no youtube in our office

so, at my client’s office, there was a need to block youtube access during working hours (08:00-17:00). the local administrator there tried to create rules on mikrotik router OS firewall, using layer7-filter, block youtube ip address, and the result is more complaints from user 🙁

So the idea was:

  1. implement l7-filter to identify youtube traffic
  2. gather youtube IP addresses
  3. block those youtube IP address

I have warned them that the method above could have impact on other google services as youtube is part of google services, and its more likely they will share same IP addresses. that means if you block youtube ip addresses, you will block other google services as well.

well, firewall rules goes on (and seemed my warning was ignored :-p), and few moments later, customers were complaining, they cannot access google drive, and started screaming. see picture below:

google drive cannot be accessed from local network

after that, i jumped into the router, check blocklist of youtube IP address, and tadaa… look at the picture below

google drive and youtube are sharing same IP address

so, i did ping the drive.google.com, and get its IP address. and i found that IP address on youtube blocklist. oh my… :-p this really explain why clients cannot access google drive. clearly because our firewall blocks them.

Conclusion: method of “block youtube IP address” has an impact of not being able to access other services. we need to use other method to of blocking youtube, and clearly its not based on layer 3 information only.

5 Comments

    • Feel u 2

      You could block it via DNS and then disallow all other connnections via port 53 to internet. That’s how I set it up on my Linux machine. However, this will not prevent advanced users from accessing youtube.

    • George

      You could block it via DNS and then disallow all other connnections via port 53 to internet. That’s how I set it up on my Linux machine. However, this will not prevent advanced users from accessing youtube.

  • Anon

    You could block it via DNS and then disallow all other connnections via port 53 to internet. That’s how I set it up on my Linux machine.

  • Haryono

    ditempat saya tidak perlu untuk block websitenya, batasi saja kecepatan streaming video nya, ini lebih efektif dan layanan google bisa berjalan dengan normal

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.