For some ISPs, speed test sites can be their best friend. It shows a user that he is reaching his potential speed. For others it’s a nightmare as it gives ammunition for users. While at MUM this year my lunch table was having a friendly discussion about just this. Some suggestions were offered on various things you can do to speed test sites. One person explained how a WISP was blocking every speed test site they could think of, just to keep users from accessing any solid material to complain with. I then suggested that I could make a fake speed test site and redirect all users to that. Everyone had a good laugh, but…I though it would be fun to do it for real, so here it is!
In a nutshell what happens is this:
The user tries to browse to a webpage that contains the word speedtest or bandwidth test in the url
The server IP gets added to an address list of known speed test servers.
Subsiquent access to these addresses hit a destination nat rule that will shoot them over to our webserver, which happens to be hosting our custom webpage.
Layer 7 match for an URL that contains speedtest or bandwidthtest.
1
2
3
| /ip firewall layer7-protocol
add comment="" name=speedtest-url regexp=\
"^.*(get|GET).+/(speed|bandwidth).*test.*\$" |
1
2
3
4
5
| /ip firewall mangle
add action=add-dst-to-address-list address-list=speedtest-al \
address-list-timeout=0s chain=prerouting comment=\
"speedtest mark connection" disabled=no dst-port=80 \
layer7-protocol=speedtest-url protocol=tcp |
Our webserver is 1.1.1.1 in this example.
1
2
3
| /ip firewall nat
add action=dst-nat chain=dstnat comment="" disabled=no dst-address-list=\
speedtest-al to-addresses=1.1.1.1 |
Courtesy : http://mikrotikuniversity.com/index.php/blog/ |
