Web Proxy

24
By: Mikrotik4ME    Ali Sami

description

Web Proxy

Transcript of Web Proxy

  • By: Mikrotik4ME Ali Sami

  • 2

  • It can speed up WEB browsing by caching data.

    HTTP Firewall.

    MikroTik RouterOS performs proxying of HTTP and HTTP-proxy (for FTP,HTTP and HTTPS protocols) requests.

    Allows to filter web content (by specific parameters, like source address,destination address and port, URL, HTTP request method) .

    A proxy server usually is placed at various points between users and thedestination server .

    3

  • 4

  • A Web proxy (cache) watches requests coming from client, saving copies of the responses foritself.

    if there is another request for the same URL, it can use the response that it has, instead ofasking the origin server for it again

    If proxy has not requested file, it downloads that from the original server.

    There can be many potential purpose of proxy server:

    To decrease access speed to resources (it takes less time for the client to get the object).

    Works as HTTP firewall (deny access to undesirable web pages).

    5

  • 6The main option is Enable, other

    settings are optional

  • User need to set additional configuration to browser to use Proxy.

    Transparent proxy allows to direct all users to proxy automatically.

    RouterOS can also act as a Transparent Caching server, with noconfiguration required in the customers web browser.

    To enable the transparent mode, firewall rule in destination NAT has tobe added, specifying which connections (to which ports) should betransparently redirected to the proxy

    7

  • DST-NAT rules required for transparent proxy

    HTTP traffic should be redirected to router

    8

  • Access list is implemented in the same way as MikroTik firewall rulesprocessed from the top to the bottom.

    Connections can be matched by its source address, destinationaddress, destination port, sub-string of requested URL (UniformResource Locator) or request method.

    If connection is matched by a rule, action property of this rule specifieswhether connection will be allowed or not (deny).

    If connection does not match any rule, it will be allowed.

    9

  • Proxy access list provides option to filter DNS names.

    You can make redirect to specific pages.

    10

  • It will block website http://www.facebook.com, we can always block the same for different networks by giving src-address.

    11

    Block particular Websites

    /ip proxy access add dst-

    host=www.facebook.com action=deny

  • This statement will block all websites which contain word mail in URL.Like www.mail.com, www.hotmail.com, mail.yahoo.com etc.

    12

    block also websites that contain specific

    words in URL

    /ip proxy access add dst-host=:mail

    action=den

  • We can also stop downloading specific types of files like .flv, .avi, .mp4, .mp3, .exe, .dat,etc.

    13

    Stop specific download types

    /ip proxy access

    add path=*.flv action=deny

    add path=*.avi action=deny

    add path=*.mp4 action=deny

    add path=*.mp3 action=deny

    add path=*.zip action=deny

    add path=*.rar action=deny.

  • Dst-Host, webpage address(http://test.com)

    Path, anything after http://test.com/PATH

    14

  • Create rule to drop access for specific web-page.

    Create rule to make redirect from unwanted web-page to yourcompany page.

    15

  • Create transparent web proxy .

    Change www.google.com logo to MikroTik-IQ logo by using thefollowing parameters :

    Path : /images/srpr/logo3w.png

    Action : deny

    Redirect to : im25.gulfup.com/Wjs31.jpg

    16

  • 17

  • Proxy can log visited Web-Pages by users

    Make sure you have enough resources for logs (it is better to send themto remote)

    18

  • Add logging rule

    Check logs19

  • Cache can be stored on the external drives.

    Store manages storage devices used by RouterOS various facilities.

    Cache can be stored to IDE, SATA, USB, CF, Micro SD drives.

    Currently Store can be used for:

    Web proxy

    User Manager

    the Dude

    20

  • Manage all external disks.

    Newly connected disk should be formatted.

    21

  • Add store to save proxy to external disk

    Store supports proxy, user-manager, dude22

  • Proxy concept

    Configuring proxy

    Configure transparent proxy

    HTTP firewall + lab

    Web page logging

    Manage external store

    Save web proxy information's to external storage

    23

  • 24