From: Fabian Keil Date: Sun, 10 May 2009 10:21:13 +0000 (+0000) Subject: Regenerate with connection-sharing and max-client-connections. X-Git-Tag: v_3_0_13~104 X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=commitdiff_plain;h=594da2fb0547a6325317ff12476f400622bb6cf5 Regenerate with connection-sharing and max-client-connections. --- diff --git a/config b/config index e0ea87a4..945e8535 100644 --- a/config +++ b/config @@ -1,6 +1,6 @@ # Sample Configuration File for Privoxy v3.0.13 # -# $Id: p-config.sgml,v 2.48 2009/04/17 11:42:07 fabiankeil Exp $ +# $Id: config,v 1.78 2009/04/17 13:27:06 fabiankeil Exp $ # # Copyright (C) 2001-2009 Privoxy Developers http://www.privoxy.org/ # @@ -1328,7 +1328,10 @@ buffer-limit 4096 forwarded-connect-retries 0 # # -# 5.4. accept-intercepted-requests +# 6. MISCELLANEOUS +# ================= +# +# 6.1. accept-intercepted-requests # ================================= # # Specifies: @@ -1367,7 +1370,7 @@ forwarded-connect-retries 0 accept-intercepted-requests 0 # # -# 5.5. allow-cgi-request-crunching +# 6.2. allow-cgi-request-crunching # ================================= # # Specifies: @@ -1405,7 +1408,7 @@ accept-intercepted-requests 0 allow-cgi-request-crunching 0 # # -# 5.6. split-large-forms +# 6.3. split-large-forms # ======================= # # Specifies: @@ -1447,7 +1450,7 @@ allow-cgi-request-crunching 0 split-large-forms 0 # # -# 5.7. keep-alive-timeout +# 6.4. keep-alive-timeout # ======================== # # Specifies: @@ -1465,36 +1468,97 @@ split-large-forms 0 # # Effect if unset: # -# Connections are not reused. +# Connections are not kept alive. # # Notes: # +# This option allows clients to keep the connection to Privoxy +# alive. If the server supports it, Privoxy will keep the +# connection to the server alive as well. Under certain +# circumstances this may result in speed-ups. +# +# By default, Privoxy will close the connection to the server if +# the client connection gets closed, or if the specified timeout +# has been reached without a new request coming in. This behaviour +# can be changed with the connection-sharing option. +# # This option has no effect if Privoxy has been compiled without # keep-alive support. # +# Examples: +# +# keep-alive-timeout 300 +# +keep-alive-timeout 300 +# +# +# 6.5. connection-sharing +# ======================== +# +# Specifies: +# +# Whether or not outgoing connections that have been kept alive +# should be shared between different incoming connections. +# +# Type of value: +# +# 0 or 1 +# +# Default value: +# +# None +# +# Effect if unset: +# +# Connections are not shared. +# +# Notes: +# +# This option has no effect if Privoxy has been compiled without +# keep-alive support, or if it's disabled. +# # Notes: # # Note that reusing connections doesn't necessary cause # speedups. There are also a few privacy implications you should # be aware of. # -# Outgoing connections are shared between clients (if there are -# more than one) and closing the client that initiated the outgoing -# connection does not affect the connection between Privoxy and -# the server unless the client's request hasn't been completed -# yet. If the outgoing connection is idle, it will not be closed -# until either Privoxy's or the server's timeout is reached. While +# If this option is effective, outgoing connections are shared +# between clients (if there are more than one) and closing the +# client that initiated the outgoing connection does no longer +# affect the connection between Privoxy and the server unless +# the client's request hasn't been completed yet. +# +# If the outgoing connection is idle, it will not be closed until +# either Privoxy's or the server's timeout is reached. While # it's open, the server knows that the system running Privoxy is # still there. # +# If there are more than one client (maybe even belonging to +# multiple users), they will be able to reuse each others +# connections. This is potentially dangerous in case of +# authentication schemes like NTLM where only the connection +# is authenticated, instead of requiring authentication for +# each request. +# +# If there is only a single client, and if said client can keep +# connections alive on its own, enabling this option has next to +# no effect. If the client doesn't support connection keep-alive, +# enabling this option may make sense as it allows Privoxy to keep +# outgoing connections alive even if the client itself doesn't +# support it. +# +# This option should only be used by experienced users who +# understand the risks and can weight them against the benefits. +# # Examples: # -# keep-alive-timeout 300 +# connection-sharing 1 # -keep-alive-timeout 300 +#connection-sharing 1 # # -# 5.8. socket-timeout +# 6.6. socket-timeout # ==================== # # Specifies: @@ -1527,7 +1591,63 @@ keep-alive-timeout 300 socket-timeout 300 # # -# 6. WINDOWS GUI OPTIONS +# 6.7. max-client-connections +# ============================ +# +# Specifies: +# +# Maximum number of client connections that will be served. +# +# Type of value: +# +# Positive number. +# +# Default value: +# +# None +# +# Effect if unset: +# +# Connections are served until a resource limit is reached. +# +# Notes: +# +# Privoxy creates one thread (or process) for every incoming +# client connection that isn't rejected based on the access +# control settings. +# +# If the system is powerful enough, Privoxy can theoretically deal +# with several hundred (or thousand) connections at the same time, +# but some operating systems enforce resource limits by shutting +# down offending processes and their default limits may be below +# the ones Privoxy would require under heavy load. +# +# Configuring Privoxy to enforce a connection limit below the +# thread or process limit used by the operating system makes +# sure this doesn't happen. Simply increasing the operating +# system's limit would work too, but if Privoxy isn't the only +# application running on the system, you may actually want to +# limit the resources used by Privoxy. +# +# If Privoxy is only used by a single trusted user, limiting the +# number of client connections is probably unnecessary. If there +# are multiple possibly untrusted users you probably still want +# to additionally use a packet filter to limit the maximal number +# of incoming connections per client. Otherwise a malicious user +# could intentionally create a high number of connections to +# prevent other users from using Privoxy. +# +# Obviously using this option only makes sense if you choose a +# limit below the one enforced by the operating system. +# +# Examples: +# +# max-client-connections 256 +# +#max-client-connections 256 +# +# +# 7. WINDOWS GUI OPTIONS # ======================= # # Privoxy has a number of options specific to the Windows GUI diff --git a/doc/webserver/user-manual/actions-file.html b/doc/webserver/user-manual/actions-file.html index f0f88ba7..5a20e52d 100644 --- a/doc/webserver/user-manual/actions-file.html +++ b/doc/webserver/user-manual/actions-file.html @@ -233,7 +233,7 @@ CLASS="FILENAME" >

8.1. Finding the Right Mix

8.2. How to Edit

8.4.1. The Domain Pattern

8.4.2. The Path Pattern

8.5.34. Summary

8.7.1. match-all.action

8.7.2. default.action

8.7.3. user.action

+> \ No newline at end of file diff --git a/doc/webserver/user-manual/appendix.html b/doc/webserver/user-manual/appendix.html index 87c651ee..888f9582 100644 --- a/doc/webserver/user-manual/appendix.html +++ b/doc/webserver/user-manual/appendix.html @@ -748,7 +748,7 @@ CLASS="SECT2" >

14.2. Privoxy's Internal Pages

Short cuts. Turn off, then on:

+> \ No newline at end of file diff --git a/doc/webserver/user-manual/config.html b/doc/webserver/user-manual/config.html index 2562be56..11221c27 100644 --- a/doc/webserver/user-manual/config.html +++ b/doc/webserver/user-manual/config.html @@ -3581,13 +3581,22 @@ CLASS="QUOTE" >

7.6. Miscellaneous

7.5.5. accept-intercepted-requests7.6.1. accept-intercepted-requests

7.5.6. allow-cgi-request-crunching7.6.2. allow-cgi-request-crunching

7.5.7. split-large-forms7.6.3. split-large-forms

7.5.8. keep-alive-timeout7.6.4. keep-alive-timeout

Effect if unset:

Connections are not reused. +> Connections are not kept alive.

Notes:

This option allows clients to keep the connection to Privoxy + alive. If the server supports it, Privoxy will keep + the connection to the server alive as well. Under certain + circumstances this may result in speed-ups. +

By default, Privoxy will close the connection to the server if + the client connection gets closed, or if the specified timeout + has been reached without a new request coming in. This behaviour + can be changed with the connection-sharing option. +

This option has no effect if Privoxy

Examples:

keep-alive-timeout 300 +

7.6.5. connection-sharing

Specifies:

Whether or not outgoing connections that have been kept alive + should be shared between different incoming connections. +

Type of value:

0 or 1 +

Default value:

None

Effect if unset:

Connections are not shared. +

Notes:

This option has no effect if Privoxy + has been compiled without keep-alive support, or if it's disabled. +

Notes:

Outgoing connections are shared between clients (if there are more - than one) and closing the client that initiated the outgoing connection - does not affect the connection between If this option is effective, outgoing connections are shared between + clients (if there are more than one) and closing the client that initiated + the outgoing connection does no longer affect the connection between Privoxy and the server unless - the client's request hasn't been completed yet. If the outgoing connection - is idle, it will not be closed until either + and the server unless the client's request hasn't been completed yet. +

If the outgoing connection is idle, it will not be closed until either + Privoxy's - or the server's timeout is reached. While it's open, the server knows - that the system running or the server's timeout is reached. + While it's open, the server knows that the system running Privoxy is still + there. +

If there are more than one client (maybe even belonging to multiple users), + they will be able to reuse each others connections. This is potentially + dangerous in case of authentication schemes like NTLM where only the + connection is authenticated, instead of requiring authentication for + each request. +

If there is only a single client, and if said client can keep connections + alive on its own, enabling this option has next to no effect. If the client + doesn't support connection keep-alive, enabling this option may make sense + as it allows Privoxy is still there. +> to keep outgoing connections alive even if the client + itself doesn't support it. +

This option should only be used by experienced users who + understand the risks and can weight them against the benefits.

Examples:

keep-alive-timeout 300 +> connection-sharing 1

7.5.9. socket-timeout7.6.6. socket-timeout

7.6.7. max-client-connections

Specifies:

Maximum number of client connections that will be served. +

Type of value:

Positive number. +

Default value:

None

Effect if unset:

Connections are served until a resource limit is reached. +

Notes:

Privoxy creates one thread (or process) for every incoming client + connection that isn't rejected based on the access control settings. +

If the system is powerful enough, Privoxy can theoretically deal with + several hundred (or thousand) connections at the same time, but some + operating systems enforce resource limits by shutting down offending + processes and their default limits may be below the ones Privoxy would + require under heavy load. +

Configuring Privoxy to enforce a connection limit below the thread + or process limit used by the operating system makes sure this doesn't + happen. Simply increasing the operating system's limit would work too, + but if Privoxy isn't the only application running on the system, + you may actually want to limit the resources used by Privoxy. +

If Privoxy is only used by a single trusted user, limiting the + number of client connections is probably unnecessary. If there + are multiple possibly untrusted users you probably still want to + additionally use a packet filter to limit the maximal number of + incoming connections per client. Otherwise a malicious user could + intentionally create a high number of connections to prevent other + users from using Privoxy. +

Obviously using this option only makes sense if you choose a limit + below the one enforced by the operating system. +

Examples:

max-client-connections 256 +

7.6. Windows GUI Options7.7. Windows GUI Options

+> \ No newline at end of file diff --git a/doc/webserver/user-manual/configuration.html b/doc/webserver/user-manual/configuration.html index 2cd26c0d..965ad421 100644 --- a/doc/webserver/user-manual/configuration.html +++ b/doc/webserver/user-manual/configuration.html @@ -521,4 +521,4 @@ VALIGN="top" > +> \ No newline at end of file diff --git a/doc/webserver/user-manual/contact.html b/doc/webserver/user-manual/contact.html index 619bdb3e..32ebdeab 100644 --- a/doc/webserver/user-manual/contact.html +++ b/doc/webserver/user-manual/contact.html @@ -511,4 +511,4 @@ VALIGN="top" > +> \ No newline at end of file diff --git a/doc/webserver/user-manual/copyright.html b/doc/webserver/user-manual/copyright.html index 8a0b91df..5c3769ef 100644 --- a/doc/webserver/user-manual/copyright.html +++ b/doc/webserver/user-manual/copyright.html @@ -102,7 +102,7 @@ CLASS="SECT2" >

12.1. License

+> \ No newline at end of file diff --git a/doc/webserver/user-manual/filter-file.html b/doc/webserver/user-manual/filter-file.html index fe51c5a8..0066f219 100644 --- a/doc/webserver/user-manual/filter-file.html +++ b/doc/webserver/user-manual/filter-file.html @@ -366,7 +366,7 @@ CLASS="SECT2" >

9.1. Filter File Tutorial

+> \ No newline at end of file diff --git a/doc/webserver/user-manual/index.html b/doc/webserver/user-manual/index.html index 65d5a401..8e356bd7 100644 --- a/doc/webserver/user-manual/index.html +++ b/doc/webserver/user-manual/index.html @@ -480,35 +480,54 @@ HREF="config.html#ADVANCED-FORWARDING-EXAMPLES" HREF="config.html#FORWARDED-CONNECT-RETRIES" >forwarded-connect-retries

7.6. Miscellaneous
7.5.5. 7.6.1. accept-intercepted-requests
7.5.6. 7.6.2. allow-cgi-request-crunching
7.5.7. 7.6.3. split-large-forms
7.5.8. 7.6.4. keep-alive-timeout
7.5.9. 7.6.5. connection-sharing
7.6.6. socket-timeout
7.6.7. max-client-connections
7.6. 7.7. Windows GUI Options
8.1. Finding the Right Mix
8.2. How to Edit
8.4.1. The Domain Pattern
8.4.2. The Path Pattern
8.5.34. Summary
8.7.1. match-all.action
8.7.2. default.action
8.7.3. user.action
9.1. Filter File Tutorial
12.1. License
14.2. Privoxy's Internal Pages
+> \ No newline at end of file diff --git a/doc/webserver/user-manual/installation.html b/doc/webserver/user-manual/installation.html index 053513ca..da4a74b4 100644 --- a/doc/webserver/user-manual/installation.html +++ b/doc/webserver/user-manual/installation.html @@ -1079,4 +1079,4 @@ VALIGN="top" > +> \ No newline at end of file diff --git a/doc/webserver/user-manual/introduction.html b/doc/webserver/user-manual/introduction.html index 41fe6cba..c937962d 100644 --- a/doc/webserver/user-manual/introduction.html +++ b/doc/webserver/user-manual/introduction.html @@ -305,4 +305,4 @@ VALIGN="top" > +> \ No newline at end of file diff --git a/doc/webserver/user-manual/quickstart.html b/doc/webserver/user-manual/quickstart.html index 484c2ac7..26e59462 100644 --- a/doc/webserver/user-manual/quickstart.html +++ b/doc/webserver/user-manual/quickstart.html @@ -940,4 +940,4 @@ VALIGN="top" > +> \ No newline at end of file diff --git a/doc/webserver/user-manual/seealso.html b/doc/webserver/user-manual/seealso.html index 77876b8a..68d64dff 100644 --- a/doc/webserver/user-manual/seealso.html +++ b/doc/webserver/user-manual/seealso.html @@ -415,4 +415,4 @@ VALIGN="top" > +> \ No newline at end of file diff --git a/doc/webserver/user-manual/startup.html b/doc/webserver/user-manual/startup.html index 07610d08..bc3e2f5a 100644 --- a/doc/webserver/user-manual/startup.html +++ b/doc/webserver/user-manual/startup.html @@ -899,4 +899,4 @@ VALIGN="top" > +> \ No newline at end of file diff --git a/doc/webserver/user-manual/templates.html b/doc/webserver/user-manual/templates.html index d5019fde..316b4ac1 100644 --- a/doc/webserver/user-manual/templates.html +++ b/doc/webserver/user-manual/templates.html @@ -318,4 +318,4 @@ Requests +> \ No newline at end of file diff --git a/doc/webserver/user-manual/whatsnew.html b/doc/webserver/user-manual/whatsnew.html index 34362731..6c877c92 100644 --- a/doc/webserver/user-manual/whatsnew.html +++ b/doc/webserver/user-manual/whatsnew.html @@ -348,4 +348,4 @@ VALIGN="top" > +> \ No newline at end of file