Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid

    Scheduled Pinned Locked Moved Indonesian
    85 Posts 10 Posters 61.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      chiboik
      last edited by

      knapa ya mas habis restart

      squid.conf saya balik ke default lagi
      padahal dah di tunning bagus2 T.T

      1 Reply Last reply Reply Quote 0
      • Y Offline
        yellowhat89
        last edited by

        @chiboik:

        knapa ya mas habis restart

        squid.conf saya balik ke default lagi
        padahal dah di tunning bagus2 T.T

        sudah banyak dibahas di forum.,, :D
        masukkan aja config anda di squid.inc

        Stay hungry, Stay Foolish

        1 Reply Last reply Reply Quote 0
        • C Offline
          chiboik
          last edited by

          @yellowhat89:

          @chiboik:

          knapa ya mas habis restart

          squid.conf saya balik ke default lagi
          padahal dah di tunning bagus2 T.T

          sudah banyak dibahas di forum.,, :D
          masukkan aja config anda di squid.inc

          bisa di perjelas mas ?
          cara masukin gmn ?
          maaf, masih newbie  ;D
          saya pake pfSense-1.2.3-RC3

          o iya mas mau nanya lagi
          waktu client warnet saya make proxies.telkom.net.id:8080
          proxy nya ke bypass, ngga redirect ke port 3128
          padahal port nya udah saya forward 8080  ke 3128

          jadi website yang saya block bisa di buka sama client.
          gmn solusi nya mas ?

          1 Reply Last reply Reply Quote 0
          • G Offline
            grage95
            last edited by

            ini lagi ngaco banget !!!
            emang bisa proxy di forward ke proxy lagi ????

            yang bisa itu, proxymu di parent ke proxy telkom, jangan bermain forwarding di pf, jaka sembung baca bobo, gak nyambung bo…:)

            tambahin di squid .inc

            cache_peer proxies.telkom.net.id parent 8080 3130 no-query connect-timeout=10 no-digest no-netdb-exchange default
            cache_peer 202.134.0.135 sibling 8080 3130 round-robin no-query connect-timeout=10 no-digest no-netdb-exchange

            dari nubie

            1 Reply Last reply Reply Quote 0
            • C Offline
              chiboik
              last edited by

              @grage95:

              ini lagi ngaco banget !!!
              emang bisa proxy di forward ke proxy lagi ????

              yang bisa itu, proxymu di parent ke proxy telkom, jangan bermain forwarding di pf, jaka sembung baca bobo, gak nyambung bo…:)

              tambahin di squid .inc

              cache_peer proxies.telkom.net.id parent 8080 3130 no-query connect-timeout=10 no-digest no-netdb-exchange default
              cache_peer 202.134.0.135 sibling 8080 3130 round-robin no-query connect-timeout=10 no-digest no-netdb-exchange

              dari nubie

              bisa mas
              bikin di Firewall NAT
              di interface : WAN
              external address nya : any
              protocol : TCP
              External port range : 8080
              NAT IP : 192.168.0.x
              Local port : 3128

              ntar kalo user warnet pake proxy free high anynomous proxy 8080
              lansung ke forward ke proxy pfsense saya.
              jadi ngga ke bypass squid nya

              1 Reply Last reply Reply Quote 0
              • G Offline
                grage95
                last edited by

                @chiboik:

                @grage95:

                ini lagi ngaco banget !!!
                emang bisa proxy di forward ke proxy lagi ????

                yang bisa itu, proxymu di parent ke proxy telkom, jangan bermain forwarding di pf, jaka sembung baca bobo, gak nyambung bo…:)

                tambahin di squid .inc

                cache_peer proxies.telkom.net.id parent 8080 3130 no-query connect-timeout=10 no-digest no-netdb-exchange default
                cache_peer 202.134.0.135 sibling 8080 3130 round-robin no-query connect-timeout=10 no-digest no-netdb-exchange

                dari nubie

                bisa mas
                bikin di Firewall NAT
                di interface : WAN
                external address nya : any
                protocol : TCP
                External port range : 8080
                NAT IP : 192.168.0.x
                Local port : 3128

                ntar kalo user warnet pake proxy free high anynomous proxy 8080
                lansung ke forward ke proxy pfsense saya.
                jadi ngga ke bypass squid nya

                syntax yang kamu buat salah,
                bukan di interface WAN, tapi di LAN,

                kalau tujuannya memfoward request destination port 8080 dari client (LAN) di forward ke port proxy kamu
                itu artinya,  bukan proxy di forward ke proxy lagi, tapi memfilter setiap destinatoin port 8080 di forward ke port proxymu,
                di proxy servers freebsd yang pernah saya install  (bukan pfsense)  dengan user > 2000 client, sy paksa semua client ke proxy, jadi port2 proxy yang bertebaran di free proxy dr mulai port 80,3128,8000,8181,8080 dst  saya paksa ke port 3128,
                trus yang parah lagi punyamu, kenapa port 443/https di forward juga ke proxy?
                ini sungguh lucu bagi seorang administrator jaringan,
                developer squid sendiri sangat menghindari https utk di cache.

                kamu ngerti enggak definisi https ?
                dan ngerti enggak definisi proxy ?

                1 Reply Last reply Reply Quote 0
                • C Offline
                  chiboik
                  last edited by

                  @grage95:

                  @chiboik:

                  @grage95:

                  ini lagi ngaco banget !!!
                  emang bisa proxy di forward ke proxy lagi ????

                  yang bisa itu, proxymu di parent ke proxy telkom, jangan bermain forwarding di pf, jaka sembung baca bobo, gak nyambung bo…:)

                  tambahin di squid .inc

                  cache_peer proxies.telkom.net.id parent 8080 3130 no-query connect-timeout=10 no-digest no-netdb-exchange default
                  cache_peer 202.134.0.135 sibling 8080 3130 round-robin no-query connect-timeout=10 no-digest no-netdb-exchange

                  dari nubie

                  bisa mas
                  bikin di Firewall NAT
                  di interface : WAN
                  external address nya : any
                  protocol : TCP
                  External port range : 8080
                  NAT IP : 192.168.0.x
                  Local port : 3128

                  ntar kalo user warnet pake proxy free high anynomous proxy 8080
                  lansung ke forward ke proxy pfsense saya.
                  jadi ngga ke bypass squid nya

                  syntax yang kamu buat salah,
                  bukan di interface WAN, tapi di LAN,

                  kalau tujuannya memfoward request destination port 8080 dari client (LAN) di forward ke port proxy kamu
                  itu artinya,  bukan proxy di forward ke proxy lagi, tapi memfilter setiap destinatoin port 8080 di forward ke port proxymu,
                  di proxy servers freebsd yang pernah saya install  (bukan pfsense)  dengan user > 2000 client, sy paksa semua client ke proxy, jadi port2 proxy yang bertebaran di free proxy dr mulai port 80,3128,8000,8181,8080 dst  saya paksa ke port 3128,
                  trus yang parah lagi punyamu, kenapa port 443/https di forward juga ke proxy?
                  ini sungguh lucu bagi seorang administrator jaringan,
                  developer squid sendiri sangat menghindari https utk di cache.

                  kamu ngerti enggak definisi https ?
                  dan ngerti enggak definisi proxy ?

                  mas… mas... jgn dimarahin dong...
                  saya kan newbie bukan network administrator di perusahan besar kayak airputih nya mas
                  saya install di warnet saya aja..
                  saya baru semester 1 di TI univ putra indonesia
                  jadi santai aja mas.

                  saya baca tutorial di

                  
                  http://agngwb.blogspot.com/2008/08/setting-multi-speedy-dgn-pf-sense.html
                  
                  

                  jadi kalo soal https yang di cache tanya sama mas agung yg bikin blog itu
                  saya cuman ngikutin artikel nya dia

                  kalo bikin di interface LAN ngga jalan

                  thanks bgt si mas mau bantu tapi cara nulis posting nya saya ngga suka
                  disini saya belajar mas.. tanya jawab,.. bukan tes ilmu..

                  1 Reply Last reply Reply Quote 0
                  • G Offline
                    grage95
                    last edited by

                    saya juga gak suka postinganmu disini :

                    http://forum.pfsense.org/index.php?topic=19905.msg102584#msg102584

                    jadi saya mohon maaf ya …

                    mengenai port 443 di paksa ke port squid, itu berbahaya, bagi yang iseng, user & pass utk login (email, forum) bisa disniff, di squid sudah ada metode menbypassnya, dengan acl CONNECT method CONNECT
                    bahkan chat (YM, MSN, dll)  bisa di paksa ke proxy,
                    ini sangat tidak etis bagi kenyamanan client, kecuali kita mau mengobok2 privacy client.
                    soalnya saya pernah punya kasus dengan hal ini, di suruh ngelog chat, dan log chatnya di kasih ke seseorang, eh yang di salahin saya sama pacarnya, shit !!!!!

                    1 Reply Last reply Reply Quote 0
                    • Y Offline
                      yellowhat89
                      last edited by

                      @chiboik, benarkan link anda yang dirujuk om grage95 jika tidak ingin disalahkan orang lain.

                      Stay hungry, Stay Foolish

                      1 Reply Last reply Reply Quote 0
                      • X Offline
                        xaviero
                        last edited by

                        maap,
                        ane bingung ma bro chiboik,
                        napa kudu ngforward port2 443 8080 ke proxy juga?
                        kalo ente maenan transparent, kudunya ini ga perlu…. malahan jadinya ngribetin. apalagi cumin kapasitas warnet, rasanya jadi aneh bro....

                        ato, karena 443 memang di proxykan untuk kek webmail gmail, yahoo etc di login page nya??? ntaran nya malah aneh loh brow, suka masalah di cookie expired nya... CMIIW

                        1 Reply Last reply Reply Quote 0
                        • I Offline
                          ipoelnet
                          last edited by

                          Nuwun sewu Kanda-kanda, Q punya masalah dengan Cache_peer untuk akses ICP ke Pfsense,
                          Saya punya 2 server Pakai Pfsense 1.2.3 RC3, squid-2.6.21 semua.

                          terus Aku pingin server pfsense itu Q jadikan sibling dari server satunya :

                          Pfsense Utama 2 NIC :

                          • WAN interface (rl0) : 192.168.0.2- ke speedy1
                          • LAN interface (re0) : 192.168.1.1 - client(HUB)

                          Squid.conf :
                          http_port 192.168.1.1:3128
                          http_port 127.0.0.1:80 transparent
                          icp_port 3130

                          acl hotspot src 192.168.1.200
                          icp_access allow hotspot
                          miss_access allow hotspot

                          ==========================
                          Pfsense kedua 3 NIC :

                          • WAN interface (rl0) : 192.168.3.2 - ke speedy2
                          • LAN interface (re0) : 192.168.4.1 - client
                          • lansibling interface (fxp0)  : 192.168.1.200 - untuk sibling ke server utama ( LAN interface (re0) : 192.168.1.1 - client(HUB))

                          Squid.conf :
                          http_port 192.168.4.1:3128
                          http_port 127.0.0.1:80 transparent
                          icp_port 3130

                          cache peer

                          cache_peer 192.168.1.1 sibling 3128 3130 no-digest no-netdb-exchange

                          ======
                          Tapi kok tidak bisa ada DEAD SIBLING 192.168.1.1  ??? ??? ???

                          Iso cak, Asal sesuai aturan | Belajarlah seperti orang bodoh

                          1 Reply Last reply Reply Quote 0
                          • G Offline
                            grage95
                            last edited by

                            confignya sih bener,

                            coba di trace satu2
                            1. test services icp jalan enggak, dengan telnet ke port 3130 atau cek portnya udah listen belum netstat -a -n | egrep 'Proto|LISTEN'
                            2. cek firewall apakah ngeblok port icp (nmap localhost)
                            3. cek rules dengan command  pfctl -sr | grep 3130
                            4. cek dari pfsense parents peer squidclient -p 3128 cache_object://localhost/config | grep -i icp
                            5. cek dari pfsense client peer:  squidclient -p 3128 cache_object://localhost/server_list

                            1 Reply Last reply Reply Quote 0
                            • I Offline
                              ipoelnet
                              last edited by

                              @grage95:

                              confignya sih bener,

                              coba di trace satu2
                              1. test services icp jalan enggak, dengan telnet ke port 3130 atau cek portnya udah listen belum netstat -a -n | egrep 'Proto|LISTEN'
                              2. cek firewall apakah ngeblok port icp (nmap localhost)
                              3. cek rules dengan command  pfctl -sr | grep 3130
                              4. cek dari pfsense parents peer squidclient -p 3128 cache_object://localhost/config | grep -i icp
                              5. cek dari pfsense client peer:  squidclient -p 3128 cache_object://localhost/server_list

                              Oke Om grage95  tak coba dulu,.,., wah berjuang ternyata banyak yang membantu  :D :D

                              Iso cak, Asal sesuai aturan | Belajarlah seperti orang bodoh

                              1 Reply Last reply Reply Quote 0
                              • I Offline
                                ipoelnet
                                last edited by

                                thankyu Om Grage95, Hasilnya mknyussssss,.,., muanteb,.,.,., ha ha ha
                                hasilnya : Q peer 2 server sekaligus Server SMK n SMA Wuih,.,., aksesnya jadi Tlushurrrrrrr,.,.,tlushurrr,.,.,.

                                257702244.098    545 192.168.4.224 TCP_MISS/200 5704 GET http://www.friendster.com/ - FIRST_PARENT_MISS/192.168.66.1 text/html
                                1257702244.422      3 192.168.4.224 TCP_MISS/403 3180 GET http://images.friendster.com/images/friendster2.ico - SIBLING_HIT/192.168.1.1 text/html
                                1257702244.503      3 192.168.4.224 TCP_MISS/403 3254 GET http://images.friendster.com/images/lib/yui-260/build/yahoo-dom-event/yahoo-dom-event.js - SIBLING_HIT/192.168.1.1 text/html
                                1257702244.615      6 192.168.4.224 TCP_MISS/403 3238 GET http://images.friendster.com/images/lib/yui-260/build/animation/animation-min.js - SIBLING_HIT/192.168.1.1 text/html
                                1257702244.655      3 192.168.4.224 TCP_MISS/403 3242 GET http://images.friendster.com/images/lib/yui-260/build/connection/connection-min.js - SIBLING_HIT/192.168.1.1 text/html
                                1257702244.725      3 192.168.4.224 TCP_MISS/403 3218 GET http://images.friendster.com/images/lib/yui-260/build/json/json-min.js - SIBLING_HIT/192.168.1.1 text/html
                                1257702244.772      3 192.168.4.224 TCP_MISS/403 3242 GET http://images.friendster.com/images/lib/yui-260/build/datasource/datasource-min.js - SIBLING_HIT/192.168.1.1 text/html
                                1257702244.808      3 192.168.4.224 TCP_MISS/403 3250 GET http://images.friendster.com/images/lib/yui-260/build/autocomplete/autocomplete-min.js - SIBLING_HIT/192.168.1.1 text/html
                                1257702245.148      3 192.168.4.224 TCP_MISS/403 3174 GET http://images.friendster.com/images/btn-lt_2.png - SIBLING_HIT/192.168.1.1 text/html
                                1257702245.150      3 192.168.4.224 TCP_MISS/403 3174 GET http://images.friendster.com/images/btn-rt_2.png - SIBLING_HIT/192.168.1.1 text/html
                                1257702245.612    98 192.168.4.224 TCP_MISS/200 442 GET http://images.friendster.com/images/uncacheable.gif - FIRST_PARENT_MISS/192.168.66.1 image/gif
                                1257702245.776    203 192.168.4.224 TCP_MISS/200 1896 GET http://www.google-analytics.com/ga.js - PARENT_HIT/192.168.66.1 text/html
                                1257702245.936      3 192.168.4.224 TCP_MISS/403 3180 GET http://images.friendster.com/images/friendster2.ico - SIBLING_HIT/192.168.1.1 text/html

                                Muanteeeeeeebbbbbbbbbbb,.,.,

                                Iso cak, Asal sesuai aturan | Belajarlah seperti orang bodoh

                                1 Reply Last reply Reply Quote 0
                                • G Offline
                                  grage95
                                  last edited by

                                  mantaf

                                  PARENT_HIT/192.168.66.1
                                  SIBLING_HIT/192.168.1.1

                                  ya cepetlah, kan masih dalam network lokal (gak ngambil langsung ke origin server)

                                  silahkan di buat tutorialnya, share ke rekan2 lainnya disini, apa itu sibling apa itu parent, bagaimana topolog dan config squidnya

                                  btw sampe saat ini saya belum bisa oprek pfsense + squid zph (zero pinalty hit), kalau squidnya sih sudah jalan zph-nya (squid2.7.7 dan lusca1.4 sudah support zph), menggabungkan squid + pf  / squid+ipfw di freebsd sudah bisa jalan, bisa dengan pf (altq)/ipfw (dummynet)
                                  zph itu paket yang sudah di cahce (hit) akan di mark (di tandai dengan nilai tertentu,misal 0x30  dan jika di hubungkan dengan bandwith shaper bisa masukkan ke bandwith yang lebih tinggi dengan menangkap paket yang dimark tadi, jadi client browsing nyaman tidak tercekek limit bandwith, kan sayang browsing yang sudah di hit masa di limit kecil (di freebsd saya buat limitnya utk zph ini 20Mbps :) )

                                  malah di lusca sudah ada option zph hit utk cache_peer, lebih mantabb (double B ) dan maknyuss ..

