We have a block list for Categories as most companies would have, within this rule list is media streaming. The Issue I have is that I now need to allow a number of You Tube videos to all users.
So in the URL Filtering Rule we have the - Block URLs Whose Category is in Category Block List rule
Just above that I have my new rule - Allowed URL YouTube Videos.
The contents being
Comment: Allows access to all to listed YouTube videos
Authentication.UserGroups contains "Internet_StandardAccess" AND
URL matches in list Allowed_URL_YouTube_Videos
Action: Stop Rule Set
So in my head if a user goes to a You Tube video that's listed in my (Allowed_URL_YouTube_videos) list then the rule should fire stopping the rule set and allowing access to the You Tube video.
The error I get is that the site continues to be blocked by the Block URLS Whose Category is in the Category Block list even though this rule set is further down the chain and should not be being hit.
Any ideas would be really helpful, Thanks
Your questions might be answered by creating a rule engine trace to check the results and why this decision has been taken.
Rule Engine Tracing | McAfee Communities
When you work with youtube it is suggested to use YouTubeAPI and prepared ruleset from library, if you not already use it.
Hi Thanks for the info, Im using the Rule Tracing Engine, that's how I know that its the Categories list that's still blocking the access, ill have a look into the YouTube API though,
We user URL.Match + List of URLS to allow specific YT videos only.
After some debuging, these are URLs to allow:
Needed basic YT player components:
*s.ytimg.com/* = Youtube - flash player and images
*.youtube.com/crossdomain.xml = YT player cloud config
*.youtube.com/videoplayback* = Flash Binary Stream for requested video
Specific video to allow, block others:
*.youtube.com/*NPyiLkNf_0c* = allow video with ID "NPyiLkNf_0c" ie: htp://youtu.be/NPyiLkNf_0c
Hope this helps.
So your URL.Match property, did you add that yourself as that's not listed as an option on my gateway, you you did add it as a string what value did you give it ?
URL.Match is standard rule criteria during creating new rule.
So steps are easy:
Appreciate the help, ok so I have donw what you have suggested above, the problem is that this seems to allow all of You Tube as in any video that I click on will play.
Remove the rule and You Tube is completely locked down.
Any further ideas ?
Blocking YouTube.com, and then allowing specific videos only as you have configured will not work in this case. You can allow specific videos on the YouTube only, based upon the uploader, content and there may be other possibilities. I have restricted based upon on uploader.
First of all the request going to SSL scanner enabled to see what is going inside the tunnel, since the connection to YouTube will be https. Also you need to have YouTube allowed at first place, because any request for video on YouTube, will eventually start with forming connection with YouTube itself. So if you have YouTube blocked it will never get allowed.
Please refer the below link for an example.