Hello
How can I block download .exe file type.
I test with web proxy. But not work
Please help me
Regards
Web proxy does not work with HTTPS. HTTPS is very difficult to check anyway.
There is no much hope. Stopping “path=*.exe” in the web proxy rule is too simple and only for HTTP.
http://forum.mikrotik.com/t/block-downloading-of-exe-files-over-http-https/87706/1
MT has no high level commands for blocking certain file extensions (like other professional firewalls, who even have to use MITM techniques for HTTPS)
I have no solution, but just tried to Google some information. Maybe this one is good enough to stop the most obvious cases where the “.exe” string is in the URL.
https://sudonull.com/post/73607-Block-file-downloads-by-extension-Mikrotik-RouterOS
Thank you.
I have a problem.
I need limit internet for client in network.
When my client’s use Psiphon(vpn proxy app)
, No any limit assign that clients.
I don’t know.
I can not block psiphon. Any time change port.
Please help and offer solution.
Thanks
I think : Forget it. (at least with Mikrotik).
Psyphon is designed to “circumvent” blocking.
Only true advanced firewalls might be able to stop it, based on true DPI / signatures etc.
Eg. the Palo Alto Application Research Center has this application “categorized” and with “app-ID” you could block it.
Description
Psiphon is a web proxy designed to help Internet users affected by Internet censorship securely bypass content-filtering systems set up by governments such as Australia, China, Iran, North Korea, Cuba, Thailand, Saudi Arabia and others. Psiphon was developed by the Citizen Lab at the University of Toronto, building upon previous generations of web proxy software systems, such as the “SafeWeb” and “Anonymizer” systems. Psiphon’s recommended use is among private, trusted relationships that span censored and uncensored locations (such as those that exist among friends and family members, for example) rather than as an open public proxy. Traffic between clients and servers in the Psiphon system is encrypted using the https protocol.
Reference
Psiphon Google Yahoo!
Depends on Applications:
ike, ipsec-esp-udp, ssh, ssl, web-browsing
Characteristics
Category networking
Evasive yes
Subcategory proxy
Excessive Bandwidth no
Risk Prone to Misuse yes
Standard Ports tcp/dynamic Capable of File Transfer yes
Technology browser-based Tunnels Other Applications yes
Used by Malware no
Has Known Vulnerabilities yes
Widely Used yes
SaaS no
What do you mean you can’t limit client? Limit him by MAC, or by dot1x. Administrative actions, all in one. If it’s a company—then it’s not a problem at all, fine-then-fire policy works well. If some public network… there are variants too.
Thank you.
When user connect with psiphon, any config in web proxy limit acess to website not work. Turn any deny website.
What is solution ?
An option could to to completely BLOCK the IP of that user. Then have some REAL proxy installed on your network and force all users through it as a control/policy “point”
Mikrotik is not capable if stopping some of these advanced (vpn) tools.
But that depends if you are in a small business, large enterprise environment, ISP etc,etc.
You need to analyze your situation A-Z and then take actions.
Thanks for your attention.
Ask yourself, what is the real problem you are trying to solve? Users downloading random .exe files and installing unapproved apps or malware? Then the solution is AppLocker. This shouldn’t be something controlled at the network level.