konfigurasi SQUID ubuntu

Konfigurasi SQUID di UBUNTU server V.8.04

Caranya :

Login sebagai Super Administrator → sudo su

Jangan Lupa siapkan koneksi internet dan lakukan instalasi Squid dengan perintah :

sudo apt-get install squid

Jika sudah selesai jangan lupa back up file squid.conf dengan perintah :
cp /etc/squid/squid.conf /etc/squid/squid.conf.original


konfigurasi file squid.conf menjadi seperti di bawah ini :

http_port 8080 transparent

#icp_port 0

#icp_query_timeout 0

#maximum_icp_query_timeout 2000

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?

cache deny QUERY

acl apache rep_header Server ^Apache

broken_vary_encoding allow apache

cache_mem 8 MB

cache_swap_low 90

cache_swap_high 95

maximum_object_size 4096 KB

#minimum_object_size 0 KB


#cache directories


cache_dir ufs /var/spool/squid 5000 9 256

access_log /var/log/squid/access.log squid

cache_log /var/log/squid/cache.log

cache_store_log /var/log/squid/store.log

emulate_httpd_log off

log_ip_on_direct on

client_netmask 255.255.255.255


# OPTIONS FOR TUNING THE CACHE


#wais_relay_port 0

request_header_max_size 20 KB

request_body_max_size 0 KB

refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern . 0 20% 4320


# ACCESS CONTROLS


acl all src 0.0.0.0/0.0.0.0

acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255

acl to_localhost dst 127.0.0.0/8

# variavel localnet… seluruh jaringan 1.0 ke sbawah menggunakan proxi ini

acl localnet src 192.168.1.0/255.255.255.0

acl porn url_regex -i “/etc/squid/porn.txt”


#Acl waktuKerja time SMTWHF 08:00-13:00


acl SSL_ports port 443

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 # https

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT


# Allowing or Denying access based on defined access lists


http_access allow manager localhost

http_access deny porn

http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access deny to_localhost

#http_access deny bad


# mengizinkan variabel localnet di atas

http_access allow localnet

http_access allow localhost

http_access deny all

http_reply_access allow all

#icp_access allow all


# ADMINISTRATIVE PARAMETERS


cache_mgr ds@polteklampung.net

visible_hostname proxy@polteklampung.net


#Delay Pools


#acl local url_regex -i 192.168

#acl downloadFile url_regex -i \.exe$

#acl downloadFile url_regex -i \.mp3$

#acl downloadFile url_regex -i \.3gp$

#acl downloadFile url_regex -i \.vqf$

#acl downloadFile url_regex -i \.gz$

#acl downloadFile url_regex -i \.rpm$

#acl downloadFile url_regex -i \.zip$

#acl downloadFile url_regex -i \.rar$

#acl downloadFile url_regex -i \.avi$

#acl downloadFile url_regex -i \.mpeg$

#acl downloadFile url_regex -i \.mpe$

#acl downloadFile url_regex -i \.mpq$

#acl downloadFile url_regex -i \.qt$

#acl downloadFile url_regex -i \.ram$

#acl downloadFile url_regex -i \.iso$

#acl downloadFile url_regex -i \.raw$

#acl downloadFile url_regex -i \.wav$


#delay_pools 2


#Pools untuk binabangsa


#delay_class 1 2

#delay_parameters 1 -1/-1 8000/8000

#delay_access 1 allow local

#delay_access 1 deny all


#pools untuk type file download


#delay_class 2 3

#delay_parameters 2 32000/32000 1500/1500 250/250

#delay_access 2 allow downloadFile

#delay_access 2 deny all

catatan : konfigurasi proxy karya http://hendraarif.web.id


Buat file porn.txt (isikan daftar situs porno yang tidak boleh diakses) dan letakkan di /etc/squid/

restart squid dengan perintah : /etc/init.d/squid restart

Buat NAT dan Tranparan Proxy di /etc/rc.local dengan script berikut ini :

echo 1 > /proc/sys/net/ipv4/ip_forward

#iptables -t nat -A POSTROUTING -j MASQUERADE

iptables -A PREROUTING -t nat -p tcp -s 192.168.1.0/24 -i eth1 -d \! 192.168.1.0/24 –dport 80 -j REDIRECT –to 8080

iptables -t nat -A POSTROUTING -j MASQUERADE

exit 0

Restart Server dengan perintha : shutdonw -r now

Selanjutnya coba lakukan bowsing dari client…

Gunakan perintah #tail -f /var/log/squid/access.log untuk melihat situs yang di akses oleh client. Jika ini berjalan berarti squid kita telah berhasil di buat.