INSTALASI DAN KONFIGURASI LUSCA PROXy
Install squid bawaan CentOS terlebih dahulu
Code:
[root@lusca-proxy ~]# yum install squid Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
addons | 951 B 00:00 addons/primary | 202 B 00:00 base | 2.1 kB 00:00 base/primary_db | 1.6 MB 00:02 extras | 2.1 kB 00:00 extras/primary_db | 188 kB 00:00 updates | 1.9 kB 00:00 updates/primary_db | 840 kB 00:01 Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package squid.i386 7:2.6.STABLE21-6.el5 set to be updated --> Processing Dependency: perl(URI::URL) for package: squid --> Running transaction check
---> Package perl-URI.noarch 0:1.35-3 set to be updated --> Finished Dependency Resolution
Dependencies Resolved
============================================================================== ==
Package Arch Version Repository Size ============================================================================== ==
Installing:
squid i386 7:2.6.STABLE21-6.el5 base 1.3 M Installing for dependencies:
perl-URI noarch 1.35-3 base 116 k
Transaction Summary
============================================================================== ==
Install 2 Package(s) Upgrade 0 Package(s)
Setelah terinstall maka kita remove lagi
Code:
[root@lusca-proxy ~]# yum remove squid Loaded plugins: fastestmirror
Setting up Remove Process Resolving Dependencies
--> Running transaction check
---> Package squid.i386 7:2.6.STABLE21-6.el5 set to be erased --> Finished Dependency Resolution
Dependencies Resolved
============================================================================== ==
Package Arch Version Repository Size ============================================================================== ==
Removing:
squid i386 7:2.6.STABLE21-6.el5 installed 3.5 M
Transaction Summary
============================================================================== ==
Remove 1 Package(s) Reinstall 0 Package(s) Downgrade 0 Package(s)
Is this ok [y/N]: y
Setelah itu kita install paket yang di butuhkan untuk kompilasi LUSCA yaitu :
- automake
- gcc
- glibc-devel
- e2fsprogs-devel
- sharutils
Code:
[root@lusca-proxy ~]# yum install automake gcc glibc-devel e2fsprogs-devel sharutils
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package automake.noarch 0:1.9.6-2.3.el5 set to be updated --> Processing Dependency: autoconf >= 2.58 for package: automake ---> Package e2fsprogs-devel.i386 0:1.39-23.el5_5.1 set to be updated --> Processing Dependency: e2fsprogs-libs = 1.39-23.el5_5.1 for package:
---> Package gcc.i386 0:4.1.2-48.el5 set to be updated
--> Processing Dependency: cpp = 4.1.2-48.el5 for package: gcc --> Processing Dependency: libgomp >= 4.1.2-48.el5 for package: gcc ---> Package glibc-devel.i386 0:2.5-49.el5_5.7 set to be updated
--> Processing Dependency: headers = 2.5-49.el5_5.7 for package: glibc-dev el
--> Processing Dependency: glibc = 2.5-49.el5_5.7 for package: glibc-devel --> Processing Dependency: glibc-headers for package: glibc-devel
---> Package sharutils.i386 0:4.6.1-2 set to be updated --> Running transaction check
---> Package autoconf.noarch 0:2.59-12 set to be updated --> Processing Dependency: imake for package: autoconf ---> Package cpp.i386 0:4.1.2-48.el5 set to be updated
--> Processing Dependency: e2fsprogs-libs = 1.39-23.el5 for package: e2fsprogs ---> Package e2fsprogs-libs.i386 0:1.39-23.el5_5.1 set to be updated
--> Processing Dependency: glibc = 2.5-49 for package: nscd ---> Package glibc.i686 0:2.5-49.el5_5.7 set to be updated
--> Processing Dependency: glibc-common = 2.5-49.el5_5.7 for package: glibc ---> Package glibc-headers.i386 0:2.5-49.el5_5.7 set to be updated
--> Processing Dependency: kernel-headers >= 2.2.1 for package: glibc-headers --> Processing Dependency: kernel-headers for package: glibc-headers
---> Package libgomp.i386 0:4.4.0-6.el5 set to be updated --> Running transaction check
---> Package e2fsprogs.i386 0:1.39-23.el5_5.1 set to be updated ---> Package glibc-common.i386 0:2.5-49.el5_5.7 set to be updated ---> Package imake.i386 0:1.0.2-3 set to be updated
---> Package kernel-headers.i386 0:2.6.18-194.26.1.el5 set to be updated ---> Package nscd.i386 0:2.5-49.el5_5.7 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
============================================================================== ==
Package Arch Version Repository Size ============================================================================== ==
Installing:
automake noarch 1.9.6-2.3.el5 base 476 k e2fsprogs-devel i386 1.39-23.el5_5.1 updates 569 k gcc i386 4.1.2-48.el5 base 5.2 M glibc-devel i386 2.5-49.el5_5.7 updates 2.0 M sharutils i386 4.6.1-2 base 201 k Installing for dependencies:
autoconf noarch 2.59-12 base 647 k cpp i386 4.1.2-48.el5 base 2.6 M glibc-headers i386 2.5-49.el5_5.7 updates 602 k imake i386 1.0.2-3 base 319 k kernel-headers i386 2.6.18-194.26.1.el5 updates 1.1 M libgomp i386 4.4.0-6.el5 base 70 k Updating for dependencies:
Transaction Summary
============================================================================== ==
Install 11 Package(s) Upgrade 5 Package(s)
Total download size: 37 M Is this ok [y/N]:y
Duduk tenang selesai install paket-paket di atas kemudian download LUSCA nya dari google
Code:
[root@lusca-proxy ~]#wget http://lusca-cache.googlecode.com/files/LUSCA_HEAD-r14809.tar.gz
Setelah itu di extrak
Code:
[root@lusca-proxy ~]# tar -zxvf LUSCA_HEAD-r14809.tar.gz
Pindah ke dalam direktori lusca, naikkan filedescriptors, dan kemudian configure menggunakan
opsi-opsi di bawah ini
Code:
[root@lusca-proxy ~]# cd LUSCA_HEAD-r14809 [root@lusca-proxy ~]# ulimit -n 8192
[root@lusca-proxy LUSCA_HEAD-r14809]# ./configure --prefix=/usr/local/squid --exec-prefix=/usr/local/squid --enable-delay-pools --enable-cache-digests --enable-poll --enable-linux-netfilter --enable-removal-policies --with-maxfd=8192 --enable-storeio=aufs --disable-wccp --enable-x-accelerator-vary --enable-kill-parent-hack --enable-async-io=30 --disable-ident-lookups
semua file instalasi terletak di /usr/local/squid/ jadi kita tidak akan repot-repot mencari-cari file
squid
Kemudian install
Code:
[root@lusca-proxy LUSCA_HEAD-r14809]# make all && make install
Duduk tenang menunggu instalasi selesai sekarang waktu nya Konfigurasi.
- Pindah ke direktori /usr/local/squid/etc
Code:
[root@lusca-proxy LUSCA_HEAD-r14809]# cd /usr/local/squid/etc/
kemudian config squid nya kaya gini nih,..
Code:
##start of config
http_port 3128 transparent icp_port 0
#icp_port 3130
#error_directory /usr/share/squid/errors/templates #icon_directory /usr/share/squid/icons
visible_hostname lusca.net cache_mgr admin@localhost access_log /cache1/access.log cache_log /cache1/cache.log cache_store_log none
logfile_rotate 1
shutdown_lifetime 10 seconds
#################################################################### # Allow local network(s) on interface(s)
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing # should be allowed
#acl localnet src 10.0.0.0/8 # RFC1918 possible internal network #acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.25.0/24 # RFC1918 possible internal network ####################################################################
uri_whitespace strip #dns_nameservers
#dns_testnames 127.0.0.1
cache_mem 8 MB
maximum_object_size_in_memory 128 MB memory_replacement_policy heap GDSF cache_replacement_policy heap LFUDA
cache_dir aufs /cache1 32768 64 256
minimum_object_size 512 bytes maximum_object_size 128000 KB offline_mode off
cache_swap_low 98 cache_swap_high 99
# No redirector configured
# Setup some default acls acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 81 3128 1025-65535
acl sslports port 443 563 81 acl manager proto cache_object acl purge method PURGE
acl connect method CONNECT
#acl dynamic urlpath_regex cgi-bin \?
http_access allow manager localhost http_access deny manager
http_access allow purge localhost http_access deny purge
http_access deny !safeports
# Always allow localhost connections http_access allow localhost
# Allow local network(s) on interface(s) http_access allow localnet
# Default block all to be sure http_access deny all
#include /usr/local/squid/etc/storeurl-el5.pl include /usr/local/squid/etc/tunning.conf
##end of config
terus save.as storeurl.pl
Code:
#!/usr/bin/perl5.8.8
# by chudy_fernandez@yahoo.com # Updates at
http://wiki.squid-cache.org/ConfigExamples/DynamicContent/YouTube/Discussion $|=1;
while (<>) { @X = split;
$X[1] =~ s/&sig=.*//; $x = $X[0] . " "; $_ = $X[1];
$u = $X[1];
# compatibility for old cached get_video?video_id if (m/^http:\/\/([0-9.]
{4}|.*\.youtube\.com|.*\.googlevideo\.com|.*\.video\.google\.com).*? (videoplayback\?id=.*?|video_id=.*?)\&(.*?)/) {
$z = $2; $z =~ s/video_id=/get_video?video_id=/;
print $x . "http://video-srv.youtube.com.SQUIDINTERNAL/" . $z . "\n";
# youtube HD itag=22 } elsif (m/^http:\/\/([0-9.]
{4}|.*\.youtube\.com|.*\.googlevideo\.com|.*\.video\.google\.com).*?\&(itag=22 ).*?\&(id=[a-zA-Z0-9]*)/) {
print $x . "http://video-srv.youtube.com.SQUIDINTERNAL/" . $2 . "&" . $3 . "\n";
# youtube Normal screen always HD itag 35, Normal screen never HD itag 34, itag=18 <--normal?
} elsif (m/^http:\/\/([0-9.]
{4}|.*\.youtube\.com|.*\.googlevideo\.com|.*\.video\.google\.com).*?\&(itag=[0 -9]*).*?\&(id=[a-zA-Z0-9]*)/) {
print $x . "http://video-srv.youtube.com.SQUIDINTERNAL/" . $3 . "\n";
} elsif (m/^http:\/\/www\.google-analytics\.com\/__utm\.gif\?.*/) { print $x . "http://www.google-analytics.com/__utm.gif\n";
(\.doubleclick\.net|\.quantserve\.com|\.googlesyndication\.com)(.*)/) { $y = $3;$z = $2;
for ($y) {
s/pixel;.*/pixel/;
s/activity;.*/activity/; s/(imgad[^&]*).*/\1/; s/;ord=[?0-9]*//;
s/;×tamp=[0-9]*//; s/[&?]correlator=[0-9]*//; s/&cookie=[^&]*//;
s/&ga_hid=[^&]*//; s/&u_his=[^&]*//; s/&dt=[^&]*//; s/&lmt=[^&]*//;
s/(&alternate_ad_url=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/; s/(&url=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/;
s/(&ref=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/; s/(&cookie=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/; s/[;&?]ord=[?0-9]*//;
s/[;&]mpvid=[^&;]*//; }
print $x . "http://" . $1 . $2 . $y . "\n";
#cache high latency ads } elsif (m/^http:\/\/(.*?)\/(ads)\?(.*?)/) { print $x . "http://" . $1 . "/" . $2 . "\n";
# spicific servers starts here....
} elsif (m/^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*?)/) { print $x . "http://" . $1 . "\n";
# # indowebster added by fahmi[at]airputih.or.id #} elsif (($u =~ /indowebster/) && (m/^http:\/\/www[0-9][0-9]\.indowebster.com.*\/(.*?)/)) {
# print $x . "http://cdn.indowebster.com/" . $2 . "\n";
#cdn, varialble 1st path
} elsif (($u =~ /filehippo/) && (m/^http:\/\/(.*?)\.(.*?)\/(.*?)\/(.*)\.([a-z0-9]{3,4})(\?.*)?/)) {
@y = ($1,$2,$4,$5);
$y[0] =~ s/[a-z0-9]{2,5}/cdn./;
print $x . "http://" . $y[0] . $y[1] . "/" . $y[2] . "." . $y[3] . "\n";
#rapidshare
} elsif (($u =~ /rapidshare/) && (m/^http:\/\/(([A-Za-z]+[0-9-.]+)*?)([a-z]*\. [^\/]{3}\/[a-z]*\/[0-9]*)\/(.*?)\/([^\/\?\&]{4,})$/)) {
print $x . "http://cdn." . $3 . "/SQUIDINTERNAL/" . $5 . "\n";
} elsif (($u =~ /maxporn/) && (m/^http:\/\/([^\/]*?)\/(.*?)\/([^\/]*?)(\?.*)? $/)) {
print $x . "http://" . $1 . "/SQUIDINTERNAL/" . $3 . "\n";
#like porn hub variables url and center part of the path, filename etention 3 or 4 with or withour ? at the end
+)*?)\.([a-z]*[0-9]?\.[^\/]{3}\/[a-z]*)(.*?)((\/[a-z]*)?(\/[^\/]*){4}\.[^\/\?] {3,4})(\?.*)?$/)) {
print $x . "http://cdn." . $3 . $5 . "\n"; #...spicific servers end here.
#general purpose for cdn servers. add above your specific servers. } elsif (m/^http:\/\/([0-9.]*?)\/\/(.*?)\.(.*)\?(.*?)/) {
print $x . "http://squid-cdn-url//" . $2 . "." . $3 . "\n";
#for yimg.com doubled
} elsif (m/^http:\/\/(.*?)\.yimg\.com\/(.*?)\.yimg\.com\/(.*?)\?(.*)/) { print $x . "http://cdn.yimg.com/" . $3 . "\n";
#for yimg.com with &sig=
} elsif (m/^http:\/\/(.*?)\.yimg\.com\/(.*)/) { @y = ($1,$2);
$y[0] =~ s/[a-z]+[0-9]+/cdn/; $y[1] =~ s/&sig=.*//;
print $x . "http://" . $y[0] . ".yimg.com/" . $y[1] . "\n";
#generic http://variable.domain.com/path/filename."ext" or "exte" with or withour "?"
} elsif (m/^http:\/\/(.*)([^\.\-]*?\..*?)\/(.*)\.([^\/\?\&]{3,4})(\?.*)?$/) { @y = ($1,$2,$3,$4);
$y[0] =~ s/(([a-zA-A-]+[0-9-]+)|(.*cdn.*)|(.*cache.*))/cdn/;
print $x . "http://" . $y[0] . $y[1] . "/" . $y[2] . "." . $y[3] . "\n";
# generic http://variable.domain.com/...
} elsif (m/^http:\/\/(([A-Za-z]+[0-9-]+)*?|.*cdn.*|.*cache.*)\.(.*?)\.(.*?)\/ (.*)$/) {
print $x . "http://cdn." . $3 . "." . $4 . "/" . $5 . "\n";
# spicific extention that ends with ?
} elsif (m/^http:\/\/(.*?)\/(.*?)\.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv| on2)\?(.*)/) {
print $x . "http://" . $1 . "/" . $2 . "." . $3 . "\n";
# all that ends with ;
} elsif (m/^http:\/\/(.*?)\/(.*?)\;(.*)/) {
print $x . "http://" . $1 . "/" . $2 . "\n";
} else {
print $x . $_ . "\n"; }
}
save as lagi tunning.conf
Code:
acl store_rewrite_list urlpath_regex \/(get_video|videoplayback\? id|videoplayback.*id)
acl store_rewrite_list urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?| bmp|ico|flv|wmv|3gp|mp(4|3)|exe|msi|zip|on2|mar)\?
acl store_rewrite_list_domain url_regex ^http:\/\/([a-zA-Z-]+[0-9-] +)\.[A-Za-z]*\.[A-Za-z]*
acl store_rewrite_list_path urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?| bmp|ico|flv|avc|zip|mp3|3gp|rar|on2|mar|exe)$
acl store_rewrite_list_domain_CDN url_regex \.rapidshare\.com.*\/[0-9]*\/.*\/[^\/]* ^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*)
\.doubleclick\.net.*
acl store_rewrite_list_domain_CDN url_regex ^http:\/\/[.a-z0-9]*\.photobucket\.com.*\.[a-z]{3}$ quantserve\.com
acl store_rewrite_list_domain_CDN url_regex ^http:\/\/[a-z]+[0-9]\.google\.co(m|\.id)
acl store_rewrite_list_domain_CDN url_regex
^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(rar|zip|flv|wm(a|v)|3gp|mp(4|3)|exe|msi|avi|(mp(e? g|a|e|1|2|3|4))|cab|exe)
acl dontrewrite url_regex redbot\.org \.php acl getmethod method GET
storeurl_access deny dontrewrite storeurl_access deny !getmethod
storeurl_access allow store_rewrite_list_domain_CDN storeurl_access allow store_rewrite_list
storeurl_access allow store_rewrite_list_domain storeurl_access allow store_rewrite_list_path storeurl_access deny all
storeurl_rewrite_program /usr/local/squid/etc/storeurl.pl storeurl_rewrite_children 7
storeurl_rewrite_concurrency 0
# 1 year = 525600 mins, 1 month = 43800 mins
refresh_pattern imeem.*\.flv 0 0% 0 override-lastmod override-expire store-stale
refresh_pattern \.rapidshare.*\/[0-9]*\/.*\/[^\/]* 161280 90% 161280 ignore-reload store-stale
refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?) 129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern (get_video\?|videoplayback\?id|videoplayback.*id|
videodownload\?|\.flv?) 129600 999999% 129600 cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims ignore-no- store-stale
#refresh_pattern -i (get_video\?|videoplayback\?id|videoplayback.*id||
videodownload\?|\.flv?) 129600 999999% 129600 cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims ignore-no- store-stale
refresh_pattern \.(ico|video-stats) 129600 999999% 129600 override-expire ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth override-lastmod ignore-must-revalidate negative-ttl=10080 store-stale refresh_pattern \.etology\? 129600 999999% 129600 override-expire ignore-reload ignore-no-cache store-stale refresh_pattern galleries\.video(\?|sz) 129600 999999% 129600 override-expire ignore-reload ignore-no-cache store-stale refresh_pattern brazzers\? 129600 999999%
129600 override-expire ignore-reload ignore-no-cache store-stale refresh_pattern \.adtology\? 129600 999999% 129600 override-expire ignore-reload ignore-no-cache store-stale refresh_pattern ^.*(utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|
ad\.trafficmp\.com|ads\.cubics\.com|
ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager| game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net| adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 129600 20% 129600 ignore-no-cache ignore-no-store ignore-private override-expire ignore-reload ignore-auth ignore-must-revalidate store-stale negative-ttl=40320 max-stale=10
refresh_pattern ^.*safebrowsing.*google 129600 999999% 129600 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth
ignore-must-revalidate negative-ttl=10080 store-stale
refresh_pattern ^http://((cbk|mt|khm|mlt)[0-9]?)\.google\.co(m|\.uk) 129600 999999% 129600 override-expire ignore-reload ignore-private store-stale negative-ttl=10080
refresh_pattern ytimg\.com.*\.jpg 129600 999999% 129600 override-expire ignore-reload store-stale
refresh_pattern images\.friendster\.com.*\.(png|gif) 129600 999999% 129600 override-expire ignore-reload store-stale
refresh_pattern garena\.com 129600 999999% 129600 override-expire reload-into-ims store-stale
refresh_pattern photobucket.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 129600 999999% 129600 override-expire ignore-reload store-stale
refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 129600 999999% 129600 ignore-no-cache override-expire override-lastmod store-stale
refresh_pattern mediafire.com\/images.*\.(jp(e?g|e|2)|tiff?|bmp|gif| png) 129600 999999% 129600 reload-into-ims override-expire ignore-private store-stale
refresh_pattern ^http:\/\/images|pics|thumbs[0-9]\. 129600 999999% 129600 reload-into-ims ignore-no-cache ignore-no-store ignore-reload override-expire store-stale
refresh_pattern ^http:\/\/www.onemanga.com.*\/ 129600 999999% 129600 reload-into-ims ignore-no-cache ignore-no-store ignore-reload override-expire store-stale
# ANTI VIRUS
refresh_pattern guru.avg.com/.*\.(bin) 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern (avgate|avira).*(idx|gz)$ 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern kaspersky.*\.avc$ 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern kaspersky 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern update.nai.com/.*\.(gem|zip|mcs) 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern ^http:\/\/liveupdate.symantecliveupdate.com.*\(zip) 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern windowsupdate.com/.*\.(cab|exe)
43200 999999% 129600 no-cache no-store ignore-reload ignore-reload-into-ims store-stale
43200 999999% 129600 no-cache no-store ignore-reload ignore-reload-into-ims store-stale
refresh_pattern download.microsoft.com/.*\.(cab|exe)
43200 999999% 129600 no-cache no-store ignore-reload ignore-reload-into-ims store-stale
#images facebook
refresh_pattern ((facebook.com)|(85.131.151.39)).*\.(jpg|png|gif) 129600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|
mp3) 129600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern static\.ak\.fbcdn\.net*\.(jpg|gif|png) 12960 0 999999% 129600 ignore-reload override-expire cache ignore-no-store ignore-no-store-stale
refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png) 129600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
#banner IIX
refresh_pattern ^http:\/\/openx.*\.(jp(e?g|e|2)|gif|pn[pg]|swf|ico|css|tiff?) 129600 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/ads(1|2|3).kompas.com.*\/ 43200 99999% 129600 reload-into-ims reload override-expire no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/img.ads.kompas.com.*\/ 43200 99999% 129600 reload-into-ims ignore-reload override-expire cache ignore-no-store ignore-no-store-stale
refresh_pattern .kompasimages.com.*\.(jpg|gif|png|swf) 43200 99999% 129600 reload-into-ims reload override-expire no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/openx.kompas.com.*\/ 43200 99999% 129600 reload-into-ims ignore-reload override-expire cache ignore-no-store ignore-no-store-stale
refresh_pattern kaskus.\us.*\.(jp(e?g|e|2)|gif|png|swf) 43200 99999% 129600 reload-into-ims reload override-expire no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/img.kaskus.us.*\.(jpg|gif|png|swf) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
#IIX DOWNLOAD
refresh_pattern ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(mp3|rar|zip| flv|wmv|3gp|mp(4|3)|exe|msi|zip) 43200 99999% 129600 reload-into-ims reload override-expire no-cache no-store store-stale ignore-auth
#All File
refresh_pattern -i
\.(3gp|7z|ace|asx|avi|bin|cab|dat|deb|divx|dvr-ms) 129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|
v)) 129600 999999% 129600 no-cache no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rar| rm|r(a|p)m|snd|vob|wav) 129600 999999% 129600 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(pp(s|t)|wax|wm(a|v)|wmx|wpl|zip|cb(r|z|t)) 129600 999999% 43200 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern (cgi-bin|\?) 0 0% 0 refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern ^ftp: 10080 95% 43200 override-lastmod reload-into-ims store-stale
refresh_pattern . 180 95% 43200 override-lastmod reload-into-ims store-stale
global_internal_static off max_stale 10 years
retry_on_error on buffered_logs on read_ahead_gap 32 KB
header_access Accept-Encoding deny all client_persistent_connections off
server_persistent_connections on half_closed_clients off
strip_query_terms off quick_abort_min 0 KB quick_abort_max 0 KB quick_abort_pct 100 vary_ignore_expire on reload_into_ims on pipeline_prefetch on #range_offset_limit 50 KB read_timeout 30 minutes client_lifetime 6 hours negative_ttl 30 seconds positive_dns_ttl 6 hours negative_dns_ttl 60 seconds pconn_timeout 15 seconds request_timeout 1 minute store_avg_object_size 13 KB log_icp_queries off
ipcache_size 16384 ipcache_low 98 ipcache_high 99 log_fqdn off
fqdncache_size 16384 memory_pools off forwarded_for on
zph_mode tos zph_local 0x30 zph_parent 0 zph_option 136
cachemgr_passwd none all client_db on
max_filedescriptors 4096 n_aiops_threads 24
#client_socksize 16 MB load_check_stopen on load_check_stcreate on
download_fastest_client_speed on
– Buat direktori untuk nampung cache di /cache1,
– kemudian ubah permission nya untuk squid
– kemudian ubah permission file tunning.conf dan storeurl.pl agar bisa di exekusi
Code:
[root@lusca-proxy etc]# mkdir /cache1
[root@lusca-proxy etc]# chown squid:squid /cache1
[root@lusca-proxy etc]# chmod 777 tunning.conf storeurl.pl
Building cache dir squid
Code:
[root@lusca-proxy etc]# /usr/local/squid/sbin/squid -z
edit localnet pada squid.conf. sesuaikan network client kita :
potongan squid.conf
Code:
[root@lusca-proxy etc]# nano -c squid.conf ...
#################################################################### # Allow local network(s) on interface(s)
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing # should be allowed
#acl localnet src 10.0.0.0/8 # RFC1918 possible internal network #acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 7.7.9.0/24 # RFC1918 possible internal network ####################################################################
Cek apakah ada config error di squid dan apabila tidak ada error Jalankan squid sebagai daemon
Code:
[root@lusca-proxy etc]# /usr/local/squid/sbin/squid -k parse [root@lusca-proxy etc]# /usr/local/squid/sbin/squid -NDd1 &
Testing. Silahkan arahkan browser menggunakan proxy ke server LUSCA dengan port 3128
Code:
[root@lusca-proxy etc]# tail -f /cache1/access.log
catatan :
buat ngecek idup apa ngga di nmap saja liat port nya kebuka atau ngga
jika ketemu error Filedescriptors blabla, edit di file
Code:
pada bagian paling atas
Code:
#!/usr/bin/perl5.8.8 <===== edit menjadi "#!/usr/bin/perl" tanpa tanda kutip
# by chudy_fernandez@yahoo.com # Updates at
http://wiki.squid-cache.org/ConfigExamples/DynamicContent/YouTube/D iscussion
$|=1;
...
untuk menjalankan lusca setiap abis restart secara otomatis ketik perintah ini di console
Code:
[root@lusca-proxy ~]# echo "/usr/local/squid/sbin/squid -NDd1 &" >> /etc/rc.local