Solved

Blocking Youtube access

Posted on 2008-10-09
10
1,575 Views
Last Modified: 2011-09-27
I need to block access to Youtube .

Can anyone give me a sample config that does this?
0
Comment
Question by:zerrth
10 Comments
 
LVL 3

Expert Comment

by:tdor
ID: 22682482
0
 
LVL 29

Expert Comment

by:Michael W
ID: 22682489
Via 'nslookup youtube.com'

Non-authoritative answer:
Name:    youtube.com
Addresses:  208.65.153.238, 208.117.236.69, 208.65.153.251

access-list acl_inside deny ip any host 208.65.153.238
access-list acl_inside deny ip any host 208.117.236.69
access-list acl_inside deny ip any host 208.65.153.251
0
 
LVL 2

Expert Comment

by:DowntownIT
ID: 22682508
If you're managing DNS on your own (Microsoft DNS server or BIND, etc), you could just point the www.domain.com to localhost. Granted they could type in the IP address of the site and get around it if they knew what they were doing.

You could also create an access-list blocking the ip address of youtube but the DNS entry worked for me.
0
 
LVL 29

Expert Comment

by:Michael W
ID: 22682562
One option you might be able to use is installing an open source Untangle appliance between your router and the internal network. In bridged mode, the Untangle appliance can be configured to QoS, prevent/block certain protocols and/or certain sites from being accessed via its web filtering roles, thus relieving your PIX from having to deal with the clutter.

Oh... and Untangle is also free.

Untangle Site:
http://www.untangle.com/

Untangle Product Overview:
http://www.untangle.com/index.php?option=com_content&task=view&id=86&Itemid=179
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 12

Accepted Solution

by:
Pugglewuggle earned 125 total points
ID: 22683878
From my experience, if  used improperly, Untangle tends to become a tangled mess.
The best way to block websites is using a feature of the ASA called Regular Expressions.
This will allow you to do all blocking directly on the firewall without any other software or devices. Compared to RegEx, everything else is a hassle and unreliable.
Here is the Cisco link to Regular Expressions setup.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml
Cheers! Let me know if you have any questions!
0
 
LVL 4

Expert Comment

by:yurisk
ID: 22684950
As Pugglewuggle  said the no-hassle way to block based on URL match is REgexp but .. - if
only you have version 8.x  of ASA OS. For previous versions you are left with blocking
by IPs (won't get you much as Youtube have nundreds of Ips).
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22685158
Yep! Good luck blocking YouTube (or any site) by IP! There are hundreds or thousands for really big sites. RegEx gets the whole site and all subdomains with one set of commands.
The best thing to do is upgrade your ASA software (latest version is 8.0.4).
Cheers!
0
 
LVL 3

Assisted Solution

by:leonjs
leonjs earned 125 total points
ID: 22751316
I would just paste my configuration for blocking youtube but its so long and you wouldnt be able to just paste it any way. Following the link above from pugglewuggle is the method to  use ..

 just want to mention though to block sites like videos.google.com without blocking access to google.com see my config... Obviously my list is short and Websense web filtering is a better method.
One reason you would do something like this is if you wanted to allow access to myspace but not allow music to be played on profiles or videos to be streamed from my space servers.

regex domainlist10 "lads\.myspace\.com"
regex domainlist12 "\.myspacetv\.com"
regex domainlist13 "video\.aol\.com"
regex domainlist14 "\.myspace\.com"
regex domainlist15 "\.facebook\.com"
regex domainlit11 "\.projectplaylist\.com"
regex domainlist1 "\.youtube\.com"
regex domainlist2 "\.break\.com"
regex domainlist3 "\.ebaumsworld\.com"
regex domainlist4 "video\.google\.com"
regex domainlist5 "vids\.myspace\.com"
regex domainlist6 "video\.yahoo\.com"
regex domainlist7 "\.addictinggames\.com"
regex domainlist8 "music\.myspace\.com"
regex domainlist9 "\.imeem\.com"
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36708057
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Overview The Cisco PIX 501, PIX 506e, ASA 5505 and ASA 5510 (most if not all of this information will be relevant to the PIX 515e but I do not have a working configuration handy to verify the validity) are primarily used within small to medium busi…
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
Delivering innovative fully-managed cloud services for mission-critical applications requires expertise in multiple areas plus vision and commitment. Meet a few of the people behind the quality services of Concerto.
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now