From 6d60ac0445984436221788b6967c6c1459efe08c Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@fabiankeil.de>
Date: Thu, 7 Mar 2013 14:12:22 +0000
Subject: [PATCH] Rebuild documentation for
 enable-proxy-authentication-forwarding

---
 doc/webserver/user-manual/actions-file.html  | 18 +++---
 doc/webserver/user-manual/appendix.html      | 28 ++++-----
 doc/webserver/user-manual/config.html        | 60 ++++++++++++++++++++
 doc/webserver/user-manual/configuration.html |  8 ++-
 doc/webserver/user-manual/filter-file.html   |  2 +-
 doc/webserver/user-manual/index.html         | 27 +++++----
 doc/webserver/user-manual/quickstart.html    |  2 +-
 doc/webserver/user-manual/startup.html       |  4 +-
 doc/webserver/user-manual/whatsnew.html      | 19 +++++--
 9 files changed, 121 insertions(+), 47 deletions(-)

diff --git a/doc/webserver/user-manual/actions-file.html b/doc/webserver/user-manual/actions-file.html
index faa5e629..896fc341 100644
--- a/doc/webserver/user-manual/actions-file.html
+++ b/doc/webserver/user-manual/actions-file.html
@@ -117,7 +117,7 @@
         in <tt class="FILENAME">default.action</tt> are:</p>
 
         <div class="TABLE">
-          <a name="AEN2826" id="AEN2826"></a>
+          <a name="AEN2858" id="AEN2858"></a>
 
           <p><b>Table 1. Default Configurations</b></p>
 
@@ -314,7 +314,7 @@
     actions</a>.</p>
 
     <div class="SECT2">
-      <h2 class="SECT2"><a name="AEN2925" id="AEN2925">8.1. Finding the Right
+      <h2 class="SECT2"><a name="AEN2957" id="AEN2957">8.1. Finding the Right
       Mix</a></h2>
 
       <p>Note that some <a href="actions-file.html#ACTIONS">actions</a>, like
@@ -339,7 +339,7 @@
     </div>
 
     <div class="SECT2">
-      <h2 class="SECT2"><a name="AEN2932" id="AEN2932">8.2. How to
+      <h2 class="SECT2"><a name="AEN2964" id="AEN2964">8.2. How to
       Edit</a></h2>
 
       <p>The easiest way to edit the actions files is with a browser by using
@@ -529,7 +529,7 @@
       </div>
 
       <div class="SECT3">
-        <h3 class="SECT3"><a name="AEN3044" id="AEN3044">8.4.1. The Domain
+        <h3 class="SECT3"><a name="AEN3076" id="AEN3076">8.4.1. The Domain
         Pattern</a></h3>
 
         <p>The matching of the domain part offers some flexible options: if
@@ -634,7 +634,7 @@
       </div>
 
       <div class="SECT3">
-        <h3 class="SECT3"><a name="AEN3120" id="AEN3120">8.4.2. The Path
+        <h3 class="SECT3"><a name="AEN3152" id="AEN3152">8.4.2. The Path
         Pattern</a></h3>
 
         <p><span class="APPLICATION">Privoxy</span> uses <span class=
@@ -4336,7 +4336,7 @@ example.org/instance-that-is-delivered-as-xml-but-is-not
       </div>
 
       <div class="SECT3">
-        <h3 class="SECT3"><a name="AEN4795" id="AEN4795">8.5.35.
+        <h3 class="SECT3"><a name="AEN4827" id="AEN4827">8.5.35.
         Summary</a></h3>
 
         <p>Note that many of these actions have the potential to cause a page
@@ -4495,7 +4495,7 @@ example.org/instance-that-is-delivered-as-xml-but-is-not
       together:</p>
 
       <div class="SECT3">
-        <h3 class="SECT3"><a name="AEN4859" id="AEN4859">8.7.1.
+        <h3 class="SECT3"><a name="AEN4891" id="AEN4891">8.7.1.
         match-all.action</a></h3>
 
         <p>Remember <span class="emphasis"><i class="EMPHASIS">all actions
@@ -4544,7 +4544,7 @@ example.org/instance-that-is-delivered-as-xml-but-is-not
       </div>
 
       <div class="SECT3">
-        <h3 class="SECT3"><a name="AEN4881" id="AEN4881">8.7.2.
+        <h3 class="SECT3"><a name="AEN4913" id="AEN4913">8.7.2.
         default.action</a></h3>
 
         <p>If you aren't a developer, there's no need for you to edit the
@@ -4887,7 +4887,7 @@ wiki.
       </div>
 
       <div class="SECT3">
-        <h3 class="SECT3"><a name="AEN4994" id="AEN4994">8.7.3.
+        <h3 class="SECT3"><a name="AEN5026" id="AEN5026">8.7.3.
         user.action</a></h3>
 
         <p>So far we are painting with a broad brush by setting general
diff --git a/doc/webserver/user-manual/appendix.html b/doc/webserver/user-manual/appendix.html
index 5a07a155..9b1cc1bf 100644
--- a/doc/webserver/user-manual/appendix.html
+++ b/doc/webserver/user-manual/appendix.html
@@ -293,7 +293,7 @@
     </div>
 
     <div class="SECT2">
-      <h2 class="SECT2"><a name="AEN5870" id="AEN5870">14.2. Privoxy's
+      <h2 class="SECT2"><a name="AEN5902" id="AEN5902">14.2. Privoxy's
       Internal Pages</a></h2>
 
       <p>Since <span class="APPLICATION">Privoxy</span> proxies each
@@ -313,7 +313,7 @@
 
       <ul>
         <li>
-          <p>Privoxy main page:</p><a name="AEN5884" id="AEN5884"></a>
+          <p>Privoxy main page:</p><a name="AEN5916" id="AEN5916"></a>
 
           <blockquote class="BLOCKQUOTE">
             <p><a href="http://config.privoxy.org/" target=
@@ -328,8 +328,8 @@
 
         <li>
           <p>Show information about the current configuration, including
-          viewing and editing of actions files:</p><a name="AEN5892" id=
-          "AEN5892"></a>
+          viewing and editing of actions files:</p><a name="AEN5924" id=
+          "AEN5924"></a>
 
           <blockquote class="BLOCKQUOTE">
             <p><a href="http://config.privoxy.org/show-status" target=
@@ -338,8 +338,8 @@
         </li>
 
         <li>
-          <p>Show the source code version numbers:</p><a name="AEN5897" id=
-          "AEN5897"></a>
+          <p>Show the source code version numbers:</p><a name="AEN5929" id=
+          "AEN5929"></a>
 
           <blockquote class="BLOCKQUOTE">
             <p><a href="http://config.privoxy.org/show-version" target=
@@ -348,8 +348,8 @@
         </li>
 
         <li>
-          <p>Show the browser's request headers:</p><a name="AEN5902" id=
-          "AEN5902"></a>
+          <p>Show the browser's request headers:</p><a name="AEN5934" id=
+          "AEN5934"></a>
 
           <blockquote class="BLOCKQUOTE">
             <p><a href="http://config.privoxy.org/show-request" target=
@@ -358,8 +358,8 @@
         </li>
 
         <li>
-          <p>Show which actions apply to a URL and why:</p><a name="AEN5907"
-          id="AEN5907"></a>
+          <p>Show which actions apply to a URL and why:</p><a name="AEN5939"
+          id="AEN5939"></a>
 
           <blockquote class="BLOCKQUOTE">
             <p><a href="http://config.privoxy.org/show-url-info" target=
@@ -373,20 +373,20 @@
           <span class="QUOTE">"off"</span>, <span class=
           "QUOTE">"Privoxy"</span> continues to run, but only as a
           pass-through proxy, with no actions taking place:</p><a name=
-          "AEN5915" id="AEN5915"></a>
+          "AEN5947" id="AEN5947"></a>
 
           <blockquote class="BLOCKQUOTE">
             <p><a href="http://config.privoxy.org/toggle" target=
             "_top">http://config.privoxy.org/toggle</a></p>
           </blockquote>
 
-          <p>Short cuts. Turn off, then on:</p><a name="AEN5919" id=
-          "AEN5919"></a>
+          <p>Short cuts. Turn off, then on:</p><a name="AEN5951" id=
+          "AEN5951"></a>
 
