made by relatives egi (egi@nuxegi.net). to the contents of squid.conf, can be modified according to our needs
Squid installation
1. extract package
# Tar-xvzf squid-2.6.STABLE4.tar.gz
2. and compile Squid
[Root @ gateway squid-2.6.STABLE4] #. / Configure-prefix = / usr / local / squid-sysconfdir = / etc /-enable-gnuregex-enable-icmp-enable-delay-pools-enable-snmp-enable- htcp-enable-ssl-enable-cache-Digests-enable-linux-netfilter-enable-large-cache-files-enable-carp-with-pthreads-enable-carp-with-pthreads-enable-storeio = diskd, ufs - enable-removal-policies = heap-enable-arp-acl-enable-forw-via-db-enable-leakfinder-enable-truncate-enable-underscores-enable-stacktraces-enable-dlmalloc
[Root @ gateway squid-2.6.STABLE4] # make
[Root @ gateway squid-2.6.STABLE4] # make install
3. create cache directory, then change the access rights
[Root @ gateway squid-2.6.STABLE4] # mkdir-mode = 777 / usr / local / squid / var / cache
[Root @ gateway squid-2.6.STABLE4] # chown-Rf squid.squid / usr / local / squid / var / cache /
4. Create the file access.log and cache.log
[Root @ gateway squid-2.6.STABLE4] # touch / usr / local / squid / var / logs / access.log
[Root @ gateway squid-2.6.STABLE4] # touch / usr / local / squid / var / logs / cache.log
5. make file access permissions
[Root @ gateway squid-2.6.STABLE4] # chown-Rf squid.squid / usr / local / squid / var / logs /
[Root @ gateway squid-2.6.STABLE4] # chmod-Rf 777 / usr / local / squid / var / cache /
Editting squid.conf
"File / etc / squid.conf"
# File: squid.conf
# Creted by: egi@nuxegi.net
#
#-------------------------
# Port used 8080 or 3128
#-------------------------
http_port 8080
icp_port 3130
#-------------------------
# Options proxy
#-------------------------
# Cache_peer 202.xxx.xxx.xxx parent 8080 3130 no-query default
# Cache_peer sv.us.ircache.net parent 3128 3130 login = egi@nuxegi.net.id: FafboluveuvEecgi
# Cache_peer sj.us.ircache.net parent 3128 3130 login = egi@nuxegi.net.id: FafboluveuvEecgi
# Icp_query_timeout 2000
# Maximum_icp_query_timeout 2000
# Mcast_icp_query_timeout 2000
# Dead_peer_timeout 15 seconds
hierarchy_stoplist cgi-bin
hierarchy_stoplist?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
# Prefer_direct off
#-------------------------
# Options cache needs
#-------------------------
cache_mem 8 MB
cache_swap_low 90
cache_swap_high 95
minimum_object_size 0 KB
maximum_object_size 100 MB
maximum_object_size_in_memory 20 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF
#-------------------------
# Log file and directory where the cache ... cache directory can be made more than 1 (one)
#-------------------------
diskd cache_dir / usr / local / squid / var / cache 3000 16 256 Q1 = 72 Q2 = 64
store_dir_select_algorithm round-robin
cache_access_log / usr / local / squid / var / logs / access.log
cache_log / usr / local / squid / var / logs / cache.log
cache_store_log / usr / local / squid / var / logs / store.log
emulate_httpd_log off
log_ip_on_direct off
log_fqdn off
log_mime_hdrs off
log_icp_queries off
buffered_logs off
debug_options ALL, 1
mime_table / squid / etc / mime.conf
#-------------------------
# Options For External Support Programs
#-------------------------
ftp_user admin@dapenbni.co.id
ftp_list_width 32
ftp_passive on
# Dns_nameservers 202.155.0.10 202.155.0.15
unlinkd_program / usr / local / squid / libexec / unlinkd
redirect_rewrites_host_header on
#-------------------------
# Options For Peer Database
#-------------------------
digest_generation on
digest_bits_per_entry 10
digest_rebuild_period 30 minutes
digest_rewrite_period 30 minutes
digest_swapout_chunk_size 6000 bytes
client_persistent_connections on
server_persistent_connections on
pipeline_prefetch on
store_dir_select_algorithm round-robin
#-------------------------
# Optimize cache
#-------------------------
request_header_max_size 10 KB
request_body_max_size 3 MB
# Reply_body_max_size 500 MB
refresh_pattern-i \. gif $ 10,080 90% 43,200
refresh_pattern-i \. jpg $ 10,080 90% 43,200
refresh_pattern-i \. bomb \. gov \. au 30 20% 120
refresh_pattern-i \. html $ 480 50% 22 160
refresh_pattern-i \. htm $ 480 50% 22 160
refresh_pattern-i \. class $ 10,080 90% 43,200
refresh_pattern-i \. zip $ 10,080 90% 43,200
refresh_pattern-i \. jpeg $ 10,080 90% 43,200
refresh_pattern-i \. mid $ 10,080 90% 43,200
refresh_pattern-i \. shtml $ 480 50% 22 160
refresh_pattern-i \. exe $ 10,080 90% 43,200
refresh_pattern-i \. THM $ 10,080 90% 43,200
refresh_pattern-i \. wav $ 10,080 90% 43,200
refresh_pattern-i \. txt $ 10,080 90% 43,200
refresh_pattern-i \. CAB $ 10,080 90% 43,200
refresh_pattern-i \. au $ 10,080 90% 43,200
refresh_pattern-i \. mov $ 10,080 90% 43,200
refresh_pattern-i \. xbm $ 10,080 90% 43,200
refresh_pattern-i \. ram $ 10,080 90% 43,200
refresh_pattern-i \. avi $ 10,080 90% 43,200
refresh_pattern-i \. chtml $ 480 50% 22 160
refresh_pattern-i \. THB 43,200 $ 10,080 90%
refresh_pattern-i \. DCR $ 10,080 90% 43,200
refresh_pattern-i \. bmp $ 10,080 90% 43,200
refresh_pattern-i \. phtml $ 480 50% 22 160
refresh_pattern-i \. mpg $ 10,080 90% 43,200
refresh_pattern-i \. pdf $ 10,080 90% 43,200
refresh_pattern-i \. art $ 10,080 90% 43,200
refresh_pattern-i \. swf $ 10,080 90% 43,200
refresh_pattern-i \. mp3 $ 10,080 90% 43,200
refresh_pattern-i \. ra $ 10,080 90% 43,200
refresh_pattern-i \. LWW $ 10,080 90% 43,200
refresh_pattern-i \. viv $ 10,080 90% 43,200
refresh_pattern-i \. doc $ 10,080 90% 43,200
refresh_pattern-i \. gz $ 10,080 90% 43,200
refresh_pattern-i \. Z $ 10,080 90% 43,200
refresh_pattern-i \. tgz $ 10,080 90% 43,200
refresh_pattern-i \. tar $ 10,080 90% 43,200
refresh_pattern-i \. VRM $ 10,080 90% 43,200
refresh_pattern-i \. VRML $ 10,080 90% 43,200
refresh_pattern-i \. AIF $ 10,080 90% 43,200
refresh_pattern-i \. aifc $ 10,080 90% 43,200
refresh_pattern-i \. aiff $ 10,080 90% 43,200
refresh_pattern-i \. arj $ 10,080 90% 43,200
refresh_pattern-i \. c $ 10,080 90% 43,200
refresh_pattern-i \. dial $ 10,080 90% 43,200
refresh_pattern-i \. dir $ 10,080 90% 43,200
refresh_pattern-i \. dxr $ 10,080 90% 43,200
refresh_pattern-i \. hqx $ 10,080 90% 43,200
refresh_pattern-i \. JPE $ 10,080 90% 43,200
refresh_pattern-i \. lha $ 10,080 90% 43,200
refresh_pattern-i \. LZH $ 10,080 90% 43,200
refresh_pattern-i \. midi $ 10,080 90% 43,200
refresh_pattern-i \. movie $ 10,080 90% 43,200
refresh_pattern-i \. mp2 $ 10,080 90% 43,200
refresh_pattern-i \. mpe $ 10,080 90% 43,200
refresh_pattern-i \. mpeg $ 10,080 90% 43,200
refresh_pattern-i \. mpga $ 10,080 90% 43,200
refresh_pattern-i \. pl $ 10,080 90% 43,200
refresh_pattern-i \. ppt $ 10,080 90% 43,200
refresh_pattern-i \. ps $ 10,080 90% 43,200
refresh_pattern-i \. qt $ 10,080 90% 43,200
refresh_pattern-i \. qtm $ 10,080 90% 43,200
refresh_pattern-i \. race $ 10,080 90% 43,200
refresh_pattern-i \. seafood $ 10,080 90% 43,200
refresh_pattern-i \. crunches $ 10,080 90% 43,200
refresh_pattern-i \. tif $ 10,080 90% 43,200
refresh_pattern-i \. tiff $ 10,080 90% 43,200
refresh_pattern-i \. snd $ 10,080 90% 43,200
refresh_pattern-i \. wrl $ 10,080 90% 43,200
refresh_pattern ^ ftp:// 480 60% 22 160
refresh_pattern ^ gopher: / / 30 20% 120
refresh_pattern. 22 160 480 50%
# Reference_age 1 month
quick_abort_min 16 KB
32 KB quick_abort_max
quick_abort_pct 95
negative_ttl 5 minutes
positive_dns_ttl 6 hours
negative_dns_ttl 10 minutes
range_offset_limit 0 KB
connect_timeout 360 seconds
read_timeout 15 minutes
request_timeout 360 seconds
client_lifetime 100 day
half_closed_clients on
pconn_timeout 120 seconds
ident_timeout 10 seconds
shutdown_lifetime 30 seconds
announce_period 7 day
#-------------------------
# Timeouts
#-------------------------
connect_timeout 120 seconds
peer_connect_timeout 60 seconds
# Siteselect_timeout 6 seconds
read_timeout 5 minutes
request_timeout 20 seconds
client_lifetime 1 day
half_closed_clients on
pconn_timeout 60 seconds
ident_timeout 5 seconds
shutdown_lifetime 30 seconds
#-------------------------
# Information Administrativ
#-------------------------
cache_mgr admin@dapenbni.co.id
cache_effective_user Squid
cache_effective_group Squid
visible_hostname gateway.dapenbni.co.id
unique_hostname gateway.dapenbni.co.id
#-------------------------
# Cache
#-------------------------
announce_host gateway.dapenbni.co.id
announce_port 8080
#-------------------------
# Needs Transparent Proxy
#-------------------------
virtual httpd_accel_host
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
httpd_accel_single_host off
#-------------------------
Other #
#-------------------------
logfile_rotate 5
memory_pools on
200 MB memory_pools_limit
forwarded_for on
log_icp_queries on
icp_hit_stale on
minimum_direct_hops 5
minimum_direct_rtt 400
store_avg_object_size 13 KB
store_objects_per_bucket 50
client_db off
netdb_low 900
netdb_high 1000
netdb_ping_period 1 minutes
query_icmp on
test_reachability on
reload_into_ims on
# Fake_user_agent SiNK1NGfuNK/1.0 (CP / M, 128-bit)
#-------------------------
# Access Management
#-------------------------
acl all src 0 / 0
internal acl src 192.168.0.0/24
acl src allowedhost 202.xxx.xxx.xxx
# Acl block-i gohip url_regex
# Acl blok1 url_regex bonzi-i
# Acl blok2 url_regex-i Lolitas
# Acl blok3 url_regex-i passthison
# Acl blok4 url_regex-i dewisex
# Acl blok5 url_regex-i lolitasworld
# Acl blok6 url_regex-i netsetter
acl src localservers 202.xxx.xxx.xxx
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
port 443 563 acl SSL_ports
acl Safe_ports port 80 21 443 563 808 -65 535 70 210 1025
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
always_direct allow localhost
always_direct allow internal
always_direct allow allowedhost
http_access allow manager localhost
http_access deny manager
http_access deny! Safe_ports
http_access deny CONNECT! SSL_ports
# Http_access deny block
# Http_access deny blok1
# Http_access deny blok2
# Http_access deny blok3
# Http_access deny blok4
# Http_access deny blok5
# Http_access deny blok6
http_access allow localhost
http_access allow internal
http_access allow allowedhost
http_access allow localservers
http_access deny all
icp_access allow all
miss_access allow all
# Snmp_access allow localhost
# Snmp_access deny all
# Snmp_port 3401
# Acl snmppublic public snmp_community
# Snmp_access allow snmppublic allowed_hosts
# Snmp_access deny all
never_direct allow all
#-------------------------
# Parameters Delaypool
#-------------------------
url_regex magic_words1 acl-i 202 154
url_regex magic_words2 acl-i ftp. exe. mp3. vqf. tarballs. gz. rpm. zip. rar. avi. mpeg. mpe. mpg. qt. ram. rm. iso. raw. wav
delay_pools 2
delay_class 1 2
# -1/-1 Mean That there are no limits
delay_parameters 1 -1/-1 -1/-1
delay_access 1 allow magic_words1
delay_class 2 2
delay_parameters 2 4000/150000 4000/120000
delay_access 2 allow magic_words2
run Squid
[Root @ gateway squid-2.6.STABLE4] # / usr / local / squid / sbin / squid-z
[Root @ gateway squid-2.6.STABLE4] # / usr / local / squid / sbin / squid-SYD
Check squid
[Root @ gateway squid-2.6.STABLE4] # netstat-plnat grep squid
tcp 0 0 0.0.0.0:8080 0.0.0.0: * LISTEN 14066 / (squid)
No comments:
Post a Comment