FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
lestopace
Staff
Staff
Article Id 208929
Description This article describes how to block YouTube using a Static URL filter and how to allow YouTube embedded URLs while blocking youtube.
Scope FortiGate.
Solution

Blocking YouTube on a static URL filter is typically required when the Streaming Media and Download category is allowed but there is a need to block YouTube.

 

Part 1: How to block YouTube.

Configuration :

 

Untitled.gif

 

URL: '.*googlevideo.*'
Type: Regex
Action: Block

 

URL: '.*youtube.*'
Type: Regex
Action: Block

 

URL: '.*ytimg.*'
Type: Regex
Action: Block

 

Both URLs are required to be added to avoid bypassing the blockade due to browser cache or searching the YouTube video through a search engine.

 

The YouTube website may still load, but users affected by this Webfilter profile will not be able to load videos.

 

Create a Deny-based firewall rule with the UDP 443 port.

 

Untitled.png

 

Blocking QUIC this way will force the web browser to use TLS instead. 

 

 Follow the steps mentioned below to block the website:

  1. Go to Security Profiles -> Web Filter.
  2. Select a web filter to edit.
  3. Under Static URL Filter, enable URL Filter, and select Create New.
  4. Enter the URL, without the 'http', for example, www.example*.com
  5. Select a Type: Simple, Regular Expression, or Wildcard. In this example, select Wildcard.
  6. Select the Action to take against matching URLs: Exempt, Block, Allow, or Monitor.
  7. Select 'Enable'.
  8. Select 'OK'.

 

Once the Web Filter profile is configured:

  • Go to Policy & Objects -> IPv4 Policy.

  • Apply the Web Filter profile to the firewall policy that handles traffic from users.

 

Part 2: How to allow YouTube embedded URLs while blocking YouTube:

 

The profiles below are created assuming only YouTube needs to be blocked while allowing YouTube embedded URLs and the rest of the internet.

 

Step 1: Create the following Webfilter profile:

FortiGuard categories are disabled, and the URL filter is enabled. While allowing the rest of the internet with *.

 

ruproy_0-1751017572123.png

 

Step 2: Create the following application control profile: 

 

ruproy_1-1751017572108.png

 

Step 3: Create a firewall policy with deep inspection and add the above webfilter and application control profile.

 

Related article: 

Technical Note: Disabling / Blocking QUIC Protocol to force Google Chrome to use TLS