Различия
Показаны различия между двумя версиями страницы.
Предыдущая версия справа и слева Предыдущая версия Следующая версия | Предыдущая версия | ||
proxy:network:proxy [2023/12/13 22:21] – mirocow | proxy:network:proxy [2023/12/14 23:53] (текущий) – mirocow | ||
---|---|---|---|
Строка 1: | Строка 1: | ||
- | {{tag> | + | {{tag> |
====== Squid+Privoxy+Tor ====== | ====== Squid+Privoxy+Tor ====== | ||
Строка 9: | Строка 9: | ||
nano / | nano / | ||
< | < | ||
- | acl manager proto cache_object | + | check_hostnames off |
- | acl localhost src 127.0.0.1/ | + | |
- | acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 | + | |
- | acl ftp proto FTP | + | |
- | acl localnet src 10.0.0.0/ | + | |
- | acl localnet src 172.16.0.0/ | + | |
- | acl localnet src 192.168.0.0/ | + | |
- | acl localnet src fc00::/ | + | |
- | acl localnet src fe80::/ | + | |
- | acl SSL_ports port 443 | + | acl localnet src 0.0.0.1-0.255.255.255 # |
- | acl Safe_ports port 80 | + | acl localnet src 10.0.0.0/ |
- | acl Safe_ports port 21 | + | acl localnet src 100.64.0.0/ |
- | acl Safe_ports port 443 # https | + | acl localnet src 169.254.0.0/ |
- | acl Safe_ports port 70 | + | acl localnet src 172.16.0.0/ |
- | acl Safe_ports port 210 # wais | + | acl localnet src 192.168.0.0/ |
- | acl Safe_ports port 1025-65535 | + | #acl localnet src fc00::/ |
- | acl Safe_ports port 280 # http-mgmt | + | #acl localnet src fe80::/ |
- | acl Safe_ports port 488 # gss-http | + | |
- | acl Safe_ports port 591 # filemaker | + | |
- | acl Safe_ports port 777 # multiling http | + | |
- | acl Safe_ports port 3128 | + | |
- | acl CONNECT method CONNECT | + | |
- | http_access allow manager localhost | + | ### |
- | http_access deny manager | + | acl russia_block_list url_regex "/ |
+ | acl i2p_list url_regex -i .*:// | ||
+ | acl onion_list url_regex -i .*:// | ||
- | http_access deny !Safe_ports | + | # i2p |
+ | cache_peer localhost | ||
+ | cache_peer_access localhost allow i2p_list | ||
- | http_access deny CONNECT !SSL_ports | + | # privoxy |
+ | cache_peer 192.168.1.131 parent 8118 8118 no-digest allow-miss no-query | ||
+ | cache_peer_access 192.168.1.131 allow onion_list | ||
+ | cache_peer_access 192.168.1.131 allow russia_block_list | ||
- | http_access | + | never_direct |
- | http_access | + | never_direct |
+ | never_direct allow russia_block_list | ||
+ | never_direct deny localnet | ||
- | http_port 3128 | + | always_direct deny onion_list |
+ | always_direct deny i2p_list | ||
+ | always_direct deny russia_block_list | ||
+ | always_direct allow localnet | ||
- | hierarchy_stoplist cgi-bin ? | + | http_access allow localnet |
+ | hosts_file / | ||
- | cache_peer 127.0.0.1 parent 8118 7 no-query no-digest | + | ### |
- | coredump_dir / | + | acl SSL_ports port 443 |
+ | acl Safe_ports port 80 # http | ||
+ | acl Safe_ports port 21 # ftp | ||
+ | acl Safe_ports port 443 # https | ||
+ | acl Safe_ports port 70 # gopher | ||
+ | acl Safe_ports port 210 # wais | ||
+ | acl Safe_ports port 1025-65535 # | ||
+ | acl Safe_ports port 280 # http-mgmt | ||
+ | acl Safe_ports port 488 # gss-http | ||
+ | acl Safe_ports port 591 # filemaker | ||
+ | acl Safe_ports port 777 # multiling http | ||
- | refresh_pattern ^ftp: | + | acl CONNECT method CONNECT |
- | refresh_pattern ^gopher: | + | |
- | refresh_pattern -i (/ | + | |
- | refresh_pattern . | + | |
- | |||
- | httpd_suppress_version_string on | ||
- | forwarded_for off | ||
- | always_direct allow ftp | ||
- | never_direct allow all | ||
- | </ | ||
- | |||
- | < | ||
- | acl all src all | ||
- | acl manager proto cache_object | ||
- | acl localhost src 127.0.0.1/ | ||
- | acl home_network src 192.168.2.0/ | ||
- | acl to_localhost dst 127.0.0.0/8 | ||
- | acl SSL_ports port 443 | ||
- | acl Safe_ports port 80 # http | ||
- | acl Safe_ports port 21 # ftp | ||
- | acl Safe_ports port 443 # https | ||
- | acl Safe_ports port 70 # gopher | ||
- | acl Safe_ports port 210 # wais | ||