           <blockquote class="BLOCKQUOTE">
             <p><a href="http://config.privoxy.org/toggle?set=disable" target=
             "_top">http://config.privoxy.org/toggle?set=disable</a></p>
-          </blockquote><a name="AEN5922" id="AEN5922"></a>
+          </blockquote><a name="AEN5954" id="AEN5954"></a>
 
           <blockquote class="BLOCKQUOTE">
             <p><a href="http://config.privoxy.org/toggle?set=enable" target=
diff --git a/doc/webserver/user-manual/config.html b/doc/webserver/user-manual/config.html
index bff23307..38f75fd1 100644
--- a/doc/webserver/user-manual/config.html
+++ b/doc/webserver/user-manual/config.html
@@ -1685,6 +1685,66 @@
           </dl>
         </div>
       </div>
+
+      <div class="SECT3">
+        <h4 class="SECT3"><a name="ENABLE-PROXY-AUTHENTICATION-FORWARDING"
+        id="ENABLE-PROXY-AUTHENTICATION-FORWARDING">7.4.9.
+        enable-proxy-authentication-forwarding</a></h4>
+
+        <div class="VARIABLELIST">
+          <dl>
+            <dt>Specifies:</dt>
+
+            <dd>
+              <p>Whether or not proxy authentication through <span class=
+              "APPLICATION">Privoxy</span> should work.</p>
+            </dd>
+
+            <dt>Type of value:</dt>
+
+            <dd>
+              <p>0 or 1</p>
+            </dd>
+
+            <dt>Default value:</dt>
+
+            <dd>
+              <p>0</p>
+            </dd>
+
+            <dt>Effect if unset:</dt>
+
+            <dd>
+              <p>Proxy authentication headers are removed.</p>
+            </dd>
+
+            <dt>Notes:</dt>
+
+            <dd>
+              <p>Privoxy itself does not support proxy authentication, but
+              can allow clients to authenticate against Privoxy's parent
+              proxy.</p>
+
+              <p>By default Privoxy (3.0.21 and later) don't do that and
+              remove Proxy-Authorization headers in requests and
+              Proxy-Authenticate headers in responses to make it harder for
+              malicious sites to trick inexperienced users into providing
+              login information.</p>
+
+              <p>If this option is enabled the headers are forwarded.</p>
+
+              <p>Enabling this option is <span class="emphasis"><i class=
+              "EMPHASIS">not recommended</i></span> if there is no parent
+              proxy that requires authentication or if the local network
+              between Privoxy and the parent proxy isn't trustworthy. If
+              proxy authentication is only required for some requests, it is
+              recommended to use a client header filter to remove the
+              authentication headers for requests where they aren't
+              needed.</p>
+            </dd>
+          </dl>
+        </div>
+      </div>
     </div>
 
     <div class="SECT2">
diff --git a/doc/webserver/user-manual/configuration.html b/doc/webserver/user-manual/configuration.html
index 9f25f72d..1e2e346c 100644
--- a/doc/webserver/user-manual/configuration.html
+++ b/doc/webserver/user-manual/configuration.html
@@ -46,7 +46,7 @@
     controlled easily with a web browser.</p>
 
     <div class="SECT2">
-      <h2 class="SECT2"><a name="AEN1074" id="AEN1074">6.1. Controlling
+      <h2 class="SECT2"><a name="AEN1078" id="AEN1078">6.1. Controlling
       Privoxy with Your Web Browser</a></h2>
 
       <p><span class="APPLICATION">Privoxy</span>'s user interface can be
@@ -63,8 +63,10 @@
 
 </pre>
 
-            <h2 class="BRIDGEHEAD"><a name="AEN1082" id=
-            "AEN1082"></a>&nbsp;&nbsp;&nbsp;&nbsp;Privoxy Menu</h2>
+            <h2 class="BRIDGEHEAD"><a name="AEN1086" id=
+            "AEN1086"></a>&nbsp;&nbsp;&nbsp;&nbsp;Privoxy Menu</h2>
+            <pre>
+</pre>
 
             <table border="0">
               <tbody>
diff --git a/doc/webserver/user-manual/filter-file.html b/doc/webserver/user-manual/filter-file.html
index a9aac417..f01f6893 100644
--- a/doc/webserver/user-manual/filter-file.html
+++ b/doc/webserver/user-manual/filter-file.html
@@ -151,7 +151,7 @@ FILTER: foo Replace all "foo" with "bar"
     started.</p>
 
     <div class="SECT2">
-      <h2 class="SECT2"><a name="AEN5149" id="AEN5149">9.1. Filter File
+      <h2 class="SECT2"><a name="AEN5181" id="AEN5181">9.1. Filter File
       Tutorial</a></h2>
 
       <p>Now, let's complete our <span class="QUOTE">"foo"</span> content
diff --git a/doc/webserver/user-manual/index.html b/doc/webserver/user-manual/index.html
index 95276124..28bf43a3 100644
--- a/doc/webserver/user-manual/index.html
+++ b/doc/webserver/user-manual/index.html
@@ -23,7 +23,7 @@
       2001-2013 by <a href="http://www.privoxy.org/" target="_top">Privoxy
       Developers</a></sub><br></p>
 
-      <p class="PUBDATE">$Id: user-manual.sgml,v 2.173 2013/03/01 17:44:24
+      <p class="PUBDATE">$Id: user-manual.sgml,v 2.174 2013/03/02 14:39:24
       fabiankeil Exp $<br></p>
 
       <div>
@@ -173,7 +173,7 @@
 
         <dd>
           <dl>
-            <dt>6.1. <a href="configuration.html#AEN1074">Controlling Privoxy
+            <dt>6.1. <a href="configuration.html#AEN1078">Controlling Privoxy
             with Your Web Browser</a></dt>
 
             <dt>6.2. <a href="configuration.html#CONFOVERVIEW">Configuration
@@ -267,6 +267,9 @@
 
                 <dt>7.4.8. <a href=
                 "config.html#BUFFER-LIMIT">buffer-limit</a></dt>
+
+                <dt>7.4.9. <a href=
+                "config.html#ENABLE-PROXY-AUTHENTICATION-FORWARDING">enable-proxy-authentication-forwarding</a></dt>
               </dl>
             </dd>
 
@@ -342,10 +345,10 @@
 
         <dd>
           <dl>
-            <dt>8.1. <a href="actions-file.html#AEN2925">Finding the Right
+            <dt>8.1. <a href="actions-file.html#AEN2957">Finding the Right
             Mix</a></dt>
 
-            <dt>8.2. <a href="actions-file.html#AEN2932">How to Edit</a></dt>
+            <dt>8.2. <a href="actions-file.html#AEN2964">How to Edit</a></dt>
 
             <dt>8.3. <a href="actions-file.html#ACTIONS-APPLY">How Actions
             are Applied to Requests</a></dt>
@@ -355,10 +358,10 @@
 
             <dd>
               <dl>
-                <dt>8.4.1. <a href="actions-file.html#AEN3044">The Domain
+                <dt>8.4.1. <a href="actions-file.html#AEN3076">The Domain
                 Pattern</a></dt>
 
-                <dt>8.4.2. <a href="actions-file.html#AEN3120">The Path
+                <dt>8.4.2. <a href="actions-file.html#AEN3152">The Path
                 Pattern</a></dt>
 
                 <dt>8.4.3. <a href="actions-file.html#TAG-PATTERN">The Tag
@@ -472,7 +475,7 @@
                 "actions-file.html#SET-IMAGE-BLOCKER">set-image-blocker</a></dt>
 
                 <dt>8.5.35. <a href=
-                "actions-file.html#AEN4795">Summary</a></dt>
+                "actions-file.html#AEN4827">Summary</a></dt>
               </dl>
             </dd>
 
@@ -484,13 +487,13 @@
             <dd>
               <dl>
                 <dt>8.7.1. <a href=
-                "actions-file.html#AEN4859">match-all.action</a></dt>
+                "actions-file.html#AEN4891">match-all.action</a></dt>
 
                 <dt>8.7.2. <a href=
-                "actions-file.html#AEN4881">default.action</a></dt>
+                "actions-file.html#AEN4913">default.action</a></dt>
 
                 <dt>8.7.3. <a href=
-                "actions-file.html#AEN4994">user.action</a></dt>
+                "actions-file.html#AEN5026">user.action</a></dt>
               </dl>
             </dd>
           </dl>
@@ -500,7 +503,7 @@
 
         <dd>
           <dl>
-            <dt>9.1. <a href="filter-file.html#AEN5149">Filter File
+            <dt>9.1. <a href="filter-file.html#AEN5181">Filter File
             Tutorial</a></dt>
 
             <dt>9.2. <a href="filter-file.html#PREDEFINED-FILTERS">The
@@ -564,7 +567,7 @@
             <dt>14.1. <a href="appendix.html#REGEX">Regular
             Expressions</a></dt>
 
-            <dt>14.2. <a href="appendix.html#AEN5870">Privoxy's Internal
+            <dt>14.2. <a href="appendix.html#AEN5902">Privoxy's Internal
             Pages</a></dt>
 
             <dd>
diff --git a/doc/webserver/user-manual/quickstart.html b/doc/webserver/user-manual/quickstart.html
index 13d9b237..880d3bd7 100644
--- a/doc/webserver/user-manual/quickstart.html
+++ b/doc/webserver/user-manual/quickstart.html
@@ -343,7 +343,7 @@
           "GUIBUTTON">Edit</span>"</span>:</p>
 
           <div class="FIGURE">
-            <a name="AEN850" id="AEN850"></a>
+            <a name="AEN854" id="AEN854"></a>
 
             <p><b>Figure 1. Actions Files in Use</b></p>
 
diff --git a/doc/webserver/user-manual/startup.html b/doc/webserver/user-manual/startup.html
index 664c2272..c0868408 100644
--- a/doc/webserver/user-manual/startup.html
+++ b/doc/webserver/user-manual/startup.html
@@ -55,7 +55,7 @@
     protocols.</p>
 
     <div class="FIGURE">
-      <a name="AEN905" id="AEN905"></a>
+      <a name="AEN909" id="AEN909"></a>
 
       <p><b>Figure 2. Proxy Configuration Showing Mozilla/Netscape HTTP and
       HTTPS (SSL) Settings</b></p>
@@ -112,7 +112,7 @@
     only HTTP and HTTPS (SSL)!</p>
 
     <div class="FIGURE">
-      <a name="AEN950" id="AEN950"></a>
+      <a name="AEN954" id="AEN954"></a>
 
       <p><b>Figure 3. Proxy Configuration Showing Internet Explorer HTTP and
       HTTPS (Secure) Settings</b></p>
diff --git a/doc/webserver/user-manual/whatsnew.html b/doc/webserver/user-manual/whatsnew.html
index 0d3e4bf6..07a5a289 100644
--- a/doc/webserver/user-manual/whatsnew.html
+++ b/doc/webserver/user-manual/whatsnew.html
@@ -42,9 +42,9 @@
     Release</a></h1>
 
     <p><span class="APPLICATION">Privoxy 3.0.21</span> stable is a bug-fix
-    release for Privoxy 3.0.20 beta. It also addresses a security issue that
-    affects all previous Privoxy versions (on some platforms). The changes
-    since 3.0.20 beta are:</p>
+    release for Privoxy 3.0.20 beta. It also addresses two security issues
+    that affect all previous Privoxy versions. The changes since 3.0.20 beta
+    are:</p>
 
     <ul>
       <li>
@@ -58,6 +58,14 @@
             limit to be reached.</p>
           </li>
 
+          <li>
+            <p>Proxy authentication headers are removed unless the new
+            directive enable-proxy-authentication-forwarding is used.
+            Forwarding the headers potentionally allows malicious sites to
+            trick the user into providing it with login information. Reported
+            by Chris John Riley.</p>
+          </li>
+
           <li>
             <p>Compiles on OS/2 again now that unistd.h is only included on
             platforms that have it.</p>
@@ -105,9 +113,10 @@
             <p>Unblock '.advrider.com/' and '/.*ADVrider'. Anonymously
             reported in #3603636.</p>
           </li>
+
           <li>
-            <p>Stop blocking '/js/slider\.js'.
-            Reported by Adam Piggott in #3606635 and _lvm in #2791160.</p>
+            <p>Stop blocking '/js/slider\.js'. Reported by Adam Piggott in
+            #3606635 and _lvm in #2791160.</p>
           </li>
         </ul>
       </li>
-- 
2.39.2