Thread: [SOLVED] Network wide proxy server w/ privoxy
ive been fan of privoxy long time, had installed on windows machine , used network wide proxy many years.
have mini linux board , im trying same thing, ubuntu, im having way way trouble expecting.
im using ubuntu 12 hard float, not sure revision, im using beaglebone board
have privoxy installed, , can see configured cant access computer, since im using ssh talk beagle told privoxy allow access entire network(s)
yet every time i...
theres no port 8118! or privoxy running, cant understand why isnt working. ive never had trouble privoxy before. heres config file...code:root@beagle:/etc/privoxy# service privoxy restart * restarting filtering proxy server privoxy [ ok ] root@beagle:/etc/privoxy# nmap localhost starting nmap 6.00 ( http://nmap.org ) @ 2013-04-27 22:10 utc nmap scan report localhost (127.0.0.1) host (0.000071s latency). not shown: 996 closed ports port state service 22/tcp open ssh 80/tcp open http 631/tcp open ipp 5432/tcp open postgresql
# sample configuration file privoxy # # id: config,v # # copyright (c) 2001-2011 privoxy developers http://www.privoxy.org/ # #################################################################### # # # table of contents # # # # i. introduction # # ii. format of configuration file # # # # 1. local set-up documentation # # 2. configuration , log file locations # # 3. debugging # # 4. access control , security # # 5. forwarding # # 6. windows gui options # # # #################################################################### # # # i. introduction # =============== # # file holds privoxy's main configuration. privoxy detects # configuration changes automatically, don't have restart # unless want load different configuration file. # # configuration reloaded first request after # change done, request still use old # configuration, though. in other words: takes 2 requests before # see result of changes. requests dropped due # acl don't trigger reloads. # # when starting privoxy on unix systems, give location of # file last argument. on windows systems, privoxy # file name 'config.txt' in current working directory # of privoxy process. # # # ii. format of configuration file # ==================================== # # configuration lines consist of initial keyword followed # list of values, separated whitespace (any number of spaces # or tabs). example, # # actionsfile default.action # # indicates actionsfile named 'default.action'. # # '#' indicates comment. part of line following '#' # ignored, except if '#' preceded '\'. # # thus, placing # @ start of existing configuration # line, can make comment , treated if # weren't there. called "commenting out" option , can # useful. removing # again called "uncommenting". # # note commenting out option , leaving @ default # 2 different things! options behave # differently when unset. see "effect if unset" explanation in # each option's description details. # # long lines can continued on next line using `\' # last character. # # # # 1. local set-up documentation # ============================== # # if intend operate privoxy more users yourself, # might idea let them know how reach you, # block , why that, policies, etc. # # # # 1.1. user-manual # ================= # # specifies: # # location of privoxy user manual. # # type of value: # # qualified uri # # default value: # # unset # # effect if unset: # # http://www.privoxy.org/version/user-manual/ used, # version privoxy version. # # notes: # # user manual uri single best source of information on # privoxy, , used links of internal # cgi pages. manual packaged # binary distributions, want set # locally installed copy. # # examples: # # best purpose solution put full local # path user manual located: # # user-manual /usr/share/doc/privoxy/user-manual # # user manual available # access privoxy, following built-in url: # http://config.privoxy.org/user-manual/ (or shortcut: # http://p.p/user-manual/). # # if documentation not on local system, can # accessed remote server, as: # # user-manual http://example.com/privoxy/user-manual/ # # warning!!! # # if set, option should first option in config # file, because used while config file being read. # user-manual /usr/share/doc/privoxy/user-manual # # # 1.2. trust-info-url # ==================== # # specifies: # # url displayed in error page users see if # access untrusted page denied. # # type of value: # # url # # default value: # # unset # # effect if unset: # # no links displayed on "untrusted" error page. # # notes: # # value of option matters if experimental trust # mechanism has been activated. (see trustfile below.) # # if use trust mechanism, idea write # on-line documentation trust policy , # specify url(s) here. use multiple times multiple urls. # # url(s) should added trustfile well, users # don't end locked out information on why # locked out in first place! # #trust-info-url http://www.example.com/why_we_block.html #trust-info-url http://www.example.com/what_we_allow.html # # # 1.3. admin-address # =================== # # specifies: # # email address reach privoxy administrator. # # type of value: # # email address # # default value: # # unset # # effect if unset: # # no email address displayed on error pages , cgi user # interface. # # notes: # # if both admin-address , proxy-info-url unset, whole # "local privoxy support" box on generated pages not # shown. # #admin-address privoxy-admin@example.com # # # 1.4. proxy-info-url # ==================== # # specifies: # # url documentation local privoxy setup, # configuration or policies. # # type of value: # # url # # default value: # # unset # # effect if unset: # # no link local documentation displayed on error pages , # cgi user interface. # # notes: # # if both admin-address , proxy-info-url unset, whole # "local privoxy support" box on generated pages not # shown. # # url shouldn't blocked ;-) # proxy-info-url http://www.example.com/proxy-service.html # # # 2. configuration , log file locations # ======================================== # # privoxy can (and does) use number of other files # additional configuration, , logging. section of # configuration file tells privoxy find other files. # # user running privoxy, must have read permission # configuration files, , write permission files # modified, such log files , actions files. # # # # 2.1. confdir # ============= # # specifies: # # directory other configuration files located. # # type of value: # # path name # # default value: # # /etc/privoxy (unix) or privoxy installation dir (windows) # # effect if unset: # # mandatory # # notes: # # no trailing "/", please. # confdir /etc/privoxy # # # 2.2. templdir # ============== # # specifies: # # alternative directory templates loaded from. # # type of value: # # path name # # default value: # # unset # # effect if unset: # # templates assumed located in confdir/template. # # notes: # # privoxy's original templates overwritten each # update. use option relocate customized templates # should kept. template variables might change between # updates, shouldn't expect templates work privoxy # releases other 1 part of, though. # #templdir . # # # 2.3. logdir # ============ # # specifies: # # directory logging takes place (i.e. # logfile located). # # type of value: # # path name # # default value: # # /var/log/privoxy (unix) or privoxy installation dir (windows) # # effect if unset: # # mandatory # # notes: # # no trailing "/", please. # logdir /var/log/privoxy # # # 2.4. actionsfile # ================= # # specifies: # # actions file(s) use # # type of value: # # complete file name, relative confdir # # default values: # # match-all.action # actions applied sites , maybe overruled later on. # # default.action # main actions file # # user.action # user customizations # # effect if unset: # # no actions taken @ all. more or less neutral proxying. # # notes: # # multiple actionsfile lines permitted, , in fact # recommended! # # default values default.action, "main" # actions file maintained developers, , user.action, # can make personal additions. # # actions files contain per site , per url configuration # ad blocking, cookie management, privacy considerations, # etc. there no point in using privoxy without @ least 1 # actions file. # # note since privoxy 3.0.7, complete filename, including # ".action" extension has specified. syntax change # necessary consistent other file options , # allow forbidden characters. # actionsfile match-all.action # actions applied sites , maybe overruled later on. actionsfile default.action # main actions file actionsfile user.action # user customizations # # # 2.5. filterfile # ================ # # specifies: # # filter file(s) use # # type of value: # # file name, relative confdir # # default value: # # default.filter (unix) or default.filter.txt (windows) # # effect if unset: # # no textual content filtering takes place, i.e. +filter{name} # actions in actions files turned neutral. # # notes: # # multiple filterfile lines permitted. # # filter files contain content modification rules use # regular expressions. these rules permit powerful changes on # content of web pages, , optionally headers well, e.g., # try disable favorite javascript annoyances, # re-write actual displayed text, or have fun # playing buzzword bingo web pages. # # +filter{name} actions rely on relevant filter (name) # defined in filter file! # # pre-defined filter file called default.filter contains # number of useful filters common problems included in # distribution. see section on filter action list. # # recommended place locally adapted filters # separate file, such user.filter. # filterfile default.filter filterfile user.filter # user customizations # # # 2.6. logfile # ============= # # specifies: # # log file use # # type of value: # # file name, relative logdir # # default value: # # unset (commented out). when activated: logfile (unix) or # privoxy.log (windows). # # effect if unset: # # no logfile written. # # notes: # # logfile logging , error messages # written. level of detail , number of messages set # debug option (see below). logfile can useful # tracking down problem privoxy (e.g., it's not blocking # ad think should block) , can monitor # browser doing. # # depending on debug options below, logfile may # privacy risk if third parties can access it. # users never @ it, privoxy 3.0.7 , later log # fatal errors default. # # troubleshooting purposes, have change that, # please refer debugging section details. # # logfile grow indefinitely, , # want periodically remove it. on unix systems, can # cron job (see "man cron"). red hat based linux # distributions, logrotate script has been included. # # log files must writable whatever user privoxy # being run (on unix, default user id "privoxy"). # logfile logfile # # # 2.7. trustfile # =============== # # specifies: # # name of trust file use # # type of value: # # file name, relative confdir # # default value: # # unset (commented out). when activated: trust (unix) or trust.txt # (windows) # # effect if unset: # # entire trust mechanism disabled. # # notes: # # trust mechanism experimental feature building # white-lists , should used care. not recommended # casual user. # # if specify trust file, privoxy allow access # sites specified in trustfile. sites can listed # in 1 of 2 ways: # # prepending ~ character limits access site (and # sub-paths within site), e.g. ~www.example.com allows # access ~www.example.com/ features/news.html, etc. # # or, can designate sites trusted referrers, prepending # name + character. effect access # untrusted sites granted -- if link # trusted referrer used there. link target # added "trustfile" future, direct # accesses granted. sites added via mechanism # not become trusted referrers (i.e. added # ~ designation). there limit of 512 such entries, # after new entries not made. # # if use + operator in trust file, may grow # considerably on time. # # recommended privoxy compiled # --disable-force, --disable-toggle , --disable-editor options, # if feature used. # # possible applications include limiting internet access # children. # #trustfile trust # # # 3. debugging # ============= # # these options useful when tracing problem. note # might want invoke privoxy --no-daemon command # line option when debugging. # # # # 3.1. debug # =========== # # specifies: # # key values determine information gets logged. # # type of value: # # integer values # # default value: # # 0 (i.e.: fatal errors (that cause privoxy exit) logged) # # effect if unset: # # default value used (see above). # # notes: # # available debug levels are: # # debug 1 # log destination each request privoxy let through. see debug 1024. # debug 2 # show each connection status # debug 4 # show i/o status # debug 8 # show header parsing # debug 16 # log data written network # debug 32 # debug force feature # debug 64 # debug regular expression filters # debug 128 # debug redirects # debug 256 # debug gif de-animation # debug 512 # common log format # debug 1024 # log destination requests privoxy didn't let through, , reason why. # debug 2048 # cgi user interface # debug 4096 # startup banner , warnings. # debug 8192 # non-fatal errors # debug 32768 # log data read network # # # select multiple debug levels, can either add them or # use multiple debug lines. # # debug level of 1 informative because show each # request happens. 1, 1024, 4096 , 8192 recommended # notice when things go wrong. other levels # of interest if hunting down specific # problem. can produce hell of output (especially 16). # # privoxy used ship debug levels recommended above # enabled default, due privacy concerns 3.0.7 , later # configured log fatal errors. # # if used more verbose settings, enable # debug lines below again. # # if want use pure clf (common log format), should set # "debug 512" , not enable else. # # privoxy has hard-coded limit length of log messages. if # it's reached, messages logged truncated , marked # "... [too long, truncated]". # # please don't file support requests without trying # reproduce problem increased debug level first. once # read log messages, may able solve # problem on own. # #debug 1 # log destination each request privoxy let through. debug 1024 # log destination requests privoxy didn't let through, , reason why. debug 4096 # startup banner , warnings #debug 8192 # non-fatal errors # # # 3.2. single-threaded # ===================== # # specifies: # # whether run 1 server thread. # # type of value: # # none # # default value: # # unset # # effect if unset: # # multi-threaded (or, unavailable: forked) operation, # i.e. ability serve multiple requests simultaneously. # # notes: # # option there debugging purposes. # drastically reduce performance. # #single-threaded # # # 3.3. hostname # ============== # # specifies: # # hostname shown on cgi pages. # # type of value: # # text # # default value: # # unset # # effect if unset: # # hostname provided operating system used. # # notes: # # on misconfigured systems resolving hostname fails or # takes time , slows privoxy down. setting fixed # hostname works around problem. # # in other circumstances might desirable show hostname # other 1 returned operating system. example # if system has several different hostnames , don't # want use first one. # # note privoxy not validate specified hostname value. # #hostname hostname.example.org # # # 4. access control , security # =============================== # # section of config file controls security-relevant # aspects of privoxy's configuration. # # # # 4.1. listen-address # ==================== # # specifies: # # address , tcp port on privoxy listen # client requests. # # type of value: # # [ip-address]:port # # [hostname]:port # # default value: # # 127.0.0.1:8118 # # effect if unset: # # bind 127.0.0.1 (ipv4 localhost), port 8118. suitable # , recommended home users run privoxy on same # machine browser. # # notes: # # need configure browser(s) proxy address # , port. # # if have service running on port 8118, or # if want serve requests other machines (e.g. on # local network) well, need override default. # # can use statement multiple times make privoxy listen # on more ports or more ip addresses. suitable if operating # system not support sharing ipv6 , ipv4 protocols on # same socket. # # if hostname used instead of ip address, privoxy # try resolve ip address , if there multiple, # use first 1 returned. # # if address hostname isn't known on # system (for example because it's in /etc/hostname), may # result in dns traffic. # # if specified address isn't available on system, or if # hostname can't resolved, privoxy fail start. # # ipv6 addresses containing colons have quoted # brackets. can used if privoxy has been compiled # ipv6 support. if aren't sure if version supports # it, have @ http://config.privoxy.org/ show-status. # # operating systems prefer ipv6 ipv4 addresses if # system has no ipv6 connectivity not expected # user. rely on dns resolve localhost # mean "localhost" address used may not local. # # therefore recommended explicitly configure intended # ip address instead of relying on operating system, unless # there's strong reason not to. # # if leave out address, privoxy bind ipv4 # interfaces (addresses) on machine , may become reachable # internet and/ or local network. aware # gnu/linux distributions modify behaviour without # updating documentation. check non-standard patches if # privoxyversion behaves differently. # # if configure privoxyto reachable network, # consider using access control lists (acl's, see below), and/or # firewall. # # if open privoxy untrusted users, # want make sure following actions disabled: # enable-edit-actions , enable-remote-toggle # # exception noted above, listening on multiple addresses # not supported privoxy directly. can done # on operating systems letting packet filter redirect # request addresses privoxy, though. # # example: # # suppose running privoxy on machine has # address 192.168.0.1 on local private network (192.168.0.0) # , has outside connection different address. # want serve requests inside only: # # listen-address 192.168.0.1:8118 # # suppose running privoxy on ipv6-capable machine , # want listen on ipv6 address of loopback device: # # listen-address [::1]:8118 # #listen-address localhost:8118 listen-address 127.0.0.1:8118 #listen-address [::1]:8118 #listen-address 192.168.4.11:8118 #listen-addres 192.168.1.118:8118 # # 4.2. toggle # ============ # # specifies: # # initial state of "toggle" status # # type of value: # # 1 or 0 # # default value: # # 1 # # effect if unset: # # act if toggled on # # notes: # # if set 0, privoxy start in "toggled off" mode, # i.e. behave normal, content-neutral proxy # both ad blocking , content filtering disabled. see # enable-remote-toggle below. # # windows version display toggle icon in # system tray if option present. # toggle 1 # # # 4.3. enable-remote-toggle # ========================== # # specifies: # # whether or not web-based toggle feature may used # # type of value: # # 0 or 1 # # default value: # # 0 # # effect if unset: # # web-based toggle feature disabled. # # notes: # # when toggled off, privoxy acts normal, # content-neutral proxy, i.e. doesn't block ads or filter content. # # access toggle feature can not controlled separately # "acls" or http authentication, can access # privoxy (see "acls" , listen-address above) can toggle # users. option not recommended multi-user # environments untrusted users. # # note malicious client side code (e.g java) capable # of using option. # # lot of privoxy users don't read documentation, feature # disabled default. # # note must have compiled privoxy support # feature, otherwise option has no effect. # enable-remote-toggle 0 # # # 4.4. enable-remote-http-toggle # =============================== # # specifies: # # whether or not privoxy recognizes special http headers change # behaviour. # # type of value: # # 0 or 1 # # default value: # # 0 # # effect if unset: # # privoxy ignores special http headers. # # notes: # # when toggled on, client can change privoxy's behaviour # setting special http headers. supported # special header "x-filter: no", disable filtering # ongoing request, if enabled in 1 of # action files. # # feature disabled default. if using privoxy in # environment trusted clients, may enable feature # @ discretion. note malicious client side code (e.g # java) capable of using feature. # # option removed in future releases has been # obsoleted more general header taggers. # enable-remote-http-toggle 0 # # # 4.5. enable-edit-actions # ========================= # # specifies: # # whether or not web-based actions file editor may used # # type of value: # # 0 or 1 # # default value: # # 0 # # effect if unset: # # web-based actions file editor disabled. # # notes: # # access editor can not controlled separately # "acls" or http authentication, can access # privoxy (see "acls" , listen-address above) can modify # configuration users. # # option not recommended environments untrusted # users , lot of privoxy users don't read documentation, # feature disabled default. # # note malicious client side code (e.g java) capable # of using actions editor , shouldn't enable # options unless understand consequences , sure # browser configured correctly. # # note must have compiled privoxy support # feature, otherwise option has no effect. # enable-edit-actions 1 # # # 4.6. enforce-blocks # ==================== # # specifies: # # whether user allowed ignore blocks , can "go there # anyway". # # type of value: # # 0 or 1 # # default value: # # 0 # # effect if unset: # # blocks not enforced. # # notes: # # privoxy used block , filter requests service # user, example block ads , other junk clogs # pipes. privoxy's configuration isn't perfect , # innocent pages blocked. in situation makes sense # allow user enforce request , have privoxy ignore # block. # # in default configuration privoxy's "blocked" page contains # "go there anyway" link adds special string (the force # prefix) request url. if link used, privoxy # detect force prefix, remove again , let # request pass. # # of course privoxy can used enforce network # policy. in case user should not able # bypass blocks, , that's "enforce-blocks" option # for. if it's enabled, privoxy hides "go there anyway" # link. if user adds force prefix hand, not # accepted , circumvention attempt logged. # # examples: # # enforce-blocks 1 # enforce-blocks 0 # # # 4.7. acls: permit-access , deny-access # ========================================= # # specifies: # # can access what. # # type of value: # # src_addr[:port][/src_masklen] [dst_addr[:port][/dst_masklen]] # # src_addr , dst_addr ipv4 addresses in dotted # decimal notation or valid dns names, port port number, , # src_masklen , dst_masklen subnet masks in cidr notation, # i.e. integer values 2 30 representing length # (in bits) of network address. masks , whole # destination part optional. # # if system implements rfc 3493, src_addr , dst_addr # can ipv6 addresses delimeted brackets, port can # number or service name, , src_masklen , dst_masklen can # number 0 128. # # default value: # # unset # # if no port specified, port match. if no src_masklen # or src_masklen given, complete ip address has match # (i.e. 32 bits ipv4 , 128 bits ipv6). # # effect if unset: # # don't restrict access further implied listen-address # # notes: # # access controls included @ request of isps , systems # administrators, , not needed individual # users. typical home user, suffice # ensure privoxy listens on localhost (127.0.0.1) # or internal (home) network address means of listen-address # option. # # please see warnings in faq privoxy not intended # substitute firewall or encourage # defer addressing basic security weaknesses. # # multiple acl lines ok. if acls specified, privoxy # talks ip addresses match @ least 1 permit-access # line , don't match subsequent deny-access line. in other # words, last match wins, default being deny-access. # # if privoxy using forwarder (see forward below) # particular destination url, dst_addr examined # address of forwarder , not address of ultimate # target. necessary because may impossible # local privoxy determine ip address of ultimate target # (that's gateways used for). # # should prefer using ip addresses on dns names, because # address lookups take time. dns names must resolve! # can not use domain patterns "*.org" or partial domain # names. if dns name resolves multiple ip addresses, # first 1 used. # # systems allow ipv4 clients connect ipv6 server # sockets. client's ipv4 address translated # system ipv6 address space special prefix ::ffff:0:0/96 # (so called ipv4 mapped ipv6 address). privoxy can handle # , maps such acl addresses automatically. # # denying access particular sites acl may have undesired # side effects if site in question hosted on machine # hosts other sites (most sites are). # # examples: # # explicitly define default behavior if no acl , # listen-address set: "localhost" ok. absence of # dst_addr implies destination addresses ok: # # permit-access localhost # # # allow host on same class c subnet www.privoxy.org # access nothing www.example.com (or other domains hosted # on same system): # # permit-access www.privoxy.org/24 www.example.com/32 # # # allow access host on 26-bit subnet 192.168.45.64 # anywhere, exception 192.168.45.73 may not access # ip address behind www.dirty-stuff.example.com: # # permit-access 192.168.45.64/26 # deny-access 192.168.45.73 www.dirty-stuff.example.com # # allow access ipv4 network 192.0.2.0/24 if listening # on ipv6 wild card address (not supported on platforms): # permit-access 192.168.4.1/24 permit-access 192.168.1.1/24 # # # equivalent following line if listening on # ipv4 address (not supported on platforms): # # permit-access [::ffff:192.0.2.0]/120 # # # 4.8. buffer-limit # ================== # # specifies: # # maximum size of buffer content filtering. # # type of value: # # size in kbytes # # default value: # # 4096 # # effect if unset: # # use 4mb (4096 kb) limit. # # notes: # # content filtering, i.e. +filter , +deanimate-gif # actions, necessary privoxy buffers entire document # body. can potentially dangerous, since server # keep sending data indefinitely , wait ram # exhaust -- nasty consequences. hence option. # # when document buffer size reaches buffer-limit, # flushed client unfiltered , no further attempt filter # rest of document made. remember there may # multiple threads running, might require buffer-limit # kbytes each, unless have enabled "single-threaded" above. # buffer-limit 16348 # # # 5. forwarding # ============== # # feature allows routing of http requests through chain of # multiple proxies. # # forwarding can used chain privoxy caching proxy # speed browsing. using parent proxy may necessary if # machine privoxy runs on has no direct internet access. # # note parent proxies can severely decrease privacy # level. example parent proxy add ip address # request headers , if it's caching proxy may add "etag" # header revalidation requests again, though configured # privoxy remove it. may ignore privoxy's header time # randomization , use original values used # server cookie replacement track steps between visits. # # specified here socks proxies. privoxy supports socks # 4 , socks 4a protocols. # # # # 5.1. forward # ============= # # specifies: # # parent http proxy specific requests should routed. # # type of value: # # target_pattern http_parent[:port] # # target_pattern url pattern specifies # requests (i.e. urls) forward rule shall apply. use / # denote "all urls". http_parent[:port] dns name or # ip address of parent http proxy through requests # should forwarded, optionally followed listening port # (default: 8000). use single dot (.) denote "no forwarding". # # default value: # # unset # # effect if unset: # # don't use parent http proxies. # # notes: # # if http_parent ".", requests not forwarded # http proxy made directly web servers. # # http_parent can numerical ipv6 address (if rfc 3493 # implemented). prevent clashes port delimiter, # whole ip address has put brackets. on other # hand target_pattern containing ipv6 address has put # angle brackets (normal brackets reserved regular # expressions already). # # multiple lines ok, checked in sequence, , # last match wins. # # examples: # # goes example parent