wEb'nya Wonk edan

January 7, 2009

Konfigurasi Proxy Server (squid) Linux Debian

Filed under: Komputer,Tugas — dimas rama @ 2:49 pm

1). Install Proxy Server :

# beckz@debian:~$ apt-get install squid

2). Edit file konfigurasi Proxy Server :

# beckz@debian:~$ pico /etc/squid/squid.conf

# WELCOME TO SQUID 2.6.STABLE5

# —————————-

#

# This is the default Squid configuration file. You may wish

# to look at the Squid home page (http://www.squid-cache.org/)

# for the FAQ and other documentation.

#

# The default Squid config file shows what the defaults for

# various options happen to be. If you don’t need to change the

# default, you shouldn’t uncomment the line. Doing so may cause

# run-time problems. In some cases “none” refers to no default

# setting at all, while in other cases it refers to a valid

# option – the comments for that keyword indicate if this is the

# case.

#

# NETWORK OPTIONS

# —————————————————————————–

# TAG: http_port

# Usage: port [options]

# hostname:port [options]

# 1.2.3.4:port [options]

#

# The socket addresses where Squid will listen for HTTP client

# requests. You may specify multiple socket addresses.

# There are three forms: port alone, hostname with port, and

# IP address with port. If you specify a hostname or IP

# address, Squid binds the socket to that specific

# address. This replaces the old ‘tcp_incoming_address’

# option. Most likely, you do not need to bind to a specific

# address, so you can use the port number alone.

#

# The default port number is 3128.

#

# If you are running Squid in accelerator mode, you

# probably want to listen on port 80 also, or instead.

#

# The -a command line option will override the *first* port

# number listed here. That option will NOT override an IP

# address, however.

#

# You may specify multiple socket addresses on multiple lines.

# options are:

# transparent Support for transparent proxies

# vhost Accelerator using Host directive

# vport Accelerator with IP virtual host support

# vport= As above, but uses specified port number

# rather than the http_port number.

# defaultsite= Main web site name for accelerators.

# urlgroup= Default urlgroup to mark requests

# with (see also acl urlgroup and

# url_rewrite_program)

# protocol= Protocol to reconstruct accelerated

# requests with. Defaults to http.

# no-connection-auth

# Prevent forwarding of Microsoft

# connection oriented authentication

# (NTLM, Negotiate and Kerberos)

# tproxy Support Linux TPROXY for spoofing

# outgoing connections using the client

# If you run Squid on a dual-homed machine with an internal

# and an external interface we recommend you to specify the

# internal address:port in http_port. This way Squid will only be

# visible on the internal address.

#

# Squid normally listens to port 3128

http_port 3128 transparent “(Untuk menyetting transparent proxy)”

#Recommended minimum configuration:

acl all src 0.0.0.0/0.0.0.0

acl beckz src 192.168.13.0/255.255.255.0 “(Jaringan komputer server)”

acl becks dstdomain http://www.google.com “(Situs yang di blokir)”

acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255

acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443 # https

acl SSL_ports port 563 # snews

acl SSL_ports port 873 # rsync

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 # https

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl Safe_ports port 631 # cups

acl Safe_ports port 873 # rsync

acl Safe_ports port 901 # SWAT

acl purge method PURGE

acl CONNECT method CONNECT

# Example rule allowing access from your local networks. Adapt

# to list your (internal) IP networks from where browsing should

# be allowed

#acl our_networks src 192.168.1.0/24 192.168.2.0/24

#http_access allow our_networks

http_access allow localhost

http_access allow beckz

http_access deny becks

# TAG: cache_mgr

# Email-address of local cache manager who will receive

# mail if the cache dies. The default is “webmaster”.

#

#Default:

cache_mgr beckz.net

# TAG: visible_hostname

# If you want to present a special hostname in error messages, etc,

# define this. Otherwise, the return value of gethostname()

# will be used. If you have multiple caches in a cluster and

# get errors about IP-forwarding you must set them to have individual

# names with this setting.

#

#Default:

visible_hostname beckz.net “(Hostname yang terlihat)”

# TAG: always_direct

# Usage: always_direct allow|deny [!]aclname …

#

# Here you can use ACL elements to specify requests which should

# ALWAYS be forwarded by Squid to the origin servers without using

# any peers. For example, to always directly forward requests for

# local servers ignoring any parents or siblings you may have use

# something like:

# NOTE: If your goal is to make the client forward the request

# directly to the origin server bypassing Squid then this needs

# to be done in the client configuration. Squid configuration

# can only tell Squid how Squid should fetch the object.

#

# NOTE: This directive is not related to caching. The replies

# is cached as usual even if you use always_direct. To not cache

# the replies see no_cache.

#

# This option replaces some v1.1 options such as local_domain

# and local_ip.

#

#Default:

always_direct allow all

3). Ketikkan perintah di bawah ini :

#beckz@debian:~$ iptables -A PREROUTING -t nat -p -m tcp -s 192.168.13.0/24 -d 0/0 \–dport 80 -j REDIRECT –to-port 3128

4). Jalankan Proxy Server :

beckz@debian:~$ /etc/init.d/squid restart

About these ads

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: