squid.conf+squid-2.7.STABLE9+FreeBSD 8.1-RELEASE
Agustus 14, 2010 pukul 4:50 am | Ditulis dalam FreeBSD | 6 KomentarKaitkata: cachemgr.cgi, compile, compile kernel, conf, config, FreeBSD, FreeBSD 8.1-RELEASE, hight performance, kernel, kompile, kompile kernel, lightsquid, squid, squid 3, squid 3.0, squid conf, squid config, squid HEAD, squid hight performance, squid stable, squid v3, squid version 3, squid-2.7.STABLE9, squid-3.0.STABLE21, squid-3.0.STABLE21.tar.bz2, squid-3.0.STABLE21.tar.gz, squid-3.HEAD, squid3, suid.config
Spek PROXY
P.IV 3Ghz Intel Server
RAM 4 Gb
HDD 40 Gb –> /
HDD 80 Gb –> /cache
cekidot
##############################################################################
# WELCOME TO SQUID 2.7.STABLE9
# —————————-
############################################################################### OPTIONS FOR AUTHENTICATION
# —————————————————————————–auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off# ACCESS CONTROLS
# —————————————————————————–acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localnet src 192.168.0.0/24
acl warnet src 192.168.0.10
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl local-domain dstdomain localhost
acl snmpcommunity snmp_community public
acl porn url_regex “/etc/squid/porn.block.txt”#TIME dan FILTER DOWNLOAD
# —————————————————————————–acl download url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .tar .rpm .zip .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav .mov .msi .mp4 .7z
#acl TIME SMTWHFA 06:00 – 21:00# —————————————————————————–
acl IIX dst_as 7713 4622 4795 7597 4787 4795 4800
acl hotmail dstdomain .hotmail.com .msn.com .passport.net .msn.co.id .passport.com .lycos.com .cbn.net.id .google.com
acl hotmail dstdomain .indosat.net.id .bii.com .yahoo.com .akadns.net .kalbe.co.id .tigobalaitour.com .syariahonline.com
acl hotmail dstdomain .plasa.com .telkom.net.id .telkom.co.id .boleh.com
acl hotmail dstdomain 202.77.136.17 202.147.193.116 202.97.238.132 221.130.184.27
acl gator1 dstdomain .riaa.com .gator.com .xxxtoolbar.com .hotbar.com ftpaol.news
acl gator2 dstdom_regex gator hot_indonesia.exe
acl blokir dstdomain .rankyou.com .x10.com .infostart.com .startgp.com .iwantnet.net
acl blokir dstdomain .goclick.com .00fun.com .xupiter.com .sexlist.com .pageseeker.con
acl blokir dstdomain .fastmetasearch.com .trendmicro.com .grab.nastydollars.com
acl blokir dstdomain .evidence-eliminator.com .supereva.it .tjaw.com
acl blokir dstdomain .180solutions.com .hrvg.tk .cerials.net .vesperexchange.com .pornaccess.com
acl blokir dstdomain .loverboysusa.com
acl blokir dstdomain .nude-celebs-top.com .aqonk.com .mtvxxx.com .kittens.plays.com .loliti.com
acl blokir dstdomain .sex-info.cjb.net .usa-download.nocreditcard.com .pusatvcd.com .footjobsluts.com
acl blokir dstdomain .dev-download.nocreditcard.com .wazzupnet.com .hamsah.net .amateurpages.com
acl blokir dstdomain .hackwars.com .vasile200.home.ro .mrazirnydasice.cz .XXXTOLBAR.com .purecfnm.com
acl blokir dstdomain .hitbox.com .geocities.com/pelacurpenang .adlogix.com .daddyswap.com
acl blokir dstdomain .internet-optimizer.com .offshoreclicks.com .animespy.com
acl blokir dstdomain .leader.linkexchange.com .animedc.com .paypopup.com .sugarporn.net
acl blokir dstdomain .kaza.com .nastyxpix.com .reliz.ru .fullmovies.net .net-voyeurs.com
acl blokir dstdomain .virtuagirl2.com .spybouncer.com .kerclink.com .xxxindonesia.com
