Privoxy: A Beginner’s Guide to Filtering Web Traffic

What is Privoxy?

Privoxy is a non-caching, filtering web proxy designed to improve privacy, modify web page data and HTTP headers, and block unwanted content such as ads, trackers, and pop-ups. It sits between your browser and the internet, inspecting and optionally modifying requests and responses without storing the content it processes.

Why use Privoxy?

• Privacy: Blocks many common trackers and removes identifying headers.
• Ad and content filtering: Removes or hides ads, pop-ups, and other unwanted elements.
• Customizable: Uses flexible configuration files and user scripts to tailor filtering rules.
• Lightweight and local: Runs on your machine or a local server, giving you control without relying on third-party services.

How Privoxy works — basics

Privoxy listens on a local TCP port (commonly 8118) and accepts HTTP requests from your browser. When a request arrives it:

1. Matches the request/response against filter lists and actions.
2. Applies transformations (remove HTML elements, modify headers, redirect).
3. Forwards the modified request to the destination server and returns the (possibly modified) response to the browser.

Privoxy can operate as a forward proxy for individual clients or as a gateway for a local network.

Installing Privoxy

(Instructions assume a typical Linux environment; Privoxy is also available for Windows and macOS.)

1. On Debian/Ubuntu:
   sudo apt updatesudo apt install privoxy

2. On Fedora/RHEL:
   sudo dnf install privoxy

3. On macOS (Homebrew):
   brew install privoxy

4. On Windows: download the installer from the official project page and run it.

After installation, Privoxy runs as a service and listens by default on 127.0.0.1:8118.

Basic configuration

Primary configuration files:

• config — main settings (listen address, port, logging, etc.).
• default.action — action rules controlling what to block or allow.
• default.filter — text/HTML filters used to remove or modify page content.
• user.action and user.filter — place your custom rules here (preferred to avoid overwriting on upgrade).

Key settings to check in config:

• listen-address 127.0.0.1:8118
• toggle 1 (allow runtime toggling)
• enable-remote-toggle 0 (disable remote toggling for security)
• enable-remote-http-toggle 0
• logdir /var/log/privoxy (or another writable directory)

Restart the Privoxy service after changes:

• systemd: sudo systemctl restart privoxy
• Windows: restart the Privoxy service via Services.

Pointing your browser to Privoxy

Configure your browser’s HTTP proxy to 127.0.0.1 and port 8118. For HTTPS traffic, Privoxy can filter only the outer HTTP CONNECT request (it cannot inspect encrypted contents unless used with a man-in-the-middle TLS proxy). For many users, combining Privoxy with a local SOCKS proxy (e.g., Tor) is common: point Privoxy to the SOCKS proxy so Privoxy handles filtering while the SOCKS proxy routes traffic.

Example: Firefox proxy settings — Manual proxy configuration → HTTP Proxy: 127.0.0.1 Port: 8118, and check “Use this proxy server for all protocols” if desired.

Basic filtering rules examples

• Block ads on specific domains: In user.action:
  { +block{Blocked by user} }.ads.example.com

• Remove inline tracking images: In user.filter:
  FILTER: remove-tracker-imgss#]+tracker[^>]*>##gi

• Strip identifying headers (in config):
  hide-user-agent 1remove-server-header 1

Use the action and filter syntax carefully; test changes and keep backups.

Combining Privoxy with Tor

A common setup is Tor (SOCKS5) → Privoxy → Browser, or Browser → Privoxy → Tor depending on routing. Typical configuration: Tor listens on 9050 (SOCKS); configure Privoxy’s forward-socks5t to point to 127.0.0.1:9050 so Privoxy forwards filtered requests through Tor. This keeps filtering local while anonymizing traffic.

Monitoring and debugging

• Privoxy logs: check access and error logs (logdir).
• Use the built-in web interface: http://config.privoxy.org/ (or http://127.0.0.1:8118/ for local status pages) to view current rules, toggle actions, and test filters.
• Test with a simple curl through the proxy:
  curl -x http://127.0.0.1:8118 http://example.com

Common pitfalls and limitations

• Cannot decrypt HTTPS content — only headers and CONNECT can be modified unless used with an SSL-intercepting proxy.
• Aggressive filters can break site functionality; use user.action/user.filter to whitelist broken sites.
• Running Privoxy as root or exposing it to untrusted networks without restricting listen-address is unsafe.

Example quick-start user.action snippet

Place in user.action:

# Block obvious ad domains{ +block{Ads blocked} }ads.*doubleclick.net

 
Allow example.com for compatibility{ -block }.example.com

Further customization

• Import community blocklists and convert them into action rules.
• Write custom filters using regular expressions for complex HTML rewriting.
• Use toggles to enable/disable groups of rules at runtime.

Conclusion

Privoxy is a powerful, local filtering proxy that enhances privacy and removes unwanted content while remaining highly configurable. Start with conservative rules, test site compatibility, and move custom rules to user.action and user.filter so upgrades don’t overwrite your settings.