Mikrotik Web Proxy Setting for Transparant proxy 1.

first se t web proxy / ip web-proxy set enabled=yes >> to make ip web proxy enable set src-address=0.0.0.0 >> to make source address to access web proxy will allow set port=8080 >> to make port for web proxy set hostname= proxy.war.net.id >> setting for visble hostname web proxy set transparent-proxy=yes >> make transparant proxy enable set parent-proxy=0.0.0.0:0 >> if we used parent proxy x set cache-administrator= support@somethink.org >> make set administrator info suppor t set max-object-size=4096KiB >> maximal object can cacth with the proxy server set cache-drive=system >> where drive position that cache wil be saved set max-cache-size=unlimited >> maximal harddrive we used for cache set max-ram-cache-size=unlimited >> maximal ram we used for cache 2. add nat for redirect port for squid to make transparant /ip firewall nat add chain=dstnat protocol=tcp dst-port=80 action=redirect to-po rts=8080 >> setting can redirect port 80 to 8080 for proxy server /ip firewall nat add chain=dstnat protocol=tcp dst-port=3128 action=redirect toports=8080 >> setting can redirect port 3128 to 8080 for proxy server /ip firewall nat add chain=dstnat protocol=tcp dst-port=8080 action=redirect toports=8080 >> setting can redirect port 8080 to 8080 for proxy server /ip proxy enabled: yes src-address: 0.0.0.0 port: 8080 parent-proxy: 0.0.0.0:0 cache-drive: system cache-administrator: "ASHISH PATEL" max-disk-cache-size: none max-ram-cache-size: none cache-only-on-disk: no maximal-client-connections: 1000 maximal-server-connections: 1000 max-object-size: 512KiB max-fresh-time: 3d Now, Make it Transparent /ip firewall nat chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080 Make sure that your proxy is NOT a Open Proxy /ip firewall filter chain=input in-interface= src-address=0.0.0.0/0 protocol=tcp dst-port=8080 actio n=drop Now for Blocking Websites /ip proxy access dst-host=www.vansol27.com action=deny It will block website http://www.vansol27.com, We can always block the same for different networks by giving src-address. It will block for particular source ad dress. We can also stop downloading files like.mp3, .exe, .dat, .avi, etc. /ip proxy access path=*.exe action=deny path=*.mp3 action=deny path=*.zip action=deny path=*.rar action=deny. Try with this also /ip proxy access dst-host=:mail action=deny This will block all the websites contain word mail in url.

Example: It will block www.hotmail.com, mail.yahoo.com, www.rediffmail.com