Saturday, November 5, 2011

Mikrotik : How to Block Facebook - Youtube and Other sites using L7 (Layer7)

Below i will show you how to block facebook and youtube sites using Mikrotik L7 Protocols (Layer 7). here i use RouterBoardOS RB1100.

STEP 1:
you have to create new Regexp rule at Layer7 Protocols by Press , and name it as "DENIED" (withoue quote), see details below:

You can Copy & Paste the code above at below:
^.+(facebook.com|youtube).*$

STEP 2:
Now create Filter Rules, as follow:
At General Tabs for Chain, Please Choose : Foward

At Advanced tabs, select 'DENIED' (rule that you have create at step 1) for Layer7 Protocols

Choose Action 'DROP' 
And At last, your Filter rule to block facebook and youtube should have effected to your network.
try to access facebook & youtube, and you will see that the two sites will not able to access.

this can be see from the filter rule you have created, it will catch the bytes for denied sites in your network.


at

8 comments:

  1. GogoMKDApril 3, 2012 at 5:04 AM

    That blocks other pages too, who are not facebook. can you give some advice?

    ReplyDelete
  2. UnknownDecember 21, 2012 at 1:11 PM

    Hi Atom, I have a huge question :) I use this configuration but now I have to give acces to some users on my lan, I tried New Firewall Rule-> Src Addres (IP Address user) ->Advanced->Layer7-> Facebook (this is my firewall layer 7 name for facebook ) -> Action->Accept, But doesn´t work, could you please give some advice, Thanks

    ReplyDelete
  3. UnknownDecember 21, 2012 at 3:42 PM

    Hi, put first ur line to accept the facebook, and u can do it better if u use mangle rules.

    ReplyDelete
  4. Paco MacSwineyFebruary 13, 2013 at 4:00 PM

    Hello:

    Ive used this rule but for some reason it does not works in Firefox do you have an idea of why this could be happening?

    Regards!

    ReplyDelete
  5. Real Online EarningMay 6, 2013 at 2:24 AM

    You can use this system for Facebook block :

    http://rbgeek.wordpress.com/2012/05/29/how-to-block-facebook-in-mikrotik-using-l7-protocols-layer-7/?contact-form-id=1222&contact-form-sent=9290&_wpnonce=b0cec7d90a#contact-form-1222

    ReplyDelete
  6. UnknownNovember 5, 2013 at 9:34 AM

    Hi Atom,
    Presently my configuration is as follows: Internet>>16port Switch>>Gateway>>Mikrotik>>NetEqualizer2000>> 24port managed switch>>Squid>>CLoud but i am currently experiencing alot of failures on my squid when i try to monitor traffic using the "Tail" commmand.My squid is running on Suse12.x. It works well if i make the squid to be non-transparent it works well but once i make it to be transparent it works for a while then slows to a halt. why i want to use the non-transparent is that i cant go round all my users as they are quite alot!
    i was wondering if you can help me out here as i am at my wits end. i inputd into the mikrotik the following command via CLI in order to make it work but still; add action=dst-nat chain=dstnat disabled=no dst-port=80 protocol=tcp to-addresses=10.5.50.5 to-ports=3128

    I will appreciate it if you can help me out.
    Thanks.

    ReplyDelete
  7. AmitMarch 29, 2016 at 10:36 AM

    Hi I tried Layer 7 blocking , followed all steps which was mentioned above but still I am able to access facebook and youtube. I am using Microtik RB951Ui - 2HnD

    ReplyDelete
  8. UnknownJuly 5, 2016 at 12:15 AM

    i agree with Amit, same things i do but not getting proper output.

    ReplyDelete