From 9d23b731d400fecfa6c98841d4f51229cecd8781 Mon Sep 17 00:00:00 2001
From: zzz <zzz@i2pmail.org>
Date: Thu, 8 Sep 2022 09:25:01 -0400
Subject: [PATCH] i2ptunnel: Add details on the services provided by the HTTP
 client/server proxy tunnels

other minor updates
---
 i2p2www/pages/site/docs/api/i2ptunnel.html | 105 +++++++++++++++++++--
 1 file changed, 96 insertions(+), 9 deletions(-)

diff --git a/i2p2www/pages/site/docs/api/i2ptunnel.html b/i2p2www/pages/site/docs/api/i2ptunnel.html
index c8a815270..504eaf9ee 100644
--- a/i2p2www/pages/site/docs/api/i2ptunnel.html
+++ b/i2p2www/pages/site/docs/api/i2ptunnel.html
@@ -1,7 +1,7 @@
 {% extends "global/layout.html" %}
 {% block title %}I2PTunnel{% endblock %}
-{% block lastupdated %}January 2016{% endblock %}
-{% block accuratefor %}0.9.24{% endblock %}
+{% block lastupdated %}2022-09{% endblock %}
+{% block accuratefor %}1.9.0{% endblock %}
 {% block content %}
 
 <h2 id="overview">{% trans %}Overview{% endtrans %}</h2>
@@ -35,10 +35,9 @@ A HTTP proxy used for browsing I2P and the regular internet anonymously through
 Browsing internet through I2P uses a random proxy specified by the "Outproxies:" option.
 {%- endtrans %}</li>
 <li><b>Irc2P</b> - <i>localhost:6668</i> - {% trans %}An IRC tunnel to the default anonymous IRC network, Irc2P.{% endtrans %}</li>
-<li><b>mtn.i2p2.i2p</b> - <i>localhost:8998</i> - {% trans monotone='http://en.wikipedia.org/wiki/Monotone_%28software%29' -%}
-The anonymous <a href="{{ monotone }}">monotone</a>
-sourcecode repository for I2P
-{%- endtrans %}</li>
+<li><b>gitssh.idk.i2p</b> - <i>localhost:7670</i> -
+SSH access to the project Git repository
+</li>
 <li><b>smtp.postman.i2p</b> - <i>localhost:7659</i> - {% trans postman=i2pconv('hq.postman.i2p') -%}
 A SMTP service provided by postman at <a href="http://{{ postman }}/?page_id=16">{{ postman }}</a>
 {%- endtrans %}</li>
@@ -73,6 +72,50 @@ in a HTTP request. Supports proxying onto internet if an outproxy is provided. S
 <li><b>From:</b></li>
 </ul>
 
+<p>
+The HTTP client proxy provides a number of services to protect the user
+and to provide a better user experience.
+</p>
+
+<ul><li>Request header processing:
+<ul><li>Strip privacy-problematic headers
+<li>Routing to local or remote outproxy
+<li>Outproxy selection, caching, and reachability tracking
+<li>Hostname to destination lookups
+<li>Host header replacement to b32
+<li>Add header to indicate support for transparent decompression
+<li>Force connection: close
+<li>RFC-compliant proxy support
+<li>RFC-compliant hop-by-hop header processing and stripping
+<li>Optional digest and basic username/password authentication
+<li>Optional outproxy digest and basic username/password authentication
+<li>Buffering of all headers before passing through for efficiency
+<li>Jump server links
+<li>Jump response processing and forms (address helper)
+<li>Blinded b32 processing and credential forms
+<li>Supports standard HTTP and HTTPS (CONNECT) requests
+</ul>
+
+<li>Response header processing:
+<ul><li>Check for whether to decompress response
+<li>Force connection: close
+<li>RFC-compliant hop-by-hop header processing and stripping
+<li>Buffering of all headers before passing through for efficiency
+</ul>
+
+<li>HTTP error responses:
+<ul><li>For many common and not-so-common errors, so the user knows what happened
+<li>Over 20 unique translated, styled, and formatted error pages for various errors
+<li>Internal web server to serve forms, CSS, images, and errors
+</ul>
+
+<li>Transparent response decompression:
+<ul><li>If the server-side HTTP proxy compressed the response,
+the HTTP client proxy transparently decompresses it.
+</ul>
+</ul>
+
+
 <p>
 The i2ptunnel compression is requested with the HTTP header:
 </p>
@@ -91,7 +134,7 @@ The response indicating i2ptunnel compression contains the following HTTP header
 Depending on if the tunnel is using an outproxy or not it will append the following User-Agent: 
 {%- endtrans %}</p>
 <ul>
-<li><i>{% trans %}Outproxy:{% endtrans %} </i><b>User-Agent:</b> Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6</li>
+<li><i>{% trans %}Outproxy:{% endtrans %} </i><b>User-Agent:</b> Uses the user agent from a recent Firefox release on Windows</li>
 <li><i>{% trans %}Internal I2P use:{% endtrans %} </i><b>User-Agent:</b> MYOB/6.66 (AN/ON)</li>
 </ul>
 </p>
@@ -101,8 +144,8 @@ Depending on if the tunnel is using an outproxy or not it will append the follow
 Creates a connection to a random IRC server specified by the comma seprated (", ") 
 list of destinations. Only a whitelisted subset of IRC commands are allowed due to anonymity concerns.
 {%- endtrans %}
-The following whitelist is for commands inbound from the IRC server to the IRC client.
-<br>{% trans %}Whitelist:{% endtrans %}</p>
+The following allow list is for commands inbound from the IRC server to the IRC client.
+<br>Allow list:</p>
 <ul>
 <li>AUTHENTICATE</li>
 <li>CAP</li>
@@ -173,7 +216,51 @@ Creates a destination to a local HTTP server ip:port. Supports gzip for requests
 Accept-encoding: x-i2p-gzip, replies with Content-encoding: x-i2p-gzip in such a request.
 {%- endtrans %}</p>
 
+<p>
+The HTTP server proxy provides a number of services to make hosting a website easier and more secure,
+and to provide a better user experience on the client side.
+</p>
+
+<ul><li>Request header processing:
+<ul><li>Header validation
+<li>Header spoof protection
+<li>Header size checks
+<li>Optional inproxy and user-agent rejection
+<li>Add X-I2P headers so the webserver knows where the request came from
+<li>Host header replacement to make webserver vhosts easier
+<li>Force connection: close
+<li>RFC-compliant hop-by-hop header processing and stripping
+<li>Buffering of all headers before passing through for efficiency
+</ul>
+
+<li>DDoS protection:
+<ul><li>POST throttling
+<li>Timeouts and slowloris protection
+<li>Additional throttling happens in streaming for all tunnel types
+</ul>
+
+<li>Response header processing:
+<ul><li>Stripping of some privacy-problematic headers
+<li>Mime type and other headers check for whether to compress response
+<li>Force connection: close
+<li>RFC-compliant hop-by-hop header processing and stripping
+<li>Buffering of all headers before passing through for efficiency
+</ul>
+
+<li>HTTP error responses:
+<ul><li>For many common and not-so-common errors and on throttling, so the client-side user knows what happened
+</ul>
+
+<li>Transparent response compression:
+<ul><li>The web server and/or the I2CP layer may compress, but the web server often does not,
+and it's most efficient to compress at a high layer, even if I2CP also compresses.
+The HTTP server proxy works cooperatively with the client-side proxy to transparently compress responses.
+</ul>
+</ul>
+
+
 <h3 id="server-mode-http-bidir">HTTP Bidirectional</h3>
+<p><i>Deprecated</i></p>
 <p>{% trans -%}
 Functions as both a I2PTunnel HTTP Server, and a I2PTunnel HTTP client with no outproxying
 capabilities. An example application would be a web application that does client-type
-- 
GitLab