Squid 3 buat jessie

1. # Testing Configuration #
2. http_port 3128
3.  
4. auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/passwd
5.  
6. refresh_pattern ^ftp: 1440 20% 10080
7. refresh_pattern ^gopher: 1440 0% 1440
8. refresh_pattern -i (/cgi-bin/|?) 0 0% 0
9. refresh_pattern . 0 20% 4320
10.  
11. acl localnet src 10.0.0.0/8 # RFC 1918 possible internal network
12. acl localnet src 172.16.0.0/12 # RFC 1918 possible internal network
13. acl localnet src 192.168.0.0/16 # RFC 1918 possible internal network
14. acl localnet src fc00::/7 # RFC 4193 local private network range
15. acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
16. acl ncsa_users proxy_auth REQUIRED
17.  
18. acl SSL_ports port 443 # https
19.  
20. acl Safe_ports port 80 # http
21. acl Safe_ports port 21 # ftp
22. acl Safe_ports port 443 # https
23. acl Safe_ports port 70 # gopher
24. acl Safe_ports port 210 # wais
25. acl Safe_ports port 1025-65535 # unregistered ports
26. acl Safe_ports port 280 # http-mgmt
27. acl Safe_ports port 488 # gss-http
28. acl Safe_ports port 591 # filemaker
29. acl Safe_ports port 777 # multiling http
30.  
31. acl CONNECT method CONNECT
32.  
33. http_access deny !Safe_ports
34. http_access deny CONNECT !SSL_ports
35. http_access allow localhost manager
36. http_access deny manager
37. http_access allow localnet
38. http_access allow localhost
39. http_access allow ncsa_users
40. http_access deny all
41.  
42. #############################
43. # OPTIONS WHICH AFFECT THE CACHE SIZE
44. # ==============================
45. #
46. cache_mem 16 MB
47. maximum_object_size_in_memory 32 KB
48. memory_replacement_policy heap GDSF
49. cache_replacement_policy heap LFUDA
50. cache_dir aufs /var/spool/squid3 10000 14 256
51. maximum_object_size 128000 KB
52. cache_swap_low 95
53. cache_swap_high 99
54. #
55. # LOGFILE PATHNAMES AND CACHE DIRECTORIES
56. # ==================================
57. #
58. access_log /var/log/squid3/access.log
59. cache_log /var/log/squid3/cache.log
60. #cache_log /dev/null
61. cache_store_log none
62. logfile_rotate 5
63. log_icp_queries off
64. #
65.  
66. # REFRESH PATTERN
67. # Dhananjaya(c)2012
68. #——–
69. # 1 year = 525600 mins, 1 month = 43200, 1 week = 10080 mins, 1 day = 1440
70. #——–
71. max_stale 3 years
72.  
73. refresh_pattern .*(get_video?|videoplayback?|videodownload?|.flv?) 129600 99% 129600 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
74. refresh_pattern .*(get_video?|videoplayback?(id.*)?|videoplayback.*id|videodownload?|.flv?) 129600 99% 129600 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
75. refresh_pattern .*.youtube.com/(watch?|get_video?|videoplayback?(id.*)?|videoplayback.*id|videodownload?|.flv?).*.(flv|swf|mp3|mp4|webm|xml|txt|js|css)(.*)? 129600 99% 129600 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
76.  
77. refresh_pattern (get_video?|videoplayback?|videodownload?|.flv?).*.((x-)?flv|(x-)?swf|mp(3|4)) 129600 99% 129600 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
78. refresh_pattern (get_video?|videoplayback?(id.*)?|videoplayback.*id|videodownload?|.flv?).*.((x-)?flv|(x-)?swf|mp(3|4)) 129600 99% 129600 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
79.  
80. refresh_pattern .(ico|video-stats)(.*)? 129600 99% 129600 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
81. refresh_pattern -i .speedtest/.*.(jpe?g|swf|png|gif|html|txt|xml|html|css|js|php) 64800 99% 64800 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
82. refresh_pattern -i /[a-z].speedtest.net/.*.(jpe?g|swf|bmp|png|ico|css|js|gif|php) 64800 99% 64800 ignore-must-revalidate ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
83.  
84. ######################
85. # adds and cdn for bandwidth saving
86. ######################
87. refresh_pattern -i ^http://ssl.gstatic.com/.*.(jpe?g|swf|png|gif|bmp|js|css) 11520 99% 11520 ignore-reload reload-into-ims store-stale
88. refresh_pattern -i .gstatic.com/.*.(gif|jpe?g|bmp|png|swf|js|css)(.*)? 43200 99% 43200 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
89. refresh_pattern -i ^http://www.google.co(.id|m)/images/.*.(jpe?g|swf|png|gif|bmp|js|css) 11520 99% 525600 ignore-reload ignore-private reload-into-ims store-stale
90. refresh_pattern -i ^http://www.google.co(.id|m)/.*.(jpe?g|swf|png|gif|bmp|js|css|html|gzip|zip|rar|tar|nar) 11520 99% 11520 ignore-reload ignore-private reload-into-ims store-stale
91. refresh_pattern -i .*(.doubleclick.net|.quantserve.com|.googlesyndication.com|yieldmanager|cpxinteractive).*.(jpe?g|swf|bmp|png|ico|css|js|gif) 64800 99% 64800 ignore-must-revalidate ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
92. refresh_pattern -i ^http://cdn(.*)?.fastclick.net/.*.(gif|jpe?g|bmp|png|swf|js|css)(.*)? 43200 99% 43200 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
93.  
94. ######################
95. # situs2 populer Indonesia
96. ######################
97. # kapanlagi
98. refresh_pattern -i ^http://[a-z].kapanlaginetwork.com/.*(jpe?g|swf|png|bmp|ico|gif|txt|css|js)(.*)? 64800 99% 64800 ignore-reload reload-into-ims override-expire override-lastmod store-stale
99. refresh_pattern -i http://www.kapanlagi.com/ 0 0% 0
100.  
101. # okezone
102. refresh_pattern -i http://cdn.okeinfo.net/.*.(jpe?g|swf|png|bmp|ico|gif|txt|css|js)(.*)? 64800 99% 64800 ignore-reload reload-into-ims store-stale
103. refresh_pattern -i http://img.okeinfo.net/.*.(jpe?g|swf|png|bmp|ico|gif|txt|css|js)(.*)? 64800 99% 64800 ignore-reload reload-into-ims store-stale
104. refresh_pattern -i http://cdn.okezone.tv/.*.(jpe?g|swf|png|bmp|ico|gif|txt|css|js)(.*)? 64800 99% 64800 ignore-reload reload-into-ims store-stale
105. refresh_pattern -i .okezone.com/.*.(jpe?g|swf|png|bmp|ico|gif|txt|css|js)(.*)? 64800 99% 64800 ignore-reload reload-into-ims store-stale
106. refresh_pattern -i ^http://www.okezone.com/ 0 0% 0
107.  
108. # kompas
109. refresh_pattern -i ^http://stat.k.kidsklik.com/.*.(gif|jpe?g|png|swf|js|css|ico|bmp) 43200 99% 43200 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
110. refresh_pattern -i ^http://img.ads.kompas.com/.*.(gif|jpe?g|png|swf|js|css|ico|bmp) 43200 99% 43200 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
111. refresh_pattern -i ^http://ads.*.kompasads.com/.*.(gif|jpe?g|png|swf|js|css|ico|bmp) 43200 99% 43200 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
112. refresh_pattern -i ^http://assets.kompas.com/.*.(gif|jpe?g|png|swf|js|css|ico|bmp) 43200 99% 43200 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
113. refresh_pattern -i ^http://tv.kompas.com/.*.(gif|jpe?g|png|swf|js|css|ico|bmp) 43200 99% 43200 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
114. refresh_pattern -i ^http://www.kompas.com/ 0 0% 0
115.  
116. # detik
117. refresh_pattern -i ^http://www.detik.com/.*.(gif|jpe?g|ico|png|swf|js|css|bmp) 1440 99% 1440 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
118. refresh_pattern -i ^http://detik.net.id/.*.(gif|jpe?g|ico|png|swf|js|css|bmp) 1440 99% 1440 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
119. refresh_pattern -i ^http://images.detik.com/.*.(gif|jpe?g|ico|png|swf|js|css|bmp) 1440 99% 1440 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
120. refresh_pattern -i ^http://openx.detik.com/.*.(gif|jpe?g|ico|png|swf|js|css|bmp) 1440 99% 1440 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
121. refresh_pattern -i .detik.com/.*.(gif|jpe?g|ico|png|swf|js|css|bmp) 1440 99% 1440 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
122. refresh_pattern -i ^http://www.mytrans.com/.*.(gif|jpe?g|ico|png|swf|js|css|bmp) 43200 99% 43200 ignore-no-store ignore-must-revalidate ignore-private override-expire override-lastmod reload-into-ims store-stale
123. refresh_pattern -i ^http://[a-z][a-z]{0,1}.serving-sys.com/.*.(gif|jpe?g|ico|png|swf|js|css|bmp) 43200 99% 43200 ignore-no-store ignore-must-revalidate ignore-private override-expire override-lastmod reload-into-ims store-stale
124. refresh_pattern -i ^http://adsbox.detik.com/.*.(gif|jpe?g|ico|png|swf|js|css|bmp) 1440 99% 1440 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
125. refresh_pattern -i ^http://pagead[1-9].googlesyndication.com/.*.(gif|jpe?g|ico|png|swf|js|css|bmp) 1440 99% 1440 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
126. refresh_pattern -i ^http://www.detik.com/ 0 0% 0
127.  
128. # 4Shared
129. refresh_pattern -i ^http://static.4shared.com/.*.(jpe?g|swf|png|ico|css|js|gif|wmv|avi|mp3|mp4|3gp|flv) 43200 99% 43200 ignore-reload reload-into-ims ignore-must-revalidate store-stale
130. refresh_pattern -i ^http://www.4shared.com/ 0 0% 0
131.  
132. # Bhinneka
133. refresh_pattern -i ^http://www.bhinneka.com/.*.(jpe?g|png|bmp|ico|gif|swf|js|css) 43200 99% 43200 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
134. refresh_pattern -i ^http://s[1-9].bmdstatic.com/.*.(jpe?g|bmp|ico|gif|png|css|js|swf) 43200 99% 43200 ignore-no-store ignore-private ignore-reload override-expire override-lastmod reload-into-ims store-stale
135.  
136. ######################
137. # MANGA and korean sites
138. ######################
139. refresh_pattern -i ^http://www.epdrama.com/.*.(gif|jpe?g|png|swf|js|css|bmp) 43200 99% 43200 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
140. refresh_pattern -i (.*)?animeshippunden.com/.*.(png|jpe?g|bmp|gif|txt|js|css) 43200 99% 129600 ignore-private override-expire override-lastmod reload-into-ims store-stale
141. refresh_pattern -i (.*)?mangacanblog.com/.*.(png|jpe?g|bmp|gif|txt|js|css) 43200 99% 129600 ignore-private override-expire override-lastmod reload-into-ims store-stale
142. refresh_pattern -i ^http://i.*.photobucket.com/.*.(gif|bmp|jpe?g|png|swf|js|css) 43200 99% 43200 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
143. refresh_pattern -i http://i[1-9].ytimg.com/.*.(png|jpe?g|bmp|giff?|swf|js|css) 43200 99% 129600 ignore-private override-expire override-lastmod reload-into-ims store-stale
144. refresh_pattern -i ^http://w{1}.ytimg.com/.*.(png|jpe?g|bmp|giff?|swf|js|css) 43200 99% 129600 ignore-private override-expire override-lastmod reload-into-ims store-stale
145. refresh_pattern -i ^http://klimg.com/.*.(jpe?g|swf|png|bmp|ico|gif|txt|css|js) 64800 99% 64800 ignore-reload reload-into-ims store-stale
146.  
147. ######################
148. # All Files
149. ######################
150. refresh_pattern -i .(exe|bin|(n|t)ar|acv|(r|j)ar|t?gz|(g|b)z(ip)?2?|7?z(ip)?|patch|diff|vpu|inc|r(a|p)m|kom|iso|sys|dat|msi|cab|dvr-ms|ace|asx|qt|xt)$ 43200 99% 43200 ignore-no-store ignore-must-revalidate override-lastmod reload-into-ims store-stale
151. refresh_pattern -i .(ico(.*)?|pn[pg]|css|(g|t)iff?|jpe?g(2|3|4)?|psd|c(d|b)r|cad|bmp)$ 43200 99% 43200 ignore-no-store ignore-must-revalidate override-lastmod reload-into-ims store-stale
152. refresh_pattern -i .(webm|(x-)?swf|mp(eg)?(3|4)|mpe?g(av)?|(x-)?f(l|4)v|divx?|rmvb?|mov|trp|ts|avi|wmv|wmp|m4v|mkv|asf|dv|vob|3gp?2?)$ 43200 99% 43200 ignore-no-store ignore-must-revalidate override-lastmod reload-into-ims store-stale
153. refresh_pattern -i .(m4a|aa?c3?|wm?av?|og(x|v|a|g)|ape|mka|au|aiff|flac|m4(b|r)|m1v|m2(v|p)|mo(d|v)|arj|lha|lzh|on2)$ 43200 99% 43200 ignore-no-store ignore-must-revalidate override-lastmod reload-into-ims store-stale
154. refresh_pattern -i .(docx?|xlsx?|pptx?|rtf|pdf|tiff?|txt)$ 43200 99% 43200 ignore-no-store ignore-must-revalidate override-lastmod reload-into-ims store-stale
155. refresh_pattern -i .index.(html|htm)$ 0 40% 10080
156. refresh_pattern -i .(css|js)$ 1440 40% 43200
157. refresh_pattern -i .htm$ 720 40% 1440
158. refresh_pattern -i .html$ 720 40% 1440
159.  
160. ########################################################################
161. always_direct allow all
162. #ssl_bump server-first all
163.  
164. #ssl_bump allow all
165. ##Or may be deny all according to your company policy
166. ##sslproxy_cert_error deny all
167. #acl TrustedName url_regex -i “/etc/squid3/https.conf”
168. #sslproxy_cert_error allow TrustedName
169.  
170. #sslproxy_cert_error allow all
171. #sslproxy_flags DONT_VERIFY_PEER
172. #sslcrtd_program /lib/squid3/ssl_crtd3 -s /var/lib/ssl_db -M 8MB
173. #sslcrtd_children 20
174.  
175. #########################
176. # MISc
177. #########################
178. request_header_access From deny all
179. request_header_access Server deny all
180. request_header_access WWW-Authenticate deny all
181. request_header_access Link deny all
182. request_header_access Cache-Control deny all
183. request_header_access Proxy-Connection deny all
184. request_header_access X-Cache deny all
185. request_header_access X-Cache-Lookup deny all
186. request_header_access Via deny all
187. request_header_access Forwarded-For deny all
188. request_header_access X-Forwarded-For deny all
189. request_header_access Pragma deny all
190. request_header_access Keep-Alive deny all
191.  
192. #########################
193. # TUNES 3-HEAD
194. #########################
195. strip_query_terms off
196. cache_mem 16 MB
197. maximum_object_size_in_memory 13 KB
198. minimum_object_size 0 KB
199. maximum_object_size 64 MB
200. cache_swap_low 98
201. cache_swap_high 99
202. ipcache_size 10240
203. fqdncache_size 10240
204. positive_dns_ttl 8 hours
205. negative_dns_ttl 15 seconds
206. ipcache_low 97
207. ipcache_high 98
208. log_icp_queries off
209. half_closed_clients off
210. quick_abort_min 0 KB
211. quick_abort_max 0 KB
212. quick_abort_pct 98
213. vary_ignore_expire on
214. reload_into_ims on
215. forwarded_for off
216. via on
217. buffered_logs on
218. client_db on
219. client_persistent_connections off
220. server_persistent_connections off
221. icp_hit_stale on
222. query_icmp on
223. memory_pools off
224. negative_ttl 30 seconds
225. max_filedescriptors 65536
226. cache_replacement_policy heap LFUDA
227. memory_replacement_policy heap GDSF
228. uri_whitespace strip
229. shutdown_lifetime 10 seconds
230. logfile_rotate 1
231.  
232. # ZPH
233. ###########################
234. qos_flows tos 0×30
235. #qos_flows mark 0×4
236.  
237. ############################
238. # CACHE_DIR
239. # Measuring your cache_dir, with this formula :
240. # ((( x / y ) / 256 ) / 256 ) * 2 = L1
241. # while 256 = L2 ( Ususally used, 256. but you can change it to 512 if you like)
242. # x = your current HD size for cache_dir
243. # y = average object (usually 13 kb)
244. # L1, L2 = your directory value
245. ########################################
246.  
247.  
248. # DNS OPTIONS
249. # -----------
250. check_hostnames off
251. dns_timeout 120 seconds
252. #DNS NAWALA
253. dns_nameservers 180.131.144.144 180.131.144.144
254.  
255. #dns_nameservers 10.0.18.38 10.0.18.42
256. #DNS smartfren
257. #dns_nameservers 10.17.118.187 10.17.118.251
258. snmp_incoming_address 0.0.0.0
259. snmp_outgoing_address 255.255.255.255
260. udp_incoming_address 0.0.0.0
261. udp_outgoing_address 255.255.255.255
262. hosts_file /etc/hosts
263. ipcache_size 8192
264. ipcache_low 90
265. ipcache_high 95