• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1974
  • Last Modified:

Blocking Youtube access

I need to block access to Youtube .

Can anyone give me a sample config that does this?
0
zerrth
Asked:
zerrth
2 Solutions
 
tdorCommented:
0
 
Michael WorshamInfrastructure / Solutions ArchitectCommented:
Via 'nslookup youtube.com'

Non-authoritative answer:
Name:    youtube.com
Addresses:  208.65.153.238, 208.117.236.69, 208.65.153.251

access-list acl_inside deny ip any host 208.65.153.238
access-list acl_inside deny ip any host 208.117.236.69
access-list acl_inside deny ip any host 208.65.153.251
0
 
DowntownITCommented:
If you're managing DNS on your own (Microsoft DNS server or BIND, etc), you could just point the www.domain.com to localhost. Granted they could type in the IP address of the site and get around it if they knew what they were doing.

You could also create an access-list blocking the ip address of youtube but the DNS entry worked for me.
0
Get Cisco Certified in IT Security

There’s a high demand for IT security experts and network administrators who can safeguard the data that individuals, corporations, and governments rely on every day. Pursue your B.S. in Network Operations and Security and gain the credentials you need for this high-growth field.

 
Michael WorshamInfrastructure / Solutions ArchitectCommented:
One option you might be able to use is installing an open source Untangle appliance between your router and the internal network. In bridged mode, the Untangle appliance can be configured to QoS, prevent/block certain protocols and/or certain sites from being accessed via its web filtering roles, thus relieving your PIX from having to deal with the clutter.

Oh... and Untangle is also free.

Untangle Site:
http://www.untangle.com/

Untangle Product Overview:
http://www.untangle.com/index.php?option=com_content&task=view&id=86&Itemid=179
0
 
PugglewuggleCommented:
From my experience, if  used improperly, Untangle tends to become a tangled mess.
The best way to block websites is using a feature of the ASA called Regular Expressions.
This will allow you to do all blocking directly on the firewall without any other software or devices. Compared to RegEx, everything else is a hassle and unreliable.
Here is the Cisco link to Regular Expressions setup.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml
Cheers! Let me know if you have any questions!
0
 
yuriskCommented:
As Pugglewuggle  said the no-hassle way to block based on URL match is REgexp but .. - if
only you have version 8.x  of ASA OS. For previous versions you are left with blocking
by IPs (won't get you much as Youtube have nundreds of Ips).
0
 
PugglewuggleCommented:
Yep! Good luck blocking YouTube (or any site) by IP! There are hundreds or thousands for really big sites. RegEx gets the whole site and all subdomains with one set of commands.
The best thing to do is upgrade your ASA software (latest version is 8.0.4).
Cheers!
0
 
leonjsCommented:
I would just paste my configuration for blocking youtube but its so long and you wouldnt be able to just paste it any way. Following the link above from pugglewuggle is the method to  use ..

 just want to mention though to block sites like videos.google.com without blocking access to google.com see my config... Obviously my list is short and Websense web filtering is a better method.
One reason you would do something like this is if you wanted to allow access to myspace but not allow music to be played on profiles or videos to be streamed from my space servers.

regex domainlist10 "lads\.myspace\.com"
regex domainlist12 "\.myspacetv\.com"
regex domainlist13 "video\.aol\.com"
regex domainlist14 "\.myspace\.com"
regex domainlist15 "\.facebook\.com"
regex domainlit11 "\.projectplaylist\.com"
regex domainlist1 "\.youtube\.com"
regex domainlist2 "\.break\.com"
regex domainlist3 "\.ebaumsworld\.com"
regex domainlist4 "video\.google\.com"
regex domainlist5 "vids\.myspace\.com"
regex domainlist6 "video\.yahoo\.com"
regex domainlist7 "\.addictinggames\.com"
regex domainlist8 "music\.myspace\.com"
regex domainlist9 "\.imeem\.com"
0
 
Ernie BeekExpertCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now