Thursday, 2 February 2017

Layer 7 Website Blocking Using MikroTik Router

Dear Readers

I am glad to have you updated every month by sharing with you my experiences, challenges and how I go about resolving them.

A week ago, one of our valuable clients (USAID Liberia Strategic Analysis/Social Impact) whom we’re providing internet services as well as IT equipment, complained that they have been going through tough times relating to their internet speed and bandwidth consumption. Every other time we will receive a call or email about this issue. So we first came up with a suggestion that all users be managed on the network by creating a queue and allocating an amount of bandwidth to each user in the router. This method was applied for a while but they changed their mind again saying that they do not want to restrict user’s bandwidth. So, as a tech support and you have to be creative and come up with suggestions that will best suit your client in order to maintain the business relationship.

Since we have provided this solution, they have not called or complained. So I think this was a brilliant idea. They already have an in-house IT officer. We decided to conduct a free training lesson for their IT person on how to use the ‘MIKROTIK’ device which is very easy to configure and is extremely user friendly.

We arranged an appointment to come over and have him trained.

They agreed and the next day I was at their office. I downloaded the latest version on MikroTik software called Winbox that is used to login any MikroTik devices and installed it on his laptop.

We logged into the Core router using this software.

These are the few steps to follow, as listed below.
  1.        Open winbox and login with login name and password
  2.        On the left hand Conner, click ‘’IP’’ and select ‘’Firewall’’
  3.        In firewall, select ‘’Layer 7 protocols’’ and click on the (+) symbol
In the dialog box, fill the name space with the website you wish to block and write this script in the ‘’Regexp: space’’ ^.+(*$ and do this for all websites click on ‘’Apply’’ and ‘’Ok’’.

4.   To make this work on the network, in the same ‘’Firewall" menu, click on: Filter Rules > + > Advanced > Layer 7 protocol to select the website you just added and click OK. In the same menu click “Action’’ and select “drop’’ and “Apply’’.
5.   Reboot the system/router to make changes effective.

Now you are done! Open a web browser test the website you just block.

It should give you an error that saying ‘’ this site cannot be found’’!

The client was well satisfied and happy with the training.

I am not a MikroTik Certified Network Administrator (MTCNA) yet but I can say I am proud of myself and many thanks to NATC, were I started off as an IT Trainee. I am planning to write MTCNA exams soon anyways. Being in the field has brought me close to learning lot of new things every day.

I hope this will guide you through in resolving such problem if you are new to MikroTik systems.

Prepared by:

Daniel W. Collins
Senior IT Technician



  1. very interesting , good job and thanks for sharing such a nice information