Beranda > ClearOS > Squid.Conf

Squid.Conf


#============================================================================================================================#
#=========================================================#  AWAL  #=========================================================#
#============================================================================================================================#

acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 192.168.0.0/24 # RFC1918 possible internal network
acl localnet src 192.168.1.0/24 # RFC1918 possible internal network
acl localnet src 192.168.2.0/24 # RFC1918 possible internal network
acl localnet src 192.168.3.0/24 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access deny all
icp_access allow localnet
icp_access deny all
http_port 3128 transparent
cache_dir aufs /cache1/ 10000 16 256
cache_dir aufs /cache1/ 14000 32 256
cache_mem 8 MB
maximum_object_size_in_memory 128 MB
minimum_object_size 1 bytes
maximum_object_size 393216 KB
cache_swap_low 98
cache_swap_high 99
access_log /cache1/access.log
cache_log /cache1/cache.log
cache_store_log /cache1/store.log
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_effective_user squid
cache_effective_group squid

#=================================================================================================================================#
#=========================================================#  REGEX URL  #=========================================================#
#=================================================================================================================================#
coredump_dir /cache1/
###############################################################################
#acl PHP77 url_regex forum.php forumdisplay.php showthread.php showthreads.php
#acl PHP77 url_regex download.php downloads.php classifieds.php classified.php
#acl PHP77 url_regex forum
#no_cache deny PHP77

#hierarchy_stoplist cgi-bin ? localhost
#acl QUERY22 urlpath_regex cgi-bin \? localhost
#no_cache deny QUERY22
################################################################################
#acl store_rewrite_list urlpath_regex \/(get_video|videoplayback\?id|videoplayback.*id) \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|mp(4|3)|exe
|msi|zip|on2|mar|swf)
#acl store_rewrite_list_domain url_regex ^http:\/\/([a-zA-Z-]+[0-9-]+)\
.[A-Za-z]*\.[A-Za-z]*
#acl store_rewrite_list_domain url_regex (([a-z]{1,2}[0-9]{1,3})|([0-9]{1,3}[a-z]{1,2}))\.[a-z]*[0-9]
?\.[a-z]{3}
#acl store_rewrite_list_path urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|avc|zip|mp3|3gp|rar
|on2|mar|exe)$
#acl store_rewrite_list_domain_CDN url_regex \.rapidshare\.com.*\/[0-9]*\/.*\/[^\/]* ^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*) \.doubleclick\.net.* yieldmanager cpxinteractive ^http:\/\/[.a-z0-9]*\.photobuc
ket\.com.*\.[a-z]{3}$ quantserve\.com

emulate_httpd_log off
server_http11 on
redirector_bypass on

acl video urlpath_regex                   \/(get_video|videoplayback\?id
|videoplayback.*id)
acl speedtest urlpath_regex               \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|mp(4|3)|exe
|msi|zip|on2|mar|txt)\?
acl angka1 url_regex                      ^http:\/\/([a-zA-Z-]+[0-9-]+)\
.[A-Za-z]*\.[A-Za-z]*
acl angka2 url_regex                      (([a-z]{1,2}[0-9]{1,3})|([0-9]{1,3}[a-z]{1,2}))\.[a-z]*[0-9]
?\.[a-z]{3}
acl gambar urlpath_regex                  \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|avc|zip|mp3|3gp|rar
|on2|mar|exe)$
acl rapidshare url_regex                  \.rapidshare\.com.*\/[0-9]*\/.*\/[^\/]* ^http:\/\/(www\.ziddu\.com.*\.
[^\/]{3,4})\/(.*) \.doubleclick\.net.*
acl photobucket url_regex                 ^http:\/\/[.a-z0-9]*\.photobuc
ket\.com.*\.[a-z]{3}$ quantserve\.com
acl google url_regex                      ^http:\/\/[a-z]+[0-9]\.google\
.co(m|\.id)
acl indowebster url_regex                 ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(rar|zip|flv|wm(a|v)|3gp|mp(4|3)|exe|msi|avi|(mp(e?g|a|e|1|2|3|4))|cab|
exe)
acl getmethod method GET

storeurl_access allow video
storeurl_access allow speedtest
storeurl_access allow gambar
storeurl_access allow rapidshare
storeurl_access allow photobucket
storeurl_access allow indowebster
storeurl_access deny all

storeurl_rewrite_program /usr/local/squid/etc/storeurl.
pl
storeurl_rewrite_children 1
storeurl_rewrite_concurrency 100
#storeurl_rewrite_children 15 #7
#storeurl_rewrite_concurrency 10 #60

#=======================================================================================================================================#
#=========================================================#  REFRESH PATTERN  #=========================================================#
#=======================================================================================================================================#
# VIDEO CACHE
refresh_pattern ^http://(.*?)/get_video\? 10080 90% 432000 override-expire ignore-no-cache ignore-private
refresh_pattern ^http://(.*?)/videoplayback\? 10080 90% 432000 override-expire ignore-no-cache ignore-private
refresh_pattern -i (get_video\?|videoplayback\?id
|videoplayback.*id) 161280 50000% 525948 override-expire ignore-reload

# facebook
refresh_pattern ((facebook.com)|(85.131.151.39)).*\.(jpg|png|gif) 129600 100% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ((tagged.com)|(96.17.109.27)).*\.(jpg|png|gif) 129600 100% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern static\.ak\.fbcdn\.net*\.(jpg|gif|png) 129600 100% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png) 129600 100% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern edgecastcdn.\net.*\.swf? 129600 100% 129600 override-expire ignore-reload store-stale
refresh_pattern \.(jp(e?g|e|2)|tiff?|bmp|gif|png)($|&) 129600 100% 129600 ignore-no-cache ignore-no-store reload-into-ims override-expire store-stale
refresh_pattern .zynga.net.*\.(jpg|gif|png|swf|mp3)($|&) 129600 100% 129600 store-stale
refresh_pattern .zynga.com.*\.(jpg|gif|png|swf|mp3)($|&) 129600 100% 129600 store-stale
refresh_pattern .farmville.net.*\.(jpg|gif|png|swf|mp3)($|&) 129600 100% 129600 store-stale
refresh_pattern .farmville.com.*\.(jpg|gif|png|swf|mp3)($|&) 129600 100% 129600 store-stale
refresh_pattern .ninjasaga.com.*\.(jpg|gif|png|swf|mp3)($|&) 129600 100% 129600 store-stale
refresh_pattern .apps.facebook.com.*\.(jpg|gif|png|swf|mp3)($|&) 129600 100% 129600 store-stale
refresh_pattern .frontierville.*\.(jpg|gif|png|swf|mp3)($|&) 129600 100% 129600 store-stale
refresh_pattern .tagged.*\.(jpg|gif|png|swf|mp3)($|&) 129600 100% 129600 store-stale

#ads
refresh_pattern ^.*(utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net)
.* 129600 20% 129600 ignore-no-cache ignore-no-store ignore-private override-expire ignore-reload ignore-auth store-stale negative-ttl=40320 max-stale=1440

#specific sites
refresh_pattern ^.*safebrowsing.*google 129600 100% 129600 override-expire ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth negative-ttl=10080 store-stale
refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?) 129600 99100% 129600 override-expire ignore-reload store-stale
refresh_pattern \.(ico|video-stats) 129600 100% 129600 override-expire ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth override-lastmod negative-ttl=10080 store-stale

# pictures & images
refresh_pattern -i \.(gif|png|jpeg|jpg|bmp|tif|tiff|ico|swf)$ 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth ignore-private store-stale
refresh_pattern -i \.(gif|png|jpeg|jpg|bmp|tif|tiff|ico|swf)\? 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth ignore-private store-stale

# website
#refresh_pattern -i \.(xml|html|htm|js|jsp|txt|css|php|asp)$ 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth store-stale
refresh_pattern -i \.(xml|js|jsp|txt|css)$ 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth store-stale
refresh_pattern -i \.(xml|js|jsp|txt|css)\? 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth store-stale

#sound, video multimedia
refresh_pattern -i \.(flv|x-flv|mov|avi|qt|mpg|mpeg|wmv)$ 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache store-stale
refresh_pattern -i \.(wav|mp3|mp4|au|mid)$ 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth ignore-private store-stale

# files
refresh_pattern -i \.(iso|deb|rpm|zip|tar|tgz|ram|rar|bin|ppt|doc)$ 10080 90% 43200 ignore-no-cache ignore-auth store-stale
refresh_pattern -i \.(zip|gz|arj|lha|lzh)$ 10080 100% 43200 override-expire ignore-no-cache ignore-auth store-stale
refresh_pattern -i \.(rar|tgz|tar|exe|bin)$ 10080 100% 43200 override-expire ignore-no-cache ignore-auth ignore-reload ignore-no-cache store-stale
refresh_pattern -i \.(hqx|pdf|rtf|doc|swf)$ 10080 100% 43200 override-expire ignore-no-cache ignore-auth store-stale
refresh_pattern -i \.(inc|cab|ad|txt|dll)$ 10080 100% 43200 override-expire ignore-no-cache ignore-auth store-stale

#IIX DOWNLOAD
refresh_pattern ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(mp3|rar|zip|flv|wmv|3gp|mp(4|3)|exe|msi|zip) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale ignore-auth

#default option
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern -i (/cgi-bin/|\?) 1    0%    2
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320 store-stale

#=============================================================================================================================#
#=========================================================#  TOOLS  #=========================================================#
#=============================================================================================================================#
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
negative_ttl 2 minutes
half_closed_clients off

connect_timeout 1 minute
read_timeout 15 minutes
request_timeout 5 minutes
persistent_request_timeout 2 minutes
half_closed_clients on
shutdown_lifetime 30 seconds

icp_port 0
prefer_direct off

ipcache_size 5120
ipcache_low 98
ipcache_high 99

fqdncache_size 5120

memory_pools off
log_icp_queries off
icp_hit_stale on
query_icmp on
reload_into_ims on
pipeline_prefetch on
vary_ignore_expire on

header_access X-Forwarded-For deny all
client_persistent_connections on
server_persistent_connections off
half_closed_clients off
strip_query_terms off
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 100
vary_ignore_expire on
reload_into_ims on
pipeline_prefetch on
negative_ttl 30 seconds
positive_dns_ttl 6 hours
negative_dns_ttl 60 seconds
pconn_timeout 15 seconds
request_timeout 1 minute
log_icp_queries off
ipcache_size 8192
ipcache_low 98
ipcache_high 99
log_fqdn off
fqdncache_size 8192
memory_pools off
forwarded_for on
prefer_direct on
persistent_connection_after_er
ror on
balance_on_multiple_ip on
store_avg_object_size 50 KB

n_aiops_threads 24
load_check_stopen on
load_check_stcreate on
download_fastest_client_speed on
#=============================================================================================================================#
#===================================================#     DELAY POOLS     #===================================================#
#=============================================================================================================================#

acl bypas url_regex -i 192.168.0.1/
acl admin src 192.168.0.2
acl warnet src 192.168.0.3-192.168.0.13
acl  magic_words1 url_regex -i 192.168.2.0/24
acl  magic_words1 url_regex -i 192.168.3.0/24
acl  file-file url_regex -i ftp \.ppt \.tar.gz \.tar.bz \.tar.bz2 \.gz \.rpm \.zip \.gzip \.bin \.rar \.qt \.iso \.raw \.tar \.doc \.z \.arj \.lzh \.vqf \.exe
acl  audio-audio url_regex -i \.mp3 \.mp2 \.aac \.wav \.mid \.wmv \.wma \.ogg
acl  striming url_regex -i \.mov \.avi \.mpeg \.mpe \.mpg \.ram \.rm \.flv \.flv-x \.mp4 \.3gp \.mkv
acl  striming url_regex -i get_video? video_id? videodownload? videoplayback? .c.youtube.com
acl  speedtt url_regex -i  \.jpg?

delay_pools 4

delay_class 1 2
delay_access 1 allow magic_words1
delay_parameters 1 -1/-1 -1/-1
delay_access 1 deny bypas

delay_class 2 1
delay_access 2 allow file-file
delay_parameters 2 25600/25600

delay_class 3 1
delay_access 3 allow audio-audio
delay_parameters 3 25600/25600

delay_class 4 1
delay_access 4 allow striming
delay_parameters 4 51200/51200

#delay_class 5 2
#delay_access 5 allow speedtt
#delay_parameters 5 -1/-1 32785/3278500

Iklan
Kategori:ClearOS
  1. Heri
    10 November 2012 pukul 12:01 AM

    bro… gua udah ikutin semua config disini.. tapi kok tetep ga bisa yah… ini config untuk lusca squid kan ???
    selalu muncul Please enable the proxy server settings with following values: di web browser ku :(, salah dimana yah kira2 bos… bisa bantuin ?? kalau boleh tolong email ke saya dong bos… herryjr87@yahoo.com

    thanks a lot

    • 17 November 2012 pukul 3:45 AM

      Coba gan, masukin IP proxy nya di browser beserta port nya..

      • joe
        3 Januari 2013 pukul 4:21 PM

        sama gan ane pun ga bisa… percis kejadian ama agan heri di atas…jika buka facebook kayak agan heri di atas.. tp klo saya buka google.co.id jd kyk di bawah ini…mohon pencerahanya gan…makasih sebelumna telah berbagi ilmu

        An error occurred during a connection to http://www.google.co.id.

        SSL received a record that exceeded the maximum permissible length.

        (Error code: ssl_error_rx_record_too_long)

  2. joe
    3 Januari 2013 pukul 4:24 PM

    joe :
    sama gan ane pun ga bisa… percis kejadian ama agan heri di atas…jika buka facebook kayak agan heri di atas.. tp klo saya buka google.co.id jd kyk di bawah ini…mohon pencerahanya gan…makasih sebelumna telah berbagi ilmu
    An error occurred during a connection to http://www.google.co.id.
    SSL received a record that exceeded the maximum permissible length.
    (Error code: ssl_error_rx_record_too_long)

    ariffauzan :
    Coba gan, masukin IP proxy nya di browser beserta port nya..

    untuk di browsernya udah saya masukin ip beserta portna…di setingan proxynya udah saya rubah biar lari ke ip roxy…oia gan saya make server standalone maksudnya biar nanti saya ubah ipnya lari ke mikrotik…sementara setara sama jaringan lokal…

    • 12 Januari 2013 pukul 10:47 AM

      IP nya disesuaikan gan..
      Coba di teliti lagi…

  1. No trackbacks yet.

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s

%d blogger menyukai ini: