Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Creating Youtube App Filter

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Creating Youtube App Filter

Not applicable

I have a need to block Youtube via application filter like it used to be before the update to the application filter that allows the front page to be viable, but not any of the videos.  I used the custom filter document and was able to get most of the page to not display, however Youtube pulls style sheets from another URL, ytimg.com, since this isn't really a request header how would I write a custom application filter to block all of the page?  Has anyone already done this?

Thanks.

7 REPLIES 7

L1 Bithead

why not use a URL Filter with youtube.com?

L4 Transporter

You could create a custom app that looks for this RegEx in the http-req-header:

.*(ytimg.com)

A URL filter might be a better choice, but there are mulitple ways to accomplish the same task.

I will try the regex option, I don't want to manage any more URL profiles then I have to, I am not on 3.1.  Application filtering is a better option for my configuration.

Well here is what I created, but the style sheet still attempts to load.

Here's what I saw in the PCAP:

GET /yt/cssbin/www-core-vfl186161.css HTTP/1.1
Accept: */*
Referer: http://www.youtube.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1)
Accept-Encoding: gzip, deflate
Host: s.ytimg.com
Connection: Keep-Alive

So our problem is that using the RegEx expression .*(Host:).*(s.ytimg.com) is not seven bytes. The RegEx expression must be seven bytes in order to be accecepted by PAN OS.

You may have to use a URL filtering profile here to block the domain ytimg.com.

That is what I am trying to get away from, I am curious how Palo Alto used the filter before they updated it to do what I am trying to do.

This should explain everything:

YouTube Video Control

  • 5765 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!