4 >Privoxy Configuration</TITLE
7 CONTENT="Modular DocBook HTML Stylesheet Version 1.64
10 TITLE="Privoxy User Manual"
11 HREF="index.html"><LINK
13 TITLE="Quickstart to Using Privoxy"
14 HREF="quickstart.html"><LINK
16 TITLE="Contacting the Developers, Bug Reporting and Feature
18 HREF="contact.html"><LINK
21 HREF="../p_doc.css"></HEAD
40 >Privoxy User Manual</TH
48 HREF="quickstart.html"
84 > configuration is stored
85 in text files. These files can be edited with a text editor.
86 Many important aspects of <SPAN
90 also be controlled easily with a web browser.
99 >5.1. Controlling <SPAN
102 > with Your Web Browser</A
108 > can be reached by the special
115 HREF="http://config.privoxy.org/"
117 >http://config.privoxy.org/</A
119 which is an internal page. You will see the following section: </P
129 > Please choose from the following options:
131 * Show information about the current configuration
132 * Show the source code version numbers
133 * Show the client's request headers.
134 * Show which actions apply to a URL and why
135 * Toggle Privoxy on or off
136 * Edit the actions list
144 > This should be self-explanatory. Note the last item is an editor for the
147 >"actions list"</SPAN
148 >, which is where much of the ad, banner, cookie,
149 and URL blocking magic is configured as well as other advanced features of
153 >. This is an easy way to adjust various
157 > configuration. The actions
158 file, and other configuration files, are explained in detail below.
162 > will automatically detect any changes
167 >"Toggle Privoxy On or Off"</SPAN
168 > is handy for sites that might
169 have problems with your current actions and filters, or just to test if
170 a site misbehaves, whether it is <SPAN
174 causing the problem or not. <SPAN
178 to run as a proxy in this case, but all filtering is disabled. </P
186 >5.2. Configuration Files Overview</A
189 > For Unix, *BSD and Linux, all configuration files are located in
193 > by default. For MS Windows, OS/2, and
194 AmigaOS these are all in the same directory as the
198 > executable. The name
199 and number of configuration files has changed from previous versions, and is
200 subject to change as development progresses.</P
202 > The installed defaults provide a reasonable starting point, though possibly
203 aggressive by some standards. For the time being, there are only three
204 default configuration files (this may change in time):</P
211 > The main configuration file is named <TT
215 on Linux, Unix, BSD, OS/2, and AmigaOS and <TT
227 > file is used to define various
231 > relating to images, banners, pop-ups, access
232 restrictions, banners and cookies. There is a CGI based editor for this
233 file that can be accessed via <A
238 files are included as well with differing levels of filtering
239 and blocking, e.g. <TT
250 > file can be used to re-write the raw
251 page content, including viewable text as well as embedded HTML and JavaScript,
252 and whatever else lurks on any given web page.
265 can use Perl style regular expressions for maximum flexibility. All files use
272 > character to denote a comment. Such
273 lines are not processed by <SPAN
277 making any changes, there is no need to restart
281 > in order for the changes to take
285 > should detect such changes
288 > While under development, the configuration content is subject to change.
289 The below documentation may not be accurate by the time you read this.
290 Also, what constitutes a <SPAN
293 > setting, may change, so
294 please check all your configuration files on important issues.</P
302 >5.3. The Main Configuration File</A
305 > Again, the main configuration file is named <TT
309 Linux/Unix/BSD and OS/2, and <TT
313 Configuration lines consist of an initial keyword followed by a list of
314 values, all separated by whitespace (any number of spaces or tabs). For
320 CLASS="LITERALLAYOUT"
323 >blockfile blocklist.ini</I
325 </P
330 > Indicates that the blockfile is named <SPAN
332 >"blocklist.ini"</SPAN
334 default installation does not use this.)</P
342 > indicates a comment. Any part of a
343 line following a <SPAN
349 > is ignored, except if
365 > Thus, by placing a <SPAN
372 existing configuration line, you can make it a comment and it will be treated
373 as if it weren't there. This is called <SPAN
375 >"commenting out"</SPAN
377 option and can be useful to turn off features: If you comment out the
385 log to a file at all. Watch for the <SPAN
389 explanation to see what happens if the option is left unset (or commented
392 > Long lines can be continued on the next line by using a
399 > as the very last character.</P
401 > There are various aspects of <SPAN
405 that can be tuned.</P
412 >5.3.1. Defining Other Configuration Files</A
418 > can use a number of other files to tell it
419 what ads to block, what cookies to accept, and perform other functions. This
420 section of the configuration file tells <SPAN
424 where to find all those other files. </P
436 > looks for these files in the same
437 directory as the executable. On Unix and OS/2,
441 > looks for these files in the current
442 working directory. In either case, an absolute path name can be used to
445 > When development goes modular and multi-user, the blocker, filter, and
446 per-user config will be stored in subdirectories of <SPAN
452 >confdir/templates</TT
453 > is used for storing HTML
454 templates for CGI results. </P
456 > The location of the configuration files:</P
461 CLASS="LITERALLAYOUT"
464 >confdir /etc/privoxy</I
465 > # No trailing /, please.<br>
466 </P
471 > The directory where all logging (i.e. <TT
478 >) takes place. No trailing
490 CLASS="LITERALLAYOUT"
493 >logdir /var/log/privoxy</I
495 </P
500 > Note that all file specifications below are relative to
501 the above two directories!</P
505 >"default.action"</SPAN
506 > file contains patterns to specify the
507 actions to apply to requests for each site. Default: Cookies to and from all
508 destinations are kept only during the current browser session (i.e. they are
509 not saved to disk). Pop-ups are disabled for all sites. All sites are
510 filtered through selected sections of <SPAN
512 >"default.filter"</SPAN
517 > displays a checkboard type
518 pattern for filtered ads and other images. The syntax of this file is
519 explained in detail <A
520 HREF="configuration.html#ACTIONSFILE"
526 > files are included, and you are free to use any of
527 them. They have varying degrees of aggressiveness.</P
532 CLASS="LITERALLAYOUT"
535 >actionsfile default.action</I
537 </P
544 >"default.filter"</SPAN
545 > file contains content modification rules
548 >"regular expressions"</SPAN
549 >. These rules permit powerful
550 changes on the content of Web pages, e.g., you could disable your favorite
551 JavaScript annoyances, re-write the actual displayed text, or just have some
559 it appears on a Web page. Default: whatever the developers are playing with
562 > Filtering requires buffering the page content, which may appear to slow down
563 page rendering since nothing is displayed until all content has passed
564 the filters. (It does not really take longer, but seems that way since
565 the page is not incrementally displayed.) This effect will be more noticeable
566 on slower connections. </P
571 CLASS="LITERALLAYOUT"
574 >filterfile default.filter</I
576 </P
581 > The logfile is where all logging and error messages are written. The logfile
582 can be useful for tracking down a problem with
586 > (e.g., it's not blocking an ad you
587 think it should block) but in most cases you probably will never look at it.</P
589 > Your logfile will grow indefinitely, and you will probably want to
590 periodically remove it. On Unix systems, you can do this with a cron job
598 script has been included.</P
600 > On SuSE Linux systems, you can place a line like <SPAN
603 +1024k 644 nobody.nogroup"</SPAN
608 the effect that cron.daily will automatically archive, gzip, and empty the
609 log, when it exceeds 1M size.</P
611 > Default: Log to the a file named <TT
615 Comment out to disable logging.</P
620 CLASS="LITERALLAYOUT"
625 </P
637 > stores the cookies it intercepts. Note
638 that if you use a <SPAN
641 >, it may grow quite large. Default:
642 Don't store intercepted cookies.</P
647 CLASS="LITERALLAYOUT"
652 </P
657 > If you specify a <SPAN
664 > will only allow access to sites that
665 are named in the trustfile. You can also mark sites as trusted referrers,
666 with the effect that access to untrusted sites will be granted, if a link
667 from a trusted referrer was used. The link target will then be added to the
671 >. This is a very restrictive feature that typical
672 users most probably want to leave disabled. Default: Disabled, don't use the
678 CLASS="LITERALLAYOUT"
683 </P
688 > If you use the trust mechanism, it is a good idea to write up some on-line
689 documentation about your blocking policy and to specify the URL(s) here. They
690 will appear on the page that your users receive when they try to access
691 untrusted content. Use multiple times for multiple URLs. Default: Don't
692 display links on the <SPAN
700 CLASS="LITERALLAYOUT"
703 >trust-info-url http://www.example.com/why_we_block.html</I
707 >trust-info-url http://www.example.com/what_we_allow.html</I
709 </P
720 >5.3.2. Other Configuration Options</A
723 > This part of the configuration file contains options that control how
731 >"Admin-address"</SPAN
732 > should be set to the email address of the proxy
733 administrator. It is used in many of the proxy-generated pages. Default:
734 fill@me.in.please.</P
739 CLASS="LITERALLAYOUT"
742 >#admin-address fill@me.in.please</I
744 </P
751 >"Proxy-info-url"</SPAN
752 > can be set to a URL that contains more info
757 configuration and policies. It is used in many of the proxy-generated pages
758 and its use is highly recommended in multi-user installations, since your
759 users will want to know why certain content is blocked or modified. Default:
760 Don't show a link to on-line documentation.</P
765 CLASS="LITERALLAYOUT"
768 >proxy-info-url http://www.example.com/proxy.html</I
770 </P
777 >"Listen-address"</SPAN
778 > specifies the address and port where
782 > will listen for connections from your
783 Web browser. The default is to listen on the localhost port 8118, and
784 this is suitable for most users. (In your web browser, under proxy
785 configuration, list the proxy server as <SPAN
794 > If you already have another service running on port 8118, or if you want to
795 serve requests from other machines (e.g. on your local network) as well, you
796 will need to override the default. The syntax is
799 >"listen-address [<ip-address>]:<port>"</SPAN
801 out the IP address, <SPAN
805 interfaces (addresses) on your machine and may become reachable from the
806 Internet. In that case, consider using access control lists (acl's) (see
810 > above), or a firewall.</P
812 > For example, suppose you are running <SPAN
816 a machine which has the address 192.168.0.1 on your local private network
817 (192.168.0.0) and has another outside connection with a different address.
818 You want it to serve requests from inside only:</P
823 CLASS="LITERALLAYOUT"
826 >listen-address 192.168.0.1:8118</I
828 </P
833 > If you want it to listen on all addresses (including the outside
839 CLASS="LITERALLAYOUT"
842 >listen-address :8118</I
844 </P
849 > If you do this, consider using ACLs (see <SPAN
853 you will need to point your browser(s) to the address and port that you have
854 configured here. Default: localhost:8118 (127.0.0.1:8118).</P
856 > The debug option sets the level of debugging information to log in the
857 logfile (and to the console in the Windows version). A debug level of 1 is
858 informative because it will show you each request as it happens. Higher
859 levels of debug are probably only of interest to developers.</P
864 CLASS="LITERALLAYOUT"
865 > debug 1 # GPC = show each GET/POST/CONNECT request<br>
866 debug 2 # CONN = show each connection status<br>
867 debug 4 # IO = show I/O status<br>
868 debug 8 # HDR = show header parsing<br>
869 debug 16 # LOG = log all data into the logfile<br>
870 debug 32 # FRC = debug force feature<br>
871 debug 64 # REF = debug regular expression filter <br>
872 debug 128 # = debug fast redirects<br>
873 debug 256 # = debug GIF de-animation<br>
874 debug 512 # CLF = Common Log Format<br>
875 debug 1024 # = debug kill pop-ups<br>
876 debug 4096 # INFO = Startup banner and warnings.<br>
877 debug 8192 # ERROR = Non-fatal errors<br>
878 </P
885 >highly recommended</I
886 > that you enable ERROR
887 reporting (debug 8192), at least until v3.0 is released.</P
889 > The reporting of FATAL errors (i.e. ones which crash
893 >) is always on and cannot be disabled.</P
895 > If you want to use CLF (Common Log Format), you should set <SPAN
899 > ONLY, do not enable anything else.</P
904 > directives, are OK - they're logical-OR'd
910 CLASS="LITERALLAYOUT"
913 >debug 15 # same as setting the first 4 listed above</I
915 </P
925 CLASS="LITERALLAYOUT"
932 >debug 4096 # Info</I
936 >debug 8192 # Errors - *we highly recommended enabling this*</I
938 </P
949 >"multi-threading"</SPAN
950 >, a software technique that permits it to
951 handle many different requests simultaneously. In some cases you may wish to
952 disable this -- particularly if you're trying to debug a problem. The
955 >"single-threaded"</SPAN
960 > to handle requests sequentially.
961 Default: Multi-threaded mode.</P
966 CLASS="LITERALLAYOUT"
971 </P
979 > allows you to temporarily disable all
983 > filtering. Just set <SPAN
989 > The Windows version of <SPAN
993 the system tray, which also allows you to change this option. If you
994 right-click on that icon (or select the <SPAN
1001 >. Clicking on enable toggles
1005 > on and off. This is useful if you want
1006 to temporarily disable <SPAN
1010 a site that requires cookies which you would otherwise have blocked. This can also
1011 be toggled via a web browser at the <SPAN
1015 internal address of <A
1036 > becomes a non-anonymizing non-blocking
1037 proxy. Default: 1 (on). </P
1042 CLASS="LITERALLAYOUT"
1047 </P
1052 > For content filtering, i.e. the <SPAN
1058 >"+deanimate-gif"</SPAN
1059 > actions, it is necessary that
1063 > buffers the entire document body.
1064 This can be potentially dangerous, since a server could just keep sending
1065 data indefinitely and wait for your RAM to exhaust. With nasty consequences.</P
1070 > option lets you set the maximum
1071 size in Kbytes that each buffer may use. When the documents buffer exceeds
1072 this size, it is flushed to the client unfiltered and no further attempt to
1073 filter the rest of it is made. Remember that there may multiple threads
1074 running, which might require increasing the <SPAN
1076 >"buffer-limit"</SPAN
1081 >, unless you have enabled
1084 >"single-threaded"</SPAN
1090 CLASS="LITERALLAYOUT"
1093 >buffer-limit 4069</I
1095 </P
1100 > To enable the web-based <TT
1106 >enable-edit-actions</SPAN
1107 > to 1, or 0 to disable. Note
1108 that you must have compiled <SPAN
1112 support for this feature, otherwise this option has no effect. This
1113 internal page can be reached at <A
1120 > Security note: If this is enabled, anyone who can use the proxy
1121 can edit the actions file, and their changes will affect all users.
1122 For shared proxies, you probably want to disable this. Default: enabled.</P
1127 CLASS="LITERALLAYOUT"
1130 >enable-edit-actions 1</I
1132 </P
1140 > to be toggled on and off
1141 remotely, using your web browser. Set <SPAN
1143 >"enable-remote-toggle"</SPAN
1145 1 to enable, and 0 to disable. Note that you must have compiled
1149 > with support for this feature,
1150 otherwise this option has no effect.</P
1152 > Security note: If this is enabled, anyone who can use the proxy can toggle
1153 it on or off (see <A
1158 their changes will affect all users. For shared proxies, you probably want to
1159 disable this. Default: enabled.</P
1164 CLASS="LITERALLAYOUT"
1167 >enable-remote-toggle 1</I
1169 </P
1180 >5.3.3. Access Control List (ACL)</A
1183 > Access controls are included at the request of some ISPs and systems
1184 administrators, and are not usually needed by individual users. Please note
1185 the warnings in the FAQ that this proxy is not intended to be a substitute
1186 for a firewall or to encourage anyone to defer addressing basic security
1189 > If no access settings are specified, the proxy talks to anyone that
1190 connects. If any access settings file are specified, then the proxy
1191 talks only to IP addresses permitted somewhere in this file and not
1192 denied later in this file.</P
1194 > Summary -- if using an ACL:</P
1202 > Client must have permission to receive service.
1216 > LAST match in ACL wins.
1230 > Default behavior is to deny service.
1238 > The syntax for an entry in the Access Control List is:</P
1243 CLASS="LITERALLAYOUT"
1244 > ACTION SRC_ADDR[/SRC_MASKLEN] [ DST_ADDR[/DST_MASKLEN] ]<br>
1245 </P
1250 > Where the individual fields are:</P
1255 CLASS="LITERALLAYOUT"
1259 > = <SPAN
1261 >"permit-access"</SPAN
1262 > or <SPAN
1264 >"deny-access"</SPAN
1270 > = client hostname or dotted IP address<br>
1274 > = number of bits in the subnet mask for the source<br>
1279 > = server or forwarder hostname or dotted IP address<br>
1283 > = number of bits in the subnet mask for the target<br>
1284 </P
1290 The field separator (FS) is whitespace (space or tab).</P
1292 > IMPORTANT NOTE: If <SPAN
1296 forwarder (see below) or a gateway for a particular destination URL, the
1300 > that is examined is the address of the forwarder
1301 or the gateway and <I
1304 > the address of the ultimate
1305 target. This is necessary because it may be impossible for the local
1309 > to determine the address of the
1310 ultimate target (that's often what gateways are used for).</P
1312 > Here are a few examples to show how the ACL features work:</P
1317 > is OK -- no DST_ADDR implies that
1321 > destination addresses are OK:</P
1326 CLASS="LITERALLAYOUT"
1329 >permit-access localhost</I
1331 </P
1336 > A silly example to illustrate permitting any host on the class-C subnet with
1340 > to go anywhere:</P
1345 CLASS="LITERALLAYOUT"
1348 >permit-access www.privoxy.com/24</I
1350 </P
1355 > Except deny one particular IP address from using it at all:</P
1360 CLASS="LITERALLAYOUT"
1363 >deny-access ident.privoxy.com</I
1365 </P
1370 > You can also specify an explicit network address and subnet mask.
1371 Explicit addresses do not have to be resolved to be used.</P
1376 CLASS="LITERALLAYOUT"
1379 >permit-access 207.153.200.0/24</I
1381 </P
1386 > A subnet mask of 0 matches anything, so the next line permits everyone.</P
1391 CLASS="LITERALLAYOUT"
1394 >permit-access 0.0.0.0/0</I
1396 </P
1409 CLASS="LITERALLAYOUT"
1412 >permit-access .org</I
1414 </P
1419 > to allow all *.org domains. Every IP address listed must resolve fully.</P
1421 > An ISP may want to provide a <SPAN
1428 > and yet restrict use of some of their
1429 private content to hosts on its internal network (i.e. its own subscribers).
1430 Say, for instance the ISP owns the Class-B IP address block 123.124.0.0 (a 16
1431 bit netmask). This is how they could do it:</P
1436 CLASS="LITERALLAYOUT"
1439 >permit-access 0.0.0.0/0 0.0.0.0/0</I
1440 > # other clients can go anywhere <br>
1441 # with the following exceptions:<br>
1446 > 0.0.0.0/0 123.124.0.0/16 # block all external requests for<br>
1447 # sites on the ISP's network<br>
1451 >permit 0.0.0.0/0 www.my_isp.com</I
1452 > # except for the ISP's main <br>
1453 # web site<br>
1457 >permit 123.124.0.0/16 0.0.0.0/0</I
1458 > # the ISP's clients can go <br>
1459 # anywhere<br>
1460 </P
1465 > Note that if some hostnames are listed with multiple IP addresses,
1466 the primary value returned by DNS (via gethostbyname()) is used. Default:
1467 Anyone can access the proxy.</P
1475 >5.3.4. Forwarding</A
1478 > This feature allows chaining of HTTP requests via multiple proxies.
1479 It can be used to better protect privacy and confidentiality when
1480 accessing specific domains by routing requests to those domains
1481 to a special purpose filtering proxy such as lpwa.com. Or to use
1482 a caching proxy to speed up browsing.</P
1484 > It can also be used in an environment with multiple networks to route
1485 requests via multiple gateways allowing transparent access to multiple
1486 networks without having to modify browser configurations.</P
1488 > Also specified here are SOCKS proxies. <SPAN
1492 SOCKS 4 and SOCKS 4A. The difference is that SOCKS 4A will resolve the target
1493 hostname using DNS on the SOCKS server, not our local DNS client.</P
1495 > The syntax of each line is:</P
1500 CLASS="LITERALLAYOUT"
1503 >forward target_domain[:port] http_proxy_host[:port]</I
1507 >forward-socks4 target_domain[:port] socks_proxy_host[:port] http_proxy_host[:port]</I
1511 >forward-socks4a target_domain[:port] socks_proxy_host[:port] http_proxy_host[:port]</I
1513 </P
1518 > If http_proxy_host is <SPAN
1521 >, then requests are not forwarded to a
1522 HTTP proxy but are made directly to the web servers.</P
1524 > Lines are checked in sequence, and the last match wins.</P
1526 > There is an implicit line equivalent to the following, which specifies that
1527 anything not finding a match on the list is to go out without forwarding
1528 or gateway protocol, like so:</P
1533 CLASS="LITERALLAYOUT"
1537 ># implicit<br>
1538 </P
1543 > In the following common configuration, everything goes to Lucent's LPWA,
1544 except SSL on port 443 (which it doesn't handle):</P
1549 CLASS="LITERALLAYOUT"
1552 >forward .* lpwa.com:8000</I
1558 </P
1564 Some users have reported difficulties related to LPWA's use of
1568 > as the last element of the domain, and have said that this
1569 can be fixed with this:</P
1574 CLASS="LITERALLAYOUT"
1577 >forward lpwa. lpwa.com:8000</I
1579 </P
1584 > (NOTE: the syntax for specifying target_domain has changed since the
1585 previous paragraph was written -- it will not work now. More information
1588 > In this fictitious example, everything goes via an ISP's caching proxy,
1589 except requests to that ISP:</P
1594 CLASS="LITERALLAYOUT"
1597 >forward .* caching.myisp.net:8000</I
1601 >forward myisp.net .</I
1603 </P
1608 > For the @home network, we're told the forwarding configuration is this:</P
1613 CLASS="LITERALLAYOUT"
1616 >forward .* proxy:8080</I
1618 </P
1623 > Also, we're told they insist on getting cookies and JavaScript, so you should
1624 allow cookies from home.com. We consider JavaScript a potential security risk.
1625 Java need not be enabled.</P
1627 > In this example direct connections are made to all <SPAN
1631 domains, but everything else goes through Lucent's LPWA by way of the
1632 company's SOCKS gateway to the Internet.</P
1637 CLASS="LITERALLAYOUT"
1640 >forward-socks4 .* lpwa.com:8000 firewall.my_company.com:1080</I
1644 >forward my_company.com .</I
1646 </P
1651 > This is how you could set up a site that always uses SOCKS but no forwarders:</P
1656 CLASS="LITERALLAYOUT"
1659 >forward-socks4a .* . firewall.my_company.com:1080</I
1661 </P
1666 > An advanced example for network administrators:</P
1668 > If you have links to multiple ISPs that provide various special content to
1669 their subscribers, you can configure forwarding to pass requests to the
1670 specific host that's connected to that ISP so that everybody can see all
1671 of the content on all of the ISPs.</P
1673 > This is a bit tricky, but here's an example:</P
1675 > host-a has a PPP connection to isp-a.com. And host-b has a PPP connection to
1676 isp-b.com. host-a can run a <SPAN
1680 forwarding like this: </P
1685 CLASS="LITERALLAYOUT"
1692 >forward isp-b.com host-b:8118</I
1694 </P
1699 > host-b can run a <SPAN
1702 > proxy with forwarding
1708 CLASS="LITERALLAYOUT"
1715 >forward isp-a.com host-a:8118</I
1717 </P
1725 > on the Internet (including users on host-a
1726 and host-b) can set their browser's proxy to <I
1730 host-a or host-b and be able to browse the content on isp-a or isp-b.</P
1732 > Here's another practical example, for University of Kent at
1733 Canterbury students with a network connection in their room, who
1734 need to use the University's Squid web cache.</P
1739 CLASS="LITERALLAYOUT"
1742 >forward *. ssbcache.ukc.ac.uk:3128</I
1743 > # Use the proxy, except for:<br>
1746 >forward .ukc.ac.uk . </I
1747 > # Anything on the same domain as us<br>
1751 > # Host with no domain specified<br>
1754 >forward 129.12.*.* . </I
1755 > # A dotted IP on our /16 network.<br>
1758 >forward 127.*.*.* . </I
1759 > # Loopback address<br>
1762 >forward localhost.localdomain . </I
1763 > # Loopback address<br>
1766 >forward www.ukc.mirror.ac.uk . </I
1767 > # Specific host<br>
1768 </P
1773 > If you intend to chain <SPAN
1780 > locally, then chain as
1783 >browser -> squid -> privoxy</TT
1784 > is the recommended way. </P
1786 >Your squid configuration could then look like this (assuming that the IP
1787 address of the box is <TT
1795 CLASS="LITERALLAYOUT"
1796 > # Define Privoxy as parent cache <br>
1798 cache_peer 192.168.0.1 parent 8118 0 no-query<br>
1800 # don't listen to the whole world<br>
1801 http_port 192.168.0.1:3128<br>
1803 # define the local lan<br>
1804 acl mylocallan src 192.168.0.1-192.168.0.5/255.255.255.255<br>
1806 # grant access for http to local lan<br>
1807 http_access allow mylocallan<br>
1809 # Define ACL for protocol FTP <br>
1810 acl FTP proto FTP <br>
1812 # Do not forward ACL FTP to privoxy<br>
1813 always_direct allow FTP <br>
1815 # Do not forward ACL CONNECT (https) to privoxy<br>
1816 always_direct allow CONNECT <br>
1818 # Forward the rest to privoxy<br>
1819 never_direct allow all <br>
1820 </P
1831 >5.3.5. Windows GUI Options</A
1837 > has a number of options specific to the
1838 Windows GUI interface:</P
1842 >"activity-animation"</SPAN
1847 > icon will animate when
1851 > is active. To turn off, set to 0.</P
1856 CLASS="LITERALLAYOUT"
1859 >activity-animation 1</I
1861 </P
1868 >"log-messages"</SPAN
1873 > will log messages to the console
1879 CLASS="LITERALLAYOUT"
1884 </P
1892 >"log-buffer-size"</SPAN
1893 > is set to 1, the size of the log buffer,
1894 i.e. the amount of memory used for the log messages displayed in the
1895 console window, will be limited to <SPAN
1897 >"log-max-lines"</SPAN
1900 > Warning: Setting this to 0 will result in the buffer to grow infinitely and
1901 eat up all your memory!</P
1906 CLASS="LITERALLAYOUT"
1909 >log-buffer-size 1</I
1911 </P
1918 >log-max-lines</SPAN
1919 > is the maximum number of lines held
1920 in the log buffer. See above.</P
1925 CLASS="LITERALLAYOUT"
1928 >log-max-lines 200</I
1930 </P
1937 >"log-highlight-messages"</SPAN
1942 > will highlight portions of the log
1943 messages with a bold-faced font:</P
1948 CLASS="LITERALLAYOUT"
1951 >log-highlight-messages 1</I
1953 </P
1958 > The font used in the console window:</P
1963 CLASS="LITERALLAYOUT"
1966 >log-font-name Comic Sans MS</I
1968 </P
1973 > Font size used in the console window:</P
1978 CLASS="LITERALLAYOUT"
1983 </P
1991 >"show-on-task-bar"</SPAN
1992 > controls whether or not
1996 > will appear as a button on the Task bar
2002 CLASS="LITERALLAYOUT"
2005 >show-on-task-bar 0</I
2007 </P
2014 >"close-button-minimizes"</SPAN
2015 > is set to 1, the Windows close
2016 button will minimize <SPAN
2019 > instead of closing
2020 the program (close with the exit option on the File menu).</P
2025 CLASS="LITERALLAYOUT"
2028 >close-button-minimizes 1</I
2030 </P
2037 >"hide-console"</SPAN
2038 > option is specific to the MS-Win console
2042 >. If this option is used,
2046 > will disconnect from and hide the
2052 CLASS="LITERALLAYOUT"
2053 > #hide-console<br>
2054 </P
2066 >5.4. The Actions File</A
2071 >"default.action"</SPAN
2080 to define what actions <SPAN
2084 determines how ad images, cookies and various other aspects of HTTP content
2085 and transactions are handled. These can be accepted or rejected for all
2086 sites, or just those sites you choose. See below for a complete list of
2090 Anything you want can blocked, including ads, banners, or just some obnoxious
2091 URL that you would rather not see. Cookies can be accepted or rejected, or
2092 accepted only during the current browser session (i.e. not written to disk).