- | acl Safe_ports port 1025-65535 # unregistered ports | ||
- | acl Safe_ports port 280 # http-mgmt | ||
- | acl Safe_ports port 488 # gss-http | ||
- | acl Safe_ports port 591 # filemaker | ||
- | acl Safe_ports port 777 # multiling http | ||
- | acl Safe_ports port 901 # SWAT | ||
- | acl purge method PURGE | ||
- | acl CONNECT method CONNECT | ||
- | http_access allow home_network | ||
- | http_access allow manager localhost | ||
- | http_access deny manager | ||
- | http_access allow purge localhost | ||
- | http_access deny purge | ||
http_access deny !Safe_ports | http_access deny !Safe_ports | ||
http_access deny CONNECT !SSL_ports | http_access deny CONNECT !SSL_ports | ||
- | acl malware_domains url_regex '/etc/squid/Malware-domains.txt' | + | http_access allow localhost manager |
- | http_access deny malware_domains | + | http_access deny manager |
+ | |||
+ | include | ||
http_access allow localhost | http_access allow localhost | ||
http_access deny all | http_access deny all | ||
- | icp_access deny all | + | http_port |
- | http_port | + | |
- | icp_port 0 | + | coredump_dir / |
- | hierarchy_stoplist cgi-bin ? | + | |
- | refresh_pattern ^ftp: 1440 20% 10080 | + | refresh_pattern ^ftp: 1440 20% 10080 |
- | refresh_pattern ^gopher: 1440 0% 1440 | + | refresh_pattern ^gopher: |
- | refresh_pattern -i (/ | + | refresh_pattern -i (/ |
- | refresh_pattern . 0 20% 4320 | + | refresh_pattern . 0 20% 4320 |
- | cache_peer localhost parent 8118 0 round-robin no-query | + | |
- | cache_peer localhost2 parent 8129 0 round-robin no-query | + | |
- | cache_peer localhost3 parent 8230 0 round-robin no-query | + | |
- | cache_peer localhost4 parent 8321 0 round-robin no-query | + | |
- | cache_peer localhost5 parent 8421 0 round-robin no-query | + | |
- | cache_peer localhost6 parent 8522 0 round-robin no-query | + | |
- | cache_peer localhost7 parent 8623 0 round-robin no-query | + | |
- | cache_peer localhost8 parent 8724 0 round-robin no-query | + | |
- | never_direct allow all | + | |
- | always_direct deny all | + | |
- | acl apache rep_header Server ^Apache | + | |
- | broken_vary_encoding allow apache | + | |
- | forwarded_for off | + | |
- | coredump_dir / | + | |
- | cache_dir ufs / | + | |
- | pid_filename / | + | |
- | access_log / | + | |
- | cache_store_log / | + | |
- | cache_log / | + | |
</ | </ | ||
====== Privoxy ====== | ====== Privoxy ====== | ||
nano / | nano / | ||
- | < | + | < |
# | # | ||
# https:// | # https:// | ||
Строка 145: | Строка 103: | ||
debug 4 # show tagging-related messages | debug 4 # show tagging-related messages | ||
debug 8 # show header parsing | debug 8 # show header parsing | ||
- | debug 16 # log all data written to the network | + | #debug 16 # log all data written to the network |
debug 32 # debug force feature | debug 32 # debug force feature | ||
debug 64 # debug regular expression filters | debug 64 # debug regular expression filters | ||
debug 128 # debug redirects | debug 128 # debug redirects | ||
- | debug 256 # debug GIF de-animation | + | #debug 256 # debug GIF de-animation |
debug 512 # Common Log Format | debug 512 # Common Log Format | ||
debug 1024 # Log the destination for requests Privoxy didn't let through, and the reason why. | debug 1024 # Log the destination for requests Privoxy didn't let through, and the reason why. | ||
Строка 155: | Строка 113: | ||
debug 4096 # Startup banner and warnings. | debug 4096 # Startup banner and warnings. | ||
debug 8192 # Non-fatal errors | debug 8192 # Non-fatal errors | ||
- | debug 32768 # log all data read from the network | + | #debug 32768 # log all data read from the network |
- | debug 65536 # Log the applying actions | + | #debug 65536 # Log the applying actions |
toggle | toggle | ||
enable-remote-toggle | enable-remote-toggle | ||
Строка 164: | Строка 122: | ||
buffer-limit 4096 | buffer-limit 4096 | ||
enable-proxy-authentication-forwarding 0 | enable-proxy-authentication-forwarding 0 | ||
- | forward-socks5 / 192.168.1.131:9050 . # перенаправляем траффик на tor socks proxy (на тор) | + | forward-socks5 / localhost:9050 . # перенаправляем траффик на tor socks proxy (на тор) |
- | forward-socks4 / 192.168.1.131:9050 . # перенаправляем траффик на tor socks proxy (на тор) | + | forward-socks4 / localhost:9050 . # перенаправляем траффик на tor socks proxy (на тор) |
- | forward-socks4a / 192.168.1.131:9050 . # перенаправляем траффик на tor socks proxy (на тор) | + | forward-socks4a / localhost:9050 . # перенаправляем траффик на tor socks proxy (на тор) |
- | forward-socks4a .onion | + | forward-socks4a .onion |
- | #forward .i2p 192.168.1.131:4444 . # если домен .i2p - идем на него через i2p роутер | + | forward .i2p localhost:4444 . # если домен .i2p - идем на него через i2p роутер |
forward 192.168.*.*/ | forward 192.168.*.*/ | ||
forward 127.*.*.*/ | forward 127.*.*.*/ | ||
Строка 178: | Строка 136: | ||
tolerate-pipelining 1 | tolerate-pipelining 1 | ||
socket-timeout 300 | socket-timeout 300 | ||
- | </ | ||
- | |||
- | < | ||
- | forward-socks4a / 127.0.0.1: | ||
- | confdir / | ||
- | logdir / | ||
- | actionsfile default.action | ||
- | actionsfile user.action | ||
- | filterfile default.filter | ||
- | |||
- | logfile logfile | ||
- | |||
- | debug 4096 # Startup banner and warnings | ||
- | debug 8192 # Errors - *we highly recommended enabling this* | ||
- | |||
- | user-manual / | ||
- | listen-address | ||
- | toggle | ||
- | enable-remote-toggle 0 | ||
- | enable-edit-actions 0 | ||
- | enable-remote-http-toggle 0 | ||
- | buffer-limit 4096 | ||
- | </ | ||
- | |||
- | < | ||
- | actionsfile standard.action # Internal purpose, recommended | ||
- | actionsfile default.action # Main actions file | ||
- | actionsfile user.action # User customizations | ||
- | actionsfile neilvandyke.action # http:// | ||
- | filterfile default.filter | ||
- | logfile logfile | ||
- | toggle 1 | ||
- | enable-remote-toggle 0 | ||
- | enable-remote-http-toggle 0 | ||
- | enable-edit-actions 1 | ||
- | enforce-blocks 0 | ||
- | buffer-limit 4096 | ||
- | forwarded-connect-retries 0 | ||
- | accept-intercepted-requests 0 | ||
- | allow-cgi-request-crunching 0 | ||
- | split-large-forms 0 | ||
</ | </ | ||
====== Tor ====== | ====== Tor ====== | ||
Строка 225: | Строка 142: | ||
nano / | nano / | ||
- | < | + | < |
+ | # | ||
+ | # https:// | ||
+ | # https:// | ||
+ | # curl -x socks5h:// | ||
+ | # | ||
SocksPort localhost: | SocksPort localhost: | ||
ControlPort localhost: | ControlPort localhost: | ||
Строка 246: | Строка 168: | ||
# Мининизировать запись на диск - это важно для устройств, | # Мининизировать запись на диск - это важно для устройств, | ||
AvoidDiskWrites 1 | AvoidDiskWrites 1 | ||
- | </ | ||
- | < | + | # bridges |
- | SocksPort 9050 # what port to open for local application connections | + | ClientTransportPlugin obfs4 exec / |
- | SocksBindAddress 127.0.0.1 | + | Bridge obfs4 [2400: |
- | AllowUnverifiedNodes middle, | + | Bridge webtunnel [2001: |
- | Log notice syslog | + | Bridge webtunnel [2001: |
+ | Bridge obfs4 185.177.207.137: | ||
+ | Bridge obfs4 207.172.185.193: | ||
+ | UseBridges 1 | ||
</ | </ | ||
- | < | + | ====== Bridges ====== |
- | SocksBindAddress 127.0.0.1 # accept connections only from localhost | + | |
- | AllowUnverifiedNodes middle, | + | * <code bash>$ apt install obfs4proxy</ |
- | Log notice syslog | + | * https:// |
- | RunAsDaemon 1 | + | |
- | User tor | + | ===== RKN ===== |
- | Group tor | + | |
- | CircuitBuildTimeout 30 | + | <code bash> |
- | NumEntryGuards 6 | + | #!/bin/sh |
- | KeepalivePeriod 60 | + | curl -fsSL https:// |
- | NewCircuitPeriod 15 | + | | sed 1d \ |
+ | | cut -d ';' | ||
+ | | tr " | ||
+ | | sed 's/^[ \t]*//;s/[ \t]*$//' | ||
+ | | uniq > / | ||
+ | |||
+ | #“sed 1d” — отрезаем первую строку | ||
+ | #“cut -d ';' | ||
+ | #tr " | ||
+ | #sed 's/^[ \t]*//;s/[ \t]*$//' | ||
+ | #uniq — удаляем дублирующиеся строки. | ||
</ | </ |