[Privoxy-users] Forward-override Assistance
Amit Dori
amitdo at checkpoint.com
Thu Apr 20 11:08:28 UTC 2017
Hi Fabian,
Thanks for your help, I was able to make it work!
2 follow-up questions:
- I've added the tagger part in the default.action and not default.filter. I would love to know why it is better to use the filter for such case.
- Another question I have, is about dynamic actionfiles. I know that each actionfile gets parsed for each requests so I was able to change a file while the service is active and get different results (success!).
My question is, would it be better to use symbolic linkage (and edit files located elsewhere, say /tmp, like the forum suggested) for these files and not overwrite them.
Thanks,
Amit.
-----Original Message-----
From: Fabian Keil [mailto:fk at fabiankeil.de]
Sent: Thursday, April 20, 2017 1:58 PM
To: privoxy-users at lists.privoxy.org
Cc: Amit Dori
Subject: Re: [Privoxy-users] Forward-override Assistance
Amit Dori <amitdo at checkpoint.com> wrote:
> I was wondering if the following scenario is possible:
> I have a machine (acting as a Default Gateway for several other
> machines) with Privoxy listening on a local port and intercepted
> enabled, iptables rules forward traffic from said machines to Privoxy
> which in turn forwards all packets directly by default. I've defined a
> blah.action file which enables a forward-override to a specific proxy.
> I was wondering if this action file could be used when receiving
> packets from specific IPs. Let's say my Privoxy machine is a default
> GW of machine A and B. I wish that when machine A access the internet,
> it will go on directly and when machine B access the web it will
> activate the blah.action and its forward-override thus going thru the defined proxy.
> Is it even possible?
You can tag requests with the client IP address and enable the forward-override{} action based on the resulting tags.
This currently isn't obvious from the documentation at:
https://www.privoxy.org/user-manual/actions-file.html#CLIENT-HEADER-TAGGER
But I'll add the following example to change this:
#######
# Tag all requests with the client IP address # # (Technically the client IP address isn't included in the # client headers but client-header taggers can set it anyway.
# For details see the tagger in default.filter) {+client-header-tagger{client-ip-address}}
/
# Change forwarding settings for requests coming from address 10.0.0.1
{+forward-override{forward-socks5 127.0.1.2:2222 .}}
TAG:^IP-ADDRESS: 10\.0\.0\.1$
#######
You should be able to use the example after replacing 10\.0\.0\.1 with a pattern that matches the address of your machine B.
Fabian
More information about the Privoxy-users
mailing list