Restricts and Limiting Video Streaming with Mikrotik

If you have a proxy server, you can restrict video streaming access using access control list or using contents filtering program such as squidGuard, DansGuardian, etc. But there are many websites with embedded video that has not been filtered yet. Mikrotik can help you overcome this problem and restrict access to embedded streaming video with ease.

  • Restrict bandwidth usage for embedded video streaming

You can use the following script to limit bandwidth usage for sites that embedding video streaming such YouTube, Metacafe, Tube8, etc. I’m personally already tested this script and works fine.

The scenario is using mikrotik built-in Layer7 Protocol to detects embedded video streaming on any websites, marking the data packets, then defining bandwidth limit using Simple Queue rule.

First, add a video content filter at Layer7 protocol:

/ip firewall layer7-protocol add name=http-video regexp="http/(0.9|1.0|1.1)[x09-x0d ][1-5][0-9][0-9][x09-x0d -~]*(content-type: video)"

Second, marking data packets using firewall mangle:

/ip firewall mangle add action=mark-packet chain=prerouting comment="http-video mark-packet" disabled=no layer7-protocol=http-video new-packet-mark=http-video passthrough=no

Then finally, add new rule in simple queue to limit bandwidth usage for http-video packets (in this example, download for embedded video streaming was capped at 64kbps, you can define this to suite your needs).

/queue simple add max-limit=0/64000 name=http-video packet-marks=http-video
  •  Blocking embedded video streaming with mikrotik

We previously able to apply bandwidth restrictions for embedded streaming video, how about block any embedded streaming videos so clients will not able to play embedded video streaming. In this scenario, any websites that is embedding streaming video can still be accessed and browsed as usual, but when playing streaming video, it will not be in loaded at all.

This useful when implemented at the office environment, where users can browse internet, but cannot watch video streaming at all :)

The scenario is similar as above, but with a little adjustment : all embedded video streaming packets will be dropped.

First, add a video content filter at Layer7 protocol:

/ip firewall layer7-protocol add name=http-video regexp="http/(0.9|1.0|1.1)[x09-x0d ][1-5][0-9][0-9][x09-x0d -~]*(content-type: video)"

Second, marking data packets using firewall mangle:

/ip firewall mangle add action=mark-packet chain=prerouting comment="http-video mark-packet" disabled=no layer7-protocol=http-video new-packet-mark=http-video passthrough=no

Finally, drop all http-video packets :)

/ip firewall filter add action=drop chain=forward comment="http-video blocking" packet-mark=http-video

 Just give a try : open any video on Youtube, and see what happens. All videos should not able to loaded properly since the data packets is dropped at mikrotik firewall.

23 Comments

  1. 1

    Шото не бачит, не видно что пакеты идут

    • This method is no longer relevant, because L7 unable to intercept https connections.

Leave a Reply

Your email address will not be published. Required fields are marked *