cancel
Showing results for 
Search instead for 
Did you mean: 
McAfee Employee jebeling
McAfee Employee
Report Inappropriate Content
Message 1 of 5

Why are Some Multimedia Sites Classified as Entertainment Instead of Streaming?

Jump to solution

There are many multimedia sites like music.amazon.com, disneyplus.com and siriusxm.com that are sometimes classified as Entertainment and not streaming or Internet Radio / TV. Why and how can I block them?

URL Status Categorization Reputation
http://disneyplus.com Categorized URL - Entertainment Minimal Risk
http://music.amazon.com Categorized URL - Internet Radio/TV Minimal Risk
 http://siriusxm.com Categorized URL - Entertainment Minimal Risk

 

1 Solution

Accepted Solutions
McAfee Employee jebeling
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: Why are Some Multimedia Sites Classified as Entertainment Instead of Streaming?

Jump to solution

Often the sites in question offer Entertainment content and the streaming is actually from a different site or a Content Delivery Network (CDN) like Akamai or CloudFront. The flexibility and granularity of the MWG rule engine allows you to surgically block only the appropriate portions of these CDNs if you want to block streaming from poplular multi-media sites that are not categorized as streaming or Internet Radio/TV. Referer headers and streaming detector property can effectively be used to help with blocking streaming from certain sites without blocking an entire CDN. You could categorize the referer header and block if a stream is detected and the referer category is Entertainment.

Examples:

siriusxm.com

The base site is not streaming, it is Entertainment. Maybe you want to allow users to check or configure their accounts but not stream to save bandwidth. In this case the stream data actually comes from player.siriusxm.com which is correctly categorized. No issue here.

URL Status Categorization Reputation
http://player.siriusxm.com Categorized URL - Internet Radio/TV Minimal Risk
 

music.amazon.com

music.amazon.com was recently changed from Entertainment to Internet Radio/TV. However, music.amazon.com actually hosts its content on CloudFront servers. You can now block music.amazon.com by simply blocking Internet Radio/TV category but previously you could have  blocked it by blocking cloudfront.com when the referer was music.amazon.com

disneyplus.com

The streaming content comes from media.dssott.com and various subdomains which are currently categorized as Business. However the streamdetector property in combination with the domain could be used to block the streaming. The referrer header https://www.disneyplus.com/video/... could also be used to help with filtering

URL Status Categorization Reputation
https://media.dssott.com Categorized URL - Business Minimal Risk
 

 

 

 

View solution in original post

4 Replies
McAfee Employee jebeling
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: Why are Some Multimedia Sites Classified as Entertainment Instead of Streaming?

Jump to solution

Often the sites in question offer Entertainment content and the streaming is actually from a different site or a Content Delivery Network (CDN) like Akamai or CloudFront. The flexibility and granularity of the MWG rule engine allows you to surgically block only the appropriate portions of these CDNs if you want to block streaming from poplular multi-media sites that are not categorized as streaming or Internet Radio/TV. Referer headers and streaming detector property can effectively be used to help with blocking streaming from certain sites without blocking an entire CDN. You could categorize the referer header and block if a stream is detected and the referer category is Entertainment.

Examples:

siriusxm.com

The base site is not streaming, it is Entertainment. Maybe you want to allow users to check or configure their accounts but not stream to save bandwidth. In this case the stream data actually comes from player.siriusxm.com which is correctly categorized. No issue here.

URL Status Categorization Reputation
http://player.siriusxm.com Categorized URL - Internet Radio/TV Minimal Risk
 

music.amazon.com

music.amazon.com was recently changed from Entertainment to Internet Radio/TV. However, music.amazon.com actually hosts its content on CloudFront servers. You can now block music.amazon.com by simply blocking Internet Radio/TV category but previously you could have  blocked it by blocking cloudfront.com when the referer was music.amazon.com

disneyplus.com

The streaming content comes from media.dssott.com and various subdomains which are currently categorized as Business. However the streamdetector property in combination with the domain could be used to block the streaming. The referrer header https://www.disneyplus.com/video/... could also be used to help with filtering

URL Status Categorization Reputation
https://media.dssott.com Categorized URL - Business Minimal Risk
 

 

 

 

View solution in original post

Highlighted
Reliable Contributor AaronT
Reliable Contributor
Report Inappropriate Content
Message 3 of 5

Re: Why are Some Multimedia Sites Classified as Entertainment Instead of Streaming?

Jump to solution

Jeff,

I created a rule "StreamDetector.IsMediaStream" equals true and Header.Get("referer") matches *.disneyplus.com* and was still able to stream the disneyplus video.

Curiously, in the rule trace, the StreamDetector is equal to false, (and equal to 0 when I get the StreamDetector.Probability), so it doesn't block.

Interestingly, I see the vod-*.media.dssott.com in the rule trace.  If I refresh/reload my browser window, it loads hxxps://www.disneyplus.com/video/<unique video id> which is categorized as streaming media/internet radio tv and blocked at the category.

Thoughts?

McAfee Employee jebeling
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: Why are Some Multimedia Sites Classified as Entertainment Instead of Streaming?

Jump to solution

My testing was just referrer disneyplus.com and domain dssott.com I didn't bother to check if this was detected as a media stream. Media stream might be useful for other similar site but apparently not for this one. Maybe use an OR as in:

referrer (disneyplus.com) AND (domain(media.dssott.com) OR streaming media (true)) 

If this is applied to both request and response it would block in the request cycle. If this was applied only to the response cycle it would block in the response cycle regardless of stream detection. I believe streaming media will always evaluate false in the request cycle as a stream probably cannot be detected until content starts coming back in the response cycle.

Reliable Contributor AaronT
Reliable Contributor
Report Inappropriate Content
Message 5 of 5

Re: Why are Some Multimedia Sites Classified as Entertainment Instead of Streaming?

Jump to solution

After some trial and error, it looks like using "Header.Request.Get('referer') matches "https://www.disneyplus.com" AND StreamDetector.IsMediaStream equals True are the key.  

dssott.com must also be in the SSL Inspection Category for URL.Host.BelongsToDomains

Just make sure to use Header.Request.Get, not Header.Get...

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community