Thread Info
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 6926 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

utm proxy web filter,internal dns server > youtube restrict not functioning

mysterioustranger

Hello Everyone,

Since sophos UTM doesn't yet have functionality to enforce youtube safe search, I decided to use a raspberry pi with bind9 dns server to use the cnames for restrict.youtube.com. During my testing, it works fine if I don't send the traffic through my web filtering ssl proxy but it doesn't enforce youtube safe search if traffic goes through the web filtering. However it needs to go through the transparent proxy with ssl inspection on for all the other traffic.  Youtube traffic doesn't work properly on all devices in my network if SSL inspection is on so I am forced to skip ssl scanning for youtube. 

Anyone have any problems or solutions with web filtering + internal dns cnames ? If I run dig, nslookup on the device going to youtube, the cname for restrict.youtube.com does appear but doesn't seem to enforce it when browsing to the site.

 

 


This thread was automatically locked due to age.
Parents

  • So my first problem appeared to be that I had pharming protection enabled under web protection > filtering > misc. After disabling this, it appears youtube safe search is in effect within browsers on all devices. 

    However the youtube safe search enforcement appears to be not effective for the native youtube app on mobile devices which is a big problem. In my network captures, I see the cname restrict.youtube.com return during dns queries.

    Any ideas? 

  • in reply to mysterioustranger

    If you want to continue this thread, please show a line or two from the Web Filtering log and a picture of the configuration that you believed would block youtube access.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • in reply to BAlfson

    Thanks for the reply Bob. I appreciate it! According to a few unofficial forum posts I've come across, it appears that it's known that changing the cname to enforce  youtube restrict mode doesn't work for ios and android youtube app. It only works in the web browser.

    Here's one post I came across:

    productforums.google.com/.../

    Thanks for all your good help on these forums.

Reply Children
No Data
Unfiltered HTML