Dear all,
i have a fortigate 100D version v5.2.1,build618, i need to set a rules to block all streaming video from YouTube and Facebook
YouTube was close, but Facebook video streaming is still open
Solved! Go to Solution.
block with webfilter content header.
config webfilter content-header edit 1 set name "weblist-01" config entries edit "video/.*" set action block next edit "audio/.*" set action block next end next end
config webfilter profile edit "webfilter_name" config web set content-header-list <header_id> end next end
please test and return back results.
Tuncay BAS RZK Muhendislik Turkey NSE 4 5 6 FCESP v5
block with webfilter content header.
config webfilter content-header edit 1 set name "weblist-01" config entries edit "video/.*" set action block next edit "audio/.*" set action block next end next end
config webfilter profile edit "webfilter_name" config web set content-header-list <header_id> end next end
please test and return back results.
Tuncay BAS RZK Muhendislik Turkey NSE 4 5 6 FCESP v5
Thanks yaba for the answer :) But How to get header id for website ?
Hi
this what is written here is actually a content-header over MIME Information of files and can be use for everything filebased because MIME is for every file available. To get the correct MIME information for whatever I would say let's do wiresharking. If you do so you will see following information:
Hypertext Transfer Protocol HTTP/1.0 200 OK\r\n Request Version: HTTP/1.0 Response Code: 200 Server: DCLK-AdSvr\r\n Content-Type: video/x-ms-asf\r\n X-Google-Inred-Content-Type: video/x-ms-asf\r\n Content-Length: 410\r\n Content-Encoding: gzip\r\n Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n Request Version: HTTP/1.1 Response Code: 200 Last-Modified: Mon, 14 Sep 2009 00:40:51 GMT\r\n Content-Type: video/x-flv\r\n Content-Length: 200994\r\n Connection: close\r\n Content-Disposition: attachment; filename="video.flv"\r\n Expires: Thu, 29 Oct 2009 09:06:24 GMT\r\n Cache-Control: public,max-age=3600\r\n Date: Thu, 29 Oct 2009 08:06:24 GMT\r\n Server: gvs 1.0\r\n
You see the relevant information is:
Content-Type: video/x-ms-asf\r\n Content-Type: video/x-flv\r\n
This can now be used for configuring the "content-header" using RegEx which means for our example:
video\\/.*
audio\\/.*
NOTE the \\ is used to "exclud" / because this sign is a "special character" and has to be excluded within RegEx!
Now as already shown here you can configure the "content-header":
# config webfilter content-header # edit 1 # config entries # edit "video\\/.*" # set action block # next # edit "audio\\/.*" # set action exempt # next # end # set name "Content-Header" "block-video-exempt-audio" # next # end
What is important here is to now what block, exempt meaning "action" means:
allow — Allow Content block — Block Content exempt — Exclude UTM Function
At least use the configured content-header with his integer (1) within webfilter config:
FortiOS 5.0 / 5.2 # config webfilter profile # edit [Name of the profile] # config web # set content-header-list 1 # end # next # end
Thats it.....
have fun
Andrea
User | Count |
---|---|
991 | |
829 | |
462 | |
440 | |
132 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.