# OPTION JARINGAN
# -----------------------------------------------------------------------------
http_port 3128
icp_port 0
# OPTION UKURAN CACHE
# -------------------------------------------------------------------
cache_mem 256 MB
cache_swap_low 94
cache_swap_high 96
maximum_object_size 16384 KB
minimum_object_size 4 KB
maximum_object_size_in_memory 2048 KB
fqdncache_size 1024
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF
# DIREKTORI LOG DAN CACHE
# ------------------------------------------------------------------
cache_dir aufs /var/spool/squid 9000 16 256
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log none
# TUNING CACHE PROXY
# ------------------------------------------------------------------
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
negative_ttl 1 minutes
# TIMEOUT
# -----------------------------------------------------------------
half_closed_clients off
# -------------------------------------
# Memblok situs terlarang (blacklist)secara manual
# -------------------------------------
acl noblacklist dstdomain "/etc/squid/blacklist/no-blacklist.txt"
acl katablacklist url_regex -i "/etc/squid/blacklist/kata-blacklist.txt"
acl domainblacklist dstdomain "/etc/squid/blacklist/domain-blacklist.txt"
acl ipblacklist dst "/etc/squid/blacklist/ip-blacklist.txt"
acl tdkbebasdownload time 08:00-13:00
# AKSES KONTROL
# ------------------------------------------------------------------
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# -------------------------------------
# Daftar IP address sesuaikan
# -------------------------------------
acl lab1 src 192.168.254.1-192.168.254.40/255.255.255.255
acl staf-it src 192.168.254.41-192.168.254.42/255.255.255.255
acl lab2 src 192.168.254.43-192.168.254.44/255.255.255.255
acl ruang1 src 192.168.1.1-192.168.1.8/255.255.255.255
acl ruang2 src 192.168.1.11-192.168.1.17/255.255.255.255
# -------------------------------------
# Memblok situs terlarang secara manual
# -------------------------------------
http_access allow noblacklist
http_access deny katablacklist
http_access deny domainblacklist
http_access deny ipblacklist
http_access allow manager localhost
http_access deny manager
# -------------------------------------
# Rule yang saya terapkan
# -------------------------------------
http_access allow lab1
http_access allow staf-it
http_access allow lab2
http_access allow ruang1
http_access allow ruang2
acl magic_words2 url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .tar.bz2 .bz2 .rpm .zip .rar .avi .mpeg .mpe .mpg .qt .ram .rm .raw .wav .iso
# Cancel download if file is bigger than 2 MB = 2000x1024 byte = 2048000 byte
reply_body_max_size 2048000 allow magic_words2 tdkbebasdownload
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
# PARAMETER ADMINISTRATOR
# -----------------------------------------------------------------
cache_mgr admin@gmail.com
cache_effective_user squid
cache_effective_group squid
visible_hostname proxy.fxekobudi.local
# PESAN ERROR DALAM BAHASA INDONESIA
# --------------------------------------------------------------------
error_directory /usr/share/squid/errors/Indonesian
No comments:
Post a Comment