Blocking YouTube videos and Flash content using Forefront TMG

by Shijaz Abdulla on 13.06.2010 at 23:21

In this post, I show you how to block users from playing YouTube videos on your network. I also show you how to block Flash content embedded on web pages (although in today’s times blocking all Flash content may not be such a good idea Smile)

image

Yes you could always block the URL youtube.com but this may not be effective as YouTube videos can be embedded in other websites and there are plenty of sites *like* YouTube out there. A more effective approach would be to block by MIME type, thanks to the enhanced content filtering capabilities built into TMG.

Before I get started, two important notes:

  • I mention YouTube because it is everyone’s favorite, but the steps below will work for Vimeo, and any other video sharing sites that rely on Adobe Flash technology.
  • The steps below can be used to block YouTube and flash content on ISA Server 2004/2006 too.

Blocking YouTube videos using TMG

1. On the TMG Console, right-click Firewall Policy, choose New Access Rule and create a new “Deny” rule named “Block Youtube” as follows:

Deny

Applies to: All Outbound traffic

From: Internal

To: External

All Users

Click Finish to close the wizard.

 

2. Do not apply the changes yet! Right click on the new rule you just created and choose Properties.

3. Open the Content Types tab. Click New.

4. Create a new Content Type Set as follows:

Name: YouTube

Available types: (type each of the below and click the Add button)

  • video/mp4
  • video/x-flv
  • video/x-ms-asf

image

5. Click OK. Ensure the check box next to your new content type set is enabled:

image

6. Click OK and apply your changes. Wait for the config synchronization to complete.

Test your changes by trying to play some videos on YouTube or other video sharing websites.

 

Blocking Adobe Flash Player content using TMG

1. Follow steps 1 to 3 above.

2. While creating a new Content Type set, use the following parameters:

Name: Flash

In the available types box, type:

application/x-shockwave-flash

3. Proceed with step 5 above.

 

Blocking additional MIME types

If you need to block something else, it is easy to find what content type to block. Simply monitor the Logging (Logs & Reports > Logging) in the TMG console. Once you encounter the log entry that allowed the content you want to block, expand the “Additional Information” and you will find the MIME type that you need to block.

 

image

Trackback Permanent Link

28 Responses to Blocking YouTube videos and Flash content using Forefront TMG

  1. Asada says:

    Interesting post.

    There are many occasions were blocking might not be the way to go, even for youtube videos. Depriving the needs of a professional workforce, reduced productivity by complicating or delaying accomplishment of tasks.

    For example, a friend of mine is teaching Malaysian and would benefit a lot from having access to youtube videos from Malaysia to use in classes. However with the school blocking all access to youtube she is not able to take advantage of these free educational resources.

    If you want to refrain from blocking but keeping an eye on youtube usage (or any other internet usage) WebSpy reporting for FTMG is the way to go:

  2. Anwar Zada says:

    There is problem when i try to block the videos it blocks all the websites.

  3. Abulfaz says:

    This post is really useful, especially for network administrators. Thanks to Shijaz Abdulla.

  4. Mouala Hanin says:

    THANK YOU … Shijaz
    how can i found the blocking traffic when i face blocks all the websites ?

    thanks again ….
    Mouala

  5. thank you nice post is really useful, especially for network administrators.

  6. John (IT Support) says:

    hi Shijaz

    it’s very amazing your cooperation for us , please i need from you something … i need to block some of sites as HTTPS: (facebook.com …etc) could you please help me for this , when i make the rules to block it doesn’t work

  7. Bilal Javed says:

    As Salam O Alikum

    Hi This is Bilal Javed from Karachi Pakistan

    Atten: Shijaz

    I just wanted to ask that if you can help me for resolved the below mentioned cause which i am facing so far.

    I using ISA Server 2006 i have blocked access website “http://www.youtube.com” & “http://www.facebook.com” but there is another way to access blocked website, my client just add “https://www.youtube.com” & “https://www.facebook.com” and go through access these website by using Https:// protocol.
    I tried a lot in order to Blocked Https:// Protocol but i lost.

    is there any one help me for resolve above mentioned issue ?

    Thanks & Regards

    Bilal Javed

  8. Raja M Kamran says:

    Hi,

    i ll appreciate your efforts for people like me, now i am going to test your knowledge. Plz Plz Plz help me to allow skype with TMG 2010 SP2 with https inspection enable….i cant disable https inspection as its necessary to block tor (anonymous proxy) softwares available on internet. Give me a solution either to block tor softwares like “Vidalia” / “Mask surf Pro” without https inspection enable or to allow skype with https inspection enabled.
    Regards,
    System Administrator
    Suparco
    +92322-3932963
    rajakamran@hotmail.com

  9. welshsteve says:

    Hey. I’m trying to actually unblock YouTube. Got a strange one. We have TMG Firewall, and we all get “An error occurred. Please try again later.” message when trying to view YouTube videos. The weird thing is, all other video sites are fine such as Metacafe, and videos on the BBC website (www.bbc.co.uk). So it must be something specific to the flash settings used by YoUTube. But I haven’t put any specific blocks on YouTube in the firewall/web access policies, so I am unsure as to why this is working. Not even when I am logged in to a machine as the network administrator can I get YouTube working. It does, however, work if I’m on the TMG server itself. Vey odd…. and very frustrating as I just cannot get it working.

  10. bob says:

    Just hit the same “An error occurred. Please try again later.” recently. We block YouTube for some users and allow it for others. Everything worked fine for the past year until a few days ago, we our users started getting the fore-mentioned error. Since we use URL categories to allow/deny access, I made the following change to get it working. I configured a URL category override for both *.youtube.com/* and *.ytimg.com/* with a category of Media Sharing. This allowed my users who are supposed to be able to play videos to access them.

    • Sweeper says:

      Thanks BOB

      YouTube must have changed something recently. I made the change you recommended and we are now able to open youtube videos again.

      We have different levels of internet access on TMG. As we go down the rules list, more and more sites are blocked by “Category”. At the very top some really unwanted sites are blocked by category, such as: “Pornography”, “Nudity”, etc. Sites that really have no place in the work environment. When I traced the logs while trying to open a YouTube Video one of the url’s that YouTube calls, get’s blocked in this, the top rule, that blocks these most undesired content for all. Adding those URLs you specified to the Category override list and adding them as “Media Sharing”, did the trick! 🙂 Thanks a mil.

  11. Santosh M. says:

    Hi, Thanks for the guide. Anyways I tried this out with vimeo.com and other websites who support online flash video contents it did not work.
    Although i could not check it out with youtube since we have completely blocked youtube domain. Please help me to block other websites like vimeo.

  12. abhishek says:

    HIIII Shijaz

    i was followed all 6 step but unable to block video
    and i’m also want block online stream

  13. Awa Desmas says:

    TMG blocked me from downloading videos, please how do i unblock it and start streaming and downloading videos?m

  14. Pingback: DevAdmin » Blog Archive » Forefront TMG e Youtube

  15. Pingback: Forefront TMG e Youtube | DevAdmin Blog

  16. Adeel Ahmed says:

    HI every one
    Actually I have a rule to allow all outbound traffic in my TMG.But i want to block Facebook videos,can any one help me to how to block the videos.I have follow this article but it not working .Actually it is one my first number then 2 is allow all outbound traffic so there is any confusion or i misconfiguration it. thanks for advance co-operation

  17. Mohsin Ali says:

    Dear Shijaz

    Plz help.

    I have given limited access to users blocking youtube, social media and email sites.

    The problem is they cant see images in google search. only some pics are opening rest are not viewable. when i give full access to them things are working fine.

    Please advise
    Mohsin Ali

  18. Mohsin Ali says:

    My another question is that i created a access rule like allow users to access everything except facebook. that too not working. i allowed interntal to external except social opnion.

    plz help

  19. Njuki says:

    Mire.
    crosoft stopped the lookup service when TMG was discontinued. You cannot use categories anymo

Leave a Reply