Hello
i have tried L7 filter with regexp but it did not work.
Can anybody shares how to do it?
Thanks.
That hasn’t worked since the Internet went HTTPS-everything and cloud-everything. There is no easy and reliable workaround short of middleboxes that dynamically forge TLS certificates.
Don’t argue; search the forum. It’s been discussed to death here several times before.
Dont make promises to clients you cannot keep. Unless the client wants to spend a shit ton of money on a very expensive router and and expensive subscriptions…
this is just example: https://buananetpbun.github.io/mikrotik/block-youtube-layer7-content-tls.html
That “example” becomes obsolete in the presence of ECH.
A better hope is to try and force all DNS to the router’s caching server, then selectively blackhole the unwanted domain names, but then you stumble on the problem of client-side DoH/DoT.
Again, this has all been discussed to death here before. There’s no need to recapitulate it all.
best imho
/queue simple add burst-limit=900M/900M burst-threshold=1M/1M burst-time=8s/8s max-limit=1M/1M name=yt-test target=192.168.xxx.xxx/32
oc need your input/edit
EDIT: meh, it’s not working good a single bit