SquidGuard: Blocking youtube on the Andriod app
-
Hello,
I am currently working on an assignment for school. I need to block certain video services (like youtube and livestreams ) I already managed to block those (including youtube trough the web browser) But it seems not to block on any andriod device using the youtube application.
I hope that someone else has experience with this problem. please keep in mind that I'm fairly new to PFsenseThanks,
-
Try adding googlevideo.com to your proxy filter and see if that does the trick.
-
Thanks for the reply, even though it didn't work.
i found out that the log in Squidguard actually sees the traffic from youtube and tried to block it/redirecting but doesn't work. Is it possible to cut out/lower bandwidth only for youtube so the data usage drops, and becomes impossible to watch a video? -
I also wanted to try the approach you mention when i first installed pfsense, make an alias and then create a rule to limit bandwith and/or block YT traffic, but YouTube's Content Delivery Network is huge and i wasn't able to find a list (that worked 100%) with all the IPs needed.
For me Squidguard is blocking youtube in both computers and the android app perfectly fine, but since i have to allow access for some users i still want to eventually find a way to limit youtube bandwidth for the ones that are allowed to use it.
Anyhow, you can try this work around, since you just need to block it for everyone:
1. Go to Services, then DHCP server, in DNS Servers add your pfsense LAN ip as the first DNS Server.
2. Go to Services, then DNS Forwarder, scroll down to Host Overrides, click add, leave host empty, Domain: youtube.com, IP address: 127.0.0.1, in Aliases click add another entry Host: www, Domain: youtube.com , click to add another alias entry and add Host: m, Domain: youtube.com
3. Repeat step 2 for googlevideo.com
Note that it will not work until the devices/computers renew the ip and have your pfsense as the dns server and until the DNS cache in each device expires.
From a Windows PC you can test if this is working by opening a command prompt as administrator and doing:
1. ipconfig **/release ***
2. ipconfig **/renew ***
3. ipconfig /flushdns
4. ping www.youtube.com, there you should see 127.0.0.1 as the replying ip.Also… it is pretty trivial for anyone to just change the DNS servers for their computers/devices, assuming they have even minimal computer knowledge.
You could add an alias for your DHCP range and an alias for known public DNS servers and set up a firewall rule to block them for a little more peace of mind, but dns servers are plenty.
Edit: Or better yet create a firewall rule for the DHCP IP range denying any outgoing TCP/UDP connection to port 53 that is NOT to your pfsense firewall, and that should work against people using any other dns server.
-
Thanks, It works like a charm :)
-
It's not working! Youtube App is not a browser, so squidGuard meaning nothing to him.
DNS Override is the same, can not block! it did blocked youtube.com but Youtube App no use youtube.com or googlevideo.com so it means nothing.
The only way to block is using firewall rule to block YOUTUBE IP, but it also block Google!
if you don't need Google, is the way you go:
1 - go to linux system, [install Whois if you not have one]
2 - run this cmd: whois -h whois.radb.net – '-i origin AS15169' | awk '/^route:/ {print $2;}' | sort | uniq
3 - copy ip from result above, then store it in Alias [Bulk Import is my prefer]
4 - create a rule to block it.But for me is not a choice, because i expected to block youtube.com & YOUTUBE app only, not Google!
The end of the day i still have this problem and i am very glad to hear if any idea about this.pfSense fan!
-
you can try to force network clients to use pfsense as dns resolver, then you add
google.com -> 216.239.38.120
I believe that this way with enforcing Google SafeSearch
you could block the rest without problem.do not forget to create a firewall rule to redirect dns port 53 to pfsense,
sorry my english is not very good, I hope I have helped
-
google.com -> 216.239.38.120
google.com resolves to more then one IPv4 :
dig TXT +short _netblocks{,2,3}.google.com | tr ' ' '\n' | grep '^ip4:' ip4:64.233.160.0/19 ip4:66.102.0.0/20 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:74.125.0.0/16 ip4:108.177.8.0/21 ip4:173.194.0.0/16 ip4:209.85.128.0/17 ip4:216.58.192.0/19 ip4:216.239.32.0/19 ip4:172.217.0.0/19 ip4:172.217.32.0/20 ip4:172.217.128.0/19 ip4:172.217.160.0/20 ip4:172.217.192.0/19 ip4:108.177.96.0/19 ......