1. Download Source
fetch http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE13.tar.gz
fetch http://www.cpan.org/src/5.0/perl-5.9.5.tar.gz
2. Extract program squid
#tar -xzvf squid-2.6.STABLE13.tar.gz
#cd squid-2.6.STABLE13
# ./configure --prefix=/usr/local/squid --exec-prefix=/usr/local/squid --sysconfdir=/usr/local/squid/etc --libexecdir=/usr/local/squid/lib --bindir=/usr/local/squid/sbin --localstatedir=/usr/local/squid/var --enable-delay-pools --enable-cache-digests --enable-http-violations --enable-poll --disable-ident-lookups --enable-large-cache-files --enable-ipf-transparent --enable-removal-policies=lru,heap --enable-storeio=diskd,ufs,aufs,coss,null --enable-truncate --enable-cachemgr-hostname=www --enable-unlinkd --enable-snmp --enable-arp-acl --disable-icmp --enable-async-io=24 --with-dl --disable-wccp --disable-wccpv2 --enable-htcp --enable-gnuregex
#make && make install
#cd /usr/local/squid/
#mkdir cache
#mkdir logs
#mkdir coss ( jika memakai coss / optional )
#chown - R nobody:nogroup cache
#chown -R nobody:nogroup logs
#chown –R nobody:nogroup coss
#cd /etc/
#ee squid.conf
http_port 808 transparent
icp_port 3130
hierarchy_stoplist cgi-bin ? localhost
acl QUERY urlpath_regex cgi-bin \? localhost
no_cache deny QUERY
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
cache_mem 8 MB
cache_dir diskd /cache1 4000 10 256 Q1=72 Q2=64
cache_dir diskd /cache2 4000 10 256 Q1=72 Q2=64
cache_dir diskd /cache3 4000 10 256 Q1=72 Q2=64
cache_dir diskd /cache4 4000 10 256 Q1=72 Q2=64
cache_dir diskd /cache5 4000 10 256 Q1=72 Q2=64
cache_dir diskd /cache6 4000 10 256 Q1=72 Q2=64
cache_dir diskd /cache7 4000 10 256 Q1=72 Q2=64
cache_dir diskd /cache8 4000 10 256 Q1=72 Q2=64
cache_dir diskd /cache9 4000 10 256 Q1=72 Q2=64
cache_dir diskd /cache10 4000 10 256 Q1=72 Q2=64
cache_dir diskd /cache11 4000 10 256 Q1=72 Q2=64
cache_dir diskd /cache12 4000 10 256 Q1=72 Q2=64
cache_swap_low 98
cache_swap_high 99
cache_access_log /usr/local/squid/logs/access.log
cache_log /dev/null
cache_store_log /dev/null
mime_table /usr/local/squid/etc/mime.conf
pid_filename /usr/local/squid/logs/squid.pid
client_netmask 255.255.255.255
dns_nameservers 116.68.116.60
refresh_pattern ^http://.*\.gif$ 1440 50% 20160
refresh_pattern -i \.jpg$ 10080 150% 40320 reload-into-ims
refresh_pattern -i \.JPG$ 10080 150% 40320 reload-into-ims
refresh_pattern -i \.jpeg$ 10080 150% 40320 reload-into-ims
refresh_pattern -i \.JPEG$ 10080 150% 40320 reload-into-ims
refresh_pattern -i \.png$ 10080 150% 40320 reload-into-ims
refresh_pattern -i \.PNG$ 10080 150% 40320 reload-into-ims
refresh_pattern -i \.gif$ 10080 300% 40320 reload-into-ims
refresh_pattern -i \.GIF$ 10080 300% 40320 reload-into-ims
refresh_pattern -i \.txt$ 1440 100% 20160 reload-into-ims override-lastmod
refresh_pattern -i \.TXT$ 1440 100% 20160 reload-into-ims override-lastmod
refresh_pattern -i \.zip$ 2880 200% 40320
refresh_pattern -i \.ZIP$ 2880 200% 40320
refresh_pattern -i \.exe$ 2880 200% 40320
refresh_pattern -i \.EXE$ 2880 200% 40320
refresh_pattern -i \.qtm$ 10080 150% 40320
refresh_pattern -i \.flv$ 10080 150% 40320
refresh_pattern -i \.swf$ 10080 150% 40320
refresh_pattern -i \.rar$ 10080 150% 40320
refresh_pattern ^http://(.*?)/get_video\? 43200 90% 999999 override-expire ignore-no-cache ignore-private
refresh_pattern ^http://(.*?)/videodownload\? 43200 90% 999999 override-expire ignore-no-cache ignore-private
refresh_pattern ^http://i(.*?).photobucket.com/albums/(.*?)/(.*?)/(.*?)\? 43200 90% 999999 override-expire ignore-no-cache
refresh_pattern ^http://vid(.*?).photobucket.com/albums/(.*?)/(.*?)\? 43200 90% 999999 override-expire ignore-no-cache
refresh_pattern ^http://*\.kaskus.us/.* 720 100% 10080
refresh_pattern ^http://*\.friendster.com/.* 720 100% 10080
refresh_pattern ^http://*.kapanlagi.com/.* 720 100% 10080
refresh_pattern ^http://mail.yahoo.com/.* 10080 100% 43200 reload-into-ims
refresh_pattern ^http://*.yahoo.*/.* 10080 100% 43200 reload-into-ims
refresh_pattern ^http://*.google.com/.* 720 100% 10080
refresh_pattern ^http\:\/\/.*\.google\.com\/ 10080 80% 43200 reload-into-ims
refresh_pattern ^http\:\/\/.*\.google\.co.id\/ 10080 80% 43200 reload-into-ims
refresh_pattern ^http://www.telkomspeedy.com/.* 720 100% 28800
refresh_pattern ^http://*\.blogsome.com/.* 720 80% 10080
refresh_pattern ^http://.*\.facebook\.com 10080 80% 43200 reload-into-ims
refresh_pattern ^http://*.friendster.com/.* 720 80% 4320 override-lastmod
refresh_pattern ^http://*.wordpress.com/.* 720 80% 10080
refresh_pattern ^http://*.detik.com/.* 720 90% 2880
refresh_pattern ^http://.*\.cnn\.com 360 50% 4320 override-lastmod
refresh_pattern ^http://news\.bbc\.co\.uk 360 50% 4320 override-lastmod
refresh_pattern ^ftp: 10080 95% 241920 reload-into-ims override-lastmod
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod
redirect_rewrites_host_header off
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl eresha src 172.16.101.0/24
acl avatar url_regex -i \image.php?
acl avi urlpath_regex -i \.avi$
acl exe urlpath_regex -i \.exe$ \.EXE$
acl mpeg urlpath_regex -i \.m1v$ \.mpeg$ \.mpg$
acl mpeg_2 urlpath_regex -i .m2v$ .vob$
acl mpeg_audio urlpath_regex -i \.mpa$ \.mp2$ \.mp3$ \.aac$
acl dat urlpath_regex -i \.dat$ \.bin$
acl real urlpath_regex -i \.ram$ \.ra$ \.rm$ \.rnx$
acl asf urlpath_regex -i \.asf$ \.wma$ \.asx$ \.wmv$
acl vivo urlpath_regex -i \.viv$ \.vivo$
acl flash urlpath_regex -i \.swf$ \.SWF$ \.flv$ \.FLV$
acl pdf urlpath_regex -i \.pdf$ \.PDF$
acl doc urlpath_regex -i \.doc$ \.DOC$ \.docx$ \.DOCX$ \.txt$ \.TXT$ \.rtf$ \.RTF$
acl compress urlpath_regex -i \.zip$ \.ZIP$ \.rar$ \.RAR$ \.7z$ \.7Z$
acl image urlpath_regex -i \.iso$ \.ISO$ \.gif$ \.png$ \.jpg$ \.jpeg$ \.bmp$ \.php$
cache allow avatar
cache allow exe
cache allow avi
cache allow mpeg
cache allow mpeg_2
cache allow mpeg_audio
cache allow dat
cache allow real
cache allow asf
cache allow vivo
cache allow flash
cache allow pdf
cache allow doc
cache allow compress
cache allow image
acl IIX dst_as 7713 4795 7597 4622 4800 4787
acl FS dst 209.11.168.112/255.255.255.255
acl FS1 dst 209.11.168.113/255.255.255.255
acl FS2 dst 209.11.168.122/255.255.255.255
acl FS3 dst 209.11.168.123/255.255.255.255
acl FS4 dst 209.11.168.112/255.255.255.255
acl loop dst 127.0.0.0/255.0.0.0
acl Ind dst 202.0.0.0/255.0.0.0
acl Ind2 dst 203.0.0.0/255.0.0.0
acl Ind3 dst 114.0.0.0/255.0.0.0
acl Ind4 dst 125.0.0.0/255.0.0.0
acl Ind5 dst 222.0.0.0/255.0.0.0
acl Ind6 dst 61.0.0.0/255.0.0.0
acl Ind7 dst 206.0.0.0/255.0.0.0
acl Ind8 dst 121.0.0.0/255.0.0.0
acl Ind9 dst 124.0.0.0/255.0.0.0
acl Ind10 dst 117.0.0.0/255.0.0.0
acl Ind11 dst 119.0.0.0/255.0.0.0
acl Ind12 dst 210.0.0.0/255.0.0.0
acl Ind13 dst 207.0.0.0/255.0.0.0
acl Ind14 dst 152.0.0.0/255.0.0.0
acl Ind15 dst 118.0.0.0/255.0.0.0
acl Ind16 dst 209.0.0.0/255.0.0.0
acl Ind17 dst 118.0.0.0/255.0.0.0
acl Ind18 dst 60.0.0.0/255.0.0.0
acl Ind19 dst 61.0.0.0/255.0.0.0
acl Ind20 dst 118.0.0.0/255.0.0.0
acl Ind21 dst 58.0.0.0/255.0.0.0
acl Ind22 dst 116.0.0.0/255.0.0.0
acl Ind23 dst 146.0.0.0/255.0.0.0
acl Ind24 dst 218.0.0.0/255.0.0.0
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl manager proto cache_object
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow manager localhost
http_access deny manager
http_access deny CONNECT !SSL_ports
http_access deny CONNECT
http_access allow eresha
http_access deny all
icp_access allow eresha
icp_access deny all
always_direct allow eresha
always_direct allow loop
always_direct allow Ind
always_direct allow Ind2
always_direct allow FS
always_direct allow FS1
always_direct allow FS2
always_direct allow FS3
always_direct allow FS4
http_reply_access allow manager localhost
http_reply_access allow eresha
unlinkd_program /usr/local/squid/lib/unlinkd
storeurl_rewrite_program /usr/local/squid/lib/store_url_rewrite
storeurl_rewrite_children 1
storeurl_rewrite_concurrency 10
acl youtube dstdomain .youtube.com .googlevideo.com .video.google.com .video.google.com.au
cache allow youtube
acl youtubeip dst 74.125.15.0/24 208.65.153.0/24 208.117.236.0/24 208.117.252.0/24 208.117.249.0/24
cache allow youtubeip
acl streaming url_regex -i get_video\?video_id videodownload\?
cache allow streaming
acl store_rewrite_list url_regex ^http://(.*?)/get_video\?
acl store_rewrite_list url_regex ^http://(.*?)/videodownload\?
acl store_rewrite_list url_regex ^http://i(.*?).photobucket.com/albums/(.*?)/(.*?)/(.*?)\?
acl store_rewrite_list url_regex ^http://vid(.*?).photobucket.com/albums/(.*?)/(.*?)\?
acl QUERY2 urlpath_regex get_video\? videoplayback\? \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv)\?
storeurl_access allow store_rewrite_list
storeurl_access deny all
acl QUERY urlpath_regex cgi-bin \? .js .do .asp .php .jsp .cgi
maximum_object_size 10240 KB
maximum_object_size_in_memory 32 KB
minimum_object_size 4 KB
ipcache_size 4096
ipcache_size 4096
ipcache_low 98
ipcache_high 99
quick_abort_min 0
quick_abort_max 0
quick_abort_pct 100
fqdncache_size 4096
shutdown_lifetime 10 second
cache_mgr heru.mahardian@eresha.net.id
cachemgr_passwd secret all
memory_pools off
buffered_logs off
log_icp_queries off
logfile_rotate 0
log_fqdn off
forwarded_for on
icp_hit_stale on
query_icmp on
reload_into_ims on
emulate_httpd_log off
negative_ttl 2 minutes
pipeline_prefetch on
vary_ignore_expire on
half_closed_clients off
high_memory_warning 64 MB
high_response_time_warning 2000
high_page_fault_warning 2
visible_hostname TooFastTooFurious
#cp /usr/local/squid/etc/squid.conf /usr/local/squid/etc/squid.conf
#cd /usr/local/squid/logs
#touch access.log
#touch cache.log
#chown -R nobody:nogroup access.log
#chown -R nobody:nogroup cache.log
#chmod 777 access.log
# cd /usr/local/squid/lib/
#touch store_url_rewrite
#chown -R nobody:nogroup store_url_rewrite
#chmod 777 store_url_rewrite
#/usr/local/squid/sbin/squid –z ( buat swap directory )
#/usr/local/squid/sbin/squid –sYD ( menjalankan squid )
3. Untuk menambahkan Firewall situs-situs porno :
#cd /usr/ports/www/bannerfilter
#make install clean
Membuat File Porn.Txt
#cd /usr/local/etc/squid/
#touch porn.txt
#ee porn.txt ( dsini kita isikan nama-nama yang mengandung porno)
##### isi dari porn.txt #####
redtube
lalatx
17tahun
sex
porn
porno
##### end dari porn.txt #####
Kita tambahkan scrip berikut di /usr/local/squid/etc/squid.conf
redirect_program /usr/local/libexec/bannerfilter/redirector.pl
acl blockedsites url_regex -i "/usr/local/etc/squid/porn.txt"
acl bannedsites url_regex -i "/usr/local/etc/squid/porn.txt"
http_access deny blockedsites
http_access deny bannedsites
Oke sekarang bisa dicoba untuk menjalankan lagi
No comments:
Post a Comment