From 4c2f2c6e853e7c7178a4790e7b4688f3731b8396 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Tue, 17 Jun 2008 16:44:21 +0000 Subject: [PATCH] Remove plain-text documentation. --- doc/text/developer-manual.txt | 2551 ------------ doc/text/faq.txt | 2510 ------------ doc/text/user-manual.txt | 7277 --------------------------------- 3 files changed, 12338 deletions(-) delete mode 100644 doc/text/developer-manual.txt delete mode 100644 doc/text/faq.txt delete mode 100644 doc/text/user-manual.txt diff --git a/doc/text/developer-manual.txt b/doc/text/developer-manual.txt deleted file mode 100644 index 9166ab1a..00000000 --- a/doc/text/developer-manual.txt +++ /dev/null @@ -1,2551 +0,0 @@ - Privoxy Developer Manual - - [Copyright[ (c) 2001-2008 by Privoxy Developers]] - - $Id: developer-manual.txt,v 1.43 2008/01/19 21:41:36 hal9 Exp $ - - The developer manual provides guidance on coding, testing, packaging, - documentation and other issues of importance to those involved with - Privoxy development. It is mandatory (and helpful!) reading for anyone who - wants to join the team. Note that it's currently out of date and may not - be entirely correct. As always, patches are welcome. - - Please note that this document is constantly evolving. This copy - represents the state at the release of version 3.0.8. You can find the - latest version of the this manual at - http://www.privoxy.org/developer-manual/. Please see the Contact section - on how to contact the developers. - - -------------------------------------------------------------------------- - - Table of Contents - - 1. Introduction - - 1.1. Quickstart to Privoxy Development - - 2. The CVS Repository - - 2.1. Access to CVS - - 2.2. Branches - - 2.3. CVS Commit Guidelines - - 3. Documentation Guidelines - - 3.1. Quickstart to Docbook and SGML - - 3.2. Privoxy Documentation Style - - 3.3. Privoxy Custom Entities - - 4. Coding Guidelines - - 4.1. Introduction - - 4.2. Using Comments - - 4.2.1. Comment, Comment, Comment - - 4.2.2. Use blocks for comments - - 4.2.3. Keep Comments on their own line - - 4.2.4. Comment each logical step - - 4.2.5. Comment All Functions Thoroughly - - 4.2.6. Comment at the end of braces if the - content is more than one screen length - - 4.3. Naming Conventions - - 4.3.1. Variable Names - - 4.3.2. Function Names - - 4.3.3. Header file prototypes - - 4.3.4. Enumerations, and #defines - - 4.3.5. Constants - - 4.4. Using Space - - 4.4.1. Put braces on a line by themselves. - - 4.4.2. ALL control statements should have a - block - - 4.4.3. Do not belabor/blow-up boolean - expressions - - 4.4.4. Use white space freely because it is free - - 4.4.5. Don't use white space around structure - operators - - 4.4.6. Make the last brace of a function stand - out - - 4.4.7. Use 3 character indentions - - 4.5. Initializing - - 4.5.1. Initialize all variables - - 4.6. Functions - - 4.6.1. Name functions that return a boolean as a - question. - - 4.6.2. Always specify a return type for a - function. - - 4.6.3. Minimize function calls when iterating by - using variables - - 4.6.4. Pass and Return by Const Reference - - 4.6.5. Pass and Return by Value - - 4.6.6. Names of include files - - 4.6.7. Provide multiple inclusion protection - - 4.6.8. Use `extern "C"` when appropriate - - 4.6.9. Where Possible, Use Forward Struct - Declaration Instead of Includes - - 4.7. General Coding Practices - - 4.7.1. Turn on warnings - - 4.7.2. Provide a default case for all switch - statements - - 4.7.3. Try to avoid falling through cases in a - switch statement. - - 4.7.4. Use 'long' or 'short' Instead of 'int' - - 4.7.5. Don't mix size_t and other types - - 4.7.6. Declare each variable and struct on its - own line. - - 4.7.7. Use malloc/zalloc sparingly - - 4.7.8. The Programmer Who Uses 'malloc' is - Responsible for Ensuring 'free' - - 4.7.9. Add loaders to the `file_list' structure - and in order - - 4.7.10. "Uncertain" new code and/or changes to - existing code, use FIXME or XXX - - 4.8. Addendum: Template for files and function comment - blocks: - - 5. Testing Guidelines - - 5.1. Testplan for releases - - 5.2. Test reports - - 6. Releasing a New Version - - 6.1. Version numbers - - 6.2. Before the Release: Freeze - - 6.3. Building and Releasing the Packages - - 6.3.1. Note on Privoxy Packaging - - 6.3.2. Source Tarball - - 6.3.3. SuSE, Conectiva or Red Hat RPM - - 6.3.4. OS/2 - - 6.3.5. Solaris - - 6.3.6. Windows - - 6.3.7. Debian - - 6.3.8. Mac OSX - - 6.3.9. FreeBSD - - 6.3.10. HP-UX 11 - - 6.3.11. Amiga OS - - 6.3.12. AIX - - 6.4. Uploading and Releasing Your Package - - 6.5. After the Release - - 7. Update the Webserver - - 8. Contacting the developers, Bug Reporting and Feature Requests - - 8.1. Get Support - - 8.2. Reporting Problems - - 8.2.1. Reporting Ads or Other Configuration - Problems - - 8.2.2. Reporting Bugs - - 8.3. Request New Features - - 8.4. Other - - 9. Privoxy Copyright, License and History - - 9.1. License - - 9.2. History - - 10. See also - -1. Introduction - - Privoxy, as an heir to Junkbuster, is a Free Software project and the code - is licensed under the GPL. As such, Privoxy development is potentially - open to anyone who has the time, knowledge, and desire to contribute in - any capacity. Our goals are simply to continue the mission, to improve - Privoxy, and to make it available to as wide an audience as possible. - - One does not have to be a programmer to contribute. Packaging, testing, - documenting and porting, are all important jobs as well. - - -------------------------------------------------------------------------- - - 1.1. Quickstart to Privoxy Development - - The first step is to join the developer's mailing list. You can submit - your ideas, or even better patches. Patches are best submitted to the - Sourceforge tracker set up for this purpose, but can be sent to the list - for review too. - - You will also need to have a cvs package installed, which will entail - having ssh installed as well (which seems to be a requirement of - SourceForge), in order to access the cvs repository. Having the GNU build - tools is also going to be important (particularly, autoconf and gmake). - - For the time being (read, this section is under construction), you can - also refer to the extensive comments in the source code. In fact, reading - the code is recommended in any case. - - -------------------------------------------------------------------------- - -2. The CVS Repository - - If you become part of the active development team, you will eventually - need write access to our holy grail, the CVS repository. One of the team - members will need to set this up for you. Please read this chapter - completely before accessing via CVS. - - -------------------------------------------------------------------------- - - 2.1. Access to CVS - - The project's CVS repository is hosted on SourceForge. Please refer to the - chapters 6 and 7 in SF's site documentation for the technical access - details for your operating system. For historical reasons, the CVS server - is called ijbswa.cvs.sourceforge.net, the repository is called ijbswa, and - the source tree module is called current. - - -------------------------------------------------------------------------- - - 2.2. Branches - - Within the CVS repository, there are modules and branches. As mentioned, - the sources are in the current "module". Other modules are present for - platform specific issues. There is a webview of the CVS hierarchy at - http://ijbswa.cvs.sourceforge.net/ijbswa/, which might help with - visualizing how these pieces fit together. - - Branches are used to fork a sub-development path from the main trunk. - Within the current module where the sources are, there is always at least - one "branch" from the main trunk devoted to a stable release series. The - main trunk is where active development takes place for the next stable - series (e.g. 3.2.x). So just prior to each stable series (e.g. 3.0.x), a - branch is created just for stable series releases (e.g. 3.0.0 -> 3.0.1 -> - 3.0.2, etc). Once the initial stable release of any stable branch has - taken place, this branch is only used for bugfixes, which have had prior - testing before being committed to CVS. (See Version Numbers below for - details on versioning.) - - At one time there were two distinct branches: stable and unstable. The - more drastic changes were to be in the unstable branch. These branches - have now been merged to minimize time and effort of maintaining two - branches. - - -------------------------------------------------------------------------- - - 2.3. CVS Commit Guidelines - - The source tree is the heart of every software project. Every effort must - be made to ensure that it is readable, compilable and consistent at all - times. There are differing guidelines for the stable branch and the main - development trunk, and we ask anyone with CVS access to strictly adhere to - the following guidelines: - - Basic Guidelines, for all branches: - - * Please don't commit even a small change without testing it thoroughly - first. When we're close to a public release, ask a fellow developer to - review your changes. - - * Your commit message should give a concise overview of what you changed - (no big details) and why you changed it Just check previous messages - for good examples. - - * Don't use the same message on multiple files, unless it equally - applies to all those files. - - * If your changes span multiple files, and the code won't recompile - unless all changes are committed (e.g. when changing the signature of - a function), then commit all files one after another, without long - delays in between. If necessary, prepare the commit messages in - advance. - - * Before changing things on CVS, make sure that your changes are in line - with the team's general consensus on what should be done. - - * Note that near a major public release, we get more cautious. There is - always the possibility to submit a patch to the patch tracker instead. - - -------------------------------------------------------------------------- - -3. Documentation Guidelines - - All formal documents are maintained in Docbook SGML and located in the - doc/source/* directory. You will need Docbook, the Docbook DTD's and the - Docbook modular stylesheets (or comparable alternatives), and either jade - or openjade (recommended) installed in order to build docs from source. - Currently there is user-manual, FAQ, and, of course this, the - developer-manual in this format. The README, AUTHORS, INSTALL, privoxy.1 - (man page), and config files are also now maintained as Docbook SGML. - These files, when built, in the top-level source directory are generated - files! Also, the Privoxy index.html (and a variation on this file, - privoxy-index.html, meant for inclusion with doc packages), are maintained - as SGML as well. DO NOT edit these directly. Edit the SGML source, or - contact someone involved in the documentation. - - config requires some special handling. The reason it is maintained this - way is so that the extensive comments in the file mirror those in - user-manual. But the conversion process requires going from SGML to HTML - to text to special formatting required for the embedded comments. Some of - this does not survive so well. Especially some of the examples that are - longer than 80 characters. The build process for this file outputs to - config.new, which should be reviewed for errors and mis-formatting. Once - satisfied that it is correct, then it should be hand copied to config. - - Other, less formal documents (e.g. LICENSE) are maintained as plain text - files in the top-level source directory. - - Packagers are encouraged to include this documentation. For those without - the ability to build the docs locally, text versions of each are kept in - CVS. HTML versions are also being kept in CVS under doc/webserver/*. And - PDF version are kept in doc/pdf/*. - - Formal documents are built with the Makefile targets of make dok, or - alternately make redhat-dok. If you have problems, try both. The build - process uses the document SGML sources in doc/source/*/* to update all - text files in doc/text/ and to update all HTML documents in - doc/webserver/. - - Documentation writers should please make sure documents build successfully - before committing to CVS, if possible. - - How do you update the webserver (i.e. the pages on privoxy.org)? - - 1. First, build the docs by running make dok (or alternately make - redhat-dok). For PDF docs, do make dok-pdf. - - 2. Run make webserver which copies all files from doc/webserver to the - sourceforge webserver via scp. - - Finished docs should be occasionally submitted to CVS - (doc/webserver/*/*.html) so that those without the ability to build them - locally, have access to them if needed. This is especially important just - prior to a new release! Please do this after the $VERSION and other - release specific data in configure.in has been updated (this is done just - prior to a new release). - - -------------------------------------------------------------------------- - - 3.1. Quickstart to Docbook and SGML - - If you are not familiar with SGML, it is a markup language similar to - HTML. Actually, not a mark up language per se, but a language used to - define markup languages. In fact, HTML is an SGML application. Both will - use "tags" to format text and other content. SGML tags can be much more - varied, and flexible, but do much of the same kinds of things. The tags, - or "elements", are definable in SGML. There is no set "standards". Since - we are using Docbook, our tags are those that are defined by Docbook. Much - of how the finish document is rendered is determined by the "stylesheets". - The stylesheets determine how each tag gets translated to HTML, or other - formats. - - Tags in Docbook SGML need to be always "closed". If not, you will likely - generate errors. Example: My Title. They are also - case-insensitive, but we strongly suggest using all lower case. This keeps - compatibility with [Docbook] XML. - - Our documents use "sections" for the most part. Sections will be processed - into HTML headers (e.g. h1 for sect1). The Docbook stylesheets will use - these to also generate the Table of Contents for each doc. Our TOC's are - set to a depth of three. Meaning sect1, sect2, and sect3 will have TOC - entries, but sect4 will not. Each section requires a element, and - at least one <para>. There is a limit of five section levels in Docbook, - but generally three should be sufficient for our purposes. - - Some common elements that you likely will use: - - <para></para>, paragraph delimiter. Most text needs to be within paragraph - elements (there are some exceptions). - <emphasis></emphasis>, the stylesheets make this italics. - <filename></filename>, files and directories. - <command></command>, command examples. - <literallayout></literallayout>, like <pre>, more or less. - <itemizedlist></itemizedlist>, list with bullets. - <listitem></listitem>, member of the above. - <screen></screen>, screen output, implies <literallayout>. - <ulink url="example.com"></ulink>, like HTML <a> tag. - <quote></quote>, for, doh, quoting text. - - Look at any of the existing docs for examples of all these and more. - - You might also find "Writing Documentation Using DocBook - A Crash Course" - useful. - - -------------------------------------------------------------------------- - - 3.2. Privoxy Documentation Style - - It will be easier if everyone follows a similar writing style. This just - makes it easier to read what someone else has written if it is all done in - a similar fashion. - - Here it is: - - * All tags should be lower case. - - * Tags delimiting a block of text (even small blocks) should be on their - own line. Like: - - <para> - Some text goes here. - </para> - - - Tags marking individual words, or few words, should be in-line: - - Just to <emphasis>emphasize</emphasis>, some text goes here. - - - * Tags should be nested and step indented for block text like: (except - in-line tags) - - <para> - <itemizedlist> - <para> - <listitem> - Some text goes here in our list example. - </listitem> - </para> - </itemizedlist> - </para> - - - This makes it easier to find the text amongst the tags ;-) - * Use white space to separate logical divisions within a document, like - between sections. Running everything together consistently makes it - harder to read and work on. - - * Do not hesitate to make comments. Comments can either use the - <comment> element, or the <!-- --> style comment familiar from HTML. - (Note in Docbook v4.x <comment> is replaced by <remark>.) - - * We have an international audience. Refrain from slang, or English - idiosyncrasies (too many to list :). Humor also does not translate - well sometimes. - - * Try to keep overall line lengths in source files to 80 characters or - less for obvious reasons. This is not always possible, with lengthy - URLs for instance. - - * Our documents are available in differing formats. Right now, they are - just plain text, HTML, and PDF, but others are always a future - possibility. Be careful with URLs (<ulink>), and avoid this mistake: - - My favorite site is <ulink url="http://example.com">here</ulink>. - - This will render as "My favorite site is here", which is not real - helpful in a text doc. Better like this: - - My favorite site is <ulink - url="http://example.com">example.com</ulink>. - - * All documents should be spell checked occasionally. aspell can check - SGML with the -H option. (ispell I think too.) - - -------------------------------------------------------------------------- - - 3.3. Privoxy Custom Entities - - Privoxy documentation is using a number of customized "entities" to - facilitate documentation maintenance. - - We are using a set of "boilerplate" files with generic text, that is used - by multiple docs. This way we can write something once, and use it - repeatedly without having to re-write the same content over and over - again. If editing such a file, keep in mind that it should be generic. - That is the purpose; so it can be used in varying contexts without - additional modifications. - - We are also using what Docbook calls "internal entities". These are like - variables in programming. Well, sort of. For instance, we have the - p-version entity that contains the current Privoxy version string. You are - strongly encouraged to use these where possible. Some of these obviously - require re-setting with each release (done by the Makefile). A sampling of - custom entities are listed below. See any of the main docs for examples. - - * Re- "boilerplate" text entities are defined like: - - <!entity supported SYSTEM "supported.sgml"> - - In this example, the contents of the file, supported.sgml is available - for inclusion anywhere in the doc. To make this happen, just reference - the now defined entity: &supported; (starts with an ampersand and ends - with a semi-colon), and the contents will be dumped into the finished - doc at that point. - - * Commonly used "internal entities": - - p-version: the Privoxy version string, e.g. "3.0.8". - p-status: the project status, either "alpha", "beta", or "stable". - p-not-stable: use to conditionally include text in "not stable" - releases (e.g. "beta"). - p-stable: just the opposite. - p-text: this doc is only generated as text. - - There are others in various places that are defined for a specific - purpose. Read the source! - - -------------------------------------------------------------------------- - -4. Coding Guidelines - - 4.1. Introduction - - This set of standards is designed to make our lives easier. It is - developed with the simple goal of helping us keep the "new and improved - Privoxy" consistent and reliable. Thus making maintenance easier and - increasing chances of success of the project. - - And that of course comes back to us as individuals. If we can increase our - development and product efficiencies then we can solve more of the request - for changes/improvements and in general feel good about ourselves. ;-> - - -------------------------------------------------------------------------- - - 4.2. Using Comments - - 4.2.1. Comment, Comment, Comment - - Explanation: - - Comment as much as possible without commenting the obvious. For example do - not comment "variable_a is equal to variable_b". Instead explain why - variable_a should be equal to the variable_b. Just because a person can - read code does not mean they will understand why or what is being done. A - reader may spend a lot more time figuring out what is going on when a - simple comment or explanation would have prevented the extra research. - Please help your brother IJB'ers out! - - The comments will also help justify the intent of the code. If the comment - describes something different than what the code is doing then maybe a - programming error is occurring. - - Example: - - /* if page size greater than 1k ... */ - if ( page_length() > 1024 ) - { - ... "block" the page up ... - } - - /* if page size is small, send it in blocks */ - if ( page_length() > 1024 ) - { - ... "block" the page up ... - } - - This demonstrates 2 cases of "what not to do". The first is a - "syntax comment". The second is a comment that does not fit what - is actually being done. - - -------------------------------------------------------------------------- - - 4.2.2. Use blocks for comments - - Explanation: - - Comments can help or they can clutter. They help when they are - differentiated from the code they describe. One line comments do not offer - effective separation between the comment and the code. Block identifiers - do, by surrounding the code with a clear, definable pattern. - - Example: - - /********************************************************************* - * This will stand out clearly in your code! - *********************************************************************/ - if ( this_variable == that_variable ) - { - do_something_very_important(); - } - - - /* unfortunately, this may not */ - if ( this_variable == that_variable ) - { - do_something_very_important(); - } - - - if ( this_variable == that_variable ) /* this may not either */ - { - do_something_very_important(); - } - - Exception: - - If you are trying to add a small logic comment and do not wish to - "disrupt" the flow of the code, feel free to use a 1 line comment which is - NOT on the same line as the code. - - -------------------------------------------------------------------------- - - 4.2.3. Keep Comments on their own line - - Explanation: - - It goes back to the question of readability. If the comment is on the same - line as the code it will be harder to read than the comment that is on its - own line. - - There are three exceptions to this rule, which should be violated freely - and often: during the definition of variables, at the end of closing - braces, when used to comment parameters. - - Example: - - /********************************************************************* - * This will stand out clearly in your code, - * But the second example won't. - *********************************************************************/ - if ( this_variable == this_variable ) - { - do_something_very_important(); - } - - if ( this_variable == this_variable ) /*can you see me?*/ - { - do_something_very_important(); /*not easily*/ - } - - - /********************************************************************* - * But, the encouraged exceptions: - *********************************************************************/ - int urls_read = 0; /* # of urls read + rejected */ - int urls_rejected = 0; /* # of urls rejected */ - - if ( 1 == X ) - { - do_something_very_important(); - } - - - short do_something_very_important( - short firstparam, /* represents something */ - short nextparam /* represents something else */ ) - { - ...code here... - - } /* -END- do_something_very_important */ - - -------------------------------------------------------------------------- - - 4.2.4. Comment each logical step - - Explanation: - - Logical steps should be commented to help others follow the intent of the - written code and comments will make the code more readable. - - If you have 25 lines of code without a comment, you should probably go - back into it to see where you forgot to put one. - - Most "for", "while", "do", etc... loops _probably_ need a comment. After - all, these are usually major logic containers. - - -------------------------------------------------------------------------- - - 4.2.5. Comment All Functions Thoroughly - - Explanation: - - A reader of the code should be able to look at the comments just prior to - the beginning of a function and discern the reason for its existence and - the consequences of using it. The reader should not have to read through - the code to determine if a given function is safe for a desired use. The - proper information thoroughly presented at the introduction of a function - not only saves time for subsequent maintenance or debugging, it more - importantly aids in code reuse by allowing a user to determine the safety - and applicability of any function for the problem at hand. As a result of - such benefits, all functions should contain the information presented in - the addendum section of this document. - - -------------------------------------------------------------------------- - - 4.2.6. Comment at the end of braces if the content is more than one screen - length - - Explanation: - - Each closing brace should be followed on the same line by a comment that - describes the origination of the brace if the original brace is off of the - screen, or otherwise far away from the closing brace. This will simplify - the debugging, maintenance, and readability of the code. - - As a suggestion , use the following flags to make the comment and its - brace more readable: - - use following a closing brace: } /* -END- if() or while () or etc... */ - - Example: - - if ( 1 == X ) - { - do_something_very_important(); - ...some long list of commands... - } /* -END- if x is 1 */ - - or: - - if ( 1 == X ) - { - do_something_very_important(); - ...some long list of commands... - } /* -END- if ( 1 == X ) */ - - -------------------------------------------------------------------------- - - 4.3. Naming Conventions - - 4.3.1. Variable Names - - Explanation: - - Use all lowercase, and separate words via an underscore ('_'). Do not - start an identifier with an underscore. (ANSI C reserves these for use by - the compiler and system headers.) Do not use identifiers which are - reserved in ANSI C++. (E.g. template, class, true, false, ...). This is in - case we ever decide to port Privoxy to C++. - - Example: - - int ms_iis5_hack = 0; - - Instead of: - - int msiis5hack = 0; int msIis5Hack = 0; - - -------------------------------------------------------------------------- - - 4.3.2. Function Names - - Explanation: - - Use all lowercase, and separate words via an underscore ('_'). Do not - start an identifier with an underscore. (ANSI C reserves these for use by - the compiler and system headers.) Do not use identifiers which are - reserved in ANSI C++. (E.g. template, class, true, false, ...). This is in - case we ever decide to port Privoxy to C++. - - Example: - - int load_some_file( struct client_state *csp ) - - Instead of: - - int loadsomefile( struct client_state *csp ) - int loadSomeFile( struct client_state *csp ) - - -------------------------------------------------------------------------- - - 4.3.3. Header file prototypes - - Explanation: - - Use a descriptive parameter name in the function prototype in header - files. Use the same parameter name in the header file that you use in the - c file. - - Example: - - (.h) extern int load_aclfile( struct client_state *csp ); - (.c) int load_aclfile( struct client_state *csp ) - - Instead of: - - (.h) extern int load_aclfile( struct client_state * ); or - (.h) extern int load_aclfile(); - (.c) int load_aclfile( struct client_state *csp ) - - -------------------------------------------------------------------------- - - 4.3.4. Enumerations, and #defines - - Explanation: - - Use all capital letters, with underscores between words. Do not start an - identifier with an underscore. (ANSI C reserves these for use by the - compiler and system headers.) - - Example: - - (enumeration) : enum Boolean { FALSE, TRUE }; - (#define) : #define DEFAULT_SIZE 100; - - Note: We have a standard naming scheme for #defines that toggle a feature - in the preprocessor: FEATURE_>, where > is a short (preferably 1 or 2 - word) description. - - Example: - - #define FEATURE_FORCE 1 - - #ifdef FEATURE_FORCE - #define FORCE_PREFIX blah - #endif /* def FEATURE_FORCE */ - - -------------------------------------------------------------------------- - - 4.3.5. Constants - - Explanation: - - Spell common words out entirely (do not remove vowels). - - Use only widely-known domain acronyms and abbreviations. Capitalize all - letters of an acronym. - - Use underscore (_) to separate adjacent acronyms and abbreviations. Never - terminate a name with an underscore. - - Example: - - #define USE_IMAGE_LIST 1 - - Instead of: - - #define USE_IMG_LST 1 or - #define _USE_IMAGE_LIST 1 or - #define USE_IMAGE_LIST_ 1 or - #define use_image_list 1 or - #define UseImageList 1 - - -------------------------------------------------------------------------- - - 4.4. Using Space - - 4.4.1. Put braces on a line by themselves. - - Explanation: - - The brace needs to be on a line all by itself, not at the end of the - statement. Curly braces should line up with the construct that they're - associated with. This practice makes it easier to identify the opening and - closing braces for a block. - - Example: - - if ( this == that ) - { - ... - } - - Instead of: - - if ( this == that ) { ... } - - or - - if ( this == that ) { ... } - - Note: In the special case that the if-statement is inside a loop, and it - is trivial, i.e. it tests for a condition that is obvious from the purpose - of the block, one-liners as above may optically preserve the loop - structure and make it easier to read. - - Status: developer-discretion. - - Example exception: - - while ( more lines are read ) - { - /* Please document what is/is not a comment line here */ - if ( it's a comment ) continue; - - do_something( line ); - } - - -------------------------------------------------------------------------- - - 4.4.2. ALL control statements should have a block - - Explanation: - - Using braces to make a block will make your code more readable and less - prone to error. All control statements should have a block defined. - - Example: - - if ( this == that ) - { - do_something(); - do_something_else(); - } - - Instead of: - - if ( this == that ) do_something(); do_something_else(); - - or - - if ( this == that ) do_something(); - - Note: The first example in "Instead of" will execute in a manner other - than that which the developer desired (per indentation). Using code braces - would have prevented this "feature". The "explanation" and "exception" - from the point above also applies. - - -------------------------------------------------------------------------- - - 4.4.3. Do not belabor/blow-up boolean expressions - - Example: - - structure->flag = ( condition ); - - Instead of: - - if ( condition ) { structure->flag = 1; } else { structure->flag = 0; } - - Note: The former is readable and concise. The later is wordy and - inefficient. Please assume that any developer new to the project has at - least a "good" knowledge of C/C++. (Hope I do not offend by that last - comment ... 8-) - - -------------------------------------------------------------------------- - - 4.4.4. Use white space freely because it is free - - Explanation: - - Make it readable. The notable exception to using white space freely is - listed in the next guideline. - - Example: - - int first_value = 0; - int some_value = 0; - int another_value = 0; - int this_variable = 0; - - if ( this_variable == this_variable ) - - first_value = old_value + ( ( some_value - another_value ) - whatever ) - - -------------------------------------------------------------------------- - - 4.4.5. Don't use white space around structure operators - - Explanation: - - - structure pointer operator ( "->" ) - member operator ( "." ) - - functions and parentheses - - It is a general coding practice to put pointers, references, and function - parentheses next to names. With spaces, the connection between the object - and variable/function name is not as clear. - - Example: - - a_struct->a_member; - a_struct.a_member; - function_name(); - - Instead of: a_struct -> a_member; a_struct . a_member; function_name (); - - -------------------------------------------------------------------------- - - 4.4.6. Make the last brace of a function stand out - - Example: - - int function1( ... ) - { - ...code... - return( ret_code ); - - } /* -END- function1 */ - - - int function2( ... ) - { - } /* -END- function2 */ - - Instead of: - - int function1( ... ) { ...code... return( ret_code ); } int function2( ... - ) { } - - Note: Use 1 blank line before the closing brace and 2 lines afterward. - This makes the end of function standout to the most casual viewer. - Although function comments help separate functions, this is still a good - coding practice. In fact, I follow these rules when using blocks in "for", - "while", "do" loops, and long if {} statements too. After all whitespace - is free! - - Status: developer-discretion on the number of blank lines. Enforced is the - end of function comments. - - -------------------------------------------------------------------------- - - 4.4.7. Use 3 character indentions - - Explanation: - - If some use 8 character TABs and some use 3 character TABs, the code can - look *very* ragged. So use 3 character indentions only. If you like to use - TABs, pass your code through a filter such as "expand -t3" before checking - in your code. - - Example: - - static const char * const url_code_map[256] = - { - NULL, ... - }; - - - int function1( ... ) - { - if ( 1 ) - { - return( ALWAYS_TRUE ); - } - else - { - return( HOW_DID_YOU_GET_HERE ); - } - - return( NEVER_GETS_HERE ); - - } - - -------------------------------------------------------------------------- - - 4.5. Initializing - - 4.5.1. Initialize all variables - - Explanation: - - Do not assume that the variables declared will not be used until after - they have been assigned a value somewhere else in the code. Remove the - chance of accidentally using an unassigned variable. - - Example: - - short a_short = 0; - float a_float = 0; - struct *ptr = NULL; - - Note: It is much easier to debug a SIGSEGV if the message says you are - trying to access memory address 00000000 and not 129FA012; or - array_ptr[20] causes a SIGSEV vs. array_ptr[0]. - - Status: developer-discretion if and only if the variable is assigned a - value "shortly after" declaration. - - -------------------------------------------------------------------------- - - 4.6. Functions - - 4.6.1. Name functions that return a boolean as a question. - - Explanation: - - Value should be phrased as a question that would logically be answered as - a true or false statement - - Example: - - should_we_block_this(); - contains_an_image(); - is_web_page_blank(); - - -------------------------------------------------------------------------- - - 4.6.2. Always specify a return type for a function. - - Explanation: - - The default return for a function is an int. To avoid ambiguity, create a - return for a function when the return has a purpose, and create a void - return type if the function does not need to return anything. - - -------------------------------------------------------------------------- - - 4.6.3. Minimize function calls when iterating by using variables - - Explanation: - - It is easy to write the following code, and a clear argument can be made - that the code is easy to understand: - - Example: - - for ( size_t cnt = 0; cnt < block_list_length(); cnt++ ) - { - .... - } - - Note: Unfortunately, this makes a function call for each and every - iteration. This increases the overhead in the program, because the - compiler has to look up the function each time, call it, and return a - value. Depending on what occurs in the block_list_length() call, it might - even be creating and destroying structures with each iteration, even - though in each case it is comparing "cnt" to the same value, over and - over. Remember too - even a call to block_list_length() is a function - call, with the same overhead. - - Instead of using a function call during the iterations, assign the value - to a variable, and evaluate using the variable. - - Example: - - size_t len = block_list_length(); - - for ( size_t cnt = 0; cnt < len; cnt++ ) - { - .... - } - - Exceptions: if the value of block_list_length() *may* change or could - *potentially* change, then you must code the function call in the - for/while loop. - - -------------------------------------------------------------------------- - - 4.6.4. Pass and Return by Const Reference - - Explanation: - - This allows a developer to define a const pointer and call your function. - If your function does not have the const keyword, we may not be able to - use your function. Consider strcmp, if it were defined as: extern int - strcmp( char *s1, char *s2 ); - - I could then not use it to compare argv's in main: int main( int argc, - const char *argv[] ) { strcmp( argv[0], "privoxy" ); } - - Both these pointers are *const*! If the c runtime library maintainers do - it, we should too. - - -------------------------------------------------------------------------- - - 4.6.5. Pass and Return by Value - - Explanation: - - Most structures cannot fit onto a normal stack entry (i.e. they are not 4 - bytes or less). Aka, a function declaration like: int load_aclfile( struct - client_state csp ) - - would not work. So, to be consistent, we should declare all prototypes - with "pass by value": int load_aclfile( struct client_state *csp ) - - -------------------------------------------------------------------------- - - 4.6.6. Names of include files - - Explanation: - - Your include statements should contain the file name without a path. The - path should be listed in the Makefile, using -I as processor directive to - search the indicated paths. An exception to this would be for some - proprietary software that utilizes a partial path to distinguish their - header files from system or other header files. - - Example: - - #include <iostream.h> /* This is not a local include */ - #include "config.h" /* This IS a local include */ - - Exception: - - /* This is not a local include, but requires a path element. */ - #include <sys/fileName.h> - - Note: Please! do not add "-I." to the Makefile without a _very_ good - reason. This duplicates the #include "file.h" behavior. - - -------------------------------------------------------------------------- - - 4.6.7. Provide multiple inclusion protection - - Explanation: - - Prevents compiler and linker errors resulting from redefinition of items. - - Wrap each header file with the following syntax to prevent multiple - inclusions of the file. Of course, replace PROJECT_H with your file name, - with "." Changed to "_", and make it uppercase. - - Example: - - #ifndef PROJECT_H_INCLUDED - #define PROJECT_H_INCLUDED - ... - #endif /* ndef PROJECT_H_INCLUDED */ - - -------------------------------------------------------------------------- - - 4.6.8. Use `extern "C"` when appropriate - - Explanation: - - If our headers are included from C++, they must declare our functions as - `extern "C"`. This has no cost in C, but increases the potential - re-usability of our code. - - Example: - - #ifdef __cplusplus - extern "C" - { - #endif /* def __cplusplus */ - - ... function definitions here ... - - #ifdef __cplusplus - } - #endif /* def __cplusplus */ - - -------------------------------------------------------------------------- - - 4.6.9. Where Possible, Use Forward Struct Declaration Instead of Includes - - Explanation: - - Useful in headers that include pointers to other struct's. Modifications - to excess header files may cause needless compiles. - - Example: - - /********************************************************************* - * We're avoiding an include statement here! - *********************************************************************/ - struct file_list; - extern file_list *xyz; - - Note: If you declare "file_list xyz;" (without the pointer), then - including the proper header file is necessary. If you only want to - prototype a pointer, however, the header file is unnecessary. - - Status: Use with discretion. - - -------------------------------------------------------------------------- - - 4.7. General Coding Practices - - 4.7.1. Turn on warnings - - Explanation - - Compiler warnings are meant to help you find bugs. You should turn on as - many as possible. With GCC, the switch is "-Wall". Try and fix as many - warnings as possible. - - -------------------------------------------------------------------------- - - 4.7.2. Provide a default case for all switch statements - - Explanation: - - What you think is guaranteed is never really guaranteed. The value that - you don't think you need to check is the one that someday will be passed. - So, to protect yourself from the unknown, always have a default step in a - switch statement. - - Example: - - switch( hash_string( cmd ) ) - { - case hash_actions_file : - ... code ... - break; - - case hash_confdir : - ... code ... - break; - - default : - log_error( ... ); - ... anomaly code goes here ... - continue; / break; / exit( 1 ); / etc ... - - } /* end switch( hash_string( cmd ) ) */ - - Note: If you already have a default condition, you are obviously exempt - from this point. Of note, most of the WIN32 code calls `DefWindowProc' - after the switch statement. This API call *should* be included in a - default statement. - - Another Note: This is not so much a readability issue as a robust - programming issue. The "anomaly code goes here" may be no more than a - print to the STDERR stream (as in load_config). Or it may really be an - abort condition. - - Status: Programmer discretion is advised. - - -------------------------------------------------------------------------- - - 4.7.3. Try to avoid falling through cases in a switch statement. - - Explanation: - - In general, you will want to have a 'break' statement within each 'case' - of a switch statement. This allows for the code to be more readable and - understandable, and furthermore can prevent unwanted surprises if someone - else later gets creative and moves the code around. - - The language allows you to plan the fall through from one case statement - to another simply by omitting the break statement within the case - statement. This feature does have benefits, but should only be used in - rare cases. In general, use a break statement for each case statement. - - If you choose to allow fall through, you should comment both the fact of - the fall through and reason why you felt it was necessary. - - -------------------------------------------------------------------------- - - 4.7.4. Use 'long' or 'short' Instead of 'int' - - Explanation: - - On 32-bit platforms, int usually has the range of long. On 16-bit - platforms, int has the range of short. - - Status: open-to-debate. In the case of most FSF projects (including - X/GNU-Emacs), there are typedefs to int4, int8, int16, (or equivalence ... - I forget the exact typedefs now). Should we add these to IJB now that we - have a "configure" script? - - -------------------------------------------------------------------------- - - 4.7.5. Don't mix size_t and other types - - Explanation: - - The type of size_t varies across platforms. Do not make assumptions about - whether it is signed or unsigned, or about how long it is. Do not compare - a size_t against another variable of a different type (or even against a - constant) without casting one of the values. - - -------------------------------------------------------------------------- - - 4.7.6. Declare each variable and struct on its own line. - - Explanation: - - It can be tempting to declare a series of variables all on one line. - Don't. - - Example: - - long a = 0; - long b = 0; - long c = 0; - - Instead of: - - long a, b, c; - - Explanation: - there is more room for comments on the individual variables - - easier to add new variables without messing up the original ones - when - searching on a variable to find its type, there is less clutter to - "visually" eliminate - - Exceptions: when you want to declare a bunch of loop variables or other - trivial variables; feel free to declare them on one line. You should, - although, provide a good comment on their functions. - - Status: developer-discretion. - - -------------------------------------------------------------------------- - - 4.7.7. Use malloc/zalloc sparingly - - Explanation: - - Create a local struct (on the stack) if the variable will live and die - within the context of one function call. - - Only "malloc" a struct (on the heap) if the variable's life will extend - beyond the context of one function call. - - Example: - - If a function creates a struct and stores a pointer to it in a - list, then it should definitely be allocated via `malloc'. - - -------------------------------------------------------------------------- - - 4.7.8. The Programmer Who Uses 'malloc' is Responsible for Ensuring 'free' - - Explanation: - - If you have to "malloc" an instance, you are responsible for insuring that - the instance is `free'd, even if the deallocation event falls within some - other programmer's code. You are also responsible for ensuring that - deletion is timely (i.e. not too soon, not too late). This is known as - "low-coupling" and is a "good thing (tm)". You may need to offer a - free/unload/destructor type function to accommodate this. - - Example: - - int load_re_filterfile( struct client_state *csp ) { ... } - static void unload_re_filterfile( void *f ) { ... } - - Exceptions: - - The developer cannot be expected to provide `free'ing functions for C - run-time library functions ... such as `strdup'. - - Status: developer-discretion. The "main" use of this standard is for - allocating and freeing data structures (complex or nested). - - -------------------------------------------------------------------------- - - 4.7.9. Add loaders to the `file_list' structure and in order - - Explanation: - - I have ordered all of the "blocker" file code to be in alpha order. It is - easier to add/read new blockers when you expect a certain order. - - Note: It may appear that the alpha order is broken in places by POPUP - tests coming before PCRS tests. But since POPUPs can also be referred to - as KILLPOPUPs, it is clear that it should come first. - - -------------------------------------------------------------------------- - - 4.7.10. "Uncertain" new code and/or changes to existing code, use FIXME or - XXX - - Explanation: - - If you have enough confidence in new code or confidence in your changes, - but are not *quite* sure of the repercussions, add this: - - /* FIXME: this code has a logic error on platform XYZ, * attempting to fix - */ #ifdef PLATFORM ...changed code here... #endif - - or: - - /* FIXME: I think the original author really meant this... */ ...changed - code here... - - or: - - /* FIXME: new code that *may* break something else... */ ...new code - here... - - Note: If you make it clear that this may or may not be a "good thing - (tm)", it will be easier to identify and include in the project (or - conversely exclude from the project). - - -------------------------------------------------------------------------- - - 4.8. Addendum: Template for files and function comment blocks: - - Example for file comments: - -const char FILENAME_rcs[] = "$Id: developer-manual.txt,v 1.43 2008/01/19 21:41:36 hal9 Exp $"; -/********************************************************************* - * - * File : $Source: /cvsroot/ijbswa/current/doc/text/developer-manual.txt,v $ - * - * Purpose : (Fill me in with a good description!) - * - * Copyright : Written by and Copyright (C) 2001-2007 the SourceForge - * Privoxy team. http://www.privoxy.org/ - * - * Based on the Internet Junkbuster originally written - * by and Copyright (C) 1997 Anonymous Coders and - * Junkbusters Corporation. http://www.junkbusters.com - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General - * Public License as published by the Free Software - * Foundation; either version 2 of the License, or (at - * your option) any later version. - * - * This program is distributed in the hope that it will - * be useful, but WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A - * PARTICULAR PURPOSE. See the GNU General Public - * License for more details. - * - * The GNU General Public License should be included with - * this file. If not, you can view it at - * http://www.gnu.org/copyleft/gpl.html - * or write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 , - * USA - * - * Revisions : - * $Log: developer-manual.txt,v $ - * Revision 1.43 2008/01/19 21:41:36 hal9 - * Re-commit to solve various last minute issues for charsets, etc. - * - * - *********************************************************************/ - - -#include "config.h" - - ...necessary include files for us to do our work... - -const char FILENAME_h_rcs[] = FILENAME_H_VERSION; - - Note: This declares the rcs variables that should be added to the - "show-proxy-args" page. If this is a brand new creation by you, you are - free to change the "Copyright" section to represent the rights you wish to - maintain. - - Note: The formfeed character that is present right after the comment - flower box is handy for (X|GNU)Emacs users to skip the verbiage and get to - the heart of the code (via `forward-page' and `backward-page'). Please - include it if you can. - - Example for file header comments: - -#ifndef _FILENAME_H -#define _FILENAME_H -#define FILENAME_H_VERSION "$Id: developer-manual.txt,v 1.43 2008/01/19 21:41:36 hal9 Exp $" -/********************************************************************* - * - * File : $Source: /cvsroot/ijbswa/current/doc/text/developer-manual.txt,v $ - * - * Purpose : (Fill me in with a good description!) - * - * Copyright : Written by and Copyright (C) 2001-2007 the SourceForge - * Privoxy team. http://www.privoxy.org/ - * - * Based on the Internet Junkbuster originally written - * by and Copyright (C) 1997 Anonymous Coders and - * Junkbusters Corporation. http://www.junkbusters.com - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General - * Public License as published by the Free Software - * Foundation; either version 2 of the License, or (at - * your option) any later version. - * - * This program is distributed in the hope that it will - * be useful, but WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A - * PARTICULAR PURPOSE. See the GNU General Public - * License for more details. - * - * The GNU General Public License should be included with - * this file. If not, you can view it at - * http://www.gnu.org/copyleft/gpl.html - * or write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 , - * USA - * - * Revisions : - * $Log: developer-manual.txt,v $ - * Revision 1.43 2008/01/19 21:41:36 hal9 - * Re-commit to solve various last minute issues for charsets, etc. - * - * - *********************************************************************/ - - -#include "project.h" - -#ifdef __cplusplus -extern "C" { -#endif - - ... function headers here ... - - -/* Revision control strings from this header and associated .c file */ -extern const char FILENAME_rcs[]; -extern const char FILENAME_h_rcs[]; - - -#ifdef __cplusplus -} /* extern "C" */ -#endif - -#endif /* ndef _FILENAME_H */ - -/* - Local Variables: - tab-width: 3 - end: -*/ - - Example for function comments: - - /********************************************************************* - * - * Function : FUNCTION_NAME - * - * Description : (Fill me in with a good description!) - * - * parameters : - * 1 : param1 = pointer to an important thing - * 2 : x = pointer to something else - * - * Returns : 0 => Ok, everything else is an error. - * - *********************************************************************/ - int FUNCTION_NAME( void *param1, const char *x ) - { - ... - return( 0 ); - - } - - Note: If we all follow this practice, we should be able to parse our code - to create a "self-documenting" web page. - - -------------------------------------------------------------------------- - -5. Testing Guidelines - - To be filled. - - -------------------------------------------------------------------------- - - 5.1. Testplan for releases - - Explain release numbers. major, minor. developer releases. etc. - - 1. Remove any existing rpm with rpm -e - - 2. Remove any file that was left over. This includes (but is not limited - to) - - * /var/log/privoxy - - * /etc/privoxy - - * /usr/sbin/privoxy - - * /etc/init.d/privoxy - - * /usr/doc/privoxy* - - 3. Install the rpm. Any error messages? - - 4. start,stop,status Privoxy with the specific script (e.g. - /etc/rc.d/init/privoxy stop). Reboot your machine. Does autostart - work? - - 5. Start browsing. Does Privoxy work? Logfile written? - - 6. Remove the rpm. Any error messages? All files removed? - - -------------------------------------------------------------------------- - - 5.2. Test reports - - Please submit test reports only with the test form at sourceforge. Three - simple steps: - - * Select category: the distribution you test on. - - * Select group: the version of Privoxy that we are about to release. - - * Fill the Summary and Detailed Description with something intelligent - (keep it short and precise). - - Do not mail to the mailing list (we cannot keep track on issues there). - - -------------------------------------------------------------------------- - -6. Releasing a New Version - - When we release versions of Privoxy, our work leaves our cozy secret lab - and has to work in the cold RealWorld[tm]. Once it is released, there is - no way to call it back, so it is very important that great care is taken - to ensure that everything runs fine, and not to introduce problems in the - very last minute. - - So when releasing a new version, please adhere exactly to the procedure - outlined in this chapter. - - The following programs are required to follow this process: ncftpput - (ncftp), scp, ssh (ssh), gmake (GNU's version of make), autoconf, cvs. - - -------------------------------------------------------------------------- - - 6.1. Version numbers - - First you need to determine which version number the release will have. - Privoxy version numbers consist of three numbers, separated by dots, like - in X.Y.Z (e.g. 3.0.0), where: - - * X, the version major, is rarely ever changed. It is increased by one - if turning a development branch into stable substantially changes the - functionality, user interface or configuration syntax. Majors 1 and 2 - were Junkbuster, and 3 will be the first stable Privoxy release. - - * Y, the version minor, represents the branch within the major version. - At any point in time, there are two branches being maintained: The - stable branch, with an even minor, say, 2N, in which no functionality - is being added and only bug-fixes are made, and 2N+1, the development - branch, in which the further development of Privoxy takes place. This - enables us to turn the code upside down and inside out, while at the - same time providing and maintaining a stable version. The minor is - reset to zero (and one) when the major is incremented. When a - development branch has matured to the point where it can be turned - into stable, the old stable branch 2N is given up (i.e. no longer - maintained), the former development branch 2N+1 becomes the new stable - branch 2N+2, and a new development branch 2N+3 is opened. - - * Z, the point or sub version, represents a release of the software - within a branch. It is therefore incremented immediately before each - code freeze. In development branches, only the even point versions - correspond to actual releases, while the odd ones denote the evolving - state of the sources on CVS in between. It follows that Z is odd on - CVS in development branches most of the time. There, it gets increased - to an even number immediately before a code freeze, and is increased - to an odd number again immediately thereafter. This ensures that - builds from CVS snapshots are easily distinguished from released - versions. The point version is reset to zero when the minor changes. - - Stable branches work a little differently, since there should be - little to no development happening in such branches. Remember, only - bugfixes, which presumably should have had some testing before being - committed. Stable branches will then have their version reported as - 0.0.0, during that period between releases when changes are being - added. This is to denote that this code is not for release. Then as - the release nears, the version is bumped according: e.g. 3.0.1 -> - 0.0.0 -> 3.0.2. - - In summary, the main CVS trunk is the development branch where new - features are being worked on for the next stable series. This should - almost always be where the most activity takes place. There is always at - least one stable branch from the trunk, e.g now it is 3.0, which is only - used to release stable versions. Once the initial *.0 release of the - stable branch has been done, then as a rule, only bugfixes that have had - prior testing should be committed to the stable branch. Once there are - enough bugfixes to justify a new release, the version of this branch is - again incremented Example: 3.0.0 -> 3.0.1 -> 3.0.2, etc are all stable - releases from within the stable branch. 3.1.x is currently the main trunk, - and where work on 3.2.x is taking place. If any questions, please post to - the devel list before committing to a stable branch! - - Developers should remember too that if they commit a bugfix to the stable - branch, this will more than likely require a separate submission to the - main trunk, since these are separate development trees within CVS. If you - are working on both, then this would require at least two separate check - outs (i.e main trunk, and the stable release branch, which is v_3_0_branch - at the moment). - - -------------------------------------------------------------------------- - - 6.2. Before the Release: Freeze - - The following must be done by one of the developers prior to each new - release. - - * Make sure that everybody who has worked on the code in the last couple - of days has had a chance to yell "no!" in case they have pending - changes/fixes in their pipelines. Announce the freeze so that nobody - will interfere with last minute changes. - - * Increment the version number (point from odd to even in development - branches!) in configure.in. (RPM spec files will need to be - incremented as well.) - - * If default.action has changed since last release (i.e. software - release or standalone actions file release), bump up its version info - to A.B in this line: - - {+add-header{X-Actions-File-Version: A.B} -filter -no-popups} - - Then change the version info in doc/webserver/actions/index.php, line: - '$required_actions_file_version = "A.B";' - - * All documentation should be rebuild after the version bump. Finished - docs should be then be committed to CVS (for those without the ability - to build these). Some docs may require rather obscure processing - tools. config, the man page (and the html version of the man page), - and the PDF docs fall in this category. REAMDE, the man page, AUTHORS, - and config should all also be committed to CVS for other packagers. - The formal docs should be uploaded to the webserver. See the Section - "Updating the webserver" in this manual for details. - - * The User Manual is also used for context sensitive help for the CGI - editor. This is version sensitive, so that the user will get - appropriate help for his/her release. So with each release a fresh - version should be uploaded to the webserver (this is in addition to - the main User Manual link from the main page since we need to keep - manuals for various versions available). The CGI pages will link to - something like http://privoxy.org/$(VERSION)/user-manual/. This will - need to be updated for each new release. There is no Makefile target - for this at this time!!! It needs to be done manually. - - * All developers should look at the ChangeLog and make sure noteworthy - changes are referenced. - - * Commit all files that were changed in the above steps! - - * Tag all files in CVS with the version number with "cvs tag v_X_Y_Z". - Don't use vX_Y_Z, ver_X_Y_Z, v_X.Y.Z (won't work) etc. - - * If the release was in a development branch, increase the point version - from even to odd (X.Y.(Z+1)) again in configure.in and commit your - change. - - * On the webserver, copy the user manual to a new top-level directory - called X.Y.Z. This ensures that help links from the CGI pages, which - have the version as a prefix, will go into the right version of the - manual. If this is a development branch release, also symlink - X.Y.(Z-1) to X.Y.Z and X.Y.(Z+1) to . (i.e. dot). - - -------------------------------------------------------------------------- - - 6.3. Building and Releasing the Packages - - Now the individual packages can be built and released. Note that for GPL - reasons the first package to be released is always the source tarball. - - For all types of packages, including the source tarball, you must make - sure that you build from clean sources by exporting the right version from - CVS into an empty directory (just press return when asked for a password): - - mkdir dist # delete or choose different name if it already exists - cd dist - cvs -d:pserver:anonymous@ijbswa.cvs.sourceforge.net:/cvsroot/ijbswa login - cvs -z3 -d:pserver:anonymous@ijbswa.cvs.sourceforge.net:/cvsroot/ijbswa export -r v_X_Y_Z current - - Do NOT change a single bit, including, but not limited to version - information after export from CVS. This is to make sure that all release - packages, and with them, all future bug reports, are based on exactly the - same code. - - +------------------------------------------------------------------------+ - | Warning | - |------------------------------------------------------------------------| - | Every significant release of Privoxy has included at least one package | - | that either had incorrect versions of files, missing files, or | - | incidental leftovers from a previous build process that gave unknown | - | numbers of users headaches to try to figure out what was wrong. | - | PLEASE, make sure you are using pristene sources, and are following | - | the prescribed process! | - +------------------------------------------------------------------------+ - - Please find additional instructions for the source tarball and the - individual platform dependent binary packages below. And details on the - Sourceforge release process below that. - - -------------------------------------------------------------------------- - - 6.3.1. Note on Privoxy Packaging - - Please keep these general guidelines in mind when putting together your - package. These apply to all platforms! - - * Privoxy requires write access to: all *.action files, all logfiles, - and the trust file. You will need to determine the best way to do this - for your platform. - - * Please include up to date documentation. At a bare minimum: - - LICENSE (top-level directory) - - README (top-level directory) - - AUTHORS (top-level directory) - - man page (top-level directory, Unix-like platforms only) - - The User Manual (doc/webserver/user-manual/) - - FAQ (doc/webserver/faq/) - - Also suggested: Developer Manual (doc/webserver/developer-manual) and - ChangeLog (top-level directory). FAQ and the manuals are HTML docs. - There are also text versions in doc/text/ which could conceivably also - be included. - - The documentation has been designed such that the manuals are linked - to each other from parallel directories, and should be packaged that - way. privoxy-index.html can also be included and can serve as a focal - point for docs and other links of interest (and possibly renamed to - index.html). This should be one level up from the manuals. There is a - link also on this page to an HTMLized version of the man page. To - avoid 404 for this, it is in CVS as - doc/webserver/man-page/privoxy-man-page.html, and should be included - along with the manuals. There is also a css stylesheets that can be - included for better presentation: p_doc.css. This should be in the - same directory with privoxy-index.html, (i.e. one level up from the - manual directories). - - * user.action and user.filter are designed for local preferences. Make - sure these do not get overwritten! config should not be overwritten - either. This has especially important configuration data in it. trust - should be left in tact as well. - - * Other configuration files (default.action, default.filter and - standard.action) should be installed as the new defaults, but all - previously installed configuration files should be preserved as - backups. This is just good manners :-) These files are likely to - change between releases and contain important new features and bug - fixes. - - * Please check platform specific notes in this doc, if you haven't done - "Privoxy" packaging before for other platform specific issues. - Conversely, please add any notes that you know are important for your - platform (or contact one of the doc maintainers to do this if you - can't). - - * Packagers should do a "clean" install of their package after building - it. So any previous installs should be removed first to ensure the - integrity of the newly built package. Then run the package for a while - to make sure there are no obvious problems, before uploading. - - -------------------------------------------------------------------------- - - 6.3.2. Source Tarball - - First, make sure that you have freshly exported the right version into an - empty directory. (See "Building and releasing packages" above). Then run: - - cd current - autoheader && autoconf && ./configure - - Then do: - - make tarball-dist - - To upload the package to Sourceforge, simply issue - - make tarball-upload - - Go to the displayed URL and release the file publicly on Sourceforge. For - the change log field, use the relevant section of the ChangeLog file. - - -------------------------------------------------------------------------- - - 6.3.3. SuSE, Conectiva or Red Hat RPM - - In following text, replace dist with either "rh" for Red Hat or "suse" for - SuSE. - - First, make sure that you have freshly exported the right version into an - empty directory. (See "Building and releasing packages" above). - - As the only exception to not changing anything after export from CVS, now - examine the file privoxy-dist.spec and make sure that the version - information and the RPM release number are correct. The RPM release - numbers for each version start at one. Hence it must be reset to one if - this is the first RPM for dist which is built from version X.Y.Z. Check - the file list if unsure. Else, it must be set to the highest already - available RPM release number for that version plus one. - - Then run: - - cd current - autoheader && autoconf && ./configure - - Then do - - make dist-dist - - To upload the package to Sourceforge, simply issue - - make dist-upload rpm_packagerev - - where rpm_packagerev is the RPM release number as determined above. Go to - the displayed URL and release the file publicly on Sourceforge. Use the - release notes and change log from the source tarball package. - - -------------------------------------------------------------------------- - - 6.3.4. OS/2 - - First, make sure that you have freshly exported the right version into an - empty directory. (See "Building and releasing packages" above). Then get - the OS/2 Setup module: - - cvs -z3 -d:pserver:anonymous@ijbswa.cvs.sourceforge.net:/cvsroot/ijbswa co os2setup - - You will need a mix of development tools. The main compilation takes place - with IBM Visual Age C++. Some ancillary work takes place with GNU tools, - available from various sources like hobbes.nmsu.edu. Specificially, you - will need autoheader, autoconf and sh tools. The packaging takes place - with WarpIN, available from various sources, including its home page: - xworkplace. - - Change directory to the os2setup directory. Edit the os2build.cmd file to - set the final executable filename. For example, - - installExeName='privoxyos2_setup_X.Y.Z.exe' - - Next, edit the IJB.wis file so the release number matches in the PACKAGEID - section: - - PACKAGEID="Privoxy Team\Privoxy\Privoxy Package\X\Y\Z" - - You're now ready to build. Run: - - os2build - - You will find the WarpIN-installable executable in the ./files directory. - Upload this anonymously to uploads.sourceforge.net/incoming, create a - release for it, and you're done. Use the release notes and Change Log from - the source tarball package. - - -------------------------------------------------------------------------- - - 6.3.5. Solaris - - Login to Sourceforge's compilefarm via ssh: - - ssh cf.sourceforge.net - - Choose the right operating system (not the Debian one). When logged in, - make sure that you have freshly exported the right version into an empty - directory. (See "Building and releasing packages" above). Then run: - - cd current - autoheader && autoconf && ./configure - - Then run - - gmake solaris-dist - - which creates a gzip'ed tar archive. Sadly, you cannot use make - solaris-upload on the Sourceforge machine (no ncftpput). You now have to - manually upload the archive to Sourceforge's ftp server and release the - file publicly. Use the release notes and Change Log from the source - tarball package. - - -------------------------------------------------------------------------- - - 6.3.6. Windows - - You should ensure you have the latest version of Cygwin (from - http://www.cygwin.com/). Run the following commands from within a Cygwin - bash shell. - - First, make sure that you have freshly exported the right version into an - empty directory. (See "Building and releasing packages" above). Then get - the Windows setup module: - - cvs -z3 -d:pserver:anonymous@ijbswa.cvs.sourceforge.net:/cvsroot/ijbswa co winsetup - - Then you can build the package. This is fully automated, and is controlled - by winsetup/GNUmakefile. All you need to do is: - - cd winsetup - make - - Now you can manually rename privoxy_setup.exe to privoxy_setup_X_Y_Z.exe, - and upload it to SourceForge. When releasing the package on SourceForge, - use the release notes and Change Log from the source tarball package. - - -------------------------------------------------------------------------- - - 6.3.7. Debian - - First, make sure that you have freshly exported the right version into an - empty directory. (See "Building and releasing packages" above). Then add a - log entry to debian/changelog, if it is not already there, for example by - running: - - debchange -v 3.0.8-stable-1 "New upstream version" - - Then, run: - - dpkg-buildpackage -rfakeroot -us -uc -b - - This will create ../privoxy_3.0.8-stable-1_i386.deb which can be uploaded. - To upload the package to Sourceforge, simply issue - - make debian-upload - - -------------------------------------------------------------------------- - - 6.3.8. Mac OSX - - First, make sure that you have freshly exported the right version into an - empty directory. (See "Building and releasing packages" above). Then get - the Mac OSX setup module: - - cvs -z3 -d:pserver:anonymous@ijbswa.cvs.sourceforge.net:/cvsroot/ijbswa co osxsetup - - Then run: - - cd osxsetup - build - - This will run autoheader, autoconf and configure as well as make. Finally, - it will copy over the necessary files to the ./osxsetup/files directory - for further processing by PackageMaker. - - Bring up PackageMaker with the PrivoxyPackage.pmsp definition file, modify - the package name to match the release, and hit the "Create package" - button. If you specify ./Privoxy.pkg as the output package name, you can - then create the distributable zip file with the command: - - zip -r privoxyosx_setup_x.y.z.zip Privoxy.pkg - - You can then upload privoxyosx_setup_x.y.z.zip anonymously to - uploads.sourceforge.net/incoming, create a release for it, and you're - done. Use the release notes and Change Log from the source tarball - package. - - -------------------------------------------------------------------------- - - 6.3.9. FreeBSD - - Login to Sourceforge's compile-farm via ssh: - - ssh cf.sourceforge.net - - Choose the right operating system. When logged in, make sure that you have - freshly exported the right version into an empty directory. (See "Building - and releasing packages" above). Then run: - - cd current - autoheader && autoconf && ./configure - - Then run: - - gmake freebsd-dist - - which creates a gzip'ed tar archive. Sadly, you cannot use make - freebsd-upload on the Sourceforge machine (no ncftpput). You now have to - manually upload the archive to Sourceforge's ftp server and release the - file publicly. Use the release notes and Change Log from the source - tarball package. - - -------------------------------------------------------------------------- - - 6.3.10. HP-UX 11 - - First, make sure that you have freshly exported the right version into an - empty directory. (See "Building and releasing packages" above). Then run: - - cd current - autoheader && autoconf && ./configure - - Then do FIXME. - - -------------------------------------------------------------------------- - - 6.3.11. Amiga OS - - First, make sure that you have freshly exported the right version into an - empty directory. (See "Building and releasing packages" above). Then run: - - cd current - autoheader && autoconf && ./configure - - Then do FIXME. - - -------------------------------------------------------------------------- - - 6.3.12. AIX - - Login to Sourceforge's compilefarm via ssh: - - ssh cf.sourceforge.net - - Choose the right operating system. When logged in, make sure that you have - freshly exported the right version into an empty directory. (See "Building - and releasing packages" above). Then run: - - cd current - autoheader && autoconf && ./configure - - Then run: - - make aix-dist - - which creates a gzip'ed tar archive. Sadly, you cannot use make aix-upload - on the Sourceforge machine (no ncftpput). You now have to manually upload - the archive to Sourceforge's ftp server and release the file publicly. Use - the release notes and Change Log from the source tarball package. - - -------------------------------------------------------------------------- - - 6.4. Uploading and Releasing Your Package - - After the package is ready, it is time to upload it to SourceForge, and go - through the release steps. The upload is done via FTP: - - * Upload to: ftp://upload.sourceforge.net/incoming - - * user: anonymous - - * password: ijbswa-developers@lists.sourceforge.net - - Or use the make targets as described above. - - Once this done go to - http://sourceforge.net/project/admin/editpackages.php?group_id=11118, - making sure you are logged in. Find your target platform in the second - column, and click Add Release. You will then need to create a new release - for your package, using the format of $VERSION ($CODE_STATUS), e.g. 3.0.8 - (beta). - - Now just follow the prompts. Be sure to add any appropriate Release notes. - You should see your freshly uploaded packages in "Step 2. Add Files To - This Release". Check the appropriate box(es). Remember at each step to hit - the "Refresh/Submit" buttons! You should now see your file(s) listed in - Step 3. Fill out the forms with the appropriate information for your - platform, being sure to hit "Update" for each file. If anyone is - monitoring your platform, check the "email" box at the very bottom to - notify them of the new package. This should do it! - - If you have made errors, or need to make changes, you can go through - essentially the same steps, but select Edit Release, instead of Add - Release. - - -------------------------------------------------------------------------- - - 6.5. After the Release - - When all (or: most of the) packages have been uploaded and made available, - send an email to the announce mailing list, Subject: "Version X.Y.Z - available for download". Be sure to include the download location, the - release notes and the Changelog. Also, post an updated News item on the - project page Sourceforge, and update the Home page and docs linked from - the Home page (see below). Other news sites and release oriented sites, - such as Freshmeat, should also be notified. - - -------------------------------------------------------------------------- - -7. Update the Webserver - - The webserver should be updated at least with each stable release. When - updating, please follow these steps to make sure that no broken links, - inconsistent contents or permission problems will occur (as it has many - times in the past!): - - If you have changed anything in the stable-branch documentation source - SGML files, do: - - make dok dok-pdf # (or 'make redhat-dok dok-pdf' if 'make dok' doesn't work for you) - - That will generate doc/webserver/user-manual, - doc/webserver/developer-manual, doc/webserver/faq, doc/pdf/*.pdf and - doc/webserver/index.html automatically. - - If you changed the manual page sources, generate - doc/webserver/man-page/privoxy-man-page.html by running "make man". (This - is a separate target due to dependencies on some obscure perl scripts [now - in CVS, but not well tested]. See comments in GNUmakefile.) - - If you want to add new files to the webserver, create them locally in the - doc/webserver/* directory (or create new directories under doc/webserver). - - Next, commit any changes from the above steps to CVS. All set? If these - are docs in the stable branch, then do: - - make webserver - - This will do the upload to the webserver (www.privoxy.org) and ensure all - files and directories there are group writable. - - Please do NOT use any other means of transferring files to the webserver - to avoid permission problems. Also, please do not upload docs from - development branches or versions. The publicly posted docs should be in - sync with the last official release. - - -------------------------------------------------------------------------- - -8. Contacting the developers, Bug Reporting and Feature Requests - - We value your feedback. In fact, we rely on it to improve Privoxy and its - configuration. However, please note the following hints, so we can provide - you with the best support: - - -------------------------------------------------------------------------- - - 8.1. Get Support - - For casual users, our support forum at SourceForge is probably best - suited: http://sourceforge.net/tracker/?group_id=11118&atid=211118 - - All users are of course welcome to discuss their issues on the users - mailing list, where the developers also hang around. - - Note that the Privoxy mailing lists are moderated. Posts from unsubscribed - addresses have to be accepted manually by a moderator. This may cause a - delay of several days and if you use a subject that doesn't clearly - mention Privoxy or one of its features, your message may be accidentally - discarded as spam. - - If you aren't subscribed, you should therefore spend a few seconds to come - up with a proper subject. Additionally you should make it clear that you - want to get CC'd. Otherwise some responses will be directed to the mailing - list only, and you won't see them. - - -------------------------------------------------------------------------- - - 8.2. Reporting Problems - - "Problems" for our purposes, come in two forms: - - * Configuration issues, such as ads that slip through, or sites that - don't function properly due to one Privoxy "action" or another being - turned "on". - - * "Bugs" in the programming code that makes up Privoxy, such as that - might cause a crash. - - -------------------------------------------------------------------------- - - 8.2.1. Reporting Ads or Other Configuration Problems - - Please send feedback on ads that slipped through, innocent images that - were blocked, sites that don't work properly, and other configuration - related problem of default.action file, to - http://sourceforge.net/tracker/?group_id=11118&atid=460288, the Actions - File Tracker. - - New, improved default.action files may occasionally be made available - based on your feedback. These will be announced on the ijbswa-announce - list and available from our the files section of our project page. - - -------------------------------------------------------------------------- - - 8.2.2. Reporting Bugs - - Please report all bugs through our bug tracker: - http://sourceforge.net/tracker/?group_id=11118&atid=111118. - - Before doing so, please make sure that the bug has not already been - submitted and observe the additional hints at the top of the submit form. - If already submitted, please feel free to add any info to the original - report that might help to solve the issue. - - Please try to verify that it is a Privoxy bug, and not a browser or site - bug or documented behaviour that just happens to be different than what - you expected. If unsure, try toggling off Privoxy, and see if the problem - persists. - - If you are using your own custom configuration, please try the stock - configs to see if the problem is configuration related. If you're having - problems with a feature that is disabled by default, please ask around on - the mailing list if others can reproduce the problem. - - If you aren't using the latest Privoxy version, the bug may have been - found and fixed in the meantime. We would appreciate if you could take the - time to upgrade to the latest version (or even the latest CVS snapshot) - and verify that your bug still exists. - - Please be sure to provide the following information: - - * The exact Privoxy version you are using (if you got the source from - CVS, please also provide the source code revisions as shown in - http://config.privoxy.org/show-version). - - * The operating system and versions you run Privoxy on, (e.g. Windows XP - SP2), if you are using a Unix flavor, sending the output of "uname -a" - should do, in case of GNU/Linux, please also name the distribution. - - * The name, platform, and version of the browser you were using (e.g. - Internet Explorer v5.5 for Mac). - - * The URL where the problem occurred, or some way for us to duplicate - the problem (e.g. http://somesite.example.com/?somethingelse=123). - - * Whether your version of Privoxy is one supplied by the Privoxy - developers via SourceForge, or if you got your copy somewhere else. - - * Whether you are using Privoxy in tandem with another proxy such as - Tor. If so, please temporary disable the other proxy to see if the - symptoms change. - - * Whether you are using a personal firewall product. If so, does Privoxy - work without it? - - * Any other pertinent information to help identify the problem such as - config or log file excerpts (yes, you should have log file entries for - each action taken). - - You don't have to tell us your actual name when filing a problem report, - but please use a nickname so we can differentiate between your messages - and the ones entered by other "anonymous" users that may respond to your - request if they have the same problem or already found a solution. - - Please also check the status of your request a few days after submitting - it, as we may request additional information. If you use a SF id, you - should automatically get a mail when someone responds to your request. - - The appendix of the Privoxy User Manual also has helpful information on - understanding actions, and action debugging. - - -------------------------------------------------------------------------- - - 8.3. Request New Features - - You are welcome to submit ideas on new features or other proposals for - improvement through our feature request tracker at - http://sourceforge.net/tracker/?atid=361118&group_id=11118. - - -------------------------------------------------------------------------- - - 8.4. Other - - For any other issues, feel free to use the mailing lists. Technically - interested users and people who wish to contribute to the project are also - welcome on the developers list! You can find an overview of all - Privoxy-related mailing lists, including list archives, at: - http://sourceforge.net/mail/?group_id=11118. - - -------------------------------------------------------------------------- - -9. Privoxy Copyright, License and History - - Copyright (c) 2001-2008 by Privoxy Developers - <ijbswa-developers@lists.sourceforge.net> - - Some source code is based on code Copyright (c) 1997 by Anonymous Coders - and Junkbusters, Inc. and licensed under the GNU General Public License. - - -------------------------------------------------------------------------- - - 9.1. License - - Privoxy is free software; you can redistribute it and/or modify it under - the terms of the GNU General Public License, version 2, as published by - the Free Software Foundation. - - This program is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - for more details, which is available from the Free Software Foundation, - Inc, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the - - Free Software - Foundation, Inc. 51 Franklin Street, Fifth Floor - Boston, MA 02110-1301 - USA - - -------------------------------------------------------------------------- - - 9.2. History - - A long time ago, there was the Internet Junkbuster, by Anonymous Coders - and Junkbusters Corporation. This saved many users a lot of pain in the - early days of web advertising and user tracking. - - But the web, its protocols and standards, and with it, the techniques for - forcing ads on users, give up autonomy over their browsing, and for - tracking them, keeps evolving. Unfortunately, the Internet Junkbuster did - not. Version 2.0.2, published in 1998, was (and is) the last official - release available from Junkbusters Corporation. Fortunately, it had been - released under the GNU GPL, which allowed further development by others. - - So Stefan Waldherr started maintaining an improved version of the - software, to which eventually a number of people contributed patches. It - could already replace banners with a transparent image, and had a first - version of pop-up killing, but it was still very closely based on the - original, with all its limitations, such as the lack of HTTP/1.1 support, - flexible per-site configuration, or content modification. The last release - from this effort was version 2.0.2-10, published in 2000. - - Then, some developers picked up the thread, and started turning the - software inside out, upside down, and then reassembled it, adding many new - features along the way. - - The result of this is Privoxy, whose first stable version, 3.0, was - released August, 2002. - - -------------------------------------------------------------------------- - -10. See also - - Other references and sites of interest to Privoxy users: - - http://www.privoxy.org/, the Privoxy Home page. - - http://www.privoxy.org/faq/, the Privoxy FAQ. - - http://sourceforge.net/projects/ijbswa/, the Project Page for Privoxy on - SourceForge. - - http://config.privoxy.org/, the web-based user interface. Privoxy must be - running for this to work. Shortcut: http://p.p/ - - http://sourceforge.net/tracker/?group_id=11118&atid=460288, to submit - "misses" and other configuration related suggestions to the developers. - - http://www.junkbusters.com/ht/en/cookies.html, an explanation how cookies - are used to track web users. - - http://www.junkbusters.com/ijb.html, the original Internet Junkbuster. - - http://privacy.net/, a useful site to check what information about you is - leaked while you browse the web. - - http://www.squid-cache.org/, a popular caching proxy, which is often used - together with Privoxy. - - http://www.pps.jussieu.fr/~jch/software/polipo/, Polipo is a caching proxy - with advanced features like pipelining, multiplexing and caching of - partial instances. In many setups it can be used as Squid replacement. - - http://tor.eff.org/, Tor can help anonymize web browsing, web publishing, - instant messaging, IRC, SSH, and other applications. - - http://www.privoxy.org/developer-manual/, the Privoxy developer manual. diff --git a/doc/text/faq.txt b/doc/text/faq.txt deleted file mode 100644 index c52e821a..00000000 --- a/doc/text/faq.txt +++ /dev/null @@ -1,2510 +0,0 @@ - Privoxy Frequently Asked Questions - - [Copyright[ (c) 2001-2008 by Privoxy Developers]] - - $Id: faq.txt,v 1.56 2008/01/19 21:41:36 hal9 Exp $ - - This FAQ gives quick answers to frequently asked questions about Privoxy. - It is not a substitute for the Privoxy User Manual. - - What is Privoxy? - - Privoxy is a non-caching web proxy with advanced filtering capabilities - for enhancing privacy, modifying web page data, managing HTTP cookies, - controlling access, and removing ads, banners, pop-ups and other obnoxious - Internet junk. Privoxy has a flexible configuration and can be customized - to suit individual needs and tastes. Privoxy has application for both - stand-alone systems and multi-user networks. - - Privoxy is based on Internet Junkbuster (tm). - - Please note that this document is a work in progress. This copy represents - the state at the release of version 3.0.8. You can find the latest version - of the document at http://www.privoxy.org/faq/. Please see the Contact - section if you want to contact the developers. - - -------------------------------------------------------------------------- - - Table of Contents - - 1. General Information - - 1.1. Who should give Privoxy a try? - - 1.2. Is Privoxy the best choice for me? - - 1.3. What is a "proxy"? How does Privoxy work? - - 1.4. Does Privoxy do anything more than ad blocking? - - 1.5. What is this new version of "Junkbuster"? - - 1.6. Why "Privoxy"? Why change the name from Junkbuster at - all? - - 1.7. How does Privoxy differ from the old Junkbuster? - - 1.8. How does Privoxy know what is an ad, and what is not? - - 1.9. Can Privoxy make mistakes? This does not sound very - scientific. - - 1.10. Will I have to configure Privoxy before I can use it? - - 1.11. Can Privoxy run as a server on a network? - - 1.12. My browser does the same things as Privoxy. Why should - I use Privoxy at all? - - 1.13. Why should I trust Privoxy? - - 1.14. Is there is a license or fee? What about a warranty? - Registration? - - 1.15. Can Privoxy remove spyware? Adware? Viruses? - - 1.16. Can I use Privoxy with other ad-blocking software? - - 1.17. I would like to help you, what can I do? - - 1.17.1. Would you like to participate? - - 1.17.2. Contribute! - - 1.17.3. Software - - 2. Installation - - 2.1. Which browsers are supported by Privoxy? - - 2.2. Which operating systems are supported? - - 2.3. Can I use Privoxy with my email client? - - 2.4. I just installed Privoxy. Is there anything special I - have to do now? - - 2.5. What is the proxy address of Privoxy? - - 2.6. I just installed Privoxy, and nothing is happening. All - the ads are there. What's wrong? - - 2.7. I get a "Privoxy is not being used" dummy page although - Privoxy is running and being used. - - 3. Configuration - - 3.1. What exactly is an "actions" file? - - 3.2. The "actions" concept confuses me. Please list some of - these "actions". - - 3.3. How are actions files configured? What is the easiest - way to do this? - - 3.4. There are several different "actions" files. What are - the differences? - - 3.5. Where can I get updated Actions Files? - - 3.6. Can I use my old config files? - - 3.7. Why is the configuration so complicated? - - 3.8. How can I make my Yahoo/Hotmail/Gmail account work? - - 3.9. What's the difference between the "Cautious", "Medium" - and "Advanced" defaults? - - 3.10. Why can I change the configuration with a browser? Does - that not raise security issues? - - 3.11. What is the default.filter file? What is a "filter"? - - 3.12. How can I set up Privoxy to act as a proxy for my LAN? - - 3.13. Instead of ads, now I get a checkerboard pattern. I - don't want to see anything. - - 3.14. Why would anybody want to see a checkerboard pattern? - - 3.15. I see some images being replaced with text instead of - the checkerboard image. Why and how do I get rid of this? - - 3.16. Can Privoxy run as a service on Win2K/NT/XP? - - 3.17. How can I make Privoxy work with other proxies like - Squid or Tor? - - 3.18. Can I just set Privoxy to use port 80 and thus avoid - individual browser configuration? - - 3.19. Can Privoxy run as a "transparent" proxy? - - 3.20. Can Privoxy run as a "intercepting" proxy? - - 3.21. How can I configure Privoxy for use with Outlook - Express? - - 3.22. How can I have separate rules just for HTML mail? - - 3.23. I sometimes notice cookies sneaking through. How? - - 3.24. Are all cookies bad? Why? - - 3.25. How can I allow permanent cookies for my trusted sites? - - 3.26. Can I have separate configurations for different users? - - 3.27. Can I set-up Privoxy as a whitelist of "good" sites? - - 3.28. How can I turn off ad-blocking? - - 3.29. How can I have custom template pages, like the BLOCKED - page? - - 3.30. How can I remove the "Go There Anyway" link from the - BLOCKED page? - - 4. Miscellaneous - - 4.1. How much does Privoxy slow my browsing down? This has to - add extra time to browsing. - - 4.2. I notice considerable delays in page requests. What's - wrong? - - 4.3. What are "http://config.privoxy.org/" and "http://p.p/"? - - 4.4. How can I submit new ads, or report problems? - - 4.5. If I do submit missed ads, will they be included in - future updates? - - 4.6. Why doesn't anyone answer my support request? - - 4.7. How can I hide my IP address? - - 4.8. Can Privoxy guarantee I am anonymous? - - 4.9. A test site says I am not using a Proxy. - - 4.10. How do I use Privoxy together with Tor? - - 4.11. Might some things break because header information or - content is being altered? - - 4.12. Can Privoxy act as a "caching" proxy to speed up web - browsing? - - 4.13. What about as a firewall? Can Privoxy protect me? - - 4.14. I have large empty spaces / a checkerboard pattern now - where ads used to be. Why? - - 4.15. How can Privoxy filter Secure (HTTPS) URLs? - - 4.16. Privoxy runs as a "server". How secure is it? Do I need - to take any special precautions? - - 4.17. Can I temporarily disable Privoxy? - - 4.18. When "disabled" is Privoxy totally out of the picture? - - 4.19. How can I tell Privoxy to totally ignore certain sites? - - 4.20. My logs show Privoxy "crunches" ads, but also its own - internal CGI pages. What is a "crunch"? - - 4.21. Can Privoxy effect files that I download from a - webserver? FTP server? - - 4.22. I just downloaded a Perl script, and Privoxy altered - it! Yikes, what is wrong! - - 4.23. Should I continue to use a "HOSTS" file for - ad-blocking? - - 4.24. Where can I find more information about Privoxy and - related issues? - - 4.25. I've noticed that Privoxy changes "Microsoft" to - "MicroSuck"! Why are you manipulating my browsing? - - 4.26. Does Privoxy produce "valid" HTML (or XHTML)? - - 5. Troubleshooting - - 5.1. I cannot connect to any websites. Or, I am getting - "connection refused" message with every web page. Why? - - 5.2. Why am I getting a 503 Error (WSAECONNREFUSED) on every - page? - - 5.3. I just added a new rule, but the steenkin ad is still - getting through. How? - - 5.4. One of my favorite sites does not work with Privoxy. - What can I do? - - 5.5. After installing Privoxy, I have to log in every time I - start IE. What gives? - - 5.6. I cannot connect to any FTP sites. Privoxy is blocking - me. - - 5.7. In Mac OSX, I can't configure Microsoft Internet - Explorer to use Privoxy as the HTTP proxy. - - 5.8. In Mac OSX, I dragged the Privoxy folder to the trash in - order to uninstall it. Now the finder tells me I don't have - sufficient privileges to empty the trash. - - 5.9. In Mac OSX Panther (10.3), images often fail to load - and/or I experience random delays in page loading. I'm using - localhost as my browser's proxy setting. - - 5.10. I get a completely blank page at one site. "View - Source" shows only: <html><body></body></html>. Without - Privoxy the page loads fine. - - 5.11. My logs show many "Unable to get my own hostname" - lines. Why? - - 5.12. When I try to launch Privoxy, I get an error message - "port 8118 is already in use" (or similar wording). Why? - - 5.13. Pages with UTF-8 fonts are garbled. - - 5.14. Why are binary files (such as images) corrupted when - Privoxy is used? - - 5.15. What is the "demoronizer" and why is it there? - - 5.16. Why do I keep seeing "PrivoxyWindowOpen()" in raw - source code? - - 5.17. I am getting too many DNS errors like "404 No Such - Domain". Why can't Privoxy do this better? - - 5.18. At one site Privoxy just hangs, and starts taking all - CPU. Why is this? - - 5.19. I just installed Privoxy, and all my browsing has - slowed to a crawl. What gives? - - 5.20. Why do my filters work on some sites but not on others? - - 6. Contacting the developers, Bug Reporting and Feature Requests - - 6.1. Get Support - - 6.2. Reporting Problems - - 6.2.1. Reporting Ads or Other Configuration - Problems - - 6.2.2. Reporting Bugs - - 6.3. Request New Features - - 6.4. Other - - 7. Privoxy Copyright, License and History - - 7.1. License - - 7.2. History - -1. General Information - - 1.1. Who should give Privoxy a try? - - Anyone who is interested in security, privacy, or in finer-grained control - over their web and Internet experience. - - -------------------------------------------------------------------------- - - 1.2. Is Privoxy the best choice for me? - - Privoxy is certainly a good choice, especially for those who want more - control and security. Those with the willingness to read the documentation - and the ability to fine-tune their installation will benefit the most. - - One of Privoxy's strengths is that it is highly configurable giving you - the ability to completely personalize your installation. Being familiar - with, or at least having an interest in learning about HTTP and other - networking protocols, HTML, and "Regular Expressions" will be a big plus - and will help you get the most out of Privoxy. A new installation just - includes a very basic configuration. The user should take this as a - starting point only, and enhance it as he or she sees fit. In fact, the - user is encouraged, and expected to, fine-tune the configuration. - - Much of Privoxy's configuration can be done with a Web browser. But there - are areas where configuration is done using a text editor to edit - configuration files. Also note that the web-based action editor doesn't - use authentication and should only be enabled in environments where all - clients with access to Privoxy listening port can be trusted. - - -------------------------------------------------------------------------- - - 1.3. What is a "proxy"? How does Privoxy work? - - A web proxy is a service, based on a software such as Privoxy, that - clients (i.e. browsers) can use instead of connecting directly to web - servers on the Internet. The clients then ask the proxy to fetch the - objects they need (web pages, images, movies etc) on their behalf, and - when the proxy has done so, it hands the results back to the client. It is - a "go-between". See the Wikipedia proxy definition for more. - - There are many reasons to use web proxies, such as security (firewalling), - efficiency (caching) and others, and there are any number of proxies to - accommodate those needs. - - Privoxy is a proxy that is primarily focused on privacy protection, ad and - junk elimination and freeing the user from restrictions placed on his - activities. Sitting between your browser(s) and the Internet, it is in a - perfect position to filter outbound personal information that your browser - is leaking, as well as inbound junk. It uses a variety of techniques to do - this, all of which are under your complete control via the various - configuration files and options. Being a proxy also makes it easier to - share configurations among multiple browsers and/or users. - - -------------------------------------------------------------------------- - - 1.4. Does Privoxy do anything more than ad blocking? - - Yes, ad blocking is but one possible use. There are many, many ways - Privoxy can be used to sanitize and customize web browsing. - - -------------------------------------------------------------------------- - - 1.5. What is this new version of "Junkbuster"? - - A long time ago, there was the Internet Junkbuster, by Anonymous Coders - and Junkbusters Corporation. This saved many users a lot of pain in the - early days of web advertising and user tracking. - - But the web, its protocols and standards, and with it, the techniques for - forcing ads on users, give up autonomy over their browsing, and for - tracking them, keeps evolving. Unfortunately, the Internet Junkbuster did - not. Version 2.0.2, published in 1998, was (and is) the last official - release available from Junkbusters Corporation. Fortunately, it had been - released under the GNU GPL, which allowed further development by others. - - So Stefan Waldherr started maintaining an improved version of the - software, to which eventually a number of people contributed patches. It - could already replace banners with a transparent image, and had a first - version of pop-up killing, but it was still very closely based on the - original, with all its limitations, such as the lack of HTTP/1.1 support, - flexible per-site configuration, or content modification. The last release - from this effort was version 2.0.2-10, published in 2000. - - Then, some developers picked up the thread, and started turning the - software inside out, upside down, and then reassembled it, adding many new - features along the way. - - The result of this is Privoxy, whose first stable version, 3.0, was - released August, 2002. - - -------------------------------------------------------------------------- - - 1.6. Why "Privoxy"? Why change the name from Junkbuster at all? - - Though outdated, Junkbusters Corporation continues to offer their original - version of the Internet Junkbuster, so publishing our Junkbuster-derived - software under the same name led to confusion. - - There are also potential legal complications from our use of the - Junkbuster name, which is a registered trademark of Junkbusters - Corporation. There are, however, no objections from Junkbusters - Corporation to the Privoxy project itself, and they, in fact, still share - our ideals and goals. - - The developers also believed that there are so many improvements over the - original code, that it was time to make a clean break from the past and - make a name in their own right. - - Privoxy is the "Privacy Enhancing Proxy". Also, its content modification - and junk suppression gives you, the user, more control, more freedom, and - allows you to browse your personal and "private edition" of the web. - - -------------------------------------------------------------------------- - - 1.7. How does Privoxy differ from the old Junkbuster? - - Privoxy picks up where Junkbuster left off. All the old features remain. - The new Privoxy still blocks ads and banners, still manages cookies, and - still helps protect your privacy. But, most of these features have been - enhanced, and many new ones have been added, all in the same vein. - - Privoxy's new features include: - - * Can be run as an "intercepting" proxy, which obviates the need to - configure browsers individually. - - * Sophisticated actions and filters for manipulating both server and - client headers. - - * Can be chained with other proxies. - - * Integrated browser based configuration and control utility at - http://config.privoxy.org/ (shortcut: http://p.p/). Browser-based - tracing of rule and filter effects. Remote toggling. - - * Web page filtering (text replacements, removes banners based on size, - invisible "web-bugs", JavaScript and HTML annoyances, pop-up windows, - etc.) - - * Modularized configuration that allows for standard settings and user - settings to reside in separate files, so that installing updated - actions files won't overwrite individual user settings. - - * Support for Perl Compatible Regular Expressions in the configuration - files, and a more sophisticated and flexible configuration syntax. - - * Improved cookie management features (e.g. session based cookies). - - * GIF de-animation. - - * Bypass many click-tracking scripts (avoids script redirection). - - * Multi-threaded (POSIX and native threads). - - * User-customizable HTML templates for all proxy-generated pages (e.g. - "blocked" page). - - * Auto-detection and re-reading of config file changes. - - * Improved signal handling, and a true daemon mode (Unix). - - * Every feature now controllable on a per-site or per-location basis, - configuration more powerful and versatile over-all. - - * Many smaller new features added, limitations and bugs removed, and - security holes fixed. - - -------------------------------------------------------------------------- - - 1.8. How does Privoxy know what is an ad, and what is not? - - Privoxy's approach to blocking ads is twofold: - - First, there are certain patterns in the locations (URLs) of banner - images. This applies to both the path (you wouldn't guess how many web - sites serve their banners from a directory called "banners"!) and the host - (blocking the big banner hosting services like doublecklick.net already - helps a lot). Privoxy takes advantage of this fact by using URL patterns - to sort out and block the requests for things that sound like they would - be ads or banners. - - Second, banners tend to come in certain sizes. But you can't tell the size - of an image by its URL without downloading it, and if you do, it's too - late to save bandwidth. Therefore, Privoxy also inspects the HTML sources - of web pages while they are loaded, and replaces references to images with - standard banner sizes by dummy references, so that your browser doesn't - request them anymore in the first place. - - Both of this involves a certain amount of guesswork and is, of course, - freely and readily configurable. - - -------------------------------------------------------------------------- - - 1.9. Can Privoxy make mistakes? This does not sound very scientific. - - Actually, it's a black art ;-) And yes, it is always possible to have a - broad rule accidentally block or change something by mistake. You will - almost surely run into such situations at some point. It is tricky writing - rules to cover every conceivable possibility, and not occasionally get - false positives. - - But this should not be a big concern since the Privoxy configuration is - very flexible, and includes tools to help identify these types of - situations so they can be addressed as needed, allowing you to customize - your installation. (See the Troubleshooting section below.) - - -------------------------------------------------------------------------- - - 1.10. Will I have to configure Privoxy before I can use it? - - That depends on your expectations. The default installation should give - you a good starting point, and block most ads and unwanted content, but - many of the more advanced features are off by default, and require you to - activate them. - - You do have to set up your browser to use Privoxy (see the Installation - section below). - - And you will certainly run into situations where there are false - positives, or ads not being blocked that you may not want to see. In these - cases, you would certainly benefit by customizing Privoxy's configuration - to more closely match your individual situation. And we encourage you to - do this. This is where the real power of Privoxy lies! - - -------------------------------------------------------------------------- - - 1.11. Can Privoxy run as a server on a network? - - Yes, Privoxy runs as a server already, and can easily be configured to - "serve" more than one client. See How can I set up Privoxy to act as a - proxy for my LAN below. - - -------------------------------------------------------------------------- - - 1.12. My browser does the same things as Privoxy. Why should I use Privoxy - at all? - - Modern browsers do indeed have some of the same functionality as Privoxy. - Maybe this is adequate for you. But Privoxy is very versatile and - powerful, and can probably do a number of things your browser just can't. - - In addition, a proxy is good choice if you use multiple browsers, or have - a LAN with multiple computers since Privoxy can run as a server - application. This way all the configuration is in one place, and you don't - have to maintain a similar configuration for possibly many browsers or - users. - - Note, however, that it's recommended to leverage both your browser's and - Privoxy's privacy enhancing features at the same time. While your browser - probably lacks some features Privoxy offers, it should also be able to do - some things more reliable, for example restricting and suppressing - JavaScript. - - -------------------------------------------------------------------------- - - 1.13. Why should I trust Privoxy? - - The most important reason is because you have access to everything, and - you can control everything. You can check every line of every - configuration file yourself. You can check every last bit of source code - should you desire. And even if you can't read code, there should be some - comfort in knowing that other people can, and do read it. You can build - the software from scratch, if you want, so that you know the executable is - clean, and that it is yours. In fact, we encourage this level of scrutiny. - It is one reason we use Privoxy ourselves. - - -------------------------------------------------------------------------- - - 1.14. Is there is a license or fee? What about a warranty? Registration? - - Privoxy is free software and licensed under the GNU General Public License - (GPL) version 2. It is free to use, copy, modify or distribute as you wish - under the terms of this license. Please see the Copyright section for more - information on the license and copyright. Or the LICENSE file that should - be included. - - There is no warranty of any kind, expressed, implied or otherwise. That is - something that would cost real money ;-) There is no registration either. - - -------------------------------------------------------------------------- - - 1.15. Can Privoxy remove spyware? Adware? Viruses? - - No, at least not reliably enough to trust it. Privoxy is not designed to - be a malware removal tool and the default configuration doesn't even try - to filter out any malware. - - Privoxy could help prevent contact from (known) sites that use such - tactics with appropriate configuration rules, and thus could conceivably - prevent contamination from such sites. However, keeping such a - configuration up to date would require a lot of time and effort that would - be better spend on keeping your software itself up to date so it doesn't - have known vulnerabilities. - - -------------------------------------------------------------------------- - - 1.16. Can I use Privoxy with other ad-blocking software? - - Privoxy should work fine with other proxies and other software in general. - - But it is probably not necessary to use Privoxy in conjunction with other - ad-blocking products, and this could conceivably cause undesirable - results. It might be better to choose one software or the other and work a - little to tweak its configuration to your liking. - - Note that this is an advice specific to ad blocking. - - -------------------------------------------------------------------------- - - 1.17. I would like to help you, what can I do? - - 1.17.1. Would you like to participate? - - Well, we always need help. There is something for everybody who wants to - help us. We welcome new developers, packagers, testers, documentation - writers or really anyone with a desire to help in any way. You DO NOT need - to be a "programmer". There are many other tasks available. In fact, the - programmers often can't spend as much time programming because of some of - the other, more mundane things that need to be done, like checking the - Tracker feedback sections. - - So first thing, get an account on SourceForge.net and mail your id to the - developers mailing list. Then, please read the Developer's Manual, at - least the pertinent sections. - - You can also start helping out without SourceForge.net account, simply by - showing up on the mailing list, helping out other users, providing general - feedback or reporting problems you noticed. - - -------------------------------------------------------------------------- - - 1.17.2. Contribute! - - We, of course, welcome donations and could use money for domain - registering, buying software to test Privoxy with, and, of course, for - regular world-wide get-togethers (hahaha). If you enjoy the software and - feel like helping us with a donation, just drop us a note and get your - name on the list of contributors. - - -------------------------------------------------------------------------- - - 1.17.3. Software - - If you are a vendor of a web-related software like a browser, web server - or proxy, and would like us to ensure that Privoxy runs smoothly with your - product, you might consider supplying us with a copy or license. We can't, - however, guarantee that we will fix all potential compatibility issues as - a result. - - -------------------------------------------------------------------------- - -2. Installation - - 2.1. Which browsers are supported by Privoxy? - - Any browser that can be configured to use a proxy, which should be - virtually all browsers, including Firefox, Internet Explorer, Opera, and - Safari among others. Direct browser support is not an absolute requirement - since Privoxy runs as a separate application and talks to the browser in - the standardized HTTP protocol, just like a web server does. - - -------------------------------------------------------------------------- - - 2.2. Which operating systems are supported? - - At present, Privoxy is known to run on Windows(95, 98, ME, 2000, XP, - Vista), GNU/Linux (RedHat, SuSE, Debian, Fedora, Gentoo, Slackware and - others), Mac OSX, OS/2, AmigaOS, FreeBSD, NetBSD, OpenBSD, Solaris, and - various other flavors of Unix. - - But any operating system that runs TCP/IP, can conceivably take advantage - of Privoxy in a networked situation where Privoxy would run as a server on - a LAN gateway. Then only the "gateway" needs to be running one of the - above operating systems. - - Source code is freely available, so porting to other operating systems is - always a possibility. - - -------------------------------------------------------------------------- - - 2.3. Can I use Privoxy with my email client? - - As long as there is some way to set a HTTP proxy for the client, then yes, - any application can be used, whether it is strictly speaking a "browser" - or not. Though this may not be the best approach for dealing with some of - the common abuses of HTML in email. See How can I configure Privoxy with - Outlook Express? below for more on this. - - Be aware that HTML email presents a number of unique security and privacy - related issues, that can require advanced skills to overcome. The - developers recommend using email clients that can be configured to convert - HTML to plain text for these reasons. - - -------------------------------------------------------------------------- - - 2.4. I just installed Privoxy. Is there anything special I have to do now? - - All browsers should be told to use Privoxy as a proxy by specifying the - correct proxy address and port number in the appropriate configuration - area for the browser. It's possible to combine Privoxy with a packet - filter to intercept HTTP requests even if the client isn't explicitly - configured to use Privoxy, but where possible, configuring the client is - recommended. See the User Manual for more details. You should also flush - your browser's memory and disk cache to get rid of any cached junk items, - and remove any stored cookies. - - -------------------------------------------------------------------------- - - 2.5. What is the proxy address of Privoxy? - - If you set up the Privoxy to run on the computer you browse from (rather - than your ISP's server or some networked computer on a LAN), the proxy - will be on 127.0.0.1 (sometimes referred to as "localhost", which is the - special name used by every computer on the Internet to refer to itself) - and the port will be 8118 (unless you used the listen-address config - option to tell Privoxy to run on a different port). - - When configuring your browser's proxy settings you typically enter the - word "localhost" or the IP address "127.0.0.1" in the boxes next to "HTTP" - and "Secure" (HTTPS) and then the number "8118" for "port". This tells - your browser to send all web requests to Privoxy instead of directly to - the Internet. - - Privoxy can also be used to proxy for a Local Area Network. In this case, - your would enter either the IP address of the LAN host where Privoxy is - running, or the equivalent hostname, e.g. 192.168.1.1. Port assignment - would be same as above. Note that Privoxy doesn't listen on any LAN - interfaces by default. - - Privoxy does not currently handle any other protocols such as FTP, SMTP, - IM, IRC, ICQ, etc. - - -------------------------------------------------------------------------- - - 2.6. I just installed Privoxy, and nothing is happening. All the ads are - there. What's wrong? - - Did you configure your browser to use Privoxy as a proxy? It does not - sound like it. See above. You might also try flushing the browser's caches - to force a full re-reading of pages. You can verify that Privoxy is - running, and your browser is correctly configured by entering the special - URL: http://p.p/. This should take you to a page titled "This is - Privoxy.." with access to Privoxy's internal configuration. If you see - this, then you are good to go. If you receive a page saying "Privoxy is - not running", then the browser is not set up to use your Privoxy - installation. If you receive anything else (probably nothing at all), it - could either be that the browser is not set up correctly, or that Privoxy - is not running at all. Check the log file. For instructions on starting - Privoxy and browser configuration, see the chapter on starting Privoxy in - the User Manual. - - -------------------------------------------------------------------------- - - 2.7. I get a "Privoxy is not being used" dummy page although Privoxy is - running and being used. - - First, make sure that Privoxy is really running and being used by visiting - http://p.p/. You should see the Privoxy main page. If not, see the chapter - on starting Privoxy in the User Manual. - - Now if http://p.p/ works for you, but other parts of Privoxy's web - interface show the dummy page, your browser has cached a redirection it - encountered before Privoxy was being used. You need to clear your - browser's cache. Note that shift-reloading the dummy page won't help, - since that'll only refresh the dummy page, not the redirection that lead - you there. - - The procedure for clearing the cache varies from browser to browser. For - example, Mozilla/Netscape users would click Edit --> Preferences --> - Advanced --> Cache and then click both "Clear Memory Cache" and "Clear - Disk Cache". In some Firefox versions it's Tools --> Options --> Privacy - --> Cache and then click "Clear Cache Now". - - -------------------------------------------------------------------------- - -3. Configuration - - 3.1. What exactly is an "actions" file? - - Privoxy utilizes the concept of " actions" that are used to manipulate and - control web page data. Actions files are where these actions that Privoxy - could take while processing a certain request, are configured. Typically, - you would define a set of default actions that apply globally to all URLs, - then add exceptions to these defaults where needed. There is a wide array - of actions available that give the user a high degree of control and - flexibility on how to process each and every web page. - - Actions can be defined on a URL pattern basis, i.e. for single URLs, whole - web sites, groups or parts thereof etc. Actions can also be grouped - together and then applied to requests matching one or more patterns. There - are many possible actions that might apply to any given site. As an - example, if you are blocking cookies as one of your default actions, but - need to accept cookies from a given site, you would need to define an - exception for this site in one of your actions files, preferably in - user.action. - - -------------------------------------------------------------------------- - - 3.2. The "actions" concept confuses me. Please list some of these "actions". - - For a comprehensive discussion of the actions concept, please refer to the - actions file chapter in the User Manual. It includes a list of all actions - and an actions file tutorial to get you started. - - -------------------------------------------------------------------------- - - 3.3. How are actions files configured? What is the easiest way to do this? - - Actions files are just text files in a special syntax and can be edited - with a text editor. But probably the easiest way is to access Privoxy's - user interface with your web browser at http://config.privoxy.org/ - (Shortcut: http://p.p/) and then select "View & change the current - configuration" from the menu. Note that this feature must be explicitly - enabled in the main config file (see enable-edit-actions). - - -------------------------------------------------------------------------- - - 3.4. There are several different "actions" files. What are the differences? - - Three actions files are being included by the developers, to be used for - different purposes: These are default.action, the "main" actions file - which is actively maintained by the Privoxy developers and typically sets - the default policies, user.action, where users are encouraged to make - their private customizations, and standard.action, which is for internal - Privoxy use only. Please see the actions chapter in the User Manual for a - more detailed explanation. - - Earlier versions included three different versions of the default.action - file. The new scheme allows for greater flexibility of local - configuration, and for browser based selection of pre-defined - "aggressiveness" levels. - - -------------------------------------------------------------------------- - - 3.5. Where can I get updated Actions Files? - - Based on your feedback and the continuing development, updates of - default.action will be made available from time to time on the files - section of our project page. - - If you wish to receive an email notification whenever we release updates - of Privoxy or the actions file, subscribe to our announce mailing list, - ijbswa-announce@lists.sourceforge.net. - - -------------------------------------------------------------------------- - - 3.6. Can I use my old config files? - - The syntax and purpose of configuration files has remained roughly the - same throughout the 3.x series, but backwards compatibility is not - guaranteed. Also each release contains updated, "improved" versions and it - is therefore strongly recommended to install the newer configuration files - and merge back your modifications. - - -------------------------------------------------------------------------- - - 3.7. Why is the configuration so complicated? - - "Complicated" is in the eye of the beholder. Those that are familiar with - some of the underlying concepts, such as regular expression syntax, take - to it like a fish takes to water. Also, software that tries hard to be - "user friendly", often lacks sophistication and flexibility. There is - always that trade-off there between power vs. easy-of-use. Furthermore, - anyone is welcome to contribute ideas and implementations to enhance - Privoxy. - - -------------------------------------------------------------------------- - - 3.8. How can I make my Yahoo/Hotmail/Gmail account work? - - The default configuration shouldn't impact the usability of any of these - services. It may, however, make all cookies temporary, so that your - browser will forget your login credentials in between browser sessions. If - you would like not to have to log in manually each time you access those - websites, simply turn off all cookie handling for them in the user.action - file. An example for yahoo might look like: - - # Allow all cookies for Yahoo login: - # - { -crunch-incoming-cookies -crunch-outgoing-cookies -session-cookies-only } - .login.yahoo.com - - These kinds of sites are often quite complex and heavy with Javascript and - thus "fragile". So if still a problem, we have an alias just for such - sticky situations: - - # Gmail is a _fragile_ site: - # - { fragile } - # Gmail is ... - mail.google.com - - Be sure to flush your browser's caches whenever making these kinds of - changes, just to make sure the changes "take". - - Make sure the domain, host and path are appropriate as well. Your browser - can tell you where you are specifically and you should use that - information for your configuration settings. Note that above it is not - referenced as gmail.com, which is a valid domain name. - - -------------------------------------------------------------------------- - - 3.9. What's the difference between the "Cautious", "Medium" and "Advanced" - defaults? - - Configuring Privoxy is not entirely trivial. To help you get started, we - provide you with three different default action "profiles" in the web - based actions file editor at http://config.privoxy.org/show-status. See - the User Manual for a list of actions, and how the default profiles are - set. - - Where the defaults are likely to break some sites, exceptions for known - popular "problem" sites are included, but in general, the more aggressive - your default settings are, the more exceptions you will have to make - later. New users are best to start off in "Cautious" setting. This is - safest and will have the fewest problems. See the User Manual for a more - detailed discussion. - - It should be noted that the "Advanced" profile (formerly known as the - "Adventuresome" profile) is more aggressive, and will make use of some of - Privoxy's advanced features. Use at your own risk! - - -------------------------------------------------------------------------- - - 3.10. Why can I change the configuration with a browser? Does that not raise - security issues? - - It may seem strange that regular users can edit the config files with - their browsers, although the whole /etc/privoxy hierarchy belongs to the - user "privoxy", with only 644 permissions. - - When you use the browser-based editor, Privoxy itself is writing to the - config files. Because Privoxy is running as the user "privoxy", it can - update its own config files. - - If you run Privoxy for multiple untrusted users (e.g. in a LAN) or aren't - entirely in control of your own browser, you will probably want to make - sure that the the web-based editor and remote toggle features are "off" by - setting "enable-edit-actions 0" and "enable-remote-toggle 0" in the main - configuration file. - - As of Privoxy 3.0.7 these options are disabled by default. - - -------------------------------------------------------------------------- - - 3.11. What is the default.filter file? What is a "filter"? - - The default.filter file is where filters as supplied by the developers are - defined. Filters are a special subset of actions that can be used to - modify or remove web page content or headers on the fly. Content filters - can be applied to anything in the page source, header filters can be - applied to either server or client headers. Regular expressions are used - to accomplish this. - - There are a number of pre-defined filters to deal with common annoyances. - The filters are only defined here, to invoke them, you need to use the - filter action in one of the actions files. Content filtering is - automatically disabled for inappropriate MIME types, but if you now better - than Privoxy what should or should not be filtered you can filter any - content you like. - - Filters should not be confused with blocks, which is a completely - different action, and is more typically used to block ads and unwanted - sites. - - If you are familiar with regular expressions, and HTML, you can look at - the provided default.filter with a text editor and define your own - filters. This is potentially a very powerful feature, but requires some - expertise in both regular expressions and HTML/HTTP. You should place any - modifications to the default filters, or any new ones you create in a - separate file, such as user.filter, so they won't be overwritten during - upgrades. The ability to define multiple filter files in config is a new - feature as of v. 3.0.5. - - There is no GUI editor option for this part of the configuration, but you - can disable/enable the various pre-defined filters of the included - default.filter file with the web-based actions file editor. Note that the - custom actions editor must be explicitly enabled in the main config file - (see enable-edit-actions). - - If you intend to develop your own filters, you might want to have a look - at Privoxy-Filter-Test. - - -------------------------------------------------------------------------- - - 3.12. How can I set up Privoxy to act as a proxy for my LAN? - - By default, Privoxy only responds to requests from 127.0.0.1 (localhost). - To have it act as a server for a network, this needs to be changed in the - main configuration file. Look for the listen-address option, which may be - commented out with a "#" symbol. Make sure it is uncommented, and assign - it the address of the LAN gateway interface, and port number to use. - Assuming your LAN address is 192.168.1.1 and you wish to run Privoxy on - port 8118, this line should look like: - - listen-address 192.168.1.1:8118 - - Save the file, and restart Privoxy. Configure all browsers on the network - then to use this address and port number. - - Alternately, you can have Privoxy listen on all available interfaces: - - listen-address :8118 - - And then use Privoxy's permit-access feature to limit connections. A - firewall in this situation is recommended as well. - - The above steps should be the same for any TCP network, regardless of - operating system. - - If you run Privoxy on a LAN with untrusted users, we recommend that you - double-check the access control and security options! - - -------------------------------------------------------------------------- - - 3.13. Instead of ads, now I get a checkerboard pattern. I don't want to see - anything. - - The replacement for blocked images can be controlled with the - set-image-blocker action. You have the choice of a checkerboard pattern, a - transparent 1x1 GIF image (aka "blank"), or a redirect to a custom image - of your choice. Note that this choice only has effect for images which are - blocked as images, i.e. whose URLs match both a handle-as-image and block - action. - - If you want to see nothing, then change the set-image-blocker action to - "blank". This can be done by editing the user.action file, or through the - web-based actions file editor. - - -------------------------------------------------------------------------- - - 3.14. Why would anybody want to see a checkerboard pattern? - - Remember that telling which image is an ad and which isn't, is an educated - guess. While we hope that the standard configuration is rather smart, it - will make occasional mistakes. The checkerboard image is visually decent, - and it shows you where images have been blocked, which can be very helpful - in case some navigation aid or otherwise innocent image was erroneously - blocked. It is recommended for new users so they can "see" what is - happening. Some people might also enjoy seeing how many banners they don't - have to see. - - -------------------------------------------------------------------------- - - 3.15. I see some images being replaced with text instead of the checkerboard - image. Why and how do I get rid of this? - - This happens when the banners are not embedded in the HTML code of the - page itself, but in separate HTML (sub)documents that are loaded into - (i)frames or (i)layers, and these external HTML documents are blocked. - Being non-images they get replaced by a substitute HTML page rather than a - substitute image, which wouldn't work out technically, since the browser - expects and accepts only HTML when it has requested an HTML document. - - The substitute page adapts to the available space and shows itself as a - miniature two-liner if loaded into small frames, or full-blown with a - large red "BLOCKED" banner if space allows. - - If you prefer the banners to be blocked by images, you must see to it that - the HTML documents in which they are embedded are not blocked. Clicking - the "See why" link offered in the substitute page will show you which rule - blocked the page. After changing the rule and un-blocking the HTML - documents, the browser will try to load the actual banner images and the - usual image blocking will (hopefully!) kick in. - - -------------------------------------------------------------------------- - - 3.16. Can Privoxy run as a service on Win2K/NT/XP? - - Yes. Version 3.0.5 introduces full Windows service functionality. See the - User Manual for details on how to install and configure Privoxy as a - service. - - Earlier 3.x versions could run as a system service using srvany.exe. See - the discussion at - http://sourceforge.net/tracker/?func=detail&atid=361118&aid=485617&group_id=11118, - for details, and a sample configuration. - - -------------------------------------------------------------------------- - - 3.17. How can I make Privoxy work with other proxies like Squid or Tor? - - This can be done and is often useful to combine the benefits of Privoxy - with those of a another proxy. See the forwarding chapter in the User - Manual which describes how to do this, and the How do I use Privoxy - together with Tor section below. - - -------------------------------------------------------------------------- - - 3.18. Can I just set Privoxy to use port 80 and thus avoid individual - browser configuration? - - No, its more complicated than that. This only works with special kinds of - proxies known as "intercepting" proxies (see below). - - -------------------------------------------------------------------------- - - 3.19. Can Privoxy run as a "transparent" proxy? - - The whole idea of Privoxy is to modify client requests and server - responses in all sorts of ways and therefore it's not a transparent proxy - as described in RFC 2616. - - However, some people say "transparent proxy" when they mean "intercepting - proxy". If you are one of them, please read the next entry. - - -------------------------------------------------------------------------- - - 3.20. Can Privoxy run as a "intercepting" proxy? - - Privoxy can't intercept traffic itself, but it can handle requests that - where intercepted and redirected with a packet filter (like PF or - iptables), as long as the Host header is present. - - As the Host header is required by HTTP/1.1 and as most web sites rely on - it anyway, this limitation shouldn't be a problem. - - Please refer to your packet filter's documentation to learn how to - intercept and redirect traffic into Privoxy. Afterward you just have to - configure Privoxy to accept intercepted requests. - - -------------------------------------------------------------------------- - - 3.21. How can I configure Privoxy for use with Outlook Express? - - Outlook Express uses Internet Explorer components to both render HTML, and - fetch any HTTP requests that may be embedded in an HTML email. So however - you have Privoxy configured to work with IE, this configuration should - automatically be shared. - - -------------------------------------------------------------------------- - - 3.22. How can I have separate rules just for HTML mail? - - The short answer is, you can't. Privoxy has no way of knowing which - particular application makes a request, so there is no way to distinguish - between web pages and HTML mail. Privoxy just blindly proxies all - requests. In the case of Outlook Express (see above), OE uses IE anyway, - and there is no way for Privoxy to ever be able to distinguish between - them (nor could any other proxy type application for that matter). - - For a good discussion of some of the issues involved (including privacy - and security issues), see - http://sourceforge.net/tracker/?func=detail&atid=211118&aid=629518&group_id=11118. - - -------------------------------------------------------------------------- - - 3.23. I sometimes notice cookies sneaking through. How? - - Cookies can be set in several ways. The classic method is via the - Set-Cookie HTTP header. This is straightforward, and an easy one to - manipulate, such as the Privoxy concept of session-cookies-only. There is - also the possibility of using Javascript to set cookies (Privoxy calls - these content-cookies). This is trickier because the syntax can vary - widely, and thus requires a certain amount of guesswork. It is not - realistic to catch all of these short of disabling Javascript, which would - break many sites. And lastly, if the cookies are embedded in a HTTPS/SSL - secure session via Javascript, they are beyond Privoxy's reach. - - All in all, Privoxy can help manage cookies in general, can help minimize - the loss of privacy posed by cookies, but can't realistically stop all - cookies. - - -------------------------------------------------------------------------- - - 3.24. Are all cookies bad? Why? - - No, in fact there are many beneficial uses of cookies. Cookies are just a - method that browsers can use to store data between pages, or between - browser sessions. Sometimes there is a good reason for this, and the - user's life is a bit easier as a result. But there is a long history of - some websites taking advantage of this layer of trust, and using the data - they glean from you and your browsing habits for their own purposes, and - maybe to your potential detriment. Such sites are using you and storing - their data on your system. That is why the privacy conscious watch from - whom those cookies come, and why they really need to be there. - - See the Wikipedia cookie definition for more. - - -------------------------------------------------------------------------- - - 3.25. How can I allow permanent cookies for my trusted sites? - - There are several actions that relate to cookies. The default behavior is - to allow only "session cookies", which means the cookies only last for the - current browser session. This eliminates most kinds of abuse related to - cookies. But there may be cases where you want cookies to last. - - To disable all cookie actions, so that cookies are allowed unrestricted, - both in and out, for example.com: - - { -crunch-incoming-cookies -crunch-outgoing-cookies -session-cookies-only -filter{content-cookies} } - .example.com - - Place the above in user.action. Note that some of these may be off by - default anyway, so this might be redundant, but there is no harm being - explicit in what you want to happen. user.action includes an alias for - this situation, called allow-all-cookies. - - -------------------------------------------------------------------------- - - 3.26. Can I have separate configurations for different users? - - Each instance of Privoxy has its own configuration, including such - attributes as the TCP port that it listens on. What you can do is run - multiple instances of Privoxy, each with a unique listen-address - configuration setting, and configuration path, and then each of these can - have their own configurations. Think of it as per-port configuration. - - Simple enough for a few users, but for large installations, consider - having groups of users that might share like configurations. - - -------------------------------------------------------------------------- - - 3.27. Can I set-up Privoxy as a whitelist of "good" sites? - - Sure. There are a couple of things you can do for simple white-listing. - Here's one real easy one: - - ############################################################ - # Blacklist - ############################################################ - { +block } - / # Block *all* URLs - - ############################################################ - # Whitelist - ############################################################ - { -block } - kids.example.com - toys.example.com - games.example.com - - This allows access to only those three sites by first blocking all URLs, - and then subsequently allowing three specific exceptions. - - Another approach is Privoxy's trustfile concept, which incorporates the - notion of "trusted referrers". See the Trust documentation for details. - - These are fairly simple approaches and are not completely foolproof. There - are various other configuration options that should be disabled (described - elsewhere here and in the User Manual) so that users can't modify their - own configuration and easily circumvent the whitelist. - - -------------------------------------------------------------------------- - - 3.28. How can I turn off ad-blocking? - - Ad blocking is achieved through a complex application of various Privoxy - actions. These actions are deployed against simple images, banners, flash - animations, text pages, JavaScript, pop-ups and pop-unders, etc., so its - not as simple as just turning one or two actions off. The various actions - that make up Privoxy ad blocking are hard-coded into the default - configuration files. It has been assumed that everyone using Privoxy is - interested in this particular feature. - - If you want to do without this, there are several approaches you can take: - You can manually undo the many block rules in default.action. Or even - easier, just create your own default.action file from scratch without the - many ad blocking rules, and corresponding exceptions. Or lastly, if you - are not concerned about the additional blocks that are done for privacy - reasons, you can very easily over-ride all blocking with the following - very simple rule in your user.action: - - # Unblock everybody, everywhere - { -block } - / # UN-Block *all* URLs - - Or even a more comprehensive reversing of various ad related actions: - - # Unblock everybody, everywhere, and turn off appropriate filtering, etc - { -block \ - -filter{banners-by-size} \ - -filter{banners-by-link} \ - allow-popups \ - } - / # UN-Block *all* URLs and allow ads - - This last "action" in this compound statement, allow-popups, is an alias - that disables various pop-up blocking features. - - -------------------------------------------------------------------------- - - 3.29. How can I have custom template pages, like the BLOCKED page? - - Privoxy "templates" are specialized text files utilized by Privoxy for - various purposes and can easily be modified using any text editor. All the - template pages are installed in a sub-directory appropriately named: - templates. Knowing something about HTML syntax will of course be helpful. - - Be forewarned that the default templates are subject to being overwritten - during upgrades. You can, however, create completely new templates, place - them in another directory and specify the alternate path in the main - config. For details, have a look at the templdir option. - - -------------------------------------------------------------------------- - - 3.30. How can I remove the "Go There Anyway" link from the BLOCKED page? - - There is more than one way to do it (although Perl is not involved). - - Editing the BLOCKED template page (see above) may dissuade some users, but - this method is easily circumvented. Where you need this level of control, - you might want to build Privoxy from source, and disable various features - that are available as compile-time options. You should configure the - sources as follows: - - ./configure --disable-toggle --disable-editor --disable-force - - This will create an executable with hard-coded security features so that - Privoxy does not allow easy bypassing of blocked sites, or changing the - current configuration via any connected user's web browser. - - Finally, all of these features can also be toggled on/off via options in - Privoxy's main config file which means you don't have to recompile - anything. - - -------------------------------------------------------------------------- - -4. Miscellaneous - - 4.1. How much does Privoxy slow my browsing down? This has to add extra time - to browsing. - - How much of an impact depends on many things, including the CPU of the - host system, how aggressive the configuration is, which specific actions - are being triggered, the size of the page, the bandwidth of the - connection, etc. - - Overall, it should not slow you down any in real terms, and may actually - help speed things up since ads, banners and other junk are not typically - being retrieved and displayed. The actual processing time required by - Privoxy itself for each page, is relatively small in the overall scheme of - things, and happens very quickly. This is typically more than offset by - time saved not downloading and rendering ad images and other junk content - (if ad blocking is being used). - - "Filtering" content via the filter or deanimate-gifs actions may cause a - perceived slowdown, since the entire document needs to be buffered before - displaying. And on very large documents, filtering may have some - measurable impact. How much depends on the page size, the actual - definition of the filter(s), etc. See below. Most other actions have - little to no impact on speed. - - Also, when filtering is enabled but zlib support isn't available, - compression is often disabled (see prevent-compression). This can have an - impact on speed as well, although it's probably smaller than you might - think. Again, the page size, etc. will determine how much of an impact. - - -------------------------------------------------------------------------- - - 4.2. I notice considerable delays in page requests. What's wrong? - - If you use any filter action, such as filtering banners by size, web-bugs - etc, or the deanimate-gifs action, the entire document must be loaded into - memory in order for the filtering mechanism to work, and nothing is sent - to the browser during this time. - - The loading time typically does not really change much in real numbers, - but the feeling is different, because most browsers are able to start - rendering incomplete content, giving the user a feeling of "it works". - This effect is more noticeable on slower dialup connections. Extremely - large documents may have some impact on the time to load the page where - there is filtering being done. But overall, the difference should be very - minimal. If there is a big impact, then probably some other situation is - contributing (like anti-virus software). - - Filtering is automatically disabled for inappropriate MIME types. But note - that if the web server mis-reports the MIME type, then content that should - not be filtered, could be. Privoxy only knows how to differentiate - filterable content because of the MIME type as reported by the server, or - because of some configuration setting that enables/disables filtering. - - -------------------------------------------------------------------------- - - 4.3. What are "http://config.privoxy.org/" and "http://p.p/"? - - http://config.privoxy.org/ is the address of Privoxy's built-in user - interface, and http://p.p/ is a shortcut for it. - - Since Privoxy sits between your web browser and the Internet, it can - simply intercept requests for these addresses and answer them with its - built-in "web server". - - This also makes for a good test for your browser configuration: If - entering the URL http://config.privoxy.org/ takes you to a page saying - "This is Privoxy ...", everything is OK. If you get a page saying "Privoxy - is not working" instead, then your browser didn't use Privoxy for the - request, hence it could not be intercepted, and you have accessed the real - web site at config.privoxy.org. - - -------------------------------------------------------------------------- - - 4.4. How can I submit new ads, or report problems? - - Please see the Contact section for various ways to interact with the - developers. - - -------------------------------------------------------------------------- - - 4.5. If I do submit missed ads, will they be included in future updates? - - Whether such submissions are eventually included in the default.action - configuration file depends on how significant the issue is. We of course - want to address any potential problem with major, high-profile sites such - as Google, Yahoo, etc. Any site with global or regional reach, has a good - chance of being a candidate. But at the other end of the spectrum are any - number of smaller, low-profile sites such as for local clubs or schools. - Since their reach and impact are much less, they are best handled by - inclusion in the user's user.action, and thus would be unlikely to be - included. - - -------------------------------------------------------------------------- - - 4.6. Why doesn't anyone answer my support request? - - Rest assured that it has been read and considered. Why it is not answered, - could be for various reasons, including no one has a good answer for it, - no one has had time to yet investigate it thoroughly, it has been reported - numerous times already, or because not enough information was provided to - help us help you. Your efforts are not wasted, and we do appreciate them. - - -------------------------------------------------------------------------- - - 4.7. How can I hide my IP address? - - If you run both the browser and Privoxy locally, you cannot hide your IP - address with Privoxy or ultimately any other software alone. The server - needs to know your IP address so that it knows where to send the responses - back. - - There are many publicly usable "anonymous" proxies out there, which - provide a further level of indirection between you and the web server. - - However, these proxies are called "anonymous" because you don't need to - authenticate, not because they would offer any real anonymity. Most of - them will log your IP address and make it available to the authorities in - case you violate the law of the country they run in. In fact you can't - even rule out that some of them only exist to *collect* information on - (those suspicious) people with a more than average preference for privacy. - - If you want to hide your IP address from most adversaries, you should - consider chaining Privoxy with Tor. The configuration details can be found - in How do I use Privoxy together with Tor section just below. - - -------------------------------------------------------------------------- - - 4.8. Can Privoxy guarantee I am anonymous? - - No. Your chances of remaining anonymous are improved, but unless you chain - Privoxy with Tor or a similar proxy and know what you're doing when it - comes to configuring the rest of your system, you should assume that - everything you do on the Web can be traced back to you. - - Privoxy can remove various information about you, and allows you more - freedom to decide which sites you can trust, and what details you want to - reveal. But it neither hides your IP address, nor can it guarantee that - the rest of the system behaves correctly. There are several possibilities - how a web sites can find out who you are, even if you are using a strict - Privoxy configuration and chained it with Tor. - - Most of Privoxy's privacy-enhancing features can be easily subverted by an - insecure browser configuration, therefore you should use a browser that - can be configured to only execute code from trusted sites, and be careful - which sites you trust. For example there is no point in having Privoxy - modify the User-Agent header, if websites can get all the information they - want through JavaScript, ActiveX, Flash, Java etc. - - A few browsers disclose the user's email address in certain situations, - such as when transferring a file by FTP. Privoxy does not filter FTP. If - you need this feature, or are concerned about the mail handler of your - browser disclosing your email address, you might consider products such as - NSClean. - - Browsers available only as binaries could use non-standard headers to give - out any information they can have access to: see the manufacturer's - license agreement. It's impossible to anticipate and prevent every breach - of privacy that might occur. The professionally paranoid prefer browsers - available as source code, because anticipating their behavior is easier. - Trust the source, Luke! - - -------------------------------------------------------------------------- - - 4.9. A test site says I am not using a Proxy. - - Good! Actually, they are probably testing for some other kinds of proxies. - Hiding yourself completely would require additional steps. - - -------------------------------------------------------------------------- - - 4.10. How do I use Privoxy together with Tor? - - Before you configure Privoxy to use Tor, please follow the User Manual - chapters 2. Installation and 5. Startup to make sure Privoxy itself is - setup correctly. - - If it is, refer to Tor's extensive documentation to learn how to install - Tor, and make sure Tor's logfile says that "Tor has successfully opened a - circuit" and it "looks like client functionality is working". - - If either Tor or Privoxy isn't working, their combination most likely will - neither. Testing them on their own will also help you to direct problem - reports to the right audience. If Privoxy isn't working, don't bother the - Tor developers. If Tor isn't working, don't send bug reports to the - Privoxy Team. - - If you verified that Privoxy and Tor are working, it is time to connect - them. As far as Privoxy is concerned, Tor is just another proxy that can - be reached by socks4 or socks4a. Most likely you are interested in Tor to - increase your anonymity level, therefore you should use socks4a, to make - sure DNS requests are done through Tor and thus invisible to your local - network. - - Since Privoxy 3.0.5, its main configuration file is already prepared for - Tor, if you are using a default Tor configuration and run it on the same - system as Privoxy, you just have to edit the forwarding section and - uncomment the line: - - # forward-socks4a / 127.0.0.1:9050 . - - - This is enough to reach the Internet, but additionally you might want to - uncomment the following forward rules, to make sure your local network is - still reachable through Privoxy: - - # forward 192.168.*.*/ . - # forward 10.*.*.*/ . - # forward 127.*.*.*/ . - - - Unencrypted connections to systems in these address ranges will be as - (un)secure as the local network is, but the alternative is that your - browser can't reach the network at all. Then again, that may actually be - desired and if you don't know for sure that your browser has to be able to - reach the local network, there's no reason to allow it. - - If you want your browser to be able to reach servers in your local network - by using their names, you will need additional exceptions that look like - this: - - # forward localhost/ . - - - Save the modified configuration file and open - http://config.privoxy.org/show-status/ in your browser, confirm that - Privoxy has reloaded its configuration and that there are no other forward - lines, unless you know that you need them. If everything looks good, refer - to Tor Faq 4.2 to learn how to verify that you are really using Tor. - - Afterward, please take the time to at least skim through the rest of Tor's - documentation. Make sure you understand what Tor does, why it is no - replacement for application level security, and why you probably don't - want to use it for unencrypted logins. - - -------------------------------------------------------------------------- - - 4.11. Might some things break because header information or content is being - altered? - - Definitely. It is common for sites to use browser type, browser version, - HTTP header content, and various other techniques in order to dynamically - decide what to display and how to display it. What you see, and what I - see, might be very different. There are many, many ways that this can be - handled, so having hard and fast rules, is tricky. - - The "User-Agent" is sometimes used in this way to identify the browser, - and adjust content accordingly. - - Also, different browsers use different encodings of non-English - characters, certain web servers convert pages on-the-fly according to the - User Agent header. Giving a "User Agent" with the wrong operating system - or browser manufacturer causes some sites in these languages to be - garbled; Surfers to Eastern European sites should change it to something - closer. And then some page access counters work by looking at the - "Referer" header; they may fail or break if unavailable. The weather maps - of Intellicast have been blocked by their server when no "Referer" or - cookie is provided, is another example. (But you can forge both headers - without giving information away). There are many other ways things can go - wrong when trying to fool a web server. The results of which could - inadvertently cause pages to load incorrectly, partially, or even not at - all. And there may be no obvious clues as to just what went wrong, or why. - Nowhere will there be a message that says "Turn off fast-redirects or - else! " - - Similar thoughts apply to modifying JavaScript, and, to a lesser degree, - HTML elements. - - If you have problems with a site, you will have to adjust your - configuration accordingly. Cookies are probably the most likely adjustment - that may be required, but by no means the only one. - - -------------------------------------------------------------------------- - - 4.12. Can Privoxy act as a "caching" proxy to speed up web browsing? - - No, it does not have this ability at all. You want something like Squid or - Polipo for this. And, yes, before you ask, Privoxy can co-exist with other - kinds of proxies like Squid. See the forwarding chapter in the user manual - for details. - - -------------------------------------------------------------------------- - - 4.13. What about as a firewall? Can Privoxy protect me? - - Not in the way you mean, or in the way some firewall vendors claim they - can. Privoxy can help protect your privacy, but can't protect your system - from intrusion attempts. It is, of course, perfectly possible to use both. - - -------------------------------------------------------------------------- - - 4.14. I have large empty spaces / a checkerboard pattern now where ads used - to be. Why? - - It is technically possible to eliminate banners and ads in a way that - frees their allocated page space. This could easily be done by blocking - with Privoxy's filters, and eliminating the entire image references from - the HTML page source. - - But, this would consume considerably more CPU resources (IOW, slow things - down), would likely destroy the layout of some web pages which rely on the - banners utilizing a certain amount of page space, and might fail in other - cases, where the screen space is reserved (e.g. by HTML tables for - instance). Also, making ads and banners disappear without any trace - complicates troubleshooting, and would sooner or later be problematic. - - The better alternative is to instead let them stay, and block the - resulting requests for the banners themselves as is now the case. This - leaves either empty space, or the familiar checkerboard pattern. - - So the developers won't support this in the default configuration, but you - can of course define appropriate filters yourself to achieve this. - - -------------------------------------------------------------------------- - - 4.15. How can Privoxy filter Secure (HTTPS) URLs? - - Since secure HTTP connections are encrypted SSL sessions between your - browser and the secure site, and are meant to be reliably secure, there is - little that Privoxy can do but hand the raw gibberish data though from one - end to the other unprocessed. - - The only exception to this is blocking by host patterns, as the client - needs to tell Privoxy the name of the remote server, so that Privoxy can - establish the connection. If that name matches a host-only pattern, the - connection will be blocked. - - As far as ad blocking is concerned, this is less of a restriction than it - may seem, since ad sources are often identifiable by the host name, and - often the banners to be placed in an encrypted page come unencrypted - nonetheless for efficiency reasons, which exposes them to the full power - of Privoxy's ad blocking. - - "Content cookies" (those that are embedded in the actual HTML or JS page - content, see filter{content-cookies}), in an SSL transaction will be - impossible to block under these conditions. Fortunately, this does not - seem to be a very common scenario since most cookies come by traditional - means. - - -------------------------------------------------------------------------- - - 4.16. Privoxy runs as a "server". How secure is it? Do I need to take any - special precautions? - - On Unix-like systems, Privoxy can run as a non-privileged user, which is - how we recommend it be run. Also, by default Privoxy listens to requests - from "localhost" only. - - The server aspect of Privoxy is not itself directly exposed to the - Internet in this configuration. If you want to have Privoxy serve as a LAN - proxy, this will have to be opened up to allow for LAN requests. In this - case, we'd recommend you specify only the LAN gateway address, e.g. - 192.168.1.1, in the main Privoxy configuration file and check all access - control and security options. All LAN hosts can then use this as their - proxy address in the browser proxy configuration, but Privoxy will not - listen on any external interfaces. ACLs can be defined in addition, and - using a firewall is always good too. Better safe than sorry. - - -------------------------------------------------------------------------- - - 4.17. Can I temporarily disable Privoxy? - - Privoxy doesn't have a transparent proxy mode, but you can toggle off - blocking and content filtering. - - The easiest way to do that is to point your browser to the remote toggle - URL: http://config.privoxy.org/toggle. - - See the Bookmarklets section of the User Manual for an easy way to access - this feature. Note that this is a feature that may need to be enabled in - the main config file. - - -------------------------------------------------------------------------- - - 4.18. When "disabled" is Privoxy totally out of the picture? - - No, this just means all optional filtering and actions are disabled. - Privoxy is still acting as a proxy, but just doing less of the things that - Privoxy would normally be expected to do. It is still a "middle-man" in - the interaction between your browser and web sites. See below to bypass - the proxy. - - -------------------------------------------------------------------------- - - 4.19. How can I tell Privoxy to totally ignore certain sites? - - Bypassing a proxy, or proxying based on arbitrary criteria, is purely a - browser configuration issue, not a Privoxy issue. Modern browsers - typically do have settings for not proxying certain sites. Check your - browser's help files. - - -------------------------------------------------------------------------- - - 4.20. My logs show Privoxy "crunches" ads, but also its own internal CGI - pages. What is a "crunch"? - - A "crunch" simply means Privoxy intercepted something, nothing more. Often - this is indeed ads or banners, but Privoxy uses the same mechanism for - trapping requests for its own internal pages. For instance, a request for - Privoxy's configuration page at: http://config.privoxy.org, is intercepted - (i.e. it does not go out to the 'net), and the familiar CGI configuration - is returned to the browser, and the log consequently will show a "crunch". - - Since version 3.0.7, Privoxy will also log the crunch reason. If you are - using an older version you might want to upgrade. - - -------------------------------------------------------------------------- - - 4.21. Can Privoxy effect files that I download from a webserver? FTP server? - - From the webserver's perspective, there is no difference between viewing a - document (i.e. a page), and downloading a file. The same is true of - Privoxy. If there is a match for a block pattern, it will still be - blocked, and of course this is obvious. - - Filtering is potentially more of a concern since the results are not - always so obvious, and the effects of filtering are there whether the file - is simply viewed, or downloaded. And potentially whether the content is - some obnoxious advertisement, or Mr. Jimmy's latest/greatest source code - jewel. Of course, one of these presumably is "bad" content that we don't - want, and the other is "good" content that we do want. Privoxy is blind to - the differences, and can only distinguish "good from bad" by the - configuration parameters we give it. - - Privoxy knows the differences in files according to the "Content Type" as - reported by the webserver. If this is reported accurately (e.g. - "application/zip" for a zip archive), then Privoxy knows to ignore these - where appropriate. Privoxy potentially can filter HTML as well as plain - text documents, subject to configuration parameters of course. Also, - documents that are of an unknown type (generally assumed to be - "text/plain") can be filtered, as will those that might be incorrectly - reported by the webserver. If such a file is a downloaded file that is - intended to be saved to disk, then any content that might have been - altered by filtering, will be saved too, for these (probably rare) cases. - - Note that versions later than 3.0.2 do NOT filter document types reported - as "text/plain". Prior to this, Privoxy did filter this document type. - - In short, filtering is "ON" if a) the content type as reported by the - webserver is appropriate and b) the configuration allows it (or at least - does not disallow it). That's it. There is no magic cookie anywhere to say - this is "good" and this is "bad". It's the configuration that lets it all - happen or not. - - If you download text files, you probably do not want these to be filtered, - particularly if the content is source code, or other critical content. - Source code sometimes might be mistaken for Javascript (i.e. the kind that - might open a pop-up window). It is recommended to turn off filtering for - download sites (particularly if the content may be plain text files and - you are using version 3.0.2 or earlier) in your user.action file. And - also, for any site or page where making any changes at all to the content - is to be avoided. - - Privoxy does not do FTP at all, only HTTP and HTTPS (SSL) protocols, so - please don't try. - - -------------------------------------------------------------------------- - - 4.22. I just downloaded a Perl script, and Privoxy altered it! Yikes, what - is wrong! - - Please read above. - - -------------------------------------------------------------------------- - - 4.23. Should I continue to use a "HOSTS" file for ad-blocking? - - One time-tested technique to defeat common ads is to trick the local DNS - system by giving a phony IP address for the ad generator in the local - HOSTS file, typically using 127.0.0.1, aka localhost. This effectively - blocks the ad. - - There is no reason to use this technique in conjunction with Privoxy. - Privoxy does essentially the same thing, much more elegantly and with much - more flexibility. A large HOSTS file, in fact, not only duplicates effort, - but may get in the way and seriously slow down your system. It is - recommended to remove such entries from your HOSTS file. If you think your - hosts list is neglected by Privoxy's configuration, consider adding your - list to your user.action file: - - { +block } - www.ad.example1.com - ad.example2.com - ads.galore.example.com - etc.example.com - - -------------------------------------------------------------------------- - - 4.24. Where can I find more information about Privoxy and related issues? - - Other references and sites of interest to Privoxy users: - - http://www.privoxy.org/, the Privoxy Home page. - - http://www.privoxy.org/faq/, the Privoxy FAQ. - - http://sourceforge.net/projects/ijbswa/, the Project Page for Privoxy on - SourceForge. - - http://config.privoxy.org/, the web-based user interface. Privoxy must be - running for this to work. Shortcut: http://p.p/ - - http://sourceforge.net/tracker/?group_id=11118&atid=460288, to submit - "misses" and other configuration related suggestions to the developers. - - http://www.junkbusters.com/ht/en/cookies.html, an explanation how cookies - are used to track web users. - - http://www.junkbusters.com/ijb.html, the original Internet Junkbuster. - - http://privacy.net/, a useful site to check what information about you is - leaked while you browse the web. - - http://www.squid-cache.org/, a popular caching proxy, which is often used - together with Privoxy. - - http://www.pps.jussieu.fr/~jch/software/polipo/, Polipo is a caching proxy - with advanced features like pipelining, multiplexing and caching of - partial instances. In many setups it can be used as Squid replacement. - - http://tor.eff.org/, Tor can help anonymize web browsing, web publishing, - instant messaging, IRC, SSH, and other applications. - - http://www.privoxy.org/developer-manual/, the Privoxy developer manual. - - -------------------------------------------------------------------------- - - 4.25. I've noticed that Privoxy changes "Microsoft" to "MicroSuck"! Why are - you manipulating my browsing? - - We're not. The text substitutions that you are seeing are disabled in the - default configuration as shipped. You have either manually activated the - "fun" filter which is clearly labeled "Text replacements for subversive - browsing fun!" or you are using an older Privoxy version and have - implicitly activated it by choosing the "Adventuresome" profile in the - web-based editor. Please upgrade. - - -------------------------------------------------------------------------- - - 4.26. Does Privoxy produce "valid" HTML (or XHTML)? - - Privoxy generates HTML in both its own "templates", and possibly whenever - there are text substitutions via a Privoxy filter. While this should - always conform to the HTML 4.01 specifications, it has not been validated - against this or any other standard. - - -------------------------------------------------------------------------- - -5. Troubleshooting - - 5.1. I cannot connect to any websites. Or, I am getting "connection refused" - message with every web page. Why? - - There are several possibilities: - - * Privoxy is not running. Solution: verify that Privoxy is installed - correctly, has not crashed, and is indeed running. Turn on Privoxy's - logging, and look at the logs to see what they say. - - * Or your browser is configured for a different port than what Privoxy - is using. Solution: verify that Privoxy and your browser are set to - the same port (listen-address). - - * Or if using a forwarding rule, you have a configuration problem or a - problem with a host in the forwarding chain. Solution: temporarily - alter your configuration and take the forwarders out of the equation. - - * Or you have a firewall that is interfering and blocking you. Solution: - try disabling or removing the firewall as a simple test. - - -------------------------------------------------------------------------- - - 5.2. Why am I getting a 503 Error (WSAECONNREFUSED) on every page? - - More than likely this is a problem with your TCP/IP networking. ZoneAlarm - has been reported to cause this symptom -- even if not running! The - solution is to either fight the ZA configuration, or uninstall ZoneAlarm, - and then find something better behaved in its place. Other personal - firewall type products may cause similar type problems if not configured - correctly. - - -------------------------------------------------------------------------- - - 5.3. I just added a new rule, but the steenkin ad is still getting through. - How? - - If the ad had been displayed before you added its URL, it will probably be - held in the browser's cache for some time, so it will be displayed without - the need for any request to the server, and Privoxy will not be involved. - Flush the browser's caches, and then try again. - - If this doesn't help, you probably have an error in the rule you applied. - Try pasting the full URL of the offending ad into - http://config.privoxy.org/show-url-info and see if it really matches your - new rule. Blocking ads is like blocking spam: a lot of tinkering is - required to stay ahead of the game. And remember you need to block the URL - of the ad in question, which may be entirely different from the site URL - itself. Most ads are hosted on different servers than the main site - itself. If you right-click on the ad, you should be able to get all the - relevant information you need. Alternately, you can find the correct URL - by looking at Privoxy's logs (you may need to enable logging in the main - config file if its disabled). - - Below is a slightly modified real-life log snippet that originates with - one requested URL: www.example.com (name of site was changed for this - example, the number of requests is real). You can see in this the - complexity of what goes into making up this one "page". There are eight - different domains involved here, with thirty two separate URLs requested - in all, making up all manner of images, Shockwave Flash, JavaScript, CSS - stylesheets, scripts, and other related content. Some of this content is - obviously "good" or "bad", but not all. Many of the more questionable - looking requests, are going to outside domains that seem to be identifying - themselves with suspicious looking names, making our job a little easier. - Privoxy has "crunched" (meaning caught and BLOCKED) quite a few items in - this example, but perhaps missed a few as well. - -Request: www.example.com/ -Request: www.example.com/favicon.ico -Request: img.example.com/main.css -Request: img.example.com/sr.js -Request: example.betamarker.com/example.html -Request: www.lik-sang.com/Banners/bestsellers/skyscraper.php?likref=BSellers -Request: img.example.com/pb.png -Request: www.google-analytics.com/urchin.js crunch! (Blocked) -Request: www.advertising-department.com/ats/switch.ps.php?26856 crunch! (Blocked) -Request: img.example.com/p.gif -Request: www.popuptraffic.com/assign.php?l=example&mode=behind crunch! (Blocked) -Request: www.popuptraffic.com/scripts/popup.php?hid=5c3cf&tmpl=PBa.tmpl crunch! (Blocked) -Request: www.popuptraffic.com/assign.php?l=example crunch! (Blocked) -Request: www.lik-sang.com/Banners/best_sellers/best_sellers.css -Request: www.adtrak.net/adx.js crunch! (Blocked) -Request: img.example.com/hbg.gif -Request: img.example.com/example.jpg -Request: img.example.com/mt.png -Request: img.example.com/mm.png -Request: img.example.com/mb.png -Request: www.popuptraffic.com/scripts/popup.php?hid=a71b91fa5&tmpl=Ua.tmp crunch! (Blocked) -Request: www.example.com/tracker.js -Request: www.lik-sang.com/Banners/best_sellers/lsi_head.gif -Request: www.adtrak.net/adjs.php?n=020548130&what=zone:61 crunch! (Blocked) -Request: www.adtrak.net/adjs.php?n=463594413&what=zone:58&source=Ua crunch! (Blocked) -Request: www.lik-sang.com/Banners/best_sellers/bottomani.swf -Request: mmm.elitemediagroup.net/install.php?allowpop=no&popupmincook=0&allowsp2=1 crunch! (Blocked) -Request: www.example.com/tracker.js?screen=1400x1050&win=962x693 -Request: www.adtrak.net/adlog.php?bannerid=1309&clientid=439&zoneid=61 crunch! (Blocked) -Request: 66.70.21.80/scripts/click.php?hid=5c3cf599a9efd0320d26&si -Request: 66.70.21.80/img/pixel.gif -Request: www.adtrak.net/adlog.php?bannerid=1309&clientid=439&zoneid=58&source=Ua&block=86400 crunch! (Blocked) -Request: 66.70.21.80/scripts/click.php?hid=a71b9f6504b0c5681fa5&si=Ua - - Despite 12 out of 32 requests being blocked, the page looked, and seemed - to behave perfectly "normal" (minus some ads, of course). - - -------------------------------------------------------------------------- - - 5.4. One of my favorite sites does not work with Privoxy. What can I do? - - First verify that it is indeed a Privoxy problem, by toggling off Privoxy - through http://config.privoxy.org/toggle (the toggle feature may need to - be enabled in the main config), and then shift-reloading the problem page - (i.e. holding down the shift key while clicking reload. Alternatively, - flush your browser's disk and memory caches). - - If the problem went away, we know we have a configuration related problem. - Now go to http://config.privoxy.org/show-url-info and paste the full URL - of the page in question into the prompt. See which actions are being - applied to the URL, and which matches in which actions files are - responsible for that. It might be helpful also to look at your logs for - this site too, to see what else might be happening (note: logging may need - to be enabled in the main config file). Many sites are complex and require - a number of related pages to help present their content. Look at what else - might be used by the page in question, and what of that might be required. - Now, armed with this information, go to - http://config.privoxy.org/show-status and select the appropriate actions - files for editing. - - You can now either look for a section which disables the actions that you - suspect to cause the problem and add a pattern for your site there, or - make up a completely new section for your site. In any case, the - recommended way is to disable only the prime suspect, reload the problem - page, and only if the problem persists, disable more and more actions - until you have identified the culprit. You may or may not want to turn the - other actions on again. Remember to flush your browser's caches in between - any such changes! - - Alternately, if you are comfortable with a text editor, you can accomplish - the same thing by editing the appropriate actions file. Probably the - easiest way to deal with such problems when editing by hand is to add your - site to a { fragile } section in user.action, which is an alias that turns - off most "dangerous" actions, but is also likely to turn off more actions - then needed, and thus lower your privacy and protection more than - necessary, - - Troubleshooting actions is discussed in more detail in the User Manual - appendix, Troubleshooting: the Anatomy of an Action. There is also an - actions tutorial with general configuration information and examples. - - As a last resort, you can always see if your browser has a setting that - will bypass the proxy setting for selective sites. Modern browsers can do - this. - - -------------------------------------------------------------------------- - - 5.5. After installing Privoxy, I have to log in every time I start IE. What - gives? - - This is a quirk that effects the installation of Privoxy, in conjunction - with Internet Explorer and Internet Connection Sharing on Windows 2000 and - Windows XP. The symptoms may appear to be corrupted or invalid DUN - settings, or passwords. - - When setting up an NT based Windows system with Privoxy you may find that - things do not seem to be doing what you expect. When you set your system - up you will probably have set up Internet Connection Sharing (ICS) with - Dial up Networking (DUN) when logged in with administrator privileges. You - will probably have made this DUN connection available to other accounts - that you may have set-up on your system. E.g. Mum or Dad sets up the - system and makes accounts suitably configured for the kids. - - When setting up Privoxy in this environment you will have to alter the - proxy set-up of Internet Explorer (IE) for the specific DUN connection on - which you wish to use Privoxy. When you do this the ICS DUN set-up becomes - user specific. In this instance you will see no difference if you change - the DUN connection under the account used to set-up the connection. - However when you do this from another user you will notice that the DUN - connection changes to make available to "Me only". You will also find that - you have to store the password under each different user! - - The reason for this is that each user's set-up for IE is user specific. - Each set-up DUN connection and each LAN connection in IE store the - settings for each user individually. As such this enforces individual - configurations rather than common ones. Hence the first time you use a DUN - connection after re-booting your system it may not perform as you expect, - and prompt you for the password. Just set and save the password again and - all should be OK. - - [Thanks to Ray Griffith for this submission.] - - -------------------------------------------------------------------------- - - 5.6. I cannot connect to any FTP sites. Privoxy is blocking me. - - Privoxy cannot act as a proxy for FTP traffic, so do not configure your - browser to use Privoxy as an FTP proxy. The same is true for any protocol - other than HTTP or HTTPS (SSL). - - Most browsers understand FTP as well as HTTP. If you connect to a site, - with a URL like ftp://ftp.example.com, your browser is making an FTP - connection, and not a HTTP connection. So while your browser may speak - FTP, Privoxy does not, and cannot proxy such traffic. - - To complicate matters, some systems may have a generic "proxy" setting, - which will enable various protocols, including both HTTP and FTP proxying! - So it is possible to accidentally enable FTP proxying in these cases. And - of course, if this happens, Privoxy will indeed cause problems since it - does not know FTP. Newer version will give a sane error message if a FTP - connection is attempted. Just disable the FTP setting and all will be well - again. - - Will Privoxy ever proxy FTP traffic? Unlikely. There just is not much - reason, and the work to make this happen is more than it may seem. - - -------------------------------------------------------------------------- - - 5.7. In Mac OSX, I can't configure Microsoft Internet Explorer to use - Privoxy as the HTTP proxy. - - Microsoft Internet Explorer (in versions like 5.1) respects system-wide - network settings. In order to change the HTTP proxy, open System - Preferences, and click on the Network icon. In the settings pane that - comes up, click on the Proxies tab. Ensure the "Web Proxy (HTTP)" checkbox - is checked and enter 127.0.0.1 in the entry field. Enter 8118 in the Port - field. The next time you start IE, it should reflect these values. - - -------------------------------------------------------------------------- - - 5.8. In Mac OSX, I dragged the Privoxy folder to the trash in order to - uninstall it. Now the finder tells me I don't have sufficient privileges to - empty the trash. - - Just dragging the Privoxy folder to the trash is not enough to delete it. - Privoxy supplies an uninstall.command file that takes care of these - details. Open the trash, drag the uninstall.command file out of the trash - and double-click on it. You will be prompted for confirmation and the - administration password. - - The trash may still appear full after this command; emptying the trash - from the desktop should make it appear empty again. - - -------------------------------------------------------------------------- - - 5.9. In Mac OSX Panther (10.3), images often fail to load and/or I - experience random delays in page loading. I'm using localhost as my - browser's proxy setting. - - We believe this is due to an IPv6-related bug in OSX, but don't fully - understand the issue yet. In any case, changing the proxy setting to - 127.0.0.1 instead of localhost works around the problem. - - -------------------------------------------------------------------------- - - 5.10. I get a completely blank page at one site. "View Source" shows only: - <html><body></body></html>. Without Privoxy the page loads fine. - - Chances are that the site suffers from a bug in PHP, which results in - empty pages being sent if the client explicitly requests an uncompressed - page, like Privoxy does. This bug has been fixed in PHP 4.2.3. - - To find out if this is in fact the source of the problem, try adding the - site to a -prevent-compression section in user.action: - - # Make exceptions for ill-behaved sites: - # - {-prevent-compression} - .example.com - - If that works, you may also want to report the problem to the site's - webmasters, telling them to use zlib.output_compression instead of - ob_gzhandler in their PHP applications (workaround) or upgrade to PHP - 4.2.3 or later (fix). - - -------------------------------------------------------------------------- - - 5.11. My logs show many "Unable to get my own hostname" lines. Why? - - Privoxy tries to get the hostname of the system its running on from the IP - address of the system interface it is bound to (from the config file - listen-address setting). If the system cannot supply this information, - Privoxy logs this condition. - - Typically, this would be considered a minor system configuration error. It - is not a fatal error to Privoxy however, but may result in a much slower - response from Privoxy on some platforms due to DNS timeouts. - - This can be caused by a problem with the local HOSTS file. If this file - has been changed from the original, try reverting it to see if that helps. - Make sure whatever name(s) are used for the local system, that they - resolve both ways. - - -------------------------------------------------------------------------- - - 5.12. When I try to launch Privoxy, I get an error message "port 8118 is - already in use" (or similar wording). Why? - - Port 8118 is Privoxy's default TCP "listening" port. Typically this - message would mean that there is already one instance of Privoxy running, - and your system is actually trying to start a second Privoxy on the same - port, which will not work. (You can have multiple instances but they must - be assigned different ports.) How and why this might happen varies from - platform to platform, but you need to check your installation and start-up - procedures. - - -------------------------------------------------------------------------- - - 5.13. Pages with UTF-8 fonts are garbled. - - This is caused by the "demoronizer" filter. You should either upgrade - Privoxy, or at least upgrade to the most recent default.action file - available from SourceForge. Or you can simply disable the demoronizer - filter. - - -------------------------------------------------------------------------- - - 5.14. Why are binary files (such as images) corrupted when Privoxy is used? - - This may also be caused by the "demoronizer" filter, in conjunction with a - web server that is misreporting the content type. Binary files are - exempted from Privoxy's filtering (unless the web server by mistake says - the file is something else). Either upgrade Privoxy, or go to the most - recent default.action file available from SourceForge. - - -------------------------------------------------------------------------- - - 5.15. What is the "demoronizer" and why is it there? - - The original demoronizer was a Perl script that cleaned up HTML pages - which were created with certain Microsoft products. MS has used - proprietary extensions to standardized font encodings (ISO 8859-1), which - has caused problems for pages that are viewed with non-Microsoft products - (and are expecting to see a standard set of fonts). The demoronizer - corrected these errors so the pages displayed correctly. Privoxy borrowed - from this script, introducing a filter based on the original demoronizer, - which in turn could correct these errors on the fly. - - But this is only needed in some situations, and will cause serious - problems in some other situations. - - If you are using Microsoft products, you do not need it. If you need to - view pages with UTF-8 characters (such as Cyrillic or Chinese), then it - will cause corruption of the fonts, and thus should not be on. - - On the other hand, if you use non-Microsoft products, and you occasionally - notice weird characters on pages, you might want to try it. - - -------------------------------------------------------------------------- - - 5.16. Why do I keep seeing "PrivoxyWindowOpen()" in raw source code? - - Privoxy is attempting to disable malicious Javascript in this case, with - the unsolicited-popups filter. Privoxy cannot tell very well "good" code - snippets from "bad" code snippets. - - If you see this in HTML source, and the page displays without problems, - then this is good, and likely some pop-up window was disabled. If you see - this where it is causing a problem, such as a downloaded program source - code file, then you should set an exception for this site or page such - that the integrity of the page stays in tact by disabling all filtering. - - -------------------------------------------------------------------------- - - 5.17. I am getting too many DNS errors like "404 No Such Domain". Why can't - Privoxy do this better? - - There are potentially several factors here. First of all, the DNS - resolution is done by the underlying operating system -- not Privoxy - itself. Privoxy merely initiates the process and hands it off, and then - later reports whatever the outcome was. And tries to give a coherent - message if there seems to be a problem. In some cases, this might - otherwise be mitigated by the browser itself which might try some - work-arounds and alternate approaches (e.g adding "www." to the URL). - - In other cases, if Privoxy is being chained with another proxy, this could - complicate the issue, and cause undue delays and timeouts. In the case of - a "socks4a" proxy, the socks server handles all the DNS. Privoxy would - just be the "messenger" which is reporting whatever problem occurred - downstream, and not the root cause of the error. - - In any case, versions newer than 3.0.3 include various improvements to - help Privoxy better handle these cases. - - -------------------------------------------------------------------------- - - 5.18. At one site Privoxy just hangs, and starts taking all CPU. Why is - this? - - This is probably a manifestation of the "100% cpu" problem that occurs on - pages containing many (thousands upon thousands) of blank lines. The blank - lines are in the raw HTML source of the page, and the browser just ignores - them. But the pattern matching in Privoxy's page filtering mechanism is - trying to match against absurdly long strings and this becomes very - CPU-intensive, taking a long, long time to complete. Until a better - solution comes along, disable filtering on these pages, particularly the - js-annoyances and unsolicited-popups filters. - - -------------------------------------------------------------------------- - - 5.19. I just installed Privoxy, and all my browsing has slowed to a crawl. - What gives? - - This should not happen, and for the overwhelming number of users - world-wide, it does not happen. I would suspect some inadvertent - interaction of software components such as anti-virus software, spyware - protectors, personal firewalls or similar components. Try disabling (or - uninstalling) these one at a time and see if that helps. - - -------------------------------------------------------------------------- - - 5.20. Why do my filters work on some sites but not on others? - - It's probably due to compression. It is a common practice for web servers - to send their content "compressed" in order to speed things up, and then - let the browser "uncompress" them. When compiled with zlib support Privoxy - can decompress content before filtering, otherwise you may want to enable - prevent-compression. - - -------------------------------------------------------------------------- - -6. Contacting the developers, Bug Reporting and Feature Requests - - We value your feedback. In fact, we rely on it to improve Privoxy and its - configuration. However, please note the following hints, so we can provide - you with the best support: - - -------------------------------------------------------------------------- - - 6.1. Get Support - - For casual users, our support forum at SourceForge is probably best - suited: http://sourceforge.net/tracker/?group_id=11118&atid=211118 - - All users are of course welcome to discuss their issues on the users - mailing list, where the developers also hang around. - - Note that the Privoxy mailing lists are moderated. Posts from unsubscribed - addresses have to be accepted manually by a moderator. This may cause a - delay of several days and if you use a subject that doesn't clearly - mention Privoxy or one of its features, your message may be accidentally - discarded as spam. - - If you aren't subscribed, you should therefore spend a few seconds to come - up with a proper subject. Additionally you should make it clear that you - want to get CC'd. Otherwise some responses will be directed to the mailing - list only, and you won't see them. - - -------------------------------------------------------------------------- - - 6.2. Reporting Problems - - "Problems" for our purposes, come in two forms: - - * Configuration issues, such as ads that slip through, or sites that - don't function properly due to one Privoxy "action" or another being - turned "on". - - * "Bugs" in the programming code that makes up Privoxy, such as that - might cause a crash. - - -------------------------------------------------------------------------- - - 6.2.1. Reporting Ads or Other Configuration Problems - - Please send feedback on ads that slipped through, innocent images that - were blocked, sites that don't work properly, and other configuration - related problem of default.action file, to - http://sourceforge.net/tracker/?group_id=11118&atid=460288, the Actions - File Tracker. - - New, improved default.action files may occasionally be made available - based on your feedback. These will be announced on the ijbswa-announce - list and available from our the files section of our project page. - - -------------------------------------------------------------------------- - - 6.2.2. Reporting Bugs - - Please report all bugs through our bug tracker: - http://sourceforge.net/tracker/?group_id=11118&atid=111118. - - Before doing so, please make sure that the bug has not already been - submitted and observe the additional hints at the top of the submit form. - If already submitted, please feel free to add any info to the original - report that might help to solve the issue. - - Please try to verify that it is a Privoxy bug, and not a browser or site - bug or documented behaviour that just happens to be different than what - you expected. If unsure, try toggling off Privoxy, and see if the problem - persists. - - If you are using your own custom configuration, please try the stock - configs to see if the problem is configuration related. If you're having - problems with a feature that is disabled by default, please ask around on - the mailing list if others can reproduce the problem. - - If you aren't using the latest Privoxy version, the bug may have been - found and fixed in the meantime. We would appreciate if you could take the - time to upgrade to the latest version (or even the latest CVS snapshot) - and verify that your bug still exists. - - Please be sure to provide the following information: - - * The exact Privoxy version you are using (if you got the source from - CVS, please also provide the source code revisions as shown in - http://config.privoxy.org/show-version). - - * The operating system and versions you run Privoxy on, (e.g. Windows XP - SP2), if you are using a Unix flavor, sending the output of "uname -a" - should do, in case of GNU/Linux, please also name the distribution. - - * The name, platform, and version of the browser you were using (e.g. - Internet Explorer v5.5 for Mac). - - * The URL where the problem occurred, or some way for us to duplicate - the problem (e.g. http://somesite.example.com/?somethingelse=123). - - * Whether your version of Privoxy is one supplied by the Privoxy - developers via SourceForge, or if you got your copy somewhere else. - - * Whether you are using Privoxy in tandem with another proxy such as - Tor. If so, please temporary disable the other proxy to see if the - symptoms change. - - * Whether you are using a personal firewall product. If so, does Privoxy - work without it? - - * Any other pertinent information to help identify the problem such as - config or log file excerpts (yes, you should have log file entries for - each action taken). - - You don't have to tell us your actual name when filing a problem report, - but please use a nickname so we can differentiate between your messages - and the ones entered by other "anonymous" users that may respond to your - request if they have the same problem or already found a solution. - - Please also check the status of your request a few days after submitting - it, as we may request additional information. If you use a SF id, you - should automatically get a mail when someone responds to your request. - - The appendix of the Privoxy User Manual also has helpful information on - understanding actions, and action debugging. - - -------------------------------------------------------------------------- - - 6.3. Request New Features - - You are welcome to submit ideas on new features or other proposals for - improvement through our feature request tracker at - http://sourceforge.net/tracker/?atid=361118&group_id=11118. - - -------------------------------------------------------------------------- - - 6.4. Other - - For any other issues, feel free to use the mailing lists. Technically - interested users and people who wish to contribute to the project are also - welcome on the developers list! You can find an overview of all - Privoxy-related mailing lists, including list archives, at: - http://sourceforge.net/mail/?group_id=11118. - - -------------------------------------------------------------------------- - -7. Privoxy Copyright, License and History - - Copyright (c) 2001-2008 by Privoxy Developers - <ijbswa-developers@lists.sourceforge.net> - - Some source code is based on code Copyright (c) 1997 by Anonymous Coders - and Junkbusters, Inc. and licensed under the GNU General Public License. - - Portions of this document are "borrowed" from the original Junkbuster (tm) - FAQ, and modified as appropriate for Privoxy. - - -------------------------------------------------------------------------- - - 7.1. License - - Privoxy is free software; you can redistribute it and/or modify it under - the terms of the GNU General Public License, version 2, as published by - the Free Software Foundation. - - This program is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - for more details, which is available from the Free Software Foundation, - Inc, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the - - Free Software - Foundation, Inc. 51 Franklin Street, Fifth Floor - Boston, MA 02110-1301 - USA - - -------------------------------------------------------------------------- - - 7.2. History - - A long time ago, there was the Internet Junkbuster, by Anonymous Coders - and Junkbusters Corporation. This saved many users a lot of pain in the - early days of web advertising and user tracking. - - But the web, its protocols and standards, and with it, the techniques for - forcing ads on users, give up autonomy over their browsing, and for - tracking them, keeps evolving. Unfortunately, the Internet Junkbuster did - not. Version 2.0.2, published in 1998, was (and is) the last official - release available from Junkbusters Corporation. Fortunately, it had been - released under the GNU GPL, which allowed further development by others. - - So Stefan Waldherr started maintaining an improved version of the - software, to which eventually a number of people contributed patches. It - could already replace banners with a transparent image, and had a first - version of pop-up killing, but it was still very closely based on the - original, with all its limitations, such as the lack of HTTP/1.1 support, - flexible per-site configuration, or content modification. The last release - from this effort was version 2.0.2-10, published in 2000. - - Then, some developers picked up the thread, and started turning the - software inside out, upside down, and then reassembled it, adding many new - features along the way. - - The result of this is Privoxy, whose first stable version, 3.0, was - released August, 2002. diff --git a/doc/text/user-manual.txt b/doc/text/user-manual.txt deleted file mode 100644 index 99052c6f..00000000 --- a/doc/text/user-manual.txt +++ /dev/null @@ -1,7277 +0,0 @@ - Privoxy 3.0.8 User Manual - - [Copyright[ (c) 2001 - 2008 by Privoxy Developers]] - - $Id: user-manual.txt,v 1.75 2008/01/20 08:42:48 fabiankeil Exp $ - - The Privoxy User Manual gives users information on how to install, - configure and use Privoxy. - - Privoxy is a non-caching web proxy with advanced filtering capabilities - for enhancing privacy, modifying web page data, managing HTTP cookies, - controlling access, and removing ads, banners, pop-ups and other obnoxious - Internet junk. Privoxy has a flexible configuration and can be customized - to suit individual needs and tastes. Privoxy has application for both - stand-alone systems and multi-user networks. - - Privoxy is based on Internet Junkbuster (tm). - - You can find the latest version of the Privoxy User Manual at - http://www.privoxy.org/user-manual/. Please see the Contact section on how - to contact the developers. - - -------------------------------------------------------------------------- - - Table of Contents - - 1. Introduction - - 1.1. Features - - 2. Installation - - 2.1. Binary Packages - - 2.1.1. Red Hat and Fedora RPMs - - 2.1.2. Debian and Ubuntu - - 2.1.3. Windows - - 2.1.4. Solaris - - 2.1.5. OS/2 - - 2.1.6. Mac OSX - - 2.1.7. AmigaOS - - 2.1.8. FreeBSD - - 2.1.9. Gentoo - - 2.2. Building from Source - - 2.3. Keeping your Installation Up-to-Date - - 3. What's New in this Release - - 3.1. Note to Upgraders - - 4. Quickstart to Using Privoxy - - 4.1. Quickstart to Ad Blocking - - 5. Starting Privoxy - - 5.1. Red Hat and Fedora - - 5.2. Debian - - 5.3. Windows - - 5.4. Solaris, NetBSD, FreeBSD, HP-UX and others - - 5.5. OS/2 - - 5.6. Mac OSX - - 5.7. AmigaOS - - 5.8. Gentoo - - 5.9. Command Line Options - - 6. Privoxy Configuration - - 6.1. Controlling Privoxy with Your Web Browser - - 6.2. Configuration Files Overview - - 7. The Main Configuration File - - 7.1. Local Set-up Documentation - - 7.1.1. user-manual - - 7.1.2. trust-info-url - - 7.1.3. admin-address - - 7.1.4. proxy-info-url - - 7.2. Configuration and Log File Locations - - 7.2.1. confdir - - 7.2.2. templdir - - 7.2.3. logdir - - 7.2.4. actionsfile - - 7.2.5. filterfile - - 7.2.6. logfile - - 7.2.7. jarfile - - 7.2.8. trustfile - - 7.3. Debugging - - 7.3.1. debug - - 7.3.2. single-threaded - - 7.4. Access Control and Security - - 7.4.1. listen-address - - 7.4.2. toggle - - 7.4.3. enable-remote-toggle - - 7.4.4. enable-remote-http-toggle - - 7.4.5. enable-edit-actions - - 7.4.6. enforce-blocks - - 7.4.7. ACLs: permit-access and deny-access - - 7.4.8. buffer-limit - - 7.5. Forwarding - - 7.5.1. forward - - 7.5.2. forward-socks4 and forward-socks4a - - 7.5.3. Advanced Forwarding Examples - - 7.5.4. forwarded-connect-retries - - 7.5.5. accept-intercepted-requests - - 7.5.6. allow-cgi-request-crunching - - 7.5.7. split-large-forms - - 7.6. Windows GUI Options - - 8. Actions Files - - 8.1. Finding the Right Mix - - 8.2. How to Edit - - 8.3. How Actions are Applied to Requests - - 8.4. Patterns - - 8.4.1. The Domain Pattern - - 8.4.2. The Path Pattern - - 8.4.3. The Tag Pattern - - 8.5. Actions - - 8.5.1. add-header - - 8.5.2. block - - 8.5.3. client-header-filter - - 8.5.4. client-header-tagger - - 8.5.5. content-type-overwrite - - 8.5.6. crunch-client-header - - 8.5.7. crunch-if-none-match - - 8.5.8. crunch-incoming-cookies - - 8.5.9. crunch-server-header - - 8.5.10. crunch-outgoing-cookies - - 8.5.11. deanimate-gifs - - 8.5.12. downgrade-http-version - - 8.5.13. fast-redirects - - 8.5.14. filter - - 8.5.15. force-text-mode - - 8.5.16. forward-override - - 8.5.17. handle-as-empty-document - - 8.5.18. handle-as-image - - 8.5.19. hide-accept-language - - 8.5.20. hide-content-disposition - - 8.5.21. hide-if-modified-since - - 8.5.22. hide-forwarded-for-headers - - 8.5.23. hide-from-header - - 8.5.24. hide-referrer - - 8.5.25. hide-user-agent - - 8.5.26. inspect-jpegs - - 8.5.27. kill-popups - - 8.5.28. limit-connect - - 8.5.29. prevent-compression - - 8.5.30. overwrite-last-modified - - 8.5.31. redirect - - 8.5.32. send-vanilla-wafer - - 8.5.33. send-wafer - - 8.5.34. server-header-filter - - 8.5.35. server-header-tagger - - 8.5.36. session-cookies-only - - 8.5.37. set-image-blocker - - 8.5.38. treat-forbidden-connects-like-blocks - - 8.5.39. Summary - - 8.6. Aliases - - 8.7. Actions Files Tutorial - - 8.7.1. default.action - - 8.7.2. user.action - - 9. Filter Files - - 9.1. Filter File Tutorial - - 9.2. The Pre-defined Filters - - 10. Privoxy's Template Files - - 11. Contacting the Developers, Bug Reporting and Feature Requests - - 11.1. Get Support - - 11.2. Reporting Problems - - 11.2.1. Reporting Ads or Other Configuration - Problems - - 11.2.2. Reporting Bugs - - 11.3. Request New Features - - 11.4. Other - - 12. Privoxy Copyright, License and History - - 12.1. License - - 12.2. History - - 12.3. Authors - - 13. See Also - - 14. Appendix - - 14.1. Regular Expressions - - 14.2. Privoxy's Internal Pages - - 14.2.1. Bookmarklets - - 14.3. Chain of Events - - 14.4. Troubleshooting: Anatomy of an Action - -1. Introduction - - This documentation is included with the current stable version of Privoxy, - v.3.0.8. - - -------------------------------------------------------------------------- - - 1.1. Features - - In addition to the core features of ad blocking and cookie management, - Privoxy provides many supplemental features, that give the end-user more - control, more privacy and more freedom: - - * Can be run as an "intercepting" proxy, which obviates the need to - configure browsers individually. - - * Sophisticated actions and filters for manipulating both server and - client headers. - - * Can be chained with other proxies. - - * Integrated browser based configuration and control utility at - http://config.privoxy.org/ (shortcut: http://p.p/). Browser-based - tracing of rule and filter effects. Remote toggling. - - * Web page filtering (text replacements, removes banners based on size, - invisible "web-bugs", JavaScript and HTML annoyances, pop-up windows, - etc.) - - * Modularized configuration that allows for standard settings and user - settings to reside in separate files, so that installing updated - actions files won't overwrite individual user settings. - - * Support for Perl Compatible Regular Expressions in the configuration - files, and a more sophisticated and flexible configuration syntax. - - * Improved cookie management features (e.g. session based cookies). - - * GIF de-animation. - - * Bypass many click-tracking scripts (avoids script redirection). - - * Multi-threaded (POSIX and native threads). - - * User-customizable HTML templates for all proxy-generated pages (e.g. - "blocked" page). - - * Auto-detection and re-reading of config file changes. - - * Improved signal handling, and a true daemon mode (Unix). - - * Every feature now controllable on a per-site or per-location basis, - configuration more powerful and versatile over-all. - - * Many smaller new features added, limitations and bugs removed, and - security holes fixed. - - -------------------------------------------------------------------------- - -2. Installation - - Privoxy is available both in convenient pre-compiled packages for a wide - range of operating systems, and as raw source code. For most users, we - recommend using the packages, which can be downloaded from our Privoxy - Project Page. - - Note: On some platforms, the installer may remove previously installed - versions, if found. (See below for your platform). In any case be sure to - backup your old configuration if it is valuable to you. See the note to - upgraders section below. - - -------------------------------------------------------------------------- - - 2.1. Binary Packages - - How to install the binary packages depends on your operating system: - - -------------------------------------------------------------------------- - - 2.1.1. Red Hat and Fedora RPMs - - RPMs can be installed with rpm -Uvh privoxy-3.0.8-1.rpm, and will use - /etc/privoxy for the location of configuration files. - - Note that on Red Hat, Privoxy will not be automatically started on system - boot. You will need to enable that using chkconfig, ntsysv, or similar - methods. - - If you have problems with failed dependencies, try rebuilding the SRC RPM: - rpm --rebuild privoxy-3.0.8-1.src.rpm. This will use your locally - installed libraries and RPM version. - - Also note that if you have a Junkbuster RPM installed on your system, you - need to remove it first, because the packages conflict. Otherwise, RPM - will try to remove Junkbuster automatically if found, before installing - Privoxy. - - -------------------------------------------------------------------------- - - 2.1.2. Debian and Ubuntu - - DEBs can be installed with apt-get install privoxy, and will use - /etc/privoxy for the location of configuration files. - - -------------------------------------------------------------------------- - - 2.1.3. Windows - - Just double-click the installer, which will guide you through the - installation process. You will find the configuration files in the same - directory as you installed Privoxy in. - - Version 3.0.5 beta introduced full Windows service functionality. On - Windows only, the Privoxy program has two new command line arguments to - install and uninstall Privoxy as a service. - - Arguments: - - --install[:service_name] - - --uninstall[:service_name] - - After invoking Privoxy with --install, you will need to bring up the - Windows service console to assign the user you want Privoxy to run under, - and whether or not you want it to run whenever the system starts. You can - start the Windows services console with the following command: - services.msc. If you do not take the manual step of modifying Privoxy's - service settings, it will not start. Note too that you will need to give - Privoxy a user account that actually exists, or it will not be permitted - to write to its log and configuration files. - - -------------------------------------------------------------------------- - - 2.1.4. Solaris - - Create a new directory, cd to it, then unzip and untar the archive. For - the most part, you'll have to figure out where things go. - - -------------------------------------------------------------------------- - - 2.1.5. OS/2 - - First, make sure that no previous installations of Junkbuster and / or - Privoxy are left on your system. Check that no Junkbuster or Privoxy - objects are in your startup folder. - - Then, just double-click the WarpIN self-installing archive, which will - guide you through the installation process. A shadow of the Privoxy - executable will be placed in your startup folder so it will start - automatically whenever OS/2 starts. - - The directory you choose to install Privoxy into will contain all of the - configuration files. - - -------------------------------------------------------------------------- - - 2.1.6. Mac OSX - - Unzip the downloaded file (you can either double-click on the file from - the finder, or from the desktop if you downloaded it there). Then, - double-click on the package installer icon named Privoxy.pkg and follow - the installation process. Privoxy will be installed in the folder - /Library/Privoxy. It will start automatically whenever you start up. To - prevent it from starting automatically, remove or rename the folder - /Library/StartupItems/Privoxy. - - To start Privoxy by hand, double-click on StartPrivoxy.command in the - /Library/Privoxy folder. Or, type this command in the Terminal: - - /Library/Privoxy/StartPrivoxy.command - - - You will be prompted for the administrator password. - - -------------------------------------------------------------------------- - - 2.1.7. AmigaOS - - Copy and then unpack the lha archive to a suitable location. All necessary - files will be installed into Privoxy directory, including all - configuration and log files. To uninstall, just remove this directory. - - -------------------------------------------------------------------------- - - 2.1.8. FreeBSD - - Privoxy is part of FreeBSD's Ports Collection, you can build and install - it with cd /usr/ports/www/privoxy; make install clean. - - If you don't use the ports, you can fetch and install the package with - pkg_add -r privoxy. - - The port skeleton and the package can also be downloaded from the File - Release Page, but there's no reason to use them unless you're interested - in the beta releases which are only available there. - - -------------------------------------------------------------------------- - - 2.1.9. Gentoo - - Gentoo source packages (Ebuilds) for Privoxy are contained in the Gentoo - Portage Tree (they are not on the download page, but there is a Gentoo - section, where you can see when a new Privoxy Version is added to the - Portage Tree). - - Before installing Privoxy under Gentoo just do first emerge rsync to get - the latest changes from the Portage tree. With emerge privoxy you install - the latest version. - - Configuration files are in /etc/privoxy, the documentation is in - /usr/share/doc/privoxy-3.0.8 and the Log directory is in /var/log/privoxy. - - -------------------------------------------------------------------------- - - 2.2. Building from Source - - The most convenient way to obtain the Privoxy sources is to download the - source tarball from our project download page. - - If you like to live on the bleeding edge and are not afraid of using - possibly unstable development versions, you can check out the - up-to-the-minute version directly from the CVS repository. - - To build Privoxy from source, autoconf, GNU make (gmake), and, of course, - a C compiler like gcc are required. - - When building from a source tarball, first unpack the source: - - tar xzvf privoxy-3.0.8-src* [.tgz or .tar.gz] - cd privoxy-3.0.8 - - For retrieving the current CVS sources, you'll need a CVS client - installed. Note that sources from CVS are typically development quality, - and may not be stable, or well tested. To download CVS source, check the - Sourceforge documentation, which might give commands like: - - cvs -d:pserver:anonymous@ijbswa.cvs.sourceforge.net:/cvsroot/ijbswa login - cvs -z3 -d:pserver:anonymous@ijbswa.cvs.sourceforge.net:/cvsroot/ijbswa co current - cd current - - This will create a directory named current/, which will contain the source - tree. - - You can also check out any Privoxy "branch", just exchange the current - name with the wanted branch name (Example: v_3_0_branch for the 3.0 cvs - tree). - - It is also strongly recommended to not run Privoxy as root. You should - configure/install/run Privoxy as an unprivileged user, preferably by - creating a "privoxy" user and group just for this purpose. See your local - documentation for the correct command line to do add new users and groups - (something like adduser, but the command syntax may vary from platform to - platform). - - /etc/passwd might then look like: - - privoxy:*:7777:7777:privoxy proxy:/no/home:/no/shell - - And then /etc/group, like: - - privoxy:*:7777: - - Some binary packages may do this for you. - - Then, to build from either unpacked tarball or CVS source: - - autoheader - autoconf - ./configure # (--help to see options) - make # (the make from GNU, sometimes called gmake) - su # Possibly required - make -n install # (to see where all the files will go) - make -s install # (to really install, -s to silence output) - - Using GNU make, you can have the first four steps automatically done for - you by just typing: - - make - - in the freshly downloaded or unpacked source directory. - - To build an executable with security enhanced features so that users - cannot easily bypass the proxy (e.g. "Go There Anyway"), or alter their - own configurations, configure like this: - - ./configure --disable-toggle --disable-editor --disable-force - - Then build as above. In Privoxy 3.0.7 and later, all of these options can - also be disabled through the configuration file. - - WARNING: If installing as root, the install will fail unless a non-root - user or group is specified, or a privoxy user and group already exist on - the system. If a non-root user is specified, and no group, then the - installation will try to also use a group of the same name as "user". If a - group is specified (and no user), then the support files will be installed - as writable by that group, and owned by the user running the installation. - - configure accepts --with-user and --with-group options for setting user - and group ownership of the configuration files (which need to be writable - by the daemon). The specified user must already exist. When starting - Privoxy, it must be run as this same user to insure write access to - configuration and log files! - - Alternately, you can specify user and group on the make command line, but - be sure both already exist: - - make -s install USER=privoxy GROUP=privoxy - - The default installation path for make install is /usr/local. This may of - course be customized with the various ./configure path options. If you are - doing an install to anywhere besides /usr/local, be sure to set the - appropriate paths with the correct configure options (./configure --help). - Non-privileged users must of course have write access permissions to - wherever the target installation is going. - - If you do install to /usr/local, the install will use - sysconfdir=$prefix/etc/privoxy by default. All other destinations, and the - direct usage of --sysconfdir flag behave like normal, i.e. will not add - the extra privoxy directory. This is for a safer install, as there may - already exist another program that uses a file with the "config" name, and - thus makes /usr/local/etc cleaner. - - If installing to /usr/local, the documentation will go by default to - $prefix/share/doc. But if this directory doesn't exist, it will then try - $prefix/doc and install there before creating a new $prefix/share/doc just - for Privoxy. - - Again, if the installs goes to /usr/local, the localstatedir (ie: var/) - will default to /var instead of $prefix/var so the logs will go to - /var/log/privoxy/, and the pid file will be created in - /var/run/privoxy.pid. - - make install will attempt to set the correct values in config (main - configuration file). You should check this to make sure all values are - correct. If appropriate, an init script will be installed, but it is up to - the user to determine how and where to start Privoxy. The init script - should be checked for correct paths and values, if anything other than a - default install is done. - - If install finds previous versions of local configuration files, most of - these will not be overwritten, and the new ones will be installed with a - "new" extension. default.action, default.filter, and standard.action will - be overwritten. You will then need to manually update the other installed - configuration files as needed. The default template files will be - overwritten. If you have customized, local templates, these should be - stored safely in a separate directory and defined in config by the - "templdir" directive. It is of course wise to always back-up any important - configuration files "just in case". If a previous version of Privoxy is - already running, you will have to restart it manually. - - For more detailed instructions on how to build Redhat RPMs, Windows - self-extracting installers, building on platforms with special - requirements etc, please consult the developer manual. - - -------------------------------------------------------------------------- - - 2.3. Keeping your Installation Up-to-Date - - As user feedback comes in and development continues, we will make updated - versions of both the main actions file (as a separate package) and the - software itself (including the actions file) available for download. - - If you wish to receive an email notification whenever we release updates - of Privoxy or the actions file, subscribe to our announce mailing list, - ijbswa-announce@lists.sourceforge.net. - - In order not to lose your personal changes and adjustments when updating - to the latest default.action file we strongly recommend that you use - user.action and user.filter for your local customizations of Privoxy. See - the Chapter on actions files for details. - - -------------------------------------------------------------------------- - -3. What's New in this Release - - There are many improvements and new features since Privoxy 3.0.6, the last - stable release: - - * Two new actions server-header-tagger and client-header-tagger that can - be used to create arbitrary "tags" based on client and server headers. - These "tags" can then subsequently be used to control the other - actions used for the current request, greatly increasing Privoxy's - flexibility and selectivity. See tag patterns for more information on - tags. - - * Header filtering is done with dedicated header filters now. As a - result the actions "filter-client-headers" and "filter-server-headers" - that were introduced with Privoxy 3.0.5 to apply content filters to - the headers have been removed. See the new actions - server-header-filter and client-header-filter for details. - - * There are four new options for the main config file: - - * allow-cgi-request-crunching which allows requests for Privoxy's - internal CGI pages to be blocked, redirected or (un)trusted like - ordinary requests. - - * split-large-forms that will work around a browser bug that caused - IE6 and IE7 to ignore the Submit button on the Privoxy's - edit-actions-for-url CGI page. - - * accept-intercepted-requests which allows to combine Privoxy with - any packet filter to create an intercepting proxy for HTTP/1.1 - requests (and for HTTP/1.0 requests with Host header set). This - means clients can be forced to use Privoxy even if their proxy - settings are configured differently. - - * templdir to designate an alternate location for Privoxy's locally - customized CGI templates so that these are not overwritten during - upgrades. - - * A new command line option --pre-chroot-nslookup hostname to initialize - the resolver library before chroot'ing. On some systems this reduces - the number of files that must be copied into the chroot tree. (Patch - provided by Stephen Gildea) - - * The forward-override action allows changing of the forwarding settings - through the actions files. Combined with tags, this allows to choose - the forwarder based on client headers like the User-Agent, or the - request origin. - - * The redirect action can now use regular expression substitutions - against the original URL. - - * zlib support is now available as a compile time option to filter - compressed content. Patch provided by Wil Mahan. - - * Improve various filters, and add new ones. - - * Include support for RFC 3253 so that Subversion works with Privoxy. - Patch provided by Petr Kadlec. - - * Logging can be completely turned off by not specifying a logfile - directive. - - * A number of improvements to Privoxy's internal CGI pages, including - the use of favicons for error and control pages. - - * Many bugfixes, memory leaks addressed, code improvements, and logging - improvements. - - For a more detailed list of changes please have a look at the ChangeLog. - - -------------------------------------------------------------------------- - - 3.1. Note to Upgraders - - A quick list of things to be aware of before upgrading from earlier - versions of Privoxy: - - * The recommended way to upgrade Privoxy is to backup your old - configuration files, install the new ones, verify that Privoxy is - working correctly and finally merge back your changes using diff and - maybe patch. - - There are a number of new features in each Privoxy release and most of - them have to be explicitly enabled in the configuration files. Old - configuration files obviously don't do that and due to syntax changes - using old configuration files with a new Privoxy isn't always possible - anyway. - - * Note that some installers remove earlier versions completely, - including configuration files, therefore you should really save any - important configuration files! - - * On the other hand, other installers don't overwrite existing - configuration files, thinking you will want to do that yourself. - - * standard.action now only includes the enabled actions. Not all actions - as before. - - * In the default configuration only fatal errors are logged now. You can - change that in the debug section of the configuration file. You may - also want to enable more verbose logging until you verified that the - new Privoxy version is working as expected. - - * Three other config file settings are now off by default: - enable-remote-toggle, enable-remote-http-toggle, and - enable-edit-actions. If you use or want these, you will need to - explicitly enable them, and be aware of the security issues involved. - - * The "filter-client-headers" and "filter-server-headers" actions that - were introduced with Privoxy 3.0.5 to apply content filters to the - headers have been removed and replaced with new actions. See the - What's New section above. - - -------------------------------------------------------------------------- - -4. Quickstart to Using Privoxy - - * Install Privoxy. See the Installation Section below for platform - specific information. - - * Advanced users and those who want to offer Privoxy service to more - than just their local machine should check the main config file, - especially the security-relevant options. These are off by default. - - * Start Privoxy, if the installation program has not done this already - (may vary according to platform). See the section Starting Privoxy. - - * Set your browser to use Privoxy as HTTP and HTTPS (SSL) proxy by - setting the proxy configuration for address of 127.0.0.1 and port - 8118. DO NOT activate proxying for FTP or any protocols besides HTTP - and HTTPS (SSL) unless you intend to prevent your browser from using - these protocols. - - * Flush your browser's disk and memory caches, to remove any cached ad - images. If using Privoxy to manage cookies, you should remove any - currently stored cookies too. - - * A default installation should provide a reasonable starting point for - most. There will undoubtedly be occasions where you will want to - adjust the configuration, but that can be dealt with as the need - arises. Little to no initial configuration is required in most cases, - you may want to enable the web-based action editor though. Be sure to - read the warnings first. - - See the Configuration section for more configuration options, and how - to customize your installation. You might also want to look at the - next section for a quick introduction to how Privoxy blocks ads and - banners. - - * If you experience ads that slip through, innocent images that are - blocked, or otherwise feel the need to fine-tune Privoxy's behavior, - take a look at the actions files. As a quick start, you might find the - richly commented examples helpful. You can also view and edit the - actions files through the web-based user interface. The Appendix - "Troubleshooting: Anatomy of an Action" has hints on how to understand - and debug actions that "misbehave". - - * Please see the section Contacting the Developers on how to report - bugs, problems with websites or to get help. - - * Now enjoy surfing with enhanced control, comfort and privacy! - - -------------------------------------------------------------------------- - - 4.1. Quickstart to Ad Blocking - - Ad blocking is but one of Privoxy's array of features. Many of these - features are for the technically minded advanced user. But, ad and banner - blocking is surely common ground for everybody. - - This section will provide a quick summary of ad blocking so you can get up - to speed quickly without having to read the more extensive information - provided below, though this is highly recommended. - - First a bit of a warning ... blocking ads is much like blocking SPAM: the - more aggressive you are about it, the more likely you are to block things - that were not intended. And the more likely that some things may not work - as intended. So there is a trade off here. If you want extreme ad free - browsing, be prepared to deal with more "problem" sites, and to spend more - time adjusting the configuration to solve these unintended consequences. - In short, there is not an easy way to eliminate all ads. Either take the - easy way and settle for most ads blocked with the default configuration, - or jump in and tweak it for your personal surfing habits and preferences. - - Secondly, a brief explanation of Privoxy's "actions". "Actions" in this - context, are the directives we use to tell Privoxy to perform some task - relating to HTTP transactions (i.e. web browsing). We tell Privoxy to take - some "action". Each action has a unique name and function. While there are - many potential actions in Privoxy's arsenal, only a few are used for ad - blocking. Actions, and action configuration files, are explained in depth - below. - - Actions are specified in Privoxy's configuration, followed by one or more - URLs to which the action should apply. URLs can actually be URL type - patterns that use wildcards so they can apply potentially to a range of - similar URLs. The actions, together with the URL patterns are called a - section. - - When you connect to a website, the full URL will either match one or more - of the sections as defined in Privoxy's configuration, or not. If so, then - Privoxy will perform the respective actions. If not, then nothing special - happens. Furthermore, web pages may contain embedded, secondary URLs that - your web browser will use to load additional components of the page, as it - parses the original page's HTML content. An ad image for instance, is just - an URL embedded in the page somewhere. The image itself may be on the same - server, or a server somewhere else on the Internet. Complex web pages will - have many such embedded URLs. Privoxy can deal with each URL individually, - so, for instance, the main page text is not touched, but images from - such-and-such server are blocked. - - The most important actions for basic ad blocking are: block, - handle-as-image, handle-as-empty-document,and set-image-blocker: - - * block - this is perhaps the single most used action, and is - particularly important for ad blocking. This action stops any contact - between your browser and any URL patterns that match this action's - configuration. It can be used for blocking ads, but also anything that - is determined to be unwanted. By itself, it simply stops any - communication with the remote server and sends Privoxy's own built-in - BLOCKED page instead to let you now what has happened (with some - exceptions, see below). - - * handle-as-image - tells Privoxy to treat this URL as an image. - Privoxy's default configuration already does this for all common image - types (e.g. GIF), but there are many situations where this is not so - easy to determine. So we'll force it in these cases. This is - particularly important for ad blocking, since only if we know that - it's an image of some kind, can we replace it with an image of our - choosing, instead of the Privoxy BLOCKED page (which would only result - in a "broken image" icon). There are some limitations to this though. - For instance, you can't just brute-force an image substitution for an - entire HTML page in most situations. - - * handle-as-empty-document - sends an empty document instead of - Privoxy's normal BLOCKED HTML page. This is useful for file types that - are neither HTML nor images, such as blocking JavaScript files. - - * set-image-blocker - tells Privoxy what to display in place of an ad - image that has hit a block rule. For this to come into play, the URL - must match a block action somewhere in the configuration, and, it must - also match an handle-as-image action. - - The configuration options on what to display instead of the ad are: - - pattern - a checkerboard pattern, so that an ad replacement is - obvious. This is the default. - - blank - A very small empty GIF image is displayed. This is the - so-called "invisible" configuration option. - - http://<URL> - A redirect to any image anywhere of the user's - choosing (advanced usage). - - Advanced users will eventually want to explore Privoxy filters as well. - Filters are very different from blocks. A "block" blocks a site, page, or - unwanted contented. Filters are a way of filtering or modifying what is - actually on the page. An example filter usage: a text replacement of - "no-no" for "nasty-word". That is a very simple example. This process can - be used for ad blocking, but it is more in the realm of advanced usage and - has some pitfalls to be wary off. - - The quickest way to adjust any of these settings is with your browser - through the special Privoxy editor at - http://config.privoxy.org/show-status (shortcut: http://p.p/show-status). - This is an internal page, and does not require Internet access. - - Note that as of Privoxy 3.0.7 beta the action editor is disabled by - default. Check the enable-edit-actions section in the configuration file - to learn why and in which cases it's safe to enable again. - - If you decided to enable the action editor, select the appropriate - "actions" file, and click "Edit". It is best to put personal or local - preferences in user.action since this is not meant to be overwritten - during upgrades, and will over-ride the settings in other files. Here you - can insert new "actions", and URLs for ad blocking or other purposes, and - make other adjustments to the configuration. Privoxy will detect these - changes automatically. - - A quick and simple step by step example: - - * Right click on the ad image to be blocked, then select "Copy Link - Location" from the pop-up menu. - - * Set your browser to http://config.privoxy.org/show-status - - * Find user.action in the top section, and click on "Edit": - - Figure 1. Actions Files in Use - - * You should have a section with only block listed under "Actions:". If - not, click a "Insert new section below" button, and in the new section - that just appeared, click the Edit button right under the word - "Actions:". This will bring up a list of all actions. Find block near - the top, and click in the "Enabled" column, then "Submit" just below - the list. - - * Now, in the block actions section, click the "Add" button, and paste - the URL the browser got from "Copy Link Location". Remove the http:// - at the beginning of the URL. Then, click "Submit" (or "OK" if in a - pop-up window). - - * Now go back to the original page, and press SHIFT-Reload (or flush all - browser caches). The image should be gone now. - - This is a very crude and simple example. There might be good reasons to - use a wildcard pattern match to include potentially similar images from - the same site. For a more extensive explanation of "patterns", and the - entire actions concept, see the Actions section. - - For advanced users who want to hand edit their config files, you might - want to now go to the Actions Files Tutorial. The ideas explained therein - also apply to the web-based editor. - - There are also various filters that can be used for ad blocking (filters - are a special subset of actions). These fall into the "advanced" usage - category, and are explained in depth in later sections. - - -------------------------------------------------------------------------- - -5. Starting Privoxy - - Before launching Privoxy for the first time, you will want to configure - your browser(s) to use Privoxy as a HTTP and HTTPS (SSL) proxy. The - default is 127.0.0.1 (or localhost) for the proxy address, and port 8118 - (earlier versions used port 8000). This is the one configuration step that - must be done! - - Please note that Privoxy can only proxy HTTP and HTTPS traffic. It will - not work with FTP or other protocols. - - Figure 2. Proxy Configuration Showing Mozilla/Netscape HTTP and HTTPS - (SSL) Settings - - With Firefox, this is typically set under: - - Tools -> Options -> Advanced -> Network ->Connection -> Settings - - - Or optionally on some platforms: - - Edit -> Preferences -> General -> Connection Settings -> Manual Proxy - Configuration - - - With Netscape (and Mozilla), this can be set under: - - Edit -> Preferences -> Advanced -> Proxies -> HTTP Proxy - - - For Internet Explorer v.5-7: - - Tools -> Internet Options -> Connections -> LAN Settings - - Then, check "Use Proxy" and fill in the appropriate info (Address: - 127.0.0.1, Port: 8118). Include HTTPS (SSL), if you want HTTPS proxy - support too (sometimes labeled "Secure"). Make sure any checkboxes like - "Use the same proxy server for all protocols" is UNCHECKED. You want only - HTTP and HTTPS (SSL)! - - Figure 3. Proxy Configuration Showing Internet Explorer HTTP and HTTPS - (Secure) Settings - - After doing this, flush your browser's disk and memory caches to force a - re-reading of all pages and to get rid of any ads that may be cached. - Remove any cookies, if you want Privoxy to manage that. You are now ready - to start enjoying the benefits of using Privoxy! - - Privoxy itself is typically started by specifying the main configuration - file to be used on the command line. If no configuration file is specified - on the command line, Privoxy will look for a file named config in the - current directory. Except on Win32 where it will try config.txt. - - -------------------------------------------------------------------------- - - 5.1. Red Hat and Fedora - - A default Red Hat installation may not start Privoxy upon boot. It will - use the file /etc/privoxy/config as its main configuration file. - - # /etc/rc.d/init.d/privoxy start - - Or ... - - # service privoxy start - - -------------------------------------------------------------------------- - - 5.2. Debian - - We use a script. Note that Debian typically starts Privoxy upon booting - per default. It will use the file /etc/privoxy/config as its main - configuration file. - - # /etc/init.d/privoxy start - - -------------------------------------------------------------------------- - - 5.3. Windows - - Click on the Privoxy Icon to start Privoxy. If no configuration file is - specified on the command line, Privoxy will look for a file named - config.txt. Note that Windows will automatically start Privoxy when the - system starts if you chose that option when installing. - - Privoxy can run with full Windows service functionality. On Windows only, - the Privoxy program has two new command line arguments to install and - uninstall Privoxy as a service. See the Windows Installation instructions - for details. - - -------------------------------------------------------------------------- - - 5.4. Solaris, NetBSD, FreeBSD, HP-UX and others - - Example Unix startup command: - - # /usr/sbin/privoxy /etc/privoxy/config - - -------------------------------------------------------------------------- - - 5.5. OS/2 - - During installation, Privoxy is configured to start automatically when the - system restarts. You can start it manually by double-clicking on the - Privoxy icon in the Privoxy folder. - - -------------------------------------------------------------------------- - - 5.6. Mac OSX - - During installation, Privoxy is configured to start automatically when the - system restarts. To start Privoxy manually, double-click on the - StartPrivoxy.command icon in the /Library/Privoxy folder. Or, type this - command in the Terminal: - - /Library/Privoxy/StartPrivoxy.command - - - You will be prompted for the administrator password. - - -------------------------------------------------------------------------- - - 5.7. AmigaOS - - Start Privoxy (with RUN <>NIL:) in your startnet script (AmiTCP), in - s:user-startup (RoadShow), as startup program in your startup script - (Genesis), or as startup action (Miami and MiamiDx). Privoxy will - automatically quit when you quit your TCP/IP stack (just ignore the - harmless warning your TCP/IP stack may display that Privoxy is still - running). - - -------------------------------------------------------------------------- - - 5.8. Gentoo - - A script is again used. It will use the file /etc/privoxy/config as its - main configuration file. - - /etc/init.d/privoxy start - - - Note that Privoxy is not automatically started at boot time by default. - You can change this with the rc-update command. - - rc-update add privoxy default - - - -------------------------------------------------------------------------- - - 5.9. Command Line Options - - Privoxy may be invoked with the following command-line options: - - * --version - - Print version info and exit. Unix only. - - * --help - - Print short usage info and exit. Unix only. - - * --no-daemon - - Don't become a daemon, i.e. don't fork and become process group - leader, and don't detach from controlling tty. Unix only. - - * --pidfile FILE - - On startup, write the process ID to FILE. Delete the FILE on exit. - Failure to create or delete the FILE is non-fatal. If no FILE option - is given, no PID file will be used. Unix only. - - * --user USER[.GROUP] - - After (optionally) writing the PID file, assume the user ID of USER, - and if included the GID of GROUP. Exit if the privileges are not - sufficient to do so. Unix only. - - * --chroot - - Before changing to the user ID given in the --user option, chroot to - that user's home directory, i.e. make the kernel pretend to the - Privoxy process that the directory tree starts there. If set up - carefully, this can limit the impact of possible vulnerabilities in - Privoxy to the files contained in that hierarchy. Unix only. - - * --pre-chroot-nslookup hostname - - Specifies a hostname to look up before doing a chroot. On some - systems, initializing the resolver library involves reading config - files from /etc and/or loading additional shared libraries from /lib. - On these systems, doing a hostname lookup before the chroot reduces - the number of files that must be copied into the chroot tree. - - For fastest startup speed, a good value is a hostname that is not in - /etc/hosts but that your local name server (listed in - /etc/resolv.conf) can resolve without recursion (that is, without - having to ask any other name servers). The hostname need not exist, - but if it doesn't, an error message (which can be ignored) will be - output. - - * configfile - - If no configfile is included on the command line, Privoxy will look - for a file named "config" in the current directory (except on Win32 - where it will look for "config.txt" instead). Specify full path to - avoid confusion. If no config file is found, Privoxy will fail to - start. - - On MS Windows only there are two additional command-line options to allow - Privoxy to install and run as a service. See the Window Installation - section for details. - - -------------------------------------------------------------------------- - -6. Privoxy Configuration - - All Privoxy configuration is stored in text files. These files can be - edited with a text editor. Many important aspects of Privoxy can also be - controlled easily with a web browser. - - -------------------------------------------------------------------------- - - 6.1. Controlling Privoxy with Your Web Browser - - Privoxy's user interface can be reached through the special URL - http://config.privoxy.org/ (shortcut: http://p.p/), which is a built-in - page and works without Internet access. You will see the following - section: - - - - Privoxy Menu - - View & change the current configuration - - View the source code version numbers - - View the request headers. - - Look up which actions apply to a URL and why - - Toggle Privoxy on or off - - Documentation - - - This should be self-explanatory. Note the first item leads to an editor - for the actions files, which is where the ad, banner, cookie, and URL - blocking magic is configured as well as other advanced features of - Privoxy. This is an easy way to adjust various aspects of Privoxy - configuration. The actions file, and other configuration files, are - explained in detail below. - - "Toggle Privoxy On or Off" is handy for sites that might have problems - with your current actions and filters. You can in fact use it as a test to - see whether it is Privoxy causing the problem or not. Privoxy continues to - run as a proxy in this case, but all manipulation is disabled, i.e. - Privoxy acts like a normal forwarding proxy. There is even a toggle - Bookmarklet offered, so that you can toggle Privoxy with one click from - your browser. - - Note that several of the features described above are disabled by default - in Privoxy 3.0.7 beta and later. Check the configuration file to learn why - and in which cases it's safe to enable them again. - - -------------------------------------------------------------------------- - - 6.2. Configuration Files Overview - - For Unix, *BSD and Linux, all configuration files are located in - /etc/privoxy/ by default. For MS Windows, OS/2, and AmigaOS these are all - in the same directory as the Privoxy executable. - - The installed defaults provide a reasonable starting point, though some - settings may be aggressive by some standards. For the time being, the - principle configuration files are: - - * The main configuration file is named config on Linux, Unix, BSD, OS/2, - and AmigaOS and config.txt on Windows. This is a required file. - - * default.action (the main actions file) is used to define which - "actions" relating to banner-blocking, images, pop-ups, content - modification, cookie handling etc should be applied by default. It - also defines many exceptions (both positive and negative) from this - default set of actions that enable Privoxy to selectively eliminate - the junk, and only the junk, on as many websites as possible. - - Multiple actions files may be defined in config. These are processed - in the order they are defined. Local customizations and locally - preferred exceptions to the default policies as defined in - default.action (which you will most probably want to define sooner or - later) are probably best applied in user.action, where you can - preserve them across upgrades. standard.action is only for Privoxy's - internal use. - - There is also a web based editor that can be accessed from - http://config.privoxy.org/show-status (Shortcut: - http://p.p/show-status) for the various actions files. - - * "Filter files" (the filter file) can be used to re-write the raw page - content, including viewable text as well as embedded HTML and - JavaScript, and whatever else lurks on any given web page. The - filtering jobs are only pre-defined here; whether to apply them or not - is up to the actions files. default.filter includes various filters - made available for use by the developers. Some are much more intrusive - than others, and all should be used with caution. You may define - additional filter files in config as you can with actions files. We - suggest user.filter for any locally defined filters or customizations. - - The syntax of the configuration and filter files may change between - different Privoxy versions, unfortunately some enhancements cost backwards - compatibility. - - All files use the "#" character to denote a comment (the rest of the line - will be ignored) and understand line continuation through placing a - backslash ("\") as the very last character in a line. If the # is preceded - by a backslash, it looses its special function. Placing a # in front of an - otherwise valid configuration line to prevent it from being interpreted is - called "commenting out" that line. Blank lines are ignored. - - The actions files and filter files can use Perl style regular expressions - for maximum flexibility. - - After making any changes, there is no need to restart Privoxy in order for - the changes to take effect. Privoxy detects such changes automatically. - Note, however, that it may take one or two additional requests for the - change to take effect. When changing the listening address of Privoxy, - these "wake up" requests must obviously be sent to the old listening - address. - - -------------------------------------------------------------------------- - -7. The Main Configuration File - - Again, the main configuration file is named config on Linux/Unix/BSD and - OS/2, and config.txt on Windows. Configuration lines consist of an initial - keyword followed by a list of values, all separated by whitespace (any - number of spaces or tabs). For example: - - confdir /etc/privoxy - - Assigns the value /etc/privoxy to the option confdir and thus indicates - that the configuration directory is named "/etc/privoxy/". - - All options in the config file except for confdir and logdir are optional. - Watch out in the below description for what happens if you leave them - unset. - - The main config file controls all aspects of Privoxy's operation that are - not location dependent (i.e. they apply universally, no matter where you - may be surfing). - - -------------------------------------------------------------------------- - - 7.1. Local Set-up Documentation - - If you intend to operate Privoxy for more users than just yourself, it - might be a good idea to let them know how to reach you, what you block and - why you do that, your policies, etc. - - -------------------------------------------------------------------------- - - 7.1.1. user-manual - - Specifies: - - Location of the Privoxy User Manual. - - Type of value: - - A fully qualified URI - - Default value: - - Unset - - Effect if unset: - - http://www.privoxy.org/version/user-manual/ will be used, where - version is the Privoxy version. - - Notes: - - The User Manual URI is the single best source of information on - Privoxy, and is used for help links from some of the internal CGI - pages. The manual itself is normally packaged with the binary - distributions, so you probably want to set this to a locally - installed copy. - - Examples: - - The best all purpose solution is simply to put the full local PATH - to where the User Manual is located: - - user-manual /usr/share/doc/privoxy/user-manual - - The User Manual is then available to anyone with access to - Privoxy, by following the built-in URL: - http://config.privoxy.org/user-manual/ (or the shortcut: - http://p.p/user-manual/). - - If the documentation is not on the local system, it can be - accessed from a remote server, as: - - user-manual http://example.com/privoxy/user-manual/ - - +---------------------------------------------------------+ - | Warning | - |---------------------------------------------------------| - | If set, this option should be the first option in the | - | config file, because it is used while the config file | - | is being read on start-up. | - +---------------------------------------------------------+ - - -------------------------------------------------------------------------- - - 7.1.2. trust-info-url - - Specifies: - - A URL to be displayed in the error page that users will see if - access to an untrusted page is denied. - - Type of value: - - URL - - Default value: - - Two example URLs are provided - - Effect if unset: - - No links are displayed on the "untrusted" error page. - - Notes: - - The value of this option only matters if the experimental trust - mechanism has been activated. (See trustfile below.) - - If you use the trust mechanism, it is a good idea to write up some - on-line documentation about your trust policy and to specify the - URL(s) here. Use multiple times for multiple URLs. - - The URL(s) should be added to the trustfile as well, so users - don't end up locked out from the information on why they were - locked out in the first place! - - -------------------------------------------------------------------------- - - 7.1.3. admin-address - - Specifies: - - An email address to reach the Privoxy administrator. - - Type of value: - - Email address - - Default value: - - Unset - - Effect if unset: - - No email address is displayed on error pages and the CGI user - interface. - - Notes: - - If both admin-address and proxy-info-url are unset, the whole - "Local Privoxy Support" box on all generated pages will not be - shown. - - -------------------------------------------------------------------------- - - 7.1.4. proxy-info-url - - Specifies: - - A URL to documentation about the local Privoxy setup, - configuration or policies. - - Type of value: - - URL - - Default value: - - Unset - - Effect if unset: - - No link to local documentation is displayed on error pages and the - CGI user interface. - - Notes: - - If both admin-address and proxy-info-url are unset, the whole - "Local Privoxy Support" box on all generated pages will not be - shown. - - This URL shouldn't be blocked ;-) - - -------------------------------------------------------------------------- - - 7.2. Configuration and Log File Locations - - Privoxy can (and normally does) use a number of other files for additional - configuration, help and logging. This section of the configuration file - tells Privoxy where to find those other files. - - The user running Privoxy, must have read permission for all configuration - files, and write permission to any files that would be modified, such as - log files and actions files. - - -------------------------------------------------------------------------- - - 7.2.1. confdir - - Specifies: - - The directory where the other configuration files are located. - - Type of value: - - Path name - - Default value: - - /etc/privoxy (Unix) or Privoxy installation dir (Windows) - - Effect if unset: - - Mandatory - - Notes: - - No trailing "/", please. - - -------------------------------------------------------------------------- - - 7.2.2. templdir - - Specifies: - - An alternative directory where the templates are loaded from. - - Type of value: - - Path name - - Default value: - - unset - - Effect if unset: - - The templates are assumed to be located in confdir/template. - - Notes: - - Privoxy's original templates are usually overwritten with each - update. Use this option to relocate customized templates that - should be kept. As template variables might change between - updates, you shouldn't expect templates to work with Privoxy - releases other than the one they were part of, though. - - -------------------------------------------------------------------------- - - 7.2.3. logdir - - Specifies: - - The directory where all logging takes place (i.e. where logfile - and jarfile are located). - - Type of value: - - Path name - - Default value: - - /var/log/privoxy (Unix) or Privoxy installation dir (Windows) - - Effect if unset: - - Mandatory - - Notes: - - No trailing "/", please. - - -------------------------------------------------------------------------- - - 7.2.4. actionsfile - - Specifies: - - The actions file(s) to use - - Type of value: - - Complete file name, relative to confdir - - Default values: - - standard.action # Internal purposes, no editing recommended - default.action # Main actions file - user.action # User customizations - - Effect if unset: - - No actions are taken at all. More or less neutral proxying. - - Notes: - - Multiple actionsfile lines are permitted, and are in fact - recommended! - - The default values include standard.action, which is used for - internal purposes and should be loaded, default.action, which is - the "main" actions file maintained by the developers, and - user.action, where you can make your personal additions. - - Actions files contain all the per site and per URL configuration - for ad blocking, cookie management, privacy considerations, etc. - There is no point in using Privoxy without at least one actions - file. - - Note that since Privoxy 3.0.7, the complete filename, including - the ".action" extension has to be specified. The syntax change was - necessary to be consistent with the other file options and to - allow previously forbidden characters. - - -------------------------------------------------------------------------- - - 7.2.5. filterfile - - Specifies: - - The filter file(s) to use - - Type of value: - - File name, relative to confdir - - Default value: - - default.filter (Unix) or default.filter.txt (Windows) - - Effect if unset: - - No textual content filtering takes place, i.e. all +filter{name} - actions in the actions files are turned neutral. - - Notes: - - Multiple filterfile lines are permitted. - - The filter files contain content modification rules that use - regular expressions. These rules permit powerful changes on the - content of Web pages, and optionally the headers as well, e.g., - you could try to disable your favorite JavaScript annoyances, - re-write the actual displayed text, or just have some fun playing - buzzword bingo with web pages. - - The +filter{name} actions rely on the relevant filter (name) to be - defined in a filter file! - - A pre-defined filter file called default.filter that contains a - number of useful filters for common problems is included in the - distribution. See the section on the filter action for a list. - - It is recommended to place any locally adapted filters into a - separate file, such as user.filter. - - -------------------------------------------------------------------------- - - 7.2.6. logfile - - Specifies: - - The log file to use - - Type of value: - - File name, relative to logdir - - Default value: - - Unset (commented out). When activated: logfile (Unix) or - privoxy.log (Windows). - - Effect if unset: - - No logfile is written. - - Notes: - - The logfile is where all logging and error messages are written. - The level of detail and number of messages are set with the debug - option (see below). The logfile can be useful for tracking down a - problem with Privoxy (e.g., it's not blocking an ad you think it - should block) and it can help you to monitor what your browser is - doing. - - Depending on the debug options below, the logfile may be a privacy - risk if third parties can get access to it. As most users will - never look at it, Privoxy 3.0.7 and later only log fatal errors by - default. - - For most troubleshooting purposes, you will have to change that, - please refer to the debugging section for details. - - Your logfile will grow indefinitely, and you will probably want to - periodically remove it. On Unix systems, you can do this with a - cron job (see "man cron"). For Red Hat based Linux distributions, - a logrotate script has been included. - - Any log files must be writable by whatever user Privoxy is being - run as (on Unix, default user id is "privoxy"). - - -------------------------------------------------------------------------- - - 7.2.7. jarfile - - Specifies: - - The file to store intercepted cookies in - - Type of value: - - File name, relative to logdir - - Default value: - - Unset (commented out). When activated: jarfile (Unix) or - privoxy.jar (Windows). - - Effect if unset: - - Intercepted cookies are not stored in a dedicated log file. - - Notes: - - The jarfile may grow to ridiculous sizes over time. - - If debug 8 (show header parsing) is enabled, cookies are also - written to the logfile with the rest of the headers. Therefore - this option isn't very useful and may be removed in future - releases. Please report to the developers if you are still using - it. - - -------------------------------------------------------------------------- - - 7.2.8. trustfile - - Specifies: - - The name of the trust file to use - - Type of value: - - File name, relative to confdir - - Default value: - - Unset (commented out). When activated: trust (Unix) or trust.txt - (Windows) - - Effect if unset: - - The entire trust mechanism is disabled. - - Notes: - - The trust mechanism is an experimental feature for building - white-lists and should be used with care. It is NOT recommended - for the casual user. - - If you specify a trust file, Privoxy will only allow access to - sites that are specified in the trustfile. Sites can be listed in - one of two ways: - - Prepending a ~ character limits access to this site only (and any - sub-paths within this site), e.g. ~www.example.com allows access - to ~www.example.com/features/news.html, etc. - - Or, you can designate sites as trusted referrers, by prepending - the name with a + character. The effect is that access to - untrusted sites will be granted -- but only if a link from this - trusted referrer was used to get there. The link target will then - be added to the "trustfile" so that future, direct accesses will - be granted. Sites added via this mechanism do not become trusted - referrers themselves (i.e. they are added with a ~ designation). - There is a limit of 512 such entries, after which new entries will - not be made. - - If you use the + operator in the trust file, it may grow - considerably over time. - - It is recommended that Privoxy be compiled with the - --disable-force, --disable-toggle and --disable-editor options, if - this feature is to be used. - - Possible applications include limiting Internet access for - children. - - -------------------------------------------------------------------------- - - 7.3. Debugging - - These options are mainly useful when tracing a problem. Note that you - might also want to invoke Privoxy with the --no-daemon command line option - when debugging. - - -------------------------------------------------------------------------- - - 7.3.1. debug - - Specifies: - - Key values that determine what information gets logged. - - Type of value: - - Integer values - - Default value: - - 0 (i.e.: only fatal errors (that cause Privoxy to exit) are - logged) - - Effect if unset: - - Default value is used (see above). - - Notes: - - The available debug levels are: - - debug 1 # log each request destination (and the crunch reason if Privoxy intercepted the request) - debug 2 # show each connection status - debug 4 # show I/O status - debug 8 # show header parsing - debug 16 # log all data written to the network into the logfile - debug 32 # debug force feature - debug 64 # debug regular expression filters - debug 128 # debug redirects - debug 256 # debug GIF de-animation - debug 512 # Common Log Format - debug 1024 # debug kill pop-ups - debug 2048 # CGI user interface - debug 4096 # Startup banner and warnings. - debug 8192 # Non-fatal errors - - To select multiple debug levels, you can either add them or use - multiple debug lines. - - A debug level of 1 is informative because it will show you each - request as it happens. 1, 4096 and 8192 are recommended so that - you will notice when things go wrong. The other levels are - probably only of interest if you are hunting down a specific - problem. They can produce a hell of an output (especially 16). - - Privoxy used to ship with the debug levels recommended above - enabled by default, but due to privacy concerns 3.0.7 and later - are configured to only log fatal errors. - - If you are used to the more verbose settings, simply enable the - debug lines below again. - - If you want to use pure CLF (Common Log Format), you should set - "debug 512" ONLY and not enable anything else. - - Privoxy has a hard-coded limit for the length of log messages. If - it's reached, messages are logged truncated and marked with "... - [too long, truncated]". - - Please don't file any support requests without trying to reproduce - the problem with increased debug level first. Once you read the - log messages, you may even be able to solve the problem on your - own. - - -------------------------------------------------------------------------- - - 7.3.2. single-threaded - - Specifies: - - Whether to run only one server thread. - - Type of value: - - None - - Default value: - - Unset - - Effect if unset: - - Multi-threaded (or, where unavailable: forked) operation, i.e. the - ability to serve multiple requests simultaneously. - - Notes: - - This option is only there for debugging purposes. It will - drastically reduce performance. - - -------------------------------------------------------------------------- - - 7.4. Access Control and Security - - This section of the config file controls the security-relevant aspects of - Privoxy's configuration. - - -------------------------------------------------------------------------- - - 7.4.1. listen-address - - Specifies: - - The IP address and TCP port on which Privoxy will listen for - client requests. - - Type of value: - - [IP-Address]:Port - - Default value: - - 127.0.0.1:8118 - - Effect if unset: - - Bind to 127.0.0.1 (localhost), port 8118. This is suitable and - recommended for home users who run Privoxy on the same machine as - their browser. - - Notes: - - You will need to configure your browser(s) to this proxy address - and port. - - If you already have another service running on port 8118, or if - you want to serve requests from other machines (e.g. on your local - network) as well, you will need to override the default. - - If you leave out the IP address, Privoxy will bind to all - interfaces (addresses) on your machine and may become reachable - from the Internet. In that case, consider using access control - lists (ACL's, see below), and/or a firewall. - - If you open Privoxy to untrusted users, you will also want to make - sure that the following actions are disabled: enable-edit-actions - and enable-remote-toggle - - Example: - - Suppose you are running Privoxy on a machine which has the address - 192.168.0.1 on your local private network (192.168.0.0) and has - another outside connection with a different address. You want it - to serve requests from inside only: - - listen-address 192.168.0.1:8118 - - -------------------------------------------------------------------------- - - 7.4.2. toggle - - Specifies: - - Initial state of "toggle" status - - Type of value: - - 1 or 0 - - Default value: - - 1 - - Effect if unset: - - Act as if toggled on - - Notes: - - If set to 0, Privoxy will start in "toggled off" mode, i.e. mostly - behave like a normal, content-neutral proxy with both ad blocking - and content filtering disabled. See enable-remote-toggle below. - - The windows version will only display the toggle icon in the - system tray if this option is present. - - -------------------------------------------------------------------------- - - 7.4.3. enable-remote-toggle - - Specifies: - - Whether or not the web-based toggle feature may be used - - Type of value: - - 0 or 1 - - Default value: - - 0 - - Effect if unset: - - The web-based toggle feature is disabled. - - Notes: - - When toggled off, Privoxy mostly acts like a normal, - content-neutral proxy, i.e. doesn't block ads or filter content. - - Access to the toggle feature can not be controlled separately by - "ACLs" or HTTP authentication, so that everybody who can access - Privoxy (see "ACLs" and listen-address above) can toggle it for - all users. So this option is not recommended for multi-user - environments with untrusted users. - - Note that malicious client side code (e.g Java) is also capable of - using this option. - - As a lot of Privoxy users don't read documentation, this feature - is disabled by default. - - Note that you must have compiled Privoxy with support for this - feature, otherwise this option has no effect. - - -------------------------------------------------------------------------- - - 7.4.4. enable-remote-http-toggle - - Specifies: - - Whether or not Privoxy recognizes special HTTP headers to change - its behaviour. - - Type of value: - - 0 or 1 - - Default value: - - 0 - - Effect if unset: - - Privoxy ignores special HTTP headers. - - Notes: - - When toggled on, the client can change Privoxy's behaviour by - setting special HTTP headers. Currently the only supported special - header is "X-Filter: No", to disable filtering for the ongoing - request, even if it is enabled in one of the action files. - - This feature is disabled by default. If you are using Privoxy in a - environment with trusted clients, you may enable this feature at - your discretion. Note that malicious client side code (e.g Java) - is also capable of using this feature. - - This option will be removed in future releases as it has been - obsoleted by the more general header taggers. - - -------------------------------------------------------------------------- - - 7.4.5. enable-edit-actions - - Specifies: - - Whether or not the web-based actions file editor may be used - - Type of value: - - 0 or 1 - - Default value: - - 0 - - Effect if unset: - - The web-based actions file editor is disabled. - - Notes: - - Access to the editor can not be controlled separately by "ACLs" or - HTTP authentication, so that everybody who can access Privoxy (see - "ACLs" and listen-address above) can modify its configuration for - all users. - - This option is not recommended for environments with untrusted - users and as a lot of Privoxy users don't read documentation, this - feature is disabled by default. - - Note that malicious client side code (e.g Java) is also capable of - using the actions editor and you shouldn't enable this options - unless you understand the consequences and are sure your browser - is configured correctly. - - Note that you must have compiled Privoxy with support for this - feature, otherwise this option has no effect. - - -------------------------------------------------------------------------- - - 7.4.6. enforce-blocks - - Specifies: - - Whether the user is allowed to ignore blocks and can "go there - anyway". - - Type of value: - - 0 or 1 - - Default value: - - 0 - - Effect if unset: - - Blocks are not enforced. - - Notes: - - Privoxy is mainly used to block and filter requests as a service - to the user, for example to block ads and other junk that clogs - the pipes. Privoxy's configuration isn't perfect and sometimes - innocent pages are blocked. In this situation it makes sense to - allow the user to enforce the request and have Privoxy ignore the - block. - - In the default configuration Privoxy's "Blocked" page contains a - "go there anyway" link to adds a special string (the force prefix) - to the request URL. If that link is used, Privoxy will detect the - force prefix, remove it again and let the request pass. - - Of course Privoxy can also be used to enforce a network policy. In - that case the user obviously should not be able to bypass any - blocks, and that's what the "enforce-blocks" option is for. If - it's enabled, Privoxy hides the "go there anyway" link. If the - user adds the force prefix by hand, it will not be accepted and - the circumvention attempt is logged. - - Examples: - - enforce-blocks 1 - - -------------------------------------------------------------------------- - - 7.4.7. ACLs: permit-access and deny-access - - Specifies: - - Who can access what. - - Type of value: - - src_addr[/src_masklen] [dst_addr[/dst_masklen]] - - Where src_addr and dst_addr are IP addresses in dotted decimal - notation or valid DNS names, and src_masklen and dst_masklen are - subnet masks in CIDR notation, i.e. integer values from 2 to 30 - representing the length (in bits) of the network address. The - masks and the whole destination part are optional. - - Default value: - - Unset - - Effect if unset: - - Don't restrict access further than implied by listen-address - - Notes: - - Access controls are included at the request of ISPs and systems - administrators, and are not usually needed by individual users. - For a typical home user, it will normally suffice to ensure that - Privoxy only listens on the localhost (127.0.0.1) or internal - (home) network address by means of the listen-address option. - - Please see the warnings in the FAQ that Privoxy is not intended to - be a substitute for a firewall or to encourage anyone to defer - addressing basic security weaknesses. - - Multiple ACL lines are OK. If any ACLs are specified, Privoxy only - talks to IP addresses that match at least one permit-access line - and don't match any subsequent deny-access line. In other words, - the last match wins, with the default being deny-access. - - If Privoxy is using a forwarder (see forward below) for a - particular destination URL, the dst_addr that is examined is the - address of the forwarder and NOT the address of the ultimate - target. This is necessary because it may be impossible for the - local Privoxy to determine the IP address of the ultimate target - (that's often what gateways are used for). - - You should prefer using IP addresses over DNS names, because the - address lookups take time. All DNS names must resolve! You can not - use domain patterns like "*.org" or partial domain names. If a DNS - name resolves to multiple IP addresses, only the first one is - used. - - Denying access to particular sites by ACL may have undesired side - effects if the site in question is hosted on a machine which also - hosts other sites (most sites are). - - Examples: - - Explicitly define the default behavior if no ACL and - listen-address are set: "localhost" is OK. The absence of a - dst_addr implies that all destination addresses are OK: - - permit-access localhost - - Allow any host on the same class C subnet as www.privoxy.org - access to nothing but www.example.com (or other domains hosted on - the same system): - - permit-access www.privoxy.org/24 www.example.com/32 - - Allow access from any host on the 26-bit subnet 192.168.45.64 to - anywhere, with the exception that 192.168.45.73 may not access the - IP address behind www.dirty-stuff.example.com: - - permit-access 192.168.45.64/26 - deny-access 192.168.45.73 www.dirty-stuff.example.com - - -------------------------------------------------------------------------- - - 7.4.8. buffer-limit - - Specifies: - - Maximum size of the buffer for content filtering. - - Type of value: - - Size in Kbytes - - Default value: - - 4096 - - Effect if unset: - - Use a 4MB (4096 KB) limit. - - Notes: - - For content filtering, i.e. the +filter and +deanimate-gif - actions, it is necessary that Privoxy buffers the entire document - body. This can be potentially dangerous, since a server could just - keep sending data indefinitely and wait for your RAM to exhaust -- - with nasty consequences. Hence this option. - - When a document buffer size reaches the buffer-limit, it is - flushed to the client unfiltered and no further attempt to filter - the rest of the document is made. Remember that there may be - multiple threads running, which might require up to buffer-limit - Kbytes each, unless you have enabled "single-threaded" above. - - -------------------------------------------------------------------------- - - 7.5. Forwarding - - This feature allows routing of HTTP requests through a chain of multiple - proxies. - - Forwarding can be used to chain Privoxy with a caching proxy to speed up - browsing. Using a parent proxy may also be necessary if the machine that - Privoxy runs on has no direct Internet access. - - Note that parent proxies can severely decrease your privacy level. For - example a parent proxy could add your IP address to the request headers - and if it's a caching proxy it may add the "Etag" header to revalidation - requests again, even though you configured Privoxy to remove it. It may - also ignore Privoxy's header time randomization and use the original - values which could be used by the server as cookie replacement to track - your steps between visits. - - Also specified here are SOCKS proxies. Privoxy supports the SOCKS 4 and - SOCKS 4A protocols. - - -------------------------------------------------------------------------- - - 7.5.1. forward - - Specifies: - - To which parent HTTP proxy specific requests should be routed. - - Type of value: - - target_pattern http_parent[:port] - - where target_pattern is a URL pattern that specifies to which - requests (i.e. URLs) this forward rule shall apply. Use / to - denote "all URLs". http_parent[:port] is the DNS name or IP - address of the parent HTTP proxy through which the requests should - be forwarded, optionally followed by its listening port (default: - 8080). Use a single dot (.) to denote "no forwarding". - - Default value: - - Unset - - Effect if unset: - - Don't use parent HTTP proxies. - - Notes: - - If http_parent is ".", then requests are not forwarded to another - HTTP proxy but are made directly to the web servers. - - Multiple lines are OK, they are checked in sequence, and the last - match wins. - - Examples: - - Everything goes to an example parent proxy, except SSL on port 443 - (which it doesn't handle): - - forward / parent-proxy.example.org:8080 - forward :443 . - - Everything goes to our example ISP's caching proxy, except for - requests to that ISP's sites: - - forward / caching-proxy.isp.example.net:8000 - forward .isp.example.net . - - -------------------------------------------------------------------------- - - 7.5.2. forward-socks4 and forward-socks4a - - Specifies: - - Through which SOCKS proxy (and optionally to which parent HTTP - proxy) specific requests should be routed. - - Type of value: - - target_pattern socks_proxy[:port] http_parent[:port] - - where target_pattern is a URL pattern that specifies to which - requests (i.e. URLs) this forward rule shall apply. Use / to - denote "all URLs". http_parent and socks_proxy are IP addresses in - dotted decimal notation or valid DNS names (http_parent may be "." - to denote "no HTTP forwarding"), and the optional port parameters - are TCP ports, i.e. integer values from 1 to 64535 - - Default value: - - Unset - - Effect if unset: - - Don't use SOCKS proxies. - - Notes: - - Multiple lines are OK, they are checked in sequence, and the last - match wins. - - The difference between forward-socks4 and forward-socks4a is that - in the SOCKS 4A protocol, the DNS resolution of the target - hostname happens on the SOCKS server, while in SOCKS 4 it happens - locally. - - If http_parent is ".", then requests are not forwarded to another - HTTP proxy but are made (HTTP-wise) directly to the web servers, - albeit through a SOCKS proxy. - - Examples: - - From the company example.com, direct connections are made to all - "internal" domains, but everything outbound goes through their - ISP's proxy by way of example.com's corporate SOCKS 4A gateway to - the Internet. - - forward-socks4a / socks-gw.example.com:1080 www-cache.isp.example.net:8080 - forward .example.com . - - A rule that uses a SOCKS 4 gateway for all destinations but no - HTTP parent looks like this: - - forward-socks4 / socks-gw.example.com:1080 . - - To chain Privoxy and Tor, both running on the same system, you - would use something like: - - forward-socks4a / 127.0.0.1:9050 . - - The public Tor network can't be used to reach your local network, - if you need to access local servers you therefore might want to - make some exceptions: - - forward 192.168.*.*/ . - forward 10.*.*.*/ . - forward 127.*.*.*/ . - - Unencrypted connections to systems in these address ranges will be - as (un)secure as the local network is, but the alternative is that - you can't reach the local network through Privoxy at all. Of - course this may actually be desired and there is no reason to make - these exceptions if you aren't sure you need them. - - If you also want to be able to reach servers in your local network - by using their names, you will need additional exceptions that - look like this: - - forward localhost/ . - - -------------------------------------------------------------------------- - - 7.5.3. Advanced Forwarding Examples - - If you have links to multiple ISPs that provide various special content - only to their subscribers, you can configure multiple Privoxies which have - connections to the respective ISPs to act as forwarders to each other, so - that your users can see the internal content of all ISPs. - - Assume that host-a has a PPP connection to isp-a.example.net. And host-b - has a PPP connection to isp-b.example.org. Both run Privoxy. Their - forwarding configuration can look like this: - - host-a: - - forward / . - forward .isp-b.example.net host-b:8118 - - host-b: - - forward / . - forward .isp-a.example.org host-a:8118 - - Now, your users can set their browser's proxy to use either host-a or - host-b and be able to browse the internal content of both isp-a and isp-b. - - If you intend to chain Privoxy and squid locally, then chaining as browser - -> squid -> privoxy is the recommended way. - - Assuming that Privoxy and squid run on the same box, your squid - configuration could then look like this: - - # Define Privoxy as parent proxy (without ICP) - cache_peer 127.0.0.1 parent 8118 7 no-query - - # Define ACL for protocol FTP - acl ftp proto FTP - - # Do not forward FTP requests to Privoxy - always_direct allow ftp - - # Forward all the rest to Privoxy - never_direct allow all - - You would then need to change your browser's proxy settings to squid's - address and port. Squid normally uses port 3128. If unsure consult - http_port in squid.conf. - - You could just as well decide to only forward requests you suspect of - leading to Windows executables through a virus-scanning parent proxy, say, - on antivir.example.com, port 8010: - - forward / . - forward /.*\.(exe|com|dll|zip)$ antivir.example.com:8010 - - -------------------------------------------------------------------------- - - 7.5.4. forwarded-connect-retries - - Specifies: - - How often Privoxy retries if a forwarded connection request fails. - - Type of value: - - Number of retries. - - Default value: - - 0 - - Effect if unset: - - Connections forwarded through other proxies are treated like - direct connections and no retry attempts are made. - - Notes: - - forwarded-connect-retries is mainly interesting for socks4a - connections, where Privoxy can't detect why the connections - failed. The connection might have failed because of a DNS timeout - in which case a retry makes sense, but it might also have failed - because the server doesn't exist or isn't reachable. In this case - the retry will just delay the appearance of Privoxy's error - message. - - Note that in the context of this option, "forwarded connections" - includes all connections that Privoxy forwards through other - proxies. This option is not limited to the HTTP CONNECT method. - - Only use this option, if you are getting lots of - forwarding-related error messages that go away when you try again - manually. Start with a small value and check Privoxy's logfile - from time to time, to see how many retries are usually needed. - - Examples: - - forwarded-connect-retries 1 - - -------------------------------------------------------------------------- - - 7.5.5. accept-intercepted-requests - - Specifies: - - Whether intercepted requests should be treated as valid. - - Type of value: - - 0 or 1 - - Default value: - - 0 - - Effect if unset: - - Only proxy requests are accepted, intercepted requests are treated - as invalid. - - Notes: - - If you don't trust your clients and want to force them to use - Privoxy, enable this option and configure your packet filter to - redirect outgoing HTTP connections into Privoxy. - - Make sure that Privoxy's own requests aren't redirected as well. - Additionally take care that Privoxy can't intentionally connect to - itself, otherwise you could run into redirection loops if - Privoxy's listening port is reachable by the outside or an - attacker has access to the pages you visit. - - Examples: - - accept-intercepted-requests 1 - - -------------------------------------------------------------------------- - - 7.5.6. allow-cgi-request-crunching - - Specifies: - - Whether requests to Privoxy's CGI pages can be blocked or - redirected. - - Type of value: - - 0 or 1 - - Default value: - - 0 - - Effect if unset: - - Privoxy ignores block and redirect actions for its CGI pages. - - Notes: - - By default Privoxy ignores block or redirect actions for its CGI - pages. Intercepting these requests can be useful in multi-user - setups to implement fine-grained access control, but it can also - render the complete web interface useless and make debugging - problems painful if done without care. - - Don't enable this option unless you're sure that you really need - it. - - Examples: - - allow-cgi-request-crunching 1 - - -------------------------------------------------------------------------- - - 7.5.7. split-large-forms - - Specifies: - - Whether the CGI interface should stay compatible with broken HTTP - clients. - - Type of value: - - 0 or 1 - - Default value: - - 0 - - Effect if unset: - - The CGI form generate long GET URLs. - - Notes: - - Privoxy's CGI forms can lead to rather long URLs. This isn't a - problem as far as the HTTP standard is concerned, but it can - confuse clients with arbitrary URL length limitations. - - Enabling split-large-forms causes Privoxy to divide big forms into - smaller ones to keep the URL length down. It makes editing a lot - less convenient and you can no longer submit all changes at once, - but at least it works around this browser bug. - - If you don't notice any editing problems, there is no reason to - enable this option, but if one of the submit buttons appears to be - broken, you should give it a try. - - Examples: - - split-large-forms 1 - - -------------------------------------------------------------------------- - - 7.6. Windows GUI Options - - Privoxy has a number of options specific to the Windows GUI interface: - - If "activity-animation" is set to 1, the Privoxy icon will animate when - "Privoxy" is active. To turn off, set to 0. - - activity-animation 1 - - - If "log-messages" is set to 1, Privoxy will log messages to the console - window: - - log-messages 1 - - - If "log-buffer-size" is set to 1, the size of the log buffer, i.e. the - amount of memory used for the log messages displayed in the console - window, will be limited to "log-max-lines" (see below). - - Warning: Setting this to 0 will result in the buffer to grow infinitely - and eat up all your memory! - - log-buffer-size 1 - - - log-max-lines is the maximum number of lines held in the log buffer. See - above. - - log-max-lines 200 - - - If "log-highlight-messages" is set to 1, Privoxy will highlight portions - of the log messages with a bold-faced font: - - log-highlight-messages 1 - - - The font used in the console window: - - log-font-name Comic Sans MS - - - Font size used in the console window: - - log-font-size 8 - - - "show-on-task-bar" controls whether or not Privoxy will appear as a button - on the Task bar when minimized: - - show-on-task-bar 0 - - - If "close-button-minimizes" is set to 1, the Windows close button will - minimize Privoxy instead of closing the program (close with the exit - option on the File menu). - - close-button-minimizes 1 - - - The "hide-console" option is specific to the MS-Win console version of - Privoxy. If this option is used, Privoxy will disconnect from and hide the - command console. - - #hide-console - - - -------------------------------------------------------------------------- - -8. Actions Files - - The actions files are used to define what actions Privoxy takes for which - URLs, and thus determines how ad images, cookies and various other aspects - of HTTP content and transactions are handled, and on which sites (or even - parts thereof). There are a number of such actions, with a wide range of - functionality. Each action does something a little different. These - actions give us a veritable arsenal of tools with which to exert our - control, preferences and independence. Actions can be combined so that - their effects are aggregated when applied against a given set of URLs. - - There are three action files included with Privoxy with differing - purposes: - - * default.action - is the primary action file that sets the initial - values for all actions. It is intended to provide a base level of - functionality for Privoxy's array of features. So it is a set of broad - rules that should work reasonably well as-is for most users. This is - the file that the developers are keeping updated, and making available - to users. The user's preferences as set in standard.action, e.g. - either Cautious (the default), Medium, or Advanced (see below). - - * user.action - is intended to be for local site preferences and - exceptions. As an example, if your ISP or your bank has specific - requirements, and need special handling, this kind of thing should go - here. This file will not be upgraded. - - * standard.action - is used only by the web based editor at - http://config.privoxy.org/edit-actions-list?f=default, to set various - pre-defined sets of rules for the default actions section in - default.action. - - Edit Set to Cautious Set to Medium Set to Advanced - - These have increasing levels of aggressiveness and have no influence - on your browsing unless you select them explicitly in the editor. A - default installation should be pre-set to Cautious (versions prior to - 3.0.5 were set to Medium). New users should try this for a while - before adjusting the settings to more aggressive levels. The more - aggressive the settings, then the more likelihood there is of problems - such as sites not working as they should. - - The Edit button allows you to turn each action on/off individually for - fine-tuning. The Cautious button changes the actions list to low/safe - settings which will activate ad blocking and a minimal set of - Privoxy's features, and subsequently there will be less of a chance - for accidental problems. The Medium button sets the list to a medium - level of other features and a low level set of privacy features. The - Advanced button sets the list to a high level of ad blocking and - medium level of privacy. See the chart below. The latter three buttons - over-ride any changes via with the Edit button. More fine-tuning can - be done in the lower sections of this internal page. - - It is not recommend to edit the standard.action file itself. - - The default profiles, and their associated actions, as pre-defined in - standard.action are: - - Table 1. Default Configurations - - +--------------------------------------------------------------------+ - | Feature | Cautious | Medium | Advanced | - |-------------------------+-------------+--------------+-------------| - | Ad-blocking | medium | high | high | - | Aggressiveness | | | | - |-------------------------+-------------+--------------+-------------| - | Ad-filtering by size | no | yes | yes | - |-------------------------+-------------+--------------+-------------| - | Ad-filtering by link | no | no | yes | - |-------------------------+-------------+--------------+-------------| - | Pop-up killing | blocks only | blocks only | blocks only | - |-------------------------+-------------+--------------+-------------| - | Privacy Features | low | medium | medium/high | - |-------------------------+-------------+--------------+-------------| - | Cookie handling | none | session-only | kill | - |-------------------------+-------------+--------------+-------------| - | Referer forging | no | yes | yes | - |-------------------------+-------------+--------------+-------------| - | GIF de-animation | no | yes | yes | - |-------------------------+-------------+--------------+-------------| - | Fast redirects | no | no | yes | - |-------------------------+-------------+--------------+-------------| - | HTML taming | no | no | yes | - |-------------------------+-------------+--------------+-------------| - | JavaScript taming | no | no | yes | - |-------------------------+-------------+--------------+-------------| - | Web-bug killing | no | yes | yes | - |-------------------------+-------------+--------------+-------------| - | Image tag reordering | no | no | yes | - +--------------------------------------------------------------------+ - - The list of actions files to be used are defined in the main configuration - file, and are processed in the order they are defined (e.g. default.action - is typically processed before user.action). The content of these can all - be viewed and edited from http://config.privoxy.org/show-status. The - over-riding principle when applying actions, is that the last action that - matches a given URL wins. The broadest, most general rules go first - (defined in default.action), followed by any exceptions (typically also in - default.action), which are then followed lastly by any local preferences - (typically in user.action). Generally, user.action has the last word. - - An actions file typically has multiple sections. If you want to use - "aliases" in an actions file, you have to place the (optional) alias - section at the top of that file. Then comes the default set of rules which - will apply universally to all sites and pages (be very careful with using - such a universal set in user.action or any other actions file after - default.action, because it will override the result from consulting any - previous file). And then below that, exceptions to the defined universal - policies. You can regard user.action as an appendix to default.action, - with the advantage that it is a separate file, which makes preserving your - personal settings across Privoxy upgrades easier. - - Actions can be used to block anything you want, including ads, banners, or - just some obnoxious URL whose content you would rather not see. Cookies - can be accepted or rejected, or accepted only during the current browser - session (i.e. not written to disk), content can be modified, some - JavaScripts tamed, user-tracking fooled, and much more. See below for a - complete list of actions. - - -------------------------------------------------------------------------- - - 8.1. Finding the Right Mix - - Note that some actions, like cookie suppression or script disabling, may - render some sites unusable that rely on these techniques to work properly. - Finding the right mix of actions is not always easy and certainly a matter - of personal taste. And, things can always change, requiring refinements in - the configuration. In general, it can be said that the more "aggressive" - your default settings (in the top section of the actions file) are, the - more exceptions for "trusted" sites you will have to make later. If, for - example, you want to crunch all cookies per default, you'll have to make - exceptions from that rule for sites that you regularly use and that - require cookies for actually useful purposes, like maybe your bank, - favorite shop, or newspaper. - - We have tried to provide you with reasonable rules to start from in the - distribution actions files. But there is no general rule of thumb on these - things. There just are too many variables, and sites are constantly - changing. Sooner or later you will want to change the rules (and read this - chapter again :). - - -------------------------------------------------------------------------- - - 8.2. How to Edit - - The easiest way to edit the actions files is with a browser by using our - browser-based editor, which can be reached from - http://config.privoxy.org/show-status. Note: the config file option - enable-edit-actions must be enabled for this to work. The editor allows - both fine-grained control over every single feature on a per-URL basis, - and easy choosing from wholesale sets of defaults like "Cautious", - "Medium" or "Advanced". Warning: the "Advanced" setting is more - aggressive, and will be more likely to cause problems for some sites. - Experienced users only! - - If you prefer plain text editing to GUIs, you can of course also directly - edit the the actions files with your favorite text editor. Look at - default.action which is richly commented with many good examples. - - -------------------------------------------------------------------------- - - 8.3. How Actions are Applied to Requests - - Actions files are divided into sections. There are special sections, like - the "alias" sections which will be discussed later. For now let's - concentrate on regular sections: They have a heading line (often split up - to multiple lines for readability) which consist of a list of actions, - separated by whitespace and enclosed in curly braces. Below that, there is - a list of URL and tag patterns, each on a separate line. - - To determine which actions apply to a request, the URL of the request is - compared to all URL patterns in each "action file". Every time it matches, - the list of applicable actions for the request is incrementally updated, - using the heading of the section in which the pattern is located. The same - is done again for tags and tag patterns later on. - - If multiple applying sections set the same action differently, the last - match wins. If not, the effects are aggregated. E.g. a URL might match a - regular section with a heading line of { +handle-as-image }, then later - another one with just { +block }, resulting in both actions to apply. And - there may well be cases where you will want to combine actions together. - Such a section then might look like: - - { +handle-as-image +block } - # Block these as if they were images. Send no block page. - banners.example.com - media.example.com/.*banners - .example.com/images/ads/ - - You can trace this process for URL patterns and any given URL by visiting - http://config.privoxy.org/show-url-info. - - Examples and more detail on this is provided in the Appendix, - Troubleshooting: Anatomy of an Action section. - - -------------------------------------------------------------------------- - - 8.4. Patterns - - As mentioned, Privoxy uses "patterns" to determine what actions might - apply to which sites and pages your browser attempts to access. These - "patterns" use wild card type pattern matching to achieve a high degree of - flexibility. This allows one expression to be expanded and potentially - match against many similar patterns. - - Generally, an URL pattern has the form <domain>/<path>, where both the - <domain> and <path> are optional. (This is why the special / pattern - matches all URLs). Note that the protocol portion of the URL pattern (e.g. - http://) should not be included in the pattern. This is assumed already! - - The pattern matching syntax is different for the domain and path parts of - the URL. The domain part uses a simple globbing type matching technique, - while the path part uses a more flexible "Regular Expressions (PCRE)" - based syntax. - - www.example.com/ - - is a domain-only pattern and will match any request to - www.example.com, regardless of which document on that server is - requested. So ALL pages in this domain would be covered by the - scope of this action. Note that a simple example.com is different - and would NOT match. - - www.example.com - - means exactly the same. For domain-only patterns, the trailing / - may be omitted. - - www.example.com/index.html$ - - matches all the documents on www.example.com whose name starts - with /index.html. - - www.example.com/index.html$ - - matches only the single document /index.html on www.example.com. - - /index.html$ - - matches the document /index.html, regardless of the domain, i.e. - on any web server anywhere. - - index.html - - matches nothing, since it would be interpreted as a domain name - and there is no top-level domain called .html. So its a mistake. - - -------------------------------------------------------------------------- - - 8.4.1. The Domain Pattern - - The matching of the domain part offers some flexible options: if the - domain starts or ends with a dot, it becomes unanchored at that end. For - example: - - .example.com - - matches any domain with first-level domain com and second-level - domain example. For example www.example.com, example.com and - foo.bar.baz.example.com. Note that it wouldn't match if the - second-level domain was another-example. - - www. - - matches any domain that STARTS with www. (It also matches the - domain www but most of the time that doesn't matter.) - - .example. - - matches any domain that CONTAINS .example.. And, by the way, also - included would be any files or documents that exist within that - domain since no path limitations are specified. (Correctly - speaking: It matches any FQDN that contains example as a domain.) - This might be www.example.com, news.example.de, or - www.example.net/cgi/testing.pl for instance. All these cases are - matched. - - Additionally, there are wild-cards that you can use in the domain names - themselves. These work similarly to shell globbing type wild-cards: "*" - represents zero or more arbitrary characters (this is equivalent to the - "Regular Expression" based syntax of ".*"), "?" represents any single - character (this is equivalent to the regular expression syntax of a simple - "."), and you can define "character classes" in square brackets which is - similar to the same regular expression technique. All of this can be - freely mixed: - - ad*.example.com - - matches "adserver.example.com", "ads.example.com", etc but not - "sfads.example.com" - - *ad*.example.com - - matches all of the above, and then some. - - .?pix.com - - matches www.ipix.com, pictures.epix.com, a.b.c.d.e.upix.com etc. - - www[1-9a-ez].example.c* - - matches www1.example.com, www4.example.cc, wwwd.example.cy, - wwwz.example.com etc., but not wwww.example.com. - - While flexible, this is not the sophistication of full regular expression - based syntax. - - -------------------------------------------------------------------------- - - 8.4.2. The Path Pattern - - Privoxy uses Perl compatible (PCRE) "Regular Expression" based syntax - (through the PCRE library) for matching the path portion (after the - slash), and is thus more flexible. - - There is an Appendix with a brief quick-start into regular expressions, - and full (very technical) documentation on PCRE regex syntax is available - on-line at http://www.pcre.org/man.txt. You might also find the Perl man - page on regular expressions (man perlre) useful, which is available - on-line at http://perldoc.perl.org/perlre.html. - - Note that the path pattern is automatically left-anchored at the "/", i.e. - it matches as if it would start with a "^" (regular expression speak for - the beginning of a line). - - Please also note that matching in the path is CASE INSENSITIVE by default, - but you can switch to case sensitive at any point in the pattern by using - the "(?-i)" switch: www.example.com/(?-i)PaTtErN.* will match only - documents whose path starts with PaTtErN in exactly this capitalization. - - .example.com/.* - - Is equivalent to just ".example.com", since any documents within - that domain are matched with or without the ".*" regular - expression. This is redundant - - .example.com/.*/index.html$ - - Will match any page in the domain of "example.com" that is named - "index.html", and that is part of some path. For example, it - matches "www.example.com/testing/index.html" but NOT - "www.example.com/index.html" because the regular expression called - for at least two "/'s", thus the path requirement. It also would - match "www.example.com/testing/index_html", because of the special - meta-character ".". - - .example.com/(.*/)?index\.html$ - - This regular expression is conditional so it will match any page - named "index.html" regardless of path which in this case can have - one or more "/'s". And this one must contain exactly ".html" (but - does not have to end with that!). - - .example.com/(.*/)(ads|banners?|junk) - - This regular expression will match any path of "example.com" that - contains any of the words "ads", "banner", "banners" (because of - the "?") or "junk". The path does not have to end in these words, - just contain them. - - .example.com/(.*/)(ads|banners?|junk)/.*\.(jpe?g|gif|png)$ - - This is very much the same as above, except now it must end in - either ".jpg", ".jpeg", ".gif" or ".png". So this one is limited - to common image formats. - - There are many, many good examples to be found in default.action, and more - tutorials below in Appendix on regular expressions. - - -------------------------------------------------------------------------- - - 8.4.3. The Tag Pattern - - Tag patterns are used to change the applying actions based on the - request's tags. Tags can be created with either the client-header-tagger - or the server-header-tagger action. - - Tag patterns have to start with "TAG:", so Privoxy can tell them apart - from URL patterns. Everything after the colon including white space, is - interpreted as a regular expression with path pattern syntax, except that - tag patterns aren't left-anchored automatically (Privoxy doesn't silently - add a "^", you have to do it yourself if you need it). - - To match all requests that are tagged with "foo" your pattern line should - be "TAG:^foo$", "TAG:foo" would work as well, but it would also match - requests whose tags contain "foo" somewhere. "TAG: foo" wouldn't work as - it requires white space. - - Sections can contain URL and tag patterns at the same time, but tag - patterns are checked after the URL patterns and thus always overrule them, - even if they are located before the URL patterns. - - Once a new tag is added, Privoxy checks right away if it's matched by one - of the tag patterns and updates the action settings accordingly. As a - result tags can be used to activate other tagger actions, as long as these - other taggers look for headers that haven't already be parsed. - - For example you could tag client requests which use the POST method, then - use this tag to activate another tagger that adds a tag if cookies are - sent, and then use a block action based on the cookie tag. This allows the - outcome of one action, to be input into a subsequent action. However if - you'd reverse the position of the described taggers, and activated the - method tagger based on the cookie tagger, no method tags would be created. - The method tagger would look for the request line, but at the time the - cookie tag is created, the request line has already been parsed. - - While this is a limitation you should be aware of, this kind of - indirection is seldom needed anyway and even the example doesn't make too - much sense. - - -------------------------------------------------------------------------- - - 8.5. Actions - - All actions are disabled by default, until they are explicitly enabled - somewhere in an actions file. Actions are turned on if preceded with a - "+", and turned off if preceded with a "-". So a +action means "do that - action", e.g. +block means "please block URLs that match the following - patterns", and -block means "don't block URLs that match the following - patterns, even if +block previously applied." - - Again, actions are invoked by placing them on a line, enclosed in curly - braces and separated by whitespace, like in {+some-action - -some-other-action{some-parameter}}, followed by a list of URL patterns, - one per line, to which they apply. Together, the actions line and the - following pattern lines make up a section of the actions file. - - Actions fall into three categories: - - * Boolean, i.e the action can only be "enabled" or "disabled". Syntax: - - +name # enable action name - -name # disable action name - - Example: +block - - * Parameterized, where some value is required in order to enable this - type of action. Syntax: - - +name{param} # enable action and set parameter to param, - # overwriting parameter from previous match if necessary - -name # disable action. The parameter can be omitted - - Note that if the URL matches multiple positive forms of a - parameterized action, the last match wins, i.e. the params from - earlier matches are simply ignored. - - Example: +hide-user-agent{Mozilla/5.0 (X11; U; FreeBSD i386; en-US; - rv:1.8.1.4) Gecko/20070602 Firefox/2.0.0.4} - - * Multi-value. These look exactly like parameterized actions, but they - behave differently: If the action applies multiple times to the same - URL, but with different parameters, all the parameters from all - matches are remembered. This is used for actions that can be executed - for the same request repeatedly, like adding multiple headers, or - filtering through multiple filters. Syntax: - - +name{param} # enable action and add param to the list of parameters - -name{param} # remove the parameter param from the list of parameters - # If it was the last one left, disable the action. - -name # disable this action completely and remove all parameters from the list - - Examples: +add-header{X-Fun-Header: Some text} and - +filter{html-annoyances} - - If nothing is specified in any actions file, no "actions" are taken. So in - this case Privoxy would just be a normal, non-blocking, non-filtering - proxy. You must specifically enable the privacy and blocking features you - need (although the provided default actions files will give a good - starting point). - - Later defined action sections always over-ride earlier ones of the same - type. So exceptions to any rules you make, should come in the latter part - of the file (or in a file that is processed later when using multiple - actions files such as user.action). For multi-valued actions, the actions - are applied in the order they are specified. Actions files are processed - in the order they are defined in config (the default installation has - three actions files). It also quite possible for any given URL to match - more than one "pattern" (because of wildcards and regular expressions), - and thus to trigger more than one set of actions! Last match wins. - - The list of valid Privoxy actions are: - - -------------------------------------------------------------------------- - - 8.5.1. add-header - - Typical use: - - Confuse log analysis, custom applications - - Effect: - - Sends a user defined HTTP header to the web server. - - Type: - - Multi-value. - - Parameter: - - Any string value is possible. Validity of the defined HTTP headers - is not checked. It is recommended that you use the "X-" prefix for - custom headers. - - Notes: - - This action may be specified multiple times, in order to define - multiple headers. This is rarely needed for the typical user. If - you don't know what "HTTP headers" are, you definitely don't need - to worry about this one. - - Example usage: - - +add-header{X-User-Tracking: sucks} - - -------------------------------------------------------------------------- - - 8.5.2. block - - Typical use: - - Block ads or other unwanted content - - Effect: - - Requests for URLs to which this action applies are blocked, i.e. - the requests are trapped by Privoxy and the requested URL is never - retrieved, but is answered locally with a substitute page or - image, as determined by the handle-as-image, set-image-blocker, - and handle-as-empty-document actions. - - Type: - - Boolean. - - Parameter: - - N/A - - Notes: - - Privoxy sends a special "BLOCKED" page for requests to blocked - pages. This page contains links to find out why the request was - blocked, and a click-through to the blocked content (the latter - only if compiled with the force feature enabled). The "BLOCKED" - page adapts to the available screen space -- it displays - full-blown if space allows, or miniaturized and text-only if - loaded into a small frame or window. If you are using Privoxy - right now, you can take a look at the "BLOCKED" page. - - A very important exception occurs if both block and - handle-as-image, apply to the same request: it will then be - replaced by an image. If set-image-blocker (see below) also - applies, the type of image will be determined by its parameter, if - not, the standard checkerboard pattern is sent. - - It is important to understand this process, in order to understand - how Privoxy deals with ads and other unwanted content. Blocking is - a core feature, and one upon which various other features depend. - - The filter action can perform a very similar task, by "blocking" - banner images and other content through rewriting the relevant - URLs in the document's HTML source, so they don't get requested in - the first place. Note that this is a totally different technique, - and it's easy to confuse the two. - - Example usage (section): - - {+block} - # Block and replace with "blocked" page - .nasty-stuff.example.com - - {+block +handle-as-image} - # Block and replace with image - .ad.doubleclick.net - .ads.r.us/banners/ - - {+block +handle-as-empty-document} - # Block and then ignore - adserver.exampleclick.net/.*\.js$ - - -------------------------------------------------------------------------- - - 8.5.3. client-header-filter - - Typical use: - - Rewrite or remove single client headers. - - Effect: - - All client headers to which this action applies are filtered - on-the-fly through the specified regular expression based - substitutions. - - Type: - - Parameterized. - - Parameter: - - The name of a client-header filter, as defined in one of the - filter files. - - Notes: - - Client-header filters are applied to each header on its own, not - to all at once. This makes it easier to diagnose problems, but on - the downside you can't write filters that only change header x if - header y's value is z. You can do that by using tags though. - - Client-header filters are executed after the other header actions - have finished and use their output as input. - - If the request URL gets changed, Privoxy will detect that and use - the new one. This can be used to rewrite the request destination - behind the client's back, for example to specify a Tor exit relay - for certain requests. - - Please refer to the filter file chapter to learn which - client-header filters are available by default, and how to create - your own. - - Example usage (section): - - {+client-header-filter{hide-tor-exit-notation}} - .exit/ - - - -------------------------------------------------------------------------- - - 8.5.4. client-header-tagger - - Typical use: - - Block requests based on their headers. - - Effect: - - Client headers to which this action applies are filtered - on-the-fly through the specified regular expression based - substitutions, the result is used as tag. - - Type: - - Parameterized. - - Parameter: - - The name of a client-header tagger, as defined in one of the - filter files. - - Notes: - - Client-header taggers are applied to each header on its own, and - as the header isn't modified, each tagger "sees" the original. - - Client-header taggers are the first actions that are executed and - their tags can be used to control every other action. - - Example usage (section): - - # Tag every request with the User-Agent header - {+client-header-tagger{user-agent}} - / - - - -------------------------------------------------------------------------- - - 8.5.5. content-type-overwrite - - Typical use: - - Stop useless download menus from popping up, or change the - browser's rendering mode - - Effect: - - Replaces the "Content-Type:" HTTP server header. - - Type: - - Parameterized. - - Parameter: - - Any string. - - Notes: - - The "Content-Type:" HTTP server header is used by the browser to - decide what to do with the document. The value of this header can - cause the browser to open a download menu instead of displaying - the document by itself, even if the document's format is supported - by the browser. - - The declared content type can also affect which rendering mode the - browser chooses. If XHTML is delivered as "text/html", many - browsers treat it as yet another broken HTML document. If it is - send as "application/xml", browsers with XHTML support will only - display it, if the syntax is correct. - - If you see a web site that proudly uses XHTML buttons, but sets - "Content-Type: text/html", you can use Privoxy to overwrite it - with "application/xml" and validate the web master's claim inside - your XHTML-supporting browser. If the syntax is incorrect, the - browser will complain loudly. - - You can also go the opposite direction: if your browser prints - error messages instead of rendering a document falsely declared as - XHTML, you can overwrite the content type with "text/html" and - have it rendered as broken HTML document. - - By default content-type-overwrite only replaces "Content-Type:" - headers that look like some kind of text. If you want to overwrite - it unconditionally, you have to combine it with force-text-mode. - This limitation exists for a reason, think twice before - circumventing it. - - Most of the time it's easier to replace this action with a custom - server-header filter. It allows you to activate it for every - document of a certain site and it will still only replace the - content types you aimed at. - - Of course you can apply content-type-overwrite to a whole site and - then make URL based exceptions, but it's a lot more work to get - the same precision. - - Example usage (sections): - - # Check if www.example.net/ really uses valid XHTML - { +content-type-overwrite{application/xml} } - www.example.net/ - - # but leave the content type unmodified if the URL looks like a style sheet - {-content-type-overwrite} - www.example.net/.*\.css$ - www.example.net/.*style - - -------------------------------------------------------------------------- - - 8.5.6. crunch-client-header - - Typical use: - - Remove a client header Privoxy has no dedicated action for. - - Effect: - - Deletes every header sent by the client that contains the string - the user supplied as parameter. - - Type: - - Parameterized. - - Parameter: - - Any string. - - Notes: - - This action allows you to block client headers for which no - dedicated Privoxy action exists. Privoxy will remove every client - header that contains the string you supplied as parameter. - - Regular expressions are not supported and you can't use this - action to block different headers in the same request, unless they - contain the same string. - - crunch-client-header is only meant for quick tests. If you have to - block several different headers, or only want to modify parts of - them, you should use a client-header filter. - - +---------------------------------------------------------+ - | Warning | - |---------------------------------------------------------| - | Don't block any header without understanding the | - | consequences. | - +---------------------------------------------------------+ - - Example usage (section): - - # Block the non-existent "Privacy-Violation:" client header - { +crunch-client-header{Privacy-Violation:} } - / - - - -------------------------------------------------------------------------- - - 8.5.7. crunch-if-none-match - - Typical use: - - Prevent yet another way to track the user's steps between - sessions. - - Effect: - - Deletes the "If-None-Match:" HTTP client header. - - Type: - - Boolean. - - Parameter: - - N/A - - Notes: - - Removing the "If-None-Match:" HTTP client header is useful for - filter testing, where you want to force a real reload instead of - getting status code "304" which would cause the browser to use a - cached copy of the page. - - It is also useful to make sure the header isn't used as a cookie - replacement (unlikely but possible). - - Blocking the "If-None-Match:" header shouldn't cause any caching - problems, as long as the "If-Modified-Since:" header isn't blocked - or missing as well. - - It is recommended to use this action together with - hide-if-modified-since and overwrite-last-modified. - - Example usage (section): - - # Let the browser revalidate cached documents but don't - # allow the server to use the revalidation headers for user tracking. - {+hide-if-modified-since{-60} \ - +overwrite-last-modified{randomize} \ - +crunch-if-none-match} - / - - -------------------------------------------------------------------------- - - 8.5.8. crunch-incoming-cookies - - Typical use: - - Prevent the web server from setting HTTP cookies on your system - - Effect: - - Deletes any "Set-Cookie:" HTTP headers from server replies. - - Type: - - Boolean. - - Parameter: - - N/A - - Notes: - - This action is only concerned with incoming HTTP cookies. For - outgoing HTTP cookies, use crunch-outgoing-cookies. Use both to - disable HTTP cookies completely. - - It makes no sense at all to use this action in conjunction with - the session-cookies-only action, since it would prevent the - session cookies from being set. See also filter-content-cookies. - - Example usage: - - +crunch-incoming-cookies - - -------------------------------------------------------------------------- - - 8.5.9. crunch-server-header - - Typical use: - - Remove a server header Privoxy has no dedicated action for. - - Effect: - - Deletes every header sent by the server that contains the string - the user supplied as parameter. - - Type: - - Parameterized. - - Parameter: - - Any string. - - Notes: - - This action allows you to block server headers for which no - dedicated Privoxy action exists. Privoxy will remove every server - header that contains the string you supplied as parameter. - - Regular expressions are not supported and you can't use this - action to block different headers in the same request, unless they - contain the same string. - - crunch-server-header is only meant for quick tests. If you have to - block several different headers, or only want to modify parts of - them, you should use a custom server-header filter. - - +---------------------------------------------------------+ - | Warning | - |---------------------------------------------------------| - | Don't block any header without understanding the | - | consequences. | - +---------------------------------------------------------+ - - Example usage (section): - - # Crunch server headers that try to prevent caching - { +crunch-server-header{no-cache} } - / - - -------------------------------------------------------------------------- - - 8.5.10. crunch-outgoing-cookies - - Typical use: - - Prevent the web server from reading any HTTP cookies from your - system - - Effect: - - Deletes any "Cookie:" HTTP headers from client requests. - - Type: - - Boolean. - - Parameter: - - N/A - - Notes: - - This action is only concerned with outgoing HTTP cookies. For - incoming HTTP cookies, use crunch-incoming-cookies. Use both to - disable HTTP cookies completely. - - It makes no sense at all to use this action in conjunction with - the session-cookies-only action, since it would prevent the - session cookies from being read. - - Example usage: - - +crunch-outgoing-cookies - - -------------------------------------------------------------------------- - - 8.5.11. deanimate-gifs - - Typical use: - - Stop those annoying, distracting animated GIF images. - - Effect: - - De-animate GIF animations, i.e. reduce them to their first or last - image. - - Type: - - Parameterized. - - Parameter: - - "last" or "first" - - Notes: - - This will also shrink the images considerably (in bytes, not - pixels!). If the option "first" is given, the first frame of the - animation is used as the replacement. If "last" is given, the last - frame of the animation is used instead, which probably makes more - sense for most banner animations, but also has the risk of not - showing the entire last frame (if it is only a delta to an earlier - frame). - - You can safely use this action with patterns that will also match - non-GIF objects, because no attempt will be made at anything that - doesn't look like a GIF. - - Example usage: - - +deanimate-gifs{last} - - -------------------------------------------------------------------------- - - 8.5.12. downgrade-http-version - - Typical use: - - Work around (very rare) problems with HTTP/1.1 - - Effect: - - Downgrades HTTP/1.1 client requests and server replies to - HTTP/1.0. - - Type: - - Boolean. - - Parameter: - - N/A - - Notes: - - This is a left-over from the time when Privoxy didn't support - important HTTP/1.1 features well. It is left here for the unlikely - case that you experience HTTP/1.1 related problems with some - server out there. Not all HTTP/1.1 features and requirements are - supported yet, so there is a chance you might need this action. - - Example usage (section): - - {+downgrade-http-version} - problem-host.example.com - - -------------------------------------------------------------------------- - - 8.5.13. fast-redirects - - Typical use: - - Fool some click-tracking scripts and speed up indirect links. - - Effect: - - Detects redirection URLs and redirects the browser without - contacting the redirection server first. - - Type: - - Parameterized. - - Parameter: - - * "simple-check" to just search for the string "http://" to - detect redirection URLs. - - * "check-decoded-url" to decode URLs (if necessary) before - searching for redirection URLs. - - Notes: - - Many sites, like yahoo.com, don't just link to other sites. - Instead, they will link to some script on their own servers, - giving the destination as a parameter, which will then redirect - you to the final target. URLs resulting from this scheme typically - look like: - "http://www.example.org/click-tracker.cgi?target=http%3a//www.example.net/". - - Sometimes, there are even multiple consecutive redirects encoded - in the URL. These redirections via scripts make your web browsing - more traceable, since the server from which you follow such a link - can see where you go to. Apart from that, valuable bandwidth and - time is wasted, while your browser asks the server for one - redirect after the other. Plus, it feeds the advertisers. - - This feature is currently not very smart and is scheduled for - improvement. If it is enabled by default, you will have to create - some exceptions to this action. It can lead to failures in several - ways: - - Not every URLs with other URLs as parameters is evil. Some sites - offer a real service that requires this information to work. For - example a validation service needs to know, which document to - validate. fast-redirects assumes that every URL parameter that - looks like another URL is a redirection target, and will always - redirect to the last one. Most of the time the assumption is - correct, but if it isn't, the user gets redirected anyway. - - Another failure occurs if the URL contains other parameters after - the URL parameter. The URL: - "http://www.example.org/?redirect=http%3a//www.example.net/&foo=bar". - contains the redirection URL "http://www.example.net/", followed - by another parameter. fast-redirects doesn't know that and will - cause a redirect to "http://www.example.net/&foo=bar". Depending - on the target server configuration, the parameter will be silently - ignored or lead to a "page not found" error. You can prevent this - problem by first using the redirect action to remove the last part - of the URL, but it requires a little effort. - - To detect a redirection URL, fast-redirects only looks for the - string "http://", either in plain text (invalid but often used) or - encoded as "http%3a//". Some sites use their own URL encoding - scheme, encrypt the address of the target server or replace it - with a database id. In theses cases fast-redirects is fooled and - the request reaches the redirection server where it probably gets - logged. - - Example usage: - - { +fast-redirects{simple-check} } - one.example.com - - { +fast-redirects{check-decoded-url} } - another.example.com/testing - - -------------------------------------------------------------------------- - - 8.5.14. filter - - Typical use: - - Get rid of HTML and JavaScript annoyances, banner advertisements - (by size), do fun text replacements, add personalized effects, - etc. - - Effect: - - All instances of text-based type, most notably HTML and - JavaScript, to which this action applies, can be filtered - on-the-fly through the specified regular expression based - substitutions. (Note: as of version 3.0.3 plain text documents are - exempted from filtering, because web servers often use the - text/plain MIME type for all files whose type they don't know.) - - Type: - - Parameterized. - - Parameter: - - The name of a content filter, as defined in the filter file. - Filters can be defined in one or more files as defined by the - filterfile option in the config file. default.filter is the - collection of filters supplied by the developers. Locally defined - filters should go in their own file, such as user.filter. - - When used in its negative form, and without parameters, all - filtering is completely disabled. - - Notes: - - For your convenience, there are a number of pre-defined filters - available in the distribution filter file that you can use. See - the examples below for a list. - - Filtering requires buffering the page content, which may appear to - slow down page rendering since nothing is displayed until all - content has passed the filters. (It does not really take longer, - but seems that way since the page is not incrementally displayed.) - This effect will be more noticeable on slower connections. - - "Rolling your own" filters requires a knowledge of "Regular - Expressions" and "HTML". This is very powerful feature, and - potentially very intrusive. Filters should be used with caution, - and where an equivalent "action" is not available. - - The amount of data that can be filtered is limited to the - buffer-limit option in the main config file. The default is 4096 - KB (4 Megs). Once this limit is exceeded, the buffered data, and - all pending data, is passed through unfiltered. - - Inappropriate MIME types, such as zipped files, are not filtered - at all. (Again, only text-based types except plain text). - Encrypted SSL data (from HTTPS servers) cannot be filtered either, - since this would violate the integrity of the secure transaction. - In some situations it might be necessary to protect certain text, - like source code, from filtering by defining appropriate -filter - exceptions. - - Compressed content can't be filtered either, unless Privoxy is - compiled with zlib support (requires at least Privoxy 3.0.7), in - which case Privoxy will decompress the content before filtering - it. - - If you use a Privoxy version without zlib support, but want - filtering to work on as much documents as possible, even those - that would normally be sent compressed, you must use the - prevent-compression action in conjunction with filter. - - Content filtering can achieve some of the same effects as the - block action, i.e. it can be used to block ads and banners. But - the mechanism works quite differently. One effective use, is to - block ad banners based on their size (see below), since many of - these seem to be somewhat standardized. - - Feedback with suggestions for new or improved filters is - particularly welcome! - - The below list has only the names and a one-line description of - each predefined filter. There are more verbose explanations of - what these filters do in the filter file chapter. - - Example usage (with filters from the distribution default.filter file). - See the Predefined Filters section for more explanation on each: - -+filter{js-annoyances} # Get rid of particularly annoying JavaScript abuse - -+filter{js-events} # Kill all JS event bindings (Radically destructive! Only for extra nasty sites) - - +filter{html-annoyances} # Get rid of particularly annoying HTML abuse - - +filter{content-cookies} # Kill cookies that come in the HTML or JS content - -+filter{refresh-tags} # Kill automatic refresh tags (for dial-on-demand setups) - -+filter{unsolicited-popups} # Disable only unsolicited pop-up windows. Useful if your browser lacks this ability. - -+filter{all-popups} # Kill all popups in JavaScript and HTML. Useful if your browser lacks this ability. - -+filter{img-reorder} # Reorder attributes in <img> tags to make the banners-by-* filters more effective - - +filter{banners-by-size} # Kill banners by size - -+filter{banners-by-link} # Kill banners by their links to known clicktrackers - -+filter{webbugs} # Squish WebBugs (1x1 invisible GIFs used for user tracking) - -+filter{tiny-textforms} # Extend those tiny textareas up to 40x80 and kill the hard wrap - -+filter{jumping-windows} # Prevent windows from resizing and moving themselves - - +filter{frameset-borders} # Give frames a border and make them resizeable - - +filter{demoronizer} # Fix MS's non-standard use of standard charsets - - +filter{shockwave-flash} # Kill embedded Shockwave Flash objects - - +filter{quicktime-kioskmode} # Make Quicktime movies savable - - +filter{fun} # Text replacements for subversive browsing fun! - - +filter{crude-parental} # Crude parental filtering (demo only) - - +filter{ie-exploits} # Disable a known Internet Explorer bug exploits - -+filter{site-specifics} # Custom filters for specific site related problems - -+filter{google} # Removes text ads and other Google specific improvements - -+filter{yahoo} # Removes text ads and other Yahoo specific improvements - -+filter{msn} # Removes text ads and other MSN specific improvements - - +filter{blogspot} # Cleans up Blogspot blogs - -+filter{no-ping} # Removes non-standard ping attributes from anchor and area tags - - -------------------------------------------------------------------------- - - 8.5.15. force-text-mode - - Typical use: - - Force Privoxy to treat a document as if it was in some kind of - text format. - - Effect: - - Declares a document as text, even if the "Content-Type:" isn't - detected as such. - - Type: - - Boolean. - - Parameter: - - N/A - - Notes: - - As explained above, Privoxy tries to only filter files that are in - some kind of text format. The same restrictions apply to - content-type-overwrite. force-text-mode declares a document as - text, without looking at the "Content-Type:" first. - - +---------------------------------------------------------+ - | Warning | - |---------------------------------------------------------| - | Think twice before activating this action. Filtering | - | binary data with regular expressions can cause file | - | damage. | - +---------------------------------------------------------+ - - Example usage: - - +force-text-mode - - - -------------------------------------------------------------------------- - - 8.5.16. forward-override - - Typical use: - - Change the forwarding settings based on User-Agent or request - origin - - Effect: - - Overrules the forward directives in the configuration file. - - Type: - - Multi-value. - - Parameter: - - * "forward ." to use a direct connection without any additional - proxies. - - * "forward 127.0.0.1:8123" to use the HTTP proxy listening at - 127.0.0.1 port 8123. - - * "forward-socks4a 127.0.0.1:9050 ." to use the socks4a proxy - listening at 127.0.0.1 port 9050. Replace "forward-socks4a" - with "forward-socks4" to use a socks4 connection (with local - DNS resolution) instead. - - * "forward-socks4a 127.0.0.1:9050 proxy.example.org:8000" to - use the socks4a proxy listening at 127.0.0.1 port 9050 to - reach the HTTP proxy listening at proxy.example.org port - 8000. Replace "forward-socks4a" with "forward-socks4" to use - a socks4 connection (with local DNS resolution) instead. - - Notes: - - This action takes parameters similar to the forward directives in - the configuration file, but without the URL pattern. It can be - used as replacement, but normally it's only used in cases where - matching based on the request URL isn't sufficient. - - +---------------------------------------------------------+ - | Warning | - |---------------------------------------------------------| - | Please read the description for the forward directives | - | before using this action. Forwarding to the wrong | - | people will reduce your privacy and increase the | - | chances of man-in-the-middle attacks. | - | | - | If the ports are missing or invalid, default values | - | will be used. This might change in the future and you | - | shouldn't rely on it. Otherwise incorrect syntax causes | - | Privoxy to exit. | - | | - | Use the show-url-info CGI page to verify that your | - | forward settings do what you thought the do. | - +---------------------------------------------------------+ - - Example usage: - - # Always use direct connections for requests previously tagged as - # "User-Agent: fetch libfetch/2.0" and make sure - # resuming downloads continues to work. - # This way you can continue to use Tor for your normal browsing, - # without overloading the Tor network with your FreeBSD ports updates - # or downloads of bigger files like ISOs. - # Note that HTTP headers are easy to fake and therefore their - # values are as (un)trustworthy as your clients and users. - {+forward-override{forward .} \ - -hide-if-modified-since \ - -overwrite-last-modified \ - } - TAG:^User-Agent: fetch libfetch/2\.0$ - - - -------------------------------------------------------------------------- - - 8.5.17. handle-as-empty-document - - Typical use: - - Mark URLs that should be replaced by empty documents if they get - blocked - - Effect: - - This action alone doesn't do anything noticeable. It just marks - URLs. If the block action also applies, the presence or absence of - this mark decides whether an HTML "BLOCKED" page, or an empty - document will be sent to the client as a substitute for the - blocked content. The empty document isn't literally empty, but - actually contains a single space. - - Type: - - Boolean. - - Parameter: - - N/A - - Notes: - - Some browsers complain about syntax errors if JavaScript documents - are blocked with Privoxy's default HTML page; this option can be - used to silence them. And of course this action can also be used - to eliminate the Privoxy BLOCKED message in frames. - - The content type for the empty document can be specified with - content-type-overwrite{}, but usually this isn't necessary. - - Example usage: - - # Block all documents on example.org that end with ".js", - # but send an empty document instead of the usual HTML message. - {+block +handle-as-empty-document} - example.org/.*\.js$ - - - -------------------------------------------------------------------------- - - 8.5.18. handle-as-image - - Typical use: - - Mark URLs as belonging to images (so they'll be replaced by images - if they do get blocked, rather than HTML pages) - - Effect: - - This action alone doesn't do anything noticeable. It just marks - URLs as images. If the block action also applies, the presence or - absence of this mark decides whether an HTML "blocked" page, or a - replacement image (as determined by the set-image-blocker action) - will be sent to the client as a substitute for the blocked - content. - - Type: - - Boolean. - - Parameter: - - N/A - - Notes: - - The below generic example section is actually part of - default.action. It marks all URLs with well-known image file name - extensions as images and should be left intact. - - Users will probably only want to use the handle-as-image action in - conjunction with block, to block sources of banners, whose URLs - don't reflect the file type, like in the second example section. - - Note that you cannot treat HTML pages as images in most cases. For - instance, (in-line) ad frames require an HTML page to be sent, or - they won't display properly. Forcing handle-as-image in this - situation will not replace the ad frame with an image, but lead to - error messages. - - Example usage (sections): - - # Generic image extensions: - # - {+handle-as-image} - /.*\.(gif|jpg|jpeg|png|bmp|ico)$ - - # These don't look like images, but they're banners and should be - # blocked as images: - # - {+block +handle-as-image} - some.nasty-banner-server.com/junk.cgi\?output=trash - - # Banner source! Who cares if they also have non-image content? - ad.doubleclick.net - - -------------------------------------------------------------------------- - - 8.5.19. hide-accept-language - - Typical use: - - Pretend to use different language settings. - - Effect: - - Deletes or replaces the "Accept-Language:" HTTP header in client - requests. - - Type: - - Parameterized. - - Parameter: - - Keyword: "block", or any user defined value. - - Notes: - - Faking the browser's language settings can be useful to make a - foreign User-Agent set with hide-user-agent more believable. - - However some sites with content in different languages check the - "Accept-Language:" to decide which one to take by default. - Sometimes it isn't possible to later switch to another language - without changing the "Accept-Language:" header first. - - Therefore it's a good idea to either only change the - "Accept-Language:" header to languages you understand, or to - languages that aren't wide spread. - - Before setting the "Accept-Language:" header to a rare language, - you should consider that it helps to make your requests unique and - thus easier to trace. If you don't plan to change this header - frequently, you should stick to a common language. - - Example usage (section): - -# Pretend to use Canadian language settings. -{+hide-accept-language{en-ca} \ -+hide-user-agent{Mozilla/5.0 (X11; U; OpenBSD i386; en-CA; rv:1.8.0.4) Gecko/20060628 Firefox/1.5.0.4} \ -} -/ - - -------------------------------------------------------------------------- - - 8.5.20. hide-content-disposition - - Typical use: - - Prevent download menus for content you prefer to view inside the - browser. - - Effect: - - Deletes or replaces the "Content-Disposition:" HTTP header set by - some servers. - - Type: - - Parameterized. - - Parameter: - - Keyword: "block", or any user defined value. - - Notes: - - Some servers set the "Content-Disposition:" HTTP header for - documents they assume you want to save locally before viewing - them. The "Content-Disposition:" header contains the file name the - browser is supposed to use by default. - - In most browsers that understand this header, it makes it - impossible to just view the document, without downloading it - first, even if it's just a simple text file or an image. - - Removing the "Content-Disposition:" header helps to prevent this - annoyance, but some browsers additionally check the - "Content-Type:" header, before they decide if they can display a - document without saving it first. In these cases, you have to - change this header as well, before the browser stops displaying - download menus. - - It is also possible to change the server's file name suggestion to - another one, but in most cases it isn't worth the time to set it - up. - - This action will probably be removed in the future, use - server-header filters instead. - - Example usage: - - # Disarm the download link in Sourceforge's patch tracker - { -filter \ - +content-type-overwrite{text/plain}\ - +hide-content-disposition{block} } - .sourceforge.net/tracker/download\.php - - -------------------------------------------------------------------------- - - 8.5.21. hide-if-modified-since - - Typical use: - - Prevent yet another way to track the user's steps between - sessions. - - Effect: - - Deletes the "If-Modified-Since:" HTTP client header or modifies - its value. - - Type: - - Parameterized. - - Parameter: - - Keyword: "block", or a user defined value that specifies a range - of hours. - - Notes: - - Removing this header is useful for filter testing, where you want - to force a real reload instead of getting status code "304", which - would cause the browser to use a cached copy of the page. - - Instead of removing the header, hide-if-modified-since can also - add or subtract a random amount of time to/from the header's - value. You specify a range of minutes where the random factor - should be chosen from and Privoxy does the rest. A negative value - means subtracting, a positive value adding. - - Randomizing the value of the "If-Modified-Since:" makes it less - likely that the server can use the time as a cookie replacement, - but you will run into caching problems if the random range is too - high. - - It is a good idea to only use a small negative value and let - overwrite-last-modified handle the greater changes. - - It is also recommended to use this action together with - crunch-if-none-match, otherwise it's more or less pointless. - - Example usage (section): - - # Let the browser revalidate but make tracking based on the time less likely. - {+hide-if-modified-since{-60} \ - +overwrite-last-modified{randomize} \ - +crunch-if-none-match} - / - - -------------------------------------------------------------------------- - - 8.5.22. hide-forwarded-for-headers - - Typical use: - - Improve privacy by not forwarding the source of the request in the - HTTP headers. - - Effect: - - Deletes any existing "X-Forwarded-for:" HTTP header from client - requests. - - Type: - - Boolean. - - Parameter: - - N/A - - Notes: - - It is safe and recommended to leave this on. - - Example usage: - - +hide-forwarded-for-headers - - -------------------------------------------------------------------------- - - 8.5.23. hide-from-header - - Typical use: - - Keep your (old and ill) browser from telling web servers your - email address - - Effect: - - Deletes any existing "From:" HTTP header, or replaces it with the - specified string. - - Type: - - Parameterized. - - Parameter: - - Keyword: "block", or any user defined value. - - Notes: - - The keyword "block" will completely remove the header (not to be - confused with the block action). - - Alternately, you can specify any value you prefer to be sent to - the web server. If you do, it is a matter of fairness not to use - any address that is actually used by a real person. - - This action is rarely needed, as modern web browsers don't send - "From:" headers anymore. - - Example usage: - - +hide-from-header{block} - - or - - +hide-from-header{spam-me-senseless@sittingduck.example.com} - - -------------------------------------------------------------------------- - - 8.5.24. hide-referrer - - Typical use: - - Conceal which link you followed to get to a particular site - - Effect: - - Deletes the "Referer:" (sic) HTTP header from the client request, - or replaces it with a forged one. - - Type: - - Parameterized. - - Parameter: - - * "conditional-block" to delete the header completely if the - host has changed. - - * "conditional-forge" to forge the header if the host has - changed. - - * "block" to delete the header unconditionally. - - * "forge" to pretend to be coming from the homepage of the - server we are talking to. - - * Any other string to set a user defined referrer. - - Notes: - - conditional-block is the only parameter, that isn't easily - detected in the server's log file. If it blocks the referrer, the - request will look like the visitor used a bookmark or typed in the - address directly. - - Leaving the referrer unmodified for requests on the same host - allows the server owner to see the visitor's "click path", but in - most cases she could also get that information by comparing other - parts of the log file: for example the User-Agent if it isn't a - very common one, or the user's IP address if it doesn't change - between different requests. - - Always blocking the referrer, or using a custom one, can lead to - failures on servers that check the referrer before they answer any - requests, in an attempt to prevent their content from being - embedded or linked to elsewhere. - - Both conditional-block and forge will work with referrer checks, - as long as content and valid referring page are on the same host. - Most of the time that's the case. - - hide-referer is an alternate spelling of hide-referrer and the two - can be can be freely substituted with each other. ("referrer" is - the correct English spelling, however the HTTP specification has a - bug - it requires it to be spelled as "referer".) - - Example usage: - - +hide-referrer{forge} - - or - - +hide-referrer{http://www.yahoo.com/} - - -------------------------------------------------------------------------- - - 8.5.25. hide-user-agent - - Typical use: - - Try to conceal your type of browser and client operating system - - Effect: - - Replaces the value of the "User-Agent:" HTTP header in client - requests with the specified value. - - Type: - - Parameterized. - - Parameter: - - Any user-defined string. - - Notes: - - +---------------------------------------------------------+ - | Warning | - |---------------------------------------------------------| - | This can lead to problems on web sites that depend on | - | looking at this header in order to customize their | - | content for different browsers (which, by the way, is | - | NOT the right thing to do: good web sites work | - | browser-independently). | - +---------------------------------------------------------+ - - Using this action in multi-user setups or wherever different types - of browsers will access the same Privoxy is not recommended. In - single-user, single-browser setups, you might use it to delete - your OS version information from the headers, because it is an - invitation to exploit known bugs for your OS. It is also - occasionally useful to forge this in order to access sites that - won't let you in otherwise (though there may be a good reason in - some cases). Example of this: some MSN sites will not let Mozilla - enter, yet forging to a Netscape 6.1 user-agent works just fine. - (Must be just a silly MS goof, I'm sure :-). - - More information on known user-agent strings can be found at - http://www.user-agents.org/ and - http://en.wikipedia.org/wiki/User_agent. - - Example usage: - - +hide-user-agent{Netscape 6.1 (X11; I; Linux 2.4.18 i686)} - - -------------------------------------------------------------------------- - - 8.5.26. inspect-jpegs - - Typical use: - - Try to protect against a MS buffer over-run in JPEG processing - - Effect: - - Protect against a known exploit - - Type: - - Boolean. - - Parameter: - - N/A - - Notes: - - See Microsoft Security Bulletin MS04-028. JPEG images are one of - the most common image types found across the Internet. The exploit - as described can allow execution of code on the target system, - giving an attacker access to the system in question by merely - planting an altered JPEG image, which would have no obvious - indications of what lurks inside. This action tries to prevent - this exploit if delivered through unencrypted HTTP. - - Note that the exploit mentioned is several years old and it's - unlikely that your client is still vulnerable against it. This - action may be removed in one of the next releases. - - Example usage: - - +inspect-jpegs - - -------------------------------------------------------------------------- - - 8.5.27. kill-popups - - Typical use: - - Eliminate those annoying pop-up windows (deprecated) - - Effect: - - While loading the document, replace JavaScript code that opens - pop-up windows with (syntactically neutral) dummy code on the fly. - - Type: - - Boolean. - - Parameter: - - N/A - - Notes: - - This action is basically a built-in, hardwired special-purpose - filter action, but there are important differences: For - kill-popups, the document need not be buffered, so it can be - incrementally rendered while downloading. But kill-popups doesn't - catch as many pop-ups as filter{all-popups} does and is not as - smart as filter{unsolicited-popups} is. - - Think of it as a fast and efficient replacement for a filter that - you can use if you don't want any filtering at all. Note that it - doesn't make sense to combine it with any filter action, since as - soon as one filter applies, the whole document needs to be - buffered anyway, which destroys the advantage of the kill-popups - action over its filter equivalent. - - Killing all pop-ups unconditionally is problematic. Many shops and - banks rely on pop-ups to display forms, shopping carts etc, and - the filter{unsolicited-popups} does a better job of catching only - the unwanted ones. - - If the only kind of pop-ups that you want to kill are exit - consoles (those really nasty windows that appear when you close an - other one), you might want to use filter{js-annoyances} instead. - - This action is most appropriate for browsers that don't have any - controls for unwanted pop-ups. Not recommended for general usage. - - This action doesn't work very reliable and may be removed in - future releases. - - Example usage: - - +kill-popups - - -------------------------------------------------------------------------- - - 8.5.28. limit-connect - - Typical use: - - Prevent abuse of Privoxy as a TCP proxy relay or disable SSL for - untrusted sites - - Effect: - - Specifies to which ports HTTP CONNECT requests are allowable. - - Type: - - Parameterized. - - Parameter: - - A comma-separated list of ports or port ranges (the latter using - dashes, with the minimum defaulting to 0 and the maximum to 65K). - - Notes: - - By default, i.e. if no limit-connect action applies, Privoxy only - allows HTTP CONNECT requests to port 443 (the standard, secure - HTTPS port). Use limit-connect if more fine-grained control is - desired for some or all destinations. - - The CONNECT methods exists in HTTP to allow access to secure - websites ("https://" URLs) through proxies. It works very simply: - the proxy connects to the server on the specified port, and then - short-circuits its connections to the client and to the remote - server. This means CONNECT-enabled proxies can be used as TCP - relays very easily. - - Privoxy relays HTTPS traffic without seeing the decoded content. - Websites can leverage this limitation to circumvent Privoxy's - filters. By specifying an invalid port range you can disable HTTPS - entirely. If you plan to disable SSL by default, consider enabling - treat-forbidden-connects-like-blocks as well, to be able to - quickly create exceptions. - - Example usages: - -+limit-connect{443} # This is the default and need not be specified. -+limit-connect{80,443} # Ports 80 and 443 are OK. -+limit-connect{-3, 7, 20-100, 500-} # Ports less than 3, 7, 20 to 100 and above 500 are OK. -+limit-connect{-} # All ports are OK -+limit-connect{,} # No HTTPS/SSL traffic is allowed - - -------------------------------------------------------------------------- - - 8.5.29. prevent-compression - - Typical use: - - Ensure that servers send the content uncompressed, so it can be - passed through filters. - - Effect: - - Removes the Accept-Encoding header which can be used to ask for - compressed transfer. - - Type: - - Boolean. - - Parameter: - - N/A - - Notes: - - More and more websites send their content compressed by default, - which is generally a good idea and saves bandwidth. But the - filter, deanimate-gifs and kill-popups actions need access to the - uncompressed data. - - When compiled with zlib support (available since Privoxy 3.0.7), - content that should be filtered is decompressed on-the-fly and you - don't have to worry about this action. If you are using an older - Privoxy version, or one that hasn't been compiled with zlib - support, this action can be used to convince the server to send - the content uncompressed. - - Most text-based instances compress very well, the size is seldom - decreased by less than 50%, for markup-heavy instances like news - feeds saving more than 90% of the original size isn't unusual. - - Not using compression will therefore slow down the transfer, and - you should only enable this action if you really need it. As of - Privoxy 3.0.7 it's disabled in all predefined action settings. - - Note that some (rare) ill-configured sites don't handle requests - for uncompressed documents correctly. Broken PHP applications tend - to send an empty document body, some IIS versions only send the - beginning of the content. If you enable prevent-compression per - default, you might want to add exceptions for those sites. See the - example for how to do that. - - Example usage (sections): - - # Selectively turn off compression, and enable a filter - # - { +filter{tiny-textforms} +prevent-compression } - # Match only these sites - .google. - sourceforge.net - sf.net - - # Or instead, we could set a universal default: - # - { +prevent-compression } - / # Match all sites - - # Then maybe make exceptions for broken sites: - # - { -prevent-compression } - .compusa.com/ - - -------------------------------------------------------------------------- - - 8.5.30. overwrite-last-modified - - Typical use: - - Prevent yet another way to track the user's steps between - sessions. - - Effect: - - Deletes the "Last-Modified:" HTTP server header or modifies its - value. - - Type: - - Parameterized. - - Parameter: - - One of the keywords: "block", "reset-to-request-time" and - "randomize" - - Notes: - - Removing the "Last-Modified:" header is useful for filter testing, - where you want to force a real reload instead of getting status - code "304", which would cause the browser to reuse the old version - of the page. - - The "randomize" option overwrites the value of the - "Last-Modified:" header with a randomly chosen time between the - original value and the current time. In theory the server could - send each document with a different "Last-Modified:" header to - track visits without using cookies. "Randomize" makes it - impossible and the browser can still revalidate cached documents. - - "reset-to-request-time" overwrites the value of the - "Last-Modified:" header with the current time. You could use this - option together with hided-if-modified-since to further customize - your random range. - - The preferred parameter here is "randomize". It is safe to use, as - long as the time settings are more or less correct. If the server - sets the "Last-Modified:" header to the time of the request, the - random range becomes zero and the value stays the same. Therefore - you should later randomize it a second time with - hided-if-modified-since, just to be sure. - - It is also recommended to use this action together with - crunch-if-none-match. - - Example usage: - - # Let the browser revalidate without being tracked across sessions - { +hide-if-modified-since{-60} \ - +overwrite-last-modified{randomize} \ - +crunch-if-none-match} - / - - -------------------------------------------------------------------------- - - 8.5.31. redirect - - Typical use: - - Redirect requests to other sites. - - Effect: - - Convinces the browser that the requested document has been moved - to another location and the browser should get it from there. - - Type: - - Parameterized - - Parameter: - - An absolute URL or a single pcrs command. - - Notes: - - Requests to which this action applies are answered with a HTTP - redirect to URLs of your choosing. The new URL is either provided - as parameter, or derived by applying a single pcrs command to the - original URL. - - This action will be ignored if you use it together with block. It - can be combined with fast-redirects{check-decoded-url} to redirect - to a decoded version of a rewritten URL. - - Use this action carefully, make sure not to create redirection - loops and be aware that using your own redirects might make it - possible to fingerprint your requests. - - Example usages: - - # Replace example.com's style sheet with another one - { +redirect{http://localhost/css-replacements/example.com.css} } - example.com/stylesheet\.css - - # Create a short, easy to remember nickname for a favorite site - # (relies on the browser accept and forward invalid URLs to Privoxy) - { +redirect{http://www.privoxy.org/user-manual/actions-file.html} } - a - - # Always use the expanded view for Undeadly.org articles - # (Note the $ at the end of the URL pattern to make sure - # the request for the rewritten URL isn't redirected as well) - {+redirect{s@$@&mode=expanded@}} - undeadly.org/cgi\?action=article&sid=\d*$ - - -------------------------------------------------------------------------- - - 8.5.32. send-vanilla-wafer - - Typical use: - - Feed log analysis scripts with useless data. - - Effect: - - Sends a cookie with each request stating that you do not accept - any copyright on cookies sent to you, and asking the site operator - not to track you. - - Type: - - Boolean. - - Parameter: - - N/A - - Notes: - - The vanilla wafer is a (relatively) unique header and could - conceivably be used to track you. - - This action is rarely used and not enabled in the default - configuration. - - Example usage: - - +send-vanilla-wafer - - -------------------------------------------------------------------------- - - 8.5.33. send-wafer - - Typical use: - - Send custom cookies or feed log analysis scripts with even more - useless data. - - Effect: - - Sends a custom, user-defined cookie with each request. - - Type: - - Multi-value. - - Parameter: - - A string of the form "name=value". - - Notes: - - Being multi-valued, multiple instances of this action can apply to - the same request, resulting in multiple cookies being sent. - - This action is rarely used and not enabled in the default - configuration. - - Example usage (section): - - {+send-wafer{UsingPrivoxy=true}} - my-internal-testing-server.void - - -------------------------------------------------------------------------- - - 8.5.34. server-header-filter - - Typical use: - - Rewrite or remove single server headers. - - Effect: - - All server headers to which this action applies are filtered - on-the-fly through the specified regular expression based - substitutions. - - Type: - - Parameterized. - - Parameter: - - The name of a server-header filter, as defined in one of the - filter files. - - Notes: - - Server-header filters are applied to each header on its own, not - to all at once. This makes it easier to diagnose problems, but on - the downside you can't write filters that only change header x if - header y's value is z. You can do that by using tags though. - - Server-header filters are executed after the other header actions - have finished and use their output as input. - - Please refer to the filter file chapter to learn which - server-header filters are available by default, and how to create - your own. - - Example usage (section): - - {+server-header-filter{html-to-xml}} - example.org/xml-instance-that-is-delivered-as-html - - {+server-header-filter{xml-to-html}} - example.org/instance-that-is-delivered-as-xml-but-is-not - - - -------------------------------------------------------------------------- - - 8.5.35. server-header-tagger - - Typical use: - - Enable or disable filters based on the Content-Type header. - - Effect: - - Server headers to which this action applies are filtered - on-the-fly through the specified regular expression based - substitutions, the result is used as tag. - - Type: - - Parameterized. - - Parameter: - - The name of a server-header tagger, as defined in one of the - filter files. - - Notes: - - Server-header taggers are applied to each header on its own, and - as the header isn't modified, each tagger "sees" the original. - - Server-header taggers are executed before all other header actions - that modify server headers. Their tags can be used to control all - of the other server-header actions, the content filters and the - crunch actions (redirect and block). - - Obviously crunching based on tags created by server-header taggers - doesn't prevent the request from showing up in the server's log - file. - - Example usage (section): - - # Tag every request with the content type declared by the server - {+server-header-tagger{content-type}} - / - - - -------------------------------------------------------------------------- - - 8.5.36. session-cookies-only - - Typical use: - - Allow only temporary "session" cookies (for the current browser - session only). - - Effect: - - Deletes the "expires" field from "Set-Cookie:" server headers. - Most browsers will not store such cookies permanently and forget - them in between sessions. - - Type: - - Boolean. - - Parameter: - - N/A - - Notes: - - This is less strict than crunch-incoming-cookies / - crunch-outgoing-cookies and allows you to browse websites that - insist or rely on setting cookies, without compromising your - privacy too badly. - - Most browsers will not permanently store cookies that have been - processed by session-cookies-only and will forget about them - between sessions. This makes profiling cookies useless, but won't - break sites which require cookies so that you can log in for - transactions. This is generally turned on for all sites, and is - the recommended setting. - - It makes no sense at all to use session-cookies-only together with - crunch-incoming-cookies or crunch-outgoing-cookies. If you do, - cookies will be plainly killed. - - Note that it is up to the browser how it handles such cookies - without an "expires" field. If you use an exotic browser, you - might want to try it out to be sure. - - This setting also has no effect on cookies that may have been - stored previously by the browser before starting Privoxy. These - would have to be removed manually. - - Privoxy also uses the content-cookies filter to block some types - of cookies. Content cookies are not effected by - session-cookies-only. - - Example usage: - - +session-cookies-only - - -------------------------------------------------------------------------- - - 8.5.37. set-image-blocker - - Typical use: - - Choose the replacement for blocked images - - Effect: - - This action alone doesn't do anything noticeable. If both block - and handle-as-image also apply, i.e. if the request is to be - blocked as an image, then the parameter of this action decides - what will be sent as a replacement. - - Type: - - Parameterized. - - Parameter: - - * "pattern" to send a built-in checkerboard pattern image. The - image is visually decent, scales very well, and makes it - obvious where banners were busted. - - * "blank" to send a built-in transparent image. This makes - banners disappear completely, but makes it hard to detect - where Privoxy has blocked images on a given page and - complicates troubleshooting if Privoxy has blocked innocent - images, like navigation icons. - - * "target-url" to send a redirect to target-url. You can - redirect to any image anywhere, even in your local filesystem - via "file:///" URL. (But note that not all browsers support - redirecting to a local file system). - - A good application of redirects is to use special - Privoxy-built-in URLs, which send the built-in images, as - target-url. This has the same visual effect as specifying - "blank" or "pattern" in the first place, but enables your - browser to cache the replacement image, instead of requesting - it over and over again. - - Notes: - - The URLs for the built-in images are - "http://config.privoxy.org/send-banner?type=type", where type is - either "blank" or "pattern". - - There is a third (advanced) type, called "auto". It is NOT to be - used in set-image-blocker, but meant for use from filters. Auto - will select the type of image that would have applied to the - referring page, had it been an image. - - Example usage: - - Built-in pattern: - - +set-image-blocker{pattern} - - Redirect to the BSD daemon: - - +set-image-blocker{http://www.freebsd.org/gifs/dae_up3.gif} - - Redirect to the built-in pattern for better caching: - - +set-image-blocker{http://config.privoxy.org/send-banner?type=pattern} - - -------------------------------------------------------------------------- - - 8.5.38. treat-forbidden-connects-like-blocks - - Typical use: - - Block forbidden connects with an easy to find error message. - - Effect: - - If this action is enabled, Privoxy no longer makes a difference - between forbidden connects and ordinary blocks. - - Type: - - Boolean - - Parameter: - - N/A - - Notes: - - By default Privoxy answers forbidden "Connect" requests with a - short error message inside the headers. If the browser doesn't - display headers (most don't), you just see an empty page. - - With this action enabled, Privoxy displays the message that is - used for ordinary blocks instead. If you decide to make an - exception for the page in question, you can do so by following the - "See why" link. - - For "Connect" requests the clients tell Privoxy which host they - are interested in, but not which document they plan to get later. - As a result, the "Go there anyway" wouldn't work and is therefore - suppressed. - - Example usage: - - +treat-forbidden-connects-like-blocks - - -------------------------------------------------------------------------- - - 8.5.39. Summary - - Note that many of these actions have the potential to cause a page to - misbehave, possibly even not to display at all. There are many ways a site - designer may choose to design his site, and what HTTP header content, and - other criteria, he may depend on. There is no way to have hard and fast - rules for all sites. See the Appendix for a brief example on - troubleshooting actions. - - -------------------------------------------------------------------------- - - 8.6. Aliases - - Custom "actions", known to Privoxy as "aliases", can be defined by - combining other actions. These can in turn be invoked just like the - built-in actions. Currently, an alias name can contain any character - except space, tab, "=", "{" and "}", but we strongly recommend that you - only use "a" to "z", "0" to "9", "+", and "-". Alias names are not case - sensitive, and are not required to start with a "+" or "-" sign, since - they are merely textually expanded. - - Aliases can be used throughout the actions file, but they must be defined - in a special section at the top of the file! And there can only be one - such section per actions file. Each actions file may have its own alias - section, and the aliases defined in it are only visible within that file. - - There are two main reasons to use aliases: One is to save typing for - frequently used combinations of actions, the other one is a gain in - flexibility: If you decide once how you want to handle shops by defining - an alias called "shop", you can later change your policy on shops in one - place, and your changes will take effect everywhere in the actions file - where the "shop" alias is used. Calling aliases by their purpose also - makes your actions files more readable. - - Currently, there is one big drawback to using aliases, though: Privoxy's - built-in web-based action file editor honors aliases when reading the - actions files, but it expands them before writing. So the effects of your - aliases are of course preserved, but the aliases themselves are lost when - you edit sections that use aliases with it. - - Now let's define some aliases... - - # Useful custom aliases we can use later. - # - # Note the (required!) section header line and that this section - # must be at the top of the actions file! - # - {{alias}} - - # These aliases just save typing later: - # (Note that some already use other aliases!) - # - +crunch-all-cookies = +crunch-incoming-cookies +crunch-outgoing-cookies - -crunch-all-cookies = -crunch-incoming-cookies -crunch-outgoing-cookies - +block-as-image = +block +handle-as-image - allow-all-cookies = -crunch-all-cookies -session-cookies-only -filter{content-cookies} - - # These aliases define combinations of actions - # that are useful for certain types of sites: - # - fragile = -block -filter -crunch-all-cookies -fast-redirects -hide-referrer -kill-popups -prevent-compression - - shop = -crunch-all-cookies -filter{all-popups} -kill-popups - - # Short names for other aliases, for really lazy people ;-) - # - c0 = +crunch-all-cookies - c1 = -crunch-all-cookies - - ...and put them to use. These sections would appear in the lower part of - an actions file and define exceptions to the default actions (as specified - further up for the "/" pattern): - - # These sites are either very complex or very keen on - # user data and require minimal interference to work: - # - {fragile} - .office.microsoft.com - .windowsupdate.microsoft.com - # Gmail is really mail.google.com, not gmail.com - mail.google.com - - # Shopping sites: - # Allow cookies (for setting and retrieving your customer data) - # - {shop} - .quietpc.com - .worldpay.com # for quietpc.com - mybank.example.com - - # These shops require pop-ups: - # - {-kill-popups -filter{all-popups} -filter{unsolicited-popups}} - .dabs.com - .overclockers.co.uk - - Aliases like "shop" and "fragile" are typically used for "problem" sites - that require more than one action to be disabled in order to function - properly. - - -------------------------------------------------------------------------- - - 8.7. Actions Files Tutorial - - The above chapters have shown which actions files there are and how they - are organized, how actions are specified and applied to URLs, how patterns - work, and how to define and use aliases. Now, let's look at an example - default.action and user.action file and see how all these pieces come - together: - - -------------------------------------------------------------------------- - - 8.7.1. default.action - - Every config file should start with a short comment stating its purpose: - - # Sample default.action file <ijbswa-developers@lists.sourceforge.net> - - Then, since this is the default.action file, the first section is a - special section for internal use that you needn't change or worry about: - - ########################################################################## - # Settings -- Don't change! For internal Privoxy use ONLY. - ########################################################################## - - {{settings}} - for-privoxy-version=3.0 - - After that comes the (optional) alias section. We'll use the example - section from the above chapter on aliases, that also explains why and how - aliases are used: - -########################################################################## -# Aliases -########################################################################## -{{alias}} - - # These aliases just save typing later: - # (Note that some already use other aliases!) - # - +crunch-all-cookies = +crunch-incoming-cookies +crunch-outgoing-cookies - -crunch-all-cookies = -crunch-incoming-cookies -crunch-outgoing-cookies - +block-as-image = +block +handle-as-image - mercy-for-cookies = -crunch-all-cookies -session-cookies-only -filter{content-cookies} - - # These aliases define combinations of actions - # that are useful for certain types of sites: - # - fragile = -block -filter -crunch-all-cookies -fast-redirects -hide-referrer -kill-popups - shop = -crunch-all-cookies -filter{all-popups} -kill-popups - - Now come the regular sections, i.e. sets of actions, accompanied by URL - patterns to which they apply. Remember all actions are disabled when - matching starts, so we have to explicitly enable the ones we want. - - The first regular section is probably the most important. It has only one - pattern, "/", but this pattern matches all URLs. Therefore, the set of - actions used in this "default" section will be applied to all requests as - a start. It can be partly or wholly overridden by later matches further - down this file, or in user.action, but it will still be largely - responsible for your overall browsing experience. - - Again, at the start of matching, all actions are disabled, so there is no - need to disable any actions here. (Remember: a "+" preceding the action - name enables the action, a "-" disables!). Also note how this long line - has been made more readable by splitting it into multiple lines with line - continuation. - - ########################################################################## - # "Defaults" section: - ########################################################################## - { \ - +deanimate-gifs \ - +filter{html-annoyances} \ - +filter{refresh-tags} \ - +filter{webbugs} \ - +filter{ie-exploits} \ - +hide-forwarded-for-headers \ - +hide-from-header{block} \ - +hide-referrer{forge} \ - +prevent-compression \ - +session-cookies-only \ - +set-image-blocker{pattern} \ - } - / # forward slash will match *all* potential URL patterns. - - The default behavior is now set. - - The first of our specialized sections is concerned with "fragile" sites, - i.e. sites that require minimum interference, because they are either very - complex or very keen on tracking you (and have mechanisms in place that - make them unusable for people who avoid being tracked). We will simply use - our pre-defined fragile alias instead of stating the list of actions - explicitly: - - ########################################################################## - # Exceptions for sites that'll break under the default action set: - ########################################################################## - - # "Fragile" Use a minimum set of actions for these sites (see alias above): - # - { fragile } - .office.microsoft.com # surprise, surprise! - .windowsupdate.microsoft.com - mail.google.com - - Shopping sites are not as fragile, but they typically require cookies to - log in, and pop-up windows for shopping carts or item details. Again, - we'll use a pre-defined alias: - - # Shopping sites: - # - { shop } - .quietpc.com - .worldpay.com # for quietpc.com - .jungle.com - .scan.co.uk - - The fast-redirects action, which we enabled per default above, breaks some - sites. So disable it for popular sites where we know it misbehaves: - - { -fast-redirects } - login.yahoo.com - edit.*.yahoo.com - .google.com - .altavista.com/.*(like|url|link):http - .altavista.com/trans.*urltext=http - .nytimes.com - - It is important that Privoxy knows which URLs belong to images, so that if - they are to be blocked, a substitute image can be sent, rather than an - HTML page. Contacting the remote site to find out is not an option, since - it would destroy the loading time advantage of banner blocking, and it - would feed the advertisers (in terms of money and information). We can - mark any URL as an image with the handle-as-image action, and marking all - URLs that end in a known image file extension is a good start: - - ########################################################################## - # Images: - ########################################################################## - - # Define which file types will be treated as images, in case they get - # blocked further down this file: - # - { +handle-as-image } - /.*\.(gif|jpe?g|png|bmp|ico)$ - - And then there are known banner sources. They often use scripts to - generate the banners, so it won't be visible from the URL that the request - is for an image. Hence we block them and mark them as images in one go, - with the help of our +block-as-image alias defined above. (We could of - course just as well use +block +handle-as-image here.) Remember that the - type of the replacement image is chosen by the set-image-blocker action. - Since all URLs have matched the default section with its - +set-image-blocker{pattern} action before, it still applies and needn't be - repeated: - - # Known ad generators: - # - { +block-as-image } - ar.atwola.com - .ad.doubleclick.net - .ad.*.doubleclick.net - .a.yimg.com/(?:(?!/i/).)*$ - .a[0-9].yimg.com/(?:(?!/i/).)*$ - bs*.gsanet.com - .qkimg.net - - One of the most important jobs of Privoxy is to block banners. Many of - these can be "blocked" by the filter{banners-by-size} action, which we - enabled above, and which deletes the references to banner images from the - pages while they are loaded, so the browser doesn't request them anymore, - and hence they don't need to be blocked here. But this naturally doesn't - catch all banners, and some people choose not to use filters, so we need a - comprehensive list of patterns for banner URLs here, and apply the block - action to them. - - First comes many generic patterns, which do most of the work, by matching - typical domain and path name components of banners. Then comes a list of - individual patterns for specific sites, which is omitted here to keep the - example short: - - ########################################################################## - # Block these fine banners: - ########################################################################## - { +block } - - # Generic patterns: - # - ad*. - .*ads. - banner?. - count*. - /.*count(er)?\.(pl|cgi|exe|dll|asp|php[34]?) - /(?:.*/)?(publicite|werbung|rekla(ma|me|am)|annonse|maino(kset|nta|s)?)/ - - # Site-specific patterns (abbreviated): - # - .hitbox.com - - It's quite remarkable how many advertisers actually call their banner - servers ads.company.com, or call the directory in which the banners are - stored simply "banners". So the above generic patterns are surprisingly - effective. - - But being very generic, they necessarily also catch URLs that we don't - want to block. The pattern .*ads. e.g. catches "nasty-ads.nasty-corp.com" - as intended, but also "downloads.sourcefroge.net" or - "adsl.some-provider.net." So here come some well-known exceptions to the - +block section above. - - Note that these are exceptions to exceptions from the default! Consider - the URL "downloads.sourcefroge.net": Initially, all actions are - deactivated, so it wouldn't get blocked. Then comes the defaults section, - which matches the URL, but just deactivates the block action once again. - Then it matches .*ads., an exception to the general non-blocking policy, - and suddenly +block applies. And now, it'll match .*loads., where -block - applies, so (unless it matches again further down) it ends up with no - block action applying. - - ########################################################################## - # Save some innocent victims of the above generic block patterns: - ########################################################################## - - # By domain: - # - { -block } - adv[io]*. # (for advogato.org and advice.*) - adsl. # (has nothing to do with ads) - adobe. # (has nothing to do with ads either) - ad[ud]*. # (adult.* and add.*) - .edu # (universities don't host banners (yet!)) - .*loads. # (downloads, uploads etc) - - # By path: - # - /.*loads/ - - # Site-specific: - # - www.globalintersec.com/adv # (adv = advanced) - www.ugu.com/sui/ugu/adv - - Filtering source code can have nasty side effects, so make an exception - for our friends at sourceforge.net, and all paths with "cvs" in them. Note - that -filter disables all filters in one fell swoop! - - # Don't filter code! - # - { -filter } - /(.*/)?cvs - bugzilla. - developer. - wiki. - .sourceforge.net - - The actual default.action is of course much more comprehensive, but we - hope this example made clear how it works. - - -------------------------------------------------------------------------- - - 8.7.2. user.action - - So far we are painting with a broad brush by setting general policies, - which would be a reasonable starting point for many people. Now, you might - want to be more specific and have customized rules that are more suitable - to your personal habits and preferences. These would be for narrowly - defined situations like your ISP or your bank, and should be placed in - user.action, which is parsed after all other actions files and hence has - the last word, over-riding any previously defined actions. user.action is - also a safe place for your personal settings, since default.action is - actively maintained by the Privoxy developers and you'll probably want to - install updated versions from time to time. - - So let's look at a few examples of things that one might typically do in - user.action: - - # My user.action file. <fred@example.com> - - As aliases are local to the actions file that they are defined in, you - can't use the ones from default.action, unless you repeat them here: - -# Aliases are local to the file they are defined in. -# (Re-)define aliases for this file: -# -{{alias}} -# -# These aliases just save typing later, and the alias names should -# be self explanatory. -# -+crunch-all-cookies = +crunch-incoming-cookies +crunch-outgoing-cookies --crunch-all-cookies = -crunch-incoming-cookies -crunch-outgoing-cookies - allow-all-cookies = -crunch-all-cookies -session-cookies-only - allow-popups = -filter{all-popups} -kill-popups -+block-as-image = +block +handle-as-image --block-as-image = -block - -# These aliases define combinations of actions that are useful for -# certain types of sites: -# -fragile = -block -crunch-all-cookies -filter -fast-redirects -hide-referrer -kill-popups -shop = -crunch-all-cookies allow-popups - -# Allow ads for selected useful free sites: -# -allow-ads = -block -filter{banners-by-size} -filter{banners-by-link} - -# Alias for specific file types that are text, but might have conflicting -# MIME types. We want the browser to force these to be text documents. -handle-as-text = -filter +-content-type-overwrite{text/plain} +-force-text-mode -hide-content-disposition - - - - Say you have accounts on some sites that you visit regularly, and you - don't want to have to log in manually each time. So you'd like to allow - persistent cookies for these sites. The allow-all-cookies alias defined - above does exactly that, i.e. it disables crunching of cookies in any - direction, and the processing of cookies to make them only temporary. - - { allow-all-cookies } - sourceforge.net - .yahoo.com - .msdn.microsoft.com - .redhat.com - - Your bank is allergic to some filter, but you don't know which, so you - disable them all: - - { -filter } - .your-home-banking-site.com - - Some file types you may not want to filter for various reasons: - - # Technical documentation is likely to contain strings that might - # erroneously get altered by the JavaScript-oriented filters: - # - .tldp.org - /(.*/)?selfhtml/ - - # And this stupid host sends streaming video with a wrong MIME type, - # so that Privoxy thinks it is getting HTML and starts filtering: - # - stupid-server.example.com/ - - Example of a simple block action. Say you've seen an ad on your favourite - page on example.com that you want to get rid of. You have right-clicked - the image, selected "copy image location" and pasted the URL below while - removing the leading http://, into a { +block } section. Note that { - +handle-as-image } need not be specified, since all URLs ending in .gif - will be tagged as images by the general rules as set in default.action - anyway: - - { +block } - www.example.com/nasty-ads/sponsor\.gif - another.example.net/more/junk/here/ - - The URLs of dynamically generated banners, especially from large banner - farms, often don't use the well-known image file name extensions, which - makes it impossible for Privoxy to guess the file type just by looking at - the URL. You can use the +block-as-image alias defined above for these - cases. Note that objects which match this rule but then turn out NOT to be - an image are typically rendered as a "broken image" icon by the browser. - Use cautiously. - - { +block-as-image } - .doubleclick.net - .fastclick.net - /Realmedia/ads/ - ar.atwola.com/ - - Now you noticed that the default configuration breaks Forbes Magazine, but - you were too lazy to find out which action is the culprit, and you were - again too lazy to give feedback, so you just used the fragile alias on the - site, and -- whoa! -- it worked. The fragile aliases disables those - actions that are most likely to break a site. Also, good for testing - purposes to see if it is Privoxy that is causing the problem or not. We - later find other regular sites that misbehave, and add those to our - personalized list of troublemakers: - - { fragile } - .forbes.com - webmail.example.com - .mybank.com - - You like the "fun" text replacements in default.filter, but it is disabled - in the distributed actions file. So you'd like to turn it on in your - private, update-safe config, once and for all: - - { +filter{fun} } - / # For ALL sites! - - Note that the above is not really a good idea: There are exceptions to the - filters in default.action for things that really shouldn't be filtered, - like code on CVS->Web interfaces. Since user.action has the last word, - these exceptions won't be valid for the "fun" filtering specified here. - - You might also worry about how your favourite free websites are funded, - and find that they rely on displaying banner advertisements to survive. So - you might want to specifically allow banners for those sites that you feel - provide value to you: - - { allow-ads } - .sourceforge.net - .slashdot.org - .osdn.net - - Note that allow-ads has been aliased to -block, -filter{banners-by-size}, - and -filter{banners-by-link} above. - - Invoke another alias here to force an over-ride of the MIME type - application/x-sh which typically would open a download type dialog. In my - case, I want to look at the shell script, and then I can save it should I - choose to. - - { handle-as-text } - /.*\.sh$ - - user.action is generally the best place to define exceptions and additions - to the default policies of default.action. Some actions are safe to have - their default policies set here though. So let's set a default policy to - have a "blank" image as opposed to the checkerboard pattern for ALL sites. - "/" of course matches all URL paths and patterns: - - { +set-image-blocker{blank} } - / # ALL sites - - -------------------------------------------------------------------------- - -9. Filter Files - - On-the-fly text substitutions need to be defined in a "filter file". Once - defined, they can then be invoked as an "action". - - Privoxy supports three different filter actions: filter to rewrite the - content that is send to the client, client-header-filter to rewrite - headers that are send by the client, and server-header-filter to rewrite - headers that are send by the server. - - Privoxy also supports two tagger actions: client-header-tagger and - server-header-tagger. Taggers and filters use the same syntax in the - filter files, the difference is that taggers don't modify the text they - are filtering, but use a rewritten version of the filtered text as tag. - The tags can then be used to change the applying actions through sections - with tag-patterns. - - Multiple filter files can be defined through the filterfile config - directive. The filters as supplied by the developers are located in - default.filter. It is recommended that any locally defined or modified - filters go in a separately defined file such as user.filter. - - Common tasks for content filters are to eliminate common annoyances in - HTML and JavaScript, such as pop-up windows, exit consoles, crippled - windows without navigation tools, the infamous <BLINK> tag etc, to - suppress images with certain width and height attributes (standard banner - sizes or web-bugs), or just to have fun. - - Enabled content filters are applied to any content whose "Content Type" - header is recognised as a sign of text-based content, with the exception - of text/plain. Use the force-text-mode action to also filter other - content. - - Substitutions are made at the source level, so if you want to "roll your - own" filters, you should first be familiar with HTML syntax, and, of - course, regular expressions. - - Just like the actions files, the filter file is organized in sections, - which are called filters here. Each filter consists of a heading line, - that starts with one of the keywords FILTER:, CLIENT-HEADER-FILTER: or - SERVER-HEADER-FILTER: followed by the filter's name, and a short (one - line) description of what it does. Below that line come the jobs, i.e. - lines that define the actual text substitutions. By convention, the name - of a filter should describe what the filter eliminates. The comment is - used in the web-based user interface. - - Once a filter called name has been defined in the filter file, it can be - invoked by using an action of the form +filter{name} in any actions file. - - Filter definitions start with a header line that contains the filter type, - the filter name and the filter description. A content filter header line - for a filter called "foo" could look like this: - - FILTER: foo Replace all "foo" with "bar" - - Below that line, and up to the next header line, come the jobs that define - what text replacements the filter executes. They are specified in a syntax - that imitates Perl's s/// operator. If you are familiar with Perl, you - will find this to be quite intuitive, and may want to look at the PCRS - documentation for the subtle differences to Perl behaviour. Most notably, - the non-standard option letter U is supported, which turns the default to - ungreedy matching. - - If you are new to "Regular Expressions", you might want to take a look at - the Appendix on regular expressions, and see the Perl manual for the s/// - operator's syntax and Perl-style regular expressions in general. The below - examples might also help to get you started. - - -------------------------------------------------------------------------- - - 9.1. Filter File Tutorial - - Now, let's complete our "foo" content filter. We have already defined the - heading, but the jobs are still missing. Since all it does is to replace - "foo" with "bar", there is only one (trivial) job needed: - - s/foo/bar/ - - But wait! Didn't the comment say that all occurrences of "foo" should be - replaced? Our current job will only take care of the first "foo" on each - page. For global substitution, we'll need to add the g option: - - s/foo/bar/g - - Our complete filter now looks like this: - - FILTER: foo Replace all "foo" with "bar" - s/foo/bar/g - - Let's look at some real filters for more interesting examples. Here you - see a filter that protects against some common annoyances that arise from - JavaScript abuse. Let's look at its jobs one after the other: - -FILTER: js-annoyances Get rid of particularly annoying JavaScript abuse - -# Get rid of JavaScript referrer tracking. Test page: http://www.randomoddness.com/untitled.htm -# -s|(<script.*)document\.referrer(.*</script>)|$1"Not Your Business!"$2|Usg - - Following the header line and a comment, you see the job. Note that it - uses | as the delimiter instead of /, because the pattern contains a - forward slash, which would otherwise have to be escaped by a backslash - (\). - - Now, let's examine the pattern: it starts with the text <script.* enclosed - in parentheses. Since the dot matches any character, and * means: "Match - an arbitrary number of the element left of myself", this matches - "<script", followed by any text, i.e. it matches the whole page, from the - start of the first <script> tag. - - That's more than we want, but the pattern continues: document\.referrer - matches only the exact string "document.referrer". The dot needed to be - escaped, i.e. preceded by a backslash, to take away its special meaning as - a joker, and make it just a regular dot. So far, the meaning is: Match - from the start of the first <script> tag in a the page, up to, and - including, the text "document.referrer", if both are present in the page - (and appear in that order). - - But there's still more pattern to go. The next element, again enclosed in - parentheses, is .*</script>. You already know what .* means, so the whole - pattern translates to: Match from the start of the first <script> tag in a - page to the end of the last <script> tag, provided that the text - "document.referrer" appears somewhere in between. - - This is still not the whole story, since we have ignored the options and - the parentheses: The portions of the page matched by sub-patterns that are - enclosed in parentheses, will be remembered and be available through the - variables $1, $2, ... in the substitute. The U option switches to ungreedy - matching, which means that the first .* in the pattern will only "eat up" - all text in between "<script" and the first occurrence of - "document.referrer", and that the second .* will only span the text up to - the first "</script>" tag. Furthermore, the s option says that the match - may span multiple lines in the page, and the g option again means that the - substitution is global. - - So, to summarize, the pattern means: Match all scripts that contain the - text "document.referrer". Remember the parts of the script from (and - including) the start tag up to (and excluding) the string - "document.referrer" as $1, and the part following that string, up to and - including the closing tag, as $2. - - Now the pattern is deciphered, but wasn't this about substituting things? - So lets look at the substitute: $1"Not Your Business!"$2 is easy to read: - The text remembered as $1, followed by "Not Your Business!" (including the - quotation marks!), followed by the text remembered as $2. This produces an - exact copy of the original string, with the middle part (the - "document.referrer") replaced by "Not Your Business!". - - The whole job now reads: Replace "document.referrer" by "Not Your - Business!" wherever it appears inside a <script> tag. Note that this job - won't break JavaScript syntax, since both the original and the replacement - are syntactically valid string objects. The script just won't have access - to the referrer information anymore. - - We'll show you two other jobs from the JavaScript taming department, but - this time only point out the constructs of special interest: - - # The status bar is for displaying link targets, not pointless blahblah - # - s/window\.status\s*=\s*(['"]).*?\1/dUmMy=1/ig - - \s stands for whitespace characters (space, tab, newline, carriage return, - form feed), so that \s* means: "zero or more whitespace". The ? in .*? - makes this matching of arbitrary text ungreedy. (Note that the U option is - not set). The ['"] construct means: "a single or a double quote". Finally, - \1 is a back-reference to the first parenthesis just like $1 above, with - the difference that in the pattern, a backslash indicates a - back-reference, whereas in the substitute, it's the dollar. - - So what does this job do? It replaces assignments of single- or - double-quoted strings to the "window.status" object with a dummy - assignment (using a variable name that is hopefully odd enough not to - conflict with real variables in scripts). Thus, it catches many cases - where e.g. pointless descriptions are displayed in the status bar instead - of the link target when you move your mouse over links. - -# Kill OnUnload popups. Yummy. Test: http://www.zdnet.com/zdsubs/yahoo/tree/yfs.html -# -s/(<body [^>]*)onunload(.*>)/$1never$2/iU - - Including the OnUnload event binding in the HTML DOM was a CRIME. When I - close a browser window, I want it to close and die. Basta. This job - replaces the "onunload" attribute in "<body>" tags with the dummy word - never. Note that the i option makes the pattern matching case-insensitive. - Also note that ungreedy matching alone doesn't always guarantee a minimal - match: In the first parenthesis, we had to use [^>]* instead of .* to - prevent the match from exceeding the <body> tag if it doesn't contain - "OnUnload", but the page's content does. - - The last example is from the fun department: - - FILTER: fun Fun text replacements - - # Spice the daily news: - # - s/microsoft(?!\.com)/MicroSuck/ig - - Note the (?!\.com) part (a so-called negative lookahead) in the job's - pattern, which means: Don't match, if the string ".com" appears directly - following "microsoft" in the page. This prevents links to microsoft.com - from being trashed, while still replacing the word everywhere else. - - # Buzzword Bingo (example for extended regex syntax) - # - s* industry[ -]leading \ - | cutting[ -]edge \ - | customer[ -]focused \ - | market[ -]driven \ - | award[ -]winning # Comments are OK, too! \ - | high[ -]performance \ - | solutions[ -]based \ - | unmatched \ - | unparalleled \ - | unrivalled \ - *<font color="red"><b>BINGO!</b></font> \ - *igx - - The x option in this job turns on extended syntax, and allows for e.g. the - liberal use of (non-interpreted!) whitespace for nicer formatting. - - You get the idea? - - -------------------------------------------------------------------------- - - 9.2. The Pre-defined Filters - - The distribution default.filter file contains a selection of pre-defined - filters for your convenience: - - js-annoyances - - The purpose of this filter is to get rid of particularly annoying - JavaScript abuse. To that end, it - - * replaces JavaScript references to the browser's referrer - information with the string "Not Your Business!". This - compliments the hide-referrer action on the content level. - - * removes the bindings to the DOM's unload event which we feel - has no right to exist and is responsible for most "exit - consoles", i.e. nasty windows that pop up when you close - another one. - - * removes code that causes new windows to be opened with - undesired properties, such as being full-screen, - non-resizeable, without location, status or menu bar etc. - - Use with caution. This is an aggressive filter, and can break - sites that rely heavily on JavaScript. - - js-events - - This is a very radical measure. It removes virtually all - JavaScript event bindings, which means that scripts can not react - to user actions such as mouse movements or clicks, window resizing - etc, anymore. Use with caution! - - We strongly discourage using this filter as a default since it - breaks many legitimate scripts. It is meant for use only on - extra-nasty sites (should you really need to go there). - - html-annoyances - - This filter will undo many common instances of HTML based abuse. - - The BLINK and MARQUEE tags are neutralized (yeah baby!), and - browser windows will be created as resizeable (as of course they - should be!), and will have location, scroll and menu bars -- even - if specified otherwise. - - content-cookies - - Most cookies are set in the HTTP dialog, where they can be - intercepted by the crunch-incoming-cookies and - crunch-outgoing-cookies actions. But web sites increasingly make - use of HTML meta tags and JavaScript to sneak cookies to the - browser on the content level. - - This filter disables most HTML and JavaScript code that reads or - sets cookies. It cannot detect all clever uses of these types of - code, so it should not be relied on as an absolute fix. Use it - wherever you would also use the cookie crunch actions. - - refresh tags - - Disable any refresh tags if the interval is greater than nine - seconds (so that redirections done via refresh tags are not - destroyed). This is useful for dial-on-demand setups, or for those - who find this HTML feature annoying. - - unsolicited-popups - - This filter attempts to prevent only "unsolicited" pop-up windows - from opening, yet still allow pop-up windows that the user has - explicitly chosen to open. It was added in version 3.0.1, as an - improvement over earlier such filters. - - Technical note: The filter works by redefining the window.open - JavaScript function to a dummy function, PrivoxyWindowOpen(), - during the loading and rendering phase of each HTML page access, - and restoring the function afterward. - - This is recommended only for browsers that cannot perform this - function reliably themselves. And be aware that some sites require - such windows in order to function normally. Use with caution. - - all-popups - - Attempt to prevent all pop-up windows from opening. Note this - should be used with even more discretion than the above, since it - is more likely to break some sites that require pop-ups for normal - usage. Use with caution. - - img-reorder - - This is a helper filter that has no value if used alone. It makes - the banners-by-size and banners-by-link (see below) filters more - effective and should be enabled together with them. - - banners-by-size - - This filter removes image tags purely based on what size they are. - Fortunately for us, many ads and banner images tend to conform to - certain standardized sizes, which makes this filter quite - effective for ad stripping purposes. - - Occasionally this filter will cause false positives on images that - are not ads, but just happen to be of one of the standard banner - sizes. - - Recommended only for those who require extreme ad blocking. The - default block rules should catch 95+% of all ads without this - filter enabled. - - banners-by-link - - This is an experimental filter that attempts to kill any banners - if their URLs seem to point to known or suspected click trackers. - It is currently not of much value and is not recommended for use - by default. - - webbugs - - Webbugs are small, invisible images (technically 1X1 GIF images), - that are used to track users across websites, and collect - information on them. As an HTML page is loaded by the browser, an - embedded image tag causes the browser to contact a third-party - site, disclosing the tracking information through the requested - URL and/or cookies for that third-party domain, without the user - ever becoming aware of the interaction with the third-party site. - HTML-ized spam also uses a similar technique to verify email - addresses. - - This filter removes the HTML code that loads such "webbugs". - - tiny-textforms - - A rather special-purpose filter that can be used to enlarge - textareas (those multi-line text boxes in web forms) and turn off - hard word wrap in them. It was written for the sourceforge.net - tracker system where such boxes are a nuisance, but it can be - handy on other sites, too. - - It is not recommended to use this filter as a default. - - jumping-windows - - Many consider windows that move, or resize themselves to be - abusive. This filter neutralizes the related JavaScript code. Note - that some sites might not display or behave as intended when using - this filter. Use with caution. - - frameset-borders - - Some web designers seem to assume that everyone in the world will - view their web sites using the same browser brand and version, - screen resolution etc, because only that assumption could explain - why they'd use static frame sizes, yet prevent their frames from - being resized by the user, should they be too small to show their - whole content. - - This filter removes the related HTML code. It should only be - applied to sites which need it. - - demoronizer - - Many Microsoft products that generate HTML use non-standard - extensions (read: violations) of the ISO 8859-1 aka Latin-1 - character set. This can cause those HTML documents to display with - errors on standard-compliant platforms. - - This filter translates the MS-only characters into Latin-1 - equivalents. It is not necessary when using MS products, and will - cause corruption of all documents that use 8-bit character sets - other than Latin-1. It's mostly worthwhile for Europeans on non-MS - platforms, if weird garbage characters sometimes appear on some - pages, or user agents that don't correct for this on the fly. - - shockwave-flash - - A filter for shockwave haters. As the name suggests, this filter - strips code out of web pages that is used to embed shockwave flash - objects. - - quicktime-kioskmode - - Change HTML code that embeds Quicktime objects so that kioskmode, - which prevents saving, is disabled. - - fun - - Text replacements for subversive browsing fun. Make fun of your - favorite Monopolist or play buzzword bingo. - - crude-parental - - A demonstration-only filter that shows how Privoxy can be used to - delete web content on a keyword basis. - - ie-exploits - - An experimental collection of text replacements to disable - malicious HTML and JavaScript code that exploits known security - holes in Internet Explorer. - - Presently, it only protects against Nimda and a cross-site - scripting bug, and would need active maintenance to provide more - substantial protection. - - site-specifics - - Some web sites have very specific problems, the cure for which - doesn't apply anywhere else, or could even cause damage on other - sites. - - This is a collection of such site-specific cures which should only - be applied to the sites they were intended for, which is what the - supplied default.action file does. Users shouldn't need to change - anything regarding this filter. - - google - - A CSS based block for Google text ads. Also removes a width - limitation and the toolbar advertisement. - - yahoo - - Another CSS based block, this time for Yahoo text ads. And removes - a width limitation as well. - - msn - - Another CSS based block, this time for MSN text ads. And removes - tracking URLs, as well as a width limitation. - - blogspot - - Cleans up some Blogspot blogs. Read the fine print before using - this one! - - This filter also intentionally removes some navigation stuff and - sets the page width to 100%. As a result, some rounded "corners" - would appear to early or not at all and as fixing this would - require a browser that understands background-size (CSS3), they - are removed instead. - - xml-to-html - - Server-header filter to change the Content-Type from xml to html. - - html-to-xml - - Server-header filter to change the Content-Type from html to xml. - - no-ping - - Removes the non-standard ping attribute from anchor and area HTML - tags. - - hide-tor-exit-notation - - Client-header filter to remove the Tor exit node notation found in - Host and Referer headers. - - If Privoxy and Tor are chained and Privoxy is configured to use - socks4a, one can use "http://www.example.org.foobar.exit/" to - access the host "www.example.org" through the Tor exit node - "foobar". - - As the HTTP client isn't aware of this notation, it treats the - whole string "www.example.org.foobar.exit" as host and uses it for - the "Host" and "Referer" headers. From the server's point of view - the resulting headers are invalid and can cause problems. - - An invalid "Referer" header can trigger "hot-linking" protections, - an invalid "Host" header will make it impossible for the server to - find the right vhost (several domains hosted on the same IP - address). - - This client-header filter removes the "foo.exit" part in those - headers to prevent the mentioned problems. Note that it only - modifies the HTTP headers, it doesn't make it impossible for the - server to detect your Tor exit node based on the IP address the - request is coming from. - - -------------------------------------------------------------------------- - -10. Privoxy's Template Files - - All Privoxy built-in pages, i.e. error pages such as the "404 - No Such - Domain" error page, the "BLOCKED" page and all pages of its web-based user - interface, are generated from templates. (Privoxy must be running for the - above links to work as intended.) - - These templates are stored in a subdirectory of the configuration - directory called templates. On Unixish platforms, this is typically - /etc/privoxy/templates/. - - The templates are basically normal HTML files, but with place-holders - (called symbols or exports), which Privoxy fills at run time. It is - possible to edit the templates with a normal text editor, should you want - to customize them. (Not recommended for the casual user). Should you - create your own custom templates, you should use the config setting - templdir to specify an alternate location, so your templates do not get - overwritten during upgrades. - - Note that just like in configuration files, lines starting with # are - ignored when the templates are filled in. - - The place-holders are of the form @name@, and you will find a list of - available symbols, which vary from template to template, in the comments - at the start of each file. Note that these comments are not always - accurate, and that it's probably best to look at the existing HTML code to - find out which symbols are supported and what they are filled in with. - - A special application of this substitution mechanism is to make whole - blocks of HTML code disappear when a specific symbol is set. We use this - for many purposes, one of them being to include the beta warning in all - our user interface (CGI) pages when Privoxy is in an alpha or beta - development stage: - - <!-- @if-unstable-start --> - - ... beta warning HTML code goes here ... - - <!-- if-unstable-end@ --> - - If the "unstable" symbol is set, everything in between and including - @if-unstable-start and if-unstable-end@ will disappear, leaving nothing - but an empty comment: - - <!-- --> - - There's also an if-then-else construct and an #include mechanism, but - you'll sure find out if you are inclined to edit the templates ;-) - - All templates refer to a style located at - http://config.privoxy.org/send-stylesheet. This is, of course, locally - served by Privoxy and the source for it can be found and edited in the - cgi-style.css template. - - -------------------------------------------------------------------------- - -11. Contacting the Developers, Bug Reporting and Feature Requests - - We value your feedback. In fact, we rely on it to improve Privoxy and its - configuration. However, please note the following hints, so we can provide - you with the best support: - - -------------------------------------------------------------------------- - - 11.1. Get Support - - For casual users, our support forum at SourceForge is probably best - suited: http://sourceforge.net/tracker/?group_id=11118&atid=211118 - - All users are of course welcome to discuss their issues on the users - mailing list, where the developers also hang around. - - Note that the Privoxy mailing lists are moderated. Posts from unsubscribed - addresses have to be accepted manually by a moderator. This may cause a - delay of several days and if you use a subject that doesn't clearly - mention Privoxy or one of its features, your message may be accidentally - discarded as spam. - - If you aren't subscribed, you should therefore spend a few seconds to come - up with a proper subject. Additionally you should make it clear that you - want to get CC'd. Otherwise some responses will be directed to the mailing - list only, and you won't see them. - - -------------------------------------------------------------------------- - - 11.2. Reporting Problems - - "Problems" for our purposes, come in two forms: - - * Configuration issues, such as ads that slip through, or sites that - don't function properly due to one Privoxy "action" or another being - turned "on". - - * "Bugs" in the programming code that makes up Privoxy, such as that - might cause a crash. - - -------------------------------------------------------------------------- - - 11.2.1. Reporting Ads or Other Configuration Problems - - Please send feedback on ads that slipped through, innocent images that - were blocked, sites that don't work properly, and other configuration - related problem of default.action file, to - http://sourceforge.net/tracker/?group_id=11118&atid=460288, the Actions - File Tracker. - - New, improved default.action files may occasionally be made available - based on your feedback. These will be announced on the ijbswa-announce - list and available from our the files section of our project page. - - -------------------------------------------------------------------------- - - 11.2.2. Reporting Bugs - - Please report all bugs through our bug tracker: - http://sourceforge.net/tracker/?group_id=11118&atid=111118. - - Before doing so, please make sure that the bug has not already been - submitted and observe the additional hints at the top of the submit form. - If already submitted, please feel free to add any info to the original - report that might help to solve the issue. - - Please try to verify that it is a Privoxy bug, and not a browser or site - bug or documented behaviour that just happens to be different than what - you expected. If unsure, try toggling off Privoxy, and see if the problem - persists. - - If you are using your own custom configuration, please try the stock - configs to see if the problem is configuration related. If you're having - problems with a feature that is disabled by default, please ask around on - the mailing list if others can reproduce the problem. - - If you aren't using the latest Privoxy version, the bug may have been - found and fixed in the meantime. We would appreciate if you could take the - time to upgrade to the latest version (or even the latest CVS snapshot) - and verify that your bug still exists. - - Please be sure to provide the following information: - - * The exact Privoxy version you are using (if you got the source from - CVS, please also provide the source code revisions as shown in - http://config.privoxy.org/show-version). - - * The operating system and versions you run Privoxy on, (e.g. Windows XP - SP2), if you are using a Unix flavor, sending the output of "uname -a" - should do, in case of GNU/Linux, please also name the distribution. - - * The name, platform, and version of the browser you were using (e.g. - Internet Explorer v5.5 for Mac). - - * The URL where the problem occurred, or some way for us to duplicate - the problem (e.g. http://somesite.example.com/?somethingelse=123). - - * Whether your version of Privoxy is one supplied by the Privoxy - developers via SourceForge, or if you got your copy somewhere else. - - * Whether you are using Privoxy in tandem with another proxy such as - Tor. If so, please temporary disable the other proxy to see if the - symptoms change. - - * Whether you are using a personal firewall product. If so, does Privoxy - work without it? - - * Any other pertinent information to help identify the problem such as - config or log file excerpts (yes, you should have log file entries for - each action taken). - - You don't have to tell us your actual name when filing a problem report, - but please use a nickname so we can differentiate between your messages - and the ones entered by other "anonymous" users that may respond to your - request if they have the same problem or already found a solution. - - Please also check the status of your request a few days after submitting - it, as we may request additional information. If you use a SF id, you - should automatically get a mail when someone responds to your request. - - The appendix of the Privoxy User Manual also has helpful information on - understanding actions, and action debugging. - - -------------------------------------------------------------------------- - - 11.3. Request New Features - - You are welcome to submit ideas on new features or other proposals for - improvement through our feature request tracker at - http://sourceforge.net/tracker/?atid=361118&group_id=11118. - - -------------------------------------------------------------------------- - - 11.4. Other - - For any other issues, feel free to use the mailing lists. Technically - interested users and people who wish to contribute to the project are also - welcome on the developers list! You can find an overview of all - Privoxy-related mailing lists, including list archives, at: - http://sourceforge.net/mail/?group_id=11118. - - -------------------------------------------------------------------------- - -12. Privoxy Copyright, License and History - - Copyright (c) 2001-2008 by Privoxy Developers - <ijbswa-developers@lists.sourceforge.net> - - Some source code is based on code Copyright (c) 1997 by Anonymous Coders - and Junkbusters, Inc. and licensed under the GNU General Public License. - - -------------------------------------------------------------------------- - - 12.1. License - - Privoxy is free software; you can redistribute it and/or modify it under - the terms of the GNU General Public License, version 2, as published by - the Free Software Foundation. - - This program is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - for more details, which is available from the Free Software Foundation, - Inc, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the - - Free Software - Foundation, Inc. 51 Franklin Street, Fifth Floor - Boston, MA 02110-1301 - USA - - -------------------------------------------------------------------------- - - 12.2. History - - A long time ago, there was the Internet Junkbuster, by Anonymous Coders - and Junkbusters Corporation. This saved many users a lot of pain in the - early days of web advertising and user tracking. - - But the web, its protocols and standards, and with it, the techniques for - forcing ads on users, give up autonomy over their browsing, and for - tracking them, keeps evolving. Unfortunately, the Internet Junkbuster did - not. Version 2.0.2, published in 1998, was (and is) the last official - release available from Junkbusters Corporation. Fortunately, it had been - released under the GNU GPL, which allowed further development by others. - - So Stefan Waldherr started maintaining an improved version of the - software, to which eventually a number of people contributed patches. It - could already replace banners with a transparent image, and had a first - version of pop-up killing, but it was still very closely based on the - original, with all its limitations, such as the lack of HTTP/1.1 support, - flexible per-site configuration, or content modification. The last release - from this effort was version 2.0.2-10, published in 2000. - - Then, some developers picked up the thread, and started turning the - software inside out, upside down, and then reassembled it, adding many new - features along the way. - - The result of this is Privoxy, whose first stable version, 3.0, was - released August, 2002. - - -------------------------------------------------------------------------- - - 12.3. Authors - - Current Privoxy Team: - - Fabian Keil, lead developer - David Schmidt, developer - - Hal Burgiss - Gerry Murphy - Roland Rosenfeld - Jörg Strohmayer - - Former Privoxy Team Members: - - Johny Agotnes - Rodrigo Barbosa - Moritz Barsnick - Ian Cummings - Brian Dessent - Jon Foster - Karsten Hopp - Alexander Lazic - Daniel Leite - Gábor Lipták - Adam Lock - Guy Laroche - Mark Martinec - Justin McMurtry - Andreas Oesterhelt - Haroon Rafique - Georg Sauthoff - Thomas Steudten - Rodney Stromlund - Sviatoslav Sviridov - Sarantis Paskalis - Stefan Waldherr - - Thanks to the many people who have tested Privoxy, reported bugs, provided - patches, made suggestions or contributed in some way. These include (in - alphabetical order): - - Ken Arromdee - Devin Bayer - Gergely Bor - Reiner Buehl - Andrew J. Caines - Clifford Caoile - Frédéric Crozat - Michael T. Davis - Mattes Dolak - Peter E. - Florian Effenberger - Markus Elfring - Dean Gaudet - Stephen Gildea - Daniel Griscom - Felix Gröbert - Aaron Hamid - Darel Henman - Magnus Holmgren - Ralf Horstmann - Stefan Huehner - Peter Hyman - Derek Jennings - Petr Kadlec - David Laight - Bert van Leeuwen - Don Libes - Paul Lieverse - Toby Lyward - Wil Mahan - Jindrich Makovicka - David Mediavilla - Raphael Moll - Amuro Namie - Adam Piggott - Dan Price - Lee R. - Roberto Ragusa - Félix Rauch - Maynard Riley - Chung-chieh Shan - Spinor S. - Bart Schelstraete - Oliver Stoeneberg - Peter Thoenen - Martin Thomas - Song Weijia - Jörg Weinmann - Darren Wiebe - Bobby G. Vinyard - Anduin Withers - Oliver Yeoh - Jamie Zawinski - - Privoxy is based in part on code originally developed by Junkbusters Corp. - and Anonymous Coders. - - Privoxy heavily relies on Philip Hazel's PCRE. - - The code to filter compressed content makes use of zlib which is written - by Jean-loup Gailly and Mark Adler. - - On systems that lack snprintf(), Privoxy is using a version written by - Mark Martinec. On systems that lack strptime(), Privoxy is using the one - from the GNU C Library written by Ulrich Drepper. - - -------------------------------------------------------------------------- - -13. See Also - - Other references and sites of interest to Privoxy users: - - http://www.privoxy.org/, the Privoxy Home page. - - http://www.privoxy.org/faq/, the Privoxy FAQ. - - http://sourceforge.net/projects/ijbswa/, the Project Page for Privoxy on - SourceForge. - - http://config.privoxy.org/, the web-based user interface. Privoxy must be - running for this to work. Shortcut: http://p.p/ - - http://sourceforge.net/tracker/?group_id=11118&atid=460288, to submit - "misses" and other configuration related suggestions to the developers. - - http://www.junkbusters.com/ht/en/cookies.html, an explanation how cookies - are used to track web users. - - http://www.junkbusters.com/ijb.html, the original Internet Junkbuster. - - http://privacy.net/, a useful site to check what information about you is - leaked while you browse the web. - - http://www.squid-cache.org/, a popular caching proxy, which is often used - together with Privoxy. - - http://www.pps.jussieu.fr/~jch/software/polipo/, Polipo is a caching proxy - with advanced features like pipelining, multiplexing and caching of - partial instances. In many setups it can be used as Squid replacement. - - http://tor.eff.org/, Tor can help anonymize web browsing, web publishing, - instant messaging, IRC, SSH, and other applications. - - http://www.privoxy.org/developer-manual/, the Privoxy developer manual. - - -------------------------------------------------------------------------- - -14. Appendix - - 14.1. Regular Expressions - - Privoxy uses Perl-style "regular expressions" in its actions files and - filter file, through the PCRE and PCRS libraries. - - If you are reading this, you probably don't understand what "regular - expressions" are, or what they can do. So this will be a very brief - introduction only. A full explanation would require a book ;-) - - Regular expressions provide a language to describe patterns that can be - run against strings of characters (letter, numbers, etc), to see if they - match the string or not. The patterns are themselves (sometimes complex) - strings of literal characters, combined with wild-cards, and other special - characters, called meta-characters. The "meta-characters" have special - meanings and are used to build complex patterns to be matched against. - Perl Compatible Regular Expressions are an especially convenient "dialect" - of the regular expression language. - - To make a simple analogy, we do something similar when we use wild-card - characters when listing files with the dir command in DOS. *.* matches all - filenames. The "special" character here is the asterisk which matches any - and all characters. We can be more specific and use ? to match just - individual characters. So "dir file?.text" would match "file1.txt", - "file2.txt", etc. We are pattern matching, using a similar technique to - "regular expressions"! - - Regular expressions do essentially the same thing, but are much, much more - powerful. There are many more "special characters" and ways of building - complex patterns however. Let's look at a few of the common ones, and then - some examples: - - . - Matches any single character, e.g. "a", "A", "4", ":", or "@". - - ? - The preceding character or expression is matched ZERO or ONE times. - Either/or. - - + - The preceding character or expression is matched ONE or MORE times. - - * - The preceding character or expression is matched ZERO or MORE times. - - \ - The "escape" character denotes that the following character should be - taken literally. This is used where one of the special characters (e.g. - ".") needs to be taken literally and not as a special meta-character. - Example: "example\.com", makes sure the period is recognized only as a - period (and not expanded to its meta-character meaning of any single - character). - - [ ] - Characters enclosed in brackets will be matched if any of the - enclosed characters are encountered. For instance, "[0-9]" matches any - numeric digit (zero through nine). As an example, we can combine this with - "+" to match any digit one of more times: "[0-9]+". - - ( ) - parentheses are used to group a sub-expression, or multiple - sub-expressions. - - | - The "bar" character works like an "or" conditional statement. A match - is successful if the sub-expression on either side of "|" matches. As an - example: "/(this|that) example/" uses grouping and the bar character and - would match either "this example" or "that example", and nothing else. - - These are just some of the ones you are likely to use when matching URLs - with Privoxy, and is a long way from a definitive list. This is enough to - get us started with a few simple examples which may be more illuminating: - - /.*/banners/.* - A simple example that uses the common combination of "." - and "*" to denote any character, zero or more times. In other words, any - string at all. So we start with a literal forward slash, then our regular - expression pattern (".*") another literal forward slash, the string - "banners", another forward slash, and lastly another ".*". We are building - a directory path here. This will match any file with the path that has a - directory named "banners" in it. The ".*" matches any characters, and this - could conceivably be more forward slashes, so it might expand into a much - longer looking path. For example, this could match: - "/eye/hate/spammers/banners/annoy_me_please.gif", or just - "/banners/annoying.html", or almost an infinite number of other possible - combinations, just so it has "banners" in the path somewhere. - - And now something a little more complex: - - /.*/adv((er)?ts?|ertis(ing|ements?))?/ - We have several literal forward - slashes again ("/"), so we are building another expression that is a file - path statement. We have another ".*", so we are matching against any - conceivable sub-path, just so it matches our expression. The only true - literal that must match our pattern is adv, together with the forward - slashes. What comes after the "adv" string is the interesting part. - - Remember the "?" means the preceding expression (either a literal - character or anything grouped with "(...)" in this case) can exist or not, - since this means either zero or one match. So - "((er)?ts?|ertis(ing|ements?))" is optional, as are the individual - sub-expressions: "(er)", "(ing|ements?)", and the "s". The "|" means "or". - We have two of those. For instance, "(ing|ements?)", can expand to match - either "ing" OR "ements?". What is being done here, is an attempt at - matching as many variations of "advertisement", and similar, as possible. - So this would expand to match just "adv", or "advert", or "adverts", or - "advertising", or "advertisement", or "advertisements". You get the idea. - But it would not match "advertizements" (with a "z"). We could fix that by - changing our regular expression to: - "/.*/adv((er)?ts?|erti(s|z)(ing|ements?))?/", which would then match - either spelling. - - /.*/advert[0-9]+\.(gif|jpe?g) - Again another path statement with forward - slashes. Anything in the square brackets "[ ]" can be matched. This is - using "0-9" as a shorthand expression to mean any digit one through nine. - It is the same as saying "0123456789". So any digit matches. The "+" means - one or more of the preceding expression must be included. The preceding - expression here is what is in the square brackets -- in this case, any - digit one through nine. Then, at the end, we have a grouping: - "(gif|jpe?g)". This includes a "|", so this needs to match the expression - on either side of that bar character also. A simple "gif" on one side, and - the other side will in turn match either "jpeg" or "jpg", since the "?" - means the letter "e" is optional and can be matched once or not at all. So - we are building an expression here to match image GIF or JPEG type image - file. It must include the literal string "advert", then one or more - digits, and a "." (which is now a literal, and not a special character, - since it is escaped with "\"), and lastly either "gif", or "jpeg", or - "jpg". Some possible matches would include: "//advert1.jpg", - "/nasty/ads/advert1234.gif", "/banners/from/hell/advert99.jpg". It would - not match "advert1.gif" (no leading slash), or "/adverts232.jpg" (the - expression does not include an "s"), or "/advert1.jsp" ("jsp" is not in - the expression anywhere). - - We are barely scratching the surface of regular expressions here so that - you can understand the default Privoxy configuration files, and maybe use - this knowledge to customize your own installation. There is much, much - more that can be done with regular expressions. Now that you know enough - to get started, you can learn more on your own :/ - - More reading on Perl Compatible Regular expressions: - http://perldoc.perl.org/perlre.html - - For information on regular expression based substitutions and their - applications in filters, please see the filter file tutorial in this - manual. - - -------------------------------------------------------------------------- - - 14.2. Privoxy's Internal Pages - - Since Privoxy proxies each requested web page, it is easy for Privoxy to - trap certain special URLs. In this way, we can talk directly to Privoxy, - and see how it is configured, see how our rules are being applied, change - these rules and other configuration options, and even turn Privoxy's - filtering off, all with a web browser. - - The URLs listed below are the special ones that allow direct access to - Privoxy. Of course, Privoxy must be running to access these. If not, you - will get a friendly error message. Internet access is not necessary - either. - - * Privoxy main page: - - http://config.privoxy.org/ - - There is a shortcut: http://p.p/ (But it doesn't provide a fall-back - to a real page, in case the request is not sent through Privoxy) - - * Show information about the current configuration, including viewing - and editing of actions files: - - http://config.privoxy.org/show-status - - * Show the source code version numbers: - - http://config.privoxy.org/show-version - - * Show the browser's request headers: - - http://config.privoxy.org/show-request - - * Show which actions apply to a URL and why: - - http://config.privoxy.org/show-url-info - - * Toggle Privoxy on or off. This feature can be turned off/on in the - main config file. When toggled "off", "Privoxy" continues to run, but - only as a pass-through proxy, with no actions taking place: - - http://config.privoxy.org/toggle - - Short cuts. Turn off, then on: - - http://config.privoxy.org/toggle?set=disable - - http://config.privoxy.org/toggle?set=enable - - These may be bookmarked for quick reference. See next. - - -------------------------------------------------------------------------- - - 14.2.1. Bookmarklets - - Below are some "bookmarklets" to allow you to easily access a "mini" - version of some of Privoxy's special pages. They are designed for MS - Internet Explorer, but should work equally well in Netscape, Mozilla, and - other browsers which support JavaScript. They are designed to run directly - from your bookmarks - not by clicking the links below (although that - should work for testing). - - To save them, right-click the link and choose "Add to Favorites" (IE) or - "Add Bookmark" (Netscape). You will get a warning that the bookmark "may - not be safe" - just click OK. Then you can run the Bookmarklet directly - from your favorites/bookmarks. For even faster access, you can put them on - the "Links" bar (IE) or the "Personal Toolbar" (Netscape), and run them - with a single click. - - * Privoxy - Enable - - * Privoxy - Disable - - * Privoxy - Toggle Privoxy (Toggles between enabled and disabled) - - * Privoxy- View Status - - * Privoxy - Why? - - Credit: The site which gave us the general idea for these bookmarklets is - www.bookmarklets.com. They have more information about bookmarklets. - - -------------------------------------------------------------------------- - - 14.3. Chain of Events - - Let's take a quick look at how some of Privoxy's core features are - triggered, and the ensuing sequence of events when a web page is requested - by your browser: - - * First, your web browser requests a web page. The browser knows to send - the request to Privoxy, which will in turn, relay the request to the - remote web server after passing the following tests: - - * Privoxy traps any request for its own internal CGI pages (e.g - http://p.p/) and sends the CGI page back to the browser. - - * Next, Privoxy checks to see if the URL matches any "+block" patterns. - If so, the URL is then blocked, and the remote web server will not be - contacted. "+handle-as-image" and "+handle-as-empty-document" are then - checked, and if there is no match, an HTML "BLOCKED" page is sent back - to the browser. Otherwise, if it does match, an image is returned for - the former, and an empty text document for the latter. The type of - image would depend on the setting of "+set-image-blocker" (blank, - checkerboard pattern, or an HTTP redirect to an image elsewhere). - - * Untrusted URLs are blocked. If URLs are being added to the trust file, - then that is done. - - * If the URL pattern matches the "+fast-redirects" action, it is then - processed. Unwanted parts of the requested URL are stripped. - - * Now the rest of the client browser's request headers are processed. If - any of these match any of the relevant actions (e.g. - "+hide-user-agent", etc.), headers are suppressed or forged as - determined by these actions and their parameters. - - * Now the web server starts sending its response back (i.e. typically a - web page). - - * First, the server headers are read and processed to determine, among - other things, the MIME type (document type) and encoding. The headers - are then filtered as determined by the "+crunch-incoming-cookies", - "+session-cookies-only", and "+downgrade-http-version" actions. - - * If the "+kill-popups" action applies, and it is an HTML or JavaScript - document, the popup-code in the response is filtered on-the-fly as it - is received. - - * If any "+filter" action or "+deanimate-gifs" action applies (and the - document type fits the action), the rest of the page is read into - memory (up to a configurable limit). Then the filter rules (from - default.filter and any other filter files) are processed against the - buffered content. Filters are applied in the order they are specified - in one of the filter files. Animated GIFs, if present, are reduced to - either the first or last frame, depending on the action setting.The - entire page, which is now filtered, is then sent by Privoxy back to - your browser. - - If neither a "+filter" action or "+deanimate-gifs" matches, then - Privoxy passes the raw data through to the client browser as it - becomes available. - - * As the browser receives the now (possibly filtered) page content, it - reads and then requests any URLs that may be embedded within the page - source, e.g. ad images, stylesheets, JavaScript, other HTML documents - (e.g. frames), sounds, etc. For each of these objects, the browser - issues a separate request (this is easily viewable in Privoxy's logs). - And each such request is in turn processed just as above. Note that a - complex web page will have many, many such embedded URLs. If these - secondary requests are to a different server, then quite possibly a - very differing set of actions is triggered. - - NOTE: This is somewhat of a simplistic overview of what happens with each - URL request. For the sake of brevity and simplicity, we have focused on - Privoxy's core features only. - - -------------------------------------------------------------------------- - - 14.4. Troubleshooting: Anatomy of an Action - - The way Privoxy applies actions and filters to any given URL can be - complex, and not always so easy to understand what is happening. And - sometimes we need to be able to see just what Privoxy is doing. - Especially, if something Privoxy is doing is causing us a problem - inadvertently. It can be a little daunting to look at the actions and - filters files themselves, since they tend to be filled with regular - expressions whose consequences are not always so obvious. - - One quick test to see if Privoxy is causing a problem or not, is to - disable it temporarily. This should be the first troubleshooting step. See - the Bookmarklets section on a quick and easy way to do this (be sure to - flush caches afterward!). Looking at the logs is a good idea too. (Note - that both the toggle feature and logging are enabled via config file - settings, and may need to be turned "on".) - - Another easy troubleshooting step to try is if you have done any - customization of your installation, revert back to the installed defaults - and see if that helps. There are times the developers get complaints about - one thing or another, and the problem is more related to a customized - configuration issue. - - Privoxy also provides the http://config.privoxy.org/show-url-info page - that can show us very specifically how actions are being applied to any - given URL. This is a big help for troubleshooting. - - First, enter one URL (or partial URL) at the prompt, and then Privoxy will - tell us how the current configuration will handle it. This will not help - with filtering effects (i.e. the "+filter" action) from one of the filter - files since this is handled very differently and not so easy to trap! It - also will not tell you about any other URLs that may be embedded within - the URL you are testing. For instance, images such as ads are expressed as - URLs within the raw page source of HTML pages. So you will only get info - for the actual URL that is pasted into the prompt area -- not any - sub-URLs. If you want to know about embedded URLs like ads, you will have - to dig those out of the HTML source. Use your browser's "View Page Source" - option for this. Or right click on the ad, and grab the URL. - - Let's try an example, google.com, and look at it one section at a time in - a sample configuration (your real configuration may vary): - - Matches for http://www.google.com: - - In file: default.action [ View ] [ Edit ] - - {+deanimate-gifs {last} - +fast-redirects {check-decoded-url} - +filter {refresh-tags} - +filter {img-reorder} - +filter {banners-by-size} - +filter {webbugs} - +filter {jumping-windows} - +filter {ie-exploits} - +hide-forwarded-for-headers - +hide-from-header {block} - +hide-referrer {forge} - +session-cookies-only - +set-image-blocker {pattern} - / - - { -session-cookies-only } - .google.com - - { -fast-redirects } - .google.com - - In file: user.action [ View ] [ Edit ] - (no matches in this file) - - This is telling us how we have defined our "actions", and which ones match - for our test case, "google.com". Displayed is all the actions that are - available to us. Remember, the + sign denotes "on". - denotes "off". So - some are "on" here, but many are "off". Each example we try may provide a - slightly different end result, depending on our configuration directives. - - The first listing is for our default.action file. The large, multi-line - listing, is how the actions are set to match for all URLs, i.e. our - default settings. If you look at your "actions" file, this would be the - section just below the "aliases" section near the top. This will apply to - all URLs as signified by the single forward slash at the end of the - listing -- " / ". - - But we have defined additional actions that would be exceptions to these - general rules, and then we list specific URLs (or patterns) that these - exceptions would apply to. Last match wins. Just below this then are two - explicit matches for ".google.com". The first is negating our previous - cookie setting, which was for "+session-cookies-only" (i.e. not - persistent). So we will allow persistent cookies for google, at least that - is how it is in this example. The second turns off any "+fast-redirects" - action, allowing this to take place unmolested. Note that there is a - leading dot here -- ".google.com". This will match any hosts and - sub-domains, in the google.com domain also, such as "www.google.com" or - "mail.google.com". But it would not match "www.google.de"! So, apparently, - we have these two actions defined as exceptions to the general rules at - the top somewhere in the lower part of our default.action file, and - "google.com" is referenced somewhere in these latter sections. - - Then, for our user.action file, we again have no hits. So there is nothing - google-specific that we might have added to our own, local configuration. - If there was, those actions would over-rule any actions from previously - processed files, such as default.action. user.action typically has the - last word. This is the best place to put hard and fast exceptions, - - And finally we pull it all together in the bottom section and summarize - how Privoxy is applying all its "actions" to "google.com": - - Final results: - - -add-header - -block - -client-header-filter{hide-tor-exit-notation} - -content-type-overwrite - -crunch-client-header - -crunch-if-none-match - -crunch-incoming-cookies - -crunch-outgoing-cookies - -crunch-server-header - +deanimate-gifs {last} - -downgrade-http-version - -fast-redirects - -filter {js-events} - -filter {content-cookies} - -filter {all-popups} - -filter {banners-by-link} - -filter {tiny-textforms} - -filter {frameset-borders} - -filter {demoronizer} - -filter {shockwave-flash} - -filter {quicktime-kioskmode} - -filter {fun} - -filter {crude-parental} - -filter {site-specifics} - -filter {js-annoyances} - -filter {html-annoyances} - +filter {refresh-tags} - -filter {unsolicited-popups} - +filter {img-reorder} - +filter {banners-by-size} - +filter {webbugs} - +filter {jumping-windows} - +filter {ie-exploits} - -filter {google} - -filter {yahoo} - -filter {msn} - -filter {blogspot} - -filter {no-ping} - -force-text-mode - -handle-as-empty-document - -handle-as-image - -hide-accept-language - -hide-content-disposition - +hide-forwarded-for-headers - +hide-from-header {block} - -hide-if-modified-since - +hide-referrer {forge} - -hide-user-agent - -inspect-jpegs - -kill-popups - -limit-connect - -overwrite-last-modified - -prevent-compression - -redirect - -send-vanilla-wafer - -send-wafer - -server-header-filter{xml-to-html} - -server-header-filter{html-to-xml} - -session-cookies-only - +set-image-blocker {pattern} - -treat-forbidden-connects-like-blocks - - Notice the only difference here to the previous listing, is to - "fast-redirects" and "session-cookies-only", which are activated - specifically for this site in our configuration, and thus show in the - "Final Results". - - Now another example, "ad.doubleclick.net": - - { +block } - ad*. - - { +block } - .ad. - - { +block +handle-as-image } - .[a-vx-z]*.doubleclick.net - - We'll just show the interesting part here - the explicit matches. It is - matched three different times. Two "+block" sections, and a "+block - +handle-as-image", which is the expanded form of one of our aliases that - had been defined as: "+block-as-image". ("Aliases" are defined in the - first section of the actions file and typically used to combine more than - one action.) - - Any one of these would have done the trick and blocked this as an unwanted - image. This is unnecessarily redundant since the last case effectively - would also cover the first. No point in taking chances with these guys - though ;-) Note that if you want an ad or obnoxious URL to be invisible, - it should be defined as "ad.doubleclick.net" is done here -- as both a - "+block" and an "+handle-as-image". The custom alias "+block-as-image" - just simplifies the process and make it more readable. - - One last example. Let's try "http://www.example.net/adsl/HOWTO/". This one - is giving us problems. We are getting a blank page. Hmmm ... - - Matches for http://www.example.net/adsl/HOWTO/: - - In file: default.action [ View ] [ Edit ] - - {-add-header - -block - -client-header-filter{hide-tor-exit-notation} - -content-type-overwrite - -crunch-client-header - -crunch-if-none-match - -crunch-incoming-cookies - -crunch-outgoing-cookies - -crunch-server-header - +deanimate-gifs - -downgrade-http-version - +fast-redirects {check-decoded-url} - -filter {js-events} - -filter {content-cookies} - -filter {all-popups} - -filter {banners-by-link} - -filter {tiny-textforms} - -filter {frameset-borders} - -filter {demoronizer} - -filter {shockwave-flash} - -filter {quicktime-kioskmode} - -filter {fun} - -filter {crude-parental} - -filter {site-specifics} - -filter {js-annoyances} - -filter {html-annoyances} - +filter {refresh-tags} - -filter {unsolicited-popups} - +filter {img-reorder} - +filter {banners-by-size} - +filter {webbugs} - +filter {jumping-windows} - +filter {ie-exploits} - -filter {google} - -filter {yahoo} - -filter {msn} - -filter {blogspot} - -filter {no-ping} - -force-text-mode - -handle-as-empty-document - -handle-as-image - -hide-accept-language - -hide-content-disposition - +hide-forwarded-for-headers - +hide-from-header{block} - +hide-referer{forge} - -hide-user-agent - -inspect-jpegs - -kill-popups - -overwrite-last-modified - +prevent-compression - -redirect - -send-vanilla-wafer - -send-wafer - -server-header-filter{xml-to-html} - -server-header-filter{html-to-xml} - +session-cookies-only - +set-image-blocker{blank} - -treat-forbidden-connects-like-blocks } - / - - { +block +handle-as-image } - /ads - - Ooops, the "/adsl/" is matching "/ads" in our configuration! But we did - not want this at all! Now we see why we get the blank page. It is actually - triggering two different actions here, and the effects are aggregated so - that the URL is blocked, and Privoxy is told to treat the block as if it - were an image. But this is, of course, all wrong. We could now add a new - action below this (or better in our own user.action file) that explicitly - un blocks ( "{-block}") paths with "adsl" in them (remember, last match in - the configuration wins). There are various ways to handle such exceptions. - Example: - - { -block } - /adsl - - Now the page displays ;-) Remember to flush your browser's caches when - making these kinds of changes to your configuration to insure that you get - a freshly delivered page! Or, try using Shift+Reload. - - But now what about a situation where we get no explicit matches like we - did with: - - { +block +handle-as-image } - /ads - - That actually was very helpful and pointed us quickly to where the problem - was. If you don't get this kind of match, then it means one of the default - rules in the first section of default.action is causing the problem. This - would require some guesswork, and maybe a little trial and error to - isolate the offending rule. One likely cause would be one of the "+filter" - actions. These tend to be harder to troubleshoot. Try adding the URL for - the site to one of aliases that turn off "+filter": - - { shop } - .quietpc.com - .worldpay.com # for quietpc.com - .jungle.com - .scan.co.uk - .forbes.com - - "{ shop }" is an "alias" that expands to "{ -filter -session-cookies-only - }". Or you could do your own exception to negate filtering: - - { -filter } - # Disable ALL filter actions for sites in this section - .forbes.com - developer.ibm.com - localhost - - This would turn off all filtering for these sites. This is best put in - user.action, for local site exceptions. Note that when a simple domain - pattern is used by itself (without the subsequent path portion), all - sub-pages within that domain are included automatically in the scope of - the action. - - Images that are inexplicably being blocked, may well be hitting the - "+filter{banners-by-size}" rule, which assumes that images of certain - sizes are ad banners (works well most of the time since these tend to be - standardized). - - "{ fragile }" is an alias that disables most actions that are the most - likely to cause trouble. This can be used as a last resort for problem - sites. - - { fragile } - # Handle with care: easy to break - mail.google. - mybank.example.com - - Remember to flush caches! Note that the mail.google reference lacks the - TLD portion (e.g. ".com"). This will effectively match any TLD with google - in it, such as mail.google.de., just as an example. - - If this still does not work, you will have to go through the remaining - actions one by one to find which one(s) is causing the problem. -- 2.39.2