Konfigurasi Warnet Spedy pakai MIkx+LinuxProx Konfigurasi ini menggunakan modem 4 port Dlink dan settingnya seperti berikut :
192.168.1.1
|modem —–192.168.1.3 Proxy -> GW ke Modem yaitu 192.168.1.1
||MIkrotik 192.168.1.2 Mikrotik –>> GW ke Modem Yaitu 192.168.1.1
|192.168.0.254 —HUb —-LANManagement BW
1. Konfig Mikrotinya :
/ ip pooladd name=”dhcp_pool1″ ranges=192.168.0.1-192.168.0.30/ ip dnsset primary-dns=203.130.193.74 secondary-dns=202.134.0.155 allow-remote-requests=yes cache-size=2048KiB cache-max-ttl=1w/ ip addressadd address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255interface=Public comment=”” disabled=no
add address=192.168.0.254/24 network=192.168.0.0 broadcast=192.168.0.255interface=Lan comment=”” disabled=no
/ ip proxyset enabled=no port=8080 parent-proxy=0.0.0.0:0 maximal-client-connecions=1000maximal-server-connectons=1000/ ip routeadd dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255 target-scope=10 comment=””disabled=no/ ip firewall mangleadd chain=prerouting protocol=tcp dst-port=80 action=mark-connection new-connection-mark=http_conn passthrough=yes comment=”” disabled=noadd chain=prerouting protocol=tcp dst-port=443 action=mark-connection new-connection-mark=http_conn passthrough=yes comment=”” disabled=noadd chain=prerouting protocol=tcp dst-port=3128 action=mark-connection new-connection-mark=http_conn passthrough=yes comment=”” disabled=noadd chain=prerouting protocol=tcp dst-port=8080 action=mark-connection new-connection-mark=http_conn passthrough=yes comment=”” disabled=no
add chain=prerouting protocol=tcp dst-port=53 action=mark-connection new-connection-mark=dns_conn passthrough=yes comment=”” disabled=noadd chain=prerouting protocol=udp dst-port=53 action=mark-connection new-connection-mark=dns_conn passthrough=yes comment=”” disabled=noadd chain=prerouting protocol=tcp dst-port=5050-5061 action=mark-connection new-connection-mark=ym_conn passthrough=yes comment=”” disabled=noadd chain=prerouting protocol=udp dst-port=27015 action=mark-connection new-connection-mark=cs_conn passthrough=yes
comment=”” disabled=noadd chain=prerouting protocol=tcp dst-port=6000-7000 action=mark-connection new-connection-mark=irc_conn passthrough=yes \comment=”” disabled=noadd chain=prerouting protocol=tcp dst-port=8291 action=mark-connection new-connection-mark=mt_conn passthrough=yes \comment=”” disabled=noadd chain=prerouting protocol=tcp dst-port=110 action=mark-connection new-connection-mark=email_conn passthrough=yes \comment=”” disabled=noadd chain=prerouting protocol=tcp dst-port=25 action=mark-connection new-connection-mark=email_conn passthrough=yes \comment=”” disabled=noadd chain=prerouting protocol=tcp dst-port=22 action=mark-connection new-connection-
mark=ssh_conn passthrough=yes \
comment=”” disabled=no
add chain=prerouting connection-mark=http_conn action=mark-packet new-packet-
mark=http passthrough=no comment=”” \
disabled=no
add chain=prerouting connection-mark=dns_conn action=mark-packet new-packet-
mark=dns passthrough=no comment=”” disabled=no
add chain=prerouting connection-mark=ym_conn action=mark-packet new-packet-
mark=ym passthrough=no comment=”” disabled=no
add chain=prerouting connection-mark=cs_conn action=mark-packet new-packet-
mark=cs passthrough=no comment=”” disabled=no
add chain=prerouting connection-mark=irc_conn action=mark-packet new-packet-
mark=irc passthrough=no comment=”” disabled=no
add chain=prerouting connection-mark=mt_conn action=mark-packet new-packet-
mark=mt passthrough=no comment=”” disabled=no
add chain=prerouting connection-mark=email_conn action=mark-packet new-packet-
mark=email passthrough=no comment=”” \
disabled=no
add chain=prerouting connection-mark=ssh_conn action=mark-packet new-packet-
mark=ssh passthrough=no comment=”” disabled=no
add chain=prerouting src-address=192.168.0.0/24 action=mark-packet new-packet-
mark=test-up passthrough=no comment=”UP \
TRAFFIC” disabled=no
add chain=forward src-address=192.168.1.0/29 action=mark-connection new-connection-
mark=test-conn passthrough=yes \ comment=”CONN-MARK” disabled=no add chain=forward in-interface=Public connection-mark=test-conn action=mark-packet
new-packet-mark=test-down \
passthrough=no comment=” DOWN-DIRECT CONNECTION” disabled=no
add chain=forward in-interface=Public src-address=192.168.1.0/24 action=mark-
connection new-connection-mark=test-conn \
passthrough=yes comment=”” disabled=no
add chain=output out-interface=Lan dst-address=192.168.0.0/24 action=mark-packet
new-packet-mark=test-down passthrough=no \
comment=”DOWN- VIA PROXY” disabled=no
/ ip firewall nat
add chain=srcnat out-interface=Public action=masquerade comment=”” disabled=no
add chain=dstnat protocol=tcp dst-port=80 action=dst-nat to-addresses=192.168.1.3 to-
ports=8080 comment=”” disabled=no
add chain=dstnat protocol=tcp dst-port=8080 action=dst-nat to-addresses=192.168.1.3 to-
ports=3128 comment=”” disabled=no
add chain=dstnat protocol=tcp dst-port=3128 action=dst-nat to-addresses=192.168.1.3 to-
ports=8080 comment=”” disabled=no
add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080 comment=””
disabled=yes
add chain=dstnat protocol=tcp dst-port=3128 action=redirect to-ports=8080 comment=””
disabled=yes
add chain=dstnat protocol=tcp dst-port=8080 action=redirect to-ports=8080 comment=””
disabled=yes
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s tcp-established-
timeout=1d tcp-fin-wait-timeout=10s \ tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s tcp-time-wait-timeout=10s tcp- close-timeout=10s udp-timeout=10s \
udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m tcp-syncookie=no
/ ip firewall filter
add chain=input connection-state=invalid action=drop comment=”Drop invalid
connections” disabled=no
add chain=input connection-state=established action=accept comment=”Allow
esatblished connections” disabled=no
add chain=input connection-state=related action=accept comment=”Allow related
connections” disabled=no
add chain=input protocol=udp action=accept comment=”Allow UDP” disabled=no
add chain=input protocol=icmp action=accept comment=”Allow ICMP” disabled=no
add chain=input in-interface=!Public action=accept comment=”Allow connection to
router from local network” disabled=no
add chain=input action=drop comment=”Drop everything else” disabled=no
add chain=input protocol=tcp dst-port=1337 action=add-src-to-address-list address-
list=knock address-list-timeout=15s \
comment=”” disabled=no
add chain=input protocol=tcp dst-port=7331 src-address-list=knock action=add-src-to-
address-list address-list=safe \
address-list-timeout=15m comment=”” disabled=no
add chain=input connection-state=established action=accept comment=”accept
established connection packets” disabled=no
add chain=input connection-state=related action=accept comment=”accept related
connection packets” disabled=no
add chain=input connection-state=invalid action=drop comment=”drop invalid packets”
disabled=no
add chain=input protocol=tcp psd=21,3s,3,1 action=drop comment=”detect and drop port
scan connections” disabled=no
add chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list
action=tarpit comment=”suppress DoS attack” \
disabled=no
add chain=input protocol=tcp connection-limit=10,32 action=add-src-to-address-list
address-list=black_list \
address-list-timeout=1d comment=”detect DoS attack” disabled=no
add chain=input protocol=icmp action=jump jump-target=ICMP comment=”jump to
chain ICMP” disabled=no
add chain=input action=jump jump-target=services comment=”jump to chain services”
disabled=no
add chain=input dst-address-type=broadcast action=accept comment=”Allow Broadcast
Traffic” disabled=no
add chain=input action=log log-prefix=”Filter:” comment=”” disabled=no
add chain=input action=accept comment=”Allow access to router from known network”
disabled=no
add chain=input src-address=192.168.0.0/24 action=accept comment=”” disabled=no
