Hello,
I’m trying to filter traffic (URL + URI) coming from the Internet to a web server that only listens on port 80. No encryption.
I’ve tried several methods without success. I’m able to block traffic on port 80, but I can’t block it with a regex.
The method I used was to mark the traffic and exploit this marking with a filter rule, so that I am able to block traffic on port 80.
The aim is to allow only one URL + URI to enter the web server and reject everything else.
/ip firewall layer7-protocol
add name=Test regexp=“^.+(test.com).*\$” (for the moment, I’m just testing the FQDN)
To perform my tests, I use the Curl command:
curl -v -H: “host:test.com” http://192.168.2.2:80/uri
/ip firewall filter
add action=drop chain=forward in-interface=ether2 packet-mark=“Packets-HTTP”
/ip firewall mangle
add action=mark-connection chain=forward in-interface=ether2 new-connection-mark=Connection-IN-INGRESS
passthrough=yes
add action=mark-connection chain=prerouting in-interface-list=LAN new-connection-mark=Connection-IN-EGRESS
passthrough=yes
add action=mark-packet chain=forward Connection-IN-INGRESS new-packet-mark=Packets-INGRESS passthrough=yes
add action=mark-packet chain=prerouting Connection-IN-EGRESS new-packet-mark=Packets-EGRESS passthrough=yes
add action=mark-packet chain=forward new-packet-mark=“Packets-HTTP”
packet-mark=Packets-INGRESS passthrough=yes port=80 protocol=tcp
I’ve tried reverse proxy, but I couldn’t get that to work either.
Which of the two is best for me?
Thanks for your help.