Summary
This article discusses how to allow embedded Vimeo videos without allowing users to access vimeo.com
.
Problem
A lot of educational websites embed Vimeo videos into their website, however, if you are blocking the Audio and Video category these videos will be blocked.
Note: The Audio and Video category is included as part of the Core Blocked Content web filter policy, therefore is typically blocked by default.
Solution
Note: You need a HTTPS policy to be implemented for this to work.
- To create a new category, go to Guardian > Policy Objects > Categories.
- Under Manage categories, enter the name of the new category, for example, Vimeo Allow.
- Under Domain/URL filtering, add the following URLs:
player.vimeo.com/log
player.vimeo.com/crossdomain.xml
av.vimeo.com/crossdomain.xml
a.vimeocdn.com/p/2.1.18/js/player.js
vimeocdn.com
a.vimeocdn.com/p/2.1.18/css/player.css
player.vimeo.com/play_redirect
player.vimeo.com/video/<VIDEO_ID>
vimeo.com/_next/viewer
where VIDEO_ID
is the unique 9-digit number given to each Vimeo video it forms part of the video's URL. Add this URL for each video you need to allow.
- Click Advanced, and then under URL Patterns add the following:
vimeo\.com/.*<VIDEO_ID>
whereVIDEO_ID
is the unique 9-digit number given to each Vimeo video it forms part of the video's URL. Add this URL for each video you need to allow.
- Click Save.
- Create another custom category named Vimeo, which will be used in a HTTPS policy.
- Under Domain/URL filtering add the following domain:
vimeo.com
- To set up a Decrypt and Inspect policy, go to Guardian > HTTPS inspection > Policy wizard.
- Create a new policy with the following:
- Who Everyone*
- What Vimeo
- Where Everywhere*
- When Always*
- Action Decrypt and inspect
Make sure Enable Policy is ticked and click Confirm
- Next, set up a Web filter policy in Guardian > Web Filter > Policy wizard:
- Who Everyone*
- What Vimeo Allow
- Where Everywhere*
- When Always*
- Action Allow
Make sure Enable Policy is ticked and click Confirm
If Vimeo is not blocked for your organization, you can still use the Vimeo allow category created in step 2 in a block policy to prevent users from accessing vimeo.com
but still allow specific embedded videos.
*You should change these based on your own needs.