextract.html.

Example: