X-Git-Url: http://www.privoxy.org/gitweb/show-status?a=blobdiff_plain;f=doc%2Fwebserver%2Ffaq%2Fconfiguration.html;h=ef878304669647f2cc78575efc77638f90423e2e;hb=1c0834f3f9f6b68c694319ea2e0b9327ba814507;hp=73ff78cbb4f1cefda62fa01a81659d16010ab78b;hpb=72081f829de368392d04076728f8c991178c0080;p=privoxy.git diff --git a/doc/webserver/faq/configuration.html b/doc/webserver/faq/configuration.html index 73ff78cb..ef878304 100644 --- a/doc/webserver/faq/configuration.html +++ b/doc/webserver/faq/configuration.html @@ -1,11 +1,11 @@ - +
Based on your feedback and the continuing development, updated actions files will be - made available on the files section of - our project page. -
If you wish to receive an email notification whenever we release updates of - Privoxy or the actions file, subscribe - to our announce mailing list, ijbswa-announce@lists.sourceforge.net. -
The syntax, number, and purpose of configuration files has substantially - changed from Junkbuster and earlier versions - of Privoxy. The old files, like blocklist - will not work at all. If you are upgrading from a 2.0.x version, you will - need to port your configuration data to the new format. Note that even the - pattern syntax has changed! Even configuration files from the 2.9.x versions - will need to be adapted, as configuration syntax has been very much in flow - in the 2.9.x series. -
Privoxy utilizes the concept of " actions" + that are used to manipulate and control web page data. + Actions files - are where various actionsPrivoxy might take while processing a certain +> could take while processing a certain request, are configured. Typically, you would define a set of default actions - that apply to all URLs, then add exceptions to these defaults where needed.
Actions can be defined on a cookies + as one of your default actions, but need to accept cookies from a given site, + you would need to define an exception for this site in one of your actions + files, preferably in user.action.
3.4. The 3.2. The "actions" concept confuses me. Please list @@ -207,8 +167,8 @@ TARGET="_top" > in the user - manualUser + Manual. It includes aView & change the current configuration
" from the menu. from the menu. Note + that this feature must be explicitly enabled in the main config file + (see enable-edit-actions).As of Privoxy v2.9.15, three actions files - are being included, to be used for +> Three actions files + are being included by the developers, to be used for different purposes: These are Privoxy - developers, user.action, where users are encouraged @@ -307,7 +270,7 @@ TARGET="_top" in the user manualUser Manual for a more detailed explanation.
Based on your feedback and the continuing development, updates of + default.action will be + made available from time to time on the files section of + our project page. +
If you wish to receive an email notification whenever we release updates of + Privoxy or the actions file, subscribe + to our announce mailing list, ijbswa-announce@lists.sourceforge.net. +
The syntax and purpose of configuration files has remained roughly the + same throughout the 3.x series, but backwards compatibility is not guaranteed. + Also each release contains updated, "improved" versions and it is + therefore strongly recommended to install the newer configuration files + and merge back your modifications. +
"Complicated" is in the eye of the beholder. Those that are + familiar with some of the underlying concepts, such as regular expression + syntax, take to it like a fish takes to water. Also, software that tries + hard to be "user friendly", often lacks sophistication and + flexibility. There is always that trade-off there between power vs. + easy-of-use. Furthermore, anyone is welcome to contribute ideas and + implementations to enhance Privoxy. +
The default configuration shouldn't impact the usability of any of these services. - It will, however, make all cookies temporary, so that your browser will forget your + It may, however, make all cookies + temporary, so that your browser will forget your login credentials in between browser sessions. If you would like not to have to log in manually each time you access those websites, simply turn off all cookie handling for them in the
These kinds of sites are often quite complex and heavy with + Javascript and + thus "fragile". So if still a problem, + we have an alias just for such + sticky situations: +
# Gmail is a _fragile_ site: +# +{ fragile } + # Gmail is ... + mail.google.com |
Be sure to flush your browser's caches whenever making these kinds of + changes, just to make sure the changes "take". +
Make sure the domain, host and path are appropriate as well. Your browser can + tell you where you are specifically and you should use that information for + your configuration settings. Note that above it is not referenced as + gmail.com, which is a valid domain name. +
"problem" sites are included, but in general, the more aggressive your default settings are, the more exceptions - you will have to make later. See the "Cautious" setting. This is safest and will have the fewest + problems. See the User Manual - for a more deatiled discussion.
It should be noted that the "Adventuresome""Advanced" profile (formerly known as the "Advanced" profile) is not only more - aggressive, but also includes fun and, extreme usage of most of +>"Adventuresome" profile) is more + aggressive, and will make use of some of Privoxy's features. Use at your own risk!
advanced features. Use at your own risk!"privoxy", - it can update the config files. + it can update its own config files.
If you run Privoxy for multiple untrusted users (e.g. in - a LAN), you will probably want to turn the web-based editor and remote toggle - features off by setting ""off" by setting "enable-edit-actions - 0" and ""enable-remote-toggle - 0" in the .
Note that in the default configuration, only local users (i.e. those on - "localhost") can connect to As of Privoxy, - so this is not (normally) a security problem. +> 3.0.7 these options are disabled by default.
There are a number of pre-defined filters to deal with common annoyances. The + filters are only defined here, to invoke them, you need to use the filterfilter
action in one of the actions files. Filtering is automatically - disabled for inappropriate MIME types. in one of the actions files. Content filtering is automatically + disabled for inappropriate MIME types, but if you now better than Privoxy + what should or should not be filtered you can filter any content you like.Filters should + not be confused with blocks, which + is a completely different action, and is more typically used to block ads and + unwanted sites.
If you are familiar with regular expressions, and HTML, you can look at the provided default.filter with a text editor and define your own filters. This is potentially a very powerful feature, but - requires some expertise in both regular expressions and HTML/HTTP.
user.filter, so they won't + be overwritten during upgrades. + The ability to define multiple filter files + in config is a new feature as of v. 3.0.5.Presently, there is no GUI editor option for this part of the configuration, +> There is no GUI editor option for this part of the configuration, but you can disable/enable the various pre-defined filters of the included web-based actions file editor. + Note that the custom actions editor must be explicitly enabled in + the main config file (see enable-edit-actions).
If you intend to develop your own filters, you might want to have a look at + Privoxy-Filter-Test.
Privoxy only responds to requests
- from 127.0.0.1127.0.0.1 (localhost). To have it act as a server for
a network, this needs to be changed in the main configuration file. Look for
- the listen-address
option, which may be commented out with a The replacement for blocked images can be controlled with the set-image-blockerset-image-blocker
action. You have the choice of a checkerboard pattern, a transparent 1x1 GIF
@@ -732,13 +895,13 @@ CLASS="QUOTE"
>"blank"3.12. Instead of ads, now I get a checkerboard pattern. I don't want to see anything.3.13. Instead of ads, now I get a checkerboard pattern. I don't want to see anything.
If you want to see nothing, then change the set-image-blockerset-image-blocker
action to . This can be done by editing the
default.action file, or trough the user.action file, or through the web-based actions file editor Remember that telling which image is an ad and which
isn't, is mostly guesswork. While we hope that the standard configuration
- is rather smart, it can and will make errors. The checkerboard image is visually
- decent, but it shows you that and where images were blocked, which can be very
+>, is an educated guess. While we hope that the standard configuration
+ is rather smart, it will make occasional mistakes. The checkerboard image is visually
+ decent, and it shows you where images have been blocked, which can be very
helpful in case some navigation aid or otherwise innocent image was
- erraneously blocked. Some people might also enjoy seeing how many banners
- they "see" what is happening. Some people might also enjoy seeing how
+ many banners they don't have to see..3.13. Why would anybody want to see a checkerboard pattern?3.14. Why would anybody want to see a checkerboard pattern?
3.15. Can 3.16. Can Privoxy run as a service +on Win2K/NT/XP?
Yes. Version 3.0.5 introduces full Windows service + functionality. See the User Manual for details on how to install and configure + Privoxy run as a service -on Win2K/NT? as a service.
Yes, it can run as a system service using Earlier 3.x versions could run as a system service using srvany.exe. See the discussion at http://sourceforge.net/tracker/?func=detail&atid=361118&aid=485617&group_id=11118, for details, and a sample configuration.
Version 3.0.1 fixes the problem where the icon and menu where not available - in the taskbar for this usage.
This can be done and is often useful to combine the benefits of Privoxy with those of a caching proxy. +> with those of a another proxy. See the user manualUser Manual which - describes how to do this.
How do I use Privoxy together with + Tor section below.No, its more complicated than that. This only works with special kinds of proxies known as "transparent""intercepting" proxies (see below).
No, The whole idea of Privoxy is to modify client requests + and server responses in all sorts of ways and therefore + it's not a transparent proxy as described in + RFC 2616.
However, some people say "transparent proxy" when they + mean "intercepting proxy". If you are one of them, + please read the next entry.
Privoxy currently does not have this ability, - though it is planned for a future release. Transparent proxies require - special handling of the request headers beyond what - can't intercept traffic itself, + but it can handle requests that where intercepted and redirected + with a packet filter (like Privoxy is now capable of.
PF or + iptables), as long as the Host + header is present. +As the Host header is required by HTTP/1.1 and as most + web sites rely on it anyway, this limitation shouldn't be a problem.
Chaining Please refer to your packet filter's documentation to learn how to + intercept and redirect traffic into Privoxy behind another proxy that has - this ability should work though. - See the forwarding chapter - in the user manual. As - a transparent proxy to be used for chaining we recommend Transproxy - (. + Afterward you just have to configure Privoxy to + http://www.transproxy.nlc.net.au/).
accept + intercepted requests. 3.20. How can I have separate rules just for HTML mail?3.22. How can I have separate rules just for HTML mail? The short answer is, you can't. For a good discussion of some of the issues involved (including privacy and
security issues), see
http://sourceforge.net/tracker/?func=detail&atid=211118&aid=629518&group_id=11118. Cookies can be
+ set in several ways. The classic method is via the
+ Set-Cookie HTTP header. This is straightforward, and an
+ easy one to manipulate, such as the Privoxy concept of
+ session-cookies-only.
+ There is also the possibility of using
+ Javascript to
+ set cookies (Privoxy calls these content-cookies). This
+ is trickier because the syntax can vary widely, and thus requires a certain
+ amount of guesswork. It is not realistic to catch all of these short of
+ disabling Javascript, which would break many sites. And lastly, if the
+ cookies are embedded in a HTTPS/SSL secure session via Javascript, they are beyond
+ Privoxy's reach. All in all, Privoxy can help manage cookies in general, can help minimize
+ the loss of privacy posed by cookies, but can't realistically stop all
+ cookies.3.23. I sometimes notice cookies sneaking through. How?
No, in fact there are many beneficial uses of + cookies. Cookies are just a + method that browsers can use to store data between pages, or between browser + sessions. Sometimes there is a good reason for this, and the user's life is a + bit easier as a result. But there is a long history of some websites taking + advantage of this layer of trust, and using the data they glean from you and + your browsing habits for their own purposes, and maybe to your potential + detriment. Such sites are using you and storing their data on your system. + That is why the privacy conscious watch from whom those cookies come, and why + they really need to be there.
See the + Wikipedia cookie + definition for more.
There are several actions that relate to cookies. The default behavior is to @@ -1043,12 +1345,12 @@ CLASS="QUOTE" >"session cookies", which means the cookies only last for the current browser session. This eliminates most kinds of abuse related - to cookies. But there may be cases where we want cookies to last.
To disable all cookie actions, so that cookies are allowed unrestricted, - both in and out, for example.comexample.com:
############################################################ + # Blacklist + ############################################################ + { +block } + / # Block *all* URLs + + ############################################################ + # Whitelist + ############################################################ + { -block } + kids.example.com + toys.example.com + games.example.com |
This allows access to only those three sites by first blocking all URLs, and + then subsequently allowing three specific exceptions.
Another approach is Privoxy's + trustfile concept, which incorporates the notion of + "trusted referrers". See the Trust documentation + for details.
These are fairly simple approaches and are not completely foolproof. There + are various other configuration options that should be disabled (described + elsewhere here and in the User Manual) + so that users can't modify their own configuration and easily circumvent the + whitelist.
Ad blocking is achieved through a complex application of various Privoxy + actions. These + actions are deployed against simple images, banners, flash animations, + text pages, JavaScript, pop-ups and pop-unders, etc., so its not as simple as + just turning one or two actions off. The various actions that make up + Privoxy ad blocking are hard-coded into the default configuration files. It + has been assumed that everyone using Privoxy is interested in this + particular feature. +
If you want to do without this, there are several approaches you can take: + You can manually undo the many block rules in + default.action. Or even easier, just create your own + default.action file from scratch without the many ad + blocking rules, and corresponding exceptions. Or lastly, if you are not + concerned about the additional blocks that are done for privacy reasons, you + can very easily over-ride all blocking with the + following very simple rule in your user.action: +
# Unblock everybody, everywhere + { -block } + / # UN-Block *all* URLs |
+ Or even a more comprehensive reversing of various ad related actions:
# Unblock everybody, everywhere, and turn off appropriate filtering, etc + { -block \ + -filter{banners-by-size} \ + -filter{banners-by-link} \ + allow-popups \ + } + / # UN-Block *all* URLs and allow ads |
This last "action" in this compound statement, + allow-popups, is an alias that disables + various pop-up blocking features.
Privoxy "templates" are specialized text files utilized by + Privoxy for various purposes and can easily be modified using any text + editor. All the template pages are installed in a sub-directory appropriately + named: templates. Knowing something about HTML syntax + will of course be helpful.
Be forewarned that the default templates are subject to being overwritten + during upgrades. You can, however, create completely new templates, + place them in another directory and specify the alternate path in the main + config. For details, have a look at the templdir option.
There is more than one way to do it (although Perl is not involved).
Editing the BLOCKED template page (see above) may dissuade some users, but + this method is easily circumvented. Where you need this level of control, you + might want to build Privoxy from source, and disable various features that are + available as compile-time options. You should + configure the sources as follows:
./configure --disable-toggle --disable-editor --disable-force |
This will create an executable with hard-coded security features so that + Privoxy does not allow easy bypassing of blocked sites, or changing the + current configuration via any connected user's web browser.
Finally, all of these features can also be toggled on/off via options in + Privoxy's main config file which + means you don't have to recompile anything.