Solved

Blocking Youtube access

Posted on 2008-10-09
10
1,533 Views
Last Modified: 2011-09-27
I need to block access to Youtube .

Can anyone give me a sample config that does this?
0
Comment
Question by:zerrth
10 Comments
 
LVL 3

Expert Comment

by:tdor
ID: 22682482
0
 
LVL 29

Expert Comment

by:Michael W
ID: 22682489
Via 'nslookup youtube.com'

Non-authoritative answer:
Name:    youtube.com
Addresses:  208.65.153.238, 208.117.236.69, 208.65.153.251

access-list acl_inside deny ip any host 208.65.153.238
access-list acl_inside deny ip any host 208.117.236.69
access-list acl_inside deny ip any host 208.65.153.251
0
 
LVL 2

Expert Comment

by:DowntownIT
ID: 22682508
If you're managing DNS on your own (Microsoft DNS server or BIND, etc), you could just point the www.domain.com to localhost. Granted they could type in the IP address of the site and get around it if they knew what they were doing.

You could also create an access-list blocking the ip address of youtube but the DNS entry worked for me.
0
 
LVL 29

Expert Comment

by:Michael W
ID: 22682562
One option you might be able to use is installing an open source Untangle appliance between your router and the internal network. In bridged mode, the Untangle appliance can be configured to QoS, prevent/block certain protocols and/or certain sites from being accessed via its web filtering roles, thus relieving your PIX from having to deal with the clutter.

Oh... and Untangle is also free.

Untangle Site:
http://www.untangle.com/

Untangle Product Overview:
http://www.untangle.com/index.php?option=com_content&task=view&id=86&Itemid=179
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 12

Accepted Solution

by:
Pugglewuggle earned 125 total points
ID: 22683878
From my experience, if  used improperly, Untangle tends to become a tangled mess.
The best way to block websites is using a feature of the ASA called Regular Expressions.
This will allow you to do all blocking directly on the firewall without any other software or devices. Compared to RegEx, everything else is a hassle and unreliable.
Here is the Cisco link to Regular Expressions setup.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml
Cheers! Let me know if you have any questions!
0
 
LVL 4

Expert Comment

by:yurisk
ID: 22684950
As Pugglewuggle  said the no-hassle way to block based on URL match is REgexp but .. - if
only you have version 8.x  of ASA OS. For previous versions you are left with blocking
by IPs (won't get you much as Youtube have nundreds of Ips).
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22685158
Yep! Good luck blocking YouTube (or any site) by IP! There are hundreds or thousands for really big sites. RegEx gets the whole site and all subdomains with one set of commands.
The best thing to do is upgrade your ASA software (latest version is 8.0.4).
Cheers!
0
 
LVL 3

Assisted Solution

by:leonjs
leonjs earned 125 total points
ID: 22751316
I would just paste my configuration for blocking youtube but its so long and you wouldnt be able to just paste it any way. Following the link above from pugglewuggle is the method to  use ..

 just want to mention though to block sites like videos.google.com without blocking access to google.com see my config... Obviously my list is short and Websense web filtering is a better method.
One reason you would do something like this is if you wanted to allow access to myspace but not allow music to be played on profiles or videos to be streamed from my space servers.

regex domainlist10 "lads\.myspace\.com"
regex domainlist12 "\.myspacetv\.com"
regex domainlist13 "video\.aol\.com"
regex domainlist14 "\.myspace\.com"
regex domainlist15 "\.facebook\.com"
regex domainlit11 "\.projectplaylist\.com"
regex domainlist1 "\.youtube\.com"
regex domainlist2 "\.break\.com"
regex domainlist3 "\.ebaumsworld\.com"
regex domainlist4 "video\.google\.com"
regex domainlist5 "vids\.myspace\.com"
regex domainlist6 "video\.yahoo\.com"
regex domainlist7 "\.addictinggames\.com"
regex domainlist8 "music\.myspace\.com"
regex domainlist9 "\.imeem\.com"
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36708057
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Overview The Cisco PIX 501, PIX 506e, ASA 5505 and ASA 5510 (most if not all of this information will be relevant to the PIX 515e but I do not have a working configuration handy to verify the validity) are primarily used within small to medium busi…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now