Saturday, March 19, 2011

Instalasi Squid Proxy Server High Anonymous


pre conditions:

compile your kernel with the following options:

SYSVMSG options
MSGMNB = 16 384 options
options MSGMNI = 41
MSGSEG options = 2049
options MSGSSZ = 64
options MSGTQL = 512
SYSVSHM options
options SHMSEG = 16
options SHMMNI = 128
options SHMMAX = 1073741824
SHMALL = 16 384 options

pico squidsetup
-----paste--------

./configure --bindir=/usr/local/bin
--sbindir=/usr/local/sbin
--sysconfdir=/usr/local/etc/squid
--datadir=/usr/local/etc/squid
--libexecdir=/usr/local/libexec/squid
--localstatedir=/var/log/squid
--enable-removal-policies="lru heap"
--enable-auth="basic ntlm digest"
--enable-basic-auth-helpers="NCSA PAM MSNT SMB winbind"
--enable-digest-auth-helpers="password"
--enable-external-acl-helpers="ip_user unix_group wbinfo_group winbind_group"
--enable-ntlm-auth-helpers="SMB winbind"
--enable-async-io --with-pthreads --with-aio
--enable-storeio="ufs diskd null aufs coss"
--enable-delay-pools --enable-snmp --enable-icmp
--enable-htcp --enable-cache-digests --disable-wccp
--enable-underscores --enable-useragent-log
--enable-http-violations --enable-arp-acl --enable-pf-transparent --enable-ipf-transparent
--enable-follow-x-forwarded-for --with-large-files --enable-large-cache-files
--enable-default-err-language=English
------paste---------

root@proxy:~/squid-2.5.STABLE12# chmod +x squidsetup
root@proxy:~/squid-2.5.STABLE12# ./squidsetup
5. install squid by typing the make command

root @ proxy: ~ / squid-2.5.STABLE12 # make
then

root @ proxy: ~ / squid-2.5.STABLE12 # make install

6. Before creating the configuration file Create the log directory and another directory it is in the need to adjust the cache files in the configuration file that you create.

create this directory can only be done if the directory / you are great, its as good as the cache directory is

separate directory or any partsisi and the hard drive separate from the system

root @ proxy: / usr / local / etc / squid / # mkdir-p / cache1 / cache2 / cache3


root @ proxy: / usr / local / etc / squid # mkdir-p / cache1/squid1 / cache1/squid2 / cache1/squid3 / cache1/squid4 / cache1/squid5


root @ proxy: / usr / local / etc / squid # mkdir-p / cache2/squid1 / cache2/squid2 / cache2/squid3 / cache2/squid4 / cache2/squid5


root @ proxy: / usr / local / etc / squid # mkdir-p / cache3/squid1 / cache3/squid2 / cache3/squid3 / cache3/squid4 / cache3/squid5

root @ proxy: / usr / local / etc / squid # mkdir-p / var / log / squid

7. Change the ownership of directory

root @ proxy: / usr / local / etc / squid # chown-R nobody: nobody / var / log / squid


root @ proxy: / usr / local / etc / squid # chown-R nobody: nobody / cache1

root @ proxy: / usr / local / etc / squid # chown-R nobody: nobody / cache2

root @ proxy: / usr / local / etc / squid # chown-R nobody: nobody / cache3
8. Create or edit the Squid configuration files
move to the squid configuration file directory


root @ proxy: ~ / squid-2.5.STABLE12 # cd / usr / local / etc / squid
fox Squid configuration file name


root @ proxy: / usr / local / etc / squid # mv squid.conf squid.conf.lama

configuration for squid

root @ proxy: / usr / local / etc / squid # pico squid.conf

squid.conf file contents
# ======================================================================$
# S Q U I D P R O X Y KONFIGURASI OGEB V 1.1
# By : ogeb
# Tested on Squid STABLE ver.2.5.12
# Last update : Jan , 5 2004
# ======================================================================$
# ======================================================================$
# NETWORK OPTIONS
#=======================================================================$
http_port 9000
icp_port 3130
snmp_port 3401
========================================================================$
# OPTIONS WHICH AFFECT THE NEIGHBOUR SELECTION ALGORITHM
# ======================================================================$
dead_peer_timeout 30 seconds
mcast_icp_query_timeout 10
log_icp_queries on
connect_timeout 2 minutes
peer_connect_timeout 30 seconds
request_timeout 30 seconds
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin ?
no_cache deny QUERY
# ======================================================================$
# OPTIONS WHICH AFFECT THE CACHE SIZE
#=======================================================================$
cache_mem 128 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
maximum_object_size_in_memory 8 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF
#==========================================================$
# LOGFILE PATHNAMES AND CACHE DIRECTORIES
#====================================================================$
cache_dir diskd /cache1/squid1 512 16 64 Q1=64 Q2=72
cache_dir diskd /cache1/squid2 512 16 64 Q1=64 Q2=72
cache_dir diskd /cache1/squid3 512 16 64 Q1=64 Q2=72
cache_dir diskd /cache1/squid4 512 16 64 Q1=64 Q2=72
cache_dir diskd /cache1/squid5 512 16 64 Q1=64 Q2=72
cache_dir diskd /cache2/squid1 512 16 64 Q1=64 Q2=72
cache_dir diskd /cache2/squid2 512 16 64 Q1=64 Q2=72
cache_dir diskd /cache2/squid3 512 16 64 Q1=64 Q2=72
cache_dir diskd /cache2/squid4 512 16 64 Q1=64 Q2=72
cache_dir diskd /cache2/squid5 512 16 64 Q1=64 Q2=72
cache_dir diskd /cache3/squid1 512 16 64 Q1=64 Q2=72
cache_dir diskd /cache3/squid2 512 16 64 Q1=64 Q2=72
cache_dir diskd /cache3/squid3 512 16 64 Q1=64 Q2=72
cache_dir diskd /cache3/squid4 512 16 64 Q1=64 Q2=72
cache_dir diskd /cache3/squid5 512 16 64 Q1=64 Q2=72
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /dev/null
mime_table /usr/local/etc/squid/mime.conf
#===================================================================$
# HTTPD-ACCELERATOR OPTIONS
#===================================================================$
log_ip_on_direct on
httpd_accel_host virtual
httpd_accel_port 80 81 21 443 563 808 70 210
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
dns_nameservers 192.168.1.5
#====================================================================$
# MISCELLANEOUS
#=====================================================================$
logfile_rotate 7
digest_generation on
digest_bits_per_entry 10
digest_rebuild_period 30 minute
digest_rewrite_period 30 minute
digest_swapout_chunk_size 6000 bytes
client_persistent_connections on
server_persistent_connections on
pipeline_prefetch on
store_dir_select_algorithm round-robin
nonhierarchical_direct off
prefer_direct off
#=====================================================================$
# ADMINISTRATIVE PARAMETERS
#=====================================================================$
cache_mgr ogb@indofreebsd.or.id
cache_effective_user nobody
cache_effective_group nobody
visible_hostname proxy.indofreebsd.or.id
# ======================================================================$
# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
#=======================================================================$
unlinkd_program /usr/local/libexec/squid/unlinkd
pinger_program /usr/local/libexec/squid/pinger
# ======================================================================$
# ACCESS CONTROLS
#=======================================================================$
acl all src 0/0
acl localmachine src 192.168.1.1/32
acl publicip src 64.158.219.3/24
acl ogeb src 192.168.1.2/32
acl localhost src 127.0.0.0/8
#########################################################
# ACL Different access #
#########################################################
acl SSL_ports port 443 563
acl Safe_ports port 80 21 280 448 591 777 443 563 808 70 210 4190-65535
acl CONNECT method CONNECT
acl purgemethod method purge
acl snmp snmp_community snmpcomunity
acl manager proto cache_object
acl avi urlpath_regex -i .avi$
acl mpeg urlpath_regex -i .m1v$ .mpeg$ .mpg$
acl mpeg_2 urlpath_regex -i .m2v$ .vob$
acl mpeg_audio urlpath_regex -i .mpa$ .mp2$ .mp3$ .aac$
acl dat urlpath_regex -i .dat$ .bin$
acl real urlpath_regex -i .ram$ .ra$ .rm$ .rnx$
acl asf urlpath_regex -i .asf$ .wma$ .asx$ .wmv$
acl vivo urlpath_regex -i .viv$ .vivo$
no_cache deny avi
no_cache deny mpeg
no_cache deny mpeg_2
no_cache deny mpeg_audio
no_cache deny dat
no_cache deny real
no_cache deny asf
no_cache deny vivo
#Acl B L O C K I N G B A D W E B S I T E
# -----------------------------------------------------------------------------------------------$
acl porn dstdom_regex "/usr/local/etc/squid/porn.txt"
#------------------------------------------------------------------------------------------------$
# Access Denied
# -----------------------------------------------------------------------------------------------$
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny porn
# Internet Access# ----------------------------------------------------
http_access allow manager !localhost
http_access allow purgemethod localhost
http_access allow ogeb
http_access allow publicip
http_access allow localmachine
##########htttp access user#################
# SNMP - MRTG Setting
# -----------------------------------------------------------------------------------------------$
snmp_access allow snmp localhost
snmp_access deny all
##################### Anonymous ###############################
header_access From deny all
header_access Referer deny all
header_access Server deny all
header_access User-Agent deny all
header_access Link deny all
header_replace User-Agent ogeb browser , Version 1.1.0
header_access Accept-Encoding deny all
header_access X-Forwarded-For deny all
header_access Via deny all
httpd_accel_single_host off
################################################################
then save it with squid.conf menkan ctrl + x then press y


9. make file to block access site porn.txt site contain viruses and malicious scripts warm
it is a website you do not want yan website can be accessed by the user.


root @ proxy: / usr / local / etc / squid # pico porn.txt
######### ##################### Porn.txt file contents
worldsex.com
radiolaunch
Sanggrahan
worldsex
zirvelist
ad.doubleclick.net
sex
sex
bond
gator
hotguy
nude
porn
17tahun
then save the file by pressing ctrl + x
11. Incorporate into rc.local to start Squid Squid run automatically when the server boots
pico / etc / rc.d / rc.local


then typing / usr / local / sbin / squid-DFY
save the file rc.local
12. run the first squid
swap for squid by typing


/ Usr / local / sbin / squid-z
13. run Squid


/ Usr / local / sbin / squid-DFY
14 congratulations you have successfully installed squid

0 comments: