Slackware-14.1-Privoxy 3.0.21
Posted 10-19-2014 at 04:47 PM by arniekat
Source - http://www.privoxy.org/ and Wikipedia
Privoxy is a Privacy Enhancing Non-Caching Web Proxy with Advanced Filtering Capabilities. You can chain Privoxy with Polipo. Privoxy can also be chained with Squid, which in turn can use a URL Filter Solution. This solution can be used to filter unwanted content and Internet Junk for say, a Family Computer or your own Personal Computer. I think it is a fairly nice solution for the following reasons:
1. The control is in your hands. By learning these technologies, you control how much information gets in or out.
2. You save bandwidth. By Filtering and Proxying your Web Browser, you speed up your Web Browsing Experience since you are not downloading a bunch of Junk you do not want/need.
3. You add to the Security of your system. By installing and configuring blocking software, you remove a vector by which malware and junkware can enter, namely, through your Web Browser.
4. There are places that can receive funds by proving that the computers have blocking/filtering software installed, such as schools. It seems like a good idea to understand, know how to setup, and use these technologies as an opportunity to make money by providing a service.
In order to enhance the security of your Web Browser, you need to keep in mind that there a various things that could compromise your system and just plain consume resources without providing anything in return, such as animated gifs, web bugs, ads, etc. These are listed below along with the technologies to control them:
URL Filtering - Native Squid ACL, DansGuardian, SquidGuard, and UfdbGuard. URL Filtering controls access to Web Sites by Web Address. Squid will also do URL Filtering, however, the larger the Squid Configuration File, the less efficiently Squid works. I setup Native Squid ACL Filtering and found it was still fast. It is nice to have options regarding solutions. Squid reads the Domain Names for filtering from the "domains" text files. DansGuardian, SquidGuard, and UfdbGuard were developed to take the load off of Squid. DansGuardian reads the Domain Names for filtering from the "domains" text files. SquidGuard and UfdbGuard create databases [*.db (Berkeley) and *ufdb (Proprietary), respectively] from the text files (domains and urls) to speed searching. Privoxy can also do a primitve URL Filtering by using the file /etc/privoxy/trust. This is an experimental feature! You put the website domains that are white-listed in the trust file and uncomment #trustfile trust in /etc/privoxy/config at around Line 511. You can only surf to the websites listed in the trust file.
JavaScript and Active-X - Privoxy. JavaScript is a programming language of the Web. ActiveX is a programming framework for Windows. Some malicious or just obnoxious code can be introduced by JavaScript and ActiveX.
Animated GIFS - Privoxy. These are pictures that move and display catchy slogans and in general just use up bandwidth.
Web Bugs - Privoxy and Hosts File. These are images that are 1x1 or 2x2 pixel and are embedded in webpages or emails. They are invisible to the user, but third-parties use them to check that an email has been read (spammers and phishers) or a webpage has been visited (interested third-parties).
Cookies - Privoxy. A Web Cookie is a piece of data sent by a website that stores information on your computer. Whenever you go back to that website, the cookie lets the website know that you have been there before. Cookies can be used to store passwords or for authentication. However, since it is giving out your data, it should be under your control.
Create the uid/gid "privoxy"
I used the recommended number 206 from SlackBuilds.org
# groupadd -g 206 privoxy
# useradd -d /dev/null -s /bin/false -u 206 -g 206 privoxy
Now, compile and install Privoxy-3.0.21.
To start and run Privoxy at boot, add these lines to /etc/rc.d/rc.local:
# vi /etc/rc.d/rc.local
# Start Privoxy Privacy-Enhancing Proxy
if [ -x /etc/rc.d/rc.privoxy ]; then
/etc/rc.d/rc.privoxy start
fi
Save the file and exit. Then, add the following to /etc/rc.d/rc.local_shutdown:
# vi /etc/rc.d/rc.local_shutdown
# Stop Privoxy Privacy-Enhancing Proxy
if [ -x /etc/rc.d/rc.privoxy ]; then
/etc/rc.d/rc.privoxy stop
fi
Save the file and exit. Make sure the file /etc/rc.d/rc.privoxy is executable.
# chmod +x /etc/rc.d/rc.privoxy
CONFIGURATION FILE
I copied over the /etc/privoxy/config file and stripped the comments with the following command:
sed -i "/^#/d;/^ *$/d" /location/of/copy/of/etc/privoxy/config
Here is the configuration file without comments:
user-manual /usr/doc/privoxy-3.0.21/user-manual/
confdir /etc/privoxy
templdir /etc/privoxy/templates
logdir /var/log/privoxy
actionsfile match-all.action
actionsfile default.action
actionsfile user.action
filterfile default.filter
filterfile user.filter
logfile logfile
listen-address 127.0.0.1:8118
toggle 1
enable-remote-toggle 0
enable-remote-http-toggle 0
enable-edit-actions 0
enforce-blocks 0
buffer-limit 4096
enable-proxy-authentication-forwarding 0
forwarded-connect-retries 0
accept-intercepted-requests 0
allow-cgi-request-crunching 0
split-large-forms 0
keep-alive-timeout 5
tolerate-pipelining 1
socket-timeout 300
The file /etc/privoxy/match-all.action has the rules that apply to all websites. There are different levels of security depending upon how much junk is to be filtered/blocked. The file /etc/privoxy/default.action has all the valid actions that can be performed including explanantions. At the bottom of that file are different combination of settings in ascending order of security: standard.Cautious, standard.Medium, and standard.Advanced. The default (standard.Cautious) is shown below:
# standard.Cautious settings - safe for all sites, but offer little privacy protection
{ \
+change-x-forwarded-for{block} \
+client-header-tagger{css-requests} \
+client-header-tagger{image-requests} \
+hide-from-header{block} \
+set-image-blocker{pattern} \
}
/ # Match all URLs
The easiest way to change the settings for Privoxy is to copy either the standard.Medium section or standard.Advanced section to the file /etc/privoxy/match-all.action
# standard.Medium settings - safe for most sites, with reasonable protection/damage tradeoff
{ \
+change-x-forwarded-for{block} \
+client-header-tagger{css-requests} \
+client-header-tagger{image-requests} \
+deanimate-gifs{last} \
+filter{refresh-tags} \
+filter{img-reorder} \
+filter{banners-by-size} \
+filter{webbugs} \
+filter{jumping-windows} \
+filter{ie-exploits} \
+hide-from-header{block} \
+hide-referrer{conditional-block} \
+session-cookies-only \
+set-image-blocker{pattern} \
}
/ # Match all URLs
# standard.Advanced settings - Reasonable privacy protection but require some exceptions for trusted sites, most likely
# because of cookies or SSL. Also testing ground for new options. CAUTION: These settings can still be subverted by a
# misconfigured client that executes code from untrusted sources.
{ \
+change-x-forwarded-for{block} \
+client-header-tagger{css-requests} \
+client-header-tagger{image-requests} \
+crunch-if-none-match \
+crunch-outgoing-cookies \
+crunch-incoming-cookies \
+deanimate-gifs{last} \
+fast-redirects{check-decoded-url} \
+filter{html-annoyances} \
+filter{content-cookies} \
+filter{refresh-tags} \
+filter{img-reorder} \
+filter{banners-by-size} \
+filter{banners-by-link} \
+filter{webbugs} \
+filter{jumping-windows} \
+filter{frameset-borders} \
+filter{quicktime-kioskmode} \
+hide-if-modified-since{-60} \
+hide-from-header{block} \
+hide-referrer{conditional-block} \
+limit-connect{,} \
+overwrite-last-modified{randomize} \
+set-image-blocker{pattern} \
}
/ # Match all URLs
If you use Privoxy by itself, the Web Traffic goes like this: Web Browser > Privoxy (Privacy & Web Junk Blocker) > Internet
To use Privoxy by itself, you can choose to allocate some space for the Web Cache. Here are the browser settings:
PRIVOXY MIDORI CONFIGURATION
Click Menu > Preferences > Network Tab
Proxy Server: HTTP Proxy Server
URI: localhost
Port: 8118
Web Cache: 100 MB
Identify as: Automatic
PRIVOXY CHROMIUM CONFIGURATION
Start Chromium from a Terminal with the switch "proxy-server":
$ /usr/bin/chromium --proxy-server=localhost:8118
If you are using the XFce Desktop, you can create a launcher for Chromium and change the launch command to what is shown above.
PRIVOXY FIREFOX CONFIGURATION
Go to Tools > Preferences > Advanced Button > Network Tab > Connection Section > Settings Button
The Default is * Use system proxy settings
Connection--Settings
Configure Proxies To Access The Internet
CHECK Manual proxy configuration
HTTP Proxy: localhost Port: 8118
UNCHECK Use this proxy server for all protocols
Cached Web Content--Clear Now
UNCHECK Override Automatic Cache Management
Limit cache to 100 MB of space
Click "OK" to exit the dialog box. Close Firefox.
Start Privoxy
# /etc/rc.d/rc.privoxy start
Or reboot your computer and then open your Web Browser to see if Privoxy works. If you are using the standard.Medium or standard.Advanced filtering choices, do a Google Search for Animated Gifs. When you try to see them, they should appear as a single image (either the first or last image), but there should be NO motion. As you browse web pages, you will see "Blocked by Privoxy" and a light blue wavy image to show that Privoxy is blocking some content. To verify what blocking actions are applied, type this in the URL Bar of your Web Browser:
http://p.p.
You will see the Privoxy 3.0.21 Menu Page. Click the button "Look up which actions apply to a URL and why". You can enter a Web Address and see the actions that Privoxy would apply to that Web Page.
USING SQUID WITH PRIVOXY
When using Squid, you will need to know the Local IP Address of the Internet Connection. You can get this by running "ifconfig" as root or if you have WiFi setup, you can hover your mouse pointer over the WiFi icon and get the IP Address that way. My address for this tutorial is 192.168.1.70
The Web Traffic goes like this: Web Browser > Squid (Caching Proxy Server) > Privoxy (Privacy & Web Junk Blocker) > Internet
First, make sure that Squid works fine by itself before trying to stack Privoxy with it. Edit Squid's Configuration File and add these two lines at the top of the file:
# vi /etc/squid/squid.conf
cache_peer localhost parent 8118 0 default no-query no-digest no-netdb-exchange
never_direct allow all
Save the file and exit. Here are the Web Browser settings:
SQUID-PRIVOXY MIDORI CONFIGURATION
Click Menu > Preferences > Network Tab
Proxy Server: HTTP Proxy Server
URI: 192.168.1.70
Port: 3128
Web Cache: 0 MB
Identify as: Automatic
SQUID-PRIVOXY CHROMIUM CONFIGURATION
Start Chromium from a Terminal with the switch "proxy-server":
$ /usr/bin/chromium --proxy-server=192.168.1.70:3128
If you are using the XFce Desktop, you can create a launcher for Chromium and change the launch command to what is shown above.
SQUID-PRIVOXY FIREFOX CONFIGURATION
Go to Tools > Preferences > Advanced Button > Network Tab > Connection Section > Settings Button
The Default is * Use system proxy settings
Connection--Settings
Configure Proxies To Access The Internet
CHECK Manual proxy configuration
HTTP Proxy: 192.168.1.70 Port: 3128
UNCHECK Use this proxy server for all protocols
Cached Web Content--Clear Now
CHECK Override Automatic Cache Management
Limit cache to 0 MB of space
Click "OK" to exit the dialog box. Close Firefox.
The file /etc/rc.d/rc.local should start Squid first, then Privoxy.
Privoxy is a Privacy Enhancing Non-Caching Web Proxy with Advanced Filtering Capabilities. You can chain Privoxy with Polipo. Privoxy can also be chained with Squid, which in turn can use a URL Filter Solution. This solution can be used to filter unwanted content and Internet Junk for say, a Family Computer or your own Personal Computer. I think it is a fairly nice solution for the following reasons:
1. The control is in your hands. By learning these technologies, you control how much information gets in or out.
2. You save bandwidth. By Filtering and Proxying your Web Browser, you speed up your Web Browsing Experience since you are not downloading a bunch of Junk you do not want/need.
3. You add to the Security of your system. By installing and configuring blocking software, you remove a vector by which malware and junkware can enter, namely, through your Web Browser.
4. There are places that can receive funds by proving that the computers have blocking/filtering software installed, such as schools. It seems like a good idea to understand, know how to setup, and use these technologies as an opportunity to make money by providing a service.
In order to enhance the security of your Web Browser, you need to keep in mind that there a various things that could compromise your system and just plain consume resources without providing anything in return, such as animated gifs, web bugs, ads, etc. These are listed below along with the technologies to control them:
URL Filtering - Native Squid ACL, DansGuardian, SquidGuard, and UfdbGuard. URL Filtering controls access to Web Sites by Web Address. Squid will also do URL Filtering, however, the larger the Squid Configuration File, the less efficiently Squid works. I setup Native Squid ACL Filtering and found it was still fast. It is nice to have options regarding solutions. Squid reads the Domain Names for filtering from the "domains" text files. DansGuardian, SquidGuard, and UfdbGuard were developed to take the load off of Squid. DansGuardian reads the Domain Names for filtering from the "domains" text files. SquidGuard and UfdbGuard create databases [*.db (Berkeley) and *ufdb (Proprietary), respectively] from the text files (domains and urls) to speed searching. Privoxy can also do a primitve URL Filtering by using the file /etc/privoxy/trust. This is an experimental feature! You put the website domains that are white-listed in the trust file and uncomment #trustfile trust in /etc/privoxy/config at around Line 511. You can only surf to the websites listed in the trust file.
JavaScript and Active-X - Privoxy. JavaScript is a programming language of the Web. ActiveX is a programming framework for Windows. Some malicious or just obnoxious code can be introduced by JavaScript and ActiveX.
Animated GIFS - Privoxy. These are pictures that move and display catchy slogans and in general just use up bandwidth.
Web Bugs - Privoxy and Hosts File. These are images that are 1x1 or 2x2 pixel and are embedded in webpages or emails. They are invisible to the user, but third-parties use them to check that an email has been read (spammers and phishers) or a webpage has been visited (interested third-parties).
Cookies - Privoxy. A Web Cookie is a piece of data sent by a website that stores information on your computer. Whenever you go back to that website, the cookie lets the website know that you have been there before. Cookies can be used to store passwords or for authentication. However, since it is giving out your data, it should be under your control.
Create the uid/gid "privoxy"
I used the recommended number 206 from SlackBuilds.org
# groupadd -g 206 privoxy
# useradd -d /dev/null -s /bin/false -u 206 -g 206 privoxy
Now, compile and install Privoxy-3.0.21.
To start and run Privoxy at boot, add these lines to /etc/rc.d/rc.local:
# vi /etc/rc.d/rc.local
# Start Privoxy Privacy-Enhancing Proxy
if [ -x /etc/rc.d/rc.privoxy ]; then
/etc/rc.d/rc.privoxy start
fi
Save the file and exit. Then, add the following to /etc/rc.d/rc.local_shutdown:
# vi /etc/rc.d/rc.local_shutdown
# Stop Privoxy Privacy-Enhancing Proxy
if [ -x /etc/rc.d/rc.privoxy ]; then
/etc/rc.d/rc.privoxy stop
fi
Save the file and exit. Make sure the file /etc/rc.d/rc.privoxy is executable.
# chmod +x /etc/rc.d/rc.privoxy
CONFIGURATION FILE
I copied over the /etc/privoxy/config file and stripped the comments with the following command:
sed -i "/^#/d;/^ *$/d" /location/of/copy/of/etc/privoxy/config
Here is the configuration file without comments:
user-manual /usr/doc/privoxy-3.0.21/user-manual/
confdir /etc/privoxy
templdir /etc/privoxy/templates
logdir /var/log/privoxy
actionsfile match-all.action
actionsfile default.action
actionsfile user.action
filterfile default.filter
filterfile user.filter
logfile logfile
listen-address 127.0.0.1:8118
toggle 1
enable-remote-toggle 0
enable-remote-http-toggle 0
enable-edit-actions 0
enforce-blocks 0
buffer-limit 4096
enable-proxy-authentication-forwarding 0
forwarded-connect-retries 0
accept-intercepted-requests 0
allow-cgi-request-crunching 0
split-large-forms 0
keep-alive-timeout 5
tolerate-pipelining 1
socket-timeout 300
The file /etc/privoxy/match-all.action has the rules that apply to all websites. There are different levels of security depending upon how much junk is to be filtered/blocked. The file /etc/privoxy/default.action has all the valid actions that can be performed including explanantions. At the bottom of that file are different combination of settings in ascending order of security: standard.Cautious, standard.Medium, and standard.Advanced. The default (standard.Cautious) is shown below:
# standard.Cautious settings - safe for all sites, but offer little privacy protection
{ \
+change-x-forwarded-for{block} \
+client-header-tagger{css-requests} \
+client-header-tagger{image-requests} \
+hide-from-header{block} \
+set-image-blocker{pattern} \
}
/ # Match all URLs
The easiest way to change the settings for Privoxy is to copy either the standard.Medium section or standard.Advanced section to the file /etc/privoxy/match-all.action
# standard.Medium settings - safe for most sites, with reasonable protection/damage tradeoff
{ \
+change-x-forwarded-for{block} \
+client-header-tagger{css-requests} \
+client-header-tagger{image-requests} \
+deanimate-gifs{last} \
+filter{refresh-tags} \
+filter{img-reorder} \
+filter{banners-by-size} \
+filter{webbugs} \
+filter{jumping-windows} \
+filter{ie-exploits} \
+hide-from-header{block} \
+hide-referrer{conditional-block} \
+session-cookies-only \
+set-image-blocker{pattern} \
}
/ # Match all URLs
# standard.Advanced settings - Reasonable privacy protection but require some exceptions for trusted sites, most likely
# because of cookies or SSL. Also testing ground for new options. CAUTION: These settings can still be subverted by a
# misconfigured client that executes code from untrusted sources.
{ \
+change-x-forwarded-for{block} \
+client-header-tagger{css-requests} \
+client-header-tagger{image-requests} \
+crunch-if-none-match \
+crunch-outgoing-cookies \
+crunch-incoming-cookies \
+deanimate-gifs{last} \
+fast-redirects{check-decoded-url} \
+filter{html-annoyances} \
+filter{content-cookies} \
+filter{refresh-tags} \
+filter{img-reorder} \
+filter{banners-by-size} \
+filter{banners-by-link} \
+filter{webbugs} \
+filter{jumping-windows} \
+filter{frameset-borders} \
+filter{quicktime-kioskmode} \
+hide-if-modified-since{-60} \
+hide-from-header{block} \
+hide-referrer{conditional-block} \
+limit-connect{,} \
+overwrite-last-modified{randomize} \
+set-image-blocker{pattern} \
}
/ # Match all URLs
If you use Privoxy by itself, the Web Traffic goes like this: Web Browser > Privoxy (Privacy & Web Junk Blocker) > Internet
To use Privoxy by itself, you can choose to allocate some space for the Web Cache. Here are the browser settings:
PRIVOXY MIDORI CONFIGURATION
Click Menu > Preferences > Network Tab
Proxy Server: HTTP Proxy Server
URI: localhost
Port: 8118
Web Cache: 100 MB
Identify as: Automatic
PRIVOXY CHROMIUM CONFIGURATION
Start Chromium from a Terminal with the switch "proxy-server":
$ /usr/bin/chromium --proxy-server=localhost:8118
If you are using the XFce Desktop, you can create a launcher for Chromium and change the launch command to what is shown above.
PRIVOXY FIREFOX CONFIGURATION
Go to Tools > Preferences > Advanced Button > Network Tab > Connection Section > Settings Button
The Default is * Use system proxy settings
Connection--Settings
Configure Proxies To Access The Internet
CHECK Manual proxy configuration
HTTP Proxy: localhost Port: 8118
UNCHECK Use this proxy server for all protocols
Cached Web Content--Clear Now
UNCHECK Override Automatic Cache Management
Limit cache to 100 MB of space
Click "OK" to exit the dialog box. Close Firefox.
Start Privoxy
# /etc/rc.d/rc.privoxy start
Or reboot your computer and then open your Web Browser to see if Privoxy works. If you are using the standard.Medium or standard.Advanced filtering choices, do a Google Search for Animated Gifs. When you try to see them, they should appear as a single image (either the first or last image), but there should be NO motion. As you browse web pages, you will see "Blocked by Privoxy" and a light blue wavy image to show that Privoxy is blocking some content. To verify what blocking actions are applied, type this in the URL Bar of your Web Browser:
http://p.p.
You will see the Privoxy 3.0.21 Menu Page. Click the button "Look up which actions apply to a URL and why". You can enter a Web Address and see the actions that Privoxy would apply to that Web Page.
USING SQUID WITH PRIVOXY
When using Squid, you will need to know the Local IP Address of the Internet Connection. You can get this by running "ifconfig" as root or if you have WiFi setup, you can hover your mouse pointer over the WiFi icon and get the IP Address that way. My address for this tutorial is 192.168.1.70
The Web Traffic goes like this: Web Browser > Squid (Caching Proxy Server) > Privoxy (Privacy & Web Junk Blocker) > Internet
First, make sure that Squid works fine by itself before trying to stack Privoxy with it. Edit Squid's Configuration File and add these two lines at the top of the file:
# vi /etc/squid/squid.conf
cache_peer localhost parent 8118 0 default no-query no-digest no-netdb-exchange
never_direct allow all
Save the file and exit. Here are the Web Browser settings:
SQUID-PRIVOXY MIDORI CONFIGURATION
Click Menu > Preferences > Network Tab
Proxy Server: HTTP Proxy Server
URI: 192.168.1.70
Port: 3128
Web Cache: 0 MB
Identify as: Automatic
SQUID-PRIVOXY CHROMIUM CONFIGURATION
Start Chromium from a Terminal with the switch "proxy-server":
$ /usr/bin/chromium --proxy-server=192.168.1.70:3128
If you are using the XFce Desktop, you can create a launcher for Chromium and change the launch command to what is shown above.
SQUID-PRIVOXY FIREFOX CONFIGURATION
Go to Tools > Preferences > Advanced Button > Network Tab > Connection Section > Settings Button
The Default is * Use system proxy settings
Connection--Settings
Configure Proxies To Access The Internet
CHECK Manual proxy configuration
HTTP Proxy: 192.168.1.70 Port: 3128
UNCHECK Use this proxy server for all protocols
Cached Web Content--Clear Now
CHECK Override Automatic Cache Management
Limit cache to 0 MB of space
Click "OK" to exit the dialog box. Close Firefox.
The file /etc/rc.d/rc.local should start Squid first, then Privoxy.
Total Comments 0
