04-02-2012 08:37 AM - edited 03-04-2019 03:53 PM
Hi,
I'm trying to block this site (youtube.com) for the LAN users. I found an option in the class-map configuration that seems to allow me to do this but it's not working. the configuration is below:
class-map Youtube-Class
match protocol youtube
policy-map NoYoutube-Policy
class Youtube-class
drop
interface g0/0.10
!-- Ommited--
service-policy output NoYoutube-Policy
service-policy input NoYoutube-Policy
I guess it should be necessary to set the policy only in one way but since that wasn't working I tried both.
Am I missing something? or the "match protocol youtube" command is intended for other purposes.
By the way, I'm using a router as specified:
Thanks
04-02-2012 08:40 AM
JIC: there are some Uppercase/Lowercase mistakes in the previous post, but it is correctly configured in the router.
04-02-2012 02:00 PM
Just use an ACL and that will make it easier.
04-02-2012 02:21 PM
Hi Ricardo,
It is better to apply the policies to the interface that your users are using as their default gateway.
With this policies you are using NBAR.
In order to be sure that the NBAR works fine just configure the ip nbar protocol-discovery under the interface.
This will enable nbar discovery on your router.
If you use the next command "show ip nbar protocol-discovery stats bit-rate top-n 10" it will show you the top 10
bandwidth-eating applications . (just attention with nbar command since may increase the CPU/Memory needs of the router)
In this way you can see if the youtube appears in the list and then to block/restrict traffic with appropriate QoS policy.
If this does not work, I do not think that the ACL could work since ACL also uses NBAR to match youtube traffic.
Hope that helps!
Vasilis
04-02-2012 02:28 PM
I meant an IP address ACL.
OP can let us know later his luck with other methods.
04-02-2012 11:08 PM
Thanks to all for te replies.
Would this be easier with an ASA firewall? may be I'm just trying to setup a feature in the wrong device. Would it be possible to filter specific DNS queries? (just for some users while others still have access)
Thanks for all your help.
04-02-2012 11:18 PM
Does NBAR actually block the site? I would expect it only to block the video content apps. There is probably a much easier way to simply block the domain name. But then I suppose the NBAR would also pick up on other sites with embedded YouTube vids which might not match the domain filter.
Sent from Cisco Technical Support iPhone App
04-03-2012 12:32 AM
Hi,
Using an ASA to block https://www.youtube.com is not going to solve the problem. An ASA is unable to inspect encrypted traffic.
One alternative is to use a site like whois to find out all the IP addresses used by Youtube. Then write an ACL to block all these IP addresses. This will also block HTTPS traffic. However this can be a big task if Youtube keep registering new addresses for their site.
The simplest solution would be to install a proxy server. Direct all Internet traffic through this server. Then create a rule on this server to block Youtube.
Cheers
Sean
10-01-2022 08:49 AM
The YouTube Blue apk app offers a lot of features and controls that you won’t find in the official YouTube app for Android. YouTube is free, but it lacks many necessary features. In contrast, YouTube Blue allows you to access premium features and functionalities for free. An updated version of YouTube called YouTube Blue APK is very popular. The official YouTube app now has ad blurs, background playback, black/dark themes, and many more features. Download links and installation instructions are available here for users who are not rooted. Those who wish to use YouTube Blue APK can find it here.
10-01-2022 09:39 AM
Hello
try to match on the actual url -
match protocol http host "*youtube.com*"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide