Interesting. Did you verify, that this also worked flawlessly for HSTS sites ?some devices like Huawei routers have option to redirect user to some SITE for information - thou we don't know how they do it
They should. But you can look online on Verizons pages, for certified devices, not being org Verizon products.Can Mikrotik provide that info?
Not necessarily, because WG IP can be easily changed.Now, they would be connecting with their WG IP address so the perpetrator of issues would be 'trackable'
Not possible, of course. But possible to block the "well known" DoH servers.How can you ever block all DoH servers?
Not necessarily.DoH in your browser will however bypass both your local DNS or local DoH server settings.
+1I think you could even run openwrt on some mikrotik devices, and then install pihole with unbound.
You still did not answer my question, how you can you claim, 100% control about clients is required, to block porn.I do not spread wrong information.
No.Turn off safe search on your google search
You can block google.com, but then just use bing.com instead. Same problem.
Clever. Thanx a lot.If you are filtering Facebook, use NAT instead to redirect the Facebook connection to a local server that will serve a page.
Sorry, no idea, but doing this for long time already, on openwrt-based devices.If the hotspot server is a mikrotik router, how do you accomplish this?
Yes, you are correct, to match the basic requirements of the thread starter.Perfectly within the realms of a MikroTik
FYI: For commercial use, OpenDNS asks for subscription payments. So, for a public WISP, I did a simple clone of OpenDNS, to save the $$.OpenDNS which is a free service for home or private users.
I have to disagree here. You can get the same info for transparently proxied https, using squid.The only thing you'll get with HTTPS [edit: if you're explicitly proxying it] is the hostname that the connection was proxied to
Agreed. However, you also have the option to do DNS-based blocking yourself.The last thing I'll leave you with, you may need to look at DNS based blocking from a provider like OpenDNS if you can't install a device that MITM's SSL.
And that is the reason, I developed a simple clone of openDNS for a hotspot provider. With custom "Blocked !" page, of courseTo use it for business purposes it is formally required to ask them for a quote for a paid account. And it is very expensive (I tried).
I did a (commercial) clone of openDNS. Which also can be tailored for individual MACs. However, needs private server, and special router (non-MT; but openwrt/LEDE)Nobody tried this or there is no solution for this kind of parental control?
Yes.Hi, sorry for the late reply.
So, to summarize, there is no way to achieve this using our router alone.
Is that correct?
Too bad. Then to use a (transparent) proxy, doing DNS with dnsmasq, for example.you mean - add a static entry, and everyone who queries for that name will get set address? No
In production already. However, as it seems to be "A Hot Topic", only contact via email. Look at my profile.Please explain more about this?
An APU with internal SSD is only marginally larger than a MT-box. And has the advantage, you can install latest modem drivers.I can't ask them to carry allso a server with them.
Use a real proxy, like squid. Caching on large disk would be an advantage, anyway.Hi,
The firewall rule L7 works.
But is it also possible to redirect it to an other page?
So I can display to the uses why thy are blocked.
Yes; inject into every page visited. This principle is used for ads more often; but will work for your ideaa, too.In case of interest, email to my adrs in profile.Hello!
Is there a way I could somehow inject a html overlay at the bottom of browser/page,
Matej
The you should better say: APU has too much power for my requirementswill be costly compare to routerboard
Hm, to which routerboard do you compare, CPU-wise ?will be costly compare to routerboard
You might vote up this issue hereI'm not authorised to send private messages.
How can I get permission?
Thanks
Sorry, this is a MT forum.Hi,
How can I do that in Squid, could you please let me know any instructions do you have?
thank you,
ven
Then I give you a hint to do the impossible: Examine "id"I do not see any "hd" tag in youtube video url
It seems really impossible
Yes.Hi,
I am using Squid Proxy in transparent mode , is that possible to redirect users?
thank you,
ven