From ArchWiki
Revision as of 18:36, 9 January 2012 by Bastorran (talk | contribs) (typo)
Jump to navigation Jump to search

This template has only maintenance purposes. For linking to local translations please use interlanguage links, see Help:i18n#Interlanguage links.

Local languages: Català – Dansk – English – Español – Esperanto – Hrvatski – Indonesia – Italiano – Lietuviškai – Magyar – Nederlands – Norsk Bokmål – Polski – Português – Slovenský – Česky – Ελληνικά – Български – Русский – Српски – Українська – עברית – العربية – ไทย – 日本語 – 正體中文 – 简体中文 – 한국어

External languages (all articles in these languages should be moved to the external wiki): Deutsch – Français – Română – Suomi – Svenska – Tiếng Việt – Türkçe – فارسی

Tango-view-fullscreen.pngThis article or section needs expansion.Tango-view-fullscreen.png

Reason: please use the first argument of the template to provide a brief explanation. (Discuss in Talk:Polipo#)

From Polipo's site:

"Polipo is a small and fast caching web proxy (a web cache, an HTTP proxy, a proxy server). While Polipo was designed to be used by one person or a small group of people, there is nothing that prevents it from being used by a larger group."

Unlike Squid, Polipo is very light on resources and simple to configure. This makes it ideal for single user systems and other uncomplicated setups. Do keep in mind; however, that this versatility comes at a cost; Polipo will increase its space usage without restriction as it is not aware of how big its disk cache grows. This perceived fault is by design, since omitting these sanity checks drastically reduces Polipo's memory usage and overall toll on the system. A practical way of restricting disk usage is by making Polipo run as its own user and employing disk quota.

The following covers installing and setting up Polipo.


Install Template:Package Official using pacman:

# pacman -S polipo

Alternatively, install the newer development branch polipo-git from the AUR instead.

Improving Polipo

Run Polipo as designated user

Polipo should run as an unpriviledged user. Such a user can either be created or reused:

# mkdir /var/cache/polipo
# groupadd -r polipo
# useradd -d /var/cache/polipo -g polipo -r -s /bin/false polipo

To make sure all files and folders are created before you start polipo as an a designated user. Start and stop the Polipo.

# /etc/rc.d/polipo start
# /etc/rc.d/polipo stop

While other daemons start as root and drop priviledges as soon as possible, polipo runs as the user that invoked it. If polipo is invoked from Template:Filename, change the invokation line from

[[ ! -d /var/run/$DAEMON ]] && install -d $DAEMON /var/run/$DAEMON
/usr/bin/$DAEMON $ARGS >/dev/null 2>&1


[[ ! -d /var/run/$DAEMON ]] && install -d $DAEMON --group=polipo --owner=polipo /var/run/$DAEMON
su -c "/usr/bin/$DAEMON $ARGS" -s /bin/sh polipo >/dev/null 2>&1

It is then also necessary to change ownership and/or permissions of several files and directories written by polipo:

# chown polipo:polipo /var/log/polipo
# chown -R polipo:polipo /var/run/polipo
# chown -R polipo:polipo /var/cache/polipo

Although a better choice is to create a directory Template:Filename owned by the designated user and set polipo's log file to Template:Filename via the logFile variable in the config file.

Starting the daemon

To start the Polipo daemon:

# /etc/rc.d/polipo start

Add it to Template:Filename to start it automatically at boot:

DAEMONS=(syslog-ng network netfs polipo crond)

Multiple instances

Polipo can also run without super user privileges. To do so, first copy Template:Filename to a suitable directory:

$ cp /etc/polipo/config.sample ~/.poliporc

Edit it so that it points at a writable location, instead of Template:Filename:

# Uncomment this if you want to put the on-disk cache in a
# non-standard location:
diskCacheRoot = "~/.polipo-cache/"

Create the cache directory:

$ mkdir ~/.polipo-cache

Finally, launch Polipo with the new configuration:

$ polipo -c ~/.poliporc


Management is mostly performed in Template:Filename. Most users can opt for using the sample configuration file, which is sufficient for most situations and well documented.

# cd /etc/polipo; cp config.sample config

One element of configuration that warrants mentioning is polipo's default behavior of blocking outbound connections by port. There are two variables in polipo's config file that control allowed outbound ports. allowedPorts specifies ports for outbound HTTP connections. It defaults to 80-100 and 1024-65535. tunnelAllowedPorts specifies ports polipo will allow tunnel traffic to as well as HTTPS traffic. By default it is much more restricted: "It defaults to allowing ssh, HTTP, https, rsync, IMAP, imaps, POP, pops, Jabber, CVS and Git traffic."

If you see a "403 Forbidden Port" error message from polipo when attempting to browse to a host:port, you need to configure polipo to accept traffic to more ports for either HTTP or HTTPS. To set them wide open, add the following to Template:Filename:

allowedPorts = 1-65535
tunnelAllowedPorts = 1-65535

Unlike other proxies, Polipo needs to be restarted after alterations.


Set the browser so that it uses localhost:8123 for proxying. Be sure to disable the browser's disk cache to avoid redundant IO operations and bad performance.


Note: According to the Polipo FAQ on "intercepting proxy" this is not possible/supported!
Note: this requires to run Polipo as its own user.

Instead of manually configuring each browser or other utilities that might benefit from Polipo's caching, one can also use iptables to route traffic through polipo.

After installing iptables, add the appropiate rules to Template:Filename:

-A OUTPUT -p tcp --dport 80 -m owner ! --uid-owner polipo -j ACCEPT
-A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8123

This routes HTTP traffic through Polipo. Remove all proxy settings from browsers, if any, and restart iptables.


Privoxy is a proxy useful for intercepting advertisement and other undesirables.

According to Polipo's developer, in order to get the privacy enhancements of Privoxy and much (but not all) of the performance of Polipo, one should place Polipo upstream of Privoxy.

In other words:

  • point the browser at Privoxy: localhost:8118
  • and direct Privoxy traffic to Polipo: forward / localhost:8123 in the Privoxy configuration file.


Tor is an anonymizing proxy network.

To use Polipo with Tor, uncomment or include the following in /etc/polipo/config:

socksParentProxy = localhost:9050
socksProxyType = socks5


DansGuardian is a web content filter. The only difference to using DansGuardian with Polipo (rather than squid or tinyproxy) is that in Template:Filename the proxyport needs to be set to polipo's 8123:

# the port DansGuardian connects to proxy on
proxyport = 8123

More resources