squid conf

1. #
2. # Recommended minimum configuration:
3. #
4. acl manager proto cache_object
5. acl localhost src 127.0.0.1/32 ::1
6. acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
7.  
8. # Example rule allowing access from your local networks.
9. # Adapt to list your (internal) IP networks from where browsing
10. # should be allowed
11. acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
12. #acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
13. acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
14. #acl localnet src fc00::/7 # RFC 4193 local private network range
15. #acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
16.  
17. acl SSL_ports port 443
18. acl Safe_ports port 80 # http
19. acl Safe_ports port 21 # ftp
20. acl Safe_ports port 443 # https
21. #acl Safe_ports port 70 # gopher
22. #acl Safe_ports port 210 # wais
23. acl Safe_ports port 1025-65535 # unregistered ports
24. #acl Safe_ports port 280 # http-mgmt
25. #acl Safe_ports port 488 # gss-http
26. #acl Safe_ports port 591 # filemaker
27. #acl Safe_ports port 777 # multiling http
28. acl CONNECT method CONNECT
29.  
30. #
31. # Recommended minimum Access Permission configuration:
32. #
33. # Only allow cachemgr access from localhost
34. http_access allow manager localhost
35. http_access deny manager
36.  
37. # Deny requests to certain unsafe ports
38. http_access deny !Safe_ports
39.  
40. # Deny CONNECT to other than secure SSL ports
41. http_access deny CONNECT !SSL_ports
42.  
43. # We strongly recommend the following be uncommented to protect innocent
44. # web applications running on the proxy server who think the only
45. # one who can access services on "localhost" is a local user
46. http_access deny to_localhost
47.  
48. #
49. # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
50. #
51.  
52. # squid as an httpd accelerator
53. #httpd_accel_host virtual
54. # port you want to act as a proxy
55. #httpd_accel_port 80
56. # Squid act as both a local httpd accelerator and as a proxy
57. #httpd_accel_with_proxy on
58. # Header is turned on which is the hostname from the URL
59. #httpd_accel_uses_host_header on
60.  
61. # Example rule allowing access from your local networks.
62. # Adapt localnet in the ACL section to list your (internal) IP networks
63. # from where browsing should be allowed
64. http_access allow localnet
65. http_access allow localhost
66.  
67. # And finally deny all other access to this proxy
68. http_access deny all
69.  
70. # Squid normally listens to port 3128
71. http_port 3128
72.  
73. # We recommend you to use at least the following line.
74. hierarchy_stoplist cgi-bin ?
75.  
76. # set who user and group that squid will run, note : must run with root first!
77. cache_effective_user squid
78. cache_effective_group squid
79. #Memory the Squid will use. Well, Squid will use far more than that.
80. cache_mem 16 MB
81.  
82. # Uncomment and adjust the following to add a disk cache directory.
83. cache_dir ufs /cache 250 16 256
84.  
85. # Leave coredumps in the first cache dir
86. coredump_dir /opt/squid/var/cache
87.  
88. #Places where Squid's logs will go to.
89. cache_log /var/log/squid/cache.log
90. access_log /var/log/squid/access.log
91. cache_store_log /var/log/squid/store.log
92. cache_swap_log /var/log/squid/swap.log
93. #How many times to rotate the logs before deleting them.
94. #See the FAQ for more info.
95. logfile_rotate 10
96.  
97. # Add any of your own refresh_pattern entries above these.
98. refresh_pattern ^ftp: 1440 20% 10080
99. refresh_pattern ^gopher: 1440 0% 1440
100. refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
101. refresh_pattern . 0 20% 4320
102.  
103. #all our LAN users will be seen by external web servers
104. #as if they all used Mozilla on windows xp sp2. :)
105. #anonymize_headers deny User-Agent
106. #fake_user_agent Mozilla/5.0 (compatible; U;windows xp sp2; en-US)
107.  
108. ### DELAY POOLS ###
109.  
110. #This is the most important part for shaping incoming traffic with Squid
111. #For detailed description see squid.conf file or docs at http://www.squid-cache.org
112.  
113. #kita ingin membatasi bandwidth untuk mendownload file jenis yang disebutkan di bawah ini
114. #tulis semua dalam satu baris
115. acl magic_words url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .rpm .deb .zip .rar .avi .mpeg .mpe .bin .sh .tar.bz2 .pdf .mkv .ogg .mpg .qt .ram .rm .iso .raw .wav .mov .wmv .flv .mp4 #kita tidak membatasi .html, .gif, .jpg dan file lain yang sejenis
116. #karena tidak terlalu memboroskan bandwidth
117.  
118. #We have two different delay_pools
119. #View Squid documentation to get familiar
120. #with delay_pools and delay_class.
121. delay_pools 2
122.  
123. #First delay pool
124. #We don't want to delay our local traffic.
125. #There are three pool classes; here we will deal only with the second.
126. #First delay class (1) of second type (2).
127. delay_class 1 2
128.  
129. #-1/-1 mean that there are no limits.
130. #The numbers here are values in bytes;
131. #we must remember that Squid doesn't consider start/stop bits
132. #5000/150000 are values for the whole network
133. #5000/120000 are values for the single IP
134. #after downloaded files exceed about 150000 bytes,
135. #(or even twice or three times as much)
136. #they will continue to download at about 5000 bytes/s
137.  
138. delay_parameters 1 20000/150000 20000/120000
139. delay_access 1 allow magic_words