Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 8 of 8
  1. #1
    Status
    Offline
    Figueroa29's Avatar
    Baru Gabung
    Join Date
    Jul 2014
    Posts
    5
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Block port 80 tapi website berawalan https masih bisa terbuka

    Permisi rekan2 it. saya ada pertanyaan seputaran block port

    di mikrotik ane sudah di block port 80 sehingga ip yg tidak punya akses, tidak bisa browsing internet. tetapi untuk website berawalan https masih bisa terbuka,padahal ip tersebut tidak memiliki akses internet. kenapa begitu ya? dan juga kadang saya buka forum kask*s, tampilan website tersebut menjadi error (ip saya diberi hak akses browsing). tetapi jika port 80 nya saya buka, tampilan kembali normal. apa yang salah ya?

    berikut saya tampilkan script mikrotik saya

     

    /ip firewall filter
    add action=drop chain=forward comment="Drop Port 80" disabled=no dst-address=\
    !192.168.100.3 protocol=tcp src-port=80
    add action=accept chain=input comment="Akses Management" disabled=no \
    dst-port=8070 in-interface=ether1-LAN protocol=tcp src-address-list=\
    Management
    add action=accept chain=input comment="Akses IT" disabled=no dst-port=8070 \
    in-interface=ether1-LAN protocol=tcp src-address-list=IT
    add action=accept chain=input comment="Akses Internet" disabled=no dst-port=\
    8070 in-interface=ether1-LAN protocol=tcp src-address-list=Internet
    add action=accept chain=input comment="Akses Email" disabled=no dst-port=8070 \
    in-interface=ether1-LAN protocol=tcp src-address-list=Email
    add action=drop chain=input comment="Drop IP diluar list" disabled=no \
    dst-port=8070 in-interface=ether1-LAN protocol=tcp
    add action=accept chain=forward comment="Akses Management" disabled=no \
    src-address-list=Management
    add action=accept chain=forward comment="Akses IT" disabled=no \
    src-address-list=IT
    add action=accept chain=forward comment="Akses Internet" disabled=no \
    src-address-list=Internet
    add action=accept chain=forward comment="Akses Email" disabled=no \
    src-address-list=Email
    add action=accept chain=forward comment="Forward All" disabled=no


    kira2 rekan it ada yg bs bantu salah dmn??

    terima kasih

  2. #2
    Status
    Offline
    linoz's Avatar
    Baru Gabung
    Join Date
    Jun 2011
    Posts
    1
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Halo..

    HTTPS menggunakan port 443.. CMIIW.. Click here to enlarge

  3. #3
    Status
    Offline
    optua's Avatar
    Newbie
    Join Date
    Apr 2014
    Posts
    21
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Blok jg 3128 HTTPS antara 443 dan 3128

    CMIIW

  4. #4
    Status
    Offline
    Figueroa29's Avatar
    Baru Gabung
    Join Date
    Jul 2014
    Posts
    5
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    o iya bener gan portnya 443. yang masih bingung knapa kadang buka website kaskus tidak terbuka dengan normal saat drop port 80. sedangkan saat port 80 nya tidak di drop, buka website yang tadinya error, jadi normal kembali. apa yg salah ya kira2

  5. #5
    Status
    Offline
    Anto.PJ's Avatar
    Forum Guru
    Join Date
    May 2011
    Location
    macz
    Posts
    1,697
    Reviews
    Read 0 Reviews
    Downloads
    7
    Uploads
    0
    Feedback Score
    0
    website semacam kaskus memang https ditiap pagenya, hanya saja cdn servernya masih di http..
    misalnya :

    harga sertifikat ssl untuk feature wildcard subdomain + greenbar mahal gan (3-4 juta setahun), belum lagi kalo beda hostname/domain, beda sertifikat.. beli lagi dong..
    belum lagi ada banner iklan pake http aja.. ada spoiler image juga pake http, trus banner2 lokal yang masih di protokol http

    jadi kalo drop port 80, mungkin saja sebagian gambar tidak bisa di load.

  6. #6
    Status
    Offline
    Figueroa29's Avatar
    Baru Gabung
    Join Date
    Jul 2014
    Posts
    5
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by Anto.PJ Click here to enlarge
    website semacam kaskus memang https ditiap pagenya, hanya saja cdn servernya masih di http..
    misalnya :

    harga sertifikat ssl untuk feature wildcard subdomain + greenbar mahal gan (3-4 juta setahun), belum lagi kalo beda hostname/domain, beda sertifikat.. beli lagi dong..
    belum lagi ada banner iklan pake http aja.. ada spoiler image juga pake http, trus banner2 lokal yang masih di protokol http

    jadi kalo drop port 80, mungkin saja sebagian gambar tidak bisa di load.
    ooow gt ya gan. makasi penjelasannya.

    ane mau tanya lg ni, misalnya ane udah block semua website dari layer 7 protocol, tetapi email thunderbird ane jd ikut ke blok jg. caranya gmn ya biar email tetep bisa masuk?

  7. #7
    Status
    Offline
    rijanarko's Avatar
    Member
    Join Date
    Feb 2011
    Posts
    158
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by Figueroa29 Click here to enlarge
    ooow gt ya gan. makasi penjelasannya.

    ane mau tanya lg ni, misalnya ane udah block semua website dari layer 7 protocol, tetapi email thunderbird ane jd ikut ke blok jg. caranya gmn ya biar email tetep bisa masuk?
    klo d net aku pakai ini mas
    add action=drop chain=forward disabled=no dst-port=53 layer7-protocol=\
    youtube-web protocol=udp time=7h-18h,sun,mon,tue,wed,thu,fri,sat
    jadi klo kasus sampean address yg gak punya akses browsing di drop dnsnya di jamin gak bisa internetan

    klo salah ya maaf, aku masih pemula

  8. #8
    Status
    Offline
    musafirr's Avatar
    Calon Member
    Join Date
    Jul 2010
    Location
    Tangerang Selatan
    Posts
    78
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Udah coba tambahin portnya gan yang mendekati .. Ex: 80,8080,443 ??

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [ASK] Limited connectivity tapi masih bisa konek internet
    By crabman in forum General Networking
    Replies: 3
    Last Post: 12-09-2014, 20:58
  2. [ASK] default login page tidak mau terbuka pada alamat https
    By aswar in forum Scripting @ Mikrotik
    Replies: 7
    Last Post: 27-12-2013, 20:38
  3. port sudah di buka tapi masih belum bisa akses cctv mikrotik
    By abang526 in forum General Networking
    Replies: 2
    Last Post: 18-07-2013, 12:07
  4. Replies: 2
    Last Post: 28-03-2013, 09:20
  5. [ASK] [ASK] Tidak Bisa Buka Website Tapi Ping Jalan....MASUKK GANN !!!!
    By gansar in forum General Networking
    Replies: 11
    Last Post: 05-06-2012, 00:17

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •