Community discussions

 
User avatar
florinbro
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 51
Joined: Fri Jun 17, 2011 8:38 pm

How can be excluded a site from Web proxy Redirect Rule ?

Fri Nov 16, 2012 7:47 am

On multiple RB I use redirect rule to force all HTTP traffic to head to a parent proxy. But there is some sites who not work if they see the request coming from a proxy. I would like to exclude that sites to be redirected. I post this message before but no one answer to the point in 6 months. May be now someone is better prepared for such issue.

Of course there is possible to make another rule, on top of the basic one and exclude an customer IP from being redirected but not this is what I'm looking for. I'm looking to redirect every HTTP excluding a site (who might have multiple IP, and this to be changed weekly but will be done via DNS so not a problem).

I have the following scenario:
- RB 750 (or 450)
- real IP on WAN interface
- real IP on Lan interface (16 IP subnet)
- 10 cusstomers on LAN each one with his own real IP
- on RB there is Web proxy enabled on port 8080
- on RB in Firewall / Nat / I make a redirect rule for all traffic of the users with the destionation port 80 ... to be redirect on port 8080 on Internal IP of the RB. Basically I force all http traffic of the users to pass trought Web Proxy Cache of RB.

Now the big big question is ... how can I except a site ... from this Redirect Rule ... ? Per example the On Line Movies sites .. do not like to see multiple requests caming from same IP ... and right now ... if a person is watching a movie online ... others can not visit the same site (because all the HTTP request are done from the RB WAN IP) ... and because of this issue I want to exclude the site from the Web proxy and for accesing this site .. everyone to work on behalf of his own real IP...

I try Every combination ... make new rule, placed on top ... etc etc .. but seems not work ... as long as Redirect Rule is enabled ... looks I can not exclude one site from that rule.

Please help me on this matter. Big thank you !
Regards,

Bogdan Florin
 
User avatar
NAB
Trainer
Trainer
Posts: 503
Joined: Tue Feb 10, 2009 4:08 pm
Location: UK
Contact:

Re: How can be excluded a site from Web proxy Redirect Rule

Fri Nov 16, 2012 11:28 am

Something like the following should do the trick:
/ip firewall address-list
  add address=203.0.113.0/24 disabled=no list=donotproxy
  add address=198.51.100.0/24 disabled=no list=donotproxy
/ip firewall nat
  add action=redirect chain=dstnat disabled=no dst-address-list=!donotproxy \
    dst-port=80 protocol=tcp to-ports=12345
You will have to make sure that your address list it kept up to date (the IPs shown above are RFC5737 addresses for documentation only), but that's reasonably simple with the aid of a script. The only real change to your dst-nat rule is to add the "dst-address-list=!donotproxy" parameter which means that the rule will only apply to destination IPs not listed in the "donotproxy" address list. Make sure that the "to-ports" parameter has the correct value!
Nicholas Barnes BSc(hons)
Certified Mikrotik Consultant
Certified Mikrotik Trainer

Vitell - Asterisk, Linux and network consultants
Unofficial IRC channel: #routerboard on irc.z.je
 
User avatar
florinbro
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 51
Joined: Fri Jun 17, 2011 8:38 pm

Re: How can be excluded a site from Web proxy Redirect Rule

Sun Oct 27, 2013 8:56 am

I urgently need someone to help me with this scripts on money. It is URGENT.
Regards,

Bogdan Florin
 
bhanugcl
just joined
Posts: 5
Joined: Sat Mar 01, 2014 7:37 pm

Re: How can be excluded a site from Web proxy Redirect Rule

Sun Mar 02, 2014 7:21 am

I am also facing the a similar type problem....can your pl help me to .....

I just want that mikrotik didn't send the request of a ip(192.168.170.4-shearing sever) to squid proxy server and open it directly....?????
 
User avatar
marioclep
Trainer
Trainer
Posts: 140
Joined: Sat Jul 11, 2009 4:36 pm
Location: Cordoba - Argentina
Contact:

Re: How can be excluded a site from Web proxy Redirect Rule

Wed Mar 05, 2014 1:16 am

/ip firewall nat add action=accept chain=src-nat src-address=192.168.170.4 disable=no place-before=0
---------------------

Ing. Mario D. Clep
CTO - MKE Solutions
MikroTik Certified Trainer
 
User avatar
florinbro
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 51
Joined: Fri Jun 17, 2011 8:38 pm

Re: How can be excluded a site from Web proxy Redirect Rule

Sun Jun 01, 2014 1:04 pm

since 1.5 years I can not find anyone to make that sprits for money. And Mikrotik Support keep giving advices but not making the job for money. It is UNBELIVABLE !
Regards,

Bogdan Florin
 
User avatar
florinbro
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 51
Joined: Fri Jun 17, 2011 8:38 pm

Re: How can be excluded a site from Web proxy Redirect Rule

Sun Jun 01, 2014 1:28 pm

This example is for clarity. we are talking about more routers in total.

We have a website who contain a list of websites who is desired to be accessed without proxy redirect.
per example http://www.egal.ro/noproxy.txt

We have RB750, 750UP, 453, 493 and we use to Redirect HTTP traffic in LOCAL Web Proxy who have setup as parent a bigger proxy cluster IP.
We would like to have a Rule in IP / Firewall / NAT who allow the users to access the sites specified in TXT file .. directly .. without going trough Local proxy.

in order to do this the RB should take the file from Web Site ... execute nslookup comands and create his own file with IP. after this all this IP should belong to a list and this should be specified in first rule in Firewall / NAT ... and that's will be all !
Regards,

Bogdan Florin

Who is online

Users browsing this forum: MSN [Bot] and 55 guests