#=============================================
# SQUID - FATHAYU
#=============================================
http_port 3128 transparent
server_http11 on
pid_filename /var/run/squid.pid
coredump_dir /var/spool/squid/
error_directory /usr/share/squid/errors/English
icon_directory /usr/share/squid/icons
mime_table /etc/squid/mime.conf
cache_mem 512 MB
maximum_object_size_in_memory 0 bytes
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
minimum_object_size 0 KB
maximum_object_size 1024 MB
cache_swap_low 97
cache_swap_high 99
#=============================================
# Cache Directory
#=============================================
cache_dir aufs /cache1 30000 16 256
cache_dir aufs /cache2 30000 16 256
cache_dir aufs /cache3 24000 16 256
#=============================================
# Lusca Log Options
#=============================================
access_log daemon:/var/log/squid/access.log squid
cache_log none
referer_log /var/log/squid/referer.log
cache_store_log none
store_dir_select_algorithm round-robin
logfile_daemon /usr/lib/squid/logfile-daemon
logfile_rotate 1
#=============================================
# ACL Access Control
#=============================================
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src 125.165.92.1 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl purge method PURGE
acl snmppublic snmp_community public
uri_whitespace strip
#=============================================
# Range HIT Soultions
#=============================================
range_offset_limit 1 KB
#=============================================
# Rules to block few Advertising sites
#=============================================
acl ads url_regex -i .youtube\.com\/ad_frame?
acl ads url_regex -i .(s|s[0-90-9])\.youtube\.com
acl ads url_regex -i .googlesyndication\.com
acl ads url_regex -i .doubleclick\.net
acl ads url_regex -i ^http:\/\/googleads\.*
acl ads url_regex -i ^http:\/\/(ad|ads|ads[0-90-9]|ads\d|kad|a[b|d]|ad\d|adserver|adsbox)\.[a-z0-9]*\.[a-z][a-z]*
acl ads url_regex -i ^http:\/\/openx\.[a-z0-9]*\.[a-z][a-z]*
acl ads url_regex -i ^http:\/\/[a-z0-9]*\.openx\.net\/
acl ads url_regex -i ^http:\/\/[a-z0-9]*\.u-ad\.info\/
acl ads url_regex -i ^http:\/\/adserver\.bs\/
acl ads url_regex -i !^http:\/\/adf\.ly
acl ads url_regex -i .yimg|adbrite|adclick|adfarm|adrevolver|adserver|adtech|advert|atdmt|atwola|banner|bizrate|blogads|bluestreak|burstnet|casalemedia|coremetrics|doubleclick|falkag|fastclick|feedstermedia|googlesyndication|hitbox|httpads|imiclk|intellitxt|js\.overture|kanoodle|kontera|mediaplex|nextag|pointroll|qksrv|rightmedia|speedera|statcounter|tribalfusion|webtrends\/
http_access deny ads
http_reply_access deny ads
#deny_info http://yoursite/yourad,htm ads
#=============================================
# Query Youtube
#=============================================
strip_query_terms off
acl yutub url_regex -i .*youtube\.com\/.*$
acl yutub url_regex -i .*youtu\.be\/.*$
logformat squid1 %{Referer}>h %ru
access_log /var/log/squid/yt.log squid1 yutub
#=============================================
# Custom Option REWRITE
#=============================================
acl store_rewrite_list urlpath_regex \/(get_video\?|videodownload\?|videoplayback.*id)
acl store_rewrite_list urlpath_regex \.(mp2|mp3|mid|midi|mp[234]|wav|ram|ra|rm|au|3gp|m4r|m4a)\?
acl store_rewrite_list urlpath_regex \.(mpg|mpeg|mp4|m4v|mov|avi|asf|wmv|wma|dat|flv|swf)\?
acl store_rewrite_list urlpath_regex \.(jpeg|jpg|jpe|jp2|gif|tiff?|pcx|png|bmp|pic|ico)\?
acl store_rewrite_list urlpath_regex \.(chm|dll|doc|docx|xls|xlsx|ppt|pptx|pps|ppsx|mdb|mdbx)\?
acl store_rewrite_list urlpath_regex \.(txt|conf|cfm|psd|wmf|emf|vsd|pdf|rtf|odt)\?
acl store_rewrite_list urlpath_regex \.(class|jar|exe|gz|bz|bz2|tar|tgz|zip|gzip|arj|ace|bin|cab|msi|rar)\?
acl store_rewrite_list urlpath_regex \.(htm|html|mhtml|css|js)\?
acl store_rewrite_list_web url_regex ^http:\/\/([A-Za-z-]+[0-9]+)*\.[A-Za-z]*\.[A-Za-z]*
acl store_rewrite_list_web_CDN url_regex ^http:\/\/[a-z]+[0-9]\.google\.com doubleclick\.net
acl store_rewrite_list_path urlpath_regex \.(mp2|mp3|mid|midi|mp[234]|wav|ram|ra|rm|au|3gp|m4r|m4a)$
acl store_rewrite_list_path urlpath_regex \.(mpg|mpeg|mp4|m4v|mov|avi|asf|wmv|wma|dat|flv|swf)$
acl store_rewrite_list_path urlpath_regex \.(jpeg|jpg|jpe|jp2|gif|tiff?|pcx|png|bmp|pic|ico)$
acl store_rewrite_list_path urlpath_regex \.(chm|dll|doc|docx|xls|xlsx|ppt|pptx|pps|ppsx|mdb|mdbx)$
acl store_rewrite_list_path urlpath_regex \.(txt|conf|cfm|psd|wmf|emf|vsd|pdf|rtf|odt)$
acl store_rewrite_list_path urlpath_regex \.(class|jar|exe|gz|bz|bz2|tar|tgz|zip|gzip|arj|ace|bin|cab|msi|rar)$
acl store_rewrite_list_path urlpath_regex \.(htm|html|mhtml|css|js)$
acl getmethod method GET
storeurl_access deny !getmethod
#this is not related to youtube video its only for CDN pictures
storeurl_access allow store_rewrite_list_web_CDN
storeurl_access allow store_rewrite_list_web store_rewrite_list_path
storeurl_access allow store_rewrite_list
storeurl_access deny all
#file location storeurl.pl script
storeurl_rewrite_program /etc/squid/storeurl.pl
storeurl_rewrite_children 4
storeurl_rewrite_concurrency 10
#=============================================
# Custom Option REFRESH PATTERN
#=============================================
# Youtube
refresh_pattern -i (get_video\?|videoplayback\?|videodownload\?) 525600 99% 99999 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims ignore-stale-while-revalidate ignore-auth negative-ttl=0
# Extension
refresh_pattern -i \.(mp2|mp3|mid|midi|mp[234]|wav|ram|ra|rm|au|3gp|m4r|m4a)(\?.*|$) 4320 100% 43200 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims ignore-stale-while-revalidate ignore-auth negative-ttl=0
refresh_pattern -i \.(mpg|mpeg|mp4|m4v|mov|avi|asf|wmv|wma|dat|flv|swf)(\?.*|$) 4320 100% 43200 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims ignore-stale-while-revalidate ignore-auth negative-ttl=0
refresh_pattern -i \.(jpeg|jpg|jpe|jp2|gif|tiff?|pcx|png|bmp|pic|ico)(\?.*|$) 4320 100% 43200 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims ignore-stale-while-revalidate ignore-auth negative-ttl=0
refresh_pattern -i \.(chm|dll|doc|docx|xls|xlsx|ppt|pptx|pps|ppsx|mdb|mdbx)(\?.*|$) 4320 100% 43200 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims ignore-stale-while-revalidate ignore-auth negative-ttl=0
refresh_pattern -i \.(txt|conf|cfm|psd|wmf|emf|vsd|pdf|rtf|odt|dat)(\?.*|$) 4320 100% 43200 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims ignore-stale-while-revalidate ignore-auth negative-ttl=0
refresh_pattern -i \.(class|jar|exe|gz|bz|bz2|tar|tgz|zip|gzip|arj|ace|bin|cab|msi|rar)(\?.*|$) 4320 100% 43200 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims ignore-stale-while-revalidate ignore-auth negative-ttl=0
# Web Page
refresh_pattern -i \.(htm|html|mhtml|css|js)(\?.*|$) 1440 90% 86400 reload-into-ims
# General
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
#=============================================
# http_access
#=============================================
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow all
http_access deny all
icp_access allow localnet
icp_access deny all
icp_port 0
buffered_logs on
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
forwarded_for off
#=============================================
# Header Access Control
#=============================================
header_access From deny all
header_access Server deny all
header_access Link deny all
header_access Via deny all
header_access X-Forwarded-For deny all
httpd_suppress_version_string on
shutdown_lifetime 10 seconds
snmp_port 3401
snmp_access allow snmppublic all
dns_timeout 1 minutes
#=============================================
# DNS
#=============================================
dns_nameservers 8.8.8.8 8.8.4.4
#=============================================
# Accelerator
#=============================================
fqdncache_size 16384
ipcache_size 16384
ipcache_low 97
ipcache_high 99
log_fqdn off
memory_pools off
maximum_single_addr_tries 2
retry_on_error on
icp_hit_stale on
strip_query_terms on
query_icmp on
reload_into_ims on
emulate_httpd_log off
negative_ttl 0 seconds
pipeline_prefetch on
vary_ignore_expire on
half_closed_clients off
high_page_fault_warning 2
nonhierarchical_direct on
prefer_direct off
client_db on
max_filedescriptors 8192
#=============================================
# Administrative Parameters
#=============================================
cache_mgr fathayu@gmail.com
cache_effective_user proxy
cache_effective_group proxy
visible_hostname proxy.fathayu.com
unique_hostname fathayu.com
cachemgr_passwd none all
#=============================================
# ZPH Option
#=============================================
zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136
# SQUID - FATHAYU
#=============================================
http_port 3128 transparent
server_http11 on
pid_filename /var/run/squid.pid
coredump_dir /var/spool/squid/
error_directory /usr/share/squid/errors/English
icon_directory /usr/share/squid/icons
mime_table /etc/squid/mime.conf
cache_mem 512 MB
maximum_object_size_in_memory 0 bytes
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
minimum_object_size 0 KB
maximum_object_size 1024 MB
cache_swap_low 97
cache_swap_high 99
#=============================================
# Cache Directory
#=============================================
cache_dir aufs /cache1 30000 16 256
cache_dir aufs /cache2 30000 16 256
cache_dir aufs /cache3 24000 16 256
#=============================================
# Lusca Log Options
#=============================================
access_log daemon:/var/log/squid/access.log squid
cache_log none
referer_log /var/log/squid/referer.log
cache_store_log none
store_dir_select_algorithm round-robin
logfile_daemon /usr/lib/squid/logfile-daemon
logfile_rotate 1
#=============================================
# ACL Access Control
#=============================================
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src 125.165.92.1 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl purge method PURGE
acl snmppublic snmp_community public
uri_whitespace strip
#=============================================
# Range HIT Soultions
#=============================================
range_offset_limit 1 KB
#=============================================
# Rules to block few Advertising sites
#=============================================
acl ads url_regex -i .youtube\.com\/ad_frame?
acl ads url_regex -i .(s|s[0-90-9])\.youtube\.com
acl ads url_regex -i .googlesyndication\.com
acl ads url_regex -i .doubleclick\.net
acl ads url_regex -i ^http:\/\/googleads\.*
acl ads url_regex -i ^http:\/\/(ad|ads|ads[0-90-9]|ads\d|kad|a[b|d]|ad\d|adserver|adsbox)\.[a-z0-9]*\.[a-z][a-z]*
acl ads url_regex -i ^http:\/\/openx\.[a-z0-9]*\.[a-z][a-z]*
acl ads url_regex -i ^http:\/\/[a-z0-9]*\.openx\.net\/
acl ads url_regex -i ^http:\/\/[a-z0-9]*\.u-ad\.info\/
acl ads url_regex -i ^http:\/\/adserver\.bs\/
acl ads url_regex -i !^http:\/\/adf\.ly
acl ads url_regex -i .yimg|adbrite|adclick|adfarm|adrevolver|adserver|adtech|advert|atdmt|atwola|banner|bizrate|blogads|bluestreak|burstnet|casalemedia|coremetrics|doubleclick|falkag|fastclick|feedstermedia|googlesyndication|hitbox|httpads|imiclk|intellitxt|js\.overture|kanoodle|kontera|mediaplex|nextag|pointroll|qksrv|rightmedia|speedera|statcounter|tribalfusion|webtrends\/
http_access deny ads
http_reply_access deny ads
#deny_info http://yoursite/yourad,htm ads
#=============================================
# Query Youtube
#=============================================
strip_query_terms off
acl yutub url_regex -i .*youtube\.com\/.*$
acl yutub url_regex -i .*youtu\.be\/.*$
logformat squid1 %{Referer}>h %ru
access_log /var/log/squid/yt.log squid1 yutub
#=============================================
# Custom Option REWRITE
#=============================================
acl store_rewrite_list urlpath_regex \/(get_video\?|videodownload\?|videoplayback.*id)
acl store_rewrite_list urlpath_regex \.(mp2|mp3|mid|midi|mp[234]|wav|ram|ra|rm|au|3gp|m4r|m4a)\?
acl store_rewrite_list urlpath_regex \.(mpg|mpeg|mp4|m4v|mov|avi|asf|wmv|wma|dat|flv|swf)\?
acl store_rewrite_list urlpath_regex \.(jpeg|jpg|jpe|jp2|gif|tiff?|pcx|png|bmp|pic|ico)\?
acl store_rewrite_list urlpath_regex \.(chm|dll|doc|docx|xls|xlsx|ppt|pptx|pps|ppsx|mdb|mdbx)\?
acl store_rewrite_list urlpath_regex \.(txt|conf|cfm|psd|wmf|emf|vsd|pdf|rtf|odt)\?
acl store_rewrite_list urlpath_regex \.(class|jar|exe|gz|bz|bz2|tar|tgz|zip|gzip|arj|ace|bin|cab|msi|rar)\?
acl store_rewrite_list urlpath_regex \.(htm|html|mhtml|css|js)\?
acl store_rewrite_list_web url_regex ^http:\/\/([A-Za-z-]+[0-9]+)*\.[A-Za-z]*\.[A-Za-z]*
acl store_rewrite_list_web_CDN url_regex ^http:\/\/[a-z]+[0-9]\.google\.com doubleclick\.net
acl store_rewrite_list_path urlpath_regex \.(mp2|mp3|mid|midi|mp[234]|wav|ram|ra|rm|au|3gp|m4r|m4a)$
acl store_rewrite_list_path urlpath_regex \.(mpg|mpeg|mp4|m4v|mov|avi|asf|wmv|wma|dat|flv|swf)$
acl store_rewrite_list_path urlpath_regex \.(jpeg|jpg|jpe|jp2|gif|tiff?|pcx|png|bmp|pic|ico)$
acl store_rewrite_list_path urlpath_regex \.(chm|dll|doc|docx|xls|xlsx|ppt|pptx|pps|ppsx|mdb|mdbx)$
acl store_rewrite_list_path urlpath_regex \.(txt|conf|cfm|psd|wmf|emf|vsd|pdf|rtf|odt)$
acl store_rewrite_list_path urlpath_regex \.(class|jar|exe|gz|bz|bz2|tar|tgz|zip|gzip|arj|ace|bin|cab|msi|rar)$
acl store_rewrite_list_path urlpath_regex \.(htm|html|mhtml|css|js)$
acl getmethod method GET
storeurl_access deny !getmethod
#this is not related to youtube video its only for CDN pictures
storeurl_access allow store_rewrite_list_web_CDN
storeurl_access allow store_rewrite_list_web store_rewrite_list_path
storeurl_access allow store_rewrite_list
storeurl_access deny all
#file location storeurl.pl script
storeurl_rewrite_program /etc/squid/storeurl.pl
storeurl_rewrite_children 4
storeurl_rewrite_concurrency 10
#=============================================
# Custom Option REFRESH PATTERN
#=============================================
# Youtube
refresh_pattern -i (get_video\?|videoplayback\?|videodownload\?) 525600 99% 99999 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims ignore-stale-while-revalidate ignore-auth negative-ttl=0
# Extension
refresh_pattern -i \.(mp2|mp3|mid|midi|mp[234]|wav|ram|ra|rm|au|3gp|m4r|m4a)(\?.*|$) 4320 100% 43200 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims ignore-stale-while-revalidate ignore-auth negative-ttl=0
refresh_pattern -i \.(mpg|mpeg|mp4|m4v|mov|avi|asf|wmv|wma|dat|flv|swf)(\?.*|$) 4320 100% 43200 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims ignore-stale-while-revalidate ignore-auth negative-ttl=0
refresh_pattern -i \.(jpeg|jpg|jpe|jp2|gif|tiff?|pcx|png|bmp|pic|ico)(\?.*|$) 4320 100% 43200 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims ignore-stale-while-revalidate ignore-auth negative-ttl=0
refresh_pattern -i \.(chm|dll|doc|docx|xls|xlsx|ppt|pptx|pps|ppsx|mdb|mdbx)(\?.*|$) 4320 100% 43200 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims ignore-stale-while-revalidate ignore-auth negative-ttl=0
refresh_pattern -i \.(txt|conf|cfm|psd|wmf|emf|vsd|pdf|rtf|odt|dat)(\?.*|$) 4320 100% 43200 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims ignore-stale-while-revalidate ignore-auth negative-ttl=0
refresh_pattern -i \.(class|jar|exe|gz|bz|bz2|tar|tgz|zip|gzip|arj|ace|bin|cab|msi|rar)(\?.*|$) 4320 100% 43200 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims ignore-stale-while-revalidate ignore-auth negative-ttl=0
# Web Page
refresh_pattern -i \.(htm|html|mhtml|css|js)(\?.*|$) 1440 90% 86400 reload-into-ims
# General
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
#=============================================
# http_access
#=============================================
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow all
http_access deny all
icp_access allow localnet
icp_access deny all
icp_port 0
buffered_logs on
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
forwarded_for off
#=============================================
# Header Access Control
#=============================================
header_access From deny all
header_access Server deny all
header_access Link deny all
header_access Via deny all
header_access X-Forwarded-For deny all
httpd_suppress_version_string on
shutdown_lifetime 10 seconds
snmp_port 3401
snmp_access allow snmppublic all
dns_timeout 1 minutes
#=============================================
# DNS
#=============================================
dns_nameservers 8.8.8.8 8.8.4.4
#=============================================
# Accelerator
#=============================================
fqdncache_size 16384
ipcache_size 16384
ipcache_low 97
ipcache_high 99
log_fqdn off
memory_pools off
maximum_single_addr_tries 2
retry_on_error on
icp_hit_stale on
strip_query_terms on
query_icmp on
reload_into_ims on
emulate_httpd_log off
negative_ttl 0 seconds
pipeline_prefetch on
vary_ignore_expire on
half_closed_clients off
high_page_fault_warning 2
nonhierarchical_direct on
prefer_direct off
client_db on
max_filedescriptors 8192
#=============================================
# Administrative Parameters
#=============================================
cache_mgr fathayu@gmail.com
cache_effective_user proxy
cache_effective_group proxy
visible_hostname proxy.fathayu.com
unique_hostname fathayu.com
cachemgr_passwd none all
#=============================================
# ZPH Option
#=============================================
zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136
Tidak ada komentar:
Posting Komentar