Privoxy Configuration

Introduction | Installation | Running | Configuration

Introduction

Privoxy is a free proxy that offers flexible web content filtering; it evolved from the old Internet JunkBuster proxy released by JunkBusters. Content blocked by privoxy can optionally be bypassed for viewing, in the event of false positives. Privoxy is also browser and system agnostic, which allows the same filter configuration to be used regardless of the browser in question, and the daemon to be run on a variety of platforms.

This documentation covers how to install and run privoxy from under a Unix home directory, and shows a simple custom user specific filter configuration file.

These notes were made based on privoxy 3.0.2 on Mac OS X 10.2.6.

Installation

Download the latest privoxy source bundle. I avoid the platform specific versions and compile privoxy manually, to keep it under my home directory. This allows me to synchronize my home directory to other systems and still have privoxy available for use. A system packaged or vendor supplied version will make more sense for single-platform users.

Follow the install notes in the INSTALL file. I used ./configure with no arguments, and instead of running make install, install privoxy in the following manner.

$ cp privoxy ~/u/$MYSYSID/daemon
$ cp privoxy.1 ~/u/$MYSYSID/share/man/man1
$ mkdir -p ~/.privoxy/conf 2>/dev/null
$ rsync -avz templates config default.action \
default.filter standard.action trust ~/.privoxy

?
$ cp user.action ~/.privoxy/user.action.default

The MYSYSID environment variable is a string like osx-10.2 or similar, determined by my shell initialization file at startup. This allows privoxy for multiple platforms to all live under my home directory, while sharing the configuration files under ~/.privoxy.

Running

To manage privoxy, I use privoxyctl to launch or kill the daemon, along with multiple configuration files for the daemon stored under the ~/.privoxy/conf directory. The privoxyctl script requires the MYSYSID environment variable to find the privoxy daemon, though could easily be modified to support other install locations.

The ~/.privoxy/conf directory contains various configuration files. The main differences in my configurations is whether and what proxy to have privoxy connect to, though different configurations could be created for logging or debugging easily. A sample open configuration is available. To run this configuration after saving it to the conf directory, use the following syntax.

$ privoxyctl open

To kill the daemon, use the -k option.

$ privoxyctl -k

Configuration

All configuration for privoxy is done under ~/.privoxy. To customize the preferences, create a custom user.action file. Some time will need to be spent configuring privoxy to do what you want it to do; privoxy can be configured in your browser (assuming the privoxy daemon is running and the browser configured to connect to privoxy) or by editing user.action manually. See the source default.action and user.action files for examples, among other documentation.

Since I do not run JavaScript in my browsers by default, my user configuration file consists mainly of ?good sites? to always allow and ?bad sites? to block that are not caught by the default filter rules.

{ \
-crunch-incoming-cookies \
-crunch-outgoing-cookies \
-session-cookies-only \
}
sial.org

{ -block }
sial.org
.*example.org

{ +block }
evilcorp.example.com

# my custom defaults
# look for "Defaults" in default.action for the full list
{ \
+deanimate-gifs{first} \
+filter{banners-by-link} \
+filter{shockwave-flash} \
+filter{frameset-borders} \
+filter{quicktime-kioskmode} \
-filter{refresh-tags} \
-filter{ie-exploits} \
}
/

Changing the user.action does not require privoxy to be restarted.

Logging all requests for some time and visiting common sites will create a logfile that can be reviewed for missed tracking ads and whatnot. Otherwise, I do not log requests.