How to REDIRECT a page ?

opstina · April 1, 2015, 8:42am

Hello to everyone,

I have created “Web proxy transparent”.. and i’m Redirecting some webpages that are running with HTTP,
but i have to redirect facebook and youtube, They are using HTTPS , and webproxy don’t support https,

is there any way how to redirect pages that are using HTTPS connection ?

Please HELP ME!

Thanks

Ridddick · April 8, 2015, 8:09pm

No, there’s no such a way. It’s not a question of mikrotik but the https protocol. You can try to block it but not to redirect.

Zorro · April 9, 2015, 4:44am

static DNS override ? thats how i maintain blackholing advertisement and malware web-sites(and two SOHO CPE vendors did in their stock firmware too, for some/few devices).
but thats depend HOW to WHERE and what for you, why are redirecting this kind of traffic.

loveman · April 10, 2015, 8:33pm

should to be create in firewall and from action choose redirect and put up 8080 , and going in web proxy to create it and choose enable , and going in access to active redirect .

Thanks

ZeroByte · April 10, 2015, 8:41pm

This won’t work for SSL connections. Mikrotik’s proxy can only intercept http (non-ssl).

loveman · April 16, 2015, 10:19pm

ok, thank you for your comment

if I need to block https ? what’s your favorite method ..? layer 7 or what?

ZeroByte · April 17, 2015, 4:07pm

Me, I don’t block - but if I did want to block, I would recommend DNS policy and set the hostname to point to a server that redirects all to a “forbidden” page. (it will give SSL warnings, if you’re redirecting SSL, though, but at least it’s blocked, right?)

Try using opendns

boen_robot · April 17, 2015, 4:16pm

Instead of redirecting the DNS requests, you could also block them… No SSL errors this way, although no explicit notice either (i.e. users might think they don’t have internet if you’ve blocked the only site they go to, e.g. Facebook).

The DNS approach can be worked around by clients if users are smart enough… They can add the IP and domain to their “%system32%\drivers\etc\hosts” file, and bypass DNS entirely.

An alternative approach is to block the IP, which can’t be worked around, but will also affect any site hosted on the same IP (e.g. you can’t block YouTube without blocking Google Drive, as Google shares the same set of IPs for both services).

ZeroByte · April 17, 2015, 6:17pm

Long story short - there is no foolproof way to block stuff other than turning everything off.

I still say OpenDNS (or implementing you own zone policies if you don’t like the opendns company) is the cleanest in general, with the Mikrotik redirecting DNS to self (or simply blocking dns queries to servers other than the opendns servers)

Yes, a determined user can use the hosts file to get around DNS, but that’s getting into 0.01% of users (not 1 percent, one one-hundredth of one percent) who are knowledgeable enough to do this.

loveman · April 18, 2015, 8:01am

Mr.ZeroByte
thanks for your replay comment , now I need to block every program (have call’s) for example (viber & imo & Skype ..etc ) , buz all program have a call ! I need to block’s in mikrotik server , if you have a idea plz comment me ,
thanks