4 >The Main Configuration File</TITLE
7 CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
10 TITLE="Privoxy 3.0.4 User Manual"
11 HREF="index.html"><LINK
13 TITLE="Privoxy Configuration"
14 HREF="configuration.html"><LINK
17 HREF="actions-file.html"><LINK
21 <LINK REL="STYLESHEET" TYPE="text/css" HREF="p_doc.css">
33 SUMMARY="Header navigation table"
42 >Privoxy 3.0.4 User Manual</TH
50 HREF="configuration.html"
64 HREF="actions-file.html"
80 >7. The Main Configuration File</H1
82 > Again, the main configuration file is named <TT
86 Linux/Unix/BSD and OS/2, and <TT
90 Configuration lines consist of an initial keyword followed by a list of
91 values, all separated by whitespace (any number of spaces or tabs). For
102 >confdir /etc/privoxy</I
109 > Assigns the value <TT
116 > and thus indicates that the configuration
117 directory is named <SPAN
119 >"/etc/privoxy/"</SPAN
122 > All options in the config file except for <TT
129 > are optional. Watch out in the below description
130 for what happens if you leave them unset.</P
132 > The main config file controls all aspects of <SPAN
136 operation that are not location dependent (i.e. they apply universally, no matter
137 where you may be surfing).</P
145 >7.1. Local Set-up Documentation</H2
147 > If you intend to operate <SPAN
151 than just yourself, it might be a good idea to let them know how to reach
152 you, what you block and why you do that, your policies, etc.
161 >7.1.1. user-manual</H4
171 > Location of the <SPAN
181 >A fully qualified URI</P
196 >Effect if unset:</DT
200 HREF="http://www.privoxy.org/user-manual/"
202 >http://www.privoxy.org/<TT
209 will be used, where <TT
224 > The User Manual URI is the single best source of information on
228 >, and is used for help links from some
229 of the internal CGI pages. The manual itself is normally packaged with the
230 binary distributions, so you probably want to set this to a locally
231 installed copy. For multi-user setups, you could provide a copy on a local
232 webserver for all your users and use the corresponding URL here.
238 > The best all purpose solution is simply to put the full local
257 > user-manual /usr/share/doc/privoxy/user-manual</PRE
264 > The User Manual is then available to anyone with access to the proxy, by
265 following the built-in URL: <TT
267 >http://config.privoxy.org/user-manual/</TT
269 (or the shortcut: <TT
271 >http://p.p/user-manual/</TT
275 > If the documentation is not on the local system, it can be accessed
276 from a remote server, as:
287 > user-manual http://example.com/privoxy/user-manual/</PRE
312 > If set, this option should be <SPAN
316 >the first option in the config
319 >, because it is used while the config file is being read
335 NAME="TRUST-INFO-URL"
337 >7.1.2. trust-info-url</H4
347 > A URL to be displayed in the error page that users will see if access to an untrusted page is denied.
360 >Two example URL are provided</P
363 >Effect if unset:</DT
366 > No links are displayed on the "untrusted" error page.
373 > The value of this option only matters if the experimental trust mechanism has been
375 HREF="config.html#TRUSTFILE"
386 > If you use the trust mechanism, it is a good idea to write up some on-line
387 documentation about your trust policy and to specify the URL(s) here.
388 Use multiple times for multiple URLs.
391 > The URL(s) should be added to the trustfile as well, so users don't end up
392 locked out from the information on why they were locked out in the first place!
405 >7.1.3. admin-address</H4
415 > An email address to reach the proxy administrator.
437 >Effect if unset:</DT
440 > No email address is displayed on error pages and the CGI user interface.
454 are unset, the whole "Local Privoxy Support" box on all generated pages will
466 NAME="PROXY-INFO-URL"
468 >7.1.4. proxy-info-url</H4
478 > A URL to documentation about the local <SPAN
482 configuration or policies.
504 >Effect if unset:</DT
507 > No link to local documentation is displayed on error pages and the CGI user interface.
521 are unset, the whole "Local Privoxy Support" box on all generated pages will
525 > This URL shouldn't be blocked ;-)
539 >7.2. Configuration and Log File Locations</H2
544 > can (and normally does) use a number of
545 other files for additional configuration, help and logging.
546 This section of the configuration file tells <SPAN
550 where to find those other files. </P
552 > The user running <SPAN
556 permission for all configuration files, and write permission to any files
557 that would be modified, such as log files and actions files.</P
575 >The directory where the other configuration files are located</P
587 >/etc/privoxy (Unix) <SPAN
596 > installation dir (Windows) </P
599 >Effect if unset:</DT
623 > When development goes modular and multi-user, the blocker, filter, and
624 per-user config will be stored in subdirectories of <SPAN
628 For now, the configuration directory structure is flat, except for
631 >confdir/templates</TT
632 >, where the HTML templates for CGI
633 output reside (e.g. <SPAN
659 > The directory where all logging takes place (i.e. where <TT
679 >/var/log/privoxy (Unix) <SPAN
688 > installation dir (Windows) </P
691 >Effect if unset:</DT
725 >7.2.3. actionsfile</H4
727 NAME="DEFAULT.ACTION"
730 NAME="STANDARD.ACTION"
745 HREF="actions-file.html"
754 >File name, relative to <TT
773 CLASS="LITERALLAYOUT"
774 > standard # Internal purposes, no editing recommended</P
781 CLASS="LITERALLAYOUT"
782 > default # Main actions file</P
789 CLASS="LITERALLAYOUT"
790 > user # User customizations</P
800 >Effect if unset:</DT
803 > No actions are taken at all. Simple neutral proxying.
813 > lines are permitted, and are in fact recommended!
817 The default values include standard.action, which is used for internal
818 purposes and should be loaded, default.action, which is the
822 > actions file maintained by the developers, and
826 >, where you can make your personal additions.
830 Actions files are where all the per site and per URL configuration is done for
831 ad blocking, cookie management, privacy considerations, etc.
832 There is no point in using <SPAN
836 least one actions file.
849 >7.2.4. filterfile</H4
851 NAME="DEFAULT.FILTER"
863 HREF="filter-file.html"
872 >File name, relative to <TT
881 >default.filter (Unix) <SPAN
887 > default.filter.txt (Windows)</P
890 >Effect if unset:</DT
893 > No textual content filtering takes place, i.e. all
897 HREF="actions-file.html#FILTER"
906 actions in the actions files are turned neutral.
916 > lines are permitted.
920 HREF="filter-file.html"
922 > contain content modification
924 HREF="appendix.html#REGEX"
925 >regular expressions</A
926 >. These rules permit
927 powerful changes on the content of Web pages, and optionally the headers
928 as well, e.g., you could disable your favorite JavaScript annoyances,
929 re-write the actual displayed text, or just have some fun
930 playing buzzword bingo with web pages.
937 HREF="actions-file.html#FILTER"
946 actions rely on the relevant filter (<TT
952 to be defined in a filter file!
955 > A pre-defined filter file called <TT
959 a number of useful filters for common problems is included in the distribution.
960 See the section on the <TT
963 HREF="actions-file.html#FILTER"
970 > It is recommended to place any locally adapted filters into a separate
997 > The log file to use
1004 >File name, relative to <TT
1013 >logfile (Unix) <SPAN
1019 > privoxy.log (Windows)</P
1022 >Effect if unset:</DT
1025 > No log file is used, all log messages go to the console (<TT
1035 > The logfile is where all logging and error messages are written. The level
1036 of detail and number of messages are set with the <TT
1040 option (see below). The logfile can be useful for tracking down a problem with
1044 > (e.g., it's not blocking an ad you
1045 think it should block) but in most cases you probably will never look at it.
1048 > Your logfile will grow indefinitely, and you will probably want to
1049 periodically remove it. On Unix systems, you can do this with a cron job
1053 >). For Red Hat, a <B
1057 script has been included.
1060 > On SuSE Linux systems, you can place a line like <SPAN
1062 >"/var/log/privoxy.*
1063 +1024k 644 nobody.nogroup"</SPAN
1068 the effect that cron.daily will automatically archive, gzip, and empty the
1069 log, when it exceeds 1M size.
1072 > Any log files must be writable by whatever user <SPAN
1076 is being run as (default on UNIX, user id is <SPAN
1096 CLASS="VARIABLELIST"
1102 > The file to store intercepted cookies in
1109 >File name, relative to <TT
1118 >Unset (commented out). When activated: jarfile (Unix) <SPAN
1124 > privoxy.jar (Windows)</P
1127 >Effect if unset:</DT
1130 > Intercepted cookies are not stored in a dedicated log file.
1137 > The jarfile may grow to ridiculous sizes over time.
1140 > If debug 8 (show header parsing) is enabled, cookies are
1141 written to the logfile with the rest of the headers.
1154 >7.2.7. trustfile</H4
1158 CLASS="VARIABLELIST"
1164 > The trust file to use
1171 >File name, relative to <TT
1184 >Unset (commented out)</I
1186 >. When activated: trust (Unix) <SPAN
1192 > trust.txt (Windows)</P
1195 >Effect if unset:</DT
1198 > The entire trust mechanism is turned off.
1205 > The trust mechanism is an experimental feature for building white-lists and should
1206 be used with care. It is <SPAN
1212 > recommended for the casual user.
1215 > If you specify a trust file, <SPAN
1219 access to sites that are specified in the trustfile. Sites can be listed
1226 > character limits access to this site
1227 only (and any sub-paths within this site), e.g.
1230 >~www.example.com</TT
1234 > Or, you can designate sites as <SPAN
1238 >trusted referrers</I
1241 prepending the name with a <TT
1244 > character. The effect is that
1245 access to untrusted sites will be granted -- but only if a link from this
1246 trusted referrer was used. The link target will then be added to the
1250 > so that future, direct accesses will be granted.
1251 Sites added via this mechanism do not become trusted referrers themselves
1252 (i.e. they are added with a <TT
1258 > If you use the <TT
1261 > operator in the trust file, it may grow
1262 considerably over time.
1265 > It is recommended that <SPAN
1271 >--disable-force</TT
1274 >--disable-toggle</TT
1278 > --disable-editor</TT
1279 > options, if this feature is to be
1283 > Possible applications include limiting Internet access for children.
1299 > These options are mainly useful when tracing a problem.
1300 Note that you might also want to invoke
1308 command line option when debugging.
1321 CLASS="VARIABLELIST"
1327 > Key values that determine what information gets logged to the
1329 HREF="config.html#LOGFILE"
1350 >12289 (i.e.: URLs plus informational and warning messages)</P
1353 >Effect if unset:</DT
1356 > Nothing gets logged.
1363 > The available debug levels are:
1373 CLASS="PROGRAMLISTING"
1374 > debug 1 # show each GET/POST/CONNECT request
1375 debug 2 # show each connection status
1376 debug 4 # show I/O status
1377 debug 8 # show header parsing
1378 debug 16 # log all data into the logfile
1379 debug 32 # debug force feature
1380 debug 64 # debug regular expression filter
1381 debug 128 # debug fast redirects
1382 debug 256 # debug GIF de-animation
1383 debug 512 # Common Log Format
1384 debug 1024 # debug kill pop-ups
1385 debug 2048 # CGI user interface
1386 debug 4096 # Startup banner and warnings.
1387 debug 8192 # Non-fatal errors</PRE
1394 > To select multiple debug levels, you can either add them or use
1401 > A debug level of 1 is informative because it will show you each request
1402 as it happens. <SPAN
1406 >1, 4096 and 8192 are highly recommended</I
1409 so that you will notice when things go wrong. The other levels are probably
1410 only of interest if you are hunting down a specific problem. They can produce
1411 a hell of an output (especially 16).
1415 > The reporting of <SPAN
1421 > errors (i.e. ones which crash
1425 >) is always on and cannot be disabled.
1428 > If you want to use CLF (Common Log Format), you should set <SPAN
1438 > and not enable anything else.
1449 NAME="SINGLE-THREADED"
1451 >7.3.2. single-threaded</H4
1455 CLASS="VARIABLELIST"
1461 > Whether to run only one server thread
1489 >Effect if unset:</DT
1492 > Multi-threaded (or, where unavailable: forked) operation, i.e. the ability to
1493 serve multiple requests simultaneously.
1500 > This option is only there for debug purposes and you should never
1501 need to use it. <SPAN
1505 >It will drastically reduce performance.</I
1519 NAME="ACCESS-CONTROL"
1521 >7.4. Access Control and Security</H2
1523 > This section of the config file controls the security-relevant aspects
1534 NAME="LISTEN-ADDRESS"
1536 >7.4.1. listen-address</H4
1540 CLASS="VARIABLELIST"
1546 > The IP address and TCP port on which <SPAN
1550 listen for client requests.
1576 >Effect if unset:</DT
1579 > Bind to 127.0.0.1 (localhost), port 8118. This is suitable and recommended for
1580 home users who run <SPAN
1583 > on the same machine as
1591 > You will need to configure your browser(s) to this proxy address and port.
1594 > If you already have another service running on port 8118, or if you want to
1595 serve requests from other machines (e.g. on your local network) as well, you
1596 will need to override the default.
1599 > If you leave out the IP address, <SPAN
1603 bind to all interfaces (addresses) on your machine and may become reachable
1604 from the Internet. In that case, consider using <A
1605 HREF="config.html#ACLS"
1606 >access control lists</A
1607 > (ACL's, see below), and/or
1614 > to untrusted users, you will
1615 also want to turn off the <TT
1618 HREF="config.html#ENABLE-EDIT-ACTIONS"
1619 >enable-edit-actions</A
1625 HREF="config.html#ENABLE-REMOTE-TOGGLE"
1626 >enable-remote-toggle</A
1636 > Suppose you are running <SPAN
1640 a machine which has the address 192.168.0.1 on your local private network
1641 (192.168.0.0) and has another outside connection with a different address.
1642 You want it to serve requests from inside only:
1652 CLASS="PROGRAMLISTING"
1653 > listen-address 192.168.0.1:8118</PRE
1674 CLASS="VARIABLELIST"
1680 > Initial state of "toggle" status
1696 >Effect if unset:</DT
1699 > Act as if toggled on
1706 > If set to 0, <SPAN
1712 >"toggled off"</SPAN
1713 > mode, i.e. behave like a normal, content-neutral
1714 proxy where all ad blocking, filtering, etc are disabled. See
1717 >enable-remote-toggle</TT
1718 > below. This is not really useful
1719 anymore, since toggling is much easier via <A
1720 HREF="http://config.privoxy.org/toggle"
1722 >the web interface</A
1730 > The windows version will only display the toggle icon in the system tray
1731 if this option is present.
1742 NAME="ENABLE-REMOTE-TOGGLE"
1744 >7.4.3. enable-remote-toggle</H4
1748 CLASS="VARIABLELIST"
1754 > Whether or not the <A
1755 HREF="http://config.privoxy.org/toggle"
1775 >Effect if unset:</DT
1778 > The web-based toggle feature is disabled.
1785 > When toggled off, <SPAN
1788 > acts like a normal,
1789 content-neutral proxy, i.e. it acts as if none of the actions applied to
1793 > For the time being, access to the toggle feature can <SPAN
1800 controlled separately by <SPAN
1803 > or HTTP authentication,
1804 so that everybody who can access <SPAN
1815 toggle it for all users. So this option is <SPAN
1822 for multi-user environments with untrusted users.
1825 > Note that you must have compiled <SPAN
1829 support for this feature, otherwise this option has no effect.
1840 NAME="ENABLE-REMOTE-HTTP-TOGGLE"
1842 >7.4.4. enable-remote-http-toggle</H4
1846 CLASS="VARIABLELIST"
1852 > Whether or not Privoxy recognizes special HTTP headers to change its behaviour.
1868 >Effect if unset:</DT
1871 > Privoxy ignores special HTTP headers.
1878 > When toggled on, the client can change <SPAN
1882 behaviour by setting special HTTP headers. Currently the only supported
1883 special header is <SPAN
1885 >"X-Filter: No"</SPAN
1886 >, to disable filtering for
1887 the ongoing request, even if it is enabled in one of the action files.
1890 > If you are using <SPAN
1894 multi-user environment or with untrustworthy clients and want to
1895 enforce filtering, you will have to disable this option,
1896 otherwise you can ignore it.
1907 NAME="ENABLE-EDIT-ACTIONS"
1909 >7.4.5. enable-edit-actions</H4
1913 CLASS="VARIABLELIST"
1919 > Whether or not the <A
1920 HREF="http://config.privoxy.org/show-status"
1940 >Effect if unset:</DT
1943 > The web-based actions file editor is disabled.
1950 > For the time being, access to the editor can <SPAN
1957 controlled separately by <SPAN
1960 > or HTTP authentication,
1961 so that everybody who can access <SPAN
1972 modify its configuration for all users. So this option is <SPAN
1979 > for multi-user environments with untrusted users.
1982 > Note that you must have compiled <SPAN
1986 support for this feature, otherwise this option has no effect.
1999 >7.4.6. ACLs: permit-access and deny-access</H4
2001 NAME="PERMIT-ACCESS"
2009 CLASS="VARIABLELIST"
2015 > Who can access what.
2057 > are IP addresses in dotted decimal notation or valid
2069 > are subnet masks in CIDR notation, i.e. integer
2070 values from 2 to 30 representing the length (in bits) of the network address. The masks and the whole
2071 destination part are optional.
2087 >Effect if unset:</DT
2090 > Don't restrict access further than implied by <TT
2100 > Access controls are included at the request of ISPs and systems
2101 administrators, and <SPAN
2105 >are not usually needed by individual users</I
2108 For a typical home user, it will normally suffice to ensure that
2112 > only listens on the localhost
2113 (127.0.0.1) or internal (home) network address by means of the
2115 HREF="config.html#LISTEN-ADDRESS"
2127 > Please see the warnings in the FAQ that this proxy is not intended to be a substitute
2128 for a firewall or to encourage anyone to defer addressing basic security
2132 > Multiple ACL lines are OK.
2133 If any ACLs are specified, then the <SPAN
2137 talks only to IP addresses that match at least one <TT
2141 and don't match any subsequent <TT
2144 > line. In other words, the
2145 last match wins, with the default being <TT
2154 > is using a forwarder (see <TT
2158 for a particular destination URL, the <TT
2164 that is examined is the address of the forwarder and <SPAN
2171 of the ultimate target. This is necessary because it may be impossible for the local
2175 > to determine the IP address of the
2176 ultimate target (that's often what gateways are used for).
2179 > You should prefer using IP addresses over DNS names, because the address lookups take
2180 time. All DNS names must resolve! You can <SPAN
2186 > use domain patterns
2190 > or partial domain names. If a DNS name resolves to multiple
2191 IP addresses, only the first one is used.
2194 > Denying access to particular sites by ACL may have undesired side effects
2195 if the site in question is hosted on a machine which also hosts other sites.
2202 > Explicitly define the default behavior if no ACL and
2210 is OK. The absence of a <TT
2222 > destination addresses are OK:
2233 > permit-access localhost</PRE
2240 > Allow any host on the same class C subnet as www.privoxy.org access to
2241 nothing but www.example.com:
2252 > permit-access www.privoxy.org/24 www.example.com/32</PRE
2259 > Allow access from any host on the 26-bit subnet 192.168.45.64 to anywhere,
2260 with the exception that 192.168.45.73 may not access www.dirty-stuff.example.com:
2271 > permit-access 192.168.45.64/26
2272 deny-access 192.168.45.73 www.dirty-stuff.example.com</PRE
2289 >7.4.7. buffer-limit</H4
2293 CLASS="VARIABLELIST"
2299 > Maximum size of the buffer for content filtering.
2315 >Effect if unset:</DT
2318 > Use a 4MB (4096 KB) limit.
2325 > For content filtering, i.e. the <TT
2332 > actions, it is necessary that
2336 > buffers the entire document body.
2337 This can be potentially dangerous, since a server could just keep sending
2338 data indefinitely and wait for your RAM to exhaust -- with nasty consequences.
2342 > When a document buffer size reaches the <TT
2346 flushed to the client unfiltered and no further attempt to
2347 filter the rest of the document is made. Remember that there may be multiple threads
2348 running, which might require up to <TT
2358 >, unless you have enabled <SPAN
2360 >"single-threaded"</SPAN
2376 >7.5. Forwarding</H2
2378 > This feature allows routing of HTTP requests through a chain of
2380 It can be used to better protect privacy and confidentiality when
2381 accessing specific domains by routing requests to those domains
2382 through an anonymous public proxy (see e.g. <A
2383 HREF="http://www.multiproxy.org/anon_list.htm"
2385 >http://www.multiproxy.org/anon_list.htm</A
2387 Or to use a caching proxy to speed up browsing. Or chaining to a parent
2388 proxy may be necessary because the machine that <SPAN
2392 runs on has no direct Internet access.</P
2394 > Also specified here are SOCKS proxies. <SPAN
2398 supports the SOCKS 4 and SOCKS 4A protocols.</P
2410 CLASS="VARIABLELIST"
2416 > To which parent HTTP proxy specific requests should be routed.
2448 HREF="actions-file.html#AF-PATTERNS"
2451 that specifies to which requests (i.e. URLs) this forward rule shall apply. Use <TT
2470 is the DNS name or IP address of the parent HTTP proxy through which the requests should be forwarded,
2471 optionally followed by its listening port (default: 8080).
2472 Use a single dot (<TT
2477 >"no forwarding"</SPAN
2494 >Effect if unset:</DT
2497 > Don't use parent HTTP proxies.
2512 >, then requests are not
2513 forwarded to another HTTP proxy but are made directly to the web servers.
2516 > Multiple lines are OK, they are checked in sequence, and the last match wins.
2523 > Everything goes to an example anonymizing proxy, except SSL on port 443 (which it doesn't handle):
2534 > forward / anon-proxy.example.org:8080
2542 > Everything goes to our example ISP's caching proxy, except for requests
2543 to that ISP's sites:
2554 > forward / caching-proxy.example-isp.net:8000
2555 forward .example-isp.net .</PRE
2572 >7.5.2. forward-socks4 and forward-socks4a</H4
2574 NAME="FORWARD-SOCKS4"
2577 NAME="FORWARD-SOCKS4A"
2582 CLASS="VARIABLELIST"
2588 > Through which SOCKS proxy (and to which parent HTTP proxy) specific requests should be routed.
2631 HREF="actions-file.html#AF-PATTERNS"
2634 that specifies to which requests (i.e. URLs) this forward rule shall apply. Use <TT
2653 are IP addresses in dotted decimal notation or valid DNS names (<TT
2664 >"no HTTP forwarding"</SPAN
2665 >), and the optional
2671 > parameters are TCP ports, i.e. integer values from 1 to 64535
2687 >Effect if unset:</DT
2690 > Don't use SOCKS proxies.
2697 > Multiple lines are OK, they are checked in sequence, and the last match wins.
2700 > The difference between <TT
2705 >forward-socks4a</TT
2707 is that in the SOCKS 4A protocol, the DNS resolution of the target hostname happens on the SOCKS
2708 server, while in SOCKS 4 it happens locally.
2719 >, then requests are not
2720 forwarded to another HTTP proxy but are made (HTTP-wise) directly to the web servers, albeit through
2728 > From the company example.com, direct connections are made to all
2732 > domains, but everything outbound goes through
2733 their ISP's proxy by way of example.com's corporate SOCKS 4A gateway to
2745 > forward-socks4a / socks-gw.example.com:1080 www-cache.example-isp.net:8080
2746 forward .example.com .</PRE
2753 > A rule that uses a SOCKS 4 gateway for all destinations but no HTTP parent looks like this:
2764 > forward-socks4 / socks-gw.example.com:1080 .</PRE
2771 > To chain Privoxy and Tor, both running on the same system, you should use
2783 > forward-socks4 / 127.0.0.1:9050 .</PRE
2793 > network can't be used to reach your local network,
2794 therefore it's a good idea to make some exceptions:
2805 > forward 192.168.*.*/ .
2807 forward 127.*.*.*/ .</PRE
2814 > Unencrypted connections to systems in these address ranges will
2815 be as (un)secure as the local network is, but the alternative is that you
2816 can't reach the network at all.
2819 > If you also want to be able to reach servers in your local network by
2820 using their names, you will need additional exceptions that look like
2832 > forward localhost/ .</PRE
2847 NAME="ADVANCED-FORWARDING-EXAMPLES"
2849 >7.5.3. Advanced Forwarding Examples</H4
2851 > If you have links to multiple ISPs that provide various special content
2852 only to their subscribers, you can configure multiple <SPAN
2856 which have connections to the respective ISPs to act as forwarders to each other, so that
2863 > users can see the internal content of all ISPs.</P
2865 > Assume that host-a has a PPP connection to isp-a.net. And host-b has a PPP connection to
2866 isp-b.net. Both run <SPAN
2870 configuration can look like this:</P
2883 forward .isp-b.net host-b:8118</PRE
2900 forward .isp-a.net host-a:8118</PRE
2906 > Now, your users can set their browser's proxy to use either
2907 host-a or host-b and be able to browse the internal content
2908 of both isp-a and isp-b.</P
2910 > If you intend to chain <SPAN
2917 > locally, then chain as
2920 >browser -> squid -> privoxy</TT
2921 > is the recommended way. </P
2923 > Assuming that <SPAN
2930 run on the same box, your <SPAN
2933 > configuration could then look like this:</P
2943 > # Define Privoxy as parent proxy (without ICP)
2944 cache_peer 127.0.0.1 parent 8118 7 no-query
2946 # Define ACL for protocol FTP
2949 # Do not forward FTP requests to Privoxy
2950 always_direct allow ftp
2952 # Forward all the rest to Privoxy
2953 never_direct allow all</PRE
2959 > You would then need to change your browser's proxy settings to <SPAN
2962 >'s address and port.
2963 Squid normally uses port 3128. If unsure consult <TT
2971 > You could just as well decide to only forward requests for Windows executables through
2972 a virus-scanning parent proxy, say, on <TT
2974 >antivir.example.com</TT
2986 forward /.*\.(exe|com|dll|zip)$ antivir.example.com:8010</PRE
2997 NAME="FORWARDED-CONNECT-RETRIES"
2999 >7.5.4. forwarded-connect-retries</H4
3003 CLASS="VARIABLELIST"
3009 > How often Privoxy retries if a forwarded connection request fails.
3019 >Number of retries.</I
3037 >Effect if unset:</DT
3040 > Forwarded connections are treated like direct connections and no retry attempts are made.
3050 >forwarded-connect-retries</I
3052 > is mainly interesting
3053 for socks4a connections, where Privoxy can't detect why the connections failed.
3054 The connection might have failed because of a DNS timeout in which case a retry makes sense,
3055 but it might also have failed because the server doesn't exist or isn't reachable. In this
3056 case the retry will just delay the appearance of Privoxy's error message.
3059 > Only use this option, if you are getting many forwarding related error messages,
3060 that go away when you try again manually. Start with a small value and check Privoxy's
3061 logfile from time to time, to see how many retries are usually needed.
3068 > forwarded-connect-retries 1
3082 >7.6. Windows GUI Options</H2
3087 > has a number of options specific to the
3088 Windows GUI interface:</P
3090 NAME="ACTIVITY-ANIMATION"
3095 >"activity-animation"</SPAN
3100 > icon will animate when
3104 > is active. To turn off, set to 0.</P
3109 CLASS="LITERALLAYOUT"
3114 >activity-animation 1</I
3117 </P
3127 >"log-messages"</SPAN
3132 > will log messages to the console
3138 CLASS="LITERALLAYOUT"
3146 </P
3151 NAME="LOG-BUFFER-SIZE"
3157 >"log-buffer-size"</SPAN
3158 > is set to 1, the size of the log buffer,
3159 i.e. the amount of memory used for the log messages displayed in the
3160 console window, will be limited to <SPAN
3162 >"log-max-lines"</SPAN
3165 > Warning: Setting this to 0 will result in the buffer to grow infinitely and
3166 eat up all your memory!</P
3171 CLASS="LITERALLAYOUT"
3176 >log-buffer-size 1</I
3179 </P
3184 NAME="LOG-MAX-LINES"
3189 >log-max-lines</SPAN
3190 > is the maximum number of lines held
3191 in the log buffer. See above.</P
3196 CLASS="LITERALLAYOUT"
3201 >log-max-lines 200</I
3204 </P
3209 NAME="LOG-HIGHLIGHT-MESSAGES"
3214 >"log-highlight-messages"</SPAN
3219 > will highlight portions of the log
3220 messages with a bold-faced font:</P
3225 CLASS="LITERALLAYOUT"
3230 >log-highlight-messages 1</I
3233 </P
3238 NAME="LOG-FONT-NAME"
3241 > The font used in the console window:</P
3246 CLASS="LITERALLAYOUT"
3251 >log-font-name Comic Sans MS</I
3254 </P
3259 NAME="LOG-FONT-SIZE"
3262 > Font size used in the console window:</P
3267 CLASS="LITERALLAYOUT"
3275 </P
3280 NAME="SHOW-ON-TASK-BAR"
3286 >"show-on-task-bar"</SPAN
3287 > controls whether or not
3291 > will appear as a button on the Task bar
3297 CLASS="LITERALLAYOUT"
3302 >show-on-task-bar 0</I
3305 </P
3310 NAME="CLOSE-BUTTON-MINIMIZES"
3315 >"close-button-minimizes"</SPAN
3316 > is set to 1, the Windows close
3317 button will minimize <SPAN
3320 > instead of closing
3321 the program (close with the exit option on the File menu).</P
3326 CLASS="LITERALLAYOUT"
3331 >close-button-minimizes 1</I
3334 </P
3344 >"hide-console"</SPAN
3345 > option is specific to the MS-Win console
3349 >. If this option is used,
3353 > will disconnect from and hide the
3359 CLASS="LITERALLAYOUT"
3367 </P
3378 SUMMARY="Footer navigation table"
3389 HREF="configuration.html"
3407 HREF="actions-file.html"