refresh_pattern [-i] regexp min percent max [options]
refresh_pattern -i \.jpg$ 30 50% 4320 reload-into-ims
refresh_pattern -i \.png$ 30 50% 4320 reload-into-ims
refresh_pattern -i \.htm$ 0 20% 1440
refresh_pattern -i \.html$ 0 20% 1440
refresh_pattern -i . 5 25% 2880
override-expire
When set, this option causes Squid to check the min value before checking the Expires header. Thus, a non-zero min time makes Squid return an unvalidated cache hit even if the response is preexpired.
When set, this option causes Squid to check themin value before the LM-factor percentage.
When set, this option makes Squid transform a request with a no-cache directive into a validation (If-Modified-Since) request. In other words, Squid adds an If-Modified-Since header to the request before forwarding it on. Note that this only works for objects that have a Last-Modifiedtimestamp. The outbound request retains the no-cache directive, so that it reaches the origin server.
ignore-reload
When set, this option causes Squid to ignore the no-cache directive, if any, in the request.
Sumber: etutorials.org
inad said:
mulyadi.santosa said:
# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
usage: refresh_pattern [-i] regex min percent max [options]
By default, regular expressions are CASE-SENSITIVE. To make
them case-insensitive, use the -i option.
'Min' is the time (in minutes) an object without an explicit
expiry time should be considered fresh. The recommended
value is 0, any higher values may cause dynamic applications
to be erroneously cached unless the application designer
has taken the appropriate actions.
'Percent' is a percentage of the objects age (time since last
modification age) an object without explicit expiry time
will be considered fresh.
'Max' is an upper limit on how long objects without an explicit
expiry time will be considered fresh.
options: override-expire
override-lastmod
reload-into-ims
ignore-reload
ignore-no-cache
ignore-no-store
ignore-must-revalidate
ignore-private
ignore-auth
refresh-ims
override-expire enforces min age even if the server
sent an explicit expiry time (e.g., with the
Expires: header or Cache-Control: max-age). Doing this
VIOLATES the HTTP standard. Enabling this feature
could make you liable for problems which it causes.
Note: override-expire does not enforce staleness - it only extends
freshness / min. If the server returns a Expires time which
is longer than your max time, Squid will still consider
the object fresh for that period of time.
override-lastmod enforces min age even on objects
that were modified recently.
reload-into-ims changes client no-cache or ``reload''
to If-Modified-Since requests. Doing this VIOLATES the
HTTP standard. Enabling this feature could make you
liable for problems which it causes.
ignore-reload ignores a client no-cache or ``reload''
header. Doing this VIOLATES the HTTP standard. Enabling
this feature could make you liable for problems which
it causes.
ignore-no-cache ignores any ``Pragma: no-cache'' and
``Cache-control: no-cache'' headers received from a server.
The HTTP RFC never allows the use of this (Pragma) header
from a server, only a client, though plenty of servers
send it anyway.
ignore-no-store ignores any ``Cache-control: no-store''
headers received from a server. Doing this VIOLATES
the HTTP standard. Enabling this feature could make you
liable for problems which it causes.
ignore-must-revalidate ignores any ``Cache-Control: must-revalidate``
headers received from a server. Doing this VIOLATES
the HTTP standard. Enabling this feature could make you
liable for problems which it causes.
ignore-private ignores any ``Cache-control: private''
headers received from a server. Doing this VIOLATES
the HTTP standard. Enabling this feature could make you
liable for problems which it causes.
ignore-auth caches responses to requests with authorization,
as if the originserver had sent ``Cache-control: public''
in the response header. Doing this VIOLATES the HTTP standard.
Enabling this feature could make you liable for problems which
it causes.
refresh-ims causes squid to contact the origin server
when a client issues an If-Modified-Since request. This
ensures that the client will receive an updated version
if one is available.
Basically a cached object is:
FRESH if expires < now, else STALE
STALE if age > max
FRESH if lm-factor < percent, else STALE
FRESH if age < min
else STALE
The refresh_pattern lines are checked in the order listed here.
The first entry which matches is used. If none of the entries
match the default will be used.
Note, you must uncomment all the default lines if you want
to change one. The default setting is only active if none is
used.
|
|---|
#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost
# And finally deny all other access to this proxy
http_access deny all
Allowing or Denying access based on defined access lists
Access to the HTTP port:
http_access allow|deny [!]aclname ...
NOTE on default values:
If there are no "access" lines present, the default is to deny
the request.
If none of the "access" lines cause a match, the default is the
opposite of the last line in the list. If the last line was
deny, the default is allow. Conversely, if the last line
is allow, the default will be deny. For these reasons, it is a
good idea to have an "deny all" entry at the end of your access
lists to avoid potential confusion.
This clause supports both fast and slow acl types.
See http://wiki.squid-cache.org/SquidFaq/SquidAcl for details.
Sumber: http://www.squid-cache.org/Versions/v3/3.1/cfgman/http_access.html
| Option Name: | follow_x_forwarded_for |
|---|---|
| Replaces: | |
| Requires: | –enable-follow-x-forwarded-for |
| Default Value: | follow_x_forwarded_for deny all |
| Suggested Config: |
Allowing or Denying the X-Forwarded-For header to be followed to
|
|---|
| Sumber: | http://www.squid-cache.org/Versions/v3/3.1/cfgman/follow_x_forwarded_for.html |
|---|
| Option Name: | acl |
|---|---|
| Replaces: | |
| Requires: | |
| Default Value: | acl all src all |
| Suggested Config: |
# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
Defining an Access List
Every access list definition must begin with an aclname and acltype,
followed by either type-specific arguments or a quoted filename that
they are read from.
acl aclname acltype argument ...
acl aclname acltype "file" ...
When using "file", the file should contain one item per line.
By default, regular expressions are CASE-SENSITIVE.
To make them case-insensitive, use the -i option. To return case-sensitive
use the +i option between patterns, or make a new ACL line without -i.
Some acl types require suspending the current request in order
to access some external data source.
Those which do are marked with the tag [slow], those which
don't are marked as [fast].
See http://wiki.squid-cache.org/SquidFaq/SquidAcl
for further information
***** ACL TYPES AVAILABLE *****
acl aclname src ip-address/netmask ... # clients IP address [fast]
acl aclname src addr1-addr2/netmask ... # range of addresses [fast]
acl aclname dst ip-address/netmask ... # URL host's IP address [slow]
acl aclname myip ip-address/netmask ... # local socket IP address [fast]
acl aclname arp mac-address ... (xx:xx:xx:xx:xx:xx notation)
# The arp ACL requires the special configure option --enable-arp-acl.
# Furthermore, the ARP ACL code is not portable to all operating systems.
# It works on Linux, Solaris, Windows, FreeBSD, and some
# other *BSD variants.
# [fast]
#
# NOTE: Squid can only determine the MAC address for clients that are on
# the same subnet. If the client is on a different subnet,
# then Squid cannot find out its MAC address.
acl aclname srcdomain .foo.com ...
# reverse lookup, from client IP [slow]
acl aclname dstdomain .foo.com ...
# Destination server from URL [fast]
acl aclname srcdom_regex [-i] \.foo\.com ...
# regex matching client name [slow]
acl aclname dstdom_regex [-i] \.foo\.com ...
# regex matching server [fast]
#
# For dstdomain and dstdom_regex a reverse lookup is tried if a IP
# based URL is used and no match is found. The name "none" is used
# if the reverse lookup fails.
acl aclname src_as number ...
acl aclname dst_as number ...
# [fast]
# Except for access control, AS numbers can be used for
# routing of requests to specific caches. Here's an
# example for routing all requests for AS#1241 and only
# those to mycache.mydomain.net:
# acl asexample dst_as 1241
# cache_peer_access mycache.mydomain.net allow asexample
# cache_peer_access mycache_mydomain.net deny all
acl aclname peername myPeer ...
# [fast]
# match against a named cache_peer entry
# set unique name= on cache_peer lines for reliable use.
acl aclname time [day-abbrevs] [h1:m1-h2:m2]
# [fast]
# day-abbrevs:
# S - Sunday
# M - Monday
# T - Tuesday
# W - Wednesday
# H - Thursday
# F - Friday
# A - Saturday
# h1:m1 must be less than h2:m2
acl aclname url_regex [-i] ^http:// ...
# regex matching on whole URL [fast]
acl aclname urlpath_regex [-i] \.gif$ ...
# regex matching on URL path [fast]
acl aclname port 80 70 21 0-1024... # destination TCP port [fast]
# ranges are alloed
acl aclname myport 3128 ... # local socket TCP port [fast]
acl aclname myportname 3128 ... # http(s)_port name [fast]
acl aclname proto HTTP FTP ... # request protocol [fast]
acl aclname method GET POST ... # HTTP request method [fast]
acl aclname http_status 200 301 500- 400-403 ...
# status code in reply [fast]
acl aclname browser [-i] regexp ...
# pattern match on User-Agent header (see also req_header below) [fast]
acl aclname referer_regex [-i] regexp ...
# pattern match on Referer header [fast]
# Referer is highly unreliable, so use with care
acl aclname ident username ...
acl aclname ident_regex [-i] pattern ...
# string match on ident output [slow]
# use REQUIRED to accept any non-null ident.
acl aclname proxy_auth [-i] username ...
acl aclname proxy_auth_regex [-i] pattern ...
# perform http authentication challenge to the client and match against
# supplied credentials [slow]
#
# takes a list of allowed usernames.
# use REQUIRED to accept any valid username.
#
# Will use proxy authentication in forward-proxy scenarios, and plain
# http authenticaiton in reverse-proxy scenarios
#
# NOTE: when a Proxy-Authentication header is sent but it is not
# needed during ACL checking the username is NOT logged
# in access.log.
#
# NOTE: proxy_auth requires a EXTERNAL authentication program
# to check username/password combinations (see
# auth_param directive).
#
# NOTE: proxy_auth can't be used in a transparent/intercepting proxy
# as the browser needs to be configured for using a proxy in order
# to respond to proxy authentication.
acl aclname snmp_community string ...
# A community string to limit access to your SNMP Agent [fast]
# Example:
#
# acl snmppublic snmp_community public
acl aclname maxconn number
# This will be matched when the client's IP address has
# more than TCP connections established. [fast]
# NOTE: This only measures direct TCP links so X-Forwarded-For
# indirect clients are not counted.
acl aclname max_user_ip [-s] number
# This will be matched when the user attempts to log in from more
# than different ip addresses. The authenticate_ip_ttl
# parameter controls the timeout on the ip entries. [fast]
# If -s is specified the limit is strict, denying browsing
# from any further IP addresses until the ttl has expired. Without
# -s Squid will just annoy the user by "randomly" denying requests.
# (the counter is reset each time the limit is reached and a
# request is denied)
# NOTE: in acceleration mode or where there is mesh of child proxies,
# clients may appear to come from multiple addresses if they are
# going through proxy farms, so a limit of 1 may cause user problems.
acl aclname req_mime_type [-i] mime-type ...
# regex match against the mime type of the request generated
# by the client. Can be used to detect file upload or some
# types HTTP tunneling requests [fast]
# NOTE: This does NOT match the reply. You cannot use this
# to match the returned file type.
acl aclname req_header header-name [-i] any\.regex\.here
# regex match against any of the known request headers. May be
# thought of as a superset of "browser", "referer" and "mime-type"
# ACL [fast]
acl aclname rep_mime_type [-i] mime-type ...
# regex match against the mime type of the reply received by
# squid. Can be used to detect file download or some
# types HTTP tunneling requests. [fast]
# NOTE: This has no effect in http_access rules. It only has
# effect in rules that affect the reply data stream such as
# http_reply_access.
acl aclname rep_header header-name [-i] any\.regex\.here
# regex match against any of the known reply headers. May be
# thought of as a superset of "browser", "referer" and "mime-type"
# ACLs [fast]
acl aclname external class_name [arguments...]
# external ACL lookup via a helper class defined by the
# external_acl_type directive [slow]
acl aclname user_cert attribute values...
# match against attributes in a user SSL certificate
# attribute is one of DN/C/O/CN/L/ST [fast]
acl aclname ca_cert attribute values...
# match against attributes a users issuing CA SSL certificate
# attribute is one of DN/C/O/CN/L/ST [fast]
acl aclname ext_user username ...
acl aclname ext_user_regex [-i] pattern ...
# string match on username returned by external acl helper [slow]
# use REQUIRED to accept any non-null user name.
acl aclname tag tagvalue ...
# string match on tag returned by external acl helper [slow]
Examples:
acl macaddress arp 09:00:2b:23:45:67
acl myexample dst_as 1241
acl password proxy_auth REQUIRED
acl fileupload req_mime_type -i ^multipart/form-data$
acl javascript rep_mime_type -i ^application/x-javascript$
Sumber: http://www.blogger.com/blogger.g?blogID=4178251841297857100#editor/target=post;postID=4640298480786995324
bank_moel_dech”>bank_moel_dech&m=g&t=6″/>
atau
bank_moel_dech”>bank_moel_dech&m=g&t=2“/>
Kemudian masuk ke Account Blogger anda –>> Pilih Tata Letak —>> Tambah Gadget Html java script kemudian masukkan kode diatas —>> Simpan.
Keterangan :
—>> Teks berwarna merah ganti dengan ID YM anda
Sumber: http://zona-klik.blogspot.com/2009/08/memasang-widget-yahoo-messenger-pada.html
<script type='text/javascript'>
var thumbnail_mode = "float" ;
summary_noimg = 250;
summary_img = 250;
img_thumb_height = 120;
img_thumb_width = 120;
</script>
<script type='text/javascript'>
//<![CDATA[
/******************************************
Auto-readmore link script, version 2.0 (for blogspot)
visit : http://caramembuatada.blogspot.com
********************************************/
function removeHtmlTag(strx,chop){
if(strx.indexOf("<")!=-1)
{
var s = strx.split("<");
for(var i=0;i<s.length;i++){
if(s[i].indexOf(">")!=-1){
s[i] = s[i].substring(s[i].indexOf(">")+1,s[i].length);
}
}
strx = s.join("");
}
chop = (chop < strx.length-1) ? chop : strx.length-2;
while(strx.charAt(chop-1)!=' ' && strx.indexOf(' ',chop)!=-1) chop++;
strx = strx.substring(0,chop-1);
return strx+'...';
}
function createSummaryAndThumb(pID){
var div = document.getElementById(pID);
var imgtag = "";
var img = div.getElementsByTagName("img");
var summ = summary_noimg;
if(img.length>=1) {
imgtag = '<span style="float:left; padding:0px 10px 5px 0px;"><img src="'+img[0].src+'" width="'+img_thumb_width+'px" height="'+img_thumb_height+'px"/></span>';
summ = summary_img;
}
var summary = imgtag + '<div>' + removeHtmlTag(div.innerHTML,summ) + '</div>';
div.innerHTML = summary;
}
//]]>
</script>
<b:if cond='data:blog.pageType != "item"'>
<div style=' text-align: justify;' expr:id='"summary" + data:post.id'><data:post.body/></div>
<script type='text/javascript'>createSummaryAndThumb("summary<data:post.id/>");</script>
<span class='rmlink' style='float:left'><a expr:href='data:post.url'>READ MORE - <data:post.title/></a></span>
</b:if>
<b:if cond='data:blog.pageType == "item"'><data:post.body/></b:if>
summary_noimg = 400; summary_img = 350; img_thumb_height = 110; img_thumb_width = 110; //<![CDATA[ function removeHtmlTag(strx,chop){ if(strx.indexOf("<")!=-1) { var s = strx.split("<"); for(var i=0;i“)!=-1){ s[i] = s[i].substring(s[i].indexOf(“>”)+1,s[i].length); } } strx = s.join(“”); } chop = (chop =1) { imgtag = ‘‘; summ = summary_img; } var summary = imgtag + ‘
‘; div.innerHTML = summary; }
Mau bikin terminal ClearOS Anda lebih berwarna seperti di bawah ini??
Ikuti langkahnya seperti ini
1. Siapkan Putty. 2. Masuk dengan user dan password anda.
3. Masukkan command di bawah ini (copy paste saja)
rpm -Uvh http://mirror.fraunhofer.de/download.fedora.redhat.com/epel/5Client/i386/ccze-0.2.1-6.el5.i386.rpm
4. Sudah selesai. contoh kalau mau lihat log history client atau Hit squid tinggal di tambah command “| ccze”. misalnya
# tail -f /var/log/squid/access.log | ccze
Sumber:
http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,40/func,view/id,31177/
http://belajar-clearos.blogspot.com/2011/10/bikin-terminal-di-clearos-lebih.html
Berikut ini kompilasi squid untuk spesifikasi:
Sebelum melakukan kompilasi squid, beberapa hal sudah selesai dikonfigurasi dan berfungsi denganbaik, yaitu:
# yum -y install gcc
# yum -y install gcc-c++
# yum -y install libxml2-devel libcap-devel
Instal semua dalam satu baris perintah:
# yum -y install gcc gcc-c++ libxml2-devel libcap-devel
# mkdir /root/sumber
# cd /root/sumber
# wget http://www.squid-cache.org/Versions/v3/3.1/squid-3.1.10.tar.bz2
Group dan user yang akan dipakai untuk menjalankan squid dibuat dengan cara:
# useradd squid -c "Squid Proxy" -M -d /cache/proxy1 -s /bin/false
Kompilasi agar optimal perlu memakai opsi atau FLAG yang sesuai dengan prosesor. Informasi tentang prosesor ada di /proc/cpuinfo
# cat /proc/cpuinfo# cat /proc/cpuinfo | grep family
cpu family : 15
cpu family : 15
[root@intra ~]# cat /proc/cpuinfo |grep model
model : 4
model name : Intel(R) Xeon(TM) CPU 3.00GHz
Informasi yang diperoleh dari /proc/cpuinfo kemudian disesuaikan dengan flag kompilasi yang ada Gentoo Wiki[1], yaitu diperoleh:
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=prescott -O2 -pipe -fomit-frame-pointer"
CXXFLAGS="${CFLAGS}"
Paramater yang dipakai untuk kompilasi sebagian disesuaikan dengan squid.spec yang ada squid-*-.src.rpm dari Fedora 13 (F13). Info: F13 adalah basis IGOS Nusantara 2010. Berikut penjelasan sebagian parameter yang akan dipakai saat kompilasi:
# cd /root/sumber
# tar xjvf squid-3.1.10.tar.bz2
# cd squid-3.1.10
# CHOST="i686-pc-linux-gnu" \
CFLAGS="-march=prescott -O2 -pipe -fomit-frame-pointer" \
CXXFLAGS="${CFLAGS}" \
./configure \
--bindir=/usr/bin \
--datadir=/usr/share \
--exec-prefix=/usr \
--includedir=/usr/include \
--infodir=/usr/share/info \
--libexecdir=/usr/libexec \
--localstatedir=/var \
--mandir=/usr/share/man \
--prefix=/usr \
--program-prefix= \
--sbindir=/usr/sbin \
--sharedstatedir=/var/lib \
--sysconfdir=/etc/squid \
--disable-auth \
--disable-basic-auth-helpers \
--disable-dependency-tracking \
--disable-digest-auth-helpers \
--disable-epoll \
--disable-external-acl-helpers \
--disable-hostname-checks \
--disable-htcp \
--disable-ident-lookups \
--disable-ipv6 \
--disable-linux-tproxy \
--disable-negotiate-auth-helpers \
--disable-ntlm-auth-helpers \
--disable-snmp \
--disable-translation \
--disable-wccp \
--disable-wccpv2 \
--enable-arp-acl \
--enable-auth=basic,digest \
--enable-async-io=32 \
--enable-cache-digests \
--enable-cachemgr-hostname=localhost \
--enable-default-err-languages=English \
--enable-delay-pools \
--enable-err-languages=English \
--enable-follow-x-forwarded-for \
--enable-gnuregex \
--enable-icmp \
--enable-linux-transparent \
--enable-linux-netfilter \
--enable-removal-policies=heap,lru \
--enable-storeio=aufs \
--enable-underscores \
--enable-useragent-log \
--enable-zph-qos \
--with-aufs-threads=32 \
--with-default-user=squid \
--with-dl \
--with-filedescriptors=32768 \
--with-large-files \
--with-logdir=/var/log/squid \
--with-maxfd=32768 \
--with-pidfile=/var/run/squid.pid \
--with-pthreads
Selanjutnya ketikkan perintah
# make
Lanjutkan dengan
# make install
Ketik perintah
# ls -l /usr/sbin/squid
-rwxr-xr-x 1 root root 2521209 Jan 29 13:30 /usr/sbin/squid# strip /usr/sbin/squid# ls -l /usr/sbin/squid
-rwxr-xr-x 1 root root 2121976 Jan 29 13:31 /usr/sbin/squid
# localhost
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
# Jaringan lokal yang boleh mengakses
#acl ip-admin src 192.168.228.10/32
#acl localnet src 10.0.0.0/8
#acl localnet src 172.16.0.0/12
acl localnet src 192.168.228.0/24
acl SSL_ports port 443 563 # https, snews
acl Safe_ports port 80 81 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 631 # cups
acl Safe_ports port 10000 # webmin
acl Safe_ports port 777 # multiling http
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl CONNECT method CONNECT
# Akses cachemgr hanya boleh dari localhost
# http_access allow manager ip-admin
http_access allow manager localhost
http_access deny manager
# Tolak permintaan ke Safe_ports
http_access deny !Safe_ports
# Tolak CONNECT ke selain SSL ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access allow localnet
http_access allow localhost
# Terakhir: tolak yang lainnya untuk akses ke proxy
http_access deny all
http_port 3128 transparent
icp_port 3130
max_filedescriptors 32768
dns_nameservers 127.0.0.1
hierarchy_stoplist cgi-bin ? .js .jsp .awt
acl QUERY urlpath_regex cgi-bin \? localhost
no_cache deny QUERY
cache_mgr admin
cache_effective_user squid
cache_effective_group squid
visible_hostname proxy
memory_replacement_policy heap LFUDA
cache_replacement_policy heap GDSF
# Ukuran 50GB untuk cache_dir (contoh memakai harddisk SCSI)
# cache_dir aufs /cache/proxy1 50000 102 256
cache_dir aufs /cache/proxy1 7500 16 256
# cache_mem 256 MB
cache_mem 128 MB
minimum_object_size 0 KB
maximum_object_size 128 MB
maximum_object_size_in_memory 64 KB
cache_swap_low 98
cache_swap_high 99
#high_response_time_warning 2000
#high_page_fault_warning 2
#high_memory_warning 1900 MB
mime_table /etc/squid/mime.conf
pid_filename /var/run/squid.pid
# coredump_dir /cache/proxy1/
coredump_dir none
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
#access_log none
#cache_log /dev/null
#cache_store_log none
emulate_httpd_log off
logfile_rotate 2
log_fqdn off
buffered_logs off
client_netmask 255.255.255.255
strip_query_terms off
refresh_pattern windowsupdate.com/.*\.(cab|exe\dll) 259200 95% 259200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-private
refresh_pattern download.microsoft.com/.*\.(cab|exe\dll) 259200 95% 259200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-private
refresh_pattern au.download.windowsupdate.com/.*\.(cab|exe|psf) 259200 95% 259200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-private
refresh_pattern ^ftp: 20160 95% 259200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-private
refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 100
negative_ttl 2 minutes
positive_dns_ttl 60 seconds
negative_dns_ttl 30 seconds
store_avg_object_size 16 KB
vary_ignore_expire on
client_lifetime 2 hours
half_closed_clients off
shutdown_lifetime 4 seconds
log_icp_queries off
icp_hit_stale on
query_icmp on
ipcache_size 4096
ipcache_low 90
ipcache_high 95
fqdncache_size 4096
memory_pools off
forwarded_for off
reload_into_ims on
reload_into_ims on
pipeline_prefetch on
mkdir -p /var/log/squid
touch /var/log/squid/access.log
chmod 770 /var/log/squid
chown -R squid:root /var/log/squid
touch /var/run/squid.pid
mkdir -p /cache/proxy1
chown -R squid:squid /cache/proxy1
Konfigurasi squid.conf yang dibuat dapat diperiksa dengan:
# squid -k parse2011/01/28 02:43:07| Processing Configuration File: /etc/squid/squid.conf (depth 0)
2011/01/28 02:43:07| Starting Authentication on port [::]:3128
2011/01/28 02:43:07| Disabling Authentication on port [::]:3128 (interception enabled)
2011/01/28 02:43:07| Disabling IPv6 on port [::]:3128 (interception enabled)
2011/01/28 02:43:07| WARNING: use of 'override-expire' in 'refresh_pattern' violates HTTP
2011/01/28 02:43:07| WARNING: use of 'override-lastmod' in 'refresh_pattern' violates HTTP
2011/01/28 02:43:07| WARNING: use of 'reload-into-ims' in 'refresh_pattern' violates HTTP
2011/01/28 02:43:07| WARNING: use of 'ignore-reload' in 'refresh_pattern' violates HTTP
2011/01/28 02:43:07| WARNING: use of 'ignore-no-cache' in 'refresh_pattern' violates HTTP
2011/01/28 02:43:07| WARNING: use of 'ignore-private' in 'refresh_pattern' violates HTTP
Abaikan warning yang muncul karena refresh_pattern yang dibuat memang diatur untuk mengabaikan beberapa pengaturan HTTP.
Pada bagian awal skrip /etc/init.d/squid harus memakai “ulimit -n 32768”
# wget http://repo.informatika.lipi.go.id/panduan/wiki/squid -O /etc/init.d/squid
# chmod 700 /etc/init.d/squid
Buat simbolik link untuk squid
# chkconfig --add squid
Agar squid otomatis jalan saat server dinyalakan, tambahkan service squid dengan chkconfig
# chkconfig --level 345 squid on
# echo "# Squid Proxy" >> /etc/rc.local
# echo "/etc/init.d/squid start" >> /etc/rc.local
Setelah konfigurasi squid.conf dilakukan, kini saatnya menjalankan squid. Ketikkan perintah agar squid membuat swap
# /usr/sbin/squid -z
Pertama kali menjalankan squid sebaiknya mengaktifkan parameter debug, sehingga beberapa kesalahan dapat diketahui. Jalankan dengan cara:
# /usr/sbin/squid -Nd1
Buka terminal kedua, lalu periksa apakah squid sudah jalan atau gagal, lakukan:
Cek apakah squid sudah berjalan apa belum dengan perintah
# netstat -pln | grep squid
bila muncul tampilan seperti dibawah ini, berarti squid sudah berjalan
tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN 13109/(squid)
udp 0 0 0.0.0.0:6628 0.0.0.0:* 13109/(squid)
udp 0 0 :::41063 :::* 13109/(squid)
udp 0 0 :::3401 :::* 13109/(squid)
udp 0 0 :::3130 :::* 13109/(squid)
Setelah squid dijalankan, akses beberapa situs dari PC client, jika squid sudah berfungsi, hentikan squid dengan menekan Ctrl+C. Selanjutnya jalankan squid sebagai daemon. Caranya:
# /etc/init.d/squid start
Ada di /var/log/squid/access.log
# tail -f /var/log/squid/access.log
Tampilan log ringkas
# tail -f /var/log/squid/access.log | awk '{print$3 " " $8 " " $7}'
Lakukan reboot, kemudian jalankan squid.
Referensi
Source: http://igos-nusantara.or.id/wiki/IGOS_Nusantara_dan_proxy_server_squid_kompilasi
Notes 