Community discussions

MikroTik App
 
antiqued4
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 75
Joined: Mon Jan 13, 2020 1:50 pm

WebProxy Mikrotik

Wed Jun 09, 2021 2:51 pm

Hello everyone, so I have a demand here at the company which is to block all sites, allow only a few, using the mikrotik webproxy, configuring on the machines, in the browsers, it worked perfectly, both http and https, but the problem is being in the cell phones, there's no way I can configure the proxy on each cell phone, I tried that rule to redirect port 80.443 to port 8080, but dae the cell phone doesn't navigate, does anyone have any solution for that?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: WebProxy Mikrotik

Wed Jun 09, 2021 3:01 pm

Yes:

Block all traffic on port 80 and 443 except the traffic directed to whitelist.

And block all VPN.
viewtopic.php?f=13&t=175918#p861728

You do not have more problem with unproxable device, DoH, DoT, SSTP or OpenVPN working on port 443

And you do not lost time with useless proxy.
 
antiqued4
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 75
Joined: Mon Jan 13, 2020 1:50 pm

Re: WebProxy Mikrotik

Wed Jun 09, 2021 3:13 pm

Unfortunately, it doesn't work very well that way, I even tried it, but for example there are news sites, where they have more than one ip, and not just their domain ip, there are some materials, videos, hosted on amazon, so it turns out it's infeasible, I tried to capture all the ip using TLS Host, but it's not very functional, and if you do it that way, whatsapp will also be blocked.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: WebProxy Mikrotik

Wed Jun 09, 2021 3:16 pm

using proxy go worst: blocking https not work with mikrotik proxy
 
antiqued4
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 75
Joined: Mon Jan 13, 2020 1:50 pm

Re: WebProxy Mikrotik

Wed Jun 09, 2021 3:18 pm

using proxy go worst: blocking https not work with mikrotik proxy
Using the proxy in the browsers of the machines, it worked perfectly, the only problem was in the cell phones, it is impossible to configure cell phone by cell phone.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: WebProxy Mikrotik

Wed Jun 09, 2021 3:24 pm

You are the first person I read about on the Internet and am aware of who managed to get the MikroTik HTTP proxy to work for HTTPS as well.

Please let us know how you did it!!!
 
antiqued4
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 75
Joined: Mon Jan 13, 2020 1:50 pm

Re: WebProxy Mikrotik

Wed Jun 09, 2021 3:26 pm

You are the first person I read about on the Internet and am aware of who managed to get the MikroTik HTTP proxy to work for HTTPS as well.

Please let us know how you did it!!!
I just configured the proxy in the computer's browsers, pointing to the mikrotik, and it blocked all sites and released only a few.
 
User avatar
jvanhambelgium
Forum Veteran
Forum Veteran
Posts: 985
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: WebProxy Mikrotik

Wed Jun 09, 2021 4:07 pm

If you can control name-resolution, then you are already on track.
Blocking the actual datapaths to the final-server might then not be needed if you cannot look it up...
So

> FORCE all DNS-lookups to go through something like "Pi-hole" on your device, so yes, you'll need an additional VM/Docker or something.
> Block indeed DoH, DoT,SSTP and other VPN stuff, block also QUIC-protocol (UDP/443)
> "Intercept" (mangle) hardcoded 8.8.8.8/4 DNS lookups on Android devices and deliver them to your Pi-hole, there you can decide what URL's are possible.

Who is online

Users browsing this forum: Bing [Bot], CGGXANNX, elbob2002, godel0914, K0NCTANT1N and 75 guests