How to block https access to sites through Mikrotik using part of the dns name as a mask?

V

Vyacheslav Nikolaev2016-04-14 10:01:42

Mikrotik

Vyacheslav Nikolaev, 2016-04-14 10:01:42

Is there a way to block https access to all sites using the dns part of the name as a mask. Ie, is it necessary to block access to all possible variants (www.example.com, www1.example.com, site.example.com) using "example.com" as "mask"? At the same time, it is known in advance that all these sites that need to be blocked have different IP addresses. At what it is desirable to have several such "masks".
I read the material described here , but the proposed script did not work for me.
I use Mikrotik RB2011L with RouteOS 6.34.4.
I understand that it is possible to install a “transparent” Squid with HTTPS resource filtering on some Linux computer, but I would like, if possible,

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

Z

Ziptar, 2016-04-21
@Lamaster-M

Another option - if MT is used as a DNS - add
example.com 127.0.0.1
.example.com 127.0.0.1 to static records
Not the most effective and with nuances, but more effective ones have already been written above. :)
PS and there is also a tyndex browser with its "secure" dns, so be careful.
UPD: read the comments. Actually, I do just that with some software that accesses the server by dns name - and this is not always desirable.
DHCP distributes the address of the dns server, pointing to the domain controller, and on it, as a forwarding server, there is a dns server on Mikrotik.

V

Vadim K, 2016-04-14
@OLQLOSH

Well, you can try to create an expression in Firewall->Layer 7 ^.+(example.com).*$
Then create a rule in the Firewall blocking forward by selecting the created expression in the Advanced tab of the Layer 7 Protocol item. I block social networks on some computers.

P

paxlo, 2016-04-20
@paxlo