1 # Sample Configuration file for Privoxy
4 # $Id: config,v 1.31 2002/03/24 12:58:57 swa Exp $
10 # 2. FORMAT OF THE CONFIGURATION FILE
11 # 3. OTHER CONFIGURATION FILES
13 # 5. WINDOWS GUI OPTIONS
17 # This file holds the Privoxy configuration. If you modify this
18 # file, you will need to send a couple of requests to the proxy
19 # before any changes take effect.
21 # When starting Privoxy on Unix systems, give the name of this
22 # file as an argument. On Windows systems, Privoxy will look for
23 # this file with the name 'config.txt' in the same directory where
24 # Privoxy is installed.
26 # 2. FORMAT OF THE CONFIGURATION FILE
28 # Configuration lines consist of an initial keyword followed by a list
29 # of values, all separated by whitespace (any number of spaces or
32 # actionsfile default.action
34 # Indicates that the actionsfile is named 'default.action'.
36 # The '#' indicates a comment. Any part of a line following a '#' is
37 # ignored, except if the '#' is preceded by a '\'.
39 # Thus, by placing a # at the start of an existing configuration line,
40 # you can make it a comment and it will be treated as if it weren't there.
41 # This is called "commenting out" an option and can be useful to turn
42 # off features: If you comment out the "logfile" line, Privoxy will
43 # not log to a file at all.
45 # Watch for the "default:" section in each explanation to see what
46 # happens if the option is left unset (or commented out).
48 # NOTE: THAT DEFAULT IS NOT NECESSARILY EQUAL TO THE OPTION
49 # VALUE SET IN THIS SAMPLE CONFIG FILE.
51 # Long lines can be continued on the next line by using a `\' as
54 # 3. OTHER CONFIGURATION FILES
56 # Privoxy uses a number of other files to tell it what ads to
57 # block, what cookies to accept, etc. This section of the
58 # configuration file tells Privoxy where to find all those other
61 # Privoxy looks for these files in the directory specified with
64 # (Note that on Windows, Privoxy usually starts with the current
65 # directory (".") being the same directory as the executable)
67 # An absolute path name can be used to avoid problems.
69 # While we go modular and multiuser, the blocker, filter, and
70 # per-user config will be stored in subdirectories of confdir.
71 # Now, only confdir/templates is used for storing HTML templates
74 # No trailing /, please.
78 # The directory where all logging (i.e. logfile and jarfile) takes place
79 # No trailing /, please.
83 # Note that all file specifications below are relative to
84 # the above two directories!!!
86 # The actions file contains patterns to specify the
87 # actions to apply to requests for each site.
89 # Default: Cookies to and from all destinations are filtered.
90 # Popups are disabled for all sites.
91 # All sites are filtered if filterfile specified.
92 # No sites are blocked. Nothing is an image.
94 actionsfile default.action
96 # The filterfile contains content modification rules. These rules
97 # permit powerful changes on the content of Web pages, e.g., you
98 # could disable your favourite JavaScript annoyances, rewrite the
99 # actual content, or just have some fun replacing "Microsoft"
100 # with "Microsuck" wherever it appears on a Web page.
102 # Default: content modification. (see '+-filter' in actionsfile)
104 filterfile default.filter
107 # The logfile is where all logging and error messages are written.
108 # The logfile can be useful for tracking down a problem with
109 # Privoxy (e.g., it's not blocking an ad you think it should
110 # block) but in most cases you probably will never look at it.
112 # Your logfile will grow indefinitely, and you will probably want to
113 # periodically remove it. On Unix systems, you can do this with a
114 # cron job (see 'man cron').
116 # On SuSE Linux systems, you can place a line like
117 # "/var/log/privoxy.* +1024k 644 nobody.nogroup" in /etc/logfiles,
118 # with the effect that cron.daily will automatically archive, gzip,
119 # and empty the log, when it exceeds 1M size.
121 # Default: Log to the standard error channel, not to a file
126 # The jarfile defines where Privoxy stores the cookies it
127 # intercepts. Note that if you use a jarfile, it may grow quite
130 # Default: Don't store intercepted cookies
135 # If you specify a trustfile, Privoxy will only allow access
136 # to sites that are named in the trustfile. You can also mark
137 # sites as trusted referrers, with the effect that access to
138 # untrusted sites will be granted, if a link from a trusted
139 # referrer was used. The link target will then be added to the
141 # Note that this is a very restrictive feature that typical users
142 # most propably want to leave disabled.
144 # Default: Don't use the trust mechanism
149 # If you use the trust mechanism, it is a good idea to write up
150 # some online documentation about your blocking policy and to
151 # specify the URL(s) here. They will appear on the page that
152 # your users receive when they try to access untrusted content.
153 # Use multiple times for multiple URLs.
155 # Default: Don't display links on the "untrusted" info page.
157 trust-info-url http://www.example.com/why_we_block.html
158 trust-info-url http://www.example.com/what_we_allow.html
162 # This part of the configuration file contains options that control
163 # how Privoxy operates.
166 # Admin-address should be set to the email address of the proxy
167 # administrator. It is used in many of the proxy-generated pages.
169 # Default: Do not display an e-mail address
171 #admin-address privoxy-admin@example.com
174 # Proxy-info-url can be set to a URL that contains more info about
175 # this Privoxy installation, it's configuration and policies.
176 # It is used in many of the proxy-generated pages and its use is
177 # highly recommended, since your users will want to know why certain
178 # content is blocked or modified.
180 # Default: Don't show a link to online documentation
182 #proxy-info-url http://www.example.com/proxy-service.html
186 # Listen-address specifies the address and port where Privoxy will
187 # listen for connections from your Web browser. The default is to
188 # listen on the local host on port 8118, and this is suitable for
189 # most users. (In your web browser, under proxy configuration, list
190 # the proxy server as 'localhost' and the port as '8118').
192 # If you already have another service running on port 8118, or if you
193 # want to serve requests from other machines (e.g. on your local
194 # network) as well, you will need to override the default. The syntax
195 # is "listen-address [<ip-address>]:<port>" If you leave out the ip
196 # adress, Privoxy will bind to all interfaces (addresses) on your
197 # machine and may become reachable from the internet. In that case,
198 # consider using access control lists (acl's) (see "aclfile" above).
200 # For example, suppose you are running Privoxy on a machine which
201 # has the address 192.168.0.1 on your local private network
202 # (192.168.0.0) and has another outside connection with a different
203 # address. You want it to serve requests from inside only:
205 # listen-address 192.168.0.1:8118
207 # If you want it to listen on all addresses (including the outside
210 # listen-address :8118
212 # If you do this, consider using acls (see "aclfile" above).
214 # Note: you will need to point your browser(s) to the address
215 # and port that you have configured here.
217 # Default: listen-address localhost:8118
218 # listen-address 127.0.0.1:8118
220 listen-address 127.0.0.1:8118
223 # The debug option sets the level of debugging information to log in
224 # the logfile (and to the console in the Windows version). A debug
225 # level of 1 is informative because it will show you each request as
226 # it happens. Higher levels of debug are probably only of interest
229 # debug 1 # GPC = show each GET/POST/CONNECT request
230 # debug 2 # CONN = show each connection status
231 # debug 4 # IO = show I/O status
232 # debug 8 # HDR = show header parsing
233 # debug 16 # LOG = log all data into the logfile
234 # debug 32 # FRC = debug force feature
235 # debug 64 # REF = debug regular expression filter
236 # debug 128 # = debug fast redirects
237 # debug 256 # = debug GIF deanimation
238 # debug 512 # CLF = Common Log Format
239 # debug 1024 # = debug kill popups
240 # debug 4096 # INFO = Startup banner and warnings.
241 # debug 8192 # ERROR = Non-fatal errors
243 # It is *highly recommended* that you enable ERROR
244 # reporting. (debug 8192).
246 # The reporting of FATAL errors (i.e. ones which crash
247 # Privoxy) is always on and cannot be disabled.
249 # If you want to use CLF, you should set "debug 512" ONLY,
250 # do not enable anything else.
252 # Multiple "debug" directives, are OK - they're logical-OR'd
255 # debug 15 # same as setting the first 4 listed above
257 # Default: 0, i.e. log nothing but fatal errors
261 debug 8192 # Errors - *we highly recommended enabling this*
264 # Privoxy normally uses "multi-threading", a software technique
265 # that permits it to handle many different requests simultaneously.
266 # In some cases you may wish to disable this -- particularly if
267 # you're trying to debug a problem. The 'single-threaded' option
268 # forces Privoxy to handle requests sequentially.
270 # Default: Multithreaded mode
275 # 'toggle' allows you to temporarily disable all Privoxy's
276 # filtering. Just set "toggle 0".
278 # This can now be toggled remotely, through the web-based config
279 # interface. There is no reason to edit this file any more.
281 # The Windows version of Privoxy puts an icon in the system
282 # tray, which allows you to change this option without having
283 # to edit this file. If you right-click on that icon (or select
284 # the 'Options' menu), one choice is "Enable". Clicking on enable
285 # toggles Privoxy on and off. This is useful if you want to
286 # temporarily disable Privoxy, e.g., to access a site that
287 # requires cookies which you normally have blocked.
289 # 'toggle 1' means Privoxy runs normally, 'toggle 0' means
290 # that Privoxy becomes a non-anonymizing non-blocking
298 # For content filtering, i.e. the +filter and +deanimate-gif
299 # actions, it is neccessary that Privoxy buffers up the
300 # whole document body. This can be potentially dangerous, since
301 # a server could just keep sending data indefinitely and wait
302 # for your RAM to exhaust.
303 # The buffer-limit option lets you set the size in Kbytes that
304 # each buffer may use at maximum. When the documents buffer
305 # exceeds that size, it is flushed to the client unfiltered and
306 # no further attempt to filter the rest of it is taken.
307 # Remember that there may multiple threads running, which might
308 # require up to buffer-limit Kbytes *each*, unless you have set
309 # single-threaded below.
311 # Default: 4069, i.e. 4 MB
317 # Enable the web-based actionsfile editor. Set to 1 to enable,
318 # 0 to disable. Note that you must have compiled Privoxy
319 # with support for this feature, otherwise this option has no
322 # Security note: If this is enabled, anyone who can use the proxy
323 # can edit the actions file, and their changes will affect all users.
324 # For shared proxies, you probably want to disable this.
328 enable-edit-actions 1
332 # Allow Privoxy to be toggled on and off remotely, using your
333 # web browser. Set to 1 to enable, 0 to disable. Note that you
334 # must have compiled Privoxy with support for this feature,
335 # otherwise this option has no effect.
337 # Security note: If this is enabled, anyone who can use the proxy
338 # can toggle it on or off, and their changes will affect all users.
339 # For shared proxies, you probably want to disable this.
343 enable-remote-toggle 1
345 #############################################################################
346 # Access Control List
347 #############################################################################
349 # Access controls are included at the request of some ISPs and systems
350 # administrators, and are not usually needed by individual users.
351 # Please note the warnings in the FAQ that this proxy is not
352 # intended to be a substitute for a firewall or to encourage anyone
353 # to defer addressing basic security weaknesses.
354 # For details see the documentation
356 # If no access settings are specified, the proxy talks to anyone that
357 # connects. If any access settings file are specified, then the proxy
358 # talks only to IP addresses permitted somewhere in this file and not
359 # denied later in this file.
361 # Summary -- if using an ACL:
363 # Client must have permission to receive service
364 # LAST match in ACL wins
365 # Default behavior is to deny service
367 # Syntax for an entry in the Access Control List is:
369 # ACTION SRC_ADDR[/SRC_MASKLEN] [ DST_ADDR[/DST_MASKLEN] ]
371 # where the fields are
373 # ACTION = "permit-access" | "deny-access"
375 # SRC_ADDR = client hostname or dotted IP address
376 # SRC_MASKLEN = number of bits in the subnet mask for the source
378 # DST_ADDR = server or forwarder hostname or dotted IP address
379 # DST_MASKLEN = number of bits in the subnet mask for the target
381 # field separator (FS) is whitespace (space or tab)
385 # If Privoxy is using a forwarder or a gateway for a particular
386 # destination URL, the DST_ADDRR that is examined is the address of
387 # the forwarder or the gateway and NOT the address of the ultimate target.
388 # This is necessary because it may be impossible for the local
389 # Privoxy to determine the address of the ultimate target
390 # (that's often what gateways are used for).
392 # Here are a few examples to show how the ACL works:
394 # localhost is OK -- no DST_ADDR implies that ALL destination addresses are OK
395 # permit-access localhost
397 # a silly example to illustrate:
399 # permit any host on the class-C subnet with our web server to go
402 # permit-access www.example.com/24
404 # except deny one particular IP address from using it at all
406 # deny-access hacker.example.com
410 # You can specify an explicit network address and subnet mask.
411 # Explicit addresses do not have to be resolved to be used.
413 # permit-access 207.153.200.0/24
415 # a subnet mask of 0 matches anything, so the next line permits everyone.
417 # permit-access 0.0.0.0/0
419 # Note: you cannot say
423 # to allow all .org domains; every IP-address listed must resolve fully.
425 # An ISP may want to provide a Privoxy that is accessible by "the world"
426 # and yet restrict use of some of their private content to hosts on its
427 # internal network (i.e. its own subscribers). Say, for instance the
428 # ISP owns the Class-B IP address block 123.124.0.0 (a 16 bit netmask).
429 # This is how they could do it:
431 # permit-access 0.0.0.0/0 0.0.0.0/0 # other clients can go anywhere
432 # # with the following exceptions:
434 # deny-access 0.0.0.0/0 123.124.0.0/16 # block all external requests for
435 # # sites on the ISP's network
437 # permit 0.0.0.0/0 www.my_isp.com # except for the ISP's main web site
439 # permit 123.124.0.0/16 0.0.0.0/0 # the ISP's clients can go anywhere
441 # Note that some hostnames may be listed with multiple IP addresses;
442 # the primary value returned by gethostbyname() is used.
444 # Default: Anyone can access the proxy.
447 #############################################################################
449 #############################################################################
452 # This feature allows routing of HTTP requests via multiple proxies.
453 # It can be used to better protect privacy and confidentiality when
454 # accessing specific domains by routing requests to those domains
455 # to a special purpose filtering proxy such as lpwa.com
457 # It can also be used in an environment with multiple networks to route
458 # requests via multiple gateways allowing transparent access to multiple
459 # networks without having to modify browser configurations.
461 # Also specified here are SOCKS proxies. We support SOCKS 4 and SOCKS 4A.
462 # The difference is that SOCKS 4A will resolve the target hostname using
463 # DNS on the SOCKS server, not our local DNS client.
465 # The syntax of each line is
467 # forward target_domain[:port] http_proxy_host[:port]
468 # forward-socks4 target_domain[:port] socks_proxy_host[:port] http_proxy_host[:port]
469 # forward-socks4a target_domain[:port] socks_proxy_host[:port] http_proxy_host[:port]
471 # If http_proxy_host is ".", then requests are not forwarded to
472 # a HTTP proxy but are made directly to the web servers.
474 # Lines are checked in turn, and the last match wins.
476 # There is an implicit line equivalent to the following, which specifies that
477 # anything not finding a match on the list is to go out without forwarding
478 # or gateway protocol; like so:
479 # forward .* . # implicit
481 # In the following common configuration, everything goes to Lucent's LPWA,
482 # except SSL on port 443 (which it doesn't handle)
483 # forward .* lpwa.com:8118
486 # See the FAQ for instructions on how to automate the login procedure for LPWA.
487 # Some users have reported difficulties related to LPWA's use of . as the
488 # last element of the domain, and have said that this can be fixed with this:
489 # forward lpwa. lpwa.com:8118
490 # (NOTE: the syntax for specifiying target_domain has changed since the
491 # previous paragraph weas written - it will not work now. More information
494 # In this fictitious example, everything goes via an ISP's caching proxy,
495 # except requests to that ISP:
497 # forward .* caching.myisp.net:8118
498 # forward myisp.net .
500 # For the @home network, we're told the forwarding configuration is this:
501 # forward .* proxy:8080
502 # Also, we're told they insist on getting cookies and Javascript, so you need
503 # to add home.com to the cookie file. We consider Javascript a security risk;
504 # see our page on cookies. Java need not be enabled.
506 # In this example direct connections are made to all "internal" domains,
507 # but everything else goes through Lucent's LPWA by way of the company's
508 # SOCKS gateway to the Internet.
510 # forward-socks4 .* lpwa.com:8118 firewall.my_company.com:1080
511 # forward my_company.com .
513 # This is how you could set up a site that always uses SOCKS but no forwarders
515 # forward-socks4a .* . firewall.my_company.com:1080
517 # An advanced example for network administrators:
519 # If you have links to multiple ISPs that provide various special content to
520 # their subscribers, you can configure forwarding to pass requests to the
521 # specific host that's connected to that ISP so that everybody can see all
522 # of the content on all of the ISPs.
524 # This is tricky, but here's a sample:
526 # host-a has a PPP connection to isp-a.com
527 # host-b has a PPP connection to isp-b.com
529 # host-a can run Privoxy with forwarding like this:
531 # forward isp-b.com host-b:8118
533 # host-b can run Privoxy with forwarding like this:
535 # forward isp-a.com host-a:8118
537 # Now, *anyone* on the Internet (including users on host-a and host-b)
538 # can set their browser's proxy to *either* host-a or host-b and
539 # be able to browse the content on isp-a or isp-b.
542 # Here's another practical example, for University of Kent at
543 # Canterbury students with a network connection in their room, who
544 # need to use the University's Squid web cache.
546 # forward *. ssbcache.ukc.ac.uk:3128 # Use the proxy, except for:
547 # forward .ukc.ac.uk . # Anything on the same domain as us
548 # forward * . # Host with no domain specified
549 # forward 129.12.*.* . # A dotted IP on our /16 network.
550 # forward 127.*.*.* . # Loopback address
551 # forward localhost.localdomain . # Loopback address
552 # forward www.ukc.mirror.ac.uk . # Specific host
555 # Note: If you intend to chain Privoxy and squid locally, the chain
556 # broswer -> squid -> Privoxy is the recommended way.
558 # Your squid configuration could then look like this:
560 # # Define Privoxy as parent cache
561 # cache_peer 127.0.0.1 8118 parent 0 no-query
563 # # Define ACL for protocol FTP
566 # # Do not forward ACL FTP to Privoxy
567 # always_direct allow FTP
569 # # Do not forward ACL CONNECT (https) to Privoxy
570 # always_direct allow CONNECT
572 # # Forward the rest to Privoxy
573 # never_direct allow all
576 #############################################################################
577 # 5. WINDOWS GUI OPTIONS
578 #############################################################################
580 # Privoxy has a number of options specific to the Windows GUI
583 # activity-animation {1 or 0}
585 # If set to 1, the Privoxy icon will animate when Privoxy is
588 #Win32-only: activity-animation 1
590 # log-messages {1 or 0}
592 # If set to 1, Privoxy will log messages to the console window.
594 #Win32-only: log-messages 1
596 # log-buffer-size {1 or 0}?
598 # If log-buffer-size is set to 1, the size of the log buffer, that
599 # is the amount of memory used for the log messages displayed in
600 # the console window, will be limited to 'log-max-lines' (see below).
602 # Warning: Setting this to 0 will result in the buffer to grow
603 # infinitely and eat up all your memory!
605 #Win32-only: log-buffer-size 1
607 # log-max-lines {number of lines, e.g., '200'}
609 # Maximum number of lines held in the log buffer. See above.
611 #Win32-only: log-max-lines 200
613 # log-highlight-messages {1 or 0}
615 # If set to 1, Privoxy will highlight portions of the log
616 # messages with a bold-faced font.
618 #Win32-only: log-highlight-messages 1
620 # log-font-name {font name, e.g., 'Comic Sans MS'}
622 # The font used in the console window.
624 #Win32-only: log-font-name Comic Sans MS
626 # log-font-size {font size in points, e.g., '8'}
628 # Font size used in the console window.
630 #Win32-only: log-font-size 8
632 # show-on-task-bar {1 or 0}
634 # Controls whether or not Privoxy will appear as a button on the Task
635 # bar when minimized.
637 #Win32-only: show-on-task-bar 0
640 # close-button-minimizes 1
642 # If set, the Windows close button will minimize Privoxy instead
643 # of closing the program (close with the exit option on the File
646 #Win32-only: close-button-minimizes 1
650 # This option is specific to the Win32 console version of Privoxy:
654 # If this option is used, Privoxy will disconnect from and hide
655 # the command console.
657 #Win32-only: #hide-console
660 # Note: Privoxy is distributed under the GNU General Public License (GPL)
661 # For details, see http://www.gnu.org/copyleft/gpl.html