###################################################################### # # File : $Source: /cvsroot/ijbswa/current/default.action.master,v $ # # $Id: default.action.master,v 1.313 2014/11/11 12:19:38 fabiankeil Exp $ # # Requires : This version requires Privoxy v3.0.11 or later due to # syntax changes. # # Purpose : Default actions file, see # http://www.privoxy.org/user-manual/actions-file.html. # This file is subject to periodic updating. It is # not supposed to be edited by the user. Local exceptions # and enhancements are better placed in user.action, # the match-all section has been moved to match-all.action. # # Copyright : Written by and Copyright (C) 2001-2013 the # Privoxy team. http://www.privoxy.org/ # # Feedback welcome, for details please have a look at: # http://www.privoxy.org/user-manual/contact.html # # The current development version of this file is located: # http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/default.action.master # ############################################################################# # Syntax ############################################################################# # # A much better explanation can be found in the user manual which is # part of the distribution and can be found at http://www.privoxy.org/user-manual # # To determine which actions apply to a request, the URL of the request is # compared to all patterns in this file. Every time it matches, the list of # applicable actions for this URL is incrementally updated. You can trace # this process by visiting http://config.privoxy.org/show-url-info # # There are 4 types of lines in this file: comments (like this line), # actions, aliases and patterns, all of which are explained below. # ############################################################################# # Pattern Syntax ############################################################################# # # 1. On Domains and Paths # ----------------------- # # Generally, a pattern has the form /, where both the # and part are optional. The pattern matching syntax is different for # each. If you only specify a domain part, the "/" can be left out, but it is # required for the path part. # # www.example.com # is a domain-only pattern and will match any request to www.example.com # # www.example.com/ # means exactly the same (but is slightly less efficient) # # www.example.com/index.html # matches only the document /index.html on www.example.com # # /index.html # matches the document /index.html, regardless of the domain # # index.html # matches nothing, since it would be interpreted as a domain name and # there is no top-level domain called ".html". # # 2. Domain Syntax # ---------------- # # The matching of the domain part offers some flexible options: If the # domain starts or ends with a dot, it becomes unanchored at that end: # # www.example.com # matches only www.example.com # # .example.com # matches any domain that ENDS in .example.com # # www. # matches any domain that STARTS with www. # # .example. # matches any domain that CONTAINS example # # # Additionally, there are wildcards that you can use in the domain names # themselves. They work pretty similar to shell wildcards: "*" stands for # zero or more arbitrary characters, "?" stands for one, and you can define # character classes in square brackets and they can be freely mixed: # # ad*.example.com # matches adserver.example.com, ads.example.com, etc but not sfads.example.com # # *ad*.example.com # matches all of the above # # .?pix.com # matches www.ipix.com, pictures.epix.com, a.b.c.d.e.upix.com etc # # www[1-9a-ez].example.com # matches www1.example.com, www4.example.com, wwwd.example.com, # wwwz.example.com etc, but not wwww.example.com # # You get the idea? # # 2. Path Syntax # -------------- # # Paths are specified as full regular expressions, and are more flexible than # the domain syntax above. A comprehensive discussion of regular expressions # wouldn't fit here. # # Perl compatible regular expressions are used. See the pcre/docs/ direcory or # man perlre (also available at http://perldoc.perl.org/perlre.html) for # details. The appendix to our User Manual also has some detail. # # Please note that matching in the path is CASE INSENSITIVE by default, but # you can switch to case sensitive by starting the pattern with the "(?-i)" # switch: # # www.example.com/(?-i)PaTtErN.* # will match only documents whose path starts with PaTtErN in exactly this # capitalization. # # Partially case-sensitive and partially case-insensitive patterns are # possible, but the rules about splitting them up are extremely complex # - see the PCRE documentation for more information. # ############################################################################# # Action Syntax ############################################################################# # # There are 3 kinds of actions: # # Boolean (e.g. "handle-as-image"): # +name # enable # -name # disable # # Parameterized (e.g. "hide-user-agent"): # +name{param} # enable and set parameter to "param" # -name # disable # # Multi-value (e.g. "add-header", "filter"): # +name{param} # enable and add parameter "param" # -name{param} # remove the parameter "param" # -name # disable totally # # The default (if you don't specify anything in this file) is not to take # any actions - i.e completely disabled, so Privoxy will just be a # normal, non-blocking, non-anonymizing proxy. You must specifically # enable the privacy and blocking features you need (although the # provided default actions file will do that for you). # # Later actions always override earlier ones. For multi-valued actions, # the actions are applied in the order they are specified. # ############################################################################# # Valid actions are: ############################################################################# # # +add-header{Name: value} # Adds the specified HTTP header, which is not checked for validity. # You may specify this many times to specify many headers. # # +block{reason} # Block this URL. Instead of forwarding the request, Privoxy will # send a "block" page containing the specified reason. # # +change-x-forwarded-for{add} # +change-x-forwarded-for{block} # Adds or blocks the "X-Forwarded-For:" HTTP header in client # requests. # # +client-header-filter{name} # All client headers to which this action applies are filtered on-the-fly # through the specified regular expression based substitutions. # # Client-header filters predefined in the supplied default.filter include: # # hide-tor-exit-notation: Removes the Tor exit node notation in Host and Referer headers. # privoxy-control: Removes X-Privoxy-Control headers. # # +client-header-tagger{string} # Tag requests based on their headers. Client headers to which this # action applies are filtered on-the-fly through the specified regular # expression based substitutions, the result is used as a tag. # Client-header taggers are the first actions that are executed and their # tags can be used to control every other action. # # Client-header taggers predefined in the supplied default.filter include: # # image-requests: Tags detected image requests as "IMAGE-REQUEST". # css-requests: Tags detected CSS requests as "CSS-REQUEST". # range-requests: Tags range requests as "RANGE-REQUEST". # client-ip-address: Tags the request with the client's IP address. # http-method: Tags the request with its HTTP method. # allow-post: Tags POST requests as "ALLOWED-POST". # complete-url: Tags the request with the whole request URL. # user-agent: Tags the request with the complete User-Agent header. # referer: Tags the request with the complete Referer header. # privoxy-control: Creates tags with the content of X-Privoxy-Control headers. # # +content-type-overwrite # Replaces the "Content-Type:" HTTP server header, so that unwanted # download menus will not pop up, or changes the browser's rendering mode. # # +crunch-client-header{string} # Deletes every header sent by the client that contains the string the # user supplied as parameter. # # +crunch-if-none-match # Deletes the "If-None-Match:" HTTP client header. # # +crunch-server-header{string} # Deletes every header sent by the server that contains the string the # user supplied as a parameter. # # +deanimate-gifs{last} # +deanimate-gifs{first} # Deanimate all animated GIF images, i.e. reduce them to their last # frame. This will also shrink the images considerably. (In bytes, # not pixels!) # If the option "first" is given, the first frame of the animation # is used as the replacement. If "last" is given, the last frame of # the animation is used instead, which propably makes more sense for # most banner animations, but also has the risk of not showing the # entire last frame (if it is only a delta to an earlier frame). # # +downgrade-http-version # Downgrade HTTP/1.1 client requests to HTTP/1.0 and downgrade the # responses as well. Use this action for servers that use HTTP/1.1 # protocol features that Privoxy currently can't handle yet. # # +fast-redirects{check-decoded-url} # +fast-redirects{simple-check} # Many sites, like yahoo.com, don't just link to other sites. # Instead, they will link to some script on their own server, # giving the destination as a parameter, which will then redirect # you to the final target. # # URLs resulting from this scheme typically look like: # http://some.place/some_script?http://some.where-else # # Sometimes, there are even multiple consecutive redirects encoded # in the URL. These redirections via scripts make your web browsing # more traceable, since the server from which you follow such a link # can see where you go to. Apart from that, valuable bandwidth and # time is wasted, while your browser asks the server for one redirect # after the other. Plus, it feeds the advertisers. # # The +fast-redirects{check-decoded-url} option enables interception of # these requests by Privoxy, who will cut off all but the last valid URL # in the request and send a local redirect back to your browser without # contacting the intermediate sites. NOTE: Syntax change as of v.3.0.4. # # +filter{name} # All files of text-based type, most notably HTML and JavaScript, to which # this action applies, can be filtered on-the-fly through the specified # regular expression based substitutions. (Note: plain text documents are # exempted from filtering, because web servers often use the text/plain # MIME type for all files whose type they don't know.) By default, # filtering works only on the raw document content itself (that which can # be seen with View Source), not the headers. Repeat for multiple filters. # Use with caution: filters can be very intrusive. # # Filters predefined in the supplied default.filter include: # # js-annoyances: Get rid of particularly annoying JavaScript abuse. # js-events: Kill JavaScript event bindings and timers (Radically destructive! Only for extra nasty sites). # html-annoyances: Get rid of particularly annoying HTML abuse. # content-cookies: Kill cookies that come in the HTML or JS content. # refresh-tags: Kill automatic refresh tags if refresh time is larger than 9 seconds. # unsolicited-popups: Disable only unsolicited pop-up windows. # all-popups: Kill all popups in JavaScript and HTML. # img-reorder: Reorder attributes in tags to make the banners-by-* filters more effective. # banners-by-size: Kill banners by size. # banners-by-link: Kill banners by their links to known clicktrackers. # webbugs: Squish WebBugs (1x1 invisible GIFs used for user tracking). # tiny-textforms: Extend those tiny textareas up to 40x80 and kill the hard wrap. # jumping-windows: Prevent windows from resizing and moving themselves. # frameset-borders: Give frames a border and make them resizable. # iframes: Removes all detected iframes. Should only be enabled for individual sites. # demoronizer: Fix MS's non-standard use of standard charsets. # shockwave-flash: Kill embedded Shockwave Flash objects. # quicktime-kioskmode: Make Quicktime movies saveable. # fun: Text replacements for subversive browsing fun! # crude-parental: Crude parental filtering. Note that this filter doesn't work reliably. # ie-exploits: Disable some known Internet Explorer bug exploits. # site-specifics: Cure for site-specific problems. Don't apply generally! # no-ping: Removes non-standard ping attributes in and tags. # google: CSS-based block for Google text ads. Also removes a width limitation and the toolbar advertisement. # yahoo: CSS-based block for Yahoo text ads. Also removes a width limitation. # msn: CSS-based block for MSN text ads. Also removes tracking URLs and a width limitation. # blogspot: Cleans up some Blogspot blogs. Read the fine print before using this. # # +force-text-mode # Declares a document as plain text, even if the "Content-Type:" isn't detected # as such. # # +forward-override{forward .} # +forward-override{forward 127.0.0.1:8123} # +forward-override{forward-socks4a 127.0.0.1:9050 .} # +forward-override{forward-socks4a 127.0.0.1:9050 proxy.example.org:8000} # +forward-override{forward-socks5 127.0.0.1:9050 .} # +forward-override{forward-socks5 127.0.0.1:9050 proxy.example.org:8000} # This action overrules the forward directives in the configuration file. # # +handle-as-empty-document # This action alone doesn't do anything noticeable. It just marks URLs. If # the block action also applies, the presence or absence of this mark # decides whether an HTML "blocked" page, or an empty document will be sent # to the client as a substitute for the blocked content. # # +handle-as-image # Treat this URL as an image. This only matters if it's also "+block"ed, # in which case a "blocked" image can be sent rather than a HTML page. # See +set-image-blocker{} for the control over what is actually sent. # # +hide-accept-language{lang} # +hide-accept-language{block} # Deletes or replaces the "Accept-Language:" HTTP header in client # requests. # # +hide-content-disposition{block} # +hide-content-disposition{string} # Deletes or replaces the "Content-Disposition:" HTTP header set by some # servers. This can be used to prevent download menus for content you # prefer to view inside the browser, for example. # # +hide-from-header{block} # +hide-from-header{spam@sittingduck.xqq} # If the browser sends a "From:" header containing your e-mail address, # either completely removes the header ("block"), or change it to the # specified e-mail address. # # +hide-if-modified-since{block} # +hide-if-modified-since{-60} # Deletes the "If-Modified-Since:" HTTP client header or modifies its # value, preventing another way to track users. # # +hide-referer{block} # +hide-referer{forge} # +hide-referer{http://nowhere.com} # Don't send the "Referer:" (sic) header to the web site. You can # block it, forge a URL to the same server as the request (which is # preferred because some sites will not send images otherwise) or # set it to a constant string. # # +hide-referrer{...} # Alternative spelling of +hide-referer. Has the same parameters, # and can be freely mixed with, "+hide-referer". ("referrer" is the # correct English spelling, however the HTTP specification has a # bug - it requires it to be spelt "referer"). # # +hide-user-agent{browser-type} # Change the "User-Agent:" header so web servers can't tell your # browser type. (Breaks many web sites). Specify the user-agent # value you want - e.g., to pretend to be using Netscape on Linux: # +hide-user-agent{Mozilla (X11; I; Linux 2.0.32 i586)} # Or to identify yourself explicitly as a Privoxy user: # +hide-user-agent{Privoxy/1.0} # (Don't change the version number from 1.0 - after all, why tell them?) # # +limit-connect{portlist} # # By default, i.e. if no limit-connect action applies, Privoxy # allows HTTP CONNECT requests to all ports. Use limit-connect # if fine-grained control is desired for some or all destinations. # The CONNECT methods exists in HTTP to allow access to secure websites # ("https://" URLs) through proxies. It works very simply: the proxy # connects to the server on the specified port, and then short-circuits # its connections to the client and to the remote server. This means # CONNECT-enabled proxies can be used as TCP relays very easily. Privoxy # relays HTTPS traffic without seeing the decoded content. Websites can # leverage this limitation to circumvent Privoxy's filters. By specifying # an invalid port range you can disable HTTPS entirely. # # +limit-connect{443} # Only port 443 is OK. # +limit-connect{80,443} # Ports 80 and 443 are OK. # +limit-connect{-3, 7, 20-100, 500-} # Ports less than 3, 7, 20 to 100 and above 500 are OK. # +limit-connect{-} # All ports are OK # +limit-connect{,} # No HTTPS/SSL traffic is allowed # # +overwrite-last-modified{block} # +overwrite-last-modified{reset-to-request-time} # +overwrite-last-modified{randomize} # Removing the "Last-Modified:" header is useful for filter testing, where # you want to force a real reload instead of getting status code "304", # which would cause the browser to reuse the old version of the page. # # The "randomize" option overwrites the value of the "Last-Modified:" # header with a randomly chosen time between the original value and the # current time. In theory the server could send each document with a # different "Last-Modified:" header to track visits without using cookies. # "Randomize" makes it impossible and the browser can still revalidate # cached documents. # # "reset-to-request-time" overwrites the value of the "Last-Modified:" # header with the current time. You could use this option together with # hide-if-modified-since to further customize your random range. # # +prevent-compression # Prevent the website from compressing the data. Some websites do # that, which is a problem for Privoxy when built without zlib support, # since +filter and +gif-deanimate will not work on compressed data. # Will slow down connections to those websites, though. # # +server-header-filter{name} # All server headers to which this action applies are filtered on-the-fly # through the specified regular expression based substitutions. # # Server-header filters predefined in the supplied default.filter include: # # x-httpd-php-to-html: Changes the Content-Type header from x-httpd-php to html. # html-to-xml: Changes the Content-Type header from html to xml. # xml-to-html: Changes the Content-Type header from xml to html. # less-download-windows: Prevent annoying download windows for content types the browser can handle itself. # privoxy-control: Removes X-Privoxy-Control headers. # # +server-header-tagger{content-type} # Server headers to which this action applies are filtered on-the-fly # through the specified regular expression based substitutions, the result # is used as a tag. Server-header taggers are executed before all other # header actions that modify server headers. Their tags can be used to # control all of the other server-header actions, the content filters and # the crunch actions (redirect and block). # # Server-header taggers predefined in the supplied default.filter include: # # content-type: Tags the request with the content type declared by the server. # privoxy-control: Creates tags with the content of X-Privoxy-Control headers. # # +session-cookies-only # If the website sets cookies, make sure they are erased when you exit # and restart your web browser. This makes profiling cookies useless, # but won't break sites which require cookies so that you can log in # or for transactions. # # +set-image-blocker{blank} # +set-image-blocker{pattern} # +set-image-blocker{} with being any valid image URL # Decides what to do with URLs that end up tagged with {+block +handle-as-image}. # There are 4 options: # * "-set-image-blocker" will send a HTML "blocked" page, usually # resulting in a "broken image" icon. # * "+set-image-blocker{blank}" will send a 1x1 transparent image # * "+set-image-blocker{pattern}" will send a 4x4 grey/white pattern # which is less intrusive than the logo but easier to recognize # than the transparent one. # * "+set-image-blocker{}" will send a HTTP temporary redirect # to the specified image URL. # # # +crunch-outgoing-cookies # Prevent the website from reading cookies # # +crunch-incoming-cookies # Prevent the website from setting cookies # # +redirect{} # +redirect{} # Convinces the browser that the requested document has been moved to # another location and the browser should get it from the specified # URL. # ############################################################################# ############################################################################# # Settings -- Don't change. ############################################################################# {{settings}} ############################################################################# for-privoxy-version=3.0.11 ############################################################################# # Aliases ############################################################################# {{alias}} ############################################################################# # # You can define a short form for a list of permissions - e.g., instead # of "-crunch-incoming-cookies -crunch-outgoing-cookies -filter -fast-redirects", # you can just write "shop". This is called an alias. # # Currently, an alias can contain any character except space, tab, '=', '{' # or '}'. # But please use only 'a'-'z', '0'-'9', '+', and '-'. # # Alias names are not case sensitive. # # Aliases beginning with '+' or '-' may be used for system action names # in future releases - so try to avoid alias names like this. (e.g. # "+crunch-all-cookies" below is not a good name) # # Aliases must be defined before they are used. # # These aliases just save typing later: # +crunch-all-cookies = +crunch-incoming-cookies +crunch-outgoing-cookies -crunch-all-cookies = -crunch-incoming-cookies -crunch-outgoing-cookies allow-all-cookies = -crunch-all-cookies -session-cookies-only allow-popups = -filter{all-popups} -filter{unsolicited-popups} +block-as-image = +block{Blocked image request.