English
+370 5 205 5502 sales@monovm.com

Here we will discuss how to block or allow specific types of URLs by using MikroTik.

06

Mar, 19

Block URL on MikroTik

If you are managing a network and you would like to filter specific web site URL's (such as Facebook or twitter), with MikroTik VPS it is possible to set-up the configurations by following the steps below:

  • At first, add the website name to the list and then make the action to accept or drop the URL. To perform this, open firewall from IP> firewall and then click on “layer7 protocols”.
  • Click on plus icon. In opened small window, type a name for the URL and in Regexp box type the URL expression like ^.+(yourdomain).*$.
    1
  • After adding the sites to the list, you should grant the URLs to have access or not. To do this, return to the first tab “filter rules” and click on “+” icon.
  • Select chain method “forward” and let source address and destination address empty as we want to do this rule for all users connected to the network. Select 6(TCP) from “protocol” drop down list and enter 80 and 443 into port field. Note that you should separate port numbers with a comma(,).
    2
  • Go to advanced tab and select the name of the URL that defined in step 2 from “layer7 protocol” field.
    3
  • Go to the action tab and select action type from “action” field. Select “accept” to allow access to the URL and select “Drop” to deny the access to the URL.
    4

Oliver K

I’m Oliver k. I have MS degree in Computer Engineering. For nearly 5 years that I have been working on web programing and also in last 2 years I have worked on windows and Linux VPS. This is my honor to share my experiences with a new community.

user monovm

Nina

2019, Jun, 19

This design is incredible! You most certainly know how to keep a reader amused. Between your wit and your videos, I was almost moved to start my own blog (well, almost...HaHa!) Fantastic job. I really enjoyed what you had to say, and more than that, how you presented it. Too cool!

user monovm

Oliver K

2020, Jun, 20

Thanks for your attention and your lovely comment on this article. We are trying to make the articles better than before and more user friendly.

user monovm

Chelsea

2019, Jun, 19

Wow that was strange. I just wrote an really long comment but after I clicked submit my comment didn't appear. Grrrr... well I'm not writing all that over again. Anyways, just wanted to say excellent blog!

user monovm

Oliver K

2020, Jun, 20

Thanks for trusting our website and tutorials. It is my honor to share my experiences with users! Thanks again for your attention.

user monovm

barry

2019, Aug, 19

what about other website except facebook and youtube? how to block other websites?

user monovm

Antoniy Yushkevych

2019, Aug, 19

In the first step, enter the name and the domain of the website you wish to block. The remainder of the steps is alike.

user monovm

Ricardo

2019, Oct, 19

I done everything as u said. But facebook still open in my network. Im currently using 3 ISP there's something about it or has nothing to do it with?

user monovm

Oliver K

2020, Jun, 20

Hi dear

You should check other rules in the router firewall and also check the gateway that accesses to the blocked website.

user monovm

Mose

2019, Nov, 19

hello!,I love your writing so a lot! share we keep in touch more approximately your post on AOL? I need an expert in this area to resolve my problem. May be that's you! Having a look forward to see you.

user monovm

Oliver K

2020, Jun, 20

Thanks for trusting our website and tutorials. It is my honor to share my experiences with users! We can help you and other users on our website blog to solve the problem that everyone faces with it.

user monovm

Hildegarde

2019, Nov, 19

of course like your web-site however you have to test the spelling on quite a few of your posts. Many of them are rife with spelling problems and I to find it very troublesome to tell the reality nevertheless I will certainly come back again.

user monovm

Oliver K

2020, Jun, 20

We are so glad to get notification from you about our bugs and try to solve them. Thanks for your attention.

user monovm

foxsportsgo com activate

2019, Dec, 19

What’s up to every one, the contents present at this web page are truly amazing for people experience, well, keep up the nice work fellows.

user monovm

Oliver K

2020, Jun, 20

Thanks for trusting our website and tutorials. It is my honor to share my experiences with users!

user monovm

nbc sports activate

2019, Dec, 19

I just want to tell you that I am all new to weblog and absolutely liked your web site. More than likely I’m likely to bookmark your website . You actually come with superb articles and reviews. Bless you for sharing with us your web-site.

user monovm

nbc sports activate

2019, Dec, 19

I just want to tell you that I am all new to weblog and absolutely liked your web site. More than likely I’m likely to bookmark your website . You actually come with superb articles and reviews. Bless you for sharing with us your web-site.

user monovm

Oliver K

2020, Jun, 20

Thanks a lot! we are trying to update the blog section with new articles.

user monovm

Mark

2019, Dec, 19

Its like you learn my thoughts! You seem to grasp so much approximately this, like you wrote the ebook in it or something. I believe that you just can do with a few % to force the message house a bit, but other than that, that is wonderful blog. A fantastic read. I'll definitely be back.

user monovm

Oliver K

2020, Jun, 20

Thanks for trusting our website and tutorials. It is my honor to share my experiences with users! We are trying to make changes in our tutorials to be near the user's goals. 

user monovm

eridanuspills.com

2020, Jan, 20

A round of applause for your blog.Really thank you! Great.

user monovm

Oliver K

2020, Jun, 20

Thanks for trusting our website and tutorials. It is my honor to share my experiences with users!

user monovm

Nailia Zahra

2020, Apr, 20

Halo, i want to block website using filter rules only i did block dst address when i ping that website in cmd, it showed request timed out but why i still can access that website? please help :(

user monovm

Oliver K

2020, Jun, 20

Hi dear

Maybe it is a problem with definition steps or your router OS not update. Please check them carefully and check your other firewall rules.

user monovm

Tibor

2020, Apr, 20

Hi! Is it possible to block facebook.com (the main page/wall of facebook) but allow subpages, like https://www.facebook.com/mikrotik/ or https://www.facebook.com/groups/mikrotikhu/ ? If yess, how to do it? Thanks.

user monovm

Oliver K

2020, Jun, 20

Hi dear
you can make some changes in the expression ^.+(yourdomain).*$ to block subpages.

user monovm

John

2020, Sep, 20

Hi. I have tried this solution for Facebook,but it seems that it does not work. Facebook page and app shown fine to the users! Has something change and the guide needs an update?

user monovm

Oliver K

2020, Sep, 20

Hi Dear!
maybe the problem in the expression defined. You can see more examples from the below link:
Layer7 expression

user monovm

Wynand

2020, Oct, 20

Remember to remove the brackets in the example. The regexp will look like "^.+facebook.*$" Also, while this will work, its a bad implementation that will overload your mikrotik routers CPU. Instead, you can use the following commands replacing NAME with the website name you want to block. /ip firewall layer7-protocol add name=NAME regexp="^.+NAME.*\$" /ip firewall mangle add action=mark-connection chain=prerouting comment="NAME con mark" connection-mark=no-mark dst-port=53 layer7-protocol=NAME new-connection-mark=NAME_conn passthrough=yes protocol=udp add action=mark-packet chain=prerouting comment="NAME pack mark" connection-mark=NAME_conn new-packet-mark=NAME_packet passthrough=no /ip firewall filter add action=drop chain=forward comment="NAME con drop" layer7-protocol=NAME packet-mark=NAME_packet add action=drop chain=input comment="NAME con drop2" layer7-protocol=NAME packet-mark=NAME_packet This will only check DNS requests to the domains containing the NAME specified and on the condition that they haven't already been checked. Apps might not be blocked by this. Also remember to flush your routers DNS cache after running the command and you might also want to do the same for devices. Browsers might need their cache cleared as well. /ip dns cache flush On windows, open CMD and run: "ipconfig /flushdns"