******************************************************************************* Frequently asked Questions -- Last updated: December 1, 2007 ******************************************************************************* This is a collection of questions - about Proxomitron, the way it works, and my config - which are either common or likely to appear more often. I'll update this file when new questions appear and as time permits. Contents: General Config related Technical ******************************************************************************* General ******************************************************************************* Q1: I have a question that isn't covered here, what to do? A1: Check out the help files that come with the program. They are written in an easy to understand language and cover most general questions that could come up. If that didn't help, post your question in one of the Proxomitron discussion groups. (Those that i frequently visit are listed in the "Links" section of my Prox web page.) People are very helpful there, but what they need to know in case of a problem is where it appears (e.g. http://mysite.com/index.asp?foo), which browser and filters you are using, and what is going wrong - as exact as possible, like: "Usually i see an image lower right, but with Proxomitron active it isn't there anymore." Q2: I got an advice for my problem, but it's still there. A2: Clear your browser's cache, restart the browser and reload the page. Q3: How do i uninstall Proxomitron? A3: No "uninstallation" is needed. Just go to your browser's proxy settings and change them to what they where before you "installed" Proxomitron. Which would be one of "direct connection", "use proxy" unchecked, or a remote proxy instead of "localhost:8080". See the "Installation and Eradication" chapter in the help files for further details. Q4: This filter doesn't work with my browser's ad blocker plugin. A4: Ad-blocking plugins filter the data stream after it has been processed by Proxomitron. So for instance, if an ad, Flash, etc. is supposed to show up on click from the Prox point of view, it may still be blocked by the plugin. As i see it, there is zero need for such plugins while using Prox. Q5: I get a Proxomitron warning about wrong SSL certificates for mozilla.org and zonelabs.com. What's up here, and how can i fix it? A5: For some time Mozilla.org used a certificate with a "(addons|aus|...).mozilla.org" regular expression in the "commonName" (CN) field, which Proxomitron apparently didn't understand. The current certificate uses "*.mozilla.org", which Proxomitron does understand. cm2.zonelabs.com uses a self-signed, hence invalid certificate. To get around both, Proxomitron's warning about the Zonelabs certificate, and Mozilla's warning about Proxomitron's (naturally self-signed) certificate while checking for updates, you can add these entries to the general bypass list: (addons(.update|)|aus|update).mozilla.org: cm2.zonelabs.com: Note that the Zonelabs hostname is followed by a colon instead of a slash, because Proxomitron "sees" all HTTPS URLs internally with a port number (usually 443), even if they don't appear like that in the browser's address bar. Q6: Webpages load slow or sluggish. This is not config dependent, and it doesn't happen if i bypass Proxomitron. I'm using an NT based Windows OS. A6: Open the registry editor and go to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters Make sure that the DWORD value "SynAttackProtect" either isn't present or is *not* set to "2" (best protection). The two other possible numbers in the data field are "0" (default - typical protection) and "1" (better protection). Q7: I can't get persistent connections to work. I almost never get gzip'ed documents. My browser doesn't cache as much as it is supposed to do. A7: This happens if the HTTP connection requests don't leave your machine as HTTP/1.1 but as HTTP/1.0. Some external or LAN proxies/routers require the old protocol, but that's rare nowadays. You can test that by opening Proxomitron's log window before loading a page. The server's response should look like e.g. "HTTP/1.1 200 OK". If you see "HTTP/1.0" instead, there may be several reasons: - Your software firewall doesn't support HTTP/1.1, NIS is apparently one of them. - Your browser is set up to use HTTP/1.0 with proxies. For IE you find this setting under "Internet Options" -> "Advanced" -> "Use HTTP 1.1 through proxy connections". For Mozilla it is "network.http.proxy.version" -> "1.1" in "about:config". - You've set Proxomitron to send HTTP/1.0 requests: "Proxomitron" -> "Configure" -> "HTTP" -> "Send only HTTP/1.0 requests". ******************************************************************************* Config related ******************************************************************************* Q1: This page doesn't display correctly with your config. A1: Make sure that in Proxomitron's preferences -> Access -> "Disable URL-based Proxomitron commands" is *not* checked, as this config depends on them. In case you've customized your config: There should be a file "sidki_oob.ptron" in Proxomitron's directory, which is a copy of the out-of-box config, except that it doesn't scan your user IncludeExclude list. Load it, clear the cache, restart the browser, and see if the problem is still there. If so, it can usually be solved by adding that page to the user list "IncludeExclude-U". For instance, if you want to allow all scripts on this.site.com, the entry would look like: this.site.com/ $SET(0=a_js.) See "IncludeExclude.html" for a short description of all keywords. Above procedure is automated for the most common keywords. Open the Proxomitron menu, select "Allow" -> "All JavaScript", and hit the "List" button. Q2: Google pages are shown in English instead of my language. I want less than 100 search results per page. A2: Open "CookieValues.ptxt" with an editor and look for the "Google preferences" entry. It sends a faked cookie to Google that anonymizes your ID, among other things. On the last line of this entry, after ":CR=2", append ":LD=MY_LOCALE". "MY_LOCALE" would be "fr" for French, "de" for German, "es" for Spanish, "xx-bork" for extra-terrestrians, etc.. For e.g. 25 search results per page, replace "NR=100" with "NR=25". After above changes the cookie string could look like: PREF=ID=3003added0032123:FF=4:NR=25:CR=2:LD=de Do the same thing with the cookie strings in the "Google" section of IncludeExclude.ptxt. Q3: I don't want any HTTPS/SSL/secure sites to be filtered. A3: Select the "HTTP" tab in the preferences and uncheck "Use SSLeay/OpenSSL". Optionally remove "localhost:8080" (or similar) from the HTTPS/SSL/secure section in your browser's proxy settings. Do *not* enable "Use Half-SSL" in the upper part of the "Header Filters" window. Note that the off-by-default "Yahoo: Auto Login" webfilter is supposed to match on secure pages, so it will cease to work. Q4: I don't like the Proxomitron menu to be semi-transparent in Firefox and/or Internet Explorer. A4: Go to the "html\sidki_h_*\css\" subdirectory, open "proxcss-b-moz.css" and "proxcss-b-ie.css", and remove all lines containing the strings "opacity:" and "filter:". Save files, clear cache, and restart your browser. Q5: My bookmarklet doesn't work with your config. A5: Have a look at that bookmarklet and make sure that the name of the newly opened window starts with "prx_", like: window.open('foo.html','prx_bookmarklet') This prefix is acting as a bypass to prevent certain windows from being caught by the popup blocker. Q6: The Proxomitron menu / this "Alternate Layout" filter doesn't work with my Firefox. I already tried it with "sidki_oob.ptron" (FAQ -> Config related -> A1). A6: Some Firefox extensions (most notably ad-blocking ones) don't play nice with dynamic layout changes. Try again with a clean profile. You can create/switch profiles when starting Firefox with the "-ProfileManager" command-line switch. Q7: I don't see my browser's default icon on tabs anymore, how to get it back? A7: Open the "Header Filters" window and untick "Content-Type: 1a Kill Favicon Error Responses". Only downside when doing so is that your browser is making a few more unnecessary remote requests. Q8: I like to keep the count-down timer, news ticker, clock, etc. on mypage.com running beyond the default 10 seconds. I'm too lazy to push the "timer" button, or the frame is too small to show this button. A8: Either add "mypage.com/ $SET(0=i_timer:0.)" to your IncludeExclude-U list, or click on the page (or frame) within these first ~10 seconds, which bypasses setTimeout interception. ******************************************************************************* Technical ******************************************************************************* Q1: What exactly is the certificate used for in Proxomitron? A1: If you go to an https page, Proxomitron decrypts the page, filters it, and re-encrypts it using a certain key. This key is contained in its certificate, called "proxcert.pem". The browser in turn gets the re-encrypted page and asks again for proxcert.pem to be able to decrypt the page. Now that Prox has all the SSL responsibility, it needs to know which "real" certificates (the ones that belong to the https pages) are good and which are bad. For this purpose it uses a list of trusted certificate authorities - companies that issue certificates. This list is called "certs.pem". Q2: I get constant warnings about security certificates. A2: Usually, if you're visiting an encrypted page, the certificate's name needs to match the current domain, e.g. "secure-site.com". If you allow Proxomitron to filter secure pages (the default in my set), your browser always receives proxcert.pem instead of the site's certificate (see last question). proxcert.pem's "Issued To" name is "Proxomitron" and not "*.secure-site.com". Its "Issued By" name is "Proxomitron", too! At first your browser doesn't know a trusted authority called "Proxomitron" and aks you if you always want to trust it. Say yes! Now Internet Explorer is satisfied and keeps quiet, but Firefox and Opera will still warn you once per site that "Proxomitron" - although trusted - doesn't match "secure-site.com". This is inevitable (unless you activate the "Use Half-SSL" option in my set, see Config_Control.txt). Update: Recent Internet Explorer versions reportedly behave like Firefox and Opera, i.e. issue one warning per site. Note: Proxomitron's certificate expires after one year. You'll probably find a current proxcert.pem at: http://www.geocities.com/sidki3003/prox-ssl.html http://www.proxomitron.info/files/index.html Q3: What local ports are involved in the request/response chain? A3: Prox listens locally on port 8080 (by default), the browser sends its request from a low range random port to 8080, Prox opens a low range random port and sends the request to the outside world (usually remote port 80), the reply from the outside world is addressed to this same port, Prox sends the reply from port 8080 to the local port that the browser previously opened. Q4: $NEST() doesn't match this code. Why? A4: $NEST() and $INEST() are skipping quotes -- By design. Quoting Scott: A few smattered single quotes usually isn't always a problem for it actually. Mona's example as stated works. It only fails if you add an additional single quote at the end and it all appears on one line and the end tag is between the two (the line break was inserted by the mailer I think). In other words... 'something' works, and 'something stuff' works too but... 'something ' fails. because it looks like the closing tag's within a string. I wish I could think of a way to get it to work in all situations, but it's really six of one, half a dozen of the other. Originally I thought to only include quotes after an equal, but in JavaScript you also run into quotes after ( , . + and probably several others. I also tried just checking double quotes (they're less common in regular text and usually paired anyway), but while most JavaScripts use double quotes for strings, enough didn't that I still ran into frequent problems. *EOF*