-TAG:^User-Agent: Ubuntu APT-HTTP/
-TAG:^User-Agent: MPlayer/
-
-</pre>
- </td>
- </tr>
- </table>
- </dd>
- </dl>
- </div>
- </div>
-
- <div class="SECT3">
- <h4 class="SECT3"><a name="CONTENT-TYPE-OVERWRITE" id=
- "CONTENT-TYPE-OVERWRITE">8.5.6. content-type-overwrite</a></h4>
-
- <div class="VARIABLELIST">
- <dl>
- <dt>Typical use:</dt>
-
- <dd>
- <p>Stop useless download menus from popping up, or change the
- browser's rendering mode</p>
- </dd>
-
- <dt>Effect:</dt>
-
- <dd>
- <p>Replaces the <span class="QUOTE">"Content-Type:"</span> HTTP
- server header.</p>
- </dd>
-
- <dt>Type:</dt>
-
- <dd>
- <p>Parameterized.</p>
- </dd>
-
- <dt>Parameter:</dt>
-
- <dd>
- <p>Any string.</p>
- </dd>
-
- <dt>Notes:</dt>
-
- <dd>
- <p>The <span class="QUOTE">"Content-Type:"</span> HTTP server
- header is used by the browser to decide what to do with the
- document. The value of this header can cause the browser to
- open a download menu instead of displaying the document by
- itself, even if the document's format is supported by the
- browser.</p>
-
- <p>The declared content type can also affect which rendering
- mode the browser chooses. If XHTML is delivered as <span class=
- "QUOTE">"text/html"</span>, many browsers treat it as yet
- another broken HTML document. If it is send as <span class=
- "QUOTE">"application/xml"</span>, browsers with XHTML support
- will only display it, if the syntax is correct.</p>
-
- <p>If you see a web site that proudly uses XHTML buttons, but
- sets <span class="QUOTE">"Content-Type: text/html"</span>, you
- can use <span class="APPLICATION">Privoxy</span> to overwrite
- it with <span class="QUOTE">"application/xml"</span> and
- validate the web master's claim inside your XHTML-supporting
- browser. If the syntax is incorrect, the browser will complain
- loudly.</p>
-
- <p>You can also go the opposite direction: if your browser
- prints error messages instead of rendering a document falsely
- declared as XHTML, you can overwrite the content type with
- <span class="QUOTE">"text/html"</span> and have it rendered as
- broken HTML document.</p>
-
- <p>By default <tt class="LITERAL">content-type-overwrite</tt>
- only replaces <span class="QUOTE">"Content-Type:"</span>
- headers that look like some kind of text. If you want to
- overwrite it unconditionally, you have to combine it with
- <tt class="LITERAL"><a href=
- "actions-file.html#FORCE-TEXT-MODE">force-text-mode</a></tt>.
- This limitation exists for a reason, think twice before
- circumventing it.</p>
-
- <p>Most of the time it's easier to replace this action with a
- custom <tt class="LITERAL"><a href=
- "actions-file.html#SERVER-HEADER-FILTER">server-header
- filter</a></tt>. It allows you to activate it for every
- document of a certain site and it will still only replace the
- content types you aimed at.</p>
-
- <p>Of course you can apply <tt class=
- "LITERAL">content-type-overwrite</tt> to a whole site and then
- make URL based exceptions, but it's a lot more work to get the
- same precision.</p>
- </dd>
-
- <dt>Example usage (sections):</dt>
-
- <dd>
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-# Check if www.example.net/ really uses valid XHTML
-{ +content-type-overwrite{application/xml} }
-www.example.net/
-
-# but leave the content type unmodified if the URL looks like a style sheet
-{-content-type-overwrite}
-www.example.net/.*\.css$
-www.example.net/.*style
-</pre>
- </td>
- </tr>
- </table>
- </dd>
- </dl>
- </div>
- </div>
-
- <div class="SECT3">
- <h4 class="SECT3"><a name="CRUNCH-CLIENT-HEADER" id=
- "CRUNCH-CLIENT-HEADER">8.5.7. crunch-client-header</a></h4>
-
- <div class="VARIABLELIST">
- <dl>
- <dt>Typical use:</dt>
-
- <dd>
- <p>Remove a client header <span class=
- "APPLICATION">Privoxy</span> has no dedicated action for.</p>
- </dd>
-
- <dt>Effect:</dt>
-
- <dd>
- <p>Deletes every header sent by the client that contains the
- string the user supplied as parameter.</p>
- </dd>
-
- <dt>Type:</dt>
-
- <dd>
- <p>Parameterized.</p>
- </dd>
-
- <dt>Parameter:</dt>
-
- <dd>
- <p>Any string.</p>
- </dd>
-
- <dt>Notes:</dt>
-
- <dd>
- <p>This action allows you to block client headers for which no
- dedicated <span class="APPLICATION">Privoxy</span> action
- exists. <span class="APPLICATION">Privoxy</span> will remove
- every client header that contains the string you supplied as
- parameter.</p>
-
- <p>Regular expressions are <span class=
- "emphasis EMPHASIS c2">not supported</span> and you can't use
- this action to block different headers in the same request,
- unless they contain the same string.</p>
-
- <p><tt class="LITERAL">crunch-client-header</tt> is only meant
- for quick tests. If you have to block several different
- headers, or only want to modify parts of them, you should use a
- <tt class="LITERAL"><a href=
- "actions-file.html#CLIENT-HEADER-FILTER">client-header
- filter</a></tt>.</p>
-
- <div class="WARNING">
- <table class="WARNING" border="1" width="90%">
- <tr>
- <td class="c6" align="center">Warning</td>
- </tr>
-
- <tr>
- <td align="left">
- <p>Don't block any header without understanding the
- consequences.</p>
- </td>
- </tr>
- </table>
- </div>
- </dd>
-
- <dt>Example usage (section):</dt>
-
- <dd>
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-# Block the non-existent "Privacy-Violation:" client header
-{ +crunch-client-header{Privacy-Violation:} }
-/
-
-</pre>
- </td>
- </tr>
- </table>
- </dd>
- </dl>
- </div>
- </div>
-
- <div class="SECT3">
- <h4 class="SECT3"><a name="CRUNCH-IF-NONE-MATCH" id=
- "CRUNCH-IF-NONE-MATCH">8.5.8. crunch-if-none-match</a></h4>
-
- <div class="VARIABLELIST">
- <dl>
- <dt>Typical use:</dt>
-
- <dd>
- <p>Prevent yet another way to track the user's steps between
- sessions.</p>
- </dd>
-
- <dt>Effect:</dt>
-
- <dd>
- <p>Deletes the <span class="QUOTE">"If-None-Match:"</span> HTTP
- client header.</p>
- </dd>
-
- <dt>Type:</dt>
-
- <dd>
- <p>Boolean.</p>
- </dd>
-
- <dt>Parameter:</dt>
-
- <dd>
- <p>N/A</p>
- </dd>
-
- <dt>Notes:</dt>
-
- <dd>
- <p>Removing the <span class="QUOTE">"If-None-Match:"</span>
- HTTP client header is useful for filter testing, where you want
- to force a real reload instead of getting status code
- <span class="QUOTE">"304"</span> which would cause the browser
- to use a cached copy of the page.</p>
-
- <p>It is also useful to make sure the header isn't used as a
- cookie replacement (unlikely but possible).</p>
-
- <p>Blocking the <span class="QUOTE">"If-None-Match:"</span>
- header shouldn't cause any caching problems, as long as the
- <span class="QUOTE">"If-Modified-Since:"</span> header isn't
- blocked or missing as well.</p>
-
- <p>It is recommended to use this action together with
- <tt class="LITERAL"><a href=
- "actions-file.html#HIDE-IF-MODIFIED-SINCE">hide-if-modified-since</a></tt>
- and <tt class="LITERAL"><a href=
- "actions-file.html#OVERWRITE-LAST-MODIFIED">overwrite-last-modified</a></tt>.</p>
- </dd>
-
- <dt>Example usage (section):</dt>
-
- <dd>
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-# Let the browser revalidate cached documents but don't
-# allow the server to use the revalidation headers for user tracking.
-{+hide-if-modified-since{-60} \
- +overwrite-last-modified{randomize} \
- +crunch-if-none-match}
-/
-</pre>
- </td>
- </tr>
- </table>
- </dd>
- </dl>
- </div>
- </div>
-
- <div class="SECT3">
- <h4 class="SECT3"><a name="CRUNCH-INCOMING-COOKIES" id=
- "CRUNCH-INCOMING-COOKIES">8.5.9. crunch-incoming-cookies</a></h4>
-
- <div class="VARIABLELIST">
- <dl>
- <dt>Typical use:</dt>
-
- <dd>
- <p>Prevent the web server from setting HTTP cookies on your
- system</p>
- </dd>
-
- <dt>Effect:</dt>
-
- <dd>
- <p>Deletes any <span class="QUOTE">"Set-Cookie:"</span> HTTP
- headers from server replies.</p>
- </dd>
-
- <dt>Type:</dt>
-
- <dd>
- <p>Boolean.</p>
- </dd>
-
- <dt>Parameter:</dt>
-
- <dd>
- <p>N/A</p>
- </dd>
-
- <dt>Notes:</dt>
-
- <dd>
- <p>This action is only concerned with <span class=
- "emphasis EMPHASIS c2">incoming</span> HTTP cookies. For
- <span class="emphasis EMPHASIS c2">outgoing</span> HTTP
- cookies, use <tt class="LITERAL"><a href=
- "actions-file.html#CRUNCH-OUTGOING-COOKIES">crunch-outgoing-cookies</a></tt>.
- Use <span class="emphasis EMPHASIS c2">both</span> to disable
- HTTP cookies completely.</p>
-
- <p>It makes <span class="emphasis EMPHASIS c2">no sense at
- all</span> to use this action in conjunction with the
- <tt class="LITERAL"><a href=
- "actions-file.html#SESSION-COOKIES-ONLY">session-cookies-only</a></tt>
- action, since it would prevent the session cookies from being
- set. See also <tt class="LITERAL"><a href=
- "actions-file.html#FILTER-CONTENT-COOKIES">filter-content-cookies</a></tt>.</p>
- </dd>
-
- <dt>Example usage:</dt>
-
- <dd>
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-+crunch-incoming-cookies
-</pre>
- </td>
- </tr>
- </table>
- </dd>
- </dl>
- </div>
- </div>
-
- <div class="SECT3">
- <h4 class="SECT3"><a name="CRUNCH-SERVER-HEADER" id=
- "CRUNCH-SERVER-HEADER">8.5.10. crunch-server-header</a></h4>
-
- <div class="VARIABLELIST">
- <dl>
- <dt>Typical use:</dt>
-
- <dd>
- <p>Remove a server header <span class=
- "APPLICATION">Privoxy</span> has no dedicated action for.</p>
- </dd>
-
- <dt>Effect:</dt>
-
- <dd>
- <p>Deletes every header sent by the server that contains the
- string the user supplied as parameter.</p>
- </dd>
-
- <dt>Type:</dt>
-
- <dd>
- <p>Parameterized.</p>
- </dd>
-
- <dt>Parameter:</dt>
-
- <dd>
- <p>Any string.</p>
- </dd>
-
- <dt>Notes:</dt>
-
- <dd>
- <p>This action allows you to block server headers for which no
- dedicated <span class="APPLICATION">Privoxy</span> action
- exists. <span class="APPLICATION">Privoxy</span> will remove
- every server header that contains the string you supplied as
- parameter.</p>
-
- <p>Regular expressions are <span class=
- "emphasis EMPHASIS c2">not supported</span> and you can't use
- this action to block different headers in the same request,
- unless they contain the same string.</p>
-
- <p><tt class="LITERAL">crunch-server-header</tt> is only meant
- for quick tests. If you have to block several different
- headers, or only want to modify parts of them, you should use a
- custom <tt class="LITERAL"><a href=
- "actions-file.html#SERVER-HEADER-FILTER">server-header
- filter</a></tt>.</p>
-
- <div class="WARNING">
- <table class="WARNING" border="1" width="90%">
- <tr>
- <td class="c6" align="center">Warning</td>
- </tr>
-
- <tr>
- <td align="left">
- <p>Don't block any header without understanding the
- consequences.</p>
- </td>
- </tr>
- </table>
- </div>
- </dd>
-
- <dt>Example usage (section):</dt>
-
- <dd>
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-# Crunch server headers that try to prevent caching
-{ +crunch-server-header{no-cache} }
-/
-</pre>
- </td>
- </tr>
- </table>
- </dd>
- </dl>
- </div>
- </div>
-
- <div class="SECT3">
- <h4 class="SECT3"><a name="CRUNCH-OUTGOING-COOKIES" id=
- "CRUNCH-OUTGOING-COOKIES">8.5.11. crunch-outgoing-cookies</a></h4>
-
- <div class="VARIABLELIST">
- <dl>
- <dt>Typical use:</dt>
-
- <dd>
- <p>Prevent the web server from reading any HTTP cookies from
- your system</p>
- </dd>
-
- <dt>Effect:</dt>
-
- <dd>
- <p>Deletes any <span class="QUOTE">"Cookie:"</span> HTTP
- headers from client requests.</p>
- </dd>
-
- <dt>Type:</dt>
-
- <dd>
- <p>Boolean.</p>
- </dd>
-
- <dt>Parameter:</dt>
-
- <dd>
- <p>N/A</p>
- </dd>
-
- <dt>Notes:</dt>
-
- <dd>
- <p>This action is only concerned with <span class=
- "emphasis EMPHASIS c2">outgoing</span> HTTP cookies. For
- <span class="emphasis EMPHASIS c2">incoming</span> HTTP
- cookies, use <tt class="LITERAL"><a href=
- "actions-file.html#CRUNCH-INCOMING-COOKIES">crunch-incoming-cookies</a></tt>.
- Use <span class="emphasis EMPHASIS c2">both</span> to disable
- HTTP cookies completely.</p>
-
- <p>It makes <span class="emphasis EMPHASIS c2">no sense at
- all</span> to use this action in conjunction with the
- <tt class="LITERAL"><a href=
- "actions-file.html#SESSION-COOKIES-ONLY">session-cookies-only</a></tt>
- action, since it would prevent the session cookies from being
- read.</p>
- </dd>
-
- <dt>Example usage:</dt>
-
- <dd>
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-+crunch-outgoing-cookies
-</pre>
- </td>
- </tr>
- </table>
- </dd>
- </dl>
- </div>
- </div>
-
- <div class="SECT3">
- <h4 class="SECT3"><a name="DEANIMATE-GIFS" id=
- "DEANIMATE-GIFS">8.5.12. deanimate-gifs</a></h4>
-
- <div class="VARIABLELIST">
- <dl>
- <dt>Typical use:</dt>
-
- <dd>
- <p>Stop those annoying, distracting animated GIF images.</p>
- </dd>
-
- <dt>Effect:</dt>
-
- <dd>
- <p>De-animate GIF animations, i.e. reduce them to their first
- or last image.</p>
- </dd>
-
- <dt>Type:</dt>
-
- <dd>
- <p>Parameterized.</p>
- </dd>
-
- <dt>Parameter:</dt>
-
- <dd>
- <p><span class="QUOTE">"last"</span> or <span class=
- "QUOTE">"first"</span></p>
- </dd>
-
- <dt>Notes:</dt>
-
- <dd>
- <p>This will also shrink the images considerably (in bytes, not
- pixels!). If the option <span class="QUOTE">"first"</span> is
- given, the first frame of the animation is used as the
- replacement. If <span class="QUOTE">"last"</span> is given, the
- last frame of the animation is used instead, which probably
- makes more sense for most banner animations, but also has the
- risk of not showing the entire last frame (if it is only a
- delta to an earlier frame).</p>
-
- <p>You can safely use this action with patterns that will also
- match non-GIF objects, because no attempt will be made at
- anything that doesn't look like a GIF.</p>
- </dd>
-
- <dt>Example usage:</dt>
-
- <dd>
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-+deanimate-gifs{last}
-</pre>
- </td>
- </tr>
- </table>
- </dd>
- </dl>
- </div>
- </div>
-
- <div class="SECT3">
- <h4 class="SECT3"><a name="DOWNGRADE-HTTP-VERSION" id=
- "DOWNGRADE-HTTP-VERSION">8.5.13. downgrade-http-version</a></h4>
-
- <div class="VARIABLELIST">
- <dl>
- <dt>Typical use:</dt>
-
- <dd>
- <p>Work around (very rare) problems with HTTP/1.1</p>
- </dd>
-
- <dt>Effect:</dt>
-
- <dd>
- <p>Downgrades HTTP/1.1 client requests and server replies to
- HTTP/1.0.</p>
- </dd>
-
- <dt>Type:</dt>
-
- <dd>
- <p>Boolean.</p>
- </dd>
-
- <dt>Parameter:</dt>
-
- <dd>
- <p>N/A</p>
- </dd>
-
- <dt>Notes:</dt>
-
- <dd>
- <p>This is a left-over from the time when <span class=
- "APPLICATION">Privoxy</span> didn't support important HTTP/1.1
- features well. It is left here for the unlikely case that you
- experience HTTP/1.1-related problems with some server out
- there.</p>
-
- <p>Note that enabling this action is only a workaround. It
- should not be enabled for sites that work without it. While it
- shouldn't break any pages, it has an (usually negative)
- performance impact.</p>
-
- <p>If you come across a site where enabling this action helps,
- please report it, so the cause of the problem can be analyzed.
- If the problem turns out to be caused by a bug in <span class=
- "APPLICATION">Privoxy</span> it should be fixed so the
- following release works without the work around.</p>
- </dd>
-
- <dt>Example usage (section):</dt>
-
- <dd>
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-{+downgrade-http-version}
-problem-host.example.com
-</pre>
- </td>
- </tr>
- </table>
- </dd>
- </dl>
- </div>
- </div>
-
- <div class="SECT3">
- <h4 class="SECT3"><a name="FAST-REDIRECTS" id=
- "FAST-REDIRECTS">8.5.14. fast-redirects</a></h4>
-
- <div class="VARIABLELIST">
- <dl>
- <dt>Typical use:</dt>
-
- <dd>
- <p>Fool some click-tracking scripts and speed up indirect
- links.</p>
- </dd>
-
- <dt>Effect:</dt>
-
- <dd>
- <p>Detects redirection URLs and redirects the browser without
- contacting the redirection server first.</p>
- </dd>
-
- <dt>Type:</dt>
-
- <dd>
- <p>Parameterized.</p>
- </dd>
-
- <dt>Parameter:</dt>
-
- <dd>
- <ul>
- <li>
- <p><span class="QUOTE">"simple-check"</span> to just search
- for the string <span class="QUOTE">"http://"</span> to
- detect redirection URLs.</p>
- </li>
-
- <li>
- <p><span class="QUOTE">"check-decoded-url"</span> to decode
- URLs (if necessary) before searching for redirection
- URLs.</p>
- </li>
- </ul>
- </dd>
-
- <dt>Notes:</dt>
-
- <dd>
- <p>Many sites, like yahoo.com, don't just link to other sites.
- Instead, they will link to some script on their own servers,
- giving the destination as a parameter, which will then redirect
- you to the final target. URLs resulting from this scheme
- typically look like: <span class=
- "QUOTE">"http://www.example.org/click-tracker.cgi?target=http%3a//www.example.net/"</span>.</p>
-
- <p>Sometimes, there are even multiple consecutive redirects
- encoded in the URL. These redirections via scripts make your
- web browsing more traceable, since the server from which you
- follow such a link can see where you go to. Apart from that,
- valuable bandwidth and time is wasted, while your browser asks
- the server for one redirect after the other. Plus, it feeds the
- advertisers.</p>
-
- <p>This feature is currently not very smart and is scheduled
- for improvement. If it is enabled by default, you will have to
- create some exceptions to this action. It can lead to failures
- in several ways:</p>
-
- <p>Not every URLs with other URLs as parameters is evil. Some
- sites offer a real service that requires this information to
- work. For example a validation service needs to know, which
- document to validate. <tt class="LITERAL">fast-redirects</tt>
- assumes that every URL parameter that looks like another URL is
- a redirection target, and will always redirect to the last one.
- Most of the time the assumption is correct, but if it isn't,
- the user gets redirected anyway.</p>
-
- <p>Another failure occurs if the URL contains other parameters
- after the URL parameter. The URL: <span class=
- "QUOTE">"http://www.example.org/?redirect=http%3a//www.example.net/&foo=bar"</span>.
- contains the redirection URL <span class=
- "QUOTE">"http://www.example.net/"</span>, followed by another
- parameter. <tt class="LITERAL">fast-redirects</tt> doesn't know
- that and will cause a redirect to <span class=
- "QUOTE">"http://www.example.net/&foo=bar"</span>. Depending
- on the target server configuration, the parameter will be
- silently ignored or lead to a <span class="QUOTE">"page not
- found"</span> error. You can prevent this problem by first
- using the <tt class="LITERAL"><a href=
- "actions-file.html#REDIRECT">redirect</a></tt> action to remove
- the last part of the URL, but it requires a little effort.</p>
-
- <p>To detect a redirection URL, <tt class=
- "LITERAL">fast-redirects</tt> only looks for the string
- <span class="QUOTE">"http://"</span>, either in plain text
- (invalid but often used) or encoded as <span class=
- "QUOTE">"http%3a//"</span>. Some sites use their own URL
- encoding scheme, encrypt the address of the target server or
- replace it with a database id. In theses cases <tt class=
- "LITERAL">fast-redirects</tt> is fooled and the request reaches
- the redirection server where it probably gets logged.</p>
- </dd>
-
- <dt>Example usage:</dt>
-
- <dd>
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
- { +fast-redirects{simple-check} }
- one.example.com
-
- { +fast-redirects{check-decoded-url} }
- another.example.com/testing
-</pre>
- </td>
- </tr>
- </table>
- </dd>
- </dl>
- </div>
- </div>
-
- <div class="SECT3">
- <h4 class="SECT3"><a name="FILTER" id="FILTER">8.5.15.
