Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- konfigurasi
- =============================================
- apt-get update && apt-get upgrade -y
- apt-get install devscripts \
- build-essential \
- openssl libssl-dev \
- fakeroot \
- libcppunit-dev \
- libsasl2-dev \
- cdbs \
- ccze \
- libfile-readbackwards-perl \
- libcap2 \
- libcap-dev \
- libcap2-dev \
- libtool \
- sysv-rc-conf -y &&
- wget http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.20.tar.bz2 &&
- tar -xjf squid-3.5.20.tar.bz2 &&
- cd squid-3.5.20 &&
- ./configure \
- --prefix=/usr \
- --includedir=/usr/include \
- --infodir=/usr/share/info \
- --sysconfdir=/etc \
- --localstatedir=/var \
- --libexecdir=/usr/lib/squid \
- --srcdir=. \
- --datadir=/usr/share/squid \
- --sysconfdir=/etc/squid \
- --mandir=/usr/share/man \
- --enable-inline \
- --enable-async-io=24 \
- --enable-storeio=ufs,aufs,diskd,rock \
- --enable-removal-policies=lru,heap \
- --enable-gnuregex \
- --enable-delay-pools \
- --enable-cache-digests \
- --enable-underscores \
- --enable-icap-client \
- --enable-follow-x-forwarded-for \
- --enable-eui \
- --enable-esi \
- --enable-icmp \
- --enable-zph-qos \
- --enable-http-violations \
- --enable-ssl-crtd \
- --enable-linux-netfilter \
- --enable-ltdl-install \
- --enable-ltdl-convenience \
- --enable-x-accelerator-vary \
- --disable-maintainer-mode \
- --disable-dependency-tracking \
- --disable-silent-rules \
- --disable-translation \
- --disable-ipv6 \
- --disable-ident-lookups \
- --with-swapdir=/var/spool/squid \
- --with-logdir=/var/log/squid \
- --with-pidfile=/var/run/squid.pid \
- --with-aufs-threads=24 \
- --with-filedescriptors=65536 \
- --with-large-files \
- --with-maxfd=65536 \
- --with-openssl \
- --with-default-user=proxy \
- --with-included-ltdl &&
- make && make install
- mkdir /var/lib/squid &&
- chown -R nobody /var/lib/squid/ &&
- /usr/lib/squid/ssl_crtd -c -s /var/lib/squid/ssl_db &&
- chown -R proxy:proxy /var/lib/squid/ssl_db/ &&
- chmod -R 777 /var/lib/squid/ssl_db/
- silahkan buat certifikat sendiri
- squid.conf
- =============================================
- acl localnet src all
- acl SSL_ports port 443
- acl Safe_ports port 88 # http
- acl Safe_ports port 80 # http
- acl Safe_ports port 21 # ftp
- acl Safe_ports port 443 # https
- acl Safe_ports port 70 # gopher
- acl Safe_ports port 210 # wais
- acl Safe_ports port 1025-65535 # unregistered ports
- acl Safe_ports port 280 # http-mgmt
- acl Safe_ports port 488 # gss-http
- acl Safe_ports port 591 # filemaker
- acl Safe_ports port 777 # multiling http
- acl CONNECT method CONNECT
- # TAG: QUERY
- # -----------------------------------------------------------------------------
- acl QUERY urlpath_regex -i (hackshield|blank.html|infinity.js|hshield.da|renew_session_token.php|recaptcha.js|dat.asp|notice.swf|patchlist.txt|hackshield|captcha|reset.css|update.ver|notice.html|updates.txt|gamenotice|images.kom|patchinfo.xml|noupdate.ui|\.Xtp|\.htc|\.txt)
- acl QUERY urlpath_regex -i (patch.conf|uiimageset.xml.iop|gashaponwnd.xml.iop|loading.swf|download.swf|version.list|version.ini|launch.jnlp|server_patch.cfg.iop|core.swf|Loading.swf|resouececheck.sq|mainloading.swf|config.xml|gemmaze.swf|xml.png|size.xml|resourcesbar.swf|version.xml|version.list|delete.ini)
- acl QUERY urlpath_regex -i \.(jsp|asp|aspx|cfg|iop|zip|php|xml|html)(\?|$)
- cache deny QUERY
- #
- acl dontstore url_regex ^http:\/\/(([\d\w-]*(\.[^\.\-]*?\..*?))(\/\mosalsal\/[\d]{4}\/.*\/)(.*\.flv))\?start.*
- acl dontstore url_regex redbot\.org \.php
- acl dontstore url_regex -i ^http:\/\/.*gemscool\.com\/.*
- acl dontstore url_regex \.(aspx|php)\?
