Hi. I have RB2011UiAS-2HnD-IN for a few months and now decided to block some websites.
Just to try I added layer 7 regexp
^.+(bash.org).*$
Then added filter rule in forward chain to drop that layer 7 group.
But nothing happens, no packets matches…
I’m using default configuration with pppoe internet connection and NAT for local network.
Can somebody advise where to look? And sorry for my english 
l7 rules are not meant for blocking webpages, they inspect packets, not URLs. a packet might not even contain the URL
You can use transparent proxy + access list to block http websites, or you can use the new domain-address-list in latest RC versions to block any kind of traffic based on domain
Thanks for explanation. There are several manuals from Google, advising to block web sites with layer 7, they confused me.
Can proxy server on RouterOS filter https traffic?
And from what RC version I can use domain-address-list?
The latest RC is the one that has the new feature (6.36rc21). Keep in mind that it is a beta release, so there will probably be some weird issues depending on the complexity of your setup.
The proxy can handle HTTPS traffic IF the client has the MikroTik set as their proxy. It cannot redirect HTTPS traffic transparently and filter things that way.
Thank you!