Advertisement
punces

new-squid.conf

Feb 13th, 2017
817
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.72 KB | None | 0 0
  1. dns_v4_first on
  2.  
  3. reply_header_access Alternate-Protocol deny all
  4. reply_header_access Alt-Svc deny all
  5.  
  6. refresh_all_ims on
  7. reload_into_ims on
  8.  
  9. #asumsi sisa hardisk 900Gban
  10. #(720000000/256/256)*2
  11. cache_dir aufs /cache 720000 21980 256
  12. cache_mem 2 MB
  13. cache_swap_high 95
  14. cache_swap_low 90
  15.  
  16. cache_replacement_policy heap LFUDA
  17. memory_replacement_policy heap GDSF
  18.  
  19. maximum_object_size 4096000 KB
  20. maximum_object_size_in_memory 0 KB
  21.  
  22. cache_mgr cespun@gmail.com
  23. visible_hostname cespun-proxy
  24. strip_query_terms off
  25. httpd_suppress_version_string on
  26. log_mime_hdrs off
  27. forwarded_for off
  28. via off
  29.  
  30. coredump_dir /var/log/squid
  31. logfile_rotate 1
  32.  
  33. max_filedescriptors 65536
  34.  
  35. fqdncache_size 4096
  36. ipcache_size 4096
  37. ipcache_high 95
  38. ipcache_low 90
  39.  
  40. http_port 3128
  41. http_port 3129 tproxy
  42. #https_port 3127 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/warnet.pem
  43. https_port 3127 tproxy ssl-bump generate-host-certificates=on cert=/etc/squid/ssl_cert/warnet.pem
  44.  
  45.  
  46. qos_flows local-hit=0x30
  47.  
  48. acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
  49. acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
  50. acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
  51. acl localnet src fc00::/7 # RFC 4193 local private network range
  52. acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
  53. acl SSL_ports port 443
  54. acl Safe_ports port 80 # http
  55. acl Safe_ports port 182 # http
  56. acl Safe_ports port 21 # ftp
  57. acl Safe_ports port 443 # https
  58. acl Safe_ports port 70 # gopher
  59. acl Safe_ports port 210 # wais
  60. acl Safe_ports port 1025-65535 # unregistered ports
  61. acl Safe_ports port 280 # http-mgmt
  62. acl Safe_ports port 488 # gss-http
  63. acl Safe_ports port 591 # filemaker
  64. acl Safe_ports port 777 # multiling http
  65. acl PURGE method PURGE
  66. acl step1 at_step SslBump1
  67. acl step2 at_step SslBump2
  68. acl step3 at_step SslBump3
  69. acl range206 req_header Range -i byte
  70. acl iphone browser -i regexp (iPhone|iPad)
  71. acl BB browser -i regexp (BlackBerry|PlayBook)
  72. acl Winphone browser -i regexp (Windows.*Phone|Trident|IEMobile)
  73. acl Android browser -i regexp Android
  74. acl yt-rewrite url_regex -i ^https?\:\/\/(www|gaming)\.youtube\.com\/(watch\?v|embed|v)[=%&?\/]
  75. acl youtube url_regex -i ^http.*(youtube|googlevideo|videoplayback|videogoodput)
  76. acl urltomiss url_regex -i ^http.*(update|patch).*versi
  77. acl urltomiss url_regex -i ^http.*versi.*(update|patch)
  78. acl urltomiss url_regex -i ^http.*(update|patch|versi|version)\.ini
  79. acl urltomiss url_regex -i ^http.*(hsupdate|antihack|xigncode|gameguard|captcha|gameid|game_id|idgame|id_game|launcher|\.aspx|\.html|\.shtml|\.xhtml|\.ini)
  80. acl urltomiss url_regex -i ^http.*googlevideo\.com\/video(playback|goodput).*source[\&\=\?\/]yt_live
  81. acl urltomiss url_regex -i ^http.*googleapis\.com\/game
  82. acl patchpartial url_regex -i ^http.*patch.*garena
  83. acl patchpartial url_regex -i ^http.*garena.*patch
  84. acl httptomiss http_status 302
  85. acl mimehtml rep_mime_type -i mime-type ^text/html
  86. acl mimeplain rep_mime_type -i mime-type ^text/plain
  87. acl tostoreid url_regex -i ^http.*(youtube|googlevideo|videoplayback|videogoodput)
  88. acl tostoreid url_regex -i ^http.*(fbcdn|akamaihd)
  89. acl tostoreid url_regex -i ^http.*c2lo\.reverbnation\.com\/audio_player\/ec_stream_song\/.*\?
  90. acl tostoreid url_regex -i ^http.*\.c\.android\.clients\.google\.com\/market\/GetBinary\/GetBinary\/.*\/.*\?
  91. acl tostoreid url_regex -i ^http.*datafilehost.*\/get\.php.*file\=.*
  92. acl tostoreid url_regex -i ^http.*\.filehippo\.com\/.*\?
  93. acl tostoreid url_regex -i ^http.*\.4shared\.com\/.*\/.*\/.*\/dlink.*preview.mp3
  94. acl tostoreid url_regex -i ^http.*\.4shared\.com\/download\/.*\/.*\?tsid
  95. acl tostoreid url_regex -i ^http.*steam(powered|content)
  96. acl tostoreid url_regex -i ^http.*savefile\.co\:182\/.*\/.*\.(mp4|flv|3gp)
  97. acl tostoreid url_regex -i ^http.*video\-http\.media\-imdb\.com\/.*\.mp4\?
  98. acl tostoreid url_regex -i ^http.*\.dl\.sourceforge\.net
  99. acl speedtest url_regex -i ^http.*([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|speedtest|espeed|api\.ookla).*\/(speedtest\.swf|speedtest-long\.swf|latency\.txt|upload\.php|speedtest-config\.php|ipaddress\.php|random.*\.jpg)
  100. acl blokir url_regex -i ^http.*kendedes\.uzone\.id
  101. acl blokir url_regex -i ^http.*internetpositif\.uzone\.id
  102.  
  103. acl CONNECT method CONNECT
  104. acl getmethod method GET
  105.  
  106. deny_info http://103.80.80.246 blokir
  107. http_access deny blokir
  108.  
  109. http_access deny !Safe_ports
  110. http_access deny CONNECT !SSL_ports
  111. http_access allow localhost manager
  112. http_access deny manager
  113. http_access allow localhost purge
  114. http_access deny purge
  115. http_access allow localnet
  116. http_access allow localhost
  117. http_access deny all
  118.  
  119. access_log /var/log/squid/access.log !CONNECT
  120. #access_log none
  121.  
  122. range_offset_limit none range206 patchpartial
  123. range_offset_limit 128 KB range206 !patchpartial
  124. quick_abort_min 1 KB
  125. quick_abort_max 1 KB
  126. quick_abort_pct 95
  127.  
  128. cache deny speedtest
  129. cache deny urltomiss
  130. cache deny localhost
  131. ssl_bump splice localhost
  132. ssl_bump peek step1 all
  133. ssl_bump bump all
  134.  
  135. cache_peer 10.212.212.212 parent 8033 0 no-digest no-tproxy
  136. dead_peer_timeout 5 seconds
  137. cache_peer_access 10.212.212.212 allow speedtest
  138. cache_peer_access 10.212.212.212 deny all
  139. always_direct deny speedtest
  140. never_direct allow speedtest
  141.  
  142. url_rewrite_access allow yt-rewrite !iphone !BB !Winphone !Android
  143. url_rewrite_access deny all
  144. url_rewrite_program /etc/squid/storerewrite.pl
  145. url_rewrite_children 2000 startup=30 idle=1
  146.  
  147. request_header_access Accept-Encoding deny yt-rewrite !iphone !BB !Winphone !Android
  148. #yt_quality: tiny = 144px small = 240px medium = 360px large = 480px HD720 = Hd720px
  149. ecap_enable on
  150. loadable_modules /usr/local/lib/ecap_adapter_modifying.so
  151. #ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying voctim="html5":true roplacement="html5":false
  152. ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying victim="enablejsapi" replacement="dash":"0","vq":"medium","enablejsapi"
  153. adaptation_access modif allow yt-rewrite !iphone !BB !Winphone !Android
  154. adaptation_access modif deny all
  155.  
  156. store_id_bypass off
  157. store_id_extras "%{Referer}>h"
  158. store_id_program /etc/squid/storeid.pl
  159. store_id_children 2000 startup=30 idle=1
  160. store_id_access allow tostoreid
  161. store_id_access deny all
  162.  
  163. store_miss deny youtube httptomiss
  164. send_hit deny youtube httptomiss
  165. store_miss deny youtube mimeplain
  166. send_hit deny youtube mimeplain
  167. store_miss deny mimehtml
  168. send_hit deny mimehtml
  169. store_miss deny urltomiss
  170. send_hit deny urltomiss
  171. store_miss deny speedtest
  172. send_hit deny speedtest
  173.  
  174. refresh_pattern -i .* 0 90% 432000 override-expire override-lastmod reload-into-ims refresh-ims ignore-no-store ignore-must-revalidate ignore-private ignore-auth
  175.  
  176. max_stale 100 years
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement