SHARE
TWEET

Untitled

a guest May 19th, 2019 172 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #######################################################
  2. ## Squid_LUSCA configuration Starts from Here ...     #
  3. ## Thanks to some INDO friendsfor sharing Configs     #
  4. ## Syed.Jahanzaib / 22nd April, 2014                  #
  5. ## https://aacable.wordpress.com / aacable@hotmail.com #
  6. #######################################################
  7.  
  8. # HTTP Port for SQUID Service
  9. http_port 3129 transparent
  10. server_http11 on
  11.  
  12. # Cache Pee, for parent proxy if you ahve any, or ignore it.
  13. #cache_peer 192.168.0.0/24 parent 3129 0
  14.  
  15. # Various Logs/files location
  16. pid_filename /var/run/squid.pid
  17. coredump_dir /var/spool/squid/
  18. error_directory /usr/share/squid/errors/English
  19. icon_directory /usr/share/squid/icons
  20. mime_table /etc/squid/mime.conf
  21. access_log daemon:/var/log/squid/access.log squid
  22. cache_log none
  23. #debug_options ALL,1 22,3 11,2 #84,9
  24. referer_log /var/log/squid/referer.log
  25. cache_store_log none
  26. store_dir_select_algorithm  round-robin
  27. logfile_daemon /usr/lib/squid/logfile-daemon
  28. logfile_rotate 1
  29.  
  30. # Cache Policy
  31. cache_mem 6 MB
  32. maximum_object_size_in_memory 0 KB
  33. memory_replacement_policy heap GDSF
  34. cache_replacement_policy heap LFUDA
  35.  
  36. minimum_object_size 0 KB
  37. maximum_object_size 10 GB
  38. cache_swap_low 98
  39. cache_swap_high 99
  40.  
  41. # Cache Folder Path, using 5GB for test
  42. cache_dir aufs /cache-1 250000 16 256
  43.  
  44. # ACL Section
  45. acl all src all
  46. acl manager proto cache_object
  47. acl localhost src 127.0.0.1/32
  48. acl to_localhost dst 127.0.0.0/8
  49. #acl localnet src 10.0.0.0/8            # RFC1918 possible internal network
  50. #acl localnet src 172.16.0.0/12        # RFC1918 possible internal network
  51. #acl localnet src 192.168.0.0/16        # RFC1918 possible internal network
  52. acl localnet src 192.168.100.0/24        # RFC1918 possible internal network
  53. acl SSL_ports port 443
  54. acl Safe_ports port 80                # http
  55. acl Safe_ports port 21                # ftp
  56. acl Safe_ports port 443                # https
  57. acl Safe_ports port 70                # gopher
  58. acl Safe_ports port 210                # wais
  59. acl Safe_ports port 1025-65535        # unregistered ports
  60. acl Safe_ports port 280                # http-mgmt
  61. acl Safe_ports port 488                # gss-http
  62. acl Safe_ports port 591                # filemaker
  63. acl Safe_ports port 777                # multiling http
  64. acl CONNECT method CONNECT
  65. acl purge method PURGE
  66. acl snmppublic snmp_community public
  67.  
  68. acl range dstdomain .windowsupdate.com
  69. range_offset_limit -1 KB range
  70.  
  71. #===========================================================================
  72. #    Loading Patch
  73. acl DENYCACHE urlpath_regex \.(ini|ui|lst|inf|pak|ver|patch|md5|cfg|lst|list|rsc|log|conf|dbd|db)$
  74. acl DENYCACHE urlpath_regex (notice.html|afs.dat|dat.asp|patchinfo.xml|version.list|iepngfix.htc|updates.txt|patchlist.txt)
  75. acl DENYCACHE urlpath_regex (pointblank.css|login_form.css|form.css|noupdate.ui|ahn.ui|3n.mh)$
  76. acl DENYCACHE urlpath_regex (Loader|gamenotice|sources|captcha|notice|reset)
  77. no_cache deny DENYCACHE
  78.  
  79. range_offset_limit 1 MB !DENYCACHE
  80. uri_whitespace strip
  81.  
  82. #===========================================================================
  83. #    Rules to block few Advertising sites
  84. acl ads url_regex -i .youtube\.com\/ad_frame?
  85. acl ads url_regex -i .(s|s[0-90-9])\.youtube\.com
  86. acl ads url_regex -i .googlesyndication\.com
  87. acl ads url_regex -i .doubleclick\.net
  88. acl ads url_regex -i ^http:\/\/googleads\.*
  89. acl ads url_regex -i ^http:\/\/(ad|ads|ads[0-90-9]|ads\d|kad|a[b|d]|ad\d|adserver|adsbox)\.[a-z0-9]*\.[a-z][a-z]*
  90. acl ads url_regex -i ^http:\/\/openx\.[a-z0-9]*\.[a-z][a-z]*
  91. acl ads url_regex -i ^http:\/\/[a-z0-9]*\.openx\.net\/
  92. acl ads url_regex -i ^http:\/\/[a-z0-9]*\.u-ad\.info\/
  93. acl ads url_regex -i ^http:\/\/adserver\.bs\/
  94. acl ads url_regex -i !^http:\/\/adf\.ly
  95. http_access deny ads
  96. http_reply_access deny ads
  97. #deny_info http://yoursite/yourad,htm ads
  98. #==== End Rules: Advertising ====
  99.  
  100. strip_query_terms off
  101.  
  102. acl yutub url_regex -i .*youtube\.com\/.*$
  103. acl yutub url_regex -i .*youtu\.be\/.*$
  104. logformat squid1 %{Referer}>h %ru
  105. access_log /var/log/squid/yt.log squid1 yutub
  106.  
  107. # ==== Custom Option REWRITE ====
  108. acl store_rewrite_list urlpath_regex \/(get_video\?|videodownload\?|videoplayback.*id)
  109.  
  110. acl store_rewrite_list urlpath_regex \.(mp2|mp3|mid|midi|mp[234]|wav|ram|ra|rm|au|3gp|m4r|m4a)\?
  111. acl store_rewrite_list urlpath_regex \.(mpg|mpeg|mp4|m4v|mov|avi|asf|wmv|wma|dat|flv|swf)\?
  112. acl store_rewrite_list urlpath_regex \.(jpeg|jpg|jpe|jp2|gif|tiff?|pcx|png|bmp|pic|ico)\?
  113. acl store_rewrite_list urlpath_regex \.(chm|dll|doc|docx|xls|xlsx|ppt|pptx|pps|ppsx|mdb|mdbx)\?
  114. acl store_rewrite_list urlpath_regex \.(txt|conf|cfm|psd|wmf|emf|vsd|pdf|rtf|odt)\?
  115. acl store_rewrite_list urlpath_regex \.(class|jar|exe|gz|bz|bz2|tar|tgz|zip|gzip|arj|ace|bin|cab|msi|rar)\?
  116. acl store_rewrite_list urlpath_regex \.(htm|html|mhtml|css|js)\?
  117.  
  118. acl store_rewrite_list_web url_regex ^http:\/\/([A-Za-z-]+[0-9]+)*\.[A-Za-z]*\.[A-Za-z]*
  119. acl store_rewrite_list_web_CDN url_regex ^http:\/\/[a-z]+[0-9]\.google\.com doubleclick\.net
  120.  
  121. acl store_rewrite_list_path urlpath_regex \.(mp2|mp3|mid|midi|mp[234]|wav|ram|ra|rm|au|3gp|m4r|m4a)$
  122. acl store_rewrite_list_path urlpath_regex \.(mpg|mpeg|mp4|m4v|mov|avi|asf|wmv|wma|dat|flv|swf)$
  123. acl store_rewrite_list_path urlpath_regex \.(jpeg|jpg|jpe|jp2|gif|tiff?|pcx|png|bmp|pic|ico)$
  124. acl store_rewrite_list_path urlpath_regex \.(chm|dll|doc|docx|xls|xlsx|ppt|pptx|pps|ppsx|mdb|mdbx)$
  125. acl store_rewrite_list_path urlpath_regex \.(txt|conf|cfm|psd|wmf|emf|vsd|pdf|rtf|odt)$
  126. acl store_rewrite_list_path urlpath_regex \.(class|jar|exe|gz|bz|bz2|tar|tgz|zip|gzip|arj|ace|bin|cab|msi|rar)$
  127. acl store_rewrite_list_path urlpath_regex \.(htm|html|mhtml|css|js)$
  128.  
  129. acl getmethod method GET
  130.  
  131. storeurl_access deny !getmethod
  132. #this is not related to youtube video its only for CDN pictures
  133. storeurl_access allow store_rewrite_list_web_CDN
  134. storeurl_access allow store_rewrite_list_web store_rewrite_list_path
  135. storeurl_access allow store_rewrite_list
  136. storeurl_access deny all
  137. storeurl_rewrite_program /etc/squid/storeurl.pl
  138. storeurl_rewrite_children 10
  139. storeurl_rewrite_concurrency 40
  140. # ==== End Custom Option REWRITE ====
  141.  
  142. #===========================================================================
  143. #    Custom Option REFRESH PATTERN
  144. #===========================================================================
  145. refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv\?|\.fid\?) 43200 99% 43200 override-expire ignore-reload ignore-must-revalidate ignore-private
  146. refresh_pattern -i (get_video\?|videoplayback\?|videodownload\?) 5259487 999% 5259487 override-expire ignore-reload reload-into-ims ignore-no-cache ignore-private
  147. # -- refresh pattern for specific sites -- #
  148. refresh_pattern ^http://*.jobstreet.com.*/.* 720 100% 10080 override-expire override-lastmod ignore-no-cache
  149. refresh_pattern ^http://*.indowebster.com.*/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth
  150. refresh_pattern ^http://*.21cineplex.*/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth
  151. refresh_pattern ^http://*.atmajaya.*/.* 720 100% 10080 override-expire ignore-no-cache ignore-auth
  152. refresh_pattern ^http://*.kompas.*/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
  153. refresh_pattern ^http://*.theinquirer.*/.* 720 100% 10080 override-expire ignore-no-cache ignore-auth
  154. refresh_pattern ^http://*.blogspot.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
  155. refresh_pattern ^http://*.wordpress.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache
  156. refresh_pattern ^http://*.photobucket.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
  157. refresh_pattern ^http://*.tinypic.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
  158. refresh_pattern ^http://*.imageshack.us/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
  159. refresh_pattern ^http://*.kaskus.*/.* 720 100% 28800 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
  160. refresh_pattern ^http://www.kaskus.com/.* 720 100% 28800 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
  161. refresh_pattern ^http://*.detik.*/.* 720 50% 2880 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
  162. refresh_pattern ^http://*.detiknews.*/*.* 720 50% 2880 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
  163. refresh_pattern ^http://video.liputan6.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
  164. refresh_pattern ^http://static.liputan6.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
  165. refresh_pattern ^http://*.friendster.com/.* 720 100% 10080 override-expire override-lastmod ignore-no-cache ignore-auth
  166. refresh_pattern ^http://*.facebook.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
  167. refresh_pattern ^http://apps.facebook.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
  168. refresh_pattern ^http://*.fbcdn.net/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
  169. refresh_pattern ^http://profile.ak.fbcdn.net/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
  170. refresh_pattern ^http://static.playspoon.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
  171. refresh_pattern ^http://cooking.game.playspoon.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
  172. refresh_pattern -i http://[^a-z\.]*onemanga\.com/? 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
  173. refresh_pattern ^http://media?.onemanga.com/.* 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
  174. refresh_pattern ^http://*.yahoo.com/.* 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
  175. refresh_pattern ^http://*.google.com/.* 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
  176. refresh_pattern ^http://*.forummikrotik.com/.* 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
  177. refresh_pattern ^http://*.linux.or.id/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
  178. # -- refresh pattern for extension -- #
  179. refresh_pattern -i \.(mp2|mp3|mid|midi|mp[234]|wav|ram|ra|rm|au|3gp|m4r|m4a)(\?.*|$) 5259487 999% 5259487 override-expire ignore-reload reload-into-ims ignore-no-cache ignore-private
  180. refresh_pattern -i \.(mpg|mpeg|mp4|m4v|mov|avi|asf|wmv|wma|dat|flv|swf)(\?.*|$) 5259487 999% 5259487 override-expire ignore-reload reload-into-ims ignore-no-cache ignore-private
  181. refresh_pattern -i \.(jpeg|jpg|jpe|jp2|gif|tiff?|pcx|png|bmp|pic|ico)(\?.*|$) 5259487 999% 5259487 override-expire ignore-reload reload-into-ims ignore-no-cache ignore-private
  182. refresh_pattern -i \.(chm|dll|doc|docx|xls|xlsx|ppt|pptx|pps|ppsx|mdb|mdbx)(\?.*|$) 5259487 999% 5259487 override-expire ignore-reload reload-into-ims ignore-no-cache ignore-private
  183. refresh_pattern -i \.(txt|conf|cfm|psd|wmf|emf|vsd|pdf|rtf|odt)(\?.*|$) 5259487 999% 5259487 override-expire ignore-reload reload-into-ims ignore-no-cache ignore-private
  184. refresh_pattern -i \.(class|jar|exe|gz|bz|bz2|tar|tgz|zip|gzip|arj|ace|bin|cab|msi|rar)(\?.*|$) 5259487 999% 5259487 override-expire ignore-reload reload-into-ims ignore-no-cache ignore-private
  185. refresh_pattern -i \.(htm|html|mhtml|css|js)(\?.*|$) 1440 90% 86400 override-expire ignore-reload reload-into-ims
  186. #===========================================================================
  187. refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
  188. refresh_pattern ^gopher: 1440 0% 1440
  189. refresh_pattern ^ftp: 10080 95% 10080 override-lastmod reload-into-ims
  190. refresh_pattern . 0 20% 10080 override-lastmod reload-into-ims
  191.  
  192. http_access allow manager localhost
  193. http_access deny manager
  194. http_access allow purge localhost
  195. http_access deny !Safe_ports
  196. http_access deny CONNECT !SSL_ports
  197.  
  198. http_access allow localnet
  199. #http_access allow all
  200. http_access deny all
  201.  
  202. icp_access allow localnet
  203. icp_access deny all
  204. icp_port 0
  205.  
  206. buffered_logs on
  207.  
  208. acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
  209. upgrade_http0.9 deny shoutcast
  210.  
  211. acl apache rep_header Server ^Apache
  212. broken_vary_encoding allow apache
  213.  
  214. forwarded_for off
  215. header_access From deny all
  216. header_access Server deny all
  217. header_access Link deny all
  218. header_access Via deny all
  219. header_access X-Forwarded-For deny all
  220. httpd_suppress_version_string on
  221.  
  222. shutdown_lifetime 10 seconds
  223.  
  224. snmp_port 3401
  225. snmp_access allow snmppublic all
  226. dns_timeout 1 minutes
  227.  
  228. dns_nameservers 8.8.8.8 8.8.4.4
  229.  
  230. fqdncache_size 5000    #16384
  231. ipcache_size 5000    #16384
  232. ipcache_low 98
  233. ipcache_high 99
  234. log_fqdn off
  235. log_icp_queries off
  236. memory_pools off
  237.  
  238. maximum_single_addr_tries 2
  239. retry_on_error on
  240.  
  241. icp_hit_stale on
  242.  
  243. strip_query_terms off
  244.  
  245. query_icmp on
  246. reload_into_ims on
  247. emulate_httpd_log off
  248. negative_ttl 0 seconds
  249. pipeline_prefetch on
  250. vary_ignore_expire on
  251. half_closed_clients off
  252. high_page_fault_warning 2
  253. nonhierarchical_direct on
  254. prefer_direct off
  255. cache_mgr itm@kudafushiresort.com
  256. cache_effective_user proxy
  257. cache_effective_group proxy
  258. visible_hostname proxy.kuda
  259. unique_hostname kudafushi
  260. cachemgr_passwd none all
  261. client_db on
  262. max_filedescriptors 8192
  263.  
  264. # ZPH config Marking Cache Hit, so cached contents can be delivered at full lan speed via MT
  265. zph_mode tos
  266. zph_local 0x30
  267. zph_parent 0
  268. zph_option 136
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top