Web proxy question - please help

Gromit · September 28, 2007, 1:41pm

we run a RD532 with RouterOS as a transparent proxy. Is it possible to block all proxying sites (i.e. proxify.com) using some sort of rule? Maybe in the “path” aspect of the rule add /proxy or any other common sting in proxying sites URLs?

Viroslash · September 28, 2007, 2:46pm

Yes, is possible, using the access list.
Here an example:

/ ip web-proxy access 
add url="proxyfi" action=deny disabled=no
add url="porn" action=deny disabled=no

These rules blocks all web pages that contains the words “proxyfi” and “porn”. You can also apply these rules to a specific host, network and ports too.

Then, when I try search “porno” in google, the proxy says:

_ERROR
The requested URL could not be retrieved

While trying to retrieve the URL: http://www.google.com.ar/search?\

The following error was encountered:
\

Access Denied.

Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.

Your cache administrator is soporte@mikrolan.com.ar.
Generated Fri, 28 Sep 2007 14:45:05 GMT by proxymt (squid/2.5.STABLE11)_

ashish · September 29, 2007, 4:29am

Please Refer Following Example

http://wiki.mikrotik.com/wiki/How_to_Block_Websites_%26_Stop_Downloading_Using_Proxy

//ASHISH

Gromit · October 1, 2007, 1:18pm

Great thanks guys for the help, that worked well.

One question though, why cant I proxy any HTTPS sites? i know it uses a different port number but if I redirect the port to the proxy even if it is allowed it wont connect.

Any advice?

Chupaka · October 1, 2007, 11:19pm

yes, good advice is stop trying
HTTPS in it’s nature is secure protocol, and even router do not know, what is transmitted in https connection
MT also do not support certificate substitution, to realize partial functionality of HTTPS proxy

tgrand · October 2, 2007, 2:21am

Poppy Cock!!!

Go to your Hotspot Profile and define the Proxy and port there.
Then Go to your Use profiles and set the transparent proxy in the user profile.

Disable firewall rules to redirect, and all should be fine.

sergejs · October 2, 2007, 10:25am

Only HTTP traffic is supported in transparent mode of the web proxy.

tgrand · October 2, 2007, 11:31am

You should really go to the dhcp server options and add option 252.
Do a web serch and look up option 252.
Once you create the option, then go to the DHCP server and add the option to the server.
You need a web server to put the PAC file onto.

P.S. It would be a great Feature if ROS supported serving up a PAC file through its web server.