Internet Sehat dengan Install squidGuard di Ubuntu 10.04

SquidGuard bisa dikatakan sebagai plugin untuk squid yang digunakan untuk membatasi akses ke domain / URL berdasarkan daftar kontrol akses. Ketika squidGuard menerima permintaan, permintaan itu akan diperiksa yang memungkinkan halaman akan di redirect ke halaman yang telah ditentukan “blok” atau script. SquidGuard membuat keputusan berdasarkan penggunaan daftar kontrol akses dan database dari domain, URL..!

Ok …. kita langsung aja ..

instal SquidGuard  via terminal dengan akses root:

apt-get install squidGuard

KONFIGURASI SQUID

File squid.conf sangat besar fungsinya, dengan ratusan pilihan. Dalam hal ini kita hanya akan mengubah beberapa pengaturan. Buka file squid.conf untuk mengedit dengan menggunakan sudo dan editor teks. Anda dapat menggunakan sudo (konfigurasi ini saya login sebagai root)

gedit /etc/squid/squid.conf

tambahkan bais terakhir :

# SquidGuard
redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf

KONFIGURASI SQUIDGUARD
Pertama kita buat data URL yang akan kita blokir simpan pada forlder /var/lib/squidGuard/db/

atau kita tinggal mengUnduh dari salah sati link blacklist squidGuard

silahkan ektract folder hasil download tersebut, kemudian rename nama folder hasil ektract menjadi : blacklist
copy pasta folder blacklists ke directory Pictures,
pindahkan folder ads, porn, adult yang ada di folder blacklists ke /var/lib/squidguard/db dengan perintah di terminal :

masuk ke directory Pictures  ( tanpa tanda # )
# cd Pictures
Masuk lagi ke directory balcklist
# cd blacklist

mv /home/operatorplik/Pictures/blacklist/ads /var/lib/squidguard/db/
mv /home/operatorplik/Pictures/blacklist/adult /var/lib/squidguard/db/
mv /home/operatorplik/Pictures/blacklist/porn /var/lib/squidguard/db/
mv /home/operatorplik/Pictures/blacklist/redirector /var/lib/squidguard/db/

user proxy harus diberi hak untuk /var…/db ( tanpa tanda # )

#chown -R proxy:proxy /etc/squid/squidGuard.conf
#chown -R proxy:proxy /var/lib/squidguard/db/

Sekarang edit squidGuard.conf

gedit /etc/squid/squidGuard.conf

ubah menjadi seperti ini :

#
# CONFIG FILE FOR SQUIDGUARD
#

dbhome /var/lib/squidguard/db
logdir /var/log/squid

#
# TIME RULES:
# abbrev for weekdays:
# s = sun, m = mon, t =tue, w = wed, h = thu, f = fri, a = sat

time workhours {
weekly smtwhfa 07:00 – 21:00 # squidguard jalan antara jam 07 pagi s/d jam 9 malam
# date *-*-01  08:00 – 16:30
}

src bar-clients {
ip client # contoh : ip 192.168.1.100 192.168.1.101 ..dst
}

dest good {
}

dest ads {
domainlist     ads/domains
urllist     ads/urls
}

dest adult {
domainlist     adult/domains
urllist     adult/urls
}

dest porn {
domainlist     porn/domains
urllist     porn/urls
}

dest redirector {
urllist     redirector/urls
}

acl {
default {
pass !adult !ads !porn !redirector all
redirect http://ip server squid/block.html
}

bar-clients within workhours {
pass good !in-addr !adult any
} else {
pass any
}
}

setelah kita ubah konfigurasi SquidGuard maka waktunya untuk menambahkan block.html

cek di browser : http://ip-server
klo jawabannya ” It Works ” ( berarti apache2 udah di install )
klo jawabnnya ” not Found ” install dulu apache2
apt-get install apache2

buat folder untuk file block.html
mkdir /var/www

gedit /var/www/block.html
isi file block.html tersebut, silahkan klik link download contoh file block.html disini

copy pasta aja ….

langkah terakhir dengan men-compile setingan squidguard dengan perintah

squidGuard -C all

service squid restart

squid -k reconfigure

contoh tampilan situs yang terblock squid di server PLIK Kec. Sajira

Screenshot-1

Selesai semoga bermanfaat… Lindungi generasi muda kita dengan bersih…..

Install squid di Ubuntu 10.04

Squid adalah sebuah daemon yang digunakan sebagai proxy server dan web cache yang tersedia secara opensource. Squid memiliki banyak jenis penggunaan,mulai dari mempercepat server web dengan melakukan caching permintaan yang berulang-ulang, caching DNS, caching situs web, jadi apabila sebuah situs pernah dibuka oleh salah satu anggota jaringan, maka Squid akan menyimpan konten situs tersebut kedalam hard disk atau memori dari komputer, sehingga jika salah satu anggota jaringan membuka situs yang sama, anggota jaringan tersebut tidak perlu mengakses ke internet, dia hanya perlu mengkases cache yang sudah disimpan oleh Squid tadi, yang berakibat proses dalam membuka situs akan menjadi lebih cepat dan tentunya akan menghemat bandwidth.

Saya disini mencoba untuk share untuk temen-temen operator PLIK untuk wilayah Jabar & Banten, berbagi pengalaman saya tentang cara konfigurasi squid di Ubuntu 10.04 ( Server PLIK Jabar & Banten ), karna di server kita telah terinstall squid, maka kita hanya perlu melakukan konfigurasi di squid.conf  dan partisi untuk penyimpanan cache.

Kita langsung aja ..

Mount Partisi cache yang sudah ada, dengan masuk ke fstab ketik perintah dibawah ini :

1. Masuk terminal :

Sudo su

Password : sudah tau ya..

2. masuk fstab;

gedit /etc/fstab

masukan tulisan ini tulisan paling bawah di file fstab

/dev/sda13 /cache                  reiserfs noatime,notail       0      0

setelah itu restart pc kita …

Selanjutnya kita konfigurasi file squid.conf

ulangi langkah 1  (masuk terminal sebagai root)

3. Backup file squid.conf ( untuk antisipasi kalau terjadi kesalahan )

cp /etc/squid/squid.conf /etc/squid/squid.conf.backup

4. Edit file squid.conf

gedit /etc/squid/squid.conf

rubah konfigurasi squid.conf seperti contoh squid.conf dibawah ini :

#=======================================================#
#     KONFIGURASI SQUID2.7 STABLE7            #
#          Warnet PLIK ……..            #
#         Generated: By……….            #
#=======================================================#

#=======================================================
#Definisi Network
#=======================================================
http_port 3128 transparent
server_http11 on
icp_port 0

#=======================================================
# Cache & Object
#=======================================================
cache_mem 6 MB
cache_swap_low 90
cache_swap_high 95

max_filedesc 8192

maximum_object_size 512 MB
minimum_object_size 0 bytes
maximum_object_size_in_memory 128 KB

ipcache_size 16384
ipcache_low 90
ipcache_high 99

fqdncache_size 16384

cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
cache_dir aufs /cache 30000 70 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
cache_swap_log /var/log/squid/swap.state
access_log /var/log/squid/access.log squid

#=====================================================
# Options DNS
#=====================================================
# bisa ditambahkan untuk dns memakai dns kita
dns_nameservers 8.8.8.8 208.67.222.222 208.67.220.220

#=======================================================
# Rules: Safe Port & SSL Port
#=======================================================

acl all src 0.0.0.0/0
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443 563    # https, snews
acl SSL_ports port 873        # rsync
acl Safe_ports port 80         # http
acl Safe_ports port 5666     # nrpe
acl Safe_ports port 22         # ssl
acl Safe_ports port 3306     # mysql
acl Safe_ports port 21         # ftp
acl Safe_ports port 443     # https
acl Safe_ports port 70         # gopher
acl Safe_ports port 210     # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280     # http-mgmt
acl Safe_ports port 488     # gss-http
acl Safe_ports port 591     # filemaker
acl Safe_ports port 777     # multiling http
acl Safe_ports port 631        # cups
acl Safe_ports port 873        # rsync
acl Safe_ports port 901        # SWAT

acl purge method PURGE
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports !SSL_ports
http_access deny CONNECT !SSL_ports !Safe_ports

#========================================================
# HIERARCHY (BYPASS CGI)
#========================================================
hierarchy_stoplist cgi-bin ? .js .jsp
acl QUERY urlpath_regex cgi-bin \? .js .jsp
no_cache deny QUERY

#========================================================
# SNMP
#========================================================
snmp_port 3401
acl snmpsquid snmp_community public
snmp_access allow snmpsquid localhost
snmp_access deny all

#========================================================
# DEFINISI NETWORKS
#========================================================
acl lan_a src 192.168.1.0/255.255.255.0
acl lan_b src ……………
# untuk acl lan_b, jika ip lan server 10.100.1.21 berarti titik tersebut kita isi : 10.100.1.20/28
#========================================================
# ALLOWED ACCESS
#========================================================

http_access allow lan_a
http_access allow lan_b
http_access allow localhost
http_access deny all
icp_access allow all
always_direct deny all

#========================================================
# Cache CGI & Administrative
#========================================================

cache_mgr ………..@gmail.com
visible_hostname PLIK_Kecamatan_……….
cache_effective_user proxy
cache_effective_group proxy
coredump_dir /var/spool/squid
shutdown_lifetime 10 seconds
logfile_rotate 1
cachemgr_passwd none all
pid_filename /var/run/squid.pid

acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
connect_timeout 5 minute

#=======================================================
# TAG: Extra Tuning Configuration
#=======================================================

client_persistent_connections off
server_persistent_connections on
half_closed_clients off
strip_query_terms off

memory_pools off
buffered_logs off
log_icp_queries off

store_dir_select_algorithm round-robin
log_fqdn off
forwarded_for off
icp_hit_stale on
query_icmp on
reload_into_ims on
emulate_httpd_log off
negative_ttl 30 seconds
positive_dns_ttl 6 hours
negative_dns_ttl 60 seconds
pconn_timeout 15 seconds
request_timeout 1 minute
store_avg_object_size 13 KB
log_icp_queries off
pipeline_prefetch on
vary_ignore_expire on
half_closed_clients off
high_page_fault_warning 2
nonhierarchical_direct on
prefer_direct off
client_db on
max_filedescriptors 8192
redirector_bypass on
dns_testnames google.com
offline_mode off
quick_abort_min 0 KB
quick_abort_max 0 KB

# Marking ZPH for b/w management
zph_mode tos
zph_local 0×04
zph_parent 0
zph_option 136

#=======================================================
# TAG: Caching you tube
#=======================================================

acl youtube dstdomain .youtube.com
cache allow youtube
cache allow all

acl videocache_allow_url url_regex -i \.youtube\.com\/get_video\?
acl videocache_allow_url url_regex -i \.youtube\.com\/videoplayback \.youtube\.com\/videoplay \.youtube\.com\/get_video\?
acl videocache_allow_url url_regex -i \.youtube\.[a-z][a-z]\/videoplayback \.youtube\.[a-z][a-z]\/videoplay \.youtube\.[a-z][a-z]\/get_video\?
acl videocache_allow_url url_regex -i \.googlevideo\.com\/videoplayback \.googlevideo\.com\/videoplay \.googlevideo\.com\/get_video\?
acl videocache_allow_url url_regex -i \.google\.com\/videoplayback \.google\.com\/videoplay \.google\.com\/get_video\?
acl videocache_allow_url url_regex -i \.google\.[a-z][a-z]\/videoplayback \.google\.[a-z][a-z]\/videoplay \.google\.[a-z][a-z]\/get_video\?
acl videocache_allow_url url_regex -i proxy[a-z0-9\-][a-z0-9][a-z0-9][a-z0-9]?\.dailymotion\.com\/
acl videocache_allow_url url_regex -i vid\.akm\.dailymotion\.com\/
acl videocache_allow_url url_regex -i [a-z0-9][0-9a-z][0-9a-z]?[0-9a-z]?[0-9a-z]?\.xtube\.com\/(.*)flv
acl videocache_allow_url url_regex -i \.vimeo\.com\/(.*)\.(flv|mp4)
acl videocache_allow_url url_regex -i va\.wrzuta\.pl\/wa[0-9][0-9][0-9][0-9]?
acl videocache_allow_url url_regex -i \.youporn\.com\/(.*)\.flv
acl videocache_allow_url url_regex -i \.msn\.com\.edgesuite\.net\/(.*)\.flv
acl videocache_allow_url url_regex -i \.tube8\.com\/(.*)\.(flv|3gp)
acl videocache_allow_url url_regex -i \.mais\.uol\.com\.br\/(.*)\.flv
acl videocache_allow_url url_regex -i \.blip\.tv\/(.*)\.(flv|avi|mov|mp3|m4v|mp4|wmv|rm|ram|m4v)
acl videocache_allow_url url_regex -i \.break\.com\/(.*)\.(flv|mp4)
acl videocache_allow_url url_regex -i redtube\.com\/(.*)\.flv
acl videocache_allow_dom dstdomain .mccont.com .metacafe.com .cdn.dailymotion.com
acl videocache_deny_dom  dstdomain .download.youporn.com .static.blip.tv

acl speedtest_allow_url url_regex -i \.speedtest\.net\/ speedtest
acl speedtest_allow_url url_regex ^http:\/\/speedtest\.*
acl speedtest_allow_dom dstdomain .speedtest.net
acl dontrewrite url_regex redbot\.org \.php
acl getmethod method GET

storeurl_access deny dontrewrite
storeurl_access deny !getmethod
storeurl_access deny videocache_deny_dom
storeurl_access allow videocache_allow_url
storeurl_access allow videocache_allow_dom
storeurl_access allow speedtest_allow_url
storeurl_access allow speedtest_allow_dom
storeurl_access deny all

storeurl_rewrite_program /etc/squid/storeurl.pl
storeurl_rewrite_children 7
storeurl_rewrite_concurrency 100

acl store_rewrite_list urlpath_regex -i \/(get_video\?|videodownload\?|videoplayback.*id)
acl store_rewrite_list urlpath_regex -i \.flv$ \.mp3$ \.mp4$ \.swf$ \
storeurl_access allow store_rewrite_list
storeurl_access deny all

#=======================================================
# Definisi refresh patern
#=======================================================
refresh_pattern -i (/cgi-bin/|\?) 0    0%    0
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern ^ftp:        10080    95%    10080 override-lastmod reload-into-ims
refresh_pattern .        1440    95%    10000 override-lastmod reload-into-ims

refresh_pattern -i \.flv$ 10080 80% 10080  override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache  ignore-private ignore-auth
refresh_pattern -i \.mp3$ 10080 80% 10080  override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache  ignore-private ignore-auth
refresh_pattern -i \.mp4$ 10080 80% 10080  override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache  ignore-private ignore-auth
refresh_pattern -i \.swf$ 10080 80% 10080  override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache  ignore-private ignore-auth
refresh_pattern -i \.gif$ 10080 80% 10080  override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache  ignore-private ignore-auth
refresh_pattern -i \.jpg$ 10080 80% 10080  override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache  ignore-private ignore-auth
refresh_pattern -i \.jpeg$ 10080 80% 10080  override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache  ignore-private  ignore-auth
refresh_pattern -i \.exe$ 10080 80% 10080  override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache  ignore-private  ignore-auth

#=========================================================
# 1 year = 525600 mins, 1 month = 10080 mins, 1 day = 1440
#=========================================================
refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?)    10080 80% 10080 ignore-no-cache  ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern (get_video\?|videoplayback\?id|videoplayback.*id|videodownload\?|\.flv?)    10080 80% 10080 ignore-no-cache  ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern \.(ico|video-stats) 10080 80% 10080 override-expire ignore-reload ignore-no-cache  ignore-private ignore-auth override-lastmod  negative-ttl=10080
refresh_pattern \.etology\?                                     10080 80% 10080 override-expire ignore-reload ignore-no-cache
refresh_pattern galleries\.video(\?|sz)                         10080 80% 10080 override-expire ignore-reload ignore-no-cache
refresh_pattern brazzers\?                                      10080 80% 10080 override-expire ignore-reload ignore-no-cache
refresh_pattern \.adtology\?                                    10080 80% 10080 override-expire ignore-reload ignore-no-cache
refresh_pattern ^.*(utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 10080 20% 10080 ignore-no-cache  ignore-private override-expire ignore-reload ignore-auth   negative-ttl=40320 max-stale=10
refresh_pattern ^.*safebrowsing.*google  10080 80% 10080 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth  negative-ttl=10080
refresh_pattern ^http://((cbk|mt|khm|mlt)[0-9]?)\.google\.co(m|\.uk)    10080 80% 10080 override-expire ignore-reload ignore-private  negative-ttl=10080
refresh_pattern ytimg\.com.*\.jpg                                       10080 80% 10080 override-expire ignore-reload
refresh_pattern images\.friendster\.com.*\.(png|gif)                    10080 80% 10080 override-expire ignore-reload
refresh_pattern garena\.com                                             10080 80% 10080 override-expire reload-into-ims
refresh_pattern photobucket.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png)          10080 80% 10080 override-expire ignore-reload
refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\?                     10080 80% 10080 ignore-no-cache override-expire override-lastmod
refresh_pattern mediafire.com\/images.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png)    10080 80% 10080 reload-into-ims override-expire ignore-private
refresh_pattern ^http:\/\/images|pics|thumbs[0-9]\.                     10080 80% 10080 reload-into-ims ignore-no-cache  ignore-reload override-expire
refresh_pattern ^http:\/\/www.onemanga.com.*\/                          10080 80% 10080 reload-into-ims ignore-no-cache  ignore-reload override-expire
refresh_pattern ^http://v\.okezone\.com/get_video\/([a-zA-Z0-9]) 10080 80% 10080 override-expire ignore-reload ignore-no-cache  ignore-private ignore-auth override-lastmod  negative-ttl=10080

#================================================
#Jejaring sosial
#================================================
refresh_pattern -i \.facebook.com.*\.(jpg|png|gif)                      10080 80% 10080 ignore-reload override-expire ignore-no-cache
refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|mp3)                 10080 80% 10080 ignore-reload override-expire ignore-no-cache
refresh_pattern  static\.ak\.fbcdn\.net*\.(jpg|gif|png)                 10080 80% 10080 ignore-reload override-expire ignore-no-cache
refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png)        10080 80% 10080 ignore-reload override-expire ignore-no-cache
refresh_pattern -i \.twitter.com.*\.(jpg|png|swf|gif)                      10080 80% 10080 ignore-reload override-expire ignore-no-cache
refresh_pattern -i \.yahoo.com.*\.(jpg|png|swf|gif)                      10080 80% 10080 ignore-reload override-expire ignore-no-cache

#================================================
#Semua File
#================================================
refresh_pattern -i \.(3gp|7z|ace|asx|bin|deb|divx|dvr-ms|ram|rpm|exe|inc|cab|qt)       10080 80% 10080 ignore-no-cache   override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v)|arj|lha|lzh|zip|tar)  10080 80% 10080 ignore-no-cache   override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|dat|ad|txt|dll)         10080 80% 10080 ignore-no-cache   override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(avi|ac4|mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rm|r(a|p)m|snd|vob) 10080 80% 10080 ignore-no-cache   override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(pp(t?x)|s|t)|pdf|rtf|wax|wm(a|v)|wmx|wpl|cb(r|z|t)|xl(s?x)|do(c?x)|flv|x-flv) 10080 80% 10080 ignore-no-cache   override-expire override-lastmod reload-into-ims

#==================================================
#Permainan
#==================================================
refresh_pattern ^http:\/\/apps.facebook.com.*\/     10080 999999% 43200 ignore-reload override-expire ignore-no-cache reload-into-ims
refresh_pattern -i \.zynga.com.*\/         10080 999999% 43200 ignore-reload override-expire ignore-no-cache reload-into-ims
refresh_pattern -i \.igg.com.*\/             10080 999999% 43200 ignore-reload override-expire ignore-no-cache override-lastmod reload-into-ims
refresh_pattern -i \.farmville.com.*\/         10080 999999% 43200 ignore-reload override-expire ignore-no-cache override-lastmod reload-into-ims
refresh_pattern -i \.ninjasaga.com.*\/         10080 999999% 43200 ignore-reload override-expire ignore-no-cache override-lastmod reload-into-ims
refresh_pattern -i \.popcap.com.*\/         10080 999999% 43200 ignore-reload override-expire ignore-no-cache override-lastmod reload-into-ims
refresh_pattern -i \.idants.boyaagame.com.*\/         10080 999999% 43200 ignore-reload override-expire ignore-no-cache override-lastmod reload-into-ims
refresh_pattern -i \.games.co.id.*\/         10080 999999% 43200 ignore-reload override-expire ignore-no-cache override-lastmod reload-into-ims
refresh_pattern -i \.frk.gamib.net.*\/         10080 999999% 43200 ignore-reload override-expire ignore-no-cache override-lastmod reload-into-ims

#========================================
#IIX DOWNLOAD
#========================================
refresh_pattern ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(mp3|rar|zip|flv|wmv|3gp|mp(4|3)|exe|msi|zip) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-auth
refresh_pattern ^http:\/\/\.www[0-9][0-9]\.4shared\.com\/(.*)(mp3|rar|zip|flv|wmv|3gp|mp(4|3)|exe|msi|zip) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-auth
refresh_pattern ^http:\/\/\.www[0-9][0-9]\.ziddu\.com\/(.*)(mp3|rar|zip|flv|wmv|3gp|mp(4|3)|exe|msi|zip) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-auth

# SquidGuard
# redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf

ga mau report …. copy pasta aja … he..he…

5. buat file storeurl.pl

gedit /etc/squid/storeurl.pl

copy pasta konfigurasi storeurl.pl dibawah ini :

#!/usr/bin/perl
# This script is NOT written or modified by me, I only copy pasted it from the internet.
# It was First originally Writen by chudy_fernandez@yahoo.com
# & Have been modified by various persons over the net to fix/add various functions.
# For Example this ver was modified by member of comstuff.net to satisfy common and dynamic content.
# th30nly @comstuff.net a.k.a invisible_theater ,
# For more info, http://wiki.squid-cache.org/ConfigExamples/DynamicContent/YouTube
$|=1;
while (<>) {
@X = split;
#       $X[1] =~ s/&sig=.*//;
$x = $X[0] . ” “;
$_ = $X[1];
$u = $X[1];

#speedtest
if (m/^http:\/\/(.*)\/speedtest\/(.*\.(jpg|txt))\?(.*)/) {
print $x . “http://www.speedtest.net.SQUIDINTERNAL/speedtest/&#8221; . $2 . “\n”;

#mediafire
}elsif (m/^http:\/\/199\.91\.15\d\.\d*\/\w{12}\/(\w*)\/(.*)/) {
print $x . “http://www.mediafire.com.SQUIDINTERNAL/&#8221; . $1 .”/” . $2 . “\n”;

#fileserve
}elsif (m/^http:\/\/fs\w*\.fileserve\.com\/file\/(\w*)\/[\w-]*\.\/(.*)/) {
print $x . “http://www.fileserve.com.SQUIDINTERNAL/&#8221; . $1 . “./” . $2 . “\n”;

#filesonic
}elsif (m/^http:\/\/s[0-9]*\.filesonic\.com\/download\/([0-9]*)\/(.*)/) {
print $x . “http://www.filesonic.com.SQUIDINTERNAL/&#8221; . $1 . “\n”;

#4shared
}elsif (m/^http:\/\/[a-zA-Z]{2}\d*\.4shared\.com(:8080|)\/download\/(.*)\/(.*\..*)\?.*/) {
print $x . “http://www.4shared.com.SQUIDINTERNAL/download/$2\/$3\n”;

#4shared preview
}elsif (m/^http:\/\/[a-zA-Z]{2}\d*\.4shared\.com(:8080|)\/img\/(\d*)\/\w*\/dlink__2Fdownload_2F(\w*)_3Ftsid_3D[\w-]*\/preview\.mp3\?sId=\w*/) {
print $x . “http://www.4shared.com.SQUIDINTERNAL/$2\n”;

#photos-X.ak.fbcdn.net where X a-z
}elsif (m/^http:\/\/photos-[a-z](\.ak\.fbcdn\.net)(\/.*\/)(.*\.jpg)/) {
print $x . “http://photos&#8221; . $1 . “/” . $2 . $3  . “\n”;

#YX.sphotos.ak.fbcdn.net where X 1-9, Y a-z
} elsif (m/^http:\/\/[a-z][0-9]\.sphotos\.ak\.fbcdn\.net\/(.*)\/(.*)/) {
print $x . “http://photos.ak.fbcdn.net/&#8221; . $1  .”/”. $2 . “\n”;

#maps.google.com
} elsif (m/^http:\/\/(cbk|mt|khm|mlt|tbn)[0-9]?(.google\.co(m|\.uk|\.id).*)/) {
print $x . “http://&#8221; . $1  . $2 . “\n”;

# compatibility for old cached get_video?video_id
} elsif (m/^http:\/\/([0-9.]{4}|.*\.youtube\.com|.*\.googlevideo\.com|.*\.video\.google\.com).*?(videoplayback\?id=.*?|video_id=.*?)\&(.*?)/) {
$z = $2; $z =~ s/video_id=/get_video?video_id=/;
print $x . “http://video-srv.youtube.com.SQUIDINTERNAL/&#8221; . $z . “\n”;

# youtube fix
} elsif (m/^http:\/\/([0-9.]{4}|.*\.youtube\.com|.*\.googlevideo\.com|.*\.video\.google\.com)\/videoplayback\?(.*)/) {
$p_str = $2;
$tag = “”;
$alg = “”;
$id = “”;
$range = “”;
if ($p_str =~ m/(itag=[0-9]*)/){$tag = “&”.$1}
if ($p_str =~ m/(algorithm=[a-z]*\-[a-z]*)/){$alg = “&”.$1}
if ($p_str =~ m/(id=[a-zA-Z0-9]*)/){$id = “&”.$1}
if ($p_str =~ m/(range=[0-9\-]*)/){$range = “&”.$1; $range =~ s/-//; $range =~ s/range=//; }
print $x . “http://video-srv.youtube.com.SQUIDINTERNAL/&#8221; . $tag . “&” . $alg . “&” . $id . “&” . $range . “\n”;

} elsif (m/^http:\/\/www\.google-analytics\.com\/__utm\.gif\?.*/) {
print $x . “http://www.google-analytics.com/__utm.gif\n”;

#Cache High Latency Ads
} elsif (m/^http:\/\/([a-z0-9.]*)(\.doubleclick\.net|\.quantserve\.com|\.googlesyndication\.com|yieldmanager|cpxinteractive)(.*)/) {
$y = $3;$z = $2;
for ($y) {
s/pixel;.*/pixel/;
s/activity;.*/activity/;
s/(imgad[^&]*).*/\1/;
s/;ord=[?0-9]*//;
s/;&timestamp=[0-9]*//;
s/[&?]correlator=[0-9]*//;
s/&cookie=[^&]*//;
s/&ga_hid=[^&]*//;
s/&ga_vid=[^&]*//;
s/&ga_sid=[^&]*//;
# s/&prev_slotnames=[^&]*//
# s/&u_his=[^&]*//;
s/&dt=[^&]*//;
s/&dtd=[^&]*//;
s/&lmt=[^&]*//;
s/(&alternate_ad_url=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/;
s/(&url=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/;
s/(&ref=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/;
s/(&cookie=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/;
s/[;&?]ord=[?0-9]*//;
s/[;&]mpvid=[^&;]*//;
s/&xpc=[^&]*//;
# yieldmanager
s/\?clickTag=[^&]*//;
s/&u=[^&]*//;
s/&slotname=[^&]*//;
s/&page_slots=[^&]*//;
}
print $x . “http://&#8221; . $1 . $2 . $y . “\n”;

#cache high latency ads
} elsif (m/^http:\/\/(.*?)\/(ads)\?(.*?)/) {
print $x . “http://&#8221; . $1 . “/” . $2  . “\n”;

# spicific servers starts here….
} elsif (m/^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*?)/) {
print $x . “http://&#8221; . $1 . “\n”;

#cdn, varialble 1st path
} elsif (($u =~ /filehippo/) && (m/^http:\/\/(.*?)\.(.*?)\/(.*?)\/(.*)\.([a-z0-9]{3,4})(\?.*)?/)) {
@y = ($1,$2,$4,$5);
$y[0] =~ s/[a-z0-9]{2,5}/cdn./;
print $x . “http://&#8221; . $y[0] . $y[1] . “/” . $y[2] . “.” . $y[3] . “\n”;

#rapidshare
} elsif (($u =~ /rapidshare/) && (m/^http:\/\/(([A-Za-z]+[0-9-.]+)*?)([a-z]*\.[^\/]{3}\/[a-z]*\/[0-9]*)\/(.*?)\/([^\/\?\&]{4,})$/)) {
print $x . “http://cdn.&#8221; . $3 . “/SQUIDINTERNAL/” . $5 . “\n”;

} elsif (($u =~ /maxporn/) && (m/^http:\/\/([^\/]*?)\/(.*?)\/([^\/]*?)(\?.*)?$/)) {
print $x . “http://&#8221; . $1 . “/SQUIDINTERNAL/” . $3 . “\n”;

#like porn hub variables url and center part of the path, filename etention 3 or 4 with or without ? at the end
} elsif (($u =~ /tube8|pornhub|xvideos/) && (m/^http:\/\/(([A-Za-z]+[0-9-.]+)*?(\.[a-z]*)?)\.([a-z]*[0-9]?\.[^\/]{3}\/[a-z]*)(.*?)((\/[a-z]*)?(\/[^\/]*){4}\.[^\/\?]{3,4})(\?.*)?$/)) {
print $x . “http://cdn.&#8221; . $4 . $6 . “\n”;
#…spicific servers end here.

#photos-X.ak.fbcdn.net where X a-z
} elsif (m/^http:\/\/photos-[a-z].ak.fbcdn.net\/(.*)/) {
print $x . “http://photos.ak.fbcdn.net/&#8221; . $1  . “\n”;

#for yimg.com video
} elsif (m/^http:\/\/(.*yimg.com)\/\/(.*)\/([^\/\?\&]*\/[^\/\?\&]*\.[^\/\?\&]{3,4})(\?.*)?$/) {
print $x . “http://cdn.yimg.com//&#8221; . $3 . “\n”;

#for yimg.com doubled
} elsif (m/^http:\/\/(.*?)\.yimg\.com\/(.*?)\.yimg\.com\/(.*?)\?(.*)/) {
print $x . “http://cdn.yimg.com/”  . $3 . “\n”;

#for yimg.com with &sig=
} elsif (m/^http:\/\/(.*?)\.yimg\.com\/(.*)/) {
@y = ($1,$2);
$y[0] =~ s/[a-z]+[0-9]+/cdn/;
$y[1] =~ s/&sig=.*//;
print $x . “http://&#8221; . $y[0] . “.yimg.com/”  . $y[1] . “\n”;

#youjizz. We use only domain and filename
} elsif (($u =~ /media[0-9]{2,5}\.youjizz/) && (m/^http:\/\/(.*)(\.[^\.\-]*?\..*?)\/(.*)\/([^\/\?\&]*)\.([^\/\?\&]{3,4})((\?|\%).*)?$/)) {
@y = ($1,$2,$4,$5);
$y[0] =~ s/(([a-zA-A]+[0-9]+(-[a-zA-Z])?$)|(.*cdn.*)|(.*cache.*))/cdn/;
print $x . “http://&#8221; . $y[0] . $y[1] . “/” . $y[2] . “.” . $y[3] . “\n”;

#general purpose for cdn servers. add above your specific servers.
} elsif (m/^http:\/\/([0-9.]*?)\/\/(.*?)\.(.*)\?(.*?)/) {
print $x . “http://squid-cdn-url//&#8221; . $2  . “.” . $3 . “\n”;

#generic http://variable.domain.com/path/filename.”ex&#8221; “ext” or “exte” with or withour “? or %”
} elsif (m/^http:\/\/(.*)(\.[^\.\-]*?\..*?)\/(.*)\.([^\/\?\&]{2,4})((\?|\%).*)?$/) {
@y = ($1,$2,$3,$4);
$y[0] =~ s/(([a-zA-A]+[0-9]+(-[a-zA-Z])?$)|(.*cdn.*)|(.*cache.*))/cdn/;
print $x . “http://&#8221; . $y[0] . $y[1] . “/” . $y[2] . “.” . $y[3] . “\n”;

# generic http://variable.domain.com/&#8230;
} elsif (m/^http:\/\/(([A-Za-z]+[0-9-]+)*?|.*cdn.*|.*cache.*)\.(.*?)\.(.*?)\/(.*)$/) {
print $x . “http://cdn.&#8221; . $3 . “.” . $4 . “/” . $5 .  “\n”;

# spicific extention that ends with ?
} elsif (m/^http:\/\/(.*?)\/(.*?)\.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|on2)(.*)/) {
print $x . “http://&#8221; . $1 . “/” . $2  . “.” . $3 . “\n”;

# all that ends with ;
} elsif (m/^http:\/\/(.*?)\/(.*?)\;(.*)/) {
print $x . “http://&#8221; . $1 . “/” . $2  . “\n”;

} else {
print $x . $_ . “sucks\n”;
}
}

6.  buat hak hak akses proxy untuk folder cache dan file storeurl ; ketik perintah-perintah dibawah ini di terminal

chown proxy:proxy /cache
chown proxy:proxy /etc/squid/storeurl.pl
chmod 777 /etc/squid/storeurl.pl
chmod 777 /cache

7. cek konfigurasi squid dengan perintah

squid -k parse

Jika tidak ada erorr lanjut dengan ;

squid -f /etc/squid/squid.conf -z

8. restart squid

service squid restart  –> untuk restart squid

service squid start –> untuk start squid

service squid stop –> untuk stop squid

9.  redirect akses dengan port 80 ke squid, ketikan perintah dibawah ini :

untuk tcp :                                                                                                                                                                                                                                                                 iptables -t nat -I PREROUTING -i eth1 -p tcp -m tcp –dport 80 -j REDIRECT –to-ports 3128

Keterangan eth1 adalah : Ethernet LAN

untuk udp :
iptables -t nat -I PREROUTING -i eth1 -p udp -m udp –dport 80 -j REDIRECT –to-ports 3128

10. supaya nat tersebut jalan saat startup, masukan perintah diatas di rc.local diatas exit 0

gedit /etc/rc.local

11. install ccze

apt-get install ccze

12. untuk melihat LOG squid  :

tail -f /var/log/squid/access.log

atau

tail -f /var/log/squid/access.log | ccze

kalo berhasil tampilan hasil perintah diatas akan seperti ini :

 

 

 

 

 

Selamat mencoba semoga sukses….!!

untuk lebih optimalnya silahkan searching aja di mbah google tentang squid ….!! karna saya juga belajar dan mengetahui dari mbah google juga … piss…..!!!

untuk menjadikan Warnet PLIK sebagai Media Internet Sehat, selanjutnya saya  akan mencoba share tentang install squidGuard di postingan selanjutnya …………..

 

 

 

Install HTB-Tools

Kebetulan lagi satu hari bersama server , kali ini seorang newbie mau share gimana install management bandwidth di Server PLIK Paket4 ( Banten & Jabar )-> Ubuntu 10.04 dengan memakai htb-tools. kegunaan management bandwidth ini sangat penting bagi kalangan warnet, karna untuk menghindari rebutan bandwith antar client, dengan membatas bandwith per-Client.

Management Bandwith di ubuntu bukan hanya HTB-tools, seperti Webhtb dll. saya disini akan mencoba share Management Bandwith menggunakan HTB-tools.

Ok Kita langsung aja ….

download paket HTB Tools terbaru di http://htb-tools.skydevel.ro/download.php, saya menggunakan HTB-tools-0.3.0a-i486-1.tgz

ekstrak file HTB-tools nya, dengan perintah
$sudo tar -zxvf HTB-tools-0.3.0a-i486-1.tgz
atau bisa klik kanan, klik extract here ( akan muncul folder HTB-tools-0.3.0a-i486-1)

supaya gampang rename dulu folder hasil ekstrak tersebut menjadi HTB-tools ( Klik kanan pilih rename, ganti nama file tersebut menjadi HTB-tools
Hasilnya akan muncul folder etc, install, sbin dan  untuk mudahnya Pindahkan aja isi semua folder ekstrak tersebut ke directory Music

Masuk Terminal

operatorplik@plik-server:~$ sudo su

Password : sudah tau ya…..! jangan tanya lagi he..he..he…
contoh folder htb-tools yang saya pindahkan ke folder Music.
perintahnya : cd Music —> enter,     kemudian cd HTB-tools —> enter

Pindahin folder htb di /sbin ke /sbin nya server dengan mengetikan perintah ;

mv /home/operatorplik/Music/HTB-tools/sbin/htb /sbin
mv /home/operatorplik/Music/HTB-tools/sbin/htbgen /sbin
mv /home/operatorplik/Music/HTB-tools/sbin/q_checkcfg /sbin
mv /home/operatorplik/Music/HTB-tools/sbin/q_parser /sbin
mv /home/operatorplik/Music/HTB-tools/sbin/q_show /sbin

Pindahin folder htb di /etc ke /etc nya server dengan mengetikan perintah ;

mv /home/operatorplik/Music/HTB-tools/etc/htb /etc

Ubah nama file yang ada di /etc/htb dengan menghilangkan kata new dengan mengetikan perintah :

mv /etc/htb/eth0-qos.cfg.new /etc/htb/eth0-qos.cfg

mv /etc/htb/eth1-qos.cfg.new /etc/htb/eth1-qos.cfg

Pindahkan file /etc/rc.d/rc.htb.new ke /etc/init.d/ dan ubah nama filenya menjadi rc.htb dengan perintah :
mv /home/operatorplik/Music/HTB-tools/etc/rc.d/rc.htb.new /etc/init.d/rc.htb

Ubah permision rc.htb agar bisa di eksekusi dengan perintah :
chmod 755 /etc/init.d/rc.htb

Mulai konfigurasi eth0-qos cfg dan eth1-qos cfg sesuai kebutuhan, Jika interface yang berhubungan langsung dengan client adalah eth1 maka yang kita konfigurasi eth1-qos cfg.
gedit /etc/htb/eth1-qos.cfg

contoh konfigurasi eth1 liat dibawah ini :

################
# eth1-qos.cfg #
################
# for how to configure and use see docs/HowTo/

class PLIK {
bandwidth 5120;
limit 5120;
burst 2;
priority 1;
que sfq;

client_PLIK-OPERATOR {
bandwidth 512;
limit 512;
burst 2;
priority 1;
dst {
10.100.3.161/32; # IP Lan
};
};

client_PLIK-01 {
bandwidth 512;
limit 512;
burst 2;
priority 1;
dst {
10.100.3.162/32; # IP LAN Client 1 – Client 5
};
};

client_PLIK-02 {
bandwidth 512;
limit 512;
burst 2;
priority 1;
dst {
10.100.3.163/32;
};
};

client_PLIK-03 {
bandwidth 512;
limit 512;
burst 2;
priority 1;
dst {
10.100.3.164/32;
};
};

client_PLIK-04 {
bandwidth 512;
limit 512;
burst 2;
priority 1;
dst {
10.100.3.165/32;
};
};

client_PLIK-05 {
bandwidth 512;
limit 512;
burst 4;
priority 1;
dst {
10.100.3.166/32;
};
};

client_PLIK-06 {
bandwidth 512;
limit 512;
burst 2;
priority 1;
dst {
10.100.3.167/32;
};
};

};

class default { bandwidth 8; };

Lebih gampang copy pasta aja …….
Kalau konfigurasinya benar makan HTB Tools sudah bisa dijalankan, jalankan HTB Tools nya dengan perintah :

/etc/init.d/rc.htb stop_eth1
/etc/init.d/rc.htb start_eth1

Kalau ingin HTB Tools tersebut bisa langsung dijalankan saat booting (komputer baru dinyalakan), tambahkan baris perintah /etc/init.d/rc.htb start_eth1 di file /etc/rc.local

Kalo mau lihat hasilnya jalan trafic nya bisa dilihat dengan perintah :

/etc/init.d/rc.htb show_eth1

Kalo mau mematikan HTB Tools dengan perintah :

/etc/init.d/rc.htb stop_eth1

Mencoba membuat shortcut di desktop untuk menjalankan show_eth1 ( melihat Traffic bandwith )

klik kanan di tampilan awal :

Klik kanan –> pilih Create Launcher

di Bagian Type –> pilih Application in terminal

di bagian name : terserah, klo saya pake : show traffic

di bagian Command : /etc/init.d/rc.htb show_eth1

di bagian comment : klo saya pake show eth1

Klik ok kemudian klo berhasil akan muncul shorcut di desktop dengan nama Show Trafiic, kemudian double klik (untuk menjalankan)

Selamat Mencoba dan Semoga Sukses ………

contoh Tampilan Show Traffic

Ikuti

Get every new post delivered to your Inbox.

Bergabunglah dengan 628 pengikut lainnya.