We can use the web proxy option to redirect pages and for it to do the redirection, we must create a NAT rule with redirect action, where all traffic destined for port 80 is redirected to the web port proxy. But mikrotik web proxy only works with HTTP.
To redirect all banned domains to another page on MikroTik, you can use the firewall together with an internal web server that hosts the page you want to redirect to. This process involves identifying and blocking access to banned websites and then redirecting those access attempts to a specific page. Here I show you how to do it step by step:
Step 1: Configure an Internal Web Server
First, you need to have a web server on your network that hosts the page you want to redirect users to when they try to access a banned domain. This page could be a simple HTML page that informs the user that the site they are trying to access is blocked or prohibited.
Step 2: Identify Banned Domains
Use MikroTik firewall rules to identify traffic to prohibited domains. This can be done by creating an Address List containing the domains or by using Layer 7 Protocols to detect patterns in domain names.
Create an Address List for Banned Domains
/ip firewall address-list
add address=www.dominio1.com list=SitiosProhibidos
add address=www.dominio2.com list=SitiosProhibidos
Or use Layer 7 Protocol to Detect Domain Name Patterns
/ip firewall layer7-protocol
add name=SitiosProhibidos regexp="dominio1.com|dominio2.com"
Step 3: Block and Redirect Traffic
Once traffic to banned domains is identified, you can configure a firewall rule to redirect those access attempts to your internal web server.
Configure Firewall Rule for Redirection
/ip firewall nat
add action=dst-nat chain=dstnat dst-port=80 layer7-protocol=SitiosProhibidos protocol=tcp to-addresses=192.168.1.100 to-ports=80
In this example, 192.168.1.100
is the IP address of your internal web server hosting the redirect page, and 80
is the standard port for HTTP traffic. Make sure to adjust these values according to your configuration.
Step 4: Configure the Redirect Page
On your internal web server, configure the specific page you want to redirect users to. This could be as simple as a static HTML page that informs the user about the Internet usage policy and why the requested site is blocked.
Important considerations
- HTTPS and Limitations: This method has limitations, especially with HTTPS sites, as encrypted traffic cannot be easily inspected by MikroTik without additional configurations such as a transparent HTTP/HTTPS proxy, which involves TLS/SSL interception and important privacy and security considerations.
- Block List Maintenance: The effectiveness of this solution depends on keeping the list of banned domains or Layer 7 patterns up to date.
Implementing banned domain redirection requires a balance between controlling access to unwanted content and respecting user privacy as well as legal considerations. Ensure that any content filtering policies implemented are in line with acceptable use policies and local regulations.
There are no tags for this post.
2 comments on “How can you redirect all banned domains to another page in MikroTik?”
With a PIHOLE server that you have to configure as a DNS domain server
It is a very good suggestion to use a Pi-hole server as a DNS server to block web pages since you would only need to list the web pages that need to be blocked and some of them block advertising on both web pages and applications; In addition, the server configuration interface is via the web, being quite friendly.