低品質回線のためのプロキシ鯖用の設定とか

squid

#!/bin/sh
# chkconfig: 345 98 20
# description: squid server
# processname: squid

# description for chkconfig: 345 98 20
#  345: run levels
#  98: priority to start
#  20: priority to stop

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/local/sbin/squid
DAEMON_OPTS=""
NAME=squid
DESC="squid server"
PIDFILE=/var/run/$NAME.pid
USER=squid
GROUP=squid

test -x $DAEMON || exit 0

if [ -f /etc/default/$NAME ]; then
    . /etc/default/$NAME
fi

running_pid() {
    # Check if a given process pid's cmdline matches a given name
    pid=$1
    name=$2
    [ -z "$pid" ] && return 1 
    [ ! -d /proc/$pid ] &&  return 1
    cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1 |cut -d : -f 1`
    # Is this the expected child?
    ##[ "$cmd" != "$name" ] &&  return 1
    [ "$cmd" != "$name" ] &&  return 1
    return 0
}

running() {
    # No pidfile, probably no daemon present
    [ ! -f "$PIDFILE" ] && return 1
    # Obtain the pid and check it against the binary name
    pid=`cat $PIDFILE`
    if ! running_pid $pid $DAEMON; then
        rm $PIDFILE
        return 1
    fi
    return 0
}

start_proc() {
  off_echo=$1
  [ $off_echo ] || echo -n "Starting $DESC: "
  if running; then
      echo "$NAME is already running."
      exit 0
  fi
  start-stop-daemon --start --pidfile $PIDFILE --exec $DAEMON --user $USER -- $DAEMON_OPTS
  if running; then
      [ $off_echo ] || echo "$NAME."
  else
      echo " ERROR."
  fi
}

stop_proc() {
  off_echo=$1
  [ $off_echo ] || echo -n "Stopping $DESC: "
  start-stop-daemon --stop --quiet --pidfile $PIDFILE --exec $DAEMON
  [ -f $PIDFILE ] && rm $PIDFILE
  [ $off_echo ] || echo "$NAME."
}

restart_proc() {
  stop_proc
  start_proc
}

case "$1" in
  start)
    start_proc
    ;;
  stop)
    stop_proc
    ;;
  restart)
    restart_proc
    ;;
  status)
    echo -n "$NAME is "
    if running ;  then
	echo "running."
    else
	echo "not running."
	exit 1
    fi
    ;;
  *)
    echo $"Usage: $0 {start|stop|reload}"
    exit 1
esac

exit 0

squid.conf

#
# Recommended minimum configuration:
#

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

# Leave coredumps in the first cache dir
coredump_dir /usr/local/squid/var/cache/squid

# Squid normally listens to port 3128
http_port 3128

# メモリへのキャッシュ
# http://www.squid-cache.org/Doc/config/cache_mem/
cache_mem 512 MB

# ディスクキャッシュの設定
# http://www.squid-cache.org/Doc/config/cache_dir/
# cache_dir ufs locate size(MB) directory_count sub-directory_count
cache_dir ufs /usr/local/squid/var/cache/squid 100 16 256

# 相手にこちらのホスト情報等を送らないようにする
# http://futuremix.org/2005/07/squid-forwarded_for
# http://www.squid-cache.org/Doc/config/via/
# http://www.squid-cache.org/Doc/config/forwarded_for/
via off
forwarded_for off

# ziproxyへ渡す設定
# http://www.squid-cache.org/Doc/config/cache_peer/
# http://www.geocities.jp/gronlijus/skill/other/squid/squid-forward.html
cache_peer localhost parent 8080 7 no-query
# 全てのリクエストを上位プロキシへ
never_direct allow all

# キャッシュパターン
# http://sourceforge.jp/magazine/08/11a/26/019236/2
# http://d.hatena.ne.jp/takami_hiroki/20101006/p1
# http://www.squid-cache.org/Doc/config/refresh_pattern/
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern -i \.(gif|png|jpg|jpeg|ico|bmp|webp)$ 10080 80% 43200 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.index.(html|htm)$ 1440 90% 10080 override-expire
refresh_pattern -i \.(html|htm|css|js)$ 1440 90% 10080 override-expire
refresh_pattern .               0       20%     4320

ziproxy.conf

# Example ziproxy.conf

############################
# daemon mode-only options #
############################

## Port to listen for proxy connections
## default: 8080
# Port = 8080

## Local address to listen for proxy connections
## If you have more than one network interface,
## it's useful for restricting to which interface you want to bind to.
## By default Ziproxy binds to all interfaces.
# Address = "127.0.0.1"

## Accepts conections only from that address.
## WARNING: Remember to restrict the access to Ziproxy
## if your machine is directly connected to the Internet.
# OnlyFrom = "127.0.0.1"

## Limits the number of simultaneous active user connections.
## This does not affect the connection queue (see: SOMAXCONN).
##
## This also (indirectly) limits the number of processes Ziproxy will run
## at once. Formula for the worst-case scenario:
## MaxZiproxyProcesses = 1 + MaxActiveUserConnections
## OR if PreemptNameRes is enabled (worst-case scenario):
## MaxZiproxyProcesses = 1 + MaxActiveUserConnections * (1 + PreemptNameResMax)
##
## Valid values: 0 (no limit), >0 (max ative connections).
##
## default: 0 (no limit -- relies on OS limit instead)
# MaxActiveUserConnections = 20

## Defines the file where to dump the daemon PID number.
## If unspecified, will dump the PID to stdout (legacy behavior) and
## you will be unable to stop the daemon invoking 'ziproxy -k'.
## If you run two or more instances of Ziproxy simultaneously,
## you will need to set this to different names (for obvious reasons).
##
## default: unspecified (dumps PID to stdout)
# PIDFile = "/var/run/ziproxy.pid"

## Run daemon as `RunAsUser` user.
## Switch from current user (in this case, typically `root`)
## to a less privileged one, as a security measure.
##
## default: unspecified (does not change user)
RunAsUser = "ziproxy"

## Run daemon as `RunAsGroup` group.
## Switch from current group (in this case, typically `root`)
## to a less privileged one, as a security measure.
##
## default: unspecified (does not change group)
# RunAsGroup = "ziproxy"



##################################
# TOS marking (daemon mode-only) #
##################################

## TOS marking
## Enable this if you want to specify the (IP-level) TOS certain types
## of traffic from ziproxy -> user.
##
## This feature is useful if one wants to do application-level QoS.
## Setting TOS does not provide QoS alone. You must be either using
## a network with routers priorizing traffic according to their TOS,
## or set your own QoS/traffic-shaper system  and treat the packets
## with certain TOS accordingly.
##
## Ziproxy is RFC-agnostic regarding TOS bit meanings,
## though there may be limitations imposed by the host OS.
## See: RFC 791, RFC 1122, RFC 1349, RFC 2474 and RFC 3168.
##
## If disabled, all other TOS options won't have effect.
## Disabled by default.
# TOSMarking = false

## TOS to set by default
## This is a decimal value between 0-255.
##
## If unset, will use the OS default (which usually is 0).
## If you want to make sure it is set to 0, then set
## this option accordingly.
##
## Your OS may put restrictions on which bits you may set
## (so certain bits will remain unchanged regardless).
## Your OS may also restrict which bits and/or value ranges
## you may set if you're not running as root.
## Other (non-unixish) OSes may be unable to set TOS at all.
##
## Default: unset.
# TOSFlagsDefault = 0

## TOS to set when the traffic is considered "differentiated",
## according to TOSMarkAsDiffURL, TOSMarkAsDiffCT or TOSMarkAsDiffSizeBT.
## This is a decimal value between 0-255.
##
## If unset, there will be no differentiated traffic at all.
##
## Your OS may put restrictions on which bits you may set
## (so certain bits will remain unchanged regardless).
## Your OS may also restrict which bits and/or value ranges
## you may set if you're not running as root.
## Other (non-unixish) OSes may be unable to set TOS at all.
##
## Default: unset.
# TOSFlagsDiff = 16

## This is the file containing a list of URLs which should
## have their traffic "differentiated"
## (that is, to have their TOS changed to TOSFlagsDiff).
##
## Inside the file, the URLs may also contain pattern-matching asterisks.
## Comments may be present if prefixed by '#' (shell-alike).
## In order to match a whole site: "http://www.examplehost.xyz/*"
##
## Default: none
# TOSMarkAsDiffURL = "/etc/ziproxy/change_tos.list"

## This is the content-type list of data that should
## have their traffic "differentiated"
## (that is, to have their TOS changed to TOSFlagsDiff).
## This is the content-type as received by the remote HTTP server,
## if it is changed by Ziproxy later, it will not be taken into account.
##
## "" (empty string) will match empty content-types AND data which have
## no content-type specified.
##
## If no subtype is specified, all subtypes will match:
## "aaaa" will match "aaaa", "aaaa/bbbb", "aaaa/cccc" etc
##
## See also: TOSMarkAsDiffCTAlsoXST
## Default: none
# TOSMarkAsDiffCT = {"video/flv", "video/x-msvideo", "audio/*",
#                    "application/x-shockwave-flash", "application/x-rpm",
#                    "application/x-msi", "application/x-tar"}

## When using TOSMarkAsDiffCT, this defines whether to also automatically add
## content-type entries with 'x-' prefix appended to subtypes
## (aaaa/bbbb also adding aaaa/x-bbbb).
## Usually it's convenient to do this way, that avoids worrying about
## having to create duplicated entries, or whether which variant is valid.
##
## You may want to disable this is you wish to have a precise control
## of what types of content-type you wish to include.
##
## See also: TOSMarkAsDiffCT
## Default: true
# TOSMarkAsDiffCTAlsoXST = true

## This is the stream size threshold (in bytes) which, if reached,
## will make such traffic "differentiated"
## (that is, to have their TOS changed to TOSFlagsDiff).
## The stream size is the ziproxy -> user one (which may be
## bigger or smaller than the original one, sent by the HTTP server).
##
## There are two possible behaviors with this parameter:
## - The total stream size is known beforehand, so the data
##   will be marked as differentiated from the beginning.
## - The total stream size is unknown, so the data will
##   be marked as differentiated once it reaches that
##   size.
##
## Current limitations (this may change in the future):
## - The maximum value to be specified here is signed int
##   usually 32bit -> (2^31 - 1).
## - HTTP range requests are not taken into account so, if their effective
##   streams do not reach this threshold, such data will not be
##   marked as "differentiated", even if the HTTP range goes beyond that.
## - Usually the HTTP headers will not be taken into account (only the body
##   size itself), except in cases such as CONNECT method
##   and URLNoProcessing (cases when the data from server is treated like
##   a "black box").
##
## Default: none
# TOSMarkAsDiffSizeBT = 4000000



###################
# general options #
###################

## Debugging log.
## Dumps detailed processing information for each request.
## Since concurrent HTTP requests are asynchronous, the lines end up mixed
## in this log. Use the PID number to differentiate a request from another.
## Unless you really want this data, it's better leaving this disabled as
## it generates lots of data for each HTTP request.
##
## Disabled by default.
# DebugLog = "/var/log/ziproxy/debug.log"

## Error-like messages logging.
## This relates to error messages, warnings and such messages, including
## configuration errors and other.
## If undefined, defaults to stderr. In this case the (normally rare) errors
## occuring after the program successfully started will not be displayed,
## that to avoid the possibility of flooding the screen with error messages.
## If defined, all error-like messages will be dumped into the specified
## file. The exception are the errors occurring at the very early stages
## of Ziproxy initialization.
## WARNING: If you define a error log file and ziproxy initialization fails,
##          ziproxy will fail and no error will be displayed on the console.
##
## Default: undefined (dumps to stderr).
ErrorLog = "/var/log/ziproxy/error.log"

## File to be used as access log.
## If undefined, there will be no access logging at all.
## Log format:
##      TIME (unix time as seconds.msecs)
##      PROCESS_TIME (ms)
##      [USER@]ADDRESS (address with daemon mode only)
##      FLAGS
##      ORIGINAL_SIZE
##      SIZE_AFTER_(RE)COMPRESSION
##      METHOD
##      URL
## where FLAGS may be:
##      P (a request as proxy)
##      T (a request as transparent proxy)
##      S (CONNECT method, usually HTTPS data)
##      Z (transfer timeoutted - see ConnTimeout)
##      B (interrupted transfer - either by user or by remote http host)
##      W (content type was supposed to load into memory, but it had no content-size and, in the end, it was bigger than MaxSize. so it was streamed instead)
##      N (URL not processed. See: URLNoProcessing config option)
##      R (data was replaced)
##      Q (TOS was changed). See: URLReplaceData config option)
##      K (image too expansive. See: MaxUncompressedImageRatio config option)
##      G (stream gunzip too expansive. See: MinUncompressedGzipStreamEval, MaxUncompressedGzipRatio)
##      1 (SIGSEGV received)
##      2 (SIGFPE received)
##      3 (SIGILL received)
##      4 (SIGBUS received)
##      5 (SIGSYS received)
##      X (SIGTERM received - also happens when interrupting the daemon while transferring)
## Disabled by default.
AccessLog = "/var/log/ziproxy/access.log"

## When enabled, Ziproxy will intercept signals indicative of
## software crash, flag the offending request in access log
## accordingly, then stop the offending process.
## This is useful for debugging purposes and it's not recommended
## to leave it enabled in normal use due to the risk of garbage
## being written to access log (due to a more severe crash).
## Once enabled, the intercepted signals are:
## SIGSEGV (segmentation fault)
## SIGFPE (FPU exception)
## SIGILL (illegal instruction)
## SIGBUS (bus error, alignment issues)
## SIGSYS (bad system call)
## Disabled by default (those signals not intercepted by Ziproxy)
# InterceptCrashes = false

## Authentication mode to be used for proxy access:
## 0: none (no authentication required)
## 1: plain text file
## 2: SASL (auxprop, see /etc/ziproxy/sasl/ziproxy.conf)
##
## Notes:
## a) SASL support is optional (enabled during compilation time).
## b) SASL authentication does not require external SASL daemon
##    configuration/invocation, just Ziproxy's SASL configuration.
##
## Default: 0 (no authentication required)
## See also: AuthPasswdFile, AuthSASLConfPath
# AuthMode = 0

## Plain text file containing authentication data.
## Should contain user:pass pairs, lines no longer than 128 chars.
## Password is unencrypted.
## Used only when AuthMode=1
##
## Default: (undefined)
## See also: AuthMode
# AuthPasswdFile = "/etc/ziproxy/http.passwd"

## Path to Ziproxy's SASL configuration file, where
## a file named "ziproxy.conf" (not related to this one)
## must be present and properly configured.
## Used only when AuthMode=2
##
## Default: (default SASL setting, OS-dependent, may be /etc/sasl2/)
## See also: AuthMode
# AuthSASLConfPath = "/etc/ziproxy/sasl/"

## Use these DNS name servers to resolve hostnames
## instead of the ones configured in /etc/resolv.conf
# Nameservers = { "1.2.3.4", "11.22.33.44" }

## Bind outgoing connections (to remote HTTP server) to the following (local) IPs
## It applies to the _outgoing_ connections, it has _no_ relation to the listener socket.
## When 2 or more IPs are specified, Ziproxy will rotate to each of those at each
## outgoing connection. All IPs have the same priority.
## You may use this option for either of the following reasons:
## 1. - To use only a specific IP when connecting to remote HTTP servers.
## 2. - Use 2 or more IPs for load balancing (a rather primitive one, since it's
##      connection-based and does not take into account the bytes transferred).
## 3. - You have a huge intranet and certain sites (google.com, for example)
##      are blocking your requests because there are so many coming from the same IP.
##      So you may use 2 or more IPs here and make it appear that your requests
##      come from several different machines.
## This option does _not_ spoof packets, it merely uses the host's local IPs.
## Note: While in (x)inetd mode, output may be bind-ed only to one IP.
## Disabled by default (binds to the default IP, the OS decides which one).
## See also: BindOutgoingExList
# BindOutgoing = { "234.22.33.44", "4.3.2.1", "44.200.34.11" }

## Specifies a file containing a list of hosts which should not suffer
## IP rotation as specified by the option "BindOutgoing".
## The reason for this option is that certain services do not like
## the client IP changing in the same session.
## Certain webmail services fail or return authentication failure in this case.
## Example: www.bol.com.br
## This option has no effect if BindOutgoing is not used.
## Default: empty, no hosts are exempted.
## See also: BindOutgoingExAddr
# BindOutgoingExList="/etc/ziproxy/bo_exception.list"

## Defines a specific IP to be bound to for hosts specified in BindOutgoingExList.
## As with BindOutgoing, this IP must be a local IP from the server running Ziproxy.
## This IP may be one of those specified in BindOutgoing, but that's _not_
## a requirement and may be a different IP.
## This option has no effect if BindOutgoingExList is not being used.
## Default: empty, uses the first IP specified in BindOutgoing.
# BindOutgoingExAddr="98.7.65.43"

## Whether to process normal proxy requests or not
## Only makes sense when TransparentProxy is enabled.
## If transparent proxy is enabled, it's usually a good idea to disable
## conventional proxying since, depending on the layout of your network,
## it can be abused by ill-meant users to circumvent restrictions
## presented by another proxy placed between Ziproxy and the users.
## Enabled by default.
# ConventionalProxy = true

## Whether to allow the CONNECT method.
## This method is used by HTTPS, but may be used for other
## types of service (like instant messenging) which allow tunneling through http proxy.
## If you plan on serving only HTTP requests (no HTTPS nor anything else)
## you may want to disable this, in order to prevent potential
## abuse of the service.
## Enabled by default.
## See also: RestrictOutPortCONNECT
# AllowMethodCONNECT = true

## If defined, restricts the outgoing connections (except CONNECT methods - used by HTTPS)
## to the listed destination ports.
## If TransparentProxy is used, for security reasons it's recommended to restrict
## to the ports (typically port 80) which are being intercepted.
## Default: all ports are allowed.
## See also: RestrictOutPortCONNECT
# RestrictOutPortHTTP = {80, 8080}

## If defined, restricts the outgoing connections using the CONNECT method (used by HTTPS)
## to the listed destination ports.
## If AllowMethodCONNECT=false, then no ports are allowed at all regardless this list.
## Default: all ports are allowed.
## See also: AllowMethodCONNECT, RestrictOutPortHTTP
# RestrictOutPortCONNECT = {443}

## Whether to override the Accept-Encoding more to Ziproxy's liking.
## If disabled, Ziproxy will just forward Accept-Encoding received from the client
## (thus the data may or not come gzipped, depending on what the HTTP client says).
##
## Currently, this option is used to always advertise Gzip capability to
## the remote HTTP server.
## Enabling this does not neccessarily mean that the data will come compressed
## from the server. This option just advertises the capability at Ziproxy's side,
## the remote server must support that capability aswell.
##
## This has _no_ relation to the Gzip support between Ziproxy and the client, thus
## you may leave this enabled even if you have clients that do not support Gzip.
## Ziproxy will compress/decompress the data according to the client.
##
## Enabled by default.
# OverrideAcceptEncoding = true

## Enable/disable the internal gzip decompression by Ziproxy.
## This decompression is needed when the remote server sends data already gzipped,
## but further processing is desired (like HTMLopt, PreemptDNS etc).
## Disabling this will save some processing load, and reduce some latency since
## Ziproxy will directly stream that data to the client.
## - But processing features (htmlopt, preemptdns...) WILL NOT work with such data.
##
## Attention:
## If you disable this, but configure Ziproxy to advertise as a gzip-supporting
## client to the remote server: While using a non-gzip-supporting client, the client
## may receive gzip-encoded data and it won't know how to deal with that
## (== it will receive useless garbage).
##
## Enabled by default.
# DecompressIncomingGzipData = true

## Replaces the User-Agent data sent by the client with a custom string,
## OR defines User-Agent with that string if that entry was not defined.
## If disabled, Ziproxy will just forward the User-Agent sent by the client.
## Normally you will want to leave this option DISABLED (commented).
##
## It's useful if you, for some reason, want to identify all the clients as
## some specific browser/version/OS.
## Certain websites may appear broken if the client uses a different browser than
## the one specified here.
## Certain webservers may break completely when an unrecognized User-Agent is provided
## (for example: www.rzeczpospolita.pl).
##
## Undefined by default (leave User-Agent as defined by the client).
# RedefineUserAgent = "Mozilla/5.0 (compatible; UltraBrowser/8.1; CP/M; console40x24; z80)"

## When Ziproxy receives Gzip data it will try to decompress in order to do
## further processing (HTMLopt, PreemptDNS etc).
## This makes Ziproxy vulnerable to 'gzip-bombs' (eg. like 10 GB of zeroes, compressed)
## which could be used to slow down or even crash the server.
## In order to avoid/minimise such problems, you can limit the max
## decompression proportion, related to the original file.
## If a Gzipped file exceedes that proportion while decompressing, its
## decompression is aborted.
## The user will receive an error page instead or (if already transferring)
## transfer will simply be aborted.
##
## You may disable this feature defining its value to '0'.
## default: 2000 (that's 2000% == 20 times the compressed size)
# MaxUncompressedGzipRatio = 2000

## When limiting decompression rate with MaxUncompressedGzipRatio
## _and_ gunzipping while streaming it's not possible to know the
## file size until the transfer is finished. So Ziproxy verifies this while
## decompressing.
## The problem by doing this is the possible false positives:
## certain files compress a lot at their beginning, but then not-so
## shortly after.
## In order to prevent/minimize such problems, we define the minimum
## output (the decompressed data) generated before starting to
## check the decompression rate.
## If defined as '0', it will check the rate immediately.
## A too large value will increase the rate-limit precision, at the cost of less
## protection.
## Streams with output less that this value won't have decompression
## rate checking at all.
## This feature is only active if MaxUncompressedGzipRatio is defined.
## This does not affect data wholly loaded to memory (for further processing).
## default: 10000000 (bytes)
## Note: The previous default (until version 2.7.9_BETA) was 250000
## See also: MaxUncompressedGzipRatio
# MinUncompressedGzipStreamEval = 10000000

## This is the maximum compression rate allowable for an incoming
## (before recompression) image file.
## If an image has a higher compression rate than this, it will not
## be unpacked and it will be forwarded to the client as is.
## This feature protects against (or mitigates) the problem with
## "image bombs" (gif bombs, etc) done with huge bitmaps with the same
## pixel color (thus very small once compressed).
## Since Ziproxy may try to recompress the image, if several of this
## kind are requested, the server may run out of memory, so this
## may be used as a DoS attack against Ziproxy.
## This feature will not protect the client, since it will receive
## the unmodified picture.
## There are rare legitimate cases matching such high compression rate,
## including poor website design. But in such cases is not really worth
## recompressing anyway (the processing costs are not worth the savings).
## Usually "image bomb" pictures have a >1000:1 compression ratio.
## Setting this to less than 100 risks not processing legitimate pictures.
## Setting 0 disables this feature.
## Default: 500 (500:1 ratio)
# MaxUncompressedImageRatio = 500

## If specified, ziproxy will send and check Via: header
## with given string as host identification.
## It is sometimes useful to avoid request loops. Default: not specified
# ViaServer = "something"

## If processing of request exceeds specified time in seconds,
## or connection is idle beyond that time (stalled) it will abort.
## This avoids processes staying forever (or for a very long time)
## in case of a stalled connection or software bug.
## This will NOT necessarily abort the streaming of very big files,
## it will ONLY if the connection stalls or there's a software bug.
## If "0", no timeout.
## Default: 90 (seconds)
# ConnTimeout = 90

## Max file size to try to (re)compress, in bytes;
## If "0", means that this limitation won't apply.
## This regards to the file size as received from the remote HTTP server
## (which may arrive gzipped or not -- it doesn't matter).
## If a file is bigger than this limit, Ziproxy will simply stream it unmodified,
## unless the user also requested gzip compression (see below).
## Attention: If setting a very big size, the request answer latency will
##   increase since Ziproxy needs to fetch the whole file before
##   attempting to (re)compress it.
##   A too low value will prevent data bigger that that to de processed
##   (jpg/png/gif recompression, htmlopt, preemptdns..).
## Note that if:
##   - Only gzipping is to be applied *OR*
##   - Gzipping and other is to be applied, but data is > MaxSize
##   Gzip compression (and only that) will be applied while streaming.
## Default: 1048576 (bytes)
##   (default used to be "0" in ziproxy 2.3.0 and earlier)
# MaxSize = 1048576

## Whether to try to apply lossless compression with gzip.
## This option concerns traffic between Ziproxy and the client only.
## This optimization is not limited by MaxSize.
##
## Gzip compression applies only to content-types specified with
## the parameter LosslessCompressCT.
##
## See also: LosslessCompressCT
## Default: true
# Gzip = true

## This parameter specifies what kind of content-type is to be
## considered lossless compressible (that is, data worth applying gzip).
##
## Images, movies etc, normally are NOT compressible such way and those
## content-types should not be added (such data would turn slightly bigger
## and CPU would be wasted).
##
## See also: LosslessCompressCTAlsoXST, Gzip
## Default: an internal list of the most common compressible content-types.
# LosslessCompressCT = {
#       "text/*", 
#       "application/asp", 
#       "application/awk", 
#       "application/cgi", 
#       "application/class", 
#       "application/css", 
#       "application/dvi", 
#       "application/executable", 
#       "application/font", 
#       "application/futuresplash", 
#       "application/iso9660-image", 
#       "application/java", 
#       "application/javascript", 
#       "application/json", 
#       "application/msexcel", 
#       "application/mspowerpoint", 
#       "application/msword", 
#       "application/pdf", 
#       "application/perl", 
#       "application/php", 
#       "application/postscript", 
#       "application/python", 
#       "application/rtf", 
#       "application/shellscript", 
#       "application/shockwave", 
#       "application/staroffice", 
#       "application/tar", 
#       "application/truetype-font", 
#       "application/vnd.*", 
#       "application/*+xml", 
#       "application/xml", 
#       "application/xml-dtd", 
#       "image/svg+xml"
# }

## When using LosslessCompressCT, this defines whether to also automatically add
## content-type entries with 'x-' prefix appended to subtypes
## (aaaa/bbbb also adding aaaa/x-bbbb).
## Usually it's convenient to do this way, that avoids worrying about
## having to create duplicated entries, or whether which variant is valid.
##
## Note: If LosslessCompressCT is undefined (thus the internal defaults
## are being used) this option has no effect.
##
## You may want to disable this is you wish to have a precise control
## of what types of content-type you wish to include.
##
## See also: LosslessCompressCT
## Default: true
# LosslessCompressCTAlsoXST = true

## Whether to try to (re)compress incoming data originally in
## the following formats (true) or not (false)
## default: true
# ProcessJPG = true
# ProcessPNG = true
# ProcessGIF = true

## Whether to try to optimize HTML, CSS and Javascript, thus reducing their size
## ProcessHTML: text/html
## ProcessCSS:  text/css
## ProcessJS:   application/[x-]javascript)
## Although such data may be Gzipped too, optimizing prior to Gzipping normally
## reduces the data size even further.
## The final size depends much on how unoptimal is the coding of such data;
## some sites already present HTML pre-optimized so, in such cases, there won't
## be much gain.
## Note: Due to the higher complexity of such optimization, there's some risk of a page
## being corrupted.
## ****** THESE OPTIONS ARE EXPERIMENTAL ******
##
# ProcessHTML = false
# ProcessCSS = false
# ProcessJS = false

## Options for fine-tuning text/html optimization.
## Only used when ProcessHTML=true
## Certain optimizations may be disabled as quick 'fix' when a text data
## gets currupted after being optimized.
## Note: CSS and JS switches apply _only_ to such data when embedded into HTML data,
##       for JS, CSS-only data, see ProcessJS and ProcessCSS options.
##
# ProcessHTML_CSS = true
# ProcessHTML_JS = true
# ProcessHTML_tags = true
# ProcessHTML_text = true
# ProcessHTML_PRE = true
# ProcessHTML_NoComments = true
# ProcessHTML_TEXTAREA = true

## If enabled, will discard PNG/GIF/JP2K transparency and de-animate
## GIF images if necessary for recompression, at the cost of some image
## distortion.
## Note: Images with useless transparency/alpha data (all pixels
##       being opaque) do not require this option. In such cases Ziproxy
##       will detect that and remove the useless data automatically.
## Disabled by default.
# AllowLookChange = true

## If enabled, convert images to grayscale before recompressing.
## This provides extra compression, at the cost of losing color data.
## Note: Not all images sent will be in grayscale, only the ones
##       considered worth recompression that way.
## Disabled by default.
# ConvertToGrayscale = false

## Preemptive Name Resolution
## If enabled, tries to resolve hostnames present in the processed HTML files
## for speeding up things (no delay for name resolution).
## One extra process + (max)PreemptNameResMax threads will run for each HTML request.
## PreemptNameResMax is the max hostnames it will try to resolve per HTML file.
## PreemptNameResBC "bogus check", ignore names whose domains are not .nnnn, .nnn or .nn
##
## WARNING: This option makes sense _only_ if you have a caching DNS or
## a name cache of some sort (like: PDNSD).
## == THIS OPTION WILL INCREASE BY MANY TIMES THE REQUESTS TO THE DNS ==
##
# PreemptNameRes = false
# PreemptNameResMax = 50
# PreemptNameResBC = true

## Alpha channel (image transparency data) removal threshold
## Removes alpha channel from images with a minimum opacity
## of AlphaRemovalMinAvgOpacity
## (1000000: completely opaque, 0: completely transparent).
##
## This reduces data by removing unnecessary alpha channel from
## fully-opaque images; and from (subjectively) not-so-relevant transparency
## information.
## This also allows recompression to JPEG for PNG/JP2k images originally
## with alpha channel (which is not supported by JPEG image format).
## Note: Debug log reports the average alpha opacity for each
##       image with alpha channel.
## Default: 1000000 (remove alpha only from fully-opaque images)
##
# AlphaRemovalMinAvgOpacity = 1000000

## Workaround for MSIE's pseudo-feature "Show friendly HTTP error messages."
## If User-Agent=MSIE, don't change/compress the body of error messages in any way.
## If compressed it could go down below to 256 or 512 bytes and be replaced with
## a local error message instead.
## In certain cases the body has crucial data, like HTML redirection or so, and
## that would be broken if a "friendly error" replaces it.
##
## If you are sure there are no users using MSIE's with "friendly error messages"
## enabled, or you don't support/have users with such configuration, you may
## disable this and have error data compressed for MSIE users.
## This workaround does not affect other clients at all, and error messages
## will be sent compressed if the client supports it.
##
## Enabled by default.
# WA_MSIE_FriendlyErrMsgs = true

## This option specifies a file containing a list of URLs that should be tunneled
## by Ziproxy with no kind of processing whatsoever.
## The list contain fully-formatted URLS (http://xxx/xxx), one URL per line.
## The URLs may also contain pattern-matching asterisks.
## Comments may be present if prefixed by '#' (shell-alike).
## In order to exempt a whole site from processing: "http://www.exemptedhost.xyz/*"
##
## This option exists when a page is known to stop working under Ziproxy processing
## and there's no specific workaround/bugfix still available.
## Thus, this is a temporary solution when you depend on the page to work in a
## production environment.
##
## ****** REMEMBER TO REPORT BUGS/INCOMPATIBILITIES SO THEY MAY BE FIXED *******
## *** THIS IS NOT SUPPOSED TO BE A DEFINITIVE SOLUTION TO INCOMPATIBILITIES ***
##
## Default: empty (no file specified, inactive)
# URLNoProcessing = "/etc/ziproxy/noprocess.list"

## This option specifies a file containing a list of URLs which its
## data should be intercepted and replaced by another.
## Header data such as cookies is maintained.
## Currently the only replacing data available is an empty image
## (1x1 transparent pixel GIF).
##
## The list contain fully-formatted URLS (http://xxx/xxx), one URL per line.
## The URLs may also contain pattern-matching asterisks.
## Comments may be present if prefixed by '#' (shell-alike).
## In order to exempt a whole site from processing: "http://ad.somehost.xyz/*"
##
## The way it is, this option may be used as an AD-BLOCKER which is
## transparent to the remote host (data is downloaded from the remove server
## and cookies are transported) -- a stealthy ad-blocker, if you like.
##
## Default: empty (no file specified, inactive)
## See also: URLReplaceDataCT
# URLReplaceData = "/etc/ziproxy/replace.list"

## Same as URLReplaceData, except it will only replace the data
## from matching URLs if the content-type matches
## the list in URLReplaceDataCTList (mandatory parameter) aswell.
##
## URLReplaceDataCT may be useful as a more compatible AD-BLOCKER
## if only visual files are replaced. Certain websites rely on
## external javascript from advertisement hosts and break when
## that data is missing, this is a way to block advertisements
## in such cases.
##
## Default: empty (no file specified, inactive)
## See also: URLReplaceDataCTList, URLReplaceData
# URLReplaceDataCT = "/etc/ziproxy/replace_ct.list"

## List of content-types to use with the URLReplaceDataCT option.
## This option is required by URLReplaceDataCT.
## Default: empty (no content-type specified, inactive)
## See also: URLReplaceDataCTListAlsoXST, URLReplaceDataCT
# URLReplaceDataCTList = {"image/jpeg", "image/gif", "image/png", "application/x-shockwave-flash"}

## When using URLReplaceDataCTList, this defines whether to also automatically add
## content-type entries with 'x-' prefix appended to subtypes
## (aaaa/bbbb also adding aaaa/x-bbbb).
## Usually it's convenient to do this way, that avoids worrying about
## having to create duplicated entries, or whether which variant is valid.
##
## You may want to disable this is you wish to have a precise control
## of what types of content-type you wish to include.
##
## See also: URLReplaceDataCTList
## Default: true
# URLReplaceDataCTListAlsoXST = true

## This option specifies a file containing a list of URLs which
## should be blocked.
## A "access denied" 403 error will be returned when trying to access
## one of those URLs.
## Default: empty (no file specified, inactive)
# URLDeny = "/etc/ziproxy/deny.list"

## Custom HTTP Error Messages
## Define here the full path to the HTML file which should be
## sent, instead of the internal default page.
## Note: The internal defaults give more precise error messages.
##
## 400 - Bad request (malformed URL, or unknown URL type)
# CustomError400="/var/ziproxy/error/400.html"
## 403 - Forbidden
# CustomError403="/var/ziproxy/error/403.html"
## 404 - Unknown host (Ziproxy will not issue 'page not found' errors itself)
# CustomError404="/var/ziproxy/error/404.html"
## 407 - Proxy Authentication Required
# CustomError407="/var/ziproxy/error/407.html"
## 408 - Request timed out
# CustomError408="/var/ziproxy/error/408.html"
## 409 - Conflict
# CustomError409="/var/ziproxy/error/409.html"
## 500 - Internal error (or empty response from server)
# CustomError500="/var/ziproxy/error/500.html"
## 503 - Connection refused (or service unavailable)
# CustomError503="/var/ziproxy/error/503.html"



##############################################################################
# JPEG 2000-specific options (require Ziproxy to be compiled with libjasper) #
##############################################################################
## When enabled, this option forces the conversion of all incoming
## JP2K images to another format (usually JPEG).
## JP2K images with unsupported internal data will be forwarded unmodified.
## One may use this option to create "JP2K-compressed tunnels" between
## two Ziproxies with narrow bandwidth in between and serve clients
## which otherwise do not support JP2K while still taking advantage of that
## format. In such scenario, if the clients and their Ziproxy share a LAN,
## for best image quality it is recommended to set a very low (highest quality)
## _local_ output compression.
## This option requires "ProcessJP2 = true" in order to work.
## default: false
# ForceOutputNoJP2 = false

## When enabled, every request as a client will include an extra header "X-Ziproxy-Flags"
## announcing it as a Ziproxy with JP2 support enabled.
## This option makes sense when chaining to another Ziproxy.
## Note: when the request is intercepted by another Ziproxy,
##       the extra header won't be sent further.
## See also: JP2OutRequiresExpCap
## default: false
# AnnounceJP2Capability = false

## "JP2 Output Requires Explicit Capability"
## When enabled (and when JP2 output is enabled) will only compress to JP2 to
## clients which explicity support for that -- that means Ziproxy with
## AnnounceJP2Capability = true.
## This option is useful when you want to compress to JP2 only for clients
## behind a local Ziproxy with ForceOutputNoJP2 = true, but at the same time
## you have clients connecting directly and those do not support JP2.
## default: false (does not make such discrimination for JP2 output)
# JP2OutRequiresExpCap = false

## Color model to be used while compressing images to JP2K.
## Accepted values:
##   0 - RGB
##   1 - YUV
## If different than RGB, it adds extra processing due to conversion.
## By itself doesn't change much the output data size, and the
## conversion is not 100.0% lossless.
## If you plan using JP2CSampling* or JP2BitRes* options, a non-RGB
## color model is highly prefereable.
## Default: 0 (YUV)
## Note: certain jp2-aware software do NOT support a color model
##       other than RGB and will either fail or display a distorted image.
# JP2Colorspace = 1

## Upsampler to be used while resampling each component of a JP2K picture.
## This is used ONLY when decompressing JP2K pictures, it does not affect
## JP2K compression at all (that uses a downsampler, which is linear-only).
## Accepted values:
##   0 - Linear
##   1 - Lanczos (Lanczos3)
## For modest scaling such as 2:1, linear is usually better,
## resulting in a overall clear component.
## Lanczos may be interesting when scaling 4:1 or more, though
## it tends to sharpen the JP2K artifacts and add harmonic
## interference to the component.
## Default: 0 (Linear)
# JP2Upsampler = 0

## This applies to B&W pictures compressed to JP2K.
## Defines the channel resolution for each component:
## Y (luma) and A (alpha, if present)
## in number of bit (min: 1, max: 8)
## Defines for each file size (see JP2ImageQuality).
## Smallest image is the first components in array.
## Sequence is YAYAYAYA.
##
## Default: all to eight bits
#JP2BitResYA = {6,4,
#               7,5,
#               8,6,
#               8,6}

## This applies to color pictures compressed to JP2K
## using the RGB model (see JP2Colorspace).
## Defines the channel resolution for each component:
## R (red), G (green), B (blue) and A (alpha, if present)
## in number of bit (min: 1, max: 8)
## Defines for each file size (see JP2ImageQuality).
## Smallest image is the first components in array.
## Sequence is RGBARGBARGBARGBA.
##
## Default: all to eight bits
# JP2BitResRGBA = {6,5,5,4,
#                  7,6,6,5,
#                  6,7,7,6,
#                  8,8,8,6}

## This applies to color pictures compressed to JP2K
## using the YUV color model (see JP2Colorspace).
## Defines the channel resolution for each component:
## Y (luma), U (chroma, Cb), V (chroma, Cr), and A (alpha, if present)
## in number of bit (min: 1, max: 8)
## Defines for each file size (see JP2ImageQuality).
## Smallest image is the first components in array.
## Sequence is YUVAYUVAYUVAYUVA.
##
## Default: sensible values for best quality/compression
#JP2BitResYUVA = {6,5,5,4,
#                 7,6,6,5,
#                 8,7,7,6,
#                 8,8,8,6}

## This applies to B&W pictures compressed to JP2K.
## Here you may define the sampling rate for each component,
## for each picture size.
## The sequence is:
## Y_xpos, Y_ypos, Y_xstep, Y_ystep,  A_xpos, A_ypos, A_xstep, A_ystep, (smallest picture)
## ... ... ... (medium-sized picture)
## etc.
## Default: all x/ypos=0 x/ystep=1 (no components suffer subsampling)
## Note: certain jp2-aware software do NOT support component subsampling and will fail.
#JP2CSamplingYA = {0,0,1,1, 0,0,1,1,
#                  0,0,1,1, 0,0,1,1,
#                  0,0,1,1, 0,0,2,2,
#                  0,0,1,1, 0,0,2,2}

## This applies to color pictures compressed to JP2K
## using the RGB model (see JP2Colorspace).
## Here you may define the sampling rate for each component,
## for each picture size.
## The sequence is:
## R_xpos, R_ypos, R_xstep, R_ystep,  G_xpos, G_ypos, G_xstep, G_ystep,  B...  A... (smallest picture)
## ... ... ... (medium-sized picture)
## etc.
## Default: all x/ypos=0 x/ystep=1 (no components suffer subsampling)
## Note: certain jp2-aware software do NOT support component subsampling and will fail.
#JP2CSamplingRGBA = {0,0,1,1, 0,0,1,1, 0,0,1,1, 0,0,1,1,
#                    0,0,1,1, 0,0,1,1, 0,0,1,1, 0,0,1,1,
#                    0,0,1,1, 0,0,1,1, 0,0,1,1, 0,0,1,1,
#                    0,0,1,1, 0,0,1,1, 0,0,1,1, 0,0,1,1}

## This applies to color pictures compressed to JP2K
## using the YUV color model (see JP2Colorspace).
## Here you may define the sampling rate for each component,
## for each picture size.
## The sequence is:
## Y_xpos, Y_ypos, Y_xstep, Y_ystep,  U_xpos, U_ypos, U_xstep, U_ystep,  V...  A... (smallest picture)
## ... ... ... (medium-sized picture)
## etc.
## Default: sensible values for a good image quality.
## Note: certain jp2-aware software do NOT support component subsampling and will fail.
#JP2CSamplingYUVA = {0,0,1,1, 0,0,1,1, 0,0,1,1, 0,0,1,1,
#                    0,0,1,1, 0,0,1,2, 0,0,2,1, 0,0,1,1,
#                    0,0,1,1, 0,0,2,2, 0,0,2,1, 0,0,2,2,
#                    0,0,1,1, 0,0,2,2, 0,0,2,2, 0,0,2,2}

###### priproxyへ
## Forward everything to another proxy server.
## Modifications/compression is still applied.
## Default: none (disabled)
NextProxy="127.0.0.1"
## TCP port to be used by NextProxy.
## Default: 8080
NextPort=8118
## Allow processing of requests as transparent proxy
## (will still accept normal proxy requests)
## In order to use Ziproxy as transparent proxy it's also needed
## to reroute the connections from x.x.x.x:80 to ziproxy.host:PROXY_PORT
## Disabled by default.
## See also: RestrictOutPortHTTP
TransparentProxy = true

###### 圧縮品質とか
UseContentLength = false
## Image quality for JPG (JPEG) compression.
## Image quality is specified in integers between 100 (best) and 0 (worst).
# ImageQuality = {5000px以下, 5001～50000px, 50001～250000px, 250001px以上}
ImageQuality = {30,25,25,20}
## Image quality for JP2 (JPEG 2000) compression.
## Image quality is specified in integers between 100 (best) and 0 (worst).
## This option is similar to "ImageQuality" except it applies to JP2K files, instead.
## JP2K, internally, works differently and has a "rate" setting instead of "quality".
## Within Ziproxy's context we want to use a fixed quality, not a fixed bitrate.
## Thus, prior to compression, the image is analysed in order to know which rate
## (loosely) reflects the quality had this picture be compressed using jpeg.
## This option obsoletes "JP2Rate".
JP2ImageQuality = {20,15,15,15}
## Whether to try to (re)compress incoming data originally in
## the JP2 format (true) or not (false)
## Note: This option is not required to be enabled in order to convert
## _to_ JP2 format.
## default: false
# JPEG 2000へ変換を許可する
ProcessJP2 = true
## Whether to try to compress a image to JP2K (JPEG 2000)
## Even when enabled, other formats may sill be tried.
## Web browsers' support vary and an external plugin may be required
## in order to display JP2K pictures.
## If "ForceOutputNoJP2 = true", this option will be overrided
## and stay disabled.
## default: false
# 可能であれば通常のJPEGではなくJPEG 2000への再圧縮を行う
ProcessToJP2 = true