Sampe squid.conf

Berikut contoh script buat di tandem dengan mikrotik, dimana menggunakan proxy external

### Konfigurasi port
http_port 3128 transparent
prefer_direct off

### Bypass javascript, perl website (jika perlu) dan situs2 yang dekat (satu network) deklarasikan disini

###Untuk caching Facebook, lebih aktif jika ini di comment(non aktif)
#hierarchy_stoplist cgi-bin ? localhost
#acl QUERY urlpath_regex cgi-bin \? localhost
#no_cache deny QUERY

###Tuning Cache & Objek
cache_mem 8 MB
cache_swap_low 95
cache_swap_high 97
max_filedesc 8192
#server_http11 on
#nilai maksimum file 300MB yang disimpan oleh squid, bisa anda atur sesuai kebutuhan
maximum_object_size 300 MB
minimum_object_size 0 bytes
maximum_object_size_in_memory 32 KB
ipcache_size 4096
ipcache_low 95
ipcache_low 97
fqdncache_size 4096
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF

###Lokasi Cache
#nilai cache 20240 bisa anda ubah sesuai space hardisk anda 20240 dalam satuan megabyte
#misal anda ingin menjadikan masing2 direktori cache sebesar 40GB maka kalikan 40 dengan 1024
cache_dir aufs /cache1 20240 32 256
cache_dir aufs /cache2 20240 32 256
cache_dir aufs /cache3 20240 32 256
cache_dir aufs /cache4 20240 32 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
cache_swap_log /var/log/squid/swap.state

###DNS Server & Cache Queries
#dns_nameservers 8.8.8.8 8.8.4.4
#dns_nameservers 127.0.0.1

###Cache Options
emulate_httpd_log off
hosts_file /etc/hosts

###Objek-objek statis waktu penyimpanannya diperlama
refresh_pattern -i \.(jp?g|gif|pnp|png\?bm?)$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.jar$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.dll$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.klz$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.dif$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.avi$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.iso$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.3gp$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.mpeg$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.xml$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.exe$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.zip$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.rar$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.mp3$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.dll$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.rar$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.npz$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.cfg$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.ver$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.erl$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.npz$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.xt$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.xtp$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.cfg$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.des$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.new$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.t2bk$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.smd$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.gi$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.dat$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.luc$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.flv$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.html$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.htm$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.php$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.jsp$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.swf$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.bin$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.pdf$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.mp4$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 ignore-reload override-expire reload-into-ims
refresh_pattern ^ftp 1440 20% 10080
refresh_pattern ^gopher 1440 20% 10080
refresh_pattern . 480 50% 22160 reload-into-ims

###Access Control
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 #https,snews
acl SSL_ports port 873 #rsync
acl Safe_ports port 80 #http
acl Safe_ports port 21 #ftp
acl Safe_ports port 443 563 #https,snews
acl Safe_ports port 70 #gopher
acl Safe_ports port 210 #wais
acl Safe_ports port 1025-65535 #unregistered ports
acl Safe_ports port 280 #http-mgmt
acl Safe_ports port 488 #gss-http
acl Safe_ports port 591 #filemaker
acl Safe_ports port 777 #multiling http
acl Safe_ports port 631 #cups
acl Safe_ports port 873 #rsync
acl Safe_ports port 901 #SWAT
acl inputIP url_regex ^http://[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/$
acl inputIP url_regex ^http://[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
#http_access deny inputIP
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

###ACL Akses
##tulisan mattnuxNET di dua baris dibawah harus sama, bisa juga anda pakai nama lain
acl labbelajar src 192.168.56.0/24 #ip lan anda, bisa lebih dari satu network tentunya🙂
http_access allow localhost
http_access allow labbelajar
http_access deny all
visible_hostname proxy.lab
cache_effective_user proxy
cache_effective_group proxy
coredump_dir /var/spool/squid
pid_filename /var/run/squid.pid
shutdown_lifetime 5 seconds
logfile_rotate 7

###Monitoring SNMP
#snmp_port 3401 #acl snmpsquid snmp_community public
#snmp_access allow snmpsquid localhost
#snmp_access deny all

###Marking ZPH
zph_mode tos
zph_local 0x30
#zph_parent 0
#tcp_outgoing_tos 0x30 all

Both comments and trackbacks are currently closed.
%d blogger menyukai ini: