Web-Proxy Status Passthru

RouterOS General
1

Hello, im implementing a X86 RouterOS running in a ESXi environment, it was working until i got a Level 4 license to run a transparent web-proxy.

When i enabled the web proxy it is giving me a status unknow, when i go to the terminal to check it gives status: passthru. This status isn´t documented, what gives this status?

I cannot get it to run.

Thanks!

This is my /ip proxy expor hide-sensitive


/ip proxy
set cache-administrator=suporte@facuryepalma.com.br enabled=yes \
    max-cache-size=none parent-proxy=0.0.0.0 src-address=192.168.1.1
/ip proxy access
add comment=SERPRO disabled=yes dst-address=161.148.0.0/16
add disabled=yes dst-address=189.9.0.0/18
add disabled=yes dst-address=189.9.64.0/18
add disabled=yes dst-address=189.9.71.0/24
add disabled=yes dst-address=189.9.192.0/18
add disabled=yes dst-address=190.98.146.0/24
add disabled=yes dst-address=200.198.224.0/20
add disabled=yes dst-address=200.198.192.0/19
add disabled=yes dst-address=189.9.128.0/18
add comment=DataPREV disabled=yes dst-address=200.152.32.0/21
add disabled=yes dst-address=200.152.40.0/22
add disabled=yes dst-address=200.152.44.0/22
add comment="Caixa Economica" disabled=yes dst-address=200.201.160.0/22
add disabled=yes dst-address=200.201.164.0/22
add disabled=yes dst-address=200.201.167.0/24
add disabled=yes dst-address=200.201.168.0/21
add comment=Sintegra dst-host=www.sintegra.gov.br
add dst-host=sintegra.sefaz.rs.gov.br
add dst-host=sistemas3.sef.sc.gov.br
add dst-host=www.sintegra.fazenda.pr.gov.br
add dst-host=pfeserv1.fazenda.sp.gov.br
add dst-host=www1.sefaz.ms.gov.br
add dst-host=www.fazenda.rj.gov.br
add dst-host=www.sintegra.es.gov.br
add dst-host=consultasintegra.fazenda.mg.gov.br
add dst-host=www.fazenda.df.gov.br
add dst-host=appasp.sefaz.go.gov.br
add dst-host=www.sefaz.mt.gov.br
add dst-host=www.sefin.ro.gov.br
add dst-host=sefaznet.ac.gov.br
add dst-host=www.suframa.gov.br
add dst-host=www.sefaz.am.gov.br
add dst-host=www.sefaz.rr.gov.br
add dst-host=app.sefa.pa.gov.br
add dst-host=www.sintegra.ap.gov.br
add dst-host=www.sefaz.ma.gov.br
add dst-host=sintegra.sefaz.to.gov.br
add dst-host=web.sintegra.sefaz.pi.gov.br
add dst-host=www.sefaz.ba.gov.br
add dst-host=www.sefaz.se.gov.br
add dst-host=www.sefaz.al.gov.br
add dst-host=www.sintegra.sefaz.pe.gov.br
add dst-host=sintegra.receita.pb.gov.br
add dst-host=www.set.rn.gov.br
add comment=Captcha dst-host=api.recaptcha.net
add dst-host=www.google.com/js
add dst-host=www.google.com/recaptcha/api
add action=deny dst-host=accounts.google.com
add comment=Bancos dst-host=bradesconetempresa.com.br
add dst-host=bradesco.com.br
add dst-host=caixa.gov.br
add dst-host=cmt.caixa.gov.br
add dst-host=conectividade.caixa.gov.br
add dst-host=contadez.cenofisco.com.br
add dst-host=cpo.procempa.com.br
add comment="NF Paulista" disabled=yes dst-address=201.55.62.85
add comment="Simpliss SJBV" disabled=yes dst-address=187.45.245.217
add action=deny disabled=yes dst-address=0.0.0.0/0
2

Where do you see the status:passthru? haven’t seen that even on 6.35rc…

why do you state that isn’t working? Are you redirecting HTTP traffic to it?

3

Got it running, to see it in passthru mode you need to set /ip proxy set max-cache-size=none the /ip proxy monitor you will see status passthru.

I figured that out now i got another problem when i set the dst-nat rule to redirect requests from port 80 to 8080 to make the transparente proxy work all navigation stops working.

4

Do you see the proxy being hit when that happens?? Have you tried clearing the cache?

If you post a complete export it will be easier.

5

I have the same problem. I have tryed with the default configuration, just only to enable proxy but result was the same.

[admin@MikroTik] /ip proxy> print
enabled: yes
src-address: ::
port: 8080
anonymous: no
parent-proxy: ::
parent-proxy-port: 0
cache-administrator: webmaster
max-cache-size: none
max-cache-object-size: 1000KiB
cache-on-disk: no
max-client-connections: 600
max-server-connections: 600
max-fresh-time: 2d
serialize-connections: no
always-from-cache: no
cache-hit-dscp: 4
cache-path: web-proxy

[admin@MikroTik] /ip proxy> monitor
status: passthru
uptime: 13m29s
client-connections: 13
server-connections: 11
requests: 239
total-ram-used: 702KiB
received-from-servers: 37283KiB
sent-to-clients: 37280KiB
hits-sent-to-clients: 0KiB

Board R941-2nd with 6.35 os
Any ideas?

6

OK, got it working, now i have another problem, i need to access a google captcha trough https but i cant get it working, which is on the following website:

https://www.google.com/recaptcha/

7

Hi,

I have the same problem, and the proxy rules (Access) are not working properly in that “passthrough” state …
On another Mikrotik router the status is “enable” and it’s working fine : what was your workaround to make it work again ?

8

I’m also having this problem. WebProxy Status is “passthrough”, and it doesn’t work.

Can anyone explain how to get “normal” status? Mikrotik’s documentation, is (as always) pure crap and doesn’t even mention this strange “passthrough” status.

Why are Mikrotik’s docs so bad?

9

Has anyone found out how to fix this web proxy passthrough status?

10

It is 2022. We have stopped using transparent proxies. They are not compatible with https, only http, and there is almost no http left.

11

MT should just remove the not more needed web proxy function to add space for other cool function :slight_smile:

12

All that crap has to move into a separate package that we can just ignore…

13

I have same issue on hAP lite

My proxy status is passthrough and proxy doesn’t work

I don’t want use tranparent proxy, I need plain proxy for my reason

 [admin@mik] /ip/proxy> print
                 enabled: yes
             src-address: ::
                    port: 3128
               anonymous: yes
            parent-proxy: ::
       parent-proxy-port: 0
     cache-administrator: webmaster
          max-cache-size: 2048KiB
   max-cache-object-size: 2048KiB
           cache-on-disk: no
  max-client-connections: 600
  max-server-connections: 600
          max-fresh-time: 3d
   serialize-connections: no
       always-from-cache: no
          cache-hit-dscp: 4
              cache-path: web-proxy
[admin@mik] /ip/proxy> monitor
                 status: passthrough
                 uptime: 28m37s
     client-connections: 0
     server-connections: 0
               requests: 2
         total-ram-used: 0KiB
  received-from-servers: 0KiB
        sent-to-clients: 0KiB
   hits-sent-to-clients: 0KiB

[admin@mik] /ip/proxy> /ip firewall/nat print
Flags: X - disabled, I - invalid; D - dynamic 
 0    ;;; defconf: masquerade
      chain=srcnat action=masquerade out-interface-list=WAN ipsec-policy=out,none

First attempt to use proxy is success, but any other failed. Proxy is silently not working

How I can turn proxy into running state?

I’m already tried different firmwares like 6.47.10, 6.49.7 and 7.6

Please help

14

Running a proxy on a hAP lite??? Man, please stop being so funny… I need to drink my coffee not spill it!

15

And I am surprised people are posting question in this thread when it clearly posted that Web proxy does not work with https sites and nearly all web site are https…

16

Well, a proxy server DOES work for https sites when it is explicitly configured (not as transparent proxy).
However, no caching will be possible, at most domain-name filtering (not URL filtering).
Still, it does not make sense to try that on a hAP lite… or a MikroTik router in general.

17

In general, web proxy WORKS CORRECTLY in many other mikrotiks with another architectures.
I’m use proxy NOT IT transparent mode.
@Jotne, you might be more observant.