Privaxy only binds to 127.0.0.1

[chrisbensch]

I know this is currently on purpose, however, many of us would like to use this in our home environments. I've built a docker container with privaxy, but it doesn't work correctly with your restriction. Please remove this restriction.

[aequis]

You can change the line

privaxy/privaxy/src/server/main.rs

Line 38 in 1f6f968

let ip = [127, 0, 0, 1];

to 0.0.0.0, then build the backend again and it should work inside the docker container. At least until the developer adds a way to configure the IP address.

[gcormier]

I've changed line 38 to be 0.0.0.0, but now I get this upon startup.

thread 'main' panicked at 'no CA certificates found', /home/runner/.cargo/registry/src/github.com-1ecc6299db9ec823/hyper-rustls-0.23.1/src/config.rs:48:9

Did either of you run into this issue?

EDIT : Fork supports docker https://github.com/deetungsten/webui-privaxy

[mzy2240]

Any updates on this?

[andrioid]

I've been planning to install it on my ARM based router, so that house hold members can opt in for some adblocking. No rush though.

[Barre]

I previously didn't want to include configuration for this as it would also mean adding a setting to expose the web GUI which would have been a pretty major security risk as there was no authentication on the gui.

Since a few releases, the web GUI is now a desktop app and the "no_gui" binary has no GUI (though, privaxy is still configurable through editing ~/.privaxy/config) which makes it ok to build this.

I'll implement configuration for this soon.

[psycoxer]

Any updates on this?
I've built the NOGUI version while changing the IP to 0.0.0.0 in the source and run it from the local server. It does "work" as intended while connecting from other devices with the CA cert installed (found in config file), but with a few caveats:

1. Much slower than running locally (Tested with full gigabit ethernet , so network speed is not the bottleneck)
2. Need to constantly restart browsers (Some sites don't load at all with unknown cert error, but suddenly work fine upon restarting the browser (tested on chrome and firefox, from debian and windows) ) {problem persists even after rebooting}
3. It does not like android apps at all 😢 (with certificates installed) {Even tested with WSA running local proxy, no luck}
4. No official docker image

Are there any fixes to these problems? Anything planned?

[r0ckyjoe]

Any updates on this?

I've built the NOGUI version while changing the IP to 0.0.0.0 in the source and run it from the local server. It does "work" as intended while connecting from other devices with the CA cert installed (found in config file), but with a few caveats:

1. Much slower than running locally (Tested with full gigabit ethernet , so network speed is not the bottleneck)

2. Need to constantly restart browsers (Some sites don't load at all with unknown cert error, but suddenly work fine upon restarting the browser (tested on chrome and firefox, from debian and windows) ) {problem persists even after rebooting}

3. It does not like android apps at all 😢 (with certificates installed) {Even tested with WSA running local proxy, no luck}

4. No official docker image

Are there any fixes to these problems? Anything planned?

I am also interested in knowing more on this issue. Anybody's experiencing the same behavior?

[tjames192]

just to add, i am also looking forward to a release where binding privaxy to 0.0.0.0 is possible through a config file.
as a brand new user to privaxy and wanting network wide blocking, i just hex edited the windows privaxy.exe.
in your favorite hex editor find 7f 00 00 01
change
7f 00 00 01
to
00 00 00 00

[sheckandar]

just to add, i am also looking forward to a release where binding privaxy to 0.0.0.0 is possible through a config file. as a brand new user to privaxy and wanting network wide blocking, i just hex edited the windows privaxy.exe. in your favorite hex editor find 7f 00 00 01 change 7f 00 00 01 to 00 00 00 00

Thanks @tjames192

That worked beautifully.

This is, of course, a standard feature for all apps I've ever used.

I should be able to select interfaces or IP addresses I want the app to listen on.

[Wyk72]

I have a workaround for this, a bit ugly but works:

• run privaxy on any linux machine without interface, it will bind to 127.0.0.1:8100 as usual (.pem certs in .privaxy/config)

• download FRP (fast reverse proxy) here on github

• on your linux router (i.e. OpenWRT) or a Linux machine run the frps server, IP 192.168.1.1 in this example:

./frps -p 8100

• assuming your "network-wide" machine is 192.168.1.1 on the privaxy machine run something like

" ./frpc tcp -l 8100 -n privaxy -r 9100 -s 192.168.1.1 -P 8100"

Just point any machine in your network with "192.168.1.1:9100" as a filtering-https-proxy

I do this on my OpenWRT router (x86-64 based) with privaxy running into a small LXC container and works like a charm.

You can also do it easily in a Windows machine/virtual machine/whatever, but frpc/frps are difficult to use on windows because the dumb-as-fck defender antivirus keeps on deleting frpc/frps binaries.

I can hack the iptables of the main OpenWRT router to act as a full transparent proxy, I'll try that later today.

[klingon888]

I have a workaround for this, a bit ugly but works:

WOW.. this actually works! Thank you for the workaround. Response times are good too. I'm now able to use privoxy network-wide.

I can hack the iptables of the main OpenWRT router to act as a full transparent proxy, I'll try that later today.

Interested in any progress on this as i'm also using Openwrt. TQ.

[chrisbensch]

Many of us have switched to this repo https://github.com/deetungsten/webui-privaxy . Allows any IP and also retains the webui instead of being forced to use the app.

[Wyk72]

Yes, but you need docker to run it.

[candybars2021]

I really am still waiting for the day this will be implemented. On windows, I am unable to connect from other devices, it remains a proxy for itself only

[chrisbensch]

https://github.com/deetungsten/webui-privaxy This is a solid alternative I've been using for a little while. Built from an older version of Privaxy that doesn't require a desktop app, retains the webui, and is dockerized.

…

On Sat, May 18, 2024 at 12:02 PM candybars2021 ***@***.***> wrote: I really am still waiting for the day this will be implemented. On windows, I am unable to connect from other devices, it remains a proxy for itself only — Reply to this email directly, view it on GitHub <#13 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABHYPPAXACPZGGBYYJH7MP3ZC6QUHAVCNFSM5WQF6J5KU5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TEMJRHA4TOMRTGE2A> . You are receiving this because you authored the thread.Message ID: ***@***.***>

[candybars2021]

I previously didn't want to include configuration for this as it would also mean adding a setting to expose the web GUI which would have been a pretty major security risk as there was no authentication on the gui.

Since a few releases, the web GUI is now a desktop app and the "no_gui" binary has no GUI (though, privaxy is still configurable through editing ~/.privaxy/config) which makes it ok to build this.

I'll implement configuration for this soon.

Any change of this promise being fulfilled if not "very soon" then after a year +++? Would save me a lot of previous wasted time and would be greatly appreciated

[Wyk72]

Any change of this promise being fulfilled if not "very soon" then after a year +++? Would save me a lot of previous wasted time and would be greatly appreciated

Be nice with developers of FREE software or hire/pay someone to solve your problems, if you can't do it yourself.
Your attitude is the worst.