Feed on Posts or Comments 09 July 2008

Category ArchiveProxy (Squid)



Proxy (Squid) IWaN RySTiONo on 10 Apr 2008

Pemecahan kasus squid yang refusing

Sodara M. Gunawan memberikan listing configurasi squid kepada kami. Masalahnya adalah proxy sering refusing. Ini adalah aslinya:

# WELCOME TO SQUID 2# ——————
http_port 192.168.0.1:3128 transparent

###no cache at cgi………………………..
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
###caching set……………………………
cache_mem 32 MB
maximum_object_size 4096 KB
maximum_object_size_in_memory 16 KB
# log_mime_hdrs on
# ftp_passive on
###timing access…………………………
forward_timeout 3 minutes
connect_timeout 2 minutes
read_timeout 4 minutes
request_timeout 1 minutes
###access_list…………………………..
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopheracl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
###access_control………………………..
acl porn url_regex “/etc/squid/porn”
acl noporn url_regex “/etc/squid/noporn”
http_access deny porn !noporn
acl our_MASTER src 192.168.0.1
http_access allow our_MASTER
http_access allow our_MASTER localhost
######################all_client…………..
acl user1 src 192.168.0.2
acl user2 src 192.168.0.3
acl user3 src 192.168.0.4
acl user4 src 192.168.0.5
acl user5 src 192.168.0.6
acl user6 src 192.168.0.7
acl user7 src 192.168.0.8
acl user8 src 192.168.0.9
acl user9 src 192.168.0.10
acl user10 src 192.168.0.11
acl user11 src 192.168.0.12
acl user12 src 192.168.0.13
acl user13 src 192.168.0.14
acl user14 src 192.168.0.15
acl user15 src 192.168.0.16
acl ubuntu src 192.168.0.18
######################allow user
http_access allow user1
http_access allow user2
http_access allow user3
http_access allow user4
http_access allow user5
http_access allow user6
http_access allow user7
http_access allow user8
http_access allow user9
http_access allow user10
http_access allow user11
http_access allow user12
http_access allow user13
http_access allow user14
http_access allow user15
http_access allow ubuntu
#######################
http_access deny all
logfile_rotate 5

visible_hostname WAWAN_KWOK@ndeso

Nah, ternyata masalahnya adalah pada masalah peletakan acl yang tidak beraturan.

Mungkin bisa disederhanakan menjadi begini:

# WELCOME TO SQUID 2 #
http_port 192.168.0.1:3128 transparent

###no cache at cgi………………………..
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

###caching set #######
cache_mem 32 MB
maximum_object_size 4096 KB
maximum_object_size_in_memory 16 KB
# log_mime_hdrs on
# ftp_passive on

###timing access #####
forward_timeout 3 minutes
connect_timeout 2 minutes
read_timeout 4 minutes
request_timeout 1 minutes

### access_list ########
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 280
acl Safe_ports port 488 591 777 1025-65535
acl CONNECT method CONNECT
acl POST method POST
acl porn url_regex “/etc/squid/porn”
acl noporn url_regex “/etc/squid/noporn”
acl our_MASTER src 192.168.0.1
acl user src 192.168.0.2-192.168.0.15/255.255.255.0
acl ubuntu src 192.168.0.18/32

#### policy ####
http_access deny !noporn porn
http_access allow our_MASTER localhost user ubuntu
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all

always_direct allow POST
always_direct deny all

logfile_rotate 5
visible_hostname WAWAN_KWOK@ndeso

Jika hasilnya masih tetep sama, maka bergantung pada file porn dan noporn. Silahkan di tweak disitu. Terutama bagian penulisan keyword yang di restrict.

Comments (2)

Proxy (Squid) IWaN RySTiONo on 25 Sep 2007

Mudahnya transparent proxy dengan squid 2.6

Sebenarnya agak telat nulis ini. Squid 2.6 udah lama release, tapi aku masih pake yang 2.5. Dasar emang admin pemalas. Update aja males. :D

Aku baru terasa bingung waktu setting di kediri. Kok konfigurasi squid ku nggak bekerja? sampai pusing ni kepala. Akhirnya, dengan tekad yang bulat bertanya kepada mbah Google. Kemudian mbah google menganjurkan aku untuk mengunjungi Mbah Wiki Deckle. Disitu baru tau, ternyata bedanya agak jauh.

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

Bagian yang ini. Dihapus secara keseluruhan, gantinya di http_port dikasi option transparent.

http_port 3128 transparent

Ternyata gini doank. :D

Gitu aja sampe pusing tujuh keliling. Coba kalo dari awal tanya mbah Google, pasti nggak akan pusing kan?

Comments (2)