From 9f61aea144b2c1836b1f889c6322aef208213777 Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@fabiankeil.de>
Date: Thu, 8 Jun 2017 13:09:34 +0000
Subject: [PATCH] Regenerate config file with 'receive-buffer-size' and
 'trusted-cgi-referer' sections

Sponsored by: Robert Klemme
---
 config | 106 +++++++++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 103 insertions(+), 3 deletions(-)

diff --git a/config b/config
index 70c56072..560a1d0d 100644
--- a/config
+++ b/config
@@ -1,8 +1,8 @@
-#        Sample Configuration File for Privoxy 3.0.26
+#        Sample Configuration File for Privoxy 3.0.27
 #
-# $Id: config,v 1.111 2016/05/22 12:44:17 fabiankeil Exp $
+# $Id: p-config.sgml,v 2.126 2017/05/29 10:02:37 fabiankeil Exp $
 #
-# Copyright (C) 2001-2016 Privoxy Developers https://www.privoxy.org/
+# Copyright (C) 2001-2017 Privoxy Developers https://www.privoxy.org/
 #
 #####################################################################
 #                                                                   #
@@ -1167,6 +1167,59 @@ buffer-limit 4096
 #
 enable-proxy-authentication-forwarding 0
 #
+#  4.10. trusted-cgi-referer
+#  ==========================
+#
+#  Specifies:
+#
+#      A trusted website or webpage whose links can be followed to
+#      reach sensitive CGI pages
+#
+#  Type of value:
+#
+#      URL or URL prefix
+#
+#  Default value:
+#
+#      Unset
+#
+#  Effect if unset:
+#
+#      No external pages are considered trusted referers.
+#
+#  Notes:
+#
+#      Before Privoxy accepts configuration changes through CGI pages
+#      like client-tags or the remote toggle, it checks the Referer
+#      header to see if the request comes from a trusted source.
+#
+#      By default only the webinterface domains config.privoxy.org
+#      and p.p are considered trustworthy. Requests originating from
+#      other domains are rejected to prevent third-parties from
+#      modifiying Privoxy's state by e.g. embedding images that
+#      result in CGI requests.
+#
+#      In some environments it may be desirable to embed links to CGI
+#      pages on external pages, for example on an Intranet homepage
+#      the Privoxy admin controls.
+#
+#      The "trusted-cgi-referer" option can be used to add that page,
+#      or the whole domain, as trusted source so the resulting
+#      requests aren't rejected. Requests are accepted if the
+#      specified trusted-cgi-refer is the prefix of the Referer.
+#
+#      +-----------------------------------------------------+
+#      |                       Warning                       |
+#      |-----------------------------------------------------|
+#      |Declaring pages the admin doesn't control trustworthy|
+#      |may allow malicious third parties to modify Privoxy's|
+#      |internal state against the user's wishes and without |
+#      |the user's knowledge.                                |
+#      +-----------------------------------------------------+
+#
+trusted-cgi-referer http://www.example.org/
+#
+#
 #  5. FORWARDING
 #  ==============
 #
@@ -2186,6 +2239,53 @@ socket-timeout 300
 #
 #
 #
+#  6.17. receive-buffer-size
+#  ==========================
+#
+#  Specifies:
+#
+#      The size of the buffer Privoxy uses to receive data from the
+#      server.
+#
+#  Type of value:
+#
+#      Size in bytes
+#
+#  Default value:
+#
+#      5000
+#
+#  Notes:
+#
+#      Increasing the receive-buffer-size increases Privoxy's memory
+#      usage but can lower the number of context switches and thereby
+#      reduce the cpu usage and potentially increase the throughput.
+#
+#      This is mostly relevant for fast network connections and large
+#      downloads that don't require filtering.
+#
+#      Reducing the buffer size reduces the amount of memory Privoxy
+#      needs to handle the request but increases the number of
+#      systemcalls and may reduce the throughput.
+#
+#      A dtrace command like: "sudo dtrace -n 'syscall::read:return /
+#      execname == "privoxy"/ { @[execname] = llquantize(arg0, 10, 0,
+#      5, 20); @m = max(arg0)}'" can be used to properly tune the
+#      receive-buffer-size. On systems without dtrace, strace or
+#      truss may be used as less convenient alternatives.
+#
+#      If the buffer is too large it will increase Privoxy's memory
+#      footprint without any benefit. As the memory is (currently)
+#      cleared before using it, a buffer that is too large can
+#      actually reduce the throughput.
+#
+#  Examples:
+#
+#            # Increase the receive buffer size
+#            receive-buffer-size 32768
+#
+#
+#
 #  7. WINDOWS GUI OPTIONS
 #  =======================
 #
-- 
2.39.2