Различия

Показаны различия между двумя версиями страницы.

--- proxy:network:proxy [2023/12/14 23:03] – mirocow
+++ proxy:network:proxy [2023/12/14 23:53] (текущий) – mirocow
@@ Строка 1: / Строка 1: @@
-{{tag>squid privoxy tor}}
+{{tag>squid privoxy tor obfs4}}
 ====== Squid+Privoxy+Tor ======
@@ Строка 9: / Строка 9: @@
 nano /etc/squid/squid.conf
 <code>
-acl manager proto cache_object
+check_hostnames off
-acl localhost src 127.0.0.1/32 ::1
-acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
-acl ftp proto FTP
-acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
-acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
-acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
-acl localnet src fc00::/7       # RFC 4193 local private network range
-acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
-acl SSL_ports port 443
+acl localnet src 0.0.0.1-0.255.255.255	# RFC 1122 "this" network (LAN)
-acl Safe_ports port 80          # http
+acl localnet src 10.0.0.0/8		          # RFC 1918 local private network (LAN)
-acl Safe_ports port 21          # ftp
+acl localnet src 100.64.0.0/10		      # RFC 6598 shared address space (CGN)
-acl Safe_ports port 443         # https
+acl localnet src 169.254.0.0/16         # RFC 3927 link-local (directly plugged) machines
-acl Safe_ports port 70          # gopher
+acl localnet src 172.16.0.0/12		      # RFC 1918 local private network (LAN)
-acl Safe_ports port 210         # wais
+acl localnet src 192.168.0.0/16		      # RFC 1918 local private network (LAN)
-acl Safe_ports port 1025-65535  # unregistered ports
+#acl localnet src fc00::/7               # RFC 4193 local private network range
-acl Safe_ports port 280         # http-mgmt
+#acl localnet src fe80::/10              # RFC 4291 link-local (directly plugged) machines
-acl Safe_ports port 488         # gss-http
-acl Safe_ports port 591         # filemaker
-acl Safe_ports port 777         # multiling http
-acl Safe_ports port 3128
-acl CONNECT method CONNECT
-http_access allow manager localhost
+###
-http_access deny manager
+acl russia_block_list url_regex "/etc/squid/eais.list"
+acl i2p_list url_regex -i .*://.*\.i2p\/.*
+acl onion_list url_regex -i .*://.*\.onion\/.*
-http_access deny !Safe_ports
+# i2p
+cache_peer localhost  parent    4444  4444  no-digest allow-miss no-query
+cache_peer_access localhost allow i2p_list
-http_access deny CONNECT !SSL_ports
+# privoxy
+cache_peer 192.168.1.131 parent 8118 8118 no-digest allow-miss no-query
+cache_peer_access 192.168.1.131 allow onion_list
+cache_peer_access 192.168.1.131 allow russia_block_list
-http_access allow localhost
+never_direct allow onion_list
-http_access allow all
+never_direct allow i2p_list
+never_direct allow russia_block_list
+never_direct deny localnet
-http_port 3128
+always_direct deny onion_list
+always_direct deny i2p_list
+always_direct deny russia_block_list
+always_direct allow localnet
-hierarchy_stoplist cgi-bin ?
+http_access allow localnet
+hosts_file /etc/squid/hosts
-cache_peer 127.0.0.1 parent 8118 7 no-query no-digest
+###
-coredump_dir /var/spool/squid
-refresh_pattern ^ftp:           1440    20%     10080
-refresh_pattern ^gopher:        1440    0%      1440
-refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
-refresh_pattern .               0       20%     4320
-httpd_suppress_version_string on
-forwarded_for off
-always_direct allow ftp
-never_direct allow all
-</code>
-<code>
-acl all src all
-acl manager proto cache_object
-acl localhost src 127.0.0.1/32
-acl home_network src 192.168.2.0/24
-acl to_localhost dst 127.0.0.0/8
 acl SSL_ports port 443
-acl Safe_ports port 80 # http
+acl Safe_ports port 80		# http
-acl Safe_ports port 21 # ftp
+acl Safe_ports port 21		# ftp
-acl Safe_ports port 443 # https
+acl Safe_ports port 443		# https
-acl Safe_ports port 70 # gopher
+acl Safe_ports port 70		# gopher
-acl Safe_ports port 210 # wais
+acl Safe_ports port 210		# wais
-acl Safe_ports port 1025-65535 # unregistered ports
+acl Safe_ports port 1025-65535	# unregistered ports
-acl Safe_ports port 280 # http-mgmt
+acl Safe_ports port 280		# http-mgmt
-acl Safe_ports port 488 # gss-http
+acl Safe_ports port 488		# gss-http
-acl Safe_ports port 591 # filemaker
+acl Safe_ports port 591		# filemaker
-acl Safe_ports port 777 # multiling http
+acl Safe_ports port 777		# multiling http
-acl Safe_ports port 901 # SWAT
-acl purge method PURGE
 acl CONNECT method CONNECT
-http_access allow home_network
-http_access allow manager localhost
-http_access deny manager
-http_access allow purge localhost
-http_access deny purge
 http_access deny !Safe_ports
 http_access deny CONNECT !SSL_ports
-acl malware_domains url_regex '/etc/squid/Malware-domains.txt'
+http_access allow localhost manager
-http_access deny malware_domains
+http_access deny manager
+include /etc/squid/conf.d/*
 http_access allow localhost
 http_access deny all
-icp_access deny all
+http_port 3128
-http_port 3400
-icp_port 0
+coredump_dir /var/spool/squid
-hierarchy_stoplist cgi-bin ?
-refresh_pattern ^ftp: 1440 20% 10080
+refresh_pattern ^ftp:		1440	20%	10080
-refresh_pattern ^gopher: 1440 0% 1440
+refresh_pattern ^gopher:	1440	0%	1440
-refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
+refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
-refresh_pattern . 0 20% 4320
+refresh_pattern .		0	20%	4320
-cache_peer localhost parent 8118 0 round-robin no-query
-cache_peer localhost2 parent 8129 0 round-robin no-query
-cache_peer localhost3 parent 8230 0 round-robin no-query
-cache_peer localhost4 parent 8321 0 round-robin no-query
-cache_peer localhost5 parent 8421 0 round-robin no-query
-cache_peer localhost6 parent 8522 0 round-robin no-query
-cache_peer localhost7 parent 8623 0 round-robin no-query
-cache_peer localhost8 parent 8724 0 round-robin no-query
-never_direct allow all
-always_direct deny all
-acl apache rep_header Server ^Apache
-broken_vary_encoding allow apache
-forwarded_for off
-coredump_dir /home/squid-cache # where squid stores the cache
-cache_dir ufs /home/squid-cache 20000 16 256 # cache-size in MB, Directory-Structure 1, Directory-Structure below 1
-pid_filename /var/run/squid-in.pid
-access_log /var/log/squid/access.squid-in.log
-cache_store_log /var/log/squid/store.squid-in.log
-cache_log /var/log/squid/cache.squid-in.log
 </code>
 ====== Privoxy ======
 nano /etc/privoxy/config
-<code | privoxy>
+<code>
 #
 # https://www.privoxy.org/user-manual/config.html
@@ Строка 184: / Строка 142: @@
 nano /etc/tor/torrc
-<code | torrc>
+<code>
 #
 # https://www.torproject.org/docs/faq#torrc
@@ Строка 219: / Строка 177: @@
 Bridge obfs4 207.172.185.193:22223 F34AC0CDBC06918E54292A474578C99834A58893 cert=MjqosoyVylLQuLo4LH+eQ5hS7Z44s2CaMfQbIjJtn4bGRnvLv8ldSvSED5JpvWSxm09XXg iat-mode=0
 UseBridges 1
+</code>
+====== Bridges ======
+  * <code bash>$ apt install obfs4proxy</code>
+  * https://bridges.torproject.org/options/
+===== RKN =====
+<code bash>
+#!/bin/sh
+curl -fsSL https://raw.githubusercontent.com/zapret-info/z-i/master/dump.csv \
+| sed 1d \
+| cut -d ';' -f 3 \
+| tr "\|" "\n" \
+| sed 's/^[ \t]*//;s/[ \t]*$//' \
+| uniq > /etc/squid/zapret-urls.txt
+#“sed 1d” — отрезаем первую строку
+#“cut -d ';' -f 3“ — вырезаем все, кроме третьей колонки.
+#tr "\|" "\n" — заменяем символ | на символ переноса строки
+#sed 's/^[ \t]*//;s/[ \t]*$//' — обрезаем пробелы и табуляцию
+#uniq — удаляем дублирующиеся строки.
 </code>