@<img $5 $7 src=$1http://config.privoxy.org/send-banner?type=auto$1 border="0" title=$1Killed $4 by link to $2$1>@sigx
# Rare case w/o explicit dimensions:
#
s@<a\s+href\s*=\s*(['"]?)([^>\1\s]*?(?:adclick|atwola\.com/(?:link|redir)|doubleclick\.net/jump/|tracker|counter|adlog\.pl)[^>\1\s]*)\1[^>]*>\s*<img\s+(?:src\s*=\s*(['"]?)([^>\\\3\s]+)\3)?[^>]*>@<img src=$1http://config.privoxy.org/send-banner?type=auto$1 border="0" title=$1Killed $4 by link to $2$1>@sig
# (Note: Middlesex, Sussex and Essex are counties in the UK, not rude words)
# (Note #2: Is 'sex' a rude word?!)
s%^.*(?<!middle)(?<!sus)(?<!es)sex.*$%<html><head><title>Blocked</title></head><body><h3>Blocked due to possible adult content. Please see <a href="http://dmoz.org/Kids_and_Teens/">this site</a>.</h3></body></html>%is
s+^.*warez.*$+<html><head><title>No Warez</title></head><body><h3>You're not searching for illegal stuff, are you?</h3></body></html>+is
FILTER: ie-exploits Disable some known Internet Explorer bug exploits
# Note: This is basically a demo and waits for someone more interested in IE
# security (sic!) to take over.
# Cross-site-scripting:
#
s%f\("javascript:location.replace\('mk:@MSITStore:C:'\)"\);%alert\("This page looks like it tries to use a vulnerability described here:\n http://online.securityfocus.com/archive/1/298748/2002-11-02/2002-11-08/2"\);%siU
# Address bar spoofing (http://www.secunia.com/advisories/10395/):
s%<script language="JavaScript">(window\.open|1;''\.concat)\("readme\.eml", null, "resizable=no,top=6000,left=6000"\)</script>%<br><font size="7"> WARNING: This Server is infected with <a href="http://www.cert.org/advisories/CA-2001-26.html">Nimda</a>!</font>%g