This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Tips & Tricks: Allow or Block YouTube Video

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Tips & Tricks: Allow or Block YouTube Video

jdelio
L7 Applicator
‎01-15-2020 08:28 AM

Tips and Tricks: Allow 1 YouTube video and block othersTips and Tricks: Allow 1 YouTube video and block others

Read about how you can allow certain YouTube videos but block others through Palo Alto Networks devices and software. We reveal some excellent tips and tricks to help you apply this category to your network. Got questions? Get answers on LIVEcommunity!

 

 

Hello everyone! Welcome back to Tips & Tricks, where we give you tips to help get the most out of your Palo Alto Networks devices and software.

 

This week, I would like to talk about something that I have been dealing with ever since I started at Palo Alto Networks in 2012, and that is YouTube. In this example, I will be talking about allowing one YouTube video and blocking all other YouTube videos. 

 

YouTube is one of the more difficult applications to nail down, as they are infamous for changing algorithms about every six months. Just when you think you have the magic combination, things change. Well, that's all different now.

 

The secret I was just told about is this:

Instead of using a URL Filtering Policy,  just use the Custom URL Category. That in conjunction with SSL Decryption and blocking the quic protocol, as it can bypass SSL decryption.

 

Firewall interface view of Custom URL Category for the one YouTube video.Firewall interface view of Custom URL Category for the one YouTube video.

 

Instead of having to add a bunch of other (random) YouTube video pages, you can now just enter the one video for the allowed Custom URL Category.

 

Custom URL Category popup in the firewall interface, showing how to add new category.Custom URL Category popup in the firewall interface, showing how to add new category.

 

Again, now it is easier than ever to enter this website: "https://www.youtube.com/watch?v=" to catch all other YouTube videos that you want to block.

 

Plug that into your rulebase, again with SSL Decryption and blocking quic, and you should be golden!

 

This and more details are inside of this Knowledge Base article here:

How to Allow a Single YouTube Video and Block All Other Videos

 

I hope this really helps you with YouTube!

 

Thanks for taking time to read my blog.
If you enjoyed this, please hit the Like (thumbs up) button, don't forget to subscribe to the LIVEcommunity Blog.

 

As always, we welcome all comments and feedback in the comments section below.

 

Stay Secure,
Joe Delio
End of line

9 Comments
Marc_T
L2 Linker
‎05-24-2020 11:03 PM
‎05-24-2020 11:03 PM

Hi Joe,

 

Great article, one thing I would add in to your deny category is the mobile "m.youtube.com" and embedded "youtube.com/embed/" options for viewing videos as these will allow users to bypass your rule base for YouTube.

The added and modified url look something like:

*.youtube.com/watch?v=
*.youtube.com/embed/

 

Cheers

/M

 

RyanBess
L2 Linker
‎02-01-2021 05:43 PM
‎02-01-2021 05:43 PM

how would you do this through appID?

0 Likes Likes
Marc_T
L2 Linker
‎02-01-2021 09:48 PM
‎02-01-2021 09:48 PM

There are more details as to the configuration here - Allow only a single YouTube Video Configuration

This solution would also work well in conjunction with Minemeld to create URL based EDLs to white list specific channels on YouTube more details can be found here - YouTube Miner - Minemeld 

 

Hope this helps

 

/M

rjhay
L0 Member
‎06-24-2021 12:37 AM
‎06-24-2021 12:37 AM

I added some url in the youtube-allow to allow the single youtube video

 

*.googlevideo.com
.*.googlevideo.com /*
i.ytimg.com/*
www.youtube.com/s/desktop/*
www.youtube.com/api/*
*.googlevideo.com/*
*.googlevideo.com/videoplayback?expire=
www.youtube.com/s/*

To allow the live chat in the live video i added this URL www.youtube.com/live_chat?

 

Jatin.Singh
L3 Networker
‎12-16-2021 05:46 PM
‎12-16-2021 05:46 PM

I have tried the above and it allows all the videos.

 

Does anyone know if YouTube has updated their streaming app and we need add or block to any more specific URLS?

 

have someone tested this recently? 

0 Likes Likes
Jatin.Singh
L3 Networker
‎12-20-2021 02:20 PM
‎12-20-2021 02:20 PM

@jdelio @rjhay The above setup does not seems to work.

 

So I am able to play the video I want to play, but then when when I click another video from the right hand display Column the other video's also work(which it should block)

If you play the video copy pasting the url in the Url tab it will block it.

 

Do you guys know any changes to YouTube policy which is preventing this?

Have you tested this recently and is it working for you guys?

0 Likes Likes
Ariel_Ramirez
L0 Member
‎05-16-2022 08:30 PM
‎05-16-2022 08:30 PM

Hi Guys,

Any update on this. I am experincing the same behavior. Now look like youtube video use a *googlevideo.com URl, which it generate any code every time you click in the same video.

 

 

jclarke2
L0 Member
‎09-05-2022 07:23 PM
‎09-05-2022 07:23 PM

Updated method here https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGzCAK

0 Likes Likes
hatus.cordeiro
L0 Member
‎09-30-2022 02:37 PM
‎09-30-2022 02:37 PM

Is it possible to do this for video categories?
I have youtube enabled, but I need to block all game channels!

0 Likes Likes
  • 27481 Views
  • 9 comments
  • 5 Likes
Register or Sign-in
Labels
Popular Blogs
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks