F-SBID( --name "Youtube.Channel.Specific_Custom";
--protocol tcp; --flow from_client; --app_cat 12; --service HTTP; --pattern
".youtube.com"; --context host; --no_case; --pattern "channel/UC8pN3ndaZMNOezIy48sRpHA";
--context uri; --no_case; --no_case; --within 40; --weight 50; )
F-SBID( --name "Youtube.Tag_Custom"; --protocol tcp; --flow from_client; --app_cat 6; --service HTTP; --pattern ".youtube.com"; --context host; --no_case; --pattern "/watch?"; --context uri; --no_case; --no_case; --within 40; --weight 50; --tag set,Youtube.Tag; )
F-SBID( --name "Youtube.Channel.Video_Custom"; --protocol tcp; --flow from_server; --app_cat 6; --service HTTP; --pattern "channelId|22| content=|22|UC8pN3ndaZMNOezIy48sRpHA"; --context body; --no_case; --weight 150; --tag test,Youtube.Tag; --tag clear,Youtube.Tag; )
F-SBID( --name "Youtube.Channel.Block_Custom"; --protocol tcp; --flow from_server; --app_cat 6; --service HTTP; --pattern "ucid|22|:|22|"; --context body; --no_case; --pattern !"UC8pN3ndaZMNOezIy48sRpHA"; --context body; --no_case; --distance 0; --within 30; --weight 50; --tag test,Youtube.Tag; )
Change the texts in bold into the specific channel you are interested in allowing. Set the first 3 signatures to Monitor and the last one to Block. You will need to enable deep-inspection for the signatures to work.
F-SBID( --name "Youtube.Tag_Custom"; --protocol tcp; --flow from_client; --app_cat 6; --service HTTP; --pattern ".youtube.com"; --context host; --no_case; --pattern "/watch?"; --context uri; --no_case; --no_case; --within 40; --weight 50; --tag set,Youtube.Tag; )
F-SBID( --name "Youtube.Channel.Video_Custom"; --protocol tcp; --flow from_server; --app_cat 6; --service HTTP; --pattern "channelId|22| content=|22|UC8pN3ndaZMNOezIy48sRpHA"; --context body; --no_case; --weight 150; --tag test,Youtube.Tag; --tag clear,Youtube.Tag; )
F-SBID( --name "Youtube.Channel.Block_Custom"; --protocol tcp; --flow from_server; --app_cat 6; --service HTTP; --pattern "ucid|22|:|22|"; --context body; --no_case; --pattern !"UC8pN3ndaZMNOezIy48sRpHA"; --context body; --no_case; --distance 0; --within 30; --weight 50; --tag test,Youtube.Tag; )
Change the texts in bold into the specific channel you are interested in allowing. Set the first 3 signatures to Monitor and the last one to Block. You will need to enable deep-inspection for the signatures to work.
No comments:
Post a Comment