How to Install Transparent Proxy


sekarang kita akan membahas tentang bagaimana cara membuat transparent proxy di ubuntu server. aplikasi yang akan kita gunakan untuk transparent proxy adalah Squid. ok kita langsung saja ke langkah-langkah nya :

  1. installkan paket proxy dengan cara :
  2. root#apt-get install squid
  3. sekarang buat folder untuk menyimpan hasil cache dengan cara:
  4. root#mkdir /cache

    jangan lupa memberikan accses kepada semua user dengan cara :

    root#chmod 777 /cache
  5. setelah selesai membuat cache cukup memasukan konfgurasi proxy di bawah ini ke /etc/squid/squid.conf. :
  6. http_port 8080 transparent # port yang di gunakan dan tipe proxy yg di pakai
    icp_port 3130
    udp_incoming_address 0.0.0.0
    udp_outgoing_address 255.255.255.255


    hierarchy_stoplist cgi-bin ? #.asp .aspx .mspx .php .php4 .php3 .phtml .do
    acl QUERY urlpath_regex cgi-bin \?
    no_cache deny QUERY

    cache_mem 512 MB
    cache_swap_low 90
    cache_swap_high 95

    connect_timeout 1 minutes
    negative_ttl 5 minutes
    read_timeout 15 minutes
    request_timeout 5 minutes
    persistent_request_timeout 1 minutes
    client_lifetime 5 day
    pconn_timeout 120 seconds
    shutdown_lifetime 30 seconds
    client_persistent_connection on

    maximum_object_size 1 MB #file cache max yg di simpan
    minimum_object_size 5 KB #file cache min yang di simpan
    maximum_object_size_in_memory 0 KB

    ipcache_size 2048
    ipcache_low 90
    ipcache_high 95
    fqdncache_size 512

    cache_replacement_policy lru
    memory_replacement_policy lru

    cache_dir ufs /cache 100000 16 256# 100000 kapasitas 100 GB 16 jumlah folder yg di buat 256 jumlah sub foldernya

    cache_access_log /var/log/squid/access.log
    cache_log /var/log/squid/cache.log
    cache_store_log /var/log/squid/store.log

    log_ip_on_direct on
    debug_options ALL,1

    refresh_pattern cgi-bin 1 20% 2
    refresh_pattern \.asp$ 1 20% 2
    refresh_pattern \.acgi$ 1 20% 2
    refresh_pattern \.cgi$ 1 20% 2
    refresh_pattern \.pl$ 1 20% 2
    refresh_pattern \.shtml$ 1 20% 2
    refresh_pattern \.php3$ 1 20% 2

    refresh_pattern -i \.jpg$ 0 50% 4320 #reload-into-ims
    refresh_pattern -i \.jpeg$ 0 50% 4320 #reload-into-ims
    refresh_pattern -i \.gif$ 0 50% 4320 #reload-into-ims
    refresh_pattern -i \.png$ 0 50% 4320 #reload-into-ims
    refresh_pattern -i \.bmp$ 0 50% 4320 #reload-into-ims
    refresh_pattern -i \.wmf$ 0 50% 4320 #reload-into-ims
    refresh_pattern -i \.js$ 0 50% 4320 #reload-into-ims
    refresh_pattern -i \.css$ 0 50% 4320 #reload-into-ims
    refresh_pattern -i \.cfm$ 0 50% 4320 #reload-into-ims

    refresh_pattern ^http://www.facebook.com/.* 720 100% 4320
    refresh_pattern ^http://www.friendster.com/.* 720 100% 4320
    refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320
    refresh_pattern ^http://mail.google.com/.* 720 100% 4320
    refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320
    refresh_pattern ^http://*.yimg.*/.* 720 100% 4320
    refresh_pattern ^http://*.gmail.*/.* 720 100% 4320
    refresh_pattern ^http://*.google.*/.* 720 100% 4320
    refresh_pattern ^http://*korea.*/.* 720 100% 4320
    refresh_pattern ^http://*.akamai.*/.* 720 100% 4320
    refresh_pattern ^http://*.windowsmedia.*/.* 720 100% 4320
    refresh_pattern ^http://*.googlesyndication.*/.* 720 100% 4320
    refresh_pattern ^http://*.plasa.*/.* 720 100% 4320
    refresh_pattern ^http://*.telkom.*/.* 720 100% 4320

    refresh_pattern ^ftp:// 1440 20% 10080
    refresh_pattern ^gopher:// 1440 0% 1440
    refresh_pattern . 0 20% 4320

    quick_abort_min 16 KB
    quick_abort_max 16 KB
    quick_abort_pct 95

    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl blokporno dstdomain "/etc/squid/nourl.txt" # untuk blok url
    acl keyword url_regex -i "/etc/squid/keyword.txt" # untuk blok kata-kata
    acl localhost src 127.0.0.1/255.255.255.255
    acl to_localhost dst 127.0.0.0/8
    acl SSL_ports port 443 563 6667-7000
    acl Safe_ports port 80
    acl Safe_ports port 6667-7000
    acl Safe_ports port 81
    acl Safe_ports port 21
    acl Safe_ports port 443 563
    acl Safe_ports port 70
    acl Safe_ports port 210
    acl Safe_ports port 1025-65535
    acl Safe_ports port 280
    acl Safe_ports port 488
    acl Safe_ports port 591
    acl Safe_ports port 777 110
    acl Safe_ports port 4461
    acl Safe_ports port 5050
    acl CONNECT method CONNECT
    http_access allow manager localhost
    acl lab src 172.16.16.0/24 # ini bisa diganti sesuai ip lokal yang dipake

    http_access deny blokporno
    http_access deny keyword
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access allow lab
    http_access deny manager
    http_access deny all
    http_reply_access allow all
    icp_access allow all
    miss_access allow all

    cache_mgr sandi@unpad.ac.id # email yg bertanggung jawab atas proxy
    visible_hostname proxy.setras.co.id # cuma formalitas doang

    logfile_rotate 10
    buffered_logs off
  7. jangan lupa membuat file yang di butuhkan pada file squid.conf :
  8. root#vim /etc/squid/keyword.txt ==> isinya berupa kata2 yang di blokroot#vim /etc/vim/nourl.txt ==> isinya berupa url yang di blok
  9. fungsikan fungsi routing dengan cara :
  10. root#vim /etc/sysctlcari baris #ipv4.ip_forward=1 kemudian hapus tanda kres (#) di depannya kemudian simpan kemudian restart komputer anda
  11. tambahkan ip tables dengan cara :
  12. root#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE#et0 ==> eth ke inetrnet
    root#iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080#eth1 ==> eth ke LAN
  13. cek konfigasi squid dengan cara :
  14. root#squid -k check
  15. jika sudah benar jalankan paket squi dengan cara.
  16. root#squid -z

nah proses pembuatan proxy telah selesai sekarang bisa di cek dengan cara mambuka url atau kata-kata yang di blok.

semoga bermanfaat

CMIWW

~ by cyberjagaditha15 on June 15, 2010.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: