SHARE SQUID.CONF kamu disini

syedadi

OK, aku cuba ni… =)

Thanks

pfz

apapun yg berkaitan dengan Mallware pake SquidGuard dijamin deh…. ;D

serangku

kalau Mall kayak Matahari, SOGO, Hero, Hypermart dll …
itu gimana yah om pak de ...  ;D ;D ;D

OOT deh ..

queues

@serangku:

kalau Mall kayak Matahari, SOGO, Hero, Hypermart dll …
itu gimana yah om pak de ...  ;D ;D ;D

OOT deh ..

Tambahin OOTnya ya om :D

bahas tentang SRG dong om yang ada disini http://code.google.com/p/pfsense-cacheboy/

cara Installnya gmana ya? udh coba dr td tp gak bs akses.

syedadi

Mau tanya ni OM,  ???

gimana mau limit user apabila die download file yg lebih besar dari 50MB kelajuan bandwidth nya jadi 20kbp/s sahaja? aku sukar mau limit kerana ada user yg download movie dari mediafire….aku engak mau block, aku mau die fad-up download movie kerana kecepatanya rendah...

Boleh konsi caranya x OM?

delay_class 2 2;
delay_parameters 2 300000/300000 20971520/20971520;
delay_access 2 allow local_user;
delay_access 2 deny all;

Betul engak configurasi sebegini? Bila user download lebih 20MB, kelajuan jadi 30kbps? or aku salah disini? tolong om

poscom

@syedadi:

Mau tanya ni OM,  ???

gimana mau limit user apabila die download file yg lebih besar dari 50MB kelajuan bandwidth nya jadi 20kbp/s sahaja? aku sukar mau limit kerana ada user yg download movie dari mediafire….aku engak mau block, aku mau die fad-up download movie kerana kecepatanya rendah...

Boleh konsi caranya x OM?

delay_class 2 2;
delay_parameters 2 300000/300000 20971520/20971520;
delay_access 2 allow local_user;
delay_access 2 deny all;

Betul engak configurasi sebegini? Bila user download lebih 20MB, kelajuan jadi 30kbps? or aku salah disini? tolong om

pake CP jangan pake deley p

syedadi

aku engak pakai CP OM….connection biase saja...transparent proxy.

serangku

lanjut deh gan oprekan conf nya ….
biar enak tuh cumi buat menu buka puasa nanti ...  :)

syedadi

My Squid Setings…bnyk copy n paste aja nih...  ;D

Do not edit manually !

http_port 192.168.0.2:3128
http_port 127.0.0.1:80 transparent
icp_port 0

pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_directory /usr/local/etc/squid/errors/English
icon_directory /usr/local/etc/squid/icons
visible_hostname localhost
cache_mgr XXXXXX
access_log /var/squid/log/access.log
cache_log /var/squid/log/cache.log
cache_store_log none
shutdown_lifetime 3 seconds

Allow local network(s) on interface(s)

acl localnet src  192.168.0.0/255.255.255.0
forwarded_for off
via off
uri_whitespace strip

cache_mem 50 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir ufs /var/squid/cache 40000 16 256
minimum_object_size 0 KB
maximum_object_size 200000 KB
offline_mode on
cache_swap_low 90
cache_swap_high 95
acl donotcache dstdomain "/var/squid/acl/donotcache.acl"
cache deny donotcache

No redirector configured

Setup some default acls

acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 5331 3128 1025-65535
acl sslports port 443 563 5331
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl dynamic urlpath_regex cgi-bin ?
acl allowed_subnets src 192.168.0.0/24 192.168.2.0/24
acl unrestricted_hosts src "/var/squid/acl/unrestricted_hosts.acl"
acl whitelist dstdom_regex -i "/var/squid/acl/whitelist.acl"
acl blacklist dstdom_regex -i "/var/squid/acl/blacklist.acl"
cache deny dynamic
http_access allow manager localhost
 
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports

Always allow localhost connections

http_access allow localhost

quick_abort_min 0 KB
quick_abort_max 0 KB
request_body_max_size 0 KB
reply_body_max_size 102400000 deny all

#Pool Settings
delay_pools 3

#Pool 1
delay_class 1 2
delay_parameters 1 -1/-1 30720/30720
delay_initial_bucket_level 100

Throttle extensions matched in the url

acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl"
delay_access 1 allow throttle_exts
delay_access 1 deny all

#Pool 2
acl filesharing url_regex -i 2shared.com 4shared.com depositfiles.com easy-share.com filefactory.com fileserve.com filesonic.com hotfile.com letitbit.net megashares.com megaupload.com oron.com rapidshare.com rapidshare.de sharingmatrix.com turbobit.net uploaded.to uploading.com uploadstation.com wupload.com zshare.net
delay_class 2 2
delay_parameters 2 -1/-1 15000/12428800
delay_access 2 allow filesharing
delay_access 2 deny all

#Pool 3
acl vidhosting url_regex -i youtube.com vimeo.com metacafe.com veoh.com video.google.com viddownloader.com vixy.net keepvid.com
delay_class 3 2
delay_parameters 3 -1/-1 50720/50720
delay_access 3 allow vidhosting
delay_access 3 deny all

These hosts do not have any restrictions

http_access allow unrestricted_hosts

Always allow access to whitelist domains

http_access allow whitelist

Block access to blacklist domains

http_access deny blacklist

Setup allowed acls

Allow local network(s) on interface(s)

http_access allow allowed_subnets
http_access allow localnet

Custom options

refresh_pattern ^http://.facebook.com/ 10080 80% 43200 reload-into-ims
refresh_pattern ^http://.kaskus.us/ 10080 80% 43200 reload-into-ims
refresh_pattern ^http://.google.co*./ 10080 90% 43200 reload-into-ims
refresh_pattern ^http://.yahoo.co./ 10080 90% 43200 reload-into-ims
refresh_pattern ^http://..windowsupdate.microsoft.com/ 10080 80% 43200 reload-into-ims
refresh_pattern ^http://office.microsoft.com/ 10080 80% 43200 reload-into-ims
refresh_pattern ^http://windowsupdate.microsoft.com/ 10080 80% 43200 reload-into-ims
refresh_pattern ^http://w?xpsp[0-9].microsoft.com/ 10080 80% 43200 reload-into-ims
refresh_pattern ^http://w2ksp[0-9].microsoft.com/ 10080 80% 43200 reload-into-ims
refresh_pattern ^http://download.microsoft.com/ 10080 80% 43200 reload-into-ims
refresh_pattern ^http://download.macromedia.com/ 10080 80% 43200 reload-into-ims
refresh_pattern ^ftp://ftp.nai.com/ 10080 80% 43200 reload-into-ims
refresh_pattern ^http://ftp.software.ibm.com/ 10080 80% 43200 reload-into-ims
refresh_pattern ^http://.friendster.com/ 10080 80% 43200 reload-into-ims
refresh_pattern ^http://.detik.com/ 10080 80% 43200 reload-into-ims
refresh_pattern ^http://.kaskus.us/ 10080 80% 43200 reload-into-ims
refresh_pattern ^http://.google.co*./ 10080 90% 43200 reload-into-ims
refresh_pattern ^http://.yahoo.co*.*/ 10080 90% 43200 reload-into-ims

refresh_pattern ^http://.facebook.com/.* 720 100% 4320
refresh_pattern ^http://.apps.facebook.com/.* 720 100% 4320
refresh_pattern ^http://.profile.ak.fbcdn.net/. 720 100% 4320
refresh_pattern ^http://.creative.ak.fbcdn.net/. 720 100% 4320
refresh_pattern ^http://.static.ak.fbcdn.net/. 720 100% 4320
refresh_pattern ^http://.facebook.poker.zynga.com/. 720 100% 4320
refresh_pattern ^http://.statics.poker.static.zynga.com/. 720 100% 4320
refresh_pattern ^http://.zynga./.* 720 100% 4320
refresh_pattern ^http://.texas_holdem./.* 720 100% 4320
refresh_pattern ^http://.google./.* 720 100% 4320
refresh_pattern ^http://.indowebster./.* 720 100% 4320
refresh_pattern ^http://.4shared./.* 720 100% 4320
refresh_pattern ^http://.yahoo.com/. 720 100% 4320
refresh_pattern ^http://.yimg./.* 720 100% 4320
refresh_pattern ^http://.plasa.com/. 720 100% 4320
refresh_pattern ^http://.boleh./.* 720 100% 4320
refresh_pattern ^http://.detik./.* 180 100% 4320
refresh_pattern ^http://.detikinet./.* 180 100% 4320
refresh_pattern ^http://.detikhot./.* 180 100% 4320
refresh_pattern ^http://.detiportal./.* 180 100% 4320
refresh_pattern ^http://.kompas./.* 180 100% 4320
refresh_pattern ^http://.kapanlagi./.* 720 100% 4320
refresh_pattern ^http://.google-analytics./.* 720 100% 4320
refresh_pattern ^http://.macromedia./.* 720 100% 4320
refresh_pattern ^http://.adobe./.* 720 100% 4320
refresh_pattern ^http://.pandasoftware./.* 720 100% 4320
refresh_pattern ^http://.comodo./.* 720 100% 4320
refresh_pattern ^http://.foxitsoftware./.* 720 100% 4320
refresh_pattern ^http://.avg./.* 720 100% 4320
refresh_pattern ^http://.avast./.* 720 100% 4320

Manual configuration

refresh_pattern ^http://(.?)/get_video? 10080 90% 999999 override-expire ignore-no-cache ignore-private
refresh_pattern ^http://(.?)/videoplayback? 10080 90% 999999 override-expire ignore-no-cache ignore-private
refresh_pattern -i (get_video?|videoplayback?id|videoplayback.*id) 161280 50000% 525948 override-expire ignore-reload

compressed

refresh_pattern -i .gz$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .cab$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .bzip2$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .bz2$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .gz2$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .tgz$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .tar.gz$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .zip$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .rar$ 1008000 90% 99999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .tar$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .ace$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .7z$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload

documents

refresh_pattern -i .xls$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .doc$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .xlsx$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .docx$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .pdf$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .ppt$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .pptx$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .rtf?$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload

multimedia

refresh_pattern -i .mid$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .wav$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .viv$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .mpg$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .mov$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .avi$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .asf$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .qt$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .rm$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .rmvb$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .mpeg$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .wmp$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .3gp$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .mp3$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .mp4$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload

web content

refresh_pattern -i .js$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .psf$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .html$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .htm$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .css$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .swf$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .js?$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .css?$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .xml$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload

images

refresh_pattern -i .gif$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .jpg$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .png$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .jpeg$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .bmp$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .psd$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .ad$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .gif?$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .jpg?$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .png?$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .jpeg?$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .psd?$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload

application

refresh_pattern -i .deb$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .rpm$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .msi$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .exe$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .dmg$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload

misc

refresh_pattern -i .dat$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .qtm$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload

itunes

refresh_pattern -i .m4p$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .mpa$ 10080 90% 999999 override-expire override-lastmod reload-into-ims ignore-reload

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern cgi-bin  0  0%  0
refresh_pattern ?  0  20%  4320
refresh_pattern .  0  20%  4320

redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf
redirector_bypass on
redirect_children 3

Default block all to be sure

http_access deny all

dynasty

:'( :'( :'( Permisi om om squid tolong di cek squid ane,baru 1 minggu coba utak atik pfsense

Do not edit manually !

http_port 192.168.1.77:3128
http_port 127.0.0.1:3128 transparent
icp_port 0

pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_directory /usr/local/etc/squid/errors/English
icon_directory /usr/local/etc/squid/icons
visible_hostname dynastymanokwari
cache_mgr admin@dynasty.net
access_log /var/squid/logs/access.log
cache_log /var/squid/logs/cache.log
cache_store_log none
logfile_rotate 1
shutdown_lifetime 3 seconds

Allow local network(s) on interface(s)

acl localnet src  192.168.1.0/255.255.255.0
forwarded_for off
via off
uri_whitespace strip
dns_nameservers 127.0.0.1
cache_mem 8 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir ufs /var/squid/cache 10000 16 256
minimum_object_size 0 KB
maximum_object_size 1000 KB
offline_mode off
cache_swap_low 90
cache_swap_high 95

No redirector configured

Setup some default acls

acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 81 3128 1025-65535
acl sslports port 443 563 81
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl dynamic urlpath_regex cgi-bin ?
acl blacklist dstdom_regex -i "/var/squid/acl/blacklist.acl"
cache deny dynamic
http_access allow manager localhost

http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports

Always allow localhost connections

http_access allow localhost

quick_abort_min 0 KB
quick_abort_max 0 KB
request_body_max_size 0 KB
reply_body_max_size 0 deny all
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100

Throttle extensions matched in the url

acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl"
delay_access 1 allow throttle_exts
delay_access 1 deny all

Block access to blacklist domains

http_access deny blacklist

Setup allowed acls

Allow local network(s) on interface(s)

http_access allow localnet

Default block all to be sure

http_access deny all
–-------------------------------------------
prosesor Intel(R) Pentium(R) 4 CPU 2.40GHz
memory 1 G
HD 80 G

termakasih sebelumnya

serangku

saran dari om …
investasr dgn maksimalkan ram pisiknya
yg 32 bit bisa sampe 3gb
yg 64 bit bisa 4 gb keatas

toh harga ram sudah lebih murah

kaptenhook

kalo masih kurang ganas juga pake RAMbo