squid:setup_squid_from_source
Table of Contents
Squid - Setup Squid from Source
Update the system
apt-get update && apt-get upgrade -y
Install needed packages
apt-get install devscripts \ build-essential \ openssl libssl-dev \ fakeroot \ libcppunit-dev \ libsasl2-dev \ cdbs \ ccze \ libfile-readbackwards-perl \ libcap2 \ libcap-dev \ libcap2-dev \ libtool \ sysv-rc-conf -y && wget http://ftp.riken.jp/net/squid/archive/3.5/squid-3.5.3.tar.bz2 && tar -xjf squid-3.5.3.tar.bz2 && cd squid-3.5.3 && ./configure \ --prefix=/usr \ --includedir=/usr/include \ --infodir=/usr/share/info \ --sysconfdir=/etc \ --localstatedir=/var \ --libexecdir=/usr/lib/squid \ --srcdir=. \ --datadir=/usr/share/squid \ --sysconfdir=/etc/squid \ --mandir=/usr/share/man \ --enable-inline \ --enable-async-io=24 \ --enable-storeio=ufs,aufs,diskd,rock \ --enable-removal-policies=lru,heap \ --enable-gnuregex \ --enable-delay-pools \ --enable-cache-digests \ --enable-underscores \ --enable-icap-client \ --enable-follow-x-forwarded-for \ --enable-eui \ --enable-esi \ --enable-icmp \ --enable-zph-qos \ --enable-http-violations \ --enable-ssl-crtd \ --enable-linux-netfilter \ --enable-ltdl-install \ --enable-ltdl-convenience \ --enable-x-accelerator-vary \ --disable-maintainer-mode \ --disable-dependency-tracking \ --disable-silent-rules \ --disable-translation \ --disable-ipv6 \ --disable-ident-lookups \ --with-swapdir=/var/spool/squid \ --with-logdir=/var/log/squid \ --with-pidfile=/var/run/squid.pid \ --with-aufs-threads=24 \ --with-filedescriptors=65536 \ --with-large-files \ --with-maxfd=65536 \ --with-openssl \ --with-default-user=proxy \ --with-included-ltdl && make && make install
Set Permissions
mkdir /var/lib/squid && chown -R nobody /var/lib/squid/ && /usr/lib/squid/ssl_crtd -c -s /var/lib/squid/ssl_db && chown -R proxy:proxy /var/lib/squid/ssl_db/ && chmod -R 777 /var/lib/squid/ssl_db/
Configure
- /etc/squid/squid.conf
# # Recommended minimum configuration: # # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl localnet src 192.168.10.0/24 #LAN acl localnet src 10.10.10.0/24 #WIFI acl localnet src 10.10.20.0/24 #WIFI acl localnet src 10.10.30.0/24 #WIFI acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # TAG: QUERY # ----------------------------------------------------------------------------- acl QUERY urlpath_regex -i (hackshield|blank.html|infinity.js|hshield.da|renew_session_token.php|recaptcha.js|dat.asp|notice.swf|patchlist.txt|hackshield|captcha|reset.css|update.ver|notice.html|updates.txt|gamenotice|images.kom|patchinfo.xml|noupdate.ui|\.Xtp|\.htc|\.txt) acl QUERY urlpath_regex -i (patch.conf|uiimageset.xml.iop|gashaponwnd.xml.iop|loading.swf|download.swf|version.list|version.ini|launch.jnlp|server_patch.cfg.iop|core.swf|Loading.swf|resouececheck.sq|mainloading.swf|config.xml|gemmaze.swf|xml.png|size.xml|resourcesbar.swf|version.xml|version.list|delete.ini) acl QUERY urlpath_regex -i \.(jsp|asp|aspx|cfg|iop|zip|php|xml|html)(\?|$) cache deny QUERY # acl dontstore url_regex ^http:\/\/(([\d\w-]*(\.[^\.\-]*?\..*?))(\/\mosalsal\/[\d]{4}\/.*\/)(.*\.flv))\?start.* acl dontstore url_regex redbot\.org \.php acl dontstore url_regex -i ^http:\/\/.*gemscool\.com\/.* acl dontstore url_regex \.(aspx|php)\? acl dontstore url_regex goldprice\.org\/NewCharts\/gold\/images\/.*\.png acl dontstore url_regex google\.co(m|\.[a-z]{2})\/complete\/search\? acl dontstore url_regex redirector\.([0-9.]{4}|.*\.youtube\.com|.*\.googlevideo\.com|.*\.video\.google\.com)\/(get_video\?|videodownload\?|videoplayback.*id|get_video_info\?|ptracking\?|player_204\?|stream_204\?).* acl store_yt_id url_regex -i youtube.*(ptracking|stream_204|playback|player_204|watchtime|set_awesome|s\?|ads).*(video_id|docid|\&v|content_v)\=([^\&\s]*).*$ acl store_id_list_yt url_regex -i (youtube|googlevideo).*videoplayback.*$ acl store_id_list_yt url_regex ^https?\:\/\/([0-9.]{4}|.*\.youtube\.com|.*\.googlevideo\.com|.*\.video\.google\.com)\/(get_video\?|videodownload\?|videoplayback.*id).* acl store-id_list urlpath_regex -i dl\.sourceforge\.net acl store-id_list urlpath_regex -i \.ytimg\.com acl store-id_list urlpath_regex -i \.(akamaihd|fbcdn)\.net acl store_id_list urlpath_regex -i [a-zA-Z]{2}[0-9]*\.4shared\.com\/download\/ acl store_id_list_url url_regex ^http:\/\/[0-9]\.bp\.blogspot\.com.*\.(jpeg|jpg|png|gif|ico) acl store_id_list_url url_regex ^http[s]?:\/\/.*\.twimg\.com\/(.*)\.(gif|jpeg|jpg|png|js|css) acl store_id_list_url url_regex ^http[s]?:\/\/(media|static)\.licdn\.com\/.*\.(png|jpg|gif|woff) acl store_id_list_url url_regex ^https:\/\/fb(static|cdn)\-.*\-a.akamaihd.net\/(.*)\.(gif|jpeg|jpg|png|js|css|mp4) acl store_id_list_url url_regex ^http:\/\/.*\.ak\.fbcdn\.net\/.*\.(gif|jpg|png|js|mp4) request_header_access Range deny store_id_list_yt range_offset_limit 10 KB store_id_list_yt acl loop_302 http_status 302 acl getmethod method GET ############################################################################### # Recommended minimum Access Permission configuration: # # Deny requests to certain unsafe ports ############################################################################### http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager http_access allow localnet http_access allow localhost http_access deny all ############################################################################### # squid ssl_bump option ############################################################################### always_direct allow all ssl_bump server-first all sslproxy_cert_error deny all sslproxy_flags DONT_VERIFY_PEER sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/squid/ssl_db -M 4MB sslcrtd_children 8 startup=1 idle=1 ############################################################################### # Squid normally listens to port 3128 ############################################################################### https_port 3130 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_certs/squid.crt key=/etc/squid/ssl_certs/squid.key http_port 3129 tproxy http_port 3128 # TAG: Store-id Program # ----------------------------------------------------------------------------- store_id_program /etc/squid/store-id.pl store_id_children 100 startup=0 idle=1 concurrency=1000 # TAG: Store-id Access # ----------------------------------------------------------------------------- store_id_access deny dontstore store_id_access deny !getmethod store_id_access allow store_id_list_yt store_id_access allow store_yt_id store_id_access allow store-id_list store_id_access deny all store_id_bypass on # TAG: Youtube 302 # ----------------------------------------------------------------------------- store_miss deny store_id_list_yt loop_302 send_hit deny store_id_list_yt loop_302 ############################################################################### ## MEMORY CACHE OPTIONS ############################################################################### client_dst_passthru on cache_mem 1024 MB maximum_object_size_in_memory 1024 KB memory_cache_shared off memory_cache_mode disk memory_replacement_policy heap GDSF ############################################################################### ## DISK CACHE OPTIONS ############################################################################### cache_replacement_policy heap LFUDA minimum_object_size 1 bytes maximum_object_size 10 GB ############################################################################### # Uncomment and adjust the following to add a disk cache directory. ############################################################################### cache_dir aufs /cache-1 500000 16 256 # sesuaikan dengan drive penyimpanan cache cache_dir aufs /cache-2 500000 16 256 # sesuaikan dengan drive penyimpanan cache store_dir_select_algorithm round-robin cache_swap_low 90 cache_swap_high 95 ############################################################################### # Leave coredumps in the first cache dir ############################################################################### coredump_dir /var/spool/squid ############################################################################### ## LOGFILE OPTIONS ############################################################################### #access_log daemon:/tmp/access.log !log access_log /tmp/access.log squid logfile_daemon /usr/lib/squid/log_file_daemon cache_store_log none logfile_rotate 1 mime_table /etc/squid/mime.conf pid_filename /var/run/squid.pid strip_query_terms off buffered_logs off ############################################################################### ## OPTIONS FOR TROUBLESHOOTING ############################################################################### #cache_log /tmp/cache.log cache_log /dev/null #debug_options ALL,1 22,3 coredump_dir /var/spool/squid ############################################################################### ## OPTIONS FOR TUNING THE CACHE ############################################################################### max_stale 1 years vary_ignore_expire on shutdown_lifetime 10 seconds ############################################################################### # Add any of your own refresh_pattern entries above these. ############################################################################### refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 # Youtube Video. refresh_pattern -i (get_video\?|videoplayback\?|videodownload\?|\.mp4|\.webm|\.flv|((audio|video)\/(webm|mp4))) 241920 100% 241920 override-expire ignore-reload ignore-private ignore-no-store ignore-must-revalidate reload-into-ims ignore-auth store-stale refresh_pattern -i ^https?\:\/\/.*\.googlevideo\.com\/videoplayback.* 10080 99% 43200 override-lastmod override-expire ignore-reload reload-into-ims ignore-private reload-into-ims ignore-auth store-stale refresh_pattern -i ^https?\:\/\/.*\.googlevideo\.com\/videoplayback.*$ 241920 100% 241920 override-expire ignore-reload ignore-private ignore-no-store ignore-must-revalidate reload-into-ims ignore-auth store-stale # Youtube images. refresh_pattern -i (yimg|twimg)\.com\.* 1440 100% 129600 override-expire ignore-reload reload-into-ims refresh_pattern -i (ytimg|ggpht)\.com\.* 1440 80% 129600 override-expire override-lastmod ignore-auth ignore-reload reload-into-ims # Facebook Images. refresh_pattern -i fbcdn.*net\/.*\.((jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|css|js)|(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|css|js)(\?|.*$)) 241920 99% 241920 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims ignore-auth refresh_pattern -i pixel\.facebook\.com.*\.(jpg|png|gif|ico|css|js) 241920 80% 241920 override-expire ignore-reload reload-into-ims ignore-auth refresh_pattern -i \.akamaihd\.net.*\.(jpg|png|gif|ico|css|js) 241920 80% 241920 override-expire ignore-reload reload-into-ims ignore-auth refresh_pattern -i ((facebook.com)|(85.131.151.39))\.(jpg|png|gif) 241920 99% 241920 ignore-reload override-expire ignore-no-store store-stale refresh_pattern -i fbcdn\.net\/.*\.((jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|css|js)|(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|css|js)(\?|.*$)) 241920 99% 241920 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims ignore-auth refresh_pattern static\.(xx|ak)\.fbcdn\.net*\.(jpg|gif|png) 241920 99% 241920 ignore-reload override-expire ignore-no-store refresh_pattern ^https?\:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png) 241920 99% 241920 ignore-reload override-expire ignore-no-store # Facebook Video. refresh_pattern -i \.video.ak.fbcdn.net.*\.(mp4|flv|mp3|amf) 10080 80% 43200 override-expire ignore-reload reload-into-ims ignore-private ignore-no-store ignore-must-revalidate refresh_pattern (audio|video)\/(webm|mp4) 129600 99% 129600 ignore-reload override-expire override-lastmod ignore-must-revalidate ignore-private ignore-no-store ignore-auth store-stale refresh_pattern -i ^http://.*squid\.internal.* 241920 100% 241920 override-lastmod override-expire ignore-reload ignore-must-revalidate ignore-private ignore-no-store ignore-auth store-stale # All Files. refresh_pattern -i \.(3gp|7z|ace|asx|bin|deb|divx|dvr-ms|ram|rpm|exe|inc|cab|qt) 10080 80% 10080 override-expire override-lastmod reload-into-ims refresh_pattern -i \.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v)|arj|lha|lzh|zip|tar|iop|nzp|pak|mar|msp) 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|dat|ad|txt|dll) 10080 80% 10080 override-expire override-lastmod reload-into-ims refresh_pattern -i \.(avi|ac4|mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rm|r(a|p)m|snd|vob|webm) 10080 80% 10080 override-expire override-lastmod reload-into-ims refresh_pattern -i \.(pp(t?x)|s|t)|pdf|rtf|wax|wm(a|v)|wmx|wpl|cb(r|z|t)|xl(s?x)|do(c?x)|flv|x-flv) 10080 80% 10080 override-expire override-lastmod reload-into-ims refresh_pattern . 0 20% 4320 ############################################################################### ## ADMINISTRATIVE PARAMETERS ############################################################################### cache_mgr eko.hendratno@gmail.com cache_effective_user proxy cache_effective_group proxy visible_hostname gtw.home.lan unique_hostname gtw.home.lan ############################################################################### ## PERSISTENT CONNECTION HANDLING ############################################################################### detect_broken_pconn on client_persistent_connections off server_persistent_connections on ############################################################################### ## ERROR PAGE OPTIONS ############################################################################### error_directory /usr/share/squid/errors/en error_log_languages off ############################################################################### ## DNS OPTIONS ############################################################################### check_hostnames off hosts_file /etc/hosts connect_retries 2 ipcache_low 90 ipcache_high 95 ipcache_size 10024 # 2x Besar RAM fqdncache_size 7024 # real RAM Hardware pipeline_prefetch 100 ############################################################################### ## MISCELLANEOUS ############################################################################### memory_pools off reload_into_ims on uri_whitespace strip max_filedescriptors 65536
Store-ID Script
- /etc/squid /store-id.pl
#!/usr/bin/perl ########################### # # Store-ID dengan asumsi chanel berapapun # ########################### $|=1; while (<>) { my $chan = ""; if (s/^(\d+\s+)//o) { $chan = $1; } $_ =~ s/(\s+.+)//o; if ($_ =~ m/^https?\:\/\/.*youtube.*(ptracking|stream_204|player_204|gen_204).*(video_id|docid|v)\=([^\&\s]*).*/){ $vid = $3 ; @cpn = m/[&?]cpn\=([^\&\s]*)/; $fn = "/var/log/squid3/@cpn"; unless (-e $fn) { open FH,">".$fn ; print FH "$vid\n"; close FH; } print $chan, "ERR\n" ; } elsif ($_ =~ m/^https?\:\/\/.*(youtube|google).*videoplayback.*/){ @itag = m/[&?](itag=[0-9]*)/; @ids = m/[&?]id\=([^\&\s]*)/; @mime = m/[&?](mime\=[^\&\s]*)/; @cpn = m/[&?]cpn\=([^\&\s]*)/; @range = m/[&?](range=[^\&\s]*)/; if (defined($cpn[0])) { $fn = "/var/log/squid3/@cpn"; if (-e $fn) { open FH,"<".$fn ; $id = <fh>; chomp $id ; close FH ; } else { $id = $ids[0] ; } print $chan, "OK store-id=http://googlevideo.squid.internal/id=" . $id . "&@itag@range@mime\n" ; } else { print $chan, "ERR\n" ; } } elsif ($_ =~ m/^http:\/\/(videos|photos|scontent)[\-a-z0-9\.]*instagram\.com\/hphotos[\-a-z0-9]*\/([\w\d\-\_\/\.]*.(mp4|jpg))/){ print $chan, "OK store-id=http://instagram.squid.internal/$2\n" ; } elsif ($_ =~ m/^http:\/\/distilleryimage[\-a-z0-9\.]*instagram\.com\/(.*)/){ print $chan, "OK store-id=http://instagram.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/.*\.steampowered\.com\/depot\/[0-9]+\/chunk\/([^\?]*)/){ print $chan, "OK store-id=http://steampowered.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/.*(fbcdn|akamaihd)\.net\/.*\/(.*\.mp4)(.*)/) { print $chan, "OK store-id=storeurl://facebook.squid.internal/$2\n" ; } elsif ($_ =~ m/^https?:\/\/.*(static|profile).*a\.akamaihd\.net(\/static-ak\/rsrc\.php\/v[0-9]\/(.*\.(mp4|jpg|bmp|png|flv|m4v|gif|jpeg)))/) { print $chan, "OK store-id=http://facebook.squid.internal/$3\n" ; } elsif ($_ =~ m/^https?:\/\/.*(static|profile).*\.ak\.fbcdn\.net(\/static-ak\/rsrc\.php\/v[0-9]\/(.*\.(mp4|jpg|bmp|png|flv|m4v|gif|jpeg)))/) { print $chan, "OK store-id=http://facebook.squid.internal/$3\n" ; } elsif ($_ =~ m/^https?:\/\/.*(static|profile).*a\.akamaihd\.net(\/rsrc\.php\/v[0-9]\/(.*))/) { print $chan, "OK store-id=http://facebook.squid.internal/$3\n" ; } elsif ($_ =~ m/^https?:\/\/.*(static|profile).*\.ak\.fbcdn\.net(\/rsrc\.php\/v[0-9]\/(.*))/) { print $chan, "OK store-id=http://facebook.squid.internal/$3\n" ; } elsif ($_ =~ m/^https?:\/\/[^\/]*(fbcdn|akamaihd)[^\/]*net\/rsrc\.php\/(.*\.(mp4|jpg|bmp|png|flv|m4v|gif|jpeg))/) { print $chan, "OK store-id=http://facebook.squid.internal/$2\n" ; } elsif ($_ =~ m/^https?:\/\/[^\/]*(fbcdn|akamaihd)[^\/]*net\/safe\_image\.php\?.*(url\=.*\.(mp4|jpg|bmp|png|flv|m4v|gif|jpeg)).*/) { print $chan, "OK store-id=http://facebook.squid.internal/$2\n" ; } elsif ($_ =~ m/^https?:\/\/i[0-2].wp\.com\/graph\.facebook\.com\/(.*)/) { print $chan, "OK store-id=http://facebook.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/(video\.ak\.fbcdn\.net)\/(.*?)\/(.*\.mp4)\??.*$/) { print $chan, "OK store-id=http://facebook.squid.internal/$1/$3\n" ; } elsif ($_ =~ m/^https?:\/\/video\.(.*)\.fbcdn\.net\/(.*?)\/([0-9_]+\.(mp4|flv|avi|mkv|m4v|mov|wmv|3gp|mpg|mpeg)?)(.*)/) { print $chan, "OK store-id=http://facebook.squid.internal/$3\n" ; } elsif ($_ =~ m/^https?:\/\/(fbcdn|scontent).*(akamaihd|fbcdn)\.net\/(h|s)(profile|photos).*\/((p|s).*\.(png|gif|jpg))(\?.+)?$/){ print $chan, "OK store-id=http://facebook.squid.internal/$5\n" ; } elsif ($_ =~ m/^https?:\/\/(fbcdn|scontent).*(akamaihd|fbcdn)\.net\/(h|s)(profile|photos).*\/(.*\.(png|gif|jpg))(\?.+)?$/){ print $chan, "OK store-id=http://facebook.squid.internal/$5\n" ; } elsif ($_ =~ m/^https?:\/\/attachment\.fbsbx\.com\/.*\?(id=[0-9]*).*/) { print $chan, "OK store-id=http://facebook.squid.internal/$1\n" ; } elsif ($_ =~ m/^https:\/\/.*\.google\.com\/chrome\/win\/.+\/(.*\.exe)/){ print $chan, "OK store-id=http://update-google.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/.*\.ytimg\.com\/(.*\.(webp|jpg|gif))/){ print $chan, "OK store-id=http://ytimg.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/.*firedrive\.com\/download\/[0-9]+\/[0-9]+\/.*\?h=.*e\=.*f\=(.*)\&.*/){ print $chan, "OK store-id=http://firedrive.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/.*\.4shared\.com\/.*\/dlink__[23]F([\w]+)_[23]F(.*)\_3Ftsid_[\w].*/){ print $chan, "OK store-id=http://4shared.squid.internal/$2\n" ; } elsif ($_ =~ m/^https?:\/\/.*\.4shared\.com\/download\/([^\/]*).*/){ print $chan, "OK store-id=http://4shared.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/.*\.[a-z]+\.bing\.net\/(.*)\&w=.*/){ print $chan, "OK store-id=http://bing.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/.*\.bing\.(net|com)\/.*\?id=([a-zA-Z]\.[0-9]+)&pid=.*/){ print $chan, "OK store-id=http://bing.squid.internal/$2\n" ; } elsif ($_ =~ m/^https?:\/\/.*\.gstatic\.com\/images\?q=tbn\:(.*)/){ print $chan, "OK store-id=http://gstatic.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/.*\.reverbnation\.com\/.*\/(ec_stream_song|download_song_direct|stream_song)\/([0-9]*).*/){ print $chan, "OK store-id=http://reverbnation.squid.internal/$2\n" ; } elsif ($_ =~ m/^https?:\/\/.*\.dl\.sourceforge\.net\/(.*\.(exe|zip|mp3|mp4))/){ print $chan, "OK store-id=http://sourceforge.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/fs[0-9]+\.filehippo\.com\/[^\/]*\/[^\/]*\/(.*)/){ print $chan, "OK store-id=http://filehippo.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/download[0-9]+.mediafire\.com\/.*\/\w+\/(.*)/){ print $chan, "OK store-id=http://mediafire.squid.internal$1\n" ; } elsif ($_ =~ m/^https?:\/\/.*android\.clients\.google\.com\/[a-z]+\/[a-zA-Z]+\/[a-zA-Z]+\/(.*)\/([0-9]+)\?.*/){ print $chan, "OK store-id=http://android.squid.internal/$1/$2\n" ; } elsif ($_ =~ m/^https?:\/\/.*(googleusercontent.com|blogspot.com)\/(.*)\/([a-z0-9]+)(-[a-z]-[a-z]-[a-z]+)?\/(.*\.(jpg|png))/){ print $chan, "OK store-id=http://googleusercontent.squid.internal/$5\n" ; } elsif ($_ =~ m/^https?:\/\/global-shared-files-[a-z][0-9]\.softonic\.com\/.{3}\/.{3}\/.*\/.*\=(.*\.exe)/){ print $chan, "OK store-id=http://softonic.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/.*netmarble\.co\.id\/.*\/(data|ModooMarble)\/(.*)/){ print $chan, "OK store-id=http://netmarble.squid.internal/$2\n" ; } elsif ($_ =~ m/^https?:\/\/(.*)\.windowsupdate\.com\/(.*)\/(.*)\/([a-z].*)/){ print $chan, "OK store-id=http://windowsupdate.squid.internal/$4\n" ; } elsif ($_ =~ m/^https?:\/\/.*filetrip\.net\/.*\/((.*)\.([^\/\?\&]{2,4}))\?.*$/){ print $chan, "OK store-id=http://filetrip.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/.*get4mobile\.net\/.*f=([^\/\?\&]*).*$/){ print $chan, "OK store-id=http://get4mobile.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/.*thestaticvube\.com\/.*\/(.*)/){ print $chan, "OK store-id=http://thestaticvube.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/113\.6\.235\.171\/youku\/.*\/(.*\.flv)/){ print $chan, "OK store-id=http://youku.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/\d+\.\d+\.\d+\.\d+\/drama\/(.*\.mp4)\?.*\=(\d+)/){ print $chan, "OK store-id=http://drama.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/([a-z])[\d]{1,2}?(.gstatic\.com.*|\.wikimapia\.org.*)/){ print $chan, "OK store-id=http://gstatic.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/.*\.[a-z][0-9]\.(tiles\.virtualearth\.net)\/(.*\&n=z)/){ print $chan, "OK store-id=http://virtualearth.squid.internal/$2\n" ; } elsif ($_ =~ m/^https?:\/\/imgv2-[0-9]\.scribdassets\.com\/(.*)/){ print $chan, "OK store-id=http://scribdassets.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/(.*?)\/(archlinux\/[a-zA-Z].*\/os\/.*)/){ print $chan, "OK store-id=http://archlinux.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/(.*?)\/speedtest\/(.*\.(jpg|txt))\??.*$/){ print $chan, "OK store-id=http://speedtest.squid.internal/$2\n" ; } elsif ($_ =~ m/^https?:\/\/i[1-9]{3}\.photobucket\.com\/(.*)/){ print $chan, "OK store-id=http://photobucket.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/i[1-9]{4}\.photobucket\.com\/(.*)/){ print $chan, "OK store-id=http://photobucket.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/avideos\.5min\.com\/.*\/(.*)\?.*/){ print $chan, "OK store-id=http://avideos.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/.*\.catalog\.video\.msn\.com\/.*\/(.*\.(mp4|flv|m4v))/){ print $chan, "OK store-id=http://msn-video.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/v\.imwx\.com\/.*\/(.*)\?.*/){ print $chan, "OK store-id=http://imwx.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/video[0-9]\.break\.com\/.*\/(.*)\?.*/){ print $chan, "OK store-id=http://break.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/.*\.video[0-9]\.blip\.tv\/.*\/(.*)\?.*/){ print $chan, "OK store-id=http://blip.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/ss[0-9]\.vidivodo\.com\/vidivodo\/vidservers\/server[0-9]*\/videos\/.*\/([a-zA-Z0-9.]*)\?.*/){ print $chan, "OK store-id=http://vidivodo.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/video\-http\.media\-imdb\.com\/([a-zA-Z0-9\@\_\-]+\.(mp4|flv|m4v))\?.*/){ print $chan, "OK store-id=http://imdb-video.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/(vl|v)\.mccont\.com\/(.*)\/(.*\.(mp4|m4v|flv))\?.*/){ print $chan, "OK store-id=http://mccont.squid.internal/$3\n" ; } elsif ($_ =~ m/^https?:\/\/(vid.{0,2}|proxy.*)(\.ak|\.ec|\.akm|)\.(dmcdn\.net|dailymotion\.com)\/.*\/(frag.*\.(flv|mp4|m4v)).*/){ print $chan, "OK store-id=http://dailymotion.squid.internal/$4\n" ; } elsif ($_ =~ m/^https?:\/\/[^\/]*\.vimeo[^\/]*\.com.*\/([[^\/]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg|web))\?.*/){ print $chan, "OK store-id=http://vimeo.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/fcache\.veoh\.com\/.*\/.*(l[0-9]*\.(mp4|flv))\?.*/){ print $chan, "OK store-id=http://veoh.squid.internal$1\n" ; } elsif ($_ =~ m/^https?:\/\/video\.thestaticvube\.com\/.*\/(.*)/){ print $chan, "OK store-id=http://thestaticvube.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/cdn[0-9]\.videos\.videobash\.com\/.*\/(.*\.(mp4|m4v|flv))\?.*/){ print $chan, "OK store-id=http://videobash.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/[^\/]*\.phncdn[^\/]*\.com.*\/([[^\/]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*/){ print $chan, "OK store-id=http://phncdn.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/.*\.xvideos\.com\/.*\/([^\/]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*/){ print $chan, "OK store-id=http://xvideos.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/[^\/]*\.tube8[^\/]*\.com.*\/([^\/]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*/){ print $chan, "OK store-id=http://tube8.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/.*\.(redtube|redtubefiles)\.com\/.*\/([^\/]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*/){ print $chan, "OK store-id=http://redtube.squid.internal/$2\n" ; } elsif ($_ =~ m/^https?:\/\/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\/.*\/xh.*\/([^\/]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))/){ print $chan, "OK store-id=http://xhcdn.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/[^\/]*\.xhcdn[^\/]*\.com.*\/([^\/]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*/){ print $chan, "OK store-id=http://xhcdn.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/[^\/]*\.nsimg[^\/]*\.net.*\/([^\/]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*/){ print $chan, "OK store-id=http://nsimg.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/.*\.youjizz\.com.*\/([^\/]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*/){ print $chan, "OK store-id=http://youjizz.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/[^\/]*\.public\.keezmovies[^\/]*\.com.*\/([^\/]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*/){ print $chan, "OK store-id=http://keezmovies.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/[^\/]*\.youporn[^\/]*\.com.*\/([^\/]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*/){ print $chan, "OK store-id=http://youporn.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/[^\/]*\.spankwire[^\/]*\.com.*\/([^\/]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*/){ print $chan, "OK store-id=http://spankwire.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/[^\/]*\.pornhub[^\/]*\.com.*\/([[^\/]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*/){ print $chan, "OK store-id=http://pornhub.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/[^\/]*\.us.playvid[^\/]*\.com.*\/([[^\/]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*/){ print $chan, "OK store-id=http://playvid.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/[^\/]*\.slutload-media[^\/]*\.com.*\/([[^\/]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*/){ print $chan, "OK store-id=http://slutload-media.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/[^\/]*\.hardsextube[^\/]*\.com.*\/([[^\/]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*/){ print $chan, "OK store-id=http://hardsextube.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/[^\/]*\.public\.extremetube[^\/]*\.com.*\/([[^\/]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*/){ print $chan, "OK store-id=http://extremetube.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/([a-z0-9.]*)(\.doubleclick\.net|\.quantserve\.com|.exoclick\.com|interclick.\com|\.googlesyndication\.com|\.auditude\.com|.visiblemeasures\.com|yieldmanager|cpxinteractive)(.*)/){ print $chan, "OK store-id=http://ads.squid.internal/$3\n" ; } elsif ($_ =~ m/^https?:\/\/(.*?)\/(ads)\?(.*?)/){ print $chan, "OK store-id=http://ads.squid.internal/$3\n" ; } elsif ($_ =~ m/^https?:\/\/[^\/]*phobos\.apple\.com\/.*\/([^\/]*\.ipa)/){ print $chan, "OK store-id=http://apple.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/fs\w*\.fileserve\.com\/file\/(\w*)\/[\w-]*\.\/(.*)/){ print $chan, "OK store-id=http://fileserve.squid.internal/$2\n" ; } elsif ($_ =~ m/^https?:\/\/s[0-9]*\.filesonic\.com\/download\/([0-9]*)\/(.*)/){ print $chan, "OK store-id=http://filesonic.squid.internal/$2\n" ; } elsif ($_ =~ m/^https?:\/\/download[0-9]{3}\.avast\.com\/(.*)/){ print $chan, "OK store-id=http://avast.squid.internal/41\n" ; } elsif ($_ =~ m/^https?:\/\/[a-zA-Z0-9]+\.[a-zA-Z0-9]+x\.[a-z]\.avast\.com\/[a-zA-Z0-9]+x\/(.*\.vpx)/){ print $chan, "OK store-id=http://avast.squid.internal\$1\n" ; } elsif ($_ =~ m/^https?:\/\/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\/(iavs.*)/){ print $chan, "OK store-id=http://iavs.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/.*\.starhub\.com\/[a-z]+\/[a-z]+\/[a-z]+\/(.*exe)\?[0-9]/){ print $chan, "OK store-id=http://starhub.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/dnl-[0-9]{2}\.geo\.kaspersky\.com\/(.*)/){ print $chan, "OK store-id=http://kaspersky.squid.internal/$1\n" ; } elsif ($_ =~ m/^https?:\/\/([^\.]*)\.yimg\.com\/(.*)/){ print $chan, "OK store-id=http://yimg.squid.internal/$1\n" ; } else { print $chan, "ERR\n" ; } }
Squid Startup Script
- /etc/init.d/squid
#! /bin/sh # # squid Startup script for the SQUID HTTP proxy-cache. # # Version: @(#)squid.rc 2.20 01-Oct-2001 miquels@cistron.nl # ### BEGIN INIT INFO # Provides: squid # Required-Start: $local_fs $network # Required-Stop: $local_fs $network # Should-Start: $named # Should-Stop: $named # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Squid HTTP Proxy ### END INIT INFO NAME=squid DAEMON=/usr/sbin/squid LIB=/usr/lib/squid PIDFILE=/var/run/squid.pid # export LD_PRELOAD=/usr/local/lib/libjemalloc.so # ini apabila anda menggunakan jemalloc SQUID_ARGS="-YC" [ ! -f /etc/default/squid ] || . /etc/default/squid . /lib/lsb/init-functions PATH=/bin:/usr/bin:/sbin:/usr/sbin [ -x $DAEMON ] || exit 0 grepconf () { w=" " # space tab sq=/etc/squid/squid.conf # sed is cool. res=`sed -ne ' s/^'$1'['"$w"']\+\([^'"$w"']\+\).*$/\1/p; t end; d; :end q' < $sq` [ -n "$res" ] || res=$2 echo "$res" } grepconf2 () { w=" " # space tab sq=/etc/squid/$NAME.conf # sed is cool. res=`sed -ne ' s/^'$1'['"$w"']\+[^'"$w"']\+['"$w"']\+\([^'"$w"']\+\).*$/\1/p; t end; d; :end q' < $sq` [ -n "$res" ] || res=$2 echo "$res" } # # Try to increase the # of filedescriptors we can open. # maxfds () { [ -n "$SQUID_MAXFD" ] || return [ -f /proc/sys/fs/file-max ] || return 0 global_file_max=`cat /proc/sys/fs/file-max` minimal_file_max=$(($SQUID_MAXFD + 4096)) if [ "$global_file_max" -lt $minimal_file_max ] then echo $minimal_file_max > /proc/sys/fs/file-max fi ulimit -n $SQUID_MAXFD } start () { cdr=`grepconf2 cache_dir /cache-1` ctp=`grepconf cache_dir ufs` case "$cdr" in [0-9]*) log_failure_msg "squid: squid.conf contains 2.2.5 syntax - not starting!" log_end_msg 1 exit 1 ;; esac # # Create spool dirs if they don't exist. # if [ -d "$cdr" -a ! -d "$cdr/00" ] || [ "$ctp" = "coss" -a ! -w "$cdr" ] then log_warning_msg "Creating squid cache structure" $DAEMON $SQUID_ARGS -z fi if [ "$CHUID" = "" ]; then CHUID=root fi maxfds umask 027 start-stop-daemon --quiet --start \ --pidfile $PIDFILE \ --chuid $CHUID \ --exec $DAEMON -- $SQUID_ARGS < /dev/null return $? } stop () { PID=`cat $PIDFILE 2>/dev/null` start-stop-daemon --stop --quiet --pidfile $PIDFILE --name squid # # Now we have to wait until squid has _really_ stopped. # sleep 2 if test -n "$PID" && kill -0 $PID 2>/dev/null then log_action_begin_msg " Waiting" cnt=0 while kill -0 $PID 2>/dev/null do cnt=`expr $cnt + 1` if [ $cnt -gt 24 ] then log_action_end_msg 1 return 1 fi sleep 5 log_action_cont_msg "" done log_action_end_msg 0 return 0 else return 0 fi } case "$1" in start) log_daemon_msg "Starting Squid HTTP proxy" "squid" if start ; then log_end_msg $? else log_end_msg $? fi ;; stop) log_daemon_msg "Stopping Squid HTTP proxy" "squid" if stop ; then log_end_msg $? else log_end_msg $? fi ;; reload|force-reload) log_action_msg "Reloading Squid configuration files" $DAEMON -k reconfigure log_action_end_msg 0 ;; restart) log_daemon_msg "Restarting Squid HTTP proxy" "squid" stop if start ; then log_end_msg $? else log_end_msg $? fi ;; status) status_of_proc -p "$PIDFILE" "$DAEMON" squid && exit 0 || exit $? ;; *) echo "Usage: /etc/init.d/$NAME {start|stop|reload|force-reload|restart|status}" exit 3 ;; esac exit 0
Change Script File Permissions
chmod +x store-id.pl chmod +x squid chown proxy:proxy /cache-1 chown proxy:proxy /cache-2 && chmod 777 /cache-1 && chmod 777 /cache-2 squid -f /etc/squid/squid.conf -z sysv-rc-conf squid default
Firewall rules
- /etc/rc.local
#0 iptables -A POSTROUTING -t nat -j MASQUERADE -o eth0 #1 iptables -t mangle -F iptables -t mangle -X #2 echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter echo 1 > /proc/sys/net/ipv4/ip_forward #3 ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 #4 iptables -t mangle -N DIVERT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT #5 iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT #6 iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129 iptables -t mangle -A PREROUTING -p tcp --dport 443 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3130 #7 squid start exit 0
Run Squid
squid -k parse squid -k reconfigure squid -z squid start tail -f /tmp/access.log | ccze</fh>
squid/setup_squid_from_source.txt · Last modified: 2021/01/06 11:44 by peter