#######################################################
## SQUID 2.7 - High Performance Configuration
## ====================================================
## ## Updated: 3.2011
#######################################################
##start of config
http_port 3128 transparent
server_http11 on
icp_port 0
# File Squid
pid_filename /var/run/squid.pid
coredump_dir /var/spool/squid/
error_directory /usr/share/squid/errors/English
icon_directory /usr/share/squid/icons
mime_table /usr/share/squid/mime.conf
visible_hostname proxy
# Log Squid
access_log /var/log/squid/access.log
cache_log /dev/null
cache_store_log /dev/null
# Beberapa log yg tidak signifikan karena opsi2-nya jarang digunakan.
log_fqdn off
log_icp_queries off
buffered_logs off
emulate_httpd_log off
ftp_list_width 32
ftp_passive on
ftp_sanitycheck on
acl localnet src 172.209.100.0/24 #----------------> sesuaikan dg ip local
uri_whitespace strip
#DNS NAMESERVER
dns_nameservers 192.168.11.1 #----------------> sesuaikan dg gateway proxy
cache_mem 8 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir aufs /cache 20000 32 256
#cache_dir aufs /cache 200000 54 256 #untuk ubuntu 64 bit
minimum_object_size 512 bytes
maximum_object_size 128000 KB
offline_mode off
cache_swap_low 98
cache_swap_high 99
# Setup some default acls
acl all src 0.0.0.0/0
acl localhost src 127.0.0.1/32
acl safeports port 21 70 80 81 210 280 443 488 563 591 631 777 901 3128 1025-65535
acl sslports port 443 563 81
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl dynamic urlpath_regex cgi-bin \?
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports
http_access allow localhost
# Allow local network(s) on interface(s)
http_access allow localnet
http_access deny all
#http_gzip on
#http_gzip_types text/plain,text/html,text/xml,text/css,application/xml,application/xhtml+xml,application/rss+xml,application/javascript,application/x-javascript
# TAG: ZPH
tcp_outgoing_tos 0x30 localnet
zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136
# delay polls
acl admin src 192.168.1.123/32 #ip administrator
acl management src 192.168.1.123/32 #---> ip administrator
acl download url_regex -i \.avi$ \.mpg$ \.mpeg$ \.rm$ \.iso$ \.wav$ \.mov$ \.dat$ \.mpe$ \.mid$ \.flv$ \.3gp$
acl download url_regex -i ftp \.exe$ \.mp3$ \.mp4$ \.tar.gz$ \.gz$ \.tar.bz2$ \.rpm$ \.zip$ \.rar$
acl download url_regex -i \.midi$ \.rmi$ \.wma$ \.wmv$ \.ogg$ \.ogm$ \.m1v$ \.mp2$ \.mpa$ \.wax$
acl download url_regex -i \.m3u$ \.asx$ \.wpl$ \.wmx$ \.dvr-ms$ \.snd$ \.au$ \.aif$ \.asf$ \.m2v$
acl download url_regex -i \.m2p$ \.ts$ \.tp$ \.trp$ \.div$ \.divx$ \.mod$ \.vob$ \.aob$ \.dts$
acl download url_regex -i \.ac3$ \.cda$ \.vro$ \.deb$ \.mkv$
delay_pools 2
delay_class 1 1
delay_parameters 1 -1/-1
delay_access 1 allow admin
delay_access 1 allow admin management
delay_access 1 deny all
delay_class 2 1
#delay_parameters 2 40000/512000
delay_parameters 2 30000/1000000
delay_access 2 allow download
delay_access 2 deny all
#cache content
acl store_rewrite_list urlpath_regex \/(get_video|videoplayback\?id|videoplayback.*id) \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|mp(4|3)|exe|msi|zip|on2|mar|swf)\?
acl store_rewrite_list_domain url_regex ^http:\/\/([a-zA-Z-]+[0-9-]+)\.[A-Za-z]*\.[A-Za-z]*
acl store_rewrite_list_domain url_regex (([a-z]{1,2}[0-9]{1,3})|([0-9]{1,3}[a-z]{1,2}))\.[a-z]*[0-9]?\.[a-z]{3}
acl store_rewrite_list_path urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|avc|zip|mp3|3gp|rar|on2|mar|exe)$
acl store_rewrite_list_domain_CDN url_regex (khm|mt)[0-9]?.google.co(m|\.id) streamate.doublepimp.com.*\.js\? photos-[a-z].ak.fbcdn.net \.rapidshare\.com.*\/[0-9]*\/.*\/[^\/]* ^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*) \.doubleclick\.net.* yieldmanager cpxinteractive ^http:\/\/[.a-z0-9]*\.photobucket\.com.*\.[a-z]{3}$ quantserve\.com
acl dontrewrite url_regex yimg.com redbot\.org (get_video|videoplayback\?id|videoplayback.*id).*begin\=[1-9][0-9]* \.php\?
acl getmethod method GET
#snmp
snmp_port 3401
acl snmppublic snmp_community public
snmp_access allow snmppublic all
storeurl_rewrite_children 1
storeurl_rewrite_concurrency 99
storeurl_access deny dontrewrite
storeurl_access deny !getmethod
storeurl_access allow store_rewrite_list_domain_CDN
storeurl_access allow store_rewrite_list
storeurl_access allow store_rewrite_list_domain store_rewrite_list_path
storeurl_access deny all
hierarchy_stoplist (ini|ui|lst|inf||mh-|sc-)$ (afs.dat|update.txt|vdf.info.gz|captcha|reset.css|gamenotice|ickernew.css)
acl QUERY urlpath_regex -i \.(ini|ui|lst|inf|mh-|sc-)$
acl QUERY urlpath_regex -i (afs.dat|captcha|reset.css|update.txt|gamenotice|vdf.info.gz)
cache deny QUERY
# 1 year = 525600 mins, 1 month = 43800 mins
refresh_pattern (get_video|videoplayback|videodownload|\.flv).*(begin|start)\=[1-9][0-9]* 0 0% 0
refresh_pattern imeem.*\.flv 0 0% 0 override-lastmod override-expire
refresh_pattern ^ftp: 40320 20% 40320 override-expire reload-into-ims store-stale
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern ^.*(streamate.doublepimp.com.*\.js\?|utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 5259487 20% 5259487 ignore-no-cache ignore-no-store ignore-private override-expire ignore-reload ignore-auth ignore-must-revalidate store-stale negative-ttl=40320 max-stale=1440
refresh_pattern .fbcdn.net.*\.(jpg|gif|png) 5259487 999999% 5259487 ignore-no-cache override-expire ignore-reload store-stale negative-ttl=0
refresh_pattern ((facebook.com)|(85.131.151.39)).*\.(png|gif) 5259487 999999% 5259487 override-expire ignore-reload store-stale
refresh_pattern ^http://v\.okezone\.com/get_video\/([a-zA-Z0-9]) 129600 100% 129600 ignore-no-cache ignore-no-store reload-into-ims override-expire ignore-must-revalidate store-stale
#antivirus
refresh_pattern avast.com.*\.vpx 40320 50% 161280 store-stale reload-into-ims
refresh_pattern (avgate|avira).*\.(idx|gz)$ 1440 90% 1440 ignore-reload ignore-no-cache ignore-no-store store-stale ignore-must-revalidate
refresh_pattern kaspersky.*\.avc$ 5259487 999999% 5259487 ignore-reload store-stale
refresh_pattern kaspersky 1440 50% 161280 ignore-no-cache store-stale
refresh_pattern mbamupdates.com.*\.ref 1440 50% 161280 reload-into-ims store-stale
#other sites
refresh_pattern \.rapidshare.*\/[0-9]*\/.*\/[^\/]* 161280 90% 161280 ignore-reload store-stale
refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?) 5259487 99999999% 5259487 override-expire ignore-reload store-stale ignore-private negative-ttl=0
refresh_pattern \.(ico|video-stats) 5259487 999999% 5259487 override-expire ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth override-lastmod ignore-must-revalidate negative-ttl=10080 store-stale
refresh_pattern \.etology\? 5259487 999999% 5259487 override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern galleries\.video(\?|sz) 5259487 999999% 5259487 override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern brazzers\? 5259487 999999% 5259487 override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern \.adtology\? 5259487 999999% 5259487 override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern ^.*safebrowsing.*google 5259487 999999% 5259487 override-expire ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth ignore-must-revalidate negative-ttl=10080 store-stale
refresh_pattern ^http://((cbk|mt|khm|mlt)[0-9]?)\.google\.co(m|\.id) 5259487 999999% 5259487 override-expire ignore-reload store-stale ignore-private negative-ttl=10080
refresh_pattern ytimg\.com.*\.(jpg|png) 5259487 999999% 5259487 override-expire ignore-reload store-stale
refresh_pattern images\.friendster\.com.*\.(png|gif) 5259487 999999% 5259487 override-expire ignore-reload store-stale
refresh_pattern garena\.com 5259487 999999% 5259487 override-expire reload-into-ims store-stale
refresh_pattern photobucket.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 5259487 999999% 5259487 override-expire ignore-reload store-stale
refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 5259487 999999% 5259487 ignore-no-cache override-expire override-lastmod store-stale
refresh_pattern ^http:\/\/images|openx|pics|thumbs[0-9]\. 5259487 999999% 5259487 ignore-no-cache ignore-no-store ignore-reload override-expire store-stale
refresh_pattern ^http:\/\/www.onemanga.com.*\/ 5259487 999999% 5259487 reload-into-ims override-expire store-stale
refresh_pattern mediafire.com\/images.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 5259487 999999% 5259487 reload-into-ims override-expire ignore-private store-stale
refresh_pattern \.(jp(e?g|e|2)|tiff?|bmp|gif|png) 5259487 999999% 5259487 ignore-no-cache ignore-no-store reload-into-ims override-expire ignore-must-revalidate store-stale
refresh_pattern \.(z(ip|[0-9]{2})|r(ar|[0-9]{2})|jar|bz2|gz|tar|rpm|vpu) 5259487 100% 5259487 override-expire reload-into-ims
refresh_pattern \.(mp3|wav|og(g|a)|flac|midi?|rm|aac|wma|mka|ape) 5259487 100% 5259487 override-expire reload-into-ims ignore-reload
refresh_pattern \.(exe|msi|dmg|bin|xpi|iso|swf|mar|psf|cab) 5259487 999999%% 5259487 override-expire reload-into-ims ignore-no-cache ignore-must-revalidate
refresh_pattern \.(mpeg|ra?m|avi|mp(g|e|4)|mov|divx|asf|wmv|m\dv|rv|vob|asx|ogm|flv|3gp|on2) 5259487 100% 5259487 override-expire reload-into-ims
refresh_pattern -i (cgi-bin) 0 0% 0
refresh_pattern \.(php|jsp|cgi|asx)\? 0 0% 0
refresh_pattern . 0 50% 161280 store-stale
header_access X-Forwarded-For deny all
storeurl_rewrite_program /etc/squid/storeurl.pl
#extra tuning configuration
header_access Accept-Encoding deny all
client_persistent_connections off
server_persistent_connections on
half_closed_clients off
strip_query_terms off
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 100
vary_ignore_expire on
reload_into_ims on
pipeline_prefetch on
range_offset_limit 512 KB
read_timeout 30 minutes
client_lifetime 6 hours
negative_ttl 30 seconds
positive_dns_ttl 6 hours
negative_dns_ttl 60 seconds
pconn_timeout 15 seconds
request_timeout 1 minute
store_avg_object_size 13 KB
log_icp_queries off
ipcache_size 16384
ipcache_low 98
ipcache_high 99
log_fqdn off
fqdncache_size 16384
memory_pools off
forwarded_for on
logfile_rotate 3
store_dir_select_algorithm round-robin
cache_effective_user proxy
cache_effective_group proxy
max_filedescriptors 8192
Wednesday, 28 May 2014
squid-coba · version 2
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment