Web Proxy

ferdinandbabst · October 11, 2010, 9:14am

Hi

I have setup web proxy to listen on default port 8080. i have also created the Nat rule
chain=dstnat action=redirect to-ports=8080 protocol=tcp
src-address=172.17.0.0/24 dst-port=80

The rule is working fine but I can’t seem to get any browsing done on the allowed web pages in the proxy.
Do i need to give the proxy server access to internet via NAT rule or masquerade rule etc?

Ibersystems · October 11, 2010, 10:56am

Did you configured the internet access in the board?

ip route add…

you need to add a route to 0.0.0.0/0 with gateway your modem.

otgooneo · November 1, 2010, 6:41am

Hi guys, my web proxy working perfect (RB1000 V4). But I can`t set content filter using web proxy server. Content filtering working on hotspot by firewall filtering option.

Ibersystems · November 2, 2010, 9:01am

Can you copy/paste your ip/firewall filters?

otgooneo · November 2, 2010, 11:19am

Actualy my goal is block bad pages then show to my customers “Blocked page”. My customers are connecting via hotspot. So I can set content filter using firewall mangle and filter rules. Here is my config:

[admin@Testing] /ip firewall> fil print det
0  chain=forward action=drop dst-address-list=BadIP

[admin@Testing] /ip firewall mangle> print
1   chain=forward action=add-dst-to-address-list protocol=tcp address-list=BadIP address-list-timeout=10s dst-port=80 content=adult 
2   chain=forward action=add-dst-to-address-list protocol=tcp address-list=BadIP address-list-timeout=10s dst-port=80 content=porn 
3   chain=forward action=add-dst-to-address-list protocol=tcp address-list=BadIP address-list-timeout=10s dst-port=80 content=sex

But I can`t show to my customers that page is blocked by administrator. Firewall filter rule just drops packets.
Therefor I have started to use Web proxy service. In this case I can block web host by static host name.

[admin@Testing] /ip proxy access> print det
0   dst-port=80 dst-host=www.redtube.com action=deny hits=0

Now I can show them Blocked page but I have to add manually all bad web hosts . It`s too rude way.

Ibersystems · November 2, 2010, 11:35am

Did you configured ip/hotspot/server profiles/http proxy?

otgooneo · November 2, 2010, 1:56pm

I havent done that. But I have added NAT rule, which works like that. Just because I didnt know hotspot already has this feature.

[admin@Testing] /ip firewall nat> print det
 1  ;;; To Proxy
     chain=dstnat action=redirect to-ports=1010 protocol=tcp src-address=172.16.24.0/24 dst-port=80

My only wish is use content and URL filter with “Admin Blocked Page”.
Has the RouterOS anyway to add firewall filter rule with redirect page? Like it - <<action=drop, redirect=errorpage.html>> lol…

Sorry Iber, for my bad english.

Ibersystems · November 2, 2010, 1:59pm

I think I did this with hotspot and webproxy : /

Ibersystems · November 2, 2010, 2:14pm

I just checked and I have only webproxy there. If I activate the webproxy I disable the hotspot.. I don’t know why, but you can imagine.. xD

Mmm..

with redirect in webproxy you can redirect people to YOURHOTSPOTIP/deny.html
You need to place deny.html in your routerOS and they will see the file when deny.

otgooneo · November 2, 2010, 4:37pm

Thank you Iber. I`ll try again.

Chupaka · November 2, 2010, 8:33pm

anyway, content filtering is not available in Proxy