Using PacketShaper to allow access to one specific YouTube URL and block other YouTube traffic

book

Article ID: 167113

calendar_today

Updated On:

Products

PacketShaper

Issue/Introduction

This article describes how to create classes with the appropriate matching rules and set policies to block (never admit) traffic on the YouTube class and allow (priority 3 policy) on the class with a specific YouTube URL.


Note: The solution presented in this article does not work when the YouTube plug-in version 2.0.0.0 is installed.

 

Resolution

In order to allow a specific YouTube URL and block all other YouTube traffic, you must first make sure you are running PacketWise 8.7.2 or higher. These versions allow you to disable the service of a web-based application such as YouTube.
 
class web-app disable youtube

After a service is disabled, the traffic will get classified as HTTP or SSL. In this example, you will create two classes: one that is an HTTP-based class with a specific URL and a second class that classifies web browsing on the youtube.com domain.

Below is the sample script for performing this task.

#
class new /Inbound/HTTP Specific_URL nodefault sortorder:32000 inside host:any TCP service:Client outside host:any service:HTTP "Web:host:*l9CVUITrG18*"
class rule add /Inbound/HTTP/Specific_URL inside host:any TCP service:HTTP "Web:host:*l9CVUITrG18*" outside host:any service:Client
class set /Inbound/HTTP/Specific_URL exception
class new /Inbound/HTTP YouTube nodefault inside host:any outside host:www.youtube.com
class new /Outbound HTTP nodefault inside host:any TCP service:Client outside host:any service:HTTP
class rule add /Outbound/HTTP inside host:any TCP service:HTTP outside host:any service:Client
class new /Outbound/HTTP Specific_URL nodefault sortorder:32000 inside host:any TCP service:Client outside host:any service:HTTP "Web:host:*l9CVUITrG18*"
class rule add /Outbound/HTTP/Specific_URL inside host:any TCP service:HTTP "Web:host:*l9CVUITrG18*" outside host:any service:Client
class set /Outbound/HTTP/Specific_URL exception
class new /Outbound/HTTP YouTube nodefault inside host:any outside host:www.youtube.com
policy apply priority /Inbound/HTTP/Specific_URL 3
policy apply never /Inbound/HTTP/YouTube
policy apply priority /Outbound/HTTP/Specific_URL 3
policy apply never /Outbound/HTTP/YouTube

#

For YouTube SSL, you may consider using SSL common name for further classification.