How to block Instant Messaging (IM) traffic on Cisco Web Security appliance?

Available Languages

Updated:August 5, 2014
Document ID:118142

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Question:

How to block Instant Messaging (IM) traffic or IM chat on Cisco Web Security appliance?

Environment:

Cisco Web Security appliance (WSA) running AsyncOS version 7.1.x and above

Note: This Knowledge Base article references software which is not maintained or supported by Cisco.  The information is provided as a courtesy for your convenience. For further assistance, please contact the software vendor.

Instant Messaing (IM) traffic over HTTP can be blocked today in the following ways:

  • Block by defining custom user agents used by the IM applications.
  • Block with the "Chat and Instant Messaging" predefined URL category, or with a custom category containing IM servers (GUI > Web Security Manager > Access Policies > URL Filtering)
  • Block the required IM applications under "Instant Messaging" AVC application type (GUI > Web Security Manager > Access Policies > Applications)
  • Block ports that IM applications use to tunnel through proxies with the HTTP CONNECT method.
  • Manually add IM servers into the L4 Traffic Monitor black list to block access to popular IM destinations irrespective of the port.
 MSN Messenger
  1. Under GUI > Web Security Manager > Access Policies click on objects
  2. Specify the following under Block Custom MIME Types: application/x-msn-messenger
 Yahoo Instant Messenger
  1. Create a custom category in Web Security Manager > Custom URL Categories
  2. Specify the following under Sites: pager.yahoo.com, shttp.msg.yahoo.com, update.messenger.yahoo.com, update.pager.yahoo.com
  3. Set this custom category to Block.



  AOL Instant Messenger
  1.  Create a custom category in Web Security Manager > Custom URL Categories
  2. Specify the following under Sites: login.oscar.aol.com, login.messaging.aol.com, 64.12.161.153, 64.12.161.185, 64.12.200.89, kdc.gkdc.uas.aol.com, 205.188.0.0/16
  3. Set this custom category to Block.
  Google Chat
  1. Create a custom category in Web Security Manager -> Custom URL Categories
  2. Specify the following under Advanced: Regular Expressions: mail\.google\.com/mail/channel
  3. Set this custom category to Block.
 Google Chat (Alternate method)
  1. Create a custom category in Web Security Manager -> Custom URL Categories
  2. Specify the following under Sites: .chatenabled.mail.google.com, chatenabled.mail.google.com, 216.239.37.125, 72.14.253.125, 72.14.217.189, 209.85.137.125
  3. Set this custom category to Block.

You can also block Google Talk by blocking "User-Agent: Google Talk"


Other useful links: 

http://csshyamsundar.wordpress.com/2007/03/07/blocking-google-talk-in-your-organization/
http://support.microsoft.com/kb/925120/en-us

Revision History

Revision Publish Date Comments
1.0
05-Aug-2014
Initial Release
TAC Authored

Contributed by Cisco Engineers

  • Josh Wolfer and Siddharth Rajpathak
    Cisco TAC Engineers.

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products