Tahapan install ClearOS 5.2+Lusca+configurasi lengkap
Posted on 19.03 | By si huma internet dan jaringan | In
setting proxy mikrotik yang saya pelajari dari temen-temn forum dan dari berbagai sumber
Thank to : arief akbar, bayankentuk, m latif dsb..
saya memakai P4 2,8 RAM 1GB HD: 40GB
Cara Install ClearOs Enterprise 5.2 Server
ClearOs ini bagus di jadikan router ,proxy squid …karena clearos ini simple dan mudah digunakan,ok sekarang saya post Cara Install ClearOs Enterprise 5.2 Server
- Download dulu ClearOs Enterprise 5.2 Server ((DISINI))
Kemudian di burning … - boot CD
- Halaman utama instalasi…Tekan ENTER seperti gambar di bawah ini:
- Pilih “English” untuk bahasa kemudian ,seperti gambar di bawah ini:
- Pilih “us” untuk tupe keyboard,seperti gambar di bawah ini:
- Pilih “Local CDROM” ,seperti gambar di bawah ini:
- Pilih “Install” ,seperti gambar di bawah ini:
- Ketik ClearOS untuk install,seperti gambar di bawah ini:
- Untuk Install secara offline pilih “Standalone Mode” ,seperti gambar di bawah ini:
- Pilih “Manual Configuration” seperti gambar di bawah ini:
- Masukkan ip address,gateway,name server(DNS) yang mengarah ke internet,seperti gambar di bawah ini:
kalau konfigurasi saya
* ip mikrotik - proxy : 192.168.1.1 /24
* ip proxy - mikrotik 192.168.1.2 / 255.255.255.0
maka settingan gambar di atas menjadi :
IP Address : 192.168.1.2/255.255.255.0
Gateway : 192.168.1.1 (ip mikrotik)
Name Server : 203.130.208.18 / 8.8.8.8 (DNS)
- Masukkan password untuk login root,seperti gambar di bawah ini:
- Untuk partisi gunakan saja “Use Default “,seperti gambar di bawah ini:
- Untuk aplikasi aplikasi centang saja semua dengan menggunakn SPACE di keyboard,seperti gambar di bawah ini:
- Untuk settingan saya , hanya web server karena saya akan menggantinya dengan Lusca
- Pilih “Done” seperti gambar di bawah ini:
- Proses,seperti gambar di bawah ini:
- Instalasi sudah selesai pilih “Reboot” untuk restart seperti gambar di bawah ini:
- mulai lah kita bisa remot CreasOS dari WEB
- sambungkan LAN proxy ke Port Mikrotik yang sudah di set 192.168.1.1
- kemudian buka web firefox , ketik IP proxy:81
dalam contoh saya : 192.168.1.2:81 (enter) - Masukkan “login:root” dan “password:password_yang_anda_buat” seperti gambar di bawah ini:
- Pilih bahasa “English” kemudian “Next” seperti gambar di bawah ini:
- Periksa ip address interface external yang mengarah ke internet…apakah udah benar atau belum…kalu udah benar silahkan colokan lan ke modem,seperti gambar di bawah ini:
- Periksa ip address untuk local LAN (untuk client) ,seperti gambar di bawah ini:
- Jika sudah pasti konek ke internet lan nya silahkan pilih “Gateway Mode” jika secara offline pilih “Standalone Mode” nanti jika udah konek diganti lagi ke “Gateway Mode”,seperti gambar di bawah ini:
- Pilih Zona waktu untuk WIB “Asia/Jakarta”,seperti gambar di bawah,jika WIT ata WITA,silahkan sesuaikan:
- Isi domain seperti gambar di bawah,jikan tidak punya domain,isi saja sembarangan:
- Isi table “Organizations” seperti gambar di bawah:
- buka menggunakan Putty dan WinSCP
- setelah putty tersambung mulai dengan menginstal LUSCA
Lusca di ClearOS 5.2
Lusca apaan tuh… setau saya Lucia.. :D untuk jelasnya cari aja digoogle, saya hanya mencatat apa yang saya lakukan perlangkah dan mengamati perubahannya. Setelah dirasakan, internet saya serasa lebih kenceng. Youtube, youp***, yutingting semuanya tercache, :D. intinya kerja cache proxy saya lebih agresif.
Tuts ini saya peroleh dari segala
penjuru sumber,,, mulai grup FB, google, penerawangan, dan sekali-kali
ngawur2 dikit lah.. namanya juga oprek.. :D
Gak pake lama,.. berikut urutan
perintahnya.. dikerjakaan berurutan, klo copas juga harus hati-hati,
jangan sampe kurang.. (maaf, gak sempet bikin screenshoot).
Saya asumsikan anda semua udah bisa mengoperasikan putty dan winscp (klo blm bisa, belajar dulu sana..).
Tuts ini udah diuji di server Clearos 5.2, mode : gateway
Perlu diingat, simpan/backup squid.conf anda sebelum melakukan praktek, karena mungkin masih diperlukan untuk setingan delaypool.
Langkah-langkahnya :
Jalankan putty dan winscp (maklum saya gak ngerti perintah2 di cli).
Masuk ke PUTTY (copas perintah dibawah ini perbaris lalu enter, kalau
gak ngerti cara copas tanya sama anak sd,……. :D , blok satu baris ,
ctrl C , masuk putty, klik kanan, enter):
yum install squid
yum remove squid (jawab : y)
yum remove squid (sengaja… untuk memastikan gak ada yg tersisa)
yum install automake gcc glibc-devel e2fsprogs-devel sharutils (jawab : y)
(catatan : apabila perintah yum gak jalan coba install ini dl
wget http://download.clearfoundation.com/clearos/enterprise/5.1/System/RPMS/yum-3.2.8-9.v5.2.noarch.rpm
rpm -ivh yum-3.2.8-9.v5.2.noarch.rpm
kemudian ulangi perintah yum diatas)
wget http://lusca-cache.googlecode.com/files/LUSCA_HEAD-r14809.tar.gz
tar -zxvf LUSCA_HEAD-r14809.tar.gz
cd LUSCA_HEAD-r14809
ulimit -n 8192
./configure --prefix=/usr/local/squid --exec-prefix=/usr/local/squid --enable-delay-pools --enable-cache-digests --enable-poll --enable-linux-netfilter --enable-removal-policies --with-maxfd=8192 --enable-storeio=aufs --disable-wccp --enable-x-accelerator-vary --enable-kill-parent-hack --enable-async-io=30 --disable-ident-lookups
make all && make install
cd /usr/local/squid/etc/
wget http://v1.tiberias.or.id/downloads/squid.conf
wget http://v1.tiberias.or.id/downloads/storeurl.pl.conf
wget http://www.hendraarif.web.id/wp-content/uploads/2011/02/tunning.conf
(cat. jika tunning.conf gagal didonlot, bisa copy semua isi dari ini, lalu paste ke notepad, simpan dengan nama : tunning.conf, lalu copykan ke /usr/local/squid/etc/ , gunakan winscp)
----------------------------------------
----------------------------------------
buka winscp :
--------------------------------------
- masuk ke folder/directory : /usr/local/squid/etc/
- ganti nama file : storeurl.pl.conf menjadi storeurl.pl (klik kanan rename)
- hapus file : squid.conf (atau ganti dg nama lain)
- ganti nama file : squid.conf.1 menjadi squid.conf
- buka file squid.conf, untuk melakukan pengeditan. diedit.
