[Privoxy-users] Suggestions and Routing question

Fabian Keil fk at fabiankeil.de
Mon Jun 27 15:27:32 UTC 2016


Unknown <arkmail0 at riseup.net> wrote:

> Suggestions:
> 1. How about redirecting visitors to https?
> "www.privoxy.org" -> redirect to HTTPS

Why?

Some users may prefer vanilla HTTP, for example because it
makes filtering the content with Privoxy more convenient.

I'm frequently annoyed by websites that force me to use HTTPS
instead of leaving the decision to me.

> 2. Now that you decide to leave SF, would you add an RSS feed on privoxy website?
> www.privoxy.org/announce.'rss'

That sounds like a good idea and I will add it to the TODO
list. It also requires writing some code and at least
for me it's not a high priority issue, though.

Patches for this are welcome of course.

> Help:
> 1. How can I route packet to other route?
> (I don't use offered action files, I use my own)

Note that Privoxy makes routing decisions per request,
not per packet.

> I'm asking this because v3.0.25's guide is not clear.
> > "Add client-header-tagger 'listen-address'."  
> 
> 
> 
> e.g., extremely simple example. I use other options btw
> 
> > config:  
> listen 0.0.0.0:8118
> forward-socks5 / 1.2.3.4:5 .
> 
> > action:  
> {+limit-connect{80,443}}
> /

Note that clients usually don't use CONNECT requests for
port 80.

If you want to prevent clients from making any requests to ports
other than 80 and 443, you'll need the block{} action as well.

> > Clients  
> A(IP 10.20.30.40)
> B(10.20.50.50)
> C(9.8.7.6)
> 
> A, B, and C use Privoxy proxy server.
> They can connect to TCP 80 or 443, nothing else.
> 
> I want "C" to route direct connection, and limit port to 8888.
> Only C:
> forward / .
> 
> {+limit-connect{8888}}
> /
> 
> Is this possible?

Yes. This was already possible with previous releases and
does not require the recently-added 'listen-address'
client-header-tagger.

The documentation has an example that shows how to
change the forwarding based on the User-Agent:
https://www.privoxy.org/user-manual/actions-file.html#FORWARD-OVERRIDE

To use the client's IP address you use the 'client-ip-address'
client-header-tagger instead. Maybe we should add an example
for this as well.

> > Possible new idea  
> 
> (!) Add 'If ~ Fi' on config.
> 
> forward-socks5 / 1.2.3.4:5 .
> If (Client-IP == '9.8.7.6')
> forward / .
> Fi
> 
> meaning:
> Everyone must use SOCKS5.
> But if the IP is 9.8.7.6, read the rules.

The forward-override{} action can already be used for this.

The forward directive in the config file should only be used
for simple cases.

> (!) Add 'client-ip-is' on action.
> 
> {+limit-connect{80,443} +add-header{Pri: Voxy}}
> /
> 
> {+limit-connect{8888} +{client-ip-is{9.8.7.6}}}
> /
> 
> meaning:
> Everyone must use only 80 or 443.
> But, if the Client IP is 9.8.7.6, limit only 8888, not 80/443. (also keep Pri: Voxy of course)

The goal can already be achieved with tags.

In the future, please use separate mails for unrelated topics.

Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.privoxy.org/pipermail/privoxy-users/attachments/20160627/76af67c0/attachment.bin>


More information about the Privoxy-users mailing list