Many web sites such as YouTube now use HTTPS to deliver content. As a result, they can be difficult to block using URL filtering in the firewall settings. The Vigor2830 does not have the UCF option under DNS filter, so this document provides a solution that can be used to block HTTPS websites without using DNS Filter.
This document describes how to block YouTube without using DNS Filter.
We will apply the firewall filter to block access to YouTube for a group of PC’s within the IP address range 192.168.1.10 – 192.168.1.20.
Step 1: Determine all the Web Sites that need to be blocked
Some HTTPS web sites get content from various sources. You will need to build up a list of these sites and determine the IP address ranges being used.
For YouTube there are 6 sites that need to be included. These are:
Name IP Address
i.ytimg.com 216.58.214.238
s.ytimg.com 173.194.116.110
youtube.com 216.58.199.46
googlevideo.com 216.58.199.36
youtube-ip-range 209.85.175.1 – 209.85.175.254
www.youtube.com 216.58.220.142
Step 2: Create IP Objects
Go to Objects Setting >> IP Object menu and create IP Object profiles for each of the sites mentioned in step 1.
The settings for each objects is shown below:
Step 3: Create IP Group
We now combine all the IP objects into a group to make it easier to include in the firewall settings.
Go to Objects Setting>>IP Group configuration menu and move the IP objects into an IP group. WE have named the IP Group “youtube”
Firewall setting to block YouTube for LAN IP addresses in the range 192.168.1.10 to 192.168.1.20
Go to Firewall>>Filter Setup and add a firewall rule with source IP address range of 192.168.1.10 – 192.168.1.20 and destination to any IP addresses in the IP group youtube and Block if No Further Match.