-# Sample Configuration File for Privoxy 3.0.33
+# Sample Configuration File for Privoxy 3.0.34
#
-# Copyright (C) 2001-2021 Privoxy Developers https://www.privoxy.org/
+# Copyright (C) 2001-2023 Privoxy Developers https://www.privoxy.org/
#
#####################################################################
# #
# 4. ACCESS CONTROL AND SECURITY #
# 5. FORWARDING #
# 6. MISCELLANEOUS #
-# 7. HTTPS INSPECTION (EXPERIMENTAL) #
+# 7. HTTPS INSPECTION #
# 8. WINDOWS GUI OPTIONS #
# #
#####################################################################
#
# Notes:
#
-# The value of this option only matters if the experimental
-# trust mechanism has been activated. (See trustfile below.)
+# The value of this option only matters if the trust mechanism
+# has been activated. (See trustfile below.)
#
# If you use the trust mechanism, it is a good idea to write up
# some on-line documentation about your trust policy and to
# you read the log messages, you may even be able to solve the
# problem on your own.
#
-#debug 1 # Log the destination for each request.
+#debug 1 # Log the destination for each request. See also debug 1024.
+#debug 2 # show each connection status
+#debug 4 # show tagging-related messages
+#debug 8 # show header parsing
+#debug 128 # debug redirects
+#debug 256 # debug GIF de-animation
+#debug 512 # Common Log Format
#debug 1024 # Log the destination for requests Privoxy didn't let through, and the reason why.
#debug 4096 # Startup banner and warnings
#debug 8192 # Non-fatal errors
+#debug 65536 # Log applying actions
#
# 3.2. single-threaded
# =====================
# If you aren't using an occasionally slow proxy like Tor,
# reducing it to a few seconds should be fine.
#
+# +-----------------------------------------------------+
+# | Warning |
+# |-----------------------------------------------------|
+# |When a TLS library is being used to read or write |
+# |data from a socket with https-inspection enabled the |
+# |socket-timeout currently isn't applied and the |
+# |timeout used depends on the library (which may not |
+# |even use a timeout). |
+# +-----------------------------------------------------+
# Example:
#
# socket-timeout 300
# limit below the one enforced by the operating system.
#
# One most POSIX-compliant systems Privoxy can't properly deal
-# with more than FD_SETSIZE file descriptors at the same time
-# and has to reject connections if the limit is reached. This
-# will likely change in a future version, but currently this
-# limit can't be increased without recompiling Privoxy with a
-# different FD_SETSIZE limit.
+# with more than FD_SETSIZE file descriptors if Privoxy has been
+# configured to use select() and has to reject connections if
+# the limit is reached. When using select() this limit therefore
+# can't be increased without recompiling Privoxy with a
+# different FD_SETSIZE limit unless Privoxy is running on
+# Windows with _WIN32 defined.
+#
+# When Privoxy has been configured to use poll() the FD_SETSIZE
+# limit does not apply.
#
# Example:
#
# receive-buffer-size 32768
#
#
-# 7. HTTPS INSPECTION (EXPERIMENTAL)
-# ===================================
+# 7. HTTPS INSPECTION
+# ====================
#
# HTTPS inspection allows to filter encrypted requests and
# responses. This is only supported when Privoxy has been built with
#
# Default value:
#
-# Empty string
+# ./CA
#
# Effect if unset:
#
# is used when Privoxy generates certificates for intercepted
# requests.
#
-# Note that the password is shown on the CGI page so don't reuse
-# an important one.
-#
+# +-----------------------------------------------------+
+# | Warning |
+# |-----------------------------------------------------|
+# |Note that the password is shown on the CGI page so |
+# |don't reuse an important one. |
+# | |
+# |If disclosure of the password is a compliance issue |
+# |consider blocking the relevant CGI requests after |
+# |enabling the enforce-blocks and |
+# |allow-cgi-request-crunching. |
+# +-----------------------------------------------------+
# Example:
#
# ca-password blafasel