Konfigurasi Squid / Proxy di Ubuntu
Setelah menyelesaikan installasi squid server di debian, langkah berikutnya adalah melakukan konfigurasi supaya Squid / Proxy bisa digunakan di jaringan lokal, sebenarnya konfigurasi Squid / Proxy di Berbagai Distro Linux hampir sama, ada di posisi /etc/squid/squid.conf.
Berikut salahsatu contoh konfigurasinya :
# Port
http_port 3128 transparent
icp_port 3130
prefer_direct off
# Cache & Object
cache_mem 6 MB
cache_swap_low 98
cache_swap_high 99
maximum_object_size 256 MB
minimum_object_size 0 bytes
maximum_object_size_in_memory 256 KB
ipcache_size 5120
ipcache_low 98
ipcache_high 99
fqdncache_size 5120
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
cache_dir aufs /home/squid 49000 28 256
cache_access_log /usr/local/squid/access.log
cache_log /usr/local/squid/cache.log
log_fqdn off
log_icp_queries off
cache_log none
cache_store_log none
pid_filename /var/run/squid.pid
cache_swap_log /var/log/squid/swap.state
dns_nameservers /etc/resolv.conf
emulate_httpd_log off
hosts_file /etc/hosts
# half_closed_clients off
negative_ttl 1 minutes
# Rules: Safe Port
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 873 # https snews rsync
acl Safe_ports port 80 # http
acl Safe_ports port 20 21 # ftp
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 631 # cups
acl Safe_ports port 10000 # webmin
acl Safe_ports port 901 # SWAT
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 873 # rsync
acl Safe_ports port 110 # POP3
acl Safe_ports port 25 # SMTP
acl Safe_ports port 2095 2096 # webmail from cpanel
acl Safe_ports port 2082 2083 # cpanel
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports !SSL_ports
http_access deny CONNECT !SSL_ports !Safe_ports
# Refresh Pattern
refresh_pattern ^ftp: 10080 95% 241920 reload-into-ims override-lastmod
refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern ^http: 720 90% 432000
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|mpg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(deb|rpm|exe|ram|bin|pdf|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(zip|gz|arj|lha|lzh|tar|tgz|cab|rar)$ 10080 95% 43200 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(php|asp|aspx|cgi|html|htm|css|js) 1440 40% 40320
refresh_pattern ^http://*.friendster.com/.* 720 100% 4320
refresh_pattern ^http://*.facebook.com/.* 720 100% 4320
refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320
refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320
refresh_pattern ^http://*.yimg.*/.* 720 100% 4320
refresh_pattern ^http://*.google.*/.* 720 100% 4320
refresh_pattern ^http://*.telkomspeedy.com/.* 720 100% 4320
refresh_pattern ^http://*.kaskus.*/.* 720 100% 4320
refresh_pattern ^http://*.hotmail.*/.* 720 100% 4320
refresh_pattern ^http://*.wikipedia.*/.* 720 100% 4320
refresh_pattern ^http://wiki.*.*/.* 720 100% 4320
refresh_pattern ^http://*.jobsdb.*/.* 720 100% 4320
refresh_pattern ^http://*.karir.*/.* 720 100% 4320
refresh_pattern ^http://mail.plasa.com/.* 720 100% 4320
refresh_pattern ^http://*.detik.*/.* 60 20% 360
refresh_pattern ^http://*.detikinet.*/.* 60 20% 360
refresh_pattern ^http://*.detikhot.*/.* 60 20% 360
refresh_pattern ^http://*.detiportal.*/.* 60 100% 360
refresh_pattern ^http://*.kompas.*/.* 60 20% 360
refresh_pattern ^http://*.okezone.*/.* 60 20% 360
refresh_pattern ^http://*.trans7.*/.* 720 100% 4320
refresh_pattern ^http://*.rcti.*/.* 720 100% 4320
refresh_pattern ^http://*.indosiar.*/.* 720 100% 4320
refresh_pattern ^http://*.metrotvnews.*/.* 720 100% 4320
refresh_pattern ^http://*.transtv.*/.* 720 100% 4320
refresh_pattern ^http://*.kapanlagi.*/.* 720 100% 4320
refresh_pattern ^http://*.ebay.*/.* 720 100% 4320
refresh_pattern . 0 20% 4320
quick_abort_min 0
quick_abort_max 0
quick_abort_pct 98
reload_into_ims on
pipeline_prefetch on
vary_ignore_expire on
# Memaksa file2 video untuk di cache
acl streaming url_regex -i \.youtube\.com\/get_video\?
acl streaming url_regex -i \.googlevideo\.com\/videoplayback \.googlevideo\.com\/videoplay \.googlevideo\.com\/get_video\?
acl streaming url_regex -i \.google\.com\/videoplayback \.google\.com\/videoplay \.google\.com\/get_video\?
acl streaming url_regex -i \.google\.[a-z][a-z]\/videoplayback \.google\.[a-z][a-z]\/videoplay \.google\.[a-z][a-z]\/get_video\?
acl streaming url_regex -i (25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/videoplayback\?
acl streaming url_regex -i (25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/videoplay\?
acl streaming url_regex -i (25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/get_video\?
acl streaming url_regex -i proxy[a-z0-9\-][a-z0-9][a-z0-9][a-z0-9]?\.dailymotion\.com\/
acl streaming url_regex -i vid\.akm\.dailymotion\.com\/
acl streaming url_regex -i [a-z0-9][0-9a-z][0-9a-z]?[0-9a-z]?[0-9a-z]?\.xtube\.com\/(.*)flv
acl streaming url_regex -i bitcast\.vimeo\.com\/vimeo\/videos\/
acl streaming url_regex -i va\.wrzuta\.pl\/wa[0-9][0-9][0-9][0-9]?
acl streaming url_regex -i \.files\.youporn\.com\/(.*)\/flv\/
acl streaming url_regex -i \.msn\.com\.edgesuite\.net\/(.*)\.flv
acl streaming url_regex -i media[a-z0-9]?[a-z0-9]?[a-z0-9]?\.tube8\.com\/ mobile[a-z0-9]?[a-z0-9]?[a-z0-9]?\.tube8\.com\/
acl streaming url_regex -i \.mais\.uol\.com\.br\/(.*)\.flv
acl streaming url_regex -i \.video[a-z0-9]?[a-z0-9]?\.blip\.tv\/(.*)\.(flv|avi|mov|mp3|m4v|mp4|wmv|rm|ram)
acl streaming url_regex -i video\.break\.com\/(.*)\.(flv|mp4)
acl streaming url_regex -i get_video\?video_id videodownload\?
acl streaming_dom dstdomain .mccont.com dl.redtube.com .cdn.dailymotion.com .youtube.com .googlevideo.com
cache allow streaming
cache allow streaming_dom
# HIERARCHY (BYPASS CGI)
hierarchy_stoplist cgi-bin ? .js .jsp
acl QUERY urlpath_regex cgi-bin \? .js .jsp
no_cache deny QUERY
# ALLOWED ACCESS
acl LAN src 192.168.100.0/24
http_access allow LAN
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow LAN
icp_access allow localhost
icp_access deny all
always_direct deny all
# Cache CGI & Administrative # http://[ip-proxy]/cgi-bin/cachemgr.cgi
cache_mgr dobelden@yahoo.com
#cachemgr_passwd 123456 all
visible_hostname http://dobelden.wordpress.com
cache_effective_user proxy
cache_effective_group proxy
coredump_dir /var/spool/squid
shutdown_lifetime 10 seconds
logfile_rotate 14
memory_pools off
Konfigurasi inipun hanya contoh dan pengaturan di squid.conf amat sangat dinamis.
referensi :
http://wa2n.staff.uns.ac.id/2009/03/04/transparant-proxy-blok-url-blok-keyword-with-squid-on-ubuntu/
http://forum.linux.or.id/viewtopic.php?f=16&t=271&start=735
http://www.rozy.web.id/ubuntu/install-squid-di-ubuntu/
http://hantulab.blogspot.com/2009/01/setting-squid-di-intrepid-ibex-ubuntu.html
nice post
-zaldi- / FMIPA / sistem komputer / universitas andalas
thanks infonya sangat bermanfaat
TELKOMSEL UNLIMITED ready stock
mohon ijin copas ya bosss… maklum masih newbie dan baru belajar. Dan Mangtaappppsssss
jika client ping ke proxy kok sampai 4 digit jika di pakai browsing ato donlot, setingan mana yang salah, dari setingan diatas mungkin saya ada beberapa perubahan…
itu pun demikian jika client ping ke DNS.. saya menggunakan router sejajar dengan proxy
NET ====MIKROTIK====CLIENT
:
:
PROXY
terima kasih….
salam
@wise score : gimana kalo proxy ada di bawahnya mikrotik? kasus ping jadi 4 digit biasanya karena icmp yg ke limit.
itu nulisnya kok berubah ya… jadi mikrotik sama proxy itu sejajar..
Net=====mikrotik=====proxy… untuk client hotspot dan lokal langsung dari mikrotik
tapi masih tetep ping sampai 4 digit jika client browsing.. tpi di proxy sendiri ping normal semua.
Trimakasih…
Salam
@Wise : oh gt, kalau coba di tambah http_access allow all sebelum yg deny, lalu transparentnya dimatikan, dan isikan manual Proxy di browsernya, coba ping timenya masih tinggi ga? klo masih tinggi perlu dicek Lancardnya.
trimakasih…. buanyakkkkkk….
waduh om nti aq capek set client hotspotku dunk..
ini masih pake lancard gigabit onboard..
qra2 yang bagus apa yamas?
mas itu spek komputer apa aja ya? n cache_dir aufs /home/squid 49000 28 256 ditempat saya 10000 32 256===> pengaruhnya apa?
trimakasih.. setelah saya ganti lancard gigabit ini sudah lancar..
@wise score : spek komputer asal sehat dualcore ram 2 gig hdd terserah yg baru2 aja. kalo 10000 32 256 brarti : space untuk cache nya 10 GB, dibagi menjadi 32 Direktory dan masing2 dr 32 direktory itu terdapat 256 subdirektory.
mas mau tanya jika setingannya seperti ini bagaimana?
NET====MIKROTIK======HUB=======PROXY & CLIENT
apakah seting acl sama? trus konfigurasi di Mikrotik bagaimana?
Trima kasih,
Salam
@wise score : bisa saja, aclnya sama nanti di mikrotiknya bikin prerouting yg mengarahkan bahwa traffik internet akan dilewatkan ke ip proxy di port proxynya
ok mas aq coba… thanks buanyakkkkkk!!!!!!!!!!
mas kalo topologinya seperti ini gimana setingnya?
NET ====>> PROXY =====>>MIKROTIK =======HUB ======>>> CLIENT
Thanks banget…..
salam
NET ====>> MIKROTIK ======HUB === PROXY====CLIENT
@wise score : pada prinsipnya sama, ada perintah yg mengharuskan client itu akses httpnya (port : 80 ) diarahkan ke port squid 3128.
mas mau tanya neh
acl proxyku src 192.168.x.x/24
acl local_lan src 192.168.xx.x/24
http_access allow proxyku
http_access allow local_lan
hasilnya kok TCP_DENIED/403 1481 GET http://xxxxxxxx
topologi NET=======> MIKROTIK ( X SQUID ) =======1. HUB LAN
2. HUB SECTORAL
SALAM…
@wise score : acl proxyku utk apa?
itu idnya ip proxy..
acl itu untuk menghalangi ip yang tidak diijinkan masuk? coz tiap ip komputer n radio saya masukkan selalu TCP_DENIED/403…
maklum mas baru latihan..
klo tempatnya mas
acl lan src 192.xxx.xxx.x/24..
tempat saya
acl proxy src xxx.xxx.xx
acl local src xxx.xxx.xx
acl sectoral src xxx.xxx.xx
dll…
hasilnya
Squid Object Cache: Version 2.7.STABLE7
Start Time: Tue, 20 Jul 2010 09:34:15 GMT
Current Time: Tue, 20 Jul 2010 11:10:28 GMT
Connection information for squid:
Number of clients accessing cache: 5
Number of HTTP requests received: 1627
Number of ICP messages received: 0
Number of ICP messages sent: 0
Number of queued ICP replies: 0
Number of HTCP messages received: 0
Number of HTCP messages sent: 0
Request failure ratio: 0.00
Average HTTP requests per minute since start: 16.9
Average ICP messages per minute since start: 0.0
Select loop called: 331264 times, 17.428 ms avg
Cache information for squid:
Request Hit Ratios: 5min: 0.0%, 60min: 0.0%
Byte Hit Ratios: 5min: 2.1%, 60min: 0.6%
Request Memory Hit Ratios: 5min: 0.0%, 60min: 0.0%
Request Disk Hit Ratios: 5min: 0.0%, 60min: 0.0%
Storage Swap size: 12104 KB
Storage Mem size: 108 KB
Mean Object Size: 13.14 KB
Requests given to unlinkd: 0
Median Service Times (seconds) 5 min 60 min:
HTTP Requests (All): 0.24524 0.25890
Cache Misses: 0.24524 0.28853
Cache Hits: 0.00000 0.00000
Near Hits: 0.00000 0.00000
Not-Modified Replies: 0.00000 0.00000
DNS Lookups: 0.00278 0.01046
ICP Queries: 0.00000 0.00000
Resource usage for squid:
UP Time: 5773.232 seconds
CPU Time: 1.000 seconds
CPU Usage: 0.02%
CPU Usage, 5 minute avg: 0.04%
CPU Usage, 60 minute avg: 0.02%
Process Data Segment Size via sbrk(): 4440 KB
Maximum Resident Size: 39920 KB
Page faults with physical i/o: 3
Memory usage for squid via mallinfo():
Total space in arena: 4440 KB
Ordinary blocks: 4361 KB 33 blks
Small blocks: 0 KB 0 blks
Holding blocks: 5192 KB 2 blks
Free Small blocks: 0 KB
Free Ordinary blocks: 78 KB
Total in use: 9553 KB 99%
Total free: 78 KB 1%
Total size: 9632 KB
Memory accounted for:
Total accounted: 1012 KB
memPoolAlloc calls: 555223
memPoolFree calls: 552101
File descriptor usage for squid:
Maximum number of file descriptors: 8192
Largest file desc currently in use: 124
Number of file desc currently in use: 113
Files queued for open: 0
Available number of file descriptors: 8079
Reserved number of file descriptors: 100
Store Disk files open: 0
IO loop method: epoll
Internal Data Structures:
950 StoreEntries
29 StoreEntries with MemObjects
26 Hot Object Cache Items
921 on-disk objects
itu IPnya beda2 atau sama? tujuan dibanyakin ACL karena IPnya banyak?
betul sekali..
IP proxy ga usah dimasukkan acl, yg interface arah client aja yg dikasih acl
kok TCP_MISS terus ya?
@wise score : klo tcp miss itu brarti sudah jalan proxynya, artinya url yg diakses baru pertama kali, kalau sudah kedua kali nanti jadi TCP_HIT
mas saya coba install videocache dan hasilnya REQUEST saja.. kalo boleh tahu gmn setingannya…
salam.
@wisescore : saya blm coba tuh, baca2 tutornya kok berbayar ya video cache?