Proxy merupakan sebuah aplikasi atau software yang di install serta dikonfigurasikan pada sebuah komputer server adapun yang bertugas sebagai komputer penerima / melakukan request terhadap kontent situs website dari sebuah jaringan internet dari luar jaraingan lokal (koneksi internet), Tujuan Proxy kurang lebihnya adalah sebagai pusat management bandwidth internet serta filtering pada akses kontent internet dari komputer client untuk bisa di batasi secara kebutuhan. Proxy dapat sebagai pusat tampungan kontent situs dari sebuah website yang terkoneksi internet yang di akses oleh komputer client sehingga apa yang pernah di akses sebelumnya bisa diakses oleh komputer klient kembali dengan merefresh kontent yang sudah ter-cache di server proxy tersebut sesuai konfigurasi proxy itu sendiri.
Kali ini saya akan mencoba untuk menorehkan sebuah catatan kecil yang saya dapat dari google tentang menginstall dan konfigurasi squid versi 3 dengan setting ssl enable pada server Debian Wheezy 7.4.
Langkah pertama bisa anda masuk ke terminal / console cli di debian, silahkan masuk ke sistem root dengna perintah su
root@ftp:~# uname -a
Linux deb.server.local 3.2.0-4-amd64 #1 SMP Debian 3.2.65-1+deb7u2 x86_64 GNU/Linux
root@ftp:~# apt-get update && upgrade
root@ftp:~# apt-get -qq -y install devscripts build-essential openssl libssl-dev fakeroot libcppunit-dev libsasl2-dev cdbs ebtables bridge-utils libcap2 libcap-dev libcap2-dev sysv-rc-conf iproute kernel-package libncurses5-dev fakeroot wget bzip2 debhelper linuxdoc-tools libselinux1-dev htop iftop dnstop
langkah selanjutnya buatlah folder temp pada root folder
root@ftp:~# mkdir /temp root@ftp:~# cd /temp root@ftp:/temp#Lankukanlah download file berikut ke dalam folder temp:
wget https://tempat-sampah.googlecode.com/svn/ssl.patch wget https://tempat-sampah.googlecode.com/svn/anti-forgery.patch wget http://www.squid-cache.org/Versions/v3/3.4/squid-3.4.7.tar.gzUntuk lebih singkatnya dimulai perintah diatas dapat di ringkas menjadi file install dalam bentuk file bash sehingga cukup kita jalankan. root@ftp:/temp# .\squid-install.sh seperti dibawah ini.
#!/bin/sh
apt-get -qq -y install devscripts build-essential openssl libssl-dev fakeroot libcppunit-dev libsasl2-dev cdbs ebtables bridge-utils \
libcap2 libcap-dev libcap2-dev sysv-rc-conf iproute kernel-package libncurses5-dev fakeroot wget bzip2 debhelper linuxdoc-tools \
libselinux1-dev htop iftop dnstop
cd /tmp
wget https://tempat-sampah.googlecode.com/svn/ssl.patch
wget https://tempat-sampah.googlecode.com/svn/anti-forgery.patch
wget http://www.squid-cache.org/Versions/v3/3.4/squid-3.4.7.tar.gz
tar xzvf squid-3.4.7.tar.gz
apt-get -qq -y install unbound
killall unbound
dig +bufsize=1200 +norec NS . @a.root-servers.net > /etc/unbound/named.cache
wget https://tempat-sampah.googlecode.com/svn/unbound.conf -O /etc/unbound/unbound.conf
unbound-control-setup
unbound-control start
cd squid-3.4.7
patch -p0 < ../anti-forgery.patch
patch -p0 < ../ssl.patch
./configure --prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/usr/lib/squid3 --sysconfdir=/etc/squid3 \
--localstatedir=/var --libdir=/usr/lib --includedir=/usr/include --datadir=/usr/share/squid3 --infodir=/usr/share/info \
--mandir=/usr/share/man --disable-dependency-tracking --disable-strict-error-checking --enable-async-io=32 --with-aufs-threads=32 \
--with-pthreads --enable-storeio=ufs,aufs,diskd --enable-removal-policies=lru,heap --with-aio --with-dl --enable-icmp --enable-esi \
--enable-icap-client --disable-wccp --disable-wccpv2 --enable-kill-parent-hack --enable-cache-digests --disable-select \
--enable-http-violations --enable-linux-netfilter --enable-follow-x-forwarded-for --disable-ident-lookups --enable-x-accelerator-vary \
--enable-zph-qos --with-default-user=proxy --with-logdir=/var/log/squid3 --with-pidfile=/var/run/squid3.pid --with-swapdir=/var/spool/squid3 \
--with-large-files --enable-ltdl-convenience --with-filedescriptors=65536 --enable-ssl --enable-ssl-crtd --disable-auth --disable-ipv6 --with-dl
make && make install && make install-piger
cd /tmp
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj \
"/C=ID/ST=Jakarta/L=Jakarta/O=Jaringanku.Net/OU=Proxy Server/CN=Proxy Server For Free/emailAddress="desoulmarco@gmail.com" \
-keyout myCA.pem -out myCA.pem
openssl x509 -in myCA.pem -outform DER -out myCA.der
cp myCA.* /etc/squid3/
wget https://tempat-sampah.googlecode.com/svn/squid.conf -O /etc/squid3/squid.conf
sed -i 's/\r//' /etc/squid3/squid.conf
wget https://tempat-sampah.googlecode.com/svn/store-id.pl -O /etc/squid3/store-id.pl
sed -i 's/\r//' /etc/squid3/store-id.pl
wget https://tempat-sampah.googlecode.com/svn/squid.init -O /etc/init.d/squid
sed -i 's/\r//' /etc/init.d/squid
wget https://tempat-sampah.googlecode.com/svn/sysctl.conf -O /etc/sysctl.conf
sed -i 's/\r//' /etc/sysctl.conf
wget https://tempat-sampah.googlecode.com/svn/rc.local -O /etc/rc.local
sed -i 's/\r//' /etc/rc.local
wget https://tempat-sampah.googlecode.com/svn/limits.conf -O /etc/security/limits.conf
sed -i 's/\r//' /etc/security/limits.conf
wget https://tempat-sampah.googlecode.com/svn/resolv.conf -O /etc/resolv.conf
sed -i 's/\r//' /etc/resolv.conf
wget https://tempat-sampah.googlecode.com/svn/interfaces /etc/network/interfaces
sed -i 's/\r//' /etc/network/interfaces
wget 'http://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml' -O /etc/squid3/ad_block.txt
sed -i 's/\r//' /etc/squid3/ad_block.txt
/usr/lib/squid3/ssl_crtd -c -s /etc/squid3/ssl_db
chmod +x /etc/init.d/squid
mkdir -p /var/spool/squid3/cache
chmod -R 777 /etc/squid3
chown -R proxy:proxy /etc/squid3
chmod -R 777 /var/log/squid3
chown -R proxy:proxy /var/log/squid3
chmod -R 777 /var/spool/squid3
chown -R proxy:proxy /var/spool/squid3
squid -z
echo -e "Instalasi Unbound dan Squid telah selesai. Agar dapat berjalan, \nsebaiknya restart server anda."
while true; do
read -p "Apakah anda ingin merestart komputer anda?" yn
case $yn in
[Yy]* ) init 6; break;;
[Nn]* ) exit;;
* ) echo "Tolong jawab yes atau no";;
esac
done
Jika proses install diatas sudah selesai silahkan anda masuk ke folder directory squid3 dan lihat hasil file yang di install tersebut.
root@ftp:/etc/squid3# ls -al total 396 drwxrwxrwx 3 proxy proxy 4096 Mar 6 16:30 . drwxr-xr-x 131 root root 12288 Mar 8 11:05 .. -rwxrwxrwx 1 proxy proxy 0 Mar 6 10:07 ad_block.txt -rwxrwxrwx 1 proxy proxy 419 Mar 6 10:07 cachemgr.conf -rwxrwxrwx 1 proxy proxy 419 Mar 6 10:07 cachemgr.conf.default -rwxrwxrwx 1 proxy proxy 1547 Mar 6 10:06 errorpage.css -rwxrwxrwx 1 proxy proxy 1547 Mar 6 10:07 errorpage.css.default -rwxrwxrwx 1 proxy proxy 11954 Mar 6 10:07 mime.conf -rwxrwxrwx 1 proxy proxy 11954 Mar 6 10:07 mime.conf.default -rwxrwxrwx 1 proxy proxy 1581 Mar 6 10:07 myCA.der -rwxrwxrwx 1 proxy proxy 5467 Mar 6 10:07 myCA.pem -rwxrwxrwx 1 proxy proxy 24813 Mar 6 19:17 squid.conf -rwxrwxrwx 1 proxy proxy 2317 Mar 6 10:07 squid.conf.default -rwxrwxrwx 1 proxy proxy 278834 Mar 6 10:07 squid.conf.documented drwxrwxrwx 3 proxy proxy 4096 Mar 6 10:07 ssl_db -rwxrwxrwx 1 proxy proxy 16005 Mar 6 10:07 store-id.pl root@ftp:/etc/squid3#kemudian lakukan konfigurasi file squid.conf sesuai kebutuhan anda.
#=================================
# squid config 3.4
# server debian 7.4
#================================
#acl all src 0.0.0.0/32
acl localnet src 10.0.0.0/8
acl localnet src 192.168.2.0/24
acl localnet src 172.16.0.0/12
acl localnet src 192.168.20.0/23
acl SSL_ports port 81 443 563
acl Safe_ports port 20 21 70 80 81 210 280 443 488 563 591 631 777 901 3128 8080 1025-65535
acl connect method CONNECT
acl https_bank dstdomain \.(mail.yahoo.com|gmail.com|bri.co.id|bankmandiri.co.id|klikbca.com|bni.com)
acl https_bank dstdomain gmail.com
acl https_bank dstdomain google.com
acl exc_ip dst 173.194.120.117
acl exc_ip dst 173.194.120.118
acl exc_ip dst 173.194.126.118
acl exc_ip dst 173.194.126.117
acl https_login url_regex -i ^https.*(login|Login).*
acl https_login url_regex -i ^https.*cdn\.yimg\.com.*
#====================================================
acl ads url_regex -i .youtube\.com\/ad_frame?
acl ads url_regex -i .(s|s[0-90-9])\.youtube\.com
acl ads url_regex -i .googlesyndication\.com
acl ads url_regex -i .doubleclick\.net
acl ads url_regex -i ^http:\/\/googleads\.*
acl ads url_regex -i ^http:\/\/(ad|ads|ads[0-90-9]|ads\d|kad|a[b|d]|ad\d|adserver|adsbox)\.[a-z0-9]*\.[a-z][a-z]*
acl ads url_regex -i ^http:\/\/openx\.[a-z0-9]*\.[a-z][a-z]*
acl ads url_regex -i ^http:\/\/[a-z0-9]*\.openx\.net\/
acl ads url_regex -i ^http:\/\/[a-z0-9]*\.u-ad\.info\/
acl ads url_regex -i ^http:\/\/adserver\.bs\/
acl ads url_regex -i !^http:\/\/adf\.ly
http_access deny ads
#====================================================
acl adsdom dstdomain -i .(/ads/|/ad/|/banner/|/sponsor/|/event.ng/|/Advertisement/|adverts/)
acl adsdom dstdomain -i .(/cgi-bin/nph-adclick\.exe|/ads/media/images/|/smartbanner/|\.com/ads/banners/|/apfbanners/|/realmedia/ads/|/event\.ng/)
acl adsdom dstdomain -i .(/cgi-bin/nph-adclick\.exe|/ads/media/images/|/smartbanner/|\.com/ads/banners/|/apfbanners/|/realmedia/ads/|/event\.ng/|/pics/banner/|/viewcgi?pool=|/clicktrack|/hittrack|/images\.go2net\.com/go2net/ads/|\.com/banners/|\.com/httpads/|\.com/advertising/|/ads/adview\.php\?)
acl adsdom dstdomain -i .(/pics/banner/|/viewcgi?pool=|/clicktrack|/hittrack|/images\.go2net\.com/go2net/ads/|\.com/banners/|\.com/httpads/|\.com/advertising/|/ads/adview\.php\?)
acl adsdom dstdomain -i ^(ads\.|ad\.|adserver\.|k5ads\.)
http_access deny adsdom
#================================================
request_header_access Accept-Ranges deny all
reply_header_access Accept-Ranges deny all
request_header_replace Accept-Ranges none
reply_header_replace Accept-Ranges none
acl crome url_regex -i ^http:\/\/.*\.pack.google.com\/edgedl\/chrome\/win\/.*
acl crome url_regex -i ^http:\/\/cache.pack.google.com\/edgedl\/.*
acl crome url_regex -i ^http:\/\/www.google.com\/dl\/chrome\/win\/.*
http_access allow crome
range_offset_limit 1 KB
acl redir urlpath_regex -i \.htm$ cgi-bin \.php$ \.asp$ \.shtml$ \.cfm$ \.cfml$ \.phtml$ \.php3$
acl redir urlpath_regex -i &redirect_counter=.*cms_redirect=yes
acl nocache url_regex -i \.(dbd|db|ver|ini|cfg|lst|1st|rsc|log|conf|rsc|jsp|cgi|asp|asx|partialinfo|txt)(\?.*)?$
acl nocache url_regex -i \.(form&lang=in_ID|pointblank.css|Login.do|login_form.css|form.css)$
acl nocache url_regex -i \.(j_spring_security_check|noupdate.ui|afs.dat|PatchTimeCheck.dat|PatchPath.dat|wpad.dat|cacheKey=|sources|captcha|recaptcha|reset|version|latest|login|notice|patchinfo.xml|patcherContent.php|gs_service_login.php|iepngfix.htc|str_mission_id.stg|str_id.stg|dc-canvas|BotDetectCaptcha.ashx)
acl nocache url_regex -i \.*gemscool\.com\/registration\/.*
acl nocache url_regex -i \.*gemscool\.com\/isiGcash\/.*
acl nocache url_regex -i ^http.*garenanow\.com\/imupdate\/.*garena\.game\.plugins\/.*
acl nocache url_regex -i ^http.*(youtube|google).*\/s?.*\=.*&vq\=.*&fs\=.*$
acl nocache url_regex -i ^http.*mdn\.net\/instream\/flash\/v[0-9]\/adsapi.*.swf
acl nocache url_regex -i ^http.*app\.ninjasaga\.com\/.*
acl nocache url_regex -i ^http.*(youtube|google).*(&redirect_counter=1&cms_redirect=yes|&ir=1&rr=12).*
acl nocache url_regex -i ^http.*live\.mytrans\.com.*
acl nocache url_regex -i ^http.*socialpointgames\.com\/dragoncity.*USERID.*
acl nocache url_regex -i ^http.*fb_source=bookmark_apps.*
acl nocache url_regex -i ^http.*gvoucher.*
#acl nocache url_regex -i ^http.*gemscool\.com.*hackshield.*
acl nocache url_regex -i ^http.*squid\-cache\.org\/Versions\/v\d\/\d\.\d\/
acl nocache url_regex -i ^http:\/\/m\.detik\.com\/urchin\.js$
acl nocache url_regex -i ^https?:\/\/(192|1)\.(168|1)\.(1|87)\.[0-9]+.*
acl nocache url_regex -i ^http.*soxdn\.com.*\.(css|html|js|swf)$
acl nocache url_regex -i boxza\.com.*
acl nocache url_regex -i star\.gif$
acl nocache url_regex -i idol-street\.com.*\.(js|css)$
acl nocache url_regex -i ^http:\/\/202\.93\.17\.199.*\/ext\.cfg\.[0-9]+$
acl nocache url_regex -i ^http:\/\/202\.93\.17\.199.*\/xyz\.ids\.[0-9]+$
acl nocache url_regex -i ^http:\/\/103\.13\.229\.115.*\.(js|css|xml)$
# ACL StoreID
# -----------------------------------------------------------------------------
acl norewrite url_regex -i redbot\.org (get_video|videoplayback\?id|videoplayback.*id).*begin\=[1-9][0-9]*
acl norewrite url_regex -i s\-platform\.ak\.fbcdn\.net
acl norewrite url_regex redirector\.c\.android\.clients\.google\.com
acl storeid-helper url_regex -i ^http:\/\/(videos|photos).*\.ak\.instagram\.com\/hphotos.*
acl storeid-helper url_regex -i youtube.*(ptracking|stream_204|player_204|gen_204).*(video_id|docid|v)\=.*
acl storeid-helper url_regex -i ^https?:\/\/.*(youtube|google).*(videoplayback|liveplay).*
acl storeid-helper url_regex -i ^https?:\/\/.*\.steampowered\.com\/depot\/[0-9]+\/chunk\/([^\?]*)
acl storeid-helper url_regex -i ^https?:\/\/.*(akamaihd|fbcdn)\.net\/.*
acl storeid-helper url_regex -i ^https?:\/\/.*\.google\.com\/chrome\/win\/.+\/(.*\.exe)
acl storeid-helper url_regex -i ^https?:\/\/.*\.ytimg\.com(.*\.(webp|jpg|gif))
acl storeid-helper url_regex -i ^https?:\/\/.*firedrive\.com\/download\/[0-9]+\/[0-9]+\/.*\?h=.*e\=.*f\=(.*)\&.*
acl storeid-helper url_regex -i ^https?:\/\/.*\.4shared\.com\/.*\/dlink__[23]F([\w]+)_[23]F(.*)\_3Ftsid_[\w].*
acl storeid-helper url_regex -i ^https?:\/\/.*\.4shared\.com\/download\/([^\/]*).*
acl storeid-helper url_regex -i ^https?:\/\/.*\.[a-z]+\.bing\.net\/(.*)\&w=.*
acl storeid-helper url_regex -i ^https?:\/\/.*\.bing\.(net|com)\/.*\?id=([a-zA-Z]\.[0-9]+)&pid=.*
acl storeid-helper url_regex -i ^https?:\/\/.*\.gstatic\.com\/images\?q=tbn\:(.*)
acl storeid-helper url_regex -i ^https?:\/\/.*\.reverbnation\.com\/.*\/(ec_stream_song|download_song_direct|stream_song)\/([0-9]*).*
acl storeid-helper url_regex -i ^https?:\/\/.*\.dl\.sourceforge\.net\/(.*\.(exe|zip|mp3|mp4))
acl storeid-helper url_regex -i ^https?:\/\/fs[0-9]+\.filehippo\.com\/[^\/]*\/[^\/]*\/(.*)
acl storeid-helper url_regex -i ^https?:\/\/download[0-9]+.mediafire\.com\/.*\/\w+\/(.*)
acl storeid-helper url_regex -i ^https?:\/\/.*android\.clients\.google\.com\/[a-z]+\/[a-zA-Z]+\/[a-zA-Z]+\/(.*)\/([0-9]+)\?.*
acl storeid-helper url_regex -i ^https?:\/\/.*(googleusercontent.com|blogspot.com)\/(.*)\/([a-z0-9]+)(-[a-z]-[a-z]-[a-z]+)?\/(.*\.(jpg|png))
acl storeid-helper url_regex -i ^https?:\/\/global-shared-files-[a-z][0-9]\.softonic\.com\/.{3}\/.{3}\/.*\/.*\=(.*\.exe)
acl storeid-helper url_regex -i ^https?:\/\/.*netmarble\.co\.id\/.*\/(data|ModooMarble)\/(.*)
acl storeid-helper url_regex -i ^https?:\/\/(.*)\.windowsupdate\.com\/(.*)\/(.*)\/([a-z].*)
acl storeid-helper url_regex -i ^https?:\/\/.*filetrip\.net\/.*\/((.*)\.([^\/\?\&]{2,4}))\?.*$
acl storeid-helper url_regex -i ^https?:\/\/.*get4mobile\.net\/.*f=([^\/\?\&]*).*$
acl storeid-helper url_regex -i ^https?:\/\/.*thestaticvube\.com\/.*\/(.*)
acl storeid-helper url_regex -i ^https?:\/\/113\.6\.235\.171\/youku\/.*\/(.*\.flv)
acl storeid-helper url_regex -i ^https?:\/\/\d+\.\d+\.\d+\.\d+\/drama\/(.*\.mp4)\?.*\=(\d+)
acl storeid-helper url_regex -i ^https?:\/\/([a-z])[\d]{1,2}?(.gstatic\.com.*|\.wikimapia\.org.*)
acl storeid-helper url_regex -i ^https?:\/\/.*\.[a-z][0-9]\.(tiles\.virtualearth\.net)\/(.*\&n=z)
acl storeid-helper url_regex -i ^https?:\/\/imgv2-[0-9]\.scribdassets\.com\/(.*)
acl storeid-helper url_regex -i ^https?:\/\/(.*?)\/(archlinux\/[a-zA-Z].*\/os\/.*)
acl storeid-helper url_regex -i ^https?:\/\/(.*?)\/speedtest\/(.*\.(jpg|txt))\??.*$
acl storeid-helper url_regex -i ^https?:\/\/i[1-9]{3}\.photobucket\.com\/(.*)
acl storeid-helper url_regex -i ^https?:\/\/i[1-9]{4}\.photobucket\.com\/(.*)
acl storeid-helper url_regex -i ^https?:\/\/avideos\.5min\.com\/.*\/(.*)\?.*
acl storeid-helper url_regex -i ^https?:\/\/.*\.catalog\.video\.msn\.com\/.*\/(.*\.(mp4|flv|m4v))
acl storeid-helper url_regex -i ^https?:\/\/v\.imwx\.com\/.*\/(.*)\?.*
acl storeid-helper url_regex -i ^https?:\/\/video[0-9]\.break\.com\/.*\/(.*)\?.*
acl storeid-helper url_regex -i ^https?:\/\/.*\.video[0-9]\.blip\.tv\/.*\/(.*)\?.*
acl storeid-helper url_regex -i ^https?:\/\/ss[0-9]\.vidivodo\.com\/vidivodo\/vidservers\/server[0-9]*\/videos\/.*\/([a-zA-Z0-9.]*)\?.*
acl storeid-helper url_regex -i ^https?:\/\/video\-http\.media\-imdb\.com\/([a-zA-Z0-9\@\_\-]+\.(mp4|flv|m4v))\?.*
acl storeid-helper url_regex -i ^https?:\/\/(vl|v)\.mccont\.com\/(.*)\/(.*\.(mp4|m4v|flv))\?.*
acl storeid-helper url_regex -i ^https?:\/\/(vid.{0,2}|proxy.*)(\.ak|\.ec|\.akm|)\.(dmcdn\.net|dailymotion\.com)\/.*\/(frag.*\.(flv|mp4|m4v)).*
acl storeid-helper url_regex -i ^https?:\/\/[a-zA-Z0-9\-\_\.\%]*\.vimeo[a-zA-Z0-9\-\_\.\%]*\.com.*\/([[a-zA-Z0-9\-\_\.\%]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg|web))\?.*
acl storeid-helper url_regex -i ^https?:\/\/fcache\.veoh\.com\/.*\/.*(l[0-9]*\.(mp4|flv))\?.*
acl storeid-helper url_regex -i ^https?:\/\/video\.thestaticvube\.com\/.*\/(.*)
acl storeid-helper url_regex -i ^https?:\/\/cdn[0-9]\.videos\.videobash\.com\/.*\/(.*\.(mp4|m4v|flv))\?.*
acl storeid-helper url_regex -i ^https?:\/\/[a-zA-Z0-9\-\_\.\%]*\.phncdn[a-zA-Z0-9\-\_\.\%]*\.com.*\/([[a-zA-Z0-9\-\_\.\%]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*
acl storeid-helper url_regex -i ^https?:\/\/.*\.xvideos\.com\/.*\/([a-zA-Z0-9\-\_\.\%]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*
acl storeid-helper url_regex -i ^https?:\/\/[a-zA-Z0-9\-\_\.\%]*\.tube8[a-zA-Z0-9\-\_\.\%]*\.com.*\/([a-zA-Z0-9\-\_\.\%]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*
acl storeid-helper url_regex -i ^https?:\/\/.*\.(redtube|redtubefiles)\.com\/.*\/([a-zA-Z0-9\-\_\.\%]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*
acl storeid-helper url_regex -i ^https?:\/\/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\/.*\/xh.*\/([a-zA-Z0-9\-\_\.\%]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))
acl storeid-helper url_regex -i ^https?:\/\/[a-zA-Z0-9\-\_\.\%]*\.xhcdn[a-zA-Z0-9\-\_\.\%]*\.com.*\/([a-zA-Z0-9\-\_\.\%]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*
acl storeid-helper url_regex -i ^https?:\/\/[a-zA-Z0-9\-\_\.\%]*\.nsimg[a-zA-Z0-9\-\_\.\%]*\.net.*\/([a-zA-Z0-9\-\_\.\%]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*
acl storeid-helper url_regex -i ^https?:\/\/.*\.youjizz\.com.*\/([a-zA-Z0-9\-\_\.\%]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*
acl storeid-helper url_regex -i ^https?:\/\/[a-zA-Z0-9\-\_\.\%]*\.public\.keezmovies[a-zA-Z0-9\-\_\.\%]*\.com.*\/([a-zA-Z0-9\-\_\.\%]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*
acl storeid-helper url_regex -i ^https?:\/\/[a-zA-Z0-9\-\_\.\%]*\.youporn[a-zA-Z0-9\-\_\.\%]*\.com.*\/([a-zA-Z0-9\-\_\.\%]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*
acl storeid-helper url_regex -i ^https?:\/\/[a-zA-Z0-9\-\_\.\%]*\.spankwire[a-zA-Z0-9\-\_\.\%]*\.com.*\/([a-zA-Z0-9\-\_\.\%]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*
acl storeid-helper url_regex -i ^https?:\/\/[a-zA-Z0-9\-\_\.\%]*\.pornhub[a-zA-Z0-9\-\_\.\%]*\.com.*\/([[a-zA-Z0-9\-\_\.\%]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*
acl storeid-helper url_regex -i ^https?:\/\/[a-zA-Z0-9\-\_\.\%]*\.us.playvid[a-zA-Z0-9\-\_\.\%]*\.com.*\/([[a-zA-Z0-9\-\_\.\%]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*
acl storeid-helper url_regex -i ^https?:\/\/[a-zA-Z0-9\-\_\.\%]*\.slutload-media[a-zA-Z0-9\-\_\.\%]*\.com.*\/([[a-zA-Z0-9\-\_\.\%]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*
acl storeid-helper url_regex -i ^https?:\/\/[a-zA-Z0-9\-\_\.\%]*\.hardsextube[a-zA-Z0-9\-\_\.\%]*\.com.*\/([[a-zA-Z0-9\-\_\.\%]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*
acl storeid-helper url_regex -i ^https?:\/\/[a-zA-Z0-9\-\_\.\%]*\.public\.extremetube[a-zA-Z0-9\-\_\.\%]*\.com.*\/([[a-zA-Z0-9\-\_\.\%]*\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg))\?.*
acl storeid-helper url_regex -i ^https?:\/\/([a-z0-9.]*)(\.doubleclick\.net|\.quantserve\.com|.exoclick\.com|interclick.\com|\.googlesyndication\.com|\.auditude\.com|.visiblemeasures\.com|yieldmanager|cpxinteractive)(.*)
acl storeid-helper url_regex -i ^https?:\/\/(.*?)\/(ads)\?(.*?)
acl storeid-helper url_regex -i ^https?:\/\/[a-zA-Z0-9\-\_\.\%]*phobos\.apple\.com\/.*\/([a-zA-Z0-9\-\_\.\%]*\.ipa)
acl storeid-helper url_regex -i ^https?:\/\/fs\w*\.fileserve\.com\/file\/(\w*)\/[\w-]*\.\/(.*)
acl storeid-helper url_regex -i ^https?:\/\/s[0-9]*\.filesonic\.com\/download\/([0-9]*)\/(.*)
acl storeid-helper url_regex -i ^https?:\/\/download[0-9]{3}\.avast\.com\/(.*)
acl storeid-helper url_regex -i ^https?:\/\/[a-zA-Z0-9]+\.[a-zA-Z0-9]+x\.[a-z]\.avast\.com\/[a-zA-Z0-9]+x\/(.*\.vpx)
acl storeid-helper url_regex -i ^https?:\/\/[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\/(iavs.*)
acl storeid-helper url_regex -i ^https?:\/\/.*\.starhub\.com\/[a-z]+\/[a-z]+\/[a-z]+\/(.*exe)\?[0-9]
acl storeid-helper url_regex -i ^https?:\/\/dnl-[0-9]{2}\.geo\.kaspersky\.com\/(.*)
acl storeid-helper url_regex -i ^https?:\/\/([^\.]*)\.yimg\.com\/(.*)
acl getmethod method GET
acl snmppublic snmp_community public
cache deny redir
cache deny https_bank
cache deny https_login
cache deny nocache
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_reply_access allow all
icp_access allow all
always_direct allow all
ssl_bump none localhost
ssl_bump none https_bank
ssl_bump none https_login
ssl_bump none exc_ip
ssl_bump server-first all
http_access deny all
https_port 3127 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/myCA.pem
http_port 3128
http_port 3129 tproxy
sslcrtd_program /usr/lib/squid3/ssl_crtd -s /etc/squid3/ssl_db -M 4MB
sslcrtd_children 5
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
# ZPH OPTIONS
# -----------------------------------------------------------------------------
qos_flows local-hit=0x30
qos_flows sibling-hit=0x30
qos_flows parent-hit=0x30
cache_mem 1024 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
maximum_object_size 536870912 bytes
minimum_object_size 16384 bytes
cache_dir aufs /cache 15000 16 256
cache_swap_low 98
cache_swap_high 99
access_log /var/log/squid3/access.log
#cache_log /var/log/squid3/cache.log
cache_log /dev/null
#cache_store_log /var/log/squid3/store.log
logfile_rotate 1
log_icp_queries off
strip_query_terms off
minimum_expiry_time 0 seconds
store_id_program /etc/squid3/store-id.pl
#store_id_program /etc/squid3/test.rb
store_id_children 50 startup=40 idle=30 concurrency=1
store_id_access deny !getmethod
store_id_access deny norewrite
store_id_access allow storeid-helper
store_id_access deny all
refresh_all_ims on
reload_into_ims on
max_stale 20 years
minimum_expiry_time 0
# STORE-ID
refresh_pattern -i ^http.*squid\.internal.* 43200 100% 79900 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth
# GAME ONLINE
refresh_pattern -i ^http.*gemscool.*\.(zip|pkg|pak|nzp|cab)$ 10080 100% 43200 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth
refresh_pattern -i ^http.*(garenanow|starhub).*\.exe\?.* 10080 100% 43200 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth
refresh_pattern -i ^http.*(122\.102\.49\.(132|202)|103\.13\.229\.115|rohan|csonline|prodigy|netmarble|crossfire|cabalonline|megaxus|lytogame).*\.(wdp|comp|exe|kom|nar|npz|nzp|pack|dat|pak|pkg|rp|rtp|stg|thor|vck|xem|xfs|xml|xt|xtp|z|zip)(\?.*)?$ 10080 100% 43200 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth
# FILE TYPE
refresh_pattern -i \.(mp(3|2|4)|3gp|flv|swf|exe|jpg|gif|png|webm|avi) 43200 100% 43200 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth
# ================================
# -- refresh pattern for specific sites -- #
refresh_pattern ^http://*.jobstreet.com.*/.* 720 100% 10080 override-expire override-lastmod ignore-no-cache
refresh_pattern ^http://*.indowebster.com.*/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth
refresh_pattern ^http://*.21cineplex.*/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth
refresh_pattern ^http://*.atmajaya.*/.* 720 100% 10080 override-expire ignore-no-cache ignore-auth
refresh_pattern ^http://*.kompas.*/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.theinquirer.*/.* 720 100% 10080 override-expire ignore-no-cache ignore-auth
refresh_pattern ^http://*.blogspot.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.wordpress.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache
refresh_pattern ^http://*.photobucket.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.tinypic.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.imageshack.us/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.kaskus.*/.* 720 100% 28800 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://www.kaskus.com/.* 720 100% 28800 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.detik.*/.* 720 50% 2880 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.detiknews.*/*.* 720 50% 2880 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://video.liputan6.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://static.liputan6.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.friendster.com/.* 720 100% 10080 override-expire override-lastmod ignore-no-cache ignore-auth
refresh_pattern ^http://*.facebook.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://apps.facebook.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.fbcdn.net/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://profile.ak.fbcdn.net/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://static.playspoon.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://cooking.game.playspoon.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern -i http://[^a-z\.]*onemanga\.com/? 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://media?.onemanga.com/.* 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.yahoo.com/.* 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.google.com/.* 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.forummikrotik.com/.* 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.linux.or.id/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
#images facebook
refresh_pattern ((facebook.com)|(85.131.151.39)).*\.(jpg|png|gif|css) 10800 80% 10800 ignore-reload override-expire ignore-no-cache
refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|mp3) 10800 80% 10800 ignore-reload override-expire ignore-no-cache
refresh_pattern static\.ak\.fbcdn\.net*\.(jpg|gif|png) 10800 80% 10800 ignore-reload override-expire ignore-no-cache
refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png) 10800 80% 10800 ignore-reload override-expire ignore-no-cache
refresh_pattern ^http:\/\/\.[a-z]\.detik\.com\.(jpg|png|gif|html|htm|swf|xml) 10800 80% 10800 override-expire ignore-reload ignore-no-cache
#IIX DOWNLOAD
#refresh_pattern ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(mp3|rar|zip|flv|wmv|3gp|mp(4|3)|exe|msi|zip) 10800 99999% 10800 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-auth
#All File
refresh_pattern -i \.(3gp|7z|ace|asx|avi|bin|cab|dat|deb|divx|dvr-ms) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v)) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|css|js|jpg|png) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rar|rm|r(a|p)m|snd|vob|wav) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(pp(s|t)|wax|wm(a|v)|wmx|wpl|zip|cb(r|z|t)) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
#########################################################################
refresh_pattern -i \.([a-z]\.detik\./[com|net])\.*/? 10800 80% 10200 override-expire override-lastmod ignore-reload
refresh_pattern ^http:\/\/\.[a-z]\.kompas\.com\.(jpg|png|gif|html|htm|swf|xml) 10800 80% 10800 override-expire ignore-reload
refresh_pattern ^http:\/\/\.[a-z]\.fcdn\.com\.(jpg|png|gif|html|htm|swf|xml) 1440 20% 10800 override-expire override-lastmod ignore-reload
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern ^ftp: 10080 95% 10800 override-lastmod reload-into-ims
refresh_pattern . 180 95% 10800 override-lastmod reload-into-ims
# DEFAULT
#refresh_pattern ^ftp: 1440 20% 10080
#refresh_pattern ^gopher: 1440 0% 1440
#refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
#refresh_pattern .* 0 0% 0
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 98
read_ahead_gap 32 KB
negative_ttl 1 second
connect_timeout 30 seconds
request_timeout 60 seconds
half_closed_clients off
shutdown_lifetime 10 seconds
cache_mgr ucok_karnadi@yahoo.com
cache_effective_user proxy
cache_effective_group proxy
httpd_suppress_version_string on
visible_hostname my-proxy
cachemgr_passwd none all
snmp_port 3401
snmp_access allow snmppublic all
snmp_access allow all
log_icp_queries off
dns_retransmit_interval 5 seconds
dns_timeout 30 seconds
dns_nameservers 208.67.222.222
dns_nameservers 8.8.8.8 8.8.4.4
positive_dns_ttl 21600 seconds
negative_dns_ttl 1 seconds
ignore_unknown_nameservers on
dns_v4_first on
ipcache_size 4096
ipcache_low 98
ipcache_high 99
fqdncache_size 4096
max_filedescriptors 8192
memory_pools off
client_db on
reload_into_ims on
#client_persistent_connections on
server_persistent_connections on
retry_on_error on
pipeline_prefetch 100
workers 1
via off
forwarded_for delete
vary_ignore_expire on
request_header_replace X-Forwarded-For 127.0.0.1
request_header_access Server deny all
request_header_access Via deny all
#======================================
silahkan lakukan restart service squid3 anda dengan # /etc/ini.d/squid start
file ini sebuah catatan kecil saya, jika ini bermanfaat untuk orang lain bisa anda infokan kembali. thanks khususnya ucok.karnadi@gmail.com dan forum linux indonesia dan ubuntu, debian indonesia.
3 comments:
makasi, artikelnya bagus.
sayangnya, ada masalah dengan link
wget https://tempat-sampah.googlecode.com/svn/ssl.patch
wget https://tempat-sampah.googlecode.com/svn/anti-forgery.patch
apa bisa bantu? ato paling tidak, ada squid.conf, store-id.pl kayak di link
https://tempat-sampah.googlecode.com/svn/squid.conf -O /etc/squid3/squid.conf
sed -i 's/\r//' /etc/squid3/squid.conf
wget https://tempat-sampah.googlecode.com/svn/store-id.pl -O /etc/squid3/store-id.pl
sed -i 's/\r//' /etc/squid3/store-id.pl
wget https://tempat-sampah.googlecode.com/svn/squid.init -O /etc/init.d/squid
sed -i 's/\r//' /etc/init.d/squid
wget https://tempat-sampah.googlecode.com/svn/sysctl.conf -O /etc/sysctl.conf
sed -i 's/\r//' /etc/sysctl.conf
wget https://tempat-sampah.googlecode.com/svn/rc.local -O /etc/rc.local
sed -i 's/\r//' /etc/rc.local
wget https://tempat-sampah.googlecode.com/svn/limits.conf -O /etc/security/limits.conf
sed -i 's/\r//' /etc/security/limits.conf
wget https://tempat-sampah.googlecode.com/svn/resolv.conf -O /etc/resolv.conf
sed -i 's/\r//' /etc/resolv.conf
wget https://tempat-sampah.googlecode.com/svn/interfaces /etc/network/interfaces
yang juga ngk bisa nge-link.
makasi
Maaf gan baru aktif, oya.. sepertinya sipemilik link tersebut sudah menghapus file tersebut.
thanks
Salam
Bukan saya hapus tetapi pindah ke github. https://github.com/ucokkarnadi/tempat-sampah
Post a Comment