How to Block Website Access using Web Proxy Mikrotik

Mikrotik Web Proxy has several functions, one of them is filtering. Web Proxy filtering feature can limit access to certain content which is requested by the client. You can restrict access to certain sites, specific file extensions, redirect to other sites, as well as restrictions on HTTP access method. This feature can't be done if you're just using NAT.

In this article we will try to block a particular site using the Web Proxy filtering feature. Ensure you have enabled Transparent Proxy feature on your Mikrotik Web Proxy. If you have not done it yet, you can read this tutorial :

Ok, let's do this job :). Follow these steps :

1. Login to your Mikrotik using Winbox
2. Go to IP --> Web Proxy --> Access --> Add new Rule

3. Add website details
> Dst. Port : port 80
> Dst. Host : fill in the website address you want to block
> Action : choose "deny" to block the website

4. Before you activate the rule, open and check the website you want to block it's can be accessed or not.

5. Then activate the rule, check again the website you block. The error page will be appear like this picture below.

6. You can redirect the blocked website to another one using the "Redirect To" option. Jist fill in the website address you want to redirect to.
Ok, now you can add any website you want to block. But this method can't be use to block website that use HTTPS connection like facebook.

How to Make a Transparent Proxy Mikrotik

How to Make a Transparent Proxy Mikrotik - Transparent proxy is a proxy configuration which intercepts normal communication at the network layer without requiring any special client configuration. It means that clients need not be aware of the existence of the proxy. Transparent proxy is located between the client and the Internet, with the proxy performing some of the functions of a gateway or router.

If we use Transparent proxy, we don't have to set up proxy configuration on clients browser. It's more simple and won't waste your time :). Ok, let's do it.

Please open the Winbox and follow these steps :
1 . Go to the menu IP - > Web Proxy

2 . To enable Web Proxy check " Enabled "

3 . Fill in the port to be used by the proxy. In this case we use port 8080

4 . You can replace Cache Administrator with your own email

5 . Max  Cache Size determines how large the allocation of memory to store its cache proxy. Please fill in as needed or you may choose unlimited.

6 . Check the "Cache On Disk" option to store the web proxy cache on Mikrotik's hard disk not on it's RAM.

7 . Click Apply - > OK

Now, your Mikrotik Web proxy is activated. But it's not configured as transparent proxy yet. 

Set up Mikrotik Web Proxy as Transparent Proxy

Transparent Proxy works with redirecting HTTP traffic data (destination port 80) to proxy's port 8080. This can be done with configuring the NAT Firewall on Mikrotik. You can use this command line on terminal.
ip firewall nat add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080
Or you can do it manually using Winbox, go to menu IP --> Firewall --> NAT

In the General tab
Chain : dstnat
Protocol : tcp
Dst. Port : 80

In the Action Tab
Action : redirect
To Ports : 8080
Done! Your Mikrotik Web Proxy is now become transparent. You can test it on your web browser, try to open an address which doesn't exist. So, you'll get the error page generated by web proxy, just like the picture below :

If this tutorial is't clear enough, you can watch this video tutorial how to make transparent web proxy Mikrotik :

What is Web Proxy? How Web Proxy Works?

What is Web Proxy?

Web Proxy is an application that mediates between the client and the server, so the client will not deal directly with the servers that exist on the Internet. Mikrotik have a web proxy features that can be used as a proxy server which will become an intermediary between a user's browser to the web server on the Internet.

How Web Proxy Works?

When a user opens a website, the browser will send an HTTP request to the server, but since the computer users using a web proxy then the proxy will receive an HTTP request from the browser and then create a new HTTP request on its behalf. The new HTTP request will be received by server then replied it with an HTTP Server Response and received by the proxy. Then it forwarded to the user's browser.

Web Proxy Requires Large Amount of CPU Resource

If you enable the Mikrotik web proxy feature you have to pay attention at it's memory capacity and CPU usage. Because Mikrotik will create a new HTTP Request on behalf of itself, thus requiring the use of memory and CPU Resource which bigger than just using NAT.

The advantages of using Web Proxy

The following are the Advantages / Benefits of Web Proxy Mikrotik :

Mikrotik Web Proxy can perform content caching which is storing some web content to the memory. The content will be reused if there is a request on the same content. For example when you open then the files on the web such as images, scripts, etc. will be stored by web proxy. So the next time you open Facebook, the router will retrieve files from the proxy cache instead of connecting to the Internet. This can save bandwidth and speed up Internet connection.

By using the Web Proxy you can restrict access to certain content which is requested by the client. You can restrict access to certain sites, specific file extensions, redirect to other sites, as well as restrictions on HTTP access method.

Connection Sharing
Web Proxy enhance the security level of your network, because computer users are not interacting directly with the web server on the Internet .

What is Mikrotik RouterBoard?

RouterBoard is embedded router products from mikrotik. Mikrotik Routerboard like a mini pc integrated into one board which have embedded processors, ram, rom, and flash memory. RouterBoard using Mikrotik RouterOS that serves as a network router, bandwidth management, proxy server, dhcp, dns servers and can also used as a hotspot server.

There are several series of routerboard which could also serve as wifi access point, bridge, or as a wifi WDS client. Most of the wireless ISP using routerboard to run both as a function of their wireless AP or client. With routerboard you can perform the function of a router without depending on another PC, because all functions of the router already embedded on the routerboard. When compared with RouterOS installed pc, routerboard is smaller, more compact and power-efficient because it only uses the adapter. Mikrotik RouterBoard can be mounted on the tower and use PoE as a power source.

Mikrotik hardware based on standard Personal Computer (PC) are known for their stability, quality control and flexibility for different types of data packets and the handling of the process or better known as routing. Mikrotik made ​​as much use PC-based router to an ISP who want to run multiple applications ranging from the most mild to advanced. Examples of applications that can be implemented on Mikrotik RouterBoard are Routing, application access capacity (bandwidth) management, firewall, wireless access point (WiFi), backhaul link, hotspot system, Virtual Private Netword (VPN) server and many more.

What is Mikrotik RouterOS?

MikroTik RouterOS is an operating system and software that can be used to make computers even become a reliable network router, includes a variety of features that are made ​​for IP networks and wireless networks, suitable for use by ISPs and hotspot providers. MikroTik RouterOS installed on the company's proprietary hardware called Mikrotik RouterBOARD, or on x86-based computers. 

RouterOS turns the computer into a network router and implements various additional features, such as firewall, virtual private network (VPN) service and client, bandwidth shaping and quality of service, wireless access point functions and other commonly used features when interconnecting networks. Installing Mikrotik is not required additional software or additional components. Mikrotik is designed to be easy to use and very well used for administrative purposes such as computer network design and build a small-scale computer network systems to complex ones.

Since RouterOS is not free, so you have to buy MikroTik License to using it. RouterOS license comes in a variety of levels. Each level has the ability, respectively, starting from level 3 to level 6. In short, level 3 is used to interface with ethernet router, level 4 for the wireless client or serial interface, the wireless AP to level 5 and level 6 does not have any limitations. For hotspot applications, can use level 4 (200 users), level 5 (500 user) and level 6 (unlimited).

What is Mikrotik?

Mikrotik is a company specialized in production of hardware and software related to computer network systems headquartered in Latvia, near Russia. Mikrotik founded in 1995 to develop a system of routers and ISP (Internet Service Provider) network.

Mikrotik was made ​​by MikroTikls a company in the city of Riga, Latvia. Latvia is a country that is a "fraction" of the former Soviet Union or Russia today. Mikrotik originally intended for corporate Internet Service Provider (ISP) serving clients using wireless or wireless technology. Currently MikroTikls provide services to many wireless ISPs for Internet access services in many countries in the world. MikroTik now provides hardware and software for internet connectivity in most countries around the world. Mikrotik hardware products such as RouterBoard, Switch, Antenna, and other supporting devices. While the flagship software product is the MikroTik RouterOS.

Mikrotik has two flagship products namely RouterOS (Software) and RouterBoard (Hardware).

What is Mikrotik RouterOS?

What is Mikrotik RouterBoard?