An administrator of the Palo Alto Networks next-generation firewall wants to enable students/employees to watch YouTube videos embedded in their website, but block access to all other YouTube videos.
1) Create a Custom URL Category and add *.youtube.com entry to it.
Custom URL Category Object
2) Create a new URL Filtering profile by cloning the default URL filtering profile.
3) Add the URL filtering profile to the appropriate security policy/policies and Commit the configuration.
4) The above steps result in blocking all of YouTube, but allow only playing those YouTube videos that are embeded in your website.
How to determine the "[your-company-domain]" to be used in the Allow List:
- Using the Chrome browser, or any modern browser with built-in developer tools, navigate to the webpage with the embed YouTube video.
- Right-click near the video on the webpage and select Inspect.
- Click the Network tab.
- Clear all existing entries and play the video.
- Pause the video and find the entry with "get_video_info?" in the Network tab.
- Click on the entry and look at the full Request URL and get the referrer/domain information in the URL that is specific to your website.
- Use that as part of the Allow list entry.