MikroTik

Hello,

I know there are lot of threads about how to block social media sites and there are helpful, but I have kind of diffrent problem.

I have to allow access to some subsites on this social media exp. youtube.com/someuser , facebook.com/somefanpage, but also keep blocking the rest of this sites.

To block sites I use mainly the L7-filter, but for this it not working. Any ideas on regexp or another solution ?

Are these pages to be accessed from everyone, or only from a group?
If you have normal users inside your network you can go with transparent webproxy. If someone there is clever enough to bypass the webproxy, then you need a better approach.

Are these pages to be accessed from everyone, or only from a group?

By everyone.

If you have normal users inside your network you can go with transparent webproxy. If someone there is clever enough to bypass the webproxy, then you need a better approach.

There is always one clever enough

I know that at some point I will have to use porxy, for now it wasn't nessesery. Thanks for replay.

One way I am thinking now, is to transparently redirect all requests to opendns and there block all proxy/anonimzers so they can't use any of them to bypass. Also, the opendns offers to block specific domains, but I don't know about subdomains. If that is not possible within opendns, then you can setup your own webproxy keeping always the dns pointed to opendns.

Bypassing the proxy by some users are not the main issue here. Method of recognition the some part in the URL is problem for me because even simple rule to block don't work.

For example : www.facebook.com/john when I try to block by "content=john", this site is still avaliable.

I'm trying rules so hard because I like to keep as simple as I can.

The only way to block something like this is to use URL filtering.

If there are no users who can bypass your proxy, then it is better to go with it.
Post the relevant rules you are applying to see what is not working. Keep in mind that proxy rules are executed in order, so if there is a rule blocking general access to facebook.com before the one that allows access to facebook.com/john then it will not work.