# SQUID 2.7.STABLE7
# -----------------
# By : Angga Adi
# E-mail : dittaanggas7@gmail.com
# Blog : http://be2x-opensource.blogspot.com/
# ACCESS CONTROLS
# -----------------------------------------------------------------------------
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
# ACL GET cache
acl getmethod method GET
# Only http traffic can be scanned
acl Scan_HTTP proto HTTP
# Cache_Peer
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access allow SSL_ports
http_access allow Safe_ports
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow to_localhost
http_access allow localnet
http_access allow localhost
http_access deny all
http_reply_access allow all
reply_body_max_size 0 allow all
# OPTIONS FOR X-Forwarded-For
# -----------------------------------------------------------------------------
follow_x_forwarded_for deny all
# NETWORK OPTIONS
# -----------------------------------------------------------------------------
http_port 127.0.0.1:3128
tcp_outgoing_tos 0x04 localhost
tcp_outgoing_tos 0x04 localnet
tcp_outgoing_tos 0x04 to_localhost
zph_mode tos
zph_local 0x04
zph_parent 0x04
zph_option 136
# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
# -----------------------------------------------------------------------------
#cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default
cache_peer 127.0.0.1 parent 8080 0 no-query no-netdb-exchange default
cache_peer_access 127.0.0.1 allow all
hierarchy_stoplist cgi-bin ?
# MEMORY CACHE OPTIONS
# -----------------------------------------------------------------------------
cache_mem 8 MB
maximum_object_size_in_memory 8 KB
memory_replacement_policy heap GDSF
# DISK CACHE OPTIONS
# -----------------------------------------------------------------------------
cache_replacement_policy heap LFUDA
#cache_dir aufs /var/spool/squid 30000 26 256
cache_dir aufs /media/cache1 30000 26 256
cache_dir aufs /media/cache2 30000 26 256
cache_dir aufs /media/cache3 30000 26 256
cache_dir aufs /media/cache4 26000 26 256
store_dir_select_algorithm round-robin
max_open_disk_fds 0
minimum_object_size 0 KB
#maximum_object_size 4096 KB
#maximum_object_size 20480 KB
maximum_object_size 32000 KB
#maximum_object_size 100000 KB
cache_swap_low 90
cache_swap_high 95
update_headers on
# LOGFILE OPTIONS
# -----------------------------------------------------------------------------
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
logfile_rotate 0
pid_filename /var/run/squid.pid
# OPTIONS FOR URL REWRITING
# -----------------------------------------------------------------------------
storeurl_rewrite_program /etc/squid/storeurl.pl
storeurl_rewrite_children 8
storeurl_rewrite_concurrency 10
# OPTIONS FOR TUNING THE CACHE
# -----------------------------------------------------------------------------
cache allow all
max_stale 1 week
# 1 year = 525600 mins, 1 month = 43200 mins, 1 day = 1440 #
# options: override-expire
# override-lastmod
# reload-into-ims
# ignore-reload
# ignore-no-cache
# ignore-private
# ignore-auth
# stale-while-revalidate=NN
# ignore-stale-while-revalidate
# max-stale=NN
# negative-ttl=NN
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
# Speedtest
refresh_pattern \.speedtest/.* 43200 99999% 432000 override-expire ignore-reload ignore-no-cache
# Facebook => Cache-Control: private, no-cache, no-store, must-revalidate
refresh_pattern .facebook.com.*\.(swf|jpg|gif|png|mp3|php|js) 43800 95% 43800 ignore-private ignore-no-cache override-expire
# Game facebook
refresh_pattern .zynga.com.*\.(swf|jpg|gif|png|mp3) 43800 95% 43800 override-expire ignore-reload
# Youtube (i4) => Cache-Control: public, max-age=21600
refresh_pattern http://i4.ytimg.com 2160 100% 21600 ignore-auth
# Youtube (s) => Cache-Control=no-cache, must-revalidate
refresh_pattern http://s.ytimg.com 2160 100% 21600 ignore-no-cache
# Youtube cache => Cache-Control=private || Cache-Control=private, max-age=22897
#refresh_pattern http://o-o---preferred---sn-2uuxa3vh-n0ce---v19---lscache4.c.youtube.com 2289 100% 22987 ignore-private
refresh_pattern http://o-o---preferred---sn-2uuxa3vh-n0ce---v19---lscache4.c.youtube.com 2289 100% 22987 ignore-private
# Youtube nonxt4 => Cache-Control=private, max-age=23704 || Cache-Control=private, max-age=23648
#refresh_pattern http://o-o---preferred---sn-npo7en7y---v19---nonxt4.c.youtube.com 2370 100% 23704 ignore-private
