This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do I configure web filtering to allow netflix on ROKU?

Hi all, 

I have been trying to configure filtering rules to allow netflix streaming but for some reason I cannot get it to work. I have managed to get streaming to work for a little bit but then it fails. Is this an issue with the current UTM version or am I missing something? Are there specific entries that I should be using that are missed in my config?

These are my entries:
^https?://([A-Za-z0-9.-]*\.)?ne?t?fli?x(img|ext|video)?\.(com|net)/
^https?://[\d+(\.\d+){3}/]*/[0-9]{8}\.ism
^https?://([A-Za-z0-9.-]*\.)?netflix-*\.vo\.llnwd\.net
^https?://[\d+(\.\d+){3}/]*/[0-9]{9}\.ism
^https?://[\d+(\.\d+){3}/]*/[0-9]{10}\.ism
^http://.*.netflix.com/.*
^http.*?o=.*v=[0-9]&e=[0-9]{10}&t=.*$



This thread was automatically locked due to age.
Parents
  • I was using:

    Skipping: Authentication / Block by download size / Antivirus / Extension blocking / MIME type blocking / URL Filter / Content Removal / SSL scanning / Certificate trust check / Certificate date check / Do not display download/scan progress page

    Matching these URLs: ^https?://([A-Za-z0-9.-]*\.)?nflximg\.com\.?/

    ^https?://([A-Za-z0-9.-]*\.)?nflxvideo\.net\.?/

    ^https?://([A-Za-z0-9.-]*\.)?netflix\.com/

    ^https?://[\d+(\.\d+){3}/]*/[0-9]{8}\.ism

    ^https?://[\d+(\.\d+){3}/]*/[0-9]{9}\.ism

    ^https?://[\d+(\.\d+){3}/]*/[0-9]{10}\.ism

    ^https?://([A-Za-z0-9.-]*\.)?netflix-*.vo.llnwd.net/.*

    ^https?://secure\.netflix\.com/*

    ^https?://uiboot\.netflix\.com/*

    ^https?://nintendo.nccp.netflix.com/

    ^https?://customerevents.netflix.com/

    ^https?://api-global.netflix.com/

    ^https?://([A-Za-z0-9.-]*\.)?nflxvideo.net/

    ^https?://ipv6_1.lagg0.c[0-9]{1,3}.[A-Za-z][A-Za-z][A-Za-z][0-9]{1,3}.ix.nflxvideo.net/

    ^https?://([A-Za-z0-9.-]*\.)?nflximg\.net\.?/

    ^https?://cdn[0-9].nflximg.com/

    ^https?://cdn[0-9].nflximg.net/

    ^https?://108.175.[0-9]{1,3}.[0-9]{1,3}/\?o=([A-Za-z0-9.-]*\.)?

    or Coming from these user agents: Mozilla/5.0 (compatible; U; Nflx) Netflix/[0-9].[0-9].[0-9]

    Gibbon/[0-9]{1,4}.[0-9]{1,4}.[0-9]{1,4}/[0-9]{1,4}.[0-9]{1,4}.[0-9]{1,4}: Netflix/[0-9]{1,4}.[0-9]{1,4}.[0-9]{1,4} (DEVTYPE=NFX[0-9]{1,4}-[0-9]{1,4}-; CERTVER=[0-9]{1,4})

    But it essentially never worked.

    I agree with PaulArneson and apijnappels. "Transparent Mode Skiplist" is the only way unless you are some sort of Regex guru. Perhaps someone else could explain it to me more clearly but I have always added them to both the source and destination boxes. Another trick is, I don't know why but the inclination is to have the box "Allow HTTP/S traffic for listed hosts/nets" checked. In my experience however it needs to be unchecked for any of this to work.

    Just put your hosts (Roku in your case but it could be a PlayStation or whatever) in both and leave the box unchecked and you should be good to go.

    Best Regards - HTG
    Frustrated Sophos Partner seeing all the things
    that brought me to Sophos slowly slip away.
    RIP astaro.org

Reply
  • I was using:

    Skipping: Authentication / Block by download size / Antivirus / Extension blocking / MIME type blocking / URL Filter / Content Removal / SSL scanning / Certificate trust check / Certificate date check / Do not display download/scan progress page

    Matching these URLs: ^https?://([A-Za-z0-9.-]*\.)?nflximg\.com\.?/

    ^https?://([A-Za-z0-9.-]*\.)?nflxvideo\.net\.?/

    ^https?://([A-Za-z0-9.-]*\.)?netflix\.com/

    ^https?://[\d+(\.\d+){3}/]*/[0-9]{8}\.ism

    ^https?://[\d+(\.\d+){3}/]*/[0-9]{9}\.ism

    ^https?://[\d+(\.\d+){3}/]*/[0-9]{10}\.ism

    ^https?://([A-Za-z0-9.-]*\.)?netflix-*.vo.llnwd.net/.*

    ^https?://secure\.netflix\.com/*

    ^https?://uiboot\.netflix\.com/*

    ^https?://nintendo.nccp.netflix.com/

    ^https?://customerevents.netflix.com/

    ^https?://api-global.netflix.com/

    ^https?://([A-Za-z0-9.-]*\.)?nflxvideo.net/

    ^https?://ipv6_1.lagg0.c[0-9]{1,3}.[A-Za-z][A-Za-z][A-Za-z][0-9]{1,3}.ix.nflxvideo.net/

    ^https?://([A-Za-z0-9.-]*\.)?nflximg\.net\.?/

    ^https?://cdn[0-9].nflximg.com/

    ^https?://cdn[0-9].nflximg.net/

    ^https?://108.175.[0-9]{1,3}.[0-9]{1,3}/\?o=([A-Za-z0-9.-]*\.)?

    or Coming from these user agents: Mozilla/5.0 (compatible; U; Nflx) Netflix/[0-9].[0-9].[0-9]

    Gibbon/[0-9]{1,4}.[0-9]{1,4}.[0-9]{1,4}/[0-9]{1,4}.[0-9]{1,4}.[0-9]{1,4}: Netflix/[0-9]{1,4}.[0-9]{1,4}.[0-9]{1,4} (DEVTYPE=NFX[0-9]{1,4}-[0-9]{1,4}-; CERTVER=[0-9]{1,4})

    But it essentially never worked.

    I agree with PaulArneson and apijnappels. "Transparent Mode Skiplist" is the only way unless you are some sort of Regex guru. Perhaps someone else could explain it to me more clearly but I have always added them to both the source and destination boxes. Another trick is, I don't know why but the inclination is to have the box "Allow HTTP/S traffic for listed hosts/nets" checked. In my experience however it needs to be unchecked for any of this to work.

    Just put your hosts (Roku in your case but it could be a PlayStation or whatever) in both and leave the box unchecked and you should be good to go.

    Best Regards - HTG
    Frustrated Sophos Partner seeing all the things
    that brought me to Sophos slowly slip away.
    RIP astaro.org

Children
No Data