How to block Facebook using Mikrotik

In this article I want to show on how to block Facebook using Mikrotik in three steps. We will use Web Proxy feature included in Mikrotik. We assume the LAN (Local Area Network) address is and the IP address of  ‘ether1’  which facing to the LAN is

Here are the three steps:

1. Enable Web Proxy

We enable this web proxy without cache on disk.

ip proxy set enabled=yes port=8080 cache-on-disk=no

2. Add proxy access rules

In this step we define which website we want to block. In this case, we want to block Facebook. Remember that Facebook has many sub-domains so we have to block all that sub-domains.

ip proxy access add src-address= dst-host=* action=deny

The ‘*’ value means all sub-domains of

3. Enable the transparent proxy

In this step we have to redirect all web access to coming from the LAN to the web proxy.

ip firewall nat add chain=dstnat  in-interface=ether1 dst-port=80 protocol=tcp action=redirect to-ports=8080

That’s all. You can add as many websites that you want to block as described in step 2.