code.fastix.org

Dateiansicht:

Datei:Projekte -> Linux:Netzwerk für Seminare -> Router_Server -> etc -> privoxy -> config.original
md5:dc6fff0146a97e002fbd6826a662ec0f
sha1:63015b8c14f95327e9dee6386cfe75f795d662fb
Download-Link:Download
  1. #        Sample Configuration File for Privoxy
  2. #
  3. # Id: config,v
  4. #
  5. # Copyright (C) 2001-2016 Privoxy Developers https://www.privoxy.org/
  6. #
  7. #####################################################################
  8. #                                                                   #
  9. #                      Table of Contents                            #
  10. #                                                                   #
  11. #        I. INTRODUCTION                                            #
  12. #       II. FORMAT OF THE CONFIGURATION FILE                        #
  13. #                                                                   #
  14. #        1. LOCAL SET-UP DOCUMENTATION                              #
  15. #        2. CONFIGURATION AND LOG FILE LOCATIONS                    #
  16. #        3. DEBUGGING                                               #
  17. #        4. ACCESS CONTROL AND SECURITY                             #
  18. #        5. FORWARDING                                              #
  19. #        6. MISCELLANEOUS                                           #
  20. #        7. WINDOWS GUI OPTIONS                                     #
  21. #                                                                   #
  22. #####################################################################
  23. #
  24. #
  25. #  I. INTRODUCTION
  26. #   ===============
  27. #
  28. #  This file holds Privoxy's main configuration. Privoxy detects
  29. #  configuration changes automatically, so you don't have to restart
  30. #  it unless you want to load a different configuration file.
  31. #
  32. #  The configuration will be reloaded with the first request after
  33. #  the change was done, this request itself will still use the old
  34. #  configuration, though. In other words: it takes two requests
  35. #  before you see the result of your changes. Requests that are
  36. #  dropped due to ACL don't trigger reloads.
  37. #
  38. #  When starting Privoxy on Unix systems, give the location of this
  39. #  file as last argument. On Windows systems, Privoxy will look for
  40. #  this file with the name 'config.txt' in the current working
  41. #  directory of the Privoxy process.
  42. #
  43. #
  44. #  II. FORMAT OF THE CONFIGURATION FILE
  45. #  ====================================
  46. #
  47. #  Configuration lines consist of an initial keyword followed by a
  48. #  list of values, all separated by whitespace (any number of spaces
  49. #  or tabs). For example,
  50. #
  51. #  actionsfile default.action
  52. #
  53. #  Indicates that the actionsfile is named 'default.action'.
  54. #
  55. #  The '#' indicates a comment. Any part of a line following a '#' is
  56. #  ignored, except if the '#' is preceded by a '\'.
  57. #
  58. #  Thus, by placing a # at the start of an existing configuration
  59. #  line, you can make it a comment and it will be treated as if it
  60. #  weren't there. This is called "commenting out" an option and can
  61. #  be useful. Removing the # again is called "uncommenting".
  62. #
  63. #  Note that commenting out an option and leaving it at its default
  64. #  are two completely different things! Most options behave very
  65. #  differently when unset. See the "Effect if unset" explanation in
  66. #  each option's description for details.
  67. #
  68. #  Long lines can be continued on the next line by using a `\' as the
  69. #  last character.
  70. #
  71. #
  72. #  1. LOCAL SET-UP DOCUMENTATION
  73. #  ==============================
  74. #
  75. #  If you intend to operate Privoxy for more users than just
  76. #  yourself, it might be a good idea to let them know how to reach
  77. #  you, what you block and why you do that, your policies, etc.
  78. #
  79. #
  80. #  1.1. user-manual
  81. #  =================
  82. #
  83. #  Specifies:
  84. #
  85. #      Location of the Privoxy User Manual.
  86. #
  87. #  Type of value:
  88. #
  89. #      A fully qualified URI
  90. #
  91. #  Default value:
  92. #
  93. #      Unset
  94. #
  95. #  Effect if unset:
  96. #
  97. #      https://www.privoxy.org/version/user-manual/ will be used,
  98. #      where version is the Privoxy version.
  99. #
  100. #  Notes:
  101. #
  102. #      The User Manual URI is the single best source of information
  103. #      on Privoxy, and is used for help links from some of the
  104. #      internal CGI pages. The manual itself is normally packaged
  105. #      with the binary distributions, so you probably want to set
  106. #      this to a locally installed copy.
  107. #
  108. #      Examples:
  109. #
  110. #      The best all purpose solution is simply to put the full local
  111. #      PATH to where the User Manual is located:
  112. #
  113. #        user-manual  /usr/share/doc/privoxy/user-manual
  114. #
  115. #      The User Manual is then available to anyone with access to
  116. #      Privoxy, by following the built-in URL: http://
  117. #      config.privoxy.org/user-manual/ (or the shortcut: http://p.p/
  118. #      user-manual/).
  119. #
  120. #      If the documentation is not on the local system, it can be
  121. #      accessed from a remote server, as:
  122. #
  123. #        user-manual  http://example.com/privoxy/user-manual/
  124. #
  125. #      WARNING!!!
  126. #
  127. #          If set, this option should be the first option in the
  128. #          config file, because it is used while the config file is
  129. #          being read.
  130. #
  131. user-manual /usr/share/doc/privoxy/user-manual
  132. #
  133. #  1.2. trust-info-url
  134. #  ====================
  135. #
  136. #  Specifies:
  137. #
  138. #      A URL to be displayed in the error page that users will see if
  139. #      access to an untrusted page is denied.
  140. #
  141. #  Type of value:
  142. #
  143. #      URL
  144. #
  145. #  Default value:
  146. #
  147. #      Unset
  148. #
  149. #  Effect if unset:
  150. #
  151. #      No links are displayed on the "untrusted" error page.
  152. #
  153. #  Notes:
  154. #
  155. #      The value of this option only matters if the experimental
  156. #      trust mechanism has been activated. (See trustfile below.)
  157. #
  158. #      If you use the trust mechanism, it is a good idea to write up
  159. #      some on-line documentation about your trust policy and to
  160. #      specify the URL(s) here. Use multiple times for multiple URLs.
  161. #
  162. #      The URL(s) should be added to the trustfile as well, so users
  163. #      don't end up locked out from the information on why they were
  164. #      locked out in the first place!
  165. #
  166. #trust-info-url  http://www.example.com/why_we_block.html
  167. #trust-info-url  http://www.example.com/what_we_allow.html
  168. #
  169. #  1.3. admin-address
  170. #  ===================
  171. #
  172. #  Specifies:
  173. #
  174. #      An email address to reach the Privoxy administrator.
  175. #
  176. #  Type of value:
  177. #
  178. #      Email address
  179. #
  180. #  Default value:
  181. #
  182. #      Unset
  183. #
  184. #  Effect if unset:
  185. #
  186. #      No email address is displayed on error pages and the CGI user
  187. #      interface.
  188. #
  189. #  Notes:
  190. #
  191. #      If both admin-address and proxy-info-url are unset, the whole
  192. #      "Local Privoxy Support" box on all generated pages will not be
  193. #      shown.
  194. #
  195. #admin-address privoxy-admin@example.com
  196. #
  197. #  1.4. proxy-info-url
  198. #  ====================
  199. #
  200. #  Specifies:
  201. #
  202. #      A URL to documentation about the local Privoxy setup,
  203. #      configuration or policies.
  204. #
  205. #  Type of value:
  206. #
  207. #      URL
  208. #
  209. #  Default value:
  210. #
  211. #      Unset
  212. #
  213. #  Effect if unset:
  214. #
  215. #      No link to local documentation is displayed on error pages and
  216. #      the CGI user interface.
  217. #
  218. #  Notes:
  219. #
  220. #      If both admin-address and proxy-info-url are unset, the whole
  221. #      "Local Privoxy Support" box on all generated pages will not be
  222. #      shown.
  223. #
  224. #      This URL shouldn't be blocked ;-)
  225. #
  226. #proxy-info-url http://www.example.com/proxy-service.html
  227. #
  228. #  2. CONFIGURATION AND LOG FILE LOCATIONS
  229. #  ========================================
  230. #
  231. #  Privoxy can (and normally does) use a number of other files for
  232. #  additional configuration, help and logging. This section of the
  233. #  configuration file tells Privoxy where to find those other files.
  234. #
  235. #  The user running Privoxy, must have read permission for all
  236. #  configuration files, and write permission to any files that would
  237. #  be modified, such as log files and actions files.
  238. #
  239. #
  240. #  2.1. confdir
  241. #  =============
  242. #
  243. #  Specifies:
  244. #
  245. #      The directory where the other configuration files are located.
  246. #
  247. #  Type of value:
  248. #
  249. #      Path name
  250. #
  251. #  Default value:
  252. #
  253. #      /etc/privoxy (Unix) or Privoxy installation dir (Windows)
  254. #
  255. #  Effect if unset:
  256. #
  257. #      Mandatory
  258. #
  259. #  Notes:
  260. #
  261. #      No trailing "/", please.
  262. #
  263. confdir /etc/privoxy
  264. #
  265. #  2.2. templdir
  266. #  ==============
  267. #
  268. #  Specifies:
  269. #
  270. #      An alternative directory where the templates are loaded from.
  271. #
  272. #  Type of value:
  273. #
  274. #      Path name
  275. #
  276. #  Default value:
  277. #
  278. #      unset
  279. #
  280. #  Effect if unset:
  281. #
  282. #      The templates are assumed to be located in confdir/template.
  283. #
  284. #  Notes:
  285. #
  286. #      Privoxy's original templates are usually overwritten with each
  287. #      update. Use this option to relocate customized templates that
  288. #      should be kept. As template variables might change between
  289. #      updates, you shouldn't expect templates to work with Privoxy
  290. #      releases other than the one they were part of, though.
  291. #
  292. #templdir .
  293. #
  294. #  2.3. temporary-directory
  295. #  =========================
  296. #
  297. #  Specifies:
  298. #
  299. #      A directory where Privoxy can create temporary files.
  300. #
  301. #  Type of value:
  302. #
  303. #      Path name
  304. #
  305. #  Default value:
  306. #
  307. #      unset
  308. #
  309. #  Effect if unset:
  310. #
  311. #      No temporary files are created, external filters don't work.
  312. #
  313. #  Notes:
  314. #
  315. #      To execute external filters, Privoxy has to create temporary
  316. #      files. This directive specifies the directory the temporary
  317. #      files should be written to.
  318. #
  319. #      It should be a directory only Privoxy (and trusted users) can
  320. #      access.
  321. #
  322. #temporary-directory .
  323. #
  324. #  2.4. logdir
  325. #  ============
  326. #
  327. #  Specifies:
  328. #
  329. #      The directory where all logging takes place (i.e. where the
  330. #      logfile is located).
  331. #
  332. #  Type of value:
  333. #
  334. #      Path name
  335. #
  336. #  Default value:
  337. #
  338. #      /var/log/privoxy (Unix) or Privoxy installation dir (Windows)
  339. #
  340. #  Effect if unset:
  341. #
  342. #      Mandatory
  343. #
  344. #  Notes:
  345. #
  346. #      No trailing "/", please.
  347. #
  348. logdir /var/log/privoxy
  349. #
  350. #  2.5. actionsfile
  351. #  =================
  352. #
  353. #  Specifies:
  354. #
  355. #      The actions file(s) to use
  356. #
  357. #  Type of value:
  358. #
  359. #      Complete file name, relative to confdir
  360. #
  361. #  Default values:
  362. #
  363. #        match-all.action # Actions that are applied to all sites and maybe overruled later on.
  364. #
  365. #        default.action   # Main actions file
  366. #
  367. #        user.action      # User customizations
  368. #
  369. #  Effect if unset:
  370. #
  371. #      No actions are taken at all. More or less neutral proxying.
  372. #
  373. #  Notes:
  374. #
  375. #      Multiple actionsfile lines are permitted, and are in fact
  376. #      recommended!
  377. #
  378. #      The default values are default.action, which is the "main"
  379. #      actions file maintained by the developers, and user.action,
  380. #      where you can make your personal additions.
  381. #
  382. #      Actions files contain all the per site and per URL
  383. #      configuration for ad blocking, cookie management, privacy
  384. #      considerations, etc.
  385. #
  386. actionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on.
  387. actionsfile default.action   # Main actions file
  388. actionsfile user.action      # User customizations
  389. #
  390. #  2.6. filterfile
  391. #  ================
  392. #
  393. #  Specifies:
  394. #
  395. #      The filter file(s) to use
  396. #
  397. #  Type of value:
  398. #
  399. #      File name, relative to confdir
  400. #
  401. #  Default value:
  402. #
  403. #      default.filter (Unix) or default.filter.txt (Windows)
  404. #
  405. #  Effect if unset:
  406. #
  407. #      No textual content filtering takes place, i.e. all +filter{name}
  408. #      actions in the actions files are turned neutral.
  409. #
  410. #  Notes:
  411. #
  412. #      Multiple filterfile lines are permitted.
  413. #
  414. #      The filter files contain content modification rules that use
  415. #      regular expressions. These rules permit powerful changes on
  416. #      the content of Web pages, and optionally the headers as well,
  417. #      e.g., you could try to disable your favorite JavaScript
  418. #      annoyances, re-write the actual displayed text, or just have
  419. #      some fun playing buzzword bingo with web pages.
  420. #
  421. #      The +filter{name} actions rely on the relevant filter (name)
  422. #      to be defined in a filter file!
  423. #
  424. #      A pre-defined filter file called default.filter that contains
  425. #      a number of useful filters for common problems is included in
  426. #      the distribution. See the section on the filter action for a
  427. #      list.
  428. #
  429. #      It is recommended to place any locally adapted filters into a
  430. #      separate file, such as user.filter.
  431. #
  432. filterfile default.filter
  433. filterfile user.filter      # User customizations
  434. #
  435. #  2.7. logfile
  436. #  =============
  437. #
  438. #  Specifies:
  439. #
  440. #      The log file to use
  441. #
  442. #  Type of value:
  443. #
  444. #      File name, relative to logdir
  445. #
  446. #  Default value:
  447. #
  448. #      Unset (commented out). When activated: logfile (Unix) or
  449. #      privoxy.log (Windows).
  450. #
  451. #  Effect if unset:
  452. #
  453. #      No logfile is written.
  454. #
  455. #  Notes:
  456. #
  457. #      The logfile is where all logging and error messages are
  458. #      written. The level of detail and number of messages are set
  459. #      with the debug option (see below). The logfile can be useful
  460. #      for tracking down a problem with Privoxy (e.g., it's not
  461. #      blocking an ad you think it should block) and it can help you
  462. #      to monitor what your browser is doing.
  463. #
  464. #      Depending on the debug options below, the logfile may be a
  465. #      privacy risk if third parties can get access to it. As most
  466. #      users will never look at it, Privoxy only logs fatal errors by
  467. #      default.
  468. #
  469. #      For most troubleshooting purposes, you will have to change
  470. #      that, please refer to the debugging section for details.
  471. #
  472. #      Any log files must be writable by whatever user Privoxy is
  473. #      being run as (on Unix, default user id is "privoxy").
  474. #
  475. #      To prevent the logfile from growing indefinitely, it is
  476. #      recommended to periodically rotate or shorten it. Many
  477. #      operating systems support log rotation out of the box, some
  478. #      require additional software to do it. For details, please
  479. #      refer to the documentation for your operating system.
  480. #
  481. logfile logfile
  482. #
  483. #  2.8. trustfile
  484. #  ===============
  485. #
  486. #  Specifies:
  487. #
  488. #      The name of the trust file to use
  489. #
  490. #  Type of value:
  491. #
  492. #      File name, relative to confdir
  493. #
  494. #  Default value:
  495. #
  496. #      Unset (commented out). When activated: trust (Unix) or
  497. #      trust.txt (Windows)
  498. #
  499. #  Effect if unset:
  500. #
  501. #      The entire trust mechanism is disabled.
  502. #
  503. #  Notes:
  504. #
  505. #      The trust mechanism is an experimental feature for building
  506. #      white-lists and should be used with care. It is NOT
  507. #      recommended for the casual user.
  508. #
  509. #      If you specify a trust file, Privoxy will only allow access to
  510. #      sites that are specified in the trustfile. Sites can be listed
  511. #      in one of two ways:
  512. #
  513. #      Prepending a ~ character limits access to this site only (and
  514. #      any sub-paths within this site), e.g. ~www.example.com allows
  515. #      access to ~www.example.com/features/news.html, etc.
  516. #
  517. #      Or, you can designate sites as trusted referrers, by
  518. #      prepending the name with a + character. The effect is that
  519. #      access to untrusted sites will be granted -- but only if a
  520. #      link from this trusted referrer was used to get there. The
  521. #      link target will then be added to the "trustfile" so that
  522. #      future, direct accesses will be granted. Sites added via this
  523. #      mechanism do not become trusted referrers themselves (i.e.
  524. #      they are added with a ~ designation). There is a limit of 512
  525. #      such entries, after which new entries will not be made.
  526. #
  527. #      If you use the + operator in the trust file, it may grow
  528. #      considerably over time.
  529. #
  530. #      It is recommended that Privoxy be compiled with the
  531. #      --disable-force, --disable-toggle and --disable-editor
  532. #      options, if this feature is to be used.
  533. #
  534. #      Possible applications include limiting Internet access for
  535. #      children.
  536. #
  537. #trustfile trust
  538. #
  539. #  3. DEBUGGING
  540. #  =============
  541. #
  542. #  These options are mainly useful when tracing a problem. Note that
  543. #  you might also want to invoke Privoxy with the --no-daemon command
  544. #  line option when debugging.
  545. #
  546. #
  547. #  3.1. debug
  548. #  ===========
  549. #
  550. #  Specifies:
  551. #
  552. #      Key values that determine what information gets logged.
  553. #
  554. #  Type of value:
  555. #
  556. #      Integer values
  557. #
  558. #  Default value:
  559. #
  560. #      0 (i.e.: only fatal errors (that cause Privoxy to exit) are
  561. #      logged)
  562. #
  563. #  Effect if unset:
  564. #
  565. #      Default value is used (see above).
  566. #
  567. #  Notes:
  568. #
  569. #      The available debug levels are:
  570. #
  571. #        debug     1 # Log the destination for each request Privoxy let through. See also debug 1024.
  572. #        debug     2 # show each connection status
  573. #        debug     4 # show I/O status
  574. #        debug     8 # show header parsing
  575. #        debug    16 # log all data written to the network
  576. #        debug    32 # debug force feature
  577. #        debug    64 # debug regular expression filters
  578. #        debug   128 # debug redirects
  579. #        debug   256 # debug GIF de-animation
  580. #        debug   512 # Common Log Format
  581. #        debug  1024 # Log the destination for requests Privoxy didn't let through, and the reason why.
  582. #        debug  2048 # CGI user interface
  583. #        debug  4096 # Startup banner and warnings.
  584. #        debug  8192 # Non-fatal errors
  585. #        debug 32768 # log all data read from the network
  586. #        debug 65536 # Log the applying actions
  587. #
  588. #      To select multiple debug levels, you can either add them or
  589. #      use multiple debug lines.
  590. #
  591. #      A debug level of 1 is informative because it will show you
  592. #      each request as it happens. 1, 1024, 4096 and 8192 are
  593. #      recommended so that you will notice when things go wrong. The
  594. #      other levels are probably only of interest if you are hunting
  595. #      down a specific problem. They can produce a hell of an output
  596. #      (especially 16).
  597. #
  598. #      If you are used to the more verbose settings, simply enable
  599. #      the debug lines below again.
  600. #
  601. #      If you want to use pure CLF (Common Log Format), you should
  602. #      set "debug 512" ONLY and not enable anything else.
  603. #
  604. #      Privoxy has a hard-coded limit for the length of log messages.
  605. #      If it's reached, messages are logged truncated and marked with
  606. #      "... [too long, truncated]".
  607. #
  608. #      Please don't file any support requests without trying to
  609. #      reproduce the problem with increased debug level first. Once
  610. #      you read the log messages, you may even be able to solve the
  611. #      problem on your own.
  612. #
  613. #debug     1 # Log the destination for each request Privoxy let through. See also debug 1024.
  614. #debug  1024 # Actions that are applied to all sites and maybe overruled later on.
  615. #debug  4096 # Startup banner and warnings
  616. #debug  8192 # Non-fatal errors
  617. #
  618. #  3.2. single-threaded
  619. #  =====================
  620. #
  621. #  Specifies:
  622. #
  623. #      Whether to run only one server thread.
  624. #
  625. #  Type of value:
  626. #
  627. #      1 or 0
  628. #
  629. #  Default value:
  630. #
  631. #      0
  632. #
  633. #  Effect if unset:
  634. #
  635. #      Multi-threaded (or, where unavailable: forked) operation, i.e.
  636. #      the ability to serve multiple requests simultaneously.
  637. #
  638. #  Notes:
  639. #
  640. #      This option is only there for debugging purposes. It will
  641. #      drastically reduce performance.
  642. #
  643. #single-threaded 1
  644. #
  645. #  3.3. hostname
  646. #  ==============
  647. #
  648. #  Specifies:
  649. #
  650. #      The hostname shown on the CGI pages.
  651. #
  652. #  Type of value:
  653. #
  654. #      Text
  655. #
  656. #  Default value:
  657. #
  658. #      Unset
  659. #
  660. #  Effect if unset:
  661. #
  662. #      The hostname provided by the operating system is used.
  663. #
  664. #  Notes:
  665. #
  666. #      On some misconfigured systems resolving the hostname fails or
  667. #      takes too much time and slows Privoxy down. Setting a fixed
  668. #      hostname works around the problem.
  669. #
  670. #      In other circumstances it might be desirable to show a
  671. #      hostname other than the one returned by the operating system.
  672. #      For example if the system has several different hostnames and
  673. #      you don't want to use the first one.
  674. #
  675. #      Note that Privoxy does not validate the specified hostname
  676. #      value.
  677. #
  678. #hostname hostname.example.org
  679. #
  680. #  4. ACCESS CONTROL AND SECURITY
  681. #  ===============================
  682. #
  683. #  This section of the config file controls the security-relevant
  684. #  aspects of Privoxy's configuration.
  685. #
  686. #
  687. #  4.1. listen-address
  688. #  ====================
  689. #
  690. #  Specifies:
  691. #
  692. #      The address and TCP port on which Privoxy will listen for
  693. #      client requests.
  694. #
  695. #  Type of value:
  696. #
  697. #      [IP-Address]:Port
  698. #
  699. #      [Hostname]:Port
  700. #
  701. #  Default value:
  702. #
  703. #      127.0.0.1:8118
  704. #
  705. #  Effect if unset:
  706. #
  707. #      Bind to 127.0.0.1 (IPv4 localhost), port 8118. This is
  708. #      suitable and recommended for home users who run Privoxy on the
  709. #      same machine as their browser.
  710. #
  711. #  Notes:
  712. #
  713. #      You will need to configure your browser(s) to this proxy
  714. #      address and port.
  715. #
  716. #      If you already have another service running on port 8118, or
  717. #      if you want to serve requests from other machines (e.g. on
  718. #      your local network) as well, you will need to override the
  719. #      default.
  720. #
  721. #      You can use this statement multiple times to make Privoxy
  722. #      listen on more ports or more IP addresses. Suitable if your
  723. #      operating system does not support sharing IPv6 and IPv4
  724. #      protocols on the same socket.
  725. #
  726. #      If a hostname is used instead of an IP address, Privoxy will
  727. #      try to resolve it to an IP address and if there are multiple,
  728. #      use the first one returned.
  729. #
  730. #      If the address for the hostname isn't already known on the
  731. #      system (for example because it's in /etc/hostname), this may
  732. #      result in DNS traffic.
  733. #
  734. #      If the specified address isn't available on the system, or if
  735. #      the hostname can't be resolved, Privoxy will fail to start.
  736. #
  737. #      IPv6 addresses containing colons have to be quoted by
  738. #      brackets. They can only be used if Privoxy has been compiled
  739. #      with IPv6 support. If you aren't sure if your version supports
  740. #      it, have a look at http://config.privoxy.org/show-status.
  741. #
  742. #      Some operating systems will prefer IPv6 to IPv4 addresses even
  743. #      if the system has no IPv6 connectivity which is usually not
  744. #      expected by the user. Some even rely on DNS to resolve
  745. #      localhost which mean the "localhost" address used may not
  746. #      actually be local.
  747. #
  748. #      It is therefore recommended to explicitly configure the
  749. #      intended IP address instead of relying on the operating
  750. #      system, unless there's a strong reason not to.
  751. #
  752. #      If you leave out the address, Privoxy will bind to all IPv4
  753. #      interfaces (addresses) on your machine and may become
  754. #      reachable from the Internet and/or the local network. Be aware
  755. #      that some GNU/Linux distributions modify that behaviour
  756. #      without updating the documentation. Check for non-standard
  757. #      patches if your Privoxy version behaves differently.
  758. #
  759. #      If you configure Privoxy to be reachable from the network,
  760. #      consider using access control lists (ACL's, see below), and/or
  761. #      a firewall.
  762. #
  763. #      If you open Privoxy to untrusted users, you will also want to
  764. #      make sure that the following actions are disabled:
  765. #      enable-edit-actions and enable-remote-toggle
  766. #
  767. #  Example:
  768. #
  769. #      Suppose you are running Privoxy on a machine which has the
  770. #      address 192.168.0.1 on your local private network
  771. #      (192.168.0.0) and has another outside connection with a
  772. #      different address. You want it to serve requests from inside
  773. #      only:
  774. #
  775. #        listen-address  192.168.0.1:8118
  776. #
  777. #      Suppose you are running Privoxy on an IPv6-capable machine and
  778. #      you want it to listen on the IPv6 address of the loopback
  779. #      device:
  780. #
  781. #        listen-address [::1]:8118
  782. #
  783. listen-address  127.0.0.1:8118
  784. listen-address  [::1]:8118
  785. #
  786. #  4.2. toggle
  787. #  ============
  788. #
  789. #  Specifies:
  790. #
  791. #      Initial state of "toggle" status
  792. #
  793. #  Type of value:
  794. #
  795. #      1 or 0
  796. #
  797. #  Default value:
  798. #
  799. #      1
  800. #
  801. #  Effect if unset:
  802. #
  803. #      Act as if toggled on
  804. #
  805. #  Notes:
  806. #
  807. #      If set to 0, Privoxy will start in "toggled off" mode, i.e.
  808. #      mostly behave like a normal, content-neutral proxy with both
  809. #      ad blocking and content filtering disabled. See
  810. #      enable-remote-toggle below.
  811. #
  812. toggle  1
  813. #
  814. #  4.3. enable-remote-toggle
  815. #  ==========================
  816. #
  817. #  Specifies:
  818. #
  819. #      Whether or not the web-based toggle feature may be used
  820. #
  821. #  Type of value:
  822. #
  823. #      0 or 1
  824. #
  825. #  Default value:
  826. #
  827. #      0
  828. #
  829. #  Effect if unset:
  830. #
  831. #      The web-based toggle feature is disabled.
  832. #
  833. #  Notes:
  834. #
  835. #      When toggled off, Privoxy mostly acts like a normal,
  836. #      content-neutral proxy, i.e. doesn't block ads or filter
  837. #      content.
  838. #
  839. #      Access to the toggle feature can not be controlled separately
  840. #      by "ACLs" or HTTP authentication, so that everybody who can
  841. #      access Privoxy (see "ACLs" and listen-address above) can
  842. #      toggle it for all users. So this option is not recommended for
  843. #      multi-user environments with untrusted users.
  844. #
  845. #      Note that malicious client side code (e.g Java) is also
  846. #      capable of using this option.
  847. #
  848. #      As a lot of Privoxy users don't read documentation, this
  849. #      feature is disabled by default.
  850. #
  851. #      Note that you must have compiled Privoxy with support for this
  852. #      feature, otherwise this option has no effect.
  853. #
  854. enable-remote-toggle  0
  855. #
  856. #  4.4. enable-remote-http-toggle
  857. #  ===============================
  858. #
  859. #  Specifies:
  860. #
  861. #      Whether or not Privoxy recognizes special HTTP headers to
  862. #      change its behaviour.
  863. #
  864. #  Type of value:
  865. #
  866. #      0 or 1
  867. #
  868. #  Default value:
  869. #
  870. #      0
  871. #
  872. #  Effect if unset:
  873. #
  874. #      Privoxy ignores special HTTP headers.
  875. #
  876. #  Notes:
  877. #
  878. #      When toggled on, the client can change Privoxy's behaviour by
  879. #      setting special HTTP headers. Currently the only supported
  880. #      special header is "X-Filter: No", to disable filtering for the
  881. #      ongoing request, even if it is enabled in one of the action
  882. #      files.
  883. #
  884. #      This feature is disabled by default. If you are using Privoxy
  885. #      in a environment with trusted clients, you may enable this
  886. #      feature at your discretion. Note that malicious client side
  887. #      code (e.g Java) is also capable of using this feature.
  888. #
  889. #      This option will be removed in future releases as it has been
  890. #      obsoleted by the more general header taggers.
  891. #
  892. enable-remote-http-toggle  0
  893. #
  894. #  4.5. enable-edit-actions
  895. #  =========================
  896. #
  897. #  Specifies:
  898. #
  899. #      Whether or not the web-based actions file editor may be used
  900. #
  901. #  Type of value:
  902. #
  903. #      0 or 1
  904. #
  905. #  Default value:
  906. #
  907. #      0
  908. #
  909. #  Effect if unset:
  910. #
  911. #      The web-based actions file editor is disabled.
  912. #
  913. #  Notes:
  914. #
  915. #      Access to the editor can not be controlled separately by
  916. #      "ACLs" or HTTP authentication, so that everybody who can
  917. #      access Privoxy (see "ACLs" and listen-address above) can
  918. #      modify its configuration for all users.
  919. #
  920. #      This option is not recommended for environments with untrusted
  921. #      users and as a lot of Privoxy users don't read documentation,
  922. #      this feature is disabled by default.
  923. #
  924. #      Note that malicious client side code (e.g Java) is also
  925. #      capable of using the actions editor and you shouldn't enable
  926. #      this options unless you understand the consequences and are
  927. #      sure your browser is configured correctly.
  928. #
  929. #      Note that you must have compiled Privoxy with support for this
  930. #      feature, otherwise this option has no effect.
  931. #
  932. enable-edit-actions 0
  933. #
  934. #  4.6. enforce-blocks
  935. #  ====================
  936. #
  937. #  Specifies:
  938. #
  939. #      Whether the user is allowed to ignore blocks and can "go there
  940. #      anyway".
  941. #
  942. #  Type of value:
  943. #
  944. #      0 or 1
  945. #
  946. #  Default value:
  947. #
  948. #      0
  949. #
  950. #  Effect if unset:
  951. #
  952. #      Blocks are not enforced.
  953. #
  954. #  Notes:
  955. #
  956. #      Privoxy is mainly used to block and filter requests as a
  957. #      service to the user, for example to block ads and other junk
  958. #      that clogs the pipes. Privoxy's configuration isn't perfect
  959. #      and sometimes innocent pages are blocked. In this situation it
  960. #      makes sense to allow the user to enforce the request and have
  961. #      Privoxy ignore the block.
  962. #
  963. #      In the default configuration Privoxy's "Blocked" page contains
  964. #      a "go there anyway" link to adds a special string (the force
  965. #      prefix) to the request URL. If that link is used, Privoxy will
  966. #      detect the force prefix, remove it again and let the request
  967. #      pass.
  968. #
  969. #      Of course Privoxy can also be used to enforce a network
  970. #      policy. In that case the user obviously should not be able to
  971. #      bypass any blocks, and that's what the "enforce-blocks" option
  972. #      is for. If it's enabled, Privoxy hides the "go there anyway"
  973. #      link. If the user adds the force prefix by hand, it will not
  974. #      be accepted and the circumvention attempt is logged.
  975. #
  976. #  Examples:
  977. #
  978. #      enforce-blocks 1
  979. #
  980. enforce-blocks 0
  981. #
  982. #  4.7. ACLs: permit-access and deny-access
  983. #  =========================================
  984. #
  985. #  Specifies:
  986. #
  987. #      Who can access what.
  988. #
  989. #  Type of value:
  990. #
  991. #      src_addr[:port][/src_masklen] [dst_addr[:port][/dst_masklen]]
  992. #
  993. #      Where src_addr and dst_addr are IPv4 addresses in dotted
  994. #      decimal notation or valid DNS names, port is a port number,
  995. #      and src_masklen and dst_masklen are subnet masks in CIDR
  996. #      notation, i.e. integer values from 2 to 30 representing the
  997. #      length (in bits) of the network address. The masks and the
  998. #      whole destination part are optional.
  999. #
  1000. #      If your system implements RFC 3493, then src_addr and dst_addr
  1001. #      can be IPv6 addresses delimeted by brackets, port can be a
  1002. #      number or a service name, and src_masklen and dst_masklen can
  1003. #      be a number from 0 to 128.
  1004. #
  1005. #  Default value:
  1006. #
  1007. #      Unset
  1008. #
  1009. #      If no port is specified, any port will match. If no
  1010. #      src_masklen or src_masklen is given, the complete IP address
  1011. #      has to match (i.e. 32 bits for IPv4 and 128 bits for IPv6).
  1012. #
  1013. #  Effect if unset:
  1014. #
  1015. #      Don't restrict access further than implied by listen-address
  1016. #
  1017. #  Notes:
  1018. #
  1019. #      Access controls are included at the request of ISPs and
  1020. #      systems administrators, and are not usually needed by
  1021. #      individual users. For a typical home user, it will normally
  1022. #      suffice to ensure that Privoxy only listens on the localhost
  1023. #      (127.0.0.1) or internal (home) network address by means of the
  1024. #      listen-address option.
  1025. #
  1026. #      Please see the warnings in the FAQ that Privoxy is not
  1027. #      intended to be a substitute for a firewall or to encourage
  1028. #      anyone to defer addressing basic security weaknesses.
  1029. #
  1030. #      Multiple ACL lines are OK. If any ACLs are specified, Privoxy
  1031. #      only talks to IP addresses that match at least one
  1032. #      permit-access line and don't match any subsequent deny-access
  1033. #      line. In other words, the last match wins, with the default
  1034. #      being deny-access.
  1035. #
  1036. #      If Privoxy is using a forwarder (see forward below) for a
  1037. #      particular destination URL, the dst_addr that is examined is
  1038. #      the address of the forwarder and NOT the address of the
  1039. #      ultimate target. This is necessary because it may be
  1040. #      impossible for the local Privoxy to determine the IP address
  1041. #      of the ultimate target (that's often what gateways are used
  1042. #      for).
  1043. #
  1044. #      You should prefer using IP addresses over DNS names, because
  1045. #      the address lookups take time. All DNS names must resolve! You
  1046. #      can not use domain patterns like "*.org" or partial domain
  1047. #      names. If a DNS name resolves to multiple IP addresses, only
  1048. #      the first one is used.
  1049. #
  1050. #      Some systems allow IPv4 clients to connect to IPv6 server
  1051. #      sockets. Then the client's IPv4 address will be translated by
  1052. #      the system into IPv6 address space with special prefix
  1053. #      ::ffff:0:0/96 (so called IPv4 mapped IPv6 address). Privoxy
  1054. #      can handle it and maps such ACL addresses automatically.
  1055. #
  1056. #      Denying access to particular sites by ACL may have undesired
  1057. #      side effects if the site in question is hosted on a machine
  1058. #      which also hosts other sites (most sites are).
  1059. #
  1060. #  Examples:
  1061. #
  1062. #      Explicitly define the default behavior if no ACL and
  1063. #      listen-address are set: "localhost" is OK. The absence of a
  1064. #      dst_addr implies that all destination addresses are OK:
  1065. #
  1066. #        permit-access  localhost
  1067. #
  1068. #      Allow any host on the same class C subnet as www.privoxy.org
  1069. #      access to nothing but www.example.com (or other domains hosted
  1070. #      on the same system):
  1071. #
  1072. #        permit-access  www.privoxy.org/24 www.example.com/32
  1073. #
  1074. #      Allow access from any host on the 26-bit subnet 192.168.45.64
  1075. #      to anywhere, with the exception that 192.168.45.73 may not
  1076. #      access the IP address behind www.dirty-stuff.example.com:
  1077. #
  1078. #        permit-access  192.168.45.64/26
  1079. #        deny-access    192.168.45.73    www.dirty-stuff.example.com
  1080. #
  1081. #      Allow access from the IPv4 network 192.0.2.0/24 even if
  1082. #      listening on an IPv6 wild card address (not supported on all
  1083. #      platforms):
  1084. #
  1085. #        permit-access  192.0.2.0/24
  1086. #
  1087. #      This is equivalent to the following line even if listening on
  1088. #      an IPv4 address (not supported on all platforms):
  1089. #
  1090. #        permit-access  [::ffff:192.0.2.0]/120
  1091. #
  1092. #
  1093. #  4.8. buffer-limit
  1094. #  ==================
  1095. #
  1096. #  Specifies:
  1097. #
  1098. #      Maximum size of the buffer for content filtering.
  1099. #
  1100. #  Type of value:
  1101. #
  1102. #      Size in Kbytes
  1103. #
  1104. #  Default value:
  1105. #
  1106. #      4096
  1107. #
  1108. #  Effect if unset:
  1109. #
  1110. #      Use a 4MB (4096 KB) limit.
  1111. #
  1112. #  Notes:
  1113. #
  1114. #      For content filtering, i.e. the +filter and +deanimate-gif
  1115. #      actions, it is necessary that Privoxy buffers the entire
  1116. #      document body. This can be potentially dangerous, since a
  1117. #      server could just keep sending data indefinitely and wait for
  1118. #      your RAM to exhaust -- with nasty consequences. Hence this
  1119. #      option.
  1120. #
  1121. #      When a document buffer size reaches the buffer-limit, it is
  1122. #      flushed to the client unfiltered and no further attempt to
  1123. #      filter the rest of the document is made. Remember that there
  1124. #      may be multiple threads running, which might require up to
  1125. #      buffer-limit Kbytes each, unless you have enabled
  1126. #      "single-threaded" above.
  1127. #
  1128. buffer-limit 4096
  1129. #
  1130. #  4.9. enable-proxy-authentication-forwarding
  1131. #  ============================================
  1132. #
  1133. #  Specifies:
  1134. #
  1135. #      Whether or not proxy authentication through Privoxy should
  1136. #      work.
  1137. #
  1138. #  Type of value:
  1139. #
  1140. #      0 or 1
  1141. #
  1142. #  Default value:
  1143. #
  1144. #      0
  1145. #
  1146. #  Effect if unset:
  1147. #
  1148. #      Proxy authentication headers are removed.
  1149. #
  1150. #  Notes:
  1151. #
  1152. #      Privoxy itself does not support proxy authentication, but can
  1153. #      allow clients to authenticate against Privoxy's parent proxy.
  1154. #
  1155. #      By default Privoxy (3.0.21 and later) don't do that and remove
  1156. #      Proxy-Authorization headers in requests and Proxy-Authenticate
  1157. #      headers in responses to make it harder for malicious sites to
  1158. #      trick inexperienced users into providing login information.
  1159. #
  1160. #      If this option is enabled the headers are forwarded.
  1161. #
  1162. #      Enabling this option is not recommended if there is no parent
  1163. #      proxy that requires authentication or if the local network
  1164. #      between Privoxy and the parent proxy isn't trustworthy. If
  1165. #      proxy authentication is only required for some requests, it is
  1166. #      recommended to use a client header filter to remove the
  1167. #      authentication headers for requests where they aren't needed.
  1168. #
  1169. enable-proxy-authentication-forwarding 0
  1170. #
  1171. #  5. FORWARDING
  1172. #  ==============
  1173. #
  1174. #  This feature allows routing of HTTP requests through a chain of
  1175. #  multiple proxies.
  1176. #
  1177. #  Forwarding can be used to chain Privoxy with a caching proxy to
  1178. #  speed up browsing. Using a parent proxy may also be necessary if
  1179. #  the machine that Privoxy runs on has no direct Internet access.
  1180. #
  1181. #  Note that parent proxies can severely decrease your privacy level.
  1182. #  For example a parent proxy could add your IP address to the
  1183. #  request headers and if it's a caching proxy it may add the "Etag"
  1184. #  header to revalidation requests again, even though you configured
  1185. #  Privoxy to remove it. It may also ignore Privoxy's header time
  1186. #  randomization and use the original values which could be used by
  1187. #  the server as cookie replacement to track your steps between
  1188. #  visits.
  1189. #
  1190. #  Also specified here are SOCKS proxies. Privoxy supports the SOCKS
  1191. #  4 and SOCKS 4A protocols.
  1192. #
  1193. #
  1194. #  5.1. forward
  1195. #  =============
  1196. #
  1197. #  Specifies:
  1198. #
  1199. #      To which parent HTTP proxy specific requests should be routed.
  1200. #
  1201. #  Type of value:
  1202. #
  1203. #      target_pattern http_parent[:port]
  1204. #
  1205. #      where target_pattern is a URL pattern that specifies to which
  1206. #      requests (i.e. URLs) this forward rule shall apply. Use / to
  1207. #      denote "all URLs". http_parent[:port] is the DNS name or IP
  1208. #      address of the parent HTTP proxy through which the requests
  1209. #      should be forwarded, optionally followed by its listening port
  1210. #      (default: 8000). Use a single dot (.) to denote "no
  1211. #      forwarding".
  1212. #
  1213. #  Default value:
  1214. #
  1215. #      Unset
  1216. #
  1217. #  Effect if unset:
  1218. #
  1219. #      Don't use parent HTTP proxies.
  1220. #
  1221. #  Notes:
  1222. #
  1223. #      If http_parent is ".", then requests are not forwarded to
  1224. #      another HTTP proxy but are made directly to the web servers.
  1225. #
  1226. #      http_parent can be a numerical IPv6 address (if RFC 3493 is
  1227. #      implemented). To prevent clashes with the port delimiter, the
  1228. #      whole IP address has to be put into brackets. On the other
  1229. #      hand a target_pattern containing an IPv6 address has to be put
  1230. #      into angle brackets (normal brackets are reserved for regular
  1231. #      expressions already).
  1232. #
  1233. #      Multiple lines are OK, they are checked in sequence, and the
  1234. #      last match wins.
  1235. #
  1236. #  Examples:
  1237. #
  1238. #      Everything goes to an example parent proxy, except SSL on port
  1239. #      443 (which it doesn't handle):
  1240. #
  1241. #        forward   /      parent-proxy.example.org:8080
  1242. #        forward   :443   .
  1243. #
  1244. #      Everything goes to our example ISP's caching proxy, except for
  1245. #      requests to that ISP's sites:
  1246. #
  1247. #        forward   /                  caching-proxy.isp.example.net:8000
  1248. #        forward   .isp.example.net   .
  1249. #
  1250. #      Parent proxy specified by an IPv6 address:
  1251. #
  1252. #        forward   /                   [2001:DB8::1]:8000
  1253. #
  1254. #      Suppose your parent proxy doesn't support IPv6:
  1255. #
  1256. #        forward  /                        parent-proxy.example.org:8000
  1257. #        forward  ipv6-server.example.org  .
  1258. #        forward  <[2-3][0-9a-f][0-9a-f][0-9a-f]:*>   .
  1259. #
  1260. #
  1261. #  5.2. forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
  1262. #  =========================================================================
  1263. #
  1264. #  Specifies:
  1265. #
  1266. #      Through which SOCKS proxy (and optionally to which parent HTTP
  1267. #      proxy) specific requests should be routed.
  1268. #
  1269. #  Type of value:
  1270. #
  1271. #      target_pattern socks_proxy[:port] http_parent[:port]
  1272. #
  1273. #      where target_pattern is a URL pattern that specifies to which
  1274. #      requests (i.e. URLs) this forward rule shall apply. Use / to
  1275. #      denote "all URLs". http_parent and socks_proxy are IP
  1276. #      addresses in dotted decimal notation or valid DNS names (
  1277. #      http_parent may be "." to denote "no HTTP forwarding"), and
  1278. #      the optional port parameters are TCP ports, i.e. integer
  1279. #      values from 1 to 65535
  1280. #
  1281. #  Default value:
  1282. #
  1283. #      Unset
  1284. #
  1285. #  Effect if unset:
  1286. #
  1287. #      Don't use SOCKS proxies.
  1288. #
  1289. #  Notes:
  1290. #
  1291. #      Multiple lines are OK, they are checked in sequence, and the
  1292. #      last match wins.
  1293. #
  1294. #      The difference between forward-socks4 and forward-socks4a is
  1295. #      that in the SOCKS 4A protocol, the DNS resolution of the
  1296. #      target hostname happens on the SOCKS server, while in SOCKS 4
  1297. #      it happens locally.
  1298. #
  1299. #      With forward-socks5 the DNS resolution will happen on the
  1300. #      remote server as well.
  1301. #
  1302. #      forward-socks5t works like vanilla forward-socks5 but lets
  1303. #      Privoxy additionally use Tor-specific SOCKS extensions.
  1304. #      Currently the only supported SOCKS extension is optimistic
  1305. #      data which can reduce the latency for the first request made
  1306. #      on a newly created connection.
  1307. #
  1308. #      socks_proxy and http_parent can be a numerical IPv6 address
  1309. #      (if RFC 3493 is implemented). To prevent clashes with the port
  1310. #      delimiter, the whole IP address has to be put into brackets.
  1311. #      On the other hand a target_pattern containing an IPv6 address
  1312. #      has to be put into angle brackets (normal brackets are
  1313. #      reserved for regular expressions already).
  1314. #
  1315. #      If http_parent is ".", then requests are not forwarded to
  1316. #      another HTTP proxy but are made (HTTP-wise) directly to the
  1317. #      web servers, albeit through a SOCKS proxy.
  1318. #
  1319. #  Examples:
  1320. #
  1321. #      From the company example.com, direct connections are made to
  1322. #      all "internal" domains, but everything outbound goes through
  1323. #      their ISP's proxy by way of example.com's corporate SOCKS 4A
  1324. #      gateway to the Internet.
  1325. #
  1326. #        forward-socks4a   /              socks-gw.example.com:1080  www-cache.isp.example.net:8080
  1327. #        forward           .example.com   .
  1328. #
  1329. #      A rule that uses a SOCKS 4 gateway for all destinations but no
  1330. #      HTTP parent looks like this:
  1331. #
  1332. #        forward-socks4   /               socks-gw.example.com:1080  .
  1333. #
  1334. #      To chain Privoxy and Tor, both running on the same system, you
  1335. #      would use something like:
  1336. #
  1337. #        forward-socks5t   /               127.0.0.1:9050 .
  1338. #
  1339. #      Note that if you got Tor through one of the bundles, you may
  1340. #      have to change the port from 9050 to 9150 (or even another
  1341. #      one). For details, please check the documentation on the Tor
  1342. #      website.
  1343. #
  1344. #      The public Tor network can't be used to reach your local
  1345. #      network, if you need to access local servers you therefore
  1346. #      might want to make some exceptions:
  1347. #
  1348. #        forward         192.168.*.*/     .
  1349. #        forward            10.*.*.*/     .
  1350. #        forward           127.*.*.*/     .
  1351. #
  1352. #      Unencrypted connections to systems in these address ranges
  1353. #      will be as (un)secure as the local network is, but the
  1354. #      alternative is that you can't reach the local network through
  1355. #      Privoxy at all. Of course this may actually be desired and
  1356. #      there is no reason to make these exceptions if you aren't sure
  1357. #      you need them.
  1358. #
  1359. #      If you also want to be able to reach servers in your local
  1360. #      network by using their names, you will need additional
  1361. #      exceptions that look like this:
  1362. #
  1363. #       forward           localhost/     .
  1364. #
  1365. #
  1366. #  5.3. forwarded-connect-retries
  1367. #  ===============================
  1368. #
  1369. #  Specifies:
  1370. #
  1371. #      How often Privoxy retries if a forwarded connection request
  1372. #      fails.
  1373. #
  1374. #  Type of value:
  1375. #
  1376. #      Number of retries.
  1377. #
  1378. #  Default value:
  1379. #
  1380. #      0
  1381. #
  1382. #  Effect if unset:
  1383. #
  1384. #      Connections forwarded through other proxies are treated like
  1385. #      direct connections and no retry attempts are made.
  1386. #
  1387. #  Notes:
  1388. #
  1389. #      forwarded-connect-retries is mainly interesting for socks4a
  1390. #      connections, where Privoxy can't detect why the connections
  1391. #      failed. The connection might have failed because of a DNS
  1392. #      timeout in which case a retry makes sense, but it might also
  1393. #      have failed because the server doesn't exist or isn't
  1394. #      reachable. In this case the retry will just delay the
  1395. #      appearance of Privoxy's error message.
  1396. #
  1397. #      Note that in the context of this option, "forwarded
  1398. #      connections" includes all connections that Privoxy forwards
  1399. #      through other proxies. This option is not limited to the HTTP
  1400. #      CONNECT method.
  1401. #
  1402. #      Only use this option, if you are getting lots of
  1403. #      forwarding-related error messages that go away when you try
  1404. #      again manually. Start with a small value and check Privoxy's
  1405. #      logfile from time to time, to see how many retries are usually
  1406. #      needed.
  1407. #
  1408. #  Examples:
  1409. #
  1410. #      forwarded-connect-retries 1
  1411. #
  1412. forwarded-connect-retries  0
  1413. #
  1414. #  6. MISCELLANEOUS
  1415. #  =================
  1416. #
  1417. #  6.1. accept-intercepted-requests
  1418. #  =================================
  1419. #
  1420. #  Specifies:
  1421. #
  1422. #      Whether intercepted requests should be treated as valid.
  1423. #
  1424. #  Type of value:
  1425. #
  1426. #      0 or 1
  1427. #
  1428. #  Default value:
  1429. #
  1430. #      0
  1431. #
  1432. #  Effect if unset:
  1433. #
  1434. #      Only proxy requests are accepted, intercepted requests are
  1435. #      treated as invalid.
  1436. #
  1437. #  Notes:
  1438. #
  1439. #      If you don't trust your clients and want to force them to use
  1440. #      Privoxy, enable this option and configure your packet filter
  1441. #      to redirect outgoing HTTP connections into Privoxy.
  1442. #
  1443. #      Note that intercepting encrypted connections (HTTPS) isn't
  1444. #      supported.
  1445. #
  1446. #      Make sure that Privoxy's own requests aren't redirected as
  1447. #      well. Additionally take care that Privoxy can't intentionally
  1448. #      connect to itself, otherwise you could run into redirection
  1449. #      loops if Privoxy's listening port is reachable by the outside
  1450. #      or an attacker has access to the pages you visit.
  1451. #
  1452. #      If you are running Privoxy as intercepting proxy without being
  1453. #      able to intercept all client requests you may want to adjust
  1454. #      the CGI templates to make sure they don't reference content
  1455. #      from config.privoxy.org.
  1456. #
  1457. #  Examples:
  1458. #
  1459. #      accept-intercepted-requests 1
  1460. #
  1461. accept-intercepted-requests 0
  1462. #
  1463. #  6.2. allow-cgi-request-crunching
  1464. #  =================================
  1465. #
  1466. #  Specifies:
  1467. #
  1468. #      Whether requests to Privoxy's CGI pages can be blocked or
  1469. #      redirected.
  1470. #
  1471. #  Type of value:
  1472. #
  1473. #      0 or 1
  1474. #
  1475. #  Default value:
  1476. #
  1477. #      0
  1478. #
  1479. #  Effect if unset:
  1480. #
  1481. #      Privoxy ignores block and redirect actions for its CGI pages.
  1482. #
  1483. #  Notes:
  1484. #
  1485. #      By default Privoxy ignores block or redirect actions for its
  1486. #      CGI pages. Intercepting these requests can be useful in
  1487. #      multi-user setups to implement fine-grained access control,
  1488. #      but it can also render the complete web interface useless and
  1489. #      make debugging problems painful if done without care.
  1490. #
  1491. #      Don't enable this option unless you're sure that you really
  1492. #      need it.
  1493. #
  1494. #  Examples:
  1495. #
  1496. #      allow-cgi-request-crunching 1
  1497. #
  1498. allow-cgi-request-crunching 0
  1499. #
  1500. #  6.3. split-large-forms
  1501. #  =======================
  1502. #
  1503. #  Specifies:
  1504. #
  1505. #      Whether the CGI interface should stay compatible with broken
  1506. #      HTTP clients.
  1507. #
  1508. #  Type of value:
  1509. #
  1510. #      0 or 1
  1511. #
  1512. #  Default value:
  1513. #
  1514. #      0
  1515. #
  1516. #  Effect if unset:
  1517. #
  1518. #      The CGI form generate long GET URLs.
  1519. #
  1520. #  Notes:
  1521. #
  1522. #      Privoxy's CGI forms can lead to rather long URLs. This isn't a
  1523. #      problem as far as the HTTP standard is concerned, but it can
  1524. #      confuse clients with arbitrary URL length limitations.
  1525. #
  1526. #      Enabling split-large-forms causes Privoxy to divide big forms
  1527. #      into smaller ones to keep the URL length down. It makes
  1528. #      editing a lot less convenient and you can no longer submit all
  1529. #      changes at once, but at least it works around this browser
  1530. #      bug.
  1531. #
  1532. #      If you don't notice any editing problems, there is no reason
  1533. #      to enable this option, but if one of the submit buttons
  1534. #      appears to be broken, you should give it a try.
  1535. #
  1536. #  Examples:
  1537. #
  1538. #      split-large-forms 1
  1539. #
  1540. split-large-forms 0
  1541. #
  1542. #  6.4. keep-alive-timeout
  1543. #  ========================
  1544. #
  1545. #  Specifies:
  1546. #
  1547. #      Number of seconds after which an open connection will no
  1548. #      longer be reused.
  1549. #
  1550. #  Type of value:
  1551. #
  1552. #      Time in seconds.
  1553. #
  1554. #  Default value:
  1555. #
  1556. #      None
  1557. #
  1558. #  Effect if unset:
  1559. #
  1560. #      Connections are not kept alive.
  1561. #
  1562. #  Notes:
  1563. #
  1564. #      This option allows clients to keep the connection to Privoxy
  1565. #      alive. If the server supports it, Privoxy will keep the
  1566. #      connection to the server alive as well. Under certain
  1567. #      circumstances this may result in speed-ups.
  1568. #
  1569. #      By default, Privoxy will close the connection to the server if
  1570. #      the client connection gets closed, or if the specified timeout
  1571. #      has been reached without a new request coming in. This
  1572. #      behaviour can be changed with the connection-sharing option.
  1573. #
  1574. #      This option has no effect if Privoxy has been compiled without
  1575. #      keep-alive support.
  1576. #
  1577. #      Note that a timeout of five seconds as used in the default
  1578. #      configuration file significantly decreases the number of
  1579. #      connections that will be reused. The value is used because
  1580. #      some browsers limit the number of connections they open to a
  1581. #      single host and apply the same limit to proxies. This can
  1582. #      result in a single website "grabbing" all the connections the
  1583. #      browser allows, which means connections to other websites
  1584. #      can't be opened until the connections currently in use time
  1585. #      out.
  1586. #
  1587. #      Several users have reported this as a Privoxy bug, so the
  1588. #      default value has been reduced. Consider increasing it to 300
  1589. #      seconds or even more if you think your browser can handle it.
  1590. #      If your browser appears to be hanging, it probably can't.
  1591. #
  1592. #  Examples:
  1593. #
  1594. #      keep-alive-timeout 300
  1595. #
  1596. keep-alive-timeout 5
  1597. #
  1598. #  6.5. tolerate-pipelining
  1599. #  =========================
  1600. #
  1601. #  Specifies:
  1602. #
  1603. #      Whether or not pipelined requests should be served.
  1604. #
  1605. #  Type of value:
  1606. #
  1607. #      0 or 1.
  1608. #
  1609. #  Default value:
  1610. #
  1611. #      None
  1612. #
  1613. #  Effect if unset:
  1614. #
  1615. #      If Privoxy receives more than one request at once, it
  1616. #      terminates the client connection after serving the first one.
  1617. #
  1618. #  Notes:
  1619. #
  1620. #      Privoxy currently doesn't pipeline outgoing requests, thus
  1621. #      allowing pipelining on the client connection is not guaranteed
  1622. #      to improve the performance.
  1623. #
  1624. #      By default Privoxy tries to discourage clients from pipelining
  1625. #      by discarding aggressively pipelined requests, which forces
  1626. #      the client to resend them through a new connection.
  1627. #
  1628. #      This option lets Privoxy tolerate pipelining. Whether or not
  1629. #      that improves performance mainly depends on the client
  1630. #      configuration.
  1631. #
  1632. #      If you are seeing problems with pages not properly loading,
  1633. #      disabling this option could work around the problem.
  1634. #
  1635. #  Examples:
  1636. #
  1637. #      tolerate-pipelining 1
  1638. #
  1639. tolerate-pipelining 1
  1640. #
  1641. #  6.6. default-server-timeout
  1642. #  ============================
  1643. #
  1644. #  Specifies:
  1645. #
  1646. #      Assumed server-side keep-alive timeout if not specified by the
  1647. #      server.
  1648. #
  1649. #  Type of value:
  1650. #
  1651. #      Time in seconds.
  1652. #
  1653. #  Default value:
  1654. #
  1655. #      None
  1656. #
  1657. #  Effect if unset:
  1658. #
  1659. #      Connections for which the server didn't specify the keep-alive
  1660. #      timeout are not reused.
  1661. #
  1662. #  Notes:
  1663. #
  1664. #      Enabling this option significantly increases the number of
  1665. #      connections that are reused, provided the keep-alive-timeout
  1666. #      option is also enabled.
  1667. #
  1668. #      While it also increases the number of connections problems
  1669. #      when Privoxy tries to reuse a connection that already has been
  1670. #      closed on the server side, or is closed while Privoxy is
  1671. #      trying to reuse it, this should only be a problem if it
  1672. #      happens for the first request sent by the client. If it
  1673. #      happens for requests on reused client connections, Privoxy
  1674. #      will simply close the connection and the client is supposed to
  1675. #      retry the request without bothering the user.
  1676. #
  1677. #      Enabling this option is therefore only recommended if the
  1678. #      connection-sharing option is disabled.
  1679. #
  1680. #      It is an error to specify a value larger than the
  1681. #      keep-alive-timeout value.
  1682. #
  1683. #      This option has no effect if Privoxy has been compiled without
  1684. #      keep-alive support.
  1685. #
  1686. #  Examples:
  1687. #
  1688. #      default-server-timeout 60
  1689. #
  1690. #default-server-timeout 60
  1691. #
  1692. #  6.7. connection-sharing
  1693. #  ========================
  1694. #
  1695. #  Specifies:
  1696. #
  1697. #      Whether or not outgoing connections that have been kept alive
  1698. #      should be shared between different incoming connections.
  1699. #
  1700. #  Type of value:
  1701. #
  1702. #      0 or 1
  1703. #
  1704. #  Default value:
  1705. #
  1706. #      None
  1707. #
  1708. #  Effect if unset:
  1709. #
  1710. #      Connections are not shared.
  1711. #
  1712. #  Notes:
  1713. #
  1714. #      This option has no effect if Privoxy has been compiled without
  1715. #      keep-alive support, or if it's disabled.
  1716. #
  1717. #  Notes:
  1718. #
  1719. #      Note that reusing connections doesn't necessary cause
  1720. #      speedups. There are also a few privacy implications you should
  1721. #      be aware of.
  1722. #
  1723. #      If this option is effective, outgoing connections are shared
  1724. #      between clients (if there are more than one) and closing the
  1725. #      browser that initiated the outgoing connection does no longer
  1726. #      affect the connection between Privoxy and the server unless
  1727. #      the client's request hasn't been completed yet.
  1728. #
  1729. #      If the outgoing connection is idle, it will not be closed
  1730. #      until either Privoxy's or the server's timeout is reached.
  1731. #      While it's open, the server knows that the system running
  1732. #      Privoxy is still there.
  1733. #
  1734. #      If there are more than one client (maybe even belonging to
  1735. #      multiple users), they will be able to reuse each others
  1736. #      connections. This is potentially dangerous in case of
  1737. #      authentication schemes like NTLM where only the connection is
  1738. #      authenticated, instead of requiring authentication for each
  1739. #      request.
  1740. #
  1741. #      If there is only a single client, and if said client can keep
  1742. #      connections alive on its own, enabling this option has next to
  1743. #      no effect. If the client doesn't support connection
  1744. #      keep-alive, enabling this option may make sense as it allows
  1745. #      Privoxy to keep outgoing connections alive even if the client
  1746. #      itself doesn't support it.
  1747. #
  1748. #      You should also be aware that enabling this option increases
  1749. #      the likelihood of getting the "No server or forwarder data"
  1750. #      error message, especially if you are using a slow connection
  1751. #      to the Internet.
  1752. #
  1753. #      This option should only be used by experienced users who
  1754. #      understand the risks and can weight them against the benefits.
  1755. #
  1756. #  Examples:
  1757. #
  1758. #      connection-sharing 1
  1759. #
  1760. #connection-sharing 1
  1761. #
  1762. #  6.8. socket-timeout
  1763. #  ====================
  1764. #
  1765. #  Specifies:
  1766. #
  1767. #      Number of seconds after which a socket times out if no data is
  1768. #      received.
  1769. #
  1770. #  Type of value:
  1771. #
  1772. #      Time in seconds.
  1773. #
  1774. #  Default value:
  1775. #
  1776. #      None
  1777. #
  1778. #  Effect if unset:
  1779. #
  1780. #      A default value of 300 seconds is used.
  1781. #
  1782. #  Notes:
  1783. #
  1784. #      The default is quite high and you probably want to reduce it.
  1785. #      If you aren't using an occasionally slow proxy like Tor,
  1786. #      reducing it to a few seconds should be fine.
  1787. #
  1788. #  Examples:
  1789. #
  1790. #      socket-timeout 300
  1791. #
  1792. socket-timeout 300
  1793. #
  1794. #  6.9. max-client-connections
  1795. #  ============================
  1796. #
  1797. #  Specifies:
  1798. #
  1799. #      Maximum number of client connections that will be served.
  1800. #
  1801. #  Type of value:
  1802. #
  1803. #      Positive number.
  1804. #
  1805. #  Default value:
  1806. #
  1807. #      128
  1808. #
  1809. #  Effect if unset:
  1810. #
  1811. #      Connections are served until a resource limit is reached.
  1812. #
  1813. #  Notes:
  1814. #
  1815. #      Privoxy creates one thread (or process) for every incoming
  1816. #      client connection that isn't rejected based on the access
  1817. #      control settings.
  1818. #
  1819. #      If the system is powerful enough, Privoxy can theoretically
  1820. #      deal with several hundred (or thousand) connections at the
  1821. #      same time, but some operating systems enforce resource limits
  1822. #      by shutting down offending processes and their default limits
  1823. #      may be below the ones Privoxy would require under heavy load.
  1824. #
  1825. #      Configuring Privoxy to enforce a connection limit below the
  1826. #      thread or process limit used by the operating system makes
  1827. #      sure this doesn't happen. Simply increasing the operating
  1828. #      system's limit would work too, but if Privoxy isn't the only
  1829. #      application running on the system, you may actually want to
  1830. #      limit the resources used by Privoxy.
  1831. #
  1832. #      If Privoxy is only used by a single trusted user, limiting the
  1833. #      number of client connections is probably unnecessary. If there
  1834. #      are multiple possibly untrusted users you probably still want
  1835. #      to additionally use a packet filter to limit the maximal
  1836. #      number of incoming connections per client. Otherwise a
  1837. #      malicious user could intentionally create a high number of
  1838. #      connections to prevent other users from using Privoxy.
  1839. #
  1840. #      Obviously using this option only makes sense if you choose a
  1841. #      limit below the one enforced by the operating system.
  1842. #
  1843. #      One most POSIX-compliant systems Privoxy can't properly deal
  1844. #      with more than FD_SETSIZE file descriptors at the same time
  1845. #      and has to reject connections if the limit is reached. This
  1846. #      will likely change in a future version, but currently this
  1847. #      limit can't be increased without recompiling Privoxy with a
  1848. #      different FD_SETSIZE limit.
  1849. #
  1850. #  Examples:
  1851. #
  1852. #      max-client-connections 256
  1853. #
  1854. #max-client-connections 256
  1855. #
  1856. #  6.10. handle-as-empty-doc-returns-ok
  1857. #  =====================================
  1858. #
  1859. #  Specifies:
  1860. #
  1861. #      The status code Privoxy returns for pages blocked with
  1862. #      +handle-as-empty-document.
  1863. #
  1864. #  Type of value:
  1865. #
  1866. #      0 or 1
  1867. #
  1868. #  Default value:
  1869. #
  1870. #      0
  1871. #
  1872. #  Effect if unset:
  1873. #
  1874. #      Privoxy returns a status 403(forbidden) for all blocked pages.
  1875. #
  1876. #  Effect if set:
  1877. #
  1878. #      Privoxy returns a status 200(OK) for pages blocked with
  1879. #      +handle-as-empty-document and a status 403(Forbidden) for all
  1880. #      other blocked pages.
  1881. #
  1882. #  Notes:
  1883. #
  1884. #      This directive was added as a work-around for Firefox bug
  1885. #      492459: "Websites are no longer rendered if SSL requests for
  1886. #      JavaScripts are blocked by a proxy."
  1887. #      (https://bugzilla.mozilla.org/show_bug.cgi?id=492459), the bug
  1888. #      has been fixed for quite some time, but this directive is also
  1889. #      useful to make it harder for websites to detect whether or not
  1890. #      resources are being blocked.
  1891. #
  1892. #handle-as-empty-doc-returns-ok 1
  1893. #
  1894. #  6.11. enable-compression
  1895. #  =========================
  1896. #
  1897. #  Specifies:
  1898. #
  1899. #      Whether or not buffered content is compressed before delivery.
  1900. #
  1901. #  Type of value:
  1902. #
  1903. #      0 or 1
  1904. #
  1905. #  Default value:
  1906. #
  1907. #      0
  1908. #
  1909. #  Effect if unset:
  1910. #
  1911. #      Privoxy does not compress buffered content.
  1912. #
  1913. #  Effect if set:
  1914. #
  1915. #      Privoxy compresses buffered content before delivering it to
  1916. #      the client, provided the client supports it.
  1917. #
  1918. #  Notes:
  1919. #
  1920. #      This directive is only supported if Privoxy has been compiled
  1921. #      with FEATURE_COMPRESSION, which should not to be confused with
  1922. #      FEATURE_ZLIB.
  1923. #
  1924. #      Compressing buffered content is mainly useful if Privoxy and
  1925. #      the client are running on different systems. If they are
  1926. #      running on the same system, enabling compression is likely to
  1927. #      slow things down. If you didn't measure otherwise, you should
  1928. #      assume that it does and keep this option disabled.
  1929. #
  1930. #      Privoxy will not compress buffered content below a certain
  1931. #      length.
  1932. #
  1933. #enable-compression 1
  1934. #
  1935. #  6.12. compression-level
  1936. #  ========================
  1937. #
  1938. #  Specifies:
  1939. #
  1940. #      The compression level that is passed to the zlib library when
  1941. #      compressing buffered content.
  1942. #
  1943. #  Type of value:
  1944. #
  1945. #      Positive number ranging from 0 to 9.
  1946. #
  1947. #  Default value:
  1948. #
  1949. #      1
  1950. #
  1951. #  Notes:
  1952. #
  1953. #      Compressing the data more takes usually longer than
  1954. #      compressing it less or not compressing it at all. Which level
  1955. #      is best depends on the connection between Privoxy and the
  1956. #      client. If you can't be bothered to benchmark it for yourself,
  1957. #      you should stick with the default and keep compression
  1958. #      disabled.
  1959. #
  1960. #      If compression is disabled, the compression level is
  1961. #      irrelevant.
  1962. #
  1963. #  Examples:
  1964. #
  1965. #          # Best speed (compared to the other levels)
  1966. #          compression-level 1
  1967. #
  1968. #          # Best compression
  1969. #          compression-level 9
  1970. #
  1971. #          # No compression. Only useful for testing as the added header
  1972. #          # slightly increases the amount of data that has to be sent.
  1973. #          # If your benchmark shows that using this compression level
  1974. #          # is superior to using no compression at all, the benchmark
  1975. #          # is likely to be flawed.
  1976. #          compression-level 0
  1977. #
  1978. #
  1979. #compression-level 1
  1980. #
  1981. #  6.13. client-header-order
  1982. #  ==========================
  1983. #
  1984. #  Specifies:
  1985. #
  1986. #      The order in which client headers are sorted before forwarding
  1987. #      them.
  1988. #
  1989. #  Type of value:
  1990. #
  1991. #      Client header names delimited by spaces or tabs
  1992. #
  1993. #  Default value:
  1994. #
  1995. #      None
  1996. #
  1997. #  Notes:
  1998. #
  1999. #      By default Privoxy leaves the client headers in the order they
  2000. #      were sent by the client. Headers are modified in-place, new
  2001. #      headers are added at the end of the already existing headers.
  2002. #
  2003. #      The header order can be used to fingerprint client requests
  2004. #      independently of other headers like the User-Agent.
  2005. #
  2006. #      This directive allows to sort the headers differently to
  2007. #      better mimic a different User-Agent. Client headers will be
  2008. #      emitted in the order given, headers whose name isn't
  2009. #      explicitly specified are added at the end.
  2010. #
  2011. #      Note that sorting headers in an uncommon way will make
  2012. #      fingerprinting actually easier. Encrypted headers are not
  2013. #      affected by this directive.
  2014. #
  2015. #client-header-order Host \
  2016. #   Accept \
  2017. #   Accept-Language \
  2018. #   Accept-Encoding \
  2019. #   Proxy-Connection \
  2020. #   Referer \
  2021. #   Cookie \
  2022. #   DNT \
  2023. #   If-Modified-Since \
  2024. #   Cache-Control \
  2025. #   Content-Length \
  2026. #   Content-Type
  2027. #
  2028. #
  2029. #  6.14. client-specific-tag
  2030. #  ==========================
  2031. #
  2032. #  Specifies:
  2033. #
  2034. #      The name of a tag that will always be set for clients that
  2035. #      requested it through the webinterface.
  2036. #
  2037. #  Type of value:
  2038. #
  2039. #      Tag name followed by a description that will be shown in the
  2040. #      webinterface
  2041. #
  2042. #  Default value:
  2043. #
  2044. #      None
  2045. #
  2046. #  Notes:
  2047. #
  2048. #      +-----------------------------------------------------+
  2049. #      |                       Warning                       |
  2050. #      |-----------------------------------------------------|
  2051. #      |This is an experimental feature. The syntax is likely|
  2052. #      |to change in future versions.                        |
  2053. #      +-----------------------------------------------------+
  2054. #
  2055. #      Client-specific tags allow Privoxy admins to create different
  2056. #      profiles and let the users chose which one they want without
  2057. #      impacting other users.
  2058. #
  2059. #      One use case is allowing users to circumvent certain blocks
  2060. #      without having to allow them to circumvent all blocks. This is
  2061. #      not possible with the enable-remote-toggle feature because it
  2062. #      would bluntly disable all blocks for all users and also affect
  2063. #      other actions like filters. It also is set globally which
  2064. #      renders it useless in most multi-user setups.
  2065. #
  2066. #      After a client-specific tag has been defined with the
  2067. #      client-specific-tag directive, action sections can be
  2068. #      activated based on the tag by using a CLIENT-TAG pattern. The
  2069. #      CLIENT-TAG pattern is evaluated at the same priority as URL
  2070. #      patterns, as a result the last matching pattern wins. Tags
  2071. #      that are created based on client or server headers are
  2072. #      evaluated later on and can overrule CLIENT-TAG and URL
  2073. #      patterns!
  2074. #
  2075. #      The tag is set for all requests that come from clients that
  2076. #      requested it to be set. Note that "clients" are differentiated
  2077. #      by IP address, if the IP address changes the tag has to be
  2078. #      requested again.
  2079. #
  2080. #      Clients can request tags to be set by using the CGI interface
  2081. #      http://config.privoxy.org/client-tags. The specific tag
  2082. #      description is only used on the web page and should be phrased
  2083. #      in away that the user understand the effect of the tag.
  2084. #
  2085. #  Examples:
  2086. #
  2087. #          # Define a couple of tags, the described effect requires action sections
  2088. #          # that are enabled based on CLIENT-TAG patterns.
  2089. #          client-specific-tag circumvent-blocks Overrule blocks but do not affect other actions
  2090. #          disable-content-filters Disable content-filters but do not affect other actions
  2091. #
  2092. #
  2093. #
  2094. #  6.15. client-tag-lifetime
  2095. #  ==========================
  2096. #
  2097. #  Specifies:
  2098. #
  2099. #      How long a temporarily enabled tag remains enabled.
  2100. #
  2101. #  Type of value:
  2102. #
  2103. #      Time in seconds.
  2104. #
  2105. #  Default value:
  2106. #
  2107. #      60
  2108. #
  2109. #  Notes:
  2110. #
  2111. #      +-----------------------------------------------------+
  2112. #      |                       Warning                       |
  2113. #      |-----------------------------------------------------|
  2114. #      |This is an experimental feature. The syntax is likely|
  2115. #      |to change in future versions.                        |
  2116. #      +-----------------------------------------------------+
  2117. #
  2118. #      In case of some tags users may not want to enable them
  2119. #      permanently, but only for a short amount of time, for example
  2120. #      to circumvent a block that is the result of an overly-broad
  2121. #      URL pattern.
  2122. #
  2123. #      The CGI interface http://config.privoxy.org/client-tags
  2124. #      therefore provides a "enable this tag temporarily" option. If
  2125. #      it is used, the tag will be set until the client-tag-lifetime
  2126. #      is over.
  2127. #
  2128. #  Examples:
  2129. #
  2130. #            # Increase the time to life for temporarily enabled tags to 3 minutes
  2131. #            client-tag-lifetime 180
  2132. #
  2133. #
  2134. #
  2135. #  6.16. trust-x-forwarded-for
  2136. #  ============================
  2137. #
  2138. #  Specifies:
  2139. #
  2140. #      Whether or not Privoxy should use IP addresses specified with
  2141. #      the X-Forwarded-For header
  2142. #
  2143. #  Type of value:
  2144. #
  2145. #      0 or one
  2146. #
  2147. #  Default value:
  2148. #
  2149. #      0
  2150. #
  2151. #  Notes:
  2152. #
  2153. #      +-----------------------------------------------------+
  2154. #      |                       Warning                       |
  2155. #      |-----------------------------------------------------|
  2156. #      |This is an experimental feature. The syntax is likely|
  2157. #      |to change in future versions.                        |
  2158. #      +-----------------------------------------------------+
  2159. #
  2160. #      If clients reach Privoxy through another proxy, for example a
  2161. #      load balancer, Privoxy can't tell the client's IP address from
  2162. #      the connection. If multiple clients use the same proxy, they
  2163. #      will share the same client tag settings which is usually not
  2164. #      desired.
  2165. #
  2166. #      This option lets Privoxy use the X-Forwarded-For header value
  2167. #      as client IP address. If the proxy sets the header, multiple
  2168. #      clients using the same proxy do not share the same client tag
  2169. #      settings.
  2170. #
  2171. #      This option should only be enabled if Privoxy can only be
  2172. #      reached through a proxy and if the proxy can be trusted to set
  2173. #      the header correctly. It is recommended that ACL are used to
  2174. #      make sure only trusted systems can reach Privoxy.
  2175. #
  2176. #      If access to Privoxy isn't limited to trusted systems, this
  2177. #      option would allow malicious clients to change the client tags
  2178. #      for other clients or increase Privoxy's memory requirements by
  2179. #      registering lots of client tag settings for clients that don't
  2180. #      exist.
  2181. #
  2182. #  Examples:
  2183. #
  2184. #            # Allow systems that can reach Privoxy to provide the client
  2185. #            # IP address with a X-Forwarded-For header.
  2186. #            trust-x-forwarded-for 1
  2187. #
  2188. #
  2189. #
  2190. #  7. WINDOWS GUI OPTIONS
  2191. #  =======================
  2192. #
  2193. #  Privoxy has a number of options specific to the Windows GUI
  2194. #  interface:
  2195. #
  2196. #
  2197. #
  2198. #  If "activity-animation" is set to 1, the Privoxy icon will animate
  2199. #  when "Privoxy" is active. To turn off, set to 0.
  2200. #
  2201. #activity-animation   1
  2202. #
  2203. #
  2204. #
  2205. #  If "log-messages" is set to 1, Privoxy copies log messages to the
  2206. #  console window. The log detail depends on the debug directive.
  2207. #
  2208. #log-messages   1
  2209. #
  2210. #
  2211. #
  2212. #  If "log-buffer-size" is set to 1, the size of the log buffer, i.e.
  2213. #  the amount of memory used for the log messages displayed in the
  2214. #  console window, will be limited to "log-max-lines" (see below).
  2215. #
  2216. #  Warning: Setting this to 0 will result in the buffer to grow
  2217. #  infinitely and eat up all your memory!
  2218. #
  2219. #log-buffer-size 1
  2220. #
  2221. #
  2222. #
  2223. #  log-max-lines is the maximum number of lines held in the log
  2224. #  buffer. See above.
  2225. #
  2226. #log-max-lines 200
  2227. #
  2228. #
  2229. #
  2230. #  If "log-highlight-messages" is set to 1, Privoxy will highlight
  2231. #  portions of the log messages with a bold-faced font:
  2232. #
  2233. #log-highlight-messages 1
  2234. #
  2235. #
  2236. #
  2237. #  The font used in the console window:
  2238. #
  2239. #log-font-name Comic Sans MS
  2240. #
  2241. #
  2242. #
  2243. #  Font size used in the console window:
  2244. #
  2245. #log-font-size 8
  2246. #
  2247. #
  2248. #
  2249. #  "show-on-task-bar" controls whether or not Privoxy will appear as
  2250. #  a button on the Task bar when minimized:
  2251. #
  2252. #show-on-task-bar 0
  2253. #
  2254. #
  2255. #
  2256. #  If "close-button-minimizes" is set to 1, the Windows close button
  2257. #  will minimize Privoxy instead of closing the program (close with
  2258. #  the exit option on the File menu).
  2259. #
  2260. #close-button-minimizes 1
  2261. #
  2262. #
  2263. #
  2264. #  The "hide-console" option is specific to the MS-Win console
  2265. #  version of Privoxy. If this option is used, Privoxy will
  2266. #  disconnect from and hide the command console.
  2267. #
  2268. #hide-console
  2269. #
  2270. #
  2271. #
  2272.