How to block various YouTube features using App Rules

12/09/2024 0 People found this article helpful 927 Views

Description

This articles shows how to block like/dislike/comment/share/subscribe/save/download/upload features of YouTube using App Rules. As there are individual signatures assigned for each feature, only certain features can also be blocked while allowing the others.

Resolution

The following configuration changes are mandatory for App Rules to effectively block required YouTube signatures-

Login to the SonicWall Management UI.
Block UDP traffic on ports 80 and 443 using access rules from internal zone (LAN) to WAN zone.
- Create Service objects for UDP port 80 and 443
- Create Service group and add UDP 80 and 443 objects to the group
- Add a new Access Rule to block traffic to WAN on UDP port 80 and 443
Enable Client DPI-SSL and also enable the options for all the features on which you wish to apply DPI-SSL.

NOTE: If this is the first time DPI-SSL is being enabled on the firewall then please consult the following KB - Where can I learn more about DPI-SSL?
Make sure GAV and IPS is enabled.
Enable the checkbox for "Enable Optimal Value below" from the diag page and Change "Optimal value" from 10240 to 50000.
Disable the checkbox for 'Limit IPS CFT scan' from the diag page settings in the firewall.

NOTE: Please consult support for making the above changes (Step 5 and 6) in the diag page.
Create a match object with the following signatures-

Like/Dislike/Comment-
SIG_ID : 3908, "YouTube -- App Feature (Like) [Reqs DPI-SSL CI] 1"
SIG_ID : 3967, "YouTube -- App Feature (Dislike) [Reqs DPI-SSL CI] 1"
SIG_ID : 4404, "App Feature (Existing Comment Like Dislike) [Reqs DPI-SSL CI] 1"
SIG_ID : 3914, "YouTube -- App Feature (Comment) [Reqs DPI-SSL CI] 1"
SIG_ID : 4405, "App Feature (Existing Comment Reply) [Reqs DPI-SSL CI] 1"

Share-
SIG_ID : 3476, "YouTube -- App Feature (Share) [Reqs DPI-SSL CI] 1"

Subscribe-
SIG_ID : 3916, "YouTube -- App Feature (Subscribe) [Reqs DPI-SSL CI] 1"

Save-
SIG_ID : 3947, "YouTube -- App Feature (Save) [Reqs DPI-SSL CI] 1"
SIG_ID : 3969, "YouTube -- App Feature (Save) [Reqs DPI-SSL CI] 1"

Download-
SIG_ID : 3915, "YouTube -- App Feature (Download) [Reqs DPI-SSL CI] 1"

Upload-
SIG_ID : 10507, "YouTube -- App Feature (Video Upload) 1 [Reqs DPI-SSL CI]"
SIG_ID : 13499, "YouTube -- App Feature (Video Upload) 2 [Reqs DPI-SSL CI]"
SIG_ID : 3975, "YouTube -- App Feature (Video Upload) 3[Reqs DPI-SSL CI]"
Enable App Rules in the global settings. Add a new App rule with above match object to block the added signatures.

Testing Results-

While testing these features, it would initially look like they are going through as they would show up in the UI as being accepted. However once the page is refreshed, it can be noticed that the UI wont show them anymore as they got blocked.

Event Logs should show logs similar to below image-

Not Finding Your Answers?

ASK THE COMMUNITY

Was This Article Helpful?

YES NO

How to block various YouTube features using App Rules

Description

Resolution

Related Articles

Categories

Not Finding Your Answers?

Was This Article Helpful?

Article Helpful Form

Article Not Helpful Form

Follow Us

Subscribe to newsletter

Stay In Touch