I found a different solution:
after a user logins, can be applied a different IP using the attribute "address pool" in the group it belongs.
So although the PC is assigned a IP from DHCP, the webserver will show a different IP; that IP can be managed from mikrotik.
Then I created a mangle roule , and everything works.
To clarify:
Clients are assigned IPs: 172.30.50.0/24. DHCP pool is 172.30.50.10-199/24.
Create an address pool: !172.30.50.200-254 (GW2_pool)
Create User gw2_user
Create group gw2_group
Assign gw2_group address pool "GW2_pool". After login each user will be a assigned a secondary IP from GW2_pool range
Dont select transparent proxy.
Create a mangle route
chain: prerouting
advanced --> src_address list --> GW2_pool
action --> mark routing --> GW2_mark & passthrough
Create a route 0.0.0.0/0 --> next hop GW2 , mark: GW2_mark
It works