MikroTik

Is it possible to configure Mikrotik-Advertise-URL option with PPPoE not with Hotspot? I'm not sure if this option works only with Hotspot. I set advertise URL and interval and no effects.

If this works only with HotSpot what is the best solution to redirect customer periodically (e.g. 4 times a hour) to web page (payment reminder)

PPPoE traffic doesn't go through the Hotspot servlet so the router can't redirect host traffic for advertisements like it can for Hotspots.

You could enable the web proxy and make a deny all rule with a redirect to your payment page, and then create a firewall ruleset that checks if users are on an address-list whenever they access something on tcp/80. If they are not, jump into a chain that adds them to the list for four hours and then transparently proxies them, causing the proxy request to be denied with a redirect to the payment page.

Could you write example firewall rules? I fight for few hours but without success.
I created ppp chain, then payments_chain with action "add src to address list". I put radius parameter "Filter-id" to "payments_chain" for these customer I want remind about payment.

You can't use Filter-Id as that's too late in the packet process, the decision on whether the client is to be redirected must be made before destination NAT (where redirects to the web proxy happen), so the only thing that qualifies is pre-routing mangle. There is an undocumented RADIUS attribute that adds people to an address list for the duration of their session, I don't know if it works with PPPoE but if it does the below would work with central administration when you set that attribute. If not, you'll have to manually maintain address lists on the router (maybe via API calls?). It is attribute number 19 for the same vendor, called Mikrotik-Address-List and of type string.

Assuming that you have an address-list named "payment_reminder" that contains all clients that need to be shown redirects, you would first mark all TCP/80 connections of those customers as something potentially to be redirected. In a second rule you decide whether they actually are to be redirected:
Now all connections to TCP/80 from people on the payment_reminder address-list but not on the has_seen_reminder list are marked "payment_reminder". Next step in packet flow is destination NAT, so redirect those connections to the web proxy (adjust ports if your web proxy doesn't listen on 8080):
At this point the packet will go to the router (proxy) instead of being routed through it, so the input chain will see the packet. Use the connection-mark to add the source address to the has_seen_reminder address-list with a timeout of 4 hours so that the next new connection to TCP/80 by that customer will not be redirected:
Just for completion's sake, the web proxy configuration would look like this: All of that is completely untested. Hope it works.

Thank you very much fewi,

Mikrotik-Address-List works and it resolved my problem,

to run warning for some time (for a minute every 15 minutes) I used Schedule and prepared scripts, which create and remove appropriate firewall rules

Hi fewi, I liked very mucho of your solution and it works very well.

I'm trying to redirect the traffic for one page with the original URL that the user had access. With this I can put something like "Click here to access your URL".

Do you know if this is possible with this solution?

Thanks in advance,
Fabrício

I do not know if it is. The proxy cannot be programmed to pass the original URL on via a variable so I believe your only option is to check all the HTTP headers to see if one does contain the original URL. You could then use any dynamic scripting language on the server (PHP, Perl etc.) to pull it out and write the link. If there's no such header I guess you could make a feature request.

maybe HTTP Referer?

maybe HTTP Referer?

Hi Chupaka, the $_SERVER["HTTP_REFERER"] comes empty on php script when the page is redirected by the Mikrotik web-cache.

Best regards

Fabrício

Just do a 'print_r($_SERVER); print_r($HTTP_SERVER_VARS);' on the server you're redirecting to - if nothing matches the original request you cannot retrieve it and you should contact support@mikrotik.com for an official feature request. $_SERVER doesn't contain all headers, I think, and it's possible some proprietary header a la X_FORWARDED_FROM attainable via $HTTP_SERVER_VARS contains proxy information.

by the way, $HTTP_SERVER_VARS contains the same initial information (as $_SERVER), but is not a superglobal (from PHP Docs)

There doesn't appear to be anything that contains the original request URI that is passed on to the server.

hi dziadzi

may you post the whole setup you did to make everything working out as for the time script also? thank you