Mohon bantuannya instalasi&konfigurasi Antivirus Proxy HAVP

Diskusi tentang Ubuntu Server baik webserver, database server, samba server dan service lainnya serta jaringan menggunakan Sistem Operasi Ubuntu.
User avatar
antoniusgenta
Posts: 103
Joined: 29 Dec 2011, 14:40
Location: jakarta

Mohon bantuannya instalasi&konfigurasi Antivirus Proxy HAVP

Postby antoniusgenta » 05 Feb 2012, 20:00

Selamat malam teman2 FUI..saya ingin minta bantuan para mastah2 di FUI,,akhir2 ini saya coba instal clamav & HAVP ternyata saya tidak bisa menggunakannya untuk scanning dan tidak tahu cara menjalankan softwarenya saya menggunakan ubuntu server (yg pada prinsipnya menggunakan commandline)..yg saya harapkan keduanya bisa berjalan dan bisa ditest juga.bagaimana install HAVP utk antivirus proxy? jadi semua yang lewat port 80 akan discanning melalui HAVP di proxy,,dan mohon petunjuk utk settingan di squidnya utk HAVP agar berjalan dengan baik!

terima kasih
User avatar
yudiarbi
Posts: 627
Joined: 22 Mar 2011, 09:31
Location: Probolinggo, Jawa Timur
Contact:

Re: Mohon bantuannya instalasi&konfigurasi Antivirus Proxy H

Postby yudiarbi » 06 Feb 2012, 13:40

mgkn topologi spt ini :
[spoiler]Port 80 HAVP (8080) Squid (3128) Client
[color:#FFFFFF]dfdfdfdddfdfdfddff[/color]||
CLAMAV+LIBCLAMAV[/spoiler]
diasumsikan proxy berjalan dengan baik

Code: Select all

sudo apt-get install havp
tambahkan di squid.conf :

Code: Select all

cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default
User avatar
antoniusgenta
Posts: 103
Joined: 29 Dec 2011, 14:40
Location: jakarta

Re: Mohon bantuannya instalasi&konfigurasi Antivirus Proxy H

Postby antoniusgenta » 06 Feb 2012, 16:29

mgkn topologi spt ini :
Port 80 HAVP (8080) Squid (3128) Client
||
CLAMAV+LIBCLAMAV
diasumsikan proxy berjalan dengan baik

Code: Select all

sudo apt-get install havp
tambahkan di squid.conf :
cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default
Makasih mas yudi atas jawabannya&responnya...

utk proxy squid sudah berjalan dengan baik.. setelah install havp sukses command apalagi yg harus saya jalankan selain apt-get install havp utk havp? maaf saya baru belajar linux dan mungkin saya akan banyak bertanya di fUI ini..
User avatar
yudiarbi
Posts: 627
Joined: 22 Mar 2011, 09:31
Location: Probolinggo, Jawa Timur
Contact:

Re: Mohon bantuannya instalasi&konfigurasi Antivirus Proxy H

Postby yudiarbi » 07 Feb 2012, 08:26

tambahkan di squid.confnya :

Code: Select all

cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default
jgn lupa :
eksekusi perintah

Code: Select all

squid -k reconfigure
User avatar
antoniusgenta
Posts: 103
Joined: 29 Dec 2011, 14:40
Location: jakarta

Re: Mohon bantuannya instalasi&konfigurasi Antivirus Proxy H

Postby antoniusgenta » 07 Feb 2012, 16:14

tambahkan di squid.confnya :

Code: Select all

cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default
jgn lupa :
eksekusi perintah

Code: Select all

squid -k reconfigure
terimakasih mas atas responnya..

semalam saya coba untuk menjalankan Havp dengan command init.d/havp start dan hasilnya sukses HAVP bisa berjalan..setelah saya masukan konfigurasi di squid yg mas yudi berikan cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default (apa ada aturan line dalam squid utk meletakan command tsb?)squid saya tidak bisa ngehit dan tidak berjalan(saya menggunakan transparent proxy).. setelah saya remark kembali command yg mas yudi berikan utk squid..squid saya kembali berjalan dengan normal,dimana letak kesalahan saya ya mas? utk command squid -k reconfigure belum saya coba..mgkn malam ini saya akan coba kembali dan kalo memang sdh berhasil saya akan posting diforum ini..

saya ucapkan byk terimakasih telah memberikan jawabannya,maaf kalo ada kata yg kurang dimengerti.
User avatar
antoniusgenta
Posts: 103
Joined: 29 Dec 2011, 14:40
Location: jakarta

Re: Mohon bantuannya instalasi&konfigurasi Antivirus Proxy H

Postby antoniusgenta » 09 Feb 2012, 15:21

tambahkan di squid.confnya :

Code: Select all

cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default
jgn lupa :
eksekusi perintah

Code: Select all

squid -k reconfigure
terimakasih mas atas responnya..

semalam saya coba untuk menjalankan Havp dengan command init.d/havp start dan hasilnya sukses HAVP bisa berjalan..setelah saya masukan konfigurasi di squid yg mas yudi berikan cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default (apa ada aturan line dalam squid utk meletakan command tsb?)squid saya tidak bisa ngehit dan tidak berjalan(saya menggunakan transparent proxy).. setelah saya remark kembali command yg mas yudi berikan utk squid..squid saya kembali berjalan dengan normal,dimana letak kesalahan saya ya mas? utk command squid -k reconfigure belum saya coba..mgkn malam ini saya akan coba kembali dan kalo memang sdh berhasil saya akan posting diforum ini..

saya ucapkan byk terimakasih telah memberikan jawabannya,maaf kalo ada kata yg kurang dimengerti.


setelah saya jalankan command diatas spertinya havp saya tidak berfungsi berikut ini link utk test havp http://www.eicar.org/anti_virus_test_file.htm masih bisa terbuka dan tidak ada pesan apa pun..
mohon bantuannya mas.
terimakasih
User avatar
yudiarbi
Posts: 627
Joined: 22 Mar 2011, 09:31
Location: Probolinggo, Jawa Timur
Contact:

Re: Mohon bantuannya instalasi&konfigurasi Antivirus Proxy H

Postby yudiarbi » 13 Feb 2012, 02:41

coba posting squid.conf bro, gak ada aturan penempatan sih....
User avatar
antoniusgenta
Posts: 103
Joined: 29 Dec 2011, 14:40
Location: jakarta

Re: Mohon bantuannya instalasi&konfigurasi Antivirus Proxy H

Postby antoniusgenta » 13 Feb 2012, 15:06

coba posting squid.conf bro, gak ada aturan penempatan sih....
ini mas squid.conf saya..

Code: Select all

#---------------------------------------- # SELAMAT TO SQUID 2.7.STABLE9 # ---------------------------- # OPTIONS FOR AUTHENTICATION # ----------------------------------------------------------------------------- # TAG: authenticate_cache_garbage_interval #Default: # authenticate_cache_garbage_interval 1 hour # TAG: authenticate_ttl #Default: # authenticate_ttl 1 hour # TAG: authenticate_ip_ttl #Default: # authenticate_ip_ttl 0 seconds # TAG: authenticate_ip_shortcircuit_ttl #Default: # authenticate_ip_shortcircuit_ttl 0 seconds # ACCESS CONTROLS # ----------------------------------------------------------------------------- # TAG: external_acl_type acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.5.0/24 acl localnet src 192.168.4.0/24 acl localnet src 192.168.1.0/24 acl localnet src 192.168.2.0/24 acl localnet src 192.168.3.0/24 acl localnet src 125.167.26.197 #acl localnet src 125.167.26.1 #acl localnet src 110.136.208.0/24 # #acl POST method POST #acl IpAddressOnly url_regex ^http://[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/$ #acl IpAddressOnly url_regex ^http://[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ #acl GETONLY method GET acl SSL_ports port 443 # https acl SSL_ports port 563 # snews acl SSL_ports port 873 # rsync acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 631 # cups acl Safe_ports port 873 # rsync acl Safe_ports port 901 # SWAT #acl Safe_ports port 843 # poker acl purge method PURGE acl CONNECT method CONNECT acl dynamic urlpath_regex cgi-bin \? cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default # saya masukan seperti yg mas berikan #cache_peer 203.89.26.66 parent 8080 0 no-query no-netdb-exchange #http_access allow localnet http_access allow manager localhost http_access deny manager # Only allow purge requests from localhost http_access allow purge localhost http_access deny purge # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports # from where browsing should be allowed http_access allow localhost http_access allow all http_access deny all # TAG: http_access2 #Default: # none # TAG: http_reply_access #Default: #http_reply_access allow all # TAG: icp_access #Default: icp_access allow all #icp_access allow localnet icp_access deny all #Allow ICP queries from local networks only # TAG: htcp_access #Default: #htcp_access allow all #Allow HTCP queries from local networks only # htcp_access allow localnet # htcp_access deny all # TAG: htcp_clr_access #Default: # htcp_clr_access deny all # TAG: miss_access #Default setting: # miss_access allow all # TAG: ident_lookup_access #Default: # ident_lookup_access deny all #Default: # reply_body_max_size allow all # TAG: authenticate_ip_shortcircuit_access #Default: # none # OPTIONS FOR X-Forwarded-For # ----------------------------------------------------------------------------- # TAG: follow_x_forwarded_for #Default: #follow_x_forwarded_for allow localhost # TAG: acl_uses_indirect_client on|off #Default: #acl_uses_indirect_client on # TAG: delay_pool_uses_indirect_client on|off #Default: # delay_pool_uses_indirect_client on # TAG: log_uses_indirect_client on|off #Default: # log_uses_indirect_client on # SSL OPTIONS # ----------------------------------------------------------------------------- # TAG: ssl_unclean_shutdown #Default: # none # TAG: sslproxy_client_certificate #Default: # none # TAG: sslproxy_client_key #Default: # none # TAG: sslproxy_version #Default: # sslproxy_version 1 # TAG: sslproxy_options #Default: # none # TAG: sslproxy_cipher #Default: # none # TAG: sslproxy_cafile #Default: # none # TAG: sslproxy_capath #Default: # none # TAG: sslproxy_flags #Default: # none # TAG: sslpassword_program #Default: # none # NETWORK OPTIONS # ----------------------------------------------------------------------------- # TAG: http_port # Squid normally listens to port 3128 http_port 3128 transparent # TAG: https_port #Default: # none # TAG: tcp_outgoing_tos #Default: tcp_outgoing_tos 0x30 # TAG: tcp_outgoing_address #Default: #tcp_outgoing_address 192.168.88.0/24 # TAG: zph_mode #Default: zph_mode tos # TAG: zph_local #Default: zph_local 0x30 # TAG: zph_sibling #Default: # zph_sibling 0 # TAG: zph_parent # Default: 0 (disabled). #Default: #zph_parent 0 # TAG: zph_option #Default: #zph_option 136 # OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM # ----------------------------------------------------------------------------- # TAG: cache_peer #Default: icp_hit_stale on # TAG: cache_peer_domain #Default: # none # TAG: cache_peer_access #Default: # none # TAG: neighbor_type_domain #Default: # none # TAG: dead_peer_timeout (seconds) #Default: dead_peer_timeout 30 seconds # TAG: hierarchy_stoplist # # MEMORY CACHE OPTIONS # ----------------------------------------------------------------------------- # TAG: cache_mem (bytes) #Default: cache_mem 32 MB # TAG: maximum_object_size_in_memory (bytes) #Default: maximum_object_size_in_memory 8 KB # TAG: memory_replacement_policy #Default: memory_replacement_policy heap GDSF # DISK CACHE OPTIONS #Default: #cache_replacement_policy heap GDSF cache_replacement_policy heap LFUDA # TAG: cache_dir #Default: cache_dir aufs /cache 9000 5 512 cache_dir aufs /cache1 9000 5 512 cache_dir aufs /cache2 9000 5 512 cache_dir aufs /cache3 9000 5 512 # TAG: store_dir_select_algorithm #Default: store_dir_select_algorithm least-load|round-robin # TAG: max_open_disk_fds #Default: # max_open_disk_fds 0 # TAG: minimum_object_size (bytes) #Default: minimum_object_size 0 bytes # TAG: maximum_object_size (bytes) #Default: maximum_object_size 300 MB # TAG: cache_swap_low (percent, 0-100) # TAG: cache_swap_high (percent, 0-100) # #Default: cache_swap_low 96 cache_swap_high 97 # TAG: update_headers on|off #Default: #update_headers off # LOGFILE OPTIONS # ----------------------------------------------------------------------------- # TAG: logformat #Default: # none # TAG: access_log #Default: #log_access allow all # TAG: logfile_daemon #Default: #logfile_daemon /usr/lib/squid/logfile-daemon # TAG: cache_log #Default: cache_log none # TAG: cache_store_log #Default: cache_store_log none # TAG: cache_swap_state #Default: cache_swap_log /var/log/squid/swap.state # TAG: logfile_rotate #Default: logfile_rotate 1 # TAG: emulate_httpd_log on|off #Default: emulate_httpd_log off # TAG: log_ip_on_direct on|off #Default: log_ip_on_direct off # TAG: mime_table #Default: #mime_table /usr/share/squid/mime.conf # TAG: log_mime_hdrs on|off #Default: # log_mime_hdrs off # TAG: useragent_log #Default: # none # TAG: referer_log #Default: # none # TAG: pid_filename #Default: pid_filename /var/run/squid.pid # TAG: debug_options #Default: debug_options ALL,1 # TAG: log_fqdn on|off #Default: log_fqdn off # TAG: client_netmask #Default: client_netmask 255.255.255.255 # TAG: forward_log #Default: # none # TAG: strip_query_terms #Default: strip_query_terms off # TAG: buffered_logs on|off #Default: buffered_logs off # TAG: netdb_filename #Default: # netdb_filename /var/spool/squid/logs/netdb.state # OPTIONS FOR FTP GATEWAYING # ----------------------------------------------------------------------------- # TAG: ftp_user #Default: # ftp_user Squid@ # TAG: ftp_list_width #Default: # ftp_list_width 32 # TAG: ftp_passive #Default: # ftp_passive on # TAG: ftp_sanitycheck #Default: # ftp_sanitycheck on # TAG: ftp_telnet_protocol #Default: # ftp_telnet_protocol on # OPTIONS FOR EXTERNAL SUPPORT PROGRAMS # ----------------------------------------------------------------------------- # TAG: diskd_program #Default: diskd_program /usr/lib/squid/diskd-daemon # TAG: unlinkd_program #Default: #unlinkd_program /usr/lib/squid/unlinkd # TAG: pinger_program #Default: #pinger_program /usr/lib/squid/pinger # OPTIONS FOR URL REWRITING # ----------------------------------------------------------------------------- # TAG: storeurl_rewrite_program #Default: # Had to uncomment this again, because I couln'd login to google mail using IE6 (firefox had no trouble): acl store_rewrite_list_domain_CDN url_regex ^http:\/\/[.a-z0-9]*\.photobucket\.com.*\.[a-z]{3}$ acl store_rewrite_list_domain_CDN url_regex streamate.doublepimp.com.*\.js\? \.doubleclick\.net.* yieldmanager cpxinteractive quantserve\.com acl dontrewrite url_regex (get_video|video\?v=|videoplayback\?id|videoplayback.*id).*begin\=[1-9][0-9]* \.php\? \.asp\? \.aspx\? threadless.*\.jpg\?r= acl getmethod method GET storeurl_access deny dontrewrite storeurl_access deny !getmethod storeurl_access allow speedtest_allow_url storeurl_access allow speedtest_allow_dom storeurl_access allow store_rewrite_list_domain_CDN storeurl_access allow store_rewrite_list storeurl_access allow store_rewrite_list_domain store_rewrite_list_path storeurl_access deny all storeurl_rewrite_program /etc/squid/storeurl.pl storeurl_rewrite_children 1 storeurl_rewrite_concurrency 99 # TAG: url_rewrite_program #Default: # none # TAG: url_rewrite_children #Default: url_rewrite_children 15 # TAG: url_rewrite_concurrency #Default: url_rewrite_concurrency 0 # TAG: url_rewrite_host_header #Default: #url_rewrite_host_header on # TAG: url_rewrite_access #Default: url_rewrite_access allow localnet # TAG: storeurl_access # # #Default: # TAG: redirector_bypass #Default: redirector_bypass on # TAG: location_rewrite_program #Default: # none # TAG: location_rewrite_children #Default: #location_rewrite_children 5 # TAG: location_rewrite_concurrency #Default: # location_rewrite_concurrency 0 # TAG: location_rewrite_access #Default: # none # OPTIONS FOR TUNING THE CACHE # ----------------------------------------------------------------------------- # TAG: cache #Default: # none # TAG: max_stale time-units #Default: #max_stale 1 years # TAG: refresh_pattern #Suggested default: #PATTERN REFRESH #Konfigurasi manual http #PATTERN REFRESH refresh_pattern (index|home|default)\.(php|asp|aspx|htm|html) 0 0% 0 refresh_pattern (get_video|video|videoplayback|videodownload).*(begin|start)\=[1-9][0-9]* 0 0% 0 refresh_pattern \.(3gp|mp(3|4)|flv|(m|f)4v|on2|fid).*(begin|start)\=[1-9][0-9]* 0 0% 0 #FB refresh_pattern \.facebook\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 43200 999999% 43200 override-expire ignore-reload ignore-no-cache ignore-private ignore-no-store ignore-must-revalidate store-stale refresh_pattern \.fbcdn\.net.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 43200 999999% 43200 override-expire ignore-reload ignore-no-cache ignore-private ignore-no-store ignore-must-revalidate store-stale negative-ttl=0 refresh_pattern \.gstatic\.com/images\? 43200 999999% 259200 override-expire override-lastmod ignore-reload ignore-no-cache ignore-private ignore-must-revalidate store-stale refresh_pattern \.(akamaihd|edgecastcdn|spilcdn|zgncdn|(tw|y|yt)img)\.com.*\.(jp(e?g|e|2)|gif|png|swf|mp(3|4)) 43200 999999% 259200 override-expire override-lastmod ignore-reload ignore-no-cache ignore-private ignore-must-revalidate store-stale refresh_pattern (gstatic|diggstatic)\.com/.* 43200 999999% 259200 override-expire ignore-reload ignore-no-cache ignore-private ignore-no-store ignore-must-revalidate store-stale refresh_pattern (photobucket|pbsrc|flickr|yimg|ytimg|twimg|gravatar)\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 43200 999999% 259200 override-expire ignore-reload ignore-no-cache ignore-private ignore-no-store ignore-must-revalidate store-stale refresh_pattern (zynga|ninjasaga|mafiawars|cityville|farmville|crowdstar|spilcdn|agame|popcap)\.com/.* 43200 999999% 259200 override-expire ignore-reload ignore-no-cache ignore-private ignore-no-store ignore-must-revalidate store-stale refresh_pattern ^http:\/\/images|image|img|pics|openx|thumbs[0-9]\. 43200 999999% 259200 override-expire ignore-reload ignore-no-cache ignore-private ignore-no-store ignore-must-revalidate store-stale refresh_pattern ^.*safebrowsing.*google 259200 999999% 259200 override-expire ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth ignore-must-revalidate negative-ttl=10080 store-stale refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv\?|\.fid\?) 43200 99999999% 259200 override-expire ignore-reload ignore-must-revalidate ignore-no-cache ignore-no-store ignore-private store-stale negative-ttl=0 refresh_pattern (\.swf\?|\.avi\?|\.mov\?|\.wm(a|v)\?|\.3gp\?|\.mp(4|3)\?|\.rm\?|\.ram\?|\.m4v\?|\.on2\?) 43200 999999% 259200 override-expire ignore-reload ignore-must-revalidate ignore-no-cache ignore-no-store ignore-private store-stale negative-ttl=0 refresh_pattern \.indowebster\.com.*\.(mp3|mp4|mpeg|ra?m|avi|mp(g|e|4)|mov|divx|asf|wmv|m\dv|rv|vob|asx|ogm|flv|3gp|on2|z(ip|[0-9]{2})|r(ar|[0-9]{2})|jar|vpu|exe|msi|msp|msu|dmg|bin|xpi|iso|swf|mar|psf|cab|swf|mp(4|3)) 43200 999999% 43200 override-expire ignore-reload ignore-no-cache ignore-private ignore-no-store ignore-must-revalidate store-stale negative-ttl=0 #general refresh_pattern \.(jp(e?g|e|2)|tiff?|bmp|gif|png) 43200 999999% 259200 ignore-no-cache ignore-no-store reload-into-ims override-expire ignore-must-revalidate ignore-private store-stale refresh_pattern \.(z(ip|[0-9]{2})|r(ar|[0-9]{2})|jar|bz2|gz|tar|rpm|vpu) 43200 999999% 259200 override-expire reload-into-ims ignore-no-cache ignore-private ignore-must-revalidate ignore-no-store store-stale refresh_pattern \.(mp3|wav|og(g|a)|flac|midi?|rm|aac|wma|mka|ape) 43200 999999% 259200 override-expire reload-into-ims ignore-reload ignore-no-cache ignore-private ignore-must-revalidate ignore-no-store store-stale refresh_pattern \.(exe|msi|msp|msu|dmg|bin|xpi|iso|swf|mar|psf|apk|cab) 43200 999999% 259200 override-expire reload-into-ims ignore-reload ignore-no-cache ignore-private ignore-must-revalidate ignore-no-store store-stale refresh_pattern \.(mpeg|ra?m|avi|mp(g|e|4)|mov|divx|asf|wmv|m\dv|rv|vob|asx|ogm|flv|3gp|on2) 43200 999999% 259200 override-expire override-lastmod ignore-reload ignore-no-cache ignore-private ignore-auth ignore-must-revalidate ignore-no-store negative-ttl=0 store-stale refresh_pattern -i (cgi-bin) 0 0% 0 refresh_pattern \.(php|jsp|cgi|asx|asp|aspx)\? 0 0% 0 refresh_pattern ^ftp: 40320 20% 40320 override-expire reload-into-ims store-stale refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 20 50% 129600 ignore-no-cache store-stale # Windows Update refresh_pattern windowsupdate.com/.*\.(cab|exe) 43200 999999% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale refresh_pattern update.microsoft.com/.*\.(cab|exe) 43200 999999% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale refresh_pattern download.microsoft.com/.*\.(cab|exe) 43200 999999% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale # IMAGES facebook refresh_pattern ((facebook.com)|(85.131.151.39)).*\.(jpg|png|gif) 21600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|mp3) 21600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale refresh_pattern static\.ak\.fbcdn\.net*\.(jpg|gif|png) 21600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png) 21600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale # IIX DOWNLOAD refresh_pattern ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(mp3|rar|zip|flv|wmv|3gp|mp(4|3)|exe|msi|zip) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale ignore-auth # ANTI VIRUS refresh_pattern avast.com.*\.vpx 40320 50% 525600 store-stale reload-into-ims refresh_pattern (avgate|avira).*\.(idx|gz)$ 1440 90% 1440 ignore-reload ignore-no-cache ignore-no-store store-stale ignore-must-revalidate refresh_pattern kaspersky.*\.avc$ 131400 999999% 525600 ignore-reload store-stale refresh_pattern kaspersky 1440 50% 131400 ignore-no-cache store-stale refresh_pattern .symantecliveupdate.com.*\.zip 1440 90% 131400 ignore-must-revalidate store-stale refresh_pattern .update.nai.com/.*\.(gem|zip|mcs) 43800 999999% 43800 ignore-reload store-stale ignore-must-revalidate refresh_pattern .symantec.com.*\(exe|zip) 43800 999999% 43800 ignore-reload store-stale ignore-must-revalidate # Detik refresh_pattern -i ^http://.*\.detik\.com/ 0 50% 4320 refresh_pattern -i ^http://.*\.detiknews\.com/ 0 50% 4320 refresh_pattern -i ^http://.*\.detikhot\.com/ 0 50% 4320 refresh_pattern -i ^http://.*\.detikfinance\.com/ 0 50% 4320 refresh_pattern -i ^http://.*\.detiksport\.com/ 0 50% 4320 # BANNER IIX refresh_pattern ^http:\/\/openx.*\.(jp(e?g|e|2)|gif|pn[pg]|swf|ico|css|tiff?) 129600 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale refresh_pattern ^http:\/\/ads(1|2|3).kompas.com.*\/ 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale refresh_pattern ^http:\/\/img.ads.kompas.com.*\/ 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale refresh_pattern .kompasimages.com.*\.(jpg|gif|png|swf) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale refresh_pattern ^http:\/\/openx.kompas.com.*\/ 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale refresh_pattern kaskus.\us.*\.(jp(e?g|e|2)|gif|png|swf) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale refresh_pattern ^http:\/\/img.kaskus.us.*\.(jpg|gif|png|swf) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale #cache allow all # TAG: quick_abort_max (KB) # TAG: quick_abort_pct (percent) #Default: quick_abort_min 0 KB quick_abort_max 0 KB quick_abort_pct 99 # TAG: read_ahead_gap buffer-size # The amount of data the cache will buffer ahead of what has been # sent to the client when retrieving an object from another server. # #Default: # read_ahead_gap 16 KB # TAG: negative_ttl time-units #Default: negative_ttl 2 second #negative_ttl TIME_UNITS # TAG: positive_dns_ttl time-units # Upper limit on how long Squid will cache positive DNS responses. # Default is 6 hours (360 minutes). This directive must be set # larger than negative_dns_ttl. # #Default: positive_dns_ttl 6 hours # TAG: negative_dns_ttl time-units # Time-to-Live (TTL) for negative caching of failed DNS lookups. # This also sets the lower cache limit on positive lookups. # Minimum value is 1 second, and it is not recommendable to go # much below 10 seconds. # #Default: negative_dns_ttl 1 minute # TAG: range_offset_limit (bytes) #Default: #range_offset_limit 512 KB # TAG: minimum_expiry_time (seconds) #Default: minimum_expiry_time 60 seconds # TAG: store_avg_object_size (kbytes) # Average object size, used to estimate number of objects your # cache can hold. The default is 13 KB. #Default: store_avg_object_size 13 KB #aslinya # TAG: store_objects_per_bucket #Default: # store_objects_per_bucket 20 # HTTP OPTIONS # ----------------------------------------------------------------------------- # TAG: request_header_max_size (KB) # This specifies the maximum size for HTTP headers in a request. #Default: request_header_max_size 2048 KB # TAG: reply_header_max_size (KB) # This specifies the maximum size for HTTP headers in a reply. #Default: #reply_header_max_size 500 GB # TAG: request_body_max_size (KB) # This specifies the maximum size for an HTTP request body. #Default: #request_body_max_size 0 KB # TAG: broken_posts # A list of ACL elements which, if matched, causes Squid to send #Example: # acl buggy_server url_regex ^http://.... # broken_posts allow buggy_server #Default: # none # TAG: upgrade_http0.9 # This access list controls when HTTP/0.9 responses is upgraded acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9] upgrade_http0.9 deny shoutcast # TAG: via on|off # If set (default), Squid will include a Via header in requests and #Default: # via on # TAG: cache_vary # When 'cache_vary' is set to off, response that have a #Default: #cache_vary on # TAG: broken_vary_encoding # Many servers have broken support for on-the-fly Content-Encoding, acl apache rep_header Server ^Apache broken_vary_encoding allow apache # TAG: collapsed_forwarding (on|off) # This option enables multiple requests for the same URI to be # processed as one request. Normally disabled to avoid # this in accelerator setups where the web servers are the bottleneck #Default: #collapsed_forwarding on # TAG: refresh_stale_hit (time) # This option changes the refresh algorithm to allow concurrent #Default: #refresh_stale_hit 1 seconds # TAG: ie_refresh on|off # Microsoft Internet Explorer up until version 5.5 Service #Default: #ie_refresh on # TAG: vary_ignore_expire on|off # Many HTTP servers supporting Vary gives such objects # immediate expiry time with no cache-control header # when requested by a HTTP/1.0 client. This option # enables Squid to ignore such expiry times until # HTTP/1.1 is fully implemented. # WARNING: This may eventually cause some varying # objects not intended for caching to get cached. # #Default: vary_ignore_expire on # TAG: extension_methods # Squid only knows about standardized HTTP request methods. # You can add up to 20 additional "extension" methods here. # extension_methods REPORT MERGE MKACTIVITY CHECKOUT # TAG: request_entities # Squid defaults to deny GET and HEAD requests with request entities, #Default: # request_entities off # TAG: header_access # # For example, to achieve the same behavior as the old # 'http_anonymizer standard' option, you should use: # # header_access From deny all # header_access Referer deny all # header_access Server deny all # header_access User-Agent deny all # header_access WWW-Authenticate deny all # header_access Link deny all # # Or, to reproduce the old 'http_anonymizer paranoid' feature # you should use: # # header_access Allow allow all # header_access Authorization allow all # header_access WWW-Authenticate allow all # header_access Proxy-Authorization allow all # header_access Proxy-Authenticate allow all # header_access Cache-Control allow all # header_access Content-Encoding allow all # header_access Content-Length allow all # header_access Content-Type allow all # header_access Date allow all # header_access Expires allow all # header_access Host allow all # header_access If-Modified-Since allow all # header_access Last-Modified allow all # header_access Location allow all # header_access Pragma allow all # header_access Accept allow all # header_access Accept-Charset allow all # header_access Accept-Encoding allow all # header_access Accept-Language allow all # header_access Content-Language allow all # header_access Mime-Version allow all # header_access Retry-After allow all # header_access Title allow all # header_access Connection allow all # header_access Proxy-Connection allow all # header_access All deny all # # By default, all headers are allowed (no anonymizing is # performed). # #Default: header_access X-Forwarded-For deny all #header_access Accept-Encoding deny all header_access From deny all header_access Server deny all header_access Link deny all # TAG: header_replace # Usage: header_replace header_name message # Example: header_replace User-Agent Nutscrape/1.0 (CP/M; 8-bit) #Default: # none # TAG: relaxed_header_parser on|off|warn # In the default "on" setting Squid accepts certain forms #Default: # relaxed_header_parser on # TAG: server_http11 on|off # This option enables the use ot HTTP/1.1 on outgoing "direct" requests. #Default: server_http11 on # TAG: ignore_expect_100 on|off # This option makes Squid ignore any Expect: 100-continue header present #Default: # ignore_expect_100 off # TAG: external_refresh_check #Default: # none # TIMEOUTS # ----------------------------------------------------------------------------- # TAG: forward_timeout time-units # This parameter specifies how long Squid should at most attempt in #Default: # forward_timeout 4 minutes # TAG: connect_timeout time-units #Default: #connect_timeout 30 second # TAG: peer_connect_timeout time-units #Default: read_timeout 30 minutes # TAG: request_timeout #Default: request_timeout 2 minutes # TAG: persistent_request_timeout #Default: #persistent_request_timeout 2 minutes # TAG: client_lifetime time-units #Default: client_lifetime 6 hours # TAG: half_closed_clients #Default: #half_closed_clients off # TAG: pconn_timeout #Default: pconn_timeout 15 seconds # TAG: ident_timeout #Default: # ident_timeout 10 seconds # TAG: shutdown_lifetime time-units #Default: shutdown_lifetime 7 second # ADMINISTRATIVE PARAMETERS # ----------------------------------------------------------------------------- # TAG: cache_mgr #Default: #cache_mgr genta # TAG: mail_from # From: email-address for mail sent when the cache dies. #Default: # none # TAG: mail_program # Email program used to send mail if the cache dies. #Default: # mail_program mail # TAG: cache_effective_user # If you start Squid as root, it will change its effective/real #Default: cache_effective_user proxy # TAG: cache_effective_group #Default: cache_effective_group proxy # TAG: httpd_suppress_version_string on|off #Default: # httpd_suppress_version_string off # TAG: visible_hostname # If you want to present a special hostname in error messages, etc, #Default: # none # TAG: unique_hostname # If you want to have multiple machines with the same # 'visible_hostname' you must give each machine a different # 'unique_hostname' so forwarding loops can be detected. # #Default: # none # TAG: hostname_aliases # A list of other DNS names your cache has. # #Default: # none # TAG: umask # Minimum umask which should be enforced while the proxy # is running, in addition to the umask set at startup. # # Note: Should start with a 0 to indicate the normal octal # representation of umasks # #Default: # umask 027 # OPTIONS FOR THE CACHE REGISTRATION SERVICE # ----------------------------------------------------------------------------- # # This section contains parameters for the (optional) cache # announcement service. This service is provided to help # cache administrators locate one another in order to join or # create cache hierarchies. # # An 'announcement' message is sent (via UDP) to the registration # service by Squid. By default, the announcement message is NOT # SENT unless you enable it with 'announce_period' below. # # The announcement message includes your hostname, plus the # following information from this configuration file: # # http_port # icp_port # cache_mgr # # All current information is processed regularly and made # available on the Web at http://www.ircache.net/Cache/Tracker/. # TAG: announce_period # This is how frequently to send cache announcements. The # default is `0' which disables sending the announcement # messages. # # To enable announcing your cache, just uncomment the line # below. # #Default: # announce_period 0 # #To enable announcing your cache, just uncomment the line below. #announce_period 1 day # TAG: announce_host # TAG: announce_file # TAG: announce_port # announce_host and announce_port set the hostname and port # number where the registration message will be sent. # # Hostname will default to 'tracker.ircache.net' and port will # default default to 3131. If the 'filename' argument is given, # the contents of that file will be included in the announce # message. # #Default: # announce_host tracker.ircache.net # announce_port 3131 # HTTPD-ACCELERATOR OPTIONS # ---------------------------------------------------------------- # TAG: httpd_accel_no_pmtu_disc on|off # In many setups of transparently intercepting proxies Path-MTU #Default: httpd_accel_no_pmtu_disc off # DELAY POOL PARAMETERS # ----------------------------------------------------------------------------- # TAG: delay_pools #Default: # delay_pools 0 # TAG: delay_class #Default: # none # TAG: delay_access #Default: # none # TAG: delay_parameters #Default: # none # TAG: delay_initial_bucket_level (percent, 0-100) #Default: # delay_initial_bucket_level 50 # WCCPv1 AND WCCPv2 CONFIGURATION OPTIONS # ----------------------------------------------------------------------------- # TAG: wccp_router # TAG: wccp2_router #Default: # wccp_router 0.0.0.0 # TAG: wccp_version #Default: # wccp_version 4 # TAG: wccp2_rebuild_wait #Default: # wccp2_rebuild_wait on # TAG: wccp2_forwarding_method #Default: # wccp2_forwarding_method 1 # TAG: wccp2_return_method #Default: # wccp2_return_method 1 # TAG: wccp2_assignment_method #Default: # wccp2_assignment_method 1 # TAG: wccp2_service #Default: # wccp2_service standard 0 # TAG: wccp2_service_info #Default: # none # TAG: wccp2_weight #Default: # wccp2_weight 10000 # TAG: wccp_address #Default: # wccp_address 0.0.0.0 # wccp2_address 0.0.0.0 # PERSISTENT CONNECTION HANDLING # ----------------------------------------------------------------------------- # # Also see "pconn_timeout" in the TIMEOUTS section # TAG: client_persistent_connections # TAG: server_persistent_connections #Default: client_persistent_connections off server_persistent_connections on # TAG: persistent_connection_after_error #Default: # persistent_connection_after_error off # TAG: detect_broken_pconn #Default: # detect_broken_pconn off # CACHE DIGEST OPTIONS # ----------------------------------------------------------------------------- # TAG: digest_generation #Default: #digest_generation on # TAG: digest_bits_per_entry #Default: #digest_bits_per_entry 10 # TAG: digest_rebuild_period (seconds) #Default: # digest_rebuild_period 30 minute # TAG: digest_rewrite_period (seconds) #Default: #digest_rewrite_period 30 minute # TAG: digest_swapout_chunk_size (bytes) # This is the number of bytes of the Cache Digest to write #Default: #digest_swapout_chunk_size 6000 bytes # TAG: digest_rebuild_chunk_percentage (percent, 0-100) #Default: # digest_rebuild_chunk_percentage 10 # SNMP OPTIONS # ----------------------------------------------------------------------------- # TAG: snmp_port #Defaultsquidclient mgr:info: snmp_port 3401 # TAG: snmp_access #Default: #snmp_access allow localhost #snmp_access allow localnet snmp_access allow all # TAG: snmp_incoming_address # TAG: snmp_outgoing_address # Just like 'udp_incoming_address' above, but for the SNMP port. # # snmp_incoming_address is used for the SNMP socket receiving # messages from SNMP agents. # snmp_outgoing_address is used for SNMP packets returned to SNMP # agents. #Default: # snmp_incoming_address 0.0.0.0 # snmp_outgoing_address 255.255.255.255 # ICP OPTIONS # ----------------------------------------------------------------------------- # TAG: icp_port #Default: icp_port 0 #icp_port 3130 # TAG: htcp_port #Default: # htcp_port 0 # TAG: log_icp_queries on|off #Default: log_icp_queries off # TAG: udp_incoming_address #Default: # udp_incoming_address 0.0.0.0 # TAG: udp_outgoing_address #Default: #udp_outgoing_address 255.255.255.255 # TAG: icp_hit_stale on|off #Default: #icp_hit_stale on # TAG: minimum_direct_hops #Default: #minimum_direct_hops 4 # TAG: minimum_direct_rtt #Default: #minimum_direct_rtt 400 # TAG: netdb_low # TAG: netdb_high #Default: #netdb_low 900 #netdb_high 1000 # TAG: netdb_ping_period #Default: #netdb_ping_period 30 seconds # TAG: query_icmp on|off #Default: #query_icmp on # TAG: test_reachability on|off #Default: # test_reachability off # TAG: icp_query_timeout (msec) #Default: # icp_query_timeout 20s # TAG: maximum_icp_query_timeout (msec) #Default: # maximum_icp_query_timeout 2000 # TAG: minimum_icp_query_timeout (msec) #Default: # minimum_icp_query_timeout 5 # MULTICAST ICP OPTIONS # ----------------------------------------------------------------------------- # TAG: mcast_groups #Default: #cache_peer proxies.telkom.net.id parent 8080 0 no-query no-digest no-netdb-exchange default # TAG: mcast_miss_addr #Default: # mcast_miss_addr 255.255.255.255 # TAG: mcast_miss_ttl #Default: # mcast_miss_ttl 16 # TAG: mcast_miss_port #Default: # mcast_miss_port 3135 # TAG: mcast_miss_encode_key #Default: # mcast_miss_encode_key XXXXXXXXXXXXXXXX # TAG: mcast_icp_query_timeout (msec) #Default: #mcast_icp_query_timeout 10 # INTERNAL ICON OPTIONS # ----------------------------------------------------------------------------- # TAG: icon_directory # Where the icons are stored. These are normally kept in # /usr/share/squid/icons # #Default: # icon_directory /usr/share/squid/icons # TAG: global_internal_static #Default: # global_internal_static on # TAG: short_icon_urls #Default: # short_icon_urls off # ERROR PAGE OPTIONS # ----------------------------------------------------------------------------- # TAG: error_directory #Default: #error_directory /usr/share/squid/errors/en # TAG: error_map #Default: # none # TAG: err_html_text #Default: # none # TAG: deny_info #Default: # none # OPTIONS INFLUENCING REQUEST FORWARDING # ----------------------------------------------------------------------------- # TAG: nonhierarchical_direct #Default: # nonhierarchical_direct on # TAG: prefer_direct #Default: prefer_direct off # TAG: ignore_ims_on_miss on|off #Default: # ignore_ims_on_miss off # TAG: always_direct #Default: # none # TAG: never_direct #Default: # none # ADVANCED NETWORKING OPTIONS # ----------------------------------------------------------------------------- # TAG: max_filedescriptors #Default: max_filedesc 65536 # TAG: accept_filter #EXAMPLE: ## FreeBSD #accept_filter httpready ## Linux #accept_filter data # #Default: # none # TAG: tcp_recv_bufsize (bytes) #Default: # tcp_recv_bufsize 0 bytes # TAG: incoming_rate #Default: # incoming_rate 30 # DNS OPTIONS # ----------------------------------------------------------------------------- # TAG: check_hostnames #Default: #check_hostnames off # TAG: allow_underscore #Default: # allow_underscore on # TAG: cache_dns_program #Default: # cache_dns_program /usr/lib/squid/dnsserver # TAG: dns_children #Default: #dns_children 5 # TAG: dns_retransmit_interval #Default: # dns_retransmit_interval 5 seconds # TAG: dns_timeout #Default: # dns_timeout 2 minutes # TAG: dns_defnames on|off #Default: # dns_defnames on # TAG: dns_nameservers #Default: dns_nameservers /etc/resolv.conf # TAG: hosts_file #Default: #hosts_file /etc/hosts # #hosts_file /etc/hosts # TAG: dns_testnames #Example: # append_domain .doris.net.id # #Default: # none # TAG: ignore_unknown_nameservers #Default: # ignore_unknown_nameservers on # TAG: ipcache_size (number of entries) # TAG: ipcache_low (percent) # TAG: ipcache_high (percent) #Default: ipcache_size 65888 ipcache_low 98 ipcache_high 99 # TAG: fqdncache_size (number of entries) # Maximum number of FQDN cache entries. # #Default: fqdncache_size 4096 # MISCELLANEOUS # ----------------------------------------------------------------------------- # TAG: memory_pools on|off #Default: memory_pools off # TAG: memory_pools_limit (bytes) #Default: # memory_pools_limit 5 MB # TAG: forwarded_for on|off #Default: forwarded_for on # TAG: cachemgr_passwd # Specify passwords for cachemgr operations. #Default: # none # TAG: client_db on|off #Default: #client_db on # TAG: reload_into_ims on|off # When you enable this option, client no-cache or ``reload'' #Default: reload_into_ims off # TAG: maximum_single_addr_tries #Default: # maximum_single_addr_tries 1 # TAG: retry_on_error #Default: retry_on_error on # TAG: as_whois_server #Default: # as_whois_server whois.ra.net # as_whois_server whois.ra.net # TAG: offline_mode #Default: offline_mode off # TAG: uri_whitespace #Default: uri_whitespace strip # TAG: coredump_dir #Default: coredump_dir /usr/var/cache # coredump_dir none # # Leave coredumps in the first cache dir coredump_dir /var/spool/squid # TAG: chroot #Default: # none # TAG: balance_on_multiple_ip #Default: #balance_on_multiple_ip off # TAG: pipeline_prefetch #Default: pipeline_prefetch on # TAG: high_response_time_warning (msec) #Default: # high_response_time_warning 0 # TAG: high_page_fault_warning #Default: high_page_fault_warning 50 # TAG: high_memory_warning #Default: # high_memory_warning 0 KB # TAG: sleep_after_fork (microseconds) #Default: # sleep_after_fork 0 # TAG: zero_buffers on|off #Default: #zero_buffers on # TAG: windows_ipaddrchangemonitor on|off #Default: # windows_ipaddrchangemonitor on #-----------END -----#
terimakasih mas atas responnya.saya tunggu jawabanya mas..thanks

Who is online

Users browsing this forum: No registered users and 4 guests