                                  duh siapa ya yang sudah berhasil oprek zph di pfsense

                                  1 Reply Last reply Reply Quote 0
                                  • I Offline
                                    ipoelnet
                                    last edited by

                                    Oke OM ntar Q buat tutornya,.,.

                                    Wah,.,. ada lagi ada lagi,.,., ZPH khusus untuk 2.7.7 ya OM grage95  ??? waduh tutornya Om,.,. tapi squid Q squid-2.6.21 semua kalau di update ke squid2.7.7 dan lusca1.4 musti clear cache yg udah ada ya OM?  :-[

                                    Iso cak, Asal sesuai aturan | Belajarlah seperti orang bodoh

                                    1 Reply Last reply Reply Quote 0
                                    • G Offline
                                      grage95
                                      last edited by

                                      @ipoelnet:

                                      Oke OM ntar Q buat tutornya,.,.

                                      Wah,.,. ada lagi ada lagi,.,., ZPH khusus untuk 2.7.7 ya OM grage95  ??? waduh tutornya Om,.,. tapi squid Q squid-2.6.21 semua kalau di update ke squid2.7.7 dan lusca1.4 musti clear cache yg udah ada ya OM?  :-[
                                      [/quote]

                                      yups ZPH sudah support di squid-2.7.xx dan lusca-1.xx
                                      di squid.conf cukup ditambah :
                                      zph_mode tos
                                      zph_local 0x30
                                      zph_parent 0
                                      zph_option 136

                                      cara ngecek bahwa paket sudah ditandai dengan command tcpdump -nvi fxp0 |grep 'tos 0x30'

                                      untuk update dari squid-2.6.xx ke squid-2.7.xx/ lusca1.xx tidak usah clear cache jika file sytemnya tetep sama (ex:aufs to aufs), kalau di hapus sayang banget, cukup dengan rebuild cache squid -z nanti si squid akan menyesauiakan meta data sesuai dengan binary squid baru

                                      1 Reply Last reply Reply Quote 0
                                      • 1 Offline
                                        111ichael
                                        last edited by

                                        halo.. salam kenal…
                                        aku sudah install lusca d pfsense aku...
                                        tapi setelah beberapa minggu saat aku #squidclient mgr:info hasilnya..

                                        …..........................................
                                        Connection information for squid:
                                        Number of clients accessing cache: 0
                                        Number of HTTP requests received: 75360
                                        Number of ICP messages received: 0
                                        Number of ICP messages sent: 0
                                        Number of queued ICP replies: 0
                                        Request failure ratio: 0.00
                                        Average HTTP requests per minute since start: 129.5
                                        Average ICP messages per minute since start: 0.0
                                        Select loop called: 1497728 times, 23.320 ms avg
                                        Cache information for squid:
                                        Request Hit Ratios: 5min: 6.4%, 60min: 18.0%
                                        Byte Hit Ratios: 5min: -511.2%, 60min: -78.8%
                                        Request Memory Hit Ratios: 5min: 76.5%, 60min: 63.1%
                                        Request Disk Hit Ratios: 5min: 11.8%, 60min: 16.4%
                                        Storage Swap size: -636084972 KB
                                        Storage Mem size: 103100 KB
                                        Mean Object Size: -22223.64 KB
                                        Requests given to unlinkd: 0
                                        ….........dst.

                                        mengapa Byte hit ratio aku bisa mencapai min segitu besar... smpe2 berpengaruh di Storage swap size dan mean object size??
                                        tolong dong bgmn solusinya....  :)

                                        1 Reply Last reply Reply Quote 0
                                        • G Offline
                                          grage95
                                          last edited by

                                          coba paste kesini confignya

                                          squidclient mgr:config > /tmp/squid.config

                                          paste hasil /tmp/squid.config  kesini dan berapa ram fisik yang dipasang di server squid

                                          ini saya paste di salah satu warnet dengan lusca.1.4, p3,ram 256, cache_dir 4Gb, baru di install 5 hari lalu

                                          Cache information for squid:
                                                  Request Hit Ratios:    5min: 0.0%, 60min: 45.7%
                                                  Byte Hit Ratios:        5min: 0.0%, 60min: 6.7%
                                                  Request Memory Hit Ratios:      5min: 0.0%, 60min: 1.8%
                                                  Request Disk Hit Ratios:        5min: 0.0%, 60min: 84.5%
                                                  Storage Swap size:      3426750 KB
                                                  Storage Mem size:      6088 KB
                                                  Mean Object Size:      8.31 KB

                                          0,0% lagi sepi, jam 24.00 warnet sudah tutup, tapi sejam sbelumnya masih ada kegiatan akses

                                          1 Reply Last reply Reply Quote 0
                                          • 1 Offline
                                            111ichael
                                            last edited by

                                            @grage95:

                                            coba paste kesini confignya

                                            squidclient mgr:config > /tmp/squid.config

                                            paste hasil /tmp/squid.config  kesini dan berapa ram fisik yang dipasang di server squid

                                            ini saya paste di salah satu warnet dengan lusca.1.4, p3,ram 256, cache_dir 4Gb, baru di install 5 hari lalu

                                            Cache information for squid:
                                                    Request Hit Ratios:     5min: 0.0%, 60min: 45.7%
                                                    Byte Hit Ratios:        5min: 0.0%, 60min: 6.7%
                                                    Request Memory Hit Ratios:      5min: 0.0%, 60min: 1.8%
                                                    Request Disk Hit Ratios:        5min: 0.0%, 60min: 84.5%
                                                    Storage Swap size:      3426750 KB
                                                    Storage Mem size:       6088 KB
                                                    Mean Object Size:       8.31 KB

                                            0,0% lagi sepi, jam 24.00 warnet sudah tutup, tapi sejam sbelumnya masih ada kegiatan akses

                                            ini hasil squidclient mgr:config aku…
                                            memory fisik server 1GB, Proc P4, HDD WD 160GB SATA

                                            
                                            HTTP/1.0 200 OK
                                            Server: Lusca/LUSCA_HEAD
                                            Date: Wed, 11 Nov 2009 06:02:53 GMT
                                            Content-Type: text/plain
                                            Expires: Wed, 11 Nov 2009 06:02:53 GMT
                                            X-Cache: MISS from proxy.kitmor16.net
                                            X-Cache-Lookup: MISS from proxy.kitmor16.net:80
                                            Via: 1.0 proxy.pfsense:80 (Lusca/LUSCA_HEAD)
                                            Connection: close
                                            
                                            authenticate_cache_garbage_interval 3600 seconds
                                            authenticate_ttl 3600 seconds
                                            authenticate_ip_ttl 0 seconds
                                            authenticate_ip_shortcircuit_ttl 0 seconds
                                            acl localnet src 192.168.11.0/255.255.255.224
                                            acl to_localnet dst 192.168.11.0/255.255.255.224
                                            acl all src 0.0.0.0/0.0.0.0
                                            acl localhost src 127.0.0.1
                                            acl safeports port 21
                                            acl safeports port 80
                                            acl safeports port 70
                                            acl safeports port 210
                                            acl safeports port 280
                                            acl safeports port 443
                                            acl safeports port 488
                                            acl safeports port 563
                                            acl safeports port 591
                                            acl safeports port 631
                                            acl safeports port 667
                                            acl safeports port 777
                                            acl safeports port 901
                                            acl safeports port 81
                                            acl safeports port 3128
                                            acl safeports port 1025-65535
                                            acl sslports port 443
                                            acl sslports port 563
                                            acl sslports port 81
                                            acl manager proto cache_object
                                            acl purge method PURGE
                                            acl connect method CONNECT
                                            acl apache rep_header Server ^Apache
                                            acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
                                            acl QUERY urlpath_regex cgi-bin
                                            acl QUERY urlpath_regex \?
                                            acl QUERY urlpath_regex .jsp
                                            acl QUERY urlpath_regex \?.js
                                            acl QUERY urlpath_regex cgi-bin
                                            acl QUERY urlpath_regex to_localnet
                                            acl snmppublic snmp_community public
                                            acl snmp_hosts src 127.0.0.1
                                            acl download url_regex \.exe$
                                            acl download url_regex \.mp3$
                                            acl download url_regex \/(get_video|videoplayback\?id|videoplayback.*id)
                                            acl download url_regex \.3gp$
                                            acl download url_regex \.gz$
                                            acl download url_regex \.rar$
                                            acl download url_regex \.flv$
                                            acl download url_regex \.mp4$
                                            acl download url_regex \.tar.gz$
                                            acl download url_regex \.tar.bz2$
                                            acl download url_regex \.rpm$
                                            acl download url_regex \.zip$
                                            acl download url_regex \.avi$
                                            acl download url_regex \.mpg$
                                            acl download url_regex \.mpeg$
                                            acl download url_regex \.rm$
                                            acl download url_regex \.iso$
                                            acl download url_regex \.wav$
                                            acl download url_regex \.mov$
                                            acl download url_regex \.dat$
                                            acl download url_regex \.mpe$
                                            acl download url_regex \.mid$
                                            acl download url_regex \.midi$
                                            acl download url_regex \.rmi$
                                            acl download url_regex \.wma$
                                            acl download url_regex \.wmv$
                                            acl download url_regex \.ogg$
                                            acl download url_regex \.ogm$
                                            acl download url_regex \.m1v$
                                            acl download url_regex \.mp2$
                                            acl download url_regex \.mpa$
                                            acl download url_regex \.wax$
                                            acl download url_regex \.m3u$
                                            acl download url_regex \.asx$
                                            acl download url_regex \.wpl$
                                            acl download url_regex \.wmx$
                                            acl download url_regex \.dvr-ms$
                                            acl download url_regex \.snd$
                                            acl download url_regex \.au$
                                            acl download url_regex \.aif$
                                            acl download url_regex \.asf$
                                            acl download url_regex \.m2v$
                                            acl download url_regex \.m2p$
                                            acl download url_regex \.ts$
                                            acl download url_regex \.tp$
                                            acl download url_regex \.trp$
                                            acl download url_regex \.div$
                                            acl download url_regex \.divx$
                                            acl download url_regex \.mod$
                                            acl download url_regex \.vob$
                                            acl download url_regex \.aob$
                                            acl download url_regex \.dts$
                                            acl download url_regex \.ac3$
                                            acl download url_regex \.cda$
                                            acl download url_regex \.vro$
                                            acl download url_regex \.deb$
                                            acl admin src 192.168.11.2-192.168.11.3
                                            acl store_rewrite_list urlpath_regex \/(get_video|videoplayback\?id|videoplayback.*id)
                                            acl store_rewrite_list urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|mp(4|3)|exe|msi|zip|on2|mar)(\=|\?|\;\&)+
                                            acl store_rewrite_list_domain url_regex ^http:\/\/([A-Za-z-]+[0-9]+)*\.[A-Za-z]*\.[A-Za-z]*
                                            acl store_rewrite_list_domain url_regex (([a-z]{1,2}[0-9]{1,3})|([0-9]{1,3}[a-z]{1,2}))\.[a-z]*[0-9]?\.[a-z]{3}
                                            acl store_rewrite_list_path urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|avc|zip|mp3|3gp|rar|on2|mar)$
                                            acl store_rewrite_list_domain_CDN url_regex ^http:\/\/[a-z]+[0-9]\.google\.co(m|\.uk)
                                            acl store_rewrite_list_domain_CDN url_regex \.doubleclick\.net.*ord\=
                                            acl store_rewrite_list_domain_CDN url_regex \.rapidshare\.com.*\/[0-9]*\/.*\/[^\/]*
                                            acl store_rewrite_list_domain_CDN url_regex ^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*)
                                            acl store_rewrite_list_domain_CDN url_regex ^http:\/\/[.a-z0-9]*\.photobucket\.com.*\.[a-z]{3}$
                                            acl rapidurl url_regex \.rapidshare\.com.*\/[0-9]*\/[0-9]*\/[^\/]*
                                            acl video urlpath_regex \.((mpeg|ra?m|avi|mp(g|e|4)|mov|divx|asf|qt|wmv|m\dv|rv|vob|asx|ogm|flv|3gp)(\?.*)?)$
                                            acl video urlpath_regex (get_video\?|videoplayback\?|videodownload\?|\.flv(\?.*)?)
                                            acl html url_regex \.((html|htm|php|js|css|aspx)(\?.*)?)$
                                            acl html url_regex \.com\/$
                                            acl html url_regex \.com$
                                            acl images urlpath_regex \.((jp(e?g|e|2)|gif|png|tiff?|bmp|ico)(\?.*)?)$
                                            acl dontrewrite url_regex [a-z0-9]{3}\.photobucket\.com
                                            acl dontrewrite url_regex redbot\.org
                                            http_access Allow manager localhost
                                            http_access Deny manager
                                            http_access Allow purge localhost
                                            http_access Deny purge
                                            http_access Deny !safeports
                                            http_access Deny connect !sslports
                                            http_access Allow localhost
                                            http_access Allow localnet
                                            http_access Deny all
                                            http_reply_access Allow all
                                            icp_access Deny all
                                            reply_body_max_size 0 Allow all
                                            http_port 192.168.11.1:80 transparent protocol=http
                                            http_port 127.0.0.1:3128 transparent protocol=http
                                            zph_mode off
                                            zph_local 0
                                            zph_sibling 0
                                            zph_parent 0
                                            zph_option 136
                                            dead_peer_timeout 10 seconds
                                            hierarchy_stoplist cgi-bin
                                            hierarchy_stoplist ?
                                            hierarchy_stoplist .js
                                            hierarchy_stoplist .jsp
                                            cache_mem 268435456 bytes
                                            maximum_object_size_in_memory 32768 bytes
                                            memory_replacement_policy heap GDSF
                                            cache_replacement_policy heap LFUDA
                                            cache_dir aufs /cache1/squidcache 6000 16 256 max-size=65556
                                            cache_dir aufs /cache2/squidcache 12000 18 256 min-size=65556
                                            cache_dir aufs /cache3/squidcache 12000 18 256 min-size=65556
                                            store_dir_select_algorithm least-load
                                            max_open_disk_fds 0
                                            minimum_object_size 0 bytes
                                            maximum_object_size 104857600 bytes
                                            cache_swap_low 98
                                            cache_swap_high 99
                                            update_headers off
                                            access_log /dev/null
                                            logfile_daemon /usr/local/libexec/squid/logfile-daemon
                                            cache_log /var/squid/log/cache.log
                                            cache_store_log none
                                            logfile_rotate 2
                                            emulate_httpd_log off
                                            log_ip_on_direct on
                                            mime_table /usr/local/etc/squid/mime.conf
                                            log_mime_hdrs off
                                            pid_filename /var/run/squid.pid
                                            debug_options ALL,1
                                            log_fqdn off
                                            client_netmask 255.255.255.255
                                            strip_query_terms off
                                            buffered_logs off
                                            netdb_filename /usr/local/squid/logs/netdb.state
                                            ftp_user Squid@
                                            ftp_list_width 32
                                            ftp_passive on
                                            ftp_sanitycheck on
                                            ftp_telnet_protocol on
                                            ufs_log_build_program /usr/local/libexec/squid/ufs_rebuild
                                            coss_log_build_program /usr/local/libexec/squid/coss_rebuild
                                            diskd_program /usr/local/libexec/squid/diskd-daemon
                                            unlinkd_program /usr/local/libexec/squid/unlinkd
                                            storeurl_rewrite_program /usr/local/etc/squid/storeurl.pl
                                            storeurl_rewrite_children 4
                                            storeurl_rewrite_concurrency 99
                                            rewrite_access Deny all
                                            url_rewrite_children 5
                                            url_rewrite_concurrency 0
                                            url_rewrite_host_header on
                                            storeurl_access Deny dontrewrite
                                            storeurl_access Allow store_rewrite_list_domain_CDN
                                            storeurl_access Allow store_rewrite_list
                                            storeurl_access Allow store_rewrite_list_domain store_rewrite_list_path
                                            storeurl_access Deny all
                                            redirector_bypass off
                                            location_rewrite_children 5
                                            location_rewrite_concurrency 0
                                            cache Deny QUERY
                                            max_stale 604800 seconds
                                            refresh_pattern windowsupdate.com/.*\.(cab|exe) 40320 100% 43200
                                             reload-into-ims
                                            refresh_pattern update.microsoft.com/.*\.(cab|exe) 40320 100% 43200
                                             reload-into-ims
                                            refresh_pattern download.microsoft.com/.*\.(cab|exe) 40320 100% 43200
                                             reload-into-ims
                                            refresh_pattern imeem.*\.flv 0 0% 0
                                            
                                            refresh_pattern ^ftp: 40320 20% 40320
                                             override-expire reload-into-ims
                                            refresh_pattern ^gopher: 1440 0% 1440
                                            
                                            refresh_pattern \.rapidshare.*\/[0-9]*\/.*\/[^\/]* 161280 90% 161280
                                             ignore-reload
                                            refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?) 5259487 99999999% 5259487
                                             override-expire ignore-reload
                                            refresh_pattern \.(ico|video\-stats) 5259487 999999% 5259487
                                             override-expire override-lastmod ignore-reload ignore-no-cache ignore-private ignore-auth negative-ttl=10080
                                            refresh_pattern \.etology\? 5259487 999999% 5259487
                                             override-expire ignore-reload ignore-no-cache
                                            refresh_pattern galleries\.video(\?|sz) 5259487 999999% 5259487
                                             override-expire ignore-reload ignore-no-cache
                                            refresh_pattern brazzers\? 5259487 999999% 5259487
                                             override-expire ignore-reload ignore-no-cache
                                            refresh_pattern \.adtology\? 5259487 999999% 5259487
                                             override-expire ignore-reload ignore-no-cache
                                            refresh_pattern ^.*(utm\.gif|ads\?|advertising\.com|ad\.yieldmanager\.com|doubleclick\.net|adserving\.cpxinteractive\.com) 5259487 999999% 5259487
                                             override-expire override-lastmod ignore-reload ignore-no-cache ignore-private ignore-auth
                                            refresh_pattern ^.*safebrowsing\.clients\.clients\.com\/safebrowsing 5259487 999999% 5259487
                                             override-expire ignore-reload ignore-no-cache ignore-private ignore-auth negative-ttl=10080
                                            refresh_pattern ^http:\/\/((cbk|mt|khm)[0-9]?)\.google\.co(m|\.uk) 5259487 999999% 5259487
                                             override-expire ignore-reload
                                            refresh_pattern ytimg\.com.*\.jpg 5259487 999999% 5259487
                                             override-expire ignore-reload
                                            refresh_pattern (avgate|avira).*(idx|gz)$ 5259487 999999% 5259487
                                             reload-into-ims ignore-no-cache
                                            refresh_pattern kaspersky.*\.avc$ 5259487 999999% 5259487
                                             ignore-reload
                                            refresh_pattern kaspersky 1440 50% 161280
                                             ignore-no-cache
                                            refresh_pattern images\.friendster\.com.*\.(png|gif) 5259487 999999% 5259487
                                             override-expire ignore-reload
                                            refresh_pattern facebook.com.*\.(png|gif) 5259487 999999% 5259487
                                             override-expire ignore-reload
                                            refresh_pattern garena\.com 5259487 999999% 5259487
                                             override-expire reload-into-ims
                                            refresh_pattern photobucket.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 5259487 999999% 5259487
                                             override-expire ignore-reload
                                            refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 5259487 999999% 5259487
                                             override-expire override-lastmod ignore-no-cache
                                            refresh_pattern profile.ak.fbcdn.net.*\.jpg 40320 20% 40320
                                             ignore-reload
                                            refresh_pattern -i \.(ico|js)$ 5259487 999999% 5259487
                                             override-expire override-lastmod ignore-reload
                                            refresh_pattern -i \.(mov|mpg|mpeg|flv|avi|mp3|3gp|sis|wma) 5259487 999999% 5259487
                                             override-lastmod reload-into-ims
                                            refresh_pattern -i \.(zip|rar|ace|bz|bz2|tar|gz|exe) 5259487 999999% 5259487
                                             override-lastmod reload-into-ims
                                            refresh_pattern -i (.*html$|.*htm|.*shtml|.*aspx|.*asp) 5259487 999999% 5259487
                                             override-lastmod reload-into-ims
                                            refresh_pattern -i \.(class|css|js|gif|jpg)$ 5259487 999999% 5259487
                                             override-expire override-lastmod
                                            refresh_pattern -i \.(jpe|jpeg|png|bmp|tif)$ 5259487 999999% 5259487
                                             override-expire override-lastmod
                                            refresh_pattern -i \.(tiff|mov|avi|qt|mpeg)$ 5259487 999999% 5259487
                                             override-expire override-lastmod
                                            refresh_pattern -i \.(mpg|mpe|wav|au|mid)$ 5259487 999999% 5259487
                                             override-expire override-lastmod
                                            refresh_pattern -i \.(zip|gz|arj|lha|lzh)$ 5259487 999999% 5259487
                                             override-expire override-lastmod
                                            refresh_pattern -i \.(rar|tgz|tar|exe|bin)$ 5259487 999999% 5259487
                                             override-expire override-lastmod
                                            refresh_pattern -i \.(hqx|pdf|rtf|doc|swf)$ 5259487 999999% 5259487
                                             override-expire override-lastmod
                                            refresh_pattern -i \.(inc|cab|ad|txt|dll)$ 5259487 999999% 5259487
                                             override-expire override-lastmod
                                            refresh_pattern \.(jp(e?g|e|2)|tiff?|bmp|gif|png) 5259487 999999% 5259487
                                             override-expire reload-into-ims
                                            refresh_pattern \.(z(ip|[0-9]{2})|r(ar|[0-9]{2})|jar|bz2|gz|tar|rpm|vpu) 5259487 999999% 5259487
                                             override-expire reload-into-ims
                                            refresh_pattern \.(mp3|wav|og(g|a)|flac|midi?|rm|aac|wma|mka|ape) 5259487 999999% 5259487
                                             override-expire reload-into-ims ignore-reload
                                            refresh_pattern \.(exe|msi|dmg|bin|xpi|iso|swf|mar|psf|cab) 5259487 999999% 5259487
                                             override-expire reload-into-ims
                                            refresh_pattern \.(mpeg|ra?m|avi|mp(g|e|4)|mov|divx|asf|wmv|m\dv|rv|vob|asx|ogm|flv|3gp|on2) 5259487 9999999% 5259487
                                             override-expire reload-into-ims
                                            refresh_pattern -i (cgi-bin) 0 0% 0
                                            
                                            refresh_pattern \.(php|jsp|cgi|asx)\? 0 0% 0
                                            
                                            refresh_pattern \.(php|jsp) 0 0% 0
                                            
                                            refresh_pattern . 0 50% 161280
                                            
                                            quick_abort_min 0 KB
                                            quick_abort_max 0 KB
                                            quick_abort_pct 98
                                            read_ahead_gap 16384 bytes
                                            negative_ttl 0 seconds
                                            positive_dns_ttl 43200 seconds
                                            negative_dns_ttl 60 seconds
                                            range_offset_limit -1 bytes
                                            minimum_expiry_time 60 seconds
                                            store_avg_object_size 13 KB
                                            store_objects_per_bucket 20
                                            request_header_max_size 20480 bytes
                                            reply_header_max_size 20480 bytes
                                            request_body_max_size 0 Allow all
                                            request_body_delay_forward_size 0 Allow all
                                            upgrade_http0.9 Deny shoutcast
                                            via on
                                            cache_vary on
                                            broken_vary_encoding Allow apache
                                            collapsed_forwarding off
                                            collapsed_forwarding_timeout 30
                                            refresh_stale_hit 0 seconds
                                            ie_refresh on
                                            vary_ignore_expire on
                                            request_entities off
                                            header_access Accept-Encoding Deny all
                                            relaxed_header_parser on
                                            server_http11 off
                                            ignore_expect_100 off
                                            forward_timeout 240 seconds
                                            connect_timeout 60 seconds
                                            peer_connect_timeout 30 seconds
                                            read_timeout 900 seconds
                                            request_timeout 300 seconds
                                            persistent_request_timeout 120 seconds
                                            client_lifetime 86400 seconds
                                            half_closed_clients off
                                            pconn_timeout 60 seconds
                                            shutdown_lifetime 6 seconds
                                            cache_mgr admin@kitmor16.net
                                            mail_program mail
                                            cache_effective_user proxy
                                            cache_effective_group proxy
                                            httpd_suppress_version_string off
                                            visible_hostname proxy.kitmor16.net
                                            unique_hostname proxy.pfsense
                                            umask 23
                                            announce_period 31536000 seconds
                                            announce_host tracker.ircache.net
                                            announce_port 3131
                                            httpd_accel_no_pmtu_disc off
                                            delay_pools 2
                                            delay_class 1 2
                                            delay_access 1 Allow admin
                                            delay_access 1 Deny all
                                            delay_parameters 1 -1/-1 -1/-1
                                            delay_class 2 2
                                            delay_access 2 Allow download
                                            delay_access 2 Deny all
                                            delay_parameters 2 -1/-1 10000/10000
                                            delay_initial_bucket_level 100
                                            client_persistent_connections off
                                            server_persistent_connections on
                                            persistent_connection_after_error off
                                            detect_broken_pconn off
                                            digest_generation on
                                            digest_bits_per_entry 5
                                            digest_rebuild_period 3600 seconds
                                            digest_rewrite_period 3600 seconds
                                            digest_swapout_chunk_size 4096 bytes
                                            digest_rebuild_chunk_percentage 10
                                            snmp_port 3401
                                            snmp_access Allow snmppublic snmp_hosts
                                            snmp_access Deny all
                                            snmp_incoming_address 0.0.0.0
                                            snmp_outgoing_address 255.255.255.255
                                            icp_port 0
                                            log_icp_queries on
                                            udp_incoming_address 0.0.0.0
                                            udp_outgoing_address 255.255.255.255
                                            udp_outgoing_address6 [ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
                                            udp_incoming_address6 [::]f:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
                                            icp_hit_stale off
                                            minimum_direct_hops 4
                                            minimum_direct_rtt 400
                                            netdb_low 900
                                            netdb_high 1000
                                            netdb_ping_period 300 seconds
                                            query_icmp off
                                            test_reachability off
                                            icp_query_timeout 0
                                            maximum_icp_query_timeout 2000
                                            minimum_icp_query_timeout 5
                                            mcast_icp_query_timeout 2000
                                            icon_directory /usr/local/etc/squid/icons
                                            global_internal_static on
                                            short_icon_urls off
                                            error_directory /usr/local/etc/squid/errors/English
                                            err_html_text 
                                            deny_info TCP_RESET localnet
                                            nonhierarchical_direct on
                                            prefer_direct off
                                            ignore_ims_on_miss off
                                            always_direct Allow localhost to_localnet
                                            always_direct Deny all
                                            max_filedescriptors 8192
                                            tcp_recv_bufsize 0 bytes
                                            incoming_rate 30
                                            check_hostnames off
                                            allow_underscore on
                                            dns_retransmit_interval 5 seconds
                                            dns_timeout 60 seconds
                                            dns_defnames off
                                            dns_nameservers 192.168.11.1
                                            dns_nameservers 202.134.1.10
                                            dns_nameservers 203.130.254.140
                                            dns_nameservers 202.134.1.10
                                            hosts_file /etc/hosts
                                            dns_testnames 127.0.0.1
                                            ignore_unknown_nameservers on
                                            ipcache_size 8192
                                            ipcache_low 98
                                            ipcache_high 99
                                            fqdncache_size 8192
                                            memory_pools off
                                            memory_pools_limit 0 bytes
                                            forwarded_for off
                                            cachemgr_passwd none all
                                            client_db off
                                            reload_into_ims on
                                            maximum_single_addr_tries 5
                                            retry_on_error off
                                            as_whois_server whois.ra.net
                                            offline_mode off
                                            uri_whitespace strip
                                            coredump_dir none
                                            balance_on_multiple_ip on
                                            pipeline_prefetch on
                                            high_response_time_warning 0
                                            high_page_fault_warning 0
                                            high_memory_warning 0 bytes
                                            sleep_after_fork 0
                                            zero_buffers on
                                            windows_ipaddrchangemonitor on
                                            n_aiops_threads -1
                                            client_socksize -1
                                            load_check_stopen on
                                            load_check_stcreate on
                                            download_fastest_client_speed off
                                            
                                            
                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.