View difference between Paste ID: <a href="/pcGtB9r3">pcGtB9r3</a> and <a href="/0MzUt9Ww">0MzUt9Ww</a>

#!/bin/bash
1		#!/bin/bash
2		wget -O /etc/apt/sources.list http://pastebin.com/raw/B9atBpyw
3		apt-get update
4		apt-get install build-essential devscripts libcppunit-dev openssl libssl-dev libcap-dev libsasl2-dev ccze pkg-config libkrb5-dev php5 apache2 -y
5		wget -O /etc/apache2/ports.conf http://pastebin.com/raw/4pvrFczN
6		# apabila belum memiliki folder cache, lalukan mkdir -p /cache , bila sudah memiliki folder cache, abaikan saja
7		mkdir -p /cache
8		chmod -R 777 /cache
9		cd /var/www
10		mkdir id
11		mkdir flash
12		wget http://c.speedtest.net/mini/mini.zip
13		unzip mini.zip
14		cp -arv mini/speedtest /var/www
15		wget -O /var/www/flash/speedtest.swf http://c.speedtest.net/flash/speedtest.swf
16		wget -O /var/www/flash/speedtest-long.swf http://c.speedtest.net/flash/speedtest-long.swf
17		wget -O /var/www/speedtest-config.php http://www.speedtest.net/speedtest-config.php
18		wget -O /var/www/ipaddress.php http://api.ookla.com/ipaddress.php
19		wget -O /var/www/id/speedtest-config.php http://www.speedtest.net/id/speedtest-config.php
20		cd
21		wget http://www.measurement-factory.com/tmp/ecap/libecap-1.0.0.tar.gz
22		tar xvf libecap-1.0.0.tar.gz
23		cd libecap-1.0.0
24		./configure && make && make install
25		echo '/usr/local/lib' >> /etc/ld.so.conf
26		ldconfig
27		cd
28		wget http://www.measurement-factory.com/tmp/ecap/ecap_adapter_sample-1.0.0.tar.gz
29		tar xzvf ecap_adapter_sample-1.0.0.tar.gz
30		wget -O /root/ecap_adapter_sample-1.0.0/src/adapter_async.cc http://pastebin.com/raw/2iaykJAw
31		cd ecap_adapter_sample-1.0.0
32		./configure && make && make install
33		cd
34		wget http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.20.tar.gz
35		tar xzvf squid-3.5.20.tar.gz
36		wget -O squid_forgery.patch http://pastebin.com/raw/cs6fKaAh
37		cd squid-3.5.20
38		patch -p0 <../squid_forgery.patch
39		./configure --prefix=/usr \
40		--bindir=/usr/bin \
41		--sbindir=/usr/sbin \
42		--libexecdir=/usr/lib/squid \
43		--sysconfdir=/etc/squid \
44		--localstatedir=/var \
45		--libdir=/usr/lib \
46		--includedir=/usr/include \
47		--datadir=/usr/share/squid \
48		--mandir=/usr/share/man \
49		--enable-storeio=ufs,aufs,diskd,rock \
50		--enable-removal-policies=lru,heap \
51		--enable-stacktrace \
52		--enable-zph=qos \
53		--enable-ecap \
54		--enable-icap-client \
55		--enable-wccp \
56		--enable-wccpv2 \
57		--enable-linux-netfilter \
58		--disable-ident-lookup \
59		--disable-auth \
60		--disable-auth-basic \
61		--disable-auth-digest \
62		--disable-auth-negotiate \
63		--disable-auth-ntlm \
64		--disable-url-rewriter-helpers \
65		--disable-storeid-rewrite-helpers \
66		--with-logdir=/var/log/squid \
67		--with-pid-file=/var/run/squid.pid \
68		--with-swap-dir=/cache \
69		--enable-large-cache-files \
70		--with-large-files \
71		--with-openssl
72		make
73		make install
74		cd
75		chown -R nobody /var/log/squid
76		chown -R nobody /cache
77		mkdir -p /etc/squid/ssl_cert
78		openssl req -new -newkey rsa:2048 -sha256 -days 3652 -nodes -x509 -keyout /etc/squid/ssl_cert/proxy.pem -out /etc/squid/ssl_cert/proxy.pem -subj "/C=ID/ST=Jawa Tengah/L=Semarang/O=TSI/CN=Terapi Squid Indonesia"
79		openssl x509 -in /etc/squid/ssl_cert/proxy.pem -outform DER -out /etc/squid/ssl_cert/proxy.der
80		openssl x509 -in /etc/squid/ssl_cert/proxy.pem -outform DER -out /etc/squid/ssl_cert/proxy.crt
81		cp -arv /etc/squid/ssl_cert /var/www
82		echo '#
83		dns_v4_first on
84		reply_header_access Alternate-Protocol deny all
85		reply_header_access Alt-Svc deny all
86		refresh_all_ims on
87		reload_into_ims on
88
89		#asumsi sisa hardisk 900Gban
90		#(720000000/256/256)*2
91		cache_dir aufs /cache 720000 21980 256
92		cache_mem 2 MB
93		cache_swap_high 95
94		cache_swap_low 90
95
96		cache_replacement_policy heap LFUDA
97		memory_replacement_policy heap GDSF
98
99		maximum_object_size 4096000 KB
100		maximum_object_size_in_memory 0 KB
101
102		cache_mgr cespun@gmail.com
103		visible_hostname cespun-proxy
104		strip_query_terms off
105		httpd_suppress_version_string on
106		log_mime_hdrs off
107		forwarded_for off
108		via off
109
110		coredump_dir /var/log/squid
111		logfile_rotate 1
112
113		max_filedescriptors 65536
114
115		fqdncache_size 4096
116		ipcache_size 4096
117		ipcache_high 95
118		ipcache_low 90
119
120		http_port 3128
121		http_port 3129 tproxy
122		#https_port 3127 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/warnet.pem
123		https_port 3127 tproxy ssl-bump generate-host-certificates=on cert=/etc/squid/ssl_cert/warnet.pem
124
125		qos_flows local-hit=0x30
126
127		acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
128		acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
129		acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
130		acl localnet src fc00::/7 # RFC 4193 local private network range
131		acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
132		acl SSL_ports port 443
133		acl Safe_ports port 80 # http
134		acl Safe_ports port 182 # http
135		acl Safe_ports port 21 # ftp
136		acl Safe_ports port 443 # https
137		acl Safe_ports port 70 # gopher
138		acl Safe_ports port 210 # wais
139		acl Safe_ports port 1025-65535 # unregistered ports
140		acl Safe_ports port 280 # http-mgmt
141		acl Safe_ports port 488 # gss-http
142		acl Safe_ports port 591 # filemaker
143		acl Safe_ports port 777 # multiling http
144		acl PURGE method PURGE
145		acl step1 at_step SslBump1
146		acl step2 at_step SslBump2
147		acl step3 at_step SslBump3
148		acl range206 req_header Range -i byte
149		acl iphone browser -i regexp (iPhone\|iPad)
150		acl BB browser -i regexp (BlackBerry\|PlayBook)
151		acl Winphone browser -i regexp (Windows.*Phone\|Trident\|IEMobile)
152		acl Android browser -i regexp Android
153		acl yt-rewrite url_regex -i ^https?\:\/\/(www\|gaming)\.youtube\.com\/(watch\?v\|embed\|v)[=%&?\/]
154		acl youtube url_regex -i ^http.*(youtube\|googlevideo\|videoplayback\|videogoodput)
155		acl urltomiss url_regex -i ^http.(update\|patch).versi
156		acl urltomiss url_regex -i ^http.versi.(update\|patch)
157		acl urltomiss url_regex -i ^http.*(update\|patch\|versi\|version)\.ini
158		acl urltomiss url_regex -i ^http.*(hsupdate\|antihack\|xigncode\|gameguard\|captcha\|gameid\|game_id\|idgame\|id_game\|launcher\|\.aspx\|\.html\|\.shtml\|\.xhtml\|\.ini)
159		acl urltomiss url_regex -i ^http.googlevideo\.com\/video(playback\|goodput).source[\&\=\?\/]yt_live
160		acl urltomiss url_regex -i ^http.*googleapis\.com\/game
161		acl patchpartial url_regex -i ^http.patch.garena
162		acl patchpartial url_regex -i ^http.garena.patch
163		acl httptomiss http_status 302
164		acl mimehtml rep_mime_type -i mime-type ^text/html
165		acl mimeplain rep_mime_type -i mime-type ^text/plain
166		acl tostoreid url_regex -i ^http.*(youtube\|googlevideo\|videoplayback\|videogoodput)
167		acl tostoreid url_regex -i ^http.*(fbcdn\|akamaihd)
168		acl tostoreid url_regex -i ^http.c2lo\.reverbnation\.com\/audio_player\/ec_stream_song\/.\?
169		acl tostoreid url_regex -i ^http.\.c\.android\.clients\.google\.com\/market\/GetBinary\/GetBinary\/.\/.*\?
170		acl tostoreid url_regex -i ^http.datafilehost.\/get\.php.file\=.
171		acl tostoreid url_regex -i ^http.\.filehippo\.com\/.\?
172		acl tostoreid url_regex -i ^http.\.4shared\.com\/.\/.\/.\/dlink.*preview.mp3
173		acl tostoreid url_regex -i ^http.\.4shared\.com\/download\/.\/.*\?tsid
174		acl tostoreid url_regex -i ^http.*steam(powered\|content)
175		acl tostoreid url_regex -i ^http.savefile\.co\:182\/.\/.*\.(mp4\|flv\|3gp)
176		acl tostoreid url_regex -i ^http.video\-http\.media\-imdb\.com\/.\.mp4\?
177		acl tostoreid url_regex -i ^http.*\.dl\.sourceforge\.net
178		acl speedtest url_regex -i ^http.([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\|speedtest\|espeed\|api\.ookla).\/(speedtest\.swf\|speedtest-long\.swf\|latency\.txt\|upload\.php\|speedtest-config\.php\|ipaddress\.php\|random.*\.jpg)
179		acl blokir url_regex -i ^http.*kendedes\.uzone\.id
180		acl blokir url_regex -i ^http.*internetpositif\.uzone\.id
181
182		acl CONNECT method CONNECT
183		acl getmethod method GET
184
185		deny_info http://103.80.80.246 blokir
186		http_access deny blokir
187
188		http_access deny !Safe_ports
189		http_access deny CONNECT !SSL_ports
190		http_access allow localhost manager
191		http_access deny manager
192		http_access allow localhost purge
193		http_access deny purge
194		http_access allow localnet
195		http_access allow localhost
196		http_access deny all
197
198		access_log /var/log/squid/access.log !CONNECT
199		#access_log none
200
201		range_offset_limit none range206 patchpartial
202		range_offset_limit 128 KB range206 !patchpartial
203		quick_abort_min 1 KB
204		quick_abort_max 1 KB
205		quick_abort_pct 95
206
207		cache deny speedtest
208		cache deny urltomiss
209		cache deny localhost
210		ssl_bump splice localhost
211		ssl_bump peek step1 all
212		ssl_bump bump all
213
214		cache_peer 10.212.212.212 parent 8033 0 no-digest no-tproxy
215		dead_peer_timeout 5 seconds
216		cache_peer_access 10.212.212.212 allow speedtest
217		cache_peer_access 10.212.212.212 deny all
218		always_direct deny speedtest
219		never_direct allow speedtest
220
221		url_rewrite_access allow yt-rewrite !iphone !BB !Winphone !Android
222		url_rewrite_access deny all
223		url_rewrite_program /etc/squid/storerewrite.pl
224		url_rewrite_children 2000 startup=30 idle=1
225
226		request_header_access Accept-Encoding deny yt-rewrite !iphone !BB !Winphone !Android
227		#yt_quality: tiny = 144px small = 240px medium = 360px large = 480px HD720 = Hd720px
228		ecap_enable on
229		loadable_modules /usr/local/lib/ecap_adapter_modifying.so
230		ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying victim="enablejsapi" replacement="dash":"1","vq":"tiny","enablejsapi"
231		adaptation_access modif allow yt-rewrite !iphone !BB !Winphone !Android
232		adaptation_access modif deny all
233
234		store_id_bypass off
235		store_id_extras "%{Referer}>h"
236		store_id_program /etc/squid/storeid.pl
237		store_id_children 2000 startup=30 idle=1
238		store_id_access allow tostoreid
239		store_id_access deny all
240
241		store_miss deny youtube httptomiss
242		send_hit deny youtube httptomiss
243		store_miss deny youtube mimeplain
244		send_hit deny youtube mimeplain
245		store_miss deny mimehtml
246		send_hit deny mimehtml
247		store_miss deny urltomiss
248		send_hit deny urltomiss
249		store_miss deny speedtest
250		send_hit deny speedtest
251
252		refresh_pattern -i .* 0 90% 432000 override-expire override-lastmod reload-into-ims refresh-ims ignore-no-store ignore-must-revalidate ignore-private ignore-auth
253
254		max_stale 100 years ' > /etc/squid/squid.conf
255
256		echo '#!/usr/bin/perl
257		#!/usr/bin/perl
258		$\|=1;
259		while (<>) {
260		@X = split;
261		if ($X[0] =~ m/^http.*/) {
262		$url = $X[0];
263		$referer = $X[1];
264		$urlreferer = $X[0] ." ". $X[1];
265		} else {
266		$chanel = $X[0];
267		$url = $X[1];
268		$referer = $X[2];
269		$urlreferer = $X[1] ." ". $X[2];
270		}
271
272		#youtube googlevideo
273		if ($url =~ m/^https?\:\/\/.google.video(playback\|goodput).*/){
274		@cpn = m/[=%&?\/]cpn[=%&?\/]([^\&\s]*)/;
275		@id = m/[=%&?\/]id[=%&?\/]([^\&\s]*)/;
276		@itag = m/[=%&?\/]itag[=%&?\/]([\d]*)/;
277		@range = m/[=%&?\/]range[=%&?\/]([\d]-[\d])/;
278		@mime = m/[=%&?\/]mime[=%&?\/]([^\&\s]*)/;
279		if ($referer =~ m/^https?\:\/\/(www\|gaming)\.youtube\.com\/(watch\?v\|embed\|v)[=%&?\/]([^\&\s\?]*)/){
280		@id = $3;
281		} else {
282		if (defined(@cpn[0])){
283		if (-e "/var/log/squid/@cpn"){
284		open FILE, "/var/log/squid/@cpn";
285		@id = <FILE>;
286		close FILE;
287		}
288		}
289		}
290		$out="OK store-id=http://squid/google/video/id=@id/itag=@itag/mime=@mime/range=@range";
291
292		#youtube parameter
293		} elsif (
294		($url =~ m/^https?\:\/\/.youtube.(stream_204\|watchtime\|qoe\|atr\|csi_204\|playback).[=%&?\/]docid[=%&?\/]([^\&\s])/) \|\|
295		($url =~ m/^https?\:\/\/.youtube.(ptracking\|set_awesome).[=%&?\/]video_id[=%&?\/]([^\&\s])/) \|\|
296		($url =~ m/^https?\:\/\/.youtube.(player_204).[=%&?\/]v[=%&?\/]([^\&\s])/)
297		){
298		@id = $2;
299		@cpn = m/[=%&?\/]cpn[=%&?\/]([^\&\s]*)/;
300		if ($referer !~ m/^https?\:\/\/(www\|gaming)\.youtube\.com\/(watch\?v\|embed\|v)[=%&?\/]([^\&\s\?]*)/){
301		unless (-e "/var/log/squid/@cpn"){
302		open FILE, ">/var/log/squid/@cpn";
303		print FILE @id;
304		close FILE;
305		}
306		}
307		$out = "ERR";
308
309		#utmgif
310		} elsif ($url =~ m/^https?\:\/\/www\.google-analytics\.com\/__utm\.gif\?.*/) {
311		$out="OK store-id=http://squid/google-analytics/__utm.gif";
312
313		#fbcdn.net or akamaihd.net video range
314		} elsif ($url =~ m/^https?\:\/\/.(fbcdn\.net\|akamaihd\.net).\/([\w-]+\.[\w]{2,4}).*(bytestart[=%&?\/][\d]+[&\/]byteend[=%&?\/][\d]+)/) {
315		$out="OK store-id=http://squid/$1/$2/$3";
316
317		#fbcdn.net or akamaihd.net with size
318		} elsif ($url =~ m/^https?\:\/\/.(fbcdn\.net\|akamaihd\.net).\/([a-zA-Z][\d]+[x][\d]+\/[\w-]+\.[\w]{2,4})($\|\?)/) {
319		$out="OK store-id=http://squid/$1/$2";
320
321		#fbcdn.net or akamaihd.net safe_image.php
322		} elsif ($url =~ m/^https?\:\/\/.(fbcdn\.net\|akamaihd\.net).\/safe_image\.php\?(.*)/) {
323		$out="OK store-id=http://squid/$1/$2";
324
325		#reverbnation
326		} elsif ($url =~ m/^https?\:\/\/c2lo\.reverbnation\.com\/audio_player\/ec_stream_song\/(.)\?./) {
327		$out="OK store-id=http://squid/reverbnation/$1";
328
329		#playstore
330		} elsif ($url =~ m/^https?\:\/\/.\.c\.android\.clients\.google\.com\/market\/GetBinary\/GetBinary\/(.\/.)\?./) {
331		$out="OK store-id=http://squid/android/market/$1";
332
333
334		#filehost
335		} elsif ($url =~ m/^https?\:\/\/.datafilehost.\/get\.php.file\=(.)/) {
336		$out="OK store-id=http://squid/datafilehost/$1";
337
338
339		#speedtest
340		} elsif ($url =~ m/^https?\:\/\/.(speedtest\|espeed).\/(.\.(txt\|jpg))./) {
341		$out="OK store-id=http://squid/speedtest/$2";
342
343
344		#filehippo
345		} elsif ($url =~ m/^https?\:\/\/.\.filehippo\.com\/.\/([\w-]+\.[\w]{2,4})\?.*/) {
346		$out="OK store-id=http://squid/filehippo/$1";
347
348
349		#4shared preview.mp3
350		} elsif ($url =~ m/^https?\:\/\/.\.4shared\.com\/.\/(.\/.)\/dlink.*preview.mp3/) {
351		$out="OK store-id=http://squid/4shared/preview/$1";
352
353		#4shared
354		} elsif ($url =~ m/^https?\:\/\/.\.4shared\.com\/download\/(.\/.)\?tsid./) {
355		$out="OK store-id=http://squid/4shared/download/$1";
356
357		#savefile-animeindo.tv
358		} elsif ($url =~ m/^https?:\/\/www\.savefile\.co\:182\/.\/(.\.(mp4\|flv\|3gp)).*/) {
359		$out="OK store-id=http://squid/savefile:182/$1";
360
361		#imdb
362		} elsif ($url =~ m/^https?\:\/\/video\-http\.media\-imdb\.com\/(.\.mp4)\?./) {
363		$out="OK store-id=http://squid/imdb/$1";
364
365		#sourceforge
366		} elsif ($url =~ m/^https?\:\/\/.*\.dl\.sourceforge\.net\/([\w-]+\.[\w]{2,3})/) {
367		$out="OK store-id=http://squid/sourceforge/$1";
368
369		#steampowered dota 2
370		} elsif ($url =~ m/^https?\:\/\/(.steam(powered\|content).\/(client\|depot)\/[\d]+\/(chunk\|manifest)\/[^\?\s])./) {
371		$out="OK store-id=http://squid/$1";
372
373		} else {
374		$out="ERR";
375		}
376
377		if ($X[0] =~ m/^http.*/) {
378		print "$out\n";
379		} else {
380		print "$chanel $out\n";
381		}
382		} ' > /etc/squid/storeid.pl
383
384
385		echo '#!/usr/bin/perl
386
387		$\|=1;
388		while (<>) {
389		@X = split;
390		if ($X[0] =~ m/^http.*/) {
391		$url = $X[0];
392		$referer = $X[1];
393		$urlreferer = $X[0] ." ". $X[1];
394		} else {
395		$chanel = $X[0];
396		$url = $X[1];
397		$referer = $X[2];
398		$urlreferer = $X[1] ." ". $X[2];
399		}
400
401
402		#watch rewrite
403		if ($url=~ m/(^https?\:\/\/(www\|gaming)\.youtube\.com\/(watch\?v\|embed\|v)[\=\%\&\?\/].[\=\%\&\?\/])(nohtml5\=1\|html5\=1)(.)/) {
404		$out="OK rewrite-url=$1" . "nohtml5=1" . $5;
405
406		} elsif ($url=~ m/(^https?\:\/\/(www\|gaming)\.youtube\.com\/(watch\?v\|embed\|v)[\=\%\&\?\/].[\=\%\&\?\/].)/) {
407		$out="OK rewrite-url=$1" . "&nohtml5=1";
408
409		} elsif ($url=~ m/(^https?\:\/\/(www\|gaming)\.youtube\.com\/(watch\?v)[\=\%\&\?\/][^\?^\&]*$)/) {
410		$out="OK rewrite-url=$1" ."&nohtml5=1";
411
412		} elsif ($url=~ m/(^https?\:\/\/(www\|gaming)\.youtube\.com\/(embed\|v)[\=\%\&\?\/][^\?^\&]*$)/) {
413		$out="OK rewrite-url=$1" ."?nohtml5=1";
414
415		} else {
416		$out="ERR";
417		}
418
419		if ($X[0] =~ m/^http.*/) {
420		print "$out\n";
421		} else {
422		print "$chanel $out\n";
423		}
424		} ' > /etc/squid/storerewrite.pl
425
426
427		chmod +x /etc/squid/storeid.pl
428		chmod +x /etc/squid/storerewrite.pl
429		chmod +x /etc/squid/squid.conf
430		squid -zN
431		wget -O /etc/init.d/squid http://pastebin.com/raw/A77yKwbi
432		chmod +x /etc/init.d/squid
433		update-rc.d squid defaults
434		service squid start
435		echo '#tproxy
436		iptables -t mangle -N DIVERT
437		iptables -t mangle -A DIVERT -j MARK --set-mark 1
438		iptables -t mangle -A DIVERT -j ACCEPT
439		iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
440		iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
441		iptables -t mangle -A PREROUTING -p tcp --dport 8080 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
442		iptables -t mangle -A PREROUTING -p tcp --dport 8777 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
443		iptables -t mangle -A PREROUTING -p tcp --dport 182 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
444		iptables -t mangle -A PREROUTING -p tcp --dport 5050 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
445		iptables -t mangle -A PREROUTING -p tcp --dport 443 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3127
446		ip rule add fwmark 1 lookup 212
447		ip route add local 0.0.0.0/0 dev lo table 212
448
449		#intercept
450		#iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3129
451		#iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3127
452
453		exit 0' > /etc/rc.local
454		reboot