MikroTik

greetings to everyone in the forum.
I have been trying to block social website on my mk router (RB493) but i cannot achieve it. i have used L7 to block facebook, though it worked for only "www.facebook.com" but could not work on https://facebook.com, as well as linkdin and twitter.
Please i need your various contributions on how i can fix this problem.
Thanks.

Use the web proxy, its a lot easier You can find a very simple example here: http://www.tiktube.com/video/GChD3alGgl ... sDlEonpKD=

I tried using web proxy, i was only able to block www.facebook.com but still able to open https:\\facebook.com and other https domain.

There is a difference between using the web proxy to cache and using it to limit access. Although, it won't cache https traffic, it can block it. You can also use wild cards with the address to block sub pages.

Or you can grab the prefix lists for Facebook / Twitter / etc and just blackhole those IP Addresses with a simple firewall rule.

Should be at a lower level than L7 filters so less load on your router.

You do need to keep on top of their changes to IP Space but it should be fairly reliable to cut them off completely.

Regards
Alexander

You could black-hole that traffic, but I think you will find that with sites that have a large web presence such as the sites we are talking about, there are more specific IP addresses and IP ranges then would normally be expected. Its much easier to use a URL with a wildcard then to try to block that traffic by IP. Theoretically, you could create a script that resolves the DNS names and then black-holes the updated list. I believe their is a similar script on the wiki that resolves names for adding to the firewall.

There is a difference between using the web proxy to cache and using it to limit access. Although, it won't cache https traffic, it can block it. You can also use wild cards with the address to block sub pages.

Please how do i use the wild cards with the address to block sub pages.
Thank you for your suggestion.