squid-3.5.0.2-20141121-r13666.tar.gz
(beta version)
INTERCEPT MODE
SUPPORT WITH HTTP AND HTTPS
Oleh :
--with-filedescriptors=65536
#opensslreqnewnewkeyrsa:1024days365nodesx509
keyoutmyCA.pemoutmyCA.pem
opensslx509inmyCA.pemoutformDERoutmyCA.der
sumber: http://wiki.squidcache.org/Features/DynamicSslCert
/usr/lib/squid/ssl_crtdcs/etc/squid/ssl_db/certs
chownRnobody/etc/squid/ssl_db
==============================
tambahkan di file squid.conf
==============================
cache_dir /cache1 aufs 100 16 256
cache_dir /cache1 aufs 100 16 256
sslcrtd_program /usr/lib/squid/ssl_crtd -s
/etc/squid/ssl_db/certs/ -M 4MB
sslcrtd_children 32 startup=30 idle=1
ssl_unclean_shutdown on
sslproxy_version 1
always_direct allow all
##untuk yg ga mau di bumping pake sll_bump none acl
aja,contoh server bank jgn lupa buatin acl server bank nya
ssl_bump none localhost
ssl_bump server-first all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
not imposible caching even HTTPS
by muhammad fahmy hadziqy S.T
==============================
pada bagian refresh pattern tambah kan ini agar dapat
meng cache gambar hasil pencarian pada google
==============================
refresh_pattern -i \.gstatic.com\/images?.* 525600 100%
525600 override-expire ignore-auth
==============================
permision direktori log file squid
==============================
# chmod 777 /var/log/squid -R
# chown proxy:proxy /var/log/squid -R
==============================
buat swap direk folder cachenya
==============================
# squid -z
==============================
restarting service squid
==============================
# service squid restart
or
# /etc/init.d/squid restart
checking no error
# squid -k parse
/etc/sysctl.conf
ipv4 forward nya enable kan :D
itpables -t nat -A POSTROUTING -s ip-network-client -j
MASQUERADE
iptables -t nat -A PREROUTING -s ip-network-client -p tcp
--dport 80 -j REDIRECT --to-port port-http-proxy
iptables -t nat -A PREROUTING -s ip-network-client -p tcp
--dport 443 -j REDIRECT --to-port port--https-proxy
import ke browser
google chrome
setting
advanced
HTTPS/SSL
trusted Root certification authorities
not imposible caching even HTTPS
by muhammad fahmy hadziqy S.T
import
pilih file myCA.der
ok
JOSS
Daftar pustaka
http://wiki.squid-cache.org/
http://www.squid-cache.org/
http://www.squid-cache.org/Doc/config/http_port/
http://wiki.squid-cache.org/Features/DynamicSslCert