My Store

Minggu, 27 Februari 2011

Proxy Linux


ijin share sedikit nih mas, tentang squid optimal ku...
# BISMILLAH HIRRAHMAANIRRAHIIIM $
#============================================================$
# WELCOME TO SQUID 2 WAHYU HIGH PERFORMANCE $
# SQUID PROXY CACHE $
# LAST EDITING 2009 $
#============================================================$
#============================================================$
http_port 8080
icp_port 3130
#============================================================$
#============================================================$
udp_incoming_address 0.0.0.0
udp_outgoing_address 255.255.255.255
#============================================================$
#============================================================$
hierarchy_stoplist cgi-bin ? .js .jsp localhost visicom indosat.net.id
acl QUERY urlpath_regex cgi-bin \? .js .jsp localhost visicom indosat.net.id
no_cache deny QUERY
#============================================================$
#============================================================$
# OPTIONS WHICH AFFECT THE CACHE SIZE
#============================================================$
cache_mem 64 MB
maximum_object_size 10 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 4 KB
cache_swap_low 98
cache_swap_high 99
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
store_dir_select_algorithm round-robin
ipcache_size 2048
ipcache_low 98
ipcache_high 99
fqdncache_size 2048
#============================================================$
# LOGFILE PATHNAMES AND CACHE DIRECTORIES
#============================================================$
cache_dir aufs /var/log/squid/cache 800 10 256
cache_dir diskd /cache-1 50000 10 256 Q1=72 Q2=64
cache_dir diskd /cache-2 50000 10 256 Q1=72 Q2=64
cache_access_log /var/log/squid/access.log
emulate_httpd_log on
cache_log /dev/null
cache_store_log /dev/null
mime_table /etc/squid/mime.conf
pid_filename /var/run/squid.pid
log_ip_on_direct on
log_fqdn off
log_icp_queries off
log_mime_hdrs off
log_ip_on_direct off
debug_options ALL,1
buffered_logs off
emulate_httpd_log off
client_netmask 255.255.255.255
ftp_passive on
ftp_sanitycheck on
hosts_file /etc/hosts

#============================================================$
# FTP section
#============================================================$
ftp_user anonymous@
ftp_list_width 32
ftp_passive on
ftp_sanitycheck on

#============================================================$
# DNS resolution section
#============================================================$
#cache_dns_program /etc/squid/libexec/dnsserver
#dns_children 24
dns_nameservers 203.130.196.5 203.130.193.74
prefer_direct off
#============================================================$
#auth_param basic children 5
#auth_param basic realm Squid proxy-caching web server
#auth_param basic credentialsttl 2 hours
#auth_param basic casesensitive off
#============================================================$
#============================================================$
# Refresh Rate
#============================================================$
refresh_pattern . 0 20% 4320
refresh_pattern -i \.(class|css|js|gif|jpg)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(jpe|jpeg|png|bmp|tif)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(tiff|mov|avi|qt|mpeg)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(mpg|mpe|wav|au|mid)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(zip|gz|arj|lha|lzh)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(rar|tgz|tar|exe|bin)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(hqx|pdf|rtf|doc|swf)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(inc|cab|ad|txt|dll)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(asp|acgi|pl|shtml|php3|php)$ 2 20% 4320 reload-into-ims
refresh_pattern -i \.spinbox.net$ 10080 90% 10080 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.tar.gz$ 10080 90% 10080 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i /$ 2880 90% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i http://www.mail.yahoo.com 1140 98% 1140 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i http://www.yahoo.com 1140 98% 1140 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i http://www.friendster.com 10080 90% 10080 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.friendster.com/.* 720 100% 4320
refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320
refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320
refresh_pattern ^http://*.yimg.*/.* 720 100% 4320
refresh_pattern ^http://*.gmail.*/.* 720 100% 4320
refresh_pattern ^http://*.google.*/.* 720 100% 4320
refresh_pattern ^http://*korea.*/.* 720 100% 4320
refresh_pattern ^http://*.akamai.*/.* 720 100% 4320
refresh_pattern ^http://*.windowsmedia.*/.* 720 100% 4320
refresh_pattern ^http://*.googlesyndication.*/.* 720 100% 4320
refresh_pattern ^http://*.plasa.*/.* 720 100% 4320
refresh_pattern ^http://*.telkom.*/.* 720 100% 4320

refresh_pattern -i \.class$ 43200 90% 86400 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i ^ftp:// 1440 90% 172800 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i /index.htm?$ 2880 90% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.(htm|html)$ 2880 90% 86400 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.(gif|jp?g|xbm|png|swf|bmp)$ 21600 90% 43200 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.(mov|avi|qtm|mp?)$ 21600 90% 43200 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.(zip|exe|gz|Z|lha|arj)$ 21600 90% 43200 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^gopher: 1440 90% 172800 override-expire override-lastmod ignore-reload reload-into-ims
request_header_max_size 10 KB
request_body_max_size 5 MB
quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 98

negative_ttl 3 minutes
positive_dns_ttl 53 seconds
negative_dns_ttl 29 seconds
request_timeout 1 minutes
range_offset_limit 0 KB
#forward_timeout 4 minutes
connect_timeout 2 minutes
peer_connect_timeout 1 minutes
pconn_timeout 120 seconds
shutdown_lifetime 10 seconds
read_timeout 15 minutes
persistent_request_timeout 1 minute
client_lifetime 60 minutes
pipeline_prefetch on
vary_ignore_expire on
#============================================================$
# ACL section
#============================================================$

#acl macaddress arp 09:00:2b:23:45:67
#acl password proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
acl domainsaru dstdomain "/etc/squid/domainsaru"
acl katasex url_regex -i "/etc/squid/sex"
# acl boleh url_regex dst "/etc/squid/boleh"
acl iix dst_as 7713 4795 7597 4622 4787 4800 6667 6666 6665 6000-7000 5550 5050
always_direct allow iix
acl buggy_server url_regex ^http://www.prestasi.biz
broken_posts allow buggy_server
http_access deny domainsaru
http_access deny katasex
# http_access allow boleh
# PROXY
#acl PROXY src 10.10.10.1 10.10.10.2 10.10.10.3 10.10.10.4 10.10.10.5
acl PROXY src 10.10.10.5
http_access allow PROXY
acl virus dst 204.177.92.204/32 64.191.99.145/32
acl gator dstdom_regex gator hot_indonesia.exe
acl exploit urlpath_regex winnt/system32/cmd.exe?
acl exploit urlpath_regex splashPages/black.sps?
acl BADPORTS port 7 9 11 19 22 23 25 110 119 513 514

http_access deny virus
http_access deny gator
http_access deny exploit
http_access deny BADPORTS
http_access allow manager
http_access allow localhost
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
# http_access deny all
http_reply_access allow all
icp_access allow PROXY
icp_access deny all
miss_access allow PROXY
always_direct allow localhost PROXY
always_direct deny all
cache_mgr wahyu_devilcode@devilzc0de.org
cache_effective_user squid
cache_effective_group squid
visible_hostname proxy.devilzc0de.org
unique_hostname webmaster
#============================================================$
# Transparent proxy setting
#============================================================$
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
#httpd_accel_no_pmtu_disc on
httpd_accel_single_host off
half_closed_clients off
forwarded_for off
header_access From deny all
extension_methods SEARCH
##########
client_db off
strip_query_terms off
icon_directory /usr/share/squid/icons
error_directory /usr/share/squid/errors/English
snmp_incoming_address 0.0.0.0
snmp_outgoing_address 255.255.255.255

#============================================================$
# MISCELLANEOUS
#============================================================$
logfile_rotate 3
reload_into_ims on
store_dir_select_algorithm round-robin
nonhierarchical_direct off
prefer_direct on
memory_pools off
cachemgr_passwd disable shutdown
cachemgr_passwd all
offline_mode off
icp_hit_stale on
query_icmp on
coredump_dir /etc/squid
ignore_unknown_nameservers on
acl hotmail dstdomain .hotmail.com .msn.com .passport.net .msn.co.id .passport.com
header_access Accept-Encoding deny hotmail
#============================================================$
# DELAY POOLS
#============================================================$
acl magic_words1 url_regex -i 192.168.
acl magic_words2 url_regex -i ftp .exe .mp3 .vqf .tar.gz .wmv .tar.bz .tar.bz2 .gz .rpm .zip
acl magic_words2 url_regex -i .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav .tar .doc
acl magic_words2 url_regex -i .ppt .z .wmf .mov .arj .lzh .gzip .bin .wma
delay_pools 2
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_access 1 allow magic_words1
delay_class 2 2
delay_parameters 2 35000/36000 35000/36000
delay_access 2 allow magic_words2



#============================================================$
# SNMP
#============================================================$
acl snmpcommunity snmp_community public
snmp_port 3401
snmp_access allow snmpcommunity localhost
snmp_access deny all
wccp_router 0.0.0.0
ie_refresh on
#=============================================================$
sekian :)
Diposting oleh di
Label:

Tidak ada komentar:

Posting Komentar

Komen dengan tutur kata yang baik dan cerdas.
tengkyu. gak sopan gw tabok Lo!

Langganan: Posting Komentar (Atom)