HAVP (Update 31-10-2012)

#
# This is the configuration file for HAVP
#
# All lines starting with a hash (#) or empty lines are ignored.
# Uncomment parameters you want to change!
#
# All parameters configurable in this file are explained and their default
# values are shown. If no default value is defined "NONE" is specified.
#
# General syntax: Parameter Value
# Value can be: true/false, number, or path
#
# Extra spaces and tabs are ignored.
#

# You must remove this line for HAVP to start.
# This makes sure you have (hopefully) reviewed the configuration. :)
# Hint: You must enable some scanner! Find them in the end..
# REMOVETHISLINE deleteme

#
# For reasons of security it is recommended to run a proxy program
# without root rights. It is recommended to create user that is not
# used by any other program.
#
# Default:
USER havp
GROUP havp

# If this is true HAVP is running as daemon in background.
# For testing you may run HAVP at your text console.
#
# Default:
DAEMON true

#
# Process id (PID) of the main HAVP process is written to this file.
# Be sure that it is writeable by the user under which HAVP is running.
# /etc/init.d/havp script requires this to work.
#
# Default:
PIDFILE /var/run/havp/havp.pid

#
# For performance reasons several instances of HAVP have to run.
# Specify how many servers (child processes) are simultaneously
# listening on port PORT for a connection. Minimum value should be
# the peak requests-per-second expected + 5 for headroom. For best
# performance, you should have atleast 1 CPU core per 16 processes.
#
# For single user home use, 8 should be minimum.
# For 500+ users corporate use, start at 40.
#
# Value can and should be higher than recommended. Memory and
# CPU usage is only affected by the number of concurrent requests.
#
# More childs are automatically created when needed, up to MAXSERVERS.
#
# Default:
# SERVERNUMBER 8
# MAXSERVERS 100
SERVERNUMBER 8
MAXSERVERS 8

#
# Files where to log requests and info/errors.
# Needs to have write permission for HAVP user.
#
# Default:
ACCESSLOG /var/log/havp/access.log
ERRORLOG /var/log/havp/havp.log

#
# Syslog can be used instead of logging to file.
# For facilities and levels, see "man syslog".
#
# Default:
USESYSLOG true
SYSLOGNAME havp
SYSLOGFACILITY daemon
SYSLOGLEVEL info
SYSLOGVIRUSLEVEL warning

#
# true: Log every request to access log
# false: Log only viruses to access log
#
# Default:
LOG_OKS true

#
# Level of HAVP logging
#  0 = Only serious errors and information
#  1 = Less interesting information is included
#
# Default:
LOGLEVEL 0

#
# Temporary scan file.
# This file must reside on a partition for which mandatory
# locking is enabled. For Linux, use "-o mand" in mount command.
# See "man mount" for details. Solaris does not need any special
# steps, it works directly.
#
# Specify absolute path to a file which name must contain "XXXXXX".
# These characters are used by system to create unique named files.
#
# Default:
SCANTEMPFILE /var/spool/havp/havp-XXXXXX

#
# Directory for ClamAV and other scanner created tempfiles.
# Needs to be writable by HAVP user. Use ramdisk for best performance.
#
# Default:
TEMPDIR /var/tmp

#
# HAVP reloads scanners virus database by receiving a signal
# (send SIGHUP to PID from PIDFILE, see "man kill") or after
# a specified period of time. Specify here the number of
# minutes to wait for reloading.
#
# This only affects library scanners (clamlib, trophie).
# Other scanners must be updated manually.
#
# Default:
DBRELOAD 60

#
# Run HAVP as transparent Proxy?
#
# If you don't know what this means read the mini-howto
# TransparentProxy written by Daniel Kiracofe.
# (e.g.: http://www.tldp.org/HOWTO/mini/TransparentProxy.html)
# Definitely you have more to do than setting this to true.
# You are warned!
#
# Default:
TRANSPARENT false

#
# Specify a parent proxy (e.g. Squid) HAVP should use.
#
# Default: NONE
PARENTPROXY 127.0.0.1
PARENTPORT 3128

#
# Write X-Forwarded-For: to log instead of connecters IP?
#
# If HAVP is used as parent proxy by some other proxy, this allows
# to write the real users IP to log, instead of proxy IP.
#
# Default:
FORWARDED_IP true

#
# Send X-Forwarded-For: header to servers?
#
# If client sent this header, FORWARDED_IP setting defines the value,
# then it is passed on. You might want to keep this disabled for security
# reasons. Enable this if you use your own parent proxy after HAVP, so it
# will see the original client IP.
#
# Disabling this also disables Via: header generation.
#
# Default:
X_FORWARDED_FOR true

#
# Port HAVP is listening on.
#
# Default:
PORT 8080

#
# IP address that HAVP listens on.
# Let it be undefined to bind all addresses.
#
# Default: NONE
BIND_ADDRESS 127.0.0.1

#
# IP address used for sending outbound packets.
# Let it be undefined if you want OS to handle right address.
#
# Default: NONE
# SOURCE_ADDRESS 1.2.3.4

#
# Path to template files.
#
# Default:
TEMPLATEPATH /etc/havp/templates/en

#
# Set to true if you want to prefer Whitelist.
# If URL is Whitelisted, then Blacklist is ignored.
# Otherwise Blacklist is preferred.
#
# Default:
WHITELISTFIRST true

#
# List of URLs not to scan.
#
# Default:
WHITELIST /etc/havp/whitelist

#
# List of URLs that are denied access.
#
# Default:
BLACKLIST /etc/havp/blacklist

#
# Is scanner error fatal?
#
# For example, archive types that are not supported by scanner
# may return error. Also if scanner has invalid pattern files etc.
#
# true: User gets error page
# false: No error is reported (viruses might not be detected)
#
# Default:
FAILSCANERROR true

#
# When scanning takes longer than this, it will be aborted.
# Timer is started after HAVP has fully received all data.
# If set too low, complex files/archives might produce timeout.
# Timeout is always a fatal error regardless of FAILSCANERROR.
#
# Time in minutes!
#
# Default:
SCANNERTIMEOUT 10

#
# Allow HTTP Range requests?
#
# false: Broken downloads can NOT be resumed
# true: Broken downloads can be resumed
#
# Allowing Range is a security risk, because partial
# HTTP requests may not be properly scanned.
#
# Whitelisted sites are allowed to use Range in any case.
#
# Default:
RANGE true

#
# Allow HTTP Range request to get the ZIP header first?
#
# This allows (partial) scanning of ZIP files that are bigger than
# MAXSCANSIZE. Scanning is done up to that many bytes into the file.
#
# Default:
PRELOADZIPHEADER true

#
# If you really need more performance, you can disable scanning of
# JPG, GIF and PNG files. These are probably the most common files
# around, so it will save lots of CPU. But be warned, image exploits
# exist and more could be found. Think twice if you want to disable!
#
# Default:
SCANIMAGES true

#
# Temporary file will grow only up to this size. This means scanner
# will scan data until this limit is reached.
#
# There are two sides to this setting. By limiting the size, you gain
# performance, less waiting for big files and less needed temporary space.
# But there is slightly higher chance of virus slipping through (though
# scanning large archives should not be gateways function, HAVP is more
# geared towards small exploit detection etc).
#
# VALUE IN BYTES NOT KB OR MB!!!!
#  0 = No size limit
#
# Default:
MAXSCANSIZE 5000000

#
# Amount of data going to browser that is held back, until it
# is scanned. When we know file is clean, this held back data
# can be sent to browser. You can safely set bigger value, only
# thing you will notice is some "delay" in beginning of download.
# Virus found in files bigger than this might not produce HAVP
# error page, but result in a "broken" download.
#
# VALUE IN BYTES NOT KB OR MB!!!!
#
# Default:
KEEPBACKBUFFER 200000

