Hello,
I am using the ip->webproxy and in access one rule is not working for https URLs
My brownser is set to use proxy, configured manually and i certified it is using proxy (netstat -nb)
/ip proxy
set always-from-cache=no cache-administrator="" cache-hit-dscp=4 cache-on-disk=no enabled=yes max-cache-size=none max-client-connections=5000 max-fresh-time=3d \
max-server-connections=5000 parent-proxy=0.0.0.0 parent-proxy-port=0 port=888 serialize-connections=no src-address=0.0.0.0
/ip proxy access
add action=deny disabled=no dst-host="" dst-port="" path=/billing*
add action=deny disabled=no dst-port="" path=*.zip
if i access for example https://website.com/billing/
it allow when it should deny the access.
when i try to download a zip file without https, it does the job (deny access).
Router with version 5.25 and firmware 3.07
RB1100
bug?
How to get it working? I want to deny access to a specific part of a website, without deny all website.
The URL is part of the HTTPS page’s content.
As such, there’s no way to read it without breaking the encryption, which defeats the purpose of using HTTPS to begin with, and would cause a warning screen at the user’s browser. Web proxy software (MikroTik’s as well as others) know this, so they don’t work on HTTPS pages.
You can block a whole IP or port where you know an HTTPS runs on (using firewall rules), but you can’t block specific sections. This is “by design” of the protocol.
when i use for example in Dst-Host *facebook.com
it does block for https.
Is webproxy using the IP from the domain name?
AFAIK, yes.
Besides, when you type “facebook.com”, you first go to “http://facebook.com/” which in turn redirects you to “https://facebook.com/” which is what you end up seeing. Try typing “https://facebook.com” directly and see if the proxy reacts the same.
I just noticed your signature.
I am going to try out the RouterOS API soon.
What is the difference in using your API and using RouterOS API?
Thank you.
What I have is a “RouterOS API” client. So comparing “your API and using RouterOS API” is a false comparrison - you’ll be using the very same thing.
If you mean what’s the difference between my RouterOS API client vs. other RouterOS API clients, it’s mostly convenience wrappers, so that you don’t need to be familiar with the RouterOS API protocol, but can instead be familiar only with console scripting.
For example, with my client, you can write a request like:
$client(new RouterOS\Request('/queue simple set numbers=queue1 max-limit=2M/10M'));
whereas with, let’s say Denis Basta’s RouterOS API client, you’d have to write that as
$client->comm('/queue/simple/set', array('numbers' => 'queue1', 'max-limit' => '2M/10M'));
Also, support for RouterOS API tags… for some reason, most clients seem to ignore that (IMHO) wonderful feature - you can issue multiple requests at once, and deal with the responses later on. e.g. you can create an application that continuously monitors traffic on one or more interfaces AND it also occasionally does something else, like adding/removing an entry or something.