Iriyan Gunawan Amd.Kep

acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl mikrotik src 192.168.3.2/32
acl klien src 10.5.50.0/24
#acl klien2 src 192.168.1.0/24

acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network

# Urusan blokir disini neh
acl blok url_regex “/etc/squid/blok.acl”
http_access deny blok
acl boleh url_regex “/etc/squid/boleh.acl”
http_access allow boleh
#no_cache deny bokep

acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 563 # https juga
acl Safe_ports port 873 # https lagi
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl Safe_ports port 5050 # YM
acl purge method PURGE
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access allow localhost
http_access allow mikrotik
http_access allow klien

# Terakhir batasi semua akses dari dan kemana saja
http_access deny all

icp_access allow localnet
icp_access deny all

# SETTINGAN JARINGAN
# —————————————————————————–

http_port 3128 transparent

#zph_mode tos
#zph_local 0×30
# zph_sibling 0
# zph_parent 0
# zph_option 136

server_http11 on
hierarchy_stoplist cgi-bin ?

# Aturan DISK CACHE
# —————————————————————————–

cache_dir ufs /sakuit 10240 24 256
# store_dir_select_algorithm least-load
# max_open_disk_fds 0
#minimum_object_size 0 KB
maximum_object_size 40480 KB
#cache_swap_low 90
#cache_swap_high 95
# update_headers on
access_log /var/log/squid/access.log squid

# Aturan penyegaran
# ————————————————————————-

refresh_pattern ^ftp: 1440 50% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Package(.gz)*)$ 0 80% 2880
refresh_pattern -i .(jpg|png|jpeg|bmp|gif)$ 10240 90% 43200 override-expire
refresh_pattern -i .(deb|rpm|tgz|bz2|tar|gz)$ 10240 100% 43200 override-expire
refresh_pattern -i .(class|css|js|gif|jpg)$ 10080 90% 43200 override-expire
refresh_pattern -i .(jpe|jpeg|png|bmp|tif)$ 10080 90% 43200 override-expire
refresh_pattern -i .(tiff|qt)$ 10080 90% 43200 override-expire
refresh_pattern -i .(gz|arj|lha|lzh)$ 10080 90% 43200 override-expire
refresh_pattern -i .(rar|tgz|tar|bin)$ 10080 90% 43200 override-expire
refresh_pattern -i .(hqx|pdf|rtf|doc|swf)$ 10080 90% 43200 override-expire
refresh_pattern -i .(inc|cab|ad|txt|dll)$ 10080 90% 43200 override-expire
refresh_pattern -i .(asp|acgi|pl|shtml|php3|php)$ 2 20% 4320 reload-into-ims
#refresh_pattern . 0 80% 4320

acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
#upgrade_http0.9 deny shoutcast

# =================================================
# Ini nah gasan delay_pool
# =================================================
acl pailganal url_regex -i “/etc/squid/pailganal.acl”
delay_pools 1
delay_class 1 1
delay_parameters 1 8000/16000
delay_access 1 allow pailganal
delay_access 1 deny all

# via on
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
extension_methods REPORT MERGE MKACTIVITY CHECKOUT
# error_directory /usr/share/squid/errors/English
dns_nameservers 203.130.209.242 202.134.1.10
hosts_file /etc/hosts
coredump_dir /sakuit/dump