squid.conf

Diskusi tentang Ubuntu Server baik webserver, database server, samba server dan service lainnya serta jaringan menggunakan Sistem Operasi Ubuntu.
User avatar
second_line08
Contact:

squid.conf

Post 11 Mar 2010, 00:45

malem all..

banyak teman2 kita termasuk saya, mecari refrensi mengenai isi file squid.conf

untuk teman2 yang punya squid.conf.. bisa share disini.. agar bisa menjadi media pembelajaran bersama...

ditunggu...thanks before..


User avatar
bleTux
Contact:

Post 11 Mar 2010, 01:50

Squid adalah aplikasi proxy web cache server yang paling banyak dipakai saat ini.
langkah-langkah Install squid
$ sudo apt-get install squid squid-common
Copy file /etc/squid/squid.conf
$ sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original
$ sudo chmod a-w /etc/squid/squid.conf.original
lalu Konfigurasikan squid tersebut
contoh: konfigurasi untuk squid 2.6
$ sudo gedit /etc/squid/squid.conf
http_port 8888 transparent
http_access allow all
cache_mem 32 MB
cache_dir ufs /var/spool/squid 1600 4 256
negative_ttl 2 minutes
maximum_object_size 1024 KB
minimum_object_size 4 KB
visible_hostname myServer
http_access allow manager localhost
cache_swap_low 80
cache_swap_high 100

Panduan setting squid dari http://www.squid-cache.org adalah:
Configuration Guide - 2.6
Configuration Guide - 3.0
Setelah konfigurasi selesai, simpan konfigurasi tersebut. Initialize cache direktori dengan squid -z

cara membuat Transparent Proxy menggunakan IPTables
Meredirect port 80 ke port squid 8888
$ sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8888
$ sudo iptables-save
untuk lebih detail mengenai transparent proxy kakak aditya bisa melihat di :
http://tldp.org/HOWTO/TransparentProxy.html

cara merestart squid : $ sudo /etc/init.d/squid restart

sekian semoga bisa membantu kakak.
pasti kakak aditya mau main petak umpet ya.... :grin:


User avatar
second_line08
Contact:

Post 11 Mar 2010, 05:14

yang saya maksud teman2 share squid.conf yang teman2 gunakan..
bukan pengertiannnya..
tapi gak pap2.. lumayan..
thanks ya dah share.. :D

nyok siapa lagi...nyang mau share


User avatar
second_line08
Contact:

Post 11 Mar 2010, 23:16

saya pake ini

#=========================== ACCESS CONTROLS ==================================
# http://www.oneminds.com admin:secondline08@gmail.com squid.conf rules
# -----------------------------------------------------------------------------
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT

# Ijinkan akses cachemgr hanya dari localhost
http_access allow manager localhost
http_access deny manager

# Ijinkan request purge hanya dari localhost
http_access allow purge localhost
http_access deny purge

# Deny request ke ports yang tidak dikenal
http_access deny !Safe_ports

# Deny CONNECT selain ke port SSL
http_access deny CONNECT !SSL_ports

# Ini adalah network LAN di kantor
acl jaringan_kantor src 192.168.1.0-192.168.1.50/24
acl jam_kerja time MTWH 08:00-12:00 # Senin s.d Kamis jam 08:00 s.d Jam 12:00
acl jam_kerja time F 08:00-11:30 # Jumat 08:00-11:30 WIB
acl jam_kerja time MTWHF 13:00-16:00 # Senin s.d Jumat jam 13:00 s.d 16:00

# memblock situs porno, kata porno, ip porno
acl "Kata Terlarang" dstdomain "/usr/local/etc/squid/porn.txt"
acl "Kata Terlarang" url_regex -i "/usr/local/etc/squid/pornword.txt
acl "Kata Terlarang" dst "/usr/local/etc/squid/pornip.txt
http_access deny "Kata Terlarang"

# memblock situs sesuai kebijakan kantor
acl rules_kantor dstdomain "/usr/local/etc/squid/ruleskantor.txt"
http_access deny rules_kantor

# manager dan boss
acl manager src 192.168.1.51 # manager keuangan
acl manager src 192.168.1.52 # manager marketing
acl manager src 192.168.1.210 # general manager
acl boss src 192.168.1.68 # si boss besar

# Buka akses internet untuk manager dan boss, tanpa batasan waktu
http_access allow manager
http_access allow boss

# Untuk karyawan lainnya, buka akses internet diluar jam kerja
http_access allow rules_kantor !jam_kerja
http_access allow jaringan_kantor
http_access allow localhost

# Dan akhirnya deny semua akses ke proxy ini
http_access deny all
icp_access deny all


# NETWORK OPTIONS
# -----------------------------------------------------------------------------

# Squid biasanya dijalankan di port 3128
http_port 3128


# DISK CACHE OPTIONS
# -----------------------------------------------------------------------------

# Saya alokasikan 2000 MB space harddisk
cache_dir ufs /var/spool/squid 2000 16 256


# LOGFILE OPTIONS
# -----------------------------------------------------------------------------
access_log /var/log/squid/access.log squid


# OPTIONS FOR TUNING THE CACHE
# -----------------------------------------------------------------------------
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320


# HTTP OPTIONS
# -----------------------------------------------------------------------------

# Apache mod_gzip and mod_deflate known to be broken so don't trust
# Apache to signal ETag correctly on such responses
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

# TAG: extension_methods
# Squid only knows about standardized HTTP request methods.
# You can add up to 20 additional "extension" methods here.
extension_methods REPORT MERGE MKACTIVITY CHECKOUT


# MISCELLANEOUS
# -----------------------------------------------------------------------------
coredump_dir /var/spool/squid
cache_mgr second.line08@gmail.com
visible_hostname proxy.tekun.com


User avatar
c0jack
Contact:

Post 12 Mar 2010, 08:26

waaah siip dah bro, referensi yang berharga nih :)


regards,
c0jack


User avatar
winkoplak

Post 12 Mar 2010, 08:43

bleckock wrote:Squid adalah aplikasi proxy web cache server yang paling banyak dipakai saat ini.
langkah-langkah Install squid
$ sudo apt-get install squid squid-common
Copy file /etc/squid/squid.conf
$ sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original
$ sudo chmod a-w /etc/squid/squid.conf.original
lalu Konfigurasikan squid tersebut
contoh: konfigurasi untuk squid 2.6
$ sudo gedit /etc/squid/squid.conf
http_port 8888 transparent


ini malah berguna bgt bagi yg belajar gan
http_access allow all
cache_mem 32 MB
cache_dir ufs /var/spool/squid 1600 4 256
negative_ttl 2 minutes
maximum_object_size 1024 KB
minimum_object_size 4 KB
visible_hostname myServer
http_access allow manager localhost
cache_swap_low 80
cache_swap_high 100

Panduan setting squid dari http://www.squid-cache.org adalah:
Configuration Guide - 2.6
Configuration Guide - 3.0
Setelah konfigurasi selesai, simpan konfigurasi tersebut. Initialize cache direktori dengan squid -z

cara membuat Transparent Proxy menggunakan IPTables
Meredirect port 80 ke port squid 8888
$ sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8888
$ sudo iptables-save
untuk lebih detail mengenai transparent proxy kakak aditya bisa melihat di :
http://tldp.org/HOWTO/TransparentProxy.html

cara merestart squid : $ sudo /etc/init.d/squid restart

sekian semoga bisa membantu kakak.
pasti kakak aditya mau main petak umpet ya.... :grin:


User avatar
Souji

Post 12 Mar 2010, 16:17

kk, mau tanya disini boleh ngak?
kalau kita mau membatasi client tertentu hanya boleh browsing url tertentu apakah bisa kalau menggunakan transparant proxy?
atau harus pakai authentication?
misal user a hanya boleh browsing google.com
user b hanya yahoo.com
thanks


User avatar
second_line08
Contact:

Post 20 Mar 2010, 11:05

yup..

bisa pake transparant proxy, konfigurasi pake squid..

gak perlu pake authentication, pelajari acl..di squid :D


User avatar
ninja
Contact:

Post 21 Mar 2010, 03:12

ini salah satu pengaturan squid buat pembatasan bandwith :

buka konsol lalu eksekusi perintah berikut
vi /etc/squid/squid.conf

lalu tambahkan isi file squid.conf dengan teks berikut.

# Batas kecepatan koneksi overall adalah 256 Kbps.
# per network adalah 64 kbps.
# Sedangkan per-user/host dibatasi 2 Kbps jika digunakan untuk download, misalnya file bertipe exe, mp3, vqf, tar.gz, gz, rpm, zip, rar, avi, mpeg, mpe, mpg. qt, ram, rm, iso, raw, dan wav.
acl filegede url_regex -i \.exe
acl filegede url_regex -i \.mp3
acl filegede url_regex -i \.vqf
acl filegede url_regex -i \.gz
acl filegede url_regex -i \.rpm
acl filegede url_regex -i \.zip
acl filegede url_regex -i \.rar
acl filegede url_regex -i \.avi
acl filegede url_regex -i \.mpeg
acl filegede url_regex -i \.mpe
acl filegede url_regex -i \.mpg
acl filegede url_regex -i \.qt
acl filegede url_regex -i \.ram
acl filegede url_regex -i \.rm
acl filegede url_regex -i \.iso
acl filegede url_regex -i \.raw
acl filegede url_regex -i \.wav
delay_pools 2
delay_class 1 3
delay_parameters 1 32000/32000 8000/8000 250/250
delay_access 1 allow lan filegede
delay_access deny all
delay_class 2 2
delay_parameters 2 32000/32000 8000/8000
delay_access 2 allow all
delay_access 2 deny all

selanjutnya restart squid dengan perintah
/etc/init.d/squid restart

semoga bermanfaat


User avatar
Souji

Post 22 Mar 2010, 11:04

aditya_prasetyo wrote:yup..

bisa pake transparant proxy, konfigurasi pake squid..

gak perlu pake authentication, pelajari acl..di squid :D
caranya gimana kk? bisa kasi contoh ngak?
soalnya sudah buntu nih.


User avatar
MasDjo
Contact:

Post 22 Mar 2010, 11:59

Contoh untuk menjadikan transparent proxy di ubuntu 9.04 server dg squid 2.7 stable
eth0 ---> LAN/switch/client
eth1 ---> modem adsl

pada squid.conf pastikan ada : ( misal pake port 3128/default )

Code: Select all

http_port 3128 transparent
share internet :
edit /etc/sysctl.conf
hilangkan tanda "#" pd baris berisi : net.ipv4.ip_forward=1
lalu :

Code: Select all

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
lalu seting IPtable agar HTTP (80) dibelokkan ke port squid (3128)

Code: Select all

iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
simpan IPtables rules agar setelah booting gak hilang/ misal di /etc/network/natku :

Code: Select all

sudo sh -c 'iptables-save > /etc/network/natku'
edit /etc/network/interfaces, tambahkan pada baris terbawah dari eth0 ( LAN ) sbb :

Code: Select all

up iptables-restore < /etc/network/natku
shg kira2 jadi seperti ini :

Code: Select all

auto eth0
iface eth0 inet static
	address 192.168.0.1
	netmask 255.255.255.0
	network 192.168.0.0
	broadcast 192.168.0.255
	# dns-* options are implemented by the resolvconf package, if installed
	dns-nameservers 192.168.0.1
	dns-search dns.punyaku.net
	up iptables-restore < /etc/network/natku

terakhir, reboot.


User avatar
ninja
Contact:

Post 22 Mar 2010, 12:15

kata bro aditya pelajari acl bro souji...
neh contoh pengaturannya...
#memperbolehkan akses domain detik.com dan linux.org
acl situs_diperbolehkan dstddomain detik.com linux.org
# memperbolehkan semua sub domain dari
# aljazeera.net atau cnn.com
acl situs_subdomain dstddomain .aljazeera.net.cnn.com
# hanya memperbolehkan situs berekstensi .org
acl situs_org dstddomain .org
# hanya memperbolehkan pengaksesan di jam kerja
acl jam_kerja time MTWHF 9:00-18:00
# hanya memperbolehkan pangaksesan saat jam makan siang
acl makan_siang time MTWHF 12:00-13:00
# hanya memperbolehkan akhir pekan
acl akhir_minggu time AS 00:00-23:59
# URL yang berakhiran ".zip".
acl file_zip url_regex -i \.zip$
# memperbolehkan url yang mengandung https
acl url_http yrl_regex -i ^https

itu contoh-contohnya yang lengkap udah di posting sama bro adit diatas, jadi pelajari acl nya bro souji Image


User avatar
Souji

Post 22 Mar 2010, 13:56

sorry kk, kalau aclnya saya sudah mengerti
cuma bagaimana setting di http_access allownya itu?

misalkan :

acl situs_admin pop.gmail.com, smtp.gmail.com
acl situs_keuangan .klikbca.com
acl situs_sekretaris .google.com .yahoo.com .gmail.com

acl admin src 192.168.1.10
acl keuangan src 192.168.1.11
acl sekretaris src 192.168.1.12
acl boss src 192.168.1.100 #bos tidak ada batasan akses


User avatar
ninja
Contact:

Post 22 Mar 2010, 18:53

untuk menerapkan boleh apa tidak situs dari nama2 acl yang saya sebutkan diatas, bro souji bisa menggunakan http_access allow maupun http_access deny
contohnya:

http_access allow situs_diperbolehkan
http_access deny situs_subdomain
http_access deny file_zip
# ...dan seterusnya
http_access deny all


User avatar
newbe

Post 03 Apr 2010, 07:42

maaf, semua boleh nanya ga` ?

maksudnya :

delay_pools 2
delay_class 1 3
delay_parameters 1 32000/32000 8000/8000 250/250
delay_access 1 allow lan filegede
delay_access deny all
delay_class 2 2
delay_parameters 2 32000/32000 8000/8000
delay_access 2 allow all
delay_access 2 deny all

dalam pembatasan bandwidth maksudnya apa sih ?

terimakasih


User avatar
ninja
Contact:

Post 03 Apr 2010, 20:11

delay_pools >> opsi untuk menspesifikasi berapa jumlah pool yang akan digunakan untuk membatasi jumlah bandwith dari ACL.
delay_class 1 >> semua opsi dibatasi dengan single bucket, artinya hanya bisa mendefinisikan overall bandwidth untuk suatu ACL saja. tidak bisa mendefinisikan bandwidth dengan lebih mendetail.
delay_class 3 >> kelompok yang definisi bandwidthnya paling mendetail.
delay_parameter 1 32000/32000 8000/8000 250/250 >> opsi yang berfungsi menspesifikasikan rumus bandwidth yang akan didapatkan oleh ACL yang akan memasuki delay_pool.
angka 1 berarti rumus ini berlaku untuk pool 1, angka 32000/32000 berarti bandwidth yang didapatkan ACL setelah masuk ke pool ini, angka ini berda dalam kelipatan 8 bit...

CMIIW :)


User avatar
bulugading

Post 07 Apr 2010, 14:28

kulonuwun mo share scritp conf di tempat saya, kebetulan dak terlalu rumit2 amat, monggo disimak :

############ Policy Utk Jam Kerja ##############
acl FULL src "/usr/local/squid/access/.ip_super"
acl NOSEX url_regex -i "/usr/local/squid/access/.Bukan_***"
acl YESEX url_regex -i "/usr/local/squid/access/.Bener_***"
acl MSNDOMAINS dstdomain webmessenger.msn.com messenger.hotmail.com
acl MSNDOMAINS dstdomain messenger.net msn2go.com msnger.com iloveim.com
acl MSNDOMAINS dstdomain piglet-im.com wbmsn.com aimexpress.aol.com meebo.com person.com
acl MSNDOMAINS dstdomain toc.oscar.aol.com webaim.net go.icq.com talk.google.com
acl MSNMIME req_mime_type -i ^application/x-msn-messenger$
acl NODL urlpath_regex -i "/usr/local/squid/access/.Dilarang_Download"
acl GLOBALACCESS src "/usr/local/squid/access/.ip_userbiasa"
acl HTTPS_PORT port "/usr/local/squid/access/.ports"
acl B2BALLOW url_regex -i "/usr/local/squid/access/.B2B_url_allow"
acl B2BBLOCK url_regex -i "/usr/local/squid/access/.B2B_url_block"
acl B2BACCESS src "/usr/local/squid/access/.B2B_user"
acl BLOCK src "/usr/local/squid/access/.ip_block"
#####################################################

detail script ACL nya kalo berminat kabarin aja ....


User avatar
aleardho
Contact:

Post 08 Apr 2010, 12:44

aditya_prasetyo wrote:saya pake ini

#=========================== ACCESS CONTROLS ==================================
# http://www.oneminds.com admin:secondline08@gmail.com squid.conf rules
# -----------------------------------------------------------------------------
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT

# Ijinkan akses cachemgr hanya dari localhost
http_access allow manager localhost
http_access deny manager

# Ijinkan request purge hanya dari localhost
http_access allow purge localhost
http_access deny purge

# Deny request ke ports yang tidak dikenal
http_access deny !Safe_ports

# Deny CONNECT selain ke port SSL
http_access deny CONNECT !SSL_ports

# Ini adalah network LAN di kantor
acl jaringan_kantor src 192.168.1.0-192.168.1.50/24
acl jam_kerja time MTWH 08:00-12:00 # Senin s.d Kamis jam 08:00 s.d Jam 12:00
acl jam_kerja time F 08:00-11:30 # Jumat 08:00-11:30 WIB
acl jam_kerja time MTWHF 13:00-16:00 # Senin s.d Jumat jam 13:00 s.d 16:00

# memblock situs porno, kata porno, ip porno
acl "Kata Terlarang" dstdomain "/usr/local/etc/squid/porn.txt"
acl "Kata Terlarang" url_regex -i "/usr/local/etc/squid/pornword.txt
acl "Kata Terlarang" dst "/usr/local/etc/squid/pornip.txt
http_access deny "Kata Terlarang"

# memblock situs sesuai kebijakan kantor
acl rules_kantor dstdomain "/usr/local/etc/squid/ruleskantor.txt"
http_access deny rules_kantor

# manager dan boss
acl manager src 192.168.1.51 # manager keuangan
acl manager src 192.168.1.52 # manager marketing
acl manager src 192.168.1.210 # general manager
acl boss src 192.168.1.68 # si boss besar

# Buka akses internet untuk manager dan boss, tanpa batasan waktu
http_access allow manager
http_access allow boss

# Untuk karyawan lainnya, buka akses internet diluar jam kerja
http_access allow rules_kantor !jam_kerja
http_access allow jaringan_kantor
http_access allow localhost

# Dan akhirnya deny semua akses ke proxy ini
http_access deny all
icp_access deny all


# NETWORK OPTIONS
# -----------------------------------------------------------------------------

# Squid biasanya dijalankan di port 3128
http_port 3128


# DISK CACHE OPTIONS
# -----------------------------------------------------------------------------

# Saya alokasikan 2000 MB space harddisk
cache_dir ufs /var/spool/squid 2000 16 256


# LOGFILE OPTIONS
# -----------------------------------------------------------------------------
access_log /var/log/squid/access.log squid


# OPTIONS FOR TUNING THE CACHE
# -----------------------------------------------------------------------------
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320


# HTTP OPTIONS
# -----------------------------------------------------------------------------

# Apache mod_gzip and mod_deflate known to be broken so don't trust
# Apache to signal ETag correctly on such responses
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

# TAG: extension_methods
# Squid only knows about standardized HTTP request methods.
# You can add up to 20 additional "extension" methods here.
extension_methods REPORT MERGE MKACTIVITY CHECKOUT


# MISCELLANEOUS
# -----------------------------------------------------------------------------
coredump_dir /var/spool/squid
cache_mgr second.line08@gmail.com
visible_hostname proxy.tekun.com
Bro,, udah oke nih ane coba, tapi kok lambat ya??


User avatar
ninja
Contact:

Post 10 Apr 2010, 05:53

Bro,, udah oke nih ane coba, tapi kok lambat ya??
di share juga dunk isi file squid.conf nya...
hohoho... :D


User avatar
aleardho
Contact:

Post 12 Apr 2010, 09:50

TaxTixTux wrote:
di share juga dunk isi file squid.conf nya...
hohoho... :D


Isi squid.conf nya ngikutin yg punya bro aditya_prasetyo kok om. Cuma masih mau gabungin sama beberapa referensi dulu nih..


User avatar
bulugading

Post 12 Apr 2010, 10:26

ada yang punya info aplikasi penangkal situs2 mesum .. di squid .. gak ya ..?? sebangsa safeguard dll ... yang agak cakepan dikit ... yang bisa auto search ip or domain mesum ora kata-kata mesum dan bisa auto block ...??
===terimakasih sebelumnya===


User avatar
aleardho
Contact:

Post 12 Apr 2010, 10:57

bulugading wrote:ada yang punya info aplikasi penangkal situs2 mesum .. di squid .. gak ya ..?? sebangsa safeguard dll ... yang agak cakepan dikit ... yang bisa auto search ip or domain mesum ora kata-kata mesum dan bisa auto block ...??
===terimakasih sebelumnya===
Pernah denger sih tentang squidguard, tapi belum pernah implementasiin, coba deh main2 kesini , moga2 bisa bermanfaat..

Ditunggu sharenya ya om


User avatar
MasDjo
Contact:

Post 12 Apr 2010, 12:29

Saya juga pake squid+squidguard untuk blokir situs mesum. Untuk ubuntu bisa cek di Ubuntu SquidGuard dan daftar blacklist bisa diambil misalnya di Shallalist
Saya sendiri hanya menggunakan porn kategori, dari banyak kategori yg ada


User avatar
ninja
Contact:

Post 14 Apr 2010, 02:43

oyah mas Djo ada kategori yang berbahasa indonesia ndak?

bermanfaat banget neh bro...
buat menangkal penggerusan moral anak bangsa...
thanks infonya bro semua...


User avatar
snk
Contact:

Post 19 Apr 2010, 09:29

bulugading wrote:ada yang punya info aplikasi penangkal situs2 mesum .. di squid .. gak ya ..?? sebangsa safeguard dll ... yang agak cakepan dikit ... yang bisa auto search ip or domain mesum ora kata-kata mesum dan bisa auto block ...??
===terimakasih sebelumnya===
pakai dns nawala aja brow, ganti dns nya dengan 180.131.144.144 dan 180.131.145.145 atau bisa juga pakai open dns
klo user masih nakal dan ngerti caranya ganti dns sendiri, tambahin rule ini di iptables nya:
#iptables -t nat -A PREROUTING -p tcp -m tcp --dport 53 -j DNAT --to-destination 180.131.144.144:53
#iptables -t nat -A PREROUTING -p udp -m udp --dport 53 -j DNAT --to-destination 180.131.144.144:53
#iptables-save

dijamin pake dns apapun pasti larinya ke dns nawala.


User avatar
bulugading

Post 20 Apr 2010, 21:51

aleardho wrote:
bulugading wrote:ada yang punya info aplikasi penangkal situs2 mesum .. di squid .. gak ya ..?? sebangsa safeguard dll ... yang agak cakepan dikit ... yang bisa auto search ip or domain mesum ora kata-kata mesum dan bisa auto block ...??
===terimakasih sebelumnya===
Pernah denger sih tentang squidguard, tapi belum pernah implementasiin, coba deh main2 kesini , moga2 bisa bermanfaat..

Ditunggu sharenya ya om
snk wrote:pakai dns nawala aja brow, ganti dns nya dengan 180.131.144.144 dan 180.131.145.145 atau bisa juga pakai open dns
klo user masih nakal dan ngerti caranya ganti dns sendiri, tambahin rule ini di iptables nya:
#iptables -t nat -A PREROUTING -p tcp -m tcp --dport 53 -j DNAT --to-destination 180.131.144.144:53
#iptables -t nat -A PREROUTING -p udp -m udp --dport 53 -j DNAT --to-destination 180.131.144.144:53
#iptables-save

dijamin pake dns apapun pasti larinya ke dns nawala.
Ok tengkyu banyak Broe, tar tak R&D dech ...

"salam hangat"


User avatar
adolf
Contact:

Post 04 May 2010, 11:04

bro cara setting open dns gmn seh??


User avatar
Rh354

Post 05 May 2010, 10:09

klo mo tau daleman squid gw ada nich guidenya :D panduan wajib klo mo mengerti squid :D coba aja di cek :D

Code: Select all

http://filekita.com/dr1kp2fpjnh2.html
nah ini squid yg gw pake :D (sendiri sich)
###########################################
# HIGH PERFORMANCE SQUID 2.7
# Config date : 21 April 2010
###########################################

# ACCESS CONTROLS
# -----------------------------------------------------------------------------

acl QUERY urlpath_regex -i cgi-bin \? \.php$ \.asp$ \.shtml$ \.cfm$ \.cfml$ \.phtml$ \.php3$ localhost
acl localnet src 10.0.0.0/8
acl localnet src 172.16.0.0/12
acl localnet src 192.168.0.0/16
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/32
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 81 3128 1025-65535
acl sslports port 443 563 81
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl malware url_regex -i "/etc/squid/malware_block.txt"

http_access deny malware
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports
http_access allow localhost
http_access allow localnet
http_access deny all

# NETWORK OPTIONS
# -----------------------------------------------------------------------------
http_port 3128 transparent
#zph_mode tos
#zph_local 0x30
#zph_parent 0
#zph_option 136
#htcp_port 4827

icp_port 0
icp_access deny all
#icp_port 3130

# OPTIONS WHICH AFFECT THE CACHE SIZE
# -----------------------------------------------------------------------------

#cache_mem 96 MB
cache_mem 8 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir aufs /cache 4000 10 256
maximum_object_size 128000 KB
cache_swap_low 90
cache_swap_high 95
update_headers off

# LOGFILE PATHNAMES AND CACHE DIRECTORIES
# -----------------------------------------------------------------------------

access_log /cache/access.log
#access_log none
cache_log /cache/cache.log
#cache_log none
cache_store_log none
logfile_rotate 5
log_ip_on_direct off
log_icp_queries off
buffered_logs off
netdb_filename none
client_db off
#pid_filename /var/run/squid.pid

# OPTIONS FOR TUNING THE CACHE
# -----------------------------------------------------------------------------

cache deny QUERY
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i \.(gif|png|jp?g|ico|bmp|tiff?)$ 10080 95% 43200 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
refresh_pattern -i \.(rpm|cab|deb|exe|msi|msu|zip|tar|gz|tgz|rar|bin|7z|doc?|xls?|ppt?|pdf|nth|psd|sis)$ 10080 90% 43200 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
refresh_pattern -i \.(avi|iso|wav|mid|mp?|mpeg|mov|3gp|wm?|swf|flv|x-flv|axd)$ 43200 95% 432000 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
refresh_pattern -i \.(html|htm|css|js)$ 1440 75% 40320
refresh_pattern -i \.index.(html|htm)$ 0 75% 10080
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 1440 90% 10080

quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 98
store_avg_object_size 13 KB

# HTTP OPTIONS
# -----------------------------------------------------------------------------

server_http11 on
collapsed_forwarding on
vary_ignore_expire on
header_access From deny all
header_access Server deny all
header_access Link deny all
header_access Via deny all
header_access X-Forwarded-For deny all

# TIMEOUTS
# -----------------------------------------------------------------------------

forward_timeout 240 second
connect_timeout 30 second
peer_connect_timeout 5 second
read_timeout 600 second
request_timeout 60 second
persistent_request_timeout 60 second
client_lifetime 86400 second
half_closed_clients off
pconn_timeout 60 second
shutdown_lifetime 10 second

# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------

cache_mgr Rh354
cache_effective_user proxy
cache_effective_group proxy
httpd_suppress_version_string on
visible_hostname Rh354

# ADVANCED NETWORKING OPTIONS
# -----------------------------------------------------------------------------

max_filedescriptors 8192

# DNS OPTIONS
# -----------------------------------------------------------------------------

check_hostnames off
dns_timeout 10 seconds
#DNS NAWALA
#dns_nameservers 180.131.144.144
#dns_nameservers 180.131.144.145
hosts_file /etc/hosts
ipcache_size 8192
ipcache_low 90
ipcache_high 95

# MISCELLANEOUS
# -----------------------------------------------------------------------------

memory_pools off
forwarded_for on
reload_into_ims on
coredump_dir /cache
pipeline_prefetch on
offline_mode off

###### END CONFIGURATION ###########
tuk malware block gw ambil dari sini

Code: Select all

http://www.malwarepatrol.net/lists.shtml
pengalaman gw settingan squid di warnet dgn pengaturan domain tertentu justru ga' efektif...klo mo hit sangar y dicoba aja settingan diatas :D
jgn lupa di optimalkan kernelnya..klo yg untuk server bs make ini
# Locate /etc/sysctl.conf
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.

#max openfiles
fs.file-max = 65536

#Minimalis use swap disk
vm.drop_caches = 3
vm.swappiness = 3

#kernel.shmall = 2097152
#kernel.shmmax = 2147483648
#kernel.shmmni = 4096
#kernel.sem = 250 32000 100 128

net.ipv4.ip_local_port_range = 1024 65000
net.core.rmem_default = 262144
net.core.rmem_max = 262144
net.core.wmem_default = 262144
net.core.wmem_max = 262144
net.ipv4.tcp_low_latency = 1
net.core.netdev_max_backlog = 4000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_mem = 786432 1048576 1572864
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 65536 4194304
#net.ipv4.tcp_rmem = 4096 87380 8388608
#net.ipv4.tcp_wmem = 4096 65536 8388608
net.core.wmem_max = 8388608
net.core.rmem_max = 8388608
net.ipv4.tcp_tw_recycle = 1

# Controls IP packet forwarding
net.ipv4.ip_forward = 1

# Controls source route verification
net.ipv4.conf.default.rp_filter = 1

# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0

# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename
# Useful for debugging multi-threaded applications
kernel.core_uses_pid = 1

# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1

# Controls the maximum size of a message, in bytes
kernel.msgmnb = 65536

# Controls the default maxmimum size of a mesage queue
kernel.msgmax = 65536

# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736

# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296
klo gw pake optimalkan kernel yg ini (cos bukan server)
# Locate /etc/sysctl.conf
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.


# If you have 512MB RAM or more
kernel.sem = 250 32000 100 128
kernel.shmall = 2097152
kernel.shmmax = 2147483648
kernel.shmmni = 4096
fs.file-max = 100000
vm.swappiness = 0
vm.vfs_cache_pressure = 50

# If you have a fast broadband
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.tcp_moderate_rcvbuf = 1

# If you have a Wifi (such as IEEE 802.11 a/b/g) or a 3.5G modem
net.core.rmem_default = 524288
net.core.rmem_max = 524288
net.core.wmem_default = 524288
net.core.wmem_max = 524288
net.ipv4.tcp_wmem = 4096 87380 524288
net.ipv4.tcp_rmem = 4096 87380 524288
net.ipv4.tcp_mem = 524288 524288 524288
net.ipv4.tcp_rfc1337 = 1
net.ipv4.ip_no_pmtu_disc = 0
net.ipv4.tcp_sack = 1
net.ipv4.tcp_fack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_ecn = 0
net.ipv4.route.flush = 1

# If you want to Prevent SYN attack
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_synack_retries = 2

# Prevent some spoofing attacks
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1

# If you want to Disables packet forwarding
net.ipv4.ip_forward=0
klo udah di sysctl -p lewat terminal

trus di fstab dibuat noatime klo ext4 tp klo make reiserfs dibuat noatime,notail tuk partisi cachenya...

lebih baik buatkan partisi baru untuk cachenya agar hasilnya optimal :D log jgn taruh di /var/log mending ikut di partisi cache aja :D


User avatar
suryayusra
Contact:

Post 05 May 2010, 18:05

ini konfigurasi squid.conf kampus ane :D
klo suka tinggal copy paste aja di squid.conf punya ente

:D


http_port 8080 transparent
#httpd_accel_host virtual
#httpd_accel_port 80
#httpd_accel_with_proxy on
#httpd_accel_uses_host_header on
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
cache_mem 512 MB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /var/spool/squid 20000 128 256
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
#dns_nameservers 192.168.10.1 4.2.2.2
dns_nameservers 10.237.4.3 10.237.2.2
hosts_file /etc/hosts
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl nocache-domain dstdomain .mail.yahoo.com .login.yahoo.com .gmail.com
no_cache deny nocache-domain
always_direct allow nocache-domain

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
#acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl Safe_ports port 5060 #Xlite
acl Safe_ports port 3478 #Xlite
acl Safe_ports port 8000 #Xlite

acl purge method PURGE
acl CONNECT method CONNECT
acl our_networks src 10.237.3.83/32 10.237.3.47/32 10.237.3.229/32 10.237.3.111/32 10.237.3.123/32 172.168.0.0/16 10.237.6.2/32
#acl blacklist url_regex -i ./etc/squid/blok-situs
acl PornSites url_regex -i "/etc/squid/blok-situs"
#acl user12kbps src 192.168.1.0/255.255.255.0
acl workinghour time MTWHFA 06:00-23:50
http_access allow purge localhost
http_access deny purge
http_access allow !Safe_ports
http_access allow CONNECT !SSL_ports
http_access deny PornSites
http_access allow localhost
http_access allow our_networks
http_access deny all
icp_access allow all
visible_hostname proxyB.binadarma.ac.id
acl magic_words1 url_regex -i binadarma.ac.id yahoo.com microsoft.com NIIT.com
acl magic_words2 url_regex -i ftp .exe .mp3 .vqf .tar .gz .rpm .zip .rar .avi .mpeg .mpe .mpg .gt .rm .ram .iso .raw .wav .bin .3gp
delay_pools 2
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_access 1 allow magic_words1
#delay_access 1 deny all
delay_class 2 2
delay_parameters 2 5000/150000 5000/120000
delay_access 2 allow magic_words2
#always_direct allow all
#follow_x_forwarded_for allow localhost


User avatar
adolf
Contact:

Post 08 May 2010, 09:28

oke bro,,semuanya,, thanks infonya
bro sy mw tanya lg neh,,
kalo settingan squid pengen di pakein authentikasi untuk client
gmn seh bro?pk LDAP atau YP atau SMB atau PAM,,tp ane pengnennya mempelajari pake LDAP bro
tolong di bantu ya bro,,, maaf kalo menyipmang dari topik pertanyaannya


User avatar
Rh354

Post 08 May 2010, 11:33

adolf wrote:oke bro,,semuanya,, thanks infonya
bro sy mw tanya lg neh,,
kalo settingan squid pengen di pakein authentikasi untuk client
gmn seh bro?pk LDAP atau YP atau SMB atau PAM,,tp ane pengnennya mempelajari pake LDAP bro
tolong di bantu ya bro,,, maaf kalo menyipmang dari topik pertanyaannya
yg ginikah mksdnya

Code: Select all

http://ubuntu-indonesia.com/forums/ubbthreads.php/topics/19017/authentication_proxy#Post19017


User avatar
anto_digit

Post 10 May 2010, 11:25

Ikut nyambung mengenai squidguard.
saya menggunakan menggunakan modifikasi dari squid yaitu Lusca head + squidGuard.
Di squidguard selain memblok url dan ip 2 dari situs tdk baik, juga menggunakannya utk "memaksa search engine" untuk mengaktifkan fitur "safe search". sehingga mereka tdk akan menampilkan hasil2 pencarian (teks, gambar dan video) yg ada hubungannya dng situs2 dewasa.

Berikut ini potongan dari konfigurasinya :
rew safesearch {
s@safe=images@safe=strict@ir
s@safe=off@safe=strict@ir
s@(.*.google..*)(/imghp\?&hl)@imghp?&safe=strict&hl@ir
s@(.*.google..*)(.safe.off)@images?&safe=strict&@ir
s@(.*.google..*)(/images\?tab)@images?&safe=strict&tab@ir
s@(.*.google..*)(/images\?q)@images?&safe=strict&q@ir
s@(.*.google..*)(/images\?as_q)@images?&safe=strict&as_q@ir
s@(.*.google..*)(/images\?hl)@images?&safe=strict&hl@ir
s@(.*.google..*)(/search\?hl)@search?&safe=strict&hl@ir
s@(.*.google..*)(/search\?as_q)@search?&safe=strict&as_q@ir
s@(.*.google..*)(/news\?t)@news?&safe=strict&t@ir
s@(.*.google..*)(/news\?hl)@news?&safe=strict&h1@ir
s@(search\.yahoo\..*/search.*p=.*)@\1\&vm=r@i
s@(search\.live\..*/.*q=.*)@\1\&adlt=strict@i
s@(search\.msn\..*/.*q=.*)@\1\&adlt=strict@i
s@(.*.bing..*)(/search\?q)@search?&adlt=strict&q@ir

log block.log
}

# pada acl, tambahkan
acl {

default {
pass !blk_BL_adv !blk_BL_aggressive !blk_BL_drugs !blk_BL_gamble !blk_BL_hacking !blk_BL_porn !blk_BL_***_lingerie !blk_BL_spyware !blk_BL_violence all
redirect http://...
rewrite safesearch
log block.log
}
}


User avatar
sipelaut
Contact:

Post 12 May 2010, 21:59

Rh354 wrote:
lebih baik buatkan partisi baru untuk cachenya agar hasilnya optimal :D log jgn taruh di /var/log mending ikut di partisi cache aja :D
maksudnya gimana broo...
gak ngerti nichh????
apa semuanya dijadiin satu folder, misalkan folder "/var"
termasuk access log dan cache log nya


User avatar
sipelaut
Contact:

Post 16 May 2010, 11:38

squidKu nichh mohon dikoreksi yaa...

=====
http_port 192.168.10.1:3128 transparent
icp_port 0
udp_incoming_address 0.0.0.0
udp_outgoing_address 255.255.255.255
icp_query_timeout 0
hierarchy_stoplist cgi-bin ? 192.168.10.1
acl QUERY urlpath_regex cgi-bin \? 192.168.10.1
redirect_program /usr/bin/adzapper.wrapper
no_cache deny QUERY
cache_mem 1000 MB
cache_swap_low 80%
cache_swap_high 85%
maximum_object_size 1024 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 2 MB
#ipcache_size 4096
#ipcache_low 98
#ipcache_high 99
#fqdncache_size 4096
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
cache_dir ufs /var/spool/squid 10000 16 256
cache_dir ufs /var/spool/squid1 10000 16 256
cache_dir ufs /var/spool/squid2 10000 16 256
cache_dir ufs /var/spool/squid3 10000 16 256
cache_dir ufs /var/spool/squid4 10000 16 64
cache_dir ufs /var/spool/squid5 10000 16 64
cache_dir ufs /var/spool/squid6 10000 16 64
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
emulate_httpd_log off
log_ip_on_direct on
client_netmask 255.255.255.255
#refresh_pattern -i \.(css|htm|html|rm|txt|zip|mpeg|mpg|gz|bz2|com|exe|gif|ico|jpg|png|flv|swf|mp3|mp4|svg|pdf|html)$ 604800 0% 604800 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private ignore-auth
refresh_pattern -i .(class|css|js|gif|jpg)$ 10080 100% 43200 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .(jpe|jpeg|png|bmp|tif)$ 10080 100% 43200 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .(tiff|mov|avi|qt|mpeg)$ 10080 100% 43200 override-expire
refresh_pattern -i .(mpg|mpe|wav|au|mid)$ 10080 100% 43200 override-expire
refresh_pattern -i .(zip|gz|arj|lha|lzh)$ 10080 100% 43200 override-expire
refresh_pattern -i .(rar|tgz|tar|exe|bin)$ 10080 100% 43200 override-expire
refresh_pattern -i .(hqx|pdf|rtf|doc|swf)$ 10080 100% 43200 override-expire
refresh_pattern -i .(inc|cab|ad|txt|dll)$ 10080 100% 43200 override-expire
refresh_pattern -i .(asp|acgi|pl|shtml|php3|php)$ 10080 100% 4320 override-expire override-lastmod reload-into-ims
refresh_pattern -i .facebook.com$ 604800 100% 604800 override-expire override-lastmod reload-into-ims
refresh_pattern -i .google.com$ 604800 100% 604800 override-expire override-lastmod reload-into-ims
refresh_pattern -i .mail.google.com$ 604800 100% 604800 override-expire override-lastmod reload-into-ims ignore-reload
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl localnet src 192.168.10.2-20/255.255.255.255
acl porn url_regex "/etc/squid/acl/pornurl.txt"
acl noporn url_regex "/etc/squid/acl/noporn.txt"
acl keywordblok url_regex -i "/etc/squid/acl/porn.txt"
acl ip-porn dst "/etc/squid/acl/ip-porn.txt"
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow CONNECT SSL_ports
http_access allow manager localhost
http_access allow noporn all
http_access deny porn all
http_access deny ip-porn all
http_access deny keywordblok all
http_access deny manager
http_access deny !Safe_ports
http_access deny to_localhost
http_access allow localnet
http_access allow localhost
http_access deny all
http_reply_access allow all
cache_mgr muammalhamidy@gmail.com
visible_hostname ubuntu.komandan.net.id
unique_hostname KOMANDANSIPELAUT
hostname_aliases
========


User avatar
suryayusra
Contact:

Post 17 May 2010, 10:13

ini :D squid.conf di kantor ane


http_port 8080 transparent
#httpd_accel_host virtual
#httpd_accel_port 80
#httpd_accel_with_proxy on
#httpd_accel_uses_host_header on
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
cache_mem 512 MB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /var/spool/squid 20000 128 256
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
#dns_nameservers 192.168.10.1 4.2.2.2
dns_nameservers 10.237.4.3 10.237.2.2
hosts_file /etc/hosts
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl nocache-domain dstdomain .mail.yahoo.com .login.yahoo.com .gmail.com
no_cache deny nocache-domain
always_direct allow nocache-domain

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
#acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl Safe_ports port 5060 #Xlite
acl Safe_ports port 3478 #Xlite
acl Safe_ports port 8000 #Xlite

acl purge method PURGE
acl CONNECT method CONNECT
acl our_networks src 10.237.3.83/32 10.237.3.47/32 10.237.3.229/32 10.237.3.111/32 10.237.3.123/32 172.168.0.0/16 10.237.6.2/32
#acl blacklist url_regex -i ./etc/squid/blok-situs
acl PornSites url_regex -i "/etc/squid/blok-situs"
#acl user12kbps src 192.168.1.0/255.255.255.0
acl workinghour time MTWHFA 06:00-23:50
http_access allow purge localhost
http_access deny purge
http_access allow !Safe_ports
http_access allow CONNECT !SSL_ports
http_access deny PornSites
http_access allow localhost
http_access allow our_networks
http_access deny all
icp_access allow all
visible_hostname proxyB.binadarma.ac.id
acl magic_words1 url_regex -i binadarma.ac.id yahoo.com microsoft.com NIIT.com
acl magic_words2 url_regex -i ftp .exe .mp3 .vqf .tar .gz .rpm .zip .rar .avi .mpeg .mpe .mpg .gt .rm .ram .iso .raw .wav .bin .3gp
delay_pools 2
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_access 1 allow magic_words1
#delay_access 1 deny all
delay_class 2 2
delay_parameters 2 5000/150000 5000/120000
delay_access 2 allow magic_words2
#always_direct allow all
#follow_x_forwarded_for allow localhost


User avatar
Rh354

Post 19 May 2010, 13:35

sipelaut wrote:
Rh354 wrote:
lebih baik buatkan partisi baru untuk cachenya agar hasilnya optimal :D log jgn taruh di /var/log mending ikut di partisi cache aja :D
maksudnya gimana broo...
gak ngerti nichh????
apa semuanya dijadiin satu folder, misalkan folder "/var"
termasuk access log dan cache log nya
buatkan partisi khusus buat cache squid contoh di gw gw buatin khusus /cache sebesar pemakaian cache dir klo di gw 6Gb(buat pemakaian pribadi soalnya)

iya trus log2 bs ditaruh di partisi /cache..tp klo gw cm cache.log yg gw aktifkan...klo dah diyakin ga' ada error malah gw matikan jg :D

barusan gw selese compile squid 3.1.3 di karmic :D kemaren dah pernah jg di lucid :D


User avatar
anto_digit

Post 19 May 2010, 22:18

wah jangan-jangan ga blm tahu partisi ? maaf ya ..


User avatar
zitux
Contact:

Post 20 May 2010, 04:34

Rh354 wrote:
sipelaut wrote:
Rh354 wrote:
lebih baik buatkan partisi baru untuk cachenya agar hasilnya optimal :D log jgn taruh di /var/log mending ikut di partisi cache aja :D
maksudnya gimana broo...
gak ngerti nichh????
apa semuanya dijadiin satu folder, misalkan folder "/var"
termasuk access log dan cache log nya
buatkan partisi khusus buat cache squid contoh di gw gw buatin khusus /cache sebesar pemakaian cache dir klo di gw 6Gb(buat pemakaian pribadi soalnya)

iya trus log2 bs ditaruh di partisi /cache..tp klo gw cm cache.log yg gw aktifkan...klo dah diyakin ga' ada error malah gw matikan jg :D

barusan gw selese compile squid 3.1.3 di karmic :D kemaren dah pernah jg di lucid :D
apakah ini maksutnya untuk simpan history,gambar dll dll dihardisk sehingga waktu brosing yg kedua atau selanjutnya tidak perlu meload gambar yg sama ?

trus fungsi squid versi indonesia simple itu gimana ya supaya nubie2 sini bisa ikut nimburg

tq...


User avatar
agus_newbie

Post 21 May 2010, 11:15

saya pakai squid+squidGuard untuk blok situs xxx! semuanya udah jalan, situs" xxx udah bisa ke blok!!tapi saya pingin situs yang ke blok klo malam jam 21:00 - 06:00 itu g ke blok (loss), dan sebalinyak jam 06:00 - 21:00 situs xxx keblok,,saya udah bikin acl_time tp knp g mau jalan y


User avatar
agus_newbie

Post 21 May 2010, 11:34

gmn sih cara path squidGuard n fungsiya path untuk pa,maksih


User avatar
zitux
Contact:

Post 21 May 2010, 17:32

agus_newbie wrote:saya pakai squid+squidGuard untuk blok situs xxx! semuanya udah jalan, situs" xxx udah bisa ke blok!!tapi saya pingin situs yang ke blok klo malam jam 21:00 - 06:00 itu g ke blok (loss), dan sebalinyak jam 06:00 - 21:00 situs xxx keblok,,saya udah bikin acl_time tp knp g mau jalan y
pake contrap bisa ndak ya ? :grin:


User avatar
Rh354

Post 22 May 2010, 14:01

zitux wrote:
Rh354 wrote:
sipelaut wrote:
maksudnya gimana broo...
gak ngerti nichh????
apa semuanya dijadiin satu folder, misalkan folder "/var"
termasuk access log dan cache log nya
buatkan partisi khusus buat cache squid contoh di gw gw buatin khusus /cache sebesar pemakaian cache dir klo di gw 6Gb(buat pemakaian pribadi soalnya)

iya trus log2 bs ditaruh di partisi /cache..tp klo gw cm cache.log yg gw aktifkan...klo dah diyakin ga' ada error malah gw matikan jg :D

barusan gw selese compile squid 3.1.3 di karmic :D kemaren dah pernah jg di lucid :D

apakah ini maksutnya untuk simpan history,gambar dll dll dihardisk sehingga waktu brosing yg kedua atau selanjutnya tidak perlu meload gambar yg sama ?

trus fungsi squid versi indonesia simple itu gimana ya supaya nubie2 sini bisa ikut nimburg

tq...
yg di taro di partisi cache squid itu cm log2 squid aja bro..coba cek settingan gw...ni br selese compile lusca :D

yg gw bold sebaiknya pelajari dl fungsi squid bro

ini gw copas dari website gw sebagian

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. It runs on most available operating systems, including Windows and is licensed under the GNU GPL.

Yang perlu ditekankan disini, squid bukanlah sarana untuk menambah/mempercepat koneksi internet. Karena sesungguhnya perasaan lebih cepat itu karena object-object yang diambil dari local-cache :grin: Jadi penggunaan squid ini lebih ke arah penghematan bandwidth :D

Squid dapat diperoleh dan dipergunakan secara gratis, tapi membutuhkan tuning untuk menjadikannya bekerja secara maksimal.

lsg cek dimari y bro

http://rhesa.itvps.org/node/71

puanjang...


User avatar
munux
Contact:

Post 01 Jun 2010, 17:53

ni yg aku punya utk blok pornografi....hehe..
[root@munawir ~]# vi /etc/squid/squid.conf
http_port 3128 transparent
icp_port 0
cache_mem 64 MB
maximum_object_size 256 KB
maximum_object_size_in_memory 4 KB
cache_dir ufs /var/spool/squid 5000 16 256
memory_pools_limit 32 MB
redirect_rewrites_host_header off

#replacement_policy GDSF
half_closed_clients off
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
emulate_httpd_log on
log_ip_on_direct on
#-------------------------------------------
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl lan src 192.168.1.0/255.255.255.0
acl Safe_ports port 80 443 210 119 563 70 21 1025-65535
acl porno url_regex -i "/etc/squid/porno.txt"
acl CONNECT method CONNECT

http_access deny porno
http_access allow lan
http_access allow localhost
#http_access deny porno
http_access deny !Safe_ports
http_access deny CONNECT
http_access deny all

#---------------- administration info ------------

cache_mgr munawir
cache_effective_user squid
cache_effective_group squid
visible_hostname bpde
log_icp_queries off
cachemgr_passwd mypassword all
forwarded_for off
#red_logs on
"/etc/squid/squid.conf" 40L, 1126C


User avatar
suryayusra
Contact:

Post 01 Jun 2010, 19:14

perbandingan SQUID menggunakan LRU dan LFUDA apa y ???


User avatar
Rh354

Post 01 Jun 2010, 20:38

suryayusra wrote:perbandingan SQUID menggunakan LRU dan LFUDA apa y ???
http://www.squid-cache.org/Doc/config/c ... nt_policy/

http://www.visolve.com/squid/squid24s1/cache_size.php


User avatar
danz0

Post 21 Sep 2010, 10:20

kalo untuk ngeblok url tertentu si saya uda lihat banyak contohnya :D
tapi kalo untuk "hanya memperbolehkan" domain/url tertentu gmn ya?
bisa kasi contoh?


User avatar
justkrisma
Contact:

Post 22 Sep 2010, 14:56

Untuk agus, it's work on me..dimana pada saat jam 6-21 situs yang diblok (Block URL) ketutup sedangkan diluar itu free akses..

acl officehour1 time 06:00-21:00
acl BlockURL url_regex -i "/etc/squid/BlockURL"
http_access deny BlockClient officehour1 BlockURL


Smoga bisa membantu..


Cheers ;)


User avatar
rizaaal
Contact:

Post 16 Feb 2012, 21:04

alhamdulillah nemu trit ini, sangat bermanfaat sekali. :D

oiya, mohon bimbingannya dong saya lagi disuruh sekolah bikin web caching proxy. ada squid.conf nya yang manteb enggak? :D


User avatar
januaryananda

Post 17 Feb 2012, 08:41

dari deskripsi konfigurasi master diatas, kalau untuk yang ini

http_access allow manager
http_access allow boss

diisi apa yah master??


User avatar
abu_unaisah

Post 17 Feb 2012, 08:50

januaryananda wrote:dari deskripsi konfigurasi master diatas, kalau untuk yang ini

http_access allow manager
http_access allow boss

diisi apa yah master??
squid-nya mau dipake buat apa?


User avatar
rizaaal
Contact:

Post 17 Feb 2012, 11:25

mohon pencerahannya dong mastah mastah ubuntu server :D

saya punya topologi kayak gini

router + proxy(debian)-----hub-----client

terus saya udah siapin satu partisi namanya /cache1 dengan ukuran 20gb.

kira-kira pake yang mana ya squid.conf nya? udah nyoba beberapa dari trit ini malah squid nya kagak jalan.

root@router:/home/rizal/data# squid -z
2012/02/17 18:23:31| Creating Swap Directories
root@router:/home/rizal/data# squid -k reconfigure
squid: ERROR: Could not send signal 1 to process 1690: (3) No such process
root@router:/home/rizal/data# /etc/init.d/squid restart
Restarting Squid HTTP proxy: squid.

Yang jadi pertanyaan saya :

1. network address client saya adalah 192.168.0.0/24, nah perintah routing kayak gini bener apa enggak? soalnya setelah dimasukin perintah itu internetnya malah enggak jalan.

Code: Select all

iptables -A PREROUTING -t nat -j REDIRECT -p tcp -s 192.168.0.0/24 -d 0/0 --dport 80 --to-ports 3128
2. mohon dikoreksi squid.conf nya kalo ada yang salah

[spoiler]###########################################
# HIGH PERFORMANCE SQUID 2.7
# Config date : 21 April 2010
###########################################

# ACCESS CONTROLS
# -----------------------------------------------------------------------------

acl QUERY urlpath_regex -i cgi-bin \? \.php$ \.asp$ \.shtml$ \.cfm$ \.cfml$ \.phtml$ \.php3$ localhost
acl localnet src 10.0.0.0/8
acl localnet src 172.16.0.0/12
acl localnet src 192.168.0.0/16
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/32
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 81 3128 1025-65535
acl sslports port 443 563 81
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl porno url_regex -i "/etc/squid/porno.txt"

http_access deny porno
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports
http_access allow localhost
http_access allow localnet
http_access deny all

# NETWORK OPTIONS
# -----------------------------------------------------------------------------
http_port 3128 transparent
#zph_mode tos
#zph_local 0x30
#zph_parent 0
#zph_option 136
#htcp_port 4827

icp_port 0
icp_access deny all
#icp_port 3130

# OPTIONS WHICH AFFECT THE CACHE SIZE
# -----------------------------------------------------------------------------

#cache_mem 96 MB
cache_mem 8 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir aufs /cache1 20000 40 256
maximum_object_size 128000 KB
cache_swap_low 90
cache_swap_high 95
update_headers off

# LOGFILE PATHNAMES AND CACHE DIRECTORIES
# -----------------------------------------------------------------------------

access_log /cache/access.log
#access_log none
cache_log /cache/cache.log
#cache_log none
cache_store_log none
logfile_rotate 5
log_ip_on_direct off
log_icp_queries off
buffered_logs off
netdb_filename none
client_db off
#pid_filename /var/run/squid.pid

# OPTIONS FOR TUNING THE CACHE
# -----------------------------------------------------------------------------

cache deny QUERY
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i \.(gif|png|jp?g|ico|bmp|tiff?)$ 10080 95% 43200 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
refresh_pattern -i \.(rpm|cab|deb|exe|msi|msu|zip|tar|gz|tgz|rar|bin|7z|doc?|xls?|ppt?|pdf|nth|psd|sis)$ 10080 90% 43200 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
refresh_pattern -i \.(avi|iso|wav|mid|mp?|mpeg|mov|3gp|wm?|swf|flv|x-flv|axd)$ 43200 95% 432000 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
refresh_pattern -i \.(html|htm|css|js)$ 1440 75% 40320
refresh_pattern -i \.index.(html|htm)$ 0 75% 10080
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 1440 90% 10080

quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 98
store_avg_object_size 13 KB

# HTTP OPTIONS
# -----------------------------------------------------------------------------

server_http11 on
collapsed_forwarding on
vary_ignore_expire on
header_access From deny all
header_access Server deny all
header_access Link deny all
header_access Via deny all
header_access X-Forwarded-For deny all

# TIMEOUTS
# -----------------------------------------------------------------------------

forward_timeout 240 second
connect_timeout 30 second
peer_connect_timeout 5 second
read_timeout 600 second
request_timeout 60 second
persistent_request_timeout 60 second
client_lifetime 86400 second
half_closed_clients off
pconn_timeout 60 second
shutdown_lifetime 10 second

# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------

cache_mgr Rh354
cache_effective_user proxy
cache_effective_group proxy
httpd_suppress_version_string on
visible_hostname Rh354

# ADVANCED NETWORKING OPTIONS
# -----------------------------------------------------------------------------

max_filedescriptors 8192

# DNS OPTIONS
# -----------------------------------------------------------------------------

check_hostnames off
dns_timeout 10 seconds
#DNS NAWALA
#dns_nameservers 180.131.144.144
#dns_nameservers 180.131.144.145
hosts_file /etc/hosts
ipcache_size 8192
ipcache_low 90
ipcache_high 95

# MISCELLANEOUS
# -----------------------------------------------------------------------------

memory_pools off
forwarded_for on
reload_into_ims on
coredump_dir /cache
pipeline_prefetch on
offline_mode off

###### END CONFIGURATION ###########[/spoiler]

3. saya baca-baca katanya ada yang suruh edit fstab fstab gitu. caranya gimana ya?

4. untuk permission partisi cache1 nya apakah sudah bener kalo kayak gini? waktu melakukan perintah itu ga muncul pesan error soalnya

Code: Select all

chown -R proxy.proxy /cache1
chmod -R 777 /cache1
5. untuk mengecek squid cachenya sudah jalan atau tidak nya gimana ya?
Last edited by rizaaal on 27 Feb 2016, 14:25, edited 1 time in total.
Reason: salah topologi


User avatar
rizaaal
Contact:

Post 18 Feb 2012, 19:13

masih belum solved nih masalah ku :(


User avatar
JonCunKring

Post 19 Feb 2012, 10:01

second_line08 wrote:saya pake ini

#=========================== ACCESS CONTROLS ==================================
# http://www.oneminds.com admin:secondline08@gmail.com squid.conf rules
# -----------------------------------------------------------------------------
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT

# Ijinkan akses cachemgr hanya dari localhost
http_access allow manager localhost
http_access deny manager

# Ijinkan request purge hanya dari localhost
http_access allow purge localhost
http_access deny purge

# Deny request ke ports yang tidak dikenal
http_access deny !Safe_ports

# Deny CONNECT selain ke port SSL
http_access deny CONNECT !SSL_ports

# Ini adalah network LAN di kantor
acl jaringan_kantor src 192.168.1.0-192.168.1.50/24
acl jam_kerja time MTWH 08:00-12:00 # Senin s.d Kamis jam 08:00 s.d Jam 12:00
acl jam_kerja time F 08:00-11:30 # Jumat 08:00-11:30 WIB
acl jam_kerja time MTWHF 13:00-16:00 # Senin s.d Jumat jam 13:00 s.d 16:00

# memblock situs porno, kata porno, ip porno
acl "Kata Terlarang" dstdomain "/usr/local/etc/squid/porn.txt"
acl "Kata Terlarang" url_regex -i "/usr/local/etc/squid/pornword.txt
acl "Kata Terlarang" dst "/usr/local/etc/squid/pornip.txt
http_access deny "Kata Terlarang"

# memblock situs sesuai kebijakan kantor
acl rules_kantor dstdomain "/usr/local/etc/squid/ruleskantor.txt"
http_access deny rules_kantor

# manager dan boss
acl manager src 192.168.1.51 # manager keuangan
acl manager src 192.168.1.52 # manager marketing
acl manager src 192.168.1.210 # general manager
acl boss src 192.168.1.68 # si boss besar

# Buka akses internet untuk manager dan boss, tanpa batasan waktu
http_access allow manager
http_access allow boss

# Untuk karyawan lainnya, buka akses internet diluar jam kerja
http_access allow rules_kantor !jam_kerja
http_access allow jaringan_kantor
http_access allow localhost

# Dan akhirnya deny semua akses ke proxy ini
http_access deny all
icp_access deny all


# NETWORK OPTIONS
# -----------------------------------------------------------------------------

# Squid biasanya dijalankan di port 3128
http_port 3128


# DISK CACHE OPTIONS
# -----------------------------------------------------------------------------

# Saya alokasikan 2000 MB space harddisk
cache_dir ufs /var/spool/squid 2000 16 256


# LOGFILE OPTIONS
# -----------------------------------------------------------------------------
access_log /var/log/squid/access.log squid


# OPTIONS FOR TUNING THE CACHE
# -----------------------------------------------------------------------------
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320


# HTTP OPTIONS
# -----------------------------------------------------------------------------

# Apache mod_gzip and mod_deflate known to be broken so don't trust
# Apache to signal ETag correctly on such responses
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

# TAG: extension_methods
# Squid only knows about standardized HTTP request methods.
# You can add up to 20 additional "extension" methods here.
extension_methods REPORT MERGE MKACTIVITY CHECKOUT


# MISCELLANEOUS
# -----------------------------------------------------------------------------
coredump_dir /var/spool/squid
cache_mgr second.line08@gmail.com
visible_hostname proxy.tekun.com
mantap bro,,,singkat jelas dan padat


User avatar
handra

Post 28 Feb 2012, 19:07

squid.conf lnsung d copas aj ya mas ke squid.conf kita ??
ap ada edit IP kita lg ??


User avatar
rizaaal
Contact:

Post 28 Feb 2012, 20:26

akhirnya setelah berpusing-pusing, saya pun berhasil berkat modifikasi pada beberapa skrip squid.conf yang ada di trit ini. ini punya saya

[spoiler]# HIGH PERFORMANCE SQUID 2.7
# Duacikbar ICT Kardi Sejahtera
# Script Editor : Rizal Rahman
# Config date : 22 Februari 2012
###########################################

# ACCESS CONTROLS
#----------------

acl QUERY urlpath_regex -i cgi-bin \? \.php$ \.asp$ \.shtml$ \.cfm$ \.cfml$ \.phtml$ \.php3$ localhost
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443 563 81
acl Safe_ports port 21 70 80 210 280 443 488 563 591 631 777 901 81 3128 1025-65535
acl CONNECT method CONNECT
acl purge method PURGE
acl client src 172.16.0.0/24
acl client2 src 192.168.0.0/24
acl porno url_regex -i "/etc/squid/porno.txt"
acl socmed url_regex -i "/etc/squid/socmed.txt"
acl jam_belajar1 time MTWHF 07:00-10:00
acl istirahat time MTWHF 10:01-11:00
acl jam_belajar2 time MTWHF 11:01-12:30
acl sholat time MTWHF 12:31-13:00
acl jam_belajar3 time MTWHF 13:01-15:00

http_access deny porno
http_access allow socmed istirahat
http_access allow socmed sholat
http_access deny socmed jam_belajar1
http_access deny socmed jam_belajar2
http_access deny socmed jam_belajar3
http_access allow socmed
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow client
http_access allow client2
http_access allow localnet
http_access deny all

# NETWORK OPTIONS
#----------------

http_port 3128 transparent
zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136

icp_port 0
htcp_port 0
icp_access deny all
htcp_access deny all

snmp_port 0
snmp_access deny all

# OPTIONS WHICH AFFECT THE CACHE SIZE
#------------------------------------

cache_mem 8 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir aufs /cache/c1 4000 9 256
cache_dir aufs /cache/c2 4000 9 256
cache_dir aufs /cache/c3 4000 9 256
cache_dir aufs /cache/c4 4000 9 256
store_dir_select_algorithm least-load
maximum_object_size 128000 KB
cache_swap_low 90
cache_swap_high 95
update_headers off

# LOGFILE PATHNAMES AND CACHE DIRECTORIES
#----------------------------------------

access_log none
cache_log /dev/null
cache_store_log none
logfile_rotate 5
log_ip_on_direct off
log_icp_queries off
buffered_logs off
netdb_filename none
pid_filename /var/run/squid.pid

# OPTIONS FOR TUNING THE CACHE
#-----------------------------

cache deny QUERY
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i \.(gif|png|jp?g|ico|bmp|tiff?)$ 10080 95% 43200 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
refresh_pattern -i \.(rpm|cab|deb|exe|msi|msu|zip|tar|gz|tgz|rar|bin|7z|doc?|xls?|ppt?|pdf|nth|psd|sis)$ 10080 90% 43200 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
refresh_pattern -i \.(avi|iso|wav|mid|mp?|mpeg|mov|3gp|wm?|swf|flv|x-flv|axd)$ 43200 95% 432000 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
refresh_pattern -i \.(html|htm|css|js)$ 1440 75% 40320
refresh_pattern -i \.index.(html|htm)$ 0 75% 10080
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 1440 90% 10080

quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 98
store_avg_object_size 13 KB

# HTTP OPTIONS
#-------------

server_http11 on
collapsed_forwarding on
vary_ignore_expire on
header_access From deny all
header_access Server deny all
header_access Link deny all
header_access Via deny all
header_access X-Forwarded-For deny all

# TIMEOUTS
#---------

forward_timeout 240 seconds
connect_timeout 30 second
peer_connect_timeout 5 seconds
read_timeout 600 second
request_timeout 60 second
persistent_request_timeout 60 seconds
client_lifetime 86400 second
half_closed_clients off
pconn_timeout 60 second
shutdown_lifetime 10 second

# ADMINISTRATIVE PARAMETERS
#--------------------------

cache_mgr Duacikbar
cache_effective_user proxy
cache_effective_group proxy
httpd_suppress_version_string on
visible_hostname Duacikbar

# DELAY POOL PARAMETERS
#----------------------

# ADVANCED NETWORKING OPTIONS
#---------------------------

max_filedescriptors 4096

# DNS OPTIONS
#-----------

check_hostnames off
dns_timeout 30 seconds
dns_nameservers 192.168.0.2, 202.134.1.10, 202.134.0.155
hosts_file /etc/hosts
ipcache_size 8192
ipcache_low 90
ipcache_high 95
fqdncache_size 4096

# MISCELLANEOUS
#--------------

memory_pools off
forwarded_for off
reload_into_ims on
coredump_dir /home/cache1
pipeline_prefetch on
offline_mode off
# -=EoF=-[/spoiler]


User avatar
sipelaut
Contact:

Post 29 Feb 2012, 07:54

kira2
klo mengetahui parameter keefektifan squid yang kita bangun pakek apa ya..
klo dari squid mgr ane suka bingung


User avatar
sare

Post 12 Sep 2012, 18:43

karena sudah ada tread tengan squid.conf jadi saya replay pertanyaan saya disini
permisalan jika saya ingin kopi paste dan merubah scrip squid salah satu diatas
apa semua scrip di squid.conf default saya hapus semua dan copi paste
crip misalkan yang ini [spoiler]###########################################
# HIGH PERFORMANCE SQUID 2.7
# Config date : 21 April 2010
###########################################

# ACCESS CONTROLS
# -----------------------------------------------------------------------------

acl QUERY urlpath_regex -i cgi-bin \? \.php$ \.asp$ \.shtml$ \.cfm$ \.cfml$ \.phtml$ \.php3$ localhost
acl localnet src 10.0.0.0/8
acl localnet src 172.16.0.0/12
acl localnet src 192.168.0.0/16
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/32
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 81 3128 1025-65535
acl sslports port 443 563 81
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl malware url_regex -i "/etc/squid/malware_block.txt"

http_access deny malware
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports
http_access allow localhost
http_access allow localnet
http_access deny all

# NETWORK OPTIONS
# -----------------------------------------------------------------------------
http_port 3128 transparent
#zph_mode tos
#zph_local 0x30
#zph_parent 0
#zph_option 136
#htcp_port 4827

icp_port 0
icp_access deny all
#icp_port 3130

# OPTIONS WHICH AFFECT THE CACHE SIZE
# -----------------------------------------------------------------------------

#cache_mem 96 MB
cache_mem 8 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir aufs /cache 4000 10 256
maximum_object_size 128000 KB
cache_swap_low 90
cache_swap_high 95
update_headers off

# LOGFILE PATHNAMES AND CACHE DIRECTORIES
# -----------------------------------------------------------------------------

access_log /cache/access.log
#access_log none
cache_log /cache/cache.log
#cache_log none
cache_store_log none
logfile_rotate 5
log_ip_on_direct off
log_icp_queries off
buffered_logs off
netdb_filename none
client_db off
#pid_filename /var/run/squid.pid

# OPTIONS FOR TUNING THE CACHE
# -----------------------------------------------------------------------------

cache deny QUERY
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i \.(gif|png|jp?g|ico|bmp|tiff?)$ 10080 95% 43200 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
refresh_pattern -i \.(rpm|cab|deb|exe|msi|msu|zip|tar|gz|tgz|rar|bin|7z|doc?|xls?|ppt?|pdf|nth|psd|sis)$ 10080 90% 43200 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
refresh_pattern -i \.(avi|iso|wav|mid|mp?|mpeg|mov|3gp|wm?|swf|flv|x-flv|axd)$ 43200 95% 432000 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
refresh_pattern -i \.(html|htm|css|js)$ 1440 75% 40320
refresh_pattern -i \.index.(html|htm)$ 0 75% 10080
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 1440 90% 10080

quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 98
store_avg_object_size 13 KB

# HTTP OPTIONS
# -----------------------------------------------------------------------------

server_http11 on
collapsed_forwarding on
vary_ignore_expire on
header_access From deny all
header_access Server deny all
header_access Link deny all
header_access Via deny all
header_access X-Forwarded-For deny all

# TIMEOUTS
# -----------------------------------------------------------------------------

forward_timeout 240 second
connect_timeout 30 second
peer_connect_timeout 5 second
read_timeout 600 second
request_timeout 60 second
persistent_request_timeout 60 second
client_lifetime 86400 second
half_closed_clients off
pconn_timeout 60 second
shutdown_lifetime 10 second

# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------

cache_mgr Rh354
cache_effective_user proxy
cache_effective_group proxy
httpd_suppress_version_string on
visible_hostname Rh354

# ADVANCED NETWORKING OPTIONS
# -----------------------------------------------------------------------------

max_filedescriptors 8192

# DNS OPTIONS
# -----------------------------------------------------------------------------

check_hostnames off
dns_timeout 10 seconds
#DNS NAWALA
#dns_nameservers 180.131.144.144
#dns_nameservers 180.131.144.145
hosts_file /etc/hosts
ipcache_size 8192
ipcache_low 90
ipcache_high 95

# MISCELLANEOUS
# -----------------------------------------------------------------------------

memory_pools off
forwarded_for on
reload_into_ims on
coredump_dir /cache
pipeline_prefetch on
offline_mode off

###### END CONFIGURATION ###########[/spoiler] a jadi saya tinngal edit
sesuai dengan keperluan warnet saya bisa gak ya??

maklum baru belajar tentang ubunt serverdan masih ditahap setting squid


User avatar
arisuganda30

Post 12 Jan 2013, 09:51

mau tnyak ni juragan...!!
boleh ya

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 192.168.0.0/255.255.255.255
acl to_localhost dst 192.168.0.0/8

itu ngisinya gimna??
maaf masih pemulah nie


User avatar
arisuganda30

Post 12 Jan 2013, 10:19

arisuganda30 wrote:mau tnyak ni juragan...!!
boleh ya

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 192.168.0.0/255.255.255.255
acl to_localhost dst 192.168.0.0/8

itu ngisinya gimna??
maaf masih pemulah nie
:ubuntu:


User avatar
q_p
Contact:

Post 12 Jan 2013, 12:41

Boleh :D
Ada di file /etc/squid/squid.conf. Kopi dulu file aslinya, lalu lanjutkan dengan edit file tsb, caranya :

Code: Select all

cp /etc/squid/squid.conf /etc/squid/squid_orig.conf
nano /etc/squid/squid.conf


Post Reply

Who is online

Users browsing this forum: No registered users and 75 guests