Hi all,

I have a RouterOS 3.30 installed on a P4, with 3 NICs: PUBLIC, LOCAL (192.168.1.0/24), and PRIVATE (192.168.2.0/24). I'm currently using ROS's web proxy as a transparent proxy, and am currently using it as a site blacklist for users in LOCAL, since they will only be visiting sites they are allowed (something like a classroom). The setting I have right now is something like this:

/ip proxy access> pr
7 X ;;; Test blocking website
dst-host=www.yahoo.com action=deny hits=0
8 src-address=192.168.1.0/24 dst-host=:speed action=deny hits=68
9 src-address=192.168.1.0/24 dst-host=:test action=deny hits=9
10 src-address=192.168.1.0/24 dst-host=:porn action=deny hits=0
and so on and so forth.

Here comes the questions:
Question 1:
Since updating the blacklist with all the "bad" sites on the internet would be near impossible (I'm not using any web filtering service like OpenDNS's, YET...), so I think it would be more feasible to just use the proxy as a whitelist for my users in LOCAL, and block everything else. Here's how I think it should go, someone correct me if I'm wrong:
10 src-address=192.168.1.0/24 dst-host=:cnn action=allow hits=273
11 src-address=192.168.1.0/24 dst-host=:mikrotik action=allow hits=85
12 src-address=192.168.1.0/24 dst-host=: action=deny hits=71

So I would put all allowed sites BEFORE line 12. It seems to be working when I tried it, but am I doing this correctly? If not, or if anyone has a better way of doing this, do let me know.

Now, Question 2:
Is there a way to obtain a list of sites that are blocked by the proxy? The reason for this is because when I tried opening CNN's site, it would try to load stuff, like the css, images, etc from other sites, or open another site. So I would need to put these sites in the whitelist as well, no? It would be better if I can get the list of sites that are blocked AND allowed by these rules. Something like the RouterOS's logging feature.

Question 3:
If logging of the sites IS possible (I see no reason why it shouldn't be possible, I just don't know how... ), can I "export" it to a text file that I can download to my laptop? As of now, I can't, for the live of me, figure out a way to export the logs from RouterOS to a text file. That's why I posted in "beginner basics". Eheheh...

Question 4:
I've been reading about address lists, and am wondering if it's possible to use one in the proxy settings, instead of lines upon lines of sites. I don't think it is possible, but meh , maybe it is...

That's it for now.
Any advice would be greatly appreaciated.

-T-

I know I'm getting ahead of myself here, but if such a log is possible, can I add timestamp to each entry? Or even better, the IP address of the client requesting the site.

^^

If you are using proxy (looks like it...)

Set logging on the proxy server to all except debug...

I would send it to a syslog server...

There is detailed logging avail...

There is a picture tutorial for this: http://wiki.mikrotik.com/wiki/Webproxy_logging

@csickles:
I'm using mikrotik's own proxy, and I don't know how to add a logging scheme to it. Eheheh... And I haven't been using any other kind of proxy. I know there's squid that can offer more detailed logging... I'll think about using it. Thanks for bringing this up.

@normis:
Checked your answer, beat meself in the head for not noticing such an obvious thing earlier (coulda sworn it wasn't in version 3.9 that I was using previously. Thanks for the answer tho), set it up for storage to local disk, loving it.
One question though: Is there any way to customize the log? It contain lines that I don't really need right now, such as date, content-length, type, expiration, cookie, and so on, and so forth. I just need the web addresses, really...

And how about my previous question 1 and 2?
Anyone can check if I'm in the right direction or not?
Thanks.