Bad news: Building failed, It's too complicated for me. Good news is i found other way to get what i want. Daedalus(DOT, DOH, host for block system built-in ad) + servdroid(local res, custom homepage for browsers) + fennec(ublock0+tampermoney+headereditor) or Termux + docker(noroot)[https://github.com/dev-bittu/docker-in-termux] +privoxy(--with-openssl--with-brotli--enable-compression)[https://github.com/Tardo/docker-privoxy-https] I'm using the first set, it work quite well, second one is buggy...
Bad news: Building failed, It's too complicated for me. Good news is i found other way to get what i want. Deadalus(DOT, DOH, host) + servdroid(local res, custom homepage) + fennec(ublock0+tampermoney+headereditor) or Termux + docker(noroot)[https://github.com/dev-bittu/docker-in-termux] +privoxy(--with-openssl--with-brotli--enable-compression)[https://github.com/Tardo/docker-privoxy-https]
Bad news: Building failed, It's too complicated for me. Good news is i found other way to get what i want. Deadalus(DOT, DOH, host) + servdroid(local res, custom homepage) + fennec(ublock0+tampermoney+headereditor) or termux + docker(noroot)[https://github.com/dev-bittu/docker-in-termux] +privoxy(--with-openssl--with-brotli--enable-compression)[https://github.com/Tardo/docker-privoxy-https]
Ok, i will try it later, thank you, Lee. Btw i'm the one asked for that guide on github many years ago, I just forgot that account's pwd. That guide help me alot, i always check it first when new privoxy be released.
On Thu, Feb 15, 2024 at 3:32 AM LE37 wrote: [support-requests:#1764] how to build privoxy for android Status: open Group: 3.0.34 Created: Thu Feb 15, 2024 08:32 AM UTC by LE37 Last Updated: Thu Feb 15, 2024 08:32 AM UTC Owner: nobody Greeting, all. How to cross build privoxy v3.34 with FEATURE_HTTPS_INSPECTION for android11 on win10? Is there a step by step guide for noob? I haven't seen a step-by-step guide for noobs. Everything I've found requires [what I consider above average] background knowledge....
how to build privoxy for android
I agree that this would be a useful feature and would welcome patches too. Also the documentation should probably be improved but as I currently don't have any Windows systems I'm not the right person to do it.
Coredump crash upon first client connection with forward-socks4a (__fortify_fail)
Thanks for the report and please excuse the late response. I consider this a GCC problem and not a Privoxy bug but we have a work around in the git master branch already: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=19d7684ca10f6c1279568aa19e9a9da2276851f1
On Thu, Jan 25, 2024 at 4:40 AM Miguel Nieto wrote: [feature-requests:#608] Option to silently install as a service Status: open Group: future Created: Thu Jan 25, 2024 09:40 AM UTC by Miguel Nieto Last Updated: Thu Jan 25, 2024 09:40 AM UTC Owner: nobody In Windows, when invoking with --install / --uninstall paramter, privoxy installs a windows service and shows a message with the result. This User's action may prevent to install privoxy as a service from a script. --install leaves the service added...
Option to silently install as a service
Coredump crash upon first client connection
Use some internal variables
There are examples in regression-tests.action: https://www.privoxy.org/gitweb/?p=privoxy.git;a=blob;f=regression-tests.action;h=92b4388b959e8f3945068156af100b00d642bbbb;hb=HEAD#l1153 The user manual probably should have an example as well, though.
On Thu, Dec 28, 2023 at 3:06 PM withoutname wrote: I meant an example of a filter and/or action. Recall that Fabian said From the 3.0.29 release notes: "Allow to use extended host patterns and vanilla host patterns at the same time by prefixing extended host patterns with "PCRE-HOST-PATTERN:". To enable this, configure with --enable-pcre-host-patterns." and then I replied that --enable-pcre-host-patterns wasn't configured on the windows build of privoxy. So you need to build it yourself and then...
I meant an example of a filter and/or action. When compiled with FEATURE_PCRE_HOST_PATTERNS patterns can be prefixed with "PCRE-HOST-PATTERN:" in which case full regular expression (PCRE) can be used for the host pattern as well. What prefix are we talking about and where should it be?
I meant an example of a filter and/or action.
On Mon, Dec 25, 2023 at 1:06 PM withoutname wrote: Please provide an example configuration to enable this feature. You're going to have to build Privoxy for yourself. The instructions for building Privoxy here: https://www.privoxy.org/user-manual/installation.html#INSTALLATION-SOURCE and the windows-specific instructions are here: https://www.privoxy.org/user-manual/installation.html#WINBUILD-CYGWIN NOTE: I need to update the bit about getting the latest 8.x PCRE code. The 8.x version of the PCRE...
Please provide an example configuration to enable this feature.
OK I understood.
Messages like "Cannot open template file /etc/privoxy/templates/connect-failed: Too many open files"
Setting "accept-intercepted-requests 0" in your setup seems like the right thing to do as you are redirecting intercepted connections into Squid and not into Privoxy. With "accept-intercepted-requests 1" one has to be careful and prevent Privoxy from connecting to itself. Quoting the documentation: "Make sure that Privoxy's own requests aren't redirected as well. Additionally take care that Privoxy can't intentionally connect to itself, otherwise you could run into redirection loops if Privoxy's...
IPv6 address leak
Great. Thanks for reporting back.
When you suggested that the problem might be related to Squid, you prompted me to analyze this situation. In the end, I found out that the problem was related to the "accept-intercepted-requests 1" option. I tried setting it to 0 and so far this problem has not occurred. But the message "Error: ::1's request: 'GET /squid-internal-dynamic/netdb HTTP/1.1' is invalid. Privoxy isn't configured to accept intercepted requests" appeared in the log. There are also others that are similar (I changed the contents...
So far this is what I see. But this coincides when for some reason Privoxy increases (or something forces it to do so) the number of threads (first picture). At this moment, the messages that were reported in my initial message appear in the log. Regarding Squid, I don’t understand what you mean, but I’ll describe the config. Privoxy is an upstream proxy for Squid, the Squid config is literally as in the documentation from Privoxy. Ports 80 and 443 are redirected to Squid via iptables. Privoxy: ......
Yes I am sure. I looked at the log and realized I was wrong. Those domains that define my ipv6 connection are pretty much a tor proxy, this can be seen in the log. Once again I apologize for the false alarm.
Yes I am sure.
Note that most client connections need two file descriptors to be served so with 8192 client connections may need ~16384 file descriptors. It's unclear to me why the processor load should significantly increase when the limit is reached, though. Also 8192 connections seem to be a lot for up to three clients. In ticket #1762 you wrote that you are Squid in "transparent mode". Is it possible that some of Privoxy's outgoing connections are intercepted again? Enabling logging would probably help to diagnose...
IPv6 address leak
Are you sure the IPv6 requests from the browser are actually intercepted and reach Privoxy? A log excerpt with the debug setting recommended at: https://www.privoxy.org/user-manual/contact.html would probably help.
Fix type errors in configure script
Thanks for the updated patch. Pushed to master.
IPv6 address leak
Updated patch, looks better now.
These probes only have uninitialized variable warnings: configure:5348: gcc -c -pipe -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Werror=implicit-function-declaration -Werror=implicit-int -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection...
Fix type errors in configure script
Thanks a lot for the patch. Did these probes actually fail for you and the patch was sufficient to solve the problem? The patch looks correct to me but it's unclear to me why other probes with pointers that point to garbage wouldn't need adjustment as well. For example the gethostbyaddr_r() probe: AC_CHECK_FUNC(gethostbyaddr_r, [ AC_MSG_CHECKING([signature of gethostbyaddr_r]) AC_TRY_COMPILE([ # include <netdb.h> ], [ struct hostent *h, *hp; char *a, *b; int l, bl, t, e; (void) gethostbyaddr_r(a,...
Patch
Fix type errors in configure script
The last error (about the site traxxas.com) was due to the fact that I enabled cipher-list, trying to find cipher suites as in the librewolf (firefox) browser, viewing the result on this page https://browserleaks.com/tls. Because the problem described here (https://sourceforge.net/p/ijbswa/support-requests/1739/) remained at that time. I couldn’t figure out what exact names of font sets are needed for cipher-list; in browserleaks.com they have a different name, so I left them as an example in the...
This has no effect, I still see the 503 error (from the Privoxy web interface).
On Fri, Nov 17, 2023 at 12:34 PM withoutname s18573f@users.sourceforge.net wrote: I found another bug related to openssl. I can't open traxxas.com. It only works by disabling Privoxy via "Toggle Privoxy on or off". At this time, messages in the log: ~~~ Error: The TLS/SSL handshake with the server failed: error:0A000410:SSL routines::sslv3 alert handshake failure ~~~ It works for me. Have you tried getting a new copy of the trusted CAs file? from config.txt: This directive specifies the trusted CAs...
I found another bug related to openssl. I can't open traxxas.com. It only works by disabling Privoxy via "Toggle Privoxy on or off". At this time, messages in the log: Error: The TLS/SSL handshake with the server failed: error:0A000410:SSL routines::sslv3 alert handshake failure
Privoxy and Tor with Pleroma preventing federation (503 error)
I suspect that the problem is unrelated to the use of Pleroma (which I'm not familiar with) and should be reproducible with clients like curl as well. Your Privoxy config contains the line "forward-socks5 / 127.0.0.1:9040 ." which looks suspicious because your Tor config file contains the lines "SOCKSPort 127.0.0.1:9050" and "TransPort 10.0.0.1:9040". As Privoxy is configured to speak SOCKS5 it should be configured to connect to Tor's SOCKSPort.
Privoxy and Tor with Pleroma preventing federation (503 error)
I'm using the usual linux ext4.
The number of open sockets.
From 1 to 3 users. The same messages appear at night, when in fact users are left with only one device - NAS. Part of the config: keep-alive-timeout 60 default-server-timeout 5 socket-timeout 30 max-client-connections 8192 It looks like this.
Messages like "Cannot open template file /etc/privoxy/templates/connect-failed: Too many open files"
How many users does your Privoxy instance have? The number of open sockets can sometimes be reduced by decreasing the keep-alive-timeout and socket-timeout values. Did you increase them from the defaults?
It seems strange that OpenSSL considered the keys valid after generating them but invalid later on. I'm wondering if the problem could be caused by data corruption. Do you use a file system like OpenZFS that uses checksums for file data?
email = jprokosATgmailDOTcom
macOS packager please upload public key to key servers
Messages like "Cannot open template file /etc/privoxy/templates/connect-failed: Too many open files"
openssl 3.1.4-1, archlinux.
Error: Loading webpage certificate private key /var/lib/privoxy/certs/cd1a781f134611f5e4cc24f76562bb7d.pem
Thanks for the report. Which OpenSSL version do you use?
When creating the certificate, I did not use a password. This error does not always occur. It seems that these errors are related to working together with openssl. Since there are other errors like “error:0A000126:SSL routines::unexpected eof while reading” there are a lot of them too.
maybe it's related with this option https://www.privoxy.org/user-manual/config.html#CA-PASSWORD
Error: Loading webpage certificate private key /var/lib/privoxy/certs/cd1a781f134611f5e4cc24f76562bb7d.pem
there is "acl-file" ? like "actionsfile default.action"
At the moment there is no such directive and the ACL-related directives have to be put into the general config file. The following TODO list item could improve this: | 102) Add an include directive to split the config file into several parts. https://www.privoxy.org/gitweb/?p=privoxy.git;a=blob;f=TODO;hb=HEAD#l241
there is "acl-file" ? like "actionsfile default.action"
Privoxy can rewrite HTML and CSS etc. to block ads and can also block HTTP(S) requests but in case of Youtube the ads are served with URLs that frequently change so you can't trivially block them with URL patterns. If an ad is inserted into a video stream Privoxy can't detect and remove it either. I suppose you could call this a technological limitation but other HTTP(S) proxies probably have the same limitation. I've heard of AdGuard but never used it and thus don't know if it would help. Usually...
Hm, seems not easily possible. If I just pipe it directly into VLC, I get no audio. If I download it to a file, I can immediately start that, but there is some unknown delay until the file is actually created, so I have to wait for that until starting VLC, which is annoying to script. So, about your answer: Do you mean there is some technological limitation why Privoxy cannot block YouTube/Twitch ads or do you mean that it's just not implemented yet? Is there something else that can block it, maybe...
Ad blockers as browser extensions can successfully block Twitch ads, but I guess that works differently. Your youtube-dl suggestion gave me an idea: I'm already using yt-dlp to get the playlist URL to insert into VLC, but maybe I can run it in actual download mode and output that to StdOut or somehow else pump it into VLC, so I would not actually use VLC for the internet connection, but yt-dlp. I'll see what I can do there.
Twitch ads in VLC
I never used Twich but if the Ads are embedded into the video stream Privoxy is probably not the right tool if you want to block them. You could enable logging and check the requests in the log file to figure out how to block them but this probably won't work reliably. Privoxy can't automatically detect and block Youtube ads either and I assume the Twitch situation is similar. Luckily there is youtube-dl which can download Youtube videos without the ads and maybe there's a similar tool for Twich...
Twitch ads in VLC
Thank you. The reason it is relevant is that Apple made a change to the operating system between 10.8 and 10.9 that subtly broke the account and group that Privoxy runs as, which for some time was a prime cause of Privoxy not working on macOS for those who had it previously installed. This is why it is an early troubleshooting question. Since you installed Privoxy for the first time only on Ventura, this is not the cause of your issue. Next steps : could you provide the installation log file. You'll...
<meta http-equiv="content-type" content="text/html; charset=utf-8">To answer your question, yes. I’ve had this computer for five years, so it has had previous versions of the OS. Not sure what that has to do with anything. But I just installed your software on this computer on this current version of iOSOn Sep 12, 2023, at 5:16 PM, Ian Silvester <diem@users.sourceforge.net> wrote:Ok cool, And did this laptop have earlier releases of macOS? As early as 10.9? Cheers, Ian On Tue, 12 Sep 2023, at 16:22,...
<meta http-equiv="content-type" content="text/html; charset=utf-8">It’s not a laptop, it’s a desktop, iMac. What does previous releases have to do with anything? I installed it on this releaseOn Sep 12, 2023, at 5:16 PM, Ian Silvester <diem@users.sourceforge.net> wrote:Ok cool, And did this laptop have earlier releases of macOS? As early as 10.9? Cheers, Ian On Tue, 12 Sep 2023, at 16:22, LambdaEnt wrote: I downloaded it from Proxy.org On Sep 12, 2023, at 9:56 AM, Ian Silvester diem@users.sourceforge.net...
Ok cool, And did this laptop have earlier releases of macOS? As early as 10.9? Cheers, Ian On Tue, 12 Sep 2023, at 16:22, LambdaEnt wrote: I downloaded it from Proxy.org On Sep 12, 2023, at 9:56 AM, Ian Silvester diem@users.sourceforge.net wrote: Hi LambdaEnt, Sorry for not replying sooner - it seems we no longer get notifications from SourceForge when new tickets are raised. Could you confirm that you installed Privoxy using our installer downloaded either here from SourceForge or via www.privoxy.org?...
I downloaded it from Proxy.org On Sep 12, 2023, at 9:56 AM, Ian Silvester diem@users.sourceforge.net wrote: Hi LambdaEnt, Sorry for not replying sooner - it seems we no longer get notifications from SourceForge when new tickets are raised. Could you confirm that you installed Privoxy using our installer downloaded either here from SourceForge or via www.privoxy.org? This will enable me to set certain assumptions in place. Also, you state that you already uninstalled Privoxy - did you use the provided...
Mac Ventura - nothing
Hi LambdaEnt, Sorry for not replying sooner - it seems we no longer get notifications from SourceForge when new tickets are raised. Could you confirm that you installed Privoxy using our installer downloaded either here from SourceForge or via www.privoxy.org? This will enable me to set certain assumptions in place. Also, you state that you already uninstalled Privoxy - did you use the provided uninstaller to do that or did you simply delete the folder from Applications? Looking forward to assisting...
I had not looked into that procedure. Can you please direct me to some instructions? Since my system was not functioning, and it has been more than 5 days, I already uninsalled Privoxy. However, this is supposed to work on Mac, and it would be helpful, if not more logical, if it did work using standard procedures. I'm concerned going through the backend might be more difficult to undo should it be necessary, and/or things get messed up. Although I appreciate your efforts, perhaps someone familiar...
Does it work as expected if you try to use Privoxy with curl from the command line when using the --proxy parameter instead of relying on the system settings? @diem, do you maybe have additional thoughts about this?
Actually, I had already tried it with HTTPS as well, with the same refults.
Mac Ventura - nothing
I'm not familiar with Apple systems but my interpretation of your screenshot is that you configured a proxy for unencrypted HTTP requests but no proxy for HTTPS requests. This would explain why requests for https://www.privoxy.org/config/ aren't intercepted by Privoxy and end up on the Privoxy website. Please try again after toggling the "Secure web proxy (HTTPS)" thingy. You could also try if http://config.privoxy.org/ is reachable, assuming your browsers don't automatically upgrade the request...
Thanks for the suggestion. This seems reasonable but we would need ifdefs for systems that don't support static_assert() yet.
Great. Thank you for taking care of this bug. I think we could use static_assert() here to assert the action_type_info[] has the correct size, something like this in my mind: static_assert(sizeof(action_type_info)/sizeof(action_type_info[0]) == MAX_FILTER_TYPES, "action_type_info size mismatch");
segfault upon action editting (without --enable-external-filters)
Thanks a lot for the detailed report. I applied your diff and pushed it to git master. In case anyone intends to back-port the fix, please note that it unmasked another bug which should be fixed by: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=48282bcd9c6972c177231b66cbad5db7683f2585
segfault upon action editting (without --enable-external-filters)
/usr/bin/dscl /Local/Default -read /users/_privoxy dsAttrTypeNative:accountPolicyData: <plist version="1.0"> <dict> <key>creationTime</key> <real>1693951703.263067</real> </dict> </plist> dsAttrTypeNative:record_daemon_version: 8780000 AppleMetaNodeLocation: /Local/Default GeneratedUID: 402FB318-CF8C-4D92-9E7E-3F85958777C9 NFSHomeDirectory: /var/empty Password: * PrimaryGroupID: 705 RealName: privoxy server RecordName: _privoxy privoxy RecordType: dsRecTypeStandard:Users UniqueID: 1001 UserShell:...
/usr/bin/dscl /Local/Default -read /users/_privoxy salm@iMac ~ % /usr/bin/dscl /Local/Default -read /users/_privoxy dsAttrTypeNative:accountPolicyData: <plist version="1.0"> <dict> <key>creationTime</key> <real>1693951703.263067</real> </dict> </plist> dsAttrTypeNative:record_daemon_version: 8780000 AppleMetaNodeLocation: /Local/Default GeneratedUID: 402FB318-CF8C-4D92-9E7E-3F85958777C9 NFSHomeDirectory: /var/empty Password: * PrimaryGroupID: 705 RealName: privoxy server RecordName: _privoxy privoxy...
Mac Ventura - nothing
A regression introduced by the pcre2 support code was found and fixed in: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commitdiff;h=e73b93ea9ad1f3e980bd78ed3ebf65dedbb598a2 A test was added in: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commitdiff;h=87253c999d5628a6e9287bb0cc613d7b44bcec09 If you back-ported the pcre2 support code you may want to back port the regression fix as well. The --disable-pcre2 flag didn't work as advertised either, but if you intend to use pcre2 anyway you may not...
Maximum line length for filtering?
Great. Thanks for the confirmation.
The problem was when I used only this one patch for Privoxy 3.0.34. But according to the latest snapshots, there is no problem.
Maximum line length for filtering?
I'm not sure I understand you correctly. Are you saying you saw the issue with pcre1 but not with pcre2?
All connections rejected by Privoxy
Looks like this request fell through the cracks, sorry. Is this still an issue with a more recent Privoxy version?
If I use the latest snapshot, then the problem is not observed. In a recent post I use the "Add pcre2 support" patch from 2023.07.11. Looks like I'm wrong again...