API tools faq
paste
Advertisement
Guest User

squid.conf

a guest
Nov 26th, 2014
233
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.65 KB | None | 0 0
raw download clone embed print report
  1. #start of config
  2. acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
  3. acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
  4. acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
  5.  
  6. cache_mgr proxy
  7. visible_hostname evoproxy
  8.  
  9. cache_mem 64 MB
  10. maximum_object_size_in_memory 32 KB
  11. maximum_object_size 2048 MB
  12. cache_swap_low 98
  13. cache_swap_high 99
  14.  
  15. ipcache_size 2048
  16. ipcache_low 98
  17. ipcache_high 99
  18.  
  19. memory_pools off
  20. vary_ignore_expire on
  21. offline_mode off
  22. client_db off
  23. reload_into_ims on
  24.  
  25. memory_replacement_policy heap GDSF
  26. cache_replacement_policy heap LFUDA
  27. cache_dir aufs /c1 18000 42 256
  28.  
  29. acl SSL_ports port 443
  30. acl Safe_ports port 80 # http
  31. acl Safe_ports port 21 # ftp
  32. acl Safe_ports port 443 # https
  33. acl Safe_ports port 70 # gopher
  34. acl Safe_ports port 210 # wais
  35. acl Safe_ports port 1025-65535 # unregistered ports
  36. acl Safe_ports port 280 # http-mgmt
  37. acl Safe_ports port 488 # gss-http
  38. acl Safe_ports port 591 # filemaker
  39. acl Safe_ports port 777 # multiling http
  40. acl CONNECT method CONNECT
  41. acl getmethod method GET
  42. acl purge method PURGE
  43.  
  44. # CUSTOM ACL
  45. acl broken_sites url_regex ^https://(ibank|ib)\.
  46. #acl domain_youtube dstdomain .youtube.com .googlevideo.com
  47. #acl youtube url_regex -i youtube.*(ptracking|playback|stream_204|player_204|gen_204).*
  48. #acl youtube url_regex -i (youtube|google).*\/videoplayback\?.*
  49. #acl storeid_url url_regex ^https?:\/\/.*\.googlevideo\.com\/videoplayback\/.*\/seg\.ts\?
  50. #acl storeid_url url_regex ^https?:\/\/.*\.googlevideo\.com\/videoplayback.*[&|?]cpn=
  51. #acl storeid_url url_regex ^http:\/\/[a-z0-9]{4}\.reverbnation\.com\/.*
  52. #acl storeid_url url_regex ^https?:\/\/[\w\d\-\.\%]*fbcdn[\w\d\-\.\%]*net\/[\w\d\-\.\%]*\/.*
  53. #acl storeid_url url_regex ^https?:\/\/.*\.ak\.fbcdn\.net\/.*\.(gif|jpg|png|js|mp4)
  54. #acl storeid_url url_regex ^https?:\/\/[a-zA-Z0-9\-\_\.\%]*(fbcdn|akamaihd)[a-zA-Z0-9\-\_\.\%]*net\/safe\_image\.php\?.*
  55. #acl storeid_url url_regex ^https?:\/\/fb(static|cdn)(\-.*\-a|\-a)\.akamaihd\.net\/(.*)\.(gif|jpeg|jpg|png|js|css|mp4).*
  56. #acl storeid_url url_regex ^https?:\/\/(.*)?(\.gstatic\.com|\.wikimapia\.org).*(png|font|woff)
  57. #acl storeid_url url_regex ^http:\/\/.*\.reverbnation\.com\/.*
  58. #acl storeid_url url_regex ^https?:\/\/[a-z0-9]*\.ytimg\.com\/.*\.(jpg|gif|webp|js|css|ico|png|swf).*
  59. #acl storeid_url url_regex ^http:\/\/dc[0-9]+\.4shared\.com\/.*\/dlink
  60. #acl storeid_url url_regex ^http:\/\/dc[0-9]+\.4shared\.com\/download
  61. #acl storeid_url url_regex ^http:\/\/.*\.dl\.sourceforge\.net\/.*
  62. #acl storeid_url url_regex ^http:\/\/.*\.speedtest\.net\/.*
  63. #acl storeid_url url_regex ^http:\/\/.*(\.steampowered\.com|\.edgesuite\.net)\/depot\/.*
  64. #acl storeid_url url_regex ^http:\/\/maps[0-9]*\.yimg\.com\/.*
  65. #acl storeid_url url_regex ^https?:\/\/.*\.yimg\.com\/.*
  66. #acl storeid_url url_regex ^https?:\/\/([a-z0-9.]*)(\.doubleclick\.net|\.quantserve\.com|.exoclick\.com|interclick.\com|\.googlesyndication\.com|\.auditude\.com|.visiblemeasures\.com|yieldmanager|cpxinteractive).*
  67. #acl storeid_url url_regex ^https?:\/\/www\.google-analytics\.com\/.*
  68.  
  69. acl urlrewrite dstdomain .fbcdn.net .akamaihd.net
  70. acl speedtest url_regex -i speedtest\.net\/.*\.(jpg|txt)\?
  71. acl reverbnation url_regex -i reverbnation.*audio_player.*ec_stream_song.*$
  72. acl utmgif url_regex -i utm.gif
  73. acl playstoreandroid url_regex -i c.android.clients.google.com.market.GetBinary.GetBinary
  74. acl idyoutube url_regex -i youtube.*(ptracking|stream_204|player_204).*(v\=|docid\=|video_id\=).*$
  75. acl videoyoutube url_regex -i (youtube|googlevideo).*videoplayback\?
  76. acl storeid_url url_regex ^http:\/\/dc[0-9]+\.4shared\.com\/.*\/dlink
  77. acl storeid_url url_regex ^http:\/\/dc[0-9]+\.4shared\.com\/download
  78. acl storeid_url url_regex ^http:\/\/.*[\.steampowered.com|\.net]\/depot
  79. acl storeid_url url_regex ^http:\/\/.*(\.garenanow\.com|\.starhub\.com)\/.*\/patcher
  80. acl storeid_url url_regex ^https?:\/\/[a-z0-9]*\.ytimg\.com
  81. acl storeid_url url_regex ^http:\/\/[1-4]\.bp\.blogspot\.com
  82.  
  83. #acl untuk looping video youtube 302
  84. acl loop_302 http_status 302
  85.  
  86. #nobump
  87. acl nobump dst 54.255.0.0/16
  88. acl nobump dst 54.251.0.0/16
  89.  
  90. #acl partial content
  91. acl partial_content url_regex -i ^http:\/\/.*.chatango.com\/.*\.(mp3)$
  92. acl partial_content url_regex -i ^http:\/\/.*\.netmarble.co.id\/.*\.(zip|dfg|kom)$
  93. acl partial_content url_regex -i ^http:\/\/.*(\.garenanow\.com|\.starhub\.com)\/.*\/patcher
  94. acl partial_content url_regex -i ^http:\/\/.*(\.garenanow\.com|\.starhub\.com)\/.*\.(exe)$
  95. acl partial_content url_regex -i ^http:\/\/.*\.winnerinter\.co\.id\/.*\.(exe)$
  96. acl partial_content url_regex -i ^http:\/\/.*.gemscool.com\/.*\.(pak)$
  97.  
  98. http_access deny !Safe_ports
  99. http_access allow purge localhost
  100. http_access deny CONNECT !SSL_ports
  101. http_access allow localhost manager
  102. http_access allow localnet manager
  103. http_access deny manager
  104. http_access allow localnet
  105. http_access allow localhost
  106. http_reply_access allow all
  107. icp_access allow all
  108.  
  109. acl gaHack url_regex -i google-analytics\.com\/ga\.js
  110. acl gaHack url_regex -i google-analytics\.com\/analytics\.js
  111. acl ytHack url_regex -i \/pagead\/js\/lidar\.js
  112. acl ytHack url_regex -i google\.com\/js\/bg\/.*\.js
  113. deny_info http://arbinet.wc.lt/script/gahack.js? gaHack
  114. deny_info http://arbinet.wc.lt/script/yt.js? ytHack
  115. http_access deny gaHack
  116. http_access deny ytHack
  117.  
  118. http_access deny all
  119.  
  120. http_port 3127
  121. http_port 3128 intercept
  122. https_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB key=/etc/squid/ssl_cert/evo.net.private cert=/etc/squid/ssl_cert/evo.net.cert
  123.  
  124. #request_header_access range deny videoyoutube
  125. #request_header_access range deny partial_206
  126.  
  127. range_offset_limit 1024 MB partial_content
  128. #Jika masih gagal mengcache range file, uncommment quick_abort_min -1 dibawah ini
  129. #quick_abort_min -1
  130.  
  131. ssl_unclean_shutdown on
  132. ssl_bump none nobump
  133. ssl_bump none localhost
  134. ssl_bump none broken_sites
  135. ssl_bump server-first all
  136. sslproxy_cert_error allow all
  137. sslproxy_flags DONT_VERIFY_PEER
  138. sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/squid/ssl_db/certs/ -M 4MB
  139. sslcrtd_children 50 startup=5 idle=1
  140. always_direct allow all
  141.  
  142. coredump_dir /var/spool/squid
  143.  
  144. #error_directory /usr/share/squid/errors/en
  145. error_log_languages off
  146.  
  147. #logfile_daemon /usr/lib/squid/log_file_daemon
  148. access_log daemon:/var/log/squid/access.log squid
  149. cache_log /var/log/squid/cache.log
  150. cache_store_log none
  151.  
  152. strip_query_terms off
  153. logfile_rotate 1
  154. shutdown_lifetime 5 second
  155.  
  156. store_id_program /usr/bin/perl /etc/squid/storeid.pl
  157. store_id_children 30 startup=10 idle=5 concurrency=5
  158. store_id_access deny !getmethod
  159. store_id_access allow urlrewrite
  160. store_id_access allow speedtest
  161. store_id_access allow reverbnation
  162. store_id_access allow utmgif
  163. store_id_access allow playstoreandroid
  164. store_id_access allow storeid_url
  165. store_id_access allow idyoutube
  166. store_id_access allow videoyoutube
  167. store_id_access deny all
  168.  
  169. store_miss deny videoyoutube loop_302
  170. send_hit deny videoyoutube loop_302
  171.  
  172. max_stale 1 year
  173. refresh_pattern (akamaihd|fbcdn)\.net 14400 99% 518400 override-expire override-lastmod refresh-ims reload-into-ims ignore-reload ignore-no-store ignore-private ignore-auth ignore-must-revalidate store-stale
  174. refresh_pattern -i squid\.internal 14400 99% 518400 override-expire override-lastmod refresh-ims reload-into-ims ignore-reload ignore-no-store ignore-private ignore-auth ignore-must-revalidate store-stale
  175.  
  176. refresh_pattern -i (cgi-bin|mrtg|graph) 0 0% 0
  177. refresh_pattern -i (xtrap|login|sources) 0 0% 0
  178. refresh_pattern .*(begin|start)\=[1-9][0-9] 0 0% 0
  179. refresh_pattern -i (hackshield|HackShield|HSUpdate|HShield|hsupdate|nprotect|update3) 0 50% 420 override-expire override-lastmod reload-into-ims
  180. refresh_pattern -i (livescore.com|goal.com|bobet) 0 50% 60
  181.  
  182. #FB
  183. refresh_pattern \.facebook\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp|api|php(4|3)) 1440 99% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-store ignore-private store-stale
  184. refresh_pattern -i facebook\.com 1440 99% 43200 override-expire override-lastmod ignore-reload ignore-private ignore-no-store reload-into-ims store-stale
  185. refresh_pattern \.gstatic\.com/images\? 14400 99% 43200 override-expire override-lastmod ignore-reload ignore-private ignore-no-store reload-into-ims store-stale
  186. refresh_pattern \.(edgecastcdn|spilcdn|zgncdn)\.com.*\.(jp(e?g|e|2)|gif|png|swf|mp(3|4)) 1440 99% 43200 override-expire override-lastmod ignore-reload ignore-private ignore-no-store reload-into-ims store-stale
  187. refresh_pattern -i (gstatic|diggstatic)\.com 1440 99% 43200 override-expire override-lastmod ignore-reload ignore-private ignore-no-store reload-into-ims store-stale
  188. refresh_pattern -i (photobucket|pbsrc|flickr|yimg|ytimg|twimg|gravatar)\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 43200 override-expire ignore-reload ignore-private
  189. refresh_pattern ^http:\/\/images|image|img|pics|openx|thumbs[0-9]\. 1440 99% 43200 override-expire override-lastmod ignore-reload ignore-private ignore-no-store reload-into-ims store-stale
  190. refresh_pattern ^https://safebrowsing.google.com 1440 90% 43200 override-expire override-lastmod ignore-reload ignore-private ignore-no-store reload-into-ims store-stale
  191. refresh_pattern -i (get_video\?|videoplayback\?|stream_204\?|videodownload\?|\.flv\?|\.fid\?) 10080 80% 79900 override-expire ignore-reload ignore-must-revalidate ignore-private
  192. refresh_pattern ^http://gtssl-ocsp.geotrust.com/ 1440 99% 43200 override-expire override-lastmod ignore-reload ignore-private ignore-no-store reload-into-ims store-stale
  193. refresh_pattern ^http://ocsp.godaddy.com 1440 99% 43200 override-expire override-lastmod ignore-reload ignore-private ignore-no-store reload-into-ims store-stale
  194. refresh_pattern ^http://ocsp.digicert.com 1440 99% 43200 override-expire override-lastmod ignore-reload ignore-private ignore-no-store reload-into-ims store-stale
  195. refresh_pattern -i (zynga|ninjasaga|mafiawars|cityville|farmville|crowdstar|spilcdn|agame|popcap)\.com 1440 99% 43200 override-expire override-lastmod ignore-reload ignore-private ignore-no-store reload-into-ims store-stale
  196.  
  197. # extension
  198. refresh_pattern \.(jpg|png|gif|css|ico|bmp|swf|js)($|\?) 14400 99% 518400 override-expire override-lastmod ignore-reload ignore-no-store ignore-private reload-into-ims ignore-must-revalidate store-stale
  199. refresh_pattern \.(7z|ace|rar|jar|gz|tgz|bz2|iso|mod|arj|lha|lzh|zip|tar|cab|dat|pak|kom)($|\?) 14400 99% 518400 override-expire override-lastmod ignore-reload ignore-no-store ignore-private reload-into-ims ignore-must-revalidate store-stale
  200. refresh_pattern \.(exe|ms(i|u|p)|deb|bin|ax|r(a|p)m|app|pkg|apk|msi|mar|nzp|xpi|dmg|dds|thor|nar|gpf)($|\?) 14400 99% 518400 override-expire override-lastmod ignore-reload ignore-no-store ignore-private reload-into-ims ignore-must-revalidate store-stale
  201. refresh_pattern \.(3gp|avi|ac4|mp(e?g|a|e|1|2|3|4)|m4(a|v)|3g(p?2|p)|mkv|ogg|wmv|wmx|wpl|rm|snd|vob|wav|asx|avi|divx|flv|mov|mid)($|\?) 14400 99% 518400 override-expire override-lastmod ignore-reload ignore-no-store ignore-private reload-into-ims ignore-must-revalidate store-stale
  202. refresh_pattern \.(pp(t?x|t)|epub|pdf|rtf|wax|cb(r|z|t)|xl(s?x|s)|do(c?x|c)|inc)($|\?) 14400 99% 518400 override-expire override-lastmod ignore-reload ignore-no-store ignore-private reload-into-ims ignore-must-revalidate store-stale
  203.  
  204. refresh_pattern ^ftp: 1440 20% 10080
  205. refresh_pattern ^gopher: 1440 0% 1440
  206. refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
  207. refresh_pattern . 0 99% 518400 ignore-no-store ignore-private store-stale
  208.  
  209. dns_nameservers 127.0.0.1
  210.  
  211. qos_flows local-hit=0x30
  212.  
  213. cache_effective_user proxy
  214. cache_effective_group proxy
  215.  
  216. #debug_options 11,2 22,3
  217. #debug helper
  218. #debug_options ALL,1 84,9
  219.  
  220. connect_timeout 30 seconds
  221. request_timeout 60 seconds
  222. half_closed_clients off
  223.  
  224. log_icp_queries off
  225.  
  226. dns_retransmit_interval 5 seconds
  227. dns_timeout 30 seconds
  228. positive_dns_ttl 21600 seconds
  229. negative_dns_ttl 1 seconds
  230. negative_ttl 1 second
  231. ignore_unknown_nameservers on
  232. detect_broken_pconn on
  233. read_ahead_gap 64 KB
  234. dns_v4_first on
  235. balance_on_multiple_ip on
  236. connect_retries 2
  237. #client_persistent_connections on
  238. server_persistent_connections on
  239. retry_on_error on
  240. pipeline_prefetch 100
  241. max_filedescriptors 65535
  242. fqdncache_size 4096
  243. buffered_logs on
  244.  
  245. request_header_access From deny all
  246. request_header_access Server deny all
  247. request_header_access WWW-Authenticate deny all
  248. request_header_access Link deny all
  249. request_header_access Cache-Control deny all
  250. request_header_access Proxy-Connection deny all
  251. request_header_access X-Cache deny all
  252. request_header_access X-Cache-Lookup deny all
  253. request_header_access Via deny all
  254. request_header_access Forwarded-For deny all
  255. request_header_access X-Forwarded-For deny all
  256. request_header_access Pragma deny all
  257. request_header_access Keep-Alive deny all
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!