******************************************************************************* Config Control ******************************************************************************* Contents: Header Filters Window 1 Config Mode 2 General 3 Proxies 4 Logging 5 Cookie Handling 6 Cache Handling 7 Script Handling Web Filters Window Display I Window Handling Ads JavaScript - General JavaScript - Interception Various ******************************************************************************* Header Filters Window ******************************************************************************* ------------------------------------------------------------------------------- 1 Config Mode (only enable one) ------------------------------------------------------------------------------- Note: Generally, mode dependent filters are marked with the lowest mode in which they are active. For instance, "l.4" indicates "advanced and debug mode only". The config mode can also be controlled via the Proxomitron menu or the Exceptions lists. 1.1 Minimal Mode (off) ............................................................................... If active, only a minimal Proxomitron script gets inserted, and most filters that don't deal with ads are disabled. Not all bypassed filters are explicitly marked as such. Suited for new users, who expect Proxomitron to just block ads and popups. 1.2 Light Mode (off, "l.2") ............................................................................... This is the "install and forget about Proxomitron" mode. It offers more protection than the minimal mode, and the Proxomitron menu is already available. However, filters that are likely to confuse new users - e.g. require any sort of interaction - get bypassed. 1.3 Standard Mode (on, "l.3") ............................................................................... The full set, except most informational and a few rather risky filters. Hopefully suited for most users. 1.4 Advanced Mode (off, "l.4") ............................................................................... For the most part the same as standard mode, but more information about the current document is shown in the page footer, title, status bar, and Proxomitron log window. Also, a few experimental or potentially troublesome filters are active here. Corresponds to the default settings in previous config versions. Intended for advanced users. 1.5 Debug Mode (off, "l.5") ............................................................................... Not to be confused with Prox' "dbug.." URL command. This switch activates several verbose JavaScript and filter subroutines, including: All Proxomitron kills are displayed inline, including scripts and comment-blocks (going beyond the "Toggle Kills" menu item). Another bottom flyover link, "vars", is added, showing all Proxomitron global variables that haven't been reset. Show "xxx" Scripts / Show "xxx" CSS in the Proxomitron menu also displays the files injected by the config. Changes to the "document.domain" JS property are blocked, which may help if the browser is complaining about cross-domain security violations. Our own scripts aren't removed from the DOM anymore after execution. ------------------------------------------------------------------------------- 2 General ------------------------------------------------------------------------------- 2.1 Never alter Page/Link Styles (on) ............................................................................... The config comes with a number of filters that modify some aspects of the original page layout. That includes for instance dimmed white backgrounds, the color of visited links, and links with certain protocols (ftp:, file:, mailto:, etc.). This option prevents such modifications, and the Proxomitron stylesheet that controls the appearance of normal links doesn't get inserted. Note: Although defaulting to active by common request, this switch has a few drawbacks: The URLs that you've visited lately are theoretically accessible from other pages (risk is very low). Pages may force objectionable events by inserting multiple BODY tags (risk is low). Webmasters may give visited links the same color and style as normal ones (common practice). Filters affected by this switch are marked with "style". Also accessible from the Proxomitron menu. 2.2 Use Half-SSL (off) ............................................................................... If active, secure links (https://) get redirected or converted to a Proxomitron URL command (http://https..). Pro: You may save some time because Proxomitron doesn't need to re-encrypt the document after filtering - and the browser doesn't need to decrypt it. You don't get a warning message in Mozilla and Opera, saying that Proxomitron's certificate doesn't match the site in question. Contra: The browser is completely unaware that it is dealing with a secure page. All responsibility goes to Proxomitron. You may not feel comfortable with this fact. This option requires a URL-based Proxomitron command. Do *not* check "Disable URL-based Proxomitron commands", under "Config -> Access" in Proxomitron's main window. Proxomitron *must* have access to the SSL DLLs. The browser's HTTPS proxy setting will not matter when this technique is in effect. More info: The "Installation" chapter in the ReadMe. Scott R. Lemmon's thoughts in Proxomitron's ReadMe. ------------------------------------------------------------------------------- 3 Proxies ------------------------------------------------------------------------------- 3.1 Proxy Spoofing by Default (off) ............................................................................... Enable this and Proxomitron will try to hide your real IP address from nosey websites by pretending that your computer is a proxy server forwarding requests for another (US) IP address. The "spoofed" IP address will be constant per domain. The "spoofed" IP address will change when the config is reloaded. Note: Your IP address isn't *really* hidden by this. A webmaster with an average IQ will detect the spoof when inspecting the log. Also, you may have problems accessing some sites. Also accessible from the Proxomitron menu. 3.2 Use Proxy by Default (off) ............................................................................... As long as you use a standard proxy, there is no real difference between this option and the "Use Remote Proxy" checkbox in Proxomitron's main window. If your main proxy requires authentication and your proxy list contains more than one entry, you *always* need to use this switch instead of the built-in one. 3.3 Use Proxy with FTP and Gopher (off) ............................................................................... This switch enables Proxomitron to filter documents that are located on FTP or Gopher servers. To make this possible, the address of an intermediate proxy that translates the protocols into HTTP must be entered inside the filter. See the "Installation" chapter in the ReadMe for further details. 3.4.a Use Standard Proxy (on) ............................................................................... Self-explanatory. 3.4.b Use Auth Proxy (off) ............................................................................... Check this option and uncheck the one above if your remote proxy requires authentication. See the "Installation" chapter in the ReadMe for additional mandatory steps to get your remote proxy up and running. ------------------------------------------------------------------------------- 4 Logging ------------------------------------------------------------------------------- 4.1.a Log to Main + Rare (off) ............................................................................... Most filters can log their hits to files. If this option is active, rare or crucial hits are logged to Log-Rare.log. These and all other hits also go timestamped to Log-Main.log. 4.1.b Log to Main (ctrl+shift key) + Rare (on) ............................................................................... Same as above option, except that logging to Log-Main.log only happens, if you press and hold CTRL+SHIFT. Don't enable 4.1.a *and* 4.1.b. 4.2 Log common Nuisances (on) ............................................................................... If one of previous two options is activated as well, then attempts to launch encrypted scripts, malware ActiveX controls, floating layers, etc. are logged to Log-Rare. Web hitchhikers may want to turn this switch off, as above practices are popular and tend to flood the logs. ------------------------------------------------------------------------------- 5 Cookie Handling (only enable one or none) ------------------------------------------------------------------------------- 5.1 Session Cookies by Default (on) ............................................................................... All persistent cookies are converted to session cookies that will be lost, when the current browser session ends. *Except* cookies from sites listed in the default "AllowCookies" list. 5.2 Block Cookies by Default (off) ............................................................................... No cookies are allowed to arrive at or leave your browser. *Except* cookies from sites listed in the default "AllowCookies" list. Note: Cookies set by images or by documents coming from domains other than the one where the main page is located are always blocked by default. ------------------------------------------------------------------------------- 6 Cache Handling (only enable one or none) ------------------------------------------------------------------------------- 6.1 Always Cache (off) ............................................................................... Details: - Everything is cached for 24 hours. - Reload sends a conditional request to the server that asks if the document has changed since the last fetch. If there was no such information (Last-Modified or ETag), the document is re-requested anyway. - CTRL-Reload unconditionally re-requests the document, no matter if it has changed or not. - This behavior is the same for all browsers and all documents - the HTML page and everything that is embedded, images, external scripts, stylesheets, etc.. Pro: Browsing can be very fast. Contra: You may hit the reload button pretty often, for instance when logging into/out of an account or editing a post. Always inactive while pressing the CTRL or SHIFT key. 6.2 Always Cache except for HTML (on) ............................................................................... This is a trade-off between options "6.1" and "6.3". Details: - When navigating back/forward in a browser window, everything is fetched from the cache. - When revisiting a page, only the page itself (not images, ...) is conditionally re-requested - if supported by browser and server. - Same as option "6.1" otherwise. Always inactive while pressing the CTRL or SHIFT key. 6.3 Always Fresh (off) ............................................................................... All documents are re-fetched from the server in all situations. Always active while pressing the CTRL key. Always inactive while pressing the SHIFT key. ------------------------------------------------------------------------------- 7 Script Handling (only enable one or none) ------------------------------------------------------------------------------- 7.1 Block all Scripts (off) ............................................................................... Self-explanatory. Also accessible from the Proxomitron menu. 7.2 Block all Third Party Scripts (off) ............................................................................... All external scripts that come from another domain than the referring one get blocked. 7.3 Block specific Third Party Scripts (on) ............................................................................... Activates a list of hosts that serve scripts to blogger and news sites. These "widgets" are harmless by nature, but made it into the list, because they are either resource hungry or slow. ******************************************************************************* Web Filters Window ******************************************************************************* ------------------------------------------------------------------------------- Display I ------------------------------------------------------------------------------- Add Proxomitron Menu (on) ............................................................................... Activates the menu. See "Prox_Menu.txt" for details. . + Open normal Links in new Windows (off) ............................................................................... Activating this option will cause all normal links in the Proxomitron Menu to open in a new window - except "Up" and "Top". Add Style Selector (on) ............................................................................... If a document contains alternate stylesheets (more exactly, titled links to external stylesheets), you will see a "styles" link at the bottom of that page. Clicking on it opens a small popup that shows you a list of styles to select from and apply. Title: Append Time, Snip Excess (on in advanced mode) ............................................................................... Excessively long page titles are trimmed to 62 chars. The current time is displayed in the right part. Title: Append Last-Modified or ETag (on in advanced mode) ............................................................................... If the server sends a Last-Modified header with the document, the GMT (UTC) time will be displayed in the right part of the title. This also indicates that the document is easily cacheable. Sometimes only an ETag header is sent, making caching just as easy. In this case "ETag" is displayed instead. Title: Prepend Proxy Indicator (on in advanced mode) ............................................................................... If you are connecting thru a proxy, the indicator "[Proxy]" will be prepended to the page title. It appears for Exceptions-U list entries with a "i_proxy:2" keyword, or if you have temporarily activated the "Use Proxy" option in the Proxomitron menu. It will not appear, if you activate above mentioned "Use Proxy by Default" header filter, or if you use Proxomitron's built-in "Use Remote Proxy" switch. Status Bar: Add Page Load Timer (on) ............................................................................... Measures the time a page takes to load and displays it in the status bar. In advanced mode a second value is shown: The time after all "onload" and "DOMContentLoaded" jobs have finished. Status Bar: Add Time (off) ............................................................................... Appends the time when the page was last loaded to the status bar text. Thus partly overlapping with above described "Title: Append Time, Snip Excess" option. Status Bar: Add Last-Modified or ETag (off) ............................................................................... Similar to above described "Title: Append Last-Modified or ETag" option, but the information is appended to the status bar text instead. Display Important Info (on) ............................................................................... Important things like exploit attempts or site-specific actions are displayed as a flyover, if you hover over the respective links at the bottom of the page. Display Kills (off) ............................................................................... Information about almost all blocked or removed code is displayed in the page. You can always show/hide this information with the "Toggle Kills" bookmarklet or the "Toggle Kills" link in the Proxomitron Menu. Always active while in Debug Mode. iFrame Toggle: Extend to Onsite URLs (off) ............................................................................... By default, just third-party (i.e. off-domain) iFrames are converted to a load/unload toggle. This switch extends that feature to all iFrames. Flash & Media Toggle: Show/Play by Default (off) ............................................................................... By default background sounds, Flash, and movies don't start or show up until you click a "toggle" link. This switch reverses that principle: Everything is displayed until you click the respective link. ------------------------------------------------------------------------------- Window Handling ------------------------------------------------------------------------------- Popups: Block (on) ............................................................................... Unrequested popups get blocked. These are windows that try to open, although you didn't click the mouse within the last two seconds. . + Icon Notification (on) ............................................................................... Shows a little image at the page bottom for each blocked popup. If the popup location was passed as a function argument, the image is blue and clicking it opens the blocked page in the current window. Else, the image is light red. . + Sound Notification (on) ............................................................................... Makes a sound for each blocked popup. . + Force normal Browser Controls (on) ............................................................................... Requested popups are forced to be resizable and to have addressbar, statusbar, and scrollbars if needed. . + Force all Browser Controls (off) ............................................................................... Beyond above mentioned controls, requested popups will also have menubar, and toolbars if supported by your browser. Resizing: Block all but Popups (on) ............................................................................... Blocks all "moveTo" and "resizeTo" calls to the main browser window, but not to requested popup windows. In Normal Config Mode and above the blocked x/y co-ordinates are shown at the page bottom. ------------------------------------------------------------------------------- Ads ------------------------------------------------------------------------------- Block Ads by URL (on) ............................................................................... Blocks a variety of HTML tag blocks and script code, containing links that either point to known ad servers or have popular ad strings in their path name. Can be fine-tuned by the switches given below. . + On-Domain Banners (off) ............................................................................... The string "banner", localizations like "banniere", "baner", as well as words like "affiliates", "marketplace", "promotion", "sponsor" are controversial. By default they are only considered as ad indicator for links that point to hosts on another domain. This switch will use above strings also for local links. . - Off-Domain Banners (off) ............................................................................... Above strings won't be used for ad blocking by path name. . - On-Domain Ad Hosts (off) ............................................................................... HTML and JavaScript blocks that contain links pointing to an adserver on the current domain won't get blocked. . - On-Domain Ad Paths (off) ............................................................................... Local links won't be compared with the "AdPaths" list. However, off-domain links are still checked. . - Don't target Image HREFs (off) ............................................................................... Usually both, the link and the image location of clickable pictures are scanned for ad strings. The first test is a bit riskier and is skipped if this option is active. . - Treat Off-Domain Links like local Links (off) ............................................................................... Local URLs are handled differently than off-domain ones. Certain entries in the ad lists are excluded, certain filter subroutines are turned off. This option extends non-restrictive URL checking to all links. Don't block Ads by Keyword - HTML (off) ............................................................................... By default, class/id/name/alt/title attributes of HTML tags are scanned for ad'ish strings. This switch turns that off - the "AdKeys" list is off duty. Don't block Ads by Keyword - JS (off) ............................................................................... Deactivates blocking/removal of scripts and JavaScript functions that contain keywords listed in "AdKeys-J". Don't block Ads by Dimension (off) ............................................................................... Normally, linked images and container tags like iframes or objects are also blocked, if their specified width and height match an "AdDimensions" list entry. But not with this option active. (to be continued...) *EOF*