How to block access to Youtube.com

Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems

Moderator: Qbik Staff

How to block access to Youtube.com

Postby MikeGiancola » Nov 02 19 2:47 am

Hi,

I would like to restrict access to youtube for all users on my network as my younger kids have been watching things I'd prefer they didn't....

I have Wingate running on a Win10 x64 box and all my network traffic runs through it (dual nics, one to lan one to wan). I added an access rule to block (for everyone) sites youtube.com and youtube however, I can still access the site.

I'm curious if this is due to the fact http://www.youtube.com is redirected to https://youtube.com (ssl vs non)? If so, can i block youtube IPs? Since all network traffic runs through WinGate, it feels possible - just not sure how to do it? I've tried to add an entry to the hosts file on the server pointing youtube.com to a known IP (non youtube), installed the DNS service and tried it - this doesn't seem to work either (cell phone on wifi can still access).

Alternatively, do I need to buy the ssl inspection license? I am running Wingate 9 free edition since it's just for my home.

When I did a ping on http://www.youtube.com, i get an IP - which when I put in my url bar brings me to google's homepage. I don't want to block all of google - just youtube. Is this possible?

thank you for the help.
Mike
MikeGiancola
 
Posts: 1
Joined: Nov 02 19 2:39 am

Re: How to block access to Youtube.com

Postby adrien » Nov 09 19 12:08 pm

Hi

it is possible to block youtube, even though it's all SSL without requiring SSL inspection. If you intercept port 443 to the proxy, it will inspect the SSl handshake whereby it can learn the servername (from the SNI option in the SSL handshake). You can block based on this. the user experience isn't great since browsers etc don't display block pages for this, but it prevents people going there.

At home when I block youtube (for similar reasons to you), we block

*.ggpht.com
*.googlevideo.com
*.youtube-nocookie.com
*.youtube.com
*.ytimg.com
play.googleapis.com
youtube-nocookie.com
youtube.com
youtubei.googleapis.com

We don't block *.googleapis.com as this breaks a whole heap of other google services.

We just have these in a Global Data list, and use a web access rule to block anything with sites in this list.
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland


Return to WinGate

Who is online

Users browsing this forum: Google [Bot] and 33 guests

cron