Saturday, September 5, 2020

Mikrotik Block Website Layer 7

There are many ways to block a specific website in RouterOS. We can use content based rules, proxy servers, hotspots, or using the layer-7 protocol for denying access to a specific website. Most of the filtering rules works based on IP address. But the layer-7 protocol is a little bit different. It works on OSI layer-7 and that's why it search a specific data pattern in the data stream or TCP/UDP streams, which is originated or passthrough the router. Whenever a specific pattern is matched by the given criteria then take action based on filter rules. Today, we will discuss, how to block a website by using layer-7 protocol rules.

The layer-7 protocol uses Perl regular expression (Regex) to match any keyword. Here, we will discuss how to write this Perl regular expression.


If we want to block the "Youtube" website then, our regex value will be:-


^.+(ytstatic.l.google.com|youtube-ui.l.google.com|youtubei.googleapis.com|youtube.googleapis.com|youtube.com|www.youtube.com|m.youtube.|.m.youtube.|ytimg.com|s.ytimg.com|ytimg.l.google.com|youtube.l.google.com|i.google.com|googlevideo.com|youtu.be|youtube-nocookie.com).*$



If we want to block the "Facebook" website then our regex value will be:-


^.+(www.facebook.com|facebook.com|login.facebook.com|www.login.facebook.com|fbcdn.net|www.fbcdn.net|fbcdn.com|www.fbcdn.com|static.ak.fbcdn.net|static.ak.connect.facebook.com|connect.facebook.net|www.connect.facebook.net|apps.facebook.com|m.facebook.com|fbsbx.com).*$


If we want to block the "Tiktok" website then, our regex value will be:-

^.+(myqcloud.com|wsdvs.com|worldfcdn.com|footprint.net|byteoversea.|ibyteimg.|.ibyteimg|ibyteimg.com|musemuse.cn|muscdn.com|.byteoversea|byted.org|bytecdn.cn|byteoversea.com|.musical|musical.|musical.ly|tiktokcdn.com|tiktokv.com|tiktokcdn.com|.tiktokv|tiktokv.|tiktokcdn-com|.akamaized|akamaized.net|akamaized.|tiktok.com|www.tiktok.com|m.tiktok.com|tiktok.|tiktok|.zhiliaoapp|.musically|zhiliaoapp.|musically.).*$



If we want to block the "Snapchat" website then, our regex value will be:-


^.+(feelinsonice.appspot.com|appspot.l.google.com|data.flurry.com|appspot.com|.appspot|appspot.|feelinsonice-hrd.appspot.com|data.flurry.com|snapchat.com|snap.net|www.snapchat.com|www.feelinsonice.com|feelinsonice.com|www.snap.net|.snap.net.).*$



If we want to block the "Instagram" website then, our regex value will be:-


^.+(instagram.com|cdninstagram.com|.cdninstagram.com|.instagram.com|instagram.|.instagram|.cdninstagram|cdninstagram.).*$



If we want to block the "Netflix." website then, our regex value will be:-


^.+(netflix.com|netflix.net|nflxext.com|nflximg.com|nflximg.net|nflxso.net|nflxvideo.net|.netflix.).*$


If we want to block the "Twitter" website then, our regex value will be:-


^.+(.twitter.|ads-twitter.com|twimg.com|twitter.com|twttr.com|twimg.com.akahost.net|twitter.map.fastly.net).*$



If we want to block the "Whatsapp" website then, our regex value will be:-


^.+(whatsapp.com|whatsapp.net|.whatsapp.|.whatsapp).*$




If the pattern is matched by the layer-7 protocol, then action would be taken as that rules.


Now, the whole thing will be shown by a screenshot. We will do this using "Winbox".

At first log on your router via winbox and go to "IP" and then "Firewall".



 Now select the "Layer 7 protocol" tab and then (+) sign to add a new protocol rule.


Now give a descriptive name for the protocol rule in the "name" field and write down the Perl regexp code in the "Regexp" field. In our example, we are going to be blocked "Youtube.com". So, we write "youtube" as a name and copy-paste the code from the above location. Finally, click on "apply" and then click "OK". Just like follows:-


Finished creating our protocol rule. Now we will block this website (youtube.com) using this protocol rule.

Now go to the "Filter Rules" tab into "firewall" and add a new rule. Select "forward" from the "Chain" field and type your network address or specific host address into "Src. Address" field.


Now select the "Advanced" tab and select layer-7 protocol which we have created. That is "youtube" 


Now go to the "Action" tab and select "drop" from the "Action" field. Click apply and then click ok.


All work is done. "Youtube.com" will be blocked now.

If you have multiple firewall rules or access rules configured then please make sure you have placed this rule in the right sequence. If you are not sure about that, then place this rule at the top of all of your firewall rules. Just drag it on the up way and drop it at the first position and make sure the rule sequence number is "0". Just like below.


Thank you

No comments:

Post a Comment