--prefix=/usr \
--exec-prefix=/usr/ \
--bindir=/usr/sbin \
--sysconfdir=/etc/squid \
--enable-delay-pools \
--enable-cache-diggests \
--enable-poll \
--disable-ident-lookups \
--enable-async-io \
--enable-auth-modules \
--enable-removal-policies \
--enable-snmp \
--disable-ident-lookups \
--disable-hostname-checks \
--enable-storeio=diskd,aufs \
--disable-wccpv2 \
--enable-kill-parent-hack \
--enable-default-err-languages=English --enable-err-languages=English \
--enable-linux-netfilter
make; make install
useradd squid -g squid -d /dev/null -s /nonexistent
chown squid:squid cache/
chown squid:squid /var/log/squid/access.logs
#####################################
# HIGH ANONYMOUS (ELITE) SQUID PROXY #
# Server: squid/3.1.0.17 #
# Last-Modified: 15 Apr 2010 #
# Status : Under Construction #
# Admin : gobed balagadona #
#####################################
# NETWORK OPTIONS
# -------------------------------------------------
http_port 8080
icp_port 0
# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
# -----------------------------------------------------------------------------
#cache_peer proxy.wetasem.com parent 8080 0 no-digest no-query proxy-only
#cache_peer 125.160.17.23 sibling 8080 0 no-digest no-query proxy-only
hierarchy_stoplist cgi-bin ? .js .jsp
acl QUERY urlpath_regex cgi-bin \? .js .jsp
cache deny QUERY
#cache allow all
# OPTIONS WHICH AFFECT THE CACHE SIZE
# -----------------------------------------------------------------------------
cache_mem 6 MB
cache_swap_low 98%
cache_swap_high 99%
half_closed_clients off
#maximum_object_size 1024 KB
maximum_object_size 16 MB
minimum_object_size 512 bytes
maximum_object_size_in_memory 1 MB
store_avg_object_size 15 KB
ipcache_size 512
ipcache_low 98
ipcache_high 99
#cache_replacement_policy lru
#memory_replacement_policy lru
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
# LOGFILE PATHNAMES AND CACHE DIRECTORIES
# -----------------------------------------------------------------------------
#cache_dir aufs /cache 12000 12 256
cache_dir diskd /cache 12000 12 256 Q1=72 Q2=64
#store_dir_select_algorithm round-robin
cache_access_log /var/log/squid/access.log
#cache_access_log /dev/null
#cache_log /var/log/squid/cache.log
cache_log /dev/null
cache_store_log /dev/null
emulate_httpd_log on
pid_filename /var/log/squid/squid.pid
# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
# -----------------------------------------------------------------------------
ftp_user proxyadmin@comast.com
ftp_list_width 64
ftp_passive on
redirect_rewrites_host_header on
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
authenticate_ttl 1 hour
authenticate_ip_ttl 60 seconds
# OPTIONS FOR TUNING THE CACHE
# -----------------------------------------------------------------------------
#request_body_max_size 10 MB
#reply_body_max_size 700 MB allow all
refresh_pattern -i .(class|css|js|gif|jpg)$ 10080 100% 43200
refresh_pattern -i .(jpe|jpeg|png|bmp|tif)$ 10080 100% 43200
refresh_pattern -i .(tiff|mov|avi|qt|mpeg)$ 10080 100% 43200
refresh_pattern -i .(mpg|mpe|wav|au|mid)$ 10080 100% 43200
refresh_pattern -i .(zip|gz|arj|lha|lzh)$ 10080 100% 43200
refresh_pattern -i .(rar|tgz|tar|exe|bin)$ 10080 100% 43200
refresh_pattern -i .(hqx|pdf|rtf|doc|swf)$ 10080 100% 43200
refresh_pattern -i .(inc|cab|ad|txt|dll)$ 10080 100% 43200
refresh_pattern -i .(asp|acgi|pl|shtml|php3|php)$ 2 20% 43200
refresh_pattern ^http://*.facebook.*/.* 720 100% 10080
refresh_pattern ^http://*.friendster.*/.* 720 100% 10080
refresh_pattern ^http://*.google.*/.* 720 100% 10080
refresh_pattern ^http://*.akamai.*/.* 720 100% 10080
refresh_pattern ^http://*.ytimg.*/.* 720 100% 10080
refresh_pattern ^http://*.fbcdn.net/.* 720 100% 10080
refresh_pattern ^http://mail.yahoo.com/.* 720 100% 10080
refresh_pattern ^http://*.yahoo.*/.* 720 100% 7200
refresh_pattern ^http://*.google-analytics.*/.* 720 100% 10080
refresh_pattern ^http://*.googlesyndication.*/.* 720 100% 10080
refresh_pattern ^http://*.wordpress.com/.* 720 80% 10080
refresh_pattern ^http://*.twitter.com/.* 720 80% 10080
refresh_pattern -i .google.co.id$ 1440 100% 10080
refresh_pattern -i \.flv$ 10080 90% 999999
refresh_pattern -i .co.id$ 1440 100% 10080
refresh_pattern -i .mail.yahoo$ 1440 100% 3500
refresh_pattern ^http://i(.*/?%29.photobucket.com%2Falbums%2F%28.%2A%3F%29%2F%28.%2A%3F%29%2F%28.%2A%3F%29\? 43200 90% 999999
refresh_pattern ^http://vid(.*/?%29.photobucket.com%2Falbums%2F%28.%2A%3F%29%2F%28.%2A%3F%29\? 43200 90% 999999
refresh_pattern ^http://*.indowebster.com.*/.* 720 100% 10080
refresh_pattern ^http://*.blogsome.com/.* 720 80% 10080
refresh_pattern ^http://*.gmail.*/.* 720 100% 4320
refresh_pattern ^http://*.blogspot.com/.* 720 100% 4320
refresh_pattern ^http://*.detik.com/.* 720 100% 4320
refresh_pattern ^http://*.detik.*/.* 720 100% 4320
refresh_pattern ^http://*.kompas.com/.* 720 100% 4320
refresh_pattern ^http://*.metrotvnews.com/.* 720 100% 4320
refresh_pattern ^http://*.multiply.*/.* 720 100% 7200
refresh_pattern ^http://*.wikipedia.*/.* 720 80% 10080
refresh_pattern ^http://*.kaskus.*/.* 720 100% 28800
refresh_pattern ^http://*.imperiaonline.org/.* 720 100% 28800
refresh_pattern ^http://*.telkom.*/.* 720 90% 10080
refresh_pattern ^http://*.astaga.*/.* 720 90% 10080
refresh_pattern ^http://*.okezone.*/.* 720 90% 2880
refresh_pattern ^http://*.kapanlagi.*/.* 720 90% 2880
refresh_pattern ^http://*.tvone.*/.* 720 90% 10080
refresh_pattern ^http://*.tribunjabar.*/.* 720 90% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern ^ftp: 10080 95% 241920
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
# TIMEOUTS
# -----------------------------------------------------------------------------
pipeline_prefetch on
vary_ignore_expire on
reload_into_ims on
icp_hit_stale on
query_icmp on
quick_abort_min -1 KB
quick_abort_max 0
quick_abort_pct 98
memory_pools off
connect_timeout 5 minutes
peer_connect_timeout 30 seconds
dead_peer_timeout 30 seconds
read_timeout 5 minutes
request_timeout 30 seconds
persistent_request_timeout 1 minute
half_closed_clients off
pconn_timeout 120 seconds
positive_dns_ttl 6 hours
negative_dns_ttl 10 minutes
dns_defnames on
dns_retransmit_interval 5 seconds
dns_timeout 5 minutes
ignore_unknown_nameservers on
shutdown_lifetime 10 seconds
# ACCESS CONTROLS
# -----------------------------------------------------------------------------
#acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
#acl client src 125.166.239.80/255.255.255.255
acl comast src 192.168.1.0/24
acl numeric_IPs url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
http_access deny numeric_IPs all
acl block dstdomain .trafficmp.com .hotbar.com .bonzi.com .gator.com .gohip.com .ezula.com .epilot.com
acl dialer urlpath_regex -i \.Fre_Sex_Download.exe$ \StripSetup.exe \.vbs$ \.bat$ \.dialer.exe$
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl ircports port 6666-7000 # irc port
acl CONNECT method CONNECT
#acl erase method PURGE
http_access deny ircports
http_access deny !Safe_ports
http_access allow manager localhost
http_access deny block
http_access deny dialer
#http_access allow client
http_access allow comast
http_access allow localhost
http_access deny manager
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access deny all
http_reply_access allow localhost
#http_reply_access allow client
http_reply_access allow comast
http_reply_access deny all
#icp_access allow client
icp_access deny all
miss_access allow all
#always_direct allow client
always_direct allow comast
always_direct deny all
# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------
cache_mgr ast@comast.com
cache_effective_user squid
cache_effective_group squid
visible_hostname proxy@comast.com
# MISCELLANEOUS
# -----------------------------------------------------------------------------
logfile_rotate 5
log_icp_queries off
store_objects_per_bucket 50
buffered_logs on
# DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option)
# -----------------------------------------------------------------------------
prefer_direct off
coredump_dir none
ie_refresh off
# squid clamav antivirus
# url_rewrite_program /usr/local/bin/squidclamav
# -------------------------------------------------------------------------------
###### High Anonymous (elite) Proxy
# -------------------------------------------------------------------------------
forwarded_for off
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all
Post a Comment