On 4/7/2011 11:04 AM, wahyu hendro wrote:
Dear all,
Temen saya ingin minta tolong bagaimana cara blok situs tertentu di warnet saya
di misalnya situs dewasa ,di net saya mengguanakan mikrotik RB750G dan proxy
squid sebagai transparent saya sudah mencoba untuk blok tetapi masih
lolos.Distro linux yang saya pakai Open Suse 10.2
Berikut saya lampirkan settingan dari mikrotik dan squid nya sbb
1 .mikrotik
/ip firewall nat
add action=dst-nat chain=dstnat comment="transparent proxy" disabled=no \
dst-address-list=!proxyNET dst-port=80,8080,3128 protocol=tcp
src-address=!192.168.3.x \
to-addresses=192.168.3.x to-ports=3128
2 squid.conf
http_port 3128 transparent
cache_mem 8 MB
server_http11 on
pid_filename /var/run/squid.pid
coredump_dir /var/spool/squid/
error_directory /usr/share/squid/errors/English
icon_directory /usr/share/squid/icons
mime_table /usr/share/squid/mime.conf
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
maximum_object_size 4096 MB
cache_swap_low 98%
cache_swap_high 99%
cache_dir aufs /squid 50000 64 256
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_log /dev/null
cache_store_log /dev/null
redirect_rewrites_host_header off
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
acl dynamic urlpath_regex cgi-bin \?
acl all src 0.0.0.0/0
acl jaringan src 192.168.1.0/24
#Memblokir situs
acl domain-blacklist dstdomain "/etc/squid/blacklist/domain-blacklist"
acl kata-blacklist url_regex -i "/etc/squid/blacklist/kata-blacklist"
#no_cache deny blok
http_access allow manager
http_access allow localhost
http_access allow jaringan
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
http_reply_access allow all
#Memblok situs
http_access deny domain-blacklist
http_access deny kata-blacklist
snmp_port 3401
acl snmppublic snmp_community public
snmp_access allow snmppublic all
acl admin src 192.168.1.12/32
acl management src 192.168.1.13/32
mas, urutannya memang spt ini?
....
#no_cache deny blok
http_access allow manager
http_access allow localhost
http_access allow jaringan
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
http_reply_access allow all
#Memblok situs
http_access deny domain-blacklist
http_access deny kata-blacklist
......
kalo liat dari urutan itu, hasilnya jadinya di allow dulu semua (
http_access allow jaringan ) baru di blok (http_access deny domain-blacklist
http_access deny kata-blacklist)
harusnya di blok dulu, baru di allow jaringannya:
#no_cache deny blok
http_access allow manager
http_access allow localhost
#Memblok situs
http_access deny domain-blacklist
http_access deny kata-blacklist
http_access allow jaringan
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
http_reply_access allow all
______________________________________________
---
Info Milis : http://opensuse.or.id/milis
Keluar dari Milis : Kirim email ke [email protected]
Manajemen Keanggotaan :
http://lists.opensuse-id.org/listinfo.cgi/milis-opensuse-id.org
