8.9.08

Cara setting squid web proxy di linux

Tutorial berikut berisi tentang instalasi squid. untuk isi dari squid.conf nya diambil dari tulisan balinux.or.id,
yang dibuat oleh saudara egi (egi@nuxegi.net). untuk isi squid.conf, bisa dimodifikasi sesuai kebutuhan kita

instalasi squid
1. extrak paket
#tar -xvzf squid-2.6.STABLE4.tar.gz

2. kemudian lakukan kompilasi squid
[root@gateway squid-2.6.STABLE4]#./configure –prefix=/usr/local/squid –sysconfdir=/etc/ –enable-gnuregex –enable-icmp –enable-delay-pools –enable-snmp –enable-htcp –enable-ssl –enable-cache-digests –enable-linux-netfilter –enable-large-cache-files –enable-carp –with-pthreads –enable-carp –with-pthreads –enable-storeio=diskd,ufs –enable-removal-policies=heap –enable-arp-acl –enable-forw-via-db –enable-leakfinder –enable-truncate –enable-underscores –enable-stacktraces –enable-dlmalloc

[root@gateway squid-2.6.STABLE4]#make
[root@gateway squid-2.6.STABLE4]#make install

3. buat directory cache, kemudian ubah hak aksesnya
[root@gateway squid-2.6.STABLE4]# mkdir –mode=777 /usr/local/squid/var/cache
[root@gateway squid-2.6.STABLE4]# chown -Rf squid.squid /usr/local/squid/var/cache/
4. buat file access.log dan cache.log
[root@gateway squid-2.6.STABLE4]# touch /usr/local/squid/var/logs/access.log
[root@gateway squid-2.6.STABLE4]# touch /usr/local/squid/var/logs/cache.log
5. buat permission akses filenya
[root@gateway squid-2.6.STABLE4]#chown -Rf squid.squid /usr/local/squid/var/logs/
[root@gateway squid-2.6.STABLE4]#chmod -Rf 777 /usr/local/squid/var/cache/

Editting squid.conf
“file /etc/squid.conf”
# file: Squid.conf
# Creted by : egi@nuxegi.net
#
#————————————————————————–
# Port yang digunakan 8080 atau 3128
#————————————————————————–
http_port 8080
icp_port 3130
#————————————————————————–
# Pilihan proxy
#————————————————————————–
#cache_peer 202.xxx.xxx.xxx parent 8080 3130 no-query default
#cache_peer sv.us.ircache.net parent 3128 3130 login=egi@nuxegi.net.id:FafboluveuvEecgi
#cache_peer sj.us.ircache.net parent 3128 3130 login=egi@nuxegi.net.id:FafboluveuvEecgi
#icp_query_timeout 2000
#maximum_icp_query_timeout 2000
#mcast_icp_query_timeout 2000
#dead_peer_timeout 15 seconds
hierarchy_stoplist cgi-bin
hierarchy_stoplist ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
#prefer_direct off
#————————————————————————–
# Pilihan kebutuhan cache
#————————————————————————–
cache_mem 8 MB
cache_swap_low 90
cache_swap_high 95
minimum_object_size 0 KB
maximum_object_size 100 MB
maximum_object_size_in_memory 20 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF
#————————————————————————–
# File Log dan tempat directori cache…direktori cache bisa dibuat lebih dari 1 (satu)
#————————————————————————–
cache_dir diskd /usr/local/squid/var/cache 3000 16 256 Q1=72 Q2=64
store_dir_select_algorithm round-robin
cache_access_log /usr/local/squid/var/logs/access.log
cache_log /usr/local/squid/var/logs/cache.log
cache_store_log /usr/local/squid/var/logs/store.log
emulate_httpd_log off
log_ip_on_direct off
log_fqdn off
log_mime_hdrs off
log_icp_queries off
buffered_logs off
debug_options ALL,1
mime_table /squid/etc/mime.conf

#————————————————————————–
# Options For External Support Programs
#————————————————————————–
ftp_user admin@dapenbni.co.id
ftp_list_width 32
ftp_passive on
#dns_nameservers 202.155.0.10 202.155.0.15
unlinkd_program /usr/local/squid/libexec/unlinkd
redirect_rewrites_host_header on
#————————————————————————–
# Options For Peer Database
#————————————————————————–
digest_generation on
digest_bits_per_entry 10
digest_rebuild_period 30 minutes
digest_rewrite_period 30 minutes
digest_swapout_chunk_size 6000 bytes
client_persistent_connections on
server_persistent_connections on
pipeline_prefetch on
store_dir_select_algorithm round-robin
#————————————————————————–
# Optimalkan cache
#————————————————————————–
request_header_max_size 10 KB
request_body_max_size 3 MB
#reply_body_max_size 500 MB
refresh_pattern -i \.gif$ 10080 90% 43200
refresh_pattern -i \.jpg$ 10080 90% 43200
refresh_pattern -i \.bom\.gov\.au 30 20% 120
refresh_pattern -i \.html$ 480 50% 22160
refresh_pattern -i \.htm$ 480 50% 22160
refresh_pattern -i \.class$ 10080 90% 43200
refresh_pattern -i \.zip$ 10080 90% 43200
refresh_pattern -i \.jpeg$ 10080 90% 43200
refresh_pattern -i \.mid$ 10080 90% 43200
refresh_pattern -i \.shtml$ 480 50% 22160
refresh_pattern -i \.exe$ 10080 90% 43200
refresh_pattern -i \.thm$ 10080 90% 43200
refresh_pattern -i \.wav$ 10080 90% 43200
refresh_pattern -i \.txt$ 10080 90% 43200
refresh_pattern -i \.cab$ 10080 90% 43200
refresh_pattern -i \.au$ 10080 90% 43200
refresh_pattern -i \.mov$ 10080 90% 43200
refresh_pattern -i \.xbm$ 10080 90% 43200
refresh_pattern -i \.ram$ 10080 90% 43200
refresh_pattern -i \.avi$ 10080 90% 43200
refresh_pattern -i \.chtml$ 480 50% 22160
refresh_pattern -i \.thb$ 10080 90% 43200
refresh_pattern -i \.dcr$ 10080 90% 43200
refresh_pattern -i \.bmp$ 10080 90% 43200
refresh_pattern -i \.phtml$ 480 50% 22160
refresh_pattern -i \.mpg$ 10080 90% 43200
refresh_pattern -i \.pdf$ 10080 90% 43200
refresh_pattern -i \.art$ 10080 90% 43200
refresh_pattern -i \.swf$ 10080 90% 43200
refresh_pattern -i \.mp3$ 10080 90% 43200
refresh_pattern -i \.ra$ 10080 90% 43200
refresh_pattern -i \.spl$ 10080 90% 43200
refresh_pattern -i \.viv$ 10080 90% 43200
refresh_pattern -i \.doc$ 10080 90% 43200
refresh_pattern -i \.gz$ 10080 90% 43200
refresh_pattern -i \.Z$ 10080 90% 43200
refresh_pattern -i \.tgz$ 10080 90% 43200
refresh_pattern -i \.tar$ 10080 90% 43200
refresh_pattern -i \.vrm$ 10080 90% 43200
refresh_pattern -i \.vrml$ 10080 90% 43200
refresh_pattern -i \.aif$ 10080 90% 43200
refresh_pattern -i \.aifc$ 10080 90% 43200
refresh_pattern -i \.aiff$ 10080 90% 43200
refresh_pattern -i \.arj$ 10080 90% 43200
refresh_pattern -i \.c$ 10080 90% 43200
refresh_pattern -i \.cpt$ 10080 90% 43200
refresh_pattern -i \.dir$ 10080 90% 43200
refresh_pattern -i \.dxr$ 10080 90% 43200
refresh_pattern -i \.hqx$ 10080 90% 43200
refresh_pattern -i \.jpe$ 10080 90% 43200
refresh_pattern -i \.lha$ 10080 90% 43200
refresh_pattern -i \.lzh$ 10080 90% 43200
refresh_pattern -i \.midi$ 10080 90% 43200
refresh_pattern -i \.movie$ 10080 90% 43200
refresh_pattern -i \.mp2$ 10080 90% 43200
refresh_pattern -i \.mpe$ 10080 90% 43200
refresh_pattern -i \.mpeg$ 10080 90% 43200
refresh_pattern -i \.mpga$ 10080 90% 43200
refresh_pattern -i \.pl$ 10080 90% 43200
refresh_pattern -i \.ppt$ 10080 90% 43200
refresh_pattern -i \.ps$ 10080 90% 43200
refresh_pattern -i \.qt$ 10080 90% 43200
refresh_pattern -i \.qtm$ 10080 90% 43200
refresh_pattern -i \.ras$ 10080 90% 43200
refresh_pattern -i \.sea$ 10080 90% 43200
refresh_pattern -i \.sit$ 10080 90% 43200
refresh_pattern -i \.tif$ 10080 90% 43200
refresh_pattern -i \.tiff$ 10080 90% 43200
refresh_pattern -i \.snd$ 10080 90% 43200
refresh_pattern -i \.wrl$ 10080 90% 43200
refresh_pattern ^ftp:// 480 60% 22160
refresh_pattern ^gopher:// 30 20% 120
refresh_pattern . 480 50% 22160
#reference_age 1 month
quick_abort_min 16 KB
quick_abort_max 32 KB
quick_abort_pct 95
negative_ttl 5 minutes
positive_dns_ttl 6 hours
negative_dns_ttl 10 minutes
range_offset_limit 0 KB
connect_timeout 360 seconds
read_timeout 15 minutes
request_timeout 360 seconds
client_lifetime 100 day
half_closed_clients on
pconn_timeout 120 seconds
ident_timeout 10 seconds
shutdown_lifetime 30 seconds
announce_period 7 day
#————————————————————————–
# Timeouts
#————————————————————————–
connect_timeout 120 seconds
peer_connect_timeout 60 seconds
#siteselect_timeout 6 seconds
read_timeout 5 minutes
request_timeout 20 seconds
client_lifetime 1 day
half_closed_clients on
pconn_timeout 60 seconds
ident_timeout 5 seconds
shutdown_lifetime 30 seconds
#————————————————————————–
# Informasi Administrativ
#————————————————————————–
cache_mgr admin@dapenbni.co.id
cache_effective_user squid
cache_effective_group squid
visible_hostname gateway.dapenbni.co.id
unique_hostname gateway.dapenbni.co.id
#————————————————————————–
# Cache
#————————————————————————–
announce_host gateway.dapenbni.co.id
announce_port 8080
#————————————————————————–
# Kebutuhan Transparent Proxy
#————————————————————————–
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
httpd_accel_single_host off

#————————————————————————–
# Lain-lain
#————————————————————————–
logfile_rotate 5
memory_pools on
memory_pools_limit 200 MB
forwarded_for on
log_icp_queries on
icp_hit_stale on
minimum_direct_hops 5
minimum_direct_rtt 400
store_avg_object_size 13 KB
store_objects_per_bucket 50
client_db off
netdb_low 900
netdb_high 1000
netdb_ping_period 1 minutes
query_icmp on
test_reachability on
reload_into_ims on
#fake_user_agent SiNK1NGfuNK/1.0 (CP/M; 128-bit)
#————————————————————————–
# Manajemen Akses
#————————————————————————–
acl all src 0/0
acl internal src 192.168.0.0/24
acl allowedhost src 202.xxx.xxx.xxx
#acl blok url_regex -i gohip
#acl blok1 url_regex -i bonzi
#acl blok2 url_regex -i lolitas
#acl blok3 url_regex -i passthison
#acl blok4 url_regex -i dewisex
#acl blok5 url_regex -i lolitasworld
#acl blok6 url_regex -i netsetter
acl localservers src 202.xxx.xxx.xxx
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 808 70 210 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
always_direct allow localhost
always_direct allow internal
always_direct allow allowedhost
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#http_access deny blok
#http_access deny blok1
#http_access deny blok2
#http_access deny blok3
#http_access deny blok4
#http_access deny blok5
#http_access deny blok6
http_access allow localhost
http_access allow internal
http_access allow allowedhost
http_access allow localservers
http_access deny all
icp_access allow all
miss_access allow all
#snmp_access allow localhost
#snmp_access deny all
#snmp_port 3401
#acl snmppublic snmp_community public
#snmp_access allow snmppublic allowed_hosts
#snmp_access deny all
never_direct allow all
#————————————————————————–
# Parameter Delaypool
#————————————————————————–
acl magic_words1 url_regex -i 202.154
acl magic_words2 url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .rpm .zip .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav
delay_pools 2
delay_class 1 2
#-1/-1 mean that there are no limits
delay_parameters 1 -1/-1 -1/-1
delay_access 1 allow magic_words1
delay_class 2 2
delay_parameters 2 4000/150000 4000/120000
delay_access 2 allow magic_words2

menjalankan squid
[root@gateway squid-2.6.STABLE4]# /usr/local/squid/sbin/squid -z
[root@gateway squid-2.6.STABLE4]# /usr/local/squid/sbin/squid -sYD

Cek squid
[root@gateway squid-2.6.STABLE4]# netstat -plnat grep squid
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 14066/(squid)



Sumber : www.fedora.or.id

No comments:

Post a Comment