Squid

http_port 3128 transparent
icp_port 0
hosts_file /etc/hosts
dns_nameservers /etc/resolv.conf
cache_mem 8 KB
cache_vary on
cache_swap_low 95
cache_swap_high 99
maximum_object_size 32000 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 1600 KB
ipcache_size 8092
ipcache_low 95
ipcache_high 98
fqdncache_size 8092
store_avg_object_size 13 kb
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
cache_dir aufs /home/proxy1 2000 64 256
#LOG FILE's
#--------------
cache_log /var/log/squid/cache.log
access_log /var/log/squid/access.log
cache_store_log /var/log/squid/store.log
#--------------
log_fqdn off
emulate_httpd_log off
log_mime_hdrs off
log_ip_on_direct on
#unlinkd_program /usr/local/squid/libexec/unlinkd
debug_options ALL,1
client_netmask 255.255.255.255
# Add File Extension you want to cache
refresh_pattern -i \.(jp?g|gif|pnp|png|\?bm?)$ 0 90% 43200 ignore-
reload override-expire reload-into-ims
refresh_pattern -i \.jar$ 0 90% 43200 ignore-reload override-
expire reload-into-ims
refresh_pattern -i \.dll$ 0 90% 43200 ignore-reload override-
refresh_pattern -i \.klz$ 0 90% 43200 ignore-reload override-
refresh_pattern -i \.dif$ 0 90% 43200 ignore-reload override-
refresh_pattern -i \.avi$ 0 90% 43200 ignore-reload override-
refresh_pattern -i \.iso$ 0 90% 43200 ignore-reload override-
refresh_pattern -i \.3gp$ 0 90% 43200 ignore-reload override-
refresh_pattern -i \.mpeg$ 0 90% 43200 ignore-reload override-
refresh_pattern -i \.xml$ 0 90% 43200 ignore-reload override-
refresh_pattern -i \.exe$ 0 90% 43200 ignore-reload override-
refresh_pattern -i \.zip$ 0 90% 40320 ignore-reload override-
refresh_pattern -i \.rar$ 0 90% 43200 ignore-reload override-
refresh_pattern -i \.mp3$ 0 90% 43200 ignore-reload override-
refresh_pattern -i \.dll$ 0 90% 43200 ignore-reload override-
refresh_pattern -i \.rar$ 0 90% 43200 ignore-reload override-
refresh_pattern -i \.npz$ 0 90% 43200 ignore-reload override-
refresh_pattern -i \.cfg$ 0 90% 43200 ignore-reload override-
refresh_pattern -i \.ver$ 0 90% 43200 ignore-reload override-
refresh_pattern -i \.erl$ 0 90% 43200 ignore-reload override-
refresh_pattern -i \.npz$ 0 90% 43200 ignore-reload override-
refresh_pattern -i \.xt$ 0 90% 43200 ignore-reload override-
refresh_pattern -i \.xtp$ 0 90% 43200 ignore-reload override-
refresh_pattern -i \.cfg$ 0 90% 43200 ignore-reload override-
refresh_pattern -i \.des$ 0 90% 43200 ignore-reload override-
refresh_pattern -i \.new$ 0 90% 43200 ignore-reload override-
refresh_pattern -i \.t2bk$ 0 90% 43200 ignore-reload override-
refresh_pattern -i \.smd$ 0 90% 43200 ignore-reload override-
refresh_pattern -i \.gi$ 0 90% 43200 ignore-reload override-
refresh_pattern -i \.dat$ 0 90% 43200 ignore-reload override-
refresh_pattern -i \.luc$ 0 90% 43200 ignore-reload override-
refresh_pattern -i \.flv$ 0 90% 43200 ignore-reload override-
refresh_pattern -i \.html$ 0 90% 43200 ignore-reload override-
refresh_pattern -i \.htm$ 0 90% 43200 ignore-reload override-
refresh_pattern -i \.php$ 0 90% 43200 ignore-reload override-
refresh_pattern -i \.jsp$ 0 90% 43200 ignore-reload override-
refresh_pattern -i \.swf$ 0 90% 43200 ignore-reload override-
refresh_pattern -i \.bin$ 0 90% 43200 ignore-reload override-
refresh_pattern -i \.pdf$ 0 90% 43200 ignore-reload override-
refresh_pattern -i \.mp4$ 0 90% 43200 ignore-reload override-
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 ignore-reload override-
refresh_pattern /.gif 4320 50% 43200
refresh_pattern /.jpg 4320 50% 43200
refresh_pattern /.jpeg 4320 50% 43200
refresh_pattern /.png 4320 50% 43200
refresh_pattern ^http://www.friendster.com/.* 720 100% 10080
refresh_pattern ^http://mail.yahoo.com/.* 720 100% 10080
refresh_pattern ^http://*.yahoo.*/.* 720 100% 7200
refresh_pattern ^http://*.google.com/.* 720 100% 10080
refresh_pattern ^http://www.telkomspeedy.com/.* 720 100% 28800
refresh_pattern ^http://*.blogsome.com/.* 720 80% 10080
refresh_pattern ^http://*.wordpress.com/.* 720 80% 10080
refresh_pattern ^http://*.detik.com/.* 720 90% 2880
refresh_pattern ^http://*.facebook.com/.* 720 90% 2880
refresh_pattern ^http://*.zynga.com/.* 720 90% 2880
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 95
request_header_max_size 200 KB
request_body_max_size 10 MB
half_closed_clients off
server_persistent_connections off
client_persistent_connections off
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 # RFC1918 possible internal network
acl localnet1 src 192.168.1.0/28 # RFC1918 possible internal network
acl SSL_ports port 443 563
acl Safe_ports port 20
acl Safe_ports port 443 563
acl Safe_ports port 1025-65535
acl PURGE method PURGE
acl CONNECT method CONNECT
http_reply_access allow all
http_access allow manager localhost
http_access allow PURGE localhost
http_access allow localnet1
http_access deny localhost
http_access deny PURGE
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#administrative paramaters
cache_mgr vensa_rockoff@yahoo.co.uk
cache_effective_user proxy
cache_effective_group proxy
visible_hostname ubuntu-squid
#httpd-accelerator options for 2.6-STABLE1 is not used!!!
#httpd_accel_no_pmtu_disc on
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
#vary_ignore_expire on
#detect_broken_pconn on
logfile_rotate 10
memory_pools off
memory_pools_limit 16 MB
forwarded_for on
log_icp_queries off
client_db off
icp_hit_stale off
query_icmp off
test_reachability off
buffered_logs on
reload_into_ims on
uri_whitespace strip
relaxed_header_parser warn
allow_underscore on
acl download url_regex -i \.exe$ \.mp3$ \.vqf$ \.gz$ \.rpm$ \.zip$ \.rar$ \.pdf$
\.doc$ \.avi$ \.mpe$ \.mpg$ \.qt$ \.ram$ \.rm$ \.iso$ \.dat$ \.raw$ \.wav$
\.mp4$ \.mpeg$ \.3gp$ \.flv$
zph_mode tos
zph_local 0x04
zph_parent 0
zph_option 136
pipeline_prefetch on
shutdown_lifetime 1 second
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables -t nat -I PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports
3128
iptables -t nat -I PREROUTING -i eth1 -p tcp -m tcp --dport 8080 -j REDIRECT --to-
ports 3128
iptables -t nat -I PREROUTING -i eth1 -p udp -m udp --dport 80 -j REDIRECT --to-

ports 3128
tulis ip tables di /etc/rc.local
/etc/init.d/squid stop
squid -F /etc/suid/squid.conf -z
/etc/init.d/squid start
******************** PENTING
Re: Ubuntu 9.10 server - locks up after 10 min without monitor
Alright, found it...
First, resist the temptation to modify /boot/grub/grub.cfg ... it'll get overwritten someday
soon.
First, In /etc/default/grub, Change this line (sudoedit or whatever you like) :

Code:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
for
Code:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash nomodeset"
then run
Code:
sudo update-grub
If you want to confirm that it worked, you should look at /boot/grub/grub.cfg and look for
something like this (notice "nomodeset" at the end of the line starting with "linux
/vmlinux...":
Code:
### BEGIN /etc/grub.d/10_linux ###
menuentry "Ubuntu, Linux 2.6.31-15-generic-pae" {
recordfail=1
if [ -n ${have_grubenv} ]; then save_env recordfail; fi
set quiet=1
insmod ext2
set root=(hd0,1)
search --no-floppy --fs-uuid --set 338edc81-4278-4cbe-aca8-
5f9c1456c229
linux /vmlinuz-2.6.31-15-Frank09 root=UUID=867f7d8b-66fd-4265-
a52a-8759931b5d28 ro quiet splash nomodeset
initrd /initrd.img-2.6.31-15-Frank09
}
Have fun,
Frank
********
http_port 3128 transparent
icp_port 3130
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 6 MB
cache_swap_low 98
cache_swap_high 99
maximum_object_size 64 MB
maximum_object_size_in_memory 64 KB
ipcache_size 8192
ipcache_low 98
ipcache_high 99
fqdncache_size 8192
cache_mgr vensa_rockoff@yahoo.co.uk
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
#cache_access_log /var/log/squid/access.log
#cache_access_log none
#cache_log /var/log/squid/cache.log
cache_store_log none
emulate_httpd_log off
log_fqdn off
memory_pools off
client_netmask 255.255.255.255
ftp_list_width 32
ftp_passive on
ftp_sanitycheck on
#refresh_pattern ^ftp: 40320 95% 241920 reload-into-ims
#refresh_pattern . 120 80% 14400 reload-into-ims override-lastmod
quick_abort_min 0
quick_abort_max 0
quick_abort_pct 98
negative_ttl 2 minutes
half_closed_clients off
read_timeout 15 minutes
client_lifetime 2 hours
pconn_timeout 60 seconds
request_timeout 1 minutes
shutdown_lifetime 10 seconds
positive_dns_ttl 60 seconds
negative_dns_ttl 30 seconds
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1
acl lan src 192.10.10.0/29
acl to_localhost dst 127.0.0.0/8
acl PURGE method PURGE
acl POST method POST
acl IpAddressOnly url_regex ^http://[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/$
acl IpAddressOnly url_regex ^http://[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$
acl GETONLY method GET
acl VIRUS urlpath_regex winnt/system32/cmd.exe?
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl snmppublic snmp_community public
# Hotmail workaround
header_access Accept-Encoding deny all
http_access allow localhost
http_access allow lan
http_access allow manager lan
http_access allow PURGE localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny PURGE
http_access deny VIRUS
http_access deny all
http_reply_access allow all
icp_access allow lan
icp_access deny all
miss_access allow lan
miss_access deny all
cache_effective_user proxy
cache_effective_group proxy
visible_hostname proxy.athan.net
unique_hostname proxy.athan.net
logfile_rotate 7
forwarded_for on
icp_hit_stale on
log_icp_queries off
query_icmp on
buffered_logs off
strip_query_terms off
icon_directory /usr/share/squid/icons
store_avg_object_size 13 KB
store_objects_per_bucket 10
client_db on
snmp_port 3401
snmp_access allow snmppublic lan
snmp_access deny all
coredump_dir /cache01
reload_into_ims on
pipeline_prefetch on
ie_refresh on
vary_ignore_expire on
acl download urlpath_regex -i \.exe? \.mp3? \.mp4? \.tar.gz? \.gz?
\.tar.bz2? \.rpm? \.zip? \.rar? \.avi? \.mpg? \.mpeg?
acl download urlpath_regex -i \.rm? \.iso? \.wav? \.mov? \.dat? \.mpe?
\.mid? \.midi? \.rmi? \.wma? \.wmv? \.ogg? \.ogm? \.m1v?
acl download urlpath_regex -i \.mp2? \.mpa? \.wax? \.m3u? \.asx? \.wpl?
\.wmx? \.dvr-ms? \.snd? \.au? \.aif? \.asf? \.m2v? \.m2p?
acl download urlpath_regex -i \.ts? \.tp? \.trp? \.div? \.divx? \.mod?
\.vob? \.aob? \.dts? \.ac3? \.cda? \.vro? \.deb? \.bin?
acl download urlpath_regex -i get_video\?video_id videodownload\?
\initialmeter.php? \meter.php? \result.php?
acl download urlpath_regex -i \.jpg?$ \.png?$ \.jpeg?$ \.gif?$ \.bmp?$ \.ico?
$ \.swf?$
acl download urlpath_regex -i speedtest?
acl ups dstdomain .?vip?.yahoo.com .lpmpsulteng.org .vip.mud.yahoo.com
.vip.re2.yahoo.com .vip.re1.yahoo.com .google.com .gmail.com .telkom.net
.hotmail.com .live.com .plasa.com .sentosamotor.com .friendster.com
acl downs dstdomain .kaskus.us .doubleclick.net .yimg.com .google.co.id .google-
analytics.com .youtube.com .speedtest.net .ookla.com .speakeasy.net
.speedtest.com.sg .newmediaexpress.com .all-nettools.com .smugmug.net
.googlesyndication.com .2wire.com .mcafee.com .kaili-network.net
acl downs dstdomain .ip-ku.com .rapidshare.com .rapidshare.de .topspeed-shop.com
.msn.com .mansion88.com .adbrite.com .kapetbatui.org
acl nonoperate dstdomain .multiply.com .surabaya.detik.com bandung.detik.com
.indo-pc.com .bursamoge.com .lagado.com .e-zy.net .balabit.com
.forummikrotik.com .mikrotik.com .pdajakarta.com
acl browsing urlpath_regex -i \.htm? \.html? \.asp? \.aspx? \.php? \.php3?
\.php4? \.js? \.css? \.shtm? \.shtml? \.jsp? \.jsf? \.xml? \.dll?
refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern ^http: 720 90% 432000
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire

ignore-no-cache ignore-private
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|mpg|swf|flv|x-flv)$ 43200 90%
432000 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(deb|rpm|exe|ram|bin|pdf|ppt|doc|tiff)$ 10080 90% 43200
override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(zip|gz|arj|lha|lzh|tar|tgz|cab|rar)$ 10080 95% 43200
override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(php|asp|aspx|cgi|html|htm|css|js) 1440 40% 40320
refresh_pattern . 0 20% 4320

acl limitusercon maxconn 350
http_access deny lan limitusercon
cache_log /var/log/squid/cache.log
access_log /var/log/squid/access.log
cache_store_log /var/log/squid/store.log

Squid

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Squid

Hochgeladen von

Copyright:

Verfügbare Formate

http_port 3128 transparent

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables -t nat -I PREROUTING -i eth1 -p udp -m udp --dport 80 -j REDIRECT --to-

tulis ip tables di /etc/rc.local

Re: Ubuntu 9.10 server - locks up after 10 min without monitor

Alright, found it...

First, In /etc/default/grub, Change this line (sudoedit or whatever you like) :

refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire

refresh_pattern . 0 20% 4320

Das könnte Ihnen auch gefallen