---
id: 33
title: squid.conf jamalinux.com
date: 2004-03-09T18:36:57+00:00
author: hky
layout: post
guid: http://lostfocus.org/blog/?p=33
permalink: /squidconf-jamalinuxcom/
dsq_thread_id:
  - 557661655
categories:
  - General
tags:
  - General
---
\# WELCOME TO SQUID 2
  
\# ——————

\# —————————————————————————–
  
\# NETWORK OPTIONS
  
http_port 192.168.0.1:3128
  
icp_port 0
  
\# htcp_port 4827
  
\# tcp\_outgoing\_address 255.255.255.255
  
\# udp\_incoming\_address 0.0.0.0
  
\# udp\_outgoing\_address 255.255.255.255
  
\# —————————————————————————–
  
\# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
  
\# icp\_query\_timeout 0
  
\# maximum\_icp\_query_timeout 2000
  
\# mcast\_icp\_query_timeout 2000
  
\# dead\_peer\_timeout 10 seconds
  
hierarchy_stoplist cgi-bin ?
  
acl QUERY urlpath_regex cgi-bin \?
  
no_cache deny QUERY
  
\# —————————————————————————–
  
\# OPTIONS WHICH AFFECT THE CACHE SIZE
  
cache_mem 15 MB
  
cache\_swap\_low 90
  
cache\_swap\_high 95
  
maximum\_object\_size 4096 KB
  
minimum\_object\_size 0 KB
  
maximum\_object\_size\_in\_memory 16 KB
  
\# ipcache_size 1024
  
\# ipcache_low 90
  
\# ipcache_high 95
  
\# fqdncache_size 1024
  
cache\_replacement\_policy heap LFUDA
  
memory\_replacement\_policy heap LFUDA
  
\# —————————————————————————–
  
\# LOGFILE PATHNAMES AND CACHE DIRECTORIES
  
cache_dir diskd /opt/squid/cache1 1228 32 256 Q1=72 Q2=64
  
cache_dir diskd /opt/squid/cache2 1228 32 256 Q1=72 Q2=64
  
cache\_access\_log /dev/null #/opt/squid/logs/access.log
  
cache_log /dev/null #/opt/squid/logs/cache.log
  
cache\_store\_log none
  
\# emulate\_httpd\_log off
  
\# log\_ip\_on_direct on
  
\# mime_table /opt/squid/etc/mime.conf
  
\# log\_mime\_hdrs off
  
pid_filename /var/run/squid.pid
  
\# debug_options ALL,1
  
\# log_fqdn off
  
client_netmask 255.255.255.255
  
\# —————————————————————————–
  
\# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
  
ftp_user squid@kedai.net
  
ftp\_list\_width 32
  
\# ftp_passive on
  
\# cache\_dns\_program /opt/squid/libexec/squid/
  
\# dns_children 5
  
\# dns\_retransmit\_interval 5 seconds
  
\# dns_timeout 5 minutes
  
\# dns_defnames off
  
diskd_program /opt/squid/libexec/squid/diskd
  
unlinkd_program /opt/squid/libexec/squid/unlinkd
  
\# pinger_program /opt/squid/libexec/squid/
  
\# redirect_children 5
  
\# redirect\_rewrites\_host_header on
  
\# authenticate_children 5
  
\# authenticate_ttl 1 hour
  
\# authenticate\_ip\_ttl 0 seconds
  
\# authenticate\_ip\_ttl\_is\_strict on
  
\# —————————————————————————–
  
\# OPTIONS FOR TUNING THE CACHE
  
\# wais\_relay\_port 0
  
\# request\_header\_max_size 10 KB
  
\# request\_body\_max_size 1 MB
  
\# reply\_body\_max_size 0
  
\# refresh_pattern ^ftp: 1440 20% 10080
  
\# refresh_pattern ^gopher: 1440 0% 1440
  
\# refresh_pattern . 0 20% 4320
  
\# reference_age 1 year
  
\# quick\_abort\_min 16 KB
  
\# quick\_abort\_max 16 KB
  
\# quick\_abort\_pct 95
  
\# negative_ttl 5 minutes
  
\# positive\_dns\_ttl 6 hours
  
\# negative\_dns\_ttl 5 minutes
  
\# range\_offset\_limit 0 KB
  
\# connect_timeout 2 minutes
  
\# peer\_connect\_timeout 30 seconds
  
\# siteselect_timeout 4 seconds
  
\# read_timeout 15 minutes
  
\# request_timeout 30 seconds
  
\# client_lifetime 1 day
  
\# half\_closed\_clients on
  
\# pconn_timeout 120 seconds
  
\# ident_timeout 10 seconds
  
\# shutdown_lifetime 30 seconds
  
\# —————————————————————————–
  
\# ACCESS CONTROLS
  
acl all src 0.0.0.0/0.0.0.0
  
acl manager proto cache_object
  
acl localhost src 127.0.0.1/255.255.255.255
  
acl SSL_ports port 443 563
  
acl Safe_ports port 80 # http
  
acl Safe_ports port 21 # ftp
  
acl Safe_ports port 443 563 # https, snews
  
acl Safe_ports port 70 # gopher
  
acl Safe_ports port 210 # wais
  
acl Safe_ports port 1025-65535 # unregistered ports
  
acl Safe_ports port 280 # http-mgmt
  
acl Safe_ports port 488 # gss-http
  
acl Safe_ports port 591 # filemaker
  
acl Safe_ports port 777 # multiling http
  
acl CONNECT method CONNECT
  
acl kedai src 192.168.0.0/24
  
acl spyware dstdomain .gator.com .gohip.com
  
#acl bokep1 dst “/opt/squid/etc/filter/ip_porno.txt”
  
#acl bokep2 dstdomain “/opt/squid/etc/filter/dom_porno.txt”
  
#acl bokep3 url\_regex -i “/opt/squid/etc/filter/url\_porno.txt” 

http_access allow manager localhost
  
http_access deny manager
  
http\_access deny !Safe\_ports
  
http\_access deny CONNECT !SSL\_ports
  
http_access deny spyware
  
http_access allow kedai
  
http_access deny all
  
icp_access deny all
  
miss_access allow all
  
\# proxy\_auth\_realm Squid proxy-caching web server
  
\# ident\_lookup\_access deny all
  
\# —————————————————————————–
  
\# ADMINISTRATIVE PARAMETERS
  
cache_mgr jamal@jamalinux.com
  
cache\_effective\_user squid
  
cache\_effective\_group nogroup
  
visible_hostname Kedai.net
  
\# —————————————————————————–
  
\# OPTIONS FOR THE CACHE REGISTRATION SERVICE
  
\# announce_period 0
  
\# announce_host tracker.ircache.net
  
\# announce_port 3131
  
\# —————————————————————————–
  
\# HTTPD-ACCELERATOR OPTIONS
  
httpd\_accel\_port 80
  
httpd\_accel\_host virtual
  
httpd\_accel\_single_host off
  
httpd\_accel\_with_proxy on
  
httpd\_accel\_uses\_host\_header on
  
\# —————————————————————————–
  
\# MISCELLANEOUS
  
\# dns_testnames netscape.com internic.net nlanr.net microsoft.com
  
\# logfile_rotate 10
  
\# append_domain .yourdomain.com
  
\# tcp\_recv\_bufsize 0 bytes
  
\# memory_pools on
  
forwarded_for off
  
\# log\_icp\_queries on
  
\# icp\_hit\_stale off
  
\# minimum\_direct\_hops 4
  
\# minimum\_direct\_rtt 400
  
\# cachemgr_passwd secret shutdown
  
\# cachemgr_passwd lesssssssecret info stats/objects
  
\# cachemgr_passwd disable all
  
\# store\_avg\_object_size 13 KB
  
\# store\_objects\_per_bucket 20
  
\# client_db on
  
\# netdb_low 900
  
\# netdb_high 1000
  
\# netdb\_ping\_period 5 minutes
  
\# query_icmp off
  
\# test_reachability off
  
\# buffered_logs off
  
\# reload\_into\_ims off
  
\# — standard anonymizer —
  
anonymize_headers deny From Referer Server
  
anonymize_headers deny WWW-Authenticate Link
  
anonymize_headers deny Via X-Forwarded-For
  
\# — paranoid anonymizer —
  
\# anonymize_headers allow Allow Authorization Cache-Control
  
\# anonymize_headers allow Content-Encoding Content-Length
  
\# anonymize_headers allow Content-Type Date Expires Host
  
\# anonymize_headers allow If-Modified-Since Last-Modified
  
\# anonymize_headers allow Location Pragma Accept
  
\# anonymize_headers allow Accept-Encoding Accept-Language
  
\# anonymize_headers allow Content-Language Mime-Version
  
\# anonymize_headers allow Retry-After Title Connection
  
\# anonymize_headers allow Proxy-Connection
  
\# fake\_user\_agent
  
\# icon_directory /opt/squid/etc/icons
  
\# error_directory /opt/squid/etc/errors
  
\# minimum\_retry\_timeout 5 seconds
  
\# maximum\_single\_addr_tries 3
  
\# snmp_port 3401
  
\# snmp_access allow snmppublic localhost
  
\# snmp_access deny all
  
\# snmp_access deny all
  
\# snmp\_incoming\_address 0.0.0.0
  
\# snmp\_outgoing\_address 255.255.255.255
  
\# as\_whois\_server whois.ra.net
  
\# as\_whois\_server whois.ra.net
  
\# wccp_router 0.0.0.0
  
\# wccp_version 4
  
\# wccp\_incoming\_address 0.0.0.0
  
\# wccp\_outgoing\_address 255.255.255.255
  
\# —————————————————————————–
  
\# DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option)
  
\# delay_pools 0
  
\# delay_pools 2 # 2 delay pools
  
\# delay_class 1 2 # pool 1 is a class 2 pool
  
\# delay_class 2 3 # pool 2 is a class 3 pool
  
\# delay\_access 1 allow some\_big_clients
  
\# delay_access 1 deny all
  
\# delay\_access 2 allow lotsa\_little_clients
  
\# delay_access 2 deny all
  
\# delay\_initial\_bucket_level 50
  
\# incoming\_icp\_average 6
  
\# incoming\_http\_average 4
  
\# incoming\_dns\_average 4
  
\# min\_icp\_poll_cnt 8
  
\# min\_dns\_poll_cnt 8
  
\# min\_http\_poll_cnt 8
  
\# max\_open\_disk_fds 0
  
\# offline_mode off
  
uri_whitespace strip
  
\# mcast\_miss\_addr 255.255.255.255
  
\# mcast\_miss\_ttl 16
  
\# mcast\_miss\_port 3135
  
\# mcast\_miss\_encode_key XXXXXXXXXXXXXXXX
  
\# nonhierarchical_direct on
  
prefer_direct off
  
\# strip\_query\_terms on
  
\# redirector_bypass off
  
ignore\_unknown\_nameservers on
  
\# digest_generation on
  
\# digest\_bits\_per_entry 5
  
\# digest\_rebuild\_period 1 hour
  
\# digest\_rewrite\_period 1 hour
  
\# digest\_swapout\_chunk_size 4096 bytes
  
\# digest\_rebuild\_chunk_percentage 10
  
\# client\_persistent\_connections on
  
\# server\_persistent\_connections on
  
\# pipeline_prefetch on
  
\# high\_response\_time_warning 0
  
\# high\_page\_fault_warning 0
  
\# high\_memory\_warning 0
  
store\_dir\_select_algorithm round-robin
  
ie_refresh on

\## and now for our stupid parent proxy ##
  
cache_peer cache.iconpln.net.id parent 8080 0 no-query default
  
#cache_peer 202.93.37.150 parent 8080 0 no-query default
  
acl boleh dstdomain .bolehnet.com .bolehgame.com .boleh.com .boleh.net .bolehmail.com
  
acl boleh dstdomain .mweb.co.id .kafegaul.com .satunet.com .astaga.com
  
acl lokal dstdomain .iconpln.net.id .jamalinux.com .imansyah.net .digitooth.com jatinangor.com
  
never_direct deny boleh
  
never_direct deny lokal
  
never_direct allow all
  
always_direct allow boleh
  
always_direct allow lokal
  
always_direct deny all