Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Blocking Youtube access

Posted on 2008-10-09
10
Medium Priority
?
1,932 Views
Last Modified: 2011-09-27
I need to block access to Youtube .

Can anyone give me a sample config that does this?
0
Comment
Question by:zerrth
10 Comments
 
LVL 3

Expert Comment

by:tdor
ID: 22682482
0
 
LVL 29

Expert Comment

by:Michael Worsham
ID: 22682489
Via 'nslookup youtube.com'

Non-authoritative answer:
Name:    youtube.com
Addresses:  208.65.153.238, 208.117.236.69, 208.65.153.251

access-list acl_inside deny ip any host 208.65.153.238
access-list acl_inside deny ip any host 208.117.236.69
access-list acl_inside deny ip any host 208.65.153.251
0
 
LVL 2

Expert Comment

by:DowntownIT
ID: 22682508
If you're managing DNS on your own (Microsoft DNS server or BIND, etc), you could just point the www.domain.com to localhost. Granted they could type in the IP address of the site and get around it if they knew what they were doing.

You could also create an access-list blocking the ip address of youtube but the DNS entry worked for me.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 29

Expert Comment

by:Michael Worsham
ID: 22682562
One option you might be able to use is installing an open source Untangle appliance between your router and the internal network. In bridged mode, the Untangle appliance can be configured to QoS, prevent/block certain protocols and/or certain sites from being accessed via its web filtering roles, thus relieving your PIX from having to deal with the clutter.

Oh... and Untangle is also free.

Untangle Site:
http://www.untangle.com/

Untangle Product Overview:
http://www.untangle.com/index.php?option=com_content&task=view&id=86&Itemid=179
0
 
LVL 12

Accepted Solution

by:
Pugglewuggle earned 500 total points
ID: 22683878
From my experience, if  used improperly, Untangle tends to become a tangled mess.
The best way to block websites is using a feature of the ASA called Regular Expressions.
This will allow you to do all blocking directly on the firewall without any other software or devices. Compared to RegEx, everything else is a hassle and unreliable.
Here is the Cisco link to Regular Expressions setup.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml
Cheers! Let me know if you have any questions!
0
 
LVL 4

Expert Comment

by:yurisk
ID: 22684950
As Pugglewuggle  said the no-hassle way to block based on URL match is REgexp but .. - if
only you have version 8.x  of ASA OS. For previous versions you are left with blocking
by IPs (won't get you much as Youtube have nundreds of Ips).
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22685158
Yep! Good luck blocking YouTube (or any site) by IP! There are hundreds or thousands for really big sites. RegEx gets the whole site and all subdomains with one set of commands.
The best thing to do is upgrade your ASA software (latest version is 8.0.4).
Cheers!
0
 
LVL 3

Assisted Solution

by:leonjs
leonjs earned 500 total points
ID: 22751316
I would just paste my configuration for blocking youtube but its so long and you wouldnt be able to just paste it any way. Following the link above from pugglewuggle is the method to  use ..

 just want to mention though to block sites like videos.google.com without blocking access to google.com see my config... Obviously my list is short and Websense web filtering is a better method.
One reason you would do something like this is if you wanted to allow access to myspace but not allow music to be played on profiles or videos to be streamed from my space servers.

regex domainlist10 "lads\.myspace\.com"
regex domainlist12 "\.myspacetv\.com"
regex domainlist13 "video\.aol\.com"
regex domainlist14 "\.myspace\.com"
regex domainlist15 "\.facebook\.com"
regex domainlit11 "\.projectplaylist\.com"
regex domainlist1 "\.youtube\.com"
regex domainlist2 "\.break\.com"
regex domainlist3 "\.ebaumsworld\.com"
regex domainlist4 "video\.google\.com"
regex domainlist5 "vids\.myspace\.com"
regex domainlist6 "video\.yahoo\.com"
regex domainlist7 "\.addictinggames\.com"
regex domainlist8 "music\.myspace\.com"
regex domainlist9 "\.imeem\.com"
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36708057
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question