MK-AUTH

http_port 3128 transparent

visible_hostname mk-auth

icp_port 0

# cache de ip acessados

ipcache_size 1024

ipcache_low 90

ipcache_high 95

fqdncache_size 1024

# tipos arquivos suportados

mime_table /etc/lusca/mime.conf

# arquivo pid usado

pid_filename /var/run/lusca.pid

# servidores dns

dns_nameservers 172.31.255.1

# arquivos de log retirados para melhor desempenho

access_log /var/log/lusca/access.log

cache_access_log /dev/null

cache_log /dev/null

cache_store_log /dev/null

# tamanho maximo do cache em memoria ram

cache_mem 550 MB

cache_swap_low 90

cache_swap_high 95

# tamanho maximo de arquivo que o cache irar guardar

maximum_object_size 35 MB

minimum_object_size 10 KB

maximum_object_size_in_memory 35 KB

# diretorio onde serao ficarao armazenado o cache das paginas.

# O 75000 MBs do HD que sera reservado para o meu cache.

cache_dir diskd /var/spool/lusca 75000 16 256

# nao passa pelo proxy

acl semcache url_regex -i "/etc/lusca/direto.lst"

cache deny semcache

always_direct allow semcache

# lista de sites proibidos para a rede toda

acl proibidos url_regex -i "/etc/lusca/proibidos.lst"

# toda a internet

acl all src 0.0.0.0/0.0.0.0

acl con_clients dst 192.168.10.0/24  #aqui coloque ip da rede dos clientes

# redirecionamento thunder cache

acl thunder_lst url_regex -i "/etc/thunder/thunder.lst"

cache deny thunder_lst

cache_peer 127.0.0.1 parent 8080 0 proxy-only no-digest

dead_peer_timeout 2 seconds

cache_peer_access 127.0.0.1 allow thunder_lst

cache_peer_access 127.0.0.1 deny all

# redes invalidas, nao sao da internet

acl rede src 127.0.0.1/32 5.0.0.0/8 169.254.0.0/16 192.168.0.0/16 10.0.0.0/8 172.16.0.0/16 172.17.0.0/16 172.18.0.0/16 172.19.0.0/16 172.20.0.0/16 172.21.0.0/16 172.22.0.0/16 172.23.0.0/16 172.24.0.0/16 172.25.0.0/16 172.26.0.0/16 172.27.0.0/16 172.28.0.0/16 172.29.0.0/16 172.30.0.0/16 172.31.0.0/16

acl manager proto cache_object

acl localhost src 127.0.0.1/32

acl to_localhost dst 127.0.0.0/32

acl SSL_ports port 443 563

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 563 # https, snews

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl Safe_ports port 901 # SWAT

acl CONNECT method CONNECT

http_access allow manager localhost

http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access deny proibidos

http_access allow manager localhost con_clients

http_access allow rede

 

#----------------------------------------------------------------------

# Bloquear archivos con suspeita de de virus

#----------------------------------------------------------------------

acl vbs url_regex -i .*\.VBS$

http_access deny vbs

acl scr url_regex -i .*\.SCR$

http_access deny scr

acl cmd url_regex -i .*\.CMD$

http_access deny cmd

acl pif url_regex -i .*\.PIF$

http_access deny pif

cache_effective_user proxy

ftp_user anonymous@anonymous.com

# CACHE FOTOS ORKUT

refresh_pattern -i images.orkut.com/.* 0 100% 43200 reload-into-ims

refresh_pattern -i static1.orkut.com/.* 0 100% 43200 reload-into-ims

refresh_pattern -i static2.orkut.com/.* 0 100% 43200 reload-into-ims

refresh_pattern -i static3.orkut.com/.* 0 100% 43200 reload-into-ims

refresh_pattern -i static4.orkut.com/.* 0 100% 43200 reload-into-ims

refresh_pattern -i img1.orkut.com/.* 0 100% 43200 reload-into-ims

refresh_pattern -i img2.orkut.com/.* 0 100% 43200 reload-into-ims

refresh_pattern -i img3.orkut.com/.* 0 100% 43200 reload-into-ims

refresh_pattern -i img4.orkut.com/.* 0 100% 43200 reload-into-ims

#----------------------------------------------------------------------

# atualizar cache

# verificar cada 15 min tempo maximo de 2280 min (2 dias)

# reload-into-ims modifica no-cache reload | cache obligatorio

#----------------------------------------------------------------------

refresh_pattern -i \.jpg$ 0 50% 21600 reload-into-ims

refresh_pattern -i \.gif$ 0 50% 21600 reload-into-ims

refresh_pattern -i \.png$ 0 50% 21600 reload-into-ims

refresh_pattern -i \.jpeg$ 0 50% 21600 reload-into-ims

refresh_pattern -i \.bmp$ 0 50% 21600 reload-into-ims

refresh_pattern -i \.tif$ 0 50% 21600 reload-into-ims

refresh_pattern -i \.tiff$ 0 50% 21600 reload-into-ims

refresh_pattern -i \.swf$ 0 50% 21600 reload-into-ims

refresh_pattern -i \.html$ 0 20% 1440 reload-into-ims

refresh_pattern -i \.htm$ 0 20% 1440 reload-into-ims

refresh_pattern -i \.shtml$ 0 20% 1440 reload-into-ims

refresh_pattern -i \.shtm$ 0 20% 1440 reload-into-ims

refresh_pattern -i \.nub$ 2880 80% 21600 reload-into-ims

refresh_pattern ^ftp: 15 20% 10080

refresh_pattern ^gopher: 15 0% 2280

refresh_pattern . 15 20% 8640

refresh_pattern -i exe$ 0 50% 999999

refresh_pattern -i zip$ 0 50% 999999

#----------------------------------------------------------------------

# Negar cache para arquivos con exten

ção .asx e .asf |streaming|

#----------------------------------------------------------------------

acl asx url_regex -i \.asx$

cache deny asx

acl asf url_regex -i \.asf$

cache deny asf

#----------------------------------------------------------------------

# usuario que executa o servidor proxy

cache_effective_user proxy

cache_effective_group proxy

coredump_dir /var/spool/lusca

half_closed_clients off

request_timeout 30 seconds

pconn_timeout 120 seconds

# marcacao ZPH

zph_tos_local 0x30

zph_tos_peer 0

zph_tos_parent off

http_access deny all

#i p mk-auth 172.31.255.2

# mask 255.255.255.252

# gateway 172.31.255.1

# dns 172.31.255.1    não coloque o segundo dns
# desse geito o mikrotik e quem resolve os dns, evitando lups e ganhado velocidade .

Exibições: 1684

Respostas a este tópico

ola a possibilidade de implantar na rede 2.4  que tipo de regra utilizo para que o cache funcione e quantos posso libera de  cache full grato Anisio

ola preciso de ajudar urgente tenho o sistema rodando certinho no status dos servicos tudo rodando eu restarto e não volta a navegação se eu reiniciar o servidor volta a navegar, ja desativei plugins do thunder mudei o dns no lusca e não resolveu. alguem ajude por favor.


#################
acl to_localhost dst 127.0.0.0/32
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # SWAT
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny proibidos
http_access allow rede
http_access deny all

# usuario que executa o servidor proxy
cache_effective_user proxy
cache_effective_group proxy

coredump_dir /var/spool/lusca

half_closed_clients off
server_persistent_connections off
client_persistent_connections off

request_timeout 30 seconds
pconn_timeout 120 seconds

# marcacao ZPH
zph_tos_local 0x30
zph_tos_peer 0
zph_tos_parent off

acompanhando...

RSS

Parceiros

 

© 2014   Criado por Pedro Filho.

Badges - Divulgar  |  Relatar erro no site  |  Termos de serviço