Web Proxy

ferdinandbabst · Mon Oct 11, 2010 12:14 pm

Hi

I have setup web proxy to listen on default port 8080. i have also created the Nat rule
chain=dstnat action=redirect to-ports=8080 protocol=tcp
src-address=172.17.0.0/24 dst-port=80

The rule is working fine but I can't seem to get any browsing done on the allowed web pages in the proxy.
Do i need to give the proxy server access to internet via NAT rule or masquerade rule etc?

Ibersystems · Mon Oct 11, 2010 1:56 pm

Did you configured the internet access in the board?

ip route add...

you need to add a route to 0.0.0.0/0 with gateway your modem.

otgooneo · Mon Nov 01, 2010 8:41 am

Hi guys, my web proxy working perfect (RB1000 V4). But I can`t set content filter using web proxy server. Content filtering working on hotspot by firewall filtering option.

Ibersystems · Tue Nov 02, 2010 11:01 am

Hi guys, my web proxy working perfect (RB1000 V4). But I can`t set content filter using web proxy server. Content filtering working on hotspot by firewall filtering option.

Can you copy/paste your ip/firewall filters?

otgooneo · Tue Nov 02, 2010 1:19 pm

Actualy my goal is block bad pages then show to my customers "Blocked page". My customers are connecting via hotspot. So I can set content filter using firewall mangle and filter rules. Here is my config:

[admin@Testing] /ip firewall> fil print det
0  chain=forward action=drop dst-address-list=BadIP

[admin@Testing] /ip firewall mangle> print
1   chain=forward action=add-dst-to-address-list protocol=tcp address-list=BadIP address-list-timeout=10s dst-port=80 content=adult 
2   chain=forward action=add-dst-to-address-list protocol=tcp address-list=BadIP address-list-timeout=10s dst-port=80 content=porn 
3   chain=forward action=add-dst-to-address-list protocol=tcp address-list=BadIP address-list-timeout=10s dst-port=80 content=sex

But I can`t show to my customers that page is blocked by administrator. Firewall filter rule just drops packets.
Therefor I have started to use Web proxy service. In this case I can block web host by static host name.

[admin@Testing] /ip proxy access> print det
0   dst-port=80 dst-host=www.redtube.com action=deny hits=0

Now I can show them Blocked page but I have to add manually all bad web hosts . It`s too rude way.

Ibersystems · Tue Nov 02, 2010 1:35 pm

Did you configured ip/hotspot/server profiles/http proxy?

otgooneo · Tue Nov 02, 2010 3:56 pm

I haven`t done that. But I have added NAT rule, which works like that. Just because I didn`t know hotspot already has this feature.

[admin@Testing] /ip firewall nat> print det
 1  ;;; To Proxy
     chain=dstnat action=redirect to-ports=1010 protocol=tcp src-address=172.16.24.0/24 dst-port=80

My only wish is use content and URL filter with "Admin Blocked Page".
Has the RouterOS anyway to add firewall filter rule with redirect page? Like it - <<action=drop, redirect=errorpage.html>> lol...

Sorry Iber, for my bad english.

Ibersystems · Tue Nov 02, 2010 3:59 pm

I think I did this with hotspot and webproxy : /

Ibersystems · Tue Nov 02, 2010 4:14 pm

I just checked and I have only webproxy there. If I activate the webproxy I disable the hotspot.. I don't know why, but you can imagine.. xD

Mmm..

with redirect in webproxy you can redirect people to YOURHOTSPOTIP/deny.html
You need to place deny.html in your routerOS and they will see the file when deny.

otgooneo · Tue Nov 02, 2010 6:37 pm

Thank you Iber. I`ll try again.

Chupaka · Tue Nov 02, 2010 10:33 pm

anyway, content filtering is not available in Proxy

Web Proxy

Web Proxy

Re: Web Proxy

Re: Web Proxy

Re: Web Proxy

Re: Web Proxy

Re: Web Proxy

Re: Web Proxy

Re: Web Proxy

Re: Web Proxy

Re: Web Proxy

Re: Web Proxy