add chain=input src-address=192.168.1.0/24 action=accept comment=”” disabled=no
add chain=input action=drop comment=”drop everything else” disabled=no
add chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept
comment=”0:0 and limit for 5pac/s” disabled=no
add chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=accept
comment=”3:3 and limit for 5pac/s” disabled=no
add chain=ICMP protocol=icmp icmp-options=3:4 limit=5,5 action=accept
comment=”3:4 and limit for 5pac/s” disabled=no
add chain=ICMP protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept
comment=”8:0 and limit for 5pac/s” disabled=no
add chain=ICMP protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept
comment=”11:0 and limit for 5pac/s” disabled=no
add chain=ICMP protocol=icmp action=drop comment=”Drop everything else”
disabled=no
add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-
list=”port scanners” \
address-list-timeout=2w comment=”Port scanners to list ” disabled=no
add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-
address-list address-list=”port \
scanners” address-list-timeout=2w comment=”NMAP FIN Stealth scan” disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-
list=”port scanners” \ address-list-timeout=2w comment=”SYN/FIN scan” disabled=no add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address- list=”port scanners” \
address-list-timeout=2w comment=”SYN/RST scan” disabled=no
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-
address-list address-list=”port \
scanners” address-list-timeout=2w comment=”FIN/PSH/URG scan” disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-
list address-list=”port scanners” \
address-list-timeout=2w comment=”ALL/ALL scan” disabled=no
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-
address-list address-list=”port \
scanners” address-list-timeout=2w comment=”NMAP NULL scan” disabled=no
add chain=input src-address-list=”port scanners” action=drop comment=”dropping port
scanners” disabled=no
add chain=forward connection-state=established action=accept comment=”allow
established connections” disabled=no
add chain=forward connection-state=related action=accept comment=”allow related
connections” disabled=no
add chain=forward connection-state=invalid action=drop comment=”drop invalid
connections” disabled=no
add chain=virus protocol=tcp dst-port=135-139 action=drop comment=”Drop Blaster
Worm” disabled=no
add chain=virus protocol=udp dst-port=135-139 action=drop comment=”Drop
Messenger Worm” disabled=no
add chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster Worm”
disabled=no
add chain=virus protocol=udp dst-port=445 action=drop comment=”Drop Blaster Worm”
disabled=no
add chain=virus protocol=tcp dst-port=593 action=drop comment=”________”
disabled=no
add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment=”________”
disabled=no
add chain=virus protocol=tcp dst-port=1080 action=drop comment=”Drop MyDoom”
disabled=no
add chain=virus protocol=tcp dst-port=1214 action=drop comment=”________”
disabled=no
add chain=virus protocol=tcp dst-port=1363 action=drop comment=”ndm requester”
disabled=no
add chain=virus protocol=tcp dst-port=1364 action=drop comment=”ndm server”
disabled=no
add chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen cast”
disabled=no
add chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx”
disabled=no
add chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichlid”
disabled=no
add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment=”Worm”
disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Bagle Virus”
disabled=no
add chain=virus protocol=tcp dst-port=2283 action=drop comment=”Drop Dumaru.Y”
disabled=no
add chain=virus protocol=tcp dst-port=2535 action=drop comment=”Drop Beagle”
disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Drop Beagle.C-K”
disabled=no
add chain=virus protocol=tcp dst-port=3127 action=drop comment=”Drop MyDoom”
disabled=no
add chain=virus protocol=tcp dst-port=3410 action=drop comment=”Drop Backdoor
OptixPro” disabled=no
add chain=virus protocol=tcp dst-port=4444 action=drop comment=”Worm” disabled=no
add chain=virus protocol=udp dst-port=4444 action=drop comment=”Worm”
disabled=no
add chain=virus protocol=tcp dst-port=5554 action=drop comment=”Drop Sasser”
disabled=no
add chain=virus protocol=tcp dst-port=8866 action=drop comment=”Drop Beagle.B”
disabled=no
add chain=virus protocol=tcp dst-port=9898 action=drop comment=”Drop Dabber.A-B”
disabled=no
add chain=virus protocol=tcp dst-port=10000 action=drop comment=”Drop Dumaru.Y”
disabled=no
add chain=virus protocol=tcp dst-port=10080 action=drop comment=”Drop MyDoom.B”
disabled=no
add chain=virus protocol=tcp dst-port=12345 action=drop comment=”Drop NetBus”
disabled=no
add chain=virus protocol=tcp dst-port=17300 action=drop comment=”Drop Kuang2″
disabled=no
add chain=virus protocol=tcp dst-port=27374 action=drop comment=”Drop SubSeven”
disabled=no
add chain=virus protocol=tcp dst-port=65506 action=drop comment=”Drop PhatBot,
Agobot, Gaobot” disabled=no
add chain=forward action=jump jump-target=virus comment=”jump to the virus chain”
disabled=no
add chain=input connection-state=invalid action=drop comment=”Drop Invalid
connections” disabled=no
add chain=input connection-state=established action=accept comment=”Allow
Established connections” disabled=no
add chain=input protocol=udp action=accept comment=”Allow UDP” disabled=no
add chain=input protocol=icmp action=accept comment=”Allow ICMP” disabled=no
add chain=input src-address=192.168.0.0/24 action=accept comment=”Allow access to
router from known network” disabled=no
add chain=input src-address=63.219.6.0/24 action=accept comment=”” disabled=no
add chain=input src-address=125.0.0.0/8 action=accept comment=”” disabled=no
add chain=input action=drop comment=”Drop anything else” disabled=no
add chain=forward protocol=tcp connection-state=invalid action=drop comment=”drop
invalid connections” disabled=no
add chain=forward connection-state=established action=accept comment=”allow already
established connections” disabled=no
add chain=forward connection-state=related action=accept comment=”allow related
connections” disabled=no
add chain=forward src-address=0.0.0.0/8 action=drop comment=”” disabled=no
add chain=forward dst-address=0.0.0.0/8 action=drop comment=”” disabled=no
add chain=forward src-address=127.0.0.0/8 action=drop comment=”” disabled=no
add chain=forward dst-address=127.0.0.0/8 action=drop comment=”” disabled=no
add chain=forward src-address=224.0.0.0/3 action=drop comment=”” disabled=no
add chain=forward dst-address=224.0.0.0/3 action=drop comment=”” disabled=no
add chain=forward protocol=tcp action=jump jump-target=tcp comment=”” disabled=no
add chain=forward protocol=udp action=jump jump-target=udp comment=””
disabled=no
add chain=forward protocol=icmp action=jump jump-target=icmp comment=””
disabled=no
add chain=tcp protocol=tcp dst-port=69 action=drop comment=”deny TFTP”
disabled=no
add chain=tcp protocol=tcp dst-port=111 action=drop comment=”deny RPC portmapper”
disabled=no
add chain=tcp protocol=tcp dst-port=135 action=drop comment=”deny RPC portmapper”
disabled=no
add chain=tcp protocol=tcp dst-port=137-139 action=drop comment=”deny NBT”
disabled=no
add chain=tcp protocol=tcp dst-port=445 action=drop comment=”deny cifs” disabled=no
add chain=tcp protocol=tcp dst-port=2049 action=drop comment=”deny NFS”
disabled=no
add chain=tcp protocol=tcp dst-port=12345-12346 action=drop comment=”deny NetBus”
disabled=no
add chain=tcp protocol=tcp dst-port=20034 action=drop comment=”deny NetBus”
disabled=no
add chain=tcp protocol=tcp dst-port=3133 action=drop comment=”deny BackOriffice”
disabled=no
add chain=tcp protocol=tcp dst-port=67-68 action=drop comment=”deny DHCP”
disabled=no
add chain=udp protocol=udp dst-port=69 action=drop comment=”deny TFTP”
disabled=no
add chain=udp protocol=udp dst-port=111 action=drop comment=”deny PRC
portmapper” disabled=no
add chain=udp protocol=udp dst-port=135 action=drop comment=”deny PRC
portmapper” disabled=no
add chain=udp protocol=udp dst-port=137-139 action=drop comment=”deny NBT”
disabled=no
add chain=udp protocol=udp dst-port=2049 action=drop comment=”deny NFS”
disabled=no
add chain=udp protocol=udp dst-port=3133 action=drop comment=”deny BackOriffice”
disabled=no
add chain=icmp protocol=icmp icmp-options=0:0 action=accept comment=”drop invalid
connections” disabled=no
add chain=icmp protocol=icmp icmp-options=3:0 action=accept comment=”allow
established connections” disabled=no
add chain=icmp protocol=icmp icmp-options=3:1 action=accept comment=”allow
already established connections” disabled=no
add chain=icmp protocol=icmp icmp-options=4:0 action=accept comment=”allow source
quench” disabled=no
add chain=icmp protocol=icmp icmp-options=8:0 action=accept comment=”allow echo
request” disabled=no
add chain=icmp protocol=icmp icmp-options=11:0 action=accept comment=”allow time
exceed” disabled=no
add chain=icmp protocol=icmp icmp-options=12:0 action=accept comment=”allow
parameter bad” disabled=no
add chain=icmp action=drop comment=”deny all other types” disabled=no
/ ip firewall service-port
set ftp ports=21 disabled=no
set tftp ports=69 disabled=yes
set irc ports=6667 disabled=no
set h323 disabled=yes
set quake3 disabled=yes
set gre disabled=yes
set pptp disabled=yes
/ ip hotspot service-port
set ftp ports=21 disabled=no
/ ip hotspot profile
set default name=”default” hotspot-address=0.0.0.0 dns-name=”” html-directory=hotspot
rate-limit=”” http-proxy=0.0.0.0:0 \
smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d split-user-
domain=no use-radius=no
/ ip hotspot user profile
set default name=”default” idle-timeout=none keepalive-timeout=2m status-
autorefresh=1m shared-users=1 \
transparent-proxy=yes open-status-page=always advertise=no
/ ip dhcp-server
add name=”dhcp1″ interface=Lan lease-time=3d address-pool=dhcp_pool1 bootp-
support=static add-arp=yes \
authoritative=after-2sec-delay disabled=no
/ ip dhcp-server config
set store-leases-disk=5m
/ ip dhcp-server lease
add address=192.168.0.1 mac-address=00:13:D3:E4:FA:52 client-
id=”1:0:13:d3:e4:fa:52″ server=dhcp1 comment=”” disabled=no add address=192.168.0.2 mac-address=00:13:D3:FD:36:98 client- id=”1:0:13:d3:fd:36:98″ server=dhcp1 comment=”” disabled=no
add address=192.168.0.3 mac-address=00:13:D3:E4:FA:9D client-id=”1:0:13:d3:e4:fa:9d” server=dhcp1 comment=”” disabled=noadd address=192.168.0.4 mac-address=00:13:D3:FD:02:7E client-id=”1:0:13:d3:fd:2:7e”server=dhcp1 comment=”” disabled=noadd address=192.168.0.5 mac-address=00:13:D3:E4:FA:30 client-
id=”1:0:13:d3:e4:fa:30″ server=dhcp1 comment=”” disabled=no add address=192.168.0.6 mac-address=00:13:D3:FD:36:61 client-
id=”1:0:13:d3:fd:36:61″ server=dhcp1 comment=”” disabled=no
add address=192.168.0.11 mac-address=00:18:F3:43:D4:66 client-
id=”1:0:18:f3:43:d4:66″ server=dhcp1 comment=”” disabled=no
add address=192.168.0.10 mac-address=00:13:D3:FD:37:BA client-id=”1:0:13:d3:fd:37:ba” server=dhcp1 comment=”” disabled=no
add address=192.168.0.9 mac-address=00:13:D3:C9:E7:C1 client- id=”1:0:13:d3:c9:e7:c1″ server=dhcp1 comment=”” disabled=no
add address=192.168.0.8 mac-address=00:13:D3:FD:36:6A client-
id=”1:0:13:d3:fd:36:6a” server=dhcp1 comment=”” disabled=no
add address=192.168.0.7 mac-address=00:13:D3:E4:FA:2A client-
id=”1:0:13:d3:e4:fa:2a” server=dhcp1 comment=”” disabled=no
/ ip dhcp-server network
add address=192.168.0.0/24 gateway=192.168.0.254 dns-
server=192.168.0.254,202.134.0.155,203.130.193.74 comment=””
/ ip ipsec proposal
add name=”default” auth-algorithms=sha1 enc-algorithms=3des lifetime=30m
lifebytes=0 pfs-group=modp1024 disabled=no
/ ip web-proxy
set enabled=no src-address=0.0.0.0 port=3128 hostname=”proxy” transparent-proxy=no
parent-proxy=0.0.0.0:0 \ cache-administrator=”webmaster” max-object-size=4096KiB cache-drive=system max- cache-size=none \ max-ram-cache-size=unlimited
/ ip web-proxy access
add dst-port=23-25 action=deny comment=”block telnet & spam e-mail relaying”
disabled=no
/ ip web-proxy cache
add url=”:cgi-bin \\?” action=deny comment=”don’t cache dynamic http pages”
disabled=no
/ system logging
add topics=info prefix=”” action=memory disabled=no
add topics=error prefix=”” action=memory disabled=no
add topics=warning prefix=”” action=memory disabled=no
add topics=critical prefix=”” action=echo disabled=no
/ system logging action
set memory name=”memory” target=memory memory-lines=100 memory-stop-on-
full=no
set disk name=”disk” target=disk disk-lines=100 disk-stop-on-full=no
set echo name=”echo” target=echo remember=yes
set remote name=”remote” target=remote remote=0.0.0.0:514
/ system upgrade mirror
set enabled=no primary-server=0.0.0.0 secondary- server=0.0.0.0 check-interval=1d
user=””
/ system clock dst
set dst-delta=+00:00 dst-start=”jan/01/1970 00:00:00″ dst-end=”jan/01/1970 00:00:00″
/ system watchdog
set reboot-on-failure=yes watch-address=none watchdog-timer=yes no-ping-delay=5m
automatic-supout=yes auto-send-supout=no
/ system console
add port=serial0 term=”” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no set FIXME term=”linux” disabled=no set FIXME term=”linux”
disabled=no set FIXME term=”linux” disabled=no set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
/ system console screen
set line-count=25
/ system identity
set name=”MikroTik”
/ system note
set show-at-login=yes note=””
/ system gps
set enabled=no set-system-time=yes
/ system lcd
set enabled=no type=24×4 port=parallel contrast=0
/ system lcd page
set time display-time=5s disabled=yes
set resources display-time=5s disabled=yes
set uptime display-time=5s disabled=yes
set packets display-time=5s disabled=yes
set bits display-time=5s disabled=yes
set version display-time=5s disabled=yes
set Public display-time=5s disabled=yes
set Lan display-time=5s disabled=yes
/ system ntp server
set enabled=no broadcast=no multicast=no manycast=yes
/ system ntp client
set enabled=no mode=unicast primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0
/ system routerboard bios
set / system health set state-after-reboot=enabled
/ port
set serial0 name=”serial0″ baud-rate=9600 data-bits=8 parity=none stop-bits=1 flow-
control=hardware
set serial1 name=”serial1″ baud-rate=9600 data-bits=8 parity=none stop-bits=1 flow-
control=hardware
/p p p p rofile
set default name=”default” use-compression=default use-vj-compression=default use- encryption=default only-one=default \
change-tcp-mss=yes comment=””
set default-encryption name=”default-encryption” use-compression=default use-vj-
compression=default use-encryption=yes \
only-one=default change-tcp-mss=yes comment=””
/ ppp aaa
set use-radius=no accounting=yes interim-update=0s
/ queue type
set default name=”default” kind=pfifo pfifo-limit=50
set ethernet-default name=”ethernet-default” kind=pfifo pfifo-limit=50
set wireless-default name=”wireless-default” kind=sfq sfq-perturb=5 sfq-allot=1514
set synchronous-default name=”synchronous-default” kind=red red-limit=60 red-min-
threshold=10 red-max-threshold=50 \ red-burst=20 red-avg-packet=1000
set hotspot-default name=”hotspot-default” kind=sfq sfq-perturb=5 sfq-allot=1514
add name=”Upload” kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address pcq-
total-limit=2000
add name=”Download” kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=dst-address
pcq-total-limit=2000
add name=”default-small” kind=pfifo pfifo-limit=10
/ queue simple
add name=”HTTP” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=all
parent=none packet-marks=http \
direction=both priority=1 queue=default/default limit-at=0/0 max-limit=0/0 total-
queue=default disabled=no
add name=”DNS” target- addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=all
parent=none packet-marks=dns direction=both \
priority=1 queue=default/default limit-at=0/0 max-limit=0/0 total-queue=default
disabled=no
add name=”YMessenger” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=all
parent=none packet-marks=ym \
direction=both priority=1 queue=default/default limit-at=0/0 max-limit=0/0 total-
queue=default disabled=no
add name=”CounterStrike” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=all
parent=none packet-marks=cs \
direction=both priority=1 queue=default/default limit-at=0/0 max-limit=0/0 total-
queue=default disabled=no
add name=”IRC” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=all
parent=none packet-marks=irc direction=both \
priority=1 queue=default/default limit-at=0/0 max-limit=0/0 total-queue=default
disabled=no
add name=”Mikrotik” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=all
parent=none packet-marks=mt \
direction=both priority=1 queue=default/default limit-at=0/0 max-limit=0/0 total-
queue=default disabled=no
add name=”Email” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=all
parent=none packet-marks=email \
direction=both priority=1 queue=default/default limit-at=0/0 max-limit=0/0 total-
queue=default disabled=no
add name=”Oasis” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=Lan
parent=none direction=both priority=8 \
queue=ethernet-default/ethernet-default limit-at=64000/384000 max-limit=64000/384000
total-queue=default disabled=no
add name=”1″ target-addresses=192.168.0.1/32 dst-address=0.0.0.0/0 interface=Lan
parent=Oasis packet-marks=test-down \
direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-
limit=0/64000 \
total-queue=default disabled=no
add name=”2″ target-addresses=192.168.0.2/32 dst-address=0.0.0.0/0 interface=Lan
parent=Oasis packet-marks=test-down \
direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-
limit=0/64000 \
total-queue=default disabled=no
add name=”3″ target-addresses=192.168.0.3/32 dst-address=0.0.0.0/0 interface=Lan
parent=Oasis packet-marks=test-down \
direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-
limit=0/64000 \
total-queue=default disabled=no
add name=”4″ target-addresses=192.168.0.4/32 dst-address=0.0.0.0/0 interface=Lan
parent=Oasis packet-marks=test-down \
direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-
limit=0/64000 \
total-queue=default disabled=no
add name=”5″ target-addresses=192.168.0.5/32 dst-address=0.0.0.0/0 interface=Lan
parent=Oasis packet-marks=test-down \
direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-
limit=0/64000 \
total-queue=default disabled=no
add name=”6″ target-addresses=192.168.0.6/32 dst-address=0.0.0.0/0 interface=Lan
parent=Oasis packet-marks=test-down \
direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-
limit=0/64000 \
total-queue=default disabled=no
add name=”7″ target-addresses=192.168.0.7/32 dst-address=0.0.0.0/0 interface=Lan
parent=Oasis packet-marks=test-down \
direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max- limit=0/64000 \
total-queue=default disabled=noadd name=”8″ target-addresses=192.168.0.8/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-
limit=0/64000 \
total-queue=default disabled=noadd name=”9″ target-addresses=192.168.0.9/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-
limit=0/64000 \
total-queue=default disabled=noadd name=”10″ target-addresses=192.168.0.10/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-
limit=0/64000 \
total-queue=default disabled=noadd name=”11″ target-addresses=192.168.0.11/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-
limit=0/64000 \
total-queue=default disabled=noadd name=”12″ target-addresses=192.168.0.12/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-
limit=0/64000 \
total-queue=default disabled=noadd name=”13″ target-addresses=192.168.0.13/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-
limit=0/64000 \
total-queue=default disabled=noadd name=”14″ target-addresses=192.168.0.14/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-
limit=0/64000 \
total-queue=default disabled=noadd name=”15″ target-addresses=192.168.0.15/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-
limit=0/64000 \ total-queue=default disabled=no
direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max- limit=0/64000 \
total-queue=default disabled=noadd name=”8″ target-addresses=192.168.0.8/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-
limit=0/64000 \
total-queue=default disabled=noadd name=”9″ target-addresses=192.168.0.9/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-
limit=0/64000 \
total-queue=default disabled=noadd name=”10″ target-addresses=192.168.0.10/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-
limit=0/64000 \
total-queue=default disabled=noadd name=”11″ target-addresses=192.168.0.11/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-
limit=0/64000 \
total-queue=default disabled=noadd name=”12″ target-addresses=192.168.0.12/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-
limit=0/64000 \
total-queue=default disabled=noadd name=”13″ target-addresses=192.168.0.13/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-
limit=0/64000 \
total-queue=default disabled=noadd name=”14″ target-addresses=192.168.0.14/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-
limit=0/64000 \
total-queue=default disabled=noadd name=”15″ target-addresses=192.168.0.15/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-
limit=0/64000 \ total-queue=default disabled=no
add name=”16″ target-addresses=192.168.0.19/32 dst-address=0.0.0.0/0 interface=Lan
parent=Oasis packet-marks=test-down \
direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-
limit=0/64000 \
total-queue=default disabled=no
add name=”17″ target-addresses=192.168.0.17/32 dst-address=0.0.0.0/0 interface=Lan
parent=Oasis packet-marks=test-down \
direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-
limit=0/64000 \
total-queue=default disabled=no
add name=”18″ target-addresses=192.168.0.18/32 dst-address=0.0.0.0/0 interface=Lan
parent=Oasis packet-marks=test-down \
direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-
limit=0/64000 \
total-queue=default disabled=no
add name=”19″ target-addresses=192.168.0.19/32 dst-address=0.0.0.0/0 interface=Lan
parent=Oasis packet-marks=test-down \
direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-
limit=0/64000 \
total-queue=default disabled=no
add name=”20″ target-addresses=192.168.0.20/32 dst-address=0.0.0.0/0 interface=Lan
parent=Oasis packet-marks=test-down \
direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-
limit=0/64000 \
total-queue=default disabled=no
add name=”21″ target-addresses=192.168.0.21/32 dst-address=0.0.0.0/0 interface=Lan
parent=Oasis packet-marks=test-down \
direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-
limit=0/64000 \
total-queue=default disabled=no
add name=”22″ target-addresses=192.168.0.22/32 dst-address=0.0.0.0/0 interface=Lan
parent=Oasis packet-marks=test-down \
direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-
limit=0/64000 \
total-queue=default disabled=no
add name=”23″ target-addresses=192.168.0.23/32 dst-address=0.0.0.0/0 interface=Lan
parent=Oasis packet-marks=test-down \
direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-
limit=0/64000 \
total-queue=default disabled=no
add name=”24″ target-addresses=192.168.0.24/32 dst-address=0.0.0.0/0 interface=Lan
parent=Oasis packet-marks=test-down \
direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-
limit=0/64000 \
total-queue=default disabled=noadd name=”25″ target-addresses=192.168.0.25/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-
limit=0/64000 \
total-queue=default disabled=noadd name=”26″ target-addresses=192.168.0.26/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-
limit=0/64000 \
total-queue=default disabled=no/ queue treeadd name=”upstream” parent=global-out packet-mark=test-up limit-at=384000queue=default priority=8 max-limit=384000 \burst-limit=0 burst-threshold=0 burst-time=0s disabled=noadd name=”downstream” parent=Lan packet-mark=test-down limit-at=384000queue=Download priority=8 max-limit=384000 \burst-limit=0 burst-threshold=0 burst-time=0s disabled=no/ useradd name=”admin” group=full address=0.0.0.0/0 comment=”system default user”
disabled=no / user group
add name=”read”
policy=local,telnet,ssh,reboot,read,test,winbox,password,web,!ftp,!write,!policy
add name=”write”
policy=local,telnet,ssh,reboot,read,write,test,winbox,password,web,!ftp,!policy
add name=”full”
policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web
/ user aaa
set use-radius=no accounting=yes interim-update=0s default-group=read
/ radius incoming
set accept=yes port=1700
/ driver
/ snmp
set enabled=yes contact=”admin” location=”admin”
/ snmp community
set public name=”public” address=0.0.0.0/0 read-access=yes
/ tool bandwidth-server
set enabled=yes authenticate=yes allocate-udp-ports-from=2000 max-sessions=10
/ tool mac-server ping
set enabled=yes
/ tool e-mail
set server=0.0.0.0 from=”<>”
/ tool sniffer
set interface=all only-headers=no memory-limit=10 file-name=”” file-limit=10
streaming-enabled=no streaming-server=0.0.0.0 \
filter-stream=yes filter-protocol=ip-only filter-address1=0.0.0.0/0:0-65535 filter-
address2=0.0.0.0/0:0-65535
/ tool graphing
set store-every=5min
/ tool graphing queue
add simple-queue=all allow-address=0.0.0.0/0 store-on-disk=yes allow-target=yes
disabled=no
/ tool graphing resource
add allow-address=0.0.0.0/0 store-on-disk=yes disabled=no
/ tool graphing interface
add interface=all allow-address=0.0.0.0/0 store-on -disk=yes disabled=no
/ routing ospf
set router-id=0.0.0.0 distribute-default=never redistribute-connected=no redistribute-
static=no redistribute-rip=no \
redistribute-bgp=no metric-default=1 metric-connected=20 metric-static=20 metric-
rip=20 metric-bgp=20
/ routing ospf area
set backbone area-id=0.0.0.0 type=default translator-role=translate-candidate
authentication=none prefix-list-import=”” \
prefix-list-export=”” disabled=no
/ routing bgp
set enabled=no as=1 router-id=0.0.0.0 redistribute-static=no redistribute-connected=no
redistribute-rip=no \
redistribute-ospf=no
/ routing rip
set redistribute-static=no redistribute-connected=no redistribute-ospf=no redistribute-
bgp=no metric-static=1 \
metric-connected=1 metric-ospf=1 metric-bgp=1 update-timer=30s timeout-timer=3m
garbage-timer=2m
[admin@MikroTik] >
2. Konfig LINUX PROXY a. Squid.conf http_port 8080 #icp_port 3130
icp_query_timeout 0
maximum_icp_query_timeout 5000
mcast_icp_query_timeout 2000
dead_peer_timeout 10 seconds
hierarchy_stoplist cgi-bin ? localhost acl QUERY urlpath_regex cgi-bin \? localhost
### Opsi Cache
cache_mem 6 MB
cache_swap_low 98
cache_swap_high 99
maximum_object_size 128 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 32 KB
ipcache_size 10240
ipcache_low 98
ipcache_high 99
fqdncache_size 256
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
### Opsi Tuning Squid
refresh_pattern -i \.(swf|png|jpg|jpeg|bmp|tiff|png|gif) 43200 90% 129600 reload-into-ims
override-lastmod
refresh_pattern -i \.(mov|mpg|mpeg|flv|avi|mp3|3gp|sis|wma) 43200 90% 129600 reload-
into-ims override-lastmod
refresh_pattern -i \.(zip|rar|ace|bz|bz2|tar|gz|exe) 43200 90% 129600 reload-into-ims
override-lastmod
refresh_pattern -i (.*html$|.*htm|.*shtml|.*aspx|.*asp) 43200 90% 1440 reload-into-ims
override-lastmod
refresh_pattern -i \.(class|css|js|gif|jpg)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(jpe|jpeg|png|bmp|tif)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(tiff|mov|avi|qt|mpeg)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(mpg|mpe|wav|au|mid)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(zip|gz|arj|lha|lzh)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(rar|tgz|tar|exe|bin)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(hqx|pdf|rtf|doc|swf)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(inc|cab|ad|txt|dll)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(asp|acgi|pl|shtml|php3|php)$ 2 20% 4320 reload-into-ims
refresh_pattern ^http://*.google.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*korea.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.akamai.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.windowsmedia.*/.* 720 100% 4320 reload-into-ims override-
lastmod
refresh_pattern ^http://*.googlesyndication.*/.* 720 100% 4320 reload-into-ims override-
lastmod
refresh_pattern ^http://*.plasa.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.telkom.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://www.friendster.com/.* 720 100% 4320 reload-into-ims override-
lastmod
refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320 reload-into-ims override-
lastmod
refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.yimg.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.gmail.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.detik.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern ^ftp: 43200 90% 129600 reload-into-ims override-expire
#refresh_pattern ^ftp: 1440 20% 10080
#refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod
### Direktori cache
#cache_dir aufs /cache 20000 16 256
cache_dir diskd /cache 7000 16 256 Q1=72 Q2=88
#cache_dir aufs /cache 7000 16 256
### Log
cache_access_log /var/log/squid/access.log
logfile_rotate 1
cache_log none
cache_store_log none
emulate_httpd_log off
log_ip_on_direct on
log_fqdn off
log_icp_queries off
### DNS server dns_nameservers 127.0.0.1
quick_abort_min 0
quick_abort_max 0
quick_abort_pct 98%
negative_ttl 15 minute
positive_dns_ttl 24 hours
negative_dns_ttl 5 minutes range_offset_limit 0 KB
### Opsi Timeout
connect_timeout 1 minute
peer_connect_timeout 5 seconds
read_timeout 30 minute
request_timeout 1 minute
#client_lifetime 10 hour
half_closed_clients off
pconn_timeout 15 second
shutdown_lifetime 15 second
### Opsi ACL
acl manager proto cache_object
acl all src 0.0.0.0/0.0.0.0
acl client src 192.168.5.0/29
acl tidakbebasdownload time 08:00-22:00
acl porn url_regex -i /usr/local/squid/etc/bokep.txt time 08:00-22:00
acl noporn url_regex -i /usr/local/squid/etc/nobokep.txt time 08:00-22:00
acl file_terlarang url_regex -i hot_indonesia.exe
acl file_terlarang url_regex -i hotsurprise_id.exe
acl file_terlarang url_regex -i best-mp3-download.exe
acl file_terlarang url_regex -i R32.exe
acl file_terlarang url_regex -i rb32.exe
acl file_terlarang url_regex -i mp3.exe
acl file_terlarang url_regex -i HOTSEX.exe
acl file_terlarang url_regex -i Browser_Plugin.exe
acl file_terlarang url_regex -i DDialer.exe
acl file_terlarang url_regex -i od-teen
acl file_terlarang url_regex -i URLDownload.exe
acl file_terlarang url_regex -i od-stnd67.exe
acl file_terlarang url_regex -i Download_Plugin.exe
acl file_terlarang url_regex -i od-teen52.exe
acl file_terlarang url_regex -i malaysex
acl file_terlarang url_regex -i edita.html
acl file_terlarang url_regex -i info.exe
acl file_terlarang url_regex -i run.exe
acl file_terlarang url_regex -i Lovers2Go
acl file_terlarang url_regex -i GlobalDialer
acl file_terlarang url_regex -i WebDialer
acl file_terlarang url_regex -i britneynude
acl file_terlarang url_regex -i download.exe
acl file_terlarang url_regex -i backup.exe
acl file_terlarang url_regex -i GnoOS2003
acl file_terlarang url_regex -i wintrim.exe
acl file_terlarang url_regex -i MPREXE.EXE
acl file_terlarang url_regex -i exengd.EXE
acl file_terlarang url_regex -i xxxvideo.exe
acl file_terlarang url_regex -i Save.exe
acl file_terlarang url_regex -i ATLBROWSER.DLL
acl file_terlarang url_regex -i NawaL_rm
acl file_terlarang url_regex -i Socks32.dll
acl file_terlarang url_regex -i Sc32Lnch.exe
acl file_terlarang url_regex -i dat0.exe
acl IIX dst_as 7713 4622 4795 7597 4787 4795 4800
acl block url_regex -i
\.(aiff|asf|avi|dif|divx|mov|movie|mp3|mpe?g?|mpv2|ogg|ra?m|snd|qt|wav|wmf|wmv)$
acl local-domain dstdomain localhost
acl Bad_ports port 7 9 11 19 22 23 25 53 110 119 513 514
acl Safe_ports port 21 70 80 210 443 488 563 591 777 1025-65535
acl Virus urlpath_regex winnt/system32/cmd.exe?
acl connect method CONNECT
acl post method POST
acl ssl method CONNECT
acl purge method PURGE
acl IpAddrProbeUA browser ^Mozilla/4.0.\(compatible;.MSIE.5.5;.Windows.98\)$
acl IpAddrProbeURL url_regex //[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/$
no_cache deny QUERY manager
http_access allow manager IIX Safe_ports
http_access allow client
http_access deny porn !noporn
http_access deny Bad_ports Virus IpAddrProbeUA IpAddrProbeURL
http_access deny file_terlarang
http_access deny all
### Paramater Administratifcache_mgr [email protected]_effective_user squidcache_effective_group squidvisible_hostname proxy.primadona.war.net.id
### Opsi Akselerator memory_pools off forwarded_for on
log_icp_queries off
icp_hit_stale on
minimum_direct_hops 4
minimum_direct_rtt 400
store_avg_object_size 13 KB
store_objects_per_bucket 20
client_db on
netdb_low 9900
netdb_high 10000
netdb_ping_period 30 seconds
query_icmp off
pipeline_prefetch on
reload_into_ims on
pipeline_prefetch on
vary_ignore_expire on
max_open_disk_fds 100
nonhierarchical_direct on
prefer_direct off
### Pendukung Transparan Proxy
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
### Membatasi Besar File untuk download reply_body_max_size 3512000 allow client block tidakbebasdownload
### SNMP
#snmp_port 3401
#acl snmppublic snmp_community public
#snmp_access allow all
header_access User-Agent deny all
header_replace User-Agent Mozilla/5.0 (compatible; MSIE 6.0)
header_access Accept deny all
header_replace Accept */*
header_access Accept-Language deny all
header_replace Accept-Language id, en
http_port 8080 #icp_port 3130
icp_query_timeout 0
maximum_icp_query_timeout 5000
mcast_icp_query_timeout 2000
dead_peer_timeout 10 seconds
hierarchy_stoplist cgi-bin ? localhost acl QUERY urlpath_regex cgi-bin \? localhost
### Opsi Cache
cache_mem 6 MB
cache_swap_low 98
cache_swap_high 99
maximum_object_size 128 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 32 KB
ipcache_size 10240
ipcache_low 98
ipcache_high 99
fqdncache_size 256
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
### Opsi Tuning Squid
refresh_pattern -i \.(swf|png|jpg|jpeg|bmp|tiff|png|gif) 43200 90% 129600 reload-into-ims
override-lastmod
refresh_pattern -i \.(mov|mpg|mpeg|flv|avi|mp3|3gp|sis|wma) 43200 90% 129600 reload-
into-ims override-lastmod
refresh_pattern -i \.(zip|rar|ace|bz|bz2|tar|gz|exe) 43200 90% 129600 reload-into-ims
override-lastmod
refresh_pattern -i (.*html$|.*htm|.*shtml|.*aspx|.*asp) 43200 90% 1440 reload-into-ims
override-lastmod
refresh_pattern -i \.(class|css|js|gif|jpg)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(jpe|jpeg|png|bmp|tif)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(tiff|mov|avi|qt|mpeg)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(mpg|mpe|wav|au|mid)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(zip|gz|arj|lha|lzh)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(rar|tgz|tar|exe|bin)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(hqx|pdf|rtf|doc|swf)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(inc|cab|ad|txt|dll)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(asp|acgi|pl|shtml|php3|php)$ 2 20% 4320 reload-into-ims
refresh_pattern ^http://*.google.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*korea.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.akamai.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.windowsmedia.*/.* 720 100% 4320 reload-into-ims override-
lastmod
refresh_pattern ^http://*.googlesyndication.*/.* 720 100% 4320 reload-into-ims override-
lastmod
refresh_pattern ^http://*.plasa.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.telkom.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://www.friendster.com/.* 720 100% 4320 reload-into-ims override-
lastmod
refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320 reload-into-ims override-
lastmod
refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.yimg.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.gmail.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.detik.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern ^ftp: 43200 90% 129600 reload-into-ims override-expire
#refresh_pattern ^ftp: 1440 20% 10080
#refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod
### Direktori cache
#cache_dir aufs /cache 20000 16 256
cache_dir diskd /cache 7000 16 256 Q1=72 Q2=88
#cache_dir aufs /cache 7000 16 256
### Log
cache_access_log /var/log/squid/access.log
logfile_rotate 1
cache_log none
cache_store_log none
emulate_httpd_log off
log_ip_on_direct on
log_fqdn off
log_icp_queries off
### DNS server dns_nameservers 127.0.0.1
quick_abort_min 0
quick_abort_max 0
quick_abort_pct 98%
negative_ttl 15 minute
positive_dns_ttl 24 hours
lastmod
refresh_pattern ^http://*.googlesyndication.*/.* 720 100% 4320 reload-into-ims override-
lastmod
refresh_pattern ^http://*.plasa.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.telkom.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://www.friendster.com/.* 720 100% 4320 reload-into-ims override-
lastmod
refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320 reload-into-ims override-
lastmod
refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.yimg.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.gmail.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.detik.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern ^ftp: 43200 90% 129600 reload-into-ims override-expire
#refresh_pattern ^ftp: 1440 20% 10080
#refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod
### Direktori cache
#cache_dir aufs /cache 20000 16 256
cache_dir diskd /cache 7000 16 256 Q1=72 Q2=88
#cache_dir aufs /cache 7000 16 256
### Log
cache_access_log /var/log/squid/access.log
logfile_rotate 1
cache_log none
cache_store_log none
emulate_httpd_log off
log_ip_on_direct on
log_fqdn off
log_icp_queries off
### DNS server dns_nameservers 127.0.0.1
quick_abort_min 0
quick_abort_max 0
quick_abort_pct 98%
negative_ttl 15 minute
positive_dns_ttl 24 hours
negative_dns_ttl 5 minutes range_offset_limit 0 KB
### Opsi Timeout
connect_timeout 1 minute
peer_connect_timeout 5 seconds
read_timeout 30 minute
request_timeout 1 minute
#client_lifetime 10 hour
half_closed_clients off pconn_timeout 15 second shutdown_lifetime 15 second
### Opsi ACL
acl manager proto cache_object
acl all src 0.0.0.0/0.0.0.0
acl client src 192.168.5.0/29
acl tidakbebasdownload time 08:00-22:00
acl porn url_regex -i /usr/local/squid/etc/bokep.txt time 08:00-22:00
acl noporn url_regex -i /usr/local/squid/etc/nobokep.txt time 08:00-22:00
acl file_terlarang url_regex -i hot_indonesia.exe
acl file_terlarang url_regex -i hotsurprise_id.exe
acl file_terlarang url_regex -i best-mp3-download.exe
acl file_terlarang url_regex -i R32.exe
acl file_terlarang url_regex -i rb32.exe
acl file_terlarang url_regex -i mp3.exe
acl file_terlarang url_regex -i HOTSEX.exe
acl file_terlarang url_regex -i Browser_Plugin.exe
acl file_terlarang url_regex -i DDialer.exe
acl file_terlarang url_regex -i od-teen
acl file_terlarang url_regex -i URLDownload.exe
acl file_terlarang url_regex -i od-stnd67.exe
acl file_terlarang url_regex -i Download_Plugin.exe
acl file_terlarang url_regex -i od-teen52.exe
acl file_terlarang url_regex -i malaysex
acl file_terlarang url_regex -i edita.html
acl file_terlarang url_regex -i info.exe
acl file_terlarang url_regex -i run.exe
acl file_terlarang url_regex -i Lovers2Go
acl file_terlarang url_regex -i GlobalDialer
acl file_terlarang url_regex -i WebDialer
acl file_terlarang url_regex -i britneynude
acl file_terlarang url_regex -i download.exe
lastmod
refresh_pattern ^http://*.googlesyndication.*/.* 720 100% 4320 reload-into-ims override-
lastmod
refresh_pattern ^http://*.plasa.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.telkom.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://www.friendster.com/.* 720 100% 4320 reload-into-ims override-
lastmod
refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320 reload-into-ims override-
lastmod
refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.yimg.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.gmail.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.detik.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern ^ftp: 43200 90% 129600 reload-into-ims override-expire
#refresh_pattern ^ftp: 1440 20% 10080
#refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod
### Direktori cache
#cache_dir aufs /cache 20000 16 256
cache_dir diskd /cache 7000 16 256 Q1=72 Q2=88
#cache_dir aufs /cache 7000 16 256
### Log
cache_access_log /var/log/squid/access.log
logfile_rotate 1
cache_log none
cache_store_log none
emulate_httpd_log off
log_ip_on_direct on
log_fqdn off
log_icp_queries off
### DNS server dns_nameservers 127.0.0.1
quick_abort_min 0
quick_abort_max 0
quick_abort_pct 98%
negative_ttl 15 minute
positive_dns_ttl 24 hours
negative_dns_ttl 5 minutes range_offset_limit 0 KB
### Opsi Timeout
connect_timeout 1 minute
peer_connect_timeout 5 seconds
read_timeout 30 minute
request_timeout 1 minute
#client_lifetime 10 hour
half_closed_clients off pconn_timeout 15 second shutdown_lifetime 15 second
### Opsi ACL
acl manager proto cache_object
acl all src 0.0.0.0/0.0.0.0
acl client src 192.168.5.0/29
acl tidakbebasdownload time 08:00-22:00
acl porn url_regex -i /usr/local/squid/etc/bokep.txt time 08:00-22:00
acl noporn url_regex -i /usr/local/squid/etc/nobokep.txt time 08:00-22:00
acl file_terlarang url_regex -i hot_indonesia.exe
acl file_terlarang url_regex -i hotsurprise_id.exe
acl file_terlarang url_regex -i best-mp3-download.exe
acl file_terlarang url_regex -i R32.exe
acl file_terlarang url_regex -i rb32.exe
acl file_terlarang url_regex -i mp3.exe
acl file_terlarang url_regex -i HOTSEX.exe
acl file_terlarang url_regex -i Browser_Plugin.exe
acl file_terlarang url_regex -i DDialer.exe
acl file_terlarang url_regex -i od-teen
acl file_terlarang url_regex -i URLDownload.exe
acl file_terlarang url_regex -i od-stnd67.exe
acl file_terlarang url_regex -i Download_Plugin.exe
acl file_terlarang url_regex -i od-teen52.exe
acl file_terlarang url_regex -i malaysex
acl file_terlarang url_regex -i edita.html
acl file_terlarang url_regex -i info.exe
acl file_terlarang url_regex -i run.exe
acl file_terlarang url_regex -i Lovers2Go
acl file_terlarang url_regex -i GlobalDialer
acl file_terlarang url_regex -i WebDialer
acl file_terlarang url_regex -i britneynude
acl file_terlarang url_regex -i download.exe
acl file_terlarang url_regex -i backup.exe
acl file_terlarang url_regex -i GnoOS2003
acl file_terlarang url_regex -i wintrim.exe
acl file_terlarang url_regex -i MPREXE.EXE
acl file_terlarang url_regex -i exengd.EXE
acl file_terlarang url_regex -i xxxvideo.exe
acl file_terlarang url_regex -i Save.exe
acl file_terlarang url_regex -i ATLBROWSER.DLL
acl file_terlarang url_regex -i NawaL_rm
acl file_terlarang url_regex -i Socks32.dll
acl file_terlarang url_regex -i Sc32Lnch.exe
acl file_terlarang url_regex -i dat0.exe
acl IIX dst_as 7713 4622 4795 7597 4787 4795 4800
acl block url_regex -i
\.(aiff|asf|avi|dif|divx|mov|movie|mp3|mpe?g?|mpv2|ogg|ra?m|snd|qt|wav|wmf|wmv)$
acl local-domain dstdomain localhost
acl Bad_ports port 7 9 11 19 22 23 25 53 110 119 513 514
acl Safe_ports port 21 70 80 210 443 488 563 591 777 1025-65535
acl Virus urlpath_regex winnt/system32/cmd.exe?
acl connect method CONNECT
acl post method POST
acl ssl method CONNECT
acl purge method PURGE
acl IpAddrProbeUA browser ^Mozilla/4.0.\(compatible;.MSIE.5.5;.Windows.98\)$
acl IpAddrProbeURL url_regex //[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/$
no_cache deny QUERY manager
http_access allow manager IIX Safe_ports
http_access allow client
http_access deny porn !noporn
http_access deny Bad_ports Virus IpAddrProbeUA IpAddrProbeURL
http_access deny file_terlarang
http_access deny all
### Paramater Administratifcache_mgr [email protected]_effective_user squidcache_effective_group squidvisible_hostname proxy.primadona.war.net.id
### Opsi Akselerator memory_pools off forwarded_for on
lastmod
refresh_pattern ^http://*.googlesyndication.*/.* 720 100% 4320 reload-into-ims override-
lastmod
refresh_pattern ^http://*.plasa.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.telkom.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://www.friendster.com/.* 720 100% 4320 reload-into-ims override-
lastmod
refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320 reload-into-ims override-
lastmod
refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.yimg.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.gmail.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.detik.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern ^ftp: 43200 90% 129600 reload-into-ims override-expire
#refresh_pattern ^ftp: 1440 20% 10080
#refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod
### Direktori cache
#cache_dir aufs /cache 20000 16 256
cache_dir diskd /cache 7000 16 256 Q1=72 Q2=88
#cache_dir aufs /cache 7000 16 256
### Log
cache_access_log /var/log/squid/access.log
logfile_rotate 1
cache_log none
cache_store_log none
emulate_httpd_log off
log_ip_on_direct on
log_fqdn off
log_icp_queries off
### DNS server dns_nameservers 127.0.0.1
quick_abort_min 0
quick_abort_max 0
quick_abort_pct 98%
negative_ttl 15 minute
positive_dns_ttl 24 hours
negative_dns_ttl 5 minutes range_offset_limit 0 KB
### Opsi Timeout
connect_timeout 1 minute
peer_connect_timeout 5 seconds
read_timeout 30 minute
request_timeout 1 minute
#client_lifetime 10 hour
half_closed_clients off pconn_timeout 15 second shutdown_lifetime 15 second
### Opsi ACL
acl manager proto cache_object
acl all src 0.0.0.0/0.0.0.0
acl client src 192.168.5.0/29
acl tidakbebasdownload time 08:00-22:00
acl porn url_regex -i /usr/local/squid/etc/bokep.txt time 08:00-22:00
acl noporn url_regex -i /usr/local/squid/etc/nobokep.txt time 08:00-22:00
acl file_terlarang url_regex -i hot_indonesia.exe
acl file_terlarang url_regex -i hotsurprise_id.exe
acl file_terlarang url_regex -i best-mp3-download.exe
acl file_terlarang url_regex -i R32.exe
acl file_terlarang url_regex -i rb32.exe
acl file_terlarang url_regex -i mp3.exe
acl file_terlarang url_regex -i HOTSEX.exe
acl file_terlarang url_regex -i Browser_Plugin.exe
acl file_terlarang url_regex -i DDialer.exe
acl file_terlarang url_regex -i od-teen
acl file_terlarang url_regex -i URLDownload.exe
acl file_terlarang url_regex -i od-stnd67.exe
acl file_terlarang url_regex -i Download_Plugin.exe
acl file_terlarang url_regex -i od-teen52.exe
acl file_terlarang url_regex -i malaysex
acl file_terlarang url_regex -i edita.html
acl file_terlarang url_regex -i info.exe
acl file_terlarang url_regex -i run.exe
acl file_terlarang url_regex -i Lovers2Go
acl file_terlarang url_regex -i GlobalDialer
acl file_terlarang url_regex -i WebDialer
acl file_terlarang url_regex -i britneynude
acl file_terlarang url_regex -i download.exe
acl file_terlarang url_regex -i backup.exe
acl file_terlarang url_regex -i GnoOS2003
acl file_terlarang url_regex -i wintrim.exe
acl file_terlarang url_regex -i MPREXE.EXE
acl file_terlarang url_regex -i exengd.EXE
acl file_terlarang url_regex -i xxxvideo.exe
acl file_terlarang url_regex -i Save.exe
acl file_terlarang url_regex -i ATLBROWSER.DLL
acl file_terlarang url_regex -i NawaL_rm
acl file_terlarang url_regex -i Socks32.dll
acl file_terlarang url_regex -i Sc32Lnch.exe
acl file_terlarang url_regex -i dat0.exe
acl IIX dst_as 7713 4622 4795 7597 4787 4795 4800
acl block url_regex -i
\.(aiff|asf|avi|dif|divx|mov|movie|mp3|mpe?g?|mpv2|ogg|ra?m|snd|qt|wav|wmf|wmv)$
acl local-domain dstdomain localhost
acl Bad_ports port 7 9 11 19 22 23 25 53 110 119 513 514
acl Safe_ports port 21 70 80 210 443 488 563 591 777 1025-65535
acl Virus urlpath_regex winnt/system32/cmd.exe?
acl connect method CONNECT
acl post method POST
acl ssl method CONNECT
acl purge method PURGE
acl IpAddrProbeUA browser ^Mozilla/4.0.\(compatible;.MSIE.5.5;.Windows.98\)$
acl IpAddrProbeURL url_regex //[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/$
no_cache deny QUERY manager
http_access allow manager IIX Safe_ports
http_access allow client
http_access deny porn !noporn
http_access deny Bad_ports Virus IpAddrProbeUA IpAddrProbeURL
http_access deny file_terlarang
http_access deny all
### Paramater Administratifcache_mgr [email protected]_effective_user squidcache_effective_group squidvisible_hostname proxy.primadona.war.net.id
### Opsi Akselerator memory_pools off forwarded_for on
log_icp_queries off
icp_hit_stale on
minimum_direct_hops 4
minimum_direct_rtt 400
store_avg_object_size 13 KB
store_objects_per_bucket 20
client_db on
netdb_low 9900
netdb_high 10000
netdb_ping_period 30 seconds
query_icmp off
pipeline_prefetch on
reload_into_ims on
pipeline_prefetch on
vary_ignore_expire on
max_open_disk_fds 100
nonhierarchical_direct on
prefer_direct off
### Pendukung Transparan Proxy
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
### Membatasi Besar File untuk download reply_body_max_size 3512000 allow client block tidakbebasdownload
### SNMP
#snmp_port 3401
#acl snmppublic snmp_community public
#snmp_access allow all
header_access User-Agent deny all
header_replace User-Agent Mozilla/5.0 (compatible; MSIE 6.0)
header_access Accept deny all
header_replace Accept */*
header_access Accept-Language deny all
header_replace Accept-Language id, en
b. Named.Conf
acl file_terlarang url_regex -i backup.exe
acl file_terlarang url_regex -i GnoOS2003
acl file_terlarang url_regex -i wintrim.exe
acl file_terlarang url_regex -i MPREXE.EXE
acl file_terlarang url_regex -i exengd.EXE
acl file_terlarang url_regex -i xxxvideo.exe
acl file_terlarang url_regex -i Save.exe
acl file_terlarang url_regex -i ATLBROWSER.DLL
acl file_terlarang url_regex -i NawaL_rm
acl file_terlarang url_regex -i Socks32.dll
acl file_terlarang url_regex -i Sc32Lnch.exe
acl file_terlarang url_regex -i dat0.exe
acl IIX dst_as 7713 4622 4795 7597 4787 4795 4800
acl block url_regex -i
\.(aiff|asf|avi|dif|divx|mov|movie|mp3|mpe?g?|mpv2|ogg|ra?m|snd|qt|wav|wmf|wmv)$
acl local-domain dstdomain localhost
acl Bad_ports port 7 9 11 19 22 23 25 53 110 119 513 514
acl Safe_ports port 21 70 80 210 443 488 563 591 777 1025-65535
acl Virus urlpath_regex winnt/system32/cmd.exe?
acl connect method CONNECT
acl post method POST
acl ssl method CONNECT
acl purge method PURGE
acl IpAddrProbeUA browser ^Mozilla/4.0.\(compatible;.MSIE.5.5;.Windows.98\)$
acl IpAddrProbeURL url_regex //[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/$
no_cache deny QUERY manager
http_access allow manager IIX Safe_ports
http_access allow client
http_access deny porn !noporn
http_access deny Bad_ports Virus IpAddrProbeUA IpAddrProbeURL
http_access deny file_terlarang
http_access deny all
### Paramater Administratifcache_mgr [email protected]_effective_user squidcache_effective_group squidvisible_hostname proxy.primadona.war.net.id
### Opsi Akselerator memory_pools off forwarded_for on
log_icp_queries off
icp_hit_stale on
minimum_direct_hops 4
minimum_direct_rtt 400
store_avg_object_size 13 KB
store_objects_per_bucket 20
client_db on
netdb_low 9900
netdb_high 10000
netdb_ping_period 30 seconds
query_icmp off
pipeline_prefetch on
reload_into_ims on
pipeline_prefetch on
vary_ignore_expire on
max_open_disk_fds 100
nonhierarchical_direct on
prefer_direct off
### Pendukung Transparan Proxy
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
### Membatasi Besar File untuk download reply_body_max_size 3512000 allow client block tidakbebasdownload
### SNMP
#snmp_port 3401
#acl snmppublic snmp_community public
#snmp_access allow all
header_access User-Agent deny all
header_replace User-Agent Mozilla/5.0 (compatible; MSIE 6.0)
header_access Accept deny all
header_replace Accept */*
header_access Accept-Language deny all
header_replace Accept-Language id, en
b. Named.Conf
// //named.conf for Red Hat caching-nameserver //
options {
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
forwarders {
203.130.193.74;
202.134.0.155;
202.134.2.5;
};
};
//
//a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone “.” IN {
type hint;
file “named.ca”;
};
zone “localdomain” IN {
type master;
file “localdomain.zone”;
allow-update { none; };
}; zone “localhost” IN { type master;
acl file_terlarang url_regex -i backup.exe
acl file_terlarang url_regex -i GnoOS2003
acl file_terlarang url_regex -i wintrim.exe
acl file_terlarang url_regex -i MPREXE.EXE
acl file_terlarang url_regex -i exengd.EXE
acl file_terlarang url_regex -i xxxvideo.exe
acl file_terlarang url_regex -i Save.exe
acl file_terlarang url_regex -i ATLBROWSER.DLL
acl file_terlarang url_regex -i NawaL_rm
acl file_terlarang url_regex -i Socks32.dll
acl file_terlarang url_regex -i Sc32Lnch.exe
acl file_terlarang url_regex -i dat0.exe
acl IIX dst_as 7713 4622 4795 7597 4787 4795 4800
acl block url_regex -i
\.(aiff|asf|avi|dif|divx|mov|movie|mp3|mpe?g?|mpv2|ogg|ra?m|snd|qt|wav|wmf|wmv)$
acl local-domain dstdomain localhost
acl Bad_ports port 7 9 11 19 22 23 25 53 110 119 513 514
acl Safe_ports port 21 70 80 210 443 488 563 591 777 1025-65535
acl Virus urlpath_regex winnt/system32/cmd.exe?
acl connect method CONNECT
acl post method POST
acl ssl method CONNECT
acl purge method PURGE
acl IpAddrProbeUA browser ^Mozilla/4.0.\(compatible;.MSIE.5.5;.Windows.98\)$
acl IpAddrProbeURL url_regex //[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/$
no_cache deny QUERY manager
http_access allow manager IIX Safe_ports
http_access allow client
http_access deny porn !noporn
http_access deny Bad_ports Virus IpAddrProbeUA IpAddrProbeURL
http_access deny file_terlarang
http_access deny all
### Paramater Administratifcache_mgr [email protected]_effective_user squidcache_effective_group squidvisible_hostname proxy.primadona.war.net.id
### Opsi Akselerator memory_pools off forwarded_for on
log_icp_queries off
icp_hit_stale on
minimum_direct_hops 4
minimum_direct_rtt 400
store_avg_object_size 13 KB
store_objects_per_bucket 20
client_db on
netdb_low 9900
netdb_high 10000
netdb_ping_period 30 seconds
query_icmp off
pipeline_prefetch on
reload_into_ims on
pipeline_prefetch on
vary_ignore_expire on
max_open_disk_fds 100
nonhierarchical_direct on
prefer_direct off
### Pendukung Transparan Proxy
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
### Membatasi Besar File untuk download reply_body_max_size 3512000 allow client block tidakbebasdownload
### SNMP
#snmp_port 3401
#acl snmppublic snmp_community public
#snmp_access allow all
header_access User-Agent deny all
header_replace User-Agent Mozilla/5.0 (compatible; MSIE 6.0)
header_access Accept deny all
header_replace Accept */*
header_access Accept-Language deny all
header_replace Accept-Language id, en
b. Named.Conf
// //named.conf for Red Hat caching-nameserver //
options {
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
forwarders {
203.130.193.74;
202.134.0.155;
202.134.2.5;
};
};
//
//a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; }; };
zone “.” IN {
type hint;
file “named.ca”;
};
zone “localdomain” IN {
type master;
file “localdomain.zone”;
allow-update { none; };
}; zone “localhost” IN { type master;
file “localhost.zone”; allow-update { none; }; };
zone “0.0.127.in-addr.arpa” IN {
type master;
file “named.local”;
allow-update { none; }; };
zone “0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa” IN {
type master;
file “named.ip6.local”;
allow-update { none; };
};
zone “255.in-addr.arpa” IN {
type master;
file “named.broadcast”;
allow-update { none; }; }; zone “0.in-addr.arpa” IN { type master;
file “named.zero”;
allow-update { none; };
};
include “/etc/rndc.key”; c. Gateway 192.168.1.1