# Proxy Server Versi 2.7.Stable7
#==================================$
#################################################################
# Port
http_port 3128 transparent
server_http11 on
#icp_port 3130
prefer_direct off
#################################################################
# Cache & Object
cache_mem 16 MB
cache_swap_low 95
cache_swap_high 99
#max_filedesc 8192
maximum_object_size 1024 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 4 bytes
ipcache_size 4096
ipcache_low 95
ipcache_high 99
fqdncache_size 4096
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
#################################################################
# cache_dir
cache_dir aufs /home/cache1 60000 64 256
#cache_dir aufs /home/cache2 60000 64 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
pid_filename /var/run/squid.pid
cache_swap_log /var/log/squid/swap.state
dns_nameservers 127.0.0.1
emulate_httpd_log off
hosts_file /etc/hosts
half_closed_clients off
negative_ttl 0 seconds ##negative_ttl 1 minutes
#################################################################
# Rules: Safe Port
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 873 # https snews rsync
acl Safe_ports port 80 # http
acl Safe_ports port 20 21 22 53 # ftp
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 631 # cups
acl Safe_ports port 10000 # webmin
acl Safe_ports port 901 # SWAT
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 873 # rsync
acl Safe_ports port 110 # POP3
acl Safe_ports port 25 # SMTP
acl Safe_ports port 2095 2096 # webmail from cpanel
acl Safe_ports port 2082 2083 # cpanel
acl Safe_ports port 100 # slm
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports !SSL_ports
http_access deny CONNECT !SSL_ports !Safe_ports
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
cache_vary on
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
acl store_rewrite_list urlpath_regex \/(get_video|videoplayback\?id|videoplayback.*id) \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|mp(4|3)|exe|msi|zip|on2|mar|swf)\?
acl store_rewrite_list_domain url_regex ^http:\/\/([a-zA-Z-]+[0-9-]+)\.[A-Za-z]*\.[A-Za-z]*
acl store_rewrite_list_domain url_regex (([a-z]{1,2}[0-9]{1,3})|([0-9]{1,3}[a-z]{1,2}))\.[a-z]*[0-9]?\.[a-z]{3}
acl store_rewrite_list_path urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|avc|zip|mp3|3gp|rar|on2|mar|exe)$
acl store_rewrite_list_domain_CDN url_regex streamate.doublepimp.com.*\.js\? photos-[a-z].ak.fbcdn.net \.rapidshare\.com.*\/[0-9]*\/.*\/[^\/]* ^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*) \.doubleclick\.net.* yieldmanager cpxinteractive ^http:\/\/[.a-z0-9]*\.photobucket\.com.*\.[a-z]{3}$ quantserve\.com
##acl videocache_allow_url url_regex -i \.speedtest\.net\.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|mp(4|3)|exe|msi|zip|on2|mar|txt)\?
acl videocache_allow_url url_regex -i \.youtube\.com\/get_video\?
acl videocache_allow_url url_regex -i \.youtube\.com\/videoplayback \.youtube\.com\/videoplay \.youtube\.com\/get_video\?
acl videocache_allow_url url_regex -i \.youtube\.[a-z][a-z]\/videoplayback \.youtube\.[a-z][a-z]\/videoplay \.youtube\.[a-z][a-z]\/get_video\?
acl videocache_allow_url url_regex -i \.googlevideo\.com\/videoplayback \.googlevideo\.com\/videoplay \.googlevideo\.com\/get_video\?
acl videocache_allow_url url_regex -i \.google\.com\/videoplayback \.google\.com\/videoplay \.google\.com\/get_video\?
acl videocache_allow_url url_regex -i \.google\.[a-z][a-z]\/videoplayback \.google\.[a-z][a-z]\/videoplay \.google\.[a-z][a-z]\/get_video\?
acl videocache_allow_url url_regex -i (25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/videoplayback\?
acl videocache_allow_url url_regex -i (25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/videoplay\?
acl videocache_allow_url url_regex -i (25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/get_video\?
acl videocache_allow_url url_regex -i proxy[a-z0-9\-][a-z0-9][a-z0-9][a-z0-9]?\.dailymotion\.com\/
acl videocache_allow_url url_regex -i vid\.akm\.dailymotion\.com\/
acl videocache_allow_url url_regex -i [a-z0-9][0-9a-z][0-9a-z]?[0-9a-z]?[0-9a-z]?\.xtube\.com\/(.*)flv
acl videocache_allow_url url_regex -i bitcast\.vimeo\.com\/vimeo\/videos\/
acl videocache_allow_url url_regex -i va\.wrzuta\.pl\/wa[0-9][0-9][0-9][0-9]?
acl videocache_allow_url url_regex -i \.files\.youporn\.com\/(.*)\/flv\/
acl videocache_allow_url url_regex -i \.msn\.com\.edgesuite\.net\/(.*)\.flv
acl videocache_allow_url url_regex -i media[a-z0-9]?[a-z0-9]?[a-z0-9]?\.tube8\.com\/ mobile[a-z0-9]?[a-z0-9]?[a-z0-9]?\.tube8\.com\/ www\.tube8\.com\/(.*)\/
acl videocache_allow_url url_regex -i \.mais\.uol\.com\.br\/(.*)\.flv
acl videocache_allow_url url_regex -i \.video[a-z0-9]?[a-z0-9]?\.blip\.tv\/(.*)\.(flv|avi|mov|mp3|m4v|mp4|wmv|rm|ram)
acl videocache_allow_url url_regex -i video\.break\.com\/(.*)\.(flv|mp4)
acl videocache_allow_dom dstdomain .mccont.com .metacafe.com .redtube.com .cdn.dailymotion.com
acl dontrewrite url_regex redbot\.org (get_video|videoplayback\?id|videoplayback.*id).*begin\=[1-9][0-9]*
acl getmethod method GET
storeurl_access allow videocache_allow_url
storeurl_access allow videocache_allow_dom
storeurl_access deny dontrewrite
storeurl_access deny !getmethod
storeurl_access allow store_rewrite_list_domain_CDN
storeurl_access allow store_rewrite_list
storeurl_access allow store_rewrite_list_domain store_rewrite_list_path
storeurl_access deny all
storeurl_rewrite_program /etc/squid/storeurl.pl
storeurl_rewrite_children 7
storeurl_rewrite_concurrency 10
acl QUERY2 urlpath_regex get_video\? videoplayback\? videodownload\? \.flv?
acl QUERY urlpath_regex -i \.php$ \.asp$ \.shtml$ \.cfm$ \.cfml$ \.phtml$ \.php3$ localhost
acl QUERY urlpath_regex -i \.(ini|ui|lst|list)
acl QUERY urlpath_regex -i \.(apps|captcha|reset.css|gamenotice|ickernew.css|Launcher)
#################################################################
client_db on
max_stale 52 week
refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?) 43200 99% 43200 override-expire ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth override-lastmod ignore-must-revalidate negative-ttl=10080 store-stale
#refresh_pattern .speedtest.*(jpg|txt)\? 0 99% 0
#refresh_pattern \.speedtest.*\/[0-9]*\/.*\/[^\/]* 14400 99% 14400 override-expire override-lastmod ignore-no-cache ignore-private reload-into-ims store-stale ignore-must-revalidate ignore-no-store ignore-reload negative-ttl=40320 max-stale=1440
#refresh_pattern ^http://*.speedtest.net/.* 14400 999999% 14400 ignore-no-cache reload-into-ims override-expire ignore-private
refresh_pattern -i (mrtg|graph) 0 0% 0
refresh_pattern (update.ini|Update.ini|version.list|Version.list|update.1st|update.exe) 0 0% 0
refresh_pattern -i .\(lst|ui|ini|list)$ 0 0% 0
refresh_pattern imeem.*\.flv 0 0% 0 override-lastmod override-expire
refresh_pattern -i \.(gif|png|jpg|jpeg|ico|bmp)$ 43200 99% 43200 override-expire override-lastmod ignore-no-cache ignore-private reload-into-ims store-stale ignore-must-revalidate ignore-no-store ignore-reload
refresh_pattern -i \.(7z|arj|bin|bz2|cab|dll|exe|gz|inc|iso|jar|lha|ms(i|p|u)|rar|rpm|tar|tgz|zip|rtp|rpz|nui|kom|stg|apk)$ 14400 99% 43200 override-expire override-lastmod ignore-no-cache ignore-private reload-into-ims store-stale ignore-must-revalidate ignore-no-store ignore-reload
refresh_pattern -i \.(class|css|doc|docx|js|pdf|pps|ppt|ppsx|pptx|ps|rtx|txt|wpl|xls|xlsx)$ 14400 99% 14400 override-expire override-lastmod ignore-no-cache ignore-private reload-into-ims store-stale ignore-must-revalidate ignore-no-store ignore-reload
refresh_pattern -i \.(3gp|ac4|agx|au|avi|axd|cbr|cbt|cbz|dat|divx|flv|gif|hqx|ico|jp(2|e|eg|g)|mhd|mk(a|v)|mov|mp(1|2|3|4|e|eg|g)|og(a|g|v)|qt|ra|ram|rm|swf|tif|tiff|wa(v|x)|wm(a|v|x)|x-flv)$ 14400 99% 43200 override-expire override-lastmod ignore-no-cache ignore-private reload-into-ims store-stale ignore-must-revalidate ignore-no-store ignore-reload
refresh_pattern -i \.(html|htm|css|js|php|asp|aspx|cgi)$ 1440 50% 14400
#refresh_pattern -i \.index.(html|htm)$ 0 50% 10080
refresh_pattern ^ftp: 14400 20% 14400 override-expire reload-into-ims store-stale
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern cgi-bin 0 0% 0
refresh_pattern \? 0 20% 4320
refresh_pattern . 1440 40% 14400
retry_on_error off
zero_buffers on
#################################################################
# HAVP + Clamav
#cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default
#################################################################
# HIERARCHY (BYPASS CGI)
#hierarchy_stoplist cgi-bin ? .js .jsp
#acl QUERY urlpath_regex cgi-bin \? .js .jsp
#no_cache deny QUERY
#################################################################
# Pembatasan B/W Download dgn mendeteksi extention file.
# dan pembatasan access domain
#acl warnet src 192.168.2.5-192.168.2.34
#acl kantor src 192.168.2.2-192.168.2.4 192.168.2.7 192.168.2.8 192.168.2.9
#acl hotspot src 192.168.4.11-192.168.4.26
#acl server src 192.168.3.2
#acl download url_regex -i ftp \.exe$ \.mp3$ \.mp4$ \.tar.gz$ \.gz$ \.tar.bz2$ \.rpm$ \.zip$ \.rar$ \.7z$ \.avi$ \.mpg$ \.mpeg$ \.rm$ \.iso$ \.wav$ \.mov$ \.dat$ \.mpe$ \.mid$
#acl download url_regex -i \.midi$ \.rmi$ \.wma$ \.wmv$ \.ogg$ \.ogm$ \.m1v$ \.mp2$ \.mpa$ \.wax$ \.m3u$ \.asx$ \.wpl$ \.wmx$ \.dvr-ms$ \.snd$ \.au$ \.aif$ \.asf$ \.m2v$
#acl download url_regex -i \.m2p$ \.ts$ \.tp$ \.trp$ \.div$ \.divx$ \.mod$ \.vob$ \.aob$ \.dts$ \.ac3$ \.cda$ \.vro$ \.deb$ \.pdf$ \.com$ \.nrg$ \.vcd$ \.flv$ \.swf$ \.3gp$
#delay_pools 2
#delay_class 1 1
#delay_parameters 1 60000/10000000
####delay_parameters 1 40000/10000000 15000/40000000 10000/70000000
#delay_access 1 allow download warnet
#delay_access 1 allow download hotspot
#delay_access 1 deny all
#delay_class 2 1
#delay_parameters 2 -1/-1
#delay_access 2 allow download kantor
#delay_access 2 allow download server
#delay_access 2 deny all
#################################################################
# SNMP
snmp_port 3401
acl snmpsquid snmp_community public
snmp_access allow snmpsquid localhost
snmp_access deny all
#################################################################
# ALLOWED ACCESS
acl blokir url_regex .pcmanager.co.id/ad/screensaver.php
deny_info http://192.168.2.4:50/x/screensaver/screensaver.php blokir
http_access deny blokir
acl hotspot src 0.0.0.0/0.0.0.0
acl persegi src 192.168.2.0/24
acl Jam_blokir time MTWHFA 08:03-22:02
acl pornos url_regex -i "/etc/squid/porno.txt"
http_access deny persegi pornos Jam_blokir
http_access deny hotspot pornos Jam_blokir
http_access allow persegi
http_access allow hotspot
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow persegi
icp_access allow hotspot
icp_access allow localhost
icp_access deny all
always_direct deny all
#################################################################
# Cache CGI & Administrative
cache_mgr webmaster
#cachemgr_passwd 123 all
visible_hostname www.unix.net
cache_effective_user proxy
cache_effective_group proxy
coredump_dir /var/spool/squid
shutdown_lifetime 10 seconds
logfile_rotate 14
#################################################################
# Marking ZPH for b/w management
zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136
No comments:
Post a Comment