I'd like to block in Mikrotik web proxy to the proxy clients use URL-s contains direct IP address of remote (web,ftp) servers. I want to allow only domain names, because i'd like to filter web access by DNS service.

Example:
Allowed by proxy: https://www.mikrotik.com
Blocked by proxy: https://159.148.147.196

I use the content filter in RAW to drop the direct IP traffic. You have to disable fast tracking for that direction or only engage fast tracking after 1100bytes. It was in a recent MUM presentation if I remember that correctly.
This is for a known IP and if you want to filter all direct IP address on port 80 you can use a regex.

I use the content filter in RAW to drop the direct IP traffic. You have to disable fast tracking for that direction or only engage fast tracking after 1100bytes. It was in a recent MUM presentation if I remember that correctly.
This is for a known IP and if you want to filter all direct IP address on port 80 you can use a regex.

Could you show me the filter?
I dont want to block in forward chain. I only want to block between proxy and client, or proxy and remote host (http/ftp server). The direct connection is blocked. Almost everything have to go trough the webproxy.

Can the Layer 7 filter check the clients connections to the proxy? Maybe can somebody send me regexp code, to filter if a client sand an url to the proxy which url contains ip address and not domain name?

Somebody?

Any idea?

Any idea?

Meanwhile, I made a proxy auto config script, wich check if hostname is IP address with very simple regexp:
"var ip_regexp=/\d+\.\d+\.\d+\.\d+$/"

and check the logical value of this method call:
"ip_regexp.test(host)"

But would be better If I could block in the Mikrotik proxy or firewall, not on the client side.
Any idea?

Yes: Use a full-featured proxy, like squid.

Your usage case is one more argument against using MT for hotspots
with above-basic requirements.
As in openwrt, I often integrated squid. Also to implement
your requested functionality

Yes: Use a full-featured proxy, like squid.

Your usage case is one more argument against using MT for hotspots
with above-basic requirements.
As in openwrt, I often integrated squid. Also to implement
your requested functionality

Ha-ha, verry funny

Now I use an IPFire proxy, and I want to get rid of it, because I can use blocklists and safe DNS with the MT box (3011) what is strong enough to serve all of my users (30) and neither the IPfire cant do ssl intercept, so unnecessary a seperate proxy server, and because IPFire run on a very loaded Hyper-V server, I can save some memory and CPU resource.

There is a Layer7 filter, it really doesnt use for this? I am very unfamiliar with Layer7 filter and regular expressions. I tought, there is somebody who can help me.

Dump IPFire, install a small/old x86-PC running squid as local proxy within your network. This can do, what you want.
It is always strange, to read some questions, having already a supposed-to-work answer included

Dump IPFire, install a small/old x86-PC running squid as local proxy within your network. This can do, what you want.
It is always strange, to read some questions, having already a supposed-to-work answer included

This isnt the answer. I asked, how to do this with Mikrotik, you wrote how to do with other device/software. Thats the strange.

Up?