Add, the following to privoxy's configuration file:
accept-intercepted-requests 1
then, you can redirect traffic to privoxy
using iptables
:
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT 8118
privoxy
cannot be tweaked too much, a good idea is to not use its filtering system and go with either polipo
or (if you must) dansguardian
. privoxy
's filtering system, while very advanced, is also perceivably slow. Use privoxy
for filtering only as a last resort - polipo
performs faster when filtering a long list of domains.
Thus, disable all filters:
## Privoxy is slow, disable filters. #actionsfile default.action # Main actions file #filterfile default.filter #actionsfile user.action
One of the best uses for privoxy
is to use it as a proxy relay, for example:
## Forward everything that does not match to polipo ## for content filtering and fast fetching of websites. forward / 127.0.0.1:8123 ## Browse the .onion network by sending any requests ## to URLs that end in .onion to the tor proxy. forward-socks4a .onion 127.0.0.1:9050 . ## Get around ISP censorship and redirect traffic to ## censored websites through tor. forward-socks4a .thepiratebay.sx 127.0.0.1:9050 . ## Fetching local websites (from a local apache server) ## directly, without sending the request through either ## polipo or tor - development websites should not be cached. forward mypage.com .
In the privoxy main configuration file /etc/privoxy/config
, enable the match-all.action
file:
actionsfile match-all.action
Open the default actions file /etc/privoxy/match-all.action
and amend it with:
{ \ +change-x-forwarded-for{block} \ +hide-from-header{block} \ +hide-referrer{conditional-block} \ +hide-accept-language{en-us} \ +hide-if-modified-since{-60} \ +overwrite-last-modified{randomize} \ +crunch-if-none-match \ +session-cookies-only \ +fast-redirects{check-decoded-url} \ +hide-user-agent{Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.2 Safari/537.36} \ } / # Match all URLs
For a list of user-agent strings, you can try the browsercap.org ini files for list of user agents. If you are a google.com user, it is generally a good idea to pick a Chrome user-agent string. This is because some services on the Internet adapt their websites according to the user-agent string, ie: a BSD/X11 user-agent string will make google.com look as it was 10-20 years ago, with some features disabled.
Do not pick a user-agent string of a browser that has less capabilities than the sites you browse.
First enable the user-filter by editing /etc/privoxy/config
:
actionsfile user.action
Then edit /etc/privoxy/user.action
to add the following lines:
# Redirect Google Search to Bing Search {+redirect{s@^http://[^/]*/.*?[&,\?]q=([^&]*).*@http://www.bing.com/search?q=$1@}} www.google.*/search # Redirect Google Image Search to Bing Image Search {+redirect{s@^http://[^/]*/.*?[&,\?]q=([^&]*).*@http://www.bing.com/images/search?q=$1@}} images.google.*/search
The regex [^/]*/.*?[&,\?]q=([^&]*).*
extracts the query parameter from the google search URL, stores the group and forwards the query to bing.com.
Another option is:
# Redirect Google to Bing (URL) {+redirect{http://www.bing.com}} www.google.*
In order to configure privoxy to allow you to browse both clearnet and the deep web, the following configuration should do the trick:
forward-socks4a / torclear.int:9030 . forward-socks4a .onion toronion.int:9030 . forward-socks4a .i2p i2p.int:8456 .
torclear.int
on the port 9030
.onion
addresses to a tor proxy with the hostname toronion.int
on the port 9030
.i2p
addresses to an i2p tunnel with the hostname i2p.int
on the port 8456
It is also possible to change the configuration in order to use the same tor instance for both clearnet and .onion
addresses such that torclear.int
and toronion.int
could be the same server instead of being split.
Given the configuration from the previous section; to reiterate:
forward-socks4a / torclear.int:9030 . forward-socks4a .onion toronion.int:9030 . forward-socks4a .i2p i2p.int:8456 .
the following must be verified:
torclear.int
forward proxy. To determine your connecting tor IP address you can use a service such as with.co. The IP address should be a tor outproxy IP address.toronion.int
forward proxy - you could check the tor logs on the toronion.int
machine and verify that links to .onion
websites are always requested from that machine.i2p.int
forward proxy. To verify, check the i2p web interface and look for the access logs.With this configuration in place, no websites should be accessed directly but only via the configured upstream proxies.