How do I Block and Unblock Website on Mikrotik?

Sometimes, a Mikrotik administrator must block social media websites like Facebook, YouTube, Twitter, Telegram, Netflix, etc. Also, it is sometimes required to block all websites except one. This article covers three different methods to Block Website on Mikrotik. In contrast to other firewall devices, MikroTik Firewall automatically permits all websites. Therefore, you must construct a firewall rule that would block the particular website if you need to prohibit any websites. So, as you guessed, to block every website while allowing a select few, you must perform reverse work. This entails creating a firewall rule that blocks every website and another firewall rule that uses MikroTik Firewall to enable a specific set of websites.

If you want to buy Mikrotik VPS to turn it into a dedicated router, have a private VPN server, or use other features of it, you need to know how to block Internet access on it. Mikrotik block access from outside enables you to achieve this purpose. Join us with this guide to get skills in blocking/unblocking all websites on Mikrotik and block all websites except a few ones.

Mikrotik Firewall Solution to Block Websites

Websites are blocked by MikroTik Firewall using Filter Rules. There are two pieces to a MikroTik filter rule.

• Conditional part: This section matches conditions using a variety of conditional attributes, including Layer 7 Protocol, Source Port, Destination Port, Protocol, Chain, and so on.
• Action part: This portion blocks any website with a single drop action.

Note: A connection will be dropped by the MikroTik Firewall if the conditional component of the Filter Rule matches. Therefore, any user cannot use the MikroTik Router to access that website.

Layer 7 Protocol Role

Any website that uses Layer 7 Protocol in addition to its source or destination addresses might be blocked by the MikroTik Firewall. Perl Regex (Regular Expression) is used by Layer7 Protocol to match any keyword in a URL. When a match occurs, the Filter Rule that makes use of this Layer 7 Protocol takes appropriate action. To prevent access to any website that contains a keyword, like Facebook, YouTube, and so on, we will use Regex to establish a Layer 7 Protocol, which we will then utilize in our Filter Rule.

There are two steps in the whole process of creating a filter rule; Step 1 involves developing a layer-7 protocol to choose the desired website, and Step 2 involves developing a firewall rule to block the website of choice.

Best Solutions to Block Website on Mikrotik in 2024

Blocking websites is a necessary task for a network administrator because it can optimize work hours and ensure that resources such as the internet are used for business purposes only that is, not for leisure activities like social media, streaming videos, news websites, or even online stores.

Let’s go through this guide to review three different methods to block website on Mikrotik. In the end, you will know how to block Facebook, YouTube, etc. on Mikrotik.

Solution 1. Using Web Proxies to Block Website

To use this solution to block website on Mikrotik, the web proxy must be activated and set on your proxy. If you are not sure that your system meets this requirement, you can freshen your memory with our related article about the Setup Proxy Server in Windows & macOS.

• To view Web Proxy Access Settings, follow the below path:

• Click the IP menu > Web Proxy (Bottommost) to view the settings.
• Look for the navigation on the right side of the page under the General web proxy option, then select Access.

• Click the Blue + sign in the upper right corner of the menu bar to add a blocked website, then fill in.

• The above-highlighted options work as:

• Dst Port: is filled with the port used by users to explore websites.
• Dst Host: is filled by the address of the website you prefer to block.
• Actions: Block the address of the website you wrote on the Dst Host.
• Redirect to: Redirect/redirect the blocked site to another.

• When you are finished, clock on the OK button.

In this way, after browsing for the address you put in the Dst Host field, you will view ”Access Denied”.

When to Use Web Proxies to Block Website in Mikrotik

The drawback of using a web proxy to block websites is that HTTPS websites, such as Facebook and YouTube, cannot be blocked. Therefore, to block HTTPS sites, utilize layer 7 protocol features and mangle that are explained in the next sections. So, stay with us to review other methods to block website on Mikrotik.

Solution 2. Using Layer 7 Protocols (L7P) to Block Website

With the explanation of the second method to block website on Mikrotik, we go to the way you can use Layer Protocol to do this. As an example, this part teaches you How to Block Facebook on Mikrotik using Layer 7 Protocols.

• To open the layer 7 protocols, follow the path below:

• Click the IP>Firewall menu.
• Select the Layer 7 Protocols tab.

• Next, it is required to create and configure the L7P script. To do this:

• Click the + blue sign to open the new Firewall L7 Protocol window.
• In the name column, put the name of the script and Regexp. For example, to block Facebook, put ^.+(Facebook.com).*$ Regex in Regexp textarea input field.
• Click Apply and OK buTo
• der to block the websites you want to, you must use your own Layer 7 Protocols in Filter Rules, which you have established. So, the next action is to make our firewall filter rule.

• At this point, that you have created the L7P script, you are ready to create filter rules to run the L7P script. So, follow the below steps:

• Click the IP > Firewall menu on the Filter Rules tab.
• To create a new configuration, click the + sign.
• Fill in the chain forward column on the General tab.

• Now, on the advanced tab, enter the name of the previously produced L7P script in the Layer 7 Protocols field.

As you see in the below shot, select drop and click on OK on the action tab.

In this way, Facebook will no longer be accessible on your PC.

Note: All users that visit the L7P-written website (Advanced Tab) will be forwarded (Chain: Forward) and have their actions banned (Action: Drop).

It was the second method to Block Website in Mikrotik. There is one more!

Solution 3. Using Mangle to Block HTTPS

If you do not prefer to use the two above solutions, or they do not work on your system, you can use this method and use Mangle to Filter Rules and block website on Mikrotik.

• First, you must create the Mangle Settings. Follow the below steps:

• Click the IP > Firewall menu.
• Select the Mangle tab.
• Click the + sign to create the setting.

• Then, in the General tab:

• Fill the Chian with Forward.
• The SRC. Address List must be filled with the IP network that you consider blocking.

Note: If you use more than one network, fill in 0.0.0.0/0 (applies to all networks.)

• In the Advanced tab:

• Put the name of the target website you need to block in the Content field.

• On the Action tab in Mangle:

• Fill in the action column with add to address list.
• Put in the Address list the name of the IP list for blocked sites.

• Now, it is time to Check Address List.

• Access the blocked site and complete the loading process.
• Check in the proxy on the IP > Firewall menu > the Address List Tab.

Note: The mangle configuration is successful if there is content in the form of an IP address on the address List tab. So, you can create a new filter rule.

• To create a New Filter Rule:

• Fill the Chain with Forwards.

• On the Advanced tab:

• Put the name of the list that you just created in the Dst. Address List.

• Finally, on the Action tab:

• Put the icmp network unreachable in the Reject With field.
• Click OK.

Note: Each user that visits a website that is listed in the Address List (Dst. Address) will receive a Reject response (Action) and see a network unreachable notice in their web browser (Reject With).

Allow a Certain User to Visit a Blocked Website [Unblock Website]

So far, you learned How to Block Website on Mikrotik through 3 different methods. In this way, you have designed a Filter Rule that will prohibit all users on your local area network (LAN). However, occasionally, certain persons could require access to your restricted website, like Facebook, YouTube, etc.

• In this part, you will learn How to allow a specific user to visit your restricted websites. Follow the below instructions to whitelist your preferred users to access blocked websites on Mikrotik:

• To add a new Filter Rule, select the Filter Rules tab and click the PLUS SIGN (+). A new window for firewall rules will now open.
• Select “forward” from the Chain dropdown menu in the General tab.
• In the Address input box, enter your user’s IP address, which will be permitted to visit websites that are prohibited.
• Select tcp from the Protocol dropdown menu by clicking on it.
• Put port 80,443 in Dst. Port input box.
• On the Advanced tab, Select the Layer7 Protocol dropdown menu to select the Layer7 Protocol that the user will be permitted to use.
• On the Action tab, choose accept from the Action dropdown menu.
• Click Apply and OK button.

Note: The allowed rule must come before the dropped rule. If not, the permitted user will be subject to the dropped rule. Thus, they are unable to visit the requested website.

Conclusion

In this article, you learned How to Block Website on Mikrotik. For the reasonable purposes of increasing work time, security, and managing the network, this action can be helpful. Block sites with Web Proxies, Block Sites with Layer 7 Protocols, and Block HTTPS Sites with Mangle are the three solutions you can try to block and unblock website on Mikrotik.

If you follow the instructions of any explained solutions, you will be able to block any unwanted website and get rid of viruses that can damage your PC, but please do not hesitate to contact us if you encounter any difficulties. Our technical support team will try their best to solve your problems.