Using PacketShaper to allow access to one specific YouTube URL and block other YouTube traffic

Solution

Overview

I would like to allow YouTube URL http://www.youtube.com/watch?v=l9CVUITrG18 but block all other YouTube traffic.

 

 

Cause
Resolution

In order to allow a specific YouTube URL and block all other YouTube traffic, you must first make sure you are running PacketWise 8.7.2 or higher. These versions allow you to disable the service of a web-based application such as YouTube.
 
class web-app disable youtube

After a service is disabled, the traffic will get classified as HTTP or SSL. In this example, you will create two classes: one that is an HTTP-based class with a specific URL and a second class that classifies web browsing on the youtube.com domain.

Below is the sample script for performing this task.

#
class new /Inbound/HTTP Specific_URL nodefault sortorder:32000 inside host:any TCP service:Client outside host:any service:HTTP "Web:host:*l9CVUITrG18*"
class rule add /Inbound/HTTP/Specific_URL inside host:any TCP service:HTTP "Web:host:*l9CVUITrG18*" outside host:any service:Client
class set /Inbound/HTTP/Specific_URL exception
class new /Inbound/HTTP YouTube nodefault inside host:any outside host:www.youtube.com
class new /Outbound HTTP nodefault inside host:any TCP service:Client outside host:any service:HTTP
class rule add /Outbound/HTTP inside host:any TCP service:HTTP outside host:any service:Client
class new /Outbound/HTTP Specific_URL nodefault sortorder:32000 inside host:any TCP service:Client outside host:any service:HTTP "Web:host:*l9CVUITrG18*"
class rule add /Outbound/HTTP/Specific_URL inside host:any TCP service:HTTP "Web:host:*l9CVUITrG18*" outside host:any service:Client
class set /Outbound/HTTP/Specific_URL exception
class new /Outbound/HTTP YouTube nodefault inside host:any outside host:www.youtube.com
policy apply priority /Inbound/HTTP/Specific_URL 3
policy apply never /Inbound/HTTP/YouTube
policy apply priority /Outbound/HTTP/Specific_URL 3
policy apply never /Outbound/HTTP/YouTube

#

For YouTube SSL, you may consider using SSL common name for further classification.

 

Workaround
Additional Information
Bug Number
InQuira Doc IdKB4931
Attachment

Article Feedback

Did this Article solve your issue?
Additional Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat