# NETWORK OPTIONS
# —————————————————————————–
http_port 8880
icp_port 0
udp_incoming_address 0.0.0.0
udp_outgoing_address 255.255.255.255
icp_query_timeout 0
# maximum_icp_query_timeout 2000
dead_peer_timeout 30 seconds
hierarchy_stoplist cgi-bin ? .hotmail.com .passport.net .msn.com .bankmandiri.co.id
acl QUERY urlpath_regex cgi-bin \?
acl localdom dstdomain .ft
acl localdom dstdomain .ayodance.com .rf-online.web.id .o2jam.web.id
acl localip dst 192.168.133.0/255.255.255.0
acl localip dst 122.102.48.0/21
no_cache deny QUERY
no_cache deny localdom
no_cache deny localip
# OPTIONS WHICH AFFECT THE CACHE SIZE
# —————————————————————————–
cache_mem 8 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 1024 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 4 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF
# LOGFILE PATHNAMES AND CACHE DIRECTORIES
# —————————————————————————–
cache_dir diskd /var/spool/squid/ 50000 64 256 Q1=72 Q2=64
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
emulate_httpd_log off
log_ip_on_direct on
mime_table /etc/squid/mime.conf
log_mime_hdrs off
pid_filename /var/run/squid.pid
log_fqdn off
client_netmask 255.255.255.255
debug_options ALL,1
# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
# —————————————————————————–
ftp_user warnet@chitchat
ftp_list_width 32
ftp_passive on
ftp_sanitycheck on
dns_retransmit_interval 5 seconds
dns_timeout 5 minutes
#dns_nameservers 192.168.2.1
diskd_program /usr/lib/squid/diskd
unlinkd_program /usr/lib/squid/unlinkd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
authenticate_cache_garbage_interval 1 hour
authenticate_ttl 1 hour
authenticate_ip_ttl 0 seconds
# OPTIONS FOR TUNING THE CACHE
# —————————————————————————–
wais_relay_port 0
request_header_max_size 10 KB
request_body_max_size 0 KB
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 40% 4320
quick_abort_min 8 KB
quick_abort_max 8 KB
quick_abort_pct 95
negative_ttl 5 minutes
positive_dns_ttl 3 hours
negative_dns_ttl 1 minute
#range_offset_limit -1 KB
# TIMEOUTS
# —————————————————————————–
forward_timeout 5 minutes
connect_timeout 180 seconds
peer_connect_timeout 20 seconds
read_timeout 15 minutes
request_timeout 120 seconds
persistent_request_timeout 1 minute
client_lifetime 1 day
half_closed_clients off
pconn_timeout 120 seconds
shutdown_lifetime 30 seconds
# ACCESS CONTROLS
# —————————————————————————–
# ACLs
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl LAN src 192.168.133.0/255.255.255.0
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 8888 # local web
acl CONNECT method CONNECT
# Rules
http_access allow manager localhost LAN
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access allow LAN
http_access deny all
http_reply_access allow all
icp_access allow all
miss_access allow all
reply_body_max_size 0 allow all
# ADMINISTRATIVE PARAMETERS
# —————————————————————————–
cache_mgr root@localhost
cachemgr_passwd rahasia info stats/objects
cache_effective_user cumi
cache_effective_group cumi
visible_hostname server
# HTTPD-ACCELERATOR OPTIONS
# —————————————————————————–
httpd_accel_port 80
httpd_accel_host virtual
httpd_accel_single_host off
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
# MISCELLANEOUS
# —————————————————————————–
logfile_rotate 1
tcp_recv_bufsize 0 bytes
memory_pools off
#memory_pools_limit 256 MB
forwarded_for off
log_icp_queries on
icp_hit_stale off
minimum_direct_hops 4
minimum_direct_rtt 400
store_avg_object_size 13 KB
store_objects_per_bucket 20
client_db off
#netdb_low 900
#netdb_high 1000
#netdb_ping_period 5 minutes
test_reachability off
buffered_logs off
acl ft dst 192.168.133.0/24
acl FTP proto FTP
acl SSL proto SSL
always_direct allow ft
always_direct allow FTP
always_direct allow SSL
always_direct deny all
maximum_single_addr_tries 3
snmp_port 3401
#Example:
#snmp_access allow snmppublic localhost
snmp_access deny all
snmp_incoming_address 0.0.0.0
snmp_outgoing_address 255.255.255.255
# DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option)
# —————————————————————————–
acl pool1 url_regex 192.168.133.*
acl pool2 url_regex -i ftp .exe .mp3 .mp4 .vqf .tar.gz .wma .wmv .gz .rpm .zip .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav .pdf .mov .lha .arj .tgz .bz2 .Z .dat .asf .bin .cab .xpi .tar .doc .xls .ppt .bin .yim .3gp .deb .pak .txl .tpa .flv 202.78.197.66 202.78.197.12 202.93.20.22 202.150.251.16 .swf
delay_pools 2
## pool 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_access 1 allow pool1 !pool2
## pool 2
delay_class 2 2
delay_parameters 2 15000/200000 2000/100000
delay_access 2 allow pool2 !pool1
# BLAH
# —————————————————————————–
delay_initial_bucket_level 50
incoming_icp_average 6
incoming_http_average 4
incoming_dns_average 4
min_icp_poll_cnt 8
min_dns_poll_cnt 8
min_http_poll_cnt 8
max_open_disk_fds 0
offline_mode off
uri_whitespace strip
nonhierarchical_direct on
prefer_direct off
strip_query_terms on
coredump_dir none
ignore_unknown_nameservers on
client_persistent_connections on
server_persistent_connections on
pipeline_prefetch on
request_entities off
high_response_time_warning 0
high_page_fault_warning 0
high_memory_warning 0
store_dir_select_algorithm least-load
ie_refresh on
vary_ignore_expire off
sleep_after_fork 0
acl buggy_server url_regex ^http://*.1rstwap\.com$
broken_posts allow buggy_server
relaxed_header_parser on
detect_broken_pconn on
balance_on_multiple_ip off
detect_broken_pconn on
No comments:
Post a Comment