* * * * * * * Management Bandwidth dengan Squid (sederhana)

Management Bandwidth dengan Squid (sederhana)

pembatasan bandwidth dengan cara konfigurasi squid dan access-list di dalamnya, ternyata tidak sesulit yang dibayangkan... Langkah termudah yang harus dilakukan adalah identifikasi jaringan terlebih dahulu. Apakah jaringan tersebut sudah memiliki server, berapa PC yang dikelola server atau yang akan dikelola, berapa bandwidth yang diterima dari ISP (contoh: speedy), berapa bandwidth yang akan dibatasi beserta keterangannya, dan peralatan apa saja yang ada di dalam jaringan? (wireless, access-point, router, switch, mcm2...).

Setelah itu barulah kita menentukan topologi jaringan yang akan dibentuk...
Kebanyakah jaringan bertoplogi star dengan berbagai kondisi.
Bila bandwidth yang didapat dari ISP adalah 384kbps (speedy)..
...dan bila komputer yang akan dibatasi berjumlah 20...
...dengan bandwidth tiap PC dibatasi hanya sampai 20kbps...
...dan bila tidak ada syarat lain yang ingin dibuat...
...maka yang selanjutnya dibuat adalah dengan:
1. mengaktifkan squid, dengan perintah: squid -D
2. cek squid dengan mengetik: squid
3. sebelum semua dilakukan, jangan lupa menjadi root terlebih dahulu...
4. buka squid.conf di /etc/squid/squid.conf
5. tambahkan di dalamnya pengaturan yang kita inginkan...

...ada beberapa komponen pengaturan didalam squid.conf...
* acl: access-list... tempat mendeklarasikan daftar akses yang akan diatur...
contoh:

acl komputerku src 192.168.1.50/32

...artinya access-list yang bernama "komputerku" dengan ip "192.168.1.50"... didaftarkan...

* http_access: akses terhadap http port 80 (biasanya)... mengizinkan acl yang akan dideklarasikan untuk membuka port 80
contoh:

http_access allow komputerku

...artinya acl "komputerku" diizinkan membukan port 80 atau browsing internet...
...tidak semua access-list bisa diizinkan untuk membuka port 80, untuk mengantisipasi user/ klien yang bande, kita bisa mem-band access-list atau pc-klien tersebut... cukup efektif sebenarnya...
contoh:

http_access deny komputerku

...artinya... mati deh lu!

* delay_pools: pembuatan kelas atau pools bila bandwidth yang dibatasi bermacam-macam kelas kecepatan
contoh:

delay_pools 2

...artinya... ada dua pools atau kelas dengan dua akses kecepatan yang berbeda...

* delay_class: pembuatan kelas akses, turunan dari delay_pools, jika delay_pools dideklarasikan dua (seperti diatas), maka delay_class pun akan ada dua...
contoh:

delay_class 1 1

...artinya delay kelas pertama dengan pengaturan bandwidth hanya satu jenis kecepatan...

* delay_parameters: pembuatan parameter kecepatan kelas yang sedang dibuat...
contoh:

delay_parameters 1 8000/8000

...artinya pada kelas pertama terdapat satu jenis kecepatan yang diatur, dan besarnya bandwidth yang diatur atau yang diberikan hanya sampai 8000/8000, atau 64kbps/64kbps (8x8000=64000)... 8000 yang pertama berarti kecepatan bandwidth target yang harus dicapai... sedangkan 8000 yang kedua adalah target bandwidth yang bisa dipenuhi klo jaringan lagi asoy-geboy-nyantei...

* delay_access: akses klien yang dibatasi pada pada kelas tersebut...
contoh:

delay_access 1 allow komputerku

...artinya pada kelas akses 1 (pertama) dengan parameter 1 (pertama) akses klien yang terdaftar pada acl dengan nama "komputerku" diperbolehkan menggunakan bandwith sebesar parameter sebelumnya...

delay_access 1 deny all

..artinya selain akses list yang didaftarkan diatas... semua IP yang tidak terdaftar tidak diperbolehkan mengakses internet...
...tapi... kita harus membuat acl dulu seperti:

acl all src 0.0.0.0/0.0.0.0

...artinya semua IP versi 4 didaftarkan...

