Skype

Unanswered Question
Jun 13th, 2009
User Badges:

Hi all,

How do I deny users having their gateway as the WSA to block skype. Currently I am using the regular expression:

[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:443

I also read a outdated reply to also use [^(\n|\r)]+Skype/i

Also, any deny rule on the firewall should be added?


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jowolfer Mon, 06/15/2009 - 17:16
User Badges:

mbaki,

Setting your client's default gateway to use the WSA is not recommended or supported.

Since the WSA is not a router, there is a high likely hood that alot of your traffic is going to break. It is also likely that the WSA is going to be receiving alot of traffic that it was never designed to receive, which could have negative impacts.

The regex you have supplied "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:443" will have no effect on transparent traffic. This regex is meant to match an explicit CONNECT request that is sent to an IP instead of hostname.

I'm not sure what the other regex is for. It seems a little off. One or more beginning of line or \n or \n followed by Skype/i.

Seems non-sensical to me. Or at least could be re-written. I can assist if you explain its purpose.

wdoria_ironport Mon, 06/29/2009 - 15:11
User Badges:

hi josh,
probably mbaki(like me) is trying to look for a way to block skype.
I am using a 6.0 WSA in forward proxy mode.
I tried several ways to block skype, like regular expression ([0-9].[0-9].[0-9].[0-9] and [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:443) but no way... skype keeping on passing throught my appliance....

So if you know some other way to block it , you are welcome!
Thank you very much.
Walter Doria

Actions

This Discussion