A site stops opening after youtube.com was blocked

Galunga · April 24, 2017, 11:05am

Hello, everybody!

I’ve blocked youtube.com at my office using regex (^.+(youtu|youtube).*$) + firewall access rule:

chain:input
action:drop
Layer7Protocol:Youtube

Youtube is blocked at the moment, but merlion.com could not be opened now. When I disable firewall access rule which block youtube.com, merlion.com opens fine.

What is the connection? I don’t understand!!! Because of this site I can’t block youtube!

Could you please share your ideas?

Many thanks in advance,
Ilya

normis · April 24, 2017, 11:10am

Of course. The rule you made, blocks by content, not by name. You will block any site, that has Youtube written anywhere on the page or other places.

L7 rules are not meant for blocking pages and will not work like you intended.
For page blocking by name, use proxy (which will not work for https traffic like youtube), or DNS names (maybe catch DNS traffic with your router, and redirect to where you will filter it)

Galunga · April 24, 2017, 11:36am

Hello, Normis!

Many thanks for your reply! To filter unnecessary URLs using proxy was the first thing I’ve tried to do. It wasn’t successful and works strange: for my list of 7 sites (vk.com, facebook.com, odnoklassniki.ru, ok.ru, youtube.com, rutube.com, youtu.be, youtube.com) it works only for 3 sites vk.com, odnoklassniki.ru, ok.ru, rutube.com.

Sites facebook.com, youtu.be, youtube.com could not be filtered using IP > WebProxy functionality. There no hits for them.

So, I’ve gone deeper and tried to apply Layer7 inspection. It worked, but the result with URLs like merlion.com is inacceptible.

Could you please give me a link how to configure “blocking by DNS name”?

P.S. Actually, my device works as proxy. I have main provider in the office and use 751+4G as additional ISP, redirecting HTTP, HTTPS traffic from clients to Mikrotik.

normis · April 24, 2017, 11:43am

https is encrypted, you can’t filter https traffic using proxy.

You can use external service like OpenDNS to block using DNS, router will only capture traffic and redirect it to opendns.
Or you can use IP → DNS → Static to configure some other IP address for the blocked site, for example 127.0.0.1

Galunga · April 24, 2017, 1:47pm

Thank you very much, Normis!

I’ve applied your DNS reccomendation, but as I know there is an easy workaround…(((

Now merlion.com is availaible and youtube.com is closed.

Thank you!