How can I block youtube

webfilter
v7
ndpi

(Christian Gabriel Ferrero) #1

Good afternoon, I’m having trouble blocking Youtube


Transparent HTTPS proxy
(Ralf Jeckel) #2

Please can you tell us more details.

NS version, installed modules, proxy configuration etc.


(Christian Gabriel Ferrero) #3

Hello good afternoon, it is the version NethServer release 7.4.1708 (Final)
The installed modules are “Basic firewall” - “Deep packet inspection (DPI)” - “Intrusion Prevention System” - “Web filter” - "Web proxy"
The configuration that I made is the following
I registered in “Firewall Objets” -> “Hosts” some computers

I will be very grateful if you can help me


(Ralf Jeckel) #4

Never tried it with custom category. You can try to add “youtube.com“ to global black list.


(Christian Gabriel Ferrero) #5

Well I just ran the list of updates and now magically blocked Youtube, but what I noticed is that I do not work the custom categories.
I try to block Whatsapp Web by adding the url in “Custom Categories” and then checking the category inside the filter and it does not block


(Christian Gabriel Ferrero) #6

The problem is that by doing that you block YouTube for all users and the owner of the company has to have access to everything.


(Jorge Jiménez) #7

Not sure if this helps but i will add my 5 cents here.

At our project we can not implement proxy because of a critical software that does not behave properly being proxied, so we are blocking by firewall and dns.

I would add a dns resolution at your nethserver instance pointingo youtube.com (and domains related) to a local web server with information on your content filtering policies.

Also, you should be blocking every DNS traffic for anything but your dns server to avoid dns hopping.

If you want to do this as a per-user basis… this will not be a solution of course. But i think you can tweak this to make it work.


(Ralf Jeckel) #8

If you want to allow your bosses PC all traffic, you can create a firewall object with this PC’s IP and put that host into the list “hosts without proxy”. This causes no filter at all to this specific host.

EDIT: If you’re using dhcp, please don’t forget the IP-reservation for this host. :wink: