How To Block Website on MikroTik [Layer7 protocols]

Here we will discuss how to block website on MikroTik? how to block domain in MikroTik router and how to block social media websites on MikroTik, like Youtube, Facebook, Twitter.

Updated: 14 Dec, 21 by Oliver K 2 Min

If you are managing a network and you would like to filter website domain in MikroTik router (such as Facebook, Youtube,  Twitter, or other social media), it is possible to set up the configurations by following the steps below:

Step 1:  add the website name to the list and then take the action to accept or drop the URL. To perform this, go to

IP> Firewall > “layer7 protocols”.

Step 2: Click on the plus icon. In the opened small window, type a name for the website domain and in the Regexp box type the domain expression like ^.+(yourdomain).*$.

1
Step 3: After adding the sites to the list, you should grant the URLs to have access or not. To do this, return to the first tab “filter rules” and click on “+” icon.

Step 4: Select chain method “forward” and let source address and destination address empty as we want to do this rule for all users connected to the network. Select 6(TCP) from the “protocol” drop-down list and enter 80 and 443 into the port field. Note that you should separate port numbers with a comma(,).

2
Step 5: Go to the Advanced tab and select the name of the URL defined in step 2 from the “layer7 protocol” field.

3
Step 6: Go to the action tab and select action type from the “action” field. Select “accept” to allow access to the URL and select “Drop” to deny access to the URL.

4

Conclusion

With this tutorial, you can easily block websites in Mikrotik, or allow website domains to be accessed on your network. MikroTik Router has many utilities to configure and manage the network, in this article you have found how to block websites in MikroTik router. for example with this tutorial, you can block youtube on the MikroTik server.

People are also reading:

Oliver K

Oliver K

I’m Oliver k. I have MS degree in Computer Engineering. For nearly 5 years that I have been working on web programing and also in last 2 years I have worked on windows and Linux VPS. This is my honor to share my experiences with a new community.

user monovm

Nina

2019, Jun, 19

This design is incredible! You most certainly know how to keep a reader amused. Between your wit and your videos, I was almost moved to start my own blog (well, almost...HaHa!) Fantastic job. I really enjoyed what you had to say, and more than that, how you presented it. Too cool!

user monovm

Oliver K

2020, Jun, 20

Thanks for your attention and your lovely comment on this article. We are trying to make the articles better than before and more user friendly.

user monovm

Chelsea

2019, Jun, 19

Wow that was strange. I just wrote an really long comment but after I clicked submit my comment didn't appear. Grrrr... well I'm not writing all that over again. Anyways, just wanted to say excellent blog!

user monovm

Oliver K

2020, Jun, 20

Thanks for trusting our website and tutorials. It is my honor to share my experiences with users! Thanks again for your attention.

user monovm

barry

2019, Aug, 19

what about other website except facebook and youtube? how to block other websites?

user monovm

Antoniy Yushkevych

2019, Aug, 19

In the first step, enter the name and the domain of the website you wish to block. The remainder of the steps is alike.

user monovm

Ricardo

2019, Oct, 19

I done everything as u said. But facebook still open in my network. Im currently using 3 ISP there's something about it or has nothing to do it with?

user monovm

Oliver K

2020, Jun, 20

Hi dear

You should check other rules in the router firewall and also check the gateway that accesses to the blocked website.

user monovm

Mose

2019, Nov, 19

hello!,I love your writing so a lot! share we keep in touch more approximately your post on AOL? I need an expert in this area to resolve my problem. May be that's you! Having a look forward to see you.

user monovm

Oliver K

2020, Jun, 20

Thanks for trusting our website and tutorials. It is my honor to share my experiences with users! We can help you and other users on our website blog to solve the problem that everyone faces with it.

user monovm

Hildegarde

2019, Nov, 19

of course like your web-site however you have to test the spelling on quite a few of your posts. Many of them are rife with spelling problems and I to find it very troublesome to tell the reality nevertheless I will certainly come back again.

user monovm

Oliver K

2020, Jun, 20

We are so glad to get notification from you about our bugs and try to solve them. Thanks for your attention.

user monovm

foxsportsgo com activate

2019, Dec, 19

What’s up to every one, the contents present at this web page are truly amazing for people experience, well, keep up the nice work fellows.

user monovm

Oliver K

2020, Jun, 20

Thanks for trusting our website and tutorials. It is my honor to share my experiences with users!

user monovm

nbc sports activate

2019, Dec, 19

I just want to tell you that I am all new to weblog and absolutely liked your web site. More than likely I’m likely to bookmark your website . You actually come with superb articles and reviews. Bless you for sharing with us your web-site.

user monovm

nbc sports activate

2019, Dec, 19

I just want to tell you that I am all new to weblog and absolutely liked your web site. More than likely I’m likely to bookmark your website . You actually come with superb articles and reviews. Bless you for sharing with us your web-site.

user monovm

Oliver K

2020, Jun, 20

Thanks a lot! we are trying to update the blog section with new articles.

user monovm

Mark

2019, Dec, 19

Its like you learn my thoughts! You seem to grasp so much approximately this, like you wrote the ebook in it or something. I believe that you just can do with a few % to force the message house a bit, but other than that, that is wonderful blog. A fantastic read. I'll definitely be back.

user monovm

Oliver K

2020, Jun, 20

Thanks for trusting our website and tutorials. It is my honor to share my experiences with users! We are trying to make changes in our tutorials to be near the user's goals. 

user monovm

eridanuspills.com

2020, Jan, 20

A round of applause for your blog.Really thank you! Great.

user monovm

Oliver K

2020, Jun, 20

Thanks for trusting our website and tutorials. It is my honor to share my experiences with users!

user monovm

Nailia Zahra

2020, Apr, 20

Halo, i want to block website using filter rules only i did block dst address when i ping that website in cmd, it showed request timed out but why i still can access that website? please help :(

user monovm

Oliver K

2020, Jun, 20

Hi dear

Maybe it is a problem with definition steps or your router OS not update. Please check them carefully and check your other firewall rules.

user monovm

Tibor

2020, Apr, 20

Hi! Is it possible to block facebook.com (the main page/wall of facebook) but allow subpages, like https://www.facebook.com/mikrotik/ or https://www.facebook.com/groups/mikrotikhu/ ? If yess, how to do it? Thanks.

user monovm

Oliver K

2020, Jun, 20

Hi dear
you can make some changes in the expression ^.+(yourdomain).*$ to block subpages.

user monovm

John

2020, Sep, 20

Hi. I have tried this solution for Facebook,but it seems that it does not work. Facebook page and app shown fine to the users! Has something change and the guide needs an update?

user monovm

Oliver K

2020, Sep, 20

Hi Dear!
maybe the problem in the expression defined. You can see more examples from the below link:
Layer7 expression

user monovm

Wynand

2020, Oct, 20

Remember to remove the brackets in the example. The regexp will look like "^.+facebook.*$" Also, while this will work, its a bad implementation that will overload your mikrotik routers CPU. Instead, you can use the following commands replacing NAME with the website name you want to block. /ip firewall layer7-protocol add name=NAME regexp="^.+NAME.*\$" /ip firewall mangle add action=mark-connection chain=prerouting comment="NAME con mark" connection-mark=no-mark dst-port=53 layer7-protocol=NAME new-connection-mark=NAME_conn passthrough=yes protocol=udp add action=mark-packet chain=prerouting comment="NAME pack mark" connection-mark=NAME_conn new-packet-mark=NAME_packet passthrough=no /ip firewall filter add action=drop chain=forward comment="NAME con drop" layer7-protocol=NAME packet-mark=NAME_packet add action=drop chain=input comment="NAME con drop2" layer7-protocol=NAME packet-mark=NAME_packet This will only check DNS requests to the domains containing the NAME specified and on the condition that they haven't already been checked. Apps might not be blocked by this. Also remember to flush your routers DNS cache after running the command and you might also want to do the same for devices. Browsers might need their cache cleared as well. /ip dns cache flush On windows, open CMD and run: "ipconfig /flushdns"

user monovm

Kevin Frost

2021, Mar, 21

Doesn't work, no matter what I tried.

user monovm

shakeel

2021, May, 21

HELLO , i have an cache center for http but i see much https request too how would i stop https request to my server?

user monovm

Fasih Ali

2022, Jan, 22

Hello I have RB3011 router I want to block different URLs but still not. I have been done all the given methods and criteria but in my network not working I have on my domain system. Kindly help Thank you

user monovm

Eileen Hartmann

2024, Aug, 24

This is a super detailed and straightforward guide for managing site access on MikroTik routers. I appreciate how you've broken down the steps into manageable chunks, making it accessible even for those who might not be highly tech-savvy. Blocking or allowing site access can really help manage bandwidth and improve productivity. Definitely going to bookmark this for future reference. Thanks for sharing!