Squid Configuration

Cara Edit : Masuk ke Command / Console ketik [root@localhost] vi /etc/squid/squid.conf
Cara Simpan : Tekan “Esc” lalu ketik :wq! (Artinya : Simpan lalu keluar)

# SQUID 2.6.STABLE CONFIGURATION
# Author By : http://www.fachrudin.web.id

# NETWORK CONFIGURATION
http_port 8080
icp_port 0

# CACHE CONFIGURATION
cache_mem 256 MB
cache_swap_low 94%
cache_swap_high 100%
maximum_object_size 16384 KB
minimum_object_size 4 KB
maximum_object_size_in_memory 2048 KB
fqdncache_size 1024
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF

# LOG AND CACHE DIRECTORY
cache_dir ufs /var/spool/squid 9000 16 256
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log none

# TUNING CACHE PROXY
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
negative_ttl 1 minutes

# TIMEOUT
half_closed_clients off

# ACCESS CONTROL LIST
acl kataterlarang url_regex –i “/etc/squid/blacklist/kataterlarang.txt”
acl domainterlarang url_regex –i “/etc/squid/blacklist/domainterlarang.txt”
acl ipterlarang url_regex –i “/etc/squid/blacklist/ipterlarang.txt”

# DOWNLOAD FILE POLICY
acl ext_file url_regex –i ftp .exe .mp3 .vqf .tar.gz .gz .tar.bz2 .bz2 .rpm .zip .rar .avi .mpeg .qt .ram .rm .raw .wav .iso

# DOWNLOAD TIME POLICY
acl tdkbebasdownload time SMTWHFA 08:00-17:00
acl bebasdownload time SMTWHFA 17:01-17:59

# PORT POLICY
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 280 # http_mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multilink http
acl Safe_ports port 2082 # cpanel
acl Safe_ports port 7777 # LGE
acl Safe_ports port 1025-65535 # unregistered ports
acl CONNECT method CONNECT

# IPADDRESS POLICY
acl eth0 src 192.168.1.99/255.255.255.255
acl eth1 src 192.168.0.204/255.255.255.255

acl user src 192.168.0.11-192.168.0.20/255.255.255.255
acl administrator src 192.168.0.100/255.255.255.255

# RULE ACCESS DENIED
http_access deny kataterlarang
http_access deny domainterlarang
http_access deny ipterlarang
http_access deny manager

# RULE ACCESS ALLOWED
http_access allow eth0
http_access allow eth1
http_access allow user
http_access allow administrator
http_access allow localhost

# SIZE DOWNLOAD POLICY
# Cant download with file more than 25 MB (25000×1024=25600000)
reply_body_max_size 25600000 allow ext_file tdkbebasdownload

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
http_reply_access allow all
icp_access allow all

# PARAMETER ADMINISTRATOR
cache_mgr fachroe84@gmail.com
cache_effective_user squid
cache_effective_group squid
visible_hostname proxyku.domainku.com

# MESSAGE IN INDONESIAN LANGUAGE
error_directory /usr/share/squid/errors/Indonesian

# TRANSPARENT PROXY
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
memory_pools_limit 32 MB