Create an App-ID for YouTube in the context of facebook

L0 Member

Create an App-ID for YouTube in the context of facebook

HI guys I am trying to create a custom App-ID to identify Youtube in the context of facebook, I would like to use this for a possible App QoS.

Dependency is youtube from facebook but defining youtube app in the context http-host-header is too complex, so I was thinking of using youtube app as dependency and look for triggers as facebook referrer....

Any ideas?

L4 Transporter

Re: Create an App-ID for YouTube in the context of facebook

This one is pretty tricky, and I'm not sure it would be possible.  I'll defer to see if someone else replies, but as I see it, the video comes as an independent URL from a youtube CDN as an FLV file with no referer.  With no referer, I'm not sure there's a way to identify that it was in the context of Facebook, but I could be wrong.  Just prior to requesting the actual video content, there's a request for crossdomain xml files, but that doesn't affect the content.  Here's a quick snapshot I took using HttpFox of an embedded youtube video download and the associated headers.  Notice no referer header, which is what makes it challenging to identify that within the facebook context.

11-9-2011 1-40-03 PM.png

Not applicable

Re: Create an App-ID for YouTube in the context of facebook

Anyone have final answer?

Is it possible to do this configuration?

In EDU-201 training, Lab Module 4, there are some steps need students to configure:


Step 12:  Create a new rule named “deny-YouTube-over-FB

Step 13:  Configure the following information:

ü  Source Zone:  “Trust-L3       Source Address:  Any

ü  Destination Zone:  Untust-L3          Destination Address:  ???

ü  Application:  ???

ü  Action:  ???

HINT:  Can you do this with one Security Policy are do you need two?


How can we configure the security policy?

L4 Transporter

Re: Create an App-ID for YouTube in the context of facebook

While I'm not sure about the full context of that exercise in the lab your'e referencing, the purpose of that one looks different than yours.  I think in that lab you're trying to deny youtube over facebook, which would be easily done in two rules, first rule to deny youtube, second rule to allow facebook.  Or if facebook was already allowed by some "allow outbound" type policy, then one rule, deny youtube.  This would deny the embedded videos, since a launch of the embedded video would match as app-ID 'youtube-base' and be denied by the security policy.  The user would just see a spinning cursor.

The inverse, allowing embedded video rather than denying it, which is what I believe you might have been after, however, isn't necessarily the same.  Since the App ID is not different when embedded vs. not embedded, I don't believe you can differentiate to control just the embedded videos.  As mentioned before, the requests for embedded vs non-embedded look exactly the same, so I don't see a way to create a custom App ID for it either. :smileysad:

Maybe I'm missing something?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!