LUSCA proxy di CentOS 5.5, Konfigurasi dan Tunning

Lusca bertujuan untuk memperbaiki kekurangan-2 dalam basis kode sementara squid, serta menjaga kestabilan fungsionalitas dan stabilitas Squid.
mendukung mayoritas HTTP/1.1 HTTP/1.0
Mendukung protokol dan caching untuk merekonstruksi : konten load balancing HTTP, kegagalan, permintaan cerdas / jawaban routing, memori dengan kinerja tinggi dan cache disk, sistem kontrol akses yang fleksibel
Peningkatan kinerja yang lebih cepat karena memperbaiki kelemahan squid proxy
Menangani local cache Content dynamic
web proxy / cache platform dengan kinerja lebih stabil, fitur lebih banyak dan skalabilitas yang dynamis.
mendukung cpu single core ataupun multicore
Lusca terus meliputi perbaikan dan perkembangan dari proyek Squid

[root@lusca-proxy ~]# yum install squid
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
addons | 951 B 00:00
addons/primary | 202 B 00:00
base | 2.1 kB 00:00
base/primary_db | 1.6 MB 00:02
extras | 2.1 kB 00:00
extras/primary_db | 188 kB 00:00
updates | 1.9 kB 00:00
updates/primary_db | 840 kB 00:01
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package squid.i386 7:2.6.STABLE21-6.el5 set to be updated
--> Processing Dependency: perl(URI::URL) for package: squid
--> Running transaction check
---> Package perl-URI.noarch 0:1.35-3 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
squid i386 7:2.6.STABLE21-6.el5 base 1.3 M
Installing for dependencies:
perl-URI noarch 1.35-3 base 116 k

Transaction Summary
================================================================================
Install 2 Package(s)
Upgrade 0 Package(s)

Total download size: 1.4 M
Is this ok [y/N]: y


Setelah terinstall maka kita remove lagi


[root@lusca-proxy ~]# yum remove squid
Loaded plugins: fastestmirror
Setting up Remove Process
Resolving Dependencies
--> Running transaction check
---> Package squid.i386 7:2.6.STABLE21-6.el5 set to be erased
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package Arch Version Repository Size
================================================================================
Removing:
squid i386 7:2.6.STABLE21-6.el5 installed 3.5 M

Transaction Summary
================================================================================
Remove 1 Package(s)
Reinstall 0 Package(s)
Downgrade 0 Package(s)

Is this ok [y/N]: y


Setelah itu kita install paket yang di butuhkan untuk kompilasi LUSCA yaitu :
- automake
- gcc
- glibc-devel
- e2fsprogs-devel
- sharutils


[root@lusca-proxy ~]# yum install automake gcc glibc-devel e2fsprogs-devel sharutils
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package automake.noarch 0:1.9.6-2.3.el5 set to be updated
--> Processing Dependency: autoconf >= 2.58 for package: automake
---> Package e2fsprogs-devel.i386 0:1.39-23.el5_5.1 set to be updated
--> Processing Dependency: e2fsprogs-libs = 1.39-23.el5_5.1 for package: e2fspro gs-devel
---> Package gcc.i386 0:4.1.2-48.el5 set to be updated
--> Processing Dependency: cpp = 4.1.2-48.el5 for package: gcc
--> Processing Dependency: libgomp >= 4.1.2-48.el5 for package: gcc
---> Package glibc-devel.i386 0:2.5-49.el5_5.7 set to be updated
--> Processing Dependency: glibc-headers = 2.5-49.el5_5.7 for package: glibc-dev el
--> Processing Dependency: glibc = 2.5-49.el5_5.7 for package: glibc-devel
--> Processing Dependency: glibc-headers for package: glibc-devel
---> Package sharutils.i386 0:4.6.1-2 set to be updated
--> Running transaction check
---> Package autoconf.noarch 0:2.59-12 set to be updated
--> Processing Dependency: imake for package: autoconf
---> Package cpp.i386 0:4.1.2-48.el5 set to be updated
--> Processing Dependency: e2fsprogs-libs = 1.39-23.el5 for package: e2fsprogs
---> Package e2fsprogs-libs.i386 0:1.39-23.el5_5.1 set to be updated
--> Processing Dependency: glibc = 2.5-49 for package: nscd
---> Package glibc.i686 0:2.5-49.el5_5.7 set to be updated
--> Processing Dependency: glibc-common = 2.5-49.el5_5.7 for package: glibc
---> Package glibc-headers.i386 0:2.5-49.el5_5.7 set to be updated
--> Processing Dependency: kernel-headers >= 2.2.1 for package: glibc-headers
--> Processing Dependency: kernel-headers for package: glibc-headers
---> Package libgomp.i386 0:4.4.0-6.el5 set to be updated
--> Running transaction check
---> Package e2fsprogs.i386 0:1.39-23.el5_5.1 set to be updated
---> Package glibc-common.i386 0:2.5-49.el5_5.7 set to be updated
---> Package imake.i386 0:1.0.2-3 set to be updated
---> Package kernel-headers.i386 0:2.6.18-194.26.1.el5 set to be updated
---> Package nscd.i386 0:2.5-49.el5_5.7 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
automake noarch 1.9.6-2.3.el5 base 476 k
e2fsprogs-devel i386 1.39-23.el5_5.1 updates 569 k
gcc i386 4.1.2-48.el5 base 5.2 M
glibc-devel i386 2.5-49.el5_5.7 updates 2.0 M
sharutils i386 4.6.1-2 base 201 k
Installing for dependencies:
autoconf noarch 2.59-12 base 647 k
cpp i386 4.1.2-48.el5 base 2.6 M
glibc-headers i386 2.5-49.el5_5.7 updates 602 k
imake i386 1.0.2-3 base 319 k
kernel-headers i386 2.6.18-194.26.1.el5 updates 1.1 M
libgomp i386 4.4.0-6.el5 base 70 k
Updating for dependencies:
e2fsprogs i386 1.39-23.el5_5.1 updates 977 k
e2fsprogs-libs i386 1.39-23.el5_5.1 updates 118 k
glibc i686 2.5-49.el5_5.7 updates 5.3 M
glibc-common i386 2.5-49.el5_5.7 updates 16 M
nscd i386 2.5-49.el5_5.7 updates 166 k

Transaction Summary
================================================================================
Install 11 Package(s)
Upgrade 5 Package(s)

Total download size: 37 M
Is this ok [y/N]:y

selesai install paket-paket di atas kemudian download LUSCA nya dari google

[root@lusca-proxy ~]#wget http://lusca-cache.googlecode.com/files/LUSCA_HEAD-r14809.tar.gz


Setelah itu di extrak


[root@lusca-proxy ~]# tar -zxvf LUSCA_HEAD-r14809.tar.gz


Pindah ke dalam direktori lusca, naikkan filedescriptors, dan kemudian configure menggunakan opsi-opsi di bawah ini

[root@lusca-proxy ~]# cd LUSCA_HEAD-r14809
[root@lusca-proxy ~]# ulimit -n 8192
[root@lusca-proxy LUSCA_HEAD-r14809]# ./configure --prefix=/usr/local/squid --exec-prefix=/usr/local/squid --enable-delay-pools --enable-cache-digests --enable-poll --enable-linux-netfilter --enable-removal-policies --with-maxfd=8192 --enable-storeio=aufs --disable-wccp --enable-x-accelerator-vary --enable-kill-parent-hack --enable-async-io=30 --disable-ident-lookups


semua file instalasi terletak di /usr/local/squid/ jadi kita tidak akan repot-repot mencari-cari file squid

Kemudian install

[root@lusca-proxy LUSCA_HEAD-r14809]# make all && make install


menunggu instalasi selesai sekarang waktu nya Konfigurasi.
- Pindah ke direktori /usr/local/squid/etc

[root@lusca-proxy LUSCA_HEAD-r14809]# cd /usr/local/squid/etc/


kemudian config squid nya kaya gini nih,..

##start of config
http_port 3128 transparent
icp_port 0
#icp_port 3130

pid_filename /var/run/squid.pid
cache_effective_user squid
cache_effective_group squid
#error_directory /usr/share/squid/errors/templates
#icon_directory /usr/share/squid/icons
visible_hostname lusca.net
cache_mgr admin@localhost
access_log /cache1/access.log
cache_log /cache1/cache.log
cache_store_log none
logfile_rotate 1
shutdown_lifetime 10 seconds


####################################################################
# Allow local network(s) on interface(s)
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
#acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.25.0/24 # RFC1918 possible internal network
####################################################################

uri_whitespace strip
#dns_nameservers
#dns_testnames 127.0.0.1

cache_mem 8 MB
maximum_object_size_in_memory 128 MB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA

cache_dir aufs /cache1 32768 64 256

minimum_object_size 512 bytes
maximum_object_size 128000 KB
offline_mode off
cache_swap_low 98
cache_swap_high 99

# No redirector configured

# Setup some default acls
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 81 3128 1025-65535
acl sslports port 443 563 81
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
#acl dynamic urlpath_regex cgi-bin \?

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports

# Always allow localhost connections
http_access allow localhost

# Allow local network(s) on interface(s)
http_access allow localnet

# Default block all to be sure
http_access deny all

#include /usr/local/squid/etc/storeurl-el5.pl
include /usr/local/squid/etc/tunning.conf

##end of config


terus save.as storeurl.pl


#!/usr/bin/perl5.8.8
# by chudy_fernandez@yahoo.com
# Updates at http://wiki.squid-cache.org/ConfigExamples/DynamicContent/YouTube/Discussion
$|=1;
while (<>) {
@X = split;
$X[1] =~ s/&sig=.*//;
$x = $X[0] . " ";
$_ = $X[1];
$u = $X[1];


# compatibility for old cached get_video?video_id
if (m/^http:\/\/([0-9.]{4}|.*\.youtube\.com|.*\.googlevideo\.com|.*\.video\.google\.com).*?(videoplayback\?id=.*?|video_id=.*?)\&(.*?)/) {
$z = $2; $z =~ s/video_id=/get_video?video_id=/;
print $x . "http://video-srv.youtube.com.SQUIDINTERNAL/" . $z . "\n";

# youtube HD itag=22
} elsif (m/^http:\/\/([0-9.]{4}|.*\.youtube\.com|.*\.googlevideo\.com|.*\.video\.google\.com).*?\&(itag=22).*?\&(id=[a-zA-Z0-9]*)/) {
print $x . "http://video-srv.youtube.com.SQUIDINTERNAL/" . $2 . "&" . $3 . "\n";

# youtube Normal screen always HD itag 35, Normal screen never HD itag 34, itag=18 <--normal? } elsif (m/^http:\/\/([0-9.]{4}|.*\.youtube\.com|.*\.googlevideo\.com|.*\.video\.google\.com).*?\&(itag=[0-9]*).*?\&(id=[a-zA-Z0-9]*)/) { print $x . "http://video-srv.youtube.com.SQUIDINTERNAL/" . $3 . "\n"; } elsif (m/^http:\/\/www\.google-analytics\.com\/__utm\.gif\?.*/) { print $x . "http://www.google-analytics.com/__utm.gif\n"; #Cache High Latency Ads } elsif (m/^http:\/\/([a-z0-9.]*)(\.doubleclick\.net|\.quantserve\.com|\.googlesyndication\.com)(.*)/) { $y = $3;$z = $2; for ($y) { s/pixel;.*/pixel/; s/activity;.*/activity/; s/(imgad[^&]*).*/\1/; s/;ord=[?0-9]*//; s/;×tamp=[0-9]*//; s/[&?]correlator=[0-9]*//; s/&cookie=[^&]*//; s/&ga_hid=[^&]*//; s/&u_his=[^&]*//; s/&dt=[^&]*//; s/&lmt=[^&]*//; s/(&alternate_ad_url=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/; s/(&url=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/; s/(&ref=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/; s/(&cookie=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/; s/[;&?]ord=[?0-9]*//; s/[;&]mpvid=[^&;]*//; } print $x . "http://" . $1 . $2 . $y . "\n"; #cache high latency ads } elsif (m/^http:\/\/(.*?)\/(ads)\?(.*?)/) { print $x . "http://" . $1 . "/" . $2 . "\n"; # spicific servers starts here.... } elsif (m/^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*?)/) { print $x . "http://" . $1 . "\n"; # # indowebster added by fahmi[at]airputih.or.id #} elsif (($u =~ /indowebster/) && (m/^http:\/\/www[0-9][0-9]\.indowebster.com.*\/(.*?)/)) { # print $x . "http://cdn.indowebster.com/" . $2 . "\n"; #cdn, varialble 1st path } elsif (($u =~ /filehippo/) && (m/^http:\/\/(.*?)\.(.*?)\/(.*?)\/(.*)\.([a-z0-9]{3,4})(\?.*)?/)) { @y = ($1,$2,$4,$5); $y[0] =~ s/[a-z0-9]{2,5}/cdn./; print $x . "http://" . $y[0] . $y[1] . "/" . $y[2] . "." . $y[3] . "\n"; #rapidshare } elsif (($u =~ /rapidshare/) && (m/^http:\/\/(([A-Za-z]+[0-9-.]+)*?)([a-z]*\.[^\/]{3}\/[a-z]*\/[0-9]*)\/(.*?)\/([^\/\?\&]{4,})$/)) { print $x . "http://cdn." . $3 . "/SQUIDINTERNAL/" . $5 . "\n"; } elsif (($u =~ /maxporn/) && (m/^http:\/\/([^\/]*?)\/(.*?)\/([^\/]*?)(\?.*)?$/)) { print $x . "http://" . $1 . "/SQUIDINTERNAL/" . $3 . "\n"; #like porn hub variables url and center part of the path, filename etention 3 or 4 with or withour ? at the end } elsif (($u =~ /tube8|pornhub|xvideos/) && (m/^http:\/\/(([A-Za-z]+[0-9-.]+)*?)\.([a-z]*[0-9]?\.[^\/]{3}\/[a-z]*)(.*?)((\/[a-z]*)?(\/[^\/]*){4}\.[^\/\?]{3,4})(\?.*)?$/)) { print $x . "http://cdn." . $3 . $5 . "\n"; #...spicific servers end here. #general purpose for cdn servers. add above your specific servers. } elsif (m/^http:\/\/([0-9.]*?)\/\/(.*?)\.(.*)\?(.*?)/) { print $x . "http://squid-cdn-url//" . $2 . "." . $3 . "\n"; #for yimg.com doubled } elsif (m/^http:\/\/(.*?)\.yimg\.com\/(.*?)\.yimg\.com\/(.*?)\?(.*)/) { print $x . "http://cdn.yimg.com/" . $3 . "\n"; #for yimg.com with &sig= } elsif (m/^http:\/\/(.*?)\.yimg\.com\/(.*)/) { @y = ($1,$2); $y[0] =~ s/[a-z]+[0-9]+/cdn/; $y[1] =~ s/&sig=.*//; print $x . "http://" . $y[0] . ".yimg.com/" . $y[1] . "\n"; #generic http://variable.domain.com/path/filename."ext" or "exte" with or withour "?" } elsif (m/^http:\/\/(.*)([^\.\-]*?\..*?)\/(.*)\.([^\/\?\&]{3,4})(\?.*)?$/) { @y = ($1,$2,$3,$4); $y[0] =~ s/(([a-zA-A-]+[0-9-]+)|(.*cdn.*)|(.*cache.*))/cdn/; print $x . "http://" . $y[0] . $y[1] . "/" . $y[2] . "." . $y[3] . "\n"; # generic http://variable.domain.com/... } elsif (m/^http:\/\/(([A-Za-z]+[0-9-]+)*?|.*cdn.*|.*cache.*)\.(.*?)\.(.*?)\/(.*)$/) { print $x . "http://cdn." . $3 . "." . $4 . "/" . $5 . "\n"; # spicific extention that ends with ? } elsif (m/^http:\/\/(.*?)\/(.*?)\.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|on2)\?(.*)/) { print $x . "http://" . $1 . "/" . $2 . "." . $3 . "\n"; # all that ends with ; } elsif (m/^http:\/\/(.*?)\/(.*?)\;(.*)/) { print $x . "http://" . $1 . "/" . $2 . "\n"; } else { print $x . $_ . "\n"; } } save as lagi tunning.conf acl store_rewrite_list urlpath_regex \/(get_video|videoplayback\?id|videoplayback.*id) acl store_rewrite_list urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|mp(4|3)|exe|msi|zip|on2|mar)\? acl store_rewrite_list_domain url_regex ^http:\/\/([a-zA-Z-]+[0-9-]+)\.[A-Za-z]*\.[A-Za-z]* acl store_rewrite_list_domain url_regex (([a-z]{1,2}[0-9]{1,3})|([0-9]{1,3}[a-z]{1,2}))\.[a-z]*[0-9]?\.[a-z]{3} acl store_rewrite_list_path urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|avc|zip|mp3|3gp|rar|on2|mar|exe)$ acl store_rewrite_list_domain_CDN url_regex \.rapidshare\.com.*\/[0-9]*\/.*\/[^\/]* ^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*) \.doubleclick\.net.* acl store_rewrite_list_domain_CDN url_regex ^http:\/\/[.a-z0-9]*\.photobucket\.com.*\.[a-z]{3}$ quantserve\.com acl store_rewrite_list_domain_CDN url_regex ^http:\/\/[a-z]+[0-9]\.google\.co(m|\.id) acl store_rewrite_list_domain_CDN url_regex ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(rar|zip|flv|wm(a|v)|3gp|mp(4|3)|exe|msi|avi|(mp(e?g|a|e|1|2|3|4))|cab|exe) acl dontrewrite url_regex redbot\.org \.php acl getmethod method GET storeurl_access deny dontrewrite storeurl_access deny !getmethod storeurl_access allow store_rewrite_list_domain_CDN storeurl_access allow store_rewrite_list storeurl_access allow store_rewrite_list_domain storeurl_access allow store_rewrite_list_path storeurl_access deny all storeurl_rewrite_program /usr/local/squid/etc/storeurl.pl storeurl_rewrite_children 7 storeurl_rewrite_concurrency 0 # 1 year = 525600 mins, 1 month = 43800 mins refresh_pattern imeem.*\.flv 0 0% 0 override-lastmod override-expire store-stale refresh_pattern \.rapidshare.*\/[0-9]*\/.*\/[^\/]* 161280 90% 161280 ignore-reload store-stale refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?) 129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale refresh_pattern (get_video\?|videoplayback\?id|videoplayback.*id|videodownload\?|\.flv?) 129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale #refresh_pattern -i (get_video\?|videoplayback\?id|videoplayback.*id||videodownload\?|\.flv?) 129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale refresh_pattern \.(ico|video-stats) 129600 999999% 129600 override-expire ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth override-lastmod ignore-must-revalidate negative-ttl=10080 store-stale refresh_pattern \.etology\? 129600 999999% 129600 override-expire ignore-reload ignore-no-cache store-stale refresh_pattern galleries\.video(\?|sz) 129600 999999% 129600 override-expire ignore-reload ignore-no-cache store-stale refresh_pattern brazzers\? 129600 999999% 129600 override-expire ignore-reload ignore-no-cache store-stale refresh_pattern \.adtology\? 129600 999999% 129600 override-expire ignore-reload ignore-no-cache store-stale refresh_pattern ^.*(utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 129600 20% 129600 ignore-no-cache ignore-no-store ignore-private override-expire ignore-reload ignore-auth ignore-must-revalidate store-stale negative-ttl=40320 max-stale=10 refresh_pattern ^.*safebrowsing.*google 129600 999999% 129600 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth ignore-must-revalidate negative-ttl=10080 store-stale refresh_pattern ^http://((cbk|mt|khm|mlt)[0-9]?)\.google\.co(m|\.uk) 129600 999999% 129600 override-expire ignore-reload ignore-private store-stale negative-ttl=10080 refresh_pattern ytimg\.com.*\.jpg 129600 999999% 129600 override-expire ignore-reload store-stale refresh_pattern images\.friendster\.com.*\.(png|gif) 129600 999999% 129600 override-expire ignore-reload store-stale refresh_pattern garena\.com 129600 999999% 129600 override-expire reload-into-ims store-stale refresh_pattern photobucket.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 129600 999999% 129600 override-expire ignore-reload store-stale refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 129600 999999% 129600 ignore-no-cache override-expire override-lastmod store-stale refresh_pattern mediafire.com\/images.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 129600 999999% 129600 reload-into-ims override-expire ignore-private store-stale refresh_pattern ^http:\/\/images|pics|thumbs[0-9]\. 129600 999999% 129600 reload-into-ims ignore-no-cache ignore-no-store ignore-reload override-expire store-stale refresh_pattern ^http:\/\/www.onemanga.com.*\/ 129600 999999% 129600 reload-into-ims ignore-no-cache ignore-no-store ignore-reload override-expire store-stale # ANTI VIRUS refresh_pattern guru.avg.com/.*\.(bin) 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale refresh_pattern (avgate|avira).*(idx|gz)$ 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale refresh_pattern kaspersky.*\.avc$ 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale refresh_pattern kaspersky 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale refresh_pattern update.nai.com/.*\.(gem|zip|mcs) 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale refresh_pattern ^http:\/\/liveupdate.symantecliveupdate.com.*\(zip) 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale refresh_pattern windowsupdate.com/.*\.(cab|exe) 43200 999999% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale refresh_pattern update.microsoft.com/.*\.(cab|exe) 43200 999999% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale refresh_pattern download.microsoft.com/.*\.(cab|exe) 43200 999999% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale #images facebook refresh_pattern ((facebook.com)|(85.131.151.39)).*\.(jpg|png|gif) 129600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|mp3) 129600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale refresh_pattern static\.ak\.fbcdn\.net*\.(jpg|gif|png) 129600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png) 129600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale #banner IIX refresh_pattern ^http:\/\/openx.*\.(jp(e?g|e|2)|gif|pn[pg]|swf|ico|css|tiff?) 129600 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale refresh_pattern ^http:\/\/ads(1|2|3).kompas.com.*\/ 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale refresh_pattern ^http:\/\/img.ads.kompas.com.*\/ 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale refresh_pattern .kompasimages.com.*\.(jpg|gif|png|swf) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale refresh_pattern ^http:\/\/openx.kompas.com.*\/ 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale refresh_pattern kaskus.\us.*\.(jp(e?g|e|2)|gif|png|swf) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale refresh_pattern ^http:\/\/img.kaskus.us.*\.(jpg|gif|png|swf) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale #IIX DOWNLOAD refresh_pattern ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(mp3|rar|zip|flv|wmv|3gp|mp(4|3)|exe|msi|zip) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale ignore-auth #All File refresh_pattern -i \.(3gp|7z|ace|asx|avi|bin|cab|dat|deb|divx|dvr-ms) 129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale refresh_pattern -i \.