X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=doc%2Fwebserver%2Fuser-manual%2Factions-file.html;h=d1b65672b3f35ae9c25a3066afee8c9bf4155f50;hb=6893b3088dd5c7513f1d23428f4946274be46a0f;hp=90b6dd8f5a67c69260037e5b2dfca663368421cb;hpb=1020bde33b499928eb1be70c782422703eeb0e64;p=privoxy.git diff --git a/doc/webserver/user-manual/actions-file.html b/doc/webserver/user-manual/actions-file.html index 90b6dd8f..d1b65672 100644 --- a/doc/webserver/user-manual/actions-file.html +++ b/doc/webserver/user-manual/actions-file.html @@ -73,7 +73,7 @@
The default profiles, and their associated actions, as pre-defined in default.action are:
Table 1. Default Configurations
- {+enable-https-filtering} -www.example.com- |
-
To detect a redirection URL, fast-redirects only looks for the string "http://", either in plain text (invalid but often used) or encoded as "http%3a//". Some sites use their own URL encoding scheme, encrypt the address - of the target server or replace it with a database id. In theses cases fast-redirects is fooled and the request reaches the redirection server where it probably gets logged.
@@ -1589,7 +1549,7 @@ www.example.comFilter encrypted requests and responses
+Encrypted requests are decrypted, filtered and forwarded encrypted.
+Boolean.
+N/A
+This action allows Privoxy to filter encrypted requests and + responses. For this to work Privoxy has to generate a certificate and + send it to the client which has to accept it.
+Before this works the directives in the TLS section of the config file have to be configured.
+Note that the action has to be enabled based on the CONNECT request which doesn't contain a path. + Enabling it based on a pattern with path doesn't work as the path is only seen by Privoxy if the action is already enabled.
+
+ {+https-inspection} +www.example.com+ |
+
When the "+enable-https-filtering" action is used Privoxy by - default verifies that the remote site uses a valid certificate.
-If the certificate is invalid the connection is aborted.
-This action disabled the certificate check allowing requests to sites with invalid certificates.
+When the "+https-inspection" action is used Privoxy by default + verifies that the remote site uses a valid certificate.
+If the certificate can't be validated by Privoxy the connection is + aborted.
+This action disables the certificate check so requests to sites with certificates that can't be + validated are allowed.
+Note that enabling this action allows Man-in-the-middle attacks.
Note that some (rare) ill-configured sites don't handle requests for uncompressed documents correctly. Broken PHP applications tend to send an empty document body, some IIS versions only send the beginning of - the content. If you enable prevent-compression per default, you might want to - add exceptions for those sites. See the example for how to do that.
+ the content and some content delivery networks let the connection time out. If you enable prevent-compression per default, you might want to add exceptions for those sites. See the + example for how to do that.