SquidGuard: Instalasi di Ubuntu 16.04: Difference between revisions

From OnnoCenterWiki
Jump to navigationJump to search
← Older edit
Onnowpurbo (talk | contribs)
69,477 edits
Onnowpurbo (talk | contribs)
69,477 edits
No edit summary
Onnowpurbo (talk | contribs)
69,477 edits
 
(15 intermediate revisions by the same user not shown)
Line 1: Line 1:
==Squid==
==Squid==


sudo su
locale-gen id_ID.UTF-8
  apt update
  apt update
  sudo apt-get upgrade
  apt install squid3
sudo apt-get install squid3


==Konfigurasi squid==
==Konfigurasi squid==


Edit


  vi /etc/squid3/squid.conf
  vi /etc/squid/squid.conf


5. You can actually just copy and paste this into the squid.conf, everything is commented out.. Just change the hostname to the hostname of the server..
Tuning konfigurasi
visible_hostname your-machines-hostname
   
http_port 3128
# visible_hostname your-machines-hostname
cache_dir ufs /var/spool/squid 1000 16 256
# http_port 3128
cache_access_log /var/log/squid/access.log
# cache_dir ufs /var/spool/squid 1000 16 256
6. Add this also to your squid.conf “intranet” is just the name of the group you are making to allow access to the squid server. Make sure you use your IP range and correct subnet. You can make additional groups if needed, either to allow or deny them. The next is giving access to the group, “intranet”.
# cache_access_log /var/log/squid/access.log
acl intranet 10.50.0.0/32
http_access allow intranet
7. sudo service restart squid3


Now, you have a fully working squid server that is going to only allow the IP range of 10.50.0.0/32. If someone tries to connect to the proxy server in a different IP range, they will be blocked by the proxy. You can use this to limit access to certain departments and groups as well as set up times which they can allow internet access.. That is for a more in-depth guide.
# ijinkan localnet
To test your proxy with Firefox, go to options, Advance, Network, Connection Settings. Enter your proxy’s IP and proxy’s port number. Default port number is 3128 as we set in the squid.conf. If you want to use a different port number, edit it in the squid.conf under “http_port”.
acl localnet 192.168.0.0/16
http_access allow localnet


sudo service squid restart
/etc/init.d/squid restart


Now, it’s time to install SquidGuard!
Squid bisa digunakan pada port 3128
1.    sudo apt-get install squidguard
2.    sudo mkdir /opt/3rdparty
We are going to use the list from shalalist.de for “testing”, since it’s 100% free for non-commerical.  For a bigger and much more through blacklist, I use http://urlblacklist.com/. It’s free to try once, and has different pricing tiers for person/school/business.
3.    sudo wget http://www.shallalist.de/Downloads/shallalist.tar.gz
4.    sudo tar xzf shallalist.tar.gz
5.    sudo cp -a /opt/3rdparty/BL/porn/var/lib/squidguard/db
sudo cp -a /opt/3rdparty/BL/adv/var/lib/squidguard/db
sudo cp -a /opt/3rdparty/BL/spyware /var/lib/squidguard/db
6.    Add this to  /etc/squid3/squid.conf , type “sudo nano /etc/squid3/squid.conf”
url_rewrite_program /usr/bin/squidGuard
7.    sudo squidGuard -C all
8.    chown -R proxy:proxy /var/lib/squidguard/db
9.    Add this to my /etc/squid3/squid.conf  type, “sudo nano /etc/squid3/squid.conf”
url_rewrite_program /usr/bin/squidGuard


Now, we need to edit the squidGuard.conf
==Instalasi SquidGuard==


I recommend to make a backup of your squidGuard.conf then making a new one..
sudo su
1. sudo cp /etc/squidguard/squidGuard.conf /etc/squidGuard.conf.bak
apt install squidguard
2. sudo rm /etc/squidguard/squidGuard.conf
3.sudo nano /etc/suqidgurd/squidGuard.conf
Copy and paste this,
#
# CONFIG FILE FOR SQUIDGUARD
#
dbhome /usr/local/squidGuard/db
logdir /usr/local/squidGuard/logs
dest porn {
domainlist porn/domains
urllist porn/urls
}
dest adv {
domainlist adv/domains
urllist adv/urls
}
dest spyware {
domainlist spyware/domains
urllist spyware/urls
}
acl {
default {
pass !porn !adv !spyware all
redirect http://localhost/block.html
}
}
You can test your squidguard by doing a dry run
sudo echo "http://www.pornhub.com 10.50.55.10/- - GET" | squidGuard -c /etc/squidguard/squidGuard.conf –d


You should see,
Sumber blacklist
squidGuard ready for requests
squidGuard stopped
If there are errors, it will tell you.. The most likely errors you’ll run into are permission issues.. If it gives you permission issues with your database, make sure that you set the user and group named “proxy” ownership. You can tell that by “sudo ls -l /var/lib/squidguard/db*”


You can now use the Firefox browser you setup to use with your proxy server to make sure you are blocking porn and ads. For better protection, I recommend using the blacklist from, http://urlblacklist.com/
  http://urlblacklist.com/ '''RECOMMENDED, tapi bayar:)''''
http://www.shallalist.de


Download


sudo su
cd /usr/local/src
wget http://www.shallalist.de/Downloads/shallalist.tar.gz
tar zxvf shallalist.tar.gz
cp -a BL/porn /var/lib/squidguard/db
cp -a BL/adv /var/lib/squidguard/db
cp -a BL/spyware /var/lib/squidguard/db
Edit squid.conf
vi /etc/squid/squid.conf
Tambahkan
url_rewrite_program /usr/bin/squidGuard
Cek
sudo squidGuard -C all
chown -R proxy:proxy /var/lib/squidguard/db
sudo ls -l /var/lib/squidguard/db*
==Konfigurasi==
Edit squidguard.conf
sudo su
cp /etc/squidguard/squidGuard.conf /etc/squidguard/squidGuard.conf.asli
vi /etc/squidguard/squidGuard.conf
Pastikan
dbhome /var/lib/squidguard/db
logdir /var/log/squidguard
src bar-clients {
        ip              192.168.0.0/16
}
dest porn {
        domainlist      porn/domains
        urllist        porn/urls
#      expressionlist  porn/expressions
}
acl {
        default {
                pass    local none !porn
                redirect http://admin.foo.bar.de/cgi-bin/blocked.cgi?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u
        }
}
==Restart==
squidGuard -c /etc/squidguard/squidGuard.conf -d
2017-06-23 10:28:56 [3410] INFO: New setting: dbhome: /var/lib/squidguard/db
2017-06-23 10:28:56 [3410] INFO: New setting: logdir: /var/log/squidguard
2017-06-23 10:28:56 [3410] Added User: root
2017-06-23 10:28:56 [3410] Added User: foo
2017-06-23 10:28:56 [3410] Added User: bar
2017-06-23 10:28:56 [3410] destblock good missing active content, set inactive
2017-06-23 10:28:56 [3410] destblock local missing active content, set inactive
2017-06-23 10:28:56 [3410] init domainlist /var/lib/squidguard/db/porn/domains
2017-06-23 10:29:23 [3410] init urllist /var/lib/squidguard/db/porn/urls
2017-06-23 10:29:23 [3410] INFO: squidGuard 1.5 started (1498188536.439)
2017-06-23 10:29:23 [3410] INFO: squidGuard ready for requests (1498188563.660)
/etc/init.d/squid restart
==Test==
Test squidguard, jalankan
sudo echo "http://www.pornhub.com 10.50.55.10/- - GET" | squidGuard -c /etc/squidguard/squidGuard.conf –d
Akan terlihat,
squidGuard ready for requests
squidGuard stopped


==Referensi==
==Referensi==


* https://www.neowin.net/forum/topic/1272584-guide-setup-squid-and-squidguard-with-ubuntu-server-14041-lts/
* https://www.neowin.net/forum/topic/1272584-guide-setup-squid-and-squidguard-with-ubuntu-server-14041-lts/

Latest revision as of 03:30, 23 June 2017

Squid

sudo su
locale-gen id_ID.UTF-8
apt update
apt install squid3

Konfigurasi squid

Edit 

vi /etc/squid/squid.conf

Tuning konfigurasi 

# visible_hostname your-machines-hostname
# http_port 3128
# cache_dir ufs /var/spool/squid 1000 16 256
# cache_access_log /var/log/squid/access.log

# ijinkan localnet
acl localnet 192.168.0.0/16
http_access allow localnet

sudo service squid restart
/etc/init.d/squid restart

Squid bisa digunakan pada port 3128

Instalasi SquidGuard

sudo su
apt install squidguard

Sumber blacklist 

http://urlblacklist.com/ RECOMMENDED, tapi bayar:)'
http://www.shallalist.de

Download 

sudo su
cd /usr/local/src
wget http://www.shallalist.de/Downloads/shallalist.tar.gz
tar zxvf shallalist.tar.gz
cp -a BL/porn /var/lib/squidguard/db
cp -a BL/adv /var/lib/squidguard/db
cp -a BL/spyware /var/lib/squidguard/db

Edit squid.conf 

vi /etc/squid/squid.conf

Tambahkan 

url_rewrite_program /usr/bin/squidGuard

Cek 

sudo squidGuard -C all
chown -R proxy:proxy /var/lib/squidguard/db
sudo ls -l /var/lib/squidguard/db*

Konfigurasi

Edit squidguard.conf 

sudo su
cp /etc/squidguard/squidGuard.conf /etc/squidguard/squidGuard.conf.asli
vi /etc/squidguard/squidGuard.conf

Pastikan 

dbhome /var/lib/squidguard/db
logdir /var/log/squidguard

src bar-clients {
        ip              192.168.0.0/16
}

dest porn {
        domainlist      porn/domains
        urllist         porn/urls
#       expressionlist  porn/expressions
}

acl {
        default {
                pass     local none !porn
                redirect http://admin.foo.bar.de/cgi-bin/blocked.cgi?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u
        }
}

Restart

squidGuard -c /etc/squidguard/squidGuard.conf -d

2017-06-23 10:28:56 [3410] INFO: New setting: dbhome: /var/lib/squidguard/db
2017-06-23 10:28:56 [3410] INFO: New setting: logdir: /var/log/squidguard
2017-06-23 10:28:56 [3410] Added User: root
2017-06-23 10:28:56 [3410] Added User: foo
2017-06-23 10:28:56 [3410] Added User: bar
2017-06-23 10:28:56 [3410] destblock good missing active content, set inactive
2017-06-23 10:28:56 [3410] destblock local missing active content, set inactive
2017-06-23 10:28:56 [3410] init domainlist /var/lib/squidguard/db/porn/domains
2017-06-23 10:29:23 [3410] init urllist /var/lib/squidguard/db/porn/urls
2017-06-23 10:29:23 [3410] INFO: squidGuard 1.5 started (1498188536.439)
2017-06-23 10:29:23 [3410] INFO: squidGuard ready for requests (1498188563.660)

/etc/init.d/squid restart

Test

Test squidguard, jalankan 

sudo echo "http://www.pornhub.com 10.50.55.10/- - GET" | squidGuard -c /etc/squidguard/squidGuard.conf –d

Akan terlihat, 

squidGuard ready for requests 
squidGuard stopped

Referensi

Retrieved from "https://lms.onnocenter.or.id/wiki/index.php?title=SquidGuard:_Instalasi_di_Ubuntu_16.04&oldid=48886"