Wednesday, December 1, 2021

MikroTik Block HTTP HTTPS

Sometimes it requires disabling the HTTP protocol to enable restrictions on the internet users. In such a scenario, users have connected to the internet but they can't explore any website. They can check their email using any email client program but they can't use the web access feature of their email server.

In this tutorial, we will block the HTTP protocol using our MikroTik router. We know that the HTTP protocol works with TCP ports 80 and 443. The TCP protocol 80 is used to establish a normal connection without any security. That is called HTTP. On the other hand, the TCP protocol 443 is used to establish a secure connection with the server. That is called HTTPS.

In this tutorial, we will block both of them TCP ports using the MikroTik router.

At first, we will block the HTTP protocol that is working with TCP 80 port. Click on the IP menu and navigate to the firewall. Now click on the add button to add a new filter rule.





Select the "Forward" value from the "Chain" field. Then select the "TCP" value in the "Protocol" field. Finally, write the port number (port 80) in the destination port field.



In the "Src. Address" field, we left it blank. This means it will be applicable for all the networks that are available behind the Mikrotik router.



If you want you can specify the specific IP address or the Network address in the "Src. Address" field. If we specify the specific IP address then this rule will be applicable only for the IP address. In the same manner, if we specify any network address then this rule will be applicable only for the network users. Other users or the other networks are out of the scope of this rule.


It is possible to add multiple port numbers in the same rule. We will block the HTTPS port (port 443) also using this same rule. Nothing else has to be changed.




Now we will navigate to the "Action" tab and we will select the "drop" value from the "Action" field.




That's it. From now on, the LAN users have connectivity to the internet but they can't explore any website because the HTTP/HTTPS port will be dropped by this rule.

Using the same manner, we can block any other well-known port or the customized port numbers as our requirements.


No comments:

Post a Comment