Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ##################################################################################################################################################################################################################################
- # Recommended minimum configuration:
- # Example rule allowing access from your local networks.
- # Adapt to list your (internal) IP networks from where browsing
- # should be allowed
- acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
- acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
- acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
- acl localnet src fc00::/7 # RFC 4193 local private network range
- acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
- acl SSL_ports port 443
- acl Safe_ports port 80 # http
- acl Safe_ports port 21 # ftp
- acl Safe_ports port 443 # https
- acl Safe_ports port 70 # gopher
- acl Safe_ports port 210 # wais
- acl Safe_ports port 1025-65535 # unregistered ports
- acl Safe_ports port 280 # http-mgmt
- acl Safe_ports port 488 # gss-http
- acl Safe_ports port 591 # filemaker
- acl Safe_ports port 777 # multiling http
- acl CONNECT method CONNECT
- #
- acl adsites url_regex -i "/etc/squid/adslist.txt"
- acl ads dstdom_regex "/etc/squid/ad_block.txt"
- http_access deny ads
- http_access deny adsites
- #
- #never_direct allow all
- # STOREID ACCESS LIST
- acl urlrewrite dstdomain .fbcdn.net .akamaihd.net .fbsbx.com
- acl storeid-helper url_regex -i ^https?:\/\/attachment\.fbsbx\.com\/.*\?(id=[0-9]*).*
- acl storeid-helper url_regex -i \.fbsbx\.com\/.*\/(.*\.(unity3d|pak|zip|exe|dll|jpg|png|gif|swf)/)$
- acl storeid-helper url_regex -i ^https?:\/\/.*\.ytimg\.com(.*\.(webp|jpg|gif))
- acl storeid-helper url_regex -i ^https?:\/\/([^\.]*)\.yimg\.com\/(.*)
- acl storeid-helper url_regex -i ^https?:\/\/.*\.gstatic\.com\/images\?q=tbn\:(.*)
- acl storeid-helper url_regex -i ^https?:\/\/.*\.reverbnation\.com\/.*\/(ec_stream_song|download_song_direct|stream_song)\/([0-9]*).*
- acl storeid-helper url_regex -i ^https?:\/\/([a-z0-9.]*)(\.doubleclick\.net|\.quantserve\.com|.exoclick\.com|interclick.\com|\.googlesyndication\.com|\.auditude\.com|.visiblemeasures\.com|yieldmanager|cpxinteractive)(.*)
- acl storeid-helper url_regex -i ^https?:\/\/(.*?)\/(ads)\?(.*?)
- acl storeid-helper url_regex -i ^https?:\/\/.*steampowered\.com\/.*\/([0-9]+\/(.*))
- acl speedtest url_regex -i ^https?:\/\/(.*?)\/speedtest\/.*\.(jpg|txt|png|gif|swf)\?.*
- acl speedtest url_regex -i speedtest\/.*\.(jpg|txt|png|gif|swf)\?.*
- acl reverbnation url_regex -i reverbnation.*audio_player.*ec_stream_song.*$
- acl utmgif url_regex -i utm.gif.*
- acl playstoreandroid url_regex -i c.android.clients.google.com.market.GetBinary.GetBinary.*
- acl youtube url_regex -i youtube.*(ptracking|stream_204|player_204|gen_204).*$
- acl youtube url_regex -i \.c\.(youtube|google)\.com\/(get_video|videoplayback|videoplay).*$
- acl youtube url_regex -i (youtube|google).*\/videoplayback\?.*
- acl loop_302 http_status 302
- acl getmethod method GET
- #
- acl Purge method PURGE
- #
- acl bypast dstdomain .gmail.com
- acl bypast dstdomain \.(mail.yahoo.com|bri.co.id|bankmandiri.co.id|klikbca.com|bni.com)
- ##
- ##STORE-ID OPTION
- store_id_program /etc/squid/store-id.pl
- store_id_children 25 startup=15 idle=5 concurrency=10
- store_id_access deny !getmethod
- store_id_access allow urlrewrite
- store_id_access allow storeid-helper
- store_id_access allow speedtest
- store_id_access allow reverbnation
- store_id_access allow utmgif
- store_id_access allow playstoreandroid
- store_id_access allow youtube
- store_id_access deny all
- store_miss deny youtube loop_302
- send_hit deny youtube loop_302
- # Recommended minimum Access Permission configuration:
- http_access deny !Safe_ports
- http_access deny CONNECT !SSL_ports
- # Only allow cachemgr access from localhost
- http_access allow localhost manager
- http_access allow localhost Purge
- http_access deny manager
- http_access deny Purge
- http_access allow localnet
- http_access allow localhost
- # And finally deny all other access to this proxy
- http_access deny all
- # Squid normally listens to port 3128
- http_port 3127
- http_port 3129 intercept
- ##
- #cache_dir ufs /var/spool/squid3 100 16 256
- cache_dir ufs /cache/0 6000 14 256
- cache_dir ufs /cache/1 6000 14 256
- cache_dir ufs /cache/2 6000 14 256
- maximum_object_size_in_memory 32 KB
- memory_replacement_policy heap GDSF
- cache_replacement_policy heap LFUDA
- minimum_object_size 0 KB
- maximum_object_size 700 KB
- cache_swap_low 90
- cache_swap_high 95
- max_filedesc 65535
- cache_mem 128 MB
- logfile_rotate 10
- memory_pools off
- #
- dns_nameservers 127.0.0.1
- range_offset_limit -1
- quick_abort_min -1 KB
- log_icp_queries off
- client_db off
- half_closed_clients off
- cache_mgr fox.skd@gmail.com
- forwarded_for off
- visible_hostname de-isle.blogspot.co.id
- #
- global_internal_static off
- max_stale 10 years
- retry_on_error on
- buffered_logs on
- read_ahead_gap 32 KB
- # Leave coredumps in the first cache dir
- coredump_dir /var/spool/squid
- # Add any of your own refresh_pattern entries above these.
- #
- refresh_pattern -i \.(gif|png|ico|jpg|jpeg|jp2|webp)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private
- refresh_pattern -i \.(jpx|j2k|j2c|fpx|bmp|tif|tiff|bif)$ 100000 90% 20000 override-expire reload-into-ims ignore-no-store ignore-private
- refresh_pattern -i \.(pcd|pict|rif|exif|hdr|bpg|img|jif|jfif|lsr)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private
- refresh_pattern -i \.(woff|woff2|eps|ttf|otf|svg|svgi|svgz|ps|ps1|acsm|eot)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private
- refresh_pattern -i \.(swf|js|ejs)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private
- refresh_pattern -i \.(wav|css|class|dat|zsci|ver|advcs)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private
- refresh_pattern -i \.(mpa|m2a|mpe|avi|mov|mpg|mpeg|mpg3|mpg4|mpg5)$ 0 90% 200000 reload-into-ims ignore-no-store ignore-private
- refresh_pattern -i \.(m1s|mp2v|m2v|m2s|m2ts|wmx|rm|rmvb|3pg|3gpp|omg|ogm|asf|war)$ 0 90% 200000 reload-into-ims ignore-no-store ignore-private
- refresh_pattern -i \.(asx|mp2|mp3|mp4|mp5|wmv|flv|mts|f4v|f4|pls|midi|mid)$ 0 90% 200000 reload-into-ims ignore-no-store ignore-private
- refresh_pattern -i \.(htm|html)$ 9440 90% 200000 reload-into-ims ignore-no-store ignore-private
- refresh_pattern -i \.(xml|flow|asp|aspx)$ 0 90% 200000
- refresh_pattern -i \.(json)$ 0 90% 200000
- refresh_pattern -i \.(m3u8|ts)$ 0 90% 200000
- refresh_pattern -i \.(app|bin|deb|rpm|drpm|exe|zip|zipx|tar|tgz|tbz2|tlz|iso|arj|cfs|dar|jar)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private
- refresh_pattern -i \.(bz|bz2|ipa|ram|rar|uxx|gz|msi|dll|lz|lzma|7z|s7z|Z|z|zz|sz)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private
- refresh_pattern -i \.(exe|msi)$ 0 90% 200000
- refresh_pattern -i \.(cab|psf|vidt|apk|wtex|hz|ova|ovf)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private
- refresh_pattern -i \.(ppt|pptx|doc|docx|docm|docb|dot|pdf|pub|ps)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private
- refresh_pattern -i \.(xls|xlsx|xlt|xlm|xlsm|xltm|xlw|csv|txt)$ 100000 90% 200000 override-expire reload-into-ims ignore-no-store ignore-private
- ##
- refresh_pattern ^ftp: 1440 20% 10080
- refresh_pattern ^gopher: 1440 0% 1440
- refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
- refresh_pattern . 0 20% 4320
- #refresh_pattern ^ftp: 10080 95% 10080
- #refresh_pattern ^gopher: 1440 0% 1440
- #refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
- #refresh_pattern . 180 95% 10800
- ##########################################################################################################################################################################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement