Sunday, September 10, 2006

SQUID + QUOTA USER

Langkah instalasi squid untuk membatasi quota dengan pemakain username

Yang penulis coba adalah dengan menggunakan squid-2.5.STABLE2 dan squserlim-0.05 dan mysql Ver 14.7

- download squid-2.5.STABLE2.tar.gz dari http://www.squid-cache.org dan squserlim-0.05 dari

http://oobilling.ru/sq/squserlim-0.05/squserlim.html
- ektrak squserlim
myserver-nick$ tar -zxvf squserlim-0.05.tar.gz
- ekstrak squid
myserver-nick$ tar -zxvf squid-2.5.STABLE2.tar.gz
- edit client_side.c.add yang berada di direktori squserlim-0.05/etc/ tentukan folder data user yang akan kita simpan

(default di /etc/squid/users)
#define user_dir "/etc/squid/users"
- tambahkan ke dalam file client_side.c yang ada di direktori squid-2.5/src/client_side.c
myserver-nick$ cat squserlim-0.05/etc/client_side.c.add >> squid-2.5/src/client_side.c
- compile squid
myserver-nick$ cd squid-2.5
myserver-nick$ ./configure --prefix=/usr/local/squid
- edit kemudian compile rlimit.c di direktori squserlim-0.05/etc/redirect
myserver-nick$ make
- kopikan rlimit ke direktori /etc/squid/
- jalankan mysql
myserver-nick$ safe_mysqld &
- buat database dan table mysql untuk kebutuhan squserlim
- myserver-nick$ mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4 to server version: 4.1.11

create table if not exists sqlimits (
lim_id int unsigned not null primary key auto_increment,
lim_ip int unsigned not null unique,
lim_quota int unsigned not null,
lim_desc varchar(255) not null,
index(lim_ip));

create table if not exists sqlimits_auth (
lim_id int unsigned not null primary key auto_increment,
lim_username varchar(255) not null unique,
lim_quota int unsigned not null,
lim_desc varchar(255) not null,
index(lim_username));


- compile module mysql_auth

/*
* mysql_auth.c
*
* Copyright 1998 Frank Liu (frank@ctcqnx4.ctc.cummins.com)
* Distributed under the GPL
*
* 26 Sep 1999, version 2:
* 1. fixed a bug where A_TABLE is defined but never used.
* (thanks to luciano.ghezzi@linux.it)
* 2. now you can choose to use either clear text password or
* encrypted password in the MySQL table.
* 13 Nov 1998, version 1:
* initial release
* Needs to be compiled/linked with MySQL libs.
* Assuming MySQL header files are installed in /usr/local/mysql/include
* and MySQL libs in /usr/local/mysql/lib
*
* On my Linux box:
*
* cc -I /usr/local/mysql/include -O -o mysql_auth mysql_auth.c -L /usr/local/mysql/lib -lmysqlclient -lm
*
* Then modify the squid.conf to use this external auth program:
*
* authenticate_program /usr/local/squid/bin/mysql_auth
*
*/

#include
#include
#include
#include

/* comment out next line if you use clear text password in MySQL DB */
/* #define ENCRYPTED_PASS

/* can use NULL for localhost, current user, or no password */
#define DBHOST "localhost"
#define DBUSER "squid"
#define DB "dbsquid"
#define DBPASSWORD NULL

/* table for the user database for the squid authentication,
column names for auth username and auth password */
#define A_TABLE "user"
#define A_USERNAME "username"
#define A_PASSWORD "password"

#define BUFSIZE 256

int main(int argc, char *argv[])
{
char buf[BUFSIZE], qbuf[BUFSIZE];
char *p;
MYSQL mysql,*sock;
MYSQL_RES *res;

/* make standard output line buffered */
if (setvbuf(stdout, NULL, _IOLBF, 0) != 0)
return;

while (1) {
if (fgets(buf, BUFSIZE, stdin) == NULL)
break;
if ((p = strchr(buf, '\n')) != NULL)
*p = '\0'; /* strip \n */
if ((p = strchr(buf, ' ')) == NULL) {
(void) printf("ERR\n");
continue;
}

*p++ = '\0';

/* buf is username and p is password now */

mysql_init(&mysql);
if (!(sock = mysql_real_connect(&mysql, DBHOST, DBUSER, DBPASSWORD, DB, 0, 0, 0)))
{
/* couldn't connect to database server */
printf("ERR\n");
continue;
}

sprintf(qbuf, "select " A_USERNAME " from " A_TABLE " where "
A_USERNAME "='%s' and " A_PASSWORD

#ifdef ENCRYPTED_PASS
"=password('%s')", buf, p);
#else
"='%s'", buf, p);
#endif

if(mysql_query(sock,qbuf) || !(res=mysql_store_result(sock)))
{
/* query failed */
printf("ERR\n");
mysql_close(sock);
continue;
}
if ( res->row_count !=0 ) {
printf("OK\n");
} else
printf("ERR\n");

mysql_free_result(res);
mysql_close(sock);
}
exit(0);
}

myserver-nick$ gcc mysql_auth.c -o mysql_auth -I/usr/include/mysql -L/usr/lib/mysql -lm -lmysqlclient -lz

- konfigurasikan squid.conf dengan minimal config berikut

myserver-nick$ cat squid.conf
http_port 8080

cache_dir ufs /var/spool/squid 9000 32 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log

redirect_program /etc/squid/rlimit

auth_param basic program /usr/local/squid2/etc/mysql_auth
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

acl all src 0.0.0.0/0.0.0.0
acl passusers proxy_auth REQUIRED

http_access allow passusers
http_access deny all

http_reply_access allow all
icp_access allow all

- jalankan squid
myserver-nick$ /usr/local/squid/sbin/squid -z
myserver-nick$ /usr/local/squid/sbin/squid


tested by ivanx a.k.a ontalaut dan solehudin a.k.a mang oleh sambil udud dan ngaliwet

2 comments:

Anonymous said...

Mas...
saya gagal melakukan instalasi squid 2.6 stable12...gimana caranya membersihkan semua squid yang sudah terlanjur masuk di linux..tanpa harus melakukan instalasi ulang linux suse 10.0..maklum saya masih belajar.
apakah menggunakan MC untuk membersihkan satu persatu..?
Tks ya

Anonymous said...

anda menginstall dari paket manager atau manual, kalau anda install dari paket ya tinggal di rpm -e [nama squid]. Kalau install manual ya tinggal diingat tempat nyimpen filenya terus delete