*******************************************************************************
Frequently asked Questions -- Last updated: December 1, 2007
*******************************************************************************

This is a collection of questions - about Proxomitron, the way it works, and my
config - which are either common or likely to appear more often.
I'll update this file when new questions appear and as time permits.

Contents:

  General
  Config related
  Technical


*******************************************************************************
General
*******************************************************************************

Q1:  I have a question that isn't covered here, what to do?

A1:  Check out the help files that come with the program.  They are written in
     an easy to understand language and cover most general questions that could
     come up.

     If that didn't help, post your question in one of the Proxomitron
     discussion groups.  (Those that i frequently visit are listed in the
     "Links" section of my Prox web page.)

     People are very helpful there, but what they need to know in case of a
     problem is where it appears (e.g. http://mysite.com/index.asp?foo), which
     browser and filters you are using, and what is going wrong - as exact as
     possible, like: "Usually i see an image lower right, but with Proxomitron
     active it isn't there anymore."


Q2:  I got an advice for my problem, but it's still there.

A2:  Clear your browser's cache, restart the browser and reload the page.


Q3:  How do i uninstall Proxomitron?

A3:  No "uninstallation" is needed.  Just go to your browser's proxy settings
     and change them to what they where before you "installed" Proxomitron.
     Which would be one of "direct connection", "use proxy" unchecked, or a
     remote proxy instead of "localhost:8080".

     See the "Installation and Eradication" chapter in the help files for
     further details.


Q4:  This filter doesn't work with my browser's ad blocker plugin.

A4:  Ad-blocking plugins filter the data stream after it has been processed by
     Proxomitron.  So for instance, if an ad, Flash, etc. is supposed to show
     up on click from the Prox point of view, it may still be blocked by the
     plugin.  As i see it, there is zero need for such plugins while using
     Prox.


Q5:  I get a Proxomitron warning about wrong SSL certificates for mozilla.org
     and zonelabs.com.  What's up here, and how can i fix it?

A5:  For some time Mozilla.org used a certificate with a
     "(addons|aus|...).mozilla.org" regular expression in the "commonName" (CN)
     field, which Proxomitron apparently didn't understand.  The current
     certificate uses "*.mozilla.org", which Proxomitron does understand.

     cm2.zonelabs.com uses a self-signed, hence invalid certificate.

     To get around both, Proxomitron's warning about the Zonelabs certificate,
     and Mozilla's warning about Proxomitron's (naturally self-signed)
     certificate while checking for updates, you can add these entries to the
     general bypass list:

     (addons(.update|)|aus|update).mozilla.org:
     cm2.zonelabs.com:

     Note that the Zonelabs hostname is followed by a colon instead of a slash,
     because Proxomitron "sees" all HTTPS URLs internally with a port number
     (usually 443), even if they don't appear like that in the browser's
     address bar.


Q6:  Webpages load slow or sluggish. This is not config dependent, and it
     doesn't happen if i bypass Proxomitron.  I'm using an NT based Windows OS.

A6:  Open the registry editor and go to:
     HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

     Make sure that the DWORD value "SynAttackProtect" either isn't present or
     is *not* set to "2" (best protection).  The two other possible numbers in
     the data field are "0" (default - typical protection) and "1" (better
     protection).


Q7:  I can't get persistent connections to work.  I almost never get gzip'ed
     documents.  My browser doesn't cache as much as it is supposed to do.

A7:  This happens if the HTTP connection requests don't leave your machine as
     HTTP/1.1 but as HTTP/1.0.  Some external or LAN proxies/routers require
     the old protocol, but that's rare nowadays.

     You can test that by opening Proxomitron's log window before loading a
     page.  The server's response should look like e.g. "HTTP/1.1 200 OK".

     If you see "HTTP/1.0" instead, there may be several reasons:
     - Your software firewall doesn't support HTTP/1.1, NIS is apparently one
       of them.
     - Your browser is set up to use HTTP/1.0 with proxies.
       For IE you find this setting under "Internet Options" -> "Advanced" ->
       "Use HTTP 1.1 through proxy connections".
       For Mozilla it is "network.http.proxy.version" -> "1.1" in
       "about:config".
     - You've set Proxomitron to send HTTP/1.0 requests: "Proxomitron" ->
       "Configure" -> "HTTP" -> "Send only HTTP/1.0 requests".


*******************************************************************************
Config related
*******************************************************************************

Q1:  This page doesn't display correctly with your config.

A1:  Make sure that in Proxomitron's preferences -> Access -> "Disable
     URL-based Proxomitron commands" is *not* checked, as this config depends
     on them.

     In case you've customized your config:  There should be a file
     "sidki_oob.ptron" in Proxomitron's directory, which is a copy of the
     out-of-box config, except that it doesn't scan your user IncludeExclude
     list.  Load it, clear the cache, restart the browser, and see if the
     problem is still there.

     If so, it can usually be solved by adding that page to the user list
     "IncludeExclude-U".  For instance, if you want to allow all scripts on
     this.site.com, the entry would look like:
     this.site.com/	$SET(0=a_js.)
     See "IncludeExclude.html" for a short description of all keywords.

     Above procedure is automated for the most common keywords.  Open the
     Proxomitron menu, select "Allow" -> "All JavaScript", and hit the "List"
     button.


Q2:  Google pages are shown in English instead of my language.  I want less
     than 100 search results per page.

A2:  Open "CookieValues.ptxt" with an editor and look for the "Google
     preferences" entry.  It sends a faked cookie to Google that anonymizes
     your ID, among other things.

     On the last line of this entry, after ":CR=2", append ":LD=MY_LOCALE".
     "MY_LOCALE" would be "fr" for French, "de" for German, "es" for Spanish,
     "xx-bork" for extra-terrestrians, etc..

     For e.g. 25 search results per page, replace "NR=100" with "NR=25".

     After above changes the cookie string could look like:
     PREF=ID=3003added0032123:FF=4:NR=25:CR=2:LD=de

     Do the same thing with the cookie strings in the "Google" section of
     IncludeExclude.ptxt.


Q3:  I don't want any HTTPS/SSL/secure sites to be filtered.

A3:  Select the "HTTP" tab in the preferences and uncheck "Use SSLeay/OpenSSL".
     Optionally remove "localhost:8080" (or similar) from the HTTPS/SSL/secure
     section in your browser's proxy settings.  Do *not* enable "Use Half-SSL"
     in the upper part of the "Header Filters" window.

     Note that the off-by-default "Yahoo: Auto Login" webfilter is supposed to
     match on secure pages, so it will cease to work.
     

Q4:  I don't like the Proxomitron menu to be semi-transparent in Firefox and/or
     Internet Explorer.

A4:  Go to the "html\sidki_h_*\css\" subdirectory, open "proxcss-b-moz.css" and
     "proxcss-b-ie.css", and remove all lines containing the strings "opacity:"
     and "filter:".  Save files, clear cache, and restart your browser.


Q5:  My bookmarklet doesn't work with your config.

A5:  Have a look at that bookmarklet and make sure that the name of the newly
     opened window starts with "prx_", like:
     window.open('foo.html','prx_bookmarklet') 

     This prefix is acting as a bypass to prevent certain windows from being
     caught by the popup blocker.


Q6:  The Proxomitron menu / this "Alternate Layout" filter doesn't work with my
     Firefox.  I already tried it with "sidki_oob.ptron" (FAQ -> Config related
     -> A1).

A6:  Some Firefox extensions (most notably ad-blocking ones) don't play nice
     with dynamic layout changes.  Try again with a clean profile.  You can
     create/switch profiles when starting Firefox with the "-ProfileManager"
     command-line switch.


Q7:  I don't see my browser's default icon on tabs anymore, how to get it back?

A7:  Open the "Header Filters" window and untick "Content-Type: 1a Kill Favicon
     Error Responses". Only downside when doing so is that your browser is
     making a few more unnecessary remote requests.


Q8:  I like to keep the count-down timer, news ticker, clock, etc. on
     mypage.com running beyond the default 10 seconds.  I'm too lazy to push
     the "timer" button, or the frame is too small to show this button.

A8:  Either add "mypage.com/ $SET(0=i_timer:0.)" to your IncludeExclude-U list,
     or click on the page (or frame) within these first ~10 seconds, which
     bypasses setTimeout interception. 


*******************************************************************************
Technical
*******************************************************************************

Q1:  What exactly is the certificate used for in Proxomitron?

A1:  If you go to an https page, Proxomitron decrypts the page, filters it, and
     re-encrypts it using a certain key.  This key is contained in its
     certificate, called "proxcert.pem".  The browser in turn gets the
     re-encrypted page and asks again for proxcert.pem to be able to decrypt
     the page.

     Now that Prox has all the SSL responsibility, it needs to know which
     "real" certificates (the ones that belong to the https pages) are good and
     which are bad.  For this purpose it uses a list of trusted certificate
     authorities - companies that issue certificates.  This list is called
     "certs.pem".


Q2:  I get constant warnings about security certificates.

A2:  Usually, if you're visiting an encrypted page, the certificate's name
     needs to match the current domain, e.g. "secure-site.com".  If you allow
     Proxomitron to filter secure pages (the default in my set), your browser
     always receives proxcert.pem instead of the site's certificate (see last
     question).  proxcert.pem's "Issued To" name is "Proxomitron" and not
     "*.secure-site.com".

     Its "Issued By" name is "Proxomitron", too!  At first your browser doesn't
     know a trusted authority called "Proxomitron" and aks you if you always
     want to trust it.  Say yes!

     Now Internet Explorer is satisfied and keeps quiet, but Firefox and Opera
     will still warn you once per site that "Proxomitron" - although trusted -
     doesn't match "secure-site.com".  This is inevitable (unless you activate
     the "Use Half-SSL" option in my set, see Config_Control.txt).

     Update: Recent Internet Explorer versions reportedly behave like Firefox
     and Opera, i.e. issue one warning per site.

     Note: Proxomitron's certificate expires after one year.  You'll probably
     find a current proxcert.pem at:
     	http://www.geocities.com/sidki3003/prox-ssl.html
     	http://www.proxomitron.info/files/index.html


Q3:  What local ports are involved in the request/response chain?

A3:  Prox listens locally on port 8080 (by default), the browser sends its
     request from a low range random port to 8080, Prox opens a low range
     random port and sends the request to the outside world (usually remote
     port 80), the reply from the outside world is addressed to this same port,
     Prox sends the reply from port 8080 to the local port that the browser
     previously opened.


Q4:  $NEST() doesn't match this code.  Why?

A4:  $NEST() and $INEST() are skipping quotes -- By design.

     Quoting Scott:
     A few smattered single quotes usually isn't always a problem for it
     actually.  Mona's example as stated works.  It only fails if you add an
     additional single quote at the end and it all appears on one line and the
     end tag is between the two (the line break was inserted by the mailer I
     think).  In other words...

     <a ...> 'something' </a> works, and
     <a ...> 'something  </a>
     stuff' works too but...

     <a ...> 'something  </a>' fails.

     because it looks like the closing tag's within a string.  I wish I could
     think of a way to get it to work in all situations, but it's really six of
     one, half a dozen of the other.  Originally I thought to only include
     quotes after an equal, but in JavaScript you also run into quotes after
     ( , . +  and probably several others.  I also tried just checking double
     quotes (they're less common in regular text and usually paired anyway),
     but while most JavaScripts use double quotes for strings, enough didn't
     that I still ran into frequent problems.


*EOF*
