Proxy

Aus AmIHereWiki
Zur Navigation springen Zur Suche springen

see also Proxy+UPS

Proxy Auto Config

Beispiel:
TU-Chemnitz Firefox Proxy
[1]

// Proxy Konfig fuer TU Chemnitz
// fischer, kapet, fri, 2000-10-30
// 2004-05 fri: Richtiges Behandeln von :Port
// Dok: http://home.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html

function FindProxyForURL(url, host)
{
    var lcurl=url.toLowerCase();
    var lchost=host.toLowerCase();
    var uri_array = lcurl.split("://", 2);
    var protocol  = uri_array[0];

    // Verwaltung immer via Proxy, falls nicht im eigenen Subnetz
    if (isInNet(myIpAddress(), "134.109.220.0", "255.255.254.0")) {
       if (isInNet(host, "134.109.0.0", "255.255.0.0")) {
          return "DIRECT";
       }
       return "PROXY www-cache.tu-chemnitz.de:8080";
    }
//    if (isInNet(myIpAddress(), "134.109.200.0", "255.255.254.0")) {
//       if (isInNet(host, "134.109.0.0", "255.255.0.0")) {
//          return "DIRECT";
//       }
//       return "PROXY www-cache.tu-chemnitz.de:8080";
//    }
    if (isInNet(myIpAddress(), "134.109.78.0", "255.255.255.224")) {
       return "PROXY www-cache.tu-chemnitz.de:8080";
    }

        return "DIRECT";
}

Squid

/etc/squid/squid.conf - 2013-01-31

acl CONNECT method CONNECT
acl SSL_ports port 443          # http ssl
acl SSL_ports port 563
acl SSL_ports port 873          # rsync ssl
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 21          # ftp
acl Safe_ports port 210         # wais
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 443         # https
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 70          # gopher
acl Safe_ports port 777         # multiling http
acl Safe_ports port 80          # http
acl Safe_ports port 873         # rsync
acl Safe_ports port 901         # SWAT
acl manager proto cache_object
acl purge method PURGE
always_direct allow all
announce_period 1 day
balance_on_multiple_ip on
cache_dir aufs /var/cache/squid 40000 64 512
cache_mem 2048 MB
cache_peer 145.228.130.10 sibling 3128 3130 round-robin multicast-responder
cache_peer 145.228.130.12 sibling 3128 3130 round-robin multicast-responder
cache_peer 145.228.172.23 sibling 80 3130 round-robin multicast-responder
cache_peer 145.228.172.253 sibling 80 3130 round-robin multicast-responder
cache_peer 145.228.172.4 sibling 80 3130 round-robin multicast-responder
cache_peer 145.228.172.7 sibling 80 3130 round-robin multicast-responder
cache_peer 172.24.228.25 sibling 3128 3130 round-robin multicast-responder default
cache_peer 172.24.228.3 parent 3128 3130 round-robin multicast-responder
cache_replacement_policy heap LFUDA
check_hostnames off
delay_access 1 allow all
delay_class 1 2
delay_initial_bucket_level 100
delay_parameters 1 -1/-1 -1/-1
delay_pools 1
dns_defnames on
dns_nameservers 127.0.0.1 145.228.172.22 145.228.172.7 172.24.228.25 145.228.130.22 172.24.229.26 172.24.229.28 172.24.228.4 8.8.8.8 8.8.4.4
dns_v4_first on
htcp_access deny all
http_access allow all
http_access allow manager
http_access allow purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny manager
http_access deny purge
http_port 3128
http_reply_access allow all
icp_port 3130
maximum_object_size 96 MB
maximum_object_size_in_memory 2048 KB
memory_replacement_policy heap GDSF
negative_ttl 0 seconds
pipeline_prefetch on
query_icmp on
quick_abort_max 2048 KB
quick_abort_min 1024 KB
quick_abort_pct 90
refresh_pattern -i . 1 50% 129600
refresh_pattern -i .asp$ 0 50% 0
refresh_pattern -i .bin$ 10080 60% 525600 override-expire
refresh_pattern -i .bz2$ 10080 60% 525600 override-expire
refresh_pattern -i .css$ 1440 70% 525600
refresh_pattern -i .dmg$ 10080 60% 525600 override-expire
refresh_pattern -i .gif$ 4320 75% 525600 override-expire
refresh_pattern -i .gz$ 10080 60% 525600 override-expire
refresh_pattern -i .hqx$ 10080 60% 525600 override-expire
refresh_pattern -i .htm$ 0 50% 129600
refresh_pattern -i .html$ 0 50% 129600
refresh_pattern -i .img$ 10080 60% 525600 override-expire
refresh_pattern -i .iso$ 10080 60% 525600 override-expire
refresh_pattern -i .jpg$ 4320 75% 525600 override-expire
refresh_pattern -i .js$ 1440 70% 525600
refresh_pattern -i .jsp$ 0 50% 0
refresh_pattern -i .pdf$ 60 30% 525600
refresh_pattern -i .php$ 0 50% 0
refresh_pattern -i .pkg$ 10080 60% 525600 override-expire
refresh_pattern -i .pl$ 0 50% 0
refresh_pattern -i .png$ 4320 75% 525600
refresh_pattern -i .shtml$ 0 50% 10080
refresh_pattern -i .sit$ 10080 60% 525600 override-expire
refresh_pattern -i .tar$ 10080 60% 525600 override-expire
refresh_pattern -i .tgz$ 10080 60% 525600 override-expire
refresh_pattern -i .txt$ 10080 60% 525600 override-expire
refresh_pattern -i .woa$ 0 50% 0
refresh_pattern -i .zip$ 10080 60% 525600 override-expire
refresh_pattern -i ^ftp: 0 30% 525600 override-expire
refresh_pattern -i ^gopher: 4320 0% 20160
refresh_pattern -i ^http: 0 50% 129600
refresh_pattern -i ^http:\/\/www\.bing\.com\/$ 0 20% 360 override-expire override-lastmod ignore-reload ignore-no-cache ignore-no-store reload-into-ims ignore-must-revalidate
refresh_pattern -i ^http:\/\/www\.bing\.de\/$ 0 20% 360 override-expire override-lastmod ignore-reload ignore-no-cache ignore-no-store reload-into-ims ignore-must-revalidate
refresh_pattern -i ^http:\/\/www\.google\.com\/$ 0 20% 360 override-expire override-lastmod ignore-reload ignore-no-cache ignore-no-store reload-into-ims ignore-must-revalidate
refresh_pattern -i ^http:\/\/www\.google\.de\/$ 0 20% 360 override-expire override-lastmod ignore-reload ignore-no-cache ignore-no-store reload-into-ims ignore-must-revalidate
refresh_pattern -i ^https: 0 50% 43200
refresh_pattern -i ax.phobos.apple.com.edgesuite.net 0 50% 1440
refresh_pattern -i storeFront$ 0 50% 0
refresh_pattern -i swcdn.apple.com 1440 50% 525600 override-expire
refresh_pattern -i swdownload.apple.com 60 50% 1440
refresh_pattern -i swquery.apple.com 60 50% 1440
refresh_pattern -i swscan.apple.com 60 50% 1440
shutdown_lifetime 3 seconds
test_reachability on
uri_whitespace encode
visible_hostname linux02.ggpmedia.local


/etc/squid/squid.conf

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow all
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
http_port 3128
cache_peer 172.24.228.3 sibling 3128 3130
cache_peer 145.228.130.12 sibling 3128 3130
cache_peer 172.24.228.44 sibling 3128 3130
hierarchy_stoplist cgi-bin
acl QUERY urlpath_regex cgi-bin
cache deny QUERY
cache_mem 256 MB
maximum_object_size_in_memory 512 KB
cache_dir diskd /var/cache/squid 4000 16 256 Q1=72 Q2=64
maximum_object_size 72500 KB
access_log /var/log/squid/access.log squid
buffered_logs on
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
announce_period 1 day
coredump_dir /var/cache/squid
pipeline_prefetch on

Hilfreich ist die Konfiguration per Webmin

2011-10-05

acl CONNECT method CONNECT
acl SSL_ports port 443
acl SSL_ports port 563 
acl SSL_ports port 873
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 21 # ftp
acl Safe_ports port 210 # wais
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 443 # https
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 70 # gopher
acl Safe_ports port 777 # multiling http
acl Safe_ports port 80 # http
acl Safe_ports port 873 # Rsync
acl Safe_ports port 901 # SWAT
acl localhost src 127.0.0.1/32
acl localnet src 192.168.1.0/24 # RFC1918 possible internal network
acl localnet src 192.168.178.0/24 # RFC1918 possible internal network
acl manager proto cache_object
acl purge method PURGE
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
buffered_logs on
cache_dir ufs /var/cache/squid 4500 32 256
cache_effective_group squid
cache_effective_user squid
cache_mem 256 MB
cache_mgr root
cache_replacement_policy heap LFUDA
cachemgr_passwd secret all
coredump_dir /var/cache/squid
delay_access 1 allow all
delay_class 1 2
delay_initial_bucket_level 100
delay_parameters 1 -1/-1 -1/-1
delay_pools 1
dns_nameservers 127.0.0.1 8.8.8.8 8.8.4.4 192.168.178.1
forwarded_for delete
half_closed_clients off
hierarchy_stoplist cgi-bin ?
htcp_access allow localnet
htcp_access deny all
http_access allow localhost
http_access allow localnet
http_access allow manager localhost localnet
http_access allow purge localhost localnet
http_access deny all
http_access deny manager
http_access deny purge
http_port 3128
icp_access allow localnet
icp_access deny all
maximum_object_size 830 MB
maximum_object_size_in_memory 512 KB
memory_replacement_policy heap GDSF
pipeline_prefetch on
read_ahead_gap 256 KB
refresh_pattern -i . 1 50% 129600
refresh_pattern -i .asp$ 0 50% 0
refresh_pattern -i .bin$ 10080 60% 525600 override-expire
refresh_pattern -i .bz2$ 10080 60% 525600 override-expire
refresh_pattern -i .css$ 1440 70% 525600
refresh_pattern -i .dmg$ 10080 60% 525600 override-expire
refresh_pattern -i .gif$ 4320 75% 525600 override-expire
refresh_pattern -i .gz$ 10080 60% 525600 override-expire
refresh_pattern -i .hqx$ 10080 60% 525600 override-expire
refresh_pattern -i .htm$ 0 50% 129600
refresh_pattern -i .html$ 0 50% 129600
refresh_pattern -i .img$ 10080 60% 525600 override-expire
refresh_pattern -i .iso$ 10080 60% 525600 override-expire
refresh_pattern -i .jpg$ 4320 75% 525600 override-expire
refresh_pattern -i .js$ 1440 70% 525600
refresh_pattern -i .jsp$ 0 50% 0
refresh_pattern -i .pdf$ 60 30% 525600
refresh_pattern -i .php$ 0 50% 0
refresh_pattern -i .pkg$ 10080 60% 525600 override-expire
refresh_pattern -i .pl$ 0 50% 0
refresh_pattern -i .png$ 4320 75% 525600 override-expire
refresh_pattern -i .shtml$ 0 50% 10080
refresh_pattern -i .sit$ 10080 60% 525600 override-expire
refresh_pattern -i .tar$ 10080 60% 525600 override-expire
refresh_pattern -i .tgz$ 10080 60% 525600 override-expire
refresh_pattern -i .txt$ 10080 60% 525600 override-expire
refresh_pattern -i .woa$ 0 50% 0
refresh_pattern -i .zip$ 10080 60% 525600 override-expire
refresh_pattern -i ^ftp: 0 30% 525600 override-expire
refresh_pattern -i ^gopher: 4320 0% 20160
refresh_pattern -i ^http: 0 50% 129600
refresh_pattern -i ^https: 0 50% 43200
refresh_pattern -i ax.phobos.apple.com.edgesuite.net 0 50% 1440
refresh_pattern -i storeFront$ 0 50% 0
refresh_pattern -i swcdn.apple.com 1440 50% 525600 override-expire
refresh_pattern -i swdownload.apple.com 60 50% 1440
refresh_pattern -i swquery.apple.com 60 50% 1440
refresh_pattern -i swscan.apple.com 60 50% 1440
shutdown_lifetime 3 seconds
sleep_after_fork 0
uri_whitespace encode
visible_hostname proxy
#reply_body_max_size 0 deny all
grep -iv ^# /etc/squid/squid.conf | grep -iv ^[.]*$ | sort

WWWoffle

Fiddler Webdeveloper Proxy


Elite Proxy anonymisierende Proxies