Cara blok aplikasi ultra surf
-
Alo teman2
ada yang tau cara, ngeblok aplikasi ultra surf di pfsense ? mohon info nya yah
Terima Kasih -
Alo teman2
ada yang tau cara, ngeblok aplikasi ultra surf di pfsense ? mohon info nya yah
Terima Kasihunt Ultrasurf (https 443), dan skypi - ip acak, lihat di post http://forum.pfsense.org/index.php/topic,18815.msg106475.html#msg106475
This post will explain a quick and dirt method to block Skype for some user, but avoid to block access to https urls not defined as FQDN.
This post assume that your client have non direct Internet access and must pass trough your Squid Proxy Server to have an external connection.
This Post assume your local network is 192.168.1.0/24
This post assume you want to give SKYPE access to IPs from 192.168.1.100 to 192.168.1.200 and you want to give internet access to all your network.Obviously you MUST change the IPs based on your REAL network configuration.
In the following configuration, I’m going to create some ACL to define my networks, the skype connection method, skype connections destinations and create a sort of WhiteList that could fill in with some exceptions to avoid https connection problems.
The WhiteList file is /etc/squid/https_url_allowed and you can fill in with a single ip address for line, example :
proxy:~ # cat /etc/squid/https_url_allowed
aaa.bbb.ccc.ddd
eee.fff.ggg.hhh
iii.jjj.kkk.lll
mmm.nnn.ooo.ppp
qqq.rrr.sss.ttt
uuu.vvv.www.xxxproxy:~ #
All the following lines is in the main SquidProxy Configuration file, usually /etc/squid/squid.conf
# Declare an ACL to catch ALL
acl all src 0.0.0.0/0.0.0.0
# Define an ACL to define my local network
acl mynetworks src 192.168.1.0/24
# Define an ACL to have some IPs that can connect to SKYPE
acl skype_users src 192.168.1.100-192.168.1.200
# Define a CONNECT acl for the CONNECT method
acl CONNECT method CONNECT# Define an ACL for the URLs composed only of numbers, not FQDN
acl skype_url url_regex ^[0-9]+.[0-9]+.[0-9]+.[0-9]+# Define an ACL for use URLs composed only of numbers, not FQDN
acl https_url_allowed url_regex -i “/etc/squid/https_url_allowed”# Allow SKYPE access for the group “skype_users”
http_access allow CONNECT skype_url skype_users# Allow https access for IP Addresses defined in “/etc/squid/https_url_allowed”
http_access allow CONNECT https_url_allowed# Deny Access to SKYPE and all other
http_access deny CONNECT skype_url# Allow Internet access to all “mynetworks”
http_access allow mynetworks# And finally deny all other access from this proxy
http_access deny allAt this point you can restart squid an check if all works with :
/etc/init.d/squid restart
Hope this help
Bye
RiccardoTrims,
-
klo squidnya transparent gimana cara ngaturnya??