+ typically require</emphasis> exceptions to be listed in the latter sections of
+ one of our actions file. For instance, by default no URLs are
+ <quote>blocked</quote> (i.e. in the default definitions of
+ <filename>default.action</filename>). We need exceptions to this in order to
+ enable ad blocking in the lower sections. But we need to be very selective
+ about what we do block.
+</para>
+
+<para>
+ Below is a liberally commented <filename>default.action</filename> file to
+ demonstrate how all the pieces come together. And to show how exceptions to
+ the default policies can be handled. This is followed by a
+ <filename>user.action</filename> with similar examples.
+</para>
+
+<para>
+ <literal>
+ <msgtext>
+ <literallayout>
+
+# Settings -- Don't change! For internal Privoxy use ONLY.
+{{settings}}
+for-privoxy-version=3.0
+
+
+##########################################################################
+# <ulink url="configuration.html#ALIASES">Aliases</ulink> must be defined *before* they are used. These are
+# easier to remember, and combine several actions into one. Once defined
+# they can be used just like any built-in action.
+##########################################################################
+
+# Some useful aliases.
+ -prevent-cookies = -prevent-setting-cookies -prevent-reading-cookies
+ +imageblock = +block +handle-as-image
+
+# Fragile sites should have the minimum changes:
+ fragile = -block -deanimate-gifs -fast-redirects -filter -hide-referer \
+ -prevent-cookies -kill-popups
+
+# Shops should be allowed to set persistent cookies
+ shop = -filter -prevent-cookies -session-cookies-only
+
+
+##########################################################################
+# Begin default action settings. Anything in this section will match
+# all URLs -- UNLESS we have exceptions that match defined below this
+# section. We will show all potential actions here whether they are on
+# or off. We could omit any disabled action if we wanted, since all
+# actions are 'off' by default anyway. Shown for completeness only.
+# Actions are enabled if preceded by a '+', otherwise they are disabled.
+##########################################################################
+ { \
+ <ulink url="configuration.html#ADD-HEADER">-add-header</ulink> \
+ <ulink url="configuration.html#BLOCK">-block</ulink> \
+ <ulink url="configuration.html#DEANIMATE-GIFS">-deanimate-gifs</ulink> \
+ <ulink url="configuration.html#DOWNGRADE-HTTP-VERSION">-downgrade-http-version</ulink> \
+ <ulink url="configuration.html#FAST-REDIRECTS">+fast-redirects</ulink> \
+ <ulink url="configuration.html#FILTER">+filter{html-annoyances}</ulink> \
+ <ulink url="configuration.html#FILTER">+filter{js-annoyances}</ulink> \
+ <ulink url="configuration.html#FILTER">-filter{content-cookies}</ulink> \
+ <ulink url="configuration.html#FILTER">-filter{popups}</ulink> \
+ <ulink url="configuration.html#FILTER">+filter{webbugs}</ulink> \
+ <ulink url="configuration.html#FILTER">-filter{refresh-tags}</ulink> \
+ <ulink url="configuration.html#FILTER">-filter{fun}</ulink> \
+ <ulink url="configuration.html#FILTER">+filter{nimda}</ulink> \
+ <ulink url="configuration.html#FILTER">+filter{banners-by-size}</ulink> \
+ <ulink url="configuration.html#FILTER">-filter{shockwave-flash}</ulink> \
+ <ulink url="configuration.html#FILTER">-filter{crude-prental}</ulink> \
+ <ulink url="configuration.html#HIDE-FORWARDED-FOR-HEADERS">+hide-forwarded-for-headers</ulink> \
+ <ulink url="configuration.html#HIDE-FROM-HEADER">+hide-from-header{block}</ulink> \
+ <ulink url="configuration.html#HIDE-REFERER">-hide-referrer</ulink> \
+ <ulink url="configuration.html#HIDE-USER-AGENT">-hide-user-agent</ulink> \
+ <ulink url="configuration.html#HANDLE-AS-IMAGE">-handle-as-image</ulink> \
+ <ulink url="configuration.html#SET-IMAGE-BLOCKER">+set-image-blocker{pattern}</ulink> \
+ <ulink url="configuration.html#LIMIT-CONNECT">-limit-connect</ulink> \
+ <ulink url="configuration.html#PREVENT-COMPRESSION">+prevent-compression</ulink> \
+ <ulink url="configuration.html#SESSION-COOKIES-ONLY">-session-cookies-only</ulink> \
+ <ulink url="configuration.html#PREVENT-READING-COOKIES">-prevent-reading-cookies</ulink> \
+ <ulink url="configuration.html#PREVENT-SETTING-COOKIES">-prevent-setting-cookies</ulink> \
+ <ulink url="configuration.html#KILL-POPUPS">-kill-popups</ulink> \
+ <ulink url="configuration.html#SEND-VANILLA-WAFER">-send-vanilla-wafer</ulink> \
+ <ulink url="configuration.html#SEND-WAFER">-send-wafer</ulink> \
+ }
+ / # forward slash will match *all* potential URL patterns.
