Terimakasih Brothers, sepertinya ini sangat mantap. God bless u, Hans ====================== ----- Original Message ----- From: "mc-iroel" <[EMAIL PROTECTED]> To: <ITCENTER@yahoogroups.com> Sent: Thursday, March 10, 2005 11:34 AM Subject: RE: [ITCENTER] Tolongin saya dong?
> > nambah aja (CMIIW) kalao nggak mau merubah ke *nix, bisa juga paka squid > untuk windows trus config dari mas david di copy aja ......... > > -----Original Message----- > From: David [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 10, 2005 11:15 AM > To: ITCENTER@yahoogroups.com > Subject: Re: [ITCENTER] Tolongin saya dong? > > > > saya pernah mengalami spt ini.. > user bisa mengganti2x ip sesuka dia..di blok diganti.. > saya mengganti server saya dengan unix freebsd setiap client saya masukin ke > acl squid. port 80 saya tutup dengan menggunakan ipfw atau dilinux iptables. > untuk browse hanya lewat squid port 3128.jadi walau user gonta ganti ip nya > bila tidak ada di acl dia tidak bisa apa2x.ibaratkan stand alone. > disquid anda bisa memblok user2x yang chating dengan ym,skype,msn dengan > membuat rulenya.saya pastekan saja disini. > sedikit squid.conf saya > > acl chat dst "/usr/local/squid/etc/chat.txt" > http_access deny chat > acl chatband dstdomain "/usr/local/squid/etc/chatban.txt" > #cachemgr_passwd enable all david > cachemgr_passwd nokia info config * > acl manager proto cache_object > http_access allow manager > acl x1 dstdom_regex msn messenger x-msn-messenger friendster > acl gbr url_regex \.jpg$ \.jpeg \.gif \.swf \.rm \.ram \.vivo \.mpg \.mp3 > \.mpe$ > http_access deny x1 > acl MSN req_mime_type ^application/x-msn-messenger$ > http_access deny MSN > acl badURL2 url_regex -i msn-messenger application/x-msn-messenger > http_access deny badURL2 > acl site_block dstdomain insider.msg.yahoo.com > http_access deny site_block > acl yahoo-mess1 dst 216.155.192.0/255.255.255.255 > http_access deny yahoo-mess1 > acl yahoo-mess2 dst 207.46.104.20/255.255.255.255 > http_access deny yahoo-mess2 > acl yahoo-mess3 dst 216.155.194.191/255.255.255.255 > http_access deny yahoo-mess3 > acl yahoo-mess4 dst 207.46.110.26/255.255.255.255 > http_access deny yahoo-mess4 > acl yahoo-mess5 dst 216.155.194.191/255.255.255.255 > http_access deny yahoo-mess5 > acl problem_port port 6665 5010 5000 5001 5050 4000 5190 1863 569 6901 > http_access deny problem_port > acl AOL-YAHOO-MESSENGER dstdomain login.oscar.aol.com > acl AOL-YAHOO-MESSENGER dstdomain pager.yahoo.com > acl AOL-YAHOO-MESSENGER dstdomain shttp.msg.yahoo.com > acl AOL-YAHOO-MESSENGER dstdomain update.messenger.yahoo.com > acl AOL-YAHOO-MESSENGER dstdomain update.pager.yahoo.com > acl MSN-MESSENGER dst 64.4.13.0/255.255.255.0 > acl MSN-MESSENGER dst 207.46.110.0/255.255.255.0 > http_access deny AOL-YAHOO-MESSENGER > http_access deny MSN-MESSENGER > acl msnmessenger req_mime_type ^application/x-msn-messenger$ > http_access deny msnmessenger > > ##### Block AOL and YAHOO > acl aolyahoo dstdomain login.oscar.aol.com > acl aolyahoo dstdomain pager.yahoo.com > acl aolyahoo dstdomain shttp.msg.yahoo.com > acl aolyahoo dstdomain update.messenger.yahoo.com > acl aolyahoo dstdomain update.pager.yahoo.com > http_access deny aolyahoo > > acl skype dstdomain 80.160.91.5 > acl skype dstdomain 80.160.91.13 > acl skype dstdomain beta1.skype.net > acl skype dstdomain beta.skype.net > http_access deny skype > > ##### Mime blocking > ##### Blocking reqested mine types > acl mimeblockq req_mime_type ^application/x-msn-messenger$ > acl mimeblockq req_mime_type ^app/x-hotbar-xip20$ > acl mimeblockq req_mime_type ^application/x-icq$ > acl mimeblockq req_mime_type ^.*AIM.* > acl mimeblockq req_mime_type ^application/x-comet-log$ > acl mimeblockq req_mime_type ^application/x-pncmd$ > > ##### Blocking sent mime types > acl mimeblockp req_mime_type ^application/x-msn-messenger$ > acl mimeblockp req_mime_type ^app/x-hotbar-xip20$ > acl mimeblockp req_mime_type ^application/x-icq$ > acl mimeblockp req_mime_type ^.*AIM.* > acl mimeblockp req_mime_type ^.*AIM/HTTP > acl mimeblockp req_mime_type ^application/x-comet-log$ > acl mimeblockp req_mime_type ^application/x-pncmd$ > > ##### Setting Access controls > http_access deny mimeblockq > http_access deny mimeblockp > > acl special_url url_regex ^http://shttp.msg.yahoo.com/ > http_access deny special_url > acl friendster src 209.11.168.242 209.11.168.36 209.10.34.55 212.111.32.38 > 209.10.66.55 > http_access deny friendster > acl fs url_regex ^http://www.friendster.com/ > http_access deny fs > acl dodol dstdom_regex friendster messenger msg toolbar msn radio games > adulfriendfinder akamai hotbar webshot gator skype > http_access deny dodol > acl x0 dstdomain .ceritaseru.com .cyber-cherries.com .dewadewi.com > ..dansdreamzone.com .ebonycuties.com .xxx.com .playboy.com .sex.com > ..toolbar.msn.com .shttp.msg.yahoo.com .update.messenger.yahoo.com > ..www.friendster.com .radio.messnger.com .us.dl1.yimg.com > ..update.messenger.com .us.js1.yimg.com .sg.adserver.yahoo.com > ..loginnet.passport.com .launch.adserver.yahoo.com .a1568.g.akamai.net > ..bc2.gator.com > http_access deny x0 > #acl pc atas > acl lisa src 192.168.0.10/255.255.255.255 > acl dyah src 192.168.0.11/255.255.255.255 > acl nunung src 192.168.0.12/255.255.255.255 > acl nining src 192.168.0.13/255.255.255.255 > acl tuti src 192.168.0.14/255.255.255.255 > acl pcadicom src 192.168.0.15/255.255.255.255 > acl label2 src 192.168.0.15/255.255.255.255 > acl irni src 192.168.0.16/255.255.255.255 > > http_access allow lisa > http_access allow dyah > http_access allow nunung > http_access allow nining > http_access allow tuti > http_access allow pcadicom > http_access allow label2 > http_access allow irni > > dengan acl ini setiap client ipnya sudah saya masukin ke acl squid jadi > walau dia ubah2x ipnya tetap aja bila tidak ada di acl akan seperti kompie > stand alone.hanya bisa send and receive email saya lewat oe. karena oe kan > lewat port 25 and 110 yang ditutup hanya port 80. > mungkin ada yang tanya kenapa saya tidak memakai acl spt 192.168.0.10/24 > dengan begini kan lebih efisien dan efektif. tetapi setelah saya coba bila > saya pakai acl spt itu maka rule yang saya buat di squid.conf untuk blok > chating tidak bisa berfungsi dengan kata lain user bisa melakukan chating > via ym dengan mengalihkannya ke proxy squid 192.168.0.1 port 3128. tetapi > bila saya acl satu persatu ini hasil yang saya dapat.setelah access.logs nya > saya tail > > 1110427954.718 91 192.168.3.27 TCP_MISS/200 308 GET > http://ads.astaga.com/AdsNew/adlog.php? - DIRECT/202.59.169.11 image/gif > 1110427954.800 1 192.168.3.19 TCP_DENIED/403 302 HEAD > http://toolbar.msn.com/static/msnapps/globalmanifest.cab - NONE/- - > 1110427960.344 0 192.168.3.19 TCP_DENIED/403 302 HEAD > http://toolbar.msn.com/static/msnapps/globalmanifest.cab - NONE/- - > 1110427965.899 1 192.168.3.19 TCP_DENIED/403 302 HEAD > http://toolbar.msn.com/static/msnapps/globalmanifest.cab - NONE/- - > > oh yah anda juga dapat mendownload s/w winsuperkit untuk melist ip di > jaringan anda. > > regards > david > > > > > ----- Original Message ----- > From: "Hans Simalango" <[EMAIL PROTECTED]> > To: "IT CENTER" <ITCENTER@YAHOOGROUPS.COM> > Sent: Thursday, March 10, 2005 10:49 AM > Subject: [ITCENTER] Tolongin saya dong? > > > > > > Bagaimana ya ngeset server supaya yang diblok itu MAC addressnya si Client > untuk tidak join ke Internet Connection Sharing / Atau tidak bisa Surfing > (User)? > > > > Kalau boleh tau pakai software apa ya? > > > > Karena si User walau saya blok IP address-nya dia masih merubah IP > Address-nya selalu. Padahal Control Panel dia sudah saya Hidden. Mungkin > karena dia menggunakan Windows 98 dia masuk ke Safe Mode dulu untuk merubah > IP Addressnya. > > > > Sorry kalau ini sudah pernah ditanyakan di Milis ini. > > > > Thx, > > Hans > > > > > > [Non-text portions of this message have been removed] > > > > > > > > -- > > www.ITCENTER.or.id - Komunitas Teknologi Informasi Indonesia > > Info, Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED] > > ::: Hapus bagian yang tidak perlu (footer, dst) saat reply! ::: > > ## Forum: ITCENTER.or.id/forum ## Jobs: ITCENTER.or.id/jobs ## > > > > > > Yahoo! Groups Links > > > > > > > > > > > > > > > > > > > > -- > www.ITCENTER.or.id - Komunitas Teknologi Informasi Indonesia > Info, Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED] > ::: Hapus bagian yang tidak perlu (footer, dst) saat reply! ::: > ## Forum: ITCENTER.or.id/forum ## Jobs: ITCENTER.or.id/jobs ## > > > Yahoo! Groups Links > > > > > > > > > > > -- > No virus found in this incoming message. > Checked by AVG Anti-Virus. > Version: 7.0.308 / Virus Database: 266.7.1 - Release Date: 3/9/05 > > > > > -- > www.ITCENTER.or.id - Komunitas Teknologi Informasi Indonesia > Info, Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED] > ::: Hapus bagian yang tidak perlu (footer, dst) saat reply! ::: > ## Forum: ITCENTER.or.id/forum ## Jobs: ITCENTER.or.id/jobs ## > > > Yahoo! Groups Links > > > > > > > > > -- www.ITCENTER.or.id - Komunitas Teknologi Informasi Indonesia Info, Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED] ::: Hapus bagian yang tidak perlu (footer, dst) saat reply! ::: ## Forum: ITCENTER.or.id/forum ## Jobs: ITCENTER.or.id/jobs ## Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/ITCENTER/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/