I found out the site was inaccessible on April 3. I was unable to connect at all and so i was thinking that maybe the node where i was at was down and so i sent a ticket to the provider. When they replied saying there’s nothing wrong on their side, then i started thinking was there a misconfiguration somewhere? but the day before it was working. So it began, the troubleshooting game. Unfortunately because the network is down and the provider didn’t give me access to any other console so it’s kinda hard to check on things because i have to tell them the command first by sending them tickets and then they would execute it and report back. At the same time i don’t like bothering them like this because this is an unmanaged service so asking them like this feels like i was bothering them.

After numerous messages and failed attempts. They offered me to create a full backup of my container and then rebuild the vps the OS and then put the backup file later on the freshly installed vps so i can do what i want with it later. I was still hesitant on doing that mainly because well let’s just say i don’t want to reconfigure the whole thing again and i’m thinking the problem wasn’t related to configurations and so i asked them to execute one more command, and that is to install packages using yum.

To my surprise they reported that yum failed and they couldn’t even ping the machine from the host node. So just as i thought this problem was caused by something else and so i ask them to try to re-add my ip address, move to another ip temporarily, and all of them ended up in failure and thought that this is due to broken network scripts. Then they re-offered me whether i want to proceed with the backup plan mentioned before … and because i’m left with no other choice i choose yes. After the procedure completed I’m left with a freshly installed CentOS 7 and a tar backup file placed in the root directory.

At this point i remember the last automated report that was sent to me. I noticed on that report there was plenty of updates being performed before i lost contact with my vps. I decided to apply updates right from the start, and then rebooted the server and voila the source of the problem was finally found. Network went down again and now i’m totally sure it was caused by updates. But which one? there are so many updates and i’m locked out of my vps again. But this time i don’t want to send so many messages to them like before so i did some research and found the source of the problem (redhat bugzilla link | openvz bugzilla link). But because there’s no way for me to access my vps the only thing i can do is just send a message to the provider where i’m hosted at pointing to those two sites and wait. Due to timezone difference it feels like i was waiting forever.

Finally after they applied the patch, my vps is accessible again .. but i still have one more thing to do, and that is restoring the backup they provided before and making sure that everything was good again. If you think everything is going to be smooth this time, you were wrong, because unfortunately during the restoring process my container was wrongly suspended. It took about 22 minutes after i sent an explanation to them to get it unblocked again and all is well again now.

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | One comment

0x87485B96 | Tags : Miscellaneous

Additionaly, people would be happy when they received 0 spam (and so do i). But after doing some modifications here and there, it feels like i did something wrong when the spam counter is still at 0 during the last 2 days after it goes live when it usually reach hundreds within a day and now there’s 0 spam in the spam area.

Then what makes it worse is i just noticed now (or to be precise i finally care), long time ago i made a big mistake of using automatic tags generation for all my posts tags and now i’ve paid a big price for it by deleting all the tags, and then i’ve to proceed to add them manually although the later is still in progress because i’m also doing some cleaning on the other stuff as well.

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 2 comments

0x87485B96 | Tags : Miscellaneous

According to Akismet, for last month (september) the amount of spam that got caught was at 125,966 while for this month as of writing this the number of spam is at 115,945. I’m simply stunned. If a small blog like this could get such a large amount of spam, how big would it be for larger blogs?. Must be really stressful.

Besides doing some cleaning, i have also made changes to many things here and there. I moved from my old hosting provider into a new budget vps that is cheaper and also enabled SSL although it is not on by default, which means you need to change the url into https by yourself first and then the rest of your visit would be in SSL (if anyone care).

Finally after i’ve finished setting up everything also making sure that the new server can stay up and running for several days without problem (and not getting kicked too), I then canceled my old hosting plan. And so here begins the new chapter of this blog.

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 3 comments

0x87485B96 | Tags : Miscellaneous

Basically here’s what i get from email message i received from Google and unfortunately there are no warnings given (not even a single warning even after all these years).

Hello,

We continually review all publishers according to our program policies (https://www.google.com/support/adsense/bin/answer.py?answer=48182&stc=aspe-3pp-en) and Terms and Conditions (https://www.google.com/adsense/localized-terms?&stc=aspe-3tc-en ). During a recent review of your account, our specialists found that it was not in compliance with our policies.

WEBMASTER GUIDELINES: Our program specialists regularly review sites in the AdSense program.

It is important for a site displaying AdSense to offer significant value to the end user by providing unique and relevant content, and not to place ads on sites with little to no original content. Additionally, Google ads may not be placed on non-content-based pages.

Your site should also provide a good user experience through clear navigation and organization. Users should be able to easily click through
your pages and find the information they are seeking.

Because your sites violate the spirit of our policies, we have disabled ad serving.

To answer the fourth paragraph on that email message, all of the content written here is made by me (some of them, and by some i mean only several posts are made by others and that is really long time ago) so obviously it’s original and i never placed Google ads on non content pages so i believe i didn’t do anything wrong on that part.

As for the fifth paragraph, well i believe that everything is organized here and users can navigate easily so i’m not even sure what’s wrong.

To be honest, i don’t even know what’s i’ve been doing wrong so they ban me straight away without any warnings given so i can correct my mistakes if i’ve made any and i believe i have mentioned earlier that i’m not a guy that has just started using Adsense a month ago or even a few months ago, i’ve been with them for 6 years (since 2006) and i always comply with their guidelines so i’m devastated plus angered by this.

I’ve just sent an appeal to Google asking for explanation and also asked whether it is possible for my account to get reinstated. So the only thing i can do for now is just wait for their reply and hopefully they reinstate my account back.

Final update: nope, i received no answer at all.

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 4 comments

0x87485B96 | Tags : Miscellaneous

First thing first, the command used here for both Apache and Nginx were designed to be use in cron because TOR ip often change. But make sure that it’s scheduled for 1 hour at minimum to respect those that gives you free service to lookup tor ip =)

Getting a list of TOR IP Addresses

Before anything else we need to get a list of TOR IP Address, and to do that we have two options (but of course feel free to use your own source if you have one):

• Use TOR Bulk Exit List from Torproject
• Use an external sites that list TOR IP Address such as from dan.me.uk

Note: dan.me.uk website only allow you to fetch it every 1 hour only (even if you accidentally clicked it), i choose to not link to the ip address url directly because of that reason and so you have to copy the url directly

For example purpose, here i’m going to use the list from dan.me.uk website and i obviously would like to thank him first for providing tor ip list

Blocking TOR on Nginx

I assume that:

• Nginx is located at /usr/local/nginx
• The conf directory is at /usr/local/nginx/conf

If you have Nginx at different location make sure to adjust it accordingly

1. Edit your vhost configuration let’s say it’s called mydomain.conf

# Example configuration on blocking tor on Nginx for a specific server block
# /usr/local/nginx/conf/mydomain.conf

server {

	[...] # your access_log, error_log, etc

	# include tor ip list for a whole vhost
	include tor-ip.conf;

	location / {
		[...] # root configuration
	}

}

# And here's an example if you want to block it for specific location / file only

server {

	[...] # your access_log, error_log, etc

	location ~ "/no-tor-allowed/" {
		# include tor ip list for this location
		include tor-ip.conf;
	}

	location / {
		[...] # root other configuration
	}

}

But don’t go reloading your nginx configuration just yet

2. Downloading the ip list and automatically reload nginx

# run this command once before putting it in cron, but make sure to adjust the path in the command below to match your nginx location
# the output file is /usr/local/nginx/conf/tor-ip.conf

wget -q https://www.dan.me.uk/torlist/ -O - | sed "s/^/deny /g; s/$/;/g" > /usr/local/nginx/conf/tor-ip.conf; /usr/local/nginx/sbin/nginx -s reload

And done for the Nginx part

Blocking TOR on Apache

Depending on whether you have access to your Apache configuration file or not, the configuration will be different. But i’ll cover them both just in case you don’t have access to Apache configuration file and only have access to .htaccess file. Although it’s not recommended to be used in htaccess but for completion’s sake, i might as well include it :).

If you have access to Apache configuration

The steps are pretty much the same like Nginx with the only difference is the location and the syntax of the block directive, anyway:

I assume that:

• Apache is at /usr/local/apache
• The conf file is at /usr/local/apache/conf

If you have Apache at different location make sure to adjust it accordingly

1. Open your vhost configuration file (if you put your vhost configuration file in httpd.conf then edit that file) and then locate your desired virtualhost (e.g mydomain.com)

# Example configuration on blocking tor on Apache for a specific virtualhost block
<VirtualHost 1.2.3.4:80>

	[...] # other stuff such as server name and so on

	# Adjust the directory if you want to block tor for specific directory only
	# The example below will block access from TOR users completely
	<Directory />
		# Include tor ip
		Include conf/tor-ip.conf
	</Directory>

	# Or you can also use location directive
	# in this example TOR users is not allowed to visit /no-tor-allowed url and its contents
	<Location /no-tor-allowed>
		# Include tor ip
		Include conf/tor-ip.conf
	</Location>

	# Or use this to block specific file only
	<Files my-files.html>
		# Include tor ip
		Include conf/tor-ip.conf
	</Files>

</VirtualHost>

But don’t restart Apache just yet or else it’ll fail

2. Downloading the ip list and automatically restart Apache

If you’re running Apache 2.2 and below

# Run this once before putting it in cron, but make sure to adjust the path before running it
# This will save the output tor ip to /usr/local/apache/conf/tor-ip.conf

wget -q https://www.dan.me.uk/torlist/ -O - | sed 's/^/deny from /g' > /usr/local/apache/conf/tor-ip.conf; /usr/local/apache/bin/apachectl graceful

If you’re running Apache 2.4

# Run this once before putting it in cron, but make sure to adjust the path before running it
# This will save the output tor ip to /usr/local/apache/conf/tor-ip.conf

wget -q https://www.dan.me.uk/torlist/ -O - | sed "s/^/Require not ip /g; 1i\<RequireAll\>\nRequire all granted" | sed '$a\<\/RequireAll\>' > /usr/local/apache/conf/tor-ip.conf; /usr/local/apache/bin/apachectl graceful

Note: Actually as long as you have mod_access_compat compiled into Apache 2.4 (if i remember it correctly it’s included by default if you compile Apache yourself) you can still use the old allow deny directives but for future proof using Require would be better

If you only have access to .htaccess file

You are still able to use this but make sure to change /your/www/directory/.htaccess into the full path to your .htaccess file but please note that i’m not sure about the performance penalty for blocking many ip addresses in a .htaccess file

If you’re on Apache 2.2 and below

# Note: This will append new lines to your .htaccess file and will block all access from TOR ips to all section of your site by default
# If you need to block for specific file, you need to modify the command below
# Also make sure to backup your .htaccess file first and adjust the path to point to your .htaccess file

# Run this once before putting it in cron if you have ssh access
# otherwise put it in cron directly but make sure to set a minimum of 1 hour

sed -i '/#\ REAPER-TOR/,/#\ END-REAPER-TOR/d' /your/www/directory/.htaccess; wget -q https://www.dan.me.uk/torlist/ -O - | sed "s/^/deny from /g; 1i# REAPER-TOR" | sed '$a# END-REAPER-TOR' >> /your/www/directory/.htaccess

If you’re on CPanel Shared Hosting there’s a high chance that you’re on Apache 2.2

If you’re on Apache 2.4

# Note: This will append new lines to your .htaccess file and will block all access from TOR ips to all section of your site by default
# If you need to block for specific file, you need to modify the command below
# Also make sure to backup your .htaccess file first and adjust the path to point to your .htaccess file

# Run this once before putting it in cron if you have ssh access
# otherwise put it in cron directly but make sure to set a minimum of 1 hour

sed -i '/#\ REAPER-TOR/,/#\ END-REAPER-TOR/d' /your/www/directory/.htaccess; wget -q https://www.dan.me.uk/torlist/ -O - | sed "s/^/Require not ip /g; 1i#\ REAPER-TOR\n\<RequireAll\>\nRequire all granted" | sed '$a\<\/RequireAll\>\n# END-REAPER-TOR' >> /your/www/directory/.htaccess

And that’s it

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 4 comments

0x87485B96 | Tags : How To

# And it causes redirect loop (also tested on my local box)
# Atlhough it works fine for simple php files but not on his vBulletin setup
# or other non simple php file (because i don't have access to vBulletin i tested it on other script)
# Note the | is for illustration
location =|~ /index.php {
	rewrite ^ http://www.domain.com/|/ permanent;
}

And being curious, i tried some testing to remove that index.php thing from the URL and found a way to do it and it was simple. So if you’re currently looking for a way to remove or redirect your index file from the URL and you’re using Nginx perhaps this simple tips can help you with that

First thing first is open your nginx configuration files that hold your virtual hosts configuration and then add this line inside the server directive:

# This will redirect index.php index.htm to /
# Feel free to add other extension you need
if ( $request_uri ~ "/index.(php|html?)" ) {
	rewrite ^ /$1 permanent;
}

And an example just in case you want to see where it should be placed

server {

	[...] # other stuff such as server_name, access_log, etc

	# Here goes the code
	if ( $request_uri ~ "/index.(php|html?)" ) {
		rewrite ^ /$1 permanent;
	}

	location / {
		[...] # your root configuration
	}

	location ~ "\.php$" {
		[...] # your fastcgi configuration
	}

}

Then reload your nginx configuration. Now every request for index.php or index.html or index.htm file will be displayed as http://www.mydomain.com/. And if there’s a query string in your URL it’ll be displayed as http://www.mydomain.com/?q=abc instead of http://www.mydomain.com/index.php?q=abc

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 7 comments

0x87485B96 | Tags : How To

For example, in my case, because i’m not using a computer case (in other words, i just left my motherboard open) and i don’t have a standalone front panel and at the same time i want to connect my headphone to the rear grey jack / side speakers jack (by default headphone can be connected only to the front panel jack) while also connecting a 5.1 analog speakers setup to the rear jacks (green, black, and orange)

Anyway to make thing short, here’s the steps:

0. Download the latest driver available because there are differences between the pin numbers used if you’re using old drivers, uninstall the old driver, restart your system, install the new driver and then restart your system once again (at the time i write this, the latest version is R267, and so this post is based and tested using their R267 driver for the 64-bit systems)

1. Make sure that you’ve plugged everything that you need first into your Realtek Jacks (whether front panel jacks if you have it or rear jacks). For example, in my case, i already connected the headphone to the side speakers jack (grey colored jack)

2. Open regedit by typing regedit at the run command (press Windows Key + R and then type regedit) and then locate the following registry key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}\00XX\Settings\DrvYYYY_DevType_YYYY_SSYYYYYYYY

Where, XX should be the key for Realtek High Definition Audio (usually it is 0000 but if it’s not the correct key for Realtek HD Audio then you should look for the correct key. You can tell whether the registry key is for Realtek HD Audio or not by looking at the DriverDesc which is located at the right panel) and Y are random numbers

3. Create a new Binary registry key(s) using below Pin Numbers and Binary Values

The Old Pin Numbers (just in case it’s needed somehow)

"Pin00" = Front speakers (rear green)
"Pin01" = Rear speakers (rear black)
"Pin02" = Center / Sub-woofer (rear orange)
"Pin03" = Side speakers (rear gray)
"Pin04" = Mic-in (rear pink)
"Pin05" = Front Mic-In (front pink)
"Pin06" = Line-in (rear blue)
"Pin07" = Front Headphone (front green)

The New Pin Numbers

"Pin10" = Line-in (rear blue)
"Pin11" = Mic-in (rear pink)
"Pin14" = Front speakers (rear green)
"Pin15" = Rear speakers (rear black)
"Pin16" = Center / Sub-woofer (rear orange)
"Pin17" = Side speakers (rear gray)
"Pin19" = Front Mic-In (front pink)
"Pin1b" = Front Headphone (front green)

Binary Values

"00 00 00 00" = Line-in
"01 00 00 00" = Mic-in
"02 00 00 00" = Headphones
“03 00 00 00″ = Front speakers 2nd Output
"04 00 00 00" = Front speakers
"05 00 00 00" = Rear speakers
"06 00 00 00" = Center / sub-woofer
"07 00 00 00" = Side speakers

For example if you want to map the rear side speakers jack into a front headphone jack, all you have to do is just write Pin17 binary key with a binary value of 02 00 00 00 as you can see below

Note that i didn’t test any other Pin Numbers besides Pin17 (because what i want is remapping / retasking the side speakers jack into headphone jack and it work right away)

4. Restart your system when you’re done adjusting it and after logging into Windows, try testing your newly remapped jack(s).

As a bonus, the remapped / retasked jack(s) can also be seen directly on Realtek HD Audio Manager so you can tell if you’re doing it right. As you can see below, the default rear gray that is for Side speakers has been changed into Headphones

Credits goes to Ulti for finding the method and Tnitro21 and Eliah_ for finding the values (link)

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 94 comments

0x87485B96 | Tags : How To

As an example, in this post i’m going to give an example of creating RSS Feed from HorribleSubs website (horriblesubs.org) that i’ve been using (for myself only) so i can keep track on their Gintama release easily (i read that they’re planning on doing a total makeover of their site so i guess it’s okay to use them as an example)

Before anything else, please see the source of the pipe used in this example (you need to log in to Yahoo first) because you’ll need to be logged in to Yahoo to see or create a new pipe

Update 1: Here’s the updated version of the pipe which is used for their new domain (horriblesubs.info) and their new site design. The old pipe is left there in case you want to compare the old pipe with the updated pipe and also because the screenshot that is used here is based from the old pipe. As you can see, the process itself is still the same but with some adjustments

