[Ukfreebsd] Notes from yesterdays meeting
rvrnt at icloud.com
Thu Oct 27 16:57:33 BST 2016
On 26/10/2016 à 18:10, Sevan Janiyan wrote:
> Using privoxy to filter trackers
In connexion with Privoxy, I wanted to be a little more accurate.
Please, visit their web page <https://www.privoxy.org/> and where I
humbly contribute to
<https://www.prxbx.com/forums/forumdisplay.php?fid=49>. PRXBX forum
seems to be a good resource to start with Privoxy. I’m known as
/Faxopita/ in the field Privoxy/ProxHTTPSProxy.
Privoxy, a local web-filtering proxy, is a superb tool to filter
everything–including ads and trackers–modify web pages on the fly before
they actually reach your web browser and block untrusted domain names.
Natively, Privoxy can filter URLs based on either the host
name–including HTTPS–or the path-side of the URL–excluding HTTPS.
The pattern matching syntax is different for the host and path parts
of the URL
The host part uses a simple globbing type matching technique, while
the path part uses more flexible “Regular Expressions” (POSIX 1003.2).
However, if you want extended REGEX for hosts, you can compile with the
|--enable-extended-host-patterns|, which is a “switch” to enable PCRE
filtering for hostnames. Visit this blacklist page
<http://188.8.131.52/blocklist.txt> as well.
The beauty is that blocking unwanted domains with Privoxy is seriously
more flexible than resorting to a /hosts/ file. With metacharacters, you
can really compress your block list versus hosts files. Also, If you
want to block |www.ugly_domain.tld| and |ugly_domain.tld|, just input
|.ugly_domain.tld| in your Privoxy-friendly block list. So, no need to
double your entries because of the additional |www.|
Since Privoxy cannot filter the path side of encrypted requests–Privoxy
is neither a MITM (nor caching web) proxy–you must enhance it with an
“add-on”, such as ProxHTTPSProxy
<https://www.prxbx.com/forums/forumdisplay.php?fid=48> (written in
Python) to fix this undesirable outcome.
Drawback: security-wise, one must be careful and “trust” our
machine/network… Indeed, using that kind of add-on will enable clear
text queries made locally between your browser and ProxHTTPSProxy! You
can exclude certain domains from being viewed by the add-on, such as
banks, e-commercers, etc. if you prefer.
ProxHTTPSProxy is great for personal use. You can triple check the
source code as well if you’re unsure. After 15 months of use, I must say
it works great and I had no security issues so far.
Visit the PRXBX forum regularly for regular updates. RSS feed #1
<https://www.prxbx.com/forums/syndication.php?fid=49&limit=15>, RSS feed
Have a great Friday!
More information about the Ukfreebsd