[Privoxy-users] Forward-override Assistance

[Fabian Keil]

Amit Dori <amitdo at checkpoint.com> wrote:

> I was wondering if the following scenario is possible:
> I have a machine (acting as a Default Gateway for several other
> machines) with Privoxy listening on a local port and intercepted
> enabled, iptables rules forward traffic from said machines to Privoxy
> which in turn forwards all packets directly by default. I've defined a
> blah.action file which enables a forward-override to a specific proxy. I
> was wondering if this action file could be used when receiving packets
> from specific IPs. Let's say my Privoxy machine is a default GW of
> machine A and B. I wish that when machine A access the internet, it will
> go on directly and when machine B access the web it will activate the
> blah.action and its forward-override thus going thru the defined proxy.
> Is it even possible?

You can tag requests with the client IP address and enable the
forward-override{} action based on the resulting tags.

This currently isn't obvious from the documentation at:
https://www.privoxy.org/user-manual/actions-file.html#CLIENT-HEADER-TAGGER

But I'll add the following example to change this:

#######
# Tag all requests with the client IP address
#
# (Technically the client IP address isn't included in the
# client headers but client-header taggers can set it anyway.
# For details see the tagger in default.filter)
{+client-header-tagger{client-ip-address}}
/

# Change forwarding settings for requests coming from address 10.0.0.1
{+forward-override{forward-socks5 127.0.1.2:2222 .}}
TAG:^IP-ADDRESS: 10\.0\.0\.1$
#######

You should be able to use the example after replacing 10\.0\.0\.1 with a
pattern that matches the address of your machine B.

Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.privoxy.org/pipermail/privoxy-users/attachments/20170420/b91977a3/attachment.bin>