Update 2: As of June 2012 it is still working (last time i checked their website because ever since Gintama end, i don’t check it anymore), and i noticed that they now published their own RSS Feed so if you only use this simple example just to see their rss feed, i recommend to grab their official feed instead because i saw on their page that they’re planning on redesigning their website

Update 3: As of November 2012 the above pipe (the pipe in update 1) is still working (if you need to see a working example), and i made some changes in this post by including images

1. First thing you need to do is obviously examine the page source you’re going to fetch to see where you should start cutting and how the items separated

For example, in this case the content i’m going to pick is wrapped within a div ( <div id="tab3" class="boxcontent"> ) and the items is separated by <br/> tag and so i just need to write that into the fetch page module

and here is what it looks like on the Yahoo Pipes side

2. At this part, i’m filtering the content from unneded html tags and content that i deemed unnecessary by using the regex / regular expression module as you can see on the pipe source. But because there’s no single regex rule to rule them all (because it depend on your needs), you’ll need to experiment by yourself at the regex parts

3. And now, so i can process each item separately, i’m mapping the previously cleaned up content as title, description, and link which is going to be used for the RSS Feed title, description and link respectively by using the rename module

and here’s the output

4. Once again the regex module is used and this time i’m using it to clean-up the html tags in the title (to differentiate it from the description) and the link so it gives you the target url only (in this case it is the torrent link) so when you click on the title from your RSS Reader you’ll go to the target url directly (note: see the output difference between below output image and the above image)

and here’s the output

5. Finally connect it to the pipe output and to get it as RSS, you just need to copy the Get as RSS link from your pipe to display it as RSS Feed and done

Also because there’s a usage limits imposed by Yahoo Pipes as quoted below

200 runs (of a given Pipe) in 10 minutes
200 runs (of any Pipe) from an IP in 10 minutes
If you exceed the 200 runs in a 10 minute block, your Pipe will be 999’ed for a hour.

You should make sure to cache your output before using it (unless perhaps you’re the only person that use the pipe you’ve created though it’s still better to cache it)

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 3 comments

0x87485B96 | Tags : How To

Before we get started, i have to mention that there are two ways to run Clonezilla and GParted on Windows although they both use the same thing, the first one is by installing / adding Grub4DOS manually and the other one is by using EasyBCD a GUI to install NeoGRUB / packaged Grub4DOS. And in this post i’ll focus on the later and that is using NeoGRUB

Prerequisite

1. EasyBCD [download]
2. Clonezilla Live [download]: You are free to choose between the ISO version or ZIP version. For me, i choose the AMD64-ISO version
3. GParted Live [download]: Same goes here too, you are free to choose between ISO or ZIP
4. 7-Zip / Winrar / etc: This is used to extract the file inside the ISO or ZIP

Boot Clonezilla and GParted with NeoGRUB / Grub4DOS

1. Install EasyBCD or Grub4DOS (instruction here if you prefer to use Grub4DOS rather than NeoGRUB), run and at the add new entry section choose NeoGRUB and install it

2. Extract live directory inside Clonezilla and GParted somewhere one by one and rename it before extracting the other one. For me i choose to extract it and rename it into clonezilla-live and gparted-live (if you use different name than listed here, make sure to adjust the code below to your clonezilla and gparted directory name)

3. Now open C:\NST\menu.lst with your favorite text editor and then add this lines

# CLONEZILLA
title Clonezilla 1.2.10-14 AMD64
find --set-root /clonezilla-live/vmlinuz
kernel /clonezilla-live/vmlinuz boot=live config noswap nolocales edd=on nomodeset noprompt ocs_live_run="ocs-live-general" ocs_live_extra_param="" ocs_live_keymap="" ocs_live_batch="no" ocs_lang="" vga=788 live-media-path=/clonezilla-live toram=filesystem.squashfs ip=frommedia  nosplash
initrd /clonezilla-live/initrd.img

# GPARTED
title GParted 0.9.1.1
find --set-root /gparted-live/vmlinuz
kernel /gparted-live/vmlinuz boot=live config noswap noprompt live-media-path=/gparted-live toram=filesystem.squashfs ip=frommedia nosplash
initrd /gparted-live/initrd.img

