Hello,
I configured my Routerboard V.7.x as a web proxy server and made a filter rule in the firewall to drop all requests from all websites as following: ip firewall filter add chain=forward dst-port=80,443 protocol=tcp action=drop
then i wanted to allow specific websites as Allowed websites as following:
Chose forward from Chain dropdown menu
tcp from Protocol dropdown menu
Dst. Port 80,443
put a group name (such as Allowed Websites) in Dst. Address List
chose accept from Action dropdown menu.
then
in the Address Lists tab
Chose the created group name (Allowed Websites) from Name dropdown menu
• Put website’s URL (such as www.fast.com) that I want to add this group in Address input field
I put the allowed rule above the blocked one so allowed is no.1 and the blocked is no.2
the problem is every website is still blocked despite allowing it and the packet counters of blocked website rule is being counted and not the allowed websites rule.
Ignoring the order of the rules, e.g. allow must be put before denying,
if the site is provided by CDN, which for each individual DNS request the IP can vary,
go to the situation that some websites work even if they are not allowed, and others don’t work even if they are allowed…
For example, if you allow whatsapp, you probably allow also facebook and vice-versa because the IPs are mostly shared between CDN…
Also allowing gmail progbably allow anything about google and youtube.
Yes i already put the allow request at first then the deny request below it.
What is the ideal way to use MK as https proxy? As i am requested to use it instead of software based one.
As long as you don’t “hack” the devices with your certificate, you can’t make an httpS proxy,
and in any case you can’t do it with MikroTik, at least as long as you can install something in the future containers in v7…
You need another device, with, for example, the suggested software from @Kindis