Ada banyak tutorial mengenai proxy, baik setingan proxy maupun program-program untuk membuat server menjadi proxy server.
Salah satu program yang sedang populer saat ini adalah SQUID.
Ok, langsung saja, spec komputer yang di pakai:
Intel(R) Core(TM)2 CPU 6420 @ 2.13GHz
memory 2GB
Harddisk 160GB
OS CentOS
Adapun konfigurasi pada squid:
http_port 3128 transparent
# icp_port 3130
acl youtube dstdomain -i .youtube.com .gif?
acl streaming url_regex -i get_video\?video_id videodownload\? /get_video?video_id
cache allow youtube
cache allow streaming
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
#.g .js .jsp .cgi
cache deny QUERY
#acl apache rep_header Server ^Apache
#broken_vary_encoding allow apache
cache_mem 6 MB
redirect_rewrites_host_header off
cache_swap_low 90
cache_swap_high 95
maximum_object_size 100 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 32 KB
request_header_max_size 32 KB
max_open_disk_fds 0
ipcache_size 1024
ipcache_low 90
ipcache_high 95
cache_replacement_policy heap LFUDA
memory_replacement_policy heap LRU
cache_dir ufs /cache0/cache0 15000 16 256
cache_dir ufs /cache0/cache1 15000 16 256
cache_dir ufs /cache0/cache2 15000 16 256
cache_dir ufs /cache0/cache3 15000 16 256
cache_dir ufs /cache1/cache0 15000 16 256
cache_dir ufs /cache1/cache1 15000 16 256
cache_dir ufs /cache1/cache2 15000 16 256
cache_dir ufs /cache1/cache3 15000 16 256
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log none
mime_table /etc/squid/mime.conf
check_hostnames off
negative_ttl 5 minutes
#tambahan
refresh_pattern -i \update? 10080 90% 30240 override-expire
refresh_pattern -i \.gz$ 10080 90% 30240 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.txt$ 10080 90% 30240 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.text$ 10080 90% 30240 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.xls$ 10080 90% 30240 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.doc$ 20160 90% 30240 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.deb$ 10080 90% 30240 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.rpm$ 10080 90% 30240 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.wmp$ 10080 90% 30240 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.dat$ 10080 90% 30240 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.msi$ 10080 90% 30240 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.cab$ 10080 90% 30240 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.mov$ 10080 90% 30240 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.bzip2$ 10080 90% 30240 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.tar.gz$ 10080 90% 30240 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.zip$ 10080 90% 30240 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.exe$ 20160 90% 30240 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.avi$ 20160 90% 30240 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.asf$ 20160 90% 30240 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.qtm$ 20160 90% 30240 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.mid$ 20160 90% 30240 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.wav$ 20160 90% 30240 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.viv$ 10080 90% 30240 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.mpg$ 20160 90% 30240 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.gif$ 20160 90% 30240 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.jpg$ 20160 90% 30240 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.jpeg$ 20160 90% 30240 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.rar$ 20160 90% 30240 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.swf$ 20160 90% 30240 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.mpeg$ 20160 90% 30240 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.pdf$ 20160 90% 30240 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.bmp$ 20160 90% 30240 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.ad$ 20160 90% 30240 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.3gp$ 20160 90% 30240 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.gzip$ 20160 90% 30240 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.wmv$ 20160 90% 30240 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.flv$ 10080 90% 999999 ignore-no-cache override-expire ignore-private
refresh_pattern ^http://(.*?)/get_video\? 10080 90% 999999 override-expire ignore-no-cache ignore-private
refresh_pattern ^http://(.*?)/videodownload\? 10080 90% 999999 override-expire ignore-no-cache ignore-private
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern \? 0 0% 0
refresh_pattern . 0 20% 4320
#—–end———
half_closed_clients off
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl VIRUS urlpath_regex winnt/system32/cmd.exe?
acl nastyfile dstdom_regex -i WIN[.*]BUG[.*]EXE
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl purge method PURGE
acl CONNECT method CONNECT
acl post method POST
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
acl lokal src 192.168.100.0/24 192.168.1.0/24
http_access allow lokal
http_access allow localhost
http_access allow purge localhost
http_access deny purge
http_access deny VIRUS
http_access deny nastyfile
http_access deny all
http_reply_access allow all
icp_access allow all
icp_access deny post
cache_mgr admin@robby.anticode.net
cache_effective_user squid
cache_effective_group squid
visible_hostname gateway.anticode.net
#limiter delay pool
#
acl download url_regex -i .iso \.iso$ \.rm$ \.mpg$ \.mpeg$ \.avi$ \.dat$ \.bmp$ \.mp3 \.exe$ ftp
acl download url_regex -i \.ac3$ \.cda$ \.vro$ \.deb$ \.3gp$ \.rmvb$ \.flv$ \.swf$ \.bin$
acl download url_regex -i \.midi$ \.rmi$ \.wma$ \.wmv$ \.ogg$ \.ogm$ \.m1v$ \.mp2$ \.mpa$ \.wax$
acl download url_regex -i \.m3u$ \.asx$ \.wpl$ \.wmx$ \.dvr-ms$ \.snd$ \.au$ \.aif$ \.asf$ \.m2v$
acl download url_regex -i \.m2p$ \.ts$ \.tp$ \.trp$ \.div$ \.divx$ \.mod$ \.vob$ \.aob$ \.dts$
acl download url_regex -i \.mp3$ \.mp4$ \.tar.gz$ \.gz$ \.tar.bz2$ \.rpm$ \.zip$ \.rar$
acl download url_regex -i \.vqf$ .tar.gz .gz .zip .rar .rpm .mpe .qt .ram .rm .iso .raw .wav .mov .dmg5
#delay_pools 1
#delay_class 1 1
#delay_parameters 1 4000/64000
#delay_access 1 allow download
#delay_access 1 deny all
delay_pools 2
delay_class 1 3
delay_parameters 1 -1/-1 -1/-1 15000/48000
delay_access 1 allow download
delay_access 1 deny ALL
delay_class 2 3
delay_parameters 2 -1/-1 -1/-1 16000/200000
delay_access 2 allow lokal streaming
delay_access 2 deny ALL
#——–eof————
# HTTPD-ACCELERATOR OPTIONS
# —————————————————————————–
# TAG: httpd_accel_no_pmtu_disc on|off
# In many setups of transparently intercepting proxies Path-MTU
# discovery can not work on traffic towards the clients. This is
# the case when the intercepting device does not fully track
# connections and fails to forward ICMP must fragment messages
# to the cache server.
#
# If you have such setup and experience that certain clients
# sporadically hang or never complete requests set this to on.
#
#Default:
#httpd_accel_no_pmtu_disc on
dns_testnames -D netscape.com internic.net nlanr.net microsoft.com
quick_abort_min -1 KB
#quick_abort_max 0
#quick_abort_pct 98
#accelerator mode
refresh_stale_hit 10 seconds
memory_pools off
memory_pools_limit 5 MB
#sibling di off
icp_hit_stale on
minimum_direct_hops 4
buffered_logs off
reload_into_ims on
error_directory /usr/share/squid/errors/English
retry_on_error on
nonhierarchical_direct on
#parent di off
prefer_direct on
coredump_dir /var/spool/squid
pipeline_prefetch on
vary_ignore_expire on
store_dir_select_algorithm round-robin
ie_refresh on
client_persistent_connections on
peer_connect_timeout 60 seconds
pconn_timeout 180 seconds
max_filedesc 4096
balance_on_multiple_ip on
#———————-end——————-
I’m so glad I found this site…Keep up the good work
Great site…keep up the good work.
Cool site, love the info. I do a lot of research online on a daily basis and for the most part, people lack substance but, I just wanted to make a quick comment to say I’m glad I found your blog. Thanks,
A definite great read…
-Bill-Bartmann
thank you for your comment bill…:)
I’m so glad I found this site…Keep up the good work I read a lot of blogs on a daily basis and for the most part, people lack substance but, I just wanted to make a quick comment to say GREAT blog. Thanks,
A definite great read…:)
-Bill-Bartmann
Most of the times i visit a blog I notice that most blogs are amateurish. Regarding your blog,I could honestly say that you writting is decent and your website solid.
thank you, but i’m newbie. still much to learn