- acl dontstore url_regex goldprice\.org\/NewCharts\/gold\/images\/.*\.png
- acl dontstore url_regex google\.co(m|\.[a-z]{2})\/complete\/search\?
- acl dontstore url_regex redirector\.([0-9.]{4}|.*\.youtube\.com|.*\.googlevideo\.com|.*\.video\.google\.com)\/(get_video\?|videodownload\?|videoplayback.*id|get_video_info\?|ptracking\?|player_204\?|stream_204\?).*
- acl store_yt_id url_regex -i youtube.*(ptracking|stream_204|playback|player_204|watchtime|set_awesome|s\?|ads).*(video_id|docid|\&v|content_v)\=([^\&\s]*).*$
- acl store_id_list_yt url_regex -i (youtube|googlevideo).*videoplayback.*$
- acl store_id_list_yt url_regex ^https?\:\/\/([0-9.]{4}|.*\.youtube\.com|.*\.googlevideo\.com|.*\.video\.google\.com)\/(get_video\?|videodownload\?|videoplayback.*id).*
- request_header_access Range deny store_id_list_yt
- range_offset_limit 10 KB store_id_list_yt
- acl loop_302 http_status 302
- acl getmethod method GET
- #Permisision
- http_access deny !Safe_ports
- http_access deny CONNECT !SSL_ports
- http_access allow localhost manager
- http_access deny manager
- http_access allow localnet
- http_access allow localhost
- http_access deny all
- #SSL
- always_direct allow all
- ssl_bump server-first all
- sslproxy_cert_error deny all
- sslproxy_flags DONT_VERIFY_PEER
- sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/squid/ssl_db -M 4MB
- sslcrtd_children 8 startup=1 idle=1
- ###############################################################################
- # Squid normally listens to port 3128
- ###############################################################################
- http_port 3130 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/myCA2.pem
- http_port 3129 tproxy
- http_port 3128
- # TAG: Store-id Program
- # -----------------------------------------------------------------------------
- store_id_program /etc/squid/store-ytb.pl
- store_id_children 100 startup=0 idle=1 concurrency=1000
- # TAG: Store-id Access
- # -----------------------------------------------------------------------------
- store_id_access deny dontstore
- store_id_access deny !getmethod
- store_id_extras "%{Referer}>h"
- store_id_access allow store_id_list_yt
- store_id_access allow store_yt_id
- store_id_access deny all
- store_id_bypass on
- # TAG: Youtube 302
- # -----------------------------------------------------------------------------
- store_miss deny store_id_list_yt loop_302
- send_hit deny store_id_list_yt loop_302
- acl loop rep_mime_type -i mime-type ^text/html
- acl loop rep_mime_type -i mime-type ^text/plain
- store_miss deny loop_302
- send_hit deny loop_302
- store_miss deny loop
- send_hit deny loop
- #MEMORY
- client_dst_passthru on
- cache_mem 8 MB
- maximum_object_size_in_memory 0
- memory_cache_shared off
- memory_cache_mode disk
- memory_replacement_policy heap GDSF
- #DISK
- cache_replacement_policy heap LFUDA
- minimum_object_size 1 bytes
- maximum_object_size 1 GB
- cache_dir aufs /cache-1 320000 16 256 # sesuaikan dengan drive penyimpanan cache
- cache_dir aufs /cache-2 500000 16 256 # sesuaikan dengan drive penyimpanan cache
- store_dir_select_algorithm round-robin
- cache_swap_low 90
- cache_swap_high 95
- #LOG
- access_log /tmp/access.log squid
- logfile_daemon /usr/lib/squid/log_file_daemon
- cache_store_log none
- logfile_rotate 1
- mime_table /etc/squid/mime.conf
- pid_filename /var/run/squid.pid
- strip_query_terms off
- buffered_logs off
- cache_log /dev/null
- coredump_dir /var/spool/squid
- ###############################################################################
- # Add any of your own refresh_pattern entries above these.
- ###############################################################################
- refresh_pattern ^ftp: 1440 20% 10080
- refresh_pattern ^gopher: 1440 0% 1440
- refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
- # Youtube Video
- refresh_pattern -i (get_video\?|videoplayback\?|videodownload\?|\.mp4|\.webm|\.flv|((audio|video)\/(webm|mp4))) 241920 100% 241920 override-expire ignore-reload ignore-private ignore-no-store ignore-must-revalidate reload-into-ims ignore-auth store-stale
- refresh_pattern -i ^https?\:\/\/.*\.googlevideo\.com\/videoplayback.* 10080 99% 43200 override-lastmod override-expire ignore-reload reload-into-ims ignore-private reload-into-ims ignore-auth store-stale
- refresh_pattern -i ^https?\:\/\/.*\.googlevideo\.com\/videoplayback.*$ 241920 100% 241920 override-expire ignore-reload ignore-private ignore-no-store ignore-must-revalidate reload-into-ims ignore-auth store-stale
- # Image Youtube
- refresh_pattern -i (yimg|twimg)\.com\.* 1440 100% 129600 override-expire ignore-reload reload-into-ims
- refresh_pattern -i (ytimg|ggpht)\.com\.* 1440 80% 129600 override-expire override-lastmod ignore-auth ignore-reload reload-into-ims
- ###############################################################################
- ## ERROR PAGE OPTIONS
- ###############################################################################
- error_directory /usr/share/squid/errors/en
- error_log_languages off
- qos_flows tos local-hit=0x30 parent-hit=0x34
- store-ytb.pl
- =========================
- #!/usr/bin/perl
- ###########################
- #
- # Store-ID dengan asumsi chanel berapapun
- #
- ###########################
- $|=1;
- while (<>) {
- my $chan = "";
- if (s/^(\d+\s+)//o) {
- $chan = $1;
- }
- $_ =~ s/(\s+.+)//o;
- if ($_ =~ m/^https?\:\/\/.*youtube.*(ptracking|stream_204|player_204|gen_204).*(video_id|docid|v)\=([^\&\s]*).*/){
- $vid = $3 ;
- @cpn = m/[&?]cpn\=([^\&\s]*)/;
- $fn = "/tmp/@cpn";
- unless (-e $fn) {
- open FH,">".$fn ;
- print FH "$vid\n";
- close FH;
- }
- print $chan, "ERR\n" ;
- } elsif ($_ =~ m/^https?\:\/\/.*(youtube|google).*videoplayback.*/){
- @itag = m/[&?](itag=[0-9]*)/;
- @ids = m/[&?]id\=([^\&\s]*)/;
- @mime = m/[&?](mime\=[^\&\s]*)/;
- @cpn = m/[&?]cpn\=([^\&\s]*)/;
- @range = m/[&?](range=[^\&\s]*)/;
- if (defined($cpn[0])) {
- $fn = "/tmp/@cpn";
- if (-e $fn) {
- open FH,"<".$fn ;
- $id = <FH>;
- chomp $id ;
- close FH ;
- } else {
- $id = $ids[0] ;
- }
- print $chan, "OK store-id=http://googlevideo.squid.internal/id=" . $id . "&@itag@range@mime\n" ;
- } else {
- print $chan, "ERR\n" ;
- }
- } else {
- print $chan, "ERR\n" ;
- }
- }
- =================================
- chmod +x store-ytb.pl
- chmod +x squid
- chown proxy:proxy /cache-1
- chown proxy:proxy /cache-2 &&
- chmod 777 /cache-1 &&
- chmod 777 /cache-2
- squid -f /etc/squid/squid.conf -z
- update-rc.d squid defaults
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement