Pencarian
Latest topics
SQUID VIA ISPCE
+8
alliecms
And's
atake
007tegar
moch84bdg
wahyoeyupz
rajangopi
djohn6000
12 posters
Halaman 3 dari 4
Halaman 3 dari 4 • 1, 2, 3, 4
Re: SQUID VIA ISPCE
nubitol permanen ijin gelar tiker tuk belajar nih kang, baru disini isep dikupas abis ... apalagi di combine sama cumi :)
tapi sayangya beberapa hari terakhir tuk wilayah jakarta terenya jadi pinter maen taekwondo
kalau pake cfg squid dan ispce di atas nendang gk kalau akses tps
tapi sayangya beberapa hari terakhir tuk wilayah jakarta terenya jadi pinter maen taekwondo
kalau pake cfg squid dan ispce di atas nendang gk kalau akses tps
Roheng- Jumlah posting : 42
Join date : 24.02.12
Re: SQUID VIA ISPCE
Roheng wrote:nubitol permanen ijin gelar tiker tuk belajar nih kang, baru disini isep dikupas abis ... apalagi di combine sama cumi :)
tapi sayangya beberapa hari terakhir tuk wilayah jakarta terenya jadi pinter maen taekwondo
kalau pake cfg squid dan ispce di atas nendang gk kalau akses tps
coba pke squid kang di ane lancar jaya TKP jakbar...
isep wat DL..
wahyoeyupz- DS Maniac
- Jumlah posting : 315
Join date : 17.02.11
Re: SQUID VIA ISPCE
share setting squid untuk mengurangi DC pada tere
ini percobaan; terakhir ane pake stabil.
untuk mengurangi kerepotan karena dc
- squid.conf:
http_port 127.0.0.1:3128 transparent
udp_incoming_address 127.0.0.1
udp_outgoing_address 127.0.0.1
server_http11 on
acl all src all
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 10/28 # RFC1918 possible internal network
acl relay src 192.88.99.0/24
acl interconnect src 198.18.0.0/15
acl manager proto cache_object
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl purge method PURGE
acl protocol proto HTTP SSL
## port allowed
http_access deny !Safe_ports
http_access deny CONNECT !Safe_ports
http_access allow CONNECT localhost
http_access allow localhost CONNECT
http_access allow CONNECT all
## protocols allowed
http_access allow protocol CONNECT
http_access allow protocol localhost
http_access allow protocol all
http_access allow localhost CONNECT
acl download method GET HEAD
http_access allow download CONNECT
http_access allow download all
acl upload method POST PUT
http_access allow upload CONNECT
http_access allow upload all
http_access allow manager localhost
http_access allow manager localnet
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access allow interconnect
http_access allow relay
http_access allow localnet
http_access allow localhost
http_access deny all
##===============proxy=======================
cache_peer 127.0.0.1 parent 8088 7 proxy-only no-query no-digest allow-miss connection-auth=off front-end-https=auto
cache_peer_access 127.0.0.1 allow CONNECT
cache_peer_access 127.0.0.1 allow protocol
cache_peer_access 127.0.0.1 allow download
cache_peer_access 127.0.0.1 allow upload
cache_peer_access 127.0.0.1 allow localhost
cache_peer 10.4.0.10 sibling 3128 7 proxy-only no-query no-digest allow-miss ssl sslflags=DONT_VERIFY_PEER connection-auth=off front-end-https=auto
follow_x_forwarded_for allow localhost
##kalo ngga pasti kelimit proxynya
zph_mode tos
zph_local 0×30
zph_parent 0
zph_option 136
hierarchy_stoplist cgi-bin ?
nonhierarchical_direct off
# force all requests to go to the proxy chain
never_direct allow all
prefer_direct on
client_persistent_connections off
server_persistent_connections on
miss_access allow all
range_offset_limit -1
pid_filename c:/squid/logs/squid.pid
coredump_dir c:/squid/var/tmp
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
logfile_rotate 1
cache_log C:/squid/logs/error.log
cache_access_log none
cache_store_log none
cache_mgr not_to_be_disturbed
client_db on
collapsed_forwarding off
detect_broken_pconn on
dns_defnames on
dns_retransmit_interval 2 seconds
dns_timeout 5 minutes
emulate_httpd_log off
forwarded_for on
half_closed_clients off
httpd_suppress_version_string on
ident_lookup_access deny all
incoming_rate 30
ignore_ims_on_miss on
ignore_unknown_nameservers on
ignore_expect_100 on
offline_mode off
pipeline_prefetch on
retry_on_error on
strip_query_terms off
shutdown_lifetime 5 seconds
retry_on_error on
uri_whitespace allow
visible_hostname localhost
windows_ipaddrchangemonitor off
## disable caching
acl QUERY urlpath_regex -i cgi-bin ? .php$ .asp$ .shtml$ .xhtml$ .cfm$ .cfml$ .phtml$ .php3$ localhost
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 0% 4320
acl static_content urlpath_regex -i \.(jpg|gif|png|css|js|axd)
header_access Cache-Control deny static_content
# Overriding caching settings if nocache=true option is set
refresh_pattern nocache=true 0 0% 0
# Overriding caching settings if edit=yes option is set
refresh_pattern edit=yes 0 0% 0
cache deny QUERY
cache_vary on
cache deny all
cache_dir null c:/squid/var/cache
## disable multicast icp
icp_port 0
htcp_port 0
htcp_access deny all
icp_access deny all
redirect_rewrites_host_header off
header_replace Host internet.tri.co.id
header_replace User-Agent Mozilla/5.0 (Win NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/7.0.1
##header_replace x-device-user-agent Mozilla/5.0 (Win NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
#header_access Host deny all
##-----------------------
## header list ( DENY all - ALLOW listed )
header_access Accept allow all
header_access Accept-Encoding allow all
header_access Accept-Language allow all
header_access Authorization allow all
header_access Cache-Control allow all
header_access Content-Disposition allow all
header_access Content-Encoding allow all
header_access Content-Length allow all
header_access Content-Location allow all
header_access Content-Range allow all
header_access Content-Type allow all
header_access Cookie allow all
header_access Expires allow all
header_access Forwarded-For allow all
header_access From allow all
header_access Host allow all
header_access If-Modified-Since allow all
header_access Location allow all
header_access Keep-Alive allow all
header_access Proxy-Connection allow all
header_access Range allow all
header_access Referer allow all
header_access Set-Cookie allow all
header_access Via allow all
header_access WWW-Authenticate allow all
header_access X-Cache allow all
header_access X-Cache-Lookup allow all
header_access X-Forwarder-For allow all
header_access x-nokia-localsocket allow all
header_access x-nokia-maxdownlinkbitrate allow all
header_access x-nokia-maxuplinkbitrate allow all
header_access x-nokia-remotesocket allow all
header_access x-up-proxy-enable-trust allow all
header_access X-Powered-By allow all
header_access X-Requested-With allow all
#header_access All deny all
acl appli_json rep_mime_type -i ^application/json$
acl digstentry rep_mime_type -i ^application/x-up-digestentry$
acl ecmascript rep_mime_type -i ^application/x-ecmascript$
acl executable rep_mime_type -i ^application/x-executable$
acl fileuplod0 req_mime_type -i ^multipart/form-data$
acl fileuplod1 req_mime_type -i ^multipart/alternative$
acl fileuplod2 req_mime_type -i ^multipart/appledouble$
acl fileuplod3 req_mime_type -i ^multipart/digest$
acl fileuplod4 req_mime_type -i ^multipart/mixed$
acl fileuplod5 req_mime_type -i ^multipart/parallel$
acl fileuplod6 req_mime_type -i ^multipart/related$
acl fileuplod7 req_mime_type -i ^multipart/signed$
acl fileuplod8 req_mime_type -i ^multipart/encrypted$
acl gzip_compr rep_mime_type -i ^application/x-gzip-compressed$
acl javascript rep_mime_type -i ^application/x-javascript$
acl msdownload rep_mime_type -i ^application/x-msdownload$
acl oct_stream rep_mime_type -i ^application/octet-stream$
acl rarcompres rep_mime_type -i ^application/x-rar-compressed$
acl upl_device rep_mime_type -i ^application/x-up-device$
acl urlencoded rep_mime_type -i ^application/x-www-form-urlencoded$
acl postscript rep_mime_type -i ^application/postscript$
acl xhtml rep_mime_type -i ^application/xhtml+xml$
acl x_m_l rep_mime_type -i ^application/xml$
acl atom_xml rep_mime_type -i ^application/atom+xml$
acl dtd_m_l rep_mime_type -i ^application/xml-dtd$
acl math_m_l rep_mime_type -i ^application/mathml+xml$
acl director rep_mime_type -i ^application/x-director$
acl java_m_l rep_mime_type -i ^application/x-java-jnlp-file$
acl futuresplash rep_mime_type -i ^application/x-futuresplash$
acl wais_source rep_mime_type -i ^application/x-wais-source$
acl httpd_php0 req_mime_type -i ^application/x-httpd-cgi$
acl httpd_php1 req_mime_type -i ^application/x-httpd-php$
acl httpd_php2 req_mime_type -i ^application/x-httpd-php3$
acl httpd_php3 req_mime_type -i ^application/x-httpd-php3-source$
acl httpd_php4 req_mime_type -i ^application/x-httpd-php3-preprocessed$
acl shellscript req_mime_type -i ^application/x-shellscript$
acl ns_paconfig req_mime_type -i ^application/x-ns-proxy-autoconfig$
acl cert_00 req_mime_type -i ^application/pkix-cert$
acl cert_01 req_mime_type -i ^application/x-x509-ca-cert$
acl cert_02 req_mime_type -i ^application/x-x509-user-cert$
acl pointplus req_mime_type -i ^application/x-pointplus$
acl shockwave req_mime_type -i ^application/x-shockwave-flash$
acl ocsp_reqs req_mime_type -i ^application/ocsp-request$
acl ocsp_resp req_mime_type -i ^application/ocsp-response$
acl internet00 req_mime_type -i ^application/internet-property-stream$
acl internet01 req_mime_type -i ^application/x-internet-signup$
acl compressed req_mime_type -i ^application/x-compressed$
acl EDI_X12 req_mime_type -i ^application/EDI-X12$
acl EDIFACT req_mime_type -i ^application/EDIFACT$
http_access allow EDI_X12 all
http_access allow EDIFACT all
http_access allow internet00 all
http_access allow internet01 all
http_access allow compressed all
http_access allow ocsp_reqs all
http_access allow ocsp_resp all
http_access allow cert_00 all
http_access allow cert_01 all
http_access allow cert_02 all
http_access allow pointplus all
http_access allow shockwave all
http_access allow appli_json all
http_access allow digstentry all
http_access allow ecmascript all
http_access allow fileuplod0 all
http_access allow fileuplod1 all
http_access allow fileuplod2 all
http_access allow fileuplod3 all
http_access allow fileuplod4 all
http_access allow fileuplod5 all
http_access allow fileuplod6 all
http_access allow fileuplod7 all
http_access allow fileuplod8 all
http_access allow gzip_compr all
http_access allow httpd_php0 all
http_access allow httpd_php1 all
http_access allow httpd_php2 all
http_access allow httpd_php3 all
http_access allow httpd_php4 all
http_access allow javascript all
http_access allow msdownload all
http_access allow oct_stream all
http_access allow rarcompres all
http_access allow upl_device all
http_access allow urlencoded all
http_access allow xhtml all
http_access allow x_m_l all
http_access allow postscript all
http_access allow atom_xml all
http_access allow director all
http_access allow dtd_m_l all
http_access allow java_m_l all
http_access allow futuresplash all
http_access allow wais_source all
http_access allow executable all
http_access allow shellscript all
http_access allow ns_paconfig all
# Apache mod_gzip and mod_deflate known to be broken so don't trust
# Apache to signal ETag correctly on such responses
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
#acl QUERY urlpath_regex cgi-bin \?
#http_access deny QUERY
# REWRITE FEATURE
# PLEASE INSTALL strawberry perl first to enable this feature.
#
storeurl_rewrite_program C:/strawberry/perl/bin/perl.exe C:/squid/etc/storeurl.pl
storeurl_rewrite_children 2
storeurl_rewrite_concurrency 99
# END OF REWRITE FEATURE
#HTTP OPTIONS
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
acl HTTPS0 dstdomain .facebook.com .facebook.net .google.com
http_access allow HTTPS0 CONNECT
http_access allow CONNECT HTTPS0
http_access allow HTTPS0 all
acl HTTPS1 dstdomain .googleusercontent.com .paypalobjects.com
http_access allow HTTPS1 CONNECT
http_access allow CONNECT HTTPS1
http_access allow HTTPS1 all
acl HTTPS2 dstdomain .ak.fbcdn.net .g.doubleclick.net
http_access allow HTTPS2 CONNECT
http_access allow CONNECT HTTPS2
http_access allow HTTPS2 all
##EOF##
ini percobaan; terakhir ane pake stabil.
untuk mengurangi kerepotan karena dc
- setting dial up connection:
buka mdma connection properties [windows7 pada dialup and vpn tray icon]
pilih option :
lihat redial option:
check mark redial if line dropped
redial attemp isikan maksimal
time between redial attemp isi 3 seconds; jangan 1 spare untuk refresh Win
djohn6000- DS Maniac
- Jumlah posting : 371
Join date : 31.05.11
Lokasi : Surabaya
Re: SQUID VIA ISPCE
moch84bdg wrote:asiikkk..kayanya mesti bikin thread khusus nih, biar ga nyampur2 :)
lusca comstuff terlalu berat u/ pc ane; fokusnya pada cache; ndak berguna kalo no-cache
lusca-x86-r14588 tampaknya squid v3.??? lebih bagus dan stabil; setting no-cache ok; masalahnya agak susah untuk install; dan maunya ane sich ssl+ipv6.
-nb. comstuff punya notepad++PE (portable edition) enak sekali buat edit squid.conf
-sementara di tunda dulu thread dari ane mungkin ada yg mo bikin dulu untuk memulainya
djohn6000- DS Maniac
- Jumlah posting : 371
Join date : 31.05.11
Lokasi : Surabaya
Re: SQUID VIA ISPCE
semakin menjadi kan tendangannyawahyoeyupz wrote:Roheng wrote:nubitol permanen ijin gelar tiker tuk belajar nih kang, baru disini isep dikupas abis ... apalagi di combine sama cumi :)
tapi sayangya beberapa hari terakhir tuk wilayah jakarta terenya jadi pinter maen taekwondo
kalau pake cfg squid dan ispce di atas nendang gk kalau akses tps
coba pke squid kang di ane lancar jaya TKP jakbar...
isep wat DL..
yang berbayar sekalipun ancur banget komeksinya
Roheng- Jumlah posting : 42
Join date : 24.02.12
Re: SQUID VIA ISPCE
pada squid tere tampaknya port 443 untuk https; port 22 untuk ssh telah / sementara di offkan
LOL
- error messages:
fwdNegotiateSSL: Error negotiating SSL connection on FD 16: error:00000000:lib(0):func(0):reason(0) (5/-1/0)
TCP connection to 10.4.0.10 (10.4.0.10:3128) failed
itulah perkembangan terkini untuk squid via tereroheng wrote:
yang berbayar sekalipun ancur banget komeksinya
LOL
djohn6000- DS Maniac
- Jumlah posting : 371
Join date : 31.05.11
Lokasi : Surabaya
Re: SQUID VIA ISPCE
ayo siapa yg bisa bikin certifikate client ssl untuk squid dgn open ssl; upload dan posting.
djohn6000- DS Maniac
- Jumlah posting : 371
Join date : 31.05.11
Lokasi : Surabaya
Re: SQUID VIA ISPCE
mksudnya kek n gimana kang??? ntar nya bwt apadjohn6000 wrote:ayo siapa yg bisa bikin certifikate client ssl untuk squid dgn open ssl; upload dan posting.
Re: SQUID VIA ISPCE
ente search di google openssl+squid+ssl+serificate
djohn6000- DS Maniac
- Jumlah posting : 371
Join date : 31.05.11
Lokasi : Surabaya
Re: SQUID VIA ISPCE
udah coba dengan
Terakhir diubah oleh Roheng tanggal Sun Feb 26, 2012 2:25 pm, total 1 kali diubah (Reason for editing : kebalik kalimatnya .. hehe)
Roheng- Jumlah posting : 42
Join date : 24.02.12
Re: SQUID VIA ISPCE
ane dah coba kang..., bisa wat gandeng tunel tapi di daerah ane byk bengong.....Roheng wrote:udah coba dengan
perlu di uwik2 lagi ne....
wahyoeyupz- DS Maniac
- Jumlah posting : 315
Join date : 17.02.11
Re: SQUID VIA ISPCE
Confignya eror kang di pake ma squid punya ane , pa beda versi kali yadjohn6000 wrote:share setting squid untuk mengurangi DC pada tere
- squid.conf:
http_port 127.0.0.1:3128 transparent
udp_incoming_address 127.0.0.1
udp_outgoing_address 127.0.0.1
server_http11 on
acl all src all
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 10/28 # RFC1918 possible internal network
acl relay src 192.88.99.0/24
acl interconnect src 198.18.0.0/15
acl manager proto cache_object
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl purge method PURGE
acl protocol proto HTTP SSL
## port allowed
http_access deny !Safe_ports
http_access deny CONNECT !Safe_ports
http_access allow CONNECT localhost
http_access allow localhost CONNECT
http_access allow CONNECT all
## protocols allowed
http_access allow protocol CONNECT
http_access allow protocol localhost
http_access allow protocol all
http_access allow localhost CONNECT
acl download method GET HEAD
http_access allow download CONNECT
http_access allow download all
acl upload method POST PUT
http_access allow upload CONNECT
http_access allow upload all
http_access allow manager localhost
http_access allow manager localnet
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access allow interconnect
http_access allow relay
http_access allow localnet
http_access allow localhost
http_access deny all
##===============proxy=======================
cache_peer 127.0.0.1 parent 8088 7 proxy-only no-query no-digest allow-miss connection-auth=off front-end-https=auto
cache_peer_access 127.0.0.1 allow CONNECT
cache_peer_access 127.0.0.1 allow protocol
cache_peer_access 127.0.0.1 allow download
cache_peer_access 127.0.0.1 allow upload
cache_peer_access 127.0.0.1 allow localhost
cache_peer 10.4.0.10 sibling 3128 7 proxy-only no-query no-digest allow-miss ssl sslflags=DONT_VERIFY_PEER connection-auth=off front-end-https=auto
follow_x_forwarded_for allow localhost
##kalo ngga pasti kelimit proxynya
zph_mode tos
zph_local 0×30
zph_parent 0
zph_option 136
hierarchy_stoplist cgi-bin ?
nonhierarchical_direct off
# force all requests to go to the proxy chain
never_direct allow all
prefer_direct on
client_persistent_connections off
server_persistent_connections on
miss_access allow all
range_offset_limit -1
pid_filename c:/squid/logs/squid.pid
coredump_dir c:/squid/var/tmp
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
logfile_rotate 1
cache_log C:/squid/logs/error.log
cache_access_log none
cache_store_log none
cache_mgr not_to_be_disturbed
client_db on
collapsed_forwarding off
detect_broken_pconn on
dns_defnames on
dns_retransmit_interval 2 seconds
dns_timeout 5 minutes
emulate_httpd_log off
forwarded_for on
half_closed_clients off
httpd_suppress_version_string on
ident_lookup_access deny all
incoming_rate 30
ignore_ims_on_miss on
ignore_unknown_nameservers on
ignore_expect_100 on
offline_mode off
pipeline_prefetch on
retry_on_error on
strip_query_terms off
shutdown_lifetime 5 seconds
retry_on_error on
uri_whitespace allow
visible_hostname localhost
windows_ipaddrchangemonitor off
## disable caching
acl QUERY urlpath_regex -i cgi-bin ? .php$ .asp$ .shtml$ .xhtml$ .cfm$ .cfml$ .phtml$ .php3$ localhost
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 0% 4320
acl static_content urlpath_regex -i \.(jpg|gif|png|css|js|axd)
header_access Cache-Control deny static_content
# Overriding caching settings if nocache=true option is set
refresh_pattern nocache=true 0 0% 0
# Overriding caching settings if edit=yes option is set
refresh_pattern edit=yes 0 0% 0
cache deny QUERY
cache_vary on
cache deny all
cache_dir null c:/squid/var/cache
## disable multicast icp
icp_port 0
htcp_port 0
htcp_access deny all
icp_access deny all
redirect_rewrites_host_header off
header_replace Host internet.tri.co.id
header_replace User-Agent Mozilla/5.0 (Win NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/7.0.1
##header_replace x-device-user-agent Mozilla/5.0 (Win NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
#header_access Host deny all
##-----------------------
## header list ( DENY all - ALLOW listed )
header_access Accept allow all
header_access Accept-Encoding allow all
header_access Accept-Language allow all
header_access Authorization allow all
header_access Cache-Control allow all
header_access Content-Disposition allow all
header_access Content-Encoding allow all
header_access Content-Length allow all
header_access Content-Location allow all
header_access Content-Range allow all
header_access Content-Type allow all
header_access Cookie allow all
header_access Expires allow all
header_access Forwarded-For allow all
header_access From allow all
header_access Host allow all
header_access If-Modified-Since allow all
header_access Location allow all
header_access Keep-Alive allow all
header_access Proxy-Connection allow all
header_access Range allow all
header_access Referer allow all
header_access Set-Cookie allow all
header_access Via allow all
header_access WWW-Authenticate allow all
header_access X-Cache allow all
header_access X-Cache-Lookup allow all
header_access X-Forwarder-For allow all
header_access x-nokia-localsocket allow all
header_access x-nokia-maxdownlinkbitrate allow all
header_access x-nokia-maxuplinkbitrate allow all
header_access x-nokia-remotesocket allow all
header_access x-up-proxy-enable-trust allow all
header_access X-Powered-By allow all
header_access X-Requested-With allow all
#header_access All deny all
acl appli_json rep_mime_type -i ^application/json$
acl digstentry rep_mime_type -i ^application/x-up-digestentry$
acl ecmascript rep_mime_type -i ^application/x-ecmascript$
acl executable rep_mime_type -i ^application/x-executable$
acl fileuplod0 req_mime_type -i ^multipart/form-data$
acl fileuplod1 req_mime_type -i ^multipart/alternative$
acl fileuplod2 req_mime_type -i ^multipart/appledouble$
acl fileuplod3 req_mime_type -i ^multipart/digest$
acl fileuplod4 req_mime_type -i ^multipart/mixed$
acl fileuplod5 req_mime_type -i ^multipart/parallel$
acl fileuplod6 req_mime_type -i ^multipart/related$
acl fileuplod7 req_mime_type -i ^multipart/signed$
acl fileuplod8 req_mime_type -i ^multipart/encrypted$
acl gzip_compr rep_mime_type -i ^application/x-gzip-compressed$
acl javascript rep_mime_type -i ^application/x-javascript$
acl msdownload rep_mime_type -i ^application/x-msdownload$
acl oct_stream rep_mime_type -i ^application/octet-stream$
acl rarcompres rep_mime_type -i ^application/x-rar-compressed$
acl upl_device rep_mime_type -i ^application/x-up-device$
acl urlencoded rep_mime_type -i ^application/x-www-form-urlencoded$
acl postscript rep_mime_type -i ^application/postscript$
acl xhtml rep_mime_type -i ^application/xhtml+xml$
acl x_m_l rep_mime_type -i ^application/xml$
acl atom_xml rep_mime_type -i ^application/atom+xml$
acl dtd_m_l rep_mime_type -i ^application/xml-dtd$
acl math_m_l rep_mime_type -i ^application/mathml+xml$
acl director rep_mime_type -i ^application/x-director$
acl java_m_l rep_mime_type -i ^application/x-java-jnlp-file$
acl futuresplash rep_mime_type -i ^application/x-futuresplash$
acl wais_source rep_mime_type -i ^application/x-wais-source$
acl httpd_php0 req_mime_type -i ^application/x-httpd-cgi$
acl httpd_php1 req_mime_type -i ^application/x-httpd-php$
acl httpd_php2 req_mime_type -i ^application/x-httpd-php3$
acl httpd_php3 req_mime_type -i ^application/x-httpd-php3-source$
acl httpd_php4 req_mime_type -i ^application/x-httpd-php3-preprocessed$
acl shellscript req_mime_type -i ^application/x-shellscript$
acl ns_paconfig req_mime_type -i ^application/x-ns-proxy-autoconfig$
acl cert_00 req_mime_type -i ^application/pkix-cert$
acl cert_01 req_mime_type -i ^application/x-x509-ca-cert$
acl cert_02 req_mime_type -i ^application/x-x509-user-cert$
acl pointplus req_mime_type -i ^application/x-pointplus$
acl shockwave req_mime_type -i ^application/x-shockwave-flash$
acl ocsp_reqs req_mime_type -i ^application/ocsp-request$
acl ocsp_resp req_mime_type -i ^application/ocsp-response$
acl internet00 req_mime_type -i ^application/internet-property-stream$
acl internet01 req_mime_type -i ^application/x-internet-signup$
acl compressed req_mime_type -i ^application/x-compressed$
acl EDI_X12 req_mime_type -i ^application/EDI-X12$
acl EDIFACT req_mime_type -i ^application/EDIFACT$
http_access allow EDI_X12 all
http_access allow EDIFACT all
http_access allow internet00 all
http_access allow internet01 all
http_access allow compressed all
http_access allow ocsp_reqs all
http_access allow ocsp_resp all
http_access allow cert_00 all
http_access allow cert_01 all
http_access allow cert_02 all
http_access allow pointplus all
http_access allow shockwave all
http_access allow appli_json all
http_access allow digstentry all
http_access allow ecmascript all
http_access allow fileuplod0 all
http_access allow fileuplod1 all
http_access allow fileuplod2 all
http_access allow fileuplod3 all
http_access allow fileuplod4 all
http_access allow fileuplod5 all
http_access allow fileuplod6 all
http_access allow fileuplod7 all
http_access allow fileuplod8 all
http_access allow gzip_compr all
http_access allow httpd_php0 all
http_access allow httpd_php1 all
http_access allow httpd_php2 all
http_access allow httpd_php3 all
http_access allow httpd_php4 all
http_access allow javascript all
http_access allow msdownload all
http_access allow oct_stream all
http_access allow rarcompres all
http_access allow upl_device all
http_access allow urlencoded all
http_access allow xhtml all
http_access allow x_m_l all
http_access allow postscript all
http_access allow atom_xml all
http_access allow director all
http_access allow dtd_m_l all
http_access allow java_m_l all
http_access allow futuresplash all
http_access allow wais_source all
http_access allow executable all
http_access allow shellscript all
http_access allow ns_paconfig all
# Apache mod_gzip and mod_deflate known to be broken so don't trust
# Apache to signal ETag correctly on such responses
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
#acl QUERY urlpath_regex cgi-bin \?
#http_access deny QUERY
# REWRITE FEATURE
# PLEASE INSTALL strawberry perl first to enable this feature.
#
storeurl_rewrite_program C:/strawberry/perl/bin/perl.exe C:/squid/etc/storeurl.pl
storeurl_rewrite_children 2
storeurl_rewrite_concurrency 99
# END OF REWRITE FEATURE
#HTTP OPTIONS
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
acl HTTPS0 dstdomain .facebook.com .facebook.net .google.com
http_access allow HTTPS0 CONNECT
http_access allow CONNECT HTTPS0
http_access allow HTTPS0 all
acl HTTPS1 dstdomain .googleusercontent.com .paypalobjects.com
http_access allow HTTPS1 CONNECT
http_access allow CONNECT HTTPS1
http_access allow HTTPS1 all
acl HTTPS2 dstdomain .ak.fbcdn.net .g.doubleclick.net
http_access allow HTTPS2 CONNECT
http_access allow CONNECT HTTPS2
http_access allow HTTPS2 all
##EOF##
ini percobaan; terakhir ane pake stabil.
untuk mengurangi kerepotan karena dcjadi ndak perlu tambahan reconnect software
- setting dial up connection:
buka mdma connection properties [windows7 pada dialup and vpn tray icon]
pilih option :
lihat redial option:
check mark redial if line dropped
redial attemp isikan maksimal
time between redial attemp isi 3 seconds; jangan 1 spare untuk refresh Win
Re: SQUID VIA ISPCE
disini nyobain pake dajjal cuma ip-client tertentu yang cocokwahyoeyupz wrote:ane dah coba kang..., bisa wat gandeng tunel tapi di daerah ane byk bengong.....Roheng wrote:udah coba dengan
perlu di uwik2 lagi ne....
Roheng- Jumlah posting : 42
Join date : 24.02.12
Re: SQUID VIA ISPCE
emm.,., kasusnya sama kya ane...... IPC nya juga ga tentu buat gandang ssh...Roheng wrote:disini nyobain pake dajjal cuma ip-client tertentu yang cocokwahyoeyupz wrote:ane dah coba kang..., bisa wat gandeng tunel tapi di daerah ane byk bengong.....Roheng wrote:udah coba dengan
perlu di uwik2 lagi ne....
wahyoeyupz- DS Maniac
- Jumlah posting : 315
Join date : 17.02.11
Re: SQUID VIA ISPCE
kalo melihat response header untuk ssl/https;
ipc=10.34 s/d 10.37 untuk FG ini yg diblocking port 443 https, port 22 ssh
perkiraan ane untuk bisa FG dgn https / ssh ipc 10.40
pada squid deny port 443 dan 22 dpt dilakukan.
squid 2.7 stable8 ssl ini versi yg ane pake
ipc=10.34 s/d 10.37 untuk FG ini yg diblocking port 443 https, port 22 ssh
perkiraan ane untuk bisa FG dgn https / ssh ipc 10.40
pada squid deny port 443 dan 22 dpt dilakukan.
squid 2.7 stable8 ssl ini versi yg ane pake
djohn6000- DS Maniac
- Jumlah posting : 371
Join date : 31.05.11
Lokasi : Surabaya
Re: SQUID VIA ISPCE
bearti IPC di setiap daerah beda kang.,., di daerah jabodetabek kepernah ane nemuin IPC yg lebih dari 10.30.....djohn6000 wrote:kalo melihat response header untuk ssl/https;
ipc=10.34 s/d 10.37 untuk FG ini yg diblocking port 443 https, port 22 ssh
perkiraan ane untuk bisa FG dgn https / ssh ipc 10.40
pada squid deny port 443 dan 22 dpt dilakukan.
squid 2.7 stable8 ssl ini versi yg ane pake
di ane stabil IPC 10.22.. bisa konak ma SSH.....
wahyoeyupz- DS Maniac
- Jumlah posting : 315
Join date : 17.02.11
Re: SQUID VIA ISPCE
yang cfg itu tinggal copas kan kang????djohn6000 wrote:kalo melihat response header untuk ssl/https;
ipc=10.34 s/d 10.37 untuk FG ini yg diblocking port 443 https, port 22 ssh
perkiraan ane untuk bisa FG dgn https / ssh ipc 10.40
pada squid deny port 443 dan 22 dpt dilakukan.
squid 2.7 stable8 ssl ini versi yg ane pake
klo ipc 10.40 setau ane sih klo ikut paket baru di kasih tu (setau ane, tw deh klo da cara laen biar dapet tu ipeh)
Re: SQUID VIA ISPCE
alliecms wrote:yang cfg itu tinggal copas kan kang????djohn6000 wrote:kalo melihat response header untuk ssl/https;
ipc=10.34 s/d 10.37 untuk FG ini yg diblocking port 443 https, port 22 ssh
perkiraan ane untuk bisa FG dgn https / ssh ipc 10.40
pada squid deny port 443 dan 22 dpt dilakukan.
squid 2.7 stable8 ssl ini versi yg ane pake
klo ipc 10.40 setau ane sih klo ikut paket baru di kasih tu (setau ane, tw deh klo da cara laen biar dapet tu ipeh)
kalo mau coba - ada wardialer ato dialer (madein para Gretzz) yg mencari IP tertentu sewaktu DUN-connection. search di google dech bertaburan.
djohn6000- DS Maniac
- Jumlah posting : 371
Join date : 31.05.11
Lokasi : Surabaya
Re: SQUID VIA ISPCE
djohn6000 wrote:alliecms wrote:yang cfg itu tinggal copas kan kang????djohn6000 wrote:kalo melihat response header untuk ssl/https;
ipc=10.34 s/d 10.37 untuk FG ini yg diblocking port 443 https, port 22 ssh
perkiraan ane untuk bisa FG dgn https / ssh ipc 10.40
pada squid deny port 443 dan 22 dpt dilakukan.
squid 2.7 stable8 ssl ini versi yg ane pake
klo ipc 10.40 setau ane sih klo ikut paket baru di kasih tu (setau ane, tw deh klo da cara laen biar dapet tu ipeh)
kalo mau coba - ada wardialer ato dialer (madein para Gretzz) yg mencari IP tertentu sewaktu DUN-connection. search di google dech bertaburan.
boleh tanya sedikit aja om jhon..:)
kalo squid biar bisa listen tunelier gimana ya??:D
sy setting begini gagal
##===============proxy=======================
cache_peer 127.0.0.1 parent 1081 7 default no-query no-digest allow-miss
cache_peer_access 127.0.0.1 allow localhost
cache_peer_access 127.0.0.1 deny all
##===============tere=======================
apa ada yang salah?? isep http sedangkan tunel sock5..??
mohon koreksinya om jhon..:)
r12ky- Jumlah posting : 14
Join date : 23.02.12
Re: SQUID VIA ISPCE
r12ky wrote:
boleh tanya sedikit aja om jhon..:)
kalo squid biar bisa listen tunelier gimana ya??:D
sy setting begini gagal
##===============proxy=======================
cache_peer 127.0.0.1 parent 1081 7 default no-query no-digest allow-miss
cache_peer_access 127.0.0.1 allow localhost
cache_peer_access 127.0.0.1 deny all
##===============tere=======================
apa ada yang salah?? isep http sedangkan tunel sock5..??
mohon koreksinya om jhon..:)
squid setting wrote:
cache_peer 127.0.0.1 parent 1081 7 default no-query no-digest allow-miss
127.0.0.1 parent 1081=listen port isep; ane makenya 127.0.0.1 parent 8088
sinkron-kan squid dgn isep ato apps proxy yg di lalui squid.
djohn6000- DS Maniac
- Jumlah posting : 371
Join date : 31.05.11
Lokasi : Surabaya
Re: SQUID VIA ISPCE
djohn6000 wrote:squid setting wrote:
cache_peer 127.0.0.1 parent 1081 7 default no-query no-digest allow-miss
127.0.0.1 parent 1081=listen port isep; ane makenya 127.0.0.1 parent 8088
sinkron-kan squid dgn isep ato apps proxy yg di lalui squid.
masih gagal nih..
mang ga berpengaruh ya om kalo squid membaca http atw sock5..:)??
sy pke isep+tunel
niatnya mau buat cacing tapi lewat tunel aja..
kalo via isep isep ga mau jalan..:(
r12ky- Jumlah posting : 14
Join date : 23.02.12
Re: SQUID VIA ISPCE
tere menggunakan squid proxy; http_access deny !safe_port
yg mana safe_port 80; artinya semua port selain 80 bakal di tolak; kalo mau pake ssh tunnel cari server dgn konneksi port 80; jadi yg gagal bukan settingnya.
yg mana safe_port 80; artinya semua port selain 80 bakal di tolak; kalo mau pake ssh tunnel cari server dgn konneksi port 80; jadi yg gagal bukan settingnya.
djohn6000- DS Maniac
- Jumlah posting : 371
Join date : 31.05.11
Lokasi : Surabaya
Re: SQUID VIA ISPCE
Menstabilkankan koneksi TERE via squid:
seperti kita ketahui proxy tere menggunakan squid 2.7stable3; dan telah menutup semua port kecuali port 80 (http); agar kita juga tidak gampang DC kita ikuti aja setting squid tere tsb; yaitu dgn menutup semua port kecuali port 80.
seperti kita ketahui proxy tere menggunakan squid 2.7stable3; dan telah menutup semua port kecuali port 80 (http); agar kita juga tidak gampang DC kita ikuti aja setting squid tere tsb; yaitu dgn menutup semua port kecuali port 80.
- share setting squid:
http_port 127.0.0.1:3128 tcpkeepalive=60,10,6
udp_incoming_address 127.0.0.1
server_http11 off
acl all src all
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 10/28 # RFC1918 possible internal network
acl relay src 192.88.99.0/24
acl interconnect src 198.18.0.0/15
acl manager proto cache_object
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl purge method PURGE
## port allowed
http_access deny !Safe_ports
http_access deny CONNECT
http_access deny CONNECT SSL_ports
acl download method GET HEAD
http_access allow download all
acl upload method POST PUT
http_access allow upload all
http_access allow manager localhost
http_access allow manager localnet
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access allow interconnect
http_access allow relay
http_access allow localnet
http_access allow localhost
http_access deny all
##===============proxy=======================
cache_peer 127.0.0.1 parent 8088 7 default proxy-only no-query no-digest allow-miss front-end-https=on
follow_x_forwarded_for allow localhost
##kalo ngga pasti kelimit proxynya
zph_mode tos
zph_local 0×30
zph_parent 0
zph_option 136
hierarchy_stoplist cgi-bin ?
nonhierarchical_direct off
# force all requests to go to the proxy chain
never_direct allow all
prefer_direct on
client_persistent_connections off
server_persistent_connections on
miss_access allow localhost
miss_access allow localnet
miss_access allow all
pid_filename c:/squid/logs/squid.pid
mime_table c:/squid/etc/mime.conf
coredump_dir c:/squid/var/tmp
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
logfile_rotate 1
cache_log C:/squid/logs/error.log
cache_access_log none
cache_store_log none
cache_mgr not_to_be_disturbed
client_db on
collapsed_forwarding off
detect_broken_pconn on
dns_defnames on
dns_retransmit_interval 2 seconds
dns_timeout 5 minutes
emulate_httpd_log off
forwarded_for transparent
half_closed_clients off
httpd_suppress_version_string on
ident_lookup_access deny all
incoming_rate 30
ignore_ims_on_miss on
ignore_unknown_nameservers on
ignore_expect_100 on
offline_mode off
pipeline_prefetch on
range_offset_limit -1
retry_on_error on
strip_query_terms off
shutdown_lifetime 5 seconds
retry_on_error on
uri_whitespace allow
visible_hostname localhost
windows_ipaddrchangemonitor off
## disable caching
acl QUERY urlpath_regex -i cgi-bin ? .php$ .asp$ .shtml$ .xhtml$ .cfm$ .cfml$ .phtml$ .php3$ localhost
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 0% 4320
acl static_content urlpath_regex -i \.(jpg|gif|png|css|js|axd)
header_access Cache-Control deny static_content
# Overriding caching settings if nocache=true option is set
refresh_pattern nocache=true 0 0% 0
# Overriding caching settings if edit=yes option is set
refresh_pattern edit=yes 0 0% 0
cache deny QUERY
cache_vary on
cache deny all
cache_dir null c:/squid/var/cache
## disable multicast icp
icp_port 0
htcp_port 0
htcp_access deny all
icp_access deny all
redirect_rewrites_host_header off
header_replace Host internet.tri.co.id
header_replace User-Agent Mozilla/5.0 (Win NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/7.0.1
##header_replace x-device-user-agent Mozilla/5.0 (Win NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
#header_access Host deny all
##-----------------------
## header list ( DENY all - ALLOW listed )
header_access Accept allow all
header_access Accept-Encoding allow all
header_access Accept-Language allow all
header_access Authorization allow all
header_access Cache-Control allow all
header_access Content-Disposition allow all
header_access Content-Encoding allow all
header_access Content-Length allow all
header_access Content-Location allow all
header_access Content-Range allow all
header_access Content-Type allow all
header_access Cookie allow all
header_access Expires allow all
header_access Forwarded-For allow all
header_access From allow all
header_access Host allow all
header_access If-Modified-Since allow all
header_access Location allow all
header_access Keep-Alive allow all
header_access Proxy-Connection allow all
header_access Range allow all
header_access Referer allow all
header_access Set-Cookie allow all
header_access Via allow all
header_access WWW-Authenticate allow all
header_access X-Cache allow all
header_access X-Cache-Lookup allow all
header_access X-Forwarder-For allow all
header_access x-nokia-localsocket allow all
header_access x-nokia-maxdownlinkbitrate allow all
header_access x-nokia-maxuplinkbitrate allow all
header_access x-nokia-remotesocket allow all
header_access x-up-proxy-enable-trust allow all
header_access X-Powered-By allow all
header_access X-Requested-With allow all
#header_access All deny all
acl appli_cert rep_mime_type -i ^application/x-x509-ca-cert
acl appli_json rep_mime_type -i ^application/json$
acl digstentry rep_mime_type -i ^application/x-up-digestentry$
acl ecmascript rep_mime_type -i ^application/x-ecmascript$
acl executable rep_mime_type -i ^application/x-executable$
acl fileuplod0 req_mime_type -i ^multipart/form-data$
acl fileuplod1 req_mime_type -i ^multipart/alternative$
acl fileuplod2 req_mime_type -i ^multipart/appledouble$
acl fileuplod3 req_mime_type -i ^multipart/digest$
acl fileuplod4 req_mime_type -i ^multipart/mixed$
acl fileuplod5 req_mime_type -i ^multipart/parallel$
acl fileuplod6 req_mime_type -i ^multipart/related$
acl fileuplod7 req_mime_type -i ^multipart/signed$
acl fileuplod8 req_mime_type -i ^multipart/encrypted$
acl gzip_compr rep_mime_type -i ^application/x-gzip-compressed$
acl javascript rep_mime_type -i ^application/x-javascript$
acl msdownload rep_mime_type -i ^application/x-msdownload$
acl oct_stream rep_mime_type -i ^application/octet-stream$
acl rarcompres rep_mime_type -i ^application/x-rar-compressed$
acl upl_device rep_mime_type -i ^application/x-up-device$
acl urlencoded rep_mime_type -i ^application/x-www-form-urlencoded$
acl postscript rep_mime_type -i ^application/postscript$
acl xhtml rep_mime_type -i ^application/xhtml+xml$
acl x_m_l rep_mime_type -i ^application/xml$
acl atom_xml rep_mime_type -i ^application/atom+xml$
acl dtd_m_l rep_mime_type -i ^application/xml-dtd$
acl math_m_l rep_mime_type -i ^application/mathml+xml$
acl director rep_mime_type -i ^application/x-director$
acl java_m_l rep_mime_type -i ^application/x-java-jnlp-file$
acl futuresplash rep_mime_type -i ^application/x-futuresplash$
acl wais_source rep_mime_type -i ^application/x-wais-source$
acl httpd_php0 req_mime_type -i ^application/x-httpd-cgi$
acl httpd_php1 req_mime_type -i ^application/x-httpd-php$
acl httpd_php2 req_mime_type -i ^application/x-httpd-php3$
acl httpd_php3 req_mime_type -i ^application/x-httpd-php3-source$
acl httpd_php4 req_mime_type -i ^application/x-httpd-php3-preprocessed$
acl shellscript req_mime_type -i ^application/x-shellscript$
acl ns_paconfig req_mime_type -i ^application/x-ns-proxy-autoconfig$
acl cert_00 req_mime_type -i ^application/pkix-cert$
acl cert_01 req_mime_type -i ^application/x-x509-ca-cert$
acl cert_02 req_mime_type -i ^application/x-x509-user-cert$
acl pointplus req_mime_type -i ^application/x-pointplus$
acl shockwave req_mime_type -i ^application/x-shockwave-flash$
acl ocsp_reqs req_mime_type -i ^application/ocsp-request$
acl ocsp_resp req_mime_type -i ^application/ocsp-response$
acl internet00 req_mime_type -i ^application/internet-property-stream$
acl internet01 req_mime_type -i ^application/x-internet-signup$
acl compressed req_mime_type -i ^application/x-compressed$
acl EDI_X12 req_mime_type -i ^application/EDI-X12$
acl EDIFACT req_mime_type -i ^application/EDIFACT$
http_access allow EDI_X12 all
http_access allow EDIFACT all
http_access allow internet00 all
http_access allow internet01 all
http_access allow compressed all
http_access allow ocsp_reqs all
http_access allow ocsp_resp all
http_access allow cert_00 all
http_access allow cert_01 all
http_access allow cert_02 all
http_access allow pointplus all
http_access allow shockwave all
http_access allow appli_json all
http_access allow appli_cert all
http_access allow digstentry all
http_access allow ecmascript all
http_access allow fileuplod0 all
http_access allow fileuplod1 all
http_access allow fileuplod2 all
http_access allow fileuplod3 all
http_access allow fileuplod4 all
http_access allow fileuplod5 all
http_access allow fileuplod6 all
http_access allow fileuplod7 all
http_access allow fileuplod8 all
http_access allow gzip_compr all
http_access allow httpd_php0 all
http_access allow httpd_php1 all
http_access allow httpd_php2 all
http_access allow httpd_php3 all
http_access allow httpd_php4 all
http_access allow javascript all
http_access allow msdownload all
http_access allow oct_stream all
http_access allow rarcompres all
http_access allow upl_device all
http_access allow urlencoded all
http_access allow xhtml all
http_access allow x_m_l all
http_access allow postscript all
http_access allow atom_xml all
http_access allow director all
http_access allow dtd_m_l all
http_access allow java_m_l all
http_access allow futuresplash all
http_access allow wais_source all
http_access allow executable all
http_access allow shellscript all
http_access allow ns_paconfig all
# Apache mod_gzip and mod_deflate known to be broken so don't trust
# Apache to signal ETag correctly on such responses
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
#acl QUERY urlpath_regex cgi-bin \?
#http_access deny QUERY
#HTTP OPTIONS
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
##EOF##
djohn6000- DS Maniac
- Jumlah posting : 371
Join date : 31.05.11
Lokasi : Surabaya
Re: SQUID VIA ISPCE
liat setinganya kang djohn, merinding liatna,,mudah2n bisa tembus kang laporan menyusuldjohn6000 wrote:Menstabilkankan koneksi TERE via squid:
seperti kita ketahui proxy tere menggunakan squid 2.7stable3; dan telah menutup semua port kecuali port 80 (http); agar kita juga tidak gampang DC kita ikuti aja setting squid tere tsb; yaitu dgn menutup semua port kecuali port 80.
- share setting squid:
http_port 127.0.0.1:3128 tcpkeepalive=60,10,6
udp_incoming_address 127.0.0.1
server_http11 off
acl all src all
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 10/28 # RFC1918 possible internal network
acl relay src 192.88.99.0/24
acl interconnect src 198.18.0.0/15
acl manager proto cache_object
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl purge method PURGE
## port allowed
http_access deny !Safe_ports
http_access deny CONNECT
http_access deny CONNECT SSL_ports
acl download method GET HEAD
http_access allow download all
acl upload method POST PUT
http_access allow upload all
http_access allow manager localhost
http_access allow manager localnet
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access allow interconnect
http_access allow relay
http_access allow localnet
http_access allow localhost
http_access deny all
##===============proxy=======================
cache_peer 127.0.0.1 parent 8088 7 default proxy-only no-query no-digest allow-miss front-end-https=on
follow_x_forwarded_for allow localhost
##kalo ngga pasti kelimit proxynya
zph_mode tos
zph_local 0×30
zph_parent 0
zph_option 136
hierarchy_stoplist cgi-bin ?
nonhierarchical_direct off
# force all requests to go to the proxy chain
never_direct allow all
prefer_direct on
client_persistent_connections off
server_persistent_connections on
miss_access allow localhost
miss_access allow localnet
miss_access allow all
pid_filename c:/squid/logs/squid.pid
mime_table c:/squid/etc/mime.conf
coredump_dir c:/squid/var/tmp
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
logfile_rotate 1
cache_log C:/squid/logs/error.log
cache_access_log none
cache_store_log none
cache_mgr not_to_be_disturbed
client_db on
collapsed_forwarding off
detect_broken_pconn on
dns_defnames on
dns_retransmit_interval 2 seconds
dns_timeout 5 minutes
emulate_httpd_log off
forwarded_for transparent
half_closed_clients off
httpd_suppress_version_string on
ident_lookup_access deny all
incoming_rate 30
ignore_ims_on_miss on
ignore_unknown_nameservers on
ignore_expect_100 on
offline_mode off
pipeline_prefetch on
range_offset_limit -1
retry_on_error on
strip_query_terms off
shutdown_lifetime 5 seconds
retry_on_error on
uri_whitespace allow
visible_hostname localhost
windows_ipaddrchangemonitor off
## disable caching
acl QUERY urlpath_regex -i cgi-bin ? .php$ .asp$ .shtml$ .xhtml$ .cfm$ .cfml$ .phtml$ .php3$ localhost
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 0% 4320
acl static_content urlpath_regex -i \.(jpg|gif|png|css|js|axd)
header_access Cache-Control deny static_content
# Overriding caching settings if nocache=true option is set
refresh_pattern nocache=true 0 0% 0
# Overriding caching settings if edit=yes option is set
refresh_pattern edit=yes 0 0% 0
cache deny QUERY
cache_vary on
cache deny all
cache_dir null c:/squid/var/cache
## disable multicast icp
icp_port 0
htcp_port 0
htcp_access deny all
icp_access deny all
redirect_rewrites_host_header off
header_replace Host internet.tri.co.id
header_replace User-Agent Mozilla/5.0 (Win NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/7.0.1
##header_replace x-device-user-agent Mozilla/5.0 (Win NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
#header_access Host deny all
##-----------------------
## header list ( DENY all - ALLOW listed )
header_access Accept allow all
header_access Accept-Encoding allow all
header_access Accept-Language allow all
header_access Authorization allow all
header_access Cache-Control allow all
header_access Content-Disposition allow all
header_access Content-Encoding allow all
header_access Content-Length allow all
header_access Content-Location allow all
header_access Content-Range allow all
header_access Content-Type allow all
header_access Cookie allow all
header_access Expires allow all
header_access Forwarded-For allow all
header_access From allow all
header_access Host allow all
header_access If-Modified-Since allow all
header_access Location allow all
header_access Keep-Alive allow all
header_access Proxy-Connection allow all
header_access Range allow all
header_access Referer allow all
header_access Set-Cookie allow all
header_access Via allow all
header_access WWW-Authenticate allow all
header_access X-Cache allow all
header_access X-Cache-Lookup allow all
header_access X-Forwarder-For allow all
header_access x-nokia-localsocket allow all
header_access x-nokia-maxdownlinkbitrate allow all
header_access x-nokia-maxuplinkbitrate allow all
header_access x-nokia-remotesocket allow all
header_access x-up-proxy-enable-trust allow all
header_access X-Powered-By allow all
header_access X-Requested-With allow all
#header_access All deny all
acl appli_cert rep_mime_type -i ^application/x-x509-ca-cert
acl appli_json rep_mime_type -i ^application/json$
acl digstentry rep_mime_type -i ^application/x-up-digestentry$
acl ecmascript rep_mime_type -i ^application/x-ecmascript$
acl executable rep_mime_type -i ^application/x-executable$
acl fileuplod0 req_mime_type -i ^multipart/form-data$
acl fileuplod1 req_mime_type -i ^multipart/alternative$
acl fileuplod2 req_mime_type -i ^multipart/appledouble$
acl fileuplod3 req_mime_type -i ^multipart/digest$
acl fileuplod4 req_mime_type -i ^multipart/mixed$
acl fileuplod5 req_mime_type -i ^multipart/parallel$
acl fileuplod6 req_mime_type -i ^multipart/related$
acl fileuplod7 req_mime_type -i ^multipart/signed$
acl fileuplod8 req_mime_type -i ^multipart/encrypted$
acl gzip_compr rep_mime_type -i ^application/x-gzip-compressed$
acl javascript rep_mime_type -i ^application/x-javascript$
acl msdownload rep_mime_type -i ^application/x-msdownload$
acl oct_stream rep_mime_type -i ^application/octet-stream$
acl rarcompres rep_mime_type -i ^application/x-rar-compressed$
acl upl_device rep_mime_type -i ^application/x-up-device$
acl urlencoded rep_mime_type -i ^application/x-www-form-urlencoded$
acl postscript rep_mime_type -i ^application/postscript$
acl xhtml rep_mime_type -i ^application/xhtml+xml$
acl x_m_l rep_mime_type -i ^application/xml$
acl atom_xml rep_mime_type -i ^application/atom+xml$
acl dtd_m_l rep_mime_type -i ^application/xml-dtd$
acl math_m_l rep_mime_type -i ^application/mathml+xml$
acl director rep_mime_type -i ^application/x-director$
acl java_m_l rep_mime_type -i ^application/x-java-jnlp-file$
acl futuresplash rep_mime_type -i ^application/x-futuresplash$
acl wais_source rep_mime_type -i ^application/x-wais-source$
acl httpd_php0 req_mime_type -i ^application/x-httpd-cgi$
acl httpd_php1 req_mime_type -i ^application/x-httpd-php$
acl httpd_php2 req_mime_type -i ^application/x-httpd-php3$
acl httpd_php3 req_mime_type -i ^application/x-httpd-php3-source$
acl httpd_php4 req_mime_type -i ^application/x-httpd-php3-preprocessed$
acl shellscript req_mime_type -i ^application/x-shellscript$
acl ns_paconfig req_mime_type -i ^application/x-ns-proxy-autoconfig$
acl cert_00 req_mime_type -i ^application/pkix-cert$
acl cert_01 req_mime_type -i ^application/x-x509-ca-cert$
acl cert_02 req_mime_type -i ^application/x-x509-user-cert$
acl pointplus req_mime_type -i ^application/x-pointplus$
acl shockwave req_mime_type -i ^application/x-shockwave-flash$
acl ocsp_reqs req_mime_type -i ^application/ocsp-request$
acl ocsp_resp req_mime_type -i ^application/ocsp-response$
acl internet00 req_mime_type -i ^application/internet-property-stream$
acl internet01 req_mime_type -i ^application/x-internet-signup$
acl compressed req_mime_type -i ^application/x-compressed$
acl EDI_X12 req_mime_type -i ^application/EDI-X12$
acl EDIFACT req_mime_type -i ^application/EDIFACT$
http_access allow EDI_X12 all
http_access allow EDIFACT all
http_access allow internet00 all
http_access allow internet01 all
http_access allow compressed all
http_access allow ocsp_reqs all
http_access allow ocsp_resp all
http_access allow cert_00 all
http_access allow cert_01 all
http_access allow cert_02 all
http_access allow pointplus all
http_access allow shockwave all
http_access allow appli_json all
http_access allow appli_cert all
http_access allow digstentry all
http_access allow ecmascript all
http_access allow fileuplod0 all
http_access allow fileuplod1 all
http_access allow fileuplod2 all
http_access allow fileuplod3 all
http_access allow fileuplod4 all
http_access allow fileuplod5 all
http_access allow fileuplod6 all
http_access allow fileuplod7 all
http_access allow fileuplod8 all
http_access allow gzip_compr all
http_access allow httpd_php0 all
http_access allow httpd_php1 all
http_access allow httpd_php2 all
http_access allow httpd_php3 all
http_access allow httpd_php4 all
http_access allow javascript all
http_access allow msdownload all
http_access allow oct_stream all
http_access allow rarcompres all
http_access allow upl_device all
http_access allow urlencoded all
http_access allow xhtml all
http_access allow x_m_l all
http_access allow postscript all
http_access allow atom_xml all
http_access allow director all
http_access allow dtd_m_l all
http_access allow java_m_l all
http_access allow futuresplash all
http_access allow wais_source all
http_access allow executable all
http_access allow shellscript all
http_access allow ns_paconfig all
# Apache mod_gzip and mod_deflate known to be broken so don't trust
# Apache to signal ETag correctly on such responses
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
#acl QUERY urlpath_regex cgi-bin \?
#http_access deny QUERY
#HTTP OPTIONS
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
##EOF##
Re: SQUID VIA ISPCE
masih ke lempar juga kang djhon,, tantenya makin hari makin galak maen lempar mlu ,,,,,,
Halaman 3 dari 4 • 1, 2, 3, 4
Similar topics
» Share ISPCE setting
» (Share) Squid Proxy CCPB version Untuk Win XP
» {Share} Cara Nginstall Squid (Nggak perlu ngatur2 lagi !)
» (Share) Squid Proxy CCPB version Untuk Win XP
» {Share} Cara Nginstall Squid (Nggak perlu ngatur2 lagi !)
Halaman 3 dari 4
Permissions in this forum:
Anda tidak dapat menjawab topik
Sun Jul 21, 2019 12:45 am by Rulytea
» Jasa Olah Data SPSS
Sun Apr 16, 2017 11:58 am by partaidemokrat
» Ask: Membuat program berbasis android
Mon Apr 06, 2015 12:30 am by Damar
» New Jupiter MX King 150cc brow, berapa yah harga nya ?
Thu Dec 11, 2014 10:37 am by dadangherdiana
» MEMBUAT INJEK PROXY ITU MUDAH
Mon Nov 03, 2014 12:22 pm by djohn6000
» apa ada yang bisa bikin aplikasi penjualan pulsa android
Sun Oct 26, 2014 3:00 pm by gyokosaki
» Ayo Download Win XP SP4 (Versi Tidak Resmi) bagi Para Fans Setia Win XP
Mon Sep 08, 2014 12:57 pm by dytoshare
» [SHARE] Devil May Cry 4 PC (2008)
Fri Jun 13, 2014 2:55 am by cendolmu
» [SHARE] Enemy Front PC (2014)
Fri Jun 13, 2014 2:36 am by cendolmu