Script squid.conf + storeid.pl + speedtest.pl Untuk Lusca di Ubuntu Server

Script squid.conf + storeid.pl + speedtest.pl Untuk Lusca di Ubuntu Server

Lusca adalah proxy yang berasal dari squid tetapi sudah mengalami beberapa patch dan perombakan sehingga dihasilnya proxy yang lebih effisien. saya akan berbagi Script squid.conf + storeid.pl + speedtest.pl Untuk Lusca di Ubuntu Server.

######################### SQUID.CONF ###########################
dns_v4_first on
reply_header_access Alternate-Protocol deny all
reply_header_access Alt-Svc deny all

#cache_dir aufs /cache 700000 16 256
cache_dir aufs /cache 360000 1 1
cache_mem 8 MB
coredump_dir /var/log/squid

cache_swap_low 80
cache_swap_high 85
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF

maximum_object_size 4096000 KB
maximum_object_size_in_memory 0 KB
request_body_max_size 0 KB
refresh_all_ims on
reload_into_ims on

cache_mgr [email protected]
visible_hostname cespun-proxy
strip_query_terms off
httpd_suppress_version_string on
log_mime_hdrs off
forwarded_for off
via off

request_header_access X-Forwarded-For deny all
reply_header_access X-Forwarded-For deny all
request_header_access Via deny all
reply_header_access Via deny all
max_filedescriptors 65536

cache_swap_high 98
cache_swap_low 95
fqdncache_size 4096
ipcache_size 4096
dns_nameservers 208.67.222.222 208.67.220.220

http_port 3128
#http_port 3127 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/warnet.pem
#http_port 3129 intercept
#https_port 3127 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/warnet.pem
http_port 3129 tproxy
https_port 3127 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/warnet.pem

qos_flows local-hit=0x30

acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 182 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http

acl step1 at_step SslBump1
acl step2 at_step SslBump2
acl step3 at_step SslBump3
#acl sslserver ssl::server_name_regex -i “/etc/squid/bypass.txt”
#acl iphone browser -i regexp (iPhone|iPad)
#acl BB browser -i regexp (BlackBerry|PlayBook)
#acl Winphone browser -i regexp (Windows.*Phone|Trident|IEMobile)
#acl Android browser -i regexp Android
acl yt-modif url_regex -i ^https?\:\/\/www\.youtube\.com\/(watch\?v|embed|v)
acl youtube url_regex -i ^http.*(youtube|googlevideo|videoplayback|videogoodput)
acl versipatch url_regex -i ^http.*(update|patch).*versi
acl versipatch url_regex -i ^http.*versi.*(update|patch)
acl versipatch url_regex -i ^http.*(antihack|xigncode|gameguard)
#acl patchpartial url_regex -i ^http.*(garena|gemscool|netmarble|valve|dota|winnerinter|lytogame|megaxus).*patch
#acl patchpartial url_regex -i ^http.*patch.*(garena|gemscool|netmarble|valve|dota|winnerinter|lytogame|megaxus)
acl patchpartial url_regex -i ^http.*patch.*garena
acl patchpartial url_regex -i ^http.*garena.*patch
acl httptomiss http_status 302
acl mimehtml rep_mime_type -i mime-type ^text/html
acl mimeplain rep_mime_type -i mime-type ^text/plain
acl tostoreid url_regex -i ^http.*(youtube|googlevideo|videoplayback|videogoodput)
acl tostoreid url_regex -i ^http.*(fbcdn|akamaihd)
acl tostoreid url_regex -i ^http.*c2lo\.reverbnation\.com\/audio_player\/ec_stream_song\/.*\?
acl tostoreid url_regex -i ^http.*\.c\.android\.clients\.google\.com\/market\/GetBinary\/GetBinary\/.*\/.*\?
acl tostoreid url_regex -i ^http.*datafilehost.*\/get\.php.*file\=.*
acl tostoreid url_regex -i ^http.*\.filehippo\.com\/.*\?
acl tostoreid url_regex -i ^http.*\.4shared\.com\/.*\/.*\/.*\/dlink.*preview.mp3
acl tostoreid url_regex -i ^http.*\.4shared\.com\/download\/.*\/.*\?tsid
acl tostoreid url_regex -i ^http.*steam(powered|content)
acl tostoreid url_regex -i ^http.*savefile\.co\:182\/.*\/.*\.(mp4|flv|3gp)
acl tostoreid url_regex -i ^http.*video\-http\.media\-imdb\.com\/.*\.mp4\?
acl tostoreid url_regex -i ^http.*\.dl\.sourceforge\.net
#acl tostoreid url_regex -i ^http.*(speedtest|espeed).*\/.*\.(jpg|txt)
acl speedtest url_regex -i ^http.*(speedtest|espeed).*\/(latency|upload|random.*)\.(jpg|txt|php)
acl CONNECT method CONNECT
acl getmethod method GET

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all

request_header_access Range deny !patchpartial
#range_offset_limit 128 KB !patchpartial
range_offset_limit none patchpartial
quick_abort_min 1 KB
quick_abort_max 1 KB
quick_abort_pct 95

#request_header_access User-Agent deny yt-modif !iphone !BB !Winphone !Android
### flash
#request_header_replace User-Agent Opera/9.80 (Windows NT 6.0) Presto/2.12.388 Version/12.14
### flash
#request_header_replace User-Agent Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0) Opera 12.14
###html5
#request_header_replace User-Agent Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0
###html5
#request_header_replace user_Agent Mozilla/5.0 (Windows NT 5.1; rv:35.0) Gecko/20100101 Firefox/35.0
#request_header_replace Mozilla/6.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:2.0.0.0) Gecko/20061028 Firefox/3.0

cache deny versipatch
cache deny localhost
ssl_bump splice localhost
#ssl_bump splice sslserver
ssl_bump peek step1 all
ssl_bump bump step2 all
ssl_bump splice step3 all

sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
sslcrtd_children 2000 startup=30 idle=1
sslproxy_capath /etc/squid/ssl_cert
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
sslproxy_flags NO_SESSION_REUSE
ssl_unclean_shutdown on
#sslproxy_options NO_SSLv2,NO_SSLv3,SINGLE_ECDH_USE #Jika menggunakan versi setelah squid-3.5.12-20151222-r13967
sslproxy_options NO_SSLv2,NO_SSLv3
sslproxy_cipher EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS

#debug_options 11,2 22,3
logfile_rotate 1
#logformat referer %ts.%03tu %>a %{Referer}>h %ru
#logformat referer %ts.%03tu %>a %ru %{Referer}>h
#logformat referer %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mt %{Referer}>h %{User-Agent}>h
#access_log /var/log/squid/access.log !CONNECT
#access_log /var/log/squid/connect.log CONNECT
#cache_store_log /var/log/squid/store.log
access_log stdio:/var/log/squid/access.log
netdb_filename none
#ecap
#yt_quality: tiny = 144px small = 240px medium = 360px large = 480px HD720 = Hd720px
loadable_modules /usr/local/lib/ecap_adapter_modifying.so
ecap_enable on
request_header_access Accept-Encoding deny yt-modif
ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying victim=”enablejsapi” replacement=”dash”:”0″,”vq”:”medium”,”enablejsapi”
#ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying victim=”enablejsapi” replacement=”dash”:”1″,”vq”:”tiny”,”enablejsapi”
#ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying victim=”enablejsapi” replacement=”vq”:”small”,”enablejsapi”
adaptation_access modif allow yt-modif
adaptation_access modif deny all

cache deny speedtest
url_rewrite_access allow speedtest
url_rewrite_access deny all
url_rewrite_program /etc/squid/speedtest.pl
redirector_bypass on
cache_peer 10.212.212.212 parent 8033 0 no-digest no-tproxy
dead_peer_timeout 5 seconds
cache_peer_access 10.212.212.212 allow speedtest
cache_peer_access 10.212.212.212 deny all
always_direct deny speedtest
never_direct allow speedtest
url_rewrite_children 2000 startup=30 idle=1

store_id_bypass off
store_id_extras “%{Referer}>h”
store_id_program /etc/squid/storeid.pl
store_id_children 2000 startup=30 idle=1
store_id_access deny !getmethod
store_id_access allow tostoreid
store_id_access deny all

store_miss deny youtube httptomiss
send_hit deny youtube httptomiss
store_miss deny youtube mimeplain
send_hit deny youtube mimeplain
store_miss deny mimehtml
send_hit deny mimehtml
store_miss deny versipatch
send_hit deny versipatch

refresh_pattern -i . 0 90% 432000 override-expire override-lastmod reload-into-ims refresh-ims ignore-no-store ignore-must-revalidate ignore-private ignore-auth store-stale
max_stale 1 day

####################### STOREID.PL ##########################
#!/usr/bin/perl
$| = 1;

while (<>) {

@X = split;
if ($X[0] =~ m/^http.*/) {
$url = $X[0];
$referer = $X[1];
$urlreferer = $X[0] .” “. $X[1];
} else {
$chanel = $X[0];
$url = $X[1];
$referer = $X[2];
$urlreferer = $X[1] .” “. $X[2];
}
#youtube googlevideo
if ($url =~ m/^https?\:\/\/.*google.*video(playback|goodput).*/){
@cpn = m/[=%&?\/]cpn[=%&?\/]([^\&\s]*)/;
@id = m/[=%&?\/]id[=%&?\/]([^\&\s]*)/;
@itag = m/[=%&?\/]itag[=%&?\/]([\d]*)/;
@range = m/[=%&?\/]range[=%&?\/]([\d]*-[\d]*)/;
@mime = m/[=%&?\/]mime[=%&?\/]([^\&\s]*)/;
if ($referer =~ m/^https?\:\/\/www\.youtube\.com\/(watch\?v|embed|v)[=%&?\/]([^\&\s\?]*)/){
@id = $2;
} else {
if (defined(@cpn[0])){
if (-e “/tmp/@cpn”){
open FILE, “/tmp/@cpn”;
@id = <FILE>;
close FILE;
}
}
}
$out=”OK store-id=http://squid/google/video/[email protected]/[email protected]/[email protected]/[email protected]”;

#youtube parameter
} elsif (
($url =~ m/^https?\:\/\/.*youtube.*(stream_204|watchtime|qoe|atr|csi_204|playback).*[=%&?\/]docid[=%&?\/]([^\&\s]*)/) ||
($url =~ m/^https?\:\/\/.*youtube.*(ptracking|set_awesome).*[=%&?\/]video_id[=%&?\/]([^\&\s]*)/) ||
($url =~ m/^https?\:\/\/.*youtube.*(player_204).*[=%&?\/]v[=%&?\/]([^\&\s]*)/)
){
@id = $2;
@cpn = m/[=%&?\/]cpn[=%&?\/]([^\&\s]*)/;
if ($referer !~ m/^https?\:\/\/www\.youtube\.com\/(watch\?v|embed|v)[=%&?\/]([^\&\s\?]*)/){
unless (-e “/tmp/@cpn”){
open FILE, “>/tmp/@cpn”;
print FILE @id;
close FILE;
}
}
$out = “ERR”;

#utmgif
} elsif ($url =~ m/^https?\:\/\/www\.google-analytics\.com\/__utm\.gif\?.*/) {
$out=”OK store-id=http://squid/google-analytics/__utm.gif”;

#fbcdn.net or akamaihd.net video range
} elsif ($url =~ m/^https?\:\/\/.*(fbcdn\.net|akamaihd\.net).*\/([\w-]+\.[\w]{2,4}).*(bytestart[=%&?\/][\d]+[&\/]byteend[=%&?\/][\d]+)/) {
$out=”OK store-id=http://squid/$1/$2/$3″;

#fbcdn.net or akamaihd.net with size
} elsif ($url =~ m/^https?\:\/\/.*(fbcdn\.net|akamaihd\.net).*\/([a-zA-Z][\d]+[x][\d]+\/[\w-]+\.[\w]{2,4})($|\?)/) {
$out=”OK store-id=http://squid/$1/$2″;

#fbcdn.net or akamaihd.net safe_image.php
} elsif ($url =~ m/^https?\:\/\/.*(fbcdn\.net|akamaihd\.net).*\/safe_image\.php\?(.*)/) {
$out=”OK store-id=http://squid/$1/$2″;

#reverbnation
} elsif ($url =~ m/^https?\:\/\/c2lo\.reverbnation\.com\/audio_player\/ec_stream_song\/(.*)\?.*/) {
$out=”OK store-id=http://squid/reverbnation/$1″;

#playstore
} elsif ($url =~ m/^https?\:\/\/.*\.c\.android\.clients\.google\.com\/market\/GetBinary\/GetBinary\/(.*\/.*)\?.*/) {
$out=”OK store-id=http://squid/android/market/$1″;
#filehost
} elsif ($url =~ m/^https?\:\/\/.*datafilehost.*\/get\.php.*file\=(.*)/) {
$out=”OK store-id=http://squid/datafilehost/$1″;
#speedtest
} elsif ($url =~ m/^https?\:\/\/.*(speedtest|espeed).*\/(.*\.(txt|jpg)).*/) {
$out=”OK store-id=http://squid/speedtest/$2″;
#filehippo
} elsif ($url =~ m/^https?\:\/\/.*\.filehippo\.com\/.*\/([\w-]+\.[\w]{2,4})\?.*/) {
$out=”OK store-id=http://squid/filehippo/$1″;
#4shared preview.mp3
} elsif ($url =~ m/^https?\:\/\/.*\.4shared\.com\/.*\/(.*\/.*)\/dlink.*preview.mp3/) {
$out=”OK store-id=http://squid/4shared/preview/$1″;

#4shared
} elsif ($url =~ m/^https?\:\/\/.*\.4shared\.com\/download\/(.*\/.*)\?tsid.*/) {
$out=”OK store-id=http://squid/4shared/download/$1″;

#savefile-animeindo.tv
} elsif ($url =~ m/^https?:\/\/www\.savefile\.co\:182\/.*\/(.*\.(mp4|flv|3gp)).*/) {
$out=”OK store-id=http://squid/savefile:182/$1″;

#imdb
} elsif ($url =~ m/^https?\:\/\/video\-http\.media\-imdb\.com\/(.*\.mp4)\?.*/) {
$out=”OK store-id=http://squid/imdb/$1″;

#sourceforge
} elsif ($url =~ m/^https?\:\/\/.*\.dl\.sourceforge\.net\/([\w-]+\.[\w]{2,3})/) {
$out=”OK store-id=http://squid/sourceforge/$1″;

#steampowered dota 2
} elsif ($url =~ m/^https?\:\/\/.*steam(powered|content).*\/((client|depot)\/[\d]+\/(chunk|manifest)\/[^\?\s]*).*/) {
$out=”OK store-id=http://squid/steam/content-powered/$2″;

} else {
$out=”ERR”;
}

if ($X[0] =~ m/^http.*/) {
print “$out\n”;
} else {
print “$chanel $out\n”;
}
}

Baca Juga : Manipulasi Speedtest / Fake Speedtest Menggunakan Apache2 Ubuntu

#################### SPEEDTEST.PL ##########
#!/usr/bin/perl

$|=1;
while (<>) {
@X = split;
if ($X[0] =~ m/^http.*/) {
$url = $X[0];
$referer = $X[1];
$urlreferer = $X[0] .” “. $X[1];
} else {
$chanel = $X[0];
$url = $X[1];
$referer = $X[2];
$urlreferer = $X[1] .” “. $X[2];
}

if ($url=~ m/^https?\:\/\/.*(speedtest|espeed).*\/((latency|upload|random.*)\.(jpg|txt|php))/) {
$out=”OK rewrite-url=http://10.212.212.212:8033/speedtest/$2″;
} else {
$out=”ERR”;
}

if ($X[0] =~ m/^http.*/) {
print “$out\n”;
} else {
print “$chanel $out\n”;
}
}

Incoming search terms:

Related posts

2 Thoughts to “Script squid.conf + storeid.pl + speedtest.pl Untuk Lusca di Ubuntu Server

  1. olala

    #steampowered dota 2
    } elsif ($url =~ m/^https?\:\/\/.*steam(powered|content).*\/((client|depot)\/[\d]+\/(chunk|manifest)\/[^\?\s]*).*/) {
    $out=”OK store-id=http://squid/steam/content-powered/$2″;

    tolong kalau untuk storeurl.pl bentuk perintah nya bagaimana ? terima kasih

  2. […] Baca Juga : Script squid.conf + storeid.pl + speedtest.pl Untuk Lusca di Ubuntu Server […]

Leave a Comment