Block All Websites

smn4all · February 24, 2012, 3:17pm

I would like to block all websites except www.yahoo.com via Mikrotik IP web proxy but there is no script available for it. For example only www.yahoo.com will open and remain all websites be denied for all users.

If any body know about this script then please inform me with complete command line.

I shall be very thankful this kindness.
Regards
Zishan Rana

Caci99 · February 25, 2012, 12:04pm

You don’t need a script for that, you said it yourself.
You can do that via webproxy.
The webproxy rules are executed in order, so first allow www.yahoo.com
and then block everything else.

smn4all · February 26, 2012, 8:29am

Please give me hint for block everything but allow only www.yahoo.com.

Thanks

Caci99 · February 27, 2012, 8:32am

/ip proxy access
add dst-host=www.yahoo.com action=allow
add dst-host=yahoo.com action=allow
add dst-address=0.0.0.0/0 action deny

smn4all · February 27, 2012, 4:30pm

Thanks for your Hint…

Please let me know that how to restrict & allow web access to different Ip base users via web proxy for Example one user should have full access and 2nd one should have only one web access. Please help me in this case.

Caci99 · February 27, 2012, 5:35pm

It is not that hard, just have a better look at the access available options:
http://wiki.mikrotik.com/wiki/Manual:IP/Proxy#Access_List
if you want to allow access to ip 1.1.1.1:

/ip proxy access 
add src-address=1.1.1.1 dst-host=www.yahoo.com action=allow

or, if you want a range of ip-s from 1.1.1.1 to 1.1.1.10:

/ip proxy access 
add src-address=1.1.1.1-1.1.1.10 dst-host=www.yahoo.com action=allow

or, if you looking for a whole network like 1.1.1.0/25:

/ip proxy access 
add src-address=1.1.1.0/23 dst-host=www.yahoo.com action=allow

estdata · February 27, 2012, 8:53pm

chain: forward
protocol=tcp
dst-address=0.0.0.0/0
dst-port=80
content=http
action=drop

Winbox configuration all website blocked

Onix · February 28, 2012, 6:26am

You can do it without web-proxy - width firewall
Get all yahooo IP width writing in CMD - NSLOOKUP www.yahoo.com

then in forward allow all width destination address from nslookup results and then block all rest tcp 80 port!

smn4all · February 29, 2012, 5:20pm

Dear Caci99!
Thanks for your help… But I`ve a problem, is that while blocking all websites except www.yahoo.com, there yahoo mail is not working. I also allow mail.yahoo.com and login.yahoo.com. but no response. Please help me again.

Caci99 · February 29, 2012, 6:19pm

Keep in mind that rules in “access” are executed in order.
Be sure you have sorted the rules by their number.
You can check that by doing in terminal:

/ip proxy access print

I am not that good in proxy configuration, someone with better knowledge
about expressions can point you to the right direction. My self I would have tried
sth like this:

/ip proxy access
add dst-host=mail.yahoo.com action=allow
add dst-host=www.yahoo.com* action=allow
add dst-host=*mail.yahoo.com action=allow

After you add the rules make sure the “allow rules” are above the “deny rule”
Notice the * character. That is an expression used in proxy configuration, meaning anything,
at least that’s how I know about it . So *mail.yahoo.com, would mean anything preceding
mail.yahoo.com plus mail.yahoo.com, like for example y.y.mail.yahoo.com