squid.conf

auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/passwd
auth_param basic children 3
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

acl ncsa_users proxy_auth REQUIRED
acl CONNECT method CONNECT
acl GET method GET
acl POST method POST
acl PUT method PUT
acl DELETE method DELETE
acl OPTIONS method OPTIONS
acl HEAD method HEAD
acl TRACE method TRACE
#acl FromIndoA src 202.152.0.0/8		# Bakrie Telecom
#acl FromIndoA src 112.215.94.0/8	# XL kantor
acl SSL_ports port 443
#acl Safe_ports port 1025-65535	# unregistered ports
#acl Safe_ports port 21		# ftp
#acl Safe_ports port 210		# wais
#acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 443		# https
#acl Safe_ports port 488		# gss-http
#acl Safe_ports port 591		# filemaker
#acl Safe_ports port 70		# gopher
#acl Safe_ports port 777		# multiling http
acl Safe_ports port 80		# http
#acl Safe_ports port 21 70 80 210 280 443 488 563 591 631 777 901 808 3128 1025-65535
#acl localhost src 127.0.0.1/32 ::1
#acl manager proto cache_object
#acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl JPEG url_regex -i .*image\?href=http.*api.discogs.com.*image.*\.jpeg$
acl IMAGES url_regex -i .*\.(jpg|jpeg|gif|png|bmp|tiff|svg)(\?.*)?$ 
acl youtube dstdomain .youtube.com
acl googlevideo dstdomain .googlevideo.com
acl vimeocdn dstdomain .vimeocdn.com
#acl BADURLS -i "/etc/squid3/badurls.txt"
acl BADDOMAINS dstdomain "/etc/squid3/baddomains.txt"
acl solr url_regex -i ^http:\/\/128\.199\.66\.156\:8080\/solr\/.*$
#acl solr url_regex -i bilna.com.*$
acl dropletsjava dst 128.199.66.156
cache_dir ufs /var/cache/squid3 10240 64 128  

#cache_mem 8 MB
cache_mem 0
#coredump_dir /var/spool/squid3
coredump_dir /var/cache/squid3
#http_access allow FromIndoA
#http_access allow localhost
#http_access allow manager localhost
#http_access allow CONNECT
http_access allow ncsa_users
http_access allow GET
http_access allow POST
http_access allow PUT
http_access allow DELETE
http_access allow OPTIONS
http_access allow HEAD
http_access allow TRACE
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow CONNECT SSL_ports
#http_access deny !FromIndoA
#http_access deny manager
#http_access deny BADURLS
http_access deny BADDOMAINS
http_access deny all
http_port 8888
#https_port 8888
#http_port 8888 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB key=/etc/mydlp/ssl/private.pem cert=/etc/mydlp/ssl/public.pem
#cache allow youtube
#cache allow googlevideo
#cache allow vimeocdn
#cache allow GET
cache allow IMAGES
#cache deny to_localhost
#cache allow CONNECT
cache deny solr
#cache deny dropletsjava
#cache allow all

#acl broken_sites dstdomain .example.com
#ssl_bump deny broken_sites
#ssl_bump allow all
#sslproxy_cert_error allow all
#sslproxy_flags DONT_VERIFY_PEER
#sslcrtd_program /usr/lib/squid3/ssl_crtd -s /var/lib/ssl_db -M 4MB
#sslcrtd_children 5


#delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100
delay_access 1 allow all

refresh_pattern -i \.(gif|png|jpg|jpeg|ico|bmp)(\?.*)?$ 7776000 90% 31536000 override-expire override-lastmod ignore-reload ignore-no-cache ignore-no-store ignore-must-revalidate ignore-private ignore-auth 
#refresh_pattern rep_mime_type video/flv video/x-flv 7776000 90% 31536000 override-expire ignore-reload ignore-private
#refresh_pattern rep_mime_type image/jpg image/jpeg image/pjpeg image/png image/gif image/bmp 7776000 90% 31536000 override-expire ignore-reload ignore-private ignore-no-store ignore-must-revalidate
refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff|pdf|uxx)(\?.*)?$ 260000 90% 260009 override-expire override-lastmod ignore-reload ignore-no-cache ignore-no-store ignore-must-revalidate ignore-private ignore-auth
refresh_pattern -i \.index.(html|htm)$ 900 90% 40320 refresh-ims ignore-no-store ignore-no-cache
refresh_pattern -i \.(html|htm)$ 1440 90% 40320 override-expire ignore-no-store ignore-no-cache 
refresh_pattern -i \.(js|css)(\?.*)?$ 14400 90% 40329 override-expire override-lastmod ignore-reload ignore-no-cache ignore-no-store ignore-must-revalidate ignore-private ignore-auth
#refresh_pattern (/cgi-bin/|\?) 0 0% 0
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv|mpg|wma|ogg|wmv|asx|asf)(\?.*)?$ 7776000 90% 31536000 override-expire override-lastmod ignore-no-store ignore-no-cache ignore-reload ignore-private ignore-must-revalidate ignore-auth
#refresh_pattern . 0 20% 4 ignore-no-store refresh-ims
#refresh_pattern -i \.kompas(ads|iana)*?\.com\/.*?$ 1440 90% 3600 override-expire ignore-reload ignore-no-cache ignore-no-store ignore-must-revalidate ignore-private ignore-auth
refresh_pattern -i \.(woff|ttf|otf|eot)(\?.*)*?$ 7776000 90% 31536000 override-expire override-lastmod ignore-reload ignore-no-cache ignore-no-store ignore-must-revalidate ignore-private ignore-auth
refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
refresh_pattern ^gopher:       1440    0%      1440
refresh_pattern ^ftp: 144000 20% 1008000
refresh_pattern . 7200 100% 260000 refresh-ims
#refresh_pattern . 7200 100% 260000 override-expire ignore-reload ignore-no-cache ignore-no-store ignore-must-revalidate ignore-private ignore-auth
#refresh_pattern -i ^http:\/\/128\.199\.66\.156\:8080\/solr\/.* 0 0% 0

cache_swap_low 92
cache_swap_high 95
#offline_mode oncache_swap_low 90
minimum_object_size 0 KB
maximum_object_size 512 MB
maximum_object_size_in_memory 512 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA

via off
#forwarded_for off 
forwarded_for delete

cache_mgr hello@gilaya.com
cache_effective_user proxy
cache_effective_group proxy
httpd_suppress_version_string on
#visible_hostname sumatra.gilaya.com

#another optimizing
negative_ttl 0
memory_pools off
client_db off
reload_into_ims on
balance_on_multiple_ip on
vary_ignore_expire on
pipeline_prefetch on
quick_abort_min 4 KB
quick_abort_max 16 KB
quick_abort_pct 95
shutdown_lifetime 3 seconds
half_closed_clients off
#cache_effective_user squid
#cache_effective_group squid
dns_nameservers 8.8.8.8 8.8.4.4
ipcache_size 2048
ipcache_low 90
ipcache_high 95


minimum_expiry_time 3600 seconds

#request_header_access Allow allow all 
#request_header_access Authorization allow all 
#request_header_access WWW-Authenticate allow all 
#request_header_access Proxy-Authorization allow all 
#request_header_access Proxy-Authenticate allow all 
#request_header_access Cache-Control allow all 
#request_header_access Content-Encoding allow all 
#request_header_access Content-Length allow all 
#request_header_access Content-Type allow all 
#request_header_access Date allow all 
#request_header_access Expires allow all 
#request_header_access Host allow all 
#request_header_access If-Modified-Since allow all 
#request_header_access Last-Modified allow all 
#request_header_access Location allow all 
#request_header_access Pragma allow all 
#request_header_access Accept allow all 
#request_header_access Accept-Charset allow all 
#request_header_access Accept-Encoding allow all 
#request_header_access Accept-Language allow all 
#request_header_access Content-Language allow all 
#request_header_access Mime-Version allow all 
#request_header_access Retry-After allow all 
#request_header_access Title allow all 
#request_header_access Connection allow all 
#request_header_access Proxy-Connection allow all 
#request_header_access User-Agent allow all 
#request_header_access Cookie allow all 
#request_header_access All deny all