hky

squid.conf jamalinux.com

WELCOME TO SQUID 2

——————

—————————————————————————–

NETWORK OPTIONS

http_port 192.168.0.1:3128
icp_port 0

htcp_port 4827

tcp_outgoing_address 255.255.255.255

udp_incoming_address 0.0.0.0

udp_outgoing_address 255.255.255.255

—————————————————————————–

OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM

icp_query_timeout 0

maximum_icp_query_timeout 2000

mcast_icp_query_timeout 2000

dead_peer_timeout 10 seconds

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

—————————————————————————–

OPTIONS WHICH AFFECT THE CACHE SIZE

cache_mem 15 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 16 KB

ipcache_size 1024

ipcache_low 90

ipcache_high 95

fqdncache_size 1024

cache_replacement_policy heap LFUDA
memory_replacement_policy heap LFUDA

—————————————————————————–

LOGFILE PATHNAMES AND CACHE DIRECTORIES

cache_dir diskd /opt/squid/cache1 1228 32 256 Q1=72 Q2=64
cache_dir diskd /opt/squid/cache2 1228 32 256 Q1=72 Q2=64
cache_access_log /dev/null #/opt/squid/logs/access.log
cache_log /dev/null #/opt/squid/logs/cache.log
cache_store_log none

emulate_httpd_log off

log_ip_on_direct on

mime_table /opt/squid/etc/mime.conf

log_mime_hdrs off

pid_filename /var/run/squid.pid

debug_options ALL,1

log_fqdn off

client_netmask 255.255.255.255

—————————————————————————–

OPTIONS FOR EXTERNAL SUPPORT PROGRAMS

ftp_user squid@kedai.net
ftp_list_width 32

ftp_passive on

cache_dns_program /opt/squid/libexec/squid/

dns_children 5

dns_retransmit_interval 5 seconds

dns_timeout 5 minutes

dns_defnames off

diskd_program /opt/squid/libexec/squid/diskd
unlinkd_program /opt/squid/libexec/squid/unlinkd

pinger_program /opt/squid/libexec/squid/

redirect_children 5

redirect_rewrites_host_header on

authenticate_children 5

authenticate_ttl 1 hour

authenticate_ip_ttl 0 seconds

authenticate_ip_ttl_is_strict on

—————————————————————————–

OPTIONS FOR TUNING THE CACHE

wais_relay_port 0

request_header_max_size 10 KB

request_body_max_size 1 MB

reply_body_max_size 0

refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern . 0 20% 4320

reference_age 1 year

quick_abort_min 16 KB

quick_abort_max 16 KB

quick_abort_pct 95

negative_ttl 5 minutes

positive_dns_ttl 6 hours

negative_dns_ttl 5 minutes

range_offset_limit 0 KB

connect_timeout 2 minutes

peer_connect_timeout 30 seconds

siteselect_timeout 4 seconds

read_timeout 15 minutes

request_timeout 30 seconds

client_lifetime 1 day

half_closed_clients on

pconn_timeout 120 seconds

ident_timeout 10 seconds

shutdown_lifetime 30 seconds

—————————————————————————–

ACCESS CONTROLS

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl kedai src 192.168.0.0/24
acl spyware dstdomain .gator.com .gohip.com

#acl bokep1 dst “/opt/squid/etc/filter/ip_porno.txt”

#acl bokep2 dstdomain “/opt/squid/etc/filter/dom_porno.txt”

#acl bokep3 url_regex -i “/opt/squid/etc/filter/url_porno.txt”

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny spyware
http_access allow kedai
http_access deny all
icp_access deny all
miss_access allow all

proxy_auth_realm Squid proxy-caching web server

ident_lookup_access deny all

—————————————————————————–

ADMINISTRATIVE PARAMETERS

cache_mgr jamal@jamalinux.com
cache_effective_user squid
cache_effective_group nogroup
visible_hostname Kedai.net

—————————————————————————–

OPTIONS FOR THE CACHE REGISTRATION SERVICE

announce_period 0

announce_host tracker.ircache.net

announce_port 3131

—————————————————————————–

HTTPD-ACCELERATOR OPTIONS

httpd_accel_port 80
httpd_accel_host virtual
httpd_accel_single_host off
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

—————————————————————————–

MISCELLANEOUS

dns_testnames netscape.com internic.net nlanr.net microsoft.com

logfile_rotate 10

append_domain .yourdomain.com

tcp_recv_bufsize 0 bytes

memory_pools on

forwarded_for off

log_icp_queries on

icp_hit_stale off

minimum_direct_hops 4

minimum_direct_rtt 400

cachemgr_passwd secret shutdown

cachemgr_passwd lesssssssecret info stats/objects

cachemgr_passwd disable all

store_avg_object_size 13 KB

store_objects_per_bucket 20

client_db on

netdb_low 900

netdb_high 1000

netdb_ping_period 5 minutes

query_icmp off

test_reachability off

buffered_logs off

reload_into_ims off

– standard anonymizer –

anonymize_headers deny From Referer Server
anonymize_headers deny WWW-Authenticate Link
anonymize_headers deny Via X-Forwarded-For

– paranoid anonymizer –

anonymize_headers allow Allow Authorization Cache-Control

anonymize_headers allow Content-Encoding Content-Length

anonymize_headers allow Content-Type Date Expires Host

anonymize_headers allow If-Modified-Since Last-Modified

anonymize_headers allow Location Pragma Accept

anonymize_headers allow Accept-Encoding Accept-Language

anonymize_headers allow Content-Language Mime-Version

anonymize_headers allow Retry-After Title Connection

anonymize_headers allow Proxy-Connection

fake_user_agent

icon_directory /opt/squid/etc/icons

error_directory /opt/squid/etc/errors

minimum_retry_timeout 5 seconds

maximum_single_addr_tries 3

snmp_port 3401

snmp_access allow snmppublic localhost

snmp_access deny all

snmp_access deny all

snmp_incoming_address 0.0.0.0

snmp_outgoing_address 255.255.255.255

as_whois_server whois.ra.net

as_whois_server whois.ra.net

wccp_router 0.0.0.0

wccp_version 4

wccp_incoming_address 0.0.0.0

wccp_outgoing_address 255.255.255.255

—————————————————————————–

DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option)

delay_pools 0

delay_pools 2 # 2 delay pools

delay_class 1 2 # pool 1 is a class 2 pool

delay_class 2 3 # pool 2 is a class 3 pool

delay_access 1 allow some_big_clients

delay_access 1 deny all

delay_access 2 allow lotsa_little_clients

delay_access 2 deny all

delay_initial_bucket_level 50

incoming_icp_average 6

incoming_http_average 4

incoming_dns_average 4

min_icp_poll_cnt 8

min_dns_poll_cnt 8

min_http_poll_cnt 8

max_open_disk_fds 0

offline_mode off

uri_whitespace strip

mcast_miss_addr 255.255.255.255

mcast_miss_ttl 16

mcast_miss_port 3135

mcast_miss_encode_key XXXXXXXXXXXXXXXX

nonhierarchical_direct on

prefer_direct off

strip_query_terms on

redirector_bypass off

ignore_unknown_nameservers on

digest_generation on

digest_bits_per_entry 5

digest_rebuild_period 1 hour

digest_rewrite_period 1 hour

digest_swapout_chunk_size 4096 bytes

digest_rebuild_chunk_percentage 10

client_persistent_connections on

server_persistent_connections on

pipeline_prefetch on

high_response_time_warning 0

high_page_fault_warning 0

high_memory_warning 0

store_dir_select_algorithm round-robin
ie_refresh on

and now for our stupid parent proxy

cache_peer cache.iconpln.net.id parent 8080 0 no-query default

#cache_peer 202.93.37.150 parent 8080 0 no-query default
acl boleh dstdomain .bolehnet.com .bolehgame.com .boleh.com .boleh.net .bolehmail.com
acl boleh dstdomain .mweb.co.id .kafegaul.com .satunet.com .astaga.com
acl lokal dstdomain .iconpln.net.id .jamalinux.com .imansyah.net .digitooth.com jatinangor.com
never_direct deny boleh
never_direct deny lokal
never_direct allow all
always_direct allow boleh
always_direct allow lokal
always_direct deny all

Comments

Proudly published with Hexo