squid.conf dan storeurl.pl untuk squid3 Leave a Reply Tags: UBUNTU Like Me Tweet squid3.conf #=======================================# # SQUID Edit By: udinkepsuk. # muarabungo-jambi # kepsuktv.blogspot.com #=======================================# acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl QUERY urlpath_regex -i (begin|start)\= acl QUERY urlpath_regex -i cgi-bin \? .php$ .asp$ .shtml$ .cfm$ .cfml$ .phtml$ .php3$ localhost acl dontrewrite url_regex -i c\.youtube\.com\/.*(begin|start)\=.* acl dontrewrite url_regex redbot\.org acl getmethod method GET acl redir urlpath_regex -i &redirect_counter=1&cms_redirect=yes acl redir urlpath_regex -i &ir=1&rr=12 acl yutub url_regex -i youtube\.com\/(generate_204|ptracking|stream_204|player_204|s|(.*(playback|watchtime|delayplay)))\?.*$ acl yutub url_regex -i gstatic\.com\/csi\?.*$ acl rewritedoms url_regex -i dl\.sourceforge\.net.* acl rewritedoms url_regex -i i[0-9]*\.ytimg\.com.* acl rewritedoms url_regex -i ak\.fbcdn\.net.* acl rewritedoms url_regex -i (youtube|google).*\/videoplayback\?.* http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager http_access allow localnet http_access allow localhost http_access deny all ### untuk pertama kali config jalankan perintah berikut "/usr/lib/squid3/ssl_crtd -c -s /etc/squid3/ssl_db" https_port 3127 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/myCA.pem http_port 3128 http_port 3129 tproxy always_direct allow all ssl_bump server-first all sslcrtd_program /usr/lib/squid3/ssl_crtd -s /etc/squid3/ssl_db -M 4MB sslcrtd_children 5 sslproxy_cert_error deny all hierarchy_stoplist cgi-bin ? cache allow rewritedoms cache deny QUERY cache deny redir memory_replacement_policy heap GDSF cache_replacement_policy heap LFUDA cache_mem 128 MB maximum_object_size_in_memory 8 KB minimum_object_size 1 KB maximum_object_size 1024 MB cache_swap_low 95 cache_swap_high 99 cache_dir aufs /cache01 5320 12 256 max-size=128000 cache_dir aufs /cache02 5320 12 256 max-size=128000 cache_dir aufs /cache03 87115 10 256 min-size=128000 cache_dir aufs /cache04 87115 10 256 min-size=128000 cache_dir aufs /cache05 87115 10 256 min-size=128000 coredump_dir /var/spool/squid3 #logformat squid1 %{Referer}>h %ru #access_log /var/log/squid3/yt.log squid1 yutub access_log /var/log/squid3/access.log cache_log /var/log/squid3/cache.log cache_store_log none logfile_rotate 5 log_icp_queries off store_id_program /etc/squid3/store-id.pl store_id_children 20 startup=10 idle=5 concurrency=30 store_id_access deny !getmethod store_id_access deny redir store_id_access deny dontrewrite store_id_access allow rewritedoms store_id_access deny all strip_query_terms off max_stale 1 week refresh_pattern .*(begin|start)\=[1-9][0-9].* 0 0% 0 refresh_pattern -i (cgi-bin|mrtg|graph) 0 0% 0 refresh_pattern -i \.(php|lst|ui|ini|list)$ 0 0% 0 refresh_pattern (update.ini|Update.ini|version.list|Version.list|update.1st|update.exe|autoup.exe) 0 0% 0 refresh_pattern (hackshield|nprotect) 240 100% 420 override-expire override-lastmod reload-into-ims #refresh_pattern \.gemscool.com.*\.(exe|dll|cab|zip|iop|npz|swf)$ 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale #refresh_pattern \.crossfire.web.id.*\.(cab|zip|exe|rar|dat|swf)$ 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale #refresh_pattern \.cabalonline.co.id.