Blocking YouTube videos and Flash content using Forefront TMG
In this post, I show you how to block users from playing YouTube videos on your network. I also show you how to block Flash content embedded on web pages (although in today’s times blocking all Flash content may not be such a good idea 
)
Yes you could always block the URL youtube.com but this may not be effective as YouTube videos can be embedded in other websites and there are plenty of sites *like* YouTube out there. A more effective approach would be to block by MIME type, thanks to the enhanced content filtering capabilities built into TMG.
Before I get started, two important notes:
- I mention YouTube because it is everyone’s favorite, but the steps below will work for Vimeo, and any other video sharing sites that rely on Adobe Flash technology.
- The steps below can be used to block YouTube and flash content on ISA Server 2004/2006 too.
Blocking YouTube videos using TMG
1. On the TMG Console, right-click Firewall Policy, choose New Access Rule and create a new “Deny” rule named “Block Youtube” as follows:
Deny
Applies to: All Outbound traffic
From: Internal
To: External
All Users
Click Finish to close the wizard.
2. Do not apply the changes yet! Right click on the new rule you just created and choose Properties.
3. Open the Content Types tab. Click New.
4. Create a new Content Type Set as follows:
Name: YouTube
Available types: (type each of the below and click the Add button)
- video/mp4
- video/x-flv
- video/x-ms-asf
5. Click OK. Ensure the check box next to your new content type set is enabled:
6. Click OK and apply your changes. Wait for the config synchronization to complete.
Test your changes by trying to play some videos on YouTube or other video sharing websites.
Blocking Adobe Flash Player content using TMG
1. Follow steps 1 to 3 above.
2. While creating a new Content Type set, use the following parameters:
Name: Flash
In the available types box, type:
application/x-shockwave-flash
3. Proceed with step 5 above.
Blocking additional MIME types
If you need to block something else, it is easy to find what content type to block. Simply monitor the Logging (Logs & Reports > Logging) in the TMG console. Once you encounter the log entry that allowed the content you want to block, expand the “Additional Information” and you will find the MIME type that you need to block.
Shijaz Abdulla is a Partner Technology Advisor at Microsoft, helping their top tier partners build on their Microsoft practice. He is also a trusted advisor to medium enterprise customers in Qatar. He is a blogger, tech enthusiast, and a Microsoft evangelist.
Interesting post.
There are many occasions were blocking might not be the way to go, even for youtube videos. Depriving the needs of a professional workforce, reduced productivity by complicating or delaying accomplishment of tasks.
For example, a friend of mine is teaching Malaysian and would benefit a lot from having access to youtube videos from Malaysia to use in classes. However with the school blocking all access to youtube she is not able to take advantage of these free educational resources.
If you want to refrain from blocking but keeping an eye on youtube usage (or any other internet usage) WebSpy reporting for FTMG is the way to go:
I agree. I’m not a supporter of blocking myself.
But I know for sure that there are organizations/corporates that would want to curb the usage of such sites for ensuring employee productivity or to ensure fair usage of internet bandwidth. This post was written to help them.
With TMG SP1 you can actually get user-based reporting on TMG without the need to acquire products like Webspy for just that purpose.
thank you verry much
There is problem when i try to block the videos it blocks all the websites.
Hi Anwar,
There’s probably something wrong with your rules. Check the monitoring to see which rule is blocking your traffic.
Shijaz
This post is really useful, especially for network administrators. Thanks to Shijaz Abdulla.
THANK YOU … Shijaz
how can i found the blocking traffic when i face blocks all the websites ?
thanks again ….
Mouala
thank you nice post is really useful, especially for network administrators.
hi Shijaz
it’s very amazing your cooperation for us , please i need from you something … i need to block some of sites as HTTPS: (facebook.com …etc) could you please help me for this , when i make the rules to block it doesn’t work
As Salam O Alikum
Hi This is Bilal Javed from Karachi Pakistan
Atten: Shijaz
I just wanted to ask that if you can help me for resolved the below mentioned cause which i am facing so far.
I using ISA Server 2006 i have blocked access website “http://www.youtube.com” & “http://www.facebook.com” but there is another way to access blocked website, my client just add “https://www.youtube.com” & “https://www.facebook.com” and go through access these website by using Https:// protocol.
I tried a lot in order to Blocked Https:// Protocol but i lost.
is there any one help me for resolve above mentioned issue ?
Thanks & Regards
Bilal Javed