SQUID3-HEAD + SSL + TPROXY

Diskusi tentang Ubuntu Server baik webserver, database server, samba server dan service lainnya serta jaringan menggunakan Sistem Operasi Ubuntu.
User avatar
DhananJaya
Posts: 22
Joined: 08 Nov 2012, 21:36
Location: Lubuklinggau

Re: SQUID3-HEAD + SSL + TPROXY

Post by DhananJaya » 22 Jul 2013, 22:55

djamil wrote:sertifikat ku dah mulai laku tapi belum sesuai harapan. tampilan fb berantakan... :grin:
pernah ngalamin yang kek gitu mas, kalo ditempatku masalahnya (mungkin) ada disertifikat nya itu sendiri atau pada folder sslcrtd_program nya.
coba deh buat ulang sertifikatnya disisi server, terus masukin/import lagi di browser disisi client atau install buat internet explorer atawa chrome. terus sebelum running squidnya cp dulu sslcrtd_program nya dengan command
/lib/squid/ssl_crtd -c -s /var/lib/ssl_db -M 16MB
dan kasih izin tulis
chmod -R 777 /var/lib/ssl_db
chown -R nobody /var/lib/ssl_db

cmiiw

@mas pragola
Udah cobain mas? gimana hasilnya? ketemu gak masalah seperti punyaku mas yang bunyinya
fwdNegotiateSSL: Error negotiating SSL connection on bla..bla..bla saat buka facebook atawa game2 dari sono?

regards


User avatar
emnoercsx
Posts: 3
Joined: 25 Apr 2013, 01:52

Post by emnoercsx » 25 Jul 2013, 04:08

Aq dulu pernah pakai setting seperti ini hasilnya fine2 aja.

mkdir /etc/squid3/ssl
chown nobody /etc/squid3/ssl -Rf
cd /etc/squid3/ssl
openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout myCA.pem -out myCA.pem
openssl x509 -in myCA.pem -outform DER -out myCA.der

"squid,conf"
http_port 127.0.0.1:8080 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl/myCA.pem
always_direct allow all
ssl_bump allow all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER

"firefox"
Setting > Advanced > Encryption > View Certificates > Authorities > Import > myCA.der > OK


User avatar
q_p
Posts: 3109
Joined: 14 Oct 2012, 13:01
Contact:

Post by q_p » 25 Jul 2013, 04:23

emnoercsx wrote:...
"firefox"
Setting > Advanced > Encryption > View Certificates > Authorities > Import > myCA.der > OK
GoogleChrome -nya bagaimana ?
Mungkin masih bsia jika client kita sifatnya tertutup. Jika terbuka seperti hotspot atau RT/RW-net, rasanya kok susah sekali :confused:


User avatar
emnoercsx
Posts: 3
Joined: 25 Apr 2013, 01:52

Post by emnoercsx » 25 Jul 2013, 17:12

wah klo hotspot atau RT/RWnet jelasnya gak mungkin harus ngedit browser satu2...klo untuk local an sih bagi ana gak masalah...


User avatar
Sanyo
Posts: 1
Joined: 13 Aug 2013, 09:49

Post by Sanyo » 13 Aug 2013, 10:38

FATAL: refresh_pattern missing the regex pattern parameter

mas pas squid -z kok kluar gini masalah nya apa ya minta pencerahan nya kk


User avatar
baimzeven
Posts: 24
Joined: 25 Mar 2012, 12:28

Post by baimzeven » 22 Aug 2013, 01:03

ditunggu tutor lengkapnya mengenai squid3 nya :)


User avatar
Aira
Posts: 70
Joined: 22 Mar 2012, 21:20

Post by Aira » 26 Aug 2013, 23:20

Ikutan nunggu toturial lengkapnya tentang squid-3 nya... :) :)


User avatar
dja
Posts: 61
Joined: 06 Nov 2012, 23:43

Post by dja » 28 Aug 2013, 16:32

DhananJaya wrote:@mas Pragola
> buat http zph nya di tos 0x30 mas and di mark 4, iptables nya,
iptables -t mangle -A PREROUTING -m tos --tos 0x30 -j MARK --set-mark 4
iptables -t mangle -A OUTPUT -m tos --tos 0x30 -j MARK --set-mark 4

> kalo di bypass via acl bisa mas, tapi kemarin kadung mau tes aja, maksudnya mau dihajar rata aja gak ada acl bypass2an buat seluruh port https he..he. namanya juga penasaran ya mas ^^

@ mas NGERI
NGERI wrote:waduh... mau membantu dikira promosi...
susah memang bangsa ini... mau berbuat baik saja, mesti dicurigai...
sorry, belum ada waktu saya resumekan tentang itu... kalo saya copy pastekan, juga pasti ndak dibolehkan, karena ndak bakalan muat... :)
silahkan kalo ada yang mau ikhlas meresume / atau menuliskan ulang lagi disni..
he..he jangan disalah artikan mas. maksud mas Pragola biar "stuck" yang ditemui pada thread ini bisa selesai pada thread ini juga, jadi how to nya kalo bisa ditulis aja di thread ini cmiiw
btw thanks masukannya mas. Iya nih kalo work, emang work hit https nya. cuma yang masih jadi kendala sering nya nemuin kasus,
fwdNegotiateSSL: Error negotiating SSL connection on FD 30: error:00000000:lib(0):func(0):reason(0) (5/0/0) pada beberapa situs. contohnya kalo kita buka game Pool Live Tour atawa Baseball Heroes di Facebook. biasanya itu muncul. nah kalo itu muncul, biasanya lagi, loading nya luaamaaa... banget biarpun squid nya gak keputus ( soalnya di beberapa squidmail ada yang bilang kalo squidnya mati saat muncul notifikasi seperti diatas pada cache.log nya).. begitchu..kira2.

so..disini masih menunggu petunjuk

regards
search digoogle.. fwdNegotiateSSL: Error negotiating SSL connection on FD 127: error:00000000:lib(0):func(0):reason(0) (5/0/0) ya larinya kesini.. kira2 mas dhananjaya dah nemu jln keluarnya belum ? barangkali dah nemu bisa berbagi :grin:


User avatar
Zest
Posts: 12
Joined: 13 Mar 2012, 17:24
Location: Madiun - Jatim - Indonesia
Contact:

Post by Zest » 31 Aug 2013, 14:40

Ijin simak Gan....


User avatar
kurtvyan69
Posts: 7
Joined: 03 Aug 2013, 23:53
Location: Tangerang

Post by kurtvyan69 » 02 Sep 2013, 15:45

Seperti belakangan ini dengan mozilla 23 yg telah berubah deratis sehingga fitur ssl telah di tiadakan sehingga web FACEBOOK tidak lagi menjadi HTTP melainkan HTTPS???walaupun akun telah dirubah tidak menggunakan HTTPS selalu saja menjadi HTTPS,,,,,,,,
kepada para suhu Mohon bantuanya Untuk memecahkan masalah ini,,,,,???
rasanya PROXY kita tidak berguna bila semua situs Mengandung URL HTTPS
Sekian dan terimakasih,,,,,,,,,,,


User avatar
Bandi_Shippuden
Posts: 62
Joined: 04 May 2012, 12:06
Location: Pekanbaru, Indonesia
Contact:

Post by Bandi_Shippuden » 07 Sep 2013, 14:12

udah ada yg berjalan lancar belum squid-3 + tproxy + ssl
ane nyoba ssl gak pernah bisa konek ...


User avatar
dja
Posts: 61
Joined: 06 Nov 2012, 23:43

Post by dja » 09 Sep 2013, 19:56

saya pakai petunjuknya mas pragolapati dan tut didepan bisa berjalan,, cuma dilog squid banyak keluar fwdNegotiateSSL: Error negotiating SSL connection on FD 127: error:00000000:lib(0):func(0):reason(0) (5/0/0) :/


User avatar
abdan
Posts: 15
Joined: 22 Jun 2010, 09:44
Location: sragen

Post by abdan » 10 Sep 2013, 19:26

Tproxy emang bikinnn..............
capek deh soudara..............
ane nginstall gagal melulu............


User avatar
arinsoft
Posts: 2
Joined: 17 May 2013, 22:06
Location: Batang,Jawa Tengah
Contact:

Post by arinsoft » 13 Sep 2013, 10:12

ikutan nyoba squid3,prosesnya gagal di squid -z sprti mas pragola.pembuatan folder swap berhasil tp berhenti di tengah jalan.apanya yg salah y.utk config ikutin tut d dpan


User avatar
q_p
Posts: 3109
Joined: 14 Oct 2012, 13:01
Contact:

Post by q_p » 14 Sep 2013, 05:39

@all
Back to taufik ... squid3-HEAD ... bukan squid3
  1. Karena target-nya kecuali men-cache https juga men-cache si yusuf
  2. Karena ini proyek bagus, rasanya pantas diberi lem biar lengket


User avatar
arinsoft
Posts: 2
Joined: 17 May 2013, 22:06
Location: Batang,Jawa Tengah
Contact:

Post by arinsoft » 14 Sep 2013, 12:20

@ mas Pragola_Pati
sy juga pake squid3-HEAD mas.saat squid -z berhenti di tengah jalan
2013/09/13 00:17:14 kid1| Making directories in /etc/cache1/0F

solusinya gmn mas


User avatar
Aira
Posts: 70
Joined: 22 Mar 2012, 21:20

Post by Aira » 14 Sep 2013, 23:54

Ternyata sama jga ya pas di squid -z terkendala berhenti setelah bikin directory /cache...
Belum ada yang dapat solusinya mudah2an bisa dapat pencerahannya karena https sudah tidak bisa di tekuk lagi ke http:
Harus tambah brandwit untuk mengoptimalkannya...
Yang sudah bisa pakai squid3-head n https boleh dunk di gelar tutorial lengkapnya :) (ngareeepdotcom)


User avatar
Bandi_Shippuden
Posts: 62
Joined: 04 May 2012, 12:06
Location: Pekanbaru, Indonesia
Contact:

Post by Bandi_Shippuden » 16 Sep 2013, 01:03

punya saya selalu error kayak gini ...
Image

compile
[spoiler]./configure \
--build=x86_64-linux-gnu build_alias=x86_64-linux-gnu \
--prefix=/usr \
--program-suffix=3 \
--includedir=${prefix}/include \
--mandir=${prefix}/share/man \
--infodir=${prefix}/share/info \
--sysconfdir=/etc/squid3 \
--localstatedir=/var \
--libexecdir=${prefix}/lib/squid3 \
--libdir=/usr/lib \
--datadir=/usr/share/squid3 \
--srcdir=. \
--disable-maintainer-mode \
--disable-dependency-tracking \
--disable-silent-rules \
--disable-auth \
--disable-auth \
--disable-translation \
--enable-kill-parent-hack \
--enable-ssl \
--enable-ssl-crtd \
--enable-delay-pools \
--enable-async-io=24 \
--enable-gnuregex \
--enable-ltdl-convenience \
--enable-storeio=ufs,aufs,diskd \
--enable-removal-policies=lru,heap \
--enable-inline \
--enable-cache-digests \
--enable-underscores \
--enable-referer-log \
--enable-icap-client \
--enable-follow-x-forwarded-for \
--enable-x-accelerator-vary \
--enable-arp-acl \
--enable-esi \
--enable-zph-qos \
--enable-wccpv2 \
--enable-http-violations \
--enable-cachemgr-hostname=TProxy \
--enable-Linux-netfilter \
--with-logdir=/var/log/squid3 \
--with-pidfile=/var/run/squid3.pid \
--with-default-user=proxy \
--with-aufs-threads=24 \
--with-pthreads \
--with-large-files \
--with-cppunit-basedir=/usr \
--with-filedescriptors=65536[/spoiler]

squid.conf
[spoiler]##################################################
# ACCESS CONTROLS
##################################################
acl localnet src 192.168.10.0/24 # RFC1918 possible internal network

acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync

acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl Safe_ports port 182 # uploadic
acl purge method PURGE
acl CONNECT method CONNECT

acl QUERY urlpath_regex -i \.(ini|ui|lst|inf|mh-|sc-)
acl QUERY urlpath_regex -i (afs.dat|captcha|reset.css|update.txt|version.list|gamenotice|vdf.info.gz|patchinfo.bin|latest-version.xml|start*.txt|server_patch.cfg.iop|patchinfo.xml|PatchTimeCheck.dat|PatchPath.dat)

acl redir urlpath_regex -i &redirect_counter=1&cms_redirect=yes
acl redir urlpath_regex -i &ir=1&rr=12

acl yutub url_regex -i youtube\.com\/(generate_204|ptracking|stream_204|player_204|s|(.*(playback|watchtime|delayplay)))\?.*$
acl yutub url_regex -i gstatic\.com\/csi\?.*$

####################################################
# ACL FOR STORE ID
####################################################
acl rewritedoms url_regex -i dl\.sourceforge\.net.*
acl rewritedoms url_regex -i i[0-9]*\.ytimg\.com.*
acl rewritedoms url_regex -i ak\.fbcdn\.net.*
acl rewritedoms url_regex -i (youtube|google).*\/videoplayback\?.*
acl dontrewrite url_regex -i c\.youtube\.com\/.*(begin|start)\=.*
acl dontrewrite url_regex redbot\.org
acl getmethod method GET

####################################################
# HTTP ACCESS CONTROL
####################################################
http_access allow manager localhost
http_access allow manager localnet
http_access allow purge localhost
http_access allow localnet
http_access allow localhost
http_access deny manager
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost getmethod
http_access deny all

#####################################################
# NETWORK OPTIONS
#####################################################
https_port 3443 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB key=/etc/squid3/ssl_cert/myCA.pem cert=/etc/squid3/ssl_cert/myCA.pem connection-auth=off
http_port 3480 tproxy
http_port 3480 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB key=/etc/squid3/ssl_cert/myCA.pem cert=/etc/squid3/ssl_cert/myCA.pem connection-auth=off

#####################################################
# SSL OPTIONS
#####################################################
always_direct allow all
ssl_bump server-first all

#####################################################
# OPTIONS RELATING TO EXTERNAL SSL_CRTD
#####################################################
sslcrtd_program /usr/lib/squid3/ssl_crtd -s /etc/squid3/lib/ssl_db -M 4MB
sslcrtd_children 5

sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER

#####################################################
# OPTIONS FOR STORE ID
#####################################################
store_id_program /etc/squid3/store-id.pl
store_id_children 20 startup=10 idle=5 concurrency=30
store_id_access deny !getmethod
store_id_access deny redir
store_id_access deny dontrewrite
store_id_access allow rewritedoms
store_id_access deny all

#####################################################
# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
#####################################################
hierarchy_stoplist (afs.dat|update.txt|version.list|vdf.info.gz|captcha|reset.css|gamenotice|patchinfo.bin|latest-version.xml|start*.txt|server_patch.cfg.iop|patchinfo.xml|PatchTimeCheck.dat|PatchPath.dat)

#####################################################
# MEMORY CACHE OPTIONS
#####################################################
cache_mem 8 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
memory_pools off

#####################################################
# DISK CACHE OPTIONS
#####################################################
cache_replacement_policy heap LFUDA
#
cache_dir aufs /cache-https-01 15000 15 256
cache_dir aufs /cache-https-02 15000 15 256
cache_dir aufs /cache-https-03 25000 25 256
cache_dir aufs /cache-https-04 25000 25 256
#
store_dir_select_algorithm round-robin
maximum_object_size 200 MB
cache_swap_low 98
cache_swap_high 99

#####################################################
# LOGFILE OPTIONS
#####################################################
access_log /var/log/squid3/access.log
cache_log /var/log/squid3/cache.log
cache_log /dev/null
cache_store_log /dev/null
logfile_rotate 2
log_icp_queries off
strip_query_terms on

#####################################################
# HEADER CONTROL
#####################################################
request_header_access From deny all
request_header_access Server deny all
request_header_access WWW-Authenticate deny all
request_header_access Link deny all
request_header_access Cache-Control deny all
request_header_access Proxy-Connection deny all
request_header_access X-Cache deny all
request_header_access X-Cache-Lookup deny all
request_header_access Via deny all
request_header_access Forwarded-For deny all
request_header_access X-Forwarded-For deny all
request_header_access Pragma deny all
request_header_access Keep-Alive deny all

#####################################################
# OPTIONS FOR TUNING THE CACHE
#####################################################
no_cache deny QUERY
max_stale 1 year
#====================================================
# TAG: Refresh Pattern
#====================================================
# 1 year = 525600 mins, 1 month = 43200 mins, 1 day = 1440
#====================================================
refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?) 1440 90% 43200 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern (get_video\?|videoplayback\?id|videoplayback.*id|videodownload\?|\.flv?) 1440 90% 43200 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale

refresh_pattern \.(ico|video-stats) 1440 90% 43200 override-expire ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth override-lastmod ignore-must-revalidate store-stale
refresh_pattern \.etology\? 1440 90% 43200 override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern galleries\.video(\?|sz) 1440 90% 43200 override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern brazzers\? 1440 90% 43200 override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern patch.gemscool.*\.npz\? 1440 90% 43200 override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern ^.*cp.*GrandChase/.* 43200 100% 43200 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private store-stale
refresh_pattern \.adtology\? 1440 90% 43200 override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern fetch\.softnyx\.co\.id\/fetch.dll\? 1440 90% 43200 override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern \.gstatic.com\/images\?*\.(jpg|jpeg|tiff|bmp|gif|png) 1440 90% 43200 override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern ^.*(utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 43200 20% 43200 ignore-no-cache ignore-no-store ignore-private override-expire ignore-reload ignore-auth ignore-must-revalidate store-stale max-stale=10
refresh_pattern ^.*safebrowsing.*google 1440 90% 43200 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth ignore-must-revalidate store-stale
refresh_pattern ^http://((cbk|mt|khm|mlt)[0-9]?)\.google\.co(m|\.uk|\.id) 1440 90% 43200 override-expire ignore-reload ignore-private store-stale
refresh_pattern ytimg\.com.*\.jpg 1440 90% 43200 override-expire ignore-reload store-stale
refresh_pattern images\.friendster\.com.*\.(png|gif) 1440 90% 43200 override-expire ignore-reload store-stale
refresh_pattern garena\.com 1440 90% 43200 override-expire reload-into-ims store-stale
refresh_pattern photobucket.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 1440 90% 43200 override-expire ignore-reload store-stale
refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 1440 90% 43200 ignore-no-cache override-expire override-lastmod store-stale
refresh_pattern mediafire.com\/images.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 1440 90% 43200 reload-into-ims override-expire ignore-private store-stale
refresh_pattern ^http:\/\/images|pics|thumbs[0-9]\. 1440 90% 43200 reload-into-ims ignore-no-cache ignore-reload override-expire store-stale
refresh_pattern ^http:\/\/www.onemanga.com.*\/ 1440 90% 43200 reload-into-ims ignore-no-cache ignore-reload override-expire store-stale
refresh_pattern ^http://v\.okezone\.com/get_video\/([a-zA-Z0-9]) 1440 90% 43200 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth override-lastmod store-stale

# ANTI VIRUS
refresh_pattern guru.avg.com/.*\.(bin) 1440 90% 10080 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern (avgate|avira).*(idx|gz)$ 1440 90% 10080 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern kaspersky.*\.avc$ 1440 90% 10080 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern kaspersky 1440 90% 10080 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern update.nai.com/.*\.(gem|zip|mcs) 1440 90% 10080 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern ^http:\/\/liveupdate.symantecliveupdate.com.*\(zip) 1440 90% 10080 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale

#Windows Update
refresh_pattern windowsupdate.com/.*\.(cab|exe) 10080 90% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern update.microsoft.com/.*\.(cab|exe) 10080 90% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern download.microsoft.com/.*\.(cab|exe) 10080 90% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale

#images facebook
refresh_pattern ((facebook.com)|(85.131.151.39)).*\.(jpg|png|gif) 129600 90% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern -i .facebook.com.*.(jpg|gif|png|swf|wav|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv|zip|rar) 12960 90% 129600 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth refresh-ims store-stale
refresh_pattern -i .fbcdn.net.*.(jpg|gif|png|swf|wav|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv|zip|rar) 12960 90% 129690 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth refresh-ims store-stale
refresh_pattern -i .zynga.com.*.(jpg|gif|png|swf|wav|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv) 12960 90% 129609 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth refresh-ims store-stale
refresh_pattern -i .crowdstar.com.*.(jpg|gif|png|swf|wav|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv) 12960 90% 129609 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth refresh-ims store-stale
refresh_pattern \/static.ak.fbcdn.net*.(jpg|gif|png|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv) 129600 90% 129600 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth refresh-ims store-stale
refresh_pattern \/videoxl.l[0-9].facebook.com/(.*)(3gp|flv|swf|wmv|mp(e?g|a|e|1|2|3|4)) 129600 90% 129600 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth refresh-ims store-stale
refresh_pattern \/*.channel.facebook.com/(.*)(js|css|swf|jpg|gif|png|mp(e?g|a|e|1|2|3|4)) 129600 90% 129600 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth refresh-ims store-stale
refresh_pattern \.video.ak.facebook.com*.(3gp|flv|swf|wmv|mp(e?g|a|e|1|2|3|4)) 129600 90% 129600 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth refresh-ims store-stale
refresh_pattern \.photos-[a-z].ak.fbcdn.net/(.*)(css|swf|jpg|gif|png|mp(e?g|a|e|1|2|3|4)) 129600 90% 129600 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth refresh-ims store-stale
refresh_pattern \.profile.ak.fbcdn.net*.(jpg|gif|png) 129600 90% 129600 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth refresh-ims store-stale
refresh_pattern \.platform.ak.fbcdn.net/.* 720 100% 4320 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth refresh-ims store-stale
refresh_pattern \.creative.ak.fbcdn.net/.* 720 100% 4320 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth refresh-ims store-stale
refresh_pattern \.apps.facebook.com/.* 720 100% 4320 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth refresh-ims store-stale
refresh_pattern \.static.ak.fbcdn.net*.(js|css|jpg|gif|png) 129600 90% 129600 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth refresh-ims store-stale
refresh_pattern \.statics.poker.static.zynga.com/(.*)(swf|jpg|gif|png|mp(e?g|a|e|1|2|3|4)) 129600 90% 129600 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth refresh-ims store-stale
refresh_pattern \.statics.poker.static.zynga.com/.* 720 100% 4320 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth refresh-ims store-stale
refresh_pattern \/*.zynga.com*.(swf|jpg|gif|png|wav|mp(e?g|a|e|1|2|3|4)) 129600 90% 129600 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth refresh-ims store-stale
refresh_pattern \/*.crowdstar.com*.(swf|jpg|gif|png|wav|mp(e?g|a|e|1|2|3|4)) 129600 90% 129600 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth refresh-ims store-stale

#games facebook
refresh_pattern -i \.apps.facebook.com.*\/ 10080 90% 43200 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern -i \.zynga.com.*\/ 10080 90% 43200 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern -i \.farmville.com.*\/ 10080 90% 43200 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern -i \.ninjasaga.com.*\/ 10080 90% 43200 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern -i \.mafiawars.com.*\/ 10080 90% 43200 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern -i \.crowdstar.com.*\/ 10080 90% 43200 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern -i \.popcap.com.*\/ 10080 90% 43200 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale

#banner IIX
refresh_pattern ^http:\/\/openx.*\.(jp(e?g|e|2)|gif|pn[pg]|swf|ico|css|tiff?) 1440 90% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/ads(1|2|3).kompas.com.*\/ 43200 90% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/img.ads.kompas.com.*\/ 43200 90% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern .kompasimages.com.*\.(jpg|gif|png|swf) 43200 90% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/openx.kompas.com.*\/ 43200 90% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern kaskus\.co\.id*\.(jp(e?g|e|2)|gif|png|swf) 43200 90% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/img.kaskus.co.id.*\.(jpg|gif|png|swf) 43200 90% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale

#IIX DOWNLOAD
refresh_pattern ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(mp3|rar|zip|flv|wmv|3gp|mp(4|3)|exe|msi|zip) 43200 90% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale ignore-auth

#All File
refresh_pattern -i \.(3gp|7z|ace|asx|bin|deb|divx|dvr-ms|ram|rpm|exe|inc|cab|qt|kom) 1440 90% 43200 ignore-no-store ignore-must-revalidate override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v)|arj|lha|lzh|zip|tar) 1440 90% 43200 ignore-no-store ignore-must-revalidate override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|dat|ad|txt|dll) 1440 90% 43200 ignore-no-store ignore-must-revalidate override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(avi|ac4|mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rm|r(a|p)m|snd|vob) 1440 90% 43200 ignore-no-store ignore-must-revalidate override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(pp(t?x)|s|t)|pdf|rtf|wax|wm(a|v)|wmx|wpl|cb(r|z|t)|xl(s?x)|do(c?x)|flv|x-flv) 1440 90% 43200 ignore-no-store ignore-must-revalidate override-expire override-lastmod reload-into-ims store-stale

refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern ^ftp: 10080 95% 43200 override-lastmod reload-into-ims store-stale
refresh_pattern . 0 95% 43200 override-lastmod reload-into-ims store-stale

###############################################
# OPTION TUNING
###############################################
quick_abort_min 0 KB
quick_abort_max 0
quick_abort_pct 95
negative_ttl 2 seconds
minimum_expiry_time 60 seconds
vary_ignore_expire on

icap_206_enable off
quick_abort_pct 100
ipcache_size 4096
ipcache_low 98
ipcache_high 99
fqdncache_size 4096
pipeline_prefetch on
shutdown_lifetime 1 second
request_timeout 1 minute

client_db off
reload_into_ims on
offline_mode off

forwarded_for on
follow_x_forwarded_for allow all
tproxy_uses_indirect_client on

################################################
# HOST NAME PROXY
################################################
visible_hostname bandi-shippuden.blogspot.com
cache_mgr bandi_shippuden@gmail.com
cache_effective_user proxy
cache_effective_group proxy

################################################
# ZPH QOS
################################################
tcp_outgoing_tos 0x30 localnet
qos_flows tos 0x30
#qos_flows mark 0x4
qos_flows local-hit=0x30

################################################
# OPSI TAMBAHAN
################################################
pid_filename /var/run/squid3.pid
coredump_dir /var/spool/squid3
error_directory /usr/share/squid3/errors/id-id
icon_directory /usr/share/squid3/icons
mime_table /etc/squid3/mime.conf[/spoiler]

Generate sertifikat ssl
[spoiler]generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl_cert/myCA.pem
openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout myCA.key -out myCA.pem[/spoiler]

SSL CERD
/usr/lib/squid3/ssl_crtd -c -s /etc/squid3/ssl_db

IPTABLES SSL
[spoiler]iptables -t mangle -A PREROUTING -s 192.168.10.100 ! -d 192.168.10.254/32 -p tcp --dport 443 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3443
iptables -t mangle -A PREROUTING -d 192.168.10.0/24 -p tcp -m tcp --dport 443 -j ACCEPT
iptables -t mangle -A PREROUTING -d 192.168.10.0/24 -p tcp -m tcp --dport 3443 -j ACCEPT
iptables -t mangle -A PREROUTING -d 192.168.10.0/24 -p tcp -m tcp --dport 3880 -j ACCEPT
iptables -t mangle -A PREROUTING -d 192.168.10.0/24 -p tcp -m tcp --dport 3881 -j ACCEPT[/spoiler]


Kira2 masalahnya d mana ya ....
saya ketik squid3 -Nd1
hasilnya gak ada error
saya cek sevice squid3 status hasilnya squid runing ...

error setelah ngutak2 lagi ...
Image


User avatar
Bandi_Shippuden
Posts: 62
Joined: 04 May 2012, 12:06
Location: Pekanbaru, Indonesia
Contact:

Post by Bandi_Shippuden » 19 Sep 2013, 05:52

Mas Pragola_Pati
ini setelah nyoba lagi ... kalo iptables redirect port 443 di aktifin muncul pesan error seperti ini /..

FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

nah kalo gak di aktifin iptables redirect port 443, squid-3.HEAD jalan normal cuma hasilnya gak bisa HIT
mohon petunjuknya mas ...


User avatar
kuroseno
Posts: 7
Joined: 16 Sep 2013, 11:25

Post by kuroseno » 22 Sep 2013, 22:22

ijin nyimak dolo, maklum masih newbi

pengen belajar juga squid yg support ssl, hmm baru bisa http soalnya..


User avatar
kuroseno
Posts: 7
Joined: 16 Sep 2013, 11:25

Post by kuroseno » 23 Sep 2013, 12:30

step2 nya gmana gan??


User avatar
muhsan
Posts: 1
Joined: 27 Sep 2013, 15:58

Post by muhsan » 29 Sep 2013, 10:03

Met Pagi mastah, terutama om �yaifuddin Jw, Mohon bantuannya saya abiz ngoprek" tutorial squid3 di https://code.google.com/p/tempat-sampah ... /configure

dan tak utak atik, Squid sudah Running, tetapi error seperti ini :
ERROR
The requested URL could not be retrieved

The following error was encountered while trying to retrieve the URL: /

Invalid URL

Some aspect of the requested URL is incorrect.

Some possible problems are:

Missing or incorrect access protocol (should be "http://" or similar)

Missing hostname

Illegal double-escape in the URL-Path

Illegal character in hostname; underscores are not allowed.

Your cache administrator is webmaster.


di cek access log : tail -f /var/log/squid/access.log | ccze juga gak keluar.


User avatar
otonk
Posts: 28
Joined: 12 Sep 2013, 08:59

Post by otonk » 02 Oct 2013, 14:58

sama masalahnya kayak di atas, gak ada error cuman gak jalan dipake browsing, di tail juga gak keluar apa apa....
udah pusing build squid3, nunggu tutor aja dah.......
tanyak mbah gugel terus..........


User avatar
anbel
Posts: 263
Joined: 18 Mar 2013, 23:38
Location: Bogor - Jakarta
Contact:

Post by anbel » 19 Oct 2013, 18:35

@Mas SJW
@Mas Pragola
@Mas DhananJaya

Kalau begini apa yang harus dilakukan : :confused:
root@anbelnet:/# squid -Nd1
2013/10/19 18:26:55| WARNING: (B) '::/0' is a subnetwork of (A) '::/0'
2013/10/19 18:26:55| WARNING: because of this '::/0' is ignored to keep splay tree searching predictable
2013/10/19 18:26:55| WARNING: You should probably remove '::/0' from the ACL named 'all'
2013/10/19 18:26:55| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1'
2013/10/19 18:26:55| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable
2013/10/19 18:26:55| WARNING: You should probably remove '127.0.0.1' from the ACL named 'localhost'
2013/10/19 18:26:55| WARNING: (B) '127.0.0.0/8' is a subnetwork of (A) '127.0.0.0/8'
2013/10/19 18:26:55| WARNING: because of this '127.0.0.0/8' is ignored to keep splay tree searching predictable
2013/10/19 18:26:55| WARNING: You should probably remove '127.0.0.0/8' from the ACL named 'to_localhost'
2013/10/19 18:26:55| WARNING: (B) '192.168.200.0/24' is a subnetwork of (A) '192.168.200.0/24'
2013/10/19 18:26:55| WARNING: because of this '192.168.200.0/24' is ignored to keep splay tree searching predictable
2013/10/19 18:26:55| WARNING: You should probably remove '192.168.200.0/24' from the ACL named 'localnet'
2013/10/19 18:26:55| refreshAddToList: Unknown option '^.*(streamate.doublepimp.com.*\.js\?|utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).*': negative-ttl=40320
FATAL: No valid signing SSL certificate configured for https_port [::]:3127
Squid Cache (Version 3.HEAD-20130425-r12775): Terminated abnormally.
CPU Usage: 0.004 seconds = 0.004 user + 0.000 sys
Maximum Resident Size: 24032 KB
Page faults with physical i/o: 0


User avatar
q_p
Posts: 3109
Joined: 14 Oct 2012, 13:01
Contact:

Post by q_p » 19 Oct 2013, 18:47

Dari Pesan error-nya =
  1. Ada kesalahan penulisan syntax pada refreshAddToList (reffresh_pattern ?)
    refreshAddToList: Unknown option '^.*(streamate.doublepimp.com.*\.js\?|utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).*': negative-ttl=40320
  2. SSL certificate belum self-signed
    FATAL: No valid signing SSL certificate configured for https_port [::]:3127
cmiiw


User avatar
anbel
Posts: 263
Joined: 18 Mar 2013, 23:38
Location: Bogor - Jakarta
Contact:

Post by anbel » 19 Oct 2013, 19:11

@Mas Pragola
Klu mengenai warningnya bagaimana mas?, sepertinya ada masalah subnetnya.
Jln keluarnya bagaimana? :confused:


User avatar
q_p
Posts: 3109
Joined: 14 Oct 2012, 13:01
Contact:

Post by q_p » 19 Oct 2013, 20:11

anbel wrote:@Mas Pragola
Klu mengenai warningnya bagaimana mas?, sepertinya ada masalah subnetnya.
Jln keluarnya bagaimana? :confused:
Abaikan saja, itukan warning :)


User avatar
anbel
Posts: 263
Joined: 18 Mar 2013, 23:38
Location: Bogor - Jakarta
Contact:

Post by anbel » 20 Oct 2013, 20:13

q_p wrote:
anbel wrote:@Mas Pragola
Klu mengenai warningnya bagaimana mas?, sepertinya ada masalah subnetnya.
Jln keluarnya bagaimana? :confused:
Abaikan saja, itukan warning :)
@Mas Pragola
Squid3 Head Masih gagal, warning diatas diabaikan, certificate dibuat ulang dan verified, begitu sguid -z tidak sukses (berhenti), dicoba restart squid dan lihat dengan tail -f /var/...access.log | ccze berjalan tesendat2, dibrowser errot. :confused:
Sepertinya mesti bertapa lagi 40 hari he he... :D


User avatar
mesaidlg
Posts: 1
Joined: 23 Oct 2013, 14:27
Location: Yogyakarta

Post by mesaidlg » 28 Oct 2013, 08:39

gan minta bantuannya, ane udah install squid3 HEAD,
pas mau restart squid3 hasilnya kek gini gan,,
[spoiler]root@SERVER-SMP2WNO:~# service squid3 restart
* Restarting Squid HTTP Proxy 3.Head squid3 2013/10/28 08:29:57| WARNING: (B) '::/0' is a subnetwork of (A) '::/0'
2013/10/28 08:29:57| WARNING: because of this '::/0' is ignored to keep splay tree searching predictable
2013/10/28 08:29:57| WARNING: You should probably remove '::/0' from the ACL named 'all'
2013/10/28 08:29:57| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1'
2013/10/28 08:29:57| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable
2013/10/28 08:29:57| WARNING: You should probably remove '127.0.0.1' from the ACL named 'localhost'
2013/10/28 08:29:57| WARNING: (B) '127.0.0.0/8' is a subnetwork of (A) '127.0.0.0/8'
2013/10/28 08:29:57| WARNING: because of this '127.0.0.0/8' is ignored to keep splay tree searching predictable
2013/10/28 08:29:57| WARNING: You should probably remove '127.0.0.0/8' from the ACL named 'to_localhost'
2013/10/28 08:29:57| WARNING: (B) '10.0.0.0/8' is a subnetwork of (A) '10.0.0.0/8'
2013/10/28 08:29:57| WARNING: because of this '10.0.0.0/8' is ignored to keep splay tree searching predictable
2013/10/28 08:29:57| WARNING: You should probably remove '10.0.0.0/8' from the ACL named 'localnet'
2013/10/28 08:29:57| WARNING: (B) '192.168.5.0/24' is a subnetwork of (A) '192.168.5.0/24'
2013/10/28 08:29:57| WARNING: because of this '192.168.5.0/24' is ignored to keep splay tree searching predictable
2013/10/28 08:29:57| WARNING: You should probably remove '192.168.5.0/24' from the ACL named 'localnet'
2013/10/28 08:29:57| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1'
2013/10/28 08:29:57| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable
2013/10/28 08:29:57| WARNING: You should probably remove '127.0.0.1' from the ACL named 'localhost'
2013/10/28 08:29:57| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1'
2013/10/28 08:29:57| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable
2013/10/28 08:29:57| WARNING: You should probably remove '127.0.0.1' from the ACL named 'localhost'
2013/10/28 08:29:57| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1'
2013/10/28 08:29:57| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable
2013/10/28 08:29:57| WARNING: You should probably remove '127.0.0.1' from the ACL named 'localhost'
[ OK ]
root@SERVER-SMP2WNO:~#[/spoiler]

udah ubek squid.conf tetep gak mau
squid.conf
[spoiler]

Code: Select all

## SQUID 3.HEAD
# Testing Configuration
################

###################################
# ACCESS CONTROL LIST
# source: FPUI acl r25 and KIOS, with some edited nangkono and nangkene
####################################

acl QUERY urlpath_regex -i cgi-bin \? \.php$ \.asp$ \.shtml$ \.cfm$ \.cfml$ \.phtml$ \.php3$ localhost
#acl all src
acl localnet src 10.0.0.0/8
acl localnet src 192.168.5.0/24 # Your network here
acl localhost src 127.0.0.1/32
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 81 3128 1025-65535
acl sslports port 443 563 81 2087 10000
#acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl ym dstdomain .messenger.yahoo.com .psq.yahoo.com
acl ym dstdomain .us.il.yimg.com .msg.yahoo.com .pager.yahoo.com
acl ym dstdomain .rareedge.com .ytunnelpro.com .chat.yahoo.com
acl ym dstdomain .voice.yahoo.com
acl ymregex url_regex yupdater.yim ymsgr myspaceim

# SAFE PORTs
##################
acl SSL_ports port 443 563 873 			# https snews rsync 
acl Safe_ports port 80 20 21 221 70 210 1025-65535 631 10000 901 280 488 591 777 873 110 995 25 587 995 2095 2096 2082 2083 18901-18909 			# default 
acl purge method PURGE
acl CONNECT method CONNECT

# TIME LIMITs
##################

http_access deny ym
http_access deny ymregex
#http_access allow manager localhost
#http_access deny manager
#http_access allow purge localhost
#http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports
#http_access allow localhost
#http_access allow localnet
http_access deny all

#end of ACL
#################

# Store_ID buat squid3.HEAD atawa squid 3.4 <comment jika menggunakan versi sebelumnya>
################
store_id_program /etc/squid3/store-id.pl
store_id_children 20 startup=5 idle=1 concurrency=20


# PORTs
##############
https_port 3127 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl_cert/myCA.pem
http_port 3128 
http_port 3129 tproxy
always_direct allow all
ssl_bump server-first all

#ssl_bump allow all
##Or may be deny all according to your company policy
##sslproxy_cert_error deny all
#acl TrustedName url_regex -i "/etc/squid3/https.conf"
#sslproxy_cert_error allow TrustedName

sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
sslcrtd_program /usr/lib/squid3/ssl_crtd -s /etc/squid3/ssl_db -M 4MB
sslcrtd_children 20

#########################
# MISc
#########################
request_header_access From deny all
request_header_access Server deny all
request_header_access WWW-Authenticate deny all
request_header_access Link deny all
request_header_access Cache-Control deny all
request_header_access Proxy-Connection deny all
request_header_access X-Cache deny all
request_header_access X-Cache-Lookup deny all
request_header_access Via deny all
request_header_access Forwarded-For deny all
request_header_access X-Forwarded-For deny all
request_header_access Pragma deny all
request_header_access Keep-Alive deny all

#########################
# TUNES 3-HEAD
#########################
strip_query_terms off
cache_mem 16 MB
maximum_object_size_in_memory 13 KB
minimum_object_size 0 KB
maximum_object_size 64 MB
cache_swap_low 98
cache_swap_high 99
ipcache_size 10240
fqdncache_size 10240
positive_dns_ttl 8 hours
negative_dns_ttl 15 seconds
ipcache_low 97
ipcache_high 98
#log_fqdn off
log_icp_queries off
half_closed_clients off
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 98
vary_ignore_expire on
#pipeline_prefetch on
reload_into_ims on
forwarded_for off
via on
buffered_logs on
client_db on
client_persistent_connections off
server_persistent_connections off
icp_hit_stale on
query_icmp on
memory_pools off
negative_ttl 30 seconds
max_filedescriptors 65536
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
uri_whitespace strip
shutdown_lifetime 10 seconds
logfile_rotate 1
tcp_outgoing_tos 0x30 localnet

# ZPH
###########################
qos_flows tos 0x30 
#qos_flows mark 0x4
qos_flows local-hit=0x30

############################
# CACHE_DIR
# Measuring your cache_dir, with this formula : 
# ((( x / y ) / 256 ) / 256 ) * 2 = L1
# while  256 = L2 ( Ususally used, 256. but you can change it to 512 if you like)
#	    x = your current HD size for cache_dir
#          y = average object (usually 13 kb)
# L1, L2 = your directory value
########################################
cache_dir aufs /cache1 40000 94 256
cache_dir aufs /cache2 40000 94 256

################
# PATHs
################
coredump_dir /var/spool/squid3
access_log stdio:/var/log/squid3/access.log
cache_log /var/log/squid3/cache.log
cache_store_log none

# REFRESH PATTERN 
# Dhananjaya(c)2012
#--------
# 1 year = 525600 mins, 1 month = 43200, 1 week = 10080 mins, 1 day = 1440 
#--------

max_stale 3 years

#refresh_pattern .*(get_video\?|videoplayback\?|videodownload\?|\.flv?) 129600 99% 129600 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale 
#refresh_pattern .*(get_video\?|videoplayback\?(id.*)?|videoplayback.*id|videodownload\?|\.flv?) 129600 99% 129600 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale 
#refresh_pattern .*\.youtube\.com\/(watch\?|get_video\?|videoplayback\?(id.*)?|videoplayback.*id|videodownload\?|\.flv?).*\.(flv|swf|mp3|mp4|webm|xml|txt|js|css)(.*)? 129600 99% 129600 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale 

#refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?).*\.((x\-)?flv|(x\-)?swf|mp(3|4)) 129600 99% 129600 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
#refresh_pattern (get_video\?|videoplayback\?(id.*)?|videoplayback.*id|videodownload\?|\.flv?).*\.((x\-)?flv|(x\-)?swf|mp(3|4)) 129600 99% 129600 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale

#refresh_pattern \.(ico|video\-stats)(.*)? 129600 99% 129600 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale 
refresh_pattern -i \.speedtest\/.*\.(jpe?g|swf|png|gif|html|txt|xml|html|css|js|php) 64800 99% 64800 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale 
#refresh_pattern -i \/[a-z]\.speedtest\.net\/.*\.(jpe?g|swf|bmp|png|ico|css|js|gif|php) 64800 99% 64800 ignore-must-revalidate ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale 

######################
# adds and cdn for bandwidth saving
######################
refresh_pattern -i ^http\:\/\/ssl\.gstatic\.com\/.*\.(jpe?g|swf|png|gif|bmp|js|css) 11520 99% 11520 ignore-reload reload-into-ims store-stale 
refresh_pattern -i \.gstatic\.com\/.*\.(gif|jpe?g|bmp|png|swf|js|css)(.*)? 43200 99% 43200 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale 
refresh_pattern -i ^http\:\/\/www\.google\.co(\.id|m)\/images\/.*\.(jpe?g|swf|png|gif|bmp|js|css) 11520 99% 525600 ignore-reload ignore-private reload-into-ims store-stale 
refresh_pattern -i ^http\:\/\/www\.google\.co(\.id|m)\/.*\.(jpe?g|swf|png|gif|bmp|js|css|html|gzip|zip|rar|tar|nar) 11520 99% 11520 ignore-reload ignore-private reload-into-ims store-stale 
refresh_pattern -i .*(\.doubleclick\.net|\.quantserve\.com|\.googlesyndication\.com|yieldmanager|cpxinteractive).*\.(jpe?g|swf|bmp|png|ico|css|js|gif) 64800 99% 64800 ignore-must-revalidate ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale 
refresh_pattern -i ^http\:\/\/cdn(.*)?\.fastclick\.net\/.*\.(gif|jpe?g|bmp|png|swf|js|css)(.*)? 43200 99% 43200 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale 

######################
# situs2 populer Indonesia
######################
# kapanlagi
refresh_pattern -i ^http\:\/\/[a-z]\.kapanlaginetwork\.com\/.*\(jpe?g|swf|png|bmp|ico|gif|txt|css|js)(.*)? 64800 99% 64800 ignore-reload reload-into-ims override-expire override-lastmod store-stale
refresh_pattern -i http\:\/\/www\.kapanlagi\.com\/ 0 0% 0

# okezone
refresh_pattern -i http\:\/\/cdn\.okeinfo\.net\/.*\.(jpe?g|swf|png|bmp|ico|gif|txt|css|js)(.*)? 64800 99% 64800 ignore-reload reload-into-ims store-stale 
refresh_pattern -i http\:\/\/img\.okeinfo\.net\/.*\.(jpe?g|swf|png|bmp|ico|gif|txt|css|js)(.*)? 64800 99% 64800 ignore-reload reload-into-ims store-stale 
refresh_pattern -i http\:\/\/cdn\.okezone\.tv\/.*\.(jpe?g|swf|png|bmp|ico|gif|txt|css|js)(.*)? 64800 99% 64800 ignore-reload reload-into-ims store-stale 
refresh_pattern -i \.okezone\.com\/.*\.(jpe?g|swf|png|bmp|ico|gif|txt|css|js)(.*)? 64800 99% 64800 ignore-reload reload-into-ims store-stale  
refresh_pattern -i ^http\:\/\/www\.okezone\.com\/ 0 0% 0

# kompas
refresh_pattern -i ^http\:\/\/stat\.k\.kidsklik\.com\/.*\.(gif|jpe?g|png|swf|js|css|ico|bmp) 43200 99% 43200 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i ^http\:\/\/img\.ads\.kompas\.com\/.*\.(gif|jpe?g|png|swf|js|css|ico|bmp) 43200 99% 43200 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i ^http\:\/\/ads.*\.kompasads\.com\/.*\.(gif|jpe?g|png|swf|js|css|ico|bmp) 43200 99% 43200 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i ^http\:\/\/assets\.kompas\.com\/.*\.(gif|jpe?g|png|swf|js|css|ico|bmp) 43200 99% 43200 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i ^http\:\/\/tv\.kompas\.com\/.*\.(gif|jpe?g|png|swf|js|css|ico|bmp) 43200 99% 43200 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i ^http\:\/\/www\.kompas\.com\/ 0 0% 0

# detik
refresh_pattern -i ^http\:\/\/www\.detik\.com\/.*\.(gif|jpe?g|ico|png|swf|js|css|bmp) 1440 99% 1440 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i ^http\:\/\/detik\.net\.id\/.*\.(gif|jpe?g|ico|png|swf|js|css|bmp) 1440 99% 1440 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i ^http\:\/\/images\.detik\.com\/.*\.(gif|jpe?g|ico|png|swf|js|css|bmp) 1440 99% 1440 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i ^http\:\/\/openx\.detik\.com\/.*\.(gif|jpe?g|ico|png|swf|js|css|bmp) 1440 99% 1440 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.detik\.com\/.*\.(gif|jpe?g|ico|png|swf|js|css|bmp) 1440 99% 1440 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i ^http\:\/\/www\.mytrans\.com\/.*\.(gif|jpe?g|ico|png|swf|js|css|bmp) 43200 99% 43200 ignore-no-store ignore-must-revalidate ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i ^http\:\/\/[a-z][a-z]{0,1}\.serving\-sys\.com\/.*\.(gif|jpe?g|ico|png|swf|js|css|bmp) 43200 99% 43200 ignore-no-store ignore-must-revalidate ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i ^http\:\/\/adsbox\.detik\.com\/.*\.(gif|jpe?g|ico|png|swf|js|css|bmp) 1440 99% 1440 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i ^http\:\/\/pagead[1-9]\.googlesyndication\.com\/.*\.(gif|jpe?g|ico|png|swf|js|css|bmp) 1440 99% 1440 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i ^http\:\/\/www\.detik\.com\/ 0 0% 0

# 4Shared
refresh_pattern -i ^http\:\/\/static\.4shared\.com\/.*\.(jpe?g|swf|png|ico|css|js|gif|wmv|avi|mp3|mp4|3gp|flv) 43200 99% 43200 ignore-reload reload-into-ims ignore-must-revalidate store-stale
refresh_pattern -i ^http\:\/\/www\.4shared\.com\/ 0 0% 0

# Bhinneka
refresh_pattern -i ^http\:\/\/www\.bhinneka\.com\/.*\.(jpe?g|png|bmp|ico|gif|swf|js|css) 43200 99% 43200 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i ^http\:\/\/s[1-9]\.bmdstatic\.com\/.*\.(jpe?g|bmp|ico|gif|png|css|js|swf) 43200 99% 43200 ignore-no-store ignore-private ignore-reload override-expire override-lastmod reload-into-ims store-stale


######################
# MANGA and korean sites
######################
refresh_pattern -i ^http\:\/\/www\.epdrama\.com\/.*\.(gif|jpe?g|png|swf|js|css|bmp) 43200 99% 43200 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i (.*)?animeshippunden\.com\/.*\.(png|jpe?g|bmp|gif|txt|js|css) 43200 99% 129600 ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i (.*)?mangacanblog\.com\/.*\.(png|jpe?g|bmp|gif|txt|js|css) 43200 99% 129600 ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i ^http\:\/\/i.*\.photobucket\.com\/.*\.(gif|bmp|jpe?g|png|swf|js|css) 43200 99% 43200 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i http\:\/\/i[1-9]\.ytimg\.com\/.*\.(png|jpe?g|bmp|giff?|swf|js|css) 43200 99% 129600 ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i ^http\:\/\/\w{1}\.ytimg\.com\/.*\.(png|jpe?g|bmp|giff?|swf|js|css) 43200 99% 129600 ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i ^http\:\/\/klimg\.com\/.*\.(jpe?g|swf|png|bmp|ico|gif|txt|css|js) 64800 99% 64800 ignore-reload reload-into-ims store-stale

######################
# All Files
######################
refresh_pattern -i \.(exe|bin|(n|t)ar|acv|(r|j)ar|t?gz|(g|b)z(ip)?2?|7?z(ip)?|patch|diff|vpu|inc|r(a|p)m|kom|iso|sys|dat|msi|cab|dvr-ms|ace|asx|qt|xt)$ 43200 99% 43200 ignore-no-store ignore-must-revalidate override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(ico(.*)?|pn[pg]|css|(g|t)iff?|jpe?g(2|3|4)?|psd|c(d|b)r|cad|bmp)$ 43200 99% 43200 ignore-no-store ignore-must-revalidate override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(webm|(x-)?swf|mp(eg)?(3|4)|mpe?g(av)?|(x-)?f(l|4)v|divx?|rmvb?|mov|trp|ts|avi|wmv|wmp|m4v|mkv|asf|dv|vob|3gp?2?)$ 43200 99% 43200 ignore-no-store ignore-must-revalidate override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(m4a|aa?c3?|wm?av?|og(x|v|a|g)|ape|mka|au|aiff|flac|m4(b|r)|m1v|m2(v|p)|mo(d|v)|arj|lha|lzh|on2)$ 43200 99% 43200 ignore-no-store ignore-must-revalidate override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(docx?|xlsx?|pptx?|rtf|pdf|tiff?|txt)$ 43200 99% 43200 ignore-no-store ignore-must-revalidate override-lastmod reload-into-ims store-stale
refresh_pattern -i \.index.(html|htm)$ 0 40% 10080
refresh_pattern -i \.(css|js)$ 1440 40% 43200
refresh_pattern -i \.htm$ 720 40% 1440
refresh_pattern -i \.html$ 720 40% 1440

# DONT MODIFY THESE LINES
refresh_pattern \^ftp:           	1440   20%     10080
refresh_pattern \^gopher:        	1440   0%      1440
refresh_pattern -i (/cgi-bin/|\?) 	0     	0%      0
refresh_pattern .               	0      20%     4320

# END OF REFRESH PATTERN 
######################

# DNS
############
dns_nameservers 127.0.0.1
hosts_file /etc/hosts

# Administrative
############
cache_effective_user proxy
cache_effective_group proxy
cache_mgr Dhananjaya
cachemgr_passwd none all
visible_hostname Dhananjaya

### end of config
[/spoiler]


User avatar
Ninja_Proxy
Posts: 3
Joined: 02 Dec 2013, 19:09
Location: Serui, Indonesia
Contact:

Post by Ninja_Proxy » 06 Dec 2013, 01:38

saat ketik perintah ini

root@proxyku:~# squid -N -d 1 -D

malah yang muncul

2013/12/06 03:34:10| WARNING: '.download.exe' is a subdomain of '.download.exe'
2013/12/06 03:34:10| WARNING: because of this '.download.exe' is ignored to keep splay tree searching predictable
2013/12/06 03:34:10| WARNING: You should probably remove '.download.exe' from th e ACL named 'blockweb'
2013/12/06 03:34:10| Starting Squid Cache version LUSCA_HEAD-r14809 for x86_64-u nknown-linux-gnu...
2013/12/06 03:34:10| Process ID 1981
2013/12/06 03:34:10| NOTICE: Could not increase the number of filedescriptors
2013/12/06 03:34:10| With 1024 file descriptors available
2013/12/06 03:34:10| Using epoll for the IO loop
2013/12/06 03:34:10| Adding nameserver 8.8.8.8 from squid.conf
2013/12/06 03:34:10| Adding nameserver 8.8.4.4 from squid.conf
2013/12/06 03:34:10| Adding nameserver 10.10.10.1 from squid.conf
2013/12/06 03:34:10| helperOpenServers: Starting 30 'hikmah-teknologi.com' proce sses
2013/12/06 03:34:10| logfileOpen: opening log /var/log/squid/access.log
2013/12/06 03:34:10| Swap maxSize 204800000 + 131072 KB, estimated 15763928 obje cts
2013/12/06 03:34:10| Target number of buckets: 788196
2013/12/06 03:34:10| Using 1048576 Store buckets
2013/12/06 03:34:10| Max Mem size: 131072 KB
2013/12/06 03:34:10| Max Swap size: 204800000 KB
2013/12/06 03:34:10| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2013/12/06 03:34:10| Store logging disabled
2013/12/06 03:34:10| AUFS: /cache1: log '/cache1/swap.state' opened on FD 40
2013/12/06 03:34:10| AUFS: /cache1: tmp log /cache1/swap.state.new opened on FD 40
2013/12/06 03:34:10| Rebuilding storage in /cache1 (DIRTY)
2013/12/06 03:34:10| AUFS: /cache2: log '/cache2/swap.state' opened on FD 42
2013/12/06 03:34:10| AUFS: /cache2: tmp log /cache2/swap.state.new opened on FD 42
2013/12/06 03:34:10| Rebuilding storage in /cache2 (DIRTY)
2013/12/06 03:34:10| AUFS: /cache3: log '/cache3/swap.state' opened on FD 44
2013/12/06 03:34:10| AUFS: /cache3: tmp log /cache3/swap.state.new opened on FD 44
2013/12/06 03:34:10| Rebuilding storage in /cache3 (DIRTY)
2013/12/06 03:34:10| AUFS: /cache4: log '/cache4/swap.state' opened on FD 46
2013/12/06 03:34:10| AUFS: /cache4: tmp log /cache4/swap.state.new opened on FD 46
2013/12/06 03:34:10| Rebuilding storage in /cache4 (DIRTY)
2013/12/06 03:34:10| AUFS: /cache5: log '/cache5/swap.state' opened on FD 48
2013/12/06 03:34:10| AUFS: /cache5: tmp log /cache5/swap.state.new opened on FD 48
2013/12/06 03:34:10| Rebuilding storage in /cache5 (DIRTY)
2013/12/06 03:34:10| Using Least Load store dir selection
2013/12/06 03:34:10| Current Directory is /root
2013/12/06 03:34:10| Loaded Icons.
2013/12/06 03:34:10| Accepting transparently proxied HTTP connections at 0.0.0.0 , port 3128, FD 50.
2013/12/06 03:34:10| Accepting ICP messages at 0.0.0.0, port 3130, FD 51.
2013/12/06 03:34:10| Accepting HTCP messages on port 4827, FD 52.
2013/12/06 03:34:10| Accepting SNMP messages on port 3401, FD 53.
2013/12/06 03:34:10| WCCP Disabled.
2013/12/06 03:34:10| Ready to serve requests.
2013/12/06 03:34:10| WARNING: store_rewriter #1 (FD 7) exited
2013/12/06 03:34:10| WARNING: store_rewriter #2 (FD 8) exited
2013/12/06 03:34:10| WARNING: store_rewriter #3 (FD 9) exited
2013/12/06 03:34:10| WARNING: store_rewriter #4 (FD 10) exited
2013/12/06 03:34:10| WARNING: store_rewriter #5 (FD 11) exited
2013/12/06 03:34:10| WARNING: store_rewriter #6 (FD 12) exited
2013/12/06 03:34:10| WARNING: store_rewriter #7 (FD 13) exited
2013/12/06 03:34:10| WARNING: store_rewriter #8 (FD 14) exited
2013/12/06 03:34:10| WARNING: store_rewriter #9 (FD 15) exited
2013/12/06 03:34:10| WARNING: store_rewriter #10 (FD 16) exited
2013/12/06 03:34:10| WARNING: store_rewriter #11 (FD 17) exited
2013/12/06 03:34:10| WARNING: store_rewriter #12 (FD 18) exited
2013/12/06 03:34:10| WARNING: store_rewriter #13 (FD 19) exited
2013/12/06 03:34:10| WARNING: store_rewriter #14 (FD 20) exited
2013/12/06 03:34:10| WARNING: store_rewriter #15 (FD 21) exited
2013/12/06 03:34:10| Too few store_rewriter processes are running
FATAL: The store_rewriter helpers are crashing too rapidly, need help!

Aborted (core dumped)


User avatar
ockie
Posts: 5
Joined: 18 May 2010, 15:48
Location: tangerang, indonesia
Contact:

Post by ockie » 07 Dec 2013, 20:38

mas mau tanya letak file error directory squid3 ubuntu 12.04 dmn yah,buat tampilan user mau di rubah tapi nggk nemu" makasih mastah..


User avatar
ockie
Posts: 5
Joined: 18 May 2010, 15:48
Location: tangerang, indonesia
Contact:

Post by ockie » 10 Dec 2013, 15:10

gan mau tanya nih, kira" untuk diskusi squid dmn yah ??

boleh minta link nya baru mencoba buat squid di ubuntu.

terima Kasih.


User avatar
nif
Posts: 2818
Joined: 31 Mar 2011, 07:48

Post by nif » 10 Dec 2013, 20:56

ockie wrote:gan mau tanya nih, kira" untuk diskusi squid dmn yah ??

boleh minta link nya baru mencoba buat squid di ubuntu.

terima Kasih.
coba baca trit ini om;
http://ubuntu-indonesia.com/forums/ubbt ... s/129656/1

udah sampai hampir 2000 posting saat ini.
kalo bisa selesai baca sebelum 2014, hebat :grin:


User avatar
hidden_net
Posts: 20
Joined: 20 Mar 2013, 00:27

Post by hidden_net » 20 Dec 2013, 11:57

(Ask)gmna cra running otomatis ubuntu server 12.04


User avatar
ockie
Posts: 5
Joined: 18 May 2010, 15:48
Location: tangerang, indonesia
Contact:

Post by ockie » 08 Jan 2014, 12:53

aduuuh itu kebanyakan om...

gmn yah..
masih bingung,kl itu kan udh super duper squid nya..


User avatar
JuldianTan
Posts: 45
Joined: 25 Mar 2013, 04:07
Location: Palembang, Indonesia
Contact:

Post by JuldianTan » 11 Jan 2014, 01:13

Panduan Squid 3 HTTPS

[spoiler]Squid 3.4.0.2 HTTPS Mode Intercept
==================================
ubuntu 13.04 posisi ready

[font:Courier New]apt-get -y update && apt-get -y upgrade
apt-get install -y devscripts build-essential openssl libssl-dev fakeroot libcppunit-dev libsasl2-dev cdbs ccze acpid libtool
wget http://www.squid-cache.org/Versions/v3/ ... 0.2.tar.gz
tar zxvf squid-3.4.0.2.tar.gz && cd squid-3.4.0.2
nano bootstrap.sh[/font]
ubah line 166 'ed' menjadi 'sed'
[font:Courier New]
touch SPONSORS.list
./bootstrap.sh[/font]
Bila sukses maka pesannya sebagai berikut :
[font:Courier New]automake (1.11.1) : automake
autoconf (2.63) : autoconf
libtool (2.2.6b) : libtool
libtool path : /usr/bin
Bootstrapping
Fixing configure recursion
Autotool bootstrapping complete.

cat /proc/cpuinfo[/font]
http://en.gentoo-wiki.com/wiki/Safe_Cflags/AMD
http://en.gentoo-wiki.com/wiki/Safe_Cflags/Intel
http://www.gentoo-wiki.info/Safe_Cflags

[font:Courier New]CHOST="x86_64-pc-linux-gnu" CFLAGS="-march=nocona -O2 -pipe" CXXFLAGS="${CFLAGS}" \
./configure --prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin \
--libexecdir=/usr/lib/squid --sysconfdir=/etc/squid --localstatedir=/var \
--libdir=/usr/lib --includedir=/usr/include --datadir=/usr/share/squid \
--infodir=/usr/share/info --mandir=/usr/share/man --disable-dependency-tracking \
--enable-storeio=ufs,aufs,diskd --enable-removal-policies=lru,heap --enable-icmp \
--enable-esi --enable-icap-client --disable-wccp --disable-wccpv2 \
--enable-kill-parent-hack --enable-cachemgr-hostname=TProxy --enable-ssl \
--enable-cache-digests --enable-linux-netfilter --enable-follow-x-forwarded-for \
--enable-x-accelerator-vary --enable-zph-qos --with-default-user=proxy \
--with-logdir=/var/log/squid --with-pidfile=/var/run/squid.pid --with-large-files \
--enable-ltdl-convenience --with-filedescriptors=65536 --enable-ssl-crtd \
--disable-auth --build=i486-linux-gnu build_alias=i486-linux-gnu --enable-icap-client

make && make install

useradd squid -d /var/spool/squid
mkdir /var/spool/squid && chmod 777 /var/spool/squid && chown -Rf squid:squid /var/spool/squid

nano /etc/passwd, ubah id squid menjadi:
squid:x:500:500::/var/spool/squid:/usr/sbin/nologin

cd /etc/squid
mkdir /etc/squid/ssl_cert && chmod 777 /etc/squid/ssl_cert && chown -Rf squid:squid /etc/squid/ssl_cert

cd /etc/squid/ssl_cert/
openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout myCA.pem -out myCA.pem
openssl x509 -in myCA.pem -outform DER -out myCA.der[/font]

import myCA.der ke browser

[font:Courier New]cd /etc/squid
/usr/lib/squid/ssl_crtd -c -s /etc/squid/ssl_db
chmod 777 /etc/squid/ssl_db && chown -Rf squid:squid /etc/squid/ssl_db[/font]

Copy squid.conf dan store-id.pl kedalam folder /etc/squid
[font:Courier New]chown -Rf squid:squid store-id.pl && chmod 777 store-id.pl && chown -Rf squid:squid /var/log/squid[/font]

edit squid.conf, cek squid.conf apakah ada error atau tidak kemudian copy startup squid kedalam /etc/init.d
[font:Courier New]squid -k parse
squid -f /etc/squid/squid.conf -z
chmod +x /etc/init.d/squid
chkconfig --level 345 squid on[/font] atau [font:Courier New]update-rc.d squid defaults[/font]

[font:Courier New]nano /etc/rc.local[/font], tambahkan baris berikut
[font:Courier New]/sbin/iptables -t nat -A PREROUTING -s 192.168.20.0/26 ! -d 192.168.0.0/16 -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.20.13:3127
/sbin/iptables -t nat -A PREROUTING -s 192.168.20.0/26 ! -d 192.168.0.0/16 -i eth0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.20.13:3129
echo 1024 65535 > /proc/sys/net/ipv4/ip_local_port_range
ulimit -HSn 65535
exit 1

reboot
ps ax | grep squid
tail -f /var/log/squid/access.log | ccze -A -C -o noscroll[/font]

squid.conf
----------
http_port 172.16.197.1:3127 intercept
https_port 172.16.197.1:3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=16MB cert=/etc/squid/ssl_cert/myCA.pem
http_port 127.0.0.1:3128[/spoiler]

access.log
[spoiler]1388780615.350 0 192.168.20.1 TCP_IMS_HIT/304 268 GET https://fbstatic-a.akamaihd.net/rsrc.ph ... 52wtTZ.png - HIER_NONE/- image/png
1388780615.362 0 192.168.20.1 TCP_IMS_HIT/304 268 GET https://fbstatic-a.akamaihd.net/rsrc.ph ... Qi2ZPB.png - HIER_NONE/- image/png
1388780615.405 0 192.168.20.1 TCP_IMS_HIT/304 268 GET https://fbstatic-a.akamaihd.net/rsrc.ph ... wuI-UM.gif - HIER_NONE/- image/gif
1388780944.613 0 192.168.20.1 TCP_IMS_HIT/304 310 GET https://ibank.klikbca.com/images/exseal ... 8be6274595 - HIER_NONE/- image/gif
1388780944.976 0 192.168.20.1 TCP_IMS_HIT/304 310 GET https://ibank.klikbca.com/images/keaman ... e6a6a94438 - HIER_NONE/- image/gif
1388780944.983 1 192.168.20.1 TCP_IMS_HIT/304 310 GET https://ibank.klikbca.com/images/logo_t ... 9ca7f10e99 - HIER_NONE/- image/gif
1388780944.988 1 192.168.20.1 TCP_IMS_HIT/304 310 GET https://ibank.klikbca.com/images/LOGO_T ... f2d799d590 - HIER_NONE/- image/gif
1388780944.988 1 192.168.20.1 TCP_IMS_HIT/304 311 GET https://ibank.klikbca.com/images/LOGO_T ... 9425654ce2 - HIER_NONE/- image/jpeg
1388780944.999 0 192.168.20.1 TCP_IMS_HIT/304 310 GET https://ibank.klikbca.com/images/logo_t ... 7c60527610 - HIER_NONE/- image/gif
1388780945.024 0 192.168.20.1 TCP_IMS_HIT/304 310 GET https://ibank.klikbca.com/images/spacer ... a9eb84de3e - HIER_NONE/- image/gif
1388780945.335 0 192.168.20.1 TCP_IMS_HIT/304 310 GET https://ibank.klikbca.com/images/logo_top_back.gif - HIER_NONE/- image/gif
1388780945.344 0 192.168.20.1 TCP_IMS_HIT/304 310 GET https://ibank.klikbca.com/images/bottom ... b0df139017 - HIER_NONE/- image/gif
1388780945.344 0 192.168.20.1 TCP_IMS_HIT/304 310 GET https://ibank.klikbca.com/images/bca_lo ... 9eee184728 - HIER_NONE/- image/gif
1389282458.946 110 192.168.20.1 TCP_HIT/200 24593 GET https://cdn-dd1.wooga.com/assets/Diamon ... cf2968.swf - HIER_NONE/- application/x-shockwave-flash
1389282465.711 174 192.168.20.1 TCP_HIT/200 2211 GET https://cdn-ml.wooga.com/8058CE/ml-orig ... .6657A.png - HIER_NONE/- image/png
1389282466.085 5 192.168.20.1 TCP_HIT/200 704 GET http://graph.facebook.com/crossdomain.xml - HIER_NONE/- application/xml
1389282475.276 23 192.168.20.1 TCP_HIT/200 1197 GET https://cdn-mkt.wooga.com/tabs/badge-new.png - HIER_NONE/- image/png
1389282475.276 11 192.168.20.1 TCP_HIT/200 2081 GET https://cdn-mkt.wooga.com/tabs/js-icon-40.png - HIER_NONE/- image/png
1389282475.276 9 192.168.20.1 TCP_HIT/200 2623 GET https://cdn-mkt.wooga.com/tabs/dd-icon-40.png - HIER_NONE/- image/png
1389282475.276 8 192.168.20.1 TCP_HIT/200 938 GET https://cdn-mkt.wooga.com/tabs/wooga-symbol-small.png - HIER_NONE/- image/png
1389282475.276 8 192.168.20.1 TCP_HIT/200 1727 GET https://cdn-mkt.wooga.com/tabs/pp-icon-40.png - HIER_NONE/- image/png
1389282475.286 16 192.168.20.1 TCP_HIT/200 2071 GET https://cdn-mkt.wooga.com/tabs/mw-icon-40.png - HIER_NONE/- image/png
1389282475.410 8 192.168.20.1 TCP_HIT/200 2554 GET https://cdn-mkt.wooga.com/tabs/bi-icon-40.png - HIER_NONE/- image/png
1389282475.418 7 192.168.20.1 TCP_HIT/200 1706 GET https://cdn-mkt.wooga.com/tabs/ff-rose-40.png - HIER_NONE/- image/png
1389282475.421 6 192.168.20.1 TCP_HIT/200 1860 GET https://cdn-mkt.wooga.com/tabs/kb-sword-40.png - HIER_NONE/- image/png
1389282475.425 4 192.168.20.1 TCP_HIT/200 2900 GET https://cdn-mkt.wooga.com/tabs/tabs-sprite.png - HIER_NONE/- image/png
1389282475.506 47 192.168.20.1 TCP_HIT/200 236145 GET https://cdn-dd1.wooga.com/assets/assets ... a687b8.swf - HIER_NONE/- applicat$
1389282475.735 6 192.168.20.1 TCP_HIT/200 30684 GET https://cdn-dd1.wooga.com/assets/assets ... f19648.swf - HIER_NONE/- applic$
1389282475.940 4 192.168.20.1 TCP_HIT/200 20586 GET https://cdn-dd1.wooga.com/assets/assets ... 09eebf.swf - HIER_NONE/- applicati$
1389282476.126 5 192.168.20.1 TCP_HIT/200 23944 GET https://cdn-dd1.wooga.com/assets/assets ... fe5f1a.swf - HIER_NONE/- applicatio$
1389282476.319 9 192.168.20.1 TCP_HIT/200 40115 GET https://cdn-dd1.wooga.com/assets/assets ... 1cb8aa.swf - HIER_NONE/- applic$
1389282476.559 64 192.168.20.1 TCP_HIT/200 173017 GET https://cdn-dd1.wooga.com/assets/assets ... ac3629.swf - HIER_NONE/- applicat$
1389282476.764 12 192.168.20.1 TCP_HIT/200 111089 GET https://cdn-dd1.wooga.com/assets/assets ... 0c172d.swf - HIER_NONE/- applicatio$
1389282476.955 15 192.168.20.1 TCP_HIT/200 107095 GET https://cdn-dd1.wooga.com/assets/assets ... 531830.swf - HIER_NONE/- applica$
1389282477.166 5 192.168.20.1 TCP_HIT/200 36079 GET https://cdn-dd1.wooga.com/assets/assets ... 70d0fc.swf - HIER_NONE/- applica$
1389282477.782 84 192.168.20.1 TCP_HIT/200 647126 GET https://cdn-dd1.wooga.com/assets/SoundL ... c43561.swf - HIER_NONE/- application/x-shockwave-$
1389283260.385 26 192.168.20.1 TCP_HIT/200 238046 GET http://r4---sn-apou5n5gu5-jb3e.googlevi ... =3393549&c$
1389283261.457 99 192.168.20.1 TCP_HIT/200 1139167 GET http://r4---sn-apou5n5gu5-jb3e.googlevi ... n=15977172$
1389283275.364 22 192.168.20.1 TCP_HIT/200 238046 GET http://r4---sn-apou5n5gu5-jb3e.googlevi ... =3393549&c$
1389283276.445 107 192.168.20.1 TCP_HIT/200 1139167 GET http://r4---sn-apou5n5gu5-jb3e.googlevi ... n=15977172$
1389283320.114 25 192.168.20.1 TCP_HIT/200 238046 GET http://r4---sn-apou5n5gu5-jb3e.googlevi ... =3393549&c$
1389283321.582 100 192.168.20.1 TCP_HIT/200 1139167 GET http://r4---sn-apou5n5gu5-jb3e.googlevi ... n=15977172$
1389283335.091 21 192.168.20.1 TCP_HIT/200 238046 GET http://r4---sn-apou5n5gu5-jb3e.googlevi ... =3393549&c$
1389283336.779 115 192.168.20.1 TCP_HIT/200 1139167 GET http://r4---sn-apou5n5gu5-jb3e.googlevi ... n=15977172$[/spoiler]

squid.conf dan store-id.pl pakai punya mas SJW

ip proxy: 192.168.20.13

settingan di mikrotik
/ip firewall mangle
add action=mark-routing chain=prerouting dst-address=!192.168.0.0/16 dst-port=80 new-routing-mark=squid3 src-address=192.168.1.0/24
add action=mark-routing chain=prerouting dst-address=!192.168.0.0/16 dst-port=443 new-routing-mark=squid3 src-address=192.168.1.0/24

/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.20.13 \
routing-mark=squid3 scope=30 target-scope=10


User avatar
finaliscom
Posts: 3
Joined: 09 Dec 2011, 00:25

Post by finaliscom » 14 Jan 2014, 18:47

untuk squid.conf dan store-id.pl punya mas SJW dimana??

gelar sekalian di sini. biar ga muter2 lagi nyari nya. Biar fokus nya d tread ini


User avatar
JuldianTan
Posts: 45
Joined: 25 Mar 2013, 04:07
Location: Palembang, Indonesia
Contact:

Post by JuldianTan » 14 Jan 2014, 23:25

store-id.pl
[spoiler][sql]
#!/usr/bin/perl
# ISI DARI STORE-ID DIBAWAH INI DARI SHUDY
# SHUDYLAH BERBAGI ILMU :3
# ucok_karnadi(at)yahoo.com or https://twitter.com/syaifuddin_jw

# send link from youtube contain >> (ptracking|stream_204|player_204|gen_204) to storeurl


$|=1;
while () {
@X = split;

if ( $X[0] =~ m/^https?:\/\/.*/) {
$x = $X[0];
$_ = $X[0];
$u = $X[0];
} else {
$x = $X[1];
$_ = $X[1];
$u = $X[1];
}

if ($x =~ m/^http(|s)\:\/\/.*youtube.*(ptracking|stream_204|player_204|gen_204).*(video_id|docid|v)\=([^\&\s]*).*/){
$vid = $4 ;
@cpn = m/[&?]cpn\=([^\&\s]*)/;
$fn = "/var/log/squid/@cpn";
unless (-e $fn) {
open FH,">".$fn ;
print FH "$vid\n";
close FH;
}
$out = $x . "\n";

} elsif ($x =~ m/^http\:\/\/.*(youtube|google).*videoplayback.*/){
@itag = m/[&?](itag=[0-9]*)/;
@ids = m/[&?]id\=([^\&\s]*)/;
@mime = m/[&?](mime\=[^\&\s]*)/;
@cpn = m/[&?]cpn\=([^\&\s]*)/;
if (defined($cpn[0])) {
$fn = "/var/log/squid/@cpn";
if (-e $fn) {
open FH,";
chomp $id ;
close FH ;
} else {
$id = $ids[0] ;
}
} else {
$id = $ids[0] ;
}
@range = m/[&?](range=[^\&\s]*)/;
$out = "http://video-srv.youtube.com.SQUIDINTERNAL/id=" . $id . "&@itag@range@mime";

} elsif ($x =~ m/^http\:\/\/.*(profile|photo|creative).*\.ak\.fbcdn\.net\/((h|)(profile|photos)-ak-)(snc|ash|prn)[0-9]?(.*)/) {
$out="http://fbcdn.net.SQUIDINTERNAL/" . $2 . "fb" . $6 ;

} elsif ($x =~ m/^https?:\/\/.*(profile|photo|creative)*.akamaihd\.net\/((h|)(profile|photos|ads)-ak-)(snc|ash|prn|frc[0-9])[0-9]?(.*)/) {
$out="http://akamaihd.net.SQUIDINTERNAL/" . $2 . $5 . $6 ;

} elsif ($x =~ m/^http:\/\/i[1-4]\.ytimg\.com\/(.*)/) {
$out="http://ytimg.com.SQUIDINTERNAL/" . $1 ;

} elsif ($x =~ m/^http:\/\/.*\.dl\.sourceforge\.net\/(.*)/) {
$out="http://dl.sourceforge.net.SQUIDINTERNAL/" . $1 ;

} elsif ($x =~ m/^https?:\/\/zynga[1-9]?-a.(akamaihd.net.*)/) {
$out="http://zynga-akamaihd.net.SQUIDINTERNAL/" . $1 ;

#Speedtest
} elsif ($x =~ m/^http\:\/\/.*\/speedtest\/(.*\.(jpg|txt)).*/) {
$out="http://speedtest.net.SQUIDINTERNAL/" . $1 ;

#BLOGSPOT
} elsif ($x =~ m/^http:\/\/[1-4]\.bp\.(blogspot\.com.*)/) {
$out="http://blog-cdn." . $1 ;

#AVAST
} elsif ($x =~ m/^http:\/\/download[0-9]{3}.(avast.com.*)/) {
$out="http://avast-cdn." . $1 ;

#AVAST
} elsif ($x =~ m/^http:\/\/[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\/(iavs.*)/) {
$out="http://avast-cdn.avast.com/" . $1 ;

#KAV
} elsif ($x =~ m/^http:\/\/dnl-[0-9]{2}.(geo.kaspersky.com.*)/) {
$out="http://kav-cdn." . $1 ;

#AVG
} elsif ($x =~ m/^http:\/\/update.avg.com/) {
$out="http://avg-cdn." . $1 ;

#maps.google.com
} elsif ($x =~ m/^http:\/\/(cbk|mt|khm|mlt|tbn)[0-9]?(.google\.co(m|\.uk|\.id).*)/) {
$out="http://" . $1 . $2 ;

#gstatic and/or wikimapia
} elsif ($x =~ m/^http:\/\/([a-z])[0-9]?(\.gstatic\.com.*|\.wikimapia\.org.*)/) {
$out="http://" . $1 . $2 ;

#maps.google.com
} elsif ($x =~ m/^http:\/\/(khm|mt)[0-9]?(.google.com.*)/) {
$out="http://" . $1 . $2 ;

#Google
} elsif ($x =~ m/^http:\/\/www\.google-analytics\.com\/__utm\.gif\?.*/) {
$out="http://www.google-analytics.com/__utm.gif\n";

} elsif ($x =~ m/^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*?)/) {
$out="http://" . $1 ;

#cdn, varialble 1st path
} elsif (($x =~ /filehippo/) && (m/^http:\/\/(.*?)\.(.*?)\/(.*?)\/(.*)\.([a-z0-9]{3,4})(\?.*)?/)) {
@y = ($1,$2,$4,$5);
$y[0] =~ s/[a-z0-9]{2,5}/cdn./;
$out="http://" . $y[0] . $y[1] . "/" . $y[2] . "." . $y[3] ;

#rapidshare
} elsif (($x =~ /rapidshare/) && (m/^http:\/\/(([A-Za-z]+[0-9-.]+)*?)([a-z]*\.[^\/]{3}\/[a-z]*\/[0-9]*)\/(.*?)\/([^\/\?\&]{4,})$/)) {
$out="http://cdn." . $3 . "/squid.internal/" . $5 ;

#for yimg.com video
} elsif ($x =~ m/^http:\/\/(.*yimg.com)\/\/(.*)\/([^\/\?\&]*\/[^\/\?\&]*\.[^\/\?\&]{3,4})(\?.*)?$/) {
$out="http://cdn.yimg.com/" . $3 ;

#for yimg.com doubled
} elsif ($x =~ m/^http:\/\/(.*?)\.yimg\.com\/(.*?)\.yimg\.com\/(.*?)\?(.*)/) {
$out="http://cdn.yimg.com/" . $3 ;

#for yimg.com with &sig=
} elsif ($x =~ m/^http:\/\/([^\.]*)\.yimg\.com\/(.*)/) {
@y = ($1,$2);
$y[0] =~ s/[a-z]+([0-9]+)?/cdn/;
$y[1] =~ s/&sig=.*//;
$out="http://" . $y[0] . ".yimg.com/" . $y[1] ;

} else {
$out=$x;

}
if ( $X[0] =~ m/^https?:\/\/.*/) {
print "OK store-id=$out\n" ;
} else {
print $X[0] . " OK store-id=$out\n" ;
}
}
[/sql][/spoiler]

squid.conf
[spoiler][sql]
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

acl QUERY urlpath_regex -i (begin|start)\=
acl QUERY urlpath_regex -i cgi-bin \? .php$ .asp$ .shtml$ .cfm$ .cfml$ .phtml$ .php3$ localhost
acl dontrewrite url_regex -i c\.youtube\.com\/.*(begin|start)\=.*
acl dontrewrite url_regex redbot\.org
acl getmethod method GET
acl redir urlpath_regex -i &redirect_counter=1&cms_redirect=yes
acl redir urlpath_regex -i &ir=1&rr=12
acl yutub url_regex -i youtube\.com\/(generate_204|ptracking|stream_204|player_204|s|(.*(playback|watchtime|delayplay)))\?.*$
acl yutub url_regex -i gstatic\.com\/csi\?.*$

acl rewritedoms url_regex -i dl\.sourceforge\.net.*
acl rewritedoms url_regex -i i[0-9]*\.ytimg\.com.*
acl rewritedoms url_regex -i ak\.fbcdn\.net.*
acl rewritedoms url_regex -i (youtube|google).*\/videoplayback\?.*

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all

### untuk pertama kali config jalankan perintah berikut "/usr/lib/squid3/ssl_crtd -c -s /etc/squid3/ssl_db"
#https_port 3127 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/myCA.pem
#http_port 3128
#http_port 3129 tproxy
http_port 172.16.197.1:3127 intercept
https_port 172.16.197.1:3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=16MB cert=/etc/squid/ssl_cert/myCA.pem
http_port 127.0.0.1:3128
always_direct allow all
ssl_bump server-first all
sslcrtd_program /usr/lib/squid3/ssl_crtd -s /etc/squid3/ssl_db -M 4MB
sslcrtd_children 5
sslproxy_cert_error deny all

hierarchy_stoplist cgi-bin ?

cache allow rewritedoms
cache deny QUERY
cache deny redir

memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_mem 128 MB
maximum_object_size_in_memory 8 KB
minimum_object_size 1 KB
maximum_object_size 1024 MB
cache_swap_low 95
cache_swap_high 99

cache_dir aufs /cache01 5320 12 256 max-size=128000
cache_dir aufs /cache02 5320 12 256 max-size=128000
cache_dir aufs /cache03 87115 10 256 min-size=128000
cache_dir aufs /cache04 87115 10 256 min-size=128000
cache_dir aufs /cache05 87115 10 256 min-size=128000
coredump_dir /var/spool/squid3


#logformat squid1 %{Referer}>h %ru
#access_log /var/log/squid3/yt.log squid1 yutub
access_log /var/log/squid3/access.log
cache_log /var/log/squid3/cache.log
cache_store_log none
logfile_rotate 5
log_icp_queries off

store_id_program /etc/squid3/store-id.pl
store_id_children 20 startup=10 idle=5 concurrency=30
store_id_access deny !getmethod
store_id_access deny redir
store_id_access deny dontrewrite
store_id_access allow rewritedoms
store_id_access deny all

strip_query_terms off

max_stale 1 week

refresh_pattern .*(begin|start)\=[1-9][0-9].* 0 0% 0
refresh_pattern -i (cgi-bin|mrtg|graph) 0 0% 0
refresh_pattern -i \.(php|lst|ui|ini|list)$ 0 0% 0
refresh_pattern (update.ini|Update.ini|version.list|Version.list|update.1st|update.exe|autoup.exe) 0 0% 0
refresh_pattern (hackshield|nprotect) 240 100% 420 override-expire override-lastmod reload-into-ims
#refresh_pattern \.gemscool.com.*\.(exe|dll|cab|zip|iop|npz|swf)$ 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
#refresh_pattern \.crossfire.web.id.*\.(cab|zip|exe|rar|dat|swf)$ 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
#refresh_pattern \.cabalonline.co.id.*\.(cab|zip|exe|rar|dat|swf) 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
#refresh_pattern \.megaxus.com.*\.(cab|zip|exe|rar|dat|swf) 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
#refresh_pattern \.lytogame.com.*\.(cab|zip|exe|rar|dat|swf) 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
#refresh_pattern ((25[0-5]|2[0-4][0-9]|1[0-9]{2}|[0-9]{1,2})\.){3}(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[0-9]{1,2}).*\.(pak|exe|zip|kom|stg|npz|swf)$ 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale

#PATTERN REFRESH
refresh_pattern -i \.(html|htm|css|js|png|jsp|asx|asp|aspx)$ 240 100% 420
refresh_pattern -i \/speedtest\/.*\.(txt|jpg|png|swf) 0 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
refresh_pattern .pixieimage\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
refresh_pattern .blogspot\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
refresh_pattern .multiply\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
refresh_pattern .((pikawarnet\.com)|(blogspot\.com)|(pixieimage\.com)|(multiply\.com)).* 60 30% 240

#sensitive site
refresh_pattern -i \.(sc-|dl-|ex-|mh-|dll|da-) 0 2% 50 reload-into-ims
refresh_pattern -i \.(mst|Xtp|iop)$ 0 50% 1440 reload-into-ims
refresh_pattern -i (index.php|autoup.exe|main.exe|xtrap.xt|autoupgrade.exe|update.exe|grandchase.exe|FSLauncher.exe|FreeStyle_Setup.exe|grandchase.exe|filelist.zip)$ 0 50% 1440
#refresh_pattern -i (UpdaterModifier.exe|FreeStyle.exe|PBLauncher.exe|update.exe|NewLauncher.exe|NewAvalon.exe|hon.exe.zip|cabal.exe)$ 0 50% 1440
#refresh_pattern -i (PointBlank.exe.zip|HSUpdate.exe.zip|PBConfig.exe.zip) 0 50% 1440
refresh_pattern -i (wks_avira-win32-en-pecl.info.gz|wks_avira10-win32-en-pecl.info.gz|servers.def.vpx)$ 0 50% 1440
refresh_pattern -i (setup.exe.gz|avscan.exe.gz|avguard.exe.gz|filelist.zip|AvaClient.exe) 0 50% 1440
refresh_pattern -i (livescore.com|goal.com|bobet) 0 50% 60

#FB
refresh_pattern \.facebook\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private
refresh_pattern \.facebook\.com.* 240 50% 480
refresh_pattern \.fbcdn\.net.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private store-stale
refresh_pattern \.gstatic\.com/images\? 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private ignore-must-revalidate
refresh_pattern \.(akamaihd|edgecastcdn|spilcdn|zgncdn|(tw|y|yt)img)\.com.*\.(jp(e?g|e|2)|gif|png|swf|mp(3|4)) 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private
refresh_pattern (gstatic|diggstatic)\.com/.* 1440 99% 14400 override-expire ignore-reload ignore-private
refresh_pattern (photobucket|pbsrc|flickr|yimg|ytimg|twimg|gravatar)\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private
refresh_pattern (zynga|ninjasaga|mafiawars|cityville|farmville|crowdstar|spilcdn|agame|popcap)\.com/.* 1440 99% 14400 override-expire ignore-reload ignore-private
refresh_pattern ^http:\/\/images|image|img|pics|openx|thumbs[0-9]\. 1440 99% 14400 override-expire ignore-reload ignore-private
refresh_pattern ^.*safebrowsing.*google 1440 99% 14400 override-expire ignore-reload ignore-private ignore-auth ignore-must-revalidate
refresh_pattern ^http://.*\.squid\.internal\/.* 10080 100% 79900 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth max-stale=10000 store-stale
refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv\?|\.fid\?) 43200 99% 43200 override-expire ignore-reload ignore-must-revalidate ignore-private

#ads
refresh_pattern ^.*(streamate.doublepimp.com.*\.js\?|utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 1440 99% 14400 ignore-private override-expire ignore-reload ignore-auth negative-ttl=40320 max-stale=1440
refresh_pattern \.(ico|video-stats) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-auth override-lastmod ignore-must-revalidate
refresh_pattern ^http://((cbk|mt|khm|mlt|tbn)[0-9]?)\.google\.co(m|\.uk|\.id) 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private ignore-auth ignore-must-revalidate
refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 1440 99% 14400 override-expire override-lastmod
refresh_pattern galleries\.video(\?|sz) 1440 99% 14400 override-expire ignore-reload ignore-must-revalidate ignore-private
refresh_pattern \.wikimapia\.org\/? 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private

#general
refresh_pattern -i \.(7z|arj|bin|bz2|cab|dll|exe|gz|inc|iso|jar|lha|ms(i|p|u)|rar|rpm|tar|tgz|zip|rtp|rpz|nui|kom|stg|pak|sup|nzp|npz|iop)$ 1440 99% 14400 override-expire override-lastmod ignore-private reload-into-ims ignore-must-revalidate ignore-reload store-stale
refresh_pattern -i \.(class|doc|docx|pdf|pps|ppt|ppsx|pptx|ps|rtx|txt|wpl|xls|xlsx)$ 1440 99% 14400 override-expire override-lastmod ignore-private reload-into-ims ignore-must-revalidate ignore-reload store-stale
refresh_pattern -i \.(3gp|ac4|agx|au|avi|axd|bmp|cbr|cbt|cbz|dat|divx|flv|gif|hqx|ico|jp(2|e|eg|g)|mid|mk(a|v)|mov|mp(1|2|3|4|e|eg|g)|og(a|g|v)|qt|ra|ram|rm|swf|tif|tiff|wa(v|x)|wm(a|v|x)|x-flv)$ 1440 99% 14400 override-expire override-lastmod ignore-private reload-into-ims ignore-must-revalidate ignore-reload store-stale
refresh_pattern -i .(html|htm|css|js)$ 1440 75% 40320
refresh_pattern -i .index.(html|htm)$ 0 75% 10080
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 60 50% 14400 store-stale


memory_pools off
client_db off
#reload_into_ims on
pipeline_prefetch on
offline_mode off
cache_effective_user proxy
cache_effective_group proxy

request_header_access From deny all
request_header_access Server deny all
request_header_access WWW-Authenticate deny all
request_header_access Link deny all
request_header_access Cache-Control deny all
request_header_access Proxy-Connection deny all
request_header_access X-Cache deny all
request_header_access X-Cache-Lookup deny all
request_header_access Via deny all
request_header_access Forwarded-For deny all
request_header_access X-Forwarded-For deny all
request_header_access Pragma deny all
request_header_access Keep-Alive deny all
vary_ignore_expire on


# local
qos_flows local-hit=0x30
# sibling
# qos_flows sibling-hit=0x31
# parent
# qos_flows parent-hit=0x32
# preserve
# qos_flows disable-preserve-miss
[/sql][/spoiler]

jangan langsung copas, mohon disesuaikan dgn konfigurasi tut diatas


User avatar
finaliscom
Posts: 3
Joined: 09 Dec 2011, 00:25

Post by finaliscom » 15 Jan 2014, 17:13

settingan di mikrotik
/ip firewall mangle
add action=mark-routing chain=prerouting dst-address=!192.168.0.0/16 dst-port=80 new-routing-mark=squid3 src-address=192.168.1.0/24
add action=mark-routing chain=prerouting dst-address=!192.168.0.0/16 dst-port=443 new-routing-mark=squid3 src-address=192.168.1.0/24

tanya mas. ip 192.168.0.0/16 itu range ip apa??
trus 192.168.1.0/24 range ip apa??


User avatar
JuldianTan
Posts: 45
Joined: 25 Mar 2013, 04:07
Location: Palembang, Indonesia
Contact:

Post by JuldianTan » 16 Jan 2014, 01:11

!192.168.0.0/16 = range ip utk bypass network internal
192.168.1.0/24 = range ip lokal / client


User avatar
AbdAziz
Posts: 3
Joined: 11 Jan 2014, 12:30
Location: Bekasi

Post by AbdAziz » 16 Jan 2014, 01:45

malam mas Julian, mo tanya...
topologi

inet
|
mikrotik==client
|
proxy

untuk pengaturannya ip tablenya sama ga dengan dengan tutorial ini?


User avatar
JuldianTan
Posts: 45
Joined: 25 Mar 2013, 04:07
Location: Palembang, Indonesia
Contact:

Post by JuldianTan » 17 Jan 2014, 00:31

susunan di mikrotik:
ether1 = isp iix telkom ( game indonesia )
ether2 = isp equinix indosat ( game international / game web )
ether3 = isp speedy ( khusus browsing )
ether4 = proxy
ether5 = switch / hub

lebih kurang sama dengan susunan diatas
mau di set sejajar client juga bisa


User avatar
dja
Posts: 61
Joined: 06 Nov 2012, 23:43

Post by dja » 17 Jan 2014, 02:37

access.log youtube gimana hasilnya mas?


User avatar
AbdAziz
Posts: 3
Joined: 11 Jan 2014, 12:30
Location: Bekasi

Post by AbdAziz » 17 Jan 2014, 15:03

mohon pencerahan mas juldian
setelah di kasih perintah squid -f /etc/squid/squid.conf -z

2014/01/17 14:49:03 kid1| Set Current Directory to /var/spool/squid
2014/01/17 14:49:03 kid1| Creating missing swap directories
2014/01/17 14:49:03 kid1| /cache exists
2014/01/17 14:49:03 kid1| /cache/00 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/00
2014/01/17 14:49:03 kid1| /cache/01 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/01
2014/01/17 14:49:03 kid1| /cache/02 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/02
2014/01/17 14:49:03 kid1| /cache/03 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/03
2014/01/17 14:49:03 kid1| /cache/04 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/04
2014/01/17 14:49:03 kid1| /cache/05 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/05
2014/01/17 14:49:03 kid1| /cache/06 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/06
2014/01/17 14:49:03 kid1| /cache/07 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/07
2014/01/17 14:49:03 kid1| /cache/08 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/08
2014/01/17 14:49:03 kid1| /cache/09 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/09
2014/01/17 14:49:03 kid1| /cache/0A exists
2014/01/17 14:49:03 kid1| Making directories in /cache/0A
2014/01/17 14:49:03 kid1| /cache/0B exists
2014/01/17 14:49:03 kid1| Making directories in /cache/0B
2014/01/17 14:49:03 kid1| /cache/0C exists
2014/01/17 14:49:03 kid1| Making directories in /cache/0C
2014/01/17 14:49:03 kid1| /cache/0D exists
2014/01/17 14:49:03 kid1| Making directories in /cache/0D
2014/01/17 14:49:03 kid1| /cache/0E exists
2014/01/17 14:49:03 kid1| Making directories in /cache/0E
2014/01/17 14:49:03 kid1| /cache/0F exists
2014/01/17 14:49:03 kid1| Making directories in /cache/0F
2014/01/17 14:49:03 kid1| /cache/10 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/10
2014/01/17 14:49:03 kid1| /cache/11 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/11
2014/01/17 14:49:03 kid1| /cache/12 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/12
2014/01/17 14:49:03 kid1| /cache/13 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/13
2014/01/17 14:49:03 kid1| /cache/14 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/14
2014/01/17 14:49:03 kid1| /cache/15 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/15
2014/01/17 14:49:03 kid1| /cache/16 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/16
2014/01/17 14:49:03 kid1| /cache/17 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/17
2014/01/17 14:49:03 kid1| /cache/18 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/18
2014/01/17 14:49:03 kid1| /cache/19 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/19
2014/01/17 14:49:03 kid1| /cache/1A exists
2014/01/17 14:49:03 kid1| Making directories in /cache/1A
2014/01/17 14:49:03 kid1| /cache/1B exists
2014/01/17 14:49:03 kid1| Making directories in /cache/1B
2014/01/17 14:49:03 kid1| /cache/1C exists
2014/01/17 14:49:03 kid1| Making directories in /cache/1C
2014/01/17 14:49:03 kid1| /cache/1D exists
2014/01/17 14:49:03 kid1| Making directories in /cache/1D
2014/01/17 14:49:03 kid1| /cache/1E exists
2014/01/17 14:49:03 kid1| Making directories in /cache/1E
2014/01/17 14:49:03 kid1| /cache/1F exists
2014/01/17 14:49:03 kid1| Making directories in /cache/1F
2014/01/17 14:49:03 kid1| /cache/20 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/20
2014/01/17 14:49:03 kid1| /cache/21 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/21
2014/01/17 14:49:03 kid1| /cache/22 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/22

stuck pada cache/22 control z pun ga bisa
padahal saya cek direktory /var/spool/squid sudah ada

letak kesalahannya dimana ya?


User avatar
JuldianTan
Posts: 45
Joined: 25 Mar 2013, 04:07
Location: Palembang, Indonesia
Contact:

Post by JuldianTan » 19 Jan 2014, 04:47

chown -Rf proxy:proxy /var/spool/squid
chmod 777 /var/spool/squid

/var/spool/squid -> sesuaikan dengan folder cache anda


User avatar
nggatauah
Posts: 28
Joined: 30 May 2010, 01:06

Post by nggatauah » 27 Feb 2014, 14:06

Selamat siang,
saya tidak tau cara membuat script squid3 init.d
ada yang bisa menyediakan?
terima kasih sebelumnya


User avatar
iyung
Posts: 1
Joined: 03 Dec 2013, 09:33
Location: Indonesia
Contact:

Post by iyung » 03 Mar 2014, 11:46

selamat siang bng
maaf bang mau tanya sedikit tentang game online

gimana cara ngecache update game online seperti PB
menggunakan squid 3x

sebelumnya saya ucapkan terima kasih


User avatar
sandhy
Posts: 43
Joined: 12 Feb 2014, 14:47
Location: Depok, Jawa Barat
Contact:

Post by sandhy » 03 Mar 2014, 12:13

wah keren ini ilmu squid nya para masta,, mantabb.. :)
btw klo configurasi lightsquid nya gimana yaa masta biar si log squid termonitoring ke lightsquid nya..??


User avatar
linux_baby
Posts: 2
Joined: 11 Jun 2013, 07:36
Location: Indonesia

Post by linux_baby » 31 Mar 2014, 10:42

AbdAziz wrote:mohon pencerahan mas juldian
setelah di kasih perintah squid -f /etc/squid/squid.conf -z

2014/01/17 14:49:03 kid1| Set Current Directory to /var/spool/squid
2014/01/17 14:49:03 kid1| Creating missing swap directories
2014/01/17 14:49:03 kid1| /cache exists
2014/01/17 14:49:03 kid1| /cache/00 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/00
2014/01/17 14:49:03 kid1| /cache/01 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/01
2014/01/17 14:49:03 kid1| /cache/02 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/02
2014/01/17 14:49:03 kid1| /cache/03 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/03
2014/01/17 14:49:03 kid1| /cache/04 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/04
2014/01/17 14:49:03 kid1| /cache/05 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/05
2014/01/17 14:49:03 kid1| /cache/06 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/06
2014/01/17 14:49:03 kid1| /cache/07 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/07
2014/01/17 14:49:03 kid1| /cache/08 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/08
2014/01/17 14:49:03 kid1| /cache/09 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/09
2014/01/17 14:49:03 kid1| /cache/0A exists
2014/01/17 14:49:03 kid1| Making directories in /cache/0A
2014/01/17 14:49:03 kid1| /cache/0B exists
2014/01/17 14:49:03 kid1| Making directories in /cache/0B
2014/01/17 14:49:03 kid1| /cache/0C exists
2014/01/17 14:49:03 kid1| Making directories in /cache/0C
2014/01/17 14:49:03 kid1| /cache/0D exists
2014/01/17 14:49:03 kid1| Making directories in /cache/0D
2014/01/17 14:49:03 kid1| /cache/0E exists
2014/01/17 14:49:03 kid1| Making directories in /cache/0E
2014/01/17 14:49:03 kid1| /cache/0F exists
2014/01/17 14:49:03 kid1| Making directories in /cache/0F
2014/01/17 14:49:03 kid1| /cache/10 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/10
2014/01/17 14:49:03 kid1| /cache/11 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/11
2014/01/17 14:49:03 kid1| /cache/12 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/12
2014/01/17 14:49:03 kid1| /cache/13 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/13
2014/01/17 14:49:03 kid1| /cache/14 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/14
2014/01/17 14:49:03 kid1| /cache/15 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/15
2014/01/17 14:49:03 kid1| /cache/16 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/16
2014/01/17 14:49:03 kid1| /cache/17 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/17
2014/01/17 14:49:03 kid1| /cache/18 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/18
2014/01/17 14:49:03 kid1| /cache/19 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/19
2014/01/17 14:49:03 kid1| /cache/1A exists
2014/01/17 14:49:03 kid1| Making directories in /cache/1A
2014/01/17 14:49:03 kid1| /cache/1B exists
2014/01/17 14:49:03 kid1| Making directories in /cache/1B
2014/01/17 14:49:03 kid1| /cache/1C exists
2014/01/17 14:49:03 kid1| Making directories in /cache/1C
2014/01/17 14:49:03 kid1| /cache/1D exists
2014/01/17 14:49:03 kid1| Making directories in /cache/1D
2014/01/17 14:49:03 kid1| /cache/1E exists
2014/01/17 14:49:03 kid1| Making directories in /cache/1E
2014/01/17 14:49:03 kid1| /cache/1F exists
2014/01/17 14:49:03 kid1| Making directories in /cache/1F
2014/01/17 14:49:03 kid1| /cache/20 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/20
2014/01/17 14:49:03 kid1| /cache/21 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/21
2014/01/17 14:49:03 kid1| /cache/22 exists
2014/01/17 14:49:03 kid1| Making directories in /cache/22

stuck pada cache/22 control z pun ga bisa
padahal saya cek direktory /var/spool/squid sudah ada

letak kesalahannya dimana ya?


kalo di saya, kan diremot pake putty,
nah jendela puttynya di maximize atau direstore, keliatan udh slsai squid -znya


User avatar
linux_baby
Posts: 2
Joined: 11 Jun 2013, 07:36
Location: Indonesia

Post by linux_baby » 02 Apr 2014, 06:09

bang jualdian mau nanya...
utk chown user sm groupnya squid:squid
utk configurenya --with-default-user=proxy
utk squidnya:
cache_effective_user proxy
cache_effective_group proxy

ada hubungannya gak bang...,
kalau ada yg perlu disesuaikan mhn bimbingannya bang..
terimakasih sebelumnya


User avatar
JuldianTan
Posts: 45
Joined: 25 Mar 2013, 04:07
Location: Palembang, Indonesia
Contact:

Post by JuldianTan » 09 Apr 2014, 05:25

Diubah aja squid:squid menjadi proxy:proxy.
Ada sedikit kesalahan saat membuat tut.


User avatar
marmoyo01
Posts: 1
Joined: 07 Oct 2013, 21:20
Contact:

Post by marmoyo01 » 18 Apr 2014, 11:55

Squid 3 Head xx uda jalan & work tapi masi bingung nyari hit& setingan mikrotik untuk manggle yang pas!! bingung nieh para "master" sekalian mohon pencerahan squid.conf + manggle limit BW nya yang pas untuk si cumi 3 ini????


User avatar
DhananJaya
Posts: 22
Joined: 08 Nov 2012, 21:36
Location: Lubuklinggau

Post by DhananJaya » 24 Apr 2014, 16:05

Selamat Sore...mas-mas semua, Maaf baru muncul lagi.

Mas Pragola, mas SJW dan saudara2 semua yang ada di forum dan mungkin ikut menyimak thread ini,mau laporan dulu ini.

Setelah 3 hari kemarin balik coba-coba lagi squid3 dan alternatif2 lainnya, akhir nya ketemu secercah harapan ini. Maksud dan tujuan caching https content ini,seperti yang saya utarakan pada awal thread adalah untuk mengcache kontent-kontent yang ada di facebook dan web2 game lain yang berkepala https.

Sempat stuck dengan Squid3-HEAD, akhirnya nemuin "fiddler-web debuging proxy" dari telerik. sempat bingung pada awalnya, namun setelah dicari2 lagi, ketemu dengan thread si Om Reges-Jogja (suhu handycache proxy), dimana disitu dia ada juga menggunakan fiddler sebagai https tunnelnya atau apalah namanya.

Update: masih coba2 main2 fiddler dulu, dengan tujuan nantinya aliran fiddler ini bakal dibalikin ke squid kita. report akan segera menyusul, baik dan buruknya..(semoga mas pragolla,julian tan dan semua warga disini, ada waktu juga buat nyobain, biar bisa lebih bagus progress nya)

regards


User avatar
Bandi_Shippuden
Posts: 62
Joined: 04 May 2012, 12:06
Location: Pekanbaru, Indonesia
Contact:

Post by Bandi_Shippuden » 26 Apr 2014, 09:50

Mau nanyak ne sama yg udah jalan squid-3XX+SSLBump,
saya menggunakan squid-3.4.4.2 release 23 April 2014, tahap penginstalan dan konfigurasi sudah jalan hanya ada beberapa masalah pada situs GMAIL..
permasalahanya jika kita membuak secara langsung dengan mengetikan http://www.gmail.com SSL tidak suport jika di goolechrome jika di mozila masih bisa di lakukan secara manual ...
untuk website yang berkepala HTTPS sampai saat ini berjalan normal di mozila dan googlechrome, apakah di tempat agan mengalami hal yang sama ?


User avatar
q_p
Posts: 3109
Joined: 14 Oct 2012, 13:01
Contact:

Post by q_p » 09 May 2014, 05:58

arinsoft wrote:@ mas Pragola_Pati
sy juga pake squid3-HEAD mas.saat squid -z berhenti di tengah jalan
2013/09/13 00:17:14 kid1| Making directories in /etc/cache1/0F

solusinya gmn mas
tekan tombol [font:Courier New]"Enter"[/font] saja


User avatar
bang_andi
Posts: 398
Joined: 03 Sep 2010, 09:07
Location: Di sekitar sungai musi...
Contact:

Post by bang_andi » 20 May 2014, 20:27

sandhy wrote:wah keren ini ilmu squid nya para masta,, mantabb.. :)
btw klo configurasi lightsquid nya gimana yaa masta biar si log squid termonitoring ke lightsquid nya..??
ooh...kalau yg ini adek ingusan salah kamar, ntar mmpir sj ke pondok (blog) sy disitu ada saya bahas lightsquid di server ubuntu, tapi ingusnya dilap dulu :D


User avatar
bang_andi
Posts: 398
Joined: 03 Sep 2010, 09:07
Location: Di sekitar sungai musi...
Contact:

Post by bang_andi » 20 May 2014, 20:35

btw setelah sekian lama menyimak jdi kpengen nyoba jg nih, kebetulan ada satu server ubuntu (versi backup)... yg jd masalah sy waktunya sj yg blm ada hadeeh :(

nnti om pragola pati & om Dhanan jaya mau gk bimbing sy, gkpp dah server ubuntu sy yg versi backup jd bahan uji coba :D ...ya kalau mau sih


User avatar
q_p
Posts: 3109
Joined: 14 Oct 2012, 13:01
Contact:

Post by q_p » 31 May 2014, 22:17

[size:17pt]Lengkapi squid3.x Anda dengan "Diladele Web Safety"
Sebagai Gantinya squidGuard di squid2.7
[/size]reff = hxxps://github.com/ra-at-diladele-com/qlproxy_external/wiki/Administrators-Guide [img]http://s20.postimg.org/k0g0q02ul/Picture1.png[/img]
[img]http://s20.postimg.org/s780hksx9/Picture2.png[/img]


User avatar
DhananJaya
Posts: 22
Joined: 08 Nov 2012, 21:36
Location: Lubuklinggau

Post by DhananJaya » 06 Jun 2014, 05:11

Wah makasih masukannya mas pragola. Sempat baca juga thread diladele kemarin2 tapi blm sempat dicoba, baru tadi, lihat masukan mas pragola, jadi niat nyoba.

Btw,
Sekalian update:
#Nyobain fiddler buat bantu cache https enak, tapi rada ribet2 ya musti setting browser klien manual buat lariin traffic nya. Jadi kayak pake Handycache, nggak transparent :sleep:

#balik lagi ke squid 3-HEAD/squid 3.4, kayaknya sekarang hit nya udah mulai lancar ya mas, pragola? Masalah ssl error saat running, gak terlalu memperlambat kinerja si cumi. Gak kayak pertama2 coba squid3-HEAD awal2 kemarin. Emang iya atau cuman perasaan aja, kurang tau pastinya :-p.

#nyobain diladele juga, hit nya enak. Tapi di kasus saya, ke paksa tujuan diladele nya dihapus (di unblock semua policy nya). Soale pelanggan yang suka buka2 situs2 "tertentu" jadi rada sewot gara2 di block tante Adele eh diladele.

Segini dulu, nanti tak lanjut coba2an lagi. Tapi intinya kayaknya https udah rada enakan buat di cache sekarang, imo.


Post Reply

Who is online

Users browsing this forum: No registered users and 27 guests