Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cara blok aplikasi ultra surf

    Scheduled Pinned Locked Moved Indonesian
    3 Posts 3 Posters 6.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      maruboy
      last edited by

      Alo teman2

      ada yang tau cara, ngeblok aplikasi ultra surf di pfsense ? mohon info nya yah
      Terima Kasih

      1 Reply Last reply Reply Quote 0
      • I
        ipoelnet
        last edited by

        @maruboy:

        Alo teman2

        ada yang tau cara, ngeblok aplikasi ultra surf di pfsense ? mohon info nya yah
        Terima Kasih

        unt Ultrasurf (https 443), dan skypi - ip acak, lihat di post http://forum.pfsense.org/index.php/topic,18815.msg106475.html#msg106475

        This post will explain a quick and dirt method to block Skype for some user, but avoid to block access to https urls not defined as FQDN.

        This post assume that your client have non direct Internet access and must pass trough your Squid Proxy Server to have an external connection.
        This Post assume your local network is 192.168.1.0/24
        This post assume you want to give SKYPE access to IPs from 192.168.1.100 to 192.168.1.200 and you want to give internet access to all your network.

        Obviously you MUST change the IPs based on your REAL network configuration.

        In the following configuration, I’m going to create some ACL to define my networks, the skype connection method, skype connections destinations and create a sort of WhiteList that could fill in with some exceptions to avoid https connection problems.

        The WhiteList file is /etc/squid/https_url_allowed and you can fill in with a single ip address for line, example :

        proxy:~ # cat /etc/squid/https_url_allowed

        aaa.bbb.ccc.ddd
        eee.fff.ggg.hhh
        iii.jjj.kkk.lll
        mmm.nnn.ooo.ppp
        qqq.rrr.sss.ttt
        uuu.vvv.www.xxx

        proxy:~ #

        All the following lines is in the main SquidProxy Configuration file, usually /etc/squid/squid.conf

        # Declare an ACL to catch ALL
           acl all src 0.0.0.0/0.0.0.0
           # Define an ACL to define my local network
           acl mynetworks src 192.168.1.0/24
           # Define an ACL to have some IPs that can connect to SKYPE
           acl skype_users src 192.168.1.100-192.168.1.200
           # Define a CONNECT acl for the CONNECT method
           acl CONNECT method CONNECT

        # Define an ACL for the URLs composed only of numbers, not FQDN
           acl skype_url url_regex ^[0-9]+.[0-9]+.[0-9]+.[0-9]+

        # Define an ACL for use URLs composed only of numbers, not FQDN
           acl https_url_allowed url_regex -i “/etc/squid/https_url_allowed”

        # Allow SKYPE access for the group “skype_users”
           http_access allow CONNECT skype_url skype_users

        # Allow https access for IP Addresses defined in “/etc/squid/https_url_allowed”
           http_access allow CONNECT https_url_allowed

        # Deny Access to SKYPE and all other
           http_access deny CONNECT skype_url

        # Allow Internet access to all “mynetworks”
           http_access allow mynetworks

        # And finally deny all other access from this proxy
           http_access deny all

        At this point you can restart squid an check if all works with :

        /etc/init.d/squid restart

        Hope this help

        Bye
        Riccardo

        Trims,

        Iso cak, Asal sesuai aturan | Belajarlah seperti orang bodoh

        1 Reply Last reply Reply Quote 0
        • 1
          111ichael
          last edited by

          klo squidnya transparent gimana cara ngaturnya??

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.