squid.conf-170617

1. dns_v4_first on
2. reply_header_access Alternate-Protocol deny all
3. reply_header_access Alt-Svc deny all
4. refresh_all_ims on
5. reload_into_ims on
6.  
7. sslproxy_cert_error allow all
8. sslproxy_flags DONT_VERIFY_PEER
9.  
10. retry_on_error on
11. connect_retries 3
12.  
13. #debug_options 11,2 22,3
14.  
15. cache_dir aufs /cache 670000 256 256
16. cache_mem 2 MB
17. cache_swap_high 95
18. cache_swap_low 90
19.  
20. cache_replacement_policy heap LFUDA
21. memory_replacement_policy heap GDSF
22.  
23. maximum_object_size 4096000 KB
24. maximum_object_size_in_memory 0 KB
25. request_body_max_size 0 KB
26.  
27. cache_mgr cespun@gamil.com
28. visible_hostname cespun
29. strip_query_terms off
30. via off
31. forwarded_for off
32.  
33. request_header_access X-Forwarded-For deny all
34. request_header_access Proxy-Connection deny all
35. request_header_access Connection deny all
36. request_header_access Via deny all
37.  
38. reply_header_access X-Forwarded-For deny all
39. reply_header_access Proxy-Connection deny all
40. reply_header_access Connection deny all
41. reply_header_access Via deny all
42.  
43. reply_header_access Server deny all
44. reply_header_replace Server cespun-proxy
45.  
46. coredump_dir /var/log/squid
47. logfile_rotate 1
48.  
49. max_filedescriptors 65536
50. fqdncache_size 0
51. ipcache_size 0
52. ipcache_high 0
53. ipcache_low 0
54.  
55. http_port 3128
56. http_port 3129 tproxy
57. https_port 3127 tproxy ssl-bump generate-host-certificates=on cert=/etc/squid/ssl_cert/warnet.pem
58.  
59. qos_flows local-hit=0x30
60.  
61. acl localnet src all
62. acl semuaport port 0-65535
63. acl PURGE method PURGE
64. acl step1 at_step SslBump1
65. acl step2 at_step SslBump2
66. acl step3 at_step SslBump3
67. acl bypass ssl::server_name_regex -i "/etc/squid/bypass.txt"
68. acl range206 req_header Range -i byte
69. acl uabrowser browser -i regexp (iPhone|iPad)
70. acl uabrowser browser -i regexp (BlackBerry|PlayBook)
71. acl uabrowser browser -i regexp (Windows.*Phone|Trident|IEMobile)
72. acl uabrowser browser -i regexp Android
73. acl uabrowser browser -i regexp Linux
74. acl yt-rewrite url_regex -i ^https?\:\/\/(www|gaming)\.youtube\.com\/(watch\?v|embed|v)[=%&?\/]
75. acl yt-rewrite url_regex -i ^https?\:\/\/www\.youtube\.com$
76. acl yt-rewrite url_regex -i ^https?\:\/\/www\.youtube\.com\/$
77. acl youtube url_regex -i ^http.*(youtube|googlevideo|videoplayback|videogoodput)
78. acl googlevideo url_regex -i ^http.*google.*video(playback|goodput).*
79. acl mimehtml rep_mime_type -i mime-type html
80. acl mimeplain rep_mime_type -i mime-type text
81. acl urltomiss url_regex -i ^http.*(serverpatch|server_patch|server-patch|patchserver|patch_server|patch-server)
82. acl urltomiss url_regex -i ^http.*googlevideo\.com\/video(playback|goodput).*source[\&\=\?\/]yt_live
83. acl patchpartial url_regex -i ^http.*patch.*garena
84. acl patchpartial url_regex -i ^http.*garena.*patch
85. acl patchpartial url_regex -i ^http:\/\/.*google\.com\/.*chrome.*\/(.*.(exe))
86. acl httptomiss http_status 302
87. acl tostoreid url_regex -i ^http.*(youtube|googlevideo|videoplayback|videogoodput)
88. acl tostoreid url_regex -i ^http.*(fbcdn|akamaihd)
89. acl tostoreid url_regex -i ^http.*c2lo\.reverbnation\.com\/audio_player\/ec_stream_song\/.*\?
90. acl tostoreid url_regex -i ^http.*\.c\.android\.clients\.google\.com\/market\/GetBinary\/GetBinary\/.*\/.*\?
91. acl tostoreid url_regex -i ^http.*datafilehost.*\/get\.php.*file\=.*
92. acl tostoreid url_regex -i ^http.*\.filehippo\.com\/.*\?
93. acl tostoreid url_regex -i ^http.*\.4shared\.com\/.*\/.*\/.*\/dlink.*preview.mp3
94. acl tostoreid url_regex -i ^http.*\.4shared\.com\/download\/.*\/.*\?tsid
95. acl tostoreid url_regex -i ^http.*steam(powered|content).*\/(client|depot)\/.*\/(chunk|manifest)\/.*\?.*
96. acl tostoreid url_regex -i ^http.*savefile\.co\:[0-9]{2,5}\/.*\/.*\.(mp4|flv|3gp)
97. acl tostoreid url_regex -i ^http.*video\-http\.media\-imdb\.com\/.*\.mp4\?
98. acl tostoreid url_regex -i ^http.*\.dl\.sourceforge\.net
99. acl tostoreid url_regex -i ^http.*\youtubeinmp3\.com\/download\/get\/.*id\=.*t\=.*
100. acl tostoreid url_regex -i ^http.*patch\.gemscool\.com\/lsaga.*\.iop.*\?.*
101. acl tostoreid url_regex -i ^http.*googleusercontent\.com/docs/securesc\/.*
102. acl tostoreid url_regex -i ^http.*mp4upload\.com\:[0-9]{2,5}\/.*\.[0-9a-zA-Z]{2,5}
103. acl speedtest url_regex -i ^http.*([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|speedtest|espeed|api\.ookla).*\/(speedtest\.swf|speedtest-long\.swf|latency\.txt|upload\.php|speedtest-config\.php|ipaddress\.php|random.*\.jpg)
104. acl denyurl url_regex -i gvt1.com\/edgedl.*
105. acl denyurl url_regex -i google\.com/edgedl.*
106. acl denyurl url_regex -i ^http\:\/\/cache\.pack\.google\.com\/edgedl\/.*
107. acl rangesteam url_regex -i ^http.*steam(powered|content).*\/(client|depot)\/.*\/(chunk|manifest)\/.*\?.*
108. acl basejs url_regex -i ^http.*(youtube|ytimg)\.com\/.*\/player.*\/base\.js
109.  
110. acl CONNECT method CONNECT
111. acl getmethod method GET
112.  
113. http_access deny denyurl
114. http_access deny rangesteam range206
115. deny_info https://s.ytimg.com/yts/swfbin/player-vflx0pAVB/watch_as3.swf basejs
116. http_access deny basejs
117.  
118. http_access allow localhost manager
119. http_access deny manager
120. http_access allow localhost purge
121. http_access deny purge
122. http_access allow localnet
123. http_access allow localhost
124. http_access allow semuaport
125. http_access deny all
126.  
127. access_log /var/log/squid/access.log !CONNECT
128.  
129. range_offset_limit none range206 patchpartial
130. range_offset_limit 128 KB range206 !patchpartial
131. quick_abort_min 1 KB
132. quick_abort_max 1 KB
133. quick_abort_pct 95
134.  
135. ssl_bump splice bypass
136. ssl_bump peek step1 all
137. ssl_bump bump all
138.  
139. cache_peer 10.212.212.212 parent 8033 0 no-digest no-tproxy
140. dead_peer_timeout 5 seconds
141. cache_peer_access 10.212.212.212 allow speedtest
142. cache_peer_access 10.212.212.212 deny all
143. always_direct deny speedtest
144. never_direct allow speedtest
145.  
146. request_header_access Accept-Encoding deny yt-rewrite !uabrowser
147. #yt_quality: tiny = 144px small = 240px medium = 360px large = 480px HD720 = Hd720px
148. ecap_enable on
149. loadable_modules /usr/local/lib/ecap_adapter_modifying.so
150. ecap_service modif respmod_precache uri=ecap://dokter-squid.com/ecap yt_quality=medium no-html5=no
151. #ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying victim="html5":true replacement="html5":false
152. #ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying victim="enablejsapi" replacement="dash":"0","vq":"medium","enablejsapi"
153. adaptation_access modif allow yt-rewrite !uabrowser
154. adaptation_access modif deny all
155.  
156. store_id_bypass off
157. store_id_extras "%{Referer}>h"
158. store_id_program /etc/squid/storeid.pl
159. store_id_children 2000 startup=30 idle=1
160. store_id_access allow tostoreid
161. store_id_access deny all
162.  
163. store_miss deny googlevideo httptomiss
164. send_hit deny googlevideo httptomiss
165. store_miss deny googlevideo mimeplain
166. send_hit deny googlevideo mimeplain
167. store_miss deny googlevideo mimehtml
168. send_hit deny googlevideo mimehtml
169. store_miss deny urltomiss
170. send_hit deny urltomiss
171. store_miss deny mimehtml
172. send_hit deny mimehtml
173. store_miss deny mimeplain
174. send_hit deny mimeplain
175.  
176. refresh_pattern -i ^https?\:\/\/squid\/(mp4upload|google\/video) 0 90% 432000 override-expire override-lastmod ignore-no-store ignore-must-revalidate ignore-private ignore-auth
177. refresh_pattern -i .* 0 1% 1 override-expire override-lastmod ignore-no-store ignore-must-revalidate ignore-private ignore-auth