Posted on 23.01 by Danar Hadinata
By: Danar Hadinata
install via port
> cd /usr/ports/
> make search key=squid | grep Path -A 2
> cd /usr/ports/www/squid
> make fetch package install
Jangan lupa enablekan option berikut :
[X] SQUID_PF Enable transparent proxying with PF
Edit konfigurasi squid :
> cd /usr/local/etc/squid/
Configurasi Squid
1. Buat direktory Chache nya sesuai dengan script squid.conf atau sesuaikan dengan kapasitas hardisk sampean
root# mkdir /cache1 /cache2 /cache3 /cach4 /cache5
root# chown squid:squid /cache1
root# chown squid:squid /cache2
root# chown squid:squid /cache3
root# chown squid:squid /cache4
root# chown squid:squid /cache5
2. Tentukan dan file access.log dan cache.log << sesuaikan alamatnya pada scripty squid.conf
root# mkdir /var/log/squid
Root# cd /var/log/squid
Root# tuch –f access.log
Root# tuch –cache.log
Root# chown squid:squid /var/log/squid
3. Copy kan script ini ke file squid.conf yang berada di /usr/local/etc/squid
Root# ee squid.conf
http_port 3128
icp_port 3130
acl QUERY urlpath_regex cgi-bin \?
acl nocache-domain dstdomain .mail.yahoo.com .login.yahoo.com
no_cache deny QUERY
no_cache deny nocache-domain
#----------- disk management ---------- ##
cache_dir diskd /cache1 1500 64 256 Q1=72 Q2=64
cache_dir diskd /cache2 1500 64 256 Q1=72 Q2=64
cache_dir diskd /cache3 1500 64 256 Q1=72 Q2=64
cache_dir diskd /cache4 1500 64 256 Q1=72 Q2=64
cache_dir diskd /cache5 1500 64 256 Q1=72 Q2=64
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /dev/null
mime_table /usr/local/etc/squid/mime.conf
diskd_program /usr/local/libexec/squid/diskd
cache_dns_program /usr/local/libexec/squid/dnsserver
redirect_program /usr/local/libexec/adzap
redirect_program /usr/local/bin/squidGuard
log_icp_queries off
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
emulate_httpd_log on
redirect_rewrites_host_header off
dead_peer_timeout 5 seconds
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
half_closed_clients off
dns_children 16
#-----------transparent proxy -----------
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
#-------------------------------------------
acl dns src 202.134.1.10
acl sip src 192.168.1.0/30
acl net src 192.168.10.0/26
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/32
acl Safe_ports port 80 443 210 119 563 70 21 1025-65535
acl CONNECT method CONNECT
http_access allow localhost
http_access allow dns
http_access allow sip
http_access allow net
http_access deny !Safe_ports
http_access deny CONNECT
http_access deny all
#---------------- administration info ------------
cache_mgr \n admin@dije.co.cc
cache_effective_user squid
cache_effective_group squid
log_icp_queries off
cachemgr_passwd mypassword all
forwarded_for off
buffered_logs on
visible_hostname \dije.co.cc
#---------- HTTP accelerator --------------- #
cache_mem 6 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
maximum_object_size_in_memory 2048 KB
ipcache_size 40000
ipcache_low 90
ipcache_high 99
fqdncache_size 512
memory_replacement_policy lru
store_avg_object_size 30 KB
half_closed_clients off
#====================================================================$
# MISCELLANEOUS
#=====================================================================$
##REFRESH PATTERN
request_header_max_size 14 KB
refresh_pattern ^ftp: 10080 95% 241920
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 120 95% 120960
refresh_pattern \.gif 4320 50% 43200
refresh_pattern \.jpg 4320 50% 43200
refresh_pattern \.tif 4320 50% 43200
refresh_pattern \.png 4320 50% 43200
refresh_pattern \.jpeg 4320 50% 43200
refresh_pattern http://.*\.kompas\.com/ 0 20% 4320
refresh_pattern http://.*\.mobstar\.cc/ 0 20% 4320
refresh_pattern -i ^http://.*\.yahoo\.com/ 0 20% 4320
refresh_pattern -i ^http://.*\.indosat\.net\.id/ 0 20% 4320
refresh_pattern -i ^http://.*\.friendster\.com/ 0 20% 4320
refresh_pattern -i ^http://.*\.google\.com/ 0 20% 4320
refresh_pattern -i ^http://.*\.jawapos\.com/ 0 20% 4320
refresh_pattern -i ^http://.*\.detik\.com/ 0 20% 4320
refresh_pattern -i ^http://.*\.telkom\.net/ 0 20% 4320
refresh_pattern -i ^http://.*\.plasa\.com/ 0 20% 4320
refresh_pattern -i ^http://.*\.mail.yahoo\.com/ 0 20% 4320
refresh_pattern -i ^http://.*\.mail.telkom\.net/ 0 20% 4320
refresh_pattern -i ^http://.*\.hotmail\.com/ 0 20% 4320
refresh_pattern -i ^http://.*\.sctv\.com/ 0 20% 4320
refresh_pattern -i ^http://.*\.liputan6\.com/ 0 20% 4320
refresh_pattern -i ^http://.*\.gmail\.com/ 0 20% 4320
refresh_pattern -i ^http://.*\.indosiar\.com/ 0 20% 4320
refresh_pattern -i exe$ 0 50% 999999
refresh_pattern -i zip$ 0 50% 999999
refresh_pattern -i tar\.gz$ 0 50% 999999
refresh_pattern -i tgz$ 0 50% 999999
logfile_rotate 10
icp_query_timeout 20000
extension_methods SEARCH PROPPATCH
forwarded_for on
digest_generation on
digest_bits_per_entry 10
digest_rebuild_period 30 minute
digest_rewrite_period 30 minute
digest_swapout_chunk_size 6000 bytes
client_persistent_connections on
server_persistent_connections on
pipeline_prefetch on
store_dir_select_algorithm round-robin
nonhierarchical_direct off
prefer_direct off
ie_refresh on
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 98
positive_dns_ttl 1 hours
negative_dns_ttl 1 minute
connect_timeout 1 minute
read_timeout 60 minutes
request_timeout 1 minutes
persistent_request_timeout 5 minute
client_lifetime 1 day
half_closed_clients off
pconn_timeout 300 seconds
shutdown_lifetime 10 seconds
pipeline_prefetch on
vary_ignore_expire on
negative_ttl 2 minutes
buffered_logs on
ie_refresh off
nonhierarchical_direct on
prefer_direct off
## Blacklist -------------#
acl block1 url_regex -i "/etc/block1.txt"
acl block2 url_regex -i "/etc/block2.txt"
acl IpAddressOnly url_regex ^http://[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/$
acl GETONLY method GET
acl exploit urlpath_regex winnt/system32/cmd.exe?
acl virus dst 204.177.92.204/32 64.191.99.145/32
acl gator dstdom_regex gator hot_indonesia.exe
acl BADPORTS port 7 9 11 19 22 23 25 110 119 513 514
http_access deny block1
http_access deny block2
http_access deny IpAddressOnly
http_access deny GETONLY
http_access deny exploit
http_access deny virus
http_access deny gator
http_access deny BADPORTS
http_access deny all
#############################################################
#acl limit url_regex -i ftp \.mp3$ \.zip$ \.ram$ \.rmi$ \.pdf$ \.tgz$ \.gz$ \.exe$ \.mov$ \.mpg$
#delay_pools 1
#delay_class 1 1
#delay_parameters 1 -1/-1 5000/32000
#delay_access 1 allow net limit
#delay_access 1 deny ALL
4. Buat direktori cache dengan ketik squid -z
5. Test dengan ketik squid –DF dan liat di TOP dah running apa belum, kalo udah berarti beres
6. Biar disaat start otomatis running masukkan perintah ini di /etc/rc.conf
Squid_enable=”YES”
Squid_flag=”-DF”
7. Test dengan browser dengan setting arahkan pada ip Proxy anda.
8. Untuk melihat aktivitas traffic :
root# tail-f /var/log/squid/access.log
Pastikan kalo di top udah running.
Langganan:
Posting Komentar (Atom)
No Response to " "
Leave A Reply