Netskope Global Technical Success (GTS)

Use Case -  Block Youtube Shorts while allowing Youtube Completely

Netskope Cloud Version - 115

Objective

Youtube Shorts should be completely blocked while Youtube access to rest of the videos should be allowed

Prerequisite

Netskope CASB Inline license is required

Context

As YouTube continues to evolve as a prominent streaming platform, the introduction of YouTube Shorts has presented new challenges for administrators. These short, entertaining videos have led to users spending considerable amounts of time browsing through them. In response, an administrator has identified the need to establish a policy that allows access to YouTube while blocking YouTube Shorts. This document aims to provide guidance on crafting and implementing such a policy.

Do You Know?

There are two ways in which you can access Youtube Shorts : 

1- Using the Shorts section on the Youtube interface. When you click on the “Shorts” section on the Youtube interface, it takes you to a new URL where you can view all Youtube Shorts continuously

2 - Using the Shorts section on the Youtube landing page. You view this section when you scroll down on the landing page : 

Lab Recreate

• To be able to Block Youtube shorts, when accessed in any way, we first have to observe the associated events generated in Skope IT - Application events
• Based on the events observed, a Policy has to be designed in such a way that we should be able to Block Youtube Shorts accessed via the Youtube landing page or via the Shorts section in Youtube.

Policy 1 : Looking at the Skope IT Alerts, we see a few common parameters when Youtube Shorts are accessed in such a way. These parameters can be leveraged to create a Policy Logic : 

So in this case, we will try to create a Policy for Application = Youtube, Activity = View only when the Referrer URL is a Youtube Shorts URL

There are several Youtube Shorts URL, where the referrer field changes to Youtube.com :  www.youtube.com/shorts/cWoeh6x4nb8, the Referrer field changes and the same can be seen in the events below . Therefore, your policy should also cover this referrer field

Therefore, a policy that covers these criterias is also required  : Policy for Application = Youtube, Activity = View only when the Referrer URL is a Youtube URL (https://www.youtube.com/)

Below are the Steps to create a Policy to cover the above criteria

Step 1 : To include the “Referrer” Header, we need to create a HTTP “Referer” header that matches the URL. Go to Policies - Profiles - HTTP Header and create a new profile as shown below to include both URLs :  (https://www.youtube.com/) and the URLs of the format www.youtube.com/shorts/cWoeh6x4nb8

www.youtube.com/shorts/UY1NsbHgCvI

www.youtube.com/shorts/U-mclaqgfzA

Note : You can use Regex tester to build and test such regexes

Step 2 : Create a Real Time protection Policies under Policies - Real Time protection with the criteria specified earlier

Policy 2 : If you simply copy/paste the Shorts feed URL to another browser window, the Access type changes. Hence, you will need to create another policy to block access to Short Feed URL with the activity = browse

These URLs are typically in the below format  : 

www.youtube.com/shorts/cWoeh6x4nb8

www.youtube.com/shorts/UY1NsbHgCvI

www.youtube.com/shorts/U-mclaqgfzA

To block access to URLs of the above type, we can simply create a Regex that will cover all the URLs of the above types and use it in a Policy.

Regex : www\.youtube\.com\/shorts\/0A-Za-z0-9_-]{11}

Step 1 : Go to Policies - Web - URL List and create a New URL list with the Regex as shown below : 

You can test this Regex using a Regex tester tool to see if it matches the desired URLs. To learn how to build regexes, you can simply follow this link. 

Step 2 : Create a New Custom category under Policies - Web - Custom Categories and include the URL list created in the above step 

Step 3 : Create a Real time protection policy with the Custom Category created in the above step. 

Verification

• Step 1 : Try to access Youtube Shorts from landing page, From Shorts Feed and Copy / paste the URL into another browser window, the access will be blocked in all cases : 

Shorts Feed : 

• Step 2 : Copy paste the Youtube Shorts URL to a New tab, the access should be blocked : 

Always test the above policy on a subset of users before rolling out in production.

Terms and Conditions

• All documented information undergoes testing and verification to ensure accuracy.
• In the future, it is possible that the application's functionality may be altered by the vendor. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.

Notes

• This article is authored by Netskope Global Technical Success (GTS).
• For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.