debug 1 # Log the destination for each request Privoxy let through. See also debug 1024.
+
debug 1 # Log the destination for each request. See also debug 1024.
debug 2 # show each connection status
debug 4 # show I/O status
debug 8 # show header parsing
@@ -689,7 +689,9 @@
If the address for the hostname isn't already known on the system (for example because it's in
/etc/hostname), this may result in DNS traffic.
If the specified address isn't available on the system, or if the hostname can't be resolved,
- Privoxy will fail to start.
+ Privoxy will fail to start. On GNU/Linux, and other platforms that can
+ listen on not yet assigned IP addresses, Privoxy will start and will listen on the specified address
+ whenever the IP address is assigned to the system
IPv6 addresses containing colons have to be quoted by brackets. They can only be used if Privoxy has been compiled with IPv6 support. If you aren't sure if your version
supports it, have a look at http://config.privoxy.org/show-status.
@@ -945,7 +947,7 @@
destination part are optional.
If your system implements RFC 3493,
then src_addr and dst_addr can be
- IPv6 addresses delimeted by brackets, port can be a number or a
+ IPv6 addresses delimited by brackets, port can be a number or a
service name, and src_masklen and dst_masklen can be a number from 0 to 128.
@@ -1154,6 +1156,8 @@
The "trusted-cgi-referer" option can be used to add that page, or the whole
domain, as trusted source so the resulting requests aren't rejected. Requests are accepted if the
specified trusted-cgi-refer is the prefix of the Referer.
+
If the trusted source is supposed to access the CGI pages via JavaScript the cors-allowed-origin option can be used.
A trusted website which can access Privoxy's CGI pages through
+ JavaScript.
+
+
Type of value:
+
+
URL
+
+
Default value:
+
+
Unset
+
+
Effect if unset:
+
+
No external sites get access via cross-origin resource sharing.
+
+
Notes:
+
+
Modern browsers by default prevent cross-origin requests made via JavaScript to Privoxy's CGI interface even if Privoxy would trust
+ the referer because it's white listed via the trusted-cgi-referer directive.
The "cors-allowed-origin" option can be used to specify a domain that is
+ allowed to make requests to Privoxy CGI interface via JavaScript. It is used in combination with the
+ trusted-cgi-referer directive.
+
+
+
+
Warning
+
+
+
+
Declaring domains the admin doesn't control trustworthy may allow malicious third parties to
+ modify Privoxy's internal state against the user's wishes and without the user's knowledge.
To chain Privoxy and Tor, both running on the same system, you would use something like:
@@ -1907,9 +1970,9 @@
Notes:
Under high load incoming connection may queue up before Privoxy gets around to serve them. The queue
- length is limitted by the operating system. Once the queue is full, additional connections are dropped
+ length is limited by the operating system. Once the queue is full, additional connections are dropped
before Privoxy can accept and serve them.
-
Increasing the queue length allows Privoxy to accept more incomming connections that arrive roughly at
+
Increasing the queue length allows Privoxy to accept more incoming connections that arrive roughly at
the same time.
Note that Privoxy can only request a certain queue length, whether or not the requested length is
actually used depends on the operating system which may use a different length instead.
@@ -2179,7 +2242,7 @@
# Define a couple of tags, the described effect requires action sections
# that are enabled based on CLIENT-TAG patterns.
client-specific-tag circumvent-blocks Overrule blocks but do not affect other actions
- disable-content-filters Disable content-filters but do not affect other actions
+ client-specific-tag disable-content-filters Disable content-filters but do not affect other actions
Directory to save generated keys and certificates.
+
+
Type of value:
+
+
Text
+
+
Default value:
+
+
./certs
+
+
Effect if unset:
+
+
Default value is used.
+
+
Notes:
+
+
This directive specifies the directory where generated TLS/SSL keys and certificates are saved when
+ https inspection is enabled with the https-inspection action.
+
The keys and certificates currently have to be deleted manually when changing the ca-cert-file and the ca-cert-key.
+
The permissions should only let Privoxy and the Privoxy admin access the directory.
+
+
+
+
Warning
+
+
+
+
Privoxy currently does not garbage-collect obsolete keys and
+ certificates and does not keep track of how may keys and certificates exist.
+
Privoxy admins should monitor the size of the directory
+ and/or make sure there is sufficient space available. A cron job to limit the number of keys and
+ certificates to a certain number may be worth considering.