how to create a SQUID for FreeBSD

SQUID
-----
langkah-langkah installasi squid:

1. download file squid-2.5.STABLE1.tar.gz (cari di google.com terserah versi berapa saja)
2. extract. tar fxzv squid-2.5.STABLE1.tar.gz
3. masuk ke direktori squid. cd squid-2.5.STABLE1
4. kernel di tambahkan

options MSGMNB=81920      # max # of bytes in a queue
options MSGMNI=82          # number of message queue identifiers
options MSGSEG=4098        # number of message segments per queue
options MSGSSZ=128         # size of a message segment
options MSGTQL=1024      # max messages in system

options SHMSEG=32           # max shared mem id's per process
options SHMMNI=64           # max shared mem id's per system
options SHMMAX=4194304  # max shared memory segment size (bytes)
options SHMALL=8192        # max amount of shared memory (pages)

4. ./configure --enable-storeio=diskd,ufs --enable-delay-pools --enable-ipf-transparent
5. make all install

setelah selesai, maka squid akan berada di direktory /usr/local/squid

masuk ke direktory configurasi squid.

edit squid.conf. pico squid.conf

yg penting disini adalah
------------------------------------------------------------------------
# direktory cache dan log
cd /usr/local/squid/etc
cache_dir ufs /usr/local/squid/cache 1024 16 256
cache_access_log /usr/local/squid/logs/access.log
cache_log /usr/local/squid/logs/cache.log

#acl
acl all src 0.0.0.0/0.0.0.0
acl alldst dst 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl chemod src 192.168.0.0/255.255.255.0
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 1025-65535
acl CONNECT method CONNECT

#permision access
http_access allow chemod
http_access allow localhost
http_access allow manager localhost
http_access deny !Safe_ports
http_access deny all
http_access deny CONNECT !SSL_ports
http_reply_access allow all

#transparant proxy
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

#visible hostname
visible_hostname chemod.lagi.jalan-jalan.com

#group dan user squid
cache_effective_user squid
cache_effective_group squid
-------------------------------------------------------------
bikin dir cache dan logs (kalau belum ada)

mkdir /usr/local/squid/cache
mkdir /usr/local/squid/logs

buat user dan group squid

pw groupadd squid
pw useradd squid -g squid --d dev/null -s etc/shells

rubah permisions untuk cache dan log nya

chown -R squid:squid /usr/local/squid/cache
chown -R squid:squid /usr/local/squid/var/logs

buat direktory cache

/usr/local/squid/sbin/squid -z

forward port 80 ( sebaiknya masukkan juga ke rc.local supaya dijalankan otomatis saat reboot )
/sbin/ipfw add 00050 fwd 192.168.0.254,3128 tcp from any to any 80 via rl1
( rl1 adalah lancard ip dalam)

jalankan squid
/usr/local/squid/sbin/squid -DsY

buat file di /etc/rc.local

rm /usr/local/squid/var/logs/squid.pid
/usr/local/squid/sbin/squid -sY
/sbin/ipfw add 00050 fwd 192.168.0.254,3128 tcp from any to any 80 via rl0

iptables -t nat -A PREROUTING -i eth0 -p tcp –-dport 80 -j REDIRECT -–to-port 3128

membuat password user
---------------------
tambahkan di squid.conf :
auth_param basic program /usr/local/squid/libexec/ncsa_auth /home/ardix/passwd
acl password proxy_auth REQUIRED
http_access allow password

buat file password :
cd /home/ardix
/usr/local/apache2/bin/htpasswd -c passwd ardix


menyisipkan perintah blokir situs
--------------------------------------------------------------------
acl blok1 dstdomain .nyamuk.com
(blok situs)
acl blok2 urlpath_regex -1 \.exe$ \.EXE$ \.cbs$ \.zip$ \.cab$ \.avi$
(blok download)
acl blok3 src 192.168.0.85
(blok ip client)
acl blok4 dstdom_regex xxx sex gay lebian
(blok site yang ada url diatas)
http_access deny blok1
http_access deny blok2
http_access deny blok3
http_access deny blok3
-------------------------------------------------------------------