install squid proxy on centos :
1/ yum update -y
2/ yum groupinstall “Development Tools” -y
3/ yum install libxml2-devel libcap-devel -y
4/ yum install kernel-devel kernel-headers -y
5/ yum install httpd nano -y
6/ yum install squid -y
7/ rm -rf /etc/squid/squid.conf
8/ touch /etc/squid/squid.conf
9/nano /etc/squid/squid.conf

dns_nameservers 8.8.8.8 8.8.4.4 4.2.2.1 4.2.2.6 198.6.1.3 204.117.214.10 207.172.11.73
dns_defnames on
dns_retransmit_interval 2 seconds
dns_timeout 5 minutes
balance_on_multiple_ip on
cache_mgr not_to_be_disturbed
client_db on
detect_broken_pconn on
half_closed_clients off
httpd_suppress_version_string on
ignore_unknown_nameservers on
pipeline_prefetch on
prefer_direct on
query_icmp on
range_offset_limit -1
retry_on_error on
server_persistent_connections on
strip_query_terms off
uri_whitespace strip

## untuk password untuk versi 32bit, lokasi file ganti seperti di bawah ini :
## /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hour
# ACCESS CONTROLS
######################
#Recommended minimum configuration:
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

# local networks.
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network

acl SSL_ports port 21 22 25 53 109 143 443 554 563 993 21976
acl Safe_ports port 53 80 136 137 182
acl Safe_ports port 22 25 70 210 280
acl Safe_ports port 143 443 554 563 993
acl Safe_ports port 1025-65535
acl Safe_ports port 8000-8090
acl Safe_ports port 67-68
acl Safe_ports port 123 465 488 587 591 777 6667
acl Safe_ports port 9000-9091
acl Safe_ports port 110 119 995 2030 2401 3306 3690 6881 8443 8843
acl ncsa_users proxy_auth REQUIRED
acl CONNECT method CONNECT
#
#Recommended minimum configuration:
######################
## Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
##
http_access allow localhost
http_access allow ncsa_users
http_access deny to_localhost
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
##
## disable multicast icp
miss_access allow all
ident_lookup_access deny all

# NETWORK OPTIONS
######################
http_port 4901

# Leave coredumps in the first cache dir
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_access_log none
cache_store_log none
#
hierarchy_stoplist cgi-bin ?
acl apache rep_header Server ^Apache

ipcache_size 8192
ipcache_low 90
ipcache_high 95

#cache_dir null /tmp
cache_mem 50 MB
cache_dir ufs /var/spool/squid/cache0 1000 16 256
cache_dir ufs /var/spool/squid/cache1 1000 16 256
cache_dir ufs /var/spool/squid/cache2 1000 16 256
cache_dir ufs /var/spool/squid/cache3 1000 16 256
deny_info ::0 all

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern . 0 20% 4320

visible_hostname google.com

10/ touch /etc/squid/squid_passwd
11/ chown root.root /etc/squid/squid_passwd
12/ htpasswd -b /etc/squid/squid_passwd aulialpa 123456
13/ cd /var/spool
14/ chmod 775 squid
15/ chmod g+w squid
16/ squid -z
17/ squid -d 1 -D
# tekan CTRL+C=================
18/ service squid restart
19/ chkconfig –add squid
20/ chkconfig squid on
21/ service squid status

Leave a Reply

Your email address will not be published. Required fields are marked *