Restricts and Limiting Video Streaming

with Mikrotik
If you have a proxy server, you can restrict video streaming access using
access control list or using contents filtering program such as squidGuard,
DansGuardian, etc. But there are many websites with embedded video that
has not been filtered yet. Mikrotik can help you overcome this problem and
restrict access to embedded streaming video with ease.
Restrict bandwidth usage for embedded video streaming
You can use the following script to limit bandwidth usage for sites that
embedding video streaming such YouTube, Metacafe, Tube8, etc. Im
personally already tested this script and works fine.
The scenario is using mikrotik built-in Layer7 Protocol to detects embedded
video streaming on any websites, marking the data packets, then defining
bandwidth limit using Simple Queue rule.
First, add a video content filter at Layer7 protocol:
add name=httpvideo regexp="http/(0.9|1.0|1.1)[\\x09-\\x0d ][1-5][0-9][0-9][\\x09-\\x0d -~]*(content-type:
video)"
/ip firewall layer7-protocol add name=http-video regexp="http/(0.9|1.0|1.1)
[x09-x0d ][1-5][0-9][0-9][x09-x0d -~]*(content-type: video)"

Second, marking data packets using firewall mangle:

/ip firewall mangle add action=mark-packet chain=prerouting comment="httpvideo mark-packet" disabled=no layer7-protocol=http-video new-packetmark=http-video passthrough=no

Then finally, add new rule in simple queue to limit bandwidth usage for httpvideo packets (in this example, download for embedded video streaming
was capped at 64kbps, you can define this to suite your needs).
/queue simple add max-limit=0/64000 name=http-video packet-marks=http-video

Blocking embedded video streaming with mikrotik

We previously able to apply bandwidth restrictions for embedded streaming

video, how about block any embedded streaming videos so clients will not
able to play embedded video streaming. In this scenario, any websites that
is embedding streaming video can still be accessed and browsed as usual,
but when playing streaming video, it will not be in loaded at all.
This useful when implemented at the office environment, where users can
browse internet, but cannot watch video streaming at all :)
The scenario is similar as above, but with a little adjustment : all embedded
video streaming packets will be dropped.
First, add a video content filter at Layer7 protocol:
/ip firewall layer7-protocol add name=http-video regexp="http/(0.9|1.0|1.1)
[x09-x0d ][1-5][0-9][0-9][x09-x0d -~]*(content-type: video)"

Second, marking data packets using firewall mangle:

/ip firewall mangle add action=mark-packet chain=prerouting comment="httpvideo mark-packet" disabled=no layer7-protocol=http-video new-packetmark=http-video passthrough=no

Finally, drop all http-video packets :)

/ip firewall filter add action=drop chain=forward comment="http-video
blocking" packet-mark=http-video

Just give a try : open any video on Youtube, and see what happens. All
videos should not able to loaded properly since the data packets is dropped
at mikrotik firewall.