Hi Guys
Is there a way to block a HTTP get command for a specific subdirectory?
Blocking HTTP packets containing: GET /admin/
and even /admin/whatever…
I’ve been trying to but no avail…
Regards,
You can use this:
/ip firewall layer7-protocol
add name="http admin1" regexp="^GET\\ /admin/"
add name="http admin2" regexp="^GET\\ /admin/[^\\ ]*\\ HTTP/1\\.(0|1)"
/ip firewall filter
add action=reject chain=forward dst-port=80 layer7-protocol="http admin1" protocol=tcp reject-with=tcp-reset
First regexp is going to be faster, second more accurate, choose what you like more. But with https being used more and more these days, I’m not sure how much useful this blocking will be. Because this will of course work only for plain unencrypted http.