Answer the question
In order to leave comments, you need to log in
How to configure the Mikrotik router to prohibit access to certain sites to all except some clients?
In general, it is necessary that they stop wasting time on social networks, while there are those who work with the help of VKontakte, including, they need to leave access.
I find instructions on the Internet, but there is usually just a ban on everyone.
Answer the question
In order to leave comments, you need to log in
Complicated. There are no direct mechanisms for blocking by site type or sane blocking by DNS in MK. It is more correct to transparently wrap web traffic to a neighboring node where the Squid + Sams package will be raised (for example, a pfsense build or something more serious, such as Kerio + OrangeWebFilter), for those users who do not need blocking, the traffic will go straight, for those who we filter, we wrap it on this filter unit.
It will work very quickly, without hemorrhoids with a proxy and with an understanding of how traffic flows.
But if this option does not work, then:
1. In the DNS server, we pin the VKontakte node to a specific IP (either on the MK or on another DNS server, it doesn’t matter)
2. We prohibit the use of other DNS
3. In MK we make two address of the sheet, in one the IP addresses of "undesirable users" in the second (pinned in the DNS) are the addresses of the nodes to which access needs to be blocked
4. Create a rule from one address of the sheet then the other address of the sheet - Deny.
RouterOS has Web Proxy, it works as a transparent proxy, the only minus is eating resources.
And then the question is, what mikrotik do you use? If 1100AHx2 or something like that, then there will be enough resources to block social networks (caching is not needed). And yes, mikrotik has KVM, if it is built on the x86 platform, then who prevents you from installing a squid in a virtual machine and wrapping traffic into it.
Regarding the personalization of blocking in mikrotik, there are a lot of solutions (mainly for the firewall, but who prevents them from using them for the built-in proxy server), from the address of the sheets, to very non-trivial solutions on scripts.
Here the guys offered a more beautiful version with a script:
ironsf.blogspot.ru/2013/11/mikrotik.html
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question