Community discussions

MikroTik App
 
ShayanPAL
just joined
Topic Author
Posts: 1
Joined: Thu Dec 19, 2019 12:20 pm

how to disable http(Webfig i mean)

Thu Jun 25, 2020 11:06 pm

hi there
i couldn't find any soulotion for my issue over internet

theres a simple issue with my ROS

i have userman installed and using

i want only to disable mikrotik webfig so that eveyone can use userman web-based
if i disable http port in ip>service both userman and webfig will stop working
i want only userman enabled and webfig disabled on my router
 
User avatar
floaty
Member Candidate
Member Candidate
Posts: 184
Joined: Sat Oct 20, 2018 1:24 am
Location: 52°08'32.34"N 14°39'05.0"E

Re: how to disable http(Webfig i mean)

Sat Jun 27, 2020 2:27 am

you're right ... the simplest possibility is far too - ... bloody - simple here.

https://mum.mikrotik.com/presentations/ ... 480323.pdf

The Technique; Ninja Said This is The Jutsu #joke
• Static DNS # ... näh
• Web Proxy # ... nope
• Route Policy # ... eventually, why not ... if you can find distinguishable patterns in traffic ?!
• Content Filter # ... : | ... not shure what that means
• Layer 7 Firewall # ... it works with regex ... like kinda route policies ... check options
• Destination IP Address/Port Block # ... feels also like the wooden hammer ?! isn't it ?
.
hard so say ... ... he is going with a name referring to a ninja ... ninja is not rabbit ... way not !
So ... do your math ... ... do your homework ... and keep posting us with your results.
.
Hashimé
~~
We know what happens to people who stay in the middle of the road. They get run over.
 
sindy
Forum Guru
Forum Guru
Posts: 5343
Joined: Mon Dec 04, 2017 9:19 pm

Re: how to disable http(Webfig i mean)

Sat Jun 27, 2020 11:07 am

i want only userman enabled and webfig disabled on my router
First, look here. The URL of the user manager differs from the one of WebFig by the /userman in the end.

Next, accept that the method suggested below only works for http access, because for https, only the address (or fqdn) part of the url is available in plaintext for matching by a layer 7 rule, so distinction by presence or absence of the /userman suffix of the url is impossible with https. And then, you can adapt the approach described here accordingly (by modifying the layer 7 rule alone).
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.

Who is online

Users browsing this forum: ammarmohammed1, deanz, Florian and 73 guests