Good Morning Guys,
I am heaving some difficulty in blocking pages HTTPS. I know I can block on Firewall doing a drop, but this will lead to a time out and I want to give a message to the users saying that page is blocked. I search and discover that web proxy can do that, but Mikrotik proxy only work on HTTP. Can someone think a better way of doing this?
Thank you very much and sorry for my English.
There is no way to present your message saying that the page is blocked.
Besides encryption, the point of https is authenticity. If you could modify what the user could see then anyone could modify any https page leading to terrible security issues.
So, no. Unless you create your own CA and install the root CA cert into all the user’s OS and/or browser, you cannot present your own valid https page.
Even then there are counter-measures that some websites take that even with your own CA the browser would reject your own ‘valid’ certificate.
Instead of using action=drop you could use action=reject … so browser would not have to wait for connection to timeout, but would get rejected connection immediately. I guess that message, generated by browser, might reflect that distinction.
I’ve tried that, but at least here, both of then (reject and drop) lead the same end.