ini saya aplikasikan pada ClearOS 5.2 sp1 SQUID 2.6.STABLE21
edit pada squid.conf nya
menggunakan WinSCP untuk membuka file sharing pada clearOS pilish protocolnya SCP yach..
download linknya http://winscp.net/eng/download.php#download2
# webconfig: http_port_start
http_port 192.168.1.1:3128 transparent
http_port 127.0.0.1:3128 transparent
# webconfig: http_port_end
hierarchy_stoplist cgi-bin ? localhost
acl QUERY urlpath_regex cgi-bin \? localhost
no_cache deny QUERY
ipcache_size 8192
cache_mem 256 MB
maximum_object_size 204800 KB
store_dir_select_algorithm least-load
minimum_object_size 0 KB
range_offset_limit -1
maximum_object_size 200 MB
cache_swap_low 98
cache_swap_high 99
ipcache_low 98
ipcache_high 99
fqdncache_size 8192
cache_dir ufs /var/spool/squid 10240 16 256
redirect_program /usr/sbin/adzapper
redirect_children 10
auth_param basic program /usr/lib/squid/squid_ldap_auth -b “dc=localhost,dc=net” -f “(&(objectClass=pcnProxyAccount)(uid=%s))” -h 127.0.0.1 -D “cn=manager,cn=internal,dc=smkyapisbiak,dc=net” -W /etc/squid/ldap.conf -s one -v 3 -U pcnProxyPassword -d
auth_param basic children 5
auth_param basic realm ClarkConnect Community Edition – Web Proxy
auth_param basic credentialsttl 2 hours
refresh_pattern -i ^http://*.windowsupdate.com/.* 1440 99% 518400 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(tiff|mov|avi|qt|mpeg|flv|ra|rm|wmv|divx)$ 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(class|css|js|gif|jpg|ps)$ 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(jpe|jpeg|png|bmp|tif)$ 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(mpg|mpe|wav|au|mid|mp3|mp4|ac4|swf)$ 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(zip|gz|arj|lha|lzh|7z)$ 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(rar|tgz|tar|exe|bin|rpm|iso)$ 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(hqx|pdf|rtf|doc|swf|xls|ppt|pdf|docx|xlsx)$ 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(inc|cab|ad|txt|dll|dat)$ 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i ^http://*.zynga.com/.* 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i ^http://*.friendster.com/.* 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i ^http://*.kompas.com/.* 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i ^http://*.detik.com/.* 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i ^http://*.facebook.com/.* 1440 90% 432000 override-expire override-lastmod reload-into-ims
refresh_pattern -i ^http://*.bhinneka.com/.* 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i ^http://*.fbcdn.net/.* 1440 90% 432000 override-expire override-lastmod reload-into-ims
refresh_pattern . 720 50% 432000 reload-into-ims override-lastmod
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 95
half_closed_clients off
shutdown_lifetime 10 seconds
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.0/8
# webconfig: acl_start
acl webconfig_lan src 192.168.1.0/24
acl webconfig_to_lan dst 192.168.1.0/24
# webconfig: acl_end
acl to_localhost dst 127.0.0.0/8
acl password proxy_auth REQUIRED
acl privoxy dstdomain config.privoxy.org
acl SSL_ports port 443 563
acl SSL_ports port 81 10000
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl Safe_ports port 81 82 83 10000 # Web-based administration tools
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl sex url_regex -i “/etc/squid/sex”
deny_info ERR_ACCESS_DENIED sex
http_access deny sex
acl our_networks src 192.168.1.0/24 #IP Network Lokal
http_access allow our_networks
http_access deny privoxy
http_access allow localhost
http_access allow webconfig_to_lan
http_access allow webconfig_lan
http_access deny all
http_reply_access allow all
dns_testnames 5
icp_access allow all
reply_body_max_size 104857600 allow all
cache_effective_user squid
cache_effective_group squid
memory_pools off
memory_pools_limit 2048 MB
forwarded_for off
store_avg_object_size 50 KB
reload_into_ims on
error_directory /etc/squid/errors
maximum_single_addr_tries 3
coredump_dir /usr/local/squid/var/cache
balance_on_multiple_ip on
pipeline_prefetch on
positive_dns_ttl 1 year
connect_timeout 1 minute
# Filter Download
acl download url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .tar .rpm .zip .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav .mov .msi .mp4
# disini akan kita buat 2 aturan
delay_pools 2
# aturan pertama ini tidak ada batasan, sesuai dengan poin 1 dan 2 di rule sederhana tadi
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
# aturan 2, setelah download 2048000 bytes mk download menjadi 15000 bytes/s
delay_class 2 2
delay_parameters 2 -1/10240000 20000/10241000
delay_access 2 allow download
delay_access 2 deny all
delay_access 1 deny download
delay_access 1 allow all
#
coredump_dir /var/spool/squid
client_persistent_connections on
server_persistent_connections off
persistent_connection_after_error on
ie_refresh on
vary_ignore_expire on
ini nyontek dari
http://tamampapua.wordpress.com/2010/02/02/squid-proxy-clarkconnect-community-edition-jiliid-2-2/#more-972
makasih yach buat adminnya
Tidak ada komentar:
Posting Komentar