squid.conf

1. reply_header_access Alternate-Protocol deny all
2. reply_header_access Alt-Svc deny all
3.  
4. cache_dir aufs /cache 720000 21980 256
5. cache_mem 2 MB
6. cache_swap_high 95
7. cache_swap_low 90
8.  
9. cache_replacement_policy heap LFUDA
10. memory_replacement_policy heap GDSF
11.  
12. maximum_object_size 4096000 KB
13. maximum_object_size_in_memory 0 KB
14.  
15. cache_mgr [email protected]
16. visible_hostname cespun-proxy
17. strip_query_terms off
18. httpd_suppress_version_string on
19. log_mime_hdrs off
20. forwarded_for off
21. via off
22.  
23. max_filedescriptors 65536
24.  
25. fqdncache_size 4096
26. ipcache_size 4096
27. ipcache_high 95
28. ipcache_low 90
29.  
30. http_port 3128
31. http_port 3129 tproxy
32. #https_port 3127 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/warnet.pem
33. https_port 3127 tproxy ssl-bump generate-host-certificates=on cert=/etc/squid/ssl_cert/warnet.pem
34.  
35.  
36. qos_flows local-hit=0x30
37.  
38. acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
39. acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
40. acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
41. acl localnet src fc00::/7 # RFC 4193 local private network range
42. acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
43. acl SSL_ports port 443
44. acl Safe_ports port 80 # http
45. acl Safe_ports port 182 # http
46. acl Safe_ports port 21 # ftp
47. acl Safe_ports port 443 # https
48. acl Safe_ports port 70 # gopher
49. acl Safe_ports port 210 # wais
50. acl Safe_ports port 1025-65535 # unregistered ports
51. acl Safe_ports port 280 # http-mgmt
52. acl Safe_ports port 488 # gss-http
53. acl Safe_ports port 591 # filemaker
54. acl Safe_ports port 777 # multiling http
55.  
56. acl step1 at_step SslBump1
57. acl step2 at_step SslBump2
58. acl step3 at_step SslBump3
59. acl range206 req_header Range -i byte
60. acl iphone browser -i regexp (iPhone|iPad)
61. acl BB browser -i regexp (BlackBerry|PlayBook)
62. acl Winphone browser -i regexp (Windows.*Phone|Trident|IEMobile)
63. acl Android browser -i regexp Android
64. acl yt-rewrite url_regex -i ^https?\:\/\/(www|gaming)\.youtube\.com\/(watch\?v|embed|v)[=%&?\/]
65. acl speedtest url_regex -i ^http.*(speedtest|espeed|api\.ookla).*\/(speedtest\.swf|speedtest-long\.swf|latency\.txt|upload\.php|speedtest-config\.php|ipaddress\.php|random.*\.jpg)
66. acl youtube url_regex -i ^http.*(youtube|googlevideo|videoplayback|videogoodput)
67. acl urltomiss url_regex -i ^http.*(update|patch).*versi
68. acl urltomiss url_regex -i ^http.*versi.*(update|patch)
69. acl urltomiss url_regex -i ^http.*(update|patch|versi|version)\.ini
70. acl urltomiss url_regex -i ^http.*(antihack|xigncode|gameguard|captcha|\.aspx|\.html|\.shtml|\.xhtml|\.ini)
71. acl urltomiss url_regex -i ^http.*googlevideo\.com\/video(playback|goodput).*source[\&\=\?\/]yt_live
72. acl urltomiss url_regex -i ^http.*googleapis\.com\/game
73. acl patchpartial url_regex -i ^http.*patch.*garena
74. acl patchpartial url_regex -i ^http.*garena.*patch
75. acl httptomiss http_status 302
76. acl mimehtml rep_mime_type -i mime-type ^text/html
77. acl mimeplain rep_mime_type -i mime-type ^text/plain
78. acl tostoreid url_regex -i ^http.*(youtube|googlevideo|videoplayback|videogoodput)
79. acl tostoreid url_regex -i ^http.*(fbcdn|akamaihd)
80. acl tostoreid url_regex -i ^http.*c2lo\.reverbnation\.com\/audio_player\/ec_stream_song\/.*\?
81. acl tostoreid url_regex -i ^http.*\.c\.android\.clients\.google\.com\/market\/GetBinary\/GetBinary\/.*\/.*\?
82. acl tostoreid url_regex -i ^http.*datafilehost.*\/get\.php.*file\=.*
83. acl tostoreid url_regex -i ^http.*\.filehippo\.com\/.*\?
84. acl tostoreid url_regex -i ^http.*\.4shared\.com\/.*\/.*\/.*\/dlink.*preview.mp3
85. acl tostoreid url_regex -i ^http.*\.4shared\.com\/download\/.*\/.*\?tsid
86. acl tostoreid url_regex -i ^http.*steam(powered|content)
87. acl tostoreid url_regex -i ^http.*savefile\.co\:182\/.*\/.*\.(mp4|flv|3gp)
88. acl tostoreid url_regex -i ^http.*video\-http\.media\-imdb\.com\/.*\.mp4\?
89. acl tostoreid url_regex -i ^http.*\.dl\.sourceforge\.net
90. acl CONNECT method CONNECT
91. acl getmethod method GET
92.  
93. acl kendedes url_regex -i ^http.*kendedes\.uzone\.id
94. deny_info https://www.youtube.com kendedes
95. http_access deny kendedes
96.  
97. acl positif url_regex -i ^http.*internetposisif\.uzone\.id
98. deny_info http://10.212.212.212:8033/maksiat.jpg positif
99. http_access deny positif
100.  
101. acl blokir url_regex -i "/etc/squid/blokir.txt"
102. deny_info http://10.212.212.212:8033/maksiat.jpg blokir
103. http_access deny blokir
104.  
105. http_access deny !Safe_ports
106. http_access deny CONNECT !SSL_ports
107. http_access allow localhost manager
108. http_access deny manager
109. http_access allow localnet
110. http_access allow localhost
111. http_access deny all
112.  
113. range_offset_limit none range206 patchpartial
114. quick_abort_min 1 KB
115. quick_abort_max 1 KB
116. quick_abort_pct 95
117.  
118. cache deny speedtest
119. cache deny urltomiss
120. cache deny localhost
121. ssl_bump splice localhost
122. ssl_bump peek step1 all
123. ssl_bump bump all
124.  
125. sslproxy_cert_error allow all
126. sslproxy_flags DONT_VERIFY_PEER
127.  
128. #cache_log /dev/null
129. access_log /var/log/squid/access.log !CONNECT
130. netdb_filename none
131.  
132. url_rewrite_access allow speedtest
133. url_rewrite_access allow yt-rewrite !iphone !BB !Winphone !Android
134. url_rewrite_access deny all
135. url_rewrite_program /etc/squid/storerewrite.pl
136. cache_peer 10.212.212.212 parent 8033 0 no-digest no-tproxy
137. dead_peer_timeout 5 seconds
138. cache_peer_access 10.212.212.212 allow speedtest
139. cache_peer_access 10.212.212.212 deny all
140. always_direct deny speedtest
141. never_direct allow speedtest
142. url_rewrite_children 2000 startup=30 idle=1
143.  
144. request_header_access Accept-Encoding deny yt-rewrite !iphone !BB !Winphone !Android
145. #yt_quality: tiny = 144px small = 240px medium = 360px large = 480px HD720 = Hd720px
146. ecap_enable on
147. loadable_modules /usr/local/lib/ecap_adapter_modifying.so
148. #ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying voctim="html5":true roplacement="html5":false
149. ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying victim="enablejsapi" replacement="vq":"medium","enablejsapi"
150. adaptation_access modif allow yt-rewrite !iphone !BB !Winphone !Android
151. adaptation_access modif deny all
152.  
153. store_id_bypass off
154. store_id_extras "%{Referer}>h"
155. store_id_program /etc/squid/storeid.pl
156. store_id_children 2000 startup=30 idle=1
157. store_id_access allow tostoreid
158. store_id_access deny all
159.  
160. store_miss deny youtube httptomiss
161. send_hit deny youtube httptomiss
162. store_miss deny youtube mimeplain
163. send_hit deny youtube mimeplain
164. store_miss deny mimehtml
165. send_hit deny mimehtml
166. store_miss deny urltomiss
167. send_hit deny urltomiss
168.  
169. refresh_pattern -i ^(f|ht)tp.*(patch|update) 432000 100% 432000 override-expire override-lastmod reload-into-ims refresh-ims ignore-no-store ignore-must-revalidate ignore-private ignore-auth
170. refresh_pattern -i ^(f|ht)tp.* 432000 100% 432000 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth
171.  
172. max_stale 100 years