Community discussions

MikroTik App
  4. RouterOS
  5. General

How Can I Show A Custom Message When Blocking Sites Using FireWall?

Post Reply
 
SysAdminRafi
just joined
Topic Author
Posts: 8
Joined: Sun Nov 13, 2016 4:55 pm

How Can I Show A Custom Message When Blocking Sites Using FireWall?

Sun Nov 13, 2016 5:13 pm

I am completely new in Mikrotik. I just want to ask nearly 5 questions. As you might feel annoyed so here I want to ask 2 questions. Hope you guys will help me to figure out these..

- I configured Proxy on Mikrotik. I can redirect HTTP websites through the proxy. I can block websites through Proxy too. But the problem is I can't block HTTPs websites like Facebook, Youtube etc. I know HTTPs might not be blocked by proxies. But I saw some articles over internet where I see some guys are saying it can be done through Mangle rules. I copied and pasted their rules. No one worked! So can anyone really give me any suggestion regarding this issue?

- Is there any way to show custom message like "Sorry you can't browse websites in office network" for firewall rules?


Thanks for your replies... :)
Top
 
R1CH
Forum Guru
Forum Guru
Posts: 1108
Joined: Sun Oct 01, 2006 11:44 pm

Re: How Can I Show A Custom Message When Blocking Sites Using FireWall?

Sun Nov 13, 2016 6:28 pm

This can only be done if you install root CAs onto each device to allow SSL MITM. I don't think Mikrotik has support for SSL MITM (for good reasons).
Top
 
SysAdminRafi
just joined
Topic Author
Posts: 8
Joined: Sun Nov 13, 2016 4:55 pm

Re: How Can I Show A Custom Message When Blocking Sites Using FireWall?

Mon Nov 14, 2016 7:13 am

Ok then can anyone tell me what is the way to block HTTPs websites and downloading .mp3 files from these sites? I guess it can be done through L7. What is the regex in this case?
Top
 
janus20
Member Candidate
Member Candidate
Posts: 108
Joined: Thu Nov 03, 2016 10:31 am
Location: Pitesti, Romania

Re: How Can I Show A Custom Message When Blocking Sites Using FireWall?

Mon Nov 14, 2016 10:37 am

Hi,

To block download of .mp3 files from any browser you could do:
Code: Select all
/ip firewall filter
add action=drop chain=forward comment="block .mp3 download" content=.mp3 log=yes log-prefix=block-dwd-mp3
Regarding blocking HTTPS sites like youtube, facebook...
1. first create a rule on layer7 protocol which contains websites you want to block:
Code: Select all
/ip firewall layer7-protocol
add name="block fb-youtube" regexp="^.+(facebook.com|youtube).*\$"
2. create a rule in filter chain to deny traffic to layer7 "list"
Code: Select all
/ip firewall filter
add action=drop chain=forward comment="deny fb or youtube sites alike" layer7-protocol="block fb-youtube" log=yes log-prefix=deny-layer7-list
Hope it helps.

kind regards,
Top
 
SysAdminRafi
just joined
Topic Author
Posts: 8
Joined: Sun Nov 13, 2016 4:55 pm

Re: How Can I Show A Custom Message When Blocking Sites Using FireWall?

Wed Nov 16, 2016 7:42 am

Hey Jesus, many thanks for your valuable reply. However can you please tell me how can I block all websites using L7? I guess I have to change only the regex for this issue. So what should be the regex for blocking all websites?

Well just curious to know what is this log - "log=yes log-prefix=deny-layer7-list".

Many thanks again..
Top
 
globalmedia
newbie
Posts: 30
Joined: Mon Mar 20, 2023 11:09 pm

Re: How Can I Show A Custom Message When Blocking Sites Using FireWall?

Thu Jun 13, 2024 6:56 pm

Is it possible to identify in the logs what site was blocked?
Top
 
rplant
Long time Member
Long time Member
Posts: 554
Joined: Fri Sep 29, 2017 11:42 am

Re: How Can I Show A Custom Message When Blocking Sites Using FireWall?

Fri Jun 14, 2024 8:56 am

Hi,

You can try using sni

search for tls-host in the following
https://help.mikrotik.com/docs/display/ ... nd+Actions

Unfortunately, sni inspection is becoming unavailable with the advent of TLS 1.3, so is working less and less well.
Top
Post Reply
  4. RouterOS
  5. General