Scribd
Upload
123 views25 pages

Implementasi Squid 3.5.27 Centos 7

Uploaded by

agooze_ly4425

This document provides instructions for installing and configuring Squid Proxy Server on CentOS 7. It discusses installing Squid from source code or RPM packages, configuring the network and firewall settings, managing the Squid service, and monitoring Squid using LightSquid. Key steps include disabling SELinux, compiling GCC and dependencies for building from source, installing Squid RPMs, configuring IPTables rules, and setting up LightSquid to periodically parse Squid logs and display statistics.

Copyright:

© All Rights Reserved

Implementasi Squid 3.5.27 Centos 7

Uploaded by

agooze_ly4425
123 views25 pages
This document provides instructions for installing and configuring Squid Proxy Server on CentOS 7. It discusses installing Squid from source code or RPM packages, configuring the network and firewall settings, managing the Squid service, and monitoring Squid using LightSquid. Key steps include disabling SELinux, compiling GCC and dependencies for building from source, installing Squid RPMs, configuring IPTables rules, and setting up LightSquid to periodically parse Squid logs and display statistics.

Original Description:

setup proxy server with squid in centos 7, squid with SSL

Original Title

implementasi squid 3.5.27 centos 7

Copyright

© © All Rights Reserved

Did you find this document useful?

Is this content inappropriate?

This document provides instructions for installing and configuring Squid Proxy Server on CentOS 7. It discusses installing Squid from source code or RPM packages, configuring the network and firewall settings, managing the Squid service, and monitoring Squid using LightSquid. Key steps include disabling SELinux, compiling GCC and dependencies for building from source, installing Squid RPMs, configuring IPTables rules, and setting up LightSquid to periodically parse Squid logs and display statistics.

Copyright:

© All Rights Reserved
123 views25 pages

Implementasi Squid 3.5.27 Centos 7

Uploaded by

agooze_ly4425
This document provides instructions for installing and configuring Squid Proxy Server on CentOS 7. It discusses installing Squid from source code or RPM packages, configuring the network and firewall settings, managing the Squid service, and monitoring Squid using LightSquid. Key steps include disabling SELinux, compiling GCC and dependencies for building from source, installing Squid RPMs, configuring IPTables rules, and setting up LightSquid to periodically parse Squid logs and display statistics.

Copyright:

© All Rights Reserved
You are on page 1/ 25

Squid Proxy Server Di Centos 7 & RHEL 6.

Instalasi Squid 3.5.27 Proxy Server Dari Source Code


1. Setting Hostname, SE Linux & IP Address
vim /etc/hostname ---> cent7-squid

vim /etc/sysconfig/selinux ---> SELINUX=disabled

cp /etc/sysconfig/network-scripts/ifcfg-lo /etc/sysconfig/network-scripts/ifcfg-eth0

vim /etc/sysconfig/network-scripts/ifcfg-eth0

HWADDR=00:0c:29:e0:32:d4

DEVICE=eth0

BOOTPROTO=none

IPADDR=192.168.93.50

NETMASK=255.255.255.0

NETWORK=192.168.93.0

GATEWAY=192.168.93.2

DNS1=8.8.8.8

DNS2=8.8.4.4

BROADCAST=192.168.93.255

ONBOOT=yes

NAME=eth0

vim /etc/sysconfig/network-scripts/ifcfg-eth1

HWADDR=00:0c:29:e0:32:de

DEVICE=eth1

BOOTPROTO=none
IPADDR=192.168.1.1

NETMASK=255.255.255.0

NETWORK=192.168.1.0

BROADCAST=192.168.1.255

ONBOOT=yes

NAME=eth1

1A. Manajemen service network


systemctl status network

systemctl start network

systemctl stop network

systemctl restart network

chkconfig network on

1B. Instalasi Kompiler GCC & C++ Untuk Centos 7.1.1503


rpm -Uvh glibc-2.17-196.el7.x86_64.rpm glibc-common-2.17-196.el7.x86_64.rpm

rpm -Uvh libgcc-4.8.5-16.el7.x86_64.rpm libgomp-4.8.5-16.el7.x86_64.rpm

rpm -ivh cpp-4.8.5-16.el7.x86_64.rpm gcc-4.8.5-16.el7.x86_64.rpm glibc-devel-2.17-196.el7.x86_64.rpm


glibc-headers-2.17-196.el7.x86_64.rpm kernel-headers-3.10.0-693.el7.x86_64.rpm libmpc-1.0.1-
3.el7.x86_64.rpm

rpm -Uvh libtool-ltdl-2.4.2-22.el7_3.x86_64.rpm

rpm -ivh perl-Data-Dumper-2.145-3.el7.x86_64.rpm perl-Test-Harness-3.28-3.el7.noarch.rpm perl-


Thread-Queue-3.02-2.el7.noarch.rpm m4-1.4.16-10.el7.x86_64.rpm

rpm -ivh autoconf-2.69-11.el7.noarch.rpm automake-1.13.4-3.el7.noarch.rpm libtool-2.4.2-


22.el7_3.x86_64.rpm

rpm -Uvh libstdc++-4.8.5-16.el7.x86_64.rpm libstdc++-devel-4.8.5-16.el7.x86_64.rpm

rpm -ivh gcc-c++-4.8.5-16.el7.x86_64.rpm

1C. Instalasi Kompiler GCC & C++ Untuk Centos 7.4.1708


rpm -ivh kernel-headers-3.10.0-693.el7.x86_64.rpm glibc-devel-2.17-196.el7.x86_64.rpm glibc-headers-
2.17-196.el7.x86_64.rpm libmpc-1.0.1-3.el7.x86_64.rpm cpp-4.8.5-16.el7.x86_64.rpm gcc-4.8.5-
16.el7.x86_64.rpm

rpm -ivh libstdc++-devel-4.8.5-16.el7.x86_64.rpm gcc-c++-4.8.5-16.el7.x86_64.rpm

rpm -ivh libtool-2.4.2-22.el7_3.x86_64.rpm automake-1.13.4-3.el7.noarch.rpm autoconf-2.69-


11.el7.noarch.rpm m4-1.4.16-10.el7.x86_64.rpm perl-Data-Dumper-2.145-3.el7.x86_64.rpm perl-Test-
Harness-3.28-3.el7.noarch.rpm perl-Thread-Queue-3.02-2.el7.noarch.rpm

1D. Instalasi Squid 3.5.27


./configure --prefix=/usr/local/squid (instalasi tanpa fitur SSL)

./configure --prefix=/usr/local/squid --enable-ssl --enable-ssl-crtd --with-openssl (instalasi dengan fitur


SSL, install modul development openssl-devel sudah harus ada, instal dengan yum install openssl-devel)

make all

make install

1E. File Startup Squid (/etc/rc.d/init.d/squid3.5)


#!/bin/bash

# squid3527 This shell script takes care of starting and stopping

# Squid daemons.

# chkconfig: - 58 74

# description: Squid Proxy Server

### BEGIN INIT INFO

# Provides: squid3.5

# Required-Start: $network $local_fs $remote_fs

# Required-Stop: $network $local_fs $remote_fs

# Should-Start: $syslog $named

# Should-Stop: $syslog $named


# Short-Description: start and stop samba-ad-dc

# Description: Squid Proxy Server

### END INIT INFO

# Source function library.

. /etc/init.d/functions

# Source networking configuration.

. /etc/sysconfig/network

prog=squid

prog_dir=/usr/local/squid/sbin/

lockfile=/var/lock/subsys/$prog

start() {

[ "$NETWORKING" = "no" ] && exit 1

echo -n $"Starting Squid-3.5: "

daemon $prog_dir/$prog -D

RETVAL=$?

echo

[ $RETVAL -eq 0 ] && touch $lockfile

return $RETVAL

stop() {

[ "$EUID" != "0" ] && exit 4

echo -n $"Shutting down Squid-3527: "

killproc $prog_dir/$prog

RETVAL=$?

echo
[ $RETVAL -eq 0 ] && rm -f $lockfile

return $RETVAL

case "$1" in

start)

start

;;

stop)

stop

;;

status)

status $prog

;;

restart)

stop

start

;;

*)

echo $"Usage: $0 {start|stop|status|restart}"

exit 2

esac

1F. Konfigurasi Post Installation


chmod ugo+x /etc/rc.d/init.d/squid3.5 ---> untuk Linux Centos 7.1.1503

sed -i -e 's/\r//g' /etc/init.d/squid3.5 ---> untuk Linux Centos 7.4.1708

touch /usr/local/squid/var/logs/cache.log
touch /usr/local/squid/var/logs/access.log

chown squid:squid /usr/local/squid/var/logs/*

chmod 666 /usr/local/squid/var/logs/*

tail -f /usr/local/squid/var/logs/access.log ---> untuk melihat website2 yang dibuka

1G. Manajemen Daemon Squid


 service squid3.5 status

 service squid3.5 stop

 service squid3.5 start

 service squid3.5 restart

 chkconfig squid3.5 on

1H. Menggunakan systemctl


 systemctl status squid3.5

 systemctl stop squid3.5

 systemctl start squid3.5

 systemctl restart squid3.5 atau systemctl reload squid3.5

 systemctl enable squid3.5

 systemctl disable squid3.5

2. Routing
vim /etc/sysctl.conf --> tulis net.ipv4.ip_forward = 1

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

2A. Firewall
systemctl stop firewalld

systemctl disable firewalld

Hapus firewalld (Linux Centos 7.1.1503 & Linux Centos 7.4.1708) : rpm -e firewalld anaconda-core
anaconda-tui anaconda-gui anaconda firewall-config initial-setup initial-setup-gui
rpm -Uvh iptables-1.4.21-18.0.1.el7.centos.x86_64.rpm

rpm -ivh iptables-services-1.4.21-18.0.1.el7.centos.x86_64.rpm

Tulis rule firewall di bawah ini :

service iptables save

systemctl restart iptables

Referensi :

https://confluence.atlassian.com/kb/starting-service-on-linux-throws-a-no-such-file-or-directory-error-
794203722.html

3. Instal Squid Di Centos 7.4.1708 Dengan RPM


rpm -ivh libecap-1.0.0-1.el7.x86_64.rpm perl-Compress-Raw-Bzip2-2.061-3.el7.x86_64.rpm perl-
Compress-Raw-Zlib-2.061-4.el7.x86_64.rpm perl-DBI-1.627-4.el7.x86_64.rpm perl-Digest-1.17-
245.el7.noarch.rpm perl-Digest-MD5-2.52-3.el7.x86_64.rpm perl-IO-Compress-2.061-2.el7.noarch.rpm
perl-Net-Daemon-0.48-5.el7.noarch.rpm perl-PlRPC-0.2020-14.el7.noarch.rpm squid-migration-script-
3.5.20-10.el7.x86_64.rpm squid-3.5.20-10.el7.x86_64.rpm

3A. Instal Squid Di Centos 7.1.1503 Dengan RPM


rpm -ivh libecap-1.0.0-1.el7.x86_64.rpm perl-Compress-Raw-Bzip2-2.061-3.el7.x86_64.rpm perl-
Compress-Raw-Zlib-2.061-4.el7.x86_64.rpm perl-Data-Dumper-2.145-3.el7.x86_64.rpm perl-DBI-1.627-
4.el7.x86_64.rpm perl-Digest-1.17-245.el7.noarch.rpm perl-Digest-MD5-2.52-3.el7.x86_64.rpm perl-IO-
Compress-2.061-2.el7.noarch.rpm perl-Net-Daemon-0.48-5.el7.noarch.rpm perl-PlRPC-0.2020-
14.el7.noarch.rpm squid-migration-script-3.5.20-10.el7.x86_64.rpm squid-3.5.20-10.el7.x86_64.rpm

touch /var/log/squid/cache.log

touch /var/log/squid/access.log

chown -R squid:squid /var/log/squid/*


chmod go+w /var/log/squid/*

3B. Manajemen Service Squid


systemctl status squid

systemctl start squid

systemctl restart squid

systemctl stop squid

systemctl enable squid

systemctl disable squid

3C. Rule IPTables (/etc/sysconfig/iptables)


-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128

-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.1:3128

iptables-save

4. LightSquid (Proxy Server Monitoring)


4A. Instal Apache Web Server
rpm -ivh apr-1.4.8-3.el7.x86_64.rpm apr-util-1.5.2-6.el7.x86_64.rpm httpd-2.4.6-
67.el7.centos.x86_64.rpm httpd-tools-2.4.6-67.el7.centos.x86_64.rpm mailcap-2.1.41-2.el7.noarch.rpm

4A1. Manajemen Service Web Server


systemctl start httpd

systemctl restart httpd

systemctl stop httpd

systemctl status httpd

systemctl enable httpd

systemctl disable httpd

4B. Instal LightSquid


cp -R /home/user1/Documents/lightsquid-1.8 /var/www/html/lightsquid
chmod +x /var/www/lightsquid/*.cgi

chmod +x /var/www/lightsquid/*.pl

chown -R apache:apache /var/www/lightsquid/*

4B1. Konfigurasi Firewall Untuk LightSquid. Buka port 80 di tabel *filter :


-A INPUT -s 192.168.1.0/24 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

4C. Konfigurasi Web Server Untuk LightSquid


Edit file /etc/httpd/conf/httpd.conf tambahkan di baris paling bawah

<Directory "/var/www/html/lightsquid">

AddHandler cgi-script .cgi

AllowOverride All

</Directory>

Edit file /var/www/html/lightsquid/lightsquid.cfg

$logpath ="/var/log/squid"; ganti jadi $logpath ="/usr/local/squid/var/logs";

4C1. Troubleshooting 1
Kalo ada error sewaktu menjalankan /var/www/html/lightsquid/check-setup.pl :

no: CGI.PM found, please install

Solusinya instal : rpm -ivh perl-CGI-3.63-4.el7.noarch.rpm perl-FCGI-0.74-8.el7.x86_64.rpm

4C2. Troubleshooting 2
Kalo ada error sewaktu menjalankan /var/www/html/lightsquid/check-setup.pl :

no: GD.PM found, please install

Solusinya install : rpm -ivh perl-GD-2.49-3.el7.x86_64.rpm

4C3. Menjalankan LightSquid


Jalankan /var/www/html/lightsquid/check-setup.pl pastikan hasilnya sukses :
Tulis : http://<ip-address>/lightsquid. Kalo ada tampilan gambar di bawah ini :

Jalankan LightParser : /var/www/html/lightsquid/lightparser.pl


5. Konfigurasi Otomasi Proses. Ketik crontab -e lalu tulis :
*/10 * * * * /var/www/html/lightsquid/lightparser.pl today

10 : menyatakan menit

bintang kedua : menyatakan jam

bintang ketiga : menyatakan tanggal

bintang keempat : menyatakan bulan

bintang kelima : menyatakan hari dalam 1 minggu

Dengan konfigurasi Cron Jobs tsb LightSquid akan melakukan refresh halaman web setiap 10 menit

5A. Manajemen Service Cron Jobs


systemctl status crond

systemctl start crond

systemctl stop crond

systemctl restart crond


systemctl enable crond

systemctl disable crond

6. Konfigurasi Squid 3.1.10 RHEL 6.5 Untuk HTTP & HTTPS


Instalasi : yum install squid

Konfigurasi /etc/squid/squid.conf

# Recommended minimum configuration:

# Example rule allowing access from your local networks.

# Adapt to list your (internal) IP networks from where browsing

# should be allowed

acl localnet src 10.0.0.0/8 # RFC1918 possible internal network

acl localnet src 172.16.0.0/12 # RFC1918 possible internal network

acl localnet src 192.168.0.0/16 # RFC1918 possible internal network

acl localnet src fc00::/7 # RFC 4193 local private network range

acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines

acl localhost src 127.0.0.1

acl SSL_ports port 443

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 # https

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt


acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT

# Recommended minimum Access Permission configuration:

# Deny requests to certain unsafe ports

http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports

http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost

http_access allow localhost

# We strongly recommend the following be uncommented to protect innocent

# web applications running on the proxy server who think the only

# one who can access services on "localhost" is a local user

#http_access deny to_localhost

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

acl tes_blokir1 dstdomain .sarana118.com .promo4d.com

http_access deny tes_blokir1

# acl tes_blokir2 url_regex "/usr/local/squid/etc/blokir.txt"

# http_access deny tes_blokir2

# ACL untuk HTTPS --------------------------- start


acl blokir_medsos dstdomain .facebook.com .twitter.com .instagram.com

http_access deny CONNECT blokir_medsos

http_reply_access deny blokir_medsos

# ACL untuk HTTPS --------------------------- end

# Example rule allowing access from your local networks.

# Adapt localnet in the ACL section to list your (internal) IP networks

# from where browsing should be allowed

http_access allow localnet

http_access allow localhost

# And finally deny all other access to this proxy

http_access deny all

# Squid normally listens to port 3128

http_port 3128 intercept

# tambahan untuk SSL ------ start

https_port 3129 intercept ssl-bump cert=/etc/squid/ssl/myca.pem key=/etc/squid/ssl/myca.pem

sslproxy_client_certificate /etc/squid/ssl/myca.pem

sslproxy_client_key /etc/squid/ssl/myca.pem

sslproxy_version 3

sslproxy_capath /etc/squid/ssl/

sslproxy_cafile /etc/squid/ssl/myca.pem

sslproxy_flags NO_DEFAULT_CA

#always_direct allow all

ssl_bump server-first all

#sslproxy_cert_error deny all

#sslproxy_flags DONT_VERIFY_PEER
# tambahan untuk SSL ------end

# Uncomment and adjust the following to add a disk cache directory.

#cache_dir ufs /usr/local/squid/var/cache/squid 100 16 256

# Leave coredumps in the first cache dir

coredump_dir /usr/local/squid/var/cache/squid

# Add any of your own refresh_pattern entries above these.

refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern -i (/cgi-bin/|\?) 0 0% 0

refresh_pattern . 0 20% 4320

visible_hostname "server1"

Pengujian

Pemblokiran website HTTP


Pemblokiran website HTTPS

7. Konfigurasi Squid 3.5.27 (RHEL 6.5 & Centos 7) Untuk HTTP & HTTPS
Instalasinya : modul openssl-devel sudah harus ada supaya proses kompilasi tidak ada error

./configure --enable-icap-client --enable-ssl --enable-ssl-crtd --with-openssl

make

make install

Buat folder untuk menyimpan sertifikat : mkdir /usr/local/squid/ssl

Membuat sertifikat SSL untuk sisi server : openssl req -new -newkey rsa:1024 -days 365 -nodes -x509
-keyout server1.pem -out server1.pem

Membuat sertifikat SSL untuk sisi client : openssl x509 -in server1.pem -outform DER -out server1.der

Konfigurasi Squid di /usr/local/squid/etc/squid.conf :

# Recommended minimum configuration:

# Example rule allowing access from your local networks.


# Adapt to list your (internal) IP networks from where browsing

# should be allowed

acl localnet src 10.0.0.0/8 # RFC1918 possible internal network

acl localnet src 172.16.0.0/12 # RFC1918 possible internal network

acl localnet src 192.168.0.0/16 # RFC1918 possible internal network

acl localnet src fc00::/7 # RFC 4193 local private network range

acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 # https

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT

# Recommended minimum Access Permission configuration:

# Deny requests to certain unsafe ports

http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports


http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost

http_access allow localhost manager

http_access deny manager

# We strongly recommend the following be uncommented to protect innocent

# web applications running on the proxy server who think the only

# one who can access services on "localhost" is a local user

#http_access deny to_localhost

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

acl tes_blokir1 dstdomain .sarana118.com .promo4d.com

http_access deny tes_blokir1

# acl tes_blokir2 url_regex "/usr/local/squid/etc/blokir.txt"

# http_access deny tes_blokir2

# ACL untuk HTTPS --------------------------- start

# acl blokir2 dstdom_regex facebook

# http_access deny blokir2

acl blokir_medsos dstdomain .facebook.com .twitter.com .instagram.com

http_access deny CONNECT blokir_medsos

http_reply_access deny blokir_medsos

# ACL untuk HTTPS --------------------------- end

# Example rule allowing access from your local networks.

# Adapt localnet in the ACL section to list your (internal) IP networks

# from where browsing should be allowed


http_access allow localnet

http_access allow localhost

# And finally deny all other access to this proxy

http_access allow all bisa juga http_access deny all

# Squid normally listens to port 3128

http_port 3128 intercept

# tambahan untuk SSL ------ start

https_port 3129 intercept ssl-bump cert=/usr/local/squid/ssl/server1.pem


#dynamic_cert_mem_cache_size=4MB

# sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /var/lib/ssl_db -M 4MB

# acl step1 at_step SslBump1

# ssl_bump peek step1

# ssl_bump bump all

always_direct allow all

ssl_bump server-first all

sslproxy_client_certificate /usr/local/squid/ssl/server1.pem

sslproxy_client_key /usr/local/squid/ssl/server1.pem

# sslproxy_version 3

sslproxy_capath /usr/local/squid/ssl/

sslproxy_cafile /usr/local/squid/ssl/server1.pem

sslproxy_flags NO_DEFAULT_CA

sslcrtd_children 8 startup=1 idle=1

sslproxy_cert_error deny all

# sslproxy_flags DONT_VERIFY_PEER

# tambahan untuk SSL ------end

# Uncomment and adjust the following to add a disk cache directory.


#cache_dir ufs /usr/local/squid/var/cache/squid 100 16 256

# Leave coredumps in the first cache dir

coredump_dir /usr/local/squid/var/cache/squid

# Add any of your own refresh_pattern entries above these.

refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern -i (/cgi-bin/|\?) 0 0% 0

refresh_pattern . 0 20% 4320

visible_hostname "server1"

Konfigurasi firewall IPTables di tabel *nat :

-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.1:3128

-A PREROUTING -i eth1 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.1.1:3129

atau rule yang di bawah ini :

-A PREROUTING -i eth1 -p tcp --dport 443 -j REDIRECT --to-port 3129

-A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128

8. Squid 3.5.27 Init Script


#!/bin/bash

# squid-3.5.27 This shell script takes care of starting and stopping

# Squid daemons.

# chkconfig: - 58 74

# description: Squid Proxy Server


### BEGIN INIT INFO

# Provides: squid3527

# Required-Start: $network $local_fs $remote_fs

# Required-Stop: $network $local_fs $remote_fs

# Should-Start: $syslog $named

# Should-Stop: $syslog $named

# Short-Description: start and stop samba-ad-dc

# Description: Squid Proxy Server

### END INIT INFO

# Source function library.

. /etc/init.d/functions

# Source networking configuration.

. /etc/sysconfig/network

prog=squid

prog_dir=/usr/local/squid/sbin/

lockfile=/var/lock/subsys/$prog

start() {

[ "$NETWORKING" = "no" ] && exit 1

echo -n $"Starting Squid-3.5.27: "

daemon $prog_dir/$prog -D

RETVAL=$?

echo

[ $RETVAL -eq 0 ] && touch $lockfile

return $RETVAL

}
stop() {

[ "$EUID" != "0" ] && exit 4

echo -n $"Shutting down Squid-3.5.27: "

killproc $prog_dir/$prog

RETVAL=$?

echo

[ $RETVAL -eq 0 ] && rm -f $lockfile

return $RETVAL

case "$1" in

start)

start

;;

stop)

stop

;;

status)

status $prog

;;

restart)

stop

start

;;

*)

echo $"Usage: $0 {start|stop|status|restart}"


exit 2

esac

Website HTTPS Instagram sukses diblokir

Intercept SSL pada protokol HTTP akan menyebabkan beberapa website HTTPS lain yang tidak termasuk
dalam daftar pemblokiran, tidak bisa dibuka, hal ini kemungkinan karena adanya masalah kompatibilitas
sertifikat SSL yang kita buat dengan sertifikat SSL website tsb.
Website HTTP sukes diblokir
Referensi :

http://blog.davidvassallo.me/2011/03/22/squid-transparent-ssl-interception/

https://www.tectut.com/2015/08/configure-squid-as-http-and-https-transparent-proxy/

https://wiki.squid-
cache.org/ConfigExamples/Intercept/SslBumpExplicit#Intercept_HTTPS_CONNECT_messages_with_SSL-
Bump

https://wiki.squid-cache.org/Features/SslBump

http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch32_:_Controlling_Web_Acc
ess_with_Squid#.WwxIx-6FPIV

Selesai

Created By : Linux Enthusiast in SE Asia

You might also like