Konfigurasi – Squid


http_port 10.10.10.1:81
http_port 3128

icp_port 3130
udp_incoming_address 0.0.0.0
udp_outgoing_address 255.255.255.255

#cache_peer 203.130.255.196 parent 3128 3130
cache_peer random.us.ircache.net sibling 3128 3130 login=cs-info@plasa.com:phowEfalsajrasu
#cache_peer 202.143.61.37 sibling 3128 3130 proxy-only
icp_query_timeout 0
maximum_icp_query_timeout 2000
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 8 MB
cache_swap_low 98
cache_swap_high 99
maximum_object_size 51200 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 16 KB
ipcache_size 4096
ipcache_low 98
ipcache_high 99
fqdncache_size 1024
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
cache_dir aufs /var/spool/squid 10000 32 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
emulate_httpd_log on
log_ip_on_direct on
mime_table /etc/squid/mime.conf
pid_filename /var/run/squid.pid
debug_options ALL,1
log_fqdn off

client_netmask 255.255.255.255

ftp_user Squid@kates.com
ftp_list_width 48
ftp_passive on
ftp_sanitycheck on
ftp_telnet_protocol on
#cache_dns_program /usr/lib/squid/dnsserver
dns_timeout 5 minutes
dns_nameservers 10.10.10.1 202.134.1.10 61.94.192.12 202.134.0.155 202.134.2.5
hosts_file /etc/hosts
# diskd_program /usr/lib/squid/diskd
# unlinkd_program /usr/lib/squid/unlinkd
# pinger_program /usr/lib/squid/pinger
# redirect_children 5
# redirect_rewrites_host_header on
#Recommended minimum configuration:
#auth_param digest program
#auth_param digest children 5
#auth_param digest realm Squid proxy-caching web server
#auth_param digest nonce_garbage_interval 5 minutes
#auth_param digest nonce_max_duration 30 minutes
#auth_param digest nonce_max_count 50
#auth_param ntlm program
#auth_param ntlm children 5
#auth_param ntlm max_challenge_reuses 0
#auth_param ntlm max_challenge_lifetime 2 minutes
#auth_param ntlm use_ntlm_negotiate off
#auth_param basic program
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
# authenticate_cache_garbage_interval 1 hour
# authenticate_ttl 1 hour
# authenticate_ip_ttl 0 seconds
# wais_relay_port 0
# request_header_max_size 10 KB
# request_body_max_size 0 KB
#Suggested default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
refresh_pattern -i ^ftp:// 1440 90% 172800 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern . 180 95% 4320 override-lastmod reload-into-ims
refresh_pattern -i \.spinbox.net$ 10080 90% 10080 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.tar.gz$ 10080 90% 10080 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.mp3$ 10080 90% 10080 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.zip$ 10080 90% 10080 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.png$ 10080 90% 10080 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.gif$ 10080 90% 10080 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.jpg$ 10080 90% 10080 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.jpeg$ 10080 90% 10080 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.swf$ 10080 90% 10080 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i /$ 2880 90% 4320 override-expire override-lastmod ignore-reload reload-into-ims
#refresh_pattern -i /index.htm?$ 2880 90% 4320 override-expire override-lastmod ignore-reload reload-into-ims
#refresh_pattern -i /welcome.htm$ 2880 90% 43200 override-expire override-lastmod ignore-reload reload-into-ims
#refresh_pattern -i /default.htm$ 2880 90% 43200 override-expire override-lastmod ignore-reload reload-into-ims
#refresh_pattern -i \.(htm|html|cgi|asp|cfm)$ 2880 90% 86400 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.class$ 43200 90% 86400 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i ^ftp:// 1440 90% 172800 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.(gif|jp?g|xbm|png|swf|bmp)$ 21600 90% 43200 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.(mov|avi|qtm|mp?)$ 21600 90% 43200 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.(zip|exe|gz|Z|lha|arj)$ 21600 90% 43200 override-expire override-lastmod ignore-reload reload-into-ims
#refresh_pattern . 100080 90% 432000 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^gopher: 1440 90% 172800 override-expire override-lastmod ignore-reload reload-into-ims

# TAG: quick_abort_pct (percent)
#Default:
# quick_abort_min 16 KB
# quick_abort_max 16 KB
quick_abort_pct 100
# negative_ttl 5 minutes
# positive_dns_ttl 6 hours
# negative_dns_ttl 1 minute
# range_offset_limit 0 KB
# forward_timeout 4 minutes
connect_timeout 1 minute
# peer_connect_timeout 30 seconds
# read_timeout 15 minutes
# request_timeout 5 minutes
# persistent_request_timeout 1 minute
# client_lifetime 1 day
# half_closed_clients on
# pconn_timeout 120 seconds
# ident_timeout 10 seconds
# shutdown_lifetime 30 seconds
#Examples:
#acl myexample dst_as 1241
#acl password proxy_auth REQUIRED
#acl fileupload req_mime_type -i ^multipart/form-data$
#acl javascript rep_mime_type -i ^application/x-javascript$
#
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 2083 2087 2096 4081
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

#virus WMF
acl blockedtypereq req_mime_type -i ^application/x-msmetafile$
acl blockedtypereq req_mime_type -i application/x-msmetafile
acl blockedtyperep rep_mime_type -i ^application/x-msmetafile$
acl blockedtyperep rep_mime_type -i application/x-msmetafile
acl blocked_contdisp rep_header Content-Disposition -i .wmf

#antinya virus WMF
http_access deny blockedtypereq all
http_access deny blockedtyperep all
http_reply_access deny blocked_contdisp

# follow_x_forwarded_for deny all
#Default:
# acl_uses_indirect_client on
# delay_pool_uses_indirect_client on
# log_uses_indirect_client on
# http_access deny all
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports

acl kates arp “/etc/squid/mac/mac-user.txt”
#acl wedus src “/etc/squid/mac/ip.txt”
acl smp1 src 10.10.10.31

#—————————
#acl badomain dstdomain “/etc/squid/mac/domain.txt”
#http_access deny badomain
#—————————

#
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on “localhost” is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

# Example rule allowing access from your local networks. Adapt
# to list your (internal) IP networks from where browsing should
# be allowed
#acl our_networks src 192.168.1.0/24 192.168.2.0/24
#http_access allow our_networks
# And finally deny all other access to this proxy
http_access allow localhost

acl generic_browser browser Mozilla
acl generic_browser browser IE

http_access allow kates
#http_access allow wedus

#maksimal connection
#acl maksimal maxconn 4
#
http_access deny all

http_reply_access allow all

# icp_access deny all
icp_access allow all

# miss_access allow all

# ident_lookup_access deny all

# reply_header_max_size 20 KB

# reply_body_max_size 0 allow all

# cache_mgr root

cache_effective_user squid
cache_effective_group squid

visible_hostname localhost

# announce_period 0
# announce_host tracker.ircache.net
# announce_port 3131

httpd_accel_host virtual
httpd_accel_port 80

# httpd_accel_single_host off

httpd_accel_with_proxy on

httpd_accel_uses_host_header on

# TAG: logfile_rotate
# Specifies the number of logfile rotations to make when you
# type ‘squid -k rotate’. The default is 10, which will rotate
# with extensions 0 through 9. Setting logfile_rotate to 0 will
# disable the rotation, but the logfiles are still closed and
# re-opened. This will enable you to rename the logfiles
# yourself just before sending the rotate signal.
#
# Note, the ‘squid -k rotate’ command normally sends a USR1
# signal to the running squid process. In certain situations
# (e.g. on Linux with Async I/O), USR1 is used for other
# purposes, so -k rotate uses another signal. It is best to get
# in the habit of using ‘squid -k rotate’ instead of ‘kill -USR1
# ‘.
#
#Default:
# logfile_rotate 0

# TAG: append_domain
# Appends local domain name to hostnames without any dots in
# them. append_domain must begin with a period.
#
# Be warned there are now Internet names with no dots in
# them using only top-domain names, so setting this may
# cause some Internet sites to become unavailable.
#
#Example:
# append_domain .yourdomain.com
#
#Default:
# none

# tcp_recv_bufsize 0 bytes

# memory_pools on

# TAG: memory_pools_limit (bytes)
# Used only with memory_pools on:
# memory_pools_limit 50 MB
#

# forwarded_for on

# log_icp_queries on

# icp_hit_stale off

# minimum_direct_hops 4

# minimum_direct_rtt 400

#Example:
# cachemgr_passwd secret shutdown
# cachemgr_passwd lesssssssecret info stats/objects
# cachemgr_passwd disable all
#
#Default:
# none
#cachemgr_passwd netsisfo all

# store_avg_object_size 13 KB

# store_objects_per_bucket 20

# client_db on
client_db on

# netdb_low 900
# netdb_high 1000

# netdb_ping_period 5 minutes

#query_icmp off
query_icmp on

# test_reachability off

# buffered_logs off

# reload_into_ims off
reload_into_ims on

#We don’t want to limit downloads on our local network
acl magic_words1 url_regex -i 10.10.

#We want to limit downloads of these type of files
#Put this all in one line
acl pelem url_regex -i \.mp3$ \.rm$ \.mpg$ \.mpeg$ \.avi$ \.dat$ \.exe$ \.vqf$ \.tar.gz$ \.gz$ \.rpm$ \.zip$ \.rar$ \.mpe$ \.qt$ \.iso$ \.raw$ \.wav$ \.mov$ \.pdf$ \.wmv$ \.wam$ \.bin$ \.sis$ \.3gp$ \.7z$ \.tar$ \.bzip$
acl magic_words2 url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .rpm .zip .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav .mov .pdf .wmv .iso .wma .bin .3gp .sis .7z .tar .bzip
#.bmp .jpg .jpeg .gif .pdf .doc .xls .ppt
acl magic_words3 url_regex -i ftp .bmp .pdf .doc .xls .ppt .swf .fla

#acl kampes src 10.10.10.234
#acl day time 09:00-21:00

#We don’t block .html, .gif, .jpg and similar files, because they
#generally don’t consume much bandwidth

#We have two different delay_pools
delay_pools 3

#First delay pool
#W don’t want to delay our local traffic
#There are three pool classes; here we will deal only with the second
delay_class 1 2

#-1/-1 mean that there are no limits
delay_parameters 1 -1/-1 -1/-1

#magic_words1: 192.168
delay_access 1 allow magic_words1

#Second delay pool
#we want to delay downloading files mentioned in magic_words2
delay_class 2 2

#The numbers here are values in bytes;
#we must remember that Squid doesn’t consider start/stop bits
#5000/150000 are values for the whole network
#5000/120000 are values for the single IP
#after downloaded files exceed about 150000 bytes,
#(or even twice or three times as much)
#they will continue to download at about 5000 bytes/s
#delay_parameters 2 5000/150000 5000/12000
#delay_parameters 2 5000/120000 2000/12000
delay_parameters 2 8000/13000 100/15000
#delay_access 2 deny !day

delay_access 2 allow magic_words2
delay_access 2 allow pelem
delay_access 2 deny all

delay_class 3 2
delay_parameters 3 6000/13000 1000/4500
delay_access 3 allow magic_words3
delay_access 3 deny all

#delay_class 4 2
#delay_parameters 3 18000/110000 8000/22000
#delay_access 4 allow day
#delay_access 4 deny all

coredump_dir /var/spool/squid
client_persistent_connections on
server_persistent_connections on
ie_refresh off

One comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: