API tools faq
paste
Advertisement
punces

squid.conf+storeid.pl+speedtest.pl

punces
Sep 26th, 2016
1,434
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.44 KB | None | 0 0
raw download clone embed print report
  1. ########################################################## SQUID.CONF ##################################################################
  2. dns_v4_first on
  3. reply_header_access Alternate-Protocol deny all
  4. reply_header_access Alt-Svc deny all
  5.  
  6. #cache_dir aufs /cache 700000 16 256
  7. cache_dir aufs /cache 360000 1 1
  8. cache_mem 8 MB
  9. coredump_dir /var/log/squid
  10.  
  11. cache_swap_low 80
  12. cache_swap_high 85
  13. cache_replacement_policy heap LFUDA
  14. memory_replacement_policy heap GDSF
  15.  
  16. maximum_object_size 4096000 KB
  17. maximum_object_size_in_memory 0 KB
  18. request_body_max_size 0 KB
  19. refresh_all_ims on
  20. reload_into_ims on
  21.  
  22. cache_mgr [email protected]
  23. visible_hostname cespun-proxy
  24. strip_query_terms off
  25. httpd_suppress_version_string on
  26. log_mime_hdrs off
  27. forwarded_for off
  28. via off
  29.  
  30. request_header_access X-Forwarded-For deny all
  31. reply_header_access X-Forwarded-For deny all
  32. request_header_access Via deny all
  33. reply_header_access Via deny all
  34. max_filedescriptors 65536
  35.  
  36. cache_swap_high 98
  37. cache_swap_low 95
  38. fqdncache_size 4096
  39. ipcache_size 4096
  40. dns_nameservers 208.67.222.222 208.67.220.220
  41.  
  42. http_port 3128
  43. #http_port 3127 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/warnet.pem
  44. #http_port 3129 intercept
  45. #https_port 3127 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/warnet.pem
  46. http_port 3129 tproxy
  47. https_port 3127 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/warnet.pem
  48.  
  49. qos_flows local-hit=0x30
  50.  
  51. acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
  52. acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
  53. acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
  54. acl localnet src fc00::/7 # RFC 4193 local private network range
  55. acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
  56. acl SSL_ports port 443
  57. acl Safe_ports port 80 # http
  58. acl Safe_ports port 182 # http
  59. acl Safe_ports port 21 # ftp
  60. acl Safe_ports port 443 # https
  61. acl Safe_ports port 70 # gopher
  62. acl Safe_ports port 210 # wais
  63. acl Safe_ports port 1025-65535 # unregistered ports
  64. acl Safe_ports port 280 # http-mgmt
  65. acl Safe_ports port 488 # gss-http
  66. acl Safe_ports port 591 # filemaker
  67. acl Safe_ports port 777 # multiling http
  68.  
  69. acl step1 at_step SslBump1
  70. acl step2 at_step SslBump2
  71. acl step3 at_step SslBump3
  72. #acl sslserver ssl::server_name_regex -i "/etc/squid/bypass.txt"
  73. #acl iphone browser -i regexp (iPhone|iPad)
  74. #acl BB browser -i regexp (BlackBerry|PlayBook)
  75. #acl Winphone browser -i regexp (Windows.*Phone|Trident|IEMobile)
  76. #acl Android browser -i regexp Android
  77. acl yt-modif url_regex -i ^https?\:\/\/www\.youtube\.com\/(watch\?v|embed|v)
  78. acl youtube url_regex -i ^http.*(youtube|googlevideo|videoplayback|videogoodput)
  79. acl versipatch url_regex -i ^http.*(update|patch).*versi
  80. acl versipatch url_regex -i ^http.*versi.*(update|patch)
  81. acl versipatch url_regex -i ^http.*(antihack|xigncode|gameguard)
  82. #acl patchpartial url_regex -i ^http.*(garena|gemscool|netmarble|valve|dota|winnerinter|lytogame|megaxus).*patch
  83. #acl patchpartial url_regex -i ^http.*patch.*(garena|gemscool|netmarble|valve|dota|winnerinter|lytogame|megaxus)
  84. acl patchpartial url_regex -i ^http.*patch.*garena
  85. acl patchpartial url_regex -i ^http.*garena.*patch
  86. acl httptomiss http_status 302
  87. acl mimehtml rep_mime_type -i mime-type ^text/html
  88. acl mimeplain rep_mime_type -i mime-type ^text/plain
  89. acl tostoreid url_regex -i ^http.*(youtube|googlevideo|videoplayback|videogoodput)
  90. acl tostoreid url_regex -i ^http.*(fbcdn|akamaihd)
  91. acl tostoreid url_regex -i ^http.*c2lo\.reverbnation\.com\/audio_player\/ec_stream_song\/.*\?
  92. acl tostoreid url_regex -i ^http.*\.c\.android\.clients\.google\.com\/market\/GetBinary\/GetBinary\/.*\/.*\?
  93. acl tostoreid url_regex -i ^http.*datafilehost.*\/get\.php.*file\=.*
  94. acl tostoreid url_regex -i ^http.*\.filehippo\.com\/.*\?
  95. acl tostoreid url_regex -i ^http.*\.4shared\.com\/.*\/.*\/.*\/dlink.*preview.mp3
  96. acl tostoreid url_regex -i ^http.*\.4shared\.com\/download\/.*\/.*\?tsid
  97. acl tostoreid url_regex -i ^http.*steam(powered|content)
  98. acl tostoreid url_regex -i ^http.*savefile\.co\:182\/.*\/.*\.(mp4|flv|3gp)
  99. acl tostoreid url_regex -i ^http.*video\-http\.media\-imdb\.com\/.*\.mp4\?
  100. acl tostoreid url_regex -i ^http.*\.dl\.sourceforge\.net
  101. #acl tostoreid url_regex -i ^http.*(speedtest|espeed).*\/.*\.(jpg|txt)
  102. acl speedtest url_regex -i ^http.*(speedtest|espeed).*\/(latency|upload|random.*)\.(jpg|txt|php)
  103. acl CONNECT method CONNECT
  104. acl getmethod method GET
  105.  
  106. http_access deny !Safe_ports
  107. http_access deny CONNECT !SSL_ports
  108. http_access allow localhost manager
  109. http_access deny manager
  110. http_access allow localnet
  111. http_access allow localhost
  112. http_access deny all
  113.  
  114. request_header_access Range deny !patchpartial
  115. #range_offset_limit 128 KB !patchpartial
  116. range_offset_limit none patchpartial
  117. quick_abort_min 1 KB
  118. quick_abort_max 1 KB
  119. quick_abort_pct 95
  120.  
  121. #request_header_access User-Agent deny yt-modif !iphone !BB !Winphone !Android
  122. ### flash
  123. #request_header_replace User-Agent Opera/9.80 (Windows NT 6.0) Presto/2.12.388 Version/12.14
  124. ### flash
  125. #request_header_replace User-Agent Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0) Opera 12.14
  126. ###html5
  127. #request_header_replace User-Agent Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0
  128. ###html5
  129. #request_header_replace user_Agent Mozilla/5.0 (Windows NT 5.1; rv:35.0) Gecko/20100101 Firefox/35.0
  130. #request_header_replace Mozilla/6.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:2.0.0.0) Gecko/20061028 Firefox/3.0
  131.  
  132. cache deny versipatch
  133. cache deny localhost
  134. ssl_bump splice localhost
  135. #ssl_bump splice sslserver
  136. ssl_bump peek step1 all
  137. ssl_bump bump step2 all
  138. ssl_bump splice step3 all
  139.  
  140.  
  141.  
