Squid
-
ini lagi ngaco banget !!!
emang bisa proxy di forward ke proxy lagi ????yang bisa itu, proxymu di parent ke proxy telkom, jangan bermain forwarding di pf, jaka sembung baca bobo, gak nyambung bo…:)
tambahin di squid .inc
cache_peer proxies.telkom.net.id parent 8080 3130 no-query connect-timeout=10 no-digest no-netdb-exchange default
cache_peer 202.134.0.135 sibling 8080 3130 round-robin no-query connect-timeout=10 no-digest no-netdb-exchangedari nubie
bisa mas
bikin di Firewall NAT
di interface : WAN
external address nya : any
protocol : TCP
External port range : 8080
NAT IP : 192.168.0.x
Local port : 3128ntar kalo user warnet pake proxy free high anynomous proxy 8080
lansung ke forward ke proxy pfsense saya.
jadi ngga ke bypass squid nyasyntax yang kamu buat salah,
bukan di interface WAN, tapi di LAN,kalau tujuannya memfoward request destination port 8080 dari client (LAN) di forward ke port proxy kamu
itu artinya, bukan proxy di forward ke proxy lagi, tapi memfilter setiap destinatoin port 8080 di forward ke port proxymu,
di proxy servers freebsd yang pernah saya install (bukan pfsense) dengan user > 2000 client, sy paksa semua client ke proxy, jadi port2 proxy yang bertebaran di free proxy dr mulai port 80,3128,8000,8181,8080 dst saya paksa ke port 3128,
trus yang parah lagi punyamu, kenapa port 443/https di forward juga ke proxy?
ini sungguh lucu bagi seorang administrator jaringan,
developer squid sendiri sangat menghindari https utk di cache.kamu ngerti enggak definisi https ?
dan ngerti enggak definisi proxy ? -
ini lagi ngaco banget !!!
emang bisa proxy di forward ke proxy lagi ????yang bisa itu, proxymu di parent ke proxy telkom, jangan bermain forwarding di pf, jaka sembung baca bobo, gak nyambung bo…:)
tambahin di squid .inc
cache_peer proxies.telkom.net.id parent 8080 3130 no-query connect-timeout=10 no-digest no-netdb-exchange default
cache_peer 202.134.0.135 sibling 8080 3130 round-robin no-query connect-timeout=10 no-digest no-netdb-exchangedari nubie
bisa mas
bikin di Firewall NAT
di interface : WAN
external address nya : any
protocol : TCP
External port range : 8080
NAT IP : 192.168.0.x
Local port : 3128ntar kalo user warnet pake proxy free high anynomous proxy 8080
lansung ke forward ke proxy pfsense saya.
jadi ngga ke bypass squid nyasyntax yang kamu buat salah,
bukan di interface WAN, tapi di LAN,kalau tujuannya memfoward request destination port 8080 dari client (LAN) di forward ke port proxy kamu
itu artinya, bukan proxy di forward ke proxy lagi, tapi memfilter setiap destinatoin port 8080 di forward ke port proxymu,
di proxy servers freebsd yang pernah saya install (bukan pfsense) dengan user > 2000 client, sy paksa semua client ke proxy, jadi port2 proxy yang bertebaran di free proxy dr mulai port 80,3128,8000,8181,8080 dst saya paksa ke port 3128,
trus yang parah lagi punyamu, kenapa port 443/https di forward juga ke proxy?
ini sungguh lucu bagi seorang administrator jaringan,
developer squid sendiri sangat menghindari https utk di cache.kamu ngerti enggak definisi https ?
dan ngerti enggak definisi proxy ?mas… mas... jgn dimarahin dong...
saya kan newbie bukan network administrator di perusahan besar kayak airputih nya mas
saya install di warnet saya aja..
saya baru semester 1 di TI univ putra indonesia
jadi santai aja mas.saya baca tutorial di
http://agngwb.blogspot.com/2008/08/setting-multi-speedy-dgn-pf-sense.html
jadi kalo soal https yang di cache tanya sama mas agung yg bikin blog itu
saya cuman ngikutin artikel nya diakalo bikin di interface LAN ngga jalan
thanks bgt si mas mau bantu tapi cara nulis posting nya saya ngga suka
disini saya belajar mas.. tanya jawab,.. bukan tes ilmu.. -
saya juga gak suka postinganmu disini :
http://forum.pfsense.org/index.php?topic=19905.msg102584#msg102584
jadi saya mohon maaf ya …
mengenai port 443 di paksa ke port squid, itu berbahaya, bagi yang iseng, user & pass utk login (email, forum) bisa disniff, di squid sudah ada metode menbypassnya, dengan acl CONNECT method CONNECT
bahkan chat (YM, MSN, dll) bisa di paksa ke proxy,
ini sangat tidak etis bagi kenyamanan client, kecuali kita mau mengobok2 privacy client.
soalnya saya pernah punya kasus dengan hal ini, di suruh ngelog chat, dan log chatnya di kasih ke seseorang, eh yang di salahin saya sama pacarnya, shit !!!!! -
@chiboik, benarkan link anda yang dirujuk om grage95 jika tidak ingin disalahkan orang lain.
-
maap,
ane bingung ma bro chiboik,
napa kudu ngforward port2 443 8080 ke proxy juga?
kalo ente maenan transparent, kudunya ini ga perlu…. malahan jadinya ngribetin. apalagi cumin kapasitas warnet, rasanya jadi aneh bro....ato, karena 443 memang di proxykan untuk kek webmail gmail, yahoo etc di login page nya??? ntaran nya malah aneh loh brow, suka masalah di cookie expired nya... CMIIW
-
Nuwun sewu Kanda-kanda, Q punya masalah dengan Cache_peer untuk akses ICP ke Pfsense,
Saya punya 2 server Pakai Pfsense 1.2.3 RC3, squid-2.6.21 semua.terus Aku pingin server pfsense itu Q jadikan sibling dari server satunya :
Pfsense Utama 2 NIC :
- WAN interface (rl0) : 192.168.0.2- ke speedy1
- LAN interface (re0) : 192.168.1.1 - client(HUB)
Squid.conf :
http_port 192.168.1.1:3128
http_port 127.0.0.1:80 transparent
icp_port 3130acl hotspot src 192.168.1.200
icp_access allow hotspot
miss_access allow hotspot==========================
Pfsense kedua 3 NIC :- WAN interface (rl0) : 192.168.3.2 - ke speedy2
- LAN interface (re0) : 192.168.4.1 - client
- lansibling interface (fxp0) : 192.168.1.200 - untuk sibling ke server utama ( LAN interface (re0) : 192.168.1.1 - client(HUB))
Squid.conf :
http_port 192.168.4.1:3128
http_port 127.0.0.1:80 transparent
icp_port 3130cache peer
cache_peer 192.168.1.1 sibling 3128 3130 no-digest no-netdb-exchange
======
Tapi kok tidak bisa ada DEAD SIBLING 192.168.1.1 ??? ??? ??? -
confignya sih bener,
coba di trace satu2
1. test services icp jalan enggak, dengan telnet ke port 3130 atau cek portnya udah listen belum netstat -a -n | egrep 'Proto|LISTEN'
2. cek firewall apakah ngeblok port icp (nmap localhost)
3. cek rules dengan command pfctl -sr | grep 3130
4. cek dari pfsense parents peer squidclient -p 3128 cache_object://localhost/config | grep -i icp
5. cek dari pfsense client peer: squidclient -p 3128 cache_object://localhost/server_list -
confignya sih bener,
coba di trace satu2
1. test services icp jalan enggak, dengan telnet ke port 3130 atau cek portnya udah listen belum netstat -a -n | egrep 'Proto|LISTEN'
2. cek firewall apakah ngeblok port icp (nmap localhost)
3. cek rules dengan command pfctl -sr | grep 3130
4. cek dari pfsense parents peer squidclient -p 3128 cache_object://localhost/config | grep -i icp
5. cek dari pfsense client peer: squidclient -p 3128 cache_object://localhost/server_listOke Om grage95 tak coba dulu,.,., wah berjuang ternyata banyak yang membantu :D :D
-
thankyu Om Grage95, Hasilnya mknyussssss,.,., muanteb,.,.,., ha ha ha
hasilnya : Q peer 2 server sekaligus Server SMK n SMA Wuih,.,., aksesnya jadi Tlushurrrrrrr,.,.,tlushurrr,.,.,.257702244.098 545 192.168.4.224 TCP_MISS/200 5704 GET http://www.friendster.com/ - FIRST_PARENT_MISS/192.168.66.1 text/html
1257702244.422 3 192.168.4.224 TCP_MISS/403 3180 GET http://images.friendster.com/images/friendster2.ico - SIBLING_HIT/192.168.1.1 text/html
1257702244.503 3 192.168.4.224 TCP_MISS/403 3254 GET http://images.friendster.com/images/lib/yui-260/build/yahoo-dom-event/yahoo-dom-event.js - SIBLING_HIT/192.168.1.1 text/html
1257702244.615 6 192.168.4.224 TCP_MISS/403 3238 GET http://images.friendster.com/images/lib/yui-260/build/animation/animation-min.js - SIBLING_HIT/192.168.1.1 text/html
1257702244.655 3 192.168.4.224 TCP_MISS/403 3242 GET http://images.friendster.com/images/lib/yui-260/build/connection/connection-min.js - SIBLING_HIT/192.168.1.1 text/html
1257702244.725 3 192.168.4.224 TCP_MISS/403 3218 GET http://images.friendster.com/images/lib/yui-260/build/json/json-min.js - SIBLING_HIT/192.168.1.1 text/html
1257702244.772 3 192.168.4.224 TCP_MISS/403 3242 GET http://images.friendster.com/images/lib/yui-260/build/datasource/datasource-min.js - SIBLING_HIT/192.168.1.1 text/html
1257702244.808 3 192.168.4.224 TCP_MISS/403 3250 GET http://images.friendster.com/images/lib/yui-260/build/autocomplete/autocomplete-min.js - SIBLING_HIT/192.168.1.1 text/html
1257702245.148 3 192.168.4.224 TCP_MISS/403 3174 GET http://images.friendster.com/images/btn-lt_2.png - SIBLING_HIT/192.168.1.1 text/html
1257702245.150 3 192.168.4.224 TCP_MISS/403 3174 GET http://images.friendster.com/images/btn-rt_2.png - SIBLING_HIT/192.168.1.1 text/html
1257702245.612 98 192.168.4.224 TCP_MISS/200 442 GET http://images.friendster.com/images/uncacheable.gif - FIRST_PARENT_MISS/192.168.66.1 image/gif
1257702245.776 203 192.168.4.224 TCP_MISS/200 1896 GET http://www.google-analytics.com/ga.js - PARENT_HIT/192.168.66.1 text/html
1257702245.936 3 192.168.4.224 TCP_MISS/403 3180 GET http://images.friendster.com/images/friendster2.ico - SIBLING_HIT/192.168.1.1 text/htmlMuanteeeeeeebbbbbbbbbbb,.,.,
-
mantaf
PARENT_HIT/192.168.66.1
SIBLING_HIT/192.168.1.1ya cepetlah, kan masih dalam network lokal (gak ngambil langsung ke origin server)
silahkan di buat tutorialnya, share ke rekan2 lainnya disini, apa itu sibling apa itu parent, bagaimana topolog dan config squidnya
btw sampe saat ini saya belum bisa oprek pfsense + squid zph (zero pinalty hit), kalau squidnya sih sudah jalan zph-nya (squid2.7.7 dan lusca1.4 sudah support zph), menggabungkan squid + pf / squid+ipfw di freebsd sudah bisa jalan, bisa dengan pf (altq)/ipfw (dummynet)
zph itu paket yang sudah di cahce (hit) akan di mark (di tandai dengan nilai tertentu,misal 0x30 dan jika di hubungkan dengan bandwith shaper bisa masukkan ke bandwith yang lebih tinggi dengan menangkap paket yang dimark tadi, jadi client browsing nyaman tidak tercekek limit bandwith, kan sayang browsing yang sudah di hit masa di limit kecil (di freebsd saya buat limitnya utk zph ini 20Mbps :) )malah di lusca sudah ada option zph hit utk cache_peer, lebih mantabb (double B ) dan maknyuss ..
duh siapa ya yang sudah berhasil oprek zph di pfsense
-
Oke OM ntar Q buat tutornya,.,.
Wah,.,. ada lagi ada lagi,.,., ZPH khusus untuk 2.7.7 ya OM grage95 ??? waduh tutornya Om,.,. tapi squid Q squid-2.6.21 semua kalau di update ke squid2.7.7 dan lusca1.4 musti clear cache yg udah ada ya OM? :-[
-
Oke OM ntar Q buat tutornya,.,.
Wah,.,. ada lagi ada lagi,.,., ZPH khusus untuk 2.7.7 ya OM grage95 ??? waduh tutornya Om,.,. tapi squid Q squid-2.6.21 semua kalau di update ke squid2.7.7 dan lusca1.4 musti clear cache yg udah ada ya OM? :-[
[/quote]yups ZPH sudah support di squid-2.7.xx dan lusca-1.xx
di squid.conf cukup ditambah :
zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136cara ngecek bahwa paket sudah ditandai dengan command tcpdump -nvi fxp0 |grep 'tos 0x30'
untuk update dari squid-2.6.xx ke squid-2.7.xx/ lusca1.xx tidak usah clear cache jika file sytemnya tetep sama (ex:aufs to aufs), kalau di hapus sayang banget, cukup dengan rebuild cache squid -z nanti si squid akan menyesauiakan meta data sesuai dengan binary squid baru
-
halo.. salam kenal…
aku sudah install lusca d pfsense aku...
tapi setelah beberapa minggu saat aku #squidclient mgr:info hasilnya..…..........................................
Connection information for squid:
Number of clients accessing cache: 0
Number of HTTP requests received: 75360
Number of ICP messages received: 0
Number of ICP messages sent: 0
Number of queued ICP replies: 0
Request failure ratio: 0.00
Average HTTP requests per minute since start: 129.5
Average ICP messages per minute since start: 0.0
Select loop called: 1497728 times, 23.320 ms avg
Cache information for squid:
Request Hit Ratios: 5min: 6.4%, 60min: 18.0%
Byte Hit Ratios: 5min: -511.2%, 60min: -78.8%
Request Memory Hit Ratios: 5min: 76.5%, 60min: 63.1%
Request Disk Hit Ratios: 5min: 11.8%, 60min: 16.4%
Storage Swap size: -636084972 KB
Storage Mem size: 103100 KB
Mean Object Size: -22223.64 KB
Requests given to unlinkd: 0
….........dst.mengapa Byte hit ratio aku bisa mencapai min segitu besar... smpe2 berpengaruh di Storage swap size dan mean object size??
tolong dong bgmn solusinya.... :) -
coba paste kesini confignya
squidclient mgr:config > /tmp/squid.config
paste hasil /tmp/squid.config kesini dan berapa ram fisik yang dipasang di server squid
ini saya paste di salah satu warnet dengan lusca.1.4, p3,ram 256, cache_dir 4Gb, baru di install 5 hari lalu
Cache information for squid:
Request Hit Ratios: 5min: 0.0%, 60min: 45.7%
Byte Hit Ratios: 5min: 0.0%, 60min: 6.7%
Request Memory Hit Ratios: 5min: 0.0%, 60min: 1.8%
Request Disk Hit Ratios: 5min: 0.0%, 60min: 84.5%
Storage Swap size: 3426750 KB
Storage Mem size: 6088 KB
Mean Object Size: 8.31 KB0,0% lagi sepi, jam 24.00 warnet sudah tutup, tapi sejam sbelumnya masih ada kegiatan akses
-
coba paste kesini confignya
squidclient mgr:config > /tmp/squid.config
paste hasil /tmp/squid.config kesini dan berapa ram fisik yang dipasang di server squid
ini saya paste di salah satu warnet dengan lusca.1.4, p3,ram 256, cache_dir 4Gb, baru di install 5 hari lalu
Cache information for squid:
Request Hit Ratios: 5min: 0.0%, 60min: 45.7%
Byte Hit Ratios: 5min: 0.0%, 60min: 6.7%
Request Memory Hit Ratios: 5min: 0.0%, 60min: 1.8%
Request Disk Hit Ratios: 5min: 0.0%, 60min: 84.5%
Storage Swap size: 3426750 KB
Storage Mem size: 6088 KB
Mean Object Size: 8.31 KB0,0% lagi sepi, jam 24.00 warnet sudah tutup, tapi sejam sbelumnya masih ada kegiatan akses
ini hasil squidclient mgr:config aku…
memory fisik server 1GB, Proc P4, HDD WD 160GB SATAHTTP/1.0 200 OK Server: Lusca/LUSCA_HEAD Date: Wed, 11 Nov 2009 06:02:53 GMT Content-Type: text/plain Expires: Wed, 11 Nov 2009 06:02:53 GMT X-Cache: MISS from proxy.kitmor16.net X-Cache-Lookup: MISS from proxy.kitmor16.net:80 Via: 1.0 proxy.pfsense:80 (Lusca/LUSCA_HEAD) Connection: close authenticate_cache_garbage_interval 3600 seconds authenticate_ttl 3600 seconds authenticate_ip_ttl 0 seconds authenticate_ip_shortcircuit_ttl 0 seconds acl localnet src 192.168.11.0/255.255.255.224 acl to_localnet dst 192.168.11.0/255.255.255.224 acl all src 0.0.0.0/0.0.0.0 acl localhost src 127.0.0.1 acl safeports port 21 acl safeports port 80 acl safeports port 70 acl safeports port 210 acl safeports port 280 acl safeports port 443 acl safeports port 488 acl safeports port 563 acl safeports port 591 acl safeports port 631 acl safeports port 667 acl safeports port 777 acl safeports port 901 acl safeports port 81 acl safeports port 3128 acl safeports port 1025-65535 acl sslports port 443 acl sslports port 563 acl sslports port 81 acl manager proto cache_object acl purge method PURGE acl connect method CONNECT acl apache rep_header Server ^Apache acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9] acl QUERY urlpath_regex cgi-bin acl QUERY urlpath_regex \? acl QUERY urlpath_regex .jsp acl QUERY urlpath_regex \?.js acl QUERY urlpath_regex cgi-bin acl QUERY urlpath_regex to_localnet acl snmppublic snmp_community public acl snmp_hosts src 127.0.0.1 acl download url_regex \.exe$ acl download url_regex \.mp3$ acl download url_regex \/(get_video|videoplayback\?id|videoplayback.*id) acl download url_regex \.3gp$ acl download url_regex \.gz$ acl download url_regex \.rar$ acl download url_regex \.flv$ acl download url_regex \.mp4$ acl download url_regex \.tar.gz$ acl download url_regex \.tar.bz2$ acl download url_regex \.rpm$ acl download url_regex \.zip$ acl download url_regex \.avi$ acl download url_regex \.mpg$ acl download url_regex \.mpeg$ acl download url_regex \.rm$ acl download url_regex \.iso$ acl download url_regex \.wav$ acl download url_regex \.mov$ acl download url_regex \.dat$ acl download url_regex \.mpe$ acl download url_regex \.mid$ acl download url_regex \.midi$ acl download url_regex \.rmi$ acl download url_regex \.wma$ acl download url_regex \.wmv$ acl download url_regex \.ogg$ acl download url_regex \.ogm$ acl download url_regex \.m1v$ acl download url_regex \.mp2$ acl download url_regex \.mpa$ acl download url_regex \.wax$ acl download url_regex \.m3u$ acl download url_regex \.asx$ acl download url_regex \.wpl$ acl download url_regex \.wmx$ acl download url_regex \.dvr-ms$ acl download url_regex \.snd$ acl download url_regex \.au$ acl download url_regex \.aif$ acl download url_regex \.asf$ acl download url_regex \.m2v$ acl download url_regex \.m2p$ acl download url_regex \.ts$ acl download url_regex \.tp$ acl download url_regex \.trp$ acl download url_regex \.div$ acl download url_regex \.divx$ acl download url_regex \.mod$ acl download url_regex \.vob$ acl download url_regex \.aob$ acl download url_regex \.dts$ acl download url_regex \.ac3$ acl download url_regex \.cda$ acl download url_regex \.vro$ acl download url_regex \.deb$ acl admin src 192.168.11.2-192.168.11.3 acl store_rewrite_list urlpath_regex \/(get_video|videoplayback\?id|videoplayback.*id) acl store_rewrite_list urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|mp(4|3)|exe|msi|zip|on2|mar)(\=|\?|\;\&)+ acl store_rewrite_list_domain url_regex ^http:\/\/([A-Za-z-]+[0-9]+)*\.[A-Za-z]*\.[A-Za-z]* acl store_rewrite_list_domain url_regex (([a-z]{1,2}[0-9]{1,3})|([0-9]{1,3}[a-z]{1,2}))\.[a-z]*[0-9]?\.[a-z]{3} acl store_rewrite_list_path urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|avc|zip|mp3|3gp|rar|on2|mar)$ acl store_rewrite_list_domain_CDN url_regex ^http:\/\/[a-z]+[0-9]\.google\.co(m|\.uk) acl store_rewrite_list_domain_CDN url_regex \.doubleclick\.net.*ord\= acl store_rewrite_list_domain_CDN url_regex \.rapidshare\.com.*\/[0-9]*\/.*\/[^\/]* acl store_rewrite_list_domain_CDN url_regex ^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*) acl store_rewrite_list_domain_CDN url_regex ^http:\/\/[.a-z0-9]*\.photobucket\.com.*\.[a-z]{3}$ acl rapidurl url_regex \.rapidshare\.com.*\/[0-9]*\/[0-9]*\/[^\/]* acl video urlpath_regex \.((mpeg|ra?m|avi|mp(g|e|4)|mov|divx|asf|qt|wmv|m\dv|rv|vob|asx|ogm|flv|3gp)(\?.*)?)$ acl video urlpath_regex (get_video\?|videoplayback\?|videodownload\?|\.flv(\?.*)?) acl html url_regex \.((html|htm|php|js|css|aspx)(\?.*)?)$ acl html url_regex \.com\/$ acl html url_regex \.com$ acl images urlpath_regex \.((jp(e?g|e|2)|gif|png|tiff?|bmp|ico)(\?.*)?)$ acl dontrewrite url_regex [a-z0-9]{3}\.photobucket\.com acl dontrewrite url_regex redbot\.org http_access Allow manager localhost http_access Deny manager http_access Allow purge localhost http_access Deny purge http_access Deny !safeports http_access Deny connect !sslports http_access Allow localhost http_access Allow localnet http_access Deny all http_reply_access Allow all icp_access Deny all reply_body_max_size 0 Allow all http_port 192.168.11.1:80 transparent protocol=http http_port 127.0.0.1:3128 transparent protocol=http zph_mode off zph_local 0 zph_sibling 0 zph_parent 0 zph_option 136 dead_peer_timeout 10 seconds hierarchy_stoplist cgi-bin hierarchy_stoplist ? hierarchy_stoplist .js hierarchy_stoplist .jsp cache_mem 268435456 bytes maximum_object_size_in_memory 32768 bytes memory_replacement_policy heap GDSF cache_replacement_policy heap LFUDA cache_dir aufs /cache1/squidcache 6000 16 256 max-size=65556 cache_dir aufs /cache2/squidcache 12000 18 256 min-size=65556 cache_dir aufs /cache3/squidcache 12000 18 256 min-size=65556 store_dir_select_algorithm least-load max_open_disk_fds 0 minimum_object_size 0 bytes maximum_object_size 104857600 bytes cache_swap_low 98 cache_swap_high 99 update_headers off access_log /dev/null logfile_daemon /usr/local/libexec/squid/logfile-daemon cache_log /var/squid/log/cache.log cache_store_log none logfile_rotate 2 emulate_httpd_log off log_ip_on_direct on mime_table /usr/local/etc/squid/mime.conf log_mime_hdrs off pid_filename /var/run/squid.pid debug_options ALL,1 log_fqdn off client_netmask 255.255.255.255 strip_query_terms off buffered_logs off netdb_filename /usr/local/squid/logs/netdb.state ftp_user Squid@ ftp_list_width 32 ftp_passive on ftp_sanitycheck on ftp_telnet_protocol on ufs_log_build_program /usr/local/libexec/squid/ufs_rebuild coss_log_build_program /usr/local/libexec/squid/coss_rebuild diskd_program /usr/local/libexec/squid/diskd-daemon unlinkd_program /usr/local/libexec/squid/unlinkd storeurl_rewrite_program /usr/local/etc/squid/storeurl.pl storeurl_rewrite_children 4 storeurl_rewrite_concurrency 99 rewrite_access Deny all url_rewrite_children 5 url_rewrite_concurrency 0 url_rewrite_host_header on storeurl_access Deny dontrewrite storeurl_access Allow store_rewrite_list_domain_CDN storeurl_access Allow store_rewrite_list storeurl_access Allow store_rewrite_list_domain store_rewrite_list_path storeurl_access Deny all redirector_bypass off location_rewrite_children 5 location_rewrite_concurrency 0 cache Deny QUERY max_stale 604800 seconds refresh_pattern windowsupdate.com/.*\.(cab|exe) 40320 100% 43200 reload-into-ims refresh_pattern update.microsoft.com/.*\.(cab|exe) 40320 100% 43200 reload-into-ims refresh_pattern download.microsoft.com/.*\.(cab|exe) 40320 100% 43200 reload-into-ims refresh_pattern imeem.*\.flv 0 0% 0 refresh_pattern ^ftp: 40320 20% 40320 override-expire reload-into-ims refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern \.rapidshare.*\/[0-9]*\/.*\/[^\/]* 161280 90% 161280 ignore-reload refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?) 5259487 99999999% 5259487 override-expire ignore-reload refresh_pattern \.(ico|video\-stats) 5259487 999999% 5259487 override-expire override-lastmod ignore-reload ignore-no-cache ignore-private ignore-auth negative-ttl=10080 refresh_pattern \.etology\? 5259487 999999% 5259487 override-expire ignore-reload ignore-no-cache refresh_pattern galleries\.video(\?|sz) 5259487 999999% 5259487 override-expire ignore-reload ignore-no-cache refresh_pattern brazzers\? 5259487 999999% 5259487 override-expire ignore-reload ignore-no-cache refresh_pattern \.adtology\? 5259487 999999% 5259487 override-expire ignore-reload ignore-no-cache refresh_pattern ^.*(utm\.gif|ads\?|advertising\.com|ad\.yieldmanager\.com|doubleclick\.net|adserving\.cpxinteractive\.com) 5259487 999999% 5259487 override-expire override-lastmod ignore-reload ignore-no-cache ignore-private ignore-auth refresh_pattern ^.*safebrowsing\.clients\.clients\.com\/safebrowsing 5259487 999999% 5259487 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth negative-ttl=10080 refresh_pattern ^http:\/\/((cbk|mt|khm)[0-9]?)\.google\.co(m|\.uk) 5259487 999999% 5259487 override-expire ignore-reload refresh_pattern ytimg\.com.*\.jpg 5259487 999999% 5259487 override-expire ignore-reload refresh_pattern (avgate|avira).*(idx|gz)$ 5259487 999999% 5259487 reload-into-ims ignore-no-cache refresh_pattern kaspersky.*\.avc$ 5259487 999999% 5259487 ignore-reload refresh_pattern kaspersky 1440 50% 161280 ignore-no-cache refresh_pattern images\.friendster\.com.*\.(png|gif) 5259487 999999% 5259487 override-expire ignore-reload refresh_pattern facebook.com.*\.(png|gif) 5259487 999999% 5259487 override-expire ignore-reload refresh_pattern garena\.com 5259487 999999% 5259487 override-expire reload-into-ims refresh_pattern photobucket.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 5259487 999999% 5259487 override-expire ignore-reload refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 5259487 999999% 5259487 override-expire override-lastmod ignore-no-cache refresh_pattern profile.ak.fbcdn.net.*\.jpg 40320 20% 40320 ignore-reload refresh_pattern -i \.(ico|js)$ 5259487 999999% 5259487 override-expire override-lastmod ignore-reload refresh_pattern -i \.(mov|mpg|mpeg|flv|avi|mp3|3gp|sis|wma) 5259487 999999% 5259487 override-lastmod reload-into-ims refresh_pattern -i \.(zip|rar|ace|bz|bz2|tar|gz|exe) 5259487 999999% 5259487 override-lastmod reload-into-ims refresh_pattern -i (.*html$|.*htm|.*shtml|.*aspx|.*asp) 5259487 999999% 5259487 override-lastmod reload-into-ims refresh_pattern -i \.(class|css|js|gif|jpg)$ 5259487 999999% 5259487 override-expire override-lastmod refresh_pattern -i \.(jpe|jpeg|png|bmp|tif)$ 5259487 999999% 5259487 override-expire override-lastmod refresh_pattern -i \.(tiff|mov|avi|qt|mpeg)$ 5259487 999999% 5259487 override-expire override-lastmod refresh_pattern -i \.(mpg|mpe|wav|au|mid)$ 5259487 999999% 5259487 override-expire override-lastmod refresh_pattern -i \.(zip|gz|arj|lha|lzh)$ 5259487 999999% 5259487 override-expire override-lastmod refresh_pattern -i \.(rar|tgz|tar|exe|bin)$ 5259487 999999% 5259487 override-expire override-lastmod refresh_pattern -i \.(hqx|pdf|rtf|doc|swf)$ 5259487 999999% 5259487 override-expire override-lastmod refresh_pattern -i \.(inc|cab|ad|txt|dll)$ 5259487 999999% 5259487 override-expire override-lastmod refresh_pattern \.(jp(e?g|e|2)|tiff?|bmp|gif|png) 5259487 999999% 5259487 override-expire reload-into-ims refresh_pattern \.(z(ip|[0-9]{2})|r(ar|[0-9]{2})|jar|bz2|gz|tar|rpm|vpu) 5259487 999999% 5259487 override-expire reload-into-ims refresh_pattern \.(mp3|wav|og(g|a)|flac|midi?|rm|aac|wma|mka|ape) 5259487 999999% 5259487 override-expire reload-into-ims ignore-reload refresh_pattern \.(exe|msi|dmg|bin|xpi|iso|swf|mar|psf|cab) 5259487 999999% 5259487 override-expire reload-into-ims refresh_pattern \.(mpeg|ra?m|avi|mp(g|e|4)|mov|divx|asf|wmv|m\dv|rv|vob|asx|ogm|flv|3gp|on2) 5259487 9999999% 5259487 override-expire reload-into-ims refresh_pattern -i (cgi-bin) 0 0% 0 refresh_pattern \.(php|jsp|cgi|asx)\? 0 0% 0 refresh_pattern \.(php|jsp) 0 0% 0 refresh_pattern . 0 50% 161280 quick_abort_min 0 KB quick_abort_max 0 KB quick_abort_pct 98 read_ahead_gap 16384 bytes negative_ttl 0 seconds positive_dns_ttl 43200 seconds negative_dns_ttl 60 seconds range_offset_limit -1 bytes minimum_expiry_time 60 seconds store_avg_object_size 13 KB store_objects_per_bucket 20 request_header_max_size 20480 bytes reply_header_max_size 20480 bytes request_body_max_size 0 Allow all request_body_delay_forward_size 0 Allow all upgrade_http0.9 Deny shoutcast via on cache_vary on broken_vary_encoding Allow apache collapsed_forwarding off collapsed_forwarding_timeout 30 refresh_stale_hit 0 seconds ie_refresh on vary_ignore_expire on request_entities off header_access Accept-Encoding Deny all relaxed_header_parser on server_http11 off ignore_expect_100 off forward_timeout 240 seconds connect_timeout 60 seconds peer_connect_timeout 30 seconds read_timeout 900 seconds request_timeout 300 seconds persistent_request_timeout 120 seconds client_lifetime 86400 seconds half_closed_clients off pconn_timeout 60 seconds shutdown_lifetime 6 seconds cache_mgr admin@kitmor16.net mail_program mail cache_effective_user proxy cache_effective_group proxy httpd_suppress_version_string off visible_hostname proxy.kitmor16.net unique_hostname proxy.pfsense umask 23 announce_period 31536000 seconds announce_host tracker.ircache.net announce_port 3131 httpd_accel_no_pmtu_disc off delay_pools 2 delay_class 1 2 delay_access 1 Allow admin delay_access 1 Deny all delay_parameters 1 -1/-1 -1/-1 delay_class 2 2 delay_access 2 Allow download delay_access 2 Deny all delay_parameters 2 -1/-1 10000/10000 delay_initial_bucket_level 100 client_persistent_connections off server_persistent_connections on persistent_connection_after_error off detect_broken_pconn off digest_generation on digest_bits_per_entry 5 digest_rebuild_period 3600 seconds digest_rewrite_period 3600 seconds digest_swapout_chunk_size 4096 bytes digest_rebuild_chunk_percentage 10 snmp_port 3401 snmp_access Allow snmppublic snmp_hosts snmp_access Deny all snmp_incoming_address 0.0.0.0 snmp_outgoing_address 255.255.255.255 icp_port 0 log_icp_queries on udp_incoming_address 0.0.0.0 udp_outgoing_address 255.255.255.255 udp_outgoing_address6 [ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff] udp_incoming_address6 [::]f:ffff:ffff:ffff:ffff:ffff:ffff:ffff] icp_hit_stale off minimum_direct_hops 4 minimum_direct_rtt 400 netdb_low 900 netdb_high 1000 netdb_ping_period 300 seconds query_icmp off test_reachability off icp_query_timeout 0 maximum_icp_query_timeout 2000 minimum_icp_query_timeout 5 mcast_icp_query_timeout 2000 icon_directory /usr/local/etc/squid/icons global_internal_static on short_icon_urls off error_directory /usr/local/etc/squid/errors/English err_html_text deny_info TCP_RESET localnet nonhierarchical_direct on prefer_direct off ignore_ims_on_miss off always_direct Allow localhost to_localnet always_direct Deny all max_filedescriptors 8192 tcp_recv_bufsize 0 bytes incoming_rate 30 check_hostnames off allow_underscore on dns_retransmit_interval 5 seconds dns_timeout 60 seconds dns_defnames off dns_nameservers 192.168.11.1 dns_nameservers 202.134.1.10 dns_nameservers 203.130.254.140 dns_nameservers 202.134.1.10 hosts_file /etc/hosts dns_testnames 127.0.0.1 ignore_unknown_nameservers on ipcache_size 8192 ipcache_low 98 ipcache_high 99 fqdncache_size 8192 memory_pools off memory_pools_limit 0 bytes forwarded_for off cachemgr_passwd none all client_db off reload_into_ims on maximum_single_addr_tries 5 retry_on_error off as_whois_server whois.ra.net offline_mode off uri_whitespace strip coredump_dir none balance_on_multiple_ip on pipeline_prefetch on high_response_time_warning 0 high_page_fault_warning 0 high_memory_warning 0 bytes sleep_after_fork 0 zero_buffers on windows_ipaddrchangemonitor on n_aiops_threads -1 client_socksize -1 load_check_stopen on load_check_stcreate on download_fastest_client_speed off
-
untuk kondisi cache_dir ditempat anda, jika partisi cache tersendiri
tambahkan option cache1-cache3 di /etc/fstab dengan option noatime (ex:/dev/ad0s1g /cache ufs rw,noatime 2 2)
warning: kalau hardisk cuman satu, gunakan 1 cache_dir saja, kecuali anda menggunakan 3 hardisk fisik, kerja hardisk akan menjadi lemot jika 1 hardisk di gunakan lebih dari 1 cache_dirutk tunning option ganti option ini :
di config squid
di web config :
cache_mem 256 MB menjadi cache_mem 32 MBdi squid.inc
hierarchy_stoplist cgi-bin ? .js .jsp menjadi hierarchy_stoplist cgi-bin ?di tunning.conf
range_offset_limit -1 menjadi range_offset_limit 0
download_fastest_client_speed off menjadi download_fastest_client_speed on
n_aiops_threads -1 menjadi n_aiops_threads 16Rasio hit byte dihitung sedikit berbeda daripada rasio hit request. Squid menghitung jumlah byte yang dibaca dari jaringan di sisi server, dan jumlah byte yang ditulis ke sisi klien. Rasio hit byte dihitung dari :
Byte Hit Ratios = (client_bytes - server_bytes) / client_bytes
Jika server_bytes lebih besar daripada client_bytes, Nilai byte hit berakhir dengan nilai negatif.
Nilai server_bytes mungkin lebih besar daripada client_bytes untuk bebrapa alasan:
1. Cache Digests dan request lainnya yang dihasilkan secara internal. Pesan Digest cache cukup besar dan dihitung dalam server_bytes, tapi karena mereka dikonsumsi secara internal di sisi server, mereka tidak menghitung dalam client_bytes.
2. User-membatalkan permintaan request. atur nilai quick_abort*
3. Beberapa permintaan dapat mengkonsumsi lebih banyak bandwidth pada sisi server daripada di sisi klien. Dalam berbagai permintaan, klien meminta hanya mengambil beberapa bagian dari objek. Squid dapat memutuskan untuk mengambil seluruh objek sehingga dapat digunakan di kemudian hari. Ini berarti men-download lebih dari server daripada pengiriman ke klien. Anda dapat mempengaruhi perilaku ini dengan opsi range_offset_limit menjadi 0 -
Ini OM tolong di koreksi, saya tidak mengerti hasilnya bagus atau nggak?
Gimana tanda2nya bisa dikatakan bagus tidaknya squid pada info tersebut,.,.?$ squidclient -p 80 cache_object://localhost/ mgr:info
HTTP/1.0 200 OK
Server: squid/2.6.STABLE21
Date: Wed, 11 Nov 2009 03:13:53 GMT
Content-Type: text/plain
Expires: Wed, 11 Nov 2009 03:13:53 GMT
Last-Modified: Wed, 11 Nov 2009 03:13:53 GMT
X-Cache: MISS from hotspot.daruttaqwa
Proxy-Connection: closeSquid Object Cache: Version 2.6.STABLE21
Start Time: Tue, 10 Nov 2009 15:39:27 GMT
Current Time: Wed, 11 Nov 2009 03:13:53 GMT
Connection information for squid:
Number of clients accessing cache: 0
Number of HTTP requests received: 47979
Number of ICP messages received: 37672
Number of ICP messages sent: 37678
Number of queued ICP replies: 0
Number of HTCP messages received: 0
Number of HTCP messages sent: 0
Request failure ratio: 0.00
Average HTTP requests per minute since start: 69.1
Average ICP messages per minute since start: 108.5
Select loop called: 754215 times, 55.243 ms avg
Cache information for squid:
Request Hit Ratios: 5min: 29.1%, 60min: 28.0%
Byte Hit Ratios: 5min: 20.7%, 60min: 21.0%
Request Memory Hit Ratios: 5min: 11.7%, 60min: 32.1%
Request Disk Hit Ratios: 5min: 50.0%, 60min: 50.8%
Storage Swap size: 663102 KB
Storage Mem size: 119204 KB
Mean Object Size: 9.92 KB
Requests given to unlinkd: 0ini squid sudah jalan berapa hari? cachenya masih kecil cuma 600Mb, sedang cache_mem nya sudah 100Mb, turunkan cache_mem nya, biarkan hardisk yang bekerja keras,
-
3 Hari Om he he,.,., soalnya, kemarin Ke Lusca 1.4 terus –enable-arp-acl g' bisa cara configurasi ulang, cache lama delete semua, trs awal lagi... pengguna hotspot pada rame tuh... Om lihat aja di http://daruttaqwa.org/hotspot2 atau http://hotspot.daruttaqwa.org pada perang tuh anak2. soalnya saya matikan terus... he he
-
3 Hari Om he he,.,., soalnya, kemarin Ke Lusca 1.4 terus –enable-arp-acl g' bisa cara configurasi ulang, cache lama delete semua, trs awal lagi... pengguna hotspot pada rame tuh... Om lihat aja di http://daruttaqwa.org/hotspot2 atau http://hotspot.daruttaqwa.org pada perang tuh anak2. soalnya saya matikan terus... he he
kenapa musti di delete, kalau migrasi squid filesystemnya sama (aufs ke aufs / diskd ke diskd) gak usah di delet cache, cukup di squid -z aja, untuk support acl arp, bukan lewat config, tapi harus di build ulang.
silahkan sedot disini lusca vanila yang sudah support arp-acl
fetch http://shakau.googlepages.com/vanila-arp-lusca-1.4.tbz
-
Wah,,, makasih OM,.,. waduh,.,., ada aja Om grage95 in.,.,
tadi Q udah turunkan cache_mem menjadi 64 terus maxfile mem 64 kb jadinya,.,. setelah 15 menit…
ternyata........Cache information for squid:
Request Hit Ratios: 5min: 25.2%, 60min: 28.2%
Byte Hit Ratios: 5min: 21.7%, 60min: 22.4%
Request Memory Hit Ratios: 5min: 1.8%, 60min: 1.7%
Request Disk Hit Ratios: 5min: 77.2%, 60min: 57.8%
Storage Swap size: 800112 KB
Storage Mem size: 6820 KB
Mean Object Size: 9.84 KB
Requests given to unlinkd: 0lumyana,.,. thank buaaaaaaaaaaaanyak,.,.,
tenyata squid memang "iso cak asal sesuai aturan"(nada projeckpo) ha ha
Oke,.,. mau testing yg support arp ,.,., panjang umur Om grage95.