Palo Alto Networks Knowledgebase: Allow access to embedded YouTube videos and block others

Allow access to embedded YouTube videos and block others

8774
Created On 02/08/19 00:06 AM - Last Updated 02/08/19 00:06 AM
URL Filtering
Resolution

How to allow access to YouTube videos embedded in a website, but block access to other YouTube videos

 

Use Case: 

 

An administrator of the Palo Alto Networks next-generation firewall wants to enable students/employees to watch YouTube videos embedded in their website, but block access to all other YouTube videos.

 

Solution:

 

1) Create a Custom URL Category  and add *.youtube.com entry to it.

  • Navigate to Objects -> Custom Objects -> URL Cateogry and click Add
  • Enter valid name and Add "*.youtube.com" under Sites.
  • Click OK

Screen Shot 2018-07-03 at 10.37.39 AM.pngCustom URL Category Object

 

2) Create a new URL Filtering profile by cloning the default URL filtering profile.

  • Navigate to Objects -> Security Profiles -> URL Filtering and click Add
  • Assign appropriate policy actions to all categories.
  • Set the policy action to “block” for the custom URL Category created in the previos step.
  • In the Overrides tab add the below URLs in the “Allow List”:
  • For example, if we wanted to allow YouTube videos embedded in the Palo Alto Networks website, we would add "paloaltonetworks" instead of "[your-company-domain]" in the above Allow List.
  • Save the URL Filtering Profile.

 

Screen Shot 2018-07-03 at 10.52.02 AM.png

 

Screen Shot 2018-07-03 at 1.49.39 PM.png

 

3) Add the URL filtering profile to the appropriate security policy/policies and Commit the configuration. 

4) The above steps result in blocking all of YouTube, but allow only playing those YouTube videos that are embeded in your website. 

 

 

 

How to determine the "[your-company-domain]" to be used in the Allow List:

 

- Using the Chrome browser, or any modern browser with built-in developer tools, navigate to the webpage with the embed YouTube video.

- Right-click near the video on the webpage and select Inspect.

- Click the Network tab.

- Clear all existing entries and play the video.

- Pause the video and find the entry with "get_video_info?" in the Network tab.

- Click on the entry and look at the full Request URL and get the referrer/domain information in the URL that is specific to your website.

- Use that as part of the Allow list entry.

 

Screen Shot 2018-07-03 at 11.57.06 AM.png

 



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClikCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language