[squid-users] Pre-Configured Squid 2.6S3 accelerate mode with SSL on Windows.

From: fulan Peng <fulanpeng@dont-contact.us>
Date: Thu, 31 Aug 2006 22:39:50 -0400

Hi,
I have configured Squid 2.6 STABLE3 NT accelerate mode with SSL on
Windows. If you want to do the same thing, you can download my package
and replace some web site then it will be yours. All you have to do is
to replace the backend website name in the /squid/etc/squid.conf file.
After you unzip the package at C drive root directory, all you have to
do is to go to the /squid/etc directory and fire the command "go". If
you want to stop Squid, all you have to do is to fire the command
stop. The place to download the package is at
http://breakevilaxis.org/squid-usa.zip
There is a program called ddint.exe. This is used to produce crazy
random strings to put in the certificates to make your certificates
hard to be identified. If your web site have some words like democracy
and human rights, the Communist China government will block your web
site by filtering out your certificates and send a RESET packet to you
and your clients. So I create a new certificate every time I start
Squid.

I put source code for ddint.exe here in case you worry about it is a
virus. You can compile it with C++.

At the end, it is a workable squid.conf file. I worked several weeks
to get this file.

#include "stdafx.h"
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <time.h>
#include <iostream>
using namespace System;
using namespace std;
void r16string(int );
        static char c[64]={'1','q','a','z','2','w','s','x','3','e','d','c','4','r','f','v','5','t','g','b','6','y','h','n','7','u','j','m','8','i','k','T','9','S','o','l','p','0','P','O','I','U','Y','T','R','E','W','Q','A','S','D','F','G','H','J','K','L','M','N','B','V','C','X','Z'};
             static char
s[64]={'1','2','3','4','5','6','7','8','9','0','1','2','3','4','5','6','7','8','9','0','1','2','3','4'};
        static char CN[64]={'1','2','3','4','5','6','7','8','9','0','1','2','3','4','5','6','7','8','9','0','1','2','3','4'};
         static char L[64]={'1','2','3','4','5','6','7','8','9','0','1','2','3','4','5','6','7','8','9','0','1','2','3','4'};
         static char O[64]={'1','2','3','4','5','6','7','8','9','0','1','2','3','4','5','6','7','8','9','0','1','2','3','4'};
         static char OU[64]={'1','2','3','4','5','6','7','8','9','0','1','2','3','4','5','6','7','8','9','0','1','2','3','4'};
         static char ST[64]={'1','2','3','4','5','6','7','8','9','0','1','2','3','4','5','6','7','8','9','0','1','2','3','4'};
         static char PASSWORD[64]={'1','2','3','4','5','6','7','8','9','0','1','2','3','4','5','6','7','8','9','0','1','2','3','4'};
         static char emailname[64]={'1','2','3','4','5','6','7','8','9','0','1','2','3','4','5','6','7','8','9','0','1','2','3','4'};
         static char emailcompany[64]={'1','2','3','4','5','6','7','8','9','0','1','2','3','4','5','6','7','8','9','0','1','2','3','4'};
        
         static char*
d[16]={"US","CA","DE","CN","KR","BR","FR","JP","IT","BG","TW","UK","RU","CZ","CH","AU"};
        int main(void)
{
        int rand64;
        int l=5;
        char * C;
        srand((unsigned) time(NULL));
                int rand16 = rand();
                rand16 = rand();
                rand16 &=0x000F;
                
                        C = d[rand16];

 cout << "openssl req -new -x509 -keyout
c:\\squid\\etc\\demoCA\\private\\cakey.pem -out
c:\\squid\\etc\\demoCA\\cacert.pem -days 365 -subj /C=";
cout<< C <<"/ST=";
rand16 = rand();
                rand16 &=0x000F;
                rand16 +=l;
 for ( int i=0; i < rand16; i++) {
                        rand64=rand();
                        rand64 &= 0x003F;
                        ST[i] = c[rand64];
 }
ST[rand16]=0;

