[squid-users] Youtube "challenges"

Rafael Akchurin rafael.akchurin at diladele.com
Tue Feb 23 07:38:03 UTC 2016 

Hello Darren,

Sorry not to directly answer your question.. but would you be interested in the following functionality regarding YouTube:


-         Allow only specified YouTube videos to be watched on YouTube.

Best regards,
Rafael



From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Darren
Sent: Tuesday, February 23, 2016 6:02 AM
To: squid-users at lists.squid-cache.org
Subject: [squid-users] Youtube "challenges"

Hi all

AI am putting together a config to allow the kids to access selected videos in YouTube from a page of links on a local server.

I am serving up the YouTube links in the <iframe> format that is used for embedding and they play embedded on a page from a local server.

The issues is that YouTube is "doing the world a favor" by enforcing HTTPS connections from within the code it services into the iframe so I can't see anything that goes on and need to allow CONNECT to YouTube via squid or I don't get any video.

I want to make sure the kids don't stray out of the selected library and I don't want them being able to go onto https://www.youtube.com (the the CONNECT ACL)

Ideally I would only allow connect for that session and only if they viewed a clip that needed to get to YouTube. I would also need to stop them from opening another browser tab whilst viewing a clip and going directly to YouTube.

The https upgrade happens after the browser fetches the http version of the link with a 301 redirect the first time and a 307 (internal redirect) from then on once the browser has it cached. I can control assess to teh http version of the embed link just fine, but I just cant figure out how to just allow the CONNECT to Youtube for just that browser tab / session.

I have tried both Chrome and Firefox and both do the same thing.

I have been looking at possibly building an ACL that the browser page could fetch as a url_regex that would then allow connects to happen provided they come from that session but can't seem to make it work. It would be something like the captive portal style ACLS with a key being stored and checked for validity before allowing a connect.

Can anyone point me to a way forward on this, I my be trying to over complicate it but judging from various forums I have seen, YouTube is a pain and a moving target.

thanks

Darren B.













Sent from Mailbird<http://www.getmailbird.com/?utm_source=Mailbird&utm_medium=email&utm_campaign=sent-from-mailbird>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160223/ea553a68/attachment.html>

More information about the squid-users mailing list