1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
5 >Troubleshooting</TITLE
8 CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
10 TITLE="Privoxy Frequently Asked Questions"
11 HREF="index.html"><LINK
14 HREF="misc.html"><LINK
16 TITLE="Contacting the developers, Bug Reporting and Feature Requests"
17 HREF="contact.html"><LINK
20 HREF="../p_doc.css"><META
21 HTTP-EQUIV="Content-Type"
23 charset=ISO-8859-1"></HEAD
34 SUMMARY="Header navigation table"
43 >Privoxy Frequently Asked Questions</TH
80 >5. Troubleshooting</A
88 >5.1. I cannot connect to any websites. Or, I am getting
91 >"connection refused"</SPAN
92 > message with every web page. Why?</A
95 > There are several possibilities:</P
105 > is not running. Solution: verify
109 > is installed correctly, has not crashed, and is indeed running.
113 > logging, and look at the logs to see what they say.</P
117 >Or your browser is configured for a different port than what
121 > is using. Solution: verify that <SPAN
125 and your browser are set to the same port (<TT
132 >Or if using a forwarding rule, you have a configuration problem or a
133 problem with a host in the forwarding chain. Solution: temporarily alter your
134 configuration and take the forwarders out of the equation.</P
138 > Or you have a firewall that is interfering and blocking you. Solution:
139 try disabling or removing the firewall as a simple test.
151 >5.2. Why am I getting a 503 Error (WSAECONNREFUSED) on every page?</A
154 > More than likely this is a problem with your TCP/IP networking. ZoneAlarm has
155 been reported to cause this symptom -- even if not running! The solution is
156 to either fight the ZA configuration, or uninstall ZoneAlarm, and then find
157 something better behaved in its place. Other personal firewall type products
158 may cause similar type problems if not configured correctly.
167 >5.3. I just added a new rule, but the steenkin ad is
168 still getting through. How?</A
171 > If the ad had been displayed before you added its URL, it will probably be
172 held in the browser's cache for some time, so it will be displayed without
173 the need for any request to the server, and <SPAN
177 will not be involved. Flush the browser's caches, and then try again.</P
179 > If this doesn't help, you probably have an error in the rule you
180 applied. Try pasting the full URL of the offending ad into <A
181 HREF="http://config.privoxy.org/show-url-info"
183 >http://config.privoxy.org/show-url-info</A
185 and see if it really matches your new rule. Blocking ads is like blocking
186 spam: a lot of tinkering is required to stay ahead of the game. And
187 remember you need to block the URL of the ad in question, which may be
188 entirely different from the site URL itself. Most ads are hosted on different
189 servers than the main site itself. If you right-click on the ad, you should
190 be able to get all the relevant information you need. Alternately, you can
191 find the correct URL by looking at <SPAN
195 (you may need to enable logging in the main config file if its disabled).</P
197 > Below is a slightly modified real-life log snippet that originates with one
201 > (name of site was changed
202 for this example, the number of requests is real). You can see in this the
203 complexity of what goes into making up this one <SPAN
207 are eight different domains involved here, with thirty two separate URLs
208 requested in all, making up all manner of images, Shockwave Flash,
209 JavaScript, CSS stylesheets, scripts, and other related content. Some of this
210 content is obviously <SPAN
217 Many of the more questionable looking requests, are going to outside domains
218 that seem to be identifying themselves with suspicious looking names, making
219 our job a little easier. <SPAN
226 and BLOCKED) quite a few items in this example, but perhaps missed a few as well. </P
236 >Request: www.example.com/
237 Request: www.example.com/favicon.ico
238 Request: img.example.com/main.css
239 Request: img.example.com/sr.js
240 Request: example.betamarker.com/example.html
241 Request: www.lik-sang.com/Banners/bestsellers/skyscraper.php?likref=BSellers
242 Request: img.example.com/pb.png
243 Request: www.google-analytics.com/urchin.js crunch! (Blocked)
244 Request: www.advertising-department.com/ats/switch.ps.php?26856 crunch! (Blocked)
245 Request: img.example.com/p.gif
246 Request: www.popuptraffic.com/assign.php?l=example&mode=behind crunch! (Blocked)
247 Request: www.popuptraffic.com/scripts/popup.php?hid=5c3cf&tmpl=PBa.tmpl crunch! (Blocked)
248 Request: www.popuptraffic.com/assign.php?l=example crunch! (Blocked)
249 Request: www.lik-sang.com/Banners/best_sellers/best_sellers.css
250 Request: www.adtrak.net/adx.js crunch! (Blocked)
251 Request: img.example.com/hbg.gif
252 Request: img.example.com/example.jpg
253 Request: img.example.com/mt.png
254 Request: img.example.com/mm.png
255 Request: img.example.com/mb.png
256 Request: www.popuptraffic.com/scripts/popup.php?hid=a71b91fa5&tmpl=Ua.tmp crunch! (Blocked)
257 Request: www.example.com/tracker.js
258 Request: www.lik-sang.com/Banners/best_sellers/lsi_head.gif
259 Request: www.adtrak.net/adjs.php?n=020548130&what=zone:61 crunch! (Blocked)
260 Request: www.adtrak.net/adjs.php?n=463594413&what=zone:58&source=Ua crunch! (Blocked)
261 Request: www.lik-sang.com/Banners/best_sellers/bottomani.swf
262 Request: mmm.elitemediagroup.net/install.php?allowpop=no&popupmincook=0&allowsp2=1 crunch! (Blocked)
263 Request: www.example.com/tracker.js?screen=1400x1050&win=962x693
264 Request: www.adtrak.net/adlog.php?bannerid=1309&clientid=439&zoneid=61 crunch! (Blocked)
265 Request: 66.70.21.80/scripts/click.php?hid=5c3cf599a9efd0320d26&si
266 Request: 66.70.21.80/img/pixel.gif
267 Request: www.adtrak.net/adlog.php?bannerid=1309&clientid=439&zoneid=58&source=Ua&block=86400 crunch! (Blocked)
268 Request: 66.70.21.80/scripts/click.php?hid=a71b9f6504b0c5681fa5&si=Ua</PRE
274 > Despite 12 out of 32 requests being blocked, the page looked, and seemed to
275 behave perfectly <SPAN
278 > (minus some ads, of course).</P
286 >5.4. One of my favorite sites does not work with Privoxy.
290 > First verify that it is indeed a <SPAN
294 by toggling off <SPAN
298 HREF="http://config.privoxy.org/toggle"
300 >http://config.privoxy.org/toggle</A
302 (the toggle feature may need to be enabled in the main
307 and then shift-reloading the problem page (i.e. holding down the shift key
308 while clicking reload. Alternatively, flush your browser's disk and memory
311 > If the problem went away, we know we have a configuration related problem.
313 HREF="http://config.privoxy.org/show-url-info"
315 >http://config.privoxy.org/show-url-info</A
317 and paste the full URL of the page in question into the prompt. See which
318 actions are being applied to the URL, and which matches in which actions
319 files are responsible for that. It might be helpful also to look at your logs
320 for this site too, to see what else might be happening (note: logging may need
321 to be enabled in the main config file). Many sites are
322 complex and require a number of related pages to help present their content.
323 Look at what else might be used by the page in question, and what of that
331 Now, armed with this information, go to
333 HREF="http://config.privoxy.org/show-status"
335 >http://config.privoxy.org/show-status</A
337 and select the appropriate actions files for editing. </P
339 > You can now either look for a section which disables the actions that
340 you suspect to cause the problem and add a pattern for your site there,
341 or make up a completely new section for your site. In any case, the recommended
342 way is to disable only the prime suspect, reload the problem page, and only
343 if the problem persists, disable more and more actions until you have
344 identified the culprit. You may or may not want to turn the other actions
345 on again. Remember to flush your browser's caches in between any such changes!</P
347 > Alternately, if you are comfortable with a text editor, you can accomplish
348 the same thing by editing the appropriate actions file. Probably the easiest
349 way to deal with such problems when editing by hand is to add your
357 which is an alias that turns off most <SPAN
361 actions, but is also likely to turn off more actions then needed, and thus lower
362 your privacy and protection more than necessary, </P
364 > Troubleshooting actions is discussed in more detail in the <A
365 HREF="../user-manual/appendix.html#ACTIONSANAT"
367 >User Manual appendix,
368 Troubleshooting: the Anatomy of an Action</A
371 HREF="../user-manual/actions-file.html#ACT-EXAMPLES"
375 with general configuration information and examples.</P
377 > As a last resort, you can always see if your browser has a setting that will
378 bypass the proxy setting for selective sites. Modern browsers can do this.</P
386 >5.5. After installing Privoxy, I have to log in
387 every time I start IE. What gives?</A
390 > This is a quirk that effects the installation of
394 >, in conjunction with Internet Explorer and
395 Internet Connection Sharing on Windows 2000 and Windows XP. The symptoms may
396 appear to be corrupted or invalid DUN settings, or passwords.</P
398 > When setting up an NT based Windows system with
402 > you may find that things do not seem to be
403 doing what you expect. When you set your system up you will probably have set
404 up Internet Connection Sharing (ICS) with Dial up Networking (DUN) when
405 logged in with administrator privileges. You will probably have made this DUN
406 connection available to other accounts that you may have set-up on your
407 system. E.g. Mum or Dad sets up the system and makes accounts suitably
408 configured for the kids.</P
410 > When setting up <SPAN
413 > in this environment you
414 will have to alter the proxy set-up of Internet Explorer (IE) for the
415 specific DUN connection on which you wish to use
419 >. When you do this the ICS DUN set-up
420 becomes user specific. In this instance you will see no difference if you
421 change the DUN connection under the account used to set-up the connection.
422 However when you do this from another user you will notice that the DUN
423 connection changes to make available to "Me only". You will also find that
424 you have to store the password under each different user!</P
426 > The reason for this is that each user's set-up for IE is user specific. Each
427 set-up DUN connection and each LAN connection in IE store the settings for
428 each user individually. As such this enforces individual configurations
429 rather than common ones. Hence the first time you use a DUN connection after
430 re-booting your system it may not perform as you expect, and prompt you for
431 the password. Just set and save the password again and all should be OK.</P
433 >[Thanks to Ray Griffith for this submission.]</P
441 >5.6. I cannot connect to any FTP sites. Privoxy
448 > cannot act as a proxy for FTP traffic,
449 so do not configure your browser to use <SPAN
453 as an FTP proxy. The same is true for <SPAN
457 >any protocol other than HTTP
463 > Most browsers understand FTP as well as HTTP. If you connect to a site, with
466 >ftp://ftp.example.com</TT
467 >, your browser is making
468 an FTP connection, and not a HTTP connection. So while your browser may
472 > does not, and cannot proxy
476 > To complicate matters, some systems may have a generic <SPAN
480 setting, which will enable various protocols, including
487 > HTTP and FTP proxying! So it is possible to
488 accidentally enable FTP proxying in these cases. And of course, if this
492 > will indeed cause problems since
493 it does not know FTP. Newer version will give a sane error
494 message if a FTP connection is attempted. Just disable the FTP setting
495 and all will be well again.
501 > ever proxy FTP traffic? Unlikely.
502 There just is not much reason, and the work to make this happen is more than
512 >5.7. In Mac OS X, I can't configure Microsoft Internet Explorer to use
513 Privoxy as the HTTP proxy.</A
516 > Microsoft Internet Explorer (in versions like 5.1) respects system-wide
517 network settings. In order to change the HTTP proxy, open System
518 Preferences, and click on the Network icon. In the settings pane that
519 comes up, click on the Proxies tab. Ensure the "Web Proxy (HTTP)" checkbox
520 is checked and enter <TT
523 > in the entry field.
527 > in the Port field. The next time you start
528 IE, it should reflect these values.
536 NAME="MACOSXUNINSTALL"
537 >5.8. In Mac OS X, I dragged the Privoxy folder to the trash in order to
538 uninstall it. Now the finder tells me I don't have sufficient privileges to
542 > Note: This ONLY applies to privoxy 3.0.6 and earlier.
545 > Just dragging the <SPAN
548 > folder to the trash is
549 not enough to delete it. <SPAN
555 >uninstall.command</SPAN
556 > file that takes care of
557 these details. Open the trash, drag the <SPAN
559 >uninstall.command</SPAN
561 file out of the trash and double-click on it. You will be prompted for
562 confirmation and the administration password.
565 > The trash may still appear full after this command; emptying the trash
566 from the desktop should make it appear empty again.
575 >5.9. In Mac OS X Panther (10.3), images often fail to load and/or I
576 experience random delays in page loading. I'm using
580 > as my browser's proxy setting.</A
583 > We believe this is due to an IPv6-related bug in Mac OS X, but don't fully
584 understand the issue yet. In any case, changing the proxy setting to
592 works around the problem.
601 >5.10. I get a completely blank page at one site. <SPAN
607 ><html><body></body></html></SPAN
609 Privoxy the page loads fine.</A
612 > Chances are that the site suffers from a bug in
614 HREF="http://www.php.net/"
621 which results in empty pages being sent if the client explicitly requests
622 an uncompressed page, like <SPAN
626 This bug has been fixed in PHP 4.2.3.
629 > To find out if this is in fact the source of the problem, try adding
632 >-prevent-compression</TT
647 > # Make exceptions for ill-behaved sites:
649 {-prevent-compression}
655 > If that works, you may also want to report the problem to the
656 site's webmasters, telling them to use zlib.output_compression
657 instead of ob_gzhandler in their PHP applications (workaround)
658 or upgrade to PHP 4.2.3 or later (fix).
667 >5.11. My logs show many <SPAN
669 >"Unable to get my own hostname"</SPAN
677 > tries to get the hostname of the system
678 its running on from the IP address of the system interface it is bound to
689 > setting). If the system cannot supply
690 this information, <SPAN
693 > logs this condition. </P
695 > Typically, this would be considered a minor system configuration error. It is
696 not a fatal error to <SPAN
700 result in a much slower response from <SPAN
704 some platforms due to DNS timeouts.</P
706 > This can be caused by a problem with the local <TT
710 file. If this file has been changed from the original, try reverting it to
711 see if that helps. Make sure whatever name(s) are used for the local system,
712 that they resolve both ways.</P
714 > You should also be able to work around the problem with the
716 HREF="../user-manual/config.html#HOSTNAME"
727 >5.12. When I try to launch Privoxy, I get an
730 >"port 8118 is already in use"</SPAN
731 > (or similar wording).
742 > port. Typically this message would mean that there
743 is already one instance of <SPAN
747 your system is actually trying to start a second
751 > on the same port, which will not work.
752 (You can have multiple instances but they must be assigned different ports.)
753 How and why this might happen varies from platform to platform, but you need
754 to check your installation and start-up procedures.</P
762 >5.13. Pages with UTF-8 fonts are garbled.</A
765 > This is caused by the <SPAN
768 > filter. You should either
772 >, or at least upgrade to the most
776 > file available from <A
777 HREF="http://sourceforge.net/project/showfiles.php?group_id=11118"
781 Or you can simply disable the demoronizer filter.</P
789 >5.14. Why are binary files (such as images) corrupted when Privoxy
793 > This may also be caused by the <SPAN
797 in conjunction with a web server that is misreporting the content type. Binary
798 files are exempted from <SPAN
802 (unless the web server by mistake says the file is something else). Either
806 >, or go to the most recent
810 > file available from <A
811 HREF="http://sourceforge.net/project/showfiles.php?group_id=11118"
822 >5.15. What is the <SPAN
825 > and why is it there?</A
828 > The original demoronizer was a Perl script that cleaned up HTML pages which
829 were created with certain Microsoft products. MS has used proprietary extensions
830 to standardized font encodings (ISO 8859-1), which has caused problems for pages
831 that are viewed with non-Microsoft products (and are expecting to see a
832 standard set of fonts). The demoronizer corrected these errors so the pages
833 displayed correctly. <SPAN
837 script, introducing a filter based on the original demoronizer, which in turn could
838 correct these errors on the fly. </P
840 > But this is only needed in some situations, and will cause serious problems in some
843 > If you are using Microsoft products, you do not need it. If you need to view
844 pages with UTF-8 characters (such as Cyrillic or Chinese), then it will
845 cause corruption of the fonts, and thus <SPAN
853 > On the other hand, if you use non-Microsoft products, and you occasionally
854 notice weird characters on pages, you might want to try it.</P
862 >5.16. Why do I keep seeing <SPAN
864 >"PrivoxyWindowOpen()"</SPAN
865 > in raw source code?</A
871 > is attempting to disable malicious
873 HREF="http://en.wikipedia.org/wiki/Javascript"
877 in this case, with the <TT
879 >unsolicited-popups</TT
884 > cannot tell very well
888 > code snippets from <SPAN
893 > If you see this in HTML source, and the page displays without problems, then
894 this is good, and likely some pop-up window was disabled. If you see this
895 where it is causing a problem, such as a downloaded program source code file,
896 then you should set an exception for this site or page such that the
897 integrity of the page stays in tact by disabling all filtering.</P
905 >5.17. I am getting too many DNS errors like <SPAN
907 >"404 No Such Domain"</SPAN
909 can't Privoxy do this better?</A
912 > There are potentially several factors here. First of all, the DNS resolution
913 is done by the underlying operating system -- not
921 merely initiates the process and hands it off, and then later reports
922 whatever the outcome was and tries to give a coherent message if there seems
923 to be a problem. In some cases, this might otherwise be mitigated by the
924 browser itself which might try some work-arounds and alternate approaches (e.g
930 > In other cases, if <SPAN
934 with another proxy, this could complicate the issue, and cause undue
935 delays and timeouts. In the case of a <SPAN
939 server handles all the DNS. <SPAN
946 > which is reporting whatever problem occurred
947 downstream, and not the root cause of the error.</P
949 > In any case, versions newer than 3.0.3 include various improvements to help
953 > better handle these cases.</P
961 >5.18. At one site Privoxy just hangs, and starts taking
962 all CPU. Why is this?</A
965 > This is probably a manifestation of the <SPAN
969 occurs on pages containing many (thousands upon thousands) of blank lines. The blank lines
970 are in the raw HTML source of the page, and the browser just ignores them. But the
971 pattern matching in <SPAN
975 mechanism is trying to match against absurdly long strings and this becomes
976 very CPU-intensive, taking a long, long time to complete.</P
978 > Until a better solution comes along, disable filtering on these pages,
985 >unsolicited-popups</TT
986 > filters. If you run into this problem
990 > version, please send a problem report.</P
998 >5.19. I just installed Privoxy, and all my
999 browsing has slowed to a crawl. What gives?</A
1002 > This should not happen, and for the overwhelming number of users world-wide,
1003 it does not happen. I would suspect some inadvertent interaction of software
1004 components such as anti-virus software, spyware protectors, personal
1005 firewalls or similar components. Try disabling (or uninstalling) these one
1006 at a time and see if that helps. Either way, if you are using a
1010 > version, please report the problem.</P
1018 >5.20. Why do my filters work on some sites but not on others?</A
1021 > It's probably due to compression. It is a common practice for web servers to
1022 send their content <SPAN
1025 > in order to speed things up, and
1026 then let the browser <SPAN
1029 > them. When compiled with zlib support
1033 > can decompress content before filtering, otherwise you may want to enable
1035 HREF="../user-manual/actions-file.html#PREVENT-COMPRESSION"
1037 >prevent-compression</A
1043 > 3.0.9, zlib support is enabled in the default builds.</P
1051 >5.21. On some HTTPS sites my browser warns me about unauthenticated content,
1052 the URL bar doesn't get highlighted and the lock symbol appears to be broken.
1056 > Probably the browser is requesting ads through HTTPS and <SPAN
1060 is blocking the requests. Privoxy's error messages are delivered
1061 unencrypted and while it's obvious for the browser that the HTTPS
1062 request is already blocked by the proxy, some warn about unauthenticated
1065 > To work around the problem you can redirect those requests to an invalid
1066 local address instead of blocking them. While the redirects aren't
1067 encrypted either, many browsers don't care. They simply follow the
1068 redirect, fail to reach a server and display an error message instead
1071 > To do that, enable logging to figure out which requests get blocked by
1075 > and add the hosts (no path patterns) to a section like this:</P
1085 >{+redirect{http://127.0.0.1:0/} -block -limit-connect}
1086 .ivwbox.de:443/</PRE
1092 > Additionally you have to configure your browser to contact
1095 >"127.0.0.1:0"</SPAN
1096 > directly (instead of through <SPAN
1101 > To add a proxy exception in <SPAN
1103 >Mozilla Firefox</SPAN
1107 >"Preferences"</SPAN
1112 button located on the <SPAN
1119 section, and add <SPAN
1121 >"127.0.0.1:0"</SPAN
1124 >"No Proxy for:"</SPAN
1134 >5.22. I get selinux error messages. How can I fix this?</A
1137 > Please report the problem to the creator of your selinux policies.</P
1139 > The problem is that some selinux policy writers aren't familiar
1140 with the application they are trying to <SPAN
1144 thus create policies that make no sense.</P
1149 > case the problem usually
1150 is that the policy only allows outgoing connections for certain
1151 destination ports (e.g. 80 and 443). While this may cover the
1152 standard ports, websites occasionally use other ports as well.
1153 This isn't a security problem and therefore <SPAN
1157 default configuration doesn't block these requests.</P
1159 > If you really want to block these ports (and don't be able
1160 to load websites that don't use standard ports), you should
1161 configure Privoxy to block these ports as well, so it doesn't
1162 trigger the selinux warnings.</P
1169 NAME="GENTOO-RICERS"
1170 >5.23. I compiled <SPAN
1173 > with Gentoo's portage and it appears to be very slow. Why?</A
1176 > Probably you unintentionally compiled <SPAN
1179 > without threading support
1180 in which case requests have to be serialized and only one can be served
1181 at the same time.</P
1186 > flags and make sure they include
1190 >. If they don't, add the flag and rebuild <SPAN
1195 > If you compiled <SPAN
1198 > with threading support (on POSIX-based systems),
1201 >"Conditional #defines"</SPAN
1203 HREF="http://config.privoxy.org/show-status"
1205 >http://config.privoxy.org/show-status</A
1209 >"FEATURE_PTHREAD"</SPAN
1221 SUMMARY="Footer navigation table"
1270 >Contacting the developers, Bug Reporting and Feature Requests</TD