Advertisement
punces

squid.conf+storeid.pl+speedtest.pl

Sep 26th, 2016
1,423
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.44 KB | None | 0 0
  1. ########################################################## SQUID.CONF ##################################################################
  2. dns_v4_first on
  3. reply_header_access Alternate-Protocol deny all
  4. reply_header_access Alt-Svc deny all
  5.  
  6. #cache_dir aufs /cache 700000 16 256
  7. cache_dir aufs /cache 360000 1 1
  8. cache_mem 8 MB
  9. coredump_dir /var/log/squid
  10.  
  11. cache_swap_low 80
  12. cache_swap_high 85
  13. cache_replacement_policy heap LFUDA
  14. memory_replacement_policy heap GDSF
  15.  
  16. maximum_object_size 4096000 KB
  17. maximum_object_size_in_memory 0 KB
  18. request_body_max_size 0 KB
  19. refresh_all_ims on
  20. reload_into_ims on
  21.  
  22. cache_mgr cespun@gmail.com
  23. visible_hostname cespun-proxy
  24. strip_query_terms off
  25. httpd_suppress_version_string on
  26. log_mime_hdrs off
  27. forwarded_for off
  28. via off
  29.  
  30. request_header_access X-Forwarded-For deny all
  31. reply_header_access X-Forwarded-For deny all
  32. request_header_access Via deny all
  33. reply_header_access Via deny all
  34. max_filedescriptors 65536
  35.  
  36. cache_swap_high 98
  37. cache_swap_low 95
  38. fqdncache_size 4096
  39. ipcache_size 4096
  40. dns_nameservers 208.67.222.222 208.67.220.220
  41.  
  42. http_port 3128
  43. #http_port 3127 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/warnet.pem
  44. #http_port 3129 intercept
  45. #https_port 3127 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/warnet.pem
  46. http_port 3129 tproxy
  47. https_port 3127 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/warnet.pem
  48.  
  49. qos_flows local-hit=0x30
  50.  
  51. acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
  52. acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
  53. acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
  54. acl localnet src fc00::/7 # RFC 4193 local private network range
  55. acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
  56. acl SSL_ports port 443
  57. acl Safe_ports port 80 # http
  58. acl Safe_ports port 182 # http
  59. acl Safe_ports port 21 # ftp
  60. acl Safe_ports port 443 # https
  61. acl Safe_ports port 70 # gopher
  62. acl Safe_ports port 210 # wais
  63. acl Safe_ports port 1025-65535 # unregistered ports
  64. acl Safe_ports port 280 # http-mgmt
  65. acl Safe_ports port 488 # gss-http
  66. acl Safe_ports port 591 # filemaker
  67. acl Safe_ports port 777 # multiling http
  68.  
  69. acl step1 at_step SslBump1
  70. acl step2 at_step SslBump2
  71. acl step3 at_step SslBump3
  72. #acl sslserver ssl::server_name_regex -i "/etc/squid/bypass.txt"
  73. #acl iphone browser -i regexp (iPhone|iPad)
  74. #acl BB browser -i regexp (BlackBerry|PlayBook)
  75. #acl Winphone browser -i regexp (Windows.*Phone|Trident|IEMobile)
  76. #acl Android browser -i regexp Android
  77. acl yt-modif url_regex -i ^https?\:\/\/www\.youtube\.com\/(watch\?v|embed|v)
  78. acl youtube url_regex -i ^http.*(youtube|googlevideo|videoplayback|videogoodput)
  79. acl versipatch url_regex -i ^http.*(update|patch).*versi
  80. acl versipatch url_regex -i ^http.*versi.*(update|patch)
  81. acl versipatch url_regex -i ^http.*(antihack|xigncode|gameguard)
  82. #acl patchpartial url_regex -i ^http.*(garena|gemscool|netmarble|valve|dota|winnerinter|lytogame|megaxus).*patch
  83. #acl patchpartial url_regex -i ^http.*patch.*(garena|gemscool|netmarble|valve|dota|winnerinter|lytogame|megaxus)
  84. acl patchpartial url_regex -i ^http.*patch.*garena
  85. acl patchpartial url_regex -i ^http.*garena.*patch
  86. acl httptomiss http_status 302
  87. acl mimehtml rep_mime_type -i mime-type ^text/html
  88. acl mimeplain rep_mime_type -i mime-type ^text/plain
  89. acl tostoreid url_regex -i ^http.*(youtube|googlevideo|videoplayback|videogoodput)
  90. acl tostoreid url_regex -i ^http.*(fbcdn|akamaihd)
  91. acl tostoreid url_regex -i ^http.*c2lo\.reverbnation\.com\/audio_player\/ec_stream_song\/.*\?
  92. acl tostoreid url_regex -i ^http.*\.c\.android\.clients\.google\.com\/market\/GetBinary\/GetBinary\/.*\/.*\?
  93. acl tostoreid url_regex -i ^http.*datafilehost.*\/get\.php.*file\=.*
  94. acl tostoreid url_regex -i ^http.*\.filehippo\.com\/.*\?
  95. acl tostoreid url_regex -i ^http.*\.4shared\.com\/.*\/.*\/.*\/dlink.*preview.mp3
  96. acl tostoreid url_regex -i ^http.*\.4shared\.com\/download\/.*\/.*\?tsid
  97. acl tostoreid url_regex -i ^http.*steam(powered|content)
  98. acl tostoreid url_regex -i ^http.*savefile\.co\:182\/.*\/.*\.(mp4|flv|3gp)
  99. acl tostoreid url_regex -i ^http.*video\-http\.media\-imdb\.com\/.*\.mp4\?
  100. acl tostoreid url_regex -i ^http.*\.dl\.sourceforge\.net
  101. #acl tostoreid url_regex -i ^http.*(speedtest|espeed).*\/.*\.(jpg|txt)
  102. acl speedtest url_regex -i ^http.*(speedtest|espeed).*\/(latency|upload|random.*)\.(jpg|txt|php)
  103. acl CONNECT method CONNECT
  104. acl getmethod method GET
  105.  
  106. http_access deny !Safe_ports
  107. http_access deny CONNECT !SSL_ports
  108. http_access allow localhost manager
  109. http_access deny manager
  110. http_access allow localnet
  111. http_access allow localhost
  112. http_access deny all
  113.  
  114. request_header_access Range deny !patchpartial
  115. #range_offset_limit 128 KB !patchpartial
  116. range_offset_limit none patchpartial
  117. quick_abort_min 1 KB
  118. quick_abort_max 1 KB
  119. quick_abort_pct 95
  120.  
  121. #request_header_access User-Agent deny yt-modif !iphone !BB !Winphone !Android
  122. ### flash
  123. #request_header_replace User-Agent Opera/9.80 (Windows NT 6.0) Presto/2.12.388 Version/12.14
  124. ### flash
  125. #request_header_replace User-Agent Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0) Opera 12.14
  126. ###html5
  127. #request_header_replace User-Agent Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0
  128. ###html5
  129. #request_header_replace user_Agent Mozilla/5.0 (Windows NT 5.1; rv:35.0) Gecko/20100101 Firefox/35.0
  130. #request_header_replace Mozilla/6.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:2.0.0.0) Gecko/20061028 Firefox/3.0
  131.  
  132. cache deny versipatch
  133. cache deny localhost
  134. ssl_bump splice localhost
  135. #ssl_bump splice sslserver
  136. ssl_bump peek step1 all
  137. ssl_bump bump step2 all
  138. ssl_bump splice step3 all
  139.  
  140.  
  141.  
  142. sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
  143. sslcrtd_children 2000 startup=30 idle=1
  144. sslproxy_capath /etc/squid/ssl_cert
  145. sslproxy_cert_error allow all
  146. sslproxy_flags DONT_VERIFY_PEER
  147. sslproxy_flags NO_SESSION_REUSE
  148. ssl_unclean_shutdown on
  149. #sslproxy_options NO_SSLv2,NO_SSLv3,SINGLE_ECDH_USE #Jika menggunakan versi setelah squid-3.5.12-20151222-r13967
  150. sslproxy_options NO_SSLv2,NO_SSLv3
  151. sslproxy_cipher EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
  152.  
  153. #debug_options 11,2 22,3
  154. logfile_rotate 1
  155. #logformat referer %ts.%03tu %>a %{Referer}>h %ru
  156. #logformat referer %ts.%03tu %>a %ru %{Referer}>h
  157. #logformat referer %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mt %{Referer}>h %{User-Agent}>h
  158. #access_log /var/log/squid/access.log !CONNECT
  159. #access_log /var/log/squid/connect.log CONNECT
  160. #cache_store_log /var/log/squid/store.log
  161. access_log stdio:/var/log/squid/access.log
  162. netdb_filename none
  163.  
  164.  
  165. #ecap
  166. #yt_quality: tiny = 144px small = 240px medium = 360px large = 480px HD720 = Hd720px
  167. loadable_modules /usr/local/lib/ecap_adapter_modifying.so
  168. ecap_enable on
  169. request_header_access Accept-Encoding deny yt-modif
  170. ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying victim="enablejsapi" replacement="dash":"0","vq":"medium","enablejsapi"
  171. #ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying victim="enablejsapi" replacement="dash":"1","vq":"tiny","enablejsapi"
  172. #ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying victim="enablejsapi" replacement="vq":"small","enablejsapi"
  173. adaptation_access modif allow yt-modif
  174. adaptation_access modif deny all
  175.  
  176. cache deny speedtest
  177. url_rewrite_access allow speedtest
  178. url_rewrite_access deny all
  179. url_rewrite_program /etc/squid/speedtest.pl
  180. redirector_bypass on
  181. cache_peer 10.212.212.212 parent 8033 0 no-digest no-tproxy
  182. dead_peer_timeout 5 seconds
  183. cache_peer_access 10.212.212.212 allow speedtest
  184. cache_peer_access 10.212.212.212 deny all
  185. always_direct deny speedtest
  186. never_direct allow speedtest
  187. url_rewrite_children 2000 startup=30 idle=1
  188.  
  189. store_id_bypass off
  190. store_id_extras "%{Referer}>h"
  191. store_id_program /etc/squid/storeid.pl
  192. store_id_children 2000 startup=30 idle=1
  193. store_id_access deny !getmethod
  194. store_id_access allow tostoreid
  195. store_id_access deny all
  196.  
  197. store_miss deny youtube httptomiss
  198. send_hit deny youtube httptomiss
  199. store_miss deny youtube mimeplain
  200. send_hit deny youtube mimeplain
  201. store_miss deny mimehtml
  202. send_hit deny mimehtml
  203. store_miss deny versipatch
  204. send_hit deny versipatch
  205.  
  206. refresh_pattern -i . 0 90% 432000 override-expire override-lastmod reload-into-ims refresh-ims ignore-no-store ignore-must-revalidate ignore-private ignore-auth store-stale
  207. max_stale 1 day
  208.  
  209.  
  210. ############################################################ STOREID.PL #########################################################
  211. #!/usr/bin/perl
  212. $| = 1;
  213.  
  214. while (<>) {
  215.  
  216. @X = split;
  217. if ($X[0] =~ m/^http.*/) {
  218. $url = $X[0];
  219. $referer = $X[1];
  220. $urlreferer = $X[0] ." ". $X[1];
  221. } else {
  222. $chanel = $X[0];
  223. $url = $X[1];
  224. $referer = $X[2];
  225. $urlreferer = $X[1] ." ". $X[2];
  226. }
  227.  
  228.  
  229.  
  230.  
  231. #youtube googlevideo
  232. if ($url =~ m/^https?\:\/\/.*google.*video(playback|goodput).*/){
  233. @cpn = m/[=%&?\/]cpn[=%&?\/]([^\&\s]*)/;
  234. @id = m/[=%&?\/]id[=%&?\/]([^\&\s]*)/;
  235. @itag = m/[=%&?\/]itag[=%&?\/]([\d]*)/;
  236. @range = m/[=%&?\/]range[=%&?\/]([\d]*-[\d]*)/;
  237. @mime = m/[=%&?\/]mime[=%&?\/]([^\&\s]*)/;
  238. if ($referer =~ m/^https?\:\/\/www\.youtube\.com\/(watch\?v|embed|v)[=%&?\/]([^\&\s\?]*)/){
  239. @id = $2;
  240. } else {
  241. if (defined(@cpn[0])){
  242. if (-e "/tmp/@cpn"){
  243. open FILE, "/tmp/@cpn";
  244. @id = <FILE>;
  245. close FILE;
  246. }
  247. }
  248. }
  249. $out="OK store-id=http://squid/google/video/id=@id/itag=@itag/mime=@mime/range=@range";
  250.  
  251. #youtube parameter
  252. } elsif (
  253. ($url =~ m/^https?\:\/\/.*youtube.*(stream_204|watchtime|qoe|atr|csi_204|playback).*[=%&?\/]docid[=%&?\/]([^\&\s]*)/) ||
  254. ($url =~ m/^https?\:\/\/.*youtube.*(ptracking|set_awesome).*[=%&?\/]video_id[=%&?\/]([^\&\s]*)/) ||
  255. ($url =~ m/^https?\:\/\/.*youtube.*(player_204).*[=%&?\/]v[=%&?\/]([^\&\s]*)/)
  256. ){
  257. @id = $2;
  258. @cpn = m/[=%&?\/]cpn[=%&?\/]([^\&\s]*)/;
  259. if ($referer !~ m/^https?\:\/\/www\.youtube\.com\/(watch\?v|embed|v)[=%&?\/]([^\&\s\?]*)/){
  260. unless (-e "/tmp/@cpn"){
  261. open FILE, ">/tmp/@cpn";
  262. print FILE @id;
  263. close FILE;
  264. }
  265. }
  266. $out = "ERR";
  267.  
  268. #utmgif
  269. } elsif ($url =~ m/^https?\:\/\/www\.google-analytics\.com\/__utm\.gif\?.*/) {
  270. $out="OK store-id=http://squid/google-analytics/__utm.gif";
  271.  
  272. #fbcdn.net or akamaihd.net video range
  273. } elsif ($url =~ m/^https?\:\/\/.*(fbcdn\.net|akamaihd\.net).*\/([\w-]+\.[\w]{2,4}).*(bytestart[=%&?\/][\d]+[&\/]byteend[=%&?\/][\d]+)/) {
  274. $out="OK store-id=http://squid/$1/$2/$3";
  275.  
  276. #fbcdn.net or akamaihd.net with size
  277. } elsif ($url =~ m/^https?\:\/\/.*(fbcdn\.net|akamaihd\.net).*\/([a-zA-Z][\d]+[x][\d]+\/[\w-]+\.[\w]{2,4})($|\?)/) {
  278. $out="OK store-id=http://squid/$1/$2";
  279.  
  280. #fbcdn.net or akamaihd.net safe_image.php
  281. } elsif ($url =~ m/^https?\:\/\/.*(fbcdn\.net|akamaihd\.net).*\/safe_image\.php\?(.*)/) {
  282. $out="OK store-id=http://squid/$1/$2";
  283.  
  284. #reverbnation
  285. } elsif ($url =~ m/^https?\:\/\/c2lo\.reverbnation\.com\/audio_player\/ec_stream_song\/(.*)\?.*/) {
  286. $out="OK store-id=http://squid/reverbnation/$1";
  287.  
  288. #playstore
  289. } elsif ($url =~ m/^https?\:\/\/.*\.c\.android\.clients\.google\.com\/market\/GetBinary\/GetBinary\/(.*\/.*)\?.*/) {
  290. $out="OK store-id=http://squid/android/market/$1";
  291.  
  292.  
  293. #filehost
  294. } elsif ($url =~ m/^https?\:\/\/.*datafilehost.*\/get\.php.*file\=(.*)/) {
  295. $out="OK store-id=http://squid/datafilehost/$1";
  296.  
  297.  
  298. #speedtest
  299. } elsif ($url =~ m/^https?\:\/\/.*(speedtest|espeed).*\/(.*\.(txt|jpg)).*/) {
  300. $out="OK store-id=http://squid/speedtest/$2";
  301.  
  302.  
  303. #filehippo
  304. } elsif ($url =~ m/^https?\:\/\/.*\.filehippo\.com\/.*\/([\w-]+\.[\w]{2,4})\?.*/) {
  305. $out="OK store-id=http://squid/filehippo/$1";
  306.  
  307.  
  308. #4shared preview.mp3
  309. } elsif ($url =~ m/^https?\:\/\/.*\.4shared\.com\/.*\/(.*\/.*)\/dlink.*preview.mp3/) {
  310. $out="OK store-id=http://squid/4shared/preview/$1";
  311.  
  312. #4shared
  313. } elsif ($url =~ m/^https?\:\/\/.*\.4shared\.com\/download\/(.*\/.*)\?tsid.*/) {
  314. $out="OK store-id=http://squid/4shared/download/$1";
  315.  
  316. #savefile-animeindo.tv
  317. } elsif ($url =~ m/^https?:\/\/www\.savefile\.co\:182\/.*\/(.*\.(mp4|flv|3gp)).*/) {
  318. $out="OK store-id=http://squid/savefile:182/$1";
  319.  
  320. #imdb
  321. } elsif ($url =~ m/^https?\:\/\/video\-http\.media\-imdb\.com\/(.*\.mp4)\?.*/) {
  322. $out="OK store-id=http://squid/imdb/$1";
  323.  
  324. #sourceforge
  325. } elsif ($url =~ m/^https?\:\/\/.*\.dl\.sourceforge\.net\/([\w-]+\.[\w]{2,3})/) {
  326. $out="OK store-id=http://squid/sourceforge/$1";
  327.  
  328. #steampowered dota 2
  329. } elsif ($url =~ m/^https?\:\/\/.*steam(powered|content).*\/((client|depot)\/[\d]+\/(chunk|manifest)\/[^\?\s]*).*/) {
  330. $out="OK store-id=http://squid/steam/content-powered/$2";
  331.  
  332. } else {
  333. $out="ERR";
  334. }
  335.  
  336. if ($X[0] =~ m/^http.*/) {
  337. print "$out\n";
  338. } else {
  339. print "$chanel $out\n";
  340. }
  341. }
  342.  
  343.  
  344.  
  345. #################### SPEEDTEST.PL ##########
  346. #!/usr/bin/perl
  347.  
  348. $|=1;
  349. while (<>) {
  350. @X = split;
  351. if ($X[0] =~ m/^http.*/) {
  352. $url = $X[0];
  353. $referer = $X[1];
  354. $urlreferer = $X[0] ." ". $X[1];
  355. } else {
  356. $chanel = $X[0];
  357. $url = $X[1];
  358. $referer = $X[2];
  359. $urlreferer = $X[1] ." ". $X[2];
  360. }
  361.  
  362. if ($url=~ m/^https?\:\/\/.*(speedtest|espeed).*\/((latency|upload|random.*)\.(jpg|txt|php))/) {
  363. $out="OK rewrite-url=http://10.212.212.212:8033/speedtest/$2";
  364. } else {
  365. $out="ERR";
  366. }
  367.  
  368. if ($X[0] =~ m/^http.*/) {
  369. print "$out\n";
  370. } else {
  371. print "$chanel $out\n";
  372. }
  373. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement