Customer is having policy to control access to certain YouTube categories. For eg: Denying access to YouTube categories “Movies” & “Entertainment”. Clients may try to modify the url in the request which may break YouTube categorization. This will make the YouTube category control not working as expected.

YouTube categorization is provided by YouTube when queried with the individual Video-ID. ProxySG takes this from the url as in the example below

https://www.youtube.com/watch?v=0WWzgGyAH6Y

If customer modifies this url and add an extra "/v/" after the domain, categorization will fail. This video will be then considered as “Uncategorized” and may get allowed depending on the customer policies.

https://www.youtube.com/v/watch?v=0WWzgGyAH6Y

There are multiple ways to bypass categorization in YouTube and the above is just one such modification. The attached policy to this article is updated with known bypass methods.

This url modification can be dealt by adding policy to redirect any request with the extra “/v/” back to its original form.

; Rule to redirect modified YT requests to Original form
<proxy> url.domain="youtube.com"
url.path.prefix="/v/watch" action.YT_Redirect_1(yes)
url.path.prefix="/v?" action.YT_Redirect_2(yes)
url.path.prefix="/e?" action.YT_Redirect_3(yes)
url.path.prefix="/TV" action.YT_Redirect_4(yes)

define action YT_Redirect_1
redirect( 307, "https://www.youtube.com/v/(.*)", "https://www.youtube.com/$(1)" )
end

define action YT_Redirect_2
redirect( 307, "https://www.youtube.com/v(.*)", "https://www.youtube.com/watch$(1)" )
end

define action YT_Redirect_3
redirect( 307, "https://www.youtube.com/e(.*)", "https://www.youtube.com/watch$(1)" )
end

define action YT_Redirect_4
redirect(307, "https://www.youtube.com/(?i)TV\?v=(.*)", "https://www.youtube.com/watch?v=$(1)" )
end

Policy is also attached to this article