Sunday, September 10, 2006

SQUID + QUOTA USER

Langkah instalasi squid untuk membatasi quota dengan pemakain username

Yang penulis coba adalah dengan menggunakan squid-2.5.STABLE2 dan squserlim-0.05 dan mysql Ver 14.7

- download squid-2.5.STABLE2.tar.gz dari http://www.squid-cache.org dan squserlim-0.05 dari

http://oobilling.ru/sq/squserlim-0.05/squserlim.html
- ektrak squserlim
myserver-nick$ tar -zxvf squserlim-0.05.tar.gz
- ekstrak squid
myserver-nick$ tar -zxvf squid-2.5.STABLE2.tar.gz
- edit client_side.c.add yang berada di direktori squserlim-0.05/etc/ tentukan folder data user yang akan kita simpan

(default di /etc/squid/users)
#define user_dir "/etc/squid/users"
- tambahkan ke dalam file client_side.c yang ada di direktori squid-2.5/src/client_side.c
myserver-nick$ cat squserlim-0.05/etc/client_side.c.add >> squid-2.5/src/client_side.c
- compile squid
myserver-nick$ cd squid-2.5
myserver-nick$ ./configure --prefix=/usr/local/squid
- edit kemudian compile rlimit.c di direktori squserlim-0.05/etc/redirect
myserver-nick$ make
- kopikan rlimit ke direktori /etc/squid/
- jalankan mysql
myserver-nick$ safe_mysqld &
- buat database dan table mysql untuk kebutuhan squserlim
- myserver-nick$ mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4 to server version: 4.1.11

create table if not exists sqlimits (
lim_id int unsigned not null primary key auto_increment,
lim_ip int unsigned not null unique,
lim_quota int unsigned not null,
lim_desc varchar(255) not null,
index(lim_ip));

create table if not exists sqlimits_auth (
lim_id int unsigned not null primary key auto_increment,
lim_username varchar(255) not null unique,
lim_quota int unsigned not null,
lim_desc varchar(255) not null,
index(lim_username));


- compile module mysql_auth

/*
* mysql_auth.c
*
* Copyright 1998 Frank Liu (frank@ctcqnx4.ctc.cummins.com)
* Distributed under the GPL
*
* 26 Sep 1999, version 2:
* 1. fixed a bug where A_TABLE is defined but never used.
* (thanks to luciano.ghezzi@linux.it)
* 2. now you can choose to use either clear text password or
* encrypted password in the MySQL table.
* 13 Nov 1998, version 1:
* initial release
* Needs to be compiled/linked with MySQL libs.
* Assuming MySQL header files are installed in /usr/local/mysql/include
* and MySQL libs in /usr/local/mysql/lib
*
* On my Linux box:
*
* cc -I /usr/local/mysql/include -O -o mysql_auth mysql_auth.c -L /usr/local/mysql/lib -lmysqlclient -lm
*
* Then modify the squid.conf to use this external auth program:
*
* authenticate_program /usr/local/squid/bin/mysql_auth
*
*/

#include
#include
#include
#include

/* comment out next line if you use clear text password in MySQL DB */
/* #define ENCRYPTED_PASS

/* can use NULL for localhost, current user, or no password */
#define DBHOST "localhost"
#define DBUSER "squid"
#define DB "dbsquid"
#define DBPASSWORD NULL

/* table for the user database for the squid authentication,
column names for auth username and auth password */
#define A_TABLE "user"
#define A_USERNAME "username"
#define A_PASSWORD "password"

#define BUFSIZE 256

int main(int argc, char *argv[])
{
char buf[BUFSIZE], qbuf[BUFSIZE];
char *p;
MYSQL mysql,*sock;
MYSQL_RES *res;

/* make standard output line buffered */
if (setvbuf(stdout, NULL, _IOLBF, 0) != 0)
return;

while (1) {
if (fgets(buf, BUFSIZE, stdin) == NULL)
break;
if ((p = strchr(buf, '\n')) != NULL)
*p = '\0'; /* strip \n */
if ((p = strchr(buf, ' ')) == NULL) {
(void) printf("ERR\n");
continue;
}

*p++ = '\0';

/* buf is username and p is password now */

mysql_init(&mysql);
if (!(sock = mysql_real_connect(&mysql, DBHOST, DBUSER, DBPASSWORD, DB, 0, 0, 0)))
{
/* couldn't connect to database server */
printf("ERR\n");
continue;
}

sprintf(qbuf, "select " A_USERNAME " from " A_TABLE " where "
A_USERNAME "='%s' and " A_PASSWORD

#ifdef ENCRYPTED_PASS
"=password('%s')", buf, p);
#else
"='%s'", buf, p);
#endif

if(mysql_query(sock,qbuf) || !(res=mysql_store_result(sock)))
{
/* query failed */
printf("ERR\n");
mysql_close(sock);
continue;
}
if ( res->row_count !=0 ) {
printf("OK\n");
} else
printf("ERR\n");

mysql_free_result(res);
mysql_close(sock);
}
exit(0);
}

myserver-nick$ gcc mysql_auth.c -o mysql_auth -I/usr/include/mysql -L/usr/lib/mysql -lm -lmysqlclient -lz

- konfigurasikan squid.conf dengan minimal config berikut

myserver-nick$ cat squid.conf
http_port 8080

cache_dir ufs /var/spool/squid 9000 32 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log

redirect_program /etc/squid/rlimit

auth_param basic program /usr/local/squid2/etc/mysql_auth
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

acl all src 0.0.0.0/0.0.0.0
acl passusers proxy_auth REQUIRED

http_access allow passusers
http_access deny all

http_reply_access allow all
icp_access allow all

- jalankan squid
myserver-nick$ /usr/local/squid/sbin/squid -z
myserver-nick$ /usr/local/squid/sbin/squid


tested by ivanx a.k.a ontalaut dan solehudin a.k.a mang oleh sambil udud dan ngaliwet