#761 Summary: No tags debugging (v 3.08 & 3.0.10)

[Anonymous]

<French trying to remember his english lessons>

Hello,

First thanks for your work on Provoxy.

I have installed Privoxy 3.0.8 in my organization on a French Windows 2003 SP2 server, and recently updated to 3.0.10, to fix a bug that is still there, though.

I massively use block actions to block access to unallowed sites or files download. I was only working with URL rules until a few days ago, but I recently set up block actions based on Content-Type HTTP header, using tags.

The problem I encountered is that when a block rule based on tags is matched, and the file download is actually replaced with a "BLOCKED" page, the "See why this block applies" page doesn't show the matched rule. This makes debugging hard when working with tags.

Here is an extract of my user.action file :

====================================
{+filter{ie-exploits} \ -hide-forwarded-for-headers \ +hide-from-header{block} \ +server-header-tagger{content-type} \ +client-header-tagger{client-ip-address} \ +set-image-blocker{[Intranet URL]} \ }
/ # Match all URLs

{ +block }
TAG:application/(x-msdownload|octet-stream|zip)
TAG:audio/
TAG:video/
====================================

This can be tested with this URL as example, both with Internet Explorer 7 and its latest updates and with Firefox 2.0.0.17 (running on Windows XP SP3) :
http://surfnet.dl.sourceforge.net/sourceforge/ijbswa/privoxy_setup_3_0_10.exe

Trend Micro client/server Security Agent is installed both on the server and the workstation from which I'm debugging, but only the antivirus is enabled. Windows XP firewall is enabled on my workstation only. No other proxy is used.

Regards,

Stéphane FAURE

E-mail : s.faure.nospam001@cmgr.fr

</French trying to remember his english lessons>

[Nobody/Anonymous]

Sorry for the "Summary:" copied/pasted from a text file into the summary field...
There is also a mistake in my address (my boss changed the alias without notice), this is the working one : sfaure.ns1@cmgr.fr

[Nobody/Anonymous]

Another much more annoying bug near to that one : it appears impossible to make URL-based exceptions to headers-based TAG rules.

In my case, when the following rules are in user.action :

==============================================================
{ +server-header-tagger{content-type} }
/ # Match all URLs

{ +block }
TAG:application/(x-msdownload|octet-stream|zip)

{ -block }
# Microsoft
.windowsupdate. # Windows Update
.update.microsoft.com # Windows Update
office.microsoft.com # Office Update
/.*office.microsoft.com # Office Update
==============================================================

the following resource remains blocked :
http://office.microsoft.com/officeupdate/catalog/ident/officemicrosoftcom/ident.cab?313375-0f44-0244-0a0f073808

The "Look up which actions apply to a URL and why" page says it is not blocked, but trying to get it actually typing the URL in the browser, results in a BLOCKED page.

It seems that URL and headers processing is very different within Privoxy, and I guess this is not just a minor bug.

Regards,

Stéphane FAURE
sfaure.ns1@cmgr.fr

[Fabian Keil]

Quoting <http://config.privoxy.org/user-manual/actions-file.html#TAG-PATTERN>:
|Sections can contain URL and tag patterns at the same time,
|but tag patterns are checked after the URL patterns and thus
|always overrule them, even if they are located before the
|URL patterns.

To "make URL-based exceptions to header-based TAG rules"
you therefore have to cheat and create "unblock" tags.

The show-url-info page currently doesn't consider tags
at all. I agree that this should be changed.