Archive for July, 2009

$ vim /etc/squid/squid.conf

http_port 192.168.0.1:8080
icp_port 3130
tcp_outgoing_address 0.0.0.0
udp_incoming_address 0.0.0.0
udp_outgoing_address 0.0.0.0
cache_peer proxy.eepis-its.edu parent 3128 3130 login=share@student.eepis-its.edu:share

cache_mem 32 MB
cache_dir ufs /cache 1000 16 256

# log (bagian ini berisikan tentang lokasi file log yang akan digunakan squid).
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log

cache_store_log /var/log/squid/store.log
client_netmask 255.255.255.0
unlinkd_program /usr/lib/squid/unlinkd

#refresh pattern
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern . 0 20% 4320

# acl definisi (bagian ini berisikan batasan-batasan yang akan dilakukan oleh server squid).
# Dan bagian ini adalah inti dari penerapan kebijakan yang ada di proxy server

acl all src 0.0.0.0/0.0.0.0

acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255

#Website block
acl domainterlarang dstdomain “/etc/squid/domain-terlarang.txt”
acl kataterlarang url_regex –i “/etc/squid/kata-terlarang.txt”

acl ipterlarang dst “/etc/squid/ip-terlarang.txt”
#untuk pengecualian terhadap web yang bisa diakses
acl nonterlarang url_regex –i “/etc/squid/non-terlarang.txt”
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535

acl Safe_ports port 280 # http-mgmt 
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl jaringana src 192.168.0.20/255.255.255.0

acl jaringanb src 192.168.0.61/255.255.255.0
acl jaringanc src 192.168.0.101/255.255.255.0
#hak akses waktu
Acl hari time M T W H F 

Acl hari_jam time M T W H F 08.00-13.00
Acl sabtuminggu time A S

# rule (bagian ini berisikan keterangan untuk membiarkan atau menolak bagian acl yang telah dibuat).
http_access allow manager
http_access allow localhost

http access allow boleh
http_access allow jaringana hari
http_access allow jaringanb hari_jam
http_access deny jaringanc sabtuminggu
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny domainterlarang 

http_access deny kataterlarang 
http_access deny ipterlarang
http_access allow nonterlarang
http_access deny all

#http_reply_access
http_reply_access allow all

# icp access
icp_access allow all

# display message
cache_mgr anwar.zainuddin@gmail.com
cache_effective_user squid
cache_effective_group squid
visible_hostname proxy.qotrun-nada.edu

# bandwidth pada Jaringan A
Acl user256 src 192.168.0.20/255.255.255.0
Acl all src 0.0.0.0/0.0.0.0
Delay_pools 1
Delay_class 1 3

Delay_access 1 allow user256
Delay_access 1 deny all
Delay_parameters 1 64000/64000 -1/-1 32000/64000

#Bandwidth pada Jaringan B
Acl user128 src 192.168.0.61/255.255.255.0

Acl all src 0.0.0.0/0.0.0.0
Delay_pools 2
Delay_class 2 3
Delay_access 2 allow user128
Delay_access 2 deny all
Delay_parameters 2 64000/64000 -1/-1 16000/64000

#Bandwidth pada Jaringan C

Acl user512 src 192.168.0.101/255.255.255.0
Acl all src 0.0.0.0/0.0.0.0
Delay_pools 3
Delay_class 3 3
Delay_access 3 allow user512

Delay_access 3 deny all
Delay_parameters 3 64000/64000

#baris untuk authentikasi
auth_param basic program /usr/lib/squid/ncsa_auth usr/lib/squid/ncsa/login.auth
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server

auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
acl ncsa_users proxy_auth REQUIRED

#opsi ini diletakkan sebelum http_access deny all
http_access allow ncsa_users
#untuk memenuhi opsi-opsi tersebut buatlah direktori “$ mkdir /usr/lib/squid/ncsa”

#lalu buat username dan password “$ htpasswd -c /usr/lib/squid/ncsa/login.auth admin” masukkan password untuk admin
#untuk menambahkan user baru htpasswd “$ /usr/lib/squid/ncsa/login.auth anwar” masukkan password untuk user anwar

#setelah itu lakukan $ squid –k reconfigure

(khusus buat domain terlarang, kata terlarang, Ip terlarang, pengecualian) Simpan hasil konfigurasi, lalu buat 4 buah file yang bernama domain-terlarang.txt, kata-terlarang.txt, ip-terlarang.txt dan non-terlarang.txt di directori /etc/squid

$ cd /etc/squid
$ touch domain-terlarang.txt
$ touch kata-terlarang.txt
$ touch ip-terlarang.txt
$ touch non-terlarang.txt

Selanjutnya masukkan domain, kata-kata dan ip pada masing-masing file:
$ vim /etc/squid/domain-terlarang.txt

17tahun.com
www.playboy.com
www.nude.com
www.sex.com
www.porn.com

www.hardcore.com
_ dan seterusnya, yang menurut Anda adalah domain situs porno.

$ vim /etc/squid/kata-terlarang.txt
sex
lesbian
lolita
homo
xxx
hot
17tahun

porn
_ dan seterusnya, yang menurut Anda adalah kata-kata yang menunjuk ke situs porno.

$ vim /etc/squid/ip-terlarang.txt
70.84.171.179
216.163.137.3
64.74.96.243
209.81.7.23
213.193.215.179
216.130.180.165

_ dan seterusnya, yang menurut Anda adalah ip-ip yang menunjuk ke situs porno.

$ vim /etc/squid/non-terlarang.txt
.*.msexchange.* 
.*.msexcel.* 
.*freetown.* 
.*geek-girls.* 
.*scsext.* 
missingheart 

documen
_ dan seterusnya, yang menurut Anda adalah ip, kata-kata, dan situs yang tidak termasuk ke dalam criteria terlarang / pornografi.

mod_rewrite for joomla 1.5 using lighttpd

pico /etc/lighttpd/conf-enabled/10-rewrite.conf

url.rewrite-once = (“/component/content,(.*)/$”=>
“/index.php?content=$1”)

if you are using http://xxx.com/joomla

use this

url.rewrite-once = (“joomla/component/content,(.*)/$”=>
“/joomla/index.php?content=$1”)

and done forget to enable mod_rewrite in lighttpd.conf

and change error 404 to this

server.error-handler-404 = "/index.php"

and running lighttpd on 127.0.0.1

SQUID REVERSE PROXY

aptitude install squid

than change squid.conf to be like this

——————————-cut here ——————————

http_port xxx.xxx.xxx.xxx:80 vhost vport defaultsite=DOMAIN
cache_peer 127.0.0.1 parent 80 0 no-query originserver
icp_port 0
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 32 MB
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 # https
acl Safe_ports port 80 # http
acl Safe_ports port 443 # https
acl Safe_ports port 1025-65535 # unregistered ports

################# administrator in joomla ###############
acl QUERY urlpath_regex /administrator/ /84/$
cache deny QUERY

acl purge method PURGE
acl CONNECT method CONNECT
cache_dir ufs /var/spool/squid 200 16 256
emulate_httpd_log on
redirect_rewrites_host_header off
acl all src 0.0.0.0/0.0.0.0
http_access allow all
cache_mgr admin@YOURDOMAIN
cache_effective_user proxy
cache_effective_group proxy
#cache_peer_access allow all
log_icp_queries off
cachemgr_passwd YOURPASSWORD all
buffered_logs on
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
maximum_object_size_in_memory 1 MB
logformat combined %>a %ui %un [%tl] “%rm %ru HTTP/%rv” %Hs %<st “%{Referer}>h” “%{User-Agent}>h” %Ss:%Sh
#emulate_apache_log on
collapsed_forwarding on
vary_ignore_expire on
maximum_object_size 4194304 bytes
minimum_object_size 0 bytes
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
################# extra ####################
refresh_pattern . 0 20% 15 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.xml$ 10080 150% 40320 reload-into-ims
refresh_pattern -i \.js$ 10080 150% 40320 reload-into-ims
refresh_pattern -i \.css$ 10080 150% 40320 reload-into-ims
refresh_pattern -i \.jpg$ 10080 150% 40320 reload-into-ims
refresh_pattern -i \.png$ 10080 150% 40320 reload-into-ims
refresh_pattern -i \.gif$ 10080 300% 40320 reload-into-ims
refresh_pattern -i \.txt$ 1440 100% 20160 reload-into-ims override-lastmod
negative_ttl 1 minutes
positive_dns_ttl 15 hours
negative_dns_ttl 1 minutes
half_closed_clients off
access_log /var/log/squid/access.log squid
forwarded_for on
reload_into_ims on
#refresh_stale_hit 300 seconds
ie_refresh on
#follow_x_forwarded_for allow all
visible_hostname YOURHOSTNAME
——————————-cut here ——————————