script lusca.docx

58
[ARCHIVE] SQUID & LUSCA Proxy High performance + Caching dynamic content default config squid tidak di dedikasikan utk caching dynamic content, terutama utk file2 dynamic (kayak youtube dan google addssense dll) file2 itu biasanya membuat penuh cache tapi karena content dynamic oleh squid pasti akan dianggap miss dan akan mendownload lagi jadi bisa membuat posioning cache untuk update squid ke lusca silahkan ikuti cara2 ini (contoh utk redhat base & freebsd base) cara2nya (pake putty aja enak), apa itu puty silahkan baca disin i : untuk keluarga redhat-5 (centos-5.x, fedora, clearOS dll) stop dulu servis squid nya /etc/init.d/squid stop backup dulu squid.conf nya di /etc/squid/squid.conf delet squid lama rpm -e squid-xxx(versi squid) delete file di directory cache_dir ex: rm -rf /cache/* download package lusca NEW LUSCA UBUNTU-64 BIT (SVN checkout 24 Maret 2010) hxxp://squid-proxy-pkg.googlecode.com/files/deb-lusca-r14499- 64.tar.bz2 Quote:

Transcript of script lusca.docx

Page 1: script lusca.docx

[ARCHIVE] SQUID & LUSCA Proxy High performance + Caching dynamic content

default config squid tidak di dedikasikan utk caching dynamic content, terutama utk file2 dynamic (kayak youtube dan google addssense dll) file2 itu biasanya membuat penuh cache tapi karena content dynamic oleh squid pasti akan dianggap miss dan akan mendownload lagi jadi bisa membuat posioning cache

untuk update squid ke lusca silahkan ikuti cara2 ini (contoh utk redhat base & freebsd base)

cara2nya (pake putty aja enak), apa itu puty silahkan baca disini :

untuk keluarga redhat-5 (centos-5.x, fedora, clearOS dll)stop dulu servis squid nya/etc/init.d/squid stop

backup dulu squid.conf nya di /etc/squid/squid.confdelet squid lama rpm -e squid-xxx(versi squid)

delete file di directory cache_direx:rm -rf /cache/*

download package lusca

NEW LUSCA UBUNTU-64 BIT (SVN checkout 24 Maret 2010)

hxxp://squid-proxy-pkg.googlecode.com/files/deb-lusca-r14499-64.tar.bz2

Quote:

NEW LUSCA Release 14410 (SVN checkout 16 February 2010)hxxp://squid-packge.googlecode.com/files/LUSCA_HEAD-r14410-1_el5.i386.rpmhxxp://squid-packge.googlecode.com/files/LUSCA_HEAD-r14410-1_el5.x86_64.rpm

wget hxxp://squid-packge.googlecode.com/files/LUSCA_HEAD-r14371-1_el5.i386.rpm

trus di intstall

rpm -Uvh LUSCA_HEAD-r14371-1_el5.i386.rpmtrus download file2 confignya

cd /etc/squid/

Page 2: script lusca.docx

wget hxxp://squid-proxy-pkg.googlecode.com/files/squid.confwget hxxp://squid-proxy-pkg.googlecode.com/files/storeurl-el5.plwget hxxp://squid-proxy-pkg.googlecode.com/files/tunning-el5.conf

chmod +x storeurl-el5.plchown squid:squid tunning-el5.confchown squid:squid storeurl-el5.pldan silahkan sesuaikan configurasi cache_dir,allow netlocal dll di tempat anda di file squid.conf

update tunning sysctl.confcd /etc/wget hxxp://squid-packge.googlecode.com/files/sysctl.conf-el5mv sysctl.conf-el5 sysctl.conf

rebuild cache

cek configurasisquid -k parse

jika tidak ada error, rebuild cache swapsquid -z

start servis squid

/etc/init.d/squid start

catatan:dengan 6 client aktif perhari saja, cache swap bisa mencapai 1 Gb perhari, dan lusca hanya support aufs dan coss, tidak support ufs dan diskd (obsolete)

sources LUSCA rpm : hxxp://squid-packge.googlecode.com/files/LUSCA_HEAD-r14371-1_el5.src.rpm

utk keluarga freebsd (pfsense ):

stop dulu servis squidnya (bisa lewat web kalo di pfsense)delete directory cache_dir (default di /var/squid/cache)rm -rf /var/squid/cache/*

delet dulu squid lama

pkg_delete squid\*

install lusca update release from svn lusca-head-r14410

Page 3: script lusca.docx

Quote:

hxxp://squid-packge.googlecode.com/files/lusca-head-r14410_1.tbz

pkg_add -rv hxxp://squid-proxy-pkg.googlecode.com/files/freebsd-lusca-head-r14371_3.tbzrehashsquid -v

kemudian baru di tunning kernel dan squidnya :masuk ke directory squidcd /usr/local/etc/squid/download dulu tunning squidnya fetch hxxp://freebsd-squid-system.googlecode.com/files/tunning.confdownload program store dynamic cache fetch hxxp://freebsd-squid-system.googlecode.com/files/storeurl.pl

ubah mode filenya :chmod +x storeurl.pl

chown proxy roxy storeurl.pl

chown proxy roxy tunning.conf

download tunning kernelcd /etcfetch hxxp://freebsd-squid-system.googlecode.com/files/sysctl.confcd /bootfetch hxxp://freebsd-squid-system.googlecode.com/files/loader.conf

trus tambahin option tunning dengan menambah link baris di/usr/local/pkg/squid.inccari kata2 ini pake winscpacl dynamic urlpath_regex cgi-bin \?dan tambahkan ini dibawahnyainclude /usr/local/etc/squid/tunning.conf

trus rebuild cache

squid -z

sebelum servis dijalankan, cek apakah ada yang salah dengan confignya :

squid -k parse jika tidak ada error, start servis squidnya (bisa lewat web) atau reboot server nya

untuk keluarga debian (ubuntu,kubuntu dll) dan slackware filenya masih belum di upload, atau silahkan build sendiri dari sources hehehe

Page 4: script lusca.docx

copy patse dr bawah just info :

configurasi tunning*.conf gak akan jalan kalau menggunakan sources lusca originalnya, package yang di buat (rpm dan bz) sudah di patch untuk optimasi refresh_pattern. beberapa perbedaan yang dibuat .1. support for refresh_pattern store-stale (belum ada di squid-2.7 dan lusca original)2.tambahan ignore-no-store,ignore-must-revalidate (belum ada di squid-2.7 dan lusca original),3. patch loop untuk content video (akan muncul cacheHit dan looping terdetetect maka download ulang content yang sama akan di stop.4. patch varry on, jika menggunakan default lusca / squid-2.7.x dengan menggunakan configurasi storeurl_rewrite_program, jangan di reboot servernya, jika reboot, file content dynamic akan menjadi miss

untuk test case, silahkan tambahkan option store-stale di setaip refresh_pattern, pastin beda penuhnya cache dengan tanpa store-stale

Update Ubuntu/Debian Base i386

Ubuntu/Debian base i386Quote:

hxxp://squid-proxy-pkg.googlecode.com/files/lusca_r144281-ubuntu-i386.tar.bz2

silahken di sedot http://squid-packge.googlecode.com/f...-lusca.tar.bz2http://www.forummikrotik.com/redirect-to/?redirect=http%3A%2F%2Fsquid-packge.googlecode.com%2Ffiles%2Fpatch-lusca.tar.bz2http://www.forummikrotik.com/redirect-to/?redirect=http%3A%2F%2Fsquid-packge.googlecode.com%2Ffiles%2Fpatch-lusca.tar.bz2patch fitur2 itu hasil utak atik gathuk dari fitur sources squid-2-HEAD, trus di modif agar cucok di lusca. dan bisa juga di modif ke squid-2.7.7, utk squid-3 gak bisa, beda compiler kekeke

utuk paket ubuntu nanti saya upload LUACA_HEAD-r14371-ubuntu-1_i386.deb,

yups paling mudah download menggunakan svnsvn checkout hxxp://lusca-cache.googlecode.com/svn/branches/LUSCA_HEAD/ lusca-cache-read-only

[SQUID] squid-2.7.STABLE8 khusus ubuntu/debian i386

This image has been resized. Click this bar to view the full image. The original image is sized

Page 5: script lusca.docx

663x275.

This image has been resized. Click this bar to view the full image. The original image is sized 751x217.

support :

Sedot packagenya :

squid-2.7.STABLE8Code:

cd /tmpwget hxxp://squid-proxy-pkg.googlecode.com/files/squid-2.7.STABLE8-ubuntu-i386.tar.bz2tar xvf squid-2.7.STABLE8-ubuntu-i386.tar.bz2cd squid-2.7.STABLE8-ubuntu-i386mv /etc/squid/squid.conf /etc/squid/squid.conf.backupcp config/* /etc/squid/

Update Package squid-2.7.STABLE9hxxp://squid-proxy-pkg.googlecode.com/files/squid-2.7.STABLE9-ubuntu-i386.tar.bz2

Page 6: script lusca.docx

silahkan sesuaikan dulu squid.conf di /etc/squid/squid.conf dengan kondisi di tempat anda (cache_dir, cache_mem, dns dll)

trus unisntal squid lama (jika ada) dan install squid baru

Code:

dpkg -r squid squid-common squidclient squid-langpack squid-cgidpkg -i squid_2.7.STABLE8-1_i386.deb \squidclient_2.7.STABLE8-1_i386.deb squid-langpack_20100111-1_all.deb \squid-cgi_2.7.STABLE8-1_i386.deb squid-common_2.7.STABLE8-1_all.deb

Tipsgunakan filesystem ext4 dengan option noatime,nobarier/barier=0 di fstab / reiserfs dgn option

noatime, notail

jika client lebih dari 50, gunakan minimal 2 hardisk agar tidak terjadi bootlenect di HD sesuikan besarnya cache_dir dengan merujuk tersedianya ram fisik, jangan kemaruk nanti

berakibat buruk non aktifkan servis2 yang tidak penting agar memory lebih optimal

* itu tergantung topologi networknya om,pake iptables kalo proxy di jadikan model router,kalo gak ya disable saja servis iptables nya

* diatas sudah ada step2 upgrade squid dan sudah di patch ajian jaran goyang

oh iya satu lagi, utk yang memory minimal 1Gb, optimalkan kernel /etc/sysctl.conf

sysclt.conf Code:

# Locate /etc/sysctl.conf# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and# sysctl.conf(5) for more details.

#max openfiles

Page 7: script lusca.docx

fs.file-max = 65536

#Minimalis use swap diskvm.drop_caches = 3vm.swappiness = 3

#kernel.shmall = 2097152#kernel.shmmax = 2147483648#kernel.shmmni = 4096#kernel.sem = 250 32000 100 128

net.ipv4.ip_local_port_range = 1024 65000net.core.rmem_default = 262144net.core.rmem_max = 262144net.core.wmem_default = 262144net.core.wmem_max = 262144net.ipv4.tcp_low_latency = 1net.core.netdev_max_backlog = 4000net.ipv4.tcp_max_syn_backlog = 16384net.ipv4.tcp_syncookies = 1net.ipv4.tcp_timestamps = 1net.ipv4.tcp_window_scaling = 1net.ipv4.tcp_sack = 1net.ipv4.tcp_timestamps = 1net.ipv4.tcp_sack = 1net.ipv4.tcp_mem = 786432 1048576 1572864net.ipv4.tcp_rmem = 4096 87380 4194304net.ipv4.tcp_wmem = 4096 65536 4194304#net.ipv4.tcp_rmem = 4096 87380 8388608#net.ipv4.tcp_wmem = 4096 65536 8388608net.core.wmem_max = 8388608net.core.rmem_max = 8388608net.ipv4.tcp_tw_recycle = 1

# Controls IP packet forwardingnet.ipv4.ip_forward = 1

# Controls source route verificationnet.ipv4.conf.default.rp_filter = 1

# Do not accept source routingnet.ipv4.conf.default.accept_source_route = 0

# Controls the System Request debugging functionality of the kernelkernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename# Useful for debugging multi-threaded applicationskernel.core_uses_pid = 1

# Controls the use of TCP syncookiesnet.ipv4.tcp_syncookies = 1

# Controls the maximum size of a message, in byteskernel.msgmnb = 65536

Page 8: script lusca.docx

# Controls the default maxmimum size of a mesage queuekernel.msgmax = 65536

# Controls the maximum shared segment size, in byteskernel.shmmax = 68719476736

# Controls the maximum number of shared memory segments, in pageskernel.shmall = 4294967296

setelah di save, baru di sysctl -p

rasakan bedanya

catatan : utk ram 512Mb kurangi saja parameter *mem di kolom ke dua dan tiga menjadi setengahnya, kolom ke satu biarkan saja

tips:jika memory > 256Mb,

utak atik config di tunning.conf

contoh :Code:

............storeurl_rewrite_program /usr/local/etc/squid/storeurl.plstoreurl_rewrite_children 7 storeurl_rewrite_concurrency 60............

dan aktifkan : server_http11 on

Squid Cache: Version 2.7.STABLE8-20100216configure options: '--prefix=/usr' '--exec_prefix=/usr' '--bindir=/usr/sbin' '--sbindir=/usr/sbin' '--libexecdir=/usr/lib/squid' '--sysconfdir=/etc/squid' '--localstatedir=/var/spool/squid' '--datadir=/usr/share/squid' '--enable-async-io=24' '--with-aufs-threads=24' '--with-pthreads' '--enable-storeio=aufs' '--enable-linux-netfilter' '--enable-arp-acl' '--enable-epoll' '--enable-removal-policies=heap' '--enable-snmp' '--enable-delay-pools' '--enable-htcp' '--enable-cache-digests' '--disable-unlinkd' '--enable-referer-log' '--enable-useragent-log' '--enable-follow-x-forwarded-for' '--enable-large-cache-files' '--enable-default-err-language=English' '--enable-err-languages=English' '--with-large-files' '--with-maxfd=65536' 'i386-debian-

Page 9: script lusca.docx

linux' 'build_alias=i386-debian-linux' 'host_alias=i386-debian-linux' 'target_alias=i386-debian-linux' 'CFLAGS=-Wall -g -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions' 'CPPFLAGS='

tunninf.conf bisa di gunakan, asal sudah di patch.

lusca versi terbaru : LUSCA_HEAD-r14436.tar.bz2 with patch = -ignore-must-revalidate-add Improve %nn parser to better deal with certain odd %nn sequences

http://www.forummikrotik.com/redirect-to/?redirect=http%3A%2F%2Fsquid-proxy-pkg.googlecode.com%2Ffiles%2FLUSCA_HEAD-r14436.tar.bz2

creative# uname -a

FreeBSD creative.info 8.2-RELEASE FreeBSD 8.2-RELEASE #0 r219081M: Wed Mar 2 08:23:31 CET 2011 root@www4:/usr/obj/i386/usr/src/sys/GENERIC i386

creative# squid -v

Squid Cache: Version LUSCA_HEAD-r14809

configure options: '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/sbin' '--sbindir=/usr/sbin' '--libexecdir=/usr/libexec/squid' '--sysconfdir=/usr/local/etc/squid' '--localstatedir=/var/log/squid' '--datadir=/usr/share/squid' '--enable-async-io=24' '--with-aufs-threads=24' '--with-pthreads' '--enable-storeio=aufs,coss,null' '--disable-linux-netfilter' '--enable-kqueue' '--enable-arp-acl' '--disable-linux-tproxy' '--disable-epoll' '--enable-removal-policies=heap' '--with-aio' '--with-dl' '--enable-snmp' '--enable-delay-pools' '--enable-htcp' '--enable-cache-digests' '--disable-unlinkd' '--enable-large-cache-files' '--with-large-files' '--enable-err-languages=English' '--enable-default-err-language=English' '--with-maxfd=65536'

Page 10: script lusca.docx

squidclient mgr:delay

topologi netnya gimana ?

jika beda ether di mikrotik bisa seperti ini :

/ip fi naadd chain=dstnat action=dst-nat to-addresses=IP-PROXY to-ports=3128 \protocol=tcp src-address=x.x.x.x/xx dst-address=!IP-PROXY \in-interface=LAN dst-port=80

*[BOLD] sesuiakan dg ip proxy & net client, atau bisa gunakan src-adress-list

good luck

Inet1 & Inet2(ether1&2) ---- Mikrotik (192.168.1.1) ---- AP (192.168.2.2)(ether5) ---- Client (192.168.2.10

Page 11: script lusca.docx

- 192.168.2.40).............................................|.............................................|.................................PC Linux dgn Squid (192.168.1.2)(ether4)

Mohon maaf krn saya sendiri disettingkan oleh Bro Uburcumi jadi saya jg gak tau mengenai nat, mangle,

dkk nya

ane hanya mencoba mempelajarinya , tp msh meraba-raba

cache_log itu sangat penting utk debugging

kalau sudah YAKIN BETUL bahwa squidnya 100% berjalan sempurna ya tidak apa2 cache_log none, tapu bagsunya bukan none, cache_log /dev/null

squidclient mgr:config | grep cache_dir

Tips biar ngacir:1 disk = 1 partisi cache_dircache_dir hrs partisi tersendiriGunakan lebih dr 1 disk utk cacheGunakan disk dg rpm tinggiCache_dir besarnya hrs mengacu pd memory fisikCache_mem bs dimulai dr 8mb & bs dinaikkan pelan2,smakin besar, smakin lama memindahkan ke disk. Buang acl yg tdk perluBuat logrotate < 2Matikan log2 yg tdk penting

1 gb cache membutuhkan 10 mb ram. Jadi silahkan dikira2 berapa cache yg layak ditambah berapa ram yg digunakan utk servis lainya (kernel sytem,driver,servisis dll)Jika hnya 1 disk. Gunakan 1 sj partisi cache. Jika lebih dr satu, squid jd kurang responsif. Partis cache sbaiknya stelah partisi system /, dan satu lg perhitungan L1 & L2 hrs seimbang dgn nilai L2=256 & rata2 object cache 13 kb. Cari di google 'formula cache_dir'

coba membantu misal :

cache_dir 16 GB di squid.conf Quote:

Page 12: script lusca.docx

cache_dir coss /cache1/coss 16384 max-size=65535 block-size=4096cache_dir aufs /cache0 32768 64 256 min-size=65535cache_swap_log /var/spool/squid/%s

agar partisi support coss :

Quote:

dd if=/dev/zero bs=1048576 count=<size> of=<outfile>

contoh jika partisi cache0 /dev/ad0s3f & ingin membuat coss 16Gbdd if=/dev/ad0s3f bs=1048576 count=16384 of=/cache2/coss

referensi : http://wiki.squid-cache.org/Features...tStorageSystem

http://www.forummikrotik.com/redirect-to/?redirect=http%3A%2F%2Fwiki.squid-cache.org%2FFeatures%2FCyclicObjectStorageSystem

ya kurang lebih seperti yg bro siber uraikan, nambahin sedikit.. utk block-size biar akurat ada itung²annya..

krn file number di squid cuma 24bit, rumus yg dipake

Code:

size=block-size x 2^24

contoh :

utk block-size : 512 byte, kira² alokasi cache_dirnya :

Code:

512 x 2^24=8GB

kalo utk di contoh bro siber 16 Gb, kira² »

Code:

1024 x 2^24=16Gb

jd utk 16Gb amannya pake block-size=1024

kalo gak mau susah² ngitung, ini patokannya :

Quote:

Page 13: script lusca.docx

block-size=512 - 8GB Max cache_dir sizeblock-size=1024 - 16GB Max cache_dir sizeblock-size=2048 - 32GB Max cache_dir sizeblock-size=4096 - 64GB Max cache_dir sizeblock-size=8192 - 128GB Max cache_dir size

update squid-2.7.STABLE9-ubuntu-i386, link di page 1

Quote:

squid -vSquid Cache: Version 2.7.STABLE9 build by grage95configure options: '--prefix=/usr' '--exec_prefix=/usr' '--bindir=/usr/sbin' '--sbindir=/usr/sbin' '--libexecdir=/usr/lib/squid' '--sysconfdir=/etc/squid' '--localstatedir=/var/spool/squid' '--datadir=/usr/share/squid' '--enable-async-io=24' '--with-aufs-threads=24' '--with-pthreads' '--enable-storeio=aufs' '--enable-linux-netfilter' '--enable-arp-acl' '--enable-epoll' '--enable-removal-policies=heap' '--with-aio' '--with-dl' '--enable-snmp' '--enable-delay-pools' '--enable-htcp' '--enable-cache-digests' '--disable-unlinkd' '--enable-large-cache-files' '--with-large-files' '--with-maxfd=65536' 'i386-debian-linux' 'build_alias=i386-debian-linux' 'host_alias=i386-debian-linux' 'target_alias=i386-debian-linux' 'CFLAGS=-Wall -g -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions' 'CPPFLAGS='

Change Log :add store-stale, ignore-no-store, ignore-must-revalidate

Change Detail :hxxp://www.squid-cache.org/Versions/v2/2.7/changesets/

sudah membaca yang sudah di quote itu ???

Quote:

mv /etc/squid/squid.conf /etc/squid/squid.conf.backupcp config/* /etc/squid/

squid.conf gak harus panjang,squid support include link,

Page 14: script lusca.docx

squid bisa di pecah2 confignya, misal utk delay_pool, utk acl-auth, refresh_pattern dll.

contoh :include /etc/squid/delay.confinclude /etc/squid/acl-auth.confinclude /etc/squid/refresh.conf

dst ..

asal confignya bener, mau seratus baris di pecah2 jadi 5 baris ya gpp

silahkan baca2 manual squid.conf.default

--disable-ident-lookups' ini yang menyebabkan Number of clients accessing cache always zero, setelah re config re compile tanpa option tsbkita bisa liat Number of clients accessing cache <solved>

-disable-ident-lookups menghentikan squid dari melihat ident di setiap koneksi, bisa juga untuk mencegah serangan DOS yang dapat mematikan squid server, yang biasanya dengan cara membuka ribuan koneksi. Dan bukan menyimpan statistik koneksi

client_db on jika diaktifkan maka squid akan menyimpan statistik semua klien, hal ini bisa membebani memori, maka sebaiknya dinonaktifkan. client_db on ngefek kalo di RESTART, bukan di RELOAD

squidclient mgr:client_list

indiferal

##start of confighttp_port 192.168.1.2:3128 transparent# vhost vport=80http_port 127.0.0.1:3128server_http11 onicp_port 0#icp_port 3130

cache_effective_user proxycache_effective_group proxy

visible_hostname cafe-netters.comcache_mgr admin@localhostaccess_log /var/log/squid/access.logcache_log /var/log/squid/cache.log

Page 15: script lusca.docx

cache_store_log nonelogfile_rotate 1shutdown_lifetime 10 seconds

##################################################################### Allow local network(s) on interface(s)# Example rule allowing access from your local networks.# Adapt to list your (internal) IP networks from where browsing# should be allowedacl localnet src 10.0.0.0/8 # RFC1918 possible internal networkacl localnet src 172.16.0.0/12 # RFC1918 possible internal networkacl localnet src 192.168.0.0/16 192.168.3.0/24 # RFC1918 possible internal network####################################################################

uri_whitespace stripdns_nameservers 127.0.0.01 192.168.1.2 125.160.2.162 202.134.1.10 208.67.222.222cache_mem 64 MBmaximum_object_size_in_memory 64 KBmemory_replacement_policy heap GDSFcache_replacement_policy heap LFUDA

cache_dir aufs /cache 62668 64 256mime_table /usr/share/squid/mime.conf

minimum_object_size 512 bytesmaximum_object_size 128000 KBoffline_mode offcache_swap_low 98cache_swap_high 99

# No redirector configured

# Setup some default aclsacl all src 0.0.0.0/0.0.0.0acl localhost src 127.0.0.1/255.255.255.255acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 81 3128 1025-65535acl sslports port 443 563 81acl manager proto cache_objectacl purge method PURGEacl connect method CONNECT

http_access allow manager localhosthttp_access deny managerhttp_access allow purge localhosthttp_access deny purgehttp_access deny !safeportshttp_access deny CONNECT !sslports

# Always allow localhost connections

Page 16: script lusca.docx

http_access allow localhost

# Allow local network(s) on interface(s)http_access allow localnet

# Default block all to be surehttp_access deny all

include /etc/squid/tunning.conf

##end of configacl store_rewrite_list urlpath_regex \/(get_video|videoplayback\?id|videoplayback.*id) \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|mp(4|3)|exe|msi|zip|on2|mar|swf)acl store_rewrite_list_domain url_regex ^http:\/\/([a-zA-Z-]+[0-9-]+)\.[A-Za-z]*\.[A-Za-z]*acl store_rewrite_list_domain url_regex (([a-z]{1,2}[0-9]{1,3})|([0-9]{1,3}[a-z]{1,2}))\.[a-z]*[0-9]?\.[a-z]{3}acl store_rewrite_list_path urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|avc|zip|mp3|3gp|rar|on2|mar|exe)$acl store_rewrite_list_domain_CDN url_regex \.rapidshare\.com.*\/[0-9]*\/.*\/[^\/]* ^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*) \.doubleclick\.net.* yieldmanager cpxinteractive ^http:\/\/[.a-z0-9]*\.photobucket\.com.*\.[a-z]{3}$ quantserve\.com

acl rapidurl url_regex \.rapidshare\.com.*\/[0-9]*\/[0-9]*\/[^\/]*acl video urlpath_regex \.((mpeg|ra?m|avi|mp(g|e|4)|mov|divx|asf|qt|wmv|m\dv|rv|vob|asx|ogm|flv|3gp)(\?.*)?)$ (get_video\?|videoplayback\?|videodownload\?|\.flv(\?.*)?)#acl html url_regex \.((html|htm|php|js|css|aspx)(\?.*)?)$ \.com\/$ \.com$#acl images urlpath_regex \.((jp(e?g|e|2)|gif|png|tiff?|bmp|ico)(\?.*)?)$#acl snmppublic snmp_community publicacl dontrewrite url_regex redbot\.org (get_video|videoplayback\?id|videoplayback.*id).*begin\=acl getmethod method GET

storeurl_access deny dontrewritestoreurl_access deny !getmethodstoreurl_access allow store_rewrite_list_domain_CDNstoreurl_access allow store_rewrite_liststoreurl_access allow store_rewrite_list_domain store_rewrite_list_pathstoreurl_access deny allstoreurl_rewrite_program /etc/squid/storeurl.plstoreurl_rewrite_children 1storeurl_rewrite_concurrency 99

# 1 year = 525600 mins, 1 month = 129600 minsrefresh_pattern imeem.*\.flv 0 0% 0 override-lastmod override-expire store-stale

#adsrefresh_pattern ^.*(utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|

Page 17: script lusca.docx

game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 129600 20% 129600 ignore-no-cache ignore-no-store ignore-private override-expire ignore-reload ignore-auth ignore-must-revalidate store-stale negative-ttl=40320 max-stale=1440#specific sitesrefresh_pattern ^.*safebrowsing.*google

129600 999999% 129600 override-expire ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth ignore-must-revalidate negative-ttl=10080 store-stalerefresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?)

129600 99999999% 129600 override-expire ignore-reload store-stalerefresh_pattern \.(ico|video-stats) 129600 999999% 129600 override-expire ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth override-lastmod ignore-must-revalidate negative-ttl=10080 store-stale

# pictures & imagesrefresh_pattern -i \.(gif|png|jpeg|jpg|bmp|tif|tiff|ico)$ 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth ignore-private store-stale

# websiterefresh_pattern -i \.(xml|html|htm|js|txt|css|php)$ 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth store-stale

#sound, video multimediarefresh_pattern -i \.(flv|x-flv|mov|avi|qt|mpg|mpeg|swf)$ 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache store-stalerefresh_pattern -i \.(wav|mp3|mp4|au|mid)$ 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth ignore-private store-stale

# filesrefresh_pattern -i \.(iso|deb|rpm|zip|tar|tgz|ram|rar|bin|ppt|doc)$ 10080 90% 43200 ignore-no-cache ignore-auth store-stalerefresh_pattern -i \.(zip|gz|arj|lha|lzh)$ 10080 100% 43200 override-expire ignore-no-cache ignore-auth store-stalerefresh_pattern -i \.(rar|tgz|tar|exe|bin)$ 10080 100% 43200 override-expire ignore-no-cache ignore-auth ignore-reload ignore-no-cache store-stalerefresh_pattern -i \.(hqx|pdf|rtf|doc|swf)$ 10080 100% 43200 override-expire ignore-no-cache ignore-auth store-stalerefresh_pattern -i \.(inc|cab|ad|txt|dll)$ 10080 100% 43200 override-expire ignore-no-cache ignore-auth store-stale

# refresh pattern for specific sitesrefresh_pattern ^http://*.21cineplex.*/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-authrefresh_pattern ^http://*.kompas.*/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-authrefresh_pattern ^http://*.blogspot.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth

Page 18: script lusca.docx

refresh_pattern ^http://*.wordpress.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cacherefresh_pattern ^http://*.photobucket.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-authrefresh_pattern ^http://*.tinypic.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-authrefresh_pattern ^http://*.imageshack.us/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-authrefresh_pattern ^http://*.kaskus.*/.* 720 100% 28800 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-authrefresh_pattern ^http://www.kaskus.com/.* 720 100% 28800 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-authrefresh_pattern ^http://*.detik.*/.* 720 50% 2880 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-authrefresh_pattern ^http://*.detiknews.*/*.* 720 50% 2880 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-authrefresh_pattern ^http://*.facebook.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-authrefresh_pattern ^http://*.myspace.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-authrefresh_pattern ^http://*.tagged.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-authrefresh_pattern ^http://*.fbcdn.net/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-authrefresh_pattern ^http://profile.ak.fbcdn.net/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-authrefresh_pattern ^http://*.yahoo.com/.* 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-authrefresh_pattern ^http://*.yahoo.co.id/.* 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-authrefresh_pattern ^http://*.google.com/.* 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-authrefresh_pattern ^http://*.forummikrotik.com/.* 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth

#default optionrefresh_pattern ^ftp: 1440 20% 10080refresh_pattern ^gopher: 1440 0% 1440refresh_pattern . 0 20% 4320 store-stale

# ANTI VIRUSrefresh_pattern guru.avg.com/.*\.(bin)

43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stalerefresh_pattern (avgate|avira).*(idx|gz)$ 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stalerefresh_pattern kaspersky.*\.avc$ 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stalerefresh_pattern kaspersky 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale

Page 19: script lusca.docx

refresh_pattern update.nai.com/.*\.(gem|zip|mcs) 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stalerefresh_pattern ^http:\/\/liveupdate.symantecliveupdate.com.*\(zip) 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale

refresh_pattern windowsupdate.com/.*\.(cab|exe) 43200 999999% 129600 ignore-no-cache ignore-no-store ignore-reload

reload-into-ims store-stalerefresh_pattern update.microsoft.com/.*\.(cab|exe) 43200 999999% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stalerefresh_pattern download.microsoft.com/.*\.(cab|exe) 43200 999999% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale

#IIX DOWNLOADrefresh_pattern ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(mp3|rar|zip|flv|wmv|3gp|mp(4|3)|exe|msi|zip) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale ignore-auth

zph_mode toszph_local 0x30zph_parent 0zph_option 136

acl apache rep_header Server ^Apachebroken_vary_encoding allow apache

global_internal_static offmax_stale 10 yearsretry_on_error onbuffered_logs onread_ahead_gap 32 KB

header_access Accept-Encoding deny allclient_persistent_connections onserver_persistent_connections on half_closed_clients offstrip_query_terms offquick_abort_min 0 KBquick_abort_max 0 KBquick_abort_pct 100vary_ignore_expire onreload_into_ims onpipeline_prefetch on#range_offset_limit 50 KBread_timeout 30 minutesclient_lifetime 6 hoursnegative_ttl 30 secondspositive_dns_ttl 6 hoursnegative_dns_ttl 60 secondspconn_timeout 15 seconds

Page 20: script lusca.docx

request_timeout 1 minutestore_avg_object_size 13 KBlog_icp_queries offipcache_size 16384ipcache_low 98ipcache_high 99log_fqdn offfqdncache_size 16384memory_pools offforwarded_for on

#cachemgr_passwd none infocachemgr_passwd none allclient_db onmax_filedescriptors 8192n_aiops_threads 24#client_socksize 16 MBload_check_stopen onload_check_stcreate ondownload_fastest_client_speed on

UPDATE lapor gan..scripts work like a charm...

ketimbang ketik panjang² svn checkout http bla bla bla... cukup :

Code:

./update-lusca.sh

sh update-lusca.sh 14604

terupdate dah "source" + dah auto configure

Quote:

[Neo@bsdbox ~/lusca-head]$ ls -l

Page 21: script lusca.docx

total 1666drwxr-xr-x 34 Neo Neo 1536 Apr 5 10:41 LUSCA_HEAD-r14534-rw-r--r-- 1 Neo Neo 1673886 Apr 5 10:42 LUSCA_HEAD-r14534.tar.bz2

oya udah ada yg pernah nyoba ini buat malware block di squid...di taro di bagian acl

Code:

http://www.malware.com.br/cgi/submit?action=list_squid

Code:

cd /etc/squid http://squid-proxy-pkg.googlecode.com/files/storeurl-ubuntu.plchmod +x storeurl-ubuntu.pl/etc/init.d/squid restart

di bandingin aja yang lama dengan yang baru hehehe,

dan kalau ngecache map google dan safesearch di google dan bing, bisa diaktifkan dng menambah di storeurl:

Code:

if ($url =~ m@^http://([^\.]*\.)?bing\.[^\/]*/[^?]*\?.*@i) { # Replace any previous safe directives $url =~ s@(adlt=[^&]*&?)@@ig;

# Add safe search directive $url .= '&adlt=strict&cc=au';

} elsif ($url =~ m@^http://([^\.]*\.)?google\.[^\/]*/[^?]*\?.*@i) {

# Replace any previous safe directives $url =~ s@(safe=[^&]*&?)@@ig;

# Add safe search directive $url .= '&safe=active';}

Kemudian untuk caching google map, apa sudah benar kalau kita insert ini di storeurl :

#google mapelsif (m/kh(.*?)\.google\.com(.*?)\/(.*?) /) {

Page 22: script lusca.docx

print "http://keyhole-srv.google.com" . $2 . ".SQUIDINTERNAL/" . $3 . "\n"; # print STDERR "KEYHOLE\n";} elsif (m/mt(.*?)\.google\.com(.*?)\/(.*?) /) { print "http://map-srv.google.com" . $2 . ".SQUIDINTERNAL/" . $3 . "\n"; # print STDERR "MAPSRV\n";}

dan di tunning.conf :Code:

acl store_rewrite_list dstdomain mt.google.com mt0.google.com mt1.google.com mt2.google.comacl store_rewrite_list dstdomain mt3.google.comacl store_rewrite_list dstdomain kh.google.com kh0.google.com kh1.google.com kh2.google.comacl store_rewrite_list dstdomain kh3.google.com khm0.google.com khm1.google.com khm2.google.com khm3.google.comacl store_rewrite_list dstdomain kh.google.com.au kh0.google.com.au kh1.google.com.auacl store_rewrite_list dstdomain kh2.google.com.au khc3.google.com.au

storeurl_access allow store_rewrite_list

Quote:

squid -vSquid Cache: Version 2.7.STABLE9 build by grage95configure options: '--prefix=/usr' '--exec_prefix=/usr' '--bindir=/usr/sbin' '--sbindir=/usr/sbin' '--libexecdir=/usr/lib/squid' '--sysconfdir=/etc/squid' '--localstatedir=/var/spool/squid' '--datadir=/usr/share/squid' '--enable-async-io=24' '--with-aufs-threads=24' '--with-pthreads' '--enable-storeio=aufs' '--enable-linux-netfilter' '--enable-arp-acl' '--enable-epoll' '--enable-removal-policies=heap' '--with-aio' '--with-dl' '--enable-snmp' '--enable-delay-pools' '--enable-htcp' '--enable-cache-digests' '--disable-wccp' '--disable-wccpv2' '--disable-unlinkd' '--enable-large-cache-files' '--enable-linux-tproxy' '--with-large-files' '--with-maxfd=65536' 'amd64-debian-linux' 'build_alias=amd64-debian-linux' 'host_alias=amd64-debian-linux' 'target_alias=amd64-debian-linux' 'CFLAGS=-Wall -g -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions' 'CPPFLAGS='

acl store_rewrite_list url_regex -i \.youtube\.com\/get_video\?acl store_rewrite_list url_regex -i \.youtube\.com\/videoplayback \.youtube\.com\/videoplay \.youtube\.com\/get_video\?acl store_rewrite_list url_regex -i \.youtube\.[a-z][a-z]\/videoplayback \.youtube\.[a-z][a-z]\/videoplay \.youtube\.[a-z][a-z]\/get_video\?

Page 23: script lusca.docx

acl store_rewrite_list url_regex -i \.googlevideo\.com\/videoplayback \.googlevideo\.com\/videoplay \.googlevideo\.com\/get_video\?acl store_rewrite_list url_regex -i \.google\.com\/videoplayback \.google\.com\/videoplay \.google\.com\/get_video\?

acl store_rewrite_list_domain url_regex ^http:\/\/([a-zA-Z-]+[0-9-]+)\.[A-Za-z]*\.[A-Za-z]*acl store_rewrite_list_domain url_regex (([a-z]{1,2}[0-9]{1,3})|([0-9]{1,3}[a-z]{1,2}))\.[a-z]*[0-9]?\.[a-z]{3}acl store_rewrite_list_path urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|avc|zip|mp3|3gp|rar|on2|mar|exe)$acl store_rewrite_list_domain_CDN url_regex \.rapidshare\.com.*\/[0-9]*\/.*\/[^\/]* ^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*) \.doubleclick\.net.* ^htt

acl dontrewrite url_regex redbot\.org \.php (get_video|videoplayback\?id|videoplayback.*id).*begin\=acl getmethod method GET

acl apache rep_header Server ^Apachebroken_vary_encoding allow apache

storeurl_access deny dontrewritestoreurl_access deny !getmethodstoreurl_access allow store_rewrite_list_domain_CDNstoreurl_access allow store_rewrite_liststoreurl_access allow store_rewrite_list_domainstoreurl_access allow store_rewrite_list_pathstoreurl_bypass onstoreurl_access deny all

sh update-lusca.sh 14604

squidclient mgr:flushdns flussh all dnssquidclient mgr:flushfqdn flush memory

kalo fungsi kan dah jelas tuh bro..

- flushdns -> Flush all DNS (IP Cache) entries from memory cache.- flushfqdn -> Flush all FQDN entries from memory cache.

para master squid mau numpang nanya...caranya merubah ini (yang saya garis merah)...Gimana yaa...?

Page 24: script lusca.docx

pengennya saya custom agar user tidak tau kalau kita pake squid

httpd_suppress_version_string on

forwarded_for on/off

but script crond cek servis pid squid, kalo ngadat langsung restart sendiri, dan kalau masih ngadat juga bisa lompat ke command flush iptable/ipfw, jadi inet gak lama2 tewasnya, dan client aman sejahtera langsung direct ke inet

contoh freebsd, utk linux sesuaikan saja di rectorynya Quote:

#!/bin/sh# squidchek

pidpath=/usr/local/squid/logs

if test -r $pidpath/squid.pid; thensquidpid=$(cat $pidpath/squid.pid)if $(kill -CHLD $squidpid >/dev/null 2>&1)thenecho "Squid is running. Exit."exit 0fifiecho "Squid isn't running. So let's run it."

if test -r /usr/local/etc/squid/squid.conf; then

/usr/bin/nice -20 /usr/local/sbin/squid -sYD /dev/null 2>&1exit 0fi# if failecho "Wow! damn squid, kill ipfw !!"/sbin/ipfw -F allfiexit 0

Page 25: script lusca.docx

271981790.563 1 192.168.0.4 TCP_MEM_HIT/200 690 GET http://dnl-14.geo.kaspersky.com/bases/av/kdb/i386/base173.kdc - NONE/- application/octet-stream1271981790.948 357 192.168.0.4 TCP_MISS/404 616 GET http://dnl-14.geo.kaspersky.com/diffs/bases/av/kdb/i386/base333c.kdc.yl9 - DIRECT/81.2.129.4 text/html1271981790.962 1 192.168.0.4 TCP_MEM_HIT/200 21984 GET http://dnl-14.geo.kaspersky.com/bases/av/kdb/i386/base333c.kdc - NONE/- application/octet-stream1271981791.416 357 192.168.0.4 TCP_MISS/404 616 GET http://dnl-14.geo.kaspersky.com/diffs/bases/av/kdb/i386/basec50c.kdc.pkg - DIRECT/81.2.129.4 text/html1271981791.447 1 192.168.0.4 TCP_MEM_HIT/200 25934 GET http://dnl-14.geo.kaspersky.com/bases/av/kdb/i386/basec50c.kdc - NONE/- application/octet-stream1271981791.877 358 192.168.0.4 TCP_MISS/404 616 GET http://dnl-14.geo.kaspersky.com/diffs/bases/av/kdb/i386/basec63c.kdc.ga- - DIRECT/81.2.129.4 text/html1271981791.895 1 192.168.0.4 TCP_MEM_HIT/200 26875 GET http://dnl-14.geo.kaspersky.com/bases/av/kdb/i386/basec63c.kdc - NONE/- application/octet-stream1271981792.306 357 192.168.0.4 TCP_MISS/404 616 GET http://dnl-14.geo.kaspersky.com/diffs/bases/av/kdb/i386/basec74c.kdc.mcs - DIRECT/81.2.129.4 text/html1271981792.324 1 192.168.0.4 TCP_MEM_HIT/200 27309 GET http://dnl-14.geo.kaspersky.com/bases/av/kdb/i386/basec74c.kdc - NONE/- application/octet-stream1271981792.360 1 192.168.0.4 TCP_MEM_HIT/200 26876 GET http://dnl-14.geo.kaspersky.com/bases/av/kdb/i386/basec75c.kdc - NONE/- application/octet-stream1271981792.391 1 192.168.0.4 TCP_MEM_HIT/200 28669 GET http://dnl-14.geo.kaspersky.com/bases/av/kdb/i386/basec76c.kdc - NONE/- application/octet-stream1271981792.423 1 192.168.0.4 TCP_MEM_HIT/200 27269 GET http://dnl-14.geo.kaspersky.com/bases/av/kdb/i386/basec77c.kdc - NONE/- application/octet-stream1271981792.453 1 192.168.0.4 TCP_MEM_HIT/200 25729 GET http://dnl-14.geo.kaspersky.com/bases/av/kdb/i386/basec78c.kdc - NONE/- application/octet-stream1271981792.486 1 192.168.0.4 TCP_MEM_HIT/200 25980 GET http://dnl-14.geo.kaspersky.com/bases/av/kdb/i386/basec79c.kdc - NONE/- application/octet-stream1271981792.516 1 192.168.0.4 TCP_MEM_HIT/200 26145 GET http://dnl-14.geo.kaspersky.com/bases/av/kdb/i386/basec7ac.kdc - NONE/- application/octet-stream1271981792.547 1 192.168.0.4 TCP_MEM_HIT/200 27014 GET http://dnl-14.geo.kaspersky.com/bases/av/kdb/i386/basec7bc.kdc - NONE/- application/octet-stream1271981792.578 1 192.168.0.4 TCP_MEM_HIT/200 26703 GET http://dnl-14.geo.kaspersky.com/bases/av/kdb/i386/basec7cc.kdc - NONE/- application/octet-stream

Page 26: script lusca.docx

1271981792.611 2 192.168.0.4 TCP_MEM_HIT/200 24161 GET http://dnl-14.geo.kaspersky.com/bases/av/kdb/i386/basec7dc.kdc - NONE/- application/octet-stream1271981792.642 2 192.168.0.4 TCP_MEM_HIT/200 26907 GET http://dnl-14.geo.kaspersky.com/bases/av/kdb/i386/basec7ec.kdc - NONE/- application/octet-stream1271981792.672 1 192.168.0.4 TCP_MEM_HIT/200 25314 GET http://dnl-14.geo.kaspersky.com/bases/av/kdb/i386/basec7fc.kdc - NONE/- application/octet-stream1271981792.706 1 192.168.0.4 TCP_MEM_HIT/200 26832 GET http://dnl-14.geo.kaspersky.com/bases/av/kdb/i386/basec80c.kdc - NONE/- application/octet-stream1271981792.735 1 192.168.0.4 TCP_MEM_HIT/200 25675 GET http://dnl-14.geo.kaspersky.com/bases/av/kdb/i386/basec81c.kdc - NONE/- application/octet-stream1271981792.766 1 192.168.0.4 TCP_MEM_HIT/200 21712 GET http://dnl-14.geo.kaspersky.com/bases/av/kdb/i386/basec82c.kdc - NONE/- application/octet-stream1271981792.797 1 192.168.0.4 TCP_MEM_HIT/200 23878 GET http://dnl-14.geo.kaspersky.com/bases/av/kdb/i386/basec83c.kdc - NONE/- application/octet-stream1271981792.828 1 192.168.0.4 TCP_MEM_HIT/200 18263 GET http://dnl-14.geo.kaspersky.com/bases/av/kdb/i386/basec84c.kdc - NONE/- application/octet-stream1271981792.861 1 192.168.0.4 TCP_MEM_HIT/200 27565 GET http://dnl-14.geo.kaspersky.com/bases/av/kdb/i386/basec85c.kdc - NONE/- application/octet-stream1271981792.891 1 192.168.0.4 TCP_MEM_HIT/200 19059 GET http://dnl-14.geo.kaspersky.com/bases/av/kdb/i386/basec86c.kdc - NONE/- application/octet-stream1271981792.924 1 192.168.0.4 TCP_MEM_HIT/200 26945 GET http://dnl-14.geo.kaspersky.com/bases/av/kdb/i386/basec87c.kdc - NONE/- application/octet-stream1271981792.954 2 192.168.0.4 TCP_HIT/200 23023 GET http://dnl-14.geo.kaspersky.com/bases/av/kdb/i386/basec88c.kdc - NONE/- application/octet-stream1271981792.985 2 192.168.0.4 TCP_HIT/200 21698 GET http://dnl-14.geo.kaspersky.com/bases/av/kdb/i386/basec89c.kdc - NONE/- application/octet-stream1271981793.016 2 192.168.0.4 TCP_HIT/200 16767 GET http://dnl-14.geo.kaspersky.com/bases/av/kdb/i386/basec8ac.kdc - NONE/- application/octet-stream1271981793.048 2 192.168.0.4 TCP_HIT/200 23316 GET http://dnl-14.geo.kaspersky.com/bases/av/kdb/i386/basec8bc.kdc - NONE/- application/octet-stream1271981793.079 2 192.168.0.4 TCP_HIT/200 24429 GET http://dnl-14.geo.kaspersky.com/bases/av/kdb/i386/basec8cc.kdc - NONE/- application/octet-stream1271981793.110 2 192.168.0.4 TCP_HIT/200 17310 GET http://dnl-14.geo.kaspersky.com/bases/av/kdb/i386/basec8dc.kdc - NONE/- application/octet-stream1271981793.142 1 192.168.0.4 TCP_MEM_HIT/200 24012 GET http://dnl-14.geo.kaspersky.com/bases/av/kdb/i386/basec8ec.kdc - NONE/- application/octet-stream

Page 27: script lusca.docx

1271981793.173 2 192.168.0.4 TCP_HIT/200 26353 GET http://dnl-14.geo.kaspersky.com/bases/av/kdb/i386/basec8fc.kdc - NONE/- application/octet-stream1271981793.203 1 192.168.0.4 TCP_HIT/200 2754 GET http://dnl-14.geo.kaspersky.com/bases/av/kdb/i386/basec90c.kdc - NONE/- application/octet-stream1271981793.632 357 192.168.0.4 TCP_MISS/404 616 GET http://dnl-14.geo.kaspersky.com/diffs/bases/av/kdb/i386/ca003.kdc.ocu - DIRECT/81.2.129.4 text/html1271981793.650 1 192.168.0.4 TCP_MEM_HIT/200 30435 GET http://dnl-14.geo.kaspersky.com/bases/av/kdb/i386/ca003.kdc - NONE/- application/octet-stream1271981794.038 357 192.168.0.4 TCP_MISS/404 616 GET http://dnl-14.geo.kaspersky.com/diffs/bases/av/kdb/i386/daily-ec.kdc.sw2 - DIRECT/81.2.129.4 text/html1271981794.056 1 192.168.0.4 TCP_MEM_HIT/200 1301 GET http://dnl-14.geo.kaspersky.com/bases/av/kdb/i386/daily-ec.kdc - NONE/- application/octet-stream1271981802.228 358 192.168.0.4 TCP_REFRESH_HIT/200 10490 GET http://dnl-14.geo.kaspersky.com/diffs/bases/aspy/aphish.dat.try - DIRECT/81.2.129.4 application/octet-stream1271981802.994 355 192.168.0.4 TCP_REFRESH_HIT/200 24540 GET http://dnl-14.geo.kaspersky.com/diffs/bases/aspy/aphish.dat.a3i - DIRECT/81.2.129.4 application/octet-stream1271981803.767 357 192.168.0.4 TCP_REFRESH_HIT/200 16203 GET http://dnl-14.geo.kaspersky.com/diffs/bases/aspy/aphish.dat.dgf - DIRECT/81.2.129.4 application/octet-stream1271981804.334 357 192.168.0.4 TCP_MISS/404 616 GET http://dnl-14.geo.kaspersky.com/diffs/bases/as/pas/cfbase-s.gsg.uoe - DIRECT/81.2.129.4 text/html1271981804.708 355 192.168.0.4 TCP_REFRESH_HIT/200 50938 GET http://dnl-14.geo.kaspersky.com/bases/as/pas/cfbase-s.gsg - DIRECT/81.2.129.4 application/octet-stream1271981805.378 534 192.168.0.4 TCP_REFRESH_HIT/200 124002 GET http://dnl-14.geo.kaspersky.com/diffs/bases/as/pas/as.trm.gb5 - DIRECT/81.2.129.4 application/octet-stream1271981806.907 839 192.168.0.4 TCP_REFRESH_HIT/200 115673 GET http://dnl-14.geo.kaspersky.com/diffs/bases/as/pas/as.trm.ktz - DIRECT/81.2.129.4 application/octet-stream1271981807.951 354 192.168.0.4 TCP_MISS/404 616 GET http://dnl-14.geo.kaspersky.com/diffs/bases/av/emu/i386/kjim.kdc.ycm - DIRECT/81.2.129.4 text/html1271981807.969 1 192.168.0.4 TCP_MEM_HIT/200 16627 GET http://dnl-14.geo.kaspersky.com/bases/av/emu/i386/kjim.kdc - NONE/- application/octet-stream1271981808.418 354 192.168.0.4 TCP_REFRESH_HIT/200 18662 GET http://dnl-14.geo.kaspersky.com/diffs/bases/av/emu/i386/klavemu01.kdc.ude - DIRECT/81.2.129.4 application/octet-stream1271981809.427 355 192.168.0.4 TCP_REFRESH_HIT/200 18325 GET http://dnl-14.geo.kaspersky.com/diffs/bases/av/emu/i386/klavemu01.kdc.srx - DIRECT/81.2.129.4 application/octet-stream1271981810.509 355 192.168.0.4 TCP_REFRESH_HIT/200 6428 GET http://dnl-14.geo.kaspersky.com/diffs/bases/av/emu/i386/klavemu01.kdc.u8_ - DIRECT/81.2.129.4 application/octet-stream

Page 28: script lusca.docx

1271981811.446 358 192.168.0.4 TCP_REFRESH_HIT/200 69171 GET http://dnl-14.geo.kaspersky.com/diffs/bases/av/emu/i386/klavemu02.kdc.6ck - DIRECT/81.2.129.4 application/octet-stream1271981812.479 528 192.168.0.4 TCP_REFRESH_HIT/200 71160 GET http://dnl-14.geo.kaspersky.com/diffs/bases/av/emu/i386/klavemu02.kdc.luk - DIRECT/81.2.129.4 application/octet-stream1271981813.643 354 192.168.0.4 TCP_REFRESH_HIT/200 343 GET http://dnl-14.geo.kaspersky.com/diffs/bases/ids/i386/idsbase.kdz.ran - DIRECT/81.2.129.4 application/octet-stream1271981814.304 641 192.168.0.4 TCP_REFRESH_HIT/200 648457 GET http://dnl-14.geo.kaspersky.com/bases/ids/i386/idsbase.kdz - DIRECT/81.2.129.4 application/octet-stream1271981814.783 355 192.168.0.4 TCP_MISS/404 616 GET http://dnl-14.geo.kaspersky.com/diffs/bases/info/news.kln.sw0 - DIRECT/81.2.129.4 text/html1271981815.156 355 192.168.0.4 TCP_REFRESH_HIT/200 7610 GET http://dnl-14.geo.kaspersky.com/bases/info/news.kln - DIRECT/81.2.129.4 application/octet-stream1271981815.724 354 192.168.0.4 TCP_MISS/404 616 GET http://dnl-14.geo.kaspersky.com/diffs/bases/parctl/pc0015.dat.jer - DIRECT/81.2.129.4 text/html1271981816.093 354 192.168.0.4 TCP_REFRESH_HIT/200 1809 GET http://dnl-14.geo.kaspersky.com/bases/parctl/pc0015.dat - DIRECT/81.2.129.4 application/octet-stream1271981816.518 355 192.168.0.4 TCP_MISS/404 616 GET http://dnl-14.geo.kaspersky.com/diffs/bases/pdm/pdmkl.dat.ddb - DIRECT/81.2.129.4 text/html1271981816.888 354 192.168.0.4 TCP_REFRESH_HIT/200 44490 GET http://dnl-14.geo.kaspersky.com/bases/pdm/pdmkl.dat - DIRECT/81.2.129.4 application/octet-stream1271981817.310 355 192.168.0.4 TCP_REFRESH_HIT/200 343 GET http://dnl-14.geo.kaspersky.com/diffs/bases/ssa/tsw.avz.s4i - DIRECT/81.2.129.4 application/octet-stream1271981817.677 354 192.168.0.4 TCP_REFRESH_HIT/200 5831 GET http://dnl-14.geo.kaspersky.com/bases/ssa/tsw.avz - DIRECT/81.2.129.4 application/octet-stream1271981818.268 356 192.168.0.4 TCP_REFRESH_HIT/200 2418 GET http://dnl-14.geo.kaspersky.com/diffs/bases/vlns/vlns000.kdc.p8- - DIRECT/81.2.129.4 application/octet-stream1271981818.699 355 192.168.0.4 TCP_REFRESH_HIT/200 3853 GET http://dnl-14.geo.kaspersky.com/diffs/bases/vlns/vlns000.kdc.orn - DIRECT/81.2.129.4 application/octet-stream1271981819.238 356 192.168.0.4 TCP_REFRESH_HIT/200 2055 GET http://dnl-14.geo.kaspersky.com/diffs/bases/vlns/vlns000.kdc.brx - DIRECT/81.2.129.4 application/octet-stream1271981820.073 709 192.168.0.4 TCP_REFRESH_HIT/200 343 GET http://dnl-14.geo.kaspersky.com/diffs/bases/vlns/vlns001.kdc.jig - DIRECT/81.2.129.4 application/octet-stream1271981820.093 2 192.168.0.4 TCP_HIT/200 33844 GET http://dnl-14.geo.kaspersky.com/bases/vlns/vlns001.kdc - NONE/- application/octet-stream1271981820.515 359 192.168.0.4 TCP_REFRESH_HIT/200 659 GET http://dnl-14.geo.kaspersky.com/diffs/bases/vlns/vlns003.kdc.sq6 - DIRECT/81.2.129.4 application/octet-stream

Page 29: script lusca.docx

1271981820.920 357 192.168.0.4 TCP_REFRESH_HIT/200 1090 GET http://dnl-14.geo.kaspersky.com/diffs/bases/vlns/vlns003.kdc.dvf - DIRECT/81.2.129.4 application/octet-stream1271981821.361 358 192.168.0.4 TCP_REFRESH_HIT/200 1187 GET http://dnl-14.geo.kaspersky.com/diffs/bases/vlns/vlns004.kdc.4r1 - DIRECT/81.2.129.4 application/octet-stream1271981821.827 359 192.168.0.4 TCP_REFRESH_HIT/200 343 GET http://dnl-14.geo.kaspersky.com/diffs/bases/vlns/vlns005.kdc.dvk - DIRECT/81.2.129.4 application/octet-stream

refresh_pattern »

Code:

refresh_pattern kaspersky.*\.kdc$ 5259487 999999% 5259487 ignore-reload store-stalerefresh_pattern kaspersky 1440 50% 161280 ignore-no-cache store-stale

cachemgr_passwd rahasia all

kalau hanya readonly saja dan tidak ingin bisa mengeksekusi shutdown dan melihat config :

cachemgr_passwd none info

Originally Posted by deddychan ngomong2 masalah itu, mau numpang nanya deh.itu cara cek file permisionnya gimana yaa?sebenernya mod standar/baku yang di perlukan untuk instal squid/lusca?? oh ya kalo mo cek package yang terinstall di ubuntu gimana sih? tasksel bukan??

kalo yang ane tau sih tergantung isi dari squid.conf ente bro. cache_effective_user proxycache_effective_group proxy

yaaa jadinya proxy roxyCMIIW.......

cek file permision, attribut dan group wner, paling mudah pake program WINSCPlogin pake user root, tinggal cari file atau foldernya klik kanan, properties... dan set dah...

This image has been resized. Click this bar to view the full image. The original image is sized 1023x575.

Page 30: script lusca.docx

ow ya jgn lupa install dulu vsftpd di linuxnya...

klo cek package yg terinstall

ketik aptitude di terminal linux, dan lihat installed package... CMIIW

yup, patch & mesti di compile ulang..pk svn gitu lebih enak, tinggal masuk ke dir lusca-cache-read-only »

Code:

./bootstrap.sh

source Lusca_Head w/ update terbaru siap di pake..

or pake scripts seperti yg bro siber ksh di hal sebelumnye.. atau

scripts-update

sama aja, tinggal ganti RELVER=$1 dengan release paling baru & WORKDIR aturable aja ..

#!/bin/sh

WORKDIR=/tmp/luscaRELVER=$1

Page 31: script lusca.docx

mkdir -p ${WORKDIR} || exit 1

svn export -r ${RELVER} https://lusca-cache.googlecode.com/svn/branches/LUSCA_HEAD ${WORKDIR}/LUSCA_HEAD-r${RELVER} || exit 1

# rewrite the AC_INIT LUSCA_HEAD entry in configure.incat ${WORKDIR}/LUSCA_HEAD-r${RELVER}/configure.in | sed "s@LUSCA_HEAD@LUSCA_HEAD-r${RELVER}@" > ${WORKDIR}/LUSCA_HEAD-r${RELVER}/configure.in.new || exit 1mv ${WORKDIR}/LUSCA_HEAD-r${RELVER}/configure.in.new ${WORKDIR}/LUSCA_HEAD-r${RELVER}/configure.in || exit 1

# run autoconf/automakecd ${WORKDIR}/LUSCA_HEAD-r${RELVER} || exit 1sh bootstrap.sh || exit 1

# generate tarballcd ${WORKDIR} || exit 1tar cvf LUSCA_HEAD-r${RELVER}.tar LUSCA_HEAD-r${RELVER} || exit 1gzip -9 LUSCA_HEAD-r${RELVER}.tar || exit 1

# done!

hihi.. rinci nya gini (asumsi subversion dah sukses terinstall..)

terus seumpama nih kita lagi berada di directory taroh aja /root yaa.. execute cmd »

Code:

svn checkout http://lusca-cache.googlecode.com/svn/branches/LUSCA_HEAD/ lusca-head

nah ntar semua source update lusca ada di dir /root/lusca-headagar nanti bisa compile dari dir ~/lusca-head kita bangkit kan dolo configure nya »

Code:

cd ~/lusca-head./bootstrap.sh

selesai tahap ini, source udah siap kok utk di compile, kekurangannya di Lusca ente ntar gak ada embel² revisi, kalo mau bisa edit manual di configure.in nya.

#EOF-1#-------$

atau Alternative lainnya pakai cara berikut, agar di belakang Lusca nya ntar ada embel² revisi ..

kalo di freebsd go to directory /usr/local/sbin (kalo di linux /usr/sbin/) « kalo gak salah..

Page 32: script lusca.docx

Code:

touch lusca.shchmod +x lusca.sh

paste scripts berikut :

Code:

#!/bin/sh

WORKDIR=/tmp/luscaRELVER=$1

mkdir -p ${WORKDIR} || exit 1

svn export -r ${RELVER} https://lusca-cache.googlecode.com/svn/branches/LUSCA_HEAD ${WORKDIR}/LUSCA_HEAD-r${RELVER} || exit 1

# rewrite the AC_INIT LUSCA_HEAD entry in configure.incat ${WORKDIR}/LUSCA_HEAD-r${RELVER}/configure.in | sed "s@LUSCA_HEAD@LUSCA_HEAD-r${RELVER}@" > ${WORKDIR}/LUSCA_HEAD-r${RELVER}/configure.in.new || exit 1mv ${WORKDIR}/LUSCA_HEAD-r${RELVER}/configure.in.new ${WORKDIR}/LUSCA_HEAD-r${RELVER}/configure.in || exit 1

# run autoconf/automakecd ${WORKDIR}/LUSCA_HEAD-r${RELVER} || exit 1sh bootstrap.sh || exit 1

# generate tarballcd ${WORKDIR} || exit 1tar cvf LUSCA_HEAD-r${RELVER}.tar LUSCA_HEAD-r${RELVER} || exit 1gzip -9 LUSCA_HEAD-r${RELVER}.tar || exit 1

# done!

dari scripts tsb kita mesti masukin manual revisi terbaru lusca, misal rev. baru r14705, di scripts kita ganti :

Code:

#!/bin/sh

WORKDIR=/tmp/luscaRELVER=14705

mkdir -p ${WORKDIR} || exit 1

svn export -r ${RELVER} https://lusca-cache.googlecode.com/svn/branches/LUSCA_HEAD ${WORKDIR}/LUSCA_HEAD-r${RELVER} || exit 1

Page 33: script lusca.docx

# rewrite the AC_INIT LUSCA_HEAD entry in configure.incat ${WORKDIR}/LUSCA_HEAD-r${RELVER}/configure.in | sed "s@LUSCA_HEAD@LUSCA_HEAD-r${RELVER}@" > ${WORKDIR}/LUSCA_HEAD-r${RELVER}/configure.in.new || exit 1mv ${WORKDIR}/LUSCA_HEAD-r${RELVER}/configure.in.new ${WORKDIR}/LUSCA_HEAD-r${RELVER}/configure.in || exit 1

# run autoconf/automakecd ${WORKDIR}/LUSCA_HEAD-r${RELVER} || exit 1sh bootstrap.sh || exit 1

# generate tarballcd ${WORKDIR} || exit 1tar cvf LUSCA_HEAD-r${RELVER}.tar LUSCA_HEAD-r${RELVER} || exit 1gzip -9 LUSCA_HEAD-r${RELVER}.tar || exit 1

# done!

kalo udah tinggal jalanin command »

Code:

lusca.sh <enter>

check di dir /tmp/lusca seharus na dah ada d sono source yg udah include revisi, dah autoconf, &

sekalian di zip buat arsip

#EOF-2#------$

UPDATEhihi.. rinci nya gini (asumsi subversion dah sukses terinstall..)

terus seumpama nih kita lagi berada di directory taroh aja /root yaa.. execute cmd »

Code:

svn checkout http://lusca-cache.googlecode.com/svn/branches/LUSCA_HEAD/ lusca-head

nah ntar semua source update lusca ada di dir /root/lusca-headagar nanti bisa compile dari dir ~/lusca-head kita bangkit kan dolo configure nya »

Code:

Page 34: script lusca.docx

cd ~/lusca-head./bootstrap.sh

selesai tahap ini, source udah siap kok utk di compile, kekurangannya di Lusca ente ntar gak ada embel² revisi, kalo mau bisa edit manual di configure.in nya.

#EOF-1#-------$

atau Alternative lainnya pakai cara berikut, agar di belakang Lusca nya ntar ada embel² revisi ..

kalo di freebsd go to directory /usr/local/sbin (kalo di linux /usr/sbin/) « kalo gak salah..

touch lusca.shchmod +x lusca.sh

Code:paste scripts berikut :

#!/bin/sh

WORKDIR=/tmp/luscaRELVER=$1

mkdir -p ${WORKDIR} || exit 1

svn export -r ${RELVER} https://lusca-cache.googlecode.com/svn/branches/LUSCA_HEAD ${WORKDIR}/LUSCA_HEAD-r${RELVER} || exit 1

# rewrite the AC_INIT LUSCA_HEAD entry in configure.incat ${WORKDIR}/LUSCA_HEAD-r${RELVER}/configure.in | sed "s@LUSCA_HEAD@LUSCA_HEAD-r${RELVER}@" > ${WORKDIR}/LUSCA_HEAD-r${RELVER}/configure.in.new || exit 1mv ${WORKDIR}/LUSCA_HEAD-r${RELVER}/configure.in.new ${WORKDIR}/LUSCA_HEAD-r${RELVER}/configure.in || exit 1

# run autoconf/automakecd ${WORKDIR}/LUSCA_HEAD-r${RELVER} || exit 1sh bootstrap.sh || exit 1

# generate tarballcd ${WORKDIR} || exit 1tar cvf LUSCA_HEAD-r${RELVER}.tar LUSCA_HEAD-r${RELVER} || exit 1gzip -9 LUSCA_HEAD-r${RELVER}.tar || exit 1

# done!

dari scripts tsb kita mesti masukin manual revisi terbaru lusca, misal rev. baru r14705, di scripts kita ganti :

Page 35: script lusca.docx

#!/bin/sh

WORKDIR=/tmp/luscaRELVER=14705

mkdir -p ${WORKDIR} || exit 1

svn export -r ${RELVER} https://lusca-cache.googlecode.com/svn/branches/LUSCA_HEAD ${WORKDIR}/LUSCA_HEAD-r${RELVER} || exit 1

# rewrite the AC_INIT LUSCA_HEAD entry in configure.incat ${WORKDIR}/LUSCA_HEAD-r${RELVER}/configure.in | sed "s@LUSCA_HEAD@LUSCA_HEAD-r${RELVER}@" > ${WORKDIR}/LUSCA_HEAD-r${RELVER}/configure.in.new || exit 1mv ${WORKDIR}/LUSCA_HEAD-r${RELVER}/configure.in.new ${WORKDIR}/LUSCA_HEAD-r${RELVER}/configure.in || exit 1

# run autoconf/automakecd ${WORKDIR}/LUSCA_HEAD-r${RELVER} || exit 1sh bootstrap.sh || exit 1

# generate tarballcd ${WORKDIR} || exit 1tar cvf LUSCA_HEAD-r${RELVER}.tar LUSCA_HEAD-r${RELVER} || exit 1gzip -9 LUSCA_HEAD-r${RELVER}.tar || exit 1

# done!

kalo udah tinggal jalanin command »

Code:

lusca.sh <enter>

check di dir /tmp/lusca seharus na dah ada d sono source yg udah include revisi, dah autoconf, &

sekalian di zip buat arsip

#EOF-2#------$

TEST RUNNINGQuote:

./bootstrap.sh: 90: aclocal: not foundaclocal failed

Page 36: script lusca.docx

Autotool bootstrapping failed. You will need to investigate and correctbefore you can develop on this source tree

huhuhuuuuu .. muacak tok ... padahal asli ra iso ...

dah proses terakhir trus kek gini, knp ya?

Code:

Exported revision 14707.automake :autoconfg:Bootstrappingbootstrap.sh: 90: aclocal: not foundaclocal failedAutotool bootstrapping failed. You will need to investigate and correctbefore you can develop on this source tree

mudah2an membantu...kayaknya kurang iniQuote:

Install package automake1.9 - aclocal is part of that package.

UPDATEsoko mbahe lusca

hxxp://code.google.com/p/lusca-cache/wiki/AutoTools

lek kate gawe script auto download svn (hxxp://lusca-cache.googlecode.com/svn-history/r14513/branches/releng/freebsd/build-rel),rak usah ganti $1 ambek versi, langsung ae soko command

build-rel xxxx

xxx ganti ambek versi sing pengen di sruputmisale kate nyeruput rasa versi 14705:

tinggak ketik wae :build-rel 14705

lek kate gawe auotobuild & auto install, langsung wae tambahi nang isore script mau :

Page 37: script lusca.docx

Code:

cd ${WORKDIR}/LUSCA_HEAD-r${RELVER} || exit 1./configure --anu-directory-anu --enable-anunya --disable-anu-nya dst ...makemake install/etc/init.d/squid restart || exit 1

jadi sekali command langsung iso ditinggal pokeran wis automatic binaryne ke update

kog gini ya gan ...

root@proxy:~# ./update.shsvn: Syntax error in revision argument 'https://lusca-cache.googlecode.com/svn/branches/LUSCA_HEAD'

syntakxnya salah, yang benar ini Quote:

tinggak ketik wae :build-rel 14705

kalau namanya update.sh

./update.sh 14705

dan di script update.sh harus RELVER=$1jangan di kasih angka misalnya RELVER=1234

thanks bro kweteng tambahan info nya, jd gak perlu repot manual ganti rev di scriptsnya..

soal nama scripts gak jd soal.. as long as ntu scripts berada di directory/usr/local/sbin/ (fbsd) or' /usr/sbin/ (linux), cmd langsung aja..

Code:

update.sh

or apalah sesuai yg dibuat..

selain dir tsb, ya masuk ke dir dimana scripts berada, and pakai ./update.sh untuk execute nya..

satu lagi kelupaan, jgn lupa autoconf & automake dah terinstall yaa di system ente..

Page 38: script lusca.docx

updateupdate-lusca 14635 && rehash && /usr/local/etc/rc.d/squid restart

Linux like free command for FreeBSD

Freecolor is a free replacement that displays free memory graphically as a bargraph. It supports the same options as free. Install freecolor, enter:# cd /usr/ports/sysutils/freecolor# make install clean

To see memory details, enter:$ freecolor -m -o

Sample output:

total used free shared buffers cachedMem: 4082 825 3256 0 0 117Swap: 2048 0 2047

$ freecolor -t -m -o

Sample output:

total used free shared buffers cachedMem: 4082 825 3256 0 0 117Swap: 2048 0 2047Total: 6130 = ( 826 (used) + 5421 (free))

tentang utak atik debug di squid/lusca cache

http://code.google.com/p/lusca-cache/wiki/DebugLevels

kalau pengen gak bissing pake ini aja utk All hehe

debug_options ALL,1 98,1

cuman utk nyari triak error kadang bingung, soalnya errornya gak kelurar messagenya apa

Quote:

Page 39: script lusca.docx

Logging options are set as section,level where each source fileis assigned a unique section. Lower levels result in lessoutput, Full debugging (level 9) can result in a very largelog file, so be careful.

The magic word "ALL" sets debugging levels for all sections.We recommend normally running with "ALL,1".

The rotate=N option can be used to keep more or less of these logsthan would otherwise be kept by logfile_rotate.For most uses a single log should be enough to monitor currentevents affecting Squid

help gan, Number of clients accessing cache: kok = 0

ternyata mas Rh354 yng punya settingan juga, dah masuk forum mikrotik (sory mas,, ane copas g bilang2)

ganti client_db off menjadi on

client_db on

client_db off = menghemat memory, si squid tidak harus mengcounter statistik tiap client

link-DL

http://www.forummikrotik.com/redirect-to/?redirect=http%3A%2F%2Fcode.google.com%2Fp%2Flusca-cache%2Fissues%2Fdetail%3Fid%3D27

taroh file .diff nya di source lusca, and then »

Code:

patch -p0 < nama-patch.diff

kemudian rebuild lagi lusca dari awal :

Page 40: script lusca.docx

Code:

make distclean./configure --option --option..make && make install

ini lagi progress di test gan (r14718)

disable AUFS

Code:

# DISK CACHE OPTIONS# -----------------------------------------------------------------------------$cache_replacement_policy heap LFUDAcache_dir coss /cache01/coss 16384 block-size=2048 max-size=65536#cache_dir aufs /cache02 32768 64 256 min-size=65536

rebuild storage (squid -z)

test site yg belon tercache

Code:

1277771569.169 1249 192.168.0.100 TCP_MISS/200 4854 GET http://www.riakbumi.or.id/ - DIRECT/69.163.138.86 text/html1277771570.619 654 192.168.0.100 TCP_MISS/200 1500 GET http://www.riakbumi.or.id/images/favicon.ico - DIRECT/69.163.138.86 image/x-icon1277771570.641 662 192.168.0.100 TCP_MISS/200 1138 GET http://www.riakbumi.or.id/images/bt_events.jpg - DIRECT/69.163.138.86 image/jpeg1277771570.659 681 192.168.0.100 TCP_MISS/200 1935 GET http://www.riakbumi.or.id/images/bt_friend_DS.jpg - DIRECT/69.163.138.86 image/jpeg1277771570.683 743 192.168.0.100 TCP_MISS/200 5729 GET http://www.riakbumi.or.id/templates/rbv3_front/riakbumi_front.css - DIRECT/69.163.138.86 text/css1277771570.691 717 192.168.0.100 TCP_MISS/200 1495 GET http://www.riakbumi.or.id/images/bt_danau_sentarum.jpg - DIRECT/69.163.138.86 image/jpeg1277771570.735 756 192.168.0.100 TCP_MISS/200 1231 GET http://www.riakbumi.or.id/images/bt_activity.jpg - DIRECT/69.163.138.86 image/jpeg1277771570.968 316 192.168.0.100 TCP_MISS/200 1269 GET http://www.riakbumi.or.id/images/bt_products.jpg - DIRECT/69.163.138.86 image/jpeg

Page 41: script lusca.docx

1277771571.030 333 192.168.0.100 TCP_MISS/200 1511 GET http://www.riakbumi.or.id/images/bt_bekakak.jpg - DIRECT/69.163.138.86 image/jpeg1277771571.109 358 192.168.0.100 TCP_MISS/200 1615 GET http://www.riakbumi.or.id/images/bt_register.jpg - DIRECT/69.163.138.86 image/jpeg1277771571.305 326 192.168.0.100 TCP_MISS/200 1746 GET http://www.riakbumi.or.id/images/bt_profile_riakbumi.jpg - DIRECT/69.163.138.86 image/jpeg

setelah ter-cache

Code:

1277771671.274 2 192.168.0.100 TCP_MEM_HIT/200 5738 GET http://www.riakbumi.or.id/templates/rbv3_front/riakbumi_front.css - NONE/- text/css1277771671.305 2 192.168.0.100 TCP_MEM_HIT/200 19996 GET http://www.riakbumi.or.id/templates/rbv3_front/images/riakbumi-header.jpg - NONE/- image/jpeg1277771671.319 1 192.168.0.100 TCP_MEM_HIT/200 3993 GET http://www.riakbumi.or.id/templates/rbv3_front/images/menu_cover_story.jpg - NONE/- image/jpeg1277771671.405 1 192.168.0.100 TCP_MEM_HIT/200 907 GET http://www.riakbumi.or.id/templates/rbv3_front/images/menu_update.gif - NONE/- image/gif1277771671.540 1 192.168.0.100 TCP_MEM_HIT/200 1624 GET http://www.riakbumi.or.id/images/bt_register.jpg - NONE/- image/jpeg1277771671.784 1 192.168.0.100 TCP_MEM_HIT/200 2931 GET http://www.riakbumi.or.id/images/manual_madu.jpg - NONE/- image/jpeg1277771672.194 1 192.168.0.100 TCP_MEM_HIT/200 2196 GET http://www.riakbumi.or.id/templates/rbv3_front/images/menu_events.jpg - NONE/- image/jpeg1277771672.486 1 192.168.0.100 TCP_MEM_HIT/200 4331 GET http://www.riakbumi.or.id/templates/rbv3_front/images/menu_friendDS.jpg - NONE/- image/jpeg

tinggal tunggu swap ke disk, restart and let's we see.. apakah msh HITkmrn coba kyk gini di r14635 msh HIT

copy/paste to text editor & beri nama async-issue.diff

Code:

--- src/client_side_async_refresh.c 2010-05-20 16:19:09.000000000 +0700+++ src/client_side_async_refresh.c 2010-07-04 10:41:59.000000000 +0700@@ -76,6 +76,8 @@ accessLogLog(&al, ch); aclChecklistFree(ch); storeClientUnregister(async->sc, async->entry, async);

Page 42: script lusca.docx

+ storeUnlockObject(async->entry->mem_obj->old_entry);+ async->entry->mem_obj->old_entry = NULL; storeUnlockObject(async->entry); storeUnlockObject(async->old_entry); requestUnlink(async->request);@@ -129,6 +131,8 @@ async->entry = storeCreateEntry(url, request->flags, request->method);+ if (request->store_url)+ storeEntrySetStoreUrl(async->entry, request->store_url); async->entry->mem_obj->old_entry = async->old_entry; storeLockObject(async->entry->mem_obj->old_entry); async->sc = storeClientRegister(async->entry, async);

copy/paste to text editor & beri nama improve-nn-parser.diff

Code:

--- lib/rfc1738.c 2009-11-05 11:56:18.000000000 +0700+++ lib/rfc1738.c 2010-07-04 11:09:32.000000000 +0700@@ -204,30 +204,39 @@ * rfc1738_unescape() - Converts escaped characters (%xy numbers) in * given the string. %% is a %. %ab is the 8-bit hexadecimal number "ab" */+static inline int+fromhex(char ch)+{+ if (ch >= '0' && ch <= '9')+ return ch - '0';+ if (ch >= 'a' && ch <= 'f')+ return ch - 'a' + 10;+ if (ch >= 'A' && ch <= 'F')+ return ch - 'A' + 10;+ return -1;+}+ void-rfc1738_unescape(char *s)+rfc1738_unescape(char *s_) {- char hexnum[3];+ unsigned char *s = (unsigned char *) s_; int i, j; /* i is write, j is read */- unsigned int x; for (i = j = 0; s[j]; i++, j++) { s[i] = s[j];- if (s[i] != '%')- continue;- if (s[j + 1] == '%') { /* %% case */- j++;- continue;- }- if (s[j + 1] && s[j + 2]) {

Page 43: script lusca.docx

- if (s[j + 1] == '0' && s[j + 2] == '0') { /* %00 case */- j += 2;- continue;- }- hexnum[0] = s[j + 1];- hexnum[1] = s[j + 2];- hexnum[2] = '\0';- if (1 == sscanf(hexnum, "%x", &x)) {- s[i] = (char) (0x0ff & x);+ if (s[j] != '%') {+ /* normal case, nothing more to do */+ } else if (s[j + 1] == '%') { /* %% case */+ j++; /* Skip % */+ } else {+ /* decode */+ char v1, v2;+ int x;+ v1 = fromhex(s[j + 1]);+ v2 = fromhex(s[j + 2]);+ /* fromhex returns -1 on error which brings this out of range (|, not +) */+ x = v1 << 4 | v2;+ if (x > 0 && x <= 255) {+ s[i] = x; j += 2; } }

apply @lusca-r14718

conf COSS as a single file :

Code:

cache_dir coss /cache01/coss 16384 block-size=2048 max-size=65536cache_dir aufs /cache02 32768 64 256 min-size=65536cache_swap_log /var/spool/squid/%s

--enable-dependency-tracking do not reject slow dependency extractors --enable-dlmalloc=LIB Compile & use the malloc package by Doug Lea --enable-gnuregex Compile GNUregex. Unless you have reason to use this option, you should not enable it. This library file is usually only required on Windows and very old Unix boxes which do not have their own regex library built in.

Page 44: script lusca.docx

--enable-mempool-debug Include MemPool debug verifications --enable-xmalloc-statistics Show malloc statistics in status page --enable-async-io=N_THREADS Shorthand for --with-aufs-threads=N_THREADS --enable-storeio=aufs --enable-storeio="list of modules" Build support for the list of store I/O modules. The default is only to build the "ufs" module. See src/fs for a list of available modules, or Programmers Guide section <not yet written> for details on how to build your custom store module --enable-heap-replacement Backwards compatibility option. Please use the new --enable-removal-policies directive instead. --enable-removal-policies="list of policies" Build support for the list of removal policies. The default is only to build the "lru" module. See src/repl for a list of available modules, or Programmers Guide section 9.9 for details on how to build your custom policy --enable-icmp Enable ICMP pinging --enable-delay-pools Enable delay pools to limit bandwidth usage --enable-useragent-log Enable logging of User-Agent header --enable-referer-log Enable logging of Referer header --disable-wccp Disable Web Cache Coordination V1 Protocol --disable-wccpv2 Disable Web Cache Coordination V2 Protocol --enable-kill-parent-hack Kill parent on shutdown --enable-forward-log Enable experimental forward_log directive --enable-multicast-miss Enable experimental multicast notification of cachemisses --enable-snmp Enable SNMP monitoring --enable-cachemgr-hostname=hostname Make cachemgr.cgi default to this host --enable-arp-acl Enable use of ARP ACL lists (ether address) --enable-htcp Enable HTCP protocol --enable-ssl Enable ssl gatewaying support using OpenSSL --enable-forw-via-db Enable Forw/Via database --enable-cache-digests Use Cache Digests see http://www.squid-cache.org/FAQ/FAQ-16.html --enable-default-err-language=lang Select default language for Error pages (see errors directory) --enable-err-languages=\"lang1 lang2..\" Select languages to be installed. (All will be installed by default) --enable-select Force the use of select support. Normally configure automatically selects a better alternative if available. --disable-select Disable select support, causing configure to fail if a better alternative is not available --enable-select-simple Force the use of select support (POSIX). Useful if your system only supports the bare minium

Page 45: script lusca.docx

POSIX select requirements without fds_bits. --enable-poll Force the use of poll even if automatic checks indicate poll may be broken on your plaform. --disable-poll Disable the use of poll. --enable-epoll Force the use of epoll even if automatic checks indicate epoll may not be supported. --disable-epoll Disable the use of epoll. --enable-kqueue Force the use of kqueue even if automatic checks indicate kqueue may not be supported. --disable-kqueue Disable kqueue support. --enable-devpoll Use Solaris /dev/poll instead of poll --enable-eventports Use Solaris event ports instead of poll --disable-http-violations This allows you to remove code which is known to violate the HTTP protocol specification. --enable-ipf-transparent Enable Transparent Proxy support for systems using IP-Filter network address redirection. --enable-pf-transparent Enable Transparent Proxy support for systems using PF network address redirection. --enable-linux-netfilter Enable Transparent Proxy support for Linux 2.4 and later --enable-large-cache-files Enable support for large cache files (>2GB). WARNING: on-disk cache format is changed by this option --enable-linux-tproxy Enable real Transparent Proxy support for Netfilter TPROXY v2. --enable-linux-tproxy4 Enable real Transparent Proxy support for Netfilter TPROXY v4. --enable-freebsd-tproxy Enable IP source-address spoofing with FreeBSD. --enable-leakfinder Enable Leak Finding code. Enabling this alone does nothing; you also have to modify the source code to use the leak finding functions. Probably Useful for hackers only. --disable-ident-lookups This allows you to remove code that performs Ident (RFC 931) lookups. --enable-truncate This uses truncate() instead of unlink() when removing cache files. Truncate gives a little performance improvement, but may cause problems when used with async I/O. Truncate uses more filesystem inodes than unlink.. --enable-default-hostsfile=path Select default location for hosts file. See hosts_file directive in squid.conf for details --enable-win32-service Compile Squid as a WIN32 Service Works only on Windows NT and Windows 2000 Platforms. --enable-auth="list of auth scheme modules"

Page 46: script lusca.docx

Build support for the list of authentication schemes. The default is to build support for the Basic scheme. See src/auth for a list of available modules, or Programmers Guide section authentication schemes for details on how to build your custom auth scheme module --enable-basic-auth-helpers="list of helpers" This option selects which basic scheme proxy_auth helpers to build and install as part of the normal build process. For a list of available helpers see the helpers/basic_auth directory. --enable-ntlm-auth-helpers="list of helpers" This option selects which proxy_auth ntlm helpers to build and install as part of the normal build process. For a list of available helpers see the helpers/ntlm_auth directory. --enable-digest-auth-helpers="list of helpers" This option selects which digest scheme proxy_auth helpers to build and install as part of the normal build process. For a list of available helpers see the helpers/digest_auth directory. --enable-negotiate-auth-helpers="list of helpers" This option selects which negotiate scheme authentication helpers to build and install as part of the normal build process. For a list of available helpers see the helpers/negotiate_auth directory. --enable-ntlm-fail-open Enable NTLM fail open, where a helper that fails one of the Authentication steps can allow squid to still authenticate the user. --enable-external-acl-helpers="list of helpers" This option selects which external_acl helpers to build and install as part of the normal build process. For a list of available helpers see the helpers/external_acl directory. --disable-unlinkd Do not use unlinkd --enable-stacktraces Enable automatic call backtrace on fatal errors --enable-x-accelerator-vary Enable support for the X-Accelerator-Vary HTTP header. Can be used to indicate variance within an accelerator setup. Typically used together with other code that adds custom HTTP headers to the requests. --enable-follow-x-forwarded-for Enable support for following the X-Forwarded-For HTTP header to try to find the IP address of the original or indirect client when a request has been forwarded through other proxies.

Page 47: script lusca.docx

--disable-caps disable usage of Linux capabilities library to control privileges

Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-valgrind-debug Include debug instrumentation for use with valgrind --with-aufs-threads=N_THREADS Tune the number of worker threads for the aufs object store. --with-pthreads Use POSIX Threads --with-aio Use POSIX AIO --with-dl Use dynamic linking --without-system-md5 Disable the use of any system provided MD5 Implementation forcing fallback on the internal implementation shipped with Squid --with-openssl=prefix Compile with the OpenSSL libraries. The path to the OpenSSL development libraries and headers installation can be specified if outside of the system standard directories --with-coss-membuf-size COSS membuf size (default 1048576 bytes) --with-large-files Enable support for large files (logs etc). --with-build-environment=model The build environment to use. Normally one of POSIX_V6_ILP32_OFF32 32 bits POSIX_V6_ILP32_OFFBIG 32 bits with large file support POSIX_V6_LP64_OFF64 64 bits POSIX_V6_LPBIG_OFFBIG large pointers and files XBS5_ILP32_OFF32 32 bits (legacy) XBS5_ILP32_OFFBIG 32 bits with large file support (legacy) XBS5_LP64_OFF64 64 bits (legacy) XBS5_LPBIG_OFFBIG large pointers and files (legacy) default The default for your OS --with-maxfd=N Override maximum number of filedescriptors. Useful if you build as another user who is not privileged to use the number of filedescriptors you want the resulting binary to support

Some influential environment variables: CC C compiler command CFLAGS C compiler flags LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a nonstandard directory <lib dir> LIBS libraries to pass to the linker, e.g. -l<library> CPPFLAGS C/C++/Objective C preprocessor flags, e.g. -I<include dir> if you have headers in a nonstandard directory <include dir> CPP C preprocessor

Use these variables to override the choices made by `configure' or to helpit to find libraries and programs with nonstandard names/locations.

Page 48: script lusca.docx

CHOST="i386-debian-linux" \CFLAGS="-Wall -g -O2" \./configure --prefix=/usr --exec_prefix=/usr --bindir=/usr/sbin --sbindir=/usr/sbin --libexecdir=/usr/lib/squid --sysconfdir=/etc/squid --localstatedir=/var/spool/squid --datadir=/usr/share/squid --enable-async-io --with-pthreads --enable-storeio=aufs,coss --enable-arp-acl --enable-epoll --with-coss-membuf-size=33554432 --disable-auth --disable-unlinkd --with-aio --with-dl --enable-removal-policies=heap --enable-snmp --enable-delay-pools --enable-htcp --disable-ident-lookups --disable-wccp --disable-wccpv2 --disable-select --enable-err-languages=English --enable-default-err-language=English --with-large-files --enable-linux-netfilter --enable-large-cache-files

speisifik set CFLAGS disini : http://en.gentoo-wiki.com/wiki/Safe_Cflags/Intelhttp://en.gentoo-wiki.com/wiki/Safe_Cflags/AMD