Community discussions

 
dtsinaga
just joined
Topic Author
Posts: 2
Joined: Fri Jul 12, 2013 10:18 am

How to Block Streaming Video

Fri Jul 12, 2013 10:49 am

I'm a newbie in Mikrotik,

in my office now, the networking, is already good,
but as the IT staff, i want to block every video streaming that exist in a website,

I mean, the other member can access the website, but the video streaming is not running,

if anybody know this problem, i hope a help.

I'm sorry for my bad english,

And I'm a new member here, hope i can to be a good member in here in your sight,

thanks,

Regards,

NB : Maybe i post in a wrong place, i'm sorry :))
 
User avatar
Caci99
Forum Guru
Forum Guru
Posts: 1050
Joined: Wed Feb 21, 2007 2:26 pm
Location: Tirane
Contact:

Re: How to Block Streaming Video

Fri Jul 12, 2013 12:39 pm

You can do it via webproxy. Set a transparent proxy for your network, and then block video streams.
To set transparent webproxy:
/ip proxy print
enabled: yes
src-address: 0.0.0.0
port: 3128
parent-proxy: 0.0.0.0
parent-proxy-port: 0
cache-administrator: whomever@whatever.com
max-cache-size: none
cache-on-disk: no
max-client-connections: 600
max-server-connections: 600
max-fresh-time: 3d
serialize-connections: no
always-from-cache: no
cache-hit-dscp: 4
cache-drive: system
/ip firewall nat
add chain=dstnat action=redirect to-ports=3128 protocol=tcp in-interface=LAN dst-port=80
/ip firewall filter
add chain=input action=drop protocol=tcp in-interface=ether1 dst-port=3128
On the first step you are enabling the webproxy, on the second one you are redirecting transparently the LAN traffic into the proxy, and on the final step you are blocking any access to the proxy from outside your LAN. The term transparent in here means that you don't have to go through every device to configure it, you just do it without their "knowledge" from the router.

After this, in the webproxy rules, define the rules which will block streaming:
/ip proxy access
add path=*.flv action=deny
add path=*.swf action=deny
-Toni-
Don't crash the ambulance, whatever you do
 
dtsinaga
just joined
Topic Author
Posts: 2
Joined: Fri Jul 12, 2013 10:18 am

Re: How to Block Streaming Video

Mon Jul 15, 2013 4:27 am

I just read this,

thanks for your reply Toni,
i will try it,

:D
 
4n4kw38
just joined
Posts: 2
Joined: Tue Jul 16, 2013 11:18 am

Re: How to Block Streaming Video

Tue Jul 16, 2013 11:28 am

Hi All

But what about when the configuration without use a proxy ?
My mikrotik version 5.2 (RB 1200)

use Layer 7 like below:
  • # \.(3gp|mov|mpe|mpeg|mpeg2|mpeg3|mpeg4|mkv|avi|flv|f4v|f4p|f4a|f4b|x-flv|msi|wmv|mp2|mp3|mp4|swf|rm|rmvb|vcd|pdf|dat|iso|nrg|bin|cab|vcd|ogg|wma|divx|d2v|qt|0[0-9][0-9]) - Doesn't work
    # http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5][0-9][0-9][\\x09-\\x0d -~]*(content-type: video) - Doesn't work
    # Please Help!
 
AIP
just joined
Posts: 4
Joined: Mon Aug 17, 2015 5:17 pm

Re: How to Block Streaming Video

Mon Aug 17, 2015 5:31 pm

Hi! I have also find that this rule is not working for streaming

add name=streaming-video regexp="http/(0.9|1.0|1.1)[x09-x0d ][1-5][0-9][0-9][x09-x0d -~]*(content-type: video)"

Are there another solution except web proxy? Thanks in advance.
 
User avatar
dunga
Member Candidate
Member Candidate
Posts: 254
Joined: Fri Jan 23, 2009 9:51 am
Location: Nigeria

Re: How to Block Streaming Video

Mon Sep 28, 2015 3:22 pm

Hi All

But what about when the configuration without use a proxy ?
My mikrotik version 5.2 (RB 1200)

use Layer 7 like below:
  • # \.(3gp|mov|mpe|mpeg|mpeg2|mpeg3|mpeg4|mkv|avi|flv|f4v|f4p|f4a|f4b|x-flv|msi|wmv|mp2|mp3|mp4|swf|rm|rmvb|vcd|pdf|dat|iso|nrg|bin|cab|vcd|ogg|wma|divx|d2v|qt|0[0-9][0-9]) - Doesn't work
    # http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5][0-9][0-9][\\x09-\\x0d -~]*(content-type: video) - Doesn't work
    # Please Help!
You can use this updated version of your script, this way it can work and capture all that you want
1. /ip firewall layer7-protocol
add name=streaming regexp="\"^.*get.+\\\\.(3gp|mov|mpe|mpeg|mpeg2|mpeg3|mpeg4|mkv|avi|flv|f4v|f4p|f4a\
|f4b|x-flv|msi|wmv|mp2|mp3|mp4|swf|rm|rmvb|vcd|pdf|dat|iso|nrg|bin|cab|vcd|ogg|wma|divx|d2v|qt|0[0-9][0-9])

2. /ip firewall mangle
add action=mark-packet chain=prerouting comment="Mark Packet Streaming" disabled=no \
layer7-protocol=streaming new-packet-mark=streaming passthrough=no

You can adjust the max-limit to anything higher like 128k
3. /queue tree add name="streaming" parent=global packet-mark=streaming limit-at=0 queue=default \
priority=8 max-limit=48k burst-limit=0 \
burst-threshold=0 burst-time=0s

Who is online

Users browsing this forum: Bing [Bot], Google [Bot] and 74 guests