I have a need to block Youtube via application filter like it used to be before the update to the application filter that allows the front page to be viable, but not any of the videos. I used the custom filter document and was able to get most of the page to not display, however Youtube pulls style sheets from another URL, ytimg.com, since this isn't really a request header how would I write a custom application filter to block all of the page? Has anyone already done this?
You could create a custom app that looks for this RegEx in the http-req-header:
A URL filter might be a better choice, but there are mulitple ways to accomplish the same task.
Here's what I saw in the PCAP:
GET /yt/cssbin/www-core-vfl186161.css HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1)
Accept-Encoding: gzip, deflate
So our problem is that using the RegEx expression .*(Host:).*(s.ytimg.com) is not seven bytes. The RegEx expression must be seven bytes in order to be accecepted by PAN OS.
You may have to use a URL filtering profile here to block the domain ytimg.com.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!