Allow one or more YouTube videos where access to YouTube is blocked globally

book

Article ID: 171080

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

You have YouTube blocked globally but you want to allow one or more videos directly on the YouTube site embedded in other websites.

Resolution

Step 1

Due to the fact that YouTube will also use HTTPS for this policy to work you will need to use SSL Interception on the proxy, the following KB’s will help to show how to enable SSL interception for a Self-Signed certificate or if you have an internal PKI:

Self-signed:

Configure SSL intercept for an explicit deployment using a self-signed certificate on ProxySG or Advanced Secure Gateway​

Internal PKI:

Configure SSL interception with Microsoft PKI in an Explicit deployment​

Step 2

URL's used as an example in this article:

https://origin-symwisedownload.symantec.com/resources/webguides/proxysg/security_first_steps/index.htm#Solutions/Authentication/IWA/IWA_Direct_st.htm (here there is embeded Youtube link)

https://www.youtube.com/watch?v=q-D50wpJdaM&feature=youtu.be

https://www.youtube.com/watch?v=rmxA9mDJMVI&feature=youtu.be

https://www.youtube.com/watch?v=94ImhH9ZBRA&feature=youtu.be

In local policy file or in CPL layer in VPM put following CPL rule for explicit deployment 

define condition allowed_youtube
url.substring=scheduler.js
url.substring=yts
url.substring=rmxA9mDJMVI  ; this part has to be taken from youtube url https://www.youtube.com/watch?v=rmxA9mDJMVI&feature=youtu.be
url.substring=q-D50wpJdaM ;  https://www.youtube.com/watch?v=q-D50wpJdaM&feature=youtu.be
url.substring=94ImhH9ZBRA ; https://www.youtube.com/watch?v=94ImhH9ZBRA&feature=youtu.be
url.domain=//c.youtube.com/
url.domain=//youtu.be/
url.domain=//ytimg.com/
url.substring=crossdomain.xml
url.host.substring=googlevideo.com
end

<proxy>
condition=!"allowed_youtube" url.domain=youtube.com deny
<proxy>
url.domain=www.youtube.com http.method=CONNECT ALLOW

In local policy file or in CPL layer in VPM put following CPL rule for transparent deployment 

define condition allowed_youtube
url.substring=scheduler.js
url.substring=yts
url.substring=rmxA9mDJMVI  ; this part has to be taken from youtube url https://www.youtube.com/watch?v=rmxA9mDJMVI&feature=youtu.be
url.substring=q-D50wpJdaM ;  https://www.youtube.com/watch?v=q-D50wpJdaM&feature=youtu.be
url.substring=94ImhH9ZBRA ; https://www.youtube.com/watch?v=94ImhH9ZBRA&feature=youtu.be
url.domain=//c.youtube.com/
url.domain=//youtu.be/
url.domain=//ytimg.com/
url.substring=crossdomain.xml
url.host.substring=googlevideo.com
end
<proxy>
condition=!"allowed_youtube" url.domain=youtube.com deny

<proxy>
 condition="allowed_youtube" allow