Palo Alto Networks Knowledgebase: How to Allow a Single YouTube Video and Block All Other Videos

How to Allow a Single YouTube Video and Block All Other Videos

23215
Created On 08/05/19 19:58 PM - Last Updated 08/05/19 20:11 PM
Policy
Resolution

How to Allow a Single YouTube Video and Block All Other Videos

In this example we only want to allow this one youtube video: https://www.youtube.com/watch?v=hHiRb8t2hLM, and block the rest of YouTube. 
Please follow these steps to accomplish this.

Steps

  1. Block streaming-media in your URL Filtering Profile. Get there in the WebGUI > Objects > Security Profiles > URL Filtering > click on the URL Filtering profile you would like to use.
    2016-12-21_block allow youtube1.pngURL Filtering Profile detail showing Streaming-Media being set to Block.
     
  2. Create a Custom URL Category from Objects > Custom Objects > URL Category.
    Your Custom URL Category must include the following entries:

    *.youtube.com
    *.googlevideo.com
    www.youtube-nocookie.com
    www.youtube.com/yts/jsbin/
    www.youtube.com/yts/cssbin/

    Screen Shot 2018-07-05 at 3.45.17 PM.png

    ... this will make sure that any youtube page or content you go to is decrypted, so that the full HTTP GET can be read.

     
  3. Add a decryption policy of type SSL Forward Proxy, the decryption policy must be tied to your Custom URL Category in the "Service/URL Category" tab.
    Please see the following article about configuring SSL Decryption:
    How to Implement and Test SSL Decryption 
  4. Go to your URL Filtering profile, in the Allow list add the following URL's:

    www.youtube.com/watch?v=hHiRb8t2hLM
    *.googlevideo.com

    ... the first entry is the URL for the container page itself, then *.googlevideo.com will allow the media that is fetched from that container page out of Google's content CDN at *.googlevideo.com .

    Also, make sure that the custom URL category you created is also "allowed" inside of the URL filtering profile.
    2016-12-21_block allow youtube4.pngURL filtering profile detail showing the allowed URL List.
     
  5. Commit and test.

 

Thanks to Milvaldi for the contribution.

Please Note: These instructions worked when this was published, but due to YouTube constantly changing their server configuration, this may stop working.

owner: jdelio

 

 



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGzCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language