Advertisement
albspirit86

sssssss

Aug 2nd, 2016
559
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.79 KB | None | 0 0
  1. acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
  2. acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
  3. acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
  4. acl localnet src fc00::/7 # RFC 4193 local private network range
  5. acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
  6. acl SSL_ports port 443
  7. acl Safe_ports port 80 # http
  8. acl Safe_ports port 182 # http
  9. acl Safe_ports port 21 # ftp
  10. acl Safe_ports port 443 # https
  11. acl Safe_ports port 70 # gopher
  12. acl Safe_ports port 210 # wais
  13. acl Safe_ports port 1025-65535 # unregistered ports
  14. acl Safe_ports port 280 # http-mgmt
  15. acl Safe_ports port 488 # gss-http
  16. acl Safe_ports port 591 # filemaker
  17. acl Safe_ports port 777 # multiling http
  18. acl CONNECT method CONNECT
  19. acl getmethod method GET
  20.  
  21. acl step1 at_step SslBump1
  22. #acl step2 at_step SslBump2
  23. #acl step3 at_step SslBump3
  24. #acl firefox browser -i regexp (Firefox|firefox)
  25. #acl chrome browser -i regexp (Chrome|chrome)
  26. acl iphone browser -i regexp (iPhone|iPad)
  27. acl BB browser -i regexp (BlackBerry|PlayBook)
  28. acl Winphone browser -i regexp (Windows.*Phone|Trident|IEMobile)
  29. acl Android browser -i regexp Android
  30. acl youtube url_regex -i (youtube|googlevideo|videoplayback)
  31. #acl yt-domain dstdomain .youtube.com
  32. acl yt-watch url_regex -i ^https?\:\/\/www\.youtube\.com\/
  33. #acl yt-watch url_regex -i ^http.*youtube\.com\/$
  34. acl patchpartial url_regex -i ^http.*(garena|gemscool|netmarble|valve|dota|winnerinter|lytogame|megaxus).*(patch|Patch)
  35. acl httptomiss http_status 302
  36. acl mimehtml rep_mime_type -i mime-type ^text/html
  37. acl mimeplain rep_mime_type -i mime-type ^text/plain
  38. acl tostoreid url_regex -i ^http.*youtube.*(content_v|docid|video_id|player_204.*v\=)
  39. acl tostoreid url_regex -i ^http.*youtube.*api.*stats.*ads
  40. acl tostoreid url_regex -i ^http.*youtube.*(ptracking|set_awesome|stream_204|watchtime|qoe|atr|player_204)
  41. acl tostoreid url_regex -i ^http.*googlevideo.*videoplayback
  42. acl tostoreid url_regex -i ^http.*(fbcdn|akamaihd)
  43. acl tostoreid url_regex -i ^http.*c2lo\.reverbnation\.com\/audio_player\/ec_stream_song\/.*\?
  44. acl tostoreid url_regex -i ^http.*\.c\.android\.clients\.google\.com\/market\/GetBinary\/GetBinary\/.*\/.*\?
  45. acl tostoreid url_regex -i ^http.*datafilehost.*\/get\.php.*file\=
  46. acl tostoreid url_regex -i ^http.*\.filehippo\.com\/.*\?
  47. acl tostoreid url_regex -i ^http.*\.4shared\.com\/.*\/.*\/.*\/dlink.*preview.mp3
  48. acl tostoreid url_regex -i ^http.*\.4shared\.com\/download\/.*\/.*\?tsid
  49. acl tostoreid url_regex -i ^http.*(steampowered|steamcontent)
  50. acl tostoreid url_regex -i ^http.*savefile\.co\:182\/.*\/.*\.(mp4|flv|3gp)
  51. acl tostoreid url_regex -i ^http.*video\-http\.media\-imdb\.com\/(.*\.mp4)\?
  52. acl tostoreid url_regex -i ^http.*\.dl\.sourceforge\.net
  53. #acl tostoreid url_regex -i ^http.*(speedtest|espeed).*\/(.*\.(jpg|txt))
  54. acl speedtest url_regex -i ^http.*(speedtest|espeed).*\/((latency|upload|random.*)\.(jpg|txt|php))
  55.  
  56. http_access deny !Safe_ports
  57. http_access deny CONNECT !SSL_ports
  58. http_access allow localhost manager
  59. http_access deny manager
  60. http_access allow localnet
  61. http_access allow localhost
  62. http_access deny all
  63.  
  64. https_port 3127 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_certs/squid.crt key=/etc/squid/ssl_certs/squid.key cipher=ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-SHA:RC4-SHA:HIGH:!aNULL:!MD5:!ADH
  65. http_port 3128
  66. http_port 3129 tproxy
  67.  
  68.  
  69. quick_abort_min 0 KB
  70. quick_abort_max 0 KB
  71. quick_abort_pct 90
  72. range_offset_limit none patchpartial
  73. #range_offset_limit 128 KB !patchpartial
  74. request_header_access Range deny !patchpartial
  75. reply_header_access Range deny !patchpartial
  76.  
  77. reply_header_access Alternate-Protocol deny all
  78. reply_header_access Alt-Svc deny all
  79. request_header_access User-Agent deny yt-watch !iphone !BB !Winphone !Android
  80. request_header_replace User-Agent Opera/9.80 (Windows NT 6.0) Presto/2.12.388 Version/12.14
  81. #request_header_replace User-Agent Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0) Opera 12.14
  82. #request_header_replace User-Agent Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
  83.  
  84. ssl_bump peek step1 all
  85. ssl_bump bump all
  86.  
  87.  
  88. sslcrtd_program /usr/lib/squid/ssl_crtd -s /etc/squid/ssl_db -M 4MB
  89. #sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
  90. sslcrtd_children 2000 startup=30 idle=1
  91. sslproxy_capath /etc/ssl/certs
  92. sslproxy_cert_error allow all
  93. sslproxy_flags DONT_VERIFY_PEER
  94. sslproxy_flags NO_SESSION_REUSE
  95. ssl_unclean_shutdown on
  96. sslproxy_options NO_SSLv2,NO_SSLv3,SINGLE_ECDH_USE #Jika menggunakan versi setelah squid-3.5.12-20151222-r13967
  97. #sslproxy_options NO_SSLv2,NO_SSLv3
  98. sslproxy_cipher EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
  99.  
  100.  
  101.  
  102.  
  103. #cache_dir aufs /cache 700000 16 256
  104. cache_dir aufs /cache 640000 1 1
  105. cache_mem 16 MB
  106.  
  107. cache_swap_low 97
  108. cache_swap_high 98
  109. cache_replacement_policy heap LFUDA
  110. memory_replacement_policy heap GDSF
  111.  
  112. maximum_object_size 4096 MB
  113. maximum_object_size_in_memory 0 KB
  114. request_body_max_size 0 KB
  115. refresh_all_ims on
  116. reload_into_ims on
  117.  
  118. cache_mgr cespun@gmail.com
  119. visible_hostname cespun-proxy
  120.  
  121. coredump_dir /var/log/squid
  122.  
  123. strip_query_terms off
  124. #debug_options 11,2 22,3
  125. logfile_rotate 1
  126. #logformat referer %ts.%03tu %>a %{Referer}>h %ru
  127. #logformat referer %ts.%03tu %>a %ru %{Referer}>h
  128. logformat referer %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mt %{Referer}>h %{User-Agent}>h
  129. access_log /var/log/squid/referer.log referer
  130. access_log /var/log/squid/access.log
  131. #cache_store_log /var/log/squid/store.log
  132.  
  133. log_mime_hdrs off
  134. forwarded_for off
  135. via off
  136. #Strip HTTP Header
  137. request_header_access X-Forwarded-For deny all
  138. reply_header_access X-Forwarded-For deny all
  139. request_header_access Via deny all
  140. reply_header_access Via deny all
  141. max_filedescriptors 65536
  142.  
  143. cache_swap_high 98
  144. cache_swap_low 95
  145. fqdncache_size 4096
  146. ipcache_size 4096
  147. dns_nameservers 208.67.222.222 208.67.220.220
  148.  
  149.  
  150. #ecap
  151. #yt_quality: tiny = 144px small = 240px medium = 360px large = 480px HD720 = Hd720px
  152. loadable_modules /usr/local/lib/ecap_adapter_modifying.so
  153. ecap_enable on
  154. request_header_access Accept-Encoding deny yt-watch
  155.  
  156. ### youtube non-rang (full loading)
  157. ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying victim="enablejsapi" replacement="dash":"0","vq":"medium","enablejsapi"
  158.  
  159. ### youtube range (half part loading)
  160. #ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying victim="enablejsapi" replacement="vq":"tiny","enablejsapi"
  161. adaptation_access modif allow yt-watch
  162. adaptation_access modif deny all
  163.  
  164. cache deny speedtest
  165. url_rewrite_access allow speedtest
  166. url_rewrite_access deny all
  167. url_rewrite_program /etc/squid/speedtest.pl
  168. redirector_bypass on
  169. cache_peer 192.168.5.2 parent 8033 0 no-digest no-tproxy
  170. dead_peer_timeout 5 seconds
  171. cache_peer_access 192.168.5.2 allow speedtest
  172. cache_peer_access 192.168.5.2 deny all
  173. url_rewrite_children 2000 startup=30 idle=1
  174.  
  175.  
  176. store_id_bypass off
  177. store_id_extras "%{Referer}>h"
  178. store_id_program /etc/squid/storeid.pl
  179. store_id_children 2000 startup=30 idle=1
  180. store_id_access deny !getmethod
  181. store_id_access allow tostoreid
  182. store_id_access deny all
  183.  
  184. store_miss deny youtube httptomiss
  185. send_hit deny youtube httptomiss
  186. store_miss deny youtube mimeplain
  187. send_hit deny youtube mimeplain
  188. store_miss deny mimehtml
  189. send_hit deny mimehtml
  190.  
  191. refresh_pattern -i . 0 90% 432000 override-expire override-lastmod ignore-no-store ignore-must-revalidate ignore-private ignore-auth
  192. max_stale 10 years
  193.  
  194. qos_flows local-hit=0x30
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement