Tag Archives: content

Optimized Squid Proxy Configuration for 4.0.17

Optimized (Optimal) Squid Configuration for Version 4.0.17
Results:All non-dynamic HTTP traffic cached

System Requirements:

Intel Dual Core: 3GHZ

Memory: 16 GB

2 SSD Drives 200 GB Each

Directory Structure:

/ssd

/ssd2

Note: Make sure to edit IP addresses to your environment.

 

#BEGIN CONFIG
#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost

#no_cache deny noscan
#http_access deny block-googlezip-dcp
#always_direct allow noscan
#no_cache deny video
#always_direct allow video

# Deny requests to certain unsafe ports

# Deny CONNECT to other than secure SSL ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on .localhost. is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
#cache_peer 192.168.1.1 parent 8080 0 default no-query no-digest no-netdb-exchange
#never_direct allow all

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed

http_access allow all

# allow localhost always proxy functionality

# And finally deny all other access to this proxy
# Squid normally listens to port 3128
pipeline_prefetch 99
read_ahead_gap 1024 MB
client_request_buffer_max_size 16384 KB
request_header_max_size 8192 KB
reply_header_max_size 8192 KB
#quick_abort_min -1 KB
#quick_abort_pct 100
#range_offset_limit 32 MB
#refresh_stale_hit 60 seconds
eui_lookup off
http_port 0.0.0.0:8080 intercept disable-pmtu-discovery=always
http_port 0.0.0.0:3128
tcp_outgoing_address 192.168.2.2

client_persistent_connections on
server_persistent_connections on
detect_broken_pconn on

# We recommend you to use at least the following line.
#hierarchy_stoplist cgi-bin ?
# Uncomment and adjust the following to add a disk cache directory.
#cache_dir diskd /ssd/0 54000 32 256 Q1=256 Q2=144
#cache_dir diskd /ssd/1 54000 32 256 Q1=256 Q2=144
#cache_dir diskd /ssd/3 54000 32 256 Q1=256 Q2=144

#cache_dir diskd /ssd2/0 68000 32 256 Q1=256 Q2=144
#cache_dir diskd /ssd2/1 68000 32 256 Q1=256 Q2=144
#cache_dir diskd /ssd2/3 68000 32 256 Q1=256 Q2=144

cache_dir ufs /ssd/0 40000 1024 256
cache_dir ufs /ssd/1 40000 1024 256
cache_dir ufs /ssd/2 40000 1024 256
cache_dir ufs /ssd/3 40000 1024 256
cache_dir ufs /ssd/4 40000 1024 256
cache_dir ufs /ssd/5 40000 1024 256
cache_dir ufs /ssd2/0 40000 1024 256
cache_dir ufs /ssd2/1 40000 1024 256
cache_dir ufs /ssd2/2 40000 1024 256
cache_dir ufs /ssd2/3 40000 1024 256
cache_dir ufs /ssd2/4 40000 1024 256
cache_dir ufs /ssd2/5 40000 1024 256
store_dir_select_algorithm round-robin
#cache_replacement_policy heap LFUDA
#memory_replacement_policy heap GDSF

# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid
# Add any of your own refresh_pattern entries above these.
# General Rules
#cache images

refresh_pattern -i \.(gif|png|ico|jpg|jpeg|jp2|webp)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private
refresh_pattern -i \.(jpx|j2k|j2c|fpx|bmp|tif|tiff|bif)$ 100000 90% 20000 override-expire reload-into-ims ignore-no-store ignore-private
refresh_pattern -i \.(pcd|pict|rif|exif|hdr|bpg|img|jif|jfif|lsr)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private
refresh_pattern -i \.(woff|woff2|eps|ttf|otf|svg|svgi|svgz|ps|ps1|acsm|eot)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private

#cache content
refresh_pattern -i \.(swf|js|ejs)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private
refresh_pattern -i \.(wav|css|class|dat|zsci|ver|advcs)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private

#cache videos
refresh_pattern -i \.(mpa|m2a|mpe|avi|mov|mpg|mpeg|mpg3|mpg4|mpg5)$ 0 90% 200000 reload-into-ims ignore-no-store ignore-private
refresh_pattern -i \.(m1s|mp2v|m2v|m2s|m2ts|wmx|rm|rmvb|3pg|3gpp|omg|ogm|asf|war)$ 0 90% 200000 reload-into-ims ignore-no-store ignore-private
refresh_pattern -i \.(asx|mp2|mp3|mp4|mp5|wmv|flv|mts|f4v|f4|pls|midi|mid)$ 0 90% 200000 reload-into-ims ignore-no-store ignore-private
refresh_pattern -i \.(htm|html)$ 9440 90% 200000 reload-into-ims ignore-no-store ignore-private
refresh_pattern -i \.(xml|flow|asp|aspx)$ 0 90% 200000
refresh_pattern -i \.(json)$ 0 90% 200000
refresh_pattern -i (/cgi-bin/|\?) 0 90% 200000

#live video cache rules
refresh_pattern -i \.(m3u8|ts)$ 0 90% 200000

#cache specific sites
refresh_pattern -i ^http:\/\/liveupdate.symantecliveupdate.com.*\(zip)$ 0 0% 0
refresh_pattern -i ^http:\/\/premium.avira-update.com.*\(gz) 0 0% 0
refresh_pattern -i microsoft.com/.*\.(cab|exe|msi|msu|msf|asf|wma|dat|zip)$ 4320 80% 43200
refresh_pattern -i windowsupdate.com/.*\.(cab|exe|msi|msu|msf|asf|wma|wmv)|dat|zip)$ 4320 80% 43200
refresh_pattern -i windows.com/.*\.(cab|exe|msi|msu|msf|asf|wmv|wma|dat|zip)$ 4320 80% 43200
refresh_pattern -i apple.com/.*\.(cab|exe|msi|msu|msf|asf|wmv|wma|dat|zip|dist)$ 0 80% 4320

#cache binaries
refresh_pattern -i \.(app|bin|deb|rpm|drpm|exe|zip|zipx|tar|tgz|tbz2|tlz|iso|arj|cfs|dar|jar)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-no-cache ignore-private
refresh_pattern -i \.(bz|bz2|ipa|ram|rar|uxx|gz|msi|dll|lz|lzma|7z|s7z|Z|z|zz|sz)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private
refresh_pattern -i \.(exe|msi)$ 0 90% 200000
refresh_pattern -i \.(cab|psf|vidt|apk|wtex|hz|ova|ovf)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private

#cache microsoft and adobe and other documents
refresh_pattern -i \.(ppt|pptx|doc|docx|docm|docb|dot|pdf|pub|ps)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-no-cache ignore-private
refresh_pattern -i \.(xls|xlsx|xlt|xlm|xlsm|xltm|xlw|csv|txt)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-no-cache ignore-private
#refresh_pattern -i ^ftp: 100000 90% 200000
#refresh_pattern -i ^gopher: 1440 0% 1440

#allow caching of other things based on cache control headers with some exceptions
refresh_pattern -i . 0 90% 200000 reload-into-ims
reload_into_ims on
log_icp_queries off
icp_port 0
htcp_port 0
acl snmppublic snmp_community public
snmp_port 3401
snmp_incoming_address 192.168.2.2
snmp_incoming_address 127.0.0.1
snmp_access allow snmppublic all
minimum_object_size 0 KB
cache_effective_user squid
#header_replace User-Agent Mozilla/5.0 (X11; U;) Gecko/20080221 Firefox/2.0.0.9
#vary_ignore_expire on
cache_swap_low 90
cache_swap_high 95
visible_hostname shadow
unique_hostname shadow-DHS
shutdown_lifetime 0 second
request_entities on
half_closed_clients off
max_filedesc 65535
connect_timeout 5 seconds
connect_retries 2
cache_effective_group squid
buffered_logs on
#access_log stdio:/var/log/squid/access.log squid
access_log daemon:/var/log/squid/access.log
#access_log none
netdb_filename none
client_db off
dns_nameservers 127.0.0.1 192.168.2.2 192.168.1.96 192.168.1.89 192.168.1.92
ipcache_size 4000
ipcache_low 90
ipcache_high 95
dns_v4_first on
negative_ttl 5 minutes
positive_dns_ttl 30 days
negative_dns_ttl 5 minutes
dns_retransmit_interval 2 seconds
check_hostnames off
forwarded_for delete
via off
httpd_suppress_version_string on
# mem and cache size
#collapsed_forwarding on
cache_mem 6 GB
memory_cache_mode disk
maximum_object_size 3 GB
maximum_object_size_in_memory 3 GB
#store_objects_per_bucket 40
digest_generation off
#digest_bits_per_entry 8
pinger_enable off
memory_pools on
max_stale 4 months

#END CONFIG




Facebooktwittergoogle_plusredditpinterestlinkedinmail

My latest Gartner Research:Competitive Landscape: Distributed Deception Platforms, 2016

4 August 2016  |  Distributed deception platforms are now a viable option for enhancing detection within enterprise security programs. Product marketing managers must understand the competitive positioning of their products and crucial market dynamics in order to compete effectively in the DDP market.

Gartner client’s may access this research by clicking here.


Facebooktwittergoogle_plusredditpinterestlinkedinmail

Squid Optimized Config 4.0.10

Below is my latest optimized squid configuration.

 

# NOTE You must customize the IP addresses in this configuration to your environment.

#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost

no_cache deny noscan
http_access deny block-googlezip-dcp
always_direct allow noscan
#no_cache deny video
#always_direct allow video

# Deny requests to certain unsafe ports

# Deny CONNECT to other than secure SSL ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on .localhost. is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
#cache_peer 192.168.1.1 parent 8080 0 default no-query no-digest no-netdb-exchange
#never_direct allow all

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed

http_access allow all

# allow localhost always proxy functionality

# And finally deny all other access to this proxy
# Squid normally listens to port 3128
pipeline_prefetch 99
read_ahead_gap 512 MB
client_request_buffer_max_size 16384 KB
request_header_max_size 8192 KB
reply_header_max_size 8192 KB
quick_abort_min -1 KB
quick_abort_pct 100
#range_offset_limit 32 MB
#refresh_stale_hit 60 seconds
eui_lookup off
http_port 0.0.0.0:8080 intercept
# disable-pmtu-discovery=always
http_port 0.0.0.0:3128
tcp_outgoing_address 192.168.2.2

client_persistent_connections on
server_persistent_connections on
detect_broken_pconn on

# We recommend you to use at least the following line.
#hierarchy_stoplist cgi-bin ?
# Uncomment and adjust the following to add a disk cache directory.
#cache_dir diskd /ssd/0 54000 32 256 Q1=256 Q2=144
#cache_dir diskd /ssd/1 54000 32 256 Q1=256 Q2=144
#cache_dir diskd /ssd/3 54000 32 256 Q1=256 Q2=144

#cache_dir diskd /ssd2/0 68000 32 256 Q1=256 Q2=144
#cache_dir diskd /ssd2/1 68000 32 256 Q1=256 Q2=144
#cache_dir diskd /ssd2/3 68000 32 256 Q1=256 Q2=144

cache_dir aufs /ssd/0 32000 1024 256
cache_dir aufs /ssd/1 32000 1024 256
cache_dir aufs /ssd/2 32000 1024 256
cache_dir aufs /ssd/3 32000 1024 256
cache_dir aufs /ssd/4 32000 1024 256
cache_dir aufs /ssd/5 32000 1024 256
cache_dir aufs /ssd2/0 43000 1024 256
cache_dir aufs /ssd2/1 43000 1024 256
cache_dir aufs /ssd2/2 43000 1024 256
cache_dir aufs /ssd2/3 43000 1024 256
cache_dir aufs /ssd2/4 43000 1024 256
cache_dir aufs /ssd2/5 43000 1024 256
store_dir_select_algorithm round-robin
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF

# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid
# Add any of your own refresh_pattern entries above these.
# General Rules
#cache images

refresh_pattern -i \.(gif|png|ico|jpg|jpeg|jp2|webp)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private
refresh_pattern -i \.(jpx|j2k|j2c|fpx|bmp|tif|tiff|bif)$ 100000 90% 20000 override-expire reload-into-ims ignore-no-store ignore-private
refresh_pattern -i \.(pcd|pict|rif|exif|hdr|bpg|img|jif|jfif|lsr)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private
refresh_pattern -i \.(woff|woff2|eps|ttf|otf|svg|svgi|svgz|ps|ps1|acsm|eot)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private

#cache content
refresh_pattern -i \.(swf|js|ejs)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private
refresh_pattern -i \.(wav|css|class|dat|zsci|ver|advcs)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private

#cache videos
refresh_pattern -i \.(mpa|m2a|mpe|avi|mov|mpg|mpeg|mpg3|mpg4|mpg5)$ 0 90% 200000 reload-into-ims ignore-no-store ignore-private
refresh_pattern -i \.(m1s|mp2v|m2v|m2s|m2ts|wmx|rm|rmvb|3pg|3gpp|omg|ogm|asf|war)$ 0 90% 200000 reload-into-ims ignore-no-store ignore-private
refresh_pattern -i \.(asx|mp2|mp3|mp4|mp5|wmv|flv|mts|f4v|f4|pls|midi|mid)$ 0 90% 200000 reload-into-ims ignore-no-store ignore-private
refresh_pattern -i \.(htm|html)$ 9440 90% 200000 reload-into-ims ignore-no-store ignore-private
refresh_pattern -i \.(xml|flow|asp|aspx)$ 0 90% 200000
refresh_pattern -i \.(json)$ 0 90% 200000
refresh_pattern -i (/cgi-bin/|\?) 0 90% 200000

#live video cache rules
refresh_pattern -i \.(m3u8|ts)$ 0 90% 200000

#cache specific sites
refresh_pattern -i ^http:\/\/liveupdate.symantecliveupdate.com.*\(zip)$ 0 0% 0
refresh_pattern -i ^http:\/\/premium.avira-update.com.*\(gz) 0 0% 0
refresh_pattern -i microsoft.com/.*\.(cab|exe|msi|msu|msf|asf|wma|dat|zip)$ 4320 80% 43200
refresh_pattern -i windowsupdate.com/.*\.(cab|exe|msi|msu|msf|asf|wma|wmv)|dat|zip)$ 4320 80% 43200
refresh_pattern -i windows.com/.*\.(cab|exe|msi|msu|msf|asf|wmv|wma|dat|zip)$ 4320 80% 43200
refresh_pattern -i apple.com/.*\.(cab|exe|msi|msu|msf|asf|wmv|wma|dat|zip|dist)$ 0 80% 4320

#cache binaries
refresh_pattern -i \.(app|bin|deb|rpm|drpm|exe|zip|zipx|tar|tgz|tbz2|tlz|iso|arj|cfs|dar|jar)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private
refresh_pattern -i \.(bz|bz2|ipa|ram|rar|uxx|gz|msi|dll|lz|lzma|7z|s7z|Z|z|zz|sz)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private
refresh_pattern -i \.(exe|msi)$ 0 90% 200000
refresh_pattern -i \.(cab|psf|vidt|apk|wtex|hz|ova|ovf)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private

#cache microsoft and adobe and other documents
refresh_pattern -i \.(ppt|pptx|doc|docx|docm|docb|dot|pdf|pub|ps)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private
refresh_pattern -i \.(xls|xlsx|xlt|xlm|xlsm|xltm|xlw|csv|txt)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private
#refresh_pattern -i ^ftp: 100000 90% 200000
#refresh_pattern -i ^gopher: 1440 0% 1440

#allow caching of other things based on cache control headers with some exceptions
refresh_pattern -i . 0 90% 200000 reload-into-ims
reload_into_ims on
log_icp_queries off
icp_port 0
htcp_port 0
acl snmppublic snmp_community public
snmp_port 3401
snmp_incoming_address 192.168.2.2
snmp_access allow snmppublic all
minimum_object_size 0 KB
cache_effective_user squid
#header_replace User-Agent Mozilla/5.0 (X11; U;) Gecko/20080221 Firefox/2.0.0.9
#vary_ignore_expire on
cache_swap_low 90
cache_swap_high 95
visible_hostname shadow
unique_hostname shadow-DHS
shutdown_lifetime 0 second
request_entities on
half_closed_clients off
max_filedesc 65535
connect_timeout 5 seconds
connect_retries 2
cache_effective_group squid
buffered_logs on
#access_log stdio:/var/log/squid/access.log squid
access_log daemon:/var/log/squid/access.log
#access_log none
netdb_filename none
client_db off
dns_nameservers 127.0.0.1 127.0.0.1 192.168.2.2 192.168.1.96
ipcache_size 20000
ipcache_low 90
ipcache_high 95
dns_v4_first on
negative_ttl 5 minutes
positive_dns_ttl 30 days
negative_dns_ttl 5 minutes
dns_retransmit_interval 2 seconds
check_hostnames off
forwarded_for delete
via off
httpd_suppress_version_string on
# mem and cache size
#collapsed_forwarding on
cache_mem 10 GB
#memory_cache_mode disk
maximum_object_size 3 GB
maximum_object_size_in_memory 3 GB
store_objects_per_bucket 40
digest_generation off
#digest_bits_per_entry 8
pinger_enable off
memory_pools on
max_stale 4 months


Facebooktwittergoogle_plusredditpinterestlinkedinmail

Optimized Squid Config for Squid v4.0.4

For those of you who are squid optimization geeks. Below is my latest iteration of the squid.conf file I am now using for 4.0.4

#
#Recommended minimum configuration:
#
always_direct allow all

# 3 workers, using worker #1 as the frontend is important

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 192.168.0.0/16
acl localnet src fc00::/7
acl localnet src fe80::/10 # RFC1918 possible internal network
acl Safe_ports port 1-65535 # RFC1918 possible internal network
acl CONNECT method GET POST HEAD OPTIONS CONNECT PUT DELETE # RFC1918 possible internal network
#acl block-fnes urlpath_regex -i .*/fnes/echo # RFC 4193 local private network range
acl noscan dstdomain symantecliveupdate.com liveupdate.symantec.com psi3.secunia.com update.immunet.com avstats.avira.com premium.avira-update.com 8f8fb293be49781da3e3229cd4469a18.da3e3.net # RFC 4291 link-local (directly plugged) machines

# Disable alternate protocols
request_header_access Alternate-Protocol deny all
reply_header_access Alternate-Protocol deny all

#acl video urlpath_regex -i \.(mpa|m2a|mpe|avi|mov|mpg|mpg3|mpg4|mpeg|m1s|mp2v|m2v|m2s|wmx|rm|rmvb|3pg|3gpp|omg|ogm|asf|asx|mp2|mp3|mp4|wmv|flv|ts|f4v|f4m)

#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost

no_cache deny noscan
always_direct allow noscan
#no_cache deny video
#always_direct allow video

# Deny requests to certain unsafe ports

# Deny CONNECT to other than secure SSL ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on .localhost. is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
#cache_peer 192.168.1.1 parent 8080 0 default no-query no-digest no-netdb-exchange
#never_direct allow all

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed

http_access allow all

# allow localhost always proxy functionality

# And finally deny all other access to this proxy

# Squid normally listens to port 3128
pipeline_prefetch 7
read_ahead_gap 256 MB
client_request_buffer_max_size 4096 KB
request_header_max_size 2048 KB
reply_header_max_size 2048 KB
#quick_abort_min -1 KB
#quick_abort_pct 100
#range_offset_limit -1
eui_lookup off
http_port 0.0.0.0:8080 intercept disable-pmtu-discovery=always
http_port 0.0.0.0:3128
tcp_outgoing_address 192.168.2.2
connect_retries 1

client_persistent_connections on
server_persistent_connections on
detect_broken_pconn on

# We recommend you to use at least the following line.
#hierarchy_stoplist cgi-bin ?

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir diskd /ssd/0 54000 32 256 Q1=256 Q2=144
#cache_dir diskd /ssd/1 54000 32 256 Q1=256 Q2=144
#cache_dir diskd /ssd/3 54000 32 256 Q1=256 Q2=144

#cache_dir diskd /ssd2/0 68000 32 256 Q1=256 Q2=144
#cache_dir diskd /ssd2/1 68000 32 256 Q1=256 Q2=144
#cache_dir diskd /ssd2/3 68000 32 256 Q1=256 Q2=144

cache_dir ufs /ssd/0 32000 1024 256
cache_dir ufs /ssd/1 32000 1024 256
cache_dir ufs /ssd/2 32000 1024 256
cache_dir ufs /ssd/3 32000 1024 256
cache_dir ufs /ssd/4 32000 1024 256
cache_dir ufs /ssd/5 32000 1024 256

cache_dir ufs /ssd2/0 43000 1024 256
cache_dir ufs /ssd2/1 43000 1024 256
cache_dir ufs /ssd2/2 43000 1024 256
cache_dir ufs /ssd2/3 43000 1024 256
cache_dir ufs /ssd2/4 43000 1024 256
cache_dir ufs /ssd2/6 43000 1024 256

store_dir_select_algorithm round-robin
#cache_replacement_policy heap GDSF
#memory_replacement_policy heap GDSF

# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid

# Add any of your own refresh_pattern entries above these.
# General Rules
#cache images

refresh_pattern -i \.(gif|png|ico|jpg|jpeg|jp2|webp)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private
refresh_pattern -i \.(jpx|j2k|j2c|fpx|bmp|tif|tiff|bif)$ 100000 90% 20000 override-expire reload-into-ims ignore-no-store ignore-private
refresh_pattern -i \.(pcd|pict|rif|exif|hdr|bpg|img|jif|jfif)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private
refresh_pattern -i \.(woff|woff2|eps|ttf|otf|svg|svgi|svgz|ps|ps1|acsm|eot)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private

#cache content
refresh_pattern -i \.(swf|js|ejs)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private
refresh_pattern -i \.(wav|css|class|dat|zsci|ver|advcs)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private

#cache videos
refresh_pattern -i \.(mpa|m2a|mpe|avi|mov|mpg|mpeg|mpg3|mpg4|mpg5)$ 0 90% 200000 reload-into-ims ignore-no-store ignore-private
refresh_pattern -i \.(m1s|mp2v|m2v|m2s|m2ts|wmx|rm|rmvb|3pg|3gpp|omg|ogm|asf|war)$ 0 90% 200000 reload-into-ims ignore-no-store ignore-private
refresh_pattern -i \.(asx|mp2|mp3|mp4|mp5|wmv|flv|mts|f4v|f4|pls|midi|mid)$ 0 90% 200000 reload-into-ims ignore-no-store ignore-private
refresh_pattern -i \.(htm|html)$ 9440 90% 200000 reload-into-ims ignore-no-store ignore-private
refresh_pattern -i \.(xml|flow|asp|aspx)$ 0 90% 200000
refresh_pattern -i \.(json)$ 0 90% 200000
refresh_pattern -i (/cgi-bin/|\?) 0 90% 200000

#live video cache rules
refresh_pattern -i \.(m3u8|ts)$ 0 90% 200000

#cache specific sites
refresh_pattern -i ^http:\/\/liveupdate.symantecliveupdate.com.*\(zip)$ 0 0% 0
refresh_pattern -i ^http:\/\/premium.avira-update.com.*\(gz) 0 0% 0
refresh_pattern -i microsoft.com/.*\.(cab|exe|msi|msu|msf|asf|wma|dat|zip)$ 4320 80% 43200
refresh_pattern -i windowsupdate.com/.*\.(cab|exe|msi|msu|msf|asf|wma|wmv)|dat|zip)$ 4320 80% 43200
refresh_pattern -i windows.com/.*\.(cab|exe|msi|msu|msf|asf|wmv|wma|dat|zip)$ 4320 80% 43200
refresh_pattern -i apple.com/.*\.(cab|exe|msi|msu|msf|asf|wmv|wma|dat|zip|dist)$ 0 80% 4320

#cache binaries
refresh_pattern -i \.(app|bin|deb|rpm|drpm|exe|zip|zipx|tar|tgz|tbz2|tlz|iso|arj|cfs|dar|jar)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private
refresh_pattern -i \.(bz|bz2|ipa|ram|rar|uxx|gz|msi|dll|lz|lzma|7z|s7z|Z|z|zz|sz)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private
refresh_pattern -i \.(exe|msi)$ 0 90% 200000
refresh_pattern -i \.(cab|psf|vidt|apk|wtex|hz|ova|ovf)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private

#cache microsoft and adobe and other documents
refresh_pattern -i \.(ppt|pptx|doc|docx|docm|docb|dot|pdf|pub|ps)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private
refresh_pattern -i \.(xls|xlsx|xlt|xlm|xlsm|xltm|xlw|csv|txt)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private
#refresh_pattern -i ^ftp: 100000 90% 200000
#refresh_pattern -i ^gopher: 1440 0% 1440

#allow caching of other things based on cache control headers with some exceptions
refresh_pattern -i . 0 90% 200000

log_icp_queries off
icp_port 0
htcp_port 0
acl snmppublic snmp_community public
snmp_port 3401
snmp_incoming_address 192.168.2.2
snmp_access allow snmppublic all
minimum_object_size 0 KB
cache_effective_user squid
#header_replace User-Agent Mozilla/5.0 (X11; U;) Gecko/20080221 Firefox/2.0.0.9
vary_ignore_expire on
cache_swap_low 90
cache_swap_high 95
visible_hostname shadow
unique_hostname shadow-DHS
shutdown_lifetime 0 second
request_entities on
half_closed_clients off
max_filedesc 65535
connect_timeout 10 seconds
cache_effective_group squid
buffered_logs on
#access_log /var/log/squid/access.log squid
access_log daemon:/var/log/squid/access.log buffer-size=256KB
#access_log none
netdb_filename none
client_db off
dns_nameservers 127.0.0.1 127.0.0.1 192.168.2.2 192.168.1.96
ipcache_size 10000
ipcache_low 90
ipcache_high 95
dns_v4_first on
negative_ttl 5 minutes
positive_dns_ttl 30 days
negative_dns_ttl 5 minutes
dns_retransmit_interval 1 seconds
check_hostnames off
forwarded_for delete
via off
httpd_suppress_version_string on
# mem and cache size
#collapsed_forwarding on
cache_mem 4 GB
memory_cache_mode disk
maximum_object_size 2 GB
maximum_object_size_in_memory 2 GB
digest_generation off
#digest_bits_per_entry 8
pinger_enable off
memory_pools on
max_stale 4 months


Facebooktwittergoogle_plusredditpinterestlinkedinmail

My latest optimized squid proxy squid.conf configuration file (squid version 4.0.3)

#You will need to replace x.x.x.x with your own ip configuration. The refresh policy included in this configuration cached hits in the range of 40-60%

 

#
#Recommended minimum configuration:
#
always_direct allow all

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src x.x.0.0/16
acl localnet src fc00::/7
acl localnet src fe80::/10 # RFC1918 possible internal network
acl Safe_ports port 1-65535 # RFC1918 possible internal network
acl CONNECT method GET POST HEAD OPTIONS CONNECT PUT DELETE # RFC1918 possible internal network
#acl block-fnes urlpath_regex -i .*/fnes/echo # RFC 4193 local private network range
acl noscan dstdomain symantecliveupdate.com liveupdate.symantec.com psi3.secunia.com update.immunet.com avstats.avira.com premium.avira-update.com 8f8fb293be49781da3e3229cd4469a18.da3e3.net # RFC 4291 link-local (directly plugged) machines

#acl video urlpath_regex -i \.(mpa|m2a|mpe|avi|mov|mpg|mpg3|mpg4|mpeg|m1s|mp2v|m2v|m2s|wmx|rm|rmvb|3pg|3gpp|omg|ogm|asf|asx|mp2|mp3|mp4|wmv|flv|ts|f4v|f4m)

#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost

no_cache deny noscan
always_direct allow noscan
#no_cache deny video
#always_direct allow video

# Deny requests to certain unsafe ports

# Deny CONNECT to other than secure SSL ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on .localhost. is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
#cache_peer 192.168.1.1 parent 8080 0 default no-query no-digest no-netdb-exchange
#never_direct allow all

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed

http_access allow all

# allow localhost always proxy functionality

# And finally deny all other access to this proxy
# Squid normally listens to port 3128
pipeline_prefetch 4
read_ahead_gap 256 MB
client_request_buffer_max_size 16 MB
#quick_abort_min -1 KB
#quick_abort_pct 100
#range_offset_limit -1
eui_lookup off
http_port 0.0.0.0:8080 intercept disable-pmtu-discovery=always
http_port 0.0.0.0:3128
tcp_outgoing_address x.x.x.x
connect_retries 2

client_persistent_connections on
server_persistent_connections on
detect_broken_pconn on

# We recommend you to use at least the following line.
#hierarchy_stoplist cgi-bin ?
# Uncomment and adjust the following to add a disk cache directory.
#cache_dir diskd /ssd/0 54000 32 256 Q1=256 Q2=144
#cache_dir diskd /ssd/1 54000 32 256 Q1=256 Q2=144
#cache_dir diskd /ssd/3 54000 32 256 Q1=256 Q2=144

#cache_dir diskd /ssd2/0 68000 32 256 Q1=256 Q2=144
#cache_dir diskd /ssd2/1 68000 32 256 Q1=256 Q2=144
#cache_dir diskd /ssd2/3 68000 32 256 Q1=256 Q2=144

cache_dir ufs /ssd/0 54000 128 512
cache_dir ufs /ssd/1 54000 128 512
cache_dir ufs /ssd/3 54000 128 512

cache_dir ufs /ssd2/0 68000 128 512
cache_dir ufs /ssd2/1 68000 128 512
cache_dir ufs /ssd2/3 68000 128 512

store_dir_select_algorithm round-robin
#cache_replacement_policy heap GDSF
#memory_replacement_policy heap GDSF

# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid
# Add any of your own refresh_pattern entries above these.
# General Rules
#cache images

refresh_pattern -i \.(gif|png|ico|jpg|jpeg|jp2|webp)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private refresh-ims
refresh_pattern -i \.(jpx|j2k|j2c|fpx|bmp|tif|tiff|bif)$ 100000 90% 20000 override-expire reload-into-ims ignore-no-store ignore-private refresh-ims
refresh_pattern -i \.(pcd|pict|rif|exif|hdr|bpg|img|jif|jfif)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private refresh-ims
refresh_pattern -i \.(woff|woff2|eps|ttf|otf|svg|svgi|svgz|ps|ps1|acsm|eot)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private refresh-ims

#cache content
refresh_pattern -i \.(swf|js|ejs)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private refresh-ims
refresh_pattern -i \.(wav|css|class|dat|zsci|ver|advcs)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private refresh-ims

#cache videos
refresh_pattern -i \.(mpa|m2a|mpe|avi|mov|mpg|mpeg|mpg3|mpg4|mpg5)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private refresh-ims
refresh_pattern -i \.(m1s|mp2v|m2v|m2s|m2ts|wmx|rm|rmvb|3pg|3gpp|omg|ogm|asf|war)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private refresh-ims
refresh_pattern -i \.(asx|mp2|mp3|mp4|mp5|wmv|flv|mts|f4v|f4|pls|midi|mid)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private refresh-ims
refresh_pattern -i \.(htm|html)$ 9440 90% 200000 reload-into-ims ignore-no-store ignore-private refresh-ims
refresh_pattern -i \.(xml|flow|asp|aspx)$ 0 90% 200000 refresh-ims
refresh_pattern -i \.(json)$ 0 90% 200000 refresh-ims
refresh_pattern -i (/cgi-bin/|\?) 0 90% 200000

#live video cache rules
refresh_pattern -i \.(m3u8|ts)$ 0 90% 200000 refresh-ims

#cache specific sites
refresh_pattern -i ^http:\/\/liveupdate.symantecliveupdate.com.*\(zip)$ 0 0% 0
refresh_pattern -i ^http:\/\/premium.avira-update.com.*\(gz) 0 0% 0
refresh_pattern -i microsoft.com/.*\.(cab|exe|msi|msu|msf|asf|wma|dat|zip)$ 4320 80% 43200 reload-into-ims refresh-ims
refresh_pattern -i windowsupdate.com/.*\.(cab|exe|msi|msu|msf|asf|wma|wmv)|dat|zip)$ 4320 80% 43200 reload-into-ims refresh-ims
refresh_pattern -i windows.com/.*\.(cab|exe|msi|msu|msf|asf|wmv|wma|dat|zip)$ 4320 80% 43200 reload-into-ims refresh-ims
refresh_pattern -i apple.com/.*\.(cab|exe|msi|msu|msf|asf|wmv|wma|dat|zip|dist)$ 0 80% 43200 reload-into-ims refresh-ims

#cache binaries
refresh_pattern -i \.(app|bin|deb|rpm|drpm|exe|zip|zipx|tar|tgz|tbz2|tlz|iso|arj|cfs|dar|jar)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private refresh-ims
refresh_pattern -i \.(bz|bz2|ipa|ram|rar|uxx|gz|msi|dll|lz|lzma|7z|s7z|Z|z|zz|sz)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private refresh-ims
refresh_pattern -i \.(exe|msi)$ 0 90% 200000 refresh-ims
refresh_pattern -i \.(cab|psf|vidt|apk|wtex|hz|ova|ovf)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private refresh-ims

#cache microsoft and adobe and other documents
refresh_pattern -i \.(ppt|pptx|doc|docx|docm|docb|dot|pdf|pub|ps)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private refresh-ims
refresh_pattern -i \.(xls|xlsx|xlt|xlm|xlsm|xltm|xlw|csv|txt)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private refresh-ims
#refresh_pattern -i ^ftp: 100000 90% 200000
#refresh_pattern -i ^gopher: 1440 0% 1440

#allow caching of other things based on cache control headers with some exceptions
refresh_pattern -i . 0 90% 200000 refresh-ims

log_icp_queries off
icp_port 0
htcp_port 0
acl snmppublic snmp_community public
snmp_port 3401
snmp_incoming_address x.x.x.x
snmp_access allow snmppublic all
minimum_object_size 0 KB
cache_effective_user squid
#header_replace User-Agent Mozilla/5.0 (X11; U;) Gecko/20080221 Firefox/2.0.0.9
vary_ignore_expire on
cache_swap_low 90
cache_swap_high 95
visible_hostname shadow
unique_hostname shadow-DHS
shutdown_lifetime 0 second
request_header_max_size 2048 KB
reply_header_max_size 2048 KB
request_entities on
half_closed_clients off
max_filedesc 65535
connect_timeout 15 seconds
cache_effective_group squid
buffered_logs on
#access_log /var/log/squid/access.log squid
access_log daemon:/var/log/squid/access.log buffer-size=1024KB
#access_log none
netdb_filename none
client_db off
dns_nameservers x.x.x.x x.x.x.x x.x.x.x
ipcache_size 10000
ipcache_low 90
ipcache_high 95
dns_v4_first on
negative_ttl 5 minutes
positive_dns_ttl 30 days
negative_dns_ttl 5 minutes
dns_retransmit_interval 1 seconds
check_hostnames off
forwarded_for delete
via off
httpd_suppress_version_string on
# mem and cache size
#collapsed_forwarding on
cache_mem 8 GB
memory_cache_mode disk
maximum_object_size 2 GB
maximum_object_size_in_memory 2 GB
digest_generation off
#digest_bits_per_entry 8
pinger_enable off
memory_pools on
max_stale 4 months


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] In major goof, Uber stored sensitive database key on public GitHub page

http://arstechnica.com/security/2015/03/in-major-goof-uber-stored-sensitive-database-key-on-public-github-page/ By Dan Goodin Ars Techica March 2, 2015 Uber is trying to force GitHub to disclose the IP address of every person that accessed a webpage connected to a database intrusion that exposed sensitive personal data for 50,000 drivers. The court action revealed that a security key unlocking the database was stored on a publicly accessible place, the online equivalent of stashing a house key under a doormat. Uber officials have yet to say precisely what information was contained in the two now-unavailable GitHub gists. But in a lawsuit filed Friday against the unknown John Doe intruders, Uber lawyers said the URLs contained a security key that allowed unauthorized access to the names and driver’s license numbers of about 50,000 Uber drivers. The ride-sharing service disclosed the breach on Friday, more than two months after it was discovered. “The contents of these internal database files are closely guarded by Uber,” the complaint stated. “Accessing them from Uber’s protected computers requires a unique security key that is not intended to be available to anyone other than certain Uber employees, and no one outside of Uber is authorized to access the files. On or around May 12, 2014, from an IP address not associated with an Uber employee and otherwise unknown to Uber, John Doe I used the unique security key to download Uber database files containing confidential and proprietary information from Uber’s protected computers.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Attackers protesting Superfish debacle hijack Lenovo e-mail, spoof website

http://arstechnica.com/security/2015/02/attackers-take-control-of-lenovo-com-hijacking-e-mail-and-web-servers/ By Dan Goodin Ars Technica Feb 25, 2015 Almost a week after revelations surfaced that Lenovo preinstalled dangerous ad-injecting software on consumer laptops, attackers took complete control of the company’s valuable Lenovo.com domain name, a coup that allowed them to intercept the PC maker’s e-mail and impersonate its Web pages. The hijacking was the result of someone compromising a Lenovo account at domain registrar Web Commerce Communications, and changing the IP address that gets called when people typed Lenovo.com into their Web browsers or e-mail applications. As a result, the legitimate Lenovo servers were bypassed and replaced with one that was controlled by the attackers. Marc Rogers, a principal security researcher at content delivery network CloudFlare, told Ars the new IP address pointed to a site hosted behind his company’s name servers. CloudFlare has seized the customer’s account, and at the time this post was being prepared, company engineers were working to help Lenovo restore normal e-mail and website operations. “We took control as soon as we found out (minutes after it happened) and are now working with Lenovo to restore service,” Rogers said. “All we saw was the domain come in to us, at which point we took immediate action to protect them and their service.” Rogers went on to say the unknown attackers posted MX mail server records that allowed them to read e-mail sent to Lenovo employees. The fraudulent records have since been removed. Rogers’ account is consistent with an image posted by the LizardCircle Twitter account. The image showed an e-mail sent by an outside PR person to several people inside Lenovo’s PR department. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] CarolinaCon-11 is coming – March 20th-22nd 2015

Forwarded from: Vic Vandal h4x0rs, InfoSec geeks, script kidz, posers, and friends, CarolinaCon is back for its 11th year, which is also billed as “the last CarolinaCon as we know it”. For about the price of your average movie admission with popcorn and a drink ($20), YOU are invited to join us for yet another intimate and informative weekend of hacking-related education. This year’s event will be held on the weekend of March 20th-22nd 2015 in Raleigh NC at the North Raleigh Hilton (Midtown). The currently chosen lineup includes more presenters named Old Gregg than you’ll find at any conference anywhere, along with other esteemed individuals, such as; – Have you ever drunk Bailey’s from a shoe? (aka Pen-Testing & Social Engineering Convergence) – Old Gregg (smrk3r) – Cryptocurrency Laundering Theory for Fun and Retirement – Old Gregg (myddrn) – How to design your “You got hacked” page – Old Gregg (digital shokunin) – Electronics Engineering for Pen-Testers – Old Gregg (melvin2001) – Phony Business – What Goes Around Comes Back Around – Unregistered & Snide – Elevator Obscura: Industry Hacks & Answers to all Your Odd Questions About Those Magical Moving Rooms – Howard Payne & Deviant Ollam – Rethinking the Origins of the Lock – Schuyler Towne – RedneckSec – @th3mojo – Cyber War Stories – Andrew Shumate – One Step Closer to the Matrix: Machine Learning and Augmented Reality in Networking – Rob Weiss & John Eberhardt – I live in a van and so can you – Mark Rickert, aka Matt Foley – Drilling Deeper with Veil’s PowerTools – Justin Warner (@sixdub) & Will Schroeder (@harmj0y) – Hacker’s Practice Ground – Lokesh Pidawekar – Social engineering is bullsh*t, call it what it is – surpherdave – Anatomy of Web Client Attacks – Jason Gillam – Art of Post-infection Response and Mitigation – chill – SPAM, Phish and Other Things Good to Eat – Joshua Schroeder / JoshInGeneral …..and potentially 1-2 other l33t talks that we might be able to squeeze in! Side events currently on tap include; – Capture The Flag – Mobile Museum of Vintage Technology – Lockpicking Village – Hacker Trivia – Android Netrunner – Pulp Fiction Canonical Drinking Game – “Unofficial” Shootout (details at http://hackers.withguns.com/) For those traveling to the event or who simply want to stay at the Hilton venue throughout, hotel rooms at the special CarolinaCon group rate can be reserved via this link. http://www.hilton.com/en/hi/groups/personalized/R/RDUNHHF-CCC-20150319/index.jhtml?WT.mc_id=POG ALERT: The special group rate is only available until February 20th, so book now if interested. For other exciting details as they develop stay tuned to: http://www.carolinacon.org If you have any important questions about the event that are NOT answered in website content you can send an email to; infocarolinacon.org Peace, Vic


Facebooktwittergoogle_plusredditpinterestlinkedinmail