<pre style='margin:0'>
Christopher Nielsen (mascguy) pushed a commit to branch master
in repository macports-ports.
</pre>
<p><a href="https://github.com/macports/macports-ports/commit/5c01d2cc44e1c83877181b71ef315b6ee0717aef">https://github.com/macports/macports-ports/commit/5c01d2cc44e1c83877181b71ef315b6ee0717aef</a></p>
<pre style="white-space: pre; background: #F8F8F8">The following commit(s) were added to refs/heads/master by this push:
<span style='display:block; white-space:pre;color:#404040;'> new 5c01d2cc44e macos-fortress: Update to version 2021-10-23
</span>5c01d2cc44e is described below
<span style='display:block; white-space:pre;color:#808000;'>commit 5c01d2cc44e1c83877181b71ef315b6ee0717aef
</span>Author: Steven Thomas Smith <s.t.smith@ieee.org>
AuthorDate: Sat Oct 23 07:37:47 2021 -0400
<span style='display:block; white-space:pre;color:#404040;'> macos-fortress: Update to version 2021-10-23
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> * Add HTTPS inspection capability
</span><span style='display:block; white-space:pre;color:#404040;'> * Addresses: https://trac.macports.org/ticket/63583
</span>---
net/macos-fortress/Portfile | 360 ++++++++---
.../files/macosfortress_setup_check.sh | 30 +-
...check.sh => macosfortress_setup_check_squid.sh} | 0
net/macos-fortress/files/privoxy-config.macports | 718 ++++++++++++++++++---
net/macos-fortress/files/privoxy-config.patch | 93 +--
.../files/privoxy-match-all.action.macports | 39 --
.../files/privoxy-match-all.action.patch | 40 --
net/macos-fortress/files/proxy.pac | 96 +++
8 files changed, 1051 insertions(+), 325 deletions(-)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/macos-fortress/Portfile b/net/macos-fortress/Portfile
</span><span style='display:block; white-space:pre;color:#808080;'>index 630076f9fba..63b3569b7d5 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/net/macos-fortress/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/macos-fortress/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1,9 +1,10 @@
</span> # -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
PortSystem 1.0
<span style='display:block; white-space:pre;background:#e0ffe0;'>+PortGroup active_variants 1.1
</span>
name macos-fortress
<span style='display:block; white-space:pre;background:#ffe0e0;'>-version 2021.02.28
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+version 2021.10.23
</span> revision 0
categories net security
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -21,10 +22,6 @@ if {${subport} ne "${name}-easylistpac"} {
</span> use_configure no
build {}
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# perl5 and python3 major versions
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-set perl5_major_version \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- 5.28
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span> # Use ${python.default_version}
# name consistency with ${prefix}/var/macports/sources/rsync.macports.org/macports/release/tarballs/ports/_resources/port1.0/group/python-1.0.tcl
set python_default_version 39
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -40,6 +37,9 @@ set proxy_pac_server \
</span> set proxy_pac_directory \
/Library/WebServer/Documents
<span style='display:block; white-space:pre;background:#e0ffe0;'>+set privoxyGroup privoxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set privoxyUser privoxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span> variant initialize_always \
description {Always initialize all configuration files. Intended \
for development and troubleshooting only. Working deployments \
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -124,9 +124,9 @@ proc plutil_startup {plcmds label} {
</span> }
}
<span style='display:block; white-space:pre;background:#ffe0e0;'>-set notes_pf "The PF configuration provides an adaptive firewall\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- that blocks brute force attacks, and connections from IP addresses\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- provided by the crowd-sourced lists dshield and emergingthreats. PF\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set notes_pf "The PF configuration provides an adaptive firewall \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ that blocks brute force attacks, and connections from IP addresses \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ provided by the crowd-sourced lists dshield and emergingthreats. PF \
</span> uses this environment variable (with default value):
\t\${PF_CONF:-${pf_conf}}
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -135,16 +135,36 @@ set notes_pf "The PF configuration provides an adaptive firewall\
</span>
\t${prefix}/share/${name}/private.myserver.launchctl-setenv.plist"
<span style='display:block; white-space:pre;background:#ffe0e0;'>-set notes_proxy "The proxy uses a chain of squid (port 3128) and\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- privoxy (port 8118) along with a blackhole provided by nginx (port 8119).\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- Domain names and a blacklist file are blocked, excluding\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set notes_proxy_privoxy \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "The proxy uses a privoxy (port 8118) along with \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ CSS blocking using an nginx webserver (port 8119). Clients may be \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ configured to use this proxy by either host:port or the PAC file:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t${proxy_hostname}:8118
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\thttp://${proxy_hostname}/proxy.pac"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set notes_proxy_squid \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "The proxy uses a chain of squid (port 3128) and \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ privoxy (port 8118) along with a blackhole and CSS blocking using \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ an nginx webserver (port 8119). Please note that this approach \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ may not work on several browsers, including iOS Safari 15. See \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ https://github.com/essandess/easylist-pac-privoxy/issues/21. The \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port ${name}-proxy with HTTPS inspection is recommended.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Clients may be configured to use this proxy by either host:port \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ or the PAC file:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t${proxy_hostname}:3128
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\thttp://${proxy_hostname}/proxy.pac"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set notes_proxy "Domain names and a blacklist file are blocked, excluding \
</span> whitelisted domain names. These are provised in the files:
\t${prefix}/etc/${name}/blacklist.txt
\t${prefix}/etc/${name}/whitelist.txt
<span style='display:block; white-space:pre;background:#ffe0e0;'>- The proxy also provides a proxy autoconfiguration (PAC) file with\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- blocking rules generated from easylist ad and tracker blocks. The\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ The proxy also provides a proxy autoconfiguration (PAC) file with \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ blocking rules generated from easylist ad and tracker blocks. The \
</span> proxy uses these environment variables (with default values):
\t\${PROXY_HOSTNAME:-${proxy_hostname}}
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -155,16 +175,10 @@ set notes_proxy "The proxy uses a chain of squid (port 3128) and\
</span>
\t${prefix}/share/${name}/private.myserver.launchctl-setenv.plist
<span style='display:block; white-space:pre;background:#ffe0e0;'>- The native macOS web server is used by default to host the PAC file.\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ The native macOS web server is used by default to host the PAC file. \
</span> This web server must be launched independently with the command
<span style='display:block; white-space:pre;background:#ffe0e0;'>-sudo apachectl start
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- Clients may be configured to use this proxy by either host:port or\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- the PAC file:
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-\t${proxy_hostname}:3128
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-\thttp://${proxy_hostname}/proxy.pac"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sudo apachectl start"
</span>
pre-fetch {
# The way that startupitems values are quoted was changed in 2.6.3.
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -183,25 +197,67 @@ if {${name} eq ${subport}} {
</span> for macOS. Built to block attacks using open \
source databases, and block ads, malicious \
scripts, and conceal information used for web \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- tracking. Uses PF, squid, privoxy, dshield, \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- emergingthreats, hosts file, and a proxy \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ tracking. Uses PF, dshield, emergingthreats, \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ hosts file, a filtering proxy, and a proxy \
</span> autoconfiguration (PAC) file.
<span style='display:block; white-space:pre;background:#e0ffe0;'>+ variant https_inspection \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ description {Use Privoxy HTTPS inspection.} {}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ default_variants-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ +https_inspection
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { [variant_isset "https_inspection"] } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set proxy_subport ${name}-proxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } else {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # proxy chain without HTTPS inspection
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set proxy_subport ${name}-proxy-squid
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span> depends_lib-append \
port:${name}-pf \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- port:${name}-proxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:${proxy_subport}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ pre-build {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -d ${worksrcpath}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { [variant_isset "https_inspection"] } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { [catch {set result [registry_active ${name}-proxy]}]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ || [lindex [lindex ${result} 0] 3] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ne "+https_inspection" } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ui_error "${name}-proxy not installed with https_inspection. \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Please install:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sudo port -pN install ${name}-proxy +https_inspection"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # this will exit with error if the port is not installed at all
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ registry_active ${name}-proxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ build {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { [variant_isset "https_inspection"] } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0755 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${filespath}/macosfortress_setup_check.sh \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${worksrcpath}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } else {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0755 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${filespath}/macosfortress_setup_check_squid.sh \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${worksrcpath}/macosfortress_setup_check.sh
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span> destroot {
<span style='display:block; white-space:pre;background:#ffe0e0;'>- xinstall -d \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${destroot}${prefix}/share/${name} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -d ${destroot}${prefix}/share/${name} \
</span> ${destroot}${prefix}/share/${name}/logrotate.d
xinstall -m 0755 \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- ${filespath}/macosfortress_setup_check.sh ${destroot}${prefix}/bin
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${worksrcpath}/macosfortress_setup_check.sh \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/bin
</span> xinstall -m 0644 \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- ${filespath}/logrotate.d.macos-fortress \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${destroot}${prefix}/share/${name}/logrotate.d/macos-fortress
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${filespath}/logrotate.d.macos-fortress \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/share/${name}/logrotate.d/macos-fortress
</span> xinstall -m 0644 \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- ${filespath}/private.myserver.launchctl-setenv.plist \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${destroot}${prefix}/share/${name}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${filespath}/private.myserver.launchctl-setenv.plist \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/share/${name}
</span> foreach cmd [list \
"s|@PREFIX@|${prefix}|g" \
"s|@NAME@|${name}|g" \
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -220,13 +276,13 @@ if {${name} eq ${subport}} {
</span> yes
startupitem.start \
"\${prefix}/bin/port load ${name}-pf
<span style='display:block; white-space:pre;background:#ffe0e0;'>-\t\${prefix}/bin/port load ${name}-proxy"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\${prefix}/bin/port load ${proxy_subport}"
</span> startupitem.stop \
"\${prefix}/bin/port unload ${name}-pf
<span style='display:block; white-space:pre;background:#ffe0e0;'>-\t\${prefix}/bin/port unload ${name}-proxy"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\${prefix}/bin/port unload ${proxy_subport}"
</span> startupitem.restart \
"\${prefix}/bin/port reload ${name}-pf
<span style='display:block; white-space:pre;background:#ffe0e0;'>-\t\${prefix}/bin/port reload ${name}-proxy"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\${prefix}/bin/port reload ${proxy_subport}"
</span>
post-activate {
# modify the launch daemons
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -239,20 +295,20 @@ if {${name} eq ${subport}} {
</span> org.macports.${startupitem.name}
}
<span style='display:block; white-space:pre;background:#ffe0e0;'>- notes "The port ${name} is comprised of two independent.\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- configurable components: the PF firewall and the proxy chain,\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ notes "The port ${name} is comprised of two independent. \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ configurable components: the PF firewall and the proxy chain, \
</span> provided by the ports:
\t${name}-pf
<span style='display:block; white-space:pre;background:#ffe0e0;'>-\t${name}-proxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t${proxy_subport}
</span>
<span style='display:block; white-space:pre;background:#ffe0e0;'>- To check the status of all the dependent daemons and to see\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ To check the status of all the dependent daemons and to see \
</span> a count of the number of firewall attacks, run:
sudo macosfortress_setup_check.sh
sudo pf_attacks.sh
<span style='display:block; white-space:pre;background:#ffe0e0;'>- After initial installation, it is necessary to kickstart these\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ After initial installation, it is necessary to kickstart these \
</span> launch daemons, which do not run at load:
sudo port load ${name}
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -260,11 +316,16 @@ sudo launchctl kickstart -k system/org.macports.${name}-dshield
</span> sudo launchctl kickstart -k system/org.macports.${name}-emergingthreats
sudo launchctl kickstart -k system/org.macports.${name}-hosts
sudo launchctl kickstart -k system/org.macports.adblock2privoxy
<span style='display:block; white-space:pre;background:#ffe0e0;'>-sudo launchctl kickstart -k system/org.macports.${name}-easylistpac
</span>
<span style='display:block; white-space:pre;background:#ffe0e0;'>-${notes_pf}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+${notes_pf}"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { ![variant_isset "https_inspection"] } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ notes-append ${notes_proxy_privoxy}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } else {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ notes-append ${notes_proxy_squid}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span>
<span style='display:block; white-space:pre;background:#ffe0e0;'>-${notes_proxy}"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ notes-append ${notes_proxy}
</span> }
subport ${name}-pf {
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -303,7 +364,7 @@ subport ${name}-pf {
</span> init "PF_CONF=\"\${PF_CONF:-${pf_conf_prefix}}\"" \
start {
"for tt in {1..4}; do \\"
<span style='display:block; white-space:pre;background:#ffe0e0;'>- "\tif \[\[ `/sbin/ifconfig | \${prefix}/bin/pcregrep -M -o '^\[^\\t:\]+:(\[^\\n\]|\\n\\t)*status: active' | egrep -o -m 1 '^\[^\\t:\]+'` = '' \]\]; then \\"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "\tif \[\[ \$(/sbin/ifconfig | \${prefix}/bin/pcregrep -M -o '^\[^\\t:\]+:(\[^\\n\]|\\n\\t)*status: active' | egrep -o -m 1 '^\[^\\t:\]+') = '' \]\]; then \\"
</span> "\t\tsleep 45; \\"
"\telse \\"
"\t\t/sbin/pfctl -Fall \\"
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -399,6 +460,8 @@ interface : ${interface}
</span> }
subport ${name}-dshield {
<span style='display:block; white-space:pre;background:#e0ffe0;'>+ PortGroup perl5 1.0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span> description DShield is a community-based collaborative firewall \
log correlation system.
long_description \
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -406,8 +469,7 @@ subport ${name}-dshield {
</span>
depends_run-append \
port:gnupg2 \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- port:perl${perl5_major_version} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- port:p${perl5_major_version}-data-validate-ip \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:p${perl5.major}-data-validate-ip \
</span> port:wget
destroot {
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -433,7 +495,7 @@ subport ${name}-dshield {
</span> "\${prefix}/bin/wget -N -P \${prefix}/etc/${name} http://feeds.dshield.org/block.txt \\
\t&& \${prefix}/bin/wget -N -P \${prefix}/etc/${name} http://feeds.dshield.org/block.txt.asc \\
\t&& \${prefix}/bin/gpg --verify \${prefix}/etc/${name}/block.txt.asc \${prefix}/etc/${name}/block.txt \\
<span style='display:block; white-space:pre;background:#ffe0e0;'>-\t&& \${prefix}/bin/perl${perl5_major_version} -ane 'use Data::Validate::IP; my \$vip=Data::Validate::IP->new; if (/^\\w*#/) { print; } elsif (\$vip->is_ipv4(\$F\[0\]) & \$vip->is_ipv4(\$F\[1\]) & \$F\[2\] =~ /\[\[:digit:\]\]/ & (0<= \$F\[2\] & \$F\[2\]<=32)) { print \$F\[0\], \"/\", \$F\[2\], \"\\n\"; }' \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t&& ${perl5.bin} -ane 'use Data::Validate::IP; my \$vip=Data::Validate::IP->new; if (/^\\w*#/) { print; } elsif (\$vip->is_ipv4(\$F\[0\]) & \$vip->is_ipv4(\$F\[1\]) & \$F\[2\] =~ /\[\[:digit:\]\]/ & (0<= \$F\[2\] & \$F\[2\]<=32)) { print \$F\[0\], \"/\", \$F\[2\], \"\\n\"; }' \\
</span> \t\t\${prefix}/etc/${name}/block.txt \\
\t\t> /tmp/dshield_block_ip.txt \\
\t&& install -m 644 -g admin -S /tmp/dshield_block_ip.txt \${prefix}/etc/${name}/dshield_block_ip.txt ; \\
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -460,7 +522,7 @@ subport ${name}-dshield {
</span> }
notes \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- "The launch daemon org.macports.${subport} is configured with\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "The launch daemon org.macports.${subport} is configured with \
</span> RunAtLoad false. To initialize this service at its first load, run:
sudo port load ${subport}
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -512,7 +574,7 @@ subport ${name}-emergingthreats {
</span> org.macports.${startupitem.name}
}
<span style='display:block; white-space:pre;background:#ffe0e0;'>- notes "The launch daemon org.macports.${subport} is configured with\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ notes "The launch daemon org.macports.${subport} is configured with \
</span> RunAtLoad false. To initialize this service at its first load, run:
sudo port load ${subport}
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -522,7 +584,106 @@ sudo launchctl kickstart -k system/org.macports.${subport}"
</span> subport ${name}-proxy {
description Blackhole and Privatizing Proxy.
long_description \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- {*}${description}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ {*}${description} The proxy uses Privoxy and adblock2privoxy.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ conflicts ${name}-proxy-squid
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ depends_lib-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:${name}-hosts \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:${name}-proxypac \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:adblock2privoxy \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:privoxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ variant https_inspection \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ description {Use Privoxy HTTPS inspection.} {}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ default_variants-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ +https_inspection
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ pre-build {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { [variant_isset "https_inspection"] } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { [catch {set result [registry_active privoxy]}]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ || [lindex [lindex ${result} 0] 3] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ne "+https_inspection" } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ui_error "Privoxy not installed with https_inspection. \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Please install:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sudo port -pN install privoxy +https_inspection"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # this will exit with error if the port is not installed at all
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ registry_active privoxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # privoxy patch file creation
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ## mkdir privoxy-orig privoxy-new
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ## sudo cp ${prefix}/etc/privoxy/config.new privoxy-orig/config
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ## sudo cp ${prefix}/etc/privoxy/match-all.action.new privoxy-orig/match-all.action
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ## sudo cp ${prefix}/etc/privoxy/config.new privoxy-new/config
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ## sudo cp ${prefix}/etc/privoxy/match-all.action.new privoxy-new/match-all.action
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ## sudo chown `whoami` privoxy-orig/config privoxy-new/config privoxy-orig/match-all.action privoxy-new/match-all.action
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ## patch -p0 -f -l -N privoxy-new/config < ${prefix}/var/macports/sources/rsync.macports.org/macports/release/tarballs/ports/net/macos-fortress/files/privoxy-config.patch
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ## patch -p0 -f -l -N privoxy-new/match-all.action < ${prefix}/var/macports/sources/rsync.macports.org/macports/release/tarballs/ports/net/macos-fortress/files/privoxy-match-all.action.patch
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ## diff -NaurdwB -I '^ *#' ./privoxy-orig/config ./privoxy-new/config | sed -E -e 's/\.\/privoxy-(orig|new)\/(config)(\.[[:alnum:]]+)*/\.\/config/' | sed -E -e 's|/opt/local|@PREFIX@|g' > ~/Downloads/privoxy-config.patch
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ## diff -NaurdwB -I '^ *#' ./privoxy-orig/match-all.action ./privoxy-new/match-all.action | sed -E -e 's/\.\/privoxy-(orig|new)\/(config)(\.[[:alnum:]]+)*/\.\/config/' | sed -E -e 's|/opt/local|@PREFIX@|g' > ~/Downloads/privoxy-match-all.action.patch
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ destroot {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0644 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${filespath}/privoxy-config.patch \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${workpath}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ foreach cmd [list \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "s|@PREFIX@|${prefix}|g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "s|@PROXY_HOSTNAME@|${proxy_hostname}|g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "s|@PROXY_SERVER@|${proxy_server}|g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ] {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ reinplace -q ${cmd} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${workpath}/privoxy-config.patch
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ startupitem.create \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ yes
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ startupitems \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ name ${subport} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ start [list \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "\${prefix}/bin/port -p load ${name}-hosts privoxy adblock2privoxy" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ stop [list \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "\${prefix}/bin/port -p unload ${name}-hosts privoxy adblock2privoxy" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ restart [list \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "\${prefix}/bin/port -p reload ${name}-hosts privoxy adblock2privoxy" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ pidfile none
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ post-activate {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ patch_configuration \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${workpath}/privoxy-config.patch \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/etc/privoxy/config \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/etc/privoxy/config.new
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ file attributes ${prefix}/etc/privoxy/config \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -group ${privoxyGroup} -owner ${privoxyUser}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # modify the launch daemons
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ plutil_startup [list \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-remove KeepAlive" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert RunAtLoad -bool YES" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert StandardErrorPath -string ${prefix}/var/log/${name}.log" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert StandardOutPath -string ${prefix}/var/log/${name}.log" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.${subport}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ notes ${notes_proxy_privoxy}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ notes-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${notes_proxy}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+subport ${name}-proxy-squid {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ description Blackhole and Privatizing Proxy using Squid and easylist-pac.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ long_description \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ {*}${description} The proxy uses Squid, Privoxy, \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ adblock2privoxy, and easylist-pac.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ conflicts ${name}-proxy
</span>
depends_lib-append \
port:${name}-easylistpac \
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -554,7 +715,6 @@ subport ${name}-proxy {
</span> xinstall -m 0644 \
${filespath}/squid-squid.conf.patch \
${filespath}/privoxy-config.patch \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- ${filespath}/privoxy-match-all.action.patch \
</span> ${workpath}
foreach cmd [list \
"s|@PREFIX@|${prefix}|g" \
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -563,8 +723,7 @@ subport ${name}-proxy {
</span> ] {
reinplace -q ${cmd} \
${workpath}/squid-squid.conf.patch \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- ${workpath}/privoxy-config.patch \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${workpath}/privoxy-match-all.action.patch
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${workpath}/privoxy-config.patch
</span> }
}
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -595,10 +754,8 @@ subport ${name}-proxy {
</span> ${workpath}/privoxy-config.patch \
${prefix}/etc/privoxy/config \
${prefix}/etc/privoxy/config.new
<span style='display:block; white-space:pre;background:#ffe0e0;'>- patch_configuration \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${workpath}/privoxy-match-all.action.patch \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${prefix}/etc/privoxy/match-all.action \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${prefix}/etc/privoxy/match-all.action.new
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ file attributes ${prefix}/etc/privoxy/config \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -group ${privoxyGroup} -owner ${privoxyUser}
</span>
# modify the launch daemons
plutil_startup [list \
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -627,7 +784,49 @@ subport ${name}-proxy {
</span> org.macports.${subport}.squid-rotate
}
<span style='display:block; white-space:pre;background:#ffe0e0;'>- notes ${notes_proxy}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ notes ${notes_proxy_squid}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ notes-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${notes_proxy}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+subport ${name}-proxypac {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ description Proxy Auto-Configuration (PAC) file.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ long_description {*}${description}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ conflicts ${name}-easylistpac
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ destroot {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -d ${destroot}${prefix}/etc/${name}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0644 ${filespath}/proxy.pac \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/etc/${name}/proxy.pac.macports
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ reinplace -q "s|@PROXY_SERVER@|${proxy_server}|g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/etc/${name}/proxy.pac.macports
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ post-activate {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ install_initial_configuration \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/etc/${name}/proxy.pac
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { ![file isfile ${proxy_pac_directory}/proxy.pac] } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0644 ${prefix}/etc/${name}/proxy.pac \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${proxy_pac_directory}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ notes "The location of the proxy autoconfiguration (PAC) \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ file and the web server IP address are specified by the \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ environment variables (with default values):
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\${PROXY_PAC_DIRECTORY:-${proxy_pac_directory}}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\${PROXY_PAC_SERVER:-${proxy_pac_server}}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ To change site-specific launchd environment variables, \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ use the launchd plist:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t${prefix}/share/${name}/private.myserver.launchctl-setenv.plist
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ The native macOS Web Server must be started with the command:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sudo apachectl start"
</span> }
subport ${name}-easylistpac {
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -656,6 +855,8 @@ subport ${name}-easylistpac {
</span> sha256 288b66426814c338857dcda483b044e6659c3dfde1779bdc6e5a7969a07faff2 \
size 82943
<span style='display:block; white-space:pre;background:#e0ffe0;'>+ conflicts ${name}-proxypac
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span> depends_lib-append \
port:adblock2privoxy \
port:python${python_version} \
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -728,14 +929,14 @@ test -f \"\${PROXY_PAC_DIRECTORY}/proxy.pac.orig\" \\
</span> org.macports.${startupitem.name}
}
<span style='display:block; white-space:pre;background:#ffe0e0;'>- notes "The location of the proxy autoconfiguration (PAC)\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- file and the web server IP address are specified by the\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ notes "The location of the proxy autoconfiguration (PAC) \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ file and the web server IP address are specified by the \
</span> environment variables (with default values):
\t\${PROXY_PAC_DIRECTORY:-${proxy_pac_directory}}
\t\${PROXY_PAC_SERVER:-${proxy_pac_server}}
<span style='display:block; white-space:pre;background:#ffe0e0;'>- To change site-specific launchd environment variables,\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ To change site-specific launchd environment variables, \
</span> use the launchd plist:
\t${prefix}/share/${name}/private.myserver.launchctl-setenv.plist
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -744,14 +945,17 @@ test -f \"\${PROXY_PAC_DIRECTORY}/proxy.pac.orig\" \\
</span>
sudo apachectl start
<span style='display:block; white-space:pre;background:#ffe0e0;'>- The launch daemon org.macports.${subport} is configured with\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ The launch daemon org.macports.${subport} is configured with \
</span> RunAtLoad false. To initialize this service at its first load, run:
sudo port load ${subport}
sudo launchctl kickstart -k system/org.macports.${subport}"
}
<span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span> subport ${name}-hosts {
<span style='display:block; white-space:pre;background:#e0ffe0;'>+ PortGroup perl5 1.0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span> description A community managed and maintained hosts file.
long_description \
${subport} is a community managed and maintained \
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -761,8 +965,7 @@ subport ${name}-hosts {
</span>
depends_run-append \
port:gnupg2 \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- port:perl${perl5_major_version} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- port:p${perl5_major_version}-data-validate-domain \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:p${perl5.major}-data-validate-domain \
</span> port:wget
destroot {
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -797,7 +1000,7 @@ subport ${name}-hosts {
</span> \t\t>> \"/tmp/${subport}/hosts-block.txt\"
\t\"\$3\" \"\${prefix}/etc/macos-fortress/\$2\" \\
\t\t| tr -d '\\r' \\
<span style='display:block; white-space:pre;background:#ffe0e0;'>-\t\t| \${prefix}/bin/perl${perl5_major_version} -ane 'use POSIX; use Data::Validate::Domain qw(is_domain); { if (/'\"\$4\"'/) { print qq#127.0.0.1\\t\$1\\n# if is_domain(\$1); } elsif (/^\\s*#/) { print; } }' \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t| ${perl5.bin} -ane 'use POSIX; use Data::Validate::Domain qw(is_domain); { if (/'\"\$4\"'/) { print qq#127.0.0.1\\t\$1\\n# if is_domain(\$1); } elsif (/^\\s*#/) { print; } }' \\
</span> \t\t\t>> \"/tmp/${subport}/hosts-block.txt\"
}
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -807,12 +1010,12 @@ function hosts_block_wget_and_add () {
</span> }"
startupitem.start \
"( test -f \${prefix}/etc/${name}/hosts-orig \\
<span style='display:block; white-space:pre;background:#ffe0e0;'>-\t\t|| install -m 0644 -S /etc/hosts ${prefix}/etc/${name}/hosts-orig )
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t|| install -m 0644 -S /etc/hosts \${prefix}/etc/${name}/hosts-orig )
</span> \t( test -d /tmp/${subport} || mkdir /tmp/${subport} )
<span style='display:block; white-space:pre;background:#ffe0e0;'>-\tcp ${prefix}/etc/${name}/hosts-orig /tmp/${subport}/hosts
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-\t( test -f ${prefix}/etc/${name}/whitelist.txt \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\tcp \${prefix}/etc/${name}/hosts-orig /tmp/${subport}/hosts
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t( test -f \${prefix}/etc/${name}/whitelist.txt \\
</span> \t\t|| printf '\\n# whitelisted hosts (FQDN and DN) will be deleted from ${subport}\\n#\\n' \\
<span style='display:block; white-space:pre;background:#ffe0e0;'>-\t\t\t> ${prefix}/etc/${name}/whitelist.txt )
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t\t> \${prefix}/etc/${name}/whitelist.txt )
</span> \t# empty hosts-block.txt
\t> \"/tmp/${subport}/hosts-block.txt\"
\thosts_block_wget_and_add \\
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -865,11 +1068,20 @@ function hosts_block_wget_and_add () {
</span> \t( test -f \${prefix}/etc/${name}/blacklist.txt \\
\t\t&& cat \${prefix}/etc/${name}/blacklist.txt \\
\t\t>> \"/tmp/${subport}/hosts\" )
<span style='display:block; white-space:pre;background:#ffe0e0;'>-\tgrep -v -E \"`\${prefix}/bin/perl${perl5_major_version} -ane 'BEGIN{\$s=qw#\\\\s+(#}; { if (!/^\\w*#/&length(\$F\[0\])>0){\$s = \$s . \$F\[0\] . qw(|);}} END{\$s = substr(\$s,0,length(\$s)-1) . qw#)\\\\s*#; \$s=~s/\\\\./\\\\\\\\./g; print \$s;}' \${prefix}/etc/${name}/whitelist.txt`\" /tmp/${subport}/hosts-block.txt \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\tgrep -v -E \"\$(${perl5.bin} -ane 'BEGIN{\$s=qw#\\\\s+(#}; { if (!/^\\w*#/&length(\$F\[0\])>0){\$s = \$s . \$F\[0\] . qw(|);}} END{\$s = substr(\$s,0,length(\$s)-1) . qw#)\\\\s*#; \$s=~s/\\\\./\\\\\\\\./g; print \$s;}' \${prefix}/etc/${name}/whitelist.txt)\" /tmp/${subport}/hosts-block.txt \\
</span> \t\t>> /tmp/${subport}/hosts
\tinstall -m 0644 -S \"/tmp/${subport}/hosts\" \"\${prefix}/etc/${name}/${subport}\"
<span style='display:block; white-space:pre;background:#ffe0e0;'>-\trm -fr \"/tmp/${subport}\"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-\t${prefix}/sbin/squid -k reconfigure"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\trm -r \"/tmp/${subport}\"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\tprintf \"# Privoxy block of hosts from ${prefix}/etc/${name}/${subport}\\n{ +block{Blocked hosts from ${subport}.} }\\n\" \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t> /tmp/${subport}.action
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t# Privoxy blocked hosts action file
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\tcat \"\${prefix}/etc/macos-fortress/${subport}\" \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t| grep -E -v '^\[\[:space:]]*(#|\$)' \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t| grep -E -v '^(127\\.0\\.0\\.1|255\\.255\\.255\\.255|::1)\[\[:space:]]+(localhost|broadcasthost)' \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t| sed -E -e 's/^(127\\.0\\.0\\.1|0\\.0\\.0\\.0)\[\[:space:]]+(\[^\[:space:]]+)\$/\\2/' \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t>> \"/tmp/${subport}.action\"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\tinstall -m 0644 -S \"/tmp/${subport}.action\" \"\${prefix}/etc/${name}/${subport}.action\"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\trm \"/tmp/${subport}.action\""
</span> startupitem.stop \
"true"
startupitem.pidfile \
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -896,7 +1108,7 @@ function hosts_block_wget_and_add () {
</span> org.macports.${startupitem.name}
}
<span style='display:block; white-space:pre;background:#ffe0e0;'>- notes "The launch daemon org.macports.${subport} is configured with\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ notes "The launch daemon org.macports.${subport} is configured with \
</span> RunAtLoad false. To initialize this service at its first load, run:
sudo port load ${subport}
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -909,7 +1121,7 @@ if { [variant_isset "initialize_always"] } {
</span> notes-append ""
}
notes-append \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- "The variant +initialize_always is set, which initializes\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- all configuration files. Please disable this variant for\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "The variant +initialize_always is set, which initializes \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ all configuration files. Please disable this variant for \
</span> working deployments."
}
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/macos-fortress/files/macosfortress_setup_check.sh b/net/macos-fortress/files/macosfortress_setup_check.sh
</span><span style='display:block; white-space:pre;color:#808080;'>index a3d443480d4..d99af385dca 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/net/macos-fortress/files/macosfortress_setup_check.sh
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/macos-fortress/files/macosfortress_setup_check.sh
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -67,12 +67,9 @@ LAUNCHD_PLISTS=( \
</span> org.macports.@NAME@-dshield \
org.macports.@NAME@-emergingthreats \
org.macports.@NAME@-proxy \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- org.macports.@NAME@-proxy.squid-rotate \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- org.macports.@NAME@-easylistpac \
</span> org.macports.@NAME@-hosts \
org.macports.adblock2privoxy \
org.macports.adblock2privoxy-nginx \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- org.macports.Squid \
</span> org.macports.Privoxy \
)
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -192,17 +189,15 @@ EOF
</span> PROXY_FILES=( \
"${PROXY_PAC_DIRECTORY}/proxy.pac.orig" \
"${PROXY_PAC_DIRECTORY}/proxy.pac" \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- @PREFIX@/bin/easylist_pac.py \
</span> @PREFIX@/bin/adblock2privoxy \
@PREFIX@/etc/@NAME@/proxy.pac \
@PREFIX@/etc/adblock2privoxy/nginx.conf \
@PREFIX@/etc/adblock2privoxy/css/default.html \
<span style='display:block; white-space:pre;background:#e0ffe0;'>+ @PREFIX@/etc/@NAME@/@NAME@-hosts.action \
</span> @PREFIX@/etc/adblock2privoxy/privoxy/ab2p.action \
@PREFIX@/etc/adblock2privoxy/privoxy/ab2p.filter \
@PREFIX@/etc/adblock2privoxy/privoxy/ab2p.system.action \
@PREFIX@/etc/adblock2privoxy/privoxy/ab2p.system.filter \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- @PREFIX@/etc/squid/squid.conf \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- @PREFIX@/var/squid/logs/cache.log \
</span> @PREFIX@/etc/privoxy/config \
@PREFIX@/var/log/privoxy/logfile \
)
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -217,23 +212,6 @@ done
</span> Checking proxy status…
EOF
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# squid
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-if [[ `"${SUDO}" "${LSOF}" -i ':3128' | "${TAIL}" -1` && `"${PS}" -ef | "${GREP}" "@PREFIX@/sbin/squid -s" | "${EGREP}" -v '(grep|daemondo)' | "${WC}" -l` -eq 1 ]]; then
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- echo "[✅] Squid is running properly"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-else
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- "${CAT}" <<EOF
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-[❌] Squid isn't running properly! Troubleshooting:
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-sudo squid -k check
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-sudo less @PREFIX@/var/squid/logs/cache.log
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-sudo port unload squid4
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-sudo killall '(squid-1)'
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-sudo killall 'squid'
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-sleep 5
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-sudo port load squid4
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-EOF
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-fi
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span> # privoxy
if [[ `"${SUDO}" "${LSOF}" -i ':8118' | "${TAIL}" -1` ]]; then
echo "[✅] Privoxy is running properly"
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -247,11 +225,11 @@ EOF
</span> fi
# Privoxy configuration http://p.p/ via proxy server
<span style='display:block; white-space:pre;background:#ffe0e0;'>-if [[ `( http_proxy=http://${PROXY_HOSTNAME}:3128; "${CURL}" -s --head http://p.p/ | "${HEAD}" -n 1 | "${GREP}" "HTTP/1.\d [23]\d\d" )` ]]; then
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- echo "[✅] Privoxy config http://p.p/ via http://${PROXY_HOSTNAME}:3128 is running properly"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+if [[ `( http_proxy=http://${PROXY_HOSTNAME}:8118; "${CURL}" -s --head http://p.p/ | "${HEAD}" -n 1 | "${GREP}" "HTTP/1.\d [23]\d\d" )` ]]; then
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ echo "[✅] Privoxy config http://p.p/ via http://${PROXY_HOSTNAME}:8118 is running properly"
</span> else
"${CAT}" <<EOF
<span style='display:block; white-space:pre;background:#ffe0e0;'>-[❌] Privoxy config http://p.p/ via http://${PROXY_HOSTNAME}:3128 isn't running properly! Troubleshooting:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+[❌] Privoxy config http://p.p/ via http://${PROXY_HOSTNAME}:8118 isn't running properly! Troubleshooting:
</span>
sudo less @PREFIX@/var/log/privoxy/logfile
sudo port reload privoxy
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/macos-fortress/files/macosfortress_setup_check.sh b/net/macos-fortress/files/macosfortress_setup_check_squid.sh
</span>similarity index 100%
copy from net/macos-fortress/files/macosfortress_setup_check.sh
copy to net/macos-fortress/files/macosfortress_setup_check_squid.sh
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/macos-fortress/files/privoxy-config.macports b/net/macos-fortress/files/privoxy-config.macports
</span><span style='display:block; white-space:pre;color:#808080;'>index 5e30e6afdc2..0921e30a3b5 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/net/macos-fortress/files/privoxy-config.macports
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/macos-fortress/files/privoxy-config.macports
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1,8 +1,6 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-# Sample Configuration File for Privoxy 3.0.26
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Sample Configuration File for Privoxy 3.0.32
</span> #
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# $Id: config,v 1.112 2016/08/26 13:14:18 fabiankeil Exp $
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-#
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-# Copyright (C) 2001-2016 Privoxy Developers https://www.privoxy.org/
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Copyright (C) 2001-2021 Privoxy Developers https://www.privoxy.org/
</span> #
#####################################################################
# #
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -17,7 +15,8 @@
</span> # 4. ACCESS CONTROL AND SECURITY #
# 5. FORWARDING #
# 6. MISCELLANEOUS #
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# 7. WINDOWS GUI OPTIONS #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# 7. HTTPS INSPECTION (EXPERIMENTAL) #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# 8. WINDOWS GUI OPTIONS #
</span> # #
#####################################################################
#
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -387,8 +386,10 @@ logdir /opt/local/var/log/privoxy
</span> actionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on.
actionsfile default.action # Main actions file
actionsfile user.action # User customizations
<span style='display:block; white-space:pre;background:#ffe0e0;'>-actionsfile @PREFIX@/etc/adblock2privoxy/privoxy/ab2p.system.action
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+actionsfile @PREFIX@/etc/macos-fortress/macos-fortress-hosts.action
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+actionsfile @PREFIX@/etc/adblock3privoxy/privoxy/ab2p.system.action
</span> actionsfile @PREFIX@/etc/adblock2privoxy/privoxy/ab2p.action
<span style='display:block; white-space:pre;background:#e0ffe0;'>+#actionsfile regression-tests.action # Tests for privoxy-regression-test
</span> #
# 2.6. filterfile
# ================
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -573,9 +574,9 @@ logfile logfile
</span> #
# The available debug levels are:
#
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# debug 1 # Log the destination for each request Privoxy let through. See also debug 1024.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# debug 1 # Log the destination for each request. See also debug 1024.
</span> # debug 2 # show each connection status
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# debug 4 # show I/O status
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# debug 4 # show tagging-related messages
</span> # debug 8 # show header parsing
# debug 16 # log all data written to the network
# debug 32 # debug force feature
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -615,8 +616,8 @@ logfile logfile
</span> # you read the log messages, you may even be able to solve the
# problem on your own.
#
<span style='display:block; white-space:pre;background:#ffe0e0;'>-#debug 1 # Log the destination for each request Privoxy let through. See also debug 1024.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-#debug 1024 # Actions that are applied to all sites and maybe overruled later on.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#debug 1 # Log the destination for each request.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#debug 1024 # Log the destination for requests Privoxy didn't let through, and the reason why.
</span> #debug 4096 # Startup banner and warnings
#debug 8192 # Non-fatal errors
#
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -737,7 +738,11 @@ hostname @PROXY_HOSTNAME@
</span> # result in DNS traffic.
#
# If the specified address isn't available on the system, or if
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# the hostname can't be resolved, Privoxy will fail to start.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# the hostname can't be resolved, Privoxy will fail to start. On
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# GNU/Linux, and other platforms that can listen on not yet
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# assigned IP addresses, Privoxy will start and will listen on
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# the specified address whenever the IP address is assigned to
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# the system
</span> #
# IPv6 addresses containing colons have to be quoted by
# brackets. They can only be used if Privoxy has been compiled
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -977,7 +982,7 @@ enable-edit-actions 0
</span> # link. If the user adds the force prefix by hand, it will not
# be accepted and the circumvention attempt is logged.
#
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# Examples:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Example:
</span> #
# enforce-blocks 1
#
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1002,7 +1007,7 @@ enforce-blocks 0
</span> # whole destination part are optional.
#
# If your system implements RFC 3493, then src_addr and dst_addr
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# can be IPv6 addresses delimeted by brackets, port can be a
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# can be IPv6 addresses delimited by brackets, port can be a
</span> # number or a service name, and src_masklen and dst_masklen can
# be a number from 0 to 128.
#
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1172,6 +1177,108 @@ buffer-limit 4096
</span> #
enable-proxy-authentication-forwarding 0
#
<span style='display:block; white-space:pre;background:#e0ffe0;'>+# 4.10. trusted-cgi-referer
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# ==========================
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Specifies:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# A trusted website or webpage whose links can be followed to
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# reach sensitive CGI pages
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Type of value:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# URL or URL prefix
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Default value:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Unset
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Effect if unset:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# No external pages are considered trusted referers.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Notes:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Before Privoxy accepts configuration changes through CGI pages
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# like client-tags or the remote toggle, it checks the Referer
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# header to see if the request comes from a trusted source.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# By default only the webinterface domains config.privoxy.org
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# and p.p are considered trustworthy. Requests originating from
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# other domains are rejected to prevent third-parties from
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# modifiying Privoxy's state by e.g. embedding images that
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# result in CGI requests.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# In some environments it may be desirable to embed links to CGI
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# pages on external pages, for example on an Intranet homepage
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# the Privoxy admin controls.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# The "trusted-cgi-referer" option can be used to add that page,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# or the whole domain, as trusted source so the resulting
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# requests aren't rejected. Requests are accepted if the
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# specified trusted-cgi-refer is the prefix of the Referer.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# If the trusted source is supposed to access the CGI pages via
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# JavaScript the cors-allowed-origin option can be used.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# +-----------------------------------------------------+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# | Warning |
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# |-----------------------------------------------------|
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# |Declaring pages the admin doesn't control trustworthy|
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# |may allow malicious third parties to modify Privoxy's|
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# |internal state against the user's wishes and without |
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# |the user's knowledge. |
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# +-----------------------------------------------------+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#trusted-cgi-referer http://www.example.org/local-privoxy-control-page
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# 4.11. cors-allowed-origin
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# ==========================
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Specifies:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# A trusted website which can access Privoxy's CGI pages through
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# JavaScript.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Type of value:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# URL
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Default value:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Unset
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Effect if unset:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# No external sites get access via cross-origin resource
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# sharing.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Notes:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Modern browsers by default prevent cross-origin requests made
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# via JavaScript to Privoxy's CGI interface even if Privoxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# would trust the referer because it's white listed via the
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# trusted-cgi-referer directive.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Cross-origin resource sharing (CORS) is a mechanism to allow
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# cross-origin requests.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# The "cors-allowed-origin" option can be used to specify a
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# domain that is allowed to make requests to Privoxy CGI
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# interface via JavaScript. It is used in combination with the
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# trusted-cgi-referer directive.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# +-----------------------------------------------------+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# | Warning |
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# |-----------------------------------------------------|
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# |Declaring domains the admin doesn't control |
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# |trustworthy may allow malicious third parties to |
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# |modify Privoxy's internal state against the user's |
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# |wishes and without the user's knowledge. |
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# +-----------------------------------------------------+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#cors-allowed-origin http://www.example.org/
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span> # 5. FORWARDING
# ==============
#
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1262,12 +1369,11 @@ enable-proxy-authentication-forwarding 0
</span> # forward <[2-3][0-9a-f][0-9a-f][0-9a-f]:*> .
#
#
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# See http://www.christianschenk.org/blog/enhancing-your-privacy-using-squid-and-privoxy/
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-forward / .
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-forward :443 .
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-# I2P
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-#forward .i2p @PROXY_HOSTNAME@:4443
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+forward / .
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+forward :443 .
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# I2P
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#forward .i2p @PROXY_HOSTNAME@:4443
</span>
# 5.2. forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
# =========================================================================
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1279,7 +1385,7 @@ forward :443 .
</span> #
# Type of value:
#
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# target_pattern socks_proxy[:port] http_parent[:port]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# target_pattern [user:pass@]socks_proxy[:port] http_parent[:port]
</span> #
# where target_pattern is a URL pattern that specifies to which
# requests (i.e. URLs) this forward rule shall apply. Use / to
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1287,7 +1393,8 @@ forward :443 .
</span> # addresses in dotted decimal notation or valid DNS names (
# http_parent may be "." to denote "no HTTP forwarding"), and
# the optional port parameters are TCP ports, i.e. integer
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# values from 1 to 65535
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# values from 1 to 65535. user and pass can be used for SOCKS5
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# authentication if required.
</span> #
# Default value:
#
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1342,6 +1449,11 @@ forward :443 .
</span> #
# forward-socks4 / socks-gw.example.com:1080 .
#
<span style='display:block; white-space:pre;background:#e0ffe0;'>+# To connect SOCKS5 proxy which requires username/password
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# authentication:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# forward-socks5 / user:pass@socks-gw.example.com:1080 .
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span> # To chain Privoxy and Tor, both running on the same system, you
# would use something like:
#
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1416,7 +1528,7 @@ forward :443 .
</span> # logfile from time to time, to see how many retries are usually
# needed.
#
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# Examples:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Example:
</span> #
# forwarded-connect-retries 1
#
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1465,7 +1577,7 @@ forwarded-connect-retries 0
</span> # the CGI templates to make sure they don't reference content
# from config.privoxy.org.
#
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# Examples:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Example:
</span> #
# accept-intercepted-requests 1
#
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1502,7 +1614,7 @@ accept-intercepted-requests 0
</span> # Don't enable this option unless you're sure that you really
# need it.
#
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# Examples:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Example:
</span> #
# allow-cgi-request-crunching 1
#
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1544,7 +1656,7 @@ allow-cgi-request-crunching 0
</span> # to enable this option, but if one of the submit buttons
# appears to be broken, you should give it a try.
#
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# Examples:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Example:
</span> #
# split-large-forms 1
#
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1600,7 +1712,7 @@ split-large-forms 0
</span> # seconds or even more if you think your browser can handle it.
# If your browser appears to be hanging, it probably can't.
#
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# Examples:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Example:
</span> #
# keep-alive-timeout 300
#
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1643,7 +1755,7 @@ keep-alive-timeout 300
</span> # If you are seeing problems with pages not properly loading,
# disabling this option could work around the problem.
#
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# Examples:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Example:
</span> #
# tolerate-pipelining 1
#
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1694,7 +1806,7 @@ keep-alive-timeout 300
</span> # This option has no effect if Privoxy has been compiled without
# keep-alive support.
#
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# Examples:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Example:
</span> #
# default-server-timeout 60
#
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1764,11 +1876,11 @@ default-server-timeout 60
</span> # This option should only be used by experienced users who
# understand the risks and can weight them against the benefits.
#
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# Examples:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Example:
</span> #
# connection-sharing 1
#
<span style='display:block; white-space:pre;background:#ffe0e0;'>-connection-sharing 0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+connection-sharing 1
</span> #
# 6.8. socket-timeout
# ====================
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1796,7 +1908,7 @@ connection-sharing 0
</span> # If you aren't using an occasionally slow proxy like Tor,
# reducing it to a few seconds should be fine.
#
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# Examples:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Example:
</span> #
# socket-timeout 300
#
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1858,13 +1970,109 @@ socket-timeout 60
</span> # limit can't be increased without recompiling Privoxy with a
# different FD_SETSIZE limit.
#
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# Examples:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Example:
</span> #
# max-client-connections 256
#
max-client-connections 256
#
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# 6.10. handle-as-empty-doc-returns-ok
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# 6.10. listen-backlog
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# =====================
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Specifies:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Connection queue length requested from the operating system.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Type of value:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Number.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Default value:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# 128
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Effect if unset:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# A connection queue length of 128 is requested from the
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# operating system.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Notes:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Under high load incoming connection may queue up before
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Privoxy gets around to serve them. The queue length is limited
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# by the operating system. Once the queue is full, additional
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# connections are dropped before Privoxy can accept and serve
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# them.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Increasing the queue length allows Privoxy to accept more
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# incoming connections that arrive roughly at the same time.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Note that Privoxy can only request a certain queue length,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# whether or not the requested length is actually used depends
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# on the operating system which may use a different length
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# instead.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# On many operating systems a limit of -1 can be specified to
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# instruct the operating system to use the maximum queue length
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# allowed. Check the listen man page to see if your platform
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# allows this.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# On some platforms you can use "netstat -Lan -p tcp" to see the
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# effective queue length.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Effectively using a value above 128 usually requires changing
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# the system configuration as well. On FreeBSD-based system the
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# limit is controlled by the kern.ipc.soacceptqueue sysctl.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Example:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# listen-backlog 4096
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#listen-backlog -1
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# 6.11. enable-accept-filter
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# ===========================
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Specifies:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Whether or not Privoxy should use an accept filter
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Type of value:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# 0 or 1
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Default value:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# 0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Effect if unset:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# No accept filter is enabled.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Notes:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Accept filters reduce the number of context switches by not
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# passing sockets for new connections to Privoxy until a
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# complete HTTP request is available.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# As a result, Privoxy can process the whole request right away
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# without having to wait for additional data first.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# For this option to work, Privoxy has to be compiled with
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# FEATURE_ACCEPT_FILTER and the operating system has to support
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# it (which may require loading a kernel module).
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Currently accept filters are only supported on FreeBSD-based
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# systems. Check the accf_http(9) man page to learn how to
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# enable the support in the operating system.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Example:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# enable-accept-filter 1
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#enable-accept-filter 1
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# 6.12. handle-as-empty-doc-returns-ok
</span> # =====================================
#
# Specifies:
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1902,7 +2110,7 @@ max-client-connections 256
</span> #
#handle-as-empty-doc-returns-ok 1
#
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# 6.11. enable-compression
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# 6.13. enable-compression
</span> # =========================
#
# Specifies:
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1941,9 +2149,9 @@ max-client-connections 256
</span> # Privoxy will not compress buffered content below a certain
# length.
#
<span style='display:block; white-space:pre;background:#ffe0e0;'>-#enable-compression 1
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+enable-compression 1
</span> #
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# 6.12. compression-level
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# 6.14. compression-level
</span> # ========================
#
# Specifies:
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1989,7 +2197,7 @@ max-client-connections 256
</span> #
#compression-level 1
#
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# 6.13. client-header-order
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# 6.15. client-header-order
</span> # ==========================
#
# Specifies:
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -2021,9 +2229,10 @@ max-client-connections 256
</span> #
# Note that sorting headers in an uncommon way will make
# fingerprinting actually easier. Encrypted headers are not
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# affected by this directive.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# affected by this directive unless https-inspection is enabled.
</span> #
#client-header-order Host \
<span style='display:block; white-space:pre;background:#e0ffe0;'>+# User-Agent \
</span> # Accept \
# Accept-Language \
# Accept-Encoding \
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -2031,13 +2240,16 @@ max-client-connections 256
</span> # Referer \
# Cookie \
# DNT \
<span style='display:block; white-space:pre;background:#e0ffe0;'>+# Connection \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Pragma \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Upgrade-Insecure-Requests \
</span> # If-Modified-Since \
# Cache-Control \
# Content-Length \
<span style='display:block; white-space:pre;background:#e0ffe0;'>+# Origin \
</span> # Content-Type
#
<span style='display:block; white-space:pre;background:#ffe0e0;'>-#
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-# 6.14. client-specific-tag
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# 6.16. client-specific-tag
</span> # ==========================
#
# Specifies:
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -2056,13 +2268,6 @@ max-client-connections 256
</span> #
# Notes:
#
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# +-----------------------------------------------------+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-# | Warning |
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-# |-----------------------------------------------------|
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-# |This is an experimental feature. The syntax is likely|
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-# |to change in future versions. |
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-# +-----------------------------------------------------+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-#
</span> # Client-specific tags allow Privoxy admins to create different
# profiles and let the users chose which one they want without
# impacting other users.
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -2091,18 +2296,22 @@ max-client-connections 256
</span> # Clients can request tags to be set by using the CGI interface
# http://config.privoxy.org/client-tags. The specific tag
# description is only used on the web page and should be phrased
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# in away that the user understand the effect of the tag.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# in away that the user understands the effect of the tag.
</span> #
# Examples:
#
# # Define a couple of tags, the described effect requires action sections
# # that are enabled based on CLIENT-TAG patterns.
# client-specific-tag circumvent-blocks Overrule blocks but do not affect other actions
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# disable-content-filters Disable content-filters but do not affect other actions
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# client-specific-tag disable-content-filters Disable content-filters but do not affect other actions
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# client-specific-tag overrule-redirects Overrule redirect sections
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# client-specific-tag allow-cookies Do not crunch cookies in either direction
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# client-specific-tag change-tor-socks-port Change forward-socks5 settings to use a different Tor socks port (and circuits)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# client-specific-tag no-https-inspection Disable HTTPS inspection
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# client-specific-tag no-tls-verification Don't verify certificates when http-inspection is enabled
</span> #
#
<span style='display:block; white-space:pre;background:#ffe0e0;'>-#
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-# 6.15. client-tag-lifetime
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# 6.17. client-tag-lifetime
</span> # ==========================
#
# Specifies:
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -2119,13 +2328,6 @@ max-client-connections 256
</span> #
# Notes:
#
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# +-----------------------------------------------------+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-# | Warning |
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-# |-----------------------------------------------------|
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-# |This is an experimental feature. The syntax is likely|
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-# |to change in future versions. |
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-# +-----------------------------------------------------+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-#
</span> # In case of some tags users may not want to enable them
# permanently, but only for a short amount of time, for example
# to circumvent a block that is the result of an overly-broad
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -2136,14 +2338,14 @@ max-client-connections 256
</span> # it is used, the tag will be set until the client-tag-lifetime
# is over.
#
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# Examples:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Example:
</span> #
# # Increase the time to life for temporarily enabled tags to 3 minutes
# client-tag-lifetime 180
#
#
#
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# 6.16. trust-x-forwarded-for
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# 6.18. trust-x-forwarded-for
</span> # ============================
#
# Specifies:
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -2161,13 +2363,6 @@ max-client-connections 256
</span> #
# Notes:
#
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# +-----------------------------------------------------+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-# | Warning |
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-# |-----------------------------------------------------|
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-# |This is an experimental feature. The syntax is likely|
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-# |to change in future versions. |
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-# +-----------------------------------------------------+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-#
</span> # If clients reach Privoxy through another proxy, for example a
# load balancer, Privoxy can't tell the client's IP address from
# the connection. If multiple clients use the same proxy, they
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -2190,7 +2385,7 @@ max-client-connections 256
</span> # registering lots of client tag settings for clients that don't
# exist.
#
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# Examples:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Example:
</span> #
# # Allow systems that can reach Privoxy to provide the client
# # IP address with a X-Forwarded-For header.
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -2198,28 +2393,403 @@ max-client-connections 256
</span> #
#
#
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# 7. WINDOWS GUI OPTIONS
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# 6.19. receive-buffer-size
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# ==========================
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Specifies:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# The size of the buffer Privoxy uses to receive data from the
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# server.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Type of value:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Size in bytes
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Default value:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# 5000
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Notes:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Increasing the receive-buffer-size increases Privoxy's memory
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# usage but can lower the number of context switches and thereby
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# reduce the cpu usage and potentially increase the throughput.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# This is mostly relevant for fast network connections and large
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# downloads that don't require filtering.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Reducing the buffer size reduces the amount of memory Privoxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# needs to handle the request but increases the number of
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# systemcalls and may reduce the throughput.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# A dtrace command like: "sudo dtrace -n 'syscall::read:return /
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# execname == "privoxy"/ { @[execname] = llquantize(arg0, 10, 0,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# 5, 20); @m = max(arg0)}'" can be used to properly tune the
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# receive-buffer-size. On systems without dtrace, strace or
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# truss may be used as less convenient alternatives.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# If the buffer is too large it will increase Privoxy's memory
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# footprint without any benefit. As the memory is (currently)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# cleared before using it, a buffer that is too large can
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# actually reduce the throughput.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Example:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# # Increase the receive buffer size
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# receive-buffer-size 32768
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# 7. HTTPS INSPECTION (EXPERIMENTAL)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# ===================================
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# HTTPS inspection allows to filter encrypted requests and
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# responses. This is only supported when Privoxy has been built with
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# FEATURE_HTTPS_INSPECTION. If you aren't sure if your version
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# supports it, have a look at http://config.privoxy.org/show-status.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# 7.1. ca-directory
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# ==================
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Specifies:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Directory with the CA key, the CA certificate and the trusted
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# CAs file.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Type of value:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Text
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Default value:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Empty string
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Effect if unset:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Default value is used.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Notes:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# This directive specifies the directory where the CA key, the
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# CA certificate and the trusted CAs file are located.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# The permissions should only let Privoxy and the Privoxy admin
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# access the directory.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Example:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# ca-directory /opt/local/etc/privoxy/CA
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ca-directory /opt/local/etc/privoxy/CA
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# 7.2. ca-cert-file
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# ==================
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Specifies:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# The CA certificate file in ".crt" format.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Type of value:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Text
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Default value:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# cacert.crt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Effect if unset:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Default value is used.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Notes:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# This directive specifies the name of the CA certificate file
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# in ".crt" format.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# The file is used by Privoxy to generate website certificates
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# when https inspection is enabled with the https-inspection
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# action.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Privoxy clients should import the certificate so that they can
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# validate the generated certificates.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# The file can be generated with: openssl req -new -x509
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# -extensions v3_ca -keyout cakey.pem -out cacert.crt -days 3650
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Example:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# ca-cert-file root.crt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#ca-cert-file cacert.crt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# 7.3. ca-key-file
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# =================
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Specifies:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# The CA key file in ".pem" format.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Type of value:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Text
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Default value:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# cacert.pem
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Effect if unset:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Default value is used.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Notes:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# This directive specifies the name of the CA key file in ".pem"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# format. The ca-cert-file section contains a command to
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# generate it.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# The CA key is used by Privoxy to sign generated certificates.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Access to the key should be limited to Privoxy.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Example:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# ca-key-file cakey.pem
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#ca-key-file cakey.pem
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# 7.4. ca-password
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# =================
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Specifies:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# The password for the CA keyfile.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Type of value:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Text
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Default value:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Empty string
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Effect if unset:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Default value is used.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Notes:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# This directive specifies the password for the CA keyfile that
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# is used when Privoxy generates certificates for intercepted
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# requests.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Note that the password is shown on the CGI page so don't reuse
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# an important one.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Example:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# ca-password blafasel
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#ca-password swordfish
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# 7.5. certificate-directory
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# ===========================
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Specifies:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Directory to save generated keys and certificates.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Type of value:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Text
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Default value:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# ./certs
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Effect if unset:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Default value is used.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Notes:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# This directive specifies the directory where generated TLS/SSL
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# keys and certificates are saved when https inspection is
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# enabled with the https-inspection action.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# The keys and certificates currently have to be deleted
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# manually when changing the ca-cert-file and the ca-cert-key.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# The permissions should only let Privoxy and the Privoxy admin
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# access the directory.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# +-----------------------------------------------------+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# | Warning |
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# |-----------------------------------------------------|
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# |Privoxy currently does not garbage-collect obsolete |
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# |keys and certificates and does not keep track of how |
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# |may keys and certificates exist. |
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# | |
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# |Privoxy admins should monitor the size of the |
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# |directory and/or make sure there is sufficient space |
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# |available. A cron job to limit the number of keys and|
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# |certificates to a certain number may be worth |
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# |considering. |
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# +-----------------------------------------------------+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Example:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# certificate-directory /opt/local/var/privoxy/certs
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+certificate-directory /opt/local/var/privoxy/certs
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# 7.6. cipher-list
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# =================
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Specifies:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# A list of ciphers to use in TLS handshakes
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Type of value:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Text
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Default value:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# None
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Effect if unset:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# A default value is inherited from the TLS library.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Notes:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# This directive allows to specify a non-default list of ciphers
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# to use in TLS handshakes with clients and servers.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Ciphers are separated by colons. Which ciphers are supported
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# depends on the TLS library. When using OpenSSL, unsupported
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# ciphers are skipped. When using MbedTLS they are rejected.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# +-----------------------------------------------------+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# | Warning |
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# |-----------------------------------------------------|
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# |Specifying an unusual cipher list makes |
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# |fingerprinting easier. Note that the default list |
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# |provided by the TLS library may be unusual when |
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# |compared to the one used by modern browsers as well. |
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# +-----------------------------------------------------+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Examples:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# # Explicitly set a couple of ciphers with names used by MbedTLS
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# cipher-list cipher-list TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# TLS-ECDHE-ECDSA-WITH-AES-256-CCM:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# TLS-ECDHE-ECDSA-WITH-AES-128-CCM:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# TLS-DHE-RSA-WITH-AES-256-CCM:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# TLS-DHE-RSA-WITH-AES-256-CCM-8:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# TLS-DHE-RSA-WITH-AES-128-CCM:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# TLS-DHE-RSA-WITH-AES-128-CCM-8:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# # Explicitly set a couple of ciphers with names used by OpenSSL
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# cipher-list ECDHE-RSA-AES256-GCM-SHA384:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# ECDHE-ECDSA-AES256-GCM-SHA384:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# DH-DSS-AES256-GCM-SHA384:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# DHE-DSS-AES256-GCM-SHA384:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# DH-RSA-AES256-GCM-SHA384:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# DHE-RSA-AES256-GCM-SHA384:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# ECDH-RSA-AES256-GCM-SHA384:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# ECDH-ECDSA-AES256-GCM-SHA384:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# ECDHE-RSA-AES128-GCM-SHA256:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# ECDHE-ECDSA-AES128-GCM-SHA256:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# DH-DSS-AES128-GCM-SHA256:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# DHE-DSS-AES128-GCM-SHA256:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# DH-RSA-AES128-GCM-SHA256:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# DHE-RSA-AES128-GCM-SHA256:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# ECDH-RSA-AES128-GCM-SHA256:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# ECDH-ECDSA-AES128-GCM-SHA256:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# ECDHE-RSA-AES256-GCM-SHA384:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# AES128-SHA
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# # Use keywords instead of explicitly naming the ciphers (Does not work with MbedTLS)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# cipher-list ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# 7.7. trusted-cas-file
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# ======================
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Specifies:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# The trusted CAs file in ".pem" format.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Type of value:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# File name relative to ca-directory
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Default value:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# trustedCAs.pem
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Effect if unset:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Default value is used.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Notes:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# This directive specifies the trusted CAs file that is used
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# when validating certificates for intercepted TLS/SSL requests.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# An example file can be downloaded from https://curl.se/ca/cacert.pem.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# If you want to create the file yourself, please
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# see: https://curl.se/docs/caextract.html.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Example:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# trusted-cas-file trusted_cas_file.pem
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#trusted-cas-file trustedCAs.pem
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# 8. WINDOWS GUI OPTIONS
</span> # =======================
#
# Privoxy has a number of options specific to the Windows GUI
# interface:
#
#
<span style='display:block; white-space:pre;background:#ffe0e0;'>-#
</span> # If "activity-animation" is set to 1, the Privoxy icon will animate
# when "Privoxy" is active. To turn off, set to 0.
#
#activity-animation 1
#
<span style='display:block; white-space:pre;background:#ffe0e0;'>-#
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-#
</span> # If "log-messages" is set to 1, Privoxy copies log messages to the
# console window. The log detail depends on the debug directive.
#
#log-messages 1
#
<span style='display:block; white-space:pre;background:#ffe0e0;'>-#
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-#
</span> # If "log-buffer-size" is set to 1, the size of the log buffer, i.e.
# the amount of memory used for the log messages displayed in the
# console window, will be limited to "log-max-lines" (see below).
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/macos-fortress/files/privoxy-config.patch b/net/macos-fortress/files/privoxy-config.patch
</span><span style='display:block; white-space:pre;color:#808080;'>index 68e2917cb96..24b1b5a3cd1 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/net/macos-fortress/files/privoxy-config.patch
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/macos-fortress/files/privoxy-config.patch
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1,6 +1,6 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---- ./config 2020-04-03 08:30:39.000000000 -0400
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ ./config 2020-04-03 08:33:32.000000000 -0400
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -193,6 +193,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- ./config 2021-10-23 04:48:06.000000000 -0400
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ ./config 2021-10-23 05:03:06.000000000 -0400
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -192,6 +192,7 @@
</span> # shown.
#
#admin-address privoxy-admin@example.com
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -8,25 +8,30 @@
</span> #
# 1.4. proxy-info-url
# ====================
<span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -386,6 +387,8 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -385,8 +386,9 @@
</span> actionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on.
actionsfile default.action # Main actions file
actionsfile user.action # User customizations
<span style='display:block; white-space:pre;background:#ffe0e0;'>-+actionsfile @PREFIX@/etc/adblock2privoxy/privoxy/ab2p.system.action
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-#actionsfile @PREFIX@/etc/adblock2privoxy/privoxy/ab2p.system.action
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-#actionsfile @PREFIX@/etc/adblock2privoxy/privoxy/ab2p.action
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++actionsfile @PREFIX@/etc/macos-fortress/macos-fortress-hosts.action
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++actionsfile @PREFIX@/etc/adblock3privoxy/privoxy/ab2p.system.action
</span> +actionsfile @PREFIX@/etc/adblock2privoxy/privoxy/ab2p.action
<span style='display:block; white-space:pre;background:#e0ffe0;'>+ #actionsfile regression-tests.action # Tests for privoxy-regression-test
</span> #
# 2.6. filterfile
<span style='display:block; white-space:pre;background:#ffe0e0;'>- # ================
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -431,6 +434,8 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -433,8 +435,8 @@
</span> #
filterfile default.filter
filterfile user.filter # User customizations
<span style='display:block; white-space:pre;background:#e0ffe0;'>+-#filterfile @PREFIX@/etc/adblock2privoxy/privoxy/ab2p.system.filter
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-#filterfile @PREFIX@/etc/adblock2privoxy/privoxy/ab2p.filter
</span> +filterfile @PREFIX@/etc/adblock2privoxy/privoxy/ab2p.system.filter
+filterfile @PREFIX@/etc/adblock2privoxy/privoxy/ab2p.filter
#
# 2.7. logfile
# =============
<span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -675,7 +680,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -679,7 +681,7 @@
</span> # Note that Privoxy does not validate the specified hostname
# value.
#
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -35,7 +40,7 @@
</span> #
# 4. ACCESS CONTROL AND SECURITY
# ===============================
<span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -780,7 +785,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -788,7 +790,7 @@
</span> #
# listen-address [::1]:8118
#
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -44,71 +49,15 @@
</span> #
# 4.2. toggle
# ============
<span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -1257,6 +1262,13 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -1367,6 +1369,11 @@
</span> # forward <[2-3][0-9a-f][0-9a-f][0-9a-f]:*> .
#
#
<span style='display:block; white-space:pre;background:#ffe0e0;'>-+# See http://www.christianschenk.org/blog/enhancing-your-privacy-using-squid-and-privoxy/
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+forward / .
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+forward :443 .
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+# I2P
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#forward .i2p @PROXY_HOSTNAME@:4443
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++forward / .
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++forward :443 .
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# I2P
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#forward .i2p @PROXY_HOSTNAME@:4443
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span> # 5.2. forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
# =========================================================================
<span style='display:block; white-space:pre;background:#ffe0e0;'>- #
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -1592,7 +1604,7 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # keep-alive-timeout 300
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--keep-alive-timeout 5
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+keep-alive-timeout 300
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # 6.5. tolerate-pipelining
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # =========================
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -1635,7 +1647,7 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # tolerate-pipelining 1
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--tolerate-pipelining 1
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#tolerate-pipelining 1
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # 6.6. default-server-timeout
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # ============================
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -1686,7 +1698,7 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # default-server-timeout 60
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--#default-server-timeout 60
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+default-server-timeout 60
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # 6.7. connection-sharing
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # ========================
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -1756,7 +1768,7 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # connection-sharing 1
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--#connection-sharing 1
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+connection-sharing 0
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # 6.8. socket-timeout
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # ====================
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -1788,7 +1800,7 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # socket-timeout 300
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--socket-timeout 300
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+socket-timeout 60
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # 6.9. max-client-connections
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # ============================
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -1850,7 +1862,7 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # max-client-connections 256
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--#max-client-connections 256
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+max-client-connections 256
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # 6.10. handle-as-empty-doc-returns-ok
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # =====================================
</span><span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/macos-fortress/files/privoxy-match-all.action.macports b/net/macos-fortress/files/privoxy-match-all.action.macports
</span>deleted file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index d9815a35f03..00000000000
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/net/macos-fortress/files/privoxy-match-all.action.macports
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1,39 +0,0 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-#############################################################################
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-# $Id: match-all.action,v 1.4 2016/03/27 16:54:05 fabiankeil Exp $
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-#
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-# This file contains the actions that are applied to all requests and
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-# may be overruled later on by other actions files. Less experienced
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-# users should only edit this file through the actions file editor.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-#
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-#############################################################################
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-# original:
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-#{ \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-#+change-x-forwarded-for{block} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-#+client-header-tagger{css-requests} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-#+client-header-tagger{image-requests} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-#+hide-from-header{block} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-#+set-image-blocker{pattern} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-#}
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-#/ # Match all URLs
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-{ \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+change-x-forwarded-for{block} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+deanimate-gifs{last} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+filter{refresh-tags} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+filter{img-reorder} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+filter{banners-by-size} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+filter{webbugs} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+filter{jumping-windows} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+filter{ie-exploits} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+hide-from-header{block} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+hide-referrer{conditional-block} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+session-cookies-only \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+set-image-blocker{pattern} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-}
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-/ # Match all URLs
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-# User-Agent
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-# See http://www.christianschenk.org/blog/enhancing-your-privacy-using-squid-and-privoxy/
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-{ \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+hide-referrer{conditional-forge} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+hide-user-agent{Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.1 Safari/605.1.15} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-}
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-/ # Match all URLs
</span><span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/macos-fortress/files/privoxy-match-all.action.patch b/net/macos-fortress/files/privoxy-match-all.action.patch
</span>deleted file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index a5b9a378047..00000000000
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/net/macos-fortress/files/privoxy-match-all.action.patch
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1,40 +0,0 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---- ./privoxy-orig/match-all.action 2020-04-03 08:41:34.000000000 -0400
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ ./privoxy-new/match-all.action 2020-04-03 08:43:38.000000000 -0400
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -6,12 +6,34 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # users should only edit this file through the actions file editor.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #############################################################################
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+# original:
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#{ \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#+change-x-forwarded-for{block} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#+client-header-tagger{css-requests} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#+client-header-tagger{image-requests} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#+hide-from-header{block} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#+set-image-blocker{pattern} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#}
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#/ # Match all URLs
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- { \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- +change-x-forwarded-for{block} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--+client-header-tagger{css-requests} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--+client-header-tagger{image-requests} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--+client-header-tagger{range-requests} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-++deanimate-gifs{last} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-++filter{refresh-tags} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-++filter{img-reorder} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-++filter{banners-by-size} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-++filter{webbugs} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-++filter{jumping-windows} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-++filter{ie-exploits} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- +hide-from-header{block} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-++hide-referrer{conditional-block} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-++session-cookies-only \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- +set-image-blocker{pattern} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- / # Match all URLs
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+# User-Agent
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+# See http://www.christianschenk.org/blog/enhancing-your-privacy-using-squid-and-privoxy/
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+{ \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-++hide-referrer{conditional-forge} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-++hide-user-agent{Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.1 Safari/605.1.15} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+}
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+/ # Match all URLs
</span><span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/macos-fortress/files/proxy.pac b/net/macos-fortress/files/proxy.pac
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 00000000000..7b860baed67
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/macos-fortress/files/proxy.pac
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,96 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+function FindProxyForURL(url, host)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+{
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+if (
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ // Bypass proxy on the LAN for local DNS domainname
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ // (host == "mydomainname.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ // dnsDomainIs(host, ".mydomainname.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ // (host == "mydomainname.private") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ // dnsDomainIs(host, ".mydomainname.private") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ isPlainHostName(host) ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ shExpMatch(host, "10.*") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ shExpMatch(host, "172.16.*") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ shExpMatch(host, "192.168.*") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ shExpMatch(host, "127.*") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ dnsDomainIs(host, ".LOCAL") || dnsDomainIs(host, ".local")
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ /*
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Fix iOS 13 PAC file issue with Mail.app
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ See: https://forums.developer.apple.com/thread/121928
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ See: https://discussions.apple.com/thread/250687994
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ // Comcast
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "imap.comcast.net") || (host == "smtp.comcast.net") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ dnsDomainIs(host, "imap.comcast.net") || dnsDomainIs(host, "smtp.comcast.net") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ // Apple
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "imap.mail.me.com") || (host == "smtp.mail.me.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ dnsDomainIs(host, "imap.mail.me.com") || dnsDomainIs(host, "smtp.mail.me.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "p03-imap.mail.me.com") || (host == "p03-smtp.mail.me.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ dnsDomainIs(host, "p03-imap.mail.me.com") || dnsDomainIs(host, "p03-smtp.mail.me.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "p66-imap.mail.me.com") || (host == "p66-smtp.mail.me.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ dnsDomainIs(host, "p66-imap.mail.me.com") || dnsDomainIs(host, "p66-smtp.mail.me.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ // Google
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "imap.gmail.com") || (host == "smtp.gmail.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ dnsDomainIs(host, "imap.gmail.com") || dnsDomainIs(host, "smtp.gmail.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ // Yahoo
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "imap.mail.yahoo.com") || (host == "smtp.mail.yahoo.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ dnsDomainIs(host, "imap.mail.yahoo.com") || dnsDomainIs(host, "smtp.mail.yahoo.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ // Apple Enterprise Network Domains; https://support.apple.com/en-us/HT210060
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "albert.apple.com") || dnsDomainIs(host, "albert.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "captive.apple.com") || dnsDomainIs(host, "captive.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "gs.apple.com") || dnsDomainIs(host, "gs.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "humb.apple.com") || dnsDomainIs(host, "humb.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "static.ips.apple.com") || dnsDomainIs(host, "static.ips.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "tbsc.apple.com") || dnsDomainIs(host, "tbsc.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "time-ios.apple.com") || dnsDomainIs(host, "time-ios.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "time.apple.com") || dnsDomainIs(host, "time.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "time-macos.apple.com") || dnsDomainIs(host, "time-macos.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ dnsDomainIs(host, ".push.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "gdmf.apple.com") || dnsDomainIs(host, "gdmf.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "deviceenrollment.apple.com") || dnsDomainIs(host, "deviceenrollment.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "deviceservices-external.apple.com") || dnsDomainIs(host, "deviceservices-external.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "identity.apple.com") || dnsDomainIs(host, "identity.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "iprofiles.apple.com") || dnsDomainIs(host, "iprofiles.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "mdmenrollment.apple.com") || dnsDomainIs(host, "mdmenrollment.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "setup.icloud.com") || dnsDomainIs(host, "setup.icloud.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "appldnld.apple.com") || dnsDomainIs(host, "appldnld.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "gg.apple.com") || dnsDomainIs(host, "gg.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "gnf-mdn.apple.com") || dnsDomainIs(host, "gnf-mdn.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "gnf-mr.apple.com") || dnsDomainIs(host, "gnf-mr.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "gs.apple.com") || dnsDomainIs(host, "gs.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "ig.apple.com") || dnsDomainIs(host, "ig.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "mesu.apple.com") || dnsDomainIs(host, "mesu.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "oscdn.apple.com") || dnsDomainIs(host, "oscdn.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "osrecovery.apple.com") || dnsDomainIs(host, "osrecovery.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "skl.apple.com") || dnsDomainIs(host, "skl.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "swcdn.apple.com") || dnsDomainIs(host, "swcdn.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "swdist.apple.com") || dnsDomainIs(host, "swdist.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "swdownload.apple.com") || dnsDomainIs(host, "swdownload.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "swpost.apple.com") || dnsDomainIs(host, "swpost.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "swscan.apple.com") || dnsDomainIs(host, "swscan.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "updates-http.cdn-apple.com") || dnsDomainIs(host, "updates-http.cdn-apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "updates.cdn-apple.com") || dnsDomainIs(host, "updates.cdn-apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "xp.apple.com") || dnsDomainIs(host, "xp.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ dnsDomainIs(host, ".itunes.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ dnsDomainIs(host, ".apps.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ dnsDomainIs(host, ".mzstatic.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "ppq.apple.com") || dnsDomainIs(host, "ppq.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "lcdn-registration.apple.com") || dnsDomainIs(host, "lcdn-registration.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "crl.apple.com") || dnsDomainIs(host, "crl.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "crl.entrust.net") || dnsDomainIs(host, "crl.entrust.net") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "crl3.digicert.com") || dnsDomainIs(host, "crl3.digicert.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "crl4.digicert.com") || dnsDomainIs(host, "crl4.digicert.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "ocsp.apple.com") || dnsDomainIs(host, "ocsp.apple.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "ocsp.digicert.com") || dnsDomainIs(host, "ocsp.digicert.com") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "ocsp.entrust.net") || dnsDomainIs(host, "ocsp.entrust.net") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (host == "ocsp.verisign.net") || dnsDomainIs(host, "ocsp.verisign.net") ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ // Zoom
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ /*
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Proxy bypass hostnames
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ dnsDomainIs(host, ".zoom.us")
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ return "DIRECT";
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+else
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ return "PROXY @PROXY_SERVER@:8118";
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span></pre><pre style='margin:0'>
</pre>