cout<<ST<<"/L=";
rand16 = rand();
                rand16 &=0x000F;
                rand16 +=l;
 for ( int i=0; i < rand16; i++) {
                        rand64=rand();
                        rand64 &= 0x003F;
                        L[i] = c[rand64];
 }
L[rand16]=0;
cout<<L<<"/OU=";
rand16 = rand();
                rand16 &=0x000F;
                rand16 +=l;
 for ( int i=0; i < rand16; i++) {
                        rand64=rand();
                        rand64 &= 0x003F;
                        OU[i] = c[rand64];
 }
OU[rand16]=0;
cout <<OU<<"/O=";
rand16 = rand();
                rand16 &=0x000F;
                rand16 +=l;
 for ( int i=0; i < rand16; i++) {
                        rand64=rand();
                        rand64 &= 0x003F;
                        O[i] = c[rand64];
 }
O[rand16]=0;
cout<<O<<"/CN=";
rand16 = rand();
                rand16 &=0x000F;
                rand16 +=l;
 for ( int i=0; i < rand16; i++) {
                        rand64=rand();
                        rand64 &= 0x003F;
                        CN[i] = c[rand64];
 }
CN[rand16]=0;
cout <<CN<<"/emailAddress=";
rand16 = rand();
                rand16 &=0x000F;
                rand16 +=l;
 for ( int i=0; i < rand16; i++) {
                        rand64=rand();
                        rand64 &= 0x003F;
                        emailname[i] = c[rand64];
 }
emailname[rand16]=0;
cout<<emailname<<"@";
rand16 = rand();
                rand16 &=0x000F;
                rand16 +=l;
 for ( int i=0; i < rand16; i++) {
                        rand64=rand();
                        rand64 &= 0x003F;
                        emailcompany[i] = c[rand64];
 }
emailcompany[rand16]=0;
cout<<emailcompany<<".com -passout pass:";
rand16 = rand();
                rand16 &=0x000F;
                rand16 +=l;
 for ( int i=0; i < rand16; i++) {
                        rand64=rand();
                        rand64 &= 0x003F;
                        PASSWORD[i] = c[rand64];
 }
PASSWORD[rand16]=0;
cout<<PASSWORD <<"\n";
cout << "c:\\openssl\\bin\\openssl.exe req -new -keyout key.pem -out
req.pem -days 365 -subj
/C="<<C<<"/ST="<<ST<<"/L="<<L<<"/OU="<<OU<<"/O="<<O<<"/CN="<<CN<<"/emailAddress="<<emailname<<"@"<<emailcompany<<".com
-passout pass:"<<PASSWORD << "\n";
cout << "copy key.pem key.pem.old \n";
cout << "c:\\openssl\\bin\\openssl.exe rsa -in key.pem.old -out
key.pem -passin pass:"<<PASSWORD<<"\n";
cout <<"c:\\openssl\\bin\\openssl.exe ca -in c:\\squid\\etc\\req.pem
-out c:\\squid\\etc\\cert.pem -passin pass:"<<PASSWORD<<" -batch\n";
return 0;
}

http_port 127.0.0.1:80 defaultsite=ddint.org
https_port 443 cert=c:\squid\etc\cert.pem key=c:\squid\etc\key.pem
defaultsite=zyzg.org.ru
https_port 8443 cert=c:\squid\etc\cert.pem key=c:\squid\etc\key.pem
defaultsite=breakevilaxis.org
https_port 9000 cert=c:\squid\etc\cert.pem key=c:\squid\etc\key.pem
defaultsite=qxbbs.org
https_port 9001 cert=c:\squid\etc\cert.pem key=c:\squid\etc\key.pem
defaultsite=bbs.futurechinaforum.org
https_port 9003 cert=c:\squid\etc\cert.pem key=c:\squid\etc\key.pem
defaultsite=www.peacehall.com
cache_peer www.peacehall.com parent 80 0 originserver name=peacehall
cache_peer breakevilaxis.org parent 80 0 originserver name=breakevilaxis
cache_peer qxbbs.org parent 80 0 originserver name=qxbbs
cache_peer bbs.futurechinaforum.org parent 80 0 originserver
name=futurechinaforum
cache_peer zyzg.org.ru parent 80 0 originserver name=zyzg
cache_peer ddint.org parent 80 0 originserver name=ddint
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
access_log c:/squid/var/logs/access.log squid
debug_options ALL,9
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl breakevilaxis.org dstdomain breakevilaxis.org
acl www.peacehall.com dstdomain www.peacehall.com
acl qxbbs.org dstdomain qxbbs.org
acl bbs.futurechinaforum.org dstdomain bbs.futurechinaforum.org
acl zyzg.org.ru dstdomain zyzg.org.ru
acl ddint.org dstdomain ddint.org
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
http_access allow zyzg.org.ru
http_access allow www.peacehall.com
http_access allow ddint.org
#http_access allow www.dajiyuan.com
http_access allow breakevilaxis.org
http_access allow bbs.futurechinaforum.org
http_access allow qxbbs.org
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow all
http_reply_access allow all
icp_access allow all
cache_peer_access zyzg allow zyzg.org.ru
cache_peer_access peacehall allow www.peacehall.com
cache_peer_access breakevilaxis allow breakevilaxis.org
cache_peer_access futurechinaforum allow bbs.futurechinaforum.org
cache_peer_access qxbbs allow qxbbs.org
#cache_peer_access dajiyuan allow www.dajiyuan.com
cache_peer_access ddint allow ddint.org
visible_hostname ddint.org
coredump_dir c:/squid/var/cache
Received on Thu Aug 31 2006 - 20:39:54 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Sep 01 2006 - 12:00:02 MDT