Solved

Blocking Youtube access

Posted on 2008-10-09
10
1,778 Views
Last Modified: 2011-09-27
I need to block access to Youtube .

Can anyone give me a sample config that does this?
0
Comment
Question by:zerrth
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 3

Expert Comment

by:tdor
ID: 22682482
0
 
LVL 29

Expert Comment

by:Michael Worsham
ID: 22682489
Via 'nslookup youtube.com'

Non-authoritative answer:
Name:    youtube.com
Addresses:  208.65.153.238, 208.117.236.69, 208.65.153.251

access-list acl_inside deny ip any host 208.65.153.238
access-list acl_inside deny ip any host 208.117.236.69
access-list acl_inside deny ip any host 208.65.153.251
0
 
LVL 2

Expert Comment

by:DowntownIT
ID: 22682508
If you're managing DNS on your own (Microsoft DNS server or BIND, etc), you could just point the www.domain.com to localhost. Granted they could type in the IP address of the site and get around it if they knew what they were doing.

You could also create an access-list blocking the ip address of youtube but the DNS entry worked for me.
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 29

Expert Comment

by:Michael Worsham
ID: 22682562
One option you might be able to use is installing an open source Untangle appliance between your router and the internal network. In bridged mode, the Untangle appliance can be configured to QoS, prevent/block certain protocols and/or certain sites from being accessed via its web filtering roles, thus relieving your PIX from having to deal with the clutter.

Oh... and Untangle is also free.

Untangle Site:
http://www.untangle.com/

Untangle Product Overview:
http://www.untangle.com/index.php?option=com_content&task=view&id=86&Itemid=179
0
 
LVL 12

Accepted Solution

by:
Pugglewuggle earned 125 total points
ID: 22683878
From my experience, if  used improperly, Untangle tends to become a tangled mess.
The best way to block websites is using a feature of the ASA called Regular Expressions.
This will allow you to do all blocking directly on the firewall without any other software or devices. Compared to RegEx, everything else is a hassle and unreliable.
Here is the Cisco link to Regular Expressions setup.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml
Cheers! Let me know if you have any questions!
0
 
LVL 4

Expert Comment

by:yurisk
ID: 22684950
As Pugglewuggle  said the no-hassle way to block based on URL match is REgexp but .. - if
only you have version 8.x  of ASA OS. For previous versions you are left with blocking
by IPs (won't get you much as Youtube have nundreds of Ips).
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22685158
Yep! Good luck blocking YouTube (or any site) by IP! There are hundreds or thousands for really big sites. RegEx gets the whole site and all subdomains with one set of commands.
The best thing to do is upgrade your ASA software (latest version is 8.0.4).
Cheers!
0
 
LVL 3

Assisted Solution

by:leonjs
leonjs earned 125 total points
ID: 22751316
I would just paste my configuration for blocking youtube but its so long and you wouldnt be able to just paste it any way. Following the link above from pugglewuggle is the method to  use ..

 just want to mention though to block sites like videos.google.com without blocking access to google.com see my config... Obviously my list is short and Websense web filtering is a better method.
One reason you would do something like this is if you wanted to allow access to myspace but not allow music to be played on profiles or videos to be streamed from my space servers.

regex domainlist10 "lads\.myspace\.com"
regex domainlist12 "\.myspacetv\.com"
regex domainlist13 "video\.aol\.com"
regex domainlist14 "\.myspace\.com"
regex domainlist15 "\.facebook\.com"
regex domainlit11 "\.projectplaylist\.com"
regex domainlist1 "\.youtube\.com"
regex domainlist2 "\.break\.com"
regex domainlist3 "\.ebaumsworld\.com"
regex domainlist4 "video\.google\.com"
regex domainlist5 "vids\.myspace\.com"
regex domainlist6 "video\.yahoo\.com"
regex domainlist7 "\.addictinggames\.com"
regex domainlist8 "music\.myspace\.com"
regex domainlist9 "\.imeem\.com"
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36708057
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question