Plus a rule to block quic. It is resistant to DoHS, but not against VPN. It requires only one simple and easy to maintain filter rule.
Until you realize there are thousands of other video sites and streaming portals still working and requiring rules.
At the end it is a hare and hedgehog race with your users you hardly ever win.
I only apply such filters for stupid paying customers wanting it. Because they only know YouTube for video and Facebook for social media. So they think trying to block those two sites helps anything.
What I sometimes do on sites with low bandwidth uplink is using tls-host rules to apply youtube/netflix etc. (whatever their favorite video/streaming sites are) to low priority queues. So they can watch videos without having to fear disrupting ongoing Zoom/Teams/SIP calls.
But even for such use cases, I started to prefer Cake queues. Cake does priorisation automatically with mostly good results without requiring to maintain a set of tls-host rules for individual DNS hosts.
blocking youtube will cos issues in some google services such as app/gmail/etc. they use same IPs and domains for google global cache and if you block it it will move your ip into next GGC node.
but you can burst queue for video like 2kbps for 5-10sec which make video in downloads loop.
google/Meta/Amazon CDNs they not one IP or range you can block it some videos stored in local GGC and other in another country.
if you need it urgently better talk with your ISP to block your Public IP from getting videos only but I don’t know if google accept to do it.
also Working on L7 filtering its but you on CPU load for mikrotik.
Yay! The point here (especially for ipv6 (Always) OR ipv4 on cake located on the nat router) is that it manages flows to hosts better. A host doing voip and one doing netflix and one doing torrent get balanced automatically, each getting 1/3 the bandwidth, and what you dont use gets shared equally, so voip experiences zero queuing delay, because it is lightweight.
And this is what I say, to do that you need to have control of the clients, just as I did write above.
In a company network with company rules ok. As an IPS not.
\
Use Splunk> to log/monitor your MikroTik Router(s).--> MikroTik->Splunk
Backup config to Gmail -->Backup Block users that tries too use non open ports -->Block
Please stop adding fake signatures, on the forum they are disabled on purpose, and adding this is spam, because users can’t block your text from being seen.
from my experience , if u want to block https traffic defiantly MT can do perfectly, but if u want on application level, i found useful by using OpenDNS
Please, stop to spread wrong info. You can not assume, that, in case, you did not succeed in blocking, nobody else can do, as well.
I.e. what does any browser, trying to use QUIC, in case UDP port 443 blocked in router ?
There is an old proverb, in Chinese: Those, who do not know, talk. Those, who know, do not talk.
Did you forget about the topic?
Please point me to the point where you explain exactly how: "Block Youtube on computers and smartphone apps" and we mean, youtube only, of course.
