06-29-2009 12:26 PM - edited 03-11-2019 08:49 AM
We have a 5520, with the CSC, though without the Plus license.
We would like to block Facebook chat, without blocking the rest of Facebook.
A bunch of searching has turned up the following 3 URLs to block, so I put them into the CSC under URL Blocking.
http://www.facebook.com/ajax/chat/*
http://www.facebook.com/ajax/presence/*
http://www.facebook.com/intent.php
This is supposed to prevent outgoing messages, prevent a user from seeing other facebook users, and prevent incoming messages.
However, it doesn't do anything. As well, the places where I've seen this referenced have a following message to the effect that "this no longer works."
Facebook's support hasn't answered any requests for information on how to block chat at the firewall, just telling us how to block chat as individuals, which doesn't help.
Does anyone have any ideas? Anyone else done this?
Thanks,
Rich
06-29-2009 03:00 PM
URL blocking should work. But, you most certainly need plus license for this to work.
Pls. refer this link has a nice table:
http://www.cisco.com/en/US/docs/security/csc/csc62/administration/guide/csc1.html#wp1053366
12-14-2009 05:56 AM
Hi,
Im very despondent with TrencMicroCSC with new update and old update. Becasue CSC URL Filtering not working correclty. For Example Block list not working True. if the user type on the browsers address tab https://www.facebook.com site opened if users are type https://www.sssssss sites were opened.
i have got a plus lisence. anybody does not help Asa or CSC Security . approximatly we spend 15.000$ but CSC very bad card or very bad synchronization with ASA. I'm very aggrieved this situation. I'm system administrator at the government hospital in Turkey.
If these errors not get better i buy Fortigate Series Content Security.
I m not helping with Cisco or CSC card.
Please S.O.S. with ASA and bad CSC Card
System Administrator
12-14-2009 06:09 AM
You are talking about https://
The CSC module presently can only scan 4 protocols. HTTP, SMTP, POP and FTP. These are tcp ports 80,25,110 and 21.
https is tcp port 443 that the CSC module cannot scan.
-KS
12-15-2009 12:00 AM
How can i blocking https or facebook and facebook subdomains with 5520 rules or CSC Module??
12-15-2009 06:18 AM
try it with regular expressions
12-15-2009 06:21 AM
Bear in mind regex requires http inspection and the CSC is already scanning that. This may add to the latency
.
-KS
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: