Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
- acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
- acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
- acl localnet src fc00::/7 # RFC 4193 local private network range
- acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
- acl SSL_ports port 443
- acl Safe_ports port 80 # http
- acl Safe_ports port 182 # http
- acl Safe_ports port 21 # ftp
- acl Safe_ports port 443 # https
- acl Safe_ports port 70 # gopher
- acl Safe_ports port 210 # wais
- acl Safe_ports port 1025-65535 # unregistered ports
- acl Safe_ports port 280 # http-mgmt
- acl Safe_ports port 488 # gss-http
- acl Safe_ports port 591 # filemaker
- acl Safe_ports port 777 # multiling http
- acl CONNECT method CONNECT
- acl getmethod method GET
- acl step1 at_step SslBump1
- #acl step2 at_step SslBump2
- #acl step3 at_step SslBump3
- #acl firefox browser -i regexp (Firefox|firefox)
- #acl chrome browser -i regexp (Chrome|chrome)
- acl iphone browser -i regexp (iPhone|iPad)
- acl BB browser -i regexp (BlackBerry|PlayBook)
- acl Winphone browser -i regexp (Windows.*Phone|Trident|IEMobile)
- acl Android browser -i regexp Android
- acl youtube url_regex -i (youtube|googlevideo|videoplayback)
- #acl yt-domain dstdomain .youtube.com
- acl yt-watch url_regex -i ^https?\:\/\/www\.youtube\.com\/
- #acl yt-watch url_regex -i ^http.*youtube\.com\/$
- acl patchpartial url_regex -i ^http.*(garena|gemscool|netmarble|valve|dota|winnerinter|lytogame|megaxus).*(patch|Patch)
- acl httptomiss http_status 302
- acl mimehtml rep_mime_type -i mime-type ^text/html
- acl mimeplain rep_mime_type -i mime-type ^text/plain
- acl tostoreid url_regex -i ^http.*youtube.*(content_v|docid|video_id|player_204.*v\=)
- acl tostoreid url_regex -i ^http.*youtube.*api.*stats.*ads
- acl tostoreid url_regex -i ^http.*youtube.*(ptracking|set_awesome|stream_204|watchtime|qoe|atr|player_204)
- acl tostoreid url_regex -i ^http.*googlevideo.*videoplayback
- acl tostoreid url_regex -i ^http.*(fbcdn|akamaihd)
- acl tostoreid url_regex -i ^http.*c2lo\.reverbnation\.com\/audio_player\/ec_stream_song\/.*\?
- acl tostoreid url_regex -i ^http.*\.c\.android\.clients\.google\.com\/market\/GetBinary\/GetBinary\/.*\/.*\?
- acl tostoreid url_regex -i ^http.*datafilehost.*\/get\.php.*file\=
- acl tostoreid url_regex -i ^http.*\.filehippo\.com\/.*\?
- acl tostoreid url_regex -i ^http.*\.4shared\.com\/.*\/.*\/.*\/dlink.*preview.mp3
- acl tostoreid url_regex -i ^http.*\.4shared\.com\/download\/.*\/.*\?tsid
- acl tostoreid url_regex -i ^http.*(steampowered|steamcontent)
- acl tostoreid url_regex -i ^http.*savefile\.co\:182\/.*\/.*\.(mp4|flv|3gp)
- acl tostoreid url_regex -i ^http.*video\-http\.media\-imdb\.com\/(.*\.mp4)\?
- acl tostoreid url_regex -i ^http.*\.dl\.sourceforge\.net
- #acl tostoreid url_regex -i ^http.*(speedtest|espeed).*\/(.*\.(jpg|txt))
- acl speedtest url_regex -i ^http.*(speedtest|espeed).*\/((latency|upload|random.*)\.(jpg|txt|php))
- http_access deny !Safe_ports
- http_access deny CONNECT !SSL_ports
- http_access allow localhost manager
- http_access deny manager
- http_access allow localnet
- http_access allow localhost
- http_access deny all
- https_port 3127 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_certs/squid.crt key=/etc/squid/ssl_certs/squid.key cipher=ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-SHA:RC4-SHA:HIGH:!aNULL:!MD5:!ADH
- http_port 3128
- http_port 3129 tproxy
- quick_abort_min 0 KB
- quick_abort_max 0 KB
- quick_abort_pct 90
- range_offset_limit none patchpartial
- #range_offset_limit 128 KB !patchpartial
- request_header_access Range deny !patchpartial
- reply_header_access Range deny !patchpartial
- reply_header_access Alternate-Protocol deny all
- reply_header_access Alt-Svc deny all
- request_header_access User-Agent deny yt-watch !iphone !BB !Winphone !Android
- request_header_replace User-Agent Opera/9.80 (Windows NT 6.0) Presto/2.12.388 Version/12.14
- #request_header_replace User-Agent Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0) Opera 12.14
- #request_header_replace User-Agent Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
- ssl_bump peek step1 all
- ssl_bump bump all
- sslcrtd_program /usr/lib/squid/ssl_crtd -s /etc/squid/ssl_db -M 4MB
- #sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
- sslcrtd_children 2000 startup=30 idle=1
- sslproxy_capath /etc/ssl/certs
- sslproxy_cert_error allow all
- sslproxy_flags DONT_VERIFY_PEER
- sslproxy_flags NO_SESSION_REUSE
- ssl_unclean_shutdown on
- sslproxy_options NO_SSLv2,NO_SSLv3,SINGLE_ECDH_USE #Jika menggunakan versi setelah squid-3.5.12-20151222-r13967
- #sslproxy_options NO_SSLv2,NO_SSLv3
- sslproxy_cipher EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
- #cache_dir aufs /cache 700000 16 256
- cache_dir aufs /cache 640000 1 1
- cache_mem 16 MB
- cache_swap_low 97
- cache_swap_high 98
- cache_replacement_policy heap LFUDA
- memory_replacement_policy heap GDSF
- maximum_object_size 4096 MB
- maximum_object_size_in_memory 0 KB
- request_body_max_size 0 KB
- refresh_all_ims on
- reload_into_ims on
- cache_mgr cespun@gmail.com
- visible_hostname cespun-proxy
- coredump_dir /var/log/squid
- strip_query_terms off
- #debug_options 11,2 22,3
- logfile_rotate 1
- #logformat referer %ts.%03tu %>a %{Referer}>h %ru
- #logformat referer %ts.%03tu %>a %ru %{Referer}>h
- logformat referer %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mt %{Referer}>h %{User-Agent}>h
- access_log /var/log/squid/referer.log referer
- access_log /var/log/squid/access.log
- #cache_store_log /var/log/squid/store.log
- log_mime_hdrs off
- forwarded_for off
- via off
- #Strip HTTP Header
- request_header_access X-Forwarded-For deny all
- reply_header_access X-Forwarded-For deny all
- request_header_access Via deny all
- reply_header_access Via deny all
- max_filedescriptors 65536
- cache_swap_high 98
- cache_swap_low 95
- fqdncache_size 4096
- ipcache_size 4096
- dns_nameservers 208.67.222.222 208.67.220.220
- #ecap
- #yt_quality: tiny = 144px small = 240px medium = 360px large = 480px HD720 = Hd720px
- loadable_modules /usr/local/lib/ecap_adapter_modifying.so
- ecap_enable on
- request_header_access Accept-Encoding deny yt-watch
- ### youtube non-rang (full loading)
- ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying victim="enablejsapi" replacement="dash":"0","vq":"medium","enablejsapi"
- ### youtube range (half part loading)
- #ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying victim="enablejsapi" replacement="vq":"tiny","enablejsapi"
- adaptation_access modif allow yt-watch
- adaptation_access modif deny all
- cache deny speedtest
- url_rewrite_access allow speedtest
- url_rewrite_access deny all
- url_rewrite_program /etc/squid/speedtest.pl
- redirector_bypass on
- cache_peer 192.168.5.2 parent 8033 0 no-digest no-tproxy
- dead_peer_timeout 5 seconds
- cache_peer_access 192.168.5.2 allow speedtest
- cache_peer_access 192.168.5.2 deny all
- url_rewrite_children 2000 startup=30 idle=1
- store_id_bypass off
- store_id_extras "%{Referer}>h"
- store_id_program /etc/squid/storeid.pl
- store_id_children 2000 startup=30 idle=1
- store_id_access deny !getmethod
- store_id_access allow tostoreid
- store_id_access deny all
- store_miss deny youtube httptomiss
- send_hit deny youtube httptomiss
- store_miss deny youtube mimeplain
- send_hit deny youtube mimeplain
- store_miss deny mimehtml
- send_hit deny mimehtml
- refresh_pattern -i . 0 90% 432000 override-expire override-lastmod ignore-no-store ignore-must-revalidate ignore-private ignore-auth
- max_stale 10 years
- qos_flows local-hit=0x30
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
