aggressiveyour default settings (in the top section of the actions file) are, the more exceptions for
trustedsites you @@ -2070,13 +3014,13 @@ for details. like
Cautious,
Mediumor
Advanced. Warning: the
Advancedsetting is more aggressive, and will be more likely to cause problems for some sites. - Experienced users only! + Experienced users only!
patternsto determine what
patternsuse wild @@ -2144,23 +3088,29 @@ for details. flexibility. This allows one expression to be expanded and potentially match against many similar patterns.
Regular Expressions
*represents zero or more arbitrary characters (this is - equivalent to the + equivalent to the
Regular Expression
.*),
?represents any single character (this is equivalent to the regular expression syntax of a simple
.), and you can define -
character classesin square brackets which is similar to +
character classesin square brackets which is similar to the same regular expression technique. All of this can be freely mixed: @@ -2290,7 +3266,7 @@ for details.
adserver.example.com, + matches
adserver.example.com,
ads.example.com, etc but not
sfads.example.com
/, - i.e. it matches as if it would start with a
^(regular expression speak + i.e. it matches as if it would start with a
^(regular expression speak for the beginning of a line).
(?-i)switch:
.example.com, since any documents + Is equivalent to just
.example.com, since any documents within that domain are matched with or without the
.*regular expression. This is redundant
index.html, and that is part of some path. For example, it matches
www.example.com/testing/index.htmlbut NOT
www.example.com/index.htmlbecause the regular - expression called for at least two
/'s, thus the path - requirement. It also would match -
www.example.com/testing/index_html, because of the + expression called for at least two
/'s, thus the path + requirement. It also would match +
www.example.com/testing/index_html, because of the special meta-character
..
index.htmlregardless of path which in this case can - have one or more
/'s. And this one must contain exactly + This regular expression is conditional so it will match any page + named
index.htmlregardless of path which in this case can + have one or more
/'s. And this one must contain exactly
.html(but does not have to end with that!).
example.com- that contains any of the words
ads,
banner, + that contains any of the words
ads,
banner,
banners(because of the
?) or
junk. The path does not have to end in these words, just contain them.
.jpg,
.jpeg,
.gifor
.png. So this + This is very much the same as above, except now it must end in either +
.jpg,
.jpeg,
.gifor
.png. So this one is limited to common image formats.
enabledor
disabled. Syntax:
HTTP headersare, you definitely don't need to worry about this + This action may be specified multiple times, in order to define multiple + headers. This is rarely needed for the typical user. If you don't know what +
HTTP headersare, you definitely don't need to worry about this one.
Content-Type: text/html, you can use &my-app; to overwrite it with
application/xmland validate the web master's claim inside your XHTML-supporting browser. - If the syntax is incorrect, the browser will complain loudly. + If the syntax is incorrect, the browser will complain loudly.
text/htmland have it rendered as broken HTML document. +
text/htmland have it rendered as broken HTML document.
Rolling your own- filters requires a knowledge of + filters requires a knowledge of
Regular - Expressions
HTML
actionis not available.
Content-Type:isn't detected as such. -
Content-Type:first.
block, or any user defined value. -
block, or any user defined value. -
If-Modified-Since:HTTP client header or modifies its value. + Deletes the
If-Modified-Since:HTTP client header or modifies its value.
block, or a user defined value that specifies a range of hours. -
blockwill completely remove the header + The keyword
blockwill completely remove the header (not to be confused with the
referreris the correct English spelling, however the HTTP specification has a bug - it - requires it to be spelled as
referer.) + requires it to be spelled as
referer.)
Last-Modified:HTTP server header or modifies its value. + Deletes the
Last-Modified:HTTP server header or modifies its value.
block,
reset-to-request-timeand
randomize-
Last-Modified:header to track visits without using cookies.
Randomize- makes it impossible and the browser can still revalidate cached documents. + makes it impossible and the browser can still revalidate cached documents.
reset-to-request-timeoverwrites the value of the @@ -5181,7 +6168,7 @@ new action of the request, the random range becomes zero and the value stays the same. Therefore you should later randomize it a second time with
sessioncookies (for the current - browser session
to send a redirect totarget-url
file:///URL. + to any image anywhere, even in your local filesystem via
file:///URL. (But note that not all browsers support redirecting to a local file system).
=, -
{and
}, but we
{and
}, but we
ato
z,
0to
9,
+, and
-. Alias names are not case sensitive, and are not required to start with a @@ -5780,7 +6767,7 @@ example.org/instance-that-is-delivered-as-xml-but-is-not
/pattern):
shopand
fragileare typically used for -
problemsites that require more than one action to be disabled + Aliases like
shopand
fragileare typically used for +
problemsites that require more than one action to be disabled in order to function properly.
-disables!). Also note how this long line has been made more readable by splitting it into multiple lines with line continuation. - +
nasty-as intended, but alsoads .nasty-corp.com
downloorads .sourcefroge.net
So here come some @@ -6119,7 +7106,7 @@ count*. ########################################################################## # By domain: -# +# { -block } adv[io]*. # (for advogato.org and advice.*) adsl. # (has nothing to do with ads) @@ -6169,13 +7156,13 @@ wiki.ads l.some-provider.net.
copy image location- and pasted the URL below while removing the leading http://, into a + and pasted the URL below while removing the leading http://, into a
filter file. Once defined, they + to be defined in a
filter file. Once defined, they can then be invoked as an
action.
roll - your ownfilters, you should first be familiar with HTML syntax, + your own filters, you should first be familiar with HTML syntax, and, of course, regular expressions.
Regular Expressions
OnUnload, but the page's content does.
.comappears directly following
microsoftin the page. This prevents links to microsoft.com from being trashed, while still replacing the word everywhere else. @@ -6764,7 +7751,7 @@ s* industry[ -]leading \
unsolicitedpop-up - windows from opening, yet still allow pop-up windows that the user - has explicitly chosen to open. It was added in version 3.0.1, + This filter attempts to prevent only
unsolicitedpop-up + windows from opening, yet still allow pop-up windows that the user + has explicitly chosen to open. It was added in version 3.0.1, as an improvement over earlier such filters.
404 - No Such Domainerror page
BLOCKEDpage
specialcharacter here is the asterisk which matches any and all characters. We can be more specific and use
special charactersand ways of + powerful. There are many more
special charactersand ways of building complex patterns however. Let's look at a few of the common ones, and then some examples:
escapecharacter denotes that - the following character should be taken literally. This is used where one of the + the following character should be taken literally. This is used where one of the special characters (e.g.
.) needs to be taken literally and - not as a special meta-character. Example:
example\.com, makes - sure the period is recognized only as a period (and not expanded to its + not as a special meta-character. Example:
example\.com, makes + sure the period is recognized only as a period (and not expanded to its meta-character meaning of any single character).
[0-9]- matches any numeric digit (zero through nine). As an example, we can combine + matches any numeric digit (zero through nine). As an example, we can combine this with
+to match any digit one of more times:
[0-9]+.
barcharacter works like an
orconditional statement. A match is successful if the sub-expression on either side of
|matches. As an example: -
/(this|that) example/uses grouping and the bar character +
/(this|that) example/uses grouping and the bar character and would match either
this exampleor
that example, and nothing else.
.and
*to + that uses the common combination of
.and
*to denote any character, zero or more times. In other words, any string at all. - So we start with a literal forward slash, then our regular expression pattern + So we start with a literal forward slash, then our regular expression pattern (
.*) another literal forward slash, the string
banners, another forward slash, and lastly another -
.*. We are building +
.*. We are building a directory path here. This will match any file with the path that has a directory named
bannersin it. The
.*matches any characters, and this could conceivably be more forward slashes, so it @@ -7551,14 +8538,14 @@ Requests
/), so we are - building another expression that is a file path statement. We have another + building another expression that is a file path statement. We have another
.*, so we are matching against any conceivable sub-path, just so it matches our expression. The only true literal that
advstring is the - interesting part. + interesting part.
((er)?ts?|ertis(ing|ements?))is optional, as are the individual sub-expressions:
(er),
(ing|ements?), and the
s. The
|- means
or. We have two of those. For instance, -
(ing|ements?), can expand to match either
ing+ means
or. We have two of those. For instance, +
(ing|ements?), can expand to match either
ing
ements?. What is being done here, is an - attempt at matching as many variations of
advertisement, and + attempt at matching as many variations of
advertisement, and similar, as possible. So this would expand to match just
adv, or
advert, or
adverts, or
advertising, or
advertisement, or -
advertisements. You get the idea. But it would not match +
advertisements. You get the idea. But it would not match
advertizements(with a
z). We could fix that by - changing our regular expression to: + changing our regular expression to:
/.*/adv((er)?ts?|erti(s|z)(ing|ements?))?/, which would then match either spelling.
[ ]can be matched. This is using
0-9as a shorthand expression to mean any digit one through nine. It is the same as saying
0123456789. So any digit matches. The
+- means one or more of the preceding expression must be included. The preceding - expression here is what is in the square brackets -- in this case, any digit - one through nine. Then, at the end, we have a grouping:
(gif|jpe?g). + means one or more of the preceding expression must be included. The preceding + expression here is what is in the square brackets -- in this case, any digit + one through nine. Then, at the end, we have a grouping:
(gif|jpe?g). This includes a
|, so this needs to match the expression on either side of that bar character also. A simple
gifon one side, and the other side will in turn match either
jpegor
jpg, @@ -7620,7 +8607,7 @@ Requests
-@@ -7678,77 +8665,77 @@ Requests+ http://config.privoxy.org/
-+ http://config.privoxy.org/show-status
-+ http://config.privoxy.org/show-version
-+ http://config.privoxy.org/show-request
-+ http://config.privoxy.org/show-url-info
off,
Privoxycontinues to run, but only as a pass-through proxy, with no actions taking place:
-+ http://config.privoxy.org/toggle
-+ http://config.privoxy.org/toggle?set=disable
-+ http://config.privoxy.org/toggle?set=enable
may not be safe- just click OK. Then you can run the Bookmarklet directly from your favorites/bookmarks. For even faster access, you can put them on the
Linksbar (IE) or the
Personal - Toolbar(Netscape), and run them with a single click. + Toolbar (Netscape), and run them with a single click.
+blockpatterns. If so, the URL is then blocked, and the remote web server will not be contacted. -
+handle-as-image- and +
+handle-as-image+ and
+handle-as-empty-document- are then checked, and if there is no match, an + are then checked, and if there is no match, an HTML
BLOCKEDpage is sent back to the browser. Otherwise, if it does match, an image is returned for the former, and an empty text document for the latter. The type of image would depend on the setting of
+set-image-blocker(blank, checkerboard pattern, or an HTTP redirect to an image elsewhere).
+fast-redirectsaction, it is then processed. Unwanted parts of the requested URL are stripped.
+crunch-incoming-cookies,
+session-cookies-only, and
+downgrade-http-versionactions.
+filteraction @@ -7926,35 +8913,35 @@ Requests they are specified in one of the filter files. Animated GIFs, if present, are reduced to either the first or last frame, depending on the action setting.The entire page, which is now filtered, is then sent by -
+filteraction or
+deanimate-gifs- matches, then
on.)
+filteraction) from @@ -8020,8 +9007,8 @@ Requests
actions, and - which ones match for our test case,
google.com. + which ones match for our test case,
google.com. Displayed is all the actions that are available to us. Remember, the
on.
off. So some are
onhere, but many + denotes
off. So some are
onhere, but many are
off. Each example we try may provide a slightly different end result, depending on our configuration directives.
www.google.comor
mail.google.com. But it would not +
www.google.comor
mail.google.com. But it would not match
www.google.de! So, apparently, we have these two actions defined as exceptions to the general rules at the top somewhere in the lower part of our
actions+
actionsto
google.com: @@ -8118,10 +9105,10 @@ In file: user.action
fast-redirectsand
session-cookies-only, - which are activated specifically for this site in our configuration, + which are activated specifically for this site in our configuration, and thus show in the
Final Results.
+block{}sections, + We'll just show the interesting part here - the explicit matches. It is + matched three different times. Two
+block{}sections, and a
+block{} +handle-as-image, - which is the expanded form of one of our aliases that had been defined as: + which is the expanded form of one of our aliases that had been defined as:
+block-as-image. (
Aliasesare defined in - the first section of the actions file and typically used to combine more + the first section of the actions file and typically used to combine more than one action.)
ad.doubleclick.netis done here -- as both a
+block{}-
+handle-as-image. The custom alias
just simplifies the process and make it more readable. @@ -8239,9 +9226,9 @@ In file: user.action+block-as-image
/adsl/is matching
/adsin our + Ooops, the
/adsl/is matching
/adsin our configuration! But we did not want this at all! Now we see why we get the - blank page. It is actually triggering two different actions here, and - the effects are aggregated so that the URL is blocked, and &my-app; is told + blank page. It is actually triggering two different actions here, and + the effects are aggregated so that the URL is blocked, and &my-app; is told to treat the block as if it were an image. But this is, of course, all wrong. We could now add a new action below this (or better in our own
is an{ shop }
aliasthat expands to +
is an{ shop }
aliasthat expands to
. Or you could do your own exception to negate filtering: @@ -8388,23 +9375,23 @@ In file: user.action{ -filter -session-cookies-only }
+filter{banners-by-size}- rule, which assumes - that images of certain sizes are ad banners (works well + rule, which assumes + that images of certain sizes are ad banners (works well
is an alias that disables most actions that are the most likely to cause trouble. This can be used as a - last resort for problem sites. -{ fragile }
.com). This will effectively match any TLD with -
.com). This will effectively match any TLD with +
web-bugsand HTML annoyances, etc.) * Modularized configuration that allows for standard settings and user settings to reside in separate files, so that installing updated actions @@ -97,23 +435,16 @@ more control, more privacy and more freedom: * Support for Perl Compatible Regular Expressions in the configuration files, and a more sophisticated and flexible configuration syntax. - * Improved cookie management features (e.g. session based cookies). - * GIF de-animation. * Bypass many click-tracking scripts (avoids script redirection). - * Multi-threaded (POSIX and native threads). - * User-customizable HTML templates for most proxy-generated pages (e.g. "blocked" page). * Auto-detection and re-reading of config file changes. - - * Improved signal handling, and a true daemon mode (Unix). - * Every feature now controllable on a per-site or per-location basis, - configuration more powerful and versatile over-all. + * Most features are controllable on a per-site or per-location basis. Download location: diff --git a/external/privoxy/doc/webserver/developer-manual/coding.html b/external/privoxy/doc/webserver/developer-manual/coding.html index 48259edf..345c7398 100644 --- a/external/privoxy/doc/webserver/developer-manual/coding.html +++ b/external/privoxy/doc/webserver/developer-manual/coding.html @@ -1,218 +1,142 @@ - -
4. Coding Guidelines
4.1. Introduction
This set of standards is designed to make our lives easier. It is - developed with the simple goal of helping us keep the "new and improved - Privoxy" consistent and reliable. Thus making - maintenance easier and increasing chances of success of the - project.
And that of course comes back to us as individuals. If we can - increase our development and product efficiencies then we can solve more - of the request for changes/improvements and in general feel good about - ourselves. ;->
4.2. Using Comments
4.2.1. Comment, Comment, Comment
Explanation:
Comment as much as possible without commenting the obvious. - For example do not comment "variable_a is equal to variable_b". - Instead explain why variable_a should be equal to the variable_b. - Just because a person can read code does not mean they will - understand why or what is being done. A reader may spend a lot - more time figuring out what is going on when a simple comment - or explanation would have prevented the extra research. Please - help your brother IJB'ers out!
The comments will also help justify the intent of the code. - If the comment describes something different than what the code - is doing then maybe a programming error is occurring.
Example:
/* if page size greater than 1k ... */ -if ( page_length() > 1024 ) + + + + + + ++ |
+
Note: If we all follow + this practice, we should be able to parse our code to create a + "self-documenting" web page.
++ +
Prev | + +Home | + +Next | +
Documentation + Guidelines | + ++ + | Testing Guidelines | +
8. Contacting the developers, Bug Reporting and Feature Requests
We value your feedback. In fact, we rely on it to improve - Privoxy and its configuration. - However, please note the following hints, so we can - provide you with the best support:
8.1. Get Support
For casual users, our - support forum at SourceForge - is probably best suited: - http://sourceforge.net/tracker/?group_id=11118&atid=211118
All users are of course welcome to discuss their issues on the users - mailing list, where the developers also hang around.
Please don't sent private support requests to individual Privoxy - developers, either use the mailing lists or the support trackers.
Note that the Privoxy mailing lists are moderated. Posts from unsubscribed - addresses have to be accepted manually by a moderator. This may cause a - delay of several days and if you use a subject that doesn't clearly - mention Privoxy or one of its features, your message may be accidentally - discarded as spam.
If you aren't subscribed, you should therefore spend a few seconds - to come up with a proper subject. Additionally you should make it clear - that you want to get CC'd. Otherwise some responses will be directed to - the mailing list only, and you won't see them.
8.2. Reporting Problems
"Problems" for our purposes, come in two forms:
Configuration issues, such as ads that slip through, or sites that - don't function properly due to one Privoxy - "action" or another being turned "on". -
"Bugs" in the programming code that makes up - Privoxy, such as that might cause a crash. -
8.2.1. Reporting Ads or Other Configuration Problems
Please send feedback on ads that slipped through, innocent images that were - blocked, sites that don't work properly, and other configuration related problem of - default.action file, to - http://sourceforge.net/tracker/?group_id=11118&atid=460288, - the Actions File Tracker.
New, improved default.action files may occasionally be made - available based on your feedback. These will be announced on the ijbswa-announce - list and available from our the files section of - our project page.
8.2.2. Reporting Bugs
Please report all bugs through our bug tracker: - http://sourceforge.net/tracker/?group_id=11118&atid=111118.
Before doing so, please make sure that the bug has not already been submitted - and observe the additional hints at the top of the submit - form. If already submitted, please feel free to add any info to the - original report that might help to solve the issue.
Please try to verify that it is a Privoxy bug, - and not a browser or site bug or documented behaviour that just happens - to be different than what you expected. If unsure, - try toggling - off Privoxy, and see if the problem persists.
If you are using your own custom configuration, please try - the stock configs to see if the problem is configuration related. - If you're having problems with a feature that is disabled by default, - please ask around on the mailing list if others can reproduce the problem.
If you aren't using the latest Privoxy version, the bug may have been found - and fixed in the meantime. We would appreciate if you could take the time - to upgrade - to the latest version (or even the latest CVS snapshot) and verify - that your bug still exists.
Please be sure to provide the following information:
The exact Privoxy version you are using - (if you got the source from CVS, please also provide the source code revisions - as shown in http://config.privoxy.org/show-version). -
The operating system and versions you run - Privoxy on, (e.g. Windows - XP SP2), if you are using a Unix flavor, - sending the output of "uname -a" should do, - in case of GNU/Linux, please also name the distribution. -
The name, platform, and version of the browser - you were using (e.g. Internet Explorer v5.5 for Mac). -
The URL where the problem occurred, or some way for us to duplicate the - problem (e.g. http://somesite.example.com/?somethingelse=123). -
Whether your version of Privoxy is one supplied - by the Privoxy developers via SourceForge, - or if you got your copy somewhere else. -
Whether you are using Privoxy in tandem with - another proxy such as Tor. If so, please - temporary disable the other proxy to see if the symptoms change. -
Whether you are using a personal firewall product. If so, does - Privoxy work without it? -
Any other pertinent information to help identify the problem such as config - or log file excerpts (yes, you should have log file entries for each - action taken). -
You don't have to tell us your actual name when filing a problem - report, but please use a nickname so we can differentiate between - your messages and the ones entered by other "anonymous" users that - may respond to your request if they have the same problem or already - found a solution.
Please also check the status of your request a few days after submitting - it, as we may request additional information. If you use a SF id, - you should automatically get a mail when someone responds to your request.
The appendix - of the Privoxy User Manual also has helpful information - on understanding actions, and action debugging.
8.3. Request New Features
You are welcome to submit ideas on new features or other proposals - for improvement through our feature request tracker at - http://sourceforge.net/tracker/?atid=361118&group_id=11118.
8.4. Other
For any other issues, feel free to use the mailing lists. Technically interested users -and people who wish to contribute to the project are also welcome on the developers list! -You can find an overview of all Privoxy-related mailing lists, -including list archives, at: -http://sourceforge.net/mail/?group_id=11118.
8. Contacting the + developers, Bug Reporting and Feature Requests
+ +We value your feedback. In fact, we rely on it to improve Privoxy and its configuration. However, please note + the following hints, so we can provide you with the best support:
+ +8.1. + Get Support
+ +For casual users, our support forum at SourceForge is probably best suited: + http://sourceforge.net/tracker/?group_id=11118&atid=211118
+ +All users are of course welcome to discuss their issues on the + users mailing list, where the developers also hang + around.
+ +Please don't sent private support requests to individual Privoxy + developers, either use the mailing lists or the support trackers.
+ +If you have to contact a Privoxy developer directly for other + reasons, please send a real mail and do not bother with SourceForge's + messaging system. Answers to SourceForge messages are usually bounced + by SourceForge's mail server in which case the developer wasted time + writing a response you don't get. From your point of view it will look + like your message has been completely ignored, so this is frustrating + for all parties involved.
+ +Note that the Privoxy mailing lists are moderated. Posts from + unsubscribed addresses have to be accepted manually by a moderator. + This may cause a delay of several days and if you use a subject that + doesn't clearly mention Privoxy or one of its features, your message + may be accidentally discarded as spam.
+ +If you aren't subscribed, you should therefore spend a few seconds + to come up with a proper subject. Additionally you should make it clear + that you want to get CC'd. Otherwise some responses will be directed to + the mailing list only, and you won't see them.
+8.2. Reporting + Problems
+ +"Problems" for our purposes, come in two + forms:
+ +-
+
-
+
Configuration issues, such as ads that slip through, or sites + that don't function properly due to one Privoxy "action" or + another being turned "on".
+
+
+ -
+
"Bugs" in the programming code that + makes up Privoxy, such as that + might cause a crash.
+
+
8.2.1. + Reporting Ads or Other Configuration Problems
+ +Please send feedback on ads that slipped through, innocent images + that were blocked, sites that don't work properly, and other + configuration related problem of default.action file, to http://sourceforge.net/tracker/?group_id=11118&atid=460288, + the Actions File Tracker.
+ +New, improved default.action files may + occasionally be made available based on your feedback. These will be + announced on the ijbswa-announce list and available from our the files section of our project page.
+8.2.2. + Reporting Bugs
+ +Please report all bugs through our bug tracker: http://sourceforge.net/tracker/?group_id=11118&atid=111118.
+ +Before doing so, please make sure that the bug has not already been submitted and observe + the additional hints at the top of the submit form. If already submitted, please feel free + to add any info to the original report that might help to solve the + issue.
+ +Please try to verify that it is a Privoxy bug, and not a browser or site bug or + documented behaviour that just happens to be different than what you + expected. If unsure, try toggling + off Privoxy, and see if the + problem persists.
+ +If you are using your own custom configuration, please try the + stock configs to see if the problem is configuration related. If + you're having problems with a feature that is disabled by default, + please ask around on the mailing list if others can reproduce the + problem.
+ +If you aren't using the latest Privoxy version, the bug may have + been found and fixed in the meantime. We would appreciate if you + could take the time to upgrade to the latest version (or even the latest CVS + snapshot) and verify that your bug still exists.
+ +Please be sure to provide the following information:
+ +-
+
-
+
The exact Privoxy version you + are using (if you got the source from CVS, please also provide + the source code revisions as shown in http://config.privoxy.org/show-version).
+
+
+ -
+
The operating system and versions you run Privoxy on, (e.g. Windows XP SP2), if you are using a Unix + flavor, sending the output of "uname + -a" should do, in case of GNU/Linux, please also name the + distribution.
+
+
+ -
+
The name, platform, and version of the browser you were using (e.g. Internet Explorer v5.5 for Mac).
+
+
+ -
+
The URL where the problem occurred, or some way for us to + duplicate the problem (e.g. http://somesite.example.com/?somethingelse=123).
+
+
+ -
+
Whether your version of Privoxy is one supplied by the Privoxy developers via SourceForge, or if + you got your copy somewhere else.
+
+
+ -
+
Whether you are using Privoxy + in tandem with another proxy such as Tor. If so, please temporary disable the + other proxy to see if the symptoms change.
+
+
+ -
+
Whether you are using a personal firewall product. If so, does + Privoxy work without it?
+
+
+ -
+
Any other pertinent information to help identify the problem + such as config or log file excerpts (yes, you should have log + file entries for each action taken). To get a meaningful logfile, + please make sure that the logfile + directive is being used and the following debug + options are enabled:
+ ++ debug 1 # Log the destination for each request Privoxy let through. See also debug 1024.
If you + are having trouble with a filter, please additionally enable + +
+ + debug 2 # show each connection status
+ + debug 4 # show I/O status
+ + debug 8 # show header parsing
+ + debug 128 # debug redirects
+ debug 256 # debug GIF de-animation
+ + debug 512 # Common Log Format
+ + debug 1024 # Log the destination for requests Privoxy didn't let through, and the reason why.
+ + debug 4096 # Startup banner and warnings.
+ + debug 8192 # Non-fatal errors+ debug 64 # debug regular expression filters
If + you are using Privoxy 3.0.17 or later and suspect that it + interprets the request or the response incorrectly, please enable + ++ debug 32768 # log all data read from the network
Note + that Privoxy log files may contain sensitive information so + please don't submit any logfiles you didn't read first. You can + mask sensitive information as long as it's clear that you removed + something. +
+
You don't have to tell us your actual name when filing a problem + report, but if you don't, please use a nickname so we can + differentiate between your messages and the ones entered by other + "anonymous" users that may respond to your request if they have the + same problem or already found a solution. Note that due to spam the + trackers may not always allow to post without being logged into + SourceForge. If that's the case, you are still free to create a login + that isn't directly linked to your name, though.
+ +Please also check the status of your request a few days after + submitting it, as we may request additional information. If you use a + SF id, you should automatically get a mail when someone responds to + your request. Please don't bother to add an email address when using + the tracker. If you prefer to communicate through email, just use one + of the mailing lists directly.
+ +If you are new to reporting problems, you might be interested in + How to Report Bugs Effectively.
+ +The appendix of the Privoxy User Manual also has + helpful information on understanding actions, and action + debugging.
+8.3. + Request New Features
+ +You are welcome to submit ideas on new features or other proposals + for improvement through our feature request tracker at http://sourceforge.net/tracker/?atid=361118&group_id=11118.
+8.4. + Mailing Lists
+ +If you prefer to communicate through email, instead of using a web + interface, feel free to use one of the mailing lists. To discuss issues + that haven't been completely diagnosed yet, please use the Privoxy + users list. Technically interested users and people who wish to + contribute to the project are always welcome on the developers list. + You can find an overview of all Privoxy-related mailing lists, including list + archives, at: http://sourceforge.net/mail/?group_id=11118.
++ +
Prev | + +Home | + +Next | +
Update the Webserver | + ++ + | Privoxy Copyright, License + and History | +
9. Privoxy Copyright, License and History
Copyright Š 2001-2009 by Privoxy Developers <ijbswa-developers@lists.sourceforge.net>
Some source code is based on code Copyright Š 1997 by Anonymous Coders - and Junkbusters, Inc. and licensed under the GNU General Public - License.
9.1. License
Privoxy is free software; you can - redistribute it and/or modify it under the terms of the - GNU General Public License, version 2, - as published by the Free Software Foundation.
This program is distributed in the hope that it will be useful, but WITHOUT - ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
You should have received a copy of the GNU GPL - along with this program; if not, write to the
Free Software
- Foundation, Inc. 51 Franklin Street, Fifth Floor
- Boston, MA 02110-1301
- USA
9.2. History
A long time ago, there was the - Internet Junkbuster, - by Anonymous Coders and Junkbusters - Corporation. This saved many users a lot of pain in the early days of - web advertising and user tracking.
But the web, its protocols and standards, and with it, the techniques for - forcing ads on users, give up autonomy over their browsing, and - for tracking them, keeps evolving. Unfortunately, the Internet - Junkbuster did not. Version 2.0.2, published in 1998, was - (and is) the last official - release - available from Junkbusters Corporation. - Fortunately, it had been released under the GNU - GPL, - which allowed further development by others.
So Stefan Waldherr started maintaining an improved version of the - software, to which eventually a number of people contributed patches. - It could already replace banners with a transparent image, and had a first - version of pop-up killing, but it was still very closely based on the - original, with all its limitations, such as the lack of HTTP/1.1 support, - flexible per-site configuration, or content modification. The last release - from this effort was version 2.0.2-10, published in 2000.
Then, some - developers - picked up the thread, and started turning the software inside out, upside down, - and then reassembled it, adding many - new - features along the way.
The result of this is Privoxy, whose first - stable version, 3.0, was released August, 2002. -
9. Privoxy + Copyright, License and History
+ +Copyright © 2001-2011 by Privoxy Developers <ijbswa-developers@lists.sourceforge.net>
Some source code is based on code Copyright © 1997 by Anonymous + Coders and Junkbusters, Inc. and licensed under the GNU General Public License.
+ +9.1. License
+ +Privoxy is free software; you can + redistribute it and/or modify it under the terms of the GNU General Public License, version 2, as published by + the Free Software Foundation.
+ +This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ +You should have received a copy of the GNU + GPL along with this program; if not, write to the
+ + Free Software
+ Foundation, Inc. 51 Franklin
+ Street, Fifth Floor
+ Boston, MA 02110-1301
+ USA
9.2. History
+ +A long time ago, there was the Internet Junkbuster, by Anonymous Coders and + Junkbusters + Corporation. This saved many users a lot of pain in the early days + of web advertising and user tracking.
+ +But the web, its protocols and standards, and with it, the + techniques for forcing ads on users, give up autonomy over their + browsing, and for tracking them, keeps evolving. Unfortunately, the + Internet Junkbuster did not. Version + 2.0.2, published in 1998, was (and is) the last official release available from Junkbusters Corporation. Fortunately, it had been + released under the GNU GPL, which allowed further development by others.
+ +So Stefan Waldherr started maintaining an improved version of the + software, to which eventually a number of people contributed patches. + It could already replace banners with a transparent image, and had a + first version of pop-up killing, but it was still very closely based on + the original, with all its limitations, such as the lack of HTTP/1.1 + support, flexible per-site configuration, or content modification. The + last release from this effort was version 2.0.2-10, published in + 2000.
+ +Then, some developers picked up the thread, and started turning the + software inside out, upside down, and then reassembled it, adding many + new features along the way.
+ +The result of this is Privoxy, + whose first stable version, 3.0, was released August, 2002.
++ +
Prev | + +Home | + +Next | +
Contacting the developers, + Bug Reporting and Feature Requests | + ++ + | See also | +
2. The CVS Repository
If you become part of the active development team, you will eventually - need write access to our holy grail, the CVS repository. One of the - team members will need to set this up for you. Please read - this chapter completely before accessing via CVS. -
2.1. Access to CVS
The project's CVS repository is hosted on - SourceForge. - Please refer to the chapters 6 and 7 in - SF's site - documentation for the technical access details for your - operating system. For historical reasons, the CVS server is - called ijbswa.cvs.sourceforge.net, the repository is - called ijbswa, and the source tree module is called - current. -
2.2. Branches
Within the CVS repository, there are modules and branches. As - mentioned, the sources are in the current - "module". Other modules are present for platform specific - issues. There is a webview of the CVS hierarchy at http://ijbswa.cvs.sourceforge.net/ijbswa/, - which might help with visualizing how these pieces fit together. -
Branches are used to fork a sub-development path from the main trunk. - Within the current module where the sources are, there - is always at least one "branch" from the main trunk - devoted to a stable release series. The main trunk is where active - development takes place for the next stable series (e.g. 3.2.x). - So just prior to each stable series (e.g. 3.0.x), a branch is created - just for stable series releases (e.g. 3.0.0 -> 3.0.1 -> 3.0.2, etc). - Once the initial stable release of any stable branch has taken place, - this branch is only used for bugfixes, which have - had prior testing before being committed to CVS. (See Version Numbers below for details on - versioning.) -
At one time there were two distinct branches: stable and unstable. The - more drastic changes were to be in the unstable branch. These branches - have now been merged to minimize time and effort of maintaining two - branches. -
2.3. CVS Commit Guidelines
The source tree is the heart of every software project. Every effort must - be made to ensure that it is readable, compilable and consistent at all - times. There are differing guidelines for the stable branch and the - main development trunk, and we ask anyone with CVS access to strictly - adhere to the following guidelines: -
Basic Guidelines, for all branches: -
Please don't commit even - a small change without testing it thoroughly first. When we're - close to a public release, ask a fellow developer to review your - changes. -
Your commit message should give a concise overview of what you - changed (no big details) and why you changed it - Just check previous messages for good examples. -
Don't use the same message on multiple files, unless it equally applies to - all those files. -
If your changes span multiple files, and the code won't recompile unless - all changes are committed (e.g. when changing the signature of a function), - then commit all files one after another, without long delays in between. - If necessary, prepare the commit messages in advance. -
Before changing things on CVS, make sure that your changes are in line - with the team's general consensus on what should be done. -
Note that near a major public release, we get more cautious. - There is always the possibility to submit a patch to the patch - tracker instead. -
2. The CVS Repository
+ +If you become part of the active development team, you will eventually + need write access to our holy grail, the CVS repository. One of the team + members will need to set this up for you. Please read this chapter + completely before accessing via CVS.
+ +2.1. Access to + CVS
+ +The project's CVS repository is hosted on SourceForge. Please refer + to the chapters 6 and 7 in SF's site + documentation for the technical access details for your operating + system. For historical reasons, the CVS server is called ijbswa.cvs.sourceforge.net, the repository is called + ijbswa, and the source tree module is called + current.
+2.2. + Branches
+ +Within the CVS repository, there are modules and branches. As + mentioned, the sources are in the current + "module". Other modules are present for + platform specific issues. There is a webview of the CVS hierarchy at + http://ijbswa.cvs.sourceforge.net/ijbswa/, which might help + with visualizing how these pieces fit together.
+ +Branches are used to fork a sub-development path from the main + trunk. Within the current module where the + sources are, there is always at least one "branch" from the main trunk devoted to a stable release + series. The main trunk is where active development takes place for the + next stable series (e.g. 3.2.x). So just prior to each stable series + (e.g. 3.0.x), a branch is created just for stable series releases (e.g. + 3.0.0 -> 3.0.1 -> 3.0.2, etc). Once the initial stable release of + any stable branch has taken place, this branch is only used for bugfixes, which have had + prior testing before being committed to CVS. (See Version Numbers below for details + on versioning.)
+ +At one time there were two distinct branches: stable and unstable. + The more drastic changes were to be in the unstable branch. These + branches have now been merged to minimize time and effort of + maintaining two branches.
+2.3. CVS Commit + Guidelines
+ +The source tree is the heart of every software project. Every effort + must be made to ensure that it is readable, compilable and consistent + at all times. There are differing guidelines for the stable branch and + the main development trunk, and we ask anyone with CVS access to + strictly adhere to the following guidelines:
+ +Basic Guidelines, for all branches:
+ +-
+
-
+
Please don't commit even a small change without testing it + thoroughly first. When we're close to a public release, ask a + fellow developer to review your changes.
+
+
+ -
+
Your commit message should give a concise overview of + what you changed (no big + details) and why you changed + it Just check previous messages for good examples.
+
+
+ -
+
Don't use the same message on multiple files, unless it equally + applies to all those files.
+
+
+ -
+
If your changes span multiple files, and the code won't + recompile unless all changes are committed (e.g. when changing the + signature of a function), then commit all files one after another, + without long delays in between. If necessary, prepare the commit + messages in advance.
+
+
+ -
+
Before changing things on CVS, make sure that your changes are + in line with the team's general consensus on what should be + done.
+
+
+ -
+
Note that near a major public release, we get more cautious. + There is always the possibility to submit a patch to the patch tracker instead.
+
+
3. Documentation Guidelines
All formal documents are maintained in Docbook SGML and located in the - doc/source/* directory. You will need - Docbook, the Docbook + + + +
+ + +3. + Documentation Guidelines
+ +All formal documents are maintained in Docbook SGML and located in the + doc/source/* directory. You will need + Docbook, the Docbook DTD's and the Docbook modular stylesheets (or comparable alternatives), - and either jade or - openjade (recommended) installed in order to - build docs from source. Currently there is user-manual, - FAQ, and, of - course this, the developer-manual in this format. - The README, AUTHORS, - INSTALL, - privoxy.1 (man page), and - config files are also now maintained as Docbook - SGML. These files, when built, in the top-level source directory are - generated files! Also, the Privoxy index.html (and a - variation on this file, privoxy-index.html, - meant for inclusion with doc packages), are maintained as SGML as well. - DO NOT edit these directly. Edit the SGML source, or - contact someone involved in the documentation. -
config requires some special handling. The reason it - is maintained this way is so that the extensive comments in the file - mirror those in user-manual. But the conversion - process requires going from SGML to HTML to text to special formatting - required for the embedded comments. Some of this does not survive so - well. Especially some of the examples that are longer than 80 characters. - The build process for this file outputs to config.new, - which should be reviewed for errors and mis-formatting. Once satisfied - that it is correct, then it should be hand copied to - config. -
Other, less formal documents (e.g. LICENSE) are - maintained as plain text files in the top-level source directory. -
Packagers are encouraged to include this documentation. For those without - the ability to build the docs locally, text versions of each are kept in - CVS. HTML versions are also being kept in CVS under - doc/webserver/*. And PDF version are kept in - doc/pdf/*. -
Formal documents are built with the Makefile targets of - make dok, or alternately - make redhat-dok. If you have problems, - try both. The build process uses the document SGML sources in - doc/source/*/* to update all text files in - doc/text/ and to update all HTML - documents in doc/webserver/. -
Documentation writers should please make sure documents build - successfully before committing to CVS, if possible. -
How do you update the webserver (i.e. the pages on privoxy.org)? - -
First, build the docs by running make - dok (or alternately make - redhat-dok). For PDF docs, do make - dok-pdf. -
Run make webserver which copies all - files from doc/webserver to the - sourceforge webserver via scp. -
Finished docs should be occasionally submitted to CVS - (doc/webserver/*/*.html) so that those without - the ability to build them locally, have access to them if needed. - This is especially important just prior to a new release! Please - do this after the $VERSION and - other release specific data in configure.in has been - updated (this is done just prior to a new release). -
3.1. Quickstart to Docbook and SGML
If you are not familiar with SGML, it is a markup language similar to HTML. - Actually, not a mark up language per se, but a language used to define - markup languages. In fact, HTML is an SGML application. Both will use - "tags" to format text and other content. SGML tags can be much - more varied, and flexible, but do much of the same kinds of things. The tags, - or "elements", are definable in SGML. There is no set - "standards". Since we are using - Docbook, our tags are those that are defined by - Docbook. Much of how the finish document is - rendered is determined by the "stylesheets". - The stylesheets determine how each tag gets translated to HTML, or other - formats.
Tags in Docbook SGML need to be always "closed". If not, you - will likely generate errors. Example: <title>My - Title</title>. They are also case-insensitive, but we - strongly suggest using all lower case. This keeps compatibility with - [Docbook] XML.
Our documents use "sections" for the most part. Sections - will be processed into HTML headers (e.g. h1 for - sect1). The Docbook stylesheets - will use these to also generate the Table of Contents for each doc. Our - TOC's are set to a depth of three. Meaning sect1, - sect2, and sect3 will have TOC - entries, but sect4 will not. Each section requires - a <title> element, and at least one - <para>. There is a limit of five section - levels in Docbook, but generally three should be sufficient for our - purposes.
Some common elements that you likely will use:
<para></para>, paragraph delimiter. Most - text needs to be within paragraph elements (there are some exceptions). - |
<emphasis></emphasis>, the stylesheets - make this italics. - |
<filename></filename>, files and directories. - |
<command></command>, command examples. - |
<literallayout></literallayout>, like - <pre>, more or less. - |
<itemizedlist></itemizedlist>, list with bullets. - |
<listitem></listitem>, member of the above. - |
<screen></screen>, screen output, implies - <literallayout>. - |
<ulink url="example.com"></ulink>, like - HTML <a> tag. - |
<quote></quote>, for, doh, quoting text. - |
Look at any of the existing docs for examples of all these and more.
You might also find "Writing Documentation - Using DocBook - A Crash Course" useful.
3.2. Privoxy Documentation Style
It will be easier if everyone follows a similar writing style. This - just makes it easier to read what someone else has written if it - is all done in a similar fashion. -
Here it is: -
All tags should be lower case. -
Tags delimiting a block of text (even small - blocks) should be on their own line. Like: -
<para>
- Tags marking individual words, or few words, should be in-line: -
- Some text goes here.
- </para>
-Just to <emphasis>emphasize</emphasis>, some text goes here.
-
-Tags should be nested and step indented for block text like: (except - in-line tags) -
<para>
- This makes it easier to find the text amongst the tags ;-) -
- <itemizedlist>
- <para>
- <listitem>
- Some text goes here in our list example.
- </listitem>
- </para>
- </itemizedlist>
- </para>
-Use white space to separate logical divisions within a document, - like between sections. Running everything together consistently - makes it harder to read and work on. -
Do not hesitate to make comments. Comments can either use the - <comment> element, or the <!-- --> style comment - familiar from HTML. (Note in Docbook v4.x <comment> is - replaced by <remark>.) -
We have an international audience. Refrain from slang, or English - idiosyncrasies (too many to list :). Humor also does not translate - well sometimes. -
Try to keep overall line lengths in source files to 80 characters or less - for obvious reasons. This is not always possible, with lengthy URLs for - instance. -
Our documents are available in differing formats. Right now, they - are just plain text, HTML, and PDF, but others are always a - future possibility. Be careful with URLs (<ulink>), and avoid - this mistake: -
My favorite site is <ulink url="http://example.com">here</ulink>. -
This will render as "My favorite site is here", which is - not real helpful in a text doc. Better like this: -
My favorite site is <ulink url="http://example.com">example.com</ulink>. -
All documents should be spell checked occasionally. - aspell can check SGML with the - -H option. (ispell I think - too.) -
3.3. Privoxy Custom Entities
Privoxy documentation is using - a number of customized "entities" to facilitate - documentation maintenance. -
We are using a set of "boilerplate" files with generic text, - that is used by multiple docs. This way we can write something once, and use - it repeatedly without having to re-write the same content over and over again. - If editing such a file, keep in mind that it should be - generic. That is the purpose; so it can be used in varying - contexts without additional modifications. -
We are also using what Docbook calls - "internal entities". These are like variables in - programming. Well, sort of. For instance, we have the - p-version entity that contains the current - Privoxy version string. You are strongly - encouraged to use these where possible. Some of these obviously - require re-setting with each release (done by the Makefile). A sampling of - custom entities are listed below. See any of the main docs for examples. -
Re- "boilerplate" text entities are defined like: -
<!entity supported SYSTEM "supported.sgml"> -
In this example, the contents of the file, - supported.sgml is available for inclusion anywhere - in the doc. To make this happen, just reference the now defined - entity: &supported; (starts with an ampersand - and ends with a semi-colon), and the contents will be dumped into - the finished doc at that point. -
Commonly used "internal entities": -
p-version: the Privoxy - version string, e.g. "3.0.12". - p-status: the project status, either - "alpha", "beta", or "stable". - p-not-stable: use to conditionally include - text in "not stable" releases (e.g. "beta"). - p-stable: just the opposite. - p-text: this doc is only generated as text. -
There are others in various places that are defined for a specific - purpose. Read the source! -
config requires some special handling. The + reason it is maintained this way is so that the extensive comments in the + file mirror those in user-manual. But the + conversion process requires going from SGML to HTML to text to special + formatting required for the embedded comments. Some of this does not + survive so well. Especially some of the examples that are longer than 80 + characters. The build process for this file outputs to config.new, which should be reviewed for errors and + mis-formatting. Once satisfied that it is correct, then it should be hand + copied to config.
+ +Other, less formal documents (e.g. LICENSE) + are maintained as plain text files in the top-level source directory.
+ +Packagers are encouraged to include this documentation. For those + without the ability to build the docs locally, text versions of each are + kept in CVS. HTML versions are also being kept in CVS under doc/webserver/*. And PDF version are kept in doc/pdf/*.
+ +Formal documents are built with the Makefile targets of make dok, or alternately make redhat-dok. If you have problems, try both. + The build process uses the document SGML sources in doc/source/*/* to update all text files in + doc/text/ and to update all HTML + documents in doc/webserver/.
+ +Documentation writers should please make sure documents build + successfully before committing to CVS, if possible.
+ +How do you update the webserver (i.e. the pages on privoxy.org)?
+ +-
+
-
+
First, build the docs by running make + dok (or alternately make + redhat-dok). For PDF docs, do make dok-pdf.
+
+
+ -
+
Run make webserver which + copies all files from doc/webserver to the sourceforge webserver + via scp.
+
+
Finished docs should be occasionally submitted to CVS (doc/webserver/*/*.html) so that those without the ability + to build them locally, have access to them if needed. This is especially + important just prior to a new release! Please do this after the $VERSION + and other release specific data in configure.in + has been updated (this is done just prior to a new release).
+ +3.1. Quickstart to Docbook + and SGML
+ +If you are not familiar with SGML, it is a markup language similar + to HTML. Actually, not a mark up language per se, but a language used + to define markup languages. In fact, HTML is an SGML application. Both + will use "tags" to format text and other + content. SGML tags can be much more varied, and flexible, but do much + of the same kinds of things. The tags, or "elements", are definable in SGML. There is no set + "standards". Since we are using Docbook, our tags are those that are defined by + Docbook. Much of how the finish + document is rendered is determined by the "stylesheets". The stylesheets determine how each tag + gets translated to HTML, or other formats.
+ +Tags in Docbook SGML need to be always "closed". If not, you will likely generate errors. + Example: <title>My Title</title>. + They are also case-insensitive, but we strongly suggest using all lower + case. This keeps compatibility with [Docbook] XML.
+ +Our documents use "sections" for the most + part. Sections will be processed into HTML headers (e.g. h1 for sect1). The Docbook stylesheets will use these to also + generate the Table of Contents for each doc. Our TOC's are set to a + depth of three. Meaning sect1, sect2, and sect3 will have TOC + entries, but sect4 will not. Each section + requires a <title> element, and at least + one <para>. There is a limit of five + section levels in Docbook, but generally three should be sufficient for + our purposes.
+ +Some common elements that you likely will use:
+ +<para></para>, + paragraph delimiter. Most text needs to be within paragraph + elements (there are some exceptions). | +
<emphasis></emphasis>, + the stylesheets make this italics. | +
<filename></filename>, + files and directories. | +
<command></command>, + command examples. | +
<literallayout></literallayout>, + like <pre>, more or less. | +
<itemizedlist></itemizedlist>, + list with bullets. | +
<listitem></listitem>, + member of the above. | +
<screen></screen>, + screen output, implies <literallayout>. | +
<ulink + url="example.com"></ulink>, like HTML <a> tag. | +
<quote></quote>, for, + doh, quoting text. | +
Look at any of the existing docs for examples of all these and + more.
+ +You might also find "Writing Documentation Using DocBook - A Crash Course" + useful.
+3.2. Privoxy Documentation Style
+ +It will be easier if everyone follows a similar writing style. This + just makes it easier to read what someone else has written if it is all + done in a similar fashion.
+ +Here it is:
+ +-
+
-
+
All tags should be lower case.
+
+
+ -
+
Tags delimiting a block of text (even small blocks) + should be on their own line. Like:
+ +<para>
Tags marking + individual words, or few words, should be in-line: + +
+ Some text goes here.
+ </para>
++ Just to <emphasis>emphasize</emphasis>, some text goes here.
+
+ +
+
+ -
+
Tags should be nested and step indented for block text like: + (except in-line tags)
+ +<para>
This makes it easier + to find the text amongst the tags ;-) +
+ <itemizedlist>
+ <para>
+ <listitem>
+ Some text goes here in our list example.
+ + </listitem>
+ </para>
+ </itemizedlist>
+ </para>
+
+
+ -
+
Use white space to separate logical divisions within a document, + like between sections. Running everything together consistently + makes it harder to read and work on.
+
+
+ -
+
Do not hesitate to make comments. Comments can either use the + <comment> element, or the <!-- --> style comment + familiar from HTML. (Note in Docbook v4.x <comment> is + replaced by <remark>.)
+
+
+ -
+
We have an international audience. Refrain from slang, or + English idiosyncrasies (too many to list :). Humor also does not + translate well sometimes.
+
+
+ -
+
Try to keep overall line lengths in source files to 80 + characters or less for obvious reasons. This is not always + possible, with lengthy URLs for instance.
+
+
+ -
+
Our documents are available in differing formats. Right now, + they are just plain text, HTML, and PDF, but others are always a + future possibility. Be careful with URLs (<ulink>), and avoid + this mistake:
+ +My favorite site is <ulink + url="http://example.com">here</ulink>.
+ +This will render as "My favorite site is + here", which is not real helpful in a text doc. Better like + this:
+ +My favorite site is <ulink + url="http://example.com">example.com</ulink>.
+
+
+ -
+
All documents should be spell checked occasionally. aspell can check SGML with the -H option. (ispell + I think too.)
+
+
3.3. Privoxy Custom + Entities
+ +Privoxy documentation is using a + number of customized "entities" to + facilitate documentation maintenance.
+ +We are using a set of "boilerplate" files + with generic text, that is used by multiple docs. This way we can write + something once, and use it repeatedly without having to re-write the + same content over and over again. If editing such a file, keep in mind + that it should be generic. + That is the purpose; so it can be used in varying contexts without + additional modifications.
+ +We are also using what Docbook + calls "internal entities". These are like + variables in programming. Well, sort of. For instance, we have the + p-version entity that contains the current + Privoxy version string. You are + strongly encouraged to use these where possible. Some of these + obviously require re-setting with each release (done by the Makefile). + A sampling of custom entities are listed below. See any of the main + docs for examples.
+ +-
+
-
+
Re- "boilerplate" text entities are + defined like:
+ +<!entity supported SYSTEM + "supported.sgml">
+ +In this example, the contents of the file, supported.sgml is available for inclusion anywhere + in the doc. To make this happen, just reference the now defined + entity: &supported; (starts with an + ampersand and ends with a semi-colon), and the contents will be + dumped into the finished doc at that point.
+
+
+ -
+
Commonly used "internal + entities":
+ ++ +
++ + +p-version: the + Privoxy version string, e.g. + "3.0.19". ++ + +p-status: the + project status, either "alpha", + "beta", or "stable". ++ + +p-not-stable: + use to conditionally include text in "not + stable" releases (e.g. "beta"). ++ + +p-stable: just + the opposite. ++ + +p-text: this + doc is only generated as text. +
+
There are others in various places that are defined for a specific + purpose. Read the source!
+Privoxy Developer Manual
-
- Copyright Š 2001-2009 by
- Privoxy Developers
-
-
$Id: index.html,v 1.42 2009/03/21 12:59:32 fabiankeil Exp $
The developer manual provides guidance on coding, testing, packaging, documentation - and other issues of importance to those involved with - Privoxy development. It is mandatory (and helpful!) reading - for anyone who wants to join the team. Note that it's currently out of date - and may not be entirely correct. As always, patches are welcome.
Please note that this document is constantly evolving. This copy represents - the state at the release of version 3.0.12. - You can find the latest version of the this manual at http://www.privoxy.org/developer-manual/. - Please see the Contact section - on how to contact the developers.
- Table of Contents
- 1. Introduction
- 2. The CVS Repository
- 2.1. Access to CVS
- 2.2. Branches
- 2.3. CVS Commit Guidelines
- 3. Documentation Guidelines
- 4. Coding Guidelines
- 4.1. Introduction
- 4.2. Using Comments
- 4.3. Naming Conventions
- 4.3.1. Variable Names
- 4.3.2. Function Names
- 4.3.3. Header file prototypes
- 4.3.4. Enumerations, and #defines
- 4.3.5. Constants
- 4.4. Using Space
- 4.4.1. Put braces on a line by themselves.
- 4.4.2. ALL control statements should have a - block
- 4.4.3. Do not belabor/blow-up boolean - expressions
- 4.4.4. Use white space freely because it is - free
- 4.4.5. Don't use white space around structure - operators
- 4.4.6. Make the last brace of a function stand - out
- 4.4.7. Use 3 character indentions
- 4.5. Initializing
- 4.5.1. Initialize all variables
- 4.6. Functions
- 4.6.1. Name functions that return a boolean as a - question.
- 4.6.2. Always specify a return type for a - function.
- 4.6.3. Minimize function calls when iterating by - using variables
- 4.6.4. Pass and Return by Const Reference
- 4.6.5. Pass and Return by Value
- 4.6.6. Names of include files
- 4.6.7. Provide multiple inclusion - protection
- 4.6.8. Use `extern "C"` when appropriate
- 4.6.9. Where Possible, Use Forward Struct - Declaration Instead of Includes
- 4.7. General Coding Practices
- 4.7.1. Turn on warnings
- 4.7.2. Provide a default case for all switch - statements
- 4.7.3. Try to avoid falling through cases in a - switch statement.
- 4.7.4. Use 'long' or 'short' Instead of - 'int'
- 4.7.5. Don't mix size_t and other types
- 4.7.6. Declare each variable and struct on its - own line.
- 4.7.7. Use malloc/zalloc sparingly
- 4.7.8. The Programmer Who Uses 'malloc' is - Responsible for Ensuring 'free'
- 4.7.9. Add loaders to the `file_list' structure - and in order
- 4.7.10. "Uncertain" new code and/or changes to - existing code, use FIXME or XXX
- 4.8. Addendum: Template for files and function - comment blocks:
- 5. Testing Guidelines
- 5.1. Testplan for releases
- 5.2. Test reports
- 6. Releasing a New Version
- 6.1. Version numbers
- 6.2. Before the Release: Freeze
- 6.3. Building and Releasing the Packages
- 6.3.1. Note on Privoxy Packaging
- 6.3.2. Source Tarball
- 6.3.3. SuSE, Conectiva or Red Hat RPM
- 6.3.4. OS/2
- 6.3.5. Solaris
- 6.3.6. Windows
- 6.3.7. Debian
- 6.3.8. Mac OS X
- 6.3.9. FreeBSD
- 6.3.10. HP-UX 11
- 6.3.11. Amiga OS
- 6.3.12. AIX
- 6.4. Uploading and Releasing Your Package
- 6.5. After the Release
- 7. Update the Webserver
- 8. Contacting the developers, Bug Reporting and Feature Requests
- 8.1. Get Support
- 8.2. Reporting Problems
- 8.3. Request New Features
- 8.4. Other
- 9. Privoxy Copyright, License and History
- 10. See also
Next | ||
Introduction |
Privoxy Developer + Manual
+ +Copyright ©
+ 2001-2009 by Privoxy
+ Developers
$Id: developer-manual.sgml,v 2.37 2011/11/13
+ 17:03:54 fabiankeil Exp $
The developer manual provides guidance on coding, testing, + packaging, documentation and other issues of importance to those + involved with Privoxy development. + It is mandatory (and helpful!) reading for anyone who wants to join + the team. Note that it's currently out of date and may not be + entirely correct. As always, patches are welcome.
+ +Please note that this document is constantly evolving. This copy + represents the state at the release of version 3.0.19. You can find + the latest version of the this manual at http://www.privoxy.org/developer-manual/. Please see + the Contact section on how to contact the + developers.
++
-
+
- Table of Contents + +
- 1. Introduction + +
-
+
-
+
- 1.1. Quickstart to + Privoxy Development +
+
+ - 2. The CVS Repository + +
-
+
-
+
- 2.1. Access to CVS + +
- 2.2. Branches + +
- 2.3. CVS Commit + Guidelines +
+
+ - 3. Documentation Guidelines + +
-
+
-
+
- 3.1. Quickstart to Docbook + and SGML + +
- 3.2. Privoxy Documentation Style + +
- 3.3. Privoxy Custom + Entities +
+
+ - 4. Coding Guidelines + +
-
+
-
+
- 4.1. Introduction + +
- 4.2. Using Comments + +
-
+
-
+
- 4.2.1. Comment, Comment, + Comment + +
- 4.2.2. Use blocks for + comments + +
- 4.2.3. Keep Comments on their + own line + +
- 4.2.4. Comment each logical + step + +
- 4.2.5. Comment All Functions + Thoroughly + +
- 4.2.6. Comment at the end of + braces if the content is more than one screen length +
+
+ - 4.3. Naming Conventions + +
-
+
-
+
- 4.3.1. Variable Names + +
- 4.3.2. Function Names + +
- 4.3.3. Header file + prototypes + +
- 4.3.4. Enumerations, and + #defines + +
- 4.3.5. Constants +
+
+ - 4.4. Using Space + +
-
+
-
+
- 4.4.1. Put braces on a line by + themselves. + +
- 4.4.2. ALL control statements + should have a block + +
- 4.4.3. Do not belabor/blow-up + boolean expressions + +
- 4.4.4. Use white space freely + because it is free + +
- 4.4.5. Don't use white space + around structure operators + +
- 4.4.6. Make the last brace of a + function stand out + +
- 4.4.7. Use 3 character + indentions +
+
+ - 4.5. Initializing + +
-
+
-
+
- 4.5.1. Initialize all + variables +
+
+ - 4.6. Functions + +
-
+
-
+
- 4.6.1. Name functions that + return a boolean as a question. + +
- 4.6.2. Always specify a return + type for a function. + +
- 4.6.3. Minimize function calls + when iterating by using variables + +
- 4.6.4. Pass and Return by Const + Reference + +
- 4.6.5. Pass and Return by + Value + +
- 4.6.6. Names of include + files + +
- 4.6.7. Provide multiple + inclusion protection + +
- 4.6.8. Use `extern "C"` when + appropriate + +
- 4.6.9. Where Possible, Use + Forward Struct Declaration Instead of Includes +
+
+ - 4.7. General Coding + Practices + +
-
+
-
+
- 4.7.1. Turn on + warnings + +
- 4.7.2. Provide a default case + for all switch statements + +
- 4.7.3. Try to avoid falling + through cases in a switch statement. + +
- 4.7.4. Use 'long' or 'short' + Instead of 'int' + +
- 4.7.5. Don't mix size_t and + other types + +
- 4.7.6. Declare each variable + and struct on its own line. + +
- 4.7.7. Use malloc/zalloc + sparingly + +
- 4.7.8. The Programmer Who Uses + 'malloc' is Responsible for Ensuring 'free' + +
- 4.7.9. Add loaders to the + `file_list' structure and in order + +
- 4.7.10. "Uncertain" new code + and/or changes to existing code, use FIXME or XXX +
+
+ - 4.8. Addendum: Template for files + and function comment blocks: +
+
+ - 5. Testing Guidelines + +
-
+
-
+
- 5.1. Testplan for + releases + +
- 5.2. Test + reports +
+
+ - 6. Releasing a New Version + +
-
+
-
+
- 6.1. Version + numbers + +
- 6.2. Before the + Release: Freeze + +
- 6.3. Building and + Releasing the Packages + +
-
+
-
+
- 6.3.1. Note on + Privoxy Packaging + +
- 6.3.2. Source Tarball + +
- 6.3.3. SuSE, + Conectiva or Red Hat RPM + +
- 6.3.4. OS/2 + +
- 6.3.5. Solaris + +
- 6.3.6. Windows + +
- 6.3.7. Debian + +
- 6.3.8. Mac OS + X + +
- 6.3.9. FreeBSD + +
- 6.3.10. HP-UX + 11 + +
- 6.3.11. Amiga + OS + +
- 6.3.12. AIX +
+
+ - 6.4. Uploading and + Releasing Your Package + +
- 6.5. After the + Release +
+
+ - 7. Update the Webserver + +
- 8. Contacting the developers, Bug + Reporting and Feature Requests + +
-
+
-
+
- 8.1. Get + Support + +
- 8.2. Reporting + Problems + +
-
+
-
+
- 8.2.1. Reporting Ads + or Other Configuration Problems + +
- 8.2.2. Reporting + Bugs +
+
+ - 8.3. Request New + Features + +
- 8.4. Mailing + Lists +
+
+ - 9. Privoxy Copyright, License and + History + +
- + + + +
- 10. See also +
+ +
+ + | + + | Next | +
+ + | + + | Introduction | +
1. Introduction
Privoxy, as an heir to - Junkbuster, is a Free Software project - and the code is licensed under the GNU General Public License version 2. - As such, Privoxy development is potentially open - to anyone who has the time, knowledge, and desire to contribute - in any capacity. Our goals are simply to continue the mission, - to improve Privoxy, and - to make it available to as wide an audience as possible. -
One does not have to be a programmer to contribute. Packaging, testing, - documenting and porting, are all important jobs as well. -
1.1. Quickstart to Privoxy Development
The first step is to join the developer's mailing list. - You can submit your ideas, or even better patches. Patches are best - submitted to the Sourceforge tracker set up for this purpose, but - can be sent to the list for review too. -
You will also need to have a cvs package installed, which will - entail having ssh installed as well (which seems to be a requirement of - SourceForge), in order to access the cvs repository. Having the GNU build - tools is also going to be important (particularly, autoconf and gmake). -
For the time being (read, this section is under construction), you can - also refer to the extensive comments in the source code. In fact, - reading the code is recommended in any case. -
1. + Introduction
+ +Privoxy, as an heir to Junkbuster, is a Free Software project and the code + is licensed under the GNU General Public License version 2. As such, + Privoxy development is potentially open + to anyone who has the time, knowledge, and desire to contribute in any + capacity. Our goals are simply to continue the mission, to improve + Privoxy, and to make it available to as + wide an audience as possible.
+ +One does not have to be a programmer to contribute. Packaging, + testing, documenting and porting, are all important jobs as well.
+ +1.1. Quickstart + to Privoxy Development
+ +The first step is to join the developer's mailing list. You can submit your ideas, or even + better patches. Patches are best submitted to the Sourceforge tracker + set up for this purpose, but can be sent to the list for review + too.
+ +You will also need to have a cvs package installed, which will + entail having ssh installed as well (which seems to be a requirement of + SourceForge), in order to access the cvs repository. Having the GNU + build tools is also going to be important (particularly, autoconf and + gmake).
+ +For the time being (read, this section is under construction), you + can also refer to the extensive comments in the source code. In fact, + reading the code is recommended in any case.
++ +
Prev | + +Home | + +Next | +
Privoxy Developer + Manual | + ++ + | The CVS Repository | +
6. Releasing a New Version
When we release versions of Privoxy, - our work leaves our cozy secret lab and has to work in the cold - RealWorld[tm]. Once it is released, there is no way to call it - back, so it is very important that great care is taken to ensure - that everything runs fine, and not to introduce problems in the - very last minute. -
So when releasing a new version, please adhere exactly to the - procedure outlined in this chapter. -
The following programs are required to follow this process: - ncftpput (ncftp), scp, ssh (ssh), - gmake (GNU's version of make), autoconf, cvs. -
6.1. Version numbers
First you need to determine which version number the release will have. - Privoxy version numbers consist of three numbers, - separated by dots, like in X.Y.Z (e.g. 3.0.0), where: -
X, the version major, is rarely ever changed. It is increased by one if - turning a development branch into stable substantially changes the functionality, - user interface or configuration syntax. Majors 1 and 2 were - Junkbuster, and 3 will be the first stable - Privoxy release. -
Y, the version minor, represents the branch within the major version. - At any point in time, there are two branches being maintained: - The stable branch, with an even minor, say, 2N, in which no functionality is - being added and only bug-fixes are made, and 2N+1, the development branch, in - which the further development of Privoxy takes - place. - This enables us to turn the code upside down and inside out, while at the same time - providing and maintaining a stable version. - The minor is reset to zero (and one) when the major is incremented. When a development - branch has matured to the point where it can be turned into stable, the old stable branch - 2N is given up (i.e. no longer maintained), the former development branch 2N+1 becomes the - new stable branch 2N+2, and a new development branch 2N+3 is opened. -
Z, the point or sub version, represents a release of the software within a branch. - It is therefore incremented immediately before each code freeze. - In development branches, only the even point versions correspond to actual releases, - while the odd ones denote the evolving state of the sources on CVS in between. - It follows that Z is odd on CVS in development branches most of the time. There, it gets - increased to an even number immediately before a code freeze, and is increased to an odd - number again immediately thereafter. - This ensures that builds from CVS snapshots are easily distinguished from released versions. - The point version is reset to zero when the minor changes. -
Stable branches work a little differently, since there should be - little to no development happening in such branches. Remember, - only bugfixes, which presumably should have had some testing - before being committed. Stable branches will then have their - version reported as 0.0.0, during that period - between releases when changes are being added. This is to denote - that this code is not for release. Then - as the release nears, the version is bumped according: e.g. - 3.0.1 -> 0.0.0 -> 3.0.2. -
In summary, the main CVS trunk is the development branch where new - features are being worked on for the next stable series. This should - almost always be where the most activity takes place. There is always at - least one stable branch from the trunk, e.g now it is - 3.0, which is only used to release stable versions. - Once the initial *.0 release of the stable branch has been done, then as a - rule, only bugfixes that have had prior testing should be committed to - the stable branch. Once there are enough bugfixes to justify a new - release, the version of this branch is again incremented Example: 3.0.0 - -> 3.0.1 -> 3.0.2, etc are all stable releases from within the stable - branch. 3.1.x is currently the main trunk, and where work on 3.2.x is - taking place. If any questions, please post to the devel list - before committing to a stable branch! -
Developers should remember too that if they commit a bugfix to the stable - branch, this will more than likely require a separate submission to the - main trunk, since these are separate development trees within CVS. If you - are working on both, then this would require at least two separate check - outs (i.e main trunk, and the stable release branch, - which is v_3_0_branch at the moment). -
6.2. Before the Release: Freeze
The following must be done by one of the - developers prior to each new release. -
Make sure that everybody who has worked on the code in the last - couple of days has had a chance to yell "no!" in case - they have pending changes/fixes in their pipelines. Announce the - freeze so that nobody will interfere with last minute changes. -
Increment the version number (point from odd to even in development - branches!) in configure.in. (RPM spec files - will need to be incremented as well.) -
If default.action has changed since last - release (i.e. software release or standalone actions file release), - bump up its version info to A.B in this line: -
-
-{+add-header{X-Actions-File-Version: A.B} -filter -no-popups}
- Then change the version info in doc/webserver/actions/index.php, - line: '$required_actions_file_version = "A.B";' -
All documentation should be rebuild after the version bump. - Finished docs should be then be committed to CVS (for those - without the ability to build these). Some docs may require - rather obscure processing tools. config, - the man page (and the html version of the man page), and the PDF docs - fall in this category. REAMDE, the man page, AUTHORS, and config - should all also be committed to CVS for other packagers. The - formal docs should be uploaded to the webserver. See the - Section "Updating the webserver" in this manual for details. -
The User Manual is also used for context - sensitive help for the CGI editor. This is version sensitive, so that - the user will get appropriate help for his/her release. So with - each release a fresh version should be uploaded to the webserver - (this is in addition to the main User Manual - link from the main page since we need to keep manuals for various - versions available). The CGI pages will link to something like - http://privoxy.org/$(VERSION)/user-manual/. This - will need to be updated for each new release. There is no Makefile - target for this at this time!!! It needs to be done manually. -
All developers should look at the ChangeLog and - make sure noteworthy changes are referenced. -
Commit all files that were changed in the above steps! -
Tag all files in CVS with the version number with - "cvs tag v_X_Y_Z". - Don't use vX_Y_Z, ver_X_Y_Z, v_X.Y.Z (won't work) etc. -
If the release was in a development branch, increase the point version - from even to odd (X.Y.(Z+1)) again in configure.in and - commit your change. -
On the webserver, copy the user manual to a new top-level directory - called X.Y.Z. This ensures that help links from the CGI - pages, which have the version as a prefix, will go into the right version of the manual. - If this is a development branch release, also symlink X.Y.(Z-1) - to X.Y.Z and X.Y.(Z+1) to - . (i.e. dot). -
6.3. Building and Releasing the Packages
Now the individual packages can be built and released. Note that for - GPL reasons the first package to be released is always the source tarball. -
For all types of packages, including the source tarball, - you must make sure that you build from clean sources by exporting - the right version from CVS into an empty directory (just press return when - asked for a password): -
mkdir dist # delete or choose different name if it already exists + + + + + + ++ |
+
Do NOT change a single + bit, including, but not limited to version information after export + from CVS. This is to make sure that all release packages, and with + them, all future bug reports, are based on exactly the same code.
+ +Warning | +
+ Every significant release of Privoxy has included at least + one package that either had incorrect versions of files, + missing files, or incidental leftovers from a previous build + process that gave unknown numbers of users headaches to try to + figure out what was wrong. PLEASE, make sure you are using + pristene sources, and are following the prescribed process! + |
+
Please find additional instructions for the source tarball and the + individual platform dependent binary packages below. And details on the + Sourceforge release process below that.
+ +6.3.1. Note on Privoxy Packaging
+ +Please keep these general guidelines in mind when putting together + your package. These apply to all platforms!
+ +-
+
-
+
Privoxy requires write access to: all + *.action files, all logfiles, and the + trust file. You will need to determine + the best way to do this for your platform.
+
+
+ -
+
Please include up to date documentation. At a bare + minimum:
+ ++ +
+ ++ + +LICENSE (top-level + directory) ++ +
+ ++ + +README (top-level + directory) ++ +
+ ++ + +AUTHORS (top-level + directory) ++ +
+ ++ + +man page (top-level + directory, Unix-like platforms only) ++ +
+ ++ + +The User Manual + (doc/webserver/user-manual/) ++ +
+ ++ + +FAQ (doc/webserver/faq/) +Also suggested: Developer Manual + (doc/webserver/developer-manual) and ChangeLog (top-level directory). FAQ and the manuals are HTML docs. There are also + text versions in doc/text/ which could + conceivably also be included.
+ +The documentation has been designed such that the manuals are + linked to each other from parallel directories, and should be + packaged that way. privoxy-index.html + can also be included and can serve as a focal point for docs and + other links of interest (and possibly renamed to index.html). This should be one level up from the + manuals. There is a link also on this page to an HTMLized version + of the man page. To avoid 404 for this, it is in CVS as + doc/webserver/man-page/privoxy-man-page.html, + and should be included along with the manuals. There is also a + css stylesheets that can be included for better presentation: + p_doc.css. This should be in the same + directory with privoxy-index.html, + (i.e. one level up from the manual directories).
+
+
+ -
+
user.action and user.filter are designed for local preferences. + Make sure these do not get overwritten! config should not be overwritten either. This has + especially important configuration data in it. trust should be left in tact as well.
+
+
+ -
+
Other configuration files (default.action and default.filter) should be installed as the new + defaults, but all previously installed configuration files should + be preserved as backups. This is just good manners :-) These + files are likely to change between releases and contain important + new features and bug fixes.
+
+
+ -
+
Please check platform specific notes in this doc, if you + haven't done "Privoxy" packaging + before for other platform specific issues. Conversely, please add + any notes that you know are important for your platform (or + contact one of the doc maintainers to do this if you can't).
+
+
+ -
+
Packagers should do a "clean" + install of their package after building it. So any previous + installs should be removed first to ensure the integrity of the + newly built package. Then run the package for a while to make + sure there are no obvious problems, before uploading.
+
+
6.3.2. Source Tarball
+ +First, make sure that you have + freshly exported the right version into an empty directory. + (See "Building and releasing packages" above). Then run:
+ +
+ + cd current + autoheader && autoconf && ./configure ++ |
+
Then do:
+ +
+ + make tarball-dist ++ |
+
To upload the package to Sourceforge, simply issue
+ +
+ + make tarball-upload ++ |
+
Go to the displayed URL and release the file publicly on + Sourceforge. For the change log field, use the relevant section of + the ChangeLog file.
+6.3.3. + SuSE, Conectiva or Red Hat RPM
+ +In following text, replace dist + with either "rh" for Red Hat or + "suse" for SuSE.
+ +First, make sure that you have + freshly exported the right version into an empty directory. + (See "Building and releasing packages" above).
+ +As the only exception to not changing anything after export from + CVS, now examine the file privoxy-dist.spec + and make sure that the version information and the RPM release number + are correct. The RPM release numbers for each version start at one. + Hence it must be reset to one if this is the first RPM for dist which is built from version X.Y.Z. Check + the file list if unsure. Else, it must be set to the highest + already available RPM release number for that version plus one.
+ +Then run:
+ +
+ + cd current + autoheader && autoconf && ./configure ++ |
+
Then do
+ +
+ + make dist-dist ++ |
+
To upload the package to Sourceforge, simply issue
+ +
+ + make dist-upload rpm_packagerev ++ |
+
where rpm_packagerev is the RPM + release number as determined above. Go to the displayed URL and + release the file publicly on Sourceforge. Use the release notes and + change log from the source tarball package.
+6.3.4. + OS/2
+ +First, make sure that you have + freshly exported the right version into an empty directory. + (See "Building and releasing packages" above). Then get the OS/2 + Setup module:
+ +
+ + cvs -z3 -d:pserver:anonymous@ijbswa.cvs.sourceforge.net:/cvsroot/ijbswa co os2setup ++ |
+
You will need a mix of development tools. The main compilation + takes place with IBM Visual Age C++. Some ancillary work takes place + with GNU tools, available from various sources like hobbes.nmsu.edu. + Specificially, you will need autoheader, + autoconf and sh + tools. The packaging takes place with WarpIN, available from various + sources, including its home page: xworkplace.
+ +Change directory to the os2setup + directory. Edit the os2build.cmd file to set the final executable + filename. For example,
+ +
+ + installExeName='privoxyos2_setup_X.Y.Z.exe' ++ |
+
Next, edit the IJB.wis file so the + release number matches in the PACKAGEID + section:
+ +
+ + PACKAGEID="Privoxy Team\Privoxy\Privoxy Package\X\Y\Z" ++ |
+
You're now ready to build. Run:
+ +
+ + os2build ++ |
+
You will find the WarpIN-installable executable in the ./files directory. Upload this anonymously to + uploads.sourceforge.net/incoming, create a + release for it, and you're done. Use the release notes and Change Log + from the source tarball package.
+6.3.5. Solaris
+ +Login to Sourceforge's compilefarm via ssh:
+ +
+ + ssh cf.sourceforge.net ++ |
+
Choose the right operating system (not the Debian one). When + logged in, make sure that you have + freshly exported the right version into an empty directory. + (See "Building and releasing packages" above). Then run:
+ +
+ + cd current + autoheader && autoconf && ./configure ++ |
+
Then run
+ +
+ + gmake solaris-dist ++ |
+
which creates a gzip'ed tar archive. Sadly, you cannot use + make solaris-upload on the Sourceforge machine + (no ncftpput). You now have to manually upload the archive to + Sourceforge's ftp server and release the file publicly. Use the + release notes and Change Log from the source tarball package.
+6.3.6. Windows
+ +You should ensure you have the latest version of Cygwin (from + http://www.cygwin.com/). Run the following commands from + within a Cygwin bash shell.
+ +First, make sure that you have + freshly exported the right version into an empty directory. + (See "Building and releasing packages" above). Then get the Windows + setup module:
+ +
+ + cvs -z3 -d:pserver:anonymous@ijbswa.cvs.sourceforge.net:/cvsroot/ijbswa co winsetup ++ |
+
Then you can build the package. This is fully automated, and is + controlled by winsetup/GNUmakefile. All you + need to do is:
+ +
+ + cd winsetup + make ++ |
+
Now you can manually rename privoxy_setup.exe to privoxy_setup_X_Y_Z.exe, and upload it to + SourceForge. When releasing the package on SourceForge, use the + release notes and Change Log from the source tarball package.
+6.3.7. Debian
+ +First, make sure that you have + freshly exported the right version into an empty directory. + (See "Building and releasing packages" above). Then add a log entry + to debian/changelog, if it is not already + there, for example by running:
+ +
+ + debchange -v 3.0.19-stable-1 "New upstream version" ++ |
+
Then, run:
+ +
+ + dpkg-buildpackage -rfakeroot -us -uc -b ++ |
+
This will create ../privoxy_3.0.19-stable-1_i386.deb which can be + uploaded. To upload the package to Sourceforge, simply issue
+ +
+ + make debian-upload ++ |
+
6.3.8. Mac OS X
+ +First, make sure that you have + freshly exported the right version into an empty directory. + (See "Building and releasing packages" above). Then get the Mac OS X + setup module:
+ +
+ + cvs -z3 -d:pserver:anonymous@ijbswa.cvs.sourceforge.net:/cvsroot/ijbswa co osxsetup ++ |
+
Then run:
+ +
+ + cd osxsetup + build ++ |
+
This will run autoheader, autoconf and configure as + well as make. Finally, it will copy over + the necessary files to the ./osxsetup/files directory for further + processing by PackageMaker.
+ +Bring up PackageMaker with the PrivoxyPackage.pmsp definition + file, modify the package name to match the release, and hit the + "Create package" button. If you specify ./Privoxy.pkg as the output + package name, you can then create the distributable zip file with the + command:
+ +
+ + zip -r privoxyosx_setup_x.y.z.zip Privoxy.pkg ++ |
+
You can then upload privoxyosx_setup_x.y.z.zip anonymously to uploads.sourceforge.net/incoming, create a release + for it, and you're done. Use the release notes and Change Log from + the source tarball package.
+6.3.9. FreeBSD
+ +Login to Sourceforge's compile-farm via ssh:
+ +
+ + ssh cf.sourceforge.net ++ |
+
Choose the right operating system. When logged in, make sure that you have freshly exported the + right version into an empty directory. (See "Building and + releasing packages" above). Then run:
+ +
+ + cd current + autoheader && autoconf && ./configure ++ |
+
Then run:
+ +
+ + gmake freebsd-dist ++ |
+
which creates a gzip'ed tar archive. Sadly, you cannot use + make freebsd-upload on the Sourceforge machine + (no ncftpput). You now have to manually upload the archive to + Sourceforge's ftp server and release the file publicly. Use the + release notes and Change Log from the source tarball package.
+6.3.10. HP-UX 11
+ +First, make sure that you have + freshly exported the right version into an empty directory. + (See "Building and releasing packages" above). Then run:
+ +
+ + cd current + autoheader && autoconf && ./configure ++ |
+
Then do FIXME.
+6.3.11. Amiga OS
+ +First, make sure that you have + freshly exported the right version into an empty directory. + (See "Building and releasing packages" above). Then run:
+ +
+ + cd current + autoheader && autoconf && ./configure ++ |
+
Then do FIXME.
+6.3.12. AIX
+ +Login to Sourceforge's compilefarm via ssh:
+ +
+ + ssh cf.sourceforge.net ++ |
+
Choose the right operating system. When logged in, make sure that you have freshly exported the + right version into an empty directory. (See "Building and + releasing packages" above). Then run:
+ +
+ + cd current + autoheader && autoconf && ./configure ++ |
+
Then run:
+ +
+ + make aix-dist ++ |
+
which creates a gzip'ed tar archive. Sadly, you cannot use + make aix-upload on the Sourceforge machine (no + ncftpput). You now have to manually upload the archive to + Sourceforge's ftp server and release the file publicly. Use the + release notes and Change Log from the source tarball package.
+6.4. Uploading and + Releasing Your Package
+ +After the package is ready, it is time to upload it to SourceForge, + and go through the release steps. The upload is done via FTP:
+ +-
+
-
+
Upload to: ftp://upload.sourceforge.net/incoming
+
+
+ -
+
user: anonymous
+
+
+ -
+
password: ijbswa-developers@lists.sourceforge.net
+
+
Or use the make targets as described + above.
+ +Once this done go to https://sourceforge.net/project/admin/editpackages.php?group_id=11118, + making sure you are logged in. Find your target platform in the second + column, and click Add Release. You will then + need to create a new release for your package, using the format of + $VERSION ($CODE_STATUS), e.g. 3.0.19 (beta).
+ +Now just follow the prompts. Be sure to add any appropriate Release + notes. You should see your freshly uploaded packages in "Step 2. Add Files To This Release". Check the + appropriate box(es). Remember at each step to hit the "Refresh/Submit" buttons! You should now see your + file(s) listed in Step 3. Fill out the forms with the appropriate + information for your platform, being sure to hit "Update" for each file. If anyone is monitoring your + platform, check the "email" box at the very + bottom to notify them of the new package. This should do it!
+ +If you have made errors, or need to make changes, you can go through + essentially the same steps, but select Edit + Release, instead of Add Release.
+6.5. After + the Release
+ +When all (or: most of the) packages have been uploaded and made + available, send an email to the announce + mailing list, Subject: "Version X.Y.Z available for download". Be + sure to include the download location, the release notes and the Changelog. + Also, post an updated News item on the project page Sourceforge, and + update the Home page and docs linked from the Home page (see below). + Other news sites and release oriented sites, such as Freshmeat, should + also be notified.
+3. Quickstart to Privoxy Development
You'll need an account on Sourceforge to support our - development. Mail your ID to the list and wait until a - project manager has added you. -
For the time being (read, this section is under construction), please - refer to the extensive comments in the source code. -
Privoxy Developer Manual | ||
---|---|---|
Prev |
10. See also
Other references and sites of interest to Privoxy - users:
http://www.privoxy.org/, - the Privoxy Home page. - |
http://www.privoxy.org/faq/, - the Privoxy FAQ. - |
http://www.privoxy.org/developer-manual/, - the Privoxy developer manual. - |
https://sourceforge.net/projects/ijbswa/, - the Project Page for Privoxy on - SourceForge. - |
http://config.privoxy.org/, - the web-based user interface. Privoxy must be - running for this to work. Shortcut: http://p.p/ - |
https://sourceforge.net/tracker/?group_id=11118&atid=460288, to submit "misses" and other - configuration related suggestions to the developers. - |
http://www.junkbusters.com/ht/en/cookies.html, - an explanation how cookies are used to track web users. - |
http://www.junkbusters.com/ijb.html, - the original Internet Junkbuster. - |
http://www.squid-cache.org/, a popular - caching proxy, which is often used together with Privoxy. - |
http://www.pps.jussieu.fr/~jch/software/polipo/, - Polipo is a caching proxy with advanced features - like pipelining, multiplexing and caching of partial instances. In many setups - it can be used as Squid replacement. - |
https://www.torproject.org/, - Tor can help anonymize web browsing, - web publishing, instant messaging, IRC, SSH, and other applications. - |
Privoxy Developer Manual | +||
---|---|---|
Prev | + ++ + | + |
+
10. See also
+ +Other references and sites of interest to Privoxy users:
+ +http://www.privoxy.org/, the Privoxy Home page. | +
http://www.privoxy.org/faq/, the Privoxy FAQ. | +
http://www.privoxy.org/developer-manual/, the + Privoxy developer manual. | +
https://sourceforge.net/projects/ijbswa/, the Project + Page for Privoxy on SourceForge. | +
http://config.privoxy.org/, the web-based user + interface. Privoxy must be running + for this to work. Shortcut: http://p.p/ | +
https://sourceforge.net/tracker/?group_id=11118&atid=460288, + to submit "misses" and other + configuration related suggestions to the developers. | +
http://www.junkbusters.com/ht/en/cookies.html, an + explanation how cookies are used to track web users. | +
http://www.junkbusters.com/ijb.html, the original + Internet Junkbuster. | +
http://www.squid-cache.org/, a popular caching proxy, + which is often used together with Privoxy. | +
http://www.pps.jussieu.fr/~jch/software/polipo/, + Polipo is a caching proxy with + advanced features like pipelining, multiplexing and caching of + partial instances. In many setups it can be used as Squid replacement. | +
https://www.torproject.org/, Tor can help anonymize web browsing, web + publishing, instant messaging, IRC, SSH, and other + applications. | +
5. Testing Guidelines
To be filled.
5.1. Testplan for releases
Explain release numbers. major, minor. developer releases. etc. + -
Remove any existing rpm with rpm -e
Remove any file that was left over. This includes (but is not limited to) -
/var/log/privoxy
/etc/privoxy
/usr/sbin/privoxy
/etc/init.d/privoxy
/usr/doc/privoxy*
Install the rpm. Any error messages?
start,stop,status Privoxy with the specific script - (e.g. /etc/rc.d/init/privoxy stop). Reboot your machine. Does - autostart work?
Start browsing. Does Privoxy work? Logfile written?
Remove the rpm. Any error messages? All files removed?
5.2. Test reports
Please submit test reports only with the test form -at sourceforge. Three simple steps: -
Select category: the distribution you test on.
Select group: the version of Privoxy that we are about to release.
Fill the Summary and Detailed Description with something - intelligent (keep it short and precise).
5. Testing + Guidelines
+ +To be filled.
+ +5.1. + Testplan for releases
+ +Explain release numbers. major, minor. developer releases. etc.
+ +-
+
-
+
Remove any existing rpm with rpm -e
+
+
+ -
+
Remove any file that was left over. This includes (but is not + limited to)
+ +-
+
-
+
/var/log/privoxy
+
+
+ -
+
/etc/privoxy
+
+
+ -
+
/usr/sbin/privoxy
+
+
+ -
+
/etc/init.d/privoxy
+
+
+ -
+
/usr/doc/privoxy*
+
+
+
+ -
+
-
+
Install the rpm. Any error messages?
+
+
+ -
+
start,stop,status Privoxy with + the specific script (e.g. /etc/rc.d/init/privoxy stop). Reboot your + machine. Does autostart work?
+
+
+ -
+
Start browsing. Does Privoxy + work? Logfile written?
+
+
+ -
+
Remove the rpm. Any error messages? All files removed?
+
+
5.2. + Test reports
+ +Please submit test reports only with the test form at sourceforge. Three simple steps:
+ +-
+
-
+
Select category: the distribution you test on.
+
+
+ -
+
Select group: the version of Privoxy that we are about to release.
+
+
+ -
+
Fill the Summary and Detailed Description with something + intelligent (keep it short and precise).
+
+
7. Update the Webserver
The webserver should be updated at least with each stable release. When - updating, please follow these steps to make sure that no broken links, - inconsistent contents or permission problems will occur (as it has many - times in the past!): -
If you have changed anything in the stable-branch documentation source - SGML files, do: -
make dok dok-pdf # (or 'make redhat-dok dok-pdf' if 'make dok' doesn't work for you) |
That will generate doc/webserver/user-manual, - doc/webserver/developer-manual, - doc/webserver/faq, - doc/pdf/*.pdf and - doc/webserver/index.html automatically. -
If you changed the manual page sources, generate - doc/webserver/man-page/privoxy-man-page.html - by running "make man". (This is - a separate target due to dependencies on some obscure perl scripts - [now in CVS, but not well tested]. See comments in GNUmakefile.) -
If you want to add new files to the webserver, create them locally in - the doc/webserver/* directory (or - create new directories under doc/webserver). -
Next, commit any changes from the above steps to CVS. All set? - If these are docs in the stable branch, then do: -
make webserver |
This will do the upload to the - webserver (www.privoxy.org) and ensure all files and directories - there are group writable. -
Please do NOT use any other means of transferring - files to the webserver to avoid permission problems. Also, please do not - upload docs from development branches or versions. The publicly posted - docs should be in sync with the last official release. -
7. + Update the Webserver
+ +The webserver should be updated at least with each stable release. + When updating, please follow these steps to make sure that no broken + links, inconsistent contents or permission problems will occur (as it has + many times in the past!):
+ +If you have changed anything in the stable-branch documentation source + SGML files, do:
+ +
+ + make dok dok-pdf # (or 'make redhat-dok dok-pdf' if 'make dok' doesn't work for you) ++ |
+
That will generate doc/webserver/user-manual, doc/webserver/developer-manual, doc/webserver/faq, doc/pdf/*.pdf and doc/webserver/index.html automatically.
+ +If you changed the manual page sources, generate doc/webserver/man-page/privoxy-man-page.html by running + "make man". (This is a + separate target due to dependencies on some obscure perl scripts [now in + CVS, but not well tested]. See comments in GNUmakefile.)
+ +If you want to add new files to the webserver, create them locally in + the doc/webserver/* directory (or create new + directories under doc/webserver).
+ +Next, commit any changes from the above steps to CVS. All set? If + these are docs in the stable branch, then do:
+ +
+ + make webserver ++ |
+
This will do the upload to the webserver (www.privoxy.org) and ensure all files and + directories there are group writable.
+ +Please do NOT use any other + means of transferring files to the webserver to avoid permission + problems. Also, please do not upload docs from development branches or + versions. The publicly posted docs should be in sync with the last + official release.
++ +
Prev | + +Home | + +Next | +
Releasing a New + Version | + ++ + | Contacting the developers, + Bug Reporting and Feature Requests | +
3. Configuration
3.1. What exactly is an "actions" file?
Privoxy utilizes the concept of " actions" - that are used to manipulate and control web page data. - Actions files - are where these actions - that Privoxy could take while processing a certain - request, are configured. Typically, you would define a set of default actions - that apply globally to all URLs, then add exceptions to these defaults where needed. - There is a wide array of actions available that give the user a high degree - of control and flexibility on how to process each and every web page.
Actions can be defined on a URL pattern basis, i.e. - for single URLs, whole web sites, groups or parts thereof etc. Actions can also be - grouped together and then applied to requests matching one or more patterns. - There are many possible actions that might apply to any given site. As an example, - if you are blocking cookies - as one of your default actions, but need to accept cookies from a given site, - you would need to define an exception for this site in one of your actions - files, preferably in user.action.
3.2. The "actions" concept confuses me. Please list -some of these "actions".
For a comprehensive discussion of the actions concept, please refer - to the actions file - chapter in the User - Manual. It includes a list of all actions - and an actions - file tutorial to get you started.
3.3. How are actions files configured? What is the easiest -way to do this?
Actions files are just text files in a special syntax and can be edited - with a text editor. But probably the easiest way is to access - Privoxy's user interface with your web browser - at http://config.privoxy.org/ - (Shortcut: http://p.p/) and then select - "View & - change the current configuration" from the menu. Note - that this feature must be explicitly enabled in the main config file - (see enable-edit-actions).
3.4. There are several different "actions" files. What are -the differences?
Three actions files - are being included by the developers, to be used for - different purposes: These are - default.action, the "main" actions file - which is actively maintained by the Privoxy - developers and typically sets the default policies, user.action, - where users are encouraged to make their private customizations. - Please see the actions chapter - in the User Manual for a more - detailed explanation.
Earlier versions included three different versions of the - default.action file. The new scheme allows for - greater flexibility of local configuration, and for browser based - selection of pre-defined "aggressiveness" levels.
3.5. Where can I get updated Actions Files?
Based on your feedback and the continuing development, updates of - default.action will be - made available from time to time on the files section of - our project page. -
If you wish to receive an email notification whenever we release updates of - Privoxy or the actions file, subscribe - to our announce mailing list, ijbswa-announce@lists.sourceforge.net. -
3.6. Can I use my old config files?
The syntax and purpose of configuration files has remained roughly the - same throughout the 3.x series, but backwards compatibility is not guaranteed. - Also each release contains updated, "improved" versions and it is - therefore strongly recommended to install the newer configuration files - and merge back your modifications. -
3.7. Why is the configuration so complicated?
"Complicated" is in the eye of the beholder. Those that are - familiar with some of the underlying concepts, such as regular expression - syntax, take to it like a fish takes to water. Also, software that tries - hard to be "user friendly", often lacks sophistication and - flexibility. There is always that trade-off there between power vs. - easy-of-use. Furthermore, anyone is welcome to contribute ideas and - implementations to enhance Privoxy. -
3.8. How can I make my Yahoo/Hotmail/Gmail account work?
The default configuration shouldn't impact the usability of any of these services. - It may, however, make all cookies - temporary, so that your browser will forget your - login credentials in between browser sessions. If you would like not to have to log - in manually each time you access those websites, simply turn off all cookie handling - for them in the user.action file. An example for yahoo might - look like: -
# Allow all cookies for Yahoo login: + + + + + + ++ |
+
This last "action" in this compound + statement, allow-popups, is an alias that + disables various pop-up blocking features.
+3.29. How can I + have custom template pages, like the BLOCKED page?
+ +Privoxy "templates" are specialized text files utilized by + Privoxy for various purposes and can + easily be modified using any text editor. All the template pages are + installed in a sub-directory appropriately named: templates. Knowing something about HTML syntax will of + course be helpful.
+ +Be forewarned that the default templates are subject to being + overwritten during upgrades. You can, however, create completely new + templates, place them in another directory and specify the alternate + path in the main config. For details, have a + look at the templdir option.
+3.30. How can I + remove the "Go There Anyway" link from the + BLOCKED page?
+ +There is more than one way to do it (although Perl is not + involved).
+ +Editing the BLOCKED template page (see above) may dissuade some + users, but this method is easily circumvented. Where you need this + level of control, you might want to build Privoxy from source, and disable various features + that are available as compile-time options. You should configure the sources as follows:
+ +
+ + ./configure --disable-toggle --disable-editor --disable-force ++ |
+
This will create an executable with hard-coded security features so + that Privoxy does not allow easy + bypassing of blocked sites, or changing the current configuration via + any connected user's web browser.
+ +Finally, all of these features can also be toggled on/off via + options in Privoxy's main config + file which means you don't have to recompile anything.
+6. Contacting the developers, Bug Reporting and Feature Requests
We value your feedback. In fact, we rely on it to improve - Privoxy and its configuration. - However, please note the following hints, so we can - provide you with the best support:
6.1. Get Support
For casual users, our - support forum at SourceForge - is probably best suited: - http://sourceforge.net/tracker/?group_id=11118&atid=211118
All users are of course welcome to discuss their issues on the users - mailing list, where the developers also hang around.
Please don't sent private support requests to individual Privoxy - developers, either use the mailing lists or the support trackers.
Note that the Privoxy mailing lists are moderated. Posts from unsubscribed - addresses have to be accepted manually by a moderator. This may cause a - delay of several days and if you use a subject that doesn't clearly - mention Privoxy or one of its features, your message may be accidentally - discarded as spam.
If you aren't subscribed, you should therefore spend a few seconds - to come up with a proper subject. Additionally you should make it clear - that you want to get CC'd. Otherwise some responses will be directed to - the mailing list only, and you won't see them.
6.2. Reporting Problems
"Problems" for our purposes, come in two forms:
Configuration issues, such as ads that slip through, or sites that - don't function properly due to one Privoxy - "action" or another being turned "on". -
"Bugs" in the programming code that makes up - Privoxy, such as that might cause a crash. -
6.2.1. Reporting Ads or Other Configuration Problems
Please send feedback on ads that slipped through, innocent images that were - blocked, sites that don't work properly, and other configuration related problem of - default.action file, to - http://sourceforge.net/tracker/?group_id=11118&atid=460288, - the Actions File Tracker.
New, improved default.action files may occasionally be made - available based on your feedback. These will be announced on the ijbswa-announce - list and available from our the files section of - our project page.
6.2.2. Reporting Bugs
Please report all bugs through our bug tracker: - http://sourceforge.net/tracker/?group_id=11118&atid=111118.
Before doing so, please make sure that the bug has not already been submitted - and observe the additional hints at the top of the submit - form. If already submitted, please feel free to add any info to the - original report that might help to solve the issue.
Please try to verify that it is a Privoxy bug, - and not a browser or site bug or documented behaviour that just happens - to be different than what you expected. If unsure, - try toggling - off Privoxy, and see if the problem persists.
If you are using your own custom configuration, please try - the stock configs to see if the problem is configuration related. - If you're having problems with a feature that is disabled by default, - please ask around on the mailing list if others can reproduce the problem.
If you aren't using the latest Privoxy version, the bug may have been found - and fixed in the meantime. We would appreciate if you could take the time - to upgrade - to the latest version (or even the latest CVS snapshot) and verify - that your bug still exists.
Please be sure to provide the following information:
The exact Privoxy version you are using - (if you got the source from CVS, please also provide the source code revisions - as shown in http://config.privoxy.org/show-version). -
The operating system and versions you run - Privoxy on, (e.g. Windows - XP SP2), if you are using a Unix flavor, - sending the output of "uname -a" should do, - in case of GNU/Linux, please also name the distribution. -
The name, platform, and version of the browser - you were using (e.g. Internet Explorer v5.5 for Mac). -
The URL where the problem occurred, or some way for us to duplicate the - problem (e.g. http://somesite.example.com/?somethingelse=123). -
Whether your version of Privoxy is one supplied - by the Privoxy developers via SourceForge, - or if you got your copy somewhere else. -
Whether you are using Privoxy in tandem with - another proxy such as Tor. If so, please - temporary disable the other proxy to see if the symptoms change. -
Whether you are using a personal firewall product. If so, does - Privoxy work without it? -
Any other pertinent information to help identify the problem such as config - or log file excerpts (yes, you should have log file entries for each - action taken). -
You don't have to tell us your actual name when filing a problem - report, but please use a nickname so we can differentiate between - your messages and the ones entered by other "anonymous" users that - may respond to your request if they have the same problem or already - found a solution.
Please also check the status of your request a few days after submitting - it, as we may request additional information. If you use a SF id, - you should automatically get a mail when someone responds to your request.
The appendix - of the Privoxy User Manual also has helpful information - on understanding actions, and action debugging.
6.3. Request New Features
You are welcome to submit ideas on new features or other proposals - for improvement through our feature request tracker at - http://sourceforge.net/tracker/?atid=361118&group_id=11118.
6.4. Other
For any other issues, feel free to use the mailing lists. Technically interested users -and people who wish to contribute to the project are also welcome on the developers list! -You can find an overview of all Privoxy-related mailing lists, -including list archives, at: -http://sourceforge.net/mail/?group_id=11118.
6. Contacting the + developers, Bug Reporting and Feature Requests
+ +We value your feedback. In fact, we rely on it to improve Privoxy and its configuration. However, please note + the following hints, so we can provide you with the best support:
+ +6.1. + Get Support
+ +For casual users, our support forum at SourceForge is probably best suited: + http://sourceforge.net/tracker/?group_id=11118&atid=211118
+ +All users are of course welcome to discuss their issues on the + users mailing list, where the developers also hang + around.
+ +Please don't sent private support requests to individual Privoxy + developers, either use the mailing lists or the support trackers.
+ +If you have to contact a Privoxy developer directly for other + reasons, please send a real mail and do not bother with SourceForge's + messaging system. Answers to SourceForge messages are usually bounced + by SourceForge's mail server in which case the developer wasted time + writing a response you don't get. From your point of view it will look + like your message has been completely ignored, so this is frustrating + for all parties involved.
+ +Note that the Privoxy mailing lists are moderated. Posts from + unsubscribed addresses have to be accepted manually by a moderator. + This may cause a delay of several days and if you use a subject that + doesn't clearly mention Privoxy or one of its features, your message + may be accidentally discarded as spam.
+ +If you aren't subscribed, you should therefore spend a few seconds + to come up with a proper subject. Additionally you should make it clear + that you want to get CC'd. Otherwise some responses will be directed to + the mailing list only, and you won't see them.
+6.2. Reporting + Problems
+ +"Problems" for our purposes, come in two + forms:
+ +-
+
-
+
Configuration issues, such as ads that slip through, or sites + that don't function properly due to one Privoxy "action" or + another being turned "on".
+
+
+ -
+
"Bugs" in the programming code that + makes up Privoxy, such as that + might cause a crash.
+
+
6.2.1. + Reporting Ads or Other Configuration Problems
+ +Please send feedback on ads that slipped through, innocent images + that were blocked, sites that don't work properly, and other + configuration related problem of default.action file, to http://sourceforge.net/tracker/?group_id=11118&atid=460288, + the Actions File Tracker.
+ +New, improved default.action files may + occasionally be made available based on your feedback. These will be + announced on the ijbswa-announce list and available from our the files section of our project page.
+6.2.2. + Reporting Bugs
+ +Please report all bugs through our bug tracker: http://sourceforge.net/tracker/?group_id=11118&atid=111118.
+ +Before doing so, please make sure that the bug has not already been submitted and observe + the additional hints at the top of the submit form. If already submitted, please feel free + to add any info to the original report that might help to solve the + issue.
+ +Please try to verify that it is a Privoxy bug, and not a browser or site bug or + documented behaviour that just happens to be different than what you + expected. If unsure, try toggling + off Privoxy, and see if the + problem persists.
+ +If you are using your own custom configuration, please try the + stock configs to see if the problem is configuration related. If + you're having problems with a feature that is disabled by default, + please ask around on the mailing list if others can reproduce the + problem.
+ +If you aren't using the latest Privoxy version, the bug may have + been found and fixed in the meantime. We would appreciate if you + could take the time to upgrade to the latest version (or even the latest CVS + snapshot) and verify that your bug still exists.
+ +Please be sure to provide the following information:
+ +-
+
-
+
The exact Privoxy version you + are using (if you got the source from CVS, please also provide + the source code revisions as shown in http://config.privoxy.org/show-version).
+
+
+ -
+
The operating system and versions you run Privoxy on, (e.g. Windows XP SP2), if you are using a Unix + flavor, sending the output of "uname + -a" should do, in case of GNU/Linux, please also name the + distribution.
+
+
+ -
+
The name, platform, and version of the browser you were using (e.g. Internet Explorer v5.5 for Mac).
+
+
+ -
+
The URL where the problem occurred, or some way for us to + duplicate the problem (e.g. http://somesite.example.com/?somethingelse=123).
+
+
+ -
+
Whether your version of Privoxy is one supplied by the Privoxy developers via SourceForge, or if + you got your copy somewhere else.
+
+
+ -
+
Whether you are using Privoxy + in tandem with another proxy such as Tor. If so, please temporary disable the + other proxy to see if the symptoms change.
+
+
+ -
+
Whether you are using a personal firewall product. If so, does + Privoxy work without it?
+
+
+ -
+
Any other pertinent information to help identify the problem + such as config or log file excerpts (yes, you should have log + file entries for each action taken). To get a meaningful logfile, + please make sure that the logfile + directive is being used and the following debug + options are enabled:
+ ++ debug 1 # Log the destination for each request Privoxy let through. See also debug 1024.
If you + are having trouble with a filter, please additionally enable + +
+ + debug 2 # show each connection status
+ + debug 4 # show I/O status
+ + debug 8 # show header parsing
+ + debug 128 # debug redirects
+ debug 256 # debug GIF de-animation
+ + debug 512 # Common Log Format
+ + debug 1024 # Log the destination for requests Privoxy didn't let through, and the reason why.
+ + debug 4096 # Startup banner and warnings.
+ + debug 8192 # Non-fatal errors+ debug 64 # debug regular expression filters
If + you are using Privoxy 3.0.17 or later and suspect that it + interprets the request or the response incorrectly, please enable + ++ debug 32768 # log all data read from the network
Note + that Privoxy log files may contain sensitive information so + please don't submit any logfiles you didn't read first. You can + mask sensitive information as long as it's clear that you removed + something. +
+
You don't have to tell us your actual name when filing a problem + report, but if you don't, please use a nickname so we can + differentiate between your messages and the ones entered by other + "anonymous" users that may respond to your request if they have the + same problem or already found a solution. Note that due to spam the + trackers may not always allow to post without being logged into + SourceForge. If that's the case, you are still free to create a login + that isn't directly linked to your name, though.
+ +Please also check the status of your request a few days after + submitting it, as we may request additional information. If you use a + SF id, you should automatically get a mail when someone responds to + your request. Please don't bother to add an email address when using + the tracker. If you prefer to communicate through email, just use one + of the mailing lists directly.
+ +If you are new to reporting problems, you might be interested in + How to Report Bugs Effectively.
+ +The appendix of the Privoxy User Manual also has + helpful information on understanding actions, and action + debugging.
+6.3. + Request New Features
+ +You are welcome to submit ideas on new features or other proposals + for improvement through our feature request tracker at http://sourceforge.net/tracker/?atid=361118&group_id=11118.
+6.4. + Mailing Lists
+ +If you prefer to communicate through email, instead of using a web + interface, feel free to use one of the mailing lists. To discuss issues + that haven't been completely diagnosed yet, please use the Privoxy + users list. Technically interested users and people who wish to + contribute to the project are always welcome on the developers list. + You can find an overview of all Privoxy-related mailing lists, including list + archives, at: http://sourceforge.net/mail/?group_id=11118.
++ +
Prev | + +Home | + +Next | +
Troubleshooting | + ++ + | Privoxy Copyright, License + and History | +
Privoxy Frequently Asked Questions | ||
---|---|---|
Prev |
7. Privoxy Copyright, License and History
Copyright Š 2001-2009 by Privoxy Developers <ijbswa-developers@lists.sourceforge.net>
Some source code is based on code Copyright Š 1997 by Anonymous Coders - and Junkbusters, Inc. and licensed under the GNU General Public - License.
Portions of this document are "borrowed" from the original - Junkbuster (tm) FAQ, and modified as - appropriate for Privoxy. -
7.1. License
Privoxy is free software; you can - redistribute it and/or modify it under the terms of the - GNU General Public License, version 2, - as published by the Free Software Foundation.
This program is distributed in the hope that it will be useful, but WITHOUT - ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
You should have received a copy of the GNU GPL - along with this program; if not, write to the
Free Software
- Foundation, Inc. 51 Franklin Street, Fifth Floor
- Boston, MA 02110-1301
- USA
7.2. History
A long time ago, there was the - Internet Junkbuster, - by Anonymous Coders and Junkbusters - Corporation. This saved many users a lot of pain in the early days of - web advertising and user tracking.
But the web, its protocols and standards, and with it, the techniques for - forcing ads on users, give up autonomy over their browsing, and - for tracking them, keeps evolving. Unfortunately, the Internet - Junkbuster did not. Version 2.0.2, published in 1998, was - (and is) the last official - release - available from Junkbusters Corporation. - Fortunately, it had been released under the GNU - GPL, - which allowed further development by others.
So Stefan Waldherr started maintaining an improved version of the - software, to which eventually a number of people contributed patches. - It could already replace banners with a transparent image, and had a first - version of pop-up killing, but it was still very closely based on the - original, with all its limitations, such as the lack of HTTP/1.1 support, - flexible per-site configuration, or content modification. The last release - from this effort was version 2.0.2-10, published in 2000.
Then, some - developers - picked up the thread, and started turning the software inside out, upside down, - and then reassembled it, adding many - new - features along the way.
The result of this is Privoxy, whose first - stable version, 3.0, was released August, 2002. -
Privoxy Frequently Asked + Questions | +||
---|---|---|
Prev | + ++ + | + |
+
7. Privoxy + Copyright, License and History
+ +Copyright © 2001-2011 by Privoxy Developers <ijbswa-developers@lists.sourceforge.net>
Some source code is based on code Copyright © 1997 by Anonymous + Coders and Junkbusters, Inc. and licensed under the GNU General Public License.
+ +Portions of this document are "borrowed" + from the original Junkbuster (tm) FAQ, + and modified as appropriate for Privoxy.
+ +7.1. License
+ +Privoxy is free software; you can + redistribute it and/or modify it under the terms of the GNU General Public License, version 2, as published by + the Free Software Foundation.
+ +This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ +You should have received a copy of the GNU + GPL along with this program; if not, write to the
+ + Free Software
+ Foundation, Inc. 51 Franklin
+ Street, Fifth Floor
+ Boston, MA 02110-1301
+ USA
7.2. History
+ +A long time ago, there was the Internet Junkbuster, by Anonymous Coders and + Junkbusters + Corporation. This saved many users a lot of pain in the early days + of web advertising and user tracking.
+ +But the web, its protocols and standards, and with it, the + techniques for forcing ads on users, give up autonomy over their + browsing, and for tracking them, keeps evolving. Unfortunately, the + Internet Junkbuster did not. Version + 2.0.2, published in 1998, was (and is) the last official release available from Junkbusters Corporation. Fortunately, it had been + released under the GNU GPL, which allowed further development by others.
+ +So Stefan Waldherr started maintaining an improved version of the + software, to which eventually a number of people contributed patches. + It could already replace banners with a transparent image, and had a + first version of pop-up killing, but it was still very closely based on + the original, with all its limitations, such as the lack of HTTP/1.1 + support, flexible per-site configuration, or content modification. The + last release from this effort was version 2.0.2-10, published in + 2000.
+ +Then, some developers picked up the thread, and started turning the + software inside out, upside down, and then reassembled it, adding many + new features along the way.
+ +The result of this is Privoxy, + whose first stable version, 3.0, was released August, 2002.
++ +
Prev | + +Home | + ++ |
Contacting the developers, + Bug Reporting and Feature Requests | + ++ + | + |
1. General Information
1.1. Who should give Privoxy a try?
Anyone who is interested in security, privacy, or in - finer-grained control over their web and Internet experience. -
1.2. Is Privoxy the best choice for -me?
Privoxy is certainly a good choice, especially for those who want more - control and security. Those with the willingness to read the documentation - and the ability to fine-tune their installation will benefit the most. -
One of Privoxy's - strengths is that it is highly configurable giving you the ability to - completely personalize your installation. Being familiar with, or at least - having an interest in learning about HTTP and other networking - protocols, HTML, and - "Regular - Expressions" - will be a big plus and will help you get the most out of Privoxy. - A new installation just includes a very basic configuration. The user - should take this as a starting point only, and enhance it as he or she - sees fit. In fact, the user is encouraged, and expected to, fine-tune the - configuration. -
Much of Privoxy's configuration can be done - with a Web browser. - But there are areas where configuration is done using a - text editor - to edit configuration files. Also note that the web-based action editor - doesn't use authentication and should only be enabled in environments - where all clients with access to Privoxy listening port can be trusted. -
1.3. What is a "proxy"? How does -Privoxy work?
A web proxy - is a service, based on a software such as Privoxy, that clients - (i.e. browsers) can use instead of connecting to web servers directly. - The clients then ask the proxy to request objects (web pages, images, movies etc) - on their behalf and to forward the data to the clients. - It is a "go-between". For details, see - Wikipedia's proxy definition. -
There are many reasons to use web proxies, such as security (firewalling), - efficiency (caching) and others, and there are any number of proxies - to accommodate those needs. -
Privoxy is a proxy that is primarily focused on - privacy enhancement, ad and junk elimination and freeing the user from - restrictions placed on his activities. Sitting between your browser(s) and the Internet, - it is in a perfect position to filter outbound personal information that your - browser is leaking, as well as inbound junk. It uses a variety of techniques to do - this, all of which are under your complete control via the various configuration - files and options. Being a proxy also makes it easier to share - configurations among multiple browsers and/or users. -
1.4. Does Privoxy do anything more than ad blocking?
- Yes, ad blocking is but one possible use. There are many, many ways Privoxy - can be used to sanitize and customize web browsing.
1.5. What is this new version of -"Junkbuster"?
A long time ago, there was the - Internet Junkbuster, - by Anonymous Coders and Junkbusters - Corporation. This saved many users a lot of pain in the early days of - web advertising and user tracking.
But the web, its protocols and standards, and with it, the techniques for - forcing ads on users, give up autonomy over their browsing, and - for tracking them, keeps evolving. Unfortunately, the Internet - Junkbuster did not. Version 2.0.2, published in 1998, was - (and is) the last official - release - available from Junkbusters Corporation. - Fortunately, it had been released under the GNU - GPL, - which allowed further development by others.
So Stefan Waldherr started maintaining an improved version of the - software, to which eventually a number of people contributed patches. - It could already replace banners with a transparent image, and had a first - version of pop-up killing, but it was still very closely based on the - original, with all its limitations, such as the lack of HTTP/1.1 support, - flexible per-site configuration, or content modification. The last release - from this effort was version 2.0.2-10, published in 2000.
Then, some - developers - picked up the thread, and started turning the software inside out, upside down, - and then reassembled it, adding many - new - features along the way.
The result of this is Privoxy, whose first - stable version, 3.0, was released August, 2002. -
1.6. Why "Privoxy"? Why change the name from -Junkbuster at all?
Though outdated, Junkbusters Corporation - continues to offer their original version of the Internet - Junkbuster, so publishing our - Junkbuster-derived software under the same name - led to confusion.
There are also potential legal complications from our use of the - Junkbuster name, which is a registered trademark of - Junkbusters Corporation. - There are, however, no objections from Junkbusters Corporation to the - Privoxy project itself, and they, in fact, still - share our ideals and goals.
The developers also believed that there are so many improvements over the original - code, that it was time to make a clean break from the past and make - a name in their own right.
Privoxy is the - "Privacy Enhancing Proxy". Also, its content - modification and junk suppression gives you, the user, more - control, more freedom, and allows you to browse your personal and - "private edition" of the web.
1.7. How does Privoxy differ -from the old Junkbuster?
Privoxy picks up where - Junkbuster left off. - The new Privoxy still blocks ads and banners, - still manages cookies, and still - helps protect your privacy. But, most of these features have been enhanced, - and many new ones have been added, all in the same vein. -
Privoxy's new features include:
Can keep outgoing connections alive and reuse them later on. -
Supports tagging which allows to change the behaviour - based on client and server headers. -
Can be run as an "intercepting" proxy, which obviates the need to - configure browsers individually. -
Sophisticated actions and filters for manipulating both server and client - headers. -
Can be chained with other proxies. -
Integrated browser based configuration and control utility at http://config.privoxy.org/ - (shortcut: http://p.p/). Browser-based - tracing of rule and filter effects. Remote toggling. -
Web page filtering (text replacements, removes banners based on size, - invisible "web-bugs", JavaScript and HTML annoyances, - pop-up windows, etc.) -
Modularized configuration that allows for standard settings and - user settings to reside in separate files, so that installing updated - actions files won't overwrite individual user settings. -
Support for Perl Compatible Regular Expressions in the configuration files, and - a more sophisticated and flexible configuration syntax. -
Improved cookie management features (e.g. session based cookies). -
GIF de-animation. -
Bypass many click-tracking scripts (avoids script redirection). -
Multi-threaded (POSIX and native threads). -
User-customizable HTML templates for most proxy-generated pages (e.g. "blocked" page). -
Auto-detection and re-reading of config file changes. -
Improved signal handling, and a true daemon mode (Unix). -
Every feature now controllable on a per-site or per-location basis, configuration - more powerful and versatile over-all. -
Many smaller new features added, limitations and bugs removed. -
1.8. How does Privoxy know what is -an ad, and what is not?
Privoxy's approach to blocking ads is twofold:
First, there are certain patterns in the locations (URLs) - of banner images. This applies to both the path (you wouldn't guess how many - web sites serve their banners from a directory called "banners"!) - and the host (blocking the big banner hosting services like doublecklick.net - already helps a lot). Privoxy takes advantage of this - fact by using URL - patterns to sort out and block the requests for things that sound - like they would be ads or banners.
Second, banners tend to come in certain sizes. But you - can't tell the size of an image by its URL without downloading it, and if you - do, it's too late to save bandwidth. Therefore, Privoxy - also inspects the HTML sources of web pages while they are loaded, and replaces - references to images with standard banner sizes by dummy references, so that - your browser doesn't request them anymore in the first place.
Both of this involves a certain amount of guesswork and is, of course, freely - and readily configurable.
1.9. Can Privoxy make mistakes? -This does not sound very scientific.
Actually, it's a black art ;-) And yes, it is always possible to have a broad - rule accidentally block or change something by mistake. You will almost surely - run into such situations at some point. It is tricky writing rules to - cover every conceivable possibility, and not occasionally get false positives.
But this should not be a big concern since the - Privoxy configuration is very flexible, and - includes tools to help identify these types of situations so they can be - addressed as needed, allowing you to customize your installation. - (See the Troubleshooting section below.)
1.10. Will I have to configure Privoxy - before I can use it?
That depends on your expectations. - The default installation should give you a good starting - point, and block most ads and unwanted content, - but many of the more advanced features are off by default, and require - you to activate them.
You do have to set up your browser to use - Privoxy (see the Installation section below).
And you will certainly run into situations where there are false positives, - or ads not being blocked that you may not want to see. In these cases, you - would certainly benefit by customizing Privoxy's - configuration to more closely match your individual situation. And we - encourage you to do this. This is where the real power of - Privoxy lies!
1.11. Can Privoxy run as a server on a network?
- Yes, Privoxy runs as a server already, and can easily be configured to - "serve" more than one client. See How can I set up Privoxy to act as a proxy for my LAN below.
1.12. My browser does the same things as -Privoxy. Why should I use Privoxy at all?
Modern browsers do indeed have some of the same - functionality as Privoxy. Maybe this is - adequate for you. But Privoxy is very - versatile and powerful, and can probably do a number of things - your browser just can't. -
In addition, a proxy is good choice if you use multiple browsers, or - have a LAN with multiple computers since Privoxy can run as a server - application. This way all the configuration is in one place, and you don't - have to maintain a similar configuration for possibly many browsers or - users. -
Note, however, that it's recommended to leverage both your browser's - and Privoxy's privacy enhancing features - at the same time. While your browser probably lacks some features - Privoxy offers, it should also be able to do some things more - reliable, for example restricting and suppressing JavaScript. -
1.13. Why should I trust Privoxy?
The most important reason is because you have access to - everything, and you can control everything. You can - check every line of every configuration file yourself. You can check every - last bit of source code should you desire. And even if you can't read code, - there should be some comfort in knowing that other people can, - and do read it. You can build the software from scratch, if you want, - so that you know the executable is clean, and that it is - yours. In fact, we encourage this level of scrutiny. It - is one reason we use Privoxy ourselves. -
1.14. Is there is a license or fee? What about a -warranty? Registration?
Privoxy is free software and licensed under the GNU General Public License (GPL) version 2. - It is free to use, copy, modify or distribute as you wish under the terms of this - license. Please see the Copyright section for more - information on the license and copyright. Or the LICENSE file - that should be included. -
There is no warranty of any kind, expressed, implied or otherwise. - That is something that would cost real money ;-) There is no registration either. -
1.15. Can Privoxy remove spyware? Adware? Viruses?
No, at least not reliably enough to trust it. Privoxy is not designed to be - a malware removal tool and the default configuration doesn't even try to - filter out any malware.
Privoxy could help prevent contact from (known) sites that use such - tactics with appropriate configuration rules, and thus could conceivably - prevent contamination from such sites. However, keeping such a configuration - up to date would require a lot of time and effort that would be better spend - on keeping your software itself up to date so it doesn't have known - vulnerabilities.
1.16. Can I use Privoxy with other ad-blocking software?
Privoxy should work fine with other proxies and other software in general.
But it is probably not necessary to use Privoxy in conjunction with other - ad-blocking products, and this could conceivably cause undesirable results. - It might be better to choose one software or the other and work a little to - tweak its configuration to your liking.
Note that this is an advice specific to ad blocking.
1.17. I would like to help you, what can I do?
1.17.1. Would you like to participate?
Well, we always need help. There is something for - everybody who wants to help us. We welcome new developers, packagers, - testers, documentation writers or really anyone with a desire to help in - any way. You DO NOT need to be a - "programmer". There are many other tasks available. In fact, - the programmers often can't spend as much time programming because of some - of the other, more mundane things that need to be done, like checking the - Tracker feedback sections. -
So first thing, get an account on SourceForge.net - and mail your id to the developers - mailing list. Then, please read the Developer's Manual, at least - the pertinent sections.
You can also start helping out without SourceForge.net account, - simply by showing up on the mailing list, helping out other users, - providing general feedback or reporting problems you noticed. -
1.17.2. Would you like to donate?
Privoxy is developed by unpaid volunteers - and thus our current running costs are pretty low. Nevertheless, we - have plans that will cost money in the future. We would like to get - this money through donations made by our users.
Privoxy has therefore become an associated - project of Software - in the Public Interest (SPI), which allows us to receive tax-deductible - donations in most western countries.
We intend to use the donations to pay for our domain after transfering - it to SPI. Our goal is to make sure there's no single point of failure - and the bill gets paid and the site keeps running even if a some of - the currently active developers were to suddenly disappear for a while.
We would also like to spend some money on more reliable hosting, - on hardware to help make sure Privoxy - keeps running on platforms the developers currently can't test on, - and on technical books to educate our developers about said platforms - or to improve their knowledge in general.
If you enjoy our software and feel like helping out with a donation, - please have a look at - SPI's donation page - to see what the options are.
1. General + Information
+ +1.1. Who should give + Privoxy a try?
+ +Anyone who is interested in security, privacy, or in finer-grained + control over their web and Internet experience.
+1.2. Is Privoxy + the best choice for me?
+ +Privoxy is certainly a good choice, + especially for those who want more control and security. Those with the + willingness to read the documentation and the ability to fine-tune + their installation will benefit the most.
+ +One of Privoxy's strengths is that + it is highly configurable giving you the ability to completely + personalize your installation. Being familiar with, or at least having + an interest in learning about HTTP and other + networking protocols, HTML, and "Regular Expressions" will be a + big plus and will help you get the most out of Privoxy. A new installation just includes a very + basic configuration. The user should take this as a starting point + only, and enhance it as he or she sees fit. In fact, the user is + encouraged, and expected to, fine-tune the configuration.
+ +Much of Privoxy's configuration can + be done with a Web browser. But there are areas where configuration + is done using a text editor to edit configuration files. Also note + that the web-based action editor doesn't use authentication and should + only be enabled in environments where all clients with access to + Privoxy listening port can be + trusted.
+1.3. What is a + "proxy"? How does Privoxy work?
+ +A web proxy is a service, based on a software such as + Privoxy, that clients (i.e. browsers) + can use instead of connecting to web servers directly. The clients then + ask the proxy to request objects (web pages, images, movies etc) on + their behalf and to forward the data to the clients. It is a + "go-between". For details, see Wikipedia's + proxy definition.
+ +There are many reasons to use web proxies, such as security + (firewalling), efficiency (caching) and others, and there are any + number of proxies to accommodate those needs.
+ +Privoxy is a proxy that is + primarily focused on privacy enhancement, ad and junk elimination and + freeing the user from restrictions placed on his activities. Sitting + between your browser(s) and the Internet, it is in a perfect position + to filter outbound personal information that your browser is leaking, + as well as inbound junk. It uses a variety of techniques to do this, + all of which are under your complete control via the various + configuration files and options. Being a proxy also makes it easier to + share configurations among multiple browsers and/or users.
+1.4. Does + Privoxy do anything more than ad blocking?
+ +Yes, ad blocking is but one possible use. There are many, many ways + Privoxy can be used to sanitize and + customize web browsing.
+1.5. What is this new + version of "Junkbuster"?
+ +A long time ago, there was the Internet Junkbuster, by Anonymous Coders and + Junkbusters + Corporation. This saved many users a lot of pain in the early days + of web advertising and user tracking.
+ +But the web, its protocols and standards, and with it, the + techniques for forcing ads on users, give up autonomy over their + browsing, and for tracking them, keeps evolving. Unfortunately, the + Internet Junkbuster did not. Version + 2.0.2, published in 1998, was (and is) the last official release available from Junkbusters Corporation. Fortunately, it had been + released under the GNU GPL, which allowed further development by others.
+ +So Stefan Waldherr started maintaining an improved version of the + software, to which eventually a number of people contributed patches. + It could already replace banners with a transparent image, and had a + first version of pop-up killing, but it was still very closely based on + the original, with all its limitations, such as the lack of HTTP/1.1 + support, flexible per-site configuration, or content modification. The + last release from this effort was version 2.0.2-10, published in + 2000.
+ +Then, some developers picked up the thread, and started turning the + software inside out, upside down, and then reassembled it, adding many + new features along the way.
+ +The result of this is Privoxy, + whose first stable version, 3.0, was released August, 2002.
+1.6. Why "Privoxy"? Why change the name from Junkbuster at + all?
+ +Though outdated, Junkbusters Corporation continues to offer their original + version of the Internet Junkbuster, so + publishing our Junkbuster-derived + software under the same name led to confusion.
+ +There are also potential legal complications from our use of the + Junkbuster name, which is a registered + trademark of Junkbusters Corporation. There are, however, no objections + from Junkbusters Corporation to the Privoxy project itself, and they, in fact, still + share our ideals and goals.
+ +The developers also believed that there are so many improvements + over the original code, that it was time to make a clean break from the + past and make a name in their own right.
+ +Privoxy is the "Privacy Enhancing + Proxy". Also, its content modification and junk + suppression gives you, the + user, more control, more freedom, and allows you to browse your + personal and "private edition" of the web.
+1.7. How does Privoxy + differ from the old Junkbuster?
+ +Privoxy picks up where Junkbuster left off. The new Privoxy still blocks ads and banners, still + manages cookies, and still helps protect your privacy. But, most of + these features have been enhanced, and many new ones have been added, + all in the same vein.
+ +Privoxy's new features include:
+ +-
+
-
+
Supports "Connection: keep-alive". Outgoing connections can be + kept alive independently from the client.
+
+
+ -
+
Supports IPv6, provided the operating system does so too, and + the configure script detects it.
+
+
+ -
+
Supports tagging which allows to change the behaviour based on + client and server headers.
+
+
+ -
+
Can be run as an "intercepting" proxy, which obviates the need + to configure browsers individually.
+
+
+ -
+
Sophisticated actions and filters for manipulating both server + and client headers.
+
+
+ -
+
Can be chained with other proxies.
+
+
+ -
+
Integrated browser-based configuration and control utility at + http://config.privoxy.org/ (shortcut: http://p.p/). Browser-based tracing + of rule and filter effects. Remote toggling.
+
+
+ -
+
Web page filtering (text replacements, removes banners based on + size, invisible "web-bugs" and HTML + annoyances, etc.)
+
+
+ -
+
Modularized configuration that allows for standard settings and + user settings to reside in separate files, so that installing + updated actions files won't overwrite individual user settings.
+
+
+ -
+
Support for Perl Compatible Regular Expressions in the + configuration files, and a more sophisticated and flexible + configuration syntax.
+
+
+ -
+
GIF de-animation.
+
+
+ -
+
Bypass many click-tracking scripts (avoids script + redirection).
+
+
+ -
+
User-customizable HTML templates for most proxy-generated pages + (e.g. "blocked" page).
+
+
+ -
+
Auto-detection and re-reading of config file changes.
+
+
+ -
+
Most features are controllable on a per-site or per-location + basis.
+
+
+ -
+
Many smaller new features added, limitations and bugs + removed.
+
+
1.8. How does + Privoxy know what is an ad, and what is not?
+ +Privoxy's approach to blocking ads + is twofold:
+ +First, there are certain patterns in the locations (URLs) of banner images. This + applies to both the path (you wouldn't guess how many web sites serve + their banners from a directory called "banners"!) and the host (blocking the big banner + hosting services like doublecklick.net already helps a lot). + Privoxy takes advantage of this fact + by using URL patterns to sort out and block the requests for things + that sound like they would be ads or banners.
+ +Second, banners tend to come in certain sizes. But you can't tell the size of an + image by its URL without downloading it, and if you do, it's too late + to save bandwidth. Therefore, Privoxy + also inspects the HTML sources of web pages while they are loaded, and + replaces references to images with standard banner sizes by dummy + references, so that your browser doesn't request them anymore in the + first place.
+ +Both of this involves a certain amount of guesswork and is, of + course, freely and readily configurable.
+1.9. Can Privoxy make + mistakes? This does not sound very scientific.
+ +Actually, it's a black art ;-) And yes, it is always possible to + have a broad rule accidentally block or change something by mistake. + You will almost surely run into such situations at some point. It is + tricky writing rules to cover every conceivable possibility, and not + occasionally get false positives.
+ +But this should not be a big concern since the Privoxy configuration is very flexible, and + includes tools to help identify these types of situations so they can + be addressed as needed, allowing you to customize your installation. + (See the Troubleshooting section + below.)
+1.10. Will I have to + configure Privoxy before I can use it?
+ +That depends on your expectations. The default installation should + give you a good starting point, and block most ads and unwanted content, but many + of the more advanced features are off by default, and require you to + activate them.
+ +You do have to set up your browser to use Privoxy (see the Installation section below).
+ +And you will certainly run into situations where there are false + positives, or ads not being blocked that you may not want to see. In + these cases, you would certainly benefit by customizing Privoxy's configuration to more closely match your + individual situation. And we encourage you to do this. This is where + the real power of Privoxy lies!
+1.11. Can Privoxy run as a + server on a network?
+ +Yes, Privoxy runs as a server + already, and can easily be configured to "serve" more than one client. See How can I set up Privoxy to act as a + proxy for my LAN below.
+1.12. My browser + does the same things as Privoxy. Why should I use Privoxy at + all?
+ +Modern browsers do indeed have some of the same functionality as + Privoxy. Maybe this is adequate for + you. But Privoxy is very versatile and + powerful, and can probably do a number of things your browser just + can't.
+ +In addition, a proxy is good choice if you use multiple browsers, or + have a LAN with multiple computers since Privoxy can run as a server application. This way + all the configuration is in one place, and you don't have to maintain a + similar configuration for possibly many browsers or users.
+ +Note, however, that it's recommended to leverage both your browser's + and Privoxy's privacy enhancing + features at the same time. While your browser probably lacks some + features Privoxy offers, it should + also be able to do some things more reliable, for example restricting + and suppressing JavaScript.
+1.13. Why should I + trust Privoxy?
+ +The most important reason is because you have access to everything, and you can control + everything. You can check every line of every configuration file + yourself. You can check every last bit of source code should you + desire. And even if you can't read code, there should be some comfort + in knowing that other people can, and do read it. You can build the + software from scratch, if you want, so that you know the executable is + clean, and that it is yours. + In fact, we encourage this level of scrutiny. It is one reason we use + Privoxy ourselves.
+1.14. Is there is a + license or fee? What about a warranty? Registration?
+ +Privoxy is free software and + licensed under the GNU General Public License (GPL) version 2. It is free to + use, copy, modify or distribute as you wish under the terms of this + license. Please see the Copyright section + for more information on the license and copyright. Or the LICENSE file that should be included.
+ +There is no warranty of + any kind, expressed, implied or otherwise. That is something that would + cost real money ;-) There is no registration either.
+1.15. Can Privoxy + remove spyware? Adware? Viruses?
+ +No, at least not reliably enough to trust it. Privoxy is not designed to be a malware removal + tool and the default configuration doesn't even try to filter out any + malware.
+ +Privoxy could help prevent contact + from (known) sites that use such tactics with appropriate configuration + rules, and thus could conceivably prevent contamination from such + sites. However, keeping such a configuration up to date would require a + lot of time and effort that would be better spend on keeping your + software itself up to date so it doesn't have known + vulnerabilities.
+1.16. Can I use + Privoxy with other ad-blocking software?
+ +Privoxy should work fine with other + proxies and other software in general.
+ +But it is probably not necessary to use Privoxy in conjunction with other ad-blocking + products, and this could conceivably cause undesirable results. It + might be better to choose one software or the other and work a little + to tweak its configuration to your liking.
+ +Note that this is an advice specific to ad blocking.
+1.17. I would like to help you, what can I + do?
+ +1.17.1. + Would you like to participate?
+ +Well, we always need + help. There is something for everybody who wants to help us. We + welcome new developers, packagers, testers, documentation writers or + really anyone with a desire to help in any way. You DO NOT need to be a "programmer". There are many other tasks available. In + fact, the programmers often can't spend as much time programming + because of some of the other, more mundane things that need to be + done, like checking the Tracker feedback sections or responding to + user questions on the mailing lists.
+ +So first thing, subscribe to the Privoxy Users or the Privoxy Developers mailing list, join the + discussion, help out other users, provide general feedback or report + problems you noticed.
+ +If you intend to help out with the trackers, you also might want + to get an account on SourceForge.net so we don't confuse you + with the other name-less users.
+ +We also have a Developer's Manual. While it is partly out of date, it's + still worth reading.
+ +Our TODO list may be of interest to you as well. Please + let us know if you want to work on one of the items listed.
+1.17.2. Would you like + to donate?
+ +Privoxy is developed by unpaid + volunteers and thus our current running costs are pretty low. + Nevertheless, we have plans that will cost money in the future. They + include, but aren't limited to spending money on:
+ +-
+
-
+
Hardware to help make sure Privoxy keeps running on platforms the + developers currently can't test on and can be ported to + others.
+
+
+ -
+
Technical books to educate our developers about said platforms + or to improve their knowledge in general.
+
+
+ -
+
More reliable hosting,
+
+
We would like to get this money through donations made by our + users.
+ +Privoxy has therefore become an + associated project of Software + in the Public Interest (SPI), which allows us to receive + donations. In the United States they are tax-deductible, in a few + other western countries they might be tax-deductible in the + future.
+ +If you read this section before you may notice that paying for the + project domain privoxy.org is no longer on the list. It has been + transferred to SPI is sponsored by Mythic Beasts Ltd.
+ +If you enjoy our software and feel like helping out with a + donation, please have a look at SPI's donation + page to see what the options are. If you have any questions + regarding donations please mail to either the public user mailing + list or, if it's a private matter, to Fabian Keil (Privoxy's + SPI liason) directly.
++ +
Prev | + +Home | + +Next | +
Privoxy Frequently Asked + Questions | + ++ + | Installation | +
Privoxy Frequently Asked Questions
Copyright Š 2001-2009 by
- Privoxy Developers
-
$Id: index.html,v 1.51 2009/03/21 12:59:04 fabiankeil Exp $
This FAQ gives quick answers to frequently asked questions about - Privoxy. - It is not a substitute for the - Privoxy User Manual. - -
What is Privoxy?
Privoxy is a non-caching web proxy with advanced filtering capabilities - for enhancing privacy, modifying web page data and HTTP headers, controlling - access, and removing ads and other obnoxious Internet junk. Privoxy has a - flexible configuration and can be customized to suit individual needs and tastes. - It has application for both stand-alone systems and multi-user networks.
Privoxy is Free Software and licensed under the GPL2.
Privoxy is an associated project of Software in the Public Interest (SPI). - Donations are welcome.
Please note that this document is a work in progress. This copy represents - the state at the release of version 3.0.12. - You can find the latest version of the document at http://www.privoxy.org/faq/. - Please see the Contact section if you want to - contact the developers. -
- Table of Contents
- 1. General Information
- 1.1. Who should give Privoxy a try?
- 1.2. Is Privoxy the best choice for -me?
- 1.3. What is a "proxy"? How does -Privoxy work?
- 1.4. Does Privoxy do anything more than ad blocking?
- 1.5. What is this new version of -"Junkbuster"?
- 1.6. Why "Privoxy"? Why change the name from -Junkbuster at all?
- 1.7. How does Privoxy differ -from the old Junkbuster?
- 1.8. How does Privoxy know what is -an ad, and what is not?
- 1.9. Can Privoxy make mistakes? -This does not sound very scientific.
- 1.10. Will I have to configure Privoxy - before I can use it?
- 1.11. Can Privoxy run as a server on a network?
- 1.12. My browser does the same things as -Privoxy. Why should I use Privoxy at all?
- 1.13. Why should I trust Privoxy?
- 1.14. Is there is a license or fee? What about a -warranty? Registration?
- 1.15. Can Privoxy remove spyware? Adware? Viruses?
- 1.16. Can I use Privoxy with other ad-blocking software?
- 1.17. I would like to help you, what can I do?
- 1.17.1. Would you like to participate?
- 1.17.2. Would you like to donate?
- 2. Installation
- 2.1. Which browsers are supported by Privoxy?
- 2.2. Which operating systems are supported?
- 2.3. Can I use Privoxy with my email client?
- 2.4. I just installed Privoxy. Is there anything -special I have to do now?
- 2.5. What is the proxy address of Privoxy?
- 2.6. I just installed Privoxy, and nothing is happening. -All the ads are there. What's wrong?
- 2.7. I get a "Privoxy is not being used" dummy page although -Privoxy is running and being used.
- 3. Configuration
- 3.1. What exactly is an "actions" file?
- 3.2. The "actions" concept confuses me. Please list -some of these "actions".
- 3.3. How are actions files configured? What is the easiest -way to do this?
- 3.4. There are several different "actions" files. What are -the differences?
- 3.5. Where can I get updated Actions Files?
- 3.6. Can I use my old config files?
- 3.7. Why is the configuration so complicated?
- 3.8. How can I make my Yahoo/Hotmail/Gmail account work?
- 3.9. What's the difference between the -"Cautious", "Medium" and "Advanced" defaults?
- 3.10. Why can I change the configuration -with a browser? Does that not raise security issues?
- 3.11. What is the default.filter file? What is a "filter"?
- 3.12. How can I set up Privoxy to act as a proxy for my - LAN?
- 3.13. Instead of ads, now I get a checkerboard pattern. I don't want to see anything.
- 3.14. Why would anybody want to see a checkerboard pattern?
- 3.15. I see some images being replaced with text -instead of the checkerboard image. Why and how do I get rid of this?
- 3.16. Can Privoxy run as a service -on Win2K/NT/XP?
- 3.17. How can I make Privoxy work with other -proxies like Squid or Tor?
- 3.18. Can I just set Privoxy to use port 80 -and thus avoid individual browser configuration?
- 3.19. Can Privoxy run as a "transparent" proxy?
- 3.20. Can Privoxy run as a "intercepting" proxy?
- 3.21. How can I configure Privoxy for use with Outlook?
- 3.22. How can I have separate rules just for HTML mail?
- 3.23. I sometimes notice cookies sneaking through. How?
- 3.24. Are all cookies bad? Why?
- 3.25. How can I allow permanent cookies for my trusted sites?
- 3.26. Can I have separate configurations for different users?
- 3.27. Can I set-up Privoxy as a whitelist of -"good" sites?
- 3.28. How can I turn off ad-blocking?
- 3.29. How can I have custom template pages, like the -BLOCKED page?
- 3.30. How can I remove the "Go There Anyway" link from -the BLOCKED page?
- 4. Miscellaneous
- 4.1. How much does Privoxy slow my browsing down? This -has to add extra time to browsing.
- 4.2. I notice considerable -delays in page requests. What's wrong?
- 4.3. What are "http://config.privoxy.org/" and -"http://p.p/"?
- 4.4. How can I submit new ads, or report -problems?
- 4.5. If I do submit missed ads, will -they be included in future updates?
- 4.6. Why doesn't anyone answer my support -request?
- 4.7. How can I hide my IP address?
- 4.8. Can Privoxy guarantee I am anonymous?
- 4.9. A test site says I am not using a Proxy.
- 4.10. How do I use Privoxy - together with Tor?
- 4.11. Might some things break because header information or -content is being altered?
- 4.12. Can Privoxy act as a "caching" proxy to -speed up web browsing?
- 4.13. What about as a firewall? Can Privoxy protect me?
- 4.14. I have large empty spaces / a checkerboard pattern now where -ads used to be. Why?
- 4.15. How can Privoxy filter Secure (HTTPS) URLs?
- 4.16. Privoxy runs as a "server". How -secure is it? Do I need to take any special precautions?
- 4.17. Can I temporarily disable Privoxy?
- 4.18. When "disabled" is Privoxy totally -out of the picture?
- 4.19. How can I tell Privoxy to totally ignore certain sites?
- 4.20. My logs show Privoxy "crunches" -ads, but also its own internal CGI pages. What is a "crunch"?
- 4.21. Can Privoxy effect files that I download -from a webserver? FTP server?
- 4.22. I just downloaded a Perl script, and Privoxy -altered it! Yikes, what is wrong!
- 4.23. Should I continue to use a "HOSTS" file for ad-blocking?
- 4.24. Where can I find more information about Privoxy -and related issues?
- 4.25. I've noticed that Privoxy changes "Microsoft" to -"MicroSuck"! Why are you manipulating my browsing?
- 4.26. Does Privoxy produce "valid" HTML (or XHTML)?
- 5. Troubleshooting
- 5.1. I cannot connect to any websites. Or, I am getting -"connection refused" message with every web page. Why?
- 5.2. Why am I getting a 503 Error (WSAECONNREFUSED) on every page?
- 5.3. I just added a new rule, but the steenkin ad is -still getting through. How?
- 5.4. One of my favorite sites does not work with Privoxy. -What can I do?
- 5.5. After installing Privoxy, I have to log in -every time I start IE. What gives?
- 5.6. I cannot connect to any FTP sites. Privoxy - is blocking me.
- 5.7. In Mac OS X, I can't configure Microsoft Internet Explorer to use - Privoxy as the HTTP proxy.
- 5.8. In Mac OS X, I dragged the Privoxy folder to the trash in order to - uninstall it. Now the finder tells me I don't have sufficient privileges to - empty the trash.
- 5.9. In Mac OS X Panther (10.3), images often fail to load and/or I - experience random delays in page loading. I'm using - localhost as my browser's proxy setting.
- 5.10. I get a completely blank page at one site. "View Source" - shows only: <html><body></body></html>. Without - Privoxy the page loads fine.
- 5.11. My logs show many "Unable to get my own hostname" lines. -Why?
- 5.12. When I try to launch Privoxy, I get an -error message "port 8118 is already in use" (or similar wording). -Why?
- 5.13. Pages with UTF-8 fonts are garbled.
- 5.14. Why are binary files (such as images) corrupted when Privoxy - is used?
- 5.15. What is the "demoronizer" and why is it there?
- 5.16. Why do I keep seeing "PrivoxyWindowOpen()" in raw source code?
- 5.17. I am getting too many DNS errors like "404 No Such Domain". Why - can't Privoxy do this better?
- 5.18. At one site Privoxy just hangs, and starts taking - all CPU. Why is this?
- 5.19. I just installed Privoxy, and all my -browsing has slowed to a crawl. What gives?
- 5.20. Why do my filters work on some sites but not on others?
- 5.21. On some HTTPS sites my browser warns me about unauthenticated content, - the URL bar doesn't get highlighted and the lock symbol appears to be broken. - What's going on?
- 5.22. I get selinux error messages. How can I fix this?
- 5.23. I compiled Privoxy with Gentoo's portage and it appears to be very slow. Why?
- 6. Contacting the developers, Bug Reporting and Feature Requests
- 6.1. Get Support
- 6.2. Reporting Problems
- 6.3. Request New Features
- 6.4. Other
- 7. Privoxy Copyright, License and History
Next | ||
General Information |
Privoxy Frequently Asked + Questions
+ +Copyright ©
+ 2001-2011 by Privoxy
+ Developers
$Id: faq.sgml,v 2.84 2011/11/13 17:03:54 fabiankeil
+ Exp $
This FAQ gives quick answers to frequently asked questions about + Privoxy. It is + not a substitute for the Privoxy User + Manual.
+ +What is Privoxy?
+ +Privoxy is a non-caching web proxy with advanced filtering + capabilities for enhancing privacy, modifying web page data and HTTP + headers, controlling access, and removing ads and other obnoxious + Internet junk. Privoxy has a flexible configuration and can be + customized to suit individual needs and tastes. It has application + for both stand-alone systems and multi-user networks.
+ +Privoxy is Free Software and licensed under the GNU GPLv2.
+ +Privoxy is an associated project of Software in the Public + Interest (SPI).
+ +Helping hands and donations are welcome:
+ +-
+
- + + + +
- + + +
Please note that this document is a work in progress. This copy + represents the state at the release of version 3.0.19. You can find + the latest version of the document at http://www.privoxy.org/faq/. Please see the Contact section if you want to contact the + developers.
++
-
+
- Table of Contents + +
- 1. General Information + +
-
+
-
+
- 1.1. Who should give + Privoxy a try? + +
- 1.2. Is Privoxy the best + choice for me? + +
- 1.3. What is a "proxy"? How does Privoxy work? + +
- 1.4. Does Privoxy do + anything more than ad blocking? + +
- 1.5. What is this new version of + "Junkbuster"? + +
- 1.6. Why "Privoxy"? Why change the name from Junkbuster at + all? + +
- 1.7. How does Privoxy differ + from the old Junkbuster? + +
- 1.8. How does Privoxy know + what is an ad, and what is not? + +
- 1.9. Can Privoxy make mistakes? + This does not sound very scientific. + +
- 1.10. Will I have to configure + Privoxy before I can use it? + +
- 1.11. Can Privoxy run as a server + on a network? + +
- 1.12. My browser does the + same things as Privoxy. Why should I use Privoxy at all? + +
- 1.13. Why should I trust + Privoxy? + +
- 1.14. Is there is a license or + fee? What about a warranty? Registration? + +
- 1.15. Can Privoxy remove + spyware? Adware? Viruses? + +
- 1.16. Can I use Privoxy with + other ad-blocking software? + +
- 1.17. I would like + to help you, what can I do? + +
-
+
-
+
- 1.17.1. Would you like + to participate? + +
- 1.17.2. Would you like to + donate? +
+
+
+ - 2. Installation + +
-
+
-
+
- 2.1. Which browsers + are supported by Privoxy? + +
- 2.2. Which operating + systems are supported? + +
- 2.3. Can I use + Privoxy with my email client? + +
- 2.4. I just installed + Privoxy. Is there anything special I have to do now? + +
- 2.5. What is the proxy + address of Privoxy? + +
- 2.6. I just installed + Privoxy, and nothing is happening. All the ads are there. What's + wrong? + +
- 2.7. I get a "Privoxy is not being used" dummy page although + Privoxy is running and being used. +
+
+ - 3. Configuration + +
-
+
-
+
- 3.1. What exactly is an + "actions" file? + +
- 3.2. The "actions" concept confuses me. Please list some of + these "actions". + +
- 3.3. How are actions + files configured? What is the easiest way to do this? + +
- 3.4. There are several + different "actions" files. What are + the differences? + +
- 3.5. Where can I get + updated Actions Files? + +
- 3.6. Can I use my old + config files? + +
- 3.7. Why is the + configuration so complicated? + +
- 3.8. How can I make my + Yahoo/Hotmail/Gmail account work? + +
- 3.9. What's the + difference between the "Cautious", + "Medium" and "Advanced" defaults? + +
- 3.10. Why can I + change the configuration with a browser? Does that not raise + security issues? + +
- 3.11. What is the + default.filter file? What is a + "filter"? + +
- 3.12. How can I set up + Privoxy to act as a proxy for my LAN? + +
- 3.13. Instead of ads, now + I get a checkerboard pattern. I don't want to see + anything. + +
- 3.14. Why would anybody + want to see a checkerboard pattern? + +
- 3.15. I see some images + being replaced with text instead of the checkerboard image. Why + and how do I get rid of this? + +
- 3.16. Can Privoxy run as + a service on Win2K/NT/XP? + +
- 3.17. How can I make + Privoxy work with other proxies? + +
- 3.18. Can I just set + Privoxy to use port 80 and thus avoid individual browser + configuration? + +
- 3.19. Can Privoxy + run as a "transparent" proxy? + +
- 3.20. Can Privoxy + run as a "intercepting" + proxy? + +
- 3.21. How can I + configure Privoxy for use with Outlook? + +
- 3.22. How can I + have separate rules just for HTML mail? + +
- 3.23. I sometimes + notice cookies sneaking through. How? + +
- 3.24. Are all + cookies bad? Why? + +
- 3.25. How can I + allow permanent cookies for my trusted sites? + +
- 3.26. Can I have + separate configurations for different users? + +
- 3.27. Can I set-up + Privoxy as a whitelist of "good" + sites? + +
- 3.28. How can I turn + off ad-blocking? + +
- 3.29. How can I have + custom template pages, like the BLOCKED page? + +
- 3.30. How can I remove + the "Go There Anyway" link from the + BLOCKED page? +
+
+ - 4. Miscellaneous + +
-
+
-
+
- 4.1. How much does Privoxy slow my + browsing down? This has to add extra time to browsing. + +
- 4.2. I notice considerable + delays in page requests. What's wrong? + +
- 4.3. What are + "http://config.privoxy.org/" and "http://p.p/"? + +
- 4.4. How can I submit new ads, or + report problems? + +
- 4.5. If I do submit missed ads, + will they be included in future updates? + +
- 4.6. Why doesn't anyone answer + my support request? + +
- 4.7. How can I hide my IP + address? + +
- 4.8. Can Privoxy guarantee I am + anonymous? + +
- 4.9. A test site says I am not + using a Proxy. + +
- 4.10. How do I use Privoxy together + with Tor? + +
- 4.11. Might some things break + because header information or content is being altered? + +
- 4.12. Can Privoxy act as a + "caching" proxy to speed up web + browsing? + +
- 4.13. What about as a firewall? + Can Privoxy protect me? + +
- 4.14. I have large empty spaces / + a checkerboard pattern now where ads used to be. Why? + +
- 4.15. How can Privoxy filter + Secure (HTTPS) URLs? + +
- 4.16. Privoxy runs as a + "server". How secure is it? Do I need + to take any special precautions? + +
- 4.17. Can I temporarily disable + Privoxy? + +
- 4.18. When "disabled" is Privoxy totally out of the + picture? + +
- 4.19. How can I tell Privoxy to + totally ignore certain sites? + +
- 4.20. My logs show Privoxy + "crunches" ads, but also its own + internal CGI pages. What is a "crunch"? + +
- 4.21. Can Privoxy effect files + that I download from a webserver? FTP server? + +
- 4.22. I just downloaded a Perl + script, and Privoxy altered it! Yikes, what is wrong! + +
- 4.23. Should I continue to use + a "HOSTS" file for + ad-blocking? + +
- 4.24. Where can I find more + information about Privoxy and related issues? + +
- 4.25. I've noticed that Privoxy + changes "Microsoft" to "MicroSuck"! Why are you manipulating my + browsing? + +
- 4.26. Does Privoxy produce + "valid" HTML (or XHTML)? + +
- 4.27. How did you manage + to get Privoxy on my computer without my consent? +
+
+ - 5. Troubleshooting + +
-
+
-
+
- 5.1. I cannot connect to any + websites. Or, I am getting "connection + refused" message with every web page. Why? + +
- 5.2. Why am I getting a 503 + Error (WSAECONNREFUSED) on every page? + +
- 5.3. I just added a new rule, + but the steenkin ad is still getting through. How? + +
- 5.4. One of my favorite sites + does not work with Privoxy. What can I do? + +
- 5.5. After installing Privoxy, I + have to log in every time I start IE. What gives? + +
- 5.6. I cannot connect to any FTP + sites. Privoxy is blocking me. + +
- 5.7. In Mac OS X, I can't + configure Microsoft Internet Explorer to use Privoxy as the HTTP + proxy. + +
- 5.8. In Mac OS X, I + dragged the Privoxy folder to the trash in order to uninstall it. + Now the finder tells me I don't have sufficient privileges to + empty the trash. + +
- 5.9. In Mac OS X Panther + (10.3), images often fail to load and/or I experience random + delays in page loading. I'm using localhost as my browser's proxy setting. + +
- 5.10. I get a completely + blank page at one site. "View Source" + shows only: <html><body></body></html>. + Without Privoxy the page loads fine. + +
- 5.11. My logs show many + "Unable to get my own hostname" lines. + Why? + +
- 5.12. When I try to launch + Privoxy, I get an error message "port 8118 is + already in use" (or similar wording). Why? + +
- 5.13. Pages with UTF-8 + fonts are garbled. + +
- 5.14. Why are binary + files (such as images) corrupted when Privoxy is used? + +
- 5.15. What is the + "demoronizer" and why is it + there? + +
- 5.16. Why do I keep seeing + "PrivoxyWindowOpen()" in raw source + code? + +
- 5.17. I am getting too many + DNS errors like "404 No Such Domain". + Why can't Privoxy do this better? + +
- 5.18. At one site Privoxy just + hangs, and starts taking all CPU. Why is this? + +
- 5.19. I just installed + Privoxy, and all my browsing has slowed to a crawl. What + gives? + +
- 5.20. Why do my filters + work on some sites but not on others? + +
- 5.21. On some HTTPS sites + my browser warns me about unauthenticated content, the URL bar + doesn't get highlighted and the lock symbol appears to be broken. + What's going on? + +
- 5.22. I get selinux error + messages. How can I fix this? + +
- 5.23. I compiled + Privoxy with Gentoo's portage + and it appears to be very slow. Why? +
+
+ - 6. Contacting the developers, Bug + Reporting and Feature Requests + +
-
+
-
+
- 6.1. Get + Support + +
- 6.2. Reporting + Problems + +
-
+
-
+
- 6.2.1. Reporting Ads + or Other Configuration Problems + +
- 6.2.2. Reporting + Bugs +
+
+ - 6.3. Request New + Features + +
- 6.4. Mailing + Lists +
+
+ - 7. Privoxy Copyright, License and + History + +
- + + +
+ +
+ + | + + | Next | +
+ + | + + | General Information | +
2. Installation
2.1. Which browsers are supported by Privoxy?
Any browser that can be configured to use a proxy, which - should be virtually all browsers, including - Firefox, Internet - Explorer, Opera, and - Safari among others. - Direct browser support is not an absolute requirement since - Privoxy runs as a separate application and talks - to the browser in the standardized HTTP protocol, just like a web server - does.
2.2. Which operating systems are supported?
At present, Privoxy is known to run on - Windows(95, 98, ME, 2000, XP, Vista), GNU/Linux (RedHat, SuSE, Debian, - Fedora, Gentoo, Slackware and others), Mac OSX, OS/2, AmigaOS, FreeBSD, - NetBSD, OpenBSD, Solaris, and various other flavors of Unix.
But any operating system that runs TCP/IP, can conceivably take advantage of - Privoxy in a networked situation where - Privoxy would run as a server on a LAN gateway. - Then only the "gateway" needs to be running one of the above - operating systems.
Source code is freely available, so porting to other operating systems - is always a possibility.
2.3. Can I use Privoxy with my email client?
As long as there is some way to set a HTTP proxy for the client, then yes, - any application can be used, whether it is strictly speaking a - "browser" or not. Though this may not be the best approach for - dealing with some of the common abuses of HTML in email. See How can I configure Privoxy - with Outlook? below for more on - this.
Be aware that HTML email presents a number of unique security and privacy - related issues, that can require advanced skills to overcome. The developers - recommend using email clients that can be configured to convert HTML to plain - text for these reasons.
2.4. I just installed Privoxy. Is there anything -special I have to do now?
All browsers should be told to use Privoxy - as a proxy by specifying the correct proxy address and port number - in the appropriate configuration area for the browser. It's possible - to combine Privoxy with a packet filter to intercept HTTP requests - even if the client isn't explicitly configured to use Privoxy, - but where possible, configuring the client is recommended. See - the User Manual for more - details. You should also flush your browser's memory and disk - cache to get rid of any cached junk items, and remove any stored - cookies.
2.5. What is the proxy address of Privoxy?
If you set up the Privoxy to run on - the computer you browse from (rather than your ISP's server or some - networked computer on a LAN), the proxy will be on 127.0.0.1 - (sometimes referred to as "localhost", - which is the special name used by every computer on the Internet to refer - to itself) and the port will be 8118 (unless you used the listen-address - config option to tell Privoxy to run on - a different port). -
When configuring your browser's proxy settings you typically enter - the word "localhost" or the IP address "127.0.0.1" - in the boxes next to "HTTP" and "Secure" (HTTPS) and - then the number "8118" for "port". - This tells your browser to send all web requests to Privoxy - instead of directly to the Internet. -
Privoxy can also be used to proxy for - a Local Area Network. In this case, your would enter either the IP - address of the LAN host where Privoxy - is running, or the equivalent hostname, e.g. 192.168.1.1. - Port assignment would be same as above. Note that - Privoxy doesn't listen on any LAN interfaces by - default. -
Privoxy does not currently handle - any other protocols such as FTP, SMTP, IM, IRC, ICQ, etc. -
2.6. I just installed Privoxy, and nothing is happening. -All the ads are there. What's wrong?
Did you configure your browser to use Privoxy - as a proxy? It does not sound like it. See above. You might also try flushing - the browser's caches to force a full re-reading of pages. You can verify - that Privoxy is running, and your browser - is correctly configured by entering the special URL: - http://p.p/. - - This should take you to a page titled "This is Privoxy.." with - access to Privoxy's internal configuration. - If you see this, then you are good to go. If you receive a page saying - "Privoxy is not running", then the browser is not set up to use - your Privoxy installation. - If you receive anything else (probably nothing at all), it could either - be that the browser is not set up correctly, or that - Privoxy is not running at all. Check the log file. For instructions - on starting Privoxy and browser configuration, - see the chapter - on starting Privoxy in the - User Manual.
2.7. I get a "Privoxy is not being used" dummy page although -Privoxy is running and being used.
First, make sure that Privoxy is really running and - being used by visiting http://p.p/. You - should see the Privoxy main page. If not, see - the chapter - on starting Privoxy in the - User Manual.
Now if http://p.p/ works for you, but - other parts of Privoxy's web interface show - the dummy page, your browser has cached a redirection it encountered before - Privoxy was being used. You need to clear your - browser's cache. Note that shift-reloading the dummy page won't help, since - that'll only refresh the dummy page, not the redirection that lead you there.
The procedure for clearing the cache varies from browser to browser. For - example, Mozilla/Netscape users would click - Edit --> Preferences --> - Advanced --> Cache and - then click both "Clear Memory Cache" - and "Clear Disk Cache". - In some Firefox versions it's - Tools --> Options --> - Privacy --> Cache and - then click "Clear Cache Now". -
2. + Installation
+ +2.1. Which + browsers are supported by Privoxy?
+ +Any browser that can be configured to use a proxy, which should be + virtually all browsers, including Firefox, Internet + Explorer, Opera, and + Safari among others. Direct browser + support is not an absolute requirement since Privoxy runs as a separate application and talks + to the browser in the standardized HTTP protocol, just like a web + server does.
+2.2. Which operating + systems are supported?
+ +At present, Privoxy is known to run + on Windows(95, 98, ME, 2000, XP, Vista), GNU/Linux (RedHat, SuSE, + Debian, Fedora, Gentoo, Slackware and others), Mac OSX, OS/2, AmigaOS, + FreeBSD, NetBSD, OpenBSD, Solaris, and various other flavors of + Unix.
+ +But any operating system that runs TCP/IP, can conceivably take + advantage of Privoxy in a networked + situation where Privoxy would run as a + server on a LAN gateway. Then only the "gateway" needs to be running one of the above operating + systems.
+ +Source code is freely available, so porting to other operating + systems is always a possibility.
+2.3. Can I + use Privoxy with my email client?
+ +As long as there is some way to set a HTTP proxy for the client, + then yes, any application can be used, whether it is strictly speaking + a "browser" or not. Though this may not be + the best approach for dealing with some of the common abuses of HTML in + email. See How can I configure + Privoxy with Outlook? below for more on this.
+ +Be aware that HTML email presents a number of unique security and + privacy related issues, that can require advanced skills to overcome. + The developers recommend using email clients that can be configured to + convert HTML to plain text for these reasons.
+2.4. I just + installed Privoxy. Is there anything special I have to do now?
+ +All browsers should be told to use Privoxy as a proxy by specifying the correct proxy + address and port number in the appropriate configuration area for the + browser. It's possible to combine Privoxy with a packet filter to intercept HTTP + requests even if the client isn't explicitly configured to use + Privoxy, but where possible, + configuring the client is recommended. See the User Manual for more + details. You should also flush your browser's memory and disk cache + to get rid of any cached junk items, and remove any stored cookies.
+2.5. What is the + proxy address of Privoxy?
+ +If you set up the Privoxy to run on + the computer you browse from (rather than your ISP's server or some + networked computer on a LAN), the proxy will be on 127.0.0.1 (sometimes referred to as "localhost", which is the special name used by every + computer on the Internet to refer to itself) and the port will be 8118 + (unless you used the listen-address config option to tell Privoxy to run on a different port).
+ +When configuring your browser's proxy settings you typically enter + the word "localhost" or the IP address + "127.0.0.1" in the boxes next to + "HTTP" and "Secure" (HTTPS) and then the number "8118" for "port". This tells + your browser to send all web requests to Privoxy instead of directly to the Internet.
+ +Privoxy can also be used to proxy + for a Local Area Network. In this case, your would enter either the IP + address of the LAN host where Privoxy + is running, or the equivalent hostname, e.g. 192.168.1.1. Port assignment would be same as above. + Note that Privoxy doesn't listen on + any LAN interfaces by default.
+ +Privoxy does not currently handle + any other protocols such as FTP, SMTP, IM, IRC, ICQ, etc.
+2.6. I just installed + Privoxy, and nothing is happening. All the ads are there. What's + wrong?
+ +Did you configure your browser to use Privoxy as a proxy? It does not sound like it. See + above. You might also try flushing the browser's caches to force a full + re-reading of pages. You can verify that Privoxy is running, and your browser is correctly + configured by entering the special URL: http://p.p/. This should take you to a page titled + "This is Privoxy.." with access to + Privoxy's internal configuration. If + you see this, then you are good to go. If you receive a page saying + "Privoxy is not running", then the browser + is not set up to use your Privoxy + installation. If you receive anything else (probably nothing at all), + it could either be that the browser is not set up correctly, or that + Privoxy is not running at all. Check + the log + file. For instructions on starting Privoxy and browser configuration, see the + chapter on starting Privoxy + in the User + Manual.
+2.7. I get a + "Privoxy is not being used" dummy page + although Privoxy is running and being used.
+ +First, make sure that Privoxy is really running and being used by visiting + http://p.p/. You should see the + Privoxy main page. If not, see the + chapter on starting Privoxy + in the User + Manual.
+ +Now if http://p.p/ works for + you, but other parts of Privoxy's web + interface show the dummy page, your browser has cached a redirection it + encountered before Privoxy was being + used. You need to clear your browser's cache. Note that shift-reloading + the dummy page won't help, since that'll only refresh the dummy page, + not the redirection that lead you there.
+ +The procedure for clearing the cache varies from browser to browser. + For example, Mozilla/Netscape users + would click Edit --> Preferences --> Advanced --> Cache + and then click both "Clear + Memory Cache" and "Clear Disk Cache". In some Firefox versions it's Tools --> Options + --> Privacy --> Cache and then click "Clear Cache Now".
+4. Miscellaneous
4.1. How much does Privoxy slow my browsing down? This -has to add extra time to browsing.
How much of an impact depends on many things, including the CPU of the host - system, how aggressive the configuration is, which specific actions are being triggered, - the size of the page, the bandwidth of the connection, etc.
Overall, it should not slow you down any in real terms, and may actually help - speed things up since ads, banners and other junk are not typically being - retrieved and displayed. The actual processing time required by - Privoxy itself for each page, is relatively small - in the overall scheme of things, and happens very quickly. This is typically - more than offset by time saved not downloading and rendering ad images and - other junk content (if ad blocking is being used).
"Filtering" content via the filter or - deanimate-gifs - actions may cause a perceived slowdown, since the entire document - needs to be buffered before displaying. And on very large documents, - filtering may have some measurable impact. How much depends on the page size, - the actual definition of the filter(s), etc. See below. Most other actions - have little to no impact on speed.
Also, when filtering is enabled but zlib support isn't available, compression - is often disabled (see prevent-compression). - This can have an impact on speed as well, although it's probably smaller than - you might think. Again, the page size, etc. will determine how much of an impact.
4.2. I notice considerable -delays in page requests. What's wrong?
If you use any filter action, - such as filtering banners by size, web-bugs etc, or the deanimate-gifs - action, the entire document must be loaded into memory in order for the filtering - mechanism to work, and nothing is sent to the browser during this time.
The loading time typically does not really change much in real numbers, but - the feeling is different, because most browsers are able to start rendering - incomplete content, giving the user a feeling of "it works". This effect is - more noticeable on slower dialup connections. Extremely large documents - may have some impact on the time to load the page where there is filtering - being done. But overall, the difference should be very minimal. If there is a - big impact, then probably some other situation is contributing (like - anti-virus software). -
Filtering is automatically disabled for inappropriate MIME types. But note - that if the web server mis-reports the MIME type, then content that should - not be filtered, could be. Privoxy only knows how - to differentiate filterable content because of the MIME type as reported by - the server, or because of some configuration setting that enables/disables - filtering.
4.3. What are "http://config.privoxy.org/" and -"http://p.p/"?
http://config.privoxy.org/ is the - address of Privoxy's built-in user interface, and - http://p.p/ is a shortcut for it.
Since Privoxy sits between your web browser and the Internet, - it can simply intercept requests for these addresses and answer them with its built-in - "web server".
This also makes for a good test for your browser configuration: If entering the - URL http://config.privoxy.org/ - takes you to a page saying "This is Privoxy ...", everything is OK. - If you get a page saying "Privoxy is not working" instead, then - your browser didn't use Privoxy for the request, - hence it could not be intercepted, and you have accessed the real - web site at config.privoxy.org.
4.4. How can I submit new ads, or report -problems?
Please see the Contact section for -various ways to interact with the developers.
4.5. If I do submit missed ads, will -they be included in future updates?
Whether such submissions are eventually included in the - default.action configuration file depends on how - significant the issue is. We of course want to address any potential - problem with major, high-profile sites such as Google, - Yahoo, etc. Any site with global or regional reach, - has a good chance of being a candidate. But at the other end of the spectrum - are any number of smaller, low-profile sites such as for local clubs or - schools. Since their reach and impact are much less, they are best handled by - inclusion in the user's user.action, and thus would be - unlikely to be included.
4.6. Why doesn't anyone answer my support -request?
Rest assured that it has been read and considered. Why it is not answered, -could be for various reasons, including no one has a good answer for it, no -one has had time to yet investigate it thoroughly, it has been reported -numerous times already, or because not enough information was provided to help -us help you. Your efforts are not wasted, and we do appreciate them.
4.7. How can I hide my IP address?
If you run both the browser and Privoxy locally, you cannot hide your IP - address with Privoxy or ultimately any other - software alone. The server needs to know your IP address so that it knows - where to send the responses back.
There are many publicly usable "anonymous" proxies out there, which - provide a further level of indirection between you and the web server.
However, these proxies are called "anonymous" because you don't need - to authenticate, not because they would offer any real anonymity. - Most of them will log your IP address and make it available to the - authorities in case you violate the law of the country they run in. In fact - you can't even rule out that some of them only exist to *collect* information - on (those suspicious) people with a more than average preference for privacy.
If you want to hide your IP address from most adversaries, - you should consider chaining Privoxy - with Tor. - The configuration details can be found in - How do I use Privoxy together - with Tor section - just below.
4.8. Can Privoxy guarantee I am anonymous?
No. Your chances of remaining anonymous are improved, but unless you - chain Privoxy with Tor - or a similar proxy and know what you're doing when it comes to configuring - the rest of your system, you should assume that everything you do - on the Web can be traced back to you.
Privoxy can remove various information about you, - and allows you more freedom to decide which sites - you can trust, and what details you want to reveal. But it neither - hides your IP address, nor can it guarantee that the rest of the system - behaves correctly. There are several possibilities how a web sites can find - out who you are, even if you are using a strict Privoxy - configuration and chained it with Tor.
Most of Privoxy's privacy-enhancing features can be easily subverted - by an insecure browser configuration, therefore you should use a browser that can - be configured to only execute code from trusted sites, and be careful which sites you trust. - For example there is no point in having Privoxy - modify the User-Agent header, if websites can get all the information they want - through JavaScript, ActiveX, Flash, Java etc.
A few browsers disclose the user's email address in certain situations, such - as when transferring a file by FTP. Privoxy - does not filter FTP. If you need this feature, or are concerned about the - mail handler of your browser disclosing your email address, you might - consider products such as NSClean.
Browsers available only as binaries could use non-standard headers to give - out any information they can have access to: see the manufacturer's license - agreement. It's impossible to anticipate and prevent every breach of privacy - that might occur. The professionally paranoid prefer browsers available as - source code, because anticipating their behavior is easier. Trust the source, - Luke!
4.9. A test site says I am not using a Proxy.
Good! Actually, they are probably testing for some other kinds of proxies. - Hiding yourself completely would require additional steps.
4.10. How do I use Privoxy - together with Tor?
Before you configure Privoxy to use - Tor, - please follow the User Manual chapters - 2. Installation and - 5. Startup to make sure - Privoxy itself is setup correctly.
- If it is, refer to Tor's - extensive documentation to learn how to install Tor, - and make sure Tor's logfile says that - "Tor has successfully opened a circuit" and it - "looks like client functionality is working".
If either Tor or Privoxy - isn't working, their combination most likely will neither. Testing them on their - own will also help you to direct problem reports to the right audience. - If Privoxy isn't working, don't bother the - Tor developers. If Tor - isn't working, don't send bug reports to the Privoxy Team.
If you verified that Privoxy and Tor - are working, it is time to connect them. As far as Privoxy - is concerned, Tor is just another proxy that can be reached - by socks4 or socks4a. Most likely you are interested in Tor - to increase your anonymity level, therefore you should use socks4a, to make sure DNS requests are - done through Tor and thus invisible to your local network.
Since Privoxy 3.0.5, its - main configuration file - is already prepared for Tor, if you are using a - default Tor configuration and run it on the same - system as Privoxy, you just have to edit the - forwarding section - and uncomment the line:
# forward-socks4a / 127.0.0.1:9050 . - |
This is enough to reach the Internet, but additionally you might want to - uncomment the following forward rules, to make sure your local network is still - reachable through Privoxy:
# forward 192.168.*.*/ . + + + + + + ++ |
+
4.24. Where can I find + more information about Privoxy and related issues?
+ +Other references and sites of interest to Privoxy users:
+ +http://www.privoxy.org/, the Privoxy Home page. | +
http://www.privoxy.org/faq/, the Privoxy FAQ. | +
http://www.privoxy.org/developer-manual/, the + Privoxy developer manual. | +
https://sourceforge.net/projects/ijbswa/, the Project + Page for Privoxy on SourceForge. | +
http://config.privoxy.org/, the web-based user + interface. Privoxy must be + running for this to work. Shortcut: http://p.p/ | +
https://sourceforge.net/tracker/?group_id=11118&atid=460288, + to submit "misses" and other + configuration related suggestions to the developers. | +
http://www.junkbusters.com/ht/en/cookies.html, + an explanation how cookies are used to track web users. | +
http://www.junkbusters.com/ijb.html, the original + Internet Junkbuster. | +
http://www.squid-cache.org/, a popular caching proxy, + which is often used together with Privoxy. | +
http://www.pps.jussieu.fr/~jch/software/polipo/, + Polipo is a caching proxy with + advanced features like pipelining, multiplexing and caching of + partial instances. In many setups it can be used as Squid replacement. | +
https://www.torproject.org/, Tor can help anonymize web browsing, web + publishing, instant messaging, IRC, SSH, and other + applications. | +
4.25. I've noticed + that Privoxy changes "Microsoft" to + "MicroSuck"! Why are you manipulating my + browsing?
+ +We're not. The text substitutions that you are seeing are disabled + in the default configuration as shipped. You have either manually + activated the "fun" + filter which is clearly labeled "Text replacements + for subversive browsing fun!" or you are using an older Privoxy + version and have implicitly activated it by choosing the "Advanced" profile in the web-based editor. Please + upgrade.
+4.26. Does Privoxy produce + "valid" HTML (or XHTML)?
+ +Privoxy generates HTML in both its own "templates", and possibly whenever there are text + substitutions via a Privoxy filter. + While this should always conform to the HTML 4.01 specifications, it + has not been validated against this or any other standard.
+4.27. How did you manage to get Privoxy on my + computer without my consent?
+ +We didn't. We make Privoxy available for download, but we don't go + around installing it on other people's systems behind their back. If + you discover Privoxy running on your system and are sure you didn't + install it yourself, somebody else did. You may not even be running the + real Privoxy, but maybe something else that only pretends to be + Privoxy, or maybe something that is based on the real Privoxy, but has + been modified.
+ +Lately there have been reports of problems with some kind of Privoxy + versions that come preinstalled on some Netbooks. Some of the problems + described are inconsistent with the behaviour of official Privoxy + versions, which suggests that the preinstalled software may contain + vendor modifications that we don't know about and thus can't debug.
+ +Privoxy's license allows vendor + modifications, but the vendor has to comply with the license, which + involves informing the user about the changes and to make the changes + available under the same license as Privoxy itself.
+ +If you are having trouble with a modified Privoxy version, please + try to talk to whoever made the modifications before reporting the + problem to us. Please also try to convince whoever made the + modifications to talk to us. If you think somebody gave you a modified + Privoxy version without complying to the license, please let us + know.
+5. Troubleshooting
5.1. I cannot connect to any websites. Or, I am getting -"connection refused" message with every web page. Why?
There are several possibilities:
Privoxy is not running. Solution: verify - that Privoxy is installed correctly, has not crashed, and is indeed running. - Turn on Privoxy's logging, and look at the logs to see what they say.
Or your browser is configured for a different port than what - Privoxy is using. Solution: verify that Privoxy - and your browser are set to the same port (listen-address).
Or if using a forwarding rule, you have a configuration problem or a - problem with a host in the forwarding chain. Solution: temporarily alter your - configuration and take the forwarders out of the equation.
Or you have a firewall that is interfering and blocking you. Solution: - try disabling or removing the firewall as a simple test. -
5.2. Why am I getting a 503 Error (WSAECONNREFUSED) on every page?
More than likely this is a problem with your TCP/IP networking. ZoneAlarm has - been reported to cause this symptom -- even if not running! The solution is - to either fight the ZA configuration, or uninstall ZoneAlarm, and then find - something better behaved in its place. Other personal firewall type products - may cause similar type problems if not configured correctly. -
5.3. I just added a new rule, but the steenkin ad is -still getting through. How?
If the ad had been displayed before you added its URL, it will probably be - held in the browser's cache for some time, so it will be displayed without - the need for any request to the server, and Privoxy - will not be involved. Flush the browser's caches, and then try again.
If this doesn't help, you probably have an error in the rule you - applied. Try pasting the full URL of the offending ad into http://config.privoxy.org/show-url-info - and see if it really matches your new rule. Blocking ads is like blocking - spam: a lot of tinkering is required to stay ahead of the game. And - remember you need to block the URL of the ad in question, which may be - entirely different from the site URL itself. Most ads are hosted on different - servers than the main site itself. If you right-click on the ad, you should - be able to get all the relevant information you need. Alternately, you can - find the correct URL by looking at Privoxy's logs - (you may need to enable logging in the main config file if its disabled).
Below is a slightly modified real-life log snippet that originates with one - requested URL: www.example.com (name of site was changed - for this example, the number of requests is real). You can see in this the - complexity of what goes into making up this one "page". There - are eight different domains involved here, with thirty two separate URLs - requested in all, making up all manner of images, Shockwave Flash, - JavaScript, CSS stylesheets, scripts, and other related content. Some of this - content is obviously "good" or "bad", but not all. - Many of the more questionable looking requests, are going to outside domains - that seem to be identifying themselves with suspicious looking names, making - our job a little easier. Privoxy has "crunched" (meaning caught - and BLOCKED) quite a few items in this example, but perhaps missed a few as well.
Request: www.example.com/ + + + + + + ++ |
+
Despite 12 out of 32 requests being blocked, the page looked, and + seemed to behave perfectly "normal" (minus + some ads, of course).
+5.4. One of my + favorite sites does not work with Privoxy. What can I do?
+ +First verify that it is indeed a Privoxy problem, by toggling off Privoxy through http://config.privoxy.org/toggle (the toggle feature may + need to be enabled in the main config), and + then shift-reloading the problem page (i.e. holding down the shift key + while clicking reload. Alternatively, flush your browser's disk and + memory caches).
+ +If the problem went away, we know we have a configuration related + problem. Now go to http://config.privoxy.org/show-url-info and paste the + full URL of the page in question into the prompt. See which actions are + being applied to the URL, and which matches in which actions files are + responsible for that. It might be helpful also to look at your logs for + this site too, to see what else might be happening (note: logging may + need to be enabled in the main config file). Many sites are complex and + require a number of related pages to help present their content. Look + at what else might be used by the page in question, and what of that + might be required. Now, armed + with this information, go to http://config.privoxy.org/show-status and select the + appropriate actions files for editing.
+ +You can now either look for a section which disables the actions + that you suspect to cause the problem and add a pattern for your site + there, or make up a completely new section for your site. In any case, + the recommended way is to disable only the prime suspect, reload the + problem page, and only if the problem persists, disable more and more + actions until you have identified the culprit. You may or may not want + to turn the other actions on again. Remember to flush your browser's + caches in between any such changes!
+ +Alternately, if you are comfortable with a text editor, you can + accomplish the same thing by editing the appropriate actions file. + Probably the easiest way to deal with such problems when editing by + hand is to add your site to a { fragile } + section in user.action, which is an alias + that turns off most "dangerous" actions, but + is also likely to turn off more actions then needed, and thus lower + your privacy and protection more than necessary,
+ +Troubleshooting actions is discussed in more detail in the User Manual + appendix, Troubleshooting: the Anatomy of an Action. There is also + an actions tutorial with general configuration information and + examples.
+ +As a last resort, you can always see if your browser has a setting + that will bypass the proxy setting for selective sites. Modern browsers + can do this.
+5.5. After installing Privoxy, + I have to log in every time I start IE. What gives?
+ +This is a quirk that effects the installation of Privoxy, in conjunction with Internet Explorer and + Internet Connection Sharing on Windows 2000 and Windows XP. The + symptoms may appear to be corrupted or invalid DUN settings, or + passwords.
+ +When setting up an NT based Windows system with Privoxy you may find that things do not seem to be + doing what you expect. When you set your system up you will probably + have set up Internet Connection Sharing (ICS) with Dial up Networking + (DUN) when logged in with administrator privileges. You will probably + have made this DUN connection available to other accounts that you may + have set-up on your system. E.g. Mum or Dad sets up the system and + makes accounts suitably configured for the kids.
+ +When setting up Privoxy in this + environment you will have to alter the proxy set-up of Internet + Explorer (IE) for the specific DUN connection on which you wish to use + Privoxy. When you do this the ICS DUN + set-up becomes user specific. In this instance you will see no + difference if you change the DUN connection under the account used to + set-up the connection. However when you do this from another user you + will notice that the DUN connection changes to make available to "Me + only". You will also find that you have to store the password under + each different user!
+ +The reason for this is that each user's set-up for IE is user + specific. Each set-up DUN connection and each LAN connection in IE + store the settings for each user individually. As such this enforces + individual configurations rather than common ones. Hence the first time + you use a DUN connection after re-booting your system it may not + perform as you expect, and prompt you for the password. Just set and + save the password again and all should be OK.
+ +[Thanks to Ray Griffith for this submission.]
+5.6. I cannot connect to any + FTP sites. Privoxy is blocking me.
+ +Privoxy cannot act as a proxy for + FTP traffic, so do not configure your browser to use Privoxy as an FTP proxy. The same is true for + any protocol other than HTTP or + HTTPS (SSL).
+ +Most browsers understand FTP as well as HTTP. If you connect to a + site, with a URL like ftp://ftp.example.com, + your browser is making an FTP connection, and not a HTTP connection. So + while your browser may speak FTP, Privoxy does not, and cannot proxy such + traffic.
+ +To complicate matters, some systems may have a generic "proxy" setting, which will enable various protocols, + including both HTTP and FTP + proxying! So it is possible to accidentally enable FTP proxying in + these cases. And of course, if this happens, Privoxy will indeed cause problems since it does + not know FTP. Newer version will give a sane error message if a FTP + connection is attempted. Just disable the FTP setting and all will be + well again.
+ +Will Privoxy ever proxy FTP + traffic? Unlikely. There just is not much reason, and the work to make + this happen is more than it may seem.
+5.7. In Mac OS X, I + can't configure Microsoft Internet Explorer to use Privoxy as the HTTP + proxy.
+ +Microsoft Internet Explorer (in versions like 5.1) respects + system-wide network settings. In order to change the HTTP proxy, open + System Preferences, and click on the Network icon. In the settings pane + that comes up, click on the Proxies tab. Ensure the "Web Proxy (HTTP)" + checkbox is checked and enter 127.0.0.1 in the + entry field. Enter 8118 in the Port field. The + next time you start IE, it should reflect these values.
+5.8. + In Mac OS X, I dragged the Privoxy folder to the trash in order to + uninstall it. Now the finder tells me I don't have sufficient + privileges to empty the trash.
+ +Note: This ONLY applies to privoxy 3.0.6 and earlier.
+ +Just dragging the Privoxy folder to + the trash is not enough to delete it. Privoxy supplies an uninstall.command file that takes care of these + details. Open the trash, drag the uninstall.command file out of the trash and + double-click on it. You will be prompted for confirmation and the + administration password.
+ +The trash may still appear full after this command; emptying the + trash from the desktop should make it appear empty again.
+5.9. In Mac + OS X Panther (10.3), images often fail to load and/or I experience + random delays in page loading. I'm using localhost as my browser's proxy setting.
+ +We believe this is due to an IPv6-related bug in Mac OS X, but don't + fully understand the issue yet. In any case, changing the proxy setting + to 127.0.0.1 instead of localhost works around the problem.
+5.10. I get a + completely blank page at one site. "View + Source" shows only: <html><body></body></html>. + Without Privoxy the page loads fine.
+ +Chances are that the site suffers from a bug in PHP, which results in empty pages being sent + if the client explicitly requests an uncompressed page, like + Privoxy does. This bug has been fixed + in PHP 4.2.3.
+ +To find out if this is in fact the source of the problem, try adding + the site to a -prevent-compression section in + user.action:
+ +
+ + # Make exceptions for ill-behaved sites: + # + {-prevent-compression} + .example.com ++ |
+
If that works, you may also want to report the problem to the site's + webmasters, telling them to use zlib.output_compression instead of + ob_gzhandler in their PHP applications (workaround) or upgrade to PHP + 4.2.3 or later (fix).
+5.11. My logs + show many "Unable to get my own hostname" + lines. Why?
+ +Privoxy tries to get the hostname + of the system its running on from the IP address of the system + interface it is bound to (from the config + file listen-address setting). + If the system cannot supply this information, Privoxy logs this condition.
+ +Typically, this would be considered a minor system configuration + error. It is not a fatal error to Privoxy however, but may result in a much slower + response from Privoxy on some + platforms due to DNS timeouts.
+ +This can be caused by a problem with the local hosts file. If this file has been changed from the + original, try reverting it to see if that helps. Make sure whatever + name(s) are used for the local system, that they resolve both ways.
+ +You should also be able to work around the problem with the hostname + option.
+5.12. When I try to launch + Privoxy, I get an error message "port 8118 is + already in use" (or similar wording). Why?
+ +Port 8118 is Privoxy's default TCP + "listening" port. Typically this message + would mean that there is already one instance of Privoxy running, and your system is actually + trying to start a second Privoxy on + the same port, which will not work. (You can have multiple instances + but they must be assigned different ports.) How and why this might + happen varies from platform to platform, but you need to check your + installation and start-up procedures.
+5.13. Pages + with UTF-8 fonts are garbled.
+ +This is caused by the "demoronizer" + filter. You should either upgrade Privoxy, or at least upgrade to the most recent + default.action file available from SourceForge. Or you can simply disable the demoronizer + filter.
+5.14. Why + are binary files (such as images) corrupted when Privoxy is + used?
+ +This may also be caused by the "demoronizer" filter, in conjunction with a web server + that is misreporting the content type. Binary files are exempted from + Privoxy's filtering (unless the web + server by mistake says the file is something else). Either upgrade + Privoxy, or go to the most recent + default.action file available from SourceForge.
+5.15. What + is the "demoronizer" and why is it + there?
+ +The original demoronizer was a Perl script that cleaned up HTML + pages which were created with certain Microsoft products. MS has used + proprietary extensions to standardized font encodings (ISO 8859-1), + which has caused problems for pages that are viewed with non-Microsoft + products (and are expecting to see a standard set of fonts). The + demoronizer corrected these errors so the pages displayed correctly. + Privoxy borrowed from this script, + introducing a filter based on the original demoronizer, which in turn + could correct these errors on the fly.
+ +But this is only needed in some situations, and will cause serious + problems in some other situations.
+ +If you are using Microsoft products, you do not need it. If you need + to view pages with UTF-8 characters (such as Cyrillic or Chinese), then + it will cause corruption of the fonts, and thus should not be on.
+ +On the other hand, if you use non-Microsoft products, and you + occasionally notice weird characters on pages, you might want to try + it.
+5.16. Why do I + keep seeing "PrivoxyWindowOpen()" in raw + source code?
+ +Privoxy is attempting to disable + malicious Javascript in this case, with the unsolicited-popups filter. Privoxy cannot tell very well "good" code snippets from "bad" code snippets.
+ +If you see this in HTML source, and the page displays without + problems, then this is good, and likely some pop-up window was + disabled. If you see this where it is causing a problem, such as a + downloaded program source code file, then you should set an exception + for this site or page such that the integrity of the page stays in tact + by disabling all filtering.
+5.17. I am getting + too many DNS errors like "404 No Such + Domain". Why can't Privoxy do this better?
+ +There are potentially several factors here. First of all, the DNS + resolution is done by the underlying operating system -- not + Privoxy itself. Privoxy merely initiates the process and hands it + off, and then later reports whatever the outcome was and tries to give + a coherent message if there seems to be a problem. In some cases, this + might otherwise be mitigated by the browser itself which might try some + work-arounds and alternate approaches (e.g adding "www." to the URL).
+ +In other cases, if Privoxy is being + chained with another proxy, this could complicate the issue, and cause + undue delays and timeouts. In the case of a "socks4a" proxy, the socks server handles all the DNS. + Privoxy would just be the "messenger" which is reporting whatever problem occurred + downstream, and not the root cause of the error.
+ +In any case, versions newer than 3.0.3 include various improvements + to help Privoxy better handle these + cases.
+5.18. At one site + Privoxy just hangs, and starts taking all CPU. Why is this?
+ +This is probably a manifestation of the "100% + cpu" problem that occurs on pages containing many (thousands + upon thousands) of blank lines. The blank lines are in the raw HTML + source of the page, and the browser just ignores them. But the pattern + matching in Privoxy's page filtering + mechanism is trying to match against absurdly long strings and this + becomes very CPU-intensive, taking a long, long time to complete.
+ +Until a better solution comes along, disable filtering on these + pages, particularly the js-annoyances and + unsolicited-popups filters. If you run into + this problem with a recent Privoxy + version, please send a problem report.
+5.19. I just + installed Privoxy, and all my browsing has slowed to a crawl. What + gives?
+ +This should not happen, and for the overwhelming number of users + world-wide, it does not happen. I would suspect some inadvertent + interaction of software components such as anti-virus software, spyware + protectors, personal firewalls or similar components. Try disabling (or + uninstalling) these one at a time and see if that helps. Either way, if + you are using a recent Privoxy + version, please report the problem.
+5.20. Why do + my filters work on some sites but not on others?
+ +It's probably due to compression. It is a common practice for web + servers to send their content "compressed" + in order to speed things up, and then let the browser "uncompress" them. When compiled with zlib support + Privoxy can decompress content before + filtering, otherwise you may want to enable prevent-compression.
+ +As of Privoxy 3.0.9, zlib support + is enabled in the default builds.
+5.21. On + some HTTPS sites my browser warns me about unauthenticated content, the + URL bar doesn't get highlighted and the lock symbol appears to be + broken. What's going on?
+ +Probably the browser is requesting ads through HTTPS and + Privoxy is blocking the requests. + Privoxy's error messages are delivered unencrypted and while it's + obvious for the browser that the HTTPS request is already blocked by + the proxy, some warn about unauthenticated content anyway.
+ +To work around the problem you can redirect those requests to an + invalid local address instead of blocking them. While the redirects + aren't encrypted either, many browsers don't care. They simply follow + the redirect, fail to reach a server and display an error message + instead of the ad.
+ +To do that, enable logging to figure out which requests get blocked + by Privoxy and add the hosts (no path + patterns) to a section like this:
+ +
+ +{+redirect{http://127.0.0.1:0/} -block -limit-connect} +.ivwbox.de:443/ ++ |
+
Additionally you have to configure your browser to contact + "127.0.0.1:0" directly (instead of through + Privoxy).
+ +To add a proxy exception in Mozilla + Firefox open the "Preferences", click + the "Settings" button located on the + "Network" tab in the "Advanced" section, and add "127.0.0.1:0" in the "No Proxy + for:" field.
+5.22. I get selinux + error messages. How can I fix this?
+ +Please report the problem to the creator of your selinux + policies.
+ +The problem is that some selinux policy writers aren't familiar with + the application they are trying to "secure" + and thus create policies that make no sense.
+ +In Privoxy's case the problem + usually is that the policy only allows outgoing connections for certain + destination ports (e.g. 80 and 443). While this may cover the standard + ports, websites occasionally use other ports as well. This isn't a + security problem and therefore Privoxy's default configuration doesn't block + these requests.
+ +If you really want to block these ports (and don't be able to load + websites that don't use standard ports), you should configure Privoxy + to block these ports as well, so it doesn't trigger the selinux + warnings.
+5.23. I + compiled Privoxy with Gentoo's portage + and it appears to be very slow. Why?
+ +Probably you unintentionally compiled Privoxy without threading support in which case + requests have to be serialized and only one can be served at the same + time.
+ +Check your "USE" flags and make sure they + include "threads". If they don't, add the + flag and rebuild Privoxy.
+ +If you compiled Privoxy with + threading support (on POSIX-based systems), the "Conditional #defines" section on http://config.privoxy.org/show-status will list "FEATURE_PTHREAD" as "enabled".
++ +
Prev | + +Home | + +Next | +
Miscellaneous | + ++ + | Contacting the developers, + Bug Reporting and Feature Requests | +
Privoxy - Home Page
Privoxy is a non-caching web proxy with advanced filtering capabilities - for enhancing privacy, modifying web page data and HTTP headers, controlling - access, and removing ads and other obnoxious Internet junk. Privoxy has a - flexible configuration and can be customized to suit individual needs and tastes. - It has application for both stand-alone systems and multi-user networks.
Privoxy is Free Software and licensed under the GPL2.
Privoxy is an associated project of Software in the Public Interest (SPI). - Donations are welcome.
The most recent release is 3.0.12 (stable). -
Privoxy - Home Page
+ +Privoxy is a non-caching web proxy with advanced filtering + capabilities for enhancing privacy, modifying web page data and HTTP + headers, controlling access, and removing ads and other obnoxious + Internet junk. Privoxy has a flexible configuration and can be + customized to suit individual needs and tastes. It has application + for both stand-alone systems and multi-user networks.
+ +Privoxy is Free Software and licensed under the GNU GPLv2.
+ +Privoxy is an associated project of Software in the Public + Interest (SPI).
+ +Helping hands and donations are welcome:
+ +-
+
- + + + +
- + + +
The most recent release is 3.0.19 (stable).
++
Download
+ +-
+
- + + + +
- + + +
PRIVOXY
-Section: (1)Updated: 21 March 2009
Index -
+ + + - -
NAME
+SYNOPSIS
+ +NAME
++ ---privoxy [--help ] [--version ] [--no-daemon ] [--pidfile pidfile ] [--user user[.group] ] [--chroot ] [--pre-chroot-nslookup hostname ] [configfile ] -
OPTIONS
+
+
SYNOPSIS
++ privoxy [--help ] [--version ] [--no-daemon ] [--pidfile pidfile ] + [--user user[.group] ] [--chroot ] [--pre-chroot-nslookup hostname ] + [configfile ] -Privoxy may be invoked with the following command line -options: -
-
-
- --help
- -Print brief usage info and exit. -
- --version
- -Print version info and exit. -
- --no-daemon
- -Don't become a daemon, i.e. don't fork and become process group -leader, don't detach from controlling tty, and do all logging there. -
- --pidfile pidfile
- -On startup, write the process ID to pidfile. -Delete the pidfile on exit. -Failure to create or delete the pidfile -is non-fatal. If no --pidfile option is given, no PID file will be used. -
- --user user[.group]
- -After (optionally) writing the PID file, assume the user ID of -user and the GID of -group, or, if the optional -group was not given, the default group of -user. Exit if the privileges are not -sufficient to do so. -
- --chroot
- -Before changing to the user ID given in the --user option, chroot to -that user's home directory, i.e. make the kernel pretend to the -Privoxy process that the directory tree starts -there. If set up carefully, this can limit the impact of possible -vulnerabilities in Privoxy to the files contained in -that hierarchy. -
- --pre-chroot-nslookup hostname
- -Initialize the resolver library using hostname -before chroot'ing. On some systems this reduces the number of files -that must be copied into the chroot tree. -
-If the configfile is not specified on the command line, -Privoxy will look for a file named -config in the current directory. If no -configfile is found, Privoxy will -fail to start. - -
DESCRIPTION
-+ -Privoxy is a non-caching web proxy with advanced filtering capabilities -for enhancing privacy, modifying web page data and HTTP headers, controlling -access, and removing ads and other obnoxious Internet junk. Privoxy has a -flexible configuration and can be customized to suit individual needs and tastes. -It has application for both stand-alone systems and multi-user networks. -
+
OPTIONS
++ Privoxy may be invoked with the following command line options: -Privoxy is Free Software and licensed under the GPL2. - --See the User Manual for a detailed -explanation of installation, general usage, all configuration options, new -features and notes on upgrading. - -INSTALLATION AND USAGE
+ --help Print brief usage info and exit. -+ --version + Print version info and exit. -Browsers can either be individually configured to use -Privoxy as a HTTP proxy (recommended), -or Privoxy can be combined with a packet -filter to build an intercepting proxy -(see config). The default setting is for -localhost, on port 8118 (configurable in the main config file). To set the -HTTP proxy in Firefox, go through: Tools; -Options; General; -Connection Settings; -Manual Proxy Configuration. -
+ --no-daemon + Don't become a daemon, i.e. don't fork and become process + group leader, don't detach from controlling tty, and do all log- + ging there. -For Internet Explorer, go through: Tools; -Internet Properties; Connections; -LAN Settings. -
+ --pidfile pidfile + On startup, write the process ID to pidfile. Delete the pidfile + on exit. Failure to create or delete the pidfile is non-fatal. + If no --pidfile option is given, no PID file will be used. -The Secure (SSL) Proxy should also be set to the same values, otherwise -https: URLs will not be proxied. Note: Privoxy can only -proxy HTTP and HTTPS traffic. Do not try it with FTP or other protocols. -HTTPS presents some limitations, and not all features will work with HTTPS -connections. -
+ --user user[.group] + After (optionally) writing the PID file, assume the user ID of + user and the GID of group, or, if the optional group was not + given, the default group of user. Exit if the privileges are not + sufficient to do so. -For other browsers, check the documentation. - -
CONFIGURATION
+ --chroot + Before changing to the user ID given in the --user option, + chroot to that user's home directory, i.e. make the kernel pre- + tend to the Privoxy process that the directory tree starts + there. If set up carefully, this can limit the impact of possi- + ble vulnerabilities in Privoxy to the files contained in that + hierarchy. -+ --pre-chroot-nslookup hostname + Initialize the resolver library using hostname before + chroot'ing. On some systems this reduces the number of files + that must be copied into the chroot tree. -Privoxy can be configured with the various configuration -files. The default configuration files are: config, -default.filter, default.action and -default.action. user.action should -be used for locally defined exceptions to the default rules in -match-all.action and default.action, -and user.filter for locally defined filters. These are -well commented. On Unix and Unix-like systems, these are located in -/etc/privoxy/ by default. -
+ If the configfile is not specified on the command line, Privoxy + will look for a file named config in the current directory. If no con- + figfile is found, Privoxy will fail to start. -Privoxy uses the concept of actions -in order to manipulate the data stream between the browser and remote sites. -There are various actions available with specific functions for such things -as blocking web sites, managing cookies, etc. These actions can be invoked -individually or combined, and used against individual URLs, or groups of URLs -that can be defined using wildcards and regular expressions. The result is -that the user has greatly enhanced control and freedom. -
-The actions list (ad blocks, etc) can also be configured with your -web browser at http://config.privoxy.org/ -(assuming the configuration allows it). -Privoxy's configuration parameters can also be viewed at -the same page. In addition, Privoxy can be toggled on/off. -This is an internal page, and does not require Internet access. -
+
FILES
+DESCRIPTION
++ Privoxy is a non-caching web proxy with advanced filtering capabilities + for enhancing privacy, modifying web page data and HTTP headers, con- + trolling access, and removing ads and other obnoxious Internet junk. + Privoxy has a flexible configuration and can be customized to suit --Various other files should be included, but may vary depending on platform -and build configuration. Additional documentation should be included in the local -documentation directory. - --
- - /usr/sbin/privoxy - /etc/privoxy/config - /etc/privoxy/match-all.action - /etc/privoxy/default.action - /etc/privoxy/user.action - /etc/privoxy/default.filter - /etc/privoxy/user.filter - /etc/privoxy/trust - /etc/privoxy/templates/* - /var/log/privoxy/logfile --+
SIGNALS
+INSTALLATION AND USAGE
++ Browsers can either be individually configured to use Privoxy as a HTTP + proxy (recommended), or Privoxy can be combined with a packet filter to + build an intercepting proxy (see config). The default setting is for + localhost, on port 8118 (configurable in the main config file). To + set the HTTP proxy in Firefox, go through: Tools; Options; General; + Connection Settings; Manual Proxy Configuration. --Other references and sites of interest to Privoxy -users: -+ For Internet Explorer, go through: Tools; Internet Properties; Connec- + tions; LAN Settings. -Privoxy terminates on the SIGINT, -SIGTERM and SIGABRT signals. Log -rotation scripts may cause a re-opening of the logfile by sending a -SIGHUP to Privoxy. Note that unlike -other daemons, Privoxy does not need to be made aware of -config file changes by SIGHUP -- it will detect them -automatically. - -
NOTES
+ The Secure (SSL) Proxy should also be set to the same values, otherwise + https: URLs will not be proxied. Note: Privoxy can only proxy HTTP and + HTTPS traffic. Do not try it with FTP or other protocols. HTTPS + presents some limitations, and not all features will work with HTTPS + connections. -+ For other browsers, check the documentation. -Please see the User Manual on how to contact the -developers, for feature requests, reporting problems, and other questions. - -
SEE ALSO
-+
+
CONFIGURATION
++ Privoxy can be configured with the various configuration files. The + default configuration files are: config, default.filter, default.action + and default.action. user.action should be used for locally defined + exceptions to the default rules in match-all.action and default.action, + and user.filter for locally defined filters. These are well commented. + On Unix and Unix-like systems, these are located in /etc/privoxy/ by + default. ---http://www.privoxy.org/, -the Privoxy Home page. -
-http://www.privoxy.org/faq/, -the Privoxy FAQ. -
-http://www.privoxy.org/developer-manual/, -the Privoxy developer manual. -
-https://sourceforge.net/projects/ijbswa/, -the Project Page for Privoxy on -SourceForge. -
-http://config.privoxy.org/, -the web-based user interface. Privoxy must be -running for this to work. Shortcut: http://p.p/ -
-https://sourceforge.net/tracker/?group_id=11118&atid=460288, to submit ``misses'' and other -configuration related suggestions to the developers. - -
DEVELOPMENT TEAM
+ Privoxy uses the concept of actions in order to manipulate the data + stream between the browser and remote sites. There are various actions + available with specific functions for such things as blocking web + sites, managing cookies, etc. These actions can be invoked individually + or combined, and used against individual URLs, or groups of URLs that + can be defined using wildcards and regular expressions. The result is + that the user has greatly enhanced control and freedom. --
- Fabian Keil, lead developer - David Schmidt, developer + The actions list (ad blocks, etc) can also be configured with your web + browser at http://config.privoxy.org/ (assuming the configuration + allows it). Privoxy's configuration parameters can also be viewed at + the same page. In addition, Privoxy can be toggled on/off. This is an + internal page, and does not require Internet access. - Hal Burgiss - Mark Miller - Gerry Murphy - Lee Rian - Roland Rosenfeld - Jörg Strohmayer -+ See the User Manual for a detailed explanation of installation, general + usage, all configuration options, new features and notes on upgrading. - -COPYRIGHT AND LICENSE
- -COPYRIGHT
+
+
FILES
++ /usr/sbin/privoxy + /etc/privoxy/config + /etc/privoxy/match-all.action + /etc/privoxy/default.action + /etc/privoxy/user.action + /etc/privoxy/default.filter + detect them automatically. -Copyright (C) 2001-2009 by Privoxy Developers <ijbswa-developers@lists.sourceforge.net> ---Some source code is based on code Copyright (C) 1997 by Anonymous Coders -and Junkbusters, Inc. and licensed under the GNU General Public -License. - -
LICENSE
+
+
NOTES
++ This is a UNRELEASED version of Privoxy. Not all features are well + tested. -Privoxy is free software; you can -redistribute it and/or modify it under the terms of the -GNU General Public License, version 2, -as published by the Free Software Foundation. --+ Please see the User Manual on how to contact the developers, for fea- + ture requests, reporting problems, and other questions. -This program is distributed in the hope that it will be useful, but WITHOUT -ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. -
-You should have received a copy of the GNU GPL -along with this program; if not, write to the Free Software -Foundation, Inc. 51 Franklin Street, Fifth Floor -Boston, MA 02110-1301 -USA -
+
-
Index
--
-
- NAME
- -
- SYNOPSIS
- -
- OPTIONS
- -
- DESCRIPTION
- -
- INSTALLATION AND USAGE
- -
- CONFIGURATION
- -
- FILES
- -
- SIGNALS
- -
- NOTES
- -
- SEE ALSO
- -
- DEVELOPMENT TEAM
- -
- COPYRIGHT AND LICENSE
- - -
-This document was created by -man2html, -using the manual pages.
-Time: 11:32:52 GMT, March 21, 2009 - - +
SEE ALSO
++ Other references and sites of interest to Privoxy users: + + + http://www.privoxy.org/, the Privoxy Home page. + + http://www.privoxy.org/faq/, the Privoxy FAQ. + + http://www.privoxy.org/developer-manual/, the Privoxy developer manual. + + https://sourceforge.net/projects/ijbswa/, the Project Page for Privoxy + on SourceForge. + + http://config.privoxy.org/, the web-based user interface. Privoxy must + be running for this to work. Shortcut: http://p.p/ + + https://sourceforge.net/tracker/?group_id=11118&atid=460288, to submit + ``misses'' and other configuration related suggestions to the develop- + ers. + + ++ +
DEVELOPMENT TEAM
++ Fabian Keil, lead developer + David Schmidt, developer + + Hal Burgiss + Lee Rian + Roland Rosenfeld + + ++ +
COPYRIGHT AND LICENSE
++ COPYRIGHT + Copyright (C) 2001-2011 by Privoxy Developers <ijbswa-develop- + ers@lists.sourceforge.net> + + Some source code is based on code Copyright (C) 1997 by Anonymous + Coders and Junkbusters, Inc. and licensed under the GNU General Public + License. + + LICENSE + Privoxy is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License, version 2, as pub- + lished by the Free Software Foundation. ++ + diff --git a/external/privoxy/doc/webserver/privoxy-index.html b/external/privoxy/doc/webserver/privoxy-index.html index 22cec35b..4bde44a2 100644 --- a/external/privoxy/doc/webserver/privoxy-index.html +++ b/external/privoxy/doc/webserver/privoxy-index.html @@ -1,283 +1,185 @@ - -
Privoxy - The Privacy Enhancing Proxy
Project Index Page v3.0.12
Privoxy is a non-caching web proxy with advanced filtering capabilities - for enhancing privacy, modifying web page data and HTTP headers, controlling - access, and removing ads and other obnoxious Internet junk. Privoxy has a - flexible configuration and can be customized to suit individual needs and tastes. - It has application for both stand-alone systems and multi-user networks.
Privoxy is Free Software and licensed under the GPL2.
Privoxy is an associated project of Software in the Public Interest (SPI). - Donations are welcome.
Privoxy - The Privacy + Enhancing Proxy
+ +Project Index Page v3.0.19
+ +Privoxy is a non-caching web proxy with advanced filtering + capabilities for enhancing privacy, modifying web page data and HTTP + headers, controlling access, and removing ads and other obnoxious + Internet junk. Privoxy has a flexible configuration and can be + customized to suit individual needs and tastes. It has application + for both stand-alone systems and multi-user networks.
+ +Privoxy is Free Software and licensed under the GNU GPLv2.
+ +Privoxy is an associated project of Software in the Public + Interest (SPI).
+ +Helping hands and donations are welcome:
+ + ++
Download
+ +-
+
- + + + +
- + + +
Privoxy - Team Photos
+ + + + +Privoxy - Team Photos
+
In our day jobs, we're all models ;-)
+- | - | - | - |
- | - | - | - |
+ + | + + | + + | + |
+ + | + + | + + | + |
8. Actions Files
The actions files are used to define what actions - Privoxy takes for which URLs, and thus determines - how ad images, cookies and various other aspects of HTTP content and - transactions are handled, and on which sites (or even parts thereof). - There are a number of such actions, with a wide range of functionality. - Each action does something a little different. - These actions give us a veritable arsenal of tools with which to exert - our control, preferences and independence. Actions can be combined so that - their effects are aggregated when applied against a given set of URLs.
There - are three action files included with Privoxy with - differing purposes:
match-all.action - is used to define which - "actions" relating to banner-blocking, images, pop-ups, - content modification, cookie handling etc should be applied by default. - It should be the first actions file loaded -
default.action - defines many exceptions (both - positive and negative) from the default set of actions that's configured - in match-all.action. It is a set of rules that should - work reasonably well as-is for most users. This file is only supposed to - be edited by the developers. It should be the second actions file loaded. -
user.action - is intended to be for local site - preferences and exceptions. As an example, if your ISP or your bank - has specific requirements, and need special handling, this kind of - thing should go here. This file will not be upgraded. -
Edit Set to Cautious Set to Medium Set to Advanced -
These have increasing levels of aggressiveness and have no - influence on your browsing unless you select them explicitly in the - editor. A default installation should be pre-set to - Cautious. New users should try this for a while before - adjusting the settings to more aggressive levels. The more aggressive - the settings, then the more likelihood there is of problems such as sites - not working as they should. -
The Edit button allows you to turn each - action on/off individually for fine-tuning. The Cautious - button changes the actions list to low/safe settings which will activate - ad blocking and a minimal set of Privoxy's features, and subsequently - there will be less of a chance for accidental problems. The - Medium button sets the list to a medium level of - other features and a low level set of privacy features. The - Advanced button sets the list to a high level of - ad blocking and medium level of privacy. See the chart below. The latter - three buttons over-ride any changes via with the - Edit button. More fine-tuning can be done in the - lower sections of this internal page. -
While the actions file editor allows to enable these settings in all - actions files, they are only supposed to be enabled in the first one - to make sure you don't unintentionally overrule earlier rules. -
The default profiles, and their associated actions, as pre-defined in - default.action are: -
-Table 1. Default Configurations
Feature Cautious Medium Advanced Ad-blocking Aggressiveness medium high high Ad-filtering by size no yes yes Ad-filtering by link no no yes Pop-up killing blocks only blocks only blocks only Privacy Features low medium medium/high Cookie handling none session-only kill Referer forging no yes yes GIF de-animation no yes yes Fast redirects no no yes HTML taming no no yes JavaScript taming no no yes Web-bug killing no yes yes Image tag reordering no yes yes
The list of actions files to be used are defined in the main configuration - file, and are processed in the order they are defined (e.g. - default.action is typically processed before - user.action). The content of these can all be viewed and - edited from http://config.privoxy.org/show-status. - The over-riding principle when applying actions, is that the last action that - matches a given URL wins. The broadest, most general rules go first - (defined in default.action), - followed by any exceptions (typically also in - default.action), which are then followed lastly by any - local preferences (typically in user.action). - Generally, user.action has the last word. -
An actions file typically has multiple sections. If you want to use - "aliases" in an actions file, you have to place the (optional) - alias section at the top of that file. - Then comes the default set of rules which will apply universally to all - sites and pages (be very careful with using such a - universal set in user.action or any other actions file after - default.action, because it will override the result - from consulting any previous file). And then below that, - exceptions to the defined universal policies. You can regard - user.action as an appendix to default.action, - with the advantage that it is a separate file, which makes preserving your - personal settings across Privoxy upgrades easier.
- Actions can be used to block anything you want, including ads, banners, or - just some obnoxious URL whose content you would rather not see. Cookies can be accepted - or rejected, or accepted only during the current browser session (i.e. not - written to disk), content can be modified, some JavaScripts tamed, user-tracking - fooled, and much more. See below for a complete list - of actions.
8.1. Finding the Right Mix
Note that some actions, like cookie suppression - or script disabling, may render some sites unusable that rely on these - techniques to work properly. Finding the right mix of actions is not always easy and - certainly a matter of personal taste. And, things can always change, requiring - refinements in the configuration. In general, it can be said that the more - "aggressive" your default settings (in the top section of the - actions file) are, the more exceptions for "trusted" sites you - will have to make later. If, for example, you want to crunch all cookies per - default, you'll have to make exceptions from that rule for sites that you - regularly use and that require cookies for actually useful purposes, like maybe - your bank, favorite shop, or newspaper.
We have tried to provide you with reasonable rules to start from in the - distribution actions files. But there is no general rule of thumb on these - things. There just are too many variables, and sites are constantly changing. - Sooner or later you will want to change the rules (and read this chapter again :).
8.2. How to Edit
The easiest way to edit the actions files is with a browser by - using our browser-based editor, which can be reached from http://config.privoxy.org/show-status. - Note: the config file option enable-edit-actions must be enabled for - this to work. The editor allows both fine-grained control over every single - feature on a per-URL basis, and easy choosing from wholesale sets of defaults - like "Cautious", "Medium" or - "Advanced". Warning: the "Advanced" setting is more - aggressive, and will be more likely to cause problems for some sites. - Experienced users only! -
If you prefer plain text editing to GUIs, you can of course also directly edit the - the actions files with your favorite text editor. Look at - default.action which is richly commented with many - good examples.
8.3. How Actions are Applied to Requests
Actions files are divided into sections. There are special sections, - like the "alias" sections which will - be discussed later. For now let's concentrate on regular sections: They have a - heading line (often split up to multiple lines for readability) which consist - of a list of actions, separated by whitespace and enclosed in curly braces. - Below that, there is a list of URL and tag patterns, each on a separate line.
To determine which actions apply to a request, the URL of the request is - compared to all URL patterns in each "action file". - Every time it matches, the list of applicable actions for the request is - incrementally updated, using the heading of the section in which the - pattern is located. The same is done again for tags and tag patterns later on.
If multiple applying sections set the same action differently, - the last match wins. If not, the effects are aggregated. - E.g. a URL might match a regular section with a heading line of { - +handle-as-image }, - then later another one with just { - +block }, resulting - in both actions to apply. And there may well be - cases where you will want to combine actions together. Such a section then - might look like:
{ +handle-as-image +block{Banner ads.} } + + + + + + + |
+
Note that allow-ads has been aliased to + -block, -filter{banners-by-size}, + and -filter{banners-by-link} + above.
+ +Invoke another alias here to force an over-ride of the MIME type + application/x-sh which typically would open + a download type dialog. In my case, I want to look at the shell + script, and then I can save it should I choose to.
+ +
+ +{ handle-as-text } + /.*\.sh$ ++ |
+
user.action is generally the best place + to define exceptions and additions to the default policies of + default.action. Some actions are safe to + have their default policies set here though. So let's set a default + policy to have a "blank" image as opposed + to the checkerboard pattern for ALL sites. "/" of course matches all URL paths and patterns:
+ +
+ +{ +set-image-blocker{blank} } +/ # ALL sites ++ |
+
Privoxy 3.0.12 User Manual | ||
---|---|---|
Prev |
14. Appendix
14.1. Regular Expressions
Privoxy uses Perl-style "regular - expressions" in its actions - files and filter file, - through the PCRE and - PCRS libraries.
If you are reading this, you probably don't understand what "regular - expressions" are, or what they can do. So this will be a very brief - introduction only. A full explanation would require a book ;-)
Regular expressions provide a language to describe patterns that can be - run against strings of characters (letter, numbers, etc), to see if they - match the string or not. The patterns are themselves (sometimes complex) - strings of literal characters, combined with wild-cards, and other special - characters, called meta-characters. The "meta-characters" have - special meanings and are used to build complex patterns to be matched against. - Perl Compatible Regular Expressions are an especially convenient - "dialect" of the regular expression language.
To make a simple analogy, we do something similar when we use wild-card - characters when listing files with the dir command in DOS. - *.* matches all filenames. The "special" - character here is the asterisk which matches any and all characters. We can be - more specific and use ? to match just individual - characters. So "dir file?.text" would match - "file1.txt", "file2.txt", etc. We are pattern - matching, using a similar technique to "regular expressions"!
Regular expressions do essentially the same thing, but are much, much more - powerful. There are many more "special characters" and ways of - building complex patterns however. Let's look at a few of the common ones, - and then some examples:
. - Matches any single character, e.g. "a", - "A", "4", ":", or "@". - |
? - The preceding character or expression is matched ZERO or ONE - times. Either/or. - |
+ - The preceding character or expression is matched ONE or MORE - times. - |
* - The preceding character or expression is matched ZERO or MORE - times. - |
\ - The "escape" character denotes that - the following character should be taken literally. This is used where one of the - special characters (e.g. ".") needs to be taken literally and - not as a special meta-character. Example: "example\.com", makes - sure the period is recognized only as a period (and not expanded to its - meta-character meaning of any single character). - |
[ ] - Characters enclosed in brackets will be matched if - any of the enclosed characters are encountered. For instance, "[0-9]" - matches any numeric digit (zero through nine). As an example, we can combine - this with "+" to match any digit one of more times: "[0-9]+". - |
( ) - parentheses are used to group a sub-expression, - or multiple sub-expressions. - |
| - The "bar" character works like an - "or" conditional statement. A match is successful if the - sub-expression on either side of "|" matches. As an example: - "/(this|that) example/" uses grouping and the bar character - and would match either "this example" or "that - example", and nothing else. - |
These are just some of the ones you are likely to use when matching URLs with - Privoxy, and is a long way from a definitive - list. This is enough to get us started with a few simple examples which may - be more illuminating:
/.*/banners/.* - A simple example - that uses the common combination of "." and "*" to - denote any character, zero or more times. In other words, any string at all. - So we start with a literal forward slash, then our regular expression pattern - (".*") another literal forward slash, the string - "banners", another forward slash, and lastly another - ".*". We are building - a directory path here. This will match any file with the path that has a - directory named "banners" in it. The ".*" matches - any characters, and this could conceivably be more forward slashes, so it - might expand into a much longer looking path. For example, this could match: - "/eye/hate/spammers/banners/annoy_me_please.gif", or just - "/banners/annoying.html", or almost an infinite number of other - possible combinations, just so it has "banners" in the path - somewhere.
And now something a little more complex:
/.*/adv((er)?ts?|ertis(ing|ements?))?/ - - We have several literal forward slashes again ("/"), so we are - building another expression that is a file path statement. We have another - ".*", so we are matching against any conceivable sub-path, just so - it matches our expression. The only true literal that must - match our pattern is adv, together with - the forward slashes. What comes after the "adv" string is the - interesting part.
Remember the "?" means the preceding expression (either a - literal character or anything grouped with "(...)" in this case) - can exist or not, since this means either zero or one match. So - "((er)?ts?|ertis(ing|ements?))" is optional, as are the - individual sub-expressions: "(er)", - "(ing|ements?)", and the "s". The "|" - means "or". We have two of those. For instance, - "(ing|ements?)", can expand to match either "ing" - OR "ements?". What is being done here, is an - attempt at matching as many variations of "advertisement", and - similar, as possible. So this would expand to match just "adv", - or "advert", or "adverts", or - "advertising", or "advertisement", or - "advertisements". You get the idea. But it would not match - "advertizements" (with a "z"). We could fix that by - changing our regular expression to: - "/.*/adv((er)?ts?|erti(s|z)(ing|ements?))?/", which would then match - either spelling.
/.*/advert[0-9]+\.(gif|jpe?g) - Again - another path statement with forward slashes. Anything in the square brackets - "[ ]" can be matched. This is using "0-9" as a - shorthand expression to mean any digit one through nine. It is the same as - saying "0123456789". So any digit matches. The "+" - means one or more of the preceding expression must be included. The preceding - expression here is what is in the square brackets -- in this case, any digit - one through nine. Then, at the end, we have a grouping: "(gif|jpe?g)". - This includes a "|", so this needs to match the expression on - either side of that bar character also. A simple "gif" on one side, and the other - side will in turn match either "jpeg" or "jpg", - since the "?" means the letter "e" is optional and - can be matched once or not at all. So we are building an expression here to - match image GIF or JPEG type image file. It must include the literal - string "advert", then one or more digits, and a "." - (which is now a literal, and not a special character, since it is escaped - with "\"), and lastly either "gif", or - "jpeg", or "jpg". Some possible matches would - include: "//advert1.jpg", - "/nasty/ads/advert1234.gif", - "/banners/from/hell/advert99.jpg". It would not match - "advert1.gif" (no leading slash), or - "/adverts232.jpg" (the expression does not include an - "s"), or "/advert1.jsp" ("jsp" is not - in the expression anywhere).
We are barely scratching the surface of regular expressions here so that you - can understand the default Privoxy - configuration files, and maybe use this knowledge to customize your own - installation. There is much, much more that can be done with regular - expressions. Now that you know enough to get started, you can learn more on - your own :/
More reading on Perl Compatible Regular expressions: - http://perldoc.perl.org/perlre.html
For information on regular expression based substitutions and their applications - in filters, please see the filter file tutorial - in this manual.
14.2. Privoxy's Internal Pages
Since Privoxy proxies each requested - web page, it is easy for Privoxy to - trap certain special URLs. In this way, we can talk directly to - Privoxy, and see how it is - configured, see how our rules are being applied, change these - rules and other configuration options, and even turn - Privoxy's filtering off, all with - a web browser.
The URLs listed below are the special ones that allow direct access - to Privoxy. Of course, - Privoxy must be running to access these. If - not, you will get a friendly error message. Internet access is not - necessary either.
- Privoxy main page: -
There is a shortcut: http://p.p/ (But it - doesn't provide a fall-back to a real page, in case the request is not - sent through Privoxy) -
- Show information about the current configuration, including viewing and - editing of actions files: -
- Show the source code version numbers: -
- Show the browser's request headers: -
- Show which actions apply to a URL and why: -
- Toggle Privoxy on or off. This feature can be turned off/on in the main - config file. When toggled "off", "Privoxy" - continues to run, but only as a pass-through proxy, with no actions taking - place: -
Short cuts. Turn off, then on: -
These may be bookmarked for quick reference. See next.
14.2.1. Bookmarklets
Below are some "bookmarklets" to allow you to easily access a - "mini" version of some of Privoxy's - special pages. They are designed for MS Internet Explorer, but should work - equally well in Netscape, Mozilla, and other browsers which support - JavaScript. They are designed to run directly from your bookmarks - not by - clicking the links below (although that should work for testing).
To save them, right-click the link and choose "Add to Favorites" - (IE) or "Add Bookmark" (Netscape). You will get a warning that - the bookmark "may not be safe" - just click OK. Then you can run the - Bookmarklet directly from your favorites/bookmarks. For even faster access, - you can put them on the "Links" bar (IE) or the "Personal - Toolbar" (Netscape), and run them with a single click.
Privoxy - Toggle Privoxy (Toggles between enabled and disabled) -
Credit: The site which gave us the general idea for these bookmarklets is - www.bookmarklets.com. They - have more information about bookmarklets.
14.3. Chain of Events
Let's take a quick look at how some of Privoxy's - core features are triggered, and the ensuing sequence of events when a web - page is requested by your browser:
First, your web browser requests a web page. The browser knows to send - the request to Privoxy, which will in turn, - relay the request to the remote web server after passing the following - tests: -
Privoxy traps any request for its own internal CGI - pages (e.g http://p.p/) and sends the CGI page back to the browser. -
Next, Privoxy checks to see if the URL - matches any "+block" patterns. If - so, the URL is then blocked, and the remote web server will not be contacted. - "+handle-as-image" - and - "+handle-as-empty-document" - are then checked, and if there is no match, an - HTML "BLOCKED" page is sent back to the browser. Otherwise, if - it does match, an image is returned for the former, and an empty text - document for the latter. The type of image would depend on the setting of - "+set-image-blocker" - (blank, checkerboard pattern, or an HTTP redirect to an image elsewhere). -
Untrusted URLs are blocked. If URLs are being added to the - trust file, then that is done. -
If the URL pattern matches the "+fast-redirects" action, - it is then processed. Unwanted parts of the requested URL are stripped. -
Now the rest of the client browser's request headers are processed. If any - of these match any of the relevant actions (e.g. "+hide-user-agent", - etc.), headers are suppressed or forged as determined by these actions and - their parameters. -
Now the web server starts sending its response back (i.e. typically a web - page). -
First, the server headers are read and processed to determine, among other - things, the MIME type (document type) and encoding. The headers are then - filtered as determined by the - "+crunch-incoming-cookies", - "+session-cookies-only", - and "+downgrade-http-version" - actions. -
If any "+filter" action - or "+deanimate-gifs" - action applies (and the document type fits the action), the rest of the page is - read into memory (up to a configurable limit). Then the filter rules (from - default.filter and any other filter files) are - processed against the buffered content. Filters are applied in the order - they are specified in one of the filter files. Animated GIFs, if present, - are reduced to either the first or last frame, depending on the action - setting.The entire page, which is now filtered, is then sent by - Privoxy back to your browser. -
If neither a "+filter" action - or "+deanimate-gifs" - matches, then Privoxy passes the raw data through - to the client browser as it becomes available. -
As the browser receives the now (possibly filtered) page content, it - reads and then requests any URLs that may be embedded within the page - source, e.g. ad images, stylesheets, JavaScript, other HTML documents (e.g. - frames), sounds, etc. For each of these objects, the browser issues a - separate request (this is easily viewable in Privoxy's - logs). And each such request is in turn processed just as above. Note that a - complex web page will have many, many such embedded URLs. If these - secondary requests are to a different server, then quite possibly a very - differing set of actions is triggered. -
NOTE: This is somewhat of a simplistic overview of what happens with each URL - request. For the sake of brevity and simplicity, we have focused on - Privoxy's core features only.
14.4. Troubleshooting: Anatomy of an Action
The way Privoxy applies - actions and filters - to any given URL can be complex, and not always so - easy to understand what is happening. And sometimes we need to be able to - see just what Privoxy is - doing. Especially, if something Privoxy is doing - is causing us a problem inadvertently. It can be a little daunting to look at - the actions and filters files themselves, since they tend to be filled with - regular expressions whose consequences are not - always so obvious.
One quick test to see if Privoxy is causing a problem - or not, is to disable it temporarily. This should be the first troubleshooting - step. See the Bookmarklets section on a quick - and easy way to do this (be sure to flush caches afterward!). Looking at the - logs is a good idea too. (Note that both the toggle feature and logging are - enabled via config file settings, and may need to be - turned "on".)
Another easy troubleshooting step to try is if you have done any - customization of your installation, revert back to the installed - defaults and see if that helps. There are times the developers get complaints - about one thing or another, and the problem is more related to a customized - configuration issue.
Privoxy also provides the - http://config.privoxy.org/show-url-info - page that can show us very specifically how actions - are being applied to any given URL. This is a big help for troubleshooting.
First, enter one URL (or partial URL) at the prompt, and then - Privoxy will tell us - how the current configuration will handle it. This will not - help with filtering effects (i.e. the "+filter" action) from - one of the filter files since this is handled very - differently and not so easy to trap! It also will not tell you about any other - URLs that may be embedded within the URL you are testing. For instance, images - such as ads are expressed as URLs within the raw page source of HTML pages. So - you will only get info for the actual URL that is pasted into the prompt area - -- not any sub-URLs. If you want to know about embedded URLs like ads, you - will have to dig those out of the HTML source. Use your browser's "View - Page Source" option for this. Or right click on the ad, and grab the - URL.
Let's try an example, google.com, - and look at it one section at a time in a sample configuration (your real - configuration may vary):
Matches for http://www.google.com: + - In file: default.action [ View ] [ Edit ] + + + + ++ |
+
Remember to flush caches! + Note that the mail.google reference lacks the + TLD portion (e.g. ".com"). This will + effectively match any TLD with google in it, + such as mail.google.de., just as an + example.
+ +If this still does not work, you will have to go through the + remaining actions one by one to find which one(s) is causing the + problem.
+7. The Main Configuration File
Again, the main configuration file is named config on - Linux/Unix/BSD and OS/2, and config.txt on Windows. - Configuration lines consist of an initial keyword followed by a list of - values, all separated by whitespace (any number of spaces or tabs). For - example:
confdir /etc/privoxy
-Assigns the value /etc/privoxy to the option - confdir and thus indicates that the configuration - directory is named "/etc/privoxy/".
All options in the config file except for confdir and - logdir are optional. Watch out in the below description - for what happens if you leave them unset.
The main config file controls all aspects of Privoxy's - operation that are not location dependent (i.e. they apply universally, no matter - where you may be surfing).
7.1. Local Set-up Documentation
If you intend to operate Privoxy for more users - than just yourself, it might be a good idea to let them know how to reach - you, what you block and why you do that, your policies, etc. -
7.1.1. user-manual
- Specifies:
Location of the Privoxy User Manual. -
- Type of value:
A fully qualified URI
- Default value:
Unset
- Effect if unset:
http://www.privoxy.org/version/user-manual/ - will be used, where version is the Privoxy version. -
- Notes:
The User Manual URI is the single best source of information on - Privoxy, and is used for help links from some - of the internal CGI pages. The manual itself is normally packaged with the - binary distributions, so you probably want to set this to a locally - installed copy. -
Examples: -
The best all purpose solution is simply to put the full local - PATH to where the User Manual is - located: -
-user-manual /usr/share/doc/privoxy/user-manual
The User Manual is then available to anyone with access to - Privoxy, by following the built-in URL: - http://config.privoxy.org/user-manual/ - (or the shortcut: http://p.p/user-manual/). -
If the documentation is not on the local system, it can be accessed - from a remote server, as: -
-user-manual http://example.com/privoxy/user-manual/
Warning If set, this option should be the first option in the config - file, because it is used while the config file is being read - on start-up. -
7.1.2. trust-info-url
- Specifies:
A URL to be displayed in the error page that users will see if access to an untrusted page is denied. -
- Type of value:
URL
- Default value:
Unset
- Effect if unset:
No links are displayed on the "untrusted" error page. -
- Notes:
The value of this option only matters if the experimental trust mechanism has been - activated. (See trustfile below.) -
If you use the trust mechanism, it is a good idea to write up some on-line - documentation about your trust policy and to specify the URL(s) here. - Use multiple times for multiple URLs. -
The URL(s) should be added to the trustfile as well, so users don't end up - locked out from the information on why they were locked out in the first place! -
7.1.3. admin-address
- Specifies:
An email address to reach the Privoxy administrator. -
- Type of value:
Email address
- Default value:
Unset
- Effect if unset:
No email address is displayed on error pages and the CGI user interface. -
- Notes:
If both admin-address and proxy-info-url - are unset, the whole "Local Privoxy Support" box on all generated pages will - not be shown. -
7.1.4. proxy-info-url
- Specifies:
A URL to documentation about the local Privoxy setup, - configuration or policies. -
- Type of value:
URL
- Default value:
Unset
- Effect if unset:
No link to local documentation is displayed on error pages and the CGI user interface. -
- Notes:
If both admin-address and proxy-info-url - are unset, the whole "Local Privoxy Support" box on all generated pages will - not be shown. -
This URL shouldn't be blocked ;-) -
7.2. Configuration and Log File Locations
Privoxy can (and normally does) use a number of - other files for additional configuration, help and logging. - This section of the configuration file tells Privoxy - where to find those other files.
The user running Privoxy, must have read - permission for all configuration files, and write permission to any files - that would be modified, such as log files and actions files.
7.2.1. confdir
- Specifies:
The directory where the other configuration files are located.
- Type of value:
Path name
- Default value:
/etc/privoxy (Unix) or Privoxy installation dir (Windows)
- Effect if unset:
Mandatory
- Notes:
No trailing "/", please. -
7.2.2. templdir
- Specifies:
An alternative directory where the templates are loaded from.
- Type of value:
Path name
- Default value:
unset
- Effect if unset:
The templates are assumed to be located in confdir/template.
- Notes:
Privoxy's original templates are usually - overwritten with each update. Use this option to relocate customized - templates that should be kept. As template variables might change - between updates, you shouldn't expect templates to work with - Privoxy releases other than the one - they were part of, though. -
7.2.3. logdir
- Specifies:
The directory where all logging takes place - (i.e. where the logfile is located). -
- Type of value:
Path name
- Default value:
/var/log/privoxy (Unix) or Privoxy installation dir (Windows)
- Effect if unset:
Mandatory
- Notes:
No trailing "/", please. -
7.2.4. actionsfile
- Specifies:
The actions file(s) to use -
- Type of value:
Complete file name, relative to confdir
- Default values:
match-all.action # Actions that are applied to all sites and maybe overruled later on.
-default.action # Main actions file
-user.action # User customizations
-- Effect if unset:
No actions are taken at all. More or less neutral proxying. -
- Notes:
Multiple actionsfile lines are permitted, and are in fact recommended! -
- The default values are default.action, which is the - "main" actions file maintained by the developers, and - user.action, where you can make your personal additions. -
- Actions files contain all the per site and per URL configuration for - ad blocking, cookie management, privacy considerations, etc. - There is no point in using Privoxy without at - least one actions file. -
Note that since Privoxy 3.0.7, the complete filename, including the ".action" - extension has to be specified. The syntax change was necessary to be consistent - with the other file options and to allow previously forbidden characters. -
7.2.5. filterfile
- Specifies:
The filter file(s) to use -
- Type of value:
File name, relative to confdir
- Default value:
default.filter (Unix) or default.filter.txt (Windows)
- Effect if unset:
No textual content filtering takes place, i.e. all - +filter{name} - actions in the actions files are turned neutral. -
- Notes:
Multiple filterfile lines are permitted. -
The filter files contain content modification - rules that use regular expressions. These rules permit - powerful changes on the content of Web pages, and optionally the headers - as well, e.g., you could try to disable your favorite JavaScript annoyances, - re-write the actual displayed text, or just have some fun - playing buzzword bingo with web pages. -
The - +filter{name} - actions rely on the relevant filter (name) - to be defined in a filter file! -
A pre-defined filter file called default.filter that contains - a number of useful filters for common problems is included in the distribution. - See the section on the filter - action for a list. -
It is recommended to place any locally adapted filters into a separate - file, such as user.filter. -
7.2.6. logfile
- Specifies:
The log file to use -
- Type of value:
File name, relative to logdir
- Default value:
Unset (commented out). When activated: logfile (Unix) or privoxy.log (Windows).
- Effect if unset:
No logfile is written. -
- Notes:
The logfile is where all logging and error messages are written. The level - of detail and number of messages are set with the debug - option (see below). The logfile can be useful for tracking down a problem with - Privoxy (e.g., it's not blocking an ad you - think it should block) and it can help you to monitor what your browser - is doing. -
Depending on the debug options below, the logfile may be a privacy risk - if third parties can get access to it. As most users will never look - at it, Privoxy 3.0.7 and later only log fatal - errors by default. -
For most troubleshooting purposes, you will have to change that, - please refer to the debugging section for details. -
Your logfile will grow indefinitely, and you will probably want to - periodically remove it. On Unix systems, you can do this with a cron job - (see "man cron"). For Red Hat based Linux distributions, a - logrotate script has been included. -
Any log files must be writable by whatever user Privoxy - is being run as (on Unix, default user id is "privoxy"). -
7.2.7. trustfile
- Specifies:
The name of the trust file to use -
- Type of value:
File name, relative to confdir
- Default value:
Unset (commented out). When activated: trust (Unix) or trust.txt (Windows)
- Effect if unset:
The entire trust mechanism is disabled. -
- Notes:
The trust mechanism is an experimental feature for building white-lists and should - be used with care. It is NOT recommended for the casual user. -
If you specify a trust file, Privoxy will only allow - access to sites that are specified in the trustfile. Sites can be listed - in one of two ways: -
Prepending a ~ character limits access to this site - only (and any sub-paths within this site), e.g. - ~www.example.com allows access to - ~www.example.com/features/news.html, etc. -
Or, you can designate sites as trusted referrers, by - prepending the name with a + character. The effect is that - access to untrusted sites will be granted -- but only if a link from this - trusted referrer was used to get there. The link target will then be added - to the "trustfile" so that future, direct accesses will be - granted. Sites added via this mechanism do not become trusted referrers - themselves (i.e. they are added with a ~ designation). - There is a limit of 512 such entries, after which new entries will not be - made. -
If you use the + operator in the trust file, it may grow - considerably over time. -
It is recommended that Privoxy be compiled with - the --disable-force, --disable-toggle and - --disable-editor options, if this feature is to be - used. -
Possible applications include limiting Internet access for children. -
7.3. Debugging
These options are mainly useful when tracing a problem. - Note that you might also want to invoke - Privoxy with the --no-daemon - command line option when debugging. -
7.3.1. debug
- Specifies:
Key values that determine what information gets logged. -
- Type of value:
Integer values
- Default value:
0 (i.e.: only fatal errors (that cause Privoxy to exit) are logged)
- Effect if unset:
Default value is used (see above). -
- Notes:
The available debug levels are: -
+ + + +debug 1 # Log the destination for each request Privoxy let through. See also debug 1024. + + + + + + +
+The Main Configuration File + + + + + + + + + + + + + +++ +7. The Main Configuration + File
+ +By default, the main configuration file is named config, with the exception of Windows, where it is named + config.txt. Configuration lines consist of an + initial keyword followed by a list of values, all separated by whitespace + (any number of spaces or tabs). For example:
+ +confdir /etc/privoxy
+ +Assigns the value /etc/privoxy to the option + confdir and thus indicates that the + configuration directory is named "/etc/privoxy/".
+ +All options in the config file except for confdir and logdir are optional. + Watch out in the below description for what happens if you leave them + unset.
+ +The main config file controls all aspects of Privoxy's operation that are not location dependent + (i.e. they apply universally, no matter where you may be surfing). Like + the filter and action files, the config file is a plain text file and can + be modified with a text editor like emacs, vim or notepad.exe.
+ +++ +7.1. Local + Set-up Documentation
+ +If you intend to operate Privoxy + for more users than just yourself, it might be a good idea to let them + know how to reach you, what you block and why you do that, your + policies, etc.
+ +++ +7.1.1. + user-manual
+ +++-
+
- Specifies: + +
-
+
Location of the Privoxy + User Manual.
+
+
+ - Type of value: + +
-
+
A fully qualified URI
+
+
+ - Default value: + +
-
+
Unset
+
+
+ - Effect if unset: + +
-
+
http://www.privoxy.org/version/user-manual/ will be used, + where version is the + Privoxy version.
+
+
+ - Notes: + +
-
+
The User Manual URI is the single best source of information + on Privoxy, and is used for + help links from some of the internal CGI pages. The manual + itself is normally packaged with the binary distributions, so + you probably want to set this to a locally installed copy.
+ +Examples:
+ +The best all purpose solution is simply to put the full + local PATH to where the User Manual is located:
+ ++
+ ++ ++ ++ user-manual /usr/share/doc/privoxy/user-manual +
+The User Manual is then available to anyone with access to + Privoxy, by following the + built-in URL: http://config.privoxy.org/user-manual/ (or the + shortcut: http://p.p/user-manual/).
+ +If the documentation is not on the local system, it can be + accessed from a remote server, as:
+ ++
+ ++ ++ ++ user-manual http://example.com/privoxy/user-manual/ +
++++
++ + +Warning ++ ++ +If set, this option should be the first option in the config + file, because it is used while the config file + is being read on start-up.
+
+
++ +7.1.2. + trust-info-url
+ +++-
+
- Specifies: + +
-
+
A URL to be displayed in the error page that users will see + if access to an untrusted page is denied.
+
+
+ - Type of value: + +
-
+
URL
+
+
+ - Default value: + +
-
+
Unset
+
+
+ - Effect if unset: + +
-
+
No links are displayed on the "untrusted" error page.
+
+
+ - Notes: + +
-
+
The value of this option only matters if the experimental + trust mechanism has been activated. (See trustfile below.)
+ +If you use the trust mechanism, it is a good idea to write + up some on-line documentation about your trust policy and to + specify the URL(s) here. Use multiple times for multiple + URLs.
+ +The URL(s) should be added to the trustfile as well, so + users don't end up locked out from the information on why they + were locked out in the first place!
+
+
++ +7.1.3. + admin-address
+ +++-
+
- Specifies: + +
-
+
An email address to reach the Privoxy administrator.
+
+
+ - Type of value: + +
-
+
Email address
+
+
+ - Default value: + +
-
+
Unset
+
+
+ - Effect if unset: + +
-
+
No email address is displayed on error pages and the CGI + user interface.
+
+
+ - Notes: + +
-
+
If both admin-address and + proxy-info-url are unset, the whole + "Local Privoxy Support" box on all generated pages will not be + shown.
+
+
++7.1.4. + proxy-info-url
+ +++-
+
- Specifies: + +
-
+
A URL to documentation about the local Privoxy setup, configuration or + policies.
+
+
+ - Type of value: + +
-
+
URL
+
+
+ - Default value: + +
-
+
Unset
+
+
+ - Effect if unset: + +
-
+
No link to local documentation is displayed on error pages + and the CGI user interface.
+
+
+ - Notes: + +
-
+
If both admin-address and + proxy-info-url are unset, the whole + "Local Privoxy Support" box on all generated pages will not be + shown.
+ +This URL shouldn't be blocked ;-)
+
+
++ +7.2. + Configuration and Log File Locations
+ +Privoxy can (and normally does) use + a number of other files for additional configuration, help and logging. + This section of the configuration file tells Privoxy where to find those other files.
+ +The user running Privoxy, must have + read permission for all configuration files, and write permission to + any files that would be modified, such as log files and actions + files.
+ +++ +7.2.1. + confdir
+ +++-
+
- Specifies: + +
-
+
The directory where the other configuration files are + located.
+
+
+ - Type of value: + +
-
+
Path name
+
+
+ - Default value: + +
-
+
/etc/privoxy (Unix) or Privoxy installation dir (Windows)
+
+
+ - Effect if unset: + +
-
+
Mandatory
+
+
+ - Notes: + +
-
+
No trailing "/", please.
+
+
++ +7.2.2. + templdir
+ +++-
+
- Specifies: + +
-
+
An alternative directory where the templates are loaded + from.
+
+
+ - Type of value: + +
-
+
Path name
+
+
+ - Default value: + +
-
+
unset
+
+
+ - Effect if unset: + +
-
+
The templates are assumed to be located in + confdir/template.
+
+
+ - Notes: + +
-
+
Privoxy's original + templates are usually overwritten with each update. Use this + option to relocate customized templates that should be kept. As + template variables might change between updates, you shouldn't + expect templates to work with Privoxy releases other than the one they + were part of, though.
+
+
++ +7.2.3. logdir
+ +++-
+
- Specifies: + +
-
+
The directory where all logging takes place (i.e. where the + logfile is located).
+
+
+ - Type of value: + +
-
+
Path name
+
+
+ - Default value: + +
-
+
/var/log/privoxy (Unix) or Privoxy installation dir (Windows)
+
+
+ - Effect if unset: + +
-
+
Mandatory
+
+
+ - Notes: + +
-
+
No trailing "/", please.
+
+
++ +7.2.4. + actionsfile
+ +++-
+
- Specifies: + +
-
+
The actions file(s) to + use
+
+
+ - Type of value: + +
-
+
Complete file name, relative to confdir
+
+
+ - Default values: + +
-
+
+ +
++ + ++ ++ match-all.action # Actions that are applied to all sites and maybe overruled later on.
++ + ++ ++ default.action # Main actions file
++ + ++ ++ user.action # User customizations
+
+
+ - Effect if unset: + +
-
+
No actions are taken at all. More or less neutral + proxying.
+
+
+ - Notes: + +
-
+
Multiple actionsfile lines are + permitted, and are in fact recommended!
+ +The default values are default.action, which is the "main" actions file maintained by the + developers, and user.action, where + you can make your personal additions.
+ +Actions files contain all the per site and per URL + configuration for ad blocking, cookie management, privacy + considerations, etc. There is no point in using Privoxy without at least one actions + file.
+ +Note that since Privoxy 3.0.7, the complete filename, + including the ".action" extension + has to be specified. The syntax change was necessary to be + consistent with the other file options and to allow previously + forbidden characters.
+
+
++ +7.2.5. + filterfile
+ +++-
+
- Specifies: + +
-
+
The filter file(s) to use
+
+
+ - Type of value: + +
-
+
File name, relative to confdir
+
+
+ - Default value: + +
-
+
default.filter (Unix) or default.filter.txt + (Windows)
+
+
+ - Effect if unset: + +
-
+
No textual content filtering takes place, i.e. all + +filter{name} actions in the actions files + are turned neutral.
+
+
+ - Notes: + +
-
+
Multiple filterfile lines are + permitted.
+ +The filter files contain + content modification rules that use regular expressions. These rules + permit powerful changes on the content of Web pages, and + optionally the headers as well, e.g., you could try to disable + your favorite JavaScript annoyances, re-write the actual + displayed text, or just have some fun playing buzzword bingo + with web pages.
+ +The +filter{name} actions rely on the relevant + filter (name) to be defined in + a filter file!
+ +A pre-defined filter file called default.filter that contains a number of useful + filters for common problems is included in the distribution. + See the section on the filter action for a + list.
+ +It is recommended to place any locally adapted filters into + a separate file, such as user.filter.
+
+
++ +7.2.6. + logfile
+ +++-
+
- Specifies: + +
-
+
The log file to use
+
+
+ - Type of value: + +
-
+
File name, relative to logdir
+
+
+ - Default value: + +
-
+
Unset (commented + out). When activated: logfile (Unix) or privoxy.log (Windows).
+
+
+ - Effect if unset: + +
-
+
No logfile is written.
+
+
+ - Notes: + +
-
+
The logfile is where all logging and error messages are + written. The level of detail and number of messages are set + with the debug option (see below). The + logfile can be useful for tracking down a problem with + Privoxy (e.g., it's not + blocking an ad you think it should block) and it can help you + to monitor what your browser is doing.
+ +Depending on the debug options below, the logfile may be a + privacy risk if third parties can get access to it. As most + users will never look at it, Privoxy 3.0.7 and later only log fatal + errors by default.
+ +For most troubleshooting purposes, you will have to change + that, please refer to the debugging section for details.
+ +Your logfile will grow indefinitely, and you will probably + want to periodically remove it. On Unix systems, you can do + this with a cron job (see "man + cron"). For Red Hat based Linux distributions, a + logrotate script has been included.
+ +Any log files must be writable by whatever user Privoxy is being run as (on Unix, default + user id is "privoxy").
+
+
++7.2.7. + trustfile
+ +++-
+
- Specifies: + +
-
+
The name of the trust file to use
+
+
+ - Type of value: + +
-
+
File name, relative to confdir
+
+
+ - Default value: + +
-
+
Unset (commented + out). When activated: trust (Unix) or trust.txt (Windows)
+
+
+ - Effect if unset: + +
-
+
The entire trust mechanism is disabled.
+
+
+ - Notes: + +
-
+
The trust mechanism is an experimental feature for building + white-lists and should be used with care. It is NOT recommended for the casual + user.
+ +If you specify a trust file, Privoxy will only allow access to sites + that are specified in the trustfile. Sites can be listed in one + of two ways:
+ +Prepending a ~ character limits + access to this site only (and any sub-paths within this site), + e.g. ~www.example.com allows access to + ~www.example.com/features/news.html, + etc.
+ +Or, you can designate sites as trusted referrers, by prepending + the name with a + character. The + effect is that access to untrusted sites will be granted -- but + only if a link from this trusted referrer was used to get + there. The link target will then be added to the "trustfile" so that future, direct accesses will + be granted. Sites added via this mechanism do not become + trusted referrers themselves (i.e. they are added with a + ~ designation). There is a limit of + 512 such entries, after which new entries will not be made.
+ +If you use the + operator in the + trust file, it may grow considerably over time.
+ +It is recommended that Privoxy be compiled with the --disable-force, --disable-toggle and --disable-editor options, if this feature is to + be used.
+ +Possible applications include limiting Internet access for + children.
+
+
+7.3. + Debugging
+ +These options are mainly useful when tracing a problem. Note that + you might also want to invoke Privoxy + with the --no-daemon command line option when + debugging.
+ ++7.3.1. debug
+ ++-
+
- Specifies: + +
-
+
Key values that determine what information gets logged.
+
+
+ - Type of value: + +
-
+
Integer values
+
+
+ - Default value: + +
-
+
0 (i.e.: only fatal errors (that cause Privoxy to exit) are + logged)
+
+
+ - Effect if unset: + +
-
+
Default value is used (see above).
+
+
+ - Notes: + +
-
+
The available debug levels are:
+ ++
-+ + + debug 1 # Log the destination for each request Privoxy let through. See also debug 1024. debug 2 # show each connection status debug 4 # show I/O status debug 8 # show header parsing - debug 16 # log all data written to the network into the logfile + debug 16 # log all data written to the network debug 32 # debug force feature debug 64 # debug regular expression filters debug 128 # debug redirects debug 256 # debug GIF de-animation debug 512 # Common Log Format - debug 1024 # Log the destination for requests Privoxy didn't let through, and the reason why. + debug 1024 # Log the destination for requests Privoxy didn't let through, and the reason why. debug 2048 # CGI user interface debug 4096 # Startup banner and warnings. - debug 8192 # Non-fatal errors
To select multiple debug levels, you can either add them or use - multiple debug lines. -
A debug level of 1 is informative because it will show you each request - as it happens. 1, 4096 and 8192 are recommended - so that you will notice when things go wrong. The other levels are - probably only of interest if you are hunting down a specific problem. - They can produce a hell of an output (especially 16). - -
Privoxy used to ship with the debug levels recommended above enabled by - default, but due to privacy concerns 3.0.7 and later are configured to - only log fatal errors. -
If you are used to the more verbose settings, simply enable the debug lines - below again. -
If you want to use pure CLF (Common Log Format), you should set "debug - 512" ONLY and not enable anything else. -
Privoxy has a hard-coded limit for the - length of log messages. If it's reached, messages are logged truncated - and marked with "... [too long, truncated]". -
Please don't file any support requests without trying to reproduce - the problem with increased debug level first. Once you read the log - messages, you may even be able to solve the problem on your own. -
7.3.2. single-threaded
- Specifies:
Whether to run only one server thread. -
- Type of value:
None
- Default value:
Unset
- Effect if unset:
Multi-threaded (or, where unavailable: forked) operation, i.e. the ability to - serve multiple requests simultaneously. -
- Notes:
This option is only there for debugging purposes. - It will drastically reduce performance. -
7.3.3. hostname
- Specifies:
The hostname shown on the CGI pages. -
- Type of value:
Text
- Default value:
Unset
- Effect if unset:
The hostname provided by the operating system is used. -
- Notes:
On some misconfigured systems resolving the hostname fails or - takes too much time and slows Privoxy down. Setting a fixed hostname - works around the problem. -
In other circumstances it might be desirable to show a hostname - other than the one returned by the operating system. For example - if the system has several different hostnames and you don't want - to use the first one. -
Note that Privoxy does not validate the specified hostname value. -
7.4. Access Control and Security
This section of the config file controls the security-relevant aspects - of Privoxy's configuration. -
7.4.1. listen-address
- Specifies:
The IP address and TCP port on which Privoxy will - listen for client requests. -
- Type of value:
[IP-Address]:Port
- Default value:
127.0.0.1:8118
- Effect if unset:
Bind to 127.0.0.1 (localhost), port 8118. This is suitable and recommended for - home users who run Privoxy on the same machine as - their browser. -
- Notes:
You will need to configure your browser(s) to this proxy address and port. -
If you already have another service running on port 8118, or if you want to - serve requests from other machines (e.g. on your local network) as well, you - will need to override the default. -
If you leave out the IP address, Privoxy will - bind to all interfaces (addresses) on your machine and may become reachable - from the Internet. In that case, consider using access control lists (ACL's, see below), and/or - a firewall. -
If you open Privoxy to untrusted users, you will - also want to make sure that the following actions are disabled: enable-edit-actions and - enable-remote-toggle -
- Example:
Suppose you are running Privoxy on - a machine which has the address 192.168.0.1 on your local private network - (192.168.0.0) and has another outside connection with a different address. - You want it to serve requests from inside only: -
-listen-address 192.168.0.1:8118
7.4.2. toggle
- Specifies:
Initial state of "toggle" status -
- Type of value:
1 or 0
- Default value:
1
- Effect if unset:
Act as if toggled on -
- Notes:
If set to 0, Privoxy will start in - "toggled off" mode, i.e. mostly behave like a normal, - content-neutral proxy with both ad blocking and content filtering - disabled. See enable-remote-toggle below. -
The windows version will only display the toggle icon in the system tray - if this option is present. -
7.4.3. enable-remote-toggle
- Specifies:
Whether or not the web-based toggle - feature may be used -
- Type of value:
0 or 1
- Default value:
0
- Effect if unset:
The web-based toggle feature is disabled. -
- Notes:
When toggled off, Privoxy mostly acts like a normal, - content-neutral proxy, i.e. doesn't block ads or filter content. -
Access to the toggle feature can not be - controlled separately by "ACLs" or HTTP authentication, - so that everybody who can access Privoxy (see - "ACLs" and listen-address above) can - toggle it for all users. So this option is not recommended - for multi-user environments with untrusted users. -
Note that malicious client side code (e.g Java) is also - capable of using this option. -
As a lot of Privoxy users don't read - documentation, this feature is disabled by default. -
Note that you must have compiled Privoxy with - support for this feature, otherwise this option has no effect. -
7.4.4. enable-remote-http-toggle
- Specifies:
Whether or not Privoxy recognizes special HTTP headers to change its behaviour. -
- Type of value:
0 or 1
- Default value:
0
- Effect if unset:
Privoxy ignores special HTTP headers. -
- Notes:
When toggled on, the client can change Privoxy's - behaviour by setting special HTTP headers. Currently the only supported - special header is "X-Filter: No", to disable filtering for - the ongoing request, even if it is enabled in one of the action files. -
This feature is disabled by default. If you are using - Privoxy in a environment with trusted clients, - you may enable this feature at your discretion. Note that malicious client - side code (e.g Java) is also capable of using this feature. -
This option will be removed in future releases as it has been obsoleted - by the more general header taggers. -
7.4.5. enable-edit-actions
- Specifies:
Whether or not the web-based actions - file editor may be used -
- Type of value:
0 or 1
- Default value:
0
- Effect if unset:
The web-based actions file editor is disabled. -
- Notes:
Access to the editor can not be - controlled separately by "ACLs" or HTTP authentication, - so that everybody who can access Privoxy (see - "ACLs" and listen-address above) can - modify its configuration for all users. -
This option is not recommended for environments - with untrusted users and as a lot of Privoxy - users don't read documentation, this feature is disabled by default. -
Note that malicious client side code (e.g Java) is also - capable of using the actions editor and you shouldn't enable - this options unless you understand the consequences and are - sure your browser is configured correctly. -
Note that you must have compiled Privoxy with - support for this feature, otherwise this option has no effect. -
7.4.6. enforce-blocks
- Specifies:
Whether the user is allowed to ignore blocks and can "go there anyway". -
- Type of value:
0 or 1 -
- Default value:
0
- Effect if unset:
Blocks are not enforced. -
- Notes:
Privoxy is mainly used to block and filter - requests as a service to the user, for example to block ads and other - junk that clogs the pipes. Privoxy's configuration - isn't perfect and sometimes innocent pages are blocked. In this situation it - makes sense to allow the user to enforce the request and have - Privoxy ignore the block. -
In the default configuration Privoxy's - "Blocked" page contains a "go there anyway" - link to adds a special string (the force prefix) to the request URL. - If that link is used, Privoxy will - detect the force prefix, remove it again and let the request pass. -
Of course Privoxy can also be used to enforce - a network policy. In that case the user obviously should not be able to - bypass any blocks, and that's what the "enforce-blocks" - option is for. If it's enabled, Privoxy hides - the "go there anyway" link. If the user adds the force - prefix by hand, it will not be accepted and the circumvention attempt - is logged. -
- Examples:
enforce-blocks 1 -
7.4.7. ACLs: permit-access and deny-access
- Specifies:
Who can access what. -
- Type of value:
src_addr[/src_masklen] - [dst_addr[/dst_masklen]] -
Where src_addr and - dst_addr are IP addresses in dotted decimal notation or valid - DNS names, and src_masklen and - dst_masklen are subnet masks in CIDR notation, i.e. integer - values from 2 to 30 representing the length (in bits) of the network address. The masks and the whole - destination part are optional. -
- Default value:
Unset
- Effect if unset:
Don't restrict access further than implied by listen-address -
- Notes:
Access controls are included at the request of ISPs and systems - administrators, and are not usually needed by individual users. - For a typical home user, it will normally suffice to ensure that - Privoxy only listens on the localhost - (127.0.0.1) or internal (home) network address by means of the - listen-address - option. -
Please see the warnings in the FAQ that Privoxy - is not intended to be a substitute for a firewall or to encourage anyone - to defer addressing basic security weaknesses. -
Multiple ACL lines are OK. - If any ACLs are specified, Privoxy only talks - to IP addresses that match at least one permit-access line - and don't match any subsequent deny-access line. In other words, the - last match wins, with the default being deny-access. -
If Privoxy is using a forwarder (see forward below) - for a particular destination URL, the dst_addr - that is examined is the address of the forwarder and NOT the address - of the ultimate target. This is necessary because it may be impossible for the local - Privoxy to determine the IP address of the - ultimate target (that's often what gateways are used for). -
You should prefer using IP addresses over DNS names, because the address lookups take - time. All DNS names must resolve! You can not use domain patterns - like "*.org" or partial domain names. If a DNS name resolves to multiple - IP addresses, only the first one is used. -
Denying access to particular sites by ACL may have undesired side effects - if the site in question is hosted on a machine which also hosts other sites - (most sites are). -
- Examples:
Explicitly define the default behavior if no ACL and - listen-address are set: "localhost" - is OK. The absence of a dst_addr implies that - all destination addresses are OK: -
-permit-access localhost
Allow any host on the same class C subnet as www.privoxy.org access to - nothing but www.example.com (or other domains hosted on the same system): -
-permit-access www.privoxy.org/24 www.example.com/32
Allow access from any host on the 26-bit subnet 192.168.45.64 to anywhere, - with the exception that 192.168.45.73 may not access the IP address behind - www.dirty-stuff.example.com: -
-permit-access 192.168.45.64/26 - deny-access 192.168.45.73 www.dirty-stuff.example.com
7.4.8. buffer-limit
- Specifies:
Maximum size of the buffer for content filtering. -
- Type of value:
Size in Kbytes
- Default value:
4096
- Effect if unset:
Use a 4MB (4096 KB) limit. -
- Notes:
For content filtering, i.e. the +filter and - +deanimate-gif actions, it is necessary that - Privoxy buffers the entire document body. - This can be potentially dangerous, since a server could just keep sending - data indefinitely and wait for your RAM to exhaust -- with nasty consequences. - Hence this option. -
When a document buffer size reaches the buffer-limit, it is - flushed to the client unfiltered and no further attempt to - filter the rest of the document is made. Remember that there may be multiple threads - running, which might require up to buffer-limit Kbytes - each, unless you have enabled "single-threaded" - above. -
+ +7.5. Forwarding
This feature allows routing of HTTP requests through a chain of - multiple proxies.
Forwarding can be used to chain Privoxy with a caching proxy to speed - up browsing. Using a parent proxy may also be necessary if the machine - that Privoxy runs on has no direct Internet access.
Note that parent proxies can severely decrease your privacy level. - For example a parent proxy could add your IP address to the request - headers and if it's a caching proxy it may add the "Etag" - header to revalidation requests again, even though you configured Privoxy - to remove it. It may also ignore Privoxy's header time randomization and use the - original values which could be used by the server as cookie replacement - to track your steps between visits.
Also specified here are SOCKS proxies. Privoxy - supports the SOCKS 4 and SOCKS 4A protocols.
7.5.1. forward
- Specifies:
To which parent HTTP proxy specific requests should be routed. -
- Type of value:
target_pattern - http_parent[:port] -
where target_pattern is a URL pattern - that specifies to which requests (i.e. URLs) this forward rule shall apply. Use / to - denote "all URLs". - http_parent[:port] - is the DNS name or IP address of the parent HTTP proxy through which the requests should be forwarded, - optionally followed by its listening port (default: 8080). - Use a single dot (.) to denote "no forwarding". -
- Default value:
Unset
- Effect if unset:
Don't use parent HTTP proxies. -
- Notes:
If http_parent is ".", then requests are not - forwarded to another HTTP proxy but are made directly to the web servers. -
Multiple lines are OK, they are checked in sequence, and the last match wins. -
- Examples:
Everything goes to an example parent proxy, except SSL on port 443 (which it doesn't handle): -
-forward / parent-proxy.example.org:8080 - forward :443 .
Everything goes to our example ISP's caching proxy, except for requests - to that ISP's sites: -
-forward / caching-proxy.isp.example.net:8000 - forward .isp.example.net .
7.5.2. forward-socks4, forward-socks4a and forward-socks5
- Specifies:
Through which SOCKS proxy (and optionally to which parent HTTP proxy) specific requests should be routed. -
- Type of value:
target_pattern - socks_proxy[:port] - http_parent[:port] -
where target_pattern is a - URL pattern that specifies to which - requests (i.e. URLs) this forward rule shall apply. Use / to - denote "all URLs". http_parent - and socks_proxy - are IP addresses in dotted decimal notation or valid DNS names - (http_parent - may be "." to denote "no HTTP forwarding"), and the optional - port parameters are TCP ports, - i.e. integer values from 1 to 65535 -
- Default value:
Unset
- Effect if unset:
Don't use SOCKS proxies. -
- Notes:
Multiple lines are OK, they are checked in sequence, and the last match wins. -
The difference between forward-socks4 and forward-socks4a - is that in the SOCKS 4A protocol, the DNS resolution of the target hostname happens on the SOCKS - server, while in SOCKS 4 it happens locally. -
With forward-socks5 the DNS resolution will happen on the remote server as well. -
If http_parent is ".", then requests are not - forwarded to another HTTP proxy but are made (HTTP-wise) directly to the web servers, albeit through - a SOCKS proxy. -
- Examples:
From the company example.com, direct connections are made to all - "internal" domains, but everything outbound goes through - their ISP's proxy by way of example.com's corporate SOCKS 4A gateway to - the Internet. -
-forward-socks4a / socks-gw.example.com:1080 www-cache.isp.example.net:8080 - forward .example.com .
A rule that uses a SOCKS 4 gateway for all destinations but no HTTP parent looks like this: -
-forward-socks4 / socks-gw.example.com:1080 .
To chain Privoxy and Tor, both running on the same system, you would use - something like: -
-forward-socks4a / 127.0.0.1:9050 .
The public Tor network can't be used to - reach your local network, if you need to access local servers you - therefore might want to make some exceptions: -
-forward 192.168.*.*/ . - forward 10.*.*.*/ . - forward 127.*.*.*/ .
Unencrypted connections to systems in these address ranges will - be as (un)secure as the local network is, but the alternative is that you - can't reach the local network through Privoxy - at all. Of course this may actually be desired and there is no reason - to make these exceptions if you aren't sure you need them. -
If you also want to be able to reach servers in your local network by - using their names, you will need additional exceptions that look like - this: -
-forward localhost/ .
+7.5.3. Advanced Forwarding Examples
If you have links to multiple ISPs that provide various special content - only to their subscribers, you can configure multiple Privoxies - which have connections to the respective ISPs to act as forwarders to each other, so that - your users can see the internal content of all ISPs.
Assume that host-a has a PPP connection to isp-a.example.net. And host-b has a PPP connection to - isp-b.example.org. Both run Privoxy. Their forwarding - configuration can look like this:
host-a:
forward / . - forward .isp-b.example.net host-b:8118
host-b:
forward / . - forward .isp-a.example.org host-a:8118
Now, your users can set their browser's proxy to use either - host-a or host-b and be able to browse the internal content - of both isp-a and isp-b.
If you intend to chain Privoxy and - squid locally, then chaining as - browser -> squid -> privoxy is the recommended way.
Assuming that Privoxy and squid - run on the same box, your squid configuration could then look like this:
- # Define ACL for protocol FTP - acl ftp proto FTP + + +# Define Privoxy as parent proxy (without ICP) - cache_peer 127.0.0.1 parent 8118 7 no-query + debug 8192 # Non-fatal errors + debug 32768 # log all data read from the network +
+To select multiple debug levels, you can either add them or + use multiple debug lines.
+ +A debug level of 1 is informative because it will show you + each request as it happens. 1, 1024, 4096 and 8192 are + recommended so that you will notice when things go + wrong. The other levels are probably only of interest if you + are hunting down a specific problem. They can produce a hell of + an output (especially 16).
+ +Privoxy used to ship with + the debug levels recommended above enabled by default, but due + to privacy concerns 3.0.7 and later are configured to only log + fatal errors.
+ +If you are used to the more verbose settings, simply enable + the debug lines below again.
+ +If you want to use pure CLF (Common Log Format), you should + set "debug 512" ONLY and not enable anything + else.
+ +Privoxy has a hard-coded + limit for the length of log messages. If it's reached, messages + are logged truncated and marked with "... + [too long, truncated]".
+ +Please don't file any support requests without trying to + reproduce the problem with increased debug level first. Once + you read the log messages, you may even be able to solve the + problem on your own.
+ + +++ +7.3.2. single-threaded
+ +++-
+
- Specifies: + +
-
+
Whether to run only one server thread.
+
+
+ - Type of value: + +
-
+
None
+
+
+ - Default value: + +
-
+
Unset
+
+
+ - Effect if unset: + +
-
+
Multi-threaded (or, where unavailable: forked) operation, + i.e. the ability to serve multiple requests simultaneously.
+
+
+ - Notes: + +
-
+
This option is only there for debugging purposes. + It will drastically reduce + performance.
+
+
++7.3.3. + hostname
+ +++-
+
- Specifies: + +
-
+
The hostname shown on the CGI pages.
+
+
+ - Type of value: + +
-
+
Text
+
+
+ - Default value: + +
-
+
Unset
+
+
+ - Effect if unset: + +
-
+
The hostname provided by the operating system is used.
+
+
+ - Notes: + +
-
+
On some misconfigured systems resolving the hostname fails + or takes too much time and slows Privoxy down. Setting a fixed + hostname works around the problem.
+ +In other circumstances it might be desirable to show a + hostname other than the one returned by the operating system. + For example if the system has several different hostnames and + you don't want to use the first one.
+ +Note that Privoxy does not validate the specified hostname + value.
+
+
++ +7.4. + Access Control and Security
+ +This section of the config file controls the security-relevant + aspects of Privoxy's + configuration.
+ +++ +7.4.1. + listen-address
+ +++-
+
- Specifies: + +
-
+
The address and TCP port on which Privoxy will listen for client + requests.
+
+
+ - Type of value: + +
-
+
[IP-Address]:Port
+ +[Hostname]:Port
+
+
+ - Default value: + +
-
+
127.0.0.1:8118
+
+
+ - Effect if unset: + +
-
+
Bind to 127.0.0.1 (IPv4 localhost), port 8118. This is + suitable and recommended for home users who run Privoxy on the same machine as their + browser.
+
+
+ - Notes: + +
-
+
You will need to configure your browser(s) to this proxy + address and port.
+ +If you already have another service running on port 8118, or + if you want to serve requests from other machines (e.g. on your + local network) as well, you will need to override the + default.
+ +You can use this statement multiple times to make + Privoxy listen on more ports + or more IP addresses. Suitable if + your operating system does not support sharing IPv6 and IPv4 + protocols on the same socket.
+ +If a hostname is used instead of an IP address, Privoxy will try to resolve it to an IP + address and if there are multiple, use the first one + returned.
+ +If the address for the hostname isn't already known on the + system (for example because it's in /etc/hostname), this may + result in DNS traffic.
+ +If the specified address isn't available on the system, or + if the hostname can't be resolved, Privoxy will fail to start.
+ +IPv6 addresses containing colons have to be quoted by + brackets. They can only be used if Privoxy has been compiled with IPv6 + support. If you aren't sure if your version supports it, have a + look at http://config.privoxy.org/show-status.
+ +Some operating systems will prefer IPv6 to IPv4 addresses + even if the system has no IPv6 connectivity which is usually + not expected by the user. Some even rely on DNS to resolve + localhost which mean the "localhost" address used may not + actually be local.
+ +It is therefore recommended to explicitly configure the + intended IP address instead of relying on the operating system, + unless there's a strong reason not to.
+ +If you leave out the address, Privoxy will bind to all IPv4 interfaces + (addresses) on your machine and may become reachable from the + Internet and/or the local network. Be aware that some GNU/Linux + distributions modify that behaviour without updating the + documentation. Check for non-standard patches if your + Privoxyversion behaves + differently.
+ +If you configure Privoxyto + be reachable from the network, consider using access control lists (ACL's, see below), + and/or a firewall.
+ +If you open Privoxy to + untrusted users, you will also want to make sure that the + following actions are disabled: enable-edit-actions + and enable-remote-toggle
+ +With the exception noted above, listening on multiple + addresses is currently not supported by Privoxy directly. It can be done on most + operating systems by letting a packet filter redirect request + for certain addresses to Privoxy, though.
+
+
+ - Example: + +
-
+
Suppose you are running Privoxy on a machine which has the address + 192.168.0.1 on your local private network (192.168.0.0) and has + another outside connection with a different address. You want + it to serve requests from inside only:
+ ++
+ ++ ++ ++ listen-address 192.168.0.1:8118 +
+Suppose you are running Privoxy on an IPv6-capable machine and you + want it to listen on the IPv6 address of the loopback + device:
+ ++
++ ++ ++ listen-address [::1]:8118 +
+
+
++ +7.4.2. toggle
+ +++-
+
- Specifies: + +
-
+
Initial state of "toggle" status
+
+
+ - Type of value: + +
-
+
1 or 0
+
+
+ - Default value: + +
-
+
1
+
+
+ - Effect if unset: + +
-
+
Act as if toggled on
+
+
+ - Notes: + +
-
+
If set to 0, Privoxy will + start in "toggled off" mode, i.e. + mostly behave like a normal, content-neutral proxy with both ad + blocking and content filtering disabled. See enable-remote-toggle below.
+ +The windows version will only display the toggle icon in the + system tray if this option is present.
+
+
++ +7.4.3. enable-remote-toggle
+ +++-
+
- Specifies: + +
-
+
Whether or not the web-based + toggle feature may be used
+
+
+ - Type of value: + +
-
+
0 or 1
+
+
+ - Default value: + +
-
+
0
+
+
+ - Effect if unset: + +
-
+
The web-based toggle feature is disabled.
+
+
+ - Notes: + +
-
+
When toggled off, Privoxy + mostly acts like a normal, content-neutral proxy, i.e. doesn't + block ads or filter content.
+ +Access to the toggle feature can not be controlled separately by + "ACLs" or HTTP authentication, so + that everybody who can access Privoxy (see "ACLs" and listen-address above) can toggle it for all + users. So this option is not + recommended for multi-user environments with untrusted + users.
+ +Note that malicious client side code (e.g Java) is also + capable of using this option.
+ +As a lot of Privoxy users + don't read documentation, this feature is disabled by + default.
+ +Note that you must have compiled Privoxy with support for this feature, + otherwise this option has no effect.
+
+
++ +7.4.4. enable-remote-http-toggle
+ +++-
+
- Specifies: + +
-
+
Whether or not Privoxy recognizes special HTTP headers to + change its behaviour.
+
+
+ - Type of value: + +
-
+
0 or 1
+
+
+ - Default value: + +
-
+
0
+
+
+ - Effect if unset: + +
-
+
Privoxy ignores special HTTP headers.
+
+
+ - Notes: + +
-
+
When toggled on, the client can change Privoxy's behaviour by setting special + HTTP headers. Currently the only supported special header is + "X-Filter: No", to disable filtering + for the ongoing request, even if it is enabled in one of the + action files.
+ +This feature is disabled by default. If you are using + Privoxy in a environment with + trusted clients, you may enable this feature at your + discretion. Note that malicious client side code (e.g Java) is + also capable of using this feature.
+ +This option will be removed in future releases as it has + been obsoleted by the more general header taggers.
+
+
++ +7.4.5. enable-edit-actions
+ +++-
+
- Specifies: + +
-
+
Whether or not the web-based + actions file editor may be used
+
+
+ - Type of value: + +
-
+
0 or 1
+
+
+ - Default value: + +
-
+
0
+
+
+ - Effect if unset: + +
-
+
The web-based actions file editor is disabled.
+
+
+ - Notes: + +
-
+
Access to the editor can not be controlled separately by + "ACLs" or HTTP authentication, so + that everybody who can access Privoxy (see "ACLs" and listen-address above) can modify its + configuration for all users.
+ +This option is not + recommended for environments with untrusted users and as + a lot of Privoxy users don't + read documentation, this feature is disabled by default.
+ +Note that malicious client side code (e.g Java) is also + capable of using the actions editor and you shouldn't enable + this options unless you understand the consequences and are + sure your browser is configured correctly.
+ +Note that you must have compiled Privoxy with support for this feature, + otherwise this option has no effect.
+
+
++ +7.4.6. + enforce-blocks
+ +++-
+
- Specifies: + +
-
+
Whether the user is allowed to ignore blocks and can + "go there anyway".
+
+
+ - Type of value: + +
-
+
0 or 1
+
+
+ - Default value: + +
-
+
0
+
+
+ - Effect if unset: + +
-
+
Blocks are not enforced.
+
+
+ - Notes: + +
-
+
Privoxy is mainly used to + block and filter requests as a service to the user, for example + to block ads and other junk that clogs the pipes. Privoxy's configuration isn't perfect and + sometimes innocent pages are blocked. In this situation it + makes sense to allow the user to enforce the request and have + Privoxy ignore the block.
+ +In the default configuration Privoxy's "Blocked" page contains a "go there anyway" link to adds a special string + (the force prefix) to the request URL. If that link is used, + Privoxy will detect the force + prefix, remove it again and let the request pass.
+ +Of course Privoxy can also + be used to enforce a network policy. In that case the user + obviously should not be able to bypass any blocks, and that's + what the "enforce-blocks" option is + for. If it's enabled, Privoxy + hides the "go there anyway" link. If + the user adds the force prefix by hand, it will not be accepted + and the circumvention attempt is logged.
+
+
+ - Examples: + +
-
+
enforce-blocks 1
+
+
++ +7.4.7. ACLs: permit-access + and deny-access
+ +++-
+
- Specifies: + +
-
+
Who can access what.
+
+
+ - Type of value: + +
-
+
src_addr[:port][/src_masklen] [dst_addr[:port][/dst_masklen]]
+ +Where src_addr and + dst_addr are IPv4 addresses in + dotted decimal notation or valid DNS names, port is a port number, and src_masklen and dst_masklen are subnet masks in CIDR + notation, i.e. integer values from 2 to 30 representing the + length (in bits) of the network address. The masks and the + whole destination part are optional.
+ +If your system implements RFC + 3493, then src_addr and + dst_addr can be IPv6 addresses + delimeted by brackets, port can + be a number or a service name, and src_masklen and dst_masklen can be a number from 0 to + 128.
+
+
+ - Default value: + +
-
+
Unset
+ +If no port is specified, any + port will match. If no src_masklen or src_masklen is given, the complete IP + address has to match (i.e. 32 bits for IPv4 and 128 bits for + IPv6).
+
+
+ - Effect if unset: + +
-
+
Don't restrict access further than implied by listen-address
+
+
+ - Notes: + +
-
+
Access controls are included at the request of ISPs and + systems administrators, and are not usually needed by individual + users. For a typical home user, it will normally suffice + to ensure that Privoxy only + listens on the localhost (127.0.0.1) or internal (home) network + address by means of the listen-address option.
+ +Please see the warnings in the FAQ that Privoxy is not intended to be a substitute + for a firewall or to encourage anyone to defer addressing basic + security weaknesses.
+ +Multiple ACL lines are OK. If any ACLs are specified, + Privoxy only talks to IP + addresses that match at least one permit-access line and don't match any + subsequent deny-access line. In other + words, the last match wins, with the default being deny-access.
+ +If Privoxy is using a + forwarder (see forward below) for a + particular destination URL, the dst_addr that is examined is the address + of the forwarder and NOT the address of the ultimate + target. This is necessary because it may be impossible for the + local Privoxy to determine the + IP address of the ultimate target (that's often what gateways + are used for).
+ +You should prefer using IP addresses over DNS names, because + the address lookups take time. All DNS names must resolve! You + can not use domain + patterns like "*.org" or partial + domain names. If a DNS name resolves to multiple IP addresses, + only the first one is used.
+ +Some systems allow IPv4 clients to connect to IPv6 server + sockets. Then the client's IPv4 address will be translated by + the system into IPv6 address space with special prefix + ::ffff:0:0/96 (so called IPv4 mapped IPv6 address). + Privoxy can handle it and maps + such ACL addresses automatically.
+ +Denying access to particular sites by ACL may have undesired + side effects if the site in question is hosted on a machine + which also hosts other sites (most sites are).
+
+
+ - Examples: + +
-
+
Explicitly define the default behavior if no ACL and + listen-address are set: "localhost" is OK. The absence of a dst_addr implies that all destination addresses are + OK:
+ ++
+ ++ ++ ++ permit-access localhost +
+Allow any host on the same class C subnet as www.privoxy.org + access to nothing but www.example.com (or other domains hosted + on the same system):
+ ++
+ ++ ++ ++ permit-access www.privoxy.org/24 www.example.com/32 +
+Allow access from any host on the 26-bit subnet + 192.168.45.64 to anywhere, with the exception that + 192.168.45.73 may not access the IP address behind + www.dirty-stuff.example.com:
+ ++
+ ++ ++ ++ permit-access 192.168.45.64/26 + deny-access 192.168.45.73 www.dirty-stuff.example.com +
+Allow access from the IPv4 network 192.0.2.0/24 even if + listening on an IPv6 wild card address (not supported on all + platforms):
+ ++
+ ++ ++ ++ permit-access 192.0.2.0/24 +
+This is equivalent to the following line even if listening + on an IPv4 address (not supported on all platforms):
+ ++
++ ++ ++ permit-access [::ffff:192.0.2.0]/120 +
+
+
++7.4.8. + buffer-limit
+ +++-
+
- Specifies: + +
-
+
Maximum size of the buffer for content filtering.
+
+
+ - Type of value: + +
-
+
Size in Kbytes
+
+
+ - Default value: + +
-
+
4096
+
+
+ - Effect if unset: + +
-
+
Use a 4MB (4096 KB) limit.
+
+
+ - Notes: + +
-
+
For content filtering, i.e. the +filter and +deanimate-gif actions, it is necessary that + Privoxy buffers the entire + document body. This can be potentially dangerous, since a + server could just keep sending data indefinitely and wait for + your RAM to exhaust -- with nasty consequences. Hence this + option.
+ +When a document buffer size reaches the buffer-limit, it is flushed to the client + unfiltered and no further attempt to filter the rest of the + document is made. Remember that there may be multiple threads + running, which might require up to buffer-limit Kbytes each, unless you have enabled + "single-threaded" above.
+
+
+7.5. + Forwarding
+ +This feature allows routing of HTTP requests through a chain of + multiple proxies.
+ +Forwarding can be used to chain Privoxy with a caching proxy to + speed up browsing. Using a parent proxy may also be necessary if the + machine that Privoxy runs on has no + direct Internet access.
+ +Note that parent proxies can severely decrease your privacy level. + For example a parent proxy could add your IP address to the request + headers and if it's a caching proxy it may add the "Etag" header to revalidation requests again, even + though you configured Privoxy to remove it. It may also ignore + Privoxy's header time randomization and use the original values which + could be used by the server as cookie replacement to track your steps + between visits.
+ +Also specified here are SOCKS proxies. Privoxy supports the SOCKS 4 and SOCKS 4A + protocols.
+ +++ +7.5.1. + forward
+ +++-
+
- Specifies: + +
-
+
To which parent HTTP proxy specific requests should be + routed.
+
+
+ - Type of value: + +
-
+
target_pattern http_parent[:port]
+ +where target_pattern is a + URL pattern that + specifies to which requests (i.e. URLs) this forward rule shall + apply. Use / to denote "all URLs". http_parent[:port] is the DNS name or IP address of + the parent HTTP proxy through which the requests should be + forwarded, optionally followed by its listening port (default: + 8000). Use a single dot (.) to denote + "no forwarding".
+
+
+ - Default value: + +
-
+
Unset
+
+
+ - Effect if unset: + +
-
+
Don't use parent HTTP proxies.
+
+
+ - Notes: + +
-
+
If http_parent is + ".", then requests are not forwarded + to another HTTP proxy but are made directly to the web + servers.
+ +http_parent can be a + numerical IPv6 address (if RFC 3493 + is implemented). To prevent clashes with the port delimiter, + the whole IP address has to be put into brackets. On the other + hand a target_pattern + containing an IPv6 address has to be put into angle brackets + (normal brackets are reserved for regular expressions + already).
+ +Multiple lines are OK, they are checked in sequence, and the + last match wins.
+
+
+ - Examples: + +
-
+
Everything goes to an example parent proxy, except SSL on + port 443 (which it doesn't handle):
+ ++
+ ++ ++ ++ forward / parent-proxy.example.org:8080 + forward :443 . +
+Everything goes to our example ISP's caching proxy, except + for requests to that ISP's sites:
+ ++
+ ++ ++ ++ forward / caching-proxy.isp.example.net:8000 + forward .isp.example.net . +
+Parent proxy specified by an IPv6 address:
+ ++
+ ++ ++ ++ forward / [2001:DB8::1]:8000 +
+Suppose your parent proxy doesn't support IPv6:
+ ++
++ ++ ++ forward / parent-proxy.example.org:8000 + forward ipv6-server.example.org . + forward <[2-3][0-9a-f][0-9a-f][0-9a-f]:*> . +
+
+
++ +7.5.2. forward-socks4, + forward-socks4a and forward-socks5
+ +++-
+
- Specifies: + +
-
+
Through which SOCKS proxy (and optionally to which parent + HTTP proxy) specific requests should be routed.
+
+
+ - Type of value: + +
-
+
target_pattern socks_proxy[:port] http_parent[:port]
+ +where target_pattern is a + URL pattern that + specifies to which requests (i.e. URLs) this forward rule shall + apply. Use / to denote "all URLs". http_parent and socks_proxy are IP addresses in dotted + decimal notation or valid DNS names (http_parent may be "." to denote "no HTTP + forwarding"), and the optional port parameters are TCP ports, i.e. + integer values from 1 to 65535
+
+
+ - Default value: + +
-
+
Unset
+
+
+ - Effect if unset: + +
-
+
Don't use SOCKS proxies.
+
+
+ - Notes: + +
-
+
Multiple lines are OK, they are checked in sequence, and the + last match wins.
+ +The difference between forward-socks4 and forward-socks4a is that in the SOCKS 4A + protocol, the DNS resolution of the target hostname happens on + the SOCKS server, while in SOCKS 4 it happens locally.
+ +With forward-socks5 the DNS + resolution will happen on the remote server as well.
+ +socks_proxy and http_parent can be a numerical IPv6 + address (if RFC 3493 is implemented). To prevent clashes + with the port delimiter, the whole IP address has to be put + into brackets. On the other hand a target_pattern containing an IPv6 address + has to be put into angle brackets (normal brackets are reserved + for regular expressions already).
+ +If http_parent is + ".", then requests are not forwarded + to another HTTP proxy but are made (HTTP-wise) directly to the + web servers, albeit through a SOCKS proxy.
+
+
+ - Examples: + +
-
+
From the company example.com, direct connections are made to + all "internal" domains, but + everything outbound goes through their ISP's proxy by way of + example.com's corporate SOCKS 4A gateway to the Internet.
+ ++
+ ++ ++ ++ forward-socks4a / socks-gw.example.com:1080 www-cache.isp.example.net:8080 + forward .example.com . +
+A rule that uses a SOCKS 4 gateway for all destinations but + no HTTP parent looks like this:
+ ++
+ ++ ++ ++ forward-socks4 / socks-gw.example.com:1080 . +
+To chain Privoxy and Tor, both running on the same system, + you would use something like:
+ ++
+ ++ ++ ++ forward-socks5 / 127.0.0.1:9050 . +
+The public Tor network + can't be used to reach your local network, if you need to + access local servers you therefore might want to make some + exceptions:
+ ++
+ ++ ++ ++ forward 192.168.*.*/ . + forward 10.*.*.*/ . + forward 127.*.*.*/ . +
+Unencrypted connections to systems in these address ranges + will be as (un)secure as the local network is, but the + alternative is that you can't reach the local network through + Privoxy at all. Of course this + may actually be desired and there is no reason to make these + exceptions if you aren't sure you need them.
+ +If you also want to be able to reach servers in your local + network by using their names, you will need additional + exceptions that look like this:
+ ++
++ ++ ++ forward localhost/ . +
+
+
+7.5.3. Advanced Forwarding + Examples
+ +If you have links to multiple ISPs that provide various special + content only to their subscribers, you can configure multiple + Privoxies which have connections to + the respective ISPs to act as forwarders to each other, so that + your users can see the + internal content of all ISPs.
+ +Assume that host-a has a PPP connection to isp-a.example.net. And + host-b has a PPP connection to isp-b.example.org. Both run + Privoxy. Their forwarding + configuration can look like this:
+ +host-a:
+ ++
+ ++ ++ ++ forward / . + forward .isp-b.example.net host-b:8118 +
+host-b:
+ ++
+ ++ ++ ++ forward / . + forward .isp-a.example.org host-a:8118 +
+Now, your users can set their browser's proxy to use either host-a + or host-b and be able to browse the internal content of both isp-a + and isp-b.
+ +If you intend to chain Privoxy + and squid locally, then chaining as + browser -> squid -> privoxy is the + recommended way.
+ +Assuming that Privoxy and + squid run on the same box, your + squid configuration could then look + like this:
+ ++
+ + + # Define Privoxy as parent proxy (without ICP) + cache_peer 127.0.0.1 parent 8118 7 no-query + + # Define ACL for protocol FTP + acl ftp proto FTP # Do not forward FTP requests to Privoxy - always_direct allow ftp + always_direct allow ftp # Forward all the rest to Privoxy - never_direct allow all
You would then need to change your browser's proxy settings to squid's address and port. - Squid normally uses port 3128. If unsure consult http_port in squid.conf.
You could just as well decide to only forward requests you suspect - of leading to Windows executables through a virus-scanning parent proxy, - say, on antivir.example.com, port 8010:
forward / . - forward /.*\.(exe|com|dll|zip)$ antivir.example.com:8010
7.5.4. forwarded-connect-retries
- Specifies:
How often Privoxy retries if a forwarded connection request fails. -
- Type of value:
Number of retries. -
- Default value:
0
- Effect if unset:
Connections forwarded through other proxies are treated like direct connections and no retry attempts are made. -
- Notes:
forwarded-connect-retries is mainly interesting - for socks4a connections, where Privoxy can't detect why the connections failed. - The connection might have failed because of a DNS timeout in which case a retry makes sense, - but it might also have failed because the server doesn't exist or isn't reachable. In this - case the retry will just delay the appearance of Privoxy's error message. -
Note that in the context of this option, "forwarded connections" includes all connections - that Privoxy forwards through other proxies. This option is not limited to the HTTP CONNECT method. -
Only use this option, if you are getting lots of forwarding-related error messages - that go away when you try again manually. Start with a small value and check Privoxy's - logfile from time to time, to see how many retries are usually needed. -
- Examples:
forwarded-connect-retries 1 -
7.5.5. accept-intercepted-requests
- Specifies:
Whether intercepted requests should be treated as valid. -
- Type of value:
0 or 1 -
- Default value:
0
- Effect if unset:
Only proxy requests are accepted, intercepted requests are treated as invalid. -
- Notes:
If you don't trust your clients and want to force them - to use Privoxy, enable this - option and configure your packet filter to redirect outgoing - HTTP connections into Privoxy. -
Make sure that Privoxy's own requests - aren't redirected as well. Additionally take care that - Privoxy can't intentionally connect - to itself, otherwise you could run into redirection loops if - Privoxy's listening port is reachable - by the outside or an attacker has access to the pages you visit. -
- Examples:
accept-intercepted-requests 1 -
7.5.6. allow-cgi-request-crunching
- Specifies:
Whether requests to Privoxy's CGI pages can be blocked or redirected. -
- Type of value:
0 or 1 -
- Default value:
0
- Effect if unset:
Privoxy ignores block and redirect actions for its CGI pages. -
- Notes:
By default Privoxy ignores block or redirect actions - for its CGI pages. Intercepting these requests can be useful in multi-user - setups to implement fine-grained access control, but it can also render the complete - web interface useless and make debugging problems painful if done without care. -
Don't enable this option unless you're sure that you really need it. -
- Examples:
allow-cgi-request-crunching 1 -
7.5.7. split-large-forms
- Specifies:
Whether the CGI interface should stay compatible with broken HTTP clients. -
- Type of value:
0 or 1 -
- Default value:
0
- Effect if unset:
The CGI form generate long GET URLs. -
- Notes:
Privoxy's CGI forms can lead to - rather long URLs. This isn't a problem as far as the HTTP - standard is concerned, but it can confuse clients with arbitrary - URL length limitations. -
Enabling split-large-forms causes Privoxy - to divide big forms into smaller ones to keep the URL length down. - It makes editing a lot less convenient and you can no longer - submit all changes at once, but at least it works around this - browser bug. -
If you don't notice any editing problems, there is no reason - to enable this option, but if one of the submit buttons appears - to be broken, you should give it a try. -
- Examples:
split-large-forms 1 -
7.5.8. keep-alive-timeout
- Specifies:
Number of seconds after which an open connection will no longer be reused. -
- Type of value:
Time in seconds. -
- Default value:
None
- Effect if unset:
Connections are not reused. -
- Notes:
This option has no effect if Privoxy - has been compiled without keep-alive support. -
- Notes:
Note that reusing connections doesn't necessary cause speedups. - There are also a few privacy implications you should be aware of. -
Outgoing connections are shared between clients (if there are more - than one) and closing the client that initiated the outgoing connection - does not affect the connection between Privoxy and the server unless - the client's request hasn't been completed yet. If the outgoing connection - is idle, it will not be closed until either Privoxy's - or the server's timeout is reached. While it's open, the server knows - that the system running Privoxy is still there. -
- Examples:
keep-alive-timeout 300 -
7.5.9. socket-timeout
- Specifies:
Number of seconds after which a socket times out if - no data is received. -
- Type of value:
Time in seconds. -
- Default value:
None
- Effect if unset:
A default value of 300 seconds is used. -
- Notes:
For SOCKS requests the timeout currently doesn't start until - the SOCKS server accepted the request. This will be fixed in - the next release. -
- Examples:
socket-timeout 300 -
\ No newline at end of file + never_direct allow all +7.6. Windows GUI Options
Privoxy has a number of options specific to the - Windows GUI interface:
If "activity-animation" is set to 1, the - Privoxy icon will animate when - "Privoxy" is active. To turn off, set to 0.
activity-animation 1
-
-If "log-messages" is set to 1, - Privoxy will log messages to the console - window:
log-messages 1
-
-- If "log-buffer-size" is set to 1, the size of the log buffer, - i.e. the amount of memory used for the log messages displayed in the - console window, will be limited to "log-max-lines" (see below).
Warning: Setting this to 0 will result in the buffer to grow infinitely and - eat up all your memory!
log-buffer-size 1
-
-log-max-lines is the maximum number of lines held - in the log buffer. See above.
log-max-lines 200
-
-If "log-highlight-messages" is set to 1, - Privoxy will highlight portions of the log - messages with a bold-faced font:
log-highlight-messages 1
-
-The font used in the console window:
log-font-name Comic Sans MS
-
-Font size used in the console window:
log-font-size 8
-
-- "show-on-task-bar" controls whether or not - Privoxy will appear as a button on the Task bar - when minimized:
show-on-task-bar 0
-
-If "close-button-minimizes" is set to 1, the Windows close - button will minimize Privoxy instead of closing - the program (close with the exit option on the File menu).
close-button-minimizes 1
-
-The "hide-console" option is specific to the MS-Win console - version of Privoxy. If this option is used, - Privoxy will disconnect from and hide the - command console.
#hide-console
-
-You would then need to change your browser's proxy settings to + squid's address and port. Squid + normally uses port 3128. If unsure consult http_port in squid.conf.
+ +You could just as well decide to only forward requests you suspect + of leading to Windows executables through a virus-scanning parent + proxy, say, on antivir.example.com, port + 8010:
+ ++
++ ++ ++ forward / . + forward /.*\.(exe|com|dll|zip)$ antivir.example.com:8010 +
+
7.5.4. forwarded-connect-retries
+ +-
+
- Specifies: + +
-
+
How often Privoxy retries if a forwarded connection request + fails.
+
+
+ - Type of value: + +
-
+
Number of retries.
+
+
+ - Default value: + +
-
+
0
+
+
+ - Effect if unset: + +
-
+
Connections forwarded through other proxies are treated like + direct connections and no retry attempts are made.
+
+
+ - Notes: + +
-
+
forwarded-connect-retries is + mainly interesting for socks4a connections, where Privoxy can't detect why the connections + failed. The connection might have failed because of a DNS + timeout in which case a retry makes sense, but it might also + have failed because the server doesn't exist or isn't + reachable. In this case the retry will just delay the + appearance of Privoxy's error message.
+ +Note that in the context of this option, "forwarded connections" includes all connections + that Privoxy forwards through other proxies. This option is not + limited to the HTTP CONNECT method.
+ +Only use this option, if you are getting lots of + forwarding-related error messages that go away when you try + again manually. Start with a small value and check Privoxy's + logfile from time to time, to see how many retries are usually + needed.
+
+
+ - Examples: + +
-
+
forwarded-connect-retries 1
+
+
7.6. Miscellaneous
+ +7.6.1. + accept-intercepted-requests
+ +-
+
- Specifies: + +
-
+
Whether intercepted requests should be treated as valid.
+
+
+ - Type of value: + +
-
+
0 or 1
+
+
+ - Default value: + +
-
+
0
+
+
+ - Effect if unset: + +
-
+
Only proxy requests are accepted, intercepted requests are + treated as invalid.
+
+
+ - Notes: + +
-
+
If you don't trust your clients and want to force them to + use Privoxy, enable this + option and configure your packet filter to redirect outgoing + HTTP connections into Privoxy.
+ +Make sure that Privoxy's + own requests aren't redirected as well. Additionally take care + that Privoxy can't + intentionally connect to itself, otherwise you could run into + redirection loops if Privoxy's + listening port is reachable by the outside or an attacker has + access to the pages you visit.
+
+
+ - Examples: + +
-
+
accept-intercepted-requests 1
+
+
7.6.2. + allow-cgi-request-crunching
+ +-
+
- Specifies: + +
-
+
Whether requests to Privoxy's CGI pages can be blocked or + redirected.
+
+
+ - Type of value: + +
-
+
0 or 1
+
+
+ - Default value: + +
-
+
0
+
+
+ - Effect if unset: + +
-
+
Privoxy ignores block and + redirect actions for its CGI pages.
+
+
+ - Notes: + +
-
+
By default Privoxy ignores + block or redirect actions for its CGI pages. Intercepting these + requests can be useful in multi-user setups to implement + fine-grained access control, but it can also render the + complete web interface useless and make debugging problems + painful if done without care.
+ +Don't enable this option unless you're sure that you really + need it.
+
+
+ - Examples: + +
-
+
allow-cgi-request-crunching 1
+
+
7.6.3. split-large-forms
+ +-
+
- Specifies: + +
-
+
Whether the CGI interface should stay compatible with broken + HTTP clients.
+
+
+ - Type of value: + +
-
+
0 or 1
+
+
+ - Default value: + +
-
+
0
+
+
+ - Effect if unset: + +
-
+
The CGI form generate long GET URLs.
+
+
+ - Notes: + +
-
+
Privoxy's CGI forms can + lead to rather long URLs. This isn't a problem as far as the + HTTP standard is concerned, but it can confuse clients with + arbitrary URL length limitations.
+ +Enabling split-large-forms causes Privoxy to divide big forms into smaller + ones to keep the URL length down. It makes editing a lot less + convenient and you can no longer submit all changes at once, + but at least it works around this browser bug.
+ +If you don't notice any editing problems, there is no reason + to enable this option, but if one of the submit buttons appears + to be broken, you should give it a try.
+
+
+ - Examples: + +
-
+
split-large-forms 1
+
+
7.6.4. keep-alive-timeout
+ +-
+
- Specifies: + +
-
+
Number of seconds after which an open connection will no + longer be reused.
+
+
+ - Type of value: + +
-
+
Time in seconds.
+
+
+ - Default value: + +
-
+
None
+
+
+ - Effect if unset: + +
-
+
Connections are not kept alive.
+
+
+ - Notes: + +
-
+
This option allows clients to keep the connection to + Privoxy alive. If the server + supports it, Privoxy will keep + the connection to the server alive as well. Under certain + circumstances this may result in speed-ups.
+ +By default, Privoxy will + close the connection to the server if the client connection + gets closed, or if the specified timeout has been reached + without a new request coming in. This behaviour can be changed + with the connection-sharing option.
+ +This option has no effect if Privoxy has been compiled without + keep-alive support.
+ +Note that a timeout of five seconds as used in the default + configuration file significantly decreases the number of + connections that will be reused. The value is used because some + browsers limit the number of connections they open to a single + host and apply the same limit to proxies. This can result in a + single website "grabbing" all the + connections the browser allows, which means connections to + other websites can't be opened until the connections currently + in use time out.
+ +Several users have reported this as a Privoxy bug, so the + default value has been reduced. Consider increasing it to 300 + seconds or even more if you think your browser can handle it. + If your browser appears to be hanging it can't.
+
+
+ - Examples: + +
-
+
keep-alive-timeout 300
+
+
7.6.5. default-server-timeout
+ +-
+
- Specifies: + +
-
+
Assumed server-side keep-alive timeout if not specified by + the server.
+
+
+ - Type of value: + +
-
+
Time in seconds.
+
+
+ - Default value: + +
-
+
None
+
+
+ - Effect if unset: + +
-
+
Connections for which the server didn't specify the + keep-alive timeout are not reused.
+
+
+ - Notes: + +
-
+
Enabling this option significantly increases the number of + connections that are reused, provided the keep-alive-timeout + option is also enabled.
+ +While it also increases the number of connections problems + when Privoxy tries to reuse a + connection that already has been closed on the server side, or + is closed while Privoxy is + trying to reuse it, this should only be a problem if it happens + for the first request sent by the client. If it happens for + requests on reused client connections, Privoxy will simply close the connection + and the client is supposed to retry the request without + bothering the user.
+ +Enabling this option is therefore only recommended if the + connection-sharing option is disabled.
+ +It is an error to specify a value larger than the keep-alive-timeout + value.
+ +This option has no effect if Privoxy has been compiled without + keep-alive support.
+
+
+ - Examples: + +
-
+
default-server-timeout 60
+
+
7.6.6. connection-sharing
+ +-
+
- Specifies: + +
-
+
Whether or not outgoing connections that have been kept + alive should be shared between different incoming + connections.
+
+
+ - Type of value: + +
-
+
0 or 1
+
+
+ - Default value: + +
-
+
None
+
+
+ - Effect if unset: + +
-
+
Connections are not shared.
+
+
+ - Notes: + +
-
+
This option has no effect if Privoxy has been compiled without + keep-alive support, or if it's disabled.
+
+
+ - Notes: + +
-
+
Note that reusing connections doesn't necessary cause + speedups. There are also a few privacy implications you should + be aware of.
+ +If this option is effective, outgoing connections are shared + between clients (if there are more than one) and closing the + browser that initiated the outgoing connection does no longer + affect the connection between Privoxy and the server unless the client's + request hasn't been completed yet.
+ +If the outgoing connection is idle, it will not be closed + until either Privoxy's or the + server's timeout is reached. While it's open, the server knows + that the system running Privoxy is still there.
+ +If there are more than one client (maybe even belonging to + multiple users), they will be able to reuse each others + connections. This is potentially dangerous in case of + authentication schemes like NTLM where only the connection is + authenticated, instead of requiring authentication for each + request.
+ +If there is only a single client, and if said client can + keep connections alive on its own, enabling this option has + next to no effect. If the client doesn't support connection + keep-alive, enabling this option may make sense as it allows + Privoxy to keep outgoing + connections alive even if the client itself doesn't support + it.
+ +You should also be aware that enabling this option increases + the likelihood of getting the "No server or forwarder data" + error message, especially if you are using a slow connection to + the Internet.
+ +This option should only be used by experienced users who + understand the risks and can weight them against the + benefits.
+
+
+ - Examples: + +
-
+
connection-sharing 1
+
+
7.6.7. + socket-timeout
+ +-
+
- Specifies: + +
-
+
Number of seconds after which a socket times out if no data + is received.
+
+
+ - Type of value: + +
-
+
Time in seconds.
+
+
+ - Default value: + +
-
+
None
+
+
+ - Effect if unset: + +
-
+
A default value of 300 seconds is used.
+
+
+ - Notes: + +
-
+
The default is quite high and you probably want to reduce + it. If you aren't using an occasionally slow proxy like Tor, + reducing it to a few seconds should be fine.
+
+
+ - Examples: + +
-
+
socket-timeout 300
+
+
7.6.8. max-client-connections
+ +-
+
- Specifies: + +
-
+
Maximum number of client connections that will be + served.
+
+
+ - Type of value: + +
-
+
Positive number.
+
+
+ - Default value: + +
-
+
None
+
+
+ - Effect if unset: + +
-
+
Connections are served until a resource limit is + reached.
+
+
+ - Notes: + +
-
+
Privoxy creates one thread + (or process) for every incoming client connection that isn't + rejected based on the access control settings.
+ +If the system is powerful enough, Privoxy can theoretically deal with + several hundred (or thousand) connections at the same time, but + some operating systems enforce resource limits by shutting down + offending processes and their default limits may be below the + ones Privoxy would require + under heavy load.
+ +Configuring Privoxy to + enforce a connection limit below the thread or process limit + used by the operating system makes sure this doesn't happen. + Simply increasing the operating system's limit would work too, + but if Privoxy isn't the only + application running on the system, you may actually want to + limit the resources used by Privoxy.
+ +If Privoxy is only used by + a single trusted user, limiting the number of client + connections is probably unnecessary. If there are multiple + possibly untrusted users you probably still want to + additionally use a packet filter to limit the maximal number of + incoming connections per client. Otherwise a malicious user + could intentionally create a high number of connections to + prevent other users from using Privoxy.
+ +Obviously using this option only makes sense if you choose a + limit below the one enforced by the operating system.
+
+
+ - Examples: + +
-
+
max-client-connections 256
+
+
7.6.9. + handle-as-empty-doc-returns-ok
+ +-
+
- Specifies: + +
-
+
The status code Privoxy returns for pages blocked with + +handle-as-empty-document.
+
+
+ - Type of value: + +
-
+
0 or 1
+
+
+ - Default value: + +
-
+
0
+
+
+ - Effect if unset: + +
-
+
Privoxy returns a status 403(forbidden) for all blocked + pages.
+
+
+ - Effect if set: + +
-
+
Privoxy returns a status 200(OK) for pages blocked with + +handle-as-empty-document and a status 403(Forbidden) for all + other blocked pages.
+
+
+ - Notes: + +
-
+
This is a work-around for Firefox bug 492459: " Websites are no longer rendered if SSL requests for + JavaScripts are blocked by a proxy. " (https://bugzilla.mozilla.org/show_bug.cgi?id=492459) + As the bug has been fixed for quite some time this option + should no longer be needed and will be removed in a future + release. Please speak up if you have a reason why the option + should be kept around.
+
+
7.6.10. enable-compression
+ +-
+
- Specifies: + +
-
+
Whether or not buffered content is compressed before + delivery.
+
+
+ - Type of value: + +
-
+
0 or 1
+
+
+ - Default value: + +
-
+
0
+
+
+ - Effect if unset: + +
-
+
Privoxy does not compress buffered content.
+
+
+ - Effect if set: + +
-
+
Privoxy compresses buffered content before delivering it to + the client, provided the client supports it.
+
+
+ - Notes: + +
-
+
This directive is only supported if Privoxy has been + compiled with FEATURE_COMPRESSION, which should not to be + confused with FEATURE_ZLIB.
+ +Compressing buffered content is mainly useful if Privoxy and + the client are running on different systems. If they are + running on the same system, enabling compression is likely to + slow things down. If you didn't measure otherwise, you should + assume that it does and keep this option disabled.
+ +Privoxy will not compress buffered content below a certain + length.
+
+
7.6.11. compression-level
+ +-
+
- Specifies: + +
-
+
The compression level that is passed to the zlib library + when compressing buffered content.
+
+
+ - Type of value: + +
-
+
Positive number ranging from 0 to + 9.
+
+
+ - Default value: + +
-
+
1
+
+
+ - Notes: + +
-
+
Compressing the data more takes usually longer than + compressing it less or not compressing it at all. Which level + is best depends on the connection between Privoxy and the + client. If you can't be bothered to benchmark it for yourself, + you should stick with the default and keep compression + disabled.
+ +If compression is disabled, the compression level is + irrelevant.
+
+
+ - Examples: + +
-
+
+
++ ++ ++ # Best speed (compared to the other levels) + compression-level 1 + # Best compression + compression-level 9 + # No compression. Only useful for testing as the added header + # slightly increases the amount of data that has to be sent. + # If your benchmark shows that using this compression level + # is superior to using no compression at all, the benchmark + # is likely to be flawed. + compression-level 0 + +
+
+
7.7. Windows + GUI Options
+ +Privoxy has a number of options + specific to the Windows GUI interface:
+ +If "activity-animation" is set to 1, the + Privoxy icon will animate when + "Privoxy" is active. To turn off, set to + 0.
+ + activity-animation 1
+
If "log-messages" is set to 1, + Privoxy will log messages to the + console window:
+ + log-messages 1
+
If "log-buffer-size" is set to 1, the + size of the log buffer, i.e. the amount of memory used for the log + messages displayed in the console window, will be limited to + "log-max-lines" (see below).
+ +Warning: Setting this to 0 will result in the buffer to grow + infinitely and eat up all your memory!
+ + log-buffer-size 1
+
log-max-lines is the maximum number + of lines held in the log buffer. See above.
+ + log-max-lines 200
+
If "log-highlight-messages" is set to 1, + Privoxy will highlight portions of the + log messages with a bold-faced font:
+ + log-highlight-messages 1
+
The font used in the console window:
+ + log-font-name Comic Sans MS
+
Font size used in the console window:
+ + log-font-size 8
+
"show-on-task-bar" controls whether or + not Privoxy will appear as a button on + the Task bar when minimized:
+ + show-on-task-bar 0
+
If "close-button-minimizes" is set to 1, + the Windows close button will minimize Privoxy instead of closing the program (close with + the exit option on the File menu).
+ + close-button-minimizes 1
+
The "hide-console" option is specific to + the MS-Win console version of Privoxy. + If this option is used, Privoxy will + disconnect from and hide the command console.
+ + #hide-console
+
6. Privoxy Configuration
All Privoxy configuration is stored - in text files. These files can be edited with a text editor. - Many important aspects of Privoxy can - also be controlled easily with a web browser. -
6.1. Controlling Privoxy with Your Web Browser
Privoxy's user interface can be reached through the special - URL http://config.privoxy.org/ - (shortcut: http://p.p/), - which is a built-in page and works without Internet access. - You will see the following section:
This should be self-explanatory. Note the first item leads to an editor for the - actions files, which is where the ad, banner, - cookie, and URL blocking magic is configured as well as other advanced features of - Privoxy. This is an easy way to adjust various - aspects of Privoxy configuration. The actions - file, and other configuration files, are explained in detail below.
"Toggle Privoxy On or Off" is handy for sites that might - have problems with your current actions and filters. You can in fact use - it as a test to see whether it is Privoxy - causing the problem or not. Privoxy continues - to run as a proxy in this case, but all manipulation is disabled, i.e. - Privoxy acts like a normal forwarding proxy. There - is even a toggle Bookmarklet offered, so - that you can toggle Privoxy with one click from - your browser.
Note that several of the features described above are disabled by default - in Privoxy 3.0.7 beta and later. - Check the - configuration file to learn why - and in which cases it's safe to enable them again.
6.2. Configuration Files Overview
For Unix, *BSD and Linux, all configuration files are located in - /etc/privoxy/ by default. For MS Windows, OS/2, and - AmigaOS these are all in the same directory as the - Privoxy executable.
The installed defaults provide a reasonable starting point, though - some settings may be aggressive by some standards. For the time being, the - principle configuration files are:
The main configuration file is named config - on Linux, Unix, BSD, OS/2, and AmigaOS and config.txt - on Windows. This is a required file. -
match-all.action is used to define which "actions" - relating to banner-blocking, images, pop-ups, content modification, cookie handling - etc should be applied by default. It should be the first actions file loaded. -
default.action defines many exceptions (both positive and negative) - from the default set of actions that's configured in match-all.action. - It should be the second actions file loaded and shouldn't be edited by the user. -
Multiple actions files may be defined in config. These - are processed in the order they are defined. Local customizations and locally - preferred exceptions to the default policies as defined in - match-all.action (which you will most probably want - to define sooner or later) are best applied in user.action, - where you can preserve them across upgrades. The file isn't installed by all - installers, but you can easily create it yourself with a text editor. -
- There is also a web based editor that can be accessed from - http://config.privoxy.org/show-status - (Shortcut: http://p.p/show-status) for the - various actions files. -
"Filter files" (the filter - file) can be used to re-write the raw page content, including - viewable text as well as embedded HTML and JavaScript, and whatever else - lurks on any given web page. The filtering jobs are only pre-defined here; - whether to apply them or not is up to the actions files. - default.filter includes various filters made - available for use by the developers. Some are much more intrusive than - others, and all should be used with caution. You may define additional - filter files in config as you can with - actions files. We suggest user.filter for any - locally defined filters or customizations. -
The syntax of the configuration and filter files may change between different - Privoxy versions, unfortunately some enhancements cost backwards compatibility. -
All files use the "#" character to denote a - comment (the rest of the line will be ignored) and understand line continuation - through placing a backslash ("\") as the very last character - in a line. If the # is preceded by a backslash, it looses - its special function. Placing a # in front of an otherwise - valid configuration line to prevent it from being interpreted is called "commenting - out" that line. Blank lines are ignored.
The actions files and filter files - can use Perl style regular expressions for - maximum flexibility.
After making any changes, there is no need to restart - Privoxy in order for the changes to take - effect. Privoxy detects such changes - automatically. Note, however, that it may take one or two additional - requests for the change to take effect. When changing the listening address - of Privoxy, these "wake up" requests - must obviously be sent to the old listening address.
6. Privoxy + Configuration
+ +All Privoxy configuration is stored + in text files. These files can be edited with a text editor. Many + important aspects of Privoxy can also be + controlled easily with a web browser.
+ +6.1. Controlling + Privoxy with Your Web Browser
+ +Privoxy's user interface can be + reached through the special URL http://config.privoxy.org/ (shortcut: http://p.p/), which is a built-in page + and works without Internet access. You will see the following + section:
+ +
+ + ++ + Privoxy Menu+++ +
|
+
This should be self-explanatory. Note the first item leads to an + editor for the actions files, which is + where the ad, banner, cookie, and URL blocking magic is configured as + well as other advanced features of Privoxy. This is an easy way to adjust various + aspects of Privoxy configuration. The + actions file, and other configuration files, are explained in detail + below.
+ +"Toggle Privoxy On or Off" is handy for + sites that might have problems with your current actions and filters. + You can in fact use it as a test to see whether it is Privoxy causing the problem or not. Privoxy continues to run as a proxy in this case, + but all manipulation is disabled, i.e. Privoxy acts like a normal forwarding proxy. There + is even a toggle Bookmarklet + offered, so that you can toggle Privoxy with one click from your browser.
+ +Note that several of the features described above are disabled by + default in Privoxy 3.0.7 beta and + later. Check the configuration + file to learn why and in which cases it's safe to enable them + again.
+6.2. + Configuration Files Overview
+ +For Unix, *BSD and Linux, all configuration files are located in + /etc/privoxy/ by default. For MS Windows, + OS/2, and AmigaOS these are all in the same directory as the + Privoxy executable.
+ +The installed defaults provide a reasonable starting point, though + some settings may be aggressive by some standards. For the time being, + the principle configuration files are:
+ +-
+
-
+
The main configuration file is named + config on Linux, Unix, BSD, OS/2, and + AmigaOS and config.txt on Windows. This + is a required file.
+
+
+ -
+
match-all.action is used to define + which "actions" relating to + banner-blocking, images, pop-ups, content modification, cookie + handling etc should be applied by default. It should be the first + actions file loaded.
+ +default.action defines many exceptions + (both positive and negative) from the default set of actions that's + configured in match-all.action. It should + be the second actions file loaded and shouldn't be edited by the + user.
+ +Multiple actions files may be defined in config. These are processed in the order they are + defined. Local customizations and locally preferred exceptions to + the default policies as defined in match-all.action (which you will most probably want + to define sooner or later) are best applied in user.action, where you can preserve them across + upgrades. The file isn't installed by all installers, but you can + easily create it yourself with a text editor.
+ +There is also a web based editor that can be accessed from + http://config.privoxy.org/show-status (Shortcut: + http://p.p/show-status) for the various actions + files.
+
+
+ -
+
"Filter files" (the filter file) can be used to re-write the raw + page content, including viewable text as well as embedded HTML and + JavaScript, and whatever else lurks on any given web page. The + filtering jobs are only pre-defined here; whether to apply them or + not is up to the actions files. default.filter includes various filters made + available for use by the developers. Some are much more intrusive + than others, and all should be used with caution. You may define + additional filter files in config as you + can with actions files. We suggest user.filter for any locally defined filters or + customizations.
+
+
The syntax of the configuration and filter files may change between + different Privoxy versions, unfortunately some enhancements cost + backwards compatibility.
+ +All files use the "#" character to denote a comment (the rest of the + line will be ignored) and understand line continuation through placing + a backslash ("\") as the very last character + in a line. If the # is preceded by a + backslash, it looses its special function. Placing a # in front of an otherwise valid configuration line to + prevent it from being interpreted is called "commenting out" that line. + Blank lines are ignored.
+ +The actions files and filter files can use Perl style regular expressions for maximum + flexibility.
+ +After making any changes, there is no need to restart Privoxy in order for the changes to take effect. + Privoxy detects such changes + automatically. Note, however, that it may take one or two additional + requests for the change to take effect. When changing the listening + address of Privoxy, these "wake up" requests must obviously be sent to the + old listening address.
++ +
Prev | + +Home | + +Next | +
Starting Privoxy | + ++ + | The Main Configuration + File | +
11. Contacting the Developers, Bug Reporting and Feature -Requests
We value your feedback. In fact, we rely on it to improve - Privoxy and its configuration. - However, please note the following hints, so we can - provide you with the best support:
11.1. Get Support
For casual users, our - support forum at SourceForge - is probably best suited: - http://sourceforge.net/tracker/?group_id=11118&atid=211118
All users are of course welcome to discuss their issues on the users - mailing list, where the developers also hang around.
Please don't sent private support requests to individual Privoxy - developers, either use the mailing lists or the support trackers.
Note that the Privoxy mailing lists are moderated. Posts from unsubscribed - addresses have to be accepted manually by a moderator. This may cause a - delay of several days and if you use a subject that doesn't clearly - mention Privoxy or one of its features, your message may be accidentally - discarded as spam.
If you aren't subscribed, you should therefore spend a few seconds - to come up with a proper subject. Additionally you should make it clear - that you want to get CC'd. Otherwise some responses will be directed to - the mailing list only, and you won't see them.
11.2. Reporting Problems
"Problems" for our purposes, come in two forms:
Configuration issues, such as ads that slip through, or sites that - don't function properly due to one Privoxy - "action" or another being turned "on". -
"Bugs" in the programming code that makes up - Privoxy, such as that might cause a crash. -
11.2.1. Reporting Ads or Other Configuration Problems
Please send feedback on ads that slipped through, innocent images that were - blocked, sites that don't work properly, and other configuration related problem of - default.action file, to - http://sourceforge.net/tracker/?group_id=11118&atid=460288, - the Actions File Tracker.
New, improved default.action files may occasionally be made - available based on your feedback. These will be announced on the ijbswa-announce - list and available from our the files section of - our project page.
11.2.2. Reporting Bugs
Please report all bugs through our bug tracker: - http://sourceforge.net/tracker/?group_id=11118&atid=111118.
Before doing so, please make sure that the bug has not already been submitted - and observe the additional hints at the top of the submit - form. If already submitted, please feel free to add any info to the - original report that might help to solve the issue.
Please try to verify that it is a Privoxy bug, - and not a browser or site bug or documented behaviour that just happens - to be different than what you expected. If unsure, - try toggling - off Privoxy, and see if the problem persists.
If you are using your own custom configuration, please try - the stock configs to see if the problem is configuration related. - If you're having problems with a feature that is disabled by default, - please ask around on the mailing list if others can reproduce the problem.
If you aren't using the latest Privoxy version, the bug may have been found - and fixed in the meantime. We would appreciate if you could take the time - to upgrade - to the latest version (or even the latest CVS snapshot) and verify - that your bug still exists.
Please be sure to provide the following information:
The exact Privoxy version you are using - (if you got the source from CVS, please also provide the source code revisions - as shown in http://config.privoxy.org/show-version). -
The operating system and versions you run - Privoxy on, (e.g. Windows - XP SP2), if you are using a Unix flavor, - sending the output of "uname -a" should do, - in case of GNU/Linux, please also name the distribution. -
The name, platform, and version of the browser - you were using (e.g. Internet Explorer v5.5 for Mac). -
The URL where the problem occurred, or some way for us to duplicate the - problem (e.g. http://somesite.example.com/?somethingelse=123). -
Whether your version of Privoxy is one supplied - by the Privoxy developers via SourceForge, - or if you got your copy somewhere else. -
Whether you are using Privoxy in tandem with - another proxy such as Tor. If so, please - temporary disable the other proxy to see if the symptoms change. -
Whether you are using a personal firewall product. If so, does - Privoxy work without it? -
Any other pertinent information to help identify the problem such as config - or log file excerpts (yes, you should have log file entries for each - action taken). -
You don't have to tell us your actual name when filing a problem - report, but please use a nickname so we can differentiate between - your messages and the ones entered by other "anonymous" users that - may respond to your request if they have the same problem or already - found a solution.
Please also check the status of your request a few days after submitting - it, as we may request additional information. If you use a SF id, - you should automatically get a mail when someone responds to your request.
The appendix - of the Privoxy User Manual also has helpful information - on understanding actions, and action debugging.
11.3. Request New Features
You are welcome to submit ideas on new features or other proposals - for improvement through our feature request tracker at - http://sourceforge.net/tracker/?atid=361118&group_id=11118.
11.4. Other
For any other issues, feel free to use the mailing lists. Technically interested users -and people who wish to contribute to the project are also welcome on the developers list! -You can find an overview of all Privoxy-related mailing lists, -including list archives, at: -http://sourceforge.net/mail/?group_id=11118.
11. Contacting the + Developers, Bug Reporting and Feature Requests
+ +We value your feedback. In fact, we rely on it to improve Privoxy and its configuration. However, please note + the following hints, so we can provide you with the best support:
+ +11.1. + Get Support
+ +For casual users, our support forum at SourceForge is probably best suited: + http://sourceforge.net/tracker/?group_id=11118&atid=211118
+ +All users are of course welcome to discuss their issues on the + users mailing list, where the developers also hang + around.
+ +Please don't sent private support requests to individual Privoxy + developers, either use the mailing lists or the support trackers.
+ +If you have to contact a Privoxy developer directly for other + reasons, please send a real mail and do not bother with SourceForge's + messaging system. Answers to SourceForge messages are usually bounced + by SourceForge's mail server in which case the developer wasted time + writing a response you don't get. From your point of view it will look + like your message has been completely ignored, so this is frustrating + for all parties involved.
+ +Note that the Privoxy mailing lists are moderated. Posts from + unsubscribed addresses have to be accepted manually by a moderator. + This may cause a delay of several days and if you use a subject that + doesn't clearly mention Privoxy or one of its features, your message + may be accidentally discarded as spam.
+ +If you aren't subscribed, you should therefore spend a few seconds + to come up with a proper subject. Additionally you should make it clear + that you want to get CC'd. Otherwise some responses will be directed to + the mailing list only, and you won't see them.
+11.2. Reporting + Problems
+ +"Problems" for our purposes, come in two + forms:
+ +-
+
-
+
Configuration issues, such as ads that slip through, or sites + that don't function properly due to one Privoxy "action" or + another being turned "on".
+
+
+ -
+
"Bugs" in the programming code that + makes up Privoxy, such as that + might cause a crash.
+
+
11.2.1. + Reporting Ads or Other Configuration Problems
+ +Please send feedback on ads that slipped through, innocent images + that were blocked, sites that don't work properly, and other + configuration related problem of default.action file, to http://sourceforge.net/tracker/?group_id=11118&atid=460288, + the Actions File Tracker.
+ +New, improved default.action files may + occasionally be made available based on your feedback. These will be + announced on the ijbswa-announce list and available from our the files section of our project page.
+11.2.2. + Reporting Bugs
+ +Please report all bugs through our bug tracker: http://sourceforge.net/tracker/?group_id=11118&atid=111118.
+ +Before doing so, please make sure that the bug has not already been submitted and observe + the additional hints at the top of the submit form. If already submitted, please feel free + to add any info to the original report that might help to solve the + issue.
+ +Please try to verify that it is a Privoxy bug, and not a browser or site bug or + documented behaviour that just happens to be different than what you + expected. If unsure, try toggling + off Privoxy, and see if the + problem persists.
+ +If you are using your own custom configuration, please try the + stock configs to see if the problem is configuration related. If + you're having problems with a feature that is disabled by default, + please ask around on the mailing list if others can reproduce the + problem.
+ +If you aren't using the latest Privoxy version, the bug may have + been found and fixed in the meantime. We would appreciate if you + could take the time to upgrade to the latest version (or even the latest CVS + snapshot) and verify that your bug still exists.
+ +Please be sure to provide the following information:
+ +-
+
-
+
The exact Privoxy version you + are using (if you got the source from CVS, please also provide + the source code revisions as shown in http://config.privoxy.org/show-version).
+
+
+ -
+
The operating system and versions you run Privoxy on, (e.g. Windows XP SP2), if you are using a Unix + flavor, sending the output of "uname + -a" should do, in case of GNU/Linux, please also name the + distribution.
+
+
+ -
+
The name, platform, and version of the browser you were using (e.g. Internet Explorer v5.5 for Mac).
+
+
+ -
+
The URL where the problem occurred, or some way for us to + duplicate the problem (e.g. http://somesite.example.com/?somethingelse=123).
+
+
+ -
+
Whether your version of Privoxy is one supplied by the Privoxy developers via SourceForge, or if + you got your copy somewhere else.
+
+
+ -
+
Whether you are using Privoxy + in tandem with another proxy such as Tor. If so, please temporary disable the + other proxy to see if the symptoms change.
+
+
+ -
+
Whether you are using a personal firewall product. If so, does + Privoxy work without it?
+
+
+ -
+
Any other pertinent information to help identify the problem + such as config or log file excerpts (yes, you should have log + file entries for each action taken). To get a meaningful logfile, + please make sure that the logfile + directive is being used and the following debug + options are enabled:
+ ++ debug 1 # Log the destination for each request Privoxy let through. See also debug 1024.
If you + are having trouble with a filter, please additionally enable + +
+ + debug 2 # show each connection status
+ + debug 4 # show I/O status
+ + debug 8 # show header parsing
+ + debug 128 # debug redirects
+ debug 256 # debug GIF de-animation
+ + debug 512 # Common Log Format
+ + debug 1024 # Log the destination for requests Privoxy didn't let through, and the reason why.
+ + debug 4096 # Startup banner and warnings.
+ + debug 8192 # Non-fatal errors+ debug 64 # debug regular expression filters
If + you are using Privoxy 3.0.17 or later and suspect that it + interprets the request or the response incorrectly, please enable + ++ debug 32768 # log all data read from the network
Note + that Privoxy log files may contain sensitive information so + please don't submit any logfiles you didn't read first. You can + mask sensitive information as long as it's clear that you removed + something. +
+
You don't have to tell us your actual name when filing a problem + report, but if you don't, please use a nickname so we can + differentiate between your messages and the ones entered by other + "anonymous" users that may respond to your request if they have the + same problem or already found a solution. Note that due to spam the + trackers may not always allow to post without being logged into + SourceForge. If that's the case, you are still free to create a login + that isn't directly linked to your name, though.
+ +Please also check the status of your request a few days after + submitting it, as we may request additional information. If you use a + SF id, you should automatically get a mail when someone responds to + your request. Please don't bother to add an email address when using + the tracker. If you prefer to communicate through email, just use one + of the mailing lists directly.
+ +If you are new to reporting problems, you might be interested in + How to Report Bugs Effectively.
+ +The appendix of the Privoxy User Manual also has + helpful information on understanding actions, and action + debugging.
+11.3. + Request New Features
+ +You are welcome to submit ideas on new features or other proposals + for improvement through our feature request tracker at http://sourceforge.net/tracker/?atid=361118&group_id=11118.
+11.4. + Mailing Lists
+ +If you prefer to communicate through email, instead of using a web + interface, feel free to use one of the mailing lists. To discuss issues + that haven't been completely diagnosed yet, please use the Privoxy + users list. Technically interested users and people who wish to + contribute to the project are always welcome on the developers list. + You can find an overview of all Privoxy-related mailing lists, including list + archives, at: http://sourceforge.net/mail/?group_id=11118.
++ +
Prev | + +Home | + +Next | +
Privoxy's Template + Files | + ++ + | Privoxy Copyright, License + and History | +
12. Privoxy Copyright, License and History
Copyright Š 2001-2009 by Privoxy Developers <ijbswa-developers@lists.sourceforge.net>
Some source code is based on code Copyright Š 1997 by Anonymous Coders - and Junkbusters, Inc. and licensed under the GNU General Public - License.
12.1. License
Privoxy is free software; you can - redistribute it and/or modify it under the terms of the - GNU General Public License, version 2, - as published by the Free Software Foundation.
This program is distributed in the hope that it will be useful, but WITHOUT - ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
You should have received a copy of the GNU GPL - along with this program; if not, write to the
Free Software
- Foundation, Inc. 51 Franklin Street, Fifth Floor
- Boston, MA 02110-1301
- USA
12.2. History
A long time ago, there was the - Internet Junkbuster, - by Anonymous Coders and Junkbusters - Corporation. This saved many users a lot of pain in the early days of - web advertising and user tracking.
But the web, its protocols and standards, and with it, the techniques for - forcing ads on users, give up autonomy over their browsing, and - for tracking them, keeps evolving. Unfortunately, the Internet - Junkbuster did not. Version 2.0.2, published in 1998, was - (and is) the last official - release - available from Junkbusters Corporation. - Fortunately, it had been released under the GNU - GPL, - which allowed further development by others.
So Stefan Waldherr started maintaining an improved version of the - software, to which eventually a number of people contributed patches. - It could already replace banners with a transparent image, and had a first - version of pop-up killing, but it was still very closely based on the - original, with all its limitations, such as the lack of HTTP/1.1 support, - flexible per-site configuration, or content modification. The last release - from this effort was version 2.0.2-10, published in 2000.
Then, some - developers - picked up the thread, and started turning the software inside out, upside down, - and then reassembled it, adding many - new - features along the way.
The result of this is Privoxy, whose first - stable version, 3.0, was released August, 2002. -
12.3. Authors
Current Privoxy Team:
Fabian Keil, lead developer
- David Schmidt, developer
-
- Hal Burgiss
- Mark Miller
- Gerry Murphy
- Lee Rian
- Roland Rosenfeld
- Jörg Strohmayer
Former Privoxy Team Members:
Johny Agotnes
- Rodrigo Barbosa
- Moritz Barsnick
- Ian Cummings
- Brian Dessent
- Jon Foster
- Karsten Hopp
- Alexander Lazic
- Daniel Leite
- Gábor Lipták
- Adam Lock
- Guy Laroche
- Justin McMurtry
- Andreas Oesterhelt
- Haroon Rafique
- Georg Sauthoff
- Thomas Steudten
- Rodney Stromlund
- Sviatoslav Sviridov
- Sarantis Paskalis
- Stefan Waldherr
Thanks to the many people who have tested Privoxy, reported bugs, provided - patches, made suggestions or contributed in some way. These include (in - alphabetical order):
Ken Arromdee
- Devin Bayer
- Gergely Bor
- Reiner Buehl
- Andrew J. Caines
- Clifford Caoile
- Frédéric Crozat
- Michael T. Davis
- Mattes Dolak
- Matthias Drochner
- Peter E.
- Florian Effenberger
- Markus Elfring
- Dean Gaudet
- Stephen Gildea
- Daniel Griscom
- Felix Gröbert
- Aaron Hamid
- Darel Henman
- Magnus Holmgren
- Eric M. Hopper
- Ralf Horstmann
- Stefan Huehner
- Peter Hyman
- Derek Jennings
- Petr Kadlec
- David Laight
- Bert van Leeuwen
- Don Libes
- Paul Lieverse
- Toby Lyward
- Wil Mahan
- Jindrich Makovicka
- David Mediavilla
- Raphael Moll
- Amuro Namie
- Adam Piggott
- Dan Price
- Roberto Ragusa
- Félix Rauch
- Maynard Riley
- Chung-chieh Shan
- Spinor S.
- Bart Schelstraete
- Oliver Stoeneberg
- Peter Thoenen
- Martin Thomas
- Bobby G. Vinyard
- Jochen Voss
- Glenn Washburn
- Song Weijia
- Jörg Weinmann
- Darren Wiebe
- Anduin Withers
- Oliver Yeoh
- Jamie Zawinski
Privoxy is based in part on code originally developed by - Junkbusters Corp. and Anonymous Coders.
Privoxy heavily relies on Philip Hazel's PCRE.
The code to filter compressed content makes use of zlib - which is written by Jean-loup Gailly and Mark Adler.
On systems that lack snprintf(), Privoxy is using a version - written by Mark Martinec. On systems that lack strptime(), - Privoxy is using the one from the GNU C Library written - by Ulrich Drepper.
12. Privoxy + Copyright, License and History
+ +Copyright © 2001-2011 by Privoxy Developers <ijbswa-developers@lists.sourceforge.net>
Some source code is based on code Copyright © 1997 by Anonymous + Coders and Junkbusters, Inc. and licensed under the GNU General Public License.
+ +12.1. License
+ +Privoxy is free software; you can + redistribute it and/or modify it under the terms of the GNU General Public License, version 2, as published by + the Free Software Foundation.
+ +This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ +You should have received a copy of the GNU + GPL along with this program; if not, write to the
+ + Free Software
+ Foundation, Inc. 51 Franklin
+ Street, Fifth Floor
+ Boston, MA 02110-1301
+ USA
12.2. History
+ +A long time ago, there was the Internet Junkbuster, by Anonymous Coders and + Junkbusters + Corporation. This saved many users a lot of pain in the early days + of web advertising and user tracking.
+ +But the web, its protocols and standards, and with it, the + techniques for forcing ads on users, give up autonomy over their + browsing, and for tracking them, keeps evolving. Unfortunately, the + Internet Junkbuster did not. Version + 2.0.2, published in 1998, was (and is) the last official release available from Junkbusters Corporation. Fortunately, it had been + released under the GNU GPL, which allowed further development by others.
+ +So Stefan Waldherr started maintaining an improved version of the + software, to which eventually a number of people contributed patches. + It could already replace banners with a transparent image, and had a + first version of pop-up killing, but it was still very closely based on + the original, with all its limitations, such as the lack of HTTP/1.1 + support, flexible per-site configuration, or content modification. The + last release from this effort was version 2.0.2-10, published in + 2000.
+ +Then, some developers picked up the thread, and started turning the + software inside out, upside down, and then reassembled it, adding many + new features along the way.
+ +The result of this is Privoxy, + whose first stable version, 3.0, was released August, 2002.
+12.3. Authors
+ +Current Privoxy Team:
+ +
+ Fabian Keil, lead developer
+ David Schmidt, developer
+ Hal Burgiss
+ Lee Rian
+ Roland Rosenfeld
Former Privoxy Team Members:
+ + Johny Agotnes
+ Rodrigo Barbosa
+ Moritz Barsnick
+ Ian Cummings
+ Brian Dessent
+ Jon Foster
+ Karsten Hopp
+ Alexander Lazic
+ Daniel Leite
+ Gábor Lipták
+ Adam Lock
+ Guy Laroche
+ Justin McMurtry
+ Mark Miller
+ Gerry Murphy
+ Andreas Oesterhelt
+ Haroon Rafique
+ Georg Sauthoff
+ Thomas Steudten
+ Jörg Strohmayer
+ Rodney Stromlund
+ Sviatoslav Sviridov
+ Sarantis Paskalis
+ Stefan Waldherr
Thanks to the many people who have tested Privoxy, reported bugs, + provided patches, made suggestions or contributed in some way. These + include (in alphabetical order):
+ + Ken Arromdee
+ Devin Bayer
+ Havard Berland
+ Gergely Bor
+ Francois Botha
+ Reiner Buehl
+ Andrew J. Caines
+ Clifford Caoile
+ Wan-Teh Chang
+ Billy Crook
+ Frédéric Crozat
+ Michael T. Davis
+ Mattes Dolak
+ Matthias Drochner
+ Peter E.
+ Florian Effenberger
+ Markus Elfring
+ Dean Gaudet
+ Stephen Gildea
+ Daniel Griscom
+ Felix Gröbert
+ Jeff H.
+ Aaron Hamid
+ Darel Henman
+ Magnus Holmgren
+ Eric M. Hopper
+ Ralf Horstmann
+ Stefan Huehner
+ Peter Hyman
+ Derek Jennings
+ Petr Kadlec
+ David Laight
+ Bert van Leeuwen
+ Don Libes
+ Paul Lieverse
+ Han Liu
+ Toby Lyward
+ Wil Mahan
+ Jindrich Makovicka
+ Raphael Marichez
+ Francois Marier
+ David Mediavilla
+ Raphael Moll
+ Amuro Namie
+ Adam Piggott
+ Petr Písar
+ Dan Price
+ Roberto Ragusa
+ Félix Rauch
+ Maynard Riley
+ Chung-chieh Shan
+ Spinor S.
+ Bart Schelstraete
+ Dan Stahlke
+ Oliver Stoeneberg
+ Peter Thoenen
+ Martin Thomas
+ Bobby G. Vinyard
+ Jochen Voss
+ Glenn Washburn
+ Song Weijia
+ Jörg Weinmann
+ Darren Wiebe
+ Anduin Withers
+ Oliver Yeoh
+ Jamie Zawinski
Privoxy is based in part on code originally developed by Junkbusters + Corp. and Anonymous Coders.
+ +Privoxy heavily relies on Philip Hazel's PCRE.
+ +The code to filter compressed content makes use of zlib which is + written by Jean-loup Gailly and Mark Adler.
+ +On systems that lack snprintf(), Privoxy is using a version written + by Mark Martinec. On systems that lack strptime(), Privoxy is using the + one from the GNU C Library written by Ulrich Drepper.
++ +
Prev | + +Home | + +Next | +
Contacting the Developers, + Bug Reporting and Feature Requests | + ++ + | See Also | +
9. Filter Files
On-the-fly text substitutions need - to be defined in a "filter file". Once defined, they - can then be invoked as an "action".
Privoxy supports three different filter actions: - filter to - rewrite the content that is send to the client, - client-header-filter - to rewrite headers that are send by the client, and - server-header-filter - to rewrite headers that are send by the server.
Privoxy also supports two tagger actions: - client-header-tagger - and - server-header-tagger. - Taggers and filters use the same syntax in the filter files, the difference - is that taggers don't modify the text they are filtering, but use a rewritten - version of the filtered text as tag. The tags can then be used to change the - applying actions through sections with tag-patterns.
Multiple filter files can be defined through the filterfile config directive. The filters - as supplied by the developers are located in - default.filter. It is recommended that any locally - defined or modified filters go in a separately defined file such as - user.filter. -
Common tasks for content filters are to eliminate common annoyances in - HTML and JavaScript, such as pop-up windows, - exit consoles, crippled windows without navigation tools, the - infamous <BLINK> tag etc, to suppress images with certain - width and height attributes (standard banner sizes or web-bugs), - or just to have fun.
Enabled content filters are applied to any content whose - "Content Type" header is recognised as a sign - of text-based content, with the exception of text/plain. - Use the force-text-mode action - to also filter other content.
Substitutions are made at the source level, so if you want to "roll - your own" filters, you should first be familiar with HTML syntax, - and, of course, regular expressions.
Just like the actions files, the - filter file is organized in sections, which are called filters - here. Each filter consists of a heading line, that starts with one of the - keywords FILTER:, - CLIENT-HEADER-FILTER: or SERVER-HEADER-FILTER: - followed by the filter's name, and a short (one line) - description of what it does. Below that line - come the jobs, i.e. lines that define the actual - text substitutions. By convention, the name of a filter - should describe what the filter eliminates. The - comment is used in the web-based - user interface.
Once a filter called name has been defined - in the filter file, it can be invoked by using an action of the form - +filter{name} - in any actions file.
Filter definitions start with a header line that contains the filter - type, the filter name and the filter description. - A content filter header line for a filter called "foo" could look - like this:
FILTER: foo Replace all "foo" with "bar" |
Below that line, and up to the next header line, come the jobs that - define what text replacements the filter executes. They are specified - in a syntax that imitates Perl's - s/// operator. If you are familiar with Perl, you - will find this to be quite intuitive, and may want to look at the - PCRS documentation for the subtle differences to Perl behaviour. Most - notably, the non-standard option letter U is supported, - which turns the default to ungreedy matching.
If you are new to - "Regular - Expressions", you might want to take a look at - the Appendix on regular expressions, and - see the Perl - manual for - the - s/// operator's syntax and Perl-style regular - expressions in general. - The below examples might also help to get you started.
9.1. Filter File Tutorial
Now, let's complete our "foo" content filter. We have already defined - the heading, but the jobs are still missing. Since all it does is to replace - "foo" with "bar", there is only one (trivial) job - needed:
s/foo/bar/ |
But wait! Didn't the comment say that all occurrences - of "foo" should be replaced? Our current job will only take - care of the first "foo" on each page. For global substitution, - we'll need to add the g option:
s/foo/bar/g |
Our complete filter now looks like this:
FILTER: foo Replace all "foo" with "bar" -s/foo/bar/g |
Let's look at some real filters for more interesting examples. Here you see - a filter that protects against some common annoyances that arise from JavaScript - abuse. Let's look at its jobs one after the other:
FILTER: js-annoyances Get rid of particularly annoying JavaScript abuse + + + + + + ++ |
+
The x option in this job turns on extended + syntax, and allows for e.g. the liberal use of (non-interpreted!) + whitespace for nicer formatting.
+ +You get the idea?
+9.2. The Pre-defined Filters
+ +The distribution default.filter file + contains a selection of pre-defined filters for your convenience:
+ +-
+
- js-annoyances + +
-
+
The purpose of this filter is to get rid of particularly + annoying JavaScript abuse. To that end, it
+ +-
+
-
+
replaces JavaScript references to the browser's referrer + information with the string "Not Your Business!". This + compliments the hide-referrer + action on the content level.
+
+
+ -
+
removes the bindings to the DOM's unload event which we feel has no right to + exist and is responsible for most "exit + consoles", i.e. nasty windows that pop up when you + close another one.
+
+
+ -
+
removes code that causes new windows to be opened with + undesired properties, such as being full-screen, + non-resizeable, without location, status or menu bar etc.
+
+
Use with caution. This is an aggressive filter, and can break + sites that rely heavily on JavaScript.
+
+
+ -
+
- js-events + +
-
+
This is a very radical measure. It removes virtually all + JavaScript event bindings, which means that scripts can not react + to user actions such as mouse movements or clicks, window + resizing etc, anymore. Use with caution!
+ +We strongly + discourage using this filter as a default since it breaks + many legitimate scripts. It is meant for use only on extra-nasty + sites (should you really need to go there).
+
+
+ - html-annoyances + +
-
+
This filter will undo many common instances of HTML based + abuse.
+ +The BLINK and MARQUEE tags are neutralized (yeah baby!), and + browser windows will be created as resizeable (as of course they + should be!), and will have location, scroll and menu bars -- even + if specified otherwise.
+
+
+ - content-cookies + +
-
+
Most cookies are set in the HTTP dialog, where they can be + intercepted by the crunch-incoming-cookies + and crunch-outgoing-cookies + actions. But web sites increasingly make use of HTML meta tags + and JavaScript to sneak cookies to the browser on the content + level.
+ +This filter disables most HTML and JavaScript code that reads + or sets cookies. It cannot detect all clever uses of these types + of code, so it should not be relied on as an absolute fix. Use it + wherever you would also use the cookie crunch actions.
+
+
+ - refresh tags + +
-
+
Disable any refresh tags if the interval is greater than nine + seconds (so that redirections done via refresh tags are not + destroyed). This is useful for dial-on-demand setups, or for + those who find this HTML feature annoying.
+
+
+ - unsolicited-popups + +
-
+
This filter attempts to prevent only "unsolicited" pop-up windows from opening, yet + still allow pop-up windows that the user has explicitly chosen to + open. It was added in version 3.0.1, as an improvement over + earlier such filters.
+ +Technical note: The filter works by redefining the window.open + JavaScript function to a dummy function, PrivoxyWindowOpen(), during the loading and + rendering phase of each HTML page access, and restoring the + function afterward.
+ +This is recommended only for browsers that cannot perform this + function reliably themselves. And be aware that some sites + require such windows in order to function normally. Use with + caution.
+
+
+ - all-popups + +
-
+
Attempt to prevent all pop-up windows from opening. + Note this should be used with even more discretion than the + above, since it is more likely to break some sites that require + pop-ups for normal usage. Use with caution.
+
+
+ - img-reorder + +
-
+
This is a helper filter that has no value if used alone. It + makes the banners-by-size and banners-by-link (see below) filters more effective + and should be enabled together with them.
+
+
+ - banners-by-size + +
-
+
This filter removes image tags purely based on what size they + are. Fortunately for us, many ads and banner images tend to + conform to certain standardized sizes, which makes this filter + quite effective for ad stripping purposes.
+ +Occasionally this filter will cause false positives on images + that are not ads, but just happen to be of one of the standard + banner sizes.
+ +Recommended only for those who require extreme ad blocking. + The default block rules should catch 95+% of all ads without this filter enabled.
+
+
+ - banners-by-link + +
-
+
This is an experimental filter that attempts to kill any + banners if their URLs seem to point to known or suspected click + trackers. It is currently not of much value and is not + recommended for use by default.
+
+
+ - webbugs + +
-
+
Webbugs are small, invisible images (technically 1X1 GIF + images), that are used to track users across websites, and + collect information on them. As an HTML page is loaded by the + browser, an embedded image tag causes the browser to contact a + third-party site, disclosing the tracking information through the + requested URL and/or cookies for that third-party domain, without + the user ever becoming aware of the interaction with the + third-party site. HTML-ized spam also uses a similar technique to + verify email addresses.
+ +This filter removes the HTML code that loads such "webbugs".
+
+
+ - tiny-textforms + +
-
+
A rather special-purpose filter that can be used to enlarge + textareas (those multi-line text boxes in web forms) and turn off + hard word wrap in them. It was written for the sourceforge.net + tracker system where such boxes are a nuisance, but it can be + handy on other sites, too.
+ +It is not recommended to use this filter as a default.
+
+
+ - jumping-windows + +
-
+
Many consider windows that move, or resize themselves to be + abusive. This filter neutralizes the related JavaScript code. + Note that some sites might not display or behave as intended when + using this filter. Use with caution.
+
+
+ - frameset-borders + +
-
+
Some web designers seem to assume that everyone in the world + will view their web sites using the same browser brand and + version, screen resolution etc, because only that assumption + could explain why they'd use static frame sizes, yet prevent + their frames from being resized by the user, should they be too + small to show their whole content.
+ +This filter removes the related HTML code. It should only be + applied to sites which need it.
+
+
+ - demoronizer + +
-
+
Many Microsoft products that generate HTML use non-standard + extensions (read: violations) of the ISO 8859-1 aka Latin-1 + character set. This can cause those HTML documents to display + with errors on standard-compliant platforms.
+ +This filter translates the MS-only characters into Latin-1 + equivalents. It is not necessary when using MS products, and will + cause corruption of all documents that use 8-bit character sets + other than Latin-1. It's mostly worthwhile for Europeans on + non-MS platforms, if weird garbage characters sometimes appear on + some pages, or user agents that don't correct for this on the + fly.
+
+
+ - shockwave-flash + +
-
+
A filter for shockwave haters. As the name suggests, this + filter strips code out of web pages that is used to embed + shockwave flash objects.
+
+
+ - quicktime-kioskmode + +
-
+
Change HTML code that embeds Quicktime objects so that + kioskmode, which prevents saving, is disabled.
+
+
+ - fun + +
-
+
Text replacements for subversive browsing fun. Make fun of + your favorite Monopolist or play buzzword bingo.
+
+
+ - crude-parental + +
-
+
A demonstration-only filter that shows how Privoxy can be used to delete web content on + a keyword basis.
+
+
+ - ie-exploits + +
-
+
An experimental collection of text replacements to disable + malicious HTML and JavaScript code that exploits known security + holes in Internet Explorer.
+ +Presently, it only protects against Nimda and a cross-site + scripting bug, and would need active maintenance to provide more + substantial protection.
+
+
+ - site-specifics + +
-
+
Some web sites have very specific problems, the cure for which + doesn't apply anywhere else, or could even cause damage on other + sites.
+ +This is a collection of such site-specific cures which should + only be applied to the sites they were intended for, which is + what the supplied default.action file + does. Users shouldn't need to change anything regarding this + filter.
+
+
+ -
+
A CSS based block for Google text ads. Also removes a width + limitation and the toolbar advertisement.
+
+
+ - yahoo + +
-
+
Another CSS based block, this time for Yahoo text ads. And + removes a width limitation as well.
+
+
+ - msn + +
-
+
Another CSS based block, this time for MSN text ads. And + removes tracking URLs, as well as a width limitation.
+
+
+ - blogspot + +
-
+
Cleans up some Blogspot blogs. Read the fine print before + using this one!
+ +This filter also intentionally removes some navigation stuff + and sets the page width to 100%. As a result, some rounded + "corners" would appear to early or not + at all and as fixing this would require a browser that + understands background-size (CSS3), they are removed instead.
+
+
+ - xml-to-html + +
-
+
Server-header filter to change the Content-Type from xml to + html.
+
+
+ - html-to-xml + +
-
+
Server-header filter to change the Content-Type from html to + xml.
+
+
+ - no-ping + +
-
+
Removes the non-standard ping + attribute from anchor and area HTML tags.
+
+
+ - hide-tor-exit-notation + +
-
+
Client-header filter to remove the Tor + exit node notation found in Host and Referer headers.
+ +If Privoxy and Tor are chained and Privoxy is configured to use socks4a, one + can use "http://www.example.org.foobar.exit/" to access + the host "www.example.org" through the + Tor exit node "foobar".
+ +As the HTTP client isn't aware of this notation, it treats the + whole string "www.example.org.foobar.exit" as host and uses it + for the "Host" and "Referer" headers. From the server's point of view + the resulting headers are invalid and can cause problems.
+ +An invalid "Referer" header can + trigger "hot-linking" protections, an + invalid "Host" header will make it + impossible for the server to find the right vhost (several + domains hosted on the same IP address).
+ +This client-header filter removes the "foo.exit" part in those headers to prevent the + mentioned problems. Note that it only modifies the HTTP headers, + it doesn't make it impossible for the server to detect your + Tor exit node based on the IP address the + request is coming from.
+
+
Privoxy 3.0.12 User Manual
Copyright Š 2001-2009 by
- Privoxy Developers
-
$Id: index.html,v 1.60 2009/03/21 12:58:53 fabiankeil Exp $
The Privoxy User Manual gives users information on how to - install, configure and use Privoxy. -
Privoxy is a non-caching web proxy with advanced filtering capabilities - for enhancing privacy, modifying web page data and HTTP headers, controlling - access, and removing ads and other obnoxious Internet junk. Privoxy has a - flexible configuration and can be customized to suit individual needs and tastes. - It has application for both stand-alone systems and multi-user networks.
Privoxy is Free Software and licensed under the GPL2.
Privoxy is an associated project of Software in the Public Interest (SPI). - Donations are welcome.
You can find the latest version of the Privoxy User Manual at http://www.privoxy.org/user-manual/. - Please see the Contact section on how to - contact the developers. -
- Table of Contents
- 1. Introduction
- 1.1. Features
- 2. Installation
- 2.1. Binary Packages
- 2.1.1. Red Hat and Fedora RPMs
- 2.1.2. Debian and Ubuntu
- 2.1.3. Windows
- 2.1.4. Solaris
- 2.1.5. OS/2
- 2.1.6. Mac OS X
- 2.1.7. AmigaOS
- 2.1.8. FreeBSD
- 2.1.9. Gentoo
- 2.2. Building from Source
- 2.3. Keeping your Installation Up-to-Date
- 3. What's New in this Release
- 3.1. Note to Upgraders
- 4. Quickstart to Using Privoxy
- 5. Starting Privoxy
- 5.1. Red Hat and Fedora
- 5.2. Debian
- 5.3. Windows
- 5.4. Solaris, NetBSD, FreeBSD, HP-UX and others
- 5.5. OS/2
- 5.6. Mac OS X
- 5.7. AmigaOS
- 5.8. Gentoo
- 5.9. Command Line Options
- 6. Privoxy Configuration
- 7. The Main Configuration File
- 7.1. Local Set-up Documentation
- 7.1.1. user-manual
- 7.1.2. trust-info-url
- 7.1.3. admin-address
- 7.1.4. proxy-info-url
- 7.2. Configuration and Log File Locations
- 7.2.1. confdir
- 7.2.2. templdir
- 7.2.3. logdir
- 7.2.4. actionsfile
- 7.2.5. filterfile
- 7.2.6. logfile
- 7.2.7. trustfile
- 7.3. Debugging
- 7.3.1. debug
- 7.3.2. single-threaded
- 7.3.3. hostname
- 7.4. Access Control and Security
- 7.4.1. listen-address
- 7.4.2. toggle
- 7.4.3. enable-remote-toggle
- 7.4.4. enable-remote-http-toggle
- 7.4.5. enable-edit-actions
- 7.4.6. enforce-blocks
- 7.4.7. ACLs: permit-access and deny-access
- 7.4.8. buffer-limit
- 7.5. Forwarding
- 7.5.1. forward
- 7.5.2. forward-socks4, forward-socks4a and forward-socks5
- 7.5.3. Advanced Forwarding Examples
- 7.5.4. forwarded-connect-retries
- 7.5.5. accept-intercepted-requests
- 7.5.6. allow-cgi-request-crunching
- 7.5.7. split-large-forms
- 7.5.8. keep-alive-timeout
- 7.5.9. socket-timeout
- 7.6. Windows GUI Options
- 8. Actions Files
- 8.1. Finding the Right Mix
- 8.2. How to Edit
- 8.3. How Actions are Applied to Requests
- 8.4. Patterns
- 8.4.1. The Domain Pattern
- 8.4.2. The Path Pattern
- 8.4.3. The Tag Pattern
- 8.5. Actions
- 8.5.1. add-header
- 8.5.2. block
- 8.5.3. change-x-forwarded-for
- 8.5.4. client-header-filter
- 8.5.5. client-header-tagger
- 8.5.6. content-type-overwrite
- 8.5.7. crunch-client-header
- 8.5.8. crunch-if-none-match
- 8.5.9. crunch-incoming-cookies
- 8.5.10. crunch-server-header
- 8.5.11. crunch-outgoing-cookies
- 8.5.12. deanimate-gifs
- 8.5.13. downgrade-http-version
- 8.5.14. fast-redirects
- 8.5.15. filter
- 8.5.16. force-text-mode
- 8.5.17. forward-override
- 8.5.18. handle-as-empty-document
- 8.5.19. handle-as-image
- 8.5.20. hide-accept-language
- 8.5.21. hide-content-disposition
- 8.5.22. hide-if-modified-since
- 8.5.23. hide-from-header
- 8.5.24. hide-referrer
- 8.5.25. hide-user-agent
- 8.5.26. limit-connect
- 8.5.27. prevent-compression
- 8.5.28. overwrite-last-modified
- 8.5.29. redirect
- 8.5.30. server-header-filter
- 8.5.31. server-header-tagger
- 8.5.32. session-cookies-only
- 8.5.33. set-image-blocker
- 8.5.34. Summary
- 8.6. Aliases
- 8.7. Actions Files Tutorial
- 8.7.1. match-all.action
- 8.7.2. default.action
- 8.7.3. user.action
- 9. Filter Files
- 10. Privoxy's Template Files
- 11. Contacting the Developers, Bug Reporting and Feature -Requests
- 11.1. Get Support
- 11.2. Reporting Problems
- 11.2.1. Reporting Ads or Other Configuration Problems
- 11.2.2. Reporting Bugs
- 11.3. Request New Features
- 11.4. Other
- 12. Privoxy Copyright, License and History
- 13. See Also
- 14. Appendix
- 14.1. Regular Expressions
- 14.2. Privoxy's Internal Pages
- 14.2.1. Bookmarklets
- 14.3. Chain of Events
- 14.4. Troubleshooting: Anatomy of an Action
Next | ||
Introduction |
Privoxy 3.0.19 User + Manual
+ +Copyright ©
+ 2001-2011 by Privoxy
+ Developers
$Id: user-manual.sgml,v 2.143 2011/11/20 17:16:36
+ fabiankeil Exp $
The Privoxy User Manual gives users + information on how to install, configure and use Privoxy.
+ +Privoxy is a non-caching web proxy with advanced filtering + capabilities for enhancing privacy, modifying web page data and HTTP + headers, controlling access, and removing ads and other obnoxious + Internet junk. Privoxy has a flexible configuration and can be + customized to suit individual needs and tastes. It has application + for both stand-alone systems and multi-user networks.
+ +Privoxy is Free Software and licensed under the GNU GPLv2.
+ +Privoxy is an associated project of Software in the Public + Interest (SPI).
+ +Helping hands and donations are welcome:
+ +-
+
- + + + +
- + + +
You can find the latest version of the Privoxy User Manual at http://www.privoxy.org/user-manual/. Please see the + Contact section on how to contact the + developers.
++
-
+
- Table of Contents + +
- 1. Introduction + +
-
+
-
+
- 1.1. Features +
+
+ - 2. Installation + +
-
+
-
+
- 2.1. Binary + Packages + +
-
+
-
+
- 2.1.1. Red Hat and Fedora + RPMs + +
- 2.1.2. Debian and + Ubuntu + +
- 2.1.3. Windows + +
- 2.1.4. Solaris + +
- 2.1.5. OS/2 + +
- 2.1.6. Mac + OS X + +
- 2.1.7. AmigaOS + +
- 2.1.8. FreeBSD + +
- 2.1.9. Gentoo +
+
+ - 2.2. Building + from Source + +
- 2.3. Keeping your + Installation Up-to-Date +
+
+ - 3. What's New in this Release + +
-
+
-
+
- 3.1. Note to + Upgraders +
+
+ - 4. Quickstart to Using Privoxy + +
-
+
-
+
- 4.1. Quickstart to Ad + Blocking +
+
+ - 5. Starting Privoxy + +
-
+
-
+
- 5.1. Red Hat and + Fedora + +
- 5.2. Debian + +
- 5.3. Windows + +
- 5.4. Solaris, NetBSD, + FreeBSD, HP-UX and others + +
- 5.5. OS/2 + +
- 5.6. Mac OS X + +
- 5.7. AmigaOS + +
- 5.8. Gentoo + +
- 5.9. Command Line + Options +
+
+ - 6. Privoxy Configuration + +
-
+
-
+
- 6.1. Controlling Privoxy + with Your Web Browser + +
- 6.2. Configuration + Files Overview +
+
+ - 7. The Main Configuration File + +
-
+
-
+
- 7.1. Local Set-up + Documentation + +
-
+
-
+
- 7.1.1. user-manual + +
- 7.1.2. trust-info-url + +
- 7.1.3. admin-address + +
- 7.1.4. proxy-info-url +
+
+ - 7.2. Configuration and Log + File Locations + +
-
+
-
+
- 7.2.1. confdir + +
- 7.2.2. templdir + +
- 7.2.3. logdir + +
- 7.2.4. actionsfile + +
- 7.2.5. filterfile + +
- 7.2.6. logfile + +
- 7.2.7. trustfile +
+
+ - 7.3. Debugging + +
-
+
-
+
- 7.3.1. debug + +
- 7.3.2. single-threaded + +
- 7.3.3. hostname +
+
+ - 7.4. Access Control and + Security + +
-
+
-
+
- 7.4.1. listen-address + +
- 7.4.2. toggle + +
- 7.4.3. enable-remote-toggle + +
- 7.4.4. enable-remote-http-toggle + +
- 7.4.5. enable-edit-actions + +
- 7.4.6. enforce-blocks + +
- 7.4.7. ACLs: permit-access and + deny-access + +
- 7.4.8. buffer-limit +
+
+ - 7.5. Forwarding + +
-
+
-
+
- 7.5.1. forward + +
- 7.5.2. forward-socks4, + forward-socks4a and forward-socks5 + +
- 7.5.3. Advanced + Forwarding Examples + +
- 7.5.4. forwarded-connect-retries +
+
+ - 7.6. Miscellaneous + +
-
+
-
+
- 7.6.1. accept-intercepted-requests + +
- 7.6.2. allow-cgi-request-crunching + +
- 7.6.3. split-large-forms + +
- 7.6.4. keep-alive-timeout + +
- 7.6.5. default-server-timeout + +
- 7.6.6. connection-sharing + +
- 7.6.7. socket-timeout + +
- 7.6.8. max-client-connections + +
- 7.6.9. handle-as-empty-doc-returns-ok + +
- 7.6.10. enable-compression + +
- 7.6.11. compression-level +
+
+ - 7.7. Windows GUI + Options +
+
+ - 8. Actions Files + +
-
+
-
+
- 8.1. Finding the Right + Mix + +
- 8.2. How to Edit + +
- 8.3. How Actions + are Applied to Requests + +
- 8.4. Patterns + +
-
+
-
+
- 8.4.1. The Domain + Pattern + +
- 8.4.2. The Path + Pattern + +
- 8.4.3. The Tag + Pattern +
+
+ - 8.5. Actions + +
-
+
-
+
- 8.5.1. add-header + +
- 8.5.2. block + +
- 8.5.3. change-x-forwarded-for + +
- 8.5.4. client-header-filter + +
- 8.5.5. client-header-tagger + +
- 8.5.6. content-type-overwrite + +
- 8.5.7. crunch-client-header + +
- 8.5.8. crunch-if-none-match + +
- 8.5.9. crunch-incoming-cookies + +
- 8.5.10. crunch-server-header + +
- 8.5.11. crunch-outgoing-cookies + +
- 8.5.12. deanimate-gifs + +
- 8.5.13. downgrade-http-version + +
- 8.5.14. fast-redirects + +
- 8.5.15. filter + +
- 8.5.16. force-text-mode + +
- 8.5.17. forward-override + +
- 8.5.18. handle-as-empty-document + +
- 8.5.19. handle-as-image + +
- 8.5.20. hide-accept-language + +
- 8.5.21. hide-content-disposition + +
- 8.5.22. hide-if-modified-since + +
- 8.5.23. hide-from-header + +
- 8.5.24. hide-referrer + +
- 8.5.25. hide-user-agent + +
- 8.5.26. limit-connect + +
- 8.5.27. prevent-compression + +
- 8.5.28. overwrite-last-modified + +
- 8.5.29. redirect + +
- 8.5.30. server-header-filter + +
- 8.5.31. server-header-tagger + +
- 8.5.32. session-cookies-only + +
- 8.5.33. set-image-blocker + +
- 8.5.34. Summary +
+
+ - 8.6. Aliases + +
- 8.7. Actions Files + Tutorial + +
-
+
-
+
- 8.7.1. match-all.action + +
- 8.7.2. default.action + +
- 8.7.3. user.action +
+
+
+ - 9. Filter Files + +
-
+
-
+
- 9.1. Filter File + Tutorial + +
- 9.2. The + Pre-defined Filters +
+
+ - 10. Privoxy's Template Files + +
- 11. Contacting the Developers, Bug + Reporting and Feature Requests + +
-
+
-
+
- 11.1. Get + Support + +
- 11.2. Reporting + Problems + +
-
+
-
+
- 11.2.1. Reporting Ads + or Other Configuration Problems + +
- 11.2.2. Reporting + Bugs +
+
+ - 11.3. Request New + Features + +
- 11.4. Mailing + Lists +
+
+ - 12. Privoxy Copyright, License and + History + +
- + + + +
- 13. See Also + +
- 14. Appendix + +
-
+
-
+
- 14.1. Regular + Expressions + +
- 14.2. Privoxy's Internal + Pages + +
-
+
-
+
- 14.2.1. Bookmarklets +
+
+ - 14.3. Chain of Events + +
- 14.4. Troubleshooting: + Anatomy of an Action +
+
+ +
+ + | + + | Next | +
+ + | + + | Introduction | +
2. Installation
Privoxy is available both in convenient pre-compiled - packages for a wide range of operating systems, and as raw source code. - For most users, we recommend using the packages, which can be downloaded from our - Privoxy Project - Page.
Note: - On some platforms, the installer may remove previously installed versions, if - found. (See below for your platform). In any case be sure to backup - your old configuration if it is valuable to you. See the note to upgraders section below.
2.1. Binary Packages
How to install the binary packages depends on your operating system:
2.1.1. Red Hat and Fedora RPMs
RPMs can be installed with rpm -Uvh privoxy-3.0.12-1.rpm, - and will use /etc/privoxy for the location - of configuration files.
Note that on Red Hat, Privoxy will - not be automatically started on system boot. You will - need to enable that using chkconfig, - ntsysv, or similar methods.
If you have problems with failed dependencies, try rebuilding the SRC RPM: - rpm --rebuild privoxy-3.0.12-1.src.rpm. This - will use your locally installed libraries and RPM version.
Also note that if you have a Junkbuster RPM installed - on your system, you need to remove it first, because the packages conflict. - Otherwise, RPM will try to remove Junkbuster - automatically if found, before installing Privoxy.
2.1.2. Debian and Ubuntu
DEBs can be installed with apt-get install privoxy, - and will use /etc/privoxy for the location of - configuration files.
2.1.3. Windows
Just double-click the installer, which will guide you through - the installation process. You will find the configuration files - in the same directory as you installed Privoxy in.
Version 3.0.5 beta introduced full Windows service - functionality. On Windows only, the Privoxy - program has two new command line arguments to install and uninstall - Privoxy as a service.
- Arguments:
--install[:service_name] -
--uninstall[:service_name] -
After invoking Privoxy with - --install, you will need to bring up the - Windows service console to assign the user you - want Privoxy to run under, and whether or not you - want it to run whenever the system starts. You can start the - Windows services console with the following - command: services.msc. If you do not take the manual step - of modifying Privoxy's service settings, it will - not start. Note too that you will need to give Privoxy a user account that - actually exists, or it will not be permitted to - write to its log and configuration files.
2.1.4. Solaris
Create a new directory, cd to it, then unzip and - untar the archive. For the most part, you'll have to figure out where - things go.
2.1.5. OS/2
First, make sure that no previous installations of - Junkbuster and / or - Privoxy are left on your - system. Check that no Junkbuster - or Privoxy objects are in - your startup folder.
Then, just double-click the WarpIN self-installing archive, which will - guide you through the installation process. A shadow of the - Privoxy executable will be placed in your - startup folder so it will start automatically whenever OS/2 starts.
The directory you choose to install Privoxy - into will contain all of the configuration files.
2.1.6. Mac OS X
Unzip the downloaded file (you can either double-click on the zip file - icon from the Finder, or from the desktop if you downloaded it there). - Then, double-click on the package installer icon and follow the - installation process.
The privoxy service will automatically start after a successful - installation (in addition to every time your computer starts up). To - prevent the privoxy service from automatically starting when your - computer starts up, remove or rename the folder named - /Library/StartupItems/Privoxy.
To manually start or stop the privoxy service, use the Privoxy Utility - for Mac OS X. This application controls the privoxy service (e.g. - starting and stopping the service as well as uninstalling the software).
2.1.7. AmigaOS
Copy and then unpack the lha archive to a suitable location. - All necessary files will be installed into Privoxy - directory, including all configuration and log files. To uninstall, just - remove this directory.
2.1.8. FreeBSD
Privoxy is part of FreeBSD's Ports Collection, you can build and install - it with cd /usr/ports/www/privoxy; make install clean.
If you don't use the ports, you can fetch and install - the package with pkg_add -r privoxy.
The port skeleton and the package can also be downloaded from the - File Release - Page, but there's no reason to use them unless you're interested in the - beta releases which are only available there.
2.1.9. Gentoo
Gentoo source packages (Ebuilds) for Privoxy are - contained in the Gentoo Portage Tree (they are not on the download page, - but there is a Gentoo section, where you can see when a new - Privoxy Version is added to the Portage Tree).
Before installing Privoxy under Gentoo just do - first emerge --sync to get the latest changes from the - Portage tree. With emerge privoxy you install the latest - version.
Configuration files are in /etc/privoxy, the - documentation is in /usr/share/doc/privoxy-3.0.12 - and the Log directory is in /var/log/privoxy.
2.2. Building from Source
The most convenient way to obtain the Privoxy sources - is to download the source tarball from our - project download - page.
If you like to live on the bleeding edge and are not afraid of using - possibly unstable development versions, you can check out the up-to-the-minute - version directly from the - CVS repository.
To build Privoxy from source, - autoconf, - GNU make - (gmake), and, of course, a C compiler like gcc are required.
When building from a source tarball, - first unpack the source:
tar xzvf privoxy-3.0.12-stable-src.tar.gz - cd privoxy-3.0.12-stable |
For retrieving the current CVS sources, you'll need a CVS client installed. - Note that sources from CVS are typically development quality, and may not be - stable, or well tested. To download CVS source, check the Sourceforge - documentation, which might give commands like:
cvs -d:pserver:anonymous@ijbswa.cvs.sourceforge.net:/cvsroot/ijbswa login + + + + + + ++ |
+
Using GNU make, you can have the first four + steps automatically done for you by just typing:
+ +
+ + make ++ |
+
in the freshly downloaded or unpacked source directory.
+ +To build an executable with security enhanced features so that users + cannot easily bypass the proxy (e.g. "Go There + Anyway"), or alter their own configurations, configure like this:
+ +
+ + ./configure --disable-toggle --disable-editor --disable-force ++ |
+
Then build as above. In Privoxy 3.0.7 and later, all of these + options can also be disabled through the configuration file.
+ +WARNING: If installing as + root, the install will fail unless a non-root user or group is + specified, or a privoxy user and group already + exist on the system. If a non-root user is specified, and no group, + then the installation will try to also use a group of the same name as + "user". If a group is specified (and no + user), then the support files will be installed as writable by that + group, and owned by the user running the installation.
+ +configure accepts --with-user and --with-group + options for setting user and group ownership of the configuration files + (which need to be writable by the daemon). The specified user must already exist. When starting + Privoxy, it must be run as this same + user to insure write access to configuration and log files!
+ +Alternately, you can specify user and + group on the make + command line, but be sure both already exist:
+ +
+ + make -s install USER=privoxy GROUP=privoxy ++ |
+
The default installation path for make + install is /usr/local. This may of course + be customized with the various ./configure path + options. If you are doing an install to anywhere besides /usr/local, be sure to set the appropriate paths with + the correct configure options (./configure + --help). Non-privileged users must of course have write access + permissions to wherever the target installation is going.
+ +If you do install to /usr/local, the + install will use sysconfdir=$prefix/etc/privoxy by default. All other + destinations, and the direct usage of --sysconfdir flag behave like normal, i.e. will not add + the extra privoxy directory. This is for a + safer install, as there may already exist another program that uses a + file with the "config" name, and thus makes + /usr/local/etc cleaner.
+ +If installing to /usr/local, the + documentation will go by default to $prefix/share/doc. But if this directory doesn't exist, + it will then try $prefix/doc and install + there before creating a new $prefix/share/doc + just for Privoxy.
+ +Again, if the installs goes to /usr/local, + the localstatedir (ie: var/) will default to /var + instead of $prefix/var so the logs will go to + /var/log/privoxy/, and the pid file will be + created in /var/run/privoxy.pid.
+ +make install will attempt to set the correct + values in config (main configuration file). + You should check this to make sure all values are correct. If + appropriate, an init script will be installed, but it is up to the user + to determine how and where to start Privoxy. The init script should be checked for + correct paths and values, if anything other than a default install is + done.
+ +If install finds previous versions of local configuration files, + most of these will not be overwritten, and the new ones will be + installed with a "new" extension. + default.action and default.filter will be overwritten. You will then need + to manually update the other installed configuration files as needed. + The default template files will be overwritten. If you have + customized, local templates, these should be stored safely in a + separate directory and defined in config by + the "templdir" directive. It is of course + wise to always back-up any important configuration files "just in case". If a previous version of Privoxy is already running, you will have to + restart it manually.
+ +For more detailed instructions on how to build Redhat RPMs, Windows + self-extracting installers, building on platforms with special + requirements etc, please consult the developer manual.
+2.3. Keeping your Installation + Up-to-Date
+ +As user feedback comes in and development continues, we will make + updated versions of both the main actions + file (as a separate package) and the software itself (including + the actions file) available for download.
+ +If you wish to receive an email notification whenever we release + updates of Privoxy or the actions + file, subscribe to our announce mailing list, + ijbswa-announce@lists.sourceforge.net.
+ +In order not to lose your personal changes and adjustments when + updating to the latest default.action file we + strongly recommend that you + use user.action and user.filter for your local customizations of + Privoxy. See the Chapter on actions files for details.
+1. Introduction
This documentation is included with the current stable version of - Privoxy, v.3.0.12.
1.1. Features
In addition to the core - features of ad blocking and - cookie management, - Privoxy provides many supplemental - features, - that give the end-user more control, more privacy and more freedom:
Can keep outgoing connections alive and reuse them later on. -
Supports tagging which allows to change the behaviour - based on client and server headers. -
Can be run as an "intercepting" proxy, which obviates the need to - configure browsers individually. -
Sophisticated actions and filters for manipulating both server and client - headers. -
Can be chained with other proxies. -
Integrated browser based configuration and control utility at http://config.privoxy.org/ - (shortcut: http://p.p/). Browser-based - tracing of rule and filter effects. Remote toggling. -
Web page filtering (text replacements, removes banners based on size, - invisible "web-bugs", JavaScript and HTML annoyances, - pop-up windows, etc.) -
Modularized configuration that allows for standard settings and - user settings to reside in separate files, so that installing updated - actions files won't overwrite individual user settings. -
Support for Perl Compatible Regular Expressions in the configuration files, and - a more sophisticated and flexible configuration syntax. -
Improved cookie management features (e.g. session based cookies). -
GIF de-animation. -
Bypass many click-tracking scripts (avoids script redirection). -
Multi-threaded (POSIX and native threads). -
User-customizable HTML templates for most proxy-generated pages (e.g. "blocked" page). -
Auto-detection and re-reading of config file changes. -
Improved signal handling, and a true daemon mode (Unix). -
Every feature now controllable on a per-site or per-location basis, configuration - more powerful and versatile over-all. -
Many smaller new features added, limitations and bugs removed. -
1. + Introduction
+ +This documentation is included with the current stable version of + Privoxy, v.3.0.19.
+ +1.1. + Features
+ +In addition to the core features of ad blocking and cookie + management, Privoxy provides many + supplemental features, that give the end-user more control, more + privacy and more freedom:
+ +-
+
-
+
Supports "Connection: keep-alive". Outgoing connections can be + kept alive independently from the client.
+
+
+ -
+
Supports IPv6, provided the operating system does so too, and + the configure script detects it.
+
+
+ -
+
Supports tagging which allows to change the behaviour based on + client and server headers.
+
+
+ -
+
Can be run as an "intercepting" proxy, which obviates the need + to configure browsers individually.
+
+
+ -
+
Sophisticated actions and filters for manipulating both server + and client headers.
+
+
+ -
+
Can be chained with other proxies.
+
+
+ -
+
Integrated browser-based configuration and control utility at + http://config.privoxy.org/ (shortcut: http://p.p/). Browser-based tracing + of rule and filter effects. Remote toggling.
+
+
+ -
+
Web page filtering (text replacements, removes banners based on + size, invisible "web-bugs" and HTML + annoyances, etc.)
+
+
+ -
+
Modularized configuration that allows for standard settings and + user settings to reside in separate files, so that installing + updated actions files won't overwrite individual user settings.
+
+
+ -
+
Support for Perl Compatible Regular Expressions in the + configuration files, and a more sophisticated and flexible + configuration syntax.
+
+
+ -
+
GIF de-animation.
+
+
+ -
+
Bypass many click-tracking scripts (avoids script + redirection).
+
+
+ -
+
User-customizable HTML templates for most proxy-generated pages + (e.g. "blocked" page).
+
+
+ -
+
Auto-detection and re-reading of config file changes.
+
+
+ -
+
Most features are controllable on a per-site or per-location + basis.
+
+
+ -
+
Many smaller new features added, limitations and bugs + removed.
+
+
4. Quickstart to Using Privoxy
Install Privoxy. See the Installation Section below for platform specific - information. -
Advanced users and those who want to offer Privoxy - service to more than just their local machine should check the main config file, especially the security-relevant options. These are - off by default. -
Start Privoxy, if the installation program has - not done this already (may vary according to platform). See the section - Starting Privoxy. -
Set your browser to use Privoxy as HTTP and - HTTPS (SSL) proxy - by setting the proxy configuration for address of - 127.0.0.1 and port 8118. - DO NOT activate proxying for FTP or - any protocols besides HTTP and HTTPS (SSL) unless you intend to prevent your - browser from using these protocols. -
Flush your browser's disk and memory caches, to remove any cached ad images. - If using Privoxy to manage - cookies, - you should remove any currently stored cookies too. -
A default installation should provide a reasonable starting point for - most. There will undoubtedly be occasions where you will want to adjust the - configuration, but that can be dealt with as the need arises. Little - to no initial configuration is required in most cases, you may want - to enable the - web-based action editor though. - Be sure to read the warnings first. -
See the Configuration section for more - configuration options, and how to customize your installation. - You might also want to look at the next section for a quick - introduction to how Privoxy blocks ads and - banners.
If you experience ads that slip through, innocent images that are - blocked, or otherwise feel the need to fine-tune - Privoxy's behavior, take a look at the actions files. As a quick start, you might - find the richly commented examples - helpful. You can also view and edit the actions files through the web-based user interface. The - Appendix "Troubleshooting: Anatomy of an - Action" has hints on how to understand and debug actions that - "misbehave". -
Please see the section Contacting the - Developers on how to report bugs, problems with websites or to get - help. -
Now enjoy surfing with enhanced control, comfort and privacy! -
4.1. Quickstart to Ad Blocking
Ad blocking is but one of Privoxy's - array of features. Many of these features are for the technically minded advanced - user. But, ad and banner blocking is surely common ground for everybody.
- This section will provide a quick summary of ad blocking so - you can get up to speed quickly without having to read the more extensive - information provided below, though this is highly recommended.
First a bit of a warning ... blocking ads is much like blocking SPAM: the - more aggressive you are about it, the more likely you are to block - things that were not intended. And the more likely that some things - may not work as intended. So there is a trade off here. If you want - extreme ad free browsing, be prepared to deal with more - "problem" sites, and to spend more time adjusting the - configuration to solve these unintended consequences. In short, there is - not an easy way to eliminate all ads. Either take - the easy way and settle for most ads blocked with the - default configuration, or jump in and tweak it for your personal surfing - habits and preferences.
Secondly, a brief explanation of Privoxy's - "actions". "Actions" in this context, are - the directives we use to tell Privoxy to perform - some task relating to HTTP transactions (i.e. web browsing). We tell - Privoxy to take some "action". Each - action has a unique name and function. While there are many potential - actions in Privoxy's - arsenal, only a few are used for ad blocking. Actions, and action - configuration files, are explained in depth below.
Actions are specified in Privoxy's configuration, - followed by one or more URLs to which the action should apply. URLs - can actually be URL type patterns that use - wildcards so they can apply potentially to a range of similar URLs. The - actions, together with the URL patterns are called a section.
When you connect to a website, the full URL will either match one or more - of the sections as defined in Privoxy's configuration, - or not. If so, then Privoxy will perform the - respective actions. If not, then nothing special happens. Furthermore, web - pages may contain embedded, secondary URLs that your web browser will - use to load additional components of the page, as it parses the - original page's HTML content. An ad image for instance, is just an URL - embedded in the page somewhere. The image itself may be on the same server, - or a server somewhere else on the Internet. Complex web pages will have many - such embedded URLs. Privoxy can deal with each URL individually, so, for - instance, the main page text is not touched, but images from such-and-such - server are blocked.
The most important actions for basic ad blocking are: block, handle-as-image, - handle-as-empty-document,and - set-image-blocker:
block - this is perhaps - the single most used action, and is particularly important for ad blocking. - This action stops any contact between your browser and any URL patterns - that match this action's configuration. It can be used for blocking ads, - but also anything that is determined to be unwanted. By itself, it simply - stops any communication with the remote server and sends - Privoxy's own built-in BLOCKED page instead to - let you now what has happened (with some exceptions, see below). -
handle-as-image - - tells Privoxy to treat this URL as an image. - Privoxy's default configuration already does this - for all common image types (e.g. GIF), but there are many situations where this - is not so easy to determine. So we'll force it in these cases. This is particularly - important for ad blocking, since only if we know that it's an image of - some kind, can we replace it with an image of our choosing, instead of the - Privoxy BLOCKED page (which would only result in - a "broken image" icon). There are some limitations to this - though. For instance, you can't just brute-force an image substitution for - an entire HTML page in most situations. -
handle-as-empty-document - - sends an empty document instead of Privoxy's - normal BLOCKED HTML page. This is useful for file types that are neither - HTML nor images, such as blocking JavaScript files. -
set-image-blocker - tells - Privoxy what to display in place of an ad image that - has hit a block rule. For this to come into play, the URL must match a - block action somewhere in the - configuration, and, it must also match an - handle-as-image action. -
The configuration options on what to display instead of the ad are: -
pattern - a checkerboard pattern, so that an ad - replacement is obvious. This is the default. - blank - A very small empty GIF image is displayed. - This is the so-called "invisible" configuration option. - http://<URL> - A redirect to any image anywhere - of the user's choosing (advanced usage). -
Advanced users will eventually want to explore Privoxy - filters as well. Filters - are very different from blocks. - A "block" blocks a site, page, or unwanted contented. Filters - are a way of filtering or modifying what is actually on the page. An example - filter usage: a text replacement of "no-no" for - "nasty-word". That is a very simple example. This process can be - used for ad blocking, but it is more in the realm of advanced usage and has - some pitfalls to be wary off.
The quickest way to adjust any of these settings is with your browser through - the special Privoxy editor at http://config.privoxy.org/show-status - (shortcut: http://p.p/show-status). This - is an internal page, and does not require Internet access.
Note that as of Privoxy 3.0.7 beta the - action editor is disabled by default. Check the - enable-edit-actions - section in the configuration file to learn why and in which - cases it's safe to enable again.
If you decided to enable the action editor, select the appropriate - "actions" file, and click - "Edit". It is best to put personal or - local preferences in user.action since this is not - meant to be overwritten during upgrades, and will over-ride the settings in - other files. Here you can insert new "actions", and URLs for ad - blocking or other purposes, and make other adjustments to the configuration. - Privoxy will detect these changes automatically.
A quick and simple step by step example:
Right click on the ad image to be blocked, then select - "Copy Link Location" from the - pop-up menu. -
Set your browser to - http://config.privoxy.org/show-status -
Find user.action in the top section, and click - on "Edit": -
You should have a section with only - block listed under - "Actions:". - If not, click a "Insert new section below" - button, and in the new section that just appeared, click the - Edit button right under the word "Actions:". - This will bring up a list of all actions. Find - block near the top, and click - in the "Enabled" column, then "Submit" - just below the list. -
Now, in the block actions section, - click the "Add" button, and paste the URL the - browser got from "Copy Link Location". - Remove the http:// at the beginning of the URL. Then, click - "Submit" (or - "OK" if in a pop-up window). -
Now go back to the original page, and press SHIFT-Reload - (or flush all browser caches). The image should be gone now. -
This is a very crude and simple example. There might be good reasons to use a - wildcard pattern match to include potentially similar images from the same - site. For a more extensive explanation of "patterns", and - the entire actions concept, see the Actions - section.
For advanced users who want to hand edit their config files, you might want - to now go to the Actions Files Tutorial. - The ideas explained therein also apply to the web-based editor.
There are also various - filters that can be used for ad blocking - (filters are a special subset of actions). These - fall into the "advanced" usage category, and are explained in - depth in later sections.
4. Quickstart to + Using Privoxy
+ +-
+
-
+
Install Privoxy. See the Installation Section below for platform + specific information.
+
+
+ -
+
Advanced users and those who want to offer Privoxy service to more than just their local + machine should check the main config file, + especially the security-relevant options. These are + off by default.
+
+
+ -
+
Start Privoxy, if the + installation program has not done this already (may vary according to + platform). See the section Starting + Privoxy.
+
+
+ -
+
Set your browser to use Privoxy + as HTTP and HTTPS (SSL) proxy + by setting the proxy configuration for address of 127.0.0.1 and port 8118. + DO NOT activate proxying + for FTP or any protocols besides HTTP and + HTTPS (SSL) unless you intend to prevent your browser from using + these protocols.
+
+
+ -
+
Flush your browser's disk and memory caches, to remove any cached + ad images. If using Privoxy to + manage cookies, you should remove any currently stored cookies + too.
+
+
+ -
+
A default installation should provide a reasonable starting point + for most. There will undoubtedly be occasions where you will want to + adjust the configuration, but that can be dealt with as the need + arises. Little to no initial configuration is required in most cases, + you may want to enable the web-based action editor though. Be sure to read the + warnings first.
+ +See the Configuration section for + more configuration options, and how to customize your installation. + You might also want to look at the next section for a quick + introduction to how Privoxy blocks + ads and banners.
+
+
+ -
+
If you experience ads that slip through, innocent images that are + blocked, or otherwise feel the need to fine-tune Privoxy's behavior, take a look at the actions files. As a quick start, you might + find the richly commented + examples helpful. You can also view and edit the actions files + through the web-based user interface. The Appendix "Troubleshooting: Anatomy + of an Action" has hints on how to understand and debug + actions that "misbehave".
+
+
+ -
+
Please see the section Contacting the + Developers on how to report bugs, problems with websites or to + get help.
+
+
+ -
+
Now enjoy surfing with enhanced control, comfort and privacy!
+
+
4.1. Quickstart to Ad Blocking
+ +Ad blocking is but one of Privoxy's + array of features. Many of these features are for the technically + minded advanced user. But, ad and banner blocking is surely common + ground for everybody.
+ +This section will provide a quick summary of ad blocking so you can + get up to speed quickly without having to read the more extensive + information provided below, though this is highly recommended.
+ +First a bit of a warning ... blocking ads is much like blocking + SPAM: the more aggressive you are about it, the more likely you are to + block things that were not intended. And the more likely that some + things may not work as intended. So there is a trade off here. If you + want extreme ad free browsing, be prepared to deal with more + "problem" sites, and to spend more time + adjusting the configuration to solve these unintended consequences. In + short, there is not an easy way to eliminate all ads. Either take the easy way and + settle for most ads blocked + with the default configuration, or jump in and tweak it for your + personal surfing habits and preferences.
+ +Secondly, a brief explanation of Privoxy's "actions". + "Actions" in this context, are the + directives we use to tell Privoxy to + perform some task relating to HTTP transactions (i.e. web browsing). We + tell Privoxy to take some "action". Each action has a unique name and function. + While there are many potential actions + in Privoxy's arsenal, only a few are + used for ad blocking. Actions, + and action configuration files, are + explained in depth below.
+ +Actions are specified in Privoxy's + configuration, followed by one or more URLs to which the action should + apply. URLs can actually be URL type patterns that use wildcards so they + can apply potentially to a range of similar URLs. The actions, together + with the URL patterns are called a section.
+ +When you connect to a website, the full URL will either match one or + more of the sections as defined in Privoxy's configuration, or not. If so, then + Privoxy will perform the respective + actions. If not, then nothing special happens. Furthermore, web pages + may contain embedded, secondary URLs that your web browser will use to + load additional components of the page, as it parses the original + page's HTML content. An ad image for instance, is just an URL embedded + in the page somewhere. The image itself may be on the same server, or a + server somewhere else on the Internet. Complex web pages will have many + such embedded URLs. Privoxy can deal + with each URL individually, so, for instance, the main page text is not + touched, but images from such-and-such server are blocked.
+ +The most important actions for basic ad blocking are: block, handle-as-image, + handle-as-empty-document,and + set-image-blocker:
+ +-
+
-
+
block - this is perhaps the + single most used action, and is particularly important for ad + blocking. This action stops any contact between your browser and + any URL patterns that match this action's configuration. It can be + used for blocking ads, but also anything that is determined to be + unwanted. By itself, it simply stops any communication with the + remote server and sends Privoxy's + own built-in BLOCKED page instead to let you now what has happened + (with some exceptions, see below).
+
+
+ -
+
handle-as-image - + tells Privoxy to treat this URL as + an image. Privoxy's default + configuration already does this for all common image types (e.g. + GIF), but there are many situations where this is not so easy to + determine. So we'll force it in these cases. This is particularly + important for ad blocking, since only if we know that it's an image + of some kind, can we replace it with an image of our choosing, + instead of the Privoxy BLOCKED + page (which would only result in a "broken + image" icon). There are some limitations to this though. For + instance, you can't just brute-force an image substitution for an + entire HTML page in most situations.
+
+
+ -
+
handle-as-empty-document + - sends an empty document instead of Privoxy's normal BLOCKED HTML page. This is + useful for file types that are neither HTML nor images, such as + blocking JavaScript files.
+
+
+ -
+
set-image-blocker - + tells Privoxy what to display in + place of an ad image that has hit a block rule. For this to come + into play, the URL must match a block action somewhere in the + configuration, and, it + must also match an handle-as-image + action.
+ +The configuration options on what to display instead of the ad + are:
+ ++ +
+ ++ + +pattern - a checkerboard + pattern, so that an ad replacement is obvious. This is the + default. ++ +
+ ++ + +blank - A very small empty GIF + image is displayed. This is the so-called "invisible" configuration option. ++ +
++ + +http://<URL> - A redirect + to any image anywhere of the user's choosing (advanced + usage). +
+
Advanced users will eventually want to explore Privoxy filters as well. Filters are very + different from blocks. A "block" blocks a site, page, or unwanted contented. + Filters are a way of filtering or modifying what is actually on the + page. An example filter usage: a text replacement of "no-no" for "nasty-word". + That is a very simple example. This process can be used for ad + blocking, but it is more in the realm of advanced usage and has some + pitfalls to be wary off.
+ +The quickest way to adjust any of these settings is with your + browser through the special Privoxy + editor at http://config.privoxy.org/show-status (shortcut: http://p.p/show-status). This is an + internal page, and does not require Internet access.
+ +Note that as of Privoxy 3.0.7 beta + the action editor is disabled by default. Check the enable-edit-actions + section in the configuration file to learn why and in which cases + it's safe to enable again.
+ +If you decided to enable the action editor, select the appropriate + "actions" file, and click "Edit". It is best to put + personal or local preferences in user.action + since this is not meant to be overwritten during upgrades, and will + over-ride the settings in other files. Here you can insert new + "actions", and URLs for ad blocking or other + purposes, and make other adjustments to the configuration. Privoxy will detect these changes + automatically.
+ +A quick and simple step by step example:
+ +-
+
-
+
Right click on the ad image to be blocked, then select + "Copy Link + Location" from the pop-up menu.
+
+
+ -
+
Set your browser to http://config.privoxy.org/show-status
+
+
+ -
+
Find user.action in the top section, + and click on "Edit":
+ + +
+
+ -
+
You should have a section with only block listed under "Actions:". If not, click a "Insert new section + below" button, and in the new section that just + appeared, click the Edit button + right under the word "Actions:". This + will bring up a list of all actions. Find block near the + top, and click in the "Enabled" column, + then "Submit" just below the list.
+
+
+ -
+
Now, in the block actions section, click the + "Add" + button, and paste the URL the browser got from "Copy Link + Location". Remove the http:// at the beginning of the URL. Then, click + "Submit" + (or "OK" + if in a pop-up window).
+
+
+ -
+
Now go back to the original page, and press SHIFT-Reload (or flush all browser caches). The image + should be gone now.
+
+
This is a very crude and simple example. There might be good reasons + to use a wildcard pattern match to include potentially similar images + from the same site. For a more extensive explanation of "patterns", and the entire actions concept, see the Actions section.
+ +For advanced users who want to hand edit their config files, you + might want to now go to the Actions Files Tutorial. The ideas + explained therein also apply to the web-based editor.
+ +There are also various filters that can be used for ad blocking + (filters are a special subset of actions). These fall into the + "advanced" usage category, and are explained + in depth in later sections.
++ +
Prev | + +Home | + +Next | +
What's New in this + Release | + ++ + | Starting Privoxy | +
13. See Also
Other references and sites of interest to Privoxy - users:
http://www.privoxy.org/, - the Privoxy Home page. - |
http://www.privoxy.org/faq/, - the Privoxy FAQ. - |
http://www.privoxy.org/developer-manual/, - the Privoxy developer manual. - |
https://sourceforge.net/projects/ijbswa/, - the Project Page for Privoxy on - SourceForge. - |
http://config.privoxy.org/, - the web-based user interface. Privoxy must be - running for this to work. Shortcut: http://p.p/ - |
https://sourceforge.net/tracker/?group_id=11118&atid=460288, to submit "misses" and other - configuration related suggestions to the developers. - |
http://www.junkbusters.com/ht/en/cookies.html, - an explanation how cookies are used to track web users. - |
http://www.junkbusters.com/ijb.html, - the original Internet Junkbuster. - |
http://www.squid-cache.org/, a popular - caching proxy, which is often used together with Privoxy. - |
http://www.pps.jussieu.fr/~jch/software/polipo/, - Polipo is a caching proxy with advanced features - like pipelining, multiplexing and caching of partial instances. In many setups - it can be used as Squid replacement. - |
https://www.torproject.org/, - Tor can help anonymize web browsing, - web publishing, instant messaging, IRC, SSH, and other applications. - |
13. See Also
+ +Other references and sites of interest to Privoxy users:
+ +http://www.privoxy.org/, the Privoxy Home page. | +
http://www.privoxy.org/faq/, the Privoxy FAQ. | +
http://www.privoxy.org/developer-manual/, the + Privoxy developer manual. | +
https://sourceforge.net/projects/ijbswa/, the Project + Page for Privoxy on SourceForge. | +
http://config.privoxy.org/, the web-based user + interface. Privoxy must be running + for this to work. Shortcut: http://p.p/ | +
https://sourceforge.net/tracker/?group_id=11118&atid=460288, + to submit "misses" and other + configuration related suggestions to the developers. | +
http://www.junkbusters.com/ht/en/cookies.html, an + explanation how cookies are used to track web users. | +
http://www.junkbusters.com/ijb.html, the original + Internet Junkbuster. | +
http://www.squid-cache.org/, a popular caching proxy, + which is often used together with Privoxy. | +
http://www.pps.jussieu.fr/~jch/software/polipo/, + Polipo is a caching proxy with + advanced features like pipelining, multiplexing and caching of + partial instances. In many setups it can be used as Squid replacement. | +
https://www.torproject.org/, Tor can help anonymize web browsing, web + publishing, instant messaging, IRC, SSH, and other + applications. | +
+ +
Prev | + +Home | + +Next | +
Privoxy Copyright, License + and History | + ++ + | Appendix | +
5. Starting Privoxy
Before launching Privoxy for the first time, you - will want to configure your browser(s) to use - Privoxy as a HTTP and HTTPS (SSL) - proxy. The default is - 127.0.0.1 (or localhost) for the proxy address, and port 8118 (earlier versions - used port 8000). This is the one configuration step that must be done!
Please note that Privoxy can only proxy HTTP and - HTTPS traffic. It will not work with FTP or other protocols.
-
- With Firefox, this is typically set under:
Tools -> Options -> Advanced -> Network ->Connection -> Settings
- Or optionally on some platforms:
Edit -> Preferences -> General -> Connection Settings -> Manual Proxy Configuration
- With Netscape (and - Mozilla), this can be set under:
Edit -> Preferences -> Advanced -> Proxies -> HTTP Proxy
For Internet Explorer v.5-7:
Tools -> Internet Options -> Connections -> LAN Settings
Then, check "Use Proxy" and fill in the appropriate info - (Address: 127.0.0.1, Port: 8118). Include HTTPS (SSL), if you want HTTPS - proxy support too (sometimes labeled "Secure"). Make sure any - checkboxes like "Use the same proxy server for all protocols" is - UNCHECKED. You want only HTTP and HTTPS (SSL)!
-
After doing this, flush your browser's disk and memory caches to force a - re-reading of all pages and to get rid of any ads that may be cached. Remove - any cookies, - if you want Privoxy to manage that. You are now - ready to start enjoying the benefits of using - Privoxy!
Privoxy itself is typically started by specifying the - main configuration file to be used on the command line. If no configuration - file is specified on the command line, Privoxy - will look for a file named config in the current - directory. Except on Win32 where it will try config.txt.
5.1. Red Hat and Fedora
A default Red Hat installation may not start Privoxy upon boot. It will use - the file /etc/privoxy/config as its main configuration - file.
# /etc/rc.d/init.d/privoxy start |
Or ...
# service privoxy start |
5.2. Debian
We use a script. Note that Debian typically starts Privoxy upon booting per - default. It will use the file - /etc/privoxy/config as its main configuration - file.
# /etc/init.d/privoxy start |
5.3. Windows
Click on the Privoxy Icon to start Privoxy. If no configuration file is - specified on the command line, Privoxy will look - for a file named config.txt. Note that Windows will - automatically start Privoxy when the system starts if you chose that option - when installing.
Privoxy can run with full Windows service functionality. - On Windows only, the Privoxy program has two new command line arguments - to install and uninstall Privoxy as a service. See the - Windows Installation - instructions for details.
5.4. Solaris, NetBSD, FreeBSD, HP-UX and others
Example Unix startup command:
# /usr/sbin/privoxy /etc/privoxy/config |
5.5. OS/2
During installation, Privoxy is configured to - start automatically when the system restarts. You can start it manually by - double-clicking on the Privoxy icon in the - Privoxy folder.
5.6. Mac OS X
After downloading the privoxy software, unzip the downloaded file by - double-clicking on the zip file icon. Then, double-click on the - installer package icon and follow the installation process.
The privoxy service will automatically start after a successful - installation. In addition, the privoxy service will automatically - start every time your computer starts up.
To prevent the privoxy service from automatically starting when your - computer starts up, remove or rename the folder named - /Library/StartupItems/Privoxy.
A simple application named Privoxy Utility has been created which - enables administrators to easily start and stop the privoxy service.
In addition, the Privoxy Utility presents a simple way for - administrators to edit the various privoxy config files. A method - to uninstall the software is also available.
An administrator username and password must be supplied in order for - the Privoxy Utility to perform any of the tasks.
5.7. AmigaOS
Start Privoxy (with RUN <>NIL:) in your - startnet script (AmiTCP), in - s:user-startup (RoadShow), as startup program in your - startup script (Genesis), or as startup action (Miami and MiamiDx). - Privoxy will automatically quit when you quit your - TCP/IP stack (just ignore the harmless warning your TCP/IP stack may display that - Privoxy is still running).
5.8. Gentoo
A script is again used. It will use the file /etc/privoxy/config - as its main configuration file.
/etc/init.d/privoxy start - |
Note that Privoxy is not automatically started at - boot time by default. You can change this with the rc-update - command.
-
rc-update add privoxy default - |
5.9. Command Line Options
Privoxy may be invoked with the following - command-line options:
--version -
Print version info and exit. Unix only. -
--help -
Print short usage info and exit. Unix only. -
--no-daemon -
Don't become a daemon, i.e. don't fork and become process group - leader, and don't detach from controlling tty. Unix only. -
--pidfile FILE -
On startup, write the process ID to FILE. Delete the - FILE on exit. Failure to create or delete the - FILE is non-fatal. If no FILE - option is given, no PID file will be used. Unix only. -
--user USER[.GROUP] -
After (optionally) writing the PID file, assume the user ID of - USER, and if included the GID of GROUP. Exit if the - privileges are not sufficient to do so. Unix only. -
--chroot -
Before changing to the user ID given in the --user option, - chroot to that user's home directory, i.e. make the kernel pretend to the Privoxy - process that the directory tree starts there. If set up carefully, this can limit - the impact of possible vulnerabilities in Privoxy to the files contained in that hierarchy. - Unix only. -
--pre-chroot-nslookup hostname -
Specifies a hostname to look up before doing a chroot. On some systems, initializing the - resolver library involves reading config files from /etc and/or loading additional shared - libraries from /lib. On these systems, doing a hostname lookup before the chroot reduces - the number of files that must be copied into the chroot tree. -
For fastest startup speed, a good value is a hostname that is not in /etc/hosts but that - your local name server (listed in /etc/resolv.conf) can resolve without recursion - (that is, without having to ask any other name servers). The hostname need not exist, - but if it doesn't, an error message (which can be ignored) will be output. -
configfile -
If no configfile is included on the command line, - Privoxy will look for a file named - "config" in the current directory (except on Win32 - where it will look for "config.txt" instead). Specify - full path to avoid confusion. If no config file is found, - Privoxy will fail to start. -
On MS Windows only there are two additional - command-line options to allow Privoxy to install and - run as a service. See the -Window Installation section -for details.
5. Starting + Privoxy
+ +Before launching Privoxy for the + first time, you will want to configure your browser(s) to use + Privoxy as a HTTP and HTTPS (SSL) + proxy. The default is 127.0.0.1 (or localhost) for the proxy + address, and port 8118 (earlier versions used port 8000). This is the one + configuration step that must be + done!
+ +Please note that Privoxy can only + proxy HTTP and HTTPS traffic. It will not work with FTP or other + protocols.
+ +Figure 2. Proxy Configuration Showing Mozilla/Netscape + HTTP and HTTPS (SSL) Settings
+ +With Firefox, this is typically set + under:
+ + Tools -> Options -> Advanced -> Network ->Connection -> Settings
Or optionally on some platforms:
+ + Edit -> Preferences -> General -> Connection Settings -> Manual Proxy Configuration
With Netscape (and Mozilla), this can be set under:
+ + Edit -> Preferences -> Advanced -> Proxies -> HTTP
+ Proxy
For Internet Explorer v.5-7:
+ +Tools -> Internet + Options -> Connections -> LAN Settings
+ +Then, check "Use Proxy" and fill in the + appropriate info (Address: 127.0.0.1, Port: 8118). Include HTTPS (SSL), + if you want HTTPS proxy support too (sometimes labeled "Secure"). Make sure any checkboxes like "Use the same proxy server for all protocols" is + UNCHECKED. You want only HTTP + and HTTPS (SSL)!
+ +Figure 3. Proxy Configuration Showing Internet Explorer + HTTP and HTTPS (Secure) Settings
+ +After doing this, flush your browser's disk and memory caches to force + a re-reading of all pages and to get rid of any ads that may be cached. + Remove any cookies, if you want Privoxy + to manage that. You are now ready to start enjoying the benefits of using + Privoxy!
+ +Privoxy itself is typically started + by specifying the main configuration file to be used on the command line. + If no configuration file is specified on the command line, Privoxy will look for a file named config in the current directory. Except on Win32 where it + will try config.txt.
+ +5.1. Red Hat + and Fedora
+ +A default Red Hat installation may not start Privoxy upon boot. It will use the file /etc/privoxy/config as its main configuration file.
+ +
+ + # /etc/rc.d/init.d/privoxy start ++ |
+
Or ...
+ +
+ + # service privoxy start ++ |
+
5.2. + Debian
+ +We use a script. Note that Debian typically starts Privoxy upon booting per default. It will use the + file /etc/privoxy/config as its main + configuration file.
+ +
+ + # /etc/init.d/privoxy start ++ |
+
5.3. + Windows
+ +Click on the Privoxy Icon to start + Privoxy. If no configuration file is + specified on the command line, Privoxy + will look for a file named config.txt. Note + that Windows will automatically start Privoxy when the system starts if you chose that + option when installing.
+ +Privoxy can run with full Windows + service functionality. On Windows only, the Privoxy program has two new command line arguments + to install and uninstall Privoxy as a + service. See the Windows Installation + instructions for details.
+5.4. + Solaris, NetBSD, FreeBSD, HP-UX and others
+ +Example Unix startup command:
+ +
+ + # /usr/sbin/privoxy /etc/privoxy/config ++ |
+
5.5. OS/2
+ +During installation, Privoxy is + configured to start automatically when the system restarts. You can + start it manually by double-clicking on the Privoxy icon in the Privoxy folder.
+5.6. Mac OS + X
+ +After downloading the privoxy software, unzip the downloaded file by + double-clicking on the zip file icon. Then, double-click on the + installer package icon and follow the installation process.
+ +The privoxy service will automatically start after a successful + installation. In addition, the privoxy service will automatically start + every time your computer starts up.
+ +To prevent the privoxy service from automatically starting when your + computer starts up, remove or rename the folder named + /Library/StartupItems/Privoxy.
+ +A simple application named Privoxy Utility has been created which + enables administrators to easily start and stop the privoxy + service.
+ +In addition, the Privoxy Utility presents a simple way for + administrators to edit the various privoxy config files. A method to + uninstall the software is also available.
+ +An administrator username and password must be supplied in order for + the Privoxy Utility to perform any of the tasks.
+5.7. + AmigaOS
+ +Start Privoxy (with RUN + <>NIL:) in your startnet script + (AmiTCP), in s:user-startup (RoadShow), as + startup program in your startup script (Genesis), or as startup action + (Miami and MiamiDx). Privoxy will + automatically quit when you quit your TCP/IP stack (just ignore the + harmless warning your TCP/IP stack may display that Privoxy is still running).
+5.8. + Gentoo
+ +A script is again used. It will use the file /etc/privoxy/config as its main configuration file.
+ +
+ + /etc/init.d/privoxy start + ++ |
+
Note that Privoxy is not + automatically started at boot time by default. You can change this with + the rc-update command.
+ +
+ + rc-update add privoxy default + ++ |
+
5.9. Command + Line Options
+ +Privoxy may be invoked with the + following command-line options:
+ +-
+
-
+
--version
+ +Print version info and exit. Unix only.
+
+
+ -
+
--help
+ +Print short usage info and exit. Unix only.
+
+
+ -
+
--no-daemon
+ +Don't become a daemon, i.e. don't fork and become process group + leader, and don't detach from controlling tty. Unix only.
+
+
+ -
+
--pidfile FILE
+ +On startup, write the process ID to FILE. Delete the FILE on exit. Failure to create or + delete the FILE is + non-fatal. If no FILE + option is given, no PID file will be used. Unix only.
+
+
+ -
+
--user + USER[.GROUP]
+ +After (optionally) writing the PID file, assume the user ID of + USER, and if included the + GID of GROUP. Exit if the privileges are not sufficient to do so. + Unix only.
+
+
+ -
+
--chroot
+ +Before changing to the user ID given in the --user option, chroot to that user's + home directory, i.e. make the kernel pretend to the Privoxy process that the directory tree starts + there. If set up carefully, this can limit the impact of possible + vulnerabilities in Privoxy to the + files contained in that hierarchy. Unix only.
+
+
+ -
+
--pre-chroot-nslookup + hostname
+ +Specifies a hostname to look up before doing a chroot. On some + systems, initializing the resolver library involves reading config + files from /etc and/or loading additional shared libraries from + /lib. On these systems, doing a hostname lookup before the chroot + reduces the number of files that must be copied into the chroot + tree.
+ +For fastest startup speed, a good value is a hostname that is + not in /etc/hosts but that your local name server (listed in + /etc/resolv.conf) can resolve without recursion (that is, without + having to ask any other name servers). The hostname need not exist, + but if it doesn't, an error message (which can be ignored) will be + output.
+
+
+ -
+
configfile
+ +If no configfile is + included on the command line, Privoxy will look for a file named + "config" in the current directory + (except on Win32 where it will look for "config.txt" instead). Specify full path to avoid + confusion. If no config file is found, Privoxy will fail to start.
+
+
On MS Windows only there are two + additional command-line options to allow Privoxy to install and run as a service. See the Window Installation + section for details.
++ +
Prev | + +Home | + +Next | +
Quickstart to Using + Privoxy | + ++ + | Privoxy Configuration | +
10. Privoxy's Template Files
All Privoxy built-in pages, i.e. error pages such as the - "404 - No Such Domain" - error page, the "BLOCKED" - page - and all pages of its web-based - user interface, are generated from templates. - (Privoxy must be running for the above links to work as - intended.)
These templates are stored in a subdirectory of the configuration - directory called templates. On Unixish platforms, - this is typically - /etc/privoxy/templates/.
The templates are basically normal HTML files, but with place-holders (called symbols - or exports), which Privoxy fills at run time. It - is possible to edit the templates with a normal text editor, should you want - to customize them. (Not recommended for the casual - user). Should you create your own custom templates, you should use - the config setting templdir - to specify an alternate location, so your templates do not get overwritten - during upgrades. -
Note that just like in configuration files, lines starting - with # are ignored when the templates are filled in.
The place-holders are of the form @name@, and you will - find a list of available symbols, which vary from template to template, - in the comments at the start of each file. Note that these comments are not - always accurate, and that it's probably best to look at the existing HTML - code to find out which symbols are supported and what they are filled in with.
A special application of this substitution mechanism is to make whole - blocks of HTML code disappear when a specific symbol is set. We use this - for many purposes, one of them being to include the beta warning in all - our user interface (CGI) pages when Privoxy - is in an alpha or beta development stage:
<!-- @if-unstable-start --> + + + + + + ++ |
+
If the "unstable" symbol is set, everything in between and including + @if-unstable-start and if-unstable-end@ will disappear, leaving nothing but an + empty comment:
+ +
+ +<!-- --> ++ |
+
There's also an if-then-else construct and an #include mechanism, but you'll sure find out if you are + inclined to edit the templates ;-)
+ +All templates refer to a style located at http://config.privoxy.org/send-stylesheet. This is, of + course, locally served by Privoxy and + the source for it can be found and edited in the cgi-style.css template.
++ +
Prev | + +Home | + +Next | +
Filter Files | + ++ + | Contacting the Developers, + Bug Reporting and Feature Requests | +
3. Note to Upgraders
There are very significant changes from earlier - Junkbuster versions to the current - Privoxy. The number, names, syntax, and - purposes of configuration files have substantially changed. - Junkbuster 2.0.x configuration - files will not migrate, Junkbuster 2.9.x - and Privoxy configurations will need to be - ported. The functionalities of the old blockfile, - cookiefile and imagelist - are now combined into the "actions - files". - default.action, is the main actions file. Local - exceptions should best be put into user.action.
A "filter file" (typically - default.filter) is new as of Privoxy - 2.9.x, and provides some of the new sophistication (explained - below). config is much the same as before.
If upgrading from a 2.0.x version, you will have to use the new config - files, and possibly adapt any personal rules from your older files. - When porting personal rules over from the old blockfile - to the new actions files, please note that even the pattern syntax has - changed. If upgrading from 2.9.x development versions, it is still - recommended to use the new configuration files.
A quick list of things to be aware of before upgrading:
The default listening port is now 8118 due to a conflict with another - service (NAS). -
- Some installers may remove earlier versions completely. Save any - important configuration files! -
Privoxy is controllable with a web browser - at the special URL: http://config.privoxy.org/ - (Shortcut: http://p.p/). Many - aspects of configuration can be done here, including temporarily disabling - Privoxy. -
The primary configuration files for cookie management, ad and banner - blocking, and many other aspects of Privoxy - configuration are the actions - files. It is strongly recommended to become familiar with the new - actions concept below, before modifying these files. Locally defined rules - should go into user.action. -
- Some installers may not automatically start - Privoxy after installation. -
3. What's New in this Release
Privoxy 3.0.12 is mainly a bugfix release:
The socket-timeout option now also works on platforms whose - select() implementation modifies the timeout structure. - Previously the timeout was triggered even if the connection - didn't stall. Reported by cyberpatrol. -
The Connection: keep-alive code properly deals with files - larger than 2GB. Previously the connection was closed too - early. -
The content length for files above 2GB is logged correctly. -
The user-manual directive on the show-status page links to - the documentation location specified with the directive, - not to the Privoxy website. -
When running in daemon mode, Privoxy doesn't log anything - to the console unless there are errors before the logfile - has been opened. -
The show-status page prints warnings about invalid directives - on the same line as the directives themselves. -
Fixed several justified (but harmless) compiler warnings, - mostly on 64 bit platforms. -
The mingw32 version explicitly requests the default charset - to prevent display problems with some fonts available on more - recent Windows versions. Patch by Burberry. -
The mingw32 version uses the Privoxy icon in the alt-tab - windows. Patch by Burberry. -
The timestamp and the thread id is omitted in the "Fatal error" - message box on mingw32. -
Fixed two related mingw32-only buffer overflows. Triggering - them required control over the configuration file, therefore - this isn't seen as a security issue. -
In verbose mode, or if the new option --show-skipped-tests - is used, Privoxy-Regression-Test logs skipped tests and the - skip reason. -
3.1. Note to Upgraders
A quick list of things to be aware of before upgrading from earlier - versions of Privoxy:
The recommended way to upgrade Privoxy is to backup your old - configuration files, install the new ones, verify that Privoxy - is working correctly and finally merge back your changes using - diff and maybe patch. -
There are a number of new features in each Privoxy release and - most of them have to be explicitly enabled in the configuration - files. Old configuration files obviously don't do that and due - to syntax changes using old configuration files with a new - Privoxy isn't always possible anyway. -
- Note that some installers remove earlier versions completely, - including configuration files, therefore you should really save - any important configuration files! -
- On the other hand, other installers don't overwrite existing configuration - files, thinking you will want to do that yourself. -
- standard.action has been merged into - the default.action file. -
In the default configuration only fatal errors are logged now. - You can change that in the debug section - of the configuration file. You may also want to enable more verbose - logging until you verified that the new Privoxy version is working - as expected. -
Three other config file settings are now off by default: - enable-remote-toggle, - enable-remote-http-toggle, - and enable-edit-actions. - If you use or want these, you will need to explicitly enable them, and - be aware of the security issues involved. -
3. What's New in this + Release
+ +Privoxy 3.0.19 is a stable release. + The changes since 3.0.18 stable are:
+ +-
+
-
+
Bug fixes:
+ +-
+
-
+
Prevent a segmentation fault when de-chunking buffered + content. It could be triggered by malicious web servers if + Privoxy was configured to filter the content and running on a + platform where SIZE_T_MAX isn't larger than UINT_MAX, which + probably includes most 32-bit systems. On those platforms, all + Privoxy versions before 3.0.19 appear to be affected. To be on + the safe side, this bug should be presumed to allow code + execution as proving that it doesn't seems unrealistic.
+
+
+ -
+
Do not expect a response from the SOCKS4/4A server until it + got something to respond to. This regression was introduced in + 3.0.18 and prevented the SOCKS4/4A negotiation from working. + Reported by qqqqqw in #3459781.
+
+
+
+ -
+
-
+
General improvements:
+ +-
+
-
+
Fix an off-by-one in an error message about connect + failures.
+
+
+ -
+
Use a GNUMakefile variable for the webserver root directory + and update the path. Sourceforge changed it which broke various + web-related targets.
+
+
+ -
+
Update the CODE_STATUS description.
+
+
+ -
+
The following changes were made between 3.0.17 and 3.0.18:
+ +-
+
-
+
Bug fixes:
+ +-
+
-
+
If a generated redirect URL contains characters RFC 3986 + doesn't permit, they are (re)encoded. Not doing this makes + Privoxy versions from 3.0.5 to 3.0.17 susceptible to HTTP + response splitting (CWE-113) attacks if the + +fast-redirects{check-decoded-url} action is used.
+
+
+ -
+
Fix a logic bug that could cause Privoxy to reuse a server + socket after it got tainted by a server-header-tagger-induced + block that was triggered before the whole server response had + been read. If keep-alive was enabled and the request following + the blocked one was to the same host and using the same + forwarding settings, Privoxy would send it on the tainted server + socket. While the server would simply treat it as a pipelined + request, Privoxy would later on fail to properly parse the + server's response as it would try to parse the unread data from + the first response as server headers for the second one. + Regression introduced in 3.0.17.
+
+
+ -
+
When implying keep-alive in client_connection(), remember that + the client didn't. Fixes a regression introduced in 3.0.13 that + would cause Privoxy to wait for additional client requests after + receiving a HTTP/1.1 request with "Connection: close" set and + connection sharing enabled. With clients which terminates the + client connection after detecting that the whole body has been + received it doesn't really matter, but with clients that don't + the connection would be kept open until it timed out.
+
+
+ -
+
Fix a subtle race condition between + prepare_csp_for_next_request() and sweep(). A thread preparing + itself for the next client request could briefly appear to be + inactive. If all other threads were already using more recent + files, the thread could get its files swept away under its feet. + So far this has only been reproduced while stress testing in + valgrind while touching action files in a loop. It's unlikely to + have caused any actual problems in the real world.
+
+
+ -
+
Disable filters if SDCH compression is used unless filtering + is forced. If SDCH was combined with a supported compression + algorithm, Privoxy previously could try to decompress it and + ditch the Content-Encoding header even though the SDCH + compression wasn't dealt with. Reported by zebul666 in + #3225863.
+
+
+ -
+
Make a copy of the --user value and only mess with that when + splitting user and group. On some operating systems modifying the + value directly is reflected in the output of ps and friends and + can be misleading. Reported by zepard in #3292710.
+
+
+ -
+
If forwarded-connect-retries is set, only retry if Privoxy is + actually forwarding the request. Previously direct connections + would be retried as well.
+
+
+ -
+
Fixed a small memory leak when retrying connections with IPv6 + support enabled.
+
+
+ -
+
Remove an incorrect assertion in + compile_dynamic_pcrs_job_list() It could be triggered by a pcrs + job with an invalid pcre pattern (for example one that contains a + lone quantifier).
+
+
+ -
+
If the --user argument user[.group] contains a dot, always + bail out if no group has been specified. Previously the intended, + but undocumented (and apparently untested), behaviour was to try + interpreting the whole argument as user name, but the detection + was flawed and checked for '0' instead of '\0', thus merely + preventing group names beginning with a zero.
+
+
+ -
+
In html_code_map[], use a numeric character reference instead + of ' which wasn't standardized before XHTML 1.0.
+
+
+ -
+
Fix an invalid free when compiled with + FEATURE_GRACEFUL_TERMINATION and shut down through + http://config.privoxy.org/die
+
+
+ -
+
In get_actions(), fix the "temporary" backwards compatibility + hack to accept block actions without reason. It also covered + other actions that should be rejected as invalid. Reported by + Billy Crook.
+
+
+
+ -
+
-
+
General improvements:
+ +-
+
-
+
Privoxy can (re)compress buffered content before delivering it + to the client. Disabled by default as most users wouldn't benefit + from it.
+
+
+ -
+
The +fast-redirects{check-decoded-url} action checks URL + segments separately. If there are other parameters behind the + redirect URL, this makes it unnecessary to cut them off by + additionally using a +redirect{} pcrs command. Initial patch + submitted by Jamie Zawinski in #3429848.
+
+
+ -
+
When loading action sections, verify that the referenced + filters exist. Currently missing filters only result in an error + message, but eventually the severity will be upgraded to + fatal.
+
+
+ -
+
Allow to bind to multiple separate addresses. Patch set + submitted by Petr Pisar in #3354485.
+
+
+ -
+
Set socket_error to errno if connecting fails in + rfc2553_connect_to(). Previously rejected direct connections + could be incorrectly reported as DNS issues if Privoxy was + compiled with IPv6 support.
+
+
+ -
+
Adjust url_code_map[] so spaces are replaced with %20 instead + of '+' While '+' can be used by client's submitting form data, + this is not actually what Privoxy is using the lookups for. This + is more of a cosmetic issue and doesn't fix any known + problems.
+
+
+ -
+
When compiled without FEATURE_FAST_REDIRECTS, do not silently + ignore +fast-redirect{} directives
+
+
+ -
+
Added a workaround for GNU libc's strptime() reporting + negative year values when the parsed year is only specified with + two digits. On affected systems cookies with such a date would + not be turned into session cookies by the +session-cookies-only + action. Reported by Vaeinoe in #3403560
+
+
+ -
+
Fixed bind failures with certain GNU libc versions if no + non-loopback IP address has been configured on the system. This + is mainly an issue if the system is using DHCP and Privoxy is + started before the network is completely configured. Reported by + Raphael Marichez in #3349356. Additional insight from Petr + Pisar.
+
+
+ -
+
Privoxy log messages now use the ISO 8601 date format + %Y-%m-%d. It's only slightly longer than the old format, but + contains the full date including the year and allows sorting by + date (when grepping in multiple log files) without hassle.
+
+
+ -
+
In get_last_url(), do not bother trying to decode URLs that do + not contain at least one '%' sign. It reduces the log noise and a + number of unnecessary memory allocations.
+
+
+ -
+
In case of SOCKS5 failures, dump the socks response in the log + message.
+
+
+ -
+
Simplify the signal setup in main().
+
+
+ -
+
Streamline socks5_connect() slightly.
+
+
+ -
+
In socks5_connect(), require a complete socks response from + the server. Previously Privoxy didn't care how much data the + server response contained as long as the first two bytes + contained the expected values. While at it, shrink the buffer + size so Privoxy can't read more than a whole socks response.
+
+
+ -
+
In chat(), do not bother to generate a client request in case + of direct CONNECT requests. It will not be used anyway.
+
+
+ -
+
Reduce server_last_modified()'s stack size.
+
+
+ -
+
Shorten get_http_time() by using strftime().
+
+
+ -
+
Constify the known_http_methods pointers in + unknown_method().
+
+
+ -
+
Constify the time_formats pointers in parse_header_time().
+
+
+ -
+
Constify the formerly_valid_actions pointers in + action_used_to_be_valid().
+
+
+ -
+
Introduce a GNUMakefile MAN_PAGE variable that defaults to + privoxy.1. The Debian package uses section 8 for the man page and + this should simplify the patch.
+
+
+ -
+
Deduplicate the INADDR_NONE definition for Solaris by moving + it to jbsockets.h
+
+
+ -
+
In block_url(), ditch the obsolete workaround for ancient + Netscape versions that supposedly couldn't properly deal with + status code 403.
+
+
+ -
+
Remove a useless NULL pointer check in load_trustfile().
+
+
+ -
+
Remove two useless NULL pointer checks in + load_one_re_filterfile().
+
+
+ -
+
Change url_code_map[] from an array of pointers to an array of + arrays It removes an unnecessary layer of indirection and on + 64bit system reduces the size of the binary a bit.
+
+
+ -
+
Fix various typos. Fixes taken from Debian's 29_typos.dpatch + by Roland Rosenfeld.
+
+
+ -
+
Add a dok-tidy GNUMakefile target to clean up the messy HTML + generated by the other dok targets.
+
+
+ -
+
GNUisms in the GNUMakefile have been removed.
+
+
+ -
+
Change the HTTP version in static responses to 1.1
+
+
+ -
+
Synced config.sub and config.guess with upstream + 2011-11-11/386c7218162c145f5f9e1ff7f558a3fbb66c37c5.
+
+
+ -
+
Add a dedicated function to parse the values of toggles. + Reduces duplicated code in load_config() and provides better + error handling. Invalid or missing toggle values are now a fatal + error instead of being silently ignored.
+
+
+ -
+
Terminate HTML lines in static error messages with \n instead + of \r\n.
+
+
+ -
+
Simplify cgi_error_unknown() a bit.
+
+
+ -
+
In LogPutString(), don't bother looking at pszText when not + actually logging anything.
+
+
+ -
+
Change ssplit()'s fourth parameter from int to size_t. Fixes a + clang complaint.
+
+
+ -
+
Add a warning that the statistics currently can't be trusted. + Mention Privoxy-Log-Parser's --statistics option as an + alternative for the time being.
+
+
+ -
+
In rfc2553_connect_to(), start setting cgi->error_message + on error.
+
+
+ -
+
Change the expected status code returned for http://p.p/die + depending on whether or not FEATURE_GRACEFUL_TERMINATION is + available.
+
+
+ -
+
In cgi_die(), mark the client connection for closing. If the + client will fetch the style sheet through another connection it + gets the main thread out of the accept() state and should thus + trigger the actual shutdown.
+
+
+ -
+
Add a proper CGI message for cgi_die().
+
+
+ -
+
Don't enforce a logical line length limit in + read_config_line().
+
+
+ -
+
Slightly refactor server_last_modified() to remove useless + gmtime*() calls.
+
+
+ -
+
In get_content_type(), also recognize '.jpeg' as JPEG + extension.
+
+
+ -
+
Add '.png' to the list of recognized file extensions in + get_content_type().
+
+
+ -
+
In block_url(), consistently use the block reason "Request + blocked by Privoxy" In two places the reason was "Request for + blocked URL" which hides the fact that the request got blocked by + Privoxy and isn't necessarily correct as the block may be due to + tags.
+
+
+ -
+
In listen_loop(), reload the configuration files after + accepting a new connection instead of before. Previously the + first connection that arrived after a configuration change would + still be handled with the old configuration.
+
+
+ -
+
In chat()'s receive-data loop, skip a client socket check if + the socket will be written to right away anyway. This can + increase the transfer speed for unfiltered content on fast + network connections.
+
+
+ -
+
The socket timeout is used for SOCKS negotiations as well + which previously couldn't timeout.
+
+
+ -
+
Don't keep the client connection alive if any configuration + file changed since the time the connection came in. This is + closer to Privoxy's behaviour before keep-alive support for + client connection has been added and also less confusing in + general.
+
+
+ -
+
Treat all Content-Type header values containing the pattern + 'script' as a sign of text. Reported by pribog in #3134970.
+
+
+
+ -
+
-
+
Action file improvements:
+ +-
+
-
+
Moved the site-specific block pattern section below the one + for the generic patterns so for requests that are matched in + both, the block reason for the domain is shown which is usually + more useful than showing the one for the generic pattern.
+
+
+ -
+
Remove -prevent-compression from the fragile alias. It's no + longer used anywhere by default and isn't known to break stuff + anyway.
+
+
+ -
+
Add a (disabled) section to block various Facebook tracking + URLs. Reported by Dan Stahlke in #3421764.
+
+
+ -
+
Add a (disabled) section to rewrite and redirect + click-tracking URLs used on news.google.com. Reported by Dan + Stahlke in #3421755.
+
+
+ -
+
Unblock linuxcounter.net/. Reported by Dan Stahlke in + #3422612.
+
+
+ -
+
Block 'www91.intel.com/' which is used by Omniture. Reported + by Adam Piggott in #3167370.
+
+
+ -
+
Disable the handle-as-empty-doc-returns-ok option and mark it + as deprecated. Reminded by tceverling in #2790091.
+
+
+ -
+
Add ".ivwbox.de/" to the "Cross-site user tracking" section. + Reported by Nettozahler in #3172525.
+
+
+ -
+
Unblock and fast-redirect ".awin1.com/.*=http://". Reported by + Adam Piggott in #3170921.
+
+
+ -
+
Block "b.collective-media.net/".
+
+
+ -
+
Widen the Debian popcon exception to "qa.debian.org/popcon". + Seen in Debian's 05_default_action.dpatch by Roland + Rosenfeld.
+
+
+ -
+
Block ".gemius.pl/" which only seems to be used for user + tracking. Reported by johnd16 in #3002731. Additional input from + Lee and movax.
+
+
+ -
+
Disable banners-by-size filters for '.thinkgeek.com/'. The + filter only seems to catch pictures of the inventory.
+
+
+ -
+
Block requests for 'go.idmnet.bbelements.com/please/showit/'. + Reported by kacperdominik in #3372959.
+
+
+ -
+
Unblock adainitiative.org/.
+
+
+ -
+
Add a fast-redirects exception for + '.googleusercontent.com/.*=cache'.
+
+
+ -
+
Add a fast-redirects exception for + webcache.googleusercontent.com/.
+
+
+ -
+
Unblock http://adassier.wordpress.com/ and + http://adassier.files.wordpress.com/.
+
+
+
+ -
+
-
+
Filter file improvements:
+ +-
+
-
+
Let the yahoo filter hide '.ads'.
+
+
+ -
+
Let the msn filter hide overlay ads for Facebook 'likes' in + search results and elements with the id 's_notf_div'. They only + seem to be used to advertise site 'enhancements'.
+
+
+ -
+
Let the js-events filter additionally disarm setInterval(). + Suggested by dg1727 in #3423775.
+
+
+
+ -
+
-
+
Documentation improvements:
+ +-
+
-
+
Clarify the effect of compiling Privoxy with zlib support. + Suggested by dg1727 in #3423782.
+
+
+ -
+
Point out that the SourceForge messaging system works like a + black hole and should thus not be used to contact individual + developers.
+
+
+ -
+
Mention some of the problems one can experience when not + explicitly configuring an IP addresses as listen address.
+
+
+ -
+
Explicitly mention that hostnames can be used instead of IP + addresses for the listen-address, that only the first address + returned will be used and what happens if the address is invalid. + Requested by Calestyo in #3302213.
+
+
+
+ -
+
-
+
Log message improvements:
+ +-
+
-
+
If only the server connection is kept alive, do not pretend to + wait for a new client request.
+
+
+ -
+
Remove a superfluous log message in forget_connection().
+
+
+ -
+
In chat(), properly report missing server responses as such + instead of calling them empty.
+
+
+ -
+
In forwarded_connect(), fix a log message nobody should ever + see.
+
+
+ -
+
Fix a log message in socks5_connect(), a failed write + operation was logged as failed read operation.
+
+
+ -
+
Let load_one_actions_file() properly complain about a missing + '{' at the beginning of the file. Simply stating that a line is + invalid isn't particularly helpful.
+
+
+ -
+
Do not claim to listen on a socket until Privoxy actually + does. Patch submitted by Petr Pisar #3354485
+
+
+ -
+
Prevent a duplicated LOG_LEVEL_CLF message when sending out + the "no-server-data" response.
+
+
+ -
+
Also log the client socket when dropping a connection.
+
+
+ -
+
Include the destination host in the 'Request ... marked for + blocking. limit-connect{...} doesn't allow CONNECT ...' message + Patch submitted by Saperski in #3296250.
+
+
+ -
+
Prevent a duplicated log message if none of the resolved IP + addresses were reachable.
+
+
+ -
+
In connect_to(), do not pretend to retry if + forwarded-connect-retries is zero or unset.
+
+
+ -
+
When a specified user or group can't be found, put the name in + single-quotes when logging it.
+
+
+ -
+
In rfc2553_connect_to(), explain getnameinfo() errors + better.
+
+
+ -
+
Remove a useless log message in chat().
+
+
+ -
+
When retrying to connect, also log the maximum number of + connection attempts.
+
+
+ -
+
Rephrase a log message in compile_dynamic_pcrs_job_list(). + Divide the error code and its meaning with a colon. Call the pcrs + job dynamic and not the filter. Filters may contain dynamic and + non-dynamic pcrs jobs at the same time. Only mention the name of + the filter or tagger, but don't claim it's a filter when it could + be a tagger.
+
+
+ -
+
In a fatal error message in load_one_actions_file(), cover + both URL and TAG patterns.
+
+
+ -
+
In pcrs_strerror(), properly report unknown positive error + code values as such. Previously they were handled like 0 (no + error).
+
+
+ -
+
In compile_dynamic_pcrs_job_list(), also log the actual error + code as pcrs_strerror() doesn't handle all errors reported by + pcre.
+
+
+ -
+
Don't bother trying to continue chatting if the client didn't + ask for it. Reduces log noise a bit.
+
+
+ -
+
Make two fatal error message in load_one_actions_file() more + descriptive.
+
+
+ -
+
In cgi_send_user_manual(), log when rejecting a file name due + to '/' or '..'.
+
+
+ -
+
In load_file(), log a message if opening a file failed. The + CGI error message alone isn't too helpful.
+
+
+ -
+
In connection_destination_matches(), improve two log messages + to help understand why the destinations don't match.
+
+
+ -
+
Rephrase a log message in serve(). Client request arrival + should be differentiated from closed client connections now.
+
+
+ -
+
In serve(), log if a client connection isn't reused due to a + configuration file change.
+
+
+ -
+
Let mark_server_socket_tainted() always mark the server socket + tainted, just don't talk about it in cases where it has no + effect. It doesn't change Privoxy's behaviour, but makes + understanding the log file easier.
+
+
+
+ -
+
-
+
configure:
+ +-
+
-
+
Added a --disable-ipv6-support switch for platforms where + support is detected but doesn't actually work.
+
+
+ -
+
Do not check for the existence of strerror() and memmove() + twice
+
+
+ -
+
Remove a useless test for setpgrp(2). Privoxy doesn't need it + and it can cause problems when cross-compiling.
+
+
+ -
+
Rename the --disable-acl-files switch to + --disable-acl-support. Since about 2001, ACL directives are + specified in the standard config file.
+
+
+ -
+
Update the URL of the 'Removing outdated PCRE version after + the next stable release' posting. The old URL stopped working + after one of SF's recent site "optimizations". Reported by Han + Liu.
+
+
+
+ -
+
-
+
Privoxy-Regression-Test:
+ +-
+
-
+
Added --shuffle-tests option to increase the chances of + detection race conditions.
+
+
+ -
+
Added a --local-test-file option that allows to use + Privoxy-Regression-Test without Privoxy.
+
+
+ -
+
Added tests for missing socks4 and socks4a forwarders.
+
+
+ -
+
The --privoxy-address option now works with IPv6 addresses + containing brackets, too.
+
+
+ -
+
Perform limited sanity checks for parameters that are supposed + to have numerical values.
+
+
+ -
+
Added a --sleep-time option to specify a number of seconds to + sleep between tests, defaults to 0.
+
+
+ -
+
Disable the range-requests tagger for tests that break if it's + enabled.
+
+
+ -
+
Log messages use the ISO 8601 date format %Y-%m-%d.
+
+
+ -
+
Fix spelling in two error messages.
+
+
+ -
+
In the --help output, include a list of supported tests and + their default levels.
+
+
+ -
+
Adjust the tests to properly deal with FEATURE_TOGGLE being + disabled.
+
+
+
+ -
+
-
+
Privoxy-Log-Parser:
+ +-
+
-
+
Perform limited sanity checks for command line parameters that + are supposed to have numerical values.
+
+
+ -
+
Implement a --unbreak-lines-only option to try to revert MUA + breakage.
+
+
+ -
+
Accept and highlight: Added header: Content-Encoding: + deflate
+
+
+ -
+
Accept and highlight: Compressed content from 29258 to 8630 + bytes.
+
+
+ -
+
Accept and highlight: Client request arrived in time on socket + 21.
+
+
+ -
+
Highlight: Didn't receive data in time: a.fsdn.com:443
+
+
+ -
+
Accept log messages with ISO 8601 time stamps, too.
+
+
+
+ -
+
-
+
uagen:
+ +-
+
-
+
Bump generated Firefox version to 8.0.
+
+
+ -
+
Only randomize the release date if the new + --randomize-release-date option is enabled. Firefox versions + after 4 use a fixed date string without meaning.
+
+
+ -
+
3.1. Note + to Upgraders
+ +A quick list of things to be aware of before upgrading from earlier + versions of Privoxy:
+ +-
+
-
+
The recommended way to upgrade Privoxy is to backup your old configuration + files, install the new ones, verify that Privoxy is working correctly and finally merge + back your changes using diff and + maybe patch.
+ +There are a number of new features in each Privoxy release and most of them have to be + explicitly enabled in the configuration files. Old configuration + files obviously don't do that and due to syntax changes using old + configuration files with a new Privoxy isn't always possible anyway.
+
+
+ -
+
Note that some installers remove earlier versions completely, + including configuration files, therefore you should really save any + important configuration files!
+
+
+ -
+
On the other hand, other installers don't overwrite existing + configuration files, thinking you will want to do that + yourself.
+
+
+ -
+
standard.action has been merged into + the default.action file.
+
+
+ -
+
In the default configuration only fatal errors are logged now. + You can change that in the debug + section of the configuration file. You may also want to enable + more verbose logging until you verified that the new Privoxy version is working as expected.
+
+
+ -
+
Three other config file settings are now off by default: + enable-remote-toggle, + enable-remote-http-toggle, + and enable-edit-actions. If you + use or want these, you will need to explicitly enable them, and be + aware of the security issues involved.
+
+
. Fixes parts of #1856559. - * - * Revision 1.70 2007/12/15 14:24:05 fabiankeil - * Plug memory leak if listen-address only specifies the port. - * - * Revision 1.69 2007/10/27 13:02:27 fabiankeil - * Relocate daemon-mode-related log messages to make sure - * they aren't shown again in case of configuration reloads. - * - * Revision 1.68 2007/10/19 16:32:34 fabiankeil - * Plug memory leak introduced with my last commit. - * - * Revision 1.67 2007/10/14 14:12:41 fabiankeil - * When in daemon mode, close stderr after the configuration file has been - * parsed the first time. If logfile isn't set, stop logging. Fixes BR#897436. - * - * Revision 1.66 2007/08/05 14:02:09 fabiankeil - * #1763173 from Stefan Huehner: declare unload_configfile() static. - * - * Revision 1.65 2007/07/21 11:51:36 fabiankeil - * As Hal noticed, checking dispatch_cgi() as the last cruncher - * looks like a bug if CGI requests are blocked unintentionally, - * so don't do it unless the user enabled the new config option - * "allow-cgi-request-crunching". - * - * Revision 1.64 2007/05/21 10:44:08 fabiankeil - * - Use strlcpy() instead of strcpy(). - * - Stop treating actions files special. Expect a complete file name - * (with or without path) like it's done for the rest of the files. - * Closes FR#588084. - * - Remove an unnecessary temporary memory allocation. - * - Don't log anything to the console when running as - * daemon and no errors occurred. - * - * Revision 1.63 2007/04/09 18:11:36 fabiankeil - * Don't mistake VC++'s _snprintf() for a snprintf() replacement. - * - * Revision 1.62 2007/03/17 15:20:05 fabiankeil - * New config option: enforce-blocks. - * - * Revision 1.61 2007/03/16 16:47:35 fabiankeil - * - Mention other reasons why acl directive loading might have failed. - * - Don't log the acl source if the acl destination is to blame. - * - * Revision 1.60 2007/01/27 13:09:16 fabiankeil - * Add new config option "templdir" to - * change the templates directory. - * - * Revision 1.59 2006/12/31 17:56:38 fabiankeil - * Added config option accept-intercepted-requests - * and disabled it by default. - * - * Revision 1.58 2006/12/31 14:24:29 fabiankeil - * Fix gcc43 compiler warnings. - * - * Revision 1.57 2006/12/21 12:57:48 fabiankeil - * Add config option "split-large-forms" - * to work around the browser bug reported - * in BR #1570678. - * - * Revision 1.56 2006/12/17 17:04:51 fabiankeil - * Move the
in the generated HTML for the config - * options from the beginning of the string to its end. - * Keeps the white space in balance. - * - * Revision 1.55 2006/11/28 15:31:52 fabiankeil - * Fix memory leak in case of config file reloads. - * - * Revision 1.54 2006/10/21 16:04:22 fabiankeil - * Modified kludge for win32 to make ming32 menu - * "Options/Edit Filters" (sort of) work again. - * Same limitations as for the action files apply. - * Fixes BR 1567373. - * - * Revision 1.53 2006/09/06 18:45:03 fabiankeil - * Incorporate modified version of Roland Rosenfeld's patch to - * optionally access the user-manual via Privoxy. Closes patch 679075. - * - * Formatting changed to Privoxy style, added call to - * cgi_error_no_template if the requested file doesn't - * exist and modified check whether or not Privoxy itself - * should serve the manual. Should work cross-platform now. - * - * Revision 1.52 2006/09/06 10:43:32 fabiankeil - * Added config option enable-remote-http-toggle - * to specify if Privoxy should recognize special - * headers (currently only X-Filter) to change its - * behaviour. Disabled by default. - * - * Revision 1.51 2006/09/06 09:23:37 fabiankeil - * Make number of retries in case of forwarded-connect problems - * a config file option (forwarded-connect-retries) and use 0 as - * default. - * - * Revision 1.50 2006/07/18 14:48:46 david__schmidt - * Reorganizing the repository: swapping out what was HEAD (the old 3.1 branch) - * with what was really the latest development (the v_3_0_branch branch) - * - * Revision 1.48.2.7 2006/02/02 17:29:16 david__schmidt - * Don't forget to malloc space for the null terminator... - * - * Revision 1.48.2.6 2006/01/29 23:10:56 david__schmidt - * Multiple filter file support - * - * Revision 1.48.2.5 2003/05/08 15:17:25 oes - * Closed two memory leaks; hopefully the last remaining ones - * (in the main execution paths, anyway). - * - * Revision 1.48.2.4 2003/04/11 12:06:14 oes - * Addressed bug #719435 - * - Extraneous filterfile directives now logged as errors - * - This and unrecnonised directives now really obvious on status page - * - * Revision 1.48.2.3 2003/03/11 11:53:59 oes - * Cosmetic: Renamed cryptic variable - * - * Revision 1.48.2.2 2002/11/12 16:28:20 oes - * Move unrelated variable declaration out of #ifdef FEATURE_ACL; fixes bug #636655 - * - * Revision 1.48.2.1 2002/08/21 17:58:05 oes - * Temp kludge to let user and default action file be edited through win32 GUI (FR 592080) - * - * Revision 1.48 2002/05/14 21:30:38 oes - * savearg now uses own linking code instead of (now special-cased) add_help_link - * - * Revision 1.47 2002/05/12 21:36:29 jongfoster - * Correcting function comments - * - * Revision 1.46 2002/04/26 12:55:14 oes - * - New option "user-manual", defaults to our site - * via project.h #define - * - savearg now embeds option names in help links - * - * Revision 1.45 2002/04/24 02:11:54 oes - * Jon's multiple AF patch: Allow up to MAX_AF_FILES actionsfile options - * - * Revision 1.44 2002/04/08 20:37:13 swa - * fixed JB spelling - * - * Revision 1.43 2002/04/08 20:36:50 swa - * fixed JB spelling - * - * Revision 1.42 2002/04/05 15:50:15 oes - * fix for invalid HTML proxy_args - * - * Revision 1.41 2002/03/31 17:19:00 jongfoster - * Win32 only: Enabling STRICT to fix a VC++ compile warning. - * - * Revision 1.40 2002/03/26 22:29:55 swa - * we have a new homepage! - * - * Revision 1.39 2002/03/24 13:25:43 swa - * name change related issues - * - * Revision 1.38 2002/03/24 13:05:48 jongfoster - * Renaming re_filterfile to filterfile - * - * Revision 1.37 2002/03/16 23:54:06 jongfoster - * Adding graceful termination feature, to help look for memory leaks. - * If you enable this (which, by design, has to be done by hand - * editing config.h) and then go to http://i.j.b/die, then the program - * will exit cleanly after the *next* request. It should free all the - * memory that was used. - * - * Revision 1.36 2002/03/13 00:27:05 jongfoster - * Killing warnings - * - * Revision 1.35 2002/03/07 03:52:44 oes - * Set logging to tty for --no-daemon mode - * - * Revision 1.34 2002/03/06 23:14:35 jongfoster - * Trivial cosmetic changes to make function comments easier to find. - * - * Revision 1.33 2002/03/05 04:52:42 oes - * Deleted non-errlog debugging code - * - * Revision 1.32 2002/03/04 18:24:53 oes - * Re-enabled output of unknown config directive hash - * - * Revision 1.31 2002/03/03 15:07:20 oes - * Re-enabled automatic config reloading - * - * Revision 1.30 2002/01/22 23:31:43 jongfoster - * Replacing strsav() with string_append() - * - * Revision 1.29 2002/01/17 21:02:30 jongfoster - * Moving all our URL and URL pattern parsing code to urlmatch.c. - * - * Renaming free_url to free_url_spec, since it frees a struct url_spec. - * - * Revision 1.28 2001/12/30 14:07:32 steudten - * - Add signal handling (unix) - * - Add SIGHUP handler (unix) - * - Add creation of pidfile (unix) - * - Add action 'top' in rc file (RH) - * - Add entry 'SIGNALS' to manpage - * - Add exit message to logfile (unix) - * - * Revision 1.27 2001/11/07 00:02:13 steudten - * Add line number in error output for lineparsing for - * actionsfile and configfile. - * Special handling for CLF added. - * - * Revision 1.26 2001/11/05 21:41:43 steudten - * Add changes to be a real daemon just for unix os. - * (change cwd to /, detach from controlling tty, set - * process group and session leader to the own process. - * Add DBG() Macro. - * Add some fatal-error log message for failed malloc(). - * Add '-d' if compiled with 'configure --with-debug' to - * enable debug output. - * - * Revision 1.25 2001/10/25 03:40:48 david__schmidt - * Change in porting tactics: OS/2's EMX porting layer doesn't allow multiple - * threads to call select() simultaneously. So, it's time to do a real, live, - * native OS/2 port. See defines for __EMX__ (the porting layer) vs. __OS2__ - * (native). Both versions will work, but using __OS2__ offers multi-threading. - * - * Revision 1.24 2001/10/23 21:40:30 jongfoster - * Added support for enable-edit-actions and enable-remote-toggle config - * file options. - * - * Revision 1.23 2001/10/07 15:36:00 oes - * Introduced new config option "buffer-limit" - * - * Revision 1.22 2001/09/22 16:36:59 jongfoster - * Removing unused parameter fs from read_config_line() - * - * Revision 1.21 2001/09/16 17:10:43 jongfoster - * Moving function savearg() here, since it was the only thing left in - * showargs.c. - * - * Revision 1.20 2001/07/30 22:08:36 jongfoster - * Tidying up #defines: - * - All feature #defines are now of the form FEATURE_xxx - * - Permanently turned off WIN_GUI_EDIT - * - Permanently turned on WEBDAV and SPLIT_PROXY_ARGS - * - * Revision 1.19 2001/07/15 17:45:16 jongfoster - * Removing some unused #includes - * - * Revision 1.18 2001/07/13 14:01:14 oes - * - Removed all #ifdef PCRS - * - Removed vim-settings - * - * Revision 1.17 2001/06/29 13:31:03 oes - * - Improved comments - * - Fixed (actionsfile) and sorted hashes - * - Introduced admin_address and proxy-info-url - * as config parameters - * - Renamed config->proxy_args_invocation (which didn't have - * the invocation but the options!) to config->proxy_args - * - Various adaptions - * - Removed logentry from cancelled commit - * - * Revision 1.16 2001/06/09 10:55:28 jongfoster - * Changing BUFSIZ ==> BUFFER_SIZE - * - * Revision 1.15 2001/06/07 23:13:40 jongfoster - * Merging ACL and forward files into config file. - * Cosmetic: Sorting config file options alphabetically. - * Cosmetic: Adding brief syntax comments to config file options. - * - * Revision 1.14 2001/06/07 14:46:25 joergs - * Missing make_path() added for re_filterfile. - * - * Revision 1.13 2001/06/05 22:33:54 jongfoster - * - * Fixed minor memory leak. - * Also now uses make_path to prepend the pathnames. - * - * Revision 1.12 2001/06/05 20:04:09 jongfoster - * Now uses _snprintf() in place of snprintf() under Win32. - * - * Revision 1.11 2001/06/04 18:31:58 swa - * files are now prefixed with either `confdir' or `logdir'. - * `make redhat-dist' replaces both entries confdir and logdir - * with redhat values - * - * Revision 1.10 2001/06/03 19:11:54 oes - * introduced confdir option - * - * Revision 1.9 2001/06/01 20:06:24 jongfoster - * Removed support for "tinygif" option - moved to actions file. - * - * Revision 1.8 2001/05/31 21:27:13 jongfoster - * Removed many options from the config file and into the - * "actions" file: add_forwarded, suppress_vanilla_wafer, - * wafer, add_header, user_agent, referer, from - * Also globally replaced "permission" with "action". - * - * Revision 1.7 2001/05/29 09:50:24 jongfoster - * Unified blocklist/imagelist/permissionslist. - * File format is still under discussion, but the internal changes - * are (mostly) done. - * - * Also modified interceptor behaviour: - * - We now intercept all URLs beginning with one of the following - * prefixes (and *only* these prefixes): - * * http://i.j.b/ - * * http://ijbswa.sf.net/config/ - * * http://ijbswa.sourceforge.net/config/ - * - New interceptors "home page" - go to http://i.j.b/ to see it. - * - Internal changes so that intercepted and fast redirect pages - * are not replaced with an image. - * - Interceptors now have the option to send a binary page direct - * to the client. (i.e. ijb-send-banner uses this) - * - Implemented show-url-info interceptor. (Which is why I needed - * the above interceptors changes - a typical URL is - * "http://i.j.b/show-url-info?url=www.somesite.com/banner.gif". - * The previous mechanism would not have intercepted that, and - * if it had been intercepted then it then it would have replaced - * it with an image.) - * - * Revision 1.6 2001/05/26 00:28:36 jongfoster - * Automatic reloading of config file. - * Removed obsolete SIGHUP support (Unix) and Reload menu option (Win32). - * Most of the global variables have been moved to a new - * struct configuration_spec, accessed through csp->config->globalname - * Most of the globals remaining are used by the Win32 GUI. - * - * Revision 1.5 2001/05/25 22:34:30 jongfoster - * Hard tabs->Spaces - * - * Revision 1.4 2001/05/22 18:46:04 oes - * - * - Enabled filtering banners by size rather than URL - * by adding patterns that replace all standard banner - * sizes with the "Junkbuster" gif to the re_filterfile - * - * - Enabled filtering WebBugs by providing a pattern - * which kills all 1x1 images - * - * - Added support for PCRE_UNGREEDY behaviour to pcrs, - * which is selected by the (nonstandard and therefore - * capital) letter 'U' in the option string. - * It causes the quantifiers to be ungreedy by default. - * Appending a ? turns back to greedy (!). - * - * - Added a new interceptor ijb-send-banner, which - * sends back the "Junkbuster" gif. Without imagelist or - * MSIE detection support, or if tinygif = 1, or the - * URL isn't recognized as an imageurl, a lame HTML - * explanation is sent instead. - * - * - Added new feature, which permits blocking remote - * script redirects and firing back a local redirect - * to the browser. - * The feature is conditionally compiled, i.e. it - * can be disabled with --disable-fast-redirects, - * plus it must be activated by a "fast-redirects" - * line in the config file, has its own log level - * and of course wants to be displayed by show-proxy-args - * Note: Boy, all the #ifdefs in 1001 locations and - * all the fumbling with configure.in and acconfig.h - * were *way* more work than the feature itself :-( - * - * - Because a generic redirect template was needed for - * this, tinygif = 3 now uses the same. - * - * - Moved GIFs, and other static HTTP response templates - * to project.h - * - * - Some minor fixes - * - * - Removed some >400 CRs again (Jon, you really worked - * a lot! ;-) - * - * Revision 1.3 2001/05/20 01:21:20 jongfoster - * Version 2.9.4 checkin. - * - Merged popupfile and cookiefile, and added control over PCRS - * filtering, in new "permissionsfile". - * - Implemented LOG_LEVEL_FATAL, so that if there is a configuration - * file error you now get a message box (in the Win32 GUI) rather - * than the program exiting with no explanation. - * - Made killpopup use the PCRS MIME-type checking and HTTP-header - * skipping. - * - Removed tabs from "config" - * - Moved duplicated url parsing code in "loaders.c" to a new funcition. - * - Bumped up version number. - * - * Revision 1.2 2001/05/17 23:01:01 oes - * - Cleaned CRLF's from the sources and related files - * - * Revision 1.1.1.1 2001/05/15 13:58:58 oes - * Initial import of version 2.9.3 source tree - * - * *********************************************************************/ - + #include "config.h" @@ -594,7 +111,7 @@ const char *configfile = NULL; * so we will make argc and argv global. */ int Argc = 0; -const char **Argv = NULL; +char * const * Argv = NULL; static struct file_list *current_configfile = NULL; @@ -616,10 +133,14 @@ static struct file_list *current_configfile = NULL; #define hash_admin_address 4112573064ul /* "admin-address" */ #define hash_allow_cgi_request_crunching 258915987ul /* "allow-cgi-request-crunching" */ #define hash_buffer_limit 1881726070ul /* "buffer-limit */ +#define hash_compression_level 2464423563ul /* "compression-level" */ #define hash_confdir 1978389ul /* "confdir" */ +#define hash_connection_sharing 1348841265ul /* "connection-sharing" */ #define hash_debug 78263ul /* "debug" */ +#define hash_default_server_timeout 2530089913ul /* "default-server-timeout" */ #define hash_deny_access 1227333715ul /* "deny-access" */ #define hash_enable_edit_actions 2517097536ul /* "enable-edit-actions" */ +#define hash_enable_compression 3943696946ul /* "enable-compression" */ #define hash_enable_remote_toggle 2979744683ul /* "enable-remote-toggle" */ #define hash_enable_remote_http_toggle 110543988ul /* "enable-remote-http-toggle" */ #define hash_enforce_blocks 1862427469ul /* "enforce-blocks" */ @@ -629,11 +150,13 @@ static struct file_list *current_configfile = NULL; #define hash_forward_socks4a 2639958518ul /* "forward-socks4a" */ #define hash_forward_socks5 3963965522ul /* "forward-socks5" */ #define hash_forwarded_connect_retries 101465292ul /* "forwarded-connect-retries" */ +#define hash_handle_as_empty_returns_ok 1444873247ul /* "handle-as-empty-doc-returns-ok" */ #define hash_hostname 10308071ul /* "hostname" */ #define hash_keep_alive_timeout 3878599515ul /* "keep-alive-timeout" */ #define hash_listen_address 1255650842ul /* "listen-address" */ #define hash_logdir 422889ul /* "logdir" */ #define hash_logfile 2114766ul /* "logfile" */ +#define hash_max_client_connections 3595884446ul /* "max-client-connections" */ #define hash_permit_access 3587953268ul /* "permit-access" */ #define hash_proxy_info_url 3903079059ul /* "proxy-info-url" */ #define hash_single_threaded 4250084780ul /* "single-threaded" */ @@ -706,7 +229,10 @@ static void unload_configfile (void * data) freez(config->templdir); freez(config->hostname); - freez(config->haddr); + for (i = 0; i < MAX_LISTENING_SOCKETS; i++) + { + freez(config->haddr[i]); + } freez(config->logfile); for (i = 0; i < MAX_AF_FILES; i++) @@ -727,11 +253,6 @@ static void unload_configfile (void * data) list_remove_all(config->trust_info); #endif /* def FEATURE_TRUST */ - for (i = 0; i < MAX_AF_FILES; i++) - { - freez(config->re_filterfile[i]); - } - freez(config); } @@ -760,6 +281,51 @@ void unload_current_config_file(void) #endif +/********************************************************************* + * + * Function : parse_toggle_value + * + * Description : Parse the value of a directive that can only be + * enabled or disabled. Terminates with a fatal error + * if the value is NULL or something other than 0 or 1. + * + * Parameters : + * 1 : name: The name of the directive. Used for log messages. + * 2 : value: The value to parse + * + * + * Returns : The numerical toggle state + * + *********************************************************************/ +static int parse_toggle_state(const char *name, const char *value) +{ + int toggle_state; + assert(name != NULL); + assert(value != NULL); + + if ((value == NULL) || (*value == '\0')) + { + log_error(LOG_LEVEL_FATAL, "Directive %s used without argument", name); + } + + toggle_state = atoi(value); + + /* + * Also check the length as atoi() doesn't mind + * garbage after a valid integer, but we do. + */ + if (((toggle_state != 0) && (toggle_state != 1)) || (strlen(value) != 1)) + { + log_error(LOG_LEVEL_FATAL, + "Directive %s used with invalid argument '%s'. Use either '0' or '1'.", + name, value); + } + + return toggle_state; + +} + + /********************************************************************* * * Function : load_config @@ -776,7 +342,7 @@ void unload_current_config_file(void) *********************************************************************/ struct configuration_spec * load_config(void) { - char buf[BUFFER_SIZE]; + char *buf = NULL; char *p, *q; FILE *configfp = NULL; struct configuration_spec * config = NULL; @@ -785,9 +351,6 @@ struct configuration_spec * load_config(void) unsigned long linenum = 0; int i; char *logfile = NULL; -#ifdef FEATURE_CONNECTION_KEEP_ALIVE - int keep_alive_timeout = DEFAULT_KEEP_ALIVE_TIMEOUT; -#endif if (!check_file_changed(current_configfile, configfile, &fs)) { @@ -835,15 +398,29 @@ struct configuration_spec * load_config(void) * Set to defaults */ config->multi_threaded = 1; - config->hport = HADDR_PORT; config->buffer_limit = 4096 * 1024; config->usermanual = strdup(USER_MANUAL_URL); config->proxy_args = strdup(""); config->forwarded_connect_retries = 0; + config->max_client_connections = 0; config->socket_timeout = 300; /* XXX: Should be a macro. */ +#ifdef FEATURE_CONNECTION_KEEP_ALIVE + config->default_server_timeout = 0; + config->keep_alive_timeout = DEFAULT_KEEP_ALIVE_TIMEOUT; + config->feature_flags &= ~RUNTIME_FEATURE_CONNECTION_KEEP_ALIVE; + config->feature_flags &= ~RUNTIME_FEATURE_CONNECTION_SHARING; +#endif config->feature_flags &= ~RUNTIME_FEATURE_CGI_TOGGLE; config->feature_flags &= ~RUNTIME_FEATURE_SPLIT_LARGE_FORMS; config->feature_flags &= ~RUNTIME_FEATURE_ACCEPT_INTERCEPTED_REQUESTS; + config->feature_flags &= ~RUNTIME_FEATURE_EMPTY_DOC_RETURNS_OK; +#ifdef FEATURE_COMPRESSION + config->feature_flags &= ~RUNTIME_FEATURE_COMPRESSION; + /* + * XXX: Run some benchmarks to see if there are better default values. + */ + config->compression_level = 1; +#endif configfp = fopen(configfile, "r"); if (NULL == configfp) @@ -853,7 +430,7 @@ struct configuration_spec * load_config(void) /* Never get here - LOG_LEVEL_FATAL causes program exit */ } - while (read_config_line(buf, sizeof(buf), configfp, &linenum) != NULL) + while (read_config_line(configfp, &linenum, &buf) != NULL) { char cmd[BUFFER_SIZE]; char arg[BUFFER_SIZE]; @@ -884,11 +461,15 @@ struct configuration_spec * load_config(void) } /* Copy the argument into arg */ - strlcpy(arg, p, sizeof(arg)); + if (strlcpy(arg, p, sizeof(arg)) >= sizeof(arg)) + { + log_error(LOG_LEVEL_FATAL, "Config line too long: %s", buf); + } /* Should never happen, but check this anyway */ if (*cmd == '\0') { + freez(buf); continue; } @@ -929,7 +510,7 @@ struct configuration_spec * load_config(void) * accept-intercepted-requests * *************************************************************************/ case hash_accept_intercepted_requests: - if ((*arg != '\0') && (0 != atoi(arg))) + if (parse_toggle_state(cmd, arg) == 1) { config->feature_flags |= RUNTIME_FEATURE_ACCEPT_INTERCEPTED_REQUESTS; } @@ -951,7 +532,7 @@ struct configuration_spec * load_config(void) * allow-cgi-request-crunching * *************************************************************************/ case hash_allow_cgi_request_crunching: - if ((*arg != '\0') && (0 != atoi(arg))) + if (parse_toggle_state(cmd, arg) == 1) { config->feature_flags |= RUNTIME_FEATURE_CGI_CRUNCHING; } @@ -976,6 +557,48 @@ struct configuration_spec * load_config(void) config->confdir = make_path( NULL, arg); break; +/* ************************************************************************* + * compression-level 0-9 + * *************************************************************************/ +#ifdef FEATURE_COMPRESSION + case hash_compression_level : + if (*arg != '\0') + { + int compression_level = atoi(arg); + if (-1 <= compression_level && compression_level <= 9) + { + config->compression_level = compression_level;; + } + else + { + log_error(LOG_LEVEL_FATAL, + "Invalid compression-level value: %s", arg); + } + } + else + { + log_error(LOG_LEVEL_FATAL, + "Invalid compression-level directive. Compression value missing"); + } + break; +#endif + +/* ************************************************************************* + * connection-sharing (0|1) + * *************************************************************************/ +#ifdef FEATURE_CONNECTION_SHARING + case hash_connection_sharing : + if (parse_toggle_state(cmd, arg) == 1) + { + config->feature_flags |= RUNTIME_FEATURE_CONNECTION_SHARING; + } + else + { + config->feature_flags &= ~RUNTIME_FEATURE_CONNECTION_SHARING; + } + break; +#endif + /* ************************************************************************* * debug n * Specifies debug level, multiple values are ORed together. @@ -984,6 +607,27 @@ struct configuration_spec * load_config(void) config->debug |= atoi(arg); break; +/* ************************************************************************* + * default-server-timeout timeout + * *************************************************************************/ +#ifdef FEATURE_CONNECTION_KEEP_ALIVE + case hash_default_server_timeout : + if (*arg != '\0') + { + int timeout = atoi(arg); + if (0 < timeout) + { + config->default_server_timeout = (unsigned int)timeout; + } + else + { + log_error(LOG_LEVEL_FATAL, + "Invalid default-server-timeout value: %s", arg); + } + } + break; +#endif + /* ************************************************************************* * deny-access source-ip[/significant-bits] [dest-ip[/significant-bits]] * *************************************************************************/ @@ -1044,6 +688,12 @@ struct configuration_spec * load_config(void) break; } } +#ifdef HAVE_RFC2553 + else + { + cur_acl->wildcard_dst = 1; + } +#endif /* def HAVE_RFC2553 */ /* * Add it to the list. Note we reverse the list to get the @@ -1065,7 +715,7 @@ struct configuration_spec * load_config(void) * *************************************************************************/ #ifdef FEATURE_CGI_EDIT_ACTIONS case hash_enable_edit_actions: - if ((*arg != '\0') && (0 != atoi(arg))) + if (parse_toggle_state(cmd, arg) == 1) { config->feature_flags |= RUNTIME_FEATURE_CGI_EDIT_ACTIONS; } @@ -1076,12 +726,29 @@ struct configuration_spec * load_config(void) break; #endif /* def FEATURE_CGI_EDIT_ACTIONS */ +/* ************************************************************************* + * enable-compression 0|1 + * *************************************************************************/ +#ifdef FEATURE_COMPRESSION + case hash_enable_compression: + if (parse_toggle_state(cmd, arg) == 1) + { + config->feature_flags |= RUNTIME_FEATURE_COMPRESSION; + } + else + { + config->feature_flags &= ~RUNTIME_FEATURE_COMPRESSION; + } + break; +#endif /* def FEATURE_COMPRESSION */ + + /* ************************************************************************* * enable-remote-toggle 0|1 * *************************************************************************/ #ifdef FEATURE_TOGGLE case hash_enable_remote_toggle: - if ((*arg != '\0') && (0 != atoi(arg))) + if (parse_toggle_state(cmd, arg) == 1) { config->feature_flags |= RUNTIME_FEATURE_CGI_TOGGLE; } @@ -1096,7 +763,7 @@ struct configuration_spec * load_config(void) * enable-remote-http-toggle 0|1 * *************************************************************************/ case hash_enable_remote_http_toggle: - if ((*arg != '\0') && (0 != atoi(arg))) + if (parse_toggle_state(cmd, arg) == 1) { config->feature_flags |= RUNTIME_FEATURE_HTTP_TOGGLE; } @@ -1111,7 +778,7 @@ struct configuration_spec * load_config(void) * *************************************************************************/ case hash_enforce_blocks: #ifdef FEATURE_FORCE_LOAD - if ((*arg != '\0') && (0 != atoi(arg))) + if (parse_toggle_state(cmd, arg) == 1) { config->feature_flags |= RUNTIME_FEATURE_ENFORCE_BLOCKS; } @@ -1191,18 +858,9 @@ struct configuration_spec * load_config(void) if (strcmp(p, ".") != 0) { - cur_fwd->forward_host = strdup(p); - - if (NULL != (p = strchr(cur_fwd->forward_host, ':'))) - { - *p++ = '\0'; - cur_fwd->forward_port = atoi(p); - } - - if (cur_fwd->forward_port <= 0) - { - cur_fwd->forward_port = 8000; - } + cur_fwd->forward_port = 8000; + parse_forwarder_address(p, &cur_fwd->forward_host, + &cur_fwd->forward_port); } /* Add to list. */ @@ -1253,19 +911,12 @@ struct configuration_spec * load_config(void) /* Parse the SOCKS proxy host[:port] */ p = vec[1]; + /* XXX: This check looks like a bug. */ if (strcmp(p, ".") != 0) { - cur_fwd->gateway_host = strdup(p); - - if (NULL != (p = strchr(cur_fwd->gateway_host, ':'))) - { - *p++ = '\0'; - cur_fwd->gateway_port = atoi(p); - } - if (cur_fwd->gateway_port <= 0) - { - cur_fwd->gateway_port = 1080; - } + cur_fwd->gateway_port = 1080; + parse_forwarder_address(p, &cur_fwd->gateway_host, + &cur_fwd->gateway_port); } /* Parse the parent HTTP proxy host[:port] */ @@ -1273,18 +924,9 @@ struct configuration_spec * load_config(void) if (strcmp(p, ".") != 0) { - cur_fwd->forward_host = strdup(p); - - if (NULL != (p = strchr(cur_fwd->forward_host, ':'))) - { - *p++ = '\0'; - cur_fwd->forward_port = atoi(p); - } - - if (cur_fwd->forward_port <= 0) - { - cur_fwd->forward_port = 8000; - } + cur_fwd->forward_port = 8000; + parse_forwarder_address(p, &cur_fwd->forward_host, + &cur_fwd->forward_port); } /* Add to list. */ @@ -1343,35 +985,18 @@ struct configuration_spec * load_config(void) /* Parse the SOCKS proxy host[:port] */ p = vec[1]; - cur_fwd->gateway_host = strdup(p); - - if (NULL != (p = strchr(cur_fwd->gateway_host, ':'))) - { - *p++ = '\0'; - cur_fwd->gateway_port = atoi(p); - } - if (cur_fwd->gateway_port <= 0) - { - cur_fwd->gateway_port = 1080; - } + cur_fwd->gateway_port = 1080; + parse_forwarder_address(p, &cur_fwd->gateway_host, + &cur_fwd->gateway_port); /* Parse the parent HTTP proxy host[:port] */ p = vec[2]; if (strcmp(p, ".") != 0) { - cur_fwd->forward_host = strdup(p); - - if (NULL != (p = strchr(cur_fwd->forward_host, ':'))) - { - *p++ = '\0'; - cur_fwd->forward_port = atoi(p); - } - - if (cur_fwd->forward_port <= 0) - { - cur_fwd->forward_port = 8000; - } + cur_fwd->forward_port = 8000; + parse_forwarder_address(p, &cur_fwd->forward_host, + &cur_fwd->forward_port); } /* Add to list. */ @@ -1387,6 +1012,26 @@ struct configuration_spec * load_config(void) config->forwarded_connect_retries = atoi(arg); break; +/* ************************************************************************* + * handle-as-empty-doc-returns-ok 0|1 + * + * Workaround for firefox hanging on blocked javascript pages. + * Block with the "+handle-as-empty-document" flag and set the + * "handle-as-empty-doc-returns-ok" run-time config flag so that + * Privoxy returns a 200/OK status instead of a 403/Forbidden status + * to the browser for blocked pages. + ***************************************************************************/ + case hash_handle_as_empty_returns_ok: + if (parse_toggle_state(cmd, arg) == 1) + { + config->feature_flags |= RUNTIME_FEATURE_EMPTY_DOC_RETURNS_OK; + } + else + { + config->feature_flags &= ~RUNTIME_FEATURE_EMPTY_DOC_RETURNS_OK; + } + break; + /* ************************************************************************* * hostname hostname-to-show-on-cgi-pages * *************************************************************************/ @@ -1407,10 +1052,10 @@ struct configuration_spec * load_config(void) if (*arg != '\0') { int timeout = atoi(arg); - if (0 <= timeout) + if (0 < timeout) { config->feature_flags |= RUNTIME_FEATURE_CONNECTION_KEEP_ALIVE; - keep_alive_timeout = timeout; + config->keep_alive_timeout = (unsigned int)timeout; } else { @@ -1424,8 +1069,23 @@ struct configuration_spec * load_config(void) * listen-address [ip][:port] * *************************************************************************/ case hash_listen_address : - freez(config->haddr); - config->haddr = strdup(arg); + i = 0; + while ((i < MAX_LISTENING_SOCKETS) && (NULL != config->haddr[i])) + { + i++; + } + + if (i >= MAX_LISTENING_SOCKETS) + { + log_error(LOG_LEVEL_FATAL, "Too many 'listen-address' directives in config file - limit is %d.\n" + "(You can increase this limit by changing MAX_LISTENING_SOCKETS in project.h and recompiling).", + MAX_LISTENING_SOCKETS); + } + config->haddr[i] = strdup(arg); + if (NULL == config->haddr[i]) + { + log_error(LOG_LEVEL_FATAL, "Out of memory while copying listening address"); + } break; /* ************************************************************************* @@ -1441,7 +1101,7 @@ struct configuration_spec * load_config(void) * In logdir by default * *************************************************************************/ case hash_logfile : - if (!no_daemon) + if (daemon_mode) { logfile = make_path(config->logdir, arg); if (NULL == logfile) @@ -1451,6 +1111,20 @@ struct configuration_spec * load_config(void) } break; +/* ************************************************************************* + * max-client-connections number + * *************************************************************************/ + case hash_max_client_connections : + if (*arg != '\0') + { + int max_client_connections = atoi(arg); + if (0 <= max_client_connections) + { + config->max_client_connections = max_client_connections; + } + } + break; + /* ************************************************************************* * permit-access source-ip[/significant-bits] [dest-ip[/significant-bits]] * *************************************************************************/ @@ -1512,6 +1186,12 @@ struct configuration_spec * load_config(void) break; } } +#ifdef HAVE_RFC2553 + else + { + cur_acl->wildcard_dst = 1; + } +#endif /* def HAVE_RFC2553 */ /* * Add it to the list. Note we reverse the list to get the @@ -1566,7 +1246,7 @@ struct configuration_spec * load_config(void) * split-large-cgi-forms * *************************************************************************/ case hash_split_large_cgi_forms : - if ((*arg != '\0') && (0 != atoi(arg))) + if (parse_toggle_state(cmd, arg) == 1) { config->feature_flags |= RUNTIME_FEATURE_SPLIT_LARGE_FORMS; } @@ -1778,7 +1458,7 @@ struct configuration_spec * load_config(void) /* Save the argument for the show-status page. */ savearg(cmd, arg, config); - + freez(buf); } /* end while ( read_config_line(...) ) */ fclose(configfp); @@ -1787,7 +1467,7 @@ struct configuration_spec * load_config(void) freez(config->logfile); - if (!no_daemon) + if (daemon_mode) { if (NULL != logfile) { @@ -1801,11 +1481,21 @@ struct configuration_spec * load_config(void) } #ifdef FEATURE_CONNECTION_KEEP_ALIVE + if (config->default_server_timeout > config->keep_alive_timeout) + { + log_error(LOG_LEVEL_ERROR, + "Reducing the default-server-timeout from %d to the keep-alive-timeout %d.", + config->default_server_timeout, config->keep_alive_timeout); + config->default_server_timeout = config->keep_alive_timeout; + } +#endif /* def FEATURE_CONNECTION_KEEP_ALIVE */ + +#ifdef FEATURE_CONNECTION_SHARING if (config->feature_flags & RUNTIME_FEATURE_CONNECTION_KEEP_ALIVE) { if (config->multi_threaded) { - set_keep_alive_timeout(keep_alive_timeout); + set_keep_alive_timeout(config->keep_alive_timeout); } else { @@ -1814,29 +1504,37 @@ struct configuration_spec * load_config(void) * if we didn't bother with enforcing the connection timeout, * that might make Tor users sad, even though they shouldn't * enable the single-threaded option anyway. + * + * XXX: We could still use Proxy-Connection: keep-alive. */ config->feature_flags &= ~RUNTIME_FEATURE_CONNECTION_KEEP_ALIVE; log_error(LOG_LEVEL_ERROR, "Config option single-threaded disables connection keep-alive."); } } -#endif + else if ((config->feature_flags & RUNTIME_FEATURE_CONNECTION_SHARING)) + { + log_error(LOG_LEVEL_ERROR, "Config option connection-sharing " + "has no effect if keep-alive-timeout isn't set."); + config->feature_flags &= ~RUNTIME_FEATURE_CONNECTION_SHARING; + } +#endif /* def FEATURE_CONNECTION_SHARING */ if (NULL == config->proxy_args) { log_error(LOG_LEVEL_FATAL, "Out of memory loading config - insufficient memory for config->proxy_args"); } - if (config->actions_file[0]) - { - add_loader(load_action_files, config); - } - if (config->re_filterfile[0]) { add_loader(load_re_filterfiles, config); } + if (config->actions_file[0]) + { + add_loader(load_action_files, config); + } + #ifdef FEATURE_TRUST if (config->trustfile) { @@ -1844,35 +1542,45 @@ struct configuration_spec * load_config(void) } #endif /* def FEATURE_TRUST */ - if ( NULL == config->haddr ) + if ( NULL == config->haddr[0] ) { - config->haddr = strdup( HADDR_DEFAULT ); + config->haddr[0] = strdup( HADDR_DEFAULT ); + if (NULL == config->haddr[0]) + { + log_error(LOG_LEVEL_FATAL, "Out of memory while copying default listening address"); + } } - if ( NULL != config->haddr ) + for (i = 0; i < MAX_LISTENING_SOCKETS && NULL != config->haddr[i]; i++) { - if (NULL != (p = strchr(config->haddr, ':'))) + if ((*config->haddr[i] == '[') + && (NULL != (p = strchr(config->haddr[i], ']'))) + && (p[1] == ':') + && (0 < (config->hport[i] = atoi(p + 2)))) { - *p++ = '\0'; - if (*p) - { - config->hport = atoi(p); - } + *p = '\0'; + memmove((void *)config->haddr[i], config->haddr[i] + 1, + (size_t)(p - config->haddr[i])); } - - if (config->hport <= 0) + else if (NULL != (p = strchr(config->haddr[i], ':')) + && (0 < (config->hport[i] = atoi(p + 1)))) { - *--p = ':'; - log_error(LOG_LEVEL_FATAL, "invalid bind port spec %s", config->haddr); + *p = '\0'; + } + else + { + log_error(LOG_LEVEL_FATAL, "invalid bind port spec %s", config->haddr[i]); /* Never get here - LOG_LEVEL_FATAL causes program exit */ } - if (*config->haddr == '\0') + if (*config->haddr[i] == '\0') { /* - * Only the port specified. We stored it in config->hport + * Only the port specified. We stored it in config->hport[i] * and don't need its text representation anymore. + * Use config->hport[i] == 0 to iterate listening addresses since + * now. */ - freez(config->haddr); + freez(config->haddr[i]); } } @@ -1896,8 +1604,9 @@ struct configuration_spec * load_config(void) #if defined(_WIN32) && !defined (_WIN_CONSOLE) g_default_actions_file = config->actions_file[1]; /* FIXME Hope this is default.action */ - g_user_actions_file = config->actions_file[2]; /* FIXME Hope this is user.action */ - g_re_filterfile = config->re_filterfile[0]; /* FIXME Hope this is default.filter */ + g_user_actions_file = config->actions_file[2]; /* FIXME Hope this is user.action */ + g_default_filterfile = config->re_filterfile[0]; /* FIXME Hope this is default.filter */ + g_user_filterfile = config->re_filterfile[1]; /* FIXME Hope this is user.filter */ #ifdef FEATURE_TRUST g_trustfile = config->trustfile; @@ -1915,30 +1624,34 @@ struct configuration_spec * load_config(void) struct configuration_spec * oldcfg = (struct configuration_spec *) current_configfile->f; /* - * Check if config->haddr,hport == oldcfg->haddr,hport + * Check if config->haddr[i],hport[i] == oldcfg->haddr[i],hport[i] * * The following could be written more compactly as a single, * (unreadably long) if statement. */ config->need_bind = 0; - if (config->hport != oldcfg->hport) + + for (i = 0; i < MAX_LISTENING_SOCKETS; i++) { - config->need_bind = 1; - } - else if (config->haddr == NULL) - { - if (oldcfg->haddr != NULL) + if (config->hport[i] != oldcfg->hport[i]) + { + config->need_bind = 1; + } + else if (config->haddr[i] == NULL) + { + if (oldcfg->haddr[i] != NULL) + { + config->need_bind = 1; + } + } + else if (oldcfg->haddr[i] == NULL) + { + config->need_bind = 1; + } + else if (0 != strcmp(config->haddr[i], oldcfg->haddr[i])) { config->need_bind = 1; } - } - else if (oldcfg->haddr == NULL) - { - config->need_bind = 1; - } - else if (0 != strcmp(config->haddr, oldcfg->haddr)) - { - config->need_bind = 1; } current_configfile->unloader = unload_configfile; diff --git a/external/privoxy/loadcfg.h b/external/privoxy/loadcfg.h index 80fc184f..6154bff4 100644 --- a/external/privoxy/loadcfg.h +++ b/external/privoxy/loadcfg.h @@ -1,12 +1,12 @@ #ifndef LOADCFG_H_INCLUDED #define LOADCFG_H_INCLUDED -#define LOADCFG_H_VERSION "$Id: loadcfg.h,v 1.13 2006/07/18 14:48:46 david__schmidt Exp $" +#define LOADCFG_H_VERSION "$Id: loadcfg.h,v 1.16 2011/09/04 11:10:56 fabiankeil Exp $" /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/loadcfg.h,v $ * * Purpose : Loads settings from the configuration file into - * global variables. This file contains both the + * global variables. This file contains both the * routine to load the configuration and the global * variables it writes to. * @@ -14,10 +14,10 @@ * Privoxy team. http://www.privoxy.org/ * * Based on the Internet Junkbuster originally written - * by and Copyright (C) 1997 Anonymous Coders and + * by and Copyright (C) 1997 Anonymous Coders and * Junkbusters Corporation. http://www.junkbusters.com * - * This program is free software; you can redistribute it + * This program is free software; you can redistribute it * and/or modify it under the terms of the GNU General * Public License as published by the Free Software * Foundation; either version 2 of the License, or (at @@ -35,119 +35,8 @@ * or write to the Free Software Foundation, Inc., 59 * Temple Place - Suite 330, Boston, MA 02111-1307, USA. * - * Revisions : - * $Log: loadcfg.h,v $ - * Revision 1.13 2006/07/18 14:48:46 david__schmidt - * Reorganizing the repository: swapping out what was HEAD (the old 3.1 branch) - * with what was really the latest development (the v_3_0_branch branch) - * - * Revision 1.11.2.1 2003/03/11 11:53:59 oes - * Cosmetic: Renamed cryptic variable - * - * Revision 1.11 2002/03/26 22:29:55 swa - * we have a new homepage! - * - * Revision 1.10 2002/03/24 13:25:43 swa - * name change related issues - * - * Revision 1.9 2002/03/16 23:54:06 jongfoster - * Adding graceful termination feature, to help look for memory leaks. - * If you enable this (which, by design, has to be done by hand - * editing config.h) and then go to http://i.j.b/die, then the program - * will exit cleanly after the *next* request. It should free all the - * memory that was used. - * - * Revision 1.8 2001/12/30 14:07:32 steudten - * - Add signal handling (unix) - * - Add SIGHUP handler (unix) - * - Add creation of pidfile (unix) - * - Add action 'top' in rc file (RH) - * - Add entry 'SIGNALS' to manpage - * - Add exit message to logfile (unix) - * - * Revision 1.7 2001/07/30 22:08:36 jongfoster - * Tidying up #defines: - * - All feature #defines are now of the form FEATURE_xxx - * - Permanently turned off WIN_GUI_EDIT - * - Permanently turned on WEBDAV and SPLIT_PROXY_ARGS - * - * Revision 1.6 2001/07/29 18:58:15 jongfoster - * Removing nested #includes, adding forward declarations for needed - * structures, and changing the #define _FILENAME_H to FILENAME_H_INCLUDED. - * - * Revision 1.5 2001/05/26 00:28:36 jongfoster - * Automatic reloading of config file. - * Removed obsolete SIGHUP support (Unix) and Reload menu option (Win32). - * Most of the global variables have been moved to a new - * struct configuration_spec, accessed through csp->config->globalname - * Most of the globals remaining are used by the Win32 GUI. - * - * Revision 1.4 2001/05/22 18:46:04 oes - * - * - Enabled filtering banners by size rather than URL - * by adding patterns that replace all standard banner - * sizes with the "Junkbuster" gif to the re_filterfile - * - * - Enabled filtering WebBugs by providing a pattern - * which kills all 1x1 images - * - * - Added support for PCRE_UNGREEDY behaviour to pcrs, - * which is selected by the (nonstandard and therefore - * capital) letter 'U' in the option string. - * It causes the quantifiers to be ungreedy by default. - * Appending a ? turns back to greedy (!). - * - * - Added a new interceptor ijb-send-banner, which - * sends back the "Junkbuster" gif. Without imagelist or - * MSIE detection support, or if tinygif = 1, or the - * URL isn't recognized as an imageurl, a lame HTML - * explanation is sent instead. - * - * - Added new feature, which permits blocking remote - * script redirects and firing back a local redirect - * to the browser. - * The feature is conditionally compiled, i.e. it - * can be disabled with --disable-fast-redirects, - * plus it must be activated by a "fast-redirects" - * line in the config file, has its own log level - * and of course wants to be displayed by show-proxy-args - * Note: Boy, all the #ifdefs in 1001 locations and - * all the fumbling with configure.in and acconfig.h - * were *way* more work than the feature itself :-( - * - * - Because a generic redirect template was needed for - * this, tinygif = 3 now uses the same. - * - * - Moved GIFs, and other static HTTP response templates - * to project.h - * - * - Some minor fixes - * - * - Removed some >400 CRs again (Jon, you really worked - * a lot! ;-) - * - * Revision 1.3 2001/05/20 01:21:20 jongfoster - * Version 2.9.4 checkin. - * - Merged popupfile and cookiefile, and added control over PCRS - * filtering, in new "permissionsfile". - * - Implemented LOG_LEVEL_FATAL, so that if there is a configuration - * file error you now get a message box (in the Win32 GUI) rather - * than the program exiting with no explanation. - * - Made killpopup use the PCRS MIME-type checking and HTTP-header - * skipping. - * - Removed tabs from "config" - * - Moved duplicated url parsing code in "loaders.c" to a new funcition. - * - Bumped up version number. - * - * Revision 1.2 2001/05/17 23:01:01 oes - * - Cleaned CRLF's from the sources and related files - * - * Revision 1.1.1.1 2001/05/15 13:58:58 oes - * Initial import of version 2.9.3 source tree - * - * *********************************************************************/ - + #ifdef __cplusplus extern "C" { @@ -172,7 +61,7 @@ extern const char *configfile; * we need to have these globally available. */ extern int Argc; -extern const char **Argv; +extern char * const * Argv; extern short int MustReload; diff --git a/external/privoxy/loaders.c b/external/privoxy/loaders.c index b7966343..f672e5b2 100644 --- a/external/privoxy/loaders.c +++ b/external/privoxy/loaders.c @@ -1,4 +1,4 @@ -const char loaders_rcs[] = "$Id: loaders.c,v 1.71 2009/03/04 18:24:47 fabiankeil Exp $"; +const char loaders_rcs[] = "$Id: loaders.c,v 1.87 2011/11/06 11:53:15 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/loaders.c,v $ @@ -8,7 +8,7 @@ const char loaders_rcs[] = "$Id: loaders.c,v 1.71 2009/03/04 18:24:47 fabiankeil * the list of active loaders, and to automatically * unload files that are no longer in use. * - * Copyright : Written by and Copyright (C) 2001-2009 the + * Copyright : Written by and Copyright (C) 2001-2010 the * Privoxy team. http://www.privoxy.org/ * * Based on the Internet Junkbuster originally written @@ -33,353 +33,8 @@ const char loaders_rcs[] = "$Id: loaders.c,v 1.71 2009/03/04 18:24:47 fabiankeil * or write to the Free Software Foundation, Inc., 59 * Temple Place - Suite 330, Boston, MA 02111-1307, USA. * - * Revisions : - * $Log: loaders.c,v $ - * Revision 1.71 2009/03/04 18:24:47 fabiankeil - * No need to create empty strings manually, strdup("") FTW. - * - * Revision 1.70 2009/03/01 18:34:24 fabiankeil - * Help clang understand that we aren't dereferencing - * NULL pointers here. - * - * Revision 1.69 2008/09/21 13:36:52 fabiankeil - * If change-x-forwarded-for{add} is used and the client - * sends multiple X-Forwarded-For headers, append the client's - * IP address to each one of them. "Traditionally" we would - * lose all but the last one. - * - * Revision 1.68 2008/09/19 15:26:28 fabiankeil - * Add change-x-forwarded-for{} action to block or add - * X-Forwarded-For headers. Mostly based on code removed - * before 3.0.7. - * - * Revision 1.67 2008/03/30 14:52:08 fabiankeil - * Rename load_actions_file() and load_re_filterfile() - * as they load multiple files "now". - * - * Revision 1.66 2008/03/21 11:16:30 fabiankeil - * Garbage-collect csp->my_ip_addr_str and csp->my_hostname. - * - * Revision 1.65 2007/12/07 18:29:23 fabiankeil - * Remove now-obsolete csp member x_forwarded. - * - * Revision 1.64 2007/06/01 14:12:38 fabiankeil - * Add unload_forward_spec() in preparation for forward-override{}. - * - * Revision 1.63 2007/05/14 10:41:15 fabiankeil - * Ditch the csp member cookie_list[] which isn't used anymore. - * - * Revision 1.62 2007/04/30 15:02:18 fabiankeil - * Introduce dynamic pcrs jobs that can resolve variables. - * - * Revision 1.61 2007/04/15 16:39:21 fabiankeil - * Introduce tags as alternative way to specify which - * actions apply to a request. At the moment tags can be - * created based on client and server headers. - * - * Revision 1.60 2007/03/20 15:16:34 fabiankeil - * Use dedicated header filter actions instead of abusing "filter". - * Replace "filter-client-headers" and "filter-client-headers" - * with "server-header-filter" and "client-header-filter". - * - * Revision 1.59 2007/01/25 13:38:20 fabiankeil - * Freez csp->error_message in sweep(). - * - * Revision 1.58 2006/12/31 14:25:20 fabiankeil - * Fix gcc43 compiler warnings. - * - * Revision 1.57 2006/12/21 12:22:22 fabiankeil - * html_encode filter descriptions. - * - * Have "Ignoring job ..." error messages - * print the filter file name correctly. - * - * Revision 1.56 2006/09/07 10:40:30 fabiankeil - * Turns out trusted referrers above our arbitrary - * limit are downgraded too ordinary trusted URLs. - * Adjusted error message. - * - * Revision 1.55 2006/09/07 10:25:39 fabiankeil - * Fix typo. - * - * Revision 1.54 2006/09/07 10:22:20 fabiankeil - * If too many trusted referrers are used, - * print only one error message instead of logging - * every single trusted referrer above the arbitrary - * limit. - * - * Revision 1.53 2006/08/31 16:25:06 fabiankeil - * Work around a buffer overflow that caused Privoxy to - * segfault if too many trusted referrers were used. Good - * enough for now, but should be replaced with a real - * solution after the next release. - * - * Revision 1.52 2006/07/18 14:48:46 david__schmidt - * Reorganizing the repository: swapping out what was HEAD (the old 3.1 branch) - * with what was really the latest development (the v_3_0_branch branch) - * - * Revision 1.50.2.8 2006/01/30 15:16:25 david__schmidt - * Remove a little residual debugging info - * - * Revision 1.50.2.7 2006/01/29 23:10:56 david__schmidt - * Multiple filter file support - * - * Revision 1.50.2.6 2003/10/24 10:17:54 oes - * Nit: Allowed tabs as separators in filter headings - * - * Revision 1.50.2.5 2003/05/08 15:19:15 oes - * sweep: Made loop structure of sweep step mirror that of mark step - * - * Revision 1.50.2.4 2003/05/06 15:57:12 oes - * Bugfix: Update last_active pointer in sweep() before - * leaving an active client. Closes bugs #724395, #727882 - * - * Revision 1.50.2.3 2002/11/20 17:12:30 oes - * Ooops, forgot one change. - * - * Revision 1.50.2.2 2002/11/20 14:38:15 oes - * Fixed delayed/incomplete freeing of client resources and - * simplified loop structure in sweep. - * Thanks to Oliver Stoeneberg for the hint. - * - * Revision 1.50.2.1 2002/07/26 15:19:24 oes - * - PCRS jobs now chained in order of appearance. Previous - * reverse chaining was counter-intuitive. - * - Changed loglevel of PCRS job compile errors to - * LOG_LEVEL_ERROR - * - * Revision 1.50 2002/04/24 02:12:16 oes - * Jon's multiple AF patch: Sweep now takes care of all AFs - * - * Revision 1.49 2002/04/19 16:53:25 jongfoster - * Optimize away a function call by using an equivalent macro - * - * Revision 1.48 2002/04/05 00:56:09 gliptak - * Correcting typo to clean up on realloc failure - * - * Revision 1.47 2002/03/26 22:29:55 swa - * we have a new homepage! - * - * Revision 1.46 2002/03/24 13:25:43 swa - * name change related issues - * - * Revision 1.45 2002/03/16 23:54:06 jongfoster - * Adding graceful termination feature, to help look for memory leaks. - * If you enable this (which, by design, has to be done by hand - * editing config.h) and then go to http://i.j.b/die, then the program - * will exit cleanly after the *next* request. It should free all the - * memory that was used. - * - * Revision 1.44 2002/03/16 21:51:00 jongfoster - * Fixing free(NULL). - * - * Revision 1.43 2002/03/16 20:28:34 oes - * Added descriptions to the filters so users will know what they select in the cgi editor - * - * Revision 1.42 2002/03/13 00:27:05 jongfoster - * Killing warnings - * - * Revision 1.41 2002/03/12 01:42:50 oes - * Introduced modular filters - * - * Revision 1.40 2002/03/08 17:46:04 jongfoster - * Fixing int/size_t warnings - * - * Revision 1.39 2002/03/07 03:46:17 oes - * Fixed compiler warnings - * - * Revision 1.38 2002/03/06 22:54:35 jongfoster - * Automated function-comment nitpicking. - * - * Revision 1.37 2002/03/03 15:07:49 oes - * Re-enabled automatic config reloading - * - * Revision 1.36 2002/01/22 23:46:18 jongfoster - * Moving edit_read_line() and simple_read_line() to loaders.c, and - * extending them to support reading MS-DOS, Mac and UNIX style files - * on all platforms. - * - * Modifying read_config_line() (without changing it's prototype) to - * be a trivial wrapper for edit_read_line(). This means that we have - * one function to read a line and handle comments, which is common - * between the initialization code and the edit interface. - * - * Revision 1.35 2002/01/17 21:03:08 jongfoster - * Moving all our URL and URL pattern parsing code to urlmatch.c. - * - * Renaming free_url to free_url_spec, since it frees a struct url_spec. - * - * Revision 1.34 2001/12/30 14:07:32 steudten - * - Add signal handling (unix) - * - Add SIGHUP handler (unix) - * - Add creation of pidfile (unix) - * - Add action 'top' in rc file (RH) - * - Add entry 'SIGNALS' to manpage - * - Add exit message to logfile (unix) - * - * Revision 1.33 2001/11/13 00:16:38 jongfoster - * Replacing references to malloc.h with the standard stdlib.h - * (See ANSI or K&R 2nd Ed) - * - * Revision 1.32 2001/11/07 00:02:13 steudten - * Add line number in error output for lineparsing for - * actionsfile and configfile. - * Special handling for CLF added. - * - * Revision 1.31 2001/10/26 17:39:01 oes - * Removed csp->referrer - * Moved ijb_isspace and ijb_tolower to project.h - * - * Revision 1.30 2001/10/25 03:40:48 david__schmidt - * Change in porting tactics: OS/2's EMX porting layer doesn't allow multiple - * threads to call select() simultaneously. So, it's time to do a real, live, - * native OS/2 port. See defines for __EMX__ (the porting layer) vs. __OS2__ - * (native). Both versions will work, but using __OS2__ offers multi-threading. - * - * Revision 1.29 2001/10/23 21:38:53 jongfoster - * Adding error-checking to create_url_spec() - * - * Revision 1.28 2001/10/07 15:40:39 oes - * Replaced 6 boolean members of csp with one bitmap (csp->flags) - * - * Revision 1.27 2001/09/22 16:36:59 jongfoster - * Removing unused parameter fs from read_config_line() - * - * Revision 1.26 2001/09/22 14:05:22 jongfoster - * Bugfix: Multiple escaped "#" characters in a configuration - * file are now permitted. - * Also removing 3 unused headers. - * - * Revision 1.25 2001/09/13 22:44:03 jongfoster - * Adding {} to an if statement - * - * Revision 1.24 2001/07/30 22:08:36 jongfoster - * Tidying up #defines: - * - All feature #defines are now of the form FEATURE_xxx - * - Permanently turned off WIN_GUI_EDIT - * - Permanently turned on WEBDAV and SPLIT_PROXY_ARGS - * - * Revision 1.23 2001/07/20 15:51:54 oes - * Fixed indentation of prepocessor commands - * - * Revision 1.22 2001/07/20 15:16:17 haroon - * - per Guy's suggestion, added a while loop in sweep() to catch not just - * the last inactive CSP but all other consecutive inactive CSPs after that - * as well - * - * Revision 1.21 2001/07/18 17:26:24 oes - * Changed to conform to new pcrs interface - * - * Revision 1.20 2001/07/17 13:07:01 oes - * Fixed segv when last line in config files - * lacked a terminating (\r)\n - * - * Revision 1.19 2001/07/13 14:01:54 oes - * Removed all #ifdef PCRS - * - * Revision 1.18 2001/06/29 21:45:41 oes - * Indentation, CRLF->LF, Tab-> Space - * - * Revision 1.17 2001/06/29 13:31:51 oes - * Various adaptions - * - * Revision 1.16 2001/06/09 10:55:28 jongfoster - * Changing BUFSIZ ==> BUFFER_SIZE - * - * Revision 1.15 2001/06/07 23:14:14 jongfoster - * Removing ACL and forward file loaders - these - * files have been merged into the config file. - * Cosmetic: Moving unloader funcs next to their - * respective loader funcs - * - * Revision 1.14 2001/06/01 03:27:04 oes - * Fixed line continuation problem - * - * Revision 1.13 2001/05/31 21:28:49 jongfoster - * Removed all permissionsfile code - it's now called the actions - * file, and (almost) all the code is in actions.c - * - * Revision 1.12 2001/05/31 17:32:31 oes - * - * - Enhanced domain part globbing with infix and prefix asterisk - * matching and optional unanchored operation - * - * Revision 1.11 2001/05/29 23:25:24 oes - * - * - load_config_line() and load_permissions_file() now use chomp() - * - * Revision 1.10 2001/05/29 09:50:24 jongfoster - * Unified blocklist/imagelist/permissionslist. - * File format is still under discussion, but the internal changes - * are (mostly) done. - * - * Also modified interceptor behaviour: - * - We now intercept all URLs beginning with one of the following - * prefixes (and *only* these prefixes): - * * http://i.j.b/ - * * http://ijbswa.sf.net/config/ - * * http://ijbswa.sourceforge.net/config/ - * - New interceptors "home page" - go to http://i.j.b/ to see it. - * - Internal changes so that intercepted and fast redirect pages - * are not replaced with an image. - * - Interceptors now have the option to send a binary page direct - * to the client. (i.e. ijb-send-banner uses this) - * - Implemented show-url-info interceptor. (Which is why I needed - * the above interceptors changes - a typical URL is - * "http://i.j.b/show-url-info?url=www.somesite.com/banner.gif". - * The previous mechanism would not have intercepted that, and - * if it had been intercepted then it then it would have replaced - * it with an image.) - * - * Revision 1.9 2001/05/26 17:12:07 jongfoster - * Fatal errors loading configuration files now give better error messages. - * - * Revision 1.8 2001/05/26 00:55:20 jongfoster - * Removing duplicated code. load_forwardfile() now uses create_url_spec() - * - * Revision 1.7 2001/05/26 00:28:36 jongfoster - * Automatic reloading of config file. - * Removed obsolete SIGHUP support (Unix) and Reload menu option (Win32). - * Most of the global variables have been moved to a new - * struct configuration_spec, accessed through csp->config->globalname - * Most of the globals remaining are used by the Win32 GUI. - * - * Revision 1.6 2001/05/23 12:27:33 oes - * - * Fixed ugly indentation of my last changes - * - * Revision 1.5 2001/05/23 10:39:05 oes - * - Added support for escaping the comment character - * in config files by a backslash - * - Added support for line continuation in config - * files - * - Fixed a buffer overflow bug with long config lines - * - * Revision 1.4 2001/05/22 18:56:28 oes - * CRLF -> LF - * - * Revision 1.3 2001/05/20 01:21:20 jongfoster - * Version 2.9.4 checkin. - * - Merged popupfile and cookiefile, and added control over PCRS - * filtering, in new "permissionsfile". - * - Implemented LOG_LEVEL_FATAL, so that if there is a configuration - * file error you now get a message box (in the Win32 GUI) rather - * than the program exiting with no explanation. - * - Made killpopup use the PCRS MIME-type checking and HTTP-header - * skipping. - * - Removed tabs from "config" - * - Moved duplicated url parsing code in "loaders.c" to a new funcition. - * - Bumped up version number. - * - * Revision 1.2 2001/05/17 23:01:01 oes - * - Cleaned CRLF's from the sources and related files - * - * Revision 1.1.1.1 2001/05/15 13:58:59 oes - * Initial import of version 2.9.3 source tree - * - * *********************************************************************/ - + #include "config.h" @@ -453,14 +108,16 @@ static struct file_list *current_re_filterfile[MAX_AF_FILES] = { * * Parameters : None * - * Returns : N/A + * Returns : The number of threads that are still active. * *********************************************************************/ -void sweep(void) +unsigned int sweep(void) { struct file_list *fl, *nfl; - struct client_state *csp, *last_active; + struct client_state *csp; + struct client_states *last_active, *client_list; int i; + unsigned int active_threads = 0; /* clear all of the file's active flags */ for ( fl = files->next; NULL != fl; fl = fl->next ) @@ -469,10 +126,11 @@ void sweep(void) } last_active = clients; - csp = clients->next; + client_list = clients->next; - while (NULL != csp) + while (NULL != client_list) { + csp = &client_list->csp; if (csp->flags & CSP_FLAG_ACTIVE) { /* Mark this client's files as active */ @@ -484,12 +142,12 @@ void sweep(void) */ csp->config->config_file_list->active = 1; - /* + /* * Actions files */ for (i = 0; i < MAX_AF_FILES; i++) { - if (csp->actions_list[i]) + if (csp->actions_list[i]) { csp->actions_list[i]->active = 1; } @@ -500,7 +158,7 @@ void sweep(void) */ for (i = 0; i < MAX_AF_FILES; i++) { - if (csp->rlist[i]) + if (csp->rlist[i]) { csp->rlist[i]->active = 1; } @@ -515,17 +173,18 @@ void sweep(void) csp->tlist->active = 1; } #endif /* def FEATURE_TRUST */ - - last_active = csp; - csp = csp->next; + active_threads++; + + last_active = client_list; + client_list = client_list->next; } - else + else /* * This client is not active. Free its resources. */ { - last_active->next = csp->next; + last_active->next = client_list->next; freez(csp->ip_addr_str); freez(csp->iob->buf); @@ -551,9 +210,9 @@ void sweep(void) } #endif /* def FEATURE_STATISTICS */ - freez(csp); - - csp = last_active->next; + freez(client_list); + + client_list = last_active->next; } } @@ -580,6 +239,8 @@ void sweep(void) } } + return active_threads; + } @@ -698,7 +359,7 @@ jb_err simple_read_line(FILE *fp, char **dest, int *newline) p = buf; /* - * Character codes. If you have a wierd compiler and the following are + * Character codes. If you have a weird compiler and the following are * incorrect, you also need to fix NEWLINE() in loaders.h */ #define CHAR_CR '\r' /* ASCII 13 */ @@ -1076,37 +737,27 @@ jb_err edit_read_line(FILE *fp, * and respects escaping of newline and comment char. * * Parameters : - * 1 : buf = Buffer to use. - * 2 : buflen = Size of buffer in bytes. - * 3 : fp = File to read from - * 4 : linenum = linenumber in file + * 1 : fp = File to read from + * 2 : linenum = linenumber in file + * 3 : buf = Pointer to a pointer to set to the data buffer. * * Returns : NULL on EOF or error * Otherwise, returns buf. * *********************************************************************/ -char *read_config_line(char *buf, size_t buflen, FILE *fp, unsigned long *linenum) +char *read_config_line(FILE *fp, unsigned long *linenum, char **buf) { jb_err err; - char *buf2 = NULL; - err = edit_read_line(fp, NULL, NULL, &buf2, NULL, linenum); + err = edit_read_line(fp, NULL, NULL, buf, NULL, linenum); if (err) { if (err == JB_ERR_MEMORY) { log_error(LOG_LEVEL_FATAL, "Out of memory loading a config file"); } - return NULL; - } - else - { - assert(buf2); - assert(strlen(buf2) + 1U < buflen); - strncpy(buf, buf2, buflen - 1); - free(buf2); - buf[buflen - 1] = '\0'; - return buf; + *buf = NULL; } + return *buf; } @@ -1184,7 +835,7 @@ int load_trustfile(struct client_state *csp) struct block_spec *b, *bl; struct url_spec **tl; - char buf[BUFFER_SIZE], *p, *q; + char *buf = NULL; int reject, trusted; struct file_list *fs; unsigned long linenum = 0; @@ -1193,10 +844,7 @@ int load_trustfile(struct client_state *csp) if (!check_file_changed(current_trustfile, csp->config->trustfile, &fs)) { /* No need to load */ - if (csp) - { - csp->tlist = current_trustfile; - } + csp->tlist = current_trustfile; return(0); } if (!fs) @@ -1214,10 +862,11 @@ int load_trustfile(struct client_state *csp) { goto load_trustfile_error; } + log_error(LOG_LEVEL_INFO, "Loading trust file: %s", csp->config->trustfile); tl = csp->config->trust_list; - while (read_config_line(buf, sizeof(buf), fp, &linenum) != NULL) + while (read_config_line(fp, &linenum, &buf) != NULL) { trusted = 0; reject = 1; @@ -1230,6 +879,9 @@ int load_trustfile(struct client_state *csp) if (*buf == '~') { + char *p; + char *q; + reject = 0; p = buf; q = p+1; @@ -1242,6 +894,7 @@ int load_trustfile(struct client_state *csp) /* skip blank lines */ if (*buf == '\0') { + freez(buf); continue; } @@ -1275,9 +928,10 @@ int load_trustfile(struct client_state *csp) *tl++ = b->url; } } + freez(buf); } - if(trusted_referrers >= MAX_TRUSTED_REFERRERS) + if(trusted_referrers >= MAX_TRUSTED_REFERRERS) { /* * FIXME: ... after Privoxy 3.0.4 is out. @@ -1301,17 +955,14 @@ int load_trustfile(struct client_state *csp) fs->next = files->next; files->next = fs; current_trustfile = fs; - - if (csp) - { - csp->tlist = fs; - } + csp->tlist = fs; return(0); load_trustfile_error: log_error(LOG_LEVEL_FATAL, "can't load trustfile '%s': %E", - csp->config->trustfile); + csp->config->trustfile); + freez(buf); return(-1); } @@ -1355,7 +1006,7 @@ static void unload_re_filterfile(void *f) * * Function : unload_forward_spec * - * Description : Unload the forward spec settings by freeing all + * Description : Unload the forward spec settings by freeing all * memory referenced by members and the memory for * the spec itself. * @@ -1409,7 +1060,7 @@ void unload_current_re_filterfile(void) * * Function : load_re_filterfiles * - * Description : Loads all the filterfiles. + * Description : Loads all the filterfiles. * Generate a chained list of re_filterfile_spec's from * the "FILTER: " blocks, compiling all their substitutions * into chained lists of pcrs_job structs. @@ -1450,7 +1101,7 @@ int load_re_filterfiles(struct client_state *csp) * * Function : load_one_re_filterfile * - * Description : Load a re_filterfile. + * Description : Load a re_filterfile. * Generate a chained list of re_filterfile_spec's from * the "FILTER: " blocks, compiling all their substitutions * into chained lists of pcrs_job structs. @@ -1468,7 +1119,7 @@ int load_one_re_filterfile(struct client_state *csp, int fileid) struct re_filterfile_spec *new_bl, *bl = NULL; struct file_list *fs; - char buf[BUFFER_SIZE]; + char *buf = NULL; int error; unsigned long linenum = 0; pcrs_job *dummy, *lastjob = NULL; @@ -1478,10 +1129,7 @@ int load_one_re_filterfile(struct client_state *csp, int fileid) */ if (!check_file_changed(current_re_filterfile[fileid], csp->config->re_filterfile[fileid], &fs)) { - if (csp) - { - csp->rlist[fileid] = current_re_filterfile[fileid]; - } + csp->rlist[fileid] = current_re_filterfile[fileid]; return(0); } if (!fs) @@ -1489,7 +1137,7 @@ int load_one_re_filterfile(struct client_state *csp, int fileid) goto load_re_filterfile_error; } - /* + /* * Open the file or fail */ if ((fp = fopen(csp->config->re_filterfile[fileid], "r")) == NULL) @@ -1497,10 +1145,12 @@ int load_one_re_filterfile(struct client_state *csp, int fileid) goto load_re_filterfile_error; } - /* + log_error(LOG_LEVEL_INFO, "Loading filter file: %s", csp->config->re_filterfile[fileid]); + + /* * Read line by line */ - while (read_config_line(buf, sizeof(buf), fp, &linenum) != NULL) + while (read_config_line(fp, &linenum, &buf) != NULL) { int new_filter = NO_NEW_FILTER; @@ -1565,7 +1215,7 @@ int load_one_re_filterfile(struct client_state *csp, int fileid) } new_bl->name = strdup(chomp(new_bl->name)); - + /* * If this is the first filter block, chain it * to the file_list rather than its (nonexistant) @@ -1584,12 +1234,13 @@ int load_one_re_filterfile(struct client_state *csp, int fileid) log_error(LOG_LEVEL_RE_FILTER, "Reading in filter \"%s\" (\"%s\")", bl->name, bl->description); + freez(buf); continue; } - /* + /* * Else, save the expression, make it a pcrs_job - * and chain it into the current filter's joblist + * and chain it into the current filter's joblist */ if (bl != NULL) { @@ -1615,7 +1266,8 @@ int load_one_re_filterfile(struct client_state *csp, int fileid) bl->dynamic = 1; log_error(LOG_LEVEL_RE_FILTER, "Adding dynamic re_filter job \'%s\' to filter %s succeeded.", buf, bl->name); - continue; + freez(buf); + continue; } else if (bl->dynamic) { @@ -1626,6 +1278,7 @@ int load_one_re_filterfile(struct client_state *csp, int fileid) */ log_error(LOG_LEVEL_RE_FILTER, "Adding static re_filter job \'%s\' to dynamic filter %s succeeded.", buf, bl->name); + freez(buf); continue; } @@ -1633,6 +1286,7 @@ int load_one_re_filterfile(struct client_state *csp, int fileid) { log_error(LOG_LEVEL_ERROR, "Adding re_filter job \'%s\' to filter %s failed with error %d.", buf, bl->name, error); + freez(buf); continue; } else @@ -1654,11 +1308,12 @@ int load_one_re_filterfile(struct client_state *csp, int fileid) log_error(LOG_LEVEL_ERROR, "Ignoring job %s outside filter block in %s, line %d", buf, csp->config->re_filterfile[fileid], linenum); } + freez(buf); } fclose(fp); - /* + /* * Schedule the now-obsolete old data for unloading */ if ( NULL != current_re_filterfile[fileid] ) @@ -1672,11 +1327,7 @@ int load_one_re_filterfile(struct client_state *csp, int fileid) fs->next = files->next; files->next = fs; current_re_filterfile[fileid] = fs; - - if (csp) - { - csp->rlist[fileid] = fs; - } + csp->rlist[fileid] = fs; return( 0 ); @@ -1708,7 +1359,7 @@ void add_loader(int (*loader)(struct client_state *), { int i; - for (i=0; i < NLOADERS; i++) + for (i = 0; i < NLOADERS; i++) { if (config->loaders[i] == NULL) { @@ -1742,7 +1393,7 @@ int run_loader(struct client_state *csp) int ret = 0; int i; - for (i=0; i < NLOADERS; i++) + for (i = 0; i < NLOADERS; i++) { if (csp->config->loaders[i] == NULL) { @@ -1754,6 +1405,66 @@ int run_loader(struct client_state *csp) } +/********************************************************************* + * + * Function : file_has_been_modified + * + * Description : Helper function to check if a file has been changed + * + * Parameters : + * 1 : filename = The name of the file to check + * 2 : last_known_modification = The time of the last known + * modification + * + * Returns : TRUE if the file has been changed, + * FALSE otherwise. + * + *********************************************************************/ +static int file_has_been_modified(const char *filename, time_t last_know_modification) +{ + struct stat statbuf[1]; + + if (stat(filename, statbuf) < 0) + { + /* Error, probably file not found which counts as change. */ + return 1; + } + + return (last_know_modification != statbuf->st_mtime); +} + + +/********************************************************************* + * + * Function : any_loaded_file_changed + * + * Description : Helper function to check if any loaded file has been + * changed since the time it has been loaded. + * + * XXX: Should we cache the return value for x seconds? + * + * Parameters : + * 1 : files_to_check = List of files to check + * + * Returns : TRUE if any file has been changed, + * FALSE otherwise. + * + *********************************************************************/ +int any_loaded_file_changed(const struct file_list *files_to_check) +{ + const struct file_list *file_to_check = files_to_check; + + while (file_to_check != NULL) + { + if (file_has_been_modified(file_to_check->filename, file_to_check->lastmodified)) + { + return TRUE; + } + file_to_check = file_to_check->next; + } + return FALSE; +} + /* Local Variables: diff --git a/external/privoxy/loaders.h b/external/privoxy/loaders.h index ded18e3b..ae1b6fea 100644 --- a/external/privoxy/loaders.h +++ b/external/privoxy/loaders.h @@ -1,23 +1,23 @@ #ifndef LOADERS_H_INCLUDED #define LOADERS_H_INCLUDED -#define LOADERS_H_VERSION "$Id: loaders.h,v 1.23 2008/03/30 14:52:10 fabiankeil Exp $" +#define LOADERS_H_VERSION "$Id: loaders.h,v 1.29 2011/09/04 11:10:56 fabiankeil Exp $" /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/loaders.h,v $ * * Purpose : Functions to load and unload the various * configuration files. Also contains code to manage - * the list of active loaders, and to automatically + * the list of active loaders, and to automatically * unload files that are no longer in use. * - * Copyright : Written by and Copyright (C) 2001 the SourceForge + * Copyright : Written by and Copyright (C) 2001-2010 the * Privoxy team. http://www.privoxy.org/ * * Based on the Internet Junkbuster originally written - * by and Copyright (C) 1997 Anonymous Coders and + * by and Copyright (C) 1997 Anonymous Coders and * Junkbusters Corporation. http://www.junkbusters.com * - * This program is free software; you can redistribute it + * This program is free software; you can redistribute it * and/or modify it under the terms of the GNU General * Public License as published by the Free Software * Foundation; either version 2 of the License, or (at @@ -35,139 +35,8 @@ * or write to the Free Software Foundation, Inc., 59 * Temple Place - Suite 330, Boston, MA 02111-1307, USA. * - * Revisions : - * $Log: loaders.h,v $ - * Revision 1.23 2008/03/30 14:52:10 fabiankeil - * Rename load_actions_file() and load_re_filterfile() - * as they load multiple files "now". - * - * Revision 1.22 2007/06/01 14:12:38 fabiankeil - * Add unload_forward_spec() in preparation for forward-override{}. - * - * Revision 1.21 2006/07/18 14:48:46 david__schmidt - * Reorganizing the repository: swapping out what was HEAD (the old 3.1 branch) - * with what was really the latest development (the v_3_0_branch branch) - * - * Revision 1.19 2002/03/26 22:29:55 swa - * we have a new homepage! - * - * Revision 1.18 2002/03/24 13:25:43 swa - * name change related issues - * - * Revision 1.17 2002/03/16 23:54:06 jongfoster - * Adding graceful termination feature, to help look for memory leaks. - * If you enable this (which, by design, has to be done by hand - * editing config.h) and then go to http://i.j.b/die, then the program - * will exit cleanly after the *next* request. It should free all the - * memory that was used. - * - * Revision 1.16 2002/03/07 03:46:17 oes - * Fixed compiler warnings - * - * Revision 1.15 2002/01/22 23:46:18 jongfoster - * Moving edit_read_line() and simple_read_line() to loaders.c, and - * extending them to support reading MS-DOS, Mac and UNIX style files - * on all platforms. - * - * Modifying read_config_line() (without changing it's prototype) to - * be a trivial wrapper for edit_read_line(). This means that we have - * one function to read a line and handle comments, which is common - * between the initialization code and the edit interface. - * - * Revision 1.14 2002/01/17 21:03:08 jongfoster - * Moving all our URL and URL pattern parsing code to urlmatch.c. - * - * Renaming free_url to free_url_spec, since it frees a struct url_spec. - * - * Revision 1.13 2001/12/30 14:07:32 steudten - * - Add signal handling (unix) - * - Add SIGHUP handler (unix) - * - Add creation of pidfile (unix) - * - Add action 'top' in rc file (RH) - * - Add entry 'SIGNALS' to manpage - * - Add exit message to logfile (unix) - * - * Revision 1.12 2001/11/07 00:02:13 steudten - * Add line number in error output for lineparsing for - * actionsfile and configfile. - * Special handling for CLF added. - * - * Revision 1.11 2001/10/23 21:38:53 jongfoster - * Adding error-checking to create_url_spec() - * - * Revision 1.10 2001/09/22 16:36:59 jongfoster - * Removing unused parameter fs from read_config_line() - * - * Revision 1.9 2001/07/30 22:08:36 jongfoster - * Tidying up #defines: - * - All feature #defines are now of the form FEATURE_xxx - * - Permanently turned off WIN_GUI_EDIT - * - Permanently turned on WEBDAV and SPLIT_PROXY_ARGS - * - * Revision 1.8 2001/07/29 18:58:15 jongfoster - * Removing nested #includes, adding forward declarations for needed - * structures, and changing the #define _FILENAME_H to FILENAME_H_INCLUDED. - * - * Revision 1.7 2001/07/13 14:01:54 oes - * Removed all #ifdef PCRS - * - * Revision 1.6 2001/06/07 23:14:38 jongfoster - * Removing ACL and forward file loaders - these files have - * been merged into the config file. - * - * Revision 1.5 2001/05/31 21:28:49 jongfoster - * Removed all permissionsfile code - it's now called the actions - * file, and (almost) all the code is in actions.c - * - * Revision 1.4 2001/05/29 09:50:24 jongfoster - * Unified blocklist/imagelist/permissionslist. - * File format is still under discussion, but the internal changes - * are (mostly) done. - * - * Also modified interceptor behaviour: - * - We now intercept all URLs beginning with one of the following - * prefixes (and *only* these prefixes): - * * http://i.j.b/ - * * http://ijbswa.sf.net/config/ - * * http://ijbswa.sourceforge.net/config/ - * - New interceptors "home page" - go to http://i.j.b/ to see it. - * - Internal changes so that intercepted and fast redirect pages - * are not replaced with an image. - * - Interceptors now have the option to send a binary page direct - * to the client. (i.e. ijb-send-banner uses this) - * - Implemented show-url-info interceptor. (Which is why I needed - * the above interceptors changes - a typical URL is - * "http://i.j.b/show-url-info?url=www.somesite.com/banner.gif". - * The previous mechanism would not have intercepted that, and - * if it had been intercepted then it then it would have replaced - * it with an image.) - * - * Revision 1.3 2001/05/26 00:28:36 jongfoster - * Automatic reloading of config file. - * Removed obsolete SIGHUP support (Unix) and Reload menu option (Win32). - * Most of the global variables have been moved to a new - * struct configuration_spec, accessed through csp->config->globalname - * Most of the globals remaining are used by the Win32 GUI. - * - * Revision 1.2 2001/05/20 01:21:20 jongfoster - * Version 2.9.4 checkin. - * - Merged popupfile and cookiefile, and added control over PCRS - * filtering, in new "permissionsfile". - * - Implemented LOG_LEVEL_FATAL, so that if there is a configuration - * file error you now get a message box (in the Win32 GUI) rather - * than the program exiting with no explanation. - * - Made killpopup use the PCRS MIME-type checking and HTTP-header - * skipping. - * - Removed tabs from "config" - * - Moved duplicated url parsing code in "loaders.c" to a new funcition. - * - Bumped up version number. - * - * Revision 1.1.1.1 2001/05/15 13:59:00 oes - * Initial import of version 2.9.3 source tree - * - * *********************************************************************/ - + #ifdef __cplusplus extern "C" { @@ -179,8 +48,8 @@ struct file_list; struct configuration_spec; struct url_spec; -extern void sweep(void); -extern char *read_config_line(char *buf, size_t buflen, FILE *fp, unsigned long *linenum); +extern unsigned int sweep(void); +extern char *read_config_line(FILE *fp, unsigned long *linenum, char **buf); extern int check_file_changed(const struct file_list * current, const char * filename, struct file_list ** newfl); @@ -204,7 +73,7 @@ extern jb_err simple_read_line(FILE *fp, char **dest, int *newline); /* * Types of newlines that a file may contain, as strings. If you have an - * extremely wierd compiler that does not have '\r' == CR == ASCII 13 and + * extremely weird compiler that does not have '\r' == CR == ASCII 13 and * '\n' == LF == ASCII 10), then fix CHAR_CR and CHAR_LF in loaders.c as * well as these definitions. */ @@ -229,10 +98,12 @@ void unload_current_re_filterfile(void); void unload_forward_spec(struct forward_spec *fwd); -extern void add_loader(int (*loader)(struct client_state *), +extern void add_loader(int (*loader)(struct client_state *), struct configuration_spec * config); extern int run_loader(struct client_state *csp); +extern int any_loaded_file_changed(const struct file_list *files_to_check); + /* Revision control strings from this header and associated .c file */ extern const char loaders_rcs[]; extern const char loaders_h_rcs[]; diff --git a/external/privoxy/match-all.action b/external/privoxy/match-all.action index 904d85b0..826eb396 100644 --- a/external/privoxy/match-all.action +++ b/external/privoxy/match-all.action @@ -1,5 +1,5 @@ ############################################################################# -# $Id: match-all.action,v 1.2 2009/02/14 10:41:07 fabiankeil Exp $ +# $Id: match-all.action,v 1.3 2010/03/27 18:48:38 fabiankeil Exp $ # # This file contains the actions that are applied to all requests and # may be overruled later on by other actions files. Less experienced @@ -8,6 +8,8 @@ ############################################################################# { \ +change-x-forwarded-for{block} \ ++client-header-tagger{css-requests} \ ++client-header-tagger{image-requests} \ +hide-from-header{block} \ +set-image-blocker{pattern} \ } diff --git a/external/privoxy/miscutil.c b/external/privoxy/miscutil.c index 74aa32e2..dc972d6f 100644 --- a/external/privoxy/miscutil.c +++ b/external/privoxy/miscutil.c @@ -1,19 +1,18 @@ -const char miscutil_rcs[] = "$Id: miscutil.c,v 1.62 2008/12/04 18:16:41 fabiankeil Exp $"; +const char miscutil_rcs[] = "$Id: miscutil.c,v 1.68 2011/09/04 11:10:56 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/miscutil.c,v $ * - * Purpose : zalloc, hash_string, safe_strerror, strcmpic, - * strncmpic, chomp, and MinGW32 strdup - * functions. - * These are each too small to deserve their own file - * but don't really fit in any other file. + * Purpose : zalloc, hash_string, strcmpic, strncmpic, and + * MinGW32 strdup functions. These are each too small + * to deserve their own file but don't really fit in + * any other file. * - * Copyright : Written by and Copyright (C) 2001-2007 - * the SourceForge Privoxy team. http://www.privoxy.org/ + * Copyright : Written by and Copyright (C) 2001-2011 the + * Privoxy team. http://www.privoxy.org/ * * Based on the Internet Junkbuster originally written - * by and Copyright (C) 1997 Anonymous Coders and + * by and Copyright (C) 1997 Anonymous Coders and * Junkbusters Corporation. http://www.junkbusters.com * * The timegm replacement function was taken from GnuPG, @@ -24,7 +23,7 @@ const char miscutil_rcs[] = "$Id: miscutil.c,v 1.62 2008/12/04 18:16:41 fabianke * used under the terms of the GPL or the terms of the * "Frontier Artistic License". * - * This program is free software; you can redistribute it + * This program is free software; you can redistribute it * and/or modify it under the terms of the GNU General * Public License as published by the Free Software * Foundation; either version 2 of the License, or (at @@ -42,294 +41,8 @@ const char miscutil_rcs[] = "$Id: miscutil.c,v 1.62 2008/12/04 18:16:41 fabianke * or write to the Free Software Foundation, Inc., 59 * Temple Place - Suite 330, Boston, MA 02111-1307, USA. * - * Revisions : - * $Log: miscutil.c,v $ - * Revision 1.62 2008/12/04 18:16:41 fabiankeil - * Fix some cparser warnings. - * - * Revision 1.61 2008/10/18 11:09:23 fabiankeil - * Improve seed used by pick_from_range() on mingw32. - * - * Revision 1.60 2008/09/07 12:35:05 fabiankeil - * Add mutex lock support for _WIN32. - * - * Revision 1.59 2008/09/04 08:13:58 fabiankeil - * Prepare for critical sections on Windows by adding a - * layer of indirection before the pthread mutex functions. - * - * Revision 1.58 2008/04/17 14:53:30 fabiankeil - * Move simplematch() into urlmatch.c as it's only - * used to match (old-school) domain patterns. - * - * Revision 1.57 2008/03/24 15:29:51 fabiankeil - * Pet gcc43. - * - * Revision 1.56 2007/12/01 12:59:05 fabiankeil - * Some sanity checks for pick_from_range(). - * - * Revision 1.55 2007/11/03 17:34:49 fabiankeil - * Log the "weak randomization factor" warning only - * once for mingw32 and provide some more details. - * - * Revision 1.54 2007/09/19 20:28:37 fabiankeil - * If privoxy_strlcpy() is called with a "buffer" size - * of 0, don't touch whatever destination points to. - * - * Revision 1.53 2007/09/09 18:20:20 fabiankeil - * Turn privoxy_strlcpy() into a function and try to work with - * b0rked snprintf() implementations too. Reported by icmp30. - * - * Revision 1.52 2007/08/19 12:32:34 fabiankeil - * Fix a conversion warning. - * - * Revision 1.51 2007/06/17 16:12:22 fabiankeil - * #ifdef _WIN32 the last commit. According to David Shaw, - * one of the gnupg developers, the changes are mingw32-specific. - * - * Revision 1.50 2007/06/10 14:59:59 fabiankeil - * Change replacement timegm() to better match our style, plug a small - * but guaranteed memory leak and fix "time zone breathing" on mingw32. - * - * Revision 1.49 2007/05/11 11:48:15 fabiankeil - * - Delete strsav() which was replaced - * by string_append() years ago. - * - Add a strlcat() look-alike. - * - Use strlcat() and strlcpy() in those parts - * of the code that are run on unixes. - * - * Revision 1.48 2007/04/09 17:48:51 fabiankeil - * Check for HAVE_SNPRINTF instead of __OS2__ - * before including the portable snprintf() code. - * - * Revision 1.47 2007/03/17 11:52:15 fabiankeil - * - Use snprintf instead of sprintf. - * - Mention copyright for the replacement - * functions in the copyright header. - * - * Revision 1.46 2007/01/18 15:03:20 fabiankeil - * Don't include replacement timegm() if - * putenv() or tzset() isn't available. - * - * Revision 1.45 2006/12/26 17:31:41 fabiankeil - * Mutex protect rand() if POSIX threading - * is used, warn the user if that's not possible - * and stop using it on _WIN32 where it could - * cause crashes. - * - * Revision 1.44 2006/11/07 12:46:43 fabiankeil - * Silence compiler warning on NetBSD 3.1. - * - * Revision 1.43 2006/09/23 13:26:38 roro - * Replace TABs by spaces in source code. - * - * Revision 1.42 2006/09/09 14:01:45 fabiankeil - * Integrated Oliver Yeoh's domain pattern fix - * to make sure *x matches xx. Closes Patch 1217393 - * and Bug 1170767. - * - * Revision 1.41 2006/08/18 16:03:17 david__schmidt - * Tweak for OS/2 build happiness. - * - * Revision 1.40 2006/08/17 17:15:10 fabiankeil - * - Back to timegm() using GnuPG's replacement if necessary. - * Using mktime() and localtime() could add a on hour offset if - * the randomize factor was big enough to lead to a summer/wintertime - * switch. - * - * - Removed now-useless Privoxy 3.0.3 compatibility glue. - * - * - Moved randomization code into pick_from_range(). - * - * - Changed parse_header_time definition. - * time_t isn't guaranteed to be signed and - * if it isn't, -1 isn't available as error code. - * Changed some variable types in client_if_modified_since() - * because of the same reason. - * - * Revision 1.39 2006/07/18 14:48:46 david__schmidt - * Reorganizing the repository: swapping out what was HEAD (the old 3.1 branch) - * with what was really the latest development (the v_3_0_branch branch) - * - * Revision 1.37.2.4 2003/12/01 14:45:14 oes - * Fixed two more problems with wildcarding in simplematch() - * - * Revision 1.37.2.3 2003/11/20 11:39:24 oes - * Bugfix: The "?" wildcard for domain names had never been implemented. Ooops\! - * - * Revision 1.37.2.2 2002/11/12 14:28:18 oes - * Proper backtracking in simplematch; fixes bug #632888 - * - * Revision 1.37.2.1 2002/09/25 12:58:51 oes - * Made strcmpic and strncmpic safe against NULL arguments - * (which are now treated as empty strings). - * - * Revision 1.37 2002/04/26 18:29:43 jongfoster - * Fixing this Visual C++ warning: - * miscutil.c(710) : warning C4090: '=' : different 'const' qualifiers - * - * Revision 1.36 2002/04/26 12:55:38 oes - * New function string_toupper - * - * Revision 1.35 2002/03/26 22:29:55 swa - * we have a new homepage! - * - * Revision 1.34 2002/03/24 13:25:43 swa - * name change related issues - * - * Revision 1.33 2002/03/07 03:46:53 oes - * Fixed compiler warnings etc - * - * Revision 1.32 2002/03/06 23:02:57 jongfoster - * Removing tabs - * - * Revision 1.31 2002/03/05 04:52:42 oes - * Deleted non-errlog debugging code - * - * Revision 1.30 2002/03/04 18:27:42 oes - * - Deleted deletePidFile - * - Made write_pid_file use the --pidfile option value - * (or no PID file, if the option was absent) - * - Played styleguide police - * - * Revision 1.29 2002/03/04 02:08:02 david__schmidt - * Enable web editing of actions file on OS/2 (it had been broken all this time!) - * - * Revision 1.28 2002/03/03 09:18:03 joergs - * Made jumbjuster work on AmigaOS again. - * - * Revision 1.27 2002/01/21 00:52:32 jongfoster - * Adding string_join() - * - * Revision 1.26 2001/12/30 14:07:32 steudten - * - Add signal handling (unix) - * - Add SIGHUP handler (unix) - * - Add creation of pidfile (unix) - * - Add action 'top' in rc file (RH) - * - Add entry 'SIGNALS' to manpage - * - Add exit message to logfile (unix) - * - * Revision 1.25 2001/11/13 00:16:38 jongfoster - * Replacing references to malloc.h with the standard stdlib.h - * (See ANSI or K&R 2nd Ed) - * - * Revision 1.24 2001/11/05 21:41:43 steudten - * Add changes to be a real daemon just for unix os. - * (change cwd to /, detach from controlling tty, set - * process group and session leader to the own process. - * Add DBG() Macro. - * Add some fatal-error log message for failed malloc(). - * Add '-d' if compiled with 'configure --with-debug' to - * enable debug output. - * - * Revision 1.23 2001/10/29 03:48:10 david__schmidt - * OS/2 native needed a snprintf() routine. Added one to miscutil, brackedted - * by and __OS2__ ifdef. - * - * Revision 1.22 2001/10/26 17:39:38 oes - * Moved ijb_isspace and ijb_tolower to project.h - * - * Revision 1.21 2001/10/23 21:27:50 jongfoster - * Standardising error codes in string_append - * make_path() no longer adds '\\' if the dir already ends in '\\' (this - * is just copying a UNIX-specific fix to the Windows-specific part) - * - * Revision 1.20 2001/10/22 15:33:56 david__schmidt - * Special-cased OS/2 out of the Netscape-abort-on-404-in-js problem in - * filters.c. Added a FIXME in front of the offending code. I'll gladly - * put in a better/more robust fix for all parties if one is presented... - * It seems that just returning 200 instead of 404 would pretty much fix - * it for everyone, but I don't know all the history of the problem. - * - * Revision 1.19 2001/10/14 22:02:57 jongfoster - * New function string_append() which is like strsav(), but running - * out of memory isn't automatically FATAL. - * - * Revision 1.18 2001/09/20 13:33:43 steudten - * - * change long to int as return value in hash_string(). Remember the wraparound - * for int = long = sizeof(4) - thats maybe not what we want. - * - * Revision 1.17 2001/09/13 20:51:29 jongfoster - * Fixing potential problems with characters >=128 in simplematch() - * This was also a compiler warning. - * - * Revision 1.16 2001/09/10 10:56:59 oes - * Silenced compiler warnings - * - * Revision 1.15 2001/07/13 14:02:24 oes - * Removed vim-settings - * - * Revision 1.14 2001/06/29 21:45:41 oes - * Indentation, CRLF->LF, Tab-> Space - * - * Revision 1.13 2001/06/29 13:32:14 oes - * Removed logentry from cancelled commit - * - * Revision 1.12 2001/06/09 10:55:28 jongfoster - * Changing BUFSIZ ==> BUFFER_SIZE - * - * Revision 1.11 2001/06/07 23:09:19 jongfoster - * Cosmetic indentation changes. - * - * Revision 1.10 2001/06/07 14:51:38 joergs - * make_path() no longer adds '/' if the dir already ends in '/'. - * - * Revision 1.9 2001/06/07 14:43:17 swa - * slight mistake in make_path, unix path style is /. - * - * Revision 1.8 2001/06/05 22:32:01 jongfoster - * New function make_path() to splice directory and file names together. - * - * Revision 1.7 2001/06/03 19:12:30 oes - * introduced bindup() - * - * Revision 1.6 2001/06/01 18:14:49 jongfoster - * Changing the calls to strerr() to check HAVE_STRERR (which is defined - * in config.h if appropriate) rather than the NO_STRERR macro. - * - * Revision 1.5 2001/06/01 10:31:51 oes - * Added character class matching to trivimatch; renamed to simplematch - * - * Revision 1.4 2001/05/31 17:32:31 oes - * - * - Enhanced domain part globbing with infix and prefix asterisk - * matching and optional unanchored operation - * - * Revision 1.3 2001/05/29 23:10:09 oes - * - * - * - Introduced chomp() - * - Moved strsav() from showargs to miscutil - * - * Revision 1.2 2001/05/29 09:50:24 jongfoster - * Unified blocklist/imagelist/permissionslist. - * File format is still under discussion, but the internal changes - * are (mostly) done. - * - * Also modified interceptor behaviour: - * - We now intercept all URLs beginning with one of the following - * prefixes (and *only* these prefixes): - * * http://i.j.b/ - * * http://ijbswa.sf.net/config/ - * * http://ijbswa.sourceforge.net/config/ - * - New interceptors "home page" - go to http://i.j.b/ to see it. - * - Internal changes so that intercepted and fast redirect pages - * are not replaced with an image. - * - Interceptors now have the option to send a binary page direct - * to the client. (i.e. ijb-send-banner uses this) - * - Implemented show-url-info interceptor. (Which is why I needed - * the above interceptors changes - a typical URL is - * "http://i.j.b/show-url-info?url=www.somesite.com/banner.gif". - * The previous mechanism would not have intercepted that, and - * if it had been intercepted then it then it would have replaced - * it with an image.) - * - * Revision 1.1.1.1 2001/05/15 13:59:00 oes - * Initial import of version 2.9.3 source tree - * - * *********************************************************************/ - + #include "config.h" @@ -384,19 +97,19 @@ void *zalloc(size_t size) #if defined(unix) /********************************************************************* * - * Function : write_pid_file + * Function : write_pid_file * - * Description : Writes a pid file with the pid of the main process + * Description : Writes a pid file with the pid of the main process * * Parameters : None * - * Returns : N/A + * Returns : N/A * *********************************************************************/ void write_pid_file(void) { FILE *fp; - + /* * If no --pidfile option was given, * we can live without one. @@ -434,7 +147,7 @@ void write_pid_file(void) *********************************************************************/ unsigned int hash_string( const char* s ) { - unsigned int h = 0; + unsigned int h = 0; for ( ; *s; ++s ) { @@ -446,75 +159,6 @@ unsigned int hash_string( const char* s ) } -#ifdef __MINGW32__ -/********************************************************************* - * - * Function : strdup - * - * Description : For some reason (which is beyond me), gcc and WIN32 - * don't like strdup. When a "free" is executed on a - * strdup'd ptr, it can at times freez up! So I just - * replaced it and problem was solved. - * - * Parameters : - * 1 : s = string to duplicate - * - * Returns : Pointer to newly malloc'ed copy of the string. - * - *********************************************************************/ -char *strdup( const char *s ) -{ - char * result = (char *)malloc( strlen(s)+1 ); - - if (result != NULL) - { - strcpy( result, s ); - } - - return( result ); -} - -#endif /* def __MINGW32__ */ - - - -/********************************************************************* - * - * Function : safe_strerror - * - * Description : Variant of the library routine strerror() which will - * work on systems without the library routine, and - * which should never return NULL. - * - * Parameters : - * 1 : err = the `errno' of the last operation. - * - * Returns : An "English" string of the last `errno'. Allocated - * with strdup(), so caller frees. May be NULL if the - * system is out of memory. - * - *********************************************************************/ -char *safe_strerror(int err) -{ - char *s = NULL; - char buf[BUFFER_SIZE]; - - -#ifdef HAVE_STRERROR - s = strerror(err); -#endif /* HAVE_STRERROR */ - - if (s == NULL) - { - snprintf(buf, sizeof(buf), "(errno = %d)", err); - s = buf; - } - - return(strdup(s)); - -} - - /********************************************************************* * * Function : strcmpic @@ -550,7 +194,7 @@ int strcmpic(const char *s1, const char *s2) * * Function : strncmpic * - * Description : Case insensitive string comparison (upto n characters) + * Description : Case insensitive string comparison (up to n characters) * * Parameters : * 1 : s1 = string 1 to compare @@ -565,7 +209,7 @@ int strncmpic(const char *s1, const char *s2, size_t n) if (n <= (size_t)0) return(0); if (!s1) s1 = ""; if (!s2) s2 = ""; - + while (*s1 && *s2) { if ( ( *s1 != *s2 ) && ( ijb_tolower(*s1) != ijb_tolower(*s2) ) ) @@ -599,7 +243,7 @@ char *chomp(char *string) { char *p, *q, *r; - /* + /* * strip trailing whitespace */ p = string + strlen(string); @@ -609,8 +253,8 @@ char *chomp(char *string) } *p = '\0'; - /* - * find end of leading whitespace + /* + * find end of leading whitespace */ q = r = string; while (*q && ijb_isspace(*q)) @@ -638,7 +282,7 @@ char *chomp(char *string) * * Function : string_append * - * Description : Reallocate target_string and append text to it. + * Description : Reallocate target_string and append text to it. * This makes it easier to append to malloc'd strings. * This is similar to the (removed) strsav(), but * running out of memory isn't catastrophic. @@ -783,7 +427,7 @@ jb_err string_join(char **target_string, char *text_to_append) * Parameters : * 1 : string = string to convert * - * Returns : Uppercase copy of string if possible, + * Returns : Uppercase copy of string if possible, * NULL on out-of-memory or if string was NULL. * *********************************************************************/ @@ -796,7 +440,7 @@ char *string_toupper(const char *string) { return NULL; } - + q = string; p = result; @@ -846,11 +490,11 @@ char *bindup(const char *string, size_t len) * * Function : make_path * - * Description : Takes a directory name and a file name, returns + * Description : Takes a directory name and a file name, returns * the complete path. Handles windows/unix differences. * If the file name is already an absolute path, or if - * the directory name is NULL or empty, it returns - * the filename. + * the directory name is NULL or empty, it returns + * the filename. * * Parameters : * 1 : dir: Name of directory or NULL for none. @@ -859,7 +503,7 @@ char *bindup(const char *string, size_t len) * Returns : "dir/file" (Or on windows, "dir\file"). * It allocates the string on the heap. Caller frees. * Returns NULL in error (i.e. NULL file or out of - * memory) + * memory) * *********************************************************************/ char * make_path(const char * dir, const char * file) @@ -941,6 +585,7 @@ char * make_path(const char * dir, const char * file) strlcpy(path, dir, path_size); } + assert(NULL != path); #if defined(_WIN32) || defined(__OS2__) if(path[strlen(path)-1] != '\\') { @@ -971,7 +616,7 @@ char * make_path(const char * dir, const char * file) * Parameters : * 1 : range: Highest possible number to pick. * - * Returns : Picked number. + * Returns : Picked number. * *********************************************************************/ long int pick_from_range(long int range) @@ -987,7 +632,7 @@ long int pick_from_range(long int range) if (range <= 0) return 0; #ifdef HAVE_RANDOM - number = random() % range + 1; + number = random() % range + 1; #elif defined(MUTEX_LOCKS_AVAILABLE) privoxy_mutex_lock(&rand_mutex); #ifdef _WIN32 @@ -1091,7 +736,7 @@ size_t privoxy_strlcat(char *destination, const char *source, const size_t size) * Parameters : * 1 : tm: Broken-down time struct. * - * Returns : tm converted into time_t seconds. + * Returns : tm converted into time_t seconds. * *********************************************************************/ time_t timegm(struct tm *tm) @@ -1143,7 +788,7 @@ time_t timegm(struct tm *tm) snprintf.c - a portable implementation of snprintf, including vsnprintf.c, asnprintf, vasnprintf, asprintf, vasprintf - + snprintf is a routine to convert numeric and string arguments to formatted strings. It is similar to sprintf(3) provided in a system's C library, yet it requires an additional argument - the buffer size - @@ -1785,7 +1430,7 @@ int portable_vsnprintf(char *str, size_t str_m, const char *fmt, va_list ap) { } } /* zero padding to specified precision? */ - if (num_of_digits < precision) + if (num_of_digits < precision) number_of_zeros_to_pad = precision - num_of_digits; } /* zero padding to specified minimal field width? */ @@ -1803,7 +1448,7 @@ int portable_vsnprintf(char *str, size_t str_m, const char *fmt, va_list ap) { #if defined(PERL_COMPATIBLE) || defined(LINUX_COMPATIBLE) /* keep the entire format string unchanged */ str_arg = starting_p; str_arg_l = p - starting_p; - /* well, not exactly so for Linux, which does something inbetween, + /* well, not exactly so for Linux, which does something between, * and I don't feel an urge to imitate it: "%+++++hy" -> "%+y" */ #else /* discard the unrecognized conversion, just keep * diff --git a/external/privoxy/miscutil.h b/external/privoxy/miscutil.h index a0498aca..d66ebacb 100644 --- a/external/privoxy/miscutil.h +++ b/external/privoxy/miscutil.h @@ -1,23 +1,23 @@ #ifndef MISCUTIL_H_INCLUDED #define MISCUTIL_H_INCLUDED -#define MISCUTIL_H_VERSION "$Id: miscutil.h,v 1.30 2008/04/17 14:53:31 fabiankeil Exp $" +#define MISCUTIL_H_VERSION "$Id: miscutil.h,v 1.34 2011/09/04 11:10:56 fabiankeil Exp $" /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/miscutil.h,v $ * - * Purpose : zalloc, hash_string, safe_strerror, strcmpic, - * strncmpic, and MinGW32 strdup functions. These are - * each too small to deserve their own file but don't - * really fit in any other file. + * Purpose : zalloc, hash_string, strcmpic, strncmpic, and + * MinGW32 strdup functions. These are each too small + * to deserve their own file but don't really fit in + * any other file. * - * Copyright : Written by and Copyright (C) 2001-2007 the SourceForge + * Copyright : Written by and Copyright (C) 2001-2011 the * Privoxy team. http://www.privoxy.org/ * * Based on the Internet Junkbuster originally written - * by and Copyright (C) 1997 Anonymous Coders and + * by and Copyright (C) 1997 Anonymous Coders and * Junkbusters Corporation. http://www.junkbusters.com * - * This program is free software; you can redistribute it + * This program is free software; you can redistribute it * and/or modify it under the terms of the GNU General * Public License as published by the Free Software * Foundation; either version 2 of the License, or (at @@ -35,156 +35,8 @@ * or write to the Free Software Foundation, Inc., 59 * Temple Place - Suite 330, Boston, MA 02111-1307, USA. * - * Revisions : - * $Log: miscutil.h,v $ - * Revision 1.30 2008/04/17 14:53:31 fabiankeil - * Move simplematch() into urlmatch.c as it's only - * used to match (old-school) domain patterns. - * - * Revision 1.29 2007/09/09 18:20:20 fabiankeil - * Turn privoxy_strlcpy() into a function and try to work with - * b0rked snprintf() implementations too. Reported by icmp30. - * - * Revision 1.28 2007/05/11 11:48:16 fabiankeil - * - Delete strsav() which was replaced - * by string_append() years ago. - * - Add a strlcat() look-alike. - * - Use strlcat() and strlcpy() in those parts - * of the code that are run on unixes. - * - * Revision 1.27 2007/04/09 17:48:51 fabiankeil - * Check for HAVE_SNPRINTF instead of __OS2__ - * before including the portable snprintf() code. - * - * Revision 1.26 2007/04/08 17:04:51 fabiankeil - * Add macro for strlcpy() in case the libc lacks it. - * - * Revision 1.25 2007/01/18 15:03:20 fabiankeil - * Don't include replacement timegm() if - * putenv() or tzset() isn't available. - * - * Revision 1.24 2006/08/17 17:15:10 fabiankeil - * - Back to timegm() using GnuPG's replacement if necessary. - * Using mktime() and localtime() could add a on hour offset if - * the randomize factor was big enough to lead to a summer/wintertime - * switch. - * - * - Removed now-useless Privoxy 3.0.3 compatibility glue. - * - * - Moved randomization code into pick_from_range(). - * - * - Changed parse_header_time definition. - * time_t isn't guaranteed to be signed and - * if it isn't, -1 isn't available as error code. - * Changed some variable types in client_if_modified_since() - * because of the same reason. - * - * Revision 1.23 2006/07/18 14:48:47 david__schmidt - * Reorganizing the repository: swapping out what was HEAD (the old 3.1 branch) - * with what was really the latest development (the v_3_0_branch branch) - * - * Revision 1.21 2002/04/26 12:55:38 oes - * New function string_toupper - * - * Revision 1.20 2002/03/26 22:29:55 swa - * we have a new homepage! - * - * Revision 1.19 2002/03/24 13:25:43 swa - * name change related issues - * - * Revision 1.18 2002/03/07 03:46:17 oes - * Fixed compiler warnings - * - * Revision 1.17 2002/03/04 18:28:32 oes - * Deleted deletePidFile, played syleguide police - * - * Revision 1.16 2002/01/21 00:53:36 jongfoster - * Adding string_join() - * - * Revision 1.15 2001/12/30 14:07:32 steudten - * - Add signal handling (unix) - * - Add SIGHUP handler (unix) - * - Add creation of pidfile (unix) - * - Add action 'top' in rc file (RH) - * - Add entry 'SIGNALS' to manpage - * - Add exit message to logfile (unix) - * - * Revision 1.14 2001/11/05 21:43:48 steudten - * Add global var 'basedir' for unix os. - * - * Revision 1.13 2001/10/29 03:48:10 david__schmidt - * OS/2 native needed a snprintf() routine. Added one to miscutil, brackedted - * by and __OS2__ ifdef. - * - * Revision 1.12 2001/10/23 21:27:50 jongfoster - * Standardising error codes in string_append - * make_path() no longer adds '\\' if the dir already ends in '\\' (this - * is just copying a UNIX-specific fix to the Windows-specific part) - * - * Revision 1.11 2001/10/14 22:02:57 jongfoster - * New function string_append() which is like strsav(), but running - * out of memory isn't automatically FATAL. - * - * Revision 1.10 2001/09/20 13:34:09 steudten - * - * change long to int for prototype hash_string() - * - * Revision 1.9 2001/07/29 18:43:08 jongfoster - * Changing #ifdef _FILENAME_H to FILENAME_H_INCLUDED, to conform to - * ANSI C rules. - * - * Revision 1.8 2001/06/29 13:32:14 oes - * Removed logentry from cancelled commit - * - * Revision 1.7 2001/06/05 22:32:01 jongfoster - * New function make_path() to splice directory and file names together. - * - * Revision 1.6 2001/06/03 19:12:30 oes - * introduced bindup() - * - * Revision 1.5 2001/06/01 10:31:51 oes - * Added character class matching to trivimatch; renamed to simplematch - * - * Revision 1.4 2001/05/31 17:32:31 oes - * - * - Enhanced domain part globbing with infix and prefix asterisk - * matching and optional unanchored operation - * - * Revision 1.3 2001/05/29 23:10:09 oes - * - * - * - Introduced chomp() - * - Moved strsav() from showargs to miscutil - * - * Revision 1.2 2001/05/29 09:50:24 jongfoster - * Unified blocklist/imagelist/permissionslist. - * File format is still under discussion, but the internal changes - * are (mostly) done. - * - * Also modified interceptor behaviour: - * - We now intercept all URLs beginning with one of the following - * prefixes (and *only* these prefixes): - * * http://i.j.b/ - * * http://ijbswa.sf.net/config/ - * * http://ijbswa.sourceforge.net/config/ - * - New interceptors "home page" - go to http://i.j.b/ to see it. - * - Internal changes so that intercepted and fast redirect pages - * are not replaced with an image. - * - Interceptors now have the option to send a binary page direct - * to the client. (i.e. ijb-send-banner uses this) - * - Implemented show-url-info interceptor. (Which is why I needed - * the above interceptors changes - a typical URL is - * "http://i.j.b/show-url-info?url=www.somesite.com/banner.gif". - * The previous mechanism would not have intercepted that, and - * if it had been intercepted then it then it would have replaced - * it with an image.) - * - * Revision 1.1.1.1 2001/05/15 13:59:00 oes - * Initial import of version 2.9.3 source tree - * - * *********************************************************************/ - + #include "project.h" @@ -201,8 +53,6 @@ extern void write_pid_file(void); extern unsigned int hash_string(const char* s); -extern char *safe_strerror(int err); - extern int strcmpic(const char *s1, const char *s2); extern int strncmpic(const char *s1, const char *s2, size_t n); @@ -217,10 +67,6 @@ extern char *make_path(const char * dir, const char * file); long int pick_from_range(long int range); -#ifdef __MINGW32__ -extern char *strdup(const char *s); -#endif /* def __MINGW32__ */ - #ifndef HAVE_SNPRINTF extern int snprintf(char *, size_t, const char *, /*args*/ ...); #endif /* ndef HAVE_SNPRINTF */ diff --git a/external/privoxy/mkinstalldirs b/external/privoxy/mkinstalldirs old mode 100755 new mode 100644 diff --git a/external/privoxy/parsers.c b/external/privoxy/parsers.c index 021762e9..0cdee766 100644 --- a/external/privoxy/parsers.c +++ b/external/privoxy/parsers.c @@ -1,4 +1,4 @@ -const char parsers_rcs[] = "$Id: parsers.c,v 1.154 2009/03/13 14:10:07 fabiankeil Exp $"; +const char parsers_rcs[] = "$Id: parsers.c,v 1.237 2011/11/06 11:36:27 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/parsers.c,v $ @@ -42,848 +42,8 @@ const char parsers_rcs[] = "$Id: parsers.c,v 1.154 2009/03/13 14:10:07 fabiankei * or write to the Free Software Foundation, Inc., 59 * Temple Place - Suite 330, Boston, MA 02111-1307, USA. * - * Revisions : - * $Log: parsers.c,v $ - * Revision 1.154 2009/03/13 14:10:07 fabiankeil - * Fix some more harmless warnings on amd64. - * - * Revision 1.153 2009/03/07 13:09:17 fabiankeil - * Change csp->expected_content and_csp->expected_content_length from - * size_t to unsigned long long to reduce the likelihood of integer - * overflows that would let us close the connection prematurely. - * Bug found while investigating #2669131, reported by cyberpatrol. - * - * Revision 1.152 2009/03/01 18:43:48 fabiankeil - * Help clang understand that we aren't dereferencing - * NULL pointers here. - * - * Revision 1.151 2009/02/15 14:46:35 fabiankeil - * Don't let hide-referrer{conditional-*}} pass - * Referer headers without http URLs. - * - * Revision 1.150 2008/12/04 18:12:19 fabiankeil - * Fix some cparser warnings. - * - * Revision 1.149 2008/11/21 18:39:53 fabiankeil - * In case of CONNECT requests there's no point - * in trying to keep the connection alive. - * - * Revision 1.148 2008/11/16 12:43:49 fabiankeil - * Turn keep-alive support into a runtime feature - * that is disabled by setting keep-alive-timeout - * to a negative value. - * - * Revision 1.147 2008/11/04 17:20:31 fabiankeil - * HTTP/1.1 responses without Connection - * header imply keep-alive. Act accordingly. - * - * Revision 1.146 2008/10/12 16:46:35 fabiankeil - * Remove obsolete warning about delayed delivery with chunked - * transfer encoding and FEATURE_CONNECTION_KEEP_ALIVE enabled. - * - * Revision 1.145 2008/10/09 18:21:41 fabiankeil - * Flush work-in-progress changes to keep outgoing connections - * alive where possible. Incomplete and mostly #ifdef'd out. - * - * Revision 1.144 2008/09/21 13:59:33 fabiankeil - * Treat unknown change-x-forwarded-for parameters as fatal errors. - * - * Revision 1.143 2008/09/21 13:36:52 fabiankeil - * If change-x-forwarded-for{add} is used and the client - * sends multiple X-Forwarded-For headers, append the client's - * IP address to each one of them. "Traditionally" we would - * lose all but the last one. - * - * Revision 1.142 2008/09/20 10:04:33 fabiankeil - * Remove hide-forwarded-for-headers action which has - * been obsoleted by change-x-forwarded-for{block}. - * - * Revision 1.141 2008/09/19 15:26:28 fabiankeil - * Add change-x-forwarded-for{} action to block or add - * X-Forwarded-For headers. Mostly based on code removed - * before 3.0.7. - * - * Revision 1.140 2008/09/12 17:51:43 fabiankeil - * - A few style fixes. - * - Remove a pointless cast. - * - * Revision 1.139 2008/09/04 08:13:58 fabiankeil - * Prepare for critical sections on Windows by adding a - * layer of indirection before the pthread mutex functions. - * - * Revision 1.138 2008/08/30 12:03:07 fabiankeil - * Remove FEATURE_COOKIE_JAR. - * - * Revision 1.137 2008/05/30 15:50:08 fabiankeil - * Remove questionable micro-optimizations - * whose usefulness has never been measured. - * - * Revision 1.136 2008/05/26 16:02:24 fabiankeil - * s@Insufficent@Insufficient@ - * - * Revision 1.135 2008/05/21 20:12:10 fabiankeil - * The whole point of strclean() is to modify the - * first parameter, so don't mark it immutable, - * even though the compiler lets us get away with it. - * - * Revision 1.134 2008/05/21 19:27:25 fabiankeil - * As the wafer actions are gone, we can stop including encode.h. - * - * Revision 1.133 2008/05/21 15:50:47 fabiankeil - * Ditch cast from (char **) to (char **). - * - * Revision 1.132 2008/05/21 15:47:14 fabiankeil - * Streamline sed()'s prototype and declare - * the header parse and add structures static. - * - * Revision 1.131 2008/05/20 20:13:30 fabiankeil - * Factor update_server_headers() out of sed(), ditch the - * first_run hack and make server_patterns_light static. - * - * Revision 1.130 2008/05/19 17:18:04 fabiankeil - * Wrap memmove() calls in string_move() - * to document the purpose in one place. - * - * Revision 1.129 2008/05/17 14:02:07 fabiankeil - * Normalize linear header white space. - * - * Revision 1.128 2008/05/16 16:39:03 fabiankeil - * If a header is split across multiple lines, - * merge them to a single line before parsing them. - * - * Revision 1.127 2008/05/10 13:23:38 fabiankeil - * Don't provide get_header() with the whole client state - * structure when it only needs access to csp->iob. - * - * Revision 1.126 2008/05/03 16:40:45 fabiankeil - * Change content_filters_enabled()'s parameter from - * csp->action to action so it can be also used in the - * CGI code. Don't bother checking if there are filters - * loaded, as that's somewhat besides the point. - * - * Revision 1.125 2008/04/17 14:40:49 fabiankeil - * Provide get_http_time() with the buffer size so it doesn't - * have to blindly assume that the buffer is big enough. - * - * Revision 1.124 2008/04/16 16:38:21 fabiankeil - * Don't pass the whole csp structure to flush_socket() - * when it only needs a file descriptor and a buffer. - * - * Revision 1.123 2008/03/29 12:13:46 fabiankeil - * Remove send-wafer and send-vanilla-wafer actions. - * - * Revision 1.122 2008/03/28 15:13:39 fabiankeil - * Remove inspect-jpegs action. - * - * Revision 1.121 2008/01/05 21:37:03 fabiankeil - * Let client_range() also handle Request-Range headers - * which apparently are still supported by many servers. - * - * Revision 1.120 2008/01/04 17:43:45 fabiankeil - * Improve the warning messages that get logged if the action files - * "enable" filters but no filters of that type have been loaded. - * - * Revision 1.119 2007/12/28 18:32:51 fabiankeil - * In server_content_type(): - * - Don't require leading white space when detecting image content types. - * - Change '... not replaced ...' message to sound less crazy if the text - * type actually is 'text/plain'. - * - Mark the 'text/plain == binary data' assumption for removal. - * - Remove a bunch of trailing white space. - * - * Revision 1.118 2007/12/28 16:56:35 fabiankeil - * Minor server_content_disposition() changes: - * - Don't regenerate the header name all lower-case. - * - Some white space fixes. - * - Remove useless log message in case of ENOMEM. - * - * Revision 1.117 2007/12/06 18:11:50 fabiankeil - * Garbage-collect the code to add a X-Forwarded-For - * header as it seems to be mostly used by accident. - * - * Revision 1.116 2007/12/01 13:04:22 fabiankeil - * Fix a crash on mingw32 with some Last Modified times in the future. - * - * Revision 1.115 2007/11/02 16:52:50 fabiankeil - * Remove a "can't happen" error block which, over - * time, mutated into a "guaranteed to happen" block. - * - * Revision 1.114 2007/10/19 16:56:26 fabiankeil - * - Downgrade "Buffer limit reached" message to LOG_LEVEL_INFO. - * - Use shiny new content_filters_enabled() in client_range(). - * - * Revision 1.113 2007/10/10 17:29:57 fabiankeil - * I forgot about Poland. - * - * Revision 1.112 2007/10/09 16:38:40 fabiankeil - * Remove Range and If-Range headers if content filtering is enabled. - * - * Revision 1.111 2007/10/04 18:07:00 fabiankeil - * Move ACTION_VANILLA_WAFER handling from jcc's chat() into - * client_cookie_adder() to make sure send-vanilla-wafer can be - * controlled through tags (and thus regression-tested). - * - * Revision 1.110 2007/09/29 10:42:37 fabiankeil - * - Remove "scanning headers for" log message again. - * - Some more whitespace fixes. - * - * Revision 1.109 2007/09/08 14:25:48 fabiankeil - * Refactor client_referrer() and add conditional-forge parameter. - * - * Revision 1.108 2007/08/28 18:21:03 fabiankeil - * A bunch of whitespace fixes, pointy hat to me. - * - * Revision 1.107 2007/08/28 18:16:32 fabiankeil - * Fix possible memory corruption in server_http, make sure it's not - * executed for ordinary server headers and mark some problems for later. - * - * Revision 1.106 2007/08/18 14:30:32 fabiankeil - * Let content-type-overwrite{} honour force-text-mode again. - * - * Revision 1.105 2007/08/11 14:49:49 fabiankeil - * - Add prototpyes for the header parsers and make them static. - * - Comment out client_accept_encoding_adder() which isn't used right now. - * - * Revision 1.104 2007/07/14 07:38:19 fabiankeil - * Move the ACTION_FORCE_TEXT_MODE check out of - * server_content_type(). Signal other functions - * whether or not a content type has been declared. - * Part of the fix for BR#1750917. - * - * Revision 1.103 2007/06/01 16:31:54 fabiankeil - * Change sed() to return a jb_err in preparation for forward-override{}. - * - * Revision 1.102 2007/05/27 12:39:32 fabiankeil - * Adjust "X-Filter: No" to disable dedicated header filters. - * - * Revision 1.101 2007/05/14 10:16:41 fabiankeil - * Streamline client_cookie_adder(). - * - * Revision 1.100 2007/04/30 15:53:11 fabiankeil - * Make sure filters with dynamic jobs actually use them. - * - * Revision 1.99 2007/04/30 15:06:26 fabiankeil - * - Introduce dynamic pcrs jobs that can resolve variables. - * - Remove unnecessary update_action_bits_for_all_tags() call. - * - * Revision 1.98 2007/04/17 18:32:10 fabiankeil - * - Make tagging based on tags set by earlier taggers - * of the same kind possible. - * - Log whether or not new tags cause action bits updates - * (in which case a matching tag-pattern section exists). - * - Log if the user tries to set a tag that is already set. - * - * Revision 1.97 2007/04/15 16:39:21 fabiankeil - * Introduce tags as alternative way to specify which - * actions apply to a request. At the moment tags can be - * created based on client and server headers. - * - * Revision 1.96 2007/04/12 12:53:58 fabiankeil - * Log a warning if the content is compressed, filtering is - * enabled and Privoxy was compiled without zlib support. - * Closes FR#1673938. - * - * Revision 1.95 2007/03/25 14:26:40 fabiankeil - * - Fix warnings when compiled with glibc. - * - Don't use crumble() for cookie crunching. - * - Move cookie time parsing into parse_header_time(). - * - Let parse_header_time() return a jb_err code - * instead of a pointer that can only be used to - * check for NULL anyway. - * - * Revision 1.94 2007/03/21 12:23:53 fabiankeil - * - Add better protection against malicious gzip headers. - * - Stop logging the first hundred bytes of decompressed content. - * It looks like it's working and there is always debug 16. - * - Log the content size after decompression in decompress_iob() - * instead of pcrs_filter_response(). - * - * Revision 1.93 2007/03/20 15:21:44 fabiankeil - * - Use dedicated header filter actions instead of abusing "filter". - * Replace "filter-client-headers" and "filter-client-headers" - * with "server-header-filter" and "client-header-filter". - * - Remove filter_client_header() and filter_client_header(), - * filter_header() now checks the shiny new - * CSP_FLAG_CLIENT_HEADER_PARSING_DONE flag instead. - * - * Revision 1.92 2007/03/05 13:25:32 fabiankeil - * - Cosmetical changes for LOG_LEVEL_RE_FILTER messages. - * - Handle "Cookie:" and "Connection:" headers a bit smarter - * (don't crunch them just to recreate them later on). - * - Add another non-standard time format for the cookie - * expiration date detection. - * - Fix a valgrind warning. - * - * Revision 1.91 2007/02/24 12:27:32 fabiankeil - * Improve cookie expiration date detection. - * - * Revision 1.90 2007/02/08 19:12:35 fabiankeil - * Don't run server_content_length() the first time - * sed() parses server headers; only adjust the - * Content-Length header if the page was modified. - * - * Revision 1.89 2007/02/07 16:52:11 fabiankeil - * Fix log messages regarding the cookie time format - * (cookie and request URL were mixed up). - * - * Revision 1.88 2007/02/07 11:27:12 fabiankeil - * - Let decompress_iob() - * - not corrupt the content if decompression fails - * early. (the first byte(s) were lost). - * - use pointer arithmetics with defined outcome for - * a change. - * - Use a different kludge to remember a failed decompression. - * - * Revision 1.87 2007/01/31 16:21:38 fabiankeil - * Search for Max-Forwards headers case-insensitive, - * don't generate the "501 unsupported" message for invalid - * Max-Forwards values and don't increase negative ones. - * - * Revision 1.86 2007/01/30 13:05:26 fabiankeil - * - Let server_set_cookie() check the expiration date - * of cookies and don't touch the ones that are already - * expired. Fixes problems with low quality web applications - * as described in BR 932612. - * - * - Adjust comment in client_max_forwards to reality; - * remove invalid Max-Forwards headers. - * - * Revision 1.85 2007/01/26 15:33:46 fabiankeil - * Stop filter_header() from unintentionally removing - * empty header lines that were enlisted by the continue - * hack. - * - * Revision 1.84 2007/01/24 12:56:52 fabiankeil - * - Repeat the request URL before logging any headers. - * Makes reading the log easier in case of simultaneous requests. - * - If there are more than one Content-Type headers in one request, - * use the first one and remove the others. - * - Remove "newval" variable in server_content_type(). - * It's only used once. - * - * Revision 1.83 2007/01/12 15:03:02 fabiankeil - * Correct a cast, check inflateEnd() exit code - * to see if we have to, replace sprintf calls - * with snprintf. - * - * Revision 1.82 2007/01/01 19:36:37 fabiankeil - * Integrate a modified version of Wil Mahan's - * zlib patch (PR #895531). - * - * Revision 1.81 2006/12/31 22:21:33 fabiankeil - * Skip empty filter files in filter_header() - * but don't ignore the ones that come afterwards. - * Fixes BR 1619208, this time for real. - * - * Revision 1.80 2006/12/29 19:08:22 fabiankeil - * Reverted parts of my last commit - * to keep error handling working. - * - * Revision 1.79 2006/12/29 18:04:40 fabiankeil - * Fixed gcc43 conversion warnings. - * - * Revision 1.78 2006/12/26 17:19:20 fabiankeil - * Bringing back the "useless" localtime() call - * I removed in revision 1.67. On some platforms - * it's necessary to prevent time zone offsets. - * - * Revision 1.77 2006/12/07 18:44:26 fabiankeil - * Rebuild request URL in get_destination_from_headers() - * to make sure redirect{pcrs command} works as expected - * for intercepted requests. - * - * Revision 1.76 2006/12/06 19:52:25 fabiankeil - * Added get_destination_from_headers(). - * - * Revision 1.75 2006/11/13 19:05:51 fabiankeil - * Make pthread mutex locking more generic. Instead of - * checking for OSX and OpenBSD, check for FEATURE_PTHREAD - * and use mutex locking unless there is an _r function - * available. Better safe than sorry. - * - * Fixes "./configure --disable-pthread" and should result - * in less threading-related problems on pthread-using platforms, - * but it still doesn't fix BR#1122404. - * - * Revision 1.74 2006/10/02 16:59:12 fabiankeil - * The special header "X-Filter: No" now disables - * header filtering as well. - * - * Revision 1.73 2006/09/23 13:26:38 roro - * Replace TABs by spaces in source code. - * - * Revision 1.72 2006/09/23 12:37:21 fabiankeil - * Don't print a log message every time filter_headers is - * entered or left. It only creates noise without any real - * information. - * - * Revision 1.71 2006/09/21 19:55:17 fabiankeil - * Fix +hide-if-modified-since{-n}. - * - * Revision 1.70 2006/09/08 12:06:34 fabiankeil - * Have hide-if-modified-since interpret the random - * range value as minutes instead of hours. Allows - * more fine-grained configuration. - * - * Revision 1.69 2006/09/06 16:25:51 fabiankeil - * Always have parse_header_time return a pointer - * that actual makes sense, even though we currently - * only need it to detect problems. - * - * Revision 1.68 2006/09/06 10:43:32 fabiankeil - * Added config option enable-remote-http-toggle - * to specify if Privoxy should recognize special - * headers (currently only X-Filter) to change its - * behaviour. Disabled by default. - * - * Revision 1.67 2006/09/04 11:01:26 fabiankeil - * After filtering de-chunked instances, remove - * "Transfer-Encoding" header entirely instead of changing - * it to "Transfer-Encoding: identity", which is invalid. - * Thanks Michael Shields