Youtube – How is YouTube’s “Safety Mode” enforced by network administrators

youtube

My company uses a web filtering software from an unknown (to me) vendor. I noticed the other day that YouTube automatically defaults to "safety mode" and that I am unable to change this setting. Instead, YouTube displays the message

SafetyMode is enabled by your network administrator

I assume the filtering software is setting the flag, but how is it enabled? I've looked through Google's help pages, but I didn't find anything about this. I'm asking mostly out of curiousity, because I have never seen a website prevent a visitor from doing something due to a network policy on the client side.

Best Answer

Here is your answer, sir. I’m going to paste the v2 rule set, and just link to the more complex v4.

YouTube Enforce Safety Mode v2
[Ruleset for enforcing YouTube Safety mode. Only applies to hostnames that match
in the YouTube Hosts wildcard list. Note that cookies must be enabled for youtube.com,
otherwise attempted access to any video will be blocked.]
Enabled
Applies to Requests: True / Responses: False / Embedded Objects: False
1: URL.Host matches in list YouTube Hosts

Enabled    Rule                                            Action                   Events     Comments
--------------------------------------------------------------------------------------------------------------------------------------------------------------
Enabled    Allow URL Paths in Path List No Cookie          Stop Rule Set                       Optional rule to allow base path when no cookie is set.
           1: URL.Path is in list Path List No Cookie                                          Handles first user visit without blocking,
           2: AND                                                                              if cookies are not enabled.
              Header.Request.Get("Cookie") does
              not match in list You Tube Safety Cookie

Enabled    Allow Set Safety Mode                           Stop Rule Set                       Allow any requests that set safety mode to true
           1: URL.Path equals "/set_safety_mode"
           2: AND
              URL.GetParameter("safety_mode")
              equals "true"

Enabled    Block Disable Safety Mode for YouTube Hosts     Block<YouTube Safety                Block if no cookie or if attempt to disable safety mode
           1: (URL.Path equals "/set_safety_mode"          Mode Block>
           2: AND
              URL.GetParameter("safety_mode") does not
              equal "true")
           3: OR
              Header.Request.Exists("Cookie")
              equals false

Enabled    Enforce Safety Mode for YouTube Hosts           Redirect<YouTube                    Any requests that don't have a cookie for safety mode
           - Using Redirect                                Safety Redirect>                    are explicitly redirected. This is the preferred method
           1: Header.Request.Get("Cookie") does not                                            to use for the redirect as it is more likely to be compatibile
              match in list You Tube Safety Cookie                                             with most browsers. A URL rewrite using a Set URL event
                                                                                               would also work but results in the browser receiving a redirect
                                                                                               to the same URL that was originally requested and some browsers
                                                                                               won't accept that.

I know, it's a short answer, but the explanation is rather lengthy and I preferred to link to it instead of copying it here. You can find the first set of rules at the aforementioned link — it’w way to lengthly to be copied here. Anyway, here are the links to the two rulesets from the article: ruleset v2 and ruleset v4.

Related Topic