Professional Documents
Culture Documents
Proxy Otomatis
Proxy Otomatis
/bin/bash
clear
echo
"|
=============================================================
========|"
echo | Instalasi Squid Tproxy Otomatis Faisal Reza http://www.imxpert.co |
echo | Debian 8/Ubuntu 14.04 |
echo | 64 bit |
echo | September 2015 |
echo
+===========================================================
==========+
echo
# Versi Squid yang akan diinstall
SQVER=3.5.7
V=`uname -r`
ER=ERROR, linux-nya bukan 64 bit
ER2=ganti versi instalasi linux nya
P=`uname -m`
if [ $P = x86_64 ] ; then
echo Versi Linux : $Z
echo Versi Kernel : $V
echo Versi Squid : $SQVER
else
echo $ER
echo
echo $ER2
echo
exit 0
f
echo
echo kernel.panic = 30
kernel.panic_on_oops = 30
kernel.sysrq = 0
kernel.core_uses_pid = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
fs.fle-max = 65536
vm.swappiness = 5
vm.vfs_cache_pressure=50
vm.mmap_min_addr = 4096
vm.overcommit_ratio = 0
vm.overcommit_memory = 0
kernel.shmmax = 268435456
kernel.shmall = 268435456
vm.min_free_kbytes = 65536
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_syn_retries = 5
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4.ip_forward = 1
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.rp_flter = 0
net.ipv4.conf.default.rp_flter = 0
net.ipv4.conf.eth0.rp_flter = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.default.log_martians = 0
net.ipv4.tcp_fn_timeout = 15
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.conf.all.bootp_relay = 0
net.ipv4.conf.all.proxy_arp = 0
net.ipv4.tcp_dsack = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_fack = 1
net.ipv4.tcp_timestamps = 1
net.ipv4.icmp_echo_ignore_all = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_rfc1337 = 1
net.ipv4.tcp_congestion_control = cubic
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_mem = 65536 131072 262144
net.ipv4.udp_mem = 65536 131072 262144
net.ipv4.ipfrag_low_thresh = 446464
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.tcp_moderate_rcvbuf = 1
net.unix.max_dgram_qlen = 50
net.ipv4.neigh.default.gc_thresh3 = 2048
net.ipv4.neigh.default.gc_thresh2 = 1024
net.ipv4.neigh.default.gc_thresh1 = 32
net.ipv4.neigh.default.gc_interval = 30
net.ipv4.neigh.default.proxy_qlen = 96
net.ipv4.neigh.default.unres_qlen = 6
net.ipv4.tcp_ecn = 1
net.ipv4.tcp_reordering = 3
net.ipv4.tcp_retries2 = 15
net.ipv4.tcp_retries1 = 3 > /etc/sysctl.conf
modprobe nf_conntrack_ipv4
modprobe nf_conntrack
modprobe nf_defrag_ipv4
modprobe ipt_REDIRECT
echo ip_conntrack
ip_tables
ip_conntrack_ftp
ip_conntrack_irc
iptable_nat
ip_nat_ftp
xt_TPROXY
xt_socket
xt_mark
nf_nat
nf_conntrack_ipv4
nf_conntrack
nf_defrag_ipv4
ipt_REDIRECT> /etc/modules
echo Y | apt-get install build-essential fakeroot pastebinit checkinstall libcap-dev libssl-dev htop iftop
iptraf mtr-tiny ccze bwm-ng
cd squid-$SQVER
make clean && make distclean
clear
rm -rf /etc/squid/squid.conf
touch /etc/squid/squid.conf
echo
#working squid.conf for squid 3.5.7 September 2015
#moffed by reza@imxpert.co
#dari berbagai sumber
minimum_object_size 0 bytes
ipcache_size 2048
ipcache_low 95
ipcache_high 98
memory_pools of
reload_into_ims on
vary_ignore_expire on
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
#cache_store_log /var/log/squid/store.log
#debug_options ALL,1 22,3
http_port 8080
#https_port 3127 intercept ssl-bump generate-host-certifcates=on
dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/myCA.pem
http_port 3128 intercept
http_port 3129 tproxy
# Videos Confg / jz
#acl store_id_access_videocache_url url_regex -i \.googlevideo\.com\/videoplayback
\.googlevideo\.com\/videoplay \.googlevideo\.com\/get_video\?
