https, 443 proxy configuration
Hi, i am beginner on mikrotik, i want to use mikrotik web proxy https 443. please help me to know how can i configure and redirect all internet protocol via mikrotik web proxy.
Re: https, 443 proxy configuration
proxy does not support encrypted https traffic
Re: https, 443 proxy configuration
Then what should i do for restrict 443 protocol? i want to block facebook on my network and also block vpn and proxy extension from pc and web browsers.proxy does not support encrypted https traffic
Re: https, 443 proxy configuration
you can block by IP address in the firewall, or by DNS name in the DNS server
Re: https, 443 proxy configuration
Not much. Have a look SNI which states what server is approached. If you want yo block the other protocols you better look at which protocols you want to let trough out instead of blocking each unwanted one separately.
Re: https, 443 proxy configuration
OK, thank you
You're welcome however Facebook is a dragon with multiple heads and I block it 'effectively' with three lines for my local DNS sever (DNSMasq):
This works if you can control the machines connection not to have their own host files in which workarounds are defined to bypass the DNS server on these specific Facebook lines.# No access to Facebook
server=/facebook.com/fbcdn.net/facbook.com/fb.com/fbsbx.com/facebook.com.edgesuite.net/instagram.com/
server=/facebook.net/instagramstatic-a.akamaihd.net/instagramstatic-a.akamaihd.net.edgesuite.net/
server=/cdninstagram.com/tfbnw.net/whatsapp.com/fb.me/
Blocking that would mean that you block each IP that Facebook uses and that are a LOT.
Facebook has their own AS Number and I am still looking for a script (internal/external) to make an address-list from that AS Number (AS32934). Just like we are now able to state a domain name and that in the internal DNS generating the IP numbers. This list can then be called in the filtering rules by the AS Number as name.
Re: https, 443 proxy configuration
Actually it's not so big issue. I have blocked ranges announced by FB ASN and from my side there is no way to open FB:
0 fb 204.15.20.0/22 feb/27/2017 12:18:41
1 fb 69.63.176.0/20 feb/27/2017 12:18:41
2 fb 173.252.64.0/18 feb/27/2017 12:18:41
3 fb 31.13.64.0/19 feb/27/2017 12:18:41
4 fb 31.13.96.0/24 feb/27/2017 12:18:41
0 fb 204.15.20.0/22 feb/27/2017 12:18:41
1 fb 69.63.176.0/20 feb/27/2017 12:18:41
2 fb 173.252.64.0/18 feb/27/2017 12:18:41
3 fb 31.13.64.0/19 feb/27/2017 12:18:41
4 fb 31.13.96.0/24 feb/27/2017 12:18:41
Re: https, 443 proxy configuration
How did you find the ip addresses.?