Blocking BBC & ITV video streaming

Associate
Joined
17 Jan 2003
Posts
371
Location
Andover
Hello,

As the World Cup nears there will an obvious few users that will try to watch games live online.

In the company I work for this isn't allowed so I was wondering if anyone knew the best way to block all BBC and ITV video streaming? At the moment we simply don't have big enough bandwidth lines to cover the whole company.

I've only been working in IT support for this company for about a year and as far as I'm aware all that is blocked regarding video streaming are streams that use applications like WMP, Real Player, Quicktime. I am only local support so don't know much in the way of Cisco routers and configuring, etc, however we have a dedicated network support team although unfortunately they are located in the USA.

Now as far as I'm aware BBC and ITV use flash and silverlight respectively. Is it possible to block the servers that the video streams run off or are you better off blocking the flash extension for video streaming (.flv?). Everyone goes through the same proxy so I guess you could setup some kind of rule?

The trouble is we don't want to block all flash applications as some users require websites that use flash.

Any information anyone might know would be great :).

Andy
 
Associate
Joined
25 Sep 2003
Posts
456
Location
Leeds
Cant you just use your router itself to block the URLS? I know even basic netgear routers do URL blocking and proper commercial routers such as Cisco certainly do.
 
Associate
OP
Joined
17 Jan 2003
Posts
371
Location
Andover
I think the problem with that is that it is hard to know which URL the live stuff will be on, I don't want to block the whole bbc/football site - just anything that has an embedded video stream.

Ah yes thanks Kol, we can probably block the whole website of that one. BBC & ITV will be a bit more tricky.
 
Man of Honour
Joined
30 Jun 2005
Posts
9,515
Location
London Town!
Depends what server operating system you're running on.

Windows Server you can use group policies to block websites by changing DNS entries on the server to point that specific website to a non-working IP (1.1.1.1 for example, or even better an internal webpage telling them it's forbidden)

http://www.tomshardware.co.uk/forum/221386-36-block-group-policy

Please don't do that, it's a really annoying misuse of DNS, DNS *ISN'T* a means of enforcing policy, it isn't for that. It's a global, hierarchal, distributed and reliable database - messing about with your DNS is a stupid lazy fudge for actually enforcing policy which makes other people's lives hard.

And for gods sake don't redirect to 1.1.1.1, that isn't a random IP for people to use as a sinkhole, it's in theory a perfectly valid v4 address and will one day be assigned, the internet community is currently working hard to prevent people using it as a random internal IP and clean up the consequences of it being used that way previously. Please don't make it harder.

If you must do that then use a local IP and route it to null on your network. Better yet don't do it at all and return nxdomain or refused if you must mess about with your DNS.

Better yet use a proxy server or a filtering solution on your firewall.
 
Soldato
Joined
19 Apr 2009
Posts
3,159
We have flash blocked of here at work and its a complete utter pain. I would persoanlyl go through the proxy or just send and EMAIL to all staff highlighting the rules etc.
 
Man of Honour
Joined
30 Jun 2005
Posts
9,515
Location
London Town!
We actually set up an internal stream so it doesn't use all our office WAN bandwidth and told people they could watch it so long as they did some actual work too and there'd be trouble if they slacked off. So we'll see how that works out...
 
Associate
Joined
1 Feb 2004
Posts
1,440
Location
Bristol
I delt with this issue on several occasions for the world cup, european championships, even wimbledon

After discussing the options we came to a few conclusions.
-Allowing ppl access from their machines is unfeasible
-Blocking access will mean that people conveniently become ill on the respective days
-You will have a significant drop in customers during the events anyway if they are all watching it themselves
-Some people will loath the event and not want to see it (ahhmgz work is my only safe haven!!1!)

Based on this, we blocked the sites on the proxy server. Then for each match/event we setup a laptop and speakers at various places in the building so people could watch the event but left an area that people could go if they didnt want to see it.

We configured a windows media server with a TV card at a spot in the building that got a decent signal (you do NEED a tv license for this but at the time we found that 1 license was sufficient based on reading the terms) and had that machine provide the stream

We dimmed the lights in all the areas and the phones pretty much went silent so it worked pretty well, there were a few downsides mind.. like a lag in the buffers between the laptops.. if someone scored a goal or had a near miss, you heard the cheers from the other end of the building before it actually happened on your screen, oh and the lack of beer sucked :)

The company liked the idea of the projectors and eventually had white boxes painted on the walls (high ceilings!) and ceiling mounted projectors installed to show a business ticker/callcenter stats and queues/company slides/bbc news on a more permanent basis
 
Soldato
Joined
18 Oct 2002
Posts
18,296
Location
Brighton
We actually set up an internal stream so it doesn't use all our office WAN bandwidth and told people they could watch it so long as they did some actual work too and there'd be trouble if they slacked off. So we'll see how that works out...

I like the sounds of that, got any nice linky-poo's? :D
 
Associate
Joined
29 Dec 2003
Posts
2,039
Location
Newcastle upon Tyne
Back
Top Bottom