#acl store_id_access_videocache_url url_regex -i \.google\.com\/videoplayback
\.google\.com\/videoplay \.google\.com\/get_video\?
acl store_id_access_videocache_url url_regex -i \.google\.[a-z][a-z]\/videoplayback \.google\.[a-z][az]\/videoplay \.google\.[a-z][a-z]\/get_video\?
acl store_id_access_videocache_url url_regex -i proxy[a-z0-9\-][a-z0-9][a-z0-9][a-z09]?\.dailymotion\.com\/
acl store_id_access_videocache_url url_regex -i \.vimeo\.com\/(.*)\.(flv|mp4)
acl store_id_access_videocache_url url_regex -i va\.wrzuta\.pl\/wa[0-9][0-9][0-9][0-9]?
acl store_id_access_videocache_url url_regex -i \.youporn\.com\/(.*)\.flv
acl store_id_access_videocache_url url_regex -i \.msn\.com\.edgesuite\.net\/(.*)\.flv
acl store_id_access_videocache_url url_regex -i \.tube8\.com\/(.*)\.(flv|3gp)
strip_query_terms of
include /etc/squid/refresh.conf
memory_pools of
client_db of
reload_into_ims on
pipeline_prefetch on
offline_mode of
cache_efective_user proxy
cache_efective_group proxy
dns_v4_frst on
range_ofset_limit 1 KB
# local
qos_flows local-hit=0x30
# sibling
# qos_flows sibling-hit=0x31
# parent
# qos_flows parent-hit=0x32
# preserve
# qos_flows disable-preserve-miss > /etc/squid/squid.conf
refresh_pattern .*(begin|start)\=[1-9][0-9].* 0 0% 0
refresh_pattern -i (cgi-bin|mrtg|graph) 0 0% 0
#refresh_pattern ^http.*(youtube|googlevideo)\.* 2629742 99% 2629742 ignore-reload overrideexpire override-lastmod ignore-must-revalidate ignore-private ignore-no-store ignore-auth store-stale
refresh_pattern ^http.*(youtube|googlevideo)\.* 5259487 99% 5259487 ignore-reload override-expire
override-lastmod ignore-must-revalidate ignore-private ignore-no-store ignore-auth store-stale
#refresh_pattern (get_video\?|videoplayback\?|videodownload\?) 5259487 99% 5259487 overrideexpire ignore-reload ignore-private
#PATTERN REFRESH
refresh_pattern -i \.(html|htm|css|js|png|jsp|asx|asp|aspx)$ 10080 99% 10080 ignore-reload overrideexpire override-lastmod ignore-must-revalidate ignore-private ignore-no-store ignore-auth store-stale
refresh_pattern -i \/speedtest\/.*\.(txt|jpg|png|swf) 4320 99% 14400 override-expire ignore-reload
ignore-private ignore-reload override-lastmod reload-into-ims
refresh_pattern .pixieimage\.com.*\.(jp(e?g|e|2)|gif|png|tif?|bmp|swf|mp(4|3)) 1440 99% 14400
override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
#sensitive site
refresh_pattern -i \.(sc-|dl-|ex-|mh-|dll|da-) 0 2% 50 reload-into-ims
refresh_pattern -i \.(mst|Xtp|iop)$ 0 50% 1440 reload-into-ims
refresh_pattern -i (index.php|autoup.exe|main.exe|xtrap.xt|autoupgrade.exe|update.exe|
grandchase.exe|FSLauncher.exe|FreeStyle_Setup.exe|grandchase.exe|flelist.zip)$ 0 50% 1440
refresh_pattern -i (wks_avira-win32-en-pecl.info.gz|wks_avira10-win32-en-pecl.info.gz|
servers.def.vpx)$ 0 50% 1440
refresh_pattern -i (setup.exe.gz|avscan.exe.gz|avguard.exe.gz|flelist.zip|AvaClient.exe) 0 50% 1440
refresh_pattern -i (livescore.com|goal.com|bobet) 0 50% 60
#Windows Update
refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200
reload-into-ims
refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200
reload-into-ims
refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reloadinto-ims
#FB
refresh_pattern -i ^http://fbcdn.net.squid.internal 10080 70% 43200 ignore-reload override-expire
override-lastmod ignore-must-revalidate ignore-private ignore-no-store ignore-auth store-stale
refresh_pattern \.gstatic\.com/images\? 1440 99% 14400 override-expire override-lastmod ignorereload ignore-private ignore-must-revalidate
refresh_pattern \.(akamaihd|edgecastcdn|spilcdn|zgncdn|(tw|y|yt)img)\.com.*\.(jp(e?g|e|2)|gif|png|
