Blocking Specific File Types

aftab25 · December 25, 2008, 9:47pm

All I want is to block users from downloading music files. I am able to block web sites through web proxy access lists but not able to block files. I am using MT 3.15.

Here is my web proxy info
enabled: yes src-address: 0.0.0.0 port: 8080 parent-proxy: 0.0.0.0 parent-proxy-port: 0 cache-administrator: “webmaster” max-cache-size: unlimited cache-on-disk: no max-client-connections: 600 max-server-connections: 600 max-fresh-time: 3d serialize-connections: no always-from-cache: no cache-hit-dscp: 4 cache-drive: usb2

Here are my firewall NAT rules.
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; By Default
chain=srcnat action=masquerade out-interface=ether2

1 ;;; Transparent Proxy
chain=dstnat action=redirect to-ports=8080 protocol=tcp dst-port=80

[admin@MikroTik] /ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; P2P
chain=forward action=drop p2p=all-p2p

2 ;;; Block Open Proxy
chain=input action=drop protocol=tcp src-address=0.0.0.0/0
in-interface=ether2 dst-port=8080
[admin@MikroTik] /ip firewall filter>

Can any body help me blocking specific file types like FLV, MPEG,MP3 etc?

reinerotto · December 26, 2008, 10:06am

My only idea for this is using additional (local) proxy with squid.

aftab25 · December 26, 2008, 12:45pm

I am able to block files using this syntax but it does not work always.

:.mp3$

It works with some web sites and it does not work on some other web sites.

What should I do? I cannot block each individual web site.

Muqatil · December 26, 2008, 3:04pm

http://l7-filter.sourceforge.net/protocols maybe?

ashish · December 27, 2008, 5:12am

I think This will help u out…
http://wiki.mikrotik.com/wiki/How_to_Block_Websites_%26_Stop_Downloading_Using_Proxy

Configure src-address= Customer IP Address…

aftab25 · December 27, 2008, 11:32am

/ip proxy access
path=.exe action=deny
path=.mp3 action=deny

The above rule is not blocking MP3 files from mp3.com . Any other alternative?

Chupaka · December 27, 2008, 12:41pm

maybe it’s because there’s no ‘.mp3’ in URL? filename is contained in http-response

aftab25 · December 27, 2008, 7:47pm

So how Mikrotik can block this type of downloading?

Chupaka · December 27, 2008, 10:07pm

L7 filter =)

ashish · December 29, 2008, 4:17am

The Example is Proven…It is Working and i have configured it at some places

aftab25 · December 29, 2008, 12:36pm

Point is that when we click on download button on the mentioned site, there is no xyz.mp3 in the url so this rule cannot block it. It will need L7 rules which i am learning now.