Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

youtube blocking

i m trying to block the youtube on my network. I have confiugred the following things on my internet router.

class-map match-any youtube

match protocol http url "*youtube*"

!

!

policy-map p2p

class youtube

drop

interface GigabitEthernet0/1

ip nbar protocol-discovery

service-policy input p2p.

But still users are able to open youtube.

I m gettin hitcount on policy but unable to drop the youtube traffic.

Class-map: youtube (match-any)

1736 packets, 1044139 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: protocol http url "*youtube*"

1736 packets, 1044139 bytes

5 minute rate 0 bps

drop

2 ACCEPTED SOLUTIONS

Accepted Solutions

Re: youtube blocking

again look at this

When specifying a URL for classification, include only the portion of the URL that follows the www.hostname.domain in the match statement. For example, for the URL www.cisco.com/latest/whatsnew.html, include only /latest/whatsnew.html

so "cisco" as "youtube" in ur case

compair and try upon the rules and file

and should work

please, if helpful Rate

good luck

Re: youtube blocking

Its been a while for me to have run into this. Let me take a stab at it.

Can you try the following instead of wildcard mask that you have used:

match protocol http host *youtube.com

! This would match anything in youtube.com like http://www.youtube.com or http://video.youtube.com

6 REPLIES

Re: youtube blocking

When specifying a URL for classification, include only the portion of the URL that follows the www.hostname.domain in the match statement. For example, for the URL www.cisco.com/latest/whatsnew.html, include only /latest/whatsnew.html

Within NBAR, the match protocol http c-header-field command is used to specify that NBAR identify request messages (the "c" in the c-header-field portion of the command is for client). The match protocol http s-header-field command is used to specify response messages (the "s" in the s-header-field portion of the command is for server).

Examples

In the following example, any request message that contains "somebody@cisco.com" in the User-Agent, Referer, or From fields will be classified by NBAR. Typically, a term with a format similar to "somebody@cisco.com" would be found in the From header field of the HTTP request message.

match protocol http c-header-field "somebody@cisco.com"

In the following example, any request message that contains "http://www.cisco.com/routers" in the User-Agent, Referer, or From fields will be classified by NBAR. Typically, a term with a format similar to "http://www.cisco.com/routers" would be found in the Referer header field of the HTTP request message.

match protocol http c-header-field "http://www.cisco.com/routers"

and the source is as follow

http://www.cisco.com/en/US/docs/ios/12_4t/qos/configuration/guide/qsnbar1.html#wp1055866

please, Rate if helpful

and good luck

New Member

Re: youtube blocking

thanks for the excellent explaination, but my question is that, why i m not able to block the desired keyword.

Nbar is enable on interface. particular keywrod exist in the the url. but still it is not working. what i m missing.

Re: youtube blocking

again look at this

When specifying a URL for classification, include only the portion of the URL that follows the www.hostname.domain in the match statement. For example, for the URL www.cisco.com/latest/whatsnew.html, include only /latest/whatsnew.html

so "cisco" as "youtube" in ur case

compair and try upon the rules and file

and should work

please, if helpful Rate

good luck

Re: youtube blocking

Its been a while for me to have run into this. Let me take a stab at it.

Can you try the following instead of wildcard mask that you have used:

match protocol http host *youtube.com

! This would match anything in youtube.com like http://www.youtube.com or http://video.youtube.com

New Member

Re: youtube blocking

Hi..I have done same thing as:

class-map match-all test

match protocol http url "youtube"

!

!

policy-map test

class test

set ip dscp default

enable ip nbar protocol-discovery on Fa5/1/1

following are access-list applied on fa5/1/1

40 deny ip any any dscp default (105222matches)

50 permit ip any any log (868 matches)

But it blocks all the site not even youtube.I am unable to open any site like yahoo,google,rediff etc.

Please tell me..

Re: youtube blocking

Also, the one that you have :

match protocol http url "*youtube*"

would also match www.my-web-site.com/youtube.html which you dont want to do.

230
Views
17
Helpful
6
Replies
CreatePlease login to create content