SHARE SQUID.CONF kamu disini

queues

Cara merubah settingan /usr/local/etc/squid/squid.conf gmana supaya bisa tetap/save selamanya?
saya sdh beberapa kali rubah settingan dengan webGUI, langsung via Diagnostics: Edit file. saya load terus saya rubah settingan, setelah itu saya save. terus saya coba beberapa saat dan saya restart squidnya, saya buka lagi /usr/local/etc/squid/squid.conf via Diagnostics: Edit file, settingannya berubah lagi kembali seperti semula. Biar bisa ke save gmana caranya?

Mohon Pencerahannya, Thank You..!

NB : Sya juga sudah coba memakai Winscp tetap berubah ke settingan awal [tidak tersave]

kaptenhook

@QueueS:

Cara merubah settingan /usr/local/etc/squid/squid.conf gmana supaya bisa tetap/save selamanya?
saya sdh beberapa kali rubah settingan dengan webGUI, langsung via Diagnostics: Edit file. saya load terus saya rubah settingan, setelah itu saya save. terus saya coba beberapa saat dan saya restart squidnya, saya buka lagi /usr/local/etc/squid/squid.conf via Diagnostics: Edit file, settingannya berubah lagi kembali seperti semula. Biar bisa ke save gmana caranya?

Mohon Pencerahannya, Thank You..!

NB : Sya juga sudah coba memakai Winscp tetap berubah ke settingan awal [tidak tersave]

cuba ini dibaca dan dipraktekkan
…....
biar konfigurasi squid yang kita benerin sesuka hati gak hilang lagi..coba cek di “/usr/local/pkg” trus cari file namanya “squid.inc” trus edit deh pake editor sesuka hati..kl aku sukanya pake “ee” trus cari dibaris ke 1057 (ini di settingan punya aku loh..) pokoknya cari yang ada kata-kata “file_put_contents(SQUID_CONFBASE . ‘/squid.conf’, $conf);” trus ubah/tambah terserah “squid.conf” menjadi “squid.conf.def” atau nama lain terserah ajalah sesukanya aja…abis itu disimpan aja deh..

trus masuk ke direktori “/usr/local/etc/squid” dan copy file “squid.conf” menjadi file baru yang kamu ubah tadi diatas..udah segitu aja..abis itu langsung deh file “squid.conf”nya di ubah diutak atik dianeh2in sesuka hati…dan tiap kali di reboot, file “squid.conf” pasti gak bakalan berubah ke default lagi..jadi aman deh..

smoga membantu

queues

@kaptenhook:

cuba ini dibaca dan dipraktekkan
…....
biar konfigurasi squid yang kita benerin sesuka hati gak hilang lagi..coba cek di “/usr/local/pkg” trus cari file namanya “squid.inc” trus edit deh pake editor sesuka hati..kl aku sukanya pake “ee” trus cari dibaris ke 1057 (ini di settingan punya aku loh..) pokoknya cari yang ada kata-kata “file_put_contents(SQUID_CONFBASE . ‘/squid.conf’, $conf);” trus ubah/tambah terserah “squid.conf” menjadi “squid.conf.def” atau nama lain terserah ajalah sesukanya aja…abis itu disimpan aja deh..

trus masuk ke direktori “/usr/local/etc/squid” dan copy file “squid.conf” menjadi file baru yang kamu ubah tadi diatas..udah segitu aja..abis itu langsung deh file “squid.conf”nya di ubah diutak atik dianeh2in sesuka hati…dan tiap kali di reboot, file “squid.conf” pasti gak bakalan berubah ke default lagi..jadi aman deh..

smoga membantu

Thanks atas pencerahannya om.. skr sdh bisa tapi Squid, Squid Guard dan Lusca tidak berjalan diservice. saya sdh coba untuk restart pfsensenya tetap gak berjalan.. knp ya?
Hasil system log entries :

Jun 29 08:28:51 php: : filter_generate_address: is not a valid source port.
Jun 29 08:28:52 squid[32026]: Bungled squid.conf line 25: maximum_object_size_in_memory 12.2 KB
Jun 29 08:28:53 php: : filter_generate_address: is not a valid source port.
Jun 29 08:29:00 php: : filter_generate_address: is not a valid source port.
Jun 29 08:29:00 Squid_Alarm[60031]: Squid has exited. Reconfiguring filter.
Jun 29 08:29:00 Squid_Alarm[60125]: Attempting restart…
Jun 29 08:29:00 squid[60944]: Bungled squid.conf line 25: maximum_object_size_in_memory 12.2 KB
Jun 29 08:29:01 php: : filter_generate_address: is not a valid source port.
Jun 29 08:29:03 php: : filter_generate_address: is not a valid source port.
Jun 29 08:29:04 squid[22100]: Bungled squid.conf line 25: maximum_object_size_in_memory 12.2 KB
Jun 29 08:29:05 php: : filter_generate_address: is not a valid source port.
Jun 29 08:29:11 php: : filter_generate_address: is not a valid source port.
Jun 29 08:29:11 Squid_Alarm[49044]: Squid has exited. Reconfiguring filter.
Jun 29 08:29:11 Squid_Alarm[49329]: Attempting restart…
Jun 29 08:29:11 squid[50077]: Bungled squid.conf line 25: maximum_object_size_in_memory 12.2 KB
Jun 29 08:29:13 php: : filter_generate_address: is not a valid source port.
Jun 29 08:29:19 php: : filter_generate_address: is not a valid source port.
Jun 29 08:29:19 Squid_Alarm[15001]: Squid has exited. Reconfiguring filter.
Jun 29 08:29:19 Squid_Alarm[15334]: Attempting restart…
Jun 29 08:29:19 squid[15822]: Bungled squid.conf line 25: maximum_object_size_in_memory 12.2 KB
Jun 29 08:29:20 php: : filter_generate_address: is not a valid source port.
Jun 29 08:31:38 php: : filter_generate_address: is not a valid source port.
Jun 29 08:31:39 squid[20944]: Bungled squid.conf line 25: maximum_object_size_in_memory 12.2 KB
Jun 29 08:31:40 php: : filter_generate_address: is not a valid source port.
Jun 29 08:31:46 php: : filter_generate_address: is not a valid source port.
Jun 29 08:31:46 Squid_Alarm[50828]: Squid has exited. Reconfiguring filter.
Jun 29 08:31:46 Squid_Alarm[51208]: Attempting restart…
Jun 29 08:31:46 squid[51896]: Bungled squid.conf line 25: maximum_object_size_in_memory 12.2 KB
Jun 29 08:31:47 php: : filter_generate_address: is not a valid source port.
Jun 29 08:31:54 php: : filter_generate_address: is not a valid source port.
Jun 29 08:31:54 Squid_Alarm[13392]: Squid has exited. Reconfiguring filter.
Jun 29 08:31:54 Squid_Alarm[13766]: Attempting restart…
Jun 29 08:31:54 squid[14237]: Bungled squid.conf line 25: maximum_object_size_in_memory 12.2 KB
Jun 29 08:31:55 php: : filter_generate_address: is not a valid source port.
Jun 29 08:33:52 php: : filter_generate_address: is not a valid source port.
Jun 29 08:33:53 squid[63506]: Bungled squid.conf line 25: maximum_object_size_in_memory 12.2 KB
Jun 29 08:33:54 php: : filter_generate_address: is not a valid source port.
Jun 29 08:34:01 php: : filter_generate_address: is not a valid source port.
Jun 29 08:34:01 Squid_Alarm[27914]: Squid has exited. Reconfiguring filter.
Jun 29 08:34:01 Squid_Alarm[28485]: Attempting restart…
Jun 29 08:34:01 squid[29432]: Bungled squid.conf line 25: maximum_object_size_in_memory 12.2 KB
Jun 29 08:34:02 php: : filter_generate_address: is not a valid source port.
Jun 29 08:34:08 php: : filter_generate_address: is not a valid source port.
Jun 29 08:34:08 Squid_Alarm[56830]: Squid has exited. Reconfiguring filter.
Jun 29 08:34:08 Squid_Alarm[57185]: Attempting restart…
Jun 29 08:34:08 squid[57984]: Bungled squid.conf line 25: maximum_object_size_in_memory 12.2 KB
Jun 29 08:34:09 php: : filter_generate_address: is not a valid source port.
Jun 29 08:34:13 php: : filter_generate_address: is not a valid source port.
Jun 29 08:34:14 squid[19859]: Bungled squid.conf line 25: maximum_object_size_in_memory 12.2 KB
Jun 29 08:34:15 php: : filter_generate_address: is not a valid source port.
Jun 29 09:06:41 squid[42486]: Squid Parent: child process 21529 exited due to signal 6
Jun 29 09:06:41 squid[42486]: Exiting due to repeated, frequent failures
Jun 29 09:06:44 php: : filter_generate_address: is not a valid source port.
Jun 29 09:06:44 Squid_Alarm[36497]: Squid has exited. Reconfiguring filter.
Jun 29 09:06:44 Squid_Alarm[36838]: Attempting restart…
Jun 29 09:06:44 squid[37830]: Squid Parent: child process 38368 started
Jun 29 09:06:45 squid[38368]: Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time.
Jun 29 09:06:45 squid[37830]: Squid Parent: child process 38368 exited due to signal 6
Jun 29 09:06:45 kernel: pid 38368 (squid), uid 62: exited on signal 6
Jun 29 09:06:46 php: : filter_generate_address: is not a valid source port.
Jun 29 09:06:48 squid[37830]: Squid Parent: child process 52313 started
Jun 29 09:06:48 squid[52313]: Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time.
Jun 29 09:06:48 kernel: pid 52313 (squid), uid 62: exited on signal 6
Jun 29 09:06:48 squid[37830]: Squid Parent: child process 52313 exited due to signal 6
Jun 29 09:06:51 squid[37830]: Squid Parent: child process 56381 started
Jun 29 09:06:51 squid[56381]: Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time.
Jun 29 09:06:51 kernel: pid 56381 (squid), uid 62: exited on signal 6
Jun 29 09:06:51 squid[37830]: Squid Parent: child process 56381 exited due to signal 6
Jun 29 09:06:54 squid[37830]: Squid Parent: child process 57316 started
Jun 29 09:06:55 squid[57316]: Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time.
Jun 29 09:06:55 kernel: pid 57316 (squid), uid 62: exited on signal 6
Jun 29 09:06:55 squid[37830]: Squid Parent: child process 57316 exited due to signal 6
Jun 29 09:06:58 squid[37830]: Squid Parent: child process 58692 started
Jun 29 09:06:58 squid[58692]: Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time.
Jun 29 09:06:58 kernel: pid 58692 (squid), uid 62: exited on signal 6
Jun 29 09:06:58 squid[37830]: Squid Parent: child process 58692 exited due to signal 6
Jun 29 09:06:58 squid[37830]: Exiting due to repeated, frequent failures
Jun 29 09:08:14 sshd[36227]: Accepted keyboard-interactive/pam for admin from 192.168.222.6 port 49601 ssh2
Jun 29 09:09:33 php: : filter_generate_address: is not a valid source port.
Jun 29 09:09:34 squid[43825]: Squid Parent: child process 44055 started
Jun 29 09:09:34 squid[44055]: Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time.
Jun 29 09:09:34 kernel: pid 44055 (squid), uid 62: exited on signal 6
Jun 29 09:09:34 squid[43825]: Squid Parent: child process 44055 exited due to signal 6
Jun 29 09:09:35 php: : filter_generate_address: is not a valid source port.
Jun 29 09:09:37 squid[43825]: Squid Parent: child process 58419 started
Jun 29 09:09:37 squid[58419]: Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time.
Jun 29 09:09:37 kernel: pid 58419 (squid), uid 62: exited on signal 6
Jun 29 09:09:37 squid[43825]: Squid Parent: child process 58419 exited due to signal 6
Jun 29 09:09:40 squid[43825]: Squid Parent: child process 63133 started
Jun 29 09:09:41 squid[63133]: Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time.
Jun 29 09:09:41 squid[43825]: Squid Parent: child process 63133 exited due to signal 6
Jun 29 09:09:41 kernel: pid 63133 (squid), uid 62: exited on signal 6
Jun 29 09:09:44 squid[43825]: Squid Parent: child process 23971 started
Jun 29 09:10:21 check_reload_status: Syncing firewall
Jun 29 09:10:21 check_reload_status: Syncing firewall
Jun 29 09:10:21 php: /pkg_edit.php: process "proxy_monitor.sh" running at "58005 /bin/sh /usr/local/etc/rc.d/proxy_monitor.sh "
Jun 29 09:10:21 php: /pkg_edit.php: process "squid -D" running at "43825 /usr/local/sbin/squid -D "
Jun 29 09:10:21 check_reload_status: Reloading filter
Jun 29 09:10:21 php: /pkg_edit.php: squid config synchronized and squid reconfigured
Jun 29 09:10:25 php: : filter_generate_address: is not a valid source port.

kaptenhook

cuba cek antara squid.conf dengan squid.conf.def (bisa dengan win scp) udah sama atau belum harusnya sama biar semua service bisa berjalan

banyak mencuba akan jadi banyak bisanya, sering sering dicuba nanti akan paham dengan sendirinya

slamat berjuang

orkeys

OK… om saya cek dolo
oh ya om satu lagi pertanyaan... :-*
kemaren sebelum instal ulang aku cek squid dengan tail -f /var/squid/log/access.log berjalan dengan baik

tapi kok sekarang ini jawabannya : ??? ???
tail -f /var/squid/log/access.log: No such file or directory
kenapa log nya tidak terbentuk ya... ??? ???
setelah di lihat dengan winscp memang tidak ada filenya di /var/squid/log/
di proxy server log store directorynya : /var/squid/log

tolong bimbingannya  ;D ;D

tanpa hari tanpa membuka forum tercinta ini

orkeys

problem has been solved…
ternyata masalahnya ada di squid.conf
harus dimasukan manual... dan supaya lebih permanen seperti kata om kambeeng http://forum.pfsense.org/index.php/topic,19032.msg99258.html#msg99258 (thanks om kambeeng) :-*
setelah di ubah dan restart squid.... access.log langsung terbentuk otomatis....
trus saya ketikan tail -f /var/squid/log/access.log  ;D ;D ;D

1309328906.062    21 192.168.54.210 TCP_IMS_HIT/304 203 GET http://images.detik.com/logo_deal_new.png - NONE/- image/png
1309328906.075      9 192.168.54.210 TCP_IMS_HIT/304 244 GET http://images.detik.com/content/koki/detikcom.jpg - NONE/- image/jpeg
1309328906.120      1 192.168.54.210 TCP_IMS_HIT/304 244 GET http://www.detik.com/image/bkg-nav.jpg - NONE/- image/jpeg
1309328906.122    399 192.168.54.210 TCP_MISS/200 14609 GET http://images.detik.com/content/2011/06/29/1034/SPBUCoco-luar.jpg - DIRECT/203.190.242.68 image/jpeg
1309328906.127      1 192.168.54.210 TCP_IMS_HIT/304 244 GET http://www.detik.com/image/bkg-deals.jpg - NONE/- image/jpeg
1309328906.129      1 192.168.54.210 TCP_IMS_HIT/304 243 GET http://www.detik.com/image/bg_number.png - NONE/- image/png
1309328906.143      2 192.168.54.210 TCP_IMS_HIT/304 248 GET http://www.google-analytics.com/ga.js - NONE/- text/javascript
1309328906.248  1051 192.168.54.210 TCP_MISS/200 51305 GET http://images.detik.com/content/2011/06/29/1180/kpop-fest-cvr.JPG - DIRECT/203.190.242.68 image/jpeg
1309328906.318    12 192.168.54.210 TCP_IMS_HIT/304 262 GET http://openx.detik.com/images/gonuklir-875x100.swf - NONE/- application/x-shockwave-flash

kaptenhook

@orkeys:

OK… om saya cek dolo
oh ya om satu lagi pertanyaan... :-*
kemaren sebelum instal ulang aku cek squid dengan tail -f /var/squid/log/access.log berjalan dengan baik

tapi kok sekarang ini jawabannya : ??? ???
tail -f /var/squid/log/access.log: No such file or directory
kenapa log nya tidak terbentuk ya... ??? ???
setelah di lihat dengan winscp memang tidak ada filenya di /var/squid/log/
di proxy server log store directorynya : /var/squid/log

tolong bimbingannya  ;D ;D

cuba screenshot untuk squid.conf di tampilkan, barangkali nanti temen temen bisa membantu

tanpa hari tanpa membuka forum tercinta ini

orkeys

@kaptenhook:

cuba cek antara squid.conf dengan squid.conf.def (bisa dengan win scp) udah sama atau belum harusnya sama biar semua service bisa berjalan

banyak mencuba akan jadi banyak bisanya, sering sering dicuba nanti akan paham dengan sendirinya

slamat berjuang

maksud harus sama gimana om ???  ??? ???
misal saya tambahkan di squid.conf delay pools dan refersh patern…
apakah di squid.conf.def harus terisi juga delay pools dan refersh patern...

thanks jawaban di ats td om  ;).... udah solved om... utk squid.conf saya hampir sama dengan yg saya post http://forum.pfsense.org/index.php/topic,36676.msg195143.html#msg195143 cuman saya hilangkan di custom option : zph nya dan saya tambahkan delay pools tapi delay pools ini yang tidak berjalan dengan baik...

kaptenhook

kalo udah menggunakan squid.conf.def perubahan dan penambahan setingan malah harus dilakukan disitu jadi jangan terbalik, kalo terbalik ya entar pas di restart akan hilang lagi

nb:proxy server akan membaca perintah dari squid.conf.def

orkeys

ok om… thanks pencerahannya... saya test dolo edit di squid.conf.def
mau test delay pools'a limit bandwith pake squid...

tanpa hari tanpa membuka forum tercinta ini

lhypx

waaah kebeneran banget nih, banyak suhu Squid  ;D

ane butuh bantuan banget nih dari senior2 semua. :-[

masalahnya kayak gini, ane itu mahasiswa (mungkin bisa dikategorikan semi abadi) semester akhir yang lagi nyusun proyek akhir, dan proyek akhir yang ane bikin itu berupa server buat sebuah sekolah di daerah ane.

ane sudah coba bangun server dengan komputer yang speknya:

• prosesor Core2Duo 2,93 GHz.
• mem 2 GB
• Harddisk 320 GB.
• 3 interface,
    ~eth0 nyambung ke modem,
    ~eth1 sbg gateway subnetwork A, dengan jumlah kompi 9 buah, dan network addressnya 10.10.1.0/27
    ~eth2 sbg gateway subnetwork B. jumlah kompi 42, dan network addressnya 10.10.2.0/26

konsep server nya kek gini: 
–> server yang ane bikin fungsi utamanya sebagai proxy server dan file server.
--> proxy-nya tipe transparent dan bisa buat ngeblok situs, web cache, dan bandwidth limiter.
--> layanan file server cuma buat subnetwork A

pada [i]rc.local ane gunakan konfig kek gini:
–----------------------------------------------------------------------------------------------------------------
#rc.local
iptables -t nat -A POSTROUTING -s 10.10.1.0/27 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.10.2.0/26 -o eth0 -j MASQUERADE
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j REDIRECT --to-port 3128

dan pada squid.conf, baru bisa kek gini  :-[ :-[ :-[
–----------------------------------------------------------------------------------------------------------------
#squid.conf
http_port 3128 transparent
visible_hostname smaxyz
cache_mgr fikri.nz@gmail.com
cache_dir ufs /var/spool/squid3 500 16 256
coredump_dir /var/spool/squid3

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin ?
acl apache rep_header Server ^Apache
access_log /var/log/squid3/access.log squid
hosts_file /etc/hosts

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl bloksitus dstdomain "/etc/squid3/bloksitus.txt"
acl blokkwd url_regex -i "/etc/squid3/blokkwd.txt"
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny bloksitus
http_access deny blokkwd
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
acl utama src 10.10.1.0/27
acl labor src 10.10.2.0/26
http_access allow localhost
http_access allow utama
http_access allow labor
http_access deny all
http_reply_access allow all
icp_access allow all
always_direct allow all

cache_effective_user kuerk
cache_effective_group kuerk

delay_pools 2

delay_class 1 1
delay_parameters 1 -1/-1
delay_access 1 allow utama
delay_access 1 deny all

delay_class 2 1
delay_parameters 2 64000/128000
delay_access 2 allow labor
delay_access 2 deny all

untuk browsing sih hasilnya lumayan, tapi masalah timbul pas mo ngupdate AVG, gagal mulu  :-[

jadi mohon bantuan dari para sepuh semua, gimana bagusnya konfigurasi squid, konfig rc.local,  dan saran bagi hal-hal lain yang mungkin dianggep kurang cocok.

daaan ... juga gimana dengan konfigurasi samba agar supaya hanya bisa digunakan oleh subnetwork A.
terakhir, mohon maaf banget deh, mungkin post an ane salah kamar ...  :-[ sory banget ya.
dan ... makasih banget deh atas bantuan dan saran dari para sepuh semua.  :)

serangku

untuk update avg lebih ke pattern dan apakah update avg berjalan di port http

detrackmx

@agismaniax:

UPDATE ini squid.conf ane:

Do not edit manually !

http_port 172.16.1.254:3128 transparent
http_port 127.0.0.1:80 transparent
icp_port 0

pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_directory /usr/local/etc/squid/errors/English
icon_directory /usr/local/etc/squid/icons
visible_hostname firewall2.xxx.co.id
cache_mgr admin@xxx.co.id
access_log /var/squid/log/access.log
cache_log /var/squid/log/cache.log
cache_store_log none
logfile_rotate 30
shutdown_lifetime 0 seconds

Allow local network(s) on interface(s)

acl localnet src  172.16.0.0/255.255.0.0
forwarded_for transparent
httpd_suppress_version_string on
uri_whitespace strip
dns_nameservers 202.159.32.2 202.159.33.2 202.158.3.7 202.169.33.220

cache_mem 128 MB

dns_nameservers 202.159.32.2 202.159.33.2 202.158.3.7 202.169.33.220 –> banyak amat ya DNS nya???? ??? ??? ???
ukuran cache_mem 128 MB --> kegedean gan!!!! drop tu performa kalo banyak user yg akses........!!!!!  :'( :'( :'(

queues

Om Kambeeng, Om Serangku, Om Anto_DIGIT, Om grange95, Om KaptenHook serta Om-om Semua yg namnya tidak bisa saya sebutkan satu persatu, mohon om om semua terawang settingan squid lusca saya, Mohon masukan serta sarannya.

$ squidclient -p 80 mgr:info
HTTP/1.0 200 OK
Server: Lusca
Date: Sun, 10 Jul 2011 03:39:40 GMT
Content-Type: text/plain
Expires: Sun, 10 Jul 2011 03:39:40 GMT
X-Cache: MISS from QueueS
Connection: close

Squid Object Cache: Version LUSCA r14850 patched: chudy r14
Start Time: Sun, 10 Jul 2011 02:04:13 GMT
Current Time: Sun, 10 Jul 2011 03:39:40 GMT
Connection information for squid:
Number of clients accessing cache: 2
Number of HTTP requests received: 12237
Number of ICP messages received: 0
Number of ICP messages sent: 0
Number of queued ICP replies: 0
Request failure ratio: 0.00
Average HTTP requests per minute since start: 128.2
Average ICP messages per minute since start: 0.0
Select loop called: 525913 times, 10.889 ms avg
Cache information for squid:
Request Hit Ratios: 5min: 10.5%, 60min: 9.3%
Byte Hit Ratios: 5min: 0.4%, 60min: 44.2%
Request Memory Hit Ratios: 5min: 0.0%, 60min: 11.0%
Request Disk Hit Ratios: 5min: 11.2%, 60min: 41.5%
Storage Swap size: 177098 KB
Storage Mem size: 10436 KB
Mean Object Size: 60.05 KB
Requests given to unlinkd: 0
Median Service Times (seconds)  5 min    60 min:
HTTP Requests (All):   0.25890  0.25890
Cache Misses:          0.27332  0.25890
Cache Hits:            0.00815  0.00767
Near Hits:             0.01469  0.01469
Not-Modified Replies:  0.00286  0.00286
DNS Lookups:           2.34641  2.34641
ICP Queries:           0.00000  0.00000
Resource usage for squid:
UP Time: 5726.680 seconds
CPU Time: 97.324 seconds
CPU Usage: 1.70%
CPU Usage, 5 minute avg: 2.01%
CPU Usage, 60 minute avg: 1.82%
Process Data Segment Size via sbrk(): 0 KB
Maximum Resident Size: 35716 KB
Page faults with physical i/o: 0
Memory accounted for:
Total accounted:        12487 KB
memPoolAlloc calls: 2099480
memPoolFree calls: 2046627
File descriptor usage for squid:
Maximum number of file descriptors:   11095
Largest file desc currently in use:     81
Number of file desc currently in use:   35
Files queued for open:                   0
Available number of file descriptors: 11060
Reserved number of file descriptors:   100
Store Disk files open:                   1
IO loop method:                     kqueue
Internal Data Structures:
 3009 StoreEntries
 1783 StoreEntries with MemObjects
 1778 Hot Object Cache Items
 2949 on-disk objects

Squid.conf

Do not edit manually !

http_port 172.22.11.78:3128 transparent
http_port 127.0.0.1:80 transparent
icp_port 3131

pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_directory /usr/local/etc/squid/errors/English
icon_directory /usr/local/etc/squid/icons
visible_hostname QueueS
cache_mgr QueueS@live.com
access_log /var/squid/log/access.log
cache_log /var/squid/log/cache.log
cache_store_log none
logfile_rotate 2
shutdown_lifetime 30 seconds

Allow local network(s) on interface(s)

acl localnet src  172.22.11.0/255.255.255.0
via off
httpd_suppress_version_string on
uri_whitespace strip
dns_nameservers 127.0.0.1

cache_mem 8 MB
maximum_object_size_in_memory 8 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA

cache_dir aufs /var/squid/cache 9200 16 256
minimum_object_size 0 KB
maximum_object_size 256 MB
offline_mode off
cache_swap_low 90
cache_swap_high 95

No redirector configured

Setup some default acls

acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 81 3128 1025-65535
acl sslports port 443 563 81
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl mallware url_regex "/usr/local/etc/squid/mallware.url"
acl conficker url_regex "/usr/local/etc/squid/conficker.url"
acl partialcontent_req req_header Range .*
#acl dynamic urlpath_regex cgi-bin ?
include /usr/local/etc/squid/include.conf
acl allowed_subnets src 172.22.11.0/24
#cache deny dynamic
http_access allow manager localhost

http_access deny mallware
http_access deny conficker
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports

Always allow localhost connections

http_access allow localhost

quick_abort_min 32 KB
quick_abort_max 128 KB
quick_abort_pct 75
range_offset_limit 0 MB
request_body_max_size 0 allow all
reply_body_max_size 0 deny all

Custom options

zph_mode tos
zph_local 0x04
zph_parent 0
zph_option 136
redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf
redirector_bypass on
redirect_children 3

Allow local network(s) on interface(s)

http_access allow localnet
http_access allow allowed_subnets

Default block all to be sure

http_access deny all

Spesifikasi Hardware

Mesin :Intel(R) Pentium(R) 4 CPU 2.26GHz
Tangki : HDD IDE MAXTOR 20G
Oli : DDR1 1024 M
Bensin : Speedy 512Kbps

ragile

@kaptenhook:

kalo udah menggunakan squid.conf.def perubahan dan penambahan setingan malah harus dilakukan disitu jadi jangan terbalik, kalo terbalik ya entar pas di restart akan hilang lagi

nb:proxy server akan membaca perintah dari squid.conf.def

Ditempat saya kok yang harus dioprek di squid.conf-nya ya?? kalo saya oprek yanng squid.conf.def malah gak pengaruh perubahannya setelah di reboot. Apa ada yang salah???

kaptenhook

@ragile:

@kaptenhook:

kalo udah menggunakan squid.conf.def perubahan dan penambahan setingan malah harus dilakukan disitu jadi jangan terbalik, kalo terbalik ya entar pas di restart akan hilang lagi

nb:proxy server akan membaca perintah dari squid.conf.def

Ditempat saya kok yang harus dioprek di squid.conf-nya ya?? kalo saya oprek yanng squid.conf.def malah gak pengaruh perubahannya setelah di reboot. Apa ada yang salah???

Begini om @ragile
Sebagai contoh ini aja
Di pfsense bagian cache managemen peletakan hardisk lebih dari dua misalkan kita mau menggunakan hardisk 3 ato 4 ato 5 buat cache itu tidak ada tempatnya bukan, naaa maka dari itu kita harus merubah peletakan hardisknya di squid.conf.def

Karena keterbatasan yang ada di pfsense, squid.confnya begini
Ex:

cache_dir coss /cache0/coss 10000 max-size=8192 block-size=1024
cache_dir aufs /cache1 /cache2 40960 16 256 min-size=8192

dan ini squid anda tidak akan berjalan alias stoped…. Atau misalkan mau jalan maka jalannya akan pincang karena cache2 pasti tidak akan terisi miss/hit

Naaaa bagaimana biar squidnya berjalan maka pengaturan peletakan hardisknya di buat di squid.conf dengan cara sbb

cache_dir coss /cache0/coss 10000 max-size=8192 block-size=1024
cache_dir aufs /cache1 40960 16 256 min-size=8192
cache_dir aufs /cache2 40960 16 256 min-size=8192

dengan adanya squid.conf.def maka perubahan yang dilakukan di squid.conf menjadi permanent dan walaupun di restart tidak akan hilang

jadi intinya antara squid.conf dan squid.conf.def adalah sama tapi tidak serupa

maaf mungkin bahasa saya kurang jelas, maklum saya bukan guru dan masih banyak belajar juga di sini,
lha wong saya ini angler man kok disuruh utak atik squid ya agak bingung juga kalo cumi cumi saya mah paham, enak dibuat lauk

serangku

kayak iklan aja …

dasar cumi ...
[cuma mimpi]
[cuma minjem]
[cuma2 makan]

OOT deh …  ;D
Ampun DJ ... ;)

agismaniax

@detrackmx:

dns_nameservers 202.159.32.2 202.159.33.2 202.158.3.7 202.169.33.220 –> banyak amat ya DNS nya???? ??? ??? ???
ukuran cache_mem 128 MB --> kegedean gan!!!! drop tu performa kalo banyak user yg akses........!!!!!  :'( :'( :'(

sejauh ini belum tuh gan… lagian memory pfsense ane 1GB... ntar dikecilin kalau memory usage-nya makin membesar.

UPDATE
Baca FAQ ini gan http://wiki.squid-cache.org/SquidFaq/SquidMemory#What_can_I_do_to_reduce_Squid.27s_memory_usage.3F

TOTALS
ICP : 0 Queries, 0 Hits (  0%)
HTTP: 209982 Requests, 61388 Hits ( 29%)

Squid Object Cache: Version LUSCA r14850 patched: chudy r14
Start Time:     Thu, 14 Jul 2011 02:04:20 GMT
Current Time:   Thu, 14 Jul 2011 08:17:14 GMT
Connection information for squid:
        Number of clients accessing cache:      103
        Number of HTTP requests received:       211481
        Number of ICP messages received:        0
        Number of ICP messages sent:    0
        Number of queued ICP replies:   0
        Request failure ratio:   0.00
        Average HTTP requests per minute since start:   567.1
        Average ICP messages per minute since start:    0.0
        Select loop called: 4268522 times, 5.242 ms avg

Median Service Times (seconds)  5 min    60 min:
        HTTP Requests (All):   0.04047  0.03427
        Cache Misses:          0.04277  0.06640
        Cache Hits:            0.00598  0.01469
        Near Hits:             0.04277  0.02899
        Not-Modified Replies:  0.00179  0.00767
        DNS Lookups:           0.01046  0.01852
        ICP Queries:           0.00000  0.00000
Resource usage for squid:
        UP Time:        22598.190 seconds
        CPU Time:       1639.421 seconds
        CPU Usage:      7.25%
        CPU Usage, 5 minute avg:        4.13%
        CPU Usage, 60 minute avg:       3.77%
        Process Data Segment Size via sbrk(): 0 KB
        Maximum Resident Size: 184628 KB
        Page faults with physical i/o: 0

# Custom options
refresh_pattern ([^.]+.|)(download|(windows|)update|).(microsoft.|)com/.*.(cab|exe|msi|msp) 4320 100% 43200 reload-into-ims
refresh_pattern ([^.]+.|)avg.com/.*.(bin) 4320 100% 43200 reload-into-ims
refresh_pattern ([^.]+.|)symantecliveupdate.com/.*.(zip|exe|jdb|xdb) 43200 100% 43200 reload-into-ims
refresh_pattern ([^.]+.|)avast.com/.*.(vpu|vpaa|vpx) 4320 100% 43200 reload-into-ims
refresh_pattern ([^.]+.|)avira.de/.*.(vdf|ivdf|zip) 4320 100% 43200 reload-into-ims
refresh_pattern ([^.]+.|)adobe.com/.*.(exe|msi) 4320 100% 43200 reload-into-ims

positive_dns_ttl 1 hours
negative_dns_ttl 5 minutes
memory_pools off
memory_pools_limit 64MB

redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf
redirector_bypass on
redirect_children 3

kmrn berkutat dengan masalah si lusca yg nyedot bw gara2 ada client yg abort windows update berulang kali, tapi si lusca malah tetep nyedot dari server asal.

btw, mau nanya dong…
gimana cara buat ACL di squid-nya pfsense?
kalau dari squid.conf-nya langsung apakah ada pengaruhnya ke webgui di paket proxy server pfsense?
rencananya mau menggunakan tcp_outgoing_address yg berbeda utk beberapa subnet.

serangku

begini om yang doyab cumi [om jg doyan] …  ;D

kalo mo setting macem2 squid conf nya di pfsense ada 2 versi

1. versi official
silakan oprek2 di squid.xml nya
atau buatkan file tersendiri utk settingan khusus, kemudian di dalam squid.xml dipanggil dengan menambahkan include

2. versi lusca chuddy
lebih mudah karena sudah dibuat file tersendiri tidak perlu masuk ke xml nya
berenang saja ke dalemannya pfsense dengan winscp
obrak-abrik deh ...

nah ... kalo diatas ada yg kudu masuk ke def atau lainnya
om belum tahu kl itu juga bisa, apa bisa yah ?
jangan rubah setting di squid.conf nya langsung
percuma, setiap reboot akan kembali ke default

semoga bisa membantu

agismaniax

mau memastikan… begitu pfsense start, config.xml akan create ulang squid.conf, lalu squid binary akan menggunakan squid.conf tersebut.
nah squid.conf.default itu dipakai setelah squid.conf dipanggil atau sebelumnya?  ???