Hi all, I am trying to make every connected devices get connected to my proxy server but cant get it to work. This is my setup currently:
IP → Web Proxy:
Parent Proxy:
Parent Proxy Source: 3128
Once clicked apply and ok button, the connected devices when going to https://whatismyipaddress.com/ it would still show my ISP instead of the proxy server that I set up in my mikrotik router. Please help.
Ip firewall
Dst 80 and 443 tcp
Action dst
Address of ur proxy server
Port of ur proxy
btw,
don’t think any HTTPS will work.
the “proxy” module on Mikrotik supports HTTP only, and in 2023 only very few websites use HTTP.
Proxy does work for https traffic … but in this case browser has to be configured explicitly to use proxy in http mode (so no transparent proxy is possible indeed). Which means that browser will use http connection to proxy server and request https contents. Proxy will then make a https connection to server which serves contents. This also means that browser delegates responsibility to check server certificate to proxy.
Most proxies (not sure about the one in ROS) will include http header with information about their client’s IP address (if configured this way) which makes possible for server to know IP address of client behind a proxy.
In short: forget about using proxy servers (either transparent or explicit), they are not worth bothering since around 10 years ago.
So this is obsolete and not correct? In the link below “https” is not mentioned.
https://wiki.mikrotik.com/wiki/Manual:IP/Proxy
Not sure if it would insert X-Forwarded-For in the headers neither.
user Firefox , work perfectly fine
I’ve quickly skimmed through the document and I couldn’t find the part which contradicts what I wrote in my previous post.
Then I went forward to check. My router runs ROS v7.8 (so the quick test results might be different when testing against other ROS version, e.g. v6). I enabled proxy on ROS, leaving everything else at default settings. Then I ran the following linux CLI command:
https_proxy=<router_IP>:8080 wget https://<insert your favourite FQDN here>
and contents was downloaded just fine. Then I re-ran the command but omitting the https_proxy variable setting and the contents of retreived html file was identical between the two runs.
The command above is first setting environment variable https_proxy to combination IP:port of proxy running on my ROS. And passing environment variables is the standard way of making system-wide proxy config for CLI commands in linux. There’s another variable, named http_proxy, which is used by CLI commands when URL requires non-SSL connection.
Both are similar to setting HTTP proxy and HTTPS proxy in various GUI web browsers (e.g. in firefox: Edit → Settings → General → Network Settings → Settings … there are 3 different settings in manual mode: HTTP proxy, HTTPS proxy and Socks Host).
But, as I already wrote: using proxy for https connections only works where web client knows that it’s using proxy server and uses HTTP to connect to proxy, then it asks proxy for web content … And obviously in this case SSL/TLS is not end2end between web server and browser, its only between web server and proxy.
Some web proxy servers (e.g. squid) support SSL for connections between clients and themselves. Not many web clients support this feature natively though. If this is used, then SSL connection is made in two legs: one leg is between browser and proxy, another leg is between proxy and server. This functionality is (AFAIK) not supported by ROS proxy service.
…