Community discussions

MikroTik App
 
randyloveless
Member Candidate
Member Candidate
Topic Author
Posts: 207
Joined: Thu Sep 30, 2004 10:14 am
Location: california
Contact:

Web-proxy help

Sun May 08, 2005 3:37 am

web-proxy issue .

i am trying to acces one of our shopping cart systems out side our network.
http://www.xyx.com/shop/admin/configuration.php?

i set proxy not to catch this page
0 ;;; Our customers
src-address=192.168.4.0/24 action=allow

1 ;;; Our customers
src-address=212.212.212.0/24 action=allow

2 ;;; Deny using us as telnet and SMTP relay
dst-port=23-25 action=deny

3 ;;; allow CONNECT only to SSL ports 443 [https] and 563 [snews]
dst-port=!443 method=connect action=deny

4 ;;; allow CONNECT only to SSL ports 443 [https] and 563 [snews]
dst-port=8080 url="http://.php?" action=deny

5 ;;; allow CONNECT only to SSL ports 443 [https] and 563 [snews]
dst-port=80 url="http://.php?" action=deny

i have tried with and with dst-port just doesnt seem to reconize my request . everything else works . just cannot seem to get it to by pass this unit . i have also tried not to catch the ip address still no luck.

what am i doing incorrectly









This is the log info when i request the site with web-proxy on

05:41:12 web-proxy,info,account 1115530872.845 535 192.168.4.59 TCP_MISS/401 329
GET http://www.srsnetworks.com/shop/admin - DIRECT/64.232.111.21 text/html
05:41:23 system,info web proxy access rule moved by admin
05:41:27 web-proxy,info,account 1115530887.557 80 212.212.212.224 TCP_MISS/301 411
GET http://g.msn.com/2HA/1? - DIRECT/207.68.179.219 -
05:41:27 web-proxy,info,account 1115530887.821 239 212.212.212.224 TCP_MISS/200
36444 GET http://houseandhome.msn.com/garden/gardenoverview.aspx -
DIRECT/65.54.200.126 text/html
05:41:27 web-proxy,info,account 1115530887.856 14 212.212.212.224 TCP_MISS/000 0
GET http://shopping.msn.com/xmlbuddy/eShopOffer.aspx? - NONE/- -
05:41:27 web-proxy,info,account 1115530887.857 5 212.212.212.224 TCP_MISS/000 0
GET http://shopping.msn.com/xmlbuddy/eShopOffer.aspx? - NONE/- -
05:41:27 web-proxy,info,account 1115530887.935 73 212.212.212.224 TCP_MISS/200 541
GET http://view.atdmt.com/AVE/iview/msnnkon ... 0;hi.90/01? -


randy
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Posts: 986
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Mon May 09, 2005 9:50 am

post output of /ip web-proxy export command
 
randyloveless
Member Candidate
Member Candidate
Topic Author
Posts: 207
Joined: Thu Sep 30, 2004 10:14 am
Location: california
Contact:

Mon May 09, 2005 11:50 am

is this what you wanted ?

# may/10/2005 01:48:26 by RouterOS 2.9rc1
# software id = TZ7Z-31N
#
/ ip web-proxy
set enabled=yes src-address=0.0.0.0 port=8080 hostname="proxy" \
transparent-proxy=yes parent-proxy=0.0.0.0:0 \
cache-administrator="webmaster@srsnetworks.net" max-object-size=32000KiB \
cache-drive=secondary-master max-cache-size=unlimited \
max-ram-cache-size=unlimited
/ ip web-proxy access
add src-address=192.168.4.0/24 action=allow comment="Our customers" \
disabled=no
add src-address=212.212.212.0/24 action=allow comment="Our customers" \
disabled=no
add dst-port=23-25 action=deny comment="Deny using us as telnet and SMTP \
relay" disabled=no
add dst-port=!443 method=connect action=deny comment="allow CONNECT only to \
SSL ports 443 \[https\] and 563 \[snews\]" disabled=no
add dst-port=8080 url="http://.php?" action=deny comment="allow CONNECT only \
to SSL ports 443 \[https\] and 563 \[snews\]" disabled=no
add dst-port=80 url="http://.php?" action=deny comment="allow CONNECT only to \
SSL ports 443 \[https\] and 563 \[snews\]" disabled=no
/ ip web-proxy cache
add dst-port=80 url=":http://www.srsnetworks.com" action=deny comment="" \
disabled=no
add url=":cgi-bin \\?" method=get action=deny comment="don't cache dynamic \
http pages" disabled=no
 
randyloveless
Member Candidate
Member Candidate
Topic Author
Posts: 207
Joined: Thu Sep 30, 2004 10:14 am
Location: california
Contact:

Tue May 10, 2005 6:23 am

add dst-port=80 url=":http://www.srsnetworks.com" action=deny comment="" \
disabled=no


i have tried this with and without the add dst-port=80 url="http://www.srsnetworks.com" action=deny comment="" \
disabled=no

add dst-port=80 url="http://www.srsnetworks.com/shop/admin" action=deny comment="" \
disabled=no
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Posts: 986
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Tue May 10, 2005 10:16 am

/ip web-proxy cache add url="http://www.xyx.com/shop/admin/configuration.php" action=deny
without any other rules for this url in access and direct lists
 
randyloveless
Member Candidate
Member Candidate
Topic Author
Posts: 207
Joined: Thu Sep 30, 2004 10:14 am
Location: california
Contact:

Tue May 10, 2005 11:54 am

thanks will try asap

Randy
 
randyloveless
Member Candidate
Member Candidate
Topic Author
Posts: 207
Joined: Thu Sep 30, 2004 10:14 am
Location: california
Contact:

Tue May 10, 2005 12:17 pm

tried the code still same issue . i will rebuild the proxy today ,got anothere issue with this same router . wont allow me to connect thru it to a vpn on another MT . left a post in beta i think

randy

Who is online

Users browsing this forum: Ahrefs [Bot], anav, godel0914 and 35 guests