[list of users] add web sites maching regexp to list, add ip conecting to those sites to other list?

RouterOS Beginner Basics
1

Good days
i don't speak very well the English so i gonna try mi best to explain this

i have an CR5125-24G and like (38 PC whit + server ) all whit static ip, + an unterminated number of cellphones using mi wireless in dhcp mode

some of mi users are using things like youtube and facebook and i wanna know who, some are from sales department.
i been trying to block facebook by its ip but has more of one, like 20 o more so.

-first i need to catch all actual facebook ip plus the ones appearing in the future, i need a rule to populate a list named facebookips whith all the traffic whit domain like matching regexp='^facebook$'; can you show me or explain me how this rule must goo ??

second i want another list but this list must be populated whit the ip from the users connecting to the later list this second list must be called facebookusers
once i have this data i could determinate who legitimately needs facebook and who must be block

  • can i populate a list whit layer7 regexp from https/ssl protected domains like facebook or youtube ??
  • Again, well i don't know how, to populate a list whit a regexp to catch all the ips a domain like facebook is using ,

i hope you could understand what i trying to achieve
thanks for reading.

2

some of mi users are using things like youtube and facebook and i wanna know who, some are from sales department.
i been trying to block facebook by its ip but has more of one, like 20 o more so.


/ip firewall layer7-protocol
add name=BlockYoutubeFacebook regexp="^.+(facebook.com|youtube).*\$"
/ip firewall filter
add action=drop chain=forward layer7-protocol=BlockYoutubeFacebook



second i want another list but this list must be populated whit the ip from the users connecting to the later list this second list must be called facebookusers once i have this data i could determinate who legitimately needs facebook and who must be block

and for this you can create white list at ip firewall addres-list and give them permission to access.

/ip firewall filter
add action=accept chain=forward layer7-protocol=BlockYoutubeFacebook src-address-list=WhiteList

test this.

3

i dunat know i try something like that the last time and don't works

[admin@MikroTik] /ip firewall layer7-protocol> print

NAME REGEXP

0 lista ^.+(facebook.com).$
1 listafaceboo ^.+(facebook).$
[admin@MikroTik]

anyway i gonna try it today
[admin@MikroTik] /ip firewall layer7-protocol>> print

NAME REGEXP

0 testlist ^.+(facebook.com|youtube).*$
[admin@MikroTik] /ip firewall layer7-protocol>>


and print
12 chain=forward action=accept src-address-list=usertestlist layer7-protocol=testlist log=no
log-prefix=""

4

no its not working
the main idea is that if some of mi users go and navigate to the facebook web page
that facebook ip goes into the list but it's not

i do a new test:
i have the makrotic web page "http://www.macrotics.co/"

/ip firewall layer7-protocol
add name=testlist2 regexp="^.+(makrotic).*$"

[admm00@MikroTik] /ip firewall address-list> /ip firewall layer7-protocol
[admm00@MikroTik] /ip firewall layer7-protocol> print

NAME REGEXP

0 testlist ^.+(facebook.com|youtube).$
1 testlist2 ^.+(makrotics).$
[admm00@MikroTik] /ip firewall layer7-protocol>

then i go into the makrotic web page "http://www.macrotics.co/" and

[admm00@MikroTik] /ip firewall> address-list
[admm00@MikroTik] /ip firewall address-list> print
Flags: X - disabled, D - dynamic

LIST ADDRESS TIMEOUT

0 sinfaceboo 192.168.0.25
1 sinfaceboo 192.168.0.29
2 listafaceboo 31.13.65.1
3 listafaceboo 31.13.65.36
4 listafaceboo 31.13.71.36
5 D port scanners 204.79.197.200 1w6d16h20m36s
6 D port scanners 13.107.21.200 1w6d16h27m28s
7 D port scanners 192.168.0.105 1w6d19h41m12s
8 D port scanners 204.93.154.215 1w6d23h10m22s
[admm00@MikroTik] /ip firewall address-list>

###########
no its not getting into the list=testlist2

this means i have this terribly wrong.
Or the regexp is malformed

Thanks for reading