Berikut Squid untuk kantor yang ingin memLimit akses internet pada jam tertentu dan memBLok / meAllow website tertentu.
Dibawah ini adalah Squid setingan saya sendiri dengan cara kerja nya adalah
- Akses Internet User pada jam Istirahat, yaitu jam 12:00 sampai jam 12:45
artinya : User tersebut cuma dikasih akses internet cuma 45 menit sesuai jam yang di atur pada squid
- Blok website yang ada pada blok.txt
artinya : akan memBlok website tertentu sesuai yang ada di file blok.txt ( jadi isi saja alamat web yang ada
di blok.txt)
- Allow website yang ada pada allow.txt
artinya : akan memAllow website tertentu sesuai yang ada di file allow.txt ( jadi isi saja alamat web yang ada
di allow.txt)
di allow.txt)
| ################################# # INFO-WAROENKOMPUTER SQUID 2.7 # date : 01 JANUARI 2012 ################################# # ACCESS CONTROLS # --------------- acl QUERY urlpath_regex -i cgi-bin \? \.php$ \.asp$ \.shtml$ \.cfm$ \.cfml$ \.phtml$ \.php3$ localhost acl localnet src 192.168.0.0/24 # SET PROXY USER # --------------- acl nonlimit src 192.168.0.1 acl limit src 192.168.0.2 acl all src 0.0.0.0/0.0.0.0 acl localhost src 127.0.0.1/32 # SET TIME ACCESS # --------------- acl pagi time SMTWHFA 06:00-12:00 acl sore time SMTWHFA 12:45-21:00 # BLOK WEBSITE # --------------- acl bloksite url_regex -i "/etc/squid/blok.txt" acl allowsite url_regex -i "/etc/squid/allow.txt" acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 81 3128 1025-65535 acl sslports port 443 563 81 acl manager proto cache_object acl purge method PURGE acl connect method CONNECT acl ym dstdomain .messenger.yahoo.com .psq.yahoo.com acl ym dstdomain .us.il.yimg.com .msg.yahoo.com .pager.yahoo.com acl ym dstdomain .rareedge.com .ytunnelpro.com .chat.yahoo.com acl ym dstdomain .voice.yahoo.com acl ymregex url_regex yupdater.yim ymsgr myspaceim # BLOK WEBSITE # --------------- http_access deny bloksite # ALLOW WEBSITE # --------------- http_access allow allowsite # SET PROXY USER # --------------- http_access allow nonlimit # SET TIME ACCESS # --------------- http_access deny pagi http_access deny sore http_access allow limit http_access deny ym http_access deny ymregex http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !safeports http_access deny CONNECT !sslports http_access allow localhost http_access deny all # NETWORK OPTIONS # --------------- http_port 3128 icp_access deny all # OPTIONS WHICH AFFECT THE CACHE SIZE # ----------------------------------- cache_mem 256 MB maximum_object_size_in_memory 32 KB memory_replacement_policy heap GDSF cache_replacement_policy heap LFUDA cache_dir aufs /cache 4000 10 256 maximum_object_size 128000 KB cache_swap_low 90 cache_swap_high 95 update_headers off # LOGFILE PATHNAMES AND CACHE DIRECTORIES # --------------------------------------- #access_log /cache/access.log access_log none access_log /var/log/squid/access.log #cache_log /cache/cache.log #cache_log /dev/null cache_store_log none logfile_rotate 5 log_ip_on_direct off log_icp_queries off buffered_logs off netdb_filename none client_db off #pid_filename /var/run/squid.pid # OPTIONS FOR TUNING THE CACHE # ---------------------------- cache deny QUERY refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i \.(gif|png|jp?g|ico|bmp|tiff?)$ 10080 95% 43200 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private refresh_pattern -i \.(rpm|cab|deb|exe|msi|msu|zip|tar|gz|tgz|rar|bin|7z|doc?|xls?|ppt?|pdf|nth|psd|sis)$ 10080 90% 43200 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private refresh_pattern -i \.(avi|iso|wav|mid|mp?|mpeg|mov|3gp|wm?|swf|flv|x-flv|axd)$ 43200 95% 432000 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private refresh_pattern -i \.(html|htm|css|js)$ 1440 75% 40320 refresh_pattern -i \.index.(html|htm)$ 0 75% 10080 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 1440 90% 10080 quick_abort_min 0 KB quick_abort_max 0 KB quick_abort_pct 100 store_avg_object_size 13 KB # HTTP OPTIONS # ------------ server_http11 on collapsed_forwarding on vary_ignore_expire on # ANONIMITY OPTIONS # ----------------- header_access From deny all header_access Server deny all header_access Link deny all header_access Via deny all header_access X-Forwarded-For deny all # TIMEOUTS # -------- forward_timeout 240 second connect_timeout 30 second peer_connect_timeout 5 second read_timeout 600 second request_timeout 60 second persistent_request_timeout 60 second client_lifetime 86400 second half_closed_clients off pconn_timeout 60 second shutdown_lifetime 10 second # ADMINISTRATIVE PARAMETERS # ------------------------- cache_mgr waroenkomputer cache_effective_user proxy cache_effective_group proxy httpd_suppress_version_string on visible_hostname waroenkomputer # ADVANCED NETWORKING OPTIONS # --------------------------- max_filedescriptors 2048 # DNS OPTIONS # ----------- check_hostnames off #DNS NAWALA dns_nameservers 180.131.144.144 dns_nameservers 180.131.144.145 hosts_file /etc/hosts ipcache_size 8192 ipcache_low 90 ipcache_high 95 # MISCELLANEOUS # ------------- memory_pools off forwarded_for off reload_into_ims on coredump_dir /cache pipeline_prefetch on offline_mode off ###### END CONFIGURATION ########### |
Selamat mencoba dan berExperimen ...
0 komentar:
Posting Komentar