| Next revision | Previous revision |
| pfsense:setup [2020/03/14 23:11] – created peter | pfsense:setup [2020/03/15 11:15] (current) – removed peter |
|---|
| ====== PFSense - Setup ====== | |
| |
| <code> | |
| apt-get update && apt-get upgrade -y | |
| |
| apt-get install devscripts \ | |
| build-essential \ | |
| openssl libssl-dev \ | |
| fakeroot \ | |
| libcppunit-dev \ | |
| libsasl2-dev \ | |
| cdbs \ | |
| ccze \ | |
| libfile-readbackwards-perl \ | |
| libcap2 \ | |
| libcap-dev \ | |
| libcap2-dev \ | |
| libtool \ | |
| sysv-rc-conf -y && | |
| wget http://ftp.riken.jp/net/squid/archive/3.5/squid-3.5.3.tar.bz2 && | |
| tar -xjf squid-3.5.3.tar.bz2 && | |
| cd squid-3.5.3 && | |
| ./configure \ | |
| --prefix=/usr \ | |
| --includedir=/usr/include \ | |
| --infodir=/usr/share/info \ | |
| --sysconfdir=/etc \ | |
| --localstatedir=/var \ | |
| --libexecdir=/usr/lib/squid \ | |
| --srcdir=. \ | |
| --datadir=/usr/share/squid \ | |
| --sysconfdir=/etc/squid \ | |
| --mandir=/usr/share/man \ | |
| --enable-inline \ | |
| --enable-async-io=24 \ | |
| --enable-storeio=ufs,aufs,diskd,rock \ | |
| --enable-removal-policies=lru,heap \ | |
| --enable-gnuregex \ | |
| --enable-delay-pools \ | |
| --enable-cache-digests \ | |
| --enable-underscores \ | |
| --enable-icap-client \ | |
| --enable-follow-x-forwarded-for \ | |
| --enable-eui \ | |
| --enable-esi \ | |
| --enable-icmp \ | |
| --enable-zph-qos \ | |
| --enable-http-violations \ | |
| --enable-ssl-crtd \ | |
| --enable-linux-netfilter \ | |
| --enable-ltdl-install \ | |
| --enable-ltdl-convenience \ | |
| --enable-x-accelerator-vary \ | |
| --disable-maintainer-mode \ | |
| --disable-dependency-tracking \ | |
| --disable-silent-rules \ | |
| --disable-translation \ | |
| --disable-ipv6 \ | |
| --disable-ident-lookups \ | |
| --with-swapdir=/var/spool/squid \ | |
| --with-logdir=/var/log/squid \ | |
| --with-pidfile=/var/run/squid.pid \ | |
| --with-aufs-threads=24 \ | |
| --with-filedescriptors=65536 \ | |
| --with-large-files \ | |
| --with-maxfd=65536 \ | |
| --with-openssl \ | |
| --with-default-user=proxy \ | |
| --with-included-ltdl && | |
| make && make install | |
| |
| |
| mkdir /var/lib/squid && | |
| chown -R nobody /var/lib/squid/ && | |
| /usr/lib/squid/ssl_crtd -c -s /var/lib/squid/ssl_db && | |
| chown -R proxy:proxy /var/lib/squid/ssl_db/ && | |
| chmod -R 777 /var/lib/squid/ssl_db/ | |
| |
| nano /etc/squid/squid.conf | |
| |
| # | |
| # Recommended minimum configuration: | |
| # | |
| |
| # Example rule allowing access from your local networks. | |
| # Adapt to list your (internal) IP networks from where browsing | |
| # should be allowed | |
| acl localnet src 192.168.10.0/24 #LAN | |
| acl localnet src 10.10.10.0/24 #WIFI | |
| acl localnet src 10.10.20.0/24 #WIFI | |
| acl localnet src 10.10.30.0/24 #WIFI | |
| |
| acl SSL_ports port 443 | |
| acl Safe_ports port 80 # http | |
| acl Safe_ports port 21 # ftp | |
| acl Safe_ports port 443 # https | |
| acl Safe_ports port 70 # gopher | |
| acl Safe_ports port 210 # wais | |
| acl Safe_ports port 1025-65535 # unregistered ports | |
| acl Safe_ports port 280 # http-mgmt | |
| acl Safe_ports port 488 # gss-http | |
| acl Safe_ports port 591 # filemaker | |
| acl Safe_ports port 777 # multiling http | |
| acl CONNECT method CONNECT | |
| |
| # TAG: QUERY | |
| # ----------------------------------------------------------------------------- | |
| acl QUERY urlpath_regex -i (hackshield|blank.html|infinity.js|hshield.da|renew_session_token.php|recaptcha.js|dat.asp|notice.swf|patchlist.txt|hackshield|captcha|reset.css|update.ver|notice.html|updates.txt|gamenotice|images.kom|patchinfo.xml|noupdate.ui|\.Xtp|\.htc|\.txt) | |
| acl QUERY urlpath_regex -i (patch.conf|uiimageset.xml.iop|gashaponwnd.xml.iop|loading.swf|download.swf|version.list|version.ini|launch.jnlp|server_patch.cfg.iop|core.swf|Loading.swf|resouececheck.sq|mainloading.swf|config.xml|gemmaze.swf|xml.png|size.xml|resourcesbar.swf|version.xml|version.list|delete.ini) | |
| acl QUERY urlpath_regex -i \.(jsp|asp|aspx|cfg|iop|zip|php|xml|html)(\?|$) | |
| cache deny QUERY | |
| |
| # | |
| acl dontstore url_regex ^http:\/\/(([\d\w-]*(\.[^\.\-]*?\..*?))(\/\mosalsal\/[\d]{4}\/.*\/)(.*\.flv))\?start.* | |
| acl dontstore url_regex redbot\.org \.php | |
| acl dontstore url_regex -i ^http:\/\/.*gemscool\.com\/.* | |
| acl dontstore url_regex \.(aspx|php)\? | |
| acl dontstore url_regex goldprice\.org\/NewCharts\/gold\/images\/.*\.png | |
| acl dontstore url_regex google\.co(m|\.[a-z]{2})\/complete\/search\? | |
| acl dontstore url_regex redirector\.([0-9.]{4}|.*\.youtube\.com|.*\.googlevideo\.com|.*\.video\.google\.com)\/(get_video\?|videodownload\?|videoplayback.*id|get_video_info\?|ptracking\?|player_204\?|stream_204\?).* | |
| |
| acl store_yt_id url_regex -i youtube.*(ptracking|stream_204|playback|player_204|watchtime|set_awesome|s\?|ads).*(video_id|docid|\&v|content_v)\=([^\&\s]*).*$ | |
