Staff good day.
I would like to capture all traffic https que my clients are Accessing inside my LAN. I use web proxy to redirect the port 80 traffic to 8080, and with que I can monitor all web-sites http (port 80) accessed.
I ask:
You can capture (filter) all pages https que my clients access?
I don’t believe this will work, unless all the clients have been setup to trust a custom Certificate Authority. In that case you could theoretically setup something like Squid to contact the real site and then dynamically re-encrypt the content and sign it with the custom Certificate Authority.
I’m not sure the details but you could google Squid and HTTPS
Just forgot to say you may be able to remove ROS from RB and install a light weight linux distro on your miktorik device and set it up to running as https server,
Just an idea but not sure
Mikrotik can be transparent proxy, but you have to manually configure your web browser to use it. You can’t redirect https connection with firewall to any squid or similiar proxy, because https use end to end encryption.
I was just struggling how to block HTTPS social sites in my small network, and I think I found a solution, at least it works here. Maybe not in 100% as I would wish, but it some how works.
Setting up a list of disallowed websites (let’s call it ‘social’). As I am located in Poland, I have to restrict .com and .pl address of i.e. facebook site:
I waswondering if there is any easier way to block these site, while giving other the access? Of course, it doesn’t have to be facebook, but any other site that you some may have and some may don’thave access.
i follow the instruction made by matiaszon but still no luck.
i made proxy access deny with redirect.
the deny page still accessible and the redirect page never opened.