Hello
i have tried L7 filter with regexp but it did not work.
Can anybody shares how to do it?

Thanks.

That hasn't worked since the Internet went HTTPS-everything and cloud-everything. There is no easy and reliable workaround short of middleboxes that dynamically forge TLS certificates.

Don't argue; search the forum. It's been discussed to death here several times before.

Dont make promises to clients you cannot keep. Unless the client wants to spend a shit ton of money on a very expensive router and and expensive subscriptions...........

this is just example: https://buananetpbun.github.io/mikrotik ... t-tls.html

That “example” becomes obsolete in the presence of ECH.

A better hope is to try and force all DNS to the router’s caching server, then selectively blackhole the unwanted domain names, but then you stumble on the problem of client-side DoH/DoT.

Again, this has all been discussed to death here before. There’s no need to recapitulate it all.

best imho

/queue simple add burst-limit=900M/900M burst-threshold=1M/1M burst-time=8s/8s max-limit=1M/1M name=yt-test target=192.168.xxx.xxx/32

oc need your input/edit


EDIT: meh, it's not working good a single bit