Proxy mikrotik

Howto to enable Mikrotik RouterOS Web Proxy in Transparent Mode

Web proxy is a service that is placed between a client and the internet for HTTP web surfing. It can cache certain contents / http pages in its local cache. Mikrotik have basic PROXY package builtin called WEB PROXY. It is suitable for basic caching for small to mid size networks.

For advance caching capabilities, Use 3rd party external proxy server like SQUID.

MikroTik WEB.PROXY Recommendation

Always try NOT to use the same storage disk to store your your cache and your your Router OS, to ensure there is always enough space on your router OS Disk for logs, upgrade / update packages & Backups. Therefore It is highly recommended that the web-proxy cache is stored on a physically separate drive (store) other than the Router OS. Placing the cache on a separate drive ensures maximum performance and reduces problems if the disk becomes full or fails as the OS will then still be OK!

Caching Internet access will require a lot of read and writes to the disk, chose fast disk as for maximum performance / concurrent user request support.

Cache performance also largely depends on RAM size, the More RAM you have in your server, the Better performance you will get.

We will divide this article in 3 Sections.

1# Preparing Secondary Partition for Cache 

2# Configuring Web Proxy

3# Transparent Proxy

Let’s BEGIN . . .

1# Preparing Secondary Drive for CACHE

First we will Format secondary harddrive (to be used for cache ), IF YOU DON’T WANT TO USE SECONDARY HARD-DIVE, SKIP THIS STEP.

Goto SYSTEM > STORES > DISKS

Select the Secondary Hard drive and click on FORMAT DRIVE

As shown in the image below.

.

Now go to STORES tab (by navigating to  SYSTEM > STORES)

Select the WEB-Proxy package and click on COPY

It will ask you where to copy WEB-Proxy package, Select Secondary Drive in TO box.

As shown in the image below.

2# Configuring Web Proxy

Now We have to Enable Mikrotik Web Proxy by navigating to 

IP > WEB PROXY

As shown in the image below.

.

Now Click on “Enable”

in Port, Type 8080

Max Cache Size , Select Unlimited from drop down menu, OR if you have limited Disk Space, then use your desired amount.

You have to specify space in KiloBytes for example 1024 KB = 1MB , so if you want to set 5 GB Cache, then use 5242880 , I am using 5 GB in this example. The cache size is really based off of how much RAM you have in the machine

As shown in the image below . . .

.

Click on Apply and your Mikrotik’s Web Proxy is Ready to be used, But Every client have to set proxy address pointing to Mikrotik IP to be able to use Proxy Service.

3# Transparent Proxy

If we want that every user must be automatically redirected to Proxy transparently, then we have to create additional rule to forcefully redirect users to proxy service, which is called TRANSPARENT PROXY.

.

Goto IP > FIREWALL > NAT and create new rule

In Chain , Select dsntant,

In Protocol, Select 6 (tcp)

In Dst. Port, Type 80

As shown in the image below . . .

.

Now goto Action Tab,

In Action, Select redirct

In To Ports, Type 8080

As shown in the image below . . .

.

Now your newly created rule will look like something below image.

As shown in the image below . . .

OR the CLI version of above rule would be something like below.

Done. Now Mikrotik web proxy will perform as TRANSPARENT PROXY , Every user’s HTTP PORT 80 request will automatically be redirected to Mikrotik built-in Web Proxy.

You can View Proxy Status and other info via going to IP > WEB PROXY > SETTINGS > STATUS  and other tabs in the same window.

As shown in the image below . . .

=========================================

WEB-PROXY Tips ‘N’ Tricks !! by Zaib (December, 2011)

=========================================

.

Howto Send CACHED Contents to user at Full Speed / Ignoring QUEUE Limit for cached-hits marked packets :)

First Mark Cached Contents by MANGLE Rule.

Now Create an Queue Tree which will send cache-hits packets to users at full LAN speed, ignoring the user’s Static OR Dynamic QUEUES

Now Try to download any cacheable content , for example download following file,

http://www.rarlab.com/rar/wrar410b5a.exe

Once Downloaded, Try to download it again from any other computer or via same test pc. You will see the Queues and rules in action, sending cache-hits packets to users at full LAN speed.Remember Mikrotik web proxy is very basic and simple proxy server with not much tweaks and nuts ‘N’ Bolts  to set, So it will cache what it can. For advancements, Use SQUID instead.

As shows in the image below . . .

.

Also you can view the cache contents via going to IP > WEBPROXY > CACHE CONTENTS

As shows in the image below . . .

Howto Block Web Sites by Domain Name

You can block any web site via domain name as shown below.

Howto Block Downloading via File EXTENSION Types

You can block Downloading by file types using following code,

Howto Block OPEN PROXY

Please Make sure You are not running your proxy in OPEN PROXY mode, If so any one cane use your proxy service over the internet, and can use perform any illegal activity and your proxy IP will be logged at remote server, So Block it immediately.

Use the following.

In in-interface , select your WANinterface.

Howto Add LOGO and Edit Proxy Default ERROR Pages

Goto IP > WEB PROXY

Click on RESET HTML

It will ask you that “Current html pages will be lost ! Reset anyway?” CLick on YES

As shown in the image below . . .

,

Now goto FILES and you will see webproxy/error.html ,

As shown in the image below . . .

Just copy this error.html file to your desktop and edit it using your favorite html editor.

(I personally use MS FRONTPAGE 2003 due to its easy and user friendly interface, You can use notepad to edit this file content as its very small and contains basic text only. just don’t mess with the codes, only change the text you want, for example network name support numbers etc. after saving , upload it back to Mikrotiok under web-proxy section.)

Howto Block Web Site for Single User

To block any website for a single user , Use the following …

To block single user and redirect him to your policy page on any loacl web server defining the reason why he is blocked , use the following.

(192.168.2.3 is the web server ip , & 192.168.2.5 is the user ip)

As shown in the image below . . .

                    -------------------------XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX------------------------------

Step by Step installation Guide of a Caching Proxy

Winbox into the Router OS Hardware that you intend to install the webproxy onto, Click on IP \ Web proxy as shown below

• • Click on Settings as shown below

• • Fill in the following details as shown in the picture below

  • Port:-- select 3128 (standard Squid TCP Port) or 8080 (typically used Http proxy server TCP port) however any available port on the Router OS Appliance can be used (provided that the port is not already being used by another process)

  • Host name -- Select a host name that you desire (it is not crucial however it is useful for handing out a dns name such as proxy1.wirelessconnect.eu ... (Remember to update your DNS server with the Proxy IP address before issuing the name to clients

  • Transparent Proxy -- Tick this Box if the Proxy Server is to be Transparent, ie the user will not be required to configure their browser (note additional firewall configuration (redirect rule  will need to be inserted to make this work see bottom of article for more details)

  • Cache Administrator-- Select an Administrative Email-address for receiving feedback on your Proxy Appliance Performance

  • Maximum Object Size -- Select a reasonable size (It should be large enough for most users uses ...e.g Service Pack 2 Download ... Patch CD ISO,) however it should not exceed the Size of the Caching Disk (We Recommend that the Maximum Object Cache be a tiny fraction of the total cache size i.e. Maximum Object Size should << 1% of Caching Disk)

  •  

• Select the correct Drive (secondary-master) as the Cache Drive and then click Format as shown below (Note that Router OS wont Let you format the System Drive)

• • When prompted to confirm the formatting  as shown below

• • While the cache drive is formatting , "formatting harddrive"  will appear on the status bar on the bottom of the dialogue box as shown below

• • After the formatting process is complete the Cache will be created & "Creating Cache" will appear on the status bar at the bottom of the dialogue box as shown below.

• • Select the Maximum RAM Cache Size, this should be no greater than the result of the following formula -- (Total RAM on Proxy Appliance) - 64 MB Ram (For Router OS and Other Router OS Process) in this  example one has an appliance with 1GB of Memory installed and one  wishes to reserve 68 MB of RAM for system use therefore one should set the Maximum RAM Cache Size to 934MB as shown in the image below

• • Next Turn on the Proxy Server by clicking Enable as shown below

• • Once the Proxy Service is running the status bar will show "Running" on the bottom of the dialogue box as shown below

 Mikrotik Related — Tags: aacable mikrotik proxy, block by file types, howto block website in mikrotik proxy, Mikrotik howto block downloading, Mikrotik Proxy, mikrotik transparent proxy, Mikrotik Web Proxy, Web Proxy — Faruque Ahmed