squid.conf+storeid.pl+speedtest.pl by CusPun

1. #configure squid 3.5 and up
2.  
3. ./configure '--prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--libexecdir=/usr/lib/squid' '--sysconfdir=/etc/squid' '--localstatedir=/var' '--libdir=/usr/lib' '--includedir=/usr/include' '--datadir=/usr/share/squid' '--mandir=/usr/share/man' '--with-logdir=/var/log/squid' '--with-pid-file=/var/run/squid.pid' '--with-openssl' '--enable-ssl-crtd' '--enable-icmp' '--enable-wccp' '--enable-wccpv2' '--disable-kqueue' '--disable-esi' '--disable-arch-native' '--enable-ipv6' '--enable-poll' '--enable-ident-lookups' '--enable-storeio=aufs,diskd,ufs,rock' '--enable-underscores' '--enable-http-violations' '--enable-removal-policies=heap,lru' '--enable-delay-pools' '--enable-linux-netfilter' '--enable-snmp' '--enable-auth' '--enable-auth-basic' '--enable-auth-digest' '--enable-auth-negotiate' '--enable-auth-ntlm' '--enable-log-daemon-helpers' '--enable-url-rewrite-helpers' '--enable-storeid-rewrite-helpers' '--enable-build-info' '--enable-eui' '--enable-async-io=16' '--enable-unlinkd' '--enable-internal-dns' '--enable-epoll' '--enable-select' '--enable-cache-digests' '--enable-forw-via-db' '--enable-htcp' '--enable-kill-parent-hack' '--enable-icap-client' '--enable-ecap' '--enable-zph-qos' '--with-dl' '--with-filedescriptors=65536' '--with-large-files' --enable-ltdl-convenience
4.  
5. ########################################################## SQUID.CONF ##################################################################
6. dns_v4_first on
7. reply_header_access Alternate-Protocol deny all
8. reply_header_access Alt-Svc deny all
9.  
10. #cache_dir aufs /cache 700000 16 256
11. cache_dir aufs /cache 360000 1 1
12. cache_mem 8 MB
13. coredump_dir /var/log/squid
14.  
15. cache_swap_low 80
16. cache_swap_high 85
17. cache_replacement_policy heap LFUDA
18. memory_replacement_policy heap GDSF
19.  
20. maximum_object_size 4096000 KB
21. maximum_object_size_in_memory 0 KB
22. request_body_max_size 0 KB
23. refresh_all_ims on
24. reload_into_ims on
25.  
26. cache_mgr cespun@gmail.com
27. visible_hostname cespun-proxy
28. strip_query_terms off
29. httpd_suppress_version_string on
30. log_mime_hdrs off
31. forwarded_for off
32. via off
33.  
34. request_header_access X-Forwarded-For deny all
35. reply_header_access X-Forwarded-For deny all
36. request_header_access Via deny all
37. reply_header_access Via deny all
38. max_filedescriptors 65536
39.  
40. cache_swap_high 98
41. cache_swap_low 95
42. fqdncache_size 4096
43. ipcache_size 4096
44. dns_nameservers 208.67.222.222 208.67.220.220
45.  
46. http_port 3128
47. #http_port 3127 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/warnet.pem
48. #http_port 3129 intercept
49. #https_port 3127 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/warnet.pem
50. http_port 3129 tproxy
51. https_port 3127 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/warnet.pem
52.  
53. qos_flows local-hit=0x30
54.  
55. acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
56. acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
57. acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
58. acl localnet src fc00::/7 # RFC 4193 local private network range
59. acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
60. acl SSL_ports port 443
61. acl Safe_ports port 80 # http
62. acl Safe_ports port 182 # http
63. acl Safe_ports port 21 # ftp
64. acl Safe_ports port 443 # https
65. acl Safe_ports port 70 # gopher
66. acl Safe_ports port 210 # wais
67. acl Safe_ports port 1025-65535 # unregistered ports
68. acl Safe_ports port 280 # http-mgmt
69. acl Safe_ports port 488 # gss-http
70. acl Safe_ports port 591 # filemaker
71. acl Safe_ports port 777 # multiling http
72.  
73. acl step1 at_step SslBump1
74. acl step2 at_step SslBump2
75. acl step3 at_step SslBump3
76. #acl sslserver ssl::server_name_regex -i "/etc/squid/bypass.txt"
77. #acl iphone browser -i regexp (iPhone|iPad)
78. #acl BB browser -i regexp (BlackBerry|PlayBook)
79. #acl Winphone browser -i regexp (Windows.*Phone|Trident|IEMobile)
80. #acl Android browser -i regexp Android
81. acl yt-modif url_regex -i ^https?\:\/\/www\.youtube\.com\/(watch\?v|embed|v)
82. acl youtube url_regex -i ^http.*(youtube|googlevideo|videoplayback|videogoodput)
83. acl versipatch url_regex -i ^http.*(update|patch).*versi
84. acl versipatch url_regex -i ^http.*versi.*(update|patch)
85. acl versipatch url_regex -i ^http.*(antihack|xigncode|gameguard)
86. #acl patchpartial url_regex -i ^http.*(garena|gemscool|netmarble|valve|dota|winnerinter|lytogame|megaxus).*patch
87. #acl patchpartial url_regex -i ^http.*patch.*(garena|gemscool|netmarble|valve|dota|winnerinter|lytogame|megaxus)
88. acl patchpartial url_regex -i ^http.*patch.*garena
89. acl patchpartial url_regex -i ^http.*garena.*patch
90. acl httptomiss http_status 302
91. acl mimehtml rep_mime_type -i mime-type ^text/html
92. acl mimeplain rep_mime_type -i mime-type ^text/plain
93. acl tostoreid url_regex -i ^http.*(youtube|googlevideo|videoplayback|videogoodput)
94. acl tostoreid url_regex -i ^http.*(fbcdn|akamaihd)
95. acl tostoreid url_regex -i ^http.*c2lo\.reverbnation\.com\/audio_player\/ec_stream_song\/.*\?
96. acl tostoreid url_regex -i ^http.*\.c\.android\.clients\.google\.com\/market\/GetBinary\/GetBinary\/.*\/.*\?
97. acl tostoreid url_regex -i ^http.*datafilehost.*\/get\.php.*file\=.*
98. acl tostoreid url_regex -i ^http.*\.filehippo\.com\/.*\?
99. acl tostoreid url_regex -i ^http.*\.4shared\.com\/.*\/.*\/.*\/dlink.*preview.mp3
100. acl tostoreid url_regex -i ^http.*\.4shared\.com\/download\/.*\/.*\?tsid
101. acl tostoreid url_regex -i ^http.*steam(powered|content)
102. acl tostoreid url_regex -i ^http.*savefile\.co\:182\/.*\/.*\.(mp4|flv|3gp)
103. acl tostoreid url_regex -i ^http.*video\-http\.media\-imdb\.com\/.*\.mp4\?
104. acl tostoreid url_regex -i ^http.*\.dl\.sourceforge\.net
105. acl tostoreid url_regex -i ^http.*(speedtest|espeed).*\/.*\.(jpg|txt)
106. acl speedtest url_regex -i ^http.*(speedtest|espeed).*\/(latency|upload|random.*)\.(jpg|txt|php)
107. acl CONNECT method CONNECT
108. acl getmethod method GET
109.  
110. http_access deny !Safe_ports
111. http_access deny CONNECT !SSL_ports
112. http_access allow localhost manager
113. http_access deny manager
114. http_access allow localnet
115. http_access allow localhost
116. http_access deny all
117.  
118. request_header_access Range deny !patchpartial
119. #range_offset_limit 128 KB !patchpartial
120. range_offset_limit none patchpartial
121. quick_abort_min 1 KB
122. quick_abort_max 1 KB
123. quick_abort_pct 95
124.  
125. #request_header_access User-Agent deny yt-modif !iphone !BB !Winphone !Android
126. ### flash
127. #request_header_replace User-Agent Opera/9.80 (Windows NT 6.0) Presto/2.12.388 Version/12.14
128. ### flash
129. #request_header_replace User-Agent Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0) Opera 12.14
130. ###html5
131. #request_header_replace User-Agent Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0
132. ###html5
133. #request_header_replace user_Agent Mozilla/5.0 (Windows NT 5.1; rv:35.0) Gecko/20100101 Firefox/35.0
134. #request_header_replace Mozilla/6.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:2.0.0.0) Gecko/20061028 Firefox/3.0
135.  
136. cache deny versipatch
137. cache deny localhost
138. ssl_bump splice localhost
139. #ssl_bump splice sslserver
140. ssl_bump peek step1 all
141. ssl_bump bump step2 all
142. ssl_bump splice step3 all
143.  
144.  
145.  
146. sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
147. sslcrtd_children 2000 startup=30 idle=1
148. sslproxy_capath /etc/squid/ssl_cert
149. sslproxy_cert_error allow all
150. sslproxy_flags DONT_VERIFY_PEER
151. sslproxy_flags NO_SESSION_REUSE
152. ssl_unclean_shutdown on
153. #sslproxy_options NO_SSLv2,NO_SSLv3,SINGLE_ECDH_USE #Jika menggunakan versi setelah squid-3.5.12-20151222-r13967
154. sslproxy_options NO_SSLv2,NO_SSLv3
155. sslproxy_cipher EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
156.  
157. #debug_options 11,2 22,3
158. logfile_rotate 1
159. #logformat referer %ts.%03tu %>a %{Referer}>h %ru
160. #logformat referer %ts.%03tu %>a %ru %{Referer}>h
161. #logformat referer %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mt %{Referer}>h %{User-Agent}>h
162. #access_log /var/log/squid/access.log !CONNECT
163. #access_log /var/log/squid/connect.log CONNECT
164. #cache_store_log /var/log/squid/store.log
165. access_log stdio:/var/log/squid/access.log
166. netdb_filename none
167.  
168.  
169. #ecap
170. #yt_quality: tiny = 144px small = 240px medium = 360px large = 480px HD720 = Hd720px
171. loadable_modules /usr/local/lib/ecap_adapter_modifying.so
172. ecap_enable on
173. request_header_access Accept-Encoding deny yt-modif
174. ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying victim="enablejsapi" replacement="dash":"0","vq":"medium","enablejsapi"
175. #ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying victim="enablejsapi" replacement="dash":"1","vq":"tiny","enablejsapi"
176. #ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying victim="enablejsapi" replacement="vq":"small","enablejsapi"
177. adaptation_access modif allow yt-modif
178. adaptation_access modif deny all
179.  
180. cache deny speedtest
181. url_rewrite_access allow speedtest
182. url_rewrite_access deny all
183. url_rewrite_program /etc/squid/speedtest.pl
184. redirector_bypass on
185. cache_peer 10.212.212.212 parent 8033 0 no-digest no-tproxy
186. dead_peer_timeout 5 seconds
187. cache_peer_access 10.212.212.212 allow speedtest
188. cache_peer_access 10.212.212.212 deny all
189. always_direct deny speedtest
190. never_direct allow speedtest
191. url_rewrite_children 2000 startup=30 idle=1
192.  
193. store_id_bypass off
194. store_id_extras "%{Referer}>h"
195. store_id_program /etc/squid/storeid.pl
196. store_id_children 2000 startup=30 idle=1
197. store_id_access deny !getmethod
198. store_id_access allow tostoreid
199. store_id_access deny all
200.  
201. store_miss deny youtube httptomiss
202. send_hit deny youtube httptomiss
203. store_miss deny youtube mimeplain
204. send_hit deny youtube mimeplain
205. store_miss deny mimehtml
206. send_hit deny mimehtml
207. store_miss deny versipatch
208. send_hit deny versipatch
209.  
210. refresh_pattern -i . 0 90% 432000 override-expire override-lastmod reload-into-ims refresh-ims ignore-no-store ignore-must-revalidate ignore-private ignore-auth store-stale
211. max_stale 1 day
212.  
213.  
214. ############################################################ STOREID.PL #########################################################
215. #!/usr/bin/perl
216. $| = 1;
217.  
218. while (<>) {
219.  
220. @X = split;
221. if ($X[0] =~ m/^http.*/) {
222. $url = $X[0];
223. $referer = $X[1];
224. $urlreferer = $X[0] ." ". $X[1];
225. } else {
226. $chanel = $X[0];
227. $url = $X[1];
228. $referer = $X[2];
229. $urlreferer = $X[1] ." ". $X[2];
230. }
231.  
232.  
233.  
234.  
235. #youtube googlevideo
236. if ($url =~ m/^https?\:\/\/.*google.*video(playback|goodput).*/){
237. @cpn = m/[=%&?\/]cpn[=%&?\/]([^\&\s]*)/;
238. @id = m/[=%&?\/]id[=%&?\/]([^\&\s]*)/;
239. @itag = m/[=%&?\/]itag[=%&?\/]([\d]*)/;
240. @range = m/[=%&?\/]range[=%&?\/]([\d]*-[\d]*)/;
241. @mime = m/[=%&?\/]mime[=%&?\/]([^\&\s]*)/;
242. if ($referer =~ m/^https?\:\/\/www\.youtube\.com\/(watch\?v|embed|v)[=%&?\/]([^\&\s\?]*)/){
243. @id = $2;
244. } else {
245. if (defined(@cpn[0])){
246. if (-e "/tmp/@cpn"){
247. open FILE, "/tmp/@cpn";
248. @id = <FILE>;
249. close FILE;
250. }
251. }
252. }
253. $out="OK store-id=http://squid/google/video/id=@id/itag=@itag/mime=@mime/range=@range";
254.  
255. #youtube parameter
256. } elsif (
257. ($url =~ m/^https?\:\/\/.*youtube.*(stream_204|watchtime|qoe|atr|csi_204|playback).*[=%&?\/]docid[=%&?\/]([^\&\s]*)/) ||
258. ($url =~ m/^https?\:\/\/.*youtube.*(ptracking|set_awesome).*[=%&?\/]video_id[=%&?\/]([^\&\s]*)/) ||
259. ($url =~ m/^https?\:\/\/.*youtube.*(player_204).*[=%&?\/]v[=%&?\/]([^\&\s]*)/)
260. ){
261. @id = $2;
262. @cpn = m/[=%&?\/]cpn[=%&?\/]([^\&\s]*)/;
263. if ($referer !~ m/^https?\:\/\/www\.youtube\.com\/(watch\?v|embed|v)[=%&?\/]([^\&\s\?]*)/){
264. unless (-e "/tmp/@cpn"){
265. open FILE, ">/tmp/@cpn";
266. print FILE @id;
267. close FILE;
268. }
269. }
270. $out = "ERR";
271.  
272. #utmgif
273. } elsif ($url =~ m/^https?\:\/\/www\.google-analytics\.com\/__utm\.gif\?.*/) {
274. $out="OK store-id=http://squid/google-analytics/__utm.gif";
275.  
276. #fbcdn.net or akamaihd.net video range
277. } elsif ($url =~ m/^https?\:\/\/.*(fbcdn\.net|akamaihd\.net).*\/([\w-]+\.[\w]{2,4}).*(bytestart[=%&?\/][\d]+[&\/]byteend[=%&?\/][\d]+)/) {
278. $out="OK store-id=http://squid/$1/$2/$3";
279.  
280. #fbcdn.net or akamaihd.net with size
281. } elsif ($url =~ m/^https?\:\/\/.*(fbcdn\.net|akamaihd\.net).*\/([a-zA-Z][\d]+[x][\d]+\/[\w-]+\.[\w]{2,4})($|\?)/) {
282. $out="OK store-id=http://squid/$1/$2";
283.  
284. #fbcdn.net or akamaihd.net safe_image.php
285. } elsif ($url =~ m/^https?\:\/\/.*(fbcdn\.net|akamaihd\.net).*\/safe_image\.php\?(.*)/) {
286. $out="OK store-id=http://squid/$1/$2";
287.  
288. #reverbnation
289. } elsif ($url =~ m/^https?\:\/\/c2lo\.reverbnation\.com\/audio_player\/ec_stream_song\/(.*)\?.*/) {
290. $out="OK store-id=http://squid/reverbnation/$1";
291.  
292. #playstore
293. } elsif ($url =~ m/^https?\:\/\/.*\.c\.android\.clients\.google\.com\/market\/GetBinary\/GetBinary\/(.*\/.*)\?.*/) {
294. $out="OK store-id=http://squid/android/market/$1";
295.  
296.  
297. #filehost
298. } elsif ($url =~ m/^https?\:\/\/.*datafilehost.*\/get\.php.*file\=(.*)/) {
299. $out="OK store-id=http://squid/datafilehost/$1";
300.  
301.  
302. #speedtest
303. } elsif ($url =~ m/^https?\:\/\/.*(speedtest|espeed).*\/(.*\.(txt|jpg)).*/) {
304. $out="OK store-id=http://squid/speedtest/$2";
305.  
306.  
307. #filehippo
308. } elsif ($url =~ m/^https?\:\/\/.*\.filehippo\.com\/.*\/([\w-]+\.[\w]{2,4})\?.*/) {
309. $out="OK store-id=http://squid/filehippo/$1";
310.  
311.  
312. #4shared preview.mp3
313. } elsif ($url =~ m/^https?\:\/\/.*\.4shared\.com\/.*\/(.*\/.*)\/dlink.*preview.mp3/) {
314. $out="OK store-id=http://squid/4shared/preview/$1";
315.  
316. #4shared
317. } elsif ($url =~ m/^https?\:\/\/.*\.4shared\.com\/download\/(.*\/.*)\?tsid.*/) {
318. $out="OK store-id=http://squid/4shared/download/$1";
319.  
320. #savefile-animeindo.tv
321. } elsif ($url =~ m/^https?:\/\/www\.savefile\.co\:182\/.*\/(.*\.(mp4|flv|3gp)).*/) {
322. $out="OK store-id=http://squid/savefile:182/$1";
323.  
324. #imdb
325. } elsif ($url =~ m/^https?\:\/\/video\-http\.media\-imdb\.com\/(.*\.mp4)\?.*/) {
326. $out="OK store-id=http://squid/imdb/$1";
327.  
328. #sourceforge
329. } elsif ($url =~ m/^https?\:\/\/.*\.dl\.sourceforge\.net\/([\w-]+\.[\w]{2,3})/) {
330. $out="OK store-id=http://squid/sourceforge/$1";
331.  
332. #steampowered dota 2
333. } elsif ($url =~ m/^https?\:\/\/.*steam(powered|content).*\/((client|depot)\/[\d]+\/(chunk|manifest)\/[^\?\s]*).*/) {
334. $out="OK store-id=http://squid/steam/content-powered/$2";
335.  
336. } else {
337. $out="ERR";
338. }
339.  
340. if ($X[0] =~ m/^http.*/) {
341. print "$out\n";
342. } else {
343. print "$chanel $out\n";
344. }
345. }
346.  
347.  
348.  
349. #################### SPEEDTEST.PL ##########
350. #!/usr/bin/perl
351. #!/usr/bin/perl
352.  
353. $|=1;
354. while (<>) {
355. @X = split;
356. if ($X[0] =~ m/^http.*/) {
357. $url = $X[0];
358. $referer = $X[1];
359. $urlreferer = $X[0] ." ". $X[1];
360. } else {
361. $chanel = $X[0];
362. $url = $X[1];
363. $referer = $X[2];
364. $urlreferer = $X[1] ." ". $X[2];
365. }
366.  
367. if ($url=~ m/^https?\:\/\/.*(speedtest|espeed).*\/((latency|upload|random.*)\.(jpg|txt|php))/) {
368. $out="OK rewrite-url=http://10.212.212.212:8033/speedtest/$2";
369. } else {
370. $out="ERR";
371. }
372.  
373. if ($X[0] =~ m/^http.*/) {
374. print "$out\n";
375. } else {
376. print "$chanel $out\n";
377. }
378. }