1PRIVOXY(1) PRIVOXY(1)
2
6 privoxy - Privacy Enhancing Proxy
7
9 privoxy [--help ] [--version ] [--no-daemon ] [--pidfile pidfile ]
10 [--user user[.group] ] [--chroot ] [configfile ]
11
14 Privoxy may be invoked with the following command line options:
15 --help Print brief usage info and exit.
17 --version
19 Print version info and exit.
20 --no-daemon
22 Don't become a daemon, i.e. don't fork and become process
23 group leader, don't detach from controlling tty, and do all log‐
24 ging there.
25 --pidfile pidfile
27 On startup, write the process ID to pidfile. Delete the pidfile
28 on exit. Failure to create or delete the pidfile is non-fatal.
29 If no --pidfile option is given, no PID file will be used.
30 --user user[.group]
32 After (optionally) writing the PID file, assume the user ID of
33 user and the GID of group, or, if the optional group was not
34 given, the default group of user. Exit if the privileges are not
35 sufficient to do so.
36 --chroot
38 Before changing to the user ID given in the --user option,
39 chroot to that user's home directory, i.e. make the kernel pre‐
40 tend to the Privoxy process that the directory tree starts
41 there. If set up carefully, this can limit the impact of possi‐
42 ble vulnerabilities in Privoxy to the files contained in that
43 hierarchy.
44 If the configfile is not specified on the command line, Privoxy
46 will look for a file named config in the current directory . If no
47 configfile is found, Privoxy will fail to start.
48
50 Privoxy is a web proxy with advanced filtering capabilities for pro‐
51 tecting privacy, modifying web page data, managing cookies, controlling
52 access, and removing ads, banners, pop-ups and other obnoxious Internet
53 junk. Privoxy has a very flexible configuration and can be customized
54 to suit individual needs and tastes. Privoxy has application for both
55 stand-alone systems and multi-user networks.
56 Privoxy is based on Internet Junkbuster (tm).
58
60 Browsers must be individually configured to use Privoxy as a HTTP
61 proxy. The default setting is for localhost, on port 8118 (config‐
62 urable in the main config file). To set the HTTP proxy in Netscape and
63 Mozilla, go through: Edit; Preferences; Advanced; Proxies; Manual
64 Proxy Configuration; View.
65 For Firefox, go through: Tools; Options; General; Connection Settings;
67 Manual Proxy Configuration.
68 For Internet Explorer, go through: Tools; Internet Properties; Connec‐
70 tions; LAN Settings.
71 The Secure (SSL) Proxy should also be set to the same values, otherwise
73 https: URLs will not be proxied. Note: Privoxy can only proxy HTTP and
74 HTTPS traffic. Do not try it with FTP or other protocols. HTTPS
75 presents some limitations, and not all features will work with HTTPS
76 connections.
77 For other browsers, check the documentation.
79
81 Privoxy can be configured with the various configuration files. The
82 default configuration files are: config, default.filter, and
83 default.action. user.action should be used for locally defined excep‐
84 tions to the default rules of default.action, and user.filter for
85 locally defined filters. These are well commented. On Unix and Unix-
86 like systems, these are located in /etc/privoxy/ by default.
87 Privoxy uses the concept of actions in order to manipulate the data
89 stream between the browser and remote sites. There are various actions
90 available with specific functions for such things as blocking web
91 sites, managing cookies, etc. These actions can be invoked individually
92 or combined, and used against individual URLs, or groups of URLs that
93 can be defined using wildcards and regular expressions. The result is
94 that the user has greatly enhanced control and freedom.
95 The actions list (ad blocks, etc) can also be configured with your web
97 browser at http://config.privoxy.org/. Privoxy's configuration parame‐
98 ters can also be viewed at the same page. In addition, Privoxy can be
99 toggled on/off. This is an internal page, and does not require Inter‐
100 net access.
101 See the User Manual for a detailed explanation of installation, general
103 usage, all configuration options, new features and notes on upgrading.
104
106 A brief example of what a simple default.action configuration might
107 look like:
108 # Define a few useful custom aliases for later use
110 {{alias}}
111 # Useful aliases that combine more than one action
113 +crunch-cookies = +crunch-incoming-cookies +crunch-outgoing-cookies
114 -crunch-cookies = -crunch-incoming-cookies -crunch-outgoing-cookies
115 +block-as-image = +block +handle-as-image
116 # Fragile sites should have the minimum changes
118 fragile = -block -deanimate-gifs -fast-redirects -filter \
119 -hide-referer -prevent-cookies -kill-popups
120 ## Turn some actions on ################################
122 ## NOTE: Actions are off by default, unless explictily turned on
123 ## otherwise with the '+' operator.
124 { \
126 -add-header \
127 -block \
128 -content-type-overwrite \
129 -crunch-client-header \
130 -crunch-if-none-match \
131 -crunch-outgoing-cookies \
132 -crunch-incoming-cookies \
133 -crunch-server-header \
134 +deanimate-gifs{last} \
135 -downgrade-http-version \
136 -fast-redirects \
137 -filter{js-annoyances} \
138 -filter{js-events} \
139 -filter{html-annoyances} \
140 -filter{content-cookies} \
141 +filter{refresh-tags} \
142 -filter{unsolicited-popups} \
143 -filter{all-popups} \
144 -filter{img-reorder} \
145 -filter{banners-by-size} \
146 -filter{banners-by-link} \
147 +filter{webbugs} \
148 -filter{tiny-textforms} \
149 +filter{jumping-windows} \
150 -filter{frameset-borders} \
151 -filter{demoronizer} \
152 -filter{shockwave-flash} \
153 -filter{quicktime-kioskmode} \
154 -filter{fun} \
155 -filter{crude-parental} \
156 +filter{ie-exploits} \
157 -filter{site-specifics} \
158 -filter{google} \
159 -filter{yahoo} \
160 -filter{msn} \
161 -filter{blogspot} \
162 -filter{xml-to-html} \
163 -filter{html-to-xml} \
164 -filter{no-ping} \
165 -filter{hide-tor-exit-notation} \
166 -filter-client-headers \
167 -filter-server-headers \
168 -force-text-mode \
169 -handle-as-empty-document
170 -handle-as-image \
171 -hide-accept-language \
172 -hide-content-disposition \
173 -hide-if-modified-since \
174 +hide-forwarded-for-headers \
175 +hide-from-header{block} \
176 +hide-referrer{forge} \
177 -hide-user-agent \
178 -inspect-jpegs \
179 -kill-popups \
180 -limit-connect \
181 -overwrite-last-modified \
182 -redirect \
183 +prevent-compression \
184 -send-vanilla-wafer \
185 -send-wafer \
186 +session-cookies-only \
187 +set-image-blocker{pattern} \
188 -treat-forbidden-connects-like-blocks \
189 }
190 / # '/' Match *all* URL patterns
191 # Block all URLs that match these patterns
194 { +block }
195 ad.
196 ad[sv].
197 .*ads.
198 banner?.
199 /.*count(er)?\.(pl|cgi|exe|dll|asp|php[34]?)
200 .hitbox.com
201 media./.*(ads|banner)
202 # Block, and treat these URL patterns as if they were 'images'.
204 # We would expect these to be ads.
205 { +block-as-image }
206 .ad.doubleclick.net
207 .a[0-9].yimg.com/(?:(?!/i/).)*$
208 ad.*.doubleclick.net
209 # Make exceptions for these harmless ones that would be
211 # caught by our +block patterns just above.
212 { -block }
213 adsl.
214 adobe.
215 advice.
216 .*downloads.
217 # uploads or downloads
218 /.*loads
219 Then for a user.action, we would put local, narrowly defined excep‐
221 tions:
222 # Re-define aliases as needed here
224 {{alias}}
225 # Useful aliases
227 -crunch-cookies = -crunch-incoming-cookies -crunch-outgoing-cookies
228 # Set personal exceptions to the policies in default.action #######
230 # Sites where we want persistent cookies, so allow *all* cookies
232 { -crunch-cookies -session-cookies-only }
233 .redhat.com
234 .sun.com
235 .msdn.microsoft.com
236 # These sites breaks easily. Use our "fragile" alias here.
238 { fragile }
239 .forbes.com
240 mybank.example.com
241 # Replace example.com's style sheet with one of my choosing
243 { +redirect{http://localhost/css-replacements/example.com.css} }
244 example.com/stylesheet.css
245 See the comments in the configuration files themselves, or the User
247 Manual for full explanations of the above syntax, and other Privoxy
248 configuration options.
249
251 /usr/sbin/privoxy
252 /etc/privoxy/config
253 /etc/privoxy/default.action
254 /etc/privoxy/standard.action
255 /etc/privoxy/user.action
256 /etc/privoxy/default.filter
257 /etc/privoxy/user.filter
258 /etc/privoxy/trust
259 /etc/privoxy/templates/*
260 /var/log/privoxy/logfile
261 Various other files should be included, but may vary depending on plat‐
263 form and build configuration. Additional documentation should be
264 included in the local documentation directory.
265
267 Privoxy terminates on the SIGINT, SIGTERM and SIGABRT signals. Log
268 rotation scripts may cause a re-opening of the logfile by sending a
269 SIGHUP to Privoxy. Note that unlike other daemons, Privoxy does not
270 need to be made aware of config file changes by SIGHUP -- it will
271 detect them automatically.
272
274 Please see the User Manual on how to contact the developers, for fea‐
275 ture requests, reporting problems, and other questions.
276
278 Other references and sites of interest to Privoxy users:
279 http://www.privoxy.org/, the Privoxy Home page.
281 http://www.privoxy.org/faq/, the Privoxy FAQ.
283 http://sourceforge.net/projects/ijbswa/, the Project Page for Privoxy
285 on SourceForge.
286 http://config.privoxy.org/, the web-based user interface. Privoxy must
288 be running for this to work. Shortcut: http://p.p/
289 http://sourceforge.net/tracker/?group_id=11118&atid=460288, to submit
291 ``misses'' and other configuration related suggestions to the develop‐
292 ers.
293 http://www.junkbusters.com/ht/en/cookies.html, an explanation how cook‐
295 ies are used to track web users.
296 http://www.junkbusters.com/ijb.html, the original Internet Junkbuster.
298 http://privacy.net/, a useful site to check what information about you
300 is leaked while you browse the web.
301 http://www.squid-cache.org/, a very popular caching proxy, which is
303 often used together with Privoxy.
304 http://tor.eff.org/, Tor can help anonymize web browsing, web publish‐
306 ing, instant messaging, IRC, SSH, and other applications.
307 http://www.privoxy.org/developer-manual/, the Privoxy developer manual.
309
311 Fabian Keil, developer
312 David Schmidt, developer
313 Hal Burgiss
315 Ian Cummings
316 Roland Rosenfeld
317
319 COPYRIGHT
320 Copyright (C) 2001 - 2006 by Privoxy Developers <ijbswa-develop‐
321 ers@lists.sourceforge.net>
322 Some source code is based on code Copyright (C) 1997 by Anonymous
324 Coders and Junkbusters, Inc. and licensed under the GNU General Public
325 License.
326 LICENSE
328 Privoxy is free software; you can redistribute it and/or modify it
329 under the terms of the GNU General Public License, version 2, as pub‐
330 lished by the Free Software Foundation.
331 This program is distributed in the hope that it will be useful, but
333 WITHOUT ANY WARRANTY; without even the implied warranty of MER‐
334 CHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
335 Public License for more details, which is available from the Free Soft‐
336 ware Foundation, Inc, 51 Franklin Street, Fifth Floor, Boston, MA
337 02110-1301, USA
338 You should have received a copy of the GNU General Public License
340 along with this program; if not, write to the Free Software Founda‐
341 tion, Inc. 51 Franklin Street, Fifth Floor Boston, MA 02110-1301 USA
342Privoxy 3.0.6 13 November 2006 PRIVOXY(1)