*\.(cab|zip|exe|rar|dat|swf) 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale #refresh_pattern \.megaxus.com.*\.(cab|zip|exe|rar|dat|swf) 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale #refresh_pattern \.lytogame.com.*\.(cab|zip|exe|rar|dat|swf) 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale #refresh_pattern ((25[0-5]|2[0-4][0-9]|1[0-9]{2}|[0-9]{1,2})\.){3}(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[0-9]{1,2}).*\.(pak|exe|zip|kom|stg|npz|swf)$ 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale #PATTERN REFRESH refresh_pattern -i \.(html|htm|css|js|png|jsp|asx|asp|aspx)$ 240 100% 420 refresh_pattern -i \/speedtest\/.*\.(txt|jpg|png|swf) 0 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims refresh_pattern .pixieimage\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims refresh_pattern .blogspot\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims refresh_pattern .multiply\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims refresh_pattern .((pikawarnet\.com)|(blogspot\.com)|(pixieimage\.com)|(multiply\.com)).* 60 30% 240 #sensitive site refresh_pattern -i \.(sc-|dl-|ex-|mh-|dll|da-) 0 2% 50 reload-into-ims refresh_pattern -i \.(mst|Xtp|iop)$ 0 50% 1440 reload-into-ims refresh_pattern -i (index.php|autoup.exe|main.exe|xtrap.xt|autoupgrade.exe|update.exe|grandchase.exe|FSLauncher.exe|FreeStyle_Setup.exe|grandchase.exe|filelist.zip)$ 0 50% 1440 #refresh_pattern -i (UpdaterModifier.exe|FreeStyle.exe|PBLauncher.exe|update.exe|NewLauncher.exe|NewAvalon.exe|hon.exe.zip|cabal.exe)$ 0 50% 1440 #refresh_pattern -i (PointBlank.exe.zip|HSUpdate.exe.zip|PBConfig.exe.zip) 0 50% 1440 refresh_pattern -i (wks_avira-win32-en-pecl.info.gz|wks_avira10-win32-en-pecl.info.gz|servers.def.vpx)$ 0 50% 1440 refresh_pattern -i (setup.exe.gz|avscan.exe.gz|avguard.exe.gz|filelist.zip|AvaClient.exe) 0 50% 1440 refresh_pattern -i (livescore.com|goal.com|bobet) 0 50% 60 #FB refresh_pattern \.facebook\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private refresh_pattern \.facebook\.com.* 240 50% 480 refresh_pattern \.fbcdn\.net.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private store-stale refresh_pattern \.gstatic\.com/images\? 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private ignore-must-revalidate refresh_pattern \.(akamaihd|edgecastcdn|spilcdn|zgncdn|(tw|y|yt)img)\.com.*\.(jp(e?g|e|2)|gif|png|swf|mp(3|4)) 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private refresh_pattern (gstatic|diggstatic)\.com/.* 1440 99% 14400 override-expire ignore-reload ignore-private refresh_pattern (photobucket|pbsrc|flickr|yimg|ytimg|twimg|gravatar)\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private refresh_pattern (zynga|ninjasaga|mafiawars|cityville|farmville|crowdstar|spilcdn|agame|popcap)\.com/.* 1440 99% 14400 override-expire ignore-reload ignore-private refresh_pattern ^http:\/\/images|image|img|pics|openx|thumbs[0-9]\. 1440 99% 14400 override-expire ignore-reload ignore-private refresh_pattern ^.*safebrowsing.*google 1440 99% 14400 override-expire ignore-reload ignore-private ignore-auth ignore-must-revalidate refresh_pattern ^http://.*\.squid\.internal\/.* 10080 100% 79900 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth max-stale=10000 store-stale refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv\?|\.fid\?) 43200 99% 43200 override-expire ignore-reload ignore-must-revalidate ignore-private #ads refresh_pattern ^.*(streamate.doublepimp.com.*\.js\?|utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 1440 99% 14400 ignore-private override-expire ignore-reload ignore-auth negative-ttl=40320 max-stale=1440 refresh_pattern \.(ico|video-stats) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-auth override-lastmod ignore-must-revalidate refresh_pattern ^http://((cbk|mt|khm|mlt|tbn)[0-9]?)\.google\.co(m|\.uk|\.id) 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private ignore-auth ignore-must-revalidate refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 1440 99% 14400 override-expire override-lastmod refresh_pattern galleries\.video(\?|sz) 1440 99% 14400 override-expire ignore-reload ignore-must-revalidate ignore-private refresh_pattern \.wikimapia\.org\/? 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private #general refresh_pattern -i \.(7z|arj|bin|bz2|cab|dll|exe|gz|inc|iso|jar|lha|ms(i|p|u)|rar|rpm|tar|tgz|zip|rtp|rpz|nui|kom|stg|pak|sup|nzp|npz|iop)$ 1440 99% 14400 override-expire override-lastmod ignore-private reload-into-ims ignore-must-revalidate ignore-reload store-stale refresh_pattern -i \.(class|doc|docx|pdf|pps|ppt|ppsx|pptx|ps|rtx|txt|wpl|xls|xlsx)$ 1440 99% 14400 override-expire override-lastmod ignore-private reload-into-ims ignore-must-revalidate ignore-reload store-stale refresh_pattern -i \.(3gp|ac4|agx|au|avi|axd|bmp|cbr|cbt|cbz|dat|divx|flv|gif|hqx|ico|jp(2|e|eg|g)|mid|mk(a|v)|mov|mp(1|2|3|4|e|eg|g)|og(a|g|v)|qt|ra|ram|rm|swf|tif|tiff|wa(v|x)|wm(a|v|x)|x-flv)$ 1440 99% 14400 override-expire override-lastmod ignore-private reload-into-ims ignore-must-revalidate ignore-reload store-stale refresh_pattern -i .(html|htm|css|js)$ 1440 75% 40320 refresh_pattern -i .index.(html|htm)$ 0 75% 10080 refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 60 50% 14400 store-stale memory_pools off client_db off #reload_into_ims on pipeline_prefetch on offline_mode off cache_effective_user proxy cache_effective_group proxy request_header_access From deny all request_header_access Server deny all request_header_access WWW-Authenticate deny all request_header_access Link deny all request_header_access Cache-Control deny all request_header_access Proxy-Connection deny all request_header_access X-Cache deny all request_header_access X-Cache-Lookup deny all request_header_access Via deny all request_header_access Forwarded-For deny all request_header_access X-Forwarded-For deny all request_header_access Pragma deny all request_header_access Keep-Alive deny all vary_ignore_expire on # local qos_flows local-hit=0x30 # sibling # qos_flows sibling-hit=0x31 # parent # qos_flows parent-hit=0x32 # preserve # qos_flows disable-preserve-miss storeurl.pl #!/usr/bin/perl # EDIT BY: www.mr-ekoapriadi.blogspot.com # edisi@2013 # send link from youtube contain >> (ptracking|stream_204|player_204|gen_204) to storeurl $|=1; while (<>) { @X = split; if ( $X[0] =~ m/^http\:\/\/.*/) { $x = $X[0]; $_ = $X[0]; $u = $X[0]; } else { $x = $X[1]; $_ = $X[1]; $u = $X[1]; } if ($x =~ m/^http(|s)\:\/\/.*youtube.*(ptracking|stream_204|player_204|gen_204).*(video_id|docid|v)\=([^\&\s]*).*/){ $vid = $4 ; @cpn = m/[&?]cpn\=([^\&\s]*)/; $fn = "/var/log/squid/@cpn"; unless (-e $fn) { open FH,">".$fn ; print FH "$vid\n"; close FH; } $out = $x . "\n"; } elsif ($x =~ m/^http\:\/\/.*(youtube|google).*videoplayback.*/){ @itag = m/[&?](itag=[0-9]*)/; @ids = m/[&?]id\=([^\&\s]*)/; @mime = m/[&?](mime\=[^\&\s]*)/; @cpn = m/[&?]cpn\=([^\&\s]*)/; $fn = "/var/log/squid/@cpn"; if (-e $fn) { open FH,"<".$fn ; $id = <fh>; chomp $id ; close FH ; } else { $id = $ids[0] ; } @range = m/[&?](range=[^\&\s]*)/; $out = "http://video-srv.youtube.com.SQUIDINTERNAL/id=" . $id . "&@itag@range@mime"; } elsif ($x =~ m/^http\:\/\/.*(profile|photo|creative).*\.ak\.fbcdn\.net\/((h|)(profile|photos)-ak-)(snc|ash|prn)[0-9]?(.*)/) { $out="http://fbcdn.net.squid.internal/" . $2 . "fb" . $6 ; } elsif ($x =~ m/^http:\/\/i[1-4]\.ytimg\.com\/(.*)/) { $out="http://ytimg.com.squid.internal/" . $1 ; } elsif ($x =~ m/^http:\/\/.*\.dl\.sourceforge\.net\/(.*)/) { $out="http://dl.sourceforge.net.squid.internal/" . $1 ; #Speedtest } elsif ($x =~ m/^http\:\/\/.*\/speedtest\/(.*\.(jpg|txt)).*/) { $out="http://speedtest.squid.internal/" . $1 ; #BLOGSPOT } elsif ($x =~ m/^http:\/\/[1-4]\.bp\.(blogspot\.com.*)/) { $out="http://blog-cdn." . $1 ; #AVAST } elsif ($x =~ m/^http:\/\/download[0-9]{3}.(avast.com.*)/) { $out="http://avast-cdn." . $1 ; #AVAST } elsif ($x =~ m/^http:\/\/[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\/(iavs.*)/) { $out="http://avast-cdn.avast.com/" . $1 ; #KAV } elsif ($x =~ m/^http:\/\/dnl-[0-9]{2}.(geo.kaspersky.com.*)/) { $out="http://kav-cdn." . $1 ; #AVG } elsif ($x =~ m/^http:\/\/update.avg.com/) { $out="http://avg-cdn." . $1 ; #maps.google.com } elsif ($x =~ m/^http:\/\/(cbk|mt|khm|mlt|tbn)[0-9]?(.google\.co(m|\.uk|\.id).*)/) { $out="http://" . $1 . $2 ; #gstatic and/or wikimapia } elsif ($x =~ m/^http:\/\/([a-z])[0-9]?(\.gstatic\.com.*|\.wikimapia\.org.*)/) { $out="http://" . $1 . $2 ; #maps.google.com } elsif ($x =~ m/^http:\/\/(khm|mt)[0-9]?(.google.com.*)/) { $out="http://" . $1 . $2 ; #Google } elsif ($x =~ m/^http:\/\/www\.google-analytics\.com\/__utm\.gif\?.*/) { $out="http://www.google-analytics.com/__utm.gif\n"; } elsif ($x =~ m/^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*?)/) { $out="http://" . $1 ; #cdn, varialble 1st path } elsif (($x =~ /filehippo/) && (m/^http:\/\/(.*?)\.(.*?)\/(.*?)\/(.*)\.([a-z0-9]{3,4})(\?.*)?/)) { @y = ($1,$2,$4,$5); $y[0] =~ s/[a-z0-9]{2,5}/cdn./; $out="http://" . $y[0] . $y[1] . "/" . $y[2] . "." . $y[3] ; #rapidshare } elsif (($x =~ /rapidshare/) && (m/^http:\/\/(([A-Za-z]+[0-9-.]+)*?)([a-z]*\.[^\/]{3}\/[a-z]*\/[0-9]*)\/(.*?)\/([^\/\?\&]{4,})$/)) { $out="http://cdn." . $3 . "/squid.internal/" . $5 ; #for yimg.com video } elsif ($x =~ m/^http:\/\/(.*yimg.com)\/\/(.*)\/([^\/\?\&]*\/[^\/\?\&]*\.[^\/\?\&]{3,4})(\?.*)?$/) { $out="http://cdn.yimg.com/" . $3 ; #for yimg.com doubled } elsif ($x =~ m/^http:\/\/(.*?)\.yimg\.com\/(.*?)\.yimg\.com\/(.*?)\?(.*)/) { $out="http://cdn.yimg.com/" . $3 ; #for yimg.com with &sig= } elsif ($x =~ m/^http:\/\/([^\.]*)\.yimg\.com\/(.*)/) { @y = ($1,$2); $y[0] =~ s/[a-z]+([0-9]+)?/cdn/; $y[1] =~ s/&sig=.*//; $out="http://" . $y[0] . ".yimg.com/" . $y[1] ; } else { $out=$x; } if ( $X[0] =~ m/^http\:\/\/.*/) { print "OK store-id=$out\n" ; } else { print $X[0] . " OK store-id=$out\n" ; } }
0 komentar: