Sunday, January 5, 2020

Block HTTPS Sites (Facbook & Youtube) TLS Hosts

1 comments
http://www.itlearnweb.com/2020/01/block-https-sites-facbook-youtube.html
●  Since Most of the Internet now uses HTTPS, it has become much harder to filter specific WWW content. 

● For this reason, RouterOS 6.41 introduces a new firewall option that allows you to block HTTPS websites (TLS traffic). 

● Based on the TLS SNI extension, called “TLSHost”. The new parameter supports GLOB-style patterns.

/ip firewall filter
add chain=forward dst-port=443 protocol=tcp tls-host=*.facebook.com action=reject
add chain=forward dst-port=443 protocol=tcp tls-host=*.youtube.com action=reject