Can any one help me??

amsar · October 31, 2016, 12:37am

squid cache configuration

i have this problem after i finish install squid3 with mikrotik and nothing work so can any one help me out here with squid.conf and rc,local

squid.conf i used

# SQUID CONFIGURATION SQUID VERSION-3.5.xx
# HTTP | HTTPS SQUID PROXY SERVER
 
acl all src
acl SSL_ports port 443
acl SSL_ports port 5353
acl Safe_ports port 21
acl Safe_ports port 22
acl Safe_ports port 53
acl Safe_ports port 70
acl Safe_ports port 80
acl Safe_ports port 210
acl Safe_ports port 280
acl Safe_ports port 1025-65535
acl Safe_ports port 443
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl Safe_ports port 5353
acl Safe_ports port 18901-18909
acl Safe_ports port 1818
acl Safe_ports port 39190
acl Safe_ports port 40000-40010
acl Safe_ports port 7777
acl Safe_ports port 19101
acl Safe_ports port 27780
acl Safe_ports port 29000
acl Safe_ports port 22100
acl Safe_ports port 5121
acl Safe_ports port 6000-6152
acl Safe_ports port 2001
acl Safe_ports port 9601-9602
acl Safe_ports port 8085
acl Safe_ports port 11011-11041
acl Safe_ports port 13413
acl Safe_ports port 19000
acl Safe_ports port 5105
acl Safe_ports port 10009
acl Safe_ports port 12060-12070
acl Safe_ports port 6000-6001
acl Safe_ports port 29200
acl Safe_ports port 10402
acl Safe_ports port 9600
acl Safe_ports port 15002
acl Safe_ports port 16402-16502
acl Safe_ports port 5126
acl Safe_ports port 3010
acl Safe_ports port 11031  
acl Safe_ports port 11440-11460
acl Safe_ports port 11100-11125
acl Safe_ports port 4300
acl Safe_ports port 12011
acl Safe_ports port 12110
acl Safe_ports port 15001
acl Safe_ports port 15002
acl Safe_ports port 7341
acl Safe_ports port 7451
acl Safe_ports port 7808
acl Safe_ports port 30000
acl Safe_ports port 9001
acl Safe_ports port 9030
acl Safe_ports port 953
acl Safe_ports port 42051-42052
acl Safe_ports port 36567
acl Safe_ports port 8001
acl Safe_ports port 14000-14050
acl Safe_ports port 27019
acl Safe_ports port 28901-28920
acl Safe_ports port 7201-7208
acl Safe_ports port 17001-17002
acl Safe_ports port 14300-14440
acl Safe_ports port 15100-15150
acl Safe_ports port 7770-7790
acl Safe_ports port 16320-16340
acl Safe_ports port 9000-9160
acl Safe_ports port 7200
acl Safe_ports port 7400
acl Safe_ports port 7106
acl Safe_ports port 7999
acl Safe_ports port 47611
acl Safe_ports port 36567
acl Safe_ports port 10087  
acl Safe_ports port 27000-27050
acl Safe_ports port 27014-27050
acl Safe_ports port 4380
acl Safe_ports port 3478
acl Safe_ports port 4379
acl Safe_ports port 8890
acl Safe_ports port 9339
acl Safe_ports port 8890
acl Safe_ports port 7200-7210
acl Safe_ports port 7450-7460
acl Safe_ports port 8000
acl Safe_ports port 64990-65010
acl CONNECT method CONNECT
# =======================================================================
# Lock_resol 240-360
# =======================================================================
acl youtube_240 dstdomain .youtube.com
request_header_access Accept-Encoding deny youtube_240
loadable_modules /usr/local/lib/DSI_ecap_youtube.so
ecap_enable on
ecap_service ecapModifier respmod_precache \
uri=ecap://dokter-squid.com/ecap yt_quality=small
adaptation_access ecapModifier allow youtube_240
adaptation_access ecapModifier deny all
 
# =========================================================================
# ads_config
# acl iklan url_regex -i "/etc/squid/ad_block.txt2"
# =========================================================================
# =========================================================================
# xigncode PB_Garena
# =========================================================================
acl xigncode url_regex -i ^http.*xigncode.*
store_miss deny xigncode
send_hit deny xigncode
# ==========================================================================
# config_GAME
# ==========================================================================
# dota2
acl store_rewrite_list url_regex -i \.steampowered\.com/(.*)
acl store_rewrite_list url_regex -i \.edgesuite\.net/(.*)
 
# PARTIAL GARENA
acl partial_garena url_regex -i .*\.garenanow.com\/.*\.(dll|xml|exe|version|jpg|png|bmp)$
acl partial_garena url_regex -i .*\.cdn.starhub.com\/.*\.exe?.*
refresh_pattern -i .*edge.cdn.starhub.com\/.* 1440 40% 14400 override-expire override-lastmod ignore-no-cache ignore-private reload-into-ims ignore-must-revalidate ignore-reload store-stale
refresh_pattern -i .*cdn.garenanow.com\/.* 1440 40% 14400 override-expire override-lastmod ignore-no-cache ignore-private reload-into-ims ignore-must-revalidate ignore-reload store-stale
 
# partial206 coba²
acl rolpartial url_regex -i ^http.*garena.*patcher.*\?.*
acl rolpartial url_regex -i ^https?\:\/\/patch\.gemscool\.com\/th\/patch\/.*
acl rolpartial url_regex -i ^https?\:\/\/update\.netmarble\.co\.id\/Elsword\/Patch/.*
#=============================================================================
#=============================================================================
# ACCESS RULES
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
# http_access deny iklan
http_access allow all
http_reply_access allow all
 
# LISTENING PORT SQUID
https_port 3127 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_certs/squid.crt key=/etc/squid/ssl_certs/squid.key cipher=ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-SHA:RC4-SHA:HIGH:!aNULL:!MD5:!ADH
http_port 3128
http_port 3129 tproxy
 
# CONNECTION HANDLING
qos_flows local-hit=0x30
collapsed_forwarding on
balance_on_multiple_ip on
detect_broken_pconn on
client_persistent_connections off
server_persistent_connections on
 
# DNS OPTIONS
#dns_packet_max 4096
#dns_defnames on
#dns_v4_first on
dns_nameservers 8.8.8.8 8.8.4.4
connect_retries 2
negative_dns_ttl 1 second
range_offset_limit none rolpartial
range_offset_limit 1 KB !rolpartial
range_offset_limit 0
quick_abort_min 0
quick_abort_max 0
quick_abort_pct 80
ipcache_low 98
ipcache_high 99
ipcache_size 4096
fqdncache_size 2048
pipeline_prefetch 0
 
# MISCELEANOUS
memory_pools off
reload_into_ims on
max_filedescriptors 65536
 
# CACHE MANAGEMENT
cache_mem 512 MB
maximum_object_size_in_memory 128 KB
memory_replacement_policy heap GDSF
cache_effective_group proxy
cache_effective_user proxy
cache_dir aufs /var/cache/squid 3000 16 256
coredump_dir /var/cache/squid
cache_mgr proxy-server
visible_hostname proxy-server
minimum_object_size 0 KB
maximum_object_size 1 GB
read_ahead_gap 64 KB   
cache_replacement_policy heap LFUDA
store_dir_select_algorithm least-load
cache_swap_low 90
cache_swap_high 95
 
# LOG FILE OPTIONS
acl log method CONNECT
logfile_daemon /usr/lib/squid/log_file_daemon
access_log daemon:/var/log/squid/access.log !CONNECT
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
debug_options ALL,1 22,3
cache_store_log none
logfile_rotate 3
pid_filename /var/run/squid.pid
 
# FILTERING HTTPS
acl 1 dstdomain .fbcdn.net .akamaihd.net .fbsbx.com
#acl 2a dstdomain .mahadana.com .mql4.com .metaquotes.net
acl 2 url_regex -i ^https?:\/\/attachment\.fbsbx\.com\/.*\?(id=[0-9]*).*
acl 2 url_regex -i \.fbsbx\.com\/.*\/(.*\.(unity3d|pak|zip|exe|dll|jpg|png|gif|swf)/)$
acl 2 url_regex -i ^https?:\/\/.*\.ytimg\.com(.*\.(webp|jpg|gif))
acl 2 url_regex -i ^https?:\/\/([^\.]*)\.yimg\.com\/(.*)
acl 2 url_regex -i ^https?:\/\/.*\.gstatic\.com\/images\?q=tbn\:(.*)
acl 2 url_regex -i ^https?:\/\/.*\.reverbnation\.com\/.*\/(ec_stream_song|download_song_direct|stream_song)\/([0-9]*).*
acl 2 url_regex -i ^https?:\/\/([a-z0-9.]*)(\.doubleclick\.net|\.quantserve\.com|.exoclick\.com|interclick.\com|\.googlesyndication\.com|\.auditude\.com|.visiblemeasures\.com|yieldmanager|cpxinteractive)(.*)
acl 2 url_regex -i ^https?:\/\/(.*?)\/(ads)\?(.*?)
acl 2 url_regex -i ^https?:\/\/.*steampowered\.com\/.*\/([0-9]+\/(.*))
acl 3 url_regex -i ^https?:\/\/(.*?)\/speedtest\/.*\.(jpg|txt|png|gif|swf)\?.*
acl 3 url_regex -i speedtest\/.*\.(jpg|txt|png|gif|swf)\?.*
acl 4 url_regex -i reverbnation.*audio_player.*ec_stream_song.*$
acl 5 url_regex -i utm.gif.*
acl 6 url_regex -i c.android.clients.google.com.market.GetBinary.GetBinary.*
acl 7 url_regex -i youtube.*(ptracking|stream_204|player_204|gen_204).*$
acl 7 url_regex -i \.c\.(youtube|google)\.com\/(get_video|videoplayback|videoplay).*$
acl 7 url_regex -i (youtube|google).*\/videoplayback\?.*
acl 8 http_status 302
 
acl store_url url_regex -i (youtube|googlevideo|docs.google|video.google).*videoplayback\?.*
acl loop_302 http_status 302
acl loop_mime rep_mime_type text/html
acl loop_mime rep_mime_type text/plain
acl getmethod method GET
 
store_miss deny store_url loop_302
store_miss deny store_url loop_mime
send_hit deny store_url loop_302
send_hit deny store_url loop_mime
 
 
ssl_bump splice localhost
acl 9 at_step SslBump1
acl 10 at_step SslBump2
acl 11 at_step SslBump3
ssl_bump peek 9 all
ssl_bump stare 10 all
ssl_bump splice 11 all
 
sslcrtd_program /usr/lib/squid/ssl_crtd -s /etc/squid/ssl_db -M 4MB
sslcrtd_children 16 startup=1 idle=1
sslproxy_capath /etc/ssl/certs
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER     #this line fixing http://www.gmail.com, mail.yahoo.com for some errors
sslproxy_flags NO_SESSION_REUSE
always_direct allow all
ssl_unclean_shutdown on
 
# STORE ID
store_id_program /usr/bin/perl /etc/squid/store-id.pl
store_id_children 10 startup=5 idle=2 concurrency=10
store_id_access allow 1
store_id_access allow 2
store_id_access allow 3
store_id_access allow 4
store_id_access allow 5
store_id_access allow 6
store_id_access allow 7
store_miss deny 7 8
send_hit deny 7 8
store_id_access deny all
 
# TUNNING CACHE
max_stale 1 years
vary_ignore_expire on
shutdown_lifetime 10 seconds
 
# REFRESH PATTERN
refresh_pattern -i \.steampowered\.com\/(.*)\/ 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
refresh_pattern -i \.edgesuite\.net\/(.*)\/ 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
refresh_pattern -i ^http:\/\/(.*\.*\.gemscool\.com)\/.*\/.*\/(.*iop?) 10080 40% 10080 ignore-reload override-expire override-lastmod ignore-must-revalidate  ignore-private ignore-no-store ignore-auth store-stale
refresh_pattern -i ^http:\/\/(.*\.*\.gemscool\.com)\/.*\/.*\/(.*zip?) 10080 40% 10080 override-expire override-lastmod ignore-no-cache ignore-private reload-into-ims ignore-must-revalidate ignore-reload store-stale
refresh_pattern -i https?:\/\/.*\.xx\.fbcdn\.net\/.*\.(jpg|png) 43830 99% 259200 override-expire override-lastmod ignore-reload
refresh_pattern static\.(xx|ak)\.fbcdn\.net*\.(jpg|gif|png) 241920 99% 241920 ignore-reload override-expire ignore-no-store
refresh_pattern ^https?\:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png) 241920 99% 241920 ignore-reload override-expire ignore-no-store
refresh_pattern (akamaihd|fbcdn)\.net 14400 99% 518400 ignore-no-store ignore-private ignore-reload ignore-must-revalidate store-stale
refresh_pattern (audio|video)\/(webm|mp4) 129600 99% 129600 ignore-reload override-expire override-lastmod ignore-must-revalidate  ignore-private ignore-no-store ignore-auth store-stale
refresh_pattern -i \/speedtest\/.*\.(txt|jpg|png|swf)  0  99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
refresh_pattern -i reverbnation.com 1440 99% 14400 override-expire override-lastmod ignore-no-cache ignore-private ignore-must-revalidate ignore-reload store-stale
refresh_pattern -i (yimg|twimg)\.com\.* 1440 100% 129600 override-expire ignore-reload reload-into-ims
refresh_pattern -i (ytimg|ggpht)\.com\.*    1440 80% 129600 override-expire override-lastmod ignore-auth ignore-reload reload-into-ims
refresh_pattern -i (get_video\?|videoplayback\?|videodownload\?|\.mp4|\.webm|\.flv|((audio|video)\/(webm|mp4))) 241920 100% 241920 override-expire ignore-reload ignore-private ignore-no-store ignore-must-revalidate reload-into-ims ignore-auth store-stale
refresh_pattern -i ^https?\:\/\/.*\.googlevideo\.com\/videoplayback.*   10080 99% 43200 override-lastmod override-expire ignore-reload reload-into-ims ignore-private reload-into-ims ignore-auth store-stale
refresh_pattern ^\.*(streamate.doublepimp.com.*\.js\?|utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 1440 99% 14400 ignore-private override-expire ignore-reload ignore-auth max-stale=1440
refresh_pattern \.(ico|video-stats) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-auth override-lastmod ignore-must-revalidate
refresh_pattern ^http://((cbk|mt|khm|mlt|tbn)[0-9]?)\.google\.co(m|\.uk|\.id) 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private ignore-auth ignore-must-revalidate
refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 1440 99% 14400 override-expire override-lastmod
refresh_pattern galleries\.video(\?|sz) 1440 99% 14400 override-expire ignore-reload ignore-must-revalidate ignore-private
refresh_pattern \.wikimapia\.org\/? 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private
refresh_pattern -i (livescore.com|goal.com|bobet) 0 50% 60
refresh_pattern (photobucket|pbsrc|flickr|yimg|ytimg|twimg|gravatar)\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private
refresh_pattern (zynga|topeleven|ninjasaga|mafiawars|cityville|farmville|crowdstar|spilcdn|agame|popcap)\.com/.* 1440 99% 14400 override-expire ignore-reload ignore-private
refresh_pattern -i \.(3gp|7z|ace|asx|bin|deb|divx|dvr-ms|ram|rpm|exe|inc|cab|qt) 10080 80% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v)|arj|lha|lzh|zip|tar|iop|nzp|pak|mar|msp) 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|dat|ad|txt|dll) 10080 80% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(avi|ac4|mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rm|r(a|p)m|snd|vob|webm) 10080 80% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(pp(t?x)|s|t)|pdf|rtf|wax|wm(a|v)|wmx|wpl|cb(r|z|t)|xl(s?x)|do(c?x)|flv|x-flv) 10080 80% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(3gp|7z|ace|asx|bin|deb|cup|dvr-ms|ram|rpm|exe|inc|cab|qt) 10080 100% 43800 override-expire override-lastmod ignore-reload ignore-no-store ignore-private ignore-auth ignore-must-revalidate store-stale
refresh_pattern -i \.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v)|arj|lha|lzh|zip|tar|pak|cup) 10080 100% 43800 override-expire override-lastmod ignore-reload ignore-no-store ignore-private ignore-auth ignore-must-revalidate store-stale
refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|dat|ad|txt|dll) 10080 100% 43800 override-expire override-lastmod ignore-reload ignore-no-store ignore-private ignore-auth ignore-must-revalidate store-stale
refresh_pattern -i \.(avi|ac4|mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rm|r(a|p)m|snd|vob) 10080 100% 43800 override-expire override-lastmod ignore-reload ignore-no-store ignore-private ignore-auth ignore-must-revalidate store-stale
refresh_pattern -i \.(pp(t?x)|s|t)|pdf|rtf|wax|wm(a|v)|wmx|wpl|cb(r|z|t)|xl(s?x)|do(c?x)|flv|x-flv) 10080 100% 43800 override-expire override-lastmod ignore-reload ignore-no-store ignore-private ignore-auth ignore-must-revalidate store-stale
refresh_pattern -i .(html|htm|css|js|xml)$ 1440 75% 40320
refresh_pattern -i .index.(html|htm)$ 0 75% 43800
refresh_pattern -i ^http.*squid\.internal.* 43200 100% 799000 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth
 
#KEEP THESE LINES AT BOTTOM OF CONFIGURATION
refresh_pattern ^ftp:  1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern .  0 20% 4320

RC,loacl i used

#!/bin/sh -e
## iptable ##
==============
# /usr/local/sbin/dnscrypt-proxy -a 127.0.0.1:40 -d -R d0wn-sg-ns1 -e 4096 -p /run/dnscrypt-proxy.pid # autostart dnscrypt_unbound
modprobe xt_TPROXY
modprobe xt_socket
modprobe xt_mark
modprobe nf_nat
modprobe nf_conntrack_ipv4
modprobe nf_conntrack
modprobe nf_defrag_ipv4
modprobe ipt_REDIRECT
modprobe iptable_nat
 
iptables -t mangle -F
iptables -t mangle -X
 
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A INPUT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A PREROUTING ! -d 192.168.136.0/24 -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3128
iptables -t mangle -A PREROUTING ! -d 192.168.136.0/24 -p tcp --dport 443 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3128
 
/sbin/ip rule add fwmark 1 lookup 100
/sbin/ip route add local 0.0.0.0/0 dev lo table 100
 
echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
echo 1 > /proc/sys/net/ipv4/ip_forward
exit 0

In mikrotik

set interface name
ether proxy
 
set ipaddress
192.168.100.1/30
 
add ipproxy in address_list= /ip firewall address list= ipproxy name= proxy
 
/ip routes
add gateway = 192.168.100.2
distance = 1
scope = 30
target scope = 10
routing_mark = via_squid
==========================================================
 
/ip firewall mangle
add chain = prerouting
dst.address = !192.168.100.0/30
protocol = tcp
any port = 80,182,443
in interface = !proxy
add action = mark-routing
new routing mark =  via squid

################################################ Hop any one can help out here ???

amsar · November 1, 2016, 4:20am

Any help guy’s???

jarda · November 1, 2016, 5:32am

Probably it is not clear what kind of problem do you have.