http_port 192.168.21.212:3128 tproxy
https_port 192.168.21.212:3129 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/certs/squid.pem key=/etc/squid/certs/squid.key

reload_into_ims on
refresh_all_ims on
maximum_object_size_in_memory 0 KB

strip_query_terms off
cache_swap_high 98
cache_swap_low 95
qos_flows local-hit=0x30
qos_flows sibling-hit=0x30
qos_flows parent-hit=0x30
dns_nameservers 208.67.222.222 208.67.220.220 8.8.8.8 8.8.4.4

### semua acl
acl video url_regex -i ^http.*video.*
acl range url_regex -i ^http.*range.*
acl google url_regex -i (googlevideo.com|www.youtube.com)
acl iphone browser -i regexp (iPhone|iPad)
acl BB browser -i regexp (BlackBerry|PlayBook)
acl Winphone browser -i regexp (Windows.*Phone|Trident|IEMobile)
acl Android browser -i regexp Android
acl rolnone url_regex -i ^https?\:\/\/.*\/th\/patch\/.*
acl rolnone url_regex -i ^http.*garena.*
acl allurl url_regex -i ^http.*
acl spliceserver ssl::server_name "/etc/squid/splicesaja.txt"
acl ipbypass dst "/etc/squid/ipbypass.txt"
acl httptomiss http_status 302
acl httptomiss http_status 301
acl mimetomiss rep_mime_type -i mime-type ^text/html
acl step1 at_step SslBump1
acl step2 at_step SslBump2
acl step3 at_step SslBump3
acl getmethod method GET

quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 100
range_offset_limit none rolnone
range_offset_limit 1 KB !rolnone

request_header_access User-Agent deny google !iphone !BB !Winphone !Android
request_header_replace User-Agent Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)

http_access deny video !range

always_direct allow all
ssl_bump splice localhost
ssl_bump splice ipbypass
ssl_bump splice spliceserver
ssl_bump peek step1 all
ssl_bump bump step2 all
ssl_bump splice step3 all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER

sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/ipfire/ssl_db -M 4MB
sslcrtd_children 2000

cache deny localhost

store_id_program /etc/squid/storeid.pl
store_id_children 2000
store_id_access deny !getmethod
store_id_access allow allurl
store_id_access deny all

store_miss deny httptomiss
send_hit deny httptomiss
store_miss deny mimetomiss
send_hit deny mimetomiss

refresh_pattern -i ^http.*pc-mikrotik.* 432000 100% 432000 override-expire override-lastmod ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth ignore-must-revalidate store-stale
refresh_pattern . 0 100% 432000 override-expire override-lastmod ignore-no-cache ignore-no-store ignore-private ignore-auth ignore-must-revalidate

max_stale 2 days