07 April 2012

CARA  MEMBUAT TEKS AREA

CARA MEMBUAT TEKS AREA

Assalam mualaikum wwb

My post this time about making the text area dib log.teks area which I will post this other tanpil from the usual text area, text area is really very interesting sekali.kalau his usual text area like this (example)


and below it the script text area ......
how>>>> you can just copy paste in the text that is in his area and like it so its his text area


 





 

 

06 April 2012

Mikrotik dengan 2 Line Speedy + Proxy

Mikrotik dengan 2 Line Speedy + Proxy

Topologi ini dibuat atas pertanyaaan seorang pengunjung blog ini yang menginginkan settingan 2 line speedy dalam satu mikrotik dan Proxy. Settingan ini hanya basic setting yang sebelumnya sudah penulis posting pada kategori SIMPLE LOAD BALANCING MIKROTIK, silakan dibaca dan dipelajari kembali.
Berikut ini topologinya :

Keterangan :
Keterangan :
1. Sebaiknya ip di Mikrotik di set static IP
2. Proxy hanya diinstall paket/modul squid saja tentang settingan squid lihat di posting sebelumnya tetapi untuk yang satu ini sebaiknya tidak perlu di setting untuk blocking, cukup setting squid.conf nya aja hilangkan blocking sex
3. set ip gateway di mikrotik satu deret seperti dibawah ini:
Mikrotik> ip route add gateway 192.168.1.1 192.168.1.2
atau melalui winbox klik menu IP Route, posisi 192.168.1.1 192.168.1.2 harus satu baris. Jika sudah ada 2 baris disable yang baris kedua, kemudian tambahkan dengan mengklik tanda panah kecil pada gateway pertama sehingga akan ada 2 ip gateway dalam satu baris. Ini dimaksudkan network akan meresolv gateway otomatis mana yang kosong
3.set mangle seperti ini:
/ip firewall mangle add chain=prerouting src-address=10.10.10.0/24 protocol=icmp action=mark-connection new-connection-mark=ICMP-CM passthrough=yes
/ip firewall mangle add chain=prerouting connection-mark=ICMP-CM action=mark-packet new-packet-mark=ICMP-PM passthrough=yes
/ip firewall mangle add chain=prerouting packet-mark=ICMP-PM action=change-tos new-tos=min-delay
/ip firewall mangle add chain=prerouting src-address=10.10.10.0/24 protocol=tcp dst-port=53 action=mark-connection new-connection-mark=DNS-CM passthrough=yes
/ip firewall mangle add chain=prerouting src-address=10.10.10.0/24 protocol=udp dst-port=53 action=mark-connection new-connection-mark=DNS-CM passthrough=yes
/ip firewall mangle add chain=prerouting connection-mark=DNS-CM action=mark-packet new-packet-mark=DNS-PM passthrough=yes
/ip firewall mangle add chain=prerouting packet-mark=DNS-PM action=change-tos new-tos=min-delay
/ip firewall mangle add chain=forward src-address= 10.10.10.0/24 action=mark-connection new-connection-mark=NET1-CM
/ip firewall mangle add connection-mark=NET1-CM action=mark-packet new-packet-mark=NET1-PM chain=forward
4. Setting queue tree :
a. klik tanda +, name isikan Download, Parent =eth3 Packet Marks=NET1-PM
b. klik tanda +, name isikan Upload, Parent =eth1 Packet Marks=NET1-PM
5. Firewall NAT masing-masing IP eth1 dan 2 di masquerade
/ip firewall filter nat add action=masquerade chain=srcnat comment=”Added by webbox” disabled=no \
out-interface=ether1
/ip firewall filter nat add action=masquerade chain=srcnat comment=”Added by webbox” disabled=no \
out-interface=ether2
6.Selanjutnya setting proxy anda.
Selamat mencoba dan meng”oprek”
 

05 April 2012

hit proxy

hit proxy

  1. /ip firewall mangle
  2. add action=mark-packet chain=prerouting comment="HIT DSCP 12" disabled=no dscp=12 new-packet-mark=HIT passthrough=no
  3. add action=mark-packet chain=prerouting comment="L7-HIT PROXY" disabled=no layer7-protocol=Httphit new-packet-mark=Hit-L7 passthrough=no
  4. add action=mark-packet chain=prerouting comment=L7-MISS disabled=no layer7-protocol=httpmisses new-packet-mark=missproxy-L7 passthrough=no
  5. add action=mark-connection chain=prerouting comment="--------------------------NTH Local------------------------" connection-state=new disabled=no in-interface=Local new-connection-mark=spidi1 nth=3,1 passthrough=yes
  6. add action=mark-routing chain=prerouting comment="" connection-mark=spidi1 disabled=no in-interface=Local new-routing-mark=pppoe_1 passthrough=no
  7. add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no in-interface=Local new-connection-mark=spidi2 nth=3,2 passthrough=yes
  8. add action=mark-routing chain=prerouting comment="" connection-mark=spidi2 disabled=no in-interface=Local new-routing-mark=pppoe_2 passthrough=no
  9. add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no in-interface=Local new-connection-mark=spidi3 nth=3,3 passthrough=yes
  10. add action=mark-routing chain=prerouting comment="" connection-mark=spidi3 disabled=no in-interface=Local new-routing-mark=pppoe_3 passthrough=no
  11. add action=mark-connection chain=prerouting comment="--------------------------NTH Proxy------------------------" connection-state=new disabled=no in-interface=Proxy new-connection-mark=spidi1 nth=3,1 passthrough=yes
  12. add action=mark-routing chain=prerouting comment="" connection-mark=spidi1 disabled=no in-interface=Proxy new-routing-mark=pppoe_1 passthrough=no
  13. add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no in-interface=Proxy new-connection-mark=spidi2 nth=3,2 passthrough=yes
  14. add action=mark-routing chain=prerouting comment="" connection-mark=spidi2 disabled=no in-interface=Proxy new-routing-mark=pppoe_2 passthrough=no
  15. add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no in-interface=Proxy new-connection-mark=spidi3 nth=3,3 passthrough=yes
  16. add action=mark-routing chain=prerouting comment="" connection-mark=spidi3 disabled=no in-interface=Proxy new-routing-mark=pppoe_3 passthrough=no
  17. /ip firewall nat
  18. add action=masquerade chain=srcnat comment=Masquerade disabled=no out-interface=pppoe_1
  19. add action=masquerade chain=srcnat comment="" disabled=no out-interface=pppoe_2
  20. add action=masquerade chain=srcnat comment="" disabled=no out-interface=pppoe_3
  21. add action=masquerade chain=srcnat comment="" disabled=no out-interface=Proxy
  22. add action=redirect chain=dstnat comment="By Pass DNS PROXIESS >>DIRECT" disabled=yes dst-port=53 protocol=udp to-ports=53
  23. add action=redirect chain=dstnat comment="" disabled=yes dst-port=53 protocol=tcp to-ports=53
  24. add action=dst-nat chain=dstnat comment="TRANSPARENT PROXY disable this to bypass squid" disabled=no dst-port=80,8080,3128 protocol=tcp src-address=10.20.30.0/24 src-address-list=Local to-addresses=192.168.10.2 to-ports=3128
  25. add action=dst-nat chain=dstnat comment="PROXY NAT" disabled=no dst-address=10.20.30.200 dst-port=22,81,10000 in-interface=Local protocol=tcp to-addresses=192.168.10.2
  26. add action=dst-nat chain=dstnat comment="TRANSPARENT DNS" disabled=no dst-port=53 in-interface=Local protocol=udp to-addresses=192.168.10.2 to-ports=53
  27. add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 in-interface=Local protocol=tcp to-addresses=192.168.10.2 to-ports=53
  28. add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 in-interface=Proxy protocol=udp to-ports=53
  29. add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 in-interface=Proxy protocol=tcp to-ports=53
  30. add action=dst-nat chain=dstnat comment="DMZ 1" disabled=no dst-port=81,22 in-interface=pppoe_1 protocol=tcp to-addresses=192.168.10.2
  31. add action=dst-nat chain=dstnat comment="DMZ 2" disabled=no dst-port=81,22 in-interface=pppoe_2 protocol=tcp to-addresses=192.168.10.2
  32. add action=dst-nat chain=dstnat comment="REMOTE OP" disabled=no dst-port=5900 in-interface=pppoe_2 protocol=tcp to-addresses=10.20.30.230
  33. add action=dst-nat chain=dstnat comment="DMZ ------- CHECK BEFORE ENABLED" disabled=yes dst-address=192.168.10.2 dst-port=81,22,21 in-interface=pppoe_3 protocol=tcp to-addresses=192.168.10.2
  34. add action=dst-nat chain=dstnat comment="" disabled=yes dst-address=192.168.10.2 dst-port=81,22,21 in-interface=pppoe_2 protocol=tcp to-addresses=192.168.10.2
     
     RAW Paste Data
     
     /ip firewall mangle
    add action=mark-packet chain=prerouting comment="HIT DSCP 12" disabled=no dscp=12 new-packet-mark=HIT passthrough=no
    add action=mark-packet chain=prerouting comment="L7-HIT PROXY" disabled=no layer7-protocol=Httphit new-packet-mark=Hit-L7 passthrough=no
    add action=mark-packet chain=prerouting comment=L7-MISS disabled=no layer7-protocol=httpmisses new-packet-mark=missproxy-L7 passthrough=no
    add action=mark-connection chain=prerouting comment="--------------------------NTH Local------------------------" connection-state=new disabled=no in-interface=Local new-connection-mark=spidi1 nth=3,1 passthrough=yes
    add action=mark-routing chain=prerouting comment="" connection-mark=spidi1 disabled=no in-interface=Local new-routing-mark=pppoe_1 passthrough=no
    add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no in-interface=Local new-connection-mark=spidi2 nth=3,2 passthrough=yes
    add action=mark-routing chain=prerouting comment="" connection-mark=spidi2 disabled=no in-interface=Local new-routing-mark=pppoe_2 passthrough=no
    add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no in-interface=Local new-connection-mark=spidi3 nth=3,3 passthrough=yes
    add action=mark-routing chain=prerouting comment="" connection-mark=spidi3 disabled=no in-interface=Local new-routing-mark=pppoe_3 passthrough=no
    add action=mark-connection chain=prerouting comment="--------------------------NTH Proxy------------------------" connection-state=new disabled=no in-interface=Proxy new-connection-mark=spidi1 nth=3,1 passthrough=yes
    add action=mark-routing chain=prerouting comment="" connection-mark=spidi1 disabled=no in-interface=Proxy new-routing-mark=pppoe_1 passthrough=no
    add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no in-interface=Proxy new-connection-mark=spidi2 nth=3,2 passthrough=yes
    add action=mark-routing chain=prerouting comment="" connection-mark=spidi2 disabled=no in-interface=Proxy new-routing-mark=pppoe_2 passthrough=no
    add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no in-interface=Proxy new-connection-mark=spidi3 nth=3,3 passthrough=yes
    add action=mark-routing chain=prerouting comment="" connection-mark=spidi3 disabled=no in-interface=Proxy new-routing-mark=pppoe_3 passthrough=no
    /ip firewall nat
    add action=masquerade chain=srcnat comment=Masquerade disabled=no out-interface=pppoe_1
    add action=masquerade chain=srcnat comment="" disabled=no out-interface=pppoe_2
    add action=masquerade chain=srcnat comment="" disabled=no out-interface=pppoe_3
    add action=masquerade chain=srcnat comment="" disabled=no out-interface=Proxy
    add action=redirect chain=dstnat comment="By Pass DNS PROXIESS >>DIRECT" disabled=yes dst-port=53 protocol=udp to-ports=53
    add action=redirect chain=dstnat comment="" disabled=yes dst-port=53 protocol=tcp to-ports=53
    add action=dst-nat chain=dstnat comment="TRANSPARENT PROXY disable this to bypass squid" disabled=no dst-port=80,8080,3128 protocol=tcp src-address=10.20.30.0/24 src-address-list=Local to-addresses=192.168.10.2 to-ports=3128
    add action=dst-nat chain=dstnat comment="PROXY NAT" disabled=no dst-address=10.20.30.200 dst-port=22,81,10000 in-interface=Local protocol=tcp to-addresses=192.168.10.2
    add action=dst-nat chain=dstnat comment="TRANSPARENT DNS" disabled=no dst-port=53 in-interface=Local protocol=udp to-addresses=192.168.10.2 to-ports=53
    add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 in-interface=Local protocol=tcp to-addresses=192.168.10.2 to-ports=53
    add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 in-interface=Proxy protocol=udp to-ports=53
    add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 in-interface=Proxy protocol=tcp to-ports=53
    add action=dst-nat chain=dstnat comment="DMZ 1" disabled=no dst-port=81,22 in-interface=pppoe_1 protocol=tcp to-addresses=192.168.10.2
    add action=dst-nat chain=dstnat comment="DMZ 2" disabled=no dst-port=81,22 in-interface=pppoe_2 protocol=tcp to-addresses=192.168.10.2
    add action=dst-nat chain=dstnat comment="REMOTE OP" disabled=no dst-port=5900 in-interface=pppoe_2 protocol=tcp to-addresses=10.20.30.230
    add action=dst-nat chain=dstnat comment="DMZ ------- CHECK BEFORE ENABLED" disabled=yes dst-address=192.168.10.2 dst-port=81,22,21 in-interface=pppoe_3 protocol=tcp to-addresses=192.168.10.2
    add action=dst-nat chain=dstnat comment="" disabled=yes dst-address=192.168.10.2 dst-port=81,22,21 in-interface=pppoe_2 protocol=tcp to-addresses=192.168.10.2
Redirect ke Web Tertentu Setelah Login Hotspot Mikrotik

Redirect ke Web Tertentu Setelah Login Hotspot Mikrotik

Banyak yang menanyakan permasalahan ini walaupun di forummikrotik.com sudah dibahas dengan detail. Tepatnya DISINI. Tutorial tersebut di posting oleh agan Arlinet. Jangan lupa kasih cendol beliau kalo menggunakan tutorial ini..hehe.
Langkah untuk Redirect ke Web Tertentu Setelah Login Hotspot Mikrotik adalah sebagai berikut :
  1. Login ke router mikrotik via ftp
  2. Cari File alogin.html di folder hotspot copy file tersebut ke folder komputer agan, jangan lupa buat file backup.
  3. Buka dan Edit sedikit script file tersebut. Sebagai contoh User akan Agan redirect ke google.com. Perhatikan script dibawah ini
  4. Scrip alogin asli : <title>mikrotik hotspot > redirect</title>
    <meta http-equiv=”refresh” content=”2; url=$(link-redirect)”>
    <meta http-equiv=”Content-Type” content=”text/html; charset=iso-8859-1″>
    <meta http-equiv=”pragma” content=”no-cache”>
    <meta http-equiv=”expires” content=”-1″>
  5. Dirubah menjadi :<title>mikrotik hotspot > redirect</title>
    <meta http-equiv=”refresh” content=”0; url=http://www.google.co.id”>
    <meta http-equiv=”Content-Type” content=”text/html; charset=iso-8859-1″>
    <meta http-equiv=”pragma” content=”no-cache”>
    <meta http-equiv=”expires” content=”-1″>
    <style type=”text/css”>
  6. Link harus Anda tulis lengkap dengan “http://” Karena kalo tidak url yang dituju malah menjadi “http://iprouter/www.google.com”
  7. Edit Juga script berikut : location.href = ‘$(link-redirect)’; menjadi  location.href = ‘http://www.google.com’;
  8. Simpan File alogin.html yang telah di edit tadi ke folder hotspot dan terakhir cek hasil editing Agan.
Cukup sekian tip & trik hari ini sampai jumpa di posting berikutnya.



sumber:http://kurei.wordpress.com/2010/09/25/redirect-ke-web-tertentu-setelah-login-hotspot-mikrotik/
Block Site, Stop Download, & Pengaturan Jam Akses dengan Mikrotikâ„¢ Via Winbox

Block Site, Stop Download, & Pengaturan Jam Akses dengan Mikrotik™ Via Winbox

Disini saya akan menjelaskan tentang bagaimana melakukan block website, kemudian menghentikan user yang download. Dan terakhir tentang pengaturan Jam akses untuk web tertentu semisal facebook di jam kerja. Anda tinggal menyesuaikan saja nantinya dengan kondisi network Anda.
Mas…Mas..Mas yang di pojok..tolong perhatikan mas..dari tadi saya liat ribut mulu. Kalo ngupil jangan pake obeng mas..kasian obengnya..
Oke lanjut..pertama adalah melakukan block website menggunakan proxy. Untuk cara setting sudah pernah saya bahas di halaman ini . Baca dulu mas..jangan banyak nanya..makanya kalo ada pelajaran perhatiin dong.
Setelah Anda melakukan setting proxy seperti artikel yang saya bahas sebelumnya Anda bisa melakukan block website melalui menu Access.
  1. Buka menu IP –> Web Proxy –> Tab Access.
  2. Src. Address adalah sumber ip yang akan mengakses. Jika Anda ingin memblok user dengan ip 192.168.1.3 saja misalnya, Anda bisa isi Src. Address tersebut dengan IP 192.168.1.3 .
  3. Dst. Address adalah alamat yang dituju.
  4. Dst.Host isi dengan host yang dituju, bisa juga dengan menggunakan tanda *, misal *facebook*
  5. Dst.Port adalah tujuan port yang akan di akses. Jika Anda ingin memblok email, Anda bisa blok port SMTP di prot 25 misalnya. Atau FTP di port 21.
  6. Method adalah metode komunikasi yang dilakukan oleh browser.
  7. Action : Aksi yang akan ditempuh, di lewatkan atau di tolak.
  8. Redirect To : Membelokkan tujuan ke alamat tertentu, misal www.google.com
  9. Nah sekarang, Untuk menghentikan download berdasarkan extensi file tertentu :
  10. Path disini bisa ditentukan misal : *.exe , *.zip , *.rar , *.3gp
Heh…kenapa itu bilik 21 gerak-gerak…mas..mbak..pada ngapain disitu..WOOOII..keluar..
WOOH..kalian ini masih pelajar udah kayak gini…mau apa lo kalo udah gede ?? Kalian ini bukanya cari ilmu malah adu ilmu..
Sini Lo…yang cowok..sini…Lu udah bisa cari duit ?? Lo udah bisa ngidupin anak istri ?? JAWAAB ..
Kamu..yang cewek…kalo lu hamil trus cowok lu ga tanggung jawab lu bisa ngapain ..?? CUMAN NANGIS ??.. bunuh diri ?? atau malah bunuh bayi Lo??
Inget iklan di TIPI .. BUAT ANAK KOQ COBA – COBA
Kalo gue punya kuasa, cowok yang ga tanggung jawab udah gue iket di kursi, gue potong anunya, gue colok matanya, trus gue kulitin mukanya.  Terus gue biarin hidup selama mungkin.
Bang..bang tukang parkir…bang jualan bakso..pentungin aja nih anak..yang cewek biar ane amanin.. Ni bang pentungannya…linggis ga ada bang !!  Martil aja deh…
Ehm…maaf mas..tadi ada sedikit gangguan..sampai dimana tadi…Oiya..stop downloading. Sekarang Lanjut ke Tips berikutnya
Block Menggunakan Firewall Berdasarkan IP Address
Nah sekarang bagimana kalo block menggunakan Firewall. Ketika Anda menggunakan Firewall, Anda bisa menggunakan fitur Filter. Masuk ke IP — >Firewall –> Tab Filter. Contoh dibawah ini menge-block website dengan IP 74.125.235.18.

Daftar IP facebook :
69.63.189.16
69.63.181.11
69.63.181.12
69.63.189.11
69.63.176.13
69.63.181.15
69.63.184.142
69.63.187.17
69.63.187.18
69.63.187.19
Block Berdasarkan Content Menggunakan Firewall
Tadi kan berdasarkan IP, lalu bagaimana kalo berdasarkan konten seperti misalnya www.facebook.com ? Tidak masalah, ketika Anda membuat Filter Rule baru, masuk ke Tab Advanced, nah di situ ada opsi Content. Opsi tersebut bisa diisi dengan alamat web.

Langkah diatas adalah bagai mana cara untuk melakukan block menggunakan firewall. Untuk Pengaturan hak akses,  Anda tinggal mengeblock seperti langkah diatas, Namun Anda harus menambahkan parameter time untuk mengatur jam dimana rule tersebut active. Parameter Time bisa Anda tentukan di tab Extra.

Time : adalah waktu dimana rule block tersebut active, contoh diatas mulai dari jam 08:00 sampai jam 15:00. Dibawahnya ada parameter hari.
INGAT : Ketika Anda menggunakan Parameter TIME, Anda harus mensetting NTP Client agar jam di router sesuai dengan jam yang sesungguhnya. Ketika Jam tidak sesuai, tentu paramater time tidak bisa bekerja sempurna. Sorry agak arogan, lagi dapet..loooool

 sumber:http://kurei.wordpress.com/2011/05/05/block-site-stop-download-pengaturan-jam-akses-dengan-mikrotik%E2%84%A2-via-winbox/
Pengaturan Bandwidth HIT Proxy Mikrotikâ„¢

Pengaturan Bandwidth HIT Proxy Mikrotik™

Kali ini saya ingin bahas bagaimana pengaturan HIT proxy dan bagaimana cara untuk melakukan management bandwitdh berdasatkan HIT proxy tadi.
*Tumben serius amat
Web Proxy sendiri bertugas menyimpan data file yang diakses user, dan memberikan kepada user berikutnya jika mengakses file yang sama.
– Jika tersedia di cache. Akan langsung diberikan kepada client disebut HIT
– Jika tidak tersedia, proxy akan meminta ke server, menyimpannya di cache, dan memberikan ke client disebut MISS
Dengan begitu, jika sudah tersedia di cache, mungkin kita tidak perlu melakukan limit.
Konsep HIT
HIT adalah parameter tingkat sering atau tdaknya file diakses dari internet oleh user. Dimana ketika file dari internet akan dismpan di hardisk lokal
Jika terjadi akses HIT di proxy, proxy akan memberikan nilai TOS = 4 (nilai 4 bisa diubah sesuai kebutuhan)
Nilai TOS = 4 ini bisa digunakan sebagai parameter pada Mangle. Ketika paket tersebut HIT, maka paket itu memiliki dscp = 4, dimana dscp ini bisa kita jadikan parameter saat kita membuat mangle.
Langkah yang pelu kita lakukan :
1. Buat mangle packet mark yang bisa digunakan oleh semua client.
2. Simple queue. 1 rule untuk upload dan download, packet mark yang kita buat harus untuk upload dan download  sekaligus.
3. Penandaan client berdasarkan IP Address  akan dilakukan di simple queue.
Penandaan Paket menggunakan Mangle
Cukup membuat 3 mangle berikut untuk seluruh client. Mangle disini berfungsi untuk menandai paket yang di request client dimana paket yang memiliki dscp = 4 maka dia akan di tandai sebagai packet-HIT.
0   chain=output action=mark-packet
new-packet-mark=packet-HIT passthrough=no
out-interface=lokal dscp=4
1   chain=output action=mark-packet
new-packet-mark=packet-CLIENT
passthrough=no out-interface=lokal
dscp=!4
2   chain=prerouting action=mark-packet
new-packet-mark=packet-CLIENT
passthrough=no
Contoh menggunakan winbox :
Masuk ke menu IP –> Firewall –> Tab Mangle –> Klik Tombol +  Merah

Kemudian masuk ke Tab Advanced :

Terakhir masuk ke Tab Action :

Perhatikan untuk rule ke dua, dscp=!4 . Tanda pentung berarti kecuali

Kemudian setting untuk simple Queue.
0    name=”QUEUE-CLIENT”
target-addresses=192.168.0.254/32
packet-marks=packet-CLIENT
direction=both priority=8
max-limit=256000/256000
1    name=”QUEUE-HIT”
target-addresses=192.168.0.254/32
packet-marks=packet-HIT
direction=both priority=8
max-limit=1000000/1000000
Contoh menggunakan winbox :

Kemudian masuk ke Tab Advaced, dan masukkan packet-mark yang sudah Anda buat di mangle.

Dari Queue diatas, paket yang telah ditandai sebagai packet-CLIENT akan dibatasi di bandwidth 256Kb. Sedangkan paket yang telah ditandai sebagai packet-HIT di limit 1M, atau mungkin lebih baik lagi kalau di set unlimited.

sumber:http://kurei.wordpress.com/2011/05/23/pengaturan-bandwidth-hit-proxy-mikrotik%E2%84%A2/
CARA SET PROXY HIT

CARA SET PROXY HIT

Agar cache yang diambil dari proxy tidak kena limit. lakukan langkah2 sbb
Tandai paketnya :
/ip firewall mangle
add action=mark-connection chain=forward comment=”Proxy_HIT ” disabled=no \
new-connection-mark=Hit passthrough=yes protocol=tcp
add action=mark-packet chain=forward comment=”" connection-mark=Hit disabled=\
no new-packet-mark=Proxy_Hit passthrough=no protocol=tcp
Selanjutnya Loss-kan di queue:
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment=”" \
direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=\
0/0 max-limit=2M/2M name=PROXY-HIT packet-marks=Proxy_Hit parent=Expadati \
priority=8 queue=default-small/default-small target-addresses=\
199.189.7.0/24 total-queue=default-small

04 April 2012

Setting Mikrotik dan Squid Proxy External Full Versi

Setting Mikrotik dan Squid Proxy External Full Versi

Settingan ini cocokuntuk warnet atau penyedia hotspot menurut saya, tau menurut sobatmah ahahhaha. Settingan ini yang saya pake sekarang, Sudah siap untuk melihat dan menelitinya?
Ok Lanjuuuuuuuut.......!!!
Alat Yang di Gunakan :
- Modem Speedy
- RB750 ROS 4.6 atau Mikrotik v5.xx
- Squid proxy yang berjalan transparant pada port 3128 + zph

Topologi :
- Speedy 2M down dan 512 up
- 1M untuk jatah download semua client dengan batasan maksimal 256kbps/client
- Akses tanpa dibatasi limit untuk beberapa IP tertentu (dalam hal ini IP 192.168.2.16 dan 192.168.2.17)
- Browsing tidak dibatasi
- Aplikasi QOS pada outbound/paket yang keluar dari modem speedy

Manifest IP address yang digunakan :
[MODEM]
Public IP Address = 192.168.1.2/24
[CLIENTS]
Client IP Address = 192.168.2.2-192.168.2.17 (ip selain itu tidak konek internet)
[SQUID BOX]
Proxy Ip Address = 192.168.3.2
squid.conf dengan zph
http_port 3128 transparent
zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136
================Basic Configuration================
/interface ethernet
set 0 comment="Public Interface" name=Public
set 1 comment="Local Interface" name=Local
set 2 comment="Proxy Interface" name=Proxy

/ip address
add address=192.168.2.1/24 broadcast=192.168.2.2 comment="" disabled=no \
interface=Local network=192.168.2.0
add address=192.168.3.1/24 broadcast=192.168.3.2 comment="" disabled=no \
interface=Proxy network=192.168.3.0
add address=192.168.1.2/24 broadcast=192.168.1.3 comment="" disabled=no \
interface=Public network=192.168.1.0

/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=4096KiB \
max-udp-packet-size=512 servers="125.160.4.82,203.130.196.155"
(sesuaikan dengan DNS ISP sobat)

/ip route
add gateway=192.168.1.1 comment="" disabled=no

/ip service
set telnet address=0.0.0.0/0 disabled=yes port=23
set ftp address=0.0.0.0/0 disabled=yes port=21
set www address=0.0.0.0/0 disabled=no port=80
set ssh address=0.0.0.0/0 disabled=yes port=22
set www-ssl address=0.0.0.0/0 certificate=none disabled=yes port=443
set api address=0.0.0.0/0 disabled=yes port=8728
set winbox address=0.0.0.0/0 disabled=no port=8291

/system ntp client
set enabled=yes mode=unicast primary-ntp=152.118.24.8 secondary-ntp=\
202.169.224.16

/ip firewall address-list
add address=192.168.3.1/24 comment="" disabled=no list=ProxyNET
add address=192.168.2.2-192.168.2.17 comment="" disabled=no list=localNet
(saya hanya menjalankan client konek internet 2-17 client)
=================end of basic configuration=================
Untuk firewall filternya saya terapkan yang terpentingnya saja.
/ip firewall filter
add action=drop chain=input comment="Drop Invalid connections" \
connection-state=invalid disabled=no
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="Port scanners to list " \
disabled=no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" \
disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="SYN/FIN scan" disabled=no \
protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="SYN/RST scan" disabled=no \
protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" disabled=\
no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="ALL/ALL scan" disabled=no \
protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="NMAP NULL scan" disabled=no \
protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="Dropping port scanners" disabled=no \
src-address-list="port scanners"
add action=accept chain=input comment="Allow Established connections" \
connection-state=established disabled=no
add action=accept chain=input comment="Allow Related connections" \
connection-state=related disabled=no
add action=accept chain=input comment="Allow ICMP from LOCAL Network" \
disabled=no protocol=icmp src-address-list=localNet
add action=accept chain=input comment="Allow ICMP from PROXY Network" \
disabled=no protocol=icmp src-address-list=ProxyNET
add action=accept chain=input comment="Allow Input from LOCAL Network" \
disabled=no src-address-list=localNet
add action=accept chain=input comment="Allow Input from PROXY Network" \
disabled=no src-address-list=ProxyNET
add action=drop chain=input comment="Drop everything else" disabled=no
add action=drop chain=forward comment="Drop Invalid connections" \
connection-state=invalid disabled=no
add action=jump chain=forward comment="Bad packets filtering" disabled=no \
jump-target=tcp protocol=tcp
add action=jump chain=forward comment="" disabled=no jump-target=udp \
protocol=udp
add action=jump chain=forward comment="" disabled=no jump-target=icmp \
protocol=icmp
add action=drop chain=tcp comment="deny SMTP" disabled=no dst-port=25 \
protocol=tcp
add action=drop chain=tcp comment="deny TFTP" disabled=no dst-port=69 \
protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper" disabled=no dst-port=\
111 protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper" disabled=no dst-port=\
135 protocol=tcp
add action=drop chain=tcp comment="deny NBT" disabled=no dst-port=137-139 \
protocol=tcp
add action=drop chain=tcp comment="deny cifs" disabled=no dst-port=445 \
protocol=tcp
add action=drop chain=tcp comment="deny NFS" disabled=no dst-port=2049 \
protocol=tcp
add action=drop chain=tcp comment="deny NetBus" disabled=no dst-port=\
12345-12346 protocol=tcp
add action=drop chain=tcp comment="deny NetBus" disabled=no dst-port=20034 \
protocol=tcp
add action=drop chain=tcp comment="deny BackOriffice" disabled=no dst-port=\
3133 protocol=tcp
add action=drop chain=tcp comment="deny DHCP" disabled=no dst-port=67-68 \
protocol=tcp
add action=drop chain=tcp comment="deny P2P" disabled=no p2p=all-p2p
add action=drop chain=udp comment="deny TFTP" disabled=no dst-port=69 \
protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" disabled=no dst-port=\
111 protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" disabled=no dst-port=\
135 protocol=udp
add action=drop chain=udp comment="deny NBT" disabled=no dst-port=137-139 \
protocol=udp
add action=drop chain=udp comment="deny NFS" disabled=no dst-port=2049 \
protocol=udp
add action=drop chain=udp comment="deny BackOriffice" disabled=no dst-port=\
3133 protocol=udp
add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
icmp-options=0:0-255 limit=5,5 protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
icmp-options=3:0 protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
icmp-options=3:3 limit=5,5 protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
icmp-options=3:4 limit=5,5 protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
icmp-options=8:0-255 limit=5,5 protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
icmp-options=11:0-255 limit=5,5 protocol=icmp
add action=drop chain=icmp comment="Drop other icmp packets" disabled=no
add action=accept chain=forward comment="Allow Established connections" \
connection-state=established disabled=no
add action=accept chain=forward comment="Allow Forward from LOCAL Network" \
disabled=no src-address-list=localNet
add action=accept chain=forward comment="Allow Forward from PROXY Network" \
disabled=no src-address-list=ProxyNET
add action=drop chain=forward comment="Drop everything else" disabled=no
Untuk NAT nya sebagai berikut :
/ip firewall nat
add action=masquerade src-address-list=localNet chain=srcnat comment="NAT-LOCAL" disabled=no \
out-interface=Public
add action=masquerade src-address-list=ProxyNet chain=srcnat comment="NAT-PROXY" disabled=no \
out-interface=Public
add action=dst-nat chain=dstnat comment="TRANSPARENT PROXY" disabled=no \
dst-address-list=!ProxyNET dst-port=80,8080,3128 in-interface=Local \
protocol=tcp to-addresses=192.168.3.2 to-ports=3128
(atau yang saya punya redirect proxy seperti ini :)
add action=dst-nat chain=dstnat comment="TRANSPARENT PROXY" disabled=no \
src-address=192.168.2.2-192.168.2.17 dst-port=80,8080,3128 in-interface=Local \
protocol=tcp to-addresses=192.168.3.2 to-ports=3128
add action=dst-nat chain=dstnat comment="TRANSPARENT DNS" disabled=no \
dst-port=53 in-interface=Local protocol=udp to-ports=53
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 \
in-interface=Local protocol=tcp to-ports=53
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 \
in-interface=Proxy protocol=udp to-ports=53
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 \
in-interface=Proxy protocol=tcp to-ports=53

Penjelasan :
- Transparent DNS agar client tidak bisa menggunakan NS selain yang terpasang di mikrotik
  (bisa sobat gunakan atau tidak, tergantung keinginan)
- Mengarahkan request dari client tujuan port 80,8080,3128 ke squid external
  saya beri contoh 2 untuk redirect terserah sobat mo pilih yang mana pastinya keduanya jalan
  jika ada interface lain misalkan hotspot sobat tingal tambahkan tanda ! pada src.address atau   dst.address list
Untuk manglenya biar saya jelaskan satu-persatu biar tidak bingung :
/ip firewall mangle
add action=mark-packet chain=forward comment="PROXY-HIT-DSCP 12" disabled=no \
dscp=12 new-packet-mark=proxy-hit passthrough=no

Menandai paket proxy-hit dari external proxy yang nantinya pada rule queue diberikan kebebasan tanpa proses limitasi
add action=change-dscp chain=postrouting comment=CRITICAL disabled=no \
new-dscp=1 protocol=icmp
add action=change-dscp chain=postrouting comment="" disabled=no dst-port=53 \
new-dscp=1 protocol=udp
add action=change-dscp chain=postrouting comment="" disabled=no dst-port=53 \
new-dscp=1 protocol=tcp
add action=mark-connection chain=postrouting comment="" disabled=no dscp=1 \
new-connection-mark=critical_conn passthrough=yes
add action=mark-packet chain=postrouting comment="" connection-mark=\
critical_conn disabled=no new-packet-mark=critical_pkt passthrough=no

Menandai paket ICMP dan DNS request untuk diberikan prioritas tertinggi
add action=mark-connection chain=prerouting comment=MARK-ALL-CONN disabled=no \
dst-address-list=!localNet in-interface=Local new-connection-mark=\
all.pre_conn passthrough=yes
add action=mark-connection chain=forward comment="" disabled=no \
new-connection-mark=all.post_conn out-interface=Local passthrough=yes \
src-address-list=!localNet
add action=mark-packet chain=prerouting comment="" connection-mark=\
all.pre_conn disabled=no new-packet-mark=all.pre_pkt passthrough=yes
add action=mark-packet chain=forward comment="" connection-mark=all.post_conn \
disabled=no new-packet-mark=all.post_pkt passthrough=yes

Menandai SEMUA paket keluar masuk dari Local interface SELAIN ke Local Address
add action=mark-connection chain=prerouting comment=GAMES connection-mark=\
all.pre_conn disabled=no dst-port=9339,843 new-connection-mark=games_conn \
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-mark=\
all.pre_conn disabled=no dst-port=40000-40010 new-connection-mark=\
games_conn passthrough=yes protocol=udp
add action=mark-packet chain=forward comment="" connection-mark=games_conn \
disabled=no new-packet-mark=games_pkt passthrough=no

Menandai Paket GAMES untuk diberikan prioritas KEDUA
add action=mark-connection chain=prerouting comment=HTTP-CLIENT \
connection-mark=all.pre_conn disabled=no new-connection-mark=\
browsing_conn packet-size=0-64 passthrough=yes protocol=tcp tcp-flags=ack
add action=mark-connection chain=prerouting comment="" connection-mark=\
all.pre_conn disabled=no dst-port=80,443 new-connection-mark=\
browsing_conn passthrough=yes protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=0-131072 \
connection-mark=browsing_conn disabled=no new-packet-mark=browsing_pkt \
passthrough=no protocol=tcp
add action=mark-connection chain=prerouting comment=HTTP-PROXY disabled=no \
dst-address-list=!localNet dst-port=80,443 new-connection-mark=proxy_conn \
passthrough=yes protocol=tcp src-address-list=ProxyNET
add action=mark-packet chain=forward comment="" connection-mark=proxy_conn \
disabled=no new-packet-mark=proxy_pkt passthrough=no

Menandai paket untuk browsing TERMASUK http req dari external proxy dengan conn-byte=0-131072 serta paket-paket protocol tcp yang berukuran kecil (packet-size=0-64 tcp-flags=ack) untuk diberikan prioritas KETIGA
add action=mark-connection chain=prerouting comment=REALTIME connection-mark=\
all.pre_conn disabled=no dst-port=22,179,110,161,8291 \
new-connection-mark=realtime_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-mark=\
all.pre_conn disabled=no dst-port=123 new-connection-mark=realtime_conn \
passthrough=yes protocol=udp
add action=mark-packet chain=forward comment="" connection-mark=realtime_conn \
disabled=no new-packet-mark=realtime_pkt passthrough=no

Menandai paket-paket REALTIME ACCESS untuk diberikan prioritas KEEMPAT
add action=mark-connection chain=prerouting comment=FILETRANSER \
connection-mark=all.pre_conn disabled=no dst-port=20,21,23 \
new-connection-mark=communication_conn passthrough=yes protocol=tcp
add action=mark-packet chain=forward comment="" connection-mark=\
communication_conn disabled=no new-packet-mark=communication_pkt \
passthrough=no

Menandai paket-paket FILETRANSFER untuk diberikan prioritas KELIMA
add action=mark-connection chain=prerouting comment=NORMAL connection-mark=\
all.pre_conn disabled=no dst-address-list=!ProxyNET new-connection-mark=\
normal_conn passthrough=yes
add action=mark-packet chain=forward comment="" connection-mark=normal_conn \
disabled=no new-packet-mark=normal_pkt passthrough=no

Menandai semua paket yang tersisa SELAIN tujuan Proxy untuk diberikan prioritas KEENAM
add action=mark-packet chain=forward comment=DOWNLOAD connection-bytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no dst-address=\
192.168.2.2 new-packet-mark=client1 passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no dst-address=\
192.168.2.3 new-packet-mark=client2 passthrough=no protocol=tcp
………………..dst sampai jumlah client yang di perlukanterpenuhi
add action=mark-packet chain=forward comment=DOWNLOAD-NO-LIMIT connection-bytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no dst-address=\
192.168.2.16 new-packet-mark=client16 passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no dst-address=\
192.168.2.17 new-packet-mark=client17 passthrough=no protocol=tcp
Menandai paket protocol tcp yang diteruskan ke client untuk memberikan batasan download pada masing-masing client dengan conn-byte=131072-4294967295
Setelah itu buat queue type nya
/queue type
add kind=pcq name=pcq_up pcq-classifier=src-address pcq-limit=200 pcq-rate=0 \
pcq-total-limit=8000
add kind=pcq name=pcq_down pcq-classifier=dst-address pcq-limit=200 pcq-rate=\
0 pcq-total-limit=8000
add kind=pfifo name=pfifo-critical pfifo-limit=10
add kind=pcq name=pcq_critical.up pcq-classifier=src-address,src-port \
pcq-limit=20 pcq-rate=0 pcq-total-limit=500
add kind=pcq name=pcq_critical.down pcq-classifier=dst-address,dst-port \
pcq-limit=20 pcq-rate=0 pcq-total-limit=500
di lanjut menambahkan queue tree nya…..
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="A. PROXY HIT" packet-mark=proxy-hit parent=Local \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="B. CRITICAL" packet-mark=critical_pkt parent=Public \
priority=1 queue=pfifo-critical

Tanpa limit dengan prioritas pertama untuk proxy hit dan critical

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="C. INBOUND" packet-mark=all.post_pkt parent=global-out \
priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="D. OUTBOUND" packet-mark=all.pre_pkt parent=Public \
priority=8

Membuat parent untuk inbound (traffic masuk ke client) dan outbound (traffic keluar dari public)
Untuk child INBOUND nya saya bagi menjadi beberapa prioritas seperti berikut :

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="A. GAMES" packet-mark=games_pkt parent="C. INBOUND" \
priority=2 queue=pcq_critical.down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="B. HTTP" packet-mark=browsing_pkt parent="C. INBOUND" \
priority=3 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=128k name="C. REALTIME" packet-mark=realtime_pkt parent=\
"C. INBOUND" priority=4 queue=pcq_critical.down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=128k name="D. FILETRANS" packet-mark=communication_pkt parent=\
"C. INBOUND" priority=5 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=128k name="E. NORMAL" packet-mark=normal_pkt parent=\
"C. INBOUND" priority=6 queue=pcq_down

selanjutnya parent untuk download per client nya :

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=1024k name="F. DOWN 1M" parent="C. INBOUND" priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="G. DOWN 2M" parent="C. INBOUND" priority=8

membuat 2 parent untuk 1M dan 2M (atau tanpa limit)
Setelah itu buat child nya, untuk memberikan batasan download per clientnya

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=256k name=Client1 packet-mark=client1 parent=\
"F. DOWN 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=256k name=Client2 packet-mark=client2 parent=\
"F. DOWN 1M" priority=8 queue=pcq_down

…………………..dst sampai semua paket ke client yang di perlukan terpenuhi
Batasan download sebesar 1M untuk semua client dan maksimum 256k per client

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Client16 packet-mark=client16 parent=\
"G. DOWN 2M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Client17 packet-mark=client17 parent=\
"G. DOWN 2M" priority=8 queue=pcq_down

Tanpa batasan download untuk IP 192.168.2.16 dan 192.168.2.17
Kemudiam membuat limit untuk uploadnya

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="A. GAMES UP" packet-mark=games_pkt parent="D. OUTBOUND" \
priority=2 queue=pcq_critical.up
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=256k name="B. HTTP UP" packet-mark=proxy_pkt parent=\
"D. OUTBOUND" priority=3 queue=pcq_up
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=32k \
max-limit=64k name="C. REALTIME UP" packet-mark=realtime_pkt parent=\
"D. OUTBOUND" priority=4 queue=pcq_critical.up
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=128k name="D. FILETRANS UP" packet-mark=communication_pkt \
parent="D. OUTBOUND" priority=5 queue=pcq_up
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=128k name="E. NORMAL UP" packet-mark=normal_pkt parent=\
"D. OUTBOUND" priority=6 queue=pcq_up

C a t a t a n
- Silahkan sobat sesuaikan Untuk IP ADDRESS, Nama Ethernet. dll
- Tanda Hijau Biru dan Merah sengaja saya tandai agar sobat tidak tertukar jika sobat sudah memberi nama lain (maksudnya harus di sesuaikan)
- Tanda Jingga da Ping harus sama dengan yang ada di address list (jika sobat mengganti dengan nama lain)
- Silahkan sobat Kopi script yang saya buat dan pastekan dahulu di notepad (maksudnya di di hilangkan keterangan-keteranganya, buat satu block satu block biar tidak pusing eheheh)
Diurutkan berdasarkan prioritas paket keluar, mulai dari games, http request, realtime connection, filetransfer dan normal request
Hasil akhir yang saya capai, masing-masing client tidak terganggu oleh aktifitas download ketika mereka browsing atau main games, baik pada saat user sedang upload pun tidak mengganggu/memperbesar latency games…. sependek pengetahuan saya soal mikrotik setelah beberapa kali uji coba, mungkin ini settingan terbaik yang pernah saya buat.
Semoga bermanfaat dan selamat mereset Mikrotiknya, succes!!!!

02 April 2012

Cara melihat password facebook/gmail/yahoo yang ter-asterisk

Cara melihat password facebook/gmail/yahoo yang ter-asterisk




yahoo login Cara melihat password facebook/gmail/yahoo yang ter asterisk

Sebenarnya cara ini tidak hanya bisa digunakan untuk melihat password yang ter-asterisk (*******) di facebook, gmail, atau ymail/yahoo mail saja tapi juga bisa digunakan untuk website lain, bahkan program aplikasi yang lain seperti yahoo messenger, live messengger, skype, dan lain-lain.
Untuk bisa melakukan trik ini, kita menggunakan sebuah program SnadBoy’s Revelation. Program ini dapat diunduh secara gratis di SINI.
Cara penggunaan program ini sangat mudah, cukup dengan mengarahkan simbol “Lingkaran +” snap Cara melihat password facebook/gmail/yahoo yang ter asterisk

program SnadBoy’s Revelation ke box yang berisi password yang ter-asterisk maka password tersebut secara otomatis akan ditampilkan oleh program ini.
* Menampilkan password email yahoo ter-asterisk
squid.speedtest

squid.speedtest

##############################################
###     CORE AND COMMON SQUID CONFIG       ###
##############################################

# default listen port 8000 with transparent mode,
# change properly with your own port
http_port 8000 transparent

# http1.1 handling
server_http11 on

# cache manager name
cache_mgr ComStuff

# remove http-header "FORWARDER-FOR" to client that connected through squid
forwarded_for off

# name of squid server
visible_hostname ComStuff

httpd_suppress_version_string on

# caching option (memory, directory,)
cache_mem 16 MB
cache_dir aufs d:/luscacache/cache0 7000 16 256
coredump_dir d:/luscacache/

acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
minimum_object_size 512 bytes
maximum_object_size 1024000 KB
maximum_object_size_in_memory 64 KB
store_avg_object_size 13 KB
offline_mode off

memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
client_persistent_connections off
server_persistent_connections on

request_timeout 1 minute
pconn_timeout 15 seconds
negative_dns_ttl 60 seconds
positive_dns_ttl 6 hours
client_lifetime 6 hours
read_timeout 30 minutes
shutdown_lifetime 10 seconds
uri_whitespace strip
negative_ttl 30 seconds
half_closed_clients off
strip_query_terms off
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 100
vary_ignore_expire on
cache_swap_high 99
cache_swap_low 98

fqdncache_size 16384
ipcache_size 4096
ipcache_low 98
ipcache_high 99

memory_pools off
reload_into_ims on
pipeline_prefetch on

########### END OF ADSBLOCKING ################

##############################################
###            ADSBLOCKING                 ###
##############################################

acl jshack url_regex -i "C:/squid/etc/jshack.block"
deny_info http://ComStuff.net/luscaforwindows/hack.js jshack
http_access deny jshack

acl popads url_regex -i "C:/squid/etc/popads.block"
deny_info http://ComStuff.net/luscaforwindows/popkiller.html popads
http_access deny popads

acl advertise url_regex -i "C:/squid/etc/ads.block"
deny_info https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjN8pXtkCwd-ihC9BUdzBB6oiMfQIouCTi611h3IM-gdA450mrlVXQg_wTmvd_82kdWxxQNoYjFgXaHalUBgwYr7y4ZCO-MbVIMgnlxVxanMP04HGxS0_e-NDD0nJQKqzpE0LF9R8hrug-5/s1600/LORPINS.gif advertise
http_access deny advertise

acl blockedsites dstdomain "C:/squid/etc/sites.block"
http_access deny blockedsites

########### END OF ADSBLOCKING ################

##############################################
###             DNS OPTION                 ###
##############################################

#dns_defnames on

## dns cache to localhost if using unbound
#dns_nameservers 127.0.0.1

hosts_file C:/squid/etc/hosts

########### END OF DNS OPTION ################


##############################################
###           LOGING OPTION                ###
##############################################
# choose one of format log below
# default is using complete log format
#logformat squid  %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
#logformat squidmime  %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt [%>h] [%<h]
#logformat common %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st %Ss:%Sh
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh

access_log d:/luscacache/access.log squid
cache_store_log none
cache_log  d:/luscacache/cache.log
logfile_rotate 1
log_ip_on_direct off
log_icp_queries off
buffered_logs off

########### END OF LOG OPTION ################


##############################################
###           ACL DEFINITION               ###
##############################################

acl all src 0.0.0.0/0.0.0.0
acl localNet src 192.168.34.0/24 192.168.35.0/24 192.168.7.0/24 192.168.212.0/24
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl PURGE method PURGE

# Yahoo! Messenger
acl ym dstdomain .messenger.yahoo.com .psq.yahoo.com
acl ym dstdomain .us.il.yimg.com .msg.yahoo.com .pager.yahoo.com
acl ym dstdomain .rareedge.com .ytunnelpro.com .chat.yahoo.com
acl ym dstdomain .voice.yahoo.com

acl ymregex url_regex yupdater.yim ymsgr myspaceim

# Other protocols Yahoo!Messenger uses ??
acl ym dstdomain .skype.com .imvu.com


## LUSCA
acl speedtest dstdom_regex -i speedtest.*\.
acl store_rewrite_list urlpath_regex .*\/speedtest\/.*\.(jpg|txt)
acl store_rewrite_list urlpath_regex .*\.ak\.fbcdn\.net\/
acl store_rewrite_list urlpath_regex http:\/\/199\.91\.15\d\.\d*\/\w{12}\/(\w*)\/(.*)
acl store_rewrite_list urlpath_regex s[0-9]*\.filesonic\.com\/download\/.*
acl store_rewrite_list urlpath_regex [a-zA-Z]{2}[0-9]*\.4shared\.com\/download\/
acl store_rewrite_list urlpath_regex \/(watch\?|get_video\?|videodownload\?|videoplayback.*id)
acl store_rewrite_list urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|mp(4|3)|exe|msi|zip|on2|mar|rar|cab)\?
acl store_rewrite_list_domain url_regex ^http:\/\/([a-zA-Z-]+[0-9-]+)\.[A-Za-z]*\.[A-Za-z]*
acl store_rewrite_list_domain url_regex (([a-z]{1,2}[0-9]{1,3})|([0-9]{1,3}[a-z]{1,2}))\.[a-z]*[0-9]?\.[a-z]{3}
acl store_rewrite_list_path urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|avc|zip|mp3|3gp|rar|on2|mar|exe|cab)$
acl store_rewrite_list_domain_CDN url_regex \.rapidshare\.com.*\/[0-9]*\/.*\/[^\/]* ^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*) \.doubleclick\.net.*
acl store_rewrite_list_domain_CDN url_regex ^http:\/\/[.a-z0-9]*\.photobucket\.com.*\.[a-z]{3}$ quantserve\.com
acl store_rewrite_list_domain_CDN url_regex ^http:\/\/[a-z]+[0-9]\.google\.co(m|\.id)
acl store_rewrite_list_domain_CDN url_regex ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(rar|zip|flv|wm(a|v)|3gp|mp(4|3)|exe|msi|avi|(mp(e?g|a|e|1|2|3|4))|cab|exe)

acl dontrewrite url_regex redbot\.org \.php
acl getmethod method GET

storeurl_access allow speedtest
storeurl_access deny dontrewrite
storeurl_access deny !getmethod
storeurl_access allow store_rewrite_list_domain_CDN
storeurl_access allow store_rewrite_list
storeurl_access allow store_rewrite_list_domain
storeurl_access allow store_rewrite_list_path
storeurl_access deny all

# REWRITE FEATURE
# PLEASE INSTALL strawberry perl first to enable this feature.
#http://strawberryperl.com/
#this feature allow you to caching dynamic content
#currently support to youtube, 4shared and filesonic
#
#

storeurl_rewrite_program C:/strawberry/perl/bin/perl.exe C:/squid/etc/storeurl.pl
storeurl_rewrite_children 2
storeurl_rewrite_concurrency 99

# END OF REWRITE FEATURE

## END LUSCA



########### END OF ACL DEFINITION ################

##############################################
###    PEERING (SIBLING/PARENT) OPTION     ###
##############################################

## use if your connection must set manual proxy configuration
## cache_peer IP_PARENT_PROXY parent PORT_PARENT_PROXY 0 round-robin no-query no-digest
## wheres IP_PARENT_PROXY is IP Adress of parent proxy
## and PORT_PARENT_PROXY is PORT of parent proxy listening on.

# cache_peer IP_PARENT_PROXY parent PORT_PARENT_PROXY 0 round-robin no-query no-digest
#or
# cache_peed IP_PARENT_PROXY parent PORT_PARENT_PROXY 0 proxy-only no-query no-digest

#never_direct allow all

########### END OF PEERING OPTION ################

##############################################
###       REFRESH PATTERN OPTION           ###
##############################################

# 1 year = 525600 mins, 1 month = 43800 mins
refresh_pattern imeem.*\.flv 0 0% 0 override-lastmod override-expire store-stale
refresh_pattern \.rapidshare.*\/[0-9]*\/.*\/[^\/]* 129600 90% 129600 ignore-reload store-stale
refresh_pattern ^http:\/\/199\.91\.15\d\.\d*\/\w{12}\/(\w*)\/(.*)  129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale negative-ttl=0
refresh_pattern ^http:\/\/s[0-9]*\.filesonic\.com\/download\/([0-9]*)\/(.*)  129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale negative-ttl=0
refresh_pattern ^http:\/\/[a-zA-Z]{2}\d*\.4shared\.com(:8080|)\/download\/(.*)\/(.*\..*)\?.*  129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale negative-ttl=0
refresh_pattern (watch\?|get_video\?|videoplayback\?|videodownload\?|\.flv?) 129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale negative-ttl=0
refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 129600 999999% 129600 override-expire override-lastmod ignore-no-cache store-stale
refresh_pattern \.(ico|video-stats) 129600 999999% 129600 override-expire override-lastmod ignore-reload ignore-no-cache ignore-private ignore-auth ignore-no-store negative-ttl=10080 store-stale
refresh_pattern ^http://(cbk|mt|khm|mlt)[0-9]?)\.google\.co(m|\.id) 129600 999999% 129600 override-expire ignore-reload ignore-private negative-ttl=10080 store-stale
refresh_pattern ^http://(kh|khmdb|mw1)\.google\.com 129600 999999% 129600 override-expire ignore-reload ignore-private negative-ttl=10080 store-stale
refresh_pattern ^http:\/\/[a-z]+[0-9]\.google\.co(m|\.id) 129600 999999% 129600 override-expire ignore-reload ignore-private negative-ttl=10080 store-stale
refresh_pattern ^.*safebrowsing.*google 129600 999999% 129600 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth ignore-no-store negative-ttl=10080 store-stale
refresh_pattern (zynga|zgncdn)\.com.*\/ 129600 999999% 129600 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth ignore-no-store store-stale
refresh_pattern (ninjasaga|mafiawars|cityville|crowdstar)\.com.*\/ 129600 999999% 129600 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth ignore-no-store store-stale
refresh_pattern (yimg|ytimg|twimg)\.com.*\/ 129600 999999% 129600 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth ignore-no-store store-stale
refresh_pattern (photobucket|overclockersclub)\.com.*\/ 129600 999999% 129600 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth ignore-no-store store-stale
refresh_pattern ^http:\/\/image|images|pics|thumbs[0-9]\. 129600 999999% 129600 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth ignore-no-store store-stale
refresh_pattern \.etology\? 129600 999999% 129600 override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern galleries\.video(\?|sz) 129600 999999% 129600 override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern brazzers\? 129600 999999% 129600 override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern \.adtology\? 129600 999999% 129600 override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern ^.*(streamate.doublepimp.com.*\.js\?|utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 129600 90% 129600 ignore-no-cache ignore-private override-expire ignore-reload
refresh_pattern garena\.com 129600 999999% 129600 override-expire reload-into-ims store-stale
refresh_pattern mediafire.com\/images.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 129600 999999% 129600 reload-into-ims override-expire ignore-private store-stale
refresh_pattern ^http:\/\/www.onemanga.com.*\/ 129600 999999% 129600 reload-into-ims ignore-no-cache ignore-no-store ignore-reload override-expire store-stale
refresh_pattern ^http://v\.okezone\.com/get_video\/([a-zA-Z0-9]) 129600 999999% 129600 override-expire ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth override-lastmod negative-ttl=10080 store-stale
refresh_pattern speedtest.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png|swf|txt|js) 129600 999999% 129600 store-stale negative-ttl=0
refresh_pattern code.google.com.*(svn|download) 86400 50% 129600 reload-into-ims


# ANTI VIRUS
refresh_pattern avast.com.*\.vpx  43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern guru.avg.com/.*\.(bin) 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern (avgate|avira).*(idx|gz)$ 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern kaspersky.*\.avc$ 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern kaspersky 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern update.nai.com/.*\.(gem|zip|mcs) 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern ^http:\/\/liveupdate.symantecliveupdate.com.*\(zip|exe) 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale

# WINDOWS UPDATE
refresh_pattern windowsupdate.com/.*\.(cab|exe) 43200 999999% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern update.microsoft.com/.*\.(cab|exe) 43200 999999% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern download.microsoft.com/.*\.(cab|exe) 43200 999999% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale

#images facebook
refresh_pattern -i .*\.((facebook.com)|(85.131.151.39))\.(jpg|png|gif) 129600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern -i .*\.fbcdn\.net\/.*\.((jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|css|js)|(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|css|js)\?) 129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern static\.ak\.fbcdn\.net*\.(jpg|gif|png) 129600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png) 129600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale

#banner IIX
refresh_pattern ^http:\/\/openx.*\.(jp(e?g|e|2)|gif|pn[pg]|swf|ico|css|tiff?) 129600 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/ads(1|2|3).kompas.com.*\/ 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/img.ads.kompas.com.*\/ 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern .kompasimages.com.*\.(jpg|gif|png|swf) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/openx.kompas.com.*\/ 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern kaskus.\us.*\.(jp(e?g|e|2)|gif|png|swf) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/img.kaskus.us.*\.(jpg|gif|png|swf) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale

#IIX DOWNLOAD
#refresh_pattern ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(mp3|rar|zip|flv|wmv|3gp|mp(4|3)|exe|msi|zip) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale ignore-auth



#All File without ?
refresh_pattern -i \.(3gp|avi|ac4|mp(e?g|a|e|1|2|3|4)|m4(a|v)|3g(p?2|p)|mk(a|v)|og(x|v|a|g|m)|wm(a|v)|wmx|wpl|rm|snd|vob|wav|asx|avi|qt|divx|flv|f4v|x-flv|dvr-ms|m(1|2)(v|p)|mov|mid) 129600 999999% 129600 ignore-no-cache ignore-no-store ignore-must-revalidate ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(7z|ace|rar|jar|gz|tgz|bz2|iso|mod|arj|lha|lzh|zip|tar|cab|dat) 129600 999999% 129600 ignore-no-cache ignore-no-store ignore-must-revalidate ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|css|js|ad) 129600 999999% 129600 ignore-no-cache ignore-no-store ignore-must-revalidate ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(exe|ms(i|u|p)|deb|bin|ax|r(a|p)m|app|pkg|apk) 129600 999999% 129600 ignore-no-cache ignore-no-store ignore-must-revalidate ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(pp(t?x|t)|epub|pdf|rtf|wax|cb(r|z|t)|xl(s?x|s)|do(c?x|c)|inc) 129600 999999% 43200 ignore-no-cache ignore-no-store ignore-must-revalidate ignore-private override-expire override-lastmod reload-into-ims store-stale

refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern ^ftp: 10080 10% 43200 override-lastmod reload-into-ims store-stale
refresh_pattern . 180 10% 1440


########### END OF REFRESH PATTERN OPTION ################

global_internal_static off
max_stale 10 years
retry_on_error on
read_ahead_gap 32 KB

#################################################
# Simple delaypools added by imer :shakehand    #
# default setting is disabled                   #
# enable it by removing # mark at start of line #
#################################################

#acl time time SMTWHFA 09:00-23:59
#acl host url_regex -i "C:/squid/etc/host.acl"
#acl lambat url_regex -i "C:/squid/etc/lambat.acl"
#acl download urlpath_regex -i "C:/squid/etc/download.acl"

#delay_pools 3
#delay_access 1 allow host
#delay_access 1 deny all
#delay_access 2 allow download
#delay_access 2 deny all
#delay_access 3 allow lambat time
#delay_access 3 deny all

#delay_class 1 2
#delay_class 2 2
#delay_class 3 2

#delay_parameters 1 -1/-1 -1/-1
#delay_parameters 2 -1/-1 2000/100000
#delay_parameters 3 -1/-1 2000/100000

################ END DELAYPOOLS ################

##############################################
###              ACL RULEZ                 ###
##############################################

http_access allow PURGE manager localhost
http_access allow ym
http_access allow localhost
http_access allow localNet

http_access deny PURGE
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
http_reply_access allow all
icp_access allow all

################ END ACL RULEZ ################

##############################################
###          ANONYMITY OPTIONS             ###
##############################################

#header_access From deny all
#header_access Referer deny all
#header_access Server deny all
#header_access User-Agent deny all
#header_access WWW-Authenticate deny all
#header_access Link deny all

        header_access Accept-Encoding deny all
        header_access Proxy-Connection deny all
        header_access Cache-Control deny all
        header_access X-Cache deny all
        header_access X-Cache-Lookup deny all
        header_access X-Powered-By deny all
        header_access Via deny all
#        header_access Rewrite-URL deny all
#        header_access X-Rewrite-URL deny all
        header_access Forwarded-For deny all
        header_access X-Forwarder-For deny all
#        header_access Pragma deny all
#        header_access Keep-Alive deny all

################ ANONYMITY OPTIONS  ################

zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136

# LUSCA
n_aiops_threads 24
load_check_stopen on
load_check_stcreate on
download_fastest_client_speed on
# END LUSCA