| acl store_id_list_yt url_regex -i (youtube|googlevideo).*videoplayback.*$ | |
| acl store_id_list_yt url_regex ^https?\:\/\/([0-9.]{4}|.*\.youtube\.com|.*\.googlevideo\.com|.*\.video\.google\.com)\/(get_video\?|videodownload\?|videoplayback.*id).* | |
| |
| acl store-id_list urlpath_regex -i dl\.sourceforge\.net | |
| acl store-id_list urlpath_regex -i \.ytimg\.com | |
| acl store-id_list urlpath_regex -i \.(akamaihd|fbcdn)\.net | |
| acl store_id_list urlpath_regex -i [a-zA-Z]{2}[0-9]*\.4shared\.com\/download\/ | |
| |
| acl store_id_list_url url_regex ^http:\/\/[0-9]\.bp\.blogspot\.com.*\.(jpeg|jpg|png|gif|ico) | |
| acl store_id_list_url url_regex ^http[s]?:\/\/.*\.twimg\.com\/(.*)\.(gif|jpeg|jpg|png|js|css) | |
| acl store_id_list_url url_regex ^http[s]?:\/\/(media|static)\.licdn\.com\/.*\.(png|jpg|gif|woff) | |
| acl store_id_list_url url_regex ^https:\/\/fb(static|cdn)\-.*\-a.akamaihd.net\/(.*)\.(gif|jpeg|jpg|png|js|css|mp4) | |
| acl store_id_list_url url_regex ^http:\/\/.*\.ak\.fbcdn\.net\/.*\.(gif|jpg|png|js|mp4) | |
| |
| request_header_access Range deny store_id_list_yt | |
| range_offset_limit 10 KB store_id_list_yt | |
| |
| acl loop_302 http_status 302 | |
| acl getmethod method GET | |
| |
| ############################################################################### | |
| # Recommended minimum Access Permission configuration: | |
| # | |
| # Deny requests to certain unsafe ports | |
| ############################################################################### | |
| http_access deny !Safe_ports | |
| http_access deny CONNECT !SSL_ports | |
| http_access allow localhost manager | |
| http_access deny manager | |
| http_access allow localnet | |
| http_access allow localhost | |
| http_access deny all | |
| |
| ############################################################################### | |
| # squid ssl_bump option | |
| ############################################################################### | |
| always_direct allow all | |
| ssl_bump server-first all | |
| sslproxy_cert_error deny all | |
| sslproxy_flags DONT_VERIFY_PEER | |
| |
| sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/squid/ssl_db -M 4MB | |
| sslcrtd_children 8 startup=1 idle=1 | |
| |
| ############################################################################### | |
| # Squid normally listens to port 3128 | |
| ############################################################################### | |
| https_port 3130 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_certs/squid.crt key=/etc/squid/ssl_certs/squid.key | |
| http_port 3129 tproxy | |
| http_port 3128 | |
| |
| # TAG: Store-id Program | |
| # ----------------------------------------------------------------------------- | |
| store_id_program /etc/squid/store-id.pl | |
| store_id_children 100 startup=0 idle=1 concurrency=1000 | |
| |
| # TAG: Store-id Access | |
| # ----------------------------------------------------------------------------- | |
| store_id_access deny dontstore | |
| store_id_access deny !getmethod | |
| store_id_access allow store_id_list_yt | |
| store_id_access allow store_yt_id | |
| store_id_access allow store-id_list | |
| store_id_access deny all | |
| store_id_bypass on | |
| |
| # TAG: Youtube 302 | |
| # ----------------------------------------------------------------------------- | |
| store_miss deny store_id_list_yt loop_302 | |
| send_hit deny store_id_list_yt loop_302 | |
| |
| ############################################################################### | |
| ## MEMORY CACHE OPTIONS | |
| ############################################################################### | |
| client_dst_passthru on | |
| cache_mem 1024 MB | |
| maximum_object_size_in_memory 1024 KB | |
| memory_cache_shared off | |
| memory_cache_mode disk | |
| memory_replacement_policy heap GDSF | |
| |
| ############################################################################### | |
| ## DISK CACHE OPTIONS | |
| ############################################################################### | |
| cache_replacement_policy heap LFUDA | |
| minimum_object_size 1 bytes | |
| maximum_object_size 10 GB | |
| |
| ############################################################################### | |
| # Uncomment and adjust the following to add a disk cache directory. | |
| ############################################################################### | |
| cache_dir aufs /cache-1 500000 16 256 # sesuaikan dengan drive penyimpanan cache | |
| cache_dir aufs /cache-2 500000 16 256 # sesuaikan dengan drive penyimpanan cache | |
| store_dir_select_algorithm round-robin | |
| cache_swap_low 90 | |
| cache_swap_high 95 | |
| |
| ############################################################################### | |
| # Leave coredumps in the first cache dir | |
| ############################################################################### | |
| coredump_dir /var/spool/squid | |
| |
| ############################################################################### | |
| ## LOGFILE OPTIONS | |
| ############################################################################### | |
| #access_log daemon:/tmp/access.log !log | |
| access_log /tmp/access.log squid | |
| logfile_daemon /usr/lib/squid/log_file_daemon | |
| cache_store_log none | |
| logfile_rotate 1 | |
| mime_table /etc/squid/mime.conf | |
| pid_filename /var/run/squid.pid | |
| strip_query_terms off | |
| buffered_logs off | |
| |
| ############################################################################### | |
| ## OPTIONS FOR TROUBLESHOOTING | |
| ############################################################################### | |
| #cache_log /tmp/cache.log | |
| cache_log /dev/null | |
| #debug_options ALL,1 22,3 | |
| coredump_dir /var/spool/squid | |
| |
| ############################################################################### | |
| ## OPTIONS FOR TUNING THE CACHE | |
| ############################################################################### | |
| max_stale 1 years | |
| vary_ignore_expire on | |
| shutdown_lifetime 10 seconds | |
| |
| ############################################################################### | |
| # Add any of your own refresh_pattern entries above these. | |
| ############################################################################### | |
| refresh_pattern ^ftp: 1440 20% 10080 | |
| refresh_pattern ^gopher: 1440 0% 1440 | |
| refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 | |
| |
| # Youtube Video | |
| refresh_pattern -i (get_video\?|videoplayback\?|videodownload\?|\.mp4|\.webm|\.flv|((audio|video)\/(webm|mp4))) 241920 100% 241920 override-expire ignore-reload ignore-private ignore-no-store ignore-must-revalidate reload-into-ims ignore-auth store-stale | |
| refresh_pattern -i ^https?\:\/\/.*\.googlevideo\.com\/videoplayback.* 10080 99% 43200 override-lastmod override-expire ignore-reload reload-into-ims ignore-private reload-into-ims ignore-auth store-stale | |
| refresh_pattern -i ^https?\:\/\/.*\.googlevideo\.com\/videoplayback.*$ 241920 100% 241920 override-expire ignore-reload ignore-private ignore-no-store ignore-must-revalidate reload-into-ims ignore-auth store-stale | |
| |
| # Image Youtube | |
| refresh_pattern -i (yimg|twimg)\.com\.* 1440 100% 129600 override-expire ignore-reload reload-into-ims | |
| refresh_pattern -i (ytimg|ggpht)\.com\.* 1440 80% 129600 override-expire override-lastmod ignore-auth ignore-reload reload-into-ims | |
| |
| #images facebook | |
| refresh_pattern -i fbcdn.*net\/.*\.((jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|css|js)|(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|css|js)(\?|.*$)) 241920 99% 241920 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims ignore-auth | |
| refresh_pattern -i pixel\.facebook\.com.*\.(jpg|png|gif|ico|css|js) 241920 80% 241920 override-expire ignore-reload reload-into-ims ignore-auth | |
| refresh_pattern -i \.akamaihd\.net.*\.(jpg|png|gif|ico|css|js) 241920 80% 241920 override-expire ignore-reload reload-into-ims ignore-auth | |
| refresh_pattern -i ((facebook.com)|(85.131.151.39))\.(jpg|png|gif) 241920 99% 241920 ignore-reload override-expire ignore-no-store store-stale | |
| refresh_pattern -i fbcdn\.net\/.*\.((jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|css|js)|(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|css|js)(\?|.*$)) 241920 99% 241920 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims ignore-auth | |
| refresh_pattern static\.(xx|ak)\.fbcdn\.net*\.(jpg|gif|png) 241920 99% 241920 ignore-reload override-expire ignore-no-store | |
| refresh_pattern ^https?\:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png) 241920 99% 241920 ignore-reload override-expire ignore-no-store | |
| |
| # Video Facebook | |
| refresh_pattern -i \.video.ak.fbcdn.net.*\.(mp4|flv|mp3|amf) 10080 80% 43200 override-expire ignore-reload reload-into-ims ignore-private ignore-no-store ignore-must-revalidate | |
| refresh_pattern (audio|video)\/(webm|mp4) 129600 99% 129600 ignore-reload override-expire override-lastmod ignore-must-revalidate ignore-private ignore-no-store ignore-auth store-stale | |
| refresh_pattern -i ^http://.*squid\.internal.* 241920 100% 241920 override-lastmod override-expire ignore-reload ignore-must-revalidate ignore-private ignore-no-store ignore-auth store-stale | |
| |
| # All File | |
| refresh_pattern -i \.(3gp|7z|ace|asx|bin|deb|divx|dvr-ms|ram|rpm|exe|inc|cab|qt) 10080 80% 10080 override-expire override-lastmod reload-into-ims | |
| refresh_pattern -i \.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v)|arj|lha|lzh|zip|tar|iop|nzp|pak|mar|msp) 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-reload | |
| refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|dat|ad|txt|dll) 10080 80% 10080 override-expire override-lastmod reload-into-ims | |
| refresh_pattern -i \.(avi|ac4|mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rm|r(a|p)m|snd|vob|webm) 10080 80% 10080 override-expire override-lastmod reload-into-ims | |
| refresh_pattern -i \.(pp(t?x)|s|t)|pdf|rtf|wax|wm(a|v)|wmx|wpl|cb(r|z|t)|xl(s?x)|do(c?x)|flv|x-flv) 10080 80% 10080 override-expire override-lastmod reload-into-ims | |
| refresh_pattern . 0 20% 4320 | |
| |
| ############################################################################### | |
| ## ADMINISTRATIVE PARAMETERS | |
| ############################################################################### | |
| cache_mgr eko.hendratno@gmail.com | |
| cache_effective_user proxy | |
| cache_effective_group proxy | |
| visible_hostname gtw.home.lan | |
| unique_hostname gtw.home.lan | |
| |
| ############################################################################### | |
| ## PERSISTENT CONNECTION HANDLING | |
| ############################################################################### | |
| detect_broken_pconn on | |
| client_persistent_connections off | |
| server_persistent_connections on | |
| |
| ############################################################################### | |
| ## ERROR PAGE OPTIONS | |
| ############################################################################### | |
| error_directory /usr/share/squid/errors/en | |
| error_log_languages off | |
| |
| ############################################################################### | |
| ## DNS OPTIONS | |
| ############################################################################### | |
| check_hostnames off | |
| hosts_file /etc/hosts | |
| connect_retries 2 | |
| ipcache_low 90 | |
| ipcache_high 95 | |
| ipcache_size 10024 # 2x Besar RAM | |
| fqdncache_size 7024 # real RAM Hardware | |
| pipeline_prefetch 100 | |
| |
| ############################################################################### | |
| ## MISCELLANEOUS | |
| ############################################################################### | |
| memory_pools off | |
| reload_into_ims on | |
| uri_whitespace strip | |
| max_filedescriptors 65536 | |
| |
| |
| |
| ================================= | |
| nano /etc/squid /store-id.pl | |
| ================================= | |
| #!/usr/bin/perl | |
| ########################### | |
| # | |
| # Store-ID dengan asumsi chanel berapapun | |
| # | |
| ########################### | |
| $|=1; | |
| while (<>) { | |
| my $chan = ""; | |
| if (s/^(\d+\s+)//o) { | |
| $chan = $1; | |
| } | |
| $_ =~ s/(\s+.+)//o; | |
| |
| if ($_ =~ m/^https?\:\/\/.*youtube.*(ptracking|stream_204|player_204|gen_204).*(video_id|docid|v)\=([^\&\s]*).*/){ | |
| $vid = $3 ; | |
| @cpn = m/[&?]cpn\=([^\&\s]*)/; | |
| $fn = "/var/log/squid3/@cpn"; | |
| unless (-e $fn) { | |
| open FH,">".$fn ; | |
| print FH "$vid\n"; | |
| close FH; | |
| } | |
| print $chan, "ERR\n" ; | |
| |
| } elsif ($_ =~ m/^https?\:\/\/.*(youtube|google).*videoplayback.*/){ | |
| @itag = m/[&?](itag=[0-9]*)/; | |
| @ids = m/[&?]id\=([^\&\s]*)/; | |
| @mime = m/[&?](mime\=[^\&\s]*)/; | |
| @cpn = m/[&?]cpn\=([^\&\s]*)/; | |
| @range = m/[&?](range=[^\&\s]*)/; | |
| if (defined($cpn[0])) { | |
| $fn = "/var/log/squid3/@cpn"; | |
| if (-e $fn) { | |
| open FH,"<".$fn ; | |
| $id = <fh>; | |
| chomp $id ; | |
| close FH ; | |
| } else { | |
| $id = $ids[0] ; | |
| } | |
| print $chan, "OK store-id=http://googlevideo.squid.internal/id=" . $id . "&@itag@range@mime\n" ; | |
| } else { | |
| print $chan, "ERR\n" ; | |
| } | |
| |
| } elsif ($_ =~ m/^http:\/\/(videos|photos|scontent)[\-a-z0-9\.]*instagram\.com\/hphotos[\-a-z0-9]*\/([\w\d\-\_\/\.]*.(mp4|jpg))/){ | |
| print $chan, "OK store-id=http://instagram.squid.internal/$2\n" ; | |
| } elsif ($_ =~ m/^http:\/\/distilleryimage[\-a-z0-9\.]*instagram\.com\/(.*)/){ | |
| print $chan, "OK store-id=http://instagram.squid.internal/$1\n" ; | |
| |
| } elsif ($_ =~ m/^https?:\/\/.*\.steampowered\.com\/depot\/[0-9]+\/chunk\/([^\?]*)/){ | |
| print $chan, "OK store-id=http://steampowered.squid.internal/$1\n" ; | |
| |
| } elsif ($_ =~ m/^https?:\/\/.*(fbcdn|akamaihd)\.net\/.*\/(.*\.mp4)(.*)/) { | |
| print $chan, "OK store-id=storeurl://facebook.squid.internal/$2\n" ; | |
| |
| } elsif ($_ =~ m/^https?:\/\/.*(static|profile).*a\.akamaihd\.net(\/static-ak\/rsrc\.php\/v[0-9]\/(.*\.(mp4|jpg|bmp|png|flv|m4v|gif|jpeg)))/) { | |
| print $chan, "OK store-id=http://facebook.squid.internal/$3\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/.*(static|profile).*\.ak\.fbcdn\.net(\/static-ak\/rsrc\.php\/v[0-9]\/(.*\.(mp4|jpg|bmp|png|flv|m4v|gif|jpeg)))/) { | |
| print $chan, "OK store-id=http://facebook.squid.internal/$3\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/.*(static|profile).*a\.akamaihd\.net(\/rsrc\.php\/v[0-9]\/(.*))/) { | |
| print $chan, "OK store-id=http://facebook.squid.internal/$3\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/.*(static|profile).*\.ak\.fbcdn\.net(\/rsrc\.php\/v[0-9]\/(.*))/) { | |
| print $chan, "OK store-id=http://facebook.squid.internal/$3\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/[^\/]*(fbcdn|akamaihd)[^\/]*net\/rsrc\.php\/(.*\.(mp4|jpg|bmp|png|flv|m4v|gif|jpeg))/) { | |
| print $chan, "OK store-id=http://facebook.squid.internal/$2\n" ; | |
| |
| } elsif ($_ =~ m/^https?:\/\/[^\/]*(fbcdn|akamaihd)[^\/]*net\/safe\_image\.php\?.*(url\=.*\.(mp4|jpg|bmp|png|flv|m4v|gif|jpeg)).*/) { | |
| print $chan, "OK store-id=http://facebook.squid.internal/$2\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/i[0-2].wp\.com\/graph\.facebook\.com\/(.*)/) { | |
| print $chan, "OK store-id=http://facebook.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/(video\.ak\.fbcdn\.net)\/(.*?)\/(.*\.mp4)\??.*$/) { | |
| print $chan, "OK store-id=http://facebook.squid.internal/$1/$3\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/video\.(.*)\.fbcdn\.net\/(.*?)\/([0-9_]+\.(mp4|flv|avi|mkv|m4v|mov|wmv|3gp|mpg|mpeg)?)(.*)/) { | |
| print $chan, "OK store-id=http://facebook.squid.internal/$3\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/(fbcdn|scontent).*(akamaihd|fbcdn)\.net\/(h|s)(profile|photos).*\/((p|s).*\.(png|gif|jpg))(\?.+)?$/){ | |
| print $chan, "OK store-id=http://facebook.squid.internal/$5\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/(fbcdn|scontent).*(akamaihd|fbcdn)\.net\/(h|s)(profile|photos).*\/(.*\.(png|gif|jpg))(\?.+)?$/){ | |
| print $chan, "OK store-id=http://facebook.squid.internal/$5\n" ; | |
| |
| } elsif ($_ =~ m/^https?:\/\/attachment\.fbsbx\.com\/.*\?(id=[0-9]*).*/) { | |
| print $chan, "OK store-id=http://facebook.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https:\/\/.*\.google\.com\/chrome\/win\/.+\/(.*\.exe)/){ | |
| print $chan, "OK store-id=http://update-google.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/.*\.ytimg\.com\/(.*\.(webp|jpg|gif))/){ | |
| print $chan, "OK store-id=http://ytimg.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/.*firedrive\.com\/download\/[0-9]+\/[0-9]+\/.*\?h=.*e\=.*f\=(.*)\&.*/){ | |
| print $chan, "OK store-id=http://firedrive.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/.*\.4shared\.com\/.*\/dlink__[23]F([\w]+)_[23]F(.*)\_3Ftsid_[\w].*/){ | |
| print $chan, "OK store-id=http://4shared.squid.internal/$2\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/.*\.4shared\.com\/download\/([^\/]*).*/){ | |
| print $chan, "OK store-id=http://4shared.squid.internal/$1\n" ; | |
| |
| } elsif ($_ =~ m/^https?:\/\/.*\.[a-z]+\.bing\.net\/(.*)\&w=.*/){ | |
| print $chan, "OK store-id=http://bing.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/.*\.bing\.(net|com)\/.*\?id=([a-zA-Z]\.[0-9]+)&pid=.*/){ | |
| print $chan, "OK store-id=http://bing.squid.internal/$2\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/.*\.gstatic\.com\/images\?q=tbn\:(.*)/){ | |
| print $chan, "OK store-id=http://gstatic.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/.*\.reverbnation\.com\/.*\/(ec_stream_song|download_song_direct|stream_song)\/([0-9]*).*/){ | |
| print $chan, "OK store-id=http://reverbnation.squid.internal/$2\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/.*\.dl\.sourceforge\.net\/(.*\.(exe|zip|mp3|mp4))/){ | |
| print $chan, "OK store-id=http://sourceforge.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/fs[0-9]+\.filehippo\.com\/[^\/]*\/[^\/]*\/(.*)/){ | |
| print $chan, "OK store-id=http://filehippo.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/download[0-9]+.mediafire\.com\/.*\/\w+\/(.*)/){ | |
| print $chan, "OK store-id=http://mediafire.squid.internal$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/.*android\.clients\.google\.com\/[a-z]+\/[a-zA-Z]+\/[a-zA-Z]+\/(.*)\/([0-9]+)\?.*/){ | |
| print $chan, "OK store-id=http://android.squid.internal/$1/$2\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/.*(googleusercontent.com|blogspot.com)\/(.*)\/([a-z0-9]+)(-[a-z]-[a-z]-[a-z]+)?\/(.*\.(jpg|png))/){ | |
| print $chan, "OK store-id=http://googleusercontent.squid.internal/$5\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/global-shared-files-[a-z][0-9]\.softonic\.com\/.{3}\/.{3}\/.*\/.*\=(.*\.exe)/){ | |
| print $chan, "OK store-id=http://softonic.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/.*netmarble\.co\.id\/.*\/(data|ModooMarble)\/(.*)/){ | |
| print $chan, "OK store-id=http://netmarble.squid.internal/$2\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/(.*)\.windowsupdate\.com\/(.*)\/(.*)\/([a-z].*)/){ | |
| print $chan, "OK store-id=http://windowsupdate.squid.internal/$4\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/.*filetrip\.net\/.*\/((.*)\.([^\/\?\&]{2,4}))\?.*$/){ | |
| print $chan, "OK store-id=http://filetrip.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/.*get4mobile\.net\/.*f=([^\/\?\&]*).*$/){ | |
| print $chan, "OK store-id=http://get4mobile.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/.*thestaticvube\.com\/.*\/(.*)/){ | |
| print $chan, "OK store-id=http://thestaticvube.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/113\.6\.235\.171\/youku\/.*\/(.*\.flv)/){ | |
| print $chan, "OK store-id=http://youku.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/\d+\.\d+\.\d+\.\d+\/drama\/(.*\.mp4)\?.*\=(\d+)/){ | |
| print $chan, "OK store-id=http://drama.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/([a-z])[\d]{1,2}?(.gstatic\.com.*|\.wikimapia\.org.*)/){ | |
| print $chan, "OK store-id=http://gstatic.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/.*\.[a-z][0-9]\.(tiles\.virtualearth\.net)\/(.*\&n=z)/){ | |
| print $chan, "OK store-id=http://virtualearth.squid.internal/$2\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/imgv2-[0-9]\.scribdassets\.com\/(.*)/){ | |
| print $chan, "OK store-id=http://scribdassets.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/(.*?)\/(archlinux\/[a-zA-Z].*\/os\/.*)/){ | |
| print $chan, "OK store-id=http://archlinux.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/(.*?)\/speedtest\/(.*\.(jpg|txt))\??.*$/){ | |
| print $chan, "OK store-id=http://speedtest.squid.internal/$2\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/i[1-9]{3}\.photobucket\.com\/(.*)/){ | |
| print $chan, "OK store-id=http://photobucket.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/i[1-9]{4}\.photobucket\.com\/(.*)/){ | |
| print $chan, "OK store-id=http://photobucket.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/avideos\.5min\.com\/.*\/(.*)\?.*/){ | |
| print $chan, "OK store-id=http://avideos.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/.*\.catalog\.video\.msn\.com\/.*\/(.*\.(mp4|flv|m4v))/){ | |
| print $chan, "OK store-id=http://msn-video.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/v\.imwx\.com\/.*\/(.*)\?.*/){ | |
| print $chan, "OK store-id=http://imwx.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/video[0-9]\.break\.com\/.*\/(.*)\?.*/){ | |
| print $chan, "OK store-id=http://break.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/.*\.video[0-9]\.blip\.tv\/.*\/(.*)\?.*/){ | |
| print $chan, "OK store-id=http://blip.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/ss[0-9]\.vidivodo\.com\/vidivodo\/vidservers\/server[0-9]*\/videos\/.*\/([a-zA-Z0-9.]*)\?.*/){ | |
| print $chan, "OK store-id=http://vidivodo.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/video\-http\.media\-imdb\.com\/([a-zA-Z0-9\@\_\-]+\.(mp4|flv|m4v))\?.*/){ | |
| print $chan, "OK store-id=http://imdb-video.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/(vl|v)\.mccont\.com\/(.*)\/(.*\.(mp4|m4v|flv))\?.*/){ | |
| print $chan, "OK store-id=http://mccont.squid.internal/$3\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/(vid.{0,2}|proxy.*)(\.ak|\.ec|\.akm|)\.(dmcdn\.net|dailymotion\.com)\/.*\/(frag.*\.(flv|mp4|m4v)).*/){ | |
| print $chan, "OK store-id=http://dailymotion.squid.internal/$4\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/[^\/]*\.vimeo[^\/]*\.com.*\/([[^\/]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg|web))\?.*/){ | |
| print $chan, "OK store-id=http://vimeo.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/fcache\.veoh\.com\/.*\/.*(l[0-9]*\.(mp4|flv))\?.*/){ | |
| print $chan, "OK store-id=http://veoh.squid.internal$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/video\.thestaticvube\.com\/.*\/(.*)/){ | |
| print $chan, "OK store-id=http://thestaticvube.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/cdn[0-9]\.videos\.videobash\.com\/.*\/(.*\.(mp4|m4v|flv))\?.*/){ | |
| print $chan, "OK store-id=http://videobash.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/[^\/]*\.phncdn[^\/]*\.com.*\/([[^\/]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*/){ | |
| print $chan, "OK store-id=http://phncdn.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/.*\.xvideos\.com\/.*\/([^\/]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*/){ | |
| print $chan, "OK store-id=http://xvideos.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/[^\/]*\.tube8[^\/]*\.com.*\/([^\/]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*/){ | |
| print $chan, "OK store-id=http://tube8.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/.*\.(redtube|redtubefiles)\.com\/.*\/([^\/]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*/){ | |
| print $chan, "OK store-id=http://redtube.squid.internal/$2\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\/.*\/xh.*\/([^\/]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))/){ | |
| print $chan, "OK store-id=http://xhcdn.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/[^\/]*\.xhcdn[^\/]*\.com.*\/([^\/]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*/){ | |
| print $chan, "OK store-id=http://xhcdn.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/[^\/]*\.nsimg[^\/]*\.net.*\/([^\/]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*/){ | |
| print $chan, "OK store-id=http://nsimg.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/.*\.youjizz\.com.*\/([^\/]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*/){ | |
| print $chan, "OK store-id=http://youjizz.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/[^\/]*\.public\.keezmovies[^\/]*\.com.*\/([^\/]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*/){ | |
| print $chan, "OK store-id=http://keezmovies.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/[^\/]*\.youporn[^\/]*\.com.*\/([^\/]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*/){ | |
| print $chan, "OK store-id=http://youporn.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/[^\/]*\.spankwire[^\/]*\.com.*\/([^\/]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*/){ | |
| print $chan, "OK store-id=http://spankwire.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/[^\/]*\.pornhub[^\/]*\.com.*\/([[^\/]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*/){ | |
| print $chan, "OK store-id=http://pornhub.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/[^\/]*\.us.playvid[^\/]*\.com.*\/([[^\/]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*/){ | |
| print $chan, "OK store-id=http://playvid.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/[^\/]*\.slutload-media[^\/]*\.com.*\/([[^\/]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*/){ | |
| print $chan, "OK store-id=http://slutload-media.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/[^\/]*\.hardsextube[^\/]*\.com.*\/([[^\/]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*/){ | |
| print $chan, "OK store-id=http://hardsextube.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/[^\/]*\.public\.extremetube[^\/]*\.com.*\/([[^\/]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*/){ | |
| print $chan, "OK store-id=http://extremetube.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/([a-z0-9.]*)(\.doubleclick\.net|\.quantserve\.com|.exoclick\.com|interclick.\com|\.googlesyndication\.com|\.auditude\.com|.visiblemeasures\.com|yieldmanager|cpxinteractive)(.*)/){ | |
| print $chan, "OK store-id=http://ads.squid.internal/$3\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/(.*?)\/(ads)\?(.*?)/){ | |
| print $chan, "OK store-id=http://ads.squid.internal/$3\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/[^\/]*phobos\.apple\.com\/.*\/([^\/]*\.ipa)/){ | |
| print $chan, "OK store-id=http://apple.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/fs\w*\.fileserve\.com\/file\/(\w*)\/[\w-]*\.\/(.*)/){ | |
| print $chan, "OK store-id=http://fileserve.squid.internal/$2\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/s[0-9]*\.filesonic\.com\/download\/([0-9]*)\/(.*)/){ | |
| print $chan, "OK store-id=http://filesonic.squid.internal/$2\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/download[0-9]{3}\.avast\.com\/(.*)/){ | |
| print $chan, "OK store-id=http://avast.squid.internal/41\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/[a-zA-Z0-9]+\.[a-zA-Z0-9]+x\.[a-z]\.avast\.com\/[a-zA-Z0-9]+x\/(.*\.vpx)/){ | |
| print $chan, "OK store-id=http://avast.squid.internal\$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\/(iavs.*)/){ | |
| print $chan, "OK store-id=http://iavs.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/.*\.starhub\.com\/[a-z]+\/[a-z]+\/[a-z]+\/(.*exe)\?[0-9]/){ | |
| print $chan, "OK store-id=http://starhub.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/dnl-[0-9]{2}\.geo\.kaspersky\.com\/(.*)/){ | |
| print $chan, "OK store-id=http://kaspersky.squid.internal/$1\n" ; | |
| } elsif ($_ =~ m/^https?:\/\/([^\.]*)\.yimg\.com\/(.*)/){ | |
| print $chan, "OK store-id=http://yimg.squid.internal/$1\n" ; | |
| } else { | |
| print $chan, "ERR\n" ; | |
| } | |
| } | |
| ================================= | |
| nano /etc/init.d/squid | |
| ================================= | |
| #! /bin/sh | |
| # | |
| # squid Startup script for the SQUID HTTP proxy-cache. | |
| # | |
| # Version: @(#)squid.rc 2.20 01-Oct-2001 miquels@cistron.nl | |
| # | |
| ### BEGIN INIT INFO | |
| # Provides: squid | |
| # Required-Start: $local_fs $network | |
| # Required-Stop: $local_fs $network | |
| # Should-Start: $named | |
| # Should-Stop: $named | |
| # Default-Start: 2 3 4 5 | |
| # Default-Stop: 0 1 6 | |
| # Short-Description: Squid HTTP Proxy | |
| ### END INIT INFO | |
| |
| NAME=squid | |
| DAEMON=/usr/sbin/squid | |
| LIB=/usr/lib/squid | |
| PIDFILE=/var/run/squid.pid | |
| # export LD_PRELOAD=/usr/local/lib/libjemalloc.so # ini apabila anda menggunakan jemalloc | |
| SQUID_ARGS="-YC" | |
| |
| [ ! -f /etc/default/squid ] || . /etc/default/squid | |
| |
| . /lib/lsb/init-functions | |
| |
| PATH=/bin:/usr/bin:/sbin:/usr/sbin | |
| |
| [ -x $DAEMON ] || exit 0 | |
| |
| grepconf () { | |
| w=" " # space tab | |
| sq=/etc/squid/squid.conf | |
| # sed is cool. | |
| res=`sed -ne ' | |
| s/^'$1'['"$w"']\+\([^'"$w"']\+\).*$/\1/p; | |
| t end; | |
| d; | |
| :end q' < $sq` | |
| [ -n "$res" ] || res=$2 | |
| echo "$res" | |
| } | |
| |
| grepconf2 () { | |
| w=" " # space tab | |
| sq=/etc/squid/$NAME.conf | |
| # sed is cool. | |
| res=`sed -ne ' | |
| s/^'$1'['"$w"']\+[^'"$w"']\+['"$w"']\+\([^'"$w"']\+\).*$/\1/p; | |
| t end; | |
| d; | |
| :end q' < $sq` | |
| [ -n "$res" ] || res=$2 | |
| echo "$res" | |
| } | |
| |
| # | |
| # Try to increase the # of filedescriptors we can open. | |
| # | |
| maxfds () { | |
| [ -n "$SQUID_MAXFD" ] || return | |
| [ -f /proc/sys/fs/file-max ] || return 0 | |
| global_file_max=`cat /proc/sys/fs/file-max` | |
| minimal_file_max=$(($SQUID_MAXFD + 4096)) | |
| if [ "$global_file_max" -lt $minimal_file_max ] | |
| then | |
| echo $minimal_file_max > /proc/sys/fs/file-max | |
| fi | |
| ulimit -n $SQUID_MAXFD | |
| } | |
| |
| start () { | |
| cdr=`grepconf2 cache_dir /cache-1` | |
| ctp=`grepconf cache_dir ufs` | |
| |
| case "$cdr" in | |
| [0-9]*) | |
| log_failure_msg "squid: squid.conf contains 2.2.5 syntax - not starting!" | |
| log_end_msg 1 | |
| exit 1 | |
| ;; | |
| esac | |
| | |
| # | |
| # Create spool dirs if they don't exist. | |
| # | |
| if [ -d "$cdr" -a ! -d "$cdr/00" ] || [ "$ctp" = "coss" -a ! -w "$cdr" ] | |
| then | |
| log_warning_msg "Creating squid cache structure" | |
| $DAEMON $SQUID_ARGS -z | |
| fi | |
| |
| if [ "$CHUID" = "" ]; then | |
| CHUID=root | |
| fi | |
| |
| maxfds | |
| umask 027 | |
| start-stop-daemon --quiet --start \ | |
| --pidfile $PIDFILE \ | |
| --chuid $CHUID \ | |
| --exec $DAEMON -- $SQUID_ARGS < /dev/null | |
| return $? | |
| } | |
| |
| stop () { | |
| PID=`cat $PIDFILE 2>/dev/null` | |
| start-stop-daemon --stop --quiet --pidfile $PIDFILE --name squid | |
| # | |
| # Now we have to wait until squid has _really_ stopped. | |
| # | |
| sleep 2 | |
| if test -n "$PID" && kill -0 $PID 2>/dev/null | |
| then | |
| log_action_begin_msg " Waiting" | |
| cnt=0 | |
| while kill -0 $PID 2>/dev/null | |
| do | |
| cnt=`expr $cnt + 1` | |
| if [ $cnt -gt 24 ] | |
| then | |
| log_action_end_msg 1 | |
| return 1 | |
| fi | |
| sleep 5 | |
| log_action_cont_msg "" | |
| done | |
| log_action_end_msg 0 | |
| return 0 | |
| else | |
| return 0 | |
| fi | |
| } | |
| |
| case "$1" in | |
| start) | |
| log_daemon_msg "Starting Squid HTTP proxy" "squid" | |
| if start ; then | |
| log_end_msg $? | |
| else | |
| log_end_msg $? | |
| fi | |
| ;; | |
| stop) | |
| log_daemon_msg "Stopping Squid HTTP proxy" "squid" | |
| if stop ; then | |
| log_end_msg $? | |
| else | |
| log_end_msg $? | |
| fi | |
| ;; | |
| reload|force-reload) | |
| log_action_msg "Reloading Squid configuration files" | |
| $DAEMON -k reconfigure | |
| log_action_end_msg 0 | |
| ;; | |
| restart) | |
| log_daemon_msg "Restarting Squid HTTP proxy" "squid" | |
| stop | |
| if start ; then | |
| log_end_msg $? | |
| else | |
| log_end_msg $? | |
| fi | |
| ;; | |
| status) | |
| status_of_proc -p "$PIDFILE" "$DAEMON" squid && exit 0 || exit $? | |
| ;; | |
| *) | |
| echo "Usage: /etc/init.d/$NAME {start|stop|reload|force-reload|restart|status}" | |
| exit 3 | |
| ;; | |
| esac | |
| |
| exit 0 | |
| |
| |
| ================================= | |
| chmod +x store-id.pl | |
| chmod +x squid | |
| chown proxy:proxy /cache-1 | |
| chown proxy:proxy /cache-2 && | |
| chmod 777 /cache-1 && | |
| chmod 777 /cache-2 | |
| squid -f /etc/squid/squid.conf -z | |
| |
| sysv-rc-conf squid default | |
| |
| ================================= | |
| nano /etc/rc.local | |
| ================================= | |
| #0 | |
| iptables -A POSTROUTING -t nat -j MASQUERADE -o eth0 | |
| #1 | |
| iptables -t mangle -F | |
| iptables -t mangle -X | |
| #2 | |
| echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter | |
| echo 1 > /proc/sys/net/ipv4/ip_forward | |
| #3 | |
| ip rule add fwmark 1 lookup 100 | |
| ip route add local 0.0.0.0/0 dev lo table 100 | |
| #4 | |
| iptables -t mangle -N DIVERT | |
| iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT | |
| #5 | |
| iptables -t mangle -A DIVERT -j MARK --set-mark 1 | |
| iptables -t mangle -A DIVERT -j ACCEPT | |
| #6 | |
| iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129 | |
| iptables -t mangle -A PREROUTING -p tcp --dport 443 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3130 | |
| #7 | |
| squid start | |
| exit 0 | |
| =================================================================================================== | |
| squid -k parse | |
| squid -k reconfigure | |
| squid -z | |
| squid start | |
| |
| tail -f /tmp/access.log | ccze</fh> | |
| </code> | |
