i would like to force my network users for their own protection to use to https://www.facebook.com instead of http://www.facebook.com

how???

hello!

try this

didn't work !

As could be expected. That rule silently redirects port 80 to 443 and browser can't know that it happened. So it still talks http, instead of required https. You need to intercept http connection and send proper redirect to https back to browser.
It should be possible using web proxy, I'm just not sure about the one in RouterOS. First, when I add redirect to https://www.facebook.com, it sends this to browser: Seems like a bug to me (I currently have ROS 5.18, it may be different in newer version). And I also don't see an option to keep the path, so you could redirect http://server/some/path/ to https://server/some/path/ and not only to home page (but maybe I just missed that, I don't use proxy much).

didn't work !

i use L7 script and work well

can you provide me with the layer7 script?

echo!

what is your solution?

echo!

add action=drop chain=forward comment=force_facebook_drop disabled=no in-interface=your_lan_network layer7-protocol=facebook

/ip firewall layer7-protocol
add comment="" name=facebook regexp=facebook

echo!

add action=drop chain=forward comment=force_facebook_drop disabled=no in-interface=your_lan_network layer7-protocol=facebook

/ip firewall layer7-protocol
add comment="" name=facebook regexp=facebook

That is BAD idea. That will simply block http facebook (and all other sites that have the word facebook anywhere in it!)... it won't redirect. Now, you will get people calling you to say that the "Internet is broken."

is there any working solutions then?

It depends.

If you really want it and you're talking about some small IPv4-only office network or something around that size, then wait for hopefully stable MetaRouter in ROS 5.21, create one with OpenWRT and the simplest proxy server with configurable redirects support you can find, transparently redirect http traffic to it, configure the required http redirect rule and you're set.

Other cases will range from more challenging to almost impossible.

i would like to force my network users for their own protection to use to https://www.facebook.com instead of http://www.facebook.com

how???

For their own protection?!?!? That doesn't make sense. What protection will this give them? It won't protect their login information, because all of the logins are already on https.

lol

let me type in your language then

i want them to be working on https://www.facebook.com and not on http://www.facebook.com !

I understand what you want. I don't understand WHY.

you don't really get any additional protection from it!

are you sure?

not even sniffing

seriously? Sniffing Facebook posts? LOL!

how about pictures and comments and even email addresses and most important http passwords?

login is ALWAYS https in Facebook. So that point is moot.

not from my location!

in my location it is http://www.facebook.com

not from my location!

in my location it is http://www.facebook.com

Yes it is. Hoover over the sign in button and you will see it.

will this answer your question and make you believe?!

You are still wrong, because you don't understand the concept. The LOGIN PROCESS is SSL... even when everything else is http.

The NON-SSL message that you see is NOT the login process!!!

Here is what happens:

#1 The login screen is NOT SSL.

#2 You enter your login and password.

#3 You click the LOG IN button. This is linked to an HTTPS SSL PAGE!

#4 After it processes the login, it immediately goes back to NON SSL. That is why you never see the https in the address bar.

Now, if you want to force ALL PAGES to be HTTPS... then you can do that in the facebook settings for each individual facebook user. Then, EVERYTHING is SSL.

LOOK AT THE PICTURE BELOW. Notice that the address bar is HTTP, showig that facebook is in REGULAR HTTP mode. HOWEVER, when you put your mouse over the LOG IN button... at the very bottom it shows the actual link is HTTPS!

i believe you said

"Now, if you want to force ALL PAGES to be HTTPS... then you can do that in the facebook settings for each individual facebook user. Then, EVERYTHING is SSL."

okay!
so can it be done from mikrotik proxy by redirecting some facebook links or any other way?

i believe you said

"Now, if you want to force ALL PAGES to be HTTPS... then you can do that in the facebook settings for each individual facebook user. Then, EVERYTHING is SSL."

okay!
so can it be done from mikrotik proxy by redirecting some facebook links or any other way?

No, there does not seem to be any good way to do this with Mikrotik. You have to enable SSL inside your facebook account. One problem is that even if you go to https://www.facebook.com and you don't have SSL selected inside your facebook account, facebook will automatically redirect you back to the http version when you do anything.

i wonder why they did it this way

thx m8

i wonder why they did it this way

thx m8

Facebook always uses SSL on the login screen, and they give you the option to use or not to use https on the other pages.

You are wondering why they give you a choice???? It is because most people don't need SSL on regular pages, but some people want it, so they have that option.

It's easy to turn it on or off in your facebook settings.

I don't see any problem here.

i wonder why they did it this way

thx m8

Another reason is quite simply system resources overhead - doing all communications via SSL (from the server end) adds a bit of load to their servers. In any environment using SSL where it is needed - and only where it is needed - is ideal - unless you have the cash to burn on extra server hardware