refresh_pattern http://o-o---preferred---sn-npo7en7y---v19---nonxt4.c.youtube.com 2364 100% 23648 ignore-private
# Blog => Cache-Control: private, max-age=0
refresh_pattern .blogspot.com.*\.(swf|jpg|gif|png|mp3|php|js) 43800 95% 43800 override-lastmod reload-into-ims ignore-private
# Image
refresh_pattern \.(jp(e?g|e|2)|tiff?|bmp|gif|png)($|&) 43800 95% 43800 ignore-no-cache reload-into-ims override-expire
# Game
#refresh_pattern (zynga|ninjasaga|mafiawars|cityville|farmville|crowdstar|spilcdn|agame|popcap)\.com/.* 2629742 999999% 2629742 override-expire ignore-reload ignore-no-cache ignore-private
# CDN
#refresh_pattern \.(akamaihd|edgecastcdn|spilcdn|zgncdn|(tw|y|yt)img)\.com.*\.(jp(e?g|e|2)|gif|png|swf|mp(3|4)) 43200 99999% 43200 override-expire override-lastmod ignore-reload ignore-no-cache ignore-private
#refresh_pattern \.(rackcdn|spilcdn|zgncdn)\.com.*\.(jp(e?g|e|2)|gif|png|swf|mp(3|4)) 43200 9999% 43200 override-expire ignore-reload ignore-no-cache
# General
#refresh_pattern \.(jp(e?g|e|2)|tiff?|bmp|gif|png) 2629742 999999% 2629742 ignore-no-cache reload-into-ims override-expire ignore-private
#refresh_pattern \.(z(ip|[0-9]{2})|r(ar|[0-9]{2})|jar|bz2|gz|tar|rpm|vpu) 2629742 999999% 2629742 override-expire reload-into-ims ignore-no-cache ignore-private
#refresh_pattern \.(mp3|wav|og(g|a)|flac|midi?|rm|aac|wma|mka|ape) 2629742 999999% 2629742 override-expire reload-into-ims ignore-reload ignore-no-cache ignore-private
#refresh_pattern \.(exe|msi|msp|msu|dmg|bin|xpi|iso|swf|mar|psf|cab|deb) 2629742 999999% 2629742 override-expire reload-into-ims ignore-reload ignore-no-cache ignore-private
#refresh_pattern \.(mpeg|ra?m|avi|mp(g|e|4)|mov|divx|asf|wmv|m\dv|rv|vob|asx|ogm|flv|3gp|on2) 2629742 999999% 2629742 override-expire override-lastmod ignore-reload ignore-no-cache ignore-private ignore-auth negative-ttl=0
#refresh_pattern \.(php|jsp|cgi|asx|asp|aspx)\? 0 0% 0
#
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Package(.gz)*)$ 0 20% 2880
refresh_pattern (\.deb|\.udeb)$ 129600 100% 129600
refresh_pattern . 0 20% 4320
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 95
read_ahead_gap 16 KB
negative_ttl 5 minutes
store_avg_object_size 13 KB
# HTTP OPTIONS
# -----------------------------------------------------------------------------
request_header_max_size 20 KB
reply_header_max_size 20 KB
request_body_max_size 0 allow all
via on
header_access Via deny all
header_access Forwarded-For deny all
header_access X-Forwarded-For deny all
header_access Server deny all
header_access Referer deny all
header_access User-Agent deny all
header_replace User-Agent anonymous
server_http11 on
# TIMEOUTS
# -----------------------------------------------------------------------------
shutdown_lifetime 30 seconds
# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------
cache_mgr h4ck3r.h4x0r.org
cache_effective_user proxy
cache_effective_group proxy
visible_hostname h4ck3r-proxy-server
unique_hostname h4ck3r-proxy-server
# DELAY POOL PARAMETERS
# -----------------------------------------------------------------------------
# PERSISTENT CONNECTION HANDLING
# -----------------------------------------------------------------------------
# CACHE DIGEST OPTIONS
# -----------------------------------------------------------------------------
digest_generation on
digest_bits_per_entry 5
digest_rebuild_period 1 hour
digest_rewrite_period 1 hour
digest_swapout_chunk_size 4096 bytes
digest_rebuild_chunk_percentage 10
# OPTIONS INFLUENCING REQUEST FORWARDING
# -----------------------------------------------------------------------------
nonhierarchical_direct on
prefer_direct off
ignore_ims_on_miss off
always_direct allow localhost
always_direct allow localnet
always_direct allow to_localhost
never_direct allow all
# Only http traffic can be scanned
never_direct allow Scan_HTTP
# ADVANCED NETWORKING OPTIONS
# -----------------------------------------------------------------------------
max_filedescriptors 0
tcp_recv_bufsize 0 bytes
# DNS OPTIONS
# -----------------------------------------------------------------------------
check_hostnames on
dns_nameservers 127.0.0.1
hosts_file /etc/hosts
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
# MISCELLANEOUS
# -----------------------------------------------------------------------------
forwarded_for off
reload_into_ims on
coredump_dir /var/spool/squid
balance_on_multiple_ip on
pipeline_prefetch on
Tidak ada komentar:
Posting Komentar