11.6. Proksi HTTP/FTP

Suatu proksi HTTP/FTP bertindak sebagai perantara untuk koneksi HTTP dan/atau FTP. Perannya ada dua:

Penyinggahan: dokumen-dokumen yang baru saja diunduh akan disalin secara lokal, yang menghindari pengunduhan berganda.
Server penyaringan: jika penggunaan proksi wajib (dan koneksi keluar diblokir kecuali mereka pergi melalui proksi), maka proksi dapat menentukan apakah permintaan tersebut dikabulkan.

Falcot Corp memilih Squid sebagai server proksi mereka.

11.6.1. Memasang

The squid ^[2] Debian package only contains the modular (caching) proxy. Turning it into a filtering server requires installing the additional squidguard package. In addition, squid-cgi provides a querying and administration interface for a Squid proxy.

Sebelum memasang, perlu dipastikan bahwa sistem dapat mengidentifikasi nama lengkap sendiri: hostname -f harus mengembalikan nama lengkap (termasuk domain). Jika tidak, maka berkas /etc/hosts harus disunting agar memuat nama lengkap dari sistem (misalnya, arrakis.falcot.com). Nama resmi komputer harus divalidasi dengan administrator jaringan untuk menghindari kemungkinan konflik nama.

11.6.2. Mengkonfigurasi sebuah Singgahan

Enabling the caching server feature is a simple matter of editing the /etc/squid/squid.conf configuration file and allowing machines from the local network to run queries through the proxy. The following example shows the modifications made by the Falcot Corp administrators:

Contoh 11.22. The /etc/squid/squid.conf file (excerpts)

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
include /etc/squid/conf.d/*

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed

acl our_networks src 192.168.1.0/24 192.168.2.0/24
http_access allow our_networks
http_access allow localhost
# And finally deny all other access to this proxy
http_access deny all

11.6.3. Mengkonfigurasi suatu Penyaring

squid itself does not perform the filtering; this action is delegated to squidGuard. The former must then be configured to interact with the latter. This involves adding the following directive to the /etc/squid/squid.conf file:

url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf

The /usr/lib/cgi-bin/squidGuard.cgi CGI program also needs to be installed, using /usr/share/doc/squidguard/examples/squidGuard.cgi.gz as a starting point. Required modifications to this script are the $proxy and $proxymaster variables (the name of the proxy and the administrator's contact email, respectively). The $image and $redirect variables should point to existing images representing the rejection of a query.

The filter is enabled with the service squid reload command. However, since the squidguard package does no filtering by default, it is the administrator's task to define the policy. This can be done by creating the /etc/squid/squidGuard.conf file (using /etc/squidguard/squidGuard.conf.default as template if required).

Basis data kerja harus dibuat ulang dengan update-squidguard setelah setiap perubahan berkas konfigurasi squidGuard (atau salah satu daftar domain atau URL yang disebutkan). Sintaks berkas konfigurasi didokumentasikan pada situs web berikut:

→ http://www.squidguard.org/Doc/configure.html

^[2] The squid3 package, providing Squid until Debian Jessie, is now a transitional package and will automatically install squid.

^[3] PICS has been superseded by the Protocol for Web Description Resources (POWDER system: https://www.w3.org/2009/08/pics_superseded.html.