jadi...
contoh utuhnya...
(dengan catatan semua konfigurasi awal tidak dihapus... dan hanya ditambahkan)

acl all src 0.0.0.0/0.0.0.0
acl komputerku src 192.168.1.50/32
acl komputermu src 192.168.1.100/32

http_access allow komputerku
http_access allow komputermu

delay_pools 2

delay_class 1 1
delay_parameters 1 8000/8000
delay_access 1 komputerku
delay_access 1 deny all

delay_class 2 1
delay_parameters 2 12000/12000
delay_access 2 komputermu
delay_access 2 deny all

http_access deny all

»»  READMORE...

membatasi bandwith pada ip tertentu squid proxy redhat 9

pertama kita harus lakukan settingan awal dan instalasi proxy nya dulu seperti yg sudah kita bahas sebelum nya pada Setingan dasar squid jika belum melihat silakan saja melihat... okay ^_^

nah sekarang kita mulai setting nya

pertama kita lihat pada daftar acl nya saja langsung dengan cara
tekan esc lalu ketik /acl all src

gitu cara search nya pada squid..  

setelah itu tambah kan pada acl nya ip yg akan di block.. karena tugas saya yg akan di block itu 192.168.5.2
maka tambah kan

acl blok src 192.168.5.2

tepat di bawah acl all src

tambah kan juga

http_access allow blok

di bawah nya http_access allow all

tambah kan juga

http_reply_access allow blok

di bawah http_access allow all

tambah kan juga


icp_access allow blok

di bawah icp_access deny all

nah kalo sudah kita buat itu semua sekarang kita buat peraturan nya pada DELAY POOLS

pertama kita cari dulu
/delay_pools
seperti cara di atas

kalo udah kita tambah kan
delay_pools 1

terus kita tambah juga pada delay cass
delay_class 1 2

terus kita tambah jugapada delay access
delay_access 1 allow blok
delay_access 1 deny all


tambah lagi pada delay parameters
delay_parameters 1  -1/-1  250/250 (ini sama dengan bandwith 250 byte*8 = 2 kbps)


setelah itu save (wq) dan restart squid nya (service squid restart)... beres...

»»  READMORE...

setingan dasar squid redhat 9 dan trans parasi proxy

Buka pagar pada

http_port 3128

pada ICP port buka pagar nya dang anti menjadi 0

icp_port 0

buka pagar pada

cache_mem 64 MB

buka pagar dan ganti pada

cache_swap_low 85

cache_swap_high 95

buka pagar pada

maximum_object_size 4096 KB

buka pagar pada

minimum_object_size 8 KB

buka pagar pada

maximum_object_size_in_memory 42 KB

buka pagar pada

cache_dir ufs  /home/squid 4096 16 256

buka pagar pada

cache_acces_log  /var/log/squid/access.log

buka pagar pada

cache_log  /var /log/squid/cache.log

buka pagar pada

cache_store_log  /var/log/squid/store.log

buka pagar pada

negative_ttl 2 minutes

tambah acl nya dengan

acl lan src [ip eth1]/255.255.255.0

buka pagar pada

http_access allow manager localhost

http_access deny manager

buka pagar pada

http_access deny !safe_ports

buka pagar pada

http_access deny CONNECT !ssl_ports

buka pagar ganti dan tambahkan

http_access allow localhost

http_access allow all

http_access alow lan

buka pagar dan tambah kan pada

http_reply_access allow all

http_reply_access allow lan

buka pagar dan tambahkan pada

icp_access deny all

icp_access allow lan

buka pagar dan ubah pada

cache_mgr root >>>>menjadi>>> cache_mgr [nama mu]

buka pagar pada

cache_effective_user squid

cache_effective_group squid

buka pagar pada

visible_hostname  [nama terserah]

buka pagar dan tambah kan pada

httpd_accel_host virtual

httpd_accel_port 80

buka pagar pada

httpd_accel_with_proxy on

buka pagar pada

forwarded_for on

setelah itu save
tekan esc lalu :wq  

restart squid nya
service squid restart 

»»  READMORE...

Step by step configure SQUID proxy to block HTTP request to specific web pages or web site.

This article show step to configure Squid proxy server to block client from accessing specific web address (to block URL address).  Open and edit the configuration file of Squid proxy server that usually located under /etc/squid/squid.conf..

