@91X:

sorry oot gan, ane mau Tanya, pf mikrotik ke clientnya pake apa? dstnat? mark routing?

dstnat gan, saya cuma direct port 80/443 ke ip dan port CPortal

@shr_kaza:

@91X:

@shr_kaza:

ini lagi percobaan 2.2.3 pke https, semua https tampilan normal. kecuali facebook. apa ada setingan tertentu untuk akses facebook ? bagi2 agan yg sdah bisa pke https untuk facebook, tolong pencerahannya

coba masukan ke custom acl before auth:                         
sslproxy_cert_error allow all                                                                                                           
sslproxy_flags DONT_VERIFY_PEER

jos markotop bos, tampilan facebook jadi oke !

oke mantab dah  ;D

pfsense model bridge, nyimak

@91X:

@shr_kaza:

saya sdah pke pfsense 2.2.2 squid 3 transparent, tp 1 land card

ente brp bit? dari tsnya 32bit

iya om, saya pke 32bit

@DeSastro:

Site to site kira kira :

https://openvpn.net/index.php/access-server/section-faq-openvpn-as/server-configuration/209-how-do-i-setup-openvpn-access-server-to-use-site-to-site.html

Road Warrior

http://davidsduty.blogspot.com/2011/11/untangle-open-vpn-vpn-road-warrior.html

Cara setting :

https://forum.pfsense.org/index.php?topic=12888.0

owh begitu, q mengerti sekarang. site to site contohnya itu kantor pusat dengan kantor cabang (server pusat vpn ke server cabang) nah kalo road warior itu misalnya user satu orang pake laptop kantor nongkrong di starbuck tangerang trus pengen buka file di server kantor di bekasi, (keren banget ni satu orang disebut warior)  ::)….tolong di koreksi.... ;D

akhirnya SOLVED bro,
ternyata sederhana beud, harus memasukan/membuat TARGET CATEGORIES dulu di settingan squidguardnya
*ane test pake pf 2.2.2 squid 3.4 squidguard 1.9.14

tutorialnya donk bt ane yg newbi ;D.
edit captiveny di folder mn?
usr/local/captive….?

Sudahkah membuka referensi tutorial di subforum OpenVPN ???

mantap bro… lanjutken....  :) :) ;) dirunggu reviewnya  ;) ;) ;) ;)

BGP blm pernah coba , kawan yg lain mungkin  dah coba

TS coba link ini http://www.youtube.com/watch?v=O9D2fM883Fc, mungkin bisa membantu. thx

Kalo saya Semua Router0 , 1, 2  Di handle hanya dengan 1 mesin pfsense.

public server (mail, www1,www2,www3) cukup satu pc server.

internal server (ldap, radius server, NAS) cukup satu pc server / Windows server 2012 enterprise / red….

dengan konfigurasi seperti itu sangat mudah dalam memanage nya.

masalahnya dah kelar ternyata di firewall filternya mikrotik, thanks ya rekan2

tuan, dsini indonesia, salah kamar klo pakai bahasa inggris  ;D

shundhul uph uph

ya … kendala jelas di Firewall nya ..

NAT 1:1 ...

Karena setelah di test ternyata jalan, Topografi diatas...

Coba gak usah pakai virtual IPs

btw tsnya mana nih, kabur aja (tipikal org indo lagi)  ::)

ada yang tahu cara backup dan restore cache ? (cache terpisah)

yang saya alami ketika padam listrik!!

hardisk cache yang terpisah tidak terbaca oleh system pfsense..
sehingga harus dilakukan kembali..("squid -z" tetap tidak terbaca)!!STOP SQUIDNYA!!

#newfs /dev/nama_hardisk_anda

#ee /etc/fstab
edit / tambahkan
/dev/hardisk_anda  /nama_cache ufs rw,noatime 2 2 (save)

#mkdir /nama_cache

#mount -a

#df -h (baru kebaca deh hardisk cachenya (yg terpisah)
masuk ke GUI rubah direktory cachenya ditujukan ke hardisk terpisah ( /nama_cahe)

#chown proxy:proxy /nama_cache

#chmod 777 /nama_cache

#rm -R /var/squid/cache/* (cache lama masih belum terhapus)

#squid -z

#reboot

pfsense kembali normal, tapi cache yang terpisah terhapus jadi 0% terlalu.. :'(

df -h

Filesystem    Size    Used  Avail Capacity  Mounted on
/dev/ad2s1a    447G    78G    333G    19%    /
devfs          1.0k    1.0k      0B  100%    /dev
/dev/ad1s1a    222G    234M    204G    0%    /cache
/dev/md0      3.6M    60k    3.3M    2%    /var/run
devfs          1.0k    1.0k      0B  100%    /var/dhcpd/dev

ada solusi lain?..

2014/09/10 01:01:15| refreshAddToList: Unknown option '.(ico|video-stats)': negative-ttl=10080
2014/09/10 01:01:15| refreshAddToList: Unknown option '^.(utm.gif|ads?|rmxads.com|ad.z5x.net|bh.contextweb.com|bstats.adbrite.com|a1.interclick.com|ad.trafficmp.com|ads.cubics.com|ad.xtendmedia.com|.googlesyndication.com|advertising.com|yieldmanager|game-advertising.com|pixel.quantserve.com|adperium.com|doubleclick.net|adserving.cpxinteractive.com|syndication.com|media.fastclick.net).': negative-ttl=40320
2014/09/10 01:01:15| refreshAddToList: Unknown option '^.safebrowsing.google': negative-ttl=10080
2014/09/10 01:01:15| refreshAddToList: Unknown option '^http://((cbk|mt|khm|mlt)[0-9]?).google.co(m|.uk)': negative-ttl=10080
2014/09/10 01:01:15| refreshAddToList: Unknown option '^http://v.okezone.com/get_video/([a-zA-Z0-9])': negative-ttl=10080
2014/09/10 01:01:15| /usr/pbi/squid-i386/etc/squid/squid.conf line 131: refresh_pattern ^http://(.?)/get_video? 10080 80% 10080 override-expire ignore-no-cache ignore-private store-stale ignore-must-revalidate
2014/09/10 01:01:15| refreshAddToList: Invalid regular expression '^http://(.?)/get_video?': repetition-operator operand invalid
2014/09/10 01:01:15| /usr/pbi/squid-i386/etc/squid/squid.conf line 132: refresh_pattern ^http://(.?)/videodownload? 10080 80% 10080 override-expire ignore-no-cache ignore-private store-stale ignore-must-revalidate
2014/09/10 01:01:15| refreshAddToList: Invalid regular expression '^http://(.?)/videodownload?': repetition-operator operand invalid

ini lagi belajar squid3-dev

This file is automatically generated by pfSense Do not edit manually !

http_port 192.168.0.100:3128
http_port 127.0.0.1:3128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/pbi/squid-i386/etc/squid/serverkey.pem capath=/usr/pbi/squid-i386/share/certs/

https_port 127.0.0.1:3127 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/pbi/squid-i386/etc/squid/serverkey.pem capath=/usr/pbi/squid-i386/share/certs/

icp_port 0
dns_v4_first on
pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_default_language id
icon_directory /usr/pbi/squid-i386/etc/squid/icons
visible_hostname proxies.fastnet.uk
cache_mgr owner@fastnet.uk
access_log /var/squid/logs/access.log
cache_log /var/squid/logs/cache.log
cache_store_log none
netdb_filename /var/squid/logs/netdb.state
pinger_enable off
pinger_program /usr/pbi/squid-i386/libexec/squid/pinger
sslcrtd_program /usr/pbi/squid-i386/libexec/squid/ssl_crtd -s /var/squid/lib/ssl_db -M 4MB -b 2048
sslcrtd_children 5
sslproxy_capath /usr/pbi/squid-i386/share/certs/

logfile_rotate 0
debug_options rotate=0
shutdown_lifetime 3 seconds

Allow local network(s) on interface(s)

acl localnet src  192.168.0.0/24 192.168.1.0/24
via off
httpd_suppress_version_string on
uri_whitespace strip
dns_nameservers 127.0.0.1

Break HTTP standard for flash videos. Keep them in cache even if asked not to.

refresh_pattern -i .flv$ 10080 90% 999999 ignore-no-cache override-expire ignore-private

Let the clients favorite video site through with full caching

acl youtube dstdomain .youtube.com
cache allow youtube
refresh_pattern -i .flv$ 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-private ignore-auth
refresh_pattern -i .mp3$ 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-private ignore-auth
refresh_pattern -i .mp4$ 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-private ignore-auth
refresh_pattern -i .swf$ 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-private ignore-auth
refresh_pattern -i .gif$ 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-private ignore-auth
refresh_pattern -i .jpg$ 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-private ignore-auth
refresh_pattern -i .jpeg$ 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-private ignore-auth
refresh_pattern -i .exe$ 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-private ignore-auth

1 year = 525600 mins, 1 month = 10080 mins, 1 day = 1440

#refresh_pattern (get_video?|videoplayback?|videodownload?|.flv?) 10080 80% 10080 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
#refresh_pattern (get_video?|videoplayback?id|videoplayback.id|videodownload?|.flv?) 10080 80% 10080 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
#refresh_pattern .(ico|video-stats) 10080 80% 10080 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth override-lastmod negative-ttl=10080
refresh_pattern .etology? 10080 80% 10080 override-expire ignore-reload ignore-no-cache
refresh_pattern galleries.video(?|sz) 10080 80% 10080 override-expire ignore-reload ignore-no-cache
refresh_pattern brazzers? 10080 80% 10080 override-expire ignore-reload ignore-no-cache
refresh_pattern .adtology? 10080 80% 10080 override-expire ignore-reload ignore-no-cache
#refresh_pattern ^.(utm.gif|ads?|rmxads.com|ad.z5x.net|bh.contextweb.com|bstats.adbrite.com|a1.interclick.com|ad.trafficmp.com|ads.cubics.com|ad.xtendmedia.com|.googlesyndication.com|advertising.com|yieldmanager|game-advertising.com|pixel.quantserve.com|adperium.com|doubleclick.net|adserving.cpxinteractive.com|syndication.com|media.fastclick.net).* 10080 20% 10080 ignore-no-cache ignore-private override-expire ignore-reload ignore-auth negative-ttl=40320 max-stale=10
#refresh_pattern ^.safebrowsing.google 10080 80% 10080 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth negative-ttl=10080
#refresh_pattern ^http://((cbk|mt|khm|mlt)[0-9]?).google.co(m|.uk) 10080 80% 10080 override-expire ignore-reload ignore-private negative-ttl=10080
#refresh_pattern ytimg.com..jpg 10080 80% 10080 override-expire ignore-reload
refresh_pattern images.friendster.com..(png|gif) 10080 80% 10080 override-expire ignore-reload
refresh_pattern garena.com 10080 80% 10080 override-expire reload-into-ims
refresh_pattern photobucket..(jp(e?g|e|2)|tiff?|bmp|gif|png) 10080 80% 10080 override-expire ignore-reload
refresh_pattern vid.akm.dailymotion.com..on2? 10080 80% 10080 ignore-no-cache override-expire override-lastmod
refresh_pattern mediafire.com/images..(jp(e?g|e|2)|tiff?|bmp|gif|png) 10080 80% 10080 reload-into-ims override-expire ignore-private
refresh_pattern ^http://images|pics|thumbs[0-9]. 10080 80% 10080 reload-into-ims ignore-no-cache ignore-reload override-expire
refresh_pattern ^http://www.onemanga.com./ 10080 80% 10080 reload-into-ims ignore-no-cache ignore-reload override-expire
#refresh_pattern ^http://v.okezone.com/get_video/([a-zA-Z0-9]) 10080 80% 10080 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth override-lastmod negative-ttl=10080
refresh_pattern .speedtest/.* 10080 80% 10080 override-expire ignore-reload ignore-no-cache ignore-no-store ignore-must-revalidate store-stale
refresh_pattern code.google.com.*(svn|download) 10080 80% 10080 reload-into-ims

Images Facebook

refresh_pattern -i .facebook.com..(jpg|png|gif) 10080 80% 10080 ignore-reload override-expire ignore-no-cache
refresh_pattern -i .fbcdn.net..(jpg|gif|png|swf|mp3) 10080 80% 10080 ignore-reload override-expire ignore-no-cache
refresh_pattern static.ak.fbcdn.net*.(jpg|gif|png) 10080 80% 10080 ignore-reload override-expire ignore-no-cache
refresh_pattern ^http://profile.ak.fbcdn.net*.(jpg|gif|png) 10080 80% 10080 ignore-reload override-expire ignore-no-cache

Detik

refresh_pattern -i ^http://..detik.com/ 10080 80% 10080
refresh_pattern -i ^http://..detiknews.com/ 10080 80% 10080
refresh_pattern -i ^http://..detikhot.com/ 10080 80% 10080
refresh_pattern -i ^http://..detikfinance.com/ 10080 80% 10080
refresh_pattern -i ^http://.*.detiksport.com/ 10080 80% 10080

Game Online Update

refresh_pattern ^http://file.pb.gemscool.com/hackshield/.* 10080 80% 10080 override-expire override-lastmod reload-into-ims store-stale
refresh_pattern ^http://file.pb.gemscool.com/gamepatch/..(exe|dll|cab|zip) 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-auth store-stale
refresh_pattern ^http://file.fs.gemscool.com/JCE/..(exe|dll|cab|zip) 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-auth store-stale
refresh_pattern ^http://file.atlantica.gemscool.com/.. 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-auth store-stale
refresh_pattern ^http://122.102.49.132/..(zip|exe) 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-auth ignore-no-store store-stale
refresh_pattern ^http://122.102.49.202/..(kom|zip|exe|stg) 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-auth ignore-no-store store-stale
refresh_pattern ^http://..cabalonline.co.id/..(cab|zip|exe|rar|dat) 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-auth store-stale
refresh_pattern ^http://..gemscool.com/..(cab|zip|exe|rar|dat) 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-auth store-stale
refresh_pattern ^http://patch.crossfire.web.id/..(cab|zip|exe|rar|dat) 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-auth store-stale
refresh_pattern (zynga|ninjasaga|mafiawars|cityville|farmville|crowdstar|spilcdn|agame|popcap|miniclip).com/. 10080 80% 10080 override-expire ignore-reload ignore-no-cache ignore-private ignore-no-store ignore-must-revalidate store-stale

Spesific Game URL

refresh_pattern ^http://.lytogame.com/. 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://.megaxus.com/. 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://.ayodance.com/. 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://.gemscool.com/. 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://.wavegame.net/. 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://.playcircle.net/. 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://.lineage2.co.id/. 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://.roseonline.web.id/. 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://.xshot.web.id/. 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://.romonline.web.id/. 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://.iahgames.co.id/. 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://.vtconline.co.id/. 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://.blackshotonline.com/. 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://.speedsoft.co.id/. 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://.ijji.com/. 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://.mmosite.com/. 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate

Spesific URL

refresh_pattern ^http://.jobstreet.com./.* 10080 80% 10080 override-expire override-lastmod ignore-no-cache store-stale ignore-must-revalidate
refresh_pattern ^http://.indowebster.com./.* 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://.21cineplex./.* 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://.kompas./.* 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://.blogspot.com/. 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://.wordpress.com/. 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache store-stale ignore-must-revalidate
refresh_pattern ^http://.photobucket.com/. 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://.tinypic.com/. 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://.imageshack.us/. 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://.kaskus./.* 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://.detik./.* 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://.detiknews./. 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://video.liputan6.com/.* 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://static.liputan6.com/.* 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://.friendster.com/. 10080 80% 10080 override-expire override-lastmod ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://.forummikrotik.com/. 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate

#refresh_pattern ^http://.linux.or.id/. 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
#refresh_pattern ^http://(.?)/get_video? 10080 80% 10080 override-expire ignore-no-cache ignore-private store-stale ignore-must-revalidate
#refresh_pattern ^http://(.?)/videodownload? 10080 80% 10080 override-expire ignore-no-cache ignore-private store-stale ignore-must-revalidate

Update Antivirus

refresh_pattern guru.avg.com/..(bin) 10080 80% 10080 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale
refresh_pattern avast.com..vpx 10080 80% 10080 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale
refresh_pattern (avgate|avira)..(idx|gz)$ 10080 80% 10080 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale
refresh_pattern kaspersky..avc$ 10080 80% 10080 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale
refresh_pattern kaspersky 10080 80% 10080 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale
refresh_pattern liveupdate.symantecliveupdate.com..zip 10080 80% 10080 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale
refresh_pattern .update.nai.com/..(gem|zip|mcs) 10080 80% 10080 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale
refresh_pattern .symantec.com.(exe|zip) 10080 80% 10080 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale
refresh_pattern mbamupdates.com..ref 10080 80% 10080 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale

Update Windows

refresh_pattern windowsupdate.com/..(cab|exe) 10080 80% 10080 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale
refresh_pattern update.microsoft.com/..(cab|exe) 10080 80% 10080 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale
refresh_pattern download.microsoft.com/.*.(cab|exe) 10080 80% 10080 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale

Download IIX

refresh_pattern ^http://.www[0-9][0-9].indowebster.com/(.*)(mp3|rar|zip|flv|wmv|3gp|mp(4|3)|exe|msi|zip) 10080 80% 10080 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  store-stale ignore-auth

Banner IIX

refresh_pattern ^http://openx..(jp(e?g|e|2)|gif|pn[pg]|swf|ico|css|tiff?) 10080 80% 10080 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  store-stale
refresh_pattern ^http://ads(1|2|3).kompas.com./ 10080 80% 10080 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  store-stale
refresh_pattern ^http://img.ads.kompas.com./ 10080 80% 10080 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  store-stale
refresh_pattern .kompasimages.com..(jpg|gif|png|swf) 10080 80% 10080 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  store-stale
refresh_pattern ^http://openx.kompas.com./ 10080 80% 10080 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  store-stale
refresh_pattern kaskus.\us..(jp(e?g|e|2)|gif|png|swf) 10080 80% 10080 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  store-stale
refresh_pattern ^http://img.kaskus.us..(jpg|gif|png|swf) 10080 80% 10080 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  store-stale
refresh_pattern ^http://img.gemscool.com..(jpg|gif|png|swf) 10080 80% 10080 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  store-stale
refresh_pattern ^http://img.pb.gemscool.com..(jpg|gif|png|swf) 10080 80% 10080 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  store-stale
refresh_pattern ^http://img.atlantica.gemscool.com..(jpg|gif|png|swf) 10080 80% 10080 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  store-stale
refresh_pattern ^http://img.fs.gemscool.com..(jpg|gif|png|swf) 10080 80% 10080 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  store-stale
refresh_pattern ^http://img.vivanews.com..(jpg|gif|png|swf) 10080 80% 10080 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  store-stale

All File

refresh_pattern -i .(3gp|7z|ace|asx|bin|deb|divx|dvr-ms|ram|rpm|exe|inc|cab|qt) 10080 80% 10080 ignore-no-cache override-expire override-lastmod reload-into-ims
refresh_pattern -i .(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v)|arj|lha|lzh|zip|tar) 10080 80% 10080 ignore-no-cache override-expire override-lastmod reload-into-ims
refresh_pattern -i .(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|dat|ad|txt|dll) 10080 80% 10080 ignore-no-cache override-expire override-lastmod reload-into-ims
refresh_pattern -i .(avi|ac4|mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rm|r(a|p)m|snd|vob) 10080 80% 10080 ignore-no-cache override-expire override-lastmod reload-into-ims
refresh_pattern -i .(pp(t?x)|s|t)|pdf|rtf|wax|wm(a|v)|wmx|wpl|cb(r|z|t)|xl(s?x)|do(c?x)|flv|x-flv) 10080 80% 10080 ignore-no-cache override-expire override-lastmod reload-into-ims
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern ^ftp: 10080 95% 10080 override-lastmod reload-into-ims
refresh_pattern . 1440 95% 10080 override-lastmod reload-into-ims

cache_mem 256 MB
maximum_object_size_in_memory 64 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir aufs /var/squid/cache 100000 64 256
minimum_object_size 8 KB
maximum_object_size 512000 KB
offline_mode off
cache_swap_low 90
cache_swap_high 95
cache allow all

Add any of your own refresh_pattern entries above these.

refresh_pattern ^ftp:    1440  20%  10080
refresh_pattern ^gopher:  1440  0%  1440
refresh_pattern -i (/cgi-bin/|?) 0  0%  0
refresh_pattern .    0  20%  4320

No redirector configured

#Remote proxies

Setup some default acls From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in. acl localhost src 127.0.0.1/32

acl allsrc src all
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 666 3128 3127 1025-65535
acl sslports port 443 563 666

From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in.

#acl manager proto cache_object

acl purge method PURGE
acl connect method CONNECT

Define protocols used for redirects

acl HTTP proto HTTP
acl HTTPS proto HTTPS
acl blacklist dstdom_regex -i "/var/squid/acl/blacklist.acl"
http_access allow manager localhost

Allow external cache managers

acl ext_manager src 127.0.0.1
http_access allow manager ext_manager

http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports

Always allow localhost connections From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in. http_access allow localhost

quick_abort_min -1 KB
quick_abort_max 0 KB
request_body_max_size 0 KB
reply_body_max_size 400000 KB allsrc
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100

Throttle extensions matched in the url

acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl"
delay_access 1 allow throttle_exts
delay_access 1 deny allsrc

Reverse Proxy settings

http_port 192.168.0.100:80 accel defaultsite=192.168.1.1 vhost
https_port 192.168.0.100:443 accel cert=/usr/pbi/squid-i386/etc/squid/540d30ca51b31.crt key=/usr/pbi/squid-i386/etc/squid/540d30ca51b31.key defaultsite=192.168.1.1 vhost

deny_info TCP_RESET allsrc

Custom options before auth Block access to blacklist domains

http_access deny blacklist

Setup allowed acls Allow local network(s) on interface(s)

http_access allow localnet

Default block all to be sure

http_access deny allsrc

itu kenapa ya bang ?