By: Mikrotik4ME Ali Sami

 It can speed up WEB browsing by caching data.

HTTP Firewall.
MikroTik RouterOS performs proxying of HTTP and HTTP-proxy (for FTP,

HTTP and HTTPS protocols) requests.

Allows to filter web content (by specific parameters, like source address,

destination address and port, URL, HTTP request method) .

A proxy server usually is placed at various points between users and the

destination server .

 A Web proxy (cache) watches requests coming from client, saving copies of the responses for

itself.

if there is another request for the same URL, it can use the response that it has, instead of

asking the origin server for it again

If proxy has not requested file, it downloads that from the original server.
There can be many potential purpose of proxy server:

To decrease access speed to resources (it takes less time for the client to get the object).
Works as HTTP firewall (deny access to undesirable web pages).

The main option is Enable, other

settings are optional

 User need to set additional configuration to browser to use Proxy.

Transparent proxy allows to direct all users to proxy automatically.

RouterOS can also act as a Transparent Caching server, with no

configuration required in the customers web browser.

To enable the transparent mode, firewall rule in destination NAT has to

be added, specifying which connections (to which ports) should be

transparently redirected to the proxy

 DST-NAT rules required

for transparent proxy

HTTP traffic should be

redirected to router

 Access list is implemented in the same way as MikroTik firewall rules

processed from the top to the bottom.

Connections can be matched by its source address, destination

address, destination port, sub-string of requested URL (Uniform

Resource Locator) or request method.

If connection is matched by a rule, action property of this rule specifies

whether connection will be allowed or not (deny).

If connection does not match any rule, it will be allowed.

 Proxy access list provides option to filter DNS names.

You can make redirect to specific pages.

10

Block particular Websites

/ip proxy access add dsthost=www.facebook.com action=deny

It will block website http://www.facebook.com, we can always block the same for different

networks by giving src-address.

11

block also websites that contain specific

words in URL
/ip proxy access add dst-host=:mail
action=den

This

statement will block all websites which contain

Like www.mail.com, www.hotmail.com, mail.yahoo.com etc.

word

mail

in

URL.
12

Stop specific download types

/ip proxy access
add path=*.flv action=deny
add path=*.avi action=deny
add path=*.mp4 action=deny
add path=*.mp3 action=deny
add path=*.zip action=deny
add path=*.rar action=deny.

We can also stop downloading specific types of files like .flv, .avi, .mp4, .mp3, .exe, .dat, etc.

13

 Dst-Host, webpage address(http://test.com)

Path, anything after http://test.com/PATH

14

 Create rule to drop access for specific web-page.

Create rule to make redirect from unwanted web-page to your

company page.

15

 Create transparent web proxy .

Change www.google.com logo to MikroTik-IQ logo by using the

following parameters :

Path : /images/srpr/logo3w.png

Action : deny
Redirect to : im25.gulfup.com/Wjs31.jpg

16

17

 Proxy can log visited Web-Pages by users

Make sure you have enough resources for logs (it is better to send them

to remote)

18

 Add logging rule

Check logs
19

 Cache can be stored on the external drives.

Store manages storage devices used by RouterOS various facilities.

Cache can be stored to IDE, SATA, USB, CF, Micro SD drives.
Currently Store can be used for:

Web proxy
User Manager
the Dude

20

 Manage all

external disks.

Newly connected

disk should be
formatted.

21

 Add store to save proxy to external disk

Store supports proxy, user-manager, dude

22

 Proxy concept
Configuring proxy
Configure transparent proxy
HTTP firewall + lab
Web page logging
Manage external store
Save web proxy information's to external storage

23

24