This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Creating Youtube App Filter

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Creating Youtube App Filter

rodrigum
Not applicable

‎08-26-2010 08:25 AM

I have a need to block Youtube via application filter like it used to be before the update to the application filter that allows the front page to be viable, but not any of the videos.  I used the custom filter document and was able to get most of the page to not display, however Youtube pulls style sheets from another URL, ytimg.com, since this isn't really a request header how would I write a custom application filter to block all of the page?  Has anyone already done this?

Thanks.

1 person had this problem.
0 Likes Likes
7 REPLIES 7

blacksan
L1 Bithead

‎08-26-2010 08:28 AM

why not use a URL Filter with youtube.com?

0 Likes Likes

mharding
L4 Transporter

‎08-26-2010 08:29 AM

You could create a custom app that looks for this RegEx in the http-req-header:

.*(ytimg.com)

A URL filter might be a better choice, but there are mulitple ways to accomplish the same task.

0 Likes Likes

rodrigum
Not applicable
In response to mharding

‎08-26-2010 08:31 AM

I will try the regex option, I don't want to manage any more URL profiles then I have to, I am not on 3.1.  Application filtering is a better option for my configuration.

0 Likes Likes

rodrigum
Not applicable
In response to rodrigum

‎08-26-2010 09:11 AM

Well here is what I created, but the style sheet still attempts to load.

Preview file
4 KB
0 Likes Likes

mharding
L4 Transporter
In response to rodrigum

‎08-26-2010 11:08 AM

Here's what I saw in the PCAP:

GET /yt/cssbin/www-core-vfl186161.css HTTP/1.1
Accept: */*
Referer: http://www.youtube.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1)
Accept-Encoding: gzip, deflate
Host: s.ytimg.com
Connection: Keep-Alive

So our problem is that using the RegEx expression .*(Host:).*(s.ytimg.com) is not seven bytes. The RegEx expression must be seven bytes in order to be accecepted by PAN OS.

You may have to use a URL filtering profile here to block the domain ytimg.com.

0 Likes Likes

rodrigum
Not applicable
In response to mharding

‎08-26-2010 11:11 AM

That is what I am trying to get away from, I am curious how Palo Alto used the filter before they updated it to do what I am trying to do.

0 Likes Likes

mharding
L4 Transporter
In response to rodrigum

‎08-26-2010 11:14 AM

This should explain everything:

YouTube Video Control

0 Likes Likes
  • 5791 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks