Polipo does by default allow tunnelled connections (see Tunnelling connections), however sometimes it is desirable to block connections selectively.
Because polipo does only pass through tunnelled connections filtering is possible based on hostname and port information only. Filtering based on protocol specific types of information like pathname is not possible.
Obviously the web browser (and other software) must be configured to use polipo as tunneling proxy for this to work. The tunnelled traffic is neither touched nor inspected in any way by polipo, thus encryption, certification and all other security and integrity guarantees implemented in the browser are not in any way affected.
The file pointed at by the variable
forbiddenTunnelsFile (defaults to
~/.polipo-forbiddenTunnels or /etc/polipo/forbiddenTunnels,
whichever exists) specifies the set of tunnel specifications that should
Every line in a file listing forbidden Tunnels can either be a domain name — a string that doesn't contain any of ‘/’, ‘*’ or ‘\’ —, or a POSIX extended regular expression. Blank lines are ignored, as are those that start with a hash sign ‘#’.
Entries in the form of regular expressions will be matched against
tunnel reqeusts of the form
Tunnelled and blocked connections will be logged if the configuration variable
logLevel is set to a value such that
((logLevel & 0x80) !=0)
# simple case, exact match of hostnames www.massfuel.com # match hostname against regexp \.hitbox\. # match hostname and port against regexp # this will block tunnels to example.com but also www.example.com # for ports in the range 600-999 # Also watch for effects of 'tunnelAllowedPorts' example.com\:[6-9][0-9][0-9] # random examples \.liveperson\. \.atdmt\.com .*doubleclick\.net .*webtrekk\.de ^count\..* .*\.offerstrategy\.com .*\.ivwbox\.de .*adwords.* .*\.sitestat\.com \.xiti\.com webtrekk\..*