Syed Jahanzaib Personnel Blog to Share Knowledge !

December 29, 2011

Howto to enable Mikrotik RouterOS Web Proxy in Transparent Mode


Web proxy is a service that is placed between a client and the internet for HTTP web surfing. It can cache certain contents / http pages in its local cache. Mikrotik have basic PROXY package builtin called WEB PROXY. It is suitable for basic caching for small to mid size networks.

For advance caching capabilities, Use 3rd party external proxy server like SQUID.

MikroTik WEB.PROXY Recommendation

Always try NOT to use the same storage disk to store your your cache and your your Router OS, to ensure there is always enough space on your router OS Disk for logs, upgrade / update packages & Backups. Therefore It is highly recommended that the web-proxy cache is stored on a physically separate drive (store) other than the Router OS. Placing the cache on a separate drive ensures maximum performance and reduces problems if the disk becomes full or fails as the OS will then still be OK!

Caching Internet access will require a lot of read and writes to the disk, chose fast disk as for maximum performance / concurrent user request support.

Cache performance also largely depends on RAM size, the More RAM you have in your server, the Better performance you will get.

We will divide this article in 3 Sections.

1# Preparing Secondary Partition for Cache
2# Configuring Web Proxy
3# Transparent Proxy

Let’s BEGIN . . .

1# Preparing Secondary Drive for CACHE

First we will Format secondary harddrive (to be used for cache ), IF YOU DON’T WANT TO USE SECONDARY HARD-DIVE, SKIP THIS STEP.

Goto SYSTEM > STORES > DISKS

Select the Secondary Hard drive and click on FORMAT DRIVE

As shown in the image below.


.

Now go to STORES tab (by navigating to  SYSTEM > STORES)

Select the WEB-Proxy package and click on COPY

It will ask you where to copy WEB-Proxy package, Select Secondary Drive in TO box.

As shown in the image below.


2# Configuring Web Proxy

Now We have to Enable Mikrotik Web Proxy by navigating to
IP > WEB PROXY

As shown in the image below.

.

Now Click on “Enable”

in Port, Type 8080

Max Cache Size , Select Unlimited from drop down menu, OR if you have limited Disk Space, then use your desired amount.
You have to specify space in KiloBytes for example 1024 KB = 1MB , so if you want to set 5 GB Cache, then use 5242880 , I am using 5 GB in this example. The cache size is really based off of how much RAM you have in the machine
As shown in the image below . . .

.

Click on Apply and your Mikrotik’s Web Proxy is Ready to be used, But Every client have to set proxy address pointing to Mikrotik IP to be able to use Proxy Service.

3# Transparent Proxy

If we want that every user must be automatically redirected to Proxy transparently, then we have to create additional rule to forcefully redirect users to proxy service, which is called TRANSPARENT PROXY.

.

Goto IP > FIREWALL > NAT and create new rule
In Chain , Select dsntant,
In Protocol, Select 6 (tcp)
In Dst. Port, Type 80


As shown in the image below
. . .

.

Now goto Action Tab,
In Action, Select redirct
In To Ports, Type 8080
As shown in the image below . . .

.

Now your newly created rule will look like something below image.
As shown in the image below
. . .

OR the CLI version of above rule would be something like below.

/ip firewall nat add action=redirect chain=dstnat disabled=no dst-port=80 protocol=tcp to-ports=8080

Done. Now Mikrotik web proxy will perform as TRANSPARENT PROXY , Every user’s HTTP PORT 80 request will automatically be redirected to Mikrotik built-in Web Proxy.

You can View Proxy Status and other info via going to IP > WEB PROXY > SETTINGS > STATUS  and other tabs in the same window.

As shown in the image below . . .

=========================================
WEB-PROXY Tips ‘N’ Tricks !! by Zaib (December, 2011)
=========================================

.

Howto Send CACHED Contents to user at Full Speed / Ignoring QUEUE Limit for cached-hits marked packets :)

First Mark Cached Contents by MANGLE Rule.

/ip firewall mangle
add action=mark-packet chain=output comment="CACHE HIT/Zaib" disabled=no dscp=4 \
new-packet-mark=cache-hits passthrough=no

Now Create an Queue Tree which will send cache-hits packets to users at full LAN speed, ignoring the user’s Static OR Dynamic QUEUES

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="Unlimited Speed for CACHE by zaib" packet-mark=cache-hits \
parent=global-out priority=8 queue=default

Now Try to download any cacheable content , for example download following file,

http://www.rarlab.com/rar/wrar410b5a.exe

Once Downloaded, Try to download it again from any other computer or via same test pc. You will see the Queues and rules in action, sending cache-hits packets to users at full LAN speed.Remember Mikrotik web proxy is very basic and simple proxy server with not much tweaks and nuts ‘N’ Bolts  to set, So it will cache what it can. For advancements, Use SQUID instead.

As shows in the image below . . .

.
Also you can view the cache contents via going to IP > WEBPROXY > CACHE CONTENTS
As shows in the image below . . .

Howto Block Web Sites by Domain Name

You can block any web site via domain name as shown below.

/ip proxy access add action=deny disabled=no dst-host=yahoo.com
/ip proxy access add action=deny disabled=no dst-host=www.yahoo.com

Howto Block Downloading via File EXTENSION Types

You can block Downloading by file types using following code,

/ip proxy access add path=*.mp3 action=deny

Howto Block OPEN PROXY

Please Make sure You are not running your proxy in OPEN PROXY mode, If so any one cane use your proxy service over the internet, and can use perform any illegal activity and your proxy IP will be logged at remote server, So Block it immediately.
Use the following.

/ip firewall filter
add action=drop chain=input comment="Block Open PROXY :) Zaib" disabled=no dst-port=8080 in-interface=wan protocol=tcp  src-address=0.0.0.0/0

In in-interface , select your WANinterface.

Howto Add LOGO and Edit Proxy Default ERROR Pages

Goto IP > WEB PROXY
Click on RESET HTML
It will ask you that “Current html pages will be lost ! Reset anyway?” CLick on YES
As shown in the image below . . .

,
Now goto FILES and you will see webproxy/error.html ,
As shown in the image below . . .

Just copy this error.html file to your desktop and edit it using your favorite html editor.
(I personally use MS FRONTPAGE 2003 due to its easy and user friendly interface, You can use notepad to edit this file content as its very small and contains basic text only. just don’t mess with the codes, only change the text you want, for example network name support numbers etc. after saving , upload it back to Mikrotiok under web-proxy section.)

Howto Block Web Site for Single User

To block any website for a single user , Use the following …

/ip proxy access
add action=deny comment="Block yahoo for single user" disabled=no dst-host=www.yahoo.com src-address=192.168.2.5
(192.168.2.5 is the user ip)

To block single user and redirect him to your policy page on any loacl web server defining the reason why he is blocked , use the following.

/ip proxy access
add action=deny comment="Block yahoo for single user" disabled=no dst-host=www.yahoo.com redirect-to=192.168.2.3/policy/deny.htm src-address=192.168.2.5

(192.168.2.3 is the web server ip , & 192.168.2.5 is the user ip)

As shown in the image below . . .

.

.

Regard’s
SYED JAHANZAIB

About these ads

201 Comments »

  1. thanks alot brother.
    plz also tell us that how can we configure squid.

    May GOD give you long LIFE

    Comment by Suleman — December 30, 2011 @ 2:12 AM

  2. Thank you very much Jahanzaib bhai! Nice sharing :-)

    Comment by faizan — December 30, 2011 @ 4:47 PM

  3. Someone noticed increased ping when using the proxy in this way? (in spanish: Alguien a notado el Gran aumento de ping al usar el proxy de mikrotik)

    conduct a speedtest (example. http://speedtest.net/) without proxy, and then the active proxy

    Comment by Osvaldo Riquelme Flores — December 30, 2011 @ 6:44 PM

    • Didn’t felt any difference with or without proxy.

      Comment by Pinochio~:) — December 30, 2011 @ 8:58 PM

      • In the navigation is not noticeable difference, but do a speed test online with the proxy on and see the value of ping

        Comment by Osvaldo Riquelme Flores — December 31, 2011 @ 12:56 AM

  4. Thanks

    Comment by yagob — December 30, 2011 @ 9:24 PM

  5. Thank’s…

    Comment by awanbiru — December 31, 2011 @ 6:56 AM

  6. thanks sir agar ham sapered server bana chahe wo kase banay ge or mikrotik ke sath Configuring kase kare gay plz next time step by step baty shukria

    Comment by imtiaz — December 31, 2011 @ 5:11 PM

  7. Great site, and great article! You would be a great consultant. But to become a consultant, you need to attend some trainings. Maybe you should look into this, it’s a nice business opportunity.

    Comment by N.R. — January 2, 2012 @ 2:20 PM

    • Dear Normis, Its good to hear from you.
      You are right about ‘Proper Certification’ But the problem is this that the Mikrotik related courses are not offered in our country (Pakistan). So its financially hard for me to get the training by visiting abroad just for the certification :)

      Comment by Syed Jahanzaib / Pinochio~:) — January 3, 2012 @ 11:21 AM

  8. Assalam – o – walelekom

    bhai multi wan key saat web proxy work nahi kar rahi hai……………..kya aap meri help kar saktey hain……….

    waqar hussain

    from ; karachi

    Comment by waqar — January 3, 2012 @ 3:58 AM

    • In my opinion it is Much more easier to just add an external proxy box Either Squid or ISA, SQUID always works better also its open source and highly customizable. Trying to integrate Mikrotik builtin WebProxy with PCC becomes too complicated to troubleshoot.

      If you want to try it, the general idea is to replicate all the PCC set up for the ‘output’ chain. PCC as you have it runs in ‘prerouting’, which never sees packets generated by the router. When you use a proxy all web traffic is split into two connections – one from client to router (proxy), the other from the proxy (router) to the Internet. You have to PCC balance those connections. At the same time you have to be careful not to match any other traffic sent from the router (replies to SSH, Winbox, DNS, whatever other services you have running), and you have to be careful to not match traffic during normal PCC that will be redirected to the proxy. Routing marks override everything.

      I would keep it simple and easy to troubleshoot and just build a Squid proxy and mark all http traffic and route it to squid box.

      Comment by Syed Jahanzaib / Pinochio~:) — January 3, 2012 @ 11:18 AM

  9. love this website………..!

    Comment by waqar — January 4, 2012 @ 6:47 PM

  10. Thanks sir……..!

    sir……..pcc load balance main jo aap ney ip route …….ki skript di hain,,,, un main ye 3 skript ip route main blue highlight main show ho rahi hai …….! sir kya ye koi problem hai ……….? plz solve this….;;;;;;;;;;;

    add check-gateway=ping comment=”” disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=30 target-scope=10
    add check-gateway=ping comment=”” disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.3.1 scope=30 target-scope=10
    add check-gateway=ping comment=”” disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.4.1 scope=30 target-scope=10

    ALLAH aap ko ja jaza e khair dey………

    Comment by waqar hussain — January 5, 2012 @ 4:34 AM

    • It means either the route is not in use or is inactive. If the LB is working fine, you can ignore it safely.

      Comment by Syed Jahanzaib / Pinochio~:) — January 5, 2012 @ 10:42 AM

      • Assalam o Alekom
        sir LB is work fine but sir……so many problem of “browsing”
        how can i solve this problem……….?

        JAZAKALLAH……….!

        Comment by waqar hussain — January 6, 2012 @ 6:17 AM

      • Try different classifier.
        For example src-address

        Comment by Syed Jahanzaib / Pinochio~:) — January 6, 2012 @ 10:51 AM

  11. Assalam o Alekom

    sorry…….! sir i can’t understand …….what you say…….plz send me script…..thanks

    JAZAKALLAH………!

    Comment by waqar hussain — January 6, 2012 @ 4:01 PM

  12. Asalaam o Alekom

    sir……. we have a 6 dsl line on mikrotik 3.x with pcc LB …..its working on manual user ip/mac bond but sir……….. browsing so lose.
    squid proxy server ………solve this problem…? if squid proxy server sove it…..! so how to creat….?
    Because i have no experience of squid proxy server, which is the cd,which machine……and how to attached
    with mikrotik 3.x with 6 dsl pcc LB Machine.
    plz sir …….help me about this problem.

    ALLAH aap ko JAZA-E-KHAIR dey.

    Comment by waqar hussain — January 9, 2012 @ 3:43 AM

  13. hello sir,
    thanks for your guide it was wonderful and concise to what i need concerning the transaprent proxy in mikrotik.

    I want your help on the user manager new version. I mean from ver 4 and above, issues about creating new users, limitations and profiles. I need at least a detailed instructions on how to achieve them and how to create some users who will browse based on time band, like a user named=data, who wants to browse from 18:00 till 6:00, and another from 6:00am – 18:00 for one month.

    Comment by Dunga — January 11, 2012 @ 5:20 PM

  14. a/salam sir many ap say yhe pochna hn k fullspeed ma cache send nai ho rhen hn kya karn???? kya wajha ha???

    Comment by waqar — January 15, 2012 @ 8:34 PM

    • This article explains pretty much clear on howto create rules , make sure you understand the logic before just copy pasting them.

      Comment by Syed Jahanzaib / Pinochio~:) — January 15, 2012 @ 11:23 PM

  15. Assalaam o Alekom
    sir………how to edit web proxy error.html file, i found this error

    $(if error)

    While trying to retrieve the URL $(url):

    * $(error)

    $(endif)

    Your cache administrator is $(admin). $(signature)

    i can’t edit this file…..plz help about this problem, can this file create any problem for webproxy?

    Thanks!

    Comment by M,Salman — January 16, 2012 @ 5:12 AM

  16. i want to block a website for a ip …. how i will do that.. please answer it

    Comment by Sazal Ahmed — January 16, 2012 @ 11:03 AM

    • To block any website for a single user , Use the following …

      /ip proxy access
      add action=deny comment=”Block yahoo for single user” disabled=no dst-host=www.yahoo.com src-address=192.168.2.5
      (192.168.2.5 is the user ip)

      To block single user and redirect him to your policy page on any loacl web server defining the reason why he is blocked , use the following.

      /ip proxy access
      add action=deny comment=”Block yahoo for single user” disabled=no dst-host=www.yahoo.com redirect-to=192.168.2.3/policy/deny.htm src-address=192.168.2.5

      (192.168.2.3 is the web server ip , & 192.168.2.5 is the user ip)

      Comment by Syed Jahanzaib / Pinochio~:) — January 16, 2012 @ 11:13 AM

  17. sir ,,,,,,,,,,,,,,,i open it notepad

    ERROR: $(status)
    ERROR: $(status)

    $(if error)
    While trying to retrieve the URL $(url):
    $(error)
    $(endif)
    Your cache administrator is $(admin).
    $(signature)

    do where i change ……….text. Thanks

    Comment by M,Salman — January 17, 2012 @ 4:15 AM

  18. Assalaam o Alekom..

    sir,,,,,,,,,,,,if i don’t edit this file …..so can it creat any kind of problem in mikrotik?

    Thanks….!

    Comment by M,Salman — January 19, 2012 @ 4:28 AM

    • You actually don’t need to edit this file. Leave it as it is and it won’t create any problem.

      This file contains codes and error text that displays when proxy cannot find any page or found any error and displays it on user screen.

      Comment by Syed Jahanzaib / Pinochio~:) — January 19, 2012 @ 11:11 AM

  19. is it work in demo ver

    Comment by santonu — January 19, 2012 @ 2:04 PM

  20. when i download windows internet explore and Firefox than mikrotik cache file but when i use any download manager than its not working. any solution’s ??

    Comment by santonu — January 21, 2012 @ 11:34 AM

  21. assalam o alaikum,

    bhai 3.30 (proxy with hotspot) cache content delete hojate hain, after restart.

    any solution.

    regards,
    @z@m

    Comment by muhammad azam — January 29, 2012 @ 8:36 PM

    • Are you storing cache on DISK ? How you have configured store ?

      Comment by Syed Jahanzaib / Pinochio~:) — January 29, 2012 @ 9:30 PM

      • i m using 3.30 and store cache in system HDD 120Gb with 1gb ram.
        after restart cache-content deleted..
        any solution.

        @z@m

        Comment by crownwireless — January 31, 2012 @ 1:21 PM

      • Try removing old webproxy store and create new one

        Also Upgrade to new version. This way you will be safe from older versions bugs.

        Comment by Syed Jahanzaib / Pinochio~:) — January 31, 2012 @ 2:40 PM

  22. dapatkah proxy internal mikrotik dioptimalkan untuk cache youtube?…bagaimana caranya
    thnk

    Comment by akunk — January 29, 2012 @ 9:21 PM

  23. Can an internal proxy mikrotik cache optimized for youtube? … how can

    Comment by akunk — January 29, 2012 @ 9:22 PM

  24. Thanks sir for your reply

    how i will binding ip with a mac , that user can not change their ip . usually it can say 1 ip 1 mac .

    Comment by sazalach — January 31, 2012 @ 2:05 PM

    • To bind user id with mac, you can do it in few ways.
      #
      https://aacable.wordpress.com/2012/01/05/mikrotik-limiting-user-access-via-dhcp-via-32-forcing-users-to-use-your-dhcp-server-only/
      Now create static entries in DHCP for your working user and allow only specific working ip series in NAT rule.
      If user manually changes his ip he will not be able to communicate with teh mikrotik.

      #
      Or create a rule which drop every request, move it to bottom end, and create rules to allow specific mac n ip and move this rule to top.

      There are so many ways you can limit user access ,
      However limiting via MAC/IP is not secure, as cloning mac and ip is very easy nowa days.
      Its would be better if you use user id base authentication like PPPoE (ipless scenario) which is very effective way to secure the access.

      Comment by Syed Jahanzaib / Pinochio~:) — January 31, 2012 @ 2:39 PM

  25. Thanks sir for your reply

    But i only use it in ip system….that user connect by ip …not dhcp way…

    in arp i add a ip and his mac …. then i go to interface (that you u show it ) where i set arp=reply-only ..then my user line is down… how i will solve it… please say it

    Comment by Sazal Ahmed — February 1, 2012 @ 9:11 AM

  26. Using Mikrotik 3.3 but i am unable to get the stores option in my winbox. I have already attached secondary hardrive. Is there any command to activate stores or second hardisk ?

    Comment by Ammar Shareef — February 1, 2012 @ 11:46 PM

  27. thanks

    Comment by obaid — February 3, 2012 @ 12:47 PM

  28. kya sir jo downloading ki file jini mb ki hogi kya wo otni hi mb web proxy ki hard drive man saver kara gi kya bir to server ki hard drive jald bhar jaae gi

    Comment by sheeraz — February 3, 2012 @ 9:05 PM

    • That’s the purpose of proxy server, to cache frequently used objects and downloads, to save bandwidth.

      Use big hard.drives if you want to get some good cache hit ratio. Or limit the max object size so that it may not cache larger files.

      Comment by Syed Jahanzaib / Pinochio~:) — February 4, 2012 @ 9:28 AM

  29. Asalam o alikum
    sir i am doing practical of your ideas an scripts
    really your ideas is very much working

    but i having 1 problem i am using 3.30 version wit pppoe+squid proxy +cache but some time i face lot of problam of
    ( gatewy time out ) please sir give me any idea …

    Comment by yaseen ansari — February 5, 2012 @ 4:31 PM

  30. Asalam o alikum

    sir
    have any idea of youtube video caching in mikrotik .

    Comment by yaseen ansari — February 5, 2012 @ 4:33 PM

    • Mikrotik don’t support youtube caching.
      use squid for this purpose. search this blog and you will find some articles regarding youtube caching.

      Comment by Syed Jahanzaib / Pinochio~:) — February 5, 2012 @ 9:10 PM

  31. salaam sir
    main ne mikrotik pcc loadbalasing ki hai aap ki web site main web brwoseing to sahi hai but jab dhcp clint par webproxy chalata hoo chalti nahi hai dhcp par webroxy nahi chal rahi is ki kia wajha hai

    Comment by mani — February 5, 2012 @ 4:34 PM

  32. Asalam o alikum
    sir

    sir i want to use version 4.17 but it is costly
    have you any idea of craking of 4.17 version and what is it possible ?

    Comment by yaseen ansari — February 5, 2012 @ 4:43 PM

    • Sorry Bro, No support For Cracking :)

      You can get L4 License or L5 which is very cheap , i guess 100 and 150 $ only.

      Comment by Syed Jahanzaib / Pinochio~:) — February 5, 2012 @ 9:04 PM

      • thanks 4 reply sir
        thanks a lot

        kindly tell me sir
        if i purchase l4 license so can i install the 1 or more systems.

        Comment by yaseen ansari — February 6, 2012 @ 12:18 PM

      • The license level binds with HDD , So once the license is installed on your system, you cant use this license somewhere else,
        However you can move this hdd to new system and mikrotik will start working, but you cant use license in more hten one pc.

        Comment by Syed Jahanzaib / Pinochio~:) — February 7, 2012 @ 9:30 AM

  33. Asalam o alikum
    Syed Jahanzaib bhai
    i am facing 1 more prob i am doing practicle you artical no 3 forgot password recovery of 86 version pc
    i have a 1 prob how can i copy user.dat file in usb please give me any example
    which command i use ?

    Comment by yaseen ansari — February 6, 2012 @ 2:34 PM

  34. kya sir mikrotik cache youtube pa bhi kam kara ga or youtube ki file pir buffring nahi kara gi

    Comment by sheeraz — February 6, 2012 @ 9:10 PM

  35. cache sa pir buffring nahi hogi youtube video man

    Comment by sheeraz — February 6, 2012 @ 9:12 PM

  36. sir youtube mikrotik sport kase kara ga wo to sirf downloading sahi kar raha ha or youtube man kam nahi karrha ha kya is ka lya koae setting ha ya alage pc man setting karni para gi kya

    Comment by sheeraz — February 7, 2012 @ 12:53 PM

  37. Asalam o alikum

    i am facing 1 more prob i am doing practicle your artical no 3 forgot password recovery of 86 version pc
    i have a 1 prob how can i copy user.dat file in usb please give me any example
    which command i can use ?

    Comment by m yaseen ansari — February 7, 2012 @ 6:08 PM

  38. cache ki ye settings karne k baad user site pe b proxy dene parte hay . i just want k kisi ko proxy na dene pare . aur automatic cache mein save hota rahe. even mene nat rule b add kiya hay for transparent proxy but. no access to users untill they manually give proxy address and port number.

    Comment by waqar munawar — February 17, 2012 @ 6:55 PM

    • There must be some configuration mistake in your NAT rule, otherwise it can redirect all users http request to ocal web proxy.
      Post your rules.

      Comment by Syed Jahanzaib / Pinochio~:) — February 18, 2012 @ 1:02 PM

  39. Jahanzaib Bhaiee
    Please tell the Method of nth Load balancing for 3 wan.
    Thanks in Advance. You are a great man nad have a great knowledge.

    Comment by Usman — February 18, 2012 @ 9:17 PM

    • nth is a way too old metod for load balancing. Mikrotik introduced mroe reliable method called PCC . Use it and you will have many options to choose from for nice load balancing.

      Comment by Syed Jahanzaib / Pinochio~:) — February 19, 2012 @ 7:38 PM

  40. sir when i applying load balancing the cache is blocked . nat rule is not working then untill i give manually proxy ip and port number on user side. when i disable load balancing or disable per connection classifier command the transparent proxy working well as usual. no need to give ip on user side for proxy and port number . how would i resolve this issue.

    Comment by waqar malik — February 19, 2012 @ 4:00 PM

  41. hello sir would you like to help me, if the web proxy active, i can’t browsing and appear error gateway timeout, how to solve it?

    Comment by bonek bonek persebaya — February 24, 2012 @ 8:18 AM

  42. Asalam O Alikum Jahanzaib bhai.. how r ya… gr8 work mate…:)

    Sir i setup all this webproxy setting and its working but the problem is as you have showed in cache contents,there are .exe files as well, in my web-proxy , the server is only making cache for .jpg , .png files..

    is there any settings for defining it what to cache and what not ??

    Jazaak`Allah for your Assistance..

    Gr8 work!!

    Comment by Zee — March 7, 2012 @ 12:59 PM

    • As I mentioned in the article that mikroitk web proxy is a very basic cache server, it doesn’t have much to configure. Any caceable content gets cached by default. You can’t exclude or include any thing.
      It depends on the max object size.
      inspect your web proxy config.
      Also some times, downloads via Download Manager doesn’t goes in cache, Make sure the content your are downloading is cacheable and its downloading via browser. (For test purposE)

      Comment by Syed Jahanzaib / Pinochio~:) — March 7, 2012 @ 2:26 PM

      • Thank you so much for your response… i`m going to try it now without download manager and will let you know the results Insha`Allah!!

        one more thing Jahanzaib bhai, yesterday when i did all the proxy setup, it worked simply fine.. i checked cached contents and status… cache system was running and working. but after power failure when the mik start again, everything was the same but internet is been down on the network.. i checked everything but hopeless.. until when i shut down the proxy n rebooted Mik, what possibly could b the issue,,??

        Jazaak`Allah for your Help and Assistance..!!

        Comment by Zee — March 8, 2012 @ 12:21 PM

      • and ya i read that its very basic cache server, but switching to squid is very hard as i know nothing about it and have a completely different system to mess with :(

        Comment by Zee — March 8, 2012 @ 12:24 PM

  43. Aslam o alikum

    Great work bro a work of apreciation…….keep it up…..

    i need your suggestion about squid proxy server…..

    which machine would be good indeed for me..

    hosting a small WLAN netowrk about 50 users only.

    i have 5 connections of ADSL 4mb PCC load balanced and working perfect with hotspot auttentication.

    only problem is prot 80 is very bzy…..

    browsing is slow where as download is preety good.

    can i configure 1 or 2 of 5 connections only for browsing purpose except these 2 other 3 connections can be utilized as a downloading connections.

    your help is precious and i hope i have made my point crystal clear.

    thanks regards
    billy
    Allah hafiz

    Comment by Billy — March 7, 2012 @ 11:54 PM

  44. can i configure 1 or 2 of 5 connections only for browsing purpose except these 2 . other 3 connections can be utilized as a downloading connections.

    ?

    Thanks.

    Comment by billy — March 9, 2012 @ 6:21 AM

  45. Sallam
    Sir
    First of all Thank you so much for all these artiles they are really really helpful
    i configure my RouterOs through ur blogs (dual Wan Configuration) but i have some problems in
    it regarding cache (web Proxy cache) when i paste or add following command
    /ip firewall nat add action=redirect chain=dstnat disabled=no dst-port=80
    protocol=tcp to-ports=8080
    after that No Browsing :D Plz help me Thanx
    Regards
    Muhammd Ahtesham

    Comment by Muhammad Ahtesham — March 16, 2012 @ 7:54 PM

  46. Salam. bhai agar ham queue use na krain to hotspot pay b yay scene ho skta hai k user ko cachable content without any limit k milay ???? aur agar yes to kesay ?????

    Comment by SHAFQAT FARHAN — March 28, 2012 @ 12:33 PM

    • Please re.phrase your question.

      If you are not using any queue for any bandwidth restriction, then any type of content will deliver at full speed, its pre understood thing.

      Comment by Syed Jahanzaib / Pinochio~:) — March 29, 2012 @ 7:22 PM

      • leken bandwidth restriction to hotspot pay b ho jjati hai

        Comment by Shafqat Farhan — April 5, 2012 @ 11:38 AM

  47. Salam bhai agar queue na laga ho. hotspot use ho raha ho to os pay ham kesay setting krain gay k user ko cached content without any limit milay ????

    Comment by SHAFQAT FARHAN — March 28, 2012 @ 1:11 PM

  48. sorry mjhe smajhnay main thori mistake ho gaei thi. now i have understood and applied all the configuration successfully. Jahanzaib bhai ap mjhe just yay confirm kr dain, k yay caching video caching k elawa sab kuch cach kray ga . i mean all type of files. like .exe, .mp3 etc etc. and web pages ???

    Comment by Shafqat Farhan — April 5, 2012 @ 12:56 PM

    • Not every content on the web page / internet is cacheable.
      Mikrotik can CACHE what it can. Usual contents like gif jpg mp3 exe can be cached ,
      Dynamic contents are not cacheable by default.

      Comment by Syed Jahanzaib / Pinochio~:) — April 5, 2012 @ 1:12 PM

  49. sir kia local computer ki hard disk use ki ja sakti hai caching k lia Mikrotik RB750GL mey proxy server se ???? Thanks

    Comment by Ehtisham Ul Haq — April 12, 2012 @ 10:37 AM

  50. Dear Sir

    can you give me or send link of mikrotik 4.17 or 5.14 routeros crack or keygen

    i required loadbalancing version kindly advise

    Ehtisham Ul Haq

    Comment by Ehtisham Ul Haq — April 16, 2012 @ 3:16 PM

    • No support for cracked versions. I recommend you to buy L4 , its cheap in price and high in performance / features.

      Or you can also try ver 3.30 which allows PCC

      Comment by Syed Jahanzaib / Pinochio~:) — April 17, 2012 @ 8:50 AM

  51. Hi, first of all thank you

    1. I noticed that cached contents will NOT be downloaded with full LAN speed if you tried IDM (Internet Download Manager). is there any way to make cache contents load with full lan speed using IDM?

    2. My hotspot is very complicated (many javascripts and css, in addition to flash contents and my media streaming using jw player). the hotspot works fine when there is no rx/tx limit (full lan speed), but when the user profile is 256k it loads very very slow. Is there any way to make hotspot and its contents loads with full lan speed without changing user profile (after logging in using 256k profile)? I mean such a way like caching hotspot and loading it without limits even if the user profile is 256k or another way doesn’t matter.

    Comment by faridfox — May 14, 2012 @ 2:10 PM

  52. pak syed,
    sorry if i put wrong on this thread.

    i need your advise about connection SQUID server on network due to additional RB750 device.
    Please see this attached.

    http://www5.picturepush.com/photo/a/8260518/img/8260518.jpg

    Comment by Ma'el — May 15, 2012 @ 7:53 AM

  53. thank you pak syed,

    I’m agree with your suggestion “prevent double NAT-ing”
    It’s something that should not occur :)

    let me learn your both of referal link. any question which may raise, i will post on this page.

    Comment by Ma'el — May 16, 2012 @ 1:13 AM

  54. Salam again Syed…..
    Thanks for your great articles, I’ve been learning so much from you
    Sir after I activated the transparent proxy, blocking mac address rule is failed, users that i blocked their mac address can browse the internet.

    Please help, because i need transparent proxy to make the clients obey it’s rule on the other hand i need some clients not to access internet by blocking their mac address.
    I’ve tried to separate accessing rule by NAT which ips can and can not access the internet, but it’s also failed after transparent proxy work.
    I got naughty client who used external proxy IP, i have blocked the IP proxy but i know it’s only temporary solution coz he will find another proxy number, so i use transparent proxy to manage his access.
    Help me please : how to make transparent proxy works together with blocking mac address.

    Comment by xekender — May 17, 2012 @ 5:55 PM

  55. Reblogged this on SHERY's BLOG ON COMPUTER NETWORKING/I.T TIPS.

    Comment by Shery — May 19, 2012 @ 5:46 PM

  56. salam Syed bahi……mein ne adult contact block kiye hoye hen pr wo proxy site k zariye open ho jate hen….plz proxy script wali site ko block karne ka tarika bi baten…..

    Comment by adnan — May 23, 2012 @ 4:24 PM

  57. A.salam
    ye app nai aik ip ko block krnay ka tareeqa bataya hai.
    agr mai mai aik say zada ip k k contents block kesay karo.
    For Eg
    mujhay 10.10.0.10 ,10.10.0.25, 10.10.0.28…etc k content block krnay hai .exe .iso .mp3 please guide me
    thnx

    Comment by Saud nabi khan — June 15, 2012 @ 9:31 PM

  58. sir,
    im having 100 users having 20 simultaneous users at a time.
    i planned to use dmasoft radius server,
    i want know is the squid server is really neccessary for this amount of users.
    is it possible to use Routerboard with micro sd cards, is it is enough. instead of using x86 servers.
    because in getting power problems regulary, it is difficult to maintain to pc in my office .
    if the router boards is ok, prefer me a best model no.

    Comment by tamilmaran — June 20, 2012 @ 9:48 AM

    • Mikrotik RB is fine for 100 users, You don’t need proxy server for 20-30 active users session. You can use SD Card in RB and use Mikrotik’s webproxy , it will be fine for small number of users,.

      Comment by Syed Jahanzaib / Pinochio~:) — June 20, 2012 @ 10:10 AM

      • sir,
        i plan to use RB 450g for radius,
        but, i dont how forward the client who are all registered on my 433ah connected with sector.
        when i placed the 450 g in server room connected the switch along with ap(433ah with r52 hn)..
        help me to configure..

        Comment by tamilmaran — June 20, 2012 @ 2:47 PM

      • How 433ah is configured ?

        Comment by Syed Jahanzaib / Pinochio~:) — June 21, 2012 @ 10:53 AM

  59. AssalamuAlaikum,

    Sir I am using mikrotik as pppoe server. after activating webproxy, if clients configure their browsers and enters proxy server’s address and 8080 port, will they be able to use internet without connecting through dial-up.

    Comment by Shakeel Ahmad — June 22, 2012 @ 7:18 PM

  60. Hello,

    I have configured my RB450G with 4WAN Load Balancer+PPPoE server from your script and it’s working very nice but now i tried to create a webproxy in Mikrotik. I have a 2GB Sdcard inside and in system stores i created webproxy1 to store the data in sd card.

    In firewall NAT i create the destination from the port 80 to port 8080. After this i enable the webproxy but it’s not working anyway.

    Maybe is a conflict here with the load balance configuration?

    Thanks a lot.

    Comment by maxnetisp — June 22, 2012 @ 8:19 PM

  61. Assallam o Alaikom.

    Dear sir Jahanzaib,

    I am using ROS v5.14 on a x86 PC and i have configured Userman for users authentication, i have problem with user time limitation i want some of users could login from 8:00 AM up to 5:00 PM (this Office package) and some of users could login from 5:00 PM up to 8:00 AM (Guest package) and for 1 month.

    i have 1 more problem that when a user bandwidth is limited etc: 256kbps download and 128 upload when that user want to browse some sites or want to play video on that time when we ping the ip of Mikrotik server and it’s delay time will increase up to 3000ms at the same time your internet speed will be sooooo slow and it takes too much time to get login in Mikrotik server because of slow speed.

    I don’t know what is the problem, dear sir if you could help please help me.

    Thanks in Advance.

    Mohammad Ikram

    Comment by Mohammad Ikram Rajabi — July 1, 2012 @ 2:24 PM

    • I worked on UM long time ago becuase of its instability and lake of features customization , so now I don’t have exact idea if UM supports timely login, I read some where that time schedule is possible now. Using this you can restrict users regarding time.
      Even if TIME option is not supported in UM, you can achieve your task by create schedule to disable enable specific filter rule to block/unblock specific users (who are in specified pool.

      when you create queue for any user, icmp packets are also capped by the queue. You can overcome this problem by creating separate queue for icmp e.g:
      https://aacable.wordpress.com/2011/12/07/mikrotik-howto-give-ping-icmp-high-priority/

      Comment by Syed Jahanzaib / Pinochio~:) — July 1, 2012 @ 5:29 PM

      • Dear sir,

        I have configured the web cache of mikrotik ROS v5.14 from your artical and i have putted separate hard drive everything is working fine ex: i open the yahoo it will cache it again when i open it will open from web cache everything works fine on that day, when i check it tomorrow it will open from the internet first than hole day it will works fine, the problem is everyday i should reopen the sites from internet first than it will open from web cache.

        sir please help me in this i will be really helpful from you.

        Comment by Mohammad Ikram — July 2, 2012 @ 12:10 PM

      • Check Refresh Pattern. Try increasing it.
        Also Dynamic content or content that changes every day like newspaper have expiry limit , so after specific time, they automatically expires and new contents download from the internet. Its common. You can forcefully change the behavior by using refresh pattern.

        Comment by Syed Jahanzaib / Pinochio~:) — July 3, 2012 @ 9:18 AM

  62. Assalam o Alaikum,

    Dear sir,

    I search a lot about this refresh pattern and dynamic content for changing and also i didn’t find it in the server, if you don’t mind please tell me the steps how can i change the refresh pattern and dynamic content.

    Please sir help me.

    Comment by Mohammad Ikram — July 3, 2012 @ 12:43 PM

  63. Dear sir,

    i am using Mikrotik Server version 5.14 + userman and I want to record bandwidth usage graphs of users individually that every month i have to give them monthly graph, how can i fix this problem to have user base graph.

    Please sir help..

    Comment by Mohammad Ikram — July 4, 2012 @ 3:31 PM

  64. Dear sir,

    I am living in Afghanistan, i tried so many searches to find the NTP Servers of Afghanistan and i couldn’t, would please tell me that how can i find it Or you have NTP servers of my area , Primary NTP and Secondary NT.

    Thanks in Advanced.

    Comment by Mohammad Ikram — July 4, 2012 @ 4:01 PM

  65. if packet hit it will delivery with full lan speed, but if the packet not hit yet how to quee it on network ( i mean not limit per client but per network so that the real b/w will be shared in the same rate of all user)

    Thanks
    Andre

    Comment by andre — July 31, 2012 @ 8:47 AM

  66. Dear Sir, this is a great site. u have helped me to understand things more. keep up sir.

    Comment by emmy smith — August 5, 2012 @ 11:03 PM

  67. dear sir, i need yr help. pls how can i deploy time alert, or time left for hotspot mikrotik users. when they login in the login page of mikrotik.. thank you sir

    Comment by emmy smith — August 5, 2012 @ 11:37 PM

  68. thank u sir, i will visit the site today. i will give u feed u back.

    Comment by emmy smith — August 10, 2012 @ 7:38 PM

  69. thanks for your great guide. I have followed your guide to setup transparent proxy. However, I have a problem with hotspots users. Before hotspot users are allowed access, the login page will open some external images. I have added these sites to wall-garden and it work. However, since hotspot also redirects port 80 to 64873, I am unable to proxy hotspot users BEFORE login. Anyway I can do this?

    Comment by abubin — August 27, 2012 @ 1:42 PM

    • I am unable to understand the question correctly.
      You want to say that on login page, you have some images on your Login page that are hosted on internet? and you want to show them to your page even for non-authenticated users?

      Comment by Syed Jahanzaib / Pinochio~:) — August 28, 2012 @ 8:45 AM

  70. I have a customers on pppoe is that possible to use web-proxy for them? And I have a problem with this configuration when customer is conected I can see adresses in connection tab but cache tab is empty. Why?

    Comment by rapper3d — August 31, 2012 @ 1:10 AM

  71. Hi, first of all thank you

    1. I noticed that cached contents will NOT be downloaded with full LAN speed if you tried IDM (Internet Download Manager). is there any way to make cache contents load with full lan speed using IDM?

    2. My hotspot is very complicated (many javascripts and css, in addition to flash contents and my media streaming using jw player). the hotspot works fine when there is no rx/tx limit (full lan speed), but when the user profile is 256k it loads very very slow. Is there any way to make hotspot and its contents loads with full lan speed without changing user profile (after logging in using 256k profile)? I mean such a way like caching hotspot and loading it without limits even if the user profile is 256k or another way doesn’t matter.

    Now I have version 5.20 on PC and with web proxy (cache) enabled

    Comment by faridfox — September 8, 2012 @ 9:04 PM

  72. Assalam o alaikum
    Jahanzaib bhai,
    Bhai Mein Mikrotik 5.18 Use Kar raha Hoon Aur Meri Setting Ye Hai .

    /ip address
    add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local
    add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=WAN1
    add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=WAN2
    add address=10.113.0.2/24 network=10.113.0.0 broadcast=10.113.0.255 interface=WAN3
    add address=10.114.0.2/24 network=10.114.0.0 broadcast=10.114.0.255 interface=WAN4

    /ip firewall mangle
    add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
    add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn
    add chain=input in-interface=WAN3 action=mark-connection new-connection-mark=WAN3_conn
    add chain=input in-interface=WAN4 action=mark-connection new-connection-mark=WAN4_conn

    add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
    add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2
    add chain=output connection-mark=WAN3_conn action=mark-routing new-routing-mark=to_WAN3
    add chain=output connection-mark=WAN4_conn action=mark-routing new-routing-mark=to_WAN4

    add chain=prerouting dst-address=10.111.0.0/24 action=accept in-interface=Local
    add chain=prerouting dst-address=10.112.0.0/24 action=accept in-interface=Local
    add chain=prerouting dst-address=10.113.0.0/24 action=accept in-interface=Local
    add chain=prerouting dst-address=10.114.0.0/24 action=accept in-interface=Local

    add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:3/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:3/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:3/2 action=mark-connection new-connection-mark=WAN3_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:3/3 action=mark-connection new-connection-mark=WAN4_conn passthrough=yes

    add chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN1
    add chain=prerouting connection-mark=WAN2_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN2
    add chain=prerouting connection-mark=WAN3_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN3
    add chain=prerouting connection-mark=WAN4_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN4

    /ip route
    add dst-address=0.0.0.0/0 gateway=10.111.0.1 routing-mark=to_WAN1 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=10.112.0.1 routing-mark=to_WAN2 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=10.113.0.1 routing-mark=to_WAN3 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=10.114.0.1 routing-mark=to_WAN4 check-gateway=ping

    add dst-address=0.0.0.0/0 gateway=10.111.0.1 distance=1 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=10.112.0.1 distance=2 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=10.113.0.1 distance=3 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=10.114.0.1 distance=4 check-gateway=ping

    /ip firewall nat
    add chain=srcnat out-interface=WAN1 action=masquerade
    add chain=srcnat out-interface=WAN2 action=masquerade
    add chain=srcnat out-interface=WAN3 action=masquerade
    add chain=srcnat out-interface=WAN4 action=masquerade.

    Jahanzaib Bhai,
    Kya Aap Mujhe ( Web Proxy ) Ki Setting Bata Sukte Hain. ? Plz Bhai Help Me

    Comment by Mubashir — September 9, 2012 @ 1:26 PM

    • Aur System Mere Pass Hai .
      Xeon 2.8
      Ram 1GB
      HD 320

      Comment by Mubashir — September 9, 2012 @ 1:32 PM

    • In my opinion, mixing web proxy with pcc will bring many complications to your network and management. So its much easier to setup another box with proxy and route all request to it, it will serve much better and you can do advance tweaks on it too like youtueb / dynamic content caching etc.

      Comment by Syed Jahanzaib / Pinochio~:) — September 9, 2012 @ 9:40 PM

      • salaam
        sir aap mikrotik ki deive ke bare main bhi bata sakte hai in ki deive se kia kia feeda hos skta hai aur wireless ka bhi batya

        Comment by mani — September 10, 2012 @ 10:16 PM

  73. ERROR: Gateway Timeout

    Comment by majid — September 21, 2012 @ 3:40 PM

  74. ERROR: Gateway Timeout

    While trying to retrieve the URL http://www.facebook.com/:

    No route to host

    Your cache administrator is Webmaster.
    Generated Fri, 21 Sep 2012 15:19:27 GMT by 192.168.0.20 (Mikrotik HttpProxy)

    Comment by majid — September 21, 2012 @ 3:41 PM

  75. Assalam U Alaikum Bhai!

    Main Mikrotik 3.30 Use ker Raha hoon main us main Web proxy bhi use ker raha hoon lekin us ke saath Filter Rules apply nahin ho rahe.
    Main ip aur Mac filtering kerna chahta hoon. Jab Webproxy start kerta hoon to filter rules kaam nahin kerte. jab web proxy off kerta hoon toh filter rules kaam kerte hain.

    so kindly aap koi hal Bata den. I will be thankful to you.

    Comment by Muhammad Furqan — September 22, 2012 @ 2:49 PM

  76. Asalma O Alikum Jahanzaib bhai, how r u??

    bro there is a problem yar whenever i use this proxy system, it work for me but the problem is that it starts browsing on my network without authentication.. sabke pass browsing start ho jati hai, m using pppoe server, main isko disbale karta hon aur transparent rule ko b disable karta hon to LAN pe browsing off ho jati hai without pppoe authentication,, wats itz workaround bro, where m going wrong,, i have only pppoe pool in nat ..

    plz help and guide as soon as possible. m w8ing for ur respnse jahanzaib bhai,

    Jazaak`Allah

    Comment by ZJ — September 28, 2012 @ 2:09 AM

    • the simplest way to secure your web proxy is that the rule that you have created to redirect port 80 traffic to local web proxy, define pppoe pool only in src-address.
      this way only pppoe connected users will be redirected/allowed to use web proxy. !

      Comment by Syed Jahanzaib / Pinochio~:) — September 28, 2012 @ 9:07 AM

  77. Asalma O Alikum Jahanzaib bhai, how r u??

    ERROR: Gateway Timeout

    While trying to retrieve the URL http://www.facebook.com/:

    No route to host

    Your cache administrator is Webmaster.
    Generated Fri, 21 Sep 2012 15:19:27 GMT by 192.168.0.20 (Mikrotik HttpProxy)

    PLZ YE PROBLEM HAL KAR DE JAB KOI SITE OPEN KARTE HY TO YE MSG ATA HY RESET HTML PAGE PAR BI CLIK KIA HY

    Comment by majid — October 6, 2012 @ 12:16 PM

  78. Asalamualikum sir je ye main ney Rule Lagaya hai per Cacheing Working he nahi karti hai :( Main nay Winrar he Download kiya haia kahi dafa eik he link say per Not Working But Kuch Mb data Store honey lag gaya hai per Is Cacheing ko hit nahi karta :( help me pls

    /ip firewall mangle
    add action=mark-packet chain=output comment=”CACHE HIT/Zaib” disabled=no dscp=4 \
    new-packet-mark=cache-hits passthrough=no

    /queue tree
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=”Unlimited Speed for CACHE by zaib” packet-mark=cache-hits \
    parent=global-out priority=8 queue=default

    Comment by Rizwan Ahmed — November 29, 2012 @ 3:52 PM

    • Are you using any downlaod utility to download the file ?> like IDM ?
      If yes, then disable it and test downloading using browser only.

      Comment by Syed Jahanzaib / Pinochio~:) — November 29, 2012 @ 3:55 PM

  79. u mean ye IDM per kaaam nahi karay ga ?

    Comment by Rizwan Ahmed — November 29, 2012 @ 6:01 PM

  80. Assalamo’alikum Syeik,

    I am from indonesia

    Great and best mikrotik tutorial
    Could you help me to design script mikrotik OS 5.18 with

    Modem –> Mikrotik 5.18 –> LAN (update pacth gameonline)
    |
    |
    Hotspot

    1. modem = 192.168.2.1
    2. LAN = 192.168.1.1
    3. Hotspot = 192.168.3.1

    The important think is use internal webproxy for chaching Gameonline.
    for example game online likes : crossfire, lostsaga ect

    Jazakumullah khoiron katsiiroo…

    Wassalam

    Misbach

    Comment by Muhammad Misbachul Amin — December 9, 2012 @ 2:44 PM

  81. Update diagram :
    mikrotik input Modem
    mikrotik output : 1. Local Area Network and 2.Hotspot

    Comment by Muhammad Misbachul Amin — December 9, 2012 @ 2:46 PM

  82. sir..for second time download it’s ok (can’t use bandwidth) but can’t use chace content browsing and streaming youtube (still use bandwidth for the second time)
    please, give me solution this probem.. thanks

    Comment by Baserak — January 11, 2013 @ 11:21 AM

  83. Sir two questions:

    1- Can we change signature in proxy i.e it shows the user that we are using Mikrotik which I don’t want .
    2- Can we make cache for windows update.

    Thanks.

    Muhammad Fawad

    Comment by Muhammad Fawad — January 17, 2013 @ 2:57 AM

  84. Asalamualikum Sir …
    I have Three Routers mikrotik :
    1. The first one as Loadbalance. Local=10.0.0.1/30
    2. after that as WebProxy Cache. Wan=10.0.0.2/30 Local 10.0.1.1/30
    3. after that as my local server 750GL containing DHCP, Hostpot, PPPoE Server and static IP for end users. WAN=10.0.1.2/30

    how can I do maximum hit for end users from the WebProxy Cache Server(The second Router), what the script should I put on my Local Server(the Third Router 750GL)?

    Please …

    Comment by esalehnet — January 22, 2013 @ 3:38 PM

    • Mikrotik web proxy is a basic simple proxy. Its not designed for customization. If you want better cache hit, use SQUID along with mikrotik and redirect all HTTP traffic to squid. SQUID is highly customizable proxy server, you can also do youtube caching on squid. There are lot of options in squid,

      Just Explore ! do some testing.

      Comment by Syed Jahanzaib / Pinochio~:) — January 23, 2013 @ 11:07 AM

      • Thanks, I’ll do some test and let you know if I get something.

        Comment by esalehnet — January 26, 2013 @ 4:18 PM

  85. i configured mikrotik with squid at ubutu but some time restarting te systems i facing a problem ” The reuest url could not be retrieved .. unable to determine ip address the dns server refused ” i am using ptcl dsl i am sure u may be resolved my problem …Kaleem

    Comment by Syed Muhammad Kaleem — March 1, 2013 @ 11:23 AM

  86. Hi
    My mikrotik proxy server looks like its not cache files like winamp
    Any reason for that?

    Comment by Juan Kilian — March 2, 2013 @ 2:56 PM

    • Mikrotik have a very basic level of proxy package, It cannot cache many contents or any custom. It will cache only things that it can by default. You cant force it much to cache all contents. use Squid to have more customize cache to avail maximum cache hits

      Comment by Syed Jahanzaib / Pinochio~:) — March 3, 2013 @ 11:45 PM

  87. Sir can i get your tutorial on your blog and translate to our indonesian language to share in my blog?

    Comment by c0d393n — March 14, 2013 @ 1:06 AM

  88. your tutorial really helpfull sir, i always try your tutorial on mikrotik and i’ts usefull… thaks very much sir…

    Comment by c0d393n — March 14, 2013 @ 1:09 AM

  89. Assalamu’alaikum,
    Tutorial anda sangat bermanfaat, terima kasih banyak telah mau berbagi ilmu tentang hal ini.

    Comment by Muhammad Awaludin — March 18, 2013 @ 9:15 AM

  90. Assalammualaikum Brother, Is it possible to cache youtube and speedtest content using mikrotik webproxy? Greetings from Indonesia :)

    Comment by Theodore Alexander — March 20, 2013 @ 7:59 AM

  91. Salam sir main mikrotik 3.30 hotspot server use kar raha hon webproxy b banai v hai is main hi bt sir web browsing phr b bohat slow ho rahi hai facebook yahoomail gmail aisi sub website problam kar rahii hai songs softwear ki saite sahe work kar rahi hai plz sir help mee:(

    Comment by sajid — March 31, 2013 @ 5:05 AM

    • First of all, 3.30 is way too old, and I am quite sure you are using cracked version. Please obtain legitimate software.
      Upgrade your mikrotik OS version to latest that is 5.22 or above.
      Also avoid using WEBPROXY of hotspot, better to add squid as proxy server in separate box.
      Also make sure the quality of your WAN link, slow browsing major causes are slow wan link or over book customers that chocks the link. so keep a balance between both.

      Comment by Syed Jahanzaib / Pinochio~:) — April 1, 2013 @ 9:11 AM

  92. sir facebook kuch zadha hi hang ho rahi hai chalte chalte ruk jati hai 10sec ke liye phr auto chalne lag jati hai baki sub site sahee work kar rahi hai pppoe server pe tu facebook opne hi nai ho rahi hai facebook loding kar ke band ho jati hai.

    Comment by sajid — March 31, 2013 @ 5:09 AM

  93. salam jahanzaib bhai kindly help me ! i have configure mikrotic 3.30 as a pppoe with Transparent web proxy every thing is running fine .( Thanks to u ) i want to access my Lan webserver outside the network mikrotik wan ip static . when i access my mikrotik outside the network its access perfactly winbox and web interface both open outside the network . but how can access Lan webserver outside the network may ( webserver Lan ip 10.10.10.5 pppoe assign ip 192.168.1.5 mikrotik Lan ip 10.10.10.1 pppoe pool 192.168.1.1-192.168.1.50 mikrotik wan ip = static in DNS settting i use ISP DNS ) please help me my Lan webserver running on port 81 (10.10.10.5:81 ) i m waiting ur reply .

    Comment by khurram — April 3, 2013 @ 8:25 AM

    • Do you static public on Mikrotik WAN interface? If not then you can configure dymanic dns on your mikrotik, then you can use domain name of any choice (free) and using this name you can access your mikrotik or web server.

      If using static public on mikrotik wan then simply create a port forward rule that will forward port 81 request to internal web server. On internal web server, make sure its using mikrotik as its default gateway.
      Then from internet you can access it by using http://yourwanip:81 then mikrotik will forward port 81 request to your local web server.

      Comment by Syed Jahanzaib / Pinochio~:) — April 3, 2013 @ 9:14 AM

  94. i have make port forwarding rule in firewall—>Nat but no access . please send me port forwarding rule also define i use Lan ip (10.10.10.5 or pppoe ip 192.168.1.5 ) in port farwording rule ?

    Comment by khurram — April 3, 2013 @ 10:25 AM

  95. Hello Syed, thanks for this great piece of info. i have a small network- at peak with 25 clients and i want to use web proxy but it seems from the tutorial that you were working on a routerOs installed on a PC and not a routerboard.

    If that is the case, how do i connect an external PC that will be caching content to a RouterBoard since an RB has small drive space and besides because of constant read/write need of Cache doesn’t make an RB a good candidate. my RB is 951-2n

    Please I wouldn’t like to use squid though just the built-in web proxy from mikrotik.

    thanks

    Comment by max — April 20, 2013 @ 11:12 PM

  96. Hello Sir, can you please help with my earlier enquiry? I have routerboard. how do i connect a PC to the RB so that i can cache on the PC drive instead of directly on the RB..

    Please i look forward to hearing from you please.

    thanks

    Comment by max — May 2, 2013 @ 3:53 AM

    • You can’t MAP/USE PC HDD in RB. The other alternative is to install any proxy server in the PC, and in Mikrotik web proxy, use that pc as a UPSTREAM proxy for RB Proxy.

      Comment by Syed Jahanzaib / Pinochio~:) — May 2, 2013 @ 12:50 PM

      • Thank you very much sir. but apart from Squid, is there any proxy server that i can have on windows and consequently use as an UPSTREAM proxy for the RB proxy? can you please point me to any link to relevant articles so i can do so reading there?

        thanks again,
        max

        Comment by Max — May 3, 2013 @ 9:58 PM

      • MAX: You can use Microsoft ISA Server 2004/2006 , which is also very good in caching. Its cache HIT ratio is comparatively good with balanced approach (in terms of content freshness). With some fine tunning you can achieve some good cache hit results even with ISA :), the only side effect is that you can use TOS or ZPH in it, so even the cached content will be restricted by the user package limit. If your users have good package speed, then you will not feel any difference. Give it a try. I am using from more the one DECADE, yes its true, I first started using ISA server in year 2001 at my cable.network , afterward moved to 2004 when I joined an company, then 2006, and now on Forefront TMG 2010 which is the new name for ISA and its 64bit and works very good in terms of stability and options. This is the first product of ISA series that supports DUAL wan load balancing and failover too, infactits fail over works very good. I am using it.

        Give it a shot, isa server 204 or preferably 2006 is better if you dont want to go with the SQUID.

        Comment by Syed Jahanzaib / Pinochio~:) — May 3, 2013 @ 11:14 PM

  97. Hi Zaib bhaai i have a problem i am checking my main line it shows 20 Mbps down and 20 Mbps Up but when i am connecting my pc after mikrotik it shows 3 mbps down and 3 mbps up i am using Rb 1200 your kind help will be appreciated.

    Comment by Mohammad Nabi — May 8, 2013 @ 8:18 PM

  98. hello Boss, thanks very much for your insight.. I’ve set up the proxy cache as described in your article.

    however, what i’ve noticed is that caching only works when am caching in RAM but fails to work when i select the “Cache on disk” option.

    What could be my problem? I had to drives both SATA and under System–>Stores –> Disks. they both show as SATA1 and SATA2 with their respective sizes intact yet whether i choose to cache on SATA1 or SATA2, it won’t work unless I deselect Cache on disk then it start s caching on RAM.

    help needed here please,
    David

    Comment by maxcuban — May 13, 2013 @ 11:52 PM

  99. Dear Mr. Syed Jahanzaib

    Is there another way to block sites for Single User is the way ( ip proxy access add action=deny comment=”Block yahoo for single user” disabled=no dst-host=www.yahoo.com src-address=192.168.2.5 (192.168.2.5 is the user ip) )

    Because I’ve its experience I had working please help me in this topic to my need urgent

    Comment by aousmoder — July 28, 2013 @ 12:34 PM

  100. hi,

    I tried the above configuration, but its not working for me. Initally i download a 129 MB file and later i tried to download the same file with 512 Kbps id. But i’m not able to download the file at high speeds. Its downloading at normal internet speeds only. Pls help me fixing the issue.

    -Pradeep

    Comment by pradeepvardhineni@gmail.com — August 6, 2013 @ 3:00 AM

  101. sir kay ya hotsport pa use kar sakta ha

    Comment by Zeeshan — August 11, 2013 @ 11:30 AM

  102. Howto Send CACHED Contents to user at Full Speed – is not working with anymore in latest version 6.2 ROS .
    In firewall – mangle there is bytes – packet growning , but in queue tree is 0 bytes …

    Comment by Damir — September 16, 2013 @ 1:38 PM

    • I have not check mikrotik web proxy with ROS 6.

      Try adding simple QUEUE, and move it on top. see the article example for ZPH and ROS 6

      Comment by Syed Jahanzaib / Pinochio~:) — September 16, 2013 @ 2:18 PM

  103. bhai mai rb 450-g use kr raha hu 2 wan pcc with hotspot ….mai web proxy ke setting krta hu jesay apnae btye hai….bt kam nei krti…nat mai jo rule lagatay hai wo 0 bytes he rehta hai…mai sirf ip>webproxy>cache content dekhna chahta hu….koi solution hai …kehe mera hotspot tou masla nei kr raha me v6.2 use kr raha hu…

    Comment by vikibhai — September 23, 2013 @ 9:01 PM

  104. This web proxy not work properly when I go to blocked site using google.
    If i write in address “www.facebook.com” firewall block this site, but when I write in google “www.facebook.com” and click on a link, I can go to Facebook without problems.

    Comment by Raptorek — October 17, 2013 @ 12:37 PM

  105. thanks alot !! it worked for me

    Comment by netra — October 26, 2013 @ 2:52 PM

  106. Is it possible to add prefix to username at hotspot client login page?

    Comment by ipmeel — December 12, 2013 @ 11:29 AM

  107. i try it bt not working with my Mikrotik 5.20…. iam using 3 wan pcc +DHCP with Control Users Via Mac………? in nat rule /ip firewall nat add action=redirect chain=dstnat disabled=no dst-port=80 protocol=tcp to-ports=8080 no bytes upp its stays 0n 0 bytes…Please Sir Help me about This….

    Comment by mirnaveed — December 19, 2013 @ 3:46 AM

  108. bhai mere pas mikrotik 5.20 hai or main users mac se control kar raha hun with 3 wan pcc par prob ye hai k mere pas in nat rule /ip firewall nat add action=redirect chain=dstnat disabled=no dst-port=80 protocol=tcp to-ports=8080 no bytes upp its stays 0n 0 bytes hai not working

    Comment by mirnaveedmirnaveed — December 19, 2013 @ 3:52 AM

  109. Hi Dear,

    i am having a problem, when i access my ubnt antenna or any other antenna from any client side through pppoe or hotspot it gives the error :

    ERROR: Gateway Timeout

    While trying to retrieve the URL http://172.16.1.2/:

    Connection timed out

    please give the solution for this how to access these.

    thanks

    Comment by Roger — January 6, 2014 @ 11:28 PM

  110. Hi, is there anyway you can only record certain info in the web proxy? For example, I want to record all lines that start with “GET” but I want to discard all of the other records. Can this be done?

    Comment by joeburneie — January 14, 2014 @ 4:19 AM

  111. sir i am having a problem with yahoo not working. i try to chang MTU of ptcl but its still on 1492. my network is configured on 1400 MTU.if t chang MTU of rb750 to 1500 or 1492 client seem not connected. can you please help me. hope you understant my problem. Adnan

    Comment by adnan — February 17, 2014 @ 11:00 PM

  112. bhai mere pas mikrotik 5.20 hai or main users mac se control kar raha hun with 3 wan pcc par prob ye ha ke kuch website ptcl broadband par block hone ki waja se main web request ko wan 3 par load krwana chahta hun k meri kuch specific website wan 3 se load hon kyun ke wan 3 par koi or service hai jis par website open ho rahe hain jo ptcl k link par open nahi hoti hain.so plz help zaib bhai thnx

    Comment by mirnaveed — February 18, 2014 @ 8:00 PM

  113. Hi,
    Sir i want to bypass bandwidth queues for some websites.please guide me procedure.
    regards
    Mir Naveed

    Comment by mirnaveed — February 18, 2014 @ 8:25 PM

    • You can mark packets for those web sites ip addressess (you can also use script to get the names from dns caching and update in a address list) then create a simple queue that will allow unlimited ot mroe bandwidth to these marked packets.
      simple :D

      Comment by Syed Jahanzaib / Pinochio~:) — February 27, 2014 @ 10:58 AM

  114. hi Mr Syed Jahanzab i usually read your posts are very intresting and valueable for us as im running a small isp setup with 20 users using bullet2hp with rb750gl . internet runs fine during day time but gets slow in afternoon alot of users get on line. is there any stable way to block downloading for certain users or use squid server with rb750gl to make speed super fast.

    Comment by Asfandyar khattak — February 23, 2014 @ 9:15 PM

    • how you can get SUPER FAST speed with SUPER LOW speed :)
      First you should consider increasing the bandwidth in order to maintain supply and demand.
      then you should consider adding PROXY server to the network so that you can save at least some percentage by caching frequently accessed object. then you can implement certain restrictions like Blocking downloads , p2p, lowering the speed for unwanted traffic etc.

      Comment by Syed Jahanzaib / Pinochio~:) — February 27, 2014 @ 10:50 AM

  115. Can some one post the script for version 6.x to have webproxy up and running with unlimited speed of cached content.

    Comment by Anand — March 6, 2014 @ 2:44 PM

  116. a,o,a
    web cashe main ye check kar sakta hoon ke mere user ne kya kya download kya ha

    Comment by asif — March 9, 2014 @ 12:38 AM

  117. Hello,
    first of all i would like to thank You for nice tutorial which was for me (as a beginner with RouterOS) very useful.
    I would like to ask off topic question if i may:
    i have satellite receiver which has web server which is not protected. I can do port forwarding to it, but i dont want to leave access to unauthorised persons
    to my satellite.
    Is there a way how to protect the internal web server by any password in microtik??

    thank You very much

    Comment by proforsk — March 10, 2014 @ 4:52 PM

    • hmmm not possible fro wan. There must be some kind of password protection in the web server.
      if it was LAN, then you could add it in DMZ for more secure and protection.

      Comment by Syed Jahanzaib / Pinochio~:) — March 11, 2014 @ 8:31 AM

      • Thank You very much. I will have to find out how to protect the web server as You said :)

        thanks a lot

        Comment by proforsk — March 11, 2014 @ 5:58 PM

  118. great thanks!

    Comment by netra — March 29, 2014 @ 10:08 AM


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Silver is the New Black Theme Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 2,043 other followers

%d bloggers like this: