Hi all,
I’m planning a bigger project where I need to have both a transparent proxy AND non-http traffic on tcp/80. (The non-http traffic on port 80 is non-negotiatable - client request).
I need to identify http connections before they reach out to the internet (to redirect them to an external proxy) - but let the non-http traffic directly through.
I tried this L7 defintion:
/ip firewall layer7-protocol
add name=http regexp="^(GET|get|POST|post|HEAD|head)\b .* (HTTP|http)\/[01]\.[019]\n"
The regex is proven working on regexr.com - but routerOS won’t match anything.
For testing purposesI have this firewall rule in place:
/ip firewall filter
add chain=forward dst-port=80 layer7-protocol=http protocol=tcp src-address=1.2.3.0/24
But watching the counters proves nothing is found.
The rule is positioned at the right place - as soon as I remove the l7-part from it, counters grow.
Any ideas anyone?
And, BTW: Would a CCR1036 w/ 16GB be enough for this purpose with about 5’000 concurrent clients?
Thanks!
-Chris
