M O N D A Y , M A R C H 2 6 , 2 0 0 7

How To - OpenBSD 4.0 + SQUID

Since there are so many squid how to in english, and this time I made it in Indonesian (my mother language),

but you still can use these options and my squid.conf

Operating Sistem yang saya gunakan dalam tutorial ini adalah OpenBSD 4.0 dan jika anda menggunakan

Linux atau UNIX lainnya maka anda dapat mengubah settingan berikut sesuai dengan OS anda. Jadi pertama

pastikan anda telah mendowload paket Squid yang stable, dan lanjutkan dengan mengconfigure dengan option

seperti dibawah berikut :

$./configure \

--enable-dependency-tracking \

--sysconfdir=/etc/squid \

--localstatedir=/var/squid \

--enable-external-acl-helpers=ip_user unix_group \

--enable-digest-auth-helpers=password \

--enable-auth=basic ntlm digest \

--enable-ntlm-fail-open \

--enable-basic-auth-helpers=MSNT NCSA SMB \

--enable-ntlm-auth-helpers=SMB \

--enable-pf-transparent \

--enable-cache-digests \

--enable-delay-pools \

--enable-htcp \

--enable-default-err-language=English \

--enable-err-languages=English Korean Japanese Spanish \

--enable-ssl \

--enable-arp-acl \

--enable-kill-parent-hack \
--enable-removal-policies=heap lru \

--enable-storeio=ufs aufs coss diskd \

--enable-dl-malloc \

--enable-async-io \

--enable-snmp \

--with-maxfd=1024

dan lanjutkan dengan

# make && make install

dan kemudian edit squid.conf anda, ini contoh dari squid.conf saya

##squid.conf for openbsd 4.0

http_port 127.0.0.1:3128 transparent

icp_port 0

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?

no_cache deny QUERY

#=======================================================$

# CACHE MEM

#=======================================================$

cache_mem 6 MB

cache_swap_low 98

cache_swap_high 99

maximum_object_size 10 MB

minimum_object_size 0 KB

maximum_object_size_in_memory 128 KB

ipcache_size 2048

ipcache_low 98

ipcache_high 99

cache_replacement_policy heap LFUDA

memory_replacement_policy heap GDSF

cache_dir aufs /var/squid/cache 1200 16 256

#cache_dir diskd /var/squid/cache 4000 10 256 Q1=72 Q2=64

#cache_dir diskd /var/squid/cache 4000 10 256 Q1=72 Q2=64

#cache_dir diskd /var/squid/cache 4000 10 256 Q1=72 Q2=64

#cache_dir diskd /var/squid/cache 4000 10 256 Q1=72 Q2=64

#diskd_program /usr/local/libexec/diskd

#unlinkd_program /usr/local/libexec/unlinkd

cache_effective_user _squid

cache_effective_group _squid

#=======================================================$

# SQUID LOG

#=======================================================$

access_log /var/squid/logs/access.log

cache_store_log none

pid_filename /var/squid/logs/squid.pid

log_fqdn off

log_icp_queries off

auth_param basic children 5

auth_param basic realm Squid proxy-caching web server

auth_param basic credentialsttl 2 hours

auth_param basic casesensitive off

#============================================================$

#refresh

#============================================================$

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern ^ftp: 10080 95% 241920 reload-into-ims override-lastmod

refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod

refresh_pattern \.gif 4320 50% 43200

refresh_pattern \.jpg 4320 50% 43200

refresh_pattern \.tif 4320 50% 43200

refresh_pattern \.png 4320 50% 43200

refresh_pattern \.jpeg 4320 50% 43200

refresh_pattern ^http://www.friendster.com/.* 720 100% 4320

refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320

refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320

refresh_pattern ^http://*.yimg.*/.* 720 100% 4320

refresh_pattern ^http://*.gmail.*/.* 720 100% 4320

refresh_pattern ^http://*.google.*/.* 720 100% 4320

refresh_pattern ^http://*korea.*/.* 720 100% 4320

refresh_pattern ^http://*.akamai.*/.* 720 100% 4320

refresh_pattern ^http://*.windowsmedia.*/.* 720 100% 4320

refresh_pattern ^http://*.googlesyndication.*/.* 720 100% 4320

refresh_pattern ^http://*.plasa.*/.* 720 100% 4320

refresh_pattern ^http://*.telkom.*/.* 720 100% 4320

refresh_pattern ^ftp: 10080 95% 40320 reload-into-ims override-lastmod

refresh_pattern . 0 20% 4320 reload-into-ims override-lastmod

#refresh_pattern ^ftp: 10080 95% 241920 reload-into-ims override-lastmod

#refresh_pattern ^gopher: 1440 0% 1440

#refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod

#============================================================$

# QUICK ABORT

#============================================================$

quick_abort_min 0 KB

quick_abort_max 0 KB

quick_abort_pct 98

#============================================================$

#ACCESS CONTROL LIST

#============================================================$

acl all src 0.0.0.0/0.0.0.0

acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255

acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443 563

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT

acl our_networks src 192.168.8.0/24

acl noproxy1 src 192.168.8.200 #dont proxy this machine

acl ie_browser browser `^Mozilla/4\.0 .compatible; MSIE;` #Internet Explorer

acl bad_browser browser ^Gator # spyware crap

acl windowsupdate dstdomain .windowsupdate.com # allow ie

acl windowsupdate dstdomain .windowsupdate.microsoft.com

acl ie_exceptions dstdomain .1u-firewall.com

acl ie_exceptionsa dst 3.4.5.6 #Allow Internet explorer to this IP address

acl SMTP_port port 25

http_port 3128

icp_port 3130

http_access deny bad_browser

http_access deny SMTP_port

http_access allow noproxy1

http_access allow our_networks

http_access allow manager localhost

http_access deny to_localhost

http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access deny all

http_reply_access allow all

coredump_dir /var/squid/cache

query_icmp off

shutdown_lifetime 10 seconds

reload_into_ims on

pipeline_prefetch on

ie_refresh off

vary_ignore_expire on

cache_mgr xxxxxx

logfile_rotate 1

memory_pools on

visible_hostname gateway.net

positive_dns_ttl 60 seconds

negative_dns_ttl 29 seconds

########################### E O F #######################

Squid.conf tersebut dapat anda tambah kan dan dikurangkan sesuai sistem anda dan kebutuhan anda.

posted by Reign of NIX @ Monday, March 26, 2007

0 Comments:

Post a Comment
<< Home

NIX Blogging
This Blog its all About Me

A B O U T M E

Name:Reign of NIX

Location:Jakarta, Jakarta, ID

You wont believe if i tell you

 View my complete profile

P R E V I O U S P O S T S

 O2 XDA ATOM LIFE

 Make OpenBSD ISO

 12th Mega Bazaar Komputer

 Gigabyte Gsmart

 O2 XDA ZINC

 Pocket Putty For Windows Mobile

 Set Up GPRS On O2

 Hollywood Loves Linux

 Fedora Core 7

 Christmas Eve

L I N K S

 Ika Verlita's Blog

 Manu's Blog

 Adi Ridwansah's Blog

 Sukma's Blog

 Aziz's Blog

 My Multiply

 My Friendster Blog

 My Love Blog
 Subscribe in a reader

Recent Readers

You!
Join Our Community

tsukmadeh

St4bilo_blue

azfaazfa

xarom

View Reader Community

Join this Community
(provided by MyBlogLog)

Recent Readers

You!
Join Our Community
 tsukmadeh

St4bilo_blue

azfaazfa

xarom

View Reader Community

Join this Community
(provided by MyBlogLog)

Yahoo!Messenger

Learn Something From The Web