- filter</a></h4>
-
- <div class="VARIABLELIST">
- <dl>
- <dt>Typical use:</dt>
-
- <dd>
- <p>Get rid of HTML and JavaScript annoyances, banner
- advertisements (by size), do fun text replacements, add
- personalized effects, etc.</p>
- </dd>
-
- <dt>Effect:</dt>
-
- <dd>
- <p>All instances of text-based type, most notably HTML and
- JavaScript, to which this action applies, can be filtered
- on-the-fly through the specified regular expression based
- substitutions. (Note: as of version 3.0.3 plain text documents
- are exempted from filtering, because web servers often use the
- <tt class="LITERAL">text/plain</tt> MIME type for all files
- whose type they don't know.)</p>
- </dd>
-
- <dt>Type:</dt>
-
- <dd>
- <p>Parameterized.</p>
- </dd>
-
- <dt>Parameter:</dt>
-
- <dd>
- <p>The name of a content filter, as defined in the <a href=
- "filter-file.html">filter file</a>. Filters can be defined in
- one or more files as defined by the <tt class=
- "LITERAL"><a href="config.html#FILTERFILE">filterfile</a></tt>
- option in the <a href="config.html">config file</a>. <tt class=
- "FILENAME">default.filter</tt> is the collection of filters
- supplied by the developers. Locally defined filters should go
- in their own file, such as <tt class=
- "FILENAME">user.filter</tt>.</p>
-
- <p>When used in its negative form, and without parameters,
- <span class="emphasis EMPHASIS c2">all</span> filtering is
- completely disabled.</p>
- </dd>
-
- <dt>Notes:</dt>
-
- <dd>
- <p>For your convenience, there are a number of pre-defined
- filters available in the distribution filter file that you can
- use. See the examples below for a list.</p>
-
- <p>Filtering requires buffering the page content, which may
- appear to slow down page rendering since nothing is displayed
- until all content has passed the filters. (The total time until
- the page is completely rendered doesn't change much, but it may
- be perceived as slower since the page is not incrementally
- displayed.) This effect will be more noticeable on slower
- connections.</p>
-
- <p><span class="QUOTE">"Rolling your own"</span> filters
- requires a knowledge of <a href=
- "http://en.wikipedia.org/wiki/Regular_expressions" target=
- "_top"><span class="QUOTE">"Regular Expressions"</span></a> and
- <a href="http://en.wikipedia.org/wiki/Html" target=
- "_top"><span class="QUOTE">"HTML"</span></a>. This is very
- powerful feature, and potentially very intrusive. Filters
- should be used with caution, and where an equivalent
- <span class="QUOTE">"action"</span> is not available.</p>
-
- <p>The amount of data that can be filtered is limited to the
- <tt class="LITERAL"><a href=
- "config.html#BUFFER-LIMIT">buffer-limit</a></tt> option in the
- main <a href="config.html">config file</a>. The default is 4096
- KB (4 Megs). Once this limit is exceeded, the buffered data,
- and all pending data, is passed through unfiltered.</p>
-
- <p>Inappropriate MIME types, such as zipped files, are not
- filtered at all. (Again, only text-based types except plain
- text). Encrypted SSL data (from HTTPS servers) cannot be
- filtered either, since this would violate the integrity of the
- secure transaction. In some situations it might be necessary to
- protect certain text, like source code, from filtering by
- defining appropriate <tt class="LITERAL">-filter</tt>
- exceptions.</p>
-
- <p>Compressed content can't be filtered either, but if
- <span class="APPLICATION">Privoxy</span> is compiled with zlib
- support and a supported compression algorithm is used (gzip or
- deflate), <span class="APPLICATION">Privoxy</span> can first
- decompress the content and then filter it.</p>
-
- <p>If you use a <span class="APPLICATION">Privoxy</span>
- version without zlib support, but want filtering to work on as
- much documents as possible, even those that would normally be
- sent compressed, you must use the <tt class="LITERAL"><a href=
- "actions-file.html#PREVENT-COMPRESSION">prevent-compression</a></tt>
- action in conjunction with <tt class="LITERAL">filter</tt>.</p>
-
- <p>Content filtering can achieve some of the same effects as
- the <tt class="LITERAL"><a href=
- "actions-file.html#BLOCK">block</a></tt> action, i.e. it can be
- used to block ads and banners. But the mechanism works quite
- differently. One effective use, is to block ad banners based on
- their size (see below), since many of these seem to be somewhat
- standardized.</p>
-
- <p><a href="contact.html">Feedback</a> with suggestions for new
- or improved filters is particularly welcome!</p>
-
- <p>The below list has only the names and a one-line description
- of each predefined filter. There are <a href=
- "filter-file.html#PREDEFINED-FILTERS">more verbose
- explanations</a> of what these filters do in the <a href=
- "filter-file.html">filter file chapter</a>.</p>
- </dd>
-
- <dt>Example usage (with filters from the distribution <tt class=
- "FILENAME">default.filter</tt> file). See <a href=
- "filter-file.html#PREDEFINED-FILTERS">the Predefined Filters
- section</a> for more explanation on each:</dt>
-
- <dd>
- <p><a name="FILTER-JS-ANNOYANCES" id=
- "FILTER-JS-ANNOYANCES"></a></p>
-
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-+filter{js-annoyances} # Get rid of particularly annoying JavaScript abuse.
-</pre>
- </td>
- </tr>
- </table>
-
- <p><a name="FILTER-JS-EVENTS" id="FILTER-JS-EVENTS"></a></p>
-
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-+filter{js-events} # Kill all JS event bindings and timers (Radically destructive! Only for extra nasty sites).
-</pre>
- </td>
- </tr>
- </table>
-
- <p><a name="FILTER-HTML-ANNOYANCES" id=
- "FILTER-HTML-ANNOYANCES"></a></p>
-
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-+filter{html-annoyances} # Get rid of particularly annoying HTML abuse.
-</pre>
- </td>
- </tr>
- </table>
-
- <p><a name="FILTER-CONTENT-COOKIES" id=
- "FILTER-CONTENT-COOKIES"></a></p>
-
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-+filter{content-cookies} # Kill cookies that come in the HTML or JS content.
-</pre>
- </td>
- </tr>
- </table>
-
- <p><a name="FILTER-REFRESH-TAGS" id=
- "FILTER-REFRESH-TAGS"></a></p>
-
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-+filter{refresh-tags} # Kill automatic refresh tags (for dial-on-demand setups).
-</pre>
- </td>
- </tr>
- </table>
-
- <p><a name="FILTER-UNSOLICITED-POPUPS" id=
- "FILTER-UNSOLICITED-POPUPS"></a></p>
-
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-+filter{unsolicited-popups} # Disable only unsolicited pop-up windows. Useful if your browser lacks this ability.
-</pre>
- </td>
- </tr>
- </table>
-
- <p><a name="FILTER-ALL-POPUPS" id="FILTER-ALL-POPUPS"></a></p>
-
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-+filter{all-popups} # Kill all popups in JavaScript and HTML. Useful if your browser lacks this ability.
-</pre>
- </td>
- </tr>
- </table>
-
- <p><a name="FILTER-IMG-REORDER" id=
- "FILTER-IMG-REORDER"></a></p>
-
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-+filter{img-reorder} # Reorder attributes in <img> tags to make the banners-by-* filters more effective.
-</pre>
- </td>
- </tr>
- </table>
-
- <p><a name="FILTER-BANNERS-BY-SIZE" id=
- "FILTER-BANNERS-BY-SIZE"></a></p>
-
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-+filter{banners-by-size} # Kill banners by size.
-</pre>
- </td>
- </tr>
- </table>
-
- <p><a name="FILTER-BANNERS-BY-LINK" id=
- "FILTER-BANNERS-BY-LINK"></a></p>
-
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-+filter{banners-by-link} # Kill banners by their links to known clicktrackers.
-</pre>
- </td>
- </tr>
- </table>
-
- <p><a name="FILTER-WEBBUGS" id="FILTER-WEBBUGS"></a></p>
-
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-+filter{webbugs} # Squish WebBugs (1x1 invisible GIFs used for user tracking).
-</pre>
- </td>
- </tr>
- </table>
-
- <p><a name="FILTER-TINY-TEXTFORMS" id=
- "FILTER-TINY-TEXTFORMS"></a></p>
-
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-+filter{tiny-textforms} # Extend those tiny textareas up to 40x80 and kill the hard wrap.
-</pre>
- </td>
- </tr>
- </table>
-
- <p><a name="FILTER-JUMPING-WINDOWS" id=
- "FILTER-JUMPING-WINDOWS"></a></p>
-
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-+filter{jumping-windows} # Prevent windows from resizing and moving themselves.
-</pre>
- </td>
- </tr>
- </table>
-
- <p><a name="FILTER-FRAMESET-BORDERS" id=
- "FILTER-FRAMESET-BORDERS"></a></p>
-
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-+filter{frameset-borders} # Give frames a border and make them resizable.
-</pre>
- </td>
- </tr>
- </table>
-
- <p><a name="FILTER-DEMORONIZER" id=
- "FILTER-DEMORONIZER"></a></p>
-
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-+filter{demoronizer} # Fix MS's non-standard use of standard charsets.
-</pre>
- </td>
- </tr>
- </table>
-
- <p><a name="FILTER-SHOCKWAVE-FLASH" id=
- "FILTER-SHOCKWAVE-FLASH"></a></p>
-
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-+filter{shockwave-flash} # Kill embedded Shockwave Flash objects.
-</pre>
- </td>
- </tr>
- </table>
-
- <p><a name="FILTER-QUICKTIME-KIOSKMODE" id=
- "FILTER-QUICKTIME-KIOSKMODE"></a></p>
-
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-+filter{quicktime-kioskmode} # Make Quicktime movies saveable.
-</pre>
- </td>
- </tr>
- </table>
-
- <p><a name="FILTER-FUN" id="FILTER-FUN"></a></p>
-
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-+filter{fun} # Text replacements for subversive browsing fun!
-</pre>
- </td>
- </tr>
- </table>
-
- <p><a name="FILTER-CRUDE-PARENTAL" id=
- "FILTER-CRUDE-PARENTAL"></a></p>
-
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-+filter{crude-parental} # Crude parental filtering. Note that this filter doesn't work reliably.
-</pre>
- </td>
- </tr>
- </table>
-
- <p><a name="FILTER-IE-EXPLOITS" id=
- "FILTER-IE-EXPLOITS"></a></p>
-
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-+filter{ie-exploits} # Disable some known Internet Explorer bug exploits.
-</pre>
- </td>
- </tr>
- </table>
-
- <p><a name="FILTER-SITE-SPECIFICS" id=
- "FILTER-SITE-SPECIFICS"></a></p>
-
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-+filter{site-specifics} # Cure for site-specific problems. Don't apply generally!
-</pre>
- </td>
- </tr>
- </table>
-
- <p><a name="FILTER-NO-PING" id="FILTER-NO-PING"></a></p>
-
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-+filter{no-ping} # Removes non-standard ping attributes in <a> and <area> tags.
-</pre>
- </td>
- </tr>
- </table>
-
- <p><a name="FILTER-GOOGLE" id="FILTER-GOOGLE"></a></p>
-
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-+filter{google} # CSS-based block for Google text ads. Also removes a width limitation and the toolbar advertisement.
-</pre>
- </td>
- </tr>
- </table>
-
- <p><a name="FILTER-YAHOO" id="FILTER-YAHOO"></a></p>
-
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-+filter{yahoo} # CSS-based block for Yahoo text ads. Also removes a width limitation.
-</pre>
- </td>
- </tr>
- </table>
-
- <p><a name="FILTER-MSN" id="FILTER-MSN"></a></p>
-
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-+filter{msn} # CSS-based block for MSN text ads. Also removes tracking URLs and a width limitation.
-</pre>
- </td>
- </tr>
- </table>
-
- <p><a name="FILTER-BLOGSPOT" id="FILTER-BLOGSPOT"></a></p>
-
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-+filter{blogspot} # Cleans up some Blogspot blogs. Read the fine print before using this.
-</pre>
- </td>
- </tr>
- </table>
- </dd>
- </dl>
- </div>
- </div>
-
- <div class="SECT3">
- <h4 class="SECT3"><a name="FORCE-TEXT-MODE" id=
- "FORCE-TEXT-MODE">8.5.16. force-text-mode</a></h4>
-
- <div class="VARIABLELIST">
- <dl>
- <dt>Typical use:</dt>
-
- <dd>
- <p>Force <span class="APPLICATION">Privoxy</span> to treat a
- document as if it was in some kind of <span class=
- "emphasis EMPHASIS c2">text</span> format.</p>
- </dd>
-
- <dt>Effect:</dt>
-
- <dd>
- <p>Declares a document as text, even if the <span class=
- "QUOTE">"Content-Type:"</span> isn't detected as such.</p>
- </dd>
-
- <dt>Type:</dt>
-
- <dd>
- <p>Boolean.</p>
- </dd>
-
- <dt>Parameter:</dt>
-
- <dd>
- <p>N/A</p>
- </dd>
-
- <dt>Notes:</dt>
-
- <dd>
- <p>As explained <tt class="LITERAL"><a href=
- "actions-file.html#FILTER">above</a></tt>, <span class=
- "APPLICATION">Privoxy</span> tries to only filter files that
- are in some kind of text format. The same restrictions apply to
- <tt class="LITERAL"><a href=
- "actions-file.html#CONTENT-TYPE-OVERWRITE">content-type-overwrite</a></tt>.
- <tt class="LITERAL">force-text-mode</tt> declares a document as
- text, without looking at the <span class=
- "QUOTE">"Content-Type:"</span> first.</p>
-
- <div class="WARNING">
- <table class="WARNING" border="1" width="90%">
- <tr>
- <td class="c6" align="center">Warning</td>
- </tr>
-
- <tr>
- <td align="left">
- <p>Think twice before activating this action. Filtering
- binary data with regular expressions can cause file
- damage.</p>
- </td>
- </tr>
- </table>
- </div>
- </dd>
-
- <dt>Example usage:</dt>
-
- <dd>
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-+force-text-mode
-
-</pre>
- </td>
- </tr>
- </table>
- </dd>
- </dl>
- </div>
- </div>
-
- <div class="SECT3">
- <h4 class="SECT3"><a name="FORWARD-OVERRIDE" id=
- "FORWARD-OVERRIDE">8.5.17. forward-override</a></h4>
-
- <div class="VARIABLELIST">
- <dl>
- <dt>Typical use:</dt>
-
- <dd>
- <p>Change the forwarding settings based on User-Agent or
- request origin</p>
- </dd>
-
- <dt>Effect:</dt>
-
- <dd>
- <p>Overrules the forward directives in the configuration
- file.</p>
- </dd>
-
- <dt>Type:</dt>
-
- <dd>
- <p>Multi-value.</p>
- </dd>
-
- <dt>Parameter:</dt>
-
- <dd>
- <ul>
- <li>
- <p><span class="QUOTE">"forward ."</span> to use a direct
- connection without any additional proxies.</p>
- </li>
-
- <li>
- <p><span class="QUOTE">"forward 127.0.0.1:8123"</span> to
- use the HTTP proxy listening at 127.0.0.1 port 8123.</p>
- </li>
-
- <li>
- <p><span class="QUOTE">"forward-socks4a 127.0.0.1:9050
- ."</span> to use the socks4a proxy listening at 127.0.0.1
- port 9050. Replace <span class=
- "QUOTE">"forward-socks4a"</span> with <span class=
- "QUOTE">"forward-socks4"</span> to use a socks4 connection
- (with local DNS resolution) instead, use <span class=
- "QUOTE">"forward-socks5"</span> for socks5 connections
- (with remote DNS resolution).</p>
- </li>
-
- <li>
- <p><span class="QUOTE">"forward-socks4a 127.0.0.1:9050
- proxy.example.org:8000"</span> to use the socks4a proxy
- listening at 127.0.0.1 port 9050 to reach the HTTP proxy
- listening at proxy.example.org port 8000. Replace
- <span class="QUOTE">"forward-socks4a"</span> with
- <span class="QUOTE">"forward-socks4"</span> to use a socks4
- connection (with local DNS resolution) instead, use
- <span class="QUOTE">"forward-socks5"</span> for socks5
- connections (with remote DNS resolution).</p>
- </li>
- </ul>
- </dd>
-
- <dt>Notes:</dt>
-
- <dd>
- <p>This action takes parameters similar to the <a href=
- "config.html#FORWARDING">forward</a> directives in the
- configuration file, but without the URL pattern. It can be used
- as replacement, but normally it's only used in cases where
- matching based on the request URL isn't sufficient.</p>
-
- <div class="WARNING">
- <table class="WARNING" border="1" width="90%">
- <tr>
- <td class="c6" align="center">Warning</td>
- </tr>
-
- <tr>
- <td align="left">
- <p>Please read the description for the <a href=
- "config.html#FORWARDING">forward</a> directives before
- using this action. Forwarding to the wrong people will
- reduce your privacy and increase the chances of
- man-in-the-middle attacks.</p>
-
- <p>If the ports are missing or invalid, default values
- will be used. This might change in the future and you
- shouldn't rely on it. Otherwise incorrect syntax causes
- Privoxy to exit.</p>
-
- <p>Use the <a href=
- "http://config.privoxy.org/show-url-info" target=
- "_top">show-url-info CGI page</a> to verify that your
- forward settings do what you thought the do.</p>
- </td>
- </tr>
- </table>
- </div>
- </dd>
-
- <dt>Example usage:</dt>
-
- <dd>
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-# Always use direct connections for requests previously tagged as
-# <span class="QUOTE">"User-Agent: fetch libfetch/2.0"</span> and make sure
-# resuming downloads continues to work.
-# This way you can continue to use Tor for your normal browsing,
-# without overloading the Tor network with your FreeBSD ports updates
-# or downloads of bigger files like ISOs.
-# Note that HTTP headers are easy to fake and therefore their
-# values are as (un)trustworthy as your clients and users.
-{+forward-override{forward .} \
- -hide-if-modified-since \
- -overwrite-last-modified \
-}
-TAG:^User-Agent: fetch libfetch/2\.0$
-
-</pre>
- </td>
- </tr>
- </table>
- </dd>
- </dl>
- </div>
- </div>
-
- <div class="SECT3">
- <h4 class="SECT3"><a name="HANDLE-AS-EMPTY-DOCUMENT" id=
- "HANDLE-AS-EMPTY-DOCUMENT">8.5.18. handle-as-empty-document</a></h4>
-
- <div class="VARIABLELIST">
- <dl>
- <dt>Typical use:</dt>
-
- <dd>
- <p>Mark URLs that should be replaced by empty documents
- <span class="emphasis EMPHASIS c2">if they get
- blocked</span></p>
- </dd>
-
- <dt>Effect:</dt>
-
- <dd>
- <p>This action alone doesn't do anything noticeable. It just
- marks URLs. If the <tt class="LITERAL"><a href=
- "actions-file.html#BLOCK">block</a></tt> action <span class=
- "emphasis EMPHASIS c2">also applies</span>, the presence or
- absence of this mark decides whether an HTML <span class=
- "QUOTE">"BLOCKED"</span> page, or an empty document will be
- sent to the client as a substitute for the blocked content. The
- <span class="emphasis EMPHASIS c2">empty</span> document isn't
- literally empty, but actually contains a single space.</p>
- </dd>
-
- <dt>Type:</dt>
-
- <dd>
- <p>Boolean.</p>
- </dd>
-
- <dt>Parameter:</dt>
-
- <dd>
- <p>N/A</p>
- </dd>
-
- <dt>Notes:</dt>
-
- <dd>
- <p>Some browsers complain about syntax errors if JavaScript
- documents are blocked with <span class=
- "APPLICATION">Privoxy's</span> default HTML page; this option
- can be used to silence them. And of course this action can also
- be used to eliminate the <span class=
- "APPLICATION">Privoxy</span> BLOCKED message in frames.</p>
-
- <p>The content type for the empty document can be specified
- with <tt class="LITERAL"><a href=
- "actions-file.html#CONTENT-TYPE-OVERWRITE">content-type-overwrite{}</a></tt>,
- but usually this isn't necessary.</p>
- </dd>
-
- <dt>Example usage:</dt>
-
- <dd>
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-# Block all documents on example.org that end with ".js",
-# but send an empty document instead of the usual HTML message.
-{+block{Blocked JavaScript} +handle-as-empty-document}
-example.org/.*\.js$
-
-</pre>
- </td>
- </tr>
- </table>
- </dd>
- </dl>
- </div>
- </div>
-
- <div class="SECT3">
- <h4 class="SECT3"><a name="HANDLE-AS-IMAGE" id=
- "HANDLE-AS-IMAGE">8.5.19. handle-as-image</a></h4>
-
- <div class="VARIABLELIST">
- <dl>
- <dt>Typical use:</dt>
-
- <dd>
- <p>Mark URLs as belonging to images (so they'll be replaced by
- images <span class="emphasis EMPHASIS c2">if they do get
- blocked</span>, rather than HTML pages)</p>
- </dd>
-
- <dt>Effect:</dt>
-
- <dd>
- <p>This action alone doesn't do anything noticeable. It just
- marks URLs as images. If the <tt class="LITERAL"><a href=
- "actions-file.html#BLOCK">block</a></tt> action <span class=
- "emphasis EMPHASIS c2">also applies</span>, the presence or
- absence of this mark decides whether an HTML <span class=
- "QUOTE">"blocked"</span> page, or a replacement image (as
- determined by the <tt class="LITERAL"><a href=
- "actions-file.html#SET-IMAGE-BLOCKER">set-image-blocker</a></tt>
- action) will be sent to the client as a substitute for the
- blocked content.</p>
- </dd>
-
- <dt>Type:</dt>
-
- <dd>
- <p>Boolean.</p>
- </dd>
-
- <dt>Parameter:</dt>
-
- <dd>
- <p>N/A</p>
- </dd>
-
- <dt>Notes:</dt>
-
- <dd>
- <p>The below generic example section is actually part of
- <tt class="FILENAME">default.action</tt>. It marks all URLs
- with well-known image file name extensions as images and should
- be left intact.</p>
-
- <p>Users will probably only want to use the handle-as-image
- action in conjunction with <tt class="LITERAL"><a href=
- "actions-file.html#BLOCK">block</a></tt>, to block sources of
- banners, whose URLs don't reflect the file type, like in the
- second example section.</p>
-
- <p>Note that you cannot treat HTML pages as images in most
- cases. For instance, (in-line) ad frames require an HTML page
- to be sent, or they won't display properly. Forcing <tt class=
- "LITERAL">handle-as-image</tt> in this situation will not
- replace the ad frame with an image, but lead to error
- messages.</p>
- </dd>
-
- <dt>Example usage (sections):</dt>
-
- <dd>
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-# Generic image extensions:
-#
-{+handle-as-image}
-/.*\.(gif|jpg|jpeg|png|bmp|ico)$
-
-# These don't look like images, but they're banners and should be
-# blocked as images:
-#
-{+block{Nasty banners.} +handle-as-image}
-nasty-banner-server.example.com/junk.cgi\?output=trash
-</pre>
- </td>
- </tr>
- </table>
- </dd>
- </dl>
- </div>
- </div>
-
- <div class="SECT3">
- <h4 class="SECT3"><a name="HIDE-ACCEPT-LANGUAGE" id=
- "HIDE-ACCEPT-LANGUAGE">8.5.20. hide-accept-language</a></h4>
-
- <div class="VARIABLELIST">
- <dl>
- <dt>Typical use:</dt>
-
- <dd>
- <p>Pretend to use different language settings.</p>
- </dd>
-
- <dt>Effect:</dt>
-
- <dd>
- <p>Deletes or replaces the <span class=
- "QUOTE">"Accept-Language:"</span> HTTP header in client
- requests.</p>
- </dd>
-
- <dt>Type:</dt>
-
- <dd>
- <p>Parameterized.</p>
- </dd>
-
- <dt>Parameter:</dt>
-
- <dd>
- <p>Keyword: <span class="QUOTE">"block"</span>, or any user
- defined value.</p>
- </dd>
-
- <dt>Notes:</dt>
-
- <dd>
- <p>Faking the browser's language settings can be useful to make
- a foreign User-Agent set with <tt class="LITERAL"><a href=
- "actions-file.html#HIDE-USER-AGENT">hide-user-agent</a></tt>
- more believable.</p>
-
- <p>However some sites with content in different languages check
- the <span class="QUOTE">"Accept-Language:"</span> to decide
- which one to take by default. Sometimes it isn't possible to
- later switch to another language without changing the
- <span class="QUOTE">"Accept-Language:"</span> header first.</p>
-
- <p>Therefore it's a good idea to either only change the
- <span class="QUOTE">"Accept-Language:"</span> header to
- languages you understand, or to languages that aren't wide
- spread.</p>
-
- <p>Before setting the <span class=
- "QUOTE">"Accept-Language:"</span> header to a rare language,
- you should consider that it helps to make your requests unique
- and thus easier to trace. If you don't plan to change this
- header frequently, you should stick to a common language.</p>
- </dd>
-
- <dt>Example usage (section):</dt>
-
- <dd>
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-# Pretend to use Canadian language settings.
-{+hide-accept-language{en-ca} \
-+hide-user-agent{Mozilla/5.0 (X11; U; OpenBSD i386; en-CA; rv:1.8.0.4) Gecko/20060628 Firefox/1.5.0.4} \
-}
-/
-</pre>
- </td>
- </tr>
- </table>
- </dd>
- </dl>
- </div>
- </div>
-
- <div class="SECT3">
- <h4 class="SECT3"><a name="HIDE-CONTENT-DISPOSITION" id=
- "HIDE-CONTENT-DISPOSITION">8.5.21. hide-content-disposition</a></h4>
-
- <div class="VARIABLELIST">
- <dl>
- <dt>Typical use:</dt>
-
- <dd>
- <p>Prevent download menus for content you prefer to view inside
- the browser.</p>
- </dd>
-
- <dt>Effect:</dt>
-
- <dd>
- <p>Deletes or replaces the <span class=
- "QUOTE">"Content-Disposition:"</span> HTTP header set by some
- servers.</p>
- </dd>
-
- <dt>Type:</dt>
-
- <dd>
- <p>Parameterized.</p>
- </dd>
-
- <dt>Parameter:</dt>
-
- <dd>
- <p>Keyword: <span class="QUOTE">"block"</span>, or any user
- defined value.</p>
- </dd>
-
- <dt>Notes:</dt>
-
- <dd>
- <p>Some servers set the <span class=
- "QUOTE">"Content-Disposition:"</span> HTTP header for documents
- they assume you want to save locally before viewing them. The
- <span class="QUOTE">"Content-Disposition:"</span> header
- contains the file name the browser is supposed to use by
- default.</p>
-
- <p>In most browsers that understand this header, it makes it
- impossible to <span class="emphasis EMPHASIS c2">just
- view</span> the document, without downloading it first, even if
- it's just a simple text file or an image.</p>
-
- <p>Removing the <span class=
- "QUOTE">"Content-Disposition:"</span> header helps to prevent
- this annoyance, but some browsers additionally check the
- <span class="QUOTE">"Content-Type:"</span> header, before they
- decide if they can display a document without saving it first.
- In these cases, you have to change this header as well, before
- the browser stops displaying download menus.</p>
-
- <p>It is also possible to change the server's file name
- suggestion to another one, but in most cases it isn't worth the
- time to set it up.</p>
-
- <p>This action will probably be removed in the future, use
- server-header filters instead.</p>
- </dd>
-
- <dt>Example usage:</dt>
-
- <dd>
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-# Disarm the download link in Sourceforge's patch tracker
-{ -filter \
- +content-type-overwrite{text/plain}\
- +hide-content-disposition{block} }
- .sourceforge.net/tracker/download\.php
-</pre>
- </td>
- </tr>
- </table>
- </dd>
- </dl>
- </div>
- </div>
-
- <div class="SECT3">
- <h4 class="SECT3"><a name="HIDE-IF-MODIFIED-SINCE" id=
- "HIDE-IF-MODIFIED-SINCE">8.5.22. hide-if-modified-since</a></h4>
-
- <div class="VARIABLELIST">
- <dl>
- <dt>Typical use:</dt>
-
- <dd>
- <p>Prevent yet another way to track the user's steps between
- sessions.</p>
- </dd>
-
- <dt>Effect:</dt>
-
- <dd>
- <p>Deletes the <span class="QUOTE">"If-Modified-Since:"</span>
- HTTP client header or modifies its value.</p>
- </dd>
-
- <dt>Type:</dt>
-
- <dd>
- <p>Parameterized.</p>
- </dd>
-
- <dt>Parameter:</dt>
-
- <dd>
- <p>Keyword: <span class="QUOTE">"block"</span>, or a user
- defined value that specifies a range of hours.</p>
- </dd>
-
- <dt>Notes:</dt>
-
- <dd>
- <p>Removing this header is useful for filter testing, where you
- want to force a real reload instead of getting status code
- <span class="QUOTE">"304"</span>, which would cause the browser
- to use a cached copy of the page.</p>
-
- <p>Instead of removing the header, <tt class=
- "LITERAL">hide-if-modified-since</tt> can also add or subtract
- a random amount of time to/from the header's value. You specify
- a range of minutes where the random factor should be chosen
- from and <span class="APPLICATION">Privoxy</span> does the
- rest. A negative value means subtracting, a positive value
- adding.</p>
-
- <p>Randomizing the value of the <span class=
- "QUOTE">"If-Modified-Since:"</span> makes it less likely that
- the server can use the time as a cookie replacement, but you
- will run into caching problems if the random range is too
- high.</p>
-
- <p>It is a good idea to only use a small negative value and let
- <tt class="LITERAL"><a href=
- "actions-file.html#OVERWRITE-LAST-MODIFIED">overwrite-last-modified</a></tt>
- handle the greater changes.</p>
-
- <p>It is also recommended to use this action together with
- <tt class="LITERAL"><a href=
- "actions-file.html#CRUNCH-IF-NONE-MATCH">crunch-if-none-match</a></tt>,
- otherwise it's more or less pointless.</p>
- </dd>
-
- <dt>Example usage (section):</dt>
-
- <dd>
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-# Let the browser revalidate but make tracking based on the time less likely.
-{+hide-if-modified-since{-60} \
- +overwrite-last-modified{randomize} \
- +crunch-if-none-match}
-/
-</pre>
- </td>
- </tr>
- </table>
- </dd>
- </dl>
- </div>
- </div>
-
- <div class="SECT3">
- <h4 class="SECT3"><a name="HIDE-FROM-HEADER" id=
- "HIDE-FROM-HEADER">8.5.23. hide-from-header</a></h4>
-
- <div class="VARIABLELIST">
- <dl>
- <dt>Typical use:</dt>
-
- <dd>
- <p>Keep your (old and ill) browser from telling web servers
- your email address</p>
- </dd>
-
- <dt>Effect:</dt>
-
- <dd>
- <p>Deletes any existing <span class="QUOTE">"From:"</span> HTTP
- header, or replaces it with the specified string.</p>
- </dd>
-
- <dt>Type:</dt>
-
- <dd>
- <p>Parameterized.</p>
- </dd>
-
- <dt>Parameter:</dt>
-
- <dd>
- <p>Keyword: <span class="QUOTE">"block"</span>, or any user
- defined value.</p>
- </dd>
-
- <dt>Notes:</dt>
-
- <dd>
- <p>The keyword <span class="QUOTE">"block"</span> will
- completely remove the header (not to be confused with the
- <tt class="LITERAL"><a href=
- "actions-file.html#BLOCK">block</a></tt> action).</p>
-
- <p>Alternately, you can specify any value you prefer to be sent
- to the web server. If you do, it is a matter of fairness not to
- use any address that is actually used by a real person.</p>
-
- <p>This action is rarely needed, as modern web browsers don't
- send <span class="QUOTE">"From:"</span> headers anymore.</p>
- </dd>
-
- <dt>Example usage:</dt>
-
- <dd>
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-+hide-from-header{block}
-</pre>
- </td>
- </tr>
- </table>or
-
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-+hide-from-header{spam-me-senseless@sittingduck.example.com}
-</pre>
- </td>
- </tr>
- </table>
- </dd>
- </dl>
- </div>
- </div>
-
- <div class="SECT3">
- <h4 class="SECT3"><a name="HIDE-REFERRER" id="HIDE-REFERRER">8.5.24.
- hide-referrer</a></h4><a name="HIDE-REFERER" id="HIDE-REFERER"></a>
-
- <div class="VARIABLELIST">
- <dl>
- <dt>Typical use:</dt>
-
- <dd>
- <p>Conceal which link you followed to get to a particular
- site</p>
- </dd>
-
- <dt>Effect:</dt>
-
- <dd>
- <p>Deletes the <span class="QUOTE">"Referer:"</span> (sic) HTTP
- header from the client request, or replaces it with a forged
- one.</p>
- </dd>
-
- <dt>Type:</dt>
-
- <dd>
- <p>Parameterized.</p>
- </dd>
-
- <dt>Parameter:</dt>
-
- <dd>
- <ul>
- <li>
- <p><span class="QUOTE">"conditional-block"</span> to delete
- the header completely if the host has changed.</p>
- </li>
-
- <li>
- <p><span class="QUOTE">"conditional-forge"</span> to forge
- the header if the host has changed.</p>
- </li>
-
- <li>
- <p><span class="QUOTE">"block"</span> to delete the header
- unconditionally.</p>
- </li>
-
- <li>
- <p><span class="QUOTE">"forge"</span> to pretend to be
- coming from the homepage of the server we are talking
- to.</p>
- </li>
-
- <li>
- <p>Any other string to set a user defined referrer.</p>
- </li>
- </ul>
- </dd>
-
- <dt>Notes:</dt>
-
- <dd>
- <p><tt class="LITERAL">conditional-block</tt> is the only
- parameter, that isn't easily detected in the server's log file.
- If it blocks the referrer, the request will look like the
- visitor used a bookmark or typed in the address directly.</p>
-
- <p>Leaving the referrer unmodified for requests on the same
- host allows the server owner to see the visitor's <span class=
- "QUOTE">"click path"</span>, but in most cases she could also
- get that information by comparing other parts of the log file:
- for example the User-Agent if it isn't a very common one, or
- the user's IP address if it doesn't change between different
- requests.</p>
-
- <p>Always blocking the referrer, or using a custom one, can
- lead to failures on servers that check the referrer before they
- answer any requests, in an attempt to prevent their content
- from being embedded or linked to elsewhere.</p>
-
- <p>Both <tt class="LITERAL">conditional-block</tt> and
- <tt class="LITERAL">forge</tt> will work with referrer checks,
- as long as content and valid referring page are on the same
- host. Most of the time that's the case.</p>
-
- <p><tt class="LITERAL">hide-referer</tt> is an alternate
- spelling of <tt class="LITERAL">hide-referrer</tt> and the two
- can be can be freely substituted with each other. (<span class=
- "QUOTE">"referrer"</span> is the correct English spelling,
- however the HTTP specification has a bug - it requires it to be
- spelled as <span class="QUOTE">"referer"</span>.)</p>
- </dd>
-
- <dt>Example usage:</dt>
-
- <dd>
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-+hide-referrer{forge}
-</pre>
- </td>
- </tr>
- </table>or
-
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-+hide-referrer{http://www.yahoo.com/}
-</pre>
- </td>
- </tr>
- </table>
- </dd>
- </dl>
- </div>
- </div>
-
- <div class="SECT3">
- <h4 class="SECT3"><a name="HIDE-USER-AGENT" id=
- "HIDE-USER-AGENT">8.5.25. hide-user-agent</a></h4>
-
- <div class="VARIABLELIST">
- <dl>
- <dt>Typical use:</dt>
-
- <dd>
- <p>Try to conceal your type of browser and client operating
- system</p>
- </dd>
-
- <dt>Effect:</dt>
-
- <dd>
- <p>Replaces the value of the <span class=
- "QUOTE">"User-Agent:"</span> HTTP header in client requests
- with the specified value.</p>
- </dd>
-
- <dt>Type:</dt>
-
- <dd>
- <p>Parameterized.</p>
- </dd>
-
- <dt>Parameter:</dt>
-
- <dd>
- <p>Any user-defined string.</p>
- </dd>
-
- <dt>Notes:</dt>
-
- <dd>
- <div class="WARNING">
- <table class="WARNING" border="1" width="90%">
- <tr>
- <td class="c6" align="center">Warning</td>
- </tr>
-
- <tr>
- <td align="left">
- <p>This can lead to problems on web sites that depend
- on looking at this header in order to customize their
- content for different browsers (which, by the way, is
- <span class="emphasis EMPHASIS c2">NOT</span> the right
- thing to do: good web sites work
- browser-independently).</p>
- </td>
- </tr>
- </table>
- </div>
-
- <p>Using this action in multi-user setups or wherever different
- types of browsers will access the same <span class=
- "APPLICATION">Privoxy</span> is <span class=
- "emphasis EMPHASIS c2">not recommended</span>. In single-user,
- single-browser setups, you might use it to delete your OS
- version information from the headers, because it is an
- invitation to exploit known bugs for your OS. It is also
- occasionally useful to forge this in order to access sites that
- won't let you in otherwise (though there may be a good reason
- in some cases).</p>
-
- <p>More information on known user-agent strings can be found at
- <a href="http://www.user-agents.org/" target=
- "_top">http://www.user-agents.org/</a> and <a href=
- "http://en.wikipedia.org/wiki/User_agent" target=
- "_top">http://en.wikipedia.org/wiki/User_agent</a>.</p>
- </dd>
-
- <dt>Example usage:</dt>
-
- <dd>
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-+hide-user-agent{Netscape 6.1 (X11; I; Linux 2.4.18 i686)}
-</pre>
- </td>
- </tr>
- </table>
- </dd>
- </dl>
- </div>
- </div>
-
- <div class="SECT3">
- <h4 class="SECT3"><a name="LIMIT-CONNECT" id="LIMIT-CONNECT">8.5.26.
- limit-connect</a></h4>
-
- <div class="VARIABLELIST">
- <dl>
- <dt>Typical use:</dt>
-
- <dd>
- <p>Prevent abuse of <span class="APPLICATION">Privoxy</span> as
- a TCP proxy relay or disable SSL for untrusted sites</p>
- </dd>
-
- <dt>Effect:</dt>
-
- <dd>
- <p>Specifies to which ports HTTP CONNECT requests are
- allowable.</p>
- </dd>
-
- <dt>Type:</dt>
-
- <dd>
- <p>Parameterized.</p>
- </dd>
-
- <dt>Parameter:</dt>
-
- <dd>
- <p>A comma-separated list of ports or port ranges (the latter
- using dashes, with the minimum defaulting to 0 and the maximum
- to 65K).</p>
- </dd>
-
- <dt>Notes:</dt>
-
- <dd>
- <p>By default, i.e. if no <tt class=
- "LITERAL">limit-connect</tt> action applies, <span class=
- "APPLICATION">Privoxy</span> allows HTTP CONNECT requests to
- all ports. Use <tt class="LITERAL">limit-connect</tt> if
- fine-grained control is desired for some or all
- destinations.</p>
-
- <p>The CONNECT methods exists in HTTP to allow access to secure
- websites (<span class="QUOTE">"https://"</span> URLs) through
- proxies. It works very simply: the proxy connects to the server
- on the specified port, and then short-circuits its connections
- to the client and to the remote server. This means
- CONNECT-enabled proxies can be used as TCP relays very
- easily.</p>
-
- <p><span class="APPLICATION">Privoxy</span> relays HTTPS
- traffic without seeing the decoded content. Websites can
- leverage this limitation to circumvent <span class=
- "APPLICATION">Privoxy</span>'s filters. By specifying an
- invalid port range you can disable HTTPS entirely.</p>
- </dd>
-
- <dt>Example usages:</dt>
-
- <dd>
- <table class="c4" border="0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">
-+limit-connect{443} # Port 443 is OK.
-+limit-connect{80,443} # Ports 80 and 443 are OK.
-+limit-connect{-3, 7, 20-100, 500-} # Ports less than 3, 7, 20 to 100 and above 500 are OK.
-+limit-connect{-} # All ports are OK
-+limit-connect{,} # No HTTPS/SSL traffic is allowed
-</pre>
- </td>
- </tr>
- </table>
- </dd>
- </dl>
- </div>
- </div>
-
- <div class="SECT3">
- <h4 class="SECT3"><a name="PREVENT-COMPRESSION" id=
- "PREVENT-COMPRESSION">8.5.27. prevent-compression</a></h4>
-
- <div class="VARIABLELIST">
- <dl>
- <dt>Typical use:</dt>
-
- <dd>
- <p>Ensure that servers send the content uncompressed, so it can
- be passed through <tt class="LITERAL"><a href=
- "actions-file.html#FILTER">filter</a></tt>s.</p>
- </dd>
-
- <dt>Effect:</dt>
-
- <dd>
- <p>Removes the Accept-Encoding header which can be used to ask
- for compressed transfer.</p>
- </dd>
-
- <dt>Type:</dt>
-
- <dd>
- <p>Boolean.</p>
- </dd>
-
- <dt>Parameter:</dt>
-
- <dd>
- <p>N/A</p>
- </dd>
-
- <dt>Notes:</dt>
-
- <dd>
- <p>More and more websites send their content compressed by
- default, which is generally a good idea and saves bandwidth.
- But the <tt class="LITERAL"><a href=
- "actions-file.html#FILTER">filter</a></tt> and <tt class=
- "LITERAL"><a href=
- "actions-file.html#DEANIMATE-GIFS">deanimate-gifs</a></tt>
- actions need access to the uncompressed data.</p>
-
- <p>When compiled with zlib support (available since
- <span class="APPLICATION">Privoxy</span> 3.0.7), content that
- should be filtered is decompressed on-the-fly and you don't
- have to worry about this action. If you are using an older
- <span class="APPLICATION">Privoxy</span> version, or one that
- hasn't been compiled with zlib support, this action can be used
- to convince the server to send the content uncompressed.</p>