In this lesson, I will show how you can on MikroTik block YouTube traffic without you use Layer 7 protocol. Why without Layer 7 regular expression? Because Layer 7 is to heavy on your Router resources like CPU and memory as for each packet the Firewall on the router is inspecting the Layer 7 and that's not the best and will cause on heavy traffic usage a lot of packet drops.

So what I am going to use instead is the TLS Host. That feature is available on MikroTik RouterOS since version 6.41 so why not to profit from using it. I have made my homework and find out what is the best TLS host to use for YouTube Traffic. If you want to know more about TLS host discovery, you can watch my this video on my YouTube channel showing and explaining about the TLS Host.

So let me start showing you about the configuration that you need to do on the MikroTik Router to block the YouTube Traffic.

1st let's open a YouTube video on the PC.

You see that YouTube is working and this is a video from my YouTube channel

Now let's start doing the work on the MikroTik Router.

So I made a filter rule on the chain Forward because the traffic is passing via the router to the internet and I have put on the Src. Address my LAN Network ID (If you have another Network ID then put yours). Then Youtube traffic is all based on TCP port 443 so I have put them. Then on advance you have to only write on the tls host this regular expression *youtube*. Finally, as Youtube has many servers so I wanted to collect all of them and put them in an address list for 30 days, and that's what I have done on the action. Now the next stop is to apply a rule to drop everything which is in the address list.

So I have created a 2nd filter rule saying that all what I have in the Dst Address list Youtube will be dropped.

I have made already some traffic to collect the YouTube servers in the address list, and here is the result inside the address list:

You can see that many YouTube servers addresses have been collected and they will stay for 30 days inside the address list. All Traffic to those YouTube servers will be dropped from my MikroTik Router.

Let's open a YouTube video again:

You can see that the YouTuve page is not opening. Same if you do from the smart phone application, it will not work.


Blocking YouTube on MikroTik can be challenge. Most of people use Layer 7 protocol to block it but then this is too heavy on the MikroTik Router. In this way, I have showed you using the TLS host how you can collect the servers of YouTube and then you apply a drop filter rule on all traffic going to those server.

I hope you liked this lesson, and if you have any question(s) or suggestion(s) please leave them in the comment below (you should have an account on my website to write a comment).

If you like this post, I will be happy if you buy me a coffee on the following URL:
Thank you in advance :)