Greetings,
I’m new in Mikrotik all I want to block proxy sites . I mean sites that give online proxy service or ips , one method that I think of going to use Open DNS . But I want to use my own Mikrotik router to do that. I’m not using Mikrotik proxy since most of the websites moves towards HTTPS. Any idea how do I get this proxy block working.
Regards
Hi
OpenDNS could easily be bypassed by using ip’s instead of dns names.
To achieve what you want, you would need to compile/import an “address list” of known proxy servers and deny connections to those ip’s in Tik firewall.
Such lists do exists (ex: OpenDNS) but not sure if you can export them (and resync afterwards).
thanks , could you share me such example list and rule so that I can test it.
Regards
…you would need…
You can input address - ip/dns by following command:
/ip firewall address-list add address=<ip/dns> list=
and then use these in firewall rules, ex:
/ip firewall filter add dst-address-list= …
In practice this cannot be done, really.
There are so many of those services and they change often, and there are many other mechanisms that do the same thing (e.g. VPN).
You will have to live with the fact that you cannot fully control your users.
Note that this mechanism is quite limited in the number of addresses it can add from a single DNS name.
It will not be enough to load a large blocklist for something as widespread as proxy or VPN servers.
I have noted this several times but MikroTik shows no response.
Using BGP would be possible. But of course you require some service that offers you the blocklist as BGP peer.