Proxy (Squid) IWaN RySTiONo on 10 Apr 2008 03:18 pm
Pemecahan kasus squid yang refusing
Sodara M. Gunawan memberikan listing configurasi squid kepada kami. Masalahnya adalah proxy sering refusing. Ini adalah aslinya:
# WELCOME TO SQUID 2# ——————
http_port 192.168.0.1:3128 transparent###no cache at cgi………………………..
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
###caching set……………………………
cache_mem 32 MB
maximum_object_size 4096 KB
maximum_object_size_in_memory 16 KB
# log_mime_hdrs on
# ftp_passive on
###timing access…………………………
forward_timeout 3 minutes
connect_timeout 2 minutes
read_timeout 4 minutes
request_timeout 1 minutes
###access_list…………………………..
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopheracl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
###access_control………………………..
acl porn url_regex “/etc/squid/porn”
acl noporn url_regex “/etc/squid/noporn”
http_access deny porn !noporn
acl our_MASTER src 192.168.0.1
http_access allow our_MASTER
http_access allow our_MASTER localhost
######################all_client…………..
acl user1 src 192.168.0.2
acl user2 src 192.168.0.3
acl user3 src 192.168.0.4
acl user4 src 192.168.0.5
acl user5 src 192.168.0.6
acl user6 src 192.168.0.7
acl user7 src 192.168.0.8
acl user8 src 192.168.0.9
acl user9 src 192.168.0.10
acl user10 src 192.168.0.11
acl user11 src 192.168.0.12
acl user12 src 192.168.0.13
acl user13 src 192.168.0.14
acl user14 src 192.168.0.15
acl user15 src 192.168.0.16
acl ubuntu src 192.168.0.18
######################allow user
http_access allow user1
http_access allow user2
http_access allow user3
http_access allow user4
http_access allow user5
http_access allow user6
http_access allow user7
http_access allow user8
http_access allow user9
http_access allow user10
http_access allow user11
http_access allow user12
http_access allow user13
http_access allow user14
http_access allow user15
http_access allow ubuntu
#######################
http_access deny all
logfile_rotate 5visible_hostname WAWAN_KWOK@ndeso
Nah, ternyata masalahnya adalah pada masalah peletakan acl yang tidak beraturan.
Mungkin bisa disederhanakan menjadi begini:
# WELCOME TO SQUID 2 #
http_port 192.168.0.1:3128 transparent###no cache at cgi………………………..
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY###caching set #######
cache_mem 32 MB
maximum_object_size 4096 KB
maximum_object_size_in_memory 16 KB
# log_mime_hdrs on
# ftp_passive on###timing access #####
forward_timeout 3 minutes
connect_timeout 2 minutes
read_timeout 4 minutes
request_timeout 1 minutes### access_list ########
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 280
acl Safe_ports port 488 591 777 1025-65535
acl CONNECT method CONNECT
acl POST method POST
acl porn url_regex “/etc/squid/porn”
acl noporn url_regex “/etc/squid/noporn”
acl our_MASTER src 192.168.0.1
acl user src 192.168.0.2-192.168.0.15/255.255.255.0
acl ubuntu src 192.168.0.18/32#### policy ####
http_access deny !noporn porn
http_access allow our_MASTER localhost user ubuntu
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny allalways_direct allow POST
always_direct deny alllogfile_rotate 5
visible_hostname WAWAN_KWOK@ndeso
Jika hasilnya masih tetep sama, maka bergantung pada file porn dan noporn. Silahkan di tweak disitu. Terutama bagian penulisan keyword yang di restrict.