Community discussions

 
giobulia
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 52
Joined: Thu Jun 23, 2011 4:30 pm

How to block and redirect website

Fri May 18, 2012 11:11 pm

Hello,

I want to block and redirect website example from 1PM to 2PM
I want to block website1.com and redirect to website2.com

Thank you
 
User avatar
boen_robot
Forum Guru
Forum Guru
Posts: 2389
Joined: Thu Aug 31, 2006 4:43 pm
Location: europe://Bulgaria/Plovdiv

Re: How to block and redirect website

Sat May 19, 2012 12:02 am

You'd have to do a dst-nat to a web server that you control, and from there, based on the hostname, redirect to the desired site.

To do the redirect, with PHP at least, it's as simple as
<?php
if (preg_match('/^([^\n\.]+\.)*website1\.com$/i', $_SERVER['HTTP_HOST'])) {
    header('Location: http://website2.com');
} 
The most difficult part is matching the requests that should be redirected to the web server in the first place. The easiest (although somewhat error prone and inefficient) way is to use layer7-protocol filter. Something like:
/ip firewall layer7-protocol add="HTTP website1.com" regexp="^\S+ \S+ HTTP\/\d\.\d[^H]+Host: ([^\n\.]+\.)*website1\.com.+\n\n"
Once you have that, adding the dns-nat rule is trivial:
/ip firewall nat add comment="Redirect for website1.com" chain="dstnat" layer7-protocol="HTTP website1.com" time="13h-14h,sun,mon,tue,wed,thu,fri,sat" action="dst-nat" to-addresses="192.168.0.254"
(replace 192.168.0.254 with the IP of your web server)

P.S. The regex in the PHP, and the equivalent portion in the layer7-protocol both ensure you redirect website1.com as well as all of its subdomains.
PEAR2_Net_RouterOS(1.0.0b6) - My API client in PHP
(Rate my posts? If you want... no pressure...)
 
giobulia
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 52
Joined: Thu Jun 23, 2011 4:30 pm

Re: How to block and redirect website

Sat May 19, 2012 11:42 am

Hello boen_robot, Thank you for reply.

I tried this but I get this error:

first. expected end of command (line 1 column 33)

second. input does not match any value of protocol

what can I do?

Thank you
 
User avatar
boen_robot
Forum Guru
Forum Guru
Posts: 2389
Joined: Thu Aug 31, 2006 4:43 pm
Location: europe://Bulgaria/Plovdiv

Re: How to block and redirect website

Sat May 19, 2012 12:54 pm

Opps. I missed the name argument. The first command should be
/ip firewall layer7-protocol add name="HTTP website1.com" regexp="^\S+ \S+ HTTP\/\d\.\d[^H]+Host: ([^\n\.]+\.)*website1\.com.+\n\n"
The second commands needs the first before it can work.
PEAR2_Net_RouterOS(1.0.0b6) - My API client in PHP
(Rate my posts? If you want... no pressure...)
 
giobulia
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 52
Joined: Thu Jun 23, 2011 4:30 pm

Re: How to block and redirect website

Sat May 19, 2012 2:21 pm

Opps. I missed the name argument. The first command should be
/ip firewall layer7-protocol add name="HTTP website1.com" regexp="^\S+ \S+ HTTP\/\d\.\d[^H]+Host: ([^\n\.]+\.)*website1\.com.+\n\n"
The second commands needs the first before it can work.

I get this error:
expected end of command (line 1 column 69)]+\.)*website1\.com.+\n\n"

Thank you
 
User avatar
boen_robot
Forum Guru
Forum Guru
Posts: 2389
Joined: Thu Aug 31, 2006 4:43 pm
Location: europe://Bulgaria/Plovdiv

Re: How to block and redirect website

Sat May 19, 2012 2:37 pm

Argh!! Damn command line. Fine, just use the "+" from Winbox, and enter
^\S+ \S+ HTTP\/\d\.\d[^H]+Host: ([^\n\.]+\.)*website1\.com.+\n\n
into the regexp field, and enter
HTTP website1.com
in the name field.
PEAR2_Net_RouterOS(1.0.0b6) - My API client in PHP
(Rate my posts? If you want... no pressure...)
 
giobulia
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 52
Joined: Thu Jun 23, 2011 4:30 pm

Re: How to block and redirect website

Sat May 19, 2012 2:49 pm

 
User avatar
boen_robot
Forum Guru
Forum Guru
Posts: 2389
Joined: Thu Aug 31, 2006 4:43 pm
Location: europe://Bulgaria/Plovdiv

Re: How to block and redirect website

Sat May 19, 2012 3:26 pm

In the NAT rule, do you have the "layer7-protocol" attribute set to "HTTP top.ge"? In Winbox, you can see it in the "Advanced" tab of the rule. Add it if not.

If you do have it and it still doesn't work... hmm... try with the regex
^\S+ \S+ HTTP\/\d\.\d.+Host\:([^\n\.]+\.)*website1\.com.*\n\n
If even that doesn't work... what is this top.ge site? Does it resolve only to a single IP or multiple IPs? Do your clients use your router as a DNS too? There are other techniques besides layer7-protocols that can be used depending on the answers of those two questions... I started with layer7, because if the regex is correct, the solution is universal. But like I said, it's error prone.
PEAR2_Net_RouterOS(1.0.0b6) - My API client in PHP
(Rate my posts? If you want... no pressure...)
 
giobulia
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 52
Joined: Thu Jun 23, 2011 4:30 pm

Re: How to block and redirect website

Sat May 19, 2012 9:25 pm

Thank you.
I try it but does not work.
 
giobulia
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 52
Joined: Thu Jun 23, 2011 4:30 pm

Re: How to block and redirect website

Sat May 19, 2012 10:18 pm

I tried this:
/ip proxy access add dst-host=: action=deny redirect-to=top.ge

for time I create Scheduler, enter time and insert this:
/system script run <script name>


Thank you boen_robot
 
User avatar
boen_robot
Forum Guru
Forum Guru
Posts: 2389
Joined: Thu Aug 31, 2006 4:43 pm
Location: europe://Bulgaria/Plovdiv

Re: How to block and redirect website

Sun May 20, 2012 12:49 am

Wait... doesn't that only work when your users set up your router as a proxy server?

If it works regardless, I must say I just learned something :idea: .
PEAR2_Net_RouterOS(1.0.0b6) - My API client in PHP
(Rate my posts? If you want... no pressure...)
 
giobulia
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 52
Joined: Thu Jun 23, 2011 4:30 pm

Re: How to block and redirect website

Mon May 21, 2012 11:06 am

Yesterday it worked. today does not work. I can't understand
 
Riajul74
Frequent Visitor
Frequent Visitor
Posts: 68
Joined: Sun Feb 10, 2013 12:01 am

Re: How to block and redirect website

Wed Jun 26, 2013 8:02 pm

You'd have to do a dst-nat to a web server that you control, and from there, based on the hostname, redirect to the desired site.

To do the redirect, with PHP at least, it's as simple as
<?php
if (preg_match('/^([^\n\.]+\.)*website1\.com$/i', $_SERVER['HTTP_HOST'])) {
    header('Location: http://website2.com');
} 
The most difficult part is matching the requests that should be redirected to the web server in the first place. The easiest (although somewhat error prone and inefficient) way is to use layer7-protocol filter. Something like:
/ip firewall layer7-protocol add="HTTP website1.com" regexp="^\S+ \S+ HTTP\/\d\.\d[^H]+Host: ([^\n\.]+\.)*website1\.com.+\n\n"
Once you have that, adding the dns-nat rule is trivial:
/ip firewall nat add comment="Redirect for website1.com" chain="dstnat" layer7-protocol="HTTP website1.com" time="13h-14h,sun,mon,tue,wed,thu,fri,sat" action="dst-nat" to-addresses="192.168.0.254"
(replace 192.168.0.254 with the IP of your web server)

P.S. The regex in the PHP, and the equivalent portion in the layer7-protocol both ensure you redirect website1.com as well as all of its subdomains.

can you please help me with this ?

http://forum.mikrotik.com/viewtopic.php?f=1&t=74197
 
apocalips
just joined
Posts: 3
Joined: Mon Jan 24, 2011 4:29 pm

Re: How to block and redirect website

Tue Oct 15, 2013 7:13 pm

Hello Mr giobulia
გამარჯობა თბილისიდან

http://codingtips.itwebsols.com/servers ... l7-layer7/
such as this method is a blocked. how i can to forward?
 
ALX1S
newbie
Posts: 39
Joined: Mon Apr 27, 2015 5:28 pm
Location: Buenos Aires, Argentina

Re: How to block and redirect website

Tue May 12, 2015 10:04 pm

HI

Would someone tell me, if its necessary to install in MicroSD when using an internal proxy. I Deployed a RB1100Hx2 with proxy server (in the internal flash storage), and worked fine the first day, but the second start making mess with the internet connections.
I really don't know if having problems with proxy storage (have to be on the external) or some Firewall Policy.

Image

Image

Thanks

Who is online

Users browsing this forum: No registered users and 19 guests