BCWF classification of U.S. network television sites and streaming video
search cancel

BCWF classification of U.S. network television sites and streaming video

book

Article ID: 165405

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

BCWF classification of U.S. network television sites and streaming video
Allow access to the major U.S. television networks and yet prevent end users from watching video content, such as previous episodes
Block video from ABC, CBS, FOX, NBC and other networks using the Blue Coat WebFilter (BCWF)
Block access to streaming video from the major TV studios even without a subscription to BCWF

 

Resolution

Blue Coat WebFilter (BCWF) classifies the major U.S. television networks (ABC, CBS, FOX, NBC) as "Entertainment".  Many if not all of the sites have URLs that allow streaming video to be played on a computer. Those streaming video URLs are classified as Entertainment and as TV/Video Streams. As long as the proxy is configured to allow access to the Entertainment category but blocks access to the TV/Video Streams category, then users will be allowed to the main sites but denied access to the video streams coming from the major television networks. Should there be an instance where this is not the case, please use https://sitereview.bluecoat.com/ and submit a rating request for the URL that is not properly defined. This document will walk through the process of making policy that will Allow the Entertainment category but Deny the TV/Video Streams category.

 

OPTION 1: WRITING POLICY USING VPM

Note: Basic assumption is the Default Policy is Allow.

1.)  Log into the Management Console (https://<ip.address.of.proxysg>:8082)
2.)  Click on the Configuration tab > PolicyVisual Policy Manager > Launch button
3.)  Create a new Rule in the Web Access Layer. Move it to the top.

  • Source = Any
  • Destination
    • Right click and select Set... > New... > Request URL Category...
    • Expand out Blue Coat and scroll down to TV/Video Streams
    • Put a check or tick mark next to it. The selected category should now be in the Selected Categories column.
    • Change the Request URL Category Object Name to "BlockTVandVideoStreams"
    • Click on the OK twice.
  • Service = Any
  • Time = Any
  • Action = Right click and select Set... > "Force Deny (Content Filter)" > OK  (NOTE:  The Force Deny will stop policy execution when the rule matches so there is no chance that this rule can be overridden by other policy in later layers.)

 

4.)  Click on "Install policy"
5.)  Test and make sure the policy works as expected. NOTE:  This will block any site that is in the TV/Video Streams category.

IMPORTANT NOTE: If Default Policy is Deny and there is not an allow for the Entertainment category, still create a rule to allow the Entertainment category through the proxy. Since the streaming video URLs are categorized as Entertainment AND TV/Video Streams, create a rule that denies the TV/Video Streams, otherwise the video will be allowed. The streaming URLs are allowed because the URLs are dual tagging. The TV/Video Streams deny rule should be above or before the allow rule for Entertainment.

Please note that there may be more elegant VPM solutions available. This is simply a quick and easy way to deny access to sites that belong in the TV/Video Streams URL category.

 

OPTION 2: WRITING POLICY USING CPL IN THE LOCAL POLICY FILE

Note: Basic assumption is the Default Policy is Allow.

Please see Add CPL to a local policy file on the ProxySG for information on how to install Content Policy Language (CPL) into the Local Policy File. After reading Add CPL to a local policy file on the ProxySG, please install the following CPL:

; BEGIN:  Force deny of any site in the TV/Video Streams category
<Proxy>
    category="TV/Video Streams" force_exception(content_filter_denied) 
; END:  Force deny of any site in the TV/Video Streams category

Once the policy has been installed, please test it and make sure it functions as expected. Below is policy that denies any URL that belongs to TV/Video Streams and Entertainment but allows Entertainment.

; BEGIN:  Force deny of any site in the TV/Video Streams category and Entertainment category
; while allowing access to the Entertainment category
<Proxy>
    condition=TVandEntertainment force_exception(content_filter_denied)
    ALLOW category=Entertainment

define condition TVandEntertainment     category=Entertainment category="TV/Video Streams" end

; END

 

OPTION 3: BLOCKING STREAMING VIDEO WITHOUT USING BCWF

Block the video from the four sites indicated above without using BCWF categories. As of the writing of this document (02 February 2011), these are the sites and their accompanying streaming URLs. Please note that these URLs can change at any time. If they do change, please provide feedback to this KB article with the correct URL.

Network Site Streaming TV/Video URL
ABC http://abc.go.com/ http://abc.go.com/shows
CBS http://www.cbs.com/ http://www.cbs.com/video/
http://www.cbs.com/(name-of-show)/video/
Fox http://www.fox.com/ http://www.fox.com/watch  (note this URL redirects to the URL below)
http://www.fox.com/full-episodes
http://www.fox.com/(name-of-show)/full-episodes
NBC http://www.nbc.com/ http://www.nbc.com/video/
http://www.nbc.com/(name-of-show)/video/

 

BLOCKING STREAMING VIDEO USING VPM

1.)  Log into the Management Console (https://<ip.address.of.proxysg>:8082)
2.)  Click on the Configuration tab > Policy > Visual Policy ManagerLaunch button
3.)  Click on the Web Access Layer. Click on Add rule and move the rule up to the top of the list.

  • Source = Any
  • Destination
    • Right click and select Set > New... > Request URL > Advanced Match
      • Name = Something meaningful, such as ABC-TV-Stream
      • Scheme = Any
      • Host = the host name (abc.go.com or www.cbs.com or www.fox.com, or some other URL to be blocked). Make sure it is set to Exact Match.
      • Port = blank (do not put anything in here. Leave it as is.)
      • Path = the path to the video. (Example: watch or video or full-episodes as indicated in the Streaming TV/Video URL from the table above.)  Make sure it is set to Contains. If it is set to Exact Match, the rule may not work.
      • Click on the Add button. Repeat and add all the networks that should be added. When finished, click on the Close button.
    • If more than one video stream was entered, click on New > Combined Destination Object... > Add all the video streams from the left side defined in the advanced URL match above and move them to the top right hand box. Click on the OK button.
  • Service = Any
  • Time = Any
  • Action = Right click and select Set... > "Force Deny (Content Filter)" > OK  (NOTE:  The Force Deny will stop policy execution when the rule matches, so there is no chance that this rule can be overridden by other policy in later layers.)

 

4.)  Click on "Install policy"
5.)  Test and make sure the policy works as expected.

 

BLOCKING STREAMING VIDEO USING CPL

Here is some sample CPL code that can be used to block video from the four sites above.

; BEGIN:  CPL used to block TV streams from the major US television networks
<Proxy>
    condition=__CondList1BlockTVStreams force_exception(content_filter_denied)

define condition __CondList1BlockTVStreams
    url.host=abc.go.com url.path.substring=watch
    url.host=www.cbs.com url.path.substring=video
    url.host=www.fox.com url.path.substring=full-episodes
    url.host=www.nbc.com url.path.substring=video
; END:  CPL used to block TV streams from the major US television networks

 

Powered by Wolken Software