Still want the regular youtube but block the yourtube shorts.
Still?
MikroTik (or its community) can’t help you on this.
I really want this myself. This fc**ng shorts are some real time stealer.
RouterOS can only classify traffic using IP addresses and ports. This is not sufficient to distinguish between normal videos and shorts - to tell them from one another, you have to analyse the traffic on application level. Since youtube traffic is encrypted, it requires a man-in-the-middle attack approach to do so. Some “next generation firewalls” can do this and in some countries, the use of such fucntionality is legal. Whether there is a product that has a “shorts” tickbox in the “youtube” folder is out of my knowledge, though.
Even on a PaloAlto, which is considered a very good (and certainly very expensive) NG Firewall, you can´t distinguish between shorts and normal videos.
These are the current categories:
youtube-posting
youtube-tv
youtube-livechat-posting
youtube-livechat-viewing
youtube-tv-streaming
youtube-streaming
youtube-safety-mode
youtube-base
youtube-uploading
You can check yourself here: https://applipedia.paloaltonetworks.com/
If this is for parental control, some endpoint protection software can manage it, and there are also paid cloud services available for this purpose. For corporate setups, ng-generation firewalls using the middle-man model require a highly complex and expensive configuration, which involves intervention on all internal clients as well.
@woland:
Even on a PaloAlto, which is considered a very good (and certainly very expensive) NG Firewall, you can´t distinguish between shorts and normal videos …
You can check yourself here: https://applipedia.paloaltonetworks.com/
I’m not quite sure how to interpret this, considering that streaming is indicated as both “completely fine” and “partly less fine” without any explanation. Besides, Palo Alto also supports SSL “middle-man” inspection (i.e., decrypting, analyzing, and then re-encrypting) of the traffic, but this requires a pretty complex setup, as I explained above.
The first and only answer required = NO
The second response = education
The third response = discipline, Not as punishment infabo but as in will power 
IMO asking such questions on MT forum is not knowing that ROS doesn’t have NGFW (application FW or IDS/IPS). Blocking connections to sites can be achieved with traditional network firewall but blocking by content of certain application data not in ROS, there are L7 rules, but they are mostly unusable due to protocols encryption.
These are different application categories, which you can use directly in a ruleset or use the risk score or the other groupings.
You could just allow youtube-livechat, but decline youtube-streaming. As there is no extra category for Youtube Shorts, the firewall would categorize it as youtube-streaming probably.
This is partly dependent on SSL decryption, the Firewall would just categorize everything as youtube, if you have no SSL decryption and there would be no flow marked as youtube-streaming.
Btw. setting up SSL decryption is a very common and easy thing, as long as you control all end devices, so that they trust your certificate authority.
The most complex part of setting up SSL decryption at a company is to convince the company lawyers and the workers council. At least in Europe.
Yeah, I’ve been there a few times, so I wouldn’t say it’s easy. As simple as the principle might seem, it’s the complete opposite when it comes to the practical implementation, especially in larger corporations with multiple exit paths and with all the non-standard clients that need special workarounds. As usual, it’s the 90-10 rule - 90 percent of the time (or sometimes even more) spent on the 10 percent of messy workarounds.
It’s not uncommon for the implementation to take at least 6 months, but it often takes much longer as new issues always pop up unannounced. On top of that, there’s constant maintenance to fix issues after OS updates, application changes/updates and new installations, so in the long run, it becomes a pretty expensive operation in terms of resources for O&M.
For content filtering like something really granular like"YouTube shorts", you need to re-write the HTML to remove the section. That’s more similar to an ad-blocker. So I’d think some browser extension might be easier (perhaps deployed via MDM solution to forced it on clients). Now this is easier said, than done.
Regardless of product, it’s just a hard problem: [modern] internet protocols were designed for end-to-end security… And RouterOS follows the RFC/etc standards and CPU-limited, so starts pretty ill-suited for any security/content filtering task. And more advanced security products actually function like a benevolent man-in-the-middle attacks, but that takes a lot of moving parts that require maintenance. To still potentially not work 100% of the time, since they often depending on behavior of other products that are also updated. And this complexity add new risks too. i.e. like CloudStrike’s kernel driver update that caused a massive outages & that very scenario is what someone paid them to avoid. IMO complexity is generally bad… and content filtering traffic is necessary a complex endeavor, and multi-dimensional (i.e. a company could get suit, false-positives could block some business critical functions, etc.)
Unfortunately, YouTube doesn’t give an option to completely block Shorts, but there are a couple of workarounds. You can try using a browser extension to filter them out or avoid clicking on Shorts to train the algorithm to show you less of them.
If you’re making your own content and want to edit down longer videos into shorter clips for other platforms without jumping on the Shorts bandwagon, tools like this free video cutter might come in handy: https://www.movavi.com/learning-portal/free-video-cutter.html. It’s all about keeping things the way you like them!
If you have level enterprise control over the browser, then that is possible. My experience at the enterprise level is that the whole YOUTUBE is just not accessible. 