Selamat Datang Orang Gila !!! .:: Welcome Lunatic ::.

Instalasi Squid Proxy Server High Anonymous

PERHATIAN:
1. Jangan pernah mencoba ini jika anda tidak tau apa yang anda lakukan.
2. Jangan pula mencoba ini jika anda tidak tau apa itu FeeBSD .
3. siapkan rokok + kopi secukup nya jika anda perokok berat , karena proses ini akan memakan waktu.
4. Tulisan ini di dedikasikan untuk kemajuan freebsd di indonesia.
5. Dipersilahkan mengcopy atau memeperbanyak tulisan ini tanpa seijin saya demi kemajuan freebsd di Indonesia.

pra syarat :

kompile kernel anda dengan option berikut :

options SYSVMSG
options MSGMNB=16384
options MSGMNI=41
options MSGSEG=2049
options MSGSSZ=64
options MSGTQL=512
options SYSVSHM
options SHMSEG=16
options SHMMNI=128
options SHMMAX=1073741824
options SHMALL=16384

pico squidsetup

-----paste--------

./configure --bindir=/usr/local/bin
--sbindir=/usr/local/sbin
--sysconfdir=/usr/local/etc/squid
--datadir=/usr/local/etc/squid
--libexecdir=/usr/local/libexec/squid
--localstatedir=/var/log/squid
--enable-removal-policies="lru heap"
--enable-auth="basic ntlm digest"
--enable-basic-auth-helpers="NCSA PAM MSNT SMB winbind"
--enable-digest-auth-helpers="password"
--enable-external-acl-helpers="ip_user unix_group wbinfo_group winbind_group"
--enable-ntlm-auth-helpers="SMB winbind"
--enable-async-io --with-pthreads --with-aio
--enable-storeio="ufs diskd null aufs coss"
--enable-delay-pools --enable-snmp --enable-icmp
--enable-htcp --enable-cache-digests --disable-wccp
--enable-underscores --enable-useragent-log
--enable-http-violations --enable-arp-acl --enable-pf-transparent --enable-ipf-transparent
--enable-follow-x-forwarded-for --with-large-files --enable-large-cache-files
--enable-default-err-language=English
------paste---------
root@proxy:~/squid-2.5.STABLE12# chmod +x squidsetup
root@proxy:~/squid-2.5.STABLE12# ./squidsetup

5. install squid dengan mengetikan perintah make

root@proxy:~/squid-2.5.STABLE12# make
lalu

root@proxy:~/squid-2.5.STABLE12# make install

6. Sebelum membuat file konfigurasi Buat directory log dan direktory lain nya yang di perlukan untuk cache file di sesuaikan dengan file konfigurasi yang akan anda buat.

create direktory ini hanya bisa di lakukan jika direktori / anda besar , sebaik nya direktory cache merupakan

direktory yang terpisah atau pun partsisi serta hardisk yang terpisah dari system

root@proxy:/usr/local/etc/squid/# mkdir –p /cache1 /cache2 /cache3


root@proxy:/usr/local/etc/squid# mkdir –p /cache1/squid1 /cache1/squid2 /cache1/squid3 /cache1/squid4 /cache1/squid5


root@proxy:/usr/local/etc/squid# mkdir –p /cache2/squid1 /cache2/squid2 /cache2/squid3 /cache2/squid4 /cache2/squid5


root@proxy:/usr/local/etc/squid# mkdir –p /cache3/squid1 /cache3/squid2 /cache3/squid3 /cache3/squid4 /cache3/squid5

root@proxy:/usr/local/etc/squid# mkdir -p /var/log/squid

7. Rubah kepemilikan directory

root@proxy:/usr/local/etc/squid# chown –R nobody:nobody /var/log/squid


root@proxy:/usr/local/etc/squid# chown -R nobody:nobody /cache1

root@proxy:/usr/local/etc/squid# chown -R nobody:nobody /cache2

root@proxy:/usr/local/etc/squid# chown -R nobody:nobody /cache3
8. Buat atau edit file Konfigurasi Squid
pindah ke directory file konfigurasi squid


root@proxy:~/squid-2.5.STABLE12# cd /usr/local/etc/squid
rubah nama file konfigurasi squid


root@proxy:/usr/local/etc/squid# mv squid.conf squid.conf.lama

buat configurasi squid

root@proxy:/usr/local/etc/squid# pico squid.conf

isi File squid.conf

# ======================================================================$
# S Q U I D P R O X Y KONFIGURASI OGEB V 1.1
# By : ogeb
# Tested on Squid STABLE ver.2.5.12
# Last update : Jan , 5 2004
# ======================================================================$
# ======================================================================$
# NETWORK OPTIONS
#=======================================================================$
http_port 9000
icp_port 3130
snmp_port 3401
========================================================================$
# OPTIONS WHICH AFFECT THE NEIGHBOUR SELECTION ALGORITHM
# ======================================================================$
dead_peer_timeout 30 seconds
mcast_icp_query_timeout 10
log_icp_queries on
connect_timeout 2 minutes
peer_connect_timeout 30 seconds
request_timeout 30 seconds
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin ?
no_cache deny QUERY
# ======================================================================$
# OPTIONS WHICH AFFECT THE CACHE SIZE
#=======================================================================$
cache_mem 128 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
maximum_object_size_in_memory 8 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF
#==========================================================$
# LOGFILE PATHNAMES AND CACHE DIRECTORIES
#====================================================================$
cache_dir diskd /cache1/squid1 512 16 64 Q1=64 Q2=72
cache_dir diskd /cache1/squid2 512 16 64 Q1=64 Q2=72
cache_dir diskd /cache1/squid3 512 16 64 Q1=64 Q2=72
cache_dir diskd /cache1/squid4 512 16 64 Q1=64 Q2=72
cache_dir diskd /cache1/squid5 512 16 64 Q1=64 Q2=72
cache_dir diskd /cache2/squid1 512 16 64 Q1=64 Q2=72
cache_dir diskd /cache2/squid2 512 16 64 Q1=64 Q2=72
cache_dir diskd /cache2/squid3 512 16 64 Q1=64 Q2=72
cache_dir diskd /cache2/squid4 512 16 64 Q1=64 Q2=72
cache_dir diskd /cache2/squid5 512 16 64 Q1=64 Q2=72
cache_dir diskd /cache3/squid1 512 16 64 Q1=64 Q2=72
cache_dir diskd /cache3/squid2 512 16 64 Q1=64 Q2=72
cache_dir diskd /cache3/squid3 512 16 64 Q1=64 Q2=72
cache_dir diskd /cache3/squid4 512 16 64 Q1=64 Q2=72
cache_dir diskd /cache3/squid5 512 16 64 Q1=64 Q2=72
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /dev/null
mime_table /usr/local/etc/squid/mime.conf
#===================================================================$
# HTTPD-ACCELERATOR OPTIONS
#===================================================================$
log_ip_on_direct on
httpd_accel_host virtual
httpd_accel_port 80 81 21 443 563 808 70 210
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
dns_nameservers 192.168.1.5
#====================================================================$
# MISCELLANEOUS
#=====================================================================$
logfile_rotate 7
digest_generation on
digest_bits_per_entry 10
digest_rebuild_period 30 minute
digest_rewrite_period 30 minute
digest_swapout_chunk_size 6000 bytes
client_persistent_connections on
server_persistent_connections on
pipeline_prefetch on
store_dir_select_algorithm round-robin
nonhierarchical_direct off
prefer_direct off
#=====================================================================$
# ADMINISTRATIVE PARAMETERS
#=====================================================================$
cache_mgr ogb@indofreebsd.or.idAlamat e-mail ini dilindungi dari spambot, anda harus memampukan JavaScript untuk melihatnya
cache_effective_user nobody
cache_effective_group nobody
visible_hostname proxy.indofreebsd.or.id
# ======================================================================$
# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
#=======================================================================$
unlinkd_program /usr/local/libexec/squid/unlinkd
pinger_program /usr/local/libexec/squid/pinger
# ======================================================================$
# ACCESS CONTROLS
#=======================================================================$
acl all src 0/0
acl localmachine src 192.168.1.1/32
acl publicip src 64.158.219.3/24
acl ogeb src 192.168.1.2/32
acl localhost src 127.0.0.0/8
#########################################################
# ACL Different access #
#########################################################
acl SSL_ports port 443 563
acl Safe_ports port 80 21 280 448 591 777 443 563 808 70 210 4190-65535
acl CONNECT method CONNECT
acl purgemethod method purge
acl snmp snmp_community snmpcomunity
acl manager proto cache_object
acl avi urlpath_regex -i .avi$
acl mpeg urlpath_regex -i .m1v$ .mpeg$ .mpg$
acl mpeg_2 urlpath_regex -i .m2v$ .vob$
acl mpeg_audio urlpath_regex -i .mpa$ .mp2$ .mp3$ .aac$
acl dat urlpath_regex -i .dat$ .bin$
acl real urlpath_regex -i .ram$ .ra$ .rm$ .rnx$
acl asf urlpath_regex -i .asf$ .wma$ .asx$ .wmv$
acl vivo urlpath_regex -i .viv$ .vivo$
no_cache deny avi
no_cache deny mpeg
no_cache deny mpeg_2
no_cache deny mpeg_audio
no_cache deny dat
no_cache deny real
no_cache deny asf
no_cache deny vivo
#Acl B L O C K I N G B A D W E B S I T E
# -----------------------------------------------------------------------------------------------$
acl porn dstdom_regex "/usr/local/etc/squid/porn.txt"
#------------------------------------------------------------------------------------------------$
# Access Denied
# -----------------------------------------------------------------------------------------------$
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny porn
# Internet Access# ----------------------------------------------------
http_access allow manager !localhost
http_access allow purgemethod localhost
http_access allow ogeb
http_access allow publicip
http_access allow localmachine
##########htttp access user#################
# SNMP - MRTG Setting
# -----------------------------------------------------------------------------------------------$
snmp_access allow snmp localhost
snmp_access deny all
##################### Anonymous ###############################
header_access From deny all
header_access Referer deny all
header_access Server deny all
header_access User-Agent deny all
header_access Link deny all
header_replace User-Agent ogeb browser , Version 1.1.0
header_access Accept-Encoding deny all
header_access X-Forwarded-For deny all
header_access Via deny all
httpd_accel_single_host off
############################################################################
lalu save squid.conf tersebut dengan menkan ctrl+x lalu tekan y


9. membuat file porn.txt untuk memblok akses site site berbahaya berisi virus dan warm script
isinya adalah website website yan anda tidak kehendaki bisa di akses oleh user.


root@proxy:/usr/local/etc/squid# pico porn.txt
######### isi file porn.txt #####################
worldsex.com
radiolaunch
sanggrahan
worldsex
zirvelist
ad.doubleclick.net
sex
seks
bond
gator
hotguy
nude
porn
17tahun
lalu save file tersebut dengan menekan tombol ctrl+x
11. Memasukan start squid ke rc.local agar squid berjalan secara otomatis ketika server booting
pico /etc/rc.d/rc.local


lalu ketikan /usr/local/sbin/squid –DFY
save file rc.local
12. menjalankan squid pertama kali
buat swap squid dengan mengetikan


/usr/local/sbin/squid –z
13. menjalankan squid


/usr/local/sbin/squid –DFY
14 selamat anda telah berhasil menginstall squid

Menurut anda tentang blog ini?