Lanjut ke konten

Konfigurasi Squid / Proxy di Ubuntu

3 Mei 2010

Setelah menyelesaikan installasi squid server di debian, langkah berikutnya adalah melakukan konfigurasi supaya Squid / Proxy bisa digunakan di jaringan lokal, sebenarnya konfigurasi Squid / Proxy di Berbagai Distro Linux hampir sama, ada di posisi /etc/squid/squid.conf.

Berikut salahsatu contoh konfigurasinya :

# Port

http_port 3128 transparent

icp_port 3130

prefer_direct off

# Cache & Object

cache_mem 6 MB

cache_swap_low 98

cache_swap_high 99

maximum_object_size 256 MB

minimum_object_size 0 bytes

maximum_object_size_in_memory 256 KB

ipcache_size 5120

ipcache_low 98

ipcache_high 99

fqdncache_size 5120

cache_replacement_policy heap LFUDA

memory_replacement_policy heap GDSF

cache_dir aufs /home/squid 49000 28 256

cache_access_log /usr/local/squid/access.log

cache_log /usr/local/squid/cache.log

log_fqdn off

log_icp_queries off

cache_log none

cache_store_log none

pid_filename /var/run/squid.pid

cache_swap_log /var/log/squid/swap.state

dns_nameservers /etc/resolv.conf

emulate_httpd_log off

hosts_file /etc/hosts

# half_closed_clients off

negative_ttl 1 minutes

# Rules: Safe Port

acl all src 0.0.0.0/0.0.0.0

acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255

acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443 563 873 # https snews rsync

acl Safe_ports port 80 # http

acl Safe_ports port 20 21 # ftp

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 631 # cups

acl Safe_ports port 10000 # webmin

acl Safe_ports port 901 # SWAT

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl Safe_ports port 873 # rsync

acl Safe_ports port 110 # POP3

acl Safe_ports port 25 # SMTP

acl Safe_ports port 2095 2096 # webmail from cpanel

acl Safe_ports port 2082 2083 # cpanel

acl purge method PURGE

acl CONNECT method CONNECT

http_access allow manager localhost

http_access deny manager

http_access allow purge localhost

http_access deny purge

http_access deny !Safe_ports !SSL_ports

http_access deny CONNECT !SSL_ports !Safe_ports

# Refresh Pattern

refresh_pattern ^ftp: 10080 95% 241920 reload-into-ims override-lastmod

refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern ^http: 720 90% 432000

refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private

refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|mpg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-private

refresh_pattern -i \.(deb|rpm|exe|ram|bin|pdf|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private

refresh_pattern -i \.(zip|gz|arj|lha|lzh|tar|tgz|cab|rar)$ 10080 95% 43200 override-expire ignore-no-cache ignore-private

refresh_pattern -i \.(php|asp|aspx|cgi|html|htm|css|js) 1440 40% 40320

refresh_pattern ^http://*.friendster.com/.* 720 100% 4320

refresh_pattern ^http://*.facebook.com/.* 720 100% 4320

refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320

refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320

refresh_pattern ^http://*.yimg.*/.* 720 100% 4320

refresh_pattern ^http://*.google.*/.* 720 100% 4320

refresh_pattern ^http://*.telkomspeedy.com/.* 720 100% 4320

refresh_pattern ^http://*.kaskus.*/.* 720 100% 4320

refresh_pattern ^http://*.hotmail.*/.* 720 100% 4320

refresh_pattern ^http://*.wikipedia.*/.* 720 100% 4320

refresh_pattern ^http://wiki.*.*/.* 720 100% 4320

refresh_pattern ^http://*.jobsdb.*/.* 720 100% 4320

refresh_pattern ^http://*.karir.*/.* 720 100% 4320

refresh_pattern ^http://mail.plasa.com/.* 720 100% 4320

refresh_pattern ^http://*.detik.*/.* 60 20% 360

refresh_pattern ^http://*.detikinet.*/.* 60 20% 360

refresh_pattern ^http://*.detikhot.*/.* 60 20% 360

refresh_pattern ^http://*.detiportal.*/.* 60 100% 360

refresh_pattern ^http://*.kompas.*/.* 60 20% 360

refresh_pattern ^http://*.okezone.*/.* 60 20% 360

refresh_pattern ^http://*.trans7.*/.* 720 100% 4320

refresh_pattern ^http://*.rcti.*/.* 720 100% 4320

refresh_pattern ^http://*.indosiar.*/.* 720 100% 4320

refresh_pattern ^http://*.metrotvnews.*/.* 720 100% 4320

refresh_pattern ^http://*.transtv.*/.* 720 100% 4320

refresh_pattern ^http://*.kapanlagi.*/.* 720 100% 4320

refresh_pattern ^http://*.ebay.*/.* 720 100% 4320

refresh_pattern . 0 20% 4320

quick_abort_min 0

quick_abort_max 0

quick_abort_pct 98

reload_into_ims on

pipeline_prefetch on

vary_ignore_expire on

# Memaksa file2 video untuk di cache

acl streaming url_regex -i \.youtube\.com\/get_video\?

acl streaming url_regex -i \.googlevideo\.com\/videoplayback \.googlevideo\.com\/videoplay \.googlevideo\.com\/get_video\?

acl streaming url_regex -i \.google\.com\/videoplayback \.google\.com\/videoplay \.google\.com\/get_video\?

acl streaming url_regex -i \.google\.[a-z][a-z]\/videoplayback \.google\.[a-z][a-z]\/videoplay \.google\.[a-z][a-z]\/get_video\?

acl streaming url_regex -i (25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/videoplayback\?

acl streaming url_regex -i (25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/videoplay\?

acl streaming url_regex -i (25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/get_video\?

acl streaming url_regex -i proxy[a-z0-9\-][a-z0-9][a-z0-9][a-z0-9]?\.dailymotion\.com\/

acl streaming url_regex -i vid\.akm\.dailymotion\.com\/

acl streaming url_regex -i [a-z0-9][0-9a-z][0-9a-z]?[0-9a-z]?[0-9a-z]?\.xtube\.com\/(.*)flv

acl streaming url_regex -i bitcast\.vimeo\.com\/vimeo\/videos\/

acl streaming url_regex -i va\.wrzuta\.pl\/wa[0-9][0-9][0-9][0-9]?

acl streaming url_regex -i \.files\.youporn\.com\/(.*)\/flv\/

acl streaming url_regex -i \.msn\.com\.edgesuite\.net\/(.*)\.flv

acl streaming url_regex -i media[a-z0-9]?[a-z0-9]?[a-z0-9]?\.tube8\.com\/ mobile[a-z0-9]?[a-z0-9]?[a-z0-9]?\.tube8\.com\/

acl streaming url_regex -i \.mais\.uol\.com\.br\/(.*)\.flv

acl streaming url_regex -i \.video[a-z0-9]?[a-z0-9]?\.blip\.tv\/(.*)\.(flv|avi|mov|mp3|m4v|mp4|wmv|rm|ram)

acl streaming url_regex -i video\.break\.com\/(.*)\.(flv|mp4)

acl streaming url_regex -i get_video\?video_id videodownload\?

acl streaming_dom dstdomain .mccont.com dl.redtube.com .cdn.dailymotion.com .youtube.com .googlevideo.com

cache allow streaming

cache allow streaming_dom

# HIERARCHY (BYPASS CGI)

hierarchy_stoplist cgi-bin ? .js .jsp

acl QUERY urlpath_regex cgi-bin \? .js .jsp

no_cache deny QUERY

# ALLOWED ACCESS

acl LAN src 192.168.100.0/24

http_access allow LAN

http_access allow localhost

http_access deny all

http_reply_access allow all

icp_access allow LAN

icp_access allow localhost

icp_access deny all

always_direct deny all

# Cache CGI & Administrative # http://%5Bip-proxy%5D/cgi-bin/cachemgr.cgi

cache_mgr dobelden@yahoo.com

#cachemgr_passwd 123456 all

visible_hostname http://dobelden.wordpress.com

cache_effective_user proxy

cache_effective_group proxy

coredump_dir /var/spool/squid

shutdown_lifetime 10 seconds

logfile_rotate 14

memory_pools off

Konfigurasi inipun hanya contoh dan pengaturan di squid.conf amat sangat dinamis.

referensi :

http://wa2n.staff.uns.ac.id/2009/03/04/transparant-proxy-blok-url-blok-keyword-with-squid-on-ubuntu/

http://forum.linux.or.id/viewtopic.php?f=16&t=271&start=735

http://www.rozy.web.id/ubuntu/install-squid-di-ubuntu/

http://hantulab.blogspot.com/2009/01/setting-squid-di-intrepid-ibex-ubuntu.html

https://help.ubuntu.com/7.04/server/C/squid.html

About these ads
38 Komentar leave one →
  1. 3 Mei 2010 21:03

    nice post :-)

    -zaldi- / FMIPA / sistem komputer / universitas andalas

  2. 4 Mei 2010 02:44

    thanks infonya sangat bermanfaat

    TELKOMSEL UNLIMITED ready stock

  3. Bangjay permalink
    25 Mei 2010 17:24

    mohon ijin copas ya bosss… maklum masih newbie dan baru belajar. Dan Mangtaappppsssss

  4. wise score permalink
    29 Juni 2010 14:19

    jika client ping ke proxy kok sampai 4 digit jika di pakai browsing ato donlot, setingan mana yang salah, dari setingan diatas mungkin saya ada beberapa perubahan…
    itu pun demikian jika client ping ke DNS.. saya menggunakan router sejajar dengan proxy
    NET ====MIKROTIK====CLIENT
    :
    :
    PROXY
    terima kasih….
    salam

  5. 29 Juni 2010 14:23

    @wise score : gimana kalo proxy ada di bawahnya mikrotik? kasus ping jadi 4 digit biasanya karena icmp yg ke limit.

  6. wise score permalink
    30 Juni 2010 09:49

    itu nulisnya kok berubah ya… jadi mikrotik sama proxy itu sejajar..
    Net=====mikrotik=====proxy… untuk client hotspot dan lokal langsung dari mikrotik
    tapi masih tetep ping sampai 4 digit jika client browsing.. tpi di proxy sendiri ping normal semua.
    Trimakasih…

    Salam

  7. 30 Juni 2010 14:18

    @Wise : oh gt, kalau coba di tambah http_access allow all sebelum yg deny, lalu transparentnya dimatikan, dan isikan manual Proxy di browsernya, coba ping timenya masih tinggi ga? klo masih tinggi perlu dicek Lancardnya.

  8. wise score permalink
    2 Juli 2010 16:00

    trimakasih…. buanyakkkkkk….

  9. wise score permalink
    2 Juli 2010 16:43

    waduh om nti aq capek set client hotspotku dunk..
    ini masih pake lancard gigabit onboard..
    qra2 yang bagus apa yamas?

  10. wise score permalink
    3 Juli 2010 11:45

    mas itu spek komputer apa aja ya? n cache_dir aufs /home/squid 49000 28 256 ditempat saya 10000 32 256===> pengaruhnya apa?

    trimakasih.. setelah saya ganti lancard gigabit ini sudah lancar..

  11. 3 Juli 2010 14:04

    @wise score : spek komputer asal sehat dualcore ram 2 gig hdd terserah yg baru2 aja. kalo 10000 32 256 brarti : space untuk cache nya 10 GB, dibagi menjadi 32 Direktory dan masing2 dr 32 direktory itu terdapat 256 subdirektory.

  12. wise score permalink
    5 Juli 2010 15:13

    mas mau tanya jika setingannya seperti ini bagaimana?
    NET====MIKROTIK======HUB=======PROXY & CLIENT
    apakah seting acl sama? trus konfigurasi di Mikrotik bagaimana?

    Trima kasih,

    Salam

  13. 5 Juli 2010 18:57

    @wise score : bisa saja, aclnya sama nanti di mikrotiknya bikin prerouting yg mengarahkan bahwa traffik internet akan dilewatkan ke ip proxy di port proxynya

  14. wise score permalink
    6 Juli 2010 11:09

    ok mas aq coba… thanks buanyakkkkkk!!!!!!!!!!

  15. wise score permalink
    12 Juli 2010 14:15

    mas kalo topologinya seperti ini gimana setingnya?
    NET ====>> PROXY =====>>MIKROTIK =======HUB ======>>> CLIENT

    Thanks banget…..
    salam

  16. wise score permalink
    12 Juli 2010 15:00

    NET ====>> MIKROTIK ======HUB === PROXY====CLIENT

  17. 12 Juli 2010 17:36

    @wise score : pada prinsipnya sama, ada perintah yg mengharuskan client itu akses httpnya (port : 80 ) diarahkan ke port squid 3128.

  18. wise score permalink
    20 Juli 2010 09:22

    mas mau tanya neh
    acl proxyku src 192.168.x.x/24
    acl local_lan src 192.168.xx.x/24
    http_access allow proxyku
    http_access allow local_lan

    hasilnya kok TCP_DENIED/403 1481 GET http://xxxxxxxx

    topologi NET=======> MIKROTIK ( X SQUID ) =======1. HUB LAN
    2. HUB SECTORAL

    SALAM…

  19. 20 Juli 2010 14:20

    @wise score : acl proxyku utk apa?

  20. wise score permalink
    20 Juli 2010 16:40

    itu idnya ip proxy..

  21. wise score permalink
    20 Juli 2010 16:48

    acl itu untuk menghalangi ip yang tidak diijinkan masuk? coz tiap ip komputer n radio saya masukkan selalu TCP_DENIED/403…

    maklum mas baru latihan..

  22. wise score permalink
    20 Juli 2010 16:59

    klo tempatnya mas
    acl lan src 192.xxx.xxx.x/24..
    tempat saya
    acl proxy src xxx.xxx.xx
    acl local src xxx.xxx.xx
    acl sectoral src xxx.xxx.xx
    dll…

  23. wise score permalink
    20 Juli 2010 18:11

    hasilnya
    Squid Object Cache: Version 2.7.STABLE7

    Start Time: Tue, 20 Jul 2010 09:34:15 GMT
    Current Time: Tue, 20 Jul 2010 11:10:28 GMT

    Connection information for squid:
    Number of clients accessing cache: 5
    Number of HTTP requests received: 1627
    Number of ICP messages received: 0
    Number of ICP messages sent: 0
    Number of queued ICP replies: 0
    Number of HTCP messages received: 0
    Number of HTCP messages sent: 0
    Request failure ratio: 0.00
    Average HTTP requests per minute since start: 16.9
    Average ICP messages per minute since start: 0.0
    Select loop called: 331264 times, 17.428 ms avg
    Cache information for squid:
    Request Hit Ratios: 5min: 0.0%, 60min: 0.0%
    Byte Hit Ratios: 5min: 2.1%, 60min: 0.6%
    Request Memory Hit Ratios: 5min: 0.0%, 60min: 0.0%
    Request Disk Hit Ratios: 5min: 0.0%, 60min: 0.0%
    Storage Swap size: 12104 KB
    Storage Mem size: 108 KB
    Mean Object Size: 13.14 KB
    Requests given to unlinkd: 0
    Median Service Times (seconds) 5 min 60 min:
    HTTP Requests (All): 0.24524 0.25890
    Cache Misses: 0.24524 0.28853
    Cache Hits: 0.00000 0.00000
    Near Hits: 0.00000 0.00000
    Not-Modified Replies: 0.00000 0.00000
    DNS Lookups: 0.00278 0.01046
    ICP Queries: 0.00000 0.00000
    Resource usage for squid:
    UP Time: 5773.232 seconds
    CPU Time: 1.000 seconds
    CPU Usage: 0.02%
    CPU Usage, 5 minute avg: 0.04%
    CPU Usage, 60 minute avg: 0.02%
    Process Data Segment Size via sbrk(): 4440 KB
    Maximum Resident Size: 39920 KB
    Page faults with physical i/o: 3
    Memory usage for squid via mallinfo():
    Total space in arena: 4440 KB
    Ordinary blocks: 4361 KB 33 blks
    Small blocks: 0 KB 0 blks
    Holding blocks: 5192 KB 2 blks
    Free Small blocks: 0 KB
    Free Ordinary blocks: 78 KB
    Total in use: 9553 KB 99%
    Total free: 78 KB 1%
    Total size: 9632 KB
    Memory accounted for:
    Total accounted: 1012 KB
    memPoolAlloc calls: 555223
    memPoolFree calls: 552101
    File descriptor usage for squid:
    Maximum number of file descriptors: 8192
    Largest file desc currently in use: 124
    Number of file desc currently in use: 113
    Files queued for open: 0
    Available number of file descriptors: 8079
    Reserved number of file descriptors: 100
    Store Disk files open: 0
    IO loop method: epoll
    Internal Data Structures:
    950 StoreEntries
    29 StoreEntries with MemObjects
    26 Hot Object Cache Items
    921 on-disk objects

  24. 20 Juli 2010 22:11

    itu IPnya beda2 atau sama? tujuan dibanyakin ACL karena IPnya banyak?

  25. wise score permalink
    21 Juli 2010 08:02

    betul sekali..

  26. 22 Juli 2010 08:27

    IP proxy ga usah dimasukkan acl, yg interface arah client aja yg dikasih acl

  27. wise score permalink
    22 Juli 2010 09:13

    kok TCP_MISS terus ya?

  28. 22 Juli 2010 11:44

    @wise score : klo tcp miss itu brarti sudah jalan proxynya, artinya url yg diakses baru pertama kali, kalau sudah kedua kali nanti jadi TCP_HIT

  29. wise score permalink
    27 Juli 2010 13:08

    mas saya coba install videocache dan hasilnya REQUEST saja.. kalo boleh tahu gmn setingannya…

    salam.

  30. 29 Juli 2010 15:58

    @wisescore : saya blm coba tuh, baca2 tutornya kok berbayar ya video cache?

  31. 16 Februari 2013 01:19

    It is not my first time to pay a quick visit this web site,
    i am visiting this web site dailly and obtain nice data from here
    all the time.

Lacak Balik

  1. Install dan Konfigurasi Calamaris sebagai Proxy Report pada Ubuntu «
  2. Install dan Konfigurasi Calamaris sebagai Proxy Report pada Ubuntu « wicax7
  3. nstall dan Konfigurasi Calamaris sebagai Proxy Report pada Ubuntu | mithaqueen
  4. Install dan Konfigurasi Calamaris sebagai Proxy Report pada Ubuntu « ruin13
  5. Install dan Konfigurasi Calamaris sebagai Proxy Report pada Ubuntu « adidyahermawan
  6. Install dan Konfigurasi Calamaris sebagai Proxy Report pada Ubuntu « andretaulany
  7. Install dan Konfigurasi Calamaris sebagai Proxy Report pada Ubuntu « dhedhoy

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Logout / Ubah )

Twitter picture

You are commenting using your Twitter account. Logout / Ubah )

Facebook photo

You are commenting using your Facebook account. Logout / Ubah )

Google+ photo

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s

Ikuti

Get every new post delivered to your Inbox.

Bergabunglah dengan 1.716 pengikut lainnya.

%d bloggers like this: