It is impossible with web proxy, because webfig has not absolute path
APs are in a certain place, Radius is in other place. Customers of hotspots use the user manager over public interface.
Moreover PayPal server connects with the user manager over public interface.
I hope, you find any solution
This doesn’t mean that the user manager needs access from public side. User Manager connects TO paypal, not paypal to user manager.
You do not have web server on your router, so my mentioned rule will not block that traffic. It is “forward” traffic not “input”.
The same for user manager, if it is set on other router behind gateway.
@normis
my customer use the link _http://myhost/user_ to manage own data
yes, correct is - user manager connects to paypal server
@mrz
you’re right. By retrieving http://myhost is forwarded to my web server. Here can be not seen the webfig page , so i don’t need it for port 80.
But by rertieving https://myhost i receive the webfig page. So i’ ve forwarded any access over port 443 to web proxy.
So following configurations are made, but unsuccessful
-
block direct access to web proxy
ip firewall filter add chain=input protocol=tcp dst-port=8080 in-interface=ether1 action=drop -
enable the web proxy
ip proxy set enabled=yes -
forwarding to web proxy
ip firewall nat add chain=dstnat dst-address=publicip protocol=tcp dst-port=443 action=redirect to-ports=8080 -
add access rule by web proxy to block webfig
ip proxy access add dst-address=publicip path=“/webfig/*” action=deny -
add access rule by web proxy to allow user manager
ip proxy access add dst-address=publicip path=“/user/*” action=allow
ip proxy access add dst-address=publicip path=“/userman/*” action=allow
What did i done wrong?
Hi Mikrotik-Team,
I need your answer. Thanks in advance 