Contoh Squid Proxy

saya mencoba proxy squid di fedora/redhat dengan konfigurasi sebagai berikut :

isi file squid.conf :

http_port 3128
icp_port 3130


cache_mem 16 MB
maximum_object_size 128 MB

cache_dir ufs /misc/squid/c1 7000 8 128
cache_dir ufs /misc/squid/c2 7000 8 128
cache_dir ufs /misc/squid/c3 7000 8 128

cache_access_log /var/log/squid/access.log

cache_log /dev/null
cache_store_log /dev/null

logfile_rotate 4
memory_pools_limit 8 MB
redirect_rewrites_host_header on
#replacement_policy GDSF
half_closed_clients on

request_header_max_size 128 KB
request_body_max_size 5 MB


quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95
connect_timeout 120 seconds
peer_connect_timeout 30 seconds
#siteselect_timeout 4 seconds
read_timeout 15 minutes
request_timeout 5 minutes
client_lifetime 1 day

#———–transparent proxy ———–
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

#Script Membuka/Menutup akses sex
acl sex url_regex -i “/etc/squid/sex”
acl blok-website url_regex -i “/etc/squid/blok-website”

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY


acl all src
acl localhost src
acl lan_ku src
acl images urlpath_regex -i \.gif$ \.png$ \.jpg$ \.jpeg$
acl Safe_ports port 80 21 443 563 70 210 8888 1025-9000 6661-7000

#http_access allow localhost CONNECT
#http_access allow internet CONNECT

#akses sex ditutup
http_access deny sex
http_access deny blok-website

http_access allow CONNECT
http_access allow localhost
http_access allow all
http_access allow lan_ku
http_access allow Safe_ports

http_access deny !Safe_ports
http_access deny CONNECT
http_access deny all

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

#—————- administration info ————
cache_effective_user squid
cache_effective_group squid
#log_icp_queries off
#cachemgr_passwd mypassword all
#forwarded_for off
#buffered_logs on

dan saya isi file rc.local :

# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don’t
# want to do the full Sys V style init stuff.

touch /var/lock/subsys/local

lalu isi file routerrh :
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s -d -j MASQUERADE -o eth0
iptables -A FORWARD -s -j ACCEPT
iptables -t nat -A POSTROUTING -s -j MASQUERADE
iptables -t nat -A PREROUTING -i eth0 -s ! -p tcp –dport 80 -j DNAT –to

nah bagaimana menurut teman-teman ?
kok masih kurang kencang jalan internetnya, client saya memiliki 150 komputer ?

salam…..sys tunggu tanggapannya !!


About this entry