# squid.conf 3.1 # ------------# OPTIONS FOR AUTHENTICATION # -------------------------#auth_param basic program /usr/lib64/squid/squid_ldap_auth -b "dc=tahubachem ,dc=local" -f "uid=%s" -h 192.168.10.

6 #auth_param basic children 5 #auth_param basic realm Squid proxy-caching web server #auth_param basic credentialsttl 2 hour #authenticate_ip_ttl 5 minutes # ACL acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed #acl localnet src 10.0.0.0/8 # RFC1918 possible internal network #acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.137.0/24 # RFC1918 possible internal network #acl localnet src fc00::/7 # RFC 4193 local private network range #acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machine s acl acl acl acl acl acl acl acl acl acl acl acl acl acl acl acl acl acl acl acl acl acl #ACL #acl #ACL #acl SSL_ports port 443 Safe_ports port 80 # http Safe_ports port 21 # ftp Safe_ports port 443 # https Safe_ports port 70 # gopher Safe_ports port 210 # wais Safe_ports port 1025-65535 # unregistered ports Safe_ports port 280 # http-mgmt Safe_ports port 488 # gss-http Safe_ports port 591 # filemaker Safe_ports port 777 # multiling http Safe_ports port 631 # cups Safe_ports port 10000 # webmin Safe_ports port 873 # rsync Safe_ports port 901 # SWAT Safe_ports port 5050 # YM Safe_ports port 110 # POP3 Safe_ports port 25 # SMTP Safe_ports port 2095 2096 # webmail from cpanel Safe_ports port 2082 2083 # cpanel CONNECT method CONNECT QUERY urlpath_regex cgi-bin \? LDAP auth: ldapauth proxy_auth REQUIRED one ip = one user login one_ip_access max_user_ip -s 1

# ACL file download acl downloadfile url_regex -i ftp .001 .002 .003 .004 .005 .006 .007 .008 .0 09 .010 .3gp .avi .bin .cab .cda .div .divx .deb .doc .docx .exe .flv .gif .gz . ico .iso .jpeg .jpg .midi .mkv .mov .mp3 .mp4 .mpe .mpeg .mpg .msi acl downloadfile url_regex -i ftp .nrg .ogg .pdf .png .ppt .pptx .qt .ram .r ar .raw .rm .rpm .swf .tar .tar.bz2 .tar.gz .tiff .vqf .wav .wmv .xls .xlsx .x-f

lv .zip # Recommended minimum Access Permission configuration: # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user #http_access deny to_localhost # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # -------------------------------------------------------------# Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed http_access allow localnet http_access allow localhost # And finally deny all other access to this proxy http_access deny all # Transparent Squid port 3128 http_port 3128 transparent #No transparent,if using wpad.dat will tell web browser the proxy address & port #http_port 3128 # We recommend you to use at least the following line. hierarchy_stoplist cgi-bin ? # -------------------# MEMORY CACHE OPTIONS # -------------------cache_mem 16 MB maximum_object_size_in_memory 32 KB memory_replacement_policy heap GDSF # --------------------------# cache_dir # --------------------------## option cache have a methode for know the configuration, ## normally we use 80% for the /cache all, but never ## give a good performancy, so for the save configuration we ## use 50% for /cache ## x=50% for the /cache in KB ##(ex 50% X 12GB, so we use 6GB=~6,000,000KB) ## y=Average object size (use 13KB) ## z= 256 -> (((x / y) / 256) / 256) * 2 this the method ## ex, we use 6 GB for /cache (50% ), so: ## 6,000,000 / 13 = 461538.5 / 256 = 1802.9 / 256 = 7 * 2 = 14 ## So the row of cache_dir : cache_dir ufs 6000 14 256 # ---------------------------

cache deny QUERY cache_replacement_policy heap LFUDA cache_dir aufs /var/spool/squid 6000 14 256 minimum_object_size 0 KB maximum_object_size 64 MB cache_swap_low 98 cache_swap_high 99 # LOGFILE OPTIONS # --------------access_log /var/log/squid/access.log squid cache_log /var/log/squid/cache.log #cache_store_log /var/log/squid/store.log cache_store_log none logfile_rotate 10 # OPTIONS FOR TROUBLESHOOTING # --------------------------# Leave coredumps in the first cache dir coredump_dir /var/spool/squid # OPTIONS FOR URL REWRITING # ------------------------# Options for squidGuard #url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf # OPTIONS FOR TUNING THE CACHE # ---------------------------# Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 refresh_pattern refresh_pattern 43200 refresh_pattern f)$ 10080 90% 43200 refresh_pattern 00 refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 -i \.(iso|avi|wav|mp3|mp4|mpeg|mpg|swf|flv|x-flv)$ 10080 90% -i \.(deb|rpm|exe|ram|bin|pdf|ppt|pptx|doc|docx|xls|xlsx|tif -i \.(zip|bz2|gz|arj|lha|lzh|tar|tgz|cab|rar)$ 10080 95% 432 -i \.(html|htm|css|js|php|asp|aspx) 1440 40% 40320

refresh_pattern -i download.windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[ v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i download.microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a] |dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i update.microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|d at|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat| zip) 4320 80% 43200 reload-into-ims refresh_pattern -i windowsupdate.microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm [v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i ntservicepack.microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm [v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i wustat.windows.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat |zip) 4320 80% 43200 reload-into-ims # TIMEOUTS # --------

forward_timeout 2 minutes connect_timeout 1 minute read_timeout 10 minutes request_timeout 3 minutes persistent_request_timeout 1 minutes client_lifetime 1 day half_closed_clients off shutdown_lifetime 10 seconds # ADMINISTRATIVE PARAMETERS # ------------------------cache_mgr triadi80@gmail.com cache_effective_user squid visible_hostname cumi.tahubachem.net # # # # # # # # # # # # # # DELAY POOL PARAMETERS --------------------1 byte = 8 bits 1 kilobyte (K / Kb) = 2^10 bytes = 1,024 bytes 1 megabyte (M / MB) = 2^20 bytes = 1,048,576 bytes 1 gigabyte (G / GB) = 2^30 bytes = 1,073,741,824 bytes 1 terabyte (T / TB) = 2^40 bytes = 1,099,511,627,776 bytes 1 petabyte (P / PB) = 2^50 bytes = 1,125,899,906,842,624 bytes 1 exabyte (E / EB) = 2^60 bytes = 1,152,921,504,606,846,976 bytes 512 Kbps = 64 Kbytes = 64000 bytes 384 Kbps = 48 Kbytes = 48000 bytes 256 Kbps = 32 Kbytes = 32000 bytes 128 Kbps = 16 Kbytes = 16000 bytes 64 Kbps = 8 Kbytes = 8000 bytes

delay_pools 2 # aturan 1, tidak ada pembatasan delay_class 1 2 delay_parameters 1 -1/-1 -1/-1 # aturan 2,after download 500000 bytes(500KB),download become 15000 bytes/s( 15KB/s) delay_class 2 2 delay_parameters 2 -1/500000 15000/500000 delay_access delay_access delay_access delay_access 2 2 1 1 allow downloadfile deny all deny downloadfile allow all

# OPTIONS INFLUENCING REQUEST FORWARDING # -------------------------------------prefer_direct off always_direct allow QUERY #always_direct allow ipserver always_direct deny all # DNS OPTIONS # ----------allow_underscore on dns_retransmit_interval 2 seconds dns_timeout 1 minutes dns_nameservers 192.168.0.1 192.168.1.1 hosts_file /etc/hosts

ignore_unknown_nameservers on ipcache_size 1024 ipcache_low 90 ipcache_high 95 fqdncache_size 1024 # MISCELLANEOUS # ------------forwarded_for on uri_whitespace strip