From: Fabian Keil <fk@fabiankeil.de>
Date: Thu, 7 Mar 2013 14:12:22 +0000 (+0000)
Subject: Rebuild documentation for enable-proxy-authentication-forwarding
X-Git-Tag: v_3_0_21~3
X-Git-Url: http://www.privoxy.org/gitweb/@default-cgi@/faq/%22https:/%22javascript:back()/user-manual/diff?a=commitdiff_plain;h=6d60ac0445984436221788b6967c6c1459efe08c;p=privoxy.git
Rebuild documentation for enable-proxy-authentication-forwarding
---
diff --git a/doc/webserver/user-manual/actions-file.html b/doc/webserver/user-manual/actions-file.html
index faa5e629..896fc341 100644
--- a/doc/webserver/user-manual/actions-file.html
+++ b/doc/webserver/user-manual/actions-file.html
@@ -117,7 +117,7 @@
in <tt class="FILENAME">default.action</tt> are:</p>
<div class="TABLE">
- <a name="AEN2826" id="AEN2826"></a>
+ <a name="AEN2858" id="AEN2858"></a>
<p><b>Table 1. Default Configurations</b></p>
@@ -314,7 +314,7 @@
actions</a>.</p>
<div class="SECT2">
- <h2 class="SECT2"><a name="AEN2925" id="AEN2925">8.1. Finding the Right
+ <h2 class="SECT2"><a name="AEN2957" id="AEN2957">8.1. Finding the Right
Mix</a></h2>
<p>Note that some <a href="actions-file.html#ACTIONS">actions</a>, like
@@ -339,7 +339,7 @@
</div>
<div class="SECT2">
- <h2 class="SECT2"><a name="AEN2932" id="AEN2932">8.2. How to
+ <h2 class="SECT2"><a name="AEN2964" id="AEN2964">8.2. How to
Edit</a></h2>
<p>The easiest way to edit the actions files is with a browser by using
@@ -529,7 +529,7 @@
</div>
<div class="SECT3">
- <h3 class="SECT3"><a name="AEN3044" id="AEN3044">8.4.1. The Domain
+ <h3 class="SECT3"><a name="AEN3076" id="AEN3076">8.4.1. The Domain
Pattern</a></h3>
<p>The matching of the domain part offers some flexible options: if
@@ -634,7 +634,7 @@
</div>
<div class="SECT3">
- <h3 class="SECT3"><a name="AEN3120" id="AEN3120">8.4.2. The Path
+ <h3 class="SECT3"><a name="AEN3152" id="AEN3152">8.4.2. The Path
Pattern</a></h3>
<p><span class="APPLICATION">Privoxy</span> uses <span class=
@@ -4336,7 +4336,7 @@ example.org/instance-that-is-delivered-as-xml-but-is-not
</div>
<div class="SECT3">
- <h3 class="SECT3"><a name="AEN4795" id="AEN4795">8.5.35.
+ <h3 class="SECT3"><a name="AEN4827" id="AEN4827">8.5.35.
Summary</a></h3>
<p>Note that many of these actions have the potential to cause a page
@@ -4495,7 +4495,7 @@ example.org/instance-that-is-delivered-as-xml-but-is-not
together:</p>
<div class="SECT3">
- <h3 class="SECT3"><a name="AEN4859" id="AEN4859">8.7.1.
+ <h3 class="SECT3"><a name="AEN4891" id="AEN4891">8.7.1.
match-all.action</a></h3>
<p>Remember <span class="emphasis"><i class="EMPHASIS">all actions
@@ -4544,7 +4544,7 @@ example.org/instance-that-is-delivered-as-xml-but-is-not
</div>
<div class="SECT3">
- <h3 class="SECT3"><a name="AEN4881" id="AEN4881">8.7.2.
+ <h3 class="SECT3"><a name="AEN4913" id="AEN4913">8.7.2.
default.action</a></h3>
<p>If you aren't a developer, there's no need for you to edit the
@@ -4887,7 +4887,7 @@ wiki.
</div>
<div class="SECT3">
- <h3 class="SECT3"><a name="AEN4994" id="AEN4994">8.7.3.
+ <h3 class="SECT3"><a name="AEN5026" id="AEN5026">8.7.3.
user.action</a></h3>
<p>So far we are painting with a broad brush by setting general
diff --git a/doc/webserver/user-manual/appendix.html b/doc/webserver/user-manual/appendix.html
index 5a07a155..9b1cc1bf 100644
--- a/doc/webserver/user-manual/appendix.html
+++ b/doc/webserver/user-manual/appendix.html
@@ -293,7 +293,7 @@
</div>
<div class="SECT2">
- <h2 class="SECT2"><a name="AEN5870" id="AEN5870">14.2. Privoxy's
+ <h2 class="SECT2"><a name="AEN5902" id="AEN5902">14.2. Privoxy's
Internal Pages</a></h2>
<p>Since <span class="APPLICATION">Privoxy</span> proxies each
@@ -313,7 +313,7 @@
<ul>
<li>
- <p>Privoxy main page:</p><a name="AEN5884" id="AEN5884"></a>
+ <p>Privoxy main page:</p><a name="AEN5916" id="AEN5916"></a>
<blockquote class="BLOCKQUOTE">
<p><a href="http://config.privoxy.org/" target=
@@ -328,8 +328,8 @@
<li>
<p>Show information about the current configuration, including
- viewing and editing of actions files:</p><a name="AEN5892" id=
- "AEN5892"></a>
+ viewing and editing of actions files:</p><a name="AEN5924" id=
+ "AEN5924"></a>
<blockquote class="BLOCKQUOTE">
<p><a href="http://config.privoxy.org/show-status" target=
@@ -338,8 +338,8 @@
</li>
<li>
- <p>Show the source code version numbers:</p><a name="AEN5897" id=
- "AEN5897"></a>
+ <p>Show the source code version numbers:</p><a name="AEN5929" id=
+ "AEN5929"></a>
<blockquote class="BLOCKQUOTE">
<p><a href="http://config.privoxy.org/show-version" target=
@@ -348,8 +348,8 @@
</li>
<li>
- <p>Show the browser's request headers:</p><a name="AEN5902" id=
- "AEN5902"></a>
+ <p>Show the browser's request headers:</p><a name="AEN5934" id=
+ "AEN5934"></a>
<blockquote class="BLOCKQUOTE">
<p><a href="http://config.privoxy.org/show-request" target=
@@ -358,8 +358,8 @@
</li>
<li>
- <p>Show which actions apply to a URL and why:</p><a name="AEN5907"
- id="AEN5907"></a>
+ <p>Show which actions apply to a URL and why:</p><a name="AEN5939"
+ id="AEN5939"></a>
<blockquote class="BLOCKQUOTE">
<p><a href="http://config.privoxy.org/show-url-info" target=
@@ -373,20 +373,20 @@
<span class="QUOTE">"off"</span>, <span class=
"QUOTE">"Privoxy"</span> continues to run, but only as a
pass-through proxy, with no actions taking place:</p><a name=
- "AEN5915" id="AEN5915"></a>
+ "AEN5947" id="AEN5947"></a>
<blockquote class="BLOCKQUOTE">
<p><a href="http://config.privoxy.org/toggle" target=
"_top">http://config.privoxy.org/toggle</a></p>
</blockquote>
- <p>Short cuts. Turn off, then on:</p><a name="AEN5919" id=
- "AEN5919"></a>
+ <p>Short cuts. Turn off, then on:</p><a name="AEN5951" id=
+ "AEN5951"></a>
<blockquote class="BLOCKQUOTE">
<p><a href="http://config.privoxy.org/toggle?set=disable" target=
"_top">http://config.privoxy.org/toggle?set=disable</a></p>
- </blockquote><a name="AEN5922" id="AEN5922"></a>
+ </blockquote><a name="AEN5954" id="AEN5954"></a>
<blockquote class="BLOCKQUOTE">
<p><a href="http://config.privoxy.org/toggle?set=enable" target=
diff --git a/doc/webserver/user-manual/config.html b/doc/webserver/user-manual/config.html
index bff23307..38f75fd1 100644
--- a/doc/webserver/user-manual/config.html
+++ b/doc/webserver/user-manual/config.html
@@ -1685,6 +1685,66 @@
</dl>
</div>
</div>
+
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="ENABLE-PROXY-AUTHENTICATION-FORWARDING"
+ id="ENABLE-PROXY-AUTHENTICATION-FORWARDING">7.4.9.
+ enable-proxy-authentication-forwarding</a></h4>
+
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Specifies:</dt>
+
+ <dd>
+ <p>Whether or not proxy authentication through <span class=
+ "APPLICATION">Privoxy</span> should work.</p>
+ </dd>
+
+ <dt>Type of value:</dt>
+
+ <dd>
+ <p>0 or 1</p>
+ </dd>
+
+ <dt>Default value:</dt>
+
+ <dd>
+ <p>0</p>
+ </dd>
+
+ <dt>Effect if unset:</dt>
+
+ <dd>
+ <p>Proxy authentication headers are removed.</p>
+ </dd>
+
+ <dt>Notes:</dt>
+
+ <dd>
+ <p>Privoxy itself does not support proxy authentication, but
+ can allow clients to authenticate against Privoxy's parent
+ proxy.</p>
+
+ <p>By default Privoxy (3.0.21 and later) don't do that and
+ remove Proxy-Authorization headers in requests and
+ Proxy-Authenticate headers in responses to make it harder for
+ malicious sites to trick inexperienced users into providing
+ login information.</p>
+
+ <p>If this option is enabled the headers are forwarded.</p>
+
+ <p>Enabling this option is <span class="emphasis"><i class=
+ "EMPHASIS">not recommended</i></span> if there is no parent
+ proxy that requires authentication or if the local network
+ between Privoxy and the parent proxy isn't trustworthy. If
+ proxy authentication is only required for some requests, it is
+ recommended to use a client header filter to remove the
+ authentication headers for requests where they aren't
+ needed.</p>
+ </dd>
+ </dl>
+ </div>
+ </div>
</div>
<div class="SECT2">
diff --git a/doc/webserver/user-manual/configuration.html b/doc/webserver/user-manual/configuration.html
index 9f25f72d..1e2e346c 100644
--- a/doc/webserver/user-manual/configuration.html
+++ b/doc/webserver/user-manual/configuration.html
@@ -46,7 +46,7 @@
controlled easily with a web browser.</p>
<div class="SECT2">
- <h2 class="SECT2"><a name="AEN1074" id="AEN1074">6.1. Controlling
+ <h2 class="SECT2"><a name="AEN1078" id="AEN1078">6.1. Controlling
Privoxy with Your Web Browser</a></h2>
<p><span class="APPLICATION">Privoxy</span>'s user interface can be
@@ -63,8 +63,10 @@
</pre>
- <h2 class="BRIDGEHEAD"><a name="AEN1082" id=
- "AEN1082"></a> Privoxy Menu</h2>
+ <h2 class="BRIDGEHEAD"><a name="AEN1086" id=
+ "AEN1086"></a> Privoxy Menu</h2>
+ <pre>
+</pre>
<table border="0">
<tbody>
diff --git a/doc/webserver/user-manual/filter-file.html b/doc/webserver/user-manual/filter-file.html
index a9aac417..f01f6893 100644
--- a/doc/webserver/user-manual/filter-file.html
+++ b/doc/webserver/user-manual/filter-file.html
@@ -151,7 +151,7 @@ FILTER: foo Replace all "foo" with "bar"
started.</p>
<div class="SECT2">
- <h2 class="SECT2"><a name="AEN5149" id="AEN5149">9.1. Filter File
+ <h2 class="SECT2"><a name="AEN5181" id="AEN5181">9.1. Filter File
Tutorial</a></h2>
