Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 28 subscribers
  • Views 9599 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

YouTube restricted mode in v17 and Enforce SafeSearch

lukg

In v17 you can't disable restricted Youtube mode selectively while using WEB proxy and web policies when Enforce SafeSearch is enabled.

I was able to do this in V16 by disabling HTTPS decryption but this is no longer working in V17.  So fix to v17 disabled possibility to apply my workaround.

 

from sophos ideas:

Restrict YouTube via HTTP Header for some user groups - MARKED AS COMPLETED WHEN IS NOT

ideas.sophos.com/.../13618821-restrict-youtube-via-http-header-for-some-user-gro

 

separating “YouTube Restricted Mode” from "Enable SafeSearch"  is under review 

https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/31979224-separating-youtube-restricted-mode-from-enable

 

Per-policy control for SafeSearch - is under review 

https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/32531740-per-policy-control-for-safesearch

 



This thread was automatically locked due to age.
Parents
  • 0

    I did as suggested in the following post and bypassed restrict mode on YouTube.

    https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/97377/enforce-safesearch-issues-on-youtube

    In my case, I created a minimalist FQDN Host Group (YouTubeFQDNHostGroup) with

    *.youtube.com

    *.googlevideo.com

    *.ytimg.com

    *.googleapis.com

    And then I created a firewall rule at the top (before my other rules per group) that accepted LAN/Any to WAN/YouTubeFQDNHostGroup/Any for a specific authentication Group and turned off Web Malware and Content Scanning (all options), set the Intrusion Prevention, set the Web Policy to None and set the Application Control.

    Obviously, only do this if you have some faith/trust in YouTube as it will bypass all scanning (kind of makes a NG firewall equal to a brick).

    In the other post they included more domains/hosts. However, I have had success with a smaller set (trying to keep it to the smallest possible).

    Regards,

    Gary

  • 0 in reply to GaryChancellor

    This is a great suggestion but it will only work with transparent proxy not traditional proxy which is set in the web browser.

    Our apple clients +100 have the proxy set in the web browser so we would have to re-configure them first.  

Reply Children
No Data