Squid.conf

Contoh squid.conf

# WELCOME TO SQUID 2.x HIGH PERFORMANCES

http_port 8118 transparent
http_port 127.0.0.1:3128
#icp_port 3130

hierarchy_stoplist cgi-bin ? localhost
acl QUERY urlpath_regex cgi-bin \? localhost
no_cache deny QUERY

#==============================================
# OPTIONS WHICH AFFECT THE CACHE SIZE
#==============================================
cache_mem 8 MB
maximum_object_size 128 MB
maximum_object_size_in_memory 32 KB
cache_swap_low 98
cache_swap_high 99
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
ipcache_size 16378
ipcache_low 98
ipcache_high 99

#==============================================
# LOGFILE PATHNAMES AND CACHE DIRECTORIES
#==============================================
cache_dir aufs /var/squid/cache1 5000 28 256
cache_dir aufs /var/squid/cache2 5000 28 256
cache_dir aufs /var/squid/cache3 5000 28 256
cache_dir aufs /var/squid/cache4 5000 28 256

cache_access_log /var/squid/logs/access.log
cache_log /var/squid/logs/cache.log
cache_store_log /var/squid/logs/store.log

mime_table /usr/local/squid/etc/mime.conf

pid_filename /usr/local/squid/var/logs/squid.pid

log_fqdn off
log_icp_queries off
buffered_logs off
emulate_httpd_log off
cache_log none
cache_store_log none

#==============================================
# FTP section
#==============================================
ftp_passive on
ftp_sanitycheck on

#==============================================
# DNS resolution section
#==============================================
dns_nameservers 192.168.10.1

#==============================================
# Refresh Rate
#==============================================
request_header_max_size 524288 KB
request_body_max_size 0 KB
refresh_pattern -i \.dez$ 100800 90% 100800 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.wma$ 100800 90% 100800 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.tar.gz$ 100800 90% 100800 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.mp3$ 100800 90% 1008000 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.zip$ 100800 90% 1008000 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.png$ 10080 90% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.gif$ 10080 90% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.jpg$ 10080 90% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.jpeg$ 10080 90% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.swf$ 100800 90% 100800 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(gif|jp?g|xbm|png|swf|bmp)$ 21600 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(mov|avi|qtm|mp?)$ 21600 90% 43200 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.(3gp|wmv|wma|mpg|mpeg|mpga|rm|rv|vgp)$ 21600 90% 43200 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.(zip|exe|gz|Z|lha|arj)$ 21600 90% 43200 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.(hqx|pdf|rtf|doc|swf)$ 100000 500% 99000000 ignore-reload override-expire
refresh_pattern -i \.(inc|cab|ad|txt|)$ 100000 500% 99000000 ignore-reload override-expire
refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320
refresh_pattern ^http://*.friendster.*/.* 720 100% 4320
refresh_pattern ^http://*.facebook.*/.* 720 100% 4320
refresh_pattern ^http://*.myspace.*/.* 720 100% 4320
refresh_pattern ^http://*.youtube.*/.* 720 100% 4320
refresh_pattern ^http://*.yimg.*/.* 720 100% 4320
refresh_pattern ^http://*.ytimg.*/.* 720 100% 4320
refresh_pattern ^http://*.google.*/.* 720 100% 4320
refresh_pattern ^http://*.akamai.*/.* 720 100% 4320
refresh_pattern ^http://*.multiply.*/.* 720 100% 4320
refresh_pattern ^http://*.liveconnector.*/.* 720 100% 4320
refresh_pattern ^http://*.kaskus.*/.* 720 100% 4320
refresh_pattern ^http://*.detik.*/.* 720 100% 4320
refresh_pattern ^http://*.kapanlagi.*/.* 720 100% 4320
refresh_pattern ^http://*.googlesyndication.*/.* 720 100% 4320
refresh_pattern ^http://*.google-analytics.*/.* 720 100% 4320
refresh_pattern ^http://*.windowsupdate.com/.*\.(cab|exe) 4320 100% 43200
refresh_pattern ^http://*.download.microsoft.com/.*\.(cab|exe) 4320 100% 43200
refresh_pattern ^http://*.grisoft.com/.*\.(bin|exe) 4320 100% 43200
refresh_pattern ^http://*.ads.adbrite.com/.* 720 100% 4320
refresh_pattern ^http://*.adserving.*/.* 720 100% 4320
refresh_pattern ^http://*.ad.yieldmanager.*/.* 720 100% 4320
refresh_pattern ^http://*.imageshack.*/.* 100800 100% 4320
refresh_pattern ^http://*.photobucket.*/.* 100800 100% 4320
refresh_pattern ^ftp: 10080 95% 241920 reload-into-ims override-lastmod
refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod

quick_abort_min 0
quick_abort_max 0
quick_abort_pct 100%

negative_ttl 0 seconds
positive_dns_ttl 86400 seconds
negative_dns_ttl 1 seconds
range_offset_limit 0 bytes

#==============================================
# ACL section
#==============================================
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 # https
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl purge method PURGE
acl CONNECT method CONNECT

acl networks src 192.168.10.0/255.255.255.248

http_access allow manager all
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow networks
http_access deny all
icp_access allow localhost
icp_access deny all
always_direct allow localhost
always_direct deny all
reply_body_max_size 0 allow all
cache_mgr marketing@brownet.web.id
cachemgr_passwd secret all
visible_hostname proxy.brownet.web.id
header_access Accept-Encoding deny all

#==============================================
# DELAY POOLS
#==============================================
acl download url_regex -i \.exe$ \.mp3$ \.mp4$ \.tar.gz$ \.gz$ \.tar.bz2$ \.rpm$ \.zip$ \.rar$
acl download url_regex -i \.avi$ \.mpg$ \.mpeg$ \.rm$ \.iso$ \.wav$ \.mov$ \.dat$ \.mpe$ \.mid$
acl download url_regex -i \.midi$ \.wma$ \.wmv$ \.ogg$ \.ogm$ \.asf$ \.3gp$ \.rmvb$ \.flv$ \.swf$
acl download url_regex -i \.bin$ \.7z$ \.nrg$ \.msi$ \.001$ \.002$ \.003$ \.004$ \.005$ \.006$
acl streaming url_regex -i get_video\?video_id videodownload\?

delay_pools 2
delay_class 1 2
delay_parameters 1 -1/-1 12800/50000
delay_access 1 allow download
delay_access 1 deny all
delay_class 2 2
delay_parameters 2 -1/-1 12800/50000
delay_access 2 allow streaming
delay_access 2 deny all

#==============================================
# MISCELLANEOUS
#==============================================
logfile_rotate 3
client_persistent_connections on
server_persistent_connections on
pipeline_prefetch on
vary_ignore_expire on
reload_into_ims on
icp_hit_stale on
query_icmp on
store_dir_select_algorithm round-robin
nonhierarchical_direct off
prefer_direct off
memory_pools off
shutdown_lifetime 10 seconds
ie_refresh on
cache_effective_user squid
cache_effective_group squid
#redirect_program /usr/local/adzap/scripts/wrapzap

versi lain

## Jika ada beberapa situs terdekat yg mungkin hanya 1 hop, di-by pass saja supaya kerja Squid benar-benar utk yg jaraknya jauh

hierarchy_stoplist cgi-bin ? localhost domain-anda.com isp-anda.com domainku.web.id
acl QUERY urlpath_regex cgi-bin \? localhost domain-anda.com isp-anda.com domainku.web.id
no_cache deny QUERY

## Dari pengalaman 6 MB akan lebih cepat dan biarkan Squid bekerja lebih keras lagi

cache_mem 6 MB
cache_swap_low 98
cache_swap_high 99

## Maksimum obyek di hardisk dan di memori diupayakan lebih besar shg byte hit lebih tinggi (bisa dinaikkan lagi jika hardisk berkecepatan tinggi dan jumlahnya banyak dg memori yg lebih besar pula)

maximum_object_size 128 MB
maximum_object_size_in_memory 32 KB

## Jika memori 512 MB atau lebih besar silahkan cache diperbesar

ipcache_size 2048
ipcache_low 98
ipcache_high 99

## Utk heap replacement saya memakai LFUDA utk cache hardisk dan GDSF utk cache memori dg alasan di hardisk diprioritaskan obyek yg ukuran besar-besar dan di memori obyek yg ukurannya kecil-kecil utk disimpan

cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF

## Idealnya ruang di hardisk yg anda pakai hanya sekitar 70% dari total krn semakin penuh Squid akan semakin pelan mencari tempat kosong, mis. utk cache 1 GB maka yg dipakai hanya 700MB (jangan 1GB dipakai semuanya). Jangan lupa hanya 1 direktori per drive krn faktor penghambat adalah kecepatan spindle hardisk lho, bukan terus dg memperbanyak direktori pada 1 hd akan mempercepat (hd orde milidetik, memori orde nanodetik). Jadi mending hardisknya banyak tapi ukurannya kecil-kecil daripada hanya 1 berukuran besar. Terus jika OS-nya Linux pakailah FS-nya Reiser (versi 4 tercepat) dg metode akses aufs. Diskd optimal di FreeBSD tetapi tidak di Linux lho. Jangan lupa di partisi tsb noatime dan notail diaktifkan spy tidak menambah ekstra write saat menulis atau membaca. Intinya hardisk adalah faktor penghambat terbesar di Squid.
## saran kira2 70% dari 16GB

cache_dir aufs /cachez 12000 28 256

atau (utk ruang 4GB-an per hardisk)

cache_dir aufs /cachehardisk1 3000 8 256
cache_dir aufs /cachehardisk2 3000 8 256
cache_dir aufs /cachehardisk3 3000 8 256
cache_dir aufs /cachehardisk4 3000 8 256

atau minimal di bawah ini supaya modifikasi tidak terlalu jauh

cache_dir diskd /cachez 12000 28 256 Q1=72 Q2=88

## Log utk info yg vital saja dan diusahakan file-file log ada di hardisk tersendiri spy tidak mempengaruhi kecepatan direktori cache utamanya

log_fqdn off
log_icp_queries off
cache_log none
cache_store_log none

## Dg ‘menipu’ dan memaksa sedikit supaya akses obyek lebih intensif di lokal Squid dan waktu simpan ditambah sebelum proses validasi terjadi (mis. validasi terjadi per 3 jam dg penyimpanan obyek terlama 3 bulan, utk ftp bisa lebih lama lagi)

refresh_pattern ^ftp: 10080 95% 241920 reload-into-ims override-lastmod
refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod

## Toleransi aborting dihilangkan saja

quick_abort_min 0
quick_abort_max 0
quick_abort_pct 98

## Mematikan dan merekonfigurasi Squid jangan terlalu cepat krn bisa mengakibatkan integritas file kacau

shutdown_lifetime 10 seconds

## tidak perlu reservasi memori

memory_pools off

## Penting utk relasi dg sibling dg mengukur respons-nya via ICP dan ICMP (tapi ada isp yg tidak mengijinkan lho)

icp_hit_stale on
query_icmp on

## Penting utk meningkatkan refresh pattern lebih lanjut

reload_into_ims on
pipeline_prefetch on
vary_ignore_expire on

## Sekali lagi Squid diperlukan utk mengambil yg jaraknya jauh, jarak dekat langsung saja

acl local-dst dst semuaalamatlokal semuaalamatipygdekat
acl local-domain dstdomain localhost domain-anda.com isp-anda.com domainku.web.id

always_direct allow localhost local-dst local-domain
always_direct deny all
header_access Accept-Encoding deny all

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s

%d blogger menyukai ini: