Blocking facebook chat with asa 5520

Unanswered Question
Jun 29th, 2009
User Badges:

We have a 5520, with the CSC, though without the Plus license.


We would like to block Facebook chat, without blocking the rest of Facebook.


A bunch of searching has turned up the following 3 URLs to block, so I put them into the CSC under URL Blocking.


http://www.facebook.com/ajax/chat/*

http://www.facebook.com/ajax/presence/*

http://www.facebook.com/intent.php



This is supposed to prevent outgoing messages, prevent a user from seeing other facebook users, and prevent incoming messages.


However, it doesn't do anything. As well, the places where I've seen this referenced have a following message to the effect that "this no longer works."


Facebook's support hasn't answered any requests for information on how to block chat at the firewall, just telling us how to block chat as individuals, which doesn't help.


Does anyone have any ideas? Anyone else done this?


Thanks,

Rich


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2.6 (8 ratings)
Loading.
tekinerdem Mon, 12/14/2009 - 05:56
User Badges:

Hi,


Im very despondent with TrencMicroCSC with new update and old update. Becasue CSC URL Filtering not working correclty. For Example Block list not working True. if the user type on the browsers address tab https://www.facebook.com site opened if users are type https://www.sssssss sites were opened.


i have got a plus lisence. anybody does not help Asa or CSC Security . approximatly we spend 15.000$ but CSC very bad card or very bad synchronization with ASA. I'm very aggrieved this situation. I'm system administrator at the government hospital in Turkey.


If these errors not get better i buy Fortigate Series Content Security.


I m not helping with Cisco or CSC card.



Please S.O.S. with ASA and bad CSC Card






System Administrator

Kureli Sankar Mon, 12/14/2009 - 06:09
User Badges:
  • Cisco Employee,

You are talking about https://

The CSC module presently can only scan 4 protocols. HTTP, SMTP, POP and FTP. These are tcp ports 80,25,110 and 21.


https is tcp port 443 that the CSC module cannot scan.


-KS

gultekinerdem Tue, 12/15/2009 - 00:00
User Badges:

How can i blocking https or facebook and facebook subdomains with 5520 rules or CSC Module??

Kureli Sankar Tue, 12/15/2009 - 06:21
User Badges:
  • Cisco Employee,

Bear in mind regex requires http inspection and the CSC is already scanning that. This may add to the latency

.


-KS

Actions

This Discussion