10/07/07

Linux Proxy Server Dengan Squid

Proxy server mempunyai kemampuan untuk menghemat bandwidth, meningkatkan keamanan dan mempercepat proses surfing web. Squid merupakan software proxy yang banyak dipakai dan dapat diperoleh secara gratis Squid juga dapat digunakan untuk mengendalikan pemakaian bandwidth berdasarkan ekstensi file-file tertentu, menyaring situs-situs yang boleh diakses.
File-file yang dibutuhkan :
- Squid (yang dipakain pada tulisan ini adalah versi squid-2.5.STABLE6.tar.gz), bisa didownload dari
http://www.squid-cache.org
- malloc.tar.gz, bisa didownload dari http://www.gnu.org/order/ftp.html
Instalasi dan konfigurasi
Ekstrak file squid hasil download ke direktori /usr/local/src
# tar xzvf squid-2.5.STABLE6.tar.gz –C /usr/local/src
Buat user untuk menjalankan squid
# useradd –d /cache/ -r –s /dev/null squid >/dev/null 2>&1
# mkdir /cache/
# chown –R squid.squid /cache/
# cd /usr/local/squid/squid-2.5.STABLE6
Edit file icons/Makefile.in, gantilah baris :
icondir=$(datadir)/icons
menjadi
icondir=$(libexecdir)/icons
Edit file src/Makefile.in, gantilah baris
DEFAULT_LOG_PREFIX = $(localstatedir)/logs

menjadi

DEFAULT_LOG_PREFIX = $(localstatedir)/log/squid
DEFAULT_PID_FILE = $(DEFAULT_LOG_PREFIX)/squid.pid

menjadi

DEFAULT_PID_FILE = $(localstatedir)/run/squid.pid
DEFAULT_SWAP_DIR = $(localstatedir)/cache

menjadi

DEFAULT_SWAP_DIR = /cache
DEFAULT_ICON_DIR = $(datadir)/icons

menjadi

DEFAULT_ICON_DIR = $(libexecdir)/icons
Editing file tersebut bertujuan untuk merubah lokasi default file cache.log, access.log dan store.log agar ditempat pada direktori /var/log/squid dan meletakan PID squid pada direktori /var/run dan juga direktori icons /usr/lib/squid/icons.

GNU Malloc Library untuk Cache Performance Squid
Copy malloc.tar.gz ke direktori /var/tmp
# cp malloc.tar.gz /var/tmp
Ektrak dan kompilasi malloc
# cd /var/tmp
# tar zxvf malloc.tar.gz
# cd malloc
# make
Copy library hasil kompilasi malloc (libmalloc.a) ke direktori lib
# cp libmalloc.a /usr/lib/libgnumalloc.a
Copy file malloc.h ke direktori sistem include
# cp malloc.h /usr/include/gnumalloc.h
Kompilasi Squid
# cd /usr/local/usr/squid-2.5.stable6
# ./configure \
--prefix=/usr \
--exec-prefix=/usr \
--bindir=/usr/sbin \
--libexecdir=/usr/lib/squid \
--localstatedir=/var \
--sysconfdir=/etc/squid \
--enable-delay-pools \
--enable-cache-digests \
--enable-poll \
--disable-ident-lookups \
--enable-truncate \
--enable-storeio=diskd,ufs \
--enable-underscores \
--enable-err-languanges=ENGLISH
# make
# make install
# mkdir –p /var/log/squid
# rm –rf /var/log/logs/
# chown squid.squid /var/log/squid/
# chmod 750 /var/log/squid/
# chmod 750 /cache/
# rm –f /usr/sbin/RunCache
# rm –f /usr/sbin/RunAccel
# strip /usr/sbin/squid
# strip /usr/lib/squid/unlinkd
# strip /usr/lib/squid/cachemgr.cgi
Buat script untuk menjalakan squid pada pada /etc/init.d dengan nama squid
#!/bin/bash
# squid This shell script takes care of starting and stopping
# Squid Internet Object Cache
#
# chkconfig: - 90 25
# description: Squid - Internet Object Cache. Internet object caching is \
# a way to store requested Internet objects (i.e., data available \
# via the HTTP, FTP, and gopher protocols) on a system closer to the \
# requesting site than to the source. Web browsers can then use the \
# local Squid cache as a proxy HTTP server, reducing access time as \
# well as bandwidth consumption.
# pidfile: /var/run/squid.pid
# config: /etc/squid/squid.conf
PATH=/usr/bin:/sbin:/bin:/usr/sbin
export PATH
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
# check if the squid conf file is present
[ -f /etc/squid/squid.conf ] exit 0
if [ -f /etc/sysconfig/squid ]; then
. /etc/sysconfig/squid
else
SQUID_OPTS="-D"
SQUID_SHUTDOWN_TIMEOUT=100
fi
# determine the name of the squid binary
[ -f /usr/sbin/squid ] && SQUID=squid
[ -z "$SQUID" ] && exit 0
prog="$SQUID"
# determine which one is the cache_swap directory
CACHE_SWAP=`sed -e 's/#.*//g' /etc/squid/squid.conf \
grep cache_dir awk '{ print $3 }'`
[ -z "$CACHE_SWAP" ] && CACHE_SWAP=/var/lib/squid
RETVAL=0
start() {
for adir in $CACHE_SWAP; do
if [ ! -d $adir/00 ]; then
echo -n "init_cache_dir $adir... "
$SQUID -z -F 2>/dev/null
fi
done
echo -n $"Starting $prog: "
$SQUID $SQUID_OPTS 2> /dev/null &
RETVAL=$?
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$SQUID
[ $RETVAL -eq 0 ] && echo_success
[ $RETVAL -ne 0 ] && echo_failure
echo
return $RETVAL
}
stop() {
echo -n $"Stopping $prog: "
$SQUID -k check >/dev/null 2>&1
RETVAL=$?
if [ $RETVAL -eq 0 ] ; then
$SQUID -k shutdown &
rm -f /var/lock/subsys/$SQUID
timeout=0
while : ; do
[ -f /var/run/squid.pid ] break
if [ $timeout -ge $SQUID_SHUTDOWN_TIMEOUT ]; then
echo
return 1
fi
sleep 2 && echo -n "."
timeout=$((timeout+2))
done
echo_success
echo
else
echo_failure
echo
fi
return $RETVAL
}
reload() {
$SQUID $SQUID_OPTS -k reconfigure
}
restart() {
stop
start
}
condrestart() {
[ -e /var/lock/subsys/squid ] && restart :
}
rhstatus() {
Kuliah Umum IlmuKomputer.Com
Copyright © 2005 IlmuKomputer.Com
5
status $SQUID
$SQUID -k check
}
probe() {
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
restart
;;
condrestart)
condrestart
;;
status)
rhstatus
;;
probe)
exit 0
;;
*)
echo $"Usage: $0 {startstopstatusreloadrestartcondrestart}"
exit 1
esac
exit $?
Rubah mode file /etc/init.d/squid
# chmod +X /etc/init.d/squid
Edit file configurasi squid (/etc/squid/squid.conf)
# squid 2.5.Stable.x configuration
# by anton@ilmukomputer.com
#
#
http_port 3128
icp_port 3130
udp_incoming_address 0.0.0.0
udp_outgoing_address 255.255.255.255
icp_query_timeout 0
maximum_icp_query_timeout 9000
mcast_icp_query_timeout 9000
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 16 MB
cache_swap_low 80%
cache_swap_high 100%
maximum_object_size 1024 KB
minimum_object_size 4 KB
maximum_object_size_in_memory 8 KB
ipcache_size 4096
ipcache_low 90
ipcache_high 95
fqdncache_size 4096
cache_replacement_policy lru
memory_replacement_policy lru
cache_dir diskd /cache 6000 14 256 Q1=64 Q2=72
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
negative_ttl 2 minutes
emulate_httpd_log on
log_ip_on_direct on
pid_filename /var/run/squid.pid
debug_options ALL,1
log_fqdn off
client_netmask 255.255.255.255
ftp_user user@palanta.com
ftp_passive on
dns_retransmit_interval 5 seconds
dns_retransmit_interval 5 seconds
dns_timeout 5 minutes
diskd_program /usr/lib/squid/diskd
unlinkd_program /usr/lib/squid/unlinkd
redirect_rewrites_host_header on
request_header_max_size 10 KB
request_body_max_size 0 MB
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern \.(gifjpgjpeg)$ 600 80% 86400
refresh_pattern \.(xbmxpmicotiff)$ 600 80% 86400
refresh_pattern \.(ausndwavramid)$ 600 80% 86400
refresh_pattern \.(qtmovavimpeg)$ 600 80% 86400
refresh_pattern \.(ivwrlvrml)$ 600 80% 86400
refresh_pattern \.(Zgz)$ 600 80% 86400
refresh_pattern \.(hqxbin)$ 600 80% 86400
refresh_pattern \.(tarzip)$ 600 80% 86400
refresh_pattern ^http:// 30 50% 86400
refresh_pattern ^ftp:// 30 50% 86400
refresh_pattern . 30 30% 43200
quick_abort_min 128 KB
quick_abort_max 4096 KB
quick_abort_pct 75
negative_ttl 1 minutes
range_offset_limit 0 KB
half_closed_clients off
shutdown_lifetime 30 seconds
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl boleh src 192.168.1.0/255.255.255.0
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost to_localhost
http_access deny manager
http_access deny !Safe_ports
http_access allow boleh
http_access deny all
icp_access allow boleh
icp_access deny all
reply_body_max_size 0 allow all
cache_mgr admin@palanta.com
cache_effective_user squid
cache_effective_group squid
visible_hostname cache.palanta.com
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_single_host off
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
query_icmp off
test_reachability off
buffered_logs on
reload_into_ims on
ie_refresh off
Jalankan squid
# /etc/init.d/squid start

2 komentar:

M. Arif Budiman mengatakan...

Mas salam kenal...
tentang squid, bagaimana caranya kita memblok download dengan case jika ada yang membuka URL dengan akhiran zip/rar/mp3 dll maka dia langsung diredirect ke halaman lain.
Trims..

rotyyu mengatakan...

Mantap gan, tutorialnya keren

In the News

Quote of the Day