One::>>> Hi, attention forum guru !!
I want to block any type of websites from layer 7 , want to block downloading all type AUDIO VIDEO Format LIKE MP3.MP4,MKV.WMKV, etc . so that no one can download any audio video from my Local Network and is there any firewall rules to block this with layer 7.

Two::>>how can i block any .exe or any format of file . from layer 7. what is the best solution so that I can apply any mikrotik router and any industry.

Please I want to have appropriate answer form forum guru!

Thanks

You're not looking for guru, you want magician (the supernatural kind).

Short answer: What you want is impossible.

Long answer: What you want may work in limited way with unencrypted http. But since today almost everything uses encrypted https and L7 can't see what's inside, it's waste of time to bother with http, because everyone will simply download those things over https.

Hmmm, if the requirement is to prevent video downloading/streaming, perhaps the solution is to apply to the offending IPs, or subnets or all IPs (and make your own PC an exception) RATE LIMITING.
Think of it not necessarily a total bandwidth allotment but an inability to push/pull more than X Kbps of data such that any one is quickly discouraged from attempting to do so.........it would take hours.

Now Sob, how do we do that on MT???

Rate limiting is not too difficult, look at queues. The problematic part is how to tell router what to limit. If you'd want to limit some IP addresses (be it clients or servers) as whole, it's easy. But if you want to be more specific (e.g. limit only videos, but not other things), you're quickly getting closer to the impossible.

Concur, I was strictly thinking either SUBNET, or ADDRESS LIST of obnoxious IP addresses, or blanket entire LAN, and make exception for ones own PC.

(With regard to type, unless the traffic as identified CoS or something, a way to identify it or mangle it.................. no way I can see of picking it out from noise.)