Squid.conf

Posted on


http_port 3128
icp_port 3130
udp_incoming_address 0.0.0.0
udp_outgoing_address 255.255.255.255
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \? .js .jsp
no_cache deny QUERY
cache_mem 6 MB
cache_swap_low 98
cache_swap_high 99
maximum_object_size 24 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 16 KB
ipcache_size 2048
ipcache_low 98
ipcache_high 99
fqdncache_size 2048
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
cache_dir aufs /cache/spool/squid 3000 8 256
cache_access_log /cache/log/squid/access.log
cache_log /cache/log/squid/cache.log
cache_store_log none
emulate_httpd_log on
log_ip_on_direct on
pid_filename /var/run/squid.pid
debug_options ALL,1
mime_table /etc/squid/mime.conf
log_fqdn off
log_icp_queries off
cache_log /dev/null
cache_store_log none
client_netmask 255.255.255.255
ftp_user freak
ftp_list_width 32
ftp_passive on
ftp_sanitycheck on
dns_nameservers xxx.xxx.xxx.xxx
hosts_file /etc/hosts
request_header_max_size 20 KB
request_body_max_size 0 MB
unlinkd_program /usr/lib/squid/unlinkd
#refresh_pattern ^ftp: 0 20% 40320
refresh_pattern ^ftp: 40320 95% 241920 override-lastmod reload-into-ims
refresh_pattern . 0 20% 40320
#refresh_pattern . 180 95% 40320 override-lastmod reload-into-ims
quick_abort_min 0
quick_abort_max 0
quick_abort_pct 100
shutdown_lifetime 10 seconds
memory_pools off
icp_hit_stale on
query_icmp off
reload_into_ims on
pipeline_prefetch on
vary_ignore_expire on
acl all src 0.0.0.0/0.0.0.0
acl saru dstdomain “/etc/squid/saru.txt”
acl porn dst “/etc/squid/porn.txt”
redirect_program /var/www/html/bannerfilter/redirector.pl
acl XYZZY url_regex ^http://www.tokai.co.id ^http://tokai.co.id ^http://www.kanchut.tokai.co.id ^http://kanchut.tokai.co.id
no_cache deny XYZZY
acl web dstdomain .tokai.co.id .kanchut.tokai.co.id
acl nocache dst 202.158.28.140 192.168.10.3
always_direct allow web nocache
always_direct deny all
acl admin src 192.168.10.4/255.255.255.255 #komp admin
acl server src 192.168.10.3/255.255.255.255 #komp server
acl kompdown src 192.168.10.2/255.255.255.255 #komp database
acl M1 arp 00:0C:6E:4F:0C:30 00:E0:18:D9:50:CC 00:0C:6E:5A:E0:17 00:0C:6E:5A:E0:A7 00:0C:6E:5A:DF:E2 00:05:5D:80:33:DA 00:11:D8:0E:1D:0F 00:0C:6E:5A:E0:C8 00:05:5D:80:2D:EB
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl lan src 192.168.10.5-192.168.10.254 #komp lan
acl to_localhost dst 127.0.0.0/8
acl PURGE method PURGE
acl SSL_ports port 443 563 10000
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl magic url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .rpm .zip .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav

#——–Delay_pools———–#

delay_pools 3

#artinya komp admin. server, dan kompdown tidak dibatasi

delay_class 1 1
delay_parameters 1 -1/-1
delay_access 1 allow admin
delay_access 1 allow server
delay_access 1 allow kompdown
delay_access 1 deny all

#artinya komp2 lan akan jika mendownload file2 magic akan mendapat 64Kbyte pertama
#kalau melebihi akan turun sampai rata2 ke 1,5Kbyte

delay_class 2 1
delay_parameters 2 1500/64000
delay_access 2 allow magic
delay_access 2 deny all

#artinya komp2 lan akan mendapat 64Kbyte pertama
#kalau melebihi akan turun sampai rata2 ke 5Kbyte

delay_class 3 1
delay_parameters 3 5000/64000
delay_access 3 allow lan
delay_access 3 deny all

#——–Delay_pools———–#

acl CONNECT method CONNECT
http_access allow manager lan
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow PURGE localhost
http_access deny PURGE
http_access deny saru
http_access deny porn
http_access deny M1
http_access allow localhost
http_access allow lan
http_access allow admin
http_access allow server
http_access allow kompdown
http_access deny all
http_reply_access allow all
icp_access allow lan
http_access allow admin
http_access allow server
http_access allow kompdown
icp_access deny all
miss_access allow all
cache_mgr itdept@tokai.co.id
cachemgr_passwd xxx all
cache_effective_user squid
cache_effective_group squid
visible_hostname proxy.tokai.co.id
unique_hostname tdi.proxy.tokai.co.id
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
logfile_rotate 1
forwarded_for off
log_icp_queries off
buffered_logs on
client_db on
strip_query_terms off
icon_directory /usr/share/icons
error_directory /usr/share/errors/English
snmp_port 3401
snmp_access allow localhost
snmp_access allow admin
snmp_access allow server
snmp_access allow kompdown
snmp_access allow lan
snmp_access deny all
snmp_incoming_address 0.0.0.0
snmp_outgoing_address 255.255.255.255
wccp_router 0.0.0.0
offline_mode off
coredump_dir /var/spool/squid
ie_refresh off
header_access Accept-Encoding deny all
reply_body_max_size 5000000 allow all

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s