From: hal9 Date: Wed, 18 Jul 2007 22:48:10 +0000 (+0000) Subject: Submit new version of manual so some of Fabians work has some documentation. X-Git-Tag: v_3_0_7~199 X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=commitdiff_plain;h=e61fdec519cef582a2dc5507543a006b539ad3f4 Submit new version of manual so some of Fabians work has some documentation. --- diff --git a/doc/webserver/user-manual/actions-file.html b/doc/webserver/user-manual/actions-file.html index fcd12174..72b9a064 100644 --- a/doc/webserver/user-manual/actions-file.html +++ b/doc/webserver/user-manual/actions-file.html @@ -7,7 +7,7 @@ NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ ">Privoxy 3.0.6 User ManualPrivoxy 3.0.7 User Manual

default.action is typically process before +> is typically processed before user.action

8.1. Finding the Right Mix

8.2. How to Edit

8.3. How Actions are Applied to URLs8.3. How Actions are Applied to Requests

Actions files are divided into sections. There are special sections, like the

To determine which actions apply to a request, the URL of the request is - compared to all patterns in each "action file" file. Every time it matches, the list of - applicable actions for the URL is incrementally updated, using the heading - of the section in which the pattern is located. If multiple matches for - the same URL set the same action differently, the last match wins. If not, - the effects are aggregated. E.g. a URL might match a regular section with - a heading line of . + Every time it matches, the list of applicable actions for the request is + incrementally updated, using the heading of the section in which the + pattern is located. The same is done again for tags and tag patterns later on.

If multiple applying sections set the same action differently, + the last match wins. If not, the effects are aggregated. + E.g. a URL might match a regular section with a heading line of { +

You can trace this process for any given URL by visiting You can trace this process for URL patterns and any given URL by visiting http://config.privoxy.org/show-url-info

Generally, a Privoxy pattern has the form +> Generally, a URL pattern has the form <domain>/<path>

8.4.1. The Domain Pattern

8.4.2. The Path Pattern

Appendix on regular expressions.

8.4.3. The Tag Pattern

Tag patterns are used to change the applying actions based on the + request's tags. Tags can be created with either the + client-header-tagger + or the server-header-tagger action.

Tag patterns have to start with "TAG:", so Privoxy + can tell them apart from URL patterns. Everything after the colon + including white space, is interpreted as a regular expression with + path patterns syntax, except that tag patterns aren't left-anchored + automatically (Privoxy doesn't silently add a "^", + you have to do it yourself if you need it).

To match all requests that are tagged with "foo" + your pattern line should be "TAG:^foo$", + "TAG:foo" would work as well, but it would also + match requests whose tags contain "foo" somewhere.

Sections can contain URL and tag patterns at the same time, + but tag patterns are checked after the URL patterns and thus + always overrule them, even if they are located before the URL patterns.

Once a new tag is added, Privoxy checks right away if it's matched by one + of the tag patterns and updates the action settings accordingly. As a result + tags can be used to activate other tagger actions, as long as these other + taggers look for headers that haven't already be parsed.

For example you could tag client requests which use the POST method, + use this tag to activate another tagger that adds a tag if cookies + are send, and then block based on the cookie tag. However if you'd + reverse the position of the described taggers, and activated the method + tagger based on the cookie tagger, no method tags would be created. + The method tagger would look for the request line, but at the time + the cookie tag is created the request line has already been parsed.

While this is a limitation you should be aware of, this kind of + indirection is seldom needed anyway and even the example doesn't + make too much sense.

8.5.3. client-header-filter

Typical use:

Rewrite or remove single client headers. +

Effect:

All client headers to which this action applies are filtered on-the-fly through + the specified regular expression based substitutions. +

Type:

Parameterized.

Parameter:

The name of a client-header filter, as defined in one of the + filter files. +

Notes:

Client-header filters are applied to each header on its own, not to + all at once. This makes it easier to diagnose problems, but on the downside + you can't write filters that only change header x if header y's value is z. + You can do that by using tags though. +

Client-header filters are executed after the other header actions have finished + and use their output as input. +

Please refer to the filter file chapter + to learn which client-header filters are available by default, and how to + create your own. +

Example usage (section):

{+client-header-filter{hide-tor-exit-notation}}
+.exit/
+
+

8.5.4. client-header-tagger

Typical use:

Block requests based on their headers. +

Effect:

Client headers to which this action applies are filtered on-the-fly through + the specified regular expression based substitutions, the result is used as + tag. +

Type:

Parameterized.

Parameter:

The name of a client-header tagger, as defined in one of the + filter files. +

Notes:

Client-header taggers are applied to each header on its own, + and as the header isn't modified, each tagger "sees" + the original. +

Client-header taggers are the first actions that are executed + and their tags can be used to control every other action. +

Example usage (section):

# Tag every request with the User-Agent header
+{+client-header-filter{user-agent}}
+/
+
+

8.5.3. content-type-overwrite

8.5.5. content-type-overwrite

Most of the time it's easier to enable +> Most of the time it's easier to replace this action with a custom filter-server-headersserver-header filter - and replace this action with a custom regular expression. It allows you - to activate it for every document of a certain site and it will still +>. + It allows you to activate it for every document of a certain site and it will still only replace the content types you aimed at.

8.5.4. crunch-client-header8.5.6. crunch-client-header

crunch-client-header is only meant for quick tests. If you have to block several different headers, or only want to modify - parts of them, you should enable + parts of them, you should use a filter-client-headersclient-header filter - and create your own filter. +>.

8.5.5. crunch-if-none-match8.5.7. crunch-if-none-match

8.5.6. crunch-incoming-cookies8.5.8. crunch-incoming-cookies

8.5.7. crunch-server-header8.5.9. crunch-server-header

crunch-server-header is only meant for quick tests. If you have to block several different headers, or only want to modify - parts of them, you should enable + parts of them, you should use a custom filter-server-headersserver-header filter - and create your own filter. +>.

8.5.8. crunch-outgoing-cookies8.5.10. crunch-outgoing-cookies

8.5.9. deanimate-gifs8.5.11. deanimate-gifs

8.5.10. downgrade-http-version8.5.12. downgrade-http-version

8.5.11. fast-redirects8.5.13. fast-redirects

"page not found" error. It is possible to fix these redirected - requests with error. You can prevent this problem by + first using the filter-client-headersredirect - but it requires a little effort. +> action + to remove the last part of the URL, but it requires a little effort.

To detect a redirection URL, 8.5.12. filter8.5.14. filter

Effect:

All files of text-based type, most notably HTML and - JavaScript, to which this action applies, can be filtered on-the-fly - through the specified regular expression based substitutions. (Note: as of - version 3.0.3 plain text documents are exempted from filtering, because - web servers often use the All instances of text-based type, most notably HTML and JavaScript, to which + this action applies, can be filtered on-the-fly through the specified regular + expression based substitutions. (Note: as of version 3.0.3 plain text documents + are exempted from filtering, because web servers often use the + text/plain MIME type for all - files whose type they don't know.) By default, filtering works only on the - raw document content itself (that which can be seen with View - Source), - not the headers. +> MIME type for all files whose type they don't know.)

Parameter:

The name of a filter, as defined in the The name of a content filter, as defined in the filter file. @@ -3348,13 +3589,27 @@ CLASS="LITERAL" > exceptions.

At this time, Compressed content can't be filtered either, unless Privoxy cannot uncompress compressed - documents. If you want filtering to work on all documents, even those that - would normally be sent compressed, you must use the - + is compiled with zlib support (requires at least Privoxy 3.0.7), + in which case Privoxy will decompress the content before filtering + it. +

If you use a Privoxy version without zlib support, but want filtering to work on + as much documents as possible, even those that would normally be sent compressed, + you must use the .

Filtering can achieve some of the same effects as the +> Content filtering can achieve some of the same effects as the

- 
+filter{html-to-xml}         # Header filter to change the Content-Type from html to xml
-

- 
+filter{xml-to-html}         # Header filter to change the Content-Type from xml to html
-

@@ -3940,25 +4157,6 @@ CLASS="SCREEN" > -

- 
+filter{hide-tor-exit-notation} # Header filter to remove the Tor exit node notation in Host and Referer headers

8.5.13. filter-client-headers

8.5.15. force-text-mode

Typical use:

To apply filtering to the client's (browser's) headers -

Force Privoxy to treat a document as if it was in some kind of text format.

Effect:

By default, Privoxy's filters only apply - to the document content itself. This will extend those filters to - include the client's headers as well. +> Declares a document as text, even if the "Content-Type:" isn't detected as such.

Notes:

Regular expressions can be used to filter headers as well. Check your - filters closely before activating this action, as it can easily lead to broken - requests. -

- These filters are applied to each header on its own, not to them - all at once. This makes it easier to diagnose problems, but on the downside - you can't write filters that only change header x if header y's value is - z. -

The filters are used after the other header actions have finished and can - use their output as input. -

Whenever possible one should specify As explained ^above, - $, the whole header name and the colon, to make sure - the filter doesn't cause havoc to other headers or the - page itself. For example if you want to transform Galeon User-Agents to - Firefox User-Agents you - shouldn't use:

Privoxy tries to only filter files that are + in some kind of text format. The same restrictions apply to + content-type-overwrite. + force-text-mode declares a document as text, + without looking at the "Content-Type:" first. + 

s@Galeon/\d\.\d\.\d @@
Warning

but:

s@^(User-Agent:.*) Galeon/\d\.\d\.\d (Firefox/\d\.\d\.\d\.\d)$@$1 $2@

Think twice before activating this action. Filtering binary data + with regular expressions can cause file damage. +

Example usage (section):
Example usage:

{+filter-client-headers +filter{test_filter}}
-problem-host.example.com
-
+force-text-mode +
-

8.5.14. filter-server-headers

8.5.16. forward-override

Typical use:

To apply filtering to the server's headers -

Change the forwarding settings based on User-Agent or request origin

Effect:

By default, Privoxy's filters only apply - to the document content itself. This will extend those filters to - include the server's headers as well. +> Overrules the forward directives in the configuration files.

Type:

Boolean.

Multi-value.

Parameter:

N/A -

Notes:

Similar to filter-client-headers, but works on - the server instead. To filter both server and client, use both. -

As with filter-client-headers, check your - filters before activating this action, as it can easily lead to broken - requests. -

- These filters are applied to each header on its own, not to them - all at once. This makes it easier to diagnose problems, but on the downside - you can't write filters that only change header x if header y's value is - z. -

The filters are used after the other header actions have finished and can - use their output as input. -

Remember too, whenever possible one should specify ^, - $, the whole header name and the colon, to make sure - the filter doesn't cause havoc to other headers or the - page itself. See above for example. -

Example usage (section):

{+filter-server-headers +filter{test_filter}}
-problem-host.example.com
-
-

8.5.15. force-text-mode

Typical use:

  • Force Privoxy to treat a document as if it was in some kind of text format.

Effect:
"forward ." to use a direct connection without any additional proxies.

  • Declares a document as text, even if the "Content-Type:" isn't detected as such. -

    • Type:
    "forward 127.0.0.1:8123" to use the HTTP proxy listening at 127.0.0.1 port 8123. +

  • Boolean.

    • Parameter:
    "forward-socks4a 127.0.0.1:9050 ." to use the socks4a proxy listening at 127.0.0.1 port 9050. + Replace "forward-socks4a" with "forward-socks4" to use a socks4 connection (with local DNS + resolution) instead. +

  • N/A -

    "forward-socks4a 127.0.0.1:9050 proxy.example.org:8000" to use the socks4a proxy + listening at 127.0.0.1 port 9050 to reach the HTTP proxy listening at proxy.example.org port 8000. + Replace "forward-socks4a" with "forward-socks4" to use a socks4 connection (with local DNS + resolution) instead. +

    • Notes:

    As explained above, - Privoxy tries to only filter files that are - in some kind of text format. The same restrictions apply to - content-type-overwrite. - force-text-mode declares a document as text, - without looking at the "Content-Type:" first. +> This action takes parameters similar to the + forward directives in the configuration + file, but without the URL pattern. It can be used as replacement, but normally it's only + used in cases where matching based on the request URL isn't sufficient.

    Think twice before activating this action. Filtering binary data - with regular expressions can cause file damage. +> Please read the description for the forward directives before + using this action. Forwarding to the wrong people will reduce your privacy and increase the + chances of man-in-the-middle attacks. +

    If the ports are missing or invalid, default values will be used. This might change + in the future and you shouldn't rely on it. Otherwise incorrect syntax causes Privoxy + to exit. +

    Use the show-url-info CGI page + to verify that your forward settings do what you thought the do. 

    +force-text-mode
+># Always use direct connections for requests previously tagged as
+# "User-Agent: fetch libfetch/2.0" and make sure
+# resuming downloads continues to work.
+# This way you can continue to use Tor for your normal browsing,
+# without overloading the Tor network with your FreeBSD ports updates
+# or downloads of bigger files like ISOs.
+{+forward-override{forward .} \
+ -hide-if-modified-since      \
+ -overwrite-last-modified     \
+}
+TAG:^User-Agent: fetch libfetch/2.0$
    8.5.16. handle-as-empty-document8.5.17. handle-as-empty-document

    8.5.17. handle-as-image8.5.18. handle-as-image

    8.5.18. hide-accept-language8.5.19. hide-accept-language

    8.5.19. hide-content-disposition8.5.20. hide-content-disposition

    8.5.20. hide-if-modified-since8.5.21. hide-if-modified-since

    8.5.21. hide-forwarded-for-headers8.5.22. hide-forwarded-for-headers

    8.5.22. hide-from-header8.5.23. hide-from-header

    8.5.23. hide-referrer8.5.24. hide-referrer8.5.24. hide-user-agent8.5.25. hide-user-agent

    8.5.25. inspect-jpegs8.5.26. inspect-jpegs

    8.5.26. kill-popups8.5.27. kill-popups8.5.27. limit-connect8.5.28. limit-connect

    8.5.28. prevent-compression8.5.29. prevent-compression

    More and more websites send their content compressed by default, which - is generally a good idea and saves bandwidth. But for the kill-popups actions to work, - actions need + access to the uncompressed data. +

    When compiled with zlib support (available since Privoxy needs access to the uncompressed data. - Unfortunately, 3.0.7), content that should be + filtered is decompressed on-the-fly and you don't have to worry about this action. + If you are using an older Privoxy can't yet(!) uncompress, filter, and - re-compress the content on the fly. So if you want to ensure that all websites, including - those that normally compress, can be filtered, you need to use this action. +> version, or one that hasn't been compiled with zlib + support, this action can be used to convince the server to send the content uncompressed.

    This will slow down transfers from those websites, though. If you use any of the above-mentioned - actions, you will typically want to use prevent-compression in conjunction - with them. +> Most text-based instances compress very well, the size is seldom decreased by less than 50%, + for markup-heavy instances like news feeds saving more than 90% of the original size isn't + unusual. +

    Not using compression will therefore slow down the transfer, and you should only + enable this action if you really need it. As of Privoxy 3.0.7 it's disabled in all + predefined action settings.

    Note that some (rare) ill-configured sites don't handle requests for uncompressed - documents correctly (they send an empty document body). If you use prevent-compression - per default, you'll have to add exceptions for those sites. See the example for how to do that. +> per default, you might want to add + exceptions for those sites. See the example for how to do that.

    8.5.29. overwrite-last-modified8.5.30. overwrite-last-modified

    8.5.30. redirect8.5.31. redirect

    Parameter:

    Any URL. +> An absolute URL or a single pcrs command.

    Notes:

    This action is useful to replace whole documents with ones of your - choosing. This can be used to enforce safe surfing, or just as a simple - convenience. +> Requests to which this action applies are answered with a + HTTP redirect to URLs of your choosing. The new URL is + either provided as parameter, or derived by applying a + single pcrs command to the original URL.

    You can do the same by combining the actions +> This action will be ignored if you use it together with block, - handle-as-image and +>. + It can be combined with set-image-blocker{URL}fast-redirects{check-decoded-url}. - It doesn't sound right for non-image documents, and that's why this action - was created. +> + to redirect to a decoded version of a rewritten URL.

    This action will be ignored if you use it together with - block. +> Use this action carefully, make sure not to create redirection loops + and be aware that using your own redirects might make it + possible to fingerprint your requests.

    # Replace example.com's style sheet with another one { +redirect{http://localhost/css-replacements/example.com.css} } - example.com/stylesheet.css + example.com/stylesheet\.css # Create a short, easy to remember nickname for a favorite site +# (relies on the browser accept and forward invalid URLs to Privoxy) { +redirect{http://www.privoxy.org/user-manual/actions-file.html} } - a8.5.31. send-vanilla-wafer8.5.32. send-vanilla-wafer

    8.5.32. send-wafer8.5.33. send-wafer

    8.5.34. server-header-filter

    Typical use:

    Rewrite or remove single server headers. +

    Effect:

    All server headers to which this action applies are filtered on-the-fly + through the specified regular expression based substitutions. +

    Type:

    Parameterized.

    Parameter:

    The name of a server-header filter, as defined in one of the + filter files. +

    Notes:

    Server-header filters are applied to each header on its own, not to + all at once. This makes it easier to diagnose problems, but on the downside + you can't write filters that only change header x if header y's value is z. + You can do that by using tags though. +

    Server-header filters are executed after the other header actions have finished + and use their output as input. +

    Please refer to the filter file chapter + to learn which server-header filters are available by default, and how to + create your own. +

    Example usage (section):

    {+server-header-filter{html-to-xml}}
+example.org/xml-instance-that-is-delivered-as-html
+
+{+server-header-filter{xml-to-html}}
+example.org/instance-that-is-delivered-as-xml-but-is-not
+
    +

    8.5.35. server-header-tagger

    Typical use:

    Disable or disable filters based on the Content-Type header. +

    Effect:

    Server headers to which this action applies are filtered on-the-fly through + the specified regular expression based substitutions, the result is used as + tag. +

    Type:

    Parameterized.

    Parameter:

    The name of a server-header tagger, as defined in one of the + filter files. +

    Notes:

    Server-header taggers are applied to each header on its own, + and as the header isn't modified, each tagger "sees" + the original. +

    Server-header taggers are executed before all other header actions + that modify server headers. Their tags can be used to control + all of the other server-header actions, the content filters + and the crunch actions (redirect + and block). +

    Obviously crunching based on tags created by server-header taggers + doesn't prevent the request from showing up in the server's log file. +

    Example usage (section):

    # Tag every request with the declared content type
+{+client-header-filter{content-type}}
+/
+
    +

    8.5.33. session-cookies-only

    8.5.36. session-cookies-only

    8.5.34. set-image-blocker8.5.37. set-image-blocker

    Redirect to the BSD devil: +> Redirect to the BSD daemon:

    8.5.35. treat-forbidden-connects-like-blocks8.5.38. treat-forbidden-connects-like-blocks

    "Go there anyway" link becomes rather useless: - it lets the client request the home page of the forbidden host - through unencrypted HTTP, still using the port of the last request. -

    If you previously configured Privoxy to do the - request through a SSL tunnel, everything will work. Most likely you haven't - and the server will respond with an error message because it is expecting - HTTPS (SSL). +> wouldn't work and is therefore suppressed.

    8.5.36. Summary

    8.5.39. Summary

    Note that many of these actions have the potential to cause a page to misbehave, possibly even not to display at all. There are many ways @@ -7261,7 +7580,7 @@ CLASS="SECT3" >

    8.7.1. default.action

    add-header \ + -client-header-filter{hide-tor-exit-notation} \ -filter{ie-exploits} \ -filter-client-headers \ - -filter-server-headers \ - -filter-googlefilter{google} \ -filter-yahoofilter{yahoo} \ -filter-msnfilter{msn} \ -filter-blogspot \ - -filter-xml-to-html \ - -filter-html-to-xmlfilter{blogspot} \ -filter-no-ping \ - -filter-hide-tor-exit-notationfilter{no-ping} \ -send-wafer \ + -server-header-filter{xml-to-html} \ + -server-header-filter{html-to-xml} \ +

    8.7.2. user.action

    block } - www.example.com/nasty-ads/sponsor.gif + www.example.com/nasty-ads/sponsor\.gif another.popular.site.net/more/junk/here/

    Privoxy 3.0.7 User ManualPrivoxy 3.0.7 User ManualEffect if unset:

    No actions are taken at all. Simple neutral proxying. +> No actions are taken at all. More or less neutral proxying.

    without at least one actions file.

    Note that since Privoxy 3.0.7, the complete filename, including the ".action" + extension has to be specified. The syntax change was necessary to be consistent + with the other file options and to allow previously forbidden characters. +

    7.2.4. filterfile7.2.5. filterfile7.2.5. logfile7.2.6. logfile

    7.2.6. jarfile7.2.7. jarfile

    7.2.7. trustfile7.2.8. trustfile

    fatal errors (i.e. ones which crash +> errors (i.e. ones which causes Privoxy) is always on and cannot be disabled. +> to exit) is always on and cannot be disabled.

    If you want to use CLF (Common Log Format), you should set and not enable anything else.

    Privoxy has a hard-coded limit for the + length of log messages. If it's reached, messages are logged truncated + and marked with "... [too long, truncated]". +

    "toggled off" mode, i.e. behave like a normal, content-neutral - proxy where all ad blocking, filtering, etc are disabled. See +> mode, i.e. mostly behave like a normal, + content-neutral proxy where all ad blocking, filtering, etc are disabled. See enable-remote-toggle When toggled off, Privoxy acts like a normal, +> mostly acts like a normal, content-neutral proxy, i.e. it acts as if none of the actions applied to any URL.

    7.4.6. enforce-blocks

    Specifies:

    Whether the user is allowed to ignore blocks and can "go there anyway". +

    Type of value:

    0 or 1 +

    Default value:

    0

    Effect if unset:

    Blocks are not enforced. +

    Notes:

    Privoxy is mainly used to block and filter + requests as a service to the user, for example to block ads and other + junk that clogs the pipes. Privoxy's configuration + isn't perfect and sometimes innocent pages are blocked. In this situation it + makes sense to allow the user to enforce the request and have + Privoxy ignore the block. +

    In the default configuration Privoxy's + "Blocked" page contains a "go there anyway" + link to adds a special string (the force prefix) to the request URL. + If that link is used, Privoxy will + detect the force prefix, remove it again and let the request pass. +

    Of course Privoxy can also be used to enforce + a network policy. In that case the user obviously should not be able to + bypass any blocks, and that's what the "enforce-blocks" + option is for. If it's enabled, Privoxy hides + the "go there anyway" link. If the user adds the force + prefix by hand, it will not be accepted and the circumvention attempt + is logged. +

    Examples:

    enforce-blocks 1 +

    7.4.6. ACLs: permit-access and deny-access

    7.4.7. ACLs: permit-access and deny-access

    Multiple ACL lines are OK. - If any ACLs are specified, then the Privoxy - talks only to IP addresses that match at least one only talks + to IP addresses that match at least one permit-access line @@ -2181,7 +2372,8 @@ CLASS="QUOTE"

    Denying access to particular sites by ACL may have undesired side effects - if the site in question is hosted on a machine which also hosts other sites. + if the site in question is hosted on a machine which also hosts other sites + (most sites are).

    Allow any host on the same class C subnet as www.privoxy.org access to - nothing but www.example.com: + nothing but www.example.com (or other domains hosted on the same system):

    Privoxy 3.0.6 User Manual

    14.2. Privoxy's Internal Pages

    Short cuts. Turn off, then on:

    		Privoxy 3.0.6 User Manual

    7.2.2. templdir

    Specifies:

    An alternative directory where the templates are loaded from

    Type of value:

    Path name

    Default value:

    unset

    Effect if unset:

    The templates are assumed to be located in confdir/template.

    Notes:

    Privoxy's original templates are usually overwritten + with each update. Use this option to relocate customized templates + that should be kept. Note that you might be missing new features + if you use outdated templates. +

    7.2.2. logdir

    7.2.3. logdir

    7.2.3. actionsfile7.2.4. actionsfileType of value:

    File name, relative to Complete file name, relative to confdir, without the .action suffix

    Default values:

      standard     # Internal purposes, no editing recommended

      standard.action     # Internal purposes, no editing recommended

      default      # Main actions file

      default.action      # Main actions file

      user         # User customizations

      user.action         # User customizations

    Allow access from any host on the 26-bit subnet 192.168.45.64 to anywhere, - with the exception that 192.168.45.73 may not access www.dirty-stuff.example.com: + with the exception that 192.168.45.73 may not access the IP address behind + www.dirty-stuff.example.com:

    7.4.7. buffer-limit7.4.8. buffer-limit

    7.5. Forwarding

    This feature allows routing of HTTP requests through a chain of - multiple proxies. - It can be used to better protect privacy and confidentiality when - accessing specific domains by routing requests to those domains - through an anonymous public proxy. Or to use a caching proxy to speed up browsing. Or chaining to a parent - proxy may be necessary because the machine that

    Forwarding can be used to chain Privoxy with a caching proxy to speed + up browsing. Using a parent proxy may also be necessary if the machine + that Privoxy runs on has no direct Internet access.

    Note that parent proxies can severely decrease your privacy level. + For example a parent proxy could add your IP address to the request + headers and if it's a caching proxy it may add the "Etag" - runs on has no direct Internet access.

    Also specified here are SOCKS proxies. Examples:

    Everything goes to an example anonymizing proxy, except SSL on port 443 (which it doesn't handle): +> Everything goes to an example parent proxy, except SSL on port 443 (which it doesn't handle):

    Specifies:

    Through which SOCKS proxy (and to which parent HTTP proxy) specific requests should be routed. +> Through which SOCKS proxy (and optionally to which parent HTTP proxy) specific requests should be routed.

    Effect if unset:

    Forwarded connections are treated like direct connections and no retry attempts are made. +> Connections forwarded through other proxies are treated like direct connections and no retry attempts are made.

    forwarded-connect-retries is mainly interesting - for socks4a connections, where Privoxy can't detect why the connections failed. + for socks4a connections, where Privoxy can't detect why the connections failed. The connection might have failed because of a DNS timeout in which case a retry makes sense, but it might also have failed because the server doesn't exist or isn't reachable. In this case the retry will just delay the appearance of Privoxy's error message.

    Note that in the context of this option, "forwarded connections" includes all connections + that Privoxy forwards through other proxies. This option is not limited to the HTTP CONNECT method. +

    Only use this option, if you are getting many forwarding related error messages, that go away when you try again manually. Start with a small value and check Privoxy's logfile from time to time, to see how many retries are usually needed. @@ -3055,6 +3268,189 @@ CLASS="REPLACEABLE" >

    7.5.5. accept-intercepted-requests

    Specifies:

    Whether intercepted requests should be treated as valid. +

    Type of value:

    0 or 1 +

    Default value:

    0

    Effect if unset:

    Only proxy requests are accepted, intercepted requests are treated as invalid. +

    Notes:

    If you don't trust your clients and want to force them + to use Privoxy, enable this + option and configure your packet filter to redirect outgoing + HTTP connections into Privoxy. +

    Make sure that Privoxy's own requests + aren't redirected as well. Additionally take care that + Privoxy can't intentionally connect + to itself, otherwise you could run into redirection loops if + Privoxy's listening port is reachable + by the outside or an attacker has access to the pages you visit. +

    Examples:

    accept-intercepted-requests 1 +

    7.5.6. split-large-forms

    Specifies:

    Whether the CGI interface should stay compatible with broken HTTP clients. +

    Type of value:

    0 or 1 +

    Default value:

    0

    Effect if unset:

    The CGI form generate long GET URLs. +

    Notes:

    Privoxy's CGI forms can lead to + rather long URLs. This isn't a problem as far as the HTTP + standard is concerned, but it can confuse clients with arbitrary + URL lenght limitations. +

    Enabling split-large-forms causes Privoxy + to devide big forms into smaller ones to keep the URL length down. + It makes editing a lot less convenient and you can no longer + submit all changes at once, but at least it works around this + browser bug. +

    If you don't notice any editing problems, there is no reason + to enable this option, but if one of the submit buttons appears + to be broken, you should give it a try. +

    Examples:

    split-large-forms 1 +

    Privoxy 3.0.7 User ManualPrivoxy 3.0.7 User ManualPrivoxy 3.0.7 User ManualPrivoxy 3.0.7 User ManualPrivoxy 3.0.7 User Manual
      forward   /      anon-proxy.example.org:8080
+>  forward   /      parent-proxy.example.org:8080
   forward   :443   .
    Privoxy 3.0.6 User Manual

    6.1. Controlling Privoxy with Your Web Browser

        Privoxy Menu

            ▪  Documentation diff --git a/doc/webserver/user-manual/contact.html b/doc/webserver/user-manual/contact.html index 702a4159..a37b780a 100644 --- a/doc/webserver/user-manual/contact.html +++ b/doc/webserver/user-manual/contact.html @@ -8,7 +8,7 @@ NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ ">Privoxy 3.0.6 User Manual
    Privoxy 3.0.6 User Manual

    12.1. License

     Hal Burgiss
     Ian Cummings
    + Justin McMurtry
     Roland Rosenfeld

    Former Privoxy Team Members:

     David Mediavilla 
     Raphael Moll
    + Adam Piggott
     Oliver Stoeneberg
     Martin Thomas
     Roberto Ragusa
    diff --git a/doc/webserver/user-manual/filter-file.html b/doc/webserver/user-manual/filter-file.html index 678c2862..53b56810 100644 --- a/doc/webserver/user-manual/filter-file.html +++ b/doc/webserver/user-manual/filter-file.html @@ -7,7 +7,7 @@ NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ ">    		Privoxy 3.0.6 User Manual
    9. Filter Files

    On-the-fly text substitutions that can be invoked through the - filter action need +> On-the-fly text substitutions need to be defined in a "filter file""action". Multiple filter files can be - defined through the .

    Privoxy supports three different filter actions: + filter to + rewrite the content that is send to the client, + client-header-filter + to rewrite headers that are send by the client, and + server-header-filter + to rewrite headers that are send by the server, and

    Privoxy also supports two tagger actions: + client-header-tagger + and + server-header-tagger. + Taggers and filters use the same syntax in the filter files, the differnce + is that taggers don't modify the text they are filtering, but use a rewritten + version of the filtered text as tag. The tags can then be used to change the + applying actions through sections with tag-patterns.

    Multiple filter files can be defined through the .

    Typical reasons for doing these kinds of substitutions are to eliminate - common annoyances in HTML and JavaScript, such as pop-up windows, +> Command tasks for content filters are to eliminate common annoyances in + HTML and JavaScript, such as pop-up windows, exit consoles, crippled windows without navigation tools, the infamous <BLINK> tag etc, to suppress images with certain width and height attributes (standard banner sizes or web-bugs), - or just to have fun. The possibilities are endless.

    Filtering works on any text-based document type, including +> Content filtering works on any text-based document type, including HTML, JavaScript, CSS etc. (all text/*"roll your own" filters, you should first be familiar with HTML syntax, - and, of course, regular expressions. By default, filters are only applied - to the raw document content, but can be extended to the HTTP headers with - the supplemental actions: - filter-client-headers and - filter-server-headers.

    Just like the filters - here. Each filter consists of a heading line, that starts with the + here. Each filter consists of a heading line, that starts with one of the keywordkeywords FILTER:, followed by - the filter's , + CLIENT-HEADER-FILTER: or SERVER-HEADER-FILTER: + followed by the filter's actions file.

    A filter header line for a filter called Filter definitions start with a header line that contains the filter + type, the filter name and the filter description. + A content filter header line for a filter called "foo" could look @@ -314,14 +363,14 @@ CLASS="SECT2" >

    9.1. Filter File Tutorial

    Now, let's complete our "foo" filter. We have already defined +> content filter. We have already defined the heading, but the jobs are still missing. Since all it does is to replace

    Header filter to change the Content-Type from xml to html. +> Server-header filter to change the Content-Type from xml to html.

    Header filter to change the Content-Type from html to xml. +> Server-header filter to change the Content-Type from html to xml.

    Header filter to remove the Client-header filter to remove the Tor exit node notation found in Host and Referer headers.

    If Privoxy and Tor are chained and Privoxy + is configured to use socks4a, one can use "http://www.example.org.foobar.exit/" + to access the host "www.example.org" through the + Tor exit node "foobar". +

    As the HTTP client isn't aware of this notation, it treats the + whole string "www.example.org.foobar.exit" as host and uses it + for the "Host" and "Referer" headers. From the + server's point of view the resulting headers are invalid and can cause problems. +

    An invalid "Referer" header can trigger "hot-linking" + protections, an invalid "Host" header will make it impossible for + the server to find the right vhost (several domains hosted on the same IP address). +

    This client-header filter removes the "foo.exit" part in those headers + to prevent the mentioned problems. Note that it only modifies + the HTTP headers, it doesn't make it impossible for the server + to detect your Tor exit node based on the IP address + the request is coming from. +

    Privoxy 3.0.6 User ManualPrivoxy 3.0.7 User ManualPrivoxy 3.0.6 User ManualPrivoxy 3.0.7 User Manual

    Copyright © 2001 - 2006 by +> © 2001 - 2007 by

    $Id: user-manual.sgml,v 2.26 2006/10/24 11:16:44 hal9 Exp $

    $Id: user-manual.sgml,v 2.32 2007/06/07 12:36:22 fabiankeil Exp $

    2.1.4. Solaris, NetBSD, FreeBSD, HP-UXSolaris, NetBSD, HP-UX
    2.1.5.
    2.1.8. FreeBSD
    2.1.9. Gentoo
    6.1. Controlling Privoxy with Your Web Browser
    7.2.2. templdir
    7.2.3. logdir
    7.2.3. 7.2.4. actionsfile
    7.2.4. 7.2.5. filterfile
    7.2.5. 7.2.6. logfile
    7.2.6. 7.2.7. jarfile
    7.2.7. 7.2.8. trustfile
    7.4.6. enforce-blocks
    7.4.7. ACLs: permit-access and deny-access
    7.4.7. 7.4.8. buffer-limit
    forwarded-connect-retries
    7.5.5. accept-intercepted-requests
    7.5.6. split-large-forms
    8.1. Finding the Right Mix
    8.2. How to Edit
    8.3. How Actions are Applied to URLsHow Actions are Applied to Requests
    8.4.
    8.4.1. The Domain Pattern
    8.4.2. The Path Pattern
    8.4.3. The Tag Pattern
    8.5.3. client-header-filter
    8.5.4. client-header-tagger
    8.5.5. content-type-overwrite
    8.5.4. 8.5.6. crunch-client-header
    8.5.5. 8.5.7. crunch-if-none-match
    8.5.6. 8.5.8. crunch-incoming-cookies
    8.5.7. 8.5.9. crunch-server-header
    8.5.8. 8.5.10. crunch-outgoing-cookies
    8.5.9. 8.5.11. deanimate-gifs
    8.5.10. 8.5.12. downgrade-http-version
    8.5.11. 8.5.13. fast-redirects
    8.5.12. 8.5.14. filter
    8.5.13. filter-client-headers
    8.5.14. filter-server-headers
    8.5.15. force-text-mode
    8.5.16. forward-override
    8.5.17. handle-as-empty-document
    8.5.17. 8.5.18. handle-as-image
    8.5.18. 8.5.19. hide-accept-language
    8.5.19. 8.5.20. hide-content-disposition
    8.5.20. 8.5.21. hide-if-modified-since
    8.5.21. 8.5.22. hide-forwarded-for-headers
    8.5.22. 8.5.23. hide-from-header
    8.5.23. 8.5.24. hide-referrer
    8.5.24. 8.5.25. hide-user-agent
    8.5.25. 8.5.26. inspect-jpegs
    8.5.26. 8.5.27. kill-popups
    8.5.27. 8.5.28. limit-connect
    8.5.28. 8.5.29. prevent-compression
    8.5.29. 8.5.30. overwrite-last-modified
    8.5.30. 8.5.31. redirect
    8.5.31. 8.5.32. send-vanilla-wafer
    8.5.32. 8.5.33. send-wafer
    8.5.33. 8.5.34. server-header-filter
    8.5.35. server-header-tagger
    8.5.36. session-cookies-only
    8.5.34. 8.5.37. set-image-blocker
    8.5.35. 8.5.38. treat-forbidden-connects-like-blocks
    8.5.36. 8.5.39. Summary
    8.7.1. default.action
    8.7.2. user.action
    9.1. Filter File Tutorial
    12.1. License
    14.2. Privoxy's Internal Pages
    		Privoxy 3.0.6 User Manual

    RPMs can be installed with rpm -Uvh privoxy-3.0.6-1.rpmrpm -Uvh privoxy-3.0.7-1.rpm, and will use If you have problems with failed dependencies, try rebuilding the SRC RPM: rpm --rebuild privoxy-3.0.6-1.src.rpmrpm --rebuild privoxy-3.0.7-1.src.rpm. This will use your locally installed libraries and RPM version.

    2.1.4. Solaris, NetBSD, FreeBSD, HP-UX2.1.4. Solaris, NetBSD, HP-UX

    Create a new directory,

    2.1.8. FreeBSD

    Privoxy is part of FreeBSD's Ports Collection, you can build and install + it with cd /usr/ports/www/privoxy; make install clean.

    If you don't use the ports, you can fetch and install + the package with pkg_add -r privoxy.

    The port skeleton and the package can also be downloaded from the + File Release + Page, but if you're interested in stable releases only you don't + gain anything by using them.

    2.1.8. Gentoo

    2.1.9. Gentoo

    Gentoo source packages (Ebuilds) for , the documentation is in /usr/share/doc/privoxy-3.0.6/usr/share/doc/privoxy-3.0.7 and the Log directory is in 

     tar xzvf privoxy-3.0.6-src* [.tgz or .tar.gz]
- cd privoxy-3.0.6
    tar xzvf privoxy-3.0.7-src* [.tgz or .tar.gz] + cd privoxy-3.0.7
    Privoxy 3.0.6 User ManualPrivoxy 3.0.7 User ManualPrivoxy, v.3.0.6.

    , v.3.0.7.

  • HTTP/1.1 compliant (but not all optional 1.1 features are supported). -

  • Support for Perl Compatible Regular Expressions in the configuration files, and generally a more sophisticated and flexible configuration syntax over previous versions. @@ -248,7 +243,7 @@ ACCESSKEY="N" WIDTH="33%" ALIGN="left" VALIGN="top" ->Privoxy 3.0.6 User ManualPrivoxy 3.0.7 User ManualPrivoxy 3.0.6 User ManualPrivoxy 3.0.7 User Manual

    Privoxy 3.0.6 User ManualPrivoxy 3.0.7 User Manualhttp://www.squid-cache.org/, a very popular +>, a popular caching proxy, which is often used together with Privoxy http://www.pps.jussieu.fr/~jch/software/polipo/, + Polipo is a caching proxy with advanced features + like pipelining, multiplexing and caching of partial instances. In many setups + it can be used as Squid replacement. +

    +

    Privoxy 3.0.7 User ManualPrivoxy 3.0.7 User ManualPrivoxy 3.0.7 User Manual
    http://tor.eff.org/Privoxy 3.0.6 User Manual

    		Privoxy 3.0.6 User Manual
    Privoxy 3.0.6 User Manual

    There are many improvements and new features since Privoxy 3.0.3Privoxy 3.0.6, the last stable release: