We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Security Gateway

YouTube Control Over HTTPS Version 7.x and Above

  • Last updated on

The Barracuda Web Security Gateway can be configured for scanning of HTTPS traffic at the URL level when the SSL Inspection feature is enabled. This means that the administrator has granular control over what applications are blocked or allowed on websites like YouTube.com. The administrator can control YouTube traffic, for example, by specifying domain/sub-domain patterns associated with YouTube to be inspected over HTTPS. For more information about this feature, see Using SSL Inspection With the Barracuda Web Security Gateway. This article provides several use cases as examples.

To configure the Barracuda Web Security Gateway for YouTube for Schools, see How to Restrict YouTube Content On Your Network.

SSL Inspection is supported by the Barracuda Web Security Gateway as follows:

  • Barracuda Web Security Gateway 610 and higher, running firmware version 6.0.1 and higher (see How to Configure SSL Inspection 6.x) with ability to block or monitor many web-based applications and domains over HTTPS.
  • Barracuda Web Security Gateway 410 running firmware version 10.0 and higher (see How to Configure SSL Inspection Version 10 and Above) with ability to block or monitor many web-based applications and domains over HTTPS.
  • Barracuda Web Security Gateway 310 running firmware version and higher with inline or forward proxy deployments for Safe Browsing.

IMPORTANT: Barracuda strongly recommends that you upgrade to version 8.1.0.005 before using this feature.

Use Case #1: Blocking Channels

Suppose you want allow access to YouTube, but block access to YouTube channels for users in your organization during working hours Monday through Friday. Using the URL pattern for  channels, https://youtube.com/channels, you will create a policy on the BLOCK/ACCEPT > Exceptions page.

Step 1. Enable and configure SSL Inspection:

  1. Log into the Barracuda Web Security Gateway web interface as an administrator.
  2. On the ADVANCED > SSL Inspection page, set Enable SSL Inspection to Yes.
  3. In the Inspected Domains field, enter youtube.com and click Add.
  4. Install an SSL certificate. There are two options:


    1. Select Upload to upload a trusted certificate signed by a CA or from your organization's CA server. Once you install the trusted certificate on the Barracuda Web Security Gateway, your users can browse HTTPS sites without any warnings when SSL Inspection is enabled. If you have a high availability deployment, you will need to install the same root certificate on each Barracuda Web Security Gateway. Note: If you use this option, make sure to upload both the private and public key files. Formats supported include .pem, der, pkcs12, pkcs7, pfx, but not .jks (java key store).

    2. Select Create to generate your own SSL certificate and download it to install in or push out to each client browser. If you don't, users will see a warning each time they browse an HTTPS site when SSL Inspection is enabled. On the other hand, if you create the certificate on the Barracuda Web Security Gateway, the private key is more secure as it never leaves the device. If you have a high availability deployment, you will need to install the same root certificate on each Barracuda Web Security Gateway. Follow instructions in the online help to create and install the certificate(s).

Step 2. Create the policy:

  1. On the BLOCK/ACCEPT > Exceptions page, in the Add Exceptions section, select the Block Action.  See Figure 1.
  2. Select the type of users you want to block (Authenticated, Local Group, etc.) in the Applies To field. In this case we've chosen Authenticated users.
  3. Select URL Pattern as the Exception Type.
  4. Enter   https://www.youtube.com/channels  as the URL pattern.
  5. Set the Time Frame from 8:00 - 17:00 Mon. - Fri. , or whatever constitutes 'working hours'.

    Figure 1: Creating a Block policy for YouTube channels during working hours

    ExceptionBlockYouTube.jpg

  6. Select the Protocol as HTTPS. Enter a message if you like to describe what the policy is about.
  7. Configure policy alerts as needed. With Enable Policy Alerts set to On, the Barracuda Web Security Gateway will send an email summarizing content policy violations to the email address(es) entered in the Policy Alerts Email Address field.
  8. Click Add. You have now created your policy.

Use Case #2: Blocking All YouTube Channels Except a Particular Video

  1. Follow instructions in Step 1. above to enable and configure SSL Inspection in the Barracuda Web Security Gateway web interface.
  2. On the BLOCK/ACCEPT > Exceptions page, in the Add Exceptions section, select the Block Action.   
  3. Select the type of users you want to block (Authenticated, Local Group, etc.) in the Applies To field. In this case we've chosen Authenticated users.
  4. Select URL Pattern as the Exception Type.
  5. If desired, set a Time Frame for when you want to block YouTube.
  6. Getting the correct URL pattern to use to create the Allow action takes several steps. Follow instructions in How to Allow a Specific Video on YouTube to find and allow the specific YouTube video URL.


Last updated on