Cara blok aplikasi ultra surf

  • Alo teman2

    ada yang tau cara, ngeblok aplikasi ultra surf di pfsense ? mohon info nya yah
    Terima Kasih

  • @maruboy:

    Alo teman2

    ada yang tau cara, ngeblok aplikasi ultra surf di pfsense ? mohon info nya yah
    Terima Kasih

    unt Ultrasurf (https 443), dan skypi - ip acak, lihat di post,18815.msg106475.html#msg106475

    This post will explain a quick and dirt method to block Skype for some user, but avoid to block access to https urls not defined as FQDN.

    This post assume that your client have non direct Internet access and must pass trough your Squid Proxy Server to have an external connection.
    This Post assume your local network is
    This post assume you want to give SKYPE access to IPs from to and you want to give internet access to all your network.

    Obviously you MUST change the IPs based on your REAL network configuration.

    In the following configuration, I’m going to create some ACL to define my networks, the skype connection method, skype connections destinations and create a sort of WhiteList that could fill in with some exceptions to avoid https connection problems.

    The WhiteList file is /etc/squid/https_url_allowed and you can fill in with a single ip address for line, example :

    proxy:~ # cat /etc/squid/https_url_allowed


    proxy:~ #

    All the following lines is in the main SquidProxy Configuration file, usually /etc/squid/squid.conf

    # Declare an ACL to catch ALL
       acl all src
       # Define an ACL to define my local network
       acl mynetworks src
       # Define an ACL to have some IPs that can connect to SKYPE
       acl skype_users src
       # Define a CONNECT acl for the CONNECT method
       acl CONNECT method CONNECT

    # Define an ACL for the URLs composed only of numbers, not FQDN
       acl skype_url url_regex ^[0-9]+.[0-9]+.[0-9]+.[0-9]+

    # Define an ACL for use URLs composed only of numbers, not FQDN
       acl https_url_allowed url_regex -i “/etc/squid/https_url_allowed”

    # Allow SKYPE access for the group “skype_users”
       http_access allow CONNECT skype_url skype_users

    # Allow https access for IP Addresses defined in “/etc/squid/https_url_allowed”
       http_access allow CONNECT https_url_allowed

    # Deny Access to SKYPE and all other
       http_access deny CONNECT skype_url

    # Allow Internet access to all “mynetworks”
       http_access allow mynetworks

    # And finally deny all other access from this proxy
       http_access deny all

    At this point you can restart squid an check if all works with :

    /etc/init.d/squid restart

    Hope this help



  • klo squidnya transparent gimana cara ngaturnya??

Log in to reply