Safari and proxies

Anyone have any idea what Safari 7.0.1 fucked up in its proxy implementation, or what I can do to work around it?

I use Privoxy for ad-blocking, and since upgrading to OSX 10.9, Safari seems to fail to connect to the proxy server 10% or 15% of the time, giving me broken images and whatnot. I believe it's not a problem with Privoxy itself -- I've tested that under load. It seems like Safari itself just sometimes decides to throw up a "proxy not responding" error before even attempting to connect to the proxy server. Not a timeout, it's fast.

I'm open to switching to a different ad blocker, but "Adblock Plus" doesn't exist for Safari, and the other one, confusingly and possibly sleazily called just "Adblock", doesn't block Youtube video ads, so that's a non-starter.

No, I don't want to switch to Firefox, Opera or Chrome.


Update: I figured it out! Turns out I hadn't merged the privoxy config file in a while and there were some new entries that needed to be set because the defaults make it fail, particularly, the problem goes away when I am no longer missing the default entry keep-alive-timeout 5.

Not entirely clear why this problem manifested itself with Safari and not Firefox, but this seems to fix it.

Tags: , , ,

21 Responses:

  1. Valued Customer says:

    Sounds like ABP for Safari is due Real Soon Now, and brave souls can try a pre-release: https://adblockplus.org/forum/viewtopic.php?f=4&t=7741&start=45#p87946

  2. tftio says:

    I use a thing called GlimmerBlocker; pros: it's a system level proxy, so you don't have to ever look at ads in e.g. your RSS reader; configuration is via a control panel and not some asinine text-file DSL non-sense; it's built on top of Rhino, so you can manipulate requests via JavaScript. Cons: it's configured through a control panel so your configuration isn't humanly accessible; it's built on top of a Rhino, so, Java.

    http://glimmerblocker.org

  3. TLDR says:

    Adblock Plus has problems filtering YouTube pre-roll in its Webkit compatible releases. Even if a build were available I have my doubts it would be ready for your needs.

    (Eagerly awaiting a driveby "but JWZ, my preferred non-Safari browser on a completely different platform works on my device - Just check the hidden config boxes from a new tab! Plus, here's a useless hyperlink I haven't read, but it's totally the in the top 3 results from a search!")

  4. Al says:

    Have you tried it in Firefox?

  5. Kevin Lyda says:

    I'm a terrible, awful person, but I just can't resist this:

    M-x w3

    I'll get my hat.

  6. parx says:

    I have no OS X, but have you tried increasing the max-client-connections parameter for Privoxy (and the resource limits, if necessary)? I vaguely recall having had a similar issue some time back with Squid after an Opera update where the latter stopped closing connections immediately leading them to pile up (with correspondingly huge netstat output). Allowing more connections solved it, I think. However, if that doesn't solve it for you, you need to give more info on how reliably you've established that Safari is in fact the culprit. Unless you can positively see in a packet dump that Safari issues fewer connection attempts than there are resources in a web page, ruling out Privoxy entirely as the source of error seems somewhat premature.

    • jwz says:

      Well, I wrote a script that used wget to load the same page through Privoxy 100 times in parallel, 100 times in a row, and it got the same bits every single time. So I don't think it's Privoxy.

  7. someguy says:

    1. Assuming you've done packet captures... is Safari doing ANY requests to Privoxy before it pops up its oh-so-unhelpful error? Maybe Privoxy is returning some sort of fatal error code that Safari interprets as unresponsive.

    2. If no packet captures: get some; if SSL is involved mitmproxy may be of use (haven't tried it personally, but seemed to be the best bet from a quick search); goto 1.

  8. Stefan Bethke says:

    Keep-alive?

    Note that a timeout of five seconds as used in the default configuration file significantly decreases the number of connections that will be reused. The value is used because some browsers limit the number of connections they open to a single host and apply the same limit to proxies. This can result in a single website "grabbing" all the connections the browser allows, which means connections to other websites can't be opened until the connections currently in use time out.

  9. jm says:

    No quite the same thing, but I've been using dnsmasq to redirect a large list of ad/tracking domains into a firewall reject. Happy with the results. Has the advantage that it works for phones and tablets.

  10. Jin says:

    Just wondering if you found the source of your problem? Your post inspired me to look into Privoxy for myself, and I have not run into any connection problems for over a week of use. 10.9.1, version 3.0.21 installed through HomeBrew.

    • jwz says:

      No, still don't understand WTF is going on. Sigh. Also on 10.9.1 3.0.21 though via MacPorts.

      • Jin says:

        Out of curiosity, did you configure Privoxy to require authentication? If so, there are reports of people having problems in Mavericks with Keychain issues and system proxy authentication. You may wish to take a look at these threads to see if any of it applies to you: https://discussions.apple.com/message/23846247#23846247
        http://stackoverflow.com/questions/19575183/system-proxy-not-working-on-os-x-mavericks

        • jwz says:

          Nope, no auth, since I use it only locally.

          • Jin says:

            Looked around a little more. Most of the internet carping on 10.9 is about the Keychain/proxy auth issue. There are some not-very-detailed reports of general proxy problems. Only thing I could find that sounds remotely relevant is that if you had your Privoxy installation from before the upgrade to 10.9, depending on how it is being started up, you may be having a problem where the upgrade deleted the daemon user _privoxy: http://sourceforge.net/tracker/index.php?func=detail&aid=3615164&group_id=11118&atid=211118

            But if you were having that problem, it would be failing for you 100% of the time because it wouldn't be running. Maybe it's dying on you and being restarted, causing blips; does the PID stay the same? How are you running it? I cribbed the LaunchDaemons file from the binary installer, but removed the daemon user and group setting fields so it runs as root.

            (By the way... would you happen to know the action for removing YouTube preroll ads?)

            • jwz says:

              (By the way... would you happen to know the action for removing YouTube preroll ads?)

              Not sure offhand, but I don't see those ads... Possibly it's one of these:

              +block
              .youtube.com/ptracking
              .youtube.com/annotations_invideo
              ytimg.com/.*watch_background
              ytimg.com/.*_banner
              ytimg.com/yt/swfbin/ad
              ytimg.com/.*/inhouse_ads/
              gstatic.com/csi