I understand that RouterOS will capture the first n frames / n bytes of a connection and run the RegEx against that data. However, I'm just not getting any results.
The problem:
I want to identify Streaming Media - so I have the following partial RegExps:
GET .*(webm|mp4|ogg)
.*Content-Type:.*audio.*
.*Content-Type:.*video.*
Obviously the first is outbound data and should match the very start of the conversation, the HTTP GET.
In the case that this doesn't work, one of the other two should pick up the Content-Type in the response headers.
(I'm happy for some fringe cases to escape this matching - e.g. filename doesn't end webm, mp4, ogg, and server doesn't declare content-type.)
None of the above seem to be having any effect, when either in the forward or output chains.
To test, other than just looking at the bytes/packets, I'm attempting to Log the IP addresses - but nothing is appearing.
Here are my firewall rules (from /ip firewall filter print)
Code: Select all
10 chain=output action=add-dst-to-address-list protocol=tcp
address-list=Streaming Source address-list-timeout=1h
layer7-protocol=Streaming Content dst-port=80 log=yes log-prefix=""
11 chain=output action=add-dst-to-address-list protocol=tcp
address-list=Streaming Source address-list-timeout=1h
layer7-protocol=Streaming audio dst-port=80 log=yes log-prefix=""
12 chain=output action=add-dst-to-address-list protocol=tcp
address-list=Streaming Source address-list-timeout=1h
layer7-protocol=Streaming video dst-port=80 log=yes log-prefix=""