Community discussions

MikroTik App
 
yahyamemeh
just joined
Topic Author
Posts: 3
Joined: Sun Aug 07, 2022 2:10 pm

Block Youtube on computers and smartphone apps

Tue Aug 09, 2022 1:49 pm

Hello everyone;

I would like to ask how to block youtube (or facebook) website and apps using Mikrotik RB951Ui-2HnD
Note that I tried using layer7 filtering, I tried what was said in this video:
https://www.youtube.com/watch?v=D80_a_O ... 13&index=7, MIN: 3:30

Note that modern web browser uses QUIC, note also that android apps can not be blocked using Layer 7 filtering
Note that blocking all youtube ip addresses would be inefficient to me.

I tried every possible way I saw on the Internet but didn't work with me, I would really appreciate your help.
Thanks in advance.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Block Youtube on computers and smartphone apps

Tue Aug 09, 2022 3:12 pm

block youtube:

layer7 filtering useless with HTTPS.
+
modern web browser uses QUIC
+
android apps can not be blocked using Layer 7 filtering
+
blocking all youtube ip addresses would be inefficient to me
+
I tried every possible way I saw on the Internet but didn't work with me
+
supposed: no control on user devices
+
supposed: do not want spend $50.000 and more for non-mikrotik deep packet inspection machine or similar
=
IS-NOT-POSSIBLE

And before open useless topic for the same arguments already present dozen of times, at least deign to do a search on the forum.
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: Block Youtube on computers and smartphone apps

Tue Aug 09, 2022 3:14 pm

you unplug the PCs from internet, turn off the routers and turn off mobile data.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Block Youtube on computers and smartphone apps

Tue Aug 09, 2022 3:20 pm

:shock: It is true! Just remove the internet from users!!! Why I didn't think about it before???

(sorry, I'm stupid)
 
holvoetn
Forum Guru
Forum Guru
Posts: 5318
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Block Youtube on computers and smartphone apps

Tue Aug 09, 2022 3:33 pm

you unplug the PCs from internet, turn off the routers and turn off mobile data.
One could still use RFC2549 ... even under those conditions.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Block Youtube on computers and smartphone apps

Tue Aug 09, 2022 4:04 pm

RFC2549 has been outdated few years ago... Why don't you update?

RFC9200
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: Block Youtube on computers and smartphone apps

Tue Aug 09, 2022 4:10 pm

Please use the updated RFC 6214, thank you.
Regards,
Also the topic you recently closed is older than this current one (check the time ^^)
viewtopic.php?t=188274
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Block Youtube on computers and smartphone apps

Tue Aug 09, 2022 4:16 pm

@Znevna

Is hard to join all "block youtube" topics and concentrate all in one... (with something usable)

¯\_(ツ)_/¯
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: Block Youtube on computers and smartphone apps

Tue Aug 09, 2022 4:20 pm

But truth be told, there are services like NextDNS that manage to block youtube, probably just at a DNS level, you could impose some restrictions on clients, I think, the same service blocks bypass methods, I've mentioned this before.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Block Youtube on computers and smartphone apps

Tue Aug 09, 2022 4:27 pm

+
supposed: no control on user devices
+
Unfortunately, not being able to control users' devices, DoH/DoQ/DoT/VPN are simply enough....
 
reinerotto
Long time Member
Long time Member
Posts: 519
Joined: Thu Dec 04, 2008 2:35 am

Re: Block Youtube on computers and smartphone apps

Wed Aug 10, 2022 10:04 pm

The only real problem is the usage of VPN.
Everything else can be taken care of.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Block Youtube on computers and smartphone apps

Wed Aug 10, 2022 11:08 pm

Do you say that you can stop me from browsing where I want without having 100% control of the client? PC/Mobil etc.
How do you block DoH/DoQ/DoT?
 
yahyamemeh
just joined
Topic Author
Posts: 3
Joined: Sun Aug 07, 2022 2:10 pm

Re: Block Youtube on computers and smartphone apps

Thu Aug 11, 2022 8:46 am

block youtube:

layer7 filtering useless with HTTPS.
+
modern web browser uses QUIC
+
android apps can not be blocked using Layer 7 filtering
+
blocking all youtube ip addresses would be inefficient to me
+
I tried every possible way I saw on the Internet but didn't work with me
+
supposed: no control on user devices
+
supposed: do not want spend $50.000 and more for non-mikrotik deep packet inspection machine or similar
=
IS-NOT-POSSIBLE

And before open useless topic for the same arguments already present dozen of times, at least deign to do a search on the forum.

I would provide a report to this reply since you verbal abuse for no reason. Hope admins will react in a good way with such a kind of replies.
Since you have no reply with useful information and don't like this post, you should have skip it instead of acting this rude.
 
yahyamemeh
just joined
Topic Author
Posts: 3
Joined: Sun Aug 07, 2022 2:10 pm

Re: Block Youtube on computers and smartphone apps

Thu Aug 11, 2022 8:54 am

As a new user in the forums I'm totally surprised in the comments that may seam coming from people lack knowledge or lack behaviors.

Hope moderators would take appropriate actions.
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: Block Youtube on computers and smartphone apps

Thu Aug 11, 2022 9:05 am

What was rude about telling you that you can't do it?
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2855
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: Block Youtube on computers and smartphone apps

Thu Aug 11, 2022 9:58 am

Primo: Rextended just suggested to do a "Search" and you can find a lot of info.