<p>Now, let's complete our <span class="QUOTE">"foo"</span> content
diff --git a/doc/webserver/user-manual/index.html b/doc/webserver/user-manual/index.html
index 95276124..28bf43a3 100644
--- a/doc/webserver/user-manual/index.html
+++ b/doc/webserver/user-manual/index.html
@@ -23,7 +23,7 @@
2001-2013 by <a href="http://www.privoxy.org/" target="_top">Privoxy
Developers</a></sub><br></p>
- <p class="PUBDATE">$Id: user-manual.sgml,v 2.173 2013/03/01 17:44:24
+ <p class="PUBDATE">$Id: user-manual.sgml,v 2.174 2013/03/02 14:39:24
fabiankeil Exp $<br></p>
<div>
@@ -173,7 +173,7 @@
<dd>
<dl>
- <dt>6.1. <a href="configuration.html#AEN1074">Controlling Privoxy
+ <dt>6.1. <a href="configuration.html#AEN1078">Controlling Privoxy
with Your Web Browser</a></dt>
<dt>6.2. <a href="configuration.html#CONFOVERVIEW">Configuration
@@ -267,6 +267,9 @@
<dt>7.4.8. <a href=
"config.html#BUFFER-LIMIT">buffer-limit</a></dt>
+
+ <dt>7.4.9. <a href=
+ "config.html#ENABLE-PROXY-AUTHENTICATION-FORWARDING">enable-proxy-authentication-forwarding</a></dt>
</dl>
</dd>
@@ -342,10 +345,10 @@
<dd>
<dl>
- <dt>8.1. <a href="actions-file.html#AEN2925">Finding the Right
+ <dt>8.1. <a href="actions-file.html#AEN2957">Finding the Right
Mix</a></dt>
- <dt>8.2. <a href="actions-file.html#AEN2932">How to Edit</a></dt>
+ <dt>8.2. <a href="actions-file.html#AEN2964">How to Edit</a></dt>
<dt>8.3. <a href="actions-file.html#ACTIONS-APPLY">How Actions
are Applied to Requests</a></dt>
@@ -355,10 +358,10 @@
<dd>
<dl>
- <dt>8.4.1. <a href="actions-file.html#AEN3044">The Domain
+ <dt>8.4.1. <a href="actions-file.html#AEN3076">The Domain
Pattern</a></dt>
- <dt>8.4.2. <a href="actions-file.html#AEN3120">The Path
+ <dt>8.4.2. <a href="actions-file.html#AEN3152">The Path
Pattern</a></dt>
<dt>8.4.3. <a href="actions-file.html#TAG-PATTERN">The Tag
@@ -472,7 +475,7 @@
"actions-file.html#SET-IMAGE-BLOCKER">set-image-blocker</a></dt>
<dt>8.5.35. <a href=
- "actions-file.html#AEN4795">Summary</a></dt>
+ "actions-file.html#AEN4827">Summary</a></dt>
</dl>
</dd>
@@ -484,13 +487,13 @@
<dd>
<dl>
<dt>8.7.1. <a href=
- "actions-file.html#AEN4859">match-all.action</a></dt>
+ "actions-file.html#AEN4891">match-all.action</a></dt>
<dt>8.7.2. <a href=
- "actions-file.html#AEN4881">default.action</a></dt>
+ "actions-file.html#AEN4913">default.action</a></dt>
<dt>8.7.3. <a href=
- "actions-file.html#AEN4994">user.action</a></dt>
+ "actions-file.html#AEN5026">user.action</a></dt>
</dl>
</dd>
</dl>
@@ -500,7 +503,7 @@
<dd>
<dl>
- <dt>9.1. <a href="filter-file.html#AEN5149">Filter File
+ <dt>9.1. <a href="filter-file.html#AEN5181">Filter File
Tutorial</a></dt>
<dt>9.2. <a href="filter-file.html#PREDEFINED-FILTERS">The
@@ -564,7 +567,7 @@
<dt>14.1. <a href="appendix.html#REGEX">Regular
Expressions</a></dt>
- <dt>14.2. <a href="appendix.html#AEN5870">Privoxy's Internal
+ <dt>14.2. <a href="appendix.html#AEN5902">Privoxy's Internal
Pages</a></dt>
<dd>
diff --git a/doc/webserver/user-manual/quickstart.html b/doc/webserver/user-manual/quickstart.html
index 13d9b237..880d3bd7 100644
--- a/doc/webserver/user-manual/quickstart.html
+++ b/doc/webserver/user-manual/quickstart.html
@@ -343,7 +343,7 @@
"GUIBUTTON">Edit</span>"</span>:</p>
<div class="FIGURE">
- <a name="AEN850" id="AEN850"></a>
+ <a name="AEN854" id="AEN854"></a>
<p><b>Figure 1. Actions Files in Use</b></p>
diff --git a/doc/webserver/user-manual/startup.html b/doc/webserver/user-manual/startup.html
index 664c2272..c0868408 100644
--- a/doc/webserver/user-manual/startup.html
+++ b/doc/webserver/user-manual/startup.html
@@ -55,7 +55,7 @@
protocols.</p>
<div class="FIGURE">
- <a name="AEN905" id="AEN905"></a>
+ <a name="AEN909" id="AEN909"></a>
<p><b>Figure 2. Proxy Configuration Showing Mozilla/Netscape HTTP and
HTTPS (SSL) Settings</b></p>
@@ -112,7 +112,7 @@
only HTTP and HTTPS (SSL)!</p>
<div class="FIGURE">
- <a name="AEN950" id="AEN950"></a>
+ <a name="AEN954" id="AEN954"></a>
<p><b>Figure 3. Proxy Configuration Showing Internet Explorer HTTP and
HTTPS (Secure) Settings</b></p>
diff --git a/doc/webserver/user-manual/whatsnew.html b/doc/webserver/user-manual/whatsnew.html
index 0d3e4bf6..07a5a289 100644
--- a/doc/webserver/user-manual/whatsnew.html
+++ b/doc/webserver/user-manual/whatsnew.html
@@ -42,9 +42,9 @@
Release</a></h1>
<p><span class="APPLICATION">Privoxy 3.0.21</span> stable is a bug-fix
- release for Privoxy 3.0.20 beta. It also addresses a security issue that
- affects all previous Privoxy versions (on some platforms). The changes
- since 3.0.20 beta are:</p>
+ release for Privoxy 3.0.20 beta. It also addresses two security issues
+ that affect all previous Privoxy versions. The changes since 3.0.20 beta
+ are:</p>
<ul>
<li>
@@ -58,6 +58,14 @@
limit to be reached.</p>
</li>
+ <li>
+ <p>Proxy authentication headers are removed unless the new
+ directive enable-proxy-authentication-forwarding is used.
+ Forwarding the headers potentionally allows malicious sites to
+ trick the user into providing it with login information. Reported
+ by Chris John Riley.</p>
+ </li>
+
<li>
<p>Compiles on OS/2 again now that unistd.h is only included on
platforms that have it.</p>
@@ -105,9 +113,10 @@
<p>Unblock '.advrider.com/' and '/.*ADVrider'. Anonymously
reported in #3603636.</p>
</li>
+
<li>
- <p>Stop blocking '/js/slider\.js'.
- Reported by Adam Piggott in #3606635 and _lvm in #2791160.</p>
+ <p>Stop blocking '/js/slider\.js'. Reported by Adam Piggott in
+ #3606635 and _lvm in #2791160.</p>
</li>
</ul>
</li>