- tambahkan tanda # didepan baris offline_mode on (hasilnya : #offline_mode on)
- menyesuaikan IP, cari baris perintah berikut :
- acl localnet src 10.0.2.0/24 # RFC1918 possible internal network
- ganti dg ip LAN kita, contoh : 10.0.2.0/24 ganti dengan 192.168.2.0/24)
- ganti juga ip 10.0.2.0/24 yg berada dikelompok delaypool (digulung/scroll kebawah sampai mentok) ganti dengan IP LAN kita tadi.
kembali lagi ke…… PUTTY :
cd /usr/local/squid/etc/
rm -rf /cache1/
mkdir /cache1
chown squid:squid /cache1
chmod 777 squid.conf tunning.conf storeurl.pl
/usr/local/squid/sbin/squid -k parse
/usr/local/squid/sbin/squid -z
/usr/local/squid/sbin/squid -NDd1 &
jika tampil tulisan : Finished rebuilding storage from disk.
bla.. bla.. bla
bla.. bla.. bla
storeLateRelease: released 0 objects.
artinya lusca berhasil ditanamkan di server anda..
tekan ctrl + C untuk kembali ke prompt (taulah apa namanya... yg tanda # itu lo :D)
kembali lagi ke… WINSCP :
- masuk ke direktori /etc/rc.d
- buka file : rc.local
- hapus semua dan gantikan dengan script dibawah ini:
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
touch /var/lock/subsys/local
/usr/local/squid/sbin/squid -NDd1 &
# This file is executed by the firewall on stop/start/restart.
- Simpan, tutup.
- Masuk ke folder : /etc
- Buka file : firewall
- Cari baris berikut :
# Squid configuration
#--------------------------
SQUID_TRANSPARENT="" ( ganti menjadi ) SQUID_TRANSPARENT="on"
SQUID_FILTER_PORT="" ( ganti menjadi ) SQUID_FILTER_PORT="3128"
- Simpan, tutup.
Saatnya uji coba..
tes dari sembarang client buka youtube, youp*** suka2 deh.... play sampai habis.
lalu tutup browser trus buka lagi alamat yang tadi udah pernah dibuka (buka-bukaan :D)
atau bisa juga dicoba dg client yang lain untuk lihat efeknya
klo udah wuss wuss ……. Selamat lusca anda sudah bekerja..
kemudian restart server anda, untuk memastikan lusca anda aktif...
untuk pengaturan delaypool, anda bisa menggunakan setingan lama, silahkan oprek atau referensi squid,,, silahkan tuning squid.conf anda sampai juling.. :D
untuk pengaturan delaypool, anda bisa menggunakan setingan lama, silahkan oprek atau referensi squid,,, silahkan tuning squid.conf anda sampai juling.. :D
Tuts ini berhasil dibuat karena termotivasi dan dibantu oleh rekan-rekan grup ClearOS Indonesia,
terima kasih kepada : Kadal Ijo, Adi Riadi, Supriyadi Supet dan Ryan Boas Patriandika.
untuk senjata tambahan : anda juga perlu ini dan ini
coba buka link ini untuk caching speedtest... tapi harus sabar, luamaaaa, biar hasil jarum speedometernya patah.. kwkwkwkwk
untuk squid.confiq saya sepeerti ini:
########################################
# WELCOME TO SQUID LUSCA_HEAD-r14733 #
########################################
#offline_mode on
visible_hostname Sihuma@net
#============================================================================================================================#
#=========================================================# AWAL #=========================================================#
#============================================================================================================================#
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.5.50.0/24 # RFC1918 possible internal network
acl localnet src 192.168.0.0/24 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access deny all
icp_access allow localnet
icp_access deny all
http_port 3128 transparent
#cache_dir aufs /cache1/ 10000 16 256
cache_dir aufs /cache1/ 9000 32 256
cache_mem 6 MB
maximum_object_size_in_memory 32 KB
minimum_object_size 1 bytes
maximum_object_size 128 MB
cache_swap_low 98
cache_swap_high 99
access_log /cache1/access.log
cache_log /cache1/cache.log
cache_store_log /cache1/store.log
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_effective_user squid
cache_effective_group squid
#=================================================================================================================================#
#=========================================================# REGEX URL #=========================================================#
#=================================================================================================================================#
coredump_dir /cache1/
###############################################################################
#acl PHP77 url_regex forum.php forumdisplay.php showthread.php showthreads.php
#acl PHP77 url_regex download.php downloads.php classifieds.php classified.php
#acl PHP77 url_regex forum
#no_cache deny PHP77
#hierarchy_stoplist cgi-bin ? localhost
#acl QUERY22 urlpath_regex cgi-bin \? localhost
#no_cache deny QUERY22
################################################################################
emulate_httpd_log off
server_http11 on
redirector_bypass on
acl video urlpath_regex \/(get_video|videoplayback\?id|videoplayback.*id) \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|mp(4|3)|exe|msi|zip|on2|mar|swf|txt)\?
acl speedtest urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|mp(4|3)|exe|msi|zip|on2|mar|txt|swf|xml)\?
acl angka1 url_regex ^http:\/\/([a-zA-Z-]+[0-9-]+)\.[A-Za-z]*\.[A-Za-z]*
acl angka2 url_regex (([a-z]{1,2}[0-9]{1,3})|([0-9]{1,3}[a-z]{1,2}))\.[a-z]*[0-9]?\.[a-z]{3}
acl gambar urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|avc|zip|mp3|3gp|rar|on2|mar|exe)$
acl rapidshare url_regex \.rapidshare\.com.*\/[0-9]*\/.*\/[^\/]* ^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*) \.doubleclick\.net.*
acl photobucket url_regex ^http:\/\/[.a-z0-9]*\.photobucket\.com.*\.[a-z]{3}$ quantserve\.com
acl google url_regex ^http:\/\/[a-z]+[0-9]\.google\.co(m|\.id)
acl indowebster url_regex ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(rar|zip|flv|wm(a|v)|3gp|mp(4|3)|exe|msi|avi|(mp(e?g|a|e|1|2|3|4))|cab|exe)
acl dontrewrite url_regex yimg.com redbot\.org (get_video|videoplayback\?id|videoplayback.*id).*begin\=[1-9][0-9]* \.php\?
acl getmethod method GET
storeurl_access deny dontrewrite
storeurl_access deny !getmethod
storeurl_access allow video
storeurl_access allow speedtest
storeurl_access allow gambar
storeurl_access allow rapidshare
storeurl_access allow photobucket
storeurl_access allow indowebster
storeurl_access deny all
storeurl_rewrite_program /usr/local/squid/etc/storeurl.pl
storeurl_rewrite_children 1
storeurl_rewrite_concurrency 75
storeurl_bypass on
#=======================================================================================================================================#
#=========================================================# REFRESH PATTERN #=========================================================#
#=======================================================================================================================================#
# VIDEO CACHE
refresh_pattern ^http://(.*?)/get_video\? 10080 90% 432000 override-expire ignore-no-cache ignore-private
refresh_pattern ^http://(.*?)/videoplayback\? 10080 90% 432000 override-expire ignore-no-cache ignore-private
refresh_pattern -i (get_video\?|videoplayback\?id|videoplayback.*id) 161280 50000% 525948 override-expire ignore-reload
#ads
refresh_pattern ^.*(utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 129600 20% 129600 ignore-no-cache ignore-no-store ignore-private override-expire ignore-reload ignore-auth store-stale negative-ttl=40320 max-stale=1440
#specific sites
refresh_pattern ^.*safebrowsing.*google 129600 100% 129600 override-expire ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth negative-ttl=10080 store-stale
refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?) 129600 99100% 129600 override-expire ignore-reload store-stale
refresh_pattern \.(ico|video-stats) 129600 100% 129600 override-expire ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth override-lastmod negative-ttl=10080 store-stale
# pictures & images
refresh_pattern -i \.(gif|png|jpeg|jpg|bmp|tif|tiff|ico|swf)$ 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth ignore-private store-stale
refresh_pattern -i \.(gif|png|jpeg|jpg|bmp|tif|tiff|ico|swf)\? 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth ignore-private store-stale
# website
#refresh_pattern -i \.(xml|html|htm|js|jsp|txt|css|php|asp)$ 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth store-stale
refresh_pattern -i \.(xml|js|jsp|txt|css)$ 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth store-stale
refresh_pattern -i \.(xml|js|jsp|txt|css)\? 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth store-stale
#sound, video multimedia
refresh_pattern -i \.(flv|x-flv|mov|avi|qt|mpg|mpeg|wmv)$ 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache store-stale
refresh_pattern -i \.(wav|mp3|mp4|au|mid)$ 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth ignore-private store-stale
# files
refresh_pattern -i \.(iso|deb|rpm|zip|tar|tgz|ram|rar|bin|ppt|doc)$ 10080 90% 43200 ignore-no-cache ignore-auth store-stale
refresh_pattern -i \.(zip|gz|arj|lha|lzh)$ 10080 100% 43200 override-expire ignore-no-cache ignore-auth store-stale
refresh_pattern -i \.(rar|tgz|tar|exe|bin)$ 10080 100% 43200 override-expire ignore-no-cache ignore-auth ignore-reload ignore-no-cache store-stale
refresh_pattern -i \.(hqx|pdf|rtf|doc)$ 10080 100% 43200 override-expire ignore-no-cache ignore-auth store-stale
refresh_pattern -i \.(inc|cab|ad|txt|dll)$ 10080 100% 43200 override-expire ignore-no-cache ignore-auth store-stale
#IIX DOWNLOAD
refresh_pattern ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(mp3|rar|zip|flv|wmv|3gp|mp(4|3)|exe|msi|zip) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale ignore-auth
#default option
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern -i (/cgi-bin/|\?) 1 0% 2
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320 store-stale
#=============================================================================================================================#
#=========================================================# TOOLS #=========================================================#
#=============================================================================================================================#
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
negative_ttl 2 minutes
half_closed_clients off
connect_timeout 1 minute
read_timeout 15 minutes
request_timeout 5 minutes
persistent_request_timeout 2 minutes
half_closed_clients on
shutdown_lifetime 30 seconds
icp_port 0
prefer_direct off
ipcache_size 2048
ipcache_low 98
ipcache_high 99
fqdncache_size 5120
memory_pools off
log_icp_queries off
icp_hit_stale on
query_icmp on
reload_into_ims on
pipeline_prefetch on
vary_ignore_expire on
header_access X-Forwarded-For deny all
client_persistent_connections on
server_persistent_connections off
half_closed_clients off
strip_query_terms off
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 98
vary_ignore_expire on
reload_into_ims on
pipeline_prefetch on
negative_ttl 30 seconds
positive_dns_ttl 6 hours
negative_dns_ttl 60 seconds
pconn_timeout 15 seconds
request_timeout 1 minute
log_icp_queries off
ipcache_size 8192
ipcache_low 98
ipcache_high 99
log_fqdn off
fqdncache_size 8192
memory_pools off
forwarded_for on
prefer_direct on
persistent_connection_after_error on
balance_on_multiple_ip on
store_avg_object_size 50 KB
n_aiops_threads 24
load_check_stopen on
load_check_stcreate on
download_fastest_client_speed on
#=============================================================================================================================#
#===================================================# DELAY POOLS #===================================================#
#=============================================================================================================================#
#acl bypas url_regex -i 192.168.0.0
acl magic_words1 url_regex -i 10.5.50.0/24
acl magic_words1 url_regex -i 192.168.0.0/24
acl file-file url_regex -i ftp \.ppt \.tar.gz \.tar.bz \.tar.bz2 \.gz \.rpm \.zip \.gzip \.bin \.rar \.qt \.iso \.raw \.tar \.doc \.z \.arj \.lzh \.vqf \.exe
acl audio-audio url_regex -i \.mp3 \.mp2 \.aac \.wav \.mid \.wmv \.wma \.ogg
acl striming url_regex -i \.mov \.avi \.mpeg \.mpe \.mpg \.ram \.rm \.flv \.flv-x \.mp4 \.3gp \.mkv
acl striming url_regex -i get_video? video_id? videodownload? videoplayback? .c.youtube.com
#acl speedtt url_regex -i \.jpg?
delay_pools 4
delay_class 1 2
delay_access 1 allow magic_words1
delay_parameters 1 -1/-1 -1/-1
#delay_access 1 deny bypas
delay_class 2 1
delay_access 2 allow file-file
delay_parameters 2 51200/51200
delay_class 3 1
delay_access 3 allow audio-audio
delay_parameters 3 51200/51200
delay_class 4 1
delay_access 4 allow striming
delay_parameters 4 51200/51200
#delay_class 5 2
#delay_access 5 allow speedtt
#delay_parameters 5 -1/-1 32785/3278500
atau
visible_hostname Sihuma@net
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.5.50.0/24 # RFC1918 possible internal network
acl localnet src 192.168.0.0/24 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 21 70 80 81 210 280 443 488 563 591 631 667 777 901 3128 1025-65535
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access deny all
icp_access allow localnet
icp_access deny all
http_port 3128 transparent
#cache_dir aufs /cache1/ 10000 16 256
cache_dir aufs /cache1/ 9000 32 256
cache_mem 6 MB
maximum_object_size_in_memory 32 KB
minimum_object_size 1 bytes
maximum_object_size 128 MB
cache_swap_low 98
cache_swap_high 99
access_log /cache1/access.log
cache_log /cache1/cache.log
cache_store_log /cache1/store.log
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_effective_user squid
cache_effective_group squid
#=================================================================================================================================#
#=========================================================# REGEX URL #=========================================================#
#=================================================================================================================================#
coredump_dir /cache1/
###############################################################################
#acl PHP77 url_regex forum.php forumdisplay.php showthread.php showthreads.php
#acl PHP77 url_regex download.php downloads.php classifieds.php classified.php
#acl PHP77 url_regex forum
#no_cache deny PHP77
#hierarchy_stoplist cgi-bin ? localhost
#acl QUERY22 urlpath_regex cgi-bin \? localhost
#no_cache deny QUERY22
################################################################################
emulate_httpd_log off
server_http11 on
redirector_bypass on
acl video urlpath_regex \/(get_video|videoplayback\?id|videoplayback.*id) \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|mp(4|3)|exe|msi|zip|on2|mar|swf|txt)\?
acl speedtest urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|mp(4|3)|exe|msi|zip|on2|mar|txt|swf|xml)\?
acl angka1 url_regex ^http:\/\/([a-zA-Z-]+[0-9-]+)\.[A-Za-z]*\.[A-Za-z]*
acl angka2 url_regex (([a-z]{1,2}[0-9]{1,3})|([0-9]{1,3}[a-z]{1,2}))\.[a-z]*[0-9]?\.[a-z]{3}
acl gambar urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|avc|zip|mp3|3gp|rar|on2|mar|exe)$
acl rapidshare url_regex \.rapidshare\.com.*\/[0-9]*\/.*\/[^\/]* ^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*) \.doubleclick\.net.*
acl photobucket url_regex ^http:\/\/[.a-z0-9]*\.photobucket\.com.*\.[a-z]{3}$ quantserve\.com
acl google url_regex ^http:\/\/[a-z]+[0-9]\.google\.co(m|\.id)
acl indowebster url_regex ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(rar|zip|flv|wm(a|v)|3gp|mp(4|3)|exe|msi|avi|(mp(e?g|a|e|1|2|3|4))|cab|exe)
acl dontrewrite url_regex yimg.com redbot\.org (get_video|videoplayback\?id|videoplayback.*id).*begin\=[1-9][0-9]* \.php\?
acl getmethod method GET
storeurl_access deny dontrewrite
storeurl_access deny !getmethod
storeurl_access allow video
storeurl_access allow speedtest
storeurl_access allow gambar
storeurl_access allow rapidshare
storeurl_access allow photobucket
storeurl_access allow indowebster
storeurl_access deny all
storeurl_rewrite_program /usr/local/squid/etc/storeurl.pl
storeurl_rewrite_children 1
storeurl_rewrite_concurrency 75
storeurl_bypass on
refresh_pattern -i \.(htm|exe|html|asp|xml|class|css|js|swf|ico|cur|ani|jpg|jpeg|bmp|png|cdr|txt|gif|dll)$ 129600 100% 129600 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-private ignore-auth
refresh_pattern ^http://patch.crossfire.web.id/.* 86400 100% 86400 ignore-reload ignore-no-cache
refresh_pattern ^http://*.crossfire.*.*/.* 86400 100% 86400 ignore-reload ignore-no-cache
refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?) 129600 100% 129600 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern (get_video\?|videoplayback\?id|videoplayback.*id|videodownload\?|\.flv?) 129600 100% 129600 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern \.(ico|video-stats) 129600 100% 129600 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth override-lastmod negative-ttl=10080
refresh_pattern \.etology\? 129600 100% 129600 override-expire ignore-reload ignore-no-cache
refresh_pattern galleries\.video(\?|sz) 129600 100% 129600 override-expire ignore-reload ignore-no-cache
refresh_pattern brazzers\? 129600 100% 129600 override-expire ignore-reload ignore-no-cache
refresh_pattern \.adtology\? 129600 100% 129600 override-expire ignore-reload ignore-no-cache
refresh_pattern ^.*(utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 10080 20% 10080 ignore-no-cache ignore-private override-expire ignore-reload ignore-auth negative-ttl=40320 max-stale=10
refresh_pattern ^.*safebrowsing.*google 129600 100% 129600 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth negative-ttl=10080
refresh_pattern ^http://((cbk|mt|khm|mlt)[0-9]?)\.google\.co(m|\.uk) 129600 100% 129600 override-expire ignore-reload ignore-private negative-ttl=10080
refresh_pattern ytimg\.com.*\.jpg 129600 100% 129600 override-expire ignore-reload
refresh_pattern images\.friendster\.com.*\.(png|gif) 129600 100% 129600 override-expire ignore-reload
refresh_pattern garena\.com 129600 100% 129600 override-expire reload-into-ims
refresh_pattern photobucket.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 129600 100% 129600 override-expire ignore-reload
refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 129600 100% 129600 ignore-no-cache override-expire override-lastmod
refresh_pattern mediafire.com\/images.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 129600 100% 129600 reload-into-ims override-expire ignore-private
refresh_pattern ^http:\/\/images|pics|thumbs[0-9]\. 129600 100% 129600 reload-into-ims ignore-no-cache ignore-reload override-expire
refresh_pattern ^http:\/\/www.onemanga.com.*\/ 129600 100% 129600 reload-into-ims ignore-no-cache ignore-reload override-expire
refresh_pattern -i \.facebook.com.*\.(jpg|png|gif|jpeg|js) 129600 100% 129600 ignore-reload override-expire ignore-no-cache
refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|mp3) 129600 100% 129600 ignore-reload override-expire ignore-no-cache
refresh_pattern static\.ak\.fbcdn\.net*\.(jpg|gif|png|jpeg|js) 129600 100% 129600 ignore-reload override-expire ignore-no-cache
refresh_pattern avatars.com*\.(jpg|gif|png|js) 129600 100% 129600 ignore-reload override-expire ignore-no-cache
refresh_pattern opi.yahoo.com.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 129600 100% 129600 ignore-reload override-expire ignore-no-cache
refresh_pattern static.4shared.com.*\/ 129600 100% 129600 ignore-reload override-expire ignore-no-cache
refresh_pattern demuvia.com.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 129600 100% 129600 ignore-reload override-expire ignore-no-cache
refresh_pattern girlsgogames.com.*\/ 129600 100% 129600 ignore-reload override-expire ignore-no-cache
refresh_pattern gamatar.org.*\/ 129600 100% 129600 ignore-reload override-expire ignore-no-cache
refresh_pattern -i \.photoshop.com*\.(jpg|gif|png|jpeg|js) 129600 100% 129600 ignore-reload override-expire ignore-no-cache
refresh_pattern -i (main.exe|notice.html|Loader.xml|Loader.xml.zip|update.exe|grandchase.exe|FSLaun.cher.exe|FreeStyle_Setup.exe|rohanclient__exe.rp)$ 180 50% 43800
refresh_pattern -i (UpdaterModifier.exe|FreeStyle.exe|PBLauncher.exe|update.exe|NewLauncher.exe|New.Avalon.exe|hon.exe.zip|cabal.exe|filelist.zip|AvaClient.exe)$ 180 50% 43800
refresh_pattern -i (wks_avira-win32-en-pecl.info.gz|wks_avira10-win32-en-pecl.info.gz|update.exe.gz|setup.exe.gz|avscan.exe.gz|avguard.exe.g)$ 180 50% 180
refresh_pattern (PointBlank.exe.zip|HSUpdate.exe.zip|PBConfig.exe.zip) 180 60% 131400
refresh_pattern -i (livescore.com|goal.com) 0 50% 60
refresh_pattern .gemscool.com.*\(zip|sc) 43800 100% 43800 ignore-no-cache override-expire ignore-private override-lastmod
refresh_pattern .edgecastcdn.net.*\swf\? 43800 999999% 43800 ignore-no-cache override-expire ignore-private override-lastmod
refresh_pattern ^http:\/\/*.lscache[0-9]youtube*\.* 86400 100% 86400 ignore-reload
refresh_pattern ^http:\/\/*.lscache[0-9][0-9].youtube*\.* 86400 100% 86400 ignore-reload
refresh_pattern ^http:\/\/*.lscache[0-9][0-9][0-9].youtube*\.* 86400 100% 86400 ignore-reload
refresh_pattern ^http:\/\/\.[a-z0-9].youtube\.com\/(.*) 86400 100% 86400 ignore-reload
# 1 year = 525600 mins, 1 month = 43800 mins
refresh_pattern imeem.*\.flv 0 0% 0
refresh_pattern \.rapidshare.*\/[0-9]*\/.*\/[^\/]* 161280 90% 161280 ignore-reload
refresh_pattern windowsupdate.com/.*\.(cab|exe) 43200 999999% 129600 ignore-no-cache ignore-reload reload-into-ims
refresh_pattern update.microsoft.com/.*\.(cab|exe) 43200 999999% 129600 ignore-no-cache ignore-reload reload-into-ims
refresh_pattern download.microsoft.com/.*\.(cab|exe) 43200 999999% 129600 ignore-no-cache ignore-reload reload-into-ims
refresh_pattern ^http://*.devilzc0de.*/.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.jobstreet.com.*/.* 86400 100% 86400 override-expire override-lastmod ignore-no-cache
refresh_pattern ^http://*.indowebster.com.*/.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern ^http://*.21cineplex.*/.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern ^http://*.atmajaya.*/.* 86400 100% 86400 override-expire ignore-no-cache ignore-auth
refresh_pattern ^http://*.kompas.*/.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.theinquirer.*/.* 86400 100% 86400 override-expire ignore-no-cache ignore-auth
refresh_pattern ^http://*.blogspot.com/.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.wordpress.com/.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-no-cache
refresh_pattern ^http://*.tsm00.eset.com/.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-no-cache
refresh_pattern ^http://*.stmik-amik-riau.*/.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.photobucket.com/.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.tinypic.com/.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.4shared.*/.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.imageshack.us/.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.kaskus.*/.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://www.kaskus.com/.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.detik.*/.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.detiknews.*/*.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://video.liputan6.com/.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://static.liputan6.com/.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.friendster.com/.* 86400 100% 86400 override-expire override-lastmod ignore-no-cache ignore-auth
refresh_pattern ^http://*.fbcdn.net/.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.yahoo.com/.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.google.com/.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.linux.or.id/.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-no-cache
refresh_pattern ^http://*.games.co.id/.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-no-cache
refresh_pattern ^http://*.game.*/.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-no-cache
refresh_pattern ^http://*.forummikrotik.com/.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.facebook.com*/.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.apps.facebook.com*/.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.profile.ak.fbcdn.net/.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.creative.ak.fbcdn.net/.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.static.ak.fbcdn.net/.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.facebook.poker.zynga.com/.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.statics.poker.static.zynga.com/.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.zynga.*/.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.texas_holdem.*/.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.static.facebook.mafiawar.com/.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.static.farmville.com/.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.nav3.zynga.com/.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.ninjasaga.com/.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.farmville.net./.* 86400 100% 86400 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern guru.avg.com/.*\.(bin) 86400 100% 86400 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern avast.com.*\.vpx 86400 100% 86400 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern (avgate|avira).*\.(idx|gz)$ 86400 100% 86400 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern kaspersky.*\.avc$ 86400 100% 86400 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern kaspersky 86400 100% 86400 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern liveupdate.symantecliveupdate.com.*\.zip 86400 100% 86400 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern .update.nai.com/.*\.(gem|zip|mcs) 86400 100% 86400 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern .symantec.com.*\(exe|zip) 86400 100% 86400 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern mbamupdates.com.*\.ref 86400 100% 86400 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern windowsupdate.com/.*\.(cab|exe) 86400 100% 86400 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern update.microsoft.com/.*\.(cab|exe) 86400 100% 86400 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern download.microsoft.com/.*\.(cab|exe) 86400 100% 86400 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern ((facebook.com)|(85.131.151.39)).*\.(jpg|png|js|gif) 86400 100% 86400 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|mp3) 86400 100% 86400 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern static\.ak\.fbcdn\.net*\.(jpg|gif|png) 86400 100% 86400 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png|jpeg|js) 86400 100% 86400 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/openx.*\.(jp(e?g|e|2)|gif|pn[pg]|swf|ico|css|tiff?) 129600 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/ads(1|2|3).kompas.com.*\/ 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/img.ads.kompas.com.*\/ 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern .kompasimages.com.*\.(jpg|gif|png|swf) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/openx.kompas.com.*\/ 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern kaskus.\us.*\.(jp(e?g|e|2)|gif|png|swf) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/img.kaskus.co.id.*\.(jpg|gif|png|swf) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/img.gemscool.com.*\.(jpg|gif|png|swf) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/img.pb.gemscool.com.*\.(jpg|gif|png|swf) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/img.atlantica.gemscool.com.*\.(jpg|gif|png|swf) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/img.fs.gemscool.com.*\.(jpg|gif|png|swf) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/img.vivanews.com.*\.(jpg|gif|png|swf) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern -i \.(htm|html|asp|xml|class|css|js|swf|ico|cur|ani|jpg|jpeg|bmp|png|cdr|txt|gif|dll) 129600 100% 129600 ignore-no-cache override-expire ignore-private override-lastmod
refresh_pattern \.(3gp|7z|ace|asx|bin|deb|divx|dvr-ms|ram|rpm|exe|inc|cab|qt) 129600 100% 129600 ignore-no-cache ignore-no-cache override-expire ignore-private override-lastmod
refresh_pattern -i \.(rar|jar|gz|tgz|bz2|m1v|m2(v|p)|mo(d|v)|arj|lha|lzh|zip|tar) 129600 100% 129600 ignore-no-cache ignore-no-cache override-expire ignore-private override-lastmod
refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|dat|ad|txt|dll) 129600 100% 129600 ignore-no-cache override-expire ignore-private override-lastmod
refresh_pattern -i \.(ac4|mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rm|r(a|p)m|snd|vob) 129600 100% 129600 ignore-no-cache override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(pp(t?x)|s|t)|pdf|rtf|wax|wm(a|v)|wmx|wpl|cb(r|z|t)|xl(s?x)|do(c?x)) 129600 100% 129600 ignore-no-cache override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(iso|deb|rpm|zip|tar|tgz|ram|rar|bin|ppt|doc)$ 10080 90% 43200 ignore-no-cache ignore-auth
refresh_pattern -i \.(zip|gz|arj|lha|lzh)$ 10080 100% 43200 override-expire ignore-no-cache ignore-auth
refresh_pattern -i \.(rar|tgz|tar|exe|bin)$ 10080 100% 43200 override-expire ignore-no-cache ignore-auth
refresh_pattern -i \.(hqx|pdf|rtf|doc|swf)$ 10080 100% 43200 override-expire ignore-no-cache ignore-auth
refresh_pattern -i \.(inc|cab|ad|txt|dll)$ 10080 100% 43200 override-expire ignore-no-cache ignore-auth
refresh_pattern -i \.(js|psf|html|htm|css|swf|xml|gif|jpg|png|jpeg|bmp|psd|ad|m4p|mpa)$ 10080 90% 999999 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern -i \.js 129600 100% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern -i \.css 129600 100% 129600 ignore-no-cache override-expire ignore-private override-lastmod
refresh_pattern -i \.ashx 129600 100% 129600 ignore-no-cache override-expire ignore-private override-lastmod
refresh_pattern -i \.js\?$ 129600 100% 129600 ignore-no-cache override-expire ignore-private override-lastmod
refresh_pattern -i \.css\?$ 129600 100% 129600 ignore-no-cache override-expire ignore-private override-lastmod
refresh_pattern -i \.gif\?$ 129600 100% 129600 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.jpg\?$ 129600 100% 129600 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.png\?$ 129600 100% 129600 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.jpeg\?$ 129600 100% 129600 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.psd\?$ 129600 100% 129600 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern -i (/cgi-bin/|\?) 1 0% 2
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320 store-stale
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
negative_ttl 2 minutes
half_closed_clients off
connect_timeout 1 minute
read_timeout 15 minutes
request_timeout 5 minutes
persistent_request_timeout 2 minutes
half_closed_clients on
shutdown_lifetime 30 seconds
icp_port 0
prefer_direct off
ipcache_size 2048
ipcache_low 98
ipcache_high 99
fqdncache_size 5120
memory_pools off
log_icp_queries off
icp_hit_stale on
query_icmp on
reload_into_ims on
pipeline_prefetch on
vary_ignore_expire on
header_access X-Forwarded-For deny all
client_persistent_connections on
server_persistent_connections off
half_closed_clients off
strip_query_terms off
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 98
vary_ignore_expire on
reload_into_ims on
pipeline_prefetch on
negative_ttl 30 seconds
positive_dns_ttl 6 hours
negative_dns_ttl 60 seconds
pconn_timeout 15 seconds
request_timeout 1 minute
log_icp_queries off
ipcache_size 8192
ipcache_low 98
ipcache_high 99
log_fqdn off
fqdncache_size 8192
memory_pools off
forwarded_for on
prefer_direct on
persistent_connection_after_error on
balance_on_multiple_ip on
store_avg_object_size 50 KB
n_aiops_threads 24
load_check_stopen on
load_check_stcreate on
download_fastest_client_speed on
catatan :
warna pink adalah ip local yang akan kita gunakan , sesuaikan dengan ip settingan anda di mikrotik.
untuk storeurl.pl milik saya ini:
#!/usr/bin/perl
# $Rev$
# Youtube updates at http://wiki.squid-cache.org/ConfigExamples/DynamicContent/YouTube/Discussion
$|=1;
while (<>) {
@X = split;
# $X[1] =~ s/&sig=.*//;
$x = $X[0] . " ";
$_ = $X[1];
$u = $X[1];
#photos-X.ak.fbcdn.net where X a-z
if (m/^http:\/\/photos-[a-z]?(.ak.fbcdn.net.*)/) {
print $x . "http://photos" . $1 . "\n";
#http://hphotos-ash2.fbcdn.net/290503_1735121757952_1835833812_1146280_4168472_o.jpg
} elsif (m/^http:\/\/photos-ash[1-5]?(.fbcdn.net.*)/) {
print $x . "http://ash.photos" . $1 . "\n";
#http://a6.sphotos.ak.fbcdn.net/hphotos-ak-ash4/319568_206164829444513_152217858172544_542308_1727268_n.jpg
#a5.sphotos.ak.fbcdn.ne
} elsif (m/^http:\/\/[a-z][0-9]?(.sphotos.ak.fbcdn.net.*)/) {
print $x . "http://cdn.photos" . $1 . "\n";
#http://cityvillefb0.static.zgncdn.com/hashed/43897e86db37ffda95e0d015de72e2a4.png
} elsif (m/^http:\/\/cityvillefb[0-3]?(.static.zgncdn.com.*)/) {
print $x . "http://cityvillefb" . $1 . "\n";
#http://playerstatics1.poker.static.zynga.com/poker/image_proxy.php/aHR0cDovL3Byb2ZpbGUuYWsuZmJjZG4ubmV0L2hwcm9maWxlLWFrLXNuYzQvMjc0ODM2XzEwMDAwMjkwMTU1MTE3MV8xMDAwNTE0MjM3X24uanBn
} elsif (m/^http:\/\/playerstatics[1-9]?(.poker.static.zynga.com.*)/) {
print $x . "http://playerstatics.poker-zynga." . $1 . "\n";
#http://zynga4-a.akamaihd.net/zbar/game-icons/adventureworld-banner-Adventureadventuredame09162011-13161891413359.png
} elsif (m/^http:\/\/zynga[1-9]?-a(.akamaihd.net.*)/) {
print $x . "http://zynga-akamaihd.net." . $1 . "\n";
#http://s2.ninja.game321.com/source/bitmap/icon/debris/icon_debris134.s110.png
} elsif (m/^http:\/\/s[1-9]?(.ninja.game321.com.*)/) {
print $x . "http://ninja-game321." . $1 . "\n";
#http://i616.photobucket.com/albums/uu90/the_martian_cat/ATT00001-1.gif
} elsif (m/^http:\/\/i[1-9]{3}(.photobucket.com.*)/) {
print $x . "http://photobucket3." . $1 . "\n";
# http://i1221.photobucket.com/albums/dd462/semprotcom/File/tri7bet-s.gif
} elsif (m/^http:\/\/i[1-9]{4}(.photobucket.com.*)/) {
print $x . "http://photobucket." . $1 . "\n";
#BLOGSPOT
} elsif (m/^http:\/\/[1-4]?(bp.blogspot.com.*)/) {
print $x . "http://blog-cdn." . $1 . "\n";
#https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMnx1vj7j8NBFX99jlyWDFyKH9RpNSRLoTNrNk0nH0ftQBXGvrj1e-ikvUCUGHOJYzCcRBceu2Q166x-jQmmq6K-uPY-ECHkxHxSJPeTbNlRtns6lDFW0zKLKn6E_UmzPKT6xSmgqSPw6k/
} elsif (m/^http:\/\/lh[3-6]?(.ggpht.com.*)/) {
print $x . "http://ggpht." . $1 . "\n";
#http://a2.twimg.com/profile_images/1213095644/CBS-eye-white-bg_normal.jpg
} elsif (m/^http:\/\/a[0-5]?(.twimg.com.*)/) {
print $x . "http://cdn-twimg.com." . $1 . "\n";
#AVAST
} elsif (m/^http:\/\/download[0-9]{3}.(avast.com.*)/) {
print $x . "http://avast-cdn." . $1 . "\n";
#KAV
} elsif (m/^http:\/\/dnl-[0-9]{2}.(geo.kaspersky.com.*)/) {
print $x . "http://kav-cdn." . $1 . "\n";
#AVG
} elsif (m/^http:\/\/(update.avg.com.*)/) {
print $x . "http://avg-cdn." . $1 . "\n";
#static3.spilcdn.com/
} elsif (m/^http:\/\/static[1-9]?(.speelcdn.com.*)/) {
print $x . "http://speelcdn." . $1 . "\n";
#http://t1.gstatic.com
} elsif (m/^http:\/\/t[1-9]?(.gstatic.com.*)/) {
print $x . "http://cdn-gstatic.com." . $1 . "\n";
# http://0.gravatar.com
} elsif (m/^http:\/\/[0-3]?(.gravatar.com.*)/) {
print $x . "http://cdn-gravatar." . $1 . "\n";
#http://s5.scribdassets.com/images/attribution_noncommercial.png
} elsif (m/^http:\/\/s[1-8]?(.scribdassets.com.*)/) {
print $x . "http://cdn-scribdassets." . $1 . "\n";
# http://tc2.easythumbhost.com/
} elsif (m/^http:\/\/tc[0-9]?(.easythumbhost.com.*)/) {
print $x . "http://cdn-easythumbhost." . $1 . "\n";
#http://static7.spilcdn.com/tw/img/_/profile/dummy_small.png
} elsif (m/^http:\/\/static[1-7]?(.spilcdn.com.*)/) {
print $x . "http://spilcdn." . $1 . "\n";
#http://media5.picsearch.com/is
} elsif (m/^http:\/\/media[1-8]?(.picsearch.com.*)/) {
print $x . "http://cdn-picsearch." . $1 . "\n";
#http://lh3.googleusercontent.com/-z2ZV9VfLsc0/TmetBcUiRBI/AAAAAAAAC_k/-wvptlnDXuQ/03.png
} elsif (m/^http:\/\/lh[3-6]?(.googleusercontent.com.*)/) {
print $x . "http://googleusercontent." . $1 . "\n";
#http://i54.tinypic.com/2crkryu.jpg
} elsif (m/^http:\/\/i[0-9]{2}(.tinypic.com.*)/) {
print $x . "http://tinypic." . $1 . "\n";
#maps.google.com
} elsif (m/^http:\/\/(cbk|mt|khm|mlt|tbn)[0-9]?(.google\.co(m|\.uk|\.id).*)/) {
print $x . "http://" . $1 . $2 . "\n";
#gstatic and/or wikimapia
} elsif (m/^http:\/\/([a-z])[0-9]?(\.gstatic\.com.*|\.wikimapia\.org.*)/) {
print $x . "http://" . $1 . $2 . "\n";
# youtube fix
} elsif (m/^http:\/\/([0-9.]{4}|.*\.youtube\.com|.*\.googlevideo\.com|.*\.video\.google\.com)\/videoplayback\?(.*)/) {
$p_str = $2;
$tag = "";
$alg = "";
$id = "";
$range = "";
if ($p_str =~ m/(itag=[0-9]*)/){$tag = "&".$1}
if ($p_str =~ m/(algorithm=[a-z]*\-[a-z]*)/){$alg = "&".$1}
if ($p_str =~ m/(id=[a-zA-Z0-9]*)/){$id = "&".$1}
if ($p_str =~ m/(range=[0-9\-]*)/){$range = "&".$1; $range =~ s/-//; $range =~ s/range=//; }
print $x . "http://video-srv.youtube.com.SQUIDINTERNAL/" . $tag . "&" . $alg . "&" . $id . "&" . $range . "\n";
} elsif (m/^http:\/\/www\.google-analytics\.com\/__utm\.gif\?.*/) {
print $x . "http://www.google-analytics.com/__utm.gif\n";
#Cache High Latency Ads
} elsif (m/^http:\/\/([a-z0-9.]*)(\.doubleclick\.net|\.quantserve\.com|\.googlesyndication\.com|yieldmanager|cpxinteractive)(.*)/) {
$y = $3;$z = $2;
for ($y) {
s/pixel;.*/pixel/;
s/activity;.*/activity/;
s/(imgad[^&]*).*/\1/;
s/;ord=[?0-9]*//;
s/;×tamp=[0-9]*//;
s/[&?]correlator=[0-9]*//;
s/&cookie=[^&]*//;
s/&ga_hid=[^&]*//;
s/&ga_vid=[^&]*//;
s/&ga_sid=[^&]*//;
# s/&prev_slotnames=[^&]*//
# s/&u_his=[^&]*//;
s/&dt=[^&]*//;
s/&dtd=[^&]*//;
s/&lmt=[^&]*//;
s/(&alternate_ad_url=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/;
s/(&url=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/;
s/(&ref=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/;
s/(&cookie=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/;
s/[;&?]ord=[?0-9]*//;
s/[;&]mpvid=[^&;]*//;
s/&xpc=[^&]*//;
# yieldmanager
s/\?clickTag=[^&]*//;
s/&u=[^&]*//;
s/&slotname=[^&]*//;
s/&page_slots=[^&]*//;
}
print $x . "http://" . $1 . $2 . $y . "\n";
#cache high latency ads
} elsif (m/^http:\/\/(.*?)\/(ads)\?(.*?)/) {
print $x . "http://" . $1 . "/" . $2 . "\n";
#cdn, varialble 1st path
} elsif (($u =~ /filehippo|mediafire/) && (m/^http:\/\/(.*?)\.(.*?)\/(.*?)\/(.*)\.([a-zA-Z0-9]{2,3})(\?.*)?/)) {
@y = ($1,$2,$4,$5);
$y[0] =~ s/[a-z]+([0-9]+)?/cdn./;
print $x . "http://" . $y[0] . $y[1] . "/" . $y[2] . "." . $y[3] . "\n";
} elsif (($u =~ /maxporn/) && (m/^http:\/\/([^\/]*?)\/(.*?)\/([^\/]*?)(\?.*)?$/)) {
print $x . "http://" . $1 . "/SQUIDINTERNAL/" . $3 . "\n";
#domain/path/.*/path/filename
} elsif (($u =~ /fucktube/) && (m/^http:\/\/(.*?)(\.[^\.\-]*?[^\/]*\/[^\/]*)\/(.*)\/([^\/]*)\/([^\/\?\&]*)\.([^\/\?\&]{3,4})(\?.*?)$/)) {
@y = ($1,$2,$4,$5,$6);
$y[0] =~ s/(([a-zA-Z]+[0-9]+(-[a-zA-Z])?$)|([^\.]*cdn[^\.]*)|([^\.]*cache[^\.]*))/cdn/;
print $x . "http://" . $y[0] . $y[1] . "/" . $y[2] . "/" . $y[3] . "." . $y[4] . "\n";
# #4shared audio/video preview
} elsif (($u =~ /4shared/) && (m/^http:\/\/(.*?)\.(.*?)\/(.*?)\/(dlink__2Fdownload_2F([^\/-]+))([a-zA-Z0-9-]+)\/([^\/\?\&]*\.[^\/\?\&]{2,3})(\?.*)?$/)) {
@y = ($1,$2,$3,$4,$7);
$y[0] =~ s/[a-z]+([0-9]+)?/cdn./;
print $x . "http://" . $y[0] . $y[1] . "/" . $y[2] . "/" . $y[3] . "/" . $y[4] . "\n";
#indowebster
} elsif (m/^http:\/\/(.*?)(\.jkt\.3d\.x\.indowebster.com)\/(.*?)\/([^\/\?\&]*)\.([^\/\?\&]{2,4})(\?.*?)$/) {
@y = ($1,$2,$4,$5);
$y[0] =~ s/([a-z][0-9][a-z]dlod[\d]{3})|((cache|cdn)[-\d]*)|([a-zA-Z]+-?[0-9]+(-[a-zA-Z]*)?)/cdn/;
print $x . "http://" . $y[0] . $y[1] . "/" . $y[2] . "." . $y[3] . "\n";
#like porn hub variables url and center part of the path, filename etention 3 or 4 with or without ? at the end
} elsif (($u =~ /tube8|pornhub|xvideos/) && (m/^http:\/\/(([A-Za-z]+[0-9-.]+)*?(\.[a-z]*)?)\.([a-z]*[0-9]?\.[^\/]{3}\/[a-z]*)(.*?)((\/[a-z]*)?(\/[^\/]*){4}\.[^\/\?]{3,4})(\?.*)?$/)) {
print $x . "http://cdn." . $4 . $6 . "\n";
#for yimg.com video
} elsif (m/^http:\/\/(.*yimg.com)\/\/(.*)\/([^\/\?\&]*\/[^\/\?\&]*\.[^\/\?\&]{3,4})(\?.*)?$/) {
print $x . "http://cdn.yimg.com//" . $3 . "\n";
#for yimg.com doubled
} elsif (m/^http:\/\/(.*?)\.yimg\.com\/(.*?)\.yimg\.com\/(.*?)\?(.*)/) {
print $x . "http://cdn.yimg.com/" . $3 . "\n";
#for yimg.com with &sig=
} elsif (m/^http:\/\/([^\.]*)\.yimg\.com\/(.*)/) {
@y = ($1,$2);
$y[0] =~ s/[a-z]+([0-9]+)?/cdn/;
$y[1] =~ s/&sig=.*//;
print $x . "http://" . $y[0] . ".yimg.com/" . $y[1] . "\n";
#youjizz. We use only domain and filename
} elsif (($u =~ /media[0-9]{1,5}\.youjizz/) && (m/^http:\/\/(.*?)(\.[^\.\-]*?\.[^\/]*)\/(.*)\/([^\/\?\&]*)\.([^\/\?\&]{3,4})(\?.*?)$/)) {
@y = ($1,$2,$4,$5);
$y[0] =~ s/(([a-zA-Z]+[0-9]+(-[a-zA-Z])?$)|([^\.]*cdn[^\.]*)|([^\.]*cache[^\.]*))/cdn/;
print $x . "http://" . $y[0] . $y[1] . "/" . $y[2] . "." . $y[3] . "\n";
#general purpose for cdn servers. add above your specific servers.
} elsif (m/^http:\/\/([0-9.]*?)\/\/(.*?)\.(.*)\?(.*?)/) {
print $x . "http://squid-cdn-url//" . $2 . "." . $3 . "\n";
#generic http://variable.domain.com/path/filename."ex", "ext" or "exte"
} elsif (m/^http:\/\/(.*?)(\.[^\.\-]*?\..*?)\/([^\?\&\=]*)\.([\w\d]{2,4})\??.*$/) {
@y = ($1,$2,$3,$4);
$y[0] =~ s/([a-z][0-9][a-z]dlod[\d]{3})|((cache|cdn)[-\d]*)|([a-zA-Z]+-?[0-9]+(-[a-zA-Z]*)?)/cdn/;
print $x . "storeurl://" . $y[0] . $y[1] . "/" . $y[2] . "." . $y[3] . "\n";
# all that ends with ;
} elsif (m/^http:\/\/(.*?)\/(.*?)\;(.*)/) {
print $x . "http://" . $1 . "/" . $2 . "\n";
} else {
print $x . $_ . "\n";
}
}
Gimana sudah mulai pusing, mual dan kembung? wkkwk... LANJUT...............
untuk firewall( \etc\firewall) yang saya pakek adalah seperti ini :
###############################################################################
#
# Use the web-based administration tool to change the firewall configuration.
#
###############################################################################
# Firewall mode
#--------------
# Possible configurations:
# gateway trustedgateway standalone trustedstandalone dmz
MODE="trustedstandalone"
# Interface roles
#----------------
EXTIF="eth0"
LANIF=""
DMZIF=""
WIFIF=""
HOTIF=""
DNSIF=""
# Bandwidth management (QoS)
#---------------------------
BANDWIDTH_QOS="on"
BANDWIDTH_UPSTREAM=""
BANDWIDTH_DOWNSTREAM=""
# Multipath
#----------
MULTIPATH="off"
MULTIPATH_WEIGHTS=""
# Squid configuration
#--------------------
SQUID_TRANSPARENT="on"
SQUID_FILTER_PORT=""
# VPN configuration
#------------------
IPSEC_SERVER="off"
PPTP_SERVER="off"
## One-to-one NAT mode
#---------------------
ONE_TO_ONE_NAT_MODE="type2"
# VPN LAN override
#-----------------
LANNET=""
# Protocol filtering (l7-filter)
# When set to 'on', all forwarded traffic will pass through the l7-filter
# daemon. l7-filter must be running or the firewall will ignore this setting.
#----------------------------------------------------------------------------
PROTOCOL_FILTERING="off"
# Webconfig rules
#----------------
# WARNING:
# The firewall script will not perform further validation on the rules below.
# Use the web-based administration tool to change the firewall configuration.
#
# Name|Group|Flags|Protocol|Address|Port|Parameter
#
# -Name and Group are symbolic names which only have meaning within the
# web-based administration tool (webconfig).
# -Flags are OR combined to produce a 4-byte bitmask. This needs to be
# explained in full detail somewhere. Reading the source to IsValidFlags()
# within the firewallrule.class file is the best documentation about this
# at the moment.
# -Protocol is an integer ID listed in /etc/protocols.
# -Address is an IPv4, IPv6, or MAC/HW address depending on the rule's flags.
# -Port is a TCP/UDP service address depending on the rule's flags and
# protocol.
# -Parameter can contain additional rule criteria depending on the rule's
# flags and/or protocol.
#
# NOTE: If editing these by hand, do not add spaces between fields.
RULES="\
webservice||0x10000001|6||1875| \
"
# vim: ts=4 syntax=sh
- sekarang membuat NAT di mikrotik :/ip
firewall nat add chain=dstnat src-address=!192.168.1.2 protocol=tcp
dst-port=80 action=dst-nat to-addresses=192.168.1.2 to-ports=3128
comment=”TransParent PROXY” disabled=no
catatan : - warna pink adalah ip proxy , di src-addrres di kasih tanda pentunng(!) gunanya adalah selain ip itu akan di belokkan ke proxy
atau anda bisa gunakan addrres list isi dengan ip local ( 192.168.0.0/24) artinya hanya ring ip itu proxy bekerja - untuk ROXY HIT LOSS
/ip firewall mangle add action=mark-connection chain=forward comment=Proxy_HIT \ disabled=no in-interface=Proxy new-connection-mark=Hit\ out-interface=Lokal passthrough=yes protocol=tcp add action=mark-packet chain=forward comment="" connection-mark=Hit\ disabled=no in-interface=Proxy new-packet-mark=Proxy Hit\ out-interface=Lokal passthrough=no protocol=tcp /queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no\ limit-at=0 max-limit=0 name=.:Proxy Hit:. packet-mark=Proxy Hit\ parent=global-out priority=1 queue=default
SELESAI.......... - untuk melihat aktifitas acces.log nya bisa pakai putty kemudian masukkan :
# tail -f /cache1/access.log (enter)untuk bisa berwarna kita intall dulu dengan perintah (menggunakan putty) :
- kemudian kembali ketik perintahnya dengan mengambah |ccze
tail -f /cache1/access.log |ccze (enter)
taraaaaa...... jadilah berwarna.......
- dan untuk perintah yang sering di pakai:
tail -f /var/log/squid/access.log |ccze (melihat log)
/usr/local/squid/sbin/squid -NDd1 & (menghidupkan squid)
/usr/local/squid/sbin/squid -k parse (mengecek kesalahan)
/usr/local/squid/sbin/squid -k reconfigure - mematikan cos :shutdown -h now
nah itu lah tadi seluruh tahapan yang coba saya sajikan, disini saya masih belajar dan
terus belajar karena masih newbe, masih perlu untuk cari sana sini biar pass
terimakasih semoga bermanfaat
sumber : - http://www.wirelessrouterproxy.com
- http://beldin-best.blogspot.com/2011/10/lusca-di-clearos-52.html
- dan masih banyak lagi sampe lupa .......
apa ini beneran... wah q bacanya sampek gak bisa baca lagi.... mumet... jare wong jowo