  142. sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
  143. sslcrtd_children 2000 startup=30 idle=1
  144. sslproxy_capath /etc/squid/ssl_cert
  145. sslproxy_cert_error allow all
  146. sslproxy_flags DONT_VERIFY_PEER
  147. sslproxy_flags NO_SESSION_REUSE
  148. ssl_unclean_shutdown on
  149. #sslproxy_options NO_SSLv2,NO_SSLv3,SINGLE_ECDH_USE #Jika menggunakan versi setelah squid-3.5.12-20151222-r13967
  150. sslproxy_options NO_SSLv2,NO_SSLv3
  151. sslproxy_cipher EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
  152.  
  153. #debug_options 11,2 22,3
  154. logfile_rotate 1
  155. #logformat referer %ts.%03tu %>a %{Referer}>h %ru
  156. #logformat referer %ts.%03tu %>a %ru %{Referer}>h
  157. #logformat referer %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mt %{Referer}>h %{User-Agent}>h
  158. #access_log /var/log/squid/access.log !CONNECT
  159. #access_log /var/log/squid/connect.log CONNECT
  160. #cache_store_log /var/log/squid/store.log
  161. access_log stdio:/var/log/squid/access.log
  162. netdb_filename none
  163.  
  164.  
  165. #ecap
  166. #yt_quality: tiny = 144px small = 240px medium = 360px large = 480px HD720 = Hd720px
  167. loadable_modules /usr/local/lib/ecap_adapter_modifying.so
  168. ecap_enable on
  169. request_header_access Accept-Encoding deny yt-modif
  170. ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying victim="enablejsapi" replacement="dash":"0","vq":"medium","enablejsapi"
  171. #ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying victim="enablejsapi" replacement="dash":"1","vq":"tiny","enablejsapi"
  172. #ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying victim="enablejsapi" replacement="vq":"small","enablejsapi"
  173. adaptation_access modif allow yt-modif
  174. adaptation_access modif deny all
  175.  
  176. cache deny speedtest
  177. url_rewrite_access allow speedtest
  178. url_rewrite_access deny all
  179. url_rewrite_program /etc/squid/speedtest.pl
  180. redirector_bypass on
  181. cache_peer 10.212.212.212 parent 8033 0 no-digest no-tproxy
  182. dead_peer_timeout 5 seconds
  183. cache_peer_access 10.212.212.212 allow speedtest
  184. cache_peer_access 10.212.212.212 deny all
  185. always_direct deny speedtest
  186. never_direct allow speedtest
  187. url_rewrite_children 2000 startup=30 idle=1
  188.  
  189. store_id_bypass off
  190. store_id_extras "%{Referer}>h"
  191. store_id_program /etc/squid/storeid.pl
  192. store_id_children 2000 startup=30 idle=1
  193. store_id_access deny !getmethod
  194. store_id_access allow tostoreid
  195. store_id_access deny all
  196.  
  197. store_miss deny youtube httptomiss
  198. send_hit deny youtube httptomiss
  199. store_miss deny youtube mimeplain
  200. send_hit deny youtube mimeplain
  201. store_miss deny mimehtml
  202. send_hit deny mimehtml
  203. store_miss deny versipatch
  204. send_hit deny versipatch
  205.  
  206. refresh_pattern -i . 0 90% 432000 override-expire override-lastmod reload-into-ims refresh-ims ignore-no-store ignore-must-revalidate ignore-private ignore-auth store-stale
  207. max_stale 1 day
  208.  
  209.  
  210. ############################################################ STOREID.PL #########################################################
  211. #!/usr/bin/perl
  212. $| = 1;
  213.  
  214. while (<>) {
  215.  
  216. @X = split;
  217. if ($X[0] =~ m/^http.*/) {
  218. $url = $X[0];
  219. $referer = $X[1];
  220. $urlreferer = $X[0] ." ". $X[1];
  221. } else {
  222. $chanel = $X[0];
  223. $url = $X[1];
  224. $referer = $X[2];
  225. $urlreferer = $X[1] ." ". $X[2];
  226. }
  227.  
  228.  
  229.  
  230.  
  231. #youtube googlevideo
  232. if ($url =~ m/^https?\:\/\/.*google.*video(playback|goodput).*/){
  233. @cpn = m/[=%&?\/]cpn[=%&?\/]([^\&\s]*)/;
  234. @id = m/[=%&?\/]id[=%&?\/]([^\&\s]*)/;
  235. @itag = m/[=%&?\/]itag[=%&?\/]([\d]*)/;
  236. @range = m/[=%&?\/]range[=%&?\/]([\d]*-[\d]*)/;
  237. @mime = m/[=%&?\/]mime[=%&?\/]([^\&\s]*)/;
  238. if ($referer =~ m/^https?\:\/\/www\.youtube\.com\/(watch\?v|embed|v)[=%&?\/]([^\&\s\?]*)/){
  239. @id = $2;
  240. } else {
  241. if (defined(@cpn[0])){
  242. if (-e "/tmp/@cpn"){
  243. open FILE, "/tmp/@cpn";
  244. @id = <FILE>;
  245. close FILE;
  246. }
  247. }
  248. }
  249. $out="OK store-id=http://squid/google/video/id=@id/itag=@itag/mime=@mime/range=@range";
  250.  
  251. #youtube parameter
  252. } elsif (
  253. ($url =~ m/^https?\:\/\/.*youtube.*(stream_204|watchtime|qoe|atr|csi_204|playback).*[=%&?\/]docid[=%&?\/]([^\&\s]*)/) ||
  254. ($url =~ m/^https?\:\/\/.*youtube.*(ptracking|set_awesome).*[=%&?\/]video_id[=%&?\/]([^\&\s]*)/) ||
  255. ($url =~ m/^https?\:\/\/.*youtube.*(player_204).*[=%&?\/]v[=%&?\/]([^\&\s]*)/)
  256. ){
  257. @id = $2;
  258. @cpn = m/[=%&?\/]cpn[=%&?\/]([^\&\s]*)/;
  259. if ($referer !~ m/^https?\:\/\/www\.youtube\.com\/(watch\?v|embed|v)[=%&?\/]([^\&\s\?]*)/){
  260. unless (-e "/tmp/@cpn"){
  261. open FILE, ">/tmp/@cpn";
  262. print FILE @id;
  263. close FILE;
  264. }
  265. }
  266. $out = "ERR";
  267.  
  268. #utmgif
  269. } elsif ($url =~ m/^https?\:\/\/www\.google-analytics\.com\/__utm\.gif\?.*/) {
  270. $out="OK store-id=http://squid/google-analytics/__utm.gif";
  271.  
  272. #fbcdn.net or akamaihd.net video range
  273. } elsif ($url =~ m/^https?\:\/\/.*(fbcdn\.net|akamaihd\.net).*\/([\w-]+\.[\w]{2,4}).*(bytestart[=%&?\/][\d]+[&\/]byteend[=%&?\/][\d]+)/) {
  274. $out="OK store-id=http://squid/$1/$2/$3";
  275.  
  276. #fbcdn.net or akamaihd.net with size
  277. } elsif ($url =~ m/^https?\:\/\/.*(fbcdn\.net|akamaihd\.net).*\/([a-zA-Z][\d]+[x][\d]+\/[\w-]+\.[\w]{2,4})($|\?)/) {
  278. $out="OK store-id=http://squid/$1/$2";
  279.  
  280. #fbcdn.net or akamaihd.net safe_image.php
  281. } elsif ($url =~ m/^https?\:\/\/.*(fbcdn\.net|akamaihd\.net).*\/safe_image\.php\?(.*)/) {
  282. $out="OK store-id=http://squid/$1/$2";
  283.  
  284. #reverbnation
  285. } elsif ($url =~ m/^https?\:\/\/c2lo\.reverbnation\.com\/audio_player\/ec_stream_song\/(.*)\?.*/) {
  286. $out="OK store-id=http://squid/reverbnation/$1";
  287.  
  288. #playstore
  289. } elsif ($url =~ m/^https?\:\/\/.*\.c\.android\.clients\.google\.com\/market\/GetBinary\/GetBinary\/(.*\/.*)\?.*/) {
  290. $out="OK store-id=http://squid/android/market/$1";
  291.  
  292.  
  293. #filehost
  294. } elsif ($url =~ m/^https?\:\/\/.*datafilehost.*\/get\.php.*file\=(.*)/) {
  295. $out="OK store-id=http://squid/datafilehost/$1";
  296.  
  297.  
  298. #speedtest
  299. } elsif ($url =~ m/^https?\:\/\/.*(speedtest|espeed).*\/(.*\.(txt|jpg)).*/) {
  300. $out="OK store-id=http://squid/speedtest/$2";
  301.  
  302.  
  303. #filehippo
  304. } elsif ($url =~ m/^https?\:\/\/.*\.filehippo\.com\/.*\/([\w-]+\.[\w]{2,4})\?.*/) {
  305. $out="OK store-id=http://squid/filehippo/$1";
  306.  
  307.  
  308. #4shared preview.mp3
  309. } elsif ($url =~ m/^https?\:\/\/.*\.4shared\.com\/.*\/(.*\/.*)\/dlink.*preview.mp3/) {
  310. $out="OK store-id=http://squid/4shared/preview/$1";
  311.  
  312. #4shared
  313. } elsif ($url =~ m/^https?\:\/\/.*\.4shared\.com\/download\/(.*\/.*)\?tsid.*/) {
  314. $out="OK store-id=http://squid/4shared/download/$1";
  315.  
  316. #savefile-animeindo.tv
  317. } elsif ($url =~ m/^https?:\/\/www\.savefile\.co\:182\/.*\/(.*\.(mp4|flv|3gp)).*/) {
  318. $out="OK store-id=http://squid/savefile:182/$1";
  319.  
  320. #imdb
  321. } elsif ($url =~ m/^https?\:\/\/video\-http\.media\-imdb\.com\/(.*\.mp4)\?.*/) {
  322. $out="OK store-id=http://squid/imdb/$1";
  323.  
  324. #sourceforge
  325. } elsif ($url =~ m/^https?\:\/\/.*\.dl\.sourceforge\.net\/([\w-]+\.[\w]{2,3})/) {
  326. $out="OK store-id=http://squid/sourceforge/$1";
  327.  
  328. #steampowered dota 2
  329. } elsif ($url =~ m/^https?\:\/\/.*steam(powered|content).*\/((client|depot)\/[\d]+\/(chunk|manifest)\/[^\?\s]*).*/) {
  330. $out="OK store-id=http://squid/steam/content-powered/$2";
  331.  
  332. } else {
  333. $out="ERR";
  334. }
  335.  
  336. if ($X[0] =~ m/^http.*/) {
  337. print "$out\n";
  338. } else {
  339. print "$chanel $out\n";
  340. }
  341. }
  342.  
  343.  
  344.  
  345. #################### SPEEDTEST.PL ##########
  346. #!/usr/bin/perl
  347.  
  348. $|=1;
  349. while (<>) {
  350. @X = split;
  351. if ($X[0] =~ m/^http.*/) {
  352. $url = $X[0];
  353. $referer = $X[1];
  354. $urlreferer = $X[0] ." ". $X[1];
  355. } else {
  356. $chanel = $X[0];
  357. $url = $X[1];
  358. $referer = $X[2];
  359. $urlreferer = $X[1] ." ". $X[2];
  360. }
  361.  
  362. if ($url=~ m/^https?\:\/\/.*(speedtest|espeed).*\/((latency|upload|random.*)\.(jpg|txt|php))/) {
  363. $out="OK rewrite-url=http://10.212.212.212:8033/speedtest/$2";
  364. } else {
  365. $out="ERR";
  366. }
  367.  
  368. if ($X[0] =~ m/^http.*/) {
  369. print "$out\n";
  370. } else {
  371. print "$chanel $out\n";
  372. }
  373. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!