Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
00:00
00:00
00:00
00:02
00:00
00:00
00:00
00:01
Dependencies Resolved
=============================================================================
===
Package
Arch
Version
Repository
Size
=============================================================================
===
Installing:
squid
i386
7:2.6.STABLE21-6.el5
base
1.3
M
Installing for dependencies:
perl-URI
noarch
1.35-3
base
116
k
Transaction Summary
=============================================================================
===
Install
2 Package(s)
Upgrade
0 Package(s)
Total download size: 1.4 M
Is this ok [y/N]: y
Setelah itu kita install paket yang di butuhkan untuk kompilasi LUSCA yaitu :
- automake
- gcc
- glibc-devel
- e2fsprogs-devel
- sharutils
Code:
[root@lusca-proxy ~]# yum install automake gcc glibc-devel e2fsprogs-devel
sharutils
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package automake.noarch 0:1.9.6-2.3.el5 set to be updated
--> Processing Dependency: autoconf >= 2.58 for package: automake
k
cpp
i386
M
glibc-headers
i386
k
imake
i386
k
kernel-headers
i386
M
libgomp
i386
k
Updating for dependencies:
e2fsprogs
i386
k
e2fsprogs-libs
i386
k
glibc
i686
M
glibc-common
i386
M
nscd
i386
k
4.1.2-48.el5
base
2.6
2.5-49.el5_5.7
updates
602
1.0.2-3
base
319
2.6.18-194.26.1.el5
updates
1.1
4.4.0-6.el5
base
1.39-23.el5_5.1
updates
977
1.39-23.el5_5.1
updates
118
2.5-49.el5_5.7
updates
5.3
2.5-49.el5_5.7
updates
16
2.5-49.el5_5.7
updates
166
70
Transaction Summary
=============================================================================
===
Install
11 Package(s)
Upgrade
5 Package(s)
Total download size: 37 M
Is this ok [y/N]:y
Duduk tenang selesai install paket-paket di atas kemudian download LUSCA nya dari google
Code:
[root@lusca-proxy ~]#wget http://lusca-cache.googlecode.com/files/LUSCA_HEADr14809.tar.gz
Pindah ke dalam direktori lusca, naikkan filedescriptors, dan kemudian configure menggunakan
opsi-opsi di bawah ini
Code:
[root@lusca-proxy ~]# cd LUSCA_HEAD-r14809
[root@lusca-proxy ~]# ulimit -n 8192
[root@lusca-proxy LUSCA_HEAD-r14809]# ./configure --prefix=/usr/local/squid -exec-prefix=/usr/local/squid --enable-delay-pools --enable-cache-digests -enable-poll --enable-linux-netfilter --enable-removal-policies --withmaxfd=8192 --enable-storeio=aufs --disable-wccp --enable-x-accelerator-vary -enable-kill-parent-hack --enable-async-io=30 --disable-ident-lookups
semua file instalasi terletak di /usr/local/squid/ jadi kita tidak akan repot-repot mencari-cari file
squid
Kemudian install
Code:
[root@lusca-proxy LUSCA_HEAD-r14809]# make all && make install
cache_swap_low 98
cache_swap_high 99
# No redirector configured
# Setup some default acls
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 81 3128 102565535
acl sslports port 443 563 81
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
#acl dynamic urlpath_regex cgi-bin \?
http_access
http_access
http_access
http_access
http_access
http_access
$z = $2; $z =~ s/video_id=/get_video?video_id=/;
print $x . "http://video-srv.youtube.com.SQUIDINTERNAL/" . $z . "\n";
# youtube HD itag=22
} elsif (m/^http:\/\/([09.]{4}|.*\.youtube\.com|.*\.googlevideo\.com|.*\.video\.google\.com).*?\&(ita
g=22).*?\&(id=[a-zA-Z0-9]*)/) {
print $x . "http://video-srv.youtube.com.SQUIDINTERNAL/" . $2 . "&" . $3
. "\n";
# youtube Normal screen always HD itag 35, Normal screen never HD
itag 34, itag=18 <--normal?
} elsif (m/^http:\/\/([09.]{4}|.*\.youtube\.com|.*\.googlevideo\.com|.*\.video\.google\.com).*?\&(ita
g=[0-9]*).*?\&(id=[a-zA-Z0-9]*)/) {
print $x . "http://video-srv.youtube.com.SQUIDINTERNAL/" . $3 . "\n";
} elsif (m/^http:\/\/www\.google-analytics\.com\/__utm\.gif\?.*/) {
print $x . "http://www.google-analytics.com/__utm.gif\n";
#Cache High Latency Ads
} elsif (m/^http:\/\/([a-z09.]*)(\.doubleclick\.net|\.quantserve\.com|\.googlesyndication\.com)(.*)/) {
$y = $3;$z = $2;
for ($y) {
s/pixel;.*/pixel/;
s/activity;.*/activity/;
s/(imgad[^&]*).*/\1/;
s/;ord=[?0-9]*//;
s/;×tamp=[0-9]*//;
s/[&?]correlator=[0-9]*//;
s/&cookie=[^&]*//;
s/&ga_hid=[^&]*//;
s/&u_his=[^&]*//;
s/&dt=[^&]*//;
s/&lmt=[^&]*//;
s/(&alternate_ad_url=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/;
s/(&url=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/;
s/(&ref=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/;
s/(&cookie=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/;
s/[;&?]ord=[?0-9]*//;
s/[;&]mpvid=[^&;]*//;
}
print $x . "http://" . $1 . $2 . $y . "\n";
#cache high latency ads
} elsif (m/^http:\/\/(.*?)\/(ads)\?(.*?)/) {
print $x . "http://" . $1 . "/" . $2 . "\n";
# spicific servers starts here....
} elsif (m/^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*?)/) {
print $x . "http://" . $1 . "\n";
#
# indowebster added by fahmi[at]airputih.or.id
#} elsif (($u =~ /indowebster/) && (m/^http:\/\/www[0-9][09]\.indowebster.com.*\/(.*?)/)) {
. $y[1] . "\n";
"\n";
(m/^http:\/\/(.*?)\/(.*?)\.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|on2)\?(.*)/
) {
print $x . "http://" . $1 . "/" . $2 . "." . $3 . "\n";
# all that ends with ;
} elsif (m/^http:\/\/(.*?)\/(.*?)\;(.*)/) {
print $x . "http://" . $1 . "/" . $2 . "\n";
} else {
print $x . $_ . "\n";
}
}
deny dontrewrite
deny !getmethod
allow store_rewrite_list_domain_CDN
allow store_rewrite_list
allow store_rewrite_list_domain
allow store_rewrite_list_path
deny all
storeurl_rewrite_program /usr/local/squid/etc/storeurl.pl
storeurl_rewrite_children 7
storeurl_rewrite_concurrency 0
# 1 year = 525600 mins, 1 month = 43800 mins
refresh_pattern imeem.*\.flv 0 0% 0
override-lastmod override-expire
store-stale
refresh_pattern \.rapidshare.*\/[0-9]*\/.*\/[^\/]*
161280
90%
161280
ignore-reload store-stale
refresh_pattern
(get_video\?|videoplayback\?|videodownload\?|\.flv?)
129600 999999% 129600
ignore-no-cache ignore-no-store ignore-private override-expire overridelastmod reload-into-ims store-stale
refresh_pattern
(get_video\?|videoplayback\?id|videoplayback.*id|videodownload\?|\.flv?)
1
29600 999999% 129600 ignore-no-cache ignore-no-store ignore-private overrideexpire override-lastmod reload-into-ims store-stale
#refresh_pattern -i
(get_video\?|videoplayback\?id|videoplayback.*id||videodownload\?|\.flv?)
129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private
override-expire override-lastmod reload-into-ims store-stale
refresh_pattern \.(ico|video-stats) 129600 999999% 129600
override-expire
ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth
override-lastmod ignore-must-revalidate negative-ttl=10080 store-stale
refresh_pattern \.etology\?
129600 999999%
129600
override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern galleries\.video(\?|sz)
129600 999999%
129600
override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern brazzers\?
129600 999999%
129600
override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern \.adtology\?
129600 999999%
129600
override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern
^.*(utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbri
te\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedi
a\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|gameadvertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserv
ing\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 129600 20%
129600 ignore-no-cache ignore-no-store ignore-private override-expire ignorereload ignore-auth ignore-must-revalidate store-stale negative-ttl=40320 maxstale=10
refresh_pattern ^.*safebrowsing.*google 129600 999999% 129600 overrideexpire ignore-reload ignore-no-cache ignore-private ignore-auth ignore-mustrevalidate negative-ttl=10080 store-stale
refresh_pattern ^http://((cbk|mt|khm|mlt)[0-9]?)\.google\.co(m|\.uk) 129600
999999% 129600 override-expire ignore-reload
ignore-private store-stale
negative-ttl=10080
refresh_pattern ytimg\.com.*\.jpg
129600 999999%
129600
override-expire ignore-reload
store-stale
refresh_pattern images\.friendster\.com.*\.(png|gif)
129600 999999%
129600
override-expire ignore-reload
store-stale
refresh_pattern garena\.com
129600 999999%
129600
override-expire reload-into-ims store-stale
refresh_pattern photobucket.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 129600
999999% 129600
override-expire ignore-reload
store-stale
refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\?
129600 999999%
129600 ignore-no-cache override-expire override-lastmod store-stale
refresh_pattern
mediafire.com\/images.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png)
129600 999999%
129600 reload-into-ims override-expire ignore-private
store-stale
refresh_pattern ^http:\/\/images|pics|thumbs[0-9]\.
129600 999999%
129600 reload-into-ims ignore-no-cache ignore-no-store ignore-reload
override-expire store-stale
refresh_pattern ^http:\/\/www.onemanga.com.*\/
129600 999999%
129600 reload-into-ims ignore-no-cache ignore-no-store ignore-reload
override-expire store-stale
# ANTI VIRUS
refresh_pattern guru.avg.com/.*\.(bin)
43200 999999%
43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims storestale
refresh_pattern (avgate|avira).*(idx|gz)$
43200
999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims
store-stale
refresh_pattern kaspersky.*\.avc$
43200
999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims
store-stale
refresh_pattern kaspersky
43200
999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims
store-stale
refresh_pattern update.nai.com/.*\.(gem|zip|mcs)
43200
999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims
store-stale
refresh_pattern ^http:\/\/liveupdate.symantecliveupdate.com.*\(zip)
43200
999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims
store-stale
refresh_pattern windowsupdate.com/.*\.(cab|exe)
43200 999999% 129600 ignore-no-cache ignore-no-store ignorereload reload-into-ims store-stale
refresh_pattern update.microsoft.com/.*\.(cab|exe)
43200 999999% 129600 ignore-no-cache ignore-no-store ignorereload reload-into-ims store-stale
refresh_pattern download.microsoft.com/.*\.(cab|exe)
43200 999999% 129600 ignore-no-cache ignore-no-store ignorereload reload-into-ims store-stale
#images facebook
refresh_pattern ((facebook.com)|(85.131.151.39)).*\.(jpg|png|gif)
129600
999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store
store-stale
refresh_pattern -i
\.fbcdn.net.*\.(jpg|gif|png|swf|mp3)
129600 999999% 129600
ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern static\.ak\.fbcdn\.net*\.(jpg|gif|png)
1296
00 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-nostore store-stale
refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png)
129600
999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store
store-stale
#banner IIX
refresh_pattern ^http:\/\/openx.*\.(jp(e?g|e|2)|gif|pn[pg]|swf|ico|css|tiff?)
129600 99999% 129600 reload-into-ims ignore-reload override-expire ignoreno-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/ads(1|2|3).kompas.com.*\/
43200 99999%
129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignoreno-store store-stale
refresh_pattern ^http:\/\/img.ads.kompas.com.*\/
43200 99999%
129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignoreno-store store-stale
refresh_pattern .kompasimages.com.*\.(jpg|gif|png|swf)
43200 99999%
(cgi-bin|\?)
0
0%
0
^gopher:
1440
0%
1440
^ftp:
10080
95%
43200 override-lastmod
store-stale
.
180
95% 43200 override-lastmod reload-into-
global_internal_static off
max_stale 10 years
retry_on_error on
buffered_logs on
read_ahead_gap 32 KB
header_access Accept-Encoding deny
client_persistent_connections off
server_persistent_connections on
half_closed_clients off
strip_query_terms off
quick_abort_min 0 KB
quick_abort_max 0 KB
all
quick_abort_pct 100
vary_ignore_expire on
reload_into_ims on
pipeline_prefetch on
#range_offset_limit 50 KB
read_timeout 30 minutes
client_lifetime 6 hours
negative_ttl 30 seconds
positive_dns_ttl 6 hours
negative_dns_ttl 60 seconds
pconn_timeout 15 seconds
request_timeout 1 minute
store_avg_object_size 13 KB
log_icp_queries off
ipcache_size 16384
ipcache_low 98
ipcache_high 99
log_fqdn off
fqdncache_size 16384
memory_pools off
forwarded_for on
zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136
#cachemgr_passwd none info
cachemgr_passwd none all
client_db on
max_filedescriptors 4096
n_aiops_threads 24
#client_socksize 16 MB
load_check_stopen on
load_check_stcreate on
download_fastest_client_speed on
####################################################################
# Allow local network(s) on interface(s)
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#acl localnet src 10.0.0.0/8
# RFC1918 possible internal network
#acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 7.7.9.0/24 # RFC1918 possible internal network
####################################################################
Cek apakah ada config error di squid dan apabila tidak ada error Jalankan squid sebagai daemon
Code:
[root@lusca-proxy etc]# /usr/local/squid/sbin/squid -k parse
[root@lusca-proxy etc]# /usr/local/squid/sbin/squid -NDd1 &
Testing. Silahkan arahkan browser menggunakan proxy ke server LUSCA dengan port 3128
Code:
[root@lusca-proxy etc]# tail -f
/cache1/access.log
catatan :
buat ngecek idup apa ngga di nmap saja liat port nya kebuka atau ngga
jika ketemu error Filedescriptors blabla, edit di file
Code:
[root@lusca-proxy ~]# nano -c
/usr/local/squid/etc/storeurl.pl
untuk menjalankan lusca setiap abis restart secara otomatis ketik perintah ini di console
Code:
[root@lusca-proxy ~]# echo "/usr/local/squid/sbin/squid -NDd1 &" >>
/etc/rc.local
Sumber : http://devilzc0de.org/forum/thread-7222.html