Membuat DNS Server, Web Server dan Database Server Menggunakan Linux Fedora 8

by FX. Eko Budi Kristanto

 

DNS Server dan LAMP menggunakan Linux Fedora sebenarnya pernah saya tuliskan pada artikel saya yang terdahulu, tentang DNS Server Linux, Web Server Linux. Dengan tujuan membantu rekan-rekan yang baru saja beralih ke Linux dan kebetulan menggunakan Linux Fedora 8, ada baiknya saya menuliskan artikel ini. Panduan ini untuk kasus sebagai berikut:

1. Membuat DNS server untuk domain linuxer.local
2. Membuat DNS server virtual untuk domain fxekobudi.local, sarolangun.local
3. Membuat Web server untuk domain linuxer.local, fxekobudi.local, dan sarolangun.local
4. Membuat Database server menggunakan MySQL yang akan digunakan oleh aplikasi open source (Wordpress, Joomla, dan Drupal) pembangun situs lokal pada domain yang telah saya sebutkan di atas.

Sebelum mulai melangkah ke konfigurasi DNS dan LAMP (Linux-Apache-PHP-MySQL), berikut ini adalah konfigurasi pada Laptop yang saya gunakan:

IP Loopback: 127.0.0.1
IP Address NIC: 192.168.0.44
Netmask: 255.255.255.192 (/26)

Paket BIND: bind-9.5.0-18.a7, bind-libs-9.5.0-18.a7, bind-utils-9.5.0-18.a7, bind-chroot-9.5.0-18.a7
Paket APACHE: httpd-2.2.6-3, httpd-tools-2.2.6-3, system-config-httpd-1.4.4-1, httpd-manual-2.2.6-3
Paket MySQL: mysql-libs-5.0.45-4.fc8, mysql-5.0.45-4.fc8, mysql-server-5.0.45-4.fc8
Paket PHP: php-common-5.2.4-3, php-5.2.4-3, php-gd-5.2.4-3, php-cli-5.2.4-3, php-mysql-5.2.4-3

Semua paket sudah disertakan dalam DVD Installer Fedora 8, jadi jika belum terinstal, silahkan instal dengan menggunakan media DVD atau bisa juga menggunakan repository Fedora 8. Untuk mengecek apakah sudah terinstal atau belum, gunakan command: $ rpm -qa | grep [nama-paket]

1. DNS SERVER
Instal paket:
# yum install bind bind-libs bind-utils bind-chroot

Tidak seperti pada fedora 7, Anda dapat menemukan named.conf setelah instalasi bind. Sehingga hanya perlu mengedit konfigurasinya saja.

# vim /var/named/chroot/etc/named.conf

options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
allow-query { localhost; };
recursion yes;
};

logging {
channel default_debug {
file “data/named.run”;
severity dynamic;
};
};

zone “.” IN {
type hint;
file “named.ca”;
};

include “/etc/named.rfc1912.zones”;

// ————-
// Resolve DNS
// ————-
zone “linuxer.local” IN {
type master;
file “./zone/linuxer.local.zone”;
allow-update { key “rndckey”; };
allow-transfer { 192.168.0/26; };
};

// ————-
// Reverse DNS
// ————-
zone “0.168.192.in-addr.arpa” IN {
type master;
file “./zone/0.168.192.in-addr.arpa.zone”;
allow-update { key “rndckey”; };
allow-transfer { 192.168.0/26; };
};

include “/etc/named.primary.conf”;

Isi file /var/named/chroot/var/named/zone/linuxer.local.zone:

$ttl 38400
@ IN SOA ns.linuxer.local. root.linuxer.local (
1196006770
10800
3600
604800
38400 )
IN NS fxekobudi.linuxer.local.
IN MX 20 mail.linuxer.local.
fxekobudi IN A 192.168.0.44
www IN CNAME fxekobudi
ftp IN CNAME fxekobudi

Isi file /var/named/chroot/var/named/zone/0.168.192.in-addr.arpa.zone:

$ttl 38400
@ IN SOA ns.linuxer.local. root.linuxer.local (
1196006769
10800
3600
604800
38400 )
IN NS fxekobudi.linuxer.local.
44 IN PTR fxekobudi.linuxer.local.

Konfigurasi untuk file /var/named/chroot/etc/named.primary.conf:
# vim /var/named/chroot/etc/named.primary.conf

// —————————-
// Virtual Domain fxekobudi.local
// —————————-
zone “fxekobudi.local” IN {
type master;
file “./zone/fxekobudi.local.zone”;
allow-update { key “rndckey”; };
allow-transfer { 192.168.0/26; };
};

// —————————-
// Virtual Domain sarolangun.local
// —————————-
zone “sarolangun.local” IN {
type master;
file “./zone/sarolangun.local.zone”;
allow-update { key “rndckey”; };
allow-transfer { 192.168.0/26; };
};

Isi file /var/named/chroot/var/named/zone/fxekobudi.local.zone:

$ttl 38400
@ IN SOA ns.linuxer.local. root.linuxer.local (
1196006770
10800
3600
604800
38400 )
IN NS fxekobudi.fxekobudi.local.
IN MX 20 mail.fxekobudi.local.
fxekobudi IN A 192.168.0.44
www IN CNAME fxekobudi
ftp IN CNAME fxekobudi

Isi file /var/named/chroot/var/named/zone/sarolangun.local.zone:

$ttl 38400
@ IN SOA ns.linuxer.local. root.linuxer.local (
1196006770
10800
3600
604800
38400 )
IN NS fxekobudi.sarolangun.local.
IN MX 20 mail.sarolangun.local.
fxekobudi IN A 192.168.0.44
www IN CNAME fxekobudi
ftp IN CNAME fxekobudi

Konfigurasi untuk file /etc/resolv.conf:

search linuxer.local
search fxekobudi.local
search sarolangun.local
nameserver 127.0.0.1
nameserver 192.168.0.44

Tes konfigurasi DNS server:

$ dig linuxer.local
$ nslookup www.linuxer.local

Jalankan daemon DNS server untuk runlevel yang diinginkan:

# /sbin/chkconfig –levels 235 named on

2. WEB SERVER
Instal paket:

# yum install httpd

Edit file konfigurasi apache:

# vim /etc/httpd/conf/httpd.conf

Berikut beberapa konfigurasi yang perlu Anda lakukan:

### Section 1: Global Environment
User apache
Group apache

### Section 2: ‘Main’ server configuration
DocumentRoot “/var/www/html”
<Directory “/var/www/html”>
DirectoryIndex index.html index.html.var index.php

### Section 3: Virtual Hosts
# Konfigurasi virtual host
Include ./conf/vhosts.conf

Buat file virtual host:
# vim /etc/httpd/conf/vhosts.conf

NameVirtualHost 192.168.0.44:80

<VirtualHost 192.168.0.44:80>
ServerAdmin admin@linuxer.local
DocumentRoot /var/www/html
ServerName linuxer.local
ServerAlias www.linuxer.local
ErrorLog logs/error_log
CustomLog logs/access_log combined
</VirtualHost>

<VirtualHost 192.168.0.44:80>
ServerAdmin admin@linuxer.local
DocumentRoot /var/www/html/fxekobudi
ServerName fxekobudi.local
ServerAlias www.fxekobudi.local
ErrorLog logs/fxekobudi.local-error_log
CustomLog logs/fxekobudi.local-access_log combined
</VirtualHost>

<VirtualHost 192.168.0.44:80>
ServerAdmin admin@linuxer.local
DocumentRoot /var/www/html/sarolangun
ServerName sarolangun.local
ServerAlias www.sarolangun.local
ErrorLog logs/sarolangun.local-error_log
CustomLog logs/sarolangun.local-access_log combined
</VirtualHost>

Jalankan daemon web server untuk runlevel yang diinginkan:

# /sbin/chkconfig –levels 235 httpd on

3. DATABASE SERVER
Instal paket:

# yum install mysql-libs mysql mysql-server

Jalankan daemon mysql server untuk runlevel yang diinginkan:

# /sbin/chkconfig –levels 235 mysqld on

Gunakan phpMyAdmin untuk mempermudah administrasi. Baca artikel saya tentang instalasi phpMyAdmin.
Buat user selain root untuk mengakses database, gunakan interface phpMyAdmin saja.

4. PHP
Instal paket:

# yum install php-common php php-gd php-mysql

Untuk edit file php.ini, gunakan command berikut:

vim /etc/php.ini

Pada bagian
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Error handling and logging ;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
Rubah pada baris 356:

display_errors = On

Pada baris 619, tambahkan extension=gd.so agar script php dapat memanggil modul gd yang akan digunakan untuk Joomla:

;;;;;;;;;;;;;;;;;;;;;;
; Dynamic Extensions ;
;;;;;;;;;;;;;;;;;;;;;;
extension=gd.so

Membuat Router dengan Redhat 9

Membuat Router dengan Redhat 9

Label:TUGAS Materi dan Tugas TKJ | author: Andra Fideles

Berikut adalah skema jaringan yang akan dibangun.

|eth0
|
|——-|
| serv |
|—|—|
|
|eth1
|
|
|——————–hub———————-|
| | |
| | |
| | |
|———| |———| |———|
|Client 01| |Client 02| |Client 03|
|———| |———| |———|

Pertama yang harus di lakukan adalah mensetting serv(gateway utama) supaya bisa terhubung ke internet
Sebelum Mensetting :

=[satu]=
Minta IP public ke ISP lengkap dengan netmask,broadcast dan dns nya misalnya :
IP: 202.169.227.45
GATEWAY : 202.169.227.1
Nemast: 255.255.255.192
broadcast : 202.169.227.63
DNS1: 202.168.244.3
DNS2: 202.168.244.4

=[dua]=
Menentukan IP local yang akan kita gunakan buat client
IP: 192.168.0.2 - 192.168.0.254
GATEWAY: 192.168.0.1
NETMASK: 255.255.255.0
BROADCAST: 192.168.0.255
DNS1: 202.168.244.3
DNS2: 202.168.244.4

=[tiga]=
Setting IP serv :
[root@serv root]$ vi /etc/sysconfig/network
untuk mengedit dengan menggunakan editor vi (baca: vi-ai) tekan tombol i atau insert untuk memulai mengedit.
lalu isi dengan :

NETWORKING=yes
HOSTNAME=serv.domain.com
GATEWAY=202.169.227.1

lalu simpan dengan menekan :wq

=[empat]=
Menconfigurasi IP eth0(default)

[root@serv root]$ vi /etc/sysconfig/network-scripts/ifcfg-eth0
untuk mengedit dengan menggunakan editor vi (baca: vi-ai) tekan tombol i atau insert untuk memulai mengedit.
lalu isi dengan :

DEVICE=eth0
BOOTPROTO=static
IPADDR=202.169.227.45
BROADCAST=202.169.227.63
NETMASK=255.255.255.192
ONBOOT=yes
USERCTL=no

lalu simpan dengan menekan :wq

=[lima]=
Setting dns resolve

[root@serv root]$ vi /etc/resolve.conf
untuk mengedit dengan menggunakan editor vi (baca: vi-ai) tekan tombol i atau insert untuk memulai mengedit.
lalu isi dengan nameserver dari isp kita tadi :

nameserver 202.168.244.3
nameserver 202.168.244.4

lalu simpan dengan menekan :wq

=[enam]=

konfigurasi IP eth1
[root@serv root]$ vi /etc/sysconfig/network-scripts/ifcfg-eth1
untuk mengedit dengan menggunakan editor vi (baca: vi-ai) tekan tombol i atau insert untuk memulai mengedit.
lalu isi dengan :

DEVICE=eth1
BOOTPROTO=static
IPADDR=192.168.0.1
BROADCAST=192.168.0.255
NETMASK=255.255.255.0
ONBOOT=yes
USERCTL=no

lalu simpan dengan menekan :wq

=[tujuh]=
Setting ip_forwarding dan masquerading.

[root@serv root]$ vi /etc/rc.d/rc.local
untuk mengedit dengan menggunakan editor vi (baca: vi-ai) tekan tombol i atau insert untuk memulai mengedit.
lalu isi dengan :

echo “1″ > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t nat -A POSROUTING -s 192.168.0.0/24 [eth0 -j MASQUERADE

=[delapan]=
restart network

[root@serv root]$ service network restart
Shutting down interface eth0: [ OK ]
Shutting down interface eth1: [ OK ]
Shutting down loopback interface: [ OK ]
Disabling IPv4 packet forwarding: [ OK ]
Setting network parameters: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: [ OK ]
Bringing up interface eth1: [ OK ]

=[sembilan]=
testing dengan ping ke default gateway 202.169.227.1

[root@serv root]$ ping 202.169.227.1
64 bytes from 202.169.227.1 : icmp_seq=1 time=15.4 ms
64 bytes from 202.169.227.1 : icmp_seq=2 time=15.4 ms
64 bytes from 202.169.227.1 : icmp_seq=3 time=15.4 ms
64 bytes from 202.169.227.1 : icmp_seq=4 time=15.4 ms
64 bytes from 202.169.227.1 : icmp_seq=5 time=15.4 ms
64 bytes from 202.169.227.1 : icmp_seq=6 time=15.4 ms
64 bytes from 202.169.227.1 : icmp_seq=7 time=15.4 ms
—– 202.169.227.1 ping statistic —–
6 packets transmites, 6 received, 0% packet loss, time 3049ms

=[sepuluh]=
Testing dengan cara ping ip eth1
[root@serv root]$ ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
64 bytes from 192.168.0.1: icmp_seq=1 ttl=63 time=0.356 ms
64 bytes from 192.168.0.1: icmp_seq=2 ttl=63 time=0.269 ms
64 bytes from 192.168.0.1: icmp_seq=3 ttl=63 time=0.267 ms
64 bytes from 192.168.0.1: icmp_seq=4 ttl=63 time=0.268 ms

— 192.168.0.1 ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 2997ms
rtt min/avg/max/mdev = 0.267/0.290/0.356/0.038 ms

=[sebelas]
Tinggal Setting IP computer client dengan ketentuan di bawah ini :

IP: 192.168.0.2 - 192.168.0.254
GATEWAY: 192.168.0.1
NETMASK: 255.255.255.0
BROADCAST: 192.168.0.255
DNS1: 202.168.244.3
DNS2: 202.168.244.4

misal :

Client01
===============================
IP: 192.168.0.2
GATEWAY: 192.168.0.1
NETMASK: 255.255.255.0
BROADCAST: 192.168.0.255
NAMESERVER: 192.168.0.1

Client02
===============================
IP: 192.168.0.3
GATEWAY: 192.168.0.1
NETMASK: 255.255.255.0
BROADCAST: 192.168.0.255
NAMESERVER: 192.168.0.1

dan seterusnya sesuai banyaknya client,yang berubah hanya IP
untuk client windows maka setting IP di bagian Start Menu/Setting/Control Panel/Network

=[duabelas]=
setelah di setting ip client, maka
- ping ke 192.168.0.1 dari client,kalau berhasil berarti client dan router nya sudah tersambung.
- ping ke 202.169.227.45 dari client, kalau berhasil maka fungsi masquerading yang terletak di /etc/rc.d/rc/local telah bekerja dengan baik
namun jika tidak bisa maka Anda harus menjalankan fungsi masquerading yang terletak di /etc/rc.d/rc.local dengan cara :
.- anda bekerja menggunakan router yang anda buat tadi.
.- masuk ke account root
.- jalankan perintah berikut ini, tiap akhir perintah akhiri dengan menekan enter :
[root@serv root]# service network restart
[root@serv root]# /etc/rc.d/rc.local
jika sudah, coba ping ping ke 202.169.227.45 dari client
- selanjutnya ping ke default gateway 202.169.227.1 dari client
- ping ke 202.168.244.3 dari client
- ping ke 202.168.244.4 dari client

Proxy Linux

ijin share sedikit nih mas, tentang squid optimal ku...

# BISMILLAH HIRRAHMAANIRRAHIIIM $

#============================================================$

# WELCOME TO SQUID 2 WAHYU HIGH PERFORMANCE $

# SQUID PROXY CACHE $

# LAST EDITING 2009 $

#============================================================$

#============================================================$

http_port 8080

icp_port 3130

#============================================================$

#============================================================$

udp_incoming_address 0.0.0.0

udp_outgoing_address 255.255.255.255

#============================================================$

#============================================================$

hierarchy_stoplist cgi-bin ? .js .jsp localhost visicom indosat.net.id

acl QUERY urlpath_regex cgi-bin \? .js .jsp localhost visicom indosat.net.id

no_cache deny QUERY

#============================================================$

#============================================================$

# OPTIONS WHICH AFFECT THE CACHE SIZE

#============================================================$

cache_mem 64 MB

maximum_object_size 10 MB

minimum_object_size 0 KB

maximum_object_size_in_memory 4 KB

cache_swap_low 98

cache_swap_high 99

cache_replacement_policy heap LFUDA

memory_replacement_policy heap GDSF

store_dir_select_algorithm round-robin

ipcache_size 2048

ipcache_low 98

ipcache_high 99

fqdncache_size 2048

#============================================================$

# LOGFILE PATHNAMES AND CACHE DIRECTORIES

#============================================================$

cache_dir aufs /var/log/squid/cache 800 10 256

cache_dir diskd /cache-1 50000 10 256 Q1=72 Q2=64

cache_dir diskd /cache-2 50000 10 256 Q1=72 Q2=64

cache_access_log /var/log/squid/access.log

emulate_httpd_log on

cache_log /dev/null

cache_store_log /dev/null

mime_table /etc/squid/mime.conf

pid_filename /var/run/squid.pid

log_ip_on_direct on

log_fqdn off

log_icp_queries off

log_mime_hdrs off

log_ip_on_direct off

debug_options ALL,1

buffered_logs off

emulate_httpd_log off

client_netmask 255.255.255.255

ftp_passive on

ftp_sanitycheck on

hosts_file /etc/hosts

#============================================================$

# FTP section

#============================================================$

ftp_user anonymous@

ftp_list_width 32

ftp_passive on

ftp_sanitycheck on

#============================================================$

# DNS resolution section

#============================================================$

#cache_dns_program /etc/squid/libexec/dnsserver

#dns_children 24

dns_nameservers 203.130.196.5 203.130.193.74

prefer_direct off

#============================================================$

#auth_param basic children 5

#auth_param basic realm Squid proxy-caching web server

#auth_param basic credentialsttl 2 hours

#auth_param basic casesensitive off

#============================================================$

#============================================================$

# Refresh Rate

#============================================================$

refresh_pattern . 0 20% 4320

refresh_pattern -i \.(class|css|js|gif|jpg)$ 10080 100% 43200 override-expire

refresh_pattern -i \.(jpe|jpeg|png|bmp|tif)$ 10080 100% 43200 override-expire

refresh_pattern -i \.(tiff|mov|avi|qt|mpeg)$ 10080 100% 43200 override-expire

refresh_pattern -i \.(mpg|mpe|wav|au|mid)$ 10080 100% 43200 override-expire

refresh_pattern -i \.(zip|gz|arj|lha|lzh)$ 10080 100% 43200 override-expire

refresh_pattern -i \.(rar|tgz|tar|exe|bin)$ 10080 100% 43200 override-expire

refresh_pattern -i \.(hqx|pdf|rtf|doc|swf)$ 10080 100% 43200 override-expire

refresh_pattern -i \.(inc|cab|ad|txt|dll)$ 10080 100% 43200 override-expire

refresh_pattern -i \.(asp|acgi|pl|shtml|php3|php)$ 2 20% 4320 reload-into-ims

refresh_pattern -i \.spinbox.net$ 10080 90% 10080 override-expire override-lastmod ignore-reload reload-into-ims

refresh_pattern -i \.tar.gz$ 10080 90% 10080 override-expire override-lastmod ignore-reload reload-into-ims

refresh_pattern -i /$ 2880 90% 4320 override-expire override-lastmod ignore-reload reload-into-ims

refresh_pattern -i http://www.mail.yahoo.com 1140 98% 1140 override-expire override-lastmod ignore-reload reload-into-ims

refresh_pattern -i http://www.yahoo.com 1140 98% 1140 override-expire override-lastmod ignore-reload reload-into-ims

refresh_pattern -i http://www.friendster.com 10080 90% 10080 override-expire override-lastmod ignore-reload reload-into-ims

refresh_pattern ^http://www.friendster.com/.* 720 100% 4320

refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320

refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320

refresh_pattern ^http://*.yimg.*/.* 720 100% 4320

refresh_pattern ^http://*.gmail.*/.* 720 100% 4320

refresh_pattern ^http://*.google.*/.* 720 100% 4320

refresh_pattern ^http://*korea.*/.* 720 100% 4320

refresh_pattern ^http://*.akamai.*/.* 720 100% 4320

refresh_pattern ^http://*.windowsmedia.*/.* 720 100% 4320

refresh_pattern ^http://*.googlesyndication.*/.* 720 100% 4320

refresh_pattern ^http://*.plasa.*/.* 720 100% 4320

refresh_pattern ^http://*.telkom.*/.* 720 100% 4320

refresh_pattern -i \.class$ 43200 90% 86400 override-expire override-lastmod ignore-reload reload-into-ims

refresh_pattern -i ^ftp:// 1440 90% 172800 override-expire override-lastmod ignore-reload reload-into-ims

refresh_pattern -i /index.htm?$ 2880 90% 4320 override-expire override-lastmod ignore-reload reload-into-ims

refresh_pattern -i \.(htm|html)$ 2880 90% 86400 override-expire override-lastmod ignore-reload reload-into-ims

refresh_pattern -i \.(gif|jp?g|xbm|png|swf|bmp)$ 21600 90% 43200 override-expire override-lastmod ignore-reload reload-into-ims

refresh_pattern -i \.(mov|avi|qtm|mp?)$ 21600 90% 43200 override-expire override-lastmod ignore-reload reload-into-ims

refresh_pattern -i \.(zip|exe|gz|Z|lha|arj)$ 21600 90% 43200 override-expire override-lastmod ignore-reload reload-into-ims

refresh_pattern ^gopher: 1440 90% 172800 override-expire override-lastmod ignore-reload reload-into-ims

request_header_max_size 10 KB

request_body_max_size 5 MB

quick_abort_min 16 KB

quick_abort_max 16 KB

quick_abort_pct 98

negative_ttl 3 minutes

positive_dns_ttl 53 seconds

negative_dns_ttl 29 seconds

request_timeout 1 minutes

range_offset_limit 0 KB

#forward_timeout 4 minutes

connect_timeout 2 minutes

peer_connect_timeout 1 minutes

pconn_timeout 120 seconds

shutdown_lifetime 10 seconds

read_timeout 15 minutes

persistent_request_timeout 1 minute

client_lifetime 60 minutes

pipeline_prefetch on

vary_ignore_expire on

#============================================================$

# ACL section

#============================================================$

#acl macaddress arp 09:00:2b:23:45:67

#acl password proxy_auth REQUIRED

acl all src 0.0.0.0/0.0.0.0

acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255

acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443 563 # https, snews

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 563 # https, snews

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl Safe_ports port 631 # cups

acl Safe_ports port 873 # rsync

acl Safe_ports port 901 # SWAT

acl purge method PURGE

acl CONNECT method CONNECT

acl domainsaru dstdomain "/etc/squid/domainsaru"

acl katasex url_regex -i "/etc/squid/sex"

# acl boleh url_regex dst "/etc/squid/boleh"

acl iix dst_as 7713 4795 7597 4622 4787 4800 6667 6666 6665 6000-7000 5550 5050

always_direct allow iix

acl buggy_server url_regex ^http://www.prestasi.biz

broken_posts allow buggy_server

http_access deny domainsaru

http_access deny katasex

# http_access allow boleh

# PROXY

#acl PROXY src 10.10.10.1 10.10.10.2 10.10.10.3 10.10.10.4 10.10.10.5

acl PROXY src 10.10.10.5

http_access allow PROXY

acl virus dst 204.177.92.204/32 64.191.99.145/32

acl gator dstdom_regex gator hot_indonesia.exe

acl exploit urlpath_regex winnt/system32/cmd.exe?

acl exploit urlpath_regex splashPages/black.sps?

acl BADPORTS port 7 9 11 19 22 23 25 110 119 513 514

http_access deny virus

http_access deny gator

http_access deny exploit

http_access deny BADPORTS

http_access allow manager

http_access allow localhost

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

# http_access deny all

http_reply_access allow all

icp_access allow PROXY

icp_access deny all

miss_access allow PROXY

always_direct allow localhost PROXY

always_direct deny all

cache_mgr wahyu_devilcode@devilzc0de.org

cache_effective_user squid

cache_effective_group squid

visible_hostname proxy.devilzc0de.org

unique_hostname webmaster

#============================================================$

# Transparent proxy setting

#============================================================$

httpd_accel_host virtual

httpd_accel_port 80

httpd_accel_with_proxy on

httpd_accel_uses_host_header on

#httpd_accel_no_pmtu_disc on

httpd_accel_single_host off

half_closed_clients off

forwarded_for off

header_access From deny all

extension_methods SEARCH

##########

client_db off

strip_query_terms off

icon_directory /usr/share/squid/icons

error_directory /usr/share/squid/errors/English

snmp_incoming_address 0.0.0.0

snmp_outgoing_address 255.255.255.255

#============================================================$

# MISCELLANEOUS

#============================================================$

logfile_rotate 3

reload_into_ims on

store_dir_select_algorithm round-robin

nonhierarchical_direct off

prefer_direct on

memory_pools off

cachemgr_passwd disable shutdown

cachemgr_passwd all

offline_mode off

icp_hit_stale on

query_icmp on

coredump_dir /etc/squid

ignore_unknown_nameservers on

acl hotmail dstdomain .hotmail.com .msn.com .passport.net .msn.co.id .passport.com

header_access Accept-Encoding deny hotmail

#============================================================$

# DELAY POOLS

#============================================================$

acl magic_words1 url_regex -i 192.168.

acl magic_words2 url_regex -i ftp .exe .mp3 .vqf .tar.gz .wmv .tar.bz .tar.bz2 .gz .rpm .zip

acl magic_words2 url_regex -i .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav .tar .doc

acl magic_words2 url_regex -i .ppt .z .wmf .mov .arj .lzh .gzip .bin .wma

delay_pools 2

delay_class 1 2

delay_parameters 1 -1/-1 -1/-1

delay_access 1 allow magic_words1

delay_class 2 2

delay_parameters 2 35000/36000 35000/36000

delay_access 2 allow magic_words2

#============================================================$

# SNMP

#============================================================$

acl snmpcommunity snmp_community public

snmp_port 3401

snmp_access allow snmpcommunity localhost

snmp_access deny all

wccp_router 0.0.0.0

ie_refresh on

#=============================================================$

sekian :)