Sabtu, 25 Desember 2010

Setting Squid Alias Proxy Server di Linux Debian

07.23  , ,  No comments

# Setting dasar Proxy
http_port 8080 transparent
hierarchy_stoplist cgi-bin ? .js .jsp
acl QUERY urlpath_regex cgi-bin \? .js .jsp
cache deny QUERY

acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

cache_mem 128 MB
cache_swap_low 90
cache_swap_high 95

maximum_object_size 100 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 32 KB

ipcache_size 2048
ipcache_low 98
ipcache_high 99

cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF

# Cache directories
cache_dir ufs /proxy/spool/squid 10000 38 256

access_log /var/log/squid/access.log
cache_log none /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
emulate_httpd_log off
log_ip_on_direct on
client_netmask 255.255.255.255

# OPTIONS FOR TUNING THE CACHE
# wais_relay_port 0

request_header_max_size 20 KB
request_body_max_size 0 KB

refresh_pattern \.gif 4320 50% 43200
refresh_pattern \.jpg 4320 50% 43200
refresh_pattern \.gif 4320 50% 43200
refresh_pattern \.jpg 4320 50% 43200
refresh_pattern \.tif 4320 50% 43200
refresh_pattern ^http://www.friendster.com/.* 720 100% 4320
refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320
refresh_pattern ^http://mail1.plasa.com/.* 720 100% 4320
refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320
refresh_pattern ^http://*.friendster.*/.* 720 100% 4320
refresh_pattern ^http://www.yahoo.com/.* 720 100% 4320
refresh_pattern ^ftp: 10080 95% 241920 reload-into-ims override-lastmod
refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod

reload_into_ims on
pipeline_prefetch on
vary_ignore_expire on

quick_abort_min 0
quick_abort_max 0
quick_abort_pct 98

shutdown_lifetime 10 seconds

# ACCESS CONTROLS
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1
acl to_localhost dst 127.0.0.0/8

# Variabel localnet
acl localnet src 192.168.0.0/24
acl porn url_regex -i "/etc/squid/porn.txt"

#ACL Waktu Kerja time SMTWHF 08:00-16:00
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

# Allowing or Denying access based on defined access lists
http_access allow manager localhost
http_access deny porn
http_access allow manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow to_localhost

# Mengizinkan variabel localnet di atas
http_access allow localnet
http_access allow localhost
http_access allow all
http_reply_access allow all
icp_access allow all

# DELAY POOL
acl download url_regex -i ftp \.exe$ \.mp3$ \.mp4$ \.tar.gz$ \.gz$ \.tar.bz2$ $
acl download url_regex -i \.avi$ \.mpg$ \.mpeg$ \.rm$ \.iso$ \.wav$ \.mov$ \.d$
acl download url_regex -i \.midi$ \.rmi$ \.wma$ \.wmv$ \.ogg$ \.ogm$ \.m1v$ \.$
acl download url_regex -i \.m3u$ \.asx$ \.wpl$ \.wmx$ \.dvr-ms$ \.snd$ \.au$ \$
acl download url_regex -i \.m2p$ \.ts$ \.tp$ \.trp$ \.div$ \.divx$ \.mod$ \.vo$
acl download url_regex -i \.ac3$ \.cda$ \.vro$ \.deb$

# DELAY POOL CLASS
delay_pools 1
delay_class 1 1
delay_parameters 1 50000/50000
delay_access 1 allow download
delay_access 1 deny all

# ADMINISTRATIVE PARAMETERS
cache_mgr localhost
visible_hostname www.master-john.co.cc

0 comments:

Posting Komentar