Why does Mikrotik work on deny, 403 Forbidden for a long time on the web proxy?

K

Kenny002019-08-23 18:22:28

Computer networks

Kenny00, 2019-08-23 18:22:28

There is Mikrotik as a proxy server (web-proxy), which has one rule (like dst-domain) with the permission of all windows updates according to the list and 1 site - allow. The rest is all deny. (everything is prohibited, except for those allowed)

The site has resources loaded from other resources (For example, the same social network site of the same name and their API), they are prohibited except for the main site, since the internal site does not require authorization through social networks. And customers from the Internet please.

The site test.ru simply does not load until it receives all the elements, even if they are 404 or 403.

After successfully loading or not loading the elements, the site works fine.

From here the question is, why does Mikrotik think so long before returning 403?
(exactly 300 seconds, judging by the debug)

PS If you allow the social network site of the same name, it works in a second.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

R

rionnagel, 2019-08-23
@rionnagel

Because the packets are completely dropped, not rejected. Before drops, make a reject tcp-reset.
Just because you're using a web proxy doesn't mean the client is ignoring the firewall.