Monday, April 28, 2008

INSTALASI PROXY SERVER

I. Membuat Partisi Harddisk

Dalam membuat proxy server setidaknya dibuat beberapa partisi HDD

Contoh berikut untuk HDD berkapasitas 40 GB

Partisi Kapasitas

SWAP 512 MB

/ 7 GB

/home 4 GB

/usr/local/mysql/var 4 GB

/tmp 2 GB

/var/log 2 GB

/var/spool 2 GB

/usr/local/squid 2 GB

/usr/local/var/cache1 5 GB

/usr/local/var/cache2 5 GB

/usr/local/var/cache3 5 GB

/mnt/data 3 GB

II. Linux diinstall full distro

III. Download soure squid yang terbaru à squid-*.tar.gz, contoh : ftp://squid.cbn.net.id/pub/squid/squid-3/STABLE/squid-3.0.STABLE13.tar.gz atau yang terbaru.

IV. Install source squid :

- root@net:/# tar –xzvf squid-3.0.STABLE13.tar.gz

- root@net:/# cd squid-3.0.STABLE13

- root@net: /squid-3.0.STABLE13/#./configure –prefix=/usr/local/squid –enable-delay-pools –enable-cache-diggest –enable-pool –disable-ident-lookup –enable-async-io=16 –with-aufs-threads=16 –with-pthreads –enable-storeio=diskd,ufs,aufs –disable-auth-modules –enable-removal-policies=heap –enable-snmp

- root@net:/squid-3.0.STABLE13# make all

- root@net:/squid-3.0.STABLE13# make install

V. Konfigurasi SQUID :

- root@net:/# cd /usr/local/squid/etc

- root@net:/ /usr/local/squid/etc # pico squid.conf

- Konfigurasi sbb :

http port 8080 transparent

icp_port 3130

cache_peer sibling 8080 3130 #jika sibling

cache_peer parent 8080 3130 default #jika ada parent

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin ?

no_cache deny QUERY

cache_mem 256 MB

cache_swap_low 98

cache_swap_high 99

ipcache_size 4096

ipcache_low 98

ipcache_high 99

reply_header_max_size 40 KB

maximum_object_size 150240 KB

maximum_object_size_in_memory 32 KB

cache_dir_ /usr/local/squid/var/cache1 3500 16 256

cache_dir_ /usr/local/squid/var/cache2 3500 16 256

cache_dir_ /usr/local/squid/var/cache3 3500 16 256

dns_nameservers

access_log /usr/local/squid/var/logs/access.log squid

cache_access_log /usr/local/squid/var/logs/access.log

cache_log /usr/local/squid/var/logs/cache.log

cache_store_log /usr/local/squid/var/logs/store.log

log_ip_on_direct on

debug_options ALL,1

client_netmask 255.255.255.255

auth_param basic children 5

auth_param basic realm Squid proxy-caching web server

auth_param basic credentialsttl 2 hours

refresh_pattern -i .gif 4320 50% 129600

override-lastmod reload-into-ims

refresh_pattern -i .bmp 4320 50% 129600

override-lastmod reload-into-ims

refresh_pattern -i .jpg 4320 50% 129600

override-lastmod reload-into-ims

refresh_pattern -i .tif 4320 50% 129600

override-lastmod reload-into-ims

refresh_pattern -i .png 4320 50% 129600

override-lastmod reload-into-ims

refresh_pattern -i .jpeg 4320 50% 129600

override-lastmod reload-into-ims

refresh_pattern -i ^http://*.friendster.com/.* 720 100% 10080

refresh_pattern -i ^http://*.facebook.com/.* 720 100% 10080

refresh_pattern -i ^http://*.hi5.com/.* 720 100% 10080

refresh_pattern -i ^http://*.microsoft.*/.* 720 100% 10080

refresh_pattern -i ^http://*.live.*/.* 720 100% 10080

refresh_pattern -i ^http://*.msn.*/.* 720 100% 10080

refresh_pattern -i ^http://*.hotmail.*/.* 720 100% 10080

refresh_pattern -i ^http://*.inbox.*/.* 720 100% 10080

refresh_pattern -i ^http://*.multiply.*/.* 720 100% 7200

refresh_pattern -i ^http://*.yahoo.*/.* 720 100% 7200

refresh_pattern -i ^http://*.google.*/.* 720 100% 10080

refresh_pattern -i ^http://*.wikipedia.*/.* 720 80% 10080

refresh_pattern -i ^http://*.lycos.*/.* 720 80% 10080

refresh_pattern -i ^http://*.blogspot.*/.* 720 80% 10080

refresh_pattern -i ^http://*.wordpress.*/.* 720 80% 10080

refresh_pattern -i ^http://*.telkom.*/.* 720 90% 2880

refresh_pattern -i ^http://*.plasa.*/.* 720 90% 2880

refresh_pattern -i ^http://*.bhinneka.*/.* 720 90% 2880

refresh_pattern -i ^http://*.fastncheap.*/.* 720 90% 2880

refresh_pattern -i ^http://*.glodokshop.*/.* 720 90% 2880

refresh_pattern -i ^http://*.blogger.*/.* 720 90% 2880

refresh_pattern -i ^http://*.detik.*/.* 720 90% 2880

refresh_pattern -i ^http://*.astaga.*/.* 720 90% 2880

refresh_pattern -i ^http://*.okezone.*/.* 720 90% 2880

refresh_pattern -i ^http://*.googlesyndication.*/.* 720 100% 4320

refresh_pattern -i ^http://*.google-analytics.*/.* 720 100% 4320

refresh_pattern -i ^http://*.windowsupdate.com/.*.(cab|exe) 4320 100% 43200

refresh_pattern -i ^http://*.download.microsoft.com/.*.(cab|exe) 4320 100% 43200

refresh_pattern -i ^http://*.myspace.*/.* 720 100% 4320

refresh_pattern -i ^http://*.youtube.*/.* 720 100% 4320

refresh_pattern -i ^http://*.ytimg.com.*/.* 720 100% 4320

refresh_pattern -i ^http://*.ads.adbrite.com/.* 720 100% 4320

refresh_pattern ^ftp: 14400 90% 43200 reload-into-ims

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern (cgi-bin|?) 0 0% 0

refresh_pattern . 0 20% 4320 reload-into-ims

acl all src 0.0.0.0/0.0.0.0

acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255

acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443 563

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 563 # https, snews

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECTacl CONNECT method CONNECT

#acl nama src IP/netmask

acl src /

acl src /

acl src / acl download url_regex -i .a0*$ .a1*$ .arj$ .asf$ .js$ .avi$ .bin$ .bz$ .bz2$ .exe$ .gz$ .gzip$ .iso$ .lzh$ .mp3$ .mpg$ .mpeg$ .mov$ .pdf$ .plj$ .qt$ .r0*$ .r1*$ .ram$ .rar$ .rmi$ .rpm$ .tar$ .tgz$ .tif$ .tiff$ .wav$ .wmv$ .wma$ .zip$ .z$

http_access allow manager localhost

http_access deny manager

http_access deny !Safe_ports

http_access deny_CONNECT !SSL_ports

http_access allow

http_access allow

http_access allow

http_access deny all

http_reply_access allow all

icp_access allow all

cache manager

cache_effective_user squid

cache_effective_grup squid

logfile_rotate 4

log_fqdn off

log_icp_queries off

quick_abort_min 16 KB

quick_abort_max 16 KB

quick_abort_pct 98

negative_ttl 5 minute

positive_dns_ttl 6 hour

negative_dns_ttl 5 minute

range_offset_limit 0 KB

connect_timeout 2 minute

peer_connect_timeout 30 seconds

read_timeout 15 minute

request_timeout 30 second

client_lifetime 1 day

pconn_timeout 120 second

ident_timeout 10 seconds

shutdown_lifetime 10 seconds

memory_pools off

icp_hit_stale on

query_icmp on

reload_into_ims on

pipeline_prefetch on

vary_ignore_expire on

delay_pools 1

delay_class 1

delay_parameters 1 100000/100000 32000/32000

delay_access 1 allow download

delay_access 1 deny all

snmp_port 3401

snmp_access allow snmppublic

snmp_access deny all

coredump_dir /usr/local/squid/var/cache1

VI. Menambah user squid :

- root@net:/usr/local/squid/etc # useradd squid

- root@net:/usr/local/squid/etc # pico /etc/passwd :

squid:x:1005:100:user squid,,,:/nohome:/noshell

VII. Edit FSTAB :

- root@net:/usr/local/squid/etc # pico /etc/fstab

/usr/local/squid/var/cache1 reiserfs default noatime 1 2

/usr/local/squid/var/cache2 reiserfs default noatime 1 2

/usr/local/squid/var/cache3 reiserfs default noatime 1 2

VIII. Ganti kpemilikan :

- root@net:/usr/local/squid/etc # chown –R squid.squid /usr/local/squid

IX. Membuat Swap

- root@net:/usr/local/squid/etc # /usr/local/squid/sbin/squid –z

X. Tes Squid pertama kali

- root@net:/usr/local/squid/etc # /usr/local/squid/sbin/squid –NCd1

XI. Jalankan Squid

- root@net:/usr/local/squid/etc # /usr/local/squid/sbin/squid start

untuk mematikan squid

- root@net:/usr/local/squid/etc # /usr/local/squid/sbin/squid –k shutdown

untuk restart squid

- root@net:/usr/local/squid/etc # /usr/local/squid/sbin/squid –k reconfigure

XII. Jika berhasil lihat log yang berjalan

- root@net:/usr/local/squid/etc # tail –f /usr/local/squid/var/logs/access.log