[ARCHIVE] SQUID & LUSCA Proxy High performance + Caching dynamic content default config squid tidak di dedikasikan

utk caching dynamic content, terutama utk file2 dynamic (kayak youtube dan google addssense dll) file2 itu biasanya membuat penuh cache tapi karena content dynamic oleh squid pasti akan dianggap miss dan akan mendownload lagi jadi bisa membuat posioning cache untuk update squid ke lusca silahkan ikuti cara2 ini (contoh utk redhat base & freebsd base) cara2nya (pake putty aja enak), apa itu puty silahkan baca disini : untuk keluarga redhat-5 (centos-5.x, fedora, clearOS dll) stop dulu servis squid nya /etc/init.d/squid stop backup dulu squid.conf nya di /etc/squid/squid.conf delet squid lama rpm -e squid-xxx(versi squid) delete file di directory cache_dir ex: rm -rf /cache/* download package lusca NEW LUSCA UBUNTU-64 BIT (SVN checkout 24 Maret 2010) hxxp://squid-proxy-pkg.googlecode.com/files/deb-lusca-r14499-64.tar.bz2 Quote:

NEW LUSCA Release 14410 (SVN checkout 16 February 2010) hxxp://squid-packge.googlecode.com/files/LUSCA_HEAD-r14410-1_el5.i386.rpm hxxp://squid-packge.googlecode.com/files/LUSCA_HEAD-r14410-1_el5.x86_64.rpm wget hxxp://squid-packge.googlecode.com/files/LUSCA_HEAD-r14371-1_el5.i386.rpm trus di intstall rpm -Uvh LUSCA_HEAD-r14371-1_el5.i386.rpm trus download file2 confignya cd /etc/squid/ wget hxxp://squid-proxy-pkg.googlecode.com/files/squid.conf wget hxxp://squid-proxy-pkg.googlecode.com/files/storeurl-el5.pl

wget hxxp://squid-proxy-pkg.googlecode.com/files/tunning-el5.conf chmod +x storeurl-el5.pl chown squid:squid tunning-el5.conf chown squid:squid storeurl-el5.pl dan silahkan sesuaikan configurasi cache_dir,allow netlocal dll di tempat anda di file squid.conf update tunning sysctl.conf cd /etc/ wget hxxp://squid-packge.googlecode.com/files/sysctl.conf-el5 mv sysctl.conf-el5 sysctl.conf rebuild cache cek configurasi squid -k parse jika tidak ada error, rebuild cache swap squid -z start servis squid /etc/init.d/squid start catatan: dengan 6 client aktif perhari saja, cache swap bisa mencapai 1 Gb perhari, dan lusca hanya support aufs dan coss, tidak support ufs dan diskd (obsolete) sources LUSCA rpm : hxxp://squid-packge.googlecode.com/files/LUSCA_HEAD-r143711_el5.src.rpm utk keluarga freebsd (pfsense ): stop dulu servis squidnya (bisa lewat web kalo di pfsense) delete directory cache_dir (default di /var/squid/cache) rm -rf /var/squid/cache/* delet dulu squid lama pkg_delete squid\* install lusca update release from svn lusca-head-r14410 Quote: hxxp://squid-packge.googlecode.com/files/lusca-head-r14410_1.tbz

pkg_add -rv hxxp://squid-proxy-pkg.googlecode.com/files/freebsd-lusca-head-r14371_3.tbz rehash squid -v kemudian baru di tunning kernel dan squidnya : masuk ke directory squid cd /usr/local/etc/squid/ download dulu tunning squidnya fetch hxxp://freebsd-squid-system.googlecode.com/files/tunning.conf download program store dynamic cache fetch hxxp://freebsd-squid-system.googlecode.com/files/storeurl.pl ubah mode filenya : chmod +x storeurl.pl chown proxy chown proxy roxy storeurl.pl roxy tunning.conf

download tunning kernel cd /etc fetch hxxp://freebsd-squid-system.googlecode.com/files/sysctl.conf cd /boot fetch hxxp://freebsd-squid-system.googlecode.com/files/loader.conf trus tambahin option tunning dengan menambah link baris di /usr/local/pkg/squid.inc cari kata2 ini pake winscp acl dynamic urlpath_regex cgi-bin \? dan tambahkan ini dibawahnya include /usr/local/etc/squid/tunning.conf trus rebuild cache squid -z sebelum servis dijalankan, cek apakah ada yang salah dengan confignya : squid -k parse jika tidak ada error, start servis squidnya (bisa lewat web) atau reboot server nya untuk keluarga debian (ubuntu,kubuntu dll) dan slackware filenya masih belum di upload, atau silahkan build sendiri dari sources hehehe

copy patse dr bawah just info : configurasi tunning*.conf gak akan jalan kalau menggunakan sources lusca originalnya, package yang di buat (rpm dan bz) sudah di patch untuk optimasi refresh_pattern. beberapa perbedaan yang dibuat . 1. support for refresh_pattern store-stale (belum ada di squid-2.7 dan lusca original) 2.tambahan ignore-no-store,ignore-must-revalidate (belum ada di squid-2.7 dan lusca original), 3. patch loop untuk content video (akan muncul cacheHit dan looping terdetetect maka download ulang content yang sama akan di stop. 4. patch varry on, jika menggunakan default lusca / squid-2.7.x dengan menggunakan configurasi storeurl_rewrite_program, jangan di reboot servernya, jika reboot, file content dynamic akan menjadi miss untuk test case, silahkan tambahkan option store-stale di setaip refresh_pattern, pastin beda penuhnya cache dengan tanpa store-stale Update Ubuntu/Debian Base i386 Ubuntu/Debian base i386 Quote: hxxp://squid-proxy-pkg.googlecode.com/files/lusca_r144281-ubuntu-i386.tar.bz2 silahken di sedot http://squid-packge.googlecode.com/f...-lusca.tar.bz2 http://www.forummikrotik.com/redirect-to/?redirect=http%3A%2F%2Fsquidpackge.googlecode.com%2Ffiles%2Fpatch-lusca.tar.bz2 http://www.forummikrotik.com/redirect-to/?redirect=http%3A%2F%2Fsquidpackge.googlecode.com%2Ffiles%2Fpatch-lusca.tar.bz2 patch fitur2 itu hasil utak atik gathuk dari fitur sources squid-2-HEAD, trus di modif agar cucok di lusca. dan bisa juga di modif ke squid-2.7.7, utk squid-3 gak bisa, beda compiler kekeke utuk paket ubuntu nanti saya upload LUACA_HEAD-r14371-ubuntu-1_i386.deb,
yups paling mudah download menggunakan svn svn checkout hxxp://lusca-cache.googlecode.com/svn/branches/LUSCA_HEAD/ luscacache-read-only

[SQUID] squid-2.7.STABLE8 khusus ubuntu/debian i386 This image has been resized. Click this bar to view the full image. The original image is sized 663x275.

This image has been resized. Click this bar to view the full image. The original image is sized 751x217.

support : Sedot packagenya : squid-2.7.STABLE8 Code:

cd /tmp wget hxxp://squid-proxy-pkg.googlecode.com/files/squid-2.7.STABLE8-ubuntui386.tar.bz2 tar xvf squid-2.7.STABLE8-ubuntu-i386.tar.bz2 cd squid-2.7.STABLE8-ubuntu-i386 mv /etc/squid/squid.conf /etc/squid/squid.conf.backup cp config/* /etc/squid/

Update Package squid-2.7.STABLE9 hxxp://squid-proxy-pkg.googlecode.com/files/squid-2.7.STABLE9-ubuntu-i386.tar.bz2

silahkan sesuaikan dulu squid.conf di /etc/squid/squid.conf dengan kondisi di tempat anda (cache_dir, cache_mem, dns dll) trus unisntal squid lama (jika ada) dan install squid baru Code:
dpkg -r squid squid-common squidclient squid-langpack squid-cgi dpkg -i squid_2.7.STABLE8-1_i386.deb \ squidclient_2.7.STABLE8-1_i386.deb squid-langpack_20100111-1_all.deb \ squid-cgi_2.7.STABLE8-1_i386.deb squid-common_2.7.STABLE8-1_all.deb

Tips gunakan filesystem ext4 dengan option noatime,nobarier/barier=0 di fstab / reiserfs dgn option

noatime, notail

jika client lebih dari 50, gunakan minimal 2 hardisk agar tidak terjadi bootlenect di HD sesuikan besarnya cache_dir dengan merujuk tersedianya ram fisik, jangan kemaruk nanti

berakibat buruk non aktifkan servis2 yang tidak penting agar memory lebih optimal

* itu tergantung topologi networknya om, pake iptables kalo proxy di jadikan model router, kalo gak ya disable saja servis iptables nya

* diatas sudah ada step2 upgrade squid dan sudah di patch ajian jaran goyang oh iya satu lagi, utk yang memory minimal 1Gb, optimalkan kernel /etc/sysctl.conf sysclt.conf Code:
# Locate /etc/sysctl.conf # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and

# sysctl.conf(5) for more details. #max openfiles fs.file-max = 65536 #Minimalis use swap disk vm.drop_caches = 3 vm.swappiness = 3 #kernel.shmall = 2097152 #kernel.shmmax = 2147483648 #kernel.shmmni = 4096 #kernel.sem = 250 32000 100 128 net.ipv4.ip_local_port_range = 1024 65000 net.core.rmem_default = 262144 net.core.rmem_max = 262144 net.core.wmem_default = 262144 net.core.wmem_max = 262144 net.ipv4.tcp_low_latency = 1 net.core.netdev_max_backlog = 4000 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_timestamps = 1 net.ipv4.tcp_window_scaling = 1 net.ipv4.tcp_sack = 1 net.ipv4.tcp_timestamps = 1 net.ipv4.tcp_sack = 1 net.ipv4.tcp_mem = 786432 1048576 1572864 net.ipv4.tcp_rmem = 4096 87380 4194304 net.ipv4.tcp_wmem = 4096 65536 4194304 #net.ipv4.tcp_rmem = 4096 87380 8388608 #net.ipv4.tcp_wmem = 4096 65536 8388608 net.core.wmem_max = 8388608 net.core.rmem_max = 8388608 net.ipv4.tcp_tw_recycle = 1 # Controls IP packet forwarding net.ipv4.ip_forward = 1 # Controls source route verification net.ipv4.conf.default.rp_filter = 1 # Do not accept source routing net.ipv4.conf.default.accept_source_route = 0 # Controls the System Request debugging functionality of the kernel kernel.sysrq = 0 # Controls whether core dumps will append the PID to the core filename # Useful for debugging multi-threaded applications kernel.core_uses_pid = 1 # Controls the use of TCP syncookies net.ipv4.tcp_syncookies = 1

# Controls the maximum size of a message, in bytes kernel.msgmnb = 65536 # Controls the default maxmimum size of a mesage queue kernel.msgmax = 65536 # Controls the maximum shared segment size, in bytes kernel.shmmax = 68719476736 # Controls the maximum number of shared memory segments, in pages kernel.shmall = 4294967296

setelah di save, baru di sysctl -p

rasakan bedanya catatan : utk ram 512Mb kurangi saja parameter *mem di kolom ke dua dan tiga menjadi setengahnya, kolom ke satu biarkan saja tips: jika memory > 256Mb, utak atik config di tunning.conf contoh : Code:
............ storeurl_rewrite_program /usr/local/etc/squid/storeurl.pl storeurl_rewrite_children 7 storeurl_rewrite_concurrency 60 ............

dan aktifkan : server_http11 on

Squid Cache: Version 2.7.STABLE8-20100216 configure options: '--prefix=/usr' '--exec_prefix=/usr' '-bindir=/usr/sbin' '--sbindir=/usr/sbin' '--libexecdir=/usr/lib/squid' '-sysconfdir=/etc/squid' '--localstatedir=/var/spool/squid' '-datadir=/usr/share/squid' '--enable-async-io=24' '--with-aufs-threads=24' '--with-pthreads' '--enable-storeio=aufs' '--enable-linux-netfilter' '-enable-arp-acl' '--enable-epoll' '--enable-removal-policies=heap' '-enable-snmp' '--enable-delay-pools' '--enable-htcp' '--enable-cache-

digests' '--disable-unlinkd' '--enable-referer-log' '--enable-useragentlog' '--enable-follow-x-forwarded-for' '--enable-large-cache-files' '-enable-default-err-language=English' '--enable-err-languages=English' '-with-large-files' '--with-maxfd=65536' 'i386-debian-linux' 'build_alias=i386-debian-linux' 'host_alias=i386-debian-linux' 'target_alias=i386-debian-linux' 'CFLAGS=-Wall -g -O2' 'LDFLAGS=-Wl,Bsymbolic-functions' 'CPPFLAGS='

tunninf.conf bisa di gunakan, asal sudah di patch. lusca versi terbaru : LUSCA_HEAD-r14436.tar.bz2 with patch = -ignore-must-revalidate -add Improve %nn parser to better deal with certain odd %nn sequences

http://www.forummikrotik.com/redirect-to/?redirect=http%3A%2F%2Fsquid-proxypkg.googlecode.com%2Ffiles%2FLUSCA_HEAD-r14436.tar.bz2 creative# uname -a FreeBSD creative.info 8.2-RELEASE FreeBSD 8.2-RELEASE #0 r219081M: Wed Mar 2 08:23:31 CET 2011 root@www4:/usr/obj/i386/usr/src/sys/GENERIC i386 creative# squid -v Squid Cache: Version LUSCA_HEAD-r14809 configure options: '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/sbin' '-sbindir=/usr/sbin' '--libexecdir=/usr/libexec/squid' '--sysconfdir=/usr/local/etc/squid' '--localstatedir=/var/log/squid' '--datadir=/usr/share/squid' '--enable-async-io=24' '-with-aufs-threads=24' '--with-pthreads' '--enable-storeio=aufs,coss,null' '--disablelinux-netfilter' '--enable-kqueue' '--enable-arp-acl' '--disable-linux-tproxy' '--disableepoll' '--enable-removal-policies=heap' '--with-aio' '--with-dl' '--enable-snmp' '-enable-delay-pools' '--enable-htcp' '--enable-cache-digests' '--disable-unlinkd' '-enable-large-cache-files' '--with-large-files' '--enable-err-languages=English' '-enable-default-err-language=English' '--with-maxfd=65536'

squidclient mgr:delay topologi netnya gimana ? jika beda ether di mikrotik bisa seperti ini : /ip fi na add chain=dstnat action=dst-nat to-addresses=IP-PROXY to-ports=3128 \ protocol=tcp src-address=x.x.x.x/xx dst-address=!IP-PROXY \ in-interface=LAN dst-port=80 *[BOLD] sesuiakan dg ip proxy & net client, atau bisa gunakan src-adress-list good luck Inet1 & Inet2(ether1&2) ---- Mikrotik (192.168.1.1) ---- AP (192.168.2.2)(ether5) ----

Client (192.168.2.10 - 192.168.2.40) .............................................| .............................................| .................................PC Linux dgn Squid (192.168.1.2)(ether4) Mohon maaf krn saya sendiri disettingkan oleh Bro Uburcumi jadi saya jg gak tau mengenai nat, mangle, dkk nya ane hanya mencoba mempelajarinya , tp msh meraba-raba

cache_log itu sangat penting utk debugging kalau sudah YAKIN BETUL bahwa squidnya 100% berjalan sempurna ya tidak apa2 cache_log none, tapu bagsunya bukan none, cache_log /dev/null

squidclient mgr:config | grep cache_dir

Tips biar ngacir: 1 disk = 1 partisi cache_dir cache_dir hrs partisi tersendiri Gunakan lebih dr 1 disk utk cache Gunakan disk dg rpm tinggi Cache_dir besarnya hrs mengacu pd memory fisik Cache_mem bs dimulai dr 8mb & bs dinaikkan pelan2,smakin besar, smakin lama memindahkan ke disk. Buang acl yg tdk perlu Buat logrotate < 2 Matikan log2 yg tdk penting

1 gb cache membutuhkan 10 mb ram. Jadi silahkan dikira2 berapa cache yg layak ditambah berapa ram yg digunakan utk servis lainya (kernel sytem,driver,servisis dll) Jika hnya 1 disk. Gunakan 1 sj partisi cache. Jika lebih dr satu, squid jd kurang responsif. Partis cache sbaiknya stelah partisi system /, dan satu lg perhitungan L1 & L2 hrs seimbang dgn nilai L2=256 & rata2 object cache 13 kb. Cari di google 'formula cache_dir'

coba membantu misal :

cache_dir 16 GB di squid.conf Quote: cache_dir coss /cache1/coss 16384 max-size=65535 block-size=4096 cache_dir aufs /cache0 32768 64 256 min-size=65535 cache_swap_log /var/spool/squid/%s agar partisi support coss : Quote: dd if=/dev/zero bs=1048576 count=<size> of=<outfile> contoh jika partisi cache0 /dev/ad0s3f & ingin membuat coss 16Gb dd if=/dev/ad0s3f bs=1048576 count=16384 of=/cache2/coss

referensi : http://wiki.squid-cache.org/Features...tStorageSystem http://www.forummikrotik.com/redirect-to/?redirect=http%3A%2F%2Fwiki.squid-cache.org %2FFeatures%2FCyclicObjectStorageSystem ya kurang lebih seperti yg bro siber uraikan, nambahin sedikit.. utk block-size biar akurat ada itungannya.. krn file number di squid cuma 24bit, rumus yg dipake Code:
size=block-size x 2^24

contoh : utk block-size : 512 byte, kira alokasi cache_dirnya : Code:

512 x 2^24=8GB

kalo utk di contoh bro siber 16 Gb, kira Code:

1024 x 2^24=16Gb

jd utk 16Gb amannya pake block-size=1024 kalo gak mau susah ngitung, ini patokannya :

Quote: block-size=512 - 8GB Max cache_dir size block-size=1024 - 16GB Max cache_dir size block-size=2048 - 32GB Max cache_dir size block-size=4096 - 64GB Max cache_dir size block-size=8192 - 128GB Max cache_dir size

update squid-2.7.STABLE9-ubuntu-i386, link di page 1 Quote: squid -v Squid Cache: Version 2.7.STABLE9 build by grage95 configure options: '--prefix=/usr' '--exec_prefix=/usr' '--bindir=/usr/sbin' '--sbindir=/usr/sbin' '-libexecdir=/usr/lib/squid' '--sysconfdir=/etc/squid' '--localstatedir=/var/spool/squid' '-datadir=/usr/share/squid' '--enable-async-io=24' '--with-aufs-threads=24' '--with-pthreads' '-enable-storeio=aufs' '--enable-linux-netfilter' '--enable-arp-acl' '--enable-epoll' '--enableremoval-policies=heap' '--with-aio' '--with-dl' '--enable-snmp' '--enable-delay-pools' '--enablehtcp' '--enable-cache-digests' '--disable-unlinkd' '--enable-large-cache-files' '--with-large-files' '--with-maxfd=65536' 'i386-debian-linux' 'build_alias=i386-debian-linux' 'host_alias=i386debian-linux' 'target_alias=i386-debian-linux' 'CFLAGS=-Wall -g -O2' 'LDFLAGS=-Wl,Bsymbolic-functions' 'CPPFLAGS=' Change Log : add store-stale, ignore-no-store, ignore-must-revalidate Change Detail : hxxp://www.squid-cache.org/Versions/v2/2.7/changesets/

sudah membaca yang sudah di quote itu ??? Quote: mv /etc/squid/squid.conf /etc/squid/squid.conf.backup cp config/* /etc/squid/

squid.conf gak harus panjang, squid support include link, squid bisa di pecah2 confignya, misal utk delay_pool, utk acl-auth, refresh_pattern dll. contoh : include /etc/squid/delay.conf include /etc/squid/acl-auth.conf include /etc/squid/refresh.conf dst ..

