Community discussions

 
User avatar
oortega
just joined
Topic Author
Posts: 7
Joined: Sat Jan 06, 2018 8:33 pm

block certain urls Layer7 and not the entire website

Tue Feb 06, 2018 1:17 am

Hello,

how to block certain urls and not the entire website?
Only Block this url: http://www.islasparadisiacas.net/wp-con ... -islay.jpg
No Block entire website:

I have tried like this:
/ip firewall layer7-protocol
#Work
add name="islasparadisiacas.net" regexp="^.+(islasparadisiacas.net).*\$\?"

#Work
add name="islasparadisiacas.net" regexp="^.+(wp-content/uploads/2017/07/imagen-isla-islay.jpg).*\$"

# Not Work
add name="islasparadisiacas.net" regexp="^.+(islasparadisiacas.net/wp-content/uploads/2017/07/imagen-isla-islay.jpg).*$"

/ip firewall filter
add action=drop chain=forward layer7-protocol="islasparadisiacas.net" log-prefix="" src-address-list=!no-firewall



/ip firewall filter
add action=drop chain=forward layer7-protocol="forosdelweb" log-prefix="" src-address-list=!no-firewall


can you please help me?.
Regards
 
Sob
Forum Guru
Forum Guru
Posts: 4073
Joined: Mon Apr 20, 2009 9:11 pm

Re: block certain urls Layer7 and not the entire website

Tue Feb 06, 2018 2:52 pm

Last one can't work, because http request looks like this (and I'm not sure if Host header is always first):
GET /wp-content/uploads/2017/07/imagen-isla-islay.jpg HTTP/1.1
Host: www.islasparadisiacas.net
<other headers>
I didn't test it, but you might have a chance with regexp like this (not exactly a polished one, but shows the basic idea):
\ /wp-content/uploads/2017/07/imagen-isla-islay\.jpg\ .*Host:\ www\.islasparadisiacas\.net
Also remember that blocking like this is very ineffective and if you plan to do it for more urls, your router won't like it at all.
 
User avatar
oortega
just joined
Topic Author
Posts: 7
Joined: Sat Jan 06, 2018 8:33 pm

Re: block certain urls Layer7 and not the entire website

Tue Feb 06, 2018 5:51 pm

Last one can't work, because http request looks like this (and I'm not sure if Host header is always first):
GET /wp-content/uploads/2017/07/imagen-isla-islay.jpg HTTP/1.1
Host: www.islasparadisiacas.net
<other headers>
I didn't test it, but you might have a chance with regexp like this (not exactly a polished one, but shows the basic idea):
\ /wp-content/uploads/2017/07/imagen-isla-islay\.jpg\ .*Host:\ www\.islasparadisiacas\.net
Also remember that blocking like this is very ineffective and if you plan to do it for more urls, your router won't like it at all.


I don´t know how to match Headers but I tried this:
#URL http://islasparadisiacas.net/wp-content/uploads/2017/07/imagen-isla-islay.jpg

# Not Work
add name="islasparadisiacas.net" regexp="^.+(/wp-content/uploads/2017/07/imagen-isla-islay.jpg) Host: islasparadisiacas.net .*$"
# Not Work
add name="islasparadisiacas.net" regexp="^Host: islasparadisiacas.net .+(/wp-content/uploads/2017/07/imagen-isla-islay.jpg).*$"

# Work
add name="islasparadisiacas.net" regexp="^.*Host: islasparadisiacas.net.*$"
Some ideas?
 
Sob
Forum Guru
Forum Guru
Posts: 4073
Joined: Mon Apr 20, 2009 9:11 pm

Re: block certain urls Layer7 and not the entire website

Tue Feb 06, 2018 6:52 pm

Maybe try the one I posted? I did quick test now and this works:
/ip firewall layer7-protocol
add name=test3 regexp="\\ /wp-content/uploads/2017/07/imagen-isla-islay\\.jpg\\ .*Host:\\ www\\.islasparadisiacas\\.net"
/ip firewall filter
add action=reject chain=forward dst-port=80 layer7-protocol=test3 protocol=tcp reject-with=tcp-reset
 
szantol
just joined
Posts: 1
Joined: Thu Aug 02, 2018 9:59 pm

Re: block certain urls Layer7 and not the entire website

Thu Aug 02, 2018 10:14 pm

Hi!
this is my test solution, with web proxy. It is working. It deny all URL that contain word "origo", but allow if URL contain word "rigo"
You do not necessary all line/command, sorry i not selected.
(This is a VPS on internet, i used 185.80.xxx.xxx:8080 to IE proxy)

My all config:

/tool user-manager customer
set admin access=own-routers,own-users,own-profiles,own-limits,config-payment-gw
/ip address
add address=185.80.xxx.xxx/24 comment="added by setup" interface=ether1 network=185.80.xxx.x
add address=185.187.xxx.xxx/24 interface=ether1 network=185.187.xxx.x
/ip dns
set servers=8.8.8.8
/ip firewall nat
add action=masquerade chain=srcnat src-address=185.80.xxx.xxx
add chain=dstnat
add action=redirect chain=dstnat dst-port=80 protocol=tcp to-ports=8080
/ip proxy
set enabled=yes src-address=185.80.xxx.xxx
/ip proxy access
add dst-host=:rigo
add action=deny dst-host=:origo
/ip route
add comment="added by setup" distance=1 gateway=185.80.xxx.xxx
/tool user-manager database
set db-path=user-manager

sequence is important:
In Web proxy Access tab first line (#0): add dst-host=:rigo,
second line (#1): add action=deny dst-host=:origo
 
prozaklob
just joined
Posts: 2
Joined: Tue Jan 20, 2015 6:51 am

Re: block certain urls Layer7 and not the entire website

Wed May 15, 2019 10:25 am

and what if i whant blocked direct link?

Code: Select all

https://www.testsite.com/video/d54hf
 
Sob
Forum Guru
Forum Guru
Posts: 4073
Joined: Mon Apr 20, 2009 9:11 pm

Re: block certain urls Layer7 and not the entire website

Wed May 15, 2019 2:15 pm

You can't, with https you'll be able to see only www.testsite.com, not /video/d54hf.

Who is online

Users browsing this forum: No registered users and 80 guests