Using PacketShaper to allow access to one specific YouTube URL and block other YouTube traffic
search cancel

Using PacketShaper to allow access to one specific YouTube URL and block other YouTube traffic

book

Article ID: 167113

calendar_today

Updated On: 04-11-2025

Products

PacketShaper

Issue/Introduction

This article describes how to create classes with the appropriate matching rules and set policies to block (never admit) traffic on the YouTube class and allow (priority 3 policy) on the class with a specific YouTube URL.


Note: The solution presented in this article does not work when the YouTube plug-in version 2.0.0.0 is installed.

 

Environment

PacketShaper

Resolution

In order to allow a specific YouTube URL and block all other YouTube traffic, you must first make sure you are running PacketWise 8.7.2 or higher. These versions allow you to disable the service of a web-based application such as YouTube.
 
class web-app disable youtube

After a service is disabled, the traffic will get classified as HTTP or SSL. In this example, you will create two classes: one that is an HTTP-based class with a specific URL and a second class that classifies web browsing on the youtube.com domain.

Below is the sample script for performing this task.

#
class new /Inbound/HTTP Specific_URL nodefault sortorder:32000 inside host:any TCP service:Client outside host:any service:HTTP "Web:host:*l9CVUITrG18*"
class rule add /Inbound/HTTP/Specific_URL inside host:any TCP service:HTTP "Web:host:*l9CVUITrG18*" outside host:any service:Client
class set /Inbound/HTTP/Specific_URL exception
class new /Inbound/HTTP YouTube nodefault inside host:any outside host:www.youtube.com
class new /Outbound HTTP nodefault inside host:any TCP service:Client outside host:any service:HTTP
class rule add /Outbound/HTTP inside host:any TCP service:HTTP outside host:any service:Client
class new /Outbound/HTTP Specific_URL nodefault sortorder:32000 inside host:any TCP service:Client outside host:any service:HTTP "Web:host:*l9CVUITrG18*"
class rule add /Outbound/HTTP/Specific_URL inside host:any TCP service:HTTP "Web:host:*l9CVUITrG18*" outside host:any service:Client
class set /Outbound/HTTP/Specific_URL exception
class new /Outbound/HTTP YouTube nodefault inside host:any outside host:www.youtube.com
policy apply priority /Inbound/HTTP/Specific_URL 3
policy apply never /Inbound/HTTP/YouTube
policy apply priority /Outbound/HTTP/Specific_URL 3
policy apply never /Outbound/HTTP/YouTube
#

For YouTube SSL, you may consider using SSL common name for further classification.

 

Powered by Wolken Software