+
+##########################################################################
+# Default behavior is now set. Time for some exceptions to our
+# default actions.
+##########################################################################
+
+# These sites are very complex and require very minimal interference.
+# We'll disable most actions with our 'fragile' alias.
+ {fragile}
+ .office.microsoft.com # surprise, surprise!
+ .windowsupdate.microsoft.com
+
+
+# Shopping sites - not as fragile but require some special
+# handling. We still want to block ads, and we will allow
+# persistant cookies via the 'shop' alias.
+ {shop}
+ .quietpc.com
+ .worldpay.com # for quietpc.com
+ .jungle.com
+ .scan.co.uk
+
+
+# These sites require pop-ups too :( We'll combine our 'shop'
+# alias with two other actions into one rule to allow all popups.
+ {shop -no-popups -filter{popups}}
+ .dabs.com
+ .overclockers.co.uk
+
+
+# The 'Fast-redirects' action breaks some sites. Disable this action
+# for these known sensitive sites.
+ {-fast-redirects}
+ www.ukc.ac.uk/cgi-bin/wac\.cgi\?
+ login.yahoo.com
+ edit.europe.yahoo.com
+ .google.com
+ .altavista.com/.*(like|url|link):http
+ .altavista.com/trans.*urltext=http
+ .nytimes.com
+
+
+# Define which file types will be treated as images. Important
+# for ad blocking.
+ {+handle-as-image}
+ /.*\.(gif|jpe?g|png|bmp|ico)
+
+
+# Now lets list some domains that are known ad generators. And
+# our alias here will block these as well as force them to be
+# treated as images. This combination of actions is important
+# for ad blocking. What the browser will show instead is
+# determined by the setting of <ulink url="configuration.html#SET-IMAGE-BLOCKER"><quote>+set-image-blocker</quote></ulink>
+ {+imageblock}
+ ar.atwola.com
+ .ad.doubleclick.net
+ .a.yimg.com/(?:(?!/i/).)*$
+ .a[0-9].yimg.com/(?:(?!/i/).)*$
+ bs*.gsanet.com
+ bs*.einets.com
+ .qkimg.net
+ ad.*.doubleclick.net
+
+
+# These will just simply be blocked. They will generate the BLOCKED
+# banner page, if matched. Heavy use of wildcards and regular
+# expressions in this example.
+ {+block}
+ ad*.
+ .*ads.
+ banner?.
+ count*.
+ /.*count(er)?\.(pl|cgi|exe|dll|asp|php[34]?)
+ /(?:.*/)?(publicite|werbung|rekla(ma|me|am)|annonse|maino(kset|nta|s)?)/
+ .hitbox.com
+
+
+# The above block section will catch some sites we DO NOT want
+# blocked via the wildcards and regular expressions. Now let's set
+# exceptions to the exceptions so the good guys get better treatment.
+ {-block}
+ advogato.org
+ adsl.
+ ad[ud]*.
+ advice.
+# Let's just trust all .edu top level domains.
+ .edu
+ www.ugu.com/sui/ugu/adv
+# We'll need to access to path names containing 'download'
+ .*downloads.
+ /downloads/
+# 'adv' is for globalintersec and means advanced, not advertisement
+ www.globalintersec.com/adv
+
+
+# Don't filter *anything* from our friends at sourceforge.
+# Notice we don't have to name the individual filter
+# identifiers -- we just turn them all off in one fell swoop.
+ {-filter}
+ .sourceforge.net
+
+ </literallayout>
+ </msgtext>
+ </literal>
+</para>
+
+<para>
+ So far we are painting with a broad brush by setting general policies.
+ The above would be a reasonable starting point for many situations. Now,
+ we want to be more specific and have customized rules that are more suitable
+ to our personal habits and preferences. These should be placed in
+ <filename>user.action</filename>, which is parsed after all other
+ actions files. So any settings here, will have the last word.