MikroTik

Community discussions
https://forum.mikrotik.com/

Webproxy walled garden or something

https://forum.mikrotik.com/viewtopic.php?t=82985

Page 1 of 1

Webproxy walled garden or something

Posted: Sat Mar 15, 2014 11:12 pm
by gargola
Hello colleagues:
This is my situation, I'm redirecting users to the webproxy to show alerts about payment.
Code: Select all
/ip firewall nat add action=redirect chain=dstnat comment="Payment" dst-port=80 in-interface=ether5-LAN1 protocol=tcp src-address-list=alert to-ports=999
Code: Select all
/ip proxy set enabled=yes port=999 ip proxy access
add action=deny redirect-to=10.0.3.2:89
So, when I add a client to the addresslist He sees the alert and everything is OK. But now, I want to show them a video uploaded to youtube. But as I am redirecting all the traffic, He can't get the youtube video.
Is there something like walled garden for hotspot, in webproxy?
Regards!

Re: Webproxy walled garden or something

Posted: Sat Mar 15, 2014 11:57 pm
by rextended
...

Re: Webproxy walled garden or something

Posted: Mon Mar 17, 2014 7:50 am
by gargola
Thank You, works perfect :D
Could You know why my rule isn't working with https? I add to the rule the port 443, but, if some IP in the address list tries to navigate still can see https pages.

ros code

/ip firewall nat add action=redirect chain=dstnat comment="Payment" dst-port=80,443 in-interface=ether5-LAN1 protocol=tcp src-address-list=alert to-ports=999

Re: Webproxy walled garden or something

Posted: Mon Mar 17, 2014 10:10 am
by rextended
You can not redirect https traffic on http traffic,
you must create two proxy and two mangle on rb, also two service on web server.

Also not all websites use 80 or 443 for http or https

Re: Webproxy walled garden or something

Posted: Mon Mar 17, 2014 9:38 pm
by gargola
So if I'm not wrong.
HTTP -> One NAT rule, One webproxy, One web server.
HTTPS -> One NAT rule, One webproxy, One web server with HTTPS certificate?

Re: Webproxy walled garden or something

Posted: Mon Mar 17, 2014 9:43 pm
by rextended
So if I'm not wrong.
HTTP -> One NAT rule, One webproxy, One web server.
HTTPS -> One NAT rule, One webproxy, One web server with HTTPS certificate?
HTTP -> One NAT rule, One webproxy, One web server.
HTTPS -> One NAT rule, SAME webproxy, CAN BE SAME web server with OTHER port with HTTPS certificate?


I have the same problem with https://www.google.com new webpage,
for display HotSpot https webpages (for login & advertise) I haved to buy a certificate [from EssentialSSN] verified by one general root authority.
If I not do that the user can not see login pages (are forced to digit hotspot address or DNS name)

Re: Webproxy walled garden or something

Posted: Tue Mar 18, 2014 1:54 am
by gargola
So, with my HTTPS web server, I'll be able to redirect the HTTPS requests to the proxy and show the alert?
I'm already working on a laboratory, lets see what happens.

I can't get it work :(

ros code

/ip firewall nat
add action=redirect chain=dstnat comment=\
    "Payment" dst-port=80 protocol=tcp \
    src-address-list=aviso to-ports=999
add action=redirect chain=dstnat dst-port=443 protocol=tcp src-address-list=\
    aviso to-ports=999

/ip proxy access
add dst-host=*.youtube.com path=/embed/JP4XikcBfdg
add action=deny dst-port=443 redirect-to=192.168.100.31
add action=deny dst-port=80 redirect-to=10.0.3.2:89
In my second web server I redirect all http to https, and the https is working. I realized that when add the dst-nat for 443 port, even that youtube is first in access, the http can't see the video. If I disable the 443 dst-nat, it work good, and the http request can see the video.
Requesting a HTTP page, the redirection works perfect.
Requesting a HTTPS page, the page stay loading and doesn't work.
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/