Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ########################################################## SQUID.CONF ##################################################################
- dns_v4_first on
- reply_header_access Alternate-Protocol deny all
- reply_header_access Alt-Svc deny all
- #cache_dir aufs /cache 700000 16 256
- cache_dir aufs /cache 360000 1 1
- cache_mem 8 MB
- coredump_dir /var/log/squid
- cache_swap_low 80
- cache_swap_high 85
- cache_replacement_policy heap LFUDA
- memory_replacement_policy heap GDSF
- maximum_object_size 4096000 KB
- maximum_object_size_in_memory 0 KB
- request_body_max_size 0 KB
- refresh_all_ims on
- reload_into_ims on
- cache_mgr cespun@gmail.com
- visible_hostname cespun-proxy
- strip_query_terms off
- httpd_suppress_version_string on
- log_mime_hdrs off
- forwarded_for off
- via off
- request_header_access X-Forwarded-For deny all
- reply_header_access X-Forwarded-For deny all
- request_header_access Via deny all
- reply_header_access Via deny all
- max_filedescriptors 65536
- cache_swap_high 98
- cache_swap_low 95
- fqdncache_size 4096
- ipcache_size 4096
- dns_nameservers 208.67.222.222 208.67.220.220
- http_port 3128
- #http_port 3127 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/warnet.pem
- #http_port 3129 intercept
- #https_port 3127 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/warnet.pem
- http_port 3129 tproxy
- https_port 3127 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/warnet.pem
- qos_flows local-hit=0x30
- acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
- acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
- acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
- acl localnet src fc00::/7 # RFC 4193 local private network range
- acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
- acl SSL_ports port 443
- acl Safe_ports port 80 # http
- acl Safe_ports port 182 # http
- acl Safe_ports port 21 # ftp
- acl Safe_ports port 443 # https
- acl Safe_ports port 70 # gopher
- acl Safe_ports port 210 # wais
- acl Safe_ports port 1025-65535 # unregistered ports
- acl Safe_ports port 280 # http-mgmt
- acl Safe_ports port 488 # gss-http
- acl Safe_ports port 591 # filemaker
- acl Safe_ports port 777 # multiling http
- acl step1 at_step SslBump1
- acl step2 at_step SslBump2
- acl step3 at_step SslBump3
- #acl sslserver ssl::server_name_regex -i "/etc/squid/bypass.txt"
- #acl iphone browser -i regexp (iPhone|iPad)
- #acl BB browser -i regexp (BlackBerry|PlayBook)
- #acl Winphone browser -i regexp (Windows.*Phone|Trident|IEMobile)
- #acl Android browser -i regexp Android
- acl yt-modif url_regex -i ^https?\:\/\/www\.youtube\.com\/(watch\?v|embed|v)
- acl youtube url_regex -i ^http.*(youtube|googlevideo|videoplayback|videogoodput)
- acl versipatch url_regex -i ^http.*(update|patch).*versi
- acl versipatch url_regex -i ^http.*versi.*(update|patch)
- acl versipatch url_regex -i ^http.*(antihack|xigncode|gameguard)
- #acl patchpartial url_regex -i ^http.*(garena|gemscool|netmarble|valve|dota|winnerinter|lytogame|megaxus).*patch
- #acl patchpartial url_regex -i ^http.*patch.*(garena|gemscool|netmarble|valve|dota|winnerinter|lytogame|megaxus)
- acl patchpartial url_regex -i ^http.*patch.*garena
- acl patchpartial url_regex -i ^http.*garena.*patch
- acl httptomiss http_status 302
- acl mimehtml rep_mime_type -i mime-type ^text/html
- acl mimeplain rep_mime_type -i mime-type ^text/plain
- acl tostoreid url_regex -i ^http.*(youtube|googlevideo|videoplayback|videogoodput)
- acl tostoreid url_regex -i ^http.*(fbcdn|akamaihd)
- acl tostoreid url_regex -i ^http.*c2lo\.reverbnation\.com\/audio_player\/ec_stream_song\/.*\?
- acl tostoreid url_regex -i ^http.*\.c\.android\.clients\.google\.com\/market\/GetBinary\/GetBinary\/.*\/.*\?
- acl tostoreid url_regex -i ^http.*datafilehost.*\/get\.php.*file\=.*
- acl tostoreid url_regex -i ^http.*\.filehippo\.com\/.*\?
- acl tostoreid url_regex -i ^http.*\.4shared\.com\/.*\/.*\/.*\/dlink.*preview.mp3
- acl tostoreid url_regex -i ^http.*\.4shared\.com\/download\/.*\/.*\?tsid
- acl tostoreid url_regex -i ^http.*steam(powered|content)
- acl tostoreid url_regex -i ^http.*savefile\.co\:182\/.*\/.*\.(mp4|flv|3gp)
- acl tostoreid url_regex -i ^http.*video\-http\.media\-imdb\.com\/.*\.mp4\?
- acl tostoreid url_regex -i ^http.*\.dl\.sourceforge\.net
- #acl tostoreid url_regex -i ^http.*(speedtest|espeed).*\/.*\.(jpg|txt)
- acl speedtest url_regex -i ^http.*(speedtest|espeed).*\/(latency|upload|random.*)\.(jpg|txt|php)
- acl CONNECT method CONNECT
- acl getmethod method GET
- http_access deny !Safe_ports
- http_access deny CONNECT !SSL_ports
- http_access allow localhost manager
- http_access deny manager
- http_access allow localnet
- http_access allow localhost
- http_access deny all
- request_header_access Range deny !patchpartial
- #range_offset_limit 128 KB !patchpartial
- range_offset_limit none patchpartial
- quick_abort_min 1 KB
- quick_abort_max 1 KB
- quick_abort_pct 95
- #request_header_access User-Agent deny yt-modif !iphone !BB !Winphone !Android
- ### flash
- #request_header_replace User-Agent Opera/9.80 (Windows NT 6.0) Presto/2.12.388 Version/12.14
- ### flash
- #request_header_replace User-Agent Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0) Opera 12.14
- ###html5
- #request_header_replace User-Agent Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0
- ###html5
- #request_header_replace user_Agent Mozilla/5.0 (Windows NT 5.1; rv:35.0) Gecko/20100101 Firefox/35.0
- #request_header_replace Mozilla/6.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:2.0.0.0) Gecko/20061028 Firefox/3.0
- cache deny versipatch
- cache deny localhost
- ssl_bump splice localhost
- #ssl_bump splice sslserver
- ssl_bump peek step1 all
- ssl_bump bump step2 all
- ssl_bump splice step3 all
- sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
- sslcrtd_children 2000 startup=30 idle=1
- sslproxy_capath /etc/squid/ssl_cert
- sslproxy_cert_error allow all
- sslproxy_flags DONT_VERIFY_PEER
- sslproxy_flags NO_SESSION_REUSE
- ssl_unclean_shutdown on
- #sslproxy_options NO_SSLv2,NO_SSLv3,SINGLE_ECDH_USE #Jika menggunakan versi setelah squid-3.5.12-20151222-r13967
- sslproxy_options NO_SSLv2,NO_SSLv3
- sslproxy_cipher EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
- #debug_options 11,2 22,3
- logfile_rotate 1
- #logformat referer %ts.%03tu %>a %{Referer}>h %ru
- #logformat referer %ts.%03tu %>a %ru %{Referer}>h
- #logformat referer %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mt %{Referer}>h %{User-Agent}>h
- #access_log /var/log/squid/access.log !CONNECT
- #access_log /var/log/squid/connect.log CONNECT
- #cache_store_log /var/log/squid/store.log
- access_log stdio:/var/log/squid/access.log
- netdb_filename none
- #ecap
- #yt_quality: tiny = 144px small = 240px medium = 360px large = 480px HD720 = Hd720px
- loadable_modules /usr/local/lib/ecap_adapter_modifying.so
- ecap_enable on
- request_header_access Accept-Encoding deny yt-modif
- ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying victim="enablejsapi" replacement="dash":"0","vq":"medium","enablejsapi"
- #ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying victim="enablejsapi" replacement="dash":"1","vq":"tiny","enablejsapi"
- #ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying victim="enablejsapi" replacement="vq":"small","enablejsapi"
- adaptation_access modif allow yt-modif
- adaptation_access modif deny all
- cache deny speedtest
- url_rewrite_access allow speedtest
- url_rewrite_access deny all
- url_rewrite_program /etc/squid/speedtest.pl
- redirector_bypass on
- cache_peer 10.212.212.212 parent 8033 0 no-digest no-tproxy
- dead_peer_timeout 5 seconds
- cache_peer_access 10.212.212.212 allow speedtest
- cache_peer_access 10.212.212.212 deny all
- always_direct deny speedtest
- never_direct allow speedtest
- url_rewrite_children 2000 startup=30 idle=1
- store_id_bypass off
- store_id_extras "%{Referer}>h"
- store_id_program /etc/squid/storeid.pl
- store_id_children 2000 startup=30 idle=1
- store_id_access deny !getmethod
- store_id_access allow tostoreid
- store_id_access deny all
- store_miss deny youtube httptomiss
- send_hit deny youtube httptomiss
- store_miss deny youtube mimeplain
- send_hit deny youtube mimeplain
- store_miss deny mimehtml
- send_hit deny mimehtml
- store_miss deny versipatch
- send_hit deny versipatch
- refresh_pattern -i . 0 90% 432000 override-expire override-lastmod reload-into-ims refresh-ims ignore-no-store ignore-must-revalidate ignore-private ignore-auth store-stale
- max_stale 1 day
- ############################################################ STOREID.PL #########################################################
- #!/usr/bin/perl
- $| = 1;
- while (<>) {
- @X = split;
- if ($X[0] =~ m/^http.*/) {
- $url = $X[0];
- $referer = $X[1];
- $urlreferer = $X[0] ." ". $X[1];
- } else {
- $chanel = $X[0];
- $url = $X[1];
- $referer = $X[2];
- $urlreferer = $X[1] ." ". $X[2];
- }
- #youtube googlevideo
- if ($url =~ m/^https?\:\/\/.*google.*video(playback|goodput).*/){
- @cpn = m/[=%&?\/]cpn[=%&?\/]([^\&\s]*)/;
- @id = m/[=%&?\/]id[=%&?\/]([^\&\s]*)/;
- @itag = m/[=%&?\/]itag[=%&?\/]([\d]*)/;
- @range = m/[=%&?\/]range[=%&?\/]([\d]*-[\d]*)/;
- @mime = m/[=%&?\/]mime[=%&?\/]([^\&\s]*)/;
- if ($referer =~ m/^https?\:\/\/www\.youtube\.com\/(watch\?v|embed|v)[=%&?\/]([^\&\s\?]*)/){
- @id = $2;
- } else {
- if (defined(@cpn[0])){
- if (-e "/tmp/@cpn"){
- open FILE, "/tmp/@cpn";
- @id = <FILE>;
- close FILE;
- }
- }
- }
- $out="OK store-id=http://squid/google/video/id=@id/itag=@itag/mime=@mime/range=@range";
- #youtube parameter
- } elsif (
- ($url =~ m/^https?\:\/\/.*youtube.*(stream_204|watchtime|qoe|atr|csi_204|playback).*[=%&?\/]docid[=%&?\/]([^\&\s]*)/) ||
- ($url =~ m/^https?\:\/\/.*youtube.*(ptracking|set_awesome).*[=%&?\/]video_id[=%&?\/]([^\&\s]*)/) ||
- ($url =~ m/^https?\:\/\/.*youtube.*(player_204).*[=%&?\/]v[=%&?\/]([^\&\s]*)/)
- ){
- @id = $2;
- @cpn = m/[=%&?\/]cpn[=%&?\/]([^\&\s]*)/;
- if ($referer !~ m/^https?\:\/\/www\.youtube\.com\/(watch\?v|embed|v)[=%&?\/]([^\&\s\?]*)/){
- unless (-e "/tmp/@cpn"){
- open FILE, ">/tmp/@cpn";
- print FILE @id;
- close FILE;
- }
- }
- $out = "ERR";
- #utmgif
- } elsif ($url =~ m/^https?\:\/\/www\.google-analytics\.com\/__utm\.gif\?.*/) {
- $out="OK store-id=http://squid/google-analytics/__utm.gif";
- #fbcdn.net or akamaihd.net video range
- } elsif ($url =~ m/^https?\:\/\/.*(fbcdn\.net|akamaihd\.net).*\/([\w-]+\.[\w]{2,4}).*(bytestart[=%&?\/][\d]+[&\/]byteend[=%&?\/][\d]+)/) {
- $out="OK store-id=http://squid/$1/$2/$3";
- #fbcdn.net or akamaihd.net with size
- } elsif ($url =~ m/^https?\:\/\/.*(fbcdn\.net|akamaihd\.net).*\/([a-zA-Z][\d]+[x][\d]+\/[\w-]+\.[\w]{2,4})($|\?)/) {
- $out="OK store-id=http://squid/$1/$2";
- #fbcdn.net or akamaihd.net safe_image.php
- } elsif ($url =~ m/^https?\:\/\/.*(fbcdn\.net|akamaihd\.net).*\/safe_image\.php\?(.*)/) {
- $out="OK store-id=http://squid/$1/$2";
- #reverbnation
- } elsif ($url =~ m/^https?\:\/\/c2lo\.reverbnation\.com\/audio_player\/ec_stream_song\/(.*)\?.*/) {
- $out="OK store-id=http://squid/reverbnation/$1";
- #playstore
- } elsif ($url =~ m/^https?\:\/\/.*\.c\.android\.clients\.google\.com\/market\/GetBinary\/GetBinary\/(.*\/.*)\?.*/) {
- $out="OK store-id=http://squid/android/market/$1";
- #filehost
- } elsif ($url =~ m/^https?\:\/\/.*datafilehost.*\/get\.php.*file\=(.*)/) {
- $out="OK store-id=http://squid/datafilehost/$1";
- #speedtest
- } elsif ($url =~ m/^https?\:\/\/.*(speedtest|espeed).*\/(.*\.(txt|jpg)).*/) {
- $out="OK store-id=http://squid/speedtest/$2";
- #filehippo
- } elsif ($url =~ m/^https?\:\/\/.*\.filehippo\.com\/.*\/([\w-]+\.[\w]{2,4})\?.*/) {
- $out="OK store-id=http://squid/filehippo/$1";
- #4shared preview.mp3
- } elsif ($url =~ m/^https?\:\/\/.*\.4shared\.com\/.*\/(.*\/.*)\/dlink.*preview.mp3/) {
- $out="OK store-id=http://squid/4shared/preview/$1";
- #4shared
- } elsif ($url =~ m/^https?\:\/\/.*\.4shared\.com\/download\/(.*\/.*)\?tsid.*/) {
- $out="OK store-id=http://squid/4shared/download/$1";
- #savefile-animeindo.tv
- } elsif ($url =~ m/^https?:\/\/www\.savefile\.co\:182\/.*\/(.*\.(mp4|flv|3gp)).*/) {
- $out="OK store-id=http://squid/savefile:182/$1";
- #imdb
- } elsif ($url =~ m/^https?\:\/\/video\-http\.media\-imdb\.com\/(.*\.mp4)\?.*/) {
- $out="OK store-id=http://squid/imdb/$1";
- #sourceforge
- } elsif ($url =~ m/^https?\:\/\/.*\.dl\.sourceforge\.net\/([\w-]+\.[\w]{2,3})/) {
- $out="OK store-id=http://squid/sourceforge/$1";
- #steampowered dota 2
- } elsif ($url =~ m/^https?\:\/\/.*steam(powered|content).*\/((client|depot)\/[\d]+\/(chunk|manifest)\/[^\?\s]*).*/) {
- $out="OK store-id=http://squid/steam/content-powered/$2";
- } else {
- $out="ERR";
- }
- if ($X[0] =~ m/^http.*/) {
- print "$out\n";
- } else {
- print "$chanel $out\n";
- }
- }
- #################### SPEEDTEST.PL ##########
- #!/usr/bin/perl
- $|=1;
- while (<>) {
- @X = split;
- if ($X[0] =~ m/^http.*/) {
- $url = $X[0];
- $referer = $X[1];
- $urlreferer = $X[0] ." ". $X[1];
- } else {
- $chanel = $X[0];
- $url = $X[1];
- $referer = $X[2];
- $urlreferer = $X[1] ." ". $X[2];
- }
- if ($url=~ m/^https?\:\/\/.*(speedtest|espeed).*\/((latency|upload|random.*)\.(jpg|txt|php))/) {
- $out="OK rewrite-url=http://10.212.212.212:8033/speedtest/$2";
- } else {
- $out="ERR";
- }
- if ($X[0] =~ m/^http.*/) {
- print "$out\n";
- } else {
- print "$chanel $out\n";
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement