Setting Up a Web Proxy on MikroTik Print

Hello again! It’s Emmanuel Corels from Emmanuel Corels Creatives. In today’s guide, we’re exploring another practical feature of MikroTik: the built-in web proxy. A web proxy can help you cache web content to speed up browsing for your network, control access to websites, or simply monitor web traffic. Let’s walk through enabling and configuring a basic web proxy on your MikroTik router in a beginner-friendly way.

What Is a Web Proxy?

A web proxy acts as an intermediary between your devices and the internet. When enabled on your MikroTik router, it can:

• Cache frequently visited web pages, reducing bandwidth usage and improving response times.
• Filter web traffic, allowing or blocking certain websites.
• Monitor and log web usage for troubleshooting or policy enforcement.

For home or small office setups, even a basic proxy can enhance performance and provide added control over web access.

Step 1: Enabling the Web Proxy

1. Access WinBox and connect to your MikroTik router.
2. Navigate to IP → Web Proxy.
3. Enable the Proxy by clicking the “Enabled” checkbox.
4. You’ll see default settings appear. For a simple setup, the defaults are a good start:
   • Port: Typically set to 8080.
   • Cache Size: Adjust this if you expect heavy usage (default is usually around 100 MB).
   • Max Cache Object Size: Determines the largest file to be cached; you can leave this at default if unsure.

CLI Equivalent:

/ip web-proxy set enabled=yes port=8080 cache-size=100m max-cache-object-size=1m

Step 2: Configuring Basic Proxy Settings

1. Access Rules:
   You can define which sites to allow or block, though for a basic caching setup, you might leave this empty initially.

2. Cache Settings:

   • Cache Size: Increase if you have ample memory and expect many requests.
   • Cache Object Size: Ensure this fits the typical size of files you want to cache (images, small documents, etc.).

3. Parent Proxy:
   If you’re behind another proxy or need to chain proxies, you can set the parent proxy settings. For a standalone setup, leave these blank.

4. Logging:
   Enable logging if you wish to monitor proxy activity. This can be helpful for troubleshooting.

Step 3: Redirecting Traffic to the Proxy (Optional)

For devices to use the proxy transparently, you may set up a NAT rule that redirects HTTP traffic (port 80) to the proxy port (e.g., 8080). This is known as “transparent proxying.”

1. Go to IP → Firewall → NAT.
2. Click the “+” button to add a new NAT rule.
3. In the General tab:
   • Chain: dstnat
   • Protocol: tcp
   • Dst. Port: 80
   • In. Interface: (Select your LAN interface, e.g., bridge-lan if you want all LAN devices to use the proxy)
4. In the Action tab:
   • Action: redirect
   • To Ports: 8080
5. Click OK.

CLI Equivalent:

/ip firewall nat add chain=dstnat protocol=tcp dst-port=80 in-interface=bridge-lan action=redirect to-ports=8080

This rule forces HTTP traffic from your LAN through the proxy without needing to configure each device manually.

Step 4: Testing Your Web Proxy

1. Local Test:
   From a device on your network, open a browser and try visiting a website.
   • If you’ve set up transparent proxying, HTTP requests should automatically be routed through the proxy.
2. Check Logs:
   In WinBox, go to Log (or use /log print in the CLI) to see entries related to web-proxy activity. This helps confirm that requests are being processed.
3. Proxy Status:
   In IP → Web Proxy, monitor the “Cache Hits” and “Cache Misses” counters to see if caching is occurring.

Troubleshooting Tips

• No Cache Hits:
  If your proxy isn’t caching, ensure that the files being requested are within the size limits and that caching is enabled.
• Access Issues:
  If devices can’t browse, verify your NAT rule isn’t interfering with other configurations.
• Firewall Conflicts:
  Ensure that your firewall rules aren’t blocking traffic to or from the proxy (typically TCP port 8080).
• Logging:
  Increase logging temporarily to diagnose any issues with proxy requests.

Final Thoughts

Setting up a web proxy on your MikroTik router is a practical way to enhance network performance, control web access, and monitor traffic. With these simple steps, you can get a basic proxy up and running, and later refine it based on your specific needs—whether that’s increasing cache size, adding filtering rules, or adjusting NAT settings for transparency.

Feel free to experiment with different configurations, and as always, if you run into any issues or have questions, I’m here to help. Happy networking, and may your web traffic be fast and efficient!

Explained with practical clarity by
Emmanuel Corels – Admin, Emmanuel Corels Creatives