4. Restart your computer and choose NeoGRUB and then choose either Clonezilla or GParted and your done :)

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | Add a comment

0x87485B96 | Tags : How To

Anyway, before we begin, make sure that you have downloaded Squid Windows Binary Package / Squid for Windows that can be downloaded from Acmeconsulting. And you have extracted it somewhere on your hard drive. In this post, i choose to extract it to “C:\Squid” due to hardcoded path and beside most people don’t like to read long post. So if you changed Squid location, make sure to adjust it accordingly. And don’t worry the actual installation process is fast. The other steps described here are optional unless you need it

And as a note, i wrote this post (tested) on Windows 7 x64 with UAC Enabled using Squid 2.7 Stable 8 and i’m pretty sure as it will work with earlier version of Windows as well. And No! you don’t need to turn off UAC because turning UAC off isn’t a good solution

And now let’s get started

Initial Setup

First thing you need to do is, open command prompt as Administrator (if you’re on Windows Vista or Windows 7 and have UAC enabled) and then type below command to copy the default configuration files and install squid as windows service:

cd /d c:\squid
copy etc\*.default etc\*.
sbin\squid.exe -i

For the sake of completion, if you choose to put Squid.conf (or the entire Squid files) not at Drive C, replace the last command with this one (where x is your drive letter):

sbin\squid.exe -i -f "x:/squid/etc/squid.conf"

What the above code do:

1. Change directory to your Squid directory
2. Create the default configuration file for Squid which is a copy from the default configuration file
3. Install Squid Cache as Windows Service so it’ll start Squid Service automatically

And now we’re going to edit the main configuration for Squid Proxy Cache, and that is squid.conf. But obviously not everything is going to be covered here (you should go to the squid official site for this purpose). So i’m just going to list all the recommended options you should be aware / change

Restricting access to your Squid Proxy Server

To limit on who are allowed to connect to your Proxy Server, you should change / add the allowed IP Address that is allowed to connect to your squid proxy at below section

acl localnet src 10.0.0.0/8	# RFC1918 possible internal network
acl localnet src 172.16.0.0/12	# RFC1918 possible internal network
acl localnet src 192.168.0.0/16	# RFC1918 possible internal network

By using the same format as the above code for example, acl localnet src 123.456.789.0

And then right before http_access allow localnet, add http_access allow localhost so it looks like:

http_access allow localhost
http_access allow localnet

And finally if you don’t want Squid to bind to all adapters (which is the default) you might want to change Squid Listen Address and Port to your LAN IP Address or if you’re just going to use Squid for yourself only then you should use below

# Default http_port 3128
# Bind to localhost at port 3128 only
http_port 127.0.0.1:3128

Limiting access to specific ports only

If you need to limit on which ports your Squid proxy clients are allowed to connect to, then you need to adjust this

acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http

For example if you want to limit your clients to HTTP and HTTPS only, then you can remove / comment all the other lines beside 80 and 443

Changing disk cache location and size

For better performance, it’s better to put the Squid cache directory into another partition (in other words, not your system partition) and even better on different hard drive. So find this line:

cache_dir ufs c:/squid/var/cache 100 16 256

And then change it to any directory you want, and also adjust the disk cache size to your liking, for example to put your squid cache directory at X:\squid-data\cache with a maximum capacity of 1500 MB

cache_dir ufs x:/squid-data/cache 1500 16 256

Also it’d better to put all squid logs into different partition too

Creating Squid cache data directory

Now back at the command prompt again, and this time type:

c:\squid\sbin\squid.exe -z

To create Squid Swap Directories which is used to store cached objects

Starting Squid Service

Now we need to start Squid service for the first time (the next time it’d start automatically), and there are two ways to achieve this, you are free to choose either the command prompt method or the GUI method

If you choose command prompt method then you need to type (run command prompt as administrator if you’re on vista or 7):

net start squid

If you choose the GUI way then, press Windows Key (on your keyboard) + R, and then type services.msc, search for and right click on Squid service and choose Start to start Squid Service

And that’s it you’re done Installing / Configuring Squid on Windows

But if you still want more, then please continue reading :)

Special Note: If you placed squid not at C:\Squid, make sure to change anything in squid.conf that point towards C:\ into where you put Squid

Minimal Squid Configuration Adjustment

While the default configuration included with Squid is optimal for many, but sometimes you want more from your Squid installation and so we’re going to tweak several options i think necessary but obviously this is designed for a really small network, for other purpose or larger network, please consult your nearest squid experts :)

Creating custom.conf file

Create a new text file and save it as custom.conf file inside your squid/etc directory so it’ll looks like c:/squid/etc/custom.conf so we don’t need to modify the original squid.conf directly just to override default values

And the next step would be, opening squid.conf and find this line

refresh_pattern .		0	20%	4320

and comment it (by placing #) at the beginning of the line. Then place below line at the bottom of squid.conf

include "c:/squid/etc/custom.conf"

And now paste this into the custom.conf file you just created:

#######
# ACL #
#######

# to allow purging cache from localhost only
acl PURGE method PURGE
http_access allow PURGE localhost
http_access deny PURGE

# always direct all ftp request
acl FTP proto FTP
always_direct allow FTP

########
# TUNE #
########

# enable pipeline
pipeline_prefetch on

# shutdown timeout
shutdown_lifetime 5 seconds

# no half closed
half_closed_clients off

##############
# CACHE SIZE #
##############

# maximum object size
maximum_object_size 64 MB
cache_mem 96 MB
maximum_object_size_in_memory 256 KB

###################
# REFRESH_PATTERN #
###################

# ============= #
# GENERAL USAGE #
# ============= #

# Note: This is some of the refresh_pattern i'm using, and of course feel free to adjust it to your liking
# For static files i choose to ignore-reload only as for wikipedia it's an example for site specific

# static files for websites
refresh_pattern -i \.(j|cs)s$ 10080 100% 10081

# static images
refresh_pattern -i \.(jpe?g|gif|png|bmp|ico|svg)$ 10080 100% 10081 ignore-reload

# static a/v
refresh_pattern -i \.(wm(a|v)|mp[0-9]?a?|mpe?g|avi|mk(a|v)|og(g|m)|flv|swf|rmvb|m2?ts)$ 4320 100% 4321 ignore-reload

# static archive type
refresh_pattern -i \.(exe|zip|r(ar|[0-9]+)|7z|ace|gz|tar|bz2)$ 4320 100% 4321 ignore-reload

# static document type
refresh_pattern -i \.((doc|xls|ppt)x?|pdf|txt)$ 4320 100% 4321 ignore-reload

# wikipedia
refresh_pattern -i wikipedia\.org\/wiki\/.* 4320 50% 4321 override-expire ignore-private

# =============== #
# DEFAULT PATTERN #
# =============== #

# default pattern
refresh_pattern . 0	20%	4320

########
# MISC #
########

# use specific dns server in this case google and opendns
dns_nameservers 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220

# disable htcp icp because we aren't going to use it
htcp_port 0
icp_port 0

# block displaying specific headers
header_access Via deny all
header_access X-Forwarded-For deny all

# hide version number
httpd_suppress_version_string on

# change hostname
visible_hostname Reaper-X-Cache

###########
# THE END #
###########

I believe the Squid config file already tells you on what the above directives do, but just in case:

ACL Section

There are two items here, the first one is an access rule to allow you to purge squid cache manually from the command line while the other one is for directing all ftp requests directly

And to purge your Squid Cache Object manually, you can type this at the command prompt:

c:\squid\bin\squidclient.exe -m PURGE full-url

Where full-url replaced by the full address of the object you’re trying to purge. Here’s an example of what it’ll looks like when you purge a cached object successfully (assume it’s already cached first)

C:\squid\bin\squidclient.exe -m PURGE http://farm1.static.flickr.com/55/136797856_bb683d8f22.jpg
HTTP/1.0 200 OK
Server: squid
Date: Sun, 16 Oct 2011 06:01:48 GMT
Content-Length: 0
Expires: Sun, 16 Oct 2011 06:01:48 GMT
X-Cache: MISS from Reaper-X-Cache
X-Cache-Lookup: NONE from Reaper-X-Cache:3128
Connection: close

Note: if you want to look at what url has been cached by Squid (as long as you didn’t restart the squid process), you can type this:

c:\squid\bin\squidclient.exe mgr:objects | find /i "site url"

Cache Size Section

If you want Squid to cache larger objects then you should increase maximum_object_size from the default of 4 MB into bigger value. And if you frequently access that objects, it’d be better to increase the Memory Cache Options such as cache_mem and maximum_object_size_in_memory to serve that object directly from Memory. And depending on your hardware configuration, i’d suggest you to adjust it to your hardware setup to find the best configuration for you :)

Refresh Pattern Section

The refresh_pattern is used so you can fine tune caching specific file type or page. In this guide i have included caching for common static content such as images, static content that is used for website, audio videos, documents, and archives. With most of them using ignore-reload so even if your client do a hard refresh it’ll still serve the static files from the squid cache. As for the wikipedia part, i believe you can guess what that’s used for :)

Misc. Section

There are 5 items here:

dns_nameservers: This basically tells squid on what DNS server to use. So make sure to change this to your DNS Server (you can use Google public DNS, OpenDNS, Comodo Secure DNS, etc)

Disabling htcp and icp port: Since we’re not going to use this, we’re better off disabling it but if you think you’re going to use it then feel free to change it :)

headers_access: By default Squid will display various HTTP Headers that is indicating that you’re behind a proxy. Some people (including me) don’t like this especially if you’re just in a small network

visible_hostname and httpd_suppress_version_string: While we’re at it, we might as well make a good name for our Squid cache and hide the squid version used :)

Reload Squid configuration file

Now since we’re done configuring Squid, we need to tell Squid to reload it’s configuration file, and to do that you need to open Command Prompt (admin mode as usual if in 7 / Vista) and then type:

c:\squid\sbin\squid.exe -k reconfigure -n Squid

And done … the next step would be configuring your browser to use your Proxy by pointing it to your [proxy server address]:[port]

But what if you want your Windows Squid server to be able to filter ads, and probably more? then please continue reading :)

Filtering Ads on Squid

There are three ways to use Ads Filtering for Squid on Windows (at least there are only three that i’m aware of, so if you know more, i’d be grateful if you could mention them here. Because i’m not sure on whether SquidGuard or DansGuardian can be used on Windows)

1. The first one is using the a pre-made list of various ad servers created by http://pgl.yoyo.org/as/ and the instructions on how to use it with Squid can be found there and it’s straight forward

2. While the second method is by using a redirector program called adzapper that involves installing perl (well there’s a portable version too if you prefer portable perl). But you could use them both if you want. And to use it you just need to:

1. Go to adzapper website and download the script, rename it to squid_redirect.pl and place it into C:\squid\etc
2. Download Perl if you haven’t already. And if you’re looking for a portable version of Perl that doesn’t need to be installed, you can use Strawberry Perl. Just make sure to go to their releases archive page
3. Put this line at the custom.conf our custom config file for squid

# Make sure to change the directory to where perl.exe located
redirect_program "x:/strawberry-perl-directory/perl/bin/perl.exe" "c:/squid/etc/squid_redirector.pl"

3. And finally the third method is involving chaining Squid Proxy with Privoxy that is described below because it deserves a new section :P

Chaining Squid to other Proxy Server / Proxy Chain

This part deals with chaining Squid that is designed to handle caching to other proxy server designed for specific purpose. And in this case we’re going to chain squid with privoxy that is going to be used for various filtering purpose. But i’m not going into a much detail about Privoxy (like how to add new rules into Privoxy for example) because it’s already listed on their Documentation :)

Using Squid with Privoxy

First thing first. Put below lines in custom.conf right after the ACL section:

# don't cache privoxy config
acl privoxy-config dstdomain config.privoxy.org
cache deny privoxy-config

# forward request to privoxy
cache_peer 127.0.0.1 parent 8118 7 no-query no-digest

# force all requests to go to the proxy chain
never_direct allow all

And then if you haven’t downloaded Privoxy yet, download and extract it somewhere and then run privoxy.exe and finally reload squid configuration again and then open your browser and point your browser to http://config.privoxy.org

If you do everything correctly, you’ll see this message This is Privoxy X.Y.Z on hostname.com (127.0.0.1), port 8118, enabled

Pssst … To make editing Privoxy configuration much easier, you can use the included web-based editor (although for some items you need to edit the files directly). And to enable it, find and change enable-edit-actions to 1 in config.txt. But please read the reason on why it is disabled by default

And now we’re done with chaining Squid to Privoxy. But what if you want more? like for example chaining Squid to Privoxy and then to other proxy server or perhaps Tor or JAP? all you have to do is just put this line:

If you’re planning on chaining to Tor

# connecting to Tor
forward-socks5 / 127.0.0.1:9050 .

or if you want to connect to your local JAP setup

# for JAP
forward / 127.0.0.1:4001 .

Into Privoxy config.txt. To forward all requests to Tor (assuming that you have configured Tor correctly and it is running

And that is all … i hope this post isn’t to long, but if you did read it until the end, the reason i choose to rewrite the Squid Windows Guide is because the old one looks like a total mess for me (not that the new one is not messy but i think it’s a little bit better). Anyway I hope you find this guide useful and it helps you on installing Squid on Windows :)

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 37 comments

0x87485B96 | Tags : How To