Direct Access List - MikroTik RouterOS v2.9 Reference Manual

Property Description
action ( allow | deny ; default: allow ) - specifies whether to pass or deny matched packets
dst-address ( IP address | netmask ) - destination address of the IP packet
dst-host ( wildcard ) - IP address or DNS name used to make connection the target server (this is
the string user wrote in his/her browser before specifying port and path to a particular web page)
dst-port ( port ) - a list or range of ports the packet is destined to
hits ( read-only: integer ) - the number of requests that were policed by this rule
local-port ( port ) - specifies the port of the web proxy via which the packet was received. This
value should match one of the ports web proxy is listening on.
method ( any | connect | delete | get | head | options | post | put | trace ) - HTTP method used in the
request (see HTTP Methods section in the end of this document)
path ( wildcard ) - name of the requested page within the target server (i.e. the name of a particular
web page or document without the name of the server it resides on)
redirect-to ( text ) - in case access is denied by this rule, the user shall be redirected to the URL
specified here
src-address ( IP address | netmask ) - source address of the IP packet
Notes
Wildcard properties (dst-host and dst-path) match a complete string (i.e., they will not match
"example.com" if they are set to "example"). Available wildcards are '*' (match any number of any
characters) and '?' (match any one character). Regular expressions are also accepted here, but if the
property should be treated as a regular expression, it should start with a colon (':').
Small hits in using regular expressions:
• \\ symbol sequence is used to enter \ character in console
• \. pattern means . only (in regular expressions single dot in pattern means any symbol)
• to show that no symbols are allowed before the given pattern, we use ^ symbol at the
beginning of the pattern
• to specify that no symbols are allowed after the given pattern, we use $ symbol at the end of
the pattern
• to enter [ or ] symbols, you should escape them with backslash \.
It is strongly recommended to deny all IP addresses except those behind the router as the proxy still
may be used to access your internal-use-only (intranet) web servers. Also, consult examples in
Firewall Manual on how to protect your router.

Direct Access List

Home menu level: /ip proxy direct
Description
Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.
Other trademarks and registred trademarks mentioned herein are properties of their respective owners.
Page 533 of 695