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v)) 129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|css|js) 129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale refresh_pattern -i \.(mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rar|rm|r(a|p)m|snd|vob|wav) 129600 999999% 129600 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims store-stale refresh_pattern -i \.(pp(s|t)|wax|wm(a|v)|wmx|wpl|zip|cb(r|z|t)) 129600 999999% 43200 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims store-stale refresh_pattern (cgi-bin|\?) 0 0% 0 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern ^ftp: 10080 95% 43200 override-lastmod reload-into-ims store-stale refresh_pattern . 180 95% 43200 override-lastmod reload-into-ims store-stale global_internal_static off max_stale 10 years retry_on_error on buffered_logs on read_ahead_gap 32 KB header_access Accept-Encoding deny all client_persistent_connections off server_persistent_connections on half_closed_clients off strip_query_terms off quick_abort_min 0 KB quick_abort_max 0 KB quick_abort_pct 100 vary_ignore_expire on reload_into_ims on pipeline_prefetch on #range_offset_limit 50 KB read_timeout 30 minutes client_lifetime 6 hours negative_ttl 30 seconds positive_dns_ttl 6 hours negative_dns_ttl 60 seconds pconn_timeout 15 seconds request_timeout 1 minute store_avg_object_size 13 KB log_icp_queries off ipcache_size 16384 ipcache_low 98 ipcache_high 99 log_fqdn off fqdncache_size 16384 memory_pools off forwarded_for on zph_mode tos zph_local 0x30 zph_parent 0 zph_option 136 #cachemgr_passwd none info cachemgr_passwd none all client_db on max_filedescriptors 4096 n_aiops_threads 24 #client_socksize 16 MB load_check_stopen on load_check_stcreate on download_fastest_client_speed on – Buat direktori untuk nampung cache di /cache1, – kemudian ubah permission nya untuk squid – kemudian ubah permission file tunning.conf dan storeurl.pl agar bisa di exekusi [root@lusca-proxy etc]# mkdir /cache1 [root@lusca-proxy etc]# chown squid:squid /cache1 [root@lusca-proxy etc]# chmod 777 tunning.conf storeurl.pl Building cache dir squid [root@lusca-proxy etc]# /usr/local/squid/sbin/squid -z edit localnet pada squid.conf. sesuaikan network client kita : potongan squid.conf [root@lusca-proxy etc]# nano -c squid.conf ....................... #################################################################### # Allow local network(s) on interface(s) # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed #acl localnet src 10.0.0.0/8 # RFC1918 possible internal network #acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 7.7.9.0/24 # RFC1918 possible internal network #################################################################### Cek apakah ada config error di squid dan apabila tidak ada error Jalankan squid sebagai daemon root@lusca-proxy etc]# /usr/local/squid/sbin/squid -k parse [root@lusca-proxy etc]# /usr/local/squid/sbin/squid -NDd1 & Testing. Silahkan arahkan browser menggunakan proxy ke server LUSCA dengan port 3128 [root@lusca-proxy etc]# tail -f /cache1/access.log catatan : buat ngecek idup apa ngga di nmap saja liat port nya kebuka atau ngga jika ketemu error Filedescriptors blabla, edit di file [root@lusca-proxy ~]# nano -c /usr/local/squid/etc/storeurl.pl pada bagian paling atas #!/usr/bin/perl5.8.8 <===== edit menjadi "#!/usr/bin/perl" tanpa tanda kutip # by chudy_fernandez@yahoo.com # Updates at http://wiki.squid-cache.org/ConfigExamples/DynamicContent/YouTube/D iscussion $|=1; ............................. untuk menjalankan lusca setiap abis restart secara otomatis ketik perintah ini di console [root@lusca-proxy ~]# echo "/usr/local/squid/sbin/squid -NDd1 &" >> /etc/rc.local