Membuat Transparent Proxy

Cara menginstallnya adalah :

1. Menginstall paket proxy :

root#apt-get install squid

2. Membuat folder untuk menyimpan hasil cache :

root#mkdir /cache

3. Memberikan accses kepada semua user dengan cara :

root#chmod 777 /cache

4. Membuat konfigurasi proxy di bawah ini ke /etc/squid/squid.conf:

http_port 8080 transparent
icp_port 3130
udp_incoming_address 0.0.0.0
udp_outgoing_address 255.255.255.255

hierarchy_stoplist cgi-bin ? #.asp .aspx .mspx .php .php4 .php3 .phtml .do
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

cache_mem 512 MB
cache_swap_low 90
cache_swap_high 95

connect_timeout 1 minutes
negative_ttl 5 minutes
read_timeout 15 minutes
request_timeout 5 minutes
persistent_request_timeout 1 minutes
client_lifetime 5 day
pconn_timeout 120 seconds
shutdown_lifetime 30 seconds
client_persistent_connection on

maximum_object_size 1 MB
minimum_object_size 5 KB
maximum_object_size_in_memory 0 KB

ipcache_size 2048
ipcache_low 90
ipcache_high 95
fqdncache_size 512

cache_replacement_policy lru
memory_replacement_policy lru

cache_dir ufs /cache 100000 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log

log_ip_on_direct on
debug_options ALL,1

refresh_pattern cgi-bin 1 20% 2
refresh_pattern \.asp$ 1 20% 2
refresh_pattern \.acgi$ 1 20% 2
refresh_pattern \.cgi$ 1 20% 2
refresh_pattern \.pl$ 1 20% 2
refresh_pattern \.shtml$ 1 20% 2
refresh_pattern \.php3$ 1 20% 2

refresh_pattern -i \.jpg$ 0 50% 4320 #reload-into-ims
refresh_pattern -i \.jpeg$ 0 50% 4320 #reload-into-ims
refresh_pattern -i \.gif$ 0 50% 4320 #reload-into-ims
refresh_pattern -i \.png$ 0 50% 4320 #reload-into-ims
refresh_pattern -i \.bmp$ 0 50% 4320 #reload-into-ims
refresh_pattern -i \.wmf$ 0 50% 4320 #reload-into-ims
refresh_pattern -i \.js$ 0 50% 4320 #reload-into-ims
refresh_pattern -i \.css$ 0 50% 4320 #reload-into-ims
refresh_pattern -i \.cfm$ 0 50% 4320 #reload-into-ims

refresh_pattern ^http://www.facebook.com/.* 720 100% 4320
refresh_pattern ^http://www.friendster.com/.* 720 100% 4320
refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320
refresh_pattern ^http://mail.google.com/.* 720 100% 4320
refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320
refresh_pattern ^http://*.yimg.*/.* 720 100% 4320
refresh_pattern ^http://*.gmail.*/.* 720 100% 4320
refresh_pattern ^http://*.google.*/.* 720 100% 4320
refresh_pattern ^http://*korea.*/.* 720 100% 4320
refresh_pattern ^http://*.akamai.*/.* 720 100% 4320
refresh_pattern ^http://*.windowsmedia.*/.* 720 100% 4320
refresh_pattern ^http://*.googlesyndication.*/.* 720 100% 4320
refresh_pattern ^http://*.plasa.*/.* 720 100% 4320
refresh_pattern ^http://*.telkom.*/.* 720 100% 4320

refresh_pattern ^ftp:// 1440 20% 10080
refresh_pattern ^gopher:// 1440 0% 1440
refresh_pattern . 0 20% 4320

quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl blokporno dstdomain "/etc/squid/nourl.txt"
acl keyword url_regex -i "/etc/squid/keyword.txt"
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 6667-7000
acl Safe_ports port 80
acl Safe_ports port 6667-7000
acl Safe_ports port 81
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777 110
acl Safe_ports port 4461
acl Safe_ports port 5050
acl CONNECT method CONNECT
http_access allow manager localhost
acl lab src 172.16.16.0/24

http_access deny blokporno
http_access deny keyword
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow lab
http_access deny manager
http_access deny all
http_reply_access allow all
icp_access allow all
miss_access allow all

cache_mgr andy@andy.com
visible_hostname proxy.setras.co.id

logfile_rotate 10
buffered_logs off

5. Membuat file yang dibutuhkan pada file squid.conf :

root#vim /etc/squid/keyword.txt

==> isinya berupa kata2 yang di blokroot#vim /etc/vim/nourl.txt

==> isinya berupa url yang di blok

6. Menjalankan fungsi routing dengan cara :

root#vim /etc/sysctl

cari baris #ipv4.ip_forward=1

kemudian hapus tanda kres (#)nya, kemudian simpan kemudian restart

7. Menambahkan ip tables dengan cara :

root#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE#et0
root#iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080#eth1

8. Mengecek konfigasi squid dengan cara :

root#squid -k check

9. Menjalankan paket squid:

root#squid -z

Untuk menguji apakah proxy sudah berjalan, anda bisa mengetikkan kata2 yang sudah diblok.