Squid 2.7 on Fedora 11

By | 31 October 2009

Sudah pada tau kalo Fedora 11 mempunyai Squid 3 bawaannya, nah mungkin belum terbiasa karena banyak fitur baru kali ya.. hehehehe :D sampai-sampai untuk koneksi Yahoo Messenger di squid 3 az susah banget, bahkan untuk port yang lain juga susah bukanya… bikin bingung tuh… Akhirnya ambil jalan untuk Downgrade ke squid-2.7.STABLE7 untuk menghindari pusing kepala mikirin Yahoo Messenger yang ga bisa connect. :(

Langkahnya untuk downgrade

1. Sebelum dihapus backup dulu squid.conf yang mungkin sudah jadi sebelumnya biar tinggal dirubah-rubah sedikit nantinya

2.  Hapus Squid 3 bawaan Fedora 11

# yum remove squid

atau

# rpm -e squid

2.  Download source code squid-2.7.STABLE7 letakkan di /usr/local/src

3.  Ekstrak tuh paket

# tar -zxvf squid-2.7.STABLE7.tar.gz

4.  Install

# cd squid-2.7.STABLE7

# ./configure –prefix=/etc/squid/

# make

# make install

perhatikan pada –-prefix=/etc/squid/ ini menunjukkan letak installan squid nantinya, ini terserah mo diletakkan dimana (kalo mo ngikutin diatas ya silahkan :D :) )

5.  Konfigurasi squid

silahkan copas dech konfigurasi squid dibawah ini.. terus modifikasi lagi menjadi lebih optimal.. tapi kasih kabar ya kalo dah nemu squid yang optimal

# ACCESS CONTROLS
# —————————————————————————–
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl SSL_ports port 5050        # YM
acl SSL_ports port 5101        # YM
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443        # https
acl Safe_ports port 70        # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl Safe_ports port 5050    # YM
acl Safe_ports port 5101    # YM
acl CONNECT method CONNECT

# ACCESS CONTROLS MIME
# —————————————————————————–
acl x-type req_mime_type -i ^application/x-mplayer2$
acl x-type req_mime_type -i application/x-mplayer2
acl x-type req_mime_type -i ^application/x-oleobject$
acl x-type req_mime_type -i application/x-oleobject
acl x-type req_mime_type -i application/x-pncmd
acl x-type req_mime_type -i ^video/x-ms-asf$

acl x-type req_mime_type -i ^application/x-shockwave-flash$
acl x-type req_mime_type -i application/x-shockwave-flash

acl x-type req_mime_type -i video/flv
acl x-type req_mime_type -i video/swf
acl x-type req_mime_type -i application/x-msn-messenger
acl x-type req_mime_type -i ^application/x-msn-messenger$

acl x-type2 rep_mime_type -i ^application/x-mplayer2$
acl x-type2 rep_mime_type -i application/x-mplayer2
acl x-type2 rep_mime_type -i ^application/x-oleobject$
acl x-type2 rep_mime_type -i application/x-oleobject
acl x-type2 rep_mime_type -i application/x-pncmd
acl x-type2 rep_mime_type -i ^video/x-ms-asf$

acl x-type2 rep_mime_type -i ^application/x-shockwave-flash$
acl x-type2 rep_mime_type -i application/x-shockwave-flash

# Mime blocking
# Blocking reqested mine types
acl mimeblockq req_mime_type ^app/x-hotbar-xip20$
acl mimeblockq req_mime_type ^application/x-icq$
acl mimeblockq req_mime_type ^application/x-comet-log$

# Blocking sent mime types
acl mimeblockp rep_mime_type ^app/x-hotbar-xip20$
acl mimeblockp rep_mime_type ^application/x-icq$
acl mimeblockp rep_mime_type ^application/x-comet-log$
acl mimeblockp rep_mime_type ^application/x-chaincast$

# ACCESS CONTROLS VIRUS
# —————————————————————————–

acl IpAddressOnly url_regex ^http://[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/$
acl IpAddressOnly url_regex ^http://[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$

acl VIRUS urlpath_regex winnt/system32/cmd.exe?
acl YAHOOATTACK urlpath_regex akamai.*yahoo.*config/login
acl IKLAN url_regex -i “/etc/squid/ads.txt”
acl noIKLAN url_regex -i “/etc/squid/noads.txt”

# HTTP_ACCESS CONTROLS
# —————————————————————————–

http_access allow manager localhost
http_access deny manager

# Deny requests to unknown ports
http_access deny !Safe_ports
http_reply_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_reply_access deny CONNECT !SSL_ports

# Adapt localnet in the ACL section to list your (internal) IP networks
#http_access allow localnet

# DENY LIST
http_access deny IpAddressOnly
http_access deny VIRUS
http_access deny x-type
http_reply_access deny x-type
http_access deny x-type2
http_reply_access deny x-type2
http_access deny mimeblockq
http_reply_access deny mimeblockq
http_access deny mimeblockp
http_reply_access deny mimeblockp
http_access deny IKLAN !noIKLAN
http_reply_access deny IKLAN !noIKLAN

# And finally deny all other access to this proxy
http_access allow localhost
http_access deny all

#Allow ICP queries from local networks only
icp_access deny all

# NETWORK OPTIONS
# —————————————————————————–
http_port 3128

# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
# —————————————————————————–

hierarchy_stoplist cgi-bin ? .js .jsp
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

# DISK CACHE OPTIONS
# —————————————————————————–
cache_mem 64 MB
cache_swap_low 80
cache_swap_high 90
maximum_object_size 16 MB             ## Old = 128 MB
maximum_object_size_in_memory 16 KB
ipcache_size 8192
ipcache_low 90
ipcache_high 91

# LOGFILE OPTIONS
# —————————————————————————–

logformat squid  %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A
cache_dir ufs /etc/squid/var/cache 100 16 256
cache_access_log /etc/squid/var/logs/access.log
cache_store_log none
cache_log /etc/squid/var/logs/cache.log
mime_table /etc/squid/etc/mime.conf
emulate_httpd_log on
log_fqdn off
log_icp_queries off
buffered_logs on
memory_pools off

# OPTIONS FOR TUNING THE CACHE
# —————————————————————————–

refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern (cgi-bin|\?)    0    0%    0
refresh_pattern .        0    20%    4320

# ADMINISTRATIVE PARAMETERS
# —————————————————————————–

visible_hostname paidjo

# DNS OPTIONS
# —————————————————————————–

fqdncache_size 1024
dns_nameservers 202.155.0.10 202.155.0.15

# MISCELLANEOUS
# —————————————————————————–

store_objects_per_bucket 10
store_dir_select_algorithm round-robin
client_db on
reload_into_ims on
pipeline_prefetch on
ie_refresh on
vary_ignore_expire on
#debug_options aLL,1 33,2 28,9

# ZPH TOS #
zph_mode tos
zph_local 0x30
zph_parent 0
tcp_outgoing_tos 0x30 localhost

6.  Buat cache disknya

# /etc/squid/sbin/squid -z

7.  Kemudian jalankan squidnya

# /etc/squid/sbin/squid -D

agar bisa berjalan waktu startup silahkan tambahkan di rc.local

# echo “/etc/squid/sbin/squid -D” >> /etc/rc.d/rc.local

OK dah cukup kayaknya.. kalo ada pertanyaan silahkan kirim email or comment dibawah dech..

Baca :   Yahoo! Messenger tanpa Iklan di Menu Utama

yang jelas dengan squid 2.7 Yahoo Messenger bisa running :)

Share and Enjoy

9 thoughts on “Squid 2.7 on Fedora 11

  1. Syamsul Rizal

    pernah coba anggak setting untuk transparansi squid
    di fedora 11
    saya masih terbentur di settingan transparansinya

    salam

  2. paidjo Post author

    boleh liat settingan squidnya, kalo ga salah di atas fedora 7 dah beda tuh untuk seting proxy nya

  3. chau_gpenks

    gan aq coba tuh langkah²ny…. cuman pas buat cache disknya g bs… kluar ket spt brkt:

    FATAL : failed to make swap dirrectiry /etc/squid/var/cache: (13) permission denied
    squid cache (version 2.7.stable7) terminated abnormally.
    …………..

    mohon pncerahannya…. ket. tbhn aq pake ubuntu server 9.04, g cocok mungkin y…???
    .-= Posting terakhir blognya chau_gpenks ..Muse (Blacck Holes and Revelations) =-.

  4. paidjo Post author

    coba kasih command seperti ini
    chown -R squid.squid /etc/squid/var/cache

  5. agung

    ijin tanya, om….kok konfigure dikit kali, cuma satu ?, dibeberapa tutorial mengajarkan opsi configure malah banyak, apa sih configure itu ?, maksudnya untuk apa dan apa kegunaannya. Mohon maaf terlalu banyak nanya karena newbie swkali

  6. paidjo Post author

    sebenarnya configurasi itu bermacam2 keperluan or kepentingannya, tergantung kebutuhan. jadi yang saya tulisakan hanya configurasi umum saja. :thumbup

Leave a Reply

Your email address will not be published. Required fields are marked *

Security Comments : *

[+] kaskus emoticons