Skip to content

Proxy server : Squid

August 19, 2007

PROXY SERVER
============

berikut adalah contoh script permisssion-nya yang umum digunakan :

acl satu dstdomain http://www.google.com http://www.yahoo.com http://www.detik.com
# domain bisa di-redirect langsung ke file text yang telah dibuat
acl dua dstdomain “/etc/squid/domain_terlarang.txt”
acl tiga url_regex -i porn nudes sex
# sama mengacu pada keterangan domain
acl empat url_regex -i “/etc/squid/kata_terlarang.txt”
acl lima dst 202.158.46.12 68.12.48.4
# atau bisa digunakan text
acl enam dst “/etc/squid/ip_terlarang.txt”
# blok port
acl tujuh port 80 3128
# contoh blok content gif
acl delapan url_regex http://yahoo.com/*.gif
# perizinan waktu browse,
acl waktu time SMTWHFA 20:00-05:00
# perizinan Sunday dan tHursday dr jam 07:00 s.d 19:00
acl waktu2 time SH 07:00-19:00
acl sex url_regex -i “/etc/squid/situs_sex.txt”
acl nosex url_regex -i “/etc/squid/situs_nosex.txt”

http_access deny satu
http_access deny dua
http_access deny tiga
http_access deny empat
http_access deny lima
http_access deny enam
http_access deny waktu
http_access allow waktu2
http_access allow tujuh
http_access deny sex
http_access allow nosex

notes :
———————————————–
rpm -qa | grep squid
squid-2.6.STABLE1-4mdv2007.0

vi /etc/squid/squid.conf

# letak cache disimpan
cache_dir ufs /var/spool/squid 100 16 256

100 M
16 directories
256 sub-directories
————————————————-
contoh list domain/situs terlarang :
*.xxx.*
*.(erotic|sex|…..).de
http://www.doktercinta.com/sex
*.mp3$
*.avi$
*.mpg$
—————————————————
merubah tampilan error page situs yang terblok :

vi /etc/squid/errors/ERR_ACCESS_DENIED

touch /etc/squid/squid_passwd
chmod otr /etc/squid/squid_passwd
htpasswd /etc/squid/squid_passwd
new password :
retype password :

rpm -ql squid | grep ncsa_auth
contoh :
[root@lp3tnf13 ~]# rpm -ql squid | grep ncsa_auth
/usr/lib/squid/ncsa_auth            # cek letak folder
/usr/share/man/man8/ncsa_auth.8.bz2

vi /etc/squid/squid.conf

cek auth_param di konfigurasi berikut:

#auth_param digest nonce_garbage_interval 5 minutes
#auth_param digest nonce_max_duration 30 minutes
#auth_param digest nonce_max_count 50
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
# >>> artinya autentikasi parameter program dasar yg ada di folder /lib/squid/ncsa_auth ada di folder /etc/squid/squid_passwd
#auth_param basic children 5
#auth_param basic realm Squid proxy-caching web server

setelah itu buat acl-nya

acl ncsa_user proxy_auth REQUIRED
http_access allow ncsa_user

From → Linux

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: