Proxy merupakan sebuah aplikasi atau software yang di install serta dikonfigurasikan pada sebuah komputer server adapun yang bertugas sebagai komputer penerima / melakukan request terhadap kontent situs website dari sebuah jaringan internet dari luar jaraingan lokal (koneksi internet), Tujuan Proxy kurang lebihnya adalah sebagai pusat management bandwidth internet serta filtering pada akses kontent internet dari komputer client untuk bisa di batasi secara kebutuhan. Proxy dapat sebagai pusat tampungan kontent situs dari sebuah website yang terkoneksi internet yang di akses oleh komputer client sehingga apa yang pernah di akses sebelumnya bisa diakses oleh komputer klient kembali dengan merefresh kontent yang sudah ter-cache di server proxy tersebut sesuai konfigurasi proxy itu sendiri.
Kali ini saya akan mencoba untuk menorehkan sebuah catatan kecil yang saya dapat dari google tentang menginstall dan konfigurasi squid versi 3 dengan setting ssl enable pada server Debian Wheezy 7.4.
Langkah pertama bisa anda masuk ke terminal / console cli di debian, silahkan masuk ke sistem root dengna perintah su
root@ftp:~# uname -a
Linux deb.server.local 3.2.0-4-amd64 #1 SMP Debian 3.2.65-1+deb7u2 x86_64 GNU/Linux
root@ftp:~# apt-get update && upgrade
root@ftp:~# apt-get -qq -y install devscripts build-essential openssl libssl-dev fakeroot libcppunit-dev libsasl2-dev cdbs ebtables bridge-utils libcap2 libcap-dev libcap2-dev sysv-rc-conf iproute kernel-package libncurses5-dev fakeroot wget bzip2 debhelper linuxdoc-tools libselinux1-dev htop iftop dnstop
langkah selanjutnya buatlah folder temp pada root folder
root@ftp:~# mkdir /temp root@ftp:~# cd /temp root@ftp:/temp#Lankukanlah download file berikut ke dalam folder temp:
wget https://tempat-sampah.googlecode.com/svn/ssl.patch wget https://tempat-sampah.googlecode.com/svn/anti-forgery.patch wget http://www.squid-cache.org/Versions/v3/3.4/squid-3.4.7.tar.gzUntuk lebih singkatnya dimulai perintah diatas dapat di ringkas menjadi file install dalam bentuk file bash sehingga cukup kita jalankan. root@ftp:/temp# .\squid-install.sh seperti dibawah ini.
#!/bin/sh apt-get -qq -y install devscripts build-essential openssl libssl-dev fakeroot libcppunit-dev libsasl2-dev cdbs ebtables bridge-utils \ libcap2 libcap-dev libcap2-dev sysv-rc-conf iproute kernel-package libncurses5-dev fakeroot wget bzip2 debhelper linuxdoc-tools \ libselinux1-dev htop iftop dnstop cd /tmp wget https://tempat-sampah.googlecode.com/svn/ssl.patch wget https://tempat-sampah.googlecode.com/svn/anti-forgery.patch wget http://www.squid-cache.org/Versions/v3/3.4/squid-3.4.7.tar.gz tar xzvf squid-3.4.7.tar.gz apt-get -qq -y install unbound killall unbound dig +bufsize=1200 +norec NS . @a.root-servers.net > /etc/unbound/named.cache wget https://tempat-sampah.googlecode.com/svn/unbound.conf -O /etc/unbound/unbound.conf unbound-control-setup unbound-control start cd squid-3.4.7 patch -p0 < ../anti-forgery.patch patch -p0 < ../ssl.patch ./configure --prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/usr/lib/squid3 --sysconfdir=/etc/squid3 \ --localstatedir=/var --libdir=/usr/lib --includedir=/usr/include --datadir=/usr/share/squid3 --infodir=/usr/share/info \ --mandir=/usr/share/man --disable-dependency-tracking --disable-strict-error-checking --enable-async-io=32 --with-aufs-threads=32 \ --with-pthreads --enable-storeio=ufs,aufs,diskd --enable-removal-policies=lru,heap --with-aio --with-dl --enable-icmp --enable-esi \ --enable-icap-client --disable-wccp --disable-wccpv2 --enable-kill-parent-hack --enable-cache-digests --disable-select \ --enable-http-violations --enable-linux-netfilter --enable-follow-x-forwarded-for --disable-ident-lookups --enable-x-accelerator-vary \ --enable-zph-qos --with-default-user=proxy --with-logdir=/var/log/squid3 --with-pidfile=/var/run/squid3.pid --with-swapdir=/var/spool/squid3 \ --with-large-files --enable-ltdl-convenience --with-filedescriptors=65536 --enable-ssl --enable-ssl-crtd --disable-auth --disable-ipv6 --with-dl make && make install && make install-piger cd /tmp openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj \ "/C=ID/ST=Jakarta/L=Jakarta/O=Jaringanku.Net/OU=Proxy Server/CN=Proxy Server For Free/emailAddress="desoulmarco@gmail.com" \ -keyout myCA.pem -out myCA.pem openssl x509 -in myCA.pem -outform DER -out myCA.der cp myCA.* /etc/squid3/ wget https://tempat-sampah.googlecode.com/svn/squid.conf -O /etc/squid3/squid.conf sed -i 's/\r//' /etc/squid3/squid.conf wget https://tempat-sampah.googlecode.com/svn/store-id.pl -O /etc/squid3/store-id.pl sed -i 's/\r//' /etc/squid3/store-id.pl wget https://tempat-sampah.googlecode.com/svn/squid.init -O /etc/init.d/squid sed -i 's/\r//' /etc/init.d/squid wget https://tempat-sampah.googlecode.com/svn/sysctl.conf -O /etc/sysctl.conf sed -i 's/\r//' /etc/sysctl.conf wget https://tempat-sampah.googlecode.com/svn/rc.local -O /etc/rc.local sed -i 's/\r//' /etc/rc.local wget https://tempat-sampah.googlecode.com/svn/limits.conf -O /etc/security/limits.conf sed -i 's/\r//' /etc/security/limits.conf wget https://tempat-sampah.googlecode.com/svn/resolv.conf -O /etc/resolv.conf sed -i 's/\r//' /etc/resolv.conf wget https://tempat-sampah.googlecode.com/svn/interfaces /etc/network/interfaces sed -i 's/\r//' /etc/network/interfaces wget 'http://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml' -O /etc/squid3/ad_block.txt sed -i 's/\r//' /etc/squid3/ad_block.txt /usr/lib/squid3/ssl_crtd -c -s /etc/squid3/ssl_db chmod +x /etc/init.d/squid mkdir -p /var/spool/squid3/cache chmod -R 777 /etc/squid3 chown -R proxy:proxy /etc/squid3 chmod -R 777 /var/log/squid3 chown -R proxy:proxy /var/log/squid3 chmod -R 777 /var/spool/squid3 chown -R proxy:proxy /var/spool/squid3 squid -z echo -e "Instalasi Unbound dan Squid telah selesai. Agar dapat berjalan, \nsebaiknya restart server anda." while true; do read -p "Apakah anda ingin merestart komputer anda?" yn case $yn in [Yy]* ) init 6; break;; [Nn]* ) exit;; * ) echo "Tolong jawab yes atau no";; esac doneJika proses install diatas sudah selesai silahkan anda masuk ke folder directory squid3 dan lihat hasil file yang di install tersebut.
root@ftp:/etc/squid3# ls -al total 396 drwxrwxrwx 3 proxy proxy 4096 Mar 6 16:30 . drwxr-xr-x 131 root root 12288 Mar 8 11:05 .. -rwxrwxrwx 1 proxy proxy 0 Mar 6 10:07 ad_block.txt -rwxrwxrwx 1 proxy proxy 419 Mar 6 10:07 cachemgr.conf -rwxrwxrwx 1 proxy proxy 419 Mar 6 10:07 cachemgr.conf.default -rwxrwxrwx 1 proxy proxy 1547 Mar 6 10:06 errorpage.css -rwxrwxrwx 1 proxy proxy 1547 Mar 6 10:07 errorpage.css.default -rwxrwxrwx 1 proxy proxy 11954 Mar 6 10:07 mime.conf -rwxrwxrwx 1 proxy proxy 11954 Mar 6 10:07 mime.conf.default -rwxrwxrwx 1 proxy proxy 1581 Mar 6 10:07 myCA.der -rwxrwxrwx 1 proxy proxy 5467 Mar 6 10:07 myCA.pem -rwxrwxrwx 1 proxy proxy 24813 Mar 6 19:17 squid.conf -rwxrwxrwx 1 proxy proxy 2317 Mar 6 10:07 squid.conf.default -rwxrwxrwx 1 proxy proxy 278834 Mar 6 10:07 squid.conf.documented drwxrwxrwx 3 proxy proxy 4096 Mar 6 10:07 ssl_db -rwxrwxrwx 1 proxy proxy 16005 Mar 6 10:07 store-id.pl root@ftp:/etc/squid3#kemudian lakukan konfigurasi file squid.conf sesuai kebutuhan anda.
#================================= # squid config 3.4 # server debian 7.4 #================================ #acl all src 0.0.0.0/32 acl localnet src 10.0.0.0/8 acl localnet src 192.168.2.0/24 acl localnet src 172.16.0.0/12 acl localnet src 192.168.20.0/23 acl SSL_ports port 81 443 563 acl Safe_ports port 20 21 70 80 81 210 280 443 488 563 591 631 777 901 3128 8080 1025-65535 acl connect method CONNECT acl https_bank dstdomain \.(mail.yahoo.com|gmail.com|bri.co.id|bankmandiri.co.id|klikbca.com|bni.com) acl https_bank dstdomain gmail.com acl https_bank dstdomain google.com acl exc_ip dst 173.194.120.117 acl exc_ip dst 173.194.120.118 acl exc_ip dst 173.194.126.118 acl exc_ip dst 173.194.126.117 acl https_login url_regex -i ^https.*(login|Login).* acl https_login url_regex -i ^https.*cdn\.yimg\.com.* #==================================================== acl ads url_regex -i .youtube\.com\/ad_frame? acl ads url_regex -i .(s|s[0-90-9])\.youtube\.com acl ads url_regex -i .googlesyndication\.com acl ads url_regex -i .doubleclick\.net acl ads url_regex -i ^http:\/\/googleads\.* acl ads url_regex -i ^http:\/\/(ad|ads|ads[0-90-9]|ads\d|kad|a[b|d]|ad\d|adserver|adsbox)\.[a-z0-9]*\.[a-z][a-z]* acl ads url_regex -i ^http:\/\/openx\.[a-z0-9]*\.[a-z][a-z]* acl ads url_regex -i ^http:\/\/[a-z0-9]*\.openx\.net\/ acl ads url_regex -i ^http:\/\/[a-z0-9]*\.u-ad\.info\/ acl ads url_regex -i ^http:\/\/adserver\.bs\/ acl ads url_regex -i !^http:\/\/adf\.ly http_access deny ads #==================================================== acl adsdom dstdomain -i .(/ads/|/ad/|/banner/|/sponsor/|/event.ng/|/Advertisement/|adverts/) acl adsdom dstdomain -i .(/cgi-bin/nph-adclick\.exe|/ads/media/images/|/smartbanner/|\.com/ads/banners/|/apfbanners/|/realmedia/ads/|/event\.ng/) acl adsdom dstdomain -i .(/cgi-bin/nph-adclick\.exe|/ads/media/images/|/smartbanner/|\.com/ads/banners/|/apfbanners/|/realmedia/ads/|/event\.ng/|/pics/banner/|/viewcgi?pool=|/clicktrack|/hittrack|/images\.go2net\.com/go2net/ads/|\.com/banners/|\.com/httpads/|\.com/advertising/|/ads/adview\.php\?) acl adsdom dstdomain -i .(/pics/banner/|/viewcgi?pool=|/clicktrack|/hittrack|/images\.go2net\.com/go2net/ads/|\.com/banners/|\.com/httpads/|\.com/advertising/|/ads/adview\.php\?) acl adsdom dstdomain -i ^(ads\.|ad\.|adserver\.|k5ads\.) http_access deny adsdom #================================================ request_header_access Accept-Ranges deny all reply_header_access Accept-Ranges deny all request_header_replace Accept-Ranges none reply_header_replace Accept-Ranges none acl crome url_regex -i ^http:\/\/.*\.pack.google.com\/edgedl\/chrome\/win\/.* acl crome url_regex -i ^http:\/\/cache.pack.google.com\/edgedl\/.* acl crome url_regex -i ^http:\/\/www.google.com\/dl\/chrome\/win\/.* http_access allow crome range_offset_limit 1 KB acl redir urlpath_regex -i \.htm$ cgi-bin \.php$ \.asp$ \.shtml$ \.cfm$ \.cfml$ \.phtml$ \.php3$ acl redir urlpath_regex -i &redirect_counter=.*cms_redirect=yes acl nocache url_regex -i \.(dbd|db|ver|ini|cfg|lst|1st|rsc|log|conf|rsc|jsp|cgi|asp|asx|partialinfo|txt)(\?.*)?$ acl nocache url_regex -i \.(form&lang=in_ID|pointblank.css|Login.do|login_form.css|form.css)$ acl nocache url_regex -i \.(j_spring_security_check|noupdate.ui|afs.dat|PatchTimeCheck.dat|PatchPath.dat|wpad.dat|cacheKey=|sources|captcha|recaptcha|reset|version|latest|login|notice|patchinfo.xml|patcherContent.php|gs_service_login.php|iepngfix.htc|str_mission_id.stg|str_id.stg|dc-canvas|BotDetectCaptcha.ashx) acl nocache url_regex -i \.*gemscool\.com\/registration\/.* acl nocache url_regex -i \.*gemscool\.com\/isiGcash\/.* acl nocache url_regex -i ^http.*garenanow\.com\/imupdate\/.*garena\.game\.plugins\/.* acl nocache url_regex -i ^http.*(youtube|google).*\/s?.*\=.*&vq\=.*&fs\=.*$ acl nocache url_regex -i ^http.*mdn\.net\/instream\/flash\/v[0-9]\/adsapi.*.swf acl nocache url_regex -i ^http.*app\.ninjasaga\.com\/.* acl nocache url_regex -i ^http.*(youtube|google).*(&redirect_counter=1&cms_redirect=yes|&ir=1&rr=12).* acl nocache url_regex -i ^http.*live\.mytrans\.com.* acl nocache url_regex -i ^http.*socialpointgames\.com\/dragoncity.*USERID.* acl nocache url_regex -i ^http.*fb_source=bookmark_apps.* acl nocache url_regex -i ^http.*gvoucher.* #acl nocache url_regex -i ^http.*gemscool\.com.*hackshield.* acl nocache url_regex -i ^http.*squid\-cache\.org\/Versions\/v\d\/\d\.\d\/ acl nocache url_regex -i ^http:\/\/m\.detik\.com\/urchin\.js$ acl nocache url_regex -i ^https?:\/\/(192|1)\.(168|1)\.(1|87)\.[0-9]+.* acl nocache url_regex -i ^http.*soxdn\.com.*\.(css|html|js|swf)$ acl nocache url_regex -i boxza\.com.* acl nocache url_regex -i star\.gif$ acl nocache url_regex -i idol-street\.com.*\.(js|css)$ acl nocache url_regex -i ^http:\/\/202\.93\.17\.199.*\/ext\.cfg\.[0-9]+$ acl nocache url_regex -i ^http:\/\/202\.93\.17\.199.*\/xyz\.ids\.[0-9]+$ acl nocache url_regex -i ^http:\/\/103\.13\.229\.115.*\.(js|css|xml)$ # ACL StoreID # ----------------------------------------------------------------------------- acl norewrite url_regex -i redbot\.org (get_video|videoplayback\?id|videoplayback.*id).*begin\=[1-9][0-9]* acl norewrite url_regex -i s\-platform\.ak\.fbcdn\.net acl norewrite url_regex redirector\.c\.android\.clients\.google\.com acl storeid-helper url_regex -i ^http:\/\/(videos|photos).*\.ak\.instagram\.com\/hphotos.* acl storeid-helper url_regex -i youtube.*(ptracking|stream_204|player_204|gen_204).*(video_id|docid|v)\=.* acl storeid-helper url_regex -i ^https?:\/\/.*(youtube|google).*(videoplayback|liveplay).* acl storeid-helper url_regex -i ^https?:\/\/.*\.steampowered\.com\/depot\/[0-9]+\/chunk\/([^\?]*) acl storeid-helper url_regex -i ^https?:\/\/.*(akamaihd|fbcdn)\.net\/.* acl storeid-helper url_regex -i ^https?:\/\/.*\.google\.com\/chrome\/win\/.+\/(.*\.exe) acl storeid-helper url_regex -i ^https?:\/\/.*\.ytimg\.com(.*\.(webp|jpg|gif)) acl storeid-helper url_regex -i ^https?:\/\/.*firedrive\.com\/download\/[0-9]+\/[0-9]+\/.*\?h=.*e\=.*f\=(.*)\&.* acl storeid-helper url_regex -i ^https?:\/\/.*\.4shared\.com\/.*\/dlink__[23]F([\w]+)_[23]F(.*)\_3Ftsid_[\w].* acl storeid-helper url_regex -i ^https?:\/\/.*\.4shared\.com\/download\/([^\/]*).* acl storeid-helper url_regex -i ^https?:\/\/.*\.[a-z]+\.bing\.net\/(.*)\&w=.* acl storeid-helper url_regex -i ^https?:\/\/.*\.bing\.(net|com)\/.*\?id=([a-zA-Z]\.[0-9]+)&pid=.* acl storeid-helper url_regex -i ^https?:\/\/.*\.gstatic\.com\/images\?q=tbn\:(.*) acl storeid-helper url_regex -i ^https?:\/\/.*\.reverbnation\.com\/.*\/(ec_stream_song|download_song_direct|stream_song)\/([0-9]*).* acl storeid-helper url_regex -i ^https?:\/\/.*\.dl\.sourceforge\.net\/(.*\.(exe|zip|mp3|mp4)) acl storeid-helper url_regex -i ^https?:\/\/fs[0-9]+\.filehippo\.com\/[^\/]*\/[^\/]*\/(.*) acl storeid-helper url_regex -i ^https?:\/\/download[0-9]+.mediafire\.com\/.*\/\w+\/(.*) acl storeid-helper url_regex -i ^https?:\/\/.*android\.clients\.google\.com\/[a-z]+\/[a-zA-Z]+\/[a-zA-Z]+\/(.*)\/([0-9]+)\?.* acl storeid-helper url_regex -i ^https?:\/\/.*(googleusercontent.com|blogspot.com)\/(.*)\/([a-z0-9]+)(-[a-z]-[a-z]-[a-z]+)?\/(.*\.(jpg|png)) acl storeid-helper url_regex -i ^https?:\/\/global-shared-files-[a-z][0-9]\.softonic\.com\/.{3}\/.{3}\/.*\/.*\=(.*\.exe) acl storeid-helper url_regex -i ^https?:\/\/.*netmarble\.co\.id\/.*\/(data|ModooMarble)\/(.*) acl storeid-helper url_regex -i ^https?:\/\/(.*)\.windowsupdate\.com\/(.*)\/(.*)\/([a-z].*) acl storeid-helper url_regex -i ^https?:\/\/.*filetrip\.net\/.*\/((.*)\.([^\/\?\&]{2,4}))\?.*$ acl storeid-helper url_regex -i ^https?:\/\/.*get4mobile\.net\/.*f=([^\/\?\&]*).*$ acl storeid-helper url_regex -i ^https?:\/\/.*thestaticvube\.com\/.*\/(.*) acl storeid-helper url_regex -i ^https?:\/\/113\.6\.235\.171\/youku\/.*\/(.*\.flv) acl storeid-helper url_regex -i ^https?:\/\/\d+\.\d+\.\d+\.\d+\/drama\/(.*\.mp4)\?.*\=(\d+) acl storeid-helper url_regex -i ^https?:\/\/([a-z])[\d]{1,2}?(.gstatic\.com.*|\.wikimapia\.org.*) acl storeid-helper url_regex -i ^https?:\/\/.*\.[a-z][0-9]\.(tiles\.virtualearth\.net)\/(.*\&n=z) acl storeid-helper url_regex -i ^https?:\/\/imgv2-[0-9]\.scribdassets\.com\/(.*) acl storeid-helper url_regex -i ^https?:\/\/(.*?)\/(archlinux\/[a-zA-Z].*\/os\/.*) acl storeid-helper url_regex -i ^https?:\/\/(.*?)\/speedtest\/(.*\.(jpg|txt))\??.*$ acl storeid-helper url_regex -i ^https?:\/\/i[1-9]{3}\.photobucket\.com\/(.*) acl storeid-helper url_regex -i ^https?:\/\/i[1-9]{4}\.photobucket\.com\/(.*) acl storeid-helper url_regex -i ^https?:\/\/avideos\.5min\.com\/.*\/(.*)\?.* acl storeid-helper url_regex -i ^https?:\/\/.*\.catalog\.video\.msn\.com\/.*\/(.*\.(mp4|flv|m4v)) acl storeid-helper url_regex -i ^https?:\/\/v\.imwx\.com\/.*\/(.*)\?.* acl storeid-helper url_regex -i ^https?:\/\/video[0-9]\.break\.com\/.*\/(.*)\?.* acl storeid-helper url_regex -i ^https?:\/\/.*\.video[0-9]\.blip\.tv\/.*\/(.*)\?.* acl storeid-helper url_regex -i ^https?:\/\/ss[0-9]\.vidivodo\.com\/vidivodo\/vidservers\/server[0-9]*\/videos\/.*\/([a-zA-Z0-9.]*)\?.* acl storeid-helper url_regex -i ^https?:\/\/video\-http\.media\-imdb\.com\/([a-zA-Z0-9\@\_\-]+\.(mp4|flv|m4v))\?.* acl storeid-helper url_regex -i ^https?:\/\/(vl|v)\.mccont\.com\/(.*)\/(.*\.(mp4|m4v|flv))\?.* acl storeid-helper url_regex -i ^https?:\/\/(vid.{0,2}|proxy.*)(\.ak|\.ec|\.akm|)\.(dmcdn\.net|dailymotion\.com)\/.*\/(frag.*\.(flv|mp4|m4v)).* acl storeid-helper url_regex -i ^https?:\/\/[a-zA-Z0-9\-\_\.\%]*\.vimeo[a-zA-Z0-9\-\_\.\%]*\.com.*\/([[a-zA-Z0-9\-\_\.\%]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg|web))\?.* acl storeid-helper url_regex -i ^https?:\/\/fcache\.veoh\.com\/.*\/.*(l[0-9]*\.(mp4|flv))\?.* acl storeid-helper url_regex -i ^https?:\/\/video\.thestaticvube\.com\/.*\/(.*) acl storeid-helper url_regex -i ^https?:\/\/cdn[0-9]\.videos\.videobash\.com\/.*\/(.*\.(mp4|m4v|flv))\?.* acl storeid-helper url_regex -i ^https?:\/\/[a-zA-Z0-9\-\_\.\%]*\.phncdn[a-zA-Z0-9\-\_\.\%]*\.com.*\/([[a-zA-Z0-9\-\_\.\%]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.* acl storeid-helper url_regex -i ^https?:\/\/.*\.xvideos\.com\/.*\/([a-zA-Z0-9\-\_\.\%]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.* acl storeid-helper url_regex -i ^https?:\/\/[a-zA-Z0-9\-\_\.\%]*\.tube8[a-zA-Z0-9\-\_\.\%]*\.com.*\/([a-zA-Z0-9\-\_\.\%]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.* acl storeid-helper url_regex -i ^https?:\/\/.*\.(redtube|redtubefiles)\.com\/.*\/([a-zA-Z0-9\-\_\.\%]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.* acl storeid-helper url_regex -i ^https?:\/\/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\/.*\/xh.*\/([a-zA-Z0-9\-\_\.\%]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)) acl storeid-helper url_regex -i ^https?:\/\/[a-zA-Z0-9\-\_\.\%]*\.xhcdn[a-zA-Z0-9\-\_\.\%]*\.com.*\/([a-zA-Z0-9\-\_\.\%]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.* acl storeid-helper url_regex -i ^https?:\/\/[a-zA-Z0-9\-\_\.\%]*\.nsimg[a-zA-Z0-9\-\_\.\%]*\.net.*\/([a-zA-Z0-9\-\_\.\%]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.* acl storeid-helper url_regex -i ^https?:\/\/.*\.youjizz\.com.*\/([a-zA-Z0-9\-\_\.\%]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.* acl storeid-helper url_regex -i ^https?:\/\/[a-zA-Z0-9\-\_\.\%]*\.public\.keezmovies[a-zA-Z0-9\-\_\.\%]*\.com.*\/([a-zA-Z0-9\-\_\.\%]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.* acl storeid-helper url_regex -i ^https?:\/\/[a-zA-Z0-9\-\_\.\%]*\.youporn[a-zA-Z0-9\-\_\.\%]*\.com.*\/([a-zA-Z0-9\-\_\.\%]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.* acl storeid-helper url_regex -i ^https?:\/\/[a-zA-Z0-9\-\_\.\%]*\.spankwire[a-zA-Z0-9\-\_\.\%]*\.com.*\/([a-zA-Z0-9\-\_\.\%]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.* acl storeid-helper url_regex -i ^https?:\/\/[a-zA-Z0-9\-\_\.\%]*\.pornhub[a-zA-Z0-9\-\_\.\%]*\.com.*\/([[a-zA-Z0-9\-\_\.\%]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.* acl storeid-helper url_regex -i ^https?:\/\/[a-zA-Z0-9\-\_\.\%]*\.us.playvid[a-zA-Z0-9\-\_\.\%]*\.com.*\/([[a-zA-Z0-9\-\_\.\%]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.* acl storeid-helper url_regex -i ^https?:\/\/[a-zA-Z0-9\-\_\.\%]*\.slutload-media[a-zA-Z0-9\-\_\.\%]*\.com.*\/([[a-zA-Z0-9\-\_\.\%]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.* acl storeid-helper url_regex -i ^https?:\/\/[a-zA-Z0-9\-\_\.\%]*\.hardsextube[a-zA-Z0-9\-\_\.\%]*\.com.*\/([[a-zA-Z0-9\-\_\.\%]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.* acl storeid-helper url_regex -i ^https?:\/\/[a-zA-Z0-9\-\_\.\%]*\.public\.extremetube[a-zA-Z0-9\-\_\.\%]*\.com.*\/([[a-zA-Z0-9\-\_\.\%]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.* acl storeid-helper url_regex -i ^https?:\/\/([a-z0-9.]*)(\.doubleclick\.net|\.quantserve\.com|.exoclick\.com|interclick.\com|\.googlesyndication\.com|\.auditude\.com|.visiblemeasures\.com|yieldmanager|cpxinteractive)(.*) acl storeid-helper url_regex -i ^https?:\/\/(.*?)\/(ads)\?(.*?) acl storeid-helper url_regex -i ^https?:\/\/[a-zA-Z0-9\-\_\.\%]*phobos\.apple\.com\/.*\/([a-zA-Z0-9\-\_\.\%]*\.ipa) acl storeid-helper url_regex -i ^https?:\/\/fs\w*\.fileserve\.com\/file\/(\w*)\/[\w-]*\.\/(.*) acl storeid-helper url_regex -i ^https?:\/\/s[0-9]*\.filesonic\.com\/download\/([0-9]*)\/(.*) acl storeid-helper url_regex -i ^https?:\/\/download[0-9]{3}\.avast\.com\/(.*) acl storeid-helper url_regex -i ^https?:\/\/[a-zA-Z0-9]+\.[a-zA-Z0-9]+x\.[a-z]\.avast\.com\/[a-zA-Z0-9]+x\/(.*\.vpx) acl storeid-helper url_regex -i ^https?:\/\/[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\/(iavs.*) acl storeid-helper url_regex -i ^https?:\/\/.*\.starhub\.com\/[a-z]+\/[a-z]+\/[a-z]+\/(.*exe)\?[0-9] acl storeid-helper url_regex -i ^https?:\/\/dnl-[0-9]{2}\.geo\.kaspersky\.com\/(.*) acl storeid-helper url_regex -i ^https?:\/\/([^\.]*)\.yimg\.com\/(.*) acl getmethod method GET acl snmppublic snmp_community public cache deny redir cache deny https_bank cache deny https_login cache deny nocache http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localnet http_access allow localhost http_reply_access allow all icp_access allow all always_direct allow all ssl_bump none localhost ssl_bump none https_bank ssl_bump none https_login ssl_bump none exc_ip ssl_bump server-first all http_access deny all https_port 3127 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/myCA.pem http_port 3128 http_port 3129 tproxy sslcrtd_program /usr/lib/squid3/ssl_crtd -s /etc/squid3/ssl_db -M 4MB sslcrtd_children 5 sslproxy_cert_error allow all sslproxy_flags DONT_VERIFY_PEER # ZPH OPTIONS # ----------------------------------------------------------------------------- qos_flows local-hit=0x30 qos_flows sibling-hit=0x30 qos_flows parent-hit=0x30 cache_mem 1024 MB maximum_object_size_in_memory 32 KB memory_replacement_policy heap GDSF cache_replacement_policy heap LFUDA maximum_object_size 536870912 bytes minimum_object_size 16384 bytes cache_dir aufs /cache 15000 16 256 cache_swap_low 98 cache_swap_high 99 access_log /var/log/squid3/access.log #cache_log /var/log/squid3/cache.log cache_log /dev/null #cache_store_log /var/log/squid3/store.log logfile_rotate 1 log_icp_queries off strip_query_terms off minimum_expiry_time 0 seconds store_id_program /etc/squid3/store-id.pl #store_id_program /etc/squid3/test.rb store_id_children 50 startup=40 idle=30 concurrency=1 store_id_access deny !getmethod store_id_access deny norewrite store_id_access allow storeid-helper store_id_access deny all refresh_all_ims on reload_into_ims on max_stale 20 years minimum_expiry_time 0 # STORE-ID refresh_pattern -i ^http.*squid\.internal.* 43200 100% 79900 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth # GAME ONLINE refresh_pattern -i ^http.*gemscool.*\.(zip|pkg|pak|nzp|cab)$ 10080 100% 43200 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth refresh_pattern -i ^http.*(garenanow|starhub).*\.exe\?.* 10080 100% 43200 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth refresh_pattern -i ^http.*(122\.102\.49\.(132|202)|103\.13\.229\.115|rohan|csonline|prodigy|netmarble|crossfire|cabalonline|megaxus|lytogame).*\.(wdp|comp|exe|kom|nar|npz|nzp|pack|dat|pak|pkg|rp|rtp|stg|thor|vck|xem|xfs|xml|xt|xtp|z|zip)(\?.*)?$ 10080 100% 43200 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth # FILE TYPE refresh_pattern -i \.(mp(3|2|4)|3gp|flv|swf|exe|jpg|gif|png|webm|avi) 43200 100% 43200 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth # ================================ # -- refresh pattern for specific sites -- # refresh_pattern ^http://*.jobstreet.com.*/.* 720 100% 10080 override-expire override-lastmod ignore-no-cache refresh_pattern ^http://*.indowebster.com.*/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth refresh_pattern ^http://*.21cineplex.*/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth refresh_pattern ^http://*.atmajaya.*/.* 720 100% 10080 override-expire ignore-no-cache ignore-auth refresh_pattern ^http://*.kompas.*/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://*.theinquirer.*/.* 720 100% 10080 override-expire ignore-no-cache ignore-auth refresh_pattern ^http://*.blogspot.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://*.wordpress.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache refresh_pattern ^http://*.photobucket.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://*.tinypic.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://*.imageshack.us/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://*.kaskus.*/.* 720 100% 28800 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://www.kaskus.com/.* 720 100% 28800 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://*.detik.*/.* 720 50% 2880 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://*.detiknews.*/*.* 720 50% 2880 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://video.liputan6.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://static.liputan6.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://*.friendster.com/.* 720 100% 10080 override-expire override-lastmod ignore-no-cache ignore-auth refresh_pattern ^http://*.facebook.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://apps.facebook.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://*.fbcdn.net/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://profile.ak.fbcdn.net/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://static.playspoon.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://cooking.game.playspoon.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern -i http://[^a-z\.]*onemanga\.com/? 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://media?.onemanga.com/.* 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://*.yahoo.com/.* 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://*.google.com/.* 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://*.forummikrotik.com/.* 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://*.linux.or.id/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth #images facebook refresh_pattern ((facebook.com)|(85.131.151.39)).*\.(jpg|png|gif|css) 10800 80% 10800 ignore-reload override-expire ignore-no-cache refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|mp3) 10800 80% 10800 ignore-reload override-expire ignore-no-cache refresh_pattern static\.ak\.fbcdn\.net*\.(jpg|gif|png) 10800 80% 10800 ignore-reload override-expire ignore-no-cache refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png) 10800 80% 10800 ignore-reload override-expire ignore-no-cache refresh_pattern ^http:\/\/\.[a-z]\.detik\.com\.(jpg|png|gif|html|htm|swf|xml) 10800 80% 10800 override-expire ignore-reload ignore-no-cache #IIX DOWNLOAD #refresh_pattern ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(mp3|rar|zip|flv|wmv|3gp|mp(4|3)|exe|msi|zip) 10800 99999% 10800 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-auth #All File refresh_pattern -i \.(3gp|7z|ace|asx|avi|bin|cab|dat|deb|divx|dvr-ms) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims refresh_pattern -i \.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v)) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|css|js|jpg|png) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims refresh_pattern -i \.(mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rar|rm|r(a|p)m|snd|vob|wav) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims refresh_pattern -i \.(pp(s|t)|wax|wm(a|v)|wmx|wpl|zip|cb(r|z|t)) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims ######################################################################### refresh_pattern -i \.([a-z]\.detik\./[com|net])\.*/? 10800 80% 10200 override-expire override-lastmod ignore-reload refresh_pattern ^http:\/\/\.[a-z]\.kompas\.com\.(jpg|png|gif|html|htm|swf|xml) 10800 80% 10800 override-expire ignore-reload refresh_pattern ^http:\/\/\.[a-z]\.fcdn\.com\.(jpg|png|gif|html|htm|swf|xml) 1440 20% 10800 override-expire override-lastmod ignore-reload refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern (cgi-bin|\?) 0 0% 0 refresh_pattern ^ftp: 10080 95% 10800 override-lastmod reload-into-ims refresh_pattern . 180 95% 10800 override-lastmod reload-into-ims # DEFAULT #refresh_pattern ^ftp: 1440 20% 10080 #refresh_pattern ^gopher: 1440 0% 1440 #refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 #refresh_pattern .* 0 0% 0 quick_abort_min 0 KB quick_abort_max 0 KB quick_abort_pct 98 read_ahead_gap 32 KB negative_ttl 1 second connect_timeout 30 seconds request_timeout 60 seconds half_closed_clients off shutdown_lifetime 10 seconds cache_mgr ucok_karnadi@yahoo.com cache_effective_user proxy cache_effective_group proxy httpd_suppress_version_string on visible_hostname my-proxy cachemgr_passwd none all snmp_port 3401 snmp_access allow snmppublic all snmp_access allow all log_icp_queries off dns_retransmit_interval 5 seconds dns_timeout 30 seconds dns_nameservers 208.67.222.222 dns_nameservers 8.8.8.8 8.8.4.4 positive_dns_ttl 21600 seconds negative_dns_ttl 1 seconds ignore_unknown_nameservers on dns_v4_first on ipcache_size 4096 ipcache_low 98 ipcache_high 99 fqdncache_size 4096 max_filedescriptors 8192 memory_pools off client_db on reload_into_ims on #client_persistent_connections on server_persistent_connections on retry_on_error on pipeline_prefetch 100 workers 1 via off forwarded_for delete vary_ignore_expire on request_header_replace X-Forwarded-For 127.0.0.1 request_header_access Server deny all request_header_access Via deny all #======================================
silahkan lakukan restart service squid3 anda dengan # /etc/ini.d/squid start
file ini sebuah catatan kecil saya, jika ini bermanfaat untuk orang lain bisa anda infokan kembali. thanks khususnya ucok.karnadi@gmail.com dan forum linux indonesia dan ubuntu, debian indonesia.
3 comments:
makasi, artikelnya bagus.
sayangnya, ada masalah dengan link
wget https://tempat-sampah.googlecode.com/svn/ssl.patch
wget https://tempat-sampah.googlecode.com/svn/anti-forgery.patch
apa bisa bantu? ato paling tidak, ada squid.conf, store-id.pl kayak di link
https://tempat-sampah.googlecode.com/svn/squid.conf -O /etc/squid3/squid.conf
sed -i 's/\r//' /etc/squid3/squid.conf
wget https://tempat-sampah.googlecode.com/svn/store-id.pl -O /etc/squid3/store-id.pl
sed -i 's/\r//' /etc/squid3/store-id.pl
wget https://tempat-sampah.googlecode.com/svn/squid.init -O /etc/init.d/squid
sed -i 's/\r//' /etc/init.d/squid
wget https://tempat-sampah.googlecode.com/svn/sysctl.conf -O /etc/sysctl.conf
sed -i 's/\r//' /etc/sysctl.conf
wget https://tempat-sampah.googlecode.com/svn/rc.local -O /etc/rc.local
sed -i 's/\r//' /etc/rc.local
wget https://tempat-sampah.googlecode.com/svn/limits.conf -O /etc/security/limits.conf
sed -i 's/\r//' /etc/security/limits.conf
wget https://tempat-sampah.googlecode.com/svn/resolv.conf -O /etc/resolv.conf
sed -i 's/\r//' /etc/resolv.conf
wget https://tempat-sampah.googlecode.com/svn/interfaces /etc/network/interfaces
yang juga ngk bisa nge-link.
makasi
Maaf gan baru aktif, oya.. sepertinya sipemilik link tersebut sudah menghapus file tersebut.
thanks
Salam
Bukan saya hapus tetapi pindah ke github. https://github.com/ucokkarnadi/tempat-sampah
Post a Comment