SHARE
TWEET

Untitled

a guest Jul 17th, 2014 252 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #        Sample Configuration File for Privoxy
  2. #
  3. #  Id: config,v
  4. #
  5. #  Copyright (C) 2001-2011 Privoxy Developers http://www.privoxy.org/
  6. #
  7. ####################################################################
  8. #                                                                  #
  9. #                      Table of Contents                           #
  10. #                                                                  #
  11. #        I. INTRODUCTION                                           #
  12. #       II. FORMAT OF THE CONFIGURATION FILE                       #
  13. #                                                                  #
  14. #        1. LOCAL SET-UP DOCUMENTATION                             #
  15. #        2. CONFIGURATION AND LOG FILE LOCATIONS                   #
  16. #        3. DEBUGGING                                              #
  17. #        4. ACCESS CONTROL AND SECURITY                            #
  18. #        5. FORWARDING                                             #
  19. #        6. WINDOWS GUI OPTIONS                                    #
  20. #                                                                  #
  21. ####################################################################
  22. #
  23. #
  24. #  I. INTRODUCTION
  25. #   ===============
  26. #
  27. #  This file holds Privoxy's main configuration. Privoxy detects
  28. #  configuration changes automatically, so you don't have to restart
  29. #  it unless you want to load a different configuration file.
  30. #
  31. #  The configuration will be reloaded with the first request after
  32. #  the change was done, this request itself will still use the old
  33. #  configuration, though. In other words: it takes two requests before
  34. #  you see the result of your changes.  Requests that are dropped due
  35. #  to ACL don't trigger reloads.
  36. #
  37. #  When starting Privoxy on Unix systems, give the location of this
  38. #  file as last argument. On Windows systems, Privoxy will look for
  39. #  this file with the name 'config.txt' in the current working directory
  40. #  of the Privoxy process.
  41. #
  42. #
  43. #  II. FORMAT OF THE CONFIGURATION FILE
  44. #  ====================================
  45. #
  46. #  Configuration lines consist of an initial keyword followed by a
  47. #  list of values, all separated by whitespace (any number of spaces
  48. #  or tabs). For example,
  49. #
  50. #  actionsfile default.action
  51. #
  52. #  Indicates that the actionsfile is named 'default.action'.
  53. #
  54. #  The '#' indicates a comment. Any part of a line following a '#'
  55. #  is ignored, except if the '#' is preceded by a '\'.
  56. #
  57. #  Thus, by placing a # at the start of an existing configuration
  58. #  line, you can make it a comment and it will be treated as if it
  59. #  weren't there. This is called "commenting out" an option and can
  60. #  be useful. Removing the # again is called "uncommenting".
  61. #
  62. #  Note that commenting out an option and leaving it at its default
  63. #  are two completely different things! Most options behave very
  64. #  differently when unset.  See the "Effect if unset" explanation in
  65. #  each option's description for details.
  66. #
  67. #  Long lines can be continued on the next line by using a `\' as the
  68. #  last character.
  69. #
  70. #
  71. #
  72. #  1. LOCAL SET-UP DOCUMENTATION
  73. #  ==============================
  74. #
  75. #  If you intend to operate Privoxy for more users than just yourself,
  76. #  it might be a good idea to let them know how to reach you, what
  77. #  you block and why you do that, your policies, etc.
  78. #
  79. #
  80. #
  81. #  1.1. user-manual
  82. #  =================
  83. #
  84. #  Specifies:
  85. #
  86. #      Location of the Privoxy User Manual.
  87. #
  88. #  Type of value:
  89. #
  90. #      A fully qualified URI
  91. #
  92. #  Default value:
  93. #
  94. #      Unset
  95. #
  96. #  Effect if unset:
  97. #
  98. #      http://www.privoxy.org/version/user-manual/ will be used,
  99. #      where version is the Privoxy version.
  100. #
  101. #  Notes:
  102. #
  103. #      The User Manual URI is the single best source of information on
  104. #      Privoxy, and is used for help links from some of the internal
  105. #      CGI pages. The manual itself is normally packaged with the
  106. #      binary distributions, so you probably want to set this to a
  107. #      locally installed copy.
  108. #
  109. #      Examples:
  110. #
  111. #      The best all purpose solution is simply to put the full local
  112. #      PATH to where the User Manual is located:
  113. #
  114. #        user-manual  /usr/share/doc/privoxy/user-manual
  115. #
  116. #      The User Manual is then available to anyone with
  117. #      access to Privoxy, by following the built-in URL:
  118. #      http://config.privoxy.org/user-manual/ (or the shortcut:
  119. #      http://p.p/user-manual/).
  120. #
  121. #      If the documentation is not on the local system, it can be
  122. #      accessed from a remote server, as:
  123. #
  124. #        user-manual  http://example.com/privoxy/user-manual/
  125. #
  126. #      WARNING!!!
  127. #
  128. #          If set, this option should be the first option in the config
  129. #          file, because it is used while the config file is being read.
  130. #
  131. user-manual /usr/share/doc/privoxy/user-manual
  132. #
  133. #
  134. #  1.2. trust-info-url
  135. #  ====================
  136. #
  137. #  Specifies:
  138. #
  139. #      A URL to be displayed in the error page that users will see if
  140. #      access to an untrusted page is denied.
  141. #
  142. #  Type of value:
  143. #
  144. #      URL
  145. #
  146. #  Default value:
  147. #
  148. #      Unset
  149. #
  150. #  Effect if unset:
  151. #
  152. #      No links are displayed on the "untrusted" error page.
  153. #
  154. #  Notes:
  155. #
  156. #      The value of this option only matters if the experimental trust
  157. #      mechanism has been activated. (See trustfile below.)
  158. #
  159. #      If you use the trust mechanism, it is a good idea to write
  160. #      up some on-line documentation about your trust policy and to
  161. #      specify the URL(s) here. Use multiple times for multiple URLs.
  162. #
  163. #      The URL(s) should be added to the trustfile as well, so users
  164. #      don't end up locked out from the information on why they were
  165. #      locked out in the first place!
  166. #
  167. #trust-info-url  http://www.example.com/why_we_block.html
  168. #trust-info-url  http://www.example.com/what_we_allow.html
  169. #
  170. #
  171. #  1.3. admin-address
  172. #  ===================
  173. #
  174. #  Specifies:
  175. #
  176. #      An email address to reach the Privoxy administrator.
  177. #
  178. #  Type of value:
  179. #
  180. #      Email address
  181. #
  182. #  Default value:
  183. #
  184. #      Unset
  185. #
  186. #  Effect if unset:
  187. #
  188. #      No email address is displayed on error pages and the CGI user
  189. #      interface.
  190. #
  191. #  Notes:
  192. #
  193. #      If both admin-address and proxy-info-url are unset, the whole
  194. #      "Local Privoxy Support" box on all generated pages will not
  195. #      be shown.
  196. #
  197. #admin-address privoxy-admin@example.com
  198. #
  199. #
  200. #  1.4. proxy-info-url
  201. #  ====================
  202. #
  203. #  Specifies:
  204. #
  205. #      A URL to documentation about the local Privoxy setup,
  206. #      configuration or policies.
  207. #
  208. #  Type of value:
  209. #
  210. #      URL
  211. #
  212. #  Default value:
  213. #
  214. #      Unset
  215. #
  216. #  Effect if unset:
  217. #
  218. #      No link to local documentation is displayed on error pages and
  219. #      the CGI user interface.
  220. #
  221. #  Notes:
  222. #
  223. #      If both admin-address and proxy-info-url are unset, the whole
  224. #      "Local Privoxy Support" box on all generated pages will not
  225. #      be shown.
  226. #
  227. #      This URL shouldn't be blocked ;-)
  228. #
  229. #proxy-info-url http://www.example.com/proxy-service.html
  230. #
  231. #
  232. #  2. CONFIGURATION AND LOG FILE LOCATIONS
  233. #  ========================================
  234. #
  235. #  Privoxy can (and normally does) use a number of other files for
  236. #  additional configuration, help and logging. This section of the
  237. #  configuration file tells Privoxy where to find those other files.
  238. #
  239. #  The user running Privoxy, must have read permission for all
  240. #  configuration files, and write permission to any files that would
  241. #  be modified, such as log files and actions files.
  242. #
  243. #
  244. #
  245. #  2.1. confdir
  246. #  =============
  247. #
  248. #  Specifies:
  249. #
  250. #      The directory where the other configuration files are located.
  251. #
  252. #  Type of value:
  253. #
  254. #      Path name
  255. #
  256. #  Default value:
  257. #
  258. #      /etc/privoxy (Unix) or Privoxy installation dir (Windows)
  259. #
  260. #  Effect if unset:
  261. #
  262. #      Mandatory
  263. #
  264. #  Notes:
  265. #
  266. #      No trailing "/", please.
  267. #
  268. confdir /etc/privoxy
  269. #
  270. #
  271. #  2.2. templdir
  272. #  ==============
  273. #
  274. #  Specifies:
  275. #
  276. #      An alternative directory where the templates are loaded from.
  277. #
  278. #  Type of value:
  279. #
  280. #      Path name
  281. #
  282. #  Default value:
  283. #
  284. #      unset
  285. #
  286. #  Effect if unset:
  287. #
  288. #      The templates are assumed to be located in confdir/template.
  289. #
  290. #  Notes:
  291. #
  292. #      Privoxy's original templates are usually overwritten with each
  293. #      update. Use this option to relocate customized templates that
  294. #      should be kept. As template variables might change between
  295. #      updates, you shouldn't expect templates to work with Privoxy
  296. #      releases other than the one they were part of, though.
  297. #
  298. #templdir .
  299. #
  300. #
  301. #  2.3. logdir
  302. #  ============
  303. #
  304. #  Specifies:
  305. #
  306. #      The directory where all logging takes place (i.e. where the
  307. #      logfile is located).
  308. #
  309. #  Type of value:
  310. #
  311. #      Path name
  312. #
  313. #  Default value:
  314. #
  315. #      /var/log/privoxy (Unix) or Privoxy installation dir (Windows)
  316. #
  317. #  Effect if unset:
  318. #
  319. #      Mandatory
  320. #
  321. #  Notes:
  322. #
  323. #      No trailing "/", please.
  324. #
  325. logdir /var/log/privoxy
  326. #
  327. #
  328. #  2.4. actionsfile
  329. #  =================
  330. #
  331. #  Specifies:
  332. #
  333. #      The actions file(s) to use
  334. #
  335. #  Type of value:
  336. #
  337. #      Complete file name, relative to confdir
  338. #
  339. #  Default values:
  340. #
  341. #        match-all.action # Actions that are applied to all sites and maybe overruled later on.
  342. #
  343. #        default.action   # Main actions file
  344. #
  345. #        user.action      # User customizations
  346. #
  347. #  Effect if unset:
  348. #
  349. #      No actions are taken at all. More or less neutral proxying.
  350. #
  351. #  Notes:
  352. #
  353. #      Multiple actionsfile lines are permitted, and are in fact
  354. #      recommended!
  355. #
  356. #      The default values are default.action, which is the "main"
  357. #      actions file maintained by the developers, and user.action,
  358. #      where you can make your personal additions.
  359. #
  360. #      Actions files contain all the per site and per URL configuration
  361. #      for ad blocking, cookie management, privacy considerations,
  362. #      etc. There is no point in using Privoxy without at least one
  363. #      actions file.
  364. #
  365. #      Note that since Privoxy 3.0.7, the complete filename, including
  366. #      the ".action" extension has to be specified. The syntax change
  367. #      was necessary to be consistent with the other file options and
  368. #      to allow previously forbidden characters.
  369. #
  370. actionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on.
  371. actionsfile default.action   # Main actions file
  372. actionsfile user.action      # User customizations
  373. #
  374. #
  375. #  2.5. filterfile
  376. #  ================
  377. #
  378. #  Specifies:
  379. #
  380. #      The filter file(s) to use
  381. #
  382. #  Type of value:
  383. #
  384. #      File name, relative to confdir
  385. #
  386. #  Default value:
  387. #
  388. #      default.filter (Unix) or default.filter.txt (Windows)
  389. #
  390. #  Effect if unset:
  391. #
  392. #      No textual content filtering takes place, i.e. all +filter{name}
  393. #      actions in the actions files are turned neutral.
  394. #
  395. #  Notes:
  396. #
  397. #      Multiple filterfile lines are permitted.
  398. #
  399. #      The filter files contain content modification rules that use
  400. #      regular expressions. These rules permit powerful changes on the
  401. #      content of Web pages, and optionally the headers as well, e.g.,
  402. #      you could try to disable your favorite JavaScript annoyances,
  403. #      re-write the actual displayed text, or just have some fun
  404. #      playing buzzword bingo with web pages.
  405. #
  406. #      The +filter{name} actions rely on the relevant filter (name)
  407. #      to be defined in a filter file!
  408. #
  409. #      A pre-defined filter file called default.filter that contains a
  410. #      number of useful filters for common problems is included in the
  411. #      distribution. See the section on the filter action for a list.
  412. #
  413. #      It is recommended to place any locally adapted filters into a
  414. #      separate file, such as user.filter.
  415. #
  416. filterfile default.filter
  417. filterfile user.filter      # User customizations
  418. #
  419. #
  420. #  2.6. logfile
  421. #  =============
  422. #
  423. #  Specifies:
  424. #
  425. #      The log file to use
  426. #
  427. #  Type of value:
  428. #
  429. #      File name, relative to logdir
  430. #
  431. #  Default value:
  432. #
  433. #      Unset (commented out). When activated: logfile (Unix) or
  434. #      privoxy.log (Windows).
  435. #
  436. #  Effect if unset:
  437. #
  438. #      No logfile is written.
  439. #
  440. #  Notes:
  441. #
  442. #      The logfile is where all logging and error messages are
  443. #      written. The level of detail and number of messages are set with
  444. #      the debug option (see below).  The logfile can be useful for
  445. #      tracking down a problem with Privoxy (e.g., it's not blocking
  446. #      an ad you think it should block) and it can help you to monitor
  447. #      what your browser is doing.
  448. #
  449. #      Depending on the debug options below, the logfile may be a
  450. #      privacy risk if third parties can get access to it. As most
  451. #      users will never look at it, Privoxy 3.0.7 and later only log
  452. #      fatal errors by default.
  453. #
  454. #      For most troubleshooting purposes, you will have to change that,
  455. #      please refer to the debugging section for details.
  456. #
  457. #      Your logfile will grow indefinitely, and you will probably
  458. #      want to periodically remove it. On Unix systems, you can do
  459. #      this with a cron job (see "man cron"). For Red Hat based Linux
  460. #      distributions, a logrotate script has been included.
  461. #
  462. #      Any log files must be writable by whatever user Privoxy is
  463. #      being run as (on Unix, default user id is "privoxy").
  464. #
  465. #logfile logfile
  466. #
  467. #
  468. #  2.7. trustfile
  469. #  ===============
  470. #
  471. #  Specifies:
  472. #
  473. #      The name of the trust file to use
  474. #
  475. #  Type of value:
  476. #
  477. #      File name, relative to confdir
  478. #
  479. #  Default value:
  480. #
  481. #      Unset (commented out). When activated: trust (Unix) or trust.txt
  482. #      (Windows)
  483. #
  484. #  Effect if unset:
  485. #
  486. #      The entire trust mechanism is disabled.
  487. #
  488. #  Notes:
  489. #
  490. #      The trust mechanism is an experimental feature for building
  491. #      white-lists and should be used with care. It is NOT recommended
  492. #      for the casual user.
  493. #
  494. #      If you specify a trust file, Privoxy will only allow access to
  495. #      sites that are specified in the trustfile. Sites can be listed
  496. #      in one of two ways:
  497. #
  498. #      Prepending a ~ character limits access to this site only (and
  499. #      any sub-paths within this site), e.g. ~www.example.com allows
  500. #      access to ~www.example.com/ features/news.html, etc.
  501. #
  502. #      Or, you can designate sites as trusted referrers, by prepending
  503. #      the name with a + character. The effect is that access to
  504. #      untrusted sites will be granted -- but only if a link from
  505. #      this trusted referrer was used to get there. The link target
  506. #      will then be added to the "trustfile" so that future, direct
  507. #      accesses will be granted. Sites added via this mechanism do
  508. #      not become trusted referrers themselves (i.e. they are added
  509. #      with a ~ designation). There is a limit of 512 such entries,
  510. #      after which new entries will not be made.
  511. #
  512. #      If you use the + operator in the trust file, it may grow
  513. #      considerably over time.
  514. #
  515. #      It is recommended that Privoxy be compiled with the
  516. #      --disable-force, --disable-toggle and --disable-editor options,
  517. #      if this feature is to be used.
  518. #
  519. #      Possible applications include limiting Internet access for
  520. #      children.
  521. #
  522. #trustfile trust
  523. #
  524. #
  525. #  3. DEBUGGING
  526. #  =============
  527. #
  528. #  These options are mainly useful when tracing a problem. Note that
  529. #  you might also want to invoke Privoxy with the --no-daemon command
  530. #  line option when debugging.
  531. #
  532. #
  533. #
  534. #  3.1. debug
  535. #  ===========
  536. #
  537. #  Specifies:
  538. #
  539. #      Key values that determine what information gets logged.
  540. #
  541. #  Type of value:
  542. #
  543. #      Integer values
  544. #
  545. #  Default value:
  546. #
  547. #      0 (i.e.: only fatal errors (that cause Privoxy to exit) are logged)
  548. #
  549. #  Effect if unset:
  550. #
  551. #      Default value is used (see above).
  552. #
  553. #  Notes:
  554. #
  555. #      The available debug levels are:
  556. #
  557. #        debug         1 # Log the destination for each request Privoxy let through. See also debug 1024.
  558. #        debug         2 # show each connection status
  559. #        debug         4 # show I/O status
  560. #        debug         8 # show header parsing
  561. #        debug        16 # log all data written to the network
  562. #        debug        32 # debug force feature
  563. #        debug        64 # debug regular expression filters
  564. #        debug       128 # debug redirects
  565. #        debug       256 # debug GIF de-animation
  566. #        debug       512 # Common Log Format
  567. #        debug      1024 # Log the destination for requests Privoxy didn't let through, and the reason why.
  568. #        debug      2048 # CGI user interface
  569. #        debug      4096 # Startup banner and warnings.
  570. #        debug      8192 # Non-fatal errors
  571. #        debug     32768 # log all data read from the network
  572. #
  573. #
  574. #      To select multiple debug levels, you can either add them or
  575. #      use multiple debug lines.
  576. #
  577. #      A debug level of 1 is informative because it will show you each
  578. #      request as it happens. 1, 1024, 4096 and 8192 are recommended
  579. #      so that you will notice when things go wrong. The other levels
  580. #      are probably only of interest if you are hunting down a specific
  581. #      problem. They can produce a hell of an output (especially 16).
  582. #
  583. #      Privoxy used to ship with the debug levels recommended above
  584. #      enabled by default, but due to privacy concerns 3.0.7 and later
  585. #      are configured to only log fatal errors.
  586. #
  587. #      If you are used to the more verbose settings, simply enable
  588. #      the debug lines below again.
  589. #
  590. #      If you want to use pure CLF (Common Log Format), you should set
  591. #      "debug 512" ONLY and not enable anything else.
  592. #
  593. #      Privoxy has a hard-coded limit for the length of log messages. If
  594. #      it's reached, messages are logged truncated and marked with
  595. #      "... [too long, truncated]".
  596. #
  597. #      Please don't file any support requests without trying to
  598. #      reproduce the problem with increased debug level first. Once
  599. #      you read the log messages, you may even be able to solve the
  600. #      problem on your own.
  601. #
  602. #debug      1 # Log the destination for each request Privoxy let through.
  603. #debug   1024 # Log the destination for requests Privoxy didn't let through, and the reason why.
  604. #debug   4096 # Startup banner and warnings
  605. #debug   8192 # Non-fatal errors
  606. #
  607. #
  608. #  3.2. single-threaded
  609. #  =====================
  610. #
  611. #  Specifies:
  612. #
  613. #      Whether to run only one server thread.
  614. #
  615. #  Type of value:
  616. #
  617. #      None
  618. #
  619. #  Default value:
  620. #
  621. #      Unset
  622. #
  623. #  Effect if unset:
  624. #
  625. #      Multi-threaded (or, where unavailable: forked) operation,
  626. #      i.e. the ability to serve multiple requests simultaneously.
  627. #
  628. #  Notes:
  629. #
  630. #      This option is only there for debugging purposes. It will
  631. #      drastically reduce performance.
  632. #
  633. #single-threaded
  634. #
  635. #
  636. #  3.3. hostname
  637. #  ==============
  638. #
  639. #  Specifies:
  640. #
  641. #      The hostname shown on the CGI pages.
  642. #
  643. #  Type of value:
  644. #
  645. #      Text
  646. #
  647. #  Default value:
  648. #
  649. #      Unset
  650. #
  651. #  Effect if unset:
  652. #
  653. #      The hostname provided by the operating system is used.
  654. #
  655. #  Notes:
  656. #
  657. #      On some misconfigured systems resolving the hostname fails or
  658. #      takes too much time and slows Privoxy down. Setting a fixed
  659. #      hostname works around the problem.
  660. #
  661. #      In other circumstances it might be desirable to show a hostname
  662. #      other than the one returned by the operating system. For example
  663. #      if the system has several different hostnames and you don't
  664. #      want to use the first one.
  665. #
  666. #      Note that Privoxy does not validate the specified hostname value.
  667. #
  668. #hostname hostname.example.org
  669. #
  670. #
  671. #  4. ACCESS CONTROL AND SECURITY
  672. #  ===============================
  673. #
  674. #  This section of the config file controls the security-relevant
  675. #  aspects of Privoxy's configuration.
  676. #
  677. #
  678. #
  679. #  4.1. listen-address
  680. #  ====================
  681. #
  682. #  Specifies:
  683. #
  684. #      The address and TCP port on which Privoxy will listen for
  685. #      client requests.
  686. #
  687. #  Type of value:
  688. #
  689. #      [IP-Address]:Port
  690. #
  691. #      [Hostname]:Port
  692. #
  693. #  Default value:
  694. #
  695. #      127.0.0.1:8118
  696. #
  697. #  Effect if unset:
  698. #
  699. #      Bind to 127.0.0.1 (IPv4 localhost), port 8118. This is suitable
  700. #      and recommended for home users who run Privoxy on the same
  701. #      machine as their browser.
  702. #
  703. #  Notes:
  704. #
  705. #      You will need to configure your browser(s) to this proxy address
  706. #      and port.
  707. #
  708. #      If you already have another service running on port 8118, or
  709. #      if you want to serve requests from other machines (e.g. on your
  710. #      local network) as well, you will need to override the default.
  711. #
  712. #      You can use this statement multiple times to make Privoxy listen
  713. #      on more ports or more IP addresses. Suitable if your operating
  714. #      system does not support sharing IPv6 and IPv4 protocols on the
  715. #      same socket.
  716. #
  717. #      If a hostname is used instead of an IP address, Privoxy will
  718. #      try to resolve it to an IP address and if there are multiple,
  719. #      use the first one returned.
  720. #
  721. #      If the address for the hostname isn't already known on the
  722. #      system (for example because it's in /etc/hostname), this may
  723. #      result in DNS traffic.
  724. #
  725. #      If the specified address isn't available on the system, or if
  726. #      the hostname can't be resolved, Privoxy will fail to start.
  727. #
  728. #      IPv6 addresses containing colons have to be quoted by
  729. #      brackets. They can only be used if Privoxy has been compiled
  730. #      with IPv6 support. If you aren't sure if your version supports
  731. #      it, have a look at http://config.privoxy.org/ show-status.
  732. #
  733. #      Some operating systems will prefer IPv6 to IPv4 addresses even if
  734. #      the system has no IPv6 connectivity which is usually not expected
  735. #      by the user.  Some even rely on DNS to resolve localhost which
  736. #      mean the "localhost" address used may not actually be local.
  737. #
  738. #      It is therefore recommended to explicitly configure the intended
  739. #      IP address instead of relying on the operating system, unless
  740. #      there's a strong reason not to.
  741. #
  742. #      If you leave out the address, Privoxy will bind to all IPv4
  743. #      interfaces (addresses) on your machine and may become reachable
  744. #      from the Internet and/ or the local network. Be aware that
  745. #      some GNU/Linux distributions modify that behaviour without
  746. #      updating the documentation. Check for non-standard patches if
  747. #      your Privoxyversion behaves differently.
  748. #
  749. #      If you configure Privoxyto be reachable from the network,
  750. #      consider using access control lists (ACL's, see below), and/or
  751. #      a firewall.
  752. #
  753. #      If you open Privoxy to untrusted users, you will also
  754. #      want to make sure that the following actions are disabled:
  755. #      enable-edit-actions and enable-remote-toggle
  756. #
  757. #      With the exception noted above, listening on multiple addresses
  758. #      is currently not supported by Privoxy directly. It can be done
  759. #      on most operating systems by letting a packet filter redirect
  760. #      request for certain addresses to Privoxy, though.
  761. #
  762. #  Example:
  763. #
  764. #      Suppose you are running Privoxy on a machine which has the
  765. #      address 192.168.0.1 on your local private network (192.168.0.0)
  766. #      and has another outside connection with a different address. You
  767. #      want it to serve requests from inside only:
  768. #
  769. #        listen-address  192.168.0.1:8118
  770. #
  771. #      Suppose you are running Privoxy on an IPv6-capable machine and
  772. #      you want it to listen on the IPv6 address of the loopback device:
  773. #
  774. #        listen-address [::1]:8118
  775. #
  776. listen-address  127.0.0.1:8118
  777. #
  778. #
  779. #  4.2. toggle
  780. #  ============
  781. #
  782. #  Specifies:
  783. #
  784. #      Initial state of "toggle" status
  785. #
  786. #  Type of value:
  787. #
  788. #      1 or 0
  789. #
  790. #  Default value:
  791. #
  792. #      1
  793. #
  794. #  Effect if unset:
  795. #
  796. #      Act as if toggled on
  797. #
  798. #  Notes:
  799. #
  800. #      If set to 0, Privoxy will start in "toggled off" mode,
  801. #      i.e. mostly behave like a normal, content-neutral proxy
  802. #      with both ad blocking and content filtering disabled. See
  803. #      enable-remote-toggle below.
  804. #
  805. #      The windows version will only display the toggle icon in the
  806. #      system tray if this option is present.
  807. #
  808. toggle  1
  809. #
  810. #
  811. #  4.3. enable-remote-toggle
  812. #  ==========================
  813. #
  814. #  Specifies:
  815. #
  816. #      Whether or not the web-based toggle feature may be used
  817. #
  818. #  Type of value:
  819. #
  820. #      0 or 1
  821. #
  822. #  Default value:
  823. #
  824. #      0
  825. #
  826. #  Effect if unset:
  827. #
  828. #      The web-based toggle feature is disabled.
  829. #
  830. #  Notes:
  831. #
  832. #      When toggled off, Privoxy mostly acts like a normal,
  833. #      content-neutral proxy, i.e. doesn't block ads or filter content.
  834. #
  835. #      Access to the toggle feature can not be controlled separately by
  836. #      "ACLs" or HTTP authentication, so that everybody who can access
  837. #      Privoxy (see "ACLs" and listen-address above) can toggle it
  838. #      for all users. So this option is not recommended for multi-user
  839. #      environments with untrusted users.
  840. #
  841. #      Note that malicious client side code (e.g Java) is also capable
  842. #      of using this option.
  843. #
  844. #      As a lot of Privoxy users don't read documentation, this feature
  845. #      is disabled by default.
  846. #
  847. #      Note that you must have compiled Privoxy with support for this
  848. #      feature, otherwise this option has no effect.
  849. #
  850. enable-remote-toggle  0
  851. #
  852. #
  853. #  4.4. enable-remote-http-toggle
  854. #  ===============================
  855. #
  856. #  Specifies:
  857. #
  858. #      Whether or not Privoxy recognizes special HTTP headers to change
  859. #      its behaviour.
  860. #
  861. #  Type of value:
  862. #
  863. #      0 or 1
  864. #
  865. #  Default value:
  866. #
  867. #      0
  868. #
  869. #  Effect if unset:
  870. #
  871. #      Privoxy ignores special HTTP headers.
  872. #
  873. #  Notes:
  874. #
  875. #      When toggled on, the client can change Privoxy's behaviour by
  876. #      setting special HTTP headers. Currently the only supported
  877. #      special header is "X-Filter: No", to disable filtering for
  878. #      the ongoing request, even if it is enabled in one of the
  879. #      action files.
  880. #
  881. #      This feature is disabled by default. If you are using Privoxy in
  882. #      a environment with trusted clients, you may enable this feature
  883. #      at your discretion. Note that malicious client side code (e.g
  884. #      Java) is also capable of using this feature.
  885. #
  886. #      This option will be removed in future releases as it has been
  887. #      obsoleted by the more general header taggers.
  888. #
  889. enable-remote-http-toggle  0
  890. #
  891. #
  892. #  4.5. enable-edit-actions
  893. #  =========================
  894. #
  895. #  Specifies:
  896. #
  897. #      Whether or not the web-based actions file editor may be used
  898. #
  899. #  Type of value:
  900. #
  901. #      0 or 1
  902. #
  903. #  Default value:
  904. #
  905. #      0
  906. #
  907. #  Effect if unset:
  908. #
  909. #      The web-based actions file editor is disabled.
  910. #
  911. #  Notes:
  912. #
  913. #      Access to the editor can not be controlled separately by
  914. #      "ACLs" or HTTP authentication, so that everybody who can access
  915. #      Privoxy (see "ACLs" and listen-address above) can modify its
  916. #      configuration for all users.
  917. #
  918. #      This option is not recommended for environments with untrusted
  919. #      users and as a lot of Privoxy users don't read documentation,
  920. #      this feature is disabled by default.
  921. #
  922. #      Note that malicious client side code (e.g Java) is also capable
  923. #      of using the actions editor and you shouldn't enable this
  924. #      options unless you understand the consequences and are sure
  925. #      your browser is configured correctly.
  926. #
  927. #      Note that you must have compiled Privoxy with support for this
  928. #      feature, otherwise this option has no effect.
  929. #
  930. enable-edit-actions 0
  931. #
  932. #
  933. #  4.6. enforce-blocks
  934. #  ====================
  935. #
  936. #  Specifies:
  937. #
  938. #      Whether the user is allowed to ignore blocks and can "go there
  939. #      anyway".
  940. #
  941. #  Type of value:
  942. #
  943. #      0 or 1
  944. #
  945. #  Default value:
  946. #
  947. #      0
  948. #
  949. #  Effect if unset:
  950. #
  951. #      Blocks are not enforced.
  952. #
  953. #  Notes:
  954. #
  955. #      Privoxy is mainly used to block and filter requests as a service
  956. #      to the user, for example to block ads and other junk that clogs
  957. #      the pipes.  Privoxy's configuration isn't perfect and sometimes
  958. #      innocent pages are blocked. In this situation it makes sense to
  959. #      allow the user to enforce the request and have Privoxy ignore
  960. #      the block.
  961. #
  962. #      In the default configuration Privoxy's "Blocked" page contains
  963. #      a "go there anyway" link to adds a special string (the force
  964. #      prefix) to the request URL. If that link is used, Privoxy
  965. #      will detect the force prefix, remove it again and let the
  966. #      request pass.
  967. #
  968. #      Of course Privoxy can also be used to enforce a network
  969. #      policy. In that case the user obviously should not be able to
  970. #      bypass any blocks, and that's what the "enforce-blocks" option
  971. #      is for. If it's enabled, Privoxy hides the "go there anyway"
  972. #      link. If the user adds the force prefix by hand, it will not
  973. #      be accepted and the circumvention attempt is logged.
  974. #
  975. #  Examples:
  976. #
  977. #      enforce-blocks 1
  978. #
  979. enforce-blocks 0
  980. #
  981. #
  982. #  4.7. ACLs: permit-access and deny-access
  983. #  =========================================
  984. #
  985. #  Specifies:
  986. #
  987. #      Who can access what.
  988. #
  989. #  Type of value:
  990. #
  991. #      src_addr[:port][/src_masklen] [dst_addr[:port][/dst_masklen]]
  992. #
  993. #      Where src_addr and dst_addr are IPv4 addresses in dotted
  994. #      decimal notation or valid DNS names, port is a port number, and
  995. #      src_masklen and dst_masklen are subnet masks in CIDR notation,
  996. #      i.e. integer values from 2 to 30 representing the length
  997. #      (in bits) of the network address. The masks and the whole
  998. #      destination part are optional.
  999. #
  1000. #      If your system implements RFC 3493, then src_addr and dst_addr
  1001. #      can be IPv6 addresses delimeted by brackets, port can be a
  1002. #      number or a service name, and src_masklen and dst_masklen can
  1003. #      be a number from 0 to 128.
  1004. #
  1005. #  Default value:
  1006. #
  1007. #      Unset
  1008. #
  1009. #      If no port is specified, any port will match. If no src_masklen
  1010. #      or src_masklen is given, the complete IP address has to match
  1011. #      (i.e. 32 bits for IPv4 and 128 bits for IPv6).
  1012. #
  1013. #  Effect if unset:
  1014. #
  1015. #      Don't restrict access further than implied by listen-address
  1016. #
  1017. #  Notes:
  1018. #
  1019. #      Access controls are included at the request of ISPs and systems
  1020. #      administrators, and are not usually needed by individual
  1021. #      users. For a typical home user, it will normally suffice to
  1022. #      ensure that Privoxy only listens on the localhost (127.0.0.1)
  1023. #      or internal (home) network address by means of the listen-address
  1024. #      option.
  1025. #
  1026. #      Please see the warnings in the FAQ that Privoxy is not intended
  1027. #      to be a substitute for a firewall or to encourage anyone to
  1028. #      defer addressing basic security weaknesses.
  1029. #
  1030. #      Multiple ACL lines are OK. If any ACLs are specified, Privoxy
  1031. #      only talks to IP addresses that match at least one permit-access
  1032. #      line and don't match any subsequent deny-access line. In other
  1033. #      words, the last match wins, with the default being deny-access.
  1034. #
  1035. #      If Privoxy is using a forwarder (see forward below) for a
  1036. #      particular destination URL, the dst_addr that is examined is
  1037. #      the address of the forwarder and NOT the address of the ultimate
  1038. #      target. This is necessary because it may be impossible for the
  1039. #      local Privoxy to determine the IP address of the ultimate target
  1040. #      (that's often what gateways are used for).
  1041. #
  1042. #      You should prefer using IP addresses over DNS names, because
  1043. #      the address lookups take time. All DNS names must resolve! You
  1044. #      can not use domain patterns like "*.org" or partial domain
  1045. #      names. If a DNS name resolves to multiple IP addresses, only
  1046. #      the first one is used.
  1047. #
  1048. #      Some systems allow IPv4 clients to connect to IPv6 server
  1049. #      sockets. Then the client's IPv4 address will be translated by the
  1050. #      system into IPv6 address space with special prefix ::ffff:0:0/96
  1051. #      (so called IPv4 mapped IPv6 address). Privoxy can handle it
  1052. #      and maps such ACL addresses automatically.
  1053. #
  1054. #      Denying access to particular sites by ACL may have undesired
  1055. #      side effects if the site in question is hosted on a machine
  1056. #      which also hosts other sites (most sites are).
  1057. #
  1058. #  Examples:
  1059. #
  1060. #      Explicitly define the default behavior if no ACL and
  1061. #      listen-address are set: "localhost" is OK. The absence of a
  1062. #      dst_addr implies that all destination addresses are OK:
  1063. #
  1064. #        permit-access  localhost
  1065. #
  1066. #
  1067. #      Allow any host on the same class C subnet as www.privoxy.org
  1068. #      access to nothing but www.example.com (or other domains hosted
  1069. #      on the same system):
  1070. #
  1071. #        permit-access  www.privoxy.org/24 www.example.com/32
  1072. #
  1073. #
  1074. #      Allow access from any host on the 26-bit subnet 192.168.45.64 to
  1075. #      anywhere, with the exception that 192.168.45.73 may not access
  1076. #      the IP address behind www.dirty-stuff.example.com:
  1077. #
  1078. #        permit-access  192.168.45.64/26
  1079. #        deny-access   192.168.45.73  www.dirty-stuff.example.com
  1080. #
  1081. #      Allow access from the IPv4 network 192.0.2.0/24 even if listening
  1082. #      on an IPv6 wild card address (not supported on all platforms):
  1083. #
  1084. #        permit-access  192.0.2.0/24
  1085. #
  1086. #
  1087. #      This is equivalent to the following line even if listening on
  1088. #      an IPv4 address (not supported on all platforms):
  1089. #
  1090. #        permit-access  [::ffff:192.0.2.0]/120
  1091. #
  1092. #
  1093. #  4.8. buffer-limit
  1094. #  ==================
  1095. #
  1096. #  Specifies:
  1097. #
  1098. #      Maximum size of the buffer for content filtering.
  1099. #
  1100. #  Type of value:
  1101. #
  1102. #      Size in Kbytes
  1103. #
  1104. #  Default value:
  1105. #
  1106. #      4096
  1107. #
  1108. #  Effect if unset:
  1109. #
  1110. #      Use a 4MB (4096 KB) limit.
  1111. #
  1112. #  Notes:
  1113. #
  1114. #      For content filtering, i.e. the +filter and +deanimate-gif
  1115. #      actions, it is necessary that Privoxy buffers the entire document
  1116. #      body. This can be potentially dangerous, since a server could
  1117. #      just keep sending data indefinitely and wait for your RAM to
  1118. #      exhaust -- with nasty consequences.  Hence this option.
  1119. #
  1120. #      When a document buffer size reaches the buffer-limit, it is
  1121. #      flushed to the client unfiltered and no further attempt to filter
  1122. #      the rest of the document is made. Remember that there may be
  1123. #      multiple threads running, which might require up to buffer-limit
  1124. #      Kbytes each, unless you have enabled "single-threaded" above.
  1125. #
  1126. buffer-limit 4096
  1127. #
  1128. #
  1129. #  5. FORWARDING
  1130. #  ==============
  1131. #
  1132. #  This feature allows routing of HTTP requests through a chain of
  1133. #  multiple proxies.
  1134. #
  1135. #  Forwarding can be used to chain Privoxy with a caching proxy to
  1136. #  speed up browsing. Using a parent proxy may also be necessary if
  1137. #  the machine that Privoxy runs on has no direct Internet access.
  1138. #
  1139. #  Note that parent proxies can severely decrease your privacy
  1140. #  level. For example a parent proxy could add your IP address to the
  1141. #  request headers and if it's a caching proxy it may add the "Etag"
  1142. #  header to revalidation requests again, even though you configured
  1143. #  Privoxy to remove it. It may also ignore Privoxy's header time
  1144. #  randomization and use the original values which could be used by
  1145. #  the server as cookie replacement to track your steps between visits.
  1146. #
  1147. #  Also specified here are SOCKS proxies. Privoxy supports the SOCKS
  1148. #  4 and SOCKS 4A protocols.
  1149. #
  1150. #
  1151. #
  1152. #  5.1. forward
  1153. #  =============
  1154. #
  1155. #  Specifies:
  1156. #
  1157. #      To which parent HTTP proxy specific requests should be routed.
  1158. #
  1159. #  Type of value:
  1160. #
  1161. #      target_pattern http_parent[:port]
  1162. #
  1163. #      where target_pattern is a URL pattern that specifies to which
  1164. #      requests (i.e. URLs) this forward rule shall apply. Use /
  1165. #      to denote "all URLs".  http_parent[:port] is the DNS name or
  1166. #      IP address of the parent HTTP proxy through which the requests
  1167. #      should be forwarded, optionally followed by its listening port
  1168. #      (default: 8000). Use a single dot (.) to denote "no forwarding".
  1169. #
  1170. #  Default value:
  1171. #
  1172. #      Unset
  1173. #
  1174. #  Effect if unset:
  1175. #
  1176. #      Don't use parent HTTP proxies.
  1177. #
  1178. #  Notes:
  1179. #
  1180. #      If http_parent is ".", then requests are not forwarded to
  1181. #      another HTTP proxy but are made directly to the web servers.
  1182. #
  1183. #      http_parent can be a numerical IPv6 address (if RFC 3493 is
  1184. #      implemented).  To prevent clashes with the port delimiter,
  1185. #      the whole IP address has to be put into brackets. On the other
  1186. #      hand a target_pattern containing an IPv6 address has to be put
  1187. #      into angle brackets (normal brackets are reserved for regular
  1188. #      expressions already).
  1189. #
  1190. #      Multiple lines are OK, they are checked in sequence, and the
  1191. #      last match wins.
  1192. #
  1193. #  Examples:
  1194. #
  1195. #      Everything goes to an example parent proxy, except SSL on port
  1196. #      443 (which it doesn't handle):
  1197. #
  1198. #        forward   /      parent-proxy.example.org:8080
  1199. #        forward   :443   .
  1200. #
  1201. #
  1202. #      Everything goes to our example ISP's caching proxy, except for
  1203. #      requests to that ISP's sites:
  1204. #
  1205. #        forward   /                  caching-proxy.isp.example.net:8000
  1206. #        forward   .isp.example.net   .
  1207. #
  1208. #
  1209. #      Parent proxy specified by an IPv6 address:
  1210. #
  1211. #        forward   /                   [2001:DB8::1]:8000
  1212. #
  1213. #
  1214. #      Suppose your parent proxy doesn't support IPv6:
  1215. #
  1216. #        forward  /                        parent-proxy.example.org:8000
  1217. #        forward  ipv6-server.example.org  .
  1218. #        forward  <[2-3][0-9a-f][0-9a-f][0-9a-f]:*>   .
  1219. #
  1220. #
  1221. #  5.2. forward-socks4, forward-socks4a and forward-socks5
  1222. #  ========================================================
  1223. #
  1224. #  Specifies:
  1225. #
  1226. #      Through which SOCKS proxy (and optionally to which parent HTTP
  1227. #      proxy) specific requests should be routed.
  1228. #
  1229. #  Type of value:
  1230. #
  1231. #      target_pattern socks_proxy[:port] http_parent[:port]
  1232. #
  1233. #      where target_pattern is a URL pattern that specifies to which
  1234. #      requests (i.e. URLs) this forward rule shall apply. Use / to
  1235. #      denote "all URLs".  http_parent and socks_proxy are IP addresses
  1236. #      in dotted decimal notation or valid DNS names (http_parent may
  1237. #      be "." to denote "no HTTP forwarding"), and the optional port
  1238. #      parameters are TCP ports, i.e. integer values from 1 to 65535
  1239. #
  1240. #  Default value:
  1241. #
  1242. #      Unset
  1243. #
  1244. #  Effect if unset:
  1245. #
  1246. #      Don't use SOCKS proxies.
  1247. #
  1248. #  Notes:
  1249. #
  1250. #      Multiple lines are OK, they are checked in sequence, and the
  1251. #      last match wins.
  1252. #
  1253. #      The difference between forward-socks4 and forward-socks4a
  1254. #      is that in the SOCKS 4A protocol, the DNS resolution of the
  1255. #      target hostname happens on the SOCKS server, while in SOCKS 4
  1256. #      it happens locally.
  1257. #
  1258. #      With forward-socks5 the DNS resolution will happen on the remote
  1259. #      server as well.
  1260. #
  1261. #      socks_proxy and http_parent can be a numerical IPv6 address
  1262. #      (if RFC 3493 is implemented). To prevent clashes with the port
  1263. #      delimiter, the whole IP address has to be put into brackets. On
  1264. #      the other hand a target_pattern containing an IPv6 address has
  1265. #      to be put into angle brackets (normal brackets are reserved
  1266. #      for regular expressions already).
  1267. #
  1268. #      If http_parent is ".", then requests are not forwarded to another
  1269. #      HTTP proxy but are made (HTTP-wise) directly to the web servers,
  1270. #      albeit through a SOCKS proxy.
  1271. #
  1272. #  Examples:
  1273. #
  1274. #      From the company example.com, direct connections are made to all
  1275. #      "internal" domains, but everything outbound goes through their
  1276. #      ISP's proxy by way of example.com's corporate SOCKS 4A gateway
  1277. #      to the Internet.
  1278. #
  1279. #forward-socks4a   / 127.0.0.1:9050 .
  1280. #        forward           .example.com        .
  1281. #
  1282. #
  1283. #      A rule that uses a SOCKS 4 gateway for all destinations but no
  1284. #      HTTP parent looks like this:
  1285. #
  1286. #        forward-socks4   /               socks-gw.example.com:1080  .
  1287. #
  1288. #
  1289. #      To chain Privoxy and Tor, both running on the same system,
  1290. #      you would use something like:
  1291. #
  1292. forward-socks5   /               127.0.0.1:9050 .
  1293. #
  1294. #
  1295. #      The public Tor network can't be used to reach your local network,
  1296. #      if you need to access local servers you therefore might want
  1297. #      to make some exceptions:
  1298. #
  1299. #        forward         192.168.*.*/     .  
  1300. #        forward         10.*.*.*/        .  
  1301. #        forward         127.*.*.*/       .
  1302. #
  1303. #
  1304. #      Unencrypted connections to systems in these address ranges will
  1305. #      be as (un) secure as the local network is, but the alternative
  1306. #      is that you can't reach the local network through Privoxy at
  1307. #      all. Of course this may actually be desired and there is no
  1308. #      reason to make these exceptions if you aren't sure you need them.
  1309. #
  1310. #      If you also want to be able to reach servers in your local
  1311. #      network by using their names, you will need additional exceptions
  1312. #      that look like this:
  1313. #
  1314. #       forward           localhost/     .
  1315. #
  1316. #
  1317. #
  1318. #  5.3. forwarded-connect-retries
  1319. #  ===============================
  1320. #
  1321. #  Specifies:
  1322. #
  1323. #      How often Privoxy retries if a forwarded connection request
  1324. #      fails.
  1325. #
  1326. #  Type of value:
  1327. #
  1328. #      Number of retries.
  1329. #
  1330. #  Default value:
  1331. #
  1332. #      0
  1333. #
  1334. #  Effect if unset:
  1335. #
  1336. #      Connections forwarded through other proxies are treated like
  1337. #      direct connections and no retry attempts are made.
  1338. #
  1339. #  Notes:
  1340. #
  1341. #      forwarded-connect-retries is mainly interesting for socks4a
  1342. #      connections, where Privoxy can't detect why the connections
  1343. #      failed. The connection might have failed because of a DNS timeout
  1344. #      in which case a retry makes sense, but it might also have failed
  1345. #      because the server doesn't exist or isn't reachable. In this
  1346. #      case the retry will just delay the appearance of Privoxy's
  1347. #      error message.
  1348. #
  1349. #      Note that in the context of this option, "forwarded connections"
  1350. #      includes all connections that Privoxy forwards through other
  1351. #      proxies. This option is not limited to the HTTP CONNECT method.
  1352. #
  1353. #      Only use this option, if you are getting lots of
  1354. #      forwarding-related error messages that go away when you try again
  1355. #      manually. Start with a small value and check Privoxy's logfile
  1356. #      from time to time, to see how many retries are usually needed.
  1357. #
  1358. #      Due to a bug, this option currently also causes Privoxy to
  1359. #      retry in case of certain problems with direct connections.
  1360. #
  1361. #  Examples:
  1362. #
  1363. #      forwarded-connect-retries 1
  1364. #
  1365. forwarded-connect-retries  0
  1366. #
  1367. #
  1368. #  6. MISCELLANEOUS
  1369. #  =================
  1370. #
  1371. #  6.1. accept-intercepted-requests
  1372. #  =================================
  1373. #
  1374. #  Specifies:
  1375. #
  1376. #      Whether intercepted requests should be treated as valid.
  1377. #
  1378. #  Type of value:
  1379. #
  1380. #      0 or 1
  1381. #
  1382. #  Default value:
  1383. #
  1384. #      0
  1385. #
  1386. #  Effect if unset:
  1387. #
  1388. #      Only proxy requests are accepted, intercepted requests are
  1389. #      treated as invalid.
  1390. #
  1391. #  Notes:
  1392. #
  1393. #      If you don't trust your clients and want to force them to use
  1394. #      Privoxy, enable this option and configure your packet filter
  1395. #      to redirect outgoing HTTP connections into Privoxy.
  1396. #
  1397. #      Make sure that Privoxy's own requests aren't redirected as well.
  1398. #      Additionally take care that Privoxy can't intentionally connect
  1399. #      to itself, otherwise you could run into redirection loops if
  1400. #      Privoxy's listening port is reachable by the outside or an
  1401. #      attacker has access to the pages you visit.
  1402. #
  1403. #  Examples:
  1404. #
  1405. #      accept-intercepted-requests 1
  1406. #
  1407. accept-intercepted-requests 0
  1408. #
  1409. #
  1410. #  6.2. allow-cgi-request-crunching
  1411. #  =================================
  1412. #
  1413. #  Specifies:
  1414. #
  1415. #      Whether requests to Privoxy's CGI pages can be blocked or
  1416. #      redirected.
  1417. #
  1418. #  Type of value:
  1419. #
  1420. #      0 or 1
  1421. #
  1422. #  Default value:
  1423. #
  1424. #      0
  1425. #
  1426. #  Effect if unset:
  1427. #
  1428. #      Privoxy ignores block and redirect actions for its CGI pages.
  1429. #
  1430. #  Notes:
  1431. #
  1432. #      By default Privoxy ignores block or redirect actions for
  1433. #      its CGI pages.  Intercepting these requests can be useful in
  1434. #      multi-user setups to implement fine-grained access control,
  1435. #      but it can also render the complete web interface useless and
  1436. #      make debugging problems painful if done without care.
  1437. #
  1438. #      Don't enable this option unless you're sure that you really
  1439. #      need it.
  1440. #
  1441. #  Examples:
  1442. #
  1443. #      allow-cgi-request-crunching 1
  1444. #
  1445. allow-cgi-request-crunching 0
  1446. #
  1447. #
  1448. #  6.3. split-large-forms
  1449. #  =======================
  1450. #
  1451. #  Specifies:
  1452. #
  1453. #      Whether the CGI interface should stay compatible with broken
  1454. #      HTTP clients.
  1455. #
  1456. #  Type of value:
  1457. #
  1458. #      0 or 1
  1459. #
  1460. #  Default value:
  1461. #
  1462. #      0
  1463. #
  1464. #  Effect if unset:
  1465. #
  1466. #      The CGI form generate long GET URLs.
  1467. #
  1468. #  Notes:
  1469. #
  1470. #      Privoxy's CGI forms can lead to rather long URLs. This isn't
  1471. #      a problem as far as the HTTP standard is concerned, but it can
  1472. #      confuse clients with arbitrary URL length limitations.
  1473. #
  1474. #      Enabling split-large-forms causes Privoxy to divide big forms
  1475. #      into smaller ones to keep the URL length down. It makes editing
  1476. #      a lot less convenient and you can no longer submit all changes
  1477. #      at once, but at least it works around this browser bug.
  1478. #
  1479. #      If you don't notice any editing problems, there is no reason
  1480. #      to enable this option, but if one of the submit buttons appears
  1481. #      to be broken, you should give it a try.
  1482. #
  1483. #  Examples:
  1484. #
  1485. #      split-large-forms 1
  1486. #
  1487. split-large-forms 0
  1488. #
  1489. #
  1490. #  6.4. keep-alive-timeout
  1491. #  ========================
  1492. #
  1493. #  Specifies:
  1494. #
  1495. #      Number of seconds after which an open connection will no longer
  1496. #      be reused.
  1497. #
  1498. #  Type of value:
  1499. #
  1500. #      Time in seconds.
  1501. #
  1502. #  Default value:
  1503. #
  1504. #      None
  1505. #
  1506. #  Effect if unset:
  1507. #
  1508. #      Connections are not kept alive.
  1509. #
  1510. #  Notes:
  1511. #
  1512. #      This option allows clients to keep the connection to Privoxy
  1513. #      alive. If the server supports it, Privoxy will keep the
  1514. #      connection to the server alive as well. Under certain
  1515. #      circumstances this may result in speed-ups.
  1516. #
  1517. #      By default, Privoxy will close the connection to the server if
  1518. #      the client connection gets closed, or if the specified timeout
  1519. #      has been reached without a new request coming in. This behaviour
  1520. #      can be changed with the connection-sharing option.
  1521. #
  1522. #      This option has no effect if Privoxy has been compiled without
  1523. #      keep-alive support.
  1524. #
  1525. #      Note that a timeout of five seconds as used in the default
  1526. #      configuration file significantly decreases the number of
  1527. #      connections that will be reused.  The value is used because some
  1528. #      browsers limit the number of connections they open to a single
  1529. #      host and apply the same limit to proxies. This can result in a
  1530. #      single website "grabbing" all the connections the browser allows,
  1531. #      which means connections to other websites can't be opened until
  1532. #      the connections currently in use time out.
  1533. #
  1534. #      Several users have reported this as a Privoxy bug, so the default
  1535. #      value has been reduced. Consider increasing it to 300 seconds
  1536. #      or even more if you think your browser can handle it. If your
  1537. #      browser appears to be hanging it can't.
  1538. #
  1539. #  Examples:
  1540. #
  1541. #      keep-alive-timeout 300
  1542. #
  1543. keep-alive-timeout 5
  1544. #
  1545. #
  1546. #  6.5. default-server-timeout
  1547. #  ============================
  1548. #
  1549. #  Specifies:
  1550. #
  1551. #      Assumed server-side keep-alive timeout if not specified by
  1552. #      the server.
  1553. #
  1554. #  Type of value:
  1555. #
  1556. #      Time in seconds.
  1557. #
  1558. #  Default value:
  1559. #
  1560. #      None
  1561. #
  1562. #  Effect if unset:
  1563. #
  1564. #      Connections for which the server didn't specify the keep-alive
  1565. #      timeout are not reused.
  1566. #
  1567. #  Notes:
  1568. #
  1569. #      Enabling this option significantly increases the number of
  1570. #      connections that are reused, provided the keep-alive-timeout
  1571. #      option is also enabled.
  1572. #
  1573. #      While it also increases the number of connections problems when
  1574. #      Privoxy tries to reuse a connection that already has been closed
  1575. #      on the server side, or is closed while Privoxy is trying to
  1576. #      reuse it, this should only be a problem if it happens for the
  1577. #      first request sent by the client. If it happens for requests
  1578. #      on reused client connections, Privoxy will simply close the
  1579. #      connection and the client is supposed to retry the request
  1580. #      without bothering the user.
  1581. #
  1582. #      Enabling this option is therefore only recommended if the
  1583. #      connection-sharing option is disabled.
  1584. #
  1585. #      It is an error to specify a value larger than the
  1586. #      keep-alive-timeout value.
  1587. #
  1588. #      This option has no effect if Privoxy has been compiled without
  1589. #      keep-alive support.
  1590. #
  1591. #  Examples:
  1592. #
  1593. #      default-server-timeout 60
  1594. #
  1595. #default-server-timeout 60
  1596. #
  1597. #
  1598. #  6.6. connection-sharing
  1599. #  ========================
  1600. #
  1601. #  Specifies:
  1602. #
  1603. #      Whether or not outgoing connections that have been kept alive
  1604. #      should be shared between different incoming connections.
  1605. #
  1606. #  Type of value:
  1607. #
  1608. #      0 or 1
  1609. #
  1610. #  Default value:
  1611. #
  1612. #      None
  1613. #
  1614. #  Effect if unset:
  1615. #
  1616. #      Connections are not shared.
  1617. #
  1618. #  Notes:
  1619. #
  1620. #      This option has no effect if Privoxy has been compiled without
  1621. #      keep-alive support, or if it's disabled.
  1622. #
  1623. #  Notes:
  1624. #
  1625. #      Note that reusing connections doesn't necessary cause
  1626. #      speedups. There are also a few privacy implications you should
  1627. #      be aware of.
  1628. #
  1629. #      If this option is effective, outgoing connections are shared
  1630. #      between clients (if there are more than one) and closing the
  1631. #      browser that initiated the outgoing connection does no longer
  1632. #      affect the connection between Privoxy and the server unless
  1633. #      the client's request hasn't been completed yet.
  1634. #
  1635. #      If the outgoing connection is idle, it will not be closed until
  1636. #      either Privoxy's or the server's timeout is reached. While
  1637. #      it's open, the server knows that the system running Privoxy is
  1638. #      still there.
  1639. #
  1640. #      If there are more than one client (maybe even belonging to
  1641. #      multiple users), they will be able to reuse each others
  1642. #      connections. This is potentially dangerous in case of
  1643. #      authentication schemes like NTLM where only the connection
  1644. #      is authenticated, instead of requiring authentication for
  1645. #      each request.
  1646. #
  1647. #      If there is only a single client, and if said client can keep
  1648. #      connections alive on its own, enabling this option has next to
  1649. #      no effect. If the client doesn't support connection keep-alive,
  1650. #      enabling this option may make sense as it allows Privoxy to keep
  1651. #      outgoing connections alive even if the client itself doesn't
  1652. #      support it.
  1653. #
  1654. #      You should also be aware that enabling this option increases
  1655. #      the likelihood of getting the "No server or forwarder data"
  1656. #      error message, especially if you are using a slow connection
  1657. #      to the Internet.
  1658. #
  1659. #      This option should only be used by experienced users who
  1660. #      understand the risks and can weight them against the benefits.
  1661. #
  1662. #  Examples:
  1663. #
  1664. #      connection-sharing 1
  1665. #
  1666. #connection-sharing 1
  1667. #
  1668. #
  1669. #  6.7. socket-timeout
  1670. #  ====================
  1671. #
  1672. #  Specifies:
  1673. #
  1674. #      Number of seconds after which a socket times out if no data
  1675. #      is received.
  1676. #
  1677. #  Type of value:
  1678. #
  1679. #      Time in seconds.
  1680. #
  1681. #  Default value:
  1682. #
  1683. #      None
  1684. #
  1685. #  Effect if unset:
  1686. #
  1687. #      A default value of 300 seconds is used.
  1688. #
  1689. #  Notes:
  1690. #
  1691. #      For SOCKS requests the timeout currently doesn't start until
  1692. #      the SOCKS server accepted the request. This will be fixed in
  1693. #      the next release.
  1694. #
  1695. #  Examples:
  1696. #
  1697. #      socket-timeout 300
  1698. #
  1699. socket-timeout 300
  1700. #
  1701. #
  1702. #  6.8. max-client-connections
  1703. #  ============================
  1704. #
  1705. #  Specifies:
  1706. #
  1707. #      Maximum number of client connections that will be served.
  1708. #
  1709. #  Type of value:
  1710. #
  1711. #      Positive number.
  1712. #
  1713. #  Default value:
  1714. #
  1715. #      None
  1716. #
  1717. #  Effect if unset:
  1718. #
  1719. #      Connections are served until a resource limit is reached.
  1720. #
  1721. #  Notes:
  1722. #
  1723. #      Privoxy creates one thread (or process) for every incoming
  1724. #      client connection that isn't rejected based on the access
  1725. #      control settings.
  1726. #
  1727. #      If the system is powerful enough, Privoxy can theoretically deal
  1728. #      with several hundred (or thousand) connections at the same time,
  1729. #      but some operating systems enforce resource limits by shutting
  1730. #      down offending processes and their default limits may be below
  1731. #      the ones Privoxy would require under heavy load.
  1732. #
  1733. #      Configuring Privoxy to enforce a connection limit below the
  1734. #      thread or process limit used by the operating system makes
  1735. #      sure this doesn't happen.  Simply increasing the operating
  1736. #      system's limit would work too, but if Privoxy isn't the only
  1737. #      application running on the system, you may actually want to
  1738. #      limit the resources used by Privoxy.
  1739. #
  1740. #      If Privoxy is only used by a single trusted user, limiting the
  1741. #      number of client connections is probably unnecessary. If there
  1742. #      are multiple possibly untrusted users you probably still want
  1743. #      to additionally use a packet filter to limit the maximal number
  1744. #      of incoming connections per client. Otherwise a malicious user
  1745. #      could intentionally create a high number of connections to
  1746. #      prevent other users from using Privoxy.
  1747. #
  1748. #      Obviously using this option only makes sense if you choose a
  1749. #      limit below the one enforced by the operating system.
  1750. #
  1751. #  Examples:
  1752. #
  1753. #      max-client-connections 256
  1754. #
  1755. #max-client-connections 256
  1756.  
  1757. #
  1758. #  6.9. handle-as-empty-doc-returns-ok
  1759. #  ====================================
  1760. #
  1761. #  Specifies:
  1762. #
  1763. #      The status code Privoxy returns for pages blocked with
  1764. #      +handle-as-empty-document.
  1765. #
  1766. #  Type of value:
  1767. #
  1768. #      0 or 1
  1769. #
  1770. #  Default value:
  1771. #
  1772. #      0
  1773. #
  1774. #  Effect if unset:
  1775. #
  1776. #      Privoxy returns a status 403(forbidden) for all blocked pages.
  1777. #
  1778. #  Effect if set:
  1779. #
  1780. #      Privoxy returns a status 200(OK) for pages blocked with
  1781. #      +handle-as-empty-document and a status 403(Forbidden) for all
  1782. #      other blocked pages.
  1783. #
  1784. #  Notes:
  1785. #
  1786. #      This is a work-around for Firefox bug 492459: " Websites are no
  1787. #      longer rendered if SSL requests for JavaScripts are blocked by a
  1788. #      proxy. " (https:/ /bugzilla.mozilla.org/show_bug.cgi?id=492459)
  1789. #      As the bug has been fixed for quite some time this option
  1790. #      should no longer be needed and will be removed in a future
  1791. #      release. Please speak up if you have a reason why the option
  1792. #      should be kept around.
  1793. #
  1794. #handle-as-empty-doc-returns-ok 1
  1795. #
  1796. #
  1797. #  1.6.10. enable-compression
  1798. #
  1799. #  Specifies:
  1800. #
  1801. #      Whether or not buffered content is compressed before delivery.
  1802. #
  1803. #  Type of value:
  1804. #
  1805. #      0 or 1
  1806. #
  1807. #  Default value:
  1808. #
  1809. #      0
  1810. #
  1811. #  Effect if unset:
  1812. #
  1813. #      Privoxy does not compress buffered content.
  1814. #
  1815. #  Effect if set:
  1816. #
  1817. #      Privoxy compresses buffered content before delivering it to
  1818. #      the client, provided the client supports it.
  1819. #
  1820. #  Notes:
  1821. #
  1822. #      This directive is only supported if Privoxy has been compiled
  1823. #      with FEATURE_COMPRESSION, which should not to be confused
  1824. #      with FEATURE_ZLIB.
  1825. #
  1826. #      Compressing buffered content is mainly useful if Privoxy and the
  1827. #      client are running on different systems. If they are running on
  1828. #      the same system, enabling compression is likely to slow things
  1829. #      down. If you didn't measure otherwise, you should assume that
  1830. #      it does and keep this option disabled.
  1831. #
  1832. #      Privoxy will not compress buffered content below a certain
  1833. #      length.
  1834. #
  1835. #enable-compression 1
  1836. #
  1837. #
  1838. #  1.6.11. compression-level
  1839. #
  1840. #  Specifies:
  1841. #
  1842. #      The compression level that is passed to the zlib library when
  1843. #      compressing buffered content.
  1844. #
  1845. #  Type of value:
  1846. #
  1847. #      Positive number ranging from 0 to 9.
  1848. #
  1849. #  Default value:
  1850. #
  1851. #      1
  1852. #
  1853. #  Notes:
  1854. #
  1855. #      Compressing the data more takes usually longer than compressing
  1856. #      it less or not compressing it at all. Which level is best
  1857. #      depends on the connection between Privoxy and the client. If
  1858. #      you can't be bothered to benchmark it for yourself, you should
  1859. #      stick with the default and keep compression disabled.
  1860. #
  1861. #      If compression is disabled, the compression level is irrelevant.
  1862. #
  1863. #  Examples:
  1864. #
  1865. #          # Best speed (compared to the other levels)
  1866. #          compression-level 1
  1867. #
  1868. #          # Best compression
  1869. #          compression-level 9
  1870. #
  1871. #          # No compression. Only useful for testing as the added header
  1872. #          # slightly increases the amount of data that has to be sent.
  1873. #          # If your benchmark shows that using this compression level
  1874. #          # is superior to using no compression at all, the benchmark
  1875. #          # is likely to be flawed.
  1876. #          compression-level 0
  1877. #
  1878. #
  1879. #compression-level 1
  1880. #
  1881. #
  1882. #  7. WINDOWS GUI OPTIONS
  1883. #  =======================
  1884. #
  1885. #  Privoxy has a number of options specific to the Windows GUI
  1886. #  interface:
  1887. #
  1888. #
  1889. #  If "activity-animation" is set to 1, the Privoxy icon will animate
  1890. #  when "Privoxy" is active. To turn off, set to 0.
  1891. #
  1892. #activity-animation   1
  1893. #
  1894. #  If "log-messages" is set to 1, Privoxy will log messages to the
  1895. #  console window:
  1896. #
  1897. #log-messages   1
  1898. #
  1899. #  If "log-buffer-size" is set to 1, the size of the log buffer,
  1900. #  i.e. the amount of memory used for the log messages displayed in
  1901. #  the console window, will be limited to "log-max-lines" (see below).
  1902. #
  1903. #  Warning: Setting this to 0 will result in the buffer to grow
  1904. #  infinitely and eat up all your memory!
  1905. #
  1906. #log-buffer-size 1
  1907. #
  1908. #  log-max-lines is the maximum number of lines held in the log
  1909. #  buffer. See above.
  1910. #
  1911. #log-max-lines 200
  1912. #
  1913. #  If "log-highlight-messages" is set to 1, Privoxy will highlight
  1914. #  portions of the log messages with a bold-faced font:
  1915. #
  1916. #log-highlight-messages 1
  1917. #
  1918. #  The font used in the console window:
  1919. #
  1920. #log-font-name Comic Sans MS
  1921. #
  1922. #  Font size used in the console window:
  1923. #
  1924. #log-font-size 8
  1925. #
  1926. #  "show-on-task-bar" controls whether or not Privoxy will appear as
  1927. #  a button on the Task bar when minimized:
  1928. #
  1929. #show-on-task-bar 0
  1930. #
  1931. #  If "close-button-minimizes" is set to 1, the Windows close button
  1932. #  will minimize Privoxy instead of closing the program (close with
  1933. #  the exit option on the File menu).
  1934. #
  1935. #close-button-minimizes 1
  1936. #
  1937. #  The "hide-console" option is specific to the MS-Win console version
  1938. #  of Privoxy.  If this option is used, Privoxy will disconnect from
  1939. #  and hide the command console.
  1940. #
  1941. #hide-console
  1942. #
  1943. #
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top