BolPoint.wordpress.com

April 6, 2010

Squid di Ubuntu 7.10

Filed under: Umum — bolpoint @ 9:32 am

Konfigurasi SQUID di UBUNTU server V.7.10 / 8.04

Caranya :

1.

Login sebagai Super Administrator → sudo su
2.

Jangan Lupa siapkan koneksi internet dan lakukan instalasi Squid dengan perintah :

sudo apt-get install squid
3.

Jika sudah selesai jangan lupa back up file squid.conf dengan perintah :
cp /etc/squid/squid.conf /etc/squid/squid.conf.original
4.

konfigurasi file squid.conf menjadi seperti di bawah ini :

http_port 8080 transparent

#icp_port 0

#icp_query_timeout 0

#maximum_icp_query_timeout 2000

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?

cache deny QUERY

acl apache rep_header Server ^Apache

broken_vary_encoding allow apache

cache_mem 8 MB

cache_swap_low 90

cache_swap_high 95

maximum_object_size 4096 KB

#minimum_object_size 0 KB

#cache directories

cache_dir ufs /var/spool/squid 5000 9 256

access_log /var/log/squid/access.log squid

cache_log /var/log/squid/cache.log

cache_store_log /var/log/squid/store.log

emulate_httpd_log off

log_ip_on_direct on

client_netmask 255.255.255.255

# OPTIONS FOR TUNING THE CACHE

#wais_relay_port 0

request_header_max_size 20 KB

request_body_max_size 0 KB

refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern . 0 20% 4320

# ACCESS CONTROLS

acl all src 0.0.0.0/0.0.0.0

acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255

acl to_localhost dst 127.0.0.0/8

# variavel localnet… seluruh jaringan 1.0 ke sbawah menggunakan proxi ini

acl localnet src 192.168.1.0/255.255.255.0

acl porn url_regex -i “/etc/squid/porn.txt”

#Acl waktuKerja time SMTWHF 08:00-13:00

acl SSL_ports port 443

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 # https

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT

# Allowing or Denying access based on defined access lists

http_access allow manager localhost

http_access deny porn

http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access deny to_localhost

#http_access deny bad

# mengizinkan variabel localnet di atas

http_access allow localnet

http_access allow localhost

http_access deny all

http_reply_access allow all

#icp_access allow all

# ADMINISTRATIVE PARAMETERS

cache_mgr ds@polteklampung.net

visible_hostname proxy@polteklampung.net

#Delay Pools

#acl local url_regex -i 192.168

#acl downloadFile url_regex -i \.exe$

#acl downloadFile url_regex -i \.mp3$

#acl downloadFile url_regex -i \.3gp$

#acl downloadFile url_regex -i \.vqf$

#acl downloadFile url_regex -i \.gz$

#acl downloadFile url_regex -i \.rpm$

#acl downloadFile url_regex -i \.zip$

#acl downloadFile url_regex -i \.rar$

#acl downloadFile url_regex -i \.avi$

#acl downloadFile url_regex -i \.mpeg$

#acl downloadFile url_regex -i \.mpe$

#acl downloadFile url_regex -i \.mpq$

#acl downloadFile url_regex -i \.qt$

#acl downloadFile url_regex -i \.ram$

#acl downloadFile url_regex -i \.iso$

#acl downloadFile url_regex -i \.raw$

#acl downloadFile url_regex -i \.wav$

#delay_pools 2

#Pools untuk binabangsa

#delay_class 1 2

#delay_parameters 1 -1/-1 8000/8000

#delay_access 1 allow local

#delay_access 1 deny all

#pools untuk type file download

#delay_class 2 3

#delay_parameters 2 32000/32000 1500/1500 250/250

#delay_access 2 allow downloadFile

#delay_access 2 deny all

catatan : konfigurasi proxy karya http://hendraarif.web.id

1.

Buat file porn.txt (isikan daftar situs porno yang tidak boleh diakses) dan letakkan di /etc/squid/
2.

restart squid dengan perintah : /etc/init.d/squid restart
3.

Buat NAT dan Tranparan Proxy di /etc/rc.local dengan script berikut ini :

echo 1 > /proc/sys/net/ipv4/ip_forward

#iptables -t nat -A POSTROUTING -j MASQUERADE

iptables -A PREROUTING -t nat -p tcp -s 192.168.1.0/24 -i eth1 -d \! 192.168.1.0/24 –dport 80 -j REDIRECT –to 8080

iptables -t nat -A POSTROUTING -j MASQUERADE

exit 0
4.

Restart Server dengan perintha : shutdonw -r now
5.

Selanjutnya coba lakukan bowsing dari client…
6.

Gunakan perintah #tail -f /var/log/squid/access.log untuk melihat situs yang di akses oleh client. Jika ini berjalan berarti squid kita telah berhasil di buat.
7.

Selamat Mencoba.

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: