https://wiki.mikrotik.com/index.php?title=How_to_make_transparent_web_proxy&feed=atom&action=historyHow to make transparent web proxy - Revision history2024-03-28T13:03:48ZRevision history for this page on the wikiMediaWiki 1.38.2https://wiki.mikrotik.com/index.php?title=How_to_make_transparent_web_proxy&diff=14880&oldid=prevNormis: Protected "How to make transparent web proxy" ([edit=sysop] (indefinite) [move=sysop] (indefinite))2010-01-05T12:25:08Z<p>Protected "<a href="/wiki/How_to_make_transparent_web_proxy" title="How to make transparent web proxy">How to make transparent web proxy</a>" ([edit=sysop] (indefinite) [move=sysop] (indefinite))</p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<tr class="diff-title" lang="en">
<td colspan="1" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="1" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 12:25, 5 January 2010</td>
</tr><tr><td colspan="2" class="diff-notice" lang="en"><div class="mw-diff-empty">(No difference)</div>
</td></tr></table>Normishttps://wiki.mikrotik.com/index.php?title=How_to_make_transparent_web_proxy&diff=13293&oldid=prevRoute: removed information about 'webbox problem'2009-08-10T08:27:10Z<p>removed information about 'webbox problem'</p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 08:27, 10 August 2009</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l30">Line 30:</td>
<td colspan="2" class="diff-lineno">Line 30:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Pay particular attention to locking down the security of the web-proxy. Read about the /ip proxy access command!</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Pay particular attention to locking down the security of the web-proxy. Read about the /ip proxy access command!</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">==== Webbox problem ====</del></div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>It is also important to consider the size of the cache and all the various other parameters you can change on the web-proxy, however this <ins style="font-weight: bold; text-decoration: none;">is </ins>outside the scope of this article.</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">By default the webbox user interface of the Mikrotik is also on port 80. By transparently redirecting all traffic on port 80 through to the web-proxy service running on port 8080, you will no longer be able to get access to the webbox server running on the router itself. You should either change the port from port 80 to something else, e.g. 8888 or use a firewall rule to NOT redirect the port 80 traffic bound for the router to the web-proxy. There are examples in the ROS manual.</del></div></td><td colspan="2" class="diff-side-added"></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td colspan="2" class="diff-side-added"></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>It is also important to consider the size of the cache and all the various other parameters you can change on the web-proxy, however this outside the scope of this article.</div></td><td colspan="2" class="diff-side-added"></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==== Customizing error pages ====</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==== Customizing error pages ====</div></td></tr>
</table>Routehttps://wiki.mikrotik.com/index.php?title=How_to_make_transparent_web_proxy&diff=13292&oldid=prevRoute at 08:25, 10 August 20092009-08-10T08:25:45Z<p></p>
<p><b>New page</b></p><div>==== Overview ====<br />
Web proxy is a service that is placed between a client and the internet, specifically for HTTP web surfing. It is normal that only HTTP traffic is cached. It is not so easy to cache and provide a web-proxy for HTTPS and FTP. Therefore the following example only shows how easy it is to enable a transparent web-proxy for HTTP traffic. <br />
<br />
There are two main benefits to using a web-proxy.<br />
<br />
* Raising Security for client and network<br />
* Enhanced Performance and possibly lowering costs for client and network<br />
<br />
==== Raising Security ====<br />
Security is raised as the client is not directly connected to the website they are requesting data from. The client makes a connection request to the web-proxy and the web-proxy fetches the data on the client's behalf. Therefore the internet is connected to the web-proxy interface, not directly to the client. Using a web-proxy also allows the possibility of providing other services, such as anti-virus scanning, content filtering and monitoring or reports on the websites being requested.<br />
<br />
==== Enhanced Performance ====<br />
Performance is enhanced as it is very likely that the same identical website is being requested by many clients. If the web page is cached, then the web-proxy can deliver the content of that web page directly from it's own cache, rather than fetching it every single time, again and again, from the internet. This is very important for satellite links or on limited internet connections. If the network connection is metered by the service provider any means of reducing the traffic will bring cost benefits.<br />
<br />
Normally when placing a web-proxy into the network, the client web browsers, such as IE, Firefox, Safari must be manually configured to point the web page requests through the web-proxy. However, it is more convenient to redirect the http web traffic on port 80 through to your web-proxy without needing any manual configuration of the client. This is called 'transparent web proxy'.<br />
<br />
==== Hardware requirements ====<br />
It is important to consider the level of traffic that will be handled by the web-proxy, which on large networks can be very high. Ensure that the hardware chosen is appropriate to the level of traffic you will expect to transport! Caching on medium to large networks will require some serious hardware as any bottleneck in the system will completely negate any speed improvement from using a local cache. Do not use NAND memory for caching. Always use a real hard drive or RAM. NAND will wear out after a finite number of read/write cycles and will also be slow.<br />
<br />
Also ensure that the web-proxy cache is stored on a physically separate drive (store) than the Router OS. Placing the cache on a separate store to the ROS ensures maximum performance and reduces problems if the disk becomes full or fails as the OS will then still be OK!<br />
<br />
==== Howto ====<br />
By default, the web-proxy is listening on port 8080. Therefore we first need to redirect all traffic on port 80 to port 8080 with a DST-NAT firewall rule and ensure that the web-proxy service is enabled and listening to port 8080.<br />
<br />
To enable a transparent web proxy on Mikrotik, perform the following:<br />
<br />
ip firewall nat add in-interface=ether1 dst-port=80 protocol=tcp action=redirect to-ports=8080 chain=dstnat <br />
ip proxy set enabled=yes port=8080<br />
<br />
Pay particular attention to locking down the security of the web-proxy. Read about the /ip proxy access command!<br />
<br />
==== Webbox problem ====<br />
By default the webbox user interface of the Mikrotik is also on port 80. By transparently redirecting all traffic on port 80 through to the web-proxy service running on port 8080, you will no longer be able to get access to the webbox server running on the router itself. You should either change the port from port 80 to something else, e.g. 8888 or use a firewall rule to NOT redirect the port 80 traffic bound for the router to the web-proxy. There are examples in the ROS manual.<br />
<br />
It is also important to consider the size of the cache and all the various other parameters you can change on the web-proxy, however this outside the scope of this article.<br />
<br />
==== Customizing error pages ====<br />
<br />
To customize the page web proxy shows on error:<br />
[admin@MikroTik] > /ip proxy reset-html<br />
Current html pages will be lost! Reset anyway? [y/N]<br />
Answer 'y'. Now HTML files are accessible for editing. (Currently there is only one file: error.html, that contains the error message.)<br />
[admin@MikroTik] > /file print<br />
# NAME TYPE SIZE CREATION-TIME<br />
0 webproxy directory jul/28/2009 12:07:51<br />
1 webproxy/error.html .html file 529 jan/02/1970 00:03:4<br />
[admin@MikroTik] > /file edit webproxy/error.html contents<br />
...<br />
You can also simply replace the file with your own. The syntax used in the file is similar to to that used in hotspot HTML files. Predefined variables (such as <code>$error, $url, $admin</code>), as well as <code>$(if ...)</code> statements can be used.<br />
<br />
==== See also ====<br />
http://www.mikrotik.com/testdocs/ros/3.0/pnp/proxy.php<br />
<br />
http://wirelessconnect.eu/index.php?option=com_content&task=view&id=206&Itemid=454<br />
<br />
[[Category:Proxy]]</div>Route