daily pastebin goal
65%
SHARE
TWEET

Untitled

a guest Nov 12th, 2018 105 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #        Sample Configuration File for Privoxy
  2. #
  3. #  Id: config,v
  4. #
  5. #  Copyright (C) 2001-2013 Privoxy Developers http://www.privoxy.org/
  6. #
  7. ####################################################################
  8. #                                                                  #
  9. #                      Table of Contents                           #
  10. #                                                                  #
  11. #        I. INTRODUCTION                                           #
  12. #       II. FORMAT OF THE CONFIGURATION FILE                       #
  13. #                                                                  #
  14. #        1. LOCAL SET-UP DOCUMENTATION                             #
  15. #        2. CONFIGURATION AND LOG FILE LOCATIONS                   #
  16. #        3. DEBUGGING                                              #
  17. #        4. ACCESS CONTROL AND SECURITY                            #
  18. #        5. FORWARDING                                             #
  19. #        6. MISCELLANEOUS                                          #
  20. #        7. WINDOWS GUI OPTIONS                                    #
  21. #                                                                  #
  22. ####################################################################
  23. #
  24. #
  25. #  I. INTRODUCTION
  26. #   ===============
  27. #
  28. #  This file holds Privoxy's main configuration. Privoxy detects
  29. #  configuration changes automatically, so you don't have to restart
  30. #  it unless you want to load a different configuration file.
  31. #
  32. #  The configuration will be reloaded with the first request after
  33. #  the change was done, this request itself will still use the old
  34. #  configuration, though. In other words: it takes two requests
  35. #  before you see the result of your changes. Requests that are
  36. #  dropped due to ACL don't trigger reloads.
  37. #
  38. #  When starting Privoxy on Unix systems, give the location of this
  39. #  file as last argument. On Windows systems, Privoxy will look for
  40. #  this file with the name 'config.txt' in the current working
  41. #  directory of the Privoxy process.
  42. #
  43. #
  44. #  II. FORMAT OF THE CONFIGURATION FILE
  45. #  ====================================
  46. #
  47. #  Configuration lines consist of an initial keyword followed by a
  48. #  list of values, all separated by whitespace (any number of spaces
  49. #  or tabs). For example,
  50. #
  51. #  actionsfile default.action
  52. #
  53. #  Indicates that the actionsfile is named 'default.action'.
  54. #
  55. #  The '#' indicates a comment. Any part of a line following a '#' is
  56. #  ignored, except if the '#' is preceded by a '\'.
  57. #
  58. #  Thus, by placing a # at the start of an existing configuration
  59. #  line, you can make it a comment and it will be treated as if it
  60. #  weren't there. This is called "commenting out" an option and can
  61. #  be useful. Removing the # again is called "uncommenting".
  62. #
  63. #  Note that commenting out an option and leaving it at its default
  64. #  are two completely different things! Most options behave very
  65. #  differently when unset. See the "Effect if unset" explanation in
  66. #  each option's description for details.
  67. #
  68. #  Long lines can be continued on the next line by using a `\' as the
  69. #  last character.
  70. #
  71. #
  72. #  1. LOCAL SET-UP DOCUMENTATION
  73. #  ==============================
  74. #
  75. #  If you intend to operate Privoxy for more users than just
  76. #  yourself, it might be a good idea to let them know how to reach
  77. #  you, what you block and why you do that, your policies, etc.
  78. #
  79. #
  80. #  1.1. user-manual
  81. #  =================
  82. #
  83. #  Specifies:
  84. #
  85. #      Location of the Privoxy User Manual.
  86. #
  87. #  Type of value:
  88. #
  89. #      A fully qualified URI
  90. #
  91. #  Default value:
  92. #
  93. #      Unset
  94. #
  95. #  Effect if unset:
  96. #
  97. #      http://www.privoxy.org/version/user-manual/ will be used,
  98. #      where version is the Privoxy version.
  99. #
  100. #  Notes:
  101. #
  102. #      The User Manual URI is the single best source of information
  103. #      on Privoxy, and is used for help links from some of the
  104. #      internal CGI pages. The manual itself is normally packaged
  105. #      with the binary distributions, so you probably want to set
  106. #      this to a locally installed copy.
  107. #
  108. #      Examples:
  109. #
  110. #      The best all purpose solution is simply to put the full local
  111. #      PATH to where the User Manual is located:
  112. #
  113. #        user-manual  /usr/share/doc/privoxy/user-manual
  114. #
  115. #      The User Manual is then available to anyone with access to
  116. #      Privoxy, by following the built-in URL: http://
  117. #      config.privoxy.org/user-manual/ (or the shortcut: http://p.p/
  118. #      user-manual/).
  119. #
  120. #      If the documentation is not on the local system, it can be
  121. #      accessed from a remote server, as:
  122. #
  123. #        user-manual  http://example.com/privoxy/user-manual/
  124. #
  125. #      WARNING!!!
  126. #
  127. #          If set, this option should be the first option in the
  128. #          config file, because it is used while the config file is
  129. #          being read.
  130. #
  131. user-manual /usr/share/doc/privoxy/user-manual
  132. #
  133. #  1.2. trust-info-url
  134. #  ====================
  135. #
  136. #  Specifies:
  137. #
  138. #      A URL to be displayed in the error page that users will see if
  139. #      access to an untrusted page is denied.
  140. #
  141. #  Type of value:
  142. #
  143. #      URL
  144. #
  145. #  Default value:
  146. #
  147. #      Unset
  148. #
  149. #  Effect if unset:
  150. #
  151. #      No links are displayed on the "untrusted" error page.
  152. #
  153. #  Notes:
  154. #
  155. #      The value of this option only matters if the experimental
  156. #      trust mechanism has been activated. (See trustfile below.)
  157. #
  158. #      If you use the trust mechanism, it is a good idea to write up
  159. #      some on-line documentation about your trust policy and to
  160. #      specify the URL(s) here. Use multiple times for multiple URLs.
  161. #
  162. #      The URL(s) should be added to the trustfile as well, so users
  163. #      don't end up locked out from the information on why they were
  164. #      locked out in the first place!
  165. #
  166. #trust-info-url  http://www.example.com/why_we_block.html
  167. #trust-info-url  http://www.example.com/what_we_allow.html
  168. #
  169. #  1.3. admin-address
  170. #  ===================
  171. #
  172. #  Specifies:
  173. #
  174. #      An email address to reach the Privoxy administrator.
  175. #
  176. #  Type of value:
  177. #
  178. #      Email address
  179. #
  180. #  Default value:
  181. #
  182. #      Unset
  183. #
  184. #  Effect if unset:
  185. #
  186. #      No email address is displayed on error pages and the CGI user
  187. #      interface.
  188. #
  189. #  Notes:
  190. #
  191. #      If both admin-address and proxy-info-url are unset, the whole
  192. #      "Local Privoxy Support" box on all generated pages will not be
  193. #      shown.
  194. #
  195. #admin-address privoxy-admin@example.com
  196. #
  197. #  1.4. proxy-info-url
  198. #  ====================
  199. #
  200. #  Specifies:
  201. #
  202. #      A URL to documentation about the local Privoxy setup,
  203. #      configuration or policies.
  204. #
  205. #  Type of value:
  206. #
  207. #      URL
  208. #
  209. #  Default value:
  210. #
  211. #      Unset
  212. #
  213. #  Effect if unset:
  214. #
  215. #      No link to local documentation is displayed on error pages and
  216. #      the CGI user interface.
  217. #
  218. #  Notes:
  219. #
  220. #      If both admin-address and proxy-info-url are unset, the whole
  221. #      "Local Privoxy Support" box on all generated pages will not be
  222. #      shown.
  223. #
  224. #      This URL shouldn't be blocked ;-)
  225. #
  226. #proxy-info-url http://www.example.com/proxy-service.html
  227. #
  228. #  2. CONFIGURATION AND LOG FILE LOCATIONS
  229. #  ========================================
  230. #
  231. #  Privoxy can (and normally does) use a number of other files for
  232. #  additional configuration, help and logging. This section of the
  233. #  configuration file tells Privoxy where to find those other files.
  234. #
  235. #  The user running Privoxy, must have read permission for all
  236. #  configuration files, and write permission to any files that would
  237. #  be modified, such as log files and actions files.
  238. #
  239. #
  240. #  2.1. confdir
  241. #  =============
  242. #
  243. #  Specifies:
  244. #
  245. #      The directory where the other configuration files are located.
  246. #
  247. #  Type of value:
  248. #
  249. #      Path name
  250. #
  251. #  Default value:
  252. #
  253. #      /etc/privoxy (Unix) or Privoxy installation dir (Windows)
  254. #
  255. #  Effect if unset:
  256. #
  257. #      Mandatory
  258. #
  259. #  Notes:
  260. #
  261. #      No trailing "/", please.
  262. #
  263. confdir /etc/privoxy
  264. #
  265. #  2.2. templdir
  266. #  ==============
  267. #
  268. #  Specifies:
  269. #
  270. #      An alternative directory where the templates are loaded from.
  271. #
  272. #  Type of value:
  273. #
  274. #      Path name
  275. #
  276. #  Default value:
  277. #
  278. #      unset
  279. #
  280. #  Effect if unset:
  281. #
  282. #      The templates are assumed to be located in confdir/template.
  283. #
  284. #  Notes:
  285. #
  286. #      Privoxy's original templates are usually overwritten with each
  287. #      update. Use this option to relocate customized templates that
  288. #      should be kept. As template variables might change between
  289. #      updates, you shouldn't expect templates to work with Privoxy
  290. #      releases other than the one they were part of, though.
  291. #
  292. #templdir .
  293. #
  294. #  2.3. logdir
  295. #  ============
  296. #
  297. #  Specifies:
  298. #
  299. #      The directory where all logging takes place (i.e. where the
  300. #      logfile is located).
  301. #
  302. #  Type of value:
  303. #
  304. #      Path name
  305. #
  306. #  Default value:
  307. #
  308. #      /var/log/privoxy (Unix) or Privoxy installation dir (Windows)
  309. #
  310. #  Effect if unset:
  311. #
  312. #      Mandatory
  313. #
  314. #  Notes:
  315. #
  316. #      No trailing "/", please.
  317. #
  318. logdir /var/log/privoxy
  319. #
  320. #  2.4. actionsfile
  321. #  =================
  322. #
  323. #  Specifies:
  324. #
  325. #      The actions file(s) to use
  326. #
  327. #  Type of value:
  328. #
  329. #      Complete file name, relative to confdir
  330. #
  331. #  Default values:
  332. #
  333. #        match-all.action # Actions that are applied to all sites and maybe overruled later on.
  334. #
  335. #        default.action   # Main actions file
  336. #
  337. #        user.action      # User customizations
  338. #
  339. #  Effect if unset:
  340. #
  341. #      No actions are taken at all. More or less neutral proxying.
  342. #
  343. #  Notes:
  344. #
  345. #      Multiple actionsfile lines are permitted, and are in fact
  346. #      recommended!
  347. #
  348. #      The default values are default.action, which is the "main"
  349. #      actions file maintained by the developers, and user.action,
  350. #      where you can make your personal additions.
  351. #
  352. #      Actions files contain all the per site and per URL
  353. #      configuration for ad blocking, cookie management, privacy
  354. #      considerations, etc. There is no point in using Privoxy
  355. #      without at least one actions file.
  356. #
  357. #      Note that since Privoxy 3.0.7, the complete filename,
  358. #      including the ".action" extension has to be specified. The
  359. #      syntax change was necessary to be consistent with the other
  360. #      file options and to allow previously forbidden characters.
  361. #
  362. actionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on.
  363. actionsfile default.action   # Main actions file
  364. actionsfile user.action      # User customizations
  365. #
  366. #  2.5. filterfile
  367. #  ================
  368. #
  369. #  Specifies:
  370. #
  371. #      The filter file(s) to use
  372. #
  373. #  Type of value:
  374. #
  375. #      File name, relative to confdir
  376. #
  377. #  Default value:
  378. #
  379. #      default.filter (Unix) or default.filter.txt (Windows)
  380. #
  381. #  Effect if unset:
  382. #
  383. #      No textual content filtering takes place, i.e. all +filter{name}
  384. #      actions in the actions files are turned neutral.
  385. #
  386. #  Notes:
  387. #
  388. #      Multiple filterfile lines are permitted.
  389. #
  390. #      The filter files contain content modification rules that use
  391. #      regular expressions. These rules permit powerful changes on
  392. #      the content of Web pages, and optionally the headers as well,
  393. #      e.g., you could try to disable your favorite JavaScript
  394. #      annoyances, re-write the actual displayed text, or just have
  395. #      some fun playing buzzword bingo with web pages.
  396. #
  397. #      The +filter{name} actions rely on the relevant filter (name)
  398. #      to be defined in a filter file!
  399. #
  400. #      A pre-defined filter file called default.filter that contains
  401. #      a number of useful filters for common problems is included in
  402. #      the distribution. See the section on the filter action for a
  403. #      list.
  404. #
  405. #      It is recommended to place any locally adapted filters into a
  406. #      separate file, such as user.filter.
  407. #
  408. filterfile default.filter
  409. filterfile user.filter      # User customizations
  410. #
  411. #  2.6. logfile
  412. #  =============
  413. #
  414. #  Specifies:
  415. #
  416. #      The log file to use
  417. #
  418. #  Type of value:
  419. #
  420. #      File name, relative to logdir
  421. #
  422. #  Default value:
  423. #
  424. #      Unset (commented out). When activated: logfile (Unix) or
  425. #      privoxy.log (Windows).
  426. #
  427. #  Effect if unset:
  428. #
  429. #      No logfile is written.
  430. #
  431. #  Notes:
  432. #
  433. #      The logfile is where all logging and error messages are
  434. #      written. The level of detail and number of messages are set
  435. #      with the debug option (see below). The logfile can be useful
  436. #      for tracking down a problem with Privoxy (e.g., it's not
  437. #      blocking an ad you think it should block) and it can help you
  438. #      to monitor what your browser is doing.
  439. #
  440. #      Depending on the debug options below, the logfile may be a
  441. #      privacy risk if third parties can get access to it. As most
  442. #      users will never look at it, Privoxy 3.0.7 and later only log
  443. #      fatal errors by default.
  444. #
  445. #      For most troubleshooting purposes, you will have to change
  446. #      that, please refer to the debugging section for details.
  447. #
  448. #      Your logfile will grow indefinitely, and you will probably
  449. #      want to periodically remove it. On Unix systems, you can do
  450. #      this with a cron job (see "man cron").
  451. #
  452. #      Any log files must be writable by whatever user Privoxy is
  453. #      being run as (on Unix, default user id is "privoxy").
  454. #
  455. logfile logfile
  456. #
  457. #  2.7. trustfile
  458. #  ===============
  459. #
  460. #  Specifies:
  461. #
  462. #      The name of the trust file to use
  463. #
  464. #  Type of value:
  465. #
  466. #      File name, relative to confdir
  467. #
  468. #  Default value:
  469. #
  470. #      Unset (commented out). When activated: trust (Unix) or
  471. #      trust.txt (Windows)
  472. #
  473. #  Effect if unset:
  474. #
  475. #      The entire trust mechanism is disabled.
  476. #
  477. #  Notes:
  478. #
  479. #      The trust mechanism is an experimental feature for building
  480. #      white-lists and should be used with care. It is NOT
  481. #      recommended for the casual user.
  482. #
  483. #      If you specify a trust file, Privoxy will only allow access to
  484. #      sites that are specified in the trustfile. Sites can be listed
  485. #      in one of two ways:
  486. #
  487. #      Prepending a ~ character limits access to this site only (and
  488. #      any sub-paths within this site), e.g. ~www.example.com allows
  489. #      access to ~www.example.com/features/news.html, etc.
  490. #
  491. #      Or, you can designate sites as trusted referrers, by
  492. #      prepending the name with a + character. The effect is that
  493. #      access to untrusted sites will be granted -- but only if a
  494. #      link from this trusted referrer was used to get there. The
  495. #      link target will then be added to the "trustfile" so that
  496. #      future, direct accesses will be granted. Sites added via this
  497. #      mechanism do not become trusted referrers themselves (i.e.
  498. #      they are added with a ~ designation). There is a limit of 512
  499. #      such entries, after which new entries will not be made.
  500. #
  501. #      If you use the + operator in the trust file, it may grow
  502. #      considerably over time.
  503. #
  504. #      It is recommended that Privoxy be compiled with the
  505. #      --disable-force, --disable-toggle and --disable-editor
  506. #      options, if this feature is to be used.
  507. #
  508. #      Possible applications include limiting Internet access for
  509. #      children.
  510. #
  511. #trustfile trust
  512. #
  513. #  3. DEBUGGING
  514. #  =============
  515. #
  516. #  These options are mainly useful when tracing a problem. Note that
  517. #  you might also want to invoke Privoxy with the --no-daemon command
  518. #  line option when debugging.
  519. #
  520. #
  521. #  3.1. debug
  522. #  ===========
  523. #
  524. #  Specifies:
  525. #
  526. #      Key values that determine what information gets logged.
  527. #
  528. #  Type of value:
  529. #
  530. #      Integer values
  531. #
  532. #  Default value:
  533. #
  534. #      0 (i.e.: only fatal errors (that cause Privoxy to exit) are
  535. #      logged)
  536. #
  537. #  Effect if unset:
  538. #
  539. #      Default value is used (see above).
  540. #
  541. #  Notes:
  542. #
  543. #      The available debug levels are:
  544. #
  545. #        debug     1 # Log the destination for each request Privoxy let through. See also debug 1024.
  546. #        debug     2 # show each connection status
  547. #        debug     4 # show I/O status
  548. #        debug     8 # show header parsing
  549. #        debug    16 # log all data written to the network
  550. #        debug    32 # debug force feature
  551. #        debug    64 # debug regular expression filters
  552. #        debug   128 # debug redirects
  553. #        debug   256 # debug GIF de-animation
  554. #        debug   512 # Common Log Format
  555. #        debug  1024 # Log the destination for requests Privoxy didn't let through, and the reason why.
  556. #        debug  2048 # CGI user interface
  557. #        debug  4096 # Startup banner and warnings.
  558. #        debug  8192 # Non-fatal errors
  559. #        debug 32768 # log all data read from the network
  560. #        debug 65536 # Log the applying actions
  561. #
  562. #      To select multiple debug levels, you can either add them or
  563. #      use multiple debug lines.
  564. #
  565. #      A debug level of 1 is informative because it will show you
  566. #      each request as it happens. 1, 1024, 4096 and 8192 are
  567. #      recommended so that you will notice when things go wrong. The
  568. #      other levels are probably only of interest if you are hunting
  569. #      down a specific problem. They can produce a hell of an output
  570. #      (especially 16).
  571. #
  572. #      Privoxy used to ship with the debug levels recommended above
  573. #      enabled by default, but due to privacy concerns 3.0.7 and
  574. #      later are configured to only log fatal errors.
  575. #
  576. #      If you are used to the more verbose settings, simply enable
  577. #      the debug lines below again.
  578. #
  579. #      If you want to use pure CLF (Common Log Format), you should
  580. #      set "debug 512" ONLY and not enable anything else.
  581. #
  582. #      Privoxy has a hard-coded limit for the length of log messages.
  583. #      If it's reached, messages are logged truncated and marked with
  584. #      "... [too long, truncated]".
  585. #
  586. #      Please don't file any support requests without trying to
  587. #      reproduce the problem with increased debug level first. Once
  588. #      you read the log messages, you may even be able to solve the
  589. #      problem on your own.
  590. #
  591. #debug     1 # Log the destination for each request Privoxy let through. See also debug 1024.
  592. #debug  1024 # Actions that are applied to all sites and maybe overruled later on.
  593. #debug  4096 # Startup banner and warnings
  594. #debug  8192 # Non-fatal errors
  595. #
  596. #  3.2. single-threaded
  597. #  =====================
  598. #
  599. #  Specifies:
  600. #
  601. #      Whether to run only one server thread.
  602. #
  603. #  Type of value:
  604. #
  605. #      None
  606. #
  607. #  Default value:
  608. #
  609. #      Unset
  610. #
  611. #  Effect if unset:
  612. #
  613. #      Multi-threaded (or, where unavailable: forked) operation, i.e.
  614. #      the ability to serve multiple requests simultaneously.
  615. #
  616. #  Notes:
  617. #
  618. #      This option is only there for debugging purposes. It will
  619. #      drastically reduce performance.
  620. #
  621. #single-threaded
  622. #
  623. #  3.3. hostname
  624. #  ==============
  625. #
  626. #  Specifies:
  627. #
  628. #      The hostname shown on the CGI pages.
  629. #
  630. #  Type of value:
  631. #
  632. #      Text
  633. #
  634. #  Default value:
  635. #
  636. #      Unset
  637. #
  638. #  Effect if unset:
  639. #
  640. #      The hostname provided by the operating system is used.
  641. #
  642. #  Notes:
  643. #
  644. #      On some misconfigured systems resolving the hostname fails or
  645. #      takes too much time and slows Privoxy down. Setting a fixed
  646. #      hostname works around the problem.
  647. #
  648. #      In other circumstances it might be desirable to show a
  649. #      hostname other than the one returned by the operating system.
  650. #      For example if the system has several different hostnames and
  651. #      you don't want to use the first one.
  652. #
  653. #      Note that Privoxy does not validate the specified hostname
  654. #      value.
  655. #
  656. #hostname hostname.example.org
  657. #
  658. #  4. ACCESS CONTROL AND SECURITY
  659. #  ===============================
  660. #
  661. #  This section of the config file controls the security-relevant
  662. #  aspects of Privoxy's configuration.
  663. #
  664. #
  665. #  4.1. listen-address
  666. #  ====================
  667. #
  668. #  Specifies:
  669. #
  670. #      The address and TCP port on which Privoxy will listen for
  671. #      client requests.
  672. #
  673. #  Type of value:
  674. #
  675. #      [IP-Address]:Port
  676. #
  677. #      [Hostname]:Port
  678. #
  679. #  Default value:
  680. #
  681. #      127.0.0.1:8118
  682. #
  683. #  Effect if unset:
  684. #
  685. #      Bind to 127.0.0.1 (IPv4 localhost), port 8118. This is
  686. #      suitable and recommended for home users who run Privoxy on the
  687. #      same machine as their browser.
  688. #
  689. #  Notes:
  690. #
  691. #      You will need to configure your browser(s) to this proxy
  692. #      address and port.
  693. #
  694. #      If you already have another service running on port 8118, or
  695. #      if you want to serve requests from other machines (e.g. on
  696. #      your local network) as well, you will need to override the
  697. #      default.
  698. #
  699. #      You can use this statement multiple times to make Privoxy
  700. #      listen on more ports or more IP addresses. Suitable if your
  701. #      operating system does not support sharing IPv6 and IPv4
  702. #      protocols on the same socket.
  703. #
  704. #      If a hostname is used instead of an IP address, Privoxy will
  705. #      try to resolve it to an IP address and if there are multiple,
  706. #      use the first one returned.
  707. #
  708. #      If the address for the hostname isn't already known on the
  709. #      system (for example because it's in /etc/hostname), this may
  710. #      result in DNS traffic.
  711. #
  712. #      If the specified address isn't available on the system, or if
  713. #      the hostname can't be resolved, Privoxy will fail to start.
  714. #
  715. #      IPv6 addresses containing colons have to be quoted by
  716. #      brackets. They can only be used if Privoxy has been compiled
  717. #      with IPv6 support. If you aren't sure if your version supports
  718. #      it, have a look at http://config.privoxy.org/show-status.
  719. #
  720. #      Some operating systems will prefer IPv6 to IPv4 addresses even
  721. #      if the system has no IPv6 connectivity which is usually not
  722. #      expected by the user. Some even rely on DNS to resolve
  723. #      localhost which mean the "localhost" address used may not
  724. #      actually be local.
  725. #
  726. #      It is therefore recommended to explicitly configure the
  727. #      intended IP address instead of relying on the operating
  728. #      system, unless there's a strong reason not to.
  729. #
  730. #      If you leave out the address, Privoxy will bind to all IPv4
  731. #      interfaces (addresses) on your machine and may become
  732. #      reachable from the Internet and/or the local network. Be aware
  733. #      that some GNU/Linux distributions modify that behaviour
  734. #      without updating the documentation. Check for non-standard
  735. #      patches if your Privoxy version behaves differently.
  736. #
  737. #      If you configure Privoxy to be reachable from the network,
  738. #      consider using access control lists (ACL's, see below), and/or
  739. #      a firewall.
  740. #
  741. #      If you open Privoxy to untrusted users, you will also want to
  742. #      make sure that the following actions are disabled:
  743. #      enable-edit-actions and enable-remote-toggle
  744. #
  745. #  Example:
  746. #
  747. #      Suppose you are running Privoxy on a machine which has the
  748. #      address 192.168.0.1 on your local private network
  749. #      (192.168.0.0) and has another outside connection with a
  750. #      different address. You want it to serve requests from inside
  751. #      only:
  752. #
  753. #        listen-address  192.168.0.1:8118
  754. #
  755. #      Suppose you are running Privoxy on an IPv6-capable machine and
  756. #      you want it to listen on the IPv6 address of the loopback
  757. #      device:
  758. #
  759. #        listen-address [::1]:8118
  760. #
  761. listen-address  localhost:8118
  762. #
  763. #  4.2. toggle
  764. #  ============
  765. #
  766. #  Specifies:
  767. #
  768. #      Initial state of "toggle" status
  769. #
  770. #  Type of value:
  771. #
  772. #      1 or 0
  773. #
  774. #  Default value:
  775. #
  776. #      1
  777. #
  778. #  Effect if unset:
  779. #
  780. #      Act as if toggled on
  781. #
  782. #  Notes:
  783. #
  784. #      If set to 0, Privoxy will start in "toggled off" mode, i.e.
  785. #      mostly behave like a normal, content-neutral proxy with both
  786. #      ad blocking and content filtering disabled. See
  787. #      enable-remote-toggle below.
  788. #
  789. toggle  1
  790. #
  791. #  4.3. enable-remote-toggle
  792. #  ==========================
  793. #
  794. #  Specifies:
  795. #
  796. #      Whether or not the web-based toggle feature may be used
  797. #
  798. #  Type of value:
  799. #
  800. #      0 or 1
  801. #
  802. #  Default value:
  803. #
  804. #      0
  805. #
  806. #  Effect if unset:
  807. #
  808. #      The web-based toggle feature is disabled.
  809. #
  810. #  Notes:
  811. #
  812. #      When toggled off, Privoxy mostly acts like a normal,
  813. #      content-neutral proxy, i.e. doesn't block ads or filter
  814. #      content.
  815. #
  816. #      Access to the toggle feature can not be controlled separately
  817. #      by "ACLs" or HTTP authentication, so that everybody who can
  818. #      access Privoxy (see "ACLs" and listen-address above) can
  819. #      toggle it for all users. So this option is not recommended for
  820. #      multi-user environments with untrusted users.
  821. #
  822. #      Note that malicious client side code (e.g Java) is also
  823. #      capable of using this option.
  824. #
  825. #      As a lot of Privoxy users don't read documentation, this
  826. #      feature is disabled by default.
  827. #
  828. #      Note that you must have compiled Privoxy with support for this
  829. #      feature, otherwise this option has no effect.
  830. #
  831. enable-remote-toggle  0
  832. #
  833. #  4.4. enable-remote-http-toggle
  834. #  ===============================
  835. #
  836. #  Specifies:
  837. #
  838. #      Whether or not Privoxy recognizes special HTTP headers to
  839. #      change its behaviour.
  840. #
  841. #  Type of value:
  842. #
  843. #      0 or 1
  844. #
  845. #  Default value:
  846. #
  847. #      0
  848. #
  849. #  Effect if unset:
  850. #
  851. #      Privoxy ignores special HTTP headers.
  852. #
  853. #  Notes:
  854. #
  855. #      When toggled on, the client can change Privoxy's behaviour by
  856. #      setting special HTTP headers. Currently the only supported
  857. #      special header is "X-Filter: No", to disable filtering for the
  858. #      ongoing request, even if it is enabled in one of the action
  859. #      files.
  860. #
  861. #      This feature is disabled by default. If you are using Privoxy
  862. #      in a environment with trusted clients, you may enable this
  863. #      feature at your discretion. Note that malicious client side
  864. #      code (e.g Java) is also capable of using this feature.
  865. #
  866. #      This option will be removed in future releases as it has been
  867. #      obsoleted by the more general header taggers.
  868. #
  869. enable-remote-http-toggle  0
  870. #
  871. #  4.5. enable-edit-actions
  872. #  =========================
  873. #
  874. #  Specifies:
  875. #
  876. #      Whether or not the web-based actions file editor may be used
  877. #
  878. #  Type of value:
  879. #
  880. #      0 or 1
  881. #
  882. #  Default value:
  883. #
  884. #      0
  885. #
  886. #  Effect if unset:
  887. #
  888. #      The web-based actions file editor is disabled.
  889. #
  890. #  Notes:
  891. #
  892. #      Access to the editor can not be controlled separately by
  893. #      "ACLs" or HTTP authentication, so that everybody who can
  894. #      access Privoxy (see "ACLs" and listen-address above) can
  895. #      modify its configuration for all users.
  896. #
  897. #      This option is not recommended for environments with untrusted
  898. #      users and as a lot of Privoxy users don't read documentation,
  899. #      this feature is disabled by default.
  900. #
  901. #      Note that malicious client side code (e.g Java) is also
  902. #      capable of using the actions editor and you shouldn't enable
  903. #      this options unless you understand the consequences and are
  904. #      sure your browser is configured correctly.
  905. #
  906. #      Note that you must have compiled Privoxy with support for this
  907. #      feature, otherwise this option has no effect.
  908. #
  909. enable-edit-actions 0
  910. #
  911. #  4.6. enforce-blocks
  912. #  ====================
  913. #
  914. #  Specifies:
  915. #
  916. #      Whether the user is allowed to ignore blocks and can "go there
  917. #      anyway".
  918. #
  919. #  Type of value:
  920. #
  921. #      0 or 1
  922. #
  923. #  Default value:
  924. #
  925. #      0
  926. #
  927. #  Effect if unset:
  928. #
  929. #      Blocks are not enforced.
  930. #
  931. #  Notes:
  932. #
  933. #      Privoxy is mainly used to block and filter requests as a
  934. #      service to the user, for example to block ads and other junk
  935. #      that clogs the pipes. Privoxy's configuration isn't perfect
  936. #      and sometimes innocent pages are blocked. In this situation it
  937. #      makes sense to allow the user to enforce the request and have
  938. #      Privoxy ignore the block.
  939. #
  940. #      In the default configuration Privoxy's "Blocked" page contains
  941. #      a "go there anyway" link to adds a special string (the force
  942. #      prefix) to the request URL. If that link is used, Privoxy will
  943. #      detect the force prefix, remove it again and let the request
  944. #      pass.
  945. #
  946. #      Of course Privoxy can also be used to enforce a network
  947. #      policy. In that case the user obviously should not be able to
  948. #      bypass any blocks, and that's what the "enforce-blocks" option
  949. #      is for. If it's enabled, Privoxy hides the "go there anyway"
  950. #      link. If the user adds the force prefix by hand, it will not
  951. #      be accepted and the circumvention attempt is logged.
  952. #
  953. #  Examples:
  954. #
  955. #      enforce-blocks 1
  956. #
  957. enforce-blocks 0
  958. #
  959. #  4.7. ACLs: permit-access and deny-access
  960. #  =========================================
  961. #
  962. #  Specifies:
  963. #
  964. #      Who can access what.
  965. #
  966. #  Type of value:
  967. #
  968. #      src_addr[:port][/src_masklen] [dst_addr[:port][/dst_masklen]]
  969. #
  970. #      Where src_addr and dst_addr are IPv4 addresses in dotted
  971. #      decimal notation or valid DNS names, port is a port number,
  972. #      and src_masklen and dst_masklen are subnet masks in CIDR
  973. #      notation, i.e. integer values from 2 to 30 representing the
  974. #      length (in bits) of the network address. The masks and the
  975. #      whole destination part are optional.
  976. #
  977. #      If your system implements RFC 3493, then src_addr and dst_addr
  978. #      can be IPv6 addresses delimeted by brackets, port can be a
  979. #      number or a service name, and src_masklen and dst_masklen can
  980. #      be a number from 0 to 128.
  981. #
  982. #  Default value:
  983. #
  984. #      Unset
  985. #
  986. #      If no port is specified, any port will match. If no
  987. #      src_masklen or src_masklen is given, the complete IP address
  988. #      has to match (i.e. 32 bits for IPv4 and 128 bits for IPv6).
  989. #
  990. #  Effect if unset:
  991. #
  992. #      Don't restrict access further than implied by listen-address
  993. #
  994. #  Notes:
  995. #
  996. #      Access controls are included at the request of ISPs and
  997. #      systems administrators, and are not usually needed by
  998. #      individual users. For a typical home user, it will normally
  999. #      suffice to ensure that Privoxy only listens on the localhost
  1000. #      (127.0.0.1) or internal (home) network address by means of the
  1001. #      listen-address option.
  1002. #
  1003. #      Please see the warnings in the FAQ that Privoxy is not
  1004. #      intended to be a substitute for a firewall or to encourage
  1005. #      anyone to defer addressing basic security weaknesses.
  1006. #
  1007. #      Multiple ACL lines are OK. If any ACLs are specified, Privoxy
  1008. #      only talks to IP addresses that match at least one
  1009. #      permit-access line and don't match any subsequent deny-access
  1010. #      line. In other words, the last match wins, with the default
  1011. #      being deny-access.
  1012. #
  1013. #      If Privoxy is using a forwarder (see forward below) for a
  1014. #      particular destination URL, the dst_addr that is examined is
  1015. #      the address of the forwarder and NOT the address of the
  1016. #      ultimate target. This is necessary because it may be
  1017. #      impossible for the local Privoxy to determine the IP address
  1018. #      of the ultimate target (that's often what gateways are used
  1019. #      for).
  1020. #
  1021. #      You should prefer using IP addresses over DNS names, because
  1022. #      the address lookups take time. All DNS names must resolve! You
  1023. #      can not use domain patterns like "*.org" or partial domain
  1024. #      names. If a DNS name resolves to multiple IP addresses, only
  1025. #      the first one is used.
  1026. #
  1027. #      Some systems allow IPv4 clients to connect to IPv6 server
  1028. #      sockets. Then the client's IPv4 address will be translated by
  1029. #      the system into IPv6 address space with special prefix
  1030. #      ::ffff:0:0/96 (so called IPv4 mapped IPv6 address). Privoxy
  1031. #      can handle it and maps such ACL addresses automatically.
  1032. #
  1033. #      Denying access to particular sites by ACL may have undesired
  1034. #      side effects if the site in question is hosted on a machine
  1035. #      which also hosts other sites (most sites are).
  1036. #
  1037. #  Examples:
  1038. #
  1039. #      Explicitly define the default behavior if no ACL and
  1040. #      listen-address are set: "localhost" is OK. The absence of a
  1041. #      dst_addr implies that all destination addresses are OK:
  1042. #
  1043. #        permit-access  localhost
  1044. #
  1045. #      Allow any host on the same class C subnet as www.privoxy.org
  1046. #      access to nothing but www.example.com (or other domains hosted
  1047. #      on the same system):
  1048. #
  1049. #        permit-access  www.privoxy.org/24 www.example.com/32
  1050. #
  1051. #      Allow access from any host on the 26-bit subnet 192.168.45.64
  1052. #      to anywhere, with the exception that 192.168.45.73 may not
  1053. #      access the IP address behind www.dirty-stuff.example.com:
  1054. #
  1055. #        permit-access  192.168.45.64/26
  1056. #        deny-access    192.168.45.73    www.dirty-stuff.example.com
  1057. #
  1058. #      Allow access from the IPv4 network 192.0.2.0/24 even if
  1059. #      listening on an IPv6 wild card address (not supported on all
  1060. #      platforms):
  1061. #
  1062. #        permit-access  192.0.2.0/24
  1063. #
  1064. #      This is equivalent to the following line even if listening on
  1065. #      an IPv4 address (not supported on all platforms):
  1066. #
  1067. #        permit-access  [::ffff:192.0.2.0]/120
  1068. #
  1069. #
  1070. #  4.8. buffer-limit
  1071. #  ==================
  1072. #
  1073. #  Specifies:
  1074. #
  1075. #      Maximum size of the buffer for content filtering.
  1076. #
  1077. #  Type of value:
  1078. #
  1079. #      Size in Kbytes
  1080. #
  1081. #  Default value:
  1082. #
  1083. #      4096
  1084. #
  1085. #  Effect if unset:
  1086. #
  1087. #      Use a 4MB (4096 KB) limit.
  1088. #
  1089. #  Notes:
  1090. #
  1091. #      For content filtering, i.e. the +filter and +deanimate-gif
  1092. #      actions, it is necessary that Privoxy buffers the entire
  1093. #      document body. This can be potentially dangerous, since a
  1094. #      server could just keep sending data indefinitely and wait for
  1095. #      your RAM to exhaust -- with nasty consequences. Hence this
  1096. #      option.
  1097. #
  1098. #      When a document buffer size reaches the buffer-limit, it is
  1099. #      flushed to the client unfiltered and no further attempt to
  1100. #      filter the rest of the document is made. Remember that there
  1101. #      may be multiple threads running, which might require up to
  1102. #      buffer-limit Kbytes each, unless you have enabled
  1103. #      "single-threaded" above.
  1104. #
  1105. buffer-limit 4096
  1106. #
  1107. #  4.9. enable-proxy-authentication-forwarding
  1108. #  ============================================
  1109. #
  1110. #  Specifies:
  1111. #
  1112. #      Whether or not proxy authentication through Privoxy should
  1113. #      work.
  1114. #
  1115. #  Type of value:
  1116. #
  1117. #      0 or 1
  1118. #
  1119. #  Default value:
  1120. #
  1121. #      0
  1122. #
  1123. #  Effect if unset:
  1124. #
  1125. #      Proxy authentication headers are removed.
  1126. #
  1127. #  Notes:
  1128. #
  1129. #      Privoxy itself does not support proxy authentication, but can
  1130. #      allow clients to authenticate against Privoxy's parent proxy.
  1131. #
  1132. #      By default Privoxy (3.0.21 and later) don't do that and remove
  1133. #      Proxy-Authorization headers in requests and Proxy-Authenticate
  1134. #      headers in responses to make it harder for malicious sites to
  1135. #      trick inexperienced users into providing login information.
  1136. #
  1137. #      If this option is enabled the headers are forwarded.
  1138. #
  1139. #      Enabling this option is not recommended if there is no parent
  1140. #      proxy that requires authentication or if the local network
  1141. #      between Privoxy and the parent proxy isn't trustworthy. If
  1142. #      proxy authentication is only required for some requests, it is
  1143. #      recommended to use a client header filter to remove the
  1144. #      authentication headers for requests where they aren't needed.
  1145. #
  1146. enable-proxy-authentication-forwarding 0
  1147. #
  1148. #  5. FORWARDING
  1149. #  ==============
  1150. #
  1151. #  This feature allows routing of HTTP requests through a chain of
  1152. #  multiple proxies.
  1153. #
  1154. #  Forwarding can be used to chain Privoxy with a caching proxy to
  1155. #  speed up browsing. Using a parent proxy may also be necessary if
  1156. #  the machine that Privoxy runs on has no direct Internet access.
  1157. #
  1158. #  Note that parent proxies can severely decrease your privacy level.
  1159. #  For example a parent proxy could add your IP address to the
  1160. #  request headers and if it's a caching proxy it may add the "Etag"
  1161. #  header to revalidation requests again, even though you configured
  1162. #  Privoxy to remove it. It may also ignore Privoxy's header time
  1163. #  randomization and use the original values which could be used by
  1164. #  the server as cookie replacement to track your steps between
  1165. #  visits.
  1166. #
  1167. #  Also specified here are SOCKS proxies. Privoxy supports the SOCKS
  1168. #  4 and SOCKS 4A protocols.
  1169. #
  1170. #
  1171. #  5.1. forward
  1172. #  =============
  1173. #
  1174. #  Specifies:
  1175. #
  1176. #      To which parent HTTP proxy specific requests should be routed.
  1177. #
  1178. #  Type of value:
  1179. #
  1180. #      target_pattern http_parent[:port]
  1181. #
  1182. #      where target_pattern is a URL pattern that specifies to which
  1183. #      requests (i.e. URLs) this forward rule shall apply. Use / to
  1184. #      denote "all URLs". http_parent[:port] is the DNS name or IP
  1185. #      address of the parent HTTP proxy through which the requests
  1186. #      should be forwarded, optionally followed by its listening port
  1187. #      (default: 8000). Use a single dot (.) to denote "no
  1188. #      forwarding".
  1189. #
  1190. #  Default value:
  1191. #
  1192. #      Unset
  1193. #
  1194. #  Effect if unset:
  1195. #
  1196. #      Don't use parent HTTP proxies.
  1197. #
  1198. #  Notes:
  1199. #
  1200. #      If http_parent is ".", then requests are not forwarded to
  1201. #      another HTTP proxy but are made directly to the web servers.
  1202. #
  1203. #      http_parent can be a numerical IPv6 address (if RFC 3493 is
  1204. #      implemented). To prevent clashes with the port delimiter, the
  1205. #      whole IP address has to be put into brackets. On the other
  1206. #      hand a target_pattern containing an IPv6 address has to be put
  1207. #      into angle brackets (normal brackets are reserved for regular
  1208. #      expressions already).
  1209. #
  1210. #      Multiple lines are OK, they are checked in sequence, and the
  1211. #      last match wins.
  1212. #
  1213. #  Examples:
  1214. #
  1215. #      Everything goes to an example parent proxy, except SSL on port
  1216. #      443 (which it doesn't handle):
  1217. #
  1218. #        forward   /      parent-proxy.example.org:8080
  1219. #        forward   :443   .
  1220. #
  1221. #      Everything goes to our example ISP's caching proxy, except for
  1222. #      requests to that ISP's sites:
  1223. #
  1224. #        forward   /                  caching-proxy.isp.example.net:8000
  1225. #        forward   .isp.example.net   .
  1226. #
  1227. #      Parent proxy specified by an IPv6 address:
  1228. #
  1229. #        forward   /                   [2001:DB8::1]:8000
  1230. #
  1231. #      Suppose your parent proxy doesn't support IPv6:
  1232. #
  1233. #        forward  /                        parent-proxy.example.org:8000
  1234. #        forward  ipv6-server.example.org  .
  1235. #        forward  <[2-3][0-9a-f][0-9a-f][0-9a-f]:*>   .
  1236. #
  1237. #
  1238. #  5.2. forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
  1239. #  =========================================================================
  1240. #
  1241. #  Specifies:
  1242. #
  1243. #      Through which SOCKS proxy (and optionally to which parent HTTP
  1244. #      proxy) specific requests should be routed.
  1245. #
  1246. #  Type of value:
  1247. #
  1248. #      target_pattern socks_proxy[:port] http_parent[:port]
  1249. #
  1250. #      where target_pattern is a URL pattern that specifies to which
  1251. #      requests (i.e. URLs) this forward rule shall apply. Use / to
  1252. #      denote "all URLs". http_parent and socks_proxy are IP
  1253. #      addresses in dotted decimal notation or valid DNS names (
  1254. #      http_parent may be "." to denote "no HTTP forwarding"), and
  1255. #      the optional port parameters are TCP ports, i.e. integer
  1256. #      values from 1 to 65535
  1257. #
  1258. #  Default value:
  1259. #
  1260. #      Unset
  1261. #
  1262. #  Effect if unset:
  1263. #
  1264. #      Don't use SOCKS proxies.
  1265. #
  1266. #  Notes:
  1267. #
  1268. #      Multiple lines are OK, they are checked in sequence, and the
  1269. #      last match wins.
  1270. #
  1271. #      The difference between forward-socks4 and forward-socks4a is
  1272. #      that in the SOCKS 4A protocol, the DNS resolution of the
  1273. #      target hostname happens on the SOCKS server, while in SOCKS 4
  1274. #      it happens locally.
  1275. #
  1276. #      With forward-socks5 the DNS resolution will happen on the
  1277. #      remote server as well.
  1278. #
  1279. #      forward-socks5t works like vanilla forward-socks5 but lets
  1280. #      Privoxy additionally use Tor-specific SOCKS extensions.
  1281. #      Currently the only supported SOCKS extension is optimistic
  1282. #      data which can reduce the latency for the first request made
  1283. #      on a newly created connection.
  1284. #
  1285. #      socks_proxy and http_parent can be a numerical IPv6 address
  1286. #      (if RFC 3493 is implemented). To prevent clashes with the port
  1287. #      delimiter, the whole IP address has to be put into brackets.
  1288. #      On the other hand a target_pattern containing an IPv6 address
  1289. #      has to be put into angle brackets (normal brackets are
  1290. #      reserved for regular expressions already).
  1291. #
  1292. #      If http_parent is ".", then requests are not forwarded to
  1293. #      another HTTP proxy but are made (HTTP-wise) directly to the
  1294. #      web servers, albeit through a SOCKS proxy.
  1295. #
  1296. #  Examples:
  1297. #
  1298. #      From the company example.com, direct connections are made to
  1299. #      all "internal" domains, but everything outbound goes through
  1300. #      their ISP's proxy by way of example.com's corporate SOCKS 4A
  1301. #      gateway to the Internet.
  1302. #
  1303. #        forward-socks4a   /              socks-gw.example.com:1080  www-cache.isp.example.net:8080
  1304. #        forward           .example.com   .
  1305. #
  1306. #      A rule that uses a SOCKS 4 gateway for all destinations but no
  1307. #      HTTP parent looks like this:
  1308. #
  1309. #        forward-socks4   /               socks-gw.example.com:1080  .
  1310. #
  1311. #      To chain Privoxy and Tor, both running on the same system, you
  1312. #      would use something like:
  1313. #
  1314. #        forward-socks5   /               127.0.0.1:9050 .
  1315. #
  1316. #      The public Tor network can't be used to reach your local
  1317. #      network, if you need to access local servers you therefore
  1318. #      might want to make some exceptions:
  1319. #
  1320. #        forward         192.168.*.*/     .
  1321. #        forward            10.*.*.*/     .
  1322. #        forward           127.*.*.*/     .
  1323. #
  1324. #      Unencrypted connections to systems in these address ranges
  1325. #      will be as (un)secure as the local network is, but the
  1326. #      alternative is that you can't reach the local network through
  1327. #      Privoxy at all. Of course this may actually be desired and
  1328. #      there is no reason to make these exceptions if you aren't sure
  1329. #      you need them.
  1330. #
  1331. #      If you also want to be able to reach servers in your local
  1332. #      network by using their names, you will need additional
  1333. #      exceptions that look like this:
  1334. #
  1335. #       forward           localhost/     .
  1336. #
  1337. #
  1338. #  5.3. forwarded-connect-retries
  1339. #  ===============================
  1340. #
  1341. #  Specifies:
  1342. #
  1343. #      How often Privoxy retries if a forwarded connection request
  1344. #      fails.
  1345. #
  1346. #  Type of value:
  1347. #
  1348. #      Number of retries.
  1349. #
  1350. #  Default value:
  1351. #
  1352. #      0
  1353. #
  1354. #  Effect if unset:
  1355. #
  1356. #      Connections forwarded through other proxies are treated like
  1357. #      direct connections and no retry attempts are made.
  1358. #
  1359. #  Notes:
  1360. #
  1361. #      forwarded-connect-retries is mainly interesting for socks4a
  1362. #      connections, where Privoxy can't detect why the connections
  1363. #      failed. The connection might have failed because of a DNS
  1364. #      timeout in which case a retry makes sense, but it might also
  1365. #      have failed because the server doesn't exist or isn't
  1366. #      reachable. In this case the retry will just delay the
  1367. #      appearance of Privoxy's error message.
  1368. #
  1369. #      Note that in the context of this option, "forwarded
  1370. #      connections" includes all connections that Privoxy forwards
  1371. #      through other proxies. This option is not limited to the HTTP
  1372. #      CONNECT method.
  1373. #
  1374. #      Only use this option, if you are getting lots of
  1375. #      forwarding-related error messages that go away when you try
  1376. #      again manually. Start with a small value and check Privoxy's
  1377. #      logfile from time to time, to see how many retries are usually
  1378. #      needed.
  1379. #
  1380. #  Examples:
  1381. #
  1382. #      forwarded-connect-retries 1
  1383. #
  1384. forwarded-connect-retries  0
  1385. #
  1386. #  6. MISCELLANEOUS
  1387. #  =================
  1388. #
  1389. #  6.1. accept-intercepted-requests
  1390. #  =================================
  1391. #
  1392. #  Specifies:
  1393. #
  1394. #      Whether intercepted requests should be treated as valid.
  1395. #
  1396. #  Type of value:
  1397. #
  1398. #      0 or 1
  1399. #
  1400. #  Default value:
  1401. #
  1402. #      0
  1403. #
  1404. #  Effect if unset:
  1405. #
  1406. #      Only proxy requests are accepted, intercepted requests are
  1407. #      treated as invalid.
  1408. #
  1409. #  Notes:
  1410. #
  1411. #      If you don't trust your clients and want to force them to use
  1412. #      Privoxy, enable this option and configure your packet filter
  1413. #      to redirect outgoing HTTP connections into Privoxy.
  1414. #
  1415. #      Make sure that Privoxy's own requests aren't redirected as
  1416. #      well. Additionally take care that Privoxy can't intentionally
  1417. #      connect to itself, otherwise you could run into redirection
  1418. #      loops if Privoxy's listening port is reachable by the outside
  1419. #      or an attacker has access to the pages you visit.
  1420. #
  1421. #  Examples:
  1422. #
  1423. #      accept-intercepted-requests 1
  1424. #
  1425. accept-intercepted-requests 0
  1426. #
  1427. #  6.2. allow-cgi-request-crunching
  1428. #  =================================
  1429. #
  1430. #  Specifies:
  1431. #
  1432. #      Whether requests to Privoxy's CGI pages can be blocked or
  1433. #      redirected.
  1434. #
  1435. #  Type of value:
  1436. #
  1437. #      0 or 1
  1438. #
  1439. #  Default value:
  1440. #
  1441. #      0
  1442. #
  1443. #  Effect if unset:
  1444. #
  1445. #      Privoxy ignores block and redirect actions for its CGI pages.
  1446. #
  1447. #  Notes:
  1448. #
  1449. #      By default Privoxy ignores block or redirect actions for its
  1450. #      CGI pages. Intercepting these requests can be useful in
  1451. #      multi-user setups to implement fine-grained access control,
  1452. #      but it can also render the complete web interface useless and
  1453. #      make debugging problems painful if done without care.
  1454. #
  1455. #      Don't enable this option unless you're sure that you really
  1456. #      need it.
  1457. #
  1458. #  Examples:
  1459. #
  1460. #      allow-cgi-request-crunching 1
  1461. #
  1462. allow-cgi-request-crunching 0
  1463. #
  1464. #  6.3. split-large-forms
  1465. #  =======================
  1466. #
  1467. #  Specifies:
  1468. #
  1469. #      Whether the CGI interface should stay compatible with broken
  1470. #      HTTP clients.
  1471. #
  1472. #  Type of value:
  1473. #
  1474. #      0 or 1
  1475. #
  1476. #  Default value:
  1477. #
  1478. #      0
  1479. #
  1480. #  Effect if unset:
  1481. #
  1482. #      The CGI form generate long GET URLs.
  1483. #
  1484. #  Notes:
  1485. #
  1486. #      Privoxy's CGI forms can lead to rather long URLs. This isn't a
  1487. #      problem as far as the HTTP standard is concerned, but it can
  1488. #      confuse clients with arbitrary URL length limitations.
  1489. #
  1490. #      Enabling split-large-forms causes Privoxy to divide big forms
  1491. #      into smaller ones to keep the URL length down. It makes
  1492. #      editing a lot less convenient and you can no longer submit all
  1493. #      changes at once, but at least it works around this browser
  1494. #      bug.
  1495. #
  1496. #      If you don't notice any editing problems, there is no reason
  1497. #      to enable this option, but if one of the submit buttons
  1498. #      appears to be broken, you should give it a try.
  1499. #
  1500. #  Examples:
  1501. #
  1502. #      split-large-forms 1
  1503. #
  1504. split-large-forms 0
  1505. #
  1506. #  6.4. keep-alive-timeout
  1507. #  ========================
  1508. #
  1509. #  Specifies:
  1510. #
  1511. #      Number of seconds after which an open connection will no
  1512. #      longer be reused.
  1513. #
  1514. #  Type of value:
  1515. #
  1516. #      Time in seconds.
  1517. #
  1518. #  Default value:
  1519. #
  1520. #      None
  1521. #
  1522. #  Effect if unset:
  1523. #
  1524. #      Connections are not kept alive.
  1525. #
  1526. #  Notes:
  1527. #
  1528. #      This option allows clients to keep the connection to Privoxy
  1529. #      alive. If the server supports it, Privoxy will keep the
  1530. #      connection to the server alive as well. Under certain
  1531. #      circumstances this may result in speed-ups.
  1532. #
  1533. #      By default, Privoxy will close the connection to the server if
  1534. #      the client connection gets closed, or if the specified timeout
  1535. #      has been reached without a new request coming in. This
  1536. #      behaviour can be changed with the connection-sharing option.
  1537. #
  1538. #      This option has no effect if Privoxy has been compiled without
  1539. #      keep-alive support.
  1540. #
  1541. #      Note that a timeout of five seconds as used in the default
  1542. #      configuration file significantly decreases the number of
  1543. #      connections that will be reused. The value is used because
  1544. #      some browsers limit the number of connections they open to a
  1545. #      single host and apply the same limit to proxies. This can
  1546. #      result in a single website "grabbing" all the connections the
  1547. #      browser allows, which means connections to other websites
  1548. #      can't be opened until the connections currently in use time
  1549. #      out.
  1550. #
  1551. #      Several users have reported this as a Privoxy bug, so the
  1552. #      default value has been reduced. Consider increasing it to 300
  1553. #      seconds or even more if you think your browser can handle it.
  1554. #      If your browser appears to be hanging, it probably can't.
  1555. #
  1556. #  Examples:
  1557. #
  1558. #      keep-alive-timeout 300
  1559. #
  1560. keep-alive-timeout 5
  1561. #
  1562. #  6.5. tolerate-pipelining
  1563. #  =========================
  1564. #
  1565. #  Specifies:
  1566. #
  1567. #      Whether or not pipelined requests should be served.
  1568. #
  1569. #  Type of value:
  1570. #
  1571. #      0 or 1.
  1572. #
  1573. #  Default value:
  1574. #
  1575. #      None
  1576. #
  1577. #  Effect if unset:
  1578. #
  1579. #      If Privoxy receives more than one request at once, it
  1580. #      terminates the client connection after serving the first one.
  1581. #
  1582. #  Notes:
  1583. #
  1584. #      Privoxy currently doesn't pipeline outgoing requests, thus
  1585. #      allowing pipelining on the client connection is not guaranteed
  1586. #      to improve the performance.
  1587. #
  1588. #      By default Privoxy tries to discourage clients from pipelining
  1589. #      by discarding aggressively pipelined requests, which forces
  1590. #      the client to resend them through a new connection.
  1591. #
  1592. #      This option lets Privoxy tolerate pipelining. Whether or not
  1593. #      that improves performance mainly depends on the client
  1594. #      configuration.
  1595. #
  1596. #      If you are seeing problems with pages not properly loading,
  1597. #      disabling this option could work around the problem.
  1598. #
  1599. #  Examples:
  1600. #
  1601. #      tolerate-pipelining 1
  1602. #
  1603. tolerate-pipelining 1
  1604. #
  1605. #  6.6. default-server-timeout
  1606. #  ============================
  1607. #
  1608. #  Specifies:
  1609. #
  1610. #      Assumed server-side keep-alive timeout if not specified by the
  1611. #      server.
  1612. #
  1613. #  Type of value:
  1614. #
  1615. #      Time in seconds.
  1616. #
  1617. #  Default value:
  1618. #
  1619. #      None
  1620. #
  1621. #  Effect if unset:
  1622. #
  1623. #      Connections for which the server didn't specify the keep-alive
  1624. #      timeout are not reused.
  1625. #
  1626. #  Notes:
  1627. #
  1628. #      Enabling this option significantly increases the number of
  1629. #      connections that are reused, provided the keep-alive-timeout
  1630. #      option is also enabled.
  1631. #
  1632. #      While it also increases the number of connections problems
  1633. #      when Privoxy tries to reuse a connection that already has been
  1634. #      closed on the server side, or is closed while Privoxy is
  1635. #      trying to reuse it, this should only be a problem if it
  1636. #      happens for the first request sent by the client. If it
  1637. #      happens for requests on reused client connections, Privoxy
  1638. #      will simply close the connection and the client is supposed to
  1639. #      retry the request without bothering the user.
  1640. #
  1641. #      Enabling this option is therefore only recommended if the
  1642. #      connection-sharing option is disabled.
  1643. #
  1644. #      It is an error to specify a value larger than the
  1645. #      keep-alive-timeout value.
  1646. #
  1647. #      This option has no effect if Privoxy has been compiled without
  1648. #      keep-alive support.
  1649. #
  1650. #  Examples:
  1651. #
  1652. #      default-server-timeout 60
  1653. #
  1654. #default-server-timeout 60
  1655. #
  1656. #  6.7. connection-sharing
  1657. #  ========================
  1658. #
  1659. #  Specifies:
  1660. #
  1661. #      Whether or not outgoing connections that have been kept alive
  1662. #      should be shared between different incoming connections.
  1663. #
  1664. #  Type of value:
  1665. #
  1666. #      0 or 1
  1667. #
  1668. #  Default value:
  1669. #
  1670. #      None
  1671. #
  1672. #  Effect if unset:
  1673. #
  1674. #      Connections are not shared.
  1675. #
  1676. #  Notes:
  1677. #
  1678. #      This option has no effect if Privoxy has been compiled without
  1679. #      keep-alive support, or if it's disabled.
  1680. #
  1681. #  Notes:
  1682. #
  1683. #      Note that reusing connections doesn't necessary cause
  1684. #      speedups. There are also a few privacy implications you should
  1685. #      be aware of.
  1686. #
  1687. #      If this option is effective, outgoing connections are shared
  1688. #      between clients (if there are more than one) and closing the
  1689. #      browser that initiated the outgoing connection does no longer
  1690. #      affect the connection between Privoxy and the server unless
  1691. #      the client's request hasn't been completed yet.
  1692. #
  1693. #      If the outgoing connection is idle, it will not be closed
  1694. #      until either Privoxy's or the server's timeout is reached.
  1695. #      While it's open, the server knows that the system running
  1696. #      Privoxy is still there.
  1697. #
  1698. #      If there are more than one client (maybe even belonging to
  1699. #      multiple users), they will be able to reuse each others
  1700. #      connections. This is potentially dangerous in case of
  1701. #      authentication schemes like NTLM where only the connection is
  1702. #      authenticated, instead of requiring authentication for each
  1703. #      request.
  1704. #
  1705. #      If there is only a single client, and if said client can keep
  1706. #      connections alive on its own, enabling this option has next to
  1707. #      no effect. If the client doesn't support connection
  1708. #      keep-alive, enabling this option may make sense as it allows
  1709. #      Privoxy to keep outgoing connections alive even if the client
  1710. #      itself doesn't support it.
  1711. #
  1712. #      You should also be aware that enabling this option increases
  1713. #      the likelihood of getting the "No server or forwarder data"
  1714. #      error message, especially if you are using a slow connection
  1715. #      to the Internet.
  1716. #
  1717. #      This option should only be used by experienced users who
  1718. #      understand the risks and can weight them against the benefits.
  1719. #
  1720. #  Examples:
  1721. #
  1722. #      connection-sharing 1
  1723. #
  1724. #connection-sharing 1
  1725. #
  1726. #  6.8. socket-timeout
  1727. #  ====================
  1728. #
  1729. #  Specifies:
  1730. #
  1731. #      Number of seconds after which a socket times out if no data is
  1732. #      received.
  1733. #
  1734. #  Type of value:
  1735. #
  1736. #      Time in seconds.
  1737. #
  1738. #  Default value:
  1739. #
  1740. #      None
  1741. #
  1742. #  Effect if unset:
  1743. #
  1744. #      A default value of 300 seconds is used.
  1745. #
  1746. #  Notes:
  1747. #
  1748. #      The default is quite high and you probably want to reduce it.
  1749. #      If you aren't using an occasionally slow proxy like Tor,
  1750. #      reducing it to a few seconds should be fine.
  1751. #
  1752. #  Examples:
  1753. #
  1754. #      socket-timeout 300
  1755. #
  1756. socket-timeout 300
  1757. #
  1758. #  6.9. max-client-connections
  1759. #  ============================
  1760. #
  1761. #  Specifies:
  1762. #
  1763. #      Maximum number of client connections that will be served.
  1764. #
  1765. #  Type of value:
  1766. #
  1767. #      Positive number.
  1768. #
  1769. #  Default value:
  1770. #
  1771. #      128
  1772. #
  1773. #  Effect if unset:
  1774. #
  1775. #      Connections are served until a resource limit is reached.
  1776. #
  1777. #  Notes:
  1778. #
  1779. #      Privoxy creates one thread (or process) for every incoming
  1780. #      client connection that isn't rejected based on the access
  1781. #      control settings.
  1782. #
  1783. #      If the system is powerful enough, Privoxy can theoretically
  1784. #      deal with several hundred (or thousand) connections at the
  1785. #      same time, but some operating systems enforce resource limits
  1786. #      by shutting down offending processes and their default limits
  1787. #      may be below the ones Privoxy would require under heavy load.
  1788. #
  1789. #      Configuring Privoxy to enforce a connection limit below the
  1790. #      thread or process limit used by the operating system makes
  1791. #      sure this doesn't happen. Simply increasing the operating
  1792. #      system's limit would work too, but if Privoxy isn't the only
  1793. #      application running on the system, you may actually want to
  1794. #      limit the resources used by Privoxy.
  1795. #
  1796. #      If Privoxy is only used by a single trusted user, limiting the
  1797. #      number of client connections is probably unnecessary. If there
  1798. #      are multiple possibly untrusted users you probably still want
  1799. #      to additionally use a packet filter to limit the maximal
  1800. #      number of incoming connections per client. Otherwise a
  1801. #      malicious user could intentionally create a high number of
  1802. #      connections to prevent other users from using Privoxy.
  1803. #
  1804. #      Obviously using this option only makes sense if you choose a
  1805. #      limit below the one enforced by the operating system.
  1806. #
  1807. #      One most POSIX-compliant systems Privoxy can't properly deal
  1808. #      with more than FD_SETSIZE file descriptors at the same time
  1809. #      and has to reject connections if the limit is reached. This
  1810. #      will likely change in a future version, but currently this
  1811. #      limit can't be increased without recompiling Privoxy with a
  1812. #      different FD_SETSIZE limit.
  1813. #
  1814. #  Examples:
  1815. #
  1816. #      max-client-connections 256
  1817. #
  1818. #max-client-connections 256
  1819. #
  1820. #  6.10. handle-as-empty-doc-returns-ok
  1821. #  =====================================
  1822. #
  1823. #  Specifies:
  1824. #
  1825. #      The status code Privoxy returns for pages blocked with
  1826. #      +handle-as-empty-document.
  1827. #
  1828. #  Type of value:
  1829. #
  1830. #      0 or 1
  1831. #
  1832. #  Default value:
  1833. #
  1834. #      0
  1835. #
  1836. #  Effect if unset:
  1837. #
  1838. #      Privoxy returns a status 403(forbidden) for all blocked pages.
  1839. #
  1840. #  Effect if set:
  1841. #
  1842. #      Privoxy returns a status 200(OK) for pages blocked with
  1843. #      +handle-as-empty-document and a status 403(Forbidden) for all
  1844. #      other blocked pages.
  1845. #
  1846. #  Notes:
  1847. #
  1848. #      This is a work-around for Firefox bug 492459: " Websites are
  1849. #      no longer rendered if SSL requests for JavaScripts are blocked
  1850. #      by a proxy. " (https://bugzilla.mozilla.org/show_bug.cgi?id=
  1851. #      492459) As the bug has been fixed for quite some time this
  1852. #      option should no longer be needed and will be removed in a
  1853. #      future release. Please speak up if you have a reason why the
  1854. #      option should be kept around.
  1855. #
  1856. #handle-as-empty-doc-returns-ok 1
  1857. #
  1858. #  6.11. enable-compression
  1859. #  =========================
  1860. #
  1861. #  Specifies:
  1862. #
  1863. #      Whether or not buffered content is compressed before delivery.
  1864. #
  1865. #  Type of value:
  1866. #
  1867. #      0 or 1
  1868. #
  1869. #  Default value:
  1870. #
  1871. #      0
  1872. #
  1873. #  Effect if unset:
  1874. #
  1875. #      Privoxy does not compress buffered content.
  1876. #
  1877. #  Effect if set:
  1878. #
  1879. #      Privoxy compresses buffered content before delivering it to
  1880. #      the client, provided the client supports it.
  1881. #
  1882. #  Notes:
  1883. #
  1884. #      This directive is only supported if Privoxy has been compiled
  1885. #      with FEATURE_COMPRESSION, which should not to be confused with
  1886. #      FEATURE_ZLIB.
  1887. #
  1888. #      Compressing buffered content is mainly useful if Privoxy and
  1889. #      the client are running on different systems. If they are
  1890. #      running on the same system, enabling compression is likely to
  1891. #      slow things down. If you didn't measure otherwise, you should
  1892. #      assume that it does and keep this option disabled.
  1893. #
  1894. #      Privoxy will not compress buffered content below a certain
  1895. #      length.
  1896. #
  1897. #enable-compression 1
  1898. #
  1899. #  6.12. compression-level
  1900. #  ========================
  1901. #
  1902. #  Specifies:
  1903. #
  1904. #      The compression level that is passed to the zlib library when
  1905. #      compressing buffered content.
  1906. #
  1907. #  Type of value:
  1908. #
  1909. #      Positive number ranging from 0 to 9.
  1910. #
  1911. #  Default value:
  1912. #
  1913. #      1
  1914. #
  1915. #  Notes:
  1916. #
  1917. #      Compressing the data more takes usually longer than
  1918. #      compressing it less or not compressing it at all. Which level
  1919. #      is best depends on the connection between Privoxy and the
  1920. #      client. If you can't be bothered to benchmark it for yourself,
  1921. #      you should stick with the default and keep compression
  1922. #      disabled.
  1923. #
  1924. #      If compression is disabled, the compression level is
  1925. #      irrelevant.
  1926. #
  1927. #  Examples:
  1928. #
  1929. #          # Best speed (compared to the other levels)
  1930. #          compression-level 1
  1931. #
  1932. #          # Best compression
  1933. #          compression-level 9
  1934. #
  1935. #          # No compression. Only useful for testing as the added header
  1936. #          # slightly increases the amount of data that has to be sent.
  1937. #          # If your benchmark shows that using this compression level
  1938. #          # is superior to using no compression at all, the benchmark
  1939. #          # is likely to be flawed.
  1940. #          compression-level 0
  1941. #
  1942. #
  1943. #compression-level 1
  1944. #
  1945. #  6.13. client-header-order
  1946. #  ==========================
  1947. #
  1948. #  Specifies:
  1949. #
  1950. #      The order in which client headers are sorted before forwarding
  1951. #      them.
  1952. #
  1953. #  Type of value:
  1954. #
  1955. #      Client header names delimited by spaces or tabs
  1956. #
  1957. #  Default value:
  1958. #
  1959. #      None
  1960. #
  1961. #  Notes:
  1962. #
  1963. #      By default Privoxy leaves the client headers in the order they
  1964. #      were sent by the client. Headers are modified in-place, new
  1965. #      headers are added at the end of the already existing headers.
  1966. #
  1967. #      The header order can be used to fingerprint client requests
  1968. #      independently of other headers like the User-Agent.
  1969. #
  1970. #      This directive allows to sort the headers differently to
  1971. #      better mimic a different User-Agent. Client headers will be
  1972. #      emitted in the order given, headers whose name isn't
  1973. #      explicitly specified are added at the end.
  1974. #
  1975. #      Note that sorting headers in an uncommon way will make
  1976. #      fingerprinting actually easier. Encrypted headers are not
  1977. #      affected by this directive.
  1978. #
  1979. #client-header-order Host \
  1980. #   Accept \
  1981. #   Accept-Language \
  1982. #   Accept-Encoding \
  1983. #   Proxy-Connection \
  1984. #   Referer \
  1985. #   Cookie \
  1986. #   DNT \
  1987. #   If-Modified-Since \
  1988. #   Cache-Control \
  1989. #   Content-Length \
  1990. #   Content-Type
  1991. #
  1992. #
  1993. #  7. WINDOWS GUI OPTIONS
  1994. #  =======================
  1995. #
  1996. #  Privoxy has a number of options specific to the Windows GUI
  1997. #  interface:
  1998. #
  1999. #
  2000. #
  2001. #  If "activity-animation" is set to 1, the Privoxy icon will animate
  2002. #  when "Privoxy" is active. To turn off, set to 0.
  2003. #
  2004. #activity-animation   1
  2005. #
  2006. #
  2007. #
  2008. #  If "log-messages" is set to 1, Privoxy copies log messages to the
  2009. #  console window. The log detail depends on the debug directive.
  2010. #
  2011. #log-messages   1
  2012. #
  2013. #
  2014. #
  2015. #  If "log-buffer-size" is set to 1, the size of the log buffer, i.e.
  2016. #  the amount of memory used for the log messages displayed in the
  2017. #  console window, will be limited to "log-max-lines" (see below).
  2018. #
  2019. #  Warning: Setting this to 0 will result in the buffer to grow
  2020. #  infinitely and eat up all your memory!
  2021. #
  2022. #log-buffer-size 1
  2023. #
  2024. #
  2025. #
  2026. #  log-max-lines is the maximum number of lines held in the log
  2027. #  buffer. See above.
  2028. #
  2029. #log-max-lines 200
  2030. #
  2031. #
  2032. #
  2033. #  If "log-highlight-messages" is set to 1, Privoxy will highlight
  2034. #  portions of the log messages with a bold-faced font:
  2035. #
  2036. #log-highlight-messages 1
  2037. #
  2038. #
  2039. #
  2040. #  The font used in the console window:
  2041. #
  2042. #log-font-name Comic Sans MS
  2043. #
  2044. #
  2045. #
  2046. #  Font size used in the console window:
  2047. #
  2048. #log-font-size 8
  2049. #
  2050. #
  2051. #
  2052. #  "show-on-task-bar" controls whether or not Privoxy will appear as
  2053. #  a button on the Task bar when minimized:
  2054. #
  2055. #show-on-task-bar 0
  2056. #
  2057. #
  2058. #
  2059. #  If "close-button-minimizes" is set to 1, the Windows close button
  2060. #  will minimize Privoxy instead of closing the program (close with
  2061. #  the exit option on the File menu).
  2062. #
  2063. #close-button-minimizes 1
  2064. #
  2065. #
  2066. #
  2067. #  The "hide-console" option is specific to the MS-Win console
  2068. #  version of Privoxy. If this option is used, Privoxy will
  2069. #  disconnect from and hide the command console.
  2070. #
  2071. #hide-console
  2072. #
  2073. #
  2074. #
  2075. listen-address 192.168.0.111:8118
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top