Advertisement
albspirit86

squid intercept

Jul 27th, 2014
607
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 26.14 KB | None | 0 0
  1. squid 3 intercept
  2.  
  3.  
  4.  
  5. # Update ubuntu pastaj instalo paketat perkatese:
  6. apt-get update &&
  7. apt-get install devscripts -y &&
  8. apt-get install build-essential -y &&
  9. apt-get install openssl -y &&
  10. apt-get install libssl-dev -y &&
  11. apt-get install fakeroot -y &&
  12. apt-get install libcppunit-dev -y &&
  13. apt-get install libsasl2-dev -y &&
  14. apt-get install cdbs -y &&
  15. apt-get install ccze -y &&
  16. apt-get install libfile-readbackwards-perl -y &&
  17. apt-get install libcap2 -y &&
  18. apt-get install libcap-dev -y &&
  19. apt-get install libcap2-dev -y &&
  20. apt-get install sysv-rc-conf -y &&
  21. apt-get install dnsmasq -y &&
  22.  
  23. mkdir /temp
  24. cd /temp
  25.  
  26. # Download, ekstrakt, konfigure, dhe install Squid
  27. wget https://olex-secure.openlogic.com/content/openlogic/squid-cache/3.4.2/squid-3.4.2.tar.gz &&
  28. tar xzvf squid-3.4.2.tar.gz &&
  29. cd squid-3.4.2 &&
  30. ./configure \
  31. --prefix=/usr \
  32. --bindir=/usr/bin \
  33. --sbindir=/usr/sbin \
  34. --libexecdir=/usr/lib/squid \
  35. --sysconfdir=/etc \
  36. --sysconfdir=/etc/squid \
  37. --localstatedir=/var \
  38. --includedir=/usr/include \
  39. --datadir=/usr/share/squid \
  40. --infodir=/usr/share/info \
  41. --mandir=/usr/share/man \
  42. --srcdir=. \
  43. --disable-dependency-tracking \
  44. --disable-strict-error-checking \
  45. --enable-storeio=ufs,aufs,diskd \
  46. --enable-removal-policies=lru,heap \
  47. --enable-icmp \
  48. --disable-wccp \
  49. --disable-wccpv2 \
  50. --enable-kill-parent-hack \
  51. --disable-snmp \
  52. --enable-cachemgr-hostname=proxy \
  53. --enable-icap-client \
  54. --enable-ssl \
  55. --with-openssl \
  56. --enable-cache-digests \
  57. --disable-select \
  58. --enable-http-violations \
  59. --enable-linux-netfilter \
  60. --enable-follow-x-forwarded-for \
  61. --disable-ident-lookups \
  62. --enable-ssl-crtd \
  63. --disable-auth-basic \
  64. --enable-x-accelerator-vary \
  65. --enable-zph-qos \
  66. --with-default-user=proxy \
  67. --with-logdir=/var/log/squid \
  68. --with-pidfile=/var/run/squid.pid \
  69. --with-swapdir=/var/spool/squid \
  70. --with-aufs-threads=35 \
  71. --with-large-files \
  72. --enable-ltdl-convenience \
  73. --enable-referer-log \
  74. --with-filedescriptors=65536
  75. make
  76. make install
  77.  
  78.  
  79.  
  80. krijo cache direktori
  81. mkdir /cache
  82.  
  83. # Edit squid.conf
  84. gedit /etc/squid/squid.conf
  85.  
  86. ## SQUID.CONF ##
  87. cache_mgr proxy
  88. visible_hostname proxy
  89.  
  90. cache_mem 8 MB
  91. cache_swap_low 98
  92. cache_swap_high 99
  93.  
  94. maximum_object_size 1024 MB
  95. maximum_object_size_in_memory 32 KB
  96.  
  97. ipcache_size 2048
  98. ipcache_low 98
  99. ipcache_high 99
  100.  
  101. memory_pools off
  102. reload_into_ims on
  103. vary_ignore_expire on
  104.  
  105. cache_replacement_policy heap LFUDA
  106. memory_replacement_policy heap GDSF
  107. cache_dir aufs /cache 24000 58 256
  108.  
  109. access_log /var/log/squid/access.log
  110. cache_log /var/log/squid/cache.log
  111.  
  112. acl all src
  113. acl SSL_ports port 443
  114. acl Safe_ports port 80
  115. acl Safe_ports port 21
  116. acl Safe_ports port 443
  117. acl Safe_ports port 70
  118. acl Safe_ports port 210
  119. acl Safe_ports port 1025-65535
  120. acl Safe_ports port 280
  121. acl Safe_ports port 488
  122. acl Safe_ports port 591
  123. acl Safe_ports port 777
  124. acl CONNECT method CONNECT
  125.  
  126. acl reverbnation url_regex -i reverbnation.*(audio_player|ec_stream_song).*$
  127. acl reverbnation url_regex -i \.c\.(reverbnation|c2lo)\.com\/(get_audio|audioplayback|audioplay).*$
  128.  
  129. acl youtube url_regex -i youtube.*(ptracking|stream_204|player_204|gen_204).*$
  130. acl youtube url_regex -i (youtube|google).*\/videoplayback\?.*
  131.  
  132. acl dontrewrite url_regex redbot\.org
  133. acl getmethod method GET
  134.  
  135. always_direct allow all
  136. ssl_bump server-first all
  137. http_access deny !Safe_ports
  138. http_access deny CONNECT !SSL_ports
  139. http_access allow all
  140. http_reply_access allow all
  141. icp_access allow all
  142.  
  143. http_port 3128 intercept
  144. https_port 3127 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/myCA.pem
  145.  
  146. sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/squid/ssl_db/certs/ -M 4MB
  147. sslcrtd_children 5
  148. sslproxy_cert_error allow all
  149. sslproxy_flags DONT_VERIFY_PEER
  150.  
  151. acl QUERY urlpath_regex -i (begin|start)\=
  152. acl QUERY urlpath_regex -i cgi-bin \? .php$ .asp$ .shtml$ .cfm$ .cfml$ .phtml$ .php3$ localhost
  153. acl dontrewrite url_regex -i c\.youtube\.com\/.*(begin|start)\=.*
  154. acl dontrewrite url_regex redbot\.org
  155. acl getmethod method GET
  156. acl redir urlpath_regex -i &redirect_counter=1&cms_redirect=yes
  157. acl redir urlpath_regex -i &ir=1&rr=12
  158. acl yutub url_regex -i youtube\.com\/(generate_204|ptracking|stream_204|player_204|s|(.*(playback|watchtime|delayplay)))\?.*$
  159. acl yutub url_regex -i gstatic\.com\/csi\?.*$
  160.  
  161. acl rewritedoms url_regex -i dl\.sourceforge\.net.*
  162. acl rewritedoms url_regex -i i[0-9]*\.ytimg\.com.*
  163. acl rewritedoms url_regex -i ak\.fbcdn\.net.*
  164. acl rewritedoms url_regex -i (youtube|google).*\/videoplayback\?.*
  165.  
  166. cache allow rewritedoms
  167. cache deny QUERY
  168. cache deny redir
  169.  
  170. store_id_program /etc/squid/store-id.pl
  171. store_id_children 20 startup=10 idle=5 concurrency=30
  172. store_id_access deny !getmethod
  173. store_id_access deny redir
  174. store_id_access deny dontrewrite
  175. store_id_access allow rewritedoms
  176. store_id_access allow youtube
  177. store_id_access allow reverbnation
  178. store_id_access deny all
  179.  
  180. strip_query_terms off
  181.  
  182. max_stale 4 week
  183.  
  184. acl ads url_regex -i .youtube\.com\/ad_frame?
  185. acl ads url_regex -i .(s|s[0-90-9])\.youtube\.com
  186. acl ads url_regex -i .googlesyndication\.com
  187. acl ads url_regex -i .doubleclick\.net
  188. acl ads url_regex -i ^http:\/\/googleads\.*
  189. acl ads url_regex -i ^http:\/\/(ad|ads|ads[0-90-9]|ads\d|kad|a[b|d]|ad\d|adserver|adsbox)\.[a-z0-9]*\.[a-z][a-z]*
  190. acl ads url_regex -i ^http:\/\/openx\.[a-z0-9]*\.[a-z][a-z]*
  191. acl ads url_regex -i ^http:\/\/[a-z0-9]*\.openx\.net\/
  192. acl ads url_regex -i ^http:\/\/[a-z0-9]*\.u-ad\.info\/
  193. http_access deny ads
  194. http_reply_access deny ads
  195.  
  196. refresh_pattern .*(begin|start)\=[1-9][0-9].* 0 0% 0
  197. refresh_pattern -i (cgi-bin|mrtg|graph) 0 0% 0
  198. refresh_pattern -i \.(php|lst|ui|ini|list)$ 0 0% 0
  199. refresh_pattern (update.ini|Update.ini|version.list|Version.list|update.1st|update.exe|autoup.exe) 0 0% 0
  200. refresh_pattern (hackshield|nprotect) 240 100% 420 override-expire override-lastmod reload-into-ims
  201. #refresh_pattern \.gemscool.com.*\.(exe|dll|cab|zip|iop|npz|swf)$ 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
  202. #refresh_pattern \.crossfire.web.id.*\.(cab|zip|exe|rar|dat|swf)$ 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
  203. #refresh_pattern \.cabalonline.co.id.*\.(cab|zip|exe|rar|dat|swf) 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
  204. #refresh_pattern \.megaxus.com.*\.(cab|zip|exe|rar|dat|swf) 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
  205. #refresh_pattern \.lytogame.com.*\.(cab|zip|exe|rar|dat|swf) 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
  206. #refresh_pattern ((25[0-5]|2[0-4][0-9]|1[0-9]{2}|[0-9]{1,2})\.){3}(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[0-9]{1,2}).*\.(pak|exe|zip|kom|stg|npz|swf)$ 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
  207.  
  208. #PATTERN REFRESH
  209. refresh_pattern -i \.(html|htm|css|js|png|jsp|asx|asp|aspx)$ 240 100% 420
  210. refresh_pattern -i \/speedtest\/.*\.(txt|jpg|png|swf) 0 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
  211. refresh_pattern .pixieimage\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
  212. refresh_pattern .blogspot\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
  213. refresh_pattern .multiply\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
  214. refresh_pattern .((pikawarnet\.com)|(blogspot\.com)|(pixieimage\.com)|(multiply\.com)).* 60 30% 240
  215.  
  216. #sensitive site
  217. refresh_pattern -i \.(sc-|dl-|ex-|mh-|dll|da-) 0 2% 50 reload-into-ims
  218. refresh_pattern -i \.(mst|Xtp|iop)$ 0 50% 1440 reload-into-ims
  219. refresh_pattern -i (index.php|autoup.exe|main.exe|xtrap.xt|autoupgrade.exe|update.exe|grandchase.exe|FSLauncher.exe|FreeStyle_Setup.exe|grandchase.exe|filelist.zip)$ 0 50% 1440
  220. #refresh_pattern -i (UpdaterModifier.exe|FreeStyle.exe|PBLauncher.exe|update.exe|NewLauncher.exe|NewAvalon.exe|hon.exe.zip|cabal.exe)$ 0 50% 1440
  221. #refresh_pattern -i (PointBlank.exe.zip|HSUpdate.exe.zip|PBConfig.exe.zip) 0 50% 1440
  222. refresh_pattern -i (wks_avira-win32-en-pecl.info.gz|wks_avira10-win32-en-pecl.info.gz|servers.def.vpx)$ 0 50% 1440
  223. refresh_pattern -i (setup.exe.gz|avscan.exe.gz|avguard.exe.gz|filelist.zip|AvaClient.exe) 0 50% 1440
  224. refresh_pattern -i (livescore.com|goal.com|bobet) 0 50% 60
  225.  
  226. refresh_pattern ^http.*(youtube|googlevideo)\.* 43200 99% 242020 ignore-reload override-expire override-lastmod ignore-must-revalidate ignore-private ignore-no-store ignore-auth store-stale
  227. #FB
  228. refresh_pattern \.facebook\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private
  229. refresh_pattern \.facebook\.com.* 240 50% 480
  230. refresh_pattern \.fbcdn\.net.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private store-stale
  231. refresh_pattern \.gstatic\.com/images\? 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private ignore-must-revalidate
  232. refresh_pattern \.(akamaihd|edgecastcdn|spilcdn|zgncdn|(tw|y|yt)img)\.com.*\.(jp(e?g|e|2)|gif|png|swf|mp(3|4)) 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private
  233. refresh_pattern (gstatic|diggstatic)\.com/.* 1440 99% 14400 override-expire ignore-reload ignore-private
  234. refresh_pattern (photobucket|pbsrc|flickr|yimg|ytimg|twimg|gravatar)\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private
  235. refresh_pattern (zynga|ninjasaga|mafiawars|cityville|farmville|crowdstar|spilcdn|agame|popcap)\.com/.* 1440 99% 14400 override-expire ignore-reload ignore-private
  236. refresh_pattern ^http:\/\/images|image|img|pics|openx|thumbs[0-9]\. 1440 99% 14400 override-expire ignore-reload ignore-private
  237. refresh_pattern ^.*safebrowsing.*google 1440 99% 14400 override-expire ignore-reload ignore-private ignore-auth ignore-must-revalidate
  238. refresh_pattern ^http://.*\.squid\.internal\/.* 10080 100% 79900 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth max-stale=10000 store-stale
  239. refresh_pattern -i reverbnation.com 1440 99% 14400 override-expire override-lastmod ignore-no-cache ignore-private ignore-must-revalidate ignore-reload store-stale
  240. #refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv\?|\.fid\?) 43200 99% 43200 override-expire ignore-reload ignore-must-revalidate ignore-private
  241.  
  242. #ads
  243. refresh_pattern ^.*(streamate.doublepimp.com.*\.js\?|utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 1440 99% 14400 ignore-private override-expire ignore-reload ignore-auth max-stale=1440
  244. refresh_pattern \.(ico|video-stats) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-auth override-lastmod ignore-must-revalidate
  245. refresh_pattern ^http://((cbk|mt|khm|mlt|tbn)[0-9]?)\.google\.co(m|\.uk|\.id) 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private ignore-auth ignore-must-revalidate
  246. refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 1440 99% 14400 override-expire override-lastmod
  247. refresh_pattern galleries\.video(\?|sz) 1440 99% 14400 override-expire ignore-reload ignore-must-revalidate ignore-private
  248. refresh_pattern \.wikimapia\.org\/? 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private
  249.  
  250. #general
  251. refresh_pattern -i \.(7z|arj|bin|bz2|cab|dll|exe|gz|inc|iso|jar|lha|ms(i|p|u)|rar|rpm|tar|tgz|zip|rtp|rpz|nui|kom|stg|pak|sup|nzp|npz|iop)$ 1440 99% 14400 override-expire override-lastmod ignore-private reload-into-ims ignore-must-revalidate ignore-reload store-stale
  252. refresh_pattern -i \.(class|doc|docx|pdf|pps|ppt|ppsx|pptx|ps|rtx|txt|wpl|xls|xlsx)$ 1440 99% 14400 override-expire override-lastmod ignore-private reload-into-ims ignore-must-revalidate ignore-reload store-stale
  253. refresh_pattern -i \.(3gp|ac4|agx|au|avi|axd|bmp|cbr|cbt|cbz|dat|divx|flv|gif|hqx|ico|jp(2|e|eg|g)|mid|mk(a|v)|mov|mp(1|2|3|4|e|eg|g)|og(a|g|v)|qt|ra|ram|rm|swf|tif|tiff|wa(v|x)|wm(a|v|x)|x-flv)$ 1440 99% 14400 override-expire override-lastmod ignore-private reload-into-ims ignore-must-revalidate ignore-reload store-stale
  254. refresh_pattern -i .(html|htm|css|js)$ 1440 75% 40320
  255. refresh_pattern -i .index.(html|htm)$ 0 75% 10080
  256. refresh_pattern ^ftp: 1440 20% 10080
  257. refresh_pattern ^gopher: 1440 0% 1440
  258. refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
  259. refresh_pattern . 60 50% 14400 store-stale
  260.  
  261. memory_pools off
  262. client_db off
  263. #reload_into_ims on
  264. pipeline_prefetch on
  265. offline_mode off
  266. cache_effective_user proxy
  267. cache_effective_group proxy
  268.  
  269. request_header_access From deny all
  270. request_header_access Server deny all
  271. request_header_access WWW-Authenticate deny all
  272. request_header_access Link deny all
  273. request_header_access Cache-Control deny all
  274. request_header_access Proxy-Connection deny all
  275. request_header_access X-Cache deny all
  276. request_header_access X-Cache-Lookup deny all
  277. request_header_access Via deny all
  278. request_header_access Forwarded-For deny all
  279. request_header_access X-Forwarded-For deny all
  280. request_header_access Pragma deny all
  281. request_header_access Keep-Alive deny all
  282. vary_ignore_expire on
  283.  
  284. # local
  285. qos_flows local-hit=0x30
  286. ## END SQUID.CONF ##
  287.  
  288. # store-id.pl
  289. touch /etc/squid/store-id.pl
  290. gedit /etc/squid/store-id.pl
  291.  
  292. copy paste
  293.  
  294. ## STORE-ID.PL ##
  295. #!/usr/bin/perl
  296. $|=1;
  297. while (<>) {
  298. @X = split;
  299.  
  300. if ( $X[0] =~ m/^http\:\/\/.*/) {
  301. $x = $X[0];
  302. $_ = $X[0];
  303. $u = $X[0];
  304. } else {
  305. $x = $X[1];
  306. $_ = $X[1];
  307. $u = $X[1];
  308. }
  309.  
  310. if ($x =~ m/^http(|s)\:\/\/.*youtube.*(ptracking|stream_204|player_204|gen_204).*(video_id|docid|v)\=([^\&\s]*).*/){
  311. $vid = $4 ;
  312. @cpn = m/[&?]cpn\=([^\&\s]*)/;
  313. $fn = "/var/log/squid/@cpn";
  314. unless (-e $fn) {
  315. open FH,">".$fn ;
  316. print FH "$vid\n";
  317. close FH;
  318. }
  319. $out = $x . "\n";
  320.  
  321. } elsif ($x =~ m/^https?:\/\/.*(youtube|google).*videoplayback.*/){
  322. @itag = m/[&?](itag=[0-9]*)/;
  323. @ids = m/[&?]id\=([^\&\s]*)/;
  324. @mime = m/[&?](mime\=[^\&\s]*)/;
  325. @cpn = m/[&?]cpn\=([^\&\s]*)/;
  326. $fn = "/var/log/squid/@cpn";
  327. if (-e $fn) {
  328. open FH,"<".$fn ;
  329. $id = <FH>;
  330. chomp $id ;
  331. close FH ;
  332. } else {
  333. $id = $ids[0] ;
  334. }
  335. @range = m/[&?](range=[^\&\s]*)/;
  336. $out = "http://video-srv.youtube/id=" . $id . "&@itag@range@mime";
  337.  
  338. } elsif ($x =~ m/^https?:\/\/.*(profile|photo|creative).*\.ak\.fbcdn\.net\/((h|)(profile|photos)-ak-)(snc|ash|prn)[0-9]?(.*)/) {
  339. $out="http://fbcdn.net.squid.internal/" . $2 . "fb" . $6 ;
  340.  
  341. } elsif ($x =~ m/^https?:\/\/i[1-4]\.ytimg\.com\/(.*)/) {
  342. $out="http://ytimg.com.squid.internal/" . $1 ;
  343.  
  344. } elsif ($x =~ m/^http:\/\/.*\.dl\.sourceforge\.net\/(.*)/) {
  345. $out="http://dl.sourceforge.net.squid.internal/" . $1 ;
  346.  
  347. #Speedtest
  348. } elsif ($x =~ m/^http\:\/\/.*\/speedtest\/(.*\.(jpg|txt)).*/) {
  349. $out="http://speedtest.squid.internal/" . $1 ;
  350.  
  351. #reverbnation
  352. } elsif (m/^http:\/\/[a-z0-9]{4}\.reverbnation\.com\/.*\/([0-9]*).*/) {
  353. $out="http://reverbnation.com.squid.internal/" . "$1" . "\n";
  354.  
  355. # reverbnation
  356. } elsif ($X[1] =~ m/^http:\/\/c2lo\.reverbnation\.com\/audio_player\/ec_stream_song\/(.*)\?.*/) {
  357. $out="http://reverbnation.squid.internal/" . $1 . "\n";
  358.  
  359. # 4shared preview dan download
  360. } elsif ($X[1] =~ m/^http:\/\/.*dlink__[23]Fdownload_[23]F([\w\d-]+)_3Ftsid.*/) {
  361. $1 =~ s/_5F/_/g;
  362. $out="http://4shared.squid.internal/" . $1 . "\n";
  363.  
  364. } elsif (m/^http\:\/\/.*\.4shared\.com\/download\/(.*)\/.*/) {
  365. $out="http://4shared.squid.internal/" . $1 . "\n";
  366.  
  367. #BLOGSPOT
  368. } elsif ($x =~ m/^http:\/\/[1-4]\.bp\.(blogspot\.com.*)/) {
  369. $out="http://blog-cdn." . $1 ;
  370.  
  371. #AVAST
  372. } elsif ($x =~ m/^http:\/\/download[0-9]{3}.(avast.com.*)/) {
  373. $out="http://avast-cdn." . $1 ;
  374.  
  375. #AVAST
  376. } elsif ($x =~ m/^http:\/\/[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\/(iavs.*)/) {
  377. $out="http://avast-cdn.avast.com/" . $1 ;
  378.  
  379. #KAV
  380. } elsif ($x =~ m/^http:\/\/dnl-[0-9]{2}.(geo.kaspersky.com.*)/) {
  381. $out="http://kav-cdn." . $1 ;
  382.  
  383. #AVG
  384. } elsif ($x =~ m/^http:\/\/update.avg.com/) {
  385. $out="http://avg-cdn." . $1 ;
  386.  
  387. #maps.google.com
  388. } elsif ($x =~ m/^http:\/\/(cbk|mt|khm|mlt|tbn)[0-9]?(.google\.co(m|\.uk|\.id).*)/) {
  389. $out="http://" . $1 . $2 ;
  390.  
  391. #gstatic and/or wikimapia
  392. } elsif ($x =~ m/^http:\/\/([a-z])[0-9]?(\.gstatic\.com.*|\.wikimapia\.org.*)/) {
  393. $out="http://" . $1 . $2 ;
  394.  
  395. #maps.google.com
  396. } elsif ($x =~ m/^http:\/\/(khm|mt)[0-9]?(.google.com.*)/) {
  397. $out="http://" . $1 . $2 ;
  398.  
  399. #Google
  400. } elsif ($x =~ m/^http:\/\/www\.google-analytics\.com\/__utm\.gif\?.*/) {
  401. $out="http://www.google-analytics.com/__utm.gif\n";
  402.  
  403. } elsif ($x =~ m/^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*?)/) {
  404. $out="http://" . $1 ;
  405.  
  406. #cdn, varialble 1st path
  407. } elsif (($x =~ /filehippo/) && (m/^https?:\/\/(.*?)\.(.*?)\/(.*?)\/(.*)\.([a-z0-9]{3,4})(\?.*)?/)) {
  408. @y = ($1,$2,$4,$5);
  409. $y[0] =~ s/[a-z0-9]{2,5}/cdn./;
  410. $out="http://" . $y[0] . $y[1] . "/" . $y[2] . "." . $y[3] ;
  411.  
  412. #rapidshare
  413. } elsif (($x =~ /rapidshare/) && (m/^http:\/\/(([A-Za-z]+[0-9-.]+)*?)([a-z]*\.[^\/]{3}\/[a-z]*\/[0-9]*)\/(.*?)\/([^\/\?\&]{4,})$/)) {
  414. $out="http://cdn." . $3 . "/squid.internal/" . $5 ;
  415.  
  416. #for yimg.com video
  417. } elsif ($x =~ m/^https?:\/\/(.*yimg.com)\/\/(.*)\/([^\/\?\&]*\/[^\/\?\&]*\.[^\/\?\&]{3,4})(\?.*)?$/) {
  418. $out="http://cdn.yimg.com/" . $3 ;
  419.  
  420. #for yimg.com doubled
  421. } elsif ($x =~ m/^http:\/\/(.*?)\.yimg\.com\/(.*?)\.yimg\.com\/(.*?)\?(.*)/) {
  422. $out="http://cdn.yimg.com/" . $3 ;
  423.  
  424. #for yimg.com with &sig=
  425. } elsif ($x =~ m/^https?:\/\/([^\.]*)\.yimg\.com\/(.*)/) {
  426. @y = ($1,$2);
  427. $y[0] =~ s/[a-z]+([0-9]+)?/cdn/;
  428. $y[1] =~ s/&sig=.*//;
  429. $out="http://" . $y[0] . ".yimg.com/" . $y[1] ;
  430.  
  431. } else {
  432. $out=$x;
  433.  
  434. }
  435. if ( $X[0] =~ m/^http\:\/\/.*/) {
  436. print "OK store-id=$out\n" ;
  437. } else {
  438. print $X[0] . " OK store-id=$out\n" ;
  439. }
  440. }
  441. ## END STORE-ID.PL ##
  442.  
  443. # krijo startup squid
  444. touch /etc/init.d/squid
  445. gedit /etc/init.d/squid
  446.  
  447. ## SQUID ##
  448. #! /bin/sh
  449. #
  450. # squid32012 Startup script for the SQUID HTTP proxy-cache.
  451. #
  452. # Version: @(#)squid3.rc 1.0 07-Jul-2006 luigi@debian.org
  453. #
  454. ### BEGIN INIT INFO
  455. # Provides: Squid 3.X
  456. # File-Location: /etc/init.d/squid3
  457. # Required-Start: $network $remote_fs $syslog
  458. # Required-Stop: $network $remote_fs $syslog
  459. # Should-Start: $named
  460. # Should-Stop: $named
  461. # Default-Start: 2 3 4 5
  462. # Default-Stop: 0 1 6
  463. # Short-Description: Squid HTTP Proxy version 3.2.0.12
  464. ### END INIT INFO
  465.  
  466. NAME=squid
  467. DESC="Squid HTTP Proxy 3.X"
  468. DAEMON=/usr/sbin/squid
  469. PIDFILE=/var/run/$NAME.pid
  470. CONFIG=/etc/squid/squid.conf
  471. SQUID_ARGS="-YC -f $CONFIG"
  472. # RAMFS=/scripts/ramcache
  473.  
  474. [ ! -f /etc/default/squid ] || . /etc/default/squid
  475.  
  476. . /lib/lsb/init-functions
  477.  
  478. PATH=/bin:/usr/bin:/sbin:/usr/sbin
  479.  
  480. [ -x $DAEMON ] || exit 0
  481.  
  482. ulimit -n 65535
  483.  
  484. find_cache_dir () {
  485. w=" " # space tab
  486. res=`sed -ne '
  487. s/^'$1'['"$w"']\+[^'"$w"']\+['"$w"']\+\([^'"$w"']\+\).*$/\1/p;
  488. t end;
  489. d;
  490. :end q' < $CONFIG`
  491. [ -n "$res" ] || res=$2
  492. echo "$res"
  493. }
  494.  
  495. find_cache_type () {
  496. w=" " # space tab
  497. res=`sed -ne '
  498. s/^'$1'['"$w"']\+\([^'"$w"']\+\).*$/\1/p;
  499. t end;
  500. d;
  501. :end q' < $CONFIG`
  502. [ -n "$res" ] || res=$2
  503. echo "$res"
  504. }
  505.  
  506. start () {
  507. # $RAMFS clean
  508. # $RAMFS mount
  509. # $RAMFS restore
  510.  
  511. cache_dir=`find_cache_dir cache_dir /var/spool/squid/cache`
  512. cache_type=`find_cache_type cache_dir ufs`
  513.  
  514. #
  515. # Create spool dirs if they don't exist.
  516. #
  517. if [ "$cache_type" = "coss" -a -d "$cache_dir" -a ! -f "$cache_dir/stripe" ] || [ "$cache_type" != "coss" -a -d "$cache_dir" -a ! -d "$cache_dir/00" ]
  518. then
  519. log_warning_msg "Creating $DESC cache structure"
  520. $DAEMON -z
  521. fi
  522.  
  523. umask 027
  524. ulimit -n 65535
  525.  
  526.  
  527. cd $cache_dir
  528. start-stop-daemon --quiet --start \
  529. --pidfile $PIDFILE \
  530. --exec $DAEMON -- $SQUID_ARGS < /dev/null
  531. return $?
  532. }
  533.  
  534. stop () {
  535.  
  536. PID=`cat $PIDFILE 2>/dev/null`
  537. start-stop-daemon --stop --quiet --pidfile $PIDFILE --exec $DAEMON
  538. #
  539. # Now we have to wait until squid has _really_ stopped.
  540. #
  541. sleep 2
  542. if test -n "$PID" && kill -0 $PID 2>/dev/null
  543. then
  544. log_action_begin_msg " Waiting"
  545. cnt=0
  546. while kill -0 $PID 2>/dev/null
  547. do
  548. cnt=`expr $cnt + 1`
  549. if [ $cnt -gt 24 ]
  550. then
  551. log_action_end_msg 1
  552. return 1
  553. fi
  554. sleep 5
  555. log_action_cont_msg ""
  556. done
  557. log_action_end_msg 0
  558. return 0
  559. else
  560. return 0
  561. fi
  562. }
  563.  
  564. case "$1" in
  565. start)
  566. log_daemon_msg "Starting $DESC" "$NAME"
  567. if start ; then
  568. log_end_msg $?
  569. else
  570. log_end_msg $?
  571. fi
  572. ;;
  573. stop)
  574. log_daemon_msg "Stopping $DESC" "$NAME"
  575.  
  576.  
  577. if stop ; then
  578. log_end_msg $?
  579. else
  580. log_end_msg $?
  581. fi
  582. # $RAMFS dump
  583. # $RAMFS umount
  584. # $RAMFS clean
  585.  
  586. ;;
  587. reload|force-reload)
  588. log_action_msg "Reloading $DESC configuration files"
  589. start-stop-daemon --stop --signal 1 \
  590. --pidfile $PIDFILE --quiet --exec $DAEMON
  591. log_action_end_msg 0
  592. ;;
  593. restart)
  594. log_daemon_msg "Restarting $DESC" "$NAME"
  595. stop
  596. if start ; then
  597. log_end_msg $?
  598. else
  599. log_end_msg $?
  600. fi
  601. ;;
  602. *)
  603. echo "Usage: /etc/init.d/$NAME {start|stop|reload|force-reload|restart}"
  604. exit 3
  605. ;;
  606. esac
  607.  
  608. exit 0
  609. ## END SQUID ##
  610.  
  611. # krijo direktori ssl
  612. mkdir /etc/squid/ssl_cert &&
  613. cd /etc/squid/ssl_cert &&
  614. openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout myCA.pem -out myCA.pem
  615.  
  616. openssl x509 -in myCA.pem -outform DER -out myCA.der &&
  617. mkdir /var/squid &&
  618. mkdir /var/squid/ssl_db &&
  619. chown -R nobody /var/squid/ssl_db &&
  620. /usr/lib/squid/ssl_crtd -c -s /var/squid/ssl_db/certs &&
  621. chown -R proxy:proxy /var/squid/ssl_db
  622.  
  623. # Status User Proxy
  624. chown proxy:proxy /etc/squid/squid.conf &&
  625. chown proxy:proxy /etc/squid/store-id.pl &&
  626. chown proxy:proxy /etc/squid/ssl_cert/myCA.der &&
  627. chown proxy:proxy /etc/squid/ssl_cert/myCA.pem &&
  628. chown proxy:proxy /var/log/squid
  629.  
  630. # squid akses File
  631. chmod 777 /etc/squid/squid.conf &&
  632. chmod 777 /etc/squid/store-id.pl &&
  633. chmod 777 /etc/squid/ssl_cert &&
  634. chmod 777 /etc/squid/ssl_cert/myCA.der &&
  635. chmod 777 /etc/squid/ssl_cert/myCA.pem &&
  636. chmod 777 /etc/init.d/squid &&
  637. chmod 777 /usr/sbin/squid &&
  638. chmod 777 /cache{1,2,3}
  639.  
  640. # Restart squid
  641. /etc/init.d/squid restart
  642.  
  643. #
  644. squid -NdD1
  645.  
  646. # Update startup squid
  647. update-rc.d squid defaults
  648.  
  649. # log proxy
  650. tail -f /var/log/squid/access.log | ccze
  651. tail -f /var/log/squid/access.log | grep HIT
  652.  
  653. # importo myCA.der qe ndodhet ne direktorine /etc/squid/ssl_cert ne browser trusted root cert
  654.  
  655. #setting ubuntu :
  656. #================================
  657. #contoh :
  658. #Ip modem (eth0) : 192.168.1.253/24
  659. #Gateway (ip modem) : 192.168.1.1
  660. #IP ubuntu lan (eth1):192.168.45.1/24
  661.  
  662.  
  663. #=================================
  664. #1. Seting IP di eth0 and eth1
  665. #=================================
  666. gedit /etc/network/interfaces
  667.  
  668. #=================================
  669. # This file describes the network interfaces available on your system
  670. # and how to activate them. For more information, see interfaces(5).
  671.  
  672. # The loopback network interface
  673. auto lo
  674. iface lo inet loopback
  675.  
  676. # The primary network interface
  677. auto eth0
  678. iface eth0 inet static
  679. address 192.168.1.253
  680. netmask 255.255.255.0
  681. network 192.168.1.0
  682. broadcast 192.168.1.255
  683. gateway 192.168.1.1
  684. # dns-* options are implemented by the resolvconf package, if installed
  685. dns-nameservers 8.8.8.8 8.8.4.4
  686. auto eth1
  687. iface eth1 inet static
  688. address 192.168.45.1
  689. netmask 255.255.255.0
  690. #=================================
  691.  
  692. #restart networking :
  693. /etc/init.d/networking restart
  694.  
  695. #=================================
  696. #2. seting IP Forwarding
  697. #=================================
  698. gedit /etc/rc.local
  699.  
  700. #copy filat e meposhtem dhe vendosi para // exit 0 :
  701. echo 1 > /proc/sys/net/ipv4/ip_forward
  702.  
  703.  
  704.  
  705. #=================================
  706. gedit /etc/sysctl.conf
  707.  
  708. #=================================
  709. # Uncomment the next line to enable packet forwarding for IPv4
  710. net.ipv4.ip_forward=1
  711.  
  712. #sssss :
  713. sysctl -p
  714.  
  715. #ssssss :
  716. net.ipv4.ip_forward=1
  717.  
  718.  
  719.  
  720. #=================================
  721. #3. iptables
  722. #=================================
  723. gedit /etc/rc.local
  724.  
  725. #rule :
  726. echo 1 > /proc/sys/net/ipv4/ip_forward
  727.  
  728. # rule :
  729. iptables –t nat –A POSTROUTING –j MASQUERADE
  730.  
  731. # squid/lusca :
  732. iptables –t nat –A PREROUTING –p tcp --dport 80 –j REDIRECT --to-port 3128
  733.  
  734. # ssl bump cache https,
  735. iptables –t nat –A PREROUTING –p tcp --dport 443 –j REDIRECT --to-port 3127
  736.  
  737.  
  738. #restart rc.local :
  739. /etc/init.d/rc.local start
  740.  
  741. #=================================
  742.  
  743. #=================================
  744. #Setting IP client :
  745. #ip : 192.168.45.2
  746. #netmask : 255.255.255.0
  747. #gateway : 192.168.45.1
  748. #DNS : 8.8.8.8 8.8.4.4
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement