Page 1 of 1
How-to firewall customer IP that is delinquent, direct/force them to webpage html address?
Posted: Fri Jun 26, 2015 8:36 pm
by wispwest
We've always used the DST-NAT firewall rule to lock customers to the "Deliquent" webpage that are past-due, however we've moved our website and need to DST them to a html address now, but Mikrotik OS says "IP Address expected"
Tried creating an "address list" but still "need IP address", and can't forward to a
www.website.com/deliquent/
Appreciate any help!
Re: How-to firewall customer IP that is delinquent, direct/force them to webpage html address?
Posted: Fri Jun 26, 2015 10:43 pm
by thebigcow
This is probably easier to accomplish from the web server itself if you have another ip to spare.
Re: How-to firewall customer IP that is delinquent, direct/force them to webpage html address?
Posted: Fri Jun 26, 2015 10:48 pm
by wispwest
I know it'd be easier, as that's how we've done it the past 10 years.
That's the problem, we no longer have separate IP's for different pages, it all shares the same IP address for the domain (now cloud-based)
Re: How-to firewall customer IP that is delinquent, direct/force them to webpage html address?
Posted: Sat Jun 27, 2015 12:03 am
by 2frogs
Re-direct them to a web-proxy and use
/ip proxy access add dst-host=* action=deny redirect-to=www.yoursite.com
to force them to your page.
Re: How-to firewall customer IP that is delinquent, direct/force them to webpage html address?
Posted: Sat Jun 27, 2015 1:20 am
by wispwest
Re-direct them to a web-proxy and use
/ip proxy access add dst-host=* action=deny redirect-to=www.yoursite.com
to force them to your page.
Thanks! So, where do I put the customer IP, do I put them in the * where "dst-host=*" ?
Example: ip proxy access add dst-host=10.9.9.54 action=deny redirect-to=
www.yoursite.com/deliquent
Re: How-to firewall customer IP that is delinquent, direct/force them to webpage html address?
Posted: Sat Jun 27, 2015 1:38 am
by networkfudge
/ip firewall nat add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080 src-address-list=Block
/ip firewall filter add chain=forward src-address-list=Block protocol=udp dst-port=53 action=accept add chain=forward dst-address-list=Block protocol=udp src-port=53 action=accept add chain=forward src-address-list=Block action=drop
/ip proxy set enabled=yes /ip proxy access add action=allow disabled=no dst-address=172.16.0.123 add action=deny disabled=no redirect-to="http://172.16.0.123/block.html"
This will re-direct anyone in the Block address list to
http://172.16.0.123/block.html
Re: How-to firewall customer IP that is delinquent, direct/force them to webpage html address?
Posted: Sat Jun 27, 2015 6:58 am
by 2frogs
Re-direct them to a web-proxy and use
/ip proxy access add dst-host=* action=deny redirect-to=www.yoursite.com
to force them to your page.
Thanks! So, where do I put the customer IP, do I put them in the * where "dst-host=*" ?
Example: ip proxy access add dst-host=10.9.9.54 action=deny redirect-to=
www.yoursite.com/deliquent
Sorry, though I included a link to Wiki,
http://wiki.mikrotik.com/wiki/Manual:IP/Proxy. The * in dst-host=* is wildcard to catch the original website or IP.
But what Networkfudge gave you is what you need to get it working.