squid.conf jamalinux.com
WELCOME TO SQUID 2
——————
—————————————————————————–
NETWORK OPTIONS
http_port 192.168.0.1:3128
icp_port 0
htcp_port 4827
tcp_outgoing_address 255.255.255.255
udp_incoming_address 0.0.0.0
udp_outgoing_address 255.255.255.255
—————————————————————————–
OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
icp_query_timeout 0
maximum_icp_query_timeout 2000
mcast_icp_query_timeout 2000
dead_peer_timeout 10 seconds
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
—————————————————————————–
OPTIONS WHICH AFFECT THE CACHE SIZE
cache_mem 15 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 16 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
cache_replacement_policy heap LFUDA
memory_replacement_policy heap LFUDA
—————————————————————————–
LOGFILE PATHNAMES AND CACHE DIRECTORIES
cache_dir diskd /opt/squid/cache1 1228 32 256 Q1=72 Q2=64
cache_dir diskd /opt/squid/cache2 1228 32 256 Q1=72 Q2=64
cache_access_log /dev/null #/opt/squid/logs/access.log
cache_log /dev/null #/opt/squid/logs/cache.log
cache_store_log none
emulate_httpd_log off
log_ip_on_direct on
mime_table /opt/squid/etc/mime.conf
log_mime_hdrs off
pid_filename /var/run/squid.pid
debug_options ALL,1
log_fqdn off
client_netmask 255.255.255.255
—————————————————————————–
OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
ftp_user squid@kedai.net
ftp_list_width 32
ftp_passive on
cache_dns_program /opt/squid/libexec/squid/
dns_children 5
dns_retransmit_interval 5 seconds
dns_timeout 5 minutes
dns_defnames off
diskd_program /opt/squid/libexec/squid/diskd
unlinkd_program /opt/squid/libexec/squid/unlinkd
pinger_program /opt/squid/libexec/squid/
redirect_children 5
redirect_rewrites_host_header on
authenticate_children 5
authenticate_ttl 1 hour
authenticate_ip_ttl 0 seconds
authenticate_ip_ttl_is_strict on
—————————————————————————–
OPTIONS FOR TUNING THE CACHE
wais_relay_port 0
request_header_max_size 10 KB
request_body_max_size 1 MB
reply_body_max_size 0
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
reference_age 1 year
quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95
negative_ttl 5 minutes
positive_dns_ttl 6 hours
negative_dns_ttl 5 minutes
range_offset_limit 0 KB
connect_timeout 2 minutes
peer_connect_timeout 30 seconds
siteselect_timeout 4 seconds
read_timeout 15 minutes
request_timeout 30 seconds
client_lifetime 1 day
half_closed_clients on
pconn_timeout 120 seconds
ident_timeout 10 seconds
shutdown_lifetime 30 seconds
—————————————————————————–
ACCESS CONTROLS
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl kedai src 192.168.0.0/24
acl spyware dstdomain .gator.com .gohip.com
#acl bokep1 dst “/opt/squid/etc/filter/ip_porno.txt”
#acl bokep2 dstdomain “/opt/squid/etc/filter/dom_porno.txt”
#acl bokep3 url_regex -i “/opt/squid/etc/filter/url_porno.txt”
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny spyware
http_access allow kedai
http_access deny all
icp_access deny all
miss_access allow all
proxy_auth_realm Squid proxy-caching web server
ident_lookup_access deny all
—————————————————————————–
ADMINISTRATIVE PARAMETERS
cache_mgr jamal@jamalinux.com
cache_effective_user squid
cache_effective_group nogroup
visible_hostname Kedai.net
—————————————————————————–
OPTIONS FOR THE CACHE REGISTRATION SERVICE
announce_period 0
announce_host tracker.ircache.net
announce_port 3131
—————————————————————————–
HTTPD-ACCELERATOR OPTIONS
httpd_accel_port 80
httpd_accel_host virtual
httpd_accel_single_host off
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
—————————————————————————–
MISCELLANEOUS
dns_testnames netscape.com internic.net nlanr.net microsoft.com
logfile_rotate 10
append_domain .yourdomain.com
tcp_recv_bufsize 0 bytes
memory_pools on
forwarded_for off
log_icp_queries on
icp_hit_stale off
minimum_direct_hops 4
minimum_direct_rtt 400
cachemgr_passwd secret shutdown
cachemgr_passwd lesssssssecret info stats/objects
cachemgr_passwd disable all
store_avg_object_size 13 KB
store_objects_per_bucket 20
client_db on
netdb_low 900
netdb_high 1000
netdb_ping_period 5 minutes
query_icmp off
test_reachability off
buffered_logs off
reload_into_ims off
– standard anonymizer –
anonymize_headers deny From Referer Server
anonymize_headers deny WWW-Authenticate Link
anonymize_headers deny Via X-Forwarded-For
– paranoid anonymizer –
anonymize_headers allow Allow Authorization Cache-Control
anonymize_headers allow Content-Encoding Content-Length
anonymize_headers allow Content-Type Date Expires Host
anonymize_headers allow If-Modified-Since Last-Modified
anonymize_headers allow Location Pragma Accept
anonymize_headers allow Accept-Encoding Accept-Language
anonymize_headers allow Content-Language Mime-Version
anonymize_headers allow Retry-After Title Connection
anonymize_headers allow Proxy-Connection
fake_user_agent
icon_directory /opt/squid/etc/icons
error_directory /opt/squid/etc/errors
minimum_retry_timeout 5 seconds
maximum_single_addr_tries 3
snmp_port 3401
snmp_access allow snmppublic localhost
snmp_access deny all
snmp_access deny all
snmp_incoming_address 0.0.0.0
snmp_outgoing_address 255.255.255.255
as_whois_server whois.ra.net
as_whois_server whois.ra.net
wccp_router 0.0.0.0
wccp_version 4
wccp_incoming_address 0.0.0.0
wccp_outgoing_address 255.255.255.255
—————————————————————————–
DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option)
delay_pools 0
delay_pools 2 # 2 delay pools
delay_class 1 2 # pool 1 is a class 2 pool
delay_class 2 3 # pool 2 is a class 3 pool
delay_access 1 allow some_big_clients
delay_access 1 deny all
delay_access 2 allow lotsa_little_clients
delay_access 2 deny all
delay_initial_bucket_level 50
incoming_icp_average 6
incoming_http_average 4
incoming_dns_average 4
min_icp_poll_cnt 8
min_dns_poll_cnt 8
min_http_poll_cnt 8
max_open_disk_fds 0
offline_mode off
uri_whitespace strip
mcast_miss_addr 255.255.255.255
mcast_miss_ttl 16
mcast_miss_port 3135
mcast_miss_encode_key XXXXXXXXXXXXXXXX
nonhierarchical_direct on
prefer_direct off
strip_query_terms on
redirector_bypass off
ignore_unknown_nameservers on
digest_generation on
digest_bits_per_entry 5
digest_rebuild_period 1 hour
digest_rewrite_period 1 hour
digest_swapout_chunk_size 4096 bytes
digest_rebuild_chunk_percentage 10
client_persistent_connections on
server_persistent_connections on
pipeline_prefetch on
high_response_time_warning 0
high_page_fault_warning 0
high_memory_warning 0
store_dir_select_algorithm round-robin
ie_refresh on
and now for our stupid parent proxy
cache_peer cache.iconpln.net.id parent 8080 0 no-query default
#cache_peer 202.93.37.150 parent 8080 0 no-query default
acl boleh dstdomain .bolehnet.com .bolehgame.com .boleh.com .boleh.net .bolehmail.com
acl boleh dstdomain .mweb.co.id .kafegaul.com .satunet.com .astaga.com
acl lokal dstdomain .iconpln.net.id .jamalinux.com .imansyah.net .digitooth.com jatinangor.com
never_direct deny boleh
never_direct deny lokal
never_direct allow all
always_direct allow boleh
always_direct allow lokal
always_direct deny all
Comments