Good Day
I mange to block YouTube using layer 7, now i want to take is a step higher and redirect it to a internal IIS server using port 8080.
please help me.
using L7 this cannot be done.
The reason is that http host headers do not get transmitted until after the TCP socket establishes, at which point it’s too late to redirect the socket.
Blocking is possible because you just want to break the connections, which is easy.
Thanks for the reply, is the any other way of redirect YouTube to the IIS server?
You can use the HTTP proxy feature, but you’ll need to redirect ALL http traffic to the HTTP proxy, and use the proxy rules to redirect youtube to the IIS server, and allow everything else.
Youtube uses SSL now, so chances are good that people can already just type https://www.youtube.com/ and bypass your existing filter - or it’s possible that the L7 filter is also knocking out the DNS replies - in which case an addition to the local hosts file would be all that’s needed to get around it…
A good general-purpose solution is to use a policy-based DNS service like OpenDNS.
do you have example of how to do that using a web proxy?