acl blokir dstdomain .getright.com .volcom.com .internetdownloadmanager.com .kazaa.com .fastclick.net
acl blokir dstdomain .freshdevices.com .reget.com .playboy.com
acl blokir dstdomain .leechget.de .netants.com .speedbit.com .gadisbandung.com
acl blokir dstdomain .netvampire.com .downloadaccelerator.com .imagecash.net .doubleclick.com .doubleclick.net
acl blokir dstdomain .cometsystems.com .mtreexxx.net .ceritabokep.com .valencemedia.com .celeb-fakes.net
acl blokir dstdomain .jpteen.org .xeex.com .spnt.placl file_terlarang url_regex -i hot_indonesia.exe
acl file_terlarang url_regex -i hotsurprise_id.exe
acl file_terlarang url_regex -i best-mp3-download.exe
acl file_terlarang url_regex -i R32.exe
acl file_terlarang url_regex -i rb32.exe
acl file_terlarang url_regex -i mp3.exe
acl file_terlarang url_regex -i HOTSEX.exe
acl file_terlarang url_regex -i Browser_Plugin.exe
acl file_terlarang url_regex -i DDialer.exe
acl file_terlarang url_regex -i od-teen21
acl file_terlarang url_regex -i URLDownload.exe
acl file_terlarang url_regex -i od-stnd67.exe
acl file_terlarang url_regex -i Download_Plugin.exe
acl file_terlarang url_regex -i od-teen52.exe
acl file_terlarang url_regex -i malaysex
acl file_terlarang url_regex -i edita.html
acl file_terlarang url_regex -i info.exe
acl file_terlarang url_regex -i run.exe
acl file_terlarang url_regex -i Lovers2Go
acl file_terlarang url_regex -i GlobalDialer
acl file_terlarang url_regex -i WebDialer
acl file_terlarang url_regex -i britneynude
acl file_terlarang url_regex -i download.exe
acl file_terlarang url_regex -i backup.exe
acl file_terlarang url_regex -i GnoOS2003
acl file_terlarang url_regex -i wintrim.exe
acl file_terlarang url_regex -i MPREXE.EXE
acl file_terlarang url_regex -i exengd.EXE
acl file_terlarang url_regex -i xxxvideo.exe
acl file_terlarang url_regex -i Save.exe
acl file_terlarang url_regex -i ATLBROWSER.DLL
acl file_terlarang url_regex -i NawaL_rm
acl file_terlarang url_regex -i Socks32.dll
acl file_terlarang url_regex -i Sc32Lnch.exe
acl file_terlarang url_regex -i dat0.exe
acl file_terlarang url_regex -i loadadv.exe
acl file_terlarang url_regex -i loadadv.exeacl SSL_ports port 443 # https,snews
acl SSL_ports port 563
acl SSL_ports port 2082
acl SSL_ports port 2083
acl SSL_ports port 2086
acl SSL_ports port 2087
acl SSL_ports port 2093
acl SSL_ports port 2095
acl SSL_ports port 2096acl Safe_ports port 21 # ftp
acl Safe_ports port 70 # gopher
acl Safe_ports port 80 # http
acl Safe_ports port 210 # wais
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 443 # https
acl Safe_ports port 448
acl Safe_ports port 488 # gss-http
acl Safe_ports port 563 # snews
acl Safe_ports port 591 # filemaker
acl Safe_ports port 631 # CUPS
acl Safe_ports port 777 # multiling http
acl Safe_ports port 808
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 2082
acl Safe_ports port 2083
acl Safe_ports port 2086
acl Safe_ports port 2087
acl Safe_ports port 2095
acl Safe_ports port 2096
acl Safe_ports port 5000-5200 # yahoomessenger
acl Safe_ports port 6666-6669 # mirc
acl Safe_ports port 8000
acl Safe_ports port 8082
acl Safe_ports port 8090
acl Safe_ports port 11999
acl CONNECT method CONNECTacl BADPORTS port 7 9 11 19 22 23 25 110 119 513 514 32768
acl CONFICKER port 135 136 137 138 139 445
acl VIRUS urlpath_regex winnt/system32/cmd.exe?
acl limit maxconn 20http_access deny warnet porn
http_access allow manager localhost
http_access allow manager IIX Safe_ports
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny gator1
http_access deny gator2
http_access deny blokir
http_access deny file_terlarang
http_access deny VIRUS
http_access deny BADPORTS
http_access deny CONFICKER
http_access allow localnet
http_access allow localhost
http_access deny all
icp_access allow localnet
icp_access deny all
miss_access allow localnet
miss_access allow localhost
miss_access deny all# NETWORK OPTIONS
# —————————————————————————–http_port 8080 transparent
zph_mode tos
zph_local 0×30
# zph_sibling 0
zph_parent 0
zph_option 136# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
# —————————————————————————–dead_peer_timeout 10 seconds
hierarchy_stoplist cgi-bin ?# MEMORY CACHE OPTIONS
# —————————————————————————–cache_mem 32 MB
maximum_object_size_in_memory 6 KB
memory_replacement_policy heap GDSF# DISK CACHE OPTIONS
# —————————————————————————–cache_replacement_policy heap LFUDA
cache_dir aufs /cache 50000 96 256
store_dir_select_algorithm round-robin
# store_dir_select_algorithm least-load
max_open_disk_fds 100
maximum_object_size 16 MB
cache_swap_low 98
cache_swap_high 99
# update_headers on# LOGFILE OPTIONS
# —————————————————————————–access_log /var/log/squid/logs/access.log squid
cache_log /dev/null
cache_store_log /dev/null
logfile_rotate 3
mime_table /usr/local/squid/etc/mime.conf
log_mime_hdrs off
pid_filename /var/run/squid.pid
debug_options ALL,1 98,2
log_fqdn off
buffered_logs on# OPTIONS FOR FTP GATEWAYING
# —————————————————————————–ftp_user anonymous@
ftp_list_width 32
ftp_passive on
ftp_sanitycheck on
ftp_telnet_protocol on# OPTIONS FOR URL REWRITING
# —————————————————————————–redirector_bypass off
# OPTIONS FOR TUNING THE CACHE
# —————————————————————————–refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320# —————————————————————————–
# Content-Type
# —————————————————————————–
# Content_Compressed_File
acl archive_content urlpath_regex -i \.(.gz|.rar.|.zip|.tgz|.npk|.vdf)$
# —————————————————————————–
# Content_Executable_File
acl archive_content urlpath_regex -i \.exe$
# —————————————————————————–
# Content_image_File
acl archive_content urlpath_regex -i \.(.bmp|.tiff|.gif|.gif|.jpeg|.jpg|.ico|.png|.pdf|.swf)$
acl archive_content urlpath_regex -i ^http://
# —————————————————————————–
# Refresh Archive Content
# —————————————————————————–
# Content_Compressed_File
refresh_pattern -i \.(.gz|.rar.|.zip|.tgz|.npk|.vdf)$ 43200 95% 86400 override-expire ignore-no-cache ignore-private
# —————————————————————————–
# Content_Executable_File
refresh_pattern -i \.exe$ 43200 95% 86400 override-expire ignore-no-cache ignore-private
# —————————————————————————–
# Content_image_File
refresh_pattern -i \.(.bmp|.tiff|.gif|.gif|.jpeg|.jpg|.ico|.png|.pdf|.swf)$ 43200 95% 86400 override-expire ignore-no-cache ignore-private
# —————————————————————————–
# REFRESH PATTERN
# —————————————————————————–
refresh_pattern -i \.(.class|.css|.js|.gif|.jpg)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(.jpe|.jpeg|.png|.bmp|.tif)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(.tiff|.mov|.avi|qt|mpeg)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(.mpg|.mpe|.wav|.au|.mid)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(.zip|.gz|.arj|.lha|.lzh)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(.rar|.tgz|.tar|.exe|.bin)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(.hqx|.pdf|.rtf|.doc|.swf)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(.inc|.cab|.ad|.txt|.dll|.vdf)$ 10080 100% 43200 override-expirerefresh_pattern ^http://*.google.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*korea.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.akamai.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.windowsmedia.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.googlesyndication.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.plasa.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.telkom.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://www.friendster.com/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.yimg.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.gmail.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.detik.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.kompas.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.media-indonesia.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.okezone.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.liputan6.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.metrotvnews.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.cnn.*/.* 720 100% 4320 reload-into-ims override-lastmod
#refresh_pattern ^http://*.facebook.*/.* 720 100% 4320 reload-into-ims override-lastmod
#refresh_pattern ^http://*.zynga.*/.* 720 100% 4320 reload-into-ims override-lastmod
#refresh_pattern ^http://*.holdem_poker.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.kapanlagi.*/.* 720 100% 4320 reload-into-ims override-lastmodquick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 98negative_ttl 3 minutes
positive_dns_ttl 53 seconds
negative_dns_ttl 29 seconds
store_avg_object_size 13 KB
store_objects_per_bucket 15# HTTP OPTIONS
# —————————————————————————–request_header_max_size 20 KB
reply_header_max_size 20 KB
request_body_max_size 0 KB
ie_refresh off
vary_ignore_expire on
header_access Accept-Encoding deny hotmail## BLANK BLANK
# server_http11 off# TIMEOUTS
# —————————————————————————–forward_timeout 4 minutes
connect_timeout 1 minute
peer_connect_timeout 1 minute
read_timeout 15 minutes
request_timeout 5 minutes
persistent_request_timeout 1 minutes
client_lifetime 60 minutes
half_closed_clients off
pconn_timeout 120 seconds
# ident_timeout 10 seconds
shutdown_lifetime 10 seconds# ADMINISTRATIVE PARAMETERS
# —————————————————————————–cache_mgr aska@green/trouble-call:0752-
cache_effective_user squid
cache_effective_group squid
visible_hostname squid.aska@green.net
cachemgr_passwd squid-cache aska# DELAY POOL PARAMETERS
# —————————————————————————–## dibuat 2 aturan
#delay_pools 2## aturan 1, tidak ada pembatasan
#delay_class 1 2
#delay_parameters 1 -1/-1 -1/-1## aturan 2, setelah download 2048000 bytes mk download menjadi 10000 bytes/s
#delay_class 2 2
##delay_parameters 2 -1/1008800 15000/1009800
#delay_parameters 2 -1/5048000 15000/5049000
##delay_parameters 2 10000/2049000#delay_access 1 deny download
#delay_access 1 allow all
#delay_access 2 allow download
#delay_access 2 deny all# delay_initial_bucket_level 50
# SNMP OPTIONS
# —————————————————————————–snmp_port 3401
snmp_access allow snmpcommunity localhost
snmp_access deny all# ICP OPTIONS
# —————————————————————————–icp_port 3130
icp_hit_stale on
query_icmp on
icp_query_timeout 0# MULTICAST ICP OPTIONS
# —————————————————————————–mcast_icp_query_timeout 2000
# OPTIONS INFLUENCING REQUEST FORWARDING
# —————————————————————————–always_direct allow localnet
# DNS OPTIONS
# —————————————————————————–dns_nameservers 202.134.0.155
dns_nameservers 203.130.193.74
dns_nameservers 202.134.2.5
dns_nameservers 208.67.222.222
dns_nameservers 208.67.220.220# hosts_file /etc/hosts
ignore_unknown_nameservers on
ipcache_size 8192
ipcache_low 98
ipcache_high 99
fqdncache_size 8192# MISCELLANEOUS
# —————————————————————————–forwarded_for off
client_db on
reload_into_ims on
coredump_dir /usr/local/squid
pipeline_prefetch on# —————————————————————————–
# —————————A—–S—-K—-A———————————
# —————————————————————————–
6 Komentar »
RSS umpan untuk komentar-komentar dalam tulisan ini. URI Lacak Balik
Tinggalkan Balasan
ASKA
Real Name :
Irwandi
Nick name :
Andy
Alias :
aska / Buayo / bLuE
Lahir :
Oktober 1974
Kampung :
Batusangkar
Hidup :
Bukittinggi
e-mail :
ibluemyblue@gmail.com
ym :
ibluemyblue
myblueiblue
Mobile
081267950180
Andy Pro Rider
Create Your BadgeThx to Visit
-
-
Blog pada WordPress.com. | Theme: Pool by Borja Fernandez.
Tulisan dan komentar feeds.
Good article.
Comment by jedsada— Oktober 17, 2010 #
Thx
Comment by aska— Oktober 25, 2010 #
om ajarin copasnya donk.. abis uda di liat ga bisa di praktekin nee om saya pake squid stable 4 terus squid.conf nya masih default,,buat di windows ne om…
maklum nubie nya kebangetan nee om… hehehehe…
Comment by sbeexz— November 29, 2010 #
Sebenarnya kalo spek proxy dan squid yang dipakai 2.7 karena aku makai ZPH, rasanya ngak akan ada masalah, kalo pun besar cache nya beda, sesaukan ajah sub direktory nya, perhitungannya banyak kok di googling
“buat di windows ne om… ” aduh ngak pernah coba aku nya T_T, aku pakai distro FreeBSD
Comment by aska— Januari 25, 2011 #
om.. mantep tutor nya, kebetulan kita sama2 pake freebsd 8.1 tapi yg jadi masalah waktu install videocache… ga bisa jalan, kadang2 keluar tulisan cant open http port, kadang2 jg cant open snmp port.. pernah dapet masalah gitu ga om, tolong balas ke email saya ya…
Comment by britline— Februari 9, 2011 #
aku ngak bikib buat nge cache video, soalnya keterbatasan data storage nya, bisa bisa video semua isi nya ^_^ ada coba sekali, ngikutin tut nya mas ogeb, tapi gagal juga, lupa aku error nya di mana, yang jelas ngak nge cache ajah tuh video, coba aja ke indofreebsd di ulasan mas ogeb ^_^
Comment by aska— Mei 11, 2011 #