McAfee Web Gateway

Method of Procedure

Youtube API v3 Ruleset

Step 1: Getting an API key from Google

API v3 requires a user to obtain an API key which is used to identify who is querying the API. Every API has
a specific quota which defined how many requests against the API can be done.

More details can be found at https://developers.google.com/youtube/v3/getting-started.

Note: McAfee and/or the product McAfee Web Gateway don’t have any control about the API itself (in
regards to availability) and/or the quota. In case you exceed the quota for your API key it may be required
to talk to YouTube/Google to increase the available quota for your key.

a) Before you start, You need a Google Account to access the Google API console, request an API key,
and register your application.

b) Create a project in the Google Developers Console and obtain authorization credentials so your
application can submit API requests.

After creating your project, make sure the YouTube Data API is one of the services that your application is
registered to use:

i. Go to the API Console and select the project that you just registered.
ii. Visit the Enabled APIs page. In the list of APIs, make sure the status is ON for the YouTube Data
API v3.
iii. Select Create Credentials.

iv. You will see now your created API key.

Step 2: Import the YouTube Ruleset API v3 .

a) In the Policy tab, Click Add > Top Level Ruleset > Import rule set from Rule Set Library \

b) Click the “Import from File” > button in the lower left corner of the new window.

c) Select the rule set from the file you have downloaded.

d) Solve all conflicts by “refer to existing objects”.

e) Done.

Step 3: Configuration of HTTPS Scanning

a) Create an IP list only for the restricted Users that are Allowed to browse YouTube.
i. Click on the Lists Tab, then click the “+” icon on the upper left of the window.
ii. Create a name and Select Type as “IP”, click Ok.
Example: Youtube Allow list.

b) Edit the HTTPS Scanning Ruleset.

i. Select HTTPS Scanning, then click Edit.
ii. Click Add, select User/Group Criteria.
iii. Select Client.IP > is in list > Select the list of allowed IP for YouTube.
iv. Move down the criteria and select AND operator.
NOTE: If we enable the HTTPS Scanning, all the other websites they are going to browse will be affected
by the SSL inspection. And even if we export the certificate and install it to the users, we will be having a
problem on the other websites.

Step 4: Creation of Separate Proxy for the Users Allowed Youtube

a) Add a sub rule to the URL policy rule set.

i. Click Add Rule > Add Name
ii. Add criteria Client.IP is in list (list of Youtube Allow Users) AND URL.Host is in list YouTube
URL.
iii. Action Stop Rule Set.
iv. Done
Step 5: Installing Certificates to Users

a) Export a certificate from MWG.

i. Go to Settings > Select SSL Client Context with CA > Default CA

ii. Export and Save
iii. Install the certificate and Select Trusted Root Certification Authorities.