squid intercept

squid 3 intercept


# Update ubuntu pastaj instalo paketat perkatese:
apt-get update &&
apt-get install devscripts -y &&
apt-get install build-essential -y &&
apt-get install openssl -y &&
apt-get install libssl-dev -y &&
apt-get install fakeroot -y &&
apt-get install libcppunit-dev -y &&
apt-get install libsasl2-dev -y &&
apt-get install cdbs -y &&
apt-get install ccze -y &&
apt-get install libfile-readbackwards-perl -y &&
apt-get install libcap2 -y &&
apt-get install libcap-dev -y &&
apt-get install libcap2-dev -y &&
apt-get install sysv-rc-conf -y &&
apt-get install dnsmasq -y &&

mkdir /temp
cd /temp

# Download, ekstrakt, konfigure, dhe install Squid
wget https://olex-secure.openlogic.com/content/openlogic/squid-cache/3.4.2/squid-3.4.2.tar.gz &&
tar xzvf squid-3.4.2.tar.gz &&
cd squid-3.4.2 &&
./configure \
--prefix=/usr \
--bindir=/usr/bin \
--sbindir=/usr/sbin \
--libexecdir=/usr/lib/squid \
--sysconfdir=/etc \
--sysconfdir=/etc/squid \
--localstatedir=/var \
--includedir=/usr/include \
--datadir=/usr/share/squid \
--infodir=/usr/share/info \
--mandir=/usr/share/man \
--srcdir=. \
--disable-dependency-tracking \
--disable-strict-error-checking \
--enable-storeio=ufs,aufs,diskd \
--enable-removal-policies=lru,heap \
--enable-icmp \
--disable-wccp \
--disable-wccpv2 \
--enable-kill-parent-hack \
--disable-snmp \
--enable-cachemgr-hostname=proxy \
--enable-icap-client \
--enable-ssl \
--with-openssl \
--enable-cache-digests \
--disable-select \
--enable-http-violations \
--enable-linux-netfilter \
--enable-follow-x-forwarded-for \
--disable-ident-lookups \
--enable-ssl-crtd \
--disable-auth-basic \
--enable-x-accelerator-vary \
--enable-zph-qos \
--with-default-user=proxy \
--with-logdir=/var/log/squid \
--with-pidfile=/var/run/squid.pid \
--with-swapdir=/var/spool/squid \
--with-aufs-threads=35 \
--with-large-files \
--enable-ltdl-convenience \
--enable-referer-log \
--with-filedescriptors=65536
make
make install


krijo cache direktori
mkdir /cache

# Edit squid.conf
gedit /etc/squid/squid.conf

## SQUID.CONF ##
cache_mgr proxy
visible_hostname proxy

cache_mem 8 MB
cache_swap_low 98
cache_swap_high 99

maximum_object_size 1024 MB
maximum_object_size_in_memory 32 KB

ipcache_size 2048
ipcache_low 98
ipcache_high 99

memory_pools off
reload_into_ims on
vary_ignore_expire on

cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
cache_dir aufs /cache 24000 58 256

access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log

acl all src
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT

acl reverbnation url_regex -i reverbnation.*(audio_player|ec_stream_song).*$
acl reverbnation url_regex -i \.c\.(reverbnation|c2lo)\.com\/(get_audio|audioplayback|audioplay).*$

acl youtube url_regex -i youtube.*(ptracking|stream_204|player_204|gen_204).*$
acl youtube url_regex -i (youtube|google).*\/videoplayback\?.*

acl dontrewrite url_regex redbot\.org
acl getmethod method GET

always_direct allow all
ssl_bump server-first all
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow all
http_reply_access allow all
icp_access allow all

http_port 3128 intercept
https_port 3127 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/myCA.pem

sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/squid/ssl_db/certs/ -M 4MB
sslcrtd_children 5
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER

acl QUERY urlpath_regex -i (begin|start)\=
acl QUERY urlpath_regex -i cgi-bin \? .php$ .asp$ .shtml$ .cfm$ .cfml$ .phtml$ .php3$ localhost
acl dontrewrite url_regex -i c\.youtube\.com\/.*(begin|start)\=.*
acl dontrewrite url_regex redbot\.org
acl getmethod method GET
acl redir urlpath_regex -i &redirect_counter=1&cms_redirect=yes
acl redir urlpath_regex -i &ir=1&rr=12
acl yutub url_regex -i youtube\.com\/(generate_204|ptracking|stream_204|player_204|s|(.*(playback|watchtime|delayplay)))\?.*$
acl yutub url_regex -i gstatic\.com\/csi\?.*$

acl rewritedoms url_regex -i dl\.sourceforge\.net.*
acl rewritedoms url_regex -i i[0-9]*\.ytimg\.com.*
acl rewritedoms url_regex -i ak\.fbcdn\.net.*
acl rewritedoms url_regex -i (youtube|google).*\/videoplayback\?.*

cache allow rewritedoms
cache deny QUERY
cache deny redir

store_id_program /etc/squid/store-id.pl
store_id_children 20 startup=10 idle=5 concurrency=30
store_id_access deny !getmethod
store_id_access deny redir
store_id_access deny dontrewrite
store_id_access allow rewritedoms
store_id_access allow youtube
store_id_access allow reverbnation
store_id_access deny all

strip_query_terms off

max_stale 4 week

acl ads url_regex -i .youtube\.com\/ad_frame?
acl ads url_regex -i .(s|s[0-90-9])\.youtube\.com
acl ads url_regex -i .googlesyndication\.com
acl ads url_regex -i .doubleclick\.net
acl ads url_regex -i ^http:\/\/googleads\.*
acl ads url_regex -i ^http:\/\/(ad|ads|ads[0-90-9]|ads\d|kad|a[b|d]|ad\d|adserver|adsbox)\.[a-z0-9]*\.[a-z][a-z]*
acl ads url_regex -i ^http:\/\/openx\.[a-z0-9]*\.[a-z][a-z]*
acl ads url_regex -i ^http:\/\/[a-z0-9]*\.openx\.net\/
acl ads url_regex -i ^http:\/\/[a-z0-9]*\.u-ad\.info\/
http_access deny ads
http_reply_access deny ads

refresh_pattern .*(begin|start)\=[1-9][0-9].*               0 0% 0
refresh_pattern -i (cgi-bin|mrtg|graph) 0 0% 0
refresh_pattern -i \.(php|lst|ui|ini|list)$ 0 0% 0
refresh_pattern (update.ini|Update.ini|version.list|Version.list|update.1st|update.exe|autoup.exe) 0 0% 0
refresh_pattern (hackshield|nprotect) 240 100% 420 override-expire override-lastmod reload-into-ims
#refresh_pattern \.gemscool.com.*\.(exe|dll|cab|zip|iop|npz|swf)$ 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
#refresh_pattern \.crossfire.web.id.*\.(cab|zip|exe|rar|dat|swf)$ 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
#refresh_pattern \.cabalonline.co.id.*\.(cab|zip|exe|rar|dat|swf) 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
#refresh_pattern \.megaxus.com.*\.(cab|zip|exe|rar|dat|swf) 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
#refresh_pattern \.lytogame.com.*\.(cab|zip|exe|rar|dat|swf) 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
#refresh_pattern ((25[0-5]|2[0-4][0-9]|1[0-9]{2}|[0-9]{1,2})\.){3}(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[0-9]{1,2}).*\.(pak|exe|zip|kom|stg|npz|swf)$ 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale

#PATTERN REFRESH
refresh_pattern -i \.(html|htm|css|js|png|jsp|asx|asp|aspx)$ 240 100% 420
refresh_pattern -i \/speedtest\/.*\.(txt|jpg|png|swf)  0  99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
refresh_pattern .pixieimage\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3))  1440 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
refresh_pattern .blogspot\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3))  1440 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
refresh_pattern .multiply\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3))  1440 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
refresh_pattern .((pikawarnet\.com)|(blogspot\.com)|(pixieimage\.com)|(multiply\.com)).*  60  30% 240

#sensitive site
refresh_pattern -i \.(sc-|dl-|ex-|mh-|dll|da-) 0 2% 50 reload-into-ims
refresh_pattern -i \.(mst|Xtp|iop)$ 0 50% 1440 reload-into-ims
refresh_pattern -i (index.php|autoup.exe|main.exe|xtrap.xt|autoupgrade.exe|update.exe|grandchase.exe|FSLauncher.exe|FreeStyle_Setup.exe|grandchase.exe|filelist.zip)$ 0 50% 1440
#refresh_pattern -i (UpdaterModifier.exe|FreeStyle.exe|PBLauncher.exe|update.exe|NewLauncher.exe|NewAvalon.exe|hon.exe.zip|cabal.exe)$ 0 50% 1440
#refresh_pattern -i (PointBlank.exe.zip|HSUpdate.exe.zip|PBConfig.exe.zip) 0 50% 1440
refresh_pattern -i (wks_avira-win32-en-pecl.info.gz|wks_avira10-win32-en-pecl.info.gz|servers.def.vpx)$ 0 50% 1440
refresh_pattern -i (setup.exe.gz|avscan.exe.gz|avguard.exe.gz|filelist.zip|AvaClient.exe) 0 50% 1440
refresh_pattern -i (livescore.com|goal.com|bobet) 0 50% 60

refresh_pattern ^http.*(youtube|googlevideo)\.*     43200 99% 242020 ignore-reload override-expire override-lastmod ignore-must-revalidate  ignore-private ignore-no-store ignore-auth store-stale
#FB
refresh_pattern \.facebook\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private
refresh_pattern \.facebook\.com.* 240 50% 480
refresh_pattern \.fbcdn\.net.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3))  1440 99% 14400 override-expire ignore-reload ignore-private store-stale
refresh_pattern \.gstatic\.com/images\? 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private ignore-must-revalidate
refresh_pattern \.(akamaihd|edgecastcdn|spilcdn|zgncdn|(tw|y|yt)img)\.com.*\.(jp(e?g|e|2)|gif|png|swf|mp(3|4)) 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private
refresh_pattern (gstatic|diggstatic)\.com/.* 1440 99% 14400 override-expire ignore-reload ignore-private
refresh_pattern (photobucket|pbsrc|flickr|yimg|ytimg|twimg|gravatar)\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private
refresh_pattern (zynga|ninjasaga|mafiawars|cityville|farmville|crowdstar|spilcdn|agame|popcap)\.com/.* 1440 99% 14400 override-expire ignore-reload ignore-private
refresh_pattern ^http:\/\/images|image|img|pics|openx|thumbs[0-9]\. 1440 99% 14400 override-expire ignore-reload ignore-private
refresh_pattern ^.*safebrowsing.*google 1440 99% 14400 override-expire ignore-reload ignore-private ignore-auth ignore-must-revalidate
refresh_pattern ^http://.*\.squid\.internal\/.*  10080 100%  79900 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth max-stale=10000 store-stale
refresh_pattern -i reverbnation.com 1440 99% 14400 override-expire override-lastmod ignore-no-cache ignore-private ignore-must-revalidate ignore-reload store-stale
#refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv\?|\.fid\?) 43200 99% 43200 override-expire ignore-reload ignore-must-revalidate ignore-private

#ads
refresh_pattern ^.*(streamate.doublepimp.com.*\.js\?|utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 1440 99% 14400 ignore-private override-expire ignore-reload ignore-auth max-stale=1440
refresh_pattern \.(ico|video-stats) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-auth override-lastmod ignore-must-revalidate
refresh_pattern ^http://((cbk|mt|khm|mlt|tbn)[0-9]?)\.google\.co(m|\.uk|\.id) 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private ignore-auth ignore-must-revalidate
refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 1440 99% 14400 override-expire override-lastmod
refresh_pattern galleries\.video(\?|sz) 1440 99% 14400 override-expire ignore-reload ignore-must-revalidate ignore-private
refresh_pattern \.wikimapia\.org\/? 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private

#general
refresh_pattern -i \.(7z|arj|bin|bz2|cab|dll|exe|gz|inc|iso|jar|lha|ms(i|p|u)|rar|rpm|tar|tgz|zip|rtp|rpz|nui|kom|stg|pak|sup|nzp|npz|iop)$ 1440 99% 14400 override-expire override-lastmod ignore-private reload-into-ims ignore-must-revalidate ignore-reload store-stale
refresh_pattern -i \.(class|doc|docx|pdf|pps|ppt|ppsx|pptx|ps|rtx|txt|wpl|xls|xlsx)$ 1440 99% 14400 override-expire override-lastmod ignore-private reload-into-ims ignore-must-revalidate ignore-reload store-stale
refresh_pattern -i \.(3gp|ac4|agx|au|avi|axd|bmp|cbr|cbt|cbz|dat|divx|flv|gif|hqx|ico|jp(2|e|eg|g)|mid|mk(a|v)|mov|mp(1|2|3|4|e|eg|g)|og(a|g|v)|qt|ra|ram|rm|swf|tif|tiff|wa(v|x)|wm(a|v|x)|x-flv)$ 1440 99% 14400 override-expire override-lastmod ignore-private reload-into-ims ignore-must-revalidate ignore-reload store-stale
refresh_pattern -i .(html|htm|css|js)$ 1440 75% 40320
refresh_pattern -i .index.(html|htm)$ 0 75% 10080
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
refresh_pattern . 60 50% 14400 store-stale

memory_pools off
client_db off
#reload_into_ims on
pipeline_prefetch on
offline_mode off
cache_effective_user proxy
cache_effective_group proxy

request_header_access From deny all
request_header_access Server deny all
request_header_access WWW-Authenticate deny all
request_header_access Link deny all
request_header_access Cache-Control deny all
request_header_access Proxy-Connection deny all
request_header_access X-Cache deny all
request_header_access X-Cache-Lookup deny all
request_header_access Via deny all
request_header_access Forwarded-For deny all
request_header_access X-Forwarded-For deny all
request_header_access Pragma deny all
request_header_access Keep-Alive deny all
vary_ignore_expire on

# local
qos_flows local-hit=0x30
## END SQUID.CONF ##

#  store-id.pl
touch /etc/squid/store-id.pl
gedit /etc/squid/store-id.pl

copy paste

## STORE-ID.PL ##
#!/usr/bin/perl
$|=1;
while (<>) {
@X = split;

if ( $X[0] =~ m/^http\:\/\/.*/) {
$x = $X[0];
$_ = $X[0];
$u = $X[0];
} else {
$x = $X[1];
$_ = $X[1];
$u = $X[1];
}

if ($x =~ m/^http(|s)\:\/\/.*youtube.*(ptracking|stream_204|player_204|gen_204).*(video_id|docid|v)\=([^\&\s]*).*/){
        $vid = $4 ;
        @cpn = m/[&?]cpn\=([^\&\s]*)/;
		$fn = "/var/log/squid/@cpn";
		unless (-e $fn) {
			open FH,">".$fn ;
			print FH "$vid\n";
			close FH;
		}
        $out = $x . "\n";

} elsif ($x =~ m/^https?:\/\/.*(youtube|google).*videoplayback.*/){
        @itag = m/[&?](itag=[0-9]*)/;
        @ids = m/[&?]id\=([^\&\s]*)/;
        @mime = m/[&?](mime\=[^\&\s]*)/;
        @cpn = m/[&?]cpn\=([^\&\s]*)/;
		$fn = "/var/log/squid/@cpn";
		if (-e $fn) {
			open FH,"<".$fn ;
			$id  = <FH>;
			chomp $id ;
			close FH ;
	    } else {
			$id = $ids[0] ;
		}
        @range = m/[&?](range=[^\&\s]*)/;
        $out = "http://video-srv.youtube/id=" . $id . "&@itag@range@mime";

} elsif ($x =~ m/^https?:\/\/.*(profile|photo|creative).*\.ak\.fbcdn\.net\/((h|)(profile|photos)-ak-)(snc|ash|prn)[0-9]?(.*)/) {
        $out="http://fbcdn.net.squid.internal/" . $2  . "fb" .  $6  ;

} elsif ($x =~ m/^https?:\/\/i[1-4]\.ytimg\.com\/(.*)/) {
        $out="http://ytimg.com.squid.internal/" . $1 ;

} elsif ($x =~ m/^http:\/\/.*\.dl\.sourceforge\.net\/(.*)/) {
          $out="http://dl.sourceforge.net.squid.internal/" . $1 ;

		#Speedtest
} elsif ($x =~ m/^http\:\/\/.*\/speedtest\/(.*\.(jpg|txt)).*/) {
        $out="http://speedtest.squid.internal/" . $1 ;

	 #reverbnation
} elsif (m/^http:\/\/[a-z0-9]{4}\.reverbnation\.com\/.*\/([0-9]*).*/) {
        $out="http://reverbnation.com.squid.internal/" . "$1" . "\n";

	# reverbnation
} elsif ($X[1] =~ m/^http:\/\/c2lo\.reverbnation\.com\/audio_player\/ec_stream_song\/(.*)\?.*/) {
	$out="http://reverbnation.squid.internal/" . $1 . "\n";

	# 4shared preview dan download
} elsif ($X[1] =~ m/^http:\/\/.*dlink__[23]Fdownload_[23]F([\w\d-]+)_3Ftsid.*/) {
	$1 =~ s/_5F/_/g;
	$out="http://4shared.squid.internal/" . $1 . "\n";

} elsif (m/^http\:\/\/.*\.4shared\.com\/download\/(.*)\/.*/) {
	$out="http://4shared.squid.internal/" . $1 . "\n";

	#BLOGSPOT
} elsif ($x =~ m/^http:\/\/[1-4]\.bp\.(blogspot\.com.*)/) {
        $out="http://blog-cdn." . $1  ;

	#AVAST
} elsif ($x =~ m/^http:\/\/download[0-9]{3}.(avast.com.*)/) {
       $out="http://avast-cdn." . $1  ;

	 #AVAST
} elsif ($x =~ m/^http:\/\/[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\/(iavs.*)/) {
        $out="http://avast-cdn.avast.com/" . $1  ;

  	  #KAV
} elsif ($x =~ m/^http:\/\/dnl-[0-9]{2}.(geo.kaspersky.com.*)/) {
          $out="http://kav-cdn." . $1  ;

		#AVG
} elsif ($x =~ m/^http:\/\/update.avg.com/) {
          $out="http://avg-cdn." . $1  ;

		#maps.google.com
} elsif ($x =~ m/^http:\/\/(cbk|mt|khm|mlt|tbn)[0-9]?(.google\.co(m|\.uk|\.id).*)/) {
        $out="http://" . $1  . $2 ;

		#gstatic and/or wikimapia
} elsif ($x =~ m/^http:\/\/([a-z])[0-9]?(\.gstatic\.com.*|\.wikimapia\.org.*)/) {
        $out="http://" . $1  . $2 ;

		#maps.google.com
} elsif ($x =~ m/^http:\/\/(khm|mt)[0-9]?(.google.com.*)/) {
        $out="http://" . $1  . $2 ;

		#Google
} elsif ($x =~ m/^http:\/\/www\.google-analytics\.com\/__utm\.gif\?.*/) {
        $out="http://www.google-analytics.com/__utm.gif\n";

} elsif ($x =~ m/^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*?)/) {
        $out="http://" . $1 ;

		#cdn, varialble 1st path
} elsif (($x =~ /filehippo/) && (m/^https?:\/\/(.*?)\.(.*?)\/(.*?)\/(.*)\.([a-z0-9]{3,4})(\?.*)?/)) {
        @y = ($1,$2,$4,$5);
        $y[0] =~ s/[a-z0-9]{2,5}/cdn./;
        $out="http://" . $y[0] . $y[1] . "/" . $y[2] . "." . $y[3] ;

		#rapidshare
} elsif (($x =~ /rapidshare/) && (m/^http:\/\/(([A-Za-z]+[0-9-.]+)*?)([a-z]*\.[^\/]{3}\/[a-z]*\/[0-9]*)\/(.*?)\/([^\/\?\&]{4,})$/)) {
        $out="http://cdn." . $3 . "/squid.internal/" . $5 ;

		#for yimg.com video
} elsif ($x =~ m/^https?:\/\/(.*yimg.com)\/\/(.*)\/([^\/\?\&]*\/[^\/\?\&]*\.[^\/\?\&]{3,4})(\?.*)?$/) {
        $out="http://cdn.yimg.com/" . $3 ;

		#for yimg.com doubled
} elsif ($x =~ m/^http:\/\/(.*?)\.yimg\.com\/(.*?)\.yimg\.com\/(.*?)\?(.*)/) {
        $out="http://cdn.yimg.com/"  . $3 ;

		#for yimg.com with &sig=
} elsif ($x =~ m/^https?:\/\/([^\.]*)\.yimg\.com\/(.*)/) {
        @y = ($1,$2);
        $y[0] =~ s/[a-z]+([0-9]+)?/cdn/;
        $y[1] =~ s/&sig=.*//;
        $out="http://" . $y[0] . ".yimg.com/"  . $y[1] ;

} else {
        $out=$x;

}
if ( $X[0] =~ m/^http\:\/\/.*/) {
 print "OK store-id=$out\n" ;
} else {
 print $X[0] . " OK store-id=$out\n" ;
}
}
## END STORE-ID.PL ##

# krijo startup squid
touch /etc/init.d/squid
gedit /etc/init.d/squid

## SQUID ##
#! /bin/sh
#
# squid32012                Startup script for the SQUID HTTP proxy-cache.
#
# Version:      @(#)squid3.rc  1.0  07-Jul-2006  luigi@debian.org
#
### BEGIN INIT INFO
# Provides:          Squid 3.X
# File-Location:     /etc/init.d/squid3
# Required-Start:    $network $remote_fs $syslog
# Required-Stop:     $network $remote_fs $syslog
# Should-Start:      $named
# Should-Stop:       $named
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Squid HTTP Proxy version 3.2.0.12
### END INIT INFO

NAME=squid
DESC="Squid HTTP Proxy 3.X"
DAEMON=/usr/sbin/squid
PIDFILE=/var/run/$NAME.pid
CONFIG=/etc/squid/squid.conf
SQUID_ARGS="-YC -f $CONFIG"
# RAMFS=/scripts/ramcache

[ ! -f /etc/default/squid ] || . /etc/default/squid

. /lib/lsb/init-functions

PATH=/bin:/usr/bin:/sbin:/usr/sbin

[ -x $DAEMON ] || exit 0

ulimit -n 65535

find_cache_dir () {
        w="     " # space tab
        res=`sed -ne '
                s/^'$1'['"$w"']\+[^'"$w"']\+['"$w"']\+\([^'"$w"']\+\).*$/\1/p;
                t end;
                d;
                :end q' < $CONFIG`
        [ -n "$res" ] || res=$2
        echo "$res"
}

find_cache_type () {
        w="     " # space tab
        res=`sed -ne '
                s/^'$1'['"$w"']\+\([^'"$w"']\+\).*$/\1/p;
                t end;
                d;
                :end q' < $CONFIG`
        [ -n "$res" ] || res=$2
        echo "$res"
}

start () {
#        $RAMFS clean
#        $RAMFS mount
#        $RAMFS restore

        cache_dir=`find_cache_dir cache_dir /var/spool/squid/cache`
        cache_type=`find_cache_type cache_dir ufs`

        #
    # Create spool dirs if they don't exist.
    #
        if [ "$cache_type" = "coss" -a -d "$cache_dir" -a ! -f "$cache_dir/stripe" ] || [ "$cache_type" != "coss" -a -d "$cache_dir" -a ! -d "$cache_dir/00" ]
        then
                log_warning_msg "Creating $DESC cache structure"
                $DAEMON -z
        fi

        umask 027
        ulimit -n 65535


        cd $cache_dir
        start-stop-daemon --quiet --start \
                --pidfile $PIDFILE \
                --exec $DAEMON -- $SQUID_ARGS < /dev/null
        return $?
}

stop () {

        PID=`cat $PIDFILE 2>/dev/null`
        start-stop-daemon --stop --quiet --pidfile $PIDFILE --exec $DAEMON
        #
        #       Now we have to wait until squid has _really_ stopped.
        #
        sleep 2
        if test -n "$PID" && kill -0 $PID 2>/dev/null
        then
                log_action_begin_msg " Waiting"
                cnt=0
                while kill -0 $PID 2>/dev/null
                do
                        cnt=`expr $cnt + 1`
                        if [ $cnt -gt 24 ]
                        then
                                log_action_end_msg 1
                                return 1
                        fi
                        sleep 5
                        log_action_cont_msg ""
                done
                log_action_end_msg 0
                return 0
        else
                return 0
        fi
}

case "$1" in
    start)
        log_daemon_msg "Starting $DESC" "$NAME"
        if start ; then
                log_end_msg $?
        else
                log_end_msg $?
        fi
        ;;
    stop)
        log_daemon_msg "Stopping $DESC" "$NAME"


        if stop ; then
                log_end_msg $?
        else
                log_end_msg $?
        fi
#        $RAMFS dump
#        $RAMFS umount
#        $RAMFS clean

        ;;
    reload|force-reload)
        log_action_msg "Reloading $DESC configuration files"
        start-stop-daemon --stop --signal 1 \
                --pidfile $PIDFILE --quiet --exec $DAEMON
        log_action_end_msg 0
        ;;
    restart)
        log_daemon_msg "Restarting $DESC" "$NAME"
        stop
        if start ; then
                log_end_msg $?
        else
                log_end_msg $?
        fi
        ;;
    *)
        echo "Usage: /etc/init.d/$NAME {start|stop|reload|force-reload|restart}"
        exit 3
        ;;
esac

exit 0
## END SQUID ##

# krijo  direktori ssl
mkdir /etc/squid/ssl_cert &&
cd /etc/squid/ssl_cert &&
openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout myCA.pem  -out myCA.pem

openssl x509 -in myCA.pem -outform DER -out myCA.der &&
mkdir /var/squid &&
mkdir /var/squid/ssl_db &&
chown -R nobody /var/squid/ssl_db &&
/usr/lib/squid/ssl_crtd -c -s /var/squid/ssl_db/certs &&
chown -R proxy:proxy /var/squid/ssl_db

# Status User Proxy
chown proxy:proxy /etc/squid/squid.conf &&
chown proxy:proxy /etc/squid/store-id.pl &&
chown proxy:proxy /etc/squid/ssl_cert/myCA.der &&
chown proxy:proxy /etc/squid/ssl_cert/myCA.pem &&
chown proxy:proxy /var/log/squid

# squid akses File
chmod 777 /etc/squid/squid.conf &&
chmod 777 /etc/squid/store-id.pl &&
chmod 777 /etc/squid/ssl_cert &&
chmod 777 /etc/squid/ssl_cert/myCA.der &&
chmod 777 /etc/squid/ssl_cert/myCA.pem &&
chmod 777 /etc/init.d/squid &&
chmod 777 /usr/sbin/squid &&
chmod 777 /cache{1,2,3}

# Restart squid
/etc/init.d/squid restart

#
squid -NdD1

# Update startup squid
update-rc.d squid defaults

#  log proxy
tail -f /var/log/squid/access.log | ccze
tail -f /var/log/squid/access.log | grep HIT

# importo myCA.der  qe ndodhet ne direktorine /etc/squid/ssl_cert  ne browser trusted root cert

#setting ubuntu  :
#================================
#contoh :
#Ip modem (eth0) : 192.168.1.253/24
#Gateway (ip modem) : 192.168.1.1
#IP ubuntu  lan (eth1):192.168.45.1/24


#=================================
#1. Seting IP di eth0 and eth1
#=================================
gedit /etc/network/interfaces

#=================================
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
        address 192.168.1.253
        netmask 255.255.255.0
        network 192.168.1.0
        broadcast 192.168.1.255
        gateway 192.168.1.1
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 8.8.8.8 8.8.4.4
auto eth1
iface eth1 inet static
        address 192.168.45.1
        netmask 255.255.255.0
#=================================

#restart networking :
/etc/init.d/networking restart

#=================================
#2. seting IP Forwarding
#=================================
gedit /etc/rc.local

#copy filat e meposhtem dhe vendosi para // exit 0 :
echo 1 > /proc/sys/net/ipv4/ip_forward


#=================================
gedit /etc/sysctl.conf

#=================================
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

#sssss :
sysctl -p

#ssssss :
net.ipv4.ip_forward=1


#=================================
#3.  iptables
#=================================
gedit /etc/rc.local

#rule :
echo 1 > /proc/sys/net/ipv4/ip_forward

# rule :
iptables –t nat –A POSTROUTING –j MASQUERADE

# squid/lusca  :
iptables –t nat –A PREROUTING –p tcp --dport 80 –j REDIRECT --to-port 3128

# ssl bump cache https,
iptables –t nat –A PREROUTING –p tcp --dport 443 –j REDIRECT --to-port 3127


#restart rc.local :
/etc/init.d/rc.local start

#=================================

#=================================
#Setting IP client :
#ip : 192.168.45.2
#netmask : 255.255.255.0
#gateway : 192.168.45.1
#DNS : 8.8.8.8 8.8.4.4