# SQUID LUSCA_HEAD-r14809 with UniX # ----------------------------------------- # Network Managed by lintas.net # last revision january/01/2013 #start of config http_port 3128 transparent icp_port 0 server_http11 on retry_on_error on #access_log /var/log/lusca/access.log #cache_log /var/log/lusca/cache.log cache_store_log none cache_mem 8 MB maximum_object_size_in_memory 32 KB memory_replacement_policy heap GDSF cache_replacement_policy heap LFUDA cache_dir aufs /cache1 128000 256 256 logfile_rotate 1 shutdown_lifetime 10 seconds acl lan src 1.1.1.0/24 uri_whitespace strip minimum_object_size 0 bytes maximum_object_size 4096 MB offline_mode off #forwarded_for off cache_swap_low 98 cache_swap_high 99 # Permit web Yahoo Mail & Web Messenger #acl YMail_domains dstdomain .yahoo.com acl YMail_domains dstdom_regex -i .yahoo.*\. acl YMail_hosts dstdomain scs.msg.yahoo.com .yimg.com httpcs.msg.yahoo.com webcs.msg.yahoo.com .msg.sp1.yahoo.com mail.yahoo.com acl YMail_methods method GET CONNECT cache deny YMail_domains YMail_hosts always_direct allow YMail_domains # Block Website #acl blockweb dstdomain .windowsupdate.com #acl blockweb url_regex -i (isikan keyword) #http_access deny blockweb # Setup some default acls acl all src 0.0.0.0/0.0.0.0 acl localhost src 127.0.0.1/255.255.255.255 acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 81 3128 1025-65535 acl sslports port 443 563 81 acl manager proto cache_object acl purge method PURGE acl connect method CONNECT acl dynamic urlpath_regex cgi-bin \? snmp_port 3401 acl snmppublic snmp_community public snmp_access allow snmppublic all http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !safeports http_access deny CONNECT !sslports # Always allow localhost connections http_access allow localhost http_access allow lan http_access deny all # Deny Cache acl QUERY urlpath_regex -i \.(ini|lst|inf|htc|php|htm|html|asp)$ acl QUERY urlpath_regex -i (captcha|reset.css|update.txt|gamenotice|PatchTimeCheck.dat|PatchPath.dat|vdf.info.gz|version) cache deny QUERY # Redirector storeurl_rewrite_program /usr/local/etc/squid/storeurl.pl storeurl_rewrite_children 7 storeurl_rewrite_concurrency 10 # Video cache acl videocache_allow_url urlpath_regex \/(get_video|videoplayback\?id|videoplayback.*id) \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|mp(4|3)|exe|msi|zip|on2|mar|swf)\? acl videocache_allow_url urlpath_regex -i \.youtube\.com\/get_video\? acl videocache_allow_url urlpath_regex -i \.youtube\.com\/videoplayback \.youtube\.com\/videoplay \.youtube\.com\/get_video\? acl videocache_allow_url urlpath_regex -i \.youtube\.[a-z][a-z]\/videoplayback \.youtube\.[a-z][a-z]\/videoplay \.youtube\.[a-z][a-z]\/get_video\? acl videocache_allow_url urlpath_regex -i \.googlevideo\.com\/videoplayback \.googlevideo\.com\/videoplay \.googlevideo\.com\/get_video\? acl videocache_allow_url urlpath_regex -i \.google\.com\/videoplayback \.google\.com\/videoplay \.google\.com\/get_video\? acl videocache_allow_url urlpath_regex -i \.google\.[a-z][a-z]\/videoplayback \.google\.[a-z][a-z]\/videoplay \.google\.[a-z][a-z]\/get_video\? acl videocache_allow_url urlpath_regex -i proxy[a-z0-9\-][a-z0-9][a-z0-9][a-z0-9]?\.dailymotion\.com\/ acl videocache_allow_url urlpath_regex -i vid\.akm\.dailymotion\.com\/ acl videocache_allow_url urlpath_regex -i [a-z0-9][0-9a-z][0-9a-z]?[0-9a-z]?[0-9a-z]?\.xtube\.com\/(.*)flv acl videocache_allow_url urlpath_regex -i \.vimeo\.com\/(.*)\.(flv|mp4) acl videocache_allow_url urlpath_regex -i va\.wrzuta\.pl\/wa[0-9][0-9][0-9][0-9]? acl videocache_allow_url urlpath_regex -i \.youporn\.com\/(.*)\.flv acl videocache_allow_url urlpath_regex -i \.msn\.com\.edgesuite\.net\/(.*)\.flv acl videocache_allow_url urlpath_regex -i \.tube8\.com\/(.*)\.(flv|3gp) acl videocache_allow_url urlpath_regex -i \.mais\.uol\.com\.br\/(.*)\.flv acl videocache_allow_url urlpath_regex -i \.blip\.tv\/(.*)\.(flv|avi|mov|mp3|m4v|mp4|wmv|rm|ram|m4v) acl videocache_allow_url urlpath_regex -i \.break\.com\/(.*)\.(flv|mp4) acl videocache_allow_url urlpath_regex -i redtube\.com\/(.*)\.flv acl videocache_allow_dom dstdomain .mccont.com .metacafe.com .cdn.dailymotion.com acl videocache_deny_dom dstdomain .download.youporn.com .static.blip.tv acl store_rewrite_list_domain_CDN url_regex \.rapidshare\.com.*\/[0-9]*\/.*\/[^\/]* ^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*) \.doubleclick\.net.* acl store_rewrite_list_domain_CDN url_regex ^http:\/\/[.a-z0-9]*\.photobucket\.com.*\.[a-z]{3}$ quantserve\.com acl store_rewrite_list_domain_CDN url_regex ^http:\/\/[a-z]+[0-9]\.google\.co(m|\.id) acl store_rewrite_list_domain_CDN url_regex ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(rar|zip|flv|wm(a|v)|3gp|mp(4|3)|exe|msi|avi|(mp(e?g|a|e|1|2|3|4))|cab|exe) acl speedtest_allow_url url_regex -i \.speedtest\.net\/ speedtest acl speedtest_allow_url url_regex ^http:\/\/speedtest\.* acl speedtest_allow_dom dstdomain .speedtest.net acl dontrewrite url_regex redbot\.org \.php acl getmethod method GET storeurl_access deny dontrewrite storeurl_access deny !getmethod storeurl_access deny videocache_deny_dom storeurl_access allow videocache_allow_url storeurl_access allow videocache_allow_dom storeurl_access allow store_rewrite_list_domain_CDN storeurl_access allow speedtest_allow_url storeurl_access allow speedtest_allow_dom storeurl_access deny all # 1 year = 525600 mins, 1 month = 43800 mins refresh_pattern imeem.*\.flv 0 0% 0 override-lastmod override-expire store-stale refresh_pattern \.rapidshare.*\/[0-9]*\/.*\/[^\/]* 161280 90% 161280 ignore-reload store-stale refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?) 129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale refresh_pattern (get_video\?|videoplayback\?id|videoplayback.*id|videodownload\?|\.flv?) 129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale refresh_pattern \.(ico|video-stats) 129600 999999% 129600 override-expire ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth override-lastmod ignore-must-revalidate negative-ttl=10080 store-stale refresh_pattern \.etology\? 129600 999999% 129600 override-expire ignore-reload ignore-no-cache store-stale refresh_pattern galleries\.video(\?|sz) 129600 999999% 129600 override-expire ignore-reload ignore-no-cache store-stale refresh_pattern brazzers\? 129600 999999% 129600 override-expire ignore-reload ignore-no-cache store-stale refresh_pattern \.adtology\? 129600 999999% 129600 override-expire ignore-reload ignore-no-cache store-stale refresh_pattern ^.*(utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 129600 20% 129600 ignore-no-cache ignore-no-store ignore-private override-expire ignore-reload ignore-auth ignore-must-revalidate store-stale negative-ttl=40320 max-stale=10 refresh_pattern ^.*safebrowsing.*google 129600 999999% 129600 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth ignore-must-revalidate negative-ttl=10080 store-stale refresh_pattern ^http://((cbk|mt|khm|mlt)[0-9]?)\.google\.co(m|\.uk) 129600 999999% 129600 override-expire ignore-reload ignore-private store-stale negative-ttl=10080 refresh_pattern ytimg\.com.*\.jpg 129600 999999% 129600 override-expire ignore-reload store-stale refresh_pattern images\.friendster\.com.*\.(png|gif) 129600 999999% 129600 override-expire ignore-reload store-stale refresh_pattern garena\.com 129600 999999% 129600 override-expire reload-into-ims store-stale refresh_pattern photobucket.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 129600 999999% 129600 override-expire ignore-reload store-stale refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 129600 999999% 129600 ignore-no-cache override-expire override-lastmod store-stale refresh_pattern mediafire.com\/images.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 129600 999999% 129600 reload-into-ims override-expire ignore-private store-stale refresh_pattern ^http:\/\/images|pics|thumbs[0-9]\. 129600 999999% 129600 reload-into-ims ignore-no-cache ignore-no-store ignore-reload override-expire store-stale refresh_pattern ^http:\/\/www.onemanga.com.*\/ 129600 999999% 129600 reload-into-ims ignore-no-cache ignore-no-store ignore-reload override-expire store-stale # Detik refresh_pattern -i ^http://.*\.detik\.com/ 0 50% 4320 refresh_pattern -i ^http://.*\.detiknews\.com/ 0 50% 4320 refresh_pattern -i ^http://.*\.detikhot\.com/ 0 50% 4320 refresh_pattern -i ^http://.*\.detikfinance\.com/ 0 50% 4320 refresh_pattern -i ^http://.*\.detiksport\.com/ 0 50% 4320 # GAMES IIX refresh_pattern ^http://file.pb.gemscool.com/hackshield/.* 60 100% 120 override-expire override-lastmod reload-into-ims store-stale refresh_pattern ^http://file\.pb\.gemscool\.com/gamepatch/.*\.(exe|dll|cab|zip) 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale refresh_pattern ^http://file\.fs\.gemscool\.com/JCE/.*\.(exe|dll|cab|zip) 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale refresh_pattern ^http://file\.atlantica\.gemscool\.com/.*\.* 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale refresh_pattern ^http://122\.102\.49\.132/.*\.(zip|exe) 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth ignore-no-store store-stale refresh_pattern ^http://122\.102\.49\.202/.*\.(kom|zip|exe|stg) 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth ignore-no-store store-stale refresh_pattern ^http://.*\.cabalonline\.co\.id/.*\.(cab|zip|exe|rar|dat) 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale refresh_pattern ^http://.*\.gemscool\.com/.*\.(cab|zip|exe|rar|dat) 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale refresh_pattern ^http://patch\.crossfire\.web\.id/.*\.(cab|zip|exe|rar|dat) 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale # ANTI VIRUS refresh_pattern avast.com.*\.vpx 40320 50% 525600 store-stale reload-into-ims refresh_pattern (avgate|avira).*\.(idx|gz)$ 1440 90% 1440 ignore-reload ignore-no-cache ignore-no-store store-stale ignore-must-revalidate refresh_pattern kaspersky.*\.avc$ 131400 999999% 525600 ignore-reload store-stale refresh_pattern kaspersky 1440 50% 131400 ignore-no-cache store-stale refresh_pattern .symantecliveupdate.com.*\.zip 1440 90% 131400 ignore-must-revalidate store-stale refresh_pattern .update.nai.com/.*\.(gem|zip|mcs) 43800 999999% 43800 ignore-reload store-stale ignore-must-revalidate refresh_pattern .symantec.com.*\(exe|zip) 43800 999999% 43800 ignore-reload store-stale ignore-must-revalidate # Windows Update refresh_pattern windowsupdate.com/.*\.(cab|exe) 43200 999999% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale refresh_pattern update.microsoft.com/.*\.(cab|exe) 43200 999999% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale refresh_pattern download.microsoft.com/.*\.(cab|exe) 43200 999999% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale # IMAGES facebook refresh_pattern ((facebook.com)|(85.131.151.39)).*\.(jpg|png|gif) 21600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|mp3) 21600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale refresh_pattern static\.ak\.fbcdn\.net*\.(jpg|gif|png) 21600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png) 21600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale # BANNER IIX refresh_pattern ^http:\/\/openx.*\.(jp(e?g|e|2)|gif|pn[pg]|swf|ico|css|tiff?) 129600 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale refresh_pattern ^http:\/\/ads(1|2|3).kompas.com.*\/ 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale refresh_pattern ^http:\/\/img.ads.kompas.com.*\/ 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale refresh_pattern .kompasimages.com.*\.(jpg|gif|png|swf) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale refresh_pattern ^http:\/\/openx.kompas.com.*\/ 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale refresh_pattern kaskus.\us.*\.(jp(e?g|e|2)|gif|png|swf) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale refresh_pattern ^http:\/\/img.kaskus.us.*\.(jpg|gif|png|swf) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale # IIX DOWNLOAD refresh_pattern ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(mp3|rar|zip|flv|wmv|3gp|mp(4|3)|exe|msi|zip) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale ignore-auth # All File refresh_pattern \.(jp(e?g|e|2)|tiff?|bmp|gif|png|ico|js|swf) 21600 999999% 43200 ignore-no-cache override-expire override-lastmod reload-into-ims store-stale refresh_pattern \.(z(ip|[0-9]{2})|r(ar|[0-9]{2})|jar|bz2|gz|tar|rpm|vpu) 43200 999999% 129600 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims store-stale refresh_pattern \.(mp3|wav|og(g|a)|flac|midi?|rm|aac|wma|mka|ape) 43200 999999% 129600 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims store-stale refresh_pattern \.(exe|msi|dmg|bin|xpi|iso|mar|psf|cab) 43200 999999% 129600 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims store-stale refresh_pattern \.(mpeg|ra?m|avi|kom|mp(g|e|4)|mov|divx|asf|wmv|m\dv|rv|vob|asx|ogm|flv|x-flv|3gp|on2) 43200 999999% 129600 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims store-stale refresh_pattern \.(pp(t?x)|s|t)|pdf|rtf|wax|wm(a|v)|wmx|wpl|cb(r|z|t)|xl(s?x)|do(c?x)) 43200 999999% 129600 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims store-stale refresh_pattern -i \.index.(html|htm|php|asp|aspx)$ 0 40% 4320 refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 # Extra Tunning cache_effective_user proxy cache_effective_group proxy visible_hostname cache-00 cache_mgr lintas.net strip_query_terms off quick_abort_min 0 KB quick_abort_max 0 KB quick_abort_pct 100 vary_ignore_expire on reload_into_ims on pipeline_prefetch on read_timeout 30 minutes client_lifetime 6 hours negative_ttl 30 seconds positive_dns_ttl 6 hours negative_dns_ttl 60 seconds pconn_timeout 15 seconds request_timeout 2 minute store_avg_object_size 16 KB log_icp_queries off ipcache_size 16384 ipcache_low 98 ipcache_high 99 log_fqdn off fqdncache_size 16384 memory_pools off download_fastest_client_speed on high_page_fault_warning 50 cachemgr_passwd none all max_filedescriptors 65536 # ZPH Mode zph_mode tos zph_local 0x30 zph_parent 0 zph_option 136 # Anonymous proxy header_access From deny all header_access Server deny all header_access Link deny all header_access X-Forwarded-For deny all via off #end of config