Mikrotik Hotspot, Block website based on User Profile

Previously on Mikrotik Hotspot we’ve been limiting user’s connections based on user profile, today we gonna block specific website based on user profile. Please kindly re-read my previous for for instruction on trapping user address into address list. Since we also use the address list for current post.
Our local internet regulation forced us to block specific websites for specific users. Mostly social media and adults website. Blocking adults website are the most easier task. I’ts applied to all of us, i just need to put the list into squid proxy server. Blocking social media in the other hand are harder then it seems. Since it applied only to specifics user, the rule have to be placed on mikrotik hotspot firewall.
mikrotik block social media
The problem is the social media website used multiple ip address and mikrotik hotspot also ignoring mangle rule. That’s mean i have to find all the ip address of the social media website and put all the ip address to firewall address list manually. Yup, not an easy task, and i’m not kind of person who like manually do a computer things.

Layer 7 Protocol

But you know there is a layer 7 protocol which is used to search pattern with regular expressions (RegExp) filter for ICMP, TCP and UDP connection streams. In this way we can put part of url address of a website using regular expression on layer 7 and all matched pattern can be proceed into firewall rule.

Example new RegExp

1. Go to IP->Firewal->Layer 7 Protocols
2. Click “+” button to add new RegExp.
3. A small windows will poped up, put a name for the new RegExp (for example Facebook).
4. In RegExp form put:
^.+(facebook.com).*$
This will match all facebook.com address
facebook regexp
5. Click Apply

New Firewall Filter Rule

1. Go to IP->Firewall->Filter Rules
2. Click “+” button to add new Filter Rule
3. Set:
General Tab
Chain = "Forward"
Src. Address = "your client network address here"
Advanced Tab
Please read how to trap user address based on profile in related to address list
Src. Address List = "User Address List"
Layer 7 Protocol = "facebook"  #the RegExp name you've create before.
Action Tab
Action = "Reject" #you can also simply put Drop on it
Reject With = "ICMP Network Unreachable" #Only if you choose Reject
mikrotik firewall filter
4. Click Apply.
This filter will apply only to user’s ip address who trapped into the above address list. Other users will normally access the website without any limitation. If you want to block more website simply copy the the RegExp on layer 7 protocol and change the RegExp name and website name into the name of website to be blocked. And you need also copy the firewall rule and change the Layer 7 Protocol to the new protocol created.

Comments

  1. No NameMay 30, 2020 at 5:50 PM

    Hello Everyone

    Anyone wants genuine & fresh leads, I'm here to provide you.

    If you have any doubt, you can ask for samples, will give you leads for testing.

    Data includes in it:

    First Name
    Last Name
    SSN
    DOB
    Phone Numbers
    Address
    City
    State
    Zip
    Residential Status
    Account Number
    Routing Nummber
    DL number
    Emails

    Dealing in almost all types of leads.

    SSN Leads
    Dead Fullz
    Premium Leads
    Mortgage Leads
    Bank Account Leads
    Dob leads
    Senior Citizens leads
    Employee Leads
    Business Leads
    Home Owners Leads
    DL Leads
    Emails Leads
    Phone Numbers Leads

    Available data of USA & Canada.

    Each lead will be cost $1, if you want in bulk I can negotiate.

    I request, it's not campaign data, so please don't ask me for that cheap data.

    For Serious Buyers, below are the details to contact:

    Whatsapp > +923172721122
    email > leads.sellers1212@gmail.com
    telegram > @leadsupplier
    ICQ > 752822040

    ReplyDelete
  2. FixitJune 1, 2020 at 9:31 PM

    Hello all
    am looking few years that some guys comes into the market
    they called themselves hacker, carder or spammer they rip the
    peoples with different ways and it’s a badly impact to real hacker
    now situation is that peoples doesn’t believe that real hackers and carder scammer exists.
    Anyone want to make deal with me any type am available but first
    I‘ll show the proof that am real then make a deal like

    Available Services

    ..Wire Bank Transfer all over the world

    ..Western Union Transfer all over the world

    ..Credit Cards (USA, UK, AUS, CAN, NZ)

    ..School Grade upgrade / remove Records

    ..Spamming Tool

    ..keyloggers / rats

    ..Social Media recovery

    .. Teaching Hacking / spamming / carding (1/2 hours course)

    discount for re-seller

    Contact: 24/7

    fixitrogers@gmail.com

    ReplyDelete
  3. No NameJune 12, 2020 at 8:42 AM

    ACTIVE & FRESH CC FULLZ WITH HIGH BALANCE

    * Please don't ask for sample or screenshot
    *Payment in advance
    *Time wasters or cheap questioners please stay away
    *You can buy for your specific states too

    Price $5 per each CC

    DETAILS

    =>CARD TYPE
    =>FIRST NAME & LAST NAME
    =>CC NUMBER
    =>EXPIRY DATE
    =>CVV
    =>FULL ADDRESS (ZIP CODE, CITY/TOWN, STATE)
    =>PHONE NUMBER,DOB,SSN
    =>MOTHER'S MAIDEN NAME
    =>VERIFIED BY VISA
    =>CVV2

    Contact Us

    -->Whatsapp > +923172721122
    -->Email > leads.sellers1212@gmail.com
    -->Telegram > @leadsupplier
    -->ICQ > 752822040

    US FRESH, TESTED & VERIFIED SSN LEADS
    $1 PER EACH

    First Name | Last Name | SSN | Dob | Address | State | City | Zip | Phone Number | Account Number | Bank NAME | DL Number | Home Owner | IP Address |MMN | Income

    *Hope for the long term deal
    *If anyone need leads In bulk, I'll definetly negotiate

    US DUMP TRACK 1 & 2 WTIH PIN CODES ALSO AVAILABLE

    ReplyDelete

Post a Comment

Popular posts from this blog

DMASOFTLAB RADIUS MANAGER BILLING SYSTEM v 4.1 Finally Released

Image
DMASOFTLAB RADIUS MANAGER BILLING SYSTEM v 4.1 Finally Released  Filed under: Radius Manager — Tags: dmasoftlab radius manager new version , radius manager 4.1 — Waseem Anjum Meo @ 10:47 AM             5 Votes Finally DMA has released its new version for Radius Manager Billing System. Complete info can be found here. http://www.dmasoftlab.com/cont/revision   *** v 4.1.0 *** 2013-10-23 *** NEW FEATURES: ↓ -enhanced SMTP mailer with authentication and freely configurable port -SMS alert indicating the account is going to expire ** This was most DEMANDED   , Jz -support for BulkSMS HTTP->SMS gateway ** This was most DEMANDED   , Jz -alert type is selectable in user preferences (ACP / UCP) ** This was most DEMANDED   , Jz -enable traffic report per user in ACP even if global traffic report is disabled -service change is allowed for Hotspot MAC accounts -auto logout expired ACP sessions -FreeRadius 2.2.0 support -DOCSIS u
Read more

How To Configure Nano Station M2 As Access point

Image
Web Configuration Now that the hardware has been completely installed, it's time to configure the Bullet to act as a WiFi Access Point. Configuration is performed using your web browser by typing in  https://192.168.1.20 . You'll get a warning pop up stating that the device has presented an invalid SSL certificate due to the certificate being self-signed and not issued by a CA. This is normal so just hit accept/continue. You'll then need to log in with the default username and password of "ubnt". Configure the Wireless tab The first step is to configure the Wireless tab so the Bullet acts as a WiFi Access Point. Change the settings according to the below picture. Be sure to set the device up with WPA2 security and an appropriate WiFi password here. You can also use this tab to adjust the power output should you wish to cover a smaller area. The default channel bandwidth is 40MHz, but some older devices such as wireless printers and mobile phones cannot o
Read more