Live Journal

All About Log

squid.conf smoothwall final

# Do not modify '/var/smoothwall/proxy/squid.conf' directly since any changes
# you make will be overwritten whenever you resave proxy settings using the
# web interface!
#
# Instead, modify the file '/var/smoothwall/proxy/advanced/acls/include.acl' and
# then restart the proxy service using the web interface. Changes made to the
# 'include.acl' file will propagate to the 'squid.conf' file at that time.

shutdown_lifetime 5 seconds
icp_port 0

http_port 192.168.0.1:800 transparent

acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

cache_effective_user squid
cache_effective_group squid
umask 022

pid_filename /var/run/squid.pid

## sebisa mungkin object yg di simpan lebih besar

maximum_object_size 64 MB
maximum_object_size_in_memory 16 KB

error_directory /usr/local/squid/advproxy/errors/English

## Jika memori 512 MB atau lebih besar silahkan cache diperbesar (sarannya mas dari gitu )

cache_swap_low 98
cache_swap_high 99
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF

ipcache_size 4096
ipcache_low 98
ipcache_high 99

## Log utk info yg vital saja dan diusahakan file-file log ada di hardisk tersendiri spy tidak mempengaruhi kecepatan direktori cache utamanya
log_fqdn off
log_icp_queries off
cache_log none
cache_store_log none

cache_mem 6 MB
cache_dir aufs /var/squid/cache 12000 28 256

## menentukan offline mode ato online mode tugas botol buat mati/idupin offline mode tergantung kondisi user
#offline_mode on

access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none

log_mime_hdrs off
emulate_httpd_log on
forwarded_for off
via off
log_fqdn off

## dns setting
## dns_nameservers 127.0.0.1 202.134.0.155 203.130.193.74

## Dg 'menipu' dan memaksa sedikit supaya akses obyek lebih intensif di lokal Squid dan waktu simpan ditambah sebelum proses validasi terjadi (mis. validasi terjadi per 3 jam dg penyimpanan obyek terlama 3 bulan, utk ftp bisa lebih lama lagi)

refresh_pattern -i \.tar.gz$       10080 90% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.mp3$      10080 90% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.zip$         10080 90% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.png$      10080 90% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.gif$      10080 90% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.jpg$      10080 90% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.jpeg$      10080 90% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.swf$      10080 90% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.3gp$      10080 90% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.rm$      10080 90% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.wma$      10080 90% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.mpeg$      10080 90% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(gif|jp?g|xbm|png|swf|bmp)$     21600   90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(mov|avi|qtm|mp?)$          21600   90% 43200 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.(3gp|wmv|wma|mpg|mpeg|mpga|rm|rv|vgp)$     21600   90% 43200 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.(zip|exe|gz|Z|lha||rar|arj)$     21600   90% 43200 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.(hqx|pdf|rtf|doc|swf)$ 100000 500% 99000000 ignore-reload override-expire
refresh_pattern -i \.(inc|cab|ad|txt|)$ 100000 500% 99000000 ignore-reload override-expire
refresh_pattern ^http://www.friendster.com/.* 720 100% 4320 override-expire override-lastmod reload-into-ims
refresh_pattern ^http://photos.friendster.com/.* 720 100% 4320 override-expire override-lastmod reload-into-ims
refresh_pattern ^http://images.friendster.com/.* 720 100% 4320 override-expire override-lastmod reload-into-ims
refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320
refresh_pattern ^http://mail1.plasa.com/.* 720 100% 4320
refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320 override-expire override-lastmod reload-into-ims
refresh_pattern ^http://*.google.*/.* 720 100% 4320
refresh_pattern ^http://*.friendster.*/.* 720 100% 4320 override-expire override-lastmod reload-into-ims
refresh_pattern ^http://*.doubleclick.*/.* 720 100% 4320 override-expire override-lastmod reload-into-ims
refresh_pattern ^http://planet.madpage.com/.* 720 100% 4320 override-expire override-lastmod reload-into-ims
refresh_pattern ^http://www.yahoo.com/.* 720 100% 4320
refresh_pattern ^http://*.yimg.*/.* 720 100% 4320
refresh_pattern ^http://*.boleh.*/.* 720 100% 4320
refresh_pattern ^http://*.detik.*/.* 180 100% 4320
refresh_pattern ^http://*.detikinet.*/.* 180 100% 4320
refresh_pattern ^http://*.detikhot.*/.* 180 100% 4320
refresh_pattern ^http://*.detiportal.*/.* 180 100% 4320
refresh_pattern ^http://*.kompas.*/.* 180 100% 4320
refresh_pattern ^http://*.trans7.*/.* 720 100% 4320
refresh_pattern ^http://*.rcti.*/.* 720 100% 4320
refresh_pattern ^http://*.indosiar.*/.* 720 100% 4320
refresh_pattern ^http://*.kapanlagi.*/.* 720 100% 4320
refresh_pattern ^http://*.doubleclick.*/.* 720 100% 4320
refresh_pattern ^http://*.google-analytics.*/.* 720 100% 4320
refresh_pattern ^ftp: 10080 95% 241920 reload-into-ims override-lastmod
refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod

quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 100%

## hannya program browser tertentu yg boleh di pake ( di PL@Net kan cuma pake IE & Mozilla )
## (AOL)|(Firefox)|(FrontPage)|(kh_lt\/LT)|(Google\sToolbar)|(MSIE.*[)]$)|(Java)|(Windows\-Media\-Player)|(NSPlayer)|(Opera)
## (avantbrowser)|(Firefox)|(FrontPage)|(kh_lt\/LT)|(Google\sToolbar)|(MSIE.*[)]$)|(Opera)|(Wget)
acl with_allowed_useragents browser (avantbrowser)|(Firefox)|(FrontPage)|(kh_lt\/LT)|(Google\sToolbar)|(MSIE.*[)]$)|(Opera)|(Wget)

acl within_timeframe time MTWHFAS 00:00-24:00

acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 563 # snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 800 # Squids port (for icons)

acl SWE_http  port 81
acl SWE_https port 441
acl SWE_ips              dst 192.168.0.1
acl SWE_networks         src "/var/smoothwall/proxy/advanced/acls/src_subnets.acl"
acl SWE_servers          dst "/var/smoothwall/proxy/advanced/acls/src_subnets.acl"
acl SWE_green_network    src 192.168.0.0/255.255.255.0
acl SWE_green_servers    dst 192.168.0.0/255.255.255.0
acl CONNECT method CONNECT

## menentukan situs yg tidak boleh di buka

acl blocked_sites url_regex "/var/smoothwall/proxy/dilarang.txt"
acl blocked_sites url_regex ^http://*.youtube.*/*
acl blocked_sites url_regex ^http://www.youtube.*/*
acl blocked_sites url_regex ^http://*.windowsupdate.*/*
acl blocked_sites url_regex ^http://*.microsoft.*/*
acl blocked_sites url_regex ^http://www.microsoft.*/*
http_access deny blocked_sites

#Access to squid:
#local machine, no restriction
http_access allow         localhost

#GUI admin if local machine connects
http_access allow         SWE_ips SWE_networks SWE_http
http_access allow CONNECT SWE_ips SWE_networks SWE_https

#Deny not web services
http_access deny          !Safe_ports
http_access deny  CONNECT !SSL_ports

#Set custom configured ACLs
http_access allow SWE_networks within_timeframe with_allowed_useragents
http_access deny  all

#Strip HTTP Header
header_access X-Forwarded-For deny all
header_access Via deny all

request_body_max_size 0 KB
reply_body_max_size 0 allow all

## ya numpang masukin e-mail boleh kan..
cache_mgr iDiots@linuxmail.org

## Mematikan dan merekonfigurasi Squid jangan terlalu cepat krn bisa mengakibatkan integritas file kacau

shutdown_lifetime 10 seconds

## tidak perlu reservasi memori

memory_pools off

## Penting utk meningkatkan refresh pattern

reload_into_ims on
pipeline_prefetch on
vary_ignore_expire on

visible_hostname proxy.planet.web.id.

url_rewrite_program /usr/sbin/squidGuard
url_rewrite_children 5

## Penting utk relasi dg sibling dg mengukur respons-nya via ICP dan ICMP

icp_hit_stale on
query_icmp on

###############################################################################################

berikut contih isi file dilarang.txt

http://*.youtube.*/*
http://www.youtube.*/*
http://*.windowsupdate.*/*
http://*.microsoft.*/*
http://www.microsoft.*/*

18 responses to “squid.conf smoothwall final

  1. piju June 2, 2008 at 6:44 am

    mas
    mohon teguran

    ini refresh_pattern yang aku edit.
    bisa atau gak bisa dipakai ?
    aku mau tune squid untuk power caching maximum performance

    refresh_pattern -i \.gif$ 999999 99% 129600000 reload-into-ims override-lastmod override-expire
    refresh_pattern -i \.jpg$ 9999999 99% 129600000 reload-into-ims override-lastmod override-expire
    refresh_pattern -i \.tif$ 999999 99% 129600000 reload-into-ims override-lastmod override-expire
    refresh_pattern -i \.png$ 999999 99% 129600000 reload-into-ims override-lastmod override-expire
    refresh_pattern -i \.jpeg$ 9999999 99% 12960000 reload-into-ims override-lastmod override-expire
    refresh_pattern -i \.bmp$ 999999 99% 9999999 reload-into-ims override-lastmod override-expire
    refresh_pattern ^ftp: 4320 99% 129600 override-lastmod reload-into-ims

  2. piju June 2, 2008 at 6:46 am

    gimana kalau aku guna ignore-reload untuk *.jpeg dan lain2 untuk gambar ?

  3. piju June 2, 2008 at 7:05 am

    kamu udah coba squid ver 3 ?

  4. iDiots June 2, 2008 at 2:37 pm

    puji@ duh.. mas saya dah ga make smootie lage.. mas… serper saya ga ada yang pake smootie lage..
    kebanyakan fedora n BSD familly

    cuma saya pernah nyaranin keteman pake smootie aja dolo biar gampang ga ribet, n dia pake smootie 3 banyak yang blon ngerti saya.. pas pertama liat soale baru ketemu ini.

    bagus juga tuh mas.. configurasinya… semakin di di simpen semakin dikit makan banwith

    ignore-reload wah… brarti ga bisa di reload yah.. brarti gambarnya itu² aja donk.. kasian kan yg buka situs kalo pengen liat poto terbaru kaya prenster tman…
    saran saya lebih baik ga usah di ignore..

    oh iya.. kalo mas punya beberapa yang menarik di smootie 3 boleh juga tuh.. di bagi²

    Thank’s

  5. piju June 5, 2008 at 2:54 am

    aku masih lagi study tentang squid 3
    nanti kita sama-sama bincang kan

  6. piju June 5, 2008 at 11:41 pm

    kamu bisa bagi pencerahan apa itu TCP_MISS?

  7. piju June 5, 2008 at 11:44 pm

    kenapa cache_dir aufs /var/squid/cache 12000 28 256
    kenapa tidak cache_dir aufs /var/squid/cache 12000 16 256 ?

  8. piju June 6, 2008 at 1:46 am

    kamu punya client ada berapa?
    connection berapa mb ?

  9. iDiots June 6, 2008 at 10:56 pm

    ini saya kutip dari forum..

    Kalau squidnya baru or masih fresh (belum lama beroperasi) maka akan banyak TCP_MISS-nya ….. itu hal yang sangat wajar, karena di data cachenya blum ada so setiap permintaan selalu diambilkan lannsung dari sumbernya. Nah udah berapa lama squid-nya berjalan? klau masih baru ya… itu hal yang wajar. Bahkan biar udah lama sekalipun tetap saja pasti ada yang TCP_MISS, ntar klau diambil semua dari data cache web-web dak ada yang berubah dong datanya …. pacet itu terus ….

    coba deh.. baca² di

    http://forum.linux.or.id/

  10. iDiots June 6, 2008 at 11:01 pm

    @puji
    hmm..

    kenapa cache_dir aufs /var/squid/cache 12000 28 256

    ini saya.. pakai.. setelah baca beberapa referensi di forum.. :d

    kaya nya… itu lebih cocok.. soalnya waktu pakai smoothwall saya pakai 1 hardisk 80 GB, di smootie kan partisinya otomatis.. kalo ga salah alokasi log nya sekitar 15 GB
    jadi saya pake.. itu…

    kenapa tidak cache_dir aufs /var/squid/cache 12000 16 256 ?

    saya blon coba sih yang 16 ini.. ntar dah nanti kalo ada waktu buat install smootie lagi.. saya coba.. bandingkan mana yang lebih top cer..

    klien saya.. tergantung… seh.. maksudnya tergantung wnetnya..
    cuma rata² wnet punya 15 clien..!! ada juga yang 20-30
    kalo yang 20-30 ini ga pernah saya coba pake smoothwall takut ga optimal..😉

  11. compenny June 26, 2008 at 1:01 pm

    mas saya baru coba smoothwall 3.0 dengan advproxy, kenapa yahoo messenger gak bisa konek? mohon bantuannya

    thanks

  12. iDiots June 28, 2008 at 10:06 pm

    loh.. knapa yahoo messenger mesti lewat squid..? kalo saya setting squid cuma buat yang browsing doank..!!

  13. p1c0 January 30, 2009 at 11:09 am

    script nya ada yang kurang bos…

    acl for_throttled_urls url_regex -i “/var/smoothwall/proxy/advanced/acls/dst_throttle.acl”

    #Set download throttling
    delay_pools 1
    delay_class 1 3
    delay_parameters 1 16000/32000 -1/-1 8000/16000
    delay_access 1 deny SWE_ips
    delay_access 1 allow all for_throttled_urls
    delay_initial_bucket_level 100

    gara2 ini nya kurang pantesan bandwithnya ane jebol aje sama user wrnet..ahuauhahuuhauha…..

  14. ipoelnet April 22, 2009 at 8:36 pm

    script nya ada yang kurang bos…

    acl for_throttled_urls url_regex -i “/var/smoothwall/proxy/advanced/acls/dst_throttle.acl”

    #Set download throttling
    delay_pools 1
    delay_class 1 3
    delay_parameters 1 16000/32000 -1/-1 8000/16000
    delay_access 1 deny SWE_ips
    delay_access 1 allow all for_throttled_urls
    delay_initial_bucket_level 100

    gara2 ini nya kurang pantesan bandwithnya ane jebol aje sama user wrnet..ahuauhahuuhauha…..

    ==============
    Hih,,, itu se,,,, tinggal setting melalui web bisa,,,, jangan ngaco bossssssssssssssss

  15. ipoelnet April 30, 2009 at 7:47 pm

    mas saya baru coba smoothwall 3.0 dengan advproxy, kenapa yahoo messenger gak bisa konek? mohon bantuannya
    ================
    setting Connection dengan centang Firewall With No Proxies,.,.

  16. iDiots May 15, 2009 at 10:30 pm

    @ipoelnet

    wedew.. 3.0 ya…
    saya dah ga pernah bekerja sama smhotie lage…!!

    ada yg salah kali di setingan advproxy nya….

    coba paste’in setingan advproxy nya sekalian sama acl acl yg di gunakan..
    🙂

    sori telat balasnya…. rada sibuk.. skr..

    cie… huhwuhuahuahua kaya caleg aja ya gw…!!
    😀

  17. e_ncrypted April 10, 2010 at 9:43 am

    trim’s buat sodara² ku semua………….
    terutama buat mas iDiots, aku baru mengenal linux langsung nyoba’ smootie. dari squid.conf diatas kalo mo nambahkan pengaturan bandwith yang diatur dengan pola waktu gimana ya???? trus ip-nya di tentukan pula.
    jadi jam 08.00-15.00 ip(ip bla bla dan ip bla-bla) bandwith-nya cuman 64kbps selanjutnya los (no Bandwith limiter0

  18. iDiots April 27, 2010 at 5:33 pm

    bw lebih baik di atur dari firewall aja…

    coba cari di google cara setting firewall di smotie….

    sy udah ga pernah lagi utak atik linux…😦

    sebenarnya pengen banget mendalami lagi, cuma banyak hal yg buat sy g bisa lagi aktip baik di blok ato obok obok linux..😦

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: