Blocking specific site (porn)!

Ghaith · May 10, 2007, 6:19am

how can I block porn sites of my users, block URLs with specific words,

thanks alot
Ghaith

normis · May 10, 2007, 6:20am

use webproxy, and then use access list.

or just use firewall and block the destination IPs if they are known.

Ghaith · May 10, 2007, 6:28am

using webproxy means that I have to enable caching which makes downloading much slower!
what’s the config for firewall setting? can you please show me?

thanks again

normis · May 10, 2007, 6:34am

Most people think the opposite about caching …

/ip firewall filter add chain=forward dst-address=159.148.60.20/32 protocol=tcp action=drop

Ghaith · May 10, 2007, 6:46am

normis,
I appreciate your advice and guidance, are you using the cache feature on your mk server? do you think that I should start using it?
thanks,

Ghaith

normis · May 10, 2007, 7:09am

many people use it, including us here in the office. it does not cause problems for downloading, it actually improves download speed if many users want to download the same files.

deleola1 · December 18, 2007, 9:23pm

I saw all the Information, but none seems to work for me.

Pls I will appreciate if there is a way to have those porn site blocked out, someone should please
give me the Idea I mean the command syntax

normis · December 19, 2007, 8:37am

Set up proxy:

[admin@MikroTik] ip proxy> set enabled=yes

→ http://www.mikrotik.com/testdocs/ros/2.9/ip/proxy.php

Set up access list:

/ip proxy access

→ http://www.mikrotik.com/testdocs/ros/2.9/ip/proxy_content.php#7.60.3

tganet · December 19, 2007, 3:52pm

I need blocking many words, but in new version of the proxy ( 3.0rc13 ) not equal a version ( 2.9x )

Example:
in version 2.9x = add dest-host= sexy playboy tits action=deny ( many words in one line )
in version 3.x = not is possible, no block !!

Help-me, i need various expressions in one line !!

example : add dst-hot=sexo/ nudez/ tits/ action=deny

jonmansey · December 20, 2007, 4:37am

ive had very good experience using OpenDNS for porn filtering, it just works. Theres no way you will be able to keep up a list of keywords to filter, and its a lot of load for your router to do it.

with OpenDNS, free by the way, you just use their DNS servers, and register your IP, then you can control how much or little porn, smut, and grubby stuff you want to allow or deny. Very nice, did I mention its free?

jon (not affiliated in any way, just a happy user)

http://www.opendns.com

normis · December 20, 2007, 9:24am

yes, using opendns as your networks DNS server is a much better solution than guessing all the dirty words people will want to look up in the internet.

tganet · December 20, 2007, 1:31pm

I have sucess, this is a example for blocking many words in a one line:

/ip proxy acess add src-adress=0.0.0.0/0 dst-host=:sex|nude|porn action=deny

normis · December 20, 2007, 1:46pm

There was a presentation on this in the Egypt MUM, see this file:
pr0n.doc (72.5 KB)
Although still I say that there are easier ways to do this.

tganet · December 21, 2007, 1:16am

Normis, this example not running in proxy of mikrotik version 3.0 only in version 2.9, i have tested !!

Sandro

deleola1 · December 27, 2007, 6:53pm

I have tried the command as indicated but I am getting invalid preceding regular expression

Please Indicate command precisely.

I am using RouterOS 2.9.50

tganet · December 27, 2007, 10:31pm

/ip proxy access add dst-host=:sex|nude|porn action=deny comment=“Block Porn Sites”

Sandro/TGANET

tganet · December 27, 2007, 10:34pm

/ip proxy access add src-adress=0.0.0.0/0 dst-host=:nude|porn|hardcore action=deny comment=“Bloack Porn Sites”

This is a corret example !!

Sandro

shielder · December 29, 2007, 11:08am

for me, the easiest way is to enable the web proxy and parent the web proxy to another linux box (ipcop + urlfilter). try searching on google on these keywords.

but you need to add another computer as your proxy parent..

gmsmstr · December 30, 2007, 5:37am

as users request this, you add their IP to your address list for blocked porn sites
Add rule to redirect all DNS UDP 53 queries from that src address list to point to:

67.138.54.100
207.225.209.66

This is a service ,free, called scrubit. Free DNS scrubbing. Works quite well. Most of the time that is. will prevent most of the stuff from getting in. There is a application that you can add to your browser to tell them to check a website to be scrubbed, and they will if it is a porn site.

I do this now, no load on your routers for the most part, 3rd party community supported site and such. so…

ponywaterhouse · December 30, 2007, 4:20pm

hi i’ve tried it..
it works..

but when i doing tranparent proxy to my client, it didn’t work…

i’m using mikrotik V.3rc13 as my parent proxy..
do i have to make the same rule as above?

ps : i also have clients that have priveledges to see that websites, under the same parent proxy..