Hi,
I have found a few tutorials on how to block access to youtube and facebook. I have followed these to the letter.
Firewall>Layer 7 protocols>+>Rule name>^.+(facebook.com|youtube).*$ as a regexp then OK. Then I go to filter rules>+>General chain + forward> Advanced> select the L7Protocol that was created>Action=drop. Apply Ok…
Then I test it but I can still access youtube and facebook. Why is it not working? Can anyone please let me know if I am missing something.
Mike
Again and again. Ssl encryption disallows you to read the packets.
It would be great if people stopped using l7 for webpage blocking. This is not a good approach and will almost never work.
I totally agree…
Perhaps Mikrotik could go update all of the Wiki articles that recommend this, adding warning notes that this will not work for SSL connections, and that false positives are very easy to do… At least this way the “oficial” position could be made clear: “Don’t do this, it’s a bad solution”
Although very informative it does not help a new guy very much. I am just trying to get my router board unit setup to perform certain basic functions. Perhaps alternative suggestions?
Thanks anyway,
Mike
The first step is to understand that these functions are not basic.
I.e. they once were kind of basic, but the world has changed, websites have moved to encryption (https) and now
it is not a basic function anymore because the router sees only encrypted data and not what website you are visiting.
There are some clever tricks, e.g. use the DNS to do the filtering. Visiting a website via its usual name, e.g. youtube.com,
requires the client to do a DNS lookup to find the address(es) of the website. It is possible to intercept that lookup,
because it is not yet encrypted. Of couse it can be anticipated that this will change too.