i would like to force my network users for their own protection to use to https://www.facebook.com instead of http://www.facebook.com
how???
/ip firewall nat
add action=dst-nat chain=dstnat comment="https facebook" content=facebook.com \
dst-port=80 protocol=tcp to-addresses=66.220.158.70 to-ports=443
Location: http://https://www.facebook.com
i use L7 script and work welldidn't work !
add action=drop chain=forward comment=force_facebook_drop disabled=no in-interface=your_lan_network layer7-protocol=facebookecho!
That is BAD idea. That will simply block http facebook (and all other sites that have the word facebook anywhere in it!)... it won't redirect. Now, you will get people calling you to say that the "Internet is broken."add action=drop chain=forward comment=force_facebook_drop disabled=no in-interface=your_lan_network layer7-protocol=facebookecho!
/ip firewall layer7-protocol
add comment="" name=facebook regexp=facebook
For their own protection?!?!? That doesn't make sense. What protection will this give them? It won't protect their login information, because all of the logins are already on https.i would like to force my network users for their own protection to use to https://www.facebook.com instead of http://www.facebook.com
how???
Yes it is. Hoover over the sign in button and you will see it.
No, there does not seem to be any good way to do this with Mikrotik. You have to enable SSL inside your facebook account. One problem is that even if you go to https://www.facebook.com and you don't have SSL selected inside your facebook account, facebook will automatically redirect you back to the http version when you do anything.i believe you said
"Now, if you want to force ALL PAGES to be HTTPS... then you can do that in the facebook settings for each individual facebook user. Then, EVERYTHING is SSL."
okay!
so can it be done from mikrotik proxy by redirecting some facebook links or any other way?
Facebook always uses SSL on the login screen, and they give you the option to use or not to use https on the other pages.i wonder why they did it this way
thx m8
Another reason is quite simply system resources overhead - doing all communications via SSL (from the server end) adds a bit of load to their servers. In any environment using SSL where it is needed - and only where it is needed - is ideal - unless you have the cash to burn on extra server hardwarei wonder why they did it this way
thx m8