Proxy Server is an alternative to VPN that breaks blocking firewall of a network. If any user uses free web proxy server with web browser, the web request is processed by the proxy server. So, blocking firewall rule is not applied on the proxy enabled PC. For this, system administrators should be careful enough to block free proxy servers along with blocking VPN access. In my previous article, I discussed how to block VPN access with MikroTik Firewall. In this article, I will discuss simple tricks to block free web proxy access with MikroTik Router.

Tricks to Block Web Proxy Server

The default proxy server port is 3128 but 8080 port is also popularly used for proxy request. So, if we block 3128 and 8080 ports, 80% of free web proxy server can be blocked. As the proxy port can be changed as the system admin wish, some system admins use other free ports also, even 80 port. In this case, system admin can find the IP address of the popular proxy servers by searching online and block them manually. With these two methods, it is possible to block 99% of the free web proxy access.

Method 1: Blocking Free Web Proxy by Blocking Ports

As discussed earlier, the popular web proxy ports are 3128 and 8080. So, blocking these ports 80% of proxy request can easily be blocked. The following steps will show how to block destination ports to block web proxy request with MikroTik Firewall.

  • From Winbox, go to IP > Firewall menu item and click on Filter Rules tab and then click on PLUS SIGN (+). New Firewall Rule window will appear.
  • Choose forward from Chain dropdown menu.
  • Choose tcp from Protocol dropdown menu.
  • Put 3128,8080 in Dst. Port input box
  • Click on Action tab and choose drop from Action dropdown menu.
  • Click Apply and OK button.

Blocking Proxy Ports

This rule blocks those proxy servers which use port 3128 and 8080. But some proxy servers are configured on different ports, even port 80. To block these servers, we have to find IP addresses and block those IP addresses with Firewall rule.

Method 2: Blocking Free Web Proxy by IP Address

There are many websites such as spys.one/enproxynova.com/proxy-server-list and so on that provide free web proxy server list. We can find IP addresses of proxy servers which are not using 3128 and 8080 ports from here and can block them by IP address. The following steps will show how to block a group of IP address with MikroTik Firewall Rule.

  • From Winbox, go to IP > Firewall menu item and click on Filter Rules tab and then click on PLUS SIGN (+). New Firewall Rule window will appear.
  • Choose forward from Chain dropdown menu.
  • Click on Advanced tab and put a group name (such as Blacklisted Proxy Servers) in Dst. Address List input box.
  • Click on Action tab and choose drop from Action dropdown menu.
  • Click Apply and OK button.

MikroTik Firewall Rule to Block Proxy Servers

This rule will block those proxy servers which are in Blacklisted Proxy Servers group. Now we will add IP address of proxy server that we have found from website listing. The following steps will show how to add IP address in Blacklisted Proxy Servers group.

  • From Winbox, go to IP > Firewall menu item and click on Address Lists tab and then click on PLUS SIGN (+). New Firewall Address List window will appear.
  • Choose your created group name (Blacklisted Proxy Servers) from Name dropdown menu.
  • Put Proxy Server’s IP address that you want to add in this group in Address input field.
  • Click Apply and OK button.

Adding Blacklisted Proxy Servers

Similarly, you can add as many IP addresses of proxy server as you want following the above steps and can block them with MikroTik Firewall.

If you face any confusion to follow the above steps, watch the following video about blocking free proxy access with MikroTik Firewall. I hope, it will reduce your any confusion.

By admin

Leave a Reply

Your email address will not be published. Required fields are marked *