# Sample Configuration File for Privoxy v3.0.13
#
-# $Id: p-config.sgml,v 2.48 2009/04/17 11:42:07 fabiankeil Exp $
+# $Id: config,v 1.78 2009/04/17 13:27:06 fabiankeil Exp $
#
# Copyright (C) 2001-2009 Privoxy Developers http://www.privoxy.org/
#
forwarded-connect-retries 0
#
#
-# 5.4. accept-intercepted-requests
+# 6. MISCELLANEOUS
+# =================
+#
+# 6.1. accept-intercepted-requests
# =================================
#
# Specifies:
accept-intercepted-requests 0
#
#
-# 5.5. allow-cgi-request-crunching
+# 6.2. allow-cgi-request-crunching
# =================================
#
# Specifies:
allow-cgi-request-crunching 0
#
#
-# 5.6. split-large-forms
+# 6.3. split-large-forms
# =======================
#
# Specifies:
split-large-forms 0
#
#
-# 5.7. keep-alive-timeout
+# 6.4. keep-alive-timeout
# ========================
#
# Specifies:
#
# Effect if unset:
#
-# Connections are not reused.
+# Connections are not kept alive.
#
# Notes:
#
+# This option allows clients to keep the connection to Privoxy
+# alive. If the server supports it, Privoxy will keep the
+# connection to the server alive as well. Under certain
+# circumstances this may result in speed-ups.
+#
+# By default, Privoxy will close the connection to the server if
+# the client connection gets closed, or if the specified timeout
+# has been reached without a new request coming in. This behaviour
+# can be changed with the connection-sharing option.
+#
# This option has no effect if Privoxy has been compiled without
# keep-alive support.
#
+# Examples:
+#
+# keep-alive-timeout 300
+#
+keep-alive-timeout 300
+#
+#
+# 6.5. connection-sharing
+# ========================
+#
+# Specifies:
+#
+# Whether or not outgoing connections that have been kept alive
+# should be shared between different incoming connections.
+#
+# Type of value:
+#
+# 0 or 1
+#
+# Default value:
+#
+# None
+#
+# Effect if unset:
+#
+# Connections are not shared.
+#
+# Notes:
+#
+# This option has no effect if Privoxy has been compiled without
+# keep-alive support, or if it's disabled.
+#
# Notes:
#
# Note that reusing connections doesn't necessary cause
# speedups. There are also a few privacy implications you should
# be aware of.
#
-# Outgoing connections are shared between clients (if there are
-# more than one) and closing the client that initiated the outgoing
-# connection does not affect the connection between Privoxy and
-# the server unless the client's request hasn't been completed
-# yet. If the outgoing connection is idle, it will not be closed
-# until either Privoxy's or the server's timeout is reached. While
+# If this option is effective, outgoing connections are shared
+# between clients (if there are more than one) and closing the
+# client that initiated the outgoing connection does no longer
+# affect the connection between Privoxy and the server unless
+# the client's request hasn't been completed yet.
+#
+# If the outgoing connection is idle, it will not be closed until
+# either Privoxy's or the server's timeout is reached. While
# it's open, the server knows that the system running Privoxy is
# still there.
#
+# If there are more than one client (maybe even belonging to
+# multiple users), they will be able to reuse each others
+# connections. This is potentially dangerous in case of
+# authentication schemes like NTLM where only the connection
+# is authenticated, instead of requiring authentication for
+# each request.
+#
+# If there is only a single client, and if said client can keep
+# connections alive on its own, enabling this option has next to
+# no effect. If the client doesn't support connection keep-alive,
+# enabling this option may make sense as it allows Privoxy to keep
+# outgoing connections alive even if the client itself doesn't
+# support it.
+#
+# This option should only be used by experienced users who
+# understand the risks and can weight them against the benefits.
+#
# Examples:
#
-# keep-alive-timeout 300
+# connection-sharing 1
#
-keep-alive-timeout 300
+#connection-sharing 1
#
#
-# 5.8. socket-timeout
+# 6.6. socket-timeout
# ====================
#
# Specifies:
socket-timeout 300
#
#
-# 6. WINDOWS GUI OPTIONS
+# 6.7. max-client-connections
+# ============================
+#
+# Specifies:
+#
+# Maximum number of client connections that will be served.
+#
+# Type of value:
+#
+# Positive number.
+#
+# Default value:
+#
+# None
+#
+# Effect if unset:
+#
+# Connections are served until a resource limit is reached.
+#
+# Notes:
+#
+# Privoxy creates one thread (or process) for every incoming
+# client connection that isn't rejected based on the access
+# control settings.
+#
+# If the system is powerful enough, Privoxy can theoretically deal
+# with several hundred (or thousand) connections at the same time,
+# but some operating systems enforce resource limits by shutting
+# down offending processes and their default limits may be below
+# the ones Privoxy would require under heavy load.
+#
+# Configuring Privoxy to enforce a connection limit below the
+# thread or process limit used by the operating system makes
+# sure this doesn't happen. Simply increasing the operating
+# system's limit would work too, but if Privoxy isn't the only
+# application running on the system, you may actually want to
+# limit the resources used by Privoxy.
+#
+# If Privoxy is only used by a single trusted user, limiting the
+# number of client connections is probably unnecessary. If there
+# are multiple possibly untrusted users you probably still want
+# to additionally use a packet filter to limit the maximal number
+# of incoming connections per client. Otherwise a malicious user
+# could intentionally create a high number of connections to
+# prevent other users from using Privoxy.
+#
+# Obviously using this option only makes sense if you choose a
+# limit below the one enforced by the operating system.
+#
+# Examples:
+#
+# max-client-connections 256
+#
+#max-client-connections 256
+#
+#
+# 7. WINDOWS GUI OPTIONS
# =======================
#
# Privoxy has a number of options specific to the Windows GUI
> <DIV
CLASS="TABLE"
><A
-NAME="AEN2236"
+NAME="AEN2318"
></A
><P
><B
><H2
CLASS="SECT2"
><A
-NAME="AEN2335"
+NAME="AEN2417"
>8.1. Finding the Right Mix</A
></H2
><P
><H2
CLASS="SECT2"
><A
-NAME="AEN2342"
+NAME="AEN2424"
>8.2. How to Edit</A
></H2
><P
><H3
CLASS="SECT3"
><A
-NAME="AEN2449"
+NAME="AEN2531"
>8.4.1. The Domain Pattern</A
></H3
><P
><H3
CLASS="SECT3"
><A
-NAME="AEN2525"
+NAME="AEN2607"
>8.4.2. The Path Pattern</A
></H3
><P
><H3
CLASS="SECT3"
><A
-NAME="AEN4156"
+NAME="AEN4238"
>8.5.34. Summary</A
></H3
><P
><H3
CLASS="SECT3"
><A
-NAME="AEN4220"
+NAME="AEN4302"
>8.7.1. match-all.action</A
></H3
><P
><H3
CLASS="SECT3"
><A
-NAME="AEN4242"
+NAME="AEN4324"
>8.7.2. default.action</A
></H3
><P
><H3
CLASS="SECT3"
><A
-NAME="AEN4355"
+NAME="AEN4437"
>8.7.3. user.action</A
></H3
><P
></DIV
></BODY
></HTML
->
+>
\ No newline at end of file
><H2
CLASS="SECT2"
><A
-NAME="AEN5237"
+NAME="AEN5319"
>14.2. Privoxy's Internal Pages</A
></H2
><P
Privoxy main page:
</P
><A
-NAME="AEN5251"
+NAME="AEN5333"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
editing of actions files:
</P
><A
-NAME="AEN5259"
+NAME="AEN5341"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
Show the source code version numbers:
</P
><A
-NAME="AEN5264"
+NAME="AEN5346"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
Show the browser's request headers:
</P
><A
-NAME="AEN5269"
+NAME="AEN5351"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
Show which actions apply to a URL and why:
</P
><A
-NAME="AEN5274"
+NAME="AEN5356"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
place:
</P
><A
-NAME="AEN5282"
+NAME="AEN5364"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
> Short cuts. Turn off, then on:
</P
><A
-NAME="AEN5286"
+NAME="AEN5368"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
</P
></BLOCKQUOTE
><A
-NAME="AEN5289"
+NAME="AEN5371"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
></DIV
></BODY
></HTML
->
+>
\ No newline at end of file
></DL
></DIV
></DIV
+></DIV
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="MISC"
+>7.6. Miscellaneous</A
+></H2
><DIV
CLASS="SECT3"
><H4
CLASS="SECT3"
><A
NAME="ACCEPT-INTERCEPTED-REQUESTS"
->7.5.5. accept-intercepted-requests</A
+>7.6.1. accept-intercepted-requests</A
></H4
><P
></P
CLASS="SECT3"
><A
NAME="ALLOW-CGI-REQUEST-CRUNCHING"
->7.5.6. allow-cgi-request-crunching</A
+>7.6.2. allow-cgi-request-crunching</A
></H4
><P
></P
CLASS="SECT3"
><A
NAME="SPLIT-LARGE-FORMS"
->7.5.7. split-large-forms</A
+>7.6.3. split-large-forms</A
></H4
><P
></P
CLASS="SECT3"
><A
NAME="KEEP-ALIVE-TIMEOUT"
->7.5.8. keep-alive-timeout</A
+>7.6.4. keep-alive-timeout</A
></H4
><P
></P
>Effect if unset:</DT
><DD
><P
-> Connections are not reused.
+> Connections are not kept alive.
</P
></DD
><DT
>Notes:</DT
><DD
><P
+> This option allows clients to keep the connection to <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+>
+ alive. If the server supports it, <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> will keep
+ the connection to the server alive as well. Under certain
+ circumstances this may result in speed-ups.
+ </P
+><P
+> By default, <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> will close the connection to the server if
+ the client connection gets closed, or if the specified timeout
+ has been reached without a new request coming in. This behaviour
+ can be changed with the <A
+HREF="#CONNECTION-SHARING"
+TARGET="_top"
+>connection-sharing</A
+> option.
+ </P
+><P
> This option has no effect if <SPAN
CLASS="APPLICATION"
>Privoxy</SPAN
</P
></DD
><DT
+>Examples:</DT
+><DD
+><P
+> keep-alive-timeout 300
+ </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><H4
+CLASS="SECT3"
+><A
+NAME="CONNECTION-SHARING"
+>7.6.5. connection-sharing</A
+></H4
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>Specifies:</DT
+><DD
+><P
+> Whether or not outgoing connections that have been kept alive
+ should be shared between different incoming connections.
+ </P
+></DD
+><DT
+>Type of value:</DT
+><DD
+><P
+> <TT
+CLASS="REPLACEABLE"
+><I
+>0 or 1</I
+></TT
+>
+ </P
+></DD
+><DT
+>Default value:</DT
+><DD
+><P
+>None</P
+></DD
+><DT
+>Effect if unset:</DT
+><DD
+><P
+> Connections are not shared.
+ </P
+></DD
+><DT
+>Notes:</DT
+><DD
+><P
+> This option has no effect if <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+>
+ has been compiled without keep-alive support, or if it's disabled.
+ </P
+></DD
+><DT
>Notes:</DT
><DD
><P
There are also a few privacy implications you should be aware of.
</P
><P
-> Outgoing connections are shared between clients (if there are more
- than one) and closing the client that initiated the outgoing connection
- does not affect the connection between <SPAN
+> If this option is effective, outgoing connections are shared between
+ clients (if there are more than one) and closing the client that initiated
+ the outgoing connection does no longer affect the connection between <SPAN
CLASS="APPLICATION"
>Privoxy</SPAN
-> and the server unless
- the client's request hasn't been completed yet. If the outgoing connection
- is idle, it will not be closed until either <SPAN
+>
+ and the server unless the client's request hasn't been completed yet.
+ </P
+><P
+> If the outgoing connection is idle, it will not be closed until either
+ <SPAN
CLASS="APPLICATION"
>Privoxy's</SPAN
->
- or the server's timeout is reached. While it's open, the server knows
- that the system running <SPAN
+> or the server's timeout is reached.
+ While it's open, the server knows that the system running <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> is still
+ there.
+ </P
+><P
+> If there are more than one client (maybe even belonging to multiple users),
+ they will be able to reuse each others connections. This is potentially
+ dangerous in case of authentication schemes like NTLM where only the
+ connection is authenticated, instead of requiring authentication for
+ each request.
+ </P
+><P
+> If there is only a single client, and if said client can keep connections
+ alive on its own, enabling this option has next to no effect. If the client
+ doesn't support connection keep-alive, enabling this option may make sense
+ as it allows <SPAN
CLASS="APPLICATION"
>Privoxy</SPAN
-> is still there.
+> to keep outgoing connections alive even if the client
+ itself doesn't support it.
+ </P
+><P
+> This option should only be used by experienced users who
+ understand the risks and can weight them against the benefits.
</P
></DD
><DT
>Examples:</DT
><DD
><P
-> keep-alive-timeout 300
+> connection-sharing 1
</P
></DD
></DL
CLASS="SECT3"
><A
NAME="SOCKET-TIMEOUT"
->7.5.9. socket-timeout</A
+>7.6.6. socket-timeout</A
></H4
><P
></P
></DL
></DIV
></DIV
+><DIV
+CLASS="SECT3"
+><H4
+CLASS="SECT3"
+><A
+NAME="MAX-CLIENT-CONNECTIONS"
+>7.6.7. max-client-connections</A
+></H4
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>Specifies:</DT
+><DD
+><P
+> Maximum number of client connections that will be served.
+ </P
+></DD
+><DT
+>Type of value:</DT
+><DD
+><P
+> <TT
+CLASS="REPLACEABLE"
+><I
+>Positive number.</I
+></TT
+>
+ </P
+></DD
+><DT
+>Default value:</DT
+><DD
+><P
+>None</P
+></DD
+><DT
+>Effect if unset:</DT
+><DD
+><P
+> Connections are served until a resource limit is reached.
+ </P
+></DD
+><DT
+>Notes:</DT
+><DD
+><P
+> <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> creates one thread (or process) for every incoming client
+ connection that isn't rejected based on the access control settings.
+ </P
+><P
+> If the system is powerful enough, <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> can theoretically deal with
+ several hundred (or thousand) connections at the same time, but some
+ operating systems enforce resource limits by shutting down offending
+ processes and their default limits may be below the ones <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> would
+ require under heavy load.
+ </P
+><P
+> Configuring <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> to enforce a connection limit below the thread
+ or process limit used by the operating system makes sure this doesn't
+ happen. Simply increasing the operating system's limit would work too,
+ but if <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> isn't the only application running on the system,
+ you may actually want to limit the resources used by <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+>.
+ </P
+><P
+> If <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> is only used by a single trusted user, limiting the
+ number of client connections is probably unnecessary. If there
+ are multiple possibly untrusted users you probably still want to
+ additionally use a packet filter to limit the maximal number of
+ incoming connections per client. Otherwise a malicious user could
+ intentionally create a high number of connections to prevent other
+ users from using <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+>.
+ </P
+><P
+> Obviously using this option only makes sense if you choose a limit
+ below the one enforced by the operating system.
+ </P
+></DD
+><DT
+>Examples:</DT
+><DD
+><P
+> max-client-connections 256
+ </P
+></DD
+></DL
+></DIV
+></DIV
></DIV
><DIV
CLASS="SECT2"
CLASS="SECT2"
><A
NAME="WINDOWS-GUI"
->7.6. Windows GUI Options</A
+>7.7. Windows GUI Options</A
></H2
><P
> <SPAN
></DIV
></BODY
></HTML
->
+>
\ No newline at end of file
></DIV
></BODY
></HTML
->
+>
\ No newline at end of file
></DIV
></BODY
></HTML
->
+>
\ No newline at end of file
><H2
CLASS="SECT2"
><A
-NAME="AEN4984"
+NAME="AEN5066"
>12.1. License</A
></H2
><P
></DIV
></BODY
></HTML
->
+>
\ No newline at end of file
><H2
CLASS="SECT2"
><A
-NAME="AEN4510"
+NAME="AEN4592"
>9.1. Filter File Tutorial</A
></H2
><P
></DIV
></BODY
></HTML
->
+>
\ No newline at end of file
HREF="config.html#FORWARDED-CONNECT-RETRIES"
>forwarded-connect-retries</A
></DT
+></DL
+></DD
+><DT
+>7.6. <A
+HREF="config.html#MISC"
+>Miscellaneous</A
+></DT
+><DD
+><DL
><DT
->7.5.5. <A
+>7.6.1. <A
HREF="config.html#ACCEPT-INTERCEPTED-REQUESTS"
>accept-intercepted-requests</A
></DT
><DT
->7.5.6. <A
+>7.6.2. <A
HREF="config.html#ALLOW-CGI-REQUEST-CRUNCHING"
>allow-cgi-request-crunching</A
></DT
><DT
->7.5.7. <A
+>7.6.3. <A
HREF="config.html#SPLIT-LARGE-FORMS"
>split-large-forms</A
></DT
><DT
->7.5.8. <A
+>7.6.4. <A
HREF="config.html#KEEP-ALIVE-TIMEOUT"
>keep-alive-timeout</A
></DT
><DT
->7.5.9. <A
+>7.6.5. <A
+HREF="config.html#CONNECTION-SHARING"
+>connection-sharing</A
+></DT
+><DT
+>7.6.6. <A
HREF="config.html#SOCKET-TIMEOUT"
>socket-timeout</A
></DT
+><DT
+>7.6.7. <A
+HREF="config.html#MAX-CLIENT-CONNECTIONS"
+>max-client-connections</A
+></DT
></DL
></DD
><DT
->7.6. <A
+>7.7. <A
HREF="config.html#WINDOWS-GUI"
>Windows GUI Options</A
></DT
><DL
><DT
>8.1. <A
-HREF="actions-file.html#AEN2335"
+HREF="actions-file.html#AEN2417"
>Finding the Right Mix</A
></DT
><DT
>8.2. <A
-HREF="actions-file.html#AEN2342"
+HREF="actions-file.html#AEN2424"
>How to Edit</A
></DT
><DT
><DL
><DT
>8.4.1. <A
-HREF="actions-file.html#AEN2449"
+HREF="actions-file.html#AEN2531"
>The Domain Pattern</A
></DT
><DT
>8.4.2. <A
-HREF="actions-file.html#AEN2525"
+HREF="actions-file.html#AEN2607"
>The Path Pattern</A
></DT
><DT
></DT
><DT
>8.5.34. <A
-HREF="actions-file.html#AEN4156"
+HREF="actions-file.html#AEN4238"
>Summary</A
></DT
></DL
><DL
><DT
>8.7.1. <A
-HREF="actions-file.html#AEN4220"
+HREF="actions-file.html#AEN4302"
>match-all.action</A
></DT
><DT
>8.7.2. <A
-HREF="actions-file.html#AEN4242"
+HREF="actions-file.html#AEN4324"
>default.action</A
></DT
><DT
>8.7.3. <A
-HREF="actions-file.html#AEN4355"
+HREF="actions-file.html#AEN4437"
>user.action</A
></DT
></DL
><DL
><DT
>9.1. <A
-HREF="filter-file.html#AEN4510"
+HREF="filter-file.html#AEN4592"
>Filter File Tutorial</A
></DT
><DT
><DL
><DT
>12.1. <A
-HREF="copyright.html#AEN4984"
+HREF="copyright.html#AEN5066"
>License</A
></DT
><DT
></DT
><DT
>14.2. <A
-HREF="appendix.html#AEN5237"
+HREF="appendix.html#AEN5319"
>Privoxy's Internal Pages</A
></DT
><DD
></DIV
></BODY
></HTML
->
+>
\ No newline at end of file
></DIV
></BODY
></HTML
->
+>
\ No newline at end of file
></DIV
></BODY
></HTML
->
+>
\ No newline at end of file
></DIV
></BODY
></HTML
->
+>
\ No newline at end of file
></DIV
></BODY
></HTML
->
+>
\ No newline at end of file
></DIV
></BODY
></HTML
->
+>
\ No newline at end of file
></DIV
></BODY
></HTML
->
+>
\ No newline at end of file
></DIV
></BODY
></HTML
->
+>
\ No newline at end of file