Malam Pak saya coba menerapkan script dari bapak #no_cache deny blok http_access allow manager http_access allow localhost #Memblok situs http_access deny domain-blacklist http_access deny kata-blacklist http_access allow jaringan http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny all http_reply_access allow all
Untuk game online tidak bisa kebuka ya jadi error saya liat di log keterangannya TCP_DENIED/403 1712 GET http://file.pb.gemscool.com/gamepatch/2011-04-04_17-01-17/Gui/Image/announce.xml.zip - NONE/- text/html mohon bantuunaya pak kira2 yg perlu di sett apalagi salam hendro ________________________________ Dari: Sigit <[email protected]> Kepada: Mailing List Komunitas openSUSE Indonesia <[email protected]> Terkirim: Kam, 7 April, 2011 11:12:24 Judul: Re: [*openSUSE-ID*] Blok situs tertentu dengan mikrotik dengan squid sebagai transparent On 4/7/2011 11:04 AM, wahyu hendro wrote: > Dear all, > Temen saya ingin minta tolong bagaimana cara blok situs tertentu di warnet >saya > di misalnya situs dewasa ,di net saya mengguanakan mikrotik RB750G dan proxy > squid sebagai transparent saya sudah mencoba untuk blok tetapi masih > lolos.Distro linux yang saya pakai Open Suse 10.2 > Berikut saya lampirkan settingan dari mikrotik dan squid nya sbb > 1 .mikrotik > /ip firewall nat > add action=dst-nat chain=dstnat comment="transparent proxy" disabled=no \ > dst-address-list=!proxyNET dst-port=80,8080,3128 protocol=tcp > src-address=!192.168.3.x \ > to-addresses=192.168.3.x to-ports=3128 > 2 squid.conf > http_port 3128 transparent > cache_mem 8 MB > server_http11 on > > pid_filename /var/run/squid.pid > coredump_dir /var/spool/squid/ > error_directory /usr/share/squid/errors/English > icon_directory /usr/share/squid/icons > mime_table /usr/share/squid/mime.conf > > maximum_object_size_in_memory 32 KB > memory_replacement_policy heap GDSF > cache_replacement_policy heap LFUDA > maximum_object_size 4096 MB > cache_swap_low 98% > cache_swap_high 99% > cache_dir aufs /squid 50000 64 256 > access_log /var/log/squid/access.log > cache_log /var/log/squid/cache.log > cache_log /dev/null > cache_store_log /dev/null > redirect_rewrites_host_header off > acl manager proto cache_object > acl localhost src 127.0.0.1/255.255.255.255 > acl SSL_ports port 443 563 > acl Safe_ports port 80 21 443 563 70 210 1025-65535 > acl Safe_ports port 280 > acl Safe_ports port 488 > acl Safe_ports port 591 > acl Safe_ports port 777 > acl CONNECT method CONNECT > acl dynamic urlpath_regex cgi-bin \? > acl all src 0.0.0.0/0 > acl jaringan src 192.168.1.0/24 > > #Memblokir situs > acl domain-blacklist dstdomain "/etc/squid/blacklist/domain-blacklist" > acl kata-blacklist url_regex -i "/etc/squid/blacklist/kata-blacklist" > > #no_cache deny blok > http_access allow manager > http_access allow localhost > http_access allow jaringan > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access deny all > http_reply_access allow all > > #Memblok situs > http_access deny domain-blacklist > http_access deny kata-blacklist > > snmp_port 3401 > acl snmppublic snmp_community public > snmp_access allow snmppublic all > > acl admin src 192.168.1.12/32 > acl management src 192.168.1.13/32 > mas, urutannya memang spt ini? .... #no_cache deny blok http_access allow manager http_access allow localhost http_access allow jaringan http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny all http_reply_access allow all #Memblok situs http_access deny domain-blacklist http_access deny kata-blacklist ...... kalo liat dari urutan itu, hasilnya jadinya di allow dulu semua ( http_access allow jaringan ) baru di blok (http_access deny domain-blacklist http_access deny kata-blacklist) harusnya di blok dulu, baru di allow jaringannya: #no_cache deny blok http_access allow manager http_access allow localhost #Memblok situs http_access deny domain-blacklist http_access deny kata-blacklist http_access allow jaringan http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny all http_reply_access allow all ______________________________________________ --- Info Milis : http://opensuse.or.id/milis Keluar dari Milis : Kirim email ke [email protected] Manajemen Keanggotaan : http://lists.opensuse-id.org/listinfo.cgi/milis-opensuse-id.org ______________________________________________ --- Info Milis : http://opensuse.or.id/milis Keluar dari Milis : Kirim email ke [email protected] Manajemen Keanggotaan : http://lists.opensuse-id.org/listinfo.cgi/milis-opensuse-id.org