2096 > should be immediately visible
2100 > without the need to restart.</P
2102 > Note that some sites may misbehave, or possibly not work at all with some
2103 actions. This may require some tinkering with the rules to get the most
2107 > features, and still be
2108 able to see and enjoy just what you want to. There is no general rule of
2109 thumb on these things. There just are too many variables, and sites are
2110 always changing. </P
2112 > The easiest way to edit the <SPAN
2115 > file is with a browser by
2123 >"Edit Actions List"</SPAN
2124 >. A text editor can also be used.</P
2126 > To determine which actions apply to a request, the URL of the request is
2127 compared to all patterns in this file. Every time it matches, the list of
2128 applicable actions for the URL is incrementally updated. You can trace
2129 this process by visiting <A
2130 HREF="http://p.p/show-url-info"
2132 >http://p.p/show-url-info</A
2135 > There are four types of lines in this file: comments (begin with a
2139 > character), actions, aliases and patterns, all of which are
2140 explained below, as well as the configuration file syntax that
2144 > understands. </P
2151 >5.4.1. URL Domain and Path Syntax</A
2154 > Generally, a pattern has the form <domain>/<path>, where both the
2155 <domain> and <path> part are optional. If you only specify a
2156 domain part, the <SPAN
2159 > can be left out:</P
2164 > - is a domain only pattern and will match any request to
2167 >"www.example.com"</SPAN
2172 >www.example.com/</I
2173 > - means exactly the same.</P
2177 >www.example.com/index.html</I
2178 > - matches only the single
2181 >"/index.html"</SPAN
2184 >"www.example.com"</SPAN
2190 > - matches the document <SPAN
2192 >"/index.html"</SPAN
2194 regardless of the domain. So would match any page named <SPAN
2203 > - matches nothing, since it would be
2204 interpreted as a domain name and there is no top-level domain called
2210 > The matching of the domain part offers some flexible options: if the
2211 domain starts or ends with a dot, it becomes unanchored at that end.
2217 > - matches any domain or sub-domain that
2223 >".example.com"</SPAN
2229 > - matches any domain that <I
2238 > Additionally, there are wild-cards that you can use in the domain names
2239 themselves. They work pretty similar to shell wild-cards: <SPAN
2243 stands for zero or more arbitrary characters, <SPAN
2247 any single character. And you can define character classes in square
2248 brackets and they can be freely mixed:</P
2255 >"adserver.example.com"</SPAN
2259 >"ads.example.com"</SPAN
2260 >, etc but not <SPAN
2262 >"sfads.example.com"</SPAN
2267 >*ad*.example.com</I
2268 > - matches all of the above, and then some.</P
2275 >"www.ipix.com"</SPAN
2279 >"pictures.epix.com"</SPAN
2282 >"a.b.c.d.e.upix.com"</SPAN
2287 >www[1-9a-ez].example.com</I
2290 >"www1.example.com"</SPAN
2294 >"www4.example.com"</SPAN
2297 >"wwwd.example.com"</SPAN
2301 >"wwwz.example.com"</SPAN
2308 >"wwww.example.com"</SPAN
2318 > support (the default), Perl compatible regular expressions
2319 can be used. These are more flexible and powerful than other types
2322 >"regular expressions"</SPAN
2326 > directory or <SPAN
2330 > (also available on <A
2331 HREF="http://www.perldoc.com/perl5.6/pod/perlre.html"
2333 >http://www.perldoc.com/perl5.6/pod/perlre.html</A
2335 for details. A brief discussion of regular expressions is in the
2337 HREF="appendix.html#REGEX"
2343 >/.*/advert[0-9]+\.jpe?g</I
2344 > - would match a URL from any
2345 domain, with any path that includes <SPAN
2349 immediately by one or more digits, then a <SPAN
2362 >"example.com/ads/advert2.jpg"</SPAN
2366 >"www.example.com/ads/banners/advert39.jpeg"</SPAN
2370 >"www.example.com/ads/banners/advert39.gif"</SPAN
2372 example pattern).</P
2374 > Please note that matching in the path is case
2378 > by default, but you can switch to case
2379 sensitive at any point in the pattern by using the
2387 >www.example.com/(?-i)PaTtErN.*</I
2389 documents whose path starts with <SPAN
2396 > this capitalization.</P
2407 > Actions are enabled if preceded with a <SPAN
2411 preceded with a <SPAN
2414 >. Actions are invoked by enclosing the
2415 action name in curly braces (e.g. {+some_action}), followed by a list of
2416 URLs to which the action applies. There are three classes of actions:</P
2433 CLASS="LITERALLAYOUT"
2437 > # enable this action<br>
2441 > # disable this action<br>
2442 </P
2451 parameterized (e.g. <SPAN
2453 >"+/-hide-user-agent"</SPAN
2460 CLASS="LITERALLAYOUT"
2464 > # enable action and set parameter to <SPAN
2471 > # disable action<br>
2472 </P
2481 Multi-value (e.g. <SPAN
2483 >"{+/-add-header{Name: value}}"</SPAN
2486 >"{+/-wafer{name=value}}"</SPAN
2493 CLASS="LITERALLAYOUT"
2497 > # enable action and add parameter <SPAN
2504 > # remove the parameter <SPAN
2511 > # disable this action totally<br>
2512 </P
2521 > If nothing is specified in this file, no <SPAN
2525 So in this case <SPAN
2529 normal, non-blocking, non-anonymizing proxy. You must specifically
2530 enable the privacy and blocking features you need (although the
2531 provided default <TT
2535 give a good starting point).</P
2537 > Later defined actions always over-ride earlier ones. So exceptions
2538 to any rules you make, should come in the latter part of the file. For
2539 multi-valued actions, the actions are applied in the order they are
2542 > The list of valid <SPAN
2556 Add the specified HTTP header, which is not checked for validity.
2557 You may specify this many times to specify many different headers:
2563 CLASS="LITERALLAYOUT"
2566 >+add-header{Name: value}</I
2568 </P
2577 Block this URL totally. In a default installation, a <SPAN
2581 URL will result in bright red banner that says <SPAN
2585 with a reason why it is being blocked, and an option to see it anyway.
2586 The page displayed for this is the <SPAN
2596 CLASS="LITERALLAYOUT"
2601 </P
2610 De-animate all animated GIF images, i.e. reduce them to their last frame.
2611 This will also shrink the images considerably (in bytes, not pixels!). If
2615 > is given, the first frame of the animation
2616 is used as the replacement. If <SPAN
2619 > is given, the last frame
2620 of the animation is used instead, which probably makes more sense for most
2621 banner animations, but also has the risk of not showing the entire last
2622 frame (if it is only a delta to an earlier frame).
2628 CLASS="LITERALLAYOUT"
2631 >+deanimate-gifs{last}</I
2635 >+deanimate-gifs{first}</I
2637 </P
2648 > will downgrade HTTP/1.1 client requests to
2649 HTTP/1.0 and downgrade the responses as well. Use this action for servers
2650 that use HTTP/1.1 protocol features that
2654 > doesn't handle well yet. HTTP/1.1
2655 is only partially implemented. Default is not to downgrade requests.
2661 CLASS="LITERALLAYOUT"
2666 </P
2675 Many sites, like yahoo.com, don't just link to other sites. Instead, they
2676 will link to some script on their own server, giving the destination as a
2677 parameter, which will then redirect you to the final target. URLs resulting
2678 from this scheme typically look like:
2681 >http://some.place/some_script?http://some.where-else</I
2685 > Sometimes, there are even multiple consecutive redirects encoded in the
2686 URL. These redirections via scripts make your web browsing more traceable,
2687 since the server from which you follow such a link can see where you go to.
2688 Apart from that, valuable bandwidth and time is wasted, while your browser
2689 ask the server for one redirect after the other. Plus, it feeds the
2695 >"+fast-redirects"</SPAN
2696 > option enables interception of these
2697 types of requests by <SPAN
2701 all but the last valid URL in the request and send a local redirect back to
2702 your browser without contacting the intermediate site(s).
2708 CLASS="LITERALLAYOUT"
2713 </P
2722 Apply the filters in the <TT
2729 > file to the site(s).
2733 > sections are grouped according to like
2734 functionality. <SPAN
2738 re-write any of the raw page content. This is a potentially a
2739 very powerful feature!
2745 CLASS="LITERALLAYOUT"
2748 >+filter{section_header}</I
2750 </P
2757 Filter sections that are pre-defined in the supplied
2778 >: Get rid of particularly annoying HTML abuse.
2795 >: Get rid of particularly annoying JavaScript abuse
2812 >: Kill all popups in JS and HTML
2828 >frameset-borders</I
2829 >: Give frames a border
2846 >: Squish WebBugs (1x1 invisible GIFs used for user tracking)
2863 >: Automatic refresh sucks on auto-dialup lines
2880 >: Text replacements for subversive browsing fun!
2897 >: Remove (virus) Nimda code.
2914 >: Kill banners by size
2931 >: Kill all web pages that contain the words "sex" or "warez"
2943 Block any existing X-Forwarded-for header, and do not add a new one:
2949 CLASS="LITERALLAYOUT"
2954 </P
2963 If the browser sends a <SPAN
2966 > header containing your e-mail
2967 address, this either completely removes the header (<SPAN
2971 changes it to the specified e-mail address.
2977 CLASS="LITERALLAYOUT"
2980 >+hide-from{block}</I
2984 >+hide-from{spam@sittingduck.xqq}</I
2986 </P
2995 Don't send the <SPAN
2998 > (sic) header to the web site. You
2999 can block it, forge a URL to the same server as the request (which is
3000 preferred because some sites will not send images otherwise) or set it to a
3001 constant, user defined string of your choice.
3007 CLASS="LITERALLAYOUT"
3010 >+hide-referer{block}</I
3014 >+hide-referer{forge}</I
3018 >+hide-referer{http://nowhere.com}</I
3020 </P
3029 Alternative spelling of <SPAN
3031 >"+hide-referer"</SPAN
3033 parameters, and can be freely mixed with, <SPAN
3035 >"+hide-referer"</SPAN
3040 > is the correct English spelling, however the HTTP
3041 specification has a bug - it requires it to be spelled <SPAN
3050 CLASS="LITERALLAYOUT"
3053 >+hide-referrer{...}</I
3055 </P
3066 >"User-Agent:"</SPAN
3067 > header so web servers can't tell your
3068 browser type. Warning! This breaks many web sites. Specify the
3069 user-agent value you want. Example, pretend to be using Netscape on
3076 CLASS="LITERALLAYOUT"
3079 >+hide-user-agent{Mozilla (X11; I; Linux 2.0.32 i586)}</I
3081 </P
3090 Treat this URL as an image. This only matters if it's also <SPAN
3094 in which case a <SPAN
3097 > image can be sent rather than a HTML page.
3100 >"+image-blocker{}"</SPAN
3101 > below for the control over what is actually sent.
3105 > ads, they should be defined as
3115 >"image-blocker"</SPAN
3116 > should be set to <SPAN
3120 cannot treat HTML pages as images in most cases. For instance, frames
3121 require an HTML page to display. So a frame that is an ad, cannot be
3122 treated as an image. Forcing an <SPAN
3126 situation just will not work.
3132 CLASS="LITERALLAYOUT"
3137 </P
3145 > Decides what to do with URLs that end up tagged with <SPAN
3149 >, e.g an advertizement. There are five options.
3152 >"-image-blocker"</SPAN
3153 > will send a HTML <SPAN
3157 usually resulting in a <SPAN
3159 >"broken image"</SPAN
3163 >"+image-blocker{blank}"</SPAN
3164 > will send a 1x1 transparent GIF
3165 image. And finally, <SPAN
3167 >"+image-blocker{http://xyz.com}"</SPAN
3169 HTTP temporary redirect to the specified image. This has the advantage of the
3170 icon being being cached by the browser, which will speed up the display.
3173 >"+image-blocker{pattern}"</SPAN
3174 > will send a checkboard type pattern
3180 CLASS="LITERALLAYOUT"
3183 >+image-blocker{blank}</I
3187 >+image-blocker{pattern}</I
3191 >+image-blocker{http://p.p/send-banner}</I
3193 </P
3202 By default (i.e. in the absence of a <SPAN
3204 >"+limit-connect"</SPAN
3209 > will only allow CONNECT
3210 requests to port 443, which is the standard port for https as a
3214 > The CONNECT methods exists in HTTP to allow access to secure websites
3215 (https:// URLs) through proxies. It works very simply: the proxy
3216 connects to the server on the specified port, and then short-circuits
3217 its connections to the client <I
3220 > to the remote proxy.
3221 This can be a big security hole, since CONNECT-enabled proxies can
3222 be abused as TCP relays very easily.
3226 If you want to allow CONNECT for more ports than this, or want to forbid
3227 CONNECT altogether, you can specify a comma separated list of ports and
3228 port ranges (the latter using dashes, with the minimum defaulting to 0 and
3235 CLASS="LITERALLAYOUT"
3238 >+limit-connect{443} # This is the default and need no be specified.</I
3242 >+limit-connect{80,443} # Ports 80 and 443 are OK.</I
3246 >+limit-connect{-3, 7, 20-100, 500-} # Port less than 3, 7, 20 to 100</I
3250 > #and above 500 are OK.</I
3252 </P
3262 >"+no-compression"</SPAN
3263 > prevents the website from compressing the
3264 data. Some websites do this, which can be a problem for
3277 >"+gif-deanimate"</SPAN
3279 compressed data. This will slow down connections to those websites,
3280 though. Default is <SPAN
3282 >"no-compression"</SPAN
3289 CLASS="LITERALLAYOUT"
3294 </P
3303 If the website sets cookies, <SPAN
3305 >"no-cookies-keep"</SPAN
3307 they are erased when you exit and restart your web browser. This makes
3308 profiling cookies useless, but won't break sites which require cookies so
3309 that you can log in for transactions. Default: on.
3315 CLASS="LITERALLAYOUT"
3318 >+no-cookies-keep</I
3320 </P
3329 Prevent the website from reading cookies:
3335 CLASS="LITERALLAYOUT"
3338 >+no-cookies-read</I
3340 </P
3349 Prevent the website from setting cookies:
3355 CLASS="LITERALLAYOUT"
3360 </P
3369 Filter the website through a built-in filter to disable those obnoxious
3370 JavaScript pop-up windows via window.open(), etc. The two alternative
3371 spellings are equivalent.
3377 CLASS="LITERALLAYOUT"
3386 </P
3395 This action only applies if you are using a <TT
3399 for saving cookies. It sends a cookie to every site stating that you do not
3400 accept any copyright on cookies sent to you, and asking them not to track
3401 you. Of course, this is a (relatively) unique header they could use to
3408 CLASS="LITERALLAYOUT"
3413 </P
3422 This allows you to add an arbitrary cookie. It can be specified multiple
3423 times in order to add as many cookies as you like.
3429 CLASS="LITERALLAYOUT"
3432 >+wafer{name=value}</I
3434 </P
3443 > The meaning of any of the above is reversed by preceding the action with a
3447 >, in place of the <SPAN
3454 > Turn off cookies by default, then allow a few through for specified sites:</P
3459 CLASS="LITERALLAYOUT"
3460 > # Turn off all persistent cookies<br>
3461 { +no-cookies-read }<br>
3462 { +no-cookies-set }<br>
3463 # Allow cookies for this browser session ONLY<br>
3464 { +no-cookies-keep }<br>
3466 # Exceptions to the above, sites that benefit from persistent cookies<br>
3467 { -no-cookies-read }<br>
3468 { -no-cookies-set }<br>
3469 { -no-cookies-keep }<br>
3470 .javasoft.com<br>
3472 .yahoo.com<br>
3473 .msdn.microsoft.com<br>
3474 .redhat.com<br>
3476 # Alternative way of saying the same thing<br>
3477 {-no-cookies-set -no-cookies-read -no-cookies-keep}<br>
3478 .sourceforge.net<br>
3480 </P
3485 > Now turn off <SPAN
3487 >"fast redirects"</SPAN
3488 >, and then we allow two exceptions:</P
3493 CLASS="LITERALLAYOUT"
3494 > # Turn them off!<br>
3495 {+fast-redirects}<br>
3497 # Reverse it for these two sites, which don't work right without it.<br>
3498 {-fast-redirects}<br>
3499 www.ukc.ac.uk/cgi-bin/wac\.cgi\?<br>
3500 login.yahoo.com<br>
3501 </P
3506 > Turn on page filtering according to rules in the defined sections
3510 >, and make one exception for
3517 CLASS="LITERALLAYOUT"
3518 > # Run everything through the filter file, using only the<br>
3519 # specified sections:<br>
3520 +filter{html-annoyances} +filter{js-annoyances} +filter{no-popups}\<br>
3521 +filter{webbugs} +filter{nimda} +filter{banners-by-size}<br>
3522 <br>
3523 # Then disable filtering of code from sourceforge!<br>
3525 .cvs.sourceforge.net<br>
3526 </P
3531 > Now some URLs that we want <SPAN
3534 > (normally generates
3538 > banner). Many of these use regular expressions
3539 that will expand to match multiple URLs:</P
3544 CLASS="LITERALLAYOUT"
3545 > # Blocklist:<br>
3546 {+block}<br>
3547 /.*/(.*[-_.])?ads?[0-9]?(/|[-_.].*|\.(gif|jpe?g))<br>
3548 /.*/(.*[-_.])?count(er)?(\.cgi|\.dll|\.exe|[?/])<br>
3549 /.*/(ng)?adclient\.cgi<br>
3550 /.*/(plain|live|rotate)[-_.]?ads?/<br>
3551 /.*/(sponsor)s?[0-9]?/<br>
3552 /.*/_?(plain|live)?ads?(-banners)?/<br>
3553 /.*/abanners/<br>
3554 /.*/ad(sdna_image|gifs?)/<br>
3555 /.*/ad(server|stream|juggler)\.(cgi|pl|dll|exe)<br>
3556 /.*/adbanners/<br>
3557 /.*/adserver<br>
3558 /.*/adstream\.cgi<br>
3559 /.*/adv((er)?ts?|ertis(ing|ements?))?/<br>
3560 /.*/banner_?ads/<br>
3561 /.*/banners?/<br>
3562 /.*/banners?\.cgi/<br>
3563 /.*/cgi-bin/centralad/getimage<br>
3564 /.*/images/addver\.gif<br>
3565 /.*/images/marketing/.*\.(gif|jpe?g)<br>
3566 /.*/popupads/<br>
3567 /.*/siteads/<br>
3568 /.*/sponsor.*\.gif<br>
3569 /.*/sponsors?[0-9]?/<br>
3570 /.*/advert[0-9]+\.jpg<br>
3571 /Media/Images/Adds/<br>
3572 /ad_images/<br>
3573 /adimages/<br>
3574 /.*/ads/<br>
3575 /bannerfarm/<br>
3576 /grafikk/annonse/<br>
3577 /graphics/defaultAd/<br>
3578 /image\.ng/AdType<br>
3579 /image\.ng/transactionID<br>
3580 /images/.*/.*_anim\.gif # alvin brattli<br>
3581 /ip_img/.*\.(gif|jpe?g)<br>
3582 /rotateads/<br>
3583 /rotations/ <br>
3584 /worldnet/ad\.cgi<br>
3585 /cgi-bin/nph-adclick.exe/<br>
3586 /.*/Image/BannerAdvertising/<br>
3587 /.*/ad-bin/<br>
3588 /.*/adlib/server\.cgi<br>
3589 /autoads/<br>
3590 </P
3595 > Note that many of these actions have the potential to cause a page to
3596 misbehave, possibly even not to display at all. There are many ways
3597 a site designer may choose to design his site, and what HTTP header
3598 content he may depend on. There is no way to have hard and fast rules
3599 for all sites. See the <A
3600 HREF="appendix.html#ACTIONSANAT"
3603 for a brief example on troubleshooting actions.</P
3624 >, can be defined by combining other <SPAN
3628 These can in turn be invoked just like the built-in <SPAN
3632 Currently, an alias can contain any character except space, tab, <SPAN
3642 >. But please use only <SPAN
3662 >. Alias names are not case sensitive, and
3665 >must be defined before anything</I
3670 >file! And there can only be one set of
3676 > Now let's define a few aliases:</P
3681 CLASS="LITERALLAYOUT"
3682 > # Useful custom aliases we can use later. These must come first!<br>
3684 +no-cookies = +no-cookies-set +no-cookies-read<br>
3685 -no-cookies = -no-cookies-set -no-cookies-read<br>
3686 fragile = -block -no-cookies -filter -fast-redirects -hide-referer -no-popups<br>
3687 shop = -no-cookies -filter -fast-redirects<br>
3688 +imageblock = +block +image<br>
3690 #For people who don't like to type too much: ;-)<br>
3691 c0 = +no-cookies<br>
3692 c1 = -no-cookies<br>
3693 c2 = -no-cookies-set +no-cookies-read<br>
3694 c3 = +no-cookies-set -no-cookies-read<br>
3695 #... etc. Customize to your heart's content.<br>
3696 </P
3701 > Some examples using our <SPAN
3708 aliases from above:</P
3713 CLASS="LITERALLAYOUT"
3714 > # These sites are very complex and require<br>
3715 # minimal interference.<br>
3717 .office.microsoft.com<br>
3718 .windowsupdate.microsoft.com<br>
3719 .nytimes.com<br>
3721 # Shopping sites - still want to block ads.<br>
3723 .quietpc.com<br>
3724 .worldpay.com # for quietpc.com<br>
3725 .jungle.com<br>
3726 .scan.co.uk<br>
3728 # These shops require pop-ups<br>
3729 {shop -no-popups}<br>
3731 .overclockers.co.uk<br>
3732 </P
3743 > aliases are often used for
3747 > sites that require most actions to be disabled
3748 in order to function properly. </P
3757 >5.5. The Filter File</A
3760 > Any web page can be dynamically modified with the filter file. This
3761 modification can be removal, or re-writing, of any web page content,
3762 including tags and non-visible content. The default filter file is
3766 >, located in the config directory. </P
3768 > This is potentially a very powerful feature, and requires knowledge of both
3771 >"regular expression"</SPAN
3772 > and HTML in order create custom
3773 filters. But, there are a number of useful filters included with
3777 > for many common situations.</P
3779 > The included example file is divided into sections. Each section begins
3783 > keyword, followed by the identifier
3784 for that section, e.g. <SPAN
3786 >"FILTER: webbugs"</SPAN
3787 >. Each section performs
3788 a similar type of filtering, such as <SPAN
3790 >"html-annoyances"</SPAN
3793 > This file uses regular expressions to alter or remove any string in the
3794 target page. The expressions can only operate on one line at a time. Some
3795 examples from the included default <TT
3800 > Stop web pages from displaying annoying messages in the status bar by
3801 deleting such references:</P
3806 CLASS="LITERALLAYOUT"
3807 > FILTER: html-annoyances<br>
3809 # New browser windows should be resizeable and have a location and status<br>
3810 # bar. Make it so.<br>
3812 s/resizable="?(no|0)"?/resizable=1/ig s/noresize/yesresize/ig<br>
3813 s/location="?(no|0)"?/location=1/ig s/status="?(no|0)"?/status=1/ig<br>
3814 s/scrolling="?(no|0|Auto)"?/scrolling=1/ig<br>
3815 s/menubar="?(no|0)"?/menubar=1/ig <br>
3817 # The <BLINK> tag was a crime!<br>
3819 s*<blink>|</blink>**ig<br>
3821 # Is this evil? <br>
3823 #s/framespacing="?(no|0)"?//ig<br>
3824 #s/margin(height|width)=[0-9]*//gi<br>
3825 </P
3830 > Just for kicks, replace any occurrence of <SPAN
3837 >, and have a little fun with topical buzzwords: </P
3842 CLASS="LITERALLAYOUT"
3843 > FILTER: fun<br>
3845 s/microsoft(?!.com)/MicroSuck/ig<br>
3847 # Buzzword Bingo:<br>
3849 s/industry-leading|cutting-edge|award-winning/<font color=red><b>BINGO!</b></font>/ig<br>
3850 </P
3855 > Kill those pesky little web-bugs:</P
3860 CLASS="LITERALLAYOUT"
3861 > # webbugs: Squish WebBugs (1x1 invisible GIFs used for user tracking)<br>
3862 FILTER: webbugs<br>
3864 s/<img\s+[^>]*?(width|height)\s*=\s*['"]?1\D[^>]*?(width|height)\s*=\s*['"]?1(\D[^>]*?)?>/<!-- Squished WebBug -->/sig<br>
3865 </P
3882 > displays one of its internal
3883 pages, such as a 404 Not Found error page, it uses the appropriate template.
3884 On Linux, BSD, and Unix, these are located in
3887 >/etc/privoxy/templates</TT
3888 > by default. These may be
3889 customized, if desired. <TT
3893 used to control the HTML attributes (fonts, etc).</P
3898 > banner page with the bright red top
3899 banner, is called just <SPAN
3906 may be customized or replaced with something else if desired. </P
3924 HREF="quickstart.html"
3949 >Quickstart to Using <SPAN
3962 >Contacting the Developers, Bug Reporting and Feature