block certain urls Layer7 and not the entire website

RouterOS General
1

Hello,

how to block certain urls and not the entire website?
Only Block this url: http://www.islasparadisiacas.net/wp-content/uploads/2017/07/imagen-isla-islay.jpg
No Block entire website:

I have tried like this:

/ip firewall layer7-protocol
#Work
add name="islasparadisiacas.net" regexp="^.+(islasparadisiacas.net).*\$\?"

#Work
add name="islasparadisiacas.net" regexp="^.+(wp-content/uploads/2017/07/imagen-isla-islay.jpg).*\$"

# Not Work
add name="islasparadisiacas.net" regexp="^.+(islasparadisiacas.net/wp-content/uploads/2017/07/imagen-isla-islay.jpg).*$"

/ip firewall filter
add action=drop chain=forward layer7-protocol="islasparadisiacas.net" log-prefix="" src-address-list=!no-firewall




/ip firewall filter
add action=drop chain=forward layer7-protocol="forosdelweb" log-prefix="" src-address-list=!no-firewall

can you please help me?.
Regards

2

Last one can’t work, because http request looks like this (and I’m not sure if Host header is always first):

GET /wp-content/uploads/2017/07/imagen-isla-islay.jpg HTTP/1.1
Host: www.islasparadisiacas.net
<other headers>

I didn’t test it, but you might have a chance with regexp like this (not exactly a polished one, but shows the basic idea):

\ /wp-content/uploads/2017/07/imagen-isla-islay\.jpg\ .*Host:\ www\.islasparadisiacas\.net

Also remember that blocking like this is very ineffective and if you plan to do it for more urls, your router won’t like it at all.

3

I don´t know how to match Headers but I tried this:

#URL http://islasparadisiacas.net/wp-content/uploads/2017/07/imagen-isla-islay.jpg

# Not Work
add name="islasparadisiacas.net" regexp="^.+(/wp-content/uploads/2017/07/imagen-isla-islay.jpg) Host: islasparadisiacas.net .*$"
# Not Work
add name="islasparadisiacas.net" regexp="^Host: islasparadisiacas.net .+(/wp-content/uploads/2017/07/imagen-isla-islay.jpg).*$"

# Work
add name="islasparadisiacas.net" regexp="^.*Host: islasparadisiacas.net.*$"

Some ideas?

4

Maybe try the one I posted? I did quick test now and this works:

/ip firewall layer7-protocol
add name=test3 regexp="\\ /wp-content/uploads/2017/07/imagen-isla-islay\\.jpg\\ .*Host:\\ www\\.islasparadisiacas\\.net"
/ip firewall filter
add action=reject chain=forward dst-port=80 layer7-protocol=test3 protocol=tcp reject-with=tcp-reset
5

Hi!
this is my test solution, with web proxy. It is working. It deny all URL that contain word “origo”, but allow if URL contain word “rigo”
You do not necessary all line/command, sorry i not selected.
(This is a VPS on internet, i used 185.80.xxx.xxx:8080 to IE proxy)

My all config:

/tool user-manager customer
set admin access=own-routers,own-users,own-profiles,own-limits,config-payment-gw
/ip address
add address=185.80.xxx.xxx/24 comment=“added by setup” interface=ether1 network=185.80.xxx.x
add address=185.187.xxx.xxx/24 interface=ether1 network=185.187.xxx.x
/ip dns
set servers=8.8.8.8
/ip firewall nat
add action=masquerade chain=srcnat src-address=185.80.xxx.xxx
add chain=dstnat
add action=redirect chain=dstnat dst-port=80 protocol=tcp to-ports=8080
/ip proxy
set enabled=yes src-address=185.80.xxx.xxx
/ip proxy access
add dst-host=:rigo
add action=deny dst-host=:origo
/ip route
add comment=“added by setup” distance=1 gateway=185.80.xxx.xxx
/tool user-manager database
set db-path=user-manager

sequence is important:
In Web proxy Access tab first line (#0): add dst-host=:rigo,
second line (#1): add action=deny dst-host=:origo

6

and what if i whant blocked direct link?
https://www.testsite.com/video/d54hf

7

You can’t, with https you’ll be able to see only www.testsite.com, not /video/d54hf.