#
# This setting complements KEEPBACKBUFFER. It tells how many Seconds to
# initially receive data from server, before sending anything to client.
# Even trickling is not done before this time elapses. This way files that
# are received fast are more secure and user can get virus report page for
# files bigger than KEEPBACKBUFFER.
#
# Setting to 0 will disable this, and only KEEPBACKBUFFER is used.
#
# Default:
KEEPBACKTIME 5

#
# After Trickling Time (seconds), some bytes are sent to browser
# to keep the connection alive. Trickling is not needed if timeouts
# are not expected for files smaller than KEEPBACKBUFFER, but it is
# recommended to set anyway.
#
# 0 = No Trickling
#
# Default:
TRICKLING 30

#
# Send this many bytes to browser every TRICKLING seconds, see above
#
# Default:
TRICKLINGBYTES 1

#
# Downloads larger than MAXDOWNLOADSIZE will be blocked.
# Only if not Whitelisted!
#
# VALUE IN BYTES NOT KB OR MB!!!!
#  0 = Unlimited Downloads
#
# Default:
MAXDOWNLOADSIZE 0

#
# Space separated list of strings to partially match User-Agent: header.
# These are used for streaming content, so scanning is generally not needed
# and tempfiles grow unnecessary. Remember when enabled, that user could
# fake header and pass some scanning. HTTP Range requests are allowed for
# these, so players can seek content.
#
# You can uncomment here a list of most popular players.
#
# Default: NONE
STREAMUSERAGENT Player Winamp iTunes QuickTime Audio RMA/ MAD/ Foobar2000 XMMS

#
# Bytes to scan from beginning of streams.
# When set to 0, STREAMUSERAGENT scanning will be completely disabled.
# It is not recommended as there are some exploits for players.
#
# Default:
STREAMSCANSIZE 20000

#
# Disable mandatory locking (dynamic scanning) for certain file types.
# This is intended for fixing cases where a scanner forces use of mmap()
# call. Mandatory locking might not allow this, so you could get errors
# regarding memory allocation or I/O. You can test the "None" option
# anyway, as it might even work depending on your OS (some Linux seems
# to allow mand+mmap).
#
# Allowed values:
#   None
#   ClamAV:BinHex  (mmap forced in all versions, no ETA for fix)
#   ClamAV:PDF     (mmap forced in all versions, no ETA for fix)
#   ClamAV:ZIP     (mmap forced in 0.93.x, should work in 0.94)
#   AVG:ALL        (AVG 8.5 does not work, uses mmap MAP_SHARED)
#
# Default:
DISABLELOCKINGFOR ClamAV:BinHex ClamAV:PDF ClamAV:ZIP AVG:ALL

#
# Whitelist specific viruses by case-insensitive substring match.
# For example, "Oversized." and "Encrypted." are good candidates,
# if you can't disable those checks any other way.
#
# Default: NONE
IGNOREVIRUS Oversized. Encrypted. Phishing.


#####
##### ClamAV Library Scanner (libclamav)
#####

ENABLECLAMLIB true

# HAVP uses libclamav hardcoded pattern directory, which usually is
# /usr/share/clamav. You only need to set CLAMDBDIR, if you are
# using non-default DatabaseDirectory setting in clamd.conf.
#
# Default: NONE
CLAMDBDIR /var/lib/clamav

# Should we block broken executables?
#
# Default:
CLAMBLOCKBROKEN false

# Should we block encrypted archives?
#
# Default:
CLAMBLOCKENCRYPTED false

# Should we block files that go over maximum archive limits?
#
# Default:
CLAMBLOCKMAX false

# Scanning limits?
# You can find some additional info from documentation or clamd.conf
#
# Stop when this many total bytes scanned (MB)
CLAMMAXSCANSIZE 20
#
# Stop when this many files have been scanned
CLAMMAXFILES 50
#
# Don't scan files over this size (MB)
CLAMMAXFILESIZE 100
#
# Maximum archive recursion
CLAMMAXRECURSION 8


#####
##### ClamAV Socket Scanner (clamd)
#####
##### NOTE: ClamAV Library Scanner should be preferred (less overhead)
#####

ENABLECLAMD false

# Path to clamd socket
#
# Default:
# CLAMDSOCKET /tmp/clamd

# ..OR if you use clamd TCP socket, uncomment to enable use
#
# Clamd daemon needs to run on the same server as HAVP
#
# Default: NONE
# CLAMDSERVER 127.0.0.1
# CLAMDPORT 3310


#####
##### F-Prot Socket Scanner
#####

ENABLEFPROT false

# F-Prot daemon needs to run on same server as HAVP
#
# Default:
# FPROTSERVER 127.0.0.1
# FPROTPORT 10200

# F-Prot options (only for version 6+ !)
#
# See "fpscand-client.sh --help" for possible options.
#
# At the moment:
#  --scanlevel=  Which scanlevel to use, 0-4 (2).
#  --heurlevel=  How aggressive heuristics should be used, 0-4 (2).
#  --archive=    Scan inside supported archives n levels deep 1-99 (5).
#  --adware         Instructs the daemon to flag adware.
#  --applications   Instructs the daemon to flag potentially unwanted applications.
#
# Default: NONE
# FPROTOPTIONS --scanlevel=2 --heurlevel=2


#####
##### AVG Socket Scanner
#####

ENABLEAVG false

# AVG daemon needs to run on the same server as HAVP
#
# Default:
# AVGSERVER 127.0.0.1
# AVGPORT 55555


#####
##### Kaspersky Socket Scanner
#####

ENABLEAVESERVER false

# Path to aveserver socket
#
# Default:
# AVESOCKET /var/run/aveserver


#####
##### Sophos Scanner (Sophie)
#####

ENABLESOPHIE false

# Path to sophie socket
#
# Default:
# SOPHIESOCKET /var/run/sophie


#####
##### Trend Micro Library Scanner (Trophie)
#####

ENABLETROPHIE false

# Scanning limits inside archives (filesize = MB):
#
# Default:
# TROPHIEMAXFILES 50
# TROPHIEMAXFILESIZE 10
# TROPHIEMAXRATIO 250


#####
##### NOD32 Socket Scanner
#####

ENABLENOD32 false

# Path to nod32d socket
#
# For 3.0+ version, try /tmp/esets.sock
#
# Default:
# NOD32SOCKET /tmp/nod32d.sock

# Used NOD32 Version
#
#  30 = 3.0+
#  25 = 2.5+
#  21 = 2.x (very old)
#
# Default:
# NOD32VERSION 25


#####
##### Avast! Socket Scanner
#####

ENABLEAVAST false

# Path to avastd socket
#
# Default:
# AVASTSOCKET /var/run/avast4/local.sock

# ..OR if you use avastd TCP socket, uncomment to enable use
#
# Avast daemon needs to run on the same server as HAVP
#
# Default: NONE
# AVASTSERVER 127.0.0.1
# AVASTPORT 5036


#####
##### Arcavir Socket Scanner
#####

ENABLEARCAVIR false

# Path to arcavird socket
#
# For version 2008, default socket is /var/run/arcad.ctl
#
# Default:
# ARCAVIRSOCKET /var/run/arcavird.socket

# Used Arcavir version
#  2007 = Version 2007 and earlier
#  2008 = Version 2008 and later
#
# Default:
# ARCAVIRVERSION 2007


#####
##### DrWeb Socket Scanner
#####

ENABLEDRWEB false

# Enable heuristic scanning?
#
# Default:
# DRWEBHEURISTIC true

# Enable malware detection?
# (Adware, Dialer, Joke, Riskware, Hacktool)
#
# Default:
# DRWEBMALWARE true

# Path to drwebd socket
#
# Default:
# DRWEBSOCKET /var/drweb/run/.daemon

# ..OR if you use drwebd TCP socket, uncomment to enable use
#
# DrWeb daemon needs to run on the same server as HAVP
#
# Default: NONE
# DRWEBSERVER 127.0.0.1
# DRWEBPORT 3000

Squid Proxy (Update 31-10-2012)

# SQUID 2.7.STABLE7
# -----------------

# By : Angga Adi
# E-mail : dittaanggas7@gmail.com
# Blog : http://be2x-opensource.blogspot.com/

# ACCESS CONTROLS
# -----------------------------------------------------------------------------
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
# ACL GET cache
acl getmethod method GET
# Only http traffic can be scanned
acl Scan_HTTP proto HTTP
# Cache_Peer
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access allow SSL_ports
http_access allow Safe_ports
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow to_localhost
http_access allow localnet
http_access allow localhost
http_access deny all
http_reply_access allow all
reply_body_max_size 0 allow all

# OPTIONS FOR X-Forwarded-For
# -----------------------------------------------------------------------------
follow_x_forwarded_for deny all

# NETWORK OPTIONS
# -----------------------------------------------------------------------------
http_port 127.0.0.1:3128
tcp_outgoing_tos 0x04 localhost
tcp_outgoing_tos 0x04 localnet
tcp_outgoing_tos 0x04 to_localhost
zph_mode tos
zph_local 0x04
zph_parent 0x04
zph_option 136

# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
# -----------------------------------------------------------------------------
#cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default
cache_peer 127.0.0.1 parent 8080 0 no-query no-netdb-exchange default
cache_peer_access 127.0.0.1 allow all
hierarchy_stoplist cgi-bin ?

# MEMORY CACHE OPTIONS
# -----------------------------------------------------------------------------
cache_mem 8 MB
maximum_object_size_in_memory 8 KB
memory_replacement_policy heap GDSF

# DISK CACHE OPTIONS
# -----------------------------------------------------------------------------
cache_replacement_policy heap LFUDA
#cache_dir aufs /var/spool/squid 30000 26 256
cache_dir aufs /media/cache1 30000 26 256
cache_dir aufs /media/cache2 30000 26 256
cache_dir aufs /media/cache3 30000 26 256
cache_dir aufs /media/cache4 26000 26 256
store_dir_select_algorithm round-robin
max_open_disk_fds 0
minimum_object_size 0 KB
#maximum_object_size 4096 KB
#maximum_object_size 20480 KB
maximum_object_size 32000 KB
#maximum_object_size 100000 KB
cache_swap_low 90
cache_swap_high 95
update_headers on

# LOGFILE OPTIONS
# -----------------------------------------------------------------------------
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
logfile_rotate 0
pid_filename /var/run/squid.pid

# OPTIONS FOR URL REWRITING
# -----------------------------------------------------------------------------
storeurl_rewrite_program /etc/squid/storeurl.pl
storeurl_rewrite_children 8
storeurl_rewrite_concurrency 10

# OPTIONS FOR TUNING THE CACHE
# -----------------------------------------------------------------------------
cache allow all
max_stale 1 week
# 1 year = 525600 mins, 1 month = 43200 mins, 1 day = 1440 #
# options: override-expire
#       override-lastmod
#       reload-into-ims
#       ignore-reload
#       ignore-no-cache
#       ignore-private
#       ignore-auth
#       stale-while-revalidate=NN
#       ignore-stale-while-revalidate
#       max-stale=NN
#       negative-ttl=NN
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
# Speedtest
refresh_pattern \.speedtest/.* 43200 99999% 432000 override-expire ignore-reload ignore-no-cache
# Facebook => Cache-Control: private, no-cache, no-store, must-revalidate
refresh_pattern .facebook.com.*\.(swf|jpg|gif|png|mp3|php|js) 43800 95% 43800 ignore-private ignore-no-cache override-expire
# Game facebook
refresh_pattern .zynga.com.*\.(swf|jpg|gif|png|mp3) 43800 95% 43800 override-expire ignore-reload
# Youtube (i4) => Cache-Control: public, max-age=21600
refresh_pattern http://i4.ytimg.com 2160 100% 21600 ignore-auth
# Youtube (s) => Cache-Control=no-cache, must-revalidate
refresh_pattern http://s.ytimg.com 2160 100% 21600 ignore-no-cache
# Youtube cache => Cache-Control=private || Cache-Control=private, max-age=22897
#refresh_pattern http://o-o---preferred---sn-2uuxa3vh-n0ce---v19---lscache4.c.youtube.com 2289 100% 22987 ignore-private
refresh_pattern http://o-o---preferred---sn-2uuxa3vh-n0ce---v19---lscache4.c.youtube.com 2289 100% 22987 ignore-private
# Youtube nonxt4 => Cache-Control=private, max-age=23704 || Cache-Control=private, max-age=23648
#refresh_pattern http://o-o---preferred---sn-npo7en7y---v19---nonxt4.c.youtube.com 2370 100% 23704 ignore-private
refresh_pattern http://o-o---preferred---sn-npo7en7y---v19---nonxt4.c.youtube.com 2364 100% 23648 ignore-private
# Blog => Cache-Control: private, max-age=0
refresh_pattern .blogspot.com.*\.(swf|jpg|gif|png|mp3|php|js) 43800 95% 43800 override-lastmod reload-into-ims ignore-private
# Image
refresh_pattern \.(jp(e?g|e|2)|tiff?|bmp|gif|png)($|&) 43800 95% 43800 ignore-no-cache reload-into-ims override-expire
# Game
#refresh_pattern (zynga|ninjasaga|mafiawars|cityville|farmville|crowdstar|spilcdn|agame|popcap)\.com/.* 2629742 999999% 2629742 override-expire ignore-reload ignore-no-cache ignore-private
# CDN
#refresh_pattern \.(akamaihd|edgecastcdn|spilcdn|zgncdn|(tw|y|yt)img)\.com.*\.(jp(e?g|e|2)|gif|png|swf|mp(3|4)) 43200 99999% 43200 override-expire override-lastmod ignore-reload ignore-no-cache ignore-private
#refresh_pattern \.(rackcdn|spilcdn|zgncdn)\.com.*\.(jp(e?g|e|2)|gif|png|swf|mp(3|4)) 43200 9999% 43200 override-expire ignore-reload ignore-no-cache
# General
#refresh_pattern \.(jp(e?g|e|2)|tiff?|bmp|gif|png) 2629742 999999% 2629742 ignore-no-cache reload-into-ims override-expire ignore-private
#refresh_pattern \.(z(ip|[0-9]{2})|r(ar|[0-9]{2})|jar|bz2|gz|tar|rpm|vpu) 2629742 999999% 2629742 override-expire reload-into-ims ignore-no-cache ignore-private
#refresh_pattern \.(mp3|wav|og(g|a)|flac|midi?|rm|aac|wma|mka|ape) 2629742 999999% 2629742 override-expire reload-into-ims ignore-reload ignore-no-cache ignore-private
#refresh_pattern \.(exe|msi|msp|msu|dmg|bin|xpi|iso|swf|mar|psf|cab|deb) 2629742 999999% 2629742 override-expire reload-into-ims ignore-reload ignore-no-cache ignore-private
#refresh_pattern \.(mpeg|ra?m|avi|mp(g|e|4)|mov|divx|asf|wmv|m\dv|rv|vob|asx|ogm|flv|3gp|on2) 2629742 999999% 2629742 override-expire override-lastmod ignore-reload ignore-no-cache ignore-private ignore-auth negative-ttl=0
#refresh_pattern \.(php|jsp|cgi|asx|asp|aspx)\? 0 0% 0
#
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Package(.gz)*)$ 0 20% 2880
refresh_pattern (\.deb|\.udeb)$   129600 100% 129600
refresh_pattern . 0 20% 4320
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 95
read_ahead_gap 16 KB
negative_ttl 5 minutes
store_avg_object_size 13 KB

# HTTP OPTIONS
# -----------------------------------------------------------------------------
request_header_max_size 20 KB
reply_header_max_size 20 KB
request_body_max_size 0 allow all
via on
header_access Via deny all
header_access Forwarded-For deny all
header_access X-Forwarded-For deny all
header_access Server deny all
header_access Referer deny all
header_access User-Agent deny all
header_replace User-Agent anonymous
server_http11 on

# TIMEOUTS
# -----------------------------------------------------------------------------
shutdown_lifetime 30 seconds

# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------
cache_mgr h4ck3r.h4x0r.org
cache_effective_user proxy
cache_effective_group proxy
visible_hostname h4ck3r-proxy-server
unique_hostname h4ck3r-proxy-server

# DELAY POOL PARAMETERS
# -----------------------------------------------------------------------------

# PERSISTENT CONNECTION HANDLING
# -----------------------------------------------------------------------------

# CACHE DIGEST OPTIONS
# -----------------------------------------------------------------------------
digest_generation on
digest_bits_per_entry 5
digest_rebuild_period 1 hour
digest_rewrite_period 1 hour
digest_swapout_chunk_size 4096 bytes
digest_rebuild_chunk_percentage 10

# OPTIONS INFLUENCING REQUEST FORWARDING
# -----------------------------------------------------------------------------
nonhierarchical_direct on
prefer_direct off
ignore_ims_on_miss off
always_direct allow localhost
always_direct allow localnet
always_direct allow to_localhost
never_direct allow all
# Only http traffic can be scanned
never_direct allow Scan_HTTP

# ADVANCED NETWORKING OPTIONS
# -----------------------------------------------------------------------------
max_filedescriptors 0
tcp_recv_bufsize 0 bytes

# DNS OPTIONS
# -----------------------------------------------------------------------------
check_hostnames on
dns_nameservers 127.0.0.1
hosts_file /etc/hosts
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024

# MISCELLANEOUS
# -----------------------------------------------------------------------------
forwarded_for off
reload_into_ims on
coredump_dir /var/spool/squid
balance_on_multiple_ip on
pipeline_prefetch on

iptables.up.rules (Update 31-10-2012)

# Generated by iptables-save v1.4.4 on Sat Oct 20 14:59:09 2012
*nat
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
# Forward HTTP connections to Squid proxy
-A PREROUTING -p tcp -m tcp -i wlan0 -m multiport --dports 80,443 -j REDIRECT --to-ports 3128
-A PREROUTING -p tcp -m tcp -i eth0 -m multiport --dports 80,443 -j REDIRECT --to-ports 3128
-A PREROUTING -p tcp -m tcp -i wlan0 -m multiport --dports 80,443 -j REDIRECT --to-ports 8080
-A PREROUTING -p tcp -m tcp -i eth0 -m multiport --dports 80,443 -j REDIRECT --to-ports 8080
-A POSTROUTING -o wlan0 -j MASQUERADE
COMMIT
# Completed on Sat Oct 20 14:59:09 2012
# Generated by iptables-save v1.4.4 on Sat Oct 20 14:59:09 2012
*mangle
:PREROUTING ACCEPT [75:20533]
:INPUT ACCEPT [75:20533]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [90:31676]
:POSTROUTING ACCEPT [90:31676]
-A PREROUTING -m tos --tos 0x04 -j MARK --set-mark 0x4
-A INPUT -m tos --tos 0x04 -j MARK --set-mark 0x4
-A FORWARD -m tos --tos 0x04 -j MARK --set-mark 0x4
-A OUTPUT -m tos --tos 0x04 -j MARK --set-mark 0x4
-A POSTROUTING -m tos --tos 0x04 -j MARK --set-mark 0x4
COMMIT
# Completed on Sat Oct 20 14:59:09 2012
# Generated by iptables-save v1.4.4 on Sat Oct 20 14:59:09 2012
*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i wlan0 -j ACCEPT
-A INPUT -i wlan0 -p tcp -m multiport --dports 80,443,53,953,8080 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i wlan0 -j LOG --log-level 7 --log-prefix BANDWIDTH_IN:
-A INPUT -i eth0 -j ACCEPT
-A INPUT -i eth0 -p tcp -m multiport --dports 80,443,53,953,8080 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -j LOG --log-level 7 --log-prefix BANDWIDTH_IN:
-A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT
-A FORWARD -i wlan0 -j LOG --log-level 7 --log-prefix BANDWIDTH_IN:
-A FORWARD -o wlan0 -j LOG --log-level 7 --log-prefix BANDWIDTH_OUT:
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o wlan0 -j ACCEPT
-A OUTPUT -o wlan0 -p tcp -m multiport --sports 80,443,53,953,8080 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -o wlan0 -j LOG --log-level 7 --log-prefix BANDWIDTH_OUT:
-A OUTPUT -o eth0 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m multiport --sports 80,443,53,953,8080 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -j LOG --log-level 7 --log-prefix BANDWIDTH_OUT:
-A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
-A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
COMMIT
# Completed on Sat Oct 20 14:59:09 2012

Update Squid.conf 31/Aug/2012

# SQUID 2.7.STABLE7
# -----------------

# By : Angga Adi
# E-mail : dittaanggas7@gmail.com
# Blog : http://be2x-opensource.blogspot.com/

# ACCESS CONTROLS
# -----------------------------------------------------------------------------
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
# ACL GET cache
acl getmethod method GET
# ACL untuk cache video
acl store_rewrite_list urlpath_regex \/(get_video|video\?v|videoplayback\?id|videoplayback.*id)
acl store_rewrite_list urlpath_regex \/(get_video\?|videodownload\?|videoplayback.*id|watch\?)
acl dontrewrite url_regex (get_video|video\?v=|videoplayback\?id|videoplayback.*id).*begin\=[1-9][0-9]* \.php\? \.asp\? \.aspx\? threadless.*\.jpg\?r=
# ACL untuk cache semua tipe file
acl store_rewrite_list urlpath_regex \.(3gp|mp(3|4)|flv|(m|f)4v|on2|fid|avi|mov|wm(a|v)|(mp(e?g|a|e|1|2))|mk(a|v)|jp(e?g|e|2)|gif|png|tiff?|bmp|tga|svg|ico|swf|exe|ms(i|u|p)|cab|psf|mar|bin|z(ip|[0-9]{2})|r(ar|[0-9]{2})|7z)\?
acl store_rewrite_list_path urlpath_regex \.(3gp|mp(3|4)|flv|(m|f)4v|on2|fid|avi|mov|wm(a|v)|(mp(e?g|a|e|1|2))|mk(a|v)|jp(e?g|e|2)|gif|png|tiff?|bmp|tga|svg|ico|swf|exe|ms(i|u|p)|cab|psf|mar|bin|z(ip|[0-9]{2})|r(ar|[0-9]{2})|7z)$
# ACL
acl store_rewrite_list_domain url_regex ^http:\/\/(([a-z-]+[0-9-]+)|([0-9-]+[a-z-]+))\.[a-z0-9-]*\.[a-z]{2,4}
acl store_rewrite_list_domain url_regex ^http:\/\/([a-zA-Z-]+[0-9-]+)\.[A-Za-z]*\.[A-Za-z]*
acl store_rewrite_list_domain url_regex (([a-z]{1,2}[0-9]{1,3})|([0-9]{1,3}[a-z]{1,2}))\.[a-z]*[0-9]?\.[a-z]{3}
# ACL untuk *.speedtest.*
acl store_rewrite_list_domain_CDN url_regex ^http:\/\/.*speedtest.*
acl speedtest_allow_dom dstdomain .speedtest.net
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access allow SSL_ports
http_access allow Safe_ports
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow to_localhost
http_access allow localnet
http_access allow localhost
http_access deny all
http_reply_access allow all
reply_body_max_size 0 allow all

# OPTIONS FOR X-Forwarded-For
# -----------------------------------------------------------------------------
follow_x_forwarded_for deny all

# NETWORK OPTIONS
# -----------------------------------------------------------------------------
http_port 127.0.0.1:3128
tcp_outgoing_tos 0x04 localhost
tcp_outgoing_tos 0x04 localnet
tcp_outgoing_tos 0x04 to_localhost
zph_mode tos
zph_local 0x04
zph_parent 0x04
zph_option 136

# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
# -----------------------------------------------------------------------------
cache_peer 127.0.0.1 parent 3128 0 no-query no-digest no-netdb-exchange default
cache_peer_access 127.0.0.1 allow all
hierarchy_stoplist cgi-bin ?

# MEMORY CACHE OPTIONS
# -----------------------------------------------------------------------------
cache_mem 8 MB
maximum_object_size_in_memory 8 KB
memory_replacement_policy heap GDSF

# DISK CACHE OPTIONS
# -----------------------------------------------------------------------------
cache_replacement_policy heap LFUDA
#cache_dir aufs /var/spool/squid 11000 26 256
cache_dir aufs /media/cache1 11000 26 256
cache_dir aufs /media/cache2 11000 26 256
cache_dir aufs /media/cache3 11000 26 256
store_dir_select_algorithm least-load
max_open_disk_fds 0
minimum_object_size 0 KB
maximum_object_size 32 MB
cache_swap_low 90
cache_swap_high 95
update_headers on

# LOGFILE OPTIONS
# -----------------------------------------------------------------------------
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
logfile_rotate 0
mime_table /usr/share/squid/mime.conf
pid_filename /var/run/squid.pid

# OPTIONS FOR URL REWRITING
# -----------------------------------------------------------------------------
storeurl_rewrite_program /etc/squid/storeurl.pl
storeurl_rewrite_children 4
storeurl_rewrite_concurrency 10
storeurl_access allow store_rewrite_list
storeurl_access allow store_rewrite_list_domain

# OPTIONS FOR TUNING THE CACHE
# -----------------------------------------------------------------------------
#cache deny DENYCACHE
max_stale 1 week
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Package(.gz)*)$ 0 20% 2880
refresh_pattern -i (cgi-bin) 0 0% 0
refresh_pattern . 0 20% 4320
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 90
read_ahead_gap 16 KB
negative_ttl 5 minutes
store_avg_object_size 13 KB

# HTTP OPTIONS
# -----------------------------------------------------------------------------
request_header_max_size 20 KB
reply_header_max_size 20 KB
request_bodx_max_size 0 allow all
via on
header_access Via deny all
header_access Forwarded-For deny all
header_access X-Forwarded-For deny all
header_access Server deny all
header_access Referer deny all
header_access User-Agent deny all
header_replace User-Agent anonymous
server_http11 on

# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------
cache_mgr dittaanggas7@gmail.com
cache_effective_user proxy
cache_effective_group proxy
visible_hostname h4ck3r-proxy-server
unique_hostname h4ck3r-proxy-server

# DELAY POOL PARAMETERS
# -----------------------------------------------------------------------------

# PERSISTENT CONNECTION HANDLING
# -----------------------------------------------------------------------------

# CACHE DIGEST OPTIONS
# -----------------------------------------------------------------------------
digest_generation on
digest_bits_per_entry 5
digest_rebuild_period 1 hour
digest_rewrite_period 1 hour
digest_swapout_chunk_size 4096 bytes
digest_rebuild_chunk_percentage 10

# OPTIONS INFLUENCING REQUEST FORWARDING
# -----------------------------------------------------------------------------
nonhierarchical_direct on
prefer_direct off
ignore_ims_on_miss off
always_direct allow localhost
always_direct allow localnet
always_direct allow to_localhost
never_direct allow all

# ADVANCED NETWORKING OPTIONS
# -----------------------------------------------------------------------------
max_filedescriptors 0
tcp_recv_bufsize 0 bytes

# DNS OPTIONS
# -----------------------------------------------------------------------------
dns_nameservers 127.0.0.1 8.8.8.8 8.8.4.4
hosts_file /etc/hosts
ipcache_size 1024
ipcache_low 95
ipcache_high 99
fqdncache_size 1024

# MISCELLANEOUS
# -----------------------------------------------------------------------------
forwarded_for off
reload_into_ims on
coredump_dir /var/spool/squid
balance_on_multiple_ip on
pipeline_prefetch on

Settingan storeurl.pl Q (1)

Settingan storeurl.pl Q
================================== Cut Here =========================================
#!/usr/bin/perl
# $Rev$
# by chudy_fernandez@yahoo.com
# rev by ucok_karnadi@yahoo.com
# rev date 02/04/2012
# visit my facebook account http://www.facebook.com/stressss

$|=1;
while (<>) {
@X = split;
# $X[1] =~ s/&sig=.*//;
$x = $X[0] . " ";
$_ = $X[1];
$u = $X[1];

# photos-X.ak.fbcdn.net where X a-z
if (m/^http:\/\/photos-[a-z]?(.ak.fbcdn.net.*)/) {
print $x . "http://photos" . $1 . "\n";

# photo
#} elsif (m/^http:\/\/photos-ash[1-5]?(.fbcdn.net.*)/) {
# print $x . "http://ash.photos" . $1 . "\n";

# photos.ak.fbcdn.net where X i(0-9)
# a5.sphotos.ak.fbcdn.net
#} elsif (m/^http:\/\/[a-z][0-9]?.(sphotos.ak.fbcdn.net.*)/) {
# print $x . "http://cdn.photos" . $1 . "\n";

# BLOGSPOT
} elsif (m/^http:\/\/[1-4].bp.(blogspot.com.*)/) {
print $x . "http://blog-cdn." . $1 . "\n";

# AVAST
#} elsif (m/^http:\/\/download[0-9]{3}.(avast.com.*)/) {
# print $x . "http://avast-cdn." . $1 . "\n";

# KAV
#} elsif (m/^http:\/\/dnl-[0-9]{2}.(geo.kaspersky.com.*)/) {
# print $x . "http://kav-cdn." . $1 . "\n";

# AVG
#} elsif (m/^http:\/\/update.avg.com/) {
# print $x . "http://avg-cdn." . $1 . "\n";

# Mediafire
#} elsif (m/^http:\/\/199\.91\.15\d\.\d*\/\w{12}\/(\w*)\/(.*)/) {
# print $x . "http://www.mediafire.com.SQUIDINTERNAL/" . $1 ."/" . $2 . "\n";

# Fileserve
#} elsif (m/^http:\/\/fs\w*\.fileserve\.com\/file\/(\w*)\/[\w-]*\.\/(.*)/) {
# print $x . "http://www.fileserve.com.SQUIDINTERNAL/" . $1 . "./" . $2 . "\n";

# Filesonic
#} elsif (m/^http:\/\/s[0-9]*\.filesonic\.com\/download\/([0-9]*)\/(.*)/) {
# print $x . "http://www.filesonic.com.SQUIDINTERNAL/" . $1 . "\n";

# 4Shared
#} elsif (m/^http:\/\/[a-zA-Z]{2}\d*\.4shared\.com(:8080|)\/download\/(.*)\/(.*\..*)\?.*/) {
# print $x . "http://www.4shared.com.SQUIDINTERNAL/download/$2\/$3\n";

# 4Shared preview
#} elsif (m/^http:\/\/[a-zA-Z]{2}\d*\.4shared\.com(:8080|)\/img\/(\d*)\/\w*\/dlink__2Fdownload_2F(\w*)_3Ftsid_3D[\w-]*\/preview\.mp3\?sId=\w*/) {
# print $x . "http://www.4shared.com.SQUIDINTERNAL/$2\n";

# maps.google.com
} elsif (m/^http:\/\/(cbk|mt|khm|khms|mlt|tbn)[0-9]?(.google\.co(m|\.uk|\.id).*)/) {
print $x . "http://" . $1 . $2 . "\n";

# maps.google.com
} elsif (m/^http:\/\/(khm|khms|mt)[0-9]?(.google.com.*)/) {
print $x . "http://" . $1 . $2 . "\n";

# gstatic and/or wikimapia
} elsif (m/^http:\/\/([a-z])[0-9]?(\.gstatic\.com.*|\.wikimapia\.org.*)/) {
print $x . "http://" . $1 . $2 . "\n";

# video google / youtube
#} elsif ($X[1] =~ /(youtube|google).*videoplayback\?/){
# @itag = m/[&?](itag=[0-9]*)/;
# @id = m/[&?](id=[^\&]*)/;
# @range = m/[&?](range=[^\&\s]*)/;
# @begin = m/[&?](begin=[^\&\s]*)/;
# @redirect = m/[&?](redirect_counter=[^\&]*)/;
# print $x . "http://video-srv.youtube.com.SQUIDINTERNAL/@itag&@id&@range@begin@redirect\n";

# youtube fix
#} elsif (m/^http:\/\/([0-9.]{4}|.*\.youtube\.com|.*\.googlevideo\.com|.*\.video\.google\.com)\/videoplayback\?(.*)/) {
# $p_str = $2;
# $tag = "";
# $alg = "";
# $id = "";
# $range = "";
# if ($p_str =~ m/(itag=[0-9]*)/){$tag = "&".$1}
# if ($p_str =~ m/(algorithm=[a-z]*\-[a-z]*)/){$alg = "&".$1}
# if ($p_str =~ m/(id=[a-zA-Z0-9]*)/){$id = "&".$1}
# if ($p_str =~ m/(range=[0-9\-]*)/){$range = "&".$1; $range =~ s/-//; $range =~ s/range=//; }
# print $x . "http://video-srv.youtube.com.SQUIDINTERNAL/" . $tag . "&" . $alg . "&" . $id . "&" . $range . "\n";

# ini untuk youtube cache partial
#} elsif (m/^http:\/\/([0-9.]{4}|.*\.youtube\.com|.*\.googlevideo\.com|.*\.video\.google\.com).*?(id=[a-zA-Z0-9]*).*?\&(range=[0-9]*).*/) {
# print $x . "http://video-srv.youtube.com.SQUIDINTERNAL/" . $2 . $3 . "\n";

# compatibility for old cached get_video?video_id
#} elsif (m/^http:\/\/([0-9.]{4}|.*\.youtube\.com|.*\.googlevideo\.com|.*\.video\.google\.com).*?(videoplayback\?id=.*?|video_id=.*?)\&(.*?)/) {
# $z = $2; $z =~ s/video_id=/get_video?video_id=/;
# print $x . "http://video-srv.youtube.com.SQUIDINTERNAL/" . $z . "\n";

# youtube All itag (semua resolusi)
#} elsif (m/^http:\/\/([0-9.]{4}|.*\.youtube\.com|.*\.googlevideo\.com|.*\.video\.google\.com).*?(itag=[0-9]*).*?\&(id=[a-zA-Z0-9]*).*/) {
# print $x . "http://video-srv.youtube.com.SQUIDINTERNAL/" . $2 . "&" . $3 . "\n";

# youtube All itag (semua resolusi) posisi kebalikan
#} elsif (m/^http:\/\/([0-9.]{4}|.*\.youtube\.com|.*\.googlevideo\.com|.*\.video\.google\.com).*?(id=[a-zA-Z0-9]*).*?\&(itag=[0-9]*).*/) {
# print $x . "http://video-srv.youtube.com.SQUIDINTERNAL/" . $3 . "&" . $2 . "\n";

# Google
} elsif (m/^http:\/\/www\.google-analytics\.com\/__utm\.gif\?.*/) {
print $x . "http://www.google-analytics.com/__utm.gif\n";

# Cache High Latency Ads
#} elsif (m/^http:\/\/([a-z0-9.]*)(\.doubleclick\.net|\.quantserve\.com|\.googlesyndication\.com|yieldmanager|cpxinteractive)(.*)/) {
# $y = $3;$z = $2;
# for ($y) {
# s/pixel;.*/pixel/;
# s/activity;.*/activity/;
# s/(imgad[^&]*).*/\1/;
# s/;ord=[?0-9]*//;
# s/;×tamp=[0-9]*//;
# s/[&?]correlator=[0-9]*//;
# s/&cookie=[^&]*//;
# s/&ga_hid=[^&]*//;
# s/&ga_vid=[^&]*//;
# s/&ga_sid=[^&]*//;
# s/&prev_slotnames=[^&]*//
# s/&u_his=[^&]*//;
# s/&dt=[^&]*//;
# s/&dtd=[^&]*//;
# s/&lmt=[^&]*//;
# s/(&alternate_ad_url=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/;
# s/(&url=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/;
# s/(&ref=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/;
# s/(&cookie=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/;
# s/[;&?]ord=[?0-9]*//;
# s/[;&]mpvid=[^&;]*//;
# s/&xpc=[^&]*//;
# yieldmanager
# s/\?clickTag=[^&]*//;
# s/&u=[^&]*//;
# s/&slotname=[^&]*//;
# s/&page_slots=[^&]*//;
# }
# print $x . "http://" . $1 . $2 . $y . "\n";

# cache high latency ads
#} elsif (m/^http:\/\/(.*?)\/(ads)\?(.*?)/) {
# print $x . "http://" . $1 . "/" . $2 . "\n";

# Ziddu
#} elsif (m/^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*?)/) {
# print $x . "http://" . $1 . "\n";

# cdn, varialble 1st path
#} elsif (($u =~ /filehippo/) && (m/^http:\/\/(.*?)\.(.*?)\/(.*?)\/(.*)\.([a-z0-9]{3,4})(\?.*)?/)) {
# @y = ($1,$2,$4,$5);
# $y[0] =~ s/[a-z0-9]{2,5}/cdn./;
# print $x . "http://" . $y[0] . $y[1] . "/" . $y[2] . "." . $y[3] . "\n";

# rapidshare
#} elsif (($u =~ /rapidshare/) && (m/^http:\/\/(([A-Za-z]+[0-9-.]+)*?)([a-z]*\.[^\/]{3}\/[a-z]*\/[0-9]*)\/(.*?)\/([^\/\?\&]{4,})$/)) {
# print $x . "http://cdn." . $3 . "/SQUIDINTERNAL/" . $5 . "\n";

#} elsif (($u =~ /maxporn/) && (m/^http:\/\/([^\/]*?)\/(.*?)\/([^\/]*?)(\?.*)?$/)) {
# print $x . "http://" . $1 . "/SQUIDINTERNAL/" . $3 . "\n";

# domain/path/.*/path/filename
#} elsif (($u =~ /fucktube/) && (m/^http:\/\/(.*?)(\.[^\.\-]*?[^\/]*\/[^\/]*)\/(.*)\/([^\/]*)\/([^\/\?\&]*)\.([^\/\?\&]{3,4})(\?.*?)$/)) {
# @y = ($1,$2,$4,$5,$6);
# $y[0] =~ s/(([a-zA-A]+[0-9]+(-[a-zA-Z])?$)|([^\.]*cdn[^\.]*)|([^\.]*cache[^\.]*))/cdn/;
# print $x . "http://" . $y[0] . $y[1] . "/" . $y[2] . "/" . $y[3] . "." . $y[4] . "\n";

# like porn hub variables url and center part of the path, filename etention 3 or 4 with or without ? at the end
#} elsif (($u =~ /tube8|pornhub|xvideos/) && (m/^http:\/\/(([A-Za-z]+[0-9-.]+)*?(\.[a-z]*)?)\.([a-z]*[0-9]?\.[^\/]{3}\/[a-z]*)(.*?)((\/[a-z]*)?(\/[^\/]*){4}\.[^\/\?]{3,4})(\?.*)?$/)) {
# print $x . "http://cdn." . $4 . $6 . "\n";

# for yimg.com video
#} elsif (m/^http:\/\/(.*yimg.com)\/\/(.*)\/([^\/\?\&]*\/[^\/\?\&]*\.[^\/\?\&]{3,4})(\?.*)?$/) {
# print $x . "http://cdn.yimg.com/" . $3 . "\n";
# print $x . "http://" . $y[0] . ".ytimg.com/" . $3 . "\n";

# for yimg.com doubled
#} elsif (m/^http:\/\/(.*?)\.yimg\.com\/(.*?)\.yimg\.com\/(.*?)\?(.*)/) {
# print $x . "http://cdn.yimg.com/" . $3 . "\n";
# print $x . "http://" . $y[0] . ".ytimg.com/" . $3 . "\n";

# for yimg.com with &sig=
#} elsif (m/^http:\/\/([^\.]*)\.yimg\.com\/(.*)/) {
# @y = ($1,$2);
# $y[0] =~ s/[a-z]+([0-9]+)?/cdn/;
# $y[1] =~ s/&sig=.*//;
# print $x . "http://" . $y[0] . ".yimg.com/" . $y[1] . "\n";

# for ytimg.com doubled
#} elsif (m/^http:\/\/(.*?)\.ytimg\.com\/(.*?)\.ytimg\.com\/(.*?)\?(.*)/) {
# print $x . "http://cdn.ytimg.com/" . $3 . "\n";
# print $x . "http://" . $y[0] . ".ytimg.com/" . $3 . "\n";

# for ytimg.com with &sig=
#} elsif (m/^http:\/\/([^\.]*)\.ytimg\.com\/(.*)/) {
# @y = ($1,$2);
# $y[0] =~ s/[a-z]+([0-9]+)?/cdn/;
# $y[1] =~ s/&sig=.*//;
# print $x . "http://" . $y[0] . ".ytimg.com/" . $y[1] . "\n";

# youjizz. We use only domain and filename
#} elsif (($u =~ /media[0-9]{1,5}\.youjizz/) && (m/^http:\/\/(.*?)(\.[^\.\-]*?\.[^\/]*)\/(.*)\/([^\/\?\&]*)\.([^\/\?\&]{3,4})(\?.*?)$/)) {
# @y = ($1,$2,$4,$5);
# $y[0] =~ s/(([a-zA-A]+[0-9]+(-[a-zA-Z])?$)|([^\.]*cdn[^\.]*)|([^\.]*cache[^\.]*))/cdn/;
# print $x . "http://" . $y[0] . $y[1] . "/" . $y[2] . "." . $y[3] . "\n";

# general purpose for cdn servers. add above your specific servers.
#} elsif (m/^http:\/\/([0-9.]*?)\/\/(.*?)\.(.*)\?(.*?)/) {
# print $x . "http://squid-cdn-url/" . $2 . "." . $3 . "\n";

# spicific extention
#} elsif (m/^http:\/\/(.*?)\.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|mp(4|3)|exe|msi|zip|on2|mar|swf|deb|udeb|tar|gz|html|htm|php|css|js).*?/) {
# @y = ($1,$2);
# $y[0] =~ s/((cache|cdn)[-\d]*)|([a-zA-A]+-?[0-9]+(-[a-zA-Z]*)?)/cdn/;
# print $x . "http://" . $y[0] . "." . $y[1] . "\n";

# generic http://variable.domain.com/path/filename."ex", "ext" or "exte"
# http://cdn1-28.projectplaylist.com
# http://s1sdlod041.bcst.cdn.s1s.yimg.com
#} elsif (m/^http:\/\/(.*?)(\.[^\.\-]*?\..*?)\/([^\?\&\=]*)\.([\w\d]{2,4})\??.*$/) {
# @y = ($1,$2,$3,$4);
# $y[0] =~ s/([a-z][0-9][a-z]dlod[\d]{3})|((cache|cdn)[-\d]*)|([a-zA-A]+-?[0-9]+(-[a-zA-Z]*)?)/cdn/;
# print $x . "storeurl://" . $y[0] . $y[1] . "/" . $y[2] . "." . $y[3] . "\n";

# generic http://variable.domain.com/path/filename."ex" "ext" or "exte" with or withour "? or %"
#} elsif (m/^http:\/\/(.*)(\.[^\.\-]*?\..*?)\/(.*)\.([^\/\?\&]{2,4})((\?|\%).*)?$/) {
# @y = ($1,$2,$3,$4);
# $y[0] =~ s/(([a-zA-A]+[0-9]+(-[a-zA-Z])?$)|(.*cdn.*)|(.*cache.*))/cdn/;
# print $x . "http://" . $y[0] . $y[1] . "/" . $y[2] . "." . $y[3] . "\n";

# generic http://variable.domain.com/...
#} elsif (m/^http:\/\/(([A-Za-z]+[0-9-]+)*?|.*cdn.*|.*cache.*)\.(.*?)\.(.*?)\/(.*)$/) {
# print $x . "http://cdn." . $3 . "." . $4 . "/" . $5 . "\n";

# all that ends with ;
#} elsif (m/^http:\/\/(.*?)\/(.*?)\;(.*)/) {
# print $x . "http://" . $1 . "/" . $2 . "\n";

# Edit By Me
# ====================================================================================
# Facebook game store
} elsif (m/^https:\/\/apps.facebook.com\/empiresandallies\/(.*\.(php|html|htm|css|js|jp(e?g|e|2)|txt|swf|gif|png|cgi|xml))\?(.*)/) {
print $x . "https://apps.facebook.com/empiresandallies/" . $2 . "." . $3 . "\n";

} elsif (m/^https:\/\/apps.facebook.com\/cityville\/(.*\.(php|html|htm|css|js|jp(e?g|e|2)|txt|swf|gif|png|cgi|xml))\?(.*)/) {
print $x . "https://apps.facebook.com/cityville/" . $2 . "." . $3 . "\n";

} elsif (m/^https:\/\/apps.facebook.com\/texas_holdem\/(.*\.(php|html|htm|css|js|jp(e?g|e|2)|txt|swf|gif|png|cgi|xml))\?(.*)/) {
print $x . "https://apps.facebook.com/texas_holdem/" . $2 . "." . $3 . "\n";

} elsif (m/^https:\/\/apps.facebook.com\/mafiawars-two\/(.*\.(php|html|htm|css|js|jp(e?g|e|2)|txt|swf|gif|png|cgi|xml))\?(.*)/) {
print $x . "https://apps.facebook.com/mafiawars-two/" . $2 . "." . $3 . "\n";

} elsif (m/^https:\/\/apps.facebook.com\/thesimssocial\/(.*\.(php|html|htm|css|js|jp(e?g|e|2)|txt|swf|gif|png|cgi|xml))\?(.*)/) {
print $x . "https://apps.facebook.com/thesimssocial/" . $2 . "." . $3 . "\n";

# Speedtest store
#speedtest (no edit by me)
#} elsif (m/^http:\/\/(.*)\/speedtest\/(.*\.(php|html|htm|css|js|jp(e?g|e|2)|txt|swf|gif|png|cgi|xml))\?(.*)/) {
# print $x . "http://www.speedtest.net.SQUIDINTERNAL/speedtest/" . $2 . "." . $3 . "\n";

#speedtest
} elsif (m/^http:\/\/www.speedtest.net\/(.*\.(php|html|htm|css|js|jp(e?g|e|2)|txt|swf|gif|png|cgi|xml))\?(.*)/) {
print $x . "http://www.speedtest.net.SQUIDINTERNAL/speedtest/" . $2 . "." . $3 . "\n";

#speedtest Jogja Speedy
} elsif (m/^http:\/\/jogja.speedtest.telkomspeedy.com\/(.*\.(php|html|htm|css|js|jp(e?g|e|2)|txt|swf|gif|png|cgi|xml))\?(.*)/) {
print $x . "http://jogja.speedtest.telkomspeedy.com.SQUIDINTERNAL/speedtest/" . $2 . "." . $3 . "\n";

#speedtest Speedy 6
} elsif (m/^http:\/\/6.speedtest.telkomspeedy.com\/(.*\.(php|html|htm|css|js|jp(e?g|e|2)|txt|swf|gif|png|cgi|xml))\?(.*)/) {
print $x . "http://6.speedtest.telkomspeedy.com.SQUIDINTERNAL/speedtest/" . $2 . "." . $3 . "\n";

#speedtest Dnet
} elsif (m/^http:\/\/speedtest.sby.dnet.net.id\/(.*\.(php|html|htm|css|js|jp(e?g|e|2)|txt|swf|gif|png|cgi|xml))\?(.*)/) {
print $x . "http://speedtest.sby.dnet.net.id.SQUIDINTERNAL/speedtest/" . $2 . "." . $3 . "\n";

#speedtest Hypernet
} elsif (m/^http:\/\/speedtest-sby.hyper.net.id\/(.*\.(php|html|htm|css|js|jp(e?g|e|2)|txt|swf|gif|png|cgi|xml))\?(.*)/) {
print $x . "http://speedtest-sby.hyper.net.id.SQUIDINTERNAL/speedtest/" . $2 . "." . $3 . "\n";

#speedtest Biznetwork
} elsif (m/^http:\/\/speedtest-surabaya.biznetnetworks.com\/(.*\.(php|html|htm|css|js|jp(e?g|e|2)|txt|swf|gif|png|cgi|xml))\?(.*)/) {
print $x . "http://speedtest-surabaya.biznetnetworks.com.SQUIDINTERNAL/speedtest/" . $2 . "." . $3 . "\n";

#speedtest transmediahost
} elsif (m/^http:\/\/vps.transmediahost.com\/(.*\.(php|html|htm|css|js|jp(e?g|e|2)|txt|swf|gif|png|cgi|xml))\?(.*)/) {
print $x . "http://vps.transmediahost.com.SQUIDINTERNAL/mini/speedtest/" . $2 . "." . $3 . "\n";

#speedtest iconpln
} elsif (m/^http:\/\/1speedtest.iconpln.net.id\/(.*\.(php|html|htm|css|js|jp(e?g|e|2)|txt|swf|gif|png|cgi|xml))\?(.*)/) {
print $x . "http://1speedtest.iconpln.net.id.SQUIDINTERNAL/speedtest/" . $2 . "." . $3 . "\n";

# File deb store
# Debcache
} elsif (m/^http:\/\/singo.ub.ac.id\/(.*\.(deb|udeb|gpg|bz2|gz|html|src|dsc))\?(.*)/) {
print $x . "http://singo.ub.ac.id/ubuntu/" . $1 . "\n";

# Debcache 2
} elsif (m/^http:\/\/cdn.foss-id.web.id\/(.*\.(deb|udeb|gpg|bz2|gz|html|src|dsc))\?(.*)/) {
print $x . "http://cdn.foss-id.web.id/ubuntu/" . $1 . "\n";

# CDN store
# Akamai
# https://fbcdn-sphotos-a.akamaihd.net/hphotos-ak-snc7/417104_223403571091068_756876996_n.jpg
} elsif (m/^http:\/\/(.*)\/akamaihd\/(.*\.(php|html|htm|css|js|jp(e?g|e|2)|txt|swf|gif|png|cgi|xml))\?(.*)/) {
# print $x . "http://fbcdn-sphotos-a.akamaihd.net/hphotos-ak-snc7/" . $1 . "\n";
# print $x . "http://fbcdn-sphotos-a.akamaihd.net/" . $1 . "/" . $2 . "\n";
print $x . "http://" . $1 . ".akamaihd." . $2 . "/" . $3 . "\n";

# Zynga
} elsif (m/^http:\/\/(.*)\/zynga\/(.*\.(php|html|htm|css|js|jp(e?g|e|2)|txt|swf|gif|png|cgi|xml))\?(.*)/) {
print $x . "http://" . $1 . ".zynga." . $2 . "/" . $3 . "\n";

#(m/^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*?)/)
#} elsif (m/^http:\/\/i[0-9]\.ytimg\/(.*\.(php|html|htm|css|js|jp(e?g|e|2)|txt|swf|gif|png|cgi|xml))\?(.*)/) {
# print $x . "i1.ytimg.com" . $2 . "/" . $3 . "\n";
# print $x . "i2.ytimg.com" . $2 . "/" . $3 . "\n";
# print $x . "i3.ytimg.com" . $2 . "/" . $3 . "\n";
# print $x . "i4.ytimg.com" . $2 . "/" . $3 . "\n";

#o-o---preferred---pttelkom-sub2---v23---lscache5.c.youtube.com
#http://tc.v6.cache5.c.youtube.com

# for ytimg.com video
} elsif (m/^http:\/\/(.*ytimg.com)\/\/(.*)\/([^\/\?\&]*\/[^\/\?\&]*\.[^\/\?\&]{3,4})(\?.*)?$/) {
print $x . "http://cdn.ytimg.com/" . $3 . "\n";
print $x . "http://" . $y[0] . ".ytimg.com/" . $3 . "\n";

# for ytimg.com doubled
} elsif (m/^http:\/\/(.*?)\.ytimg\.com\/(.*?)\.ytimg\.com\/(.*?)\?(.*)/) {
print $x . "http://cdn.ytimg.com/" . $3 . "\n";
print $x . "http://" . $1 . ".ytimg.com/" . $3 . "\n";

# for ytimg.com with &sig=
} elsif (m/^http:\/\/([^\.]*)\.ytimg\.com\/(.*)/) {
@y = ($1,$2);
$y[0] =~ s/[a-z]+([0-9]+)?/cdn/;
$y[1] =~ s/&sig=.*//;
print $x . "http://" . $y[0] . ".ytimg.com/" . $y[1] . "\n";

# for ytimg.com doubled
} elsif (m/^http:\/\/(.*?)\.ytimg\.com\/(.*?)\.ytimg\.com\/(.*?)\?(.*)/) {
print $x . "http://cdn.ytimg.com/" . $3 . "\n";
print $x . "http://" . $y[0] . ".ytimg.com/" . $3 . "\n";

# for ytimg.com with &sig=
} elsif (m/^http:\/\/([^\.]*)\.ytimg\.com\/(.*)/) {
@y = ($1,$2);
$y[0] =~ s/[a-z]+([0-9]+)?/cdn/;
$y[1] =~ s/&sig=.*//;
print $x . "http://" . $y[0] . ".ytimg.com/" . $y[1] . "\n";
# ====================================================================================

} else {
print $x . $_ . "\n";
}
}
================================== Cut Here =========================================

Settingan squid.conf Q (1)

Ringkasan ini tidak tersedia. Harap klik di sini untuk melihat postingan.

Install squid lusca proxy di linux ubuntu 12.04

#!/bin/sh

echo "=================================================================="
echo "Installation script SQUID LUSCA_HEAD-r14809 for linux ubuntu 12.04"
echo "------------------------------------------------------------------"
echo "Created by : Angga Adi"
echo "Email : dittaanggas7@gmail.com"
echo "=================================================================="

echo "Install LUSCA dan squidclient"
sudo apt-get install lusca
sudo apt-get install squidclient

echo "Memberi permission"
sudo chown proxy:proxy /var/spool/lusca
sudo chown proxy:proxy /etc/lusca/squid.conf
sudo chown proxy:proxy /var/log/lusca/access.log
sudo chown proxy:proxy /var/log/lusca/cache.log
sudo chown proxy:proxy /var/log/lusca/store.log

echo "Setup LUSCA"
sudo lusca -f /etc/lusca/squid.conf -z

echo "Restart LUSCA"
sudo service lusca restart

- Kopikan script di atas di gedit atau software editor yang lainnya, lalu simpan dengan ekstensi .sh -
- Lalu jalankan scriptnya lewat terminal(gunakan akses root) -

- Cara menjalankan scriptnya : -
- 1.Buka terminal -
- 2.Ketikan : sudo su, lalu tekan enter -
- 3.Ketikan : sh /folder/script/lusca/lusca.sh, lalu tekan enter -