mikrotiks first of all are routers. All other functionalities are addons, usually good enough for average requirements.
However, for (ad-)blocking I use an openwrt-device. Which has many more possibilities.
Clever. Thanx a lot.If you are filtering Facebook, use NAT instead to redirect the Facebook connection to a local server that will serve a page.
Sorry, no idea, but doing this for long time already, on openwrt-based devices.If the hotspot server is a mikrotik router, how do you accomplish this?
Yes, you are correct, to match the basic requirements of the thread starter.Perfectly within the realms of a MikroTik
FYI: For commercial use, OpenDNS asks for subscription payments. So, for a public WISP, I did a simple clone of OpenDNS, to save the $$.OpenDNS which is a free service for home or private users.
I have to disagree here. You can get the same info for transparently proxied https, using squid.The only thing you'll get with HTTPS [edit: if you're explicitly proxying it] is the hostname that the connection was proxied to
Agreed. However, you also have the option to do DNS-based blocking yourself.The last thing I'll leave you with, you may need to look at DNS based blocking from a provider like OpenDNS if you can't install a device that MITM's SSL.
And that is the reason, I developed a simple clone of openDNS for a hotspot provider. With custom "Blocked !" page, of courseTo use it for business purposes it is formally required to ask them for a quote for a paid account. And it is very expensive (I tried).
I did a (commercial) clone of openDNS. Which also can be tailored for individual MACs. However, needs private server, and special router (non-MT; but openwrt/LEDE)Nobody tried this or there is no solution for this kind of parental control?
Too bad. Then to use a (transparent) proxy, doing DNS with dnsmasq, for example.you mean - add a static entry, and everyone who queries for that name will get set address? No
In production already. However, as it seems to be "A Hot Topic", only contact via email. Look at my profile.Please explain more about this?
An APU with internal SSD is only marginally larger than a MT-box. And has the advantage, you can install latest modem drivers.I can't ask them to carry allso a server with them.
Use a real proxy, like squid. Caching on large disk would be an advantage, anyway.Hi,
The firewall rule L7 works.
But is it also possible to redirect it to an other page?
So I can display to the uses why thy are blocked.
Yes; inject into every page visited. This principle is used for ads more often; but will work for your ideaa, too.In case of interest, email to my adrs in profile.Hello!
Is there a way I could somehow inject a html overlay at the bottom of browser/page,
You might vote up this issue hereI'm not authorised to send private messages.
How can I get permission?
Not sure, what you are looking for exactly, but this might help you:Btw. is it possible to create a new html file something.html and access it somehow?
To enable sending of PM for members with a minimum no. of posts should be safeguard.We already have enough spam in the public forum, we wouldn't be able to delete all the spammers if we would enable PM
At least in Germany and USA, youtube videos are delivered from "*.\.googlevideos\.com" since a few months already.It works blocking youtube by using L7 protocol using regexp : "www.youtube.com",
Pls, give some details about IPcop's config. May be, I can adapt it to iptables/ubuntu, which I use as an upstream proxy for my MT's.Only managed to defend this attack using IPCop (linux distribution)
I have a squid-based, self-made solution for youtube videos. Gives me about 30%-35% daily byte-hitrate, having about 20GB/day youtube traffic (incl. cached data), using 4TB of disk space.Youtube caching gives me about 20% of HITs. When you've slow connections, it's great.
Thanx for sharing the info. That means, it does not beat my "self-made" solution for squid/youtube regarding bandwidth-savings.But I assure you that you wont see more than %35 bandwidth savings from Cachemara.
Got one reboot. And what does log print say ?/log print entries show reason for reboot.
Actually, I used remote logging. No info about reason of spontaneous boot, which might be understandable./log print entries show reason for reboot.