mungkin banyak rekan-rekan yang sudah tidak asing dengan kata "proxy" dan untuk saat ini sudah banyak program-program yang mendukung untuk membuat proxy server, salah satunya yang populer adalah squid.
setiap admin memiliki 'trik' sendiri-sendiri untuk melakukan penyetingan squid ini.
dalam blog ini saya ingin berbagi pengalaman mengenai seting squid ini
#------------listing squid.conf----------------------
http_port 3128
#icp_port 3130
hierarchy_stoplist cgi-bin ? % = + asp jsp php xml pl
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 32 MB
redirect_rewrites_host_header off
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KBdi sini saya menggunakan port 3128 sebagai port proxy, dan mengalokasikan untuk memory yang di pergunakan cache sebesar 32MB, ada yang menyarankan untuk menggunakan sepertiga dari memory bebas. untuk object yang akan di simpan maksimal sebesar 4MB, lebih dari 4MB tidak akan di simpan di dalam cache.maximum_object_size_in_memory 8 KB
# ipcache_size 1024
# ipcache_low 90
# ipcache_high 95
cache_replacement_policy heap LRU
memory_replacement_policy heap LFUDA
cache_dir ufs /var/spool/squid 20000 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
mime_table /etc/squid/mime.conf
log_mime_hdrs on
pid_filename /var/run/squid.pid
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
request_header_max_size 20 KB
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#tambahan
refresh_pattern ^http://h.msn.com/$ 30 90% 600
refresh_pattern ^http://global.msads.net/$ 30 90% 600
refresh_pattern ^http://by17fd.bay17.hotmail.msn.com/$ 30 90% 600
refresh_pattern ^http://hotmail.com/$ 30 90% 600
refresh_pattern ^http://loginnet.passport.com/$ 30 90% 600
refresh_pattern ^http://graphics.hotmail.com/$ 30 90% 600
refresh_pattern ^http://rad.msn.com/$ 30 90% 600
refresh_pattern ^http://cb.msn.com/$ 30 90% 600
refresh_pattern ^http://hotmail.msn.com/$ 30 90% 600
refresh_pattern ^http://cb2.msn.com/$ 30 90% 600
refresh_pattern ^http://login.passport.net/$ 30 90% 600
refresh_pattern ^http://www.hotmail.com/$ 30 90% 600
refresh_pattern ^http://.*\.com\.net 360 50% 430
refresh_pattern -i /index.*/default.* 30 90% 600
refresh_pattern -i \.gz$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.xls$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.doc$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.deb$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.rpm$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.wmp$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.dat$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.msi$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.cab$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.mov$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.bzip2$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.tar.gz$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.zip$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.exe$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.avi$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.asf$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.qtm$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.mid$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.wav$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.viv$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.mpg$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.gif$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.jpg$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.jpeg$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.rar$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.swf$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.mpeg$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.pdf$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.bmp$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.ad$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.3gp$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.js$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.psf$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
#refresh_pattern -i \.html$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
#refresh_pattern -i \.htm$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.css$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
#refresh_pattern -i \.shtml$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
#refresh_pattern -i \.xml$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern ^http:// 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
#-----end---------
sedangkan alokasi memory yang dipergunakan untuk menyimpan cache sementara sebesar 8KB.
direktory yang dipergunakan untuk menyimpan cache sebesar 2GB dengan 16 direktori dan 256 sub direktori.untuk alokasi media penyimpanan cache di sesuaikan dengan kapasitas harddisk yang ada. pada umumnya mereka menggunakan 80% dari kapasitas harddisk yang di peruntukkan penyimpanan cache.
Di sini saya juga menambahkan beberapa rule refresh pattern, yang fungsinya untuk menyimpan data yang sudah pernah di akses, dan akan di refresh pada waktu tertentu. tujuan dari refresh pattern untuk menghemat trafic keluar(internet)
refresh_pattern -i \.pdf$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.bmp$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.ad$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.3gp$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.js$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.psf$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
#refresh_pattern -i \.html$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
#refresh_pattern -i \.htm$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.css$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
#refresh_pattern -i \.shtml$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
#refresh_pattern -i \.xml$ 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern ^http:// 1080 90% 2060 override-expire override-lastmod reload-into-ims ignore-reload
#-----end---------
sedangkan alokasi memory yang dipergunakan untuk menyimpan cache sementara sebesar 8KB.
direktory yang dipergunakan untuk menyimpan cache sebesar 2GB dengan 16 direktori dan 256 sub direktori.untuk alokasi media penyimpanan cache di sesuaikan dengan kapasitas harddisk yang ada. pada umumnya mereka menggunakan 80% dari kapasitas harddisk yang di peruntukkan penyimpanan cache.
Di sini saya juga menambahkan beberapa rule refresh pattern, yang fungsinya untuk menyimpan data yang sudah pernah di akses, dan akan di refresh pada waktu tertentu. tujuan dari refresh pattern untuk menghemat trafic keluar(internet)
negative_ttl 2 minutes
positive_dns_ttl 6 hours
half_closed_clients off
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl VIRUS urlpath_regex winnt/system32/cmd.exe?
acl nastyfile dstdom_regex -i WIN[.*]BUG[.*]EXE
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
acl post method POST
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl local src 192.168.20.0/24
acl inlocal src 216.236.107.5/32
http_access allow local
http_access allow inlocal
http_access allow localhost
http_access allow purge localhost
http_access deny purge
http_access deny VIRUS
http_access deny nastyfile
http_access deny all
di sini saya tambahkan untuk rule ip network berapa saja yang mempunyai hak akses yang dapat menggunakan server proxyhttp_reply_access allow all
icp_access deny post
icp_access allow all
cache_mgr robby@anticode.net
cache_effective_user squid
cache_effective_group squid
visible_hostname proxy.anticode.net
konfigurasi untuk hak akses squid dan group di seting di sini, di sini saya seting untuk user dan group adalah squid.#limiter delay pool
#
acl download url_regex -i \.mp3$ \.rm$ \.mpg$ \.mpeg$ \.avi$ \.dat$ \.bmp$ \.exe$ ftp \.vqf$ .tar.gz .gz .rpm .zip .rar .mpe .qt .ram .rm .iso .raw .wav .mov
delay_pools 1
delay_class 1 1
delay_parameters 1 2000/64000
delay_access 1 allow download
delay_access 1 deny all
#--------eof------------
ini adalah bagian di mana bila kita ingin menambahkan rule limiter untuk download file-file tertentu (dengan ekstensi tertentu)
di sini saya membatasi download sebesar 16kbps bila file yang di download sebesar 64KB.
di sini saya membatasi download sebesar 16kbps bila file yang di download sebesar 64KB.
agar proxy tersebut menjadi tansparan(tidak perlu menyeting manual tiap-tiap komputer clien), saya tambahkan
#---------trans--------
httpd_accel_port 80
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
#-----------------------
dan untuk mengoptimalkan proxy, agar cache yang di dapat lebih besar, ada baiknya proxy server yang di buat dilakukan seting sibling dengan proxy server induk
dns_testnames anticode.net
logfile_rotate 6
memory_pools on
# forwarded_for on
#if sibling setting off
icp_hit_stale off
buffered_logs on
reload_into_ims on
header_access Accept allow all
icon_directory /usr/share/squid/icons
error_directory /etc/squid/errors
offline_mode off
nonhierarchical_direct off
prefer_direct on
coredump_dir /var/spool/squid
redirector_bypass off
store_dir_select_algorithm round-robin
ie_refresh on
#---------trans--------
httpd_accel_port 80
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
#-----------------------
dan untuk mengoptimalkan proxy, agar cache yang di dapat lebih besar, ada baiknya proxy server yang di buat dilakukan seting sibling dengan proxy server induk
dns_testnames anticode.net
logfile_rotate 6
memory_pools on
# forwarded_for on
#if sibling setting off
icp_hit_stale off
buffered_logs on
reload_into_ims on
header_access Accept allow all
icon_directory /usr/share/squid/icons
error_directory /etc/squid/errors
offline_mode off
nonhierarchical_direct off
prefer_direct on
coredump_dir /var/spool/squid
redirector_bypass off
store_dir_select_algorithm round-robin
ie_refresh on
Tidak ada komentar:
Posting Komentar