From cadb70739eb73f8921488f8214cd83e5b3f2ec76 Mon Sep 17 00:00:00 2001 From: Lee Date: Sat, 10 Apr 2021 13:18:15 -0400 Subject: [PATCH] remove leading spaces from and blocks we automatically add two leading spaces to every line in and blocks now, so remove the explicit indentation that was there. --- doc/source/buildsource.sgml | 42 +- doc/source/developer-manual.sgml | 122 +++--- doc/source/faq.sgml | 76 ++-- doc/source/p-config.sgml | 202 +++++----- doc/source/user-manual.sgml | 645 ++++++++++++++++--------------- 5 files changed, 563 insertions(+), 524 deletions(-) diff --git a/doc/source/buildsource.sgml b/doc/source/buildsource.sgml index 81013cd2..77892487 100644 --- a/doc/source/buildsource.sgml +++ b/doc/source/buildsource.sgml @@ -33,8 +33,8 @@ - tar xzvf privoxy-&p-version;-src.tar.gz - cd privoxy-&p-version; +tar xzvf privoxy-&p-version;-src.tar.gz +cd privoxy-&p-version; @@ -42,8 +42,8 @@ - cd <root-dir> - git clone https://www.privoxy.org/git/privoxy.git +cd <root-dir> +git clone https://www.privoxy.org/git/privoxy.git @@ -77,13 +77,13 @@ /etc/passwd might then look like: - privoxy:*:7777:7777:privoxy proxy:/no/home:/no/shell +privoxy:*:7777:7777:privoxy proxy:/no/home:/no/shell And then /etc/group, like: - privoxy:*:7777: +privoxy:*:7777: Some binary packages may do this for you. @@ -93,22 +93,23 @@ Then, to build from either unpacked tarball or Git checkout: - - autoheader - autoconf - ./configure # (--help to see options) - make # (the make from GNU, sometimes called gmake) - su # Possibly required - make -n install # (to see where all the files will go) - make -s install # (to really install, -s to silence output) + +autoheader +autoconf +./configure # (--help to see options) +make # (the make from GNU, sometimes called gmake) +su # Possibly required +make -n install # (to see where all the files will go) +make -s install # (to really install, -s to silence output) + Using GNU make, you can have the first four steps automatically done for you by just typing: - - make + +make @@ -120,8 +121,9 @@ users cannot easily bypass the proxy (e.g. Go There Anyway), or alter their own configurations, configure like this: - - ./configure --disable-toggle --disable-editor --disable-force + +./configure --disable-toggle --disable-editor --disable-force + Note that all of these options can also be disabled through the configuration file. @@ -149,8 +151,8 @@ on the make command line, but be sure both already exist: - - make -s install USER=privoxy GROUP=privoxy + +make -s install USER=privoxy GROUP=privoxy The default installation path for make install is diff --git a/doc/source/developer-manual.sgml b/doc/source/developer-manual.sgml index 2936a551..966ec0b7 100644 --- a/doc/source/developer-manual.sgml +++ b/doc/source/developer-manual.sgml @@ -2057,7 +2057,7 @@ fk@t520 ~ $privoxy-regression-test.pl --test-number 785 --verbose --debug 4 2020-12-14 12:17:56: Ooops. Expected removal but: 'Referer: https://p.p/' is still there. 2020-12-14 12:17:56: Failure for test 785 (0/13/5). Header 'Referer: https://p.p/' and tag 'hide-referrer{conditional-block}' 2020-12-14 12:17:56: Executed 1 regression tests. Skipped 1201. 0 successes, 1 failures. - + Use the if the --privoxy-address option if the http_proxy environment variable isn't configured and you don't want @@ -2294,12 +2294,12 @@ for-privoxy-version=3.0.11 Create the change log: - $ git tag - # to see the tags - $ git log [last release tag]..master > /tmp/log - # get the commit log since the last release - $ utils/makeChangeLog /tmp/log > /tmp/change.log - # reformat the commit log +$ git tag +# to see the tags +$ git log [last release tag]..master > /tmp/log +# get the commit log since the last release +$ utils/makeChangeLog /tmp/log > /tmp/change.log +# reformat the commit log Edit /tmp/change.log to remove trivial @@ -2322,7 +2322,7 @@ for-privoxy-version=3.0.11 doc/source/changelog.sgml: - $ utils/changelog2doc.pl /tmp/change.log >| doc/source/changelog.sgml +$ utils/changelog2doc.pl /tmp/change.log >| doc/source/changelog.sgml @@ -2340,11 +2340,11 @@ for-privoxy-version=3.0.11 All documentation should be rebuilt: - $ make man - $ make dok - $ make dok-man - $ make dok-tidy - $ make config-file +$ make man +$ make dok +$ make dok-man +$ make dok-tidy +$ make config-file Finished docs should be then be committed to Git (for those without the ability to build these). Some docs may require @@ -2417,11 +2417,11 @@ for-privoxy-version=3.0.11 - mkdir dist # delete or choose different name if it already exists - cd dist - git clone https://www.privoxy.org/git/privoxy.git - cd privoxy - git checkout v_X_Y_Z +mkdir dist # delete or choose different name if it already exists +cd dist +git clone https://www.privoxy.org/git/privoxy.git +cd privoxy +git checkout v_X_Y_Z @@ -2571,13 +2571,13 @@ for-privoxy-version=3.0.11 packages" above). Then run from that directory: - autoheader && autoconf && ./configure +autoheader && autoconf && ./configure Then do: - make tarball-dist +make tarball-dist @@ -2605,8 +2605,8 @@ for-privoxy-version=3.0.11 All you need to do is: - cd windows - make +cd windows +make Now you can manually rename privoxy_setup.exe to @@ -2616,8 +2616,8 @@ for-privoxy-version=3.0.11 GPG sign the installer and zip file, - $ gpg --armor --detach --sign privoxy_setup_X.Y.Z.exe - $ gpg --armor --detach --sign privoxy_X.Y.Z.zip +gpg --armor --detach --sign privoxy_setup_X.Y.Z.exe +gpg --armor --detach --sign privoxy_X.Y.Z.zip and upload the files to SourceForge. @@ -2634,62 +2634,62 @@ for-privoxy-version=3.0.11 Using git-buildpackage we start with a clone of the last Debian version: - gbp clone https://salsa.debian.org/debian/privoxy.git - cd privoxy +gbp clone https://salsa.debian.org/debian/privoxy.git +cd privoxy or if the repository is already there - cd privoxy - gbp pull +cd privoxy +gbp pull Now import the newly released upstream tarball via debian/watch file: - gbp import-orig --uscan +gbp import-orig --uscan Next update all Debian quilt patches to the new version: - while quilt push; do quilt refresh; done +while quilt push; do quilt refresh; done If some patch is no longer required (because it is already merged upstream), it can be removed using - quilt delete XX_patchname.patch - git rm debian/patches/XX_patchname.patch +quilt delete XX_patchname.patch +git rm debian/patches/XX_patchname.patch If the patch needs modification, you can apply, edit and update it with - quilt push -f - quilt edit some_file - quilt refresh +quilt push -f +quilt edit some_file +quilt refresh until - while quilt push; do quilt refresh; done +while quilt push; do quilt refresh; done succeeds. Then you can - quilt pop -a +quilt pop -a Now add a new entry to the debian/changelog representing the new version: - dch -v &p-version;-1 +dch -v &p-version;-1 and describe what you did before and don't forget to git commit all @@ -2699,26 +2699,26 @@ for-privoxy-version=3.0.11 Now you can build the package on the local machine using - gbp buildpackage -us -uc +gbp buildpackage -us -uc You should check for warnings using - lintian -iI ../build-area/privoxy_&p-version;-1_amd64.changes +lintian -iI ../build-area/privoxy_&p-version;-1_amd64.changes Maybe rebuild the package in different defined cowbuilder environments like - sudo cowbuilder --build --basepath /var/cache/pbuilder/base.cow ../build-area/privoxy_&p-version;-1.dsc +sudo cowbuilder --build --basepath /var/cache/pbuilder/base.cow ../build-area/privoxy_&p-version;-1.dsc And try to run autopackage testing suite on the result: - autopkgtest /var/cache/pbuilder/result/privoxy_&p-version;-1_amd64.changes -s -- schroot sid +autopkgtest /var/cache/pbuilder/result/privoxy_&p-version;-1_amd64.changes -s -- schroot sid Or just push the changes to salsa.debian.org, where a CI pipeline is @@ -2731,8 +2731,8 @@ for-privoxy-version=3.0.11 Then sign both files: - gpg --detach-sign --armor privoxy_&p-version;-1_i386.deb - gpg --detach-sign --armor privoxy_&p-version;-1_amd64.deb +gpg --detach-sign --armor privoxy_&p-version;-1_i386.deb +gpg --detach-sign --armor privoxy_&p-version;-1_amd64.deb Create a README file containing the recent block from debian/changelog @@ -2748,34 +2748,34 @@ for-privoxy-version=3.0.11 run the following commands: - sudo apt install build-essential devscripts - sudo apt-get build-dep privoxy +sudo apt install build-essential devscripts +sudo apt-get build-dep privoxy After this enter the checked out privoxy git tree and check that all (new) build dependencies are met: - dpkg-checkbuilddeps +dpkg-checkbuilddeps If something is missing, just add it using - sudo apt install foobar +sudo apt install foobar Now you may update debian/changelog, especially the version number using - dch +dch and finally build the package: - debuild -us -uc -b +debuild -us -uc -b If everything went okay, you may find the resulting Debian package in @@ -2785,15 +2785,15 @@ for-privoxy-version=3.0.11 You may want to clean up the build tree using - debian/rules clean +debian/rules clean And maybe repair some artefacts using one or both of the following commands: - git reset --hard - git clean -fd +git reset --hard +git clean -fd @@ -2817,7 +2817,7 @@ for-privoxy-version=3.0.11 follows into a folder parallel to the exported privoxy source: - cvs -z3 -d:pserver:anonymous@ijbswa.cvs.sourceforge.net:/cvsroot/ijbswa co OSXPackageBuilder +cvs -z3 -d:pserver:anonymous@ijbswa.cvs.sourceforge.net:/cvsroot/ijbswa co OSXPackageBuilder The module contains complete instructions on its usage in the file @@ -2844,14 +2844,14 @@ for-privoxy-version=3.0.11 exported privoxy source: - cvs -z3 -d:pserver:anonymous@ijbswa.cvs.sourceforge.net:/cvsroot/ijbswa co osxsetup +cvs -z3 -d:pserver:anonymous@ijbswa.cvs.sourceforge.net:/cvsroot/ijbswa co osxsetup Then run: - cd osxsetup - build +cd osxsetup +build This will run autoheader, autoconf @@ -2866,7 +2866,7 @@ for-privoxy-version=3.0.11 name, you can then create the distributable zip file with the command: - zip -r privoxyosx_setup_x.y.z.zip Privoxy.pkg +zip -r privoxyosx_setup_x.y.z.zip Privoxy.pkg You can then upload this file directly to the Files section of the @@ -2888,7 +2888,7 @@ for-privoxy-version=3.0.11 exported privoxy source: - cvs -z3 -d:pserver:anonymous@ijbswa.cvs.sourceforge.net:/cvsroot/ijbswa co macsetup +cvs -z3 -d:pserver:anonymous@ijbswa.cvs.sourceforge.net:/cvsroot/ijbswa co macsetup The module contains complete instructions on its usage in its @@ -2993,7 +2993,7 @@ for-privoxy-version=3.0.11 SGML files, do: - make dok +make dok && make dok-tidy That will generate doc/webserver/user-manual, @@ -3018,7 +3018,7 @@ for-privoxy-version=3.0.11 If these are docs in the stable branch, then do: - make webserver +make webserver This will do the upload to the SourceForge webserver (which is manually diff --git a/doc/source/faq.sgml b/doc/source/faq.sgml index b4ebb87f..69afd013 100644 --- a/doc/source/faq.sgml +++ b/doc/source/faq.sgml @@ -922,11 +922,13 @@ the differences? url="../user-manual/actions-file.html#ALIASES">alias just for such sticky situations: - # Gmail is a _fragile_ site: + +# Gmail is a _fragile_ site: # { fragile } - # Gmail is ... - mail.google.com +# Gmail is ... +mail.google.com + Be sure to flush your browser's caches whenever making these kinds of changes, just to make sure the changes take. @@ -1078,7 +1080,7 @@ with a browser? Does that not raise security issues? - listen-address 192.168.1.1:8118 +listen-address 192.168.1.1:8118 Save the file, and restart Privoxy. Configure @@ -1091,7 +1093,7 @@ with a browser? Does that not raise security issues? - listen-address :8118 +listen-address :8118 And then use Privoxy's @@ -1361,8 +1363,9 @@ and thus avoid individual browser configuration? both in and out, for example.com: - { -crunch-incoming-cookies -crunch-outgoing-cookies -session-cookies-only -filter{content-cookies} } - .example.com +{ -crunch-incoming-cookies -crunch-outgoing-cookies -session-cookies-only -filter{content-cookies} } +.example.com + Place the above in user.action. Note that some of these may be off by default anyway, so this might be redundant, but there is no harm @@ -1398,19 +1401,20 @@ and thus avoid individual browser configuration? Here's one real easy one: - ############################################################ - # Blacklist - ############################################################ - { +block } - / # Block *all* URLs - - ############################################################ - # Whitelist - ############################################################ - { -block } - kids.example.com - toys.example.com - games.example.com +############################################################ +# Blacklist +############################################################ +{ +block } +/ # Block *all* URLs + +############################################################ +# Whitelist +############################################################ +{ -block } +kids.example.com +toys.example.com +games.example.com + This allows access to only those three sites by first blocking all URLs, and then subsequently allowing three specific exceptions. @@ -1454,20 +1458,22 @@ and thus avoid individual browser configuration? following very simple rule in your user.action: - # Unblock everybody, everywhere - { -block } - / # UN-Block *all* URLs +# Unblock everybody, everywhere +{ -block } +/ # UN-Block *all* URLs + Or even a more comprehensive reversing of various ad related actions: - # Unblock everybody, everywhere, and turn off appropriate filtering, etc - { -block \ +# Unblock everybody, everywhere, and turn off appropriate filtering, etc +{ -block \ -filter{banners-by-size} \ -filter{banners-by-link} \ allow-popups \ - } - / # UN-Block *all* URLs and allow ads +} +/ # UN-Block *all* URLs and allow ads + This last action in this compound statement, allow-popups, is an BLOCKED page? available as compile-time options. You should configure the sources as follows: - - ./configure --disable-toggle --disable-editor --disable-force + +./configure --disable-toggle --disable-editor --disable-force + This will create an executable with hard-coded security features so that &my-app; does not allow easy bypassing of blocked sites, or changing the @@ -2200,11 +2207,12 @@ altered it! Yikes, what is wrong! configuration, consider adding your list to your user.action file: - { +block } - www.ad.example1.com - ad.example2.com - ads.galore.example.com - etc.example.com +{ +block } +www.ad.example1.com +ad.example2.com +ads.galore.example.com +etc.example.com + diff --git a/doc/source/p-config.sgml b/doc/source/p-config.sgml index 53985876..679aa036 100644 --- a/doc/source/p-config.sgml +++ b/doc/source/p-config.sgml @@ -241,22 +241,22 @@ II. FORMAT OF THE CONFIGURATION FILE Unix, in local filesystem (may not work with all browsers): -   user-manual  file:///usr/share/doc/privoxy-&p-version;/user-manual/ + user-manual file:///usr/share/doc/privoxy-&p-version;/user-manual/ Windows, in local filesystem, must use forward slash notation: -   user-manual  file:/c:/some-dir/privoxy-&p-version;/user-manual/ + user-manual file:/c:/some-dir/privoxy-&p-version;/user-manual/ Windows, UNC notation (with forward slashes): -   user-manual  file://///some-server/some-path/privoxy-&p-version;/user-manual/ + user-manual file://///some-server/some-path/privoxy-&p-version;/user-manual/ --> The best all purpose solution is simply to put the full local PATH to where the User Manual is located: - user-manual /usr/share/doc/privoxy/user-manual + user-manual /usr/share/doc/privoxy/user-manual The User Manual is then available to anyone with access to Privoxy, by following the built-in URL: @@ -267,7 +267,7 @@ II. FORMAT OF THE CONFIGURATION FILE If the documentation is not on the local system, it can be accessed from a remote server, as: - user-manual http://example.com/privoxy/user-manual/ + user-manual http://example.com/privoxy/user-manual/ @@ -1017,22 +1017,22 @@ actionsfile The available debug levels are: - debug 1 # Log the destination for each request. See also debug 1024. - debug 2 # show each connection status - debug 4 # show tagging-related messages - debug 8 # show header parsing - debug 16 # log all data written to the network - debug 32 # debug force feature - debug 64 # debug regular expression filters - debug 128 # debug redirects - debug 256 # debug GIF de-animation - debug 512 # Common Log Format - debug 1024 # Log the destination for requests &my-app; didn't let through, and the reason why. - debug 2048 # CGI user interface - debug 4096 # Startup banner and warnings. - debug 8192 # Non-fatal errors - debug 32768 # log all data read from the network - debug 65536 # Log the applying actions +debug 1 # Log the destination for each request. See also debug 1024. +debug 2 # show each connection status +debug 4 # show tagging-related messages +debug 8 # show header parsing +debug 16 # log all data written to the network +debug 32 # debug force feature +debug 64 # debug regular expression filters +debug 128 # debug redirects +debug 256 # debug GIF de-animation +debug 512 # Common Log Format +debug 1024 # Log the destination for requests &my-app; didn't let through, and the reason why. +debug 2048 # CGI user interface +debug 4096 # Startup banner and warnings. +debug 8192 # Non-fatal errors +debug 32768 # log all data read from the network +debug 65536 # Log the applying actions To select multiple debug levels, you can either add them or use @@ -1312,7 +1312,7 @@ actionsfile You want it to serve requests from inside only: - listen-address 192.168.0.1:8118 +listen-address 192.168.0.1:8118 Suppose you are running Privoxy on an @@ -1320,7 +1320,7 @@ actionsfile of the loopback device: - listen-address [::1]:8118 +listen-address [::1]:8118 @@ -1769,14 +1769,14 @@ ACLs: permit-access and deny-access all destination addresses are OK: - permit-access localhost +permit-access localhost Allow any host on the same class C subnet as www.privoxy.org access to nothing but www.example.com (or other domains hosted on the same system): - permit-access www.privoxy.org/24 www.example.com/32 +permit-access www.privoxy.org/24 www.example.com/32 Allow access from any host on the 26-bit subnet 192.168.45.64 to anywhere, @@ -1784,22 +1784,22 @@ ACLs: permit-access and deny-access www.dirty-stuff.example.com: - permit-access 192.168.45.64/26 - deny-access 192.168.45.73 www.dirty-stuff.example.com +permit-access 192.168.45.64/26 +deny-access 192.168.45.73 www.dirty-stuff.example.com Allow access from the IPv4 network 192.0.2.0/24 even if listening on an IPv6 wild card address (not supported on all platforms): - permit-access 192.0.2.0/24 +permit-access 192.0.2.0/24 This is equivalent to the following line even if listening on an IPv4 address (not supported on all platforms): - permit-access [::ffff:192.0.2.0]/120 +permit-access [::ffff:192.0.2.0]/120 @@ -2180,30 +2180,30 @@ ACLs: permit-access and deny-access Everything goes to an example parent proxy, except SSL on port 443 (which it doesn't handle): - forward / parent-proxy.example.org:8080 - forward :443 . +forward / parent-proxy.example.org:8080 +forward :443 . Everything goes to our example ISP's caching proxy, except for requests to that ISP's sites: - forward / caching-proxy.isp.example.net:8000 - forward .isp.example.net . +forward / caching-proxy.isp.example.net:8000 +forward .isp.example.net . Parent proxy specified by an IPv6 address: - forward / [2001:DB8::1]:8000 +forward / [2001:DB8::1]:8000 Suppose your parent proxy doesn't support IPv6: - forward / parent-proxy.example.org:8000 - forward ipv6-server.example.org . - forward <[2-3][0-9a-f][0-9a-f][0-9a-f]:*> . +forward / parent-proxy.example.org:8000 +forward ipv6-server.example.org . +forward <[2-3][0-9a-f][0-9a-f][0-9a-f]:*> . @@ -2311,21 +2311,21 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t the Internet. - forward-socks4a / socks-gw.example.com:1080 www-cache.isp.example.net:8080 - forward .example.com . +forward-socks4a / socks-gw.example.com:1080 www-cache.isp.example.net:8080 +forward .example.com . A rule that uses a SOCKS 4 gateway for all destinations but no HTTP parent looks like this: - forward-socks4 / socks-gw.example.com:1080 . +forward-socks4 / socks-gw.example.com:1080 . To connect SOCKS5 proxy which requires username/password authentication: - forward-socks5 / user:pass@socks-gw.example.com:1080 . +forward-socks5 / user:pass@socks-gw.example.com:1080 . @@ -2333,7 +2333,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t something like: - forward-socks5t / 127.0.0.1:9050 . +forward-socks5t / 127.0.0.1:9050 . Note that if you got Tor through one of the bundles, you may @@ -2347,9 +2347,9 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t therefore might want to make some exceptions: - forward 192.168.*.*/ . - forward 10.*.*.*/ . - forward 127.*.*.*/ . +forward 192.168.*.*/ . +forward 10.*.*.*/ . +forward 127.*.*.*/ . Unencrypted connections to systems in these address ranges will @@ -2364,7 +2364,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t this: - forward localhost/ . +forward localhost/ . @@ -2393,18 +2393,18 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t host-a: - - forward / . - forward .isp-b.example.net host-b:8118 + +forward / . +forward .isp-b.example.net host-b:8118 host-b: - - forward / . - forward .isp-a.example.org host-a:8118 + +forward / . +forward .isp-a.example.org host-a:8118 @@ -2424,18 +2424,19 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t run on the same box, your squid configuration could then look like this: - - # Define Privoxy as parent proxy (without ICP) - cache_peer 127.0.0.1 parent 8118 7 no-query + +# Define Privoxy as parent proxy (without ICP) +cache_peer 127.0.0.1 parent 8118 7 no-query - # Define ACL for protocol FTP - acl ftp proto FTP +# Define ACL for protocol FTP +acl ftp proto FTP - # Do not forward FTP requests to Privoxy - always_direct allow ftp +# Do not forward FTP requests to Privoxy +always_direct allow ftp - # Forward all the rest to Privoxy - never_direct allow all +# Forward all the rest to Privoxy +never_direct allow all + You would then need to change your browser's proxy settings to squid's address and port. @@ -2448,9 +2449,10 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t say, on antivir.example.com, port 8010: - - forward / . - forward /.*\.(exe|com|dll|zip)$ antivir.example.com:8010 + +forward / . +forward /.*\.(exe|com|dll|zip)$ antivir.example.com:8010 + ]]> @@ -3514,18 +3516,18 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t Examples: - # Best speed (compared to the other levels) - compression-level 1 - - # Best compression - compression-level 9 - - # No compression. Only useful for testing as the added header - # slightly increases the amount of data that has to be sent. - # If your benchmark shows that using this compression level - # is superior to using no compression at all, the benchmark - # is likely to be flawed. - compression-level 0 +# Best speed (compared to the other levels) +compression-level 1 + +# Best compression +compression-level 9 + +# No compression. Only useful for testing as the added header +# slightly increases the amount of data that has to be sent. +# If your benchmark shows that using this compression level +# is superior to using no compression at all, the benchmark +# is likely to be flawed. +compression-level 0 @@ -3676,15 +3678,15 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t Examples: - # Define a couple of tags, the described effect requires action sections - # that are enabled based on CLIENT-TAG patterns. - client-specific-tag circumvent-blocks Overrule blocks but do not affect other actions - client-specific-tag disable-content-filters Disable content-filters but do not affect other actions - client-specific-tag overrule-redirects Overrule redirect sections - client-specific-tag allow-cookies Do not crunch cookies in either direction - client-specific-tag change-tor-socks-port Change forward-socks5 settings to use a different Tor socks port (and circuits) - client-specific-tag no-https-inspection Disable HTTPS inspection - client-specific-tag no-tls-verification Don't verify certificates when http-inspection is enabled + # Define a couple of tags, the described effect requires action sections + # that are enabled based on CLIENT-TAG patterns. + client-specific-tag circumvent-blocks Overrule blocks but do not affect other actions + client-specific-tag disable-content-filters Disable content-filters but do not affect other actions + client-specific-tag overrule-redirects Overrule redirect sections + client-specific-tag allow-cookies Do not crunch cookies in either direction + client-specific-tag change-tor-socks-port Change forward-socks5 settings to use a different Tor socks port (and circuits) + client-specific-tag no-https-inspection Disable HTTPS inspection + client-specific-tag no-tls-verification Don't verify certificates when http-inspection is enabled @@ -3738,8 +3740,8 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t Example: - # Increase the time to life for temporarily enabled tags to 3 minutes - client-tag-lifetime 180 + # Increase the time to life for temporarily enabled tags to 3 minutes + client-tag-lifetime 180 @@ -3804,9 +3806,9 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t Example: - # Allow systems that can reach Privoxy to provide the client - # IP address with a X-Forwarded-For header. - trust-x-forwarded-for 1 + # Allow systems that can reach Privoxy to provide the client + # IP address with a X-Forwarded-For header. + trust-x-forwarded-for 1 @@ -3877,8 +3879,8 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t Example: - # Increase the receive buffer size - receive-buffer-size 32768 + # Increase the receive buffer size + receive-buffer-size 32768 @@ -4302,8 +4304,8 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t Examples: - # Explicitly set a couple of ciphers with names used by MbedTLS - cipher-list cipher-list TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256:\ + # Explicitly set a couple of ciphers with names used by MbedTLS +cipher-list cipher-list TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256:\ TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256:\ TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256:\ TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:\ @@ -4334,9 +4336,9 @@ TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256:\ TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384:\ TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256:\ TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 - + - # Explicitly set a couple of ciphers with names used by OpenSSL + # Explicitly set a couple of ciphers with names used by OpenSSL cipher-list ECDHE-RSA-AES256-GCM-SHA384:\ ECDHE-ECDSA-AES256-GCM-SHA384:\ DH-DSS-AES256-GCM-SHA384:\ @@ -4355,11 +4357,11 @@ ECDH-RSA-AES128-GCM-SHA256:\ ECDH-ECDSA-AES128-GCM-SHA256:\ ECDHE-RSA-AES256-GCM-SHA384:\ AES128-SHA - + - # Use keywords instead of explicitly naming the ciphers (Does not work with MbedTLS) - cipher-list ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH - + # Use keywords instead of explicitly naming the ciphers (Does not work with MbedTLS) +cipher-list ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH + diff --git a/doc/source/user-manual.sgml b/doc/source/user-manual.sgml index 2d16b835..e6bbafb1 100644 --- a/doc/source/user-manual.sgml +++ b/doc/source/user-manual.sgml @@ -342,42 +342,42 @@ How to install the binary packages depends on your operating system: Run the setup program and from View / Category select: - Devel - autoconf 2.5 - automake 1.15 - binutils - cmake - gcc-core - gcc-g++ - git - make - mingw64-i686-gcc-core - mingw64-i686-zlib - Editors - vim - Libs - libxslt: GNOME XSLT library (runtime) - Net - curl - openssh - Text - docbook-dssl - docbook-sgml31 - docbook-utils - openjade - Utils - gnupg - Web - w3m +Devel + autoconf 2.5 + automake 1.15 + binutils + cmake + gcc-core + gcc-g++ + git + make + mingw64-i686-gcc-core + mingw64-i686-zlib +Editors + vim +Libs + libxslt: GNOME XSLT library (runtime) +Net + curl + openssh +Text + docbook-dssl + docbook-sgml31 + docbook-utils + openjade +Utils + gnupg +Web + w3m If you haven't already downloaded the Privoxy source code, get it now: - mkdir <root-dir> - cd <root-dir> - git clone https://www.privoxy.org/git/privoxy.git +mkdir <root-dir> +cd <root-dir> +git clone https://www.privoxy.org/git/privoxy.git @@ -387,10 +387,10 @@ How to install the binary packages depends on your operating system: unzip into <root-dir> and build the software: - cd <root-dir> - cd tidy-html5-x.y.z/build/cmake - cmake ../.. -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIB:BOOL=OFF -DCMAKE_INSTALL_PREFIX=/usr/local - make && make install +cd <root-dir> +cd tidy-html5-x.y.z/build/cmake +cmake ../.. -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIB:BOOL=OFF -DCMAKE_INSTALL_PREFIX=/usr/local +make && make install @@ -493,8 +493,8 @@ export LDFLAGS="${LDFLAGS} -fstack-protector-strong" To build just the Privoxy executable and not the whole installation package, do: - cd <root-dir>/privoxy - ./windows/MYconfigure && make +cd <root-dir>/privoxy +./windows/MYconfigure && make @@ -502,10 +502,10 @@ export LDFLAGS="${LDFLAGS} -fstack-protector-strong" for building software, so the process is: - $ autoheader # creates config.h.in - $ autoconf # uses config.h.in to create the configure shell script - $ ./configure [options] # creates GNUmakefile - $ make [options] # builds the program +autoheader # creates config.h.in +autoconf # uses config.h.in to create the configure shell script +./configure [options] # creates GNUmakefile +make [options] # builds the program @@ -528,11 +528,11 @@ export LDFLAGS="${LDFLAGS} -fstack-protector-strong" - $ export CFLAGS="-O2" # set gcc optimization level - $ export LDFLAGS="-Wl,--nxcompat" # Enable DEP - $ ./configure --host=i686-w64-mingw32 --enable-mingw32 --enable-zlib \ - > --enable-static-linking --disable-pthread --disable-dynamic-pcre - $ make # build Privoxy +$ export CFLAGS="-O2" # set gcc optimization level +$ export LDFLAGS="-Wl,--nxcompat" # Enable DEP +$ ./configure --host=i686-w64-mingw32 --enable-mingw32 --enable-zlib \ +> --enable-static-linking --disable-pthread +$ make # build Privoxy @@ -672,8 +672,9 @@ export LDFLAGS="${LDFLAGS} -fstack-protector-strong" use, filtering, you will need to force compression off. Example: - { +filter{google} +prevent-compression } - .google. +{ +filter{google} +prevent-compression } +.google. + Or if you use a number of filters, or filter many sites, you may just want to turn off compression for all sites in @@ -1214,7 +1215,7 @@ export LDFLAGS="${LDFLAGS} -fstack-protector-strong" file. - # /etc/init.d/privoxy start +# /etc/init.d/privoxy start @@ -1235,7 +1236,7 @@ export LDFLAGS="${LDFLAGS} -fstack-protector-strong" To start Privoxy manually, run: - # service privoxy onestart +# service privoxy onestart @@ -1263,7 +1264,7 @@ Click on the &my-app; Icon to start Privoxy. If no co Example Unix startup command: - # /usr/sbin/privoxy --user privoxy /etc/privoxy/config +# /usr/sbin/privoxy --user privoxy /etc/privoxy/config Note that if you installed Privoxy through @@ -2082,12 +2083,13 @@ for details. might look like: - - { +handle-as-image +block{Banner ads.} } - # Block these as if they were images. Send no block page. - banners.example.com - media.example.com/.*banners - .example.com/images/ads/ + +{ +handle-as-image +block{Banner ads.} } +# Block these as if they were images. Send no block page. +banners.example.com +media.example.com/.*banners +.example.com/images/ads/ + You can trace this process for URL patterns and any given URL by visiting disabled. Syntax: - +name # enable action name - -name # disable action name ++name # enable action name +-name # disable action name + Example: +handle-as-image @@ -2638,10 +2641,11 @@ example.org/blocked-example-page Parameterized, where some value is required in order to enable this type of action. Syntax: - - +name{param} # enable action and set parameter to param, - # overwriting parameter from previous match if necessary - -name # disable action. The parameter can be omitted + ++name{param} # enable action and set parameter to param, + # overwriting parameter from previous match if necessary +-name # disable action. The parameter can be omitted + Note that if the URL matches multiple positive forms of a parameterized action, the last match wins, i.e. the params from earlier matches are simply ignored. @@ -2660,11 +2664,12 @@ example.org/blocked-example-page that can be executed for the same request repeatedly, like adding multiple headers, or filtering through multiple filters. Syntax: - - +name{param} # enable action and add param to the list of parameters - -name{param} # remove the parameter param from the list of parameters - # If it was the last one left, disable the action. - -name # disable this action completely and remove all parameters from the list + ++name{param} # enable action and add param to the list of parameters +-name{param} # remove the parameter param from the list of parameters + # If it was the last one left, disable the action. +-name # disable this action completely and remove all parameters from the list + Examples: +add-header{X-Fun-Header: Some text} and +filter{html-annoyances} @@ -2864,18 +2869,20 @@ example.org/blocked-example-page Example usage (section): - {+block{No nasty stuff for you.}} + +{+block{No nasty stuff for you.}} # Block and replace with "blocked" page - .nasty-stuff.example.com +.nasty-stuff.example.com {+block{Doubleclick banners.} +handle-as-image} # Block and replace with image - .ad.doubleclick.net - .ads.r.us/banners/ +.ad.doubleclick.net +.ads.r.us/banners/ {+block{Layered ads.} +handle-as-empty-document} # Block and then ignore - adserver.example.net/.*\.js$ +adserver.example.net/.*\.js$ + @@ -4142,11 +4149,12 @@ problem-host.example.com Example usage: - { +fast-redirects{simple-check} } - one.example.com +{ +fast-redirects{simple-check} } +one.example.com - { +fast-redirects{check-decoded-url} } - another.example.com/testing +{ +fast-redirects{check-decoded-url} } +another.example.com/testing + @@ -4952,11 +4960,14 @@ new action Example usage: - # Disarm the download link in Sourceforge's patch tracker + +# Disarm the download link in Sourceforge's patch tracker { -filter \ - +content-type-overwrite{text/plain}\ - +hide-content-disposition{block} } - .sourceforge.net/tracker/download\.php + +content-type-overwrite{text/plain} \ + +hide-content-disposition{block} \ +} +.sourceforge.net/tracker/download\.php + @@ -5444,7 +5455,7 @@ www.example.com {+ignore-certificate-errors} www.example.org - + @@ -5701,19 +5712,20 @@ www.example.com # { +filter{tiny-textforms} +prevent-compression } # Match only these sites - .google. - sourceforge.net - sf.net +.google. +sourceforge.net +sf.net # Or instead, we could set a universal default: # { +prevent-compression } - / # Match all sites +/ # Match all sites # Then maybe make exceptions for broken sites: # { -prevent-compression } -.compusa.com/ +.compusa.com/ + @@ -5805,11 +5817,14 @@ new action Example usage: - # Let the browser revalidate without being tracked across sessions + +# Let the browser revalidate without being tracked across sessions { +hide-if-modified-since{-60} \ - +overwrite-last-modified{randomize} \ - +crunch-if-none-match} -/ + +overwrite-last-modified{randomize} \ + +crunch-if-none-match \ +} +/ + @@ -5900,14 +5915,15 @@ new action Example usages: - # Replace example.com's style sheet with another one + +# Replace example.com's style sheet with another one { +redirect{http://localhost/css-replacements/example.com.css} } - example.com/stylesheet\.css +example.com/stylesheet\.css # Create a short, easy to remember nickname for a favorite site # (relies on the browser to accept and forward invalid URLs to &my-app;) { +redirect{https://www.privoxy.org/user-manual/actions-file.html} } - a +a # Always use the expanded view for Undeadly.org articles # (Note the $ at the end of the URL pattern to make sure @@ -6438,32 +6454,33 @@ TAG:^IP-ADDRESS: 10\.0\.0\.1$ - # Useful custom aliases we can use later. - # - # Note the (required!) section header line and that this section - # must be at the top of the actions file! - # - {{alias}} +# Useful custom aliases we can use later. +# +# Note the (required!) section header line and that this section +# must be at the top of the actions file! +# +{{alias}} - # These aliases just save typing later: - # (Note that some already use other aliases!) - # - +crunch-all-cookies = +crunch-incoming-cookies +crunch-outgoing-cookies - -crunch-all-cookies = -crunch-incoming-cookies -crunch-outgoing-cookies - +block-as-image = +block{Blocked image.} +handle-as-image - allow-all-cookies = -crunch-all-cookies -session-cookies-only -filter{content-cookies} +# These aliases just save typing later: +# (Note that some already use other aliases!) +# ++crunch-all-cookies = +crunch-incoming-cookies +crunch-outgoing-cookies +-crunch-all-cookies = -crunch-incoming-cookies -crunch-outgoing-cookies ++block-as-image = +block{Blocked image.} +handle-as-image +allow-all-cookies = -crunch-all-cookies -session-cookies-only -filter{content-cookies} - # These aliases define combinations of actions - # that are useful for certain types of sites: - # - fragile = -block -filter -crunch-all-cookies -fast-redirects -hide-referrer -prevent-compression +# These aliases define combinations of actions +# that are useful for certain types of sites: +# +fragile = -block -filter -crunch-all-cookies -fast-redirects -hide-referrer -prevent-compression - shop = -crunch-all-cookies -filter{all-popups} +shop = -crunch-all-cookies -filter{all-popups} - # Short names for other aliases, for really lazy people ;-) - # - c0 = +crunch-all-cookies - c1 = -crunch-all-cookies +# Short names for other aliases, for really lazy people ;-) +# +c0 = +crunch-all-cookies +c1 = -crunch-all-cookies + ...and put them to use. These sections would appear in the lower part of an @@ -6472,28 +6489,29 @@ TAG:^IP-ADDRESS: 10\.0\.0\.1$ - # These sites are either very complex or very keen on - # user data and require minimal interference to work: - # - {fragile} - .office.microsoft.com - .windowsupdate.microsoft.com - # Gmail is really mail.google.com, not gmail.com - mail.google.com - - # Shopping sites: - # Allow cookies (for setting and retrieving your customer data) - # - {shop} - .quietpc.com - .worldpay.com # for quietpc.com - mybank.example.com +# These sites are either very complex or very keen on +# user data and require minimal interference to work: +# +{fragile} +.office.microsoft.com +.windowsupdate.microsoft.com +# Gmail is really mail.google.com, not gmail.com +mail.google.com - # These shops require pop-ups: - # - {-filter{all-popups} -filter{unsolicited-popups}} - .dabs.com - .overclockers.co.uk +# Shopping sites: +# Allow cookies (for setting and retrieving your customer data) +# +{shop} +.quietpc.com +.worldpay.com # for quietpc.com +mybank.example.com + +# These shops require pop-ups: +# +{-filter{all-popups} -filter{unsolicited-popups}} +.dabs.com +.overclockers.co.uk + Aliases like shop and fragile are typically used for @@ -6602,7 +6620,7 @@ for-privoxy-version=3.0.11 # +crunch-all-cookies = +crunch-incoming-cookies +crunch-outgoing-cookies -crunch-all-cookies = -crunch-incoming-cookies -crunch-outgoing-cookies - +block-as-image = +block{Blocked image.} +handle-as-image + +block-as-image = +block{Blocked image.} +handle-as-image mercy-for-cookies = -crunch-all-cookies -session-cookies-only -filter{content-cookies} # These aliases define combinations of actions @@ -6902,10 +6920,11 @@ handle-as-text = -filter +-filter +-filter } - .your-home-banking-site.com +.your-home-banking-site.com + Some file types you may not want to filter for various reasons: @@ -6944,8 +6964,9 @@ stupid-server.example.com/ { +block{Nasty ads.} } - www.example.com/nasty-ads/sponsor\.gif - another.example.net/more/junk/here/ +www.example.com/nasty-ads/sponsor\.gif +another.example.net/more/junk/here/ + The URLs of dynamically generated banners, especially from large banner @@ -6961,10 +6982,11 @@ stupid-server.example.com/ { +block-as-image } - .doubleclick.net - .fastclick.net - /Realmedia/ads/ - ar.atwola.com/ +.doubleclick.net +.fastclick.net +/Realmedia/ads/ +ar.atwola.com/ + Now you noticed that the default configuration breaks Forbes Magazine, @@ -6980,9 +7002,10 @@ stupid-server.example.com/ { fragile } - .forbes.com - webmail.example.com - .mybank.com +.forbes.com +webmail.example.com +.mybank.com + You like the fun text replacements in default.filter, @@ -6993,7 +7016,8 @@ stupid-server.example.com/ { +filter{fun} } - / # For ALL sites! +/ # For ALL sites! + Note that the above is not really a good idea: There are exceptions @@ -7012,9 +7036,10 @@ stupid-server.example.com/ { allow-ads } - .sourceforge.net - .slashdot.org - .osdn.net +.sourceforge.net +.slashdot.org +.osdn.net + Note that allow-ads has been aliased to @@ -7032,7 +7057,8 @@ stupid-server.example.com/ { handle-as-text } - /.*\.sh$ +/.*\.sh$ + user.action is generally the best place to define @@ -8724,11 +8750,11 @@ Requests - Matches for http://www.google.com: +Matches for http://www.google.com: - In file: default.action [ View ] [ Edit ] +In file: default.action [ View ] [ Edit ] - {+change-x-forwarded-for{block} +{+change-x-forwarded-for{block} +deanimate-gifs {last} +fast-redirects {check-decoded-url} +filter {refresh-tags} @@ -8740,14 +8766,14 @@ Requests +hide-from-header {block} +hide-referrer {forge} +session-cookies-only - +set-image-blocker {pattern} + +set-image-blocker {pattern} } / - { -session-cookies-only } - .google.com +{ -session-cookies-only } +.google.com - { -fast-redirects } - .google.com +{ -fast-redirects } +.google.com In file: user.action [ View ] [ Edit ] (no matches in this file) @@ -8810,64 +8836,64 @@ In file: user.action [ View ] [ Edit ] - Final results: - - -add-header - -block - +change-x-forwarded-for{block} - -client-header-filter{hide-tor-exit-notation} - -content-type-overwrite - -crunch-client-header - -crunch-if-none-match - -crunch-incoming-cookies - -crunch-outgoing-cookies - -crunch-server-header - +deanimate-gifs {last} - -downgrade-http-version - -fast-redirects - -filter {js-events} - -filter {content-cookies} - -filter {all-popups} - -filter {banners-by-link} - -filter {tiny-textforms} - -filter {frameset-borders} - -filter {demoronizer} - -filter {shockwave-flash} - -filter {quicktime-kioskmode} - -filter {fun} - -filter {crude-parental} - -filter {site-specifics} - -filter {js-annoyances} - -filter {html-annoyances} - +filter {refresh-tags} - -filter {unsolicited-popups} - +filter {img-reorder} - +filter {banners-by-size} - +filter {webbugs} - +filter {jumping-windows} - +filter {ie-exploits} - -filter {google} - -filter {yahoo} - -filter {msn} - -filter {blogspot} - -filter {no-ping} - -force-text-mode - -handle-as-empty-document - -handle-as-image - -hide-accept-language - -hide-content-disposition - +hide-from-header {block} - -hide-if-modified-since - +hide-referrer {forge} - -hide-user-agent - -limit-connect - -overwrite-last-modified - -prevent-compression - -redirect - -server-header-filter{xml-to-html} - -server-header-filter{html-to-xml} - -session-cookies-only - +set-image-blocker {pattern} +Final results: + +-add-header +-block ++change-x-forwarded-for{block} +-client-header-filter{hide-tor-exit-notation} +-content-type-overwrite +-crunch-client-header +-crunch-if-none-match +-crunch-incoming-cookies +-crunch-outgoing-cookies +-crunch-server-header ++deanimate-gifs {last} +-downgrade-http-version +-fast-redirects +-filter {js-events} +-filter {content-cookies} +-filter {all-popups} +-filter {banners-by-link} +-filter {tiny-textforms} +-filter {frameset-borders} +-filter {demoronizer} +-filter {shockwave-flash} +-filter {quicktime-kioskmode} +-filter {fun} +-filter {crude-parental} +-filter {site-specifics} +-filter {js-annoyances} +-filter {html-annoyances} ++filter {refresh-tags} +-filter {unsolicited-popups} ++filter {img-reorder} ++filter {banners-by-size} ++filter {webbugs} ++filter {jumping-windows} ++filter {ie-exploits} +-filter {google} +-filter {yahoo} +-filter {msn} +-filter {blogspot} +-filter {no-ping} +-force-text-mode +-handle-as-empty-document +-handle-as-image +-hide-accept-language +-hide-content-disposition ++hide-from-header {block} +-hide-if-modified-since ++hide-referrer {forge} +-hide-user-agent +-limit-connect +-overwrite-last-modified +-prevent-compression +-redirect +-server-header-filter{xml-to-html} +-server-header-filter{html-to-xml} +-session-cookies-only ++set-image-blocker {pattern} @@ -8882,14 +8908,14 @@ In file: user.action [ View ] [ Edit ] - { +block{Domains starts with "ad"} } - ad*. +{ +block{Domains starts with "ad"} } +ad*. - { +block{Domain contains "ad"} } - .ad. +{ +block{Domain contains "ad"} } +.ad. - { +block{Doubleclick banner server} +handle-as-image } - .[a-vx-z]*.doubleclick.net +{ +block{Doubleclick banner server} +handle-as-image } +.[a-vx-z]*.doubleclick.net @@ -8923,68 +8949,68 @@ In file: user.action [ View ] [ Edit ] - Matches for http://www.example.net/adsl/HOWTO/: - - In file: default.action [ View ] [ Edit ] - - {-add-header - -block - +change-x-forwarded-for{block} - -client-header-filter{hide-tor-exit-notation} - -content-type-overwrite - -crunch-client-header - -crunch-if-none-match - -crunch-incoming-cookies - -crunch-outgoing-cookies - -crunch-server-header - +deanimate-gifs - -downgrade-http-version - +fast-redirects {check-decoded-url} - -filter {js-events} - -filter {content-cookies} - -filter {all-popups} - -filter {banners-by-link} - -filter {tiny-textforms} - -filter {frameset-borders} - -filter {demoronizer} - -filter {shockwave-flash} - -filter {quicktime-kioskmode} - -filter {fun} - -filter {crude-parental} - -filter {site-specifics} - -filter {js-annoyances} - -filter {html-annoyances} - +filter {refresh-tags} - -filter {unsolicited-popups} - +filter {img-reorder} - +filter {banners-by-size} - +filter {webbugs} - +filter {jumping-windows} - +filter {ie-exploits} - -filter {google} - -filter {yahoo} - -filter {msn} - -filter {blogspot} - -filter {no-ping} - -force-text-mode - -handle-as-empty-document - -handle-as-image - -hide-accept-language - -hide-content-disposition - +hide-from-header{block} - +hide-referer{forge} - -hide-user-agent - -overwrite-last-modified - +prevent-compression - -redirect - -server-header-filter{xml-to-html} - -server-header-filter{html-to-xml} - +session-cookies-only - +set-image-blocker{blank} } - / - - { +block{Path contains "ads".} +handle-as-image } - /ads +Matches for http://www.example.net/adsl/HOWTO/: + +In file: default.action [ View ] [ Edit ] + +{-add-header + -block + +change-x-forwarded-for{block} + -client-header-filter{hide-tor-exit-notation} + -content-type-overwrite + -crunch-client-header + -crunch-if-none-match + -crunch-incoming-cookies + -crunch-outgoing-cookies + -crunch-server-header + +deanimate-gifs + -downgrade-http-version + +fast-redirects {check-decoded-url} + -filter {js-events} + -filter {content-cookies} + -filter {all-popups} + -filter {banners-by-link} + -filter {tiny-textforms} + -filter {frameset-borders} + -filter {demoronizer} + -filter {shockwave-flash} + -filter {quicktime-kioskmode} + -filter {fun} + -filter {crude-parental} + -filter {site-specifics} + -filter {js-annoyances} + -filter {html-annoyances} + +filter {refresh-tags} + -filter {unsolicited-popups} + +filter {img-reorder} + +filter {banners-by-size} + +filter {webbugs} + +filter {jumping-windows} + +filter {ie-exploits} + -filter {google} + -filter {yahoo} + -filter {msn} + -filter {blogspot} + -filter {no-ping} + -force-text-mode + -handle-as-empty-document + -handle-as-image + -hide-accept-language + -hide-content-disposition + +hide-from-header{block} + +hide-referer{forge} + -hide-user-agent + -overwrite-last-modified + +prevent-compression + -redirect + -server-header-filter{xml-to-html} + -server-header-filter{html-to-xml} + +session-cookies-only + +set-image-blocker{blank} } +/ + +{ +block{Path contains "ads".} +handle-as-image } +/ads @@ -9002,8 +9028,8 @@ In file: user.action [ View ] [ Edit ] - { -block } - /adsl +{ -block } +/adsl @@ -9019,8 +9045,8 @@ In file: user.action [ View ] [ Edit ] - { +block{Path starts with "ads".} +handle-as-image } - /ads +{ +block{Path starts with "ads".} +handle-as-image } +/ads @@ -9036,12 +9062,12 @@ In file: user.action [ View ] [ Edit ] - { shop } - .quietpc.com - .worldpay.com # for quietpc.com - .jungle.com - .scan.co.uk - .forbes.com +{ shop } +.quietpc.com +.worldpay.com # for quietpc.com +.jungle.com +.scan.co.uk +.forbes.com @@ -9051,11 +9077,11 @@ In file: user.action [ View ] [ Edit ] - { -filter } - # Disable ALL filter actions for sites in this section - .forbes.com - developer.ibm.com - localhost +{ -filter } +# Disable ALL filter actions for sites in this section +.forbes.com +developer.ibm.com +localhost @@ -9081,10 +9107,11 @@ In file: user.action [ View ] [ Edit ] - { fragile } - # Handle with care: easy to break - mail.google. - mybank.example.com +{ fragile } +# Handle with care: easy to break +mail.google. +mybank.example.com + -- 2.39.2