(ASK) Apa Maksud TCP_Denied/200 dan TAG_NONE/200

Diskusi tentang Ubuntu Server baik webserver, database server, samba server dan service lainnya serta jaringan menggunakan Sistem Operasi Ubuntu.
User avatar
snowflake
Posts: 15
Joined: 22 Mar 2015, 18:18

(ASK) Apa Maksud TCP_Denied/200 dan TAG_NONE/200

Postby snowflake » 08 Apr 2015, 06:24

Alhamdulillah sudah bisa instal squid 3.X
mencoba intercept https dengan ssl_bump dan certificate dynamic menggunakn MYDLP,. terus ketemu masalah yang kayak gini Master di Log squid saya.

1428448730.071 0 192.168.2.15 TAG_NONE/403 3663 POST https://localhost:26143/skypectoc/v1/pnr/parse - HIER_NONE/- text/html
1428448730.074 0 192.168.2.15 TAG_NONE/403 3663 POST https://localhost:26143/skypectoc/v1/pnr/parse - HIER_NONE/- text/html
1428448730.077 0 192.168.2.15 TCP_DENIED/200 0 CONNECT localhost:26143 - HIER_NONE/- -
1428448730.079 0 192.168.2.15 TCP_DENIED/200 0 CONNECT localhost:26143 - HIER_NONE/- -
1428448730.080 0 192.168.2.15 TCP_DENIED/200 0 CONNECT localhost:26143 - HIER_NONE/- -
1428448730.080 0 192.168.2.15 TAG_NONE/403 3663 POST https://localhost:26143/skypectoc/v1/pnr/parse - HIER_NONE/- text/html
1428448730.082 0 192.168.2.15 TCP_DENIED/200 0 CONNECT localhost:26143 - HIER_NONE/- -
1428448730.087 0 192.168.2.15 TCP_DENIED/200 0 CONNECT localhost:26143 - HIER_NONE/- -
1428448730.090 0 192.168.2.15 TAG_NONE/403 3663 POST https://localhost:26143/skypectoc/v1/pnr/parse - HIER_NONE/- text/html
1428448730.090 0 192.168.2.15 TAG_NONE/403 3663 POST https://localhost:26143/skypectoc/v1/pnr/parse - HIER_NONE/- text/html
1428448730.092 1 192.168.2.15 TAG_NONE/403 3663 POST https://localhost:26143/skypectoc/v1/pnr/parse - HIER_NONE/- text/html
1428448730.092 0 192.168.2.15 TCP_DENIED/200 0 CONNECT localhost:26143 - HIER_NONE/- -
1428448730.093 0 192.168.2.15 TAG_NONE/403 3663 POST https://localhost:26143/skypectoc/v1/pnr/parse - HIER_NONE/- text/html
1428448730.101 0 192.168.2.15 TAG_NONE/403 3663 POST https://localhost:26143/skypectoc/v1/pnr/parse - HIER_NONE/- text/html
1428448730.115 0 192.168.2.15 TCP_DENIED/200 0 CONNECT localhost:26143 - HIER_NONE/- -
1428448730.115 0 192.168.2.15 TAG_NONE/403 3663 POST https://localhost:26143/skypectoc/v1/pnr/parse - HIER_NONE/- text/html
1428448730.117 0 192.168.2.15 TCP_DENIED/200 0 CONNECT localhost:26143 - HIER_NONE/- -
1428448730.117 0 192.168.2.15 TCP_DENIED/200 0 CONNECT localhost:26143 - HIER_NONE/-


Mohon Pencerahannya Master-Master
User avatar
bang_andi
Posts: 398
Joined: 03 Sep 2010, 09:07
Location: Di sekitar sungai musi...
Contact:

Re: (ASK) Apa Maksud TCP_Denied/200 dan TAG_NONE/200

Postby bang_andi » 08 Apr 2015, 07:08

TCP DENIED artinya koneksi yang melalui protokol TCP tsb ditolak atau koneksi tidak dapat berlangsung/ berjalan.

localhost:26143 itu apa? lokal server? port 26143 terbuka ?
User avatar
snowflake
Posts: 15
Joined: 22 Mar 2015, 18:18

Re: (ASK) Apa Maksud TCP_Denied/200 dan TAG_NONE/200

Postby snowflake » 08 Apr 2015, 21:56

itu dia mas yang mau saya tanyakan kepada master2 FUI

squid.conf saya
Tampilkan
acl localnet src 192.168.2.0/24 # ip client/local

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
never_direct allow all

acl QUERY urlpath_regex -i (begin|start)\=
acl QUERY urlpath_regex -i cgi-bin \? .php$ .asp$ .shtml$ .cfm$ .cfml$ .phtml$ .php3$ localhost
acl dontrewrite url_regex -i c\.youtube\.com\/.*(begin|start)\=.*
acl dontrewrite url_regex redbot\.org
acl getmethod method GET
acl redir urlpath_regex -i &redirect_counter=1&cms_redirect=yes
acl redir urlpath_regex -i &ir=1&rr=12
acl yutub url_regex -i youtube\.com\/(generate_204|ptracking|stream_204|player_204|s|(.*(playback|watchtime|delayplay)))\?.*$
acl yutub url_regex -i gstatic\.com\/csi\?.*$

acl rewritedoms url_regex -i dl\.sourceforge\.net.*
acl rewritedoms url_regex -i i[0-9]*\.ytimg\.com.*
acl rewritedoms url_regex -i ak\.fbcdn\.net.*
acl rewritedoms url_regex -i (youtube|google).*\/videoplayback\?.*

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all

#Squid Default Port 3128
http_port 192.168.3.2:3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB key=/etc/mydlp/ssl/private.pem cert=/etc/mydlp/ssl/public.pem
always_direct allow all
ssl_bump server-first all
sslcrtd_program /usr/lib/squid/ssl_crtd -s /etc/squid/ssl_db -M 4MB
sslcrtd_children 5
sslproxy_cert_error deny all

hierarchy_stoplist cgi-bin ?

cache allow rewritedoms
cache deny QUERY
cache deny redir

memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_mem 128 MB
minimum_object_size 1 KB
maximum_object_size 500 MB
cache_swap_low 95
cache_swap_high 99
cache_dir aufs /cache-1 40000 94 256
cache_dir aufs /cache-2 40000 94 256
cache_dir aufs /cache-3 40000 94 256
cache_dir aufs /cache-4 40000 94 256
cache_dir aufs /cache-5 40000 94 256
coredump_dir /var/spool/squid


#logformat squid1 %{Referer}>h %ru
#access_log /var/log/squid/yt.log squid1 yutub
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
logfile_rotate 5
log_icp_queries off

store_id_program /etc/squid/store-id.pl
store_id_children 20 startup=10 idle=5 concurrency=30
store_id_access deny !getmethod
store_id_access deny redir
store_id_access deny dontrewrite
store_id_access allow rewritedoms
store_id_access deny all

strip_query_terms off

max_stale 1 week

refresh_pattern .*(begin|start)\=[1-9][0-9].* 0 0% 0
refresh_pattern -i (cgi-bin|mrtg|graph) 0 0% 0
refresh_pattern -i \.(php|lst|ui|ini|list)$ 0 0% 0
refresh_pattern (update.ini|Update.ini|version.list|Version.list|update.1st|update.exe|autoup.exe) 0 0% 0
refresh_pattern (hackshield|nprotect) 240 100% 420 override-expire override-lastmod reload-into-ims
refresh_pattern \.gemscool.com.*\.(exe|dll|cab|zip|iop|npz|swf)$ 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
refresh_pattern \.crossfire.web.id.*\.(cab|zip|exe|rar|dat|swf)$ 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
refresh_pattern \.cabalonline.co.id.*\.(cab|zip|exe|rar|dat|swf) 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
refresh_pattern \.megaxus.com.*\.(cab|zip|exe|rar|dat|swf) 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
refresh_pattern \.lytogame.com.*\.(cab|zip|exe|rar|dat|swf) 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
refresh_pattern ((25[0-5]|2[0-4][0-9]|1[0-9]{2}|[0-9]{1,2})\.){3}(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[0-9]{1,2}).*\.(pak|exe|zip|kom|stg|npz|swf)$ 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale

#PATTERN REFRESH
refresh_pattern -i \.(html|htm|css|js|png|jsp|asx|asp|aspx)$ 240 100% 420
refresh_pattern -i \/speedtest\/.*\.(txt|jpg|png|swf) 0 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
refresh_pattern .pixieimage\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
refresh_pattern .blogspot\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
refresh_pattern .multiply\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
refresh_pattern .((pikawarnet\.com)|(blogspot\.com)|(pixieimage\.com)|(multiply\.com)).* 60 30% 240

#sensitive site
refresh_pattern -i \.(sc-|dl-|ex-|mh-|dll|da-) 0 2% 50 reload-into-ims
refresh_pattern -i \.(mst|Xtp|iop)$ 0 50% 1440 reload-into-ims
refresh_pattern -i (index.php|autoup.exe|main.exe|xtrap.xt|autoupgrade.exe|update.exe|grandchase.exe|FSLauncher.exe|FreeStyle_Setup.exe|grandchase.exe|filelist.zip)$ 0 50% 1440
refresh_pattern -i (UpdaterModifier.exe|FreeStyle.exe|PBLauncher.exe|update.exe|NewLauncher.exe|NewAvalon.exe|hon.exe.zip|cabal.exe)$ 0 50% 1440
refresh_pattern -i (PointBlank.exe.zip|HSUpdate.exe.zip|PBConfig.exe.zip) 0 50% 1440
refresh_pattern -i (wks_avira-win32-en-pecl.info.gz|wks_avira10-win32-en-pecl.info.gz|servers.def.vpx)$ 0 50% 1440
refresh_pattern -i (setup.exe.gz|avscan.exe.gz|avguard.exe.gz|filelist.zip|AvaClient.exe) 0 50% 1440
refresh_pattern -i (livescore.com|goal.com|bobet) 0 50% 60

#FB
refresh_pattern \.facebook\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private
refresh_pattern \.facebook\.com.* 240 50% 480
refresh_pattern \.fbcdn\.net.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private store-stale
refresh_pattern \.gstatic\.com/images\? 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private ignore-must-revalidate
refresh_pattern \.(akamaihd|edgecastcdn|spilcdn|zgncdn|(tw|y|yt)img)\.com.*\.(jp(e?g|e|2)|gif|png|swf|mp(3|4)) 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private
refresh_pattern (gstatic|diggstatic)\.com/.* 1440 99% 14400 override-expire ignore-reload ignore-private
refresh_pattern (photobucket|pbsrc|flickr|yimg|ytimg|twimg|gravatar)\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private
refresh_pattern (zynga|ninjasaga|mafiawars|cityville|farmville|crowdstar|spilcdn|agame|popcap)\.com/.* 1440 99% 14400 override-expire ignore-reload ignore-private
refresh_pattern ^http:\/\/images|image|img|pics|openx|thumbs[0-9]\. 1440 99% 14400 override-expire ignore-reload ignore-private
refresh_pattern ^.*safebrowsing.*google 1440 99% 14400 override-expire ignore-reload ignore-private ignore-auth ignore-must-revalidate
refresh_pattern ^http://.*\.squid\.internal\/.* 10080 100% 79900 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth max-stale=10000 store-stale
refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv\?|\.fid\?) 43200 99% 43200 override-expire ignore-reload ignore-must-revalidate ignore-private

#ads
refresh_pattern \.(ico|video-stats) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-auth override-lastmod ignore-must-revalidate
refresh_pattern ^http://((cbk|mt|khm|mlt|tbn)[0-9]?)\.google\.co(m|\.uk|\.id) 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private ignore-auth ignore-must-revalidate
refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 1440 99% 14400 override-expire override-lastmod
refresh_pattern galleries\.video(\?|sz) 1440 99% 14400 override-expire ignore-reload ignore-must-revalidate ignore-private
refresh_pattern \.wikimapia\.org\/? 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private

