Advertisement
punces

squid.conf

Dec 1st, 2016
1,317
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.81 KB | None | 0 0
  1. reply_header_access Alternate-Protocol deny all
  2. reply_header_access Alt-Svc deny all
  3.  
  4. cache_dir aufs /cache 720000 21980 256
  5. cache_mem 2 MB
  6. cache_swap_high 95
  7. cache_swap_low 90
  8.  
  9. cache_replacement_policy heap LFUDA
  10. memory_replacement_policy heap GDSF
  11.  
  12. maximum_object_size 4096000 KB
  13. maximum_object_size_in_memory 0 KB
  14.  
  15. cache_mgr cespun@gmail.com
  16. visible_hostname cespun-proxy
  17. strip_query_terms off
  18. httpd_suppress_version_string on
  19. log_mime_hdrs off
  20. forwarded_for off
  21. via off
  22.  
  23. max_filedescriptors 65536
  24.  
  25. fqdncache_size 4096
  26. ipcache_size 4096
  27. ipcache_high 95
  28. ipcache_low 90
  29.  
  30. http_port 3128
  31. http_port 3129 tproxy
  32. #https_port 3127 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/warnet.pem
  33. https_port 3127 tproxy ssl-bump generate-host-certificates=on cert=/etc/squid/ssl_cert/warnet.pem
  34.  
  35.  
  36. qos_flows local-hit=0x30
  37.  
  38. acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
  39. acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
  40. acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
  41. acl localnet src fc00::/7 # RFC 4193 local private network range
  42. acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
  43. acl SSL_ports port 443
  44. acl Safe_ports port 80 # http
  45. acl Safe_ports port 182 # http
  46. acl Safe_ports port 21 # ftp
  47. acl Safe_ports port 443 # https
  48. acl Safe_ports port 70 # gopher
  49. acl Safe_ports port 210 # wais
  50. acl Safe_ports port 1025-65535 # unregistered ports
  51. acl Safe_ports port 280 # http-mgmt
  52. acl Safe_ports port 488 # gss-http
  53. acl Safe_ports port 591 # filemaker
  54. acl Safe_ports port 777 # multiling http
  55.  
  56. acl step1 at_step SslBump1
  57. acl step2 at_step SslBump2
  58. acl step3 at_step SslBump3
  59. acl range206 req_header Range -i byte
  60. acl iphone browser -i regexp (iPhone|iPad)
  61. acl BB browser -i regexp (BlackBerry|PlayBook)
  62. acl Winphone browser -i regexp (Windows.*Phone|Trident|IEMobile)
  63. acl Android browser -i regexp Android
  64. acl yt-rewrite url_regex -i ^https?\:\/\/(www|gaming)\.youtube\.com\/(watch\?v|embed|v)[=%&?\/]
  65. acl speedtest url_regex -i ^http.*(speedtest|espeed|api\.ookla).*\/(speedtest\.swf|speedtest-long\.swf|latency\.txt|upload\.php|speedtest-config\.php|ipaddress\.php|random.*\.jpg)
  66. acl youtube url_regex -i ^http.*(youtube|googlevideo|videoplayback|videogoodput)
  67. acl urltomiss url_regex -i ^http.*(update|patch).*versi
  68. acl urltomiss url_regex -i ^http.*versi.*(update|patch)
  69. acl urltomiss url_regex -i ^http.*(update|patch|versi|version)\.ini
  70. acl urltomiss url_regex -i ^http.*(antihack|xigncode|gameguard|captcha|\.aspx|\.html|\.shtml|\.xhtml|\.ini)
  71. acl urltomiss url_regex -i ^http.*googlevideo\.com\/video(playback|goodput).*source[\&\=\?\/]yt_live
  72. acl urltomiss url_regex -i ^http.*googleapis\.com\/game
  73. acl patchpartial url_regex -i ^http.*patch.*garena
  74. acl patchpartial url_regex -i ^http.*garena.*patch
  75. acl httptomiss http_status 302
  76. acl mimehtml rep_mime_type -i mime-type ^text/html
  77. acl mimeplain rep_mime_type -i mime-type ^text/plain
  78. acl tostoreid url_regex -i ^http.*(youtube|googlevideo|videoplayback|videogoodput)
  79. acl tostoreid url_regex -i ^http.*(fbcdn|akamaihd)
  80. acl tostoreid url_regex -i ^http.*c2lo\.reverbnation\.com\/audio_player\/ec_stream_song\/.*\?
  81. acl tostoreid url_regex -i ^http.*\.c\.android\.clients\.google\.com\/market\/GetBinary\/GetBinary\/.*\/.*\?
  82. acl tostoreid url_regex -i ^http.*datafilehost.*\/get\.php.*file\=.*
  83. acl tostoreid url_regex -i ^http.*\.filehippo\.com\/.*\?
  84. acl tostoreid url_regex -i ^http.*\.4shared\.com\/.*\/.*\/.*\/dlink.*preview.mp3
  85. acl tostoreid url_regex -i ^http.*\.4shared\.com\/download\/.*\/.*\?tsid
  86. acl tostoreid url_regex -i ^http.*steam(powered|content)
  87. acl tostoreid url_regex -i ^http.*savefile\.co\:182\/.*\/.*\.(mp4|flv|3gp)
  88. acl tostoreid url_regex -i ^http.*video\-http\.media\-imdb\.com\/.*\.mp4\?
  89. acl tostoreid url_regex -i ^http.*\.dl\.sourceforge\.net
  90. acl CONNECT method CONNECT
  91. acl getmethod method GET
  92.  
  93. acl kendedes url_regex -i ^http.*kendedes\.uzone\.id
  94. deny_info https://www.youtube.com kendedes
  95. http_access deny kendedes
  96.  
  97. acl positif url_regex -i ^http.*internetposisif\.uzone\.id
  98. deny_info http://10.212.212.212:8033/maksiat.jpg positif
  99. http_access deny positif
  100.  
  101. acl blokir url_regex -i "/etc/squid/blokir.txt"
  102. deny_info http://10.212.212.212:8033/maksiat.jpg blokir
  103. http_access deny blokir
  104.  
  105. http_access deny !Safe_ports
  106. http_access deny CONNECT !SSL_ports
  107. http_access allow localhost manager
  108. http_access deny manager
  109. http_access allow localnet
  110. http_access allow localhost
  111. http_access deny all
  112.  
  113. range_offset_limit none range206 patchpartial
  114. quick_abort_min 1 KB
  115. quick_abort_max 1 KB
  116. quick_abort_pct 95
  117.  
  118. cache deny speedtest
  119. cache deny urltomiss
  120. cache deny localhost
  121. ssl_bump splice localhost
  122. ssl_bump peek step1 all
  123. ssl_bump bump all
  124.  
  125. sslproxy_cert_error allow all
  126. sslproxy_flags DONT_VERIFY_PEER
  127.  
  128. #cache_log /dev/null
  129. access_log /var/log/squid/access.log !CONNECT
  130. netdb_filename none
  131.  
  132. url_rewrite_access allow speedtest
  133. url_rewrite_access allow yt-rewrite !iphone !BB !Winphone !Android
  134. url_rewrite_access deny all
  135. url_rewrite_program /etc/squid/storerewrite.pl
  136. cache_peer 10.212.212.212 parent 8033 0 no-digest no-tproxy
  137. dead_peer_timeout 5 seconds
  138. cache_peer_access 10.212.212.212 allow speedtest
  139. cache_peer_access 10.212.212.212 deny all
  140. always_direct deny speedtest
  141. never_direct allow speedtest
  142. url_rewrite_children 2000 startup=30 idle=1
  143.  
  144. request_header_access Accept-Encoding deny yt-rewrite !iphone !BB !Winphone !Android
  145. #yt_quality: tiny = 144px small = 240px medium = 360px large = 480px HD720 = Hd720px
  146. ecap_enable on
  147. loadable_modules /usr/local/lib/ecap_adapter_modifying.so
  148. #ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying voctim="html5":true roplacement="html5":false
  149. ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying victim="enablejsapi" replacement="vq":"medium","enablejsapi"
  150. adaptation_access modif allow yt-rewrite !iphone !BB !Winphone !Android
  151. adaptation_access modif deny all
  152.  
  153. store_id_bypass off
  154. store_id_extras "%{Referer}>h"
  155. store_id_program /etc/squid/storeid.pl
  156. store_id_children 2000 startup=30 idle=1
  157. store_id_access allow tostoreid
  158. store_id_access deny all
  159.  
  160. store_miss deny youtube httptomiss
  161. send_hit deny youtube httptomiss
  162. store_miss deny youtube mimeplain
  163. send_hit deny youtube mimeplain
  164. store_miss deny mimehtml
  165. send_hit deny mimehtml
  166. store_miss deny urltomiss
  167. send_hit deny urltomiss
  168.  
  169. refresh_pattern -i ^(f|ht)tp.*(patch|update) 432000 100% 432000 override-expire override-lastmod reload-into-ims refresh-ims ignore-no-store ignore-must-revalidate ignore-private ignore-auth
  170. refresh_pattern -i ^(f|ht)tp.* 432000 100% 432000 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth
  171.  
  172. max_stale 100 years
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement