Posted by: Yuris | May 6, 2008

Squid config access list

Squid config yang dicomot dari server suatu perusahaan telekomunikasi :P (sory eSeMTe)

Config acl squid proxy server.
http_port 3128 transparent
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_mem 128 MB
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log

cache_store_log /var/log/squid/store.log

unlinkd_program /usr/lib/squid/unlinkd

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
coredump_dir /var/spool/squid
error_directory /etc/squid/errors
cache_dir ufs /var/spool/squid 10000 16 256
cache_mgr admin@ptsmt.com
cache_effective_user squid
cache_effective_group squid
visible_hostname squid.ptsmt.com

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl Safe_ports port 80 21 443 2443
acl Lan src 10.11.129.0/255.255.255.0
# acl untuk allow / redirect access list
acl Lan-ex1 src 10.11.129.90/255.255.255.255
acl Lan-ex2 src 10.11.129.16/255.255.255.255
acl Lan-ex3 src 10.11.129.64/255.255.255.255
acl CONNECT method CONNECT
acl porndomain url_regex “/etc/squid/blacklist/porn/domains”
acl porn url_regex “/etc/squid/blacklist/porn/urls”
acl site url_regex “/etc/squid/blacklist/site/urls”
acl unblocked url_regex “/etc/squid/blacklist/unblocked/domains”
acl SSL_ports port 443 2443 563
acl files url_regex -i .mp3 .mpeg .avi .mpg .iso .wav .mid .wmv .flv
acl Workhour time MTWHF 08:00-17:00
acl adsdomain url_regex “/etc/squid/blacklist/ads/domains”
acl maildomain url_regex “/etc/squid/blacklist/mail/domains”
acl warez url_regex “/etc/squid/blacklist/warez/urls”
acl warezdomain url_regex “/etc/squid/blacklist/warez/domains”

http_reply_access allow all
icp_access allow all

#!Lan-ex1 !Lan-ex2 !Lan-ex3
http_access deny porndomain Lan !unblocked !Lan-ex2 !lan-ex3
http_access deny porn Lan !Lan-ex2 !lan-ex3
http_access deny site Lan Workhour !Lan-ex1 !Lan-ex2 !Lan-ex3
http_access deny adsdomain Lan
http_access deny maildomain Lan !unblocked
http_access deny warez Lan Workhour !Lan-ex2 !lan-ex3
http_access deny warezdomain Lan Workhour !Lan-ex2 !lan-ex3
http_access allow manager
http_access allow localhost
http_access allow Lan
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all

delay_pools 2
delay_class 1 3
delay_parameters 1 24000/24000 8000/8000 500/500
delay_access 1 allow Lan files Workhour
delay_access 1 deny all
delay_class 2 2
delay_parameters 2 24000/24000 8000/8000
delay_access 2 allow Lan
delay_access 2 deny all
deny_info ERR_PORN porn
deny_info ERR_PORN porndomain

Posted in Pengetahuan | Tags: , ,

«
»

Responses

  1. ya, q anak sman 1 kepanjen,

    nie alamat fs aq fira_vls@yahoo.co.id

    By: fira on December 19, 2008
    at 12:56 pm


Leave a response






Your response:

Categories