• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1122
  • Last Modified:

I need to block specific youtube videos by using squid. How could that be possible?

Hi there;

I have Ubuntu 9 Server and I need to block specific youtube videos by using squid. How could that be possible?
Any guidelines or step by step explanation you may give here?

My aim is not completety banning whole youtube but some videos of it.

Note that I can definitely switch to a Debian or Centos if necessary.

Best regards.
0
jazzIIIlove
Asked:
jazzIIIlove
3 Solutions
 
jb1devCommented:
You can use squidGuard to block URLs with regexes.
See this example:

http://www.experts-exchange.com/Networking/Linux_Networking/Q_24867889.html
0
 
jazzIIIloveAuthor Commented:
Hi there;

I try to adapt the content in your link, but it's not working. I changed the following lines, restart the squid server and in my other machine having myip, I can enter the link: http://www.youtube.com/watch?v=u4lMWwqj2-k&feature=fvhl

I edit the file as below:

rew youtube {
    s@(.*youtube.com/watch?v=u4lMWwqj2-k&feature=fvhl)@\1\&safe=active@i
}

src bar-clients {
      ip            myip
}

What should I do? My aim is just redirecting link to google.com. Right it is even not banned.

Best regards.
#
# CONFIG FILE FOR SQUIDGUARD
#

dbhome /var/lib/squidguard/db
logdir /var/log/squid

#
# TIME RULES:
# abbrev for weekdays: 
# s = sun, m = mon, t =tue, w = wed, h = thu, f = fri, a = sat

time workhours {
	weekly mtwhf 08:00 - 16:30
	date *-*-01  08:00 - 16:30
}

#
# REWRITE RULES:
#

#rew dmz {
#	s@://admin/@://admin.foo.bar.no/@i
#	s@://foo.bar.no/@://www.foo.bar.no/@i
#}

rew youtube {
    s@(.*youtube.com/watch?v=u4lMWwqj2-k&feature=fvhl)@\1\&safe=active@i
}

#
# SOURCE ADDRESSES:
#

#src admin {
#	ip		1.2.3.4 1.2.3.5
#	user		root foo bar
#	within 		workhours
#}

#src foo-clients {
#	ip		172.16.2.32-172.16.2.100 172.16.2.100 172.16.2.200
#}

#src bar-clients {
#	ip		172.16.4.0/26
#}

src bar-clients {
	ip		myip
}
#mip is my ip:)
#
# DESTINATION CLASSES:
#

dest good {
}

dest local {
}

#dest adult {
#	domainlist	adult/domains
#	urllist		adult/urls
#	expressionlist	adult/expressions
#	redirect 	http://admin.foo.bar.no/cgi-bin/squidGuard.cgi?clientaddr=%a+clientname=%n+clientident=%i+srcclass=%s+targetclass=%t+url=%u
#}


acl {
#	admin {
#		pass	 any
#	}

#	foo-clients within workhours {
#		pass	 good !in-addr !adult any
#	} else {
#		pass any
#	}

#	bar-clients {
#		pass	local none
#	}

	default {
		pass	 local none
#		rewrite	 dmz
#		redirect http://admin.foo.bar.no/cgi-bin/squidGuard.cgi?clientaddr=%a+clientname=%n+clientident=%i+srcclass=%s+targetclass=%t+url=%u
	}
}

Open in new window

0
 
giltjrCommented:
Since the string:

     youtube.com/watch?v=u4lMWwqj2-k&feature=fvhl)@\1\&safe=active@i

includes some special characters that mean something when doing regular expressions you may have to escape them.

However, I am confused.  It seems you are saying that watching this moving over YouTube is banned, but watching it over Google is not?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
jazzIIIloveAuthor Commented:
yes, exactly. One single link. In fact the ACL must also include the cache from google but first, I need to ban the exact link.

Best regards.
0
 
jazzIIIloveAuthor Commented:
I am not good at regex. Could you provide me the ACL just for that link, I will do the google cache later.

Best regards.
0
 
giltjrCommented:
You can try:

     youtube.com\/watch\?v=u4lMWwqj2-k&feature=fvhl)@\\1\\&safe=active@i
0
 
The--CaptainCommented:
Never used squidguard, but it*was* at the top of my google search for this problem ;-)

Your URL is too specific, for starters.  You need to learn how to make them as generic as possible before creating a regex for the blacklist...

http://www.youtube.com/watch?v=u4lMWwqj2-k&feature=fvhl

should be

http://www.youtube.com/watch?v=u4lMWwqj2-k

the "feature" specifier (and probably most and/or all of the others) is irrelevant, and adds a restriction to your filter that you do not want or need.  You also should have wildcard matches on just about anything before and after the video specifier [v=u4lMWwqj2-k] , since I doubt the order of parameters will confuse youtube, but it could certainly evade a more specific filter.

It sounds like the regexes may be confusing you - start out with getting it to block youtube, then try to block specific videos.  BTW, google doesn't cache youtube videos, AFAIK - just the page for the video.  Block the youtube video URL correctly and you should be good to go given the criteria of your posts.

Also, ACLs are not regexes - you should learn the difference, and read up on unix regexes, or this project will not be feasible to you.

In any case, be sure you are picking your battles.  Any technical restriction can be circumvented, given enough time and will.  Your approach will be much more effective when combined with personnel policy (with regard to time and other resources) in these arenas.  Think about schools and corporations - they have filters (they're not perfect, but the indicate a reasonable intent) so that when someone circumvents them, they can be disciplined via warnings, suspension, expulsion/fired, etc..

Don't forget to log as well as filter.

Cheers,
-Jon
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now