1.  Find and edit ACCESS CONTROL part and put in the ( acl bad_url dstdomain "/etc/squid/bad-sites.squid" ) as shown in example below.

# ACCESS CONTROLS

# ---------------------------

----------- **** +++++

#Examples:

#acl macaddress arp 09:00:2b:23:45:67

#acl myexample dst_as 1241

#acl password proxy_auth REQUIRED

#acl fileupload req_mime_type -i ^multipart/form-data$

#acl javascript rep_mime_type -i ^application/x-javascript$

#

#Recommended minimum configuration:

acl all src 0.0.0.0/0.0.0.0

acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255

acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443 2083 563

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 2083 563 # https, snews

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT

acl FTP proto FTP

acl bad_url dstdomain "/etc/squid/bad-sites.squid"

2.  Then put the (http_access deny bad_url) on http_access part.

# TAG: http_access

# Allowing or Denying access based on defined access lists

#

# Access to the HTTP port:

# http_access allow|deny [!]aclname ...

#

# NOTE on default values:

#

# If there are no "access" lines present, the default is to deny

# the request.

#

# If none of the "access" lines cause a match, the default is the

# opposite of the last line in the list. If the last line was

# deny, the default is allow. Conversely, if the last line

# is allow, the default will be deny. For these reasons, it is a

# good idea to have an "deny all" or "allow all" entry at the end

# of your access lists to avoid potential confusion.

#

#Default:

# http_access deny all

#

#Recommended minimum configuration:

#

# Only allow cachemgr access from localhost

http_access allow manager localhost

http_access deny manager

http_access deny bad_url

3.  Then save and exit the Squid configuration file.

4.  Create file new file called bad-sites.squid and then enter sites URI that clients not suppose to access, save and exit the file:.

[root@cempakasari ~]# cat /etc/squid/bad-sites.squid

...

.fanfiction.net

.meebo.com

.playboy.com

.myspace.com

[root@cempakasari ~]#

5.  Restart or reload the Squid proxy server to make sure the new configuration apply.

RESTART:

[root@linux fedora]# /sbin/service squid stop

[root@linux fedora]# /sbin/service squid start

RELOAD:

[root@linux fedora]# /sbin/service squid reload

6.  Then point the browser URL adrress to the site that you put in the bad site list to verify the changes that you made

»»  READMORE...

Squid Block IP Address client

Step to block IP Address.

1.  login on your Linux Fedora system.

2.  Open x-terminal, and issue command example below to edit squid configuration file using gedit editor.

[fedora10@fedora ~]$ su -c "gedit /etc/squid/squid.conf &"
Password:
[fedora10@fedora ~]$



3.  Add the configuration line below in squid.conf (acl section), but make sure you edit the IP Address that need to block base on your network configuration.


#
# Block local squid user:
#
# acl block-client src 172.16.160.0/24  # Block IP range internal network
acl block-client src 172.16.168.19/32        # Block single IP internal network

#
# Block local squid user:
#
http_access deny block-client

4.  Save squid.conf and exit the editor.

5.  Reload squid configuration file to to make sure that squid proxy server using the new configuration.

[fedora10@fedora ~]$ su -c "service squid reload"
Password:
[fedora10@fedora ~]$


its so simple right???

by:http://www.labtestproject.com/squid_block_ip_address.html

»»  READMORE...

Langkah demi langkah dan Pengaturan Konfigurasi Squid Proxy Server pada Fedora Core.

Step by step Setup and Configure Squid Proxy Server on Fedora Core.

   The main purpose of proxy server is to sharing one internet connection and maintains a cache for web browsing performance. Squid cache proxy server is free proxy server that comes with bundle with the Fedora Core operating system, you can configure your Linux Fedora Core PC to be a Cache proxy server and share the connection to the internet only by a simple configuration setup.

   The article below show the step by step to setup and configure SQUID proxy serve on Fedora core with screenshot and SQUID configuration example.

Network configuration scenario:



To configure squid proxy server for local network client to access the internet.
This server have two network card using internal IP address and external IP address
Configure the Squid Cache Proxy to listen for proxy request from different network client on internal IP address.

Configure Squid cache proxy server to listen request only from specific IP address 10.2.0.5 (internal IP card) on Port 8080.

The step to setup/configure Squid Cache Proxy on Linux Fedora Core:

1.  Backup Squid configuration files.
2.  Open and start edit the Squid configuration file.
3.  Configure internal address and port where Squid will listen for HTTP client requests.
4.  Improve Proxy performances.
5.  Set Proxy to find DNS servers.
6.  Adding aux Port to ACL.
7.  Adding Internal network to ACL.
8.  Start and using Squid Proxy for first time.
9.  Procedure to start, stop and automatic start Squid Proxy on Fedora core system.
10.  Configure Squid client browser to use Squid Proxy.

Backup Squid configuration files:

   The Squid configuration files usually located in /etc/squid/ directory.  To configure the Squid you need to edit and change these configuration files, it's better to make backup of these file before you start the configuration process.  The command below show the example of simple backup process.

To backup the Squid configuration directory:

[root@cempakasari ~]# cp -pr /etc/squid/ /etc/squid.bak
[root@cempakasari ~]#

Backup the squid.conf file:

[root@cempakasari ~]# cp -pr /etc/squid/squid.conf /etc/squid/squid.conf.bak
[root@cempakasari ~]#

Best Practice: before edit or make any changes to any config file, it's recommended that you backup the file first.

Edit the squid.conf, the Squid Cache Proxy configuration file.

1. Open the squid config file (squid.conf) that is located on the /etc/squid directory with your own choice of text editor.

[root@linux fedora]# vi /etc/squid/squid.conf

or you can use the gedit program...

[root@linux fedora]# gedit /etc/squid/squid.conf

 Warning:  If you don't need to change the default configuration on squid.conf file, you shouldn't uncomment the line and leave it like it is.

2.  Fist of all, we need to setup on which port Squid should listen for client proxy request.  By default Squid will listen on port 3128 on all IP address on the machine

   On this project, we setup (configure) our Squid proxy to bind with the internal Ethernet card which is using internal IP 10.2.0.5 and listen on port 8080 on that internal IP address.  With this configuration, Squid should only visible and listen to our internal address only.

Configuration example on squid.conf file:

Customize the socket address where your Squid proxy should listen for HTTP client request: Change the address to fit your network layout.

# NETWORK OPTIONS
........................
#Default:
# http_port 3128
http_port 10.2.0.5:8080

Improve Squid performances.

   To improve Squid proxy performance edit the default configuration file to utilize system hardware capability.  The configuration below show the process of increasing the size of cache memory and the size of cache directory of squid proxy.

3. Scroll down the page and find #  TAG: cache_mem (bytes), To increase the Squid cache memory capacity, edit the default setting and put the appropriate memory size base on your system capabilities. The example below show that the Squid cache memory setting increase up to 256 MB.  Take note that, before you change this setting make sure your hardware can support the size of memory  that you specify here.

# OPTIONS WHICH AFFECT THE CACHE SIZE
# -----------------------------------
#  TAG: cache_mem (bytes)
# NOTE: THIS PARAMETER DOES NOT SPECIFY THE MAXIMUM PROCESS SIZE.
# IT ONLY PLACES A LIMIT ON HOW MUCH ADDITIONAL MEMORY SQUID WILL
# USE AS A MEMORY CACHE OF OBJECTS. SQUID USES MEMORY FOR OTHER
# THINGS AS WELL. SEE THE SQUID FAQ SECTION 8 FOR DETAILS.
#
# 'cache_mem' specifies the ideal amount of memory to be used
# for:
# * In-Transit objects
# * Hot Objects
# * Negative-Cached objects
------- +++++  ---------------------------
#Default:
# cache_mem 8 MB
cache_mem 256 MB

4.  Then find tag # TAG: cache_dir, then increase the size of cache directory to 2000 MB, also make sure that you have enough disk space before you change the size value.

# LOGFILE PATHNAMES AND CACHE DIRECTORIES
# -----------------------------------------------------------------------------

# TAG: cache_dir
# Usage:
#
# cache_dir Type Directory-Name Fs-specific-data [options]
#
------- +++++  ---------------------------
#
#Default:
# cache_dir ufs /var/spool/squid 100 16 256
cache_dir ufs /var/spool/squid 2000 16 256

Set Proxy to find DNS servers:

5.  Adjust the list of DNS name servers.   Squid cache proxy used this list of  DNS servers to query domain name.

#  TAG: dns_nameservers
# Use this if you want to specify a list of DNS name servers
# (IP addresses) to use instead of those given in your
# /etc/resolv.conf file.
# On Windows platforms, if no value is specified here or in
# the /etc/resolv.conf file, the list of DNS name servers are
# taken from the Windows registry, both static and dynamic DHCP
# configurations are supported.
#
# Example: dns_nameservers 10.0.0.1 192.172.0.4
#
#Default:
# none
dns_nameservers 203.106.93.91 161.142.227.17 192.228.128.16 201.188.0.16

Adding aux port:

6. Add required port to "Acess Control List".  This example show that the port number 2083 port is add to safe_ports list.

# ACCESS CONTROLS
# ---------------------------
----------- **** +++++
#Examples:
#acl macaddress arp 09:00:2b:23:45:67
#acl myexample dst_as 1241
#acl password proxy_auth REQUIRED
#acl fileupload req_mime_type -i ^multipart/form-data$
#acl javascript rep_mime_type -i ^application/x-javascript$
#
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 2083 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 2083 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

Adding Internal network to ACL:

7.   To control access to the Squid  proxy or who can use your Squid proxy, find and add the list of your Squid clients.  The example of Access Control  List rules below only allow only the internal IP network to access and use the Squid proxy.

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

# Example rule allowing access from your local networks. Adapt
# to list your (internal) IP networks from where browsing should
# be allowed
#acl our_networks src 192.168.1.0/24 192.168.2.0/24
#http_access allow our_networks
acl FE_networks src 10.2.0.0/255.255.0.0
acl LABS_networks src 10.3.0.0/255.255.0.0
acl GENSUB_networks src 10.4.0.0/255.255.0.0
acl ADM_networks src 10.5.0.0/255.255.0.0
acl LABS_networks src 10.6.0.0/255.255.0.0
acl TKM_networks src 10.7.0.0/255.255.0.0
acl TKP_networks src 10.8.0.0/255.255.0.0
acl TKE_networks src 10.9.0.0/255.255.0.0
acl TKK_networks src 10.10.0.0/255.255.0.0
http_access allow FE_networks
http_access allow LABS_networks
http_access allow GENSUB_networks
http_access allow ADM_networks
http_access allow LIB_networks
http_access allow TKM_networks
http_access allow TKP_networks
http_access allow TKE_networks
http_access allow TKK_networks

# And finally deny all other access to this proxy
http_access allow localhost
http_access deny all

==========================================
other example for Squid acl:

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

# Example rule allowing access from your local networks. Adapt
# to list your (internal) IP networks from where browsing should
# be allowed
#acl our_networks src 192.168.1.0/24 192.168.2.0/24
#http_access allow our_networks
acl our_networks src 172.16.160.0/24 172.16.161.0/24 172.16.162.0/24 172.16.163.0/24 172.16.164.0/24 172.16.165.0/24 172.16.166.0/24 172.16.167.0/24 172.16.168.0/24 172.16.169.0/24 172.16.170.0/24
acl bad_url dstdomain "/etc/squid/bad-sites.squid"
http_access allow our_networks
http_access deny bad_url

8. To allow  FTP request from client.

# TAG: always_direct
# Usage: always_direct allow|deny [!]aclname ...
#
# Here you can use ACL elements to specify requests which should
# ALWAYS be forwarded by Squid to the origin servers without using
# any peers. For example, to always directly forward requests for
# local servers ignoring any parents or siblings you may have use
# something like:
#
# acl local-servers dstdomain my.domain.net
# always_direct allow local-servers
#
# To always forward FTP requests directly, use
#
# acl FTP proto FTP
# always_direct allow FTP
+++++++++++++++++++++
#
#Default:
# none
acl FTP proto FTP
always_direct allow FTP

DONE
RECHECK THE CONFIGURATION SETTING.
SAVE THE SQUID CONFIGURATION FILE (squid.conf)

Step-by-step how to start and using Squid for the first time.

   In order to make sure that the configuration and your Squid proxy server running smoothly, test to start Squid proxy server in debugging mode; The command example below show the step by step to create the Squid cache directory and then running Squid proxy server in debugging mode.

1.  Create squid cache directory by issuing this command:

[root@linux fedora]# /usr/sbin/squid -z
2006/03/16 10:33:00| Creating Swap Directories

2.  Then test run your Squid cache proxy by running Squid in debug-mode

[root@linux fedora]# /usr/sbin/squid -NCd1
Output example:
2006/03/16 10:33:02| Starting Squid Cache version 2.5.STABLE9 for i386-redhat-linux-gnu...
2006/03/16 10:33:02| Process ID 5192
2006/03/16 10:33:02| With 1024 file descriptors available
2006/03/16 10:33:02| Performing DNS Tests...
2006/03/16 10:33:02| Successful DNS name lookup tests...
2006/03/16 10:33:02| DNS Socket created at 0.0.0.0, port 32778, FD 4
2006/03/16 10:33:02| Adding nameserver 203.106.93.91 from squid.conf
2006/03/16 10:33:02| Adding nameserver 161.142.227.17 from squid.conf
2006/03/16 10:33:02| Adding nameserver 192.228.128.16 from squid.conf
2006/03/16 10:33:02| Adding nameserver 201.188.0.16 from squid.conf
2006/03/16 10:33:02| User-Agent logging is disabled.
2006/03/16 10:33:02| Referer logging is disabled.
2006/03/16 10:33:02| Unlinkd pipe opened on FD 9
2006/03/16 10:33:02| Swap maxSize 102400 KB, estimated 7876 objects
2006/03/16 10:33:02| Target number of buckets: 393
2006/03/16 10:33:02| Using 8192 Store buckets
2006/03/16 10:33:02| Max Mem size: 18432 KB
2006/03/16 10:33:02| Max Swap size: 102400 KB
2006/03/16 10:33:02| Rebuilding storage in /var/spool/squid (CLEAN)
2006/03/16 10:33:02| Using Least Load store dir selection
2006/03/16 10:33:02| Set Current Directory to /var/spool/squid
2006/03/16 10:33:02| Loaded Icons.
2006/03/16 10:33:47| Accepting HTTP connections at 172.16.160.55, port 8080, FD 11.
2006/03/16 10:33:47| Accepting HTTP connections at 172.16.160.55, port 80, FD 12.
2006/03/16 10:33:47| Accepting ICP messages at 0.0.0.0, port 3130, FD 13.
2006/03/16 10:33:47| WCCP Disabled.
2006/03/16 10:33:47| Ready to serve requests.
2006/03/16 10:33:47| Store rebuilding is 52.5% complete
2006/03/16 10:33:47| Done reading /var/spool/squid swaplog (7796 entries)
2006/03/16 10:33:47| Finished rebuilding storage from disk.
2006/03/16 10:33:47| 7796 Entries scanned
2006/03/16 10:33:47| 0 Invalid entries.
2006/03/16 10:33:47| 0 With invalid flags.
2006/03/16 10:33:47| 7796 Objects loaded.
2006/03/16 10:33:47| 0 Objects expired.
2006/03/16 10:33:47| 0 Objects cancelled.
2006/03/16 10:33:47| 0 Duplicate URLs purged.
2006/03/16 10:33:47| 0 Swapfile clashes avoided.
2006/03/16 10:33:47| Took 44.8 seconds ( 174.1 objects/sec).
2006/03/16 10:33:47| Beginning Validation Procedure
2006/03/16 10:33:47| Completed Validation Procedure
2006/03/16 10:33:47| Validated 7796 Entries
2006/03/16 10:33:47| store_swap_size = 92144k
2006/03/16 10:33:48| storeLateRelease: released 0 objects

Try access any web page trough the debug mode squid proxy
Press Ctrl+c key to end the debug mode testing

2006/03/16 10:43:22| Preparing for shutdown after 39 requests
2006/03/16 10:43:22| Waiting 0 seconds for active connections to finish
2006/03/16 10:43:22| FD 11 Closing HTTP connection
2006/03/16 10:43:22| FD 12 Closing HTTP connection
2006/03/16 10:43:24| Shutting down...
2006/03/16 10:43:24| FD 13 Closing ICP connection
2006/03/16 10:43:24| Closing unlinkd pipe on FD 9
2006/03/16 10:43:24| storeDirWriteCleanLogs: Starting...
2006/03/16 10:43:25| Finished. Wrote 7796 entries.
2006/03/16 10:43:25| Took 0.1 seconds (89056.4 entries/sec).
[root@linux fedora]#

3.  In case of a problem of starting your Squid cache proxy try read the Squid log file in these following directory:

[root@linux fedora]# /var/logs/squid/access.log
and
[root@linux fedora]# /var/logs/squid/cache.log

Step by step example, start, stop and automatic restart Squid proxy server.

Use the following command to start and stop Squid.

[root@linux fedora]# /sbin/service squid start
[root@linux fedora]# /sbin/service squid stop

To make sure Squid automatic start after the system reboot, use the chkconfig command to On Squid on runlevel 3 and 5. (Setting of automatic start on runlevel 3 and 5)

[root@linux fedora]# /sbin/chkconfig --level 35 squid on

(Confirmation of automatic start)

[root@linux fedora]# /sbin/chkconfig --list squid
squid 0:off 1: off 2: off 3: on 4: off 5:on 6: off

Step-by-step configure client browser to use Squid Cache Proxy.

1.  Open Web Browser on client machine.
2.  On connection setting, click on manual proxy configuration.
3.  On Http Proxy text box, key in IP 10.2.0.5 and Port to 8080
4.  Click on  the checkbox to use the same proxy for all protocols and click the OK button.


Note:  The IP 10.2.0.5 using Port 8080 is the IP address used in this Squid cache proxy project.  Adjust that IP address and Port to fits your Proxy configuration.

   The example of the squid configuration on this project aim to make Squid cache proxy working to support the internal client with the most basic configuration, you can customize and adding more option to squid by edit the config file /etc/squid/squid.conf .

Step-by-step how to procedure above tested on:
Operating System: GNU/Linux Fedora Core 4, Fedora Core 5, Fedora Core 6
Kernel Name: Linux
Machine Hardware:  i686
Machine Processor:  i686
Hardware Platform:  i386
Shell: GNU bash
Installation Type: Full  Installation (Custom)
SELinux: Disable

Good Luck...




http://www.labtestproject.com/linnet/squid_proxy_server.htmlBy:

»»  READMORE...

Membatasi Download pada Squid

1. Membatasi besarnya file yang boleh di download

Misalnya tidak boleh download dengan fle ukuran 650MB (satu CD)

ini dapat dilakukan dengan menambahkan tag reply_body_max_size

# Filter Download
acl download url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .tar .rpm .zip .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav .mov .msi .mp4

#  TAG: reply_body_max_size     bytes allow|deny acl acl…
#       This option specifies the maximum size of a reply body in bytes.
#       It can be used to prevent users from downloading very large files,
#       such as MP3’s and movies. When the reply headers are received,
#       the reply_body_max_size lines are processed, and the first line with
#       a result of “allow” is used as the maximum body size for this reply.
#       This size is checked twice. First when we get the reply headers,
#       we check the content-length value.  If the content length value exists
#       and is larger than the allowed size, the request is denied and the
#       user receives an error message that says “the request or reply
#       is too large.” If there is no content-length, and the reply
#       size exceeds this limit, the client’s connection is just closed
#       and they will receive a partial reply.
#
#       WARNING: downstream caches probably can not detect a partial reply
#       if there is no content-length header, so they will cache
#       partial responses and give them out as hits.  You should NOT
#       use this option if you have downstream caches.
#
#       If you set this parameter to zero (the default), there will be
#       no limit imposed.
#
#Default:
# reply_body_max_size 0 allow all
reply_body_max_size 6500000000 allow download

2. Cara yang kedua dengan cara membatasi download dengan memperlambat atau shaping paket yang dilewatkan. Misalnya badwidth yang tersedia 256kbps, dimana saat download bisa rata-rata 30KBps.

Akan dibuat aturan sebagai berikut :

a. Untuk browsing biasa tidak ada pembatasan

b. Untuk download dengan ukuran dibawah 1MB tidak ada pembatasan kecepatan

c. Untuk download dengan ukuran diatas 1MB dibatasi dengan kecepatan 10 byte / detik

# Filter Download
acl download url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .tar .rpm .zip .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav .mov .msi .mp4

# dibuat 2 aturan

delay_pools 2

# aturan 1, tidak ada pembatasan
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
# aturan 2, setelah download 2048000 bytes mk download menjadi 10000 bytes/s
delay_class 2 2
delay_parameters 2 -1/2048000 10000/2049000

delay_access 2 allow download
delay_access 2 deny all
delay_access 1 deny download
delay_access 1 allow all

»»  READMORE...