Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Joseflorez
Contributor

Granular Control of Navigation

HI

I to try to create a policy that allow the navegation to URL of YouTube in specific, not to the application in general. I use URL Filtering and HTTP Inspection but it nots work.  will this configuration be possible?

0 Kudos
10 Replies
PhoneBoy
Admin
Admin

If you're trying to allow access to specific videos only...it's complicated due to the complexity of the YouTube site.
You create a custom application/site with the following (this is regex):

googlevideo.com
(^|.*\.)youtube\.com/watch\?v=##VID##'
(^|.*\.)youtu\.be/.*##VID##.*
(^|.*\.)ytimg\.com/.*/##VID##/
(^|.*\.)youtube.com/embed/##VID##


Yes, each video requires four separate URLs.
Videos are streamed from *.googlevideo.com.

Note above is per: https://community.checkpoint.com/t5/SMB-Gateways-Spark/Allowing-or-blocking-specific-youtube-videos/... 

0 Kudos
Joseflorez
Contributor

Hi Phone Boy

I try to do the configuration of policy as you suggested but is not works, Appear a notification where there is characters that may affect performance. Even so I install policies but it doesn't work.

This is configuration

Rules

Rule.PNG

Rule HTTP Inspection

rule_inspection.PNG

I try with the action in Bypass but get the same result. According to the configuration that I made, do I have something wrong?

Joseflorez
Contributor

Thi is the custom application/site

AppSite.PNG

PhoneBoy
Admin
Admin

You can't use the Custom Application Site with the HTTPS Inspection rule.
Use the service of HTTPS there.

Joseflorez
Contributor

The custom application site with the HTTPS inspection rule I put it there as a test, if I remove it it does not work for me

0 Kudos
PhoneBoy
Admin
Admin

The category for the HTTPS rule should be “any.”
I also don’t see googlevideo.com in the list.

Also the above assumes you’re on R80.40+ or R80.30 with a recent JHF.

0 Kudos
Joseflorez
Contributor

Hi PhoneBoy 

The category for the HTTPS rule is ANY, 

googlevideo.com is in the list just at the top, but  it does not work.

apsite_test.PNG

The SMS version is  HOTFIX_R80_40_JUMBO_HF_MAIN Take: 91

The GW version is  HOTFIX_R80_30_JUMBO_HF_MAIN Take: 228

PhoneBoy
Admin
Admin

By "not work" what does that mean precisely?
What is the exact behavior?
Any (redacted) logs you can share?
Note the URLs in question were provided by a CheckMates member and we may be missing something. 

Joseflorez
Contributor

Hi

"Not work" mean that when i to try load the specific URL configure in the rule does not load, The log appear the traffic Inspected to youtube without anomalies.

I will try to change the syntax of the lines placed in the Custom Application Site. But from the fabricant's point of view this is possible? I had understood that HTTP Inspection takes the certificate of a URL to perform some action but not the content of the specific URL. For that reason I have the doubt if it is possible

PhoneBoy
Admin
Admin

Full HTTPS Inspection (not just HTTPS Categorization) is required to make this work.
That is the only way you can actually see the URL.
The Category/Custom Application Site in your HTTPS Inspection rule should not contain the Custom Application/Site you created for this purpose.
It needs to be "Any" or at the very least "Media Streams" to see everything YouTube-related.

If the above does not help, please provide screenshots of the exact behavior and logs seen and/or engage with the TAC. 


0 Kudos