By: Mikrotik4ME Ali Sami

2

It can speed up WEB browsing by caching data.

HTTP Firewall.

MikroTik RouterOS performs proxying of HTTP and HTTP-proxy (for FTP,HTTP and HTTPS protocols) requests.

Allows to filter web content (by specific parameters, like source address,destination address and port, URL, HTTP request method) .

A proxy server usually is placed at various points between users and thedestination server .

3

4

A Web proxy (cache) watches requests coming from client, saving copies of the responses foritself.

if there is another request for the same URL, it can use the response that it has, instead ofasking the origin server for it again

If proxy has not requested file, it downloads that from the original server.

There can be many potential purpose of proxy server:

To decrease access speed to resources (it takes less time for the client to get the object).

Works as HTTP firewall (deny access to undesirable web pages).

5

6The main option is Enable, other

settings are optional

User need to set additional configuration to browser to use Proxy.

Transparent proxy allows to direct all users to proxy automatically.

RouterOS can also act as a Transparent Caching server, with noconfiguration required in the customers web browser.

To enable the transparent mode, firewall rule in destination NAT has tobe added, specifying which connections (to which ports) should betransparently redirected to the proxy

7

DST-NAT rules required for transparent proxy

HTTP traffic should be redirected to router

8

Access list is implemented in the same way as MikroTik firewall rulesprocessed from the top to the bottom.

Connections can be matched by its source address, destinationaddress, destination port, sub-string of requested URL (UniformResource Locator) or request method.

If connection is matched by a rule, action property of this rule specifieswhether connection will be allowed or not (deny).

If connection does not match any rule, it will be allowed.

9

Proxy access list provides option to filter DNS names.

You can make redirect to specific pages.

10

It will block website http://www.facebook.com, we can always block the same for different networks by giving src-address.

11

Block particular Websites

/ip proxy access add dst-

host=www.facebook.com action=deny

This statement will block all websites which contain word mail in URL.Like www.mail.com, www.hotmail.com, mail.yahoo.com etc.

12

block also websites that contain specific

words in URL

/ip proxy access add dst-host=:mail

action=den

We can also stop downloading specific types of files like .flv, .avi, .mp4, .mp3, .exe, .dat,etc.

13

Stop specific download types

/ip proxy access

add path=*.flv action=deny

add path=*.avi action=deny

add path=*.mp4 action=deny

add path=*.mp3 action=deny

add path=*.zip action=deny

add path=*.rar action=deny.

Dst-Host, webpage address(http://test.com)

Path, anything after http://test.com/PATH

14

Create rule to drop access for specific web-page.

Create rule to make redirect from unwanted web-page to yourcompany page.

15

Create transparent web proxy .

Change www.google.com logo to MikroTik-IQ logo by using thefollowing parameters :

Path : /images/srpr/logo3w.png

Action : deny

Redirect to : im25.gulfup.com/Wjs31.jpg

16

17

Proxy can log visited Web-Pages by users

Make sure you have enough resources for logs (it is better to send themto remote)

18

Add logging rule

Check logs19

Cache can be stored on the external drives.

Store manages storage devices used by RouterOS various facilities.

Cache can be stored to IDE, SATA, USB, CF, Micro SD drives.

Currently Store can be used for:

Web proxy

User Manager

the Dude

20

Manage all external disks.

Newly connected disk should be formatted.

21

Add store to save proxy to external disk

Store supports proxy, user-manager, dude22

Proxy concept

Configuring proxy

Configure transparent proxy

HTTP firewall + lab

Web page logging

Manage external store

Save web proxy information's to external storage

23

24