LUSCA

[ARCHIVE] SQUID & LUSCA Proxy High performance + Caching dynamic content
default config squid tidak di dedikasikan utk caching dynamic content, terutama utk file2
dynamic (kayak youtube dan google addssense dll) file2 itu biasanya membuat penuh cache tapi
karena content dynamic oleh squid pasti akan dianggap miss dan akan mendownload lagi jadi
bisa membuat posioning cache
untuk update squid ke lusca silahkan ikuti cara2 ini (contoh utk redhat base & freebsd base)
cara2nya (pake putty aja enak), apa itu puty silahkan baca disini :
untuk keluarga redhat-5 (centos-5.x, fedora, clearOS dll)
stop dulu servis squid nya
/etc/init.d/squid stop
backup dulu squid.conf nya di /etc/squid/squid.conf
delet squid lama
rpm -e squid-xxx(versi squid)
delete file di directory cache_dir
ex:
rm -rf /cache/*
download package lusca
NEW LUSCA UBUNTU-64 BIT (SVN checkout 24 Maret 2010)
hxxp://squid-proxy-pkg.googlecode.com/files/deb-lusca-r14499-64.tar.bz2
Quote:
NEW LUSCA Release 14410 (SVN checkout 16 February 2010)

hxxp://squid-packge.googlecode.com/files/LUSCA_HEAD-r14410-1_el5.i386.rpm
hxxp://squid-packge.googlecode.com/files/LUSCA_HEAD-r14410-1_el5.x86_64.rpm
wget hxxp://squid-packge.googlecode.com/files/LUSCA_HEAD-r14371-1_el5.i386.rpm
trus di intstall
rpm -Uvh LUSCA_HEAD-r14371-1_el5.i386.rpm
trus download file2 confignya
cd /etc/squid/
wget hxxp://squid-proxy-pkg.googlecode.com/files/squid.conf
wget hxxp://squid-proxy-pkg.googlecode.com/files/storeurl-el5.pl
wget hxxp://squid-proxy-pkg.googlecode.com/files/tunning-el5.conf
chmod +x storeurl-el5.pl
chown squid:squid tunning-el5.conf
chown squid:squid storeurl-el5.pl
dan silahkan sesuaikan configurasi cache_dir,allow netlocal dll di tempat anda di file squid.conf
update tunning sysctl.conf
cd /etc/
wget hxxp://squid-packge.googlecode.com/files/sysctl.conf-el5
mv sysctl.conf-el5 sysctl.conf
rebuild cache
cek configurasi
squid -k parse
jika tidak ada error, rebuild cache swap
squid -z
start servis squid
/etc/init.d/squid start
catatan:
dengan 6 client aktif perhari saja, cache swap bisa mencapai 1 Gb perhari, dan lusca hanya
support aufs dan coss, tidak support ufs dan diskd (obsolete)
sources LUSCA rpm : hxxp://squid-packge.googlecode.com/files/LUSCA_HEAD-r143711_el5.src.rpm
utk keluarga freebsd (pfsense ):
stop dulu servis squidnya (bisa lewat web kalo di pfsense)
delete directory cache_dir (default di /var/squid/cache)
rm -rf /var/squid/cache/*
delet dulu squid lama
pkg_delete squid\*
install lusca
update release from svn lusca-head-r14410
Quote:
hxxp://squid-packge.googlecode.com/files/lusca-head-r14410_1.tbz
pkg_add -rv hxxp://squid-proxy-pkg.googlecode.com/files/freebsd-lusca-head-r14371_3.tbz
rehash
squid -v
kemudian baru di tunning kernel dan squidnya :
masuk ke directory squid
cd /usr/local/etc/squid/
download dulu tunning squidnya
fetch hxxp://freebsd-squid-system.googlecode.com/files/tunning.conf
download program store dynamic cache
fetch hxxp://freebsd-squid-system.googlecode.com/files/storeurl.pl
ubah mode filenya :
chmod +x storeurl.pl
chown proxy roxy storeurl.pl
chown proxy roxy tunning.conf
download tunning kernel
cd /etc
fetch hxxp://freebsd-squid-system.googlecode.com/files/sysctl.conf
cd /boot
fetch hxxp://freebsd-squid-system.googlecode.com/files/loader.conf
trus tambahin option tunning dengan menambah link baris di
/usr/local/pkg/squid.inc
cari kata2 ini pake winscp
acl dynamic urlpath_regex cgi-bin \?
dan tambahkan ini dibawahnya
include /usr/local/etc/squid/tunning.conf
trus rebuild cache
squid -z
sebelum servis dijalankan, cek apakah ada yang salah dengan confignya :
squid -k parse
jika tidak ada error, start servis squidnya (bisa lewat web) atau reboot server nya
untuk keluarga debian (ubuntu,kubuntu dll) dan slackware filenya masih belum di upload, atau
silahkan build sendiri dari sources hehehe
copy patse dr bawah

just info :
configurasi tunning*.conf gak akan jalan kalau menggunakan sources lusca originalnya, package
yang di buat (rpm dan bz) sudah di patch untuk optimasi refresh_pattern. beberapa perbedaan
yang dibuat .
1. support for refresh_pattern store-stale (belum ada di squid-2.7 dan lusca original)
2.tambahan ignore-no-store,ignore-must-revalidate (belum ada di squid-2.7 dan lusca original),
3. patch loop untuk content video (akan muncul cacheHit dan looping terdetetect maka download
ulang content yang sama akan di stop.
4. patch varry on, jika menggunakan default lusca / squid-2.7.x dengan menggunakan configurasi
storeurl_rewrite_program, jangan di reboot servernya, jika reboot, file content dynamic akan
menjadi miss
untuk test case, silahkan tambahkan option store-stale di setaip refresh_pattern, pastin beda
penuhnya cache dengan tanpa store-stale
Update Ubuntu/Debian Base i386
Ubuntu/Debian base i386
Quote:
hxxp://squid-proxy-pkg.googlecode.com/files/lusca_r144281-ubuntu-i386.tar.bz2
silahken di sedot http://squid-packge.googlecode.com/f...-lusca.tar.bz2
http://www.forummikrotik.com/redirect-to/?redirect=http%3A%2F%2Fsquidpackge.googlecode.com%2Ffiles%2Fpatch-lusca.tar.bz2
http://www.forummikrotik.com/redirect-to/?redirect=http%3A%2F%2Fsquidpackge.googlecode.com%2Ffiles%2Fpatch-lusca.tar.bz2
patch fitur2 itu hasil utak atik gathuk dari fitur sources squid-2-HEAD, trus di modif agar cucok
di lusca. dan bisa juga di modif ke squid-2.7.7, utk squid-3 gak bisa, beda compiler kekeke
utuk paket ubuntu nanti saya upload LUACA_HEAD-r14371-ubuntu-1_i386.deb,
yups
paling mudah
download menggunakan svn
svn checkout hxxp://lusca-cache.googlecode.com/svn/branches/LUSCA_HEAD/ luscacache-read-only
[SQUID] squid-2.7.STABLE8 khusus ubuntu/debian i386
This image has been resized. Click this bar to view the full image. The original image is sized
663x275.
751x217.
support :
Sedot packagenya :
squid-2.7.STABLE8
Code:
cd /tmp
wget hxxp://squid-proxy-pkg.googlecode.com/files/squid-2.7.STABLE8-ubuntui386.tar.bz2
tar xvf squid-2.7.STABLE8-ubuntu-i386.tar.bz2
cd squid-2.7.STABLE8-ubuntu-i386
mv /etc/squid/squid.conf /etc/squid/squid.conf.backup
cp config/* /etc/squid/
Update Package squid-2.7.STABLE9

hxxp://squid-proxy-pkg.googlecode.com/files/squid-2.7.STABLE9-ubuntu-i386.tar.bz2
silahkan sesuaikan dulu squid.conf di /etc/squid/squid.conf dengan kondisi di tempat anda

(cache_dir, cache_mem, dns dll)
trus unisntal squid lama (jika ada) dan install squid baru
Code:
dpkg -r squid squid-common squidclient squid-langpack squid-cgi
dpkg -i squid_2.7.STABLE8-1_i386.deb \
squidclient_2.7.STABLE8-1_i386.deb squid-langpack_20100111-1_all.deb \
squid-cgi_2.7.STABLE8-1_i386.deb squid-common_2.7.STABLE8-1_all.deb
Tips
gunakan filesystem ext4 dengan option noatime,nobarier/barier=0 di fstab / reiserfs dgn option
noatime, notail
jika client lebih dari 50, gunakan minimal 2 hardisk agar tidak terjadi bootlenect di HD
sesuikan besarnya cache_dir dengan merujuk tersedianya ram fisik, jangan kemaruk nanti
berakibat buruk
non aktifkan servis2 yang tidak penting agar memory lebih optimal
* itu tergantung topologi networknya om,

pake iptables kalo proxy di jadikan model router,
kalo gak ya disable saja servis iptables nya
* diatas sudah ada step2 upgrade squid dan sudah di patch ajian jaran goyang
oh iya satu lagi, utk yang memory minimal 1Gb, optimalkan kernel /etc/sysctl.conf
sysclt.conf
Code:
# Locate /etc/sysctl.conf
# For binary values, 0 is disabled, 1 is enabled.
# sysctl.conf(5) for more details.
See sysctl(8) and
#max openfiles
fs.file-max = 65536
#Minimalis use swap disk
vm.drop_caches = 3
vm.swappiness = 3
#kernel.shmall = 2097152
#kernel.shmmax = 2147483648
#kernel.shmmni = 4096
#kernel.sem = 250 32000 100 128
net.ipv4.ip_local_port_range = 1024 65000
net.core.rmem_default = 262144
net.core.rmem_max = 262144
net.core.wmem_default = 262144
net.core.wmem_max = 262144
net.ipv4.tcp_low_latency = 1
net.core.netdev_max_backlog = 4000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_mem = 786432 1048576 1572864
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 65536 4194304
#net.ipv4.tcp_rmem = 4096 87380 8388608
#net.ipv4.tcp_wmem = 4096 65536 8388608
net.core.wmem_max = 8388608
net.core.rmem_max = 8388608
net.ipv4.tcp_tw_recycle = 1
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename
# Useful for debugging multi-threaded applications
kernel.core_uses_pid = 1
# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1
# Controls the maximum size of a message, in bytes

kernel.msgmnb = 65536
# Controls the default maxmimum size of a mesage queue
kernel.msgmax = 65536
# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736
# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296
setelah di save, baru di sysctl -p
rasakan bedanya
catatan : utk ram 512Mb kurangi saja parameter *mem di kolom ke dua dan tiga menjadi
setengahnya, kolom ke satu biarkan saja
tips:
jika memory > 256Mb,
utak atik config di tunning.conf
contoh :
Code:
............
storeurl_rewrite_program /usr/local/etc/squid/storeurl.pl
storeurl_rewrite_children 7 storeurl_rewrite_concurrency 60
............
dan aktifkan :
server_http11 on
Squid Cache: Version 2.7.STABLE8-20100216

configure options: '--prefix=/usr' '--exec_prefix=/usr' '--bindir=/usr/sbin'
'--sbindir=/usr/sbin' '--libexecdir=/usr/lib/squid' '--sysconfdir=/etc/squid'
'--localstatedir=/var/spool/squid' '--datadir=/usr/share/squid' '--enableasync-io=24' '--with-aufs-threads=24' '--with-pthreads' '--enablestoreio=aufs' '--enable-linux-netfilter' '--enable-arp-acl' '--enable-epoll'
'--enable-removal-policies=heap' '--enable-snmp' '--enable-delay-pools' '-enable-htcp' '--enable-cache-digests' '--disable-unlinkd' '--enable-referer-
log' '--enable-useragent-log' '--enable-follow-x-forwarded-for' '--enablelarge-cache-files' '--enable-default-err-language=English' '--enable-errlanguages=English' '--with-large-files' '--with-maxfd=65536' 'i386-debianlinux' 'build_alias=i386-debian-linux' 'host_alias=i386-debian-linux'
'target_alias=i386-debian-linux' 'CFLAGS=-Wall -g -O2' 'LDFLAGS=-Wl,Bsymbolic-functions' 'CPPFLAGS='
tunninf.conf bisa di gunakan, asal sudah di patch.

lusca versi terbaru : LUSCA_HEAD-r14436.tar.bz2
with patch =
-ignore-must-revalidate
-add Improve %nn parser to better deal with certain odd %nn sequences
http://www.forummikrotik.com/redirect-to/?redirect=http%3A%2F%2Fsquid-proxypkg.googlecode.com%2Ffiles%2FLUSCA_HEAD-r14436.tar.bz2
creative# uname -a
FreeBSD creative.info 8.2-RELEASE FreeBSD 8.2-RELEASE #0 r219081M: Wed Mar 2
08:23:31 CET 2011
root@www4:/usr/obj/i386/usr/src/sys/GENERIC i386
creative# squid -v
Squid Cache: Version LUSCA_HEAD-r14809
configure options: '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/sbin' '-sbindir=/usr/sbin' '--libexecdir=/usr/libexec/squid' '--sysconfdir=/usr/local/etc/squid'
'--localstatedir=/var/log/squid' '--datadir=/usr/share/squid' '--enable-async-io=24' '-with-aufs-threads=24' '--with-pthreads' '--enable-storeio=aufs,coss,null' '--disablelinux-netfilter' '--enable-kqueue' '--enable-arp-acl' '--disable-linux-tproxy' '--disableepoll' '--enable-removal-policies=heap' '--with-aio' '--with-dl' '--enable-snmp' '-enable-delay-pools' '--enable-htcp' '--enable-cache-digests' '--disable-unlinkd' '-enable-large-cache-files' '--with-large-files' '--enable-err-languages=English' '-enable-default-err-language=English' '--with-maxfd=65536'
squidclient mgr:delay
topologi netnya gimana ?
jika beda ether di mikrotik bisa seperti ini :
/ip fi na
add chain=dstnat action=dst-nat to-addresses=IP-PROXY to-ports=3128 \
protocol=tcp src-address=x.x.x.x/xx dst-address=!IP-PROXY \
in-interface=LAN dst-port=80
*[BOLD] sesuiakan dg ip proxy & net client, atau bisa gunakan src-adress-list
good luck
Inet1 & Inet2(ether1&2) ---- Mikrotik (192.168.1.1) ---- AP (192.168.2.2)(ether5) ---Client (192.168.2.10 - 192.168.2.40)
.............................................|
.............................................|
.................................PC Linux dgn Squid (192.168.1.2)(ether4)
Mohon maaf krn saya sendiri disettingkan oleh Bro Uburcumi jadi saya jg gak tau
mengenai nat, mangle, dkk nya
ane hanya mencoba mempelajarinya
, tp msh meraba-raba
cache_log itu sangat penting utk debugging

kalau sudah YAKIN BETUL bahwa squidnya 100% berjalan sempurna ya tidak apa2
cache_log none, tapu bagsunya bukan none, cache_log /dev/null
squidclient mgr:config | grep cache_dir
Tips biar ngacir:

1 disk = 1 partisi cache_dir
cache_dir hrs partisi tersendiri
Gunakan lebih dr 1 disk utk cache
Gunakan disk dg rpm tinggi
Cache_dir besarnya hrs mengacu pd memory fisik
Cache_mem bs dimulai dr 8mb & bs dinaikkan pelan2,smakin besar, smakin lama
memindahkan ke disk.
Buang acl yg tdk perlu
Buat logrotate < 2
Matikan log2 yg tdk penting
1 gb cache membutuhkan 10 mb ram. Jadi silahkan dikira2 berapa cache yg layak

ditambah berapa ram yg digunakan utk servis lainya (kernel sytem,driver,servisis
dll)
Jika hnya 1 disk. Gunakan 1 sj partisi cache. Jika lebih dr satu, squid jd kurang
responsif. Partis cache sbaiknya stelah partisi system /, dan satu lg perhitungan L1
& L2 hrs seimbang dgn nilai L2=256 & rata2 object cache 13 kb. Cari di google
'formula cache_dir'
coba membantu
misal :
cache_dir 16 GB
di squid.conf
Quote:
cache_dir coss /cache1/coss 16384 max-size=65535 block-size=4096

cache_dir aufs /cache0 32768 64 256 min-size=65535
cache_swap_log /var/spool/squid/%s
agar partisi support coss :
Quote:
dd if=/dev/zero bs=1048576 count=<size> of=<outfile>
contoh jika partisi cache0 /dev/ad0s3f & ingin membuat coss 16Gb
dd if=/dev/ad0s3f bs=1048576 count=16384 of=/cache2/coss
referensi : http://wiki.squid-cache.org/Features...tStorageSystem
http://www.forummikrotik.com/redirect-to/?redirect=http%3A%2F%2Fwiki.squid-cache.org
%2FFeatures%2FCyclicObjectStorageSystem
ya kurang lebih seperti yg bro siber uraikan, nambahin sedikit.. utk block-size biar akurat ada
itungannya..
krn file number di squid cuma 24bit, rumus yg dipake
Code:
size=block-size x 2^24
contoh :
utk block-size : 512 byte, kira alokasi cache_dirnya :
Code:
512 x 2^24=8GB
kalo utk di contoh bro siber 16 Gb, kira

Code:
1024 x 2^24=16Gb
jd utk 16Gb amannya pake block-size=1024

kalo gak mau susah ngitung, ini patokannya :
Quote:
block-size=512 - 8GB Max cache_dir size

update squid-2.7.STABLE9-ubuntu-i386,
link di page 1
Quote:
squid -v
Squid Cache: Version 2.7.STABLE9 build by grage95
configure options: '--prefix=/usr' '--exec_prefix=/usr' '--bindir=/usr/sbin' '--sbindir=/usr/sbin' '-libexecdir=/usr/lib/squid' '--sysconfdir=/etc/squid' '--localstatedir=/var/spool/squid' '-datadir=/usr/share/squid' '--enable-async-io=24' '--with-aufs-threads=24' '--with-pthreads' '-enable-storeio=aufs' '--enable-linux-netfilter' '--enable-arp-acl' '--enable-epoll' '--enableremoval-policies=heap' '--with-aio' '--with-dl' '--enable-snmp' '--enable-delay-pools' '--enablehtcp' '--enable-cache-digests' '--disable-unlinkd' '--enable-large-cache-files' '--with-large-files'
'--with-maxfd=65536' 'i386-debian-linux' 'build_alias=i386-debian-linux' 'host_alias=i386debian-linux' 'target_alias=i386-debian-linux' 'CFLAGS=-Wall -g -O2' 'LDFLAGS=-Wl,Bsymbolic-functions' 'CPPFLAGS='
Change Log :
add store-stale, ignore-no-store, ignore-must-revalidate
Change Detail :
hxxp://www.squid-cache.org/Versions/v2/2.7/changesets/
sudah membaca yang sudah di quote itu ???

Quote:
mv /etc/squid/squid.conf /etc/squid/squid.conf.backup
cp config/* /etc/squid/
squid.conf gak harus panjang,
squid support include link,
squid bisa di pecah2 confignya, misal utk delay_pool, utk acl-auth, refresh_pattern dll.
contoh :
include /etc/squid/delay.conf
include /etc/squid/acl-auth.conf
include /etc/squid/refresh.conf
dst ..
asal confignya bener, mau seratus baris di pecah2 jadi 5 baris ya gpp
silahkan baca2 manual squid.conf.default

--disable-ident-lookups' ini yang menyebabkan Number of clients accessing
cache always zero, setelah re config re compile tanpa option tsb
kita bisa liat Number of clients accessing cache <solved>
-disable-ident-lookups menghentikan squid dari melihat ident di setiap koneksi,
bisa juga untuk mencegah serangan DOS yang dapat mematikan squid server, yang
biasanya dengan cara membuka ribuan koneksi. Dan bukan menyimpan statistik
koneksi
client_db on jika diaktifkan maka squid akan menyimpan statistik semua klien, hal
ini bisa membebani memori, maka sebaiknya dinonaktifkan. client_db on ngefek
kalo di RESTART, bukan di RELOAD
squidclient mgr:client_list
indiferal
##start of config
http_port 192.168.1.2:3128 transparent
# vhost vport=80
http_port 127.0.0.1:3128
server_http11 on
icp_port 0
#icp_port 3130
cache_effective_user proxy
cache_effective_group proxy
visible_hostname cafe-netters.com
cache_mgr admin@localhost
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
logfile_rotate 1
shutdown_lifetime 10 seconds
####################################################################
# Allow local network(s) on interface(s)
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8
# RFC1918 possible internal
network
acl localnet src 172.16.0.0/12
# RFC1918 possible internal
network
acl localnet src 192.168.0.0/16 192.168.3.0/24
# RFC1918 possible
internal network
####################################################################
uri_whitespace strip
dns_nameservers 127.0.0.01 192.168.1.2 125.160.2.162 202.134.1.10
208.67.222.222
cache_mem 64 MB
maximum_object_size_in_memory 64 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir aufs /cache 62668 64 256
mime_table /usr/share/squid/mime.conf
minimum_object_size 512 bytes
maximum_object_size 128000 KB
offline_mode off
cache_swap_low 98
cache_swap_high 99
# No redirector configured
# Setup some default acls
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 81 3128 102565535
acl sslports port 443 563 81
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
http_access
http_access
http_access
http_access
http_access
http_access
allow manager localhost

deny manager
allow purge localhost
deny purge
deny !safeports
deny CONNECT !sslports
# Always allow localhost connections

http_access allow localhost
# Allow local network(s) on interface(s)
http_access allow localnet
# Default block all to be sure
http_access deny all
include /etc/squid/tunning.conf
##end of config
acl store_rewrite_list urlpath_regex \/(get_video|videoplayback\?id|
videoplayback.*id) \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|mp(4|3)|
exe|msi|zip|on2|mar|swf)
acl store_rewrite_list_domain url_regex ^http:\/\/([a-zA-Z-]+[0-9-]+)\.[A-Zaz]*\.[A-Za-z]*
acl store_rewrite_list_domain url_regex (([a-z]{1,2}[0-9]{1,3})|([0-9]{1,3}[az]{1,2}))\.[a-z]*[0-9]?\.[a-z]{3}
acl store_rewrite_list_path urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|
ico|flv|avc|zip|mp3|3gp|rar|on2|mar|exe)$
acl store_rewrite_list_domain_CDN url_regex \.rapidshare\.com.*\/[0-9]*\/.*\/
[^\/]* ^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*) \.doubleclick\.net.*
yieldmanager cpxinteractive ^http:\/\/[.a-z0-9]*\.photobucket\.com.*\.[a-z]
{3}$ quantserve\.com
acl rapidurl url_regex \.rapidshare\.com.*\/[0-9]*\/[0-9]*\/[^\/]*
acl video urlpath_regex \.((mpeg|ra?m|avi|mp(g|e|4)|mov|divx|asf|qt|wmv|m\dv|
rv|vob|asx|ogm|flv|3gp)(\?.*)?)$ (get_video\?|videoplayback\?|
videodownload\?|\.flv(\?.*)?)
#acl html url_regex \.((html|htm|php|js|css|aspx)(\?.*)?)$ \.com\/$ \.com$
#acl images urlpath_regex \.((jp(e?g|e|2)|gif|png|tiff?|bmp|ico)(\?.*)?)$
#acl snmppublic snmp_community public
acl dontrewrite url_regex redbot\.org (get_video|videoplayback\?id|
videoplayback.*id).*begin\=
acl getmethod method GET
storeurl_access deny dontrewrite
storeurl_access deny !getmethod
storeurl_access allow store_rewrite_list_domain_CDN
storeurl_access allow store_rewrite_list
storeurl_access allow store_rewrite_list_domain store_rewrite_list_path
storeurl_access deny all
storeurl_rewrite_program /etc/squid/storeurl.pl
storeurl_rewrite_children 1
storeurl_rewrite_concurrency 99
# 1 year = 525600 mins, 1 month = 129600 mins
refresh_pattern imeem.*\.flv
0 0% 0 override-lastmod override-expire
store-stale
#ads
refresh_pattern ^.*(utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|
bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|
ad\.trafficmp\.com|ads\.cubics\.com|
ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|
game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|
adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 129600
20% 129600 ignore-no-cache ignore-no-store ignore-private override-expire
ignore-reload ignore-auth ignore-must-revalidate store-stale negativettl=40320 max-stale=1440
#specific sites
refresh_pattern ^.*safebrowsing.*google
129600 999999% 129600 override-expire ignore-reload ignore-no-cache
ignore-no-store ignore-private ignore-auth ignore-must-revalidate negativettl=10080 store-stale
refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?)
129600 99999999% 129600 override-expire ignore-reload store-stale
refresh_pattern \.(ico|video-stats)
129600
999999% 129600 override-expire ignore-reload ignore-no-cache ignore-no-store
ignore-private ignore-auth override-lastmod ignore-must-revalidate negativettl=10080 store-stale
# pictures & images
refresh_pattern -i \.(gif|png|jpeg|jpg|bmp|tif|tiff|ico)$
10080 50%
43200 override-expire override-lastmod reload-into-ims ignore-reload ignoreno-cache ignore-auth ignore-private store-stale
# website
refresh_pattern -i \.(xml|html|htm|js|txt|css|php)$
10080 50%
43200 override-expire override-lastmod reload-into-ims ignore-reload ignoreno-cache ignore-auth store-stale
#sound, video multimedia
refresh_pattern -i \.(flv|x-flv|mov|avi|qt|mpg|mpeg|swf)$
43200 override-expire override-lastmod reload-into-ims ignore-reload
no-cache store-stale
refresh_pattern -i \.(wav|mp3|mp4|au|mid)$
43200 override-expire override-lastmod reload-into-ims ignore-reload
no-cache ignore-auth ignore-private store-stale
# files
refresh_pattern -i \.(iso|deb|rpm|zip|tar|tgz|ram|rar|bin|ppt|doc)$
43200 ignore-no-cache ignore-auth store-stale
refresh_pattern -i \.(zip|gz|arj|lha|lzh)$
100% 43200 override-expire ignore-no-cache ignore-auth store-stale
refresh_pattern -i \.(rar|tgz|tar|exe|bin)$
100% 43200 override-expire ignore-no-cache ignore-auth ignore-reload
no-cache store-stale
refresh_pattern -i \.(hqx|pdf|rtf|doc|swf)$
refresh_pattern -i \.(inc|cab|ad|txt|dll)$
10080 50%
ignore10080 50%
ignore-
10080 90%
10080
10080
ignore10080
10080
# refresh pattern for specific sites

refresh_pattern ^http://*.21cineplex.*/.*
720 100% 10080 override-expire
override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth
refresh_pattern ^http://*.kompas.*/.*
override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.blogspot.com/.*
refresh_pattern ^http://*.wordpress.com/.*
override-lastmod reload-into-ims ignore-no-cache
refresh_pattern ^http://*.photobucket.com/.* 720 100% 10080 override-expire
refresh_pattern ^http://*.tinypic.com/.*
720 100% 10080 overrideexpire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.imageshack.us/.*
refresh_pattern ^http://*.kaskus.*/.*
refresh_pattern ^http://www.kaskus.com/.*
refresh_pattern ^http://*.detik.*/.*
refresh_pattern ^http://*.detiknews.*/*.*
refresh_pattern ^http://*.facebook.com/.*
refresh_pattern ^http://*.myspace.com/.*
refresh_pattern ^http://*.tagged.com/.*
refresh_pattern ^http://*.fbcdn.net/.*
refresh_pattern ^http://profile.ak.fbcdn.net/.*
refresh_pattern ^http://*.yahoo.com/.*
refresh_pattern ^http://*.yahoo.co.id/.*
refresh_pattern ^http://*.google.com/.*
refresh_pattern ^http://*.forummikrotik.com/.*
#default option
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320 store-stale
# ANTI VIRUS
refresh_pattern guru.avg.com/.*\.(bin)
43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload
reload-into-ims store-stale
refresh_pattern (avgate|avira).*(idx|gz)$
43200
999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims
store-stale
refresh_pattern kaspersky.*\.avc$
43200
store-stale
refresh_pattern kaspersky
43200
store-stale
refresh_pattern update.nai.com/.*\.(gem|zip|mcs)
43200
store-stale
refresh_pattern ^http:\/\/liveupdate.symantecliveupdate.com.*\(zip) 43200
store-stale
refresh_pattern windowsupdate.com/.*\.(cab|exe)
43200 999999% 129600 ignore-no-cache ignore-no-store ignore-reload
reload-into-ims store-stale
refresh_pattern update.microsoft.com/.*\.(cab|exe)
43200
store-stale
refresh_pattern download.microsoft.com/.*\.(cab|exe)
43200
store-stale
#IIX DOWNLOAD
refresh_pattern ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(mp3|rar|zip|
flv|wmv|3gp|mp(4|3)|exe|msi|zip) 43200 99999% 129600 reload-into-ims ignorereload override-expire ignore-no-cache ignore-no-store store-stale ignoreauth
zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
global_internal_static off
max_stale 10 years
retry_on_error on
buffered_logs on
read_ahead_gap 32 KB
header_access Accept-Encoding deny
client_persistent_connections on
server_persistent_connections on
half_closed_clients off
strip_query_terms off
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 100
vary_ignore_expire on
reload_into_ims on
pipeline_prefetch on
#range_offset_limit 50 KB
read_timeout 30 minutes
client_lifetime 6 hours
negative_ttl 30 seconds
positive_dns_ttl 6 hours
negative_dns_ttl 60 seconds
pconn_timeout 15 seconds
all
request_timeout 1 minute
store_avg_object_size 13 KB
log_icp_queries off
ipcache_size 16384
ipcache_low 98
ipcache_high 99
log_fqdn off
fqdncache_size 16384
memory_pools off
forwarded_for on
#cachemgr_passwd none info
cachemgr_passwd none all
client_db on
max_filedescriptors 8192
n_aiops_threads 24
#client_socksize 16 MB
load_check_stopen on
load_check_stcreate on
download_fastest_client_speed on
UPDATE
lapor gan..
scripts work like a charm...
ketimbang ketik panjang svn checkout http bla bla bla... cukup :
Code:
./update-lusca.sh
sh update-lusca.sh 14604
terupdate dah "source" + dah auto configure
Quote:
[Neo@bsdbox ~/lusca-head]$ ls -l
total 1666
drwxr-xr-x 34 Neo Neo 1536 Apr 5 10:41 LUSCA_HEAD-r14534
-rw-r--r-- 1 Neo Neo 1673886 Apr 5 10:42 LUSCA_HEAD-r14534.tar.bz2
oya udah ada yg pernah nyoba ini buat malware block di squid...di taro di bagian acl
Code:
http://www.malware.com.br/cgi/submit?action=list_squid
Code:
cd /etc/squid
http://squid-proxy-pkg.googlecode.com/files/storeurl-ubuntu.pl
chmod +x storeurl-ubuntu.pl
/etc/init.d/squid restart
di bandingin aja yang lama dengan yang baru hehehe,

dan kalau ngecache map google dan safesearch di google dan bing, bisa diaktifkan dng
menambah di storeurl:
Code:
if ($url =~ m@^http://([^\.]*\.)?bing\.[^\/]*/[^?]*\?.*@i) {
# Replace any previous safe directives
$url =~ s@(adlt=[^&]*&?)@@ig;
# Add safe search directive
$url .= '&adlt=strict&cc=au';
} elsif ($url =~ m@^http://([^\.]*\.)?google\.[^\/]*/[^?]*\?.*@i) {
# Replace any previous safe directives
$url =~ s@(safe=[^&]*&?)@@ig;
# Add safe search directive
$url .= '&safe=active';
}
Kemudian untuk caching google map, apa sudah benar kalau kita insert ini di
storeurl :
#google map
elsif (m/kh(.*?)\.google\.com(.*?)\/(.*?) /) {
print "http://keyhole-srv.google.com" . $2 . ".SQUIDINTERNAL/" . $3 .
"\n";
# print STDERR "KEYHOLE\n";
} elsif (m/mt(.*?)\.google\.com(.*?)\/(.*?) /) {
print "http://map-srv.google.com" . $2 . ".SQUIDINTERNAL/" . $3 .
"\n";
# print STDERR "MAPSRV\n";
}
dan di tunning.conf :
Code:
acl store_rewrite_list dstdomain mt.google.com mt0.google.com mt1.google.com
mt2.google.com
acl store_rewrite_list dstdomain mt3.google.com
acl store_rewrite_list dstdomain kh.google.com kh0.google.com kh1.google.com
kh2.google.com
acl store_rewrite_list dstdomain kh3.google.com khm0.google.com
khm1.google.com khm2.google.com khm3.google.com
acl store_rewrite_list dstdomain kh.google.com.au kh0.google.com.au
kh1.google.com.au
acl store_rewrite_list dstdomain kh2.google.com.au khc3.google.com.au
storeurl_access allow store_rewrite_list
Quote:
squid -v
Squid Cache: Version 2.7.STABLE9 build by grage95
configure options: '--prefix=/usr' '--exec_prefix=/usr' '--bindir=/usr/sbin' '--sbindir=/usr/sbin' '-libexecdir=/usr/lib/squid' '--sysconfdir=/etc/squid' '--localstatedir=/var/spool/squid' '-datadir=/usr/share/squid' '--enable-async-io=24' '--with-aufs-threads=24' '--with-pthreads' '-enable-storeio=aufs' '--enable-linux-netfilter' '--enable-arp-acl' '--enable-epoll' '--enableremoval-policies=heap' '--with-aio' '--with-dl' '--enable-snmp' '--enable-delay-pools' '--enablehtcp' '--enable-cache-digests' '--disable-wccp' '--disable-wccpv2' '--disable-unlinkd' '--enablelarge-cache-files' '--enable-linux-tproxy' '--with-large-files' '--with-maxfd=65536' 'amd64debian-linux' 'build_alias=amd64-debian-linux' 'host_alias=amd64-debian-linux'
'target_alias=amd64-debian-linux' 'CFLAGS=-Wall -g -O2' 'LDFLAGS=-Wl,-Bsymbolicfunctions' 'CPPFLAGS='
acl store_rewrite_list url_regex -i \.youtube\.com\/get_video\?
acl store_rewrite_list url_regex -i \.youtube\.com\/videoplayback
\.youtube\.com\/videoplay \.youtube\.com\/get_video\?
acl store_rewrite_list url_regex -i \.youtube\.[a-z][a-z]\/videoplayback
\.youtube\.[a-z][a-z]\/videoplay \.youtube\.[a-z][a-z]\/get_video\?
acl store_rewrite_list url_regex -i \.googlevideo\.com\/videoplayback
\.googlevideo\.com\/videoplay \.googlevideo\.com\/get_video\?
acl store_rewrite_list url_regex -i \.google\.com\/videoplayback

\.google\.com\/videoplay \.google\.com\/get_video\?
acl store_rewrite_list_domain url_regex ^http:\/\/([a-zA-Z-]+[0-9-]+)\.[A-Zaz]*\.[A-Za-z]*
acl store_rewrite_list_domain url_regex (([a-z]{1,2}[0-9]{1,3})|([0-9]{1,3}[az]{1,2}))\.[a-z]*[0-9]?\.[a-z]{3}
acl store_rewrite_list_path urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|
ico|flv|avc|zip|mp3|3gp|rar|on2|mar|exe)$
acl store_rewrite_list_domain_CDN url_regex \.rapidshare\.com.*\/[0-9]*\/.*\/
[^\/]* ^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*) \.doubleclick\.net.*
^htt
acl dontrewrite url_regex redbot\.org \.php (get_video|videoplayback\?id|
videoplayback.*id).*begin\=
acl getmethod method GET
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
storeurl_access
storeurl_access
storeurl_access
storeurl_access
storeurl_access
storeurl_access
storeurl_bypass
storeurl_access
deny dontrewrite
deny !getmethod
allow store_rewrite_list_domain_CDN
allow store_rewrite_list
allow store_rewrite_list_domain
allow store_rewrite_list_path
on
deny all
sh update-lusca.sh 14604
squidclient mgr:flushdns
squidclient mgr:flushfqdn
flussh all dns

flush memory
kalo fungsi kan dah jelas tuh bro..

- flushdns -> Flush all DNS (IP Cache) entries from memory cache.
- flushfqdn -> Flush all FQDN entries from memory cache.
para master squid mau numpang nanya...

caranya merubah ini (yang saya garis merah)...Gimana yaa...?
pengennya saya custom agar user tidak tau kalau kita pake squid
httpd_suppress_version_string on
forwarded_for on/of
but script crond cek servis pid squid, kalo ngadat langsung restart sendiri, dan kalau
masih ngadat juga bisa lompat ke command flush iptable/ipfw, jadi inet gak lama2
tewasnya, dan client aman sejahtera langsung direct ke inet
contoh freebsd, utk linux sesuaikan saja di rectorynya

Quote:
#!/bin/sh
# squidchek
pidpath=/usr/local/squid/logs
if test -r $pidpath/squid.pid; then
squidpid=$(cat $pidpath/squid.pid)
if $(kill -CHLD $squidpid >/dev/null 2>&1)
then
echo "Squid is running. Exit."
exit 0
fi
fi
echo "Squid isn't running. So let's run it."
if test -r /usr/local/etc/squid/squid.conf; then
/usr/bin/nice -20 /usr/local/sbin/squid -sYD /dev/null 2>&1
exit 0
fi
# if fail
echo "Wow! damn squid, kill ipfw !!"
/sbin/ipfw -F all
fi
exit 0
271981790.563
1 192.168.0.4 TCP_MEM_HIT/200 690 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/base173.kdc - NONE/- application/octetstream
1271981790.948
357 192.168.0.4 TCP_MISS/404 616 GET http://dnl14.geo.kaspersky.com/diffs/bases/av/kdb/i386/base333c.kdc.yl9 DIRECT/81.2.129.4 text/html
1271981790.962
1 192.168.0.4 TCP_MEM_HIT/200 21984 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/base333c.kdc - NONE/application/octet-stream
1271981791.416
357 192.168.0.4 TCP_MISS/404 616 GET http://dnl14.geo.kaspersky.com/diffs/bases/av/kdb/i386/basec50c.kdc.pkg DIRECT/81.2.129.4 text/html
1271981791.447
1 192.168.0.4 TCP_MEM_HIT/200 25934 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec50c.kdc - NONE/application/octet-stream
1271981791.877
358 192.168.0.4 TCP_MISS/404 616 GET http://dnl14.geo.kaspersky.com/diffs/bases/av/kdb/i386/basec63c.kdc.ga- DIRECT/81.2.129.4 text/html
1271981791.895
1271981792.306
357 192.168.0.4 TCP_MISS/404 616 GET http://dnl14.geo.kaspersky.com/diffs/bases/av/kdb/i386/basec74c.kdc.mcs DIRECT/81.2.129.4 text/html
1271981792.324
1271981792.360
1271981792.391
1271981792.423
1271981792.453
1271981792.486
1271981792.516
1 192.168.0.4 TCP_MEM_HIT/200 26145 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec7ac.kdc - NONE/application/octet-stream
1271981792.547
1 192.168.0.4 TCP_MEM_HIT/200 27014 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec7bc.kdc - NONE/application/octet-stream
1271981792.578
1 192.168.0.4 TCP_MEM_HIT/200 26703 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec7cc.kdc - NONE/application/octet-stream
1271981792.611
2 192.168.0.4 TCP_MEM_HIT/200 24161 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec7dc.kdc - NONE/application/octet-stream
1271981792.642
2 192.168.0.4 TCP_MEM_HIT/200 26907 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec7ec.kdc - NONE/application/octet-stream
1271981792.672
1 192.168.0.4 TCP_MEM_HIT/200 25314 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec7fc.kdc - NONE/application/octet-stream
1271981792.706
1271981792.735
1271981792.766
1271981792.797
1271981792.828
1271981792.861
1271981792.891
1271981792.924
1271981792.954
2 192.168.0.4 TCP_HIT/200 23023 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec88c.kdc - NONE/application/octet-stream
1271981792.985
1271981793.016
2 192.168.0.4 TCP_HIT/200 16767 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec8ac.kdc - NONE/application/octet-stream
1271981793.048
2 192.168.0.4 TCP_HIT/200 23316 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec8bc.kdc - NONE/application/octet-stream
1271981793.079
2 192.168.0.4 TCP_HIT/200 24429 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec8cc.kdc - NONE/application/octet-stream
1271981793.110
2 192.168.0.4 TCP_HIT/200 17310 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec8dc.kdc - NONE/application/octet-stream
1271981793.142
1 192.168.0.4 TCP_MEM_HIT/200 24012 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec8ec.kdc - NONE/application/octet-stream
1271981793.173
2 192.168.0.4 TCP_HIT/200 26353 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/basec8fc.kdc - NONE/application/octet-stream
1271981793.203
1271981793.632
357 192.168.0.4 TCP_MISS/404 616 GET http://dnl14.geo.kaspersky.com/diffs/bases/av/kdb/i386/ca003.kdc.ocu - DIRECT/81.2.129.4
text/html
1271981793.650
1 192.168.0.4 TCP_MEM_HIT/200 30435 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/ca003.kdc - NONE/- application/octetstream
1271981794.038
357 192.168.0.4 TCP_MISS/404 616 GET http://dnl14.geo.kaspersky.com/diffs/bases/av/kdb/i386/daily-ec.kdc.sw2 DIRECT/81.2.129.4 text/html
1271981794.056
1 192.168.0.4 TCP_MEM_HIT/200 1301 GET http://dnl14.geo.kaspersky.com/bases/av/kdb/i386/daily-ec.kdc - NONE/application/octet-stream
1271981802.228
358 192.168.0.4 TCP_REFRESH_HIT/200 10490 GET http://dnl14.geo.kaspersky.com/diffs/bases/aspy/aphish.dat.try - DIRECT/81.2.129.4
application/octet-stream
1271981802.994
355 192.168.0.4 TCP_REFRESH_HIT/200 24540 GET http://dnl14.geo.kaspersky.com/diffs/bases/aspy/aphish.dat.a3i - DIRECT/81.2.129.4
1271981803.767
357 192.168.0.4 TCP_REFRESH_HIT/200 16203 GET http://dnl14.geo.kaspersky.com/diffs/bases/aspy/aphish.dat.dgf - DIRECT/81.2.129.4
1271981804.334
357 192.168.0.4 TCP_MISS/404 616 GET http://dnl14.geo.kaspersky.com/diffs/bases/as/pas/cfbase-s.gsg.uoe - DIRECT/81.2.129.4
text/html
1271981804.708
355 192.168.0.4 TCP_REFRESH_HIT/200 50938 GET http://dnl14.geo.kaspersky.com/bases/as/pas/cfbase-s.gsg - DIRECT/81.2.129.4
1271981805.378
534 192.168.0.4 TCP_REFRESH_HIT/200 124002 GET http://dnl14.geo.kaspersky.com/diffs/bases/as/pas/as.trm.gb5 - DIRECT/81.2.129.4
1271981806.907
839 192.168.0.4 TCP_REFRESH_HIT/200 115673 GET http://dnl14.geo.kaspersky.com/diffs/bases/as/pas/as.trm.ktz - DIRECT/81.2.129.4
1271981807.951
354 192.168.0.4 TCP_MISS/404 616 GET http://dnl14.geo.kaspersky.com/diffs/bases/av/emu/i386/kjim.kdc.ycm - DIRECT/81.2.129.4
text/html
1271981807.969
1 192.168.0.4 TCP_MEM_HIT/200 16627 GET http://dnl14.geo.kaspersky.com/bases/av/emu/i386/kjim.kdc - NONE/- application/octetstream
1271981808.418
354 192.168.0.4 TCP_REFRESH_HIT/200 18662 GET http://dnl14.geo.kaspersky.com/diffs/bases/av/emu/i386/klavemu01.kdc.ude DIRECT/81.2.129.4 application/octet-stream
1271981809.427
355 192.168.0.4 TCP_REFRESH_HIT/200 18325 GET http://dnl14.geo.kaspersky.com/diffs/bases/av/emu/i386/klavemu01.kdc.srx DIRECT/81.2.129.4 application/octet-stream
1271981810.509
355 192.168.0.4 TCP_REFRESH_HIT/200 6428 GET http://dnl14.geo.kaspersky.com/diffs/bases/av/emu/i386/klavemu01.kdc.u8_ DIRECT/81.2.129.4 application/octet-stream
1271981811.446
358 192.168.0.4 TCP_REFRESH_HIT/200 69171 GET http://dnl14.geo.kaspersky.com/diffs/bases/av/emu/i386/klavemu02.kdc.6ck DIRECT/81.2.129.4 application/octet-stream
1271981812.479
528 192.168.0.4 TCP_REFRESH_HIT/200 71160 GET http://dnl14.geo.kaspersky.com/diffs/bases/av/emu/i386/klavemu02.kdc.luk DIRECT/81.2.129.4 application/octet-stream
1271981813.643
354 192.168.0.4 TCP_REFRESH_HIT/200 343 GET http://dnl14.geo.kaspersky.com/diffs/bases/ids/i386/idsbase.kdz.ran - DIRECT/81.2.129.4
1271981814.304
641 192.168.0.4 TCP_REFRESH_HIT/200 648457 GET http://dnl14.geo.kaspersky.com/bases/ids/i386/idsbase.kdz - DIRECT/81.2.129.4
1271981814.783
355 192.168.0.4 TCP_MISS/404 616 GET http://dnl14.geo.kaspersky.com/diffs/bases/info/news.kln.sw0 - DIRECT/81.2.129.4
text/html
1271981815.156
355 192.168.0.4 TCP_REFRESH_HIT/200 7610 GET http://dnl14.geo.kaspersky.com/bases/info/news.kln - DIRECT/81.2.129.4
1271981815.724
354 192.168.0.4 TCP_MISS/404 616 GET http://dnl14.geo.kaspersky.com/diffs/bases/parctl/pc0015.dat.jer - DIRECT/81.2.129.4
text/html
1271981816.093
354 192.168.0.4 TCP_REFRESH_HIT/200 1809 GET http://dnl14.geo.kaspersky.com/bases/parctl/pc0015.dat - DIRECT/81.2.129.4
1271981816.518
355 192.168.0.4 TCP_MISS/404 616 GET http://dnl14.geo.kaspersky.com/diffs/bases/pdm/pdmkl.dat.ddb - DIRECT/81.2.129.4
text/html
1271981816.888
354 192.168.0.4 TCP_REFRESH_HIT/200 44490 GET http://dnl14.geo.kaspersky.com/bases/pdm/pdmkl.dat - DIRECT/81.2.129.4
1271981817.310
355 192.168.0.4 TCP_REFRESH_HIT/200 343 GET http://dnl14.geo.kaspersky.com/diffs/bases/ssa/tsw.avz.s4i - DIRECT/81.2.129.4
1271981817.677
354 192.168.0.4 TCP_REFRESH_HIT/200 5831 GET http://dnl14.geo.kaspersky.com/bases/ssa/tsw.avz - DIRECT/81.2.129.4 application/octetstream
1271981818.268
356 192.168.0.4 TCP_REFRESH_HIT/200 2418 GET http://dnl14.geo.kaspersky.com/diffs/bases/vlns/vlns000.kdc.p8- - DIRECT/81.2.129.4
1271981818.699
355 192.168.0.4 TCP_REFRESH_HIT/200 3853 GET http://dnl14.geo.kaspersky.com/diffs/bases/vlns/vlns000.kdc.orn - DIRECT/81.2.129.4
1271981819.238
356 192.168.0.4 TCP_REFRESH_HIT/200 2055 GET http://dnl14.geo.kaspersky.com/diffs/bases/vlns/vlns000.kdc.brx - DIRECT/81.2.129.4
1271981820.073
709 192.168.0.4 TCP_REFRESH_HIT/200 343 GET http://dnl14.geo.kaspersky.com/diffs/bases/vlns/vlns001.kdc.jig - DIRECT/81.2.129.4
1271981820.093
2 192.168.0.4 TCP_HIT/200 33844 GET http://dnl14.geo.kaspersky.com/bases/vlns/vlns001.kdc - NONE/- application/octet-stream
1271981820.515
359 192.168.0.4 TCP_REFRESH_HIT/200 659 GET http://dnl14.geo.kaspersky.com/diffs/bases/vlns/vlns003.kdc.sq6 - DIRECT/81.2.129.4
1271981820.920
357 192.168.0.4 TCP_REFRESH_HIT/200 1090 GET http://dnl14.geo.kaspersky.com/diffs/bases/vlns/vlns003.kdc.dvf - DIRECT/81.2.129.4
1271981821.361
358 192.168.0.4 TCP_REFRESH_HIT/200
14.geo.kaspersky.com/diffs/bases/vlns/vlns004.kdc.4r1
1271981821.827
359 192.168.0.4 TCP_REFRESH_HIT/200
14.geo.kaspersky.com/diffs/bases/vlns/vlns005.kdc.dvk
1187 GET http://dnl- DIRECT/81.2.129.4

343 GET http://dnl- DIRECT/81.2.129.4
refresh_pattern
Code:
refresh_pattern kaspersky.*\.kdc$
5259487 999999% 5259487 ignore-reload
store-stale
refresh_pattern kaspersky
1440 50% 161280
ignore-nocache store-stale
cachemgr_passwd rahasia all

kalau hanya readonly saja dan tidak ingin bisa mengeksekusi shutdown dan melihat
config :
cachemgr_passwd none info
Originally Posted by deddychan

ngomong2 masalah itu, mau numpang nanya deh.
itu cara cek file permisionnya gimana yaa?
sebenernya mod standar/baku yang di perlukan untuk instal squid/lusca??
oh ya kalo mo cek package yang terinstall di ubuntu gimana sih? tasksel bukan??
kalo yang ane tau sih tergantung isi dari squid.conf ente bro.
cache_effective_user proxy
cache_effective_group proxy
yaaa jadinya proxy roxy
CMIIW.......
cek file permision, attribut dan group wner, paling mudah pake program WINSCP
login pake user root, tinggal cari file atau foldernya klik kanan, properties... dan set dah...
1023x575.
ow ya jgn lupa install dulu vsftpd di linuxnya...

klo cek package yg terinstall
ketik aptitude di terminal linux, dan lihat installed package...
CMIIW
yup, patch & mesti di compile ulang..
pk svn gitu lebih enak, tinggal masuk ke dir lusca-cache-read-only
Code:
./bootstrap.sh
source Lusca_Head w/ update terbaru siap di pake..

or pake scripts seperti yg bro siber ksh di hal sebelumnye.. atau
scripts-update
sama aja, tinggal ganti RELVER=$1 dengan release paling baru & WORKDIR aturable aja ..
#!/bin/sh
WORKDIR=/tmp/lusca
RELVER=$1
mkdir -p ${WORKDIR} || exit 1

svn export -r ${RELVER} https://luscacache.googlecode.com/svn/branches/LUSCA_HEAD ${WORKDIR}/LUSCA_HEAD-r${RELVER}
|| exit 1
# rewrite the AC_INIT LUSCA_HEAD entry in configure.in
cat ${WORKDIR}/LUSCA_HEAD-r${RELVER}/configure.in | sed
"s@LUSCA_HEAD@LUSCA_HEAD-r${RELVER}@" > ${WORKDIR}/LUSCA_HEAD-r$
{RELVER}/configure.in.new || exit 1
mv ${WORKDIR}/LUSCA_HEAD-r${RELVER}/configure.in.new ${WORKDIR}/LUSCA_HEAD-r$
{RELVER}/configure.in || exit 1
# run autoconf/automake
cd ${WORKDIR}/LUSCA_HEAD-r${RELVER} || exit 1
sh bootstrap.sh || exit 1
# generate tarball
cd ${WORKDIR} || exit 1
tar cvf LUSCA_HEAD-r${RELVER}.tar LUSCA_HEAD-r${RELVER} || exit 1
gzip -9 LUSCA_HEAD-r${RELVER}.tar || exit 1
# done!
hihi.. rinci nya gini (asumsi subversion dah sukses terinstall..)

terus seumpama nih kita lagi berada di directory taroh aja /root yaa.. execute cmd
Code:
svn checkout http://lusca-cache.googlecode.com/svn/branches/LUSCA_HEAD/ luscahead
nah ntar semua source update lusca ada di dir /root/lusca-head

agar nanti bisa compile dari dir ~/lusca-head kita bangkit kan dolo configure nya
Code:
cd ~/lusca-head
./bootstrap.sh
selesai tahap ini, source udah siap kok utk di compile, kekurangannya di Lusca ente ntar gak ada
embel revisi, kalo mau bisa edit manual di configure.in nya.
#EOF-1
#-------$
atau Alternative lainnya pakai cara berikut, agar di belakang Lusca nya ntar ada embel revisi ..
kalo di freebsd go to directory /usr/local/sbin (kalo di linux /usr/sbin/) kalo gak salah..
Code:
touch lusca.sh
chmod +x lusca.sh
paste scripts berikut :

Code:
#!/bin/sh
WORKDIR=/tmp/lusca
RELVER=$1
|| exit 1
# generate tarball
# done!
dari scripts tsb kita mesti masukin manual revisi terbaru lusca, misal rev. baru r14705, di scripts
kita ganti :
Code:
#!/bin/sh
WORKDIR=/tmp/lusca
RELVER=14705
|| exit 1

# generate tarball
# done!
kalo udah tinggal jalanin command

Code:
lusca.sh <enter>
check di dir /tmp/lusca seharus na dah ada d sono source yg udah include revisi, dah autoconf, &
sekalian di zip buat arsip
#EOF-2
#------$
UPDATE
hihi.. rinci nya gini (asumsi subversion dah sukses terinstall..)
terus seumpama nih kita lagi berada di directory taroh aja /root yaa.. execute cmd
Code:
svn checkout http://lusca-cache.googlecode.com/svn/branches/LUSCA_HEAD/ luscahead
nah ntar semua source update lusca ada di dir /root/lusca-head

agar nanti bisa compile dari dir ~/lusca-head kita bangkit kan dolo configure nya
Code:
cd ~/lusca-head
./bootstrap.sh
selesai tahap ini, source udah siap kok utk di compile, kekurangannya di Lusca ente ntar gak ada
embel revisi, kalo mau bisa edit manual di configure.in nya.
#EOF-1
#-------$
atau Alternative lainnya pakai cara berikut, agar di belakang Lusca nya ntar ada embel revisi ..
kalo di freebsd go to directory /usr/local/sbin (kalo di linux /usr/sbin/) kalo gak salah..
touch lusca.sh
chmod +x lusca.sh
Code:
paste scripts berikut :
#!/bin/sh
WORKDIR=/tmp/lusca
RELVER=$1
|| exit 1
# generate tarball
# done!
dari scripts tsb kita mesti masukin manual revisi terbaru lusca, misal rev. baru
r14705, di scripts kita ganti :
#!/bin/sh
WORKDIR=/tmp/lusca
RELVER=14705
|| exit 1
# generate tarball
# done!
kalo udah tinggal jalanin command

Code:
lusca.sh <enter>
check di dir /tmp/lusca seharus na dah ada d sono source yg udah include revisi, dah autoconf, &
sekalian di zip buat arsip
#EOF-2
#------$
TEST RUNNING
Quote:
./bootstrap.sh: 90: aclocal: not found

aclocal failed
Autotool bootstrapping failed. You will need to investigate and correct
before you can develop on this source tree
huhuhuuuuu .. muacak tok ...
padahal asli ra iso ...
dah proses terakhir trus kek gini, knp ya?

Code:
Exported revision 14707.
automake :
autoconfg:
Bootstrapping
bootstrap.sh: 90: aclocal: not found
aclocal failed
Autotool bootstrapping failed. You will need to investigate and correct
before you can develop on this source tree
mudah2an membantu...
kayaknya kurang ini
Quote:
Install package automake1.9 - aclocal is part of that package.
UPDATE
soko mbahe lusca
hxxp://code.google.com/p/lusca-cache/wiki/AutoTools
lek kate gawe script auto download svn (hxxp://lusca-cache.googlecode.com/svnhistory/r14513/branches/releng/freebsd/build-rel),
rak usah ganti $1 ambek versi, langsung ae soko command
build-rel xxxx
xxx ganti ambek versi sing pengen di sruput
misale kate nyeruput rasa versi 14705:
tinggak ketik wae :
build-rel 14705
lek kate gawe auotobuild & auto install, langsung wae tambahi nang isore script mau :
Code:
./configure --anu-directory-anu --enable-anunya --disable-anu-nya dst ...
make
make install
/etc/init.d/squid restart || exit 1
jadi sekali command langsung iso ditinggal pokeran wis automatic binaryne ke update
kog gini ya gan ...
root@proxy:~# ./update.sh
svn: Syntax error in revision argument 'https://luscacache.googlecode.com/svn/branches/LUSCA_HEAD'
syntakxnya salah,
yang benar ini
Quote:
tinggak ketik wae :
build-rel 14705
kalau namanya update.sh
./update.sh 14705
dan di script update.sh harus RELVER=$1
jangan di kasih angka misalnya RELVER=1234
thanks bro kweteng tambahan info nya, jd gak perlu repot manual ganti rev di scriptsnya..
soal nama scripts gak jd soal.. as long as ntu scripts berada di directory
/usr/local/sbin/ (fbsd) or' /usr/sbin/ (linux), cmd langsung aja..
Code:
update.sh
or apalah sesuai yg dibuat..

selain dir tsb, ya masuk ke dir dimana scripts berada, and pakai ./update.sh untuk execute nya..
satu lagi kelupaan, jgn lupa autoconf & automake dah terinstall yaa di system ente..
update
update-lusca 14635 && rehash && /usr/local/etc/rc.d/squid restart
Linux like free command for FreeBSD

Freecolor is a free replacement that displays free memory graphically as a bargraph. It supports
the same options as free. Install freecolor, enter:
# cd /usr/ports/sysutils/freecolor
# make install clean
To see memory details, enter:

$ freecolor -m -o
Sample output:
Mem:
Swap:
total
4082
2048
used
825
0
free
3256
2047
shared
0
buffers
0
cached
117
used
free
825
3256
0
2047
826 (used) +
shared
0
buffers
0
cached
117
$ freecolor -t -m -o
Sample output:
Mem:
Swap:
Total:
total
4082
2048
6130 = (
5421 (free))
tentang utak atik debug di squid/lusca cache

http://code.google.com/p/lusca-cache/wiki/DebugLevels
kalau pengen gak bissing pake ini aja utk All hehe
debug_options ALL,1 98,1
cuman utk nyari triak error kadang bingung, soalnya errornya gak kelurar messagenya apa
Quote:
Logging options are set as section,level where each source file

is assigned a unique section. Lower levels result in less
output, Full debugging (level 9) can result in a very large
log file, so be careful.
The magic word "ALL" sets debugging levels for all sections.
We recommend normally running with "ALL,1".
The rotate=N option can be used to keep more or less of these logs
than would otherwise be kept by logfile_rotate.
For most uses a single log should be enough to monitor current
events affecting Squid
help gan, Number of clients accessing cache: kok = 0

ternyata mas Rh354 yng punya settingan juga, dah masuk forum mikrotik (sory mas,, ane
copas g bilang2)
ganti client_db off menjadi on
client_db on
client_db off = menghemat memory, si squid tidak harus mengcounter statistik tiap client
link-DL
http://www.forummikrotik.com/redirect-to/?redirect=http%3A%2F%2Fcode.google.com%2Fp
%2Flusca-cache%2Fissues%2Fdetail%3Fid%3D27
taroh file .diff nya di source lusca, and then
Code:
patch -p0 < nama-patch.diff
kemudian rebuild lagi lusca dari awal :
Code:
make distclean
./configure --option --option..
make && make install
ini lagi progress di test gan (r14718)

disable AUFS
Code:
# DISK CACHE OPTIONS
#
-----------------------------------------------------------------------------$
cache_replacement_policy heap LFUDA
cache_dir coss /cache01/coss 16384 block-size=2048 max-size=65536
#cache_dir aufs /cache02 32768 64 256 min-size=65536
rebuild storage (squid -z)

test site yg belon tercache
Code:
1277771569.169
1249 192.168.0.100 TCP_MISS/200 4854 GET
http://www.riakbumi.or.id/ - DIRECT/69.163.138.86 text/html
1277771570.619
654 192.168.0.100 TCP_MISS/200 1500 GET
http://www.riakbumi.or.id/images/favicon.ico - DIRECT/69.163.138.86 image/xicon
1277771570.641
662 192.168.0.100 TCP_MISS/200 1138 GET
http://www.riakbumi.or.id/images/bt_events.jpg - DIRECT/69.163.138.86
image/jpeg
1277771570.659
681 192.168.0.100 TCP_MISS/200 1935 GET
http://www.riakbumi.or.id/images/bt_friend_DS.jpg - DIRECT/69.163.138.86
image/jpeg
1277771570.683
743 192.168.0.100 TCP_MISS/200 5729 GET
http://www.riakbumi.or.id/templates/rbv3_front/riakbumi_front.css DIRECT/69.163.138.86 text/css
1277771570.691
717 192.168.0.100 TCP_MISS/200 1495 GET
http://www.riakbumi.or.id/images/bt_danau_sentarum.jpg - DIRECT/69.163.138.86
image/jpeg
1277771570.735
756 192.168.0.100 TCP_MISS/200 1231 GET
http://www.riakbumi.or.id/images/bt_activity.jpg - DIRECT/69.163.138.86
image/jpeg
1277771570.968
316 192.168.0.100 TCP_MISS/200 1269 GET
http://www.riakbumi.or.id/images/bt_products.jpg - DIRECT/69.163.138.86
image/jpeg
1277771571.030
333 192.168.0.100 TCP_MISS/200 1511 GET
http://www.riakbumi.or.id/images/bt_bekakak.jpg - DIRECT/69.163.138.86
image/jpeg
1277771571.109
358 192.168.0.100 TCP_MISS/200 1615 GET
http://www.riakbumi.or.id/images/bt_register.jpg - DIRECT/69.163.138.86
image/jpeg
1277771571.305
326 192.168.0.100 TCP_MISS/200 1746 GET
http://www.riakbumi.or.id/images/bt_profile_riakbumi.jpg DIRECT/69.163.138.86 image/jpeg
setelah ter-cache
Code:
1277771671.274
2 192.168.0.100 TCP_MEM_HIT/200 5738 GET
http://www.riakbumi.or.id/templates/rbv3_front/riakbumi_front.css - NONE/text/css
1277771671.305
2 192.168.0.100 TCP_MEM_HIT/200 19996 GET
http://www.riakbumi.or.id/templates/rbv3_front/images/riakbumi-header.jpg NONE/- image/jpeg
1277771671.319
1 192.168.0.100 TCP_MEM_HIT/200 3993 GET
http://www.riakbumi.or.id/templates/rbv3_front/images/menu_cover_story.jpg NONE/- image/jpeg
1277771671.405
1 192.168.0.100 TCP_MEM_HIT/200 907 GET
http://www.riakbumi.or.id/templates/rbv3_front/images/menu_update.gif - NONE/image/gif
1277771671.540
1 192.168.0.100 TCP_MEM_HIT/200 1624 GET
http://www.riakbumi.or.id/images/bt_register.jpg - NONE/- image/jpeg
1277771671.784
1 192.168.0.100 TCP_MEM_HIT/200 2931 GET
http://www.riakbumi.or.id/images/manual_madu.jpg - NONE/- image/jpeg
1277771672.194
1 192.168.0.100 TCP_MEM_HIT/200 2196 GET
http://www.riakbumi.or.id/templates/rbv3_front/images/menu_events.jpg - NONE/image/jpeg
1277771672.486
1 192.168.0.100 TCP_MEM_HIT/200 4331 GET
http://www.riakbumi.or.id/templates/rbv3_front/images/menu_friendDS.jpg NONE/- image/jpeg
tinggal tunggu swap ke disk, restart and let's we see.. apakah msh HIT
kmrn coba kyk gini di r14635 msh HIT
copy/paste to text editor & beri nama async-issue.diff

Code:
--- src/client_side_async_refresh.c
2010-05-20 16:19:09.000000000 +0700
+++ src/client_side_async_refresh.c
2010-07-04 10:41:59.000000000 +0700
@@ -76,6 +76,8 @@
accessLogLog(&al, ch);
aclChecklistFree(ch);
storeClientUnregister(async->sc, async->entry, async);
+
+
storeUnlockObject(async->entry->mem_obj->old_entry);
async->entry->mem_obj->old_entry = NULL;
storeUnlockObject(async->entry);
storeUnlockObject(async->old_entry);
requestUnlink(async->request);
@@ -129,6 +131,8 @@
async->entry = storeCreateEntry(url,
request->flags,
request->method);
+
if (request->store_url)
+
storeEntrySetStoreUrl(async->entry, request->store_url);
async->entry->mem_obj->old_entry = async->old_entry;
storeLockObject(async->entry->mem_obj->old_entry);
async->sc = storeClientRegister(async->entry, async);
copy/paste to text editor & beri nama improve-nn-parser.diff

Code:
--- lib/rfc1738.c
2009-11-05 11:56:18.000000000 +0700
+++ lib/rfc1738.c
2010-07-04 11:09:32.000000000 +0700
@@ -204,30 +204,39 @@
* rfc1738_unescape() - Converts escaped characters (%xy numbers) in
* given the string. %% is a %. %ab is the 8-bit hexadecimal number "ab"
*/
+static inline int
+fromhex(char ch)
+{
+
if (ch >= '0' && ch <= '9')
+
return ch - '0';
+
if (ch >= 'a' && ch <= 'f')
+
return ch - 'a' + 10;
+
if (ch >= 'A' && ch <= 'F')
+
return ch - 'A' + 10;
+
return -1;
+}
+
void
-rfc1738_unescape(char *s)
+rfc1738_unescape(char *s_)
{
char hexnum[3];
+
unsigned char *s = (unsigned char *) s_;
int i, j;
/* i is write, j is read */
unsigned int x;
for (i = j = 0; s[j]; i++, j++) {
s[i] = s[j];
if (s[i] != '%')
continue;
if (s[j + 1] == '%') { /* %% case */
j++;
continue;
}
if (s[j + 1] && s[j + 2]) {
+
+
+
+
+
+
+
+
+
+
+
not +)
+
+
+
if (s[j + 1] == '0' && s[j + 2] == '0') { /* %00 case */

j += 2;
continue;
}
hexnum[0] = s[j + 1];
hexnum[1] = s[j + 2];
hexnum[2] = '\0';
if (1 == sscanf(hexnum, "%x", &x)) {
s[i] = (char) (0x0ff & x);
if (s[j] != '%') {
/* normal case, nothing more to do */
} else if (s[j + 1] == '%') { /* %% case */
j++;
/* Skip % */
} else {
/* decode */
char v1, v2;
int x;
v1 = fromhex(s[j + 1]);
v2 = fromhex(s[j + 2]);
/* fromhex returns -1 on error which brings this out of range (|,
*/
x = v1 << 4 | v2;
if (x > 0 && x <= 255) {
s[i] = x;
j += 2;
}
}
apply @lusca-r14718
conf COSS as a single file :

Code:
cache_dir coss /cache01/coss 16384 block-size=2048 max-size=65536
cache_dir aufs /cache02 32768 64 256 min-size=65536
cache_swap_log /var/spool/squid/%s
--enable-dependency-tracking
do not reject slow dependency extractors
--enable-dlmalloc=LIB Compile & use the malloc package by Doug Lea
--enable-gnuregex
Compile GNUregex. Unless you have reason to use
this
option, you should not enable it. This library file
is usually only required on Windows and very old
Unix boxes which do not have their own regex library
built in.
--enable-mempool-debug Include MemPool debug verifications
--enable-xmalloc-statistics
Show malloc statistics in status page
--enable-async-io=N_THREADS
Shorthand for
--with-aufs-threads=N_THREADS
--enable-storeio=aufs
--enable-storeio="list of modules"
Build support for the list of store I/O modules.
The default is only to build the "ufs" module.
See src/fs for a list of available modules, or
Programmers Guide section <not yet written>
for details on how to build your custom store module
--enable-heap-replacement
Backwards compatibility option. Please use the
new --enable-removal-policies directive instead.
--enable-removal-policies="list of policies"
Build support for the list of removal policies.
The default is only to build the "lru" module.
See src/repl for a list of available modules, or
Programmers Guide section 9.9 for details on how
to build your custom policy
--enable-icmp
Enable ICMP pinging
--enable-delay-pools
Enable delay pools to limit bandwidth usage
--enable-useragent-log Enable logging of User-Agent header
--enable-referer-log
Enable logging of Referer header
--disable-wccp
Disable Web Cache Coordination V1 Protocol
--disable-wccpv2
Disable Web Cache Coordination V2 Protocol
--enable-kill-parent-hack
Kill parent on shutdown
--enable-forward-log
Enable experimental forward_log directive
--enable-multicast-miss Enable experimental multicast notification of
cachemisses
--enable-snmp
Enable SNMP monitoring
--enable-cachemgr-hostname=hostname
Make cachemgr.cgi default to this host
--enable-arp-acl
Enable use of ARP ACL lists (ether address)
--enable-htcp
Enable HTCP protocol
--enable-ssl
Enable ssl gatewaying support using OpenSSL
--enable-forw-via-db
Enable Forw/Via database
--enable-cache-digests Use Cache Digests
see http://www.squid-cache.org/FAQ/FAQ-16.html
--enable-default-err-language=lang
Select default language for Error pages (see
errors directory)
--enable-err-languages=\"lang1 lang2..\"
Select languages to be installed. (All will be
installed by default)
--enable-select
Force the use of select support.
Normally configure automatically selects a better
alternative if available.
--disable-select
Disable select support, causing configure to fail
if a better alternative is not available
--enable-select-simple Force the use of select support (POSIX).
Useful if your system only supports the bare minium

POSIX select requirements without fds_bits.
--enable-poll
Force the use of poll even if automatic checks
indicate poll may be broken on your plaform.
--disable-poll
Disable the use of poll.
--enable-epoll
Force the use of epoll even if automatic checks
indicate epoll may not be supported.
--disable-epoll
Disable the use of epoll.
--enable-kqueue
Force the use of kqueue even if automatic checks
indicate kqueue may not be supported.
--disable-kqueue
Disable kqueue support.
--enable-devpoll
Use Solaris /dev/poll instead of poll
--enable-eventports
Use Solaris event ports instead of poll
--disable-http-violations
This allows you to remove code which is known to
violate the HTTP protocol specification.
--enable-ipf-transparent
Enable Transparent Proxy support for systems
using IP-Filter network address redirection.
--enable-pf-transparent
Enable Transparent Proxy support for systems
using PF network address redirection.
--enable-linux-netfilter
Enable Transparent Proxy support for Linux 2.4 and
later
--enable-large-cache-files
Enable support for large cache files (>2GB).
WARNING: on-disk cache format is changed by this
option
--enable-linux-tproxy
Enable real Transparent Proxy support for Netfilter
TPROXY v2.
--enable-linux-tproxy4
Enable real Transparent Proxy support for Netfilter
TPROXY v4.
--enable-freebsd-tproxy
Enable IP source-address spoofing with FreeBSD.
--enable-leakfinder
Enable Leak Finding code. Enabling this alone
does nothing; you also have to modify the source
code to use the leak finding functions. Probably
Useful for hackers only.
--disable-ident-lookups
This allows you to remove code that performs
Ident (RFC 931) lookups.
--enable-truncate
This uses truncate() instead of unlink() when
removing cache files. Truncate gives a little
performance improvement, but may cause problems
when used with async I/O. Truncate uses more
filesystem inodes than unlink..
--enable-default-hostsfile=path
Select default location for hosts file.
See hosts_file directive in squid.conf for details
--enable-win32-service Compile Squid as a WIN32 Service
Works only on Windows NT and Windows 2000 Platforms.
--enable-auth="list of auth scheme modules"

Build support for the list of authentication
schemes.
The default is to build support for the Basic
scheme.
See src/auth for a list of available modules, or
Programmers Guide section authentication schemes
for details on how to build your custom auth scheme
module
--enable-basic-auth-helpers="list of helpers"
This option selects which basic scheme proxy_auth
helpers to build and install as part of the normal
build process. For a list of available
helpers see the helpers/basic_auth directory.
--enable-ntlm-auth-helpers="list of helpers"
This option selects which proxy_auth ntlm helpers
to build and install as part of the normal build
process. For a list of available helpers see
the helpers/ntlm_auth directory.
--enable-digest-auth-helpers="list of helpers"
This option selects which digest scheme proxy_auth
build process. For a list of available helpers see
the
helpers/digest_auth directory.
--enable-negotiate-auth-helpers="list of helpers"
This option selects which negotiate scheme
authentication
build
process. For a list of available helpers see the
helpers/negotiate_auth directory.
--enable-ntlm-fail-open Enable NTLM fail open, where a helper that fails one
of the
Authentication steps can allow squid to still
authenticate
the user.
--enable-external-acl-helpers="list of helpers"
This option selects which external_acl helpers to
build and install as part of the normal build
process. For a list of available helpers see the
helpers/external_acl directory.
--disable-unlinkd
Do not use unlinkd
--enable-stacktraces
Enable automatic call backtrace on fatal errors
--enable-x-accelerator-vary
Enable support for the X-Accelerator-Vary
HTTP header. Can be used to indicate
variance within an accelerator setup.
Typically used together with other code
that adds custom HTTP headers to the requests.
--enable-follow-x-forwarded-for
Enable support for following the X-Forwarded-For
HTTP header to try to find the IP address of the
original or indirect client when a request has
been forwarded through other proxies.
--disable-caps
privileges
disable usage of Linux capabilities library to control
Optional Packages:
--with-PACKAGE[=ARG]
use PACKAGE [ARG=yes]
--without-PACKAGE
do not use PACKAGE (same as --with-PACKAGE=no)
--with-valgrind-debug
Include debug instrumentation for use with valgrind
--with-aufs-threads=N_THREADS
Tune the number of worker threads for the aufs
object
store.
--with-pthreads
Use POSIX Threads
--with-aio
Use POSIX AIO
--with-dl
Use dynamic linking
--without-system-md5
Disable the use of any system provided MD5
Implementation forcing fallback on the internal
implementation shipped with Squid
--with-openssl=prefix
Compile with the OpenSSL libraries. The path to
the OpenSSL development libraries and headers
installation can be specified if outside of the
system standard directories
--with-coss-membuf-size COSS membuf size (default 1048576 bytes)
--with-large-files
Enable support for large files (logs etc).
--with-build-environment=model
The build environment to use. Normally one of
POSIX_V6_ILP32_OFF32
32 bits
POSIX_V6_ILP32_OFFBIG 32 bits with large file
support
POSIX_V6_LP64_OFF64
64 bits
POSIX_V6_LPBIG_OFFBIG large pointers and files
XBS5_ILP32_OFF32
32 bits (legacy)
XBS5_ILP32_OFFBIG
32 bits with large file
support (legacy)
XBS5_LP64_OFF64
64 bits (legacy)
XBS5_LPBIG_OFFBIG
large pointers and files
(legacy)
default
The default for your OS
--with-maxfd=N
Override maximum number of filedescriptors. Useful
if you build as another user who is not privileged
to use the number of filedescriptors you want the
resulting binary to support
Some influential environment variables:
CC
C compiler command
CFLAGS
C compiler flags
LDFLAGS
linker flags, e.g. -L<lib dir> if you have libraries in a
nonstandard directory <lib dir>
LIBS
libraries to pass to the linker, e.g. -l<library>
CPPFLAGS
C/C++/Objective C preprocessor flags, e.g. -I<include dir> if
you have headers in a nonstandard directory <include dir>
CPP
C preprocessor
Use these variables to override the choices made by `configure' or to help
it to find libraries and programs with nonstandard names/locations.
CHOST="i386-debian-linux" \
CFLAGS="-Wall -g -O2" \
./configure --prefix=/usr --exec_prefix=/usr --bindir=/usr/sbin --sbindir=/usr/sbin
--libexecdir=/usr/lib/squid --sysconfdir=/etc/squid --localstatedir=/var/spool/squid
--datadir=/usr/share/squid --enable-async-io --with-pthreads --enable-storeio=aufs,coss
--enable-arp-acl --enable-epoll --with-coss-membuf-size=33554432 --disable-auth --disableunlinkd --with-aio --with-dl --enable-removal-policies=heap --enable-snmp --enable-delaypools --enable-htcp --disable-ident-lookups --disable-wccp --disable-wccpv2 --disable-select
--enable-err-languages=English --enable-default-err-language=English --with-large-files
--enable-linux-netfilter --enable-large-cache-files
speisifik set CFLAGS disini :
http://en.gentoo-wiki.com/wiki/Safe_Cflags/Intel
http://en.gentoo-wiki.com/wiki/Safe_Cflags/AMD

LUSCA

Diunggah oleh

Informasi Dokumen

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

LUSCA

Diunggah oleh

Hak Cipta:

Format Tersedia

[ARCHIVE] SQUID & LUSCA Proxy High performance + Caching dynamic content

NEW LUSCA Release 14410 (SVN checkout 16 February 2010)

copy patse dr bawah

[SQUID] squid-2.7.STABLE8 khusus ubuntu/debian i386

Update Package squid-2.7.STABLE9

silahkan sesuaikan dulu squid.conf di /etc/squid/squid.conf dengan kondisi di tempat anda

* itu tergantung topologi networknya om,

See sysctl(8) and

# Controls the maximum size of a message, in bytes

setelah di save, baru di sysctl -p

Squid Cache: Version 2.7.STABLE8-20100216

tunninf.conf bisa di gunakan, asal sudah di patch.

cache_log itu sangat penting utk debugging

squidclient mgr:config | grep cache_dir

Tips biar ngacir:

1 gb cache membutuhkan 10 mb ram. Jadi silahkan dikira2 berapa cache yg layak

cache_dir coss /cache1/coss 16384 max-size=65535 block-size=4096

kalo utk di contoh bro siber 16 Gb, kira

jd utk 16Gb amannya pake block-size=1024

block-size=512 - 8GB Max cache_dir size

sudah membaca yang sudah di quote itu ???

silahkan baca2 manual squid.conf.default

allow manager localhost

# Always allow localhost connections

# refresh pattern for specific sites

terupdate dah "source" + dah auto configure

di bandingin aja yang lama dengan yang baru hehehe,

acl store_rewrite_list url_regex -i \.google\.com\/videoplayback

flussh all dns

kalo fungsi kan dah jelas tuh bro..

para master squid mau numpang nanya...

contoh freebsd, utk linux sesuaikan saja di rectorynya

1187 GET http://dnl- DIRECT/81.2.129.4

cachemgr_passwd rahasia all

Originally Posted by deddychan

ow ya jgn lupa install dulu vsftpd di linuxnya...

source Lusca_Head w/ update terbaru siap di pake..

mkdir -p ${WORKDIR} || exit 1

hihi.. rinci nya gini (asumsi subversion dah sukses terinstall..)

nah ntar semua source update lusca ada di dir /root/lusca-head

paste scripts berikut :

# rewrite the AC_INIT LUSCA_HEAD entry in configure.in

kalo udah tinggal jalanin command

nah ntar semua source update lusca ada di dir /root/lusca-head

kalo udah tinggal jalanin command

./bootstrap.sh: 90: aclocal: not found

huhuhuuuuu .. muacak tok ...

padahal asli ra iso ...

dah proses terakhir trus kek gini, knp ya?

or apalah sesuai yg dibuat..

Linux like free command for FreeBSD

To see memory details, enter:

tentang utak atik debug di squid/lusca cache

Logging options are set as section,level where each source file

help gan, Number of clients accessing cache: kok = 0

kemudian rebuild lagi lusca dari awal :

ini lagi progress di test gan (r14718)

rebuild storage (squid -z)

copy/paste to text editor & beri nama async-issue.diff

copy/paste to text editor & beri nama improve-nn-parser.diff

if (s[j + 1] == '0' && s[j + 2] == '0') { /* %00 case */

conf COSS as a single file :

Useful if your system only supports the bare minium

--enable-auth="list of auth scheme modules"