Note that modern web browser uses QUIC, note also that android apps can not be blocked using Layer 7 filtering
Note that blocking all youtube ip addresses would be inefficient to me.
I tried every possible way I saw on the Internet but didn’t work with me, I would really appreciate your help.
Thanks in advance.
layer7 filtering useless with HTTPS.
+
modern web browser uses QUIC
+
android apps can not be blocked using Layer 7 filtering
+
blocking all youtube ip addresses would be inefficient to me
+
I tried every possible way I saw on the Internet but didn't work with me
+
supposed: no control on user devices
+
supposed: do not want spend $50.000 and more for non-mikrotik deep packet inspection machine or similar
IS-NOT-POSSIBLE
And before open useless topic for the same arguments already present dozen of times, at least deign to do a search on the forum.
But truth be told, there are services like NextDNS that manage to block youtube, probably just at a DNS level, you could impose some restrictions on clients, I think, the same service blocks bypass methods, I’ve mentioned this before.
I would provide a report to this reply since you verbal abuse for no reason. Hope admins will react in a good way with such a kind of replies.
Since you have no reply with useful information and don't like this post, you should have skip it instead of acting this rude.
Primo: Rextended just suggested to do a “Search” and you can find a lot of info.
Secundo: The youtube film was about “Holy war against >>masquarade<<” what is loosely connected to “how to efficently block using L7 filters” even if it was mentioned there.
Tertio: … you want to block YouTube while learning yourself from YouTube … kind of technical oxymoron
I had the same problem in the past, and I soon realized I had to replace with a firewall with application control. You don’t really need to spend billions, depending on your needs you can find consumer devices that do the job at a very low prices. The solution provided in the previous post is still good, using a dns service (you can even find free ones) that allows you to configure specific blocks. Take into account that in this case, you need to prevent users from using different dns. Mikrotik is mostly a powerful router, but when L7 comes into account, you need other options. I agree with you that in this forum, I’would’t expect people to answer “disable internet to users”
Depending on your needs, you could go the opposite way, allow the sites you really need, then block everything else. This will certainly block youtube.
If you need to ONLY block youtube … I simply can’t imagine why?
I think that with all the means that are available now (ignoring VPN & Co.),
thinking of blocking something like youtube, that uses CDNs, shared servers, and part of those servers forcefully must be allowed for use other wanted sites,
is impossible.
Also because trivially in Firefox just click on “Use DoH NextDNS”, and you end up with DNS via HTTPS on CDNs, and not on static IPs…
It is true! Just remove the internet from users!!! Why I didn’t think about it before???