Secundo: The youtube film was about "Holy war against >>masquarade<<" what is loosely connected to "how to efficently block using L7 filters" even if it was mentioned there.

Tertio: ... you want to block YouTube while learning yourself from YouTube .... kind of technical oxymoron :) :) :)
a8.PNG
You do not have the required permissions to view the files attached to this post.
 
fmodolo
just joined
Posts: 2
Joined: Tue Feb 21, 2017 10:50 am

Re: Block Youtube on computers and smartphone apps

Wed Oct 05, 2022 9:18 am

I had the same problem in the past, and I soon realized I had to replace with a firewall with application control. You don't really need to spend billions, depending on your needs you can find consumer devices that do the job at a very low prices. The solution provided in the previous post is still good, using a dns service (you can even find free ones) that allows you to configure specific blocks. Take into account that in this case, you need to prevent users from using different dns. Mikrotik is mostly a powerful router, but when L7 comes into account, you need other options. I agree with you that in this forum, I'would't expect people to answer "disable internet to users"
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26288
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Block Youtube on computers and smartphone apps

Wed Oct 05, 2022 9:20 am

Depending on your needs, you could go the opposite way, allow the sites you really need, then block everything else. This will certainly block youtube.
If you need to ONLY block youtube ... I simply can't imagine why?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Block Youtube on computers and smartphone apps

Wed Oct 05, 2022 10:49 am

I think that with all the means that are available now (ignoring VPN & Co.),
thinking of blocking something like youtube, that uses CDNs, shared servers, and part of those servers forcefully must be allowed for use other wanted sites,
is impossible.
Also because trivially in Firefox just click on "Use DoH NextDNS", and you end up with DNS via HTTPS on CDNs, and not on static IPs...
 
jovaf32128
just joined
Posts: 24
Joined: Sun Apr 26, 2020 9:22 pm

Re: Block Youtube on computers and smartphone apps

Sat Jan 28, 2023 4:45 pm

modern web browser uses QUIC
/ip firewall raw add action=drop chain=prerouting comment="Ban QUIC" dst-port=443 protocol=udp
And modern browsers have started supporting HTTPS. Voila!
Last edited by jovaf32128 on Thu May 11, 2023 12:26 pm, edited 1 time in total.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Block Youtube on computers and smartphone apps

Sat Jan 28, 2023 5:04 pm

"Voilà! shit", but have you tried it?
Browsers will still use https/TLS anyway,
it's not that QUIC is the only thing that exists.
 
User avatar
mozerd
Forum Veteran
Forum Veteran
Posts: 871
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: Block Youtube on computers and smartphone apps

Sat Jan 28, 2023 5:24 pm

@yahyamemeh

MikroTik Routers and RouterOS cannot do Deep Packet Inspection [DPI] so any site that uses HTTPS:\\ [like YouTube, Facebook, etc.] cannot be inspected and blocked .... to do that you need to have the Router/Hardware capable of doing DPI efficiently without impacting performance greatly ... Those type of Router systems are generally defined as Content Management Systems [CMS].

If that interest you then Vendors like DrayTek and their Vigor2962/3910 routers can do it nicely -- for those type of devices the CMS portion usually has an licensing cost associated to the CMS modules as addons ...

You could capture the IP Addresses that YouTube uses and then creates an YTBlock List that contains those IP's then in Filter RAW create a block rule and that would be effective for as long as those IP are active ... YouTube do change their IP's from time to time so you have to stay on top of that to keep your block list current.

There are some creative ways of getting YouTube addresses from the following link:
https://stackoverflow.com/questions/934 ... dows-firew
Last edited by mozerd on Sat Jan 28, 2023 5:36 pm, edited 1 time in total.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Block Youtube on computers and smartphone apps

Sat Jan 28, 2023 5:28 pm

Yes,

the solution to this topic is still the post #2...
 
User avatar
Larsa
Forum Guru
Forum Guru
Posts: 1025
Joined: Sat Aug 29, 2015 7:40 pm
Location: The North Pole, Santa's Workshop

Re: Block Youtube on computers and smartphone apps

Sat Jan 28, 2023 6:06 pm

MikroTik Routers and RouterOS cannot do Deep Packet Inspection [DPI] so any site that uses HTTPS:\\ [like YouTube, Facebook, etc.] cannot be inspected and blocked .... to do that you need to have the Router/Hardware capable of doing DPI efficiently without impacting performance greatly ... Those type of Router systems are generally defined as Content Management Systems [CMS].

If that interest you then Vendors like DrayTek and their Vigor2962/3910 routers can do it nicely -- for those type of devices the CMS portion usually has an licensing cost associated to the CMS modules as addons ...

DPI (Deep Packet Inspection) is currently impossible to perform on standard encrypted payloads which is what almost all traffic is these days, thus you have just IP address and port number to play with. Also, there is no hardware that can crack today's encryption algorithms and decrypt traffic in real-time. It's worth noticing that the most current algorithms are also quantum-safe.

There are some very specific solutions targeted at enterprise that disconnect certificates with a “man-in-the-middle” encryption server, but since end-to-end encryption (“aka zero trust”) is more or less standard in modern software, MitM solutions will soon become outdated as well. Moreover, that solution is also extremely expensive and cumbersome to implement because it requires extensive changes on all clients.

Bottom line, there are no standard firewalls or/and CMSs that can perform DPI, dynamic application routing, firewall L7 filtering or whatever you want to call this for the reasons explained above.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Block Youtube on computers and smartphone apps

Sat Jan 28, 2023 6:26 pm

Excellent clear and honest advice rextended. Much appreciated.
Also Normis......... why! Concur, sometimes one needs to invoke something called parenting or business employee rules ( as in how to get fired ).

As for yahm........
https://media.tenor.com/DGlbJWqzeNEAAAA ... -truth.gif
 
User avatar
Larsa
Forum Guru
Forum Guru
Posts: 1025
Joined: Sat Aug 29, 2015 7:40 pm
Location: The North Pole, Santa's Workshop

Re: Block Youtube on computers and smartphone apps

Sat Jan 28, 2023 6:51 pm

Regarding the OP and how to block Youtube, here are my two recommendations where both should be used together for best effect:

1. Firstly and if it's not for personal use I would subscribe to a service otherwise I'd use a tool like iplist-youtube to get the most current ip addresses for a blocklist. If you don't want to host and run "iplist-youtube" yourself, the address lists are updates every 5 minutes and are available here

- Ipv4 list raw link => https://raw.githubusercontent.com/touhidurrr/iplist-youtube/main/ipv4_list.txt
- Ipv6 list raw link => https://raw.githubusercontent.com/touhidurrr/iplist-youtube/main/ipv6_list.txt

2. Implement pi-hole or similar.

Many cruise ships and airlines block YouTube and similar streaming services by using specialized providers that offer these as commercial services
Last edited by Larsa on Sat Jan 28, 2023 7:18 pm, edited 1 time in total.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Block Youtube on computers and smartphone apps

Sat Jan 28, 2023 7:11 pm

Since IPs used from youtube servers are not used only for youtube (no matter how fresh are the list),
you broke also other google service that broken other sites
(googleads, googleadservices, google-analytics, googlesyndication, googletagmanager, googletagservices, doubleclick, 1e101, etc.)
because often other sites that have nothig to do directly with google, use google services for dispaly contents and on this way are broken.....
 
holvoetn
Forum Guru
Forum Guru
Posts: 5318
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Block Youtube on computers and smartphone apps

Sat Jan 28, 2023 7:12 pm

That's the whole point of pi-hole ... :?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Block Youtube on computers and smartphone apps

Sat Jan 28, 2023 7:15 pm

NO, still valid post #2:
Until you do not have full control of user device, you can not stop DoH & Co. with pihole (and neither the VPNs).

If someone want go to youtube, go to youtube.
 
User avatar
Larsa
Forum Guru
Forum Guru
Posts: 1025
Joined: Sat Aug 29, 2015 7:40 pm
Location: The North Pole, Santa's Workshop

Re: Block Youtube on computers and smartphone apps

Sat Jan 28, 2023 7:25 pm

Many cruise ships and airlines block YouTube and similar streaming services by using specialized providers that offer these as commercial services (ie ip and dns blocking). And yes, there might be shared streaming services for some suppliers. Forget DPI.
 
User avatar
mozerd
Forum Veteran
Forum Veteran
Posts: 871
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: Block Youtube on computers and smartphone apps

Sat Jan 28, 2023 7:33 pm

DPI (Deep Packet Inspection) is currently impossible to perform on standard encrypted payloads which is what almost all traffic is these days, thus you have just IP address and port number to play with. Also, there is no hardware that can crack today's encryption algorithms and decrypt traffic in real-time. It's worth noticing that the most current algorithms are also quantum-safe.
@Larsa
I happen to disagree with your opinion ... I have a number of very successful inexpensive CMS systems in service made by Untangle that are very effective as MY Clients continue tell me .... and recently I have seen the DrayTek models I referred to earlier that are doing well in this area reported by some of my Colleagues that have peeked my interest due to there performance metrics that are also relatively inexpensive when compared to the big boys CMS offerings ...
 
User avatar
Larsa
Forum Guru
Forum Guru
Posts: 1025
Joined: Sat Aug 29, 2015 7:40 pm
Location: The North Pole, Santa's Workshop

Re: Block Youtube on computers and smartphone apps

Sat Jan 28, 2023 7:44 pm

They can certainly work to a limited extent using only IP addresses and port numbers, but there are no standard firewalls capable of running DPI on encrypted traffic. Any company with a reasonably updated understanding of security runs business-critical applications with encrypted communication, even for internal use.
 
reinerotto
Long time Member
Long time Member
Posts: 519
Joined: Thu Dec 04, 2008 2:35 am

Re: Block Youtube on computers and smartphone apps

Sun Jan 29, 2023 5:53 am

Until you do not have full control of user device, you can not stop DoH & Co. with pihole (and neither the VPNs).
Not absolutely correct. You _can_ stop DoH/DoT, and VPNs as well, at least, many or most of them.
I.e. for WiFi in schools, this is an important feature.
You can _not_ block DoH without DPI, in case the user is running his private DoH-server, or his private VPN-server.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Block Youtube on computers and smartphone apps

Sun Jan 29, 2023 12:05 pm

You can stop DoH/DoT, and VPNs as well, at least, many or most of them.
some of them. Since you can not see inside 443 encrypted packets, you have no way to see if it just normal https traffic or any VPN going over port 443.

As rextended writes, you need full control of the client to make sure you now what are going on.


----------------------------------------------------------------------------------------
Use Splunk> to log/monitor your MikroTik Router(s). See link below. :mrgreen:

MikroTik->Splunk
Last edited by Jotne on Sun Feb 12, 2023 9:50 pm, edited 1 time in total.
 
User avatar
jbl42
Member Candidate
Member Candidate
Posts: 214
Joined: Sun Jun 21, 2020 12:58 pm

Re: Block Youtube on computers and smartphone apps

Sun Jan 29, 2023 12:42 pm

As always with technical problems: It is not about who is right. It is about what works.

In summary:
Youtube can be blocked to a certain extend for the average user by forwarding DNS to a commercial DNS service like Cloudflare, Umbrella etc. They have the abilities to track and adapt to the constant changes on youtubes's CDS host entries and filter them out. You cannot block the youtube CDS IPs in general, as they run many other services beside youtube on the same IPs.
You can block DoHS/HTTPS VPN for the average user by blocking 443 to IPs of the well known public accessible VPN and DoHS servers.

This mostly limits access for the average school student or hotel guest.
But there is no way to block someone with the necessary skills to use HTTPS VPN and/or DoHS to connect to a server IP you do not know about.
Except enterprise HTTPS proxy solutions breaking up the SSH connection, doing DPI and reencrypting towards the internal client using a private root Cert installed as trusted on the internal clients.

Everyone claiming different is invited to provide working solutions instead of just presenting assertions on what they think works or does not.
Because again: It is not about who is right. It is about what works.
 
reinerotto
Long time Member
Long time Member
Posts: 519
Joined: Thu Dec 04, 2008 2:35 am

Re: Block Youtube on computers and smartphone apps

Sun Jan 29, 2023 1:00 pm

Applaus.
You did the "teaching", I was too lazy for. Assuming, my hints would trigger some thinking.
BTW: SNI intercept can also help in blocking youtube etc.
 
User avatar
memelchenkov
Member Candidate
Member Candidate
Posts: 202
Joined: Sun Oct 11, 2020 12:00 pm
Contact:

Re: Block Youtube on computers and smartphone apps

Sun Jan 29, 2023 1:23 pm

BTW: SNI intercept can also help in blocking youtube etc.
TLS 1.3 encrypts SNI. So this method is gone now.
 
reinerotto
Long time Member
Long time Member
Posts: 519
Joined: Thu Dec 04, 2008 2:35 am

Re: Block Youtube on computers and smartphone apps

Sun Jan 29, 2023 1:59 pm

Actually, not enforced everywhere. Does youtube enforce it ?
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Block Youtube on computers and smartphone apps

Sun Jan 29, 2023 6:13 pm

This mostly limits access for the average school student
This is the worst group. I have been working with network for high school student over many years, and they find away around everything. If one finds out all knows how to bypass blockage in just some seconds.

----------------------------------------------------------------------------------------
Use Splunk> to log/monitor your MikroTik Router(s). See link below. :mrgreen:

MikroTik->Splunk
Last edited by Jotne on Sun Feb 12, 2023 9:50 pm, edited 1 time in total.
 
jovaf32128
just joined
Posts: 24
Joined: Sun Apr 26, 2020 9:22 pm

Re: Block Youtube on computers and smartphone apps

Sun Jan 29, 2023 7:27 pm

"Voilà! shit", but have you tried it?
Browsers will still use https/TLS anyway,
it's not that QUIC is the only thing that exists.
Yes. In my case I wanted to slow down youtube traffic, so used mangle with tls-host *googlevideo.com* to mark packets for the queues. But specially for you I tried to do:
add action=reject chain=forward protocol=tcp reject-with=tcp-reset tls-host=*googlevideo.com*
and it also works well. Yes, youtube.com still opened, but no one video was loaded.
 
User avatar
jbl42
Member Candidate
Member Candidate
Posts: 214
Joined: Sun Jun 21, 2020 12:58 pm

Re: Block Youtube on computers and smartphone apps

Mon Jan 30, 2023 12:52 am

Yes, using tls-host is in my experience the best result with least effort
add action=reject chain=forward in-interface-list=LAN protocol=tcp reject-with=tcp-reset tls-host=*.googlevideo.com
Plus a rule to block quic. It is resistant to DoHS, but not against VPN. It requires only one simple and easy to maintain filter rule.
Until you realize there are thousands of other video sites and streaming portals still working and requiring rules.
At the end it is a hare and hedgehog race with your users you hardly ever win.
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: Block Youtube on computers and smartphone apps

Mon Jan 30, 2023 9:27 am

So you're all responsible for all those complaints about youtube / facebook beeing slow or non functional, because you put crap limits on things.
 
User avatar
jbl42
Member Candidate
Member Candidate
Posts: 214
Joined: Sun Jun 21, 2020 12:58 pm

Re: Block Youtube on computers and smartphone apps

Wed Feb 01, 2023 10:24 pm

I'm not ;-)

I only apply such filters for stupid paying customers wanting it. Because they only know YouTube for video and Facebook for social media. So they think trying to block those two sites helps anything.
What I sometimes do on sites with low bandwidth uplink is using tls-host rules to apply youtube/netflix etc. (whatever their favorite video/streaming sites are) to low priority queues. So they can watch videos without having to fear disrupting ongoing Zoom/Teams/SIP calls.
But even for such use cases, I started to prefer Cake queues. Cake does priorisation automatically with mostly good results without requiring to maintain a set of tls-host rules for individual DNS hosts.
 
User avatar
ahmedramze
Member Candidate
Member Candidate
Posts: 111
Joined: Mon Feb 21, 2005 9:29 am
Location: IRAQ
Contact:

Re: Block Youtube on computers and smartphone apps

Thu Feb 02, 2023 12:20 am

Hi

blocking youtube will cos issues in some google services such as app/gmail/etc. they use same IPs and domains for google global cache and if you block it it will move your ip into next GGC node.
but you can burst queue for video like 2kbps for 5-10sec which make video in downloads loop.

google/Meta/Amazon CDNs they not one IP or range you can block it some videos stored in local GGC and other in another country.

if you need it urgently better talk with your ISP to block your Public IP from getting videos only but I don't know if google accept to do it.

also Working on L7 filtering its but you on CPU load for mikrotik.

Regards.
 
dtaht
Member Candidate
Member Candidate
Posts: 209
Joined: Sat Aug 03, 2013 5:46 am

Re: Block Youtube on computers and smartphone apps

Fri Feb 10, 2023 10:21 pm

I'm not ;-)

I only apply such filters for stupid paying customers wanting it. Because they only know YouTube for video and Facebook for social media. So they think trying to block those two sites helps anything.
What I sometimes do on sites with low bandwidth uplink is using tls-host rules to apply youtube/netflix etc. (whatever their favorite video/streaming sites are) to low priority queues. So they can watch videos without having to fear disrupting ongoing Zoom/Teams/SIP calls.
But even for such use cases, I started to prefer Cake queues. Cake does priorisation automatically with mostly good results without requiring to maintain a set of tls-host rules for individual DNS hosts.
Yay! The point here (especially for ipv6 (Always) OR ipv4 on cake located on the nat router) is that it manages flows to hosts better. A host doing voip and one doing netflix and one doing torrent get balanced automatically, each getting 1/3 the bandwidth, and what you dont use gets shared equally, so voip experiences zero queuing delay, because it is lightweight.

I am not big on the word prioritization, what lies underneath is per host/per flow fq. https://arxiv.org/abs/1804.07617
 
kevinds
Long time Member
Long time Member
Posts: 575
Joined: Wed Jan 14, 2015 8:41 am

Re: Block Youtube on computers and smartphone apps

Sun Feb 12, 2023 9:54 pm

Do you say that you can stop me from browsing where I want without having 100% control of the client? PC/Mobil etc.
How do you block DoH/DoQ/DoT?
You turn it off in the clients.
 
kevinds
Long time Member
Long time Member
Posts: 575
Joined: Wed Jan 14, 2015 8:41 am

Re: Block Youtube on computers and smartphone apps

Sun Feb 12, 2023 9:58 pm

I tried every possible way I saw on the Internet but didn't work with me, I would really appreciate your help.
Thanks in advance.
I accompished the goal by having some control on the clients and Pi-Hole..

Disabled DoH (DNS over HTTPS) and set Pi-Hole to block YouTube.

I also have 8.8.8.8 and 8.8.4.4 blocked so that the Application can't try it's own lookups.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Block Youtube on computers and smartphone apps

Mon Feb 13, 2023 8:36 am

Do you say that you can stop me from browsing where I want without having 100% control of the client? PC/Mobil etc.
How do you block DoH/DoQ/DoT?
You turn it off in the clients.
And this is what I say, to do that you need to have control of the clients, just as I did write above.
In a company network with company rules ok. As an IPS not.



-----------------------------------------------------------------------------------------------
Use Splunk> to log/monitor your MikroTik Router(s).--> MikroTik->Splunk :mrgreen:
Backup config to Gmail -->Backup
Block users that tries too use non open ports -->Block
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Block Youtube on computers and smartphone apps

Mon Feb 13, 2023 10:54 am

All this posts, but still valid what is written on post #2...
All is useless after that post, no matter what users writes...
viewtopic.php?t=188288#p950776
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Block Youtube on computers and smartphone apps

Mon Feb 13, 2023 11:04 am

-----------------------------------------------------------------------------------------------
Use Splunk> to log/monitor your MikroTik Router(s).--> MikroTik->Splunk :mrgreen:
Backup config to Gmail -->Backup
Block users that tries too use non open ports -->Block
-----------------------------------------------------------------------------------------------
Use Splunk> to log/monitor your MikroTik Router(s).--> MikroTik->Splunk :mrgreen:
Backup config to Gmail -->Backup
Block users that tries too use non open ports -->Block


Please stop adding fake signatures, on the forum they are disabled on purpose, and adding this is spam, because users can't block your text from being seen.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Block Youtube on computers and smartphone apps

Mon Feb 13, 2023 11:37 am

I will do.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Block Youtube on computers and smartphone apps

Mon Feb 13, 2023 11:42 am

I will do.
Thank you for your courtesy. Really... thanks...
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: Block Youtube on computers and smartphone apps

Mon Feb 13, 2023 11:55 am

from my experience , if u want to block https traffic defiantly MT can do perfectly, but if u want on application level, i found useful by using OpenDNS
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Block Youtube on computers and smartphone apps

Mon Feb 13, 2023 2:21 pm

I will do.
If it was exquisite Italian Art, it may pass the rextended litmus test. :-)
So perhaps next time a naked David with half a prick ;-)
 
reinerotto
Long time Member
Long time Member
Posts: 519
Joined: Thu Dec 04, 2008 2:35 am

Re: Block Youtube on computers and smartphone apps

Mon Feb 13, 2023 4:01 pm

All this posts, but still valid what is written on post #2...
Please, stop to spread wrong info. You can not assume, that, in case, you did not succeed in blocking, nobody else can do, as well.
I.e. what does any browser, trying to use QUIC, in case UDP port 443 blocked in router ?
There is an old proverb, in Chinese: Those, who do not know, talk. Those, who know, do not talk.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Block Youtube on computers and smartphone apps

Mon Feb 13, 2023 4:47 pm

An old North American Proverb, if you open your mouth any further, will be able to fit both feet in it !!

[ caveat: I know sheite about quic, quiddich etc. but I do like proverbs and the occasional reverb ]
 
kevinds
Long time Member
Long time Member
Posts: 575
Joined: Wed Jan 14, 2015 8:41 am

Re: Block Youtube on computers and smartphone apps

Mon Feb 13, 2023 5:23 pm

All this posts, but still valid what is written on post #2...
All is useless after that post, no matter what users writes...
What I wrote, does work.

My network, my rules.. Don't like my rules, you'll find your MAC address(es) blocked.

My AP already doesn't allow 'randomized MACs' from connecting.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Block Youtube on computers and smartphone apps

Mon Feb 13, 2023 6:04 pm

All this posts, but still valid what is written on post #2...
Please, stop to spread wrong info. You can not assume, that, in case, you did not succeed in blocking, nobody else can do, as well.
I.e. what does any browser, trying to use QUIC, in case UDP port 443 blocked in router ?
There is an old proverb, in Chinese: Those, who do not know, talk. Those, who know, do not talk.
Did you forget about the topic?
Please point me to the point where you explain exactly how: "Block Youtube on computers and smartphone apps" and we mean, youtube only, of course.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Block Youtube on computers and smartphone apps

Mon Feb 13, 2023 6:06 pm

What I wrote, does work.
Is not correct, on post #2
supposed: no control on user devices
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Block Youtube on computers and smartphone apps

Mon Feb 13, 2023 7:00 pm

And if some tries to block some, you can always use an external service.

This is not a commercial, since it free, but you get a free Oracle VPS with:
4 strong ARM CPU (aarc64)
24 GB ram
200GB disk
+ much more
Free for life

So I can setup a proxy server/vpn +++ for free and bypass the most.

I can set it up so when I do go to youtube.jotne.it than it opens youtube.com in my url. Cloudflare ZeroTrust (free for home users)
 
kevinds
Long time Member
Long time Member
Posts: 575
Joined: Wed Jan 14, 2015 8:41 am

Re: Block Youtube on computers and smartphone apps

Mon Feb 13, 2023 7:10 pm

What I wrote, does work.
Is not correct, on post #2
supposed: no control on user devices
You said in Post #2, that it isn't possible..

It is..

If the client devices want internet access, they follow my rules (no VPNs and no DoH).. Internet traffic without DNS lookups, they get null-routed.

I have TikTok permanently blocked, sometimes YouTube.

The problem with blocking YouTube for students, is that some (many) teachers assign YouTube videos as instruction and/or homework.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Block Youtube on computers and smartphone apps

Mon Feb 13, 2023 7:13 pm

And this is with MikroTik Router?
Post your config.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Block Youtube on computers and smartphone apps

Mon Feb 13, 2023 7:15 pm

And this is with MikroTik Router?
Post your config.
What, you want evidence? Hearsay and opinion are not enough!
 
kevinds
Long time Member
Long time Member
Posts: 575
Joined: Wed Jan 14, 2015 8:41 am

Re: Block Youtube on computers and smartphone apps

Mon Feb 13, 2023 7:21 pm

And this is with MikroTik Router?
Post your config.
My AP (Cisco Aironet) has a checkbox to disallow 'randomized' MACs.

PiHole blocks TikTok and YouTube (when desired).

RouterOS drops 1.1.1.1, 8.8.4.4, and 8.8.8.8 and individual clients as needed. Plus a few other well-known DoH servers.

I look at the PiHole logs manually, if a client isn't making lookups, I manually add them to the firewall drop rules.
Last edited by kevinds on Mon Feb 13, 2023 7:23 pm, edited 1 time in total.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Block Youtube on computers and smartphone apps

Mon Feb 13, 2023 7:22 pm

Evidens that some are done that I would say can not be down without control of the client.

Try this:
https://ultrasurf.us/

Its a simple exe file, that your run on your PC (or other), that makes a proxy for your browser. No need to admin rights.
Its made for passing the great wall of china.
And this is just one of many tools that can be used to bypass the most blockage.
 
kevinds
Long time Member
Long time Member
Posts: 575
Joined: Wed Jan 14, 2015 8:41 am

Re: Block Youtube on computers and smartphone apps

Mon Feb 13, 2023 7:25 pm

puTTY.exe can do this too with an SSH server.

My network, I would notice both (no DNS lookups for the host), and then drop the host's traffic.
Last edited by kevinds on Tue Feb 14, 2023 4:34 am, edited 1 time in total.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Block Youtube on computers and smartphone apps

Mon Feb 13, 2023 10:33 pm

So you block everything, not youtube selectively, and continue to be offtopic.

No one has posted a NON-invasive method on the client device, which selectively blocks youtube ONLY,
no matter if the user use VPN, private DoH (yes... PRIVATE...), ICMP tunnels, etc...

All empty talks...

Still valid post #2, that is the reply of this topic, not about change client device config or block everything if the user do not use that DNS, etc.
 
kevinds
Long time Member
Long time Member
Posts: 575
Joined: Wed Jan 14, 2015 8:41 am

Re: Block Youtube on computers and smartphone apps

Mon Feb 13, 2023 10:48 pm

So you block everything, not youtube selectively, and continue to be offtopic.
No.

I *only* block everything if the host continues to use DoH and/or VPN/Proxy services.

No one has posted a NON-invasive method on the client device, which selectively blocks youtube ONLY,
no matter if the user use VPN, private DoH (yes... PRIVATE...), ICMP tunnels, etc...
If a LAN IP has internet traffic but no local DNS lookups, they lose internet access.

What does non-invasive mean to you?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Block Youtube on computers and smartphone apps

Mon Feb 13, 2023 11:10 pm

What does non-invasive mean to you?
It's invasive to block everything in retaliation because you are not able to just block youtube...

It is invasive to act on the customer's device.

The customer must be able to do anything freely, except use youtube, and you must not touch the device config or install some software.
If you alter this premise in anything, is not anymore on topic.
It's obvious if I break the client device, with that he doesn't go on youtube anymore... (but not anywhere else either...)
 
kevinds
Long time Member
Long time Member
Posts: 575
Joined: Wed Jan 14, 2015 8:41 am

Re: Block Youtube on computers and smartphone apps

Mon Feb 13, 2023 11:19 pm

How is this not on topic? That wasn't a stated requirement in the OP.

Otherwise you are being dumb.. User is allowed whatever proxy and VPN they want, but still 'required' to block YouTube? No solution can do that unless internet access overall is white-listed.

My network, my rules. If the user wants internet access, they are not allowed to use VPN/Proxy or DoH. They use those, they lose network access. User can do it themselves or they can ask for help with the settings if they need.
Last edited by kevinds on Tue Feb 14, 2023 4:35 am, edited 1 time in total.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Block Youtube on computers and smartphone apps

Mon Feb 13, 2023 11:31 pm

Post #2....
No solution can do that unless internet access overall is white-listed.

they are not allowed to use VPN/Proxy or DoH. They use those, they lose network access
Too bad we are not close, otherwise I would show you how easy it is to get around this thing...
Of course, if you know I'm there and you purposely watch what I do...
But try to catch me with hundreds of other people surfing on the same network...
As long as you don't blacklist EVERYTHING and only allow certain IPs/sites, there is always a way around the blocks.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Block Youtube on computers and smartphone apps

Mon Feb 13, 2023 11:47 pm

There is always a way to skin the cat so to speak :-)
 
kevinds
Long time Member
Long time Member
Posts: 575
Joined: Wed Jan 14, 2015 8:41 am

Re: Block Youtube on computers and smartphone apps

Mon Feb 13, 2023 11:50 pm


As long as you don't blacklist EVERYTHING and only allow certain IPs/sites, there is always a way around the blocks.
Everything can be gotten around with time and effort.. My primary method is to remove users with traffic that do not have DNS lookups, which would work for the OP and majority of users.

Blocking YouTube for students, is not a good idea because teachers assign/use YouTube for lessons, but it can be done. I will have TikTok blocked for the foreseeable future though.
Last edited by kevinds on Tue Feb 14, 2023 4:36 am, edited 1 time in total.
 
kevinds
Long time Member
Long time Member
Posts: 575
Joined: Wed Jan 14, 2015 8:41 am

Re: Block Youtube on computers and smartphone apps

Tue Feb 14, 2023 12:03 am

As long as you don't blacklist EVERYTHING and only allow certain IPs/sites, there is always a way around the blocks.
Even that can be gotten around, speaking from experience.. haha Time and effort.. ;)
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Block Youtube on computers and smartphone apps

Tue Feb 14, 2023 12:17 am

.... I will have TikTok blocked for the foreseeable future though.
Haha, really showing your age, family members will use cell data to watch tik tok as the main vector is smartphone... Get with the times Kev! ;-)
By the way tik tok also makes large balloons! :-)
 
kevinds
Long time Member
Long time Member
Posts: 575
Joined: Wed Jan 14, 2015 8:41 am

Re: Block Youtube on computers and smartphone apps

Tue Feb 14, 2023 12:32 am

They tried that when I blocked YouTube...

I turned off their cellular data in response.. ;)
Last edited by BartoszP on Tue Feb 14, 2023 2:51 am, edited 1 time in total.
Reason: removed excessive quotting of preceding post; be wise, quote smart, save network traffic
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Block Youtube on computers and smartphone apps

Tue Feb 14, 2023 1:21 am

Well, the outcome will be quite simple, they will either
a. spend less and less time at your place ( the dungeon) and more and more time at other peoples houses. :-0
b. will become software and wifi engineers and devise work arounds ( heck a wireless wire cube setup in the right location would allow them to beam and bypass your entire setup LOL )
 
kevinds
Long time Member
Long time Member
Posts: 575
Joined: Wed Jan 14, 2015 8:41 am

Re: Block Youtube on computers and smartphone apps

Tue Feb 14, 2023 1:30 am

I will encourage both options.. Especially "b". :D

Already have a longer-term goal of talking to the ISS as it passes over..

Likely less effort to hack the Pi-Hole server and disable the custom domain blacklists..

Quick/dirty solution to "b" would be deauths though.. ;)

BOFH, I am well aware, but it works well.. haha
Last edited by kevinds on Tue Feb 14, 2023 6:04 am, edited 2 times in total.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Block Youtube on computers and smartphone apps

Tue Feb 14, 2023 1:41 am

I wonder if they will go into the drywall and splice off the ethernet line heading to your computer.........oh the malware they could inject.........
 
kevinds
Long time Member
Long time Member
Posts: 575
Joined: Wed Jan 14, 2015 8:41 am

Re: Block Youtube on computers and smartphone apps

Tue Feb 14, 2023 1:50 am

I did that at my parent's place when I was younger.. haha Telephone line though, for dialup..
Last edited by BartoszP on Tue Feb 14, 2023 2:51 am, edited 1 time in total.
Reason: removed excessive quotting of preceding post; be wise, quote smart, save network traffic
 
yohanoc76
just joined
Posts: 1
Joined: Sat Nov 11, 2023 10:32 am

Re: Block Youtube on computers and smartphone apps

Sat Nov 11, 2023 10:42 am

I can block traffic youtube from smartphone and laptop using this script. after try many more

#add L7 regex
/ip firewall layer7-protocol
add name=YT-BLK regexp="^.+(.*youtube.com|.*ytimg.com|.*googlevideo.com).*\$"

#add dynamic address list when matches with l7 regex
/ip firewall mangle
add action=add-dst-to-address-list address-list=YT-BLK address-list-timeout=none-dynamic chain=forward layer7-protocol=YT-BLK

#block ip dst youtube
/ip firewall filter
add action=drop chain=forward connection-state="" dst-address-list=YT-BLK out-interface=ether1-WAN


you can try and command at this if success or not.

thanks
 
User avatar
jbl42
Member Candidate
Member Candidate
Posts: 214
Joined: Sun Jun 21, 2020 12:58 pm

Re: Block Youtube on computers and smartphone apps

Fri Nov 17, 2023 9:54 pm

If I have control over my device connected to your network, i just connect to the https based VPN server running on one of my servers.
For your firewall it is just encrypted https traffic on usual dest port 443. For me it is a tunnel to my server from where I can go everywhere. Including youtube.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Block Youtube on computers and smartphone apps

Fri Nov 17, 2023 11:40 pm

I can block traffic youtube ...

Mancava questo invio alla collezione...
 
massinia
Member Candidate
Member Candidate
Posts: 159
Joined: Thu Jun 09, 2022 7:20 pm

Re: Block Youtube on computers and smartphone apps

Fri Mar 01, 2024 4:29 pm

/ip firewall filter
add action=add-dst-to-address-list address-list="Youtube Block" \
    address-list-timeout=4d chain=forward dst-port=443 protocol=tcp tls-host=\
    *youtube*
add action=drop chain=forward dst-address-list="Youtube Block" src-address=\
    192.168.88.0/24
This works for me, blocks YouTube app for Android/iOS, smart TV and PC browsers.
Fasttrack must be deactivated.

It also works with RAW
/ip firewall raw
add action=add-dst-to-address-list address-list="Youtube Block" \
    address-list-timeout=3d chain=prerouting dst-port=443 protocol=tcp \
    tls-host=*youtube*
add action=drop chain=prerouting dst-address-list="Youtube Block"
I don't know which is lighter for the CPU (Filter or RAW).
 
optio
Long time Member
Long time Member
Posts: 655
Joined: Mon Dec 26, 2022 2:57 pm

Re: Block Youtube on computers and smartphone apps

Fri Mar 01, 2024 5:41 pm

It will work until Youtube hosts implements ESNI. After that you can only block by address list with resolved Youtube hosts and hoping that some of that resolved Youtube host IPs are not shared with some other hosts that are on same IP that shouldn't be blocked (some Google service for eg.).
There are also sites like this or this which are for downloading/watching videos related to some session on website or as helper for mobile browsers which doesn't have video download addons, on this sites it is possible to watch/download YT videos if you get link from elsewhere (when YT domain is blocked), in this case direct YT video is requested in browser from URL at googlevideo.com domain (because site backend side is parsing YT page to get video URL and it's not requested from browser) and it should be also blocked if you want to avoid that. Maybe there are also sites what are warping YT over their domain too using YT API key for fetching and playing videos (probably paid service since free YT API key has limits).
Last edited by optio on Fri Mar 01, 2024 6:16 pm, edited 3 times in total.
 
massinia
Member Candidate
Member Candidate
Posts: 159
Joined: Thu Jun 09, 2022 7:20 pm

Re: Block Youtube on computers and smartphone apps

Fri Mar 01, 2024 6:13 pm

It will work until Youtube hosts implements ESNI.
You're right, I read that this kind of traffic can't be analyzed even with a DPI firewall.
Let's see what will happen later...

Who is online

Users browsing this forum: Bing [Bot], mrz and 60 guests