Home » Kerio User Forums » Kerio Control » Content filtering (Allow and deny url)

Messages: 8

Karma: 0
Send a private message to this user

How we can do this.

Allow https://www.youtube.com/user/vinodtv for all users. But www.youtube.com should be blocked/deny for normal users in kerio control.

In content filter i have create two rules for this:

1. Allow vinodtv https://www.youtube.com/user/vinodtv/* All allow

2. Deny Youtube *.youtube.com/* All Deny

when any user is direct browse the youtube side i.e www.youtube.com kerio control block/deny the user request.

when any user is browse the www.youtube.com/user/vinodtv my youtube channel is open it's good but here if any user click on any other link or video witch did not belong to my youtube channel/page or search video i.e movie, Songs etc user can play all youtube video so how to block/deny user to play other youtube video except www.youtube.com/user/vinodtv.

Vinod Bhardwaj
Ernesto (Kerio)

Messages: 77
Karma: 7
Send a private message to this user
Hi Bhardwaj,

As long as your allow rule is right on top of the deny rule, it should do what you want.
For initial tests, make sure that both content rules are at the very top of the list. This is to eliminate the possibility of any other rule interfering.

If the problem continues, you may need to troubleshoot this by enabling logging on both rules and looking at the filter log (Logs->Filter). Call our tech support line if you need more help.

Sales Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
Kenneth Whittaker (Kerio)

Messages: 2
Karma: 1
Send a private message to this user
Youtube is an HTTPS site, which means it is encrypted.

It is impossible for our Transparent proxy (a man-in-the-middle) to see the data inside the HTTPS packets (including the URL) so we cannot possibly filter certain videos using our transparent proxy.

Our Transparent proxy is very easy to use, and is why users don't have to configure their browser. Since it cannot be used, some additional configuration is needed:

1. You can try to use the "Decrypt and filter HTTPS traffic" feature. This feature is quite complicated, and requires additional setup. Please see this KB article to learn more about it: http://kb.kerio.com/1651

2. You can block HTTPS completely, and force users to manually configure the web browser for proxy. This works very well, actually. I recommend it, but you must understand everything will be visible to Kerio Control including passwords (for plain text) and account numbers, etc. Control does not recognize or log this data, so it should be fine. Control does log the URLs to the "http" and "web" logs.

After you complete one of these solutions, you will begin to see the URL of visited HTTPS sites in the HTTP log on Control, and can use this information to filter specific videos in the way you are accustomed to doing it.

Kerio/GFI Brian

Messages: 852
Karma: 90
Send a private message to this user
This article describes the limitations of basic HTTPS filtering http://kb.kerio.com/1380
If you want full HTTPS filtering, you can use option 1 as described by Ken http://kb.kerio.com/1651

Brian Carmichael
Instructional Content Architect
Kenneth Whittaker (Kerio)

Messages: 2
Karma: 1
Send a private message to this user
I forgot to mention one thing (for completeness-sake).

It is easy to be fooled by a feature visible when editing an content rule. The feature is called "Also apply to secured connections (HTTPS)."

This is a bit misleading. The connection is still encrypted, so the best we can do using this feature is to look at the hostname on the certificate. This feature is not designed to completely solve filtering of exact URLs such as the one you want to allow for Youtube.

This is described more here: http://kb.kerio.com/1380 and http://kb.kerio.com/1651
Previous Topic: Issues Authenticating with VPN and AOD Users
Next Topic: Want to block Websites for one (or a range) of ip adresses
Goto Forum:

Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Jan 17 01:04:00 CET 2019

Total time taken to generate the page: 0.92035 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.