+</sect2>
+
+<sect2 id="misc">
+<title>Miscellaneous</title>
+
+<sect3 renderas="sect4" id="accept-intercepted-requests"><title>accept-intercepted-requests</title>
+<variablelist>
+ <varlistentry>
+ <term>Specifies:</term>
+ <listitem>
+ <para>
+ Whether intercepted requests should be treated as valid.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Type of value:</term>
+ <listitem>
+ <para>
+ <replaceable>0 or 1</replaceable>
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Default value:</term>
+ <listitem>
+ <para><emphasis>0</emphasis></para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Effect if unset:</term>
+ <listitem>
+ <para>
+ Only proxy requests are accepted, intercepted requests are treated as invalid.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ If you don't trust your clients and want to force them
+ to use <application>Privoxy</application>, enable this
+ option and configure your packet filter to redirect outgoing
+ HTTP connections into <application>Privoxy</application>.
+ </para>
+ <para>
+ Make sure that <application>Privoxy's</application> own requests
+ aren't redirected as well. Additionally take care that
+ <application>Privoxy</application> can't intentionally connect
+ to itself, otherwise you could run into redirection loops if
+ <application>Privoxy's</application> listening port is reachable
+ by the outside or an attacker has access to the pages you visit.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Examples:</term>
+ <listitem>
+ <para>
+ accept-intercepted-requests 1
+ </para>
+ </listitem>
+ </varlistentry>
+</variablelist>
+<![%config-file;[<literallayout>@@accept-intercepted-requests 0</literallayout>]]>
+</sect3>
+
+<sect3 renderas="sect4" id="allow-cgi-request-crunching"><title>allow-cgi-request-crunching</title>
+<variablelist>
+ <varlistentry>
+ <term>Specifies:</term>
+ <listitem>
+ <para>
+ Whether requests to <application>Privoxy's</application> CGI pages can be blocked or redirected.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Type of value:</term>
+ <listitem>
+ <para>
+ <replaceable>0 or 1</replaceable>
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Default value:</term>
+ <listitem>
+ <para><emphasis>0</emphasis></para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Effect if unset:</term>
+ <listitem>
+ <para>
+ <application>Privoxy</application> ignores block and redirect actions for its CGI pages.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ By default <application>Privoxy</application> ignores block or redirect actions
+ for its CGI pages. Intercepting these requests can be useful in multi-user
+ setups to implement fine-grained access control, but it can also render the complete
+ web interface useless and make debugging problems painful if done without care.
+ </para>
+ <para>
+ Don't enable this option unless you're sure that you really need it.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Examples:</term>
+ <listitem>
+ <para>
+ allow-cgi-request-crunching 1
+ </para>
+ </listitem>
+ </varlistentry>
+</variablelist>
+<![%config-file;[<literallayout>@@allow-cgi-request-crunching 0</literallayout>]]>
+</sect3>
+
+<sect3 renderas="sect4" id="split-large-forms"><title>split-large-forms</title>
+<variablelist>
+ <varlistentry>
+ <term>Specifies:</term>
+ <listitem>
+ <para>
+ Whether the CGI interface should stay compatible with broken HTTP clients.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Type of value:</term>
+ <listitem>
+ <para>
+ <replaceable>0 or 1</replaceable>
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Default value:</term>
+ <listitem>
+ <para><emphasis>0</emphasis></para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Effect if unset:</term>
+ <listitem>
+ <para>
+ The CGI form generate long GET URLs.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ <application>Privoxy's</application> CGI forms can lead to
+ rather long URLs. This isn't a problem as far as the HTTP
+ standard is concerned, but it can confuse clients with arbitrary
+ URL length limitations.
+ </para>
+ <para>
+ Enabling split-large-forms causes <application>Privoxy</application>
+ to divide big forms into smaller ones to keep the URL length down.
+ It makes editing a lot less convenient and you can no longer
+ submit all changes at once, but at least it works around this
+ browser bug.
+ </para>
+ <para>
+ If you don't notice any editing problems, there is no reason
+ to enable this option, but if one of the submit buttons appears
+ to be broken, you should give it a try.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Examples:</term>
+ <listitem>
+ <para>
+ split-large-forms 1
+ </para>
+ </listitem>
+ </varlistentry>
+</variablelist>
+<![%config-file;[<literallayout>@@split-large-forms 0</literallayout>]]>
+</sect3>
+
+<sect3 renderas="sect4" id="keep-alive-timeout"><title>keep-alive-timeout</title>
+<variablelist>
+ <varlistentry>
+ <term>Specifies:</term>
+ <listitem>
+ <para>
+ Number of seconds after which an open connection will no longer be reused.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Type of value:</term>
+ <listitem>
+ <para>
+ <replaceable>Time in seconds.</replaceable>
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Default value:</term>
+ <listitem>
+ <para>None</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Effect if unset:</term>
+ <listitem>
+ <para>
+ Connections are not kept alive.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ This option allows clients to keep the connection to &my-app;
+ alive. If the server supports it, &my-app; will keep
+ the connection to the server alive as well. Under certain
+ circumstances this may result in speed-ups.
+ </para>
+ <para>
+ By default, &my-app; will close the connection to the server if
+ the client connection gets closed, or if the specified timeout
+ has been reached without a new request coming in. This behaviour
+ can be changed with the <ulink
+ url="#CONNECTION-SHARING">connection-sharing</ulink> option.
+ </para>
+ <para>
+ This option has no effect if <application>Privoxy</application>
+ has been compiled without keep-alive support.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Examples:</term>
+ <listitem>
+ <para>
+ keep-alive-timeout 300
+ </para>
+ </listitem>
+ </varlistentry>
+</variablelist>
+<![%config-file;[<literallayout>@@keep-alive-timeout 300</literallayout>]]>
+</sect3>
+
+
+<sect3 renderas="sect4" id="default-server-timeout"><title>default-server-timeout</title>
+<variablelist>
+ <varlistentry>
+ <term>Specifies:</term>
+ <listitem>
+ <para>
+ Assumed server-side keep-alive timeout if not specified by the server.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Type of value:</term>
+ <listitem>
+ <para>
+ <replaceable>Time in seconds.</replaceable>
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Default value:</term>
+ <listitem>
+ <para>None</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Effect if unset:</term>
+ <listitem>
+ <para>
+ Connections for which the server didn't specify the keep-alive
+ timeout are not reused.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ Enabling this option significantly increases the number of connections
+ that are reused, provided the <ulink
+ url="#KEEP-ALIVE-TIMEOUT">keep-alive-timeout</ulink> option
+ is also enabled.
+ </para>
+ <para>
+ While it also increases the number of connections problems
+ when &my-app; tries to reuse a connection that already has
+ been closed on the server side, or is closed while &my-app;
+ is trying to reuse it, this should only be a problem if it
+ happens for the first request sent by the client. If it happens
+ for requests on reused client connections, &my-app; will simply
+ close the connection and the client is supposed to retry the
+ request without bothering the user.
+ </para>
+ <para>
+ Enabling this option is therefore only recommended if the
+ <ulink
+ url="#CONNECTION-SHARING">connection-sharing</ulink> option
+ is disabled.
+ </para>
+ <para>
+ It is an error to specify a value larger than the <ulink
+ url="#KEEP-ALIVE-TIMEOUT">keep-alive-timeout</ulink> value.
+ </para>
+ <para>
+ This option has no effect if <application>Privoxy</application>
+ has been compiled without keep-alive support.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Examples:</term>
+ <listitem>
+ <para>
+ default-server-timeout 60
+ </para>
+ </listitem>
+ </varlistentry>
+</variablelist>
+<![%config-file;[<literallayout>@@#default-server-timeout 60</literallayout>]]>
+</sect3>
+
+
+<sect3 renderas="sect4" id="connection-sharing"><title>connection-sharing</title>
+<variablelist>
+ <varlistentry>
+ <term>Specifies:</term>
+ <listitem>
+ <para>
+ Whether or not outgoing connections that have been kept alive
+ should be shared between different incoming connections.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Type of value:</term>
+ <listitem>
+ <para>
+ <replaceable>0 or 1</replaceable>
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Default value:</term>
+ <listitem>
+ <para>None</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Effect if unset:</term>
+ <listitem>
+ <para>
+ Connections are not shared.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ This option has no effect if <application>Privoxy</application>
+ has been compiled without keep-alive support, or if it's disabled.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ Note that reusing connections doesn't necessary cause speedups.
+ There are also a few privacy implications you should be aware of.
+ </para>
+ <para>
+ If this option is effective, outgoing connections are shared between
+ clients (if there are more than one) and closing the browser that initiated
+ the outgoing connection does no longer affect the connection between &my-app;
+ and the server unless the client's request hasn't been completed yet.
+ </para>
+ <para>
+ If the outgoing connection is idle, it will not be closed until either
+ <application>Privoxy's</application> or the server's timeout is reached.
+ While it's open, the server knows that the system running &my-app; is still
+ there.
+ </para>
+ <para>
+ If there are more than one client (maybe even belonging to multiple users),
+ they will be able to reuse each others connections. This is potentially
+ dangerous in case of authentication schemes like NTLM where only the
+ connection is authenticated, instead of requiring authentication for
+ each request.
+ </para>
+ <para>
+ If there is only a single client, and if said client can keep connections
+ alive on its own, enabling this option has next to no effect. If the client
+ doesn't support connection keep-alive, enabling this option may make sense
+ as it allows &my-app; to keep outgoing connections alive even if the client
+ itself doesn't support it.
+ </para>
+ <para>
+ You should also be aware that enabling this option increases the likelihood
+ of getting the "No server or forwarder data" error message, especially if you
+ are using a slow connection to the Internet.
+ </para>
+ <para>
+ This option should only be used by experienced users who
+ understand the risks and can weight them against the benefits.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Examples:</term>
+ <listitem>
+ <para>
+ connection-sharing 1
+ </para>
+ </listitem>
+ </varlistentry>
+</variablelist>
+<![%config-file;[<literallayout>@@#connection-sharing 1</literallayout>]]>
+</sect3>
+
+
+<sect3 renderas="sect4" id="socket-timeout"><title>socket-timeout</title>
+<variablelist>
+ <varlistentry>
+ <term>Specifies:</term>
+ <listitem>
+ <para>
+ Number of seconds after which a socket times out if
+ no data is received.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Type of value:</term>
+ <listitem>
+ <para>
+ <replaceable>Time in seconds.</replaceable>
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Default value:</term>
+ <listitem>
+ <para>None</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Effect if unset:</term>
+ <listitem>
+ <para>
+ A default value of 300 seconds is used.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ For SOCKS requests the timeout currently doesn't start until
+ the SOCKS server accepted the request. This will be fixed in
+ the next release.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Examples:</term>
+ <listitem>
+ <para>
+ socket-timeout 300
+ </para>
+ </listitem>
+ </varlistentry>
+</variablelist>
+<![%config-file;[<literallayout>@@socket-timeout 300</literallayout>]]>
+</sect3>
+
+
+<sect3 renderas="sect4" id="max-client-connections"><title>max-client-connections</title>
+<variablelist>
+ <varlistentry>
+ <term>Specifies:</term>
+ <listitem>
+ <para>
+ Maximum number of client connections that will be served.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Type of value:</term>
+ <listitem>
+ <para>
+ <replaceable>Positive number.</replaceable>
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Default value:</term>
+ <listitem>
+ <para>None</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Effect if unset:</term>
+ <listitem>
+ <para>
+ Connections are served until a resource limit is reached.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ &my-app; creates one thread (or process) for every incoming client
+ connection that isn't rejected based on the access control settings.
+ </para>
+ <para>
+ If the system is powerful enough, &my-app; can theoretically deal with
+ several hundred (or thousand) connections at the same time, but some
+ operating systems enforce resource limits by shutting down offending
+ processes and their default limits may be below the ones &my-app; would
+ require under heavy load.
+ </para>
+ <para>
+ Configuring &my-app; to enforce a connection limit below the thread
+ or process limit used by the operating system makes sure this doesn't
+ happen. Simply increasing the operating system's limit would work too,
+ but if &my-app; isn't the only application running on the system,
+ you may actually want to limit the resources used by &my-app;.
+ </para>
+ <para>
+ If &my-app; is only used by a single trusted user, limiting the
+ number of client connections is probably unnecessary. If there
+ are multiple possibly untrusted users you probably still want to
+ additionally use a packet filter to limit the maximal number of
+ incoming connections per client. Otherwise a malicious user could
+ intentionally create a high number of connections to prevent other
+ users from using &my-app;.
+ </para>
+ <para>
+ Obviously using this option only makes sense if you choose a limit
+ below the one enforced by the operating system.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Examples:</term>
+ <listitem>
+ <para>
+ max-client-connections 256
+ </para>
+ </listitem>
+ </varlistentry>
+</variablelist>
+<![%config-file;[<literallayout>@@#max-client-connections 256</literallayout>]]>
+</sect3>
+
+
+<sect3 renderas="sect4" id="handle-as-empty-doc-returns-ok"><title>handle-as-empty-doc-returns-ok</title>
+<variablelist>
+ <varlistentry>
+ <term>Note:</term>
+ <listitem>
+ <para>
+ This is a work-around for Firefox bug 492459:
+ <quote>
+ Websites are no longer rendered if SSL requests for JavaScripts are blocked by a proxy.
+ </quote>
+ (<link linkend="https://bugzilla.mozilla.org/show_bug.cgi?id=492459">
+ https://bugzilla.mozilla.org/show_bug.cgi?id=492459</link>)
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Specifies:</term>
+ <listitem>
+ <para>
+ The status code Privoxy returns for pages blocked with
+ <literal><link linkend="handle-as-empty-document">+handle-as-empty-document</link></literal>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Type of value:</term>
+ <listitem>
+ <para>
+ <replaceable>0 or 1</replaceable>
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Default value:</term>
+ <listitem>
+ <para>0</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Effect if unset:</term>
+ <listitem>
+ <para>
+ Privoxy returns a status 403(forbidden) for all blocked pages.
+ </para>
+ </listitem>
+ <term>Effect if set:</term>
+ <listitem>
+ <para>
+ Privoxy returns a status 200(OK) for pages blocked with +handle-as-empty-document
+ and a status 403(Forbidden) for all other blocked pages.
+ </para>
+ </listitem>
+ </varlistentry>
+</variablelist>
+<![%config-file;[<literallayout>@@#handle-as-empty-doc-returns-ok 0</literallayout>]]>
+</sect3>
+
+