} +handle-as-image -block-as-image = -block # These aliases define combinations of actions # that are useful for certain types of sites: # fragile = -block -crunch-all-cookies -filter -fast-redirects -hide-referer shop = -crunch-all-cookies allow-popups # Your favourite blend of filters: # myfilters = +filter{html-annoyances} +filter{js-annoyances} +filter{all-popups}\ +filter{webbugs} +filter{banners-by-size} # Allow ads for selected useful free sites: # allow-ads = -block -filter{banners-by-size} -filter{banners-by-link} ################ # # Cautious settings -- safe for all sites, but offer little privacy protection # { \ +change-x-forwarded-for{block} \ +client-header-tagger{css-requests} \ +client-header-tagger{image-requests} \ +hide-from-header{block} \ +set-image-blocker{blank} \ } standard.Cautious ################ # # Medium settings -- safe for most sites, with reasonable protection/damage tradeoff # { \ +change-x-forwarded-for{block} \ +client-header-tagger{css-requests} \ +client-header-tagger{image-requests} \ +deanimate-gifs{last} \ +filter{refresh-tags} \ +filter{img-reorder} \ +filter{banners-by-size} \ +filter{webbugs} \ +filter{jumping-windows} \ +filter{ie-exploits} \ +hide-from-header{block} \ +hide-referrer{conditional-block} \ +session-cookies-only \ +set-image-blocker{blank} \ } standard.Medium ################ # # Advanced settings -- reasonable privacy protection but # require some exceptions for trusted sites, most likely # because of cookies or SSL. Also testing ground for # new options. # # CAUTION: These settings can still be subverted by a # misconfigured client that executes code from untrusted # sources. # { \ +change-x-forwarded-for{block} \ +client-header-tagger{css-requests} \ +client-header-tagger{image-requests} \ +crunch-if-none-match \ +crunch-outgoing-cookies \ +crunch-incoming-cookies \ +deanimate-gifs{last} \ +fast-redirects{check-decoded-url} \ +filter{html-annoyances} \ +filter{content-cookies} \ +filter{refresh-tags} \ +filter{img-reorder} \ +filter{banners-by-size} \ +filter{banners-by-link} \ +filter{webbugs} \ +filter{jumping-windows} \ +filter{frameset-borders} \ +filter{quicktime-kioskmode} \ +hide-if-modified-since{-60} \ +hide-from-header{block} \ +hide-referrer{conditional-block} \ +limit-connect{,} \ +overwrite-last-modified{randomize} \ +set-image-blocker{blank} \ } standard.Advanced ############################################################################# # These extensions belong to images: ############################################################################# {+handle-as-image -filter} ############################################################################# /.*\.(gif|jpe?g|png|bmp|ico)($|\?) ############################################################################# # These don't: ############################################################################# {-handle-as-image} /.*\.(js|php|css|.?html?) ############################################################################# # These belong to multimedia files of which Firefox occasionally only # requests parts. #2816708 ############################################################################# {-filter -deanimate-gifs} # Sticky Actions = -filter -deanimate-gifs # URL = http://www.example.org/foo/bar.ogg # URL = http://www.example.net/bar.ogv /.*\.og[gv]$ ############################################################################# # Generic block patterns by host: ############################################################################# {+block{Host matches generic block pattern.}} ad*. .*ads. .ad.?. .ad.[a-ik-z][a-oq-z]. .ad.jp.*. .ad.???*. # Blocked URL = http://alternativos.iw-advertising.com/ .*advert*. *banner*. count*. *counter. # Blocked URL = http://metrics.performancing.com/ metrics. ############################################################################# # Generic unblockers by host: ############################################################################# {-block} # Sticky Actions = -block adsl. ad[udmw]*. adbl*. adam*. adapt*. adob*. adrenaline. adtp*. adv[oia]*. adventure*. .*road*. .olympiad*. .*load*. .*[epu]ad*. county*. countr*. # URL = http://metrics.torproject.org/consensus-graphs.html metrics.torproject.org/ # URL = http://linuxcounter.net/ linuxcounter.net/ # URL = http://adinablafasel.example.org/ adina*. # URL = http://adelelimedesign.deviantart.com/ adele*. ############################################################################# # Generic block patterns by path: ############################################################################# {+block{Path matches generic block pattern.}} # Blocked URL = http://www.example.org/adimage # Blocked URL = http://www.example.org/adspace /(.*/)?ad(\?|/|s|v|_?(image|se?rv|box)|cycle|rotate|mentor|click|f[ra]m|script|stream|fetch|log|space) /phpads(new)?/ /(.*/)?(ad|all|nn|db|promo(tion)?)?[-_]?banner /(.*/)?(publicite|werbung|rekla(me|am)|annonse|maino(kset|nta|s)?/) /.*(count|track|compteur|(?