#general
refresh_pattern -i \.(7z|arj|bin|bz2|cab|dll|exe|gz|inc|iso|jar|lha|ms(i|p|u)|rar|rpm|tar|tgz|zip|rtp|rpz|nui|kom|stg|pak|sup|nzp|npz|iop)$ 1440 99% 14400 override-expire override-lastmod ignore-private reload-into-ims ignore-must-revalidate ignore-reload store-stale
refresh_pattern -i \.(class|doc|docx|pdf|pps|ppt|ppsx|pptx|ps|rtx|txt|wpl|xls|xlsx)$ 1440 99% 14400 override-expire override-lastmod ignore-private reload-into-ims ignore-must-revalidate ignore-reload store-stale
refresh_pattern -i \.(3gp|ac4|agx|au|avi|axd|bmp|cbr|cbt|cbz|dat|divx|flv|gif|hqx|ico|jp(2|e|eg|g)|mid|mk(a|v)|mov|mp(1|2|3|4|e|eg|g)|og(a|g|v)|qt|ra|ram|rm|swf|tif|tiff|wa(v|x)|wm(a|v|x)|x-flv)$ 1440 99% 14400 override-expire override-lastmod ignore-private reload-into-ims ignore-must-revalidate ignore-reload store-stale
refresh_pattern -i .(html|htm|css|js)$ 1440 75% 40320
refresh_pattern -i .index.(html|htm)$ 0 75% 10080
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 60 50% 14400 store-stale


memory_pools off
client_db off
reload_into_ims on
pipeline_prefetch on
offline_mode off
cache_effective_user proxy
cache_effective_group proxy

request_header_access From deny all
request_header_access Server deny all
request_header_access WWW-Authenticate deny all
request_header_access Link deny all
request_header_access Cache-Control deny all
request_header_access Proxy-Connection deny all
request_header_access X-Cache deny all
request_header_access X-Cache-Lookup deny all
request_header_access Via deny all
request_header_access Forwarded-For deny all
request_header_access X-Forwarded-For deny all
request_header_access Pragma deny all
request_header_access Keep-Alive deny all
vary_ignore_expire on


# local
qos_flows local-hit=0x30
# sibling
# qos_flows sibling-hit=0x31
# parent
# qos_flows parent-hit=0x32
# preserve
# qos_flows disable-preserve-miss


rc.local
Tampilkan
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing

modprobe xt_TPROXY
modprobe xt_socket
modprobe xt_mark
modprobe nf_nat
modprobe nf_conntrack_ipv4
modprobe nf_conntrack
modprobe nf_defrag_ipv4
modprobe ipt_REDIRECT
modprobe iptable_nat

echo 1 > /proc/sys/net/ipv4/ip_forward
echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter

ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100

iptables -t mangle -F
iptables -t mangle -X

iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A INPUT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A PREROUTING -d 192.168.3.2 -p tcp -m multiport --dports 80,443,3127,3128,3129,8000,8080 -j ACCEPT
iptables -t mangle -A PREROUTING ! -d 192.168.3.2 -p tcp -m multiport --dports 80,8080,8000 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3128
iptables -t mangle -A PREROUTING ! -d 192.168.3.2 -p tcp -m multiport --dports 443 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129

exit 1


skema jaringan tidak menggunakan mikrotik
ip PROXY 192.168.3.2

Mohon perbaikannya master-master FUI
User avatar
bang_andi
Posts: 398
Joined: 03 Sep 2010, 09:07
Location: Di sekitar sungai musi...
Contact:

Re: (ASK) Apa Maksud TCP_Denied/200 dan TAG_NONE/200

Postby bang_andi » 08 Apr 2015, 23:23

di squid.conf mu port tsb sudah terbuka pada syntax,

Code: Select all

 acl Safe_ports port 1025-65535 # unregistered ports


coba cek juga di proxy mu,

Code: Select all

cat /etc/services


coba juga disable ufw utk sementara saja, lihat hasilnya di squid.log

Code: Select all

sudo ufw disable


ada kemungkinan pada sisi user, pada browsernya mereka mengunakan incognito/ private mode, coba disable private mode pada browser lalu clear kan cache di browsernya.

lalu seberapa banyak user mu, yg aktif memakai komputer & gadget?
User avatar
snowflake
Posts: 15
Joined: 22 Mar 2015, 18:18

Re: (ASK) Apa Maksud TCP_Denied/200 dan TAG_NONE/200

Postby snowflake » 09 Apr 2015, 00:31

ini baru uji coba mas,..
Komputer==HUB==PROXY

cat etc/service ( apa yang harus saya lakukan dengan ini =nubitol banget=)
Tampilkan
root@myproxy:~# cat /etc/services
# Network services, Internet style
#
# Note that it is presently the policy of IANA to assign a single well-known
# port number for both TCP and UDP; hence, officially ports have two entries
# even if the protocol doesn't support UDP operations.
#
# Updated from http://www.iana.org/assignments/port-numbers and other
# sources like http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/services .
# New ports will be added on request if they have been officially assigned
# by IANA and used in the real-world or are needed by a debian package.
# If you need a huge list of used numbers please install the nmap package.

tcpmux 1/tcp # TCP port service multiplexer
echo 7/tcp
echo 7/udp
discard 9/tcp sink null
discard 9/udp sink null
systat 11/tcp users
daytime 13/tcp
daytime 13/udp
netstat 15/tcp
qotd 17/tcp quote
msp 18/tcp # message send protocol
msp 18/udp
chargen 19/tcp ttytst source
chargen 19/udp ttytst source
ftp-data 20/tcp
ftp 21/tcp
fsp 21/udp fspd
ssh 22/tcp # SSH Remote Login Protocol
ssh 22/udp
telnet 23/tcp
smtp 25/tcp mail
time 37/tcp timserver
time 37/udp timserver
rlp 39/udp resource # resource location
nameserver 42/tcp name # IEN 116
whois 43/tcp nicname
tacacs 49/tcp # Login Host Protocol (TACACS)
tacacs 49/udp
re-mail-ck 50/tcp # Remote Mail Checking Protocol
re-mail-ck 50/udp
domain 53/tcp # Domain Name Server
domain 53/udp
mtp 57/tcp # deprecated
tacacs-ds 65/tcp # TACACS-Database Service
tacacs-ds 65/udp
bootps 67/tcp # BOOTP server
bootps 67/udp
bootpc 68/tcp # BOOTP client
bootpc 68/udp
tftp 69/udp
gopher 70/tcp # Internet Gopher
gopher 70/udp
rje 77/tcp netrjs
finger 79/tcp
http 80/tcp www # WorldWideWeb HTTP
http 80/udp # HyperText Transfer Protocol
link 87/tcp ttylink
kerberos 88/tcp kerberos5 krb5 kerberos-sec # Kerberos v5
kerberos 88/udp kerberos5 krb5 kerberos-sec # Kerberos v5
supdup 95/tcp
hostnames 101/tcp hostname # usually from sri-nic
iso-tsap 102/tcp tsap # part of ISODE
acr-nema 104/tcp dicom # Digital Imag. & Comm. 300
acr-nema 104/udp dicom
csnet-ns 105/tcp cso-ns # also used by CSO name server
csnet-ns 105/udp cso-ns
rtelnet 107/tcp # Remote Telnet
rtelnet 107/udp
pop2 109/tcp postoffice pop-2 # POP version 2
pop2 109/udp pop-2
pop3 110/tcp pop-3 # POP version 3
pop3 110/udp pop-3
sunrpc 111/tcp portmapper # RPC 4.0 portmapper
sunrpc 111/udp portmapper
auth 113/tcp authentication tap ident
sftp 115/tcp
uucp-path 117/tcp
nntp 119/tcp readnews untp # USENET News Transfer Protocol
ntp 123/tcp
ntp 123/udp # Network Time Protocol
pwdgen 129/tcp # PWDGEN service
pwdgen 129/udp
loc-srv 135/tcp epmap # Location Service
loc-srv 135/udp epmap
netbios-ns 137/tcp # NETBIOS Name Service
netbios-ns 137/udp
netbios-dgm 138/tcp # NETBIOS Datagram Service
netbios-dgm 138/udp
netbios-ssn 139/tcp # NETBIOS session service
netbios-ssn 139/udp
imap2 143/tcp imap # Interim Mail Access P 2 and 4
imap2 143/udp imap
snmp 161/tcp # Simple Net Mgmt Protocol
snmp 161/udp
snmp-trap 162/tcp snmptrap # Traps for SNMP
snmp-trap 162/udp snmptrap
cmip-man 163/tcp # ISO mgmt over IP (CMOT)
cmip-man 163/udp
cmip-agent 164/tcp
cmip-agent 164/udp
mailq 174/tcp # Mailer transport queue for Zmailer
mailq 174/udp
xdmcp 177/tcp # X Display Mgr. Control Proto
xdmcp 177/udp
nextstep 178/tcp NeXTStep NextStep # NeXTStep window
nextstep 178/udp NeXTStep NextStep # server
bgp 179/tcp # Border Gateway Protocol
bgp 179/udp
prospero 191/tcp # Cliff Neuman's Prospero
prospero 191/udp
irc 194/tcp # Internet Relay Chat
irc 194/udp
smux 199/tcp # SNMP Unix Multiplexer
smux 199/udp
at-rtmp 201/tcp # AppleTalk routing
at-rtmp 201/udp
at-nbp 202/tcp # AppleTalk name binding
at-nbp 202/udp
at-echo 204/tcp # AppleTalk echo
at-echo 204/udp
at-zis 206/tcp # AppleTalk zone information
at-zis 206/udp
qmtp 209/tcp # Quick Mail Transfer Protocol
qmtp 209/udp
z3950 210/tcp wais # NISO Z39.50 database
z3950 210/udp wais
ipx 213/tcp # IPX
ipx 213/udp
imap3 220/tcp # Interactive Mail Access
imap3 220/udp # Protocol v3
pawserv 345/tcp # Perf Analysis Workbench
pawserv 345/udp
zserv 346/tcp # Zebra server
zserv 346/udp
fatserv 347/tcp # Fatmen Server
fatserv 347/udp
rpc2portmap 369/tcp
rpc2portmap 369/udp # Coda portmapper
codaauth2 370/tcp
codaauth2 370/udp # Coda authentication server
clearcase 371/tcp Clearcase
clearcase 371/udp Clearcase
ulistserv 372/tcp # UNIX Listserv
ulistserv 372/udp
ldap 389/tcp # Lightweight Directory Access Protocol
ldap 389/udp
imsp 406/tcp # Interactive Mail Support Protocol
imsp 406/udp
svrloc 427/tcp # Server Location
svrloc 427/udp
https 443/tcp # http protocol over TLS/SSL
https 443/udp
snpp 444/tcp # Simple Network Paging Protocol
snpp 444/udp
microsoft-ds 445/tcp # Microsoft Naked CIFS
microsoft-ds 445/udp
kpasswd 464/tcp
kpasswd 464/udp
urd 465/tcp ssmtp smtps # URL Rendesvous Directory for SSM
saft 487/tcp # Simple Asynchronous File Transfer
saft 487/udp
isakmp 500/tcp # IPsec - Internet Security Association
isakmp 500/udp # and Key Management Protocol
rtsp 554/tcp # Real Time Stream Control Protocol
rtsp 554/udp
nqs 607/tcp # Network Queuing system
nqs 607/udp
npmp-local 610/tcp dqs313_qmaster # npmp-local / DQS
npmp-local 610/udp dqs313_qmaster
npmp-gui 611/tcp dqs313_execd # npmp-gui / DQS
npmp-gui 611/udp dqs313_execd
hmmp-ind 612/tcp dqs313_intercell # HMMP Indication / DQS
hmmp-ind 612/udp dqs313_intercell
asf-rmcp 623/udp # ASF Remote Management and Control Protocol
qmqp 628/tcp
qmqp 628/udp
ipp 631/tcp # Internet Printing Protocol
ipp 631/udp
#
# UNIX specific services
#
exec 512/tcp
biff 512/udp comsat
login 513/tcp
who 513/udp whod
shell 514/tcp cmd # no passwords used
syslog 514/udp
printer 515/tcp spooler # line printer spooler
talk 517/udp
ntalk 518/udp
route 520/udp router routed # RIP
timed 525/udp timeserver
tempo 526/tcp newdate
courier 530/tcp rpc
conference 531/tcp chat
netnews 532/tcp readnews
netwall 533/udp # for emergency broadcasts
gdomap 538/tcp # GNUstep distributed objects
gdomap 538/udp
uucp 540/tcp uucpd # uucp daemon
klogin 543/tcp # Kerberized `rlogin' (v5)
kshell 544/tcp krcmd # Kerberized `rsh' (v5)
dhcpv6-client 546/tcp
dhcpv6-client 546/udp
dhcpv6-server 547/tcp
dhcpv6-server 547/udp
afpovertcp 548/tcp # AFP over TCP
afpovertcp 548/udp
idfp 549/tcp
idfp 549/udp
remotefs 556/tcp rfs_server rfs # Brunhoff remote filesystem
nntps 563/tcp snntp # NNTP over SSL
nntps 563/udp snntp
submission 587/tcp # Submission [RFC4409]
submission 587/udp
ldaps 636/tcp # LDAP over SSL
ldaps 636/udp
tinc 655/tcp # tinc control port
tinc 655/udp
silc 706/tcp
silc 706/udp
kerberos-adm 749/tcp # Kerberos `kadmin' (v5)
#
webster 765/tcp # Network dictionary
webster 765/udp
rsync 873/tcp
rsync 873/udp
ftps-data 989/tcp # FTP over SSL (data)
ftps 990/tcp
telnets 992/tcp # Telnet over SSL
telnets 992/udp
imaps 993/tcp # IMAP over SSL
imaps 993/udp
ircs 994/tcp # IRC over SSL
ircs 994/udp
pop3s 995/tcp # POP-3 over SSL
pop3s 995/udp
#
# From ``Assigned Numbers'':
#
#> The Registered Ports are not controlled by the IANA and on most systems
#> can be used by ordinary user processes or programs executed by ordinary
#> users.
#
#> Ports are used in the TCP [45,106] to name the ends of logical
#> connections which carry long term conversations. For the purpose of
#> providing services to unknown callers, a service contact port is
#> defined. This list specifies the port used by the server process as its
#> contact port. While the IANA can not control uses of these ports it
#> does register or list uses of these ports as a convienence to the
#> community.
#
socks 1080/tcp # socks proxy server
socks 1080/udp
proofd 1093/tcp
proofd 1093/udp
rootd 1094/tcp
rootd 1094/udp
openvpn 1194/tcp
openvpn 1194/udp
rmiregistry 1099/tcp # Java RMI Registry
rmiregistry 1099/udp
kazaa 1214/tcp
kazaa 1214/udp
nessus 1241/tcp # Nessus vulnerability
nessus 1241/udp # assessment scanner
lotusnote 1352/tcp lotusnotes # Lotus Note
lotusnote 1352/udp lotusnotes
ms-sql-s 1433/tcp # Microsoft SQL Server
ms-sql-s 1433/udp
ms-sql-m 1434/tcp # Microsoft SQL Monitor
ms-sql-m 1434/udp
ingreslock 1524/tcp
ingreslock 1524/udp
prospero-np 1525/tcp # Prospero non-privileged
prospero-np 1525/udp
datametrics 1645/tcp old-radius
datametrics 1645/udp old-radius
sa-msg-port 1646/tcp old-radacct
sa-msg-port 1646/udp old-radacct
kermit 1649/tcp
kermit 1649/udp
groupwise 1677/tcp
groupwise 1677/udp
l2f 1701/tcp l2tp
l2f 1701/udp l2tp
radius 1812/tcp
radius 1812/udp
radius-acct 1813/tcp radacct # Radius Accounting
radius-acct 1813/udp radacct
msnp 1863/tcp # MSN Messenger
msnp 1863/udp
unix-status 1957/tcp # remstats unix-status server
log-server 1958/tcp # remstats log server
remoteping 1959/tcp # remstats remoteping server
cisco-sccp 2000/tcp # Cisco SCCP
cisco-sccp 2000/udp
search 2010/tcp ndtp
pipe-server 2010/tcp pipe_server
nfs 2049/tcp # Network File System
nfs 2049/udp # Network File System
gnunet 2086/tcp
gnunet 2086/udp
rtcm-sc104 2101/tcp # RTCM SC-104 IANA 1/29/99
rtcm-sc104 2101/udp
gsigatekeeper 2119/tcp
gsigatekeeper 2119/udp
gris 2135/tcp # Grid Resource Information Server
gris 2135/udp
cvspserver 2401/tcp # CVS client/server operations
cvspserver 2401/udp
venus 2430/tcp # codacon port
venus 2430/udp # Venus callback/wbc interface
venus-se 2431/tcp # tcp side effects
venus-se 2431/udp # udp sftp side effect
codasrv 2432/tcp # not used
codasrv 2432/udp # server port
codasrv-se 2433/tcp # tcp side effects
codasrv-se 2433/udp # udp sftp side effect
mon 2583/tcp # MON traps
mon 2583/udp
dict 2628/tcp # Dictionary server
dict 2628/udp
f5-globalsite 2792/tcp
f5-globalsite 2792/udp
gsiftp 2811/tcp
gsiftp 2811/udp
gpsd 2947/tcp
gpsd 2947/udp
gds-db 3050/tcp gds_db # InterBase server
gds-db 3050/udp gds_db
icpv2 3130/tcp icp # Internet Cache Protocol
icpv2 3130/udp icp
iscsi-target 3260/tcp
mysql 3306/tcp
mysql 3306/udp
nut 3493/tcp # Network UPS Tools
nut 3493/udp
distcc 3632/tcp # distributed compiler
distcc 3632/udp
daap 3689/tcp # Digital Audio Access Protocol
daap 3689/udp
svn 3690/tcp subversion # Subversion protocol
svn 3690/udp subversion
suucp 4031/tcp # UUCP over SSL
suucp 4031/udp
sysrqd 4094/tcp # sysrq daemon
sysrqd 4094/udp
sieve 4190/tcp # ManageSieve Protocol
epmd 4369/tcp # Erlang Port Mapper Daemon
epmd 4369/udp
remctl 4373/tcp # Remote Authenticated Command Service
remctl 4373/udp
f5-iquery 4353/tcp # F5 iQuery
f5-iquery 4353/udp
ipsec-nat-t 4500/udp # IPsec NAT-Traversal [RFC3947]
iax 4569/tcp # Inter-Asterisk eXchange
iax 4569/udp
mtn 4691/tcp # monotone Netsync Protocol
mtn 4691/udp
radmin-port 4899/tcp # RAdmin Port
radmin-port 4899/udp
rfe 5002/udp # Radio Free Ethernet
rfe 5002/tcp
mmcc 5050/tcp # multimedia conference control tool (Yahoo IM)
mmcc 5050/udp
sip 5060/tcp # Session Initiation Protocol
sip 5060/udp
sip-tls 5061/tcp
sip-tls 5061/udp
aol 5190/tcp # AIM
aol 5190/udp
xmpp-client 5222/tcp jabber-client # Jabber Client Connection
xmpp-client 5222/udp jabber-client
xmpp-server 5269/tcp jabber-server # Jabber Server Connection
xmpp-server 5269/udp jabber-server
cfengine 5308/tcp
cfengine 5308/udp
mdns 5353/tcp # Multicast DNS
mdns 5353/udp
postgresql 5432/tcp postgres # PostgreSQL Database
postgresql 5432/udp postgres
freeciv 5556/tcp rptp # Freeciv gameplay
freeciv 5556/udp
amqp 5672/tcp
amqp 5672/udp
amqp 5672/sctp
ggz 5688/tcp # GGZ Gaming Zone
ggz 5688/udp
x11 6000/tcp x11-0 # X Window System
x11 6000/udp x11-0
x11-1 6001/tcp
x11-1 6001/udp
x11-2 6002/tcp
x11-2 6002/udp
x11-3 6003/tcp
x11-3 6003/udp
x11-4 6004/tcp
x11-4 6004/udp
x11-5 6005/tcp
x11-5 6005/udp
x11-6 6006/tcp
x11-6 6006/udp
x11-7 6007/tcp
x11-7 6007/udp
gnutella-svc 6346/tcp # gnutella
gnutella-svc 6346/udp
gnutella-rtr 6347/tcp # gnutella
gnutella-rtr 6347/udp
sge-qmaster 6444/tcp sge_qmaster # Grid Engine Qmaster Service
sge-qmaster 6444/udp sge_qmaster
sge-execd 6445/tcp sge_execd # Grid Engine Execution Service
sge-execd 6445/udp sge_execd
mysql-proxy 6446/tcp # MySQL Proxy
mysql-proxy 6446/udp
afs3-fileserver 7000/tcp bbs # file server itself
afs3-fileserver 7000/udp bbs
afs3-callback 7001/tcp # callbacks to cache managers
afs3-callback 7001/udp
afs3-prserver 7002/tcp # users & groups database
afs3-prserver 7002/udp
afs3-vlserver 7003/tcp # volume location database
afs3-vlserver 7003/udp
afs3-kaserver 7004/tcp # AFS/Kerberos authentication
afs3-kaserver 7004/udp
afs3-volser 7005/tcp # volume managment server
afs3-volser 7005/udp
afs3-errors 7006/tcp # error interpretation service
afs3-errors 7006/udp
afs3-bos 7007/tcp # basic overseer process
afs3-bos 7007/udp
afs3-update 7008/tcp # server-to-server updater
afs3-update 7008/udp
afs3-rmtsys 7009/tcp # remote cache manager service
afs3-rmtsys 7009/udp
font-service 7100/tcp xfs # X Font Service
font-service 7100/udp xfs
http-alt 8080/tcp webcache # WWW caching service
http-alt 8080/udp
bacula-dir 9101/tcp # Bacula Director
bacula-dir 9101/udp
bacula-fd 9102/tcp # Bacula File Daemon
bacula-fd 9102/udp
bacula-sd 9103/tcp # Bacula Storage Daemon
bacula-sd 9103/udp
xmms2 9667/tcp # Cross-platform Music Multiplexing System
xmms2 9667/udp
nbd 10809/tcp # Linux Network Block Device
zabbix-agent 10050/tcp # Zabbix Agent
zabbix-agent 10050/udp
zabbix-trapper 10051/tcp # Zabbix Trapper
zabbix-trapper 10051/udp
amanda 10080/tcp # amanda backup services
amanda 10080/udp
dicom 11112/tcp
hkp 11371/tcp # OpenPGP HTTP Keyserver
hkp 11371/udp
bprd 13720/tcp # VERITAS NetBackup
bprd 13720/udp
bpdbm 13721/tcp # VERITAS NetBackup
bpdbm 13721/udp
bpjava-msvc 13722/tcp # BP Java MSVC Protocol
bpjava-msvc 13722/udp
vnetd 13724/tcp # Veritas Network Utility
vnetd 13724/udp
bpcd 13782/tcp # VERITAS NetBackup
bpcd 13782/udp
vopied 13783/tcp # VERITAS NetBackup
vopied 13783/udp
db-lsp 17500/tcp # Dropbox LanSync Protocol
dcap 22125/tcp # dCache Access Protocol
gsidcap 22128/tcp # GSI dCache Access Protocol
wnn6 22273/tcp # wnn6
wnn6 22273/udp

#
# Datagram Delivery Protocol services
#
rtmp 1/ddp # Routing Table Maintenance Protocol
nbp 2/ddp # Name Binding Protocol
echo 4/ddp # AppleTalk Echo Protocol
zip 6/ddp # Zone Information Protocol

#=========================================================================
# The remaining port numbers are not as allocated by IANA.
#=========================================================================

# Kerberos (Project Athena/MIT) services
# Note that these are for Kerberos v4, and are unofficial. Sites running
# v4 should uncomment these and comment out the v5 entries above.
#
kerberos4 750/udp kerberos-iv kdc # Kerberos (server)
kerberos4 750/tcp kerberos-iv kdc
kerberos-master 751/udp kerberos_master # Kerberos authentication
kerberos-master 751/tcp
passwd-server 752/udp passwd_server # Kerberos passwd server
krb-prop 754/tcp krb_prop krb5_prop hprop # Kerberos slave propagation
krbupdate 760/tcp kreg # Kerberos registration
swat 901/tcp # swat
kpop 1109/tcp # Pop with Kerberos
knetd 2053/tcp # Kerberos de-multiplexor
zephyr-srv 2102/udp # Zephyr server
zephyr-clt 2103/udp # Zephyr serv-hm connection
zephyr-hm 2104/udp # Zephyr hostmanager
eklogin 2105/tcp # Kerberos encrypted rlogin
# Hmmm. Are we using Kv4 or Kv5 now? Worrying.
# The following is probably Kerberos v5 --- ajt@debian.org (11/02/2000)
kx 2111/tcp # X over Kerberos
iprop 2121/tcp # incremental propagation
#
# Unofficial but necessary (for NetBSD) services
#
supfilesrv 871/tcp # SUP server
supfiledbg 1127/tcp # SUP debugging

#
# Services added for the Debian GNU/Linux distribution
#
linuxconf 98/tcp # LinuxConf
poppassd 106/tcp # Eudora
poppassd 106/udp
moira-db 775/tcp moira_db # Moira database
moira-update 777/tcp moira_update # Moira update protocol
moira-ureg 779/udp moira_ureg # Moira user registration
spamd 783/tcp # spamassassin daemon
omirr 808/tcp omirrd # online mirror
omirr 808/udp omirrd
customs 1001/tcp # pmake customs server
customs 1001/udp
skkserv 1178/tcp # skk jisho server port
predict 1210/udp # predict -- satellite tracking
rmtcfg 1236/tcp # Gracilis Packeten remote config server
wipld 1300/tcp # Wipl network monitor
xtel 1313/tcp # french minitel
xtelw 1314/tcp # french minitel
support 1529/tcp # GNATS
cfinger 2003/tcp # GNU Finger
frox 2121/tcp # frox: caching ftp proxy
ninstall 2150/tcp # ninstall service
ninstall 2150/udp
zebrasrv 2600/tcp # zebra service
zebra 2601/tcp # zebra vty
ripd 2602/tcp # ripd vty (zebra)
ripngd 2603/tcp # ripngd vty (zebra)
ospfd 2604/tcp # ospfd vty (zebra)
bgpd 2605/tcp # bgpd vty (zebra)
ospf6d 2606/tcp # ospf6d vty (zebra)
ospfapi 2607/tcp # OSPF-API
isisd 2608/tcp # ISISd vty (zebra)
afbackup 2988/tcp # Afbackup system
afbackup 2988/udp
afmbackup 2989/tcp # Afmbackup system
afmbackup 2989/udp
xtell 4224/tcp # xtell server
fax 4557/tcp # FAX transmission service (old)
hylafax 4559/tcp # HylaFAX client-server protocol (new)
distmp3 4600/tcp # distmp3host daemon
munin 4949/tcp lrrd # Munin
enbd-cstatd 5051/tcp # ENBD client statd
enbd-sstatd 5052/tcp # ENBD server statd
pcrd 5151/tcp # PCR-1000 Daemon
noclog 5354/tcp # noclogd with TCP (nocol)
noclog 5354/udp # noclogd with UDP (nocol)
hostmon 5355/tcp # hostmon uses TCP (nocol)
hostmon 5355/udp # hostmon uses UDP (nocol)
rplay 5555/udp # RPlay audio service
nrpe 5666/tcp # Nagios Remote Plugin Executor
nsca 5667/tcp # Nagios Agent - NSCA
mrtd 5674/tcp # MRT Routing Daemon
bgpsim 5675/tcp # MRT Routing Simulator
canna 5680/tcp # cannaserver
syslog-tls 6514/tcp # Syslog over TLS [RFC5425]
sane-port 6566/tcp sane saned # SANE network scanner daemon
ircd 6667/tcp # Internet Relay Chat
zope-ftp 8021/tcp # zope management by ftp
tproxy 8081/tcp # Transparent Proxy
omniorb 8088/tcp # OmniORB
omniorb 8088/udp
clc-build-daemon 8990/tcp # Common lisp build daemon
xinetd 9098/tcp
mandelspawn 9359/udp mandelbrot # network mandelbrot
git 9418/tcp # Git Version Control System
zope 9673/tcp # zope server
webmin 10000/tcp
kamanda 10081/tcp # amanda backup services (Kerberos)
kamanda 10081/udp
amandaidx 10082/tcp # amanda backup services
amidxtape 10083/tcp # amanda backup services
smsqp 11201/tcp # Alamin SMS gateway
smsqp 11201/udp
xpilot 15345/tcp # XPilot Contact Port
xpilot 15345/udp
sgi-cmsd 17001/udp # Cluster membership services daemon
sgi-crsd 17002/udp
sgi-gcd 17003/udp # SGI Group membership daemon
sgi-cad 17004/tcp # Cluster Admin daemon
isdnlog 20011/tcp # isdn logging system
isdnlog 20011/udp
vboxd 20012/tcp # voice box system
vboxd 20012/udp
binkp 24554/tcp # binkp fidonet protocol
asp 27374/tcp # Address Search Protocol
asp 27374/udp
csync2 30865/tcp # cluster synchronization tool
dircproxy 57000/tcp # Detachable IRC Proxy
tfido 60177/tcp # fidonet EMSI over telnet
fido 60179/tcp # fidonet EMSI over TCP

# Local services
root@myproxy:~#
User avatar
bang_andi
Posts: 398
Joined: 03 Sep 2010, 09:07
Location: Di sekitar sungai musi...
Contact:

Re: (ASK) Apa Maksud TCP_Denied/200 dan TAG_NONE/200

Postby bang_andi » 09 Apr 2015, 00:33

oh ya, di squid.conf jika bbrp syntax ini di comment,

Code: Select all

#http_access deny !Safe_ports
#http_access deny CONNECT !SSL_ports


lalu lihat squid.log, apakah masih tetap ada tcp denied localhost:26143 nya?
User avatar
snowflake
Posts: 15
Joined: 22 Mar 2015, 18:18

Re: (ASK) Apa Maksud TCP_Denied/200 dan TAG_NONE/200

Postby snowflake » 09 Apr 2015, 00:55

oke master.. sudah fix untuk TCP_Denied

kalau untuk yang TAG_NONE/503 Master..
Tampilkan
1428515703.493 1 192.168.2.15 TAG_NONE/200 0 CONNECT localhost:26143 - HIER_DIRECT/::1 -
1428515703.493 1 192.168.2.15 TAG_NONE/200 0 CONNECT localhost:26143 - HIER_DIRECT/::1 -
1428515703.493 1 192.168.2.15 TAG_NONE/200 0 CONNECT localhost:26143 - HIER_DIRECT/::1 -
1428515703.493 1 192.168.2.15 TAG_NONE/200 0 CONNECT localhost:26143 - HIER_DIRECT/::1 -
1428515703.494 1 192.168.2.15 TAG_NONE/200 0 CONNECT localhost:26143 - HIER_DIRECT/::1 -
1428515703.502 1 192.168.2.15 TAG_NONE/200 0 CONNECT localhost:26143 - HIER_DIRECT/::1 -
1428515703.503 0 192.168.2.15 TAG_NONE/503 3641 POST https://localhost:26143/skypectoc/v1/pnr/parse - HIER_NONE/- text/html
1428515703.503 0 192.168.2.15 TAG_NONE/503 3641 POST https://localhost:26143/skypectoc/v1/pnr/parse - HIER_NONE/- text/html
1428515703.505 0 192.168.2.15 TAG_NONE/503 3641 POST https://localhost:26143/skypectoc/v1/pnr/parse - HIER_NONE/- text/html
1428515703.505 0 192.168.2.15 TAG_NONE/503 3641 POST https://localhost:26143/skypectoc/v1/pnr/parse - HIER_NONE/- text/html
1428515703.505 0 192.168.2.15 TAG_NONE/503 3641 POST https://localhost:26143/skypectoc/v1/pnr/parse - HIER_NONE/- text/html
1428515703.513 0 192.168.2.15 TAG_NONE/503 3641 POST https://localhost:26143/skypectoc/v1/pnr/parse - HIER_NONE/- text/html
User avatar
bang_andi
Posts: 398
Joined: 03 Sep 2010, 09:07
Location: Di sekitar sungai musi...
Contact:

Re: (ASK) Apa Maksud TCP_Denied/200 dan TAG_NONE/200

Postby bang_andi » 09 Apr 2015, 11:51

TAG_NONE artinya ada kesalahan/ error saat berlangsungnya koneksi, dalam kasus anda adalah koneksi lewat https, mungkin ini terkait proses decoding data yang memang harus dienkripsi untuk koneksi yang aman (secure), squid kan memang bermasalah bila berhadapan dengan https, ya walaupun yg dipakai sudah squid3.x.

istilahnya kalau tdk salah bumped tunnels (SSL/TLS).

solusinya coba cek konfigurasi squid3 nya, saya tdk bisa bantu banyak, coba cari dan baca-baca di bagian ini > SQUID3-HEAD_+_SSL_+_TPROXY
User avatar
adidark33
Posts: 12
Joined: 24 Mar 2013, 16:38

Re: (ASK) Apa Maksud TCP_Denied/200 dan TAG_NONE/200

Postby adidark33 » 22 Apr 2015, 04:09

utk http ssl bump coba pake skrip ini aja

http_port 3127 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/myCA.pem
sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/squid/ssl_db/certs/ -M 4MB
sslcrtd_children 5
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
ssl_bump server-first all



ane pake skrip itu work kok asal file cert sslnya sudah dibuat aja dan sesuaikan letak direktori filenya dngn benar
User avatar
bang_andi
Posts: 398
Joined: 03 Sep 2010, 09:07
Location: Di sekitar sungai musi...
Contact:

Re: (ASK) Apa Maksud TCP_Denied/200 dan TAG_NONE/200

Postby bang_andi » 04 Jun 2015, 14:47

adidark33 wrote:utk http ssl bump coba pake skrip ini aja

http_port 3127 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/myCA.pem
sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/squid/ssl_db/certs/ -M 4MB
sslcrtd_children 5
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
ssl_bump server-first all



ane pake skrip itu work kok asal file cert sslnya sudah dibuat aja dan sesuaikan letak direktori filenya dngn benar




siip, trims share nya om :like:
User avatar
q_p
Posts: 3109
Joined: 14 Oct 2012, 13:01
Contact:

Re: (ASK) Apa Maksud TCP_Denied/200 dan TAG_NONE/200

Postby q_p » 07 Jun 2015, 08:37

coba yang ini untuk ngilangin tagnone

Code: Select all

acl CONNECT method CONNECT
...
...
access_log /var/log/squid3/access.log !CONNECT

Return to “Ubuntu Server”

Who is online

Users browsing this forum: No registered users and 25 guests