介紹

• non-caching web proxy

所需的 Package:

• privoxy
• libpthread
• libpcre
• zlib

設定檔:

/etc/privoxy/config

修改以下設定就即刻可以用:

listen-address 192.168.1.1:8118     <--- Default 127.0.0.1 的 8118 Port (0.0.0.0:8118)
permit-access 192.168.1.0/24         <--- Multiple ACL lines are OK.
deny-access    192.168.1.11   <-- Block This Server

---

安裝:

opkg install privoxy

/etc/init.d/privoxy enable

/etc/init.d/privoxy start

 

Default 的啟動参數

/usr/sbin/privoxy --pidfile /var/run/privoxy.pid /etc/privoxy/config

 

---

 

效能選項:

 

enable-compression 0   <---  default (to the client)
compression-level 1 <--- default (zlib)

max-client-connections  <--- default None

socket-timeout 300 <--- default
# no data is received

connection-sharing   <---  outgoing connections
(kept alive should be shared between different incoming connections.)

# 啟用後, 有機會見到 "No server or forwarder data"
# NTLM where only the connection is authenticated, 所以在多人環境不用為好 !!

default-server-timeout
(Connections for which the server didn't specify the keep-alive timeout are not reused.)

buffer-limit    4096     <-- Default, 單位 Kbytes

keep-alive-timeout  300

# clients --> keep alive --> Privoxy ==>  Privoxy  --> keep alive -->  server

 

---

Configure

 

http 介面:

http://config.privoxy.org/   (shortcut:  http://p.p/)
http://p.p/show-status

注解, 續行:

• comment "#"
• line continuation "\"

 

toggle:

toggled 1    <--Default
# 成為一普通 proxy
# 沒有 AD-Filter / content filtering

enable-remote-toggle 1   <--Default
# 在 Pannel 上控制 toggle

enable-remote-http-toggle 0    <--Default
# Client 可以透過 HTTP headers 內的 "X-Filter: No" 去停用 filter

enable-edit-actions 1    <--Default
# 在Pannel 上可以修改 filter file

handle-as-empty-doc-returns-ok
# Privoxy returns a status 403(forbidden) for all blocked pages.

enforce-blocks    0
#在 "Blocked" 的頁面裡有 "go there anyway" 的 link

 

頁底資訊:

• admin-address  [email protected]
• proxy-info-url http://www.example.com/proxy-service.html
• hostname My 's Proxy

 

---

 

Actions File

 

match-all.action # Actions that are applied to all sites and maybe overruled later on.
                         # first actions file loaded.

default.action   # Main actions file, defines many exceptions (match-all.action)
                       #(both positive and negative)

user.action      # User customizations(where you can preserve them across upgrades.)

 

它們都支援 Perl style regular expressions

 

config 設定:

actionsfile match-all.action # Actions that are applied to all sites and maybe o
actionsfile default.action   # Main actions file
actionsfile user.action      # User customizations

 

---

Forwarding

 

routing of HTTP requests through a chain of multiple proxies.

target_pattern   http_parent[:port]

Examples:

Everything goes to an example parent proxy, except SSL on port 443 (which it doesn't handle):

  forward   /      parent-proxy.example.org:8080
  forward   :443   .

• /          all URLs
• .          no forwarding

 

Everything goes to our example ISP's caching proxy, except for requests to that ISP's sites:

  forward   /                  caching-proxy.isp.example.net:8000
  forward   .isp.example.net   .

 

其他設定:

forwarded-connect-retries 0    <-- Default

# mainly interesting for socks4a connections
# proxies --> proxies (forwarded)

 

---

SOCKS 4/5

SOCKS 4A <-- DNS on Proxy Server

forward-socks4a   /              socks-gw.example.com:1080
orward           .example.com   .

 

forward-socks5   /               127.0.0.1:9050 .

 

# local 不 forward

  forward         192.168.*.*/     .
  forward            10.*.*.*/     .
  forward           127.*.*.*/     .
  forward           localhost/     .

 

---

Filter

• default.filter
• user.filter

config:

filterfile default.filter

 

---

Trustfile

 

config 設定

trustfile /etc/privoxy/trust   <-- Default 是沒有設定的 !!

~ character limits access to this site only

+  trusted referrers

There is a limit of 512 such entries

 

---

Debug:

 

/var/log/privoxy <----- "logdir"

logfile privoxy

debug 1  <---  可以如過一行 !!

debug   1    # show each GET/POST/CONNECT request
debug   4096 # Startup banner and warnings
debug   8192 # Errors - *we highly recommended enabling this*

 

其他 level:

• debug  1 # Log the destination for each request Privoxy let through. See also debug 1024. 
• debug  2 # show each connection status
• debug  4 # show I/O status
• debug  8 # show header parsing
• debug  16 # log all data written to the network
• ....................................

 

---

 

Template Files

• "404 - No Such Domain" error page
• the "BLOCKED" page

 

/etc/privoxy/templates/    <-- Default (在 config 內的 templdir 設定它)

放在其他地方有好處, 因為升級會自動取代它

 

---

詳見:

 

• http://www.privoxy.org/user-manual/config.html
• http://www.privoxy.org/user-manual/actions-file.html
• http://www.privoxy.org/user-manual/filter-file.html