#
# File : $Source: /cvsroot/ijbswa/current/default.action.master,v $
#
-# $Id: default.action.master,v 1.160 2009/01/13 16:44:32 fabiankeil Exp $
+# $Id: default.action.master,v 1.163 2009/02/09 18:39:08 fabiankeil Exp $
#
# Requires : This version requires Privoxy v3.0.11 or later due to
# syntax changes.
#
# Purpose : Default actions file, see
# http://www.privoxy.org/user-manual/actions-file.html.
-# This file is subject to periodic updating. Local exceptions
-# and enhancements are better placed in user.action.
+# This file is subject to periodic updating. It is
+# not supposed to be edited by the user. Local exceptions
+# and enhancements are better placed in user.action,
+# the match-all section has been moved to match-all.action.
#
# Copyright : Written by and Copyright (C) 2001-2009 the
# Privoxy team. http://www.privoxy.org/
# (Don't change the version number from 1.0 - after all, why tell them?)
#
# +limit-connect{portlist}
-# The CONNECT methods exists in HTTP to allow access to secure websites
-# (https:// URLs) through proxies. It works very simply: The proxy
-# connects to the server on the specified port, and then short-circuits
-# its connections to the client and to the remote proxy.
-# This can be a big security hole, since CONNECT-enabled proxies can
-# be abused as TCP relays very easily.
-# By default, i.e. in the absence of a +limit-connect action, Privoxy
-# will only allow CONNECT requests to port 443, which is the standard port
-# for https.
-# If you want to allow CONNECT for more ports than that, or want to forbid
-# CONNECT altogether, you can specify a comma separated list of ports and port
-# ranges (the latter using dashes, with the minimum defaulting to 0 and max to 65K):
-#
-# +limit-connect{443} # This is the default and need no be specified.
-# +limit-connect{80,443} # Ports 80 and 443 are OK.
-# +limit-connect{-3, 7, 20-100, 500-} # Port less than 3, 7, 20 to 100, and above 500 are OK.
+#
+# By default, i.e. if no limit-connect action applies, Privoxy
+# allows HTTP CONNECT requests to all ports. Use limit-connect
+# if fine-grained control is desired for some or all destinations.
+# The CONNECT methods exists in HTTP to allow access to secure websites
+# ("https://" URLs) through proxies. It works very simply: the proxy
+# connects to the server on the specified port, and then short-circuits
+# its connections to the client and to the remote server. This means
+# CONNECT-enabled proxies can be used as TCP relays very easily. Privoxy
+# relays HTTPS traffic without seeing the decoded content. Websites can
+# leverage this limitation to circumvent Privoxy's filters. By specifying
+# an invalid port range you can disable HTTPS entirely.
+#
+# +limit-connect{443} # Only port 443 is OK.
+# +limit-connect{80,443} # Ports 80 and 443 are OK.
+# +limit-connect{-3, 7, 20-100, 500-} # Ports less than 3, 7, 20 to 100 and above 500 are OK.
+# +limit-connect{-} # All ports are OK
+# +limit-connect{,} # No HTTPS/SSL traffic is allowed
#
# +overwrite-last-modified{block}
# +overwrite-last-modified{reset-to-request-time}
#
allow-ads = -block -filter{banners-by-size} -filter{banners-by-link}
-#############################################################################
-# Defaults
-#############################################################################
-{ \
-+change-x-forwarded-for{block} \
-+hide-from-header{block} \
-+set-image-blocker{pattern} \
-}
-/ # Match all URLs
-
################
#
# Cautious settings -- safe for all sites, but offer little privacy protection
projects / privoxy.git / blobdiff