MikroTik

Hello,

I want to block and redirect website example from 1PM to 2PM
I want to block website1.com and redirect to website2.com

Thank you

You'd have to do a dst-nat to a web server that you control, and from there, based on the hostname, redirect to the desired site.

To do the redirect, with PHP at least, it's as simple as The most difficult part is matching the requests that should be redirected to the web server in the first place. The easiest (although somewhat error prone and inefficient) way is to use layer7-protocol filter. Something like: Once you have that, adding the dns-nat rule is trivial: (replace 192.168.0.254 with the IP of your web server)

P.S. The regex in the PHP, and the equivalent portion in the layer7-protocol both ensure you redirect website1.com as well as all of its subdomains.

Hello boen_robot, Thank you for reply.

I tried this but I get this error:

first. expected end of command (line 1 column 33)

second. input does not match any value of protocol

what can I do?

Thank you

Opps. I missed the name argument. The first command should be The second commands needs the first before it can work.

Opps. I missed the name argument. The first command should be

Code: Select all

/ip firewall layer7-protocol add name="HTTP website1.com" regexp="^\S+ \S+ HTTP\/\d\.\d[^H]+Host: ([^\n\.]+\.)*website1\.com.+\n\n"

The second commands needs the first before it can work.

I get this error:
expected end of command (line 1 column 69)]+\.)*website1\.com.+\n\n"

Thank you

Argh!! Damn command line. Fine, just use the "+" from Winbox, and enter into the regexp field, and enter in the name field.

http://s019.radikal.ru/i616/1205/44/b2b2a31d4217.png
http://s019.radikal.ru/i618/1205/8e/26769d9f4000.png

I tried it but does not redirecting

In the NAT rule, do you have the "layer7-protocol" attribute set to "HTTP top.ge"? In Winbox, you can see it in the "Advanced" tab of the rule. Add it if not.

If you do have it and it still doesn't work... hmm... try with the regex If even that doesn't work... what is this top.ge site? Does it resolve only to a single IP or multiple IPs? Do your clients use your router as a DNS too? There are other techniques besides layer7-protocols that can be used depending on the answers of those two questions... I started with layer7, because if the regex is correct, the solution is universal. But like I said, it's error prone.

Thank you.
I try it but does not work.

I tried this:
/ip proxy access add dst-host=: action=deny redirect-to=top.ge

for time I create Scheduler, enter time and insert this:
/system script run <script name>


Thank you boen_robot

Wait... doesn't that only work when your users set up your router as a proxy server?

If it works regardless, I must say I just learned something .

Yesterday it worked. today does not work. I can't understand

You'd have to do a dst-nat to a web server that you control, and from there, based on the hostname, redirect to the desired site.

To do the redirect, with PHP at least, it's as simple as

Code: Select all

<?php
if (preg_match('/^([^\n\.]+\.)*website1\.com$/i', $_SERVER['HTTP_HOST'])) {
    header('Location: http://website2.com');
} 

The most difficult part is matching the requests that should be redirected to the web server in the first place. The easiest (although somewhat error prone and inefficient) way is to use layer7-protocol filter. Something like:

Code: Select all

/ip firewall layer7-protocol add="HTTP website1.com" regexp="^\S+ \S+ HTTP\/\d\.\d[^H]+Host: ([^\n\.]+\.)*website1\.com.+\n\n"

Once you have that, adding the dns-nat rule is trivial:

Code: Select all

/ip firewall nat add comment="Redirect for website1.com" chain="dstnat" layer7-protocol="HTTP website1.com" time="13h-14h,sun,mon,tue,wed,thu,fri,sat" action="dst-nat" to-addresses="192.168.0.254"

(replace 192.168.0.254 with the IP of your web server)

P.S. The regex in the PHP, and the equivalent portion in the layer7-protocol both ensure you redirect website1.com as well as all of its subdomains.

can you please help me with this ?

http://forum.mikrotik.com/viewtopic.php?f=1&t=74197

Hello Mr giobulia
გამარჯობა თბილისიდან

http://codingtips.itwebsols.com/servers ... l7-layer7/
such as this method is a blocked. how i can to forward?

HI

Would someone tell me, if its necessary to install in MicroSD when using an internal proxy. I Deployed a RB1100Hx2 with proxy server (in the internal flash storage), and worked fine the first day, but the second start making mess with the internet connections.
I really don't know if having problems with proxy storage (have to be on the external) or some Firewall Policy.





Thanks