proxy, except ssl on port # 443 (which doesn't handle): # # forward / parent-proxy.example.org:8080 # forward :443 . # # # goes our example isp's caching proxy, except # requests isp's sites: # # forward / caching-proxy.isp.example.net:8000 # forward .isp.example.net . # # # parent proxy specified ipv6 address: # # forward / [2001:db8::1]:8000 # # # suppose parent proxy doesn't support ipv6: # # forward / parent-proxy.example.org:8000 # forward ipv6-server.example.org . # forward <[2-3][0-9a-f][0-9a-f][0-9a-f]:*> . # # # 5.2. forward-socks4, forward-socks4a , forward-socks5 # ======================================================== # # specifies: # # through socks proxy (and optionally parent http # proxy) specific requests should routed. # # type of value: # # target_pattern socks_proxy[:port] http_parent[:port] # # target_pattern url pattern specifies # requests (i.e. urls) forward rule shall apply. use / # denote "all urls". http_parent , socks_proxy ip addresses # in dotted decimal notation or valid dns names (http_parent may # "." denote "no http forwarding"), , optional port # parameters tcp ports, i.e. integer values 1 65535 # # default value: # # unset # # effect if unset: # # don't use socks proxies. # # notes: # # multiple lines ok, checked in sequence, , # last match wins. # # difference between forward-socks4 , forward-socks4a # in socks 4a protocol, dns resolution of # target hostname happens on socks server, while in socks 4 # happens locally. # # forward-socks5 dns resolution happen on remote # server well. # # socks_proxy , http_parent can numerical ipv6 address # (if rfc 3493 implemented). prevent clashes port # delimiter, whole ip address has put brackets. on # other hand target_pattern containing ipv6 address has # put angle brackets (normal brackets reserved # regular expressions already). # # if http_parent ".", requests not forwarded # http proxy made (http-wise) directly web servers, # albeit through socks proxy. # # examples: # # company example.com, direct connections made # "internal" domains, outbound goes through # isp's proxy way of example.com's corporate socks 4a gateway # internet. # # forward-socks4a / socks-gw.example.com:1080 www-cache.isp.example.net:8080 # forward .example.com . # # # rule uses socks 4 gateway destinations no # http parent looks this: # # forward-socks4 / socks-gw.example.com:1080 . # # # chain privoxy , tor, both running on same system, # use like: # # forward-socks5 / 127.0.0.1:9050 . # # # public tor network can't used reach local network, # if need access local servers therefore might want # make exceptions: # # forward 192.168.*.*/ . # forward 10.*.*.*/ . # forward 127.*.*.*/ . # # # unencrypted connections systems in these address ranges # (un) secure local network is, alternative # can't reach local network through privoxy @ # all. of course may desired , there no # reason make these exceptions if aren't sure need them. # # if want able reach servers in local # network using names, need additional exceptions # this: # # forward localhost/ . # # # # 5.3. forwarded-connect-retries # =============================== # # specifies: # # how privoxy retries if forwarded connection request # fails. # # type of value: # # number of retries. # # default value: # # 0 # # effect if unset: # # connections forwarded through other proxies treated # direct connections , no retry attempts made. # # notes: # # forwarded-connect-retries interesting socks4a # connections, privoxy can't detect why connections # failed. connection might have failed because of dns timeout # in case retry makes sense, might have failed # because server doesn't exist or isn't reachable. in # case retry delay appearance of privoxy's # error message. # # note in context of option, "forwarded connections" # includes connections privoxy forwards through other # proxies. option not limited http connect method. # # use option, if getting lots of # forwarding-related error messages go away when try again # manually. start small value , check privoxy's logfile # time time, see how many retries needed. # # due bug, option causes privoxy # retry in case of problems direct connections. # # examples: # # forwarded-connect-retries 1 # forwarded-connect-retries 0 # # # 6. miscellaneous # ================= # # 6.1. accept-intercepted-requests # ================================= # # specifies: # # whether intercepted requests should treated valid. # # type of value: # # 0 or 1 # # default value: # # 0 # # effect if unset: # # proxy requests accepted, intercepted requests # treated invalid. # # notes: # # if don't trust clients , want force them use # privoxy, enable option , configure packet filter # redirect outgoing http connections privoxy. # # make sure privoxy's own requests aren't redirected well. # additionally take care privoxy can't intentionally connect # itself, otherwise run redirection loops if # privoxy's listening port reachable outside or # attacker has access pages visit. # # examples: # # accept-intercepted-requests 1 # accept-intercepted-requests 0 # # # 6.2. allow-cgi-request-crunching # ================================= # # specifies: # # whether requests privoxy's cgi pages can blocked or # redirected. # # type of value: # # 0 or 1 # # default value: # # 0 # # effect if unset: # # privoxy ignores block , redirect actions cgi pages. # # notes: # # default privoxy ignores block or redirect actions # cgi pages. intercepting these requests can useful in # multi-user setups implement fine-grained access control, # can render complete web interface useless , # make debugging problems painful if done without care. # # don't enable option unless you're sure # need it. # # examples: # # allow-cgi-request-crunching 1 # allow-cgi-request-crunching 1 # # # 6.3. split-large-forms # ======================= # # specifies: # # whether cgi interface should stay compatible broken # http clients. # # type of value: # # 0 or 1 # # default value: # # 0 # # effect if unset: # # cgi form generate long urls. # # notes: # # privoxy's cgi forms can lead rather long urls. isn't # problem far http standard concerned, can # confuse clients arbitrary url length limitations. # # enabling split-large-forms causes privoxy divide big forms # smaller ones keep url length down. makes editing # lot less convenient , can no longer submit changes # @ once, @ least works around browser bug. # # if don't notice editing problems, there no reason # enable option, if 1 of submit buttons appears # broken, should give try. # # examples: # # split-large-forms 1 # split-large-forms 0 # # # 6.4. keep-alive-timeout # ======================== # # specifies: # # number of seconds after open connection no longer # reused. # # type of value: # # time in seconds. # # default value: # # none # # effect if unset: # # connections not kept alive. # # notes: # # option allows clients keep connection privoxy # alive. if server supports it, privoxy keep # connection server alive well. under # circumstances may result in speed-ups. # # default, privoxy close connection server if # client connection gets closed, or if specified timeout # has been reached without new request coming in. behaviour # can changed connection-sharing option. # # option has no effect if privoxy has been compiled without # keep-alive support. # # note timeout of 5 seconds used in default # configuration file decreases number of # connections reused. value used because # browsers limit number of connections open single # host , apply same limit proxies. can result in # single website "grabbing" connections browser allows, # means connections other websites can't opened until # connections in use time out. # # several users have reported privoxy bug, default # value has been reduced. consider increasing 300 seconds # or more if think browser can handle it. if # browser appears hanging can't. # # examples: # # keep-alive-timeout 300 # keep-alive-timeout 300 # # # 6.5. default-server-timeout # ============================ # # specifies: # # assumed server-side keep-alive timeout if not specified # server. # # type of value: # # time in seconds. # # default value: # # none # # effect if unset: # # connections server didn't specify keep-alive # timeout not reused. # # notes: # # enabling option increases number of # connections reused, provided keep-alive-timeout # option enabled. # # while increases number of connections problems when # privoxy tries reuse connection has been closed # on server side, or closed while privoxy trying # reuse it, should problem if happens # first request sent client. if happens requests # on reused client connections, privoxy close # connection , client supposed retry request # without bothering user. # # enabling option therefore recommended if # connection-sharing option disabled. # # error specify value larger # keep-alive-timeout value. # # option has no effect if privoxy has been compiled without # keep-alive support. # # examples: # # default-server-timeout 60 # #default-server-timeout 60 # # # 6.6. connection-sharing # ======================== # # specifies: # # whether or not outgoing connections have been kept alive # should shared between different incoming connections. # # type of value: # # 0 or 1 # # default value: # # none # # effect if unset: # # connections not shared. # # notes: # # option has no effect if privoxy has been compiled without # keep-alive support, or if it's disabled. # # notes: # # note reusing connections doesn't necessary cause # speedups. there few privacy implications should # aware of. # # if option effective, outgoing connections shared # between clients (if there more one) , closing # browser initiated outgoing connection no longer # affect connection between privoxy , server unless # client's request hasn't been completed yet. # # if outgoing connection idle, not closed until # either privoxy's or server's timeout reached. while # it's open, server knows system running privoxy # still there. # # if there more 1 client (maybe belonging # multiple users), able reuse each others # connections. potentially dangerous in case of # authentication schemes ntlm connection # authenticated, instead of requiring authentication # each request. # # if there single client, , if said client can keep # connections alive on own, enabling option has next # no effect. if client doesn't support connection keep-alive, # enabling option may make sense allows privoxy keep # outgoing connections alive if client doesn't # support it. # # should aware enabling option increases # likelihood of getting "no server or forwarder data" # error message, if using slow connection # internet. # # option should used experienced users # understand risks , can weight them against benefits. # # examples: # # connection-sharing 1 # #connection-sharing 1 # # # 6.7. socket-timeout # ==================== # # specifies: # # number of seconds after socket times out if no data # received. # # type of value: # # time in seconds. # # default value: # # none # # effect if unset: # # default value of 300 seconds used. # # notes: # # socks requests timeout doesn't start until # socks server accepted request. fixed in # next release. # # examples: # # socket-timeout 300 # socket-timeout 300 # # # 6.8. max-client-connections # ============================ # # specifies: # # maximum number of client connections served. # # type of value: # # positive number. # # default value: # # none # # effect if unset: # # connections served until resource limit reached. # # notes: # # privoxy creates 1 thread (or process) every incoming # client connection isn't rejected based on access # control settings. # # if system powerful enough, privoxy can theoretically deal # several hundred (or thousand) connections @ same time, # operating systems enforce resource limits shutting # down offending processes , default limits may below # ones privoxy require under heavy load. # # configuring privoxy enforce connection limit below # thread or process limit used operating system makes # sure doesn't happen. increasing operating # system's limit work too, if privoxy isn't # application running on system, may want # limit resources used privoxy. # # if privoxy used single trusted user, limiting # number of client connections unnecessary. if there # multiple possibly untrusted users still want # additionally use packet filter limit maximal number # of incoming connections per client. otherwise malicious user # intentionally create high number of connections # prevent other users using privoxy. # # using option makes sense if choose # limit below 1 enforced operating system. # # examples: # # max-client-connections 256 # #max-client-connections 256 # # 6.9. handle-as-empty-doc-returns-ok # ==================================== # # specifies: # # status code privoxy returns pages blocked # +handle-as-empty-document. # # type of value: # # 0 or 1 # # default value: # # 0 # # effect if unset: # # privoxy returns status 403(forbidden) blocked pages. # # effect if set: # # privoxy returns status 200(ok) pages blocked # +handle-as-empty-document , status 403(forbidden) # other blocked pages. # # notes: # # work-around firefox bug 492459: " websites no # longer rendered if ssl requests javascripts blocked # proxy. " (https:/ /bugzilla.mozilla.org/show_bug.cgi?id=492459) # bug has been fixed quite time option # should no longer needed , removed in future # release. please speak if have reason why option # should kept around. # #handle-as-empty-doc-returns-ok 1 # # # 1.6.10. enable-compression # # specifies: # # whether or not buffered content compressed before delivery. # # type of value: # # 0 or 1 # # default value: # # 0 # # effect if unset: # # privoxy not compress buffered content. # # effect if set: # # privoxy compresses buffered content before delivering # client, provided client supports it. # # notes: # # directive supported if privoxy has been compiled # feature_compression, should not confused # feature_zlib. # # compressing buffered content useful if privoxy , # client running on different systems. if running on # same system, enabling compression slow things # down. if didn't measure otherwise, should assume # , keep option disabled. # # privoxy not compress buffered content below # length. # #enable-compression 1 # # # 1.6.11. compression-level # # specifies: # # compression level passed zlib library when # compressing buffered content. # # type of value: # # positive number ranging 0 9. # # default value: # # 1 # # notes: # # compressing data more takes longer compressing # less or not compressing @ all. level best # depends on connection between privoxy , client. if # can't bothered benchmark yourself, should # stick default , keep compression disabled. # # if compression disabled, compression level irrelevant. # # examples: # # # best speed (compared other levels) # compression-level 1 # # # best compression # compression-level 9 # # # no compression. useful testing added header # # increases amount of data has sent. # # if benchmark shows using compression level # # superior using no compression @ all, benchmark # # flawed. # compression-level 0 # # #compression-level 1 # # # 7. windows gui options # ======================= # # privoxy has number of options specific windows gui # interface: # # # if "activity-animation" set 1, privoxy icon animate # when "privoxy" active. turn off, set 0. # #activity-animation 1 # # if "log-messages" set 1, privoxy log messages # console window: # #log-messages 1 # # if "log-buffer-size" set 1, size of log buffer, # i.e. amount of memory used log messages displayed in # console window, limited "log-max-lines" (see below). # # warning: setting 0 result in buffer grow # infinitely , eat memory! # #log-buffer-size 1 # # log-max-lines maximum number of lines held in log # buffer. see above. # #log-max-lines 200 # # if "log-highlight-messages" set 1, privoxy highlight # portions of log messages bold-faced font: # #log-highlight-messages 1 # # font used in console window: # #log-font-name comic sans ms # # font size used in console window: # #log-font-size 8 # # "show-on-task-bar" controls whether or not privoxy appear # button on task bar when minimized: # #show-on-task-bar 0 # # if "close-button-minimizes" set 1, windows close button # minimize privoxy instead of closing program (close # exit option on file menu). # #close-button-minimizes 1 # # "hide-console" option specific ms-win console version # of privoxy. if option used, privoxy disconnect # , hide command console. # #hide-console # #
running on 192.168.4.1 network, once configured , working going 192.168.1.1 network provide top proxy.
original idea using squid , privoxy, since have no idea how use squid, , nothing working, cut out of equation, didnt help.
please..help..ive been struggling 4 hours ;_;
well, know now, isn't running, doesn't any. run command line , @ error messages.
Forum The Ubuntu Forum Community Ubuntu Specialised Support Security [other] [SOLVED] Network wide proxy server w/ privoxy
Ubuntu
Comments
Post a Comment