{"id":818,"date":"2018-06-21T18:10:08","date_gmt":"2018-06-21T21:10:08","guid":{"rendered":"http:\/\/www.tech-nico.com\/blog\/?p=818"},"modified":"2018-06-21T18:12:28","modified_gmt":"2018-06-21T21:12:28","slug":"routeros-tip-con-tls-host-identificar-clientes-accediendo-a-sitios-https","status":"publish","type":"post","link":"http:\/\/www.tech-nico.com\/blog\/routeros-tip-con-tls-host-identificar-clientes-accediendo-a-sitios-https\/","title":{"rendered":"RouterOS Tip con TLS-Host &#8211; Identificar clientes accediendo a sitios HTTPS"},"content":{"rendered":"<h3>Identificando quienes de nuestra red accedieron a Netflix<\/h3>\n<p>Hola a todos, <a href=\"http:\/\/www.tech-nico.com\/blog\/routeros-6-41-incorpora-tls-host-para-controlar-sitios-https-que-usen-tcp\/#comment-30036\">Esteban<\/a> menciono en los comentarios del post\u00a0<a href=\"http:\/\/www.tech-nico.com\/blog\/routeros-6-41-incorpora-tls-host-para-controlar-sitios-https-que-usen-tcp\/\">identificar trafico HTTPS con tls-host<\/a>, como hacer para crear una lista con las direcciones de los clientes que accedieron a sitios HTTPS bloqueados o no permitidos en la Red. En mi ejemplo, hago una lista con todos los que acceden a <a href=\"http:\/\/netflix.com\">Netflix.<\/a><\/p>\n<blockquote><p>En mi ejemplo, veras que la lista es <strong><em>din\u00e1mica<\/em> <\/strong>y la IP del cliente queda registrada con un timeout de 24 horas, que vos podr\u00e1s modificar a tu elecci\u00f3n.<\/p><\/blockquote>\n<p>El ejemplo es muy muy b\u00e1sico y solo requiere de conocimiento de RouterOS, pero nunca esta de mas:<\/p>\n<p>Pegar esta linea desde la consola:<\/p>\n<pre class=\"brush: php; title: ; notranslate\" title=\"\"> \/ip firewall filter add action=add-src-to-address-list address-list=clientes_netflix address-list-timeout=none-static chain=forward comment=\\ &quot;Agrego a una lista todos los clientes que acceden a Netflix&quot; protocol=tcp tls-host=*.netflix.com address-list-timeout=24h <\/pre>\n<h4>NOTA:<br \/>\nSi estas filtrando tenes que arrastrar esta regla justo arriba de la que hace drop.<\/h4>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Identificando quienes de nuestra red accedieron a Netflix Hola a todos, Esteban menciono en los comentarios del post\u00a0identificar trafico HTTPS con tls-host, como hacer para crear una lista con las direcciones de los clientes que accedieron a sitios HTTPS bloqueados &hellip; <a href=\"http:\/\/www.tech-nico.com\/blog\/routeros-tip-con-tls-host-identificar-clientes-accediendo-a-sitios-https\/\">Sigue leyendo <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":600,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[74,55],"tags":[],"class_list":["post-818","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-mikrotik","category-redes"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1650%2C1400","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/phA9Q-dc","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":777,"url":"http:\/\/www.tech-nico.com\/blog\/routeros-6-41-incorpora-tls-host-para-controlar-sitios-https-que-usen-tcp\/","url_meta":{"origin":818,"position":0},"title":"RouterOS 6.41 incorpora TLS-Host para controlar sitios HTTPS que usen TCP","author":"soporte","date":"febrero 2, 2018","format":false,"excerpt":"Alternativa para poder manejar fitros o queues en sitios con HTTPS En la version 6.42rc (release candidate) segun afirman en el foro oficial de Mikrotik, ya esta en funcionamiento el parametro TLC-Host desde los filtros del firewall, con lo cual permite marcar\/controlar o filtrar ciertos sitios HTTPS que corran en\u2026","rel":"","context":"En \u00abmikrotik\u00bb","block_context":{"text":"mikrotik","link":"http:\/\/www.tech-nico.com\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=1050%2C600 3x"},"classes":[]},{"id":1101,"url":"http:\/\/www.tech-nico.com\/blog\/routeros-controlar-filtrar-contenido-por-dns-2023\/","url_meta":{"origin":818,"position":1},"title":"RouterOS &#8211; Controlar \/ Filtrar contenido por DNS 2023","author":"soporte","date":"julio 24, 2023","format":false,"excerpt":"En muchas ocasiones he tenido que controlar mediante QoS algunas cuestiones como las actualizaciones de windows, o las redes sociales, y en otros casos filtra Whatsapp. OpenDNS de Cisco permite mediante un dashboard poder ir tildando y destildando contenidos a filtrar. Anda bien pero no te deja discriminar. Por ejemplo\u2026","rel":"","context":"En \u00abmikrotik\u00bb","block_context":{"text":"mikrotik","link":"http:\/\/www.tech-nico.com\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=1050%2C600 3x"},"classes":[]},{"id":1025,"url":"http:\/\/www.tech-nico.com\/blog\/mikrotik-routeros-nat-masquerade-y-netmap\/","url_meta":{"origin":818,"position":2},"title":"Mikrotik RouterOS NAT &#8211; Masquerade y Netmap","author":"soporte","date":"julio 11, 2021","format":false,"excerpt":"Existen varios tipos de NAT para diferentes prop\u00f3sitos. Todos conocemos el cl\u00e1sico \"Masquerade\", que siempre utilizamos en los mikrotik de nuestros clientes, pero a veces trae algunos problemas extra\u00f1os en la navegaci\u00f3n que por suerte resuelve Netmap. Adem\u00e1s de action=masquerade tambi\u00e9n existe action=netmap. Los dos son muy similares entre si\u2026","rel":"","context":"En \u00abredes\u00bb","block_context":{"text":"redes","link":"http:\/\/www.tech-nico.com\/blog\/category\/redes\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2021\/07\/cgnat.png?fit=1200%2C704&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2021\/07\/cgnat.png?fit=1200%2C704&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2021\/07\/cgnat.png?fit=1200%2C704&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2021\/07\/cgnat.png?fit=1200%2C704&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2021\/07\/cgnat.png?fit=1200%2C704&resize=1050%2C600 3x"},"classes":[]},{"id":497,"url":"http:\/\/www.tech-nico.com\/blog\/api-mikrotik-con-php-indice-general\/","url_meta":{"origin":818,"position":3},"title":"API MIKROTIK &#8211; (con php) &#8211; Indice general","author":"soporte","date":"octubre 19, 2013","format":false,"excerpt":"Hola a Todos! Los post me han quedado un poco desconectados, asi que arme un indice que voy a ir actualizando a medida que agregue info. 1) Introduccion: que puedo hacer con este API? 2) Primer Script: Crear nuestro primer ejemplo para acceder a tu RouterOS y testear el acceso.\u2026","rel":"","context":"En \u00abgeneral\u00bb","block_context":{"text":"general","link":"http:\/\/www.tech-nico.com\/blog\/category\/general\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=1050%2C600 3x"},"classes":[]},{"id":458,"url":"http:\/\/www.tech-nico.com\/blog\/api-mikrotik-graficar-el-trafico-de-nuestros-clientes-y-mostrar-el-log\/","url_meta":{"origin":818,"position":4},"title":"API MIKROTIK &#8211; Graficar el trafico de nuestros clientes y mostrar el log","author":"soporte","date":"agosto 19, 2013","format":false,"excerpt":"Hola viejos amigos!. Algo que me han preguntado bastante es como hacer que el cliente o nosotros mismos veamos las graficas de consumo con el API de Mikrotik. Y para su sorpresa les cuento que esta parte se hace\u00a0sin el API. Estudiemos la ruta que nos da mikortik para ver\u2026","rel":"","context":"En \u00abPHP\u00bb","block_context":{"text":"PHP","link":"http:\/\/www.tech-nico.com\/blog\/category\/programacion\/php\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=1050%2C600 3x"},"classes":[]},{"id":572,"url":"http:\/\/www.tech-nico.com\/blog\/solucion-al-script-de-duckdns-en-mikrotik-routeros\/","url_meta":{"origin":818,"position":5},"title":"Soluci\u00f3n al script de DuckDNS en Mikrotik RouterOS","author":"soporte","date":"febrero 23, 2015","format":false,"excerpt":"Cuando quisiste usar DuckDNS.org en tu RouterOS tuviste problemas con la instalaci\u00f3n?. Bueno a mi me paso que el script \"corr\u00eda\" \u00a0pero no me devolv\u00eda nunca el resultado deseado (mas claro: NO ANDABA). Depurando linea por linea me di cuenta que el problema no era el script si no la\u2026","rel":"","context":"En \u00abProgramaci\u00f3n\u00bb","block_context":{"text":"Programaci\u00f3n","link":"http:\/\/www.tech-nico.com\/blog\/category\/programacion\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=1050%2C600 3x"},"classes":[]}],"_links":{"self":[{"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/posts\/818","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/comments?post=818"}],"version-history":[{"count":1,"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/posts\/818\/revisions"}],"predecessor-version":[{"id":819,"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/posts\/818\/revisions\/819"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/media\/600"}],"wp:attachment":[{"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/media?parent=818"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/categories?post=818"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/tags?post=818"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}