Contoh Squid confiq disertai Keterangan

# WELCOME TO SQUID 2.7 HIGH PERFORMANCES # ...... #============================================== # TAG: http_port # Daftar port koneksi squid. #============================================== http_port 3128 transparent icp_port 0 # Mengatasi Facebook Blank setelah login server_http11 on #============================================== # TAG: hierarchy_stoplist # Daftar kata2 yg, jika ditemukan dalam sebuah URL, menyebabkan obyek # akan ditangani langsung oleh squid. Opsi dapat ditulis beberapa kali #============================================== hierarchy_stoplist cgi-bin ? localhost acl QUERY urlpath_regex cgi-bin \? localhost no_cache deny QUERY #============================================== # OPTIONS WHICH AFFECT THE CACHE SIZE #============================================== # Ukuran memory (RAM) yang digunakan untuk men-cache obyek. Jangan # terlalu besar, Idealnya 60-70% dari total Memory yang terpasang #============================================== cache_mem 128 MB # Ukuran maksimum suatu obyek yang di-cache ke hd & Memory. Ukurannya terserah # tergantung kebutuhan. maximum_object_size 50 MB maximum_object_size_in_memory 128 KB # Ini adalah trik yg menyebabkan squid selalu berusaha menyimpan obyek # dalam memory dan baru akan men-swap data ke hd jika cache_mem sudah # penuh. cache_swap_low 98% cache_swap_high 99% # Bagian ini adalah metode swapping data dari memory ke cache hd. LFUDA # brarti menyebabkan squid akan men-cache obyek2 berukuran besar, # sebaliknya GDSF men-cache obyek2 kecil secara progresif. Saran saya # cache hd menggunakan LFUDA dan cache memory menggunakan GDSF karena # pembacaan/penulisan ke memory (RAM) jelas lebih cepat daripada hd. cache_replacement_policy heap LFUDA memory_replacement_policy heap GDSF

# Ini adalah pembatasan maksimum memory yg dipakai oleh squid. Saran saya # sekitar 60-70% dari ukuran RAM. #high_memory_warning 70 MB # FIXME! ipcache_size 16384 fqdncache_size 16384 # Sama seperti cache_swap_low/high, hanya saja obyeknya adalah IP. ipcache_low 98 ipcache_high 99 #============================================== # LOGFILE PATHNAMES AND CACHE DIRECTORIES #============================================== # Bagian ini adalah konfigurasi direktori cache (hd). Urutannya adalah: # Untuk Cache Size squid idealnya 60% dari Partisi Size squid yang di sediakan. cache_dir aufs /cache 100000 48 256 # Ini adalah konfigurasi peletakan log squid. lokasinya terserah. cache_access_log /usr/local/squid/access.log cache_log none cache_store_log none # Ini daftar mime squid. Selalu gunakan agar proses filtering obyek # lebih cepat. mime_table /usr/share/squid/mime.conf # Lokasi PID squid. pid_filename /var/run/squid.pid coredump_dir /var/spool/squid/ # Beberapa log yg tidak signifikan karena opsi2-nya jarang digunakan. log_fqdn off log_icp_queries off buffered_logs off emulate_httpd_log off #============================================== # FTP section #============================================== # Selalu gunakan opsi ini untuk mengurangi beban trafik. FTP mode pasif # menyebabkan client tidak berhubungan langsung dengan FTP Server tujuan # dan menggunakan squid sebagai relay sehingga bandwidth utk koneksi FTP # bisa dikontrol mungkin dengan kombinasi IP filtering (PF (BSD)/ IPTABLES). ftp_list_width 32 ftp_passive on ftp_sanitycheck on #==============================================

# DNS resolution section #============================================== # Isikan IP (BUKAN NAMA) untuk mempercepat resolusi query dns dari client. # Menggunakan OpenDNS untuk settingan di bawah ini dns_nameservers 202.80.112.68 202.80.112.8 #============================================== # Filesystem section #============================================== #diskd_program /usr/bin/diskd #============================================== # AUTH section #============================================== # Sistem autentikasi client-server yg di-relay oleh squid. Gunakan jika # perlu. Tidak saya gunakan agar tidak membebani kerja squid dan bw. #auth_param basic children 5 #auth_param basic realm Squid proxy-caching web server #auth_param basic credentialsttl 2 hours #auth_param basic casesensitive off #============================================== # Refresh Rate #============================================== # Ini adalah bagian yg sering diutak-atik karena menyangkut lamanya # sebuah obyek dicatat dalam cache (hd). Cari nilainya secara # trial n error karena tidak ada angka pasti. Urutannya adalah: # # refresh_pattern REGEX MIN_MINUTES VALIDITY(%) MAX_MINUTES refresh_pattern -i \.(class|css|js|gif|jpg|ps)$ 1440 50% 43200 refresh_pattern -i \.(jpe|jpeg|png|bmp|tif)$ 1440 50% 43200 refresh_pattern -i \.(tiff|mov|avi|qt|mpeg|flv|ra|rm|wmv|divx)$ 1440 50% 43200 refresh_pattern -i \.(mpg|mpe|wav|au|mid|mp3|mp4|ac4|swf)$ 1440 50% 43200 refresh_pattern -i \.(zip|gz|arj|lha|lzh|7z)$ 1440 50% 43200 refresh_pattern -i \.(rar|tgz|tar|exe|bin|rpm|iso)$ 1440 50% 43200 refresh_pattern -i \.(hqx|pdf|rtf|doc|swf|xls|ppt|pdf|docx|xlsx)$ 1440 50% 43200 refresh_pattern -i \.(inc|cab|ad|txt|dll|dat)$ 1440 50% 43200 # -- refresh pattern for specific sites -- # refresh_pattern ^http://*.jobstreet.com.*/.* 720 100% 10080 override-expire override-lastmod ignore-no-cache refresh_pattern ^http://*.indowebster.com.*/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth refresh_pattern ^http://*.21cineplex.*/.* 720 100% 10080 override-expire override-lastmod reloadinto-ims ignore-reload ignore-no-cache ignore-auth refresh_pattern ^http://*.atmajaya.*/.* 720 100% 10080 override-expire ignore-no-cache ignoreauth refresh_pattern ^http://*.kompas.*/.* 720 100% 10080 override-expire override-lastmod reloadinto-ims ignore-no-cache ignore-auth refresh_pattern ^http://*.theinquirer.*/.* 720 100% 10080 override-expire ignore-no-cache ignoreauth

refresh_pattern ^http://*.blogspot.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://*.wordpress.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache refresh_pattern ^http://*.photobucket.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://*.tinypic.com/.* 720 100% 10080 override-expire override-lastmod reloadinto-ims ignore-no-cache ignore-auth refresh_pattern ^http://*.imageshack.us/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://*.kaskus.*/.* 720 100% 28800 override-expire override-lastmod reloadinto-ims ignore-no-cache ignore-auth refresh_pattern ^http://www.kaskus.com/.* 720 100% 28800 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://*.detik.*/.* 720 50% 2880 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://*.detiknews.*/*.* 720 50% 2880 override-expire override-lastmod reloadinto-ims ignore-no-cache ignore-auth refresh_pattern ^http://video.liputan6.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://static.liputan6.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://*.friendster.com/.* 720 100% 10080 override-expire override-lastmod ignore-no-cache ignore-auth refresh_pattern ^http://*.facebook.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://apps.facebook.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://*.fbcdn.net/.* 720 100% 10080 override-expire override-lastmod reloadinto-ims ignore-no-cache ignore-auth refresh_pattern ^http://profile.ak.fbcdn.net/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://static.playspoon.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://cooking.game.playspoon.com/.* 720 100% 10080 override-expire overridelastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern -i http://[^a-z\.]*onemanga\.com/? 720 80% 10080 override-expire overridelastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://media?.onemanga.com/.* 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://*.yahoo.com/.* 720 80% 10080 override-expire override-lastmod reloadinto-ims ignore-no-cache ignore-auth refresh_pattern ^http://*.google.com/.* 720 80% 10080 override-expire override-lastmod reloadinto-ims ignore-no-cache ignore-auth refresh_pattern ^http://*.forummikrotik.com/.* 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://*.linux.or.id/.* 720 100% 10080 override-expire override-lastmod reloadinto-ims ignore-no-cache ignore-auth refresh_pattern ^ftp: 1440 95% 12960 reload-into-ims refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern . 0 20% 4320 quick_abort_min 0 KB quick_abort_max 0 KB quick_abort_pct 100% #============================================== # ACL section #============================================== acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localnet src 192.168.1.0/28 acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 443 563 # https, snews acl Safe_ports port 80 81 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl purge method PURGE acl CONNECT method CONNECT always_direct allow localnet localhost always_direct deny all http_access allow manager all http_access deny !Safe_ports http_access allow purge localhost http_access deny purge http_access allow localhost http_access allow localnet http_access deny all http_reply_access allow all icp_access allow all miss_access allow localnet miss_access deny all visible_hostname proxy header_access Accept-Encoding deny all #============================================== # MISCELLANEOUS #============================================== logfile_rotate 7 negative_ttl 2 minutes client_persistent_connections on server_persistent_connections on pipeline_prefetch on vary_ignore_expire on reload_into_ims on nonhierarchical_direct off prefer_direct off memory_pools off

ie_refresh on cache_effective_user proxy cache_effective_group proxy #-----------------------------------------------------------------# #tcp_outgoing_tos 0x30 localnet #-----------------------------------------------------------------# zph_mode tos zph_local 0x30 zph_parent 0 zph_option 136