asal confignya bener, mau seratus baris di pecah2 jadi 5 baris ya gpp

silahkan baca2 manual squid.conf.default

--disable-ident-lookups' ini yang menyebabkan Number of clients accessing cache always zero, setelah re config re compile tanpa option tsb kita bisa liat Number of clients accessing cache <solved> -disable-ident-lookups menghentikan squid dari melihat ident di setiap koneksi, bisa juga untuk mencegah serangan DOS yang dapat mematikan squid server, yang biasanya dengan cara membuka ribuan koneksi. Dan bukan menyimpan statistik koneksi client_db on jika diaktifkan maka squid akan menyimpan statistik semua klien, hal ini bisa membebani memori, maka sebaiknya dinonaktifkan. client_db on ngefek kalo di RESTART, bukan di RELOAD squidclient mgr:client_list indiferal
##start of config http_port 192.168.1.2:3128 transparent # vhost vport=80 http_port 127.0.0.1:3128 server_http11 on icp_port 0 #icp_port 3130 cache_effective_user proxy cache_effective_group proxy

visible_hostname cafe-netters.com cache_mgr admin@localhost access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log none logfile_rotate 1 shutdown_lifetime 10 seconds #################################################################### # Allow local network(s) on interface(s) # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 192.168.3.0/24 # RFC1918 possible internal network #################################################################### uri_whitespace strip dns_nameservers 127.0.0.01 192.168.1.2 125.160.2.162 202.134.1.10 208.67.222.222 cache_mem 64 MB maximum_object_size_in_memory 64 KB memory_replacement_policy heap GDSF cache_replacement_policy heap LFUDA cache_dir aufs /cache 62668 64 256 mime_table /usr/share/squid/mime.conf minimum_object_size 512 bytes maximum_object_size 128000 KB offline_mode off cache_swap_low 98 cache_swap_high 99 # No redirector configured # Setup some default acls acl all src 0.0.0.0/0.0.0.0 acl localhost src 127.0.0.1/255.255.255.255 acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 81 3128 1025-65535 acl sslports port 443 563 81 acl manager proto cache_object acl purge method PURGE acl connect method CONNECT http_access allow manager localhost http_access deny manager http_access allow purge localhost

http_access deny purge http_access deny !safeports http_access deny CONNECT !sslports # Always allow localhost connections http_access allow localhost # Allow local network(s) on interface(s) http_access allow localnet # Default block all to be sure http_access deny all include /etc/squid/tunning.conf ##end of config acl store_rewrite_list urlpath_regex \/(get_video|videoplayback\?id| videoplayback.*id) \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|mp(4| 3)|exe|msi|zip|on2|mar|swf) acl store_rewrite_list_domain url_regex ^http:\/\/([a-zA-Z-]+[0-9-]+)\.[AZa-z]*\.[A-Za-z]* acl store_rewrite_list_domain url_regex (([a-z]{1,2}[0-9]{1,3})|([0-9]{1,3} [a-z]{1,2}))\.[a-z]*[0-9]?\.[a-z]{3} acl store_rewrite_list_path urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp| ico|flv|avc|zip|mp3|3gp|rar|on2|mar|exe)$ acl store_rewrite_list_domain_CDN url_regex \.rapidshare\.com.*\/[09]*\/.*\/[^\/]* ^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*) \.doubleclick\.net.* yieldmanager cpxinteractive ^http:\/\/[.a-z09]*\.photobucket\.com.*\.[a-z]{3}$ quantserve\.com acl rapidurl url_regex \.rapidshare\.com.*\/[0-9]*\/[0-9]*\/[^\/]* acl video urlpath_regex \.((mpeg|ra?m|avi|mp(g|e|4)|mov|divx|asf|qt|wmv| m\dv|rv|vob|asx|ogm|flv|3gp)(\?.*)?)$ (get_video\?|videoplayback\?| videodownload\?|\.flv(\?.*)?) #acl html url_regex \.((html|htm|php|js|css|aspx)(\?.*)?)$ \.com\/$ \.com$ #acl images urlpath_regex \.((jp(e?g|e|2)|gif|png|tiff?|bmp|ico)(\?.*)?)$ #acl snmppublic snmp_community public acl dontrewrite url_regex redbot\.org (get_video|videoplayback\?id| videoplayback.*id).*begin\= acl getmethod method GET storeurl_access deny dontrewrite storeurl_access deny !getmethod storeurl_access allow store_rewrite_list_domain_CDN storeurl_access allow store_rewrite_list storeurl_access allow store_rewrite_list_domain store_rewrite_list_path storeurl_access deny all storeurl_rewrite_program /etc/squid/storeurl.pl storeurl_rewrite_children 1 storeurl_rewrite_concurrency 99 # 1 year = 525600 mins, 1 month = 129600 mins refresh_pattern imeem.*\.flv 0 0% 0 override-lastmod overrideexpire store-stale

#ads refresh_pattern ^.*(utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net| bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com| ad\.trafficmp\.com|ads\.cubics\.com| ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager| game-advertising\.com|pixel\.quantserve\.com|adperium\.com| doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com| media.fastclick.net).* 129600 20% 129600 ignore-no-cache ignore-no-store ignore-private override-expire ignore-reload ignore-auth ignore-mustrevalidate store-stale negative-ttl=40320 max-stale=1440 #specific sites refresh_pattern ^.*safebrowsing.*google 129600 999999% 129600 override-expire ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth ignore-must-revalidate negativettl=10080 store-stale refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?) 129600 99999999% 129600 override-expire ignore-reload store-stale refresh_pattern \.(ico|video-stats) 129600 999999% 129600 override-expire ignore-reload ignore-no-cache ignore-nostore ignore-private ignore-auth override-lastmod ignore-must-revalidate negative-ttl=10080 store-stale # pictures & images refresh_pattern -i \.(gif|png|jpeg|jpg|bmp|tif|tiff|ico)$ 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth ignore-private store-stale # website refresh_pattern -i \.(xml|html|htm|js|txt|css|php)$ 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth store-stale #sound, video multimedia refresh_pattern -i \.(flv|x-flv|mov|avi|qt|mpg|mpeg|swf)$ 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache store-stale refresh_pattern -i \.(wav|mp3|mp4|au|mid)$ 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth ignore-private store-stale # files refresh_pattern -i \.(iso|deb|rpm|zip|tar|tgz|ram|rar|bin|ppt|doc)$ 10080 90% 43200 ignore-no-cache ignore-auth store-stale refresh_pattern -i \.(zip|gz|arj|lha|lzh)$ 10080 100% 43200 override-expire ignore-no-cache ignore-auth store-stale refresh_pattern -i \.(rar|tgz|tar|exe|bin)$ 10080 100% 43200 override-expire ignore-no-cache ignore-auth ignore-reload ignore-no-cache store-stale refresh_pattern -i \.(hqx|pdf|rtf|doc|swf)$ 10080 100% 43200 override-expire ignore-no-cache ignore-auth store-stale refresh_pattern -i \.(inc|cab|ad|txt|dll)$ 10080 100% 43200 override-expire ignore-no-cache ignore-auth store-stale # refresh pattern for specific sites

refresh_pattern ^http://*.21cineplex.*/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth refresh_pattern ^http://*.kompas.*/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignoreauth refresh_pattern ^http://*.blogspot.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://*.wordpress.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache refresh_pattern ^http://*.photobucket.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignoreauth refresh_pattern ^http://*.tinypic.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignoreauth refresh_pattern ^http://*.imageshack.us/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://*.kaskus.*/.* 720 100% 28800 override-expire override-lastmod reload-into-ims ignore-no-cache ignoreauth refresh_pattern ^http://www.kaskus.com/.* 720 100% 28800 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://*.detik.*/.* 720 50% 2880 overrideexpire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://*.detiknews.*/*.* 720 50% 2880 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://*.facebook.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://*.myspace.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignoreauth refresh_pattern ^http://*.tagged.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignoreauth refresh_pattern ^http://*.fbcdn.net/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignoreauth refresh_pattern ^http://profile.ak.fbcdn.net/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignoreauth refresh_pattern ^http://*.yahoo.com/.* 720 80% 10080 overrideexpire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://*.yahoo.co.id/.* 720 80% 10080 overrideexpire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://*.google.com/.* 720 80% 10080 overrideexpire override-lastmod reload-into-ims ignore-no-cache ignore-auth refresh_pattern ^http://*.forummikrotik.com/.* 720 80% 10080 overrideexpire override-lastmod reload-into-ims ignore-no-cache ignore-auth #default option refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 store-stale # ANTI VIRUS

refresh_pattern guru.avg.com/.*\.(bin) 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale refresh_pattern (avgate|avira).*(idx|gz)$ 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-intoims store-stale refresh_pattern kaspersky.*\.avc$ 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-intoims store-stale refresh_pattern kaspersky 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-intoims store-stale refresh_pattern update.nai.com/.*\.(gem|zip|mcs) 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-intoims store-stale refresh_pattern ^http:\/\/liveupdate.symantecliveupdate.com.*\(zip) 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale refresh_pattern windowsupdate.com/.*\.(cab|exe) 43200 999999% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale refresh_pattern update.microsoft.com/.*\.(cab|exe) 43200 999999% 129600 ignore-no-cache ignore-no-store ignore-reload reload-intoims store-stale refresh_pattern download.microsoft.com/.*\.(cab|exe) 43200 999999% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale #IIX DOWNLOAD refresh_pattern ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(mp3|rar| zip|flv|wmv|3gp|mp(4|3)|exe|msi|zip) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale ignore-auth zph_mode tos zph_local 0x30 zph_parent 0 zph_option 136 acl apache rep_header Server ^Apache broken_vary_encoding allow apache global_internal_static off max_stale 10 years retry_on_error on buffered_logs on read_ahead_gap 32 KB header_access Accept-Encoding deny client_persistent_connections on server_persistent_connections on half_closed_clients off strip_query_terms off quick_abort_min 0 KB all

quick_abort_max 0 KB quick_abort_pct 100 vary_ignore_expire on reload_into_ims on pipeline_prefetch on #range_offset_limit 50 KB read_timeout 30 minutes client_lifetime 6 hours negative_ttl 30 seconds positive_dns_ttl 6 hours negative_dns_ttl 60 seconds pconn_timeout 15 seconds request_timeout 1 minute store_avg_object_size 13 KB log_icp_queries off ipcache_size 16384 ipcache_low 98 ipcache_high 99 log_fqdn off fqdncache_size 16384 memory_pools off forwarded_for on #cachemgr_passwd none info cachemgr_passwd none all client_db on max_filedescriptors 8192 n_aiops_threads 24 #client_socksize 16 MB load_check_stopen on load_check_stcreate on download_fastest_client_speed on

UPDATE
lapor gan.. scripts work like a charm... ketimbang ketik panjang svn checkout http bla bla bla... cukup : Code:
./update-lusca.sh

sh update-lusca.sh 14604

terupdate dah "source" + dah auto configure

Quote: [Neo@bsdbox ~/lusca-head]$ ls -l total 1666 drwxr-xr-x 34 Neo Neo 1536 Apr 5 10:41 LUSCA_HEAD-r14534 -rw-r--r-- 1 Neo Neo 1673886 Apr 5 10:42 LUSCA_HEAD-r14534.tar.bz2

oya udah ada yg pernah nyoba ini buat malware block di squid...di taro di bagian acl Code:
http://www.malware.com.br/cgi/submit?action=list_squid

Code:
cd /etc/squid http://squid-proxy-pkg.googlecode.com/files/storeurl-ubuntu.pl chmod +x storeurl-ubuntu.pl /etc/init.d/squid restart

di bandingin aja yang lama dengan yang baru hehehe, dan kalau ngecache map google dan safesearch di google dan bing, bisa diaktifkan dng menambah di storeurl: Code:
if ($url =~ m@^http://([^\.]*\.)?bing\.[^\/]*/[^?]*\?.*@i) { # Replace any previous safe directives $url =~ s@(adlt=[^&]*&?)@@ig; # Add safe search directive $url .= '&adlt=strict&cc=au'; } elsif ($url =~ m@^http://([^\.]*\.)?google\.[^\/]*/[^?]*\?.*@i) { # Replace any previous safe directives $url =~ s@(safe=[^&]*&?)@@ig; # Add safe search directive $url .= '&safe=active';

} Kemudian untuk caching google map, apa sudah benar kalau kita insert ini di storeurl : #google map elsif (m/kh(.*?)\.google\.com(.*?)\/(.*?) /) { print "http://keyhole-srv.google.com" . $2 . ".SQUIDINTERNAL/" . $3 . "\n"; # print STDERR "KEYHOLE\n"; } elsif (m/mt(.*?)\.google\.com(.*?)\/(.*?) /) { print "http://map-srv.google.com" . $2 . ".SQUIDINTERNAL/" . $3 . "\n"; # print STDERR "MAPSRV\n"; }

dan di tunning.conf : Code:

acl store_rewrite_list dstdomain mt.google.com mt0.google.com mt1.google.com mt2.google.com acl store_rewrite_list dstdomain mt3.google.com acl store_rewrite_list dstdomain kh.google.com kh0.google.com kh1.google.com kh2.google.com acl store_rewrite_list dstdomain kh3.google.com khm0.google.com khm1.google.com khm2.google.com khm3.google.com acl store_rewrite_list dstdomain kh.google.com.au kh0.google.com.au kh1.google.com.au acl store_rewrite_list dstdomain kh2.google.com.au khc3.google.com.au storeurl_access allow store_rewrite_list

Quote: squid -v Squid Cache: Version 2.7.STABLE9 build by grage95 configure options: '--prefix=/usr' '--exec_prefix=/usr' '--bindir=/usr/sbin' '--sbindir=/usr/sbin' '-libexecdir=/usr/lib/squid' '--sysconfdir=/etc/squid' '--localstatedir=/var/spool/squid' '-datadir=/usr/share/squid' '--enable-async-io=24' '--with-aufs-threads=24' '--with-pthreads' '-enable-storeio=aufs' '--enable-linux-netfilter' '--enable-arp-acl' '--enable-epoll' '--enableremoval-policies=heap' '--with-aio' '--with-dl' '--enable-snmp' '--enable-delay-pools' '--enablehtcp' '--enable-cache-digests' '--disable-wccp' '--disable-wccpv2' '--disable-unlinkd' '--enablelarge-cache-files' '--enable-linux-tproxy' '--with-large-files' '--with-maxfd=65536' 'amd64debian-linux' 'build_alias=amd64-debian-linux' 'host_alias=amd64-debian-linux' 'target_alias=amd64-debian-linux' 'CFLAGS=-Wall -g -O2' 'LDFLAGS=-Wl,-Bsymbolicfunctions' 'CPPFLAGS='
acl store_rewrite_list url_regex -i \.youtube\.com\/get_video\?

acl store_rewrite_list url_regex -i \.youtube\.com\/videoplayback \.youtube\.com\/videoplay \.youtube\.com\/get_video\? acl store_rewrite_list url_regex -i \.youtube\.[a-z][az]\/videoplayback \.youtube\.[a-z][a-z]\/videoplay \.youtube\.[a-z][az]\/get_video\? acl store_rewrite_list url_regex -i \.googlevideo\.com\/videoplayback \.googlevideo\.com\/videoplay \.googlevideo\.com\/get_video\? acl store_rewrite_list url_regex -i \.google\.com\/videoplayback \.google\.com\/videoplay \.google\.com\/get_video\? acl store_rewrite_list_domain url_regex ^http:\/\/([a-zA-Z-]+[0-9-]+)\.[AZa-z]*\.[A-Za-z]* acl store_rewrite_list_domain url_regex (([a-z]{1,2}[0-9]{1,3})|([0-9]{1,3} [a-z]{1,2}))\.[a-z]*[0-9]?\.[a-z]{3} acl store_rewrite_list_path urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp| ico|flv|avc|zip|mp3|3gp|rar|on2|mar|exe)$ acl store_rewrite_list_domain_CDN url_regex \.rapidshare\.com.*\/[09]*\/.*\/[^\/]* ^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*) \.doubleclick\.net.* ^htt acl dontrewrite url_regex redbot\.org \.php (get_video|videoplayback\?id| videoplayback.*id).*begin\= acl getmethod method GET acl apache rep_header Server ^Apache broken_vary_encoding allow apache storeurl_access storeurl_access storeurl_access storeurl_access storeurl_access storeurl_access storeurl_bypass storeurl_access deny dontrewrite deny !getmethod allow store_rewrite_list_domain_CDN allow store_rewrite_list allow store_rewrite_list_domain allow store_rewrite_list_path on deny all

sh update-lusca.sh 14604

squidclient mgr:flushdns squidclient mgr:flushfqdn

flussh all dns flush memory

kalo fungsi kan dah jelas tuh bro.. - flushdns -> Flush all DNS (IP Cache) entries from memory cache. - flushfqdn -> Flush all FQDN entries from memory cache.

para master squid mau numpang nanya... caranya merubah ini (yang saya garis merah)...Gimana yaa...?

pengennya saya custom agar user tidak tau kalau kita pake squid httpd_suppress_version_string on forwarded_for on/off

but script crond cek servis pid squid, kalo ngadat langsung restart sendiri, dan kalau masih ngadat juga bisa lompat ke command flush iptable/ipfw, jadi inet gak lama2 tewasnya, dan client aman sejahtera langsung direct ke inet

contoh freebsd, utk linux sesuaikan saja di rectorynya Quote: #!/bin/sh # squidchek pidpath=/usr/local/squid/logs if test -r $pidpath/squid.pid; then squidpid=$(cat $pidpath/squid.pid) if $(kill -CHLD $squidpid >/dev/null 2>&1) then echo "Squid is running. Exit." exit 0 fi fi echo "Squid isn't running. So let's run it." if test -r /usr/local/etc/squid/squid.conf; then /usr/bin/nice -20 /usr/local/sbin/squid -sYD /dev/null 2>&1 exit 0 fi # if fail echo "Wow! damn squid, kill ipfw !!" /sbin/ipfw -F all fi exit 0

271981790.563 1 192.168.0.4 TCP_MEM_HIT/200 690 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/base173.kdc - NONE/application/octet-stream 1271981790.948 357 192.168.0.4 TCP_MISS/404 616 GET http://dnl14.geo.kaspersky.com/diffs/bases/av/kdb/i386/base333c.kdc.yl9 DIRECT/81.2.129.4 text/html 1271981790.962 1 192.168.0.4 TCP_MEM_HIT/200 21984 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/base333c.kdc - NONE/application/octet-stream 1271981791.416 357 192.168.0.4 TCP_MISS/404 616 GET http://dnl14.geo.kaspersky.com/diffs/bases/av/kdb/i386/basec50c.kdc.pkg DIRECT/81.2.129.4 text/html 1271981791.447 1 192.168.0.4 TCP_MEM_HIT/200 25934 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec50c.kdc - NONE/application/octet-stream 1271981791.877 358 192.168.0.4 TCP_MISS/404 616 GET http://dnl14.geo.kaspersky.com/diffs/bases/av/kdb/i386/basec63c.kdc.ga- DIRECT/81.2.129.4 text/html 1271981791.895 1 192.168.0.4 TCP_MEM_HIT/200 26875 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec63c.kdc - NONE/application/octet-stream 1271981792.306 357 192.168.0.4 TCP_MISS/404 616 GET http://dnl14.geo.kaspersky.com/diffs/bases/av/kdb/i386/basec74c.kdc.mcs DIRECT/81.2.129.4 text/html 1271981792.324 1 192.168.0.4 TCP_MEM_HIT/200 27309 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec74c.kdc - NONE/application/octet-stream 1271981792.360 1 192.168.0.4 TCP_MEM_HIT/200 26876 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec75c.kdc - NONE/application/octet-stream 1271981792.391 1 192.168.0.4 TCP_MEM_HIT/200 28669 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec76c.kdc - NONE/application/octet-stream 1271981792.423 1 192.168.0.4 TCP_MEM_HIT/200 27269 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec77c.kdc - NONE/application/octet-stream 1271981792.453 1 192.168.0.4 TCP_MEM_HIT/200 25729 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec78c.kdc - NONE/application/octet-stream 1271981792.486 1 192.168.0.4 TCP_MEM_HIT/200 25980 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec79c.kdc - NONE/application/octet-stream 1271981792.516 1 192.168.0.4 TCP_MEM_HIT/200 26145 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec7ac.kdc - NONE/application/octet-stream 1271981792.547 1 192.168.0.4 TCP_MEM_HIT/200 27014 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec7bc.kdc - NONE/application/octet-stream 1271981792.578 1 192.168.0.4 TCP_MEM_HIT/200 26703 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec7cc.kdc - NONE/application/octet-stream 1271981792.611 2 192.168.0.4 TCP_MEM_HIT/200 24161 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec7dc.kdc - NONE/application/octet-stream

1271981792.642 2 192.168.0.4 TCP_MEM_HIT/200 26907 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec7ec.kdc - NONE/application/octet-stream 1271981792.672 1 192.168.0.4 TCP_MEM_HIT/200 25314 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec7fc.kdc - NONE/application/octet-stream 1271981792.706 1 192.168.0.4 TCP_MEM_HIT/200 26832 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec80c.kdc - NONE/application/octet-stream 1271981792.735 1 192.168.0.4 TCP_MEM_HIT/200 25675 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec81c.kdc - NONE/application/octet-stream 1271981792.766 1 192.168.0.4 TCP_MEM_HIT/200 21712 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec82c.kdc - NONE/application/octet-stream 1271981792.797 1 192.168.0.4 TCP_MEM_HIT/200 23878 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec83c.kdc - NONE/application/octet-stream 1271981792.828 1 192.168.0.4 TCP_MEM_HIT/200 18263 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec84c.kdc - NONE/application/octet-stream 1271981792.861 1 192.168.0.4 TCP_MEM_HIT/200 27565 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec85c.kdc - NONE/application/octet-stream 1271981792.891 1 192.168.0.4 TCP_MEM_HIT/200 19059 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec86c.kdc - NONE/application/octet-stream 1271981792.924 1 192.168.0.4 TCP_MEM_HIT/200 26945 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec87c.kdc - NONE/application/octet-stream 1271981792.954 2 192.168.0.4 TCP_HIT/200 23023 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec88c.kdc - NONE/application/octet-stream 1271981792.985 2 192.168.0.4 TCP_HIT/200 21698 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec89c.kdc - NONE/application/octet-stream 1271981793.016 2 192.168.0.4 TCP_HIT/200 16767 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec8ac.kdc - NONE/application/octet-stream 1271981793.048 2 192.168.0.4 TCP_HIT/200 23316 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec8bc.kdc - NONE/application/octet-stream 1271981793.079 2 192.168.0.4 TCP_HIT/200 24429 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec8cc.kdc - NONE/application/octet-stream 1271981793.110 2 192.168.0.4 TCP_HIT/200 17310 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec8dc.kdc - NONE/application/octet-stream 1271981793.142 1 192.168.0.4 TCP_MEM_HIT/200 24012 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec8ec.kdc - NONE/application/octet-stream 1271981793.173 2 192.168.0.4 TCP_HIT/200 26353 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec8fc.kdc - NONE/application/octet-stream

1271981793.203 1 192.168.0.4 TCP_HIT/200 2754 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec90c.kdc - NONE/application/octet-stream 1271981793.632 357 192.168.0.4 TCP_MISS/404 616 GET http://dnl14.geo.kaspersky.com/diffs/bases/av/kdb/i386/ca003.kdc.ocu DIRECT/81.2.129.4 text/html 1271981793.650 1 192.168.0.4 TCP_MEM_HIT/200 30435 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/ca003.kdc - NONE/application/octet-stream 1271981794.038 357 192.168.0.4 TCP_MISS/404 616 GET http://dnl14.geo.kaspersky.com/diffs/bases/av/kdb/i386/daily-ec.kdc.sw2 DIRECT/81.2.129.4 text/html 1271981794.056 1 192.168.0.4 TCP_MEM_HIT/200 1301 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/daily-ec.kdc - NONE/application/octet-stream 1271981802.228 358 192.168.0.4 TCP_REFRESH_HIT/200 10490 GET http://dnl14.geo.kaspersky.com/diffs/bases/aspy/aphish.dat.try - DIRECT/81.2.129.4 application/octet-stream 1271981802.994 355 192.168.0.4 TCP_REFRESH_HIT/200 24540 GET http://dnl14.geo.kaspersky.com/diffs/bases/aspy/aphish.dat.a3i - DIRECT/81.2.129.4 application/octet-stream 1271981803.767 357 192.168.0.4 TCP_REFRESH_HIT/200 16203 GET http://dnl14.geo.kaspersky.com/diffs/bases/aspy/aphish.dat.dgf - DIRECT/81.2.129.4 application/octet-stream 1271981804.334 357 192.168.0.4 TCP_MISS/404 616 GET http://dnl14.geo.kaspersky.com/diffs/bases/as/pas/cfbase-s.gsg.uoe DIRECT/81.2.129.4 text/html 1271981804.708 355 192.168.0.4 TCP_REFRESH_HIT/200 50938 GET http://dnl14.geo.kaspersky.com/bases/as/pas/cfbase-s.gsg - DIRECT/81.2.129.4 application/octet-stream 1271981805.378 534 192.168.0.4 TCP_REFRESH_HIT/200 124002 GET http://dnl-14.geo.kaspersky.com/diffs/bases/as/pas/as.trm.gb5 DIRECT/81.2.129.4 application/octet-stream 1271981806.907 839 192.168.0.4 TCP_REFRESH_HIT/200 115673 GET http://dnl-14.geo.kaspersky.com/diffs/bases/as/pas/as.trm.ktz DIRECT/81.2.129.4 application/octet-stream 1271981807.951 354 192.168.0.4 TCP_MISS/404 616 GET http://dnl14.geo.kaspersky.com/diffs/bases/av/emu/i386/kjim.kdc.ycm DIRECT/81.2.129.4 text/html 1271981807.969 1 192.168.0.4 TCP_MEM_HIT/200 16627 GET http://dnl14.geo.kaspersky.com/bases/av/emu/i386/kjim.kdc - NONE/- application/octetstream 1271981808.418 354 192.168.0.4 TCP_REFRESH_HIT/200 18662 GET http://dnl14.geo.kaspersky.com/diffs/bases/av/emu/i386/klavemu01.kdc.ude DIRECT/81.2.129.4 application/octet-stream 1271981809.427 355 192.168.0.4 TCP_REFRESH_HIT/200 18325 GET http://dnl14.geo.kaspersky.com/diffs/bases/av/emu/i386/klavemu01.kdc.srx DIRECT/81.2.129.4 application/octet-stream 1271981810.509 355 192.168.0.4 TCP_REFRESH_HIT/200 6428 GET http://dnl14.geo.kaspersky.com/diffs/bases/av/emu/i386/klavemu01.kdc.u8_ DIRECT/81.2.129.4 application/octet-stream 1271981811.446 358 192.168.0.4 TCP_REFRESH_HIT/200 69171 GET http://dnl14.geo.kaspersky.com/diffs/bases/av/emu/i386/klavemu02.kdc.6ck DIRECT/81.2.129.4 application/octet-stream

1271981812.479 528 192.168.0.4 TCP_REFRESH_HIT/200 71160 GET http://dnl14.geo.kaspersky.com/diffs/bases/av/emu/i386/klavemu02.kdc.luk DIRECT/81.2.129.4 application/octet-stream 1271981813.643 354 192.168.0.4 TCP_REFRESH_HIT/200 343 GET http://dnl14.geo.kaspersky.com/diffs/bases/ids/i386/idsbase.kdz.ran DIRECT/81.2.129.4 application/octet-stream 1271981814.304 641 192.168.0.4 TCP_REFRESH_HIT/200 648457 GET http://dnl-14.geo.kaspersky.com/bases/ids/i386/idsbase.kdz DIRECT/81.2.129.4 application/octet-stream 1271981814.783 355 192.168.0.4 TCP_MISS/404 616 GET http://dnl14.geo.kaspersky.com/diffs/bases/info/news.kln.sw0 - DIRECT/81.2.129.4 text/html 1271981815.156 355 192.168.0.4 TCP_REFRESH_HIT/200 7610 GET http://dnl14.geo.kaspersky.com/bases/info/news.kln - DIRECT/81.2.129.4 application/octet-stream 1271981815.724 354 192.168.0.4 TCP_MISS/404 616 GET http://dnl14.geo.kaspersky.com/diffs/bases/parctl/pc0015.dat.jer - DIRECT/81.2.129.4 text/html 1271981816.093 354 192.168.0.4 TCP_REFRESH_HIT/200 1809 GET http://dnl14.geo.kaspersky.com/bases/parctl/pc0015.dat - DIRECT/81.2.129.4 application/octet-stream 1271981816.518 355 192.168.0.4 TCP_MISS/404 616 GET http://dnl14.geo.kaspersky.com/diffs/bases/pdm/pdmkl.dat.ddb - DIRECT/81.2.129.4 text/html 1271981816.888 354 192.168.0.4 TCP_REFRESH_HIT/200 44490 GET http://dnl14.geo.kaspersky.com/bases/pdm/pdmkl.dat - DIRECT/81.2.129.4 application/octet-stream 1271981817.310 355 192.168.0.4 TCP_REFRESH_HIT/200 343 GET http://dnl14.geo.kaspersky.com/diffs/bases/ssa/tsw.avz.s4i - DIRECT/81.2.129.4 application/octet-stream 1271981817.677 354 192.168.0.4 TCP_REFRESH_HIT/200 5831 GET http://dnl14.geo.kaspersky.com/bases/ssa/tsw.avz - DIRECT/81.2.129.4 application/octet-stream 1271981818.268 356 192.168.0.4 TCP_REFRESH_HIT/200 2418 GET http://dnl14.geo.kaspersky.com/diffs/bases/vlns/vlns000.kdc.p8- - DIRECT/81.2.129.4 application/octet-stream 1271981818.699 355 192.168.0.4 TCP_REFRESH_HIT/200 3853 GET http://dnl14.geo.kaspersky.com/diffs/bases/vlns/vlns000.kdc.orn - DIRECT/81.2.129.4 application/octet-stream 1271981819.238 356 192.168.0.4 TCP_REFRESH_HIT/200 2055 GET http://dnl14.geo.kaspersky.com/diffs/bases/vlns/vlns000.kdc.brx - DIRECT/81.2.129.4 application/octet-stream 1271981820.073 709 192.168.0.4 TCP_REFRESH_HIT/200 343 GET http://dnl14.geo.kaspersky.com/diffs/bases/vlns/vlns001.kdc.jig - DIRECT/81.2.129.4 application/octet-stream 1271981820.093 2 192.168.0.4 TCP_HIT/200 33844 GET http://dnl14.geo.kaspersky.com/bases/vlns/vlns001.kdc - NONE/- application/octetstream 1271981820.515 359 192.168.0.4 TCP_REFRESH_HIT/200 659 GET http://dnl14.geo.kaspersky.com/diffs/bases/vlns/vlns003.kdc.sq6 - DIRECT/81.2.129.4 application/octet-stream 1271981820.920 357 192.168.0.4 TCP_REFRESH_HIT/200 1090 GET http://dnl14.geo.kaspersky.com/diffs/bases/vlns/vlns003.kdc.dvf - DIRECT/81.2.129.4 application/octet-stream

1271981821.361 358 192.168.0.4 TCP_REFRESH_HIT/200 14.geo.kaspersky.com/diffs/bases/vlns/vlns004.kdc.4r1 application/octet-stream 1271981821.827 359 192.168.0.4 TCP_REFRESH_HIT/200 14.geo.kaspersky.com/diffs/bases/vlns/vlns005.kdc.dvk application/octet-stream

1187 GET http://dnl- DIRECT/81.2.129.4 343 GET http://dnl- DIRECT/81.2.129.4

refresh_pattern Code:
refresh_pattern kaspersky.*\.kdc$ 5259487 999999% 5259487 ignorereload store-stale refresh_pattern kaspersky 1440 50% 161280 ignore-nocache store-stale

cachemgr_passwd rahasia all kalau hanya readonly saja dan tidak ingin bisa mengeksekusi shutdown dan melihat config : cachemgr_passwd none info

Originally Posted by deddychan ngomong2 masalah itu, mau numpang nanya deh. itu cara cek file permisionnya gimana yaa? sebenernya mod standar/baku yang di perlukan untuk instal squid/lusca?? oh ya kalo mo cek package yang terinstall di ubuntu gimana sih? tasksel bukan??

kalo yang ane tau sih tergantung isi dari squid.conf ente bro. cache_effective_user proxy cache_effective_group proxy yaaa jadinya proxy CMIIW....... roxy

cek file permision, attribut dan group wner, paling mudah pake program WINSCP login pake user root, tinggal cari file atau foldernya klik kanan, properties... dan set dah... This image has been resized. Click this bar to view the full image. The original image is sized 1023x575.

ow ya jgn lupa install dulu vsftpd di linuxnya... klo cek package yg terinstall ketik aptitude di terminal linux, dan lihat installed package... CMIIW yup, patch & mesti di compile ulang.. pk svn gitu lebih enak, tinggal masuk ke dir lusca-cache-read-only Code:
./bootstrap.sh

source Lusca_Head w/ update terbaru siap di pake.. or pake scripts seperti yg bro siber ksh di hal sebelumnye.. atau scripts-update sama aja, tinggal ganti RELVER=$1 dengan release paling baru & WORKDIR aturable aja ..

#!/bin/sh WORKDIR=/tmp/lusca RELVER=$1 mkdir -p ${WORKDIR} || exit 1 svn export -r ${RELVER} https://luscacache.googlecode.com/svn/branches/LUSCA_HEAD ${WORKDIR}/LUSCA_HEAD-r${RELVER} || exit 1 # rewrite the AC_INIT LUSCA_HEAD entry in configure.in cat ${WORKDIR}/LUSCA_HEAD-r${RELVER}/configure.in | sed "s@LUSCA_HEAD@LUSCA_HEAD-r${RELVER}@" > ${WORKDIR}/LUSCA_HEAD-r$ {RELVER}/configure.in.new || exit 1 mv ${WORKDIR}/LUSCA_HEAD-r${RELVER}/configure.in.new ${WORKDIR}/LUSCA_HEAD-r$ {RELVER}/configure.in || exit 1 # run autoconf/automake cd ${WORKDIR}/LUSCA_HEAD-r${RELVER} || exit 1 sh bootstrap.sh || exit 1 # generate tarball cd ${WORKDIR} || exit 1 tar cvf LUSCA_HEAD-r${RELVER}.tar LUSCA_HEAD-r${RELVER} || exit 1 gzip -9 LUSCA_HEAD-r${RELVER}.tar || exit 1 # done!

hihi.. rinci nya gini (asumsi subversion dah sukses terinstall..) terus seumpama nih kita lagi berada di directory taroh aja /root yaa.. execute cmd Code:
svn checkout http://lusca-cache.googlecode.com/svn/branches/LUSCA_HEAD/ lusca-head

nah ntar semua source update lusca ada di dir /root/lusca-head agar nanti bisa compile dari dir ~/lusca-head kita bangkit kan dolo configure nya Code:
cd ~/lusca-head ./bootstrap.sh

selesai tahap ini, source udah siap kok utk di compile, kekurangannya di Lusca ente ntar gak ada embel revisi, kalo mau bisa edit manual di configure.in nya. #EOF-1 #-------$

atau Alternative lainnya pakai cara berikut, agar di belakang Lusca nya ntar ada embel revisi .. kalo di freebsd go to directory /usr/local/sbin (kalo di linux /usr/sbin/) kalo gak salah.. Code:
touch lusca.sh chmod +x lusca.sh

paste scripts berikut : Code:

#!/bin/sh WORKDIR=/tmp/lusca RELVER=$1 mkdir -p ${WORKDIR} || exit 1 svn export -r ${RELVER} https://luscacache.googlecode.com/svn/branches/LUSCA_HEAD ${WORKDIR}/LUSCA_HEAD-r$ {RELVER} || exit 1 # rewrite the AC_INIT LUSCA_HEAD entry in configure.in cat ${WORKDIR}/LUSCA_HEAD-r${RELVER}/configure.in | sed "s@LUSCA_HEAD@LUSCA_HEAD-r${RELVER}@" > ${WORKDIR}/LUSCA_HEAD-r$ {RELVER}/configure.in.new || exit 1 mv ${WORKDIR}/LUSCA_HEAD-r${RELVER}/configure.in.new ${WORKDIR}/LUSCA_HEADr${RELVER}/configure.in || exit 1 # run autoconf/automake cd ${WORKDIR}/LUSCA_HEAD-r${RELVER} || exit 1 sh bootstrap.sh || exit 1 # generate tarball cd ${WORKDIR} || exit 1 tar cvf LUSCA_HEAD-r${RELVER}.tar LUSCA_HEAD-r${RELVER} || exit 1 gzip -9 LUSCA_HEAD-r${RELVER}.tar || exit 1 # done!

dari scripts tsb kita mesti masukin manual revisi terbaru lusca, misal rev. baru r14705, di scripts kita ganti : Code:
#!/bin/sh WORKDIR=/tmp/lusca RELVER=14705 mkdir -p ${WORKDIR} || exit 1

svn export -r ${RELVER} https://luscacache.googlecode.com/svn/branches/LUSCA_HEAD ${WORKDIR}/LUSCA_HEAD-r$ {RELVER} || exit 1 # rewrite the AC_INIT LUSCA_HEAD entry in configure.in cat ${WORKDIR}/LUSCA_HEAD-r${RELVER}/configure.in | sed "s@LUSCA_HEAD@LUSCA_HEAD-r${RELVER}@" > ${WORKDIR}/LUSCA_HEAD-r$ {RELVER}/configure.in.new || exit 1 mv ${WORKDIR}/LUSCA_HEAD-r${RELVER}/configure.in.new ${WORKDIR}/LUSCA_HEADr${RELVER}/configure.in || exit 1 # run autoconf/automake cd ${WORKDIR}/LUSCA_HEAD-r${RELVER} || exit 1 sh bootstrap.sh || exit 1 # generate tarball cd ${WORKDIR} || exit 1 tar cvf LUSCA_HEAD-r${RELVER}.tar LUSCA_HEAD-r${RELVER} || exit 1 gzip -9 LUSCA_HEAD-r${RELVER}.tar || exit 1 # done!

kalo udah tinggal jalanin command Code:

lusca.sh <enter>

check di dir /tmp/lusca seharus na dah ada d sono source yg udah include revisi, dah autoconf, & sekalian di zip buat arsip #EOF-2 #------$

UPDATE
hihi.. rinci nya gini (asumsi subversion dah sukses terinstall..) terus seumpama nih kita lagi berada di directory taroh aja /root yaa.. execute cmd Code:
svn checkout http://lusca-cache.googlecode.com/svn/branches/LUSCA_HEAD/ lusca-head

nah ntar semua source update lusca ada di dir /root/lusca-head agar nanti bisa compile dari dir ~/lusca-head kita bangkit kan dolo configure nya Code:
cd ~/lusca-head ./bootstrap.sh

selesai tahap ini, source udah siap kok utk di compile, kekurangannya di Lusca ente ntar gak ada embel revisi, kalo mau bisa edit manual di configure.in nya. #EOF-1 #-------$ atau Alternative lainnya pakai cara berikut, agar di belakang Lusca nya ntar ada embel revisi .. kalo di freebsd go to directory /usr/local/sbin (kalo di linux /usr/sbin/) kalo gak salah..
touch lusca.sh chmod +x lusca.sh

Code:
paste scripts berikut :
#!/bin/sh WORKDIR=/tmp/lusca RELVER=$1 mkdir -p ${WORKDIR} || exit 1 svn export -r ${RELVER} https://luscacache.googlecode.com/svn/branches/LUSCA_HEAD ${WORKDIR}/LUSCA_HEAD-r$ {RELVER} || exit 1 # rewrite the AC_INIT LUSCA_HEAD entry in configure.in cat ${WORKDIR}/LUSCA_HEAD-r${RELVER}/configure.in | sed "s@LUSCA_HEAD@LUSCA_HEAD-r${RELVER}@" > ${WORKDIR}/LUSCA_HEAD-r$ {RELVER}/configure.in.new || exit 1 mv ${WORKDIR}/LUSCA_HEAD-r${RELVER}/configure.in.new ${WORKDIR}/LUSCA_HEADr${RELVER}/configure.in || exit 1 # run autoconf/automake cd ${WORKDIR}/LUSCA_HEAD-r${RELVER} || exit 1 sh bootstrap.sh || exit 1 # generate tarball cd ${WORKDIR} || exit 1 tar cvf LUSCA_HEAD-r${RELVER}.tar LUSCA_HEAD-r${RELVER} || exit 1 gzip -9 LUSCA_HEAD-r${RELVER}.tar || exit 1 # done!

dari scripts tsb kita mesti masukin manual revisi terbaru lusca, misal rev. baru r14705, di scripts kita ganti :
#!/bin/sh WORKDIR=/tmp/lusca RELVER=14705 mkdir -p ${WORKDIR} || exit 1 svn export -r ${RELVER} https://luscacache.googlecode.com/svn/branches/LUSCA_HEAD ${WORKDIR}/LUSCA_HEAD-r$ {RELVER} || exit 1 # rewrite the AC_INIT LUSCA_HEAD entry in configure.in cat ${WORKDIR}/LUSCA_HEAD-r${RELVER}/configure.in | sed "s@LUSCA_HEAD@LUSCA_HEAD-r${RELVER}@" > ${WORKDIR}/LUSCA_HEAD-r$ {RELVER}/configure.in.new || exit 1 mv ${WORKDIR}/LUSCA_HEAD-r${RELVER}/configure.in.new ${WORKDIR}/LUSCA_HEADr${RELVER}/configure.in || exit 1 # run autoconf/automake cd ${WORKDIR}/LUSCA_HEAD-r${RELVER} || exit 1 sh bootstrap.sh || exit 1 # generate tarball cd ${WORKDIR} || exit 1 tar cvf LUSCA_HEAD-r${RELVER}.tar LUSCA_HEAD-r${RELVER} || exit 1 gzip -9 LUSCA_HEAD-r${RELVER}.tar || exit 1 # done!

kalo udah tinggal jalanin command Code:

lusca.sh <enter>

check di dir /tmp/lusca seharus na dah ada d sono source yg udah include revisi, dah autoconf, & sekalian di zip buat arsip #EOF-2 #------$

TEST RUNNING
Quote:

./bootstrap.sh: 90: aclocal: not found aclocal failed Autotool bootstrapping failed. You will need to investigate and correct before you can develop on this source tree

huhuhuuuuu .. muacak tok ...

padahal asli ra iso ...

dah proses terakhir trus kek gini, knp ya? Code:

Exported revision 14707. automake : autoconfg: Bootstrapping bootstrap.sh: 90: aclocal: not found aclocal failed Autotool bootstrapping failed. You will need to investigate and correct before you can develop on this source tree

mudah2an membantu... kayaknya kurang ini Quote: Install package automake1.9 - aclocal is part of that package.

UPDATE
soko mbahe lusca hxxp://code.google.com/p/lusca-cache/wiki/AutoTools lek kate gawe script auto download svn (hxxp://lusca-cache.googlecode.com/svnhistory/r14513/branches/releng/freebsd/build-rel), rak usah ganti $1 ambek versi, langsung ae soko command build-rel xxxx xxx ganti ambek versi sing pengen di sruput misale kate nyeruput rasa versi 14705: tinggak ketik wae : build-rel 14705

lek kate gawe auotobuild & auto install, langsung wae tambahi nang isore script mau : Code:
cd ${WORKDIR}/LUSCA_HEAD-r${RELVER} || exit 1 ./configure --anu-directory-anu --enable-anunya --disable-anu-nya dst ... make make install /etc/init.d/squid restart || exit 1

jadi sekali command langsung iso ditinggal pokeran wis automatic binaryne ke update kog gini ya gan ... root@proxy:~# ./update.sh svn: Syntax error in revision argument 'https://luscacache.googlecode.com/svn/branches/LUSCA_HEAD' syntakxnya salah, yang benar ini Quote: tinggak ketik wae : build-rel 14705 kalau namanya update.sh ./update.sh 14705 dan di script update.sh harus RELVER=$1 jangan di kasih angka misalnya RELVER=1234 thanks bro kweteng tambahan info nya, jd gak perlu repot manual ganti rev di scriptsnya.. soal nama scripts gak jd soal.. as long as ntu scripts berada di directory /usr/local/sbin/ (fbsd) or' /usr/sbin/ (linux), cmd langsung aja.. Code:
update.sh

or apalah sesuai yg dibuat.. selain dir tsb, ya masuk ke dir dimana scripts berada, and pakai ./update.sh untuk execute nya..
satu lagi kelupaan, jgn lupa autoconf & automake dah terinstall yaa di system ente..

update
update-lusca 14635 && rehash && /usr/local/etc/rc.d/squid restart

Linux like free command for FreeBSD

Freecolor is a free replacement that displays free memory graphically as a bargraph. It supports the same options as free. Install freecolor, enter:
# cd /usr/ports/sysutils/freecolor # make install clean

To see memory details, enter:

$ freecolor -m -o

Sample output:
Mem: Swap: total 4082 2048 used 825 0 free 3256 2047 shared 0 buffers 0 cached 117

$ freecolor -t -m -o

Sample output:
Mem: Swap: Total: total 4082 2048 6130 = ( used free 825 3256 0 2047 826 (used) + shared 0 buffers 0 cached 117

5421 (free))

tentang utak atik debug di squid/lusca cache http://code.google.com/p/lusca-cache/wiki/DebugLevels kalau pengen gak bissing pake ini aja utk All hehe debug_options ALL,1 98,1 cuman utk nyari triak error kadang bingung, soalnya errornya gak kelurar messagenya apa

Quote: Logging options are set as section,level where each source file is assigned a unique section. Lower levels result in less output, Full debugging (level 9) can result in a very large

log file, so be careful. The magic word "ALL" sets debugging levels for all sections. We recommend normally running with "ALL,1". The rotate=N option can be used to keep more or less of these logs than would otherwise be kept by logfile_rotate. For most uses a single log should be enough to monitor current events affecting Squid

help gan, Number of clients accessing cache: kok = 0 ternyata mas Rh354 yng punya settingan juga, dah masuk forum mikrotik (sory mas,, ane copas g bilang2) ganti client_db off menjadi on client_db on client_db off = menghemat memory, si squid tidak harus mengcounter statistik tiap client

link-DL http://www.forummikrotik.com/redirect-to/?redirect=http%3A%2F%2Fcode.google.com%2Fp %2Flusca-cache%2Fissues%2Fdetail%3Fid%3D27 taroh file .diff nya di source lusca, and then Code:
patch -p0 < nama-patch.diff

kemudian rebuild lagi lusca dari awal : Code:

make distclean

./configure --option --option.. make && make install

ini lagi progress di test gan (r14718) disable AUFS Code:

# DISK CACHE OPTIONS # ----------------------------------------------------------------------------$ cache_replacement_policy heap LFUDA cache_dir coss /cache01/coss 16384 block-size=2048 max-size=65536 #cache_dir aufs /cache02 32768 64 256 min-size=65536

rebuild storage (squid -z) test site yg belon tercache Code:

1277771569.169 1249 192.168.0.100 TCP_MISS/200 4854 GET http://www.riakbumi.or.id/ - DIRECT/69.163.138.86 text/html 1277771570.619 654 192.168.0.100 TCP_MISS/200 1500 GET http://www.riakbumi.or.id/images/favicon.ico - DIRECT/69.163.138.86 image/x-icon 1277771570.641 662 192.168.0.100 TCP_MISS/200 1138 GET http://www.riakbumi.or.id/images/bt_events.jpg - DIRECT/69.163.138.86 image/jpeg 1277771570.659 681 192.168.0.100 TCP_MISS/200 1935 GET http://www.riakbumi.or.id/images/bt_friend_DS.jpg - DIRECT/69.163.138.86 image/jpeg 1277771570.683 743 192.168.0.100 TCP_MISS/200 5729 GET http://www.riakbumi.or.id/templates/rbv3_front/riakbumi_front.css DIRECT/69.163.138.86 text/css 1277771570.691 717 192.168.0.100 TCP_MISS/200 1495 GET http://www.riakbumi.or.id/images/bt_danau_sentarum.jpg DIRECT/69.163.138.86 image/jpeg 1277771570.735 756 192.168.0.100 TCP_MISS/200 1231 GET http://www.riakbumi.or.id/images/bt_activity.jpg - DIRECT/69.163.138.86 image/jpeg 1277771570.968 316 192.168.0.100 TCP_MISS/200 1269 GET http://www.riakbumi.or.id/images/bt_products.jpg - DIRECT/69.163.138.86 image/jpeg 1277771571.030 333 192.168.0.100 TCP_MISS/200 1511 GET http://www.riakbumi.or.id/images/bt_bekakak.jpg - DIRECT/69.163.138.86 image/jpeg

1277771571.109 358 192.168.0.100 TCP_MISS/200 1615 GET http://www.riakbumi.or.id/images/bt_register.jpg - DIRECT/69.163.138.86 image/jpeg 1277771571.305 326 192.168.0.100 TCP_MISS/200 1746 GET http://www.riakbumi.or.id/images/bt_profile_riakbumi.jpg DIRECT/69.163.138.86 image/jpeg

setelah ter-cache Code:

1277771671.274 2 192.168.0.100 TCP_MEM_HIT/200 5738 GET http://www.riakbumi.or.id/templates/rbv3_front/riakbumi_front.css - NONE/text/css 1277771671.305 2 192.168.0.100 TCP_MEM_HIT/200 19996 GET http://www.riakbumi.or.id/templates/rbv3_front/images/riakbumi-header.jpg NONE/- image/jpeg 1277771671.319 1 192.168.0.100 TCP_MEM_HIT/200 3993 GET http://www.riakbumi.or.id/templates/rbv3_front/images/menu_cover_story.jpg - NONE/- image/jpeg 1277771671.405 1 192.168.0.100 TCP_MEM_HIT/200 907 GET http://www.riakbumi.or.id/templates/rbv3_front/images/menu_update.gif NONE/- image/gif 1277771671.540 1 192.168.0.100 TCP_MEM_HIT/200 1624 GET http://www.riakbumi.or.id/images/bt_register.jpg - NONE/- image/jpeg 1277771671.784 1 192.168.0.100 TCP_MEM_HIT/200 2931 GET http://www.riakbumi.or.id/images/manual_madu.jpg - NONE/- image/jpeg 1277771672.194 1 192.168.0.100 TCP_MEM_HIT/200 2196 GET http://www.riakbumi.or.id/templates/rbv3_front/images/menu_events.jpg NONE/- image/jpeg 1277771672.486 1 192.168.0.100 TCP_MEM_HIT/200 4331 GET http://www.riakbumi.or.id/templates/rbv3_front/images/menu_friendDS.jpg NONE/- image/jpeg

tinggal tunggu swap ke disk, restart and let's we see.. apakah msh HIT kmrn coba kyk gini di r14635 msh HIT

copy/paste to text editor & beri nama async-issue.diff Code:

--- src/client_side_async_refresh.c 2010-05-20 16:19:09.000000000 +0700 +++ src/client_side_async_refresh.c 2010-07-04 10:41:59.000000000 +0700 @@ -76,6 +76,8 @@ accessLogLog(&al, ch); aclChecklistFree(ch); storeClientUnregister(async->sc, async->entry, async); + storeUnlockObject(async->entry->mem_obj->old_entry); + async->entry->mem_obj->old_entry = NULL; storeUnlockObject(async->entry); storeUnlockObject(async->old_entry);

requestUnlink(async->request); @@ -129,6 +131,8 @@ async->entry = storeCreateEntry(url, request->flags, request->method); + if (request->store_url) + storeEntrySetStoreUrl(async->entry, request->store_url); async->entry->mem_obj->old_entry = async->old_entry; storeLockObject(async->entry->mem_obj->old_entry); async->sc = storeClientRegister(async->entry, async);

copy/paste to text editor & beri nama improve-nn-parser.diff Code:

--- lib/rfc1738.c 2009-11-05 11:56:18.000000000 +0700 +++ lib/rfc1738.c 2010-07-04 11:09:32.000000000 +0700 @@ -204,30 +204,39 @@ * rfc1738_unescape() - Converts escaped characters (%xy numbers) in * given the string. %% is a %. %ab is the 8-bit hexadecimal number "ab" */ +static inline int +fromhex(char ch) +{ + if (ch >= '0' && ch <= '9') + return ch - '0'; + if (ch >= 'a' && ch <= 'f') + return ch - 'a' + 10; + if (ch >= 'A' && ch <= 'F') + return ch - 'A' + 10; + return -1; +} + void -rfc1738_unescape(char *s) +rfc1738_unescape(char *s_) { char hexnum[3]; + unsigned char *s = (unsigned char *) s_; int i, j; /* i is write, j is read */ unsigned int x; for (i = j = 0; s[j]; i++, j++) { s[i] = s[j]; if (s[i] != '%') continue; if (s[j + 1] == '%') { /* %% case */ j++; continue; } if (s[j + 1] && s[j + 2]) { if (s[j + 1] == '0' && s[j + 2] == '0') { /* %00 case */ j += 2; continue; } hexnum[0] = s[j + 1];

hexnum[1] = s[j + 2]; hexnum[2] = '\0'; if (1 == sscanf(hexnum, "%x", &x)) { s[i] = (char) (0x0ff & x); + if (s[j] != '%') { + /* normal case, nothing more to do */ + } else if (s[j + 1] == '%') { /* %% case */ + j++; /* Skip % */ + } else { + /* decode */ + char v1, v2; + int x; + v1 = fromhex(s[j + 1]); + v2 = fromhex(s[j + 2]); + /* fromhex returns -1 on error which brings this out of range (|, not +) */ + x = v1 << 4 | v2; + if (x > 0 && x <= 255) { + s[i] = x; j += 2; } }

apply @lusca-r14718

conf COSS as a single file : Code:

cache_dir coss /cache01/coss 16384 block-size=2048 max-size=65536 cache_dir aufs /cache02 32768 64 256 min-size=65536 cache_swap_log /var/spool/squid/%s

--enable-dependency-tracking do not reject slow dependency extractors --enable-dlmalloc=LIB Compile & use the malloc package by Doug Lea --enable-gnuregex Compile GNUregex. Unless you have reason to use this option, you should not enable it. This library file is usually only required on Windows and very old Unix boxes which do not have their own regex library built in. --enable-mempool-debug Include MemPool debug verifications --enable-xmalloc-statistics Show malloc statistics in status page --enable-async-io=N_THREADS

Shorthand for --with-aufs-threads=N_THREADS --enable-storeio=aufs --enable-storeio="list of modules" Build support for the list of store I/O modules. The default is only to build the "ufs" module. See src/fs for a list of available modules, or Programmers Guide section <not yet written> for details on how to build your custom store module --enable-heap-replacement Backwards compatibility option. Please use the new --enable-removal-policies directive instead. --enable-removal-policies="list of policies" Build support for the list of removal policies. The default is only to build the "lru" module. See src/repl for a list of available modules, or Programmers Guide section 9.9 for details on how to build your custom policy --enable-icmp Enable ICMP pinging --enable-delay-pools Enable delay pools to limit bandwidth usage --enable-useragent-log Enable logging of User-Agent header --enable-referer-log Enable logging of Referer header --disable-wccp Disable Web Cache Coordination V1 Protocol --disable-wccpv2 Disable Web Cache Coordination V2 Protocol --enable-kill-parent-hack Kill parent on shutdown --enable-forward-log Enable experimental forward_log directive --enable-multicast-miss Enable experimental multicast notification of cachemisses --enable-snmp Enable SNMP monitoring --enable-cachemgr-hostname=hostname Make cachemgr.cgi default to this host --enable-arp-acl Enable use of ARP ACL lists (ether address) --enable-htcp Enable HTCP protocol --enable-ssl Enable ssl gatewaying support using OpenSSL --enable-forw-via-db Enable Forw/Via database --enable-cache-digests Use Cache Digests see http://www.squid-cache.org/FAQ/FAQ-16.html --enable-default-err-language=lang Select default language for Error pages (see errors directory) --enable-err-languages=\"lang1 lang2..\" Select languages to be installed. (All will be installed by default) --enable-select Force the use of select support. Normally configure automatically selects a better alternative if available. --disable-select Disable select support, causing configure to fail if a better alternative is not available --enable-select-simple Force the use of select support (POSIX). Useful if your system only supports the bare minium POSIX select requirements without fds_bits. --enable-poll Force the use of poll even if automatic checks

indicate poll may be broken on your plaform. Disable the use of poll. Force the use of epoll even if automatic checks indicate epoll may not be supported. --disable-epoll Disable the use of epoll. --enable-kqueue Force the use of kqueue even if automatic checks indicate kqueue may not be supported. --disable-kqueue Disable kqueue support. --enable-devpoll Use Solaris /dev/poll instead of poll --enable-eventports Use Solaris event ports instead of poll --disable-http-violations This allows you to remove code which is known to violate the HTTP protocol specification. --enable-ipf-transparent Enable Transparent Proxy support for systems using IP-Filter network address redirection. --enable-pf-transparent Enable Transparent Proxy support for systems using PF network address redirection. --enable-linux-netfilter Enable Transparent Proxy support for Linux 2.4 and later --enable-large-cache-files Enable support for large cache files (>2GB). WARNING: on-disk cache format is changed by this option --enable-linux-tproxy Enable real Transparent Proxy support for Netfilter TPROXY v2. --enable-linux-tproxy4 Enable real Transparent Proxy support for Netfilter TPROXY v4. --enable-freebsd-tproxy Enable IP source-address spoofing with FreeBSD. --enable-leakfinder Enable Leak Finding code. Enabling this alone does nothing; you also have to modify the source code to use the leak finding functions. Probably Useful for hackers only. --disable-ident-lookups This allows you to remove code that performs Ident (RFC 931) lookups. --enable-truncate This uses truncate() instead of unlink() when removing cache files. Truncate gives a little performance improvement, but may cause problems when used with async I/O. Truncate uses more filesystem inodes than unlink.. --enable-default-hostsfile=path Select default location for hosts file. See hosts_file directive in squid.conf for details --enable-win32-service Compile Squid as a WIN32 Service Works only on Windows NT and Windows 2000 Platforms. --enable-auth="list of auth scheme modules" --disable-poll --enable-epoll

schemes. scheme.

Build support for the list of authentication The default is to build support for the Basic See src/auth for a list of available modules, or Programmers Guide section authentication schemes for details on how to build your custom auth

scheme

module --enable-basic-auth-helpers="list of helpers" This option selects which basic scheme proxy_auth helpers to build and install as part of the normal build process. For a list of available helpers see the helpers/basic_auth directory. --enable-ntlm-auth-helpers="list of helpers" This option selects which proxy_auth ntlm helpers to build and install as part of the normal build process. For a list of available helpers see the helpers/ntlm_auth directory. --enable-digest-auth-helpers="list of helpers" This option selects which digest scheme proxy_auth helpers to build and install as part of the normal build process. For a list of available helpers see the helpers/digest_auth directory. --enable-negotiate-auth-helpers="list of helpers" This option selects which negotiate scheme authentication helpers to build and install as part of the normal build process. For a list of available helpers see the helpers/negotiate_auth directory. --enable-ntlm-fail-open Enable NTLM fail open, where a helper that fails one of the Authentication steps can allow squid to still authenticate the user. --enable-external-acl-helpers="list of helpers" This option selects which external_acl helpers to build and install as part of the normal build process. For a list of available helpers see the helpers/external_acl directory. --disable-unlinkd Do not use unlinkd --enable-stacktraces Enable automatic call backtrace on fatal errors --enable-x-accelerator-vary Enable support for the X-Accelerator-Vary HTTP header. Can be used to indicate variance within an accelerator setup. Typically used together with other code that adds custom HTTP headers to the requests. --enable-follow-x-forwarded-for Enable support for following the X-Forwarded-For

--disable-caps privileges

HTTP header to try to find the IP address of the original or indirect client when a request has been forwarded through other proxies. disable usage of Linux capabilities library to control

Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-valgrind-debug Include debug instrumentation for use with valgrind --with-aufs-threads=N_THREADS Tune the number of worker threads for the aufs object store. --with-pthreads Use POSIX Threads --with-aio Use POSIX AIO --with-dl Use dynamic linking --without-system-md5 Disable the use of any system provided MD5 Implementation forcing fallback on the internal implementation shipped with Squid --with-openssl=prefix Compile with the OpenSSL libraries. The path to the OpenSSL development libraries and headers installation can be specified if outside of the system standard directories --with-coss-membuf-size COSS membuf size (default 1048576 bytes) --with-large-files Enable support for large files (logs etc). --with-build-environment=model The build environment to use. Normally one of POSIX_V6_ILP32_OFF32 32 bits POSIX_V6_ILP32_OFFBIG 32 bits with large file support POSIX_V6_LP64_OFF64 64 bits POSIX_V6_LPBIG_OFFBIG large pointers and files XBS5_ILP32_OFF32 32 bits (legacy) XBS5_ILP32_OFFBIG 32 bits with large file support (legacy) XBS5_LP64_OFF64 64 bits (legacy) XBS5_LPBIG_OFFBIG large pointers and files (legacy) default The default for your OS --with-maxfd=N Override maximum number of filedescriptors. Useful if you build as another user who is not privileged to use the number of filedescriptors you want the resulting binary to support Some influential environment variables: CC C compiler command CFLAGS C compiler flags LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a nonstandard directory <lib dir> LIBS libraries to pass to the linker, e.g. -l<library>

CPPFLAGS CPP

C/C++/Objective C preprocessor flags, e.g. -I<include dir> if you have headers in a nonstandard directory <include dir> C preprocessor

Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations.

CHOST="i386-debian-linux" \ CFLAGS="-Wall -g -O2" \ ./configure --prefix=/usr --exec_prefix=/usr --bindir=/usr/sbin --sbindir=/usr/sbin --libexecdir=/usr/lib/squid --sysconfdir=/etc/squid --localstatedir=/var/spool/squid --datadir=/usr/share/squid --enable-async-io --with-pthreads --enable-storeio=aufs,coss --enable-arp-acl --enable-epoll --with-coss-membuf-size=33554432 --disable-auth --disableunlinkd --with-aio --with-dl --enable-removal-policies=heap --enable-snmp --enable-delaypools --enable-htcp --disable-ident-lookups --disable-wccp --disable-wccpv2 --disable-select --enable-err-languages=English --enable-default-err-language=English --with-large-files --enable-linux-netfilter --enable-large-cache-files speisifik set CFLAGS disini : http://en.gentoo-wiki.com/wiki/Safe_Cflags/Intel http://en.gentoo-wiki.com/wiki/Safe_Cflags/AMD