Cara blok aplikasi ultra surf



  • Alo teman2

    ada yang tau cara, ngeblok aplikasi ultra surf di pfsense ? mohon info nya yah
    Terima Kasih



  • @maruboy:

    Alo teman2

    ada yang tau cara, ngeblok aplikasi ultra surf di pfsense ? mohon info nya yah
    Terima Kasih

    unt Ultrasurf (https 443), dan skypi - ip acak, lihat di post http://forum.pfsense.org/index.php/topic,18815.msg106475.html#msg106475

    This post will explain a quick and dirt method to block Skype for some user, but avoid to block access to https urls not defined as FQDN.

    This post assume that your client have non direct Internet access and must pass trough your Squid Proxy Server to have an external connection.
    This Post assume your local network is 192.168.1.0/24
    This post assume you want to give SKYPE access to IPs from 192.168.1.100 to 192.168.1.200 and you want to give internet access to all your network.

    Obviously you MUST change the IPs based on your REAL network configuration.

    In the following configuration, I’m going to create some ACL to define my networks, the skype connection method, skype connections destinations and create a sort of WhiteList that could fill in with some exceptions to avoid https connection problems.

    The WhiteList file is /etc/squid/https_url_allowed and you can fill in with a single ip address for line, example :

    proxy:~ # cat /etc/squid/https_url_allowed

    aaa.bbb.ccc.ddd
    eee.fff.ggg.hhh
    iii.jjj.kkk.lll
    mmm.nnn.ooo.ppp
    qqq.rrr.sss.ttt
    uuu.vvv.www.xxx

    proxy:~ #

    All the following lines is in the main SquidProxy Configuration file, usually /etc/squid/squid.conf

    # Declare an ACL to catch ALL
       acl all src 0.0.0.0/0.0.0.0
       # Define an ACL to define my local network
       acl mynetworks src 192.168.1.0/24
       # Define an ACL to have some IPs that can connect to SKYPE
       acl skype_users src 192.168.1.100-192.168.1.200
       # Define a CONNECT acl for the CONNECT method
       acl CONNECT method CONNECT

    # Define an ACL for the URLs composed only of numbers, not FQDN
       acl skype_url url_regex ^[0-9]+.[0-9]+.[0-9]+.[0-9]+

    # Define an ACL for use URLs composed only of numbers, not FQDN
       acl https_url_allowed url_regex -i “/etc/squid/https_url_allowed”

    # Allow SKYPE access for the group “skype_users”
       http_access allow CONNECT skype_url skype_users

    # Allow https access for IP Addresses defined in “/etc/squid/https_url_allowed”
       http_access allow CONNECT https_url_allowed

    # Deny Access to SKYPE and all other
       http_access deny CONNECT skype_url

    # Allow Internet access to all “mynetworks”
       http_access allow mynetworks

    # And finally deny all other access from this proxy
       http_access deny all

    At this point you can restart squid an check if all works with :

    /etc/init.d/squid restart

    Hope this help

    Bye
    Riccardo

    Trims,



  • klo squidnya transparent gimana cara ngaturnya??


Log in to reply