Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
F
F
Fyodor2014-06-19 07:42:11
Mikrotik
Fyodor, 2014-06-19 07:42:11

How to configure the Mikrotik router to prohibit access to certain sites to all except some clients?

In general, it is necessary that they stop wasting time on social networks, while there are those who work with the help of VKontakte, including, they need to leave access.
I find instructions on the Internet, but there is usually just a ban on everyone.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

5 answer(s)
Report
C
Cool Admin, 2014-06-19
@ifaustrue

Complicated. There are no direct mechanisms for blocking by site type or sane blocking by DNS in MK. It is more correct to transparently wrap web traffic to a neighboring node where the Squid + Sams package will be raised (for example, a pfsense build or something more serious, such as Kerio + OrangeWebFilter), for those users who do not need blocking, the traffic will go straight, for those who we filter, we wrap it on this filter unit.
It will work very quickly, without hemorrhoids with a proxy and with an understanding of how traffic flows.
But if this option does not work, then:
1. In the DNS server, we pin the VKontakte node to a specific IP (either on the MK or on another DNS server, it doesn’t matter)
2. We prohibit the use of other DNS
3. In MK we make two address of the sheet, in one the IP addresses of "undesirable users" in the second (pinned in the DNS) are the addresses of the nodes to which access needs to be blocked
4. Create a rule from one address of the sheet then the other address of the sheet - Deny.

Report
A
ASPI, 2014-06-26
@ASPI

RouterOS has Web Proxy, it works as a transparent proxy, the only minus is eating resources.
And then the question is, what mikrotik do you use? If 1100AHx2 or something like that, then there will be enough resources to block social networks (caching is not needed). And yes, mikrotik has KVM, if it is built on the x86 platform, then who prevents you from installing a squid in a virtual machine and wrapping traffic into it.
Regarding the personalization of blocking in mikrotik, there are a lot of solutions (mainly for the firewall, but who prevents them from using them for the built-in proxy server), from the address of the sheets, to very non-trivial solutions on scripts.

Report
K
Kirill 1, 2014-06-29
@SmileyK

How about a service like skydns?? Register in mk and everything

Report
A
Alexander, 2014-11-15
@AbyssMoon

Here the guys offered a more beautiful version with a script:
ironsf.blogspot.ru/2013/11/mikrotik.html

Report
E
EsTaF, 2015-06-01
@EsTaF

"Here the guys suggested a more beautiful version with a script:
ironsf.blogspot.ru/2013/11/mikrotik.html"
For banal social networks - yes. But on for other locks - tin. One ip can have several sites.

Similar questions
A
AkZwork2019-06-14 22:20:10
How to make two VPNs work simultaneously on mikrotik? 1Reply
A
AndrewOo2015-01-22 16:34:20
Mikrotik hotspot authorization for Android how does it work? 0Reply
C
Cubi2021-02-02 13:20:53
How to send broadcast traffic to Mikrotik? 2Reply
S
spazmoGnom2021-02-05 03:17:25
How to connect Mikrotik hap ac2 to wireguard server? 2Reply
I
Igor Krivintsov2021-02-05 13:57:58
How to manage routes in Mikrotik? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question