Creating Youtube App Filter

Reply
Highlighted
Not applicable

Creating Youtube App Filter

I have a need to block Youtube via application filter like it used to be before the update to the application filter that allows the front page to be viable, but not any of the videos.  I used the custom filter document and was able to get most of the page to not display, however Youtube pulls style sheets from another URL, ytimg.com, since this isn't really a request header how would I write a custom application filter to block all of the page?  Has anyone already done this?

Thanks.

Highlighted
L1 Bithead

why not use a URL Filter with youtube.com?

Highlighted
L4 Transporter

You could create a custom app that looks for this RegEx in the http-req-header:

.*(ytimg.com)

A URL filter might be a better choice, but there are mulitple ways to accomplish the same task.

Highlighted
Not applicable

I will try the regex option, I don't want to manage any more URL profiles then I have to, I am not on 3.1.  Application filtering is a better option for my configuration.

Highlighted
Not applicable

Well here is what I created, but the style sheet still attempts to load.

Highlighted
L4 Transporter

Here's what I saw in the PCAP:

GET /yt/cssbin/www-core-vfl186161.css HTTP/1.1
Accept: */*
Referer: http://www.youtube.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1)
Accept-Encoding: gzip, deflate
Host: s.ytimg.com
Connection: Keep-Alive

So our problem is that using the RegEx expression .*(Host:).*(s.ytimg.com) is not seven bytes. The RegEx expression must be seven bytes in order to be accecepted by PAN OS.

You may have to use a URL filtering profile here to block the domain ytimg.com.

Highlighted
Not applicable

That is what I am trying to get away from, I am curious how Palo Alto used the filter before they updated it to do what I am trying to do.

Highlighted
L4 Transporter

This should explain everything:

YouTube Video Control

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!