man:privoxy(8)
Z funus.net
PRIVOXY(8) PRIVOXY(8) NAME privoxy — Privacy Enhancing Proxy SYNOPSIS privoxy [--help ] [--version ] [--no-daemon ] [--pidfile pidfile ] [--user user[.group] ] [--chroot ] [configfile ] OPTIONS Privoxy may be invoked with the following command line options: --help Print brief usage info and exit. --version Print version info and exit. --no-daemon Don't become a daemon, i.e. don't fork and become process group leader, don't detach from controlling tty, and do all log- ging there. --pidfile pidfile On startup, write the process ID to pidfile. Delete the pidfile on exit. Failure to create or delete the pidfile is non-fatal. If no --pidfile option is given, no PID file will be used. --user user[.group] After (optionally) writing the PID file, assume the user ID of user and the GID of group, or, if the optional group was not given, the default group of user. Exit if the privileges are not sufficient to do so. --chroot Before changing to the user ID given in the --user option, chroot to that user's home directory, i.e. make the kernel pre- tend to the Privoxy process that the directory tree starts there. If set up carefully, this can limit the impact of possi- ble vulnerabilities in Privoxy to the files contained in that hierarchy. If the configfile is not specified on the command line, Privoxy will look for a file named config in the current directory . If no configfile is found, Privoxy will fail to start. DESCRIPTION Privoxy is a web proxy with advanced filtering capabilities for pro- tecting privacy, modifying web page data, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk. Privoxy has a very flexible configuration and can be customized to suit individual needs and tastes. Privoxy has application for both stand-alone systems and multi-user networks. Privoxy is based on Internet Junkbuster (tm). INSTALLATION AND USAGE Browsers must be individually configured to use Privoxy as a HTTP proxy. The default setting is for localhost, on port 8118 (config- urable in the main config file). To set the HTTP proxy in Netscape and Mozilla, go through: Edit; Preferences; Advanced; Proxies; Manual Proxy Configuration; View. For Firefox, go through: Tools; Options; General; Connection Settings; Manual Proxy Configuration. For Internet Explorer, go through: Tools; Internet Properties; Connec- tions; LAN Settings. The Secure (SSL) Proxy should also be set to the same values, otherwise https: URLs will not be proxied. Note: Privoxy can only proxy HTTP and HTTPS traffic. Do not try it with FTP or other protocols. HTTPS presents some limitations, and not all features will work with HTTPS connections. For other browsers, check the documentation. CONFIGURATION Privoxy can be configured with the various configuration files. The default configuration files are: config, default.filter, and default.action. user.action should be used for locally defined excep- tions to the default rules of default.action, and user.filter for locally defined filters. These are well commented. On Unix and Unix- like systems, these are located in /etc/privoxy/ by default. Privoxy uses the concept of actions in order to manipulate the data stream between the browser and remote sites. There are various actions available with specific functions for such things as blocking web sites, managing cookies, etc. These actions can be invoked individually or combined, and used against individual URLs, or groups of URLs that can be defined using wildcards and regular expressions. The result is that the user has greatly enhanced control and freedom. The actions list (ad blocks, etc) can also be configured with your web browser at http://config.privoxy.org/. Privoxy's configuration parame- ters can also be viewed at the same page. In addition, Privoxy can be toggled on/off. This is an internal page, and does not require Inter- net access. See the User Manual for a detailed explanation of installation, general usage, all configuration options, new features and notes on upgrading. SAMPLE CONFIGURATION A brief example of what a simple default.action configuration might look like: # Define a few useful custom aliases for later use {{alias}} # Useful aliases that combine more than one action +crunch-cookies = +crunch-incoming-cookies +crunch-outgoing-cookies -crunch-cookies = -crunch-incoming-cookies -crunch-outgoing-cookies +block-as-image = +block +handle-as-image # Fragile sites should have the minimum changes fragile = -block -deanimate-gifs -fast-redirects -filter \ -hide-referer -prevent-cookies -kill-popups ## Turn some actions on ################################ ## NOTE: Actions are off by default, unless explictily turned on ## otherwise with the '+' operator. { \ -add-header \ -block \ -content-type-overwrite \ -crunch-client-header \ -crunch-if-none-match \ -crunch-outgoing-cookies \ -crunch-incoming-cookies \ -crunch-server-header \ +deanimate-gifs{last} \ -downgrade-http-version \ -fast-redirects \ -filter{js-annoyances} \ -filter{js-events} \ -filter{html-annoyances} \ -filter{content-cookies} \ +filter{refresh-tags} \ -filter{unsolicited-popups} \ -filter{all-popups} \ -filter{img-reorder} \ -filter{banners-by-size} \ -filter{banners-by-link} \ +filter{webbugs} \ -filter{tiny-textforms} \ +filter{jumping-windows} \ -filter{frameset-borders} \ -filter{demoronizer} \ -filter{shockwave-flash} \ -filter{quicktime-kioskmode} \ -filter{fun} \ -filter{crude-parental} \ +filter{ie-exploits} \ -filter{site-specifics} \ -filter{google} \ -filter{yahoo} \ -filter{msn} \ -filter{blogspot} \ -filter{xml-to-html} \ -filter{html-to-xml} \ -filter{no-ping} \ -filter{hide-tor-exit-notation} \ -filter-client-headers \ -filter-server-headers \ -force-text-mode \ -handle-as-empty-document -handle-as-image \ -hide-accept-language \ -hide-content-disposition \ -hide-if-modified-since \ +hide-forwarded-for-headers \ +hide-from-header{block} \ +hide-referrer{forge} \ -hide-user-agent \ -inspect-jpegs \ -kill-popups \ -limit-connect \ -overwrite-last-modified \ -redirect \ +prevent-compression \ -send-vanilla-wafer \ -send-wafer \ +session-cookies-only \ +set-image-blocker{pattern} \ -treat-forbidden-connects-like-blocks \ } / # '/' Match *all* URL patterns # Block all URLs that match these patterns { +block } ad. ad[sv]. .*ads. banner?. /.*count(er)?\.(pl|cgi|exe|dll|asp|php[34]?) .hitbox.com media./.*(ads|banner) # Block, and treat these URL patterns as if they were 'images'. # We would expect these to be ads. { +block-as-image } .ad.doubleclick.net .a[0-9].yimg.com/(?:(?!/i/).)*$ ad.*.doubleclick.net # Make exceptions for these harmless ones that would be # caught by our +block patterns just above. { -block } adsl. adobe. advice. .*downloads. # uploads or downloads /.*loads Then for a user.action, we would put local, narrowly defined excep- tions: # Re-define aliases as needed here {{alias}} # Useful aliases -crunch-cookies = -crunch-incoming-cookies -crunch-outgoing-cookies # Set personal exceptions to the policies in default.action ####### # Sites where we want persistent cookies, so allow *all* cookies { -crunch-cookies -session-cookies-only } .redhat.com .sun.com .msdn.microsoft.com # These sites breaks easily. Use our "fragile" alias here. { fragile } .forbes.com mybank.example.com # Replace example.com's style sheet with one of my choosing { +redirect{http://localhost/css-replacements/example.com.css} } example.com/stylesheet.css See the comments in the configuration files themselves, or the User Manual for full explanations of the above syntax, and other Privoxy configuration options. FILES /usr/sbin/privoxy /etc/privoxy/config /etc/privoxy/default.action /etc/privoxy/standard.action /etc/privoxy/user.action /etc/privoxy/default.filter /etc/privoxy/user.filter /etc/privoxy/trust /etc/privoxy/templates/* /var/log/privoxy/logfile Various other files should be included, but may vary depending on plat- form and build configuration. Additional documentation should be included in the local documentation directory. SIGNALS Privoxy terminates on the SIGINT, SIGTERM and SIGABRT signals. Log rotation scripts may cause a re-opening of the logfile by sending a SIGHUP to Privoxy. Note that unlike other daemons, Privoxy does not need to be made aware of config file changes by SIGHUP -- it will detect them automatically. NOTES Please see the User Manual on how to contact the developers, for fea- ture requests, reporting problems, and other questions. SEE ALSO Other references and sites of interest to Privoxy users: http://www.privoxy.org/, the Privoxy Home page. http://www.privoxy.org/faq/, the Privoxy FAQ. http://sourceforge.net/projects/ijbswa/, the Project Page for Privoxy on SourceForge. http://config.privoxy.org/, the web-based user interface. Privoxy must be running for this to work. Shortcut: http://p.p/ http://sourceforge.net/tracker/?group_id=11118&atid=460288, to submit ``misses'' and other configuration related suggestions to the develop- ers. http://www.junkbusters.com/ht/en/cookies.html, an explanation how cook- ies are used to track web users. http://www.junkbusters.com/ijb.html, the original Internet Junkbuster. http://privacy.net/, a useful site to check what information about you is leaked while you browse the web. http://www.squid-cache.org/, a very popular caching proxy, which is often used together with Privoxy. http://tor.eff.org/, Tor can help anonymize web browsing, web publish- ing, instant messaging, IRC, SSH, and other applications. http://www.privoxy.org/developer-manual/, the Privoxy developer manual. DEVELOPMENT TEAM Fabian Keil, developer David Schmidt, developer Hal Burgiss Ian Cummings Roland Rosenfeld COPYRIGHT AND LICENSE COPYRIGHT Copyright (C) 2001 - 2006 by Privoxy Developers Some source code is based on code Copyright (C) 1997 by Anonymous Coders and Junkbusters, Inc. and licensed under the GNU General Public License. LICENSE Privoxy is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License, version 2, as published by the Free Software Foundation. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MER- CHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details, which is available from the Free Soft- ware Foundation, Inc, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Founda- tion, Inc. 51 Franklin Street, Fifth Floor Boston, MA 02110-1301 USA Privoxy 3.0.6 23 December 2006 PRIVOXY(8)
