cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
962
Views
0
Helpful
3
Replies

Cisco IronPort - Youtube filtered except when logged on google

admincoco
Level 1
Level 1

Hello everybody

Have you heard about that ?

My Cisco Ironport filters youtube videos. I cant play any video.

But, if I log on google first, with a google account, I can access youtube and watch videos.

3 Replies 3

akilgore
Cisco Employee
Cisco Employee

The different outcomes are likely caused by connecting to Youtube using different protocols. When you browse to Youtube normally, you should see www.youtube.com as the address in your browser -- an http connection. However, signing into your Google account and then browsing to Youtube will result in https://www.youtube.com/--an https connection--because your Google account is also in use on Youtube. Content accessed on Youtube via http is being blocked, but content accessed via https is not.

 

Hi akilgore,

Thank you for your answer. That is a good explanation.

I have tried to look how to block youtube through https protocol.

 

I went on Youtube with https to get the categorie or IP of that website.

When I look on my Ironport > Webtracking menu, I can only see Google IP's which are classified as "Search Engines and Portals" (so it is allowed)

The Youtube IP adresses are not reflected on the Ironport so I cannot block them.

 

Do you have a tip to do that ? Or Google has done something to bypass Ironport proxies ?

Thank you

Hi,

My guess is you are not using https inspection, if you were it would work as you wanted.

This does require work to set up though.

An external supplied proxy we use provided a workaround, although I haven't had time to see if it's possible to replicate on an IronPort, this was done to enforce safe search when someone was logged into Google:

The changes made today are as follows:

- Requests for www.google.com or www.google.co.uk are returned with nosslsearch.google.com by the WFS Gateway.

- Requests for encrypted.google.com are blocked.

The way this works is that when a user requests www.google.com or www.google.co.uk they are instead asking for nosslsearch.google.com - This way Google does not redirect the user to the encrypted HTTPS version of www.google.com or www.google.co.uk - Now that the webpage is not encrypted the Content Filter can now enforce the safe search options.

Thanks

Chris