Privoxy HTTP Filtering Configuration

Privoxy HTTP Filtering Configuration

Overview

The Pimeleon router implements Privoxy as a sophisticated HTTP filtering proxy, providing advanced ad blocking, privacy protection, and content modification capabilities. Operating on port 8118 across all network interfaces, Privoxy receives traffic from Squid proxy and applies comprehensive filtering through AdBlock Plus integration, custom action files, and privacy-enhancing features.

Architecture & Design Philosophy

Advanced Content Filtering Layer

Privoxy serves as the intelligent content analysis and modification engine:

  • AdBlock Plus Integration: Native ab2p filter support for comprehensive ad blocking
  • Content Modification: Real-time HTML, CSS, and JavaScript modification
  • Privacy Enhancement: Cookie filtering, header manipulation, and tracking prevention
  • Customizable Rules: Flexible action and filter file system for tailored filtering

Multi-Network Service Design

Comprehensive network coverage across all interfaces:

  • Localhost: 127.0.0.1:8118 for Squid proxy integration
  • LAN Interface: 192.168.76.1:8118 for direct wired client access
  • WiFi Interface: 192.168.77.1:8118 for direct wireless client access
  • Transparent Integration: Seamless operation with upstream Squid proxy

Intercepted Traffic Processing

Sophisticated handling of transparently intercepted traffic:

  • Accept Intercepted Requests: Enabled for transparent proxy operation
  • CGI Request Handling: Safe processing of dynamic content requests
  • Form Processing: Intelligent handling of large forms and POST data
  • Connection Management: Optimized keep-alive and timeout handling

Service Configuration

Core Privoxy Settings

Foundation configuration for filtering operation:

  • Configuration Directory: /etc/privoxy for centralized configuration
  • Log Directory: /var/log/privoxy for comprehensive logging
  • User Manual: /usr/share/doc/privoxy/user-manual for documentation
  • Buffer Limit: 4096KB for efficient memory usage

Action File Hierarchy

Structured approach to filtering rules with prioritized application:

System-Level Actions

  • match-all.action: Universal rules applied to all requests
  • default.action: Core Privoxy default filtering rules
  • ads.yoyo.action: Additional ad-blocking rules from external source

User Customization

  • user.action: Local customizations and site-specific overrides
  • ab2p/ab2p.system.action: AdBlock Plus system rules
  • ab2p/ab2p.action: AdBlock Plus user rules

Filter File Integration

  • default.filter: Core content modification filters
  • user.filter: Custom content modification rules
  • ab2p/ab2p.system.filter: AdBlock Plus content filters
  • ab2p/ab2p.filter: AdBlock Plus custom filters

Network Interface Configuration

Multi-interface listening for comprehensive coverage:

  • Primary Listen: 127.0.0.1:8118 for Squid integration
  • LAN Access: 192.168.76.1:8118 for wired network clients
  • WiFi Access: 192.168.77.1:8118 for wireless network clients
  • Remote Management: Enabled for web-based configuration

AdBlock Plus Integration

ab2p Filter System

Native AdBlock Plus filter support with comprehensive coverage:

  • System Filters: Pre-configured ab2p.system.* files for core functionality
  • User Filters: Customizable ab2p.* files for personalized blocking
  • CSS Injection: Extensive CSS-based element hiding across domains
  • Pattern Matching: Advanced pattern matching for ad detection

Domain-Specific Filtering

Extensive domain-specific filtering rules:

  • Top-Level Domains: Specialized rules for .com, .org, .net, etc.
  • Country-Specific: Targeted filtering for regional domains (.ru, .ua, .by, etc.)
  • Platform-Specific: Specialized rules for major platforms (blogspot, forumactif, etc.)
  • Adult Content: Comprehensive filtering for adult content domains

CSS Element Hiding

Advanced client-side content blocking:

  • Element Selectors: Precise CSS selectors for ad element removal
  • Dynamic Loading: Real-time CSS injection for newly loaded content
  • Cross-Domain Rules: Universal rules applied across multiple domains
  • Performance Optimization: Efficient CSS delivery for minimal page impact

Privacy Protection Features

Header Manipulation

Comprehensive HTTP header modification for privacy:

  • User-Agent Normalization: Standardized user agent strings
  • Referrer Control: Selective referrer header modification
  • Cookie Management: Advanced cookie filtering and modification
  • Tracking Prevention: Removal of tracking headers and parameters

Forward Configuration

Strategic forwarding rules for different destinations:

  • Direct Access: Bypass proxy for trusted domains (.github.com, .debian.org)
  • Development Tools: Direct access for development platforms
  • Financial Services: Direct routing for banking and payment sites
  • Gaming Services: Optimized routing for gaming platforms

Connection Privacy

Enhanced connection-level privacy protection:

  • IP Forwarding: Disabled proxy authentication forwarding
  • Connection Timeout: 300 seconds for optimal balance
  • Keep-Alive: 60 seconds for efficient connection reuse
  • Socket Management: Optimized socket handling for privacy

Content Modification Engine

Filter System Architecture

Sophisticated content modification through filter files:

  • Pattern Matching: Advanced regular expression-based content detection
  • Content Replacement: Real-time HTML content modification
  • Script Injection: JavaScript injection for enhanced functionality
  • CSS Modification: Style sheet modification for improved user experience

Dynamic Content Handling

Intelligent processing of dynamic web content:

  • Form Processing: Large form splitting for improved handling
  • AJAX Support: Proper handling of asynchronous requests
  • Document Type Handling: Appropriate handling of different document types
  • Error Recovery: Graceful handling of malformed content

Template System

Customizable response templates for different scenarios:

  • Blocked Content: User-friendly blocked content notifications
  • Error Pages: Informative error page templates
  • Configuration Interface: Web-based configuration templates
  • Status Pages: Comprehensive status and statistics templates

Performance Optimization

Memory Management

Efficient memory usage for Pi 3B+ hardware:

  • Buffer Limits: 4096KB buffer limit for optimal memory usage
  • Connection Pooling: Efficient connection reuse and pooling
  • Template Caching: Cached templates for improved response times
  • Filter Optimization: Optimized filter processing for minimal CPU impact

Connection Optimization

Advanced connection handling for improved performance:

  • Keep-Alive Support: 60-second keep-alive for connection efficiency
  • Timeout Management: Balanced timeouts for reliability vs performance
  • Concurrent Connections: Efficient handling of multiple simultaneous connections
  • Request Pipelining: Support for HTTP request pipelining

Filtering Performance

Optimized filtering engine for real-time processing:

  • Compiled Filters: Pre-compiled regular expressions for faster matching
  • Hierarchical Processing: Efficient action file processing order
  • Cache Integration: Seamless integration with upstream Squid cache
  • Resource Minimization: Minimal resource usage for filtering operations

Advanced Features

Remote Management Interface

Web-based configuration and monitoring:

  • Remote Toggle: Web-based enable/disable functionality
  • Action Editing: Live editing of filtering rules through web interface
  • HTTP Toggle: HTTP-based service control
  • Statistics Display: Real-time filtering statistics and performance metrics

CGI Interface

Comprehensive web-based administration:

  • Configuration Editor: Live configuration file editing
  • Action Management: Dynamic action file modification
  • Filter Management: Real-time filter rule updates
  • Status Monitoring: Comprehensive service status display

Trust System

Sophisticated trust-based filtering:

  • Trust File: /etc/privoxy/trust for trusted site management
  • Selective Filtering: Different filtering levels based on trust
  • User-Defined Trust: Custom trust definitions for specific needs
  • Dynamic Trust: Real-time trust level adjustments

Integration Benefits

Squid Proxy Integration

Seamless integration with upstream caching proxy:

  • Cache Peer Configuration: Optimized cache peer setup in Squid
  • Content Pipeline: Efficient content processing pipeline
  • Performance Coordination: Balanced load between caching and filtering
  • Error Handling: Coordinated error handling between services

Network Service Coordination

Integration with broader network infrastructure:

  • DNS Independence: Works independently of DNS filtering
  • Firewall Coordination: Coordinated with Shorewall traffic redirection
  • Service Discovery: Maintains network service accessibility
  • Cross-Network Operation: Consistent filtering across LAN and WiFi

Content Delivery Optimization

Enhanced content delivery through intelligent filtering:

  • Bandwidth Reduction: Blocked content saves network bandwidth
  • Load Time Improvement: Removed elements improve page load times
  • User Experience: Cleaner browsing experience without ads
  • Privacy Enhancement: Reduced tracking and data collection

Monitoring and Maintenance

Service Health Monitoring

Comprehensive monitoring for reliable operation:

  • Process Status: SystemD integration for service lifecycle management
  • Configuration Validation: Automatic configuration file validation
  • Filter Updates: Monitoring of filter file updates and changes
  • Performance Metrics: Real-time performance and resource monitoring

Logging and Analysis

Detailed logging for troubleshooting and analysis:

  • Access Logging: Comprehensive request and response logging
  • Debug Levels: Multiple debug levels for different components
  • Error Tracking: Detailed error logging and analysis
  • Performance Logging: Resource usage and performance metrics

Filter Management

Automated filter maintenance and updates:

  • ab2p Updates: Automatic AdBlock Plus filter updates
  • Custom Rules: Management of custom filtering rules
  • Rule Validation: Automatic validation of filter syntax
  • Performance Impact: Monitoring of filter performance impact

Security Considerations

Configuration Security

Secure configuration file management:

  • File Permissions: Appropriate permissions on configuration files
  • Access Control: Restricted access to sensitive configuration
  • Update Security: Secure update mechanisms for filter files
  • Backup Management: Secure backup of configuration files

Content Processing Security

Secure content modification and filtering:

  • Input Validation: Comprehensive validation of processed content
  • Script Security: Safe JavaScript injection and modification
  • Template Security: Secure template processing and rendering
  • Error Handling: Secure error handling to prevent information disclosure

Network Security

Secure network operation:

  • Interface Binding: Secure binding to appropriate network interfaces
  • Connection Security: Secure connection handling and management
  • Protocol Validation: Comprehensive protocol validation and security
  • Access Logging: Security event logging for analysis

Troubleshooting

Common Issues and Solutions

Frequent problems and resolution approaches:

Filter Problems

  1. Blocking Issues: Check action file syntax and rule precedence
  2. Performance Degradation: Optimize filter rules and regular expressions
  3. Site Compatibility: Add problematic sites to bypass rules
  4. CSS Injection Issues: Validate CSS selectors and injection rules

Configuration Problems

  1. Service Start Issues: Validate configuration file syntax
  2. Network Access: Verify interface binding and firewall rules
  3. Integration Issues: Test communication with Squid proxy
  4. Permission Problems: Check file permissions on configuration files

Performance Issues

  1. Memory Usage: Monitor buffer limits and memory consumption
  2. Response Times: Optimize filter processing and connection handling
  3. Resource Usage: Balance filtering complexity with performance
  4. Connection Issues: Tune timeout and keep-alive settings

Diagnostic Commands

Useful commands for troubleshooting:

# Check Privoxy service status
systemctl status privoxy

# Test Privoxy connectivity
curl -x 127.0.0.1:8118 http://example.com

# Validate Privoxy configuration
privoxy --config-test /etc/privoxy/config

# Monitor Privoxy logs
tail -f /var/log/privoxy/logfile

# Access web interface
curl http://127.0.0.1:8118/

← Back to Dashboard

ON THIS PAGE
Overview
Architecture & Design Philosophy
Service Configuration
AdBlock Plus Integration
Privacy Protection Features
Content Modification Engine
Performance Optimization
Advanced Features
Integration Benefits
Monitoring and Maintenance
Security Considerations
Troubleshooting
Related Documentation