*******************************************************************************
Frequently asked Questions -- Last updated: June 22, 2009
*******************************************************************************
This is a collection of questions - about Proxomitron, the way it works, and my
config - which are either common or likely to appear more often.
I'll update this file when new questions appear and as time permits.
Contents:
General
Config related
Technical
*******************************************************************************
General
*******************************************************************************
Q1: I have a question that isn't covered here, what to do?
A1: Check out the help files that come with the program. They are written in
an easy to understand language and cover most general questions that could
come up.
If that didn't help, post your question in one of the Proxomitron
discussion groups. (Those that i frequently visit are listed in the
"Links" section of my Prox web page.)
People are very helpful there, but what they need to know in case of a
problem is where it appears (e.g. http://mysite.com/index.asp?foo), which
browser and filters you are using, and what is going wrong - as exact as
possible, like: "Usually i see an image lower right, but with Proxomitron
active it isn't there anymore."
Q2: I got an advice for my problem, but it's still there.
A2: Clear your browser's cache, restart the browser and reload the page.
Q3: How do i uninstall Proxomitron?
A3: No "uninstallation" is needed. Just go to your browser's proxy settings
and change them to what they where before you "installed" Proxomitron.
Which would be one of "direct connection", "use proxy" unchecked, or a
remote proxy instead of "localhost:8080".
See the "Installation and Eradication" chapter in the help files for
further details.
Q4: This filter doesn't work with my browser's ad blocker plugin.
A4: Ad-blocking plugins filter the data stream after it has been processed by
Proxomitron. So for instance, if an ad, Flash, etc. is supposed to show
up on click from the Prox point of view, it may still be blocked by the
plugin. As i see it, there is zero need for such plugins while using
Prox.
Q5: I get a Proxomitron warning about wrong SSL certificates for mozilla.org
and zonelabs.com. What's up here, and how can i fix it?
A5: For some time Mozilla.org used a certificate with a
"(addons|aus|...).mozilla.org" regular expression in the "commonName" (CN)
field, which Proxomitron apparently didn't understand. The current
certificate uses "*.mozilla.org", which Proxomitron does understand.
cm2.zonelabs.com uses a self-signed, hence invalid certificate.
To get around both, Proxomitron's warning about the Zonelabs certificate,
and Mozilla's warning about Proxomitron's (naturally self-signed)
certificate while checking for updates, you can add these entries to the
general bypass list:
(addons(.update|)|aus|update).mozilla.org:
cm2.zonelabs.com:
Note that the Zonelabs hostname is followed by a colon instead of a slash,
because Proxomitron "sees" all HTTPS URLs internally with a port number
(usually 443), even if they don't appear like that in the browser's
address bar.
Q6: Webpages load slow or sluggish. This is not config dependent, and it
doesn't happen if i bypass Proxomitron. I'm using an NT based Windows OS.
A6: Open the registry editor and go to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Make sure that the DWORD value "SynAttackProtect" either isn't present or
is *not* set to "2" (best protection). The two other possible numbers in
the data field are "0" (default - typical protection) and "1" (better
protection).
Q7: I can't get persistent connections to work. I almost never get gzip'ed
documents. My browser doesn't cache as much as it is supposed to do.
A7: This happens if the HTTP connection requests don't leave your machine as
HTTP/1.1 but as HTTP/1.0. Some external or LAN proxies/routers require
the old protocol, but that's rare nowadays.
You can test that by opening Proxomitron's log window before loading a
page. The server's response should look like e.g. "HTTP/1.1 200 OK".
If you see "HTTP/1.0" instead, there may be several reasons:
- Your software firewall doesn't support HTTP/1.1, NIS is apparently one
of them.
- Your browser is set up to use HTTP/1.0 with proxies.
For IE you find this setting under "Internet Options" -> "Advanced" ->
"Use HTTP 1.1 through proxy connections".
For Mozilla it is "network.http.proxy.version" -> "1.1" in
"about:config".
- You've set Proxomitron to send HTTP/1.0 requests: "Proxomitron" ->
"Configure" -> "HTTP" -> "Send only HTTP/1.0 requests".
*******************************************************************************
Config related
*******************************************************************************
Q1: This page doesn't display correctly with your config.
A1: Make sure that in Proxomitron's preferences -> Access -> "Disable
URL-based Proxomitron commands" is *not* checked, as this config depends
on them.
In case you've customized your config: There should be a file
"sidki_oob.ptron" in Proxomitron's directory, which is a copy of the
out-of-box config, except that it doesn't scan your user Exceptions list.
Load it, clear the cache, restart the browser, and see if the problem is
still there.
If so, it can usually be solved by adding that page to the user list
"Exceptions-U". For instance, if you want to allow all scripts on
this.site.com, the entry would look like:
this.site.com/ $SET(0=a_js.)
See "Exceptions.html" for a short description of all keywords.
Above procedure is automated for the most common keywords. Open the
Proxomitron menu, select "Allow" -> "All JavaScript", and hit the "List"
button.
Q2: Google pages are shown in English instead of my language. I want less
than 100 search results per page.
A2: Open "CookieValues.ptxt" with an editor and look for the "Google
preferences" entry. It sends a faked cookie to Google that anonymizes
your ID, among other things.
On the last line of this entry, after ":CR=2", append ":LD=MY_LOCALE".
"MY_LOCALE" would be "fr" for French, "de" for German, "es" for Spanish,
"xx-bork" for extra-terrestrians, etc..
For e.g. 25 search results per page, replace "NR=100" with "NR=25".
After above changes the cookie string could look like:
PREF=ID=3003added0032123:FF=4:NR=25:CR=2:LD=de
Do the same thing with the cookie strings in the "Google" section of
Exceptions.ptxt.
Q3: I don't want any HTTPS/SSL/secure sites to be filtered.
A3: Select the "HTTP" tab in the preferences and uncheck "Use SSLeay/OpenSSL".
Optionally remove "localhost:8080" (or similar) from the HTTPS/SSL/secure
section in your browser's proxy settings. Do *not* enable "Use Half-SSL"
in the upper part of the "Header Filters" window.
Note that the off-by-default "Yahoo: Auto Login" webfilter is supposed to
match on secure pages, so it will cease to work.
Q4: I don't like the Proxomitron menu to be semi-transparent in Firefox and/or
Internet Explorer.
A4: Go to the "html\sidki_h_*\css\" subdirectory, open "proxcss-m-moz.css" and
"proxcss-m-ie7.css", and remove all lines containing the strings
"opacity:" and "filter:". Save files, clear cache, and restart your
browser.
Q5: My bookmarklet doesn't work with your config.
A5: Have a look at that bookmarklet and make sure that the name of the newly
opened window starts with "prx_", like:
window.open('foo.html','prx_bookmarklet')
This prefix is acting as a bypass to prevent certain windows from being
caught by the popup blocker.
Q6: The Proxomitron menu / this "Alternate Layout" filter doesn't work with my
Firefox. I already tried it with "sidki_oob.ptron" (FAQ -> Config related
-> A1).
A6: Some Firefox extensions (most notably ad-blocking ones) don't play nice
with dynamic layout changes. Try again with a clean profile. You can
create/switch profiles when starting Firefox with the "-ProfileManager"
command-line switch.
Q7: I don't see my browser's default icon on tabs anymore, how to get it back?
A7: Open the "Header Filters" window and untick "Content-Type: 2a Kill Favicon
Error Responses". Only downside when doing so is that your browser is
making a few more unnecessary remote requests.
Q8: I like to keep the count-down timer, news ticker, clock, etc. on
mypage.com running beyond the default 10 seconds. I'm too lazy to push
the "timer" button, or the frame is too small to show this button.
A8: Either add "mypage.com/ $SET(0=i_timer:0.)" to your Exceptions-U list,
or click on the page (or frame) within these first ~10 seconds, which
bypasses setTimeout interception.
*******************************************************************************
Technical
*******************************************************************************
Q1: What exactly is the certificate used for in Proxomitron?
A1: If you go to an https page, Proxomitron decrypts the page, filters it, and
re-encrypts it using a certain key. This key is contained in its
certificate, called "proxcert.pem". The browser in turn gets the
re-encrypted page and asks again for proxcert.pem to be able to decrypt
the page.
Now that Prox has all the SSL responsibility, it needs to know which
"real" certificates (the ones that belong to the https pages) are good and
which are bad. For this purpose it uses a list of trusted certificate
authorities - companies that issue certificates. This list is called
"certs.pem".
Q2: I get constant warnings about security certificates.
A2: Usually, if you're visiting an encrypted page, the certificate's name
needs to match the current domain, e.g. "secure-site.com". If you allow
Proxomitron to filter secure pages (the default in my set), your browser
always receives proxcert.pem instead of the site's certificate (see last
question). proxcert.pem's "Issued To" name is "Proxomitron" and not
"*.secure-site.com".
Its "Issued By" name is "Proxomitron", too! At first your browser doesn't
know a trusted authority called "Proxomitron" and aks you if you always
want to trust it. Say yes!
Now Internet Explorer is satisfied and keeps quiet, but Firefox and Opera
will still warn you once per site that "Proxomitron" - although trusted -
doesn't match "secure-site.com". This is inevitable (unless you activate
the "Use Half-SSL" option in my set, see Config_Control.txt).
Update: Recent Internet Explorer versions reportedly behave like Firefox
and Opera, i.e. issue one warning per site.
Note: Proxomitron's certificate expires after one year. You'll probably
find a current proxcert.pem at:
http://sidki.proxfilter.net/prox-ssl.html
http://www.proxomitron.info/files/index.html
Q3: What local ports are involved in the request/response chain?
A3: Prox listens locally on port 8080 (by default), the browser sends its
request from a low range random port to 8080, Prox opens a low range
random port and sends the request to the outside world (usually remote
port 80), the reply from the outside world is addressed to this same port,
Prox sends the reply from port 8080 to the local port that the browser
previously opened.
Q4: $NEST() doesn't match this code. Why?
A4: $NEST() and $INEST() are skipping quotes -- By design.
Quoting Scott:
A few smattered single quotes usually isn't always a problem for it
actually. Mona's example as stated works. It only fails if you add an
additional single quote at the end and it all appears on one line and the
end tag is between the two (the line break was inserted by the mailer I
think). In other words...
'something' works, and
'something
stuff' works too but...
'something ' fails.
because it looks like the closing tag's within a string. I wish I could
think of a way to get it to work in all situations, but it's really six of
one, half a dozen of the other. Originally I thought to only include
quotes after an equal, but in JavaScript you also run into quotes after
( , . + and probably several others. I also tried just checking double
quotes (they're less common in regular text and usually paired anyway),
but while most JavaScripts use double quotes for strings, enough didn't
that I still ran into frequent problems.
*EOF*