Allow only specific YouTube videos through the WSS UPE policy.

book

Article ID: 242605

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

When the WSS policies are managed from the Management center, I want to allow specific YouTube video URLs and block all other videos from YouTube. 

To see how this is achieved when the policy is managed from the WSS portal see KB168914

Resolution

The following CPL policy can be used for allowing specific YouTube videos by URLs and blocking all other videos on YouTube. 

#if enforcement=wss
<Proxy>
condition="Youtube_Allowed_URLs" Allow
condition="Deny_Youtube" http.method=!CONNECT Deny
   
   
define url.domain condition "Youtube_Allowed_URLs"
   'googlevideo.com'
   'https://www.youtube.com/s/desktop'
   'https://www.youtube.com/s/player'
   'https://www.youtube.com/watch?v=Uvtiba2wKbE'
   'https://www.youtube.com/watch?v=oU8d8vsAS5E'
end

define condition "Deny_Youtube"
   url.domain='youtube.com'
   url.host.is_numeric=true server.certificate.hostname='.youtube.com'
end
#endif

=========================================
In this policy the following YouTube videos are allowed;

  • https://www.youtube.com/watch?v=Uvtiba2wKbE
  • https://www.youtube.com/watch?v=oU8d8vsAS5E 

 

Note: If you want to allow more video URLs, you could add the specific video URLs to the “YouTube_Allowed_URLs” definition.
Placement of this CPL into your VPM is very important and this CPL depends on how YouTube traffic is controlled by your existing rules.