swf|mp(3|4)) 10080 99% 10080 override-expire override-lastmod ignore-reload ignore-private
refresh_pattern -i ^http:\/\/(.*\.flv2\.redtubefles.com)\/(.*)\/(.*)\/(.*)\/(.*) 26297 99% 43200 overrideexpire override-lastmod ignore-no-cache ignore-private ignore-must-revalidate ignore-reload storestale
refresh_pattern -i ^http:\/\/(.*\.thestaticvube\.com)\/.*\/(.*)\/(.*) 26297 99% 43200 override-expire
override-lastmod ignore-no-cache ignore-private ignore-must-revalidate ignore-reload store-stale
refresh_pattern -i ^http:\/\/(.*\.*\.videomega.tv)\/.*\/(.*\.mp4).* 26297 99% 43200 override-expire
override-lastmod ignore-no-cache ignore-private ignore-must-revalidate ignore-reload store-stale
refresh_pattern -i ^http:\/\/(77.247.178.81)\/.*\/(.*\.mp4).* 26297 99% 43200 override-expire
override-lastmod ignore-no-cache ignore-private ignore-must-revalidate ignore-reload store-stale
#ads
refresh_pattern ^.*(streamate.doublepimp.com.*\.js\?|utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|
bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|
ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|gameadvertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|
adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 26297 99% 43200 ignoreprivate override-expire ignore-reload ignore-auth max-stale=43200
refresh_pattern \.(ico|video-stats) 10080 99% 10080 override-expire ignore-reload ignore-private
ignore-auth override-lastmod ignore-must-revalidate
refresh_pattern ^http://((cbk|mt|khm|mlt|tbn)[0-9]?)\.google\.co(m|\.uk|\.id) 10080 99% 10080
override-expire override-lastmod ignore-reload ignore-private ignore-auth ignore-must-revalidate
refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 10080 99% 10080 override-expire overridelastmod
refresh_pattern galleries\.video(\?|sz) 5259487 99% 5259487 ignore-reload override-expire overridelastmod ignore-must-revalidate ignore-private ignore-no-store ignore-auth store-stale
refresh_pattern \.wikimapia\.org\/? 10080 99% 10080 override-expire override-lastmod ignore-reload
ignore-private
#general
refresh_pattern -i \.(7z|arj|bin|bz2|cab|dll|exe|gz|inc|iso|jar|lha|ms(i|p|u)|rar|rpm|tar|tgz|zip|rtp|rpz|
nui|kom|stg|pak|sup|nzp|npz|iop)$ 26297 99% 43200 override-expire override-lastmod ignore-private
reload-into-ims ignore-must-revalidate ignore-reload store-stale
refresh_pattern -i \.(class|doc|docx|pdf|pps|ppt|ppsx|pptx|ps|rtx|txt|wpl|xls|xlsx)$ 26297 99% 43200
override-expire override-lastmod ignore-private reload-into-ims ignore-must-revalidate ignore-reload
store-stale
refresh_pattern -i \.(3gp|ac4|agx|au|avi|axd|bmp|cbr|cbt|cbz|dat|divx|flv|gif|hqx|ico|jp(2|e|eg|g)|mid|
mk(a|v)|mov|mp(1|2|3|4|e|eg|g)|og(a|g|v)|qt|ra|ram|rm|swf|tif|tif|wa(v|x)|wm(a|v|x)|x-flv)$ 26297
99% 43200 override-expire override-lastmod ignore-private reload-into-ims ignore-must-revalidate
ignore-reload store-stale
refresh_pattern -i .(html|htm|css|js)$ 26297 99% 43200
refresh_pattern -i .index.(html|htm)$ 26297 99% 43200
refresh_pattern -i \.(3gp|avi|ac4|mp(e?g|a|e|1|2|3|4)|m4(a|v)|3g(p?2|p)|mk(a|v)|og(x|v|a|g|m)|wm(a|
v)|wmx|wpl|rm|snd|vob|wav|asx|avi|qt|divx|flv|f4v|x-flv|dvr-ms|m(1|2)(v|p)|mov|mid|mpeg)$ 43200
100% 43200 ignore-no-store ignore-must-revalidate ignore-private override-expire override-lastmod
reload-into-ims store-stale
refresh_pattern \.gif$ 26297 99% 43200 ignore-reload override-expire override-lastmod ignore-mustrevalidate ignore-private ignore-no-store ignore-auth store-stale
refresh_pattern \.jpg$ 26297 99% 43200 ignore-reload override-expire override-lastmod ignore-mustrevalidate ignore-private ignore-no-store ignore-auth store-stale
refresh_pattern \.png$ 26297 99% 43200 ignore-reload override-expire override-lastmod ignore-mustrevalidate ignore-private ignore-no-store ignore-auth store-stale
refresh_pattern \.ico$ 26297 99% 43200 ignore-reload override-expire override-lastmod ignore-mustrevalidate ignore-private ignore-no-store ignore-auth store-stale
refresh_pattern \.jpeg$ 26297 99% 43200 ignore-reload override-expire override-lastmod ignoremust-revalidate ignore-private ignore-no-store ignore-auth store-stale
use IO::File;
$|=1;
STDOUT->autoflush(1);
$debug=0; ## recommended:0
$bypassallrules=0; ## recommended:0
$sucks=; ## unused
$sucks=sucks if ($debug>=1);
$timenow=;
$printtimenow=1; ## print timenow: 0|1
my $logfle = /tmp/storeid.log;
while (<>) {
$timenow=time(). if ($printtimenow);
print $logfh $timenow.in : $_ if ($debug>=1);
chop;
my $myURL = $_;
@X = split( ,$myURL);
$a = $X[0]; ## channel id
$b = $X[1]; ## url
$c = $X[2]; ## ip address
$u = $b; ## url
if ($bypassallrules){
$out=$u; ## map 1:1
$out=OK store-id=http://get4mobile.squid.internal/ . $1 ;
$out=OK store-id=http://scribdassets.squid.internal/ . $1 ;
$out=OK store-id=http://msn-video.squid.internal/ . $1 ;
$out=ERR;
if (defned(@cpn[0])){
if (-e /tmp/@cpn){
open FILE, /tmp/@cpn;
@id = <FILE>;
close FILE;}
}
$out=OK store-id=http://video-srv.squid.internal/id=@id@mime@range;
} else {
$out=ERR;
}
print $logfh $timenow.out: $a $out\n if ($debug>=1);
print $a $out\n;
}
close $logfh if ($debug);
selesai
chmod +x /etc/squid/storeid.pl
# Default-Stop: 0 1 6
# Short-Description: Squid HTTP Proxy version 3.5.7
### END INIT INFO
NAME=squid
DESC=Squid HTTP Proxy 3.5.7 imxpert.co
DAEMON=/usr/sbin/squid
PIDFILE=/var/run/$NAME.pid
CONFIG=/etc/squid/squid.conf
SQUID_ARGS=-YC -f $CONFIG
# RAMFS=/scripts/ramcache
[ ! -f /etc/default/squid ] || . /etc/default/squid
. /lib/lsb/init-functions
PATH=/bin:/usr/bin:/sbin:/usr/sbin
[ -x $DAEMON ] || exit 0
ulimit -n 65535
fnd_cache_dir () {
w= # space tab
res=`sed -ne
s/^$1[$w]\+[^'$w]\+[$w]\+\([^'$w]\+\).*$/\1/p;
t end;
d;
:end q < $CONFIG`
[ -n $res ] || res=$2
echo $res
}
fnd_cache_type () {
w= # space tab
res=`sed -ne
s/^$1[$w]\+\([^'$w]\+\).*$/\1/p;
t end;
d;
:end q < $CONFIG`
[ -n $res ] || res=$2
echo $res
}
start () {
# $RAMFS clean
# $RAMFS mount
# $RAMFS restore
#
# Create spool dirs if they dont exist.
#
if [ $cache_type = coss -a -d $cache_dir -a ! -f $cache_dir/stripe ] || [ $cache_type !=
coss -a -d $cache_dir -a ! -d $cache_dir/00 ]
then
log_warning_msg Creating $DESC cache structure
$DAEMON -z
f
umask 027
ulimit -n 65535
cd $cache_dir
start-stop-daemon quiet start \
pidfle $PIDFILE \
exec $DAEMON $SQUID_ARGS < /dev/null
return $?
}
stop () {
return 1
f
sleep 5
log_action_cont_msg
done
log_action_end_msg 0
return 0
else
return 0
f
}
case $1 in
start)
log_daemon_msg Starting $DESC $NAME
if start ; then
log_end_msg $?
else
log_end_msg $?
f
;;
stop)
log_daemon_msg Stopping $DESC $NAME
if stop ; then
log_end_msg $?
else
log_end_msg $?
f
# $RAMFS dump
# $RAMFS umount
# $RAMFS clean
;;
reload|force-reload)
log_action_msg Reloading $DESC confguration fles
start-stop-daemon stop signal 1 \
fnis
iptables -X
iptables -F -t mangle
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A INPUT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A PREROUTING -d $IPSERV -p tcp dport 80 -j ACCEPT
iptables -t mangle -A PREROUTING -d $IPSERV -p tcp dport 8080 -j ACCEPT
iptables -t mangle -A PREROUTING -d $IPSERV -p tcp dport 3128 -j ACCEPT
iptables -t mangle -m multiport -A PREROUTING ! -d $IPSERV -p tcp dports 80 -j TPROXY tproxymark 0x1/0x1 on-port 3129