[Privoxy-users] user-agent based forwarding action
privoxyusers2 at i.lucanops.net
privoxyusers2 at i.lucanops.net
Wed Jun 21 13:04:38 UTC 2017
Hi Beeblebrox.
On Tue, 20 Jun 2017 12:37:31 +0300
Beeblebrox <zaphod at berentweb.com> wrote:
> Hi Nick, thanks for the reply.
>
> > you are trying to hide the UA, but then tag against it? How do
> > things go if you comment out the above line?
>
> The problem/solution is that user.action is parsed on first come
> basis apparently. So switching the order solved it:
My comments in my user.action file reflected that too. I'd noticed the
order mattered when I set up my UA hack. Glad to hear you've ended up
with the problem solved.
>
> >if you set your UA and visit an HTTPS site,
> >Privoxy won't know the UA and the override will not apply. I think
> >pretty much all headers are encrypted, and so Privoxy can't know
> >about the UA. Please can someone say if this is wrong?
>
> Interesting point, I'd also like to know...
I've just tried an IP echoing webpage served over HTTPS, and the IP
does come back different depending on the UA. So Privoxy can see the
user agent header with HTTPS.
https://wtfismyip.com/text
A quick Google and the internets thinks all headers are encrypted, so I
am a little confused....though with some fiddling in FF it seems to be
due to SSL versus TLS. My browser needs updating (unhelpfully
Help/about says it is up to date), but turning TLS and SSL on and off
made the browser produce an error itself (due to its age). Privoxy did
not appear to be triggered with SSL3, and so that means only sometimes
(depending on browser and server set-ups) would the UA hack work with
HTTPS web sites.
I am still confident Privoxy can't get at web content coming over
HTTPS, but sometimes (some? all?) headers can be seen. A comment I read
during the above Google said about HTTP1.1 adding a CONNECT command for
encrypted traffic, and so I guess the most basic of headers perhaps are
outside of encryption. Cookies, I would absolutely hope, are and have
always been encrypted when in transit. They must be, or HTTPS secured
logins wouldn't work.
Nick
More information about the Privoxy-users
mailing list