<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
-----BEGIN PGP SIGNED MESSAGE----- <br>
Hash: SHA256 <br>
<br>
<br>
<br>
16.01.16 7:57, Lucas Castro пишет:<br>
<span style="white-space: pre;">><br>
><br>
> On 15-01-2016 17:26, Yuri Voinov wrote:<br>
>><br>
>> # -------------------------------------<br>
>> # Access Control Lists<br>
>> # -------------------------------------<br>
>> acl localnet src 192.168.0.0/16 # RFC1918 possible
internal network<br>
>><br>
>> acl SSL_ports port 443<br>
>> acl SSL_ports port 8443 # Telecom exclusion<br>
>> acl SSL_ports port 2041 # ICQ/MRA<br>
>> acl SSL_ports port 2042 # ICQ/MRA<br>
>> acl SSL_ports port 5160 # ICQ/MRA<br>
>> acl SSL_ports port 5228 # ICQ/MRA<br>
>> acl SSL_ports port 10443 # GZakup exclusion<br>
>> acl Safe_ports port 80 # http<br>
>> acl Safe_ports port 21 # ftp<br>
>> acl Safe_ports port 443 # https<br>
>> acl Safe_ports port 70 # gopher<br>
>> acl Safe_ports port 210 # wais<br>
>> acl Safe_ports port 1025-65535 # unregistered ports<br>
>> acl Safe_ports port 280 # http-mgmt<br>
>> acl Safe_ports port 488 # gss-http<br>
>> acl Safe_ports port 591 # filemaker<br>
>> acl Safe_ports port 777 # multiling http<br>
>><br>
>> # Common methods<br>
>> acl CONNECT method CONNECT<br>
>> acl PURGE method PURGE<br>
>> acl GET method GET<br>
>><br>
>> # Windows update acls<br>
>> acl windowsupdate dstdomain
sls.update.microsoft.com.akadns.net<br>
>> acl windowsupdate dstdomain windowsupdate.microsoft.com<br>
>> acl windowsupdate dstdomain .update.microsoft.com<br>
>> acl windowsupdate dstdomain download.windowsupdate.com<br>
>> acl windowsupdate dstdomain
redir.metaservices.microsoft.com<br>
>> acl windowsupdate dstdomain
images.metaservices.microsoft.com<br>
>> acl windowsupdate dstdomain c.microsoft.com<br>
>> acl windowsupdate dstdomain
<a class="moz-txt-link-abbreviated" href="http://www.download.windowsupdate.com">www.download.windowsupdate.com</a><br>
>> acl windowsupdate dstdomain wustat.windows.com<br>
>> acl windowsupdate dstdomain crl.microsoft.com<br>
>> acl windowsupdate dstdomain sls.microsoft.com<br>
>> acl windowsupdate dstdomain
productactivation.one.microsoft.com<br>
>> acl windowsupdate dstdomain ntservicepack.microsoft.com<br>
>><br>
>> # Windows update methods<br>
>> acl wuCONNECT dstdomain <a class="moz-txt-link-abbreviated" href="http://www.update.microsoft.com">www.update.microsoft.com</a><br>
>> acl wuCONNECT dstdomain sls.microsoft.com<br>
>><br>
>> # Youtube & CDN store rewrite ACLs<br>
>> acl store_rewrite_list urlpath_regex<br>
>>
\.(jp(e?g|e|2)|gif|png|bmp|ico|svg|web(p|m)|wm(v|a)|flv|f4f|mp(3|4)|ttf|eot|woff2?|(c|x|j)ss|js(t?|px?))\?<br>
>> \/ads\?<br>
>> acl store_rewrite_list_web url_regex<br>
>> "/usr/local/squid/etc/url.rewrite_web"<br>
>> acl store_rewrite_list_web_cdn url_regex<br>
>> "/usr/local/squid/etc/url.rewrite_cdn"<br>
>><br>
>> # Adobe/Java and other updates<br>
>> acl adobe_java_updates url_regex
"/usr/local/squid/etc/url.updates"<br>
>><br>
>> # No-cache<br>
>> acl dont_cache_url url_regex
"/usr/local/squid/etc/url.nocache"<br>
>><br>
>> # Tor acl<br>
>> acl tor_url dstdom_regex -i
"/usr/local/squid/etc/url.tor"<br>
>><br>
>> # SSL bump acl<br>
>> acl net_bump src "/usr/local/squid/etc/net.bump"<br>
>><br>
>> # TLD acl<br>
>> acl block_tld dstdomain "/usr/local/squid/etc/dstdom.tld"<br>
>><br>
>> # -------------------------------------<br>
>> # Access parameters<br>
>> # -------------------------------------<br>
>> # Deny requests to unsafe ports<br>
>> http_access deny !Safe_ports<br>
>> # Deny CONNECT to other than SSL ports<br>
>> http_access deny CONNECT !SSL_ports<br>
>><br>
>> # Only allow cachemgr access from localhost<br>
>> http_access allow localhost manager<br>
>> http_access deny manager<br>
>> http_access deny to_localhost<br>
>> # Allow purge from localhost<br>
>> http_access allow PURGE localhost<br>
>> http_access deny PURGE<br>
>><br>
>> # Normalize Accept-Encoding to support compression via
eCAP<br>
>> request_header_access Accept-Encoding deny all<br>
>> request_header_replace Accept-Encoding gzip;q=1.0,
identity;q=0.5, *;q=0<br>
>> # Disable alternate protocols<br>
>> request_header_access Alternate-Protocol deny all<br>
>> reply_header_access Alternate-Protocol deny all<br>
>> # Disable HSTS<br>
>> reply_header_access Strict-Transport-Security deny all<br>
>> reply_header_replace Strict-Transport-Security max-age=0;<br>
>> includeSubDomains<br>
>> # Remove User-Agent from Vary<br>
>> reply_header_access Vary deny all<br>
>> reply_header_replace Vary Accept-Encoding<br>
>> # Workaround 4253<br>
>> request_header_access Surrogate-Capability deny all<br>
>><br>
>> # Block top level domains<br>
>> http_access deny block_tld<br>
>> deny_info TCP_RESET block_tld<br>
>><br>
>> # Rule allowing access from local networks<br>
>> http_access allow localnet<br>
>> http_access allow localhost<br>
>><br>
>> # No cache directives<br>
>> cache deny dont_cache_url<br>
>><br>
>> # ICP/HTCP access<br>
>> icp_access allow localnet<br>
>> icp_access deny all<br>
>> htcp_access allow localnet<br>
>> htcp_access deny all<br>
>><br>
>> # 302 loop<br>
>> acl text_mime rep_mime_type text/html text/plain<br>
>> acl http302 http_status 302<br>
>> store_miss deny text_mime http302<br>
>> send_hit deny text_mime http302<br>
>><br>
>> # Windows updates rules<br>
>> http_access allow CONNECT wuCONNECT localnet<br>
>> http_access allow CONNECT wuCONNECT localhost<br>
>> http_access allow windowsupdate localnet<br>
>> http_access allow windowsupdate localhost<br>
>><br>
>> # Minimum ICQ configuration,<br>
>> # works for QIP 2012 and squid/ssl_bump, login.icq.com
port should be<br>
>> either 443 or 5190<br>
>> #<br>
>> acl icq dstdomain login.icq.com<br>
>> acl icqport port 443<br>
>> acl icqport port 2041<br>
>> acl icqport port 2042<br>
>> acl icqport port 5190<br>
>> # mail.ru network where ICQ/MRIM servers reside<br>
>> acl icqip dst 178.237.16.0/20<br>
>> acl icqip dst 217.69.128.0/20<br>
>> # isgeek.info jabber<br>
>> acl icqip dst 94.23.0.0/16<br>
>><br>
>> http_access allow CONNECT icq<br>
>> http_access allow CONNECT icqip icqport<br>
>><br>
>> # SSL bump rules<br>
>> acl DiscoverSNIHost at_step SslBump1<br>
>> # ICQ/MRA must splice first<br>
>> ssl_bump splice DiscoverSNIHost icq<br>
>> ssl_bump splice DiscoverSNIHost icqip icqport<br>
>> ssl_bump peek DiscoverSNIHost<br>
>> acl NoSSLIntercept ssl::server_name_regex -i<br>
>> "/usr/local/squid/etc/url.nobump"<br>
>> acl NoSSLIntercept ssl::server_name_regex -i<br>
>> "/usr/local/squid/etc/url.tor"<br>
>> ssl_bump splice NoSSLIntercept<br>
>> ssl_bump bump net_bump<br>
>><br>
>> # Privoxy+Tor access rules<br>
>> never_direct allow tor_url<br>
>><br>
>> # And finally deny all other access to this proxy<br>
>> http_access deny all<br>
>><br>
>> # -------------------------------------<br>
>> # HTTP parameters<br>
>> # -------------------------------------<br>
>> # Local Privoxy is cache parent<br>
>> cache_peer 127.0.0.1 parent 8118 0 no-query no-digest
default<br>
>><br>
>> cache_peer_access 127.0.0.1 allow tor_url<br>
>> cache_peer_access 127.0.0.1 deny all<br>
>><br>
>> # Don't cache 404 long time<br>
>> negative_ttl 5 minutes<br>
>> positive_dns_ttl 15 hours<br>
>> negative_dns_ttl 1 minutes<br>
>><br>
>> # -------------------------------------<br>
>> # Cache parameters<br>
>> # -------------------------------------<br>
>> # dhparams is before squid-3.5.12-20151222-r13967<br>
>> # tls-dh is AFTER squid-3.5.12-20151222-r13967<br>
>> http_port 3126 ssl-bump generate-host-certificates=on<br>
>> dynamic_cert_mem_cache_size=4MB
cert=/usr/local/squid/etc/rootCA.crt<br>
>> key=/usr/local/squid/etc/rootCA.key options=NO_SSLv3<br>
>> tls-dh=/usr/local/squid/etc/dhparam.pem<br>
> I've never ever understood why configure ssl-bump related on
http_port,<br>
> It's redirected port 80 to it, or just serve the certificate
to client?</span><br>
My server use both proxy modes: transparent interception and
forwarding. This line is forwarding port. Clients points to it using
PAC.<br>
<span style="white-space: pre;">><br>
>> http_port 3127<br>
>> http_port 3128 intercept<br>
>> # dhparams is before squid-3.5.12-20151222-r13967<br>
>> # tls-dh is AFTER squid-3.5.12-20151222-r13967<br>
>> https_port 3129 intercept ssl-bump
generate-host-certificates=on<br>
>> dynamic_cert_mem_cache_size=4MB
cert=/usr/local/squid/etc/rootCA.crt<br>
>> key=/usr/local/squid/etc/rootCA.key options=NO_SSLv3<br>
>> tls-dh=/usr/local/squid/etc/dhparam.pem<br>
>> sslproxy_capath /etc/opt/csw/ssl/certs<br>
>> # SINGLE_DH_USE is 3.5 before
squid-3.5.12-20151222-r13967<br>
>> #sslproxy_options NO_SSLv3,SINGLE_DH_USE<br>
>> # SINGLE_ECDH_USE is AFTER squid-3.5.12-20151222-r13967<br>
>> sslproxy_options NO_SSLv3,SINGLE_ECDH_USE<br>
>> sslproxy_cipher<br>
>>
EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS<br>
>> sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s
/var/lib/ssl_db<br>
>> -M 4MB<br>
>><br>
>> # Specify ICP/HTCP explicity<br>
>> icp_port 3130<br>
>> htcp_port 4827<br>
>><br>
>> # Cache manager<br>
>> cache_mgr <a class="moz-txt-link-abbreviated" href="mailto:mymail@gmail.com">mymail@gmail.com</a><br>
>><br>
>> # Cache manager password<br>
>> cachemgr_passwd disable shutdown reconfigure rotate<br>
>> cachemgr_passwd xxxxxxxx all<br>
>><br>
>> # Cache user<br>
>> cache_effective_user squid<br>
>> cache_effective_group squid<br>
>><br>
>> # Forces reload-into-ims<br>
>> reload_into_ims on<br>
>><br>
>> # Hide internal networks details outside<br>
>> via off<br>
>> forwarded_for delete<br>
>><br>
>> # Do not show Squid version<br>
>> httpd_suppress_version_string on<br>
>><br>
>> # WCCPv2 parameters<br>
>> wccp2_router 192.168.200.2<br>
>> wccp2_forwarding_method l2<br>
>> wccp2_return_method l2<br>
>> wccp2_rebuild_wait off<br>
>> wccp2_service standard 0<br>
>> wccp2_service dynamic 70<br>
>> wccp2_service_info 70 protocol=tcp<br>
>> flags=dst_ip_hash,src_ip_alt_hash,src_port_alt_hash
priority=240 ports=443<br>
>><br>
>> # Prioritization of local hits<br>
>> qos_flows tos local-hit=0x68<br>
>><br>
>> # Specify local DNS cache<br>
>> dns_nameservers 127.0.0.1<br>
>><br>
>> dns_v4_first on<br>
>> ipcache_size 4096<br>
>><br>
>> # -------------------------------------<br>
>> # Adaptation parameters<br>
>> # -------------------------------------<br>
>> icap_enable on<br>
>> icap_send_client_ip on<br>
>> icap_send_client_username on<br>
>> icap_client_username_header X-Authenticated-User<br>
>> icap_preview_enable on<br>
>> icap_preview_size 1024<br>
>> icap_service service_avi_req reqmod_precache<br>
>> icap://localhost:1344/squidclamav bypass=off<br>
>> adaptation_access service_avi_req allow all<br>
>> icap_service service_avi_resp respmod_precache<br>
>> icap://localhost:1344/squidclamav bypass=on<br>
>> adaptation_access service_avi_resp allow all<br>
>><br>
>> ecap_enable on<br>
>> acl HTTP_STATUS_OK http_status 200<br>
>> loadable_modules /usr/local/lib/ecap_adapter_gzip.so<br>
>> ecap_service gzip_service respmod_precache<br>
>> ecap://www.vigos.com/ecap_gzip bypass=off<br>
>> adaptation_access gzip_service allow HTTP_STATUS_OK<br>
>><br>
>> # -------------------------------------<br>
>> # Memory parameters<br>
>> # -------------------------------------<br>
>> cache_mem 512 Mb<br>
>><br>
>> #memory_pools off<br>
>><br>
>> maximum_object_size_in_memory 1 MB<br>
>><br>
>> # -------------------------------------<br>
>> # Tuning parameters<br>
>> # -------------------------------------<br>
>> memory_replacement_policy heap LRU<br>
>> cache_replacement_policy heap LFUDA<br>
>><br>
>> store_avg_object_size 85 KB<br>
>> # Default is 20<br>
>> store_objects_per_bucket 32<br>
>><br>
>> # Shutdown delay before terminate connections<br>
>> shutdown_lifetime 15 second<br>
>><br>
>> # SMP<br>
>> #workers 2<br>
>><br>
>> # -------------------------------------<br>
>> # Store parameters<br>
>> # -------------------------------------<br>
>> maximum_object_size 8 Gb<br>
>><br>
>> cache_dir diskd /data/cache/d1 32767 16 256<br>
>> cache_dir diskd /data/cache/d2 32767 16 256<br>
>> cache_dir diskd /data/cache/d3 32767 16 256<br>
>> cache_dir diskd /data/cache/d4 32767 16 256<br>
>> <br>
>> # -------------------------------------<br>
>> # Process/log parameters<br>
>> # -------------------------------------<br>
>> #logformat my_squid %tl %6tr %>a %Ss/%03>Hs %<st
%rm %ru %[un %Sh/%<a %mt<br>
>> #access_log daemon:/data/cache/log/access.log
buffer-size=256KB<br>
>> logformat=my_squid !tor_url<br>
>> access_log daemon:/data/cache/log/access.log
buffer-size=256KB<br>
>> logformat=squid !tor_url<br>
>> # Don't log ICP queries<br>
>> log_icp_queries off<br>
>><br>
>> # Turn off internal log rotation<br>
>> logfile_rotate 0<br>
>><br>
>> cache_log /data/cache/log/cache.log<br>
>> #cache_log /data/cache/log/cache${process_number}.log<br>
>> cache_store_log none<br>
>><br>
>> # Default is off<br>
>> buffered_logs on<br>
>><br>
>> coredump_dir /var/core<br>
>><br>
>> pid_filename /tmp/squid.pid<br>
>><br>
>> strip_query_terms off<br>
>><br>
>> # -------------------------------------<br>
>> # Content parameters<br>
>> # -------------------------------------<br>
>> #range_offset_limit none store_rewrite_list<br>
>> #range_offset_limit none store_rewrite_list_web<br>
>> #range_offset_limit none store_rewrite_list_web_cdn<br>
>> #range_offset_limit none adobe_java_updates<br>
>> #range_offset_limit none windowsupdate<br>
>> range_offset_limit none all<br>
>><br>
>> # Updates: Windows, Adobe, Java<br>
>> refresh_pattern -i<br>
>>
microsoft.com.*\.(cab|exe|ms[i|u|f|p]|asf|wm[v|a]|dat|zip) 4320
80%<br>
>> 43200 reload-into-ims<br>
>> refresh_pattern -i<br>
>>
windowsupdate.com.*\.(cab|exe|ms[i|u|f|p]|asf|wm[v|a]|dat|zip)
4320<br>
>> 80% 43200 reload-into-ims<br>
>> refresh_pattern -i<br>
>>
my.windowsupdate.website.com.*\.(cab|exe|ms[i|u|f|p]|asf|wm[v|a]|dat|zip)
<br>
>> <br>
>> 4320 80% 43200 reload-into-ims<br>
>> refresh_pattern -i adobe.com.*\.(zip|exe) 4320
80% 43200 <br>
>> reload-into-ims<br>
>> refresh_pattern -i java.com.*\.(zip|exe) 4320
80% 43200 <br>
>> reload-into-ims<br>
>> refresh_pattern -i sun.com.*\.(zip|exe) 4320
80% 43200 <br>
>> reload-into-ims<br>
>> refresh_pattern -i google\.com.*\.(zip|exe) 4320
80% 43200 <br>
>> reload-into-ims<br>
>> refresh_pattern -i macromedia\.com.*\.(zip|exe)
4320 80% <br>
>> 43200 reload-into-ims<br>
>> # Other setups and updates<br>
>> refresh_pattern -i \.(zip|(g|b)z2?|exe|msi|cvd)$
4320 80% <br>
>> 43200 reload-into-ims<br>
>> # Cacle squidinternal<br>
>> refresh_pattern -i
video-srv\.youtube\.squidinternal 0 0% 0<br>
>> refresh_pattern -i squidinternal 14400
100% 518400 <br>
>> override-expire override-lastmod refresh-ims
reload-into-ims<br>
>> ignore-private ignore-auth ignore-must-revalidate
store-stale<br>
>> ignore-no-store<br>
>> # Keep swf in cache<br>
>> refresh_pattern -i \.swf$ 10080 100% 43200
override-expire<br>
>> reload-into-ims ignore-private<br>
>> # .NET cache<br>
>> refresh_pattern -i \.((a|m)s(h|p)x?)$ 10080
100% 43200 <br>
>> reload-into-ims ignore-private<br>
>> # Other long-lived items<br>
>> refresh_pattern -i<br>
>>
\.(jp(e?g|e|2)|gif|png|bmp|ico|svg|web(p|m)|wm(v|a)|flv|f4f|mp(3|4)|ttf|eot|woff2?|(c|x|j)ss|js(t?|px?))(\?.*)?$
<br>
>> <br>
>> 14400 100% 518400 override-expire
override-lastmod<br>
>> reload-into-ims ignore-private ignore-no-store
ignore-must-revalidate<br>
>> refresh_pattern -i<br>
>>
\.((cs|d?|m?|p?|r?|s?|w?|x?|z?)h?t?m?(l?)|php(3?|5?)|rss|atom|vr(t|ml))(\?.*)?$
<br>
>> <br>
>> 10080 100% 86400 override-expire
override-lastmod<br>
>> reload-into-ims ignore-private ignore-no-store
ignore-must-revalidate<br>
>> # Default patterns<br>
>> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0<br>
>> refresh_pattern . 0 20% 4320
reload-into-ims<br>
>><br>
>> # -------------------------------------<br>
>> # Rewriter parameters<br>
>> # -------------------------------------<br>
>> # ufdbGuard rewriter<br>
>> url_rewrite_program /usr/local/ufdbguard/bin/ufdbgclient
-C<br>
>> url_rewrite_children 64 startup=0 idle=1 concurrency=2<br>
>> redirector_bypass off<br>
>><br>
>> # Storeurl rewriter<br>
>> store_id_program
/usr/local/squid/libexec/storeid_file_rewrite<br>
>> /usr/local/squid/etc/storeid.conf<br>
>> store_id_children 32 startup=0 idle=1 concurrency=4<br>
>> # Store ID access<br>
>> store_id_access deny !GET<br>
>> store_id_access allow store_rewrite_list<br>
>> store_id_access allow store_rewrite_list_web<br>
>> store_id_access allow store_rewrite_list_web_cdn<br>
>> store_id_access allow adobe_java_updates<br>
>> store_id_access deny all<br>
>> store_id_bypass off<br>
>> ###<br>
>><br>
>> I procrastinate to extract only ssl bump related rows and
comments, so<br>
>> this is full 3.5.x config from production server. :)<br>
>><br>
>> 16.01.16 1:56, Lucas Castro пишет:<br>
>><br>
>><br>
>>> On 15-01-2016 16:18, Yuri Voinov wrote:<br>
>>>> _MISS/200 30415 GET<br>
>>>> <br>
>>
<a class="moz-txt-link-freetext" href="https://www.google.com/search?q=Sun+2540-M2+Performance+enhancer&biw=1280&bih=699&noj=1&ei=oAmZVvnxCsW3afKevLAO&start=10&sa=N">https://www.google.com/search?q=Sun+2540-M2+Performance+enhancer&biw=1280&bih=699&noj=1&ei=oAmZVvnxCsW3afKevLAO&start=10&sa=N</a><br>
>>>> HIER_DIRECT/216.58.208.227 text/html<br>
>>>> 15/Jan/2016:21:03:23 +0600 356 127.0.0.1
TAG_NONE/200 0 CONNECT<br>
>>>> ssl.gstatic.com:443 -
HIER_DIRECT/178.88.163.157 -<br>
>>>> 15/Jan/2016:21:03:24 +0600 518 127.0.0.1
TCP_MISS/20<br>
>>> Can you share your ssl setup?<br>
>>> _______________________________________________<br>
>>> squid-users mailing list<br>
>>> <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
>>> <a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br>
>><br>
>><br>
>><br>
>> _______________________________________________<br>
>> squid-users mailing list<br>
>> <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
>> <a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br>
><br>
><br>
><br>
><br>
><br>
> _______________________________________________<br>
> squid-users mailing list<br>
> <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
> <a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a></span><br>
<br>
-----BEGIN PGP SIGNATURE-----
<br>
Version: GnuPG v2
<br>
<br>
iQEcBAEBCAAGBQJWmf95AAoJENNXIZxhPexG0/4H/RPiw0gQ7V0eKhUUepI02Ux8
<br>
X+XVeT5uo4jv8j4UL/Q2RwPV5E784x5U1m0aipPl/9zT++IP85vSPbX3F818+oE4
<br>
9woW9DPJzC1p60WIOTFQFSlSmgTvVvD5u+68vJbHMMsdkalikYp6Ayw6iLqrYco7
<br>
yOlhX1mRRx6Difs6hYBDaYDYyL4pzFkzrPBxK3hFi+dGfdfkUiQpTKmtCqYpLFlT
<br>
qUySISE+WFbTlt+ZHLPEW5roktHqj8U/0jMRRljdBjjcEXgm7P9XPfSoViCYXlVU
<br>
yzRf7ThZ07ta19PZMhpAdst1gswFFAxPd1uQ+eqw8OcoNyJoWqNaSzBreTTZlbM=
<br>
=qFrf
<br>
-----END PGP SIGNATURE-----
<br>
<br>
</body>
</html>