[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Update for "user.actions" template (Was: Re: "User.Actions" Template )
- To: or-talk@xxxxxxxxxxxxx
- Subject: Update for "user.actions" template (Was: Re: "User.Actions" Template )
- From: Anothony Georgeo <anogeorgeo@xxxxxxxxx>
- Date: Mon, 22 May 2006 00:53:49 -0700 (PDT)
- Delivered-to: archiver@seul.org
- Delivered-to: or-talk-outgoing@seul.org
- Delivered-to: or-talk@seul.org
- Delivery-date: Mon, 22 May 2006 03:53:52 -0400
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=c7lU0Hn+MMm1qSDq5CpOCgZn5tTd6qcyC54j+IBjoLH8j3bl8xD0LsAH7cJEoj9cECiBdfJpG1xtsZFpeKl8WAp3/vsVT83EyaJQFlErumFoyPp+4Emh7B5HhEkh3Xj5ysV2f9lKmC4/o2QrUgGP4VKfPhQx2QmiZo5zeyugwAc= ;
- In-reply-to: <20060521151632.78920.qmail@web37805.mail.mud.yahoo.com>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
Update;
Thanks to a discussion with Fabian Keil I have updated
the "user.actions" template to block all
ingress/egress HTTPS traffic by default.
I also included settings to allow specific HTTPS URL
to be accessed.
I have updated the "user.actions" file to block all
"HTTP CONNECT" attempts via. HTTPS (by using
"limit-connect"). By blocking the CONNECT attempts
Privoxy does not forward HTTPS traffic.
I set the "limit-connect" paramiter to "Port -1"
(essentially Port "0") which does not exist and thus
blocked by Privoxy. I tried using "limit-connect{0}"
and "forward :443 ." (in "config.txt") but neither of
those worked properly.
IMO "limit-connect" is the most 'user-friendly' method
to block\unblock HTTPS traffic.
Note:
Please read commented text I included which describes
the settings and how an end-users may configure them.
Note:
The "hide-user-agent" line should not be wrapped; it
should be one line.
Here are the updated settings (for HTTPS) along with
the rest of the original "user.actions" template:
# This setting blocks "HTTP CONNECT" attempts via.
# HTTPS (eg. SSl).
#
# This setting prevents Privoxy from forwarding HTTPS
# which it can not filter.
#
{ +limit-connect{-1} }
/
# This setting is for URLS (eg. web-sites) you trust
# and wish to access with an HTTPS (eg. SSL)
# connection.
#
# This setting will over-ride the previous
# "{ +limit-connect{-1} }" setting,
# thus allowing access to pre-selected and trusted
# HTTPS URL's.
#
# I included the HTTPS (SSL) URLs for the 'EFF' and
# for 'Yahoo' web-mail as working examples.
#
# CAUTION: When you access an HTTPS URL listed
# below you are preventing Privoxy from filtering
# your "Environmental Variables", web-bugs, etc
# while visiting that site.
#
# Filtration is suggested and use of these URLs
# will dimish your anonymity.
#
{ +limit-connect{443} }
*secure.eff.org/
*mail.yahoo.com/
*login.yahoo.com/
{ allow-all-cookies }
/
{ +filter{banners-by-size} }
/
{ +filter{banners-by-link} }
/
{ +filter{js-annoyances} }
/
{ +filter{demoronizer} }
/
{ +filter{unsolicited-popups} }
/
{ +filter{webbugs} }
/
{ +filter{jumping-windows} }
/
{ +filter{ie-exploits} }
/
{ +prevent-compression }
/
{ +fast-redirects }
/
{ +hide-user-agent{Mozilla/5.0 (Windows; U; Windows NT
5.1; en; rv:1.7.10) Gecko/20050716 Firefox/1.0.5} }
/
{ +hide-referrer{forge} }
/
{ +hide-referer{forge} }
/
{ +hide-from-header{block} }
/
{ +hide-forwarded-for-headers }
/
Suggestions are welcome,
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com