Web proxy is a service that is placed between a client and the internet for HTTP web surfing. It can cache certain contents / http pages in its local cache. Mikrotik have basic PROXY package builtin called WEB PROXY. It is suitable for basic caching for small to mid size networks.
For advance caching capabilities, Use 3rd party external proxy server like SQUID.
MikroTik WEB.PROXY Recommendation
Always try NOT to use the same storage disk to store your your cache and your your Router OS, to ensure there is always enough space on your router OS Disk for logs, upgrade / update packages & Backups. Therefore It is highly recommended that the web-proxy cache is stored on a physically separate drive (store) other than the Router OS. Placing the cache on a separate drive ensures maximum performance and reduces problems if the disk becomes full or fails as the OS will then still be OK!
Caching Internet access will require a lot of read and writes to the disk, chose fast disk as for maximum performance / concurrent user request support.
Cache performance also largely depends on RAM size, the More RAM you have in your server, the Better performance you will get.
We will divide this article in 3 Sections.
1# Preparing Secondary Partition for Cache
2# Configuring Web Proxy
3# Transparent Proxy
Let’s BEGIN . . .
1# Preparing Secondary Drive for CACHE
First we will Format secondary harddrive (to be used for cache ), IF YOU DON’T WANT TO USE SECONDARY HARD-DIVE, SKIP THIS STEP.
Goto SYSTEM > STORES > DISKS
Select the Secondary Hard drive and click on FORMAT DRIVE
As shown in the image below.
.
Now go to STORES tab (by navigating to SYSTEM > STORES)
Select the WEB-Proxy package and click on COPY
It will ask you where to copy WEB-Proxy package, Select Secondary Drive in TO box.
As shown in the image below.
2# Configuring Web Proxy
Now We have to Enable Mikrotik Web Proxy by navigating to
IP > WEB PROXY
As shown in the image below.
.
Now Click on “Enable”
in Port, Type 8080
Max Cache Size , Select Unlimited from drop down menu, OR if you have limited Disk Space, then use your desired amount.
You have to specify space in KiloBytes for example 1024 KB = 1MB , so if you want to set 5 GB Cache, then use 5242880 , I am using 5 GB in this example. The cache size is really based off of how much RAM you have in the machine
As shown in the image below . . .
.
Click on Apply and your Mikrotik’s Web Proxy is Ready to be used, But Every client have to set proxy address pointing to Mikrotik IP to be able to use Proxy Service.
3# Transparent Proxy
If we want that every user must be automatically redirected to Proxy transparently, then we have to create additional rule to forcefully redirect users to proxy service, which is called TRANSPARENT PROXY.
.
Goto IP > FIREWALL > NAT and create new rule
In Chain , Select dsntant,
In Protocol, Select 6 (tcp)
In Dst. Port, Type 80
As shown in the image below . . .
.
Now goto Action Tab,
In Action, Select redirct
In To Ports, Type 8080
As shown in the image below . . .
.
Now your newly created rule will look like something below image.
As shown in the image below . . .
OR the CLI version of above rule would be something like below.
/ip firewall nat add action=redirect chain=dstnat disabled=no dst-port=80 protocol=tcp to-ports=8080
Done. Now Mikrotik web proxy will perform as TRANSPARENT PROXY , Every user’s HTTP PORT 80 request will automatically be redirected to Mikrotik built-in Web Proxy.
You can View Proxy Status and other info via going to IP > WEB PROXY > SETTINGS > STATUS and other tabs in the same window.
As shown in the image below . . .
=========================================
WEB-PROXY Tips ‘N’ Tricks !! by Zaib (December, 2011)
=========================================
.
Howto Send CACHED Contents to user at Full Speed / Ignoring QUEUE Limit for cached-hits marked packets 🙂
First Mark Cached Contents by MANGLE Rule.
/ip firewall mangle add action=mark-packet chain=output comment="CACHE HIT/Zaib" disabled=no dscp=4 \ new-packet-mark=cache-hits passthrough=no
Now Create an Queue Tree which will send cache-hits packets to users at full LAN speed, ignoring the user’s Static OR Dynamic QUEUES
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \ max-limit=0 name="Unlimited Speed for CACHE by zaib" packet-mark=cache-hits \ parent=global-out priority=8 queue=default
Now Try to download any cacheable content , for example download following file,
http://www.rarlab.com/rar/wrar410b5a.exe
Once Downloaded, Try to download it again from any other computer or via same test pc. You will see the Queues and rules in action, sending cache-hits packets to users at full LAN speed.Remember Mikrotik web proxy is very basic and simple proxy server with not much tweaks and nuts ‘N’ Bolts to set, So it will cache what it can. For advancements, Use SQUID instead.
As shows in the image below . . .
.
Also you can view the cache contents via going to IP > WEBPROXY > CACHE CONTENTS
As shows in the image below . . .
Howto Block Web Sites by Domain Name
You can block any web site via domain name as shown below.
/ip proxy access add action=deny disabled=no dst-host=yahoo.com /ip proxy access add action=deny disabled=no dst-host=www.yahoo.com
Howto Block Downloading via File EXTENSION Types
You can block Downloading by file types using following code,
/ip proxy access add path=*.mp3 action=deny
Howto Block OPEN PROXY
Please Make sure You are not running your proxy in OPEN PROXY mode, If so any one cane use your proxy service over the internet, and can use perform any illegal activity and your proxy IP will be logged at remote server, So Block it immediately.
Use the following.
/ip firewall filter add action=drop chain=input comment="Block Open PROXY 🙂 Zaib" disabled=no dst-port=8080 in-interface=wan protocol=tcp src-address=0.0.0.0/0
In in-interface , select your WANinterface.
Howto Add LOGO and Edit Proxy Default ERROR Pages
Goto IP > WEB PROXY
Click on RESET HTML
It will ask you that “Current html pages will be lost ! Reset anyway?” CLick on YES
As shown in the image below . . .
,
Now goto FILES and you will see webproxy/error.html ,
As shown in the image below . . .
Just copy this error.html file to your desktop and edit it using your favorite html editor.
(I personally use MS FRONTPAGE 2003 due to its easy and user friendly interface, You can use notepad to edit this file content as its very small and contains basic text only. just don’t mess with the codes, only change the text you want, for example network name support numbers etc. after saving , upload it back to Mikrotiok under web-proxy section.)
Howto Block Web Site for Single User
To block any website for a single user , Use the following …
/ip proxy access add action=deny comment="Block yahoo for single user" disabled=no dst-host=www.yahoo.com src-address=192.168.2.5 (192.168.2.5 is the user ip)
To block single user and redirect him to your policy page on any loacl web server defining the reason why he is blocked , use the following.
/ip proxy access add action=deny comment="Block yahoo for single user" disabled=no dst-host=www.yahoo.com redirect-to=192.168.2.3/policy/deny.htm src-address=192.168.2.5
(192.168.2.3 is the web server ip , & 192.168.2.5 is the user ip)
As shown in the image below . . .
.
.
Regard’s
SYED JAHANZAIB
thanks alot brother.
plz also tell us that how can we configure squid.
May GOD give you long LIFE
LikeLike
Comment by Suleman — December 30, 2011 @ 2:12 AM
LikeLiked by 1 person
Comment by Pinochio~:) — December 30, 2011 @ 11:01 AM
aslam o elikum dear sir i check your tutorial for web proxy but i cant not under stand a option src address please tell me what is my src address my mikrotik lan ip 172.16.0.1 , wan ip 178.60.17.1 and user ip 10.0.0.1 please help me i send you file who i use /ip firewall filter
add action=drop chain=input comment=”Block Open PROXY 🙂 Zaib” disabled=no dst-port=8080 in-interface=wan protocol=tcp src-address=0.0.0.0/0
LikeLike
Comment by Fahad Farrukh — March 14, 2015 @ 8:01 PM
Thank you very much Jahanzaib bhai! Nice sharing 🙂
LikeLike
Comment by faizan — December 30, 2011 @ 4:47 PM
Someone noticed increased ping when using the proxy in this way? (in spanish: Alguien a notado el Gran aumento de ping al usar el proxy de mikrotik)
conduct a speedtest (example. http://speedtest.net/) without proxy, and then the active proxy
LikeLike
Comment by Osvaldo Riquelme Flores — December 30, 2011 @ 6:44 PM
Didn’t felt any difference with or without proxy.
LikeLike
Comment by Pinochio~:) — December 30, 2011 @ 8:58 PM
In the navigation is not noticeable difference, but do a speed test online with the proxy on and see the value of ping
LikeLike
Comment by Osvaldo Riquelme Flores — December 31, 2011 @ 12:56 AM
Thanks
LikeLike
Comment by yagob — December 30, 2011 @ 9:24 PM
Thank’s…
LikeLike
Comment by awanbiru — December 31, 2011 @ 6:56 AM
thanks sir agar ham sapered server bana chahe wo kase banay ge or mikrotik ke sath Configuring kase kare gay plz next time step by step baty shukria
LikeLike
Comment by imtiaz — December 31, 2011 @ 5:11 PM
Use the following guide.
Do not expect STEP BY STEP guide for every thing, or do not expect ready made meal,
Try to do some research yourself too.
LikeLike
Comment by Pinochio~:) — December 31, 2011 @ 9:18 PM
Great site, and great article! You would be a great consultant. But to become a consultant, you need to attend some trainings. Maybe you should look into this, it’s a nice business opportunity.
LikeLike
Comment by N.R. — January 2, 2012 @ 2:20 PM
Dear Normis, Its good to hear from you.
You are right about ‘Proper Certification’ But the problem is this that the Mikrotik related courses are not offered in our country (Pakistan). So its financially hard for me to get the training by visiting abroad just for the certification 🙂
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — January 3, 2012 @ 11:21 AM
Assalam – o – walelekom
bhai multi wan key saat web proxy work nahi kar rahi hai……………..kya aap meri help kar saktey hain……….
waqar hussain
from ; karachi
LikeLike
Comment by waqar — January 3, 2012 @ 3:58 AM
In my opinion it is Much more easier to just add an external proxy box Either Squid or ISA, SQUID always works better also its open source and highly customizable. Trying to integrate Mikrotik builtin WebProxy with PCC becomes too complicated to troubleshoot.
If you want to try it, the general idea is to replicate all the PCC set up for the ‘output’ chain. PCC as you have it runs in ‘prerouting’, which never sees packets generated by the router. When you use a proxy all web traffic is split into two connections – one from client to router (proxy), the other from the proxy (router) to the Internet. You have to PCC balance those connections. At the same time you have to be careful not to match any other traffic sent from the router (replies to SSH, Winbox, DNS, whatever other services you have running), and you have to be careful to not match traffic during normal PCC that will be redirected to the proxy. Routing marks override everything.
I would keep it simple and easy to troubleshoot and just build a Squid proxy and mark all http traffic and route it to squid box.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — January 3, 2012 @ 11:18 AM
love this website………..!
LikeLike
Comment by waqar — January 4, 2012 @ 6:47 PM
Thanks sir……..!
sir……..pcc load balance main jo aap ney ip route …….ki skript di hain,,,, un main ye 3 skript ip route main blue highlight main show ho rahi hai …….! sir kya ye koi problem hai ……….? plz solve this….;;;;;;;;;;;
add check-gateway=ping comment=”” disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=30 target-scope=10
add check-gateway=ping comment=”” disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.3.1 scope=30 target-scope=10
add check-gateway=ping comment=”” disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.4.1 scope=30 target-scope=10
ALLAH aap ko ja jaza e khair dey………
LikeLike
Comment by waqar hussain — January 5, 2012 @ 4:34 AM
It means either the route is not in use or is inactive. If the LB is working fine, you can ignore it safely.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — January 5, 2012 @ 10:42 AM
Assalam o Alekom
sir LB is work fine but sir……so many problem of “browsing”
how can i solve this problem……….?
JAZAKALLAH……….!
LikeLike
Comment by waqar hussain — January 6, 2012 @ 6:17 AM
Try different classifier.
For example src-address
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — January 6, 2012 @ 10:51 AM
Assalam o Alekom
sorry…….! sir i can’t understand …….what you say…….plz send me script…..thanks
JAZAKALLAH………!
LikeLike
Comment by waqar hussain — January 6, 2012 @ 4:01 PM
Asalaam o Alekom
sir……. we have a 6 dsl line on mikrotik 3.x with pcc LB …..its working on manual user ip/mac bond but sir……….. browsing so lose.
squid proxy server ………solve this problem…? if squid proxy server sove it…..! so how to creat….?
Because i have no experience of squid proxy server, which is the cd,which machine……and how to attached
with mikrotik 3.x with 6 dsl pcc LB Machine.
plz sir …….help me about this problem.
ALLAH aap ko JAZA-E-KHAIR dey.
LikeLike
Comment by waqar hussain — January 9, 2012 @ 3:43 AM
hello sir,
thanks for your guide it was wonderful and concise to what i need concerning the transaprent proxy in mikrotik.
I want your help on the user manager new version. I mean from ver 4 and above, issues about creating new users, limitations and profiles. I need at least a detailed instructions on how to achieve them and how to create some users who will browse based on time band, like a user named=data, who wants to browse from 18:00 till 6:00, and another from 6:00am – 18:00 for one month.
LikeLike
Comment by Dunga — January 11, 2012 @ 5:20 PM
For User Manager Billing system, you can get ideas from following URL
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — January 11, 2012 @ 11:09 PM
a/salam sir many ap say yhe pochna hn k fullspeed ma cache send nai ho rhen hn kya karn???? kya wajha ha???
LikeLike
Comment by waqar — January 15, 2012 @ 8:34 PM
This article explains pretty much clear on howto create rules , make sure you understand the logic before just copy pasting them.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — January 15, 2012 @ 11:23 PM
Assalaam o Alekom
sir………how to edit web proxy error.html file, i found this error
$(if error)
While trying to retrieve the URL $(url):
* $(error)
$(endif)
Your cache administrator is $(admin). $(signature)
i can’t edit this file…..plz help about this problem, can this file create any problem for webproxy?
Thanks!
LikeLike
Comment by M,Salman — January 16, 2012 @ 5:12 AM
Don’t mess with the codes. just change the text only, save it and upload it.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — January 16, 2012 @ 10:48 AM
i want to block a website for a ip …. how i will do that.. please answer it
LikeLike
Comment by Sazal Ahmed — January 16, 2012 @ 11:03 AM
To block any website for a single user , Use the following …
/ip proxy access
add action=deny comment=”Block yahoo for single user” disabled=no dst-host=www.yahoo.com src-address=192.168.2.5
(192.168.2.5 is the user ip)
To block single user and redirect him to your policy page on any loacl web server defining the reason why he is blocked , use the following.
/ip proxy access
add action=deny comment=”Block yahoo for single user” disabled=no dst-host=www.yahoo.com redirect-to=192.168.2.3/policy/deny.htm src-address=192.168.2.5
(192.168.2.3 is the web server ip , & 192.168.2.5 is the user ip)
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — January 16, 2012 @ 11:13 AM
Is it possible to block the website from the entire network in a similar way with redirect to policy page if i use the LAN IP as source address?
LikeLike
Comment by Anas Mohammad — January 19, 2017 @ 7:36 AM
sir ,,,,,,,,,,,,,,,i open it notepad
ERROR: $(status)
ERROR: $(status)
$(if error)
While trying to retrieve the URL $(url):
$(error)
$(endif)
Your cache administrator is $(admin).
$(signature)
do where i change ……….text. Thanks
LikeLike
Comment by M,Salman — January 17, 2012 @ 4:15 AM
Read this
http://wiki.mikrotik.com/wiki/How_to_make_transparent_web_proxy#Customizing_error_pages
It’s well explained in the Wiki.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — January 18, 2012 @ 10:42 AM
Assalaam o Alekom..
sir,,,,,,,,,,,,if i don’t edit this file …..so can it creat any kind of problem in mikrotik?
Thanks….!
LikeLike
Comment by M,Salman — January 19, 2012 @ 4:28 AM
You actually don’t need to edit this file. Leave it as it is and it won’t create any problem.
This file contains codes and error text that displays when proxy cannot find any page or found any error and displays it on user screen.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — January 19, 2012 @ 11:11 AM
is it work in demo ver
LikeLike
Comment by santonu — January 19, 2012 @ 2:04 PM
Yes.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — January 19, 2012 @ 3:21 PM
when i download windows internet explore and Firefox than mikrotik cache file but when i use any download manager than its not working. any solution’s ??
LikeLike
Comment by santonu — January 21, 2012 @ 11:34 AM
No Solution !
Hit the road, I mean search google 🙂
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — January 21, 2012 @ 9:10 PM
cache work only in idm if we use one connection only
LikeLike
Comment by Ayman Zaky — November 16, 2014 @ 1:46 AM
assalam o alaikum,
bhai 3.30 (proxy with hotspot) cache content delete hojate hain, after restart.
any solution.
regards,
@z@m
LikeLike
Comment by muhammad azam — January 29, 2012 @ 8:36 PM
Are you storing cache on DISK ? How you have configured store ?
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — January 29, 2012 @ 9:30 PM
i m using 3.30 and store cache in system HDD 120Gb with 1gb ram.
after restart cache-content deleted..
any solution.
@z@m
LikeLike
Comment by crownwireless — January 31, 2012 @ 1:21 PM
Try removing old webproxy store and create new one
Also Upgrade to new version. This way you will be safe from older versions bugs.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — January 31, 2012 @ 2:40 PM
dapatkah proxy internal mikrotik dioptimalkan untuk cache youtube?…bagaimana caranya
thnk
LikeLike
Comment by akunk — January 29, 2012 @ 9:21 PM
ENGLISH only please.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — January 29, 2012 @ 9:27 PM
Can an internal proxy mikrotik cache optimized for youtube? … how can
LikeLike
Comment by akunk — January 29, 2012 @ 9:22 PM
No.
Mikrotik have very basic level of http proxy, You can’t customize it much.
Add 3rd party proxy server like SQUID to add youtube cache, For example.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — January 29, 2012 @ 9:28 PM
Thanks sir for your reply
how i will binding ip with a mac , that user can not change their ip . usually it can say 1 ip 1 mac .
LikeLike
Comment by sazalach — January 31, 2012 @ 2:05 PM
To bind user id with mac, you can do it in few ways.
#
Now create static entries in DHCP for your working user and allow only specific working ip series in NAT rule.
If user manually changes his ip he will not be able to communicate with teh mikrotik.
#
Or create a rule which drop every request, move it to bottom end, and create rules to allow specific mac n ip and move this rule to top.
There are so many ways you can limit user access ,
However limiting via MAC/IP is not secure, as cloning mac and ip is very easy nowa days.
Its would be better if you use user id base authentication like PPPoE (ipless scenario) which is very effective way to secure the access.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — January 31, 2012 @ 2:39 PM
Thanks sir for your reply
But i only use it in ip system….that user connect by ip …not dhcp way…
in arp i add a ip and his mac …. then i go to interface (that you u show it ) where i set arp=reply-only ..then my user line is down… how i will solve it… please say it
LikeLike
Comment by Sazal Ahmed — February 1, 2012 @ 9:11 AM
Using Mikrotik 3.3 but i am unable to get the stores option in my winbox. I have already attached secondary hardrive. Is there any command to activate stores or second hardisk ?
LikeLike
Comment by Ammar Shareef — February 1, 2012 @ 11:46 PM
thanks
LikeLike
Comment by obaid — February 3, 2012 @ 12:47 PM
kya sir jo downloading ki file jini mb ki hogi kya wo otni hi mb web proxy ki hard drive man saver kara gi kya bir to server ki hard drive jald bhar jaae gi
LikeLike
Comment by sheeraz — February 3, 2012 @ 9:05 PM
That’s the purpose of proxy server, to cache frequently used objects and downloads, to save bandwidth.
Use big hard.drives if you want to get some good cache hit ratio. Or limit the max object size so that it may not cache larger files.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — February 4, 2012 @ 9:28 AM
Asalam o alikum
sir i am doing practical of your ideas an scripts
really your ideas is very much working
but i having 1 problem i am using 3.30 version wit pppoe+squid proxy +cache but some time i face lot of problam of
( gatewy time out ) please sir give me any idea …
LikeLike
Comment by yaseen ansari — February 5, 2012 @ 4:31 PM
Gateway timeout is your local connectivity issue.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — February 5, 2012 @ 9:11 PM
Asalam o alikum
sir
have any idea of youtube video caching in mikrotik .
LikeLike
Comment by yaseen ansari — February 5, 2012 @ 4:33 PM
Mikrotik don’t support youtube caching.
use squid for this purpose. search this blog and you will find some articles regarding youtube caching.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — February 5, 2012 @ 9:10 PM
salaam sir
main ne mikrotik pcc loadbalasing ki hai aap ki web site main web brwoseing to sahi hai but jab dhcp clint par webproxy chalata hoo chalti nahi hai dhcp par webroxy nahi chal rahi is ki kia wajha hai
LikeLike
Comment by mani — February 5, 2012 @ 4:34 PM
Asalam o alikum
sir
sir i want to use version 4.17 but it is costly
have you any idea of craking of 4.17 version and what is it possible ?
LikeLike
Comment by yaseen ansari — February 5, 2012 @ 4:43 PM
Sorry Bro, No support For Cracking 🙂
You can get L4 License or L5 which is very cheap , i guess 100 and 150 $ only.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — February 5, 2012 @ 9:04 PM
thanks 4 reply sir
thanks a lot
kindly tell me sir
if i purchase l4 license so can i install the 1 or more systems.
LikeLike
Comment by yaseen ansari — February 6, 2012 @ 12:18 PM
The license level binds with HDD , So once the license is installed on your system, you cant use this license somewhere else,
However you can move this hdd to new system and mikrotik will start working, but you cant use license in more hten one pc.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — February 7, 2012 @ 9:30 AM
Asalam o alikum
Syed Jahanzaib bhai
i am facing 1 more prob i am doing practicle you artical no 3 forgot password recovery of 86 version pc
i have a 1 prob how can i copy user.dat file in usb please give me any example
which command i use ?
LikeLike
Comment by yaseen ansari — February 6, 2012 @ 2:34 PM
kya sir mikrotik cache youtube pa bhi kam kara ga or youtube ki file pir buffring nahi kara gi
LikeLike
Comment by sheeraz — February 6, 2012 @ 9:10 PM
cache sa pir buffring nahi hogi youtube video man
LikeLike
Comment by sheeraz — February 6, 2012 @ 9:12 PM
Any video which gets in cache, will not be buffered again.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — February 7, 2012 @ 9:25 AM
sir youtube mikrotik sport kase kara ga wo to sirf downloading sahi kar raha ha or youtube man kam nahi karrha ha kya is ka lya koae setting ha ya alage pc man setting karni para gi kya
LikeLike
Comment by sheeraz — February 7, 2012 @ 12:53 PM
Asalam o alikum
i am facing 1 more prob i am doing practicle your artical no 3 forgot password recovery of 86 version pc
i have a 1 prob how can i copy user.dat file in usb please give me any example
which command i can use ?
LikeLike
Comment by m yaseen ansari — February 7, 2012 @ 6:08 PM
cache ki ye settings karne k baad user site pe b proxy dene parte hay . i just want k kisi ko proxy na dene pare . aur automatic cache mein save hota rahe. even mene nat rule b add kiya hay for transparent proxy but. no access to users untill they manually give proxy address and port number.
LikeLike
Comment by waqar munawar — February 17, 2012 @ 6:55 PM
There must be some configuration mistake in your NAT rule, otherwise it can redirect all users http request to ocal web proxy.
Post your rules.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — February 18, 2012 @ 1:02 PM
Jahanzaib Bhaiee
Please tell the Method of nth Load balancing for 3 wan.
Thanks in Advance. You are a great man nad have a great knowledge.
LikeLike
Comment by Usman — February 18, 2012 @ 9:17 PM
nth is a way too old metod for load balancing. Mikrotik introduced mroe reliable method called PCC . Use it and you will have many options to choose from for nice load balancing.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — February 19, 2012 @ 7:38 PM
sir when i applying load balancing the cache is blocked . nat rule is not working then untill i give manually proxy ip and port number on user side. when i disable load balancing or disable per connection classifier command the transparent proxy working well as usual. no need to give ip on user side for proxy and port number . how would i resolve this issue.
LikeLike
Comment by waqar malik — February 19, 2012 @ 4:00 PM
hello sir would you like to help me, if the web proxy active, i can’t browsing and appear error gateway timeout, how to solve it?
LikeLike
Comment by bonek bonek persebaya — February 24, 2012 @ 8:18 AM
Asalam O Alikum Jahanzaib bhai.. how r ya… gr8 work mate…:)
Sir i setup all this webproxy setting and its working but the problem is as you have showed in cache contents,there are .exe files as well, in my web-proxy , the server is only making cache for .jpg , .png files..
is there any settings for defining it what to cache and what not ??
Jazaak`Allah for your Assistance..
Gr8 work!!
LikeLike
Comment by Zee — March 7, 2012 @ 12:59 PM
As I mentioned in the article that mikroitk web proxy is a very basic cache server, it doesn’t have much to configure. Any caceable content gets cached by default. You can’t exclude or include any thing.
It depends on the max object size.
inspect your web proxy config.
Also some times, downloads via Download Manager doesn’t goes in cache, Make sure the content your are downloading is cacheable and its downloading via browser. (For test purposE)
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — March 7, 2012 @ 2:26 PM
Thank you so much for your response… i`m going to try it now without download manager and will let you know the results Insha`Allah!!
one more thing Jahanzaib bhai, yesterday when i did all the proxy setup, it worked simply fine.. i checked cached contents and status… cache system was running and working. but after power failure when the mik start again, everything was the same but internet is been down on the network.. i checked everything but hopeless.. until when i shut down the proxy n rebooted Mik, what possibly could b the issue,,??
Jazaak`Allah for your Help and Assistance..!!
LikeLike
Comment by Zee — March 8, 2012 @ 12:21 PM
and ya i read that its very basic cache server, but switching to squid is very hard as i know nothing about it and have a completely different system to mess with 😦
LikeLike
Comment by Zee — March 8, 2012 @ 12:24 PM
Aslam o alikum
Great work bro a work of apreciation…….keep it up…..
i need your suggestion about squid proxy server…..
which machine would be good indeed for me..
hosting a small WLAN netowrk about 50 users only.
i have 5 connections of ADSL 4mb PCC load balanced and working perfect with hotspot auttentication.
only problem is prot 80 is very bzy…..
browsing is slow where as download is preety good.
can i configure 1 or 2 of 5 connections only for browsing purpose except these 2 other 3 connections can be utilized as a downloading connections.
your help is precious and i hope i have made my point crystal clear.
thanks regards
billy
Allah hafiz
LikeLike
Comment by Billy — March 7, 2012 @ 11:54 PM
any P4 with 1 – 2 GB RAM / 80 GB HDD or 160 GB HDD
would be enough for you.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — March 8, 2012 @ 2:39 PM
can i configure 1 or 2 of 5 connections only for browsing purpose except these 2 . other 3 connections can be utilized as a downloading connections.
?
Thanks.
LikeLike
Comment by billy — March 9, 2012 @ 6:21 AM
Sallam
Sir
First of all Thank you so much for all these artiles they are really really helpful
i configure my RouterOs through ur blogs (dual Wan Configuration) but i have some problems in
it regarding cache (web Proxy cache) when i paste or add following command
/ip firewall nat add action=redirect chain=dstnat disabled=no dst-port=80
protocol=tcp to-ports=8080
after that No Browsing 😀 Plz help me Thanx
Regards
Muhammd Ahtesham
LikeLike
Comment by Muhammad Ahtesham — March 16, 2012 @ 7:54 PM
Are you able to do browsing with manual proxy setting pointing to Mikoritk ? Is Your proxy working fine ?
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — March 17, 2012 @ 10:24 PM
Salam. bhai agar ham queue use na krain to hotspot pay b yay scene ho skta hai k user ko cachable content without any limit k milay ???? aur agar yes to kesay ?????
LikeLike
Comment by SHAFQAT FARHAN — March 28, 2012 @ 12:33 PM
Please re.phrase your question.
If you are not using any queue for any bandwidth restriction, then any type of content will deliver at full speed, its pre understood thing.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — March 29, 2012 @ 7:22 PM
leken bandwidth restriction to hotspot pay b ho jjati hai
LikeLike
Comment by Shafqat Farhan — April 5, 2012 @ 11:38 AM
Salam bhai agar queue na laga ho. hotspot use ho raha ho to os pay ham kesay setting krain gay k user ko cached content without any limit milay ????
LikeLike
Comment by SHAFQAT FARHAN — March 28, 2012 @ 1:11 PM
sorry mjhe smajhnay main thori mistake ho gaei thi. now i have understood and applied all the configuration successfully. Jahanzaib bhai ap mjhe just yay confirm kr dain, k yay caching video caching k elawa sab kuch cach kray ga . i mean all type of files. like .exe, .mp3 etc etc. and web pages ???
LikeLike
Comment by Shafqat Farhan — April 5, 2012 @ 12:56 PM
Not every content on the web page / internet is cacheable.
Mikrotik can CACHE what it can. Usual contents like gif jpg mp3 exe can be cached ,
Dynamic contents are not cacheable by default.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — April 5, 2012 @ 1:12 PM
sir kia local computer ki hard disk use ki ja sakti hai caching k lia Mikrotik RB750GL mey proxy server se ???? Thanks
LikeLike
Comment by Ehtisham Ul Haq — April 12, 2012 @ 10:37 AM
No.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — April 13, 2012 @ 9:23 AM
thanks bhai
LikeLike
Comment by Ehtisham Ul Haq — April 13, 2012 @ 12:38 PM
Dear Sir
can you give me or send link of mikrotik 4.17 or 5.14 routeros crack or keygen
i required loadbalancing version kindly advise
Ehtisham Ul Haq
LikeLike
Comment by Ehtisham Ul Haq — April 16, 2012 @ 3:16 PM
No support for cracked versions. I recommend you to buy L4 , its cheap in price and high in performance / features.
Or you can also try ver 3.30 which allows PCC
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — April 17, 2012 @ 8:50 AM
Hi, first of all thank you
1. I noticed that cached contents will NOT be downloaded with full LAN speed if you tried IDM (Internet Download Manager). is there any way to make cache contents load with full lan speed using IDM?
2. My hotspot is very complicated (many javascripts and css, in addition to flash contents and my media streaming using jw player). the hotspot works fine when there is no rx/tx limit (full lan speed), but when the user profile is 256k it loads very very slow. Is there any way to make hotspot and its contents loads with full lan speed without changing user profile (after logging in using 256k profile)? I mean such a way like caching hotspot and loading it without limits even if the user profile is 256k or another way doesn’t matter.
LikeLike
Comment by faridfox — May 14, 2012 @ 2:10 PM
pak syed,
sorry if i put wrong on this thread.
i need your advise about connection SQUID server on network due to additional RB750 device.
Please see this attached.
LikeLike
Comment by Ma'el — May 15, 2012 @ 7:53 AM
The preferred method is to put Squid behind mikrotik DMZ. then use mark and route method to route users port 80 request to squid. This way you will get users original ip logged in squid, also it will prevent double NATTING.
Look at following.
https://aacable.wordpress.com/2011/07/21/mikrotik-howto-redirect-http-traffic-to-squid-with-original-source-client-ip/
https://aacable.wordpress.com/2011/12/30/howto-add-squid-proxy-server-with-mikrotik-short-reference-guide/
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — May 15, 2012 @ 10:16 AM
Pak Syed,
There is a question about the attached scenario. Should i pull direct cable connection from modem to Squid Server?
It means #2 NIC installed on it? what is an address?
Please information…:)
LikeLike
Comment by Ma'el — May 16, 2012 @ 7:33 AM
Regarding the PIC you referred, Squid is directly connected with the Modem or you can setup switch between Modem and Squid/Mikrotik WAN for connectivity. In this example, my modem had 4 ports available thats why i put squid and mikrotik wan directly in the modem, but if your modem have only 1 lan port, then add switch.
Squid WAN ip can be any series of same subnet of modem. for example in this pic, the squid wan ip should be 192.168.1.x
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — May 16, 2012 @ 8:47 AM
thank you pak syed. i’m copy what you mean…
LikeLike
Comment by Ma'el — May 16, 2012 @ 9:01 AM
Pak Syed,
I’ve been following the step as describe on your blog link
i’ve a question
let see the picture below
ping test
from client computer to Mikrotik eth1 – ok
from client computer to Mikrotik eth2 – ok
from client computer to mikrotik eth3 – ok
from client computer to Modem 192.168.1.1 – ok
from client computer to eth1-WAN Squid’s Server – ok
from client computer to eth2-LAN Squid’s Server – fail….???
Is it the right rules? or any suggestion? or i put something wrong in mikrotik configuration?
please advise
LikeLike
Comment by Ma'el — June 1, 2012 @ 7:11 PM
On your squid, add a route for your client subnet, and gteway should be Mikrotik squid interface.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — June 4, 2012 @ 10:01 AM
thank you pak syed,
I’m agree with your suggestion “prevent double NAT-ing”
It’s something that should not occur 🙂
let me learn your both of referal link. any question which may raise, i will post on this page.
LikeLike
Comment by Ma'el — May 16, 2012 @ 1:13 AM
Salam again Syed…..
Thanks for your great articles, I’ve been learning so much from you
Sir after I activated the transparent proxy, blocking mac address rule is failed, users that i blocked their mac address can browse the internet.
Please help, because i need transparent proxy to make the clients obey it’s rule on the other hand i need some clients not to access internet by blocking their mac address.
I’ve tried to separate accessing rule by NAT which ips can and can not access the internet, but it’s also failed after transparent proxy work.
I got naughty client who used external proxy IP, i have blocked the IP proxy but i know it’s only temporary solution coz he will find another proxy number, so i use transparent proxy to manage his access.
Help me please : how to make transparent proxy works together with blocking mac address.
LikeLike
Comment by xekender — May 17, 2012 @ 5:55 PM
Reblogged this on SHERY's BLOG ON COMPUTER NETWORKING/I.T TIPS.
LikeLike
Comment by Shery — May 19, 2012 @ 5:46 PM
salam Syed bahi……mein ne adult contact block kiye hoye hen pr wo proxy site k zariye open ho jate hen….plz proxy script wali site ko block karne ka tarika bi baten…..
LikeLike
Comment by adnan — May 23, 2012 @ 4:24 PM
Manually block all anonymous proxy. You can get there list from googling. There are various.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — May 25, 2012 @ 8:52 AM
A.salam
ye app nai aik ip ko block krnay ka tareeqa bataya hai.
agr mai mai aik say zada ip k k contents block kesay karo.
For Eg
mujhay 10.10.0.10 ,10.10.0.25, 10.10.0.28…etc k content block krnay hai .exe .iso .mp3 please guide me
thnx
LikeLike
Comment by Saud nabi khan — June 15, 2012 @ 9:31 PM
sir,
im having 100 users having 20 simultaneous users at a time.
i planned to use dmasoft radius server,
i want know is the squid server is really neccessary for this amount of users.
is it possible to use Routerboard with micro sd cards, is it is enough. instead of using x86 servers.
because in getting power problems regulary, it is difficult to maintain to pc in my office .
if the router boards is ok, prefer me a best model no.
LikeLike
Comment by tamilmaran — June 20, 2012 @ 9:48 AM
Mikrotik RB is fine for 100 users, You don’t need proxy server for 20-30 active users session. You can use SD Card in RB and use Mikrotik’s webproxy , it will be fine for small number of users,.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — June 20, 2012 @ 10:10 AM
sir,
i plan to use RB 450g for radius,
but, i dont how forward the client who are all registered on my 433ah connected with sector.
when i placed the 450 g in server room connected the switch along with ap(433ah with r52 hn)..
help me to configure..
LikeLike
Comment by tamilmaran — June 20, 2012 @ 2:47 PM
How 433ah is configured ?
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — June 21, 2012 @ 10:53 AM
AssalamuAlaikum,
Sir I am using mikrotik as pppoe server. after activating webproxy, if clients configure their browsers and enters proxy server’s address and 8080 port, will they be able to use internet without connecting through dial-up.
LikeLike
Comment by Shakeel Ahmad — June 22, 2012 @ 7:18 PM
Hello,
I have configured my RB450G with 4WAN Load Balancer+PPPoE server from your script and it’s working very nice but now i tried to create a webproxy in Mikrotik. I have a 2GB Sdcard inside and in system stores i created webproxy1 to store the data in sd card.
In firewall NAT i create the destination from the port 80 to port 8080. After this i enable the webproxy but it’s not working anyway.
Maybe is a conflict here with the load balance configuration?
Thanks a lot.
LikeLike
Comment by maxnetisp — June 22, 2012 @ 8:19 PM
Assallam o Alaikom.
Dear sir Jahanzaib,
I am using ROS v5.14 on a x86 PC and i have configured Userman for users authentication, i have problem with user time limitation i want some of users could login from 8:00 AM up to 5:00 PM (this Office package) and some of users could login from 5:00 PM up to 8:00 AM (Guest package) and for 1 month.
i have 1 more problem that when a user bandwidth is limited etc: 256kbps download and 128 upload when that user want to browse some sites or want to play video on that time when we ping the ip of Mikrotik server and it’s delay time will increase up to 3000ms at the same time your internet speed will be sooooo slow and it takes too much time to get login in Mikrotik server because of slow speed.
I don’t know what is the problem, dear sir if you could help please help me.
Thanks in Advance.
Mohammad Ikram
LikeLike
Comment by Mohammad Ikram Rajabi — July 1, 2012 @ 2:24 PM
I worked on UM long time ago becuase of its instability and lake of features customization , so now I don’t have exact idea if UM supports timely login, I read some where that time schedule is possible now. Using this you can restrict users regarding time.
Even if TIME option is not supported in UM, you can achieve your task by create schedule to disable enable specific filter rule to block/unblock specific users (who are in specified pool.
when you create queue for any user, icmp packets are also capped by the queue. You can overcome this problem by creating separate queue for icmp e.g:
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — July 1, 2012 @ 5:29 PM
Dear sir,
I have configured the web cache of mikrotik ROS v5.14 from your artical and i have putted separate hard drive everything is working fine ex: i open the yahoo it will cache it again when i open it will open from web cache everything works fine on that day, when i check it tomorrow it will open from the internet first than hole day it will works fine, the problem is everyday i should reopen the sites from internet first than it will open from web cache.
sir please help me in this i will be really helpful from you.
LikeLike
Comment by Mohammad Ikram — July 2, 2012 @ 12:10 PM
Check Refresh Pattern. Try increasing it.
Also Dynamic content or content that changes every day like newspaper have expiry limit , so after specific time, they automatically expires and new contents download from the internet. Its common. You can forcefully change the behavior by using refresh pattern.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — July 3, 2012 @ 9:18 AM
Assalam o Alaikum,
Dear sir,
I search a lot about this refresh pattern and dynamic content for changing and also i didn’t find it in the server, if you don’t mind please tell me the steps how can i change the refresh pattern and dynamic content.
Please sir help me.
LikeLike
Comment by Mohammad Ikram — July 3, 2012 @ 12:43 PM
Dear sir,
i am using Mikrotik Server version 5.14 + userman and I want to record bandwidth usage graphs of users individually that every month i have to give them monthly graph, how can i fix this problem to have user base graph.
Please sir help..
LikeLike
Comment by Mohammad Ikram — July 4, 2012 @ 3:31 PM
Dear sir,
I am living in Afghanistan, i tried so many searches to find the NTP Servers of Afghanistan and i couldn’t, would please tell me that how can i find it Or you have NTP servers of my area , Primary NTP and Secondary NT.
Thanks in Advanced.
LikeLike
Comment by Mohammad Ikram — July 4, 2012 @ 4:01 PM
if packet hit it will delivery with full lan speed, but if the packet not hit yet how to quee it on network ( i mean not limit per client but per network so that the real b/w will be shared in the same rate of all user)
Thanks
Andre
LikeLike
Comment by andre — July 31, 2012 @ 8:47 AM
Dear Sir, this is a great site. u have helped me to understand things more. keep up sir.
LikeLike
Comment by emmy smith — August 5, 2012 @ 11:03 PM
dear sir, i need yr help. pls how can i deploy time alert, or time left for hotspot mikrotik users. when they login in the login page of mikrotik.. thank you sir
LikeLike
Comment by emmy smith — August 5, 2012 @ 11:37 PM
Following links will help you>
http://forum.mikrotik.com/viewtopic.php?f=10&t=35705
http://forum.mikrotik.com/viewtopic.php?f=2&t=35798
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — August 6, 2012 @ 9:27 AM
thank u sir, i will visit the site today. i will give u feed u back.
LikeLike
Comment by emmy smith — August 10, 2012 @ 7:38 PM
thanks for your great guide. I have followed your guide to setup transparent proxy. However, I have a problem with hotspots users. Before hotspot users are allowed access, the login page will open some external images. I have added these sites to wall-garden and it work. However, since hotspot also redirects port 80 to 64873, I am unable to proxy hotspot users BEFORE login. Anyway I can do this?
LikeLike
Comment by abubin — August 27, 2012 @ 1:42 PM
I am unable to understand the question correctly.
You want to say that on login page, you have some images on your Login page that are hosted on internet? and you want to show them to your page even for non-authenticated users?
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — August 28, 2012 @ 8:45 AM
I have a customers on pppoe is that possible to use web-proxy for them? And I have a problem with this configuration when customer is conected I can see adresses in connection tab but cache tab is empty. Why?
LikeLike
Comment by rapper3d — August 31, 2012 @ 1:10 AM
Hi, first of all thank you
1. I noticed that cached contents will NOT be downloaded with full LAN speed if you tried IDM (Internet Download Manager). is there any way to make cache contents load with full lan speed using IDM?
2. My hotspot is very complicated (many javascripts and css, in addition to flash contents and my media streaming using jw player). the hotspot works fine when there is no rx/tx limit (full lan speed), but when the user profile is 256k it loads very very slow. Is there any way to make hotspot and its contents loads with full lan speed without changing user profile (after logging in using 256k profile)? I mean such a way like caching hotspot and loading it without limits even if the user profile is 256k or another way doesn’t matter.
Now I have version 5.20 on PC and with web proxy (cache) enabled
LikeLike
Comment by faridfox — September 8, 2012 @ 9:04 PM
Assalam o alaikum
Jahanzaib bhai,
Bhai Mein Mikrotik 5.18 Use Kar raha Hoon Aur Meri Setting Ye Hai .
/ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local
add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=WAN1
add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=WAN2
add address=10.113.0.2/24 network=10.113.0.0 broadcast=10.113.0.255 interface=WAN3
add address=10.114.0.2/24 network=10.114.0.0 broadcast=10.114.0.255 interface=WAN4
/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn
add chain=input in-interface=WAN3 action=mark-connection new-connection-mark=WAN3_conn
add chain=input in-interface=WAN4 action=mark-connection new-connection-mark=WAN4_conn
add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2
add chain=output connection-mark=WAN3_conn action=mark-routing new-routing-mark=to_WAN3
add chain=output connection-mark=WAN4_conn action=mark-routing new-routing-mark=to_WAN4
add chain=prerouting dst-address=10.111.0.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=10.112.0.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=10.113.0.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=10.114.0.0/24 action=accept in-interface=Local
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:3/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:3/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:3/2 action=mark-connection new-connection-mark=WAN3_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:3/3 action=mark-connection new-connection-mark=WAN4_conn passthrough=yes
add chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN2
add chain=prerouting connection-mark=WAN3_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN3
add chain=prerouting connection-mark=WAN4_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN4
/ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.112.0.1 routing-mark=to_WAN2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.113.0.1 routing-mark=to_WAN3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.114.0.1 routing-mark=to_WAN4 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.111.0.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.112.0.1 distance=2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.113.0.1 distance=3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.114.0.1 distance=4 check-gateway=ping
/ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade
add chain=srcnat out-interface=WAN3 action=masquerade
add chain=srcnat out-interface=WAN4 action=masquerade.
Jahanzaib Bhai,
Kya Aap Mujhe ( Web Proxy ) Ki Setting Bata Sukte Hain. ? Plz Bhai Help Me
LikeLike
Comment by Mubashir — September 9, 2012 @ 1:26 PM
Aur System Mere Pass Hai .
Xeon 2.8
Ram 1GB
HD 320
LikeLike
Comment by Mubashir — September 9, 2012 @ 1:32 PM
In my opinion, mixing web proxy with pcc will bring many complications to your network and management. So its much easier to setup another box with proxy and route all request to it, it will serve much better and you can do advance tweaks on it too like youtueb / dynamic content caching etc.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — September 9, 2012 @ 9:40 PM
salaam
sir aap mikrotik ki deive ke bare main bhi bata sakte hai in ki deive se kia kia feeda hos skta hai aur wireless ka bhi batya
LikeLike
Comment by mani — September 10, 2012 @ 10:16 PM
ERROR: Gateway Timeout
LikeLike
Comment by majid — September 21, 2012 @ 3:40 PM
ERROR: Gateway Timeout
While trying to retrieve the URL http://www.facebook.com/:
No route to host
Your cache administrator is Webmaster.
Generated Fri, 21 Sep 2012 15:19:27 GMT by 192.168.0.20 (Mikrotik HttpProxy)
LikeLike
Comment by majid — September 21, 2012 @ 3:41 PM
Assalam U Alaikum Bhai!
Main Mikrotik 3.30 Use ker Raha hoon main us main Web proxy bhi use ker raha hoon lekin us ke saath Filter Rules apply nahin ho rahe.
Main ip aur Mac filtering kerna chahta hoon. Jab Webproxy start kerta hoon to filter rules kaam nahin kerte. jab web proxy off kerta hoon toh filter rules kaam kerte hain.
so kindly aap koi hal Bata den. I will be thankful to you.
LikeLike
Comment by Muhammad Furqan — September 22, 2012 @ 2:49 PM
Asalma O Alikum Jahanzaib bhai, how r u??
bro there is a problem yar whenever i use this proxy system, it work for me but the problem is that it starts browsing on my network without authentication.. sabke pass browsing start ho jati hai, m using pppoe server, main isko disbale karta hon aur transparent rule ko b disable karta hon to LAN pe browsing off ho jati hai without pppoe authentication,, wats itz workaround bro, where m going wrong,, i have only pppoe pool in nat ..
plz help and guide as soon as possible. m w8ing for ur respnse jahanzaib bhai,
Jazaak`Allah
LikeLike
Comment by ZJ — September 28, 2012 @ 2:09 AM
the simplest way to secure your web proxy is that the rule that you have created to redirect port 80 traffic to local web proxy, define pppoe pool only in src-address.
this way only pppoe connected users will be redirected/allowed to use web proxy. !
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — September 28, 2012 @ 9:07 AM
Asalma O Alikum Jahanzaib bhai, how r u??
ERROR: Gateway Timeout
While trying to retrieve the URL http://www.facebook.com/:
No route to host
Your cache administrator is Webmaster.
Generated Fri, 21 Sep 2012 15:19:27 GMT by 192.168.0.20 (Mikrotik HttpProxy)
PLZ YE PROBLEM HAL KAR DE JAB KOI SITE OPEN KARTE HY TO YE MSG ATA HY RESET HTML PAGE PAR BI CLIK KIA HY
LikeLike
Comment by majid — October 6, 2012 @ 12:16 PM
Bhai i have also this problem now.
Aap ne kese solve kiya tha is gatway ki problem ko?
Pkz reply??
LikeLike
Comment by ranajustice — July 15, 2014 @ 11:32 PM
Asalamualikum sir je ye main ney Rule Lagaya hai per Cacheing Working he nahi karti hai 😦 Main nay Winrar he Download kiya haia kahi dafa eik he link say per Not Working But Kuch Mb data Store honey lag gaya hai per Is Cacheing ko hit nahi karta 😦 help me pls
/ip firewall mangle
add action=mark-packet chain=output comment=”CACHE HIT/Zaib” disabled=no dscp=4 \
new-packet-mark=cache-hits passthrough=no
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=”Unlimited Speed for CACHE by zaib” packet-mark=cache-hits \
parent=global-out priority=8 queue=default
LikeLike
Comment by Rizwan Ahmed — November 29, 2012 @ 3:52 PM
Are you using any downlaod utility to download the file ?> like IDM ?
If yes, then disable it and test downloading using browser only.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — November 29, 2012 @ 3:55 PM
u mean ye IDM per kaaam nahi karay ga ?
LikeLike
Comment by Rizwan Ahmed — November 29, 2012 @ 6:01 PM
Assalamo’alikum Syeik,
I am from indonesia
Great and best mikrotik tutorial
Could you help me to design script mikrotik OS 5.18 with
Modem –> Mikrotik 5.18 –> LAN (update pacth gameonline)
|
|
Hotspot
1. modem = 192.168.2.1
2. LAN = 192.168.1.1
3. Hotspot = 192.168.3.1
The important think is use internal webproxy for chaching Gameonline.
for example game online likes : crossfire, lostsaga ect
Jazakumullah khoiron katsiiroo…
Wassalam
Misbach
LikeLike
Comment by Muhammad Misbachul Amin — December 9, 2012 @ 2:44 PM
Update diagram :
mikrotik input Modem
mikrotik output : 1. Local Area Network and 2.Hotspot
LikeLike
Comment by Muhammad Misbachul Amin — December 9, 2012 @ 2:46 PM
sir..for second time download it’s ok (can’t use bandwidth) but can’t use chace content browsing and streaming youtube (still use bandwidth for the second time)
please, give me solution this probem.. thanks
LikeLike
Comment by Baserak — January 11, 2013 @ 11:21 AM
Sir two questions:
1- Can we change signature in proxy i.e it shows the user that we are using Mikrotik which I don’t want .
2- Can we make cache for windows update.
Thanks.
Muhammad Fawad
LikeLike
Comment by Muhammad Fawad — January 17, 2013 @ 2:57 AM
Asalamualikum Sir …
I have Three Routers mikrotik :
1. The first one as Loadbalance. Local=10.0.0.1/30
2. after that as WebProxy Cache. Wan=10.0.0.2/30 Local 10.0.1.1/30
3. after that as my local server 750GL containing DHCP, Hostpot, PPPoE Server and static IP for end users. WAN=10.0.1.2/30
how can I do maximum hit for end users from the WebProxy Cache Server(The second Router), what the script should I put on my Local Server(the Third Router 750GL)?
Please …
LikeLike
Comment by esalehnet — January 22, 2013 @ 3:38 PM
Mikrotik web proxy is a basic simple proxy. Its not designed for customization. If you want better cache hit, use SQUID along with mikrotik and redirect all HTTP traffic to squid. SQUID is highly customizable proxy server, you can also do youtube caching on squid. There are lot of options in squid,
Just Explore ! do some testing.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — January 23, 2013 @ 11:07 AM
Thanks, I’ll do some test and let you know if I get something.
LikeLike
Comment by esalehnet — January 26, 2013 @ 4:18 PM
i configured mikrotik with squid at ubutu but some time restarting te systems i facing a problem ” The reuest url could not be retrieved .. unable to determine ip address the dns server refused ” i am using ptcl dsl i am sure u may be resolved my problem …Kaleem
LikeLike
Comment by Syed Muhammad Kaleem — March 1, 2013 @ 11:23 AM
Try to use Google DNS instead like 8.8.8.8
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — March 3, 2013 @ 11:46 PM
Hi
My mikrotik proxy server looks like its not cache files like winamp
Any reason for that?
LikeLike
Comment by Juan Kilian — March 2, 2013 @ 2:56 PM
Mikrotik have a very basic level of proxy package, It cannot cache many contents or any custom. It will cache only things that it can by default. You cant force it much to cache all contents. use Squid to have more customize cache to avail maximum cache hits
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — March 3, 2013 @ 11:45 PM
Sir can i get your tutorial on your blog and translate to our indonesian language to share in my blog?
LikeLike
Comment by c0d393n — March 14, 2013 @ 1:06 AM
Sure Go Ahead !
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — March 18, 2013 @ 9:29 AM
thax a lot sir… u’re tutorial the best! bismillah…
LikeLike
Comment by c0d393n — March 18, 2013 @ 9:52 AM
your tutorial really helpfull sir, i always try your tutorial on mikrotik and i’ts usefull… thaks very much sir…
LikeLike
Comment by c0d393n — March 14, 2013 @ 1:09 AM
I am glad these tutorials helped you 🙂
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — March 18, 2013 @ 9:29 AM
Assalamu’alaikum,
Tutorial anda sangat bermanfaat, terima kasih banyak telah mau berbagi ilmu tentang hal ini.
LikeLike
Comment by Muhammad Awaludin — March 18, 2013 @ 9:15 AM
Assalammualaikum Brother, Is it possible to cache youtube and speedtest content using mikrotik webproxy? Greetings from Indonesia 🙂
LikeLike
Comment by Theodore Alexander — March 20, 2013 @ 7:59 AM
Salam sir main mikrotik 3.30 hotspot server use kar raha hon webproxy b banai v hai is main hi bt sir web browsing phr b bohat slow ho rahi hai facebook yahoomail gmail aisi sub website problam kar rahii hai songs softwear ki saite sahe work kar rahi hai plz sir help mee:(
LikeLike
Comment by sajid — March 31, 2013 @ 5:05 AM
First of all, 3.30 is way too old, and I am quite sure you are using cracked version. Please obtain legitimate software.
Upgrade your mikrotik OS version to latest that is 5.22 or above.
Also avoid using WEBPROXY of hotspot, better to add squid as proxy server in separate box.
Also make sure the quality of your WAN link, slow browsing major causes are slow wan link or over book customers that chocks the link. so keep a balance between both.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — April 1, 2013 @ 9:11 AM
sir facebook kuch zadha hi hang ho rahi hai chalte chalte ruk jati hai 10sec ke liye phr auto chalne lag jati hai baki sub site sahee work kar rahi hai pppoe server pe tu facebook opne hi nai ho rahi hai facebook loding kar ke band ho jati hai.
LikeLike
Comment by sajid — March 31, 2013 @ 5:09 AM
salam jahanzaib bhai kindly help me ! i have configure mikrotic 3.30 as a pppoe with Transparent web proxy every thing is running fine .( Thanks to u ) i want to access my Lan webserver outside the network mikrotik wan ip static . when i access my mikrotik outside the network its access perfactly winbox and web interface both open outside the network . but how can access Lan webserver outside the network may ( webserver Lan ip 10.10.10.5 pppoe assign ip 192.168.1.5 mikrotik Lan ip 10.10.10.1 pppoe pool 192.168.1.1-192.168.1.50 mikrotik wan ip = static in DNS settting i use ISP DNS ) please help me my Lan webserver running on port 81 (10.10.10.5:81 ) i m waiting ur reply .
LikeLike
Comment by khurram — April 3, 2013 @ 8:25 AM
Do you static public on Mikrotik WAN interface? If not then you can configure dymanic dns on your mikrotik, then you can use domain name of any choice (free) and using this name you can access your mikrotik or web server.
If using static public on mikrotik wan then simply create a port forward rule that will forward port 81 request to internal web server. On internal web server, make sure its using mikrotik as its default gateway.
Then from internet you can access it by using http://yourwanip:81 then mikrotik will forward port 81 request to your local web server.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — April 3, 2013 @ 9:14 AM
i have make port forwarding rule in firewall—>Nat but no access . please send me port forwarding rule also define i use Lan ip (10.10.10.5 or pppoe ip 192.168.1.5 ) in port farwording rule ?
LikeLike
Comment by khurram — April 3, 2013 @ 10:25 AM
You can use your LAN ip also.
read following article to get some idea on port forwarding method. 👇
https://aacable.wordpress.com/2012/01/29/mikrotik-port-forwarding-to-local-server-on-lan/
👆
Regards,
SYED JAHANZAIB
Web : https://aacable.wordpress.com
Linkedin: http://pk.linkedin.com/pub/syed-jahanzaib/24/3b/407
یااللہ تیرا شُکر ہے میرے مالک کہ تو نے مجھے وہ نعمتیں عطا فرمائیں کہ جن کا میں مستحق نہ تھا مجھ پر اپنا کرم کر مالک آمین
> Date: Wed, 3 Apr 2013 05:25:35 +0000
> To: aacable@hotmail.com
>
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — April 3, 2013 @ 10:46 AM
Hello Syed, thanks for this great piece of info. i have a small network- at peak with 25 clients and i want to use web proxy but it seems from the tutorial that you were working on a routerOs installed on a PC and not a routerboard.
If that is the case, how do i connect an external PC that will be caching content to a RouterBoard since an RB has small drive space and besides because of constant read/write need of Cache doesn’t make an RB a good candidate. my RB is 951-2n
Please I wouldn’t like to use squid though just the built-in web proxy from mikrotik.
thanks
LikeLike
Comment by max — April 20, 2013 @ 11:12 PM
Hello Sir, can you please help with my earlier enquiry? I have routerboard. how do i connect a PC to the RB so that i can cache on the PC drive instead of directly on the RB..
Please i look forward to hearing from you please.
thanks
LikeLike
Comment by max — May 2, 2013 @ 3:53 AM
You can’t MAP/USE PC HDD in RB. The other alternative is to install any proxy server in the PC, and in Mikrotik web proxy, use that pc as a UPSTREAM proxy for RB Proxy.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — May 2, 2013 @ 12:50 PM
Thank you very much sir. but apart from Squid, is there any proxy server that i can have on windows and consequently use as an UPSTREAM proxy for the RB proxy? can you please point me to any link to relevant articles so i can do so reading there?
thanks again,
max
LikeLike
Comment by Max — May 3, 2013 @ 9:58 PM
MAX: You can use Microsoft ISA Server 2004/2006 , which is also very good in caching. Its cache HIT ratio is comparatively good with balanced approach (in terms of content freshness). With some fine tunning you can achieve some good cache hit results even with ISA :), the only side effect is that you can use TOS or ZPH in it, so even the cached content will be restricted by the user package limit. If your users have good package speed, then you will not feel any difference. Give it a try. I am using from more the one DECADE, yes its true, I first started using ISA server in year 2001 at my cable.network , afterward moved to 2004 when I joined an company, then 2006, and now on Forefront TMG 2010 which is the new name for ISA and its 64bit and works very good in terms of stability and options. This is the first product of ISA series that supports DUAL wan load balancing and failover too, infactits fail over works very good. I am using it.
Give it a shot, isa server 204 or preferably 2006 is better if you dont want to go with the SQUID.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — May 3, 2013 @ 11:14 PM
Hi Zaib bhaai i have a problem i am checking my main line it shows 20 Mbps down and 20 Mbps Up but when i am connecting my pc after mikrotik it shows 3 mbps down and 3 mbps up i am using Rb 1200 your kind help will be appreciated.
LikeLike
Comment by Mohammad Nabi — May 8, 2013 @ 8:18 PM
hello Boss, thanks very much for your insight.. I’ve set up the proxy cache as described in your article.
however, what i’ve noticed is that caching only works when am caching in RAM but fails to work when i select the “Cache on disk” option.
What could be my problem? I had to drives both SATA and under System–>Stores –> Disks. they both show as SATA1 and SATA2 with their respective sizes intact yet whether i choose to cache on SATA1 or SATA2, it won’t work unless I deselect Cache on disk then it start s caching on RAM.
help needed here please,
David
LikeLike
Comment by maxcuban — May 13, 2013 @ 11:52 PM
Dear Mr. Syed Jahanzaib
Is there another way to block sites for Single User is the way ( ip proxy access add action=deny comment=”Block yahoo for single user” disabled=no dst-host=www.yahoo.com src-address=192.168.2.5 (192.168.2.5 is the user ip) )
Because I’ve its experience I had working please help me in this topic to my need urgent
LikeLike
Comment by aousmoder — July 28, 2013 @ 12:34 PM
hi,
I tried the above configuration, but its not working for me. Initally i download a 129 MB file and later i tried to download the same file with 512 Kbps id. But i’m not able to download the file at high speeds. Its downloading at normal internet speeds only. Pls help me fixing the issue.
-Pradeep
LikeLike
Comment by pradeepvardhineni@gmail.com — August 6, 2013 @ 3:00 AM
sir kay ya hotsport pa use kar sakta ha
LikeLike
Comment by Zeeshan — August 11, 2013 @ 11:30 AM
Howto Send CACHED Contents to user at Full Speed – is not working with anymore in latest version 6.2 ROS .
In firewall – mangle there is bytes – packet growning , but in queue tree is 0 bytes …
LikeLike
Comment by Damir — September 16, 2013 @ 1:38 PM
I have not check mikrotik web proxy with ROS 6.
Try adding simple QUEUE, and move it on top. see the article example for ZPH and ROS 6
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — September 16, 2013 @ 2:18 PM
bhai mai rb 450-g use kr raha hu 2 wan pcc with hotspot ….mai web proxy ke setting krta hu jesay apnae btye hai….bt kam nei krti…nat mai jo rule lagatay hai wo 0 bytes he rehta hai…mai sirf ip>webproxy>cache content dekhna chahta hu….koi solution hai …kehe mera hotspot tou masla nei kr raha me v6.2 use kr raha hu…
LikeLike
Comment by vikibhai — September 23, 2013 @ 9:01 PM
This web proxy not work properly when I go to blocked site using google.
If i write in address “www.facebook.com” firewall block this site, but when I write in google “www.facebook.com” and click on a link, I can go to Facebook without problems.
LikeLike
Comment by Raptorek — October 17, 2013 @ 12:37 PM
thanks alot !! it worked for me
LikeLike
Comment by netra — October 26, 2013 @ 2:52 PM
[…] https://aacable.wordpress.com/2011/12/29/howto-to-enable-mikrotik-routeros-web-proxy-in-transparent-m… b) http://wiki.mikrotik.com/wiki/Manual:IP/Proxy c) http://wiki.mikrotik.com/wiki/Manual:System/Log […]
LikeLike
Pingback by Transparent Proxy with Cisco, Mikrotik & Linux | IT Knowledge 4 All — December 5, 2013 @ 2:58 PM
Is it possible to add prefix to username at hotspot client login page?
LikeLike
Comment by ipmeel — December 12, 2013 @ 11:29 AM
i try it bt not working with my Mikrotik 5.20…. iam using 3 wan pcc +DHCP with Control Users Via Mac………? in nat rule /ip firewall nat add action=redirect chain=dstnat disabled=no dst-port=80 protocol=tcp to-ports=8080 no bytes upp its stays 0n 0 bytes…Please Sir Help me about This….
LikeLike
Comment by mirnaveed — December 19, 2013 @ 3:46 AM
bhai mere pas mikrotik 5.20 hai or main users mac se control kar raha hun with 3 wan pcc par prob ye hai k mere pas in nat rule /ip firewall nat add action=redirect chain=dstnat disabled=no dst-port=80 protocol=tcp to-ports=8080 no bytes upp its stays 0n 0 bytes hai not working
LikeLike
Comment by mirnaveedmirnaveed — December 19, 2013 @ 3:52 AM
try not merge all services in one single box.
At least separate PCC , it will make your life much easier
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — December 20, 2013 @ 10:56 AM
Hi Dear,
i am having a problem, when i access my ubnt antenna or any other antenna from any client side through pppoe or hotspot it gives the error :
ERROR: Gateway Timeout
While trying to retrieve the URL http://172.16.1.2/:
Connection timed out
please give the solution for this how to access these.
thanks
LikeLike
Comment by Roger — January 6, 2014 @ 11:28 PM
Hi, is there anyway you can only record certain info in the web proxy? For example, I want to record all lines that start with “GET” but I want to discard all of the other records. Can this be done?
LikeLike
Comment by joeburneie — January 14, 2014 @ 4:19 AM
sir i am having a problem with yahoo not working. i try to chang MTU of ptcl but its still on 1492. my network is configured on 1400 MTU.if t chang MTU of rb750 to 1500 or 1492 client seem not connected. can you please help me. hope you understant my problem. Adnan
LikeLike
Comment by adnan — February 17, 2014 @ 11:00 PM
bhai mere pas mikrotik 5.20 hai or main users mac se control kar raha hun with 3 wan pcc par prob ye ha ke kuch website ptcl broadband par block hone ki waja se main web request ko wan 3 par load krwana chahta hun k meri kuch specific website wan 3 se load hon kyun ke wan 3 par koi or service hai jis par website open ho rahe hain jo ptcl k link par open nahi hoti hain.so plz help zaib bhai thnx
LikeLike
Comment by mirnaveed — February 18, 2014 @ 8:00 PM
Hi,
Sir i want to bypass bandwidth queues for some websites.please guide me procedure.
regards
Mir Naveed
LikeLike
Comment by mirnaveed — February 18, 2014 @ 8:25 PM
You can mark packets for those web sites ip addressess (you can also use script to get the names from dns caching and update in a address list) then create a simple queue that will allow unlimited ot mroe bandwidth to these marked packets.
simple 😀
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — February 27, 2014 @ 10:58 AM
hi Mr Syed Jahanzab i usually read your posts are very intresting and valueable for us as im running a small isp setup with 20 users using bullet2hp with rb750gl . internet runs fine during day time but gets slow in afternoon alot of users get on line. is there any stable way to block downloading for certain users or use squid server with rb750gl to make speed super fast.
LikeLike
Comment by Asfandyar khattak — February 23, 2014 @ 9:15 PM
how you can get SUPER FAST speed with SUPER LOW speed 🙂
First you should consider increasing the bandwidth in order to maintain supply and demand.
then you should consider adding PROXY server to the network so that you can save at least some percentage by caching frequently accessed object. then you can implement certain restrictions like Blocking downloads , p2p, lowering the speed for unwanted traffic etc.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — February 27, 2014 @ 10:50 AM
Can some one post the script for version 6.x to have webproxy up and running with unlimited speed of cached content.
LikeLike
Comment by Anand — March 6, 2014 @ 2:44 PM
a,o,a
web cashe main ye check kar sakta hoon ke mere user ne kya kya download kya ha
LikeLike
Comment by asif — March 9, 2014 @ 12:38 AM
Hello,
first of all i would like to thank You for nice tutorial which was for me (as a beginner with RouterOS) very useful.
I would like to ask off topic question if i may:
i have satellite receiver which has web server which is not protected. I can do port forwarding to it, but i dont want to leave access to unauthorised persons
to my satellite.
Is there a way how to protect the internal web server by any password in microtik??
thank You very much
LikeLike
Comment by proforsk — March 10, 2014 @ 4:52 PM
hmmm not possible fro wan. There must be some kind of password protection in the web server.
if it was LAN, then you could add it in DMZ for more secure and protection.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — March 11, 2014 @ 8:31 AM
Thank You very much. I will have to find out how to protect the web server as You said 🙂
thanks a lot
LikeLike
Comment by proforsk — March 11, 2014 @ 5:58 PM
great thanks!
LikeLike
Comment by netra — March 29, 2014 @ 10:08 AM
Hello! I would like you to tell me if I can make this router to have a memory for 6 months with the users dates, the traffic it makes but also other login dates. I am asking you these because in country has been made a law which forces us to do this stuff. For the moment I have ccr 1016 12g..and I want to know if this is ok.
Thank you for your support.
LikeLike
Comment by sseebb — July 16, 2014 @ 3:09 PM
Hello,I would like you to tell me if I can make this router to have a memory for 6 months with the users dates, the traffic it makes but also other login dates. I am asking you these because in.my country has been made a law which forces us to do this stuff. For the moment I haveCCR 1016 12 G…and I want to know if this is ok.
If I have to buy another one, I will buy.
Thank you for your support.
LikeLike
Comment by sseebb — July 16, 2014 @ 3:12 PM
what if i want to use another machine,say x86 with ros installed with rb1100ah…i want to use the x86 as my proxy server because it has 1 terabyte hdd which will be used for caching
LikeLike
Comment by bola ogundiran — July 16, 2014 @ 5:22 PM
try to use SQUID proxy on x86 machine, as its more customizable and works good.
mikrotik web proxy si a very basic level of proxy package.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — July 17, 2014 @ 11:14 AM
Hi,
Iam running x86 ROS v6.20 on IBM x3100 M4.Its working fine but Iam unable to add additional HDD for web caching.if I add HDD the server doesnt boot,if I hotplug it ROS doesnt recognize it.Iam all at sea on how to add additional HDD to my server as there is no knowledge base for this.Any help regarding this will be greatly valued.
Ponnappa.
LikeLike
Comment by Ponnappa M M — October 18, 2014 @ 10:20 AM
Is it virtual environment or you have installed it on physical server? ROS have some compativility issues in detecting new models of hdd. its best compatible with IDE/SATA/SCSI disk but some models are not compatible with it. specially newer one.
One more workaround is to install ESXI on your M4 machine, and install ROS as guest, this way things will be lot easier from management point of view.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — October 18, 2014 @ 11:34 AM
Yes I’ve installed it on the physical server and its SATA.As you said looks like ESXI is the best option.Thanks a lot.
LikeLike
Comment by Ponnappa M M — October 18, 2014 @ 2:21 PM
mikrotik rb 750 me stores me sirf ek hi disk dikhai de rahi he “system” aur wo change nahi ho rahi he
LikeLike
Comment by razzaq — November 8, 2014 @ 11:53 PM
aur mere pas 10 mbps ki lised line he to usme maine pppoe server create kar ke client ko diye he pr koi 2 mbps to koi 4 mbps use karke 10 mbps full kar deta he to rb 750 me koi aisa satting he ki uski latancy up kar de taki maximum user connect ho ske?
LikeLike
Comment by razzaq — November 8, 2014 @ 11:56 PM
Assalamualaikum
I already have a mangle and queue tree rules for bandwidth management in my mikrotik DOM. If I enable this webproxy with transparent mode, should I reconfigure my mangle and queue tree rules to sync with webproxy?
Thank you
LikeLike
Comment by nolbyte — January 23, 2015 @ 3:19 PM
Zaib sahab Asalam o Alikom wa Rahma . thanks alot for sharing knowledge .i got alot of ur posts.
I have succeded to configer MT on MY PC .PCC Web Cahe hotspot are working fine but the only problen is that my PPPOE is not getting data from WAN1. Its getting only from WAN2. I am not using SRC methoed becaz of broken pages . i tried every possible way but invan. kindly help me tosolove the issue.
my export are as under
[admin@MikroTik] > export
# jan/31/2015 11:48:33 by RouterOS 5.20
# software id = W5EY-LHT9
/ip firewall mangle
add action=mark-connection chain=input disabled=no in-interface=WAN1 \
new-connection-mark=WAN1_conn passthrough=yes
add action=mark-connection chain=input disabled=no in-interface=WAN2 \
new-connection-mark=WAN2_conn passthrough=yes
add action=mark-connection chain=output comment=\
“Marking Web Proxy Connection for WAN-1” disabled=no dst-port=80 \
new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=output comment=\
“Marking Web Proxy Connection for WAN-2” disabled=no dst-port=80 \
new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:2/1 protocol=tcp
add action=mark-connection chain=prerouting comment=\
“Excluding Port 80 from PCC – WAN1″ disabled=no dst-address-type=!local \
dst-port=!80 in-interface=LAN new-connection-mark=WAN1_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp \
src-address-list=””
add action=mark-connection chain=prerouting comment=\
“Excluding Port 80 from PCC – WAN2″ disabled=no dst-address-type=!local \
dst-port=!80 in-interface=LAN new-connection-mark=WAN2_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp
add action=mark-routing chain=prerouting connection-mark=WAN1_conn disabled=no \
in-interface=LAN new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_conn disabled=no \
in-interface=LAN new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1_conn disabled=no \
new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_conn disabled=no \
new-routing-mark=to_WAN2 passthrough=yes
add action=accept chain=prerouting disabled=no dst-address=192.168.1.0/24 \
in-interface=LAN
add action=accept chain=prerouting disabled=no dst-address=192.168.2.0/24 \
in-interface=LAN
add action=mark-packet chain=output disabled=no dscp=4 new-packet-mark=\
cache-hits passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment=”Masquerade WAN1 Traffic” disabled=\
no out-interface=WAN1
add action=masquerade chain=srcnat comment=”Masquerade WAN2 Traffic” disabled=\
no out-interface=WAN2
add action=redirect chain=dstnat comment=\
“Redirect port 80 request to Mikrotik Web Proxy” disabled=no dst-port=80 \
protocol=tcp to-ports=8080
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
192.168.1.1 routing-mark=to_WAN1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
192.168.2.1 routing-mark=to_WAN2 scope=30 target-scope=10
LikeLike
Comment by Abdul Jalil — January 31, 2015 @ 11:56 AM
Please how can i configure the router in such a way that it can block certain words like sex,porn and adult site (content filtering? my email is fgpfrank@gmail.com
LikeLike
Comment by Frank — February 15, 2015 @ 11:25 PM
SIr, your tutorials have been a great help to me. is mikrotik webproxy okay for 100 concurrent users?
LikeLike
Comment by Idowu — February 16, 2015 @ 5:52 PM
Mikrotik web proxy is basic proxy package, and works fine for 100 or even more number of users.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — February 17, 2015 @ 9:52 AM
Thank you for your response. I have set it up and it is working fine but sir I increase my RAM on x86 system from 2gb to 4gb by adding 2gb to the second PCI slot I discovered that my system is still seeing only 2GB. Sir, what is the problem? need your help?
LikeLike
Comment by Idowu — February 24, 2015 @ 12:10 PM
Make sure you are using latest version of ROS.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — February 24, 2015 @ 12:13 PM
Thank you sir. I used mikrotik webproxy
LikeLike
Comment by Ogedengbe — March 5, 2015 @ 3:26 PM
I would like to access the Mikrotik Core Router using Internet with security and download files. how to establish connection and download file.
LikeLike
Comment by mukesh — February 28, 2015 @ 5:17 AM
hello,
I have configured web proxy in RB750 , I want to allow only one IP based website and gmail for all LAN users and full Internet access for only One user. Kindly suggest or share script.
LikeLike
Comment by Shri — April 10, 2015 @ 10:34 AM
There is no ready made script for custom requirements, you have to design it. A small tip for you, enable web proxy and redirect users traffic to web proxy, then use ACCESS policies in webproxy to control users access. like this
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — April 14, 2015 @ 12:00 PM
Mikrotik Webproxy doesn’t work with ROS V.6, but good works with ROS V.5, any extra configuration need for ROS V.6
please suggest what can i do for ROS V.6, Thanks a lot.
LikeLike
Comment by sumanctgbd — April 20, 2015 @ 12:55 PM
Mikrotik RouterBoard doesn’t work with Full Cache flow with external USB, is there any other configuration needed??
LikeLike
Comment by 177 — May 2, 2015 @ 7:42 AM
No special config is required. Just mangle and queue that’s it 🙂
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — May 8, 2015 @ 4:43 PM
Dear sir,
After created webproxy my wan and lan interface display different BW.How can i solved it please advise.
BR,
sohag
LikeLike
Comment by sohag — November 4, 2015 @ 10:56 AM
How can i allow unlimited transfer rate to a interface which i use for cloud file server?
LikeLike
Comment by adnanmalikaaa — June 3, 2015 @ 1:52 PM
i have mikrotik router ccr1009-8g-1s-1s+pc. ether2 is internet, ehter3 is LAN and ether3 is WIFI. i want to use proxy to control LAN and WIFI with transparency proxy. how can i do
LikeLike
Comment by ponlork beang — June 12, 2015 @ 11:15 AM
Hi! I am using routeros 5.2 I have a problem regarding opening google.com site. It was working before I have this problem for 2 months now and I tried to solve it but no luck. I can ping google.com from a client pc but cannot open the site.
LikeLike
Comment by Aris — August 1, 2015 @ 2:45 PM
good
LikeLike
Comment by samir adnin — February 20, 2016 @ 9:26 AM
algun script o backup de balanceador, cache y administrador de banda
LikeLike
Comment by victor — March 17, 2016 @ 9:03 AM
Thanks , this post help me a lot!
These days I want to redirect http visit on some website (stackoverflow.com/google etc) to https. It seems using the webproxy is a best way.
But I don’t know how to configurate redirect-to to a “https:{sourceurl}” form. Can the proxy handle this?
Wish your help. Thanks!
LikeLike
Comment by liruikuan — June 23, 2016 @ 6:02 AM
Thanks.
The post help me a lot!
These days I try to redirect http visit on some website (such as stackoverflow.com/google.com etc ) to https, it seems webproxy is a best way.
But I still don’t know how to configurate redirect-to to “https:{sourceurl}” form. Does the webproxy support this? and how to ?
Wish your reply, thanks again!
LikeLike
Comment by liruikuan — June 23, 2016 @ 6:14 AM
Finally I make it done by editing the error.html. Thanks any way.
LikeLike
Comment by liruikuan — June 23, 2016 @ 7:47 PM
[…] Referrence : https://aacable.wordpress.com/ […]
LikeLike
Pingback by How to Mikrotik transparent web proxy | kitmana — June 24, 2016 @ 6:16 AM
How we configure it as we are using mikrotik 1100AHX router for internet access of clients? Please guide me to set cache server for rapid n smooth service provisioning.
Thanks in anticipation
Saqib
LikeLike
Comment by raja saqib — August 1, 2016 @ 12:09 AM
sir,
I would like configure mikrotik itself a proxy for 200 user. my hardware is CCR1009-7G-1C-1S+ . please suggest its practicability, issues and remedies.
thanking you
kishor
LikeLike
Comment by kishor — May 13, 2017 @ 9:39 AM
Thanks , this post help me a lot!
These days I want to redirect http visit on some website (stackoverflow.com/google etc) to https. It seems using the webproxy is a best way.
But I don’t know how to configurate redirect-to to a “https:{sourceurl}” form. Can the proxy handle this?
Wish your help. Thanks!
LikeLike
Comment by Usman — August 10, 2017 @ 2:37 PM
Thanks , this post help me a lot!
These days I want to redirect http visit on some website (stackoverflow.com/google etc) to https. It seems using the webproxy is a best way.
But I don’t know how to configurate redirect-to to a “https:{sourceurl}” form. Can the proxy handle this?
Wish your help. Thanks!…………………
LikeLike
Comment by Usman — August 10, 2017 @ 2:38 PM
A.o.a Load balancing ki hui wan1 or wan2 to open proxy close krne k lye in-interface mein wan 1 ya wan 2 de kese?
LikeLike
Comment by hasnaincablenet — January 23, 2018 @ 6:29 PM
Queue Tree
input does not match any value of parent
LikeLike
Comment by MOHAMED NADHEEM — December 30, 2021 @ 11:43 AM