Using PacketShaper to allow access to one specific YouTube URL and block other YouTube traffic


<< Back to Knowledge Search

Solution

Overview

I would like to allow YouTube URL http://www.youtube.com/watch?v=l9CVUITrG18 but block all other YouTube traffic.

 

 

Cause
Resolution

In order to allow a specific YouTube URL and block all other YouTube traffic, you must first make sure you are running PacketWise 8.7.2 or higher. These versions allow you to disable the service of a web-based application such as YouTube.
 
class web-app disable youtube

After a service is disabled, the traffic will get classified as HTTP or SSL. In this example, you will create two classes: one that is an HTTP-based class with a specific URL and a second class that classifies web browsing on the youtube.com domain.

Below is the sample script for performing this task.

#
class new /Inbound/HTTP Specific_URL nodefault sortorder:32000 inside host:any TCP service:Client outside host:any service:HTTP "Web:host:*l9CVUITrG18*"
class rule add /Inbound/HTTP/Specific_URL inside host:any TCP service:HTTP "Web:host:*l9CVUITrG18*" outside host:any service:Client
class set /Inbound/HTTP/Specific_URL exception
class new /Inbound/HTTP YouTube nodefault inside host:any outside host:www.youtube.com
class new /Outbound HTTP nodefault inside host:any TCP service:Client outside host:any service:HTTP
class rule add /Outbound/HTTP inside host:any TCP service:HTTP outside host:any service:Client
class new /Outbound/HTTP Specific_URL nodefault sortorder:32000 inside host:any TCP service:Client outside host:any service:HTTP "Web:host:*l9CVUITrG18*"
class rule add /Outbound/HTTP/Specific_URL inside host:any TCP service:HTTP "Web:host:*l9CVUITrG18*" outside host:any service:Client
class set /Outbound/HTTP/Specific_URL exception
class new /Outbound/HTTP YouTube nodefault inside host:any outside host:www.youtube.com
policy apply priority /Inbound/HTTP/Specific_URL 3
policy apply never /Inbound/HTTP/YouTube
policy apply priority /Outbound/HTTP/Specific_URL 3
policy apply never /Outbound/HTTP/YouTube

#

For YouTube SSL, you may consider using SSL common name for further classification.

 

Workaround
Additional Information
Bug Number
InQuira Doc IdKB4931
Attachment

Article Feedback

Hide Properties
First Published      10/01/2014
Last Modified      10/01/2014
Last Published      10/01/2014
Article Audience
Product      PacketShaper
Topic      Configuration / WUI / CLI, Installation / Configuration
Article Number      000014473
Summary     
Was this helpful?
Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat