new-squid.conf

1. dns_v4_first on
2.  
3. reply_header_access Alternate-Protocol deny all
4. reply_header_access Alt-Svc deny all
5.  
6. refresh_all_ims on
7. reload_into_ims on
8.  
9. #asumsi sisa hardisk 900Gban
10. #(720000000/256/256)*2
11. cache_dir aufs /cache 720000 21980 256
12. cache_mem 2 MB
13. cache_swap_high 95
14. cache_swap_low 90
15.  
16. cache_replacement_policy heap LFUDA
17. memory_replacement_policy heap GDSF
18.  
19. maximum_object_size 4096000 KB
20. maximum_object_size_in_memory 0 KB
21.  
22. cache_mgr cespun@gmail.com
23. visible_hostname cespun-proxy
24. strip_query_terms off
25. httpd_suppress_version_string on
26. log_mime_hdrs off
27. forwarded_for off
28. via off
29.  
30. coredump_dir /var/log/squid
31. logfile_rotate 1
32.  
33. max_filedescriptors 65536
34.  
35. fqdncache_size 4096
36. ipcache_size 4096
37. ipcache_high 95
38. ipcache_low 90
39.  
40. http_port 3128
41. http_port 3129 tproxy
42. #https_port 3127 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/warnet.pem
43. https_port 3127 tproxy ssl-bump generate-host-certificates=on cert=/etc/squid/ssl_cert/warnet.pem
44.  
45.  
46. qos_flows local-hit=0x30
47.  
48. acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
49. acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
50. acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
51. acl localnet src fc00::/7 # RFC 4193 local private network range
52. acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
53. acl SSL_ports port 443
54. acl Safe_ports port 80 # http
55. acl Safe_ports port 182 # http
56. acl Safe_ports port 21 # ftp
57. acl Safe_ports port 443 # https
58. acl Safe_ports port 70 # gopher
59. acl Safe_ports port 210 # wais
60. acl Safe_ports port 1025-65535 # unregistered ports
61. acl Safe_ports port 280 # http-mgmt
62. acl Safe_ports port 488 # gss-http
63. acl Safe_ports port 591 # filemaker
64. acl Safe_ports port 777 # multiling http
65. acl PURGE method PURGE
66. acl step1 at_step SslBump1
67. acl step2 at_step SslBump2
68. acl step3 at_step SslBump3
69. acl range206 req_header Range -i byte
70. acl iphone browser -i regexp (iPhone|iPad)
71. acl BB browser -i regexp (BlackBerry|PlayBook)
72. acl Winphone browser -i regexp (Windows.*Phone|Trident|IEMobile)
73. acl Android browser -i regexp Android
74. acl yt-rewrite url_regex -i ^https?\:\/\/(www|gaming)\.youtube\.com\/(watch\?v|embed|v)[=%&?\/]
75. acl youtube url_regex -i ^http.*(youtube|googlevideo|videoplayback|videogoodput)
76. acl urltomiss url_regex -i ^http.*(update|patch).*versi
77. acl urltomiss url_regex -i ^http.*versi.*(update|patch)
78. acl urltomiss url_regex -i ^http.*(update|patch|versi|version)\.ini
79. acl urltomiss url_regex -i ^http.*(hsupdate|antihack|xigncode|gameguard|captcha|gameid|game_id|idgame|id_game|launcher|\.aspx|\.html|\.shtml|\.xhtml|\.ini)
80. acl urltomiss url_regex -i ^http.*googlevideo\.com\/video(playback|goodput).*source[\&\=\?\/]yt_live
81. acl urltomiss url_regex -i ^http.*googleapis\.com\/game
82. acl patchpartial url_regex -i ^http.*patch.*garena
83. acl patchpartial url_regex -i ^http.*garena.*patch
84. acl httptomiss http_status 302
85. acl mimehtml rep_mime_type -i mime-type ^text/html
86. acl mimeplain rep_mime_type -i mime-type ^text/plain
87. acl tostoreid url_regex -i ^http.*(youtube|googlevideo|videoplayback|videogoodput)
88. acl tostoreid url_regex -i ^http.*(fbcdn|akamaihd)
89. acl tostoreid url_regex -i ^http.*c2lo\.reverbnation\.com\/audio_player\/ec_stream_song\/.*\?
90. acl tostoreid url_regex -i ^http.*\.c\.android\.clients\.google\.com\/market\/GetBinary\/GetBinary\/.*\/.*\?
91. acl tostoreid url_regex -i ^http.*datafilehost.*\/get\.php.*file\=.*
92. acl tostoreid url_regex -i ^http.*\.filehippo\.com\/.*\?
93. acl tostoreid url_regex -i ^http.*\.4shared\.com\/.*\/.*\/.*\/dlink.*preview.mp3
94. acl tostoreid url_regex -i ^http.*\.4shared\.com\/download\/.*\/.*\?tsid
95. acl tostoreid url_regex -i ^http.*steam(powered|content)
96. acl tostoreid url_regex -i ^http.*savefile\.co\:182\/.*\/.*\.(mp4|flv|3gp)
97. acl tostoreid url_regex -i ^http.*video\-http\.media\-imdb\.com\/.*\.mp4\?
98. acl tostoreid url_regex -i ^http.*\.dl\.sourceforge\.net
99. acl speedtest url_regex -i ^http.*([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|speedtest|espeed|api\.ookla).*\/(speedtest\.swf|speedtest-long\.swf|latency\.txt|upload\.php|speedtest-config\.php|ipaddress\.php|random.*\.jpg)
100. acl blokir url_regex -i ^http.*kendedes\.uzone\.id
101. acl blokir url_regex -i ^http.*internetpositif\.uzone\.id
102.  
103. acl CONNECT method CONNECT
104. acl getmethod method GET
105.  
106. deny_info http://103.80.80.246 blokir
107. http_access deny blokir
108.  
109. http_access deny !Safe_ports
110. http_access deny CONNECT !SSL_ports
111. http_access allow localhost manager
112. http_access deny manager
113. http_access allow localhost purge
114. http_access deny purge
115. http_access allow localnet
116. http_access allow localhost
117. http_access deny all
118.  
119. access_log /var/log/squid/access.log !CONNECT
120. #access_log none
121.  
122. range_offset_limit none range206 patchpartial
123. range_offset_limit 128 KB range206 !patchpartial
124. quick_abort_min 1 KB
125. quick_abort_max 1 KB
126. quick_abort_pct 95
127.  
128. cache deny speedtest
129. cache deny urltomiss
130. cache deny localhost
131. ssl_bump splice localhost
132. ssl_bump peek step1 all
133. ssl_bump bump all
134.  
135. cache_peer 10.212.212.212 parent 8033 0 no-digest no-tproxy
136. dead_peer_timeout 5 seconds
137. cache_peer_access 10.212.212.212 allow speedtest
138. cache_peer_access 10.212.212.212 deny all
139. always_direct deny speedtest
140. never_direct allow speedtest
141.  
142. url_rewrite_access allow yt-rewrite !iphone !BB !Winphone !Android
143. url_rewrite_access deny all
144. url_rewrite_program /etc/squid/storerewrite.pl
145. url_rewrite_children 2000 startup=30 idle=1
146.  
147. request_header_access Accept-Encoding deny yt-rewrite !iphone !BB !Winphone !Android
148. #yt_quality: tiny = 144px small = 240px medium = 360px large = 480px HD720 = Hd720px
149. ecap_enable on
150. loadable_modules /usr/local/lib/ecap_adapter_modifying.so
151. #ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying voctim="html5":true roplacement="html5":false
152. ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying victim="enablejsapi" replacement="dash":"0","vq":"medium","enablejsapi"
153. adaptation_access modif allow yt-rewrite !iphone !BB !Winphone !Android
154. adaptation_access modif deny all
155.  
156. store_id_bypass off
157. store_id_extras "%{Referer}>h"
158. store_id_program /etc/squid/storeid.pl
159. store_id_children 2000 startup=30 idle=1
160. store_id_access allow tostoreid
161. store_id_access deny all
162.  
163. store_miss deny youtube httptomiss
164. send_hit deny youtube httptomiss
165. store_miss deny youtube mimeplain
166. send_hit deny youtube mimeplain
167. store_miss deny mimehtml
168. send_hit deny mimehtml
169. store_miss deny urltomiss
170. send_hit deny urltomiss
171. store_miss deny speedtest
172. send_hit deny speedtest
173.  
174. refresh_pattern -i .* 0 90% 432000 override-expire override-lastmod reload-into-ims refresh-ims ignore-no-store ignore-must-revalidate ignore-private ignore-auth
175.  
176. max_stale 100 years