Kumpulan Informasi Dunia Maya dan Ilmu Pengetahuan dari Berbagai Sumber

Tutorial Bikin LUSCA proxy di CentOS 5.5 Konfigurasi dan Tunning

by Arjo Mangil , at 20.32
 
Langsung Aja

Lusca bertujuan untuk memperbaiki kekurangan-2 dalam basis kode sementara squid, serta menjaga kestabilan fungsionalitas dan stabilitas Squid.
mendukung mayoritas HTTP/1.1 HTTP/1.0
Mendukung protokol dan caching untuk merekonstruksi : konten load balancing HTTP, kegagalan, permintaan cerdas / jawaban routing, memori dengan kinerja tinggi dan cache disk, sistem kontrol akses yang fleksibel
Peningkatan kinerja yang lebih cepat karena memperbaiki kelemahan squid proxy
Menangani local cache Content dynamic
web proxy / cache platform dengan kinerja lebih stabil, fitur lebih banyak dan skalabilitas yang dynamis.
mendukung cpu single core ataupun multicore
Lusca terus meliputi perbaikan dan perkembangan dari proyek Squid, Ok Lanjut

Install squid bawaan CentOS terlebih dahulu

[root@lusca-proxy ~]# yum install squid
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
addons                                                   |  951 B     00:00
addons/primary                                           |  202 B     00:00
base                                                     | 2.1 kB     00:00
base/primary_db                                          | 1.6 MB     00:02
extras                                                   | 2.1 kB     00:00
extras/primary_db                                        | 188 kB     00:00
updates                                                  | 1.9 kB     00:00
updates/primary_db                                       | 840 kB     00:01
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package squid.i386 7:2.6.STABLE21-6.el5 set to be updated
--> Processing Dependency: perl(URI::URL) for package: squid
--> Running transaction check
---> Package perl-URI.noarch 0:1.35-3 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package         Arch          Version                        Repository   Size
================================================================================
Installing:
squid           i386          7:2.6.STABLE21-6.el5           base        1.3 M
Installing for dependencies:
perl-URI        noarch        1.35-3                         base        116 k

Transaction Summary
================================================================================
Install       2 Package(s)
Upgrade       0 Package(s)

Total download size: 1.4 M
Is this ok [y/N]: y
Setelah terinstall maka kita remove lagi


[root@lusca-proxy ~]# yum remove squid
Loaded plugins: fastestmirror
Setting up Remove Process
Resolving Dependencies
--> Running transaction check
---> Package squid.i386 7:2.6.STABLE21-6.el5 set to be erased
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package      Arch        Version                        Repository        Size
================================================================================
Removing:
squid        i386        7:2.6.STABLE21-6.el5           installed        3.5 M

Transaction Summary
================================================================================
Remove        1 Package(s)
Reinstall     0 Package(s)
Downgrade     0 Package(s)

Is this ok [y/N]: y



Setelah itu kita install paket yang di butuhkan untuk kompilasi LUSCA yaitu :
- automake
- gcc
- glibc-devel
- e2fsprogs-devel
- sharutils


[root@lusca-proxy ~]# yum install automake gcc glibc-devel e2fsprogs-devel sharutils
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package automake.noarch 0:1.9.6-2.3.el5 set to be updated
--> Processing Dependency: autoconf >= 2.58 for package: automake
---> Package e2fsprogs-devel.i386 0:1.39-23.el5_5.1 set to be updated
--> Processing Dependency: e2fsprogs-libs = 1.39-23.el5_5.1 for package: e2fspro                                                                                        gs-devel
---> Package gcc.i386 0:4.1.2-48.el5 set to be updated
--> Processing Dependency: cpp = 4.1.2-48.el5 for package: gcc
--> Processing Dependency: libgomp >= 4.1.2-48.el5 for package: gcc
---> Package glibc-devel.i386 0:2.5-49.el5_5.7 set to be updated
--> Processing Dependency: glibc-headers = 2.5-49.el5_5.7 for package: glibc-dev                                                                                        el
--> Processing Dependency: glibc = 2.5-49.el5_5.7 for package: glibc-devel
--> Processing Dependency: glibc-headers for package: glibc-devel
---> Package sharutils.i386 0:4.6.1-2 set to be updated
--> Running transaction check
---> Package autoconf.noarch 0:2.59-12 set to be updated
--> Processing Dependency: imake for package: autoconf
---> Package cpp.i386 0:4.1.2-48.el5 set to be updated
--> Processing Dependency: e2fsprogs-libs = 1.39-23.el5 for package: e2fsprogs
---> Package e2fsprogs-libs.i386 0:1.39-23.el5_5.1 set to be updated
--> Processing Dependency: glibc = 2.5-49 for package: nscd
---> Package glibc.i686 0:2.5-49.el5_5.7 set to be updated
--> Processing Dependency: glibc-common = 2.5-49.el5_5.7 for package: glibc
---> Package glibc-headers.i386 0:2.5-49.el5_5.7 set to be updated
--> Processing Dependency: kernel-headers >= 2.2.1 for package: glibc-headers
--> Processing Dependency: kernel-headers for package: glibc-headers
---> Package libgomp.i386 0:4.4.0-6.el5 set to be updated
--> Running transaction check
---> Package e2fsprogs.i386 0:1.39-23.el5_5.1 set to be updated
---> Package glibc-common.i386 0:2.5-49.el5_5.7 set to be updated
---> Package imake.i386 0:1.0.2-3 set to be updated
---> Package kernel-headers.i386 0:2.6.18-194.26.1.el5 set to be updated
---> Package nscd.i386 0:2.5-49.el5_5.7 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package              Arch        Version                    Repository    Size
================================================================================
Installing:
automake             noarch      1.9.6-2.3.el5              base         476 k
e2fsprogs-devel      i386        1.39-23.el5_5.1            updates      569 k
gcc                  i386        4.1.2-48.el5               base         5.2 M
glibc-devel          i386        2.5-49.el5_5.7             updates      2.0 M
sharutils            i386        4.6.1-2                    base         201 k
Installing for dependencies:
autoconf             noarch      2.59-12                    base         647 k
cpp                  i386        4.1.2-48.el5               base         2.6 M
glibc-headers        i386        2.5-49.el5_5.7             updates      602 k
imake                i386        1.0.2-3                    base         319 k
kernel-headers       i386        2.6.18-194.26.1.el5        updates      1.1 M
libgomp              i386        4.4.0-6.el5                base          70 k
Updating for dependencies:
e2fsprogs            i386        1.39-23.el5_5.1            updates      977 k
e2fsprogs-libs       i386        1.39-23.el5_5.1            updates      118 k
glibc                i686        2.5-49.el5_5.7             updates      5.3 M
glibc-common         i386        2.5-49.el5_5.7             updates       16 M
nscd                 i386        2.5-49.el5_5.7             updates      166 k

Transaction Summary
================================================================================
Install      11 Package(s)
Upgrade       5 Package(s)

Total download size: 37 M
Is this ok [y/N]:y



Duduk tenang selesai install paket-paket di atas kemudian download LUSCA nya dari google
Code:
[root@lusca-proxy ~]#wget http://lusca-cache.googlecode.com/files/LUSCA_HEAD-r14809.tar.gz
Setelah itu di extrak
Code:
[root@lusca-proxy ~]# tar -zxvf LUSCA_HEAD-r14809.tar.gz
Pindah ke dalam direktori lusca, naikkan filedescriptors, dan kemudian configure menggunakan opsi-opsi di bawah ini
Code:
[root@lusca-proxy ~]# cd LUSCA_HEAD-r14809
[root@lusca-proxy ~]# ulimit -n 8192
[root@lusca-proxy LUSCA_HEAD-r14809]# ./configure --prefix=/usr/local/squid --exec-prefix=/usr/local/squid --enable-delay-pools --enable-cache-digests --enable-poll --enable-linux-netfilter --enable-removal-policies --with-maxfd=8192 --enable-storeio=aufs --disable-wccp --enable-x-accelerator-vary --enable-kill-parent-hack --enable-async-io=30 --disable-ident-lookups
semua file instalasi terletak di /usr/local/squid/ jadi kita tidak akan repot-repot mencari-cari file squid


Kemudian install
Code:
[root@lusca-proxy LUSCA_HEAD-r14809]# make all && make install
Duduk tenang menunggu instalasi selesai sekarang waktu nya Konfigurasi.
- Pindah ke direktori /usr/local/squid/etc
Code:
[root@lusca-proxy LUSCA_HEAD-r14809]# cd /usr/local/squid/etc/


kemudian config squid nya kaya gini nih,..
Code:
##start of config
http_port 3128 transparent
icp_port 0
#icp_port 3130

pid_filename /var/run/squid.pid
cache_effective_user squid
cache_effective_group squid
#error_directory /usr/share/squid/errors/templates
#icon_directory /usr/share/squid/icons
visible_hostname lusca.net
cache_mgr admin@localhost
access_log /cache1/access.log
cache_log /cache1/cache.log
cache_store_log none
logfile_rotate 1
shutdown_lifetime 10 seconds


####################################################################
# Allow local network(s) on interface(s)
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
#acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.25.0/24 # RFC1918 possible internal network
####################################################################

uri_whitespace strip
#dns_nameservers
#dns_testnames 127.0.0.1

cache_mem 8 MB
maximum_object_size_in_memory 128 MB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA

cache_dir aufs /cache1 32768 64 256

minimum_object_size 512 bytes
maximum_object_size 128000 KB
offline_mode off
cache_swap_low 98
cache_swap_high 99

# No redirector configured

# Setup some default acls
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 81 3128 1025-65535
acl sslports port 443 563 81
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
#acl dynamic urlpath_regex cgi-bin \?

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports

# Always allow localhost connections
http_access allow localhost

# Allow local network(s) on interface(s)
http_access allow localnet

# Default block all to be sure
http_access deny all

#include /usr/local/squid/etc/storeurl-el5.pl
include /usr/local/squid/etc/tunning.conf

##end of config
terus save.as storeurl.pl
Code:
#!/usr/bin/perl5.8.8
# by chudy_fernandez@yahoo.com
# Updates at http://wiki.squid-cache.org/ConfigExamples/DynamicContent/YouTube/Discussion
$|=1;
while (<>) {
    @X = split;
    $X[1] =~ s/&sig=.*//;
    $x = $X[0] . " ";
    $_ = $X[1];
    $u = $X[1];


            # compatibility for old cached get_video?video_id
if (m/^http:\/\/([0-9.]{4}|.*\.youtube\.com|.*\.googlevideo\.com|.*\.video\.google\.com).*?(videoplayback\?id=.*?|video_id=.*?)\&(.*?)/) {
    $z = $2; $z =~ s/video_id=/get_video?video_id=/;
    print $x . "http://video-srv.youtube.com.SQUIDINTERNAL/" . $z . "\n";

            # youtube HD itag=22
} elsif (m/^http:\/\/([0-9.]{4}|.*\.youtube\.com|.*\.googlevideo\.com|.*\.video\.google\.com).*?\&(itag=22).*?\&(id=[a-zA-Z0-9]*)/) {
    print $x . "http://video-srv.youtube.com.SQUIDINTERNAL/" . $2 . "&" . $3 . "\n";

            # youtube Normal screen always HD itag 35, Normal screen never HD itag 34, itag=18 <--normal?
} elsif (m/^http:\/\/([0-9.]{4}|.*\.youtube\.com|.*\.googlevideo\.com|.*\.video\.google\.com).*?\&(itag=[0-9]*).*?\&(id=[a-zA-Z0-9]*)/) {
    print $x . "http://video-srv.youtube.com.SQUIDINTERNAL/" . $3 . "\n";

} elsif (m/^http:\/\/www\.google-analytics\.com\/__utm\.gif\?.*/) {
    print $x . "http://www.google-analytics.com/__utm.gif\n";

            #Cache High Latency Ads
} elsif (m/^http:\/\/([a-z0-9.]*)(\.doubleclick\.net|\.quantserve\.com|\.googlesyndication\.com)(.*)/) {
    $y = $3;$z = $2;
    for ($y) {
    s/pixel;.*/pixel/;
    s/activity;.*/activity/;
    s/(imgad[^&]*).*/\1/;
    s/;ord=[?0-9]*//;
    s/;&timestamp=[0-9]*//;
    s/[&?]correlator=[0-9]*//;
    s/&cookie=[^&]*//;
    s/&ga_hid=[^&]*//;
    s/&u_his=[^&]*//;
    s/&dt=[^&]*//;
    s/&lmt=[^&]*//;
    s/(&alternate_ad_url=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/;
    s/(&url=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/;
    s/(&ref=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/;
    s/(&cookie=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/;
    s/[;&?]ord=[?0-9]*//;
    s/[;&]mpvid=[^&;]*//;
    }
    print $x . "http://" . $1 . $2 . $y . "\n";

            #cache high latency ads
} elsif (m/^http:\/\/(.*?)\/(ads)\?(.*?)/) {
    print $x . "http://" . $1 . "/" . $2  . "\n";

            # spicific servers starts here....
} elsif (m/^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*?)/) {
    print $x . "http://" . $1 . "\n";


#            # indowebster added by fahmi[at]airputih.or.id
#} elsif (($u =~ /indowebster/) && (m/^http:\/\/www[0-9][0-9]\.indowebster.com.*\/(.*?)/)) {
#        print $x . "http://cdn.indowebster.com/" . $2 . "\n";


            #cdn, varialble 1st path
} elsif (($u =~ /filehippo/) && (m/^http:\/\/(.*?)\.(.*?)\/(.*?)\/(.*)\.([a-z0-9]{3,4})(\?.*)?/)) {
    @y = ($1,$2,$4,$5);
    $y[0] =~ s/[a-z0-9]{2,5}/cdn./;
    print $x . "http://" . $y[0] . $y[1] . "/" . $y[2] . "." . $y[3] . "\n";

            #rapidshare
} elsif (($u =~ /rapidshare/) && (m/^http:\/\/(([A-Za-z]+[0-9-.]+)*?)([a-z]*\.[^\/]{3}\/[a-z]*\/[0-9]*)\/(.*?)\/([^\/\?\&]{4,})$/)) {
    print $x . "http://cdn." . $3 . "/SQUIDINTERNAL/" . $5 . "\n";

} elsif (($u =~ /maxporn/) && (m/^http:\/\/([^\/]*?)\/(.*?)\/([^\/]*?)(\?.*)?$/)) {
    print $x . "http://" . $1 . "/SQUIDINTERNAL/" . $3 . "\n";

            #like porn hub variables url and center part of the path, filename etention 3 or 4 with or withour ? at the end
} elsif (($u =~ /tube8|pornhub|xvideos/) && (m/^http:\/\/(([A-Za-z]+[0-9-.]+)*?)\.([a-z]*[0-9]?\.[^\/]{3}\/[a-z]*)(.*?)((\/[a-z]*)?(\/[^\/]*){4}\.[^\/\?]{3,4})(\?.*)?$/)) {
    print $x . "http://cdn." . $3 . $5 . "\n"; 
            #...spicific servers end here.
     
            #general purpose for cdn servers. add above your specific servers.
} elsif (m/^http:\/\/([0-9.]*?)\/\/(.*?)\.(.*)\?(.*?)/) {
    print $x . "http://squid-cdn-url//" . $2  . "." . $3 . "\n";

            #for yimg.com doubled
} elsif (m/^http:\/\/(.*?)\.yimg\.com\/(.*?)\.yimg\.com\/(.*?)\?(.*)/) {
    print $x . "http://cdn.yimg.com/"  . $3 . "\n";

            #for yimg.com with &sig=
} elsif (m/^http:\/\/(.*?)\.yimg\.com\/(.*)/) {
    @y = ($1,$2);
    $y[0] =~ s/[a-z]+[0-9]+/cdn/;
    $y[1] =~ s/&sig=.*//;
    print $x . "http://" . $y[0] . ".yimg.com/"  . $y[1] . "\n";

            #generic http://variable.domain.com/path/filename."ext" or "exte" with or withour "?"
} elsif (m/^http:\/\/(.*)([^\.\-]*?\..*?)\/(.*)\.([^\/\?\&]{3,4})(\?.*)?$/) {
    @y = ($1,$2,$3,$4);
    $y[0] =~ s/(([a-zA-A-]+[0-9-]+)|(.*cdn.*)|(.*cache.*))/cdn/;
    print $x . "http://" . $y[0] . $y[1] . "/" . $y[2] . "." . $y[3] . "\n";

            # generic http://variable.domain.com/...
} elsif (m/^http:\/\/(([A-Za-z]+[0-9-]+)*?|.*cdn.*|.*cache.*)\.(.*?)\.(.*?)\/(.*)$/) {
    print $x . "http://cdn." . $3 . "." . $4 . "/" . $5 .  "\n";

            # spicific extention that ends with ?
} elsif (m/^http:\/\/(.*?)\/(.*?)\.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|on2)\?(.*)/) {
    print $x . "http://" . $1 . "/" . $2  . "." . $3 . "\n";

            # all that ends with ;
} elsif (m/^http:\/\/(.*?)\/(.*?)\;(.*)/) {
    print $x . "http://" . $1 . "/" . $2  . "\n";

} else {
    print $x . $_ . "\n";
}
}


save as lagi tunning.conf
Code:
save as lagi tunning.conf
Code:
acl store_rewrite_list urlpath_regex            \/(get_video|videoplayback\?id|videoplayback.*id)
acl store_rewrite_list urlpath_regex            \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|mp(4|3)|exe|msi|zip|on2|mar)\?
acl store_rewrite_list_domain url_regex         ^http:\/\/([a-zA-Z-]+[0-9-]+)\.[A-Za-z]*\.[A-Za-z]*
acl store_rewrite_list_domain url_regex         (([a-z]{1,2}[0-9]{1,3})|([0-9]{1,3}[a-z]{1,2}))\.[a-z]*[0-9]?\.[a-z]{3}
acl store_rewrite_list_path urlpath_regex       \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|avc|zip|mp3|3gp|rar|on2|mar|exe)$
acl store_rewrite_list_domain_CDN url_regex     \.rapidshare\.com.*\/[0-9]*\/.*\/[^\/]* ^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*) \.doubleclick\.net.*
acl store_rewrite_list_domain_CDN url_regex     ^http:\/\/[.a-z0-9]*\.photobucket\.com.*\.[a-z]{3}$ quantserve\.com
acl store_rewrite_list_domain_CDN url_regex     ^http:\/\/[a-z]+[0-9]\.google\.co(m|\.id)
acl store_rewrite_list_domain_CDN url_regex     ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(rar|zip|flv|wm(a|v)|3gp|mp(4|3)|exe|msi|avi|(mp(e?g|a|e|1|2|3|4))|cab|exe)
acl dontrewrite url_regex redbot\.org \.php
acl getmethod method GET

storeurl_access deny dontrewrite
storeurl_access deny !getmethod
storeurl_access allow store_rewrite_list_domain_CDN
storeurl_access allow store_rewrite_list
storeurl_access allow store_rewrite_list_domain
storeurl_access allow store_rewrite_list_path
storeurl_access deny all

storeurl_rewrite_program /usr/local/squid/etc/storeurl.pl
storeurl_rewrite_children 7
storeurl_rewrite_concurrency 0

# 1 year = 525600 mins, 1 month = 43800 mins
refresh_pattern imeem.*\.flv  0 0% 0     override-lastmod override-expire store-stale
refresh_pattern \.rapidshare.*\/[0-9]*\/.*\/[^\/]*   161280    90%    161280 ignore-reload  store-stale

refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?)    129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern (get_video\?|videoplayback\?id|videoplayback.*id|videodownload\?|\.flv?)    129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
#refresh_pattern -i (get_video\?|videoplayback\?id|videoplayback.*id||videodownload\?|\.flv?)       129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern \.(ico|video-stats) 129600 999999% 129600    override-expire ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth override-lastmod ignore-must-revalidate negative-ttl=10080 store-stale
refresh_pattern \.etology\?                       129600 999999% 129600    override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern galleries\.video(\?|sz)               129600 999999% 129600    override-expire ignore-reload ignore-no-cache store-stale  
refresh_pattern brazzers\?                       129600 999999% 129600    override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern \.adtology\?                      129600 999999% 129600    override-expire ignore-reload ignore-no-cache store-stale  
refresh_pattern ^.*(utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 129600 20% 129600 ignore-no-cache ignore-no-store ignore-private override-expire ignore-reload ignore-auth ignore-must-revalidate store-stale negative-ttl=40320 max-stale=10
refresh_pattern ^.*safebrowsing.*google  129600 999999% 129600 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth ignore-must-revalidate negative-ttl=10080 store-stale
refresh_pattern ^http://((cbk|mt|khm|mlt)[0-9]?)\.google\.co(m|\.uk) 129600 999999% 129600 override-expire ignore-reload   ignore-private store-stale negative-ttl=10080
refresh_pattern ytimg\.com.*\.jpg                   129600 999999% 129600    override-expire ignore-reload   store-stale  
refresh_pattern images\.friendster\.com.*\.(png|gif)           129600 999999% 129600    override-expire ignore-reload   store-stale
refresh_pattern garena\.com                                   129600 999999% 129600     override-expire reload-into-ims store-stale  
refresh_pattern photobucket.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png)  129600 999999% 129600     override-expire ignore-reload   store-stale
refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\?           129600 999999% 129600 ignore-no-cache override-expire override-lastmod store-stale
refresh_pattern mediafire.com\/images.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png)    129600 999999% 129600 reload-into-ims override-expire ignore-private    store-stale
refresh_pattern ^http:\/\/images|pics|thumbs[0-9]\.      129600 999999% 129600 reload-into-ims ignore-no-cache ignore-no-store ignore-reload override-expire store-stale
refresh_pattern ^http:\/\/www.onemanga.com.*\/           129600 999999% 129600 reload-into-ims ignore-no-cache ignore-no-store ignore-reload override-expire store-stale

# ANTI VIRUS
refresh_pattern guru.avg.com/.*\.(bin)                      43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale
refresh_pattern (avgate|avira).*(idx|gz)$                           43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale
refresh_pattern kaspersky.*\.avc$                                   43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale
refresh_pattern kaspersky                                           43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale
refresh_pattern update.nai.com/.*\.(gem|zip|mcs)                    43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale
refresh_pattern ^http:\/\/liveupdate.symantecliveupdate.com.*\(zip)     43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale

refresh_pattern windowsupdate.com/.*\.(cab|exe)             43200  999999%  129600 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale
refresh_pattern update.microsoft.com/.*\.(cab|exe)             43200  999999%  129600 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale
refresh_pattern download.microsoft.com/.*\.(cab|exe)             43200  999999%  129600 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale

#images facebook
refresh_pattern ((facebook.com)|(85.131.151.39)).*\.(jpg|png|gif)      129600 999999% 129600 ignore-reload  override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|mp3)                  129600 999999% 129600 ignore-reload  override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern  static\.ak\.fbcdn\.net*\.(jpg|gif|png)                  129600 999999% 129600 ignore-reload  override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png)      129600 999999% 129600 ignore-reload  override-expire ignore-no-cache ignore-no-store store-stale

#banner IIX
refresh_pattern ^http:\/\/openx.*\.(jp(e?g|e|2)|gif|pn[pg]|swf|ico|css|tiff?) 129600 99999% 129600 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  store-stale
refresh_pattern ^http:\/\/ads(1|2|3).kompas.com.*\/           43200 99999% 129600 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  store-stale
refresh_pattern ^http:\/\/img.ads.kompas.com.*\/           43200 99999% 129600 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  store-stale
refresh_pattern .kompasimages.com.*\.(jpg|gif|png|swf)       43200 99999% 129600 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  store-stale
refresh_pattern ^http:\/\/openx.kompas.com.*\/           43200 99999% 129600 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  store-stale
refresh_pattern kaskus.\us.*\.(jp(e?g|e|2)|gif|png|swf)        43200 99999% 129600 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  store-stale
refresh_pattern ^http:\/\/img.kaskus.us.*\.(jpg|gif|png|swf)       43200 99999% 129600 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  store-stale

#IIX DOWNLOAD
refresh_pattern ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(mp3|rar|zip|flv|wmv|3gp|mp(4|3)|exe|msi|zip) 43200 99999% 129600 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  store-stale ignore-auth

#All File
refresh_pattern -i \.(3gp|7z|ace|asx|avi|bin|cab|dat|deb|divx|dvr-ms)      129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v))          129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|css|js)     129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rar|rm|r(a|p)m|snd|vob|wav) 129600 999999% 129600 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(pp(s|t)|wax|wm(a|v)|wmx|wpl|zip|cb(r|z|t))     129600 999999% 43200 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims store-stale

refresh_pattern (cgi-bin|\?)       0      0%      0
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern ^ftp:         10080     95%     43200 override-lastmod reload-into-ims store-stale
refresh_pattern         .     180     95% 43200 override-lastmod reload-into-ims store-stale

global_internal_static off
max_stale 10 years
retry_on_error on
buffered_logs on
read_ahead_gap 32 KB

header_access Accept-Encoding deny  all
client_persistent_connections off
server_persistent_connections on
half_closed_clients off
strip_query_terms off
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 100
vary_ignore_expire on
reload_into_ims on
pipeline_prefetch on
#range_offset_limit 50 KB
read_timeout 30 minutes
client_lifetime 6 hours
negative_ttl 30 seconds
positive_dns_ttl 6 hours
negative_dns_ttl 60 seconds
pconn_timeout 15 seconds
request_timeout 1 minute
store_avg_object_size 13 KB
log_icp_queries off
ipcache_size 16384
ipcache_low 98
ipcache_high 99
log_fqdn off
fqdncache_size 16384
memory_pools off
forwarded_for on

zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136

#cachemgr_passwd none info
cachemgr_passwd none all
client_db on
max_filedescriptors 4096
n_aiops_threads 24
#client_socksize  16 MB
load_check_stopen on
load_check_stcreate on
download_fastest_client_speed on
– Buat direktori untuk nampung cache di /cache1,
– kemudian ubah permission nya untuk squid
– kemudian ubah permission file tunning.conf dan storeurl.pl agar bisa di exekusi
Code:
[root@lusca-proxy etc]# mkdir /cache1
[root@lusca-proxy etc]# chown squid:squid /cache1
[root@lusca-proxy etc]# chmod 777 tunning.conf storeurl.pl
Building cache dir squid
Code:
[root@lusca-proxy etc]# /usr/local/squid/sbin/squid -z


edit localnet pada squid.conf. sesuaikan network client kita :
potongan squid.conf
Code:
[root@lusca-proxy etc]# nano -c squid.conf
.......................
####################################################################
# Allow local network(s) on interface(s)
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
#acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 7.7.9.0/24 # RFC1918 possible internal network
####################################################################
Cek apakah ada config error di squid dan apabila tidak ada error Jalankan squid sebagai daemon
Code:
[root@lusca-proxy etc]# /usr/local/squid/sbin/squid -k parse
[root@lusca-proxy etc]# /usr/local/squid/sbin/squid -NDd1 &


Testing. Silahkan arahkan browser menggunakan proxy ke server LUSCA dengan port 3128
Code:
[root@lusca-proxy etc]# tail -f  /cache1/access.log


catatan :
buat ngecek idup apa ngga di nmap saja liat port nya kebuka atau ngga
jika ketemu error Filedescriptors blabla, edit di file
Code:
[root@lusca-proxy ~]# nano -c  /usr/local/squid/etc/storeurl.pl


pada bagian paling atas
Code:
#!/usr/bin/perl5.8.8               <===== edit menjadi "#!/usr/bin/perl" tanpa tanda kutip
# by chudy_fernandez@yahoo.com
# Updates at http://wiki.squid-cache.org/ConfigExamples/DynamicContent/YouTube/D
iscussion
$|=1;
.............................
untuk menjalankan lusca setiap abis restart secara otomatis ketik perintah ini di console
Code:
[root@lusca-proxy ~]# echo "/usr/local/squid/sbin/squid -NDd1 &" >> /etc/rc.local
Source: 
topi merah  
./Devilz 1st Cadet

sumber : http://novsal.blogspot.com/2011/06/tutorial-bikin-lusca-proxy-di-centos-55.html

Arjo Mangil
Tutorial Bikin LUSCA proxy di CentOS 5.5 Konfigurasi dan Tunning - written by Arjo Mangil , published at 20.32, categorized as ClearOs
Comment disabled

Site Stats

Copyright ©2013 Arjo